Equinox

Do you have the stock for the lighter?

I said thousands - but that's what I'd allow. So a couple of users may have millions, and so on. So it's a little bit like real life. I mean, when is an energy drink going to cost $15,000 and when does a "Steyr Aug" cost $150,000? Steyr's can range from $2,000 - $10,000. It's just really keeping it real, for me....

If you made that first one, it's brilliant!

It would be my choice to distribute to everyone else - unless you're suggesting you want me to make it so you can sell it to everyone, then no - that'd raise the price by a considerable amount.

Depends, if you want it done well - It'll cost more. I'd replicate Torn's one for you if the price was right...

How much are you offering?

Urgh, it was late.... Nevermind xD

  Did someone tell you that or was it a stab in the dark? Plus, you've got bigger problems here: You're selecting all the data from the table 'users', and with the size of that users table in V2 it's not really advised, the difference won't be that noticeable in a small game environment but it's still not advised. And, a way to improve speed is to use your database to it's full potential - don't cram a bunch of crap into one table, for example 'users'. I've seen people putting ALL their crimes into the users table and recording what crimes the user has completed by updating it to the users table. And it gets worse in the fact when they want to display the total amount of crimes accomplished, they done something like:   $Select = mysql_query("SELECT * FROM `users`); $User = mysql_fetch_array($Select); $Total = $User['Crime1'] + $User['Crime2'] + $User['Crime3'] + $User['Crime4'] + $User['Crime5'] + $User['Crime6']; echo $total;   It's shocking, that could easily be accomplished by recording the data into a separate database table. There are a lot of aspects of a site that you can alter to improve your site speed. Djkanna posted a very good way of doing things, with the video. I actually bookmarked links from that site as I'd never heard of them so thanks Djk ;) You will hear so many different ways on how you can go about this, but at the end of the day, for me it comes down to preference. I have my own preference like everyone else and I believe that my way is efficient enough, just like so many others.

Same.

This could be quite useful actually, I like it. Make a search feature and it highlights the words the user input.

Awesome!

Just because in other occurrences of the (int) inside of McCodes, doesn't mean it won't work in this instance. Unless ofcourse, the 'money' value is doing the same in a different file like globals

  Erm....why? Maybe it's a game with a high economy ?

Not only is ereg() deprecated, but why are you using mysql_real_escape_string() on a number? It won't effect anything on it, it's just not needed. And you seem to be using the '@' operator to suppress errors, you can avoid this by checking if the given function (_GET) is set or not and see if it is in fact a number with something like ctype or filter_input. That's just a few of many problems the last example posted has.....

<?php include_once (DIRNAME(__FILE__). '/globals.php'); // XSS Prevention. function NoXSS($Var) { return (get_magic_quotes_gpc()) ? htmlspecialchars($Var) : addslashes(htmlspecialchars($Var)); } $_GET['act'] = isset($_GET['act']) && ctype_alpha($_GET['act']) ? trim($_GET['act']) : 'Index'; switch ($_GET['act']) { case 'SexChange': SexChange(); break; case 'PassChange': PassChange(); break; case 'namechange':namechange();break; case 'DPChange': DPChange(); break; case 'racechange2':do_race_change();break; case 'racechange':conf_race_change();break; case 'ForumSig': ForumSig(); break; case 'marriage2': do_demand_take(); break; case 'marriage': demand_take(); break; default: Index(); break; } if (!in_array($_GET['act'], array('Index', 'SexChange', 'PassChange', 'nameChange', 'DPChange', 'ForumSig', 'do_race_change', 'conf_race_change', 'do_demand_take', 'demand_take'))) { print "Ip Logged"; } // Index Function. function Index() { echo '<h3 style="text-decoration: underline;">Your Preferences</h3> [url="preferences.php?act=SexChange"]Sex Change[/url] [url="preferences.php?act=PassChange"]Password Change[/url] [url="preferences.php?act=namechange"]Username Change[/url] [url="preferences.php?act=DPChange"]Display Picture Change[/url] [url="preferences.php?act=ForumSig"]Forum Info Change[/url] '; if($ir['marriage']) { echo '<a href = "preferences.php?action=marriage">Marriage Allowance Change</a> '; } } // Sex Change Function. function SexChange() { global $ir, $db; if($ir['gender'] == "Male") { $g="Female"; } else { $g="Male"; } if (isset($_POST['NewGender'])) { $db->query(sprintf("UPDATE `users` SET `gender`='%s' WHERE `userid`='%d'", $_POST['NewGender'], $ir['userid'])); echo sprintf("You Are Now A %s", $_POST['NewGender']); exit; } else{ echo '<h3 style="text-decoration: underline;">Sex Change</h3> <form action="preferences.php?act=SexChange" method="post">'; echo sprintf("<input type='hidden' name='NewGender' value='%s' />", $NewGender); echo sprintf("You Are Currently A Are %s, Are You Sure You Want To Become A %s? ", $ir['gender'], $NewGender); echo '<input type="submit" value="Yes!" /> </form>'; } } // Password Change Function. function PassChange() { global $ir, $db, $c; $Info = $db->fetch_row($db->query(sprintf("SELECT `userid`, `userpass`, `login_name` FROM `users` WHERE `userid`='%d'", $ir['userid']))); if (isset($_POST['OldPass'], $_POST['NewPass1'])) { if ($_POST['NewPass1'] == '') { echo 'Error! You Entered No Password '; } else if (md5($_POST['OldPass']) != $Info['userpass']) { echo 'Error! The Current Password Is Inncorrect! '; } else { $db->query(sprintf("UPDATE `users` SET `userpass`='%s' WHERE `userid`='%d'", md5($_POST['NewPass1']), $ir['userid'])); echo 'Your Password Has Been Updated! Your New Password Is: [i]'.$_POST['NewPass1'].'[/i] Keep This Password Safe And Don\'t Tell Anyone It. > [url="index.php"]Home[/url]'; } } else { echo '<h3 style="text-decoration: underline;">Password Change</h3> <form action="preferences.php?act=PassChange" method="post"> Current Password: <input type="password" name="OldPass" /> New Password: <input type="password" name="NewPass1" /> <input type="submit" value="Change Password!" /> </form>'; } } // Name Change Function. function namechange() { global $c,$db,$ir; if (isset($_POST['NewName'])) { $CheckLog = mysql_num_rows(mysql_query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `login_name`='%s' AND `userid`!='%d'", $_POST['NewName'], $_SESSION['userid'], $c))); $CheckGame = mysql_num_rows(mysql_query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `username`='%s' AND `userid`!='%d'", $_POST['NewName'], $_SESSION['userid'], $c))); if (trim($_POST['NewName']) == '') { echo 'Error! You Did Not Enter A New Name '; } else if ($CheckLog) { echo 'Error! This Name Is In Use '; } else if ($CheckGame) { echo 'Error! This Name Is In Use '; } else if (strlen($_POST['NewName']) < '4') { echo 'Error! This Name Is Too Short'; } else if (strlen($_POST['NewName']) > '15') { echo 'Error! This Name Is Too Long'; } else { $_POST['NewName'] = str_replace(array("<", ">", "'", ";"), array("", "", "", ""), $_POST['NewName']); $db->query("INSERT INTO `namechange` VALUES('','".$ir['username']."','".$_POST['NewName']."',".$ir['userid'].")"); echo 'You Have Sent your name change request!'; } } else { echo '<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. Name changes will not be immediate. You must wait for the staff to Review and accept/Deny. If denied you will be informed as to why. <form act="preferences.php?act=namechange" method="post"> New Name: <input type="text" name="NewName" /> <input type="submit" value="Change Name" /> </form>'; } } // Display Picture Change Function. function DPChange() { global $ir, $db; $Pic = $db->query(sprintf("SELECT `display_pic` FROM `users` WHERE `userid`='%d'", $ir['userid'])); if (isset($_POST['NewPic'])) { if ($_POST['NewPic'] == '') { echo 'You Did Not Enter An Image'; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { print "Ip Logged"; } else { $_POST['NewPic'] = str_replace(array("<", ">", "'", ";", ".php", ".html", ".js"), array("", "", "", "", "", "", ""), $_POST['NewPic']); $db->query(sprintf("UPDATE `users` SET `display_pic`='%s' WHERE `userid`='%d'", $_POST['NewPic'], $ir['userid'])); echo 'Picture Changed'; } } } else { echo '<h3>Pic Change</h3> Please note that this must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="preferences.php?act=DPChange" method="post">'; echo sprintf("New Pic: <input type='text' name='NewPic' value='%s' /> ", $Pic['display_pic']); echo ' <input type="submit" value="Change Picture" /> </form>'; } } //Do race change. function conf_race_change() { global $ir,$c,$userid,$h; if(isset($_POST['race'])) { $db->query("UPDATE users SET race= '".mysql_real_escape_string($_POST['race'])."' WHERE userid=$userid"); echo ("You Have Changed your Race Type! [url='preferences.php']Back[/url]"); exit($h->endpage()); } print "<center><hr width='20%'>Race Change<hr width='20%'> <form action='preferences.php?action=racechange2' method='post'> <select class=textbox name='race'> <option value='Wizard'>Wizard</option> <option value='Ware Wolf'>Ware Wolf</option> <option value='Vampire'>Vampire</option> <option value='Yeti'>Yeti</option> <option value='Elf'>Elf</option> <option value='Zombie'>Zombie</option> <option value='Beast'>Beast</option> <option value='Dwarf'>Dwarf</option> <option value='Gangsta'>Gangsta</option> <option value='Criminal'>Criminal</option> <option value='Pimp'>Pimp</option> <option value='Member'>Member</option> <option value='God'>God</option> <option value='Pilot'>Pilot</option> <option value='Boxer'>Boxer</option> <option value='Chief'>Chief</option> <option value='Cop'>Cop</option> <option value='Creature'>Creature</option> <option value='Seller'>Seller</option> <option value='Buyer'>Buyer</option> <option value='Goth'>Goth</option> <option value='Thief'>Thief</option> <option value='Hacker'>Hacker</option> <option value='Skeleton'>Skeleton</option> <option value='Demon'>Demon</option> <option value='Goblin'>Goblin</option> <option value='Unknown' SELECTED>Unknown</option> </Select> <input class='textbox' type='submit' value='Change Race' /> </form>"; } function do_race_change() { global $db,$ir,$c,$userid,$h; $db->query("UPDATE users SET race='{$_POST['race']}' WHERE userid=$userid"); print "You Have Changed your Race Type! [url='preferences.php']Back[/url]"; } // Forum Info Change Function. function ForumSig() { global $ir, $db; if (isset($_POST['NewFSig'])) { $db->query(sprintf("UPDATE `users` SET `forums_avatar`='%s', `forums_signature`='%s' WHERE `userid`='%d'", NoXSS($_POST['FPic']), NoXSS($_POST['NewFSig']), $ir['userid'])); echo 'Forum Info Updated'; } else { echo '<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="preferences.php?act=ForumSig" method="post">'; echo sprintf("Avatar: <input type='text' name='NewFPic' value='%s' /> ", $ir['forums_avatar']); echo sprintf("Signature (you may use BBcode): <textarea rows='10' cols='50' name='NewFSig'>%s</textarea> ", $ir['forums_signature']); echo '<input type="submit" value="Change Info" /> </form>'; } } function demand_take() { global $ir; if($ir['married']) { echo '<h3>Marriage Allowances</h3> Disactivating this means your partner has [b]no[/b] access to take your money '; if($ir['demand_take'] == 0) { echo '<a href = "preferences.php?action=marriage2">Click here to allow your partner to take your money!</a> '; } else { echo '<a href = "preferences.php?action=marriage2">Click here to [b]not[/b] allow your partner to take your money!</a> '; } } else { echo 'You are not married'; } } function do_demand_take() { global $ir; if($ir['married']) { if($ir['demand_take'] == 1) { mysql_query("UPDATE `users` SET `demand_take` = 0 WHERE (`userid` = ".$_SESSION['userid'].")",$c); echo 'Your partner can [b]not[/b] take any money from you anymore! <a href = "preferences.php">Back</a>'; } else { mysql_query("UPDATE `users` SET `demand_take` = 1 WHERE (`userid` = ".$_SESSION['userid'].")",$c); echo 'Your partner can now take money from you! <a href = "preferences.php">Back</a>'; } } else { echo 'You are not married'; } } $h->endpage(); ?>

I don't think the way you've done the UPDATE function is quite right O.o wouldn't exactly be the way I'd go about it, and I'd definitely go with what bertrand said, use MySqli for PHP 5

I helped Paul go through some stuff that may help, but it's not working. It's the host that needs to fix this one I guess

He's suggesting it, and it's easily applicable here however not recommended, this method has a lot of flaws - for example you have a power cut, your crons will stop running.

Lol, this won't secure your site.

  $user = $db->fetch_single($db->query("SELECT `userid`, `username` FORM `lottery` WHERE (`id` = ". $winnerid .");")); mysql_query("INSERT INTO `announcements` VALUES('".mysql_real_escape_string($user['username'])." won the lottery', ".time().")");

It doesn't really show the full extent of what you can do. You said you can program in a secure, up to date code that's fast and efficient - this doesn't really demonstrate that. I'll give you kudos though, as it wasn't as bad as it could of been, but the tabbing is way too much. Try creating something from scratch or recoding a file that hasn't been recoded yet, McCodes could use all the help it can get. Well done, if we could +1 I'd do it =]

Oooh, I had to reply now. He says take it to PM but blocks me on MSN because I said:   Cookies, NAO! says: *Oh sorry, i never knew i had 'l33t' skill's, you see, at first i thought i was a n00b as you said, now you say i have 'l33t' skills. Thank's. But then again, your clearly an idiot if you never played around with the gym. *That's sarcasm... *Are you simple?   Oh well. I was simply saying that, when you wanted to prove yourself, you linked to a gym you made. That must mean you're amazing, I'm taking the piss. I can't believe I had to explain that, it's not a lot to understand. And please do lock this topic - he clearly has nothing more to say of any intelligence other than "get a life" and "fool".

Oh look - and now he resorts to personal insults. Typical of the common 'tard. So you're seriously suggesting I don't have a life? XD That's quite funny actually, normally when I here that from other people - it's not so funny, but you of all people is a good laugh. This coming from the person that claimed to have a custom engine, then come and cried all day long when it was proven otherwise. This coming from the stalker who followed someone around on a forum just because they disliked them and was wrong in most cases (mccodes website on their forums that is now down). Pffft, you are the biggest gimp here. Now how about instead of acting big, you finish off your stupid McCodes game and go off and take some heroine, or whatever is you stupid pubescent boys do nowadays.

Haha, you really are a sucker. "Continue to your corner" - don't act smug because you whipped something u quick enough. But hey, you must not use McCodes, you have 'l33t' skills, I remember when you made a gym! Oh yes, you made a gym! that uses about a line of Ajax and it was so complicated to make! I thought you was going to ignore this thread, eh? But nope, instead of ignoring, you went away and began doing what you should of done in the first place and made an engine from scratch. And Torn only looks like McCodes because McCodes copied Torn.....

That was directed at Fusion, as he seems to be the programmer...:)