bluegman991

Truncate should automatically set auto increment to 0. So 2 is not needed.

Great show! Have watched it almost every day since about 2005.

Hold "ctrl + f" while on your privileges page then start typing "add a new user" and it should find it for you.

You can indeed create your own mysql user in xampp. Xampp comes equipped with phpmyadmin. If you installed xampp with default settings then one or both of these links will take you to phpmyadmin.(link1 or link2) There will be a navigation bar at the top. (Containing buttons saying: Databases, Sql, Status, etc...) Click on the privileges button. On that page after it lists all the users there is a link that says "Add New User". Click that and that is how you create new users.

Lol I had fun watching this video with Captions: Transcribe audio turned on.

You plan to md5 some of your code? Why do you plan to md5 it when there is no way for php to decode it in a considerable amount of time?

Who would want to help someone on something for free knowing that they would get over $100 for each copy sold. Just so we could know that we helped them gain thousands of dollars?

So anyone notice that occasionally there are a bunch of random blog posts by some newly created account (Which I assume was created by a bot or something). Since they never have anything to do with gaming or programming, why are they being created? Is it some type of advertising service? (where profits are paid to owner of mwg) Is it some type of malicious advertising service? (where another site pays to have links posted about it in vulnerable places around the web) Is it a script that a site uses to have links posted about it in vulnerable places around the web? (Possibly sending ajax requests when the sites visitor visits a page providing real and valid ip's) Is it the forums software doing? (For means of testing or for whatever reasons) Is it a real person posting it to gain traffic to their site? Or could it possibly just be someone who doesn't know what they're doing posting stuff on the web? Anyway. Anyone have any idea what it is and why it's being posted? Examples: http://makewebgames.io/entry.php/283-canicule-I-advance-such-a-habit, http://makewebgames.io/entry.php/285-in-the-brewing-date-or-number, http://makewebgames.io/entry.php/284-let-him-alcohol-acerb-grape Don't really notice them after a while, but I think I remember some getting deleted.

On line 21 ("Location: login.php") should be header("Location: login.php")  

Javascript time is in microseconds. Php time defaults to seconds. If you want to be more accurate you can use microtime(true)*1000.

The reason I don't restrict numbers to integers is because when making a function I try to make its behavior the same across platforms. And also the user would not be able to enter a number above or below the maximum and minimum integer value. It also restricts the user from entering in numbers with decimal places which (just like integers above/below the max/min int value) may be wanted. The reason I don't use abs is also because a negative number maybe required/wanted. The reason why I don't use ctype digit is because it is merely a preg match, which will verify if every character in the input is a number. This restricts decimals and also numbers in scientific form. It would be a bit more comfortable for the some user when working with numbers above/below max int value. My function allows for users to enter things like "1e5" which is "100000" (100 thousand). In case there mind may play tricks on them with how many zeros they typed in. Or "3.579E+7" which is "35790000" (35 million 790 thousand) It uses only predefined function that are already there, and makes things that much quicker. With no function you would have to do all this to confirm it is a number. $ids=(isset($_GET['id']) && ctype_digit($_GET['id'])) ? $_GET['id'] : '';   With my function all you need to do is. $ids=numericValue($_GET['id']);   No function range check method $ids=(isset($_GET['id']) && ctype_digit($_GET['id'])) ? $_GET['id'] : ''; $ids=$ids<0 ? 0 : $ids; $ids=$ids>50 ? 50 : $ids;   My function range check method $ids=numericValue($_GET['id'],0,50);   No function limiting decimals $ids=(isset($_GET['id']) && ctype_digit($_GET['id'])) ? $_GET['id'] : ''; $ids=round($ids,2);   My function limiting decimals $ids=numericValue($_GET['p'],-INF,INF,2);   But then again when I create something I aim for versatility and compatibility. But that's just me. Also thank you runthis for that code snippet as this was not the first time i've had trouble with this forum formatting my posts.

First remember. An integers maximum value can vary depending on how many bits your server is. Maximum int value = (32 bit system: 2147483647) (64 bit system: 9223372036854775807) Minimum int value = (32 bit system: -2147483647) (64 bit system: -9223372036854775807) The script you posted in the security thread did its job. But to me it is messy to process multiple data formats/types in one function. Especially when one format/type can have many options. So just for the numeric part I would use something like this. function numericValue($input,$min='-INF',$max=INF,$float=true,$round=PHP_ROUND_HALF_UP) { if(is_numeric($input)) { $min = !is_numeric($min) ? -INF : $min; $max = !is_numeric($max) ? INF : $max; $range = array($min,$max); $min = min($range[0],$range[1]); $max= max($range[0],$range[1]); $input = ($input < $min) ? $min : $input;//range check $input = ($input > $max) ? $max : $input;//^^ if($float == false) { $input = round($input,0,$round); } elseif(is_numeric($float)) { $float=abs(intval($float)); $input=round($input,$float,$round); } else{}//do nothing because float is still true and we do not care how many decimal places it has return $input; } else { return false; //so we have the option to know the difference between 0 and fail } } Making formating input numbers as simple as this. $_POST['amnt']=numericValue($_POST['amnt'],0,PHP_INT_MAX);   //Ahh finally got whitespace to work had to retype everything because the forums bbcode formatter doesn't like copy/pasting.

It looks like to me a lot of this arguing is going on because of misunderstandings.   I copy/pasted runthis code and tested it. He had 1 syntax error which was a missing semicolon. On the php page I echo'd sanitizeOne($post,'int'); I created an html page with a form and input. input: 1 output: 1 (success: 1 is valid integer) input: -1.5 output: -1 (fail: -1.5 is not a valid integer. Integer value of -1.5 is -1. Script success!) input: 1.5 output: 1 (fail: 1.5 is not a valid integer. Integer value of 1.5 is 1. Script success!) input: -1 output: -1 (success: -1 is a valid integer) Will you please elaborate on how, where, or why this script failed when -1 is indeed an integer. ______________________________________________________________________________________________________________________________________________________ Were not, thats the point. Ive seen people gain millions on games from putting in negative numbers. Seems like its 2-0 to me :) The integer securing part of this script was to secure against non integer input. In some cases negative numbers maybe wanted (For example an answer to a math problem 2-5). If someone wanted to stop negative numbers from being input they could do a simple range check or simply wrap sanitizeOne with the abs function. Just because a script allows negative numbers doesn't mean its bad. ________________________________________________________________________________________________________________________________________________   As I said to danny the script is for validating if a user inputs a valid integer. Floating numbers are converted to integers and strings are converted to 0. You guys are only considering 1 reason a user would be entering a number (To add or subtract it from another number to get a positive number). If you don't desire negative numbers just do a range check or get the absolute value of the input number. Just know that sometimes negative and positive numbers are desired and. Think about this: someones captcha system was to answer a math question 2-5. If they ran the input through a function that only allowed positive numbers. Then checked if 2-5 == $input. Then the user input answer would always be wrong. _________________________________________________________________________________________________________________________________________________________

I thought this was a place for help not to argue over what is secure and what is not. The only way you can say something is not secure is if you know of a way to get around something. So if you see something you can get around in the code he has posted why not just tell him instead of waiting for something unwanted to happen?

You're not selecting accpoints or maxpoints in your query. So therefore they are both null and null is equal to null. So change your query to $q2=$db->query("SELECT `dlevel`,`accpoints`,`maxpoints` FROM `users` WHERE `userid` > 0");

Yep when you specify a blank url. html/css will translate it as the current url. So background-image:url(); is the same as background-image:url(http://domain/page.php); Which will cause it to load the current page you are on again.

Woah. I have been working on something almost exactly the same for the past couple months.

Having the incrementing/changing GET parameter (as a_bertrand said) would only be a temporary fix. So I recommend you find someone who can fix it or do it your self. Below I will give you the first step to go through if you do choose to fix it yourself. Sorry but with me not being able to see your code I will have to make you go through more intensive tasks to find where this bug is coming from. Well first off you will wan't to test in a browser with no add-ons. Some add-ons like the ones designed to make page loading faster usually pre-load or post-load links on the page causing pages to be loaded twice. I assume that you know enough php and mysql to edit databases and pages. Things for you to do. Create a table named "qry_testing". field "id" (auto increment) field "page" (text) field "ajax" (int) field "user" (int) field "time" (int) field "usload_id" (int) field "rType" (text) field "files" (text) ^^Keep Table (will help us with other things)^^ In your headers page at the end of the page (so we can be sure everything we need is already initialized). $_SESSION['pload_id']=isset($_SESSION['pload_id']) ? $_SESSION['pload_id']+1 : 1; function trackLoad() { $incls=get_included_files(); $inclStr=''; foreach($incls as $v) { $inclStr.=$v; } $page=__FILE__; $ajax=isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH']=='xmlhttprequest' ? 1 : 0; $user=isset($_SESSION['userid']) ? $_SESSION['userid'] : 0; $time=time(); $loadid=$_SESSION['pload_id']; $rType=(!empty($_POST) ? 'POST' : '').' - '.(!empty($_GET) ? 'GET' : ''); mysql_query("INSERT INTO `qry_testing` (`page`,`ajax`,`user`,`time`,`usload_id`,`rType`,`files`) VALUES('$page',$ajax,$user,$time,$loadid,'$rType','$inclStr')"); } trackLoad();   The above will basically give you a page load history on all of your users. After a few lines get into the table post up a printscreen or copy / paste of the rows in the table. Depending on what I see from the rows that are inserted into the qry_testing table I will determine what you should do next.

I have a few things for you to try. In your crimes page. Where you execute your queries. Replace $db->query with mysql_query. Are they still running twice after that? Have a few questions for you that will help me to help you better. Are ALL of your users experiencing this problem? If not is it the majority or the minority? Is this problem ONLY on the crimes page? If not is it ALL PAGES or just a select few?

If you know the language well enough you shouldn't have to ask in any forum? At minimum all you should need to do is look at documentation should you come past a problem. You could do the same with c,vb,java ask and what for an answer in a forum. If your project consists of people working on a php project then you will have php support on demand otherwise you will have to ask and wait for an answer online. Likewise with any other language (java,vb,c). You will be surrounded with people knowing the language that the project is in and will have support for it on demand. If not you will have to ask and wait on an answer online.

Every thing looks fine. What is the problem? Is it not taking you to the profile, is the link not showing, when on the pages is the profile not showing correctly?

Things to do Check to see if mysql user password & connection password correspond. Check if mysql user exists. Check if user has permission on localhost/127.0.0.1. One user with permission on host "%" (all) won't work. You will need a user with permission over localhost/127.0.0.1. Be sure page with mysql userinfo is included/required. Do these all these even if you haven't recently changed anything because a malicious, unintentional, invalid, mis-interpreted query or code may have changed something. Raven may have added some code to make a change to your game that would make it not work if it detected that you changed one of its encoded files. Or it may have stored the mysql user info in the file you changed. If they above does not fix the problem you probably will have to sniff it out by trial and error. Check to see at what point (after db connection has been established) can you not run a query and at what point can run a query in that file. If there is no point you can run a query then it's probably a configuration error somewhere whether it be wrong user/pass/perms , no connection established, or any other possibilities I can't think of right now.

I don't really see any draw backs to it really. Just filter out properties and functions that accept xml or javascript. Like the behavior property, expression function, -moz-binding. Those are only ones I read about in the past so there may be more.

One of the reasons of that is probably because more people know about java/c++ than php. Where I'm at Both C++ and Java are taught in high school. On top of that pretty much anyone who has the internet has java on their computer and they realize it every time a java app starts or anytime they update java. Then C++ is like a language that every one knows about, they may not even know what it does but they've heard about it. On a separate note when you were looking up those job offers did where you looking up java, java applet, or java servlets. If you only look up java then search engines are probably going to give you results for all 3. So of course all 3 are going to be more than php. Plus java applets and java programs are nothing similar considering they are both only ran on the clients side. So JSP(Java Server Pages) is what you should probably be looking for when comparing java to php. As for C# I have never looked into using it for a Web program. So I wouldn't know what difference there is between application and server usage. I think maybe if you search more specifically you might get different results.

What do you mean by "phps like this"?