sniko

Separating logic is a good thing, Florian_. This is getting offtopic (?), please take to a new thread, or PM. /Non-ModeratorsCanTellYouWhatToDo,Too. /EqualRightsForAll.

Pretty sure that the only things that correlate to the current v2 source in that list is the first 2 points. I'd speak to ColdBlooded before releasing it, if you do it - but I'd be interested in your approach of those bullet points ;)

Increase of security policies. Sure this could be branded as a re-write, but re-writes are fun! What will it involve? Security enhancement on sessions Sessions are now restricted to browser and IP Say bye-bye (hopefully) to session hijacking   [*]Address current XSS flaws Display pictures? Player names? Player signatures? ... Every user input? [*]Cross-site request forgery protection Especially on staff actions Create a token that is bound to a users IP, browser, and UserId [*]Improved logging Magictallguy has an interesting post about this. New heavy heiristics sensor [*]Password security md5 was considered broken in 1996. We could move on after 18 years. "Dynamic" password hashing - Pretty sure KyleMassacre has/had a plan for this [*]... And maybe some more overlooked flaws

  How much would you charge for an advertising spot? How long will the advertisement be on the screen for?

  Does there have to be an active user-base? Please can you define "fully functional"? What would you class as fully functional? What's your budget? How many are you looking to buy?

I've always been a fan of Pete's work! He's done an exceptionally good job on this one!

Obviously watching the wrong thing, ammeright script?

A wild demo account appeared! Username: demo Password: demo First impressions It looks cool, and sure is a different approach (kind of) to the normal McCodes games. Although, I don't know what to do? Is it race to #1hof? Psst! Better do a round of penetration testing! Especially the forums.

  I wonder if you even tried, or did you see the words "Parse error" and immediately give up? Did you even read the error message? Do you even understand what the message is telling you? .... Did you even look at line 268? Change if(($_SESSION['userid'] === $cData['RecieverID'])) || ($ir['user_level'] == 2)) To if(($_SESSION['userid'] === $cData['RecieverID']) || ($ir['user_level'] == 2))

Great addition! A few slight exploits in there - I've just run a document.write "command" on forum topic 3. This should be easy to patch up - however, great addition! Thanks

GitHub Repo I do plan on updating that repo once I've checked some things off my "to-do list" ;)

You can patch it all you like, but until *everyone* who has OpenSSL on their server updates, then it's still a problem. Also, what about the bad guys who have managed to steal private SSL keys via the exploit? Reissuing SSL certs surely isn't on someones favorite thing to do, especially as it's costly.   Nothing was wrong with the encryption, it was just bad logic. The logic allowed an offset to be allocated in the data, thus allowing memory access to be exploited.   Only for servers running outdated (pre-patch) OpenSSL versions

I like this guy.

Confirmed. They're taken.

In 2 months time, you'll want to be less cool. Add comments :D

Oh, so like all other generic text-based games? Sounds...exciting /sarcasm. Please try and win me over with this project and do something unique :D

As long as it's an engine, and not a out-of-the-box game masked/branded as an "engine" ;) Go for it.

It looks awesome IMO - kudos to Peter. On purchase, will your surrender all your rights to the design/code/anything-that-came-with-Peters-handover?

+1 for digital ocean

I think this applies :)

    As someone who is ~20/21, I'd expect a lot more respect for younger persons to want to try and learn something from you.  

$db is just a class object. IIRC, the McCodes database class is just a wrapper for MySQL, and not an intense abstraction layer like PDO.

  From the docs themselves The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver that implements the PDO interface can expose database-specific features as regular extension functions. Note that you cannot perform any database functions using the PDO extension by itself; you must use a database-specific PDO driver to access a database server. PDO provides a data-access abstraction layer, which means that, regardless of which database you're using, you use the same functions to issue queries and fetch data. PDO does not provide a database abstraction; it doesn't rewrite SQL or emulate missing features. You should use a full-blown abstraction layer if you need that facility.

> Thanks, we will get in touch with you when theres a spot available! Also, why is there a popup to free hosting on initial page load?

IIRC, he's 17, or mid-18.