Coly010

I'm on no such high horse I just see the post as being far too much for the question at hand, and like I said it would be better on a blog rather than to attempt to provide an answer to the OP's question. Think of it like this, if the OP tried to implement that to his script, it would not have solved the problem occuring

You've completely missed the point of the topic, despite your vast knowledge. Nor did you need to make that post. He wasn't asking about cloaking $_GET and POST he was asking how to hide GET requests in the beginning and then he asked why his code was working. What you've written despite being informative is in the wrong place imo. Put it on a blog or something, don't put it somewhere a person who doesn't understand how to use if ~ else statements properly as a potential answer to his problem. 1. He won't understand half of anything you wrote 2. You'll scare him away from coding 3. It's not exactly relevant to the problem at hand

The thing with gambling sites is that it's very high risk. After the 6 months then the ability to pay winnings to players will be based on money gained from subscriptions which will mean you need a lot of players. Also you'll need to balance winnings versus subscription cost. If you have 3 users all subscribed to bronze then you'll get say £12. Those 3 users are the only users in that division and on that subscription. For coming first you get money. That's done every week. Players aren't going to pay a monthly subscription if they can't win more than they pay. So you need to give them say £2 for coming first. That way if they win every week they get £8 back. Thus you only made £4 profit . Next up, legality. Any gambling site has to undergo inspection by the Gambling Conmission, and all gambling games must meet certain gambling requirements. Payout ratio etc has to be exact. The site also must have a Limitation System in place. That way the player can limit how much they spend a day/week. It also must check on registration or before any game if the player has excluded themselves either temporarily or permanently from gambling, and must also provide the player with the ability to exclude themselves. I'm pretty sure that's law. Now I'm not too sure if your site falls under Real Gambling or Simulated Gambling. They play games to win a score, that score gets them up a leaderboard. Top of leaderboard wins. They pay to get access to this site. Set up like that you may be able to avoid the laws. Set up that they pay 50p for a spin on a slot machine with a chance of winning money back, then you have to abide by the laws. Do your research before you build it.

The code you have works, just change the $hchance = mt_rand(1,1); to something like $hchance = mt_rand(1,100); You'll see that it does put user in hospital

if ($hchance == 1) { echo " <table class='mytable'><tr><td><center><h2>In The Hatch</h2> <img src='img/stairs.jpg' width='500px' height='300px'> You end up in a large room with 2 tunnels leading off and a stairs leading deeper down into the underground hatch Take the stairs <a href=''>Down</a> Take the tunnel on the <a href=''>Left</a> Take the next tunnel on the <a href=''>Right</a> Look for an exit <a href=''>Leave</a> </center></td></tr></table>"; } else { $Time = mt_rand(2,5); echo " As you walk down the dark and scary looking tunnel you here something creep up behind youBefore you can turn around you feel a blade pushed into your back <a href='hospital.php'>Hospital</a>"; $db->query(sprintf("UPDATE users SET hospital = $time , hospreason = 'While searching you got stabbed' WHERE `userid` = $userid")); }   this is what you have. You code is saying, If $hchance equals 1 then show information about ending up in a large room. If $hchance does not equal 1 then put user in hospital... You have forced your random to always equal 1 and therefore it will never be able to put the user in hospital because your $hchance always equals 1 and therefore the else statement is not being used. Can you look up how to use If~Else Statements before posting here saying your code doesn't work, as it does, its working exactly as it should, you have just failed to understand it.

  Well your else statement isnt going to be used if your forcing mt_rand to be 1 as your if statement says if($hchance==1) { // code }} else { //code } ? think about it, you want your mt_rand to not be 1 if you want the else part to work

  Tell us then. what error are you getting? How do you know if the event is not firing, could it be down to the fact that your mt_rand isn't generating a number other 1? if your mt_rand is mt_rand(1,1) like you had it in your original code, your else statement will never be needed

$chance=mt_rand(1,3); $hchance=mt_rand(1,5); require('globals.php'); //Your user tests if($ir['brave'] <= 0) { echo $noturns; $h->endpage(); exit; } if($ir['jail']) { print "<div class='desc2'> <div class='citstat'> <table class='mytable'><tr><td><center> How can you enter the hatch when you're in jail <a href='jail.php'>Go back to jail</a> </center></td></tr></table>"; $h->endpage(); exit; } if($ir['hospital']) { print "<div class='desc2'> <div class='citstat'> <table class='mytable'><tr><td><center> How can you enter the hatch when you're in hospital recovering<a href='hospital.php'>Go back to Hospital</a> </center></td></tr></table>"; $h->endpage(); exit; } // The events $db->query("UPDATE `users` SET `brave`=`brave`-1 WHERE `userid`=$userid"); if ($chance == 1) { echo " <table class='mytable'><tr><td><center><h2>In The Hatch</h2> <img src='http://yupi.md/wp-content/uploads/2014/12/1692009144053.jpg' width='500px' height='300px'> Its dark, you cant see anything but you hear a sound down one of the tunnels Take the tunnel straight <a href=''>Ahead</a> Take the tunnel on the <a href=''>Left</a> Take the next tunnel on the <a href=''>Right</a> Time to leave <a href=''>Leave</a> </center></td></tr></table>"; }else if ($chance == 2) { echo " <table class='mytable'><tr><td><center><h2>In The Hatch</h2> <img src='img/stairs.jpg' width='500px' height='300px'> You end up in a large room with 2 tunnels leading off and a stairs leading deeper down into the underground hatch Take the stairs <a href=''>Down</a> Take the tunnel on the <a href=''>Left</a> Take the next tunnel on the <a href=''>Right</a> Look for an exit <a href=''>Leave</a> </center></td></tr></table>"; } else if ($chance == 3) { if ($hchance == 1) { echo " <table class='mytable'><tr><td><center><h2>In The Hatch</h2> <img src='img/stairs.jpg' width='500px' height='300px'> You end up in a large room with 2 tunnels leading off and a stairs leading deeper down into the underground hatch Take the stairs <a href=''>Down</a> Take the tunnel on the <a href=''>Left</a> Take the next tunnel on the <a href=''>Right</a> Look for an exit <a href=''>Leave</a> </center></td></tr></table>"; } else { $Time = mt_rand(2,5); echo " As you walk down the dark and scary looking tunnel you here something creep up behind youBefore you can turn around you feel a blade pushed into your back <a href='hospital.php'>Hospital</a>"; $db->query(sprintf("UPDATE users SET hospital = $time , hospreason = 'While searching you got stabbed' WHERE `userid` = $userid")); } }   try that

Yep have your code randomly select what event to occur simply after the user has clicked search, don't have the code use $_GET. Now for your urls Google Apache mod_rewrite. At the start it will seem like gibberish to you. But after a while you get used to the patterns and understand it better

It's called vanity urls and if event 8 gives money then don't use $_GET.

I made a somewhat advanced shared housing mod. Hell if it ain't complicated, hell if it there isn't a lot of exploits and hell if you won't be finding bugs up to a week later. Take your time with it, think it out carefully before you start coding.

I'm slightly curious why you have two accounts. Witnesses can be both fabricated and influenced. If you don't have written proof then you'll fail to make a believer out of many people

It seems we need DonCity to resolve this. [MENTION=70818]syedboyz[/MENTION] you should also provide proof of purchase of this if you did in fact buy it, if you cannot then you don't have a leg to stand on whether or not you did in fact purchase this script. Take it as business experience either way and you'll know from now on to get proof purchase and some form of declaration that you are the rightful owner of it

I like your approach to it. I think I can say something that might be of interest to you. You may be able to use AJAX along with your modular system to give users the feel that your site is changing pages when in fact it isn't. Set up a system that loads the content of the module / page onto the client screen. Then have it when the user clicks a link, javascript absorbs the link, i.e doesnt tell the web browser to change page, and then unload the current content on the screen and load the new content. It'll be a complex little system to incorporate from scratch, but if you set your php modular system up correctly, then a few javascript functions will sort out the unloading and loading of the next page's content. I am myself currently working on something similar to that. I'm doing it more to investigate the performance of it, it could hinder or help overall performance, but either way it would be a good thing to learn how to do, as i've noticed more and more websites having this kind of "feel" to it. As for javascript libraries, look into node.js . I would suggest using it for chat, messaging and notifications in the game. Again its another learning curve and gives you experience using it.

I don't want to be that guy, but if you read my post, I never said that sql injection was his only problem, just that that particular part was insecure and gave him a way to minimise the risk. I am a firm believer that you can never have 100% security in a web app - - - Updated - - - - - - Updated - - -   Google it, it stands for cross-sitr scripting and is a vulnerability involving malicious scripts. I believe, not 100% on that though

This part is insecure:   if(isset($_POST['dp_update'])) { $db->query("UPDATE users SET cover_pic='{$_POST['dp_update']}' WHERE userid=$userid"); $ir['cover_pic']=stripslashes($_POST['dp_update']); print "<b>Your Avatar Has Been Updated!</b>"; }   try doing something like this:   if(isset($_POST['dp_update'])) { $cp = $db->esacpe_string(stripslashes(trim($_POST['dp_update']))); $db->query("UPDATE users SET cover_pic='$cp' WHERE userid=$userid"); print "<b>Your Avatar Has Been Updated!</b>"; }   ok, so the way you had it in the beginning leaves your database extremely vulnerable to sql injection. you need to validate and do your best to prevent sql injection wherever possible so never input the data a user has created directly into the database as it could contain any form of malicious string: hi, money=1000000, user_level=2 your query then becomes: $db->query("UPDATE users SET cover_pic=hi, money=1000000, user_level=2 WHERE userid=$userid");   see the problem? Also from what I can see the following is not needed $ir['cover_pic']=stripslashes($_POST['dp_update']);

It definitely does look nice, but to me personally, it looks too simply to sell. Most of it can be done in css, with the exception of the background image and the button, which both aren't overly difficult to do. I wouldn't sell it unless you provide it coded and maybe jqueryed as the layout permits a more interactive login page. But again, it looks nice.

No need to revive old topics, send the guy a PM to find out if he still needs a layout done

Yeah well when you work with java and c# you get to know about the size of data types and then when you have to use databases at school you learn the other types of ints, strings etc. I bought a game a few weeks ago and after playing it for a while I've realised that before long players can get a lot of money and money and in the game money essentially controls how powerful each player is and therefore I need to find how to slow it down and limit their power of it

Of course I know int(11) isn't the biggest. I just made the assumption that it was running a database schema from an existing game engine where the general data type is int with Length 11. I a simply made a statement and added a remark afterwards. If anything I was pointing out the fact that it couldn't be an int(11) Personally, if I was to run a game that was to have that much money in it I would use decimal(x,2) . Lower the price of everything and the money rewards by a factor of at least 10^2, if not more. I can't stand having that much money in a game. It just seems wrong and unrealistic. Back on topic. As for the menu, it looks good, the icons are a good way to visually represent what the values are. In my experience players appreciate that

looks good, but thats a hell of a lot of money. someone may need to verify this but that looks a lot bigger than an int(11) datatype

I didn't even think to look for mccodes IPN. I'm using a custom script aha. Thanks, I'll check it out

I really can't get my head round any of this. I have set up Express Checkout, it was working for the sandbox accounts, but then once I swapped it to the live accounts it says I need to sign up to accept Digital Goods, which I can't find a link to anywhere. On the documentation it tells me to click the Get Started button. When I do nothing happens. I've tried setting up buttons, but I can't find a way to securely find out if the transaction was completed so the code can credit the user.

Am I right in thinking IPN is what I'm looking for?

Ok so I created a few buttons on paypal to manage my in game purchases. My problem is that I've never worked with an auto creditor system before, so what I'm asking is how do I find out from paypal that the player paid the money, so that I can credit them the pack. I have the button return the item number of the pack, which it does using $_GET. So far I've it set up so that it credits the user based on $_GET and I thank god the game is not live because people could just fake it. Any help is appreciated.