SHAD

Can anyone point out the unsecure points in this header and please secure them for me. prefrabally in sprinf format,as it is my favorate. :)   <?php class headers { function startheaders() { global $ir, $set; echo <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>{$set['game_name']}</title> <style type="text/css"> <!-- body { background-image:url(Images/Header.jpg); margin-top: 0px; margin-bottom: 0px; font-family:calibri, helvetica, arial, geneva, sans-serif;font-size:12px;color: white; scrollbar-base-color: #005B70; scrollbar-arrow-color: #F3960B; scrollbar-DarkShadow-Color: #000000; } a:visited,a:active,a:hover,a:link { color: white;text-decoration: none; } table,tr,td { font-family:helvetica, arial, geneva, sans-serif;font-size: 12px; } img { border:none; } textarea { font-family:helvetica, arial, geneva, sans-serif;font-size:12px;color: white; } .table2 { } .lgrad { background-image:url(lgrad.jpg); background-repeat:repeat-y; width:19px; } .linegrad { background-image:url(linegrad.PNG); background-repeat:repeat-y; background-align: center; width:2px; } .rgrad { background-image:url(rgrad.jpg); background-repeat:repeat-y; width:19px; } .dgrad { background-image:url(dgrad.jpg); background-repeat:repeat-x; height:38px; } .dgradl { background-image:url(dgradl.jpg); background-repeat:no-repeat; height:38px; width:38px; } .dgradr { background-image:url(dgradr.jpg); background-repeat:no-repeat; height:38px; width:38px; } .center { width:932px; background-color:#000000; vertical-align:top; text-align:center; } .table { background-color:#101010; } .table3 { background-color:#000000; } .table td { background-color:#000000; height:22px; } .table3 td { background-color:#000000; } td .alt { background-color:#000000; height:22px; } td .h { background-image:url(Images/Top.jpg); } .table th { background-image:url(Images/Top.jpg); } --> </style></head> <body> <center> <table width="932" border="0" cellpadding="0" cellspacing="0" class="table2"> <tr> <td class="lgrad"></td> <td class="center"> EOF; } function userdata($ir, $dosessh=1) { global $db, $c, $userid, $set; $db->query(sprintf("UPDATE `users` SET `laston`=unix_timestamp(), `lastip`='%s' WHERE `userid`='%u'", getip(), intval($userid))); if (trim($ir['email']) == '') { header('Location: NoEmail.php'); session_unset(); session_destroy(); } if($dosessh && $_SESSION['attacking']) { print "You lost all your EXP for running from the fight."; mysql_query("UPDATE users SET exp=0 WHERE userid=$userid",$c); $_SESSION['attacking']=0; } $enperc=(int) ($ir['energy']/$ir['maxenergy']*100); $wiperc=(int) ($ir['will']/$ir['maxwill']*100); $experc=(int) ( $ir['exp']/$ir['exp_needed']*100); $brperc=(int) ($ir['brave']/$ir['maxbrave']*100); $hpperc=(int) ($ir['hp']/$ir['maxhp']*100); $enopp=100-$enperc; $wiopp=100-$wiperc; $exopp=100-$experc; $bropp=100-$brperc; $hpopp=100-$hpperc; $d=""; $u=$ir['username']; if($ir['donatordays']) { $u = "<font color=red>{$ir['username']}</font>";$d="[img=donator.gif]"; } $gn=""; global $staffpage; $bgcolor = '000000'; print <<<OUT [img=title.jpg] <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="20%" bgcolor="#$bgcolor" valign="top"> [b]Name:[/b] $gn{$u} [{$ir['userid']}] $d [b]Money:[/b] {$fm} [b]Level:[/b] {$ir['level']} [b]Crystals:[/b] {$ir['crystals']} [[url='logout.php']Emergency Logout[/url]] <hr /> [b]Energy:[/b] {$enperc}% <img src=greenbar.png width=$enperc height=10><img src=redbar.png width=$enopp height=10> [b]Will:[/b] {$wiperc}% <img src=bluebar.png width=$wiperc height=10><img src=redbar.png width=$wiopp height=10> [b]Brave:[/b] {$ir['brave']}/{$ir['maxbrave']} <img src=yellowbar.png width=$brperc height=10><img src=redbar.png width=$bropp height=10> [b]EXP:[/b] {$experc}% <img src=navybar.png width=$experc height=10><img src=redbar.png width=$exopp height=10> [b]Health:[/b] {$hpperc}% <img src=greenbar.png width=$hpperc height=10><img src=redbar.png width=$hpopp height=10> <hr /> OUT; if($ir['fedjail']) { $q=$db->query("SELECT * FROM fedjail WHERE fed_userid=$userid"); $r=$db->fetch_row($q); die("[b]<font color=red size=+1>You have been put in the {$set['game_name']} Federal Jail for {$r['fed_days']} day(s). Reason: {$r['fed_reason']}</font>[/b]</body></html>"); } if(file_exists('ipbans/'.$IP)) { die("[b]<font color=red size=+1>Your IP has been banned from {$set['game_name']}, there is no way around this.</font>[/b]</body></html>"); } } function menuarea() { include "mainmenu.php"; global $ir,$c; $bgcolor = '202020'; print '</td><td width="2" class="linegrad" bgcolor="#'.$bgcolor.'"></td><td width="80%" bgcolor="#'.$bgcolor.'" valign="top"> <center>'; if($ir['hospital']) { print "[b]NB:[/b] You are currently in hospital for {$ir['hospital']} minutes. "; } if($ir['jail']) { print "[b]NB:[/b] You are currently in jail for {$ir['jail']} minutes. "; } print "[url='donator.php'][b]Donate to {$set['game_name']} now for game benefits![/b][/url] "; } function smenuarea() { include "smenu.php"; global $ir,$c; $bgcolor = 'FFFFFF'; print '</td><td width="2" class="linegrad" bgcolor="#'.$bgcolor.'"></td><td width="80%" bgcolor="#'.$bgcolor.'" valign="top"><center>'; } function endpage() { global $db; print <<<OUT </td> </tr> [img=Images/Top.jpg] </table> [img=Images/Top.jpg] </td> </tr> <tr> </td> </tr> </table> </td> </tr> </table> </td> </tr> </table> </body> </html> </html> OUT; } } ?>

Does this newspaper allow the useof bbcode? and btw good mod Magictallguy +1 mate :thumbup:

Thanks mate.works perfect. :thumbup: Another *victory dance*

does anyone know how i can show pic of the equipped weapons   <table width='75%' cellspacing='1' class='table'> <tr> <td colspan=3 align=center background=silverbar.png><font color=#800517>[b]Equiped Items[/b]</font></td> </tr> <tr> <th>Primary</th> <th>Secondary</th> <th>Armor</th> </tr> <tr height=75px.> <td width=33% background=primary.png><center>[b]<font color=blue>"; if($equip[$ir['equip_primary']]['itmid']) { print $equip[$ir['equip_primary']]['itmname']."</font>[/b]</center></td>"; } else { print "None equipped.</td>"; } print " <td width=33% background=secondary.png><center>[b]<font color=green>"; if($equip[$ir['equip_secondary']]['itmid']) { print $equip[$ir['equip_secondary']]['itmname']."</center>[/b]</font></td>"; } else { print "None equipped.</td>"; } print " <td width=33% background=armor.png><center>[b]<font color=#000000>"; if($equip[$ir['equip_armor']]['itmid']) { print $equip[$ir['equip_armor']]['itmname']."</center>[/b]</font></td>"; } else { print "None equipped.</td>"; } print " </tr> <tr> <td background=silverbar.png>[url='unequip.php?type=equip_primary']<center>[b]Unequip Item</center>[/b][/url]</td> <td background=silverbar.png>[url='unequip.php?type=equip_secondary']<center>[b]Unequip Item</center>[/b][/url]</td> <td background=silverbar.png>[url='unequip.php?type=equip_armor']<center>[b]Unequip Item</center>[/b][/url]</td> </tr> </table>

uhh,thank god for this fix,Thank you very much crimegame :thumbup:

mabye a secure fedjail system where the user once banned can contact the staff without having any email or such. sort of like tcs,but not the same

OK i have a problem with my inventry,when i buy two of the same items at different times,it does not stack them up. How can it be prevented,please help.   <?php include "globals.php"; if(isset($_SESSION['timer']) && time() < $_SESSION['timer'] + 10) { $time_left = ((time() - $_SESSION['timer']) - 10); echo sprintf("You cannot buy yet, please wait for %s more second%s", str_replace('-', '', $time_left), ($time_left == -1) ? '' : 's'); $h->endpage(); exit; } if(isset($_SESSION['timer']) && time() > $_SESSION['timer'] + 9) { unset($_SESSION['timer']); } $_SESSION['timer'] = time(); if($ir[hospital]>0) die("You are in the hospital for {$ir[hospital]} minutes."); if($ir[jail]>0) die("You are in jail for {$ir[jail]} minutes."); $_GET['ID']= abs((int) $_GET['ID']); $_POST['qty']= abs((int) $_POST['qty']); if(!$_GET['ID'] || !$_POST['qty']) { print "Invalid use of file"; } else if($_POST['qty'] <= 0) { print "You have been added to the delete list for trying to cheat the game."; } else { $q=mysql_query("SELECT * FROM items WHERE itmid={$_GET['ID']}",$c); if(mysql_num_rows($q) == 0) { print "Invalid item ID"; } else { $itemd=mysql_fetch_array($q); if($ir['money'] < $itemd['itmbuyprice']*$_POST['qty']) { print "You don't have enough money to buy this item!"; $h->endpage(); exit; } if($itemd['itmbuyable'] == 0) { print "This item can't be bought!"; $h->endpage(); exit; } $price=($itemd['itmbuyprice']*$_POST['qty']); mysql_query("INSERT INTO inventory VALUES('',{$_GET['ID']},$userid,{$_POST['qty']},0);",$c); mysql_query("UPDATE users SET money=money-$price WHERE userid=$userid",$c); mysql_query("INSERT INTO itembuylogs VALUES ('', $userid, {$_GET['ID']}, $price, {$_POST['qty']}, unix_timestamp(), '{$ir['username']} bought {$_POST['qty']} {$itemd['itmname']}(s) for {$price}')", $c); print "You bought {$_POST['qty']} {$itemd['itmname']}(s) for \$$price"; } } $h->endpage(); ?>

I have replaced my jpg pic with new png ones and my site has seriouly slowed down due to this. I was wondering if this could be the actual cause of this.

OK Fixed it. :D

can anyone please fix this query for me as it is supposed to update the forums avatar but it dosent do it. function ForumSig() { global $ir, $db, $userid, $h; if (isset($_POST['NewFSig'])) { $db->query(sprintf("UPDATE `users` SET `forums_avatar`='%s', `forums_signature`='%s' WHERE `userid`='%d'", NoXSS($_POST['FPic']), NoXSS($_POST['NewFSig']), $userid)); echo 'Forum Info Updated'; }

Adding bbcode,would of been a decent update :D

cheers mate :thumbup:

Can anyone please tell me how i can make a table so it has different colors on every cell,like the example in the following picture.

Just wondering as this is a community project,will this be free when it is finished or will it be sold. :)

Same here,i learnt more form trial and error then asking for help. :)

Well its good to hear that it will eventually go back up,as i found that forum more helpful then other forums. Regards

I agree with crimegame,its best to rewrite the whole scritpt because mccodes get boring eventually,that why i have started to recode my attack system and alot of other stuff.

Thanks that was helpful ,but what i ment on the login page was that, cant eh cookies get stolen that are displayed on the loginpage example These java script codes are in my login page and it it possible for someone to steal cookies from these java vars,i am fairly new to this so its a bit hard for me to understand, and thanks again mate for you help. The code <script language="JavaScript"> <!-- function getCookieVal (offset) { var endstr = document.cookie.indexOf (";", offset); if (endstr == -1) endstr = document.cookie.length; return unescape(document.cookie.substring(offset, endstr)); } function GetCookie (name) { var arg = name + "="; var alen = arg.length; var clen = document.cookie.length; var i = 0; while (i < clen) { var j = i + alen; if (document.cookie.substring(i, j) == arg) return getCookieVal (j); i = document.cookie.indexOf(" ", i) + 1; if (i == 0) break; } return null; } function SetCookie (name,value,expires,path,domain,secure) { document.cookie = name + "=" + escape (value) + ((expires) ? "; expires=" + expires.toGMTString() : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + ((secure) ? "; secure" : ""); } function DeleteCookie (name,path,domain) { if (GetCookie(name)) { document.cookie = name + "=" + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + "; expires=Thu, 01-Jan-70 00:00:01 GMT"; } } // --> </script> <script language="JavaScript"> var usr; var pw; var sv; function getme() { usr = document.login.username; pw = document.login.password; sv = document.login.save; if (GetCookie('player') != null) { usr.value = GetCookie('username') pw.value = GetCookie('password') if (GetCookie('save') == 'true') { sv[0].checked = true; } } } function saveme() { if (usr.value.length != 0 && pw.value.length != 0) { if (sv[0].checked) { expdate = new Date(); expdate.setTime(expdate.getTime()+(365 * 24 * 60 * 60 * 1000)); SetCookie('username', usr.value, expdate); SetCookie('password', pw.value, expdate); SetCookie('save', 'true', expdate); } if (sv[1].checked) { DeleteCookie('username'); DeleteCookie('password'); DeleteCookie('save'); } } else { alert('You must enter a username/password.'); return false; } } </script>

Thank you,shedh,cablebox. :thumbup:

Greetings to all Can any one please direct me in the right path to how i can put a Favicon/tab icon on the web tab. Regards :)

Greetings MWG users I am learning about XSS attacks and how to secure them,if i would be greatful if any user could give me an example of a unsecure and then a secure example of this type of an attack. prefably a login page example. i am not asking anyone to fix my codes because i want to learn myself how to do so and am just looking for an example of how to an unsecure would look compared to a secure. :) Regards all

hey what happend to dev-forum mate ,will it be back up again any time.

This layout was made or owned by karlos,mike and pyro and then cronus bought it off them and i think he sold it to this game owner http://www.criminal-madness.co.uk. but i am not sure how these alot got their hand on this.

you c ant talk your tring to rip TC Thank you Daya that is great news for me,and TCmaker,you sound like a kid,never mind being one, and friendly advice,get you own ideas and dont steal.

Greetings to all MWG users. I am having problems finding a paid host which will either accept payment through sms because i dont have a credit card and i have a paypal but is it possible for me to send money to my paypal through sms. :S also this is stoping me from buying mods of people ,because i cant send money to my paypal through sms and also cant find a host that allows sms payment. id be greatful if someone can direct me. Regards