Equinox

I have this mod made I just want to know, who would buy it and would you pay $5 if I sold it for that much? It includes: 2 files - staff_missions.php and Missions.php 1 new user row 1 new DB table 2 file edits (attackwon.php and attacklost.php)   It's all secured, well. Minimal code (Missions has less than 50 lines) (attackwin.php and attacklost.php have 4 lines) You can start and cancel a mission, When you start you get a message saying what to do (made by you), then the user has to attack the set userID (bot made by you most likely) If they win the attack, they get the set reward and a mail explaining how much they get and a congratulations or whatever you decide to write. If they lost they get a failure message, again, all written by you. :) Please coment Demo : http://mcaddons.com/mccode/Missions.php Attack and hospitalize ID 2, once you've started the mission - You'll need to sign up, on sign up you get 10,000 stats each and an equip weapon

*Equinox throws up on sprintf() All them sprintf()'s are not needed. But good job.

Can you post the code with the problem?

<?php ------------------------------------- Copyright Name: Shooting mod Mod type: Free Madr by Ben-Nasha(ben nash) ------------------------------------- include_once(DIRNAME(__FILE__).'/globals.php'); if ($ir['shooting'] == 0) { die ("you have already shot today come back tomorrow"); } if (!isset($_GET['ben'])) { echo '<h3>Shooting</h3> [i]DESCIPRTOIN HERE.[/i] <a href=\'shooting.php?ben=shooting\'>Shoot man</a> '; } else { if ($_GET['ben'] == 'shoot') { $strength=rand(5,10); $cash=rand(50,100); echo 'You shot the man and gained '.$strength.' and $'.$cash.'!'; $db->query("UPDATE `userstats` SET `strength` = `strength` + $strength WHERE (`userid` = $userid)"); $db->query("UPDATE `users` SET `money` = `money` + $cash, `shooting` = `shooting` - 1 WHERE (`userid` = $userid)"); } } $h->endpage(); ?> [mysql]ALTER TABLE `users` ADD `shooting` TINYINT( 1 ) NOT NULL DEFAULT '5';[/mysql]   Just cleaned it up a little :)

How come there is: $cash=rand(100,1000); ? It's not even being used and it says even if you have a bad night sleep, you still gain strength, so either way you benefit. Won't that ruin your game a little? People can just refresh. And what's with the $_GET['ben']   if (!isset($_GET['ben'] ==sleep) Sleep is a string, so shouldn't it be quoted? Just a few observations

  :rolleyes:

Erm.... mysql_real_escape_string() strips special characters that may be entered And the strip_tags() strips any PHP or HTML tags that are entered..... I'm cleaning the entered text before it's inserted into the database.

I haven't actually viewed the code for Mccodes yet, but I doubt it's got a secure class. Try this code: $db->query("INSERT INTO mail VALUES('', 0, ".$ir['userid'].", ".$r['userid'].", unix_timestamp(),'".mysql_real_escape_string(strip_tags($subj))."','".mysql_real_escape_string(strip_tags($_POST['text']))."')");   I don't know if that will help at all :) If anyone could help me get to grips with Mccodes though, that'd be great :thumbup: