Equinox

He pays people to make mods for the site. It's mostly stolen HTML to get the look. I even worked on a few mods for it.

The integration of this script would not be hard. I'd walk you through how to add it on your site for no charge.

Yes, because with it on he will clearly be able to fix it. :P

function repay_money() { global $ir,$c,$userid,$h; if($ir['loan'] <= 0) { die("You are trying to payback more then u have to > [url='bank2.php']Back[/url]"); } $db->query("UPDATE users SET loan=loan-{$_POST['repayed']} where userid='".mysql_real_escape_string($userid)."'",$c); $db->query("UPDATE users SET money=money-{$_POST['repayed']} where userid='".mysql_real_escape_string($userid)."'",$c); echo"You repayed the loan > [url='bank.php']Back[/url]"; } $h->endpage(); ?>   Change to   function repay_money() { global $ir,$c,$userid,$h,$db; if($ir['loan'] <= 0) { die("You are trying to payback more then u have to > [url='bank2.php']Back[/url]"); } $db->query("UPDATE users SET loan=loan-{$_POST['repayed']} where userid='".mysql_real_escape_string($userid)."'",$c); $db->query("UPDATE users SET money=money-{$_POST['repayed']} where userid='".mysql_real_escape_string($userid)."'",$c); echo"You repayed the loan > [url='bank.php']Back[/url]"; } $h->endpage(); ?>

In dbcon.php, under <?php add error_reporting(0);

In a globals file, something that is included on every page

You need to turn error_reporting off.

mi spelin and dat is perfict so i dun mind nd is not effectad by dis topic

It's not default with MCC, you say it as if MCC is a different language completely to PHP. $string = ' blah '; The reason you have to define the variable in this instance is down to the single quotes, single quotes will not look for a variable within a string whereas double quotes will, for example: $string = "http://xvon.info/game/register.php?REF=$userid"; That would work fine.

function highlightWords($string, $words) { foreach ( $words as $word ) { $string = str_ireplace($word, '<span class="highlight_word">'.$word.'</span>', $string); } /*** return the highlighted string ***/ return $string; } $string = 'http://xvon.info/game/register.php?REF='.$userid.''; $words = array('http://xvon.info/game/register.php?REF='.$userid.''); $string = highlightWords($string, $words);

Probably

So, Jordan suggests that applying mres to the $ip var would mean that you need to strip slashes on the output? Wrong. mysql_real_escape_string() will not hurt your IP variable, if it leads you to believe that your game is more secure then use it, it will not effect anything. And if there are ways to alter your IP then surely we need to do more than just mysql_real_escape_string() ? REMOTE_ADDR can not be altered, and that is the $IP variable. If you want to do it properly, as said by Palmer : "If your going to add "extra security" do it right.." (don't think that comment was thought through in this situation) Look into INET_NTOA() and INET_ATON(). Don't worry so much about this.

You're only going to get script kiddies here, not a full test of it's security :p A real hacker would most likely take it down in seconds if he felt the need XD

I disagree, I don't like the text - I'm more concentrated on the detail of the whole technology thing you've got going on, I like it. But overall I don't like the template, your last one was really cool - seems as if you've gone backwards, I don't know why you haven't kept it

I'll do it :P

http://www.w3theory.com ^ Quick servers, reliable and won't go down :whistling:

@font-face { font-family: "YourOwnFontNameHere"; src: url(/link/to/font) ; } body { font-family: YourOwnFontNameHere; }

echo and print will both work without the parentheses - by using brackets you're making it a function and most people believe that they are functions, but they're not. And Jordan, good job. Was just explaining to the question asked up ^ there

No. We're only selling the template as another is being made. We aren't selling the whole site

No, you do not get the domain name. Yes, you get the .PSD files You get login and ingame templates. We will change the title for you.

You might also like to take into consideration that Torn came first, rendering it impossible to be using mccodes.

No.

You're posting these mods, yet they are clearly the same from the screenshots. If someone bought this, it could easily be altered to be "buster of the hour", "mugger of the hour" etc. Not worth $3.

Yes it will. $ip = $_SERVER['remote_addr']; < Nothing wrong with this.

Why do you have a function that does the same as ctype_digit() surely you can't of altered it to be more flexible than ctype_digit() as it's only verifying a number ?