Equinox

I updated this a bit - just made the code cleaner and made it into one file, altered the query a bit too...   <?php include(DIRNAME(__FILE__).'/globals.php'); $_GET['page'] = (isset($_GET['page']) && is_string($_GET['page'])) ? stripslashes(trim($_GET['page'])) : FALSE; switch($_GET['page']) { case "AttacksWon" : AttacksWon(); break; case "AttacksLost" : AttacksLost(); break; } function AttacksWon() { $atks = mysql_query("SELECT a.`attacked`, a.`attacker`,u1.`username` as `attackern`, u2.`username` as `attackedn` FROM `attacklogs` a LEFT JOIN `users` u1 ON a.`attacker` = u1.`userid` LEFT JOIN `users` u2 ON a.`attacked` = u2.`userid` WHERE (u1.`userid` = ".$_SESSION['userid'].") AND `result` = 'won' ORDER BY time DESC LIMIT 100"); echo '[b]Attack Logs - The last 100 players you have killed.[/b] <table width = "50%" cellspacing = "1" class = "table" border = "1" bordercolor = "#636363" align = "center"> <tr> <th>Time</th> <th>Attacked</th> </tr>'; while($r = mysql_fetch_array($atks)) { $d = date('F j, Y, g:i:s a',$r['time']); echo '<tr> <td style = "text-align : center;">'.$d.'</td> <td style = "text-align : center;">[url="viewuser.php?u='.$r['attacked'].'"]'.stripslashes(htmlentities($r['attackedn'])).'[/url]</td> </tr>'; } echo '</table>'; } function AttacksLost() { $atks = mysql_query("SELECT a.`attacker`, a.`attacked`, u1.`username` as `attackern`, u2.`username` as `attackedn` FROM `attacklogs` a LEFT JOIN `users` u1 ON a.`attacker` = u1.`userid` LEFT JOIN `users` u2 ON a.`attacked` = u2.`userid` WHERE (u2.`userid` = ".$_SESSION['userid'].") AND result='won' ORDER BY time DESC LIMIT 100"); echo '[b]Attack Logs - The last 100 players that killed you[/b] <table width = "50%" cellspacing = "1" class = "table" border = "1" bordercolor = "#636363" align = "center"> <tr> <th>Time</th> <th>Attacked</th> </tr>'; while($r = mysql_fetch_array($atks)) { $d = date('F j, Y, g:i:s a',$r['time']); echo '<tr> <td style = "text-align : center;">'.$d.'</td> <td style = "text-align : center;">[url="viewuser.php?u='.$r['attacked'].'"]'.stripslashes(htmlentities($r['attackedn'])).'[/url]</td> </tr>'; } echo '</table>'; } ?>

Lol, he really has - 8 days ago And now it's been updated  

But it wasn't your idea, was it? ;) I believe old Chedburn beat you there

I made this...(or very similar) [mp]28[/mp] Just click the above for screen shots and more information

Ok, so in a moment of boredom I created a template. Obviously I used some help from the Internet - but generally I spent a long time on it, so let me know what you think :thumbup:

Another common way that people use is   $_GET['action'] = (isset($_GET['action']) && is_string($_GET['action'])) ? stripslashes(trim($_GET['action'])) : FALSE;

Removed - made a mistake Good job

Ok, as this hasn't sparked much interest - the price has been lowered to $10, I guess Chicka was right... :P

  $5 isn't enough based on the 'code' :huh: I think my programming abilities are worth more than $5 lol :P Plus, this mod does alot in such a small space - I've seen this mod done in loads of files where it's not needed :S

Ok, so this is something I see seen asked for quite a bit, alot have been created but seem to have these issue and never get fixed. This one is like any other, but it's secure and efficient, plus a lot of fun with easy to add upgrades; A few screenies: Upgrade link : http://img442.imageshack.us/img442/6637/upgradee.png View upgrades : http://img168.imageshack.us/img168/3649/view.png Buy Upgrade : http://img706.imageshack.us/i/buy.png/ Error : http://img168.imageshack.us/i/errorod.png/ View your upgrades : http://img442.imageshack.us/i/view2.png/ I think that about covers it. Erm - file information: 1 Edit to users table 2 new tables Edit to estate.php Edit to index.php Staff_upgrades.php There isn't alot to edit nor is there alot of lines. I think in total after all edits, there's about 90 lines. To purchase this mod - Send me a PM with the email you want to have it sent to and I will send you the paypal address. Once I receive the $15, I will send the modification to the specified address. I provide full support of the modification and any upgrades made later on will be free :)

So, the guards 'mod' just adds will to your house? If so, why does it need 3 files and 6 SQL's? I'm pretty sure if you maybe added a switch() in estate.php you could do it? For example   switch($_GET['page']) { case "HouseGuards" : HouseGuards(); break; default : index(); break; } function index() { // Estate stuff } function HouseGuards() { if((isset($_POST['Guard'])) && ctype_digit($_POST['Guard'])) { $Price = 100 * $_POST['Guard']; echo 'You bought '.number_format($_POST['Guard']).' for $'.number_format($Price).''; } echo 'Here you may buy guards for your house, enter an amount to buy below'; echo ' Amount: '; } ?>   Unless I'm completely miss-understood, however that is an idea. Good job :) But a little more explanation should help :thumbsup:

Bye!

Cheers - I think it was made before for V1, but badly as far as I'm aware. That's what I was told, so I made this one as I liked the idea :P

Thanks for the payment! If there is any problems you have all the contact details needed - that is also my MSN. As a last resort if you can't contact me on that MSN/Hotmail - I'm mostly always online at: http://www.mcaddons.com If I'm not online (Equinox) contact (Zeddicus) or send me a PM. One of us will always be online :)

I've finally decided to sell this mod for $5 It's all secured, well. Minimal code (Missions has less than 50 lines) (attackwin.php and attacklost.php have 4 lines) You can start and cancel a mission, When you start you get a message saying what to do (made by you), then the user has to attack the set userID (bot made by you most likely) If they win the attack, they get the set reward and a mail explaining how much they get and a congratulations or whatever you decide to write. If they lost they get a failure message, again, all written by you. It includes: 2 files - staff_missions.php and Missions.php 1 new user row 2 new DB tables 2 file edits (attackbeat.php and attacklost.php) Demo : http://www.mcaddons.com/mccode/Missions.php If you'd like to buy this mod, please send $5 to: [email protected] Mail me on here once you have if I don't reply in a reasonable amount of time, I will send the mod to the email the money was sent from unless stated otherwise. If I update the mod and you've purchased a copy, you will get the update for free. Free support and fixes if needed Any other questions, please don't hesitate to ask Or - alternatively, my MSN is: [email protected]

No worries ;) Apologies if I came off rude as well, this medium of communication makes it hard to convey thoughts and emotions properly, leading quite easily to misunderstandings. I'll be eagerly awaiting your results from your test! I've been curious about this for some time (whether or not malicious code can sift through it, that is). I know there are ways to avoid standard code, such as using the % sign and numbers as symbols for letters, and other ways of obfuscating code to get past filters, but I don't recall ever seeing a method that uses pure letters and numbers. I genuinely wish you luck!   That's exactly what I say "It's hard to judge emotions over the Internet" I would give you an analysis of the code now, but as I say, It's Christmas and I'm not exactly "sober" :rolleyes:

Well on my behalf, I apologise. I didn't read the entire thread, I assumed you was posted a "quick fix" However, I'm sure there is malicious code that can pass through this. Tomorrow, when It's not Christmas I will give it a proper test. Please understand though, I was not questioning your abilities, nor was a judging your 'code'. Simply a miss-understanding of the entire thread as stated above ;)

I'm not full of it, You're just putting people under the belief that this will secure their site from everything, when it won't. Tell me, is this stopping csrf? Or anything of that sort? :rolleyes: I'm FAR from 'full of it' I don't believe I am an 'amazing' programmer. I dislike the fact the people can make the assumption their site is secure because of one function

  Fail.   abs(@intval($Var));   Fail. For a start, do you understand how much the @ operator slows your script down?

  It can changed for that, yes. Currently as I knocked this up real quick, you get a mail from yourself. But I will change it to Anonymous   Whats that supposed to mean? It's not actually a game....It's a forum, with Mccodes uploaded to it. I know i wasn't being sarcastic i like the site name mcaddons is a good name   Sorry for the miss understanding, it's mine and Zeddicus' forum :)

  It can changed for that, yes. Currently as I knocked this up real quick, you get a mail from yourself. But I will change it to Anonymous   Whats that supposed to mean? It's not actually a game....It's a forum, with Mccodes uploaded to it.

I'm not really well known, but if I was to put a price on this. I'd do it for $100, Most people are higher, some would be lower. That's my personal price

You're right, however, I was talking Redex through a few things.... He's learning, give him a chance to grasp the concept of things

  /me things he is referring to the strip_tags() :P

  On input, yes. However on output it's perfectly fine. It will strip slashes from the output.....So you're code won't display slashes everytime ' is used