Drizzah

That is exactly what I was trying to say. Thanks for helping clear that up.

For one, you can block proxies and still have users playing. The only ones blocked are those using proxies. I myself didn't know cloudflare was going to make everyone seem to be using proxies until I tried using it. I simply added that for people that wouldn't know what the above post before mine meant. Simply because I didn't know myself what it meant at first. You see' I have never used proxies in my life and only hear about them. Since people usually use them when trying to cheat and/or hack someone's site. Because I do not do things like that. I am not familiar with it. You know, you could have just posted back and let me know it meant the same. I guess it would have been to high for your standards.

There is a lot of people on this forum who would have wasted their time going to cloudflare without saying "proxies". Just because you knew what everything meant the day you started coding does not mean everyone else did! You will also have to change your name servers to theirs for those of you not as smart :P

Absolutely right. Also, if you block users from using proxies. All users will be blocked. I only know this as I tried already.

v2 staff can to be federal jailed. Look for this in the staff_punit.php file and there is nothing stopping it from happening. To the people saying the user is being taken off staff before being fed-jailed are wrong also. Anyone staff that has access to the fed-jailing can jail anyone as v2 sits. function fed_user_submit() <--- What to look for in staff_punit ----<<< { global $db,$ir,$c,$h,$userid; EDIT: Forgot to mention that it is the regular jailuser.php file that doesn't allow staff jailing.   I think the best code on this topic is from "DELETE ME NOW!" if(in_array($_POST['ID'], array(1,2))) { echo 'You cant fedjail id one or two'; event_add(1, "{$ir['username']} tried fed-jailing {$_POST['ID']} but did not work", $c); $h->endpage(); exit; }

I admit a lot of Americans can't spell, but that goes for every country. I myself think the majority of people that you may be talking about more than likely can spell, but choose to type shorter words by misspelling them to reply more quickly or to do whatever it is they may be doing by typing. Either way. You are wrong on the word colour by Americans just because the creator's of PHP decided to use it that way. :wacko: Americans mainly use the word colour when it contains to graphics/television color pallets. 8| "Most words ending in 'our' in the UK, Ireland, Canada, Australia and most other English speaking countries (e.g., colour, flavour, honour, labour, neighbour, rumour) end in 'or' in the United States (e.g., color, flavor, honor, labor neighbor, rumor). Most words in this category came from Latin nouns and was then borrowed into English from the French" ?(

In your eye's maybe the code don't work, but if it's used right in the header file, it does serve a purpose.  global $db,$c,$userid, $set; $IP = $_SERVER['REMOTE_ADDR']; $IP = mysql_real_escape_string($IP); if (isset($_SESSION['HTTP_USER_AGENT']) && ($_SESSION['HTTP_USER_AGENT'] !== sha1($_SERVER['HTTP_USER_AGENT']))) { session_write_close(); header('Location: login.php'); die; } else { $_SESSION['HTTP_USER_AGENT'] = sha1($_SERVER['HTTP_USER_AGENT']); } $db->query("UPDATE users SET laston=unix_timestamp(),lastip='$IP' WHERE userid='".abs(@intval($userid))."'");   As for the above reply to me again about taking codes and pasting them here claiming they are mine. I have done none of that as you clearly see on any post I have made here. I did not say the code was mine. I saw another post using another method and then saw your method and combined the both of them incase others may want to try it. I am not a coder once again. Never wanted to be and not trying to be either.

Yes' this may be your thought up idea to add to the topic, but by far is not your code as it has been pretty much used before you most likely got into php. As I have stated here in the past. I am no coder and only come here for extra ideas to use myself, but when someone here may be asking for help with something or I may be able to add to something being posted that may or may not work. I will do so. Also, what I posted does work just as well as what you have posted on the first page. I only said I think it will work because of simple people like yourself that have nothing better to do than to talk trash to other members of the forum (Internet Gangster)! You posted this: if ( isset($_SESSION['HTTP_USER_AGENT']) ) { if ( $_SESSION['HTTP_USER_AGENT'] != sha1( $_SERVER['HTTP_USER_AGENT'] )) { session_unset(); session_destroy(); header("Location: login.php"); } } else { $_SESSION['HTTP_USER_AGENT'] = sha1( $_SERVER['HTTP_USER_AGENT'] ); }   I posted this: $IP = $_SERVER['REMOTE_ADDR']; $IP = mysql_real_escape_string($IP); if (isset($_SESSION['HTTP_USER_AGENT']) && ($_SESSION['HTTP_USER_AGENT'] !== sha1($_SERVER['HTTP_USER_AGENT']))) { session_write_close(); header('Location: login.php'); die; } else { $_SESSION['HTTP_USER_AGENT'] = sha1($_SERVER['HTTP_USER_AGENT']); }   :thumbsup:

Another way to use it could be like this (I THINK)!:   $IP = $_SERVER['REMOTE_ADDR']; $IP = mysql_real_escape_string($IP); if (isset($_SESSION['HTTP_USER_AGENT']) && ($_SESSION['HTTP_USER_AGENT'] !== sha1($_SERVER['HTTP_USER_AGENT']))) { session_write_close(); header('Location: login.php'); die; } else { $_SESSION['HTTP_USER_AGENT'] = sha1($_SERVER['HTTP_USER_AGENT']); }

So all you know. I have looked the code over and noticed that I was actually using it wrong. Now that I am using it right, it is doing exactly what you all are saying. I agree totally about not using it now and do see why a few people here complain about certain games using it, lol. Thanks for the info everyone!

Only when trying to use on the shoutbox mod so far. As for eregi, you may be right as I have heard that from a few people already. I also heard that if it is working for you when testing it out. That is all that matters and if it don't, then make the change.  I absolutely agree with you on not knowing regular expressions, but I do test whatever code I use.  I don't know why anything else is being stripped out on you except what it is supposed to be stripping. I have tested this code on most pages on MCv2 except for the gang pages as of now and have not had any trouble yet. I did however have trouble when using it with the shoutbox and the fix was quite simple. The problem was only to do with when you click a smiley to add to shout, because of the characters it was using. I just replaced them with what I wanted to use instead of the normal code most sites use in a shoutbox, mailbox, forum and things such as those. Maybe I am misunderstanding what you are trying to say. Do you mean that if I was to type 'Unlikely' on any forms and click submit. That it would strip the 'U' from the word? If so, it does not. It only strips what it is told to strip. As for alot of the characters in the code nobody should be using unless trying to hack your forms. If certain words or characters in the code happen to give you trouble on a certain page, you could always make a new file for that page and edit what is allowed. This of course is all my opinion. I am not a hacker, wanna-b hacker or a programmer of any languages. Like I said in my first message. Some will say this or that.... I placed it here to help those who may want to try it out.

Added protection   Some people here will say this don't work and some will actually try it out and may even like to use it. It's all up to you and whoever decides to give it a shot. 1.) Take the below code and paste it into a .php file called whatever you want. Here I will use thefile.php. <?php function replace_meta_chars($string) { return @eregi_replace("([<])|([>])|([*])|([|])|([;])|([`])|([-])|([\])|([{])|([}])|([+])|([uNION])|([sELECT])|([DROP])|([WHERE])|([EMPTY])|([FLUSH])|([iNSERT])","",$string); } while(list($keyx,$valuex) = each($_REQUEST)) { if(eregi("([<])|([>])|([*])|([|])|([;])|([`])|([-])|([\])|([{])|([}])|([+])",$valuex)) { print "<table width=100% border=0 cellpadding=0 cellspacing=0> <tr> <td width=100% align=center>Attack Attempt</td> </tr> <tr> <td width=100% align=center> <font color=maroon size='3'>[b]!!! WARNING !!![/b]</font> [i][b]Malicious Code Detected! The staff has been notified. Currently, we only allow the characters of ' / ' and ' ? '.[/b][/i] </td> </tr> </table> << [url='explore.php']Explore[/url]"; event_add(1,"[url='viewuser.php?u=$userid']<u>{$ir['username']}</u>[/url] has been flagged for malicious code. [b]<u>Char Details</u>[/b] [b]Chars Used:[/b] $valuex",$c); $h->endpage(); exit(); } } reset ($_REQUEST); while(list($keyx,$valuex) = each($_REQUEST)) { ${$keyx} = replace_meta_chars($valuex); } ?>   2.) Place the following on the very top of whatever page you plan to use it on. require "thefile.php";   EXAMPLE: <?php $atkpage=1; include "globals.php"; require "thefile.php"; print "YOUR PAGE CONTENT"; $h->endpage(); ?>   If you plan to use it on all pages, then place it in either your globals or header file. I don't remember where I seen this code, but it is free to use and alot of games are using it right now as some of you may have seen already trying to hack. To allow/disallow characters, just remove or add them from the above script.....example below of what to look for. return @eregi_replace("([<])|([>])|([*])|([|])|([;])|([`])|([-])|([\])|([{])|([}])|([+])|([uNION])|([sELECT])|([DROP])|([WHERE])|([EMPTY])|([FLUSH])|([iNSERT])","",$string); if(eregi("([<])|([>])|([*])|([|])|([;])|([`])|([-])|([\])|([{])|([}])|([+])",$valuex))   For a little more added protection. Stick the following in your globals.php file. function anti_inject($campo) { foreach($campo as $key => $val) { $val = mysql_real_escape_string($val); // store it back into the array $campo[$key] = $val; } return $campo; //Returns the the var clean } //the next two lines make sure all post and get vars are filtered through this function $_POST = anti_inject($_POST); $_GET = anti_inject($_GET);   Enjoy!