Dillion & Amanda 4 Lif

ah, well i made this mod a week or two ago when i wasnt here, so thats why

I haven't seen anything regarding mysql_safe() anywhere until now. Are you sure your not using a function called mysql_safe()?

Seems like people want it. So far we have 5 Yes.

Well, its ready for v2. I will convert to lite later tonight. Enjoy. Any bugs just post. Shouldnt be any.

Maybe after my stock mod.

[align=center]Stock Market [v2 & Lite][/align] v2 is almost ready. Uploading most of it now. SQL -- phpMyAdmin SQL Dump -- version 3.2.4 -- http://www.phpmyadmin.net -- -- Host: localhost -- Generation Time: May 21, 2010 at 03:21 AM -- Server version: 5.1.41 -- PHP Version: 5.3.1 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; -- -- Database: `mmorpg` -- -- -------------------------------------------------------- -- -- Table structure for table `stock_market` -- CREATE TABLE IF NOT EXISTS `stock_market` ( `sID` int(11) NOT NULL AUTO_INCREMENT, `sNAME` varchar(255) NOT NULL, `sMAX` int(11) NOT NULL, `sCURRENT` int(11) NOT NULL, PRIMARY KEY (`sID`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=6 ; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; -- phpMyAdmin SQL Dump -- version 3.2.4 -- http://www.phpmyadmin.net -- -- Host: localhost -- Generation Time: Jun 05, 2010 at 03:14 PM -- Server version: 5.1.41 -- PHP Version: 5.3.1 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; -- -- Database: `game` -- -- -------------------------------------------------------- -- -- Table structure for table `user_stocks` -- CREATE TABLE IF NOT EXISTS `user_stocks` ( `stID` int(11) NOT NULL, `stUSER` int(11) NOT NULL, `stSHARES` int(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Dumping data for table `user_stocks` -- /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; stocks.php <?php /* Modification By Solid Snake for McCodes. Free-to-use and distribute as long as you keep this tag on :). Q&C: [email][email protected][/email] */ require_once('globals.php'); $_GET['cmd'] == isset($_GET['cmd']) && is_string($_GET['cmd']) ? strtolower(trim($_GET['cmd'])) : FALSE; switch($_GET['cmd']){ case 'Buy': cmd_buy(); break; case 'Sell': cmd_sell(); break; default: cmd_index(); break; } function strip_my_slashes($text){ return str_replace(array('/','\\'),array('',''), $text); } function add_stock($stock,$shares){ global $db,$ir,$h,$userid; $shares = abs(@intval($shares)); if(!$shares){ echo "You didn't specify a number of shares."; $h->endpage(); exit; } $s = mysql_fetch_object($db->query("SELECT * FROM `stock_market` WHERE `sID`=".$stock)); if(floor($shares*$s->sCURRENT) > $ir['money']){ echo "You don't have enough money to buy ".number_format($shares)." shares. You still need $".floor($s->sCURRENT*$shares-$ir['money']).". [url='stocks.php']>>Back<<[/url]"; $h->endpage(); exit; } if($db->num_rows($db->query("SELECT * FROM `user_stocks` WHERE `stID`=".$stock." AND `stUSER`=".$_SESSION['userid']))){ $db->query("UPDATE `user_stocks` SET `stSHARES`=`stSHARES`+".$shares." WHERE `stID`=".$stock." AND `stUSER`=".$_SESSION['userid']); $db->query("UPDATE `users` SET `money`=`money`-".floor($shares*$s->sCURRENT)." WHERE `userid`=".$_SESSION['userid']); echo "You have successfully bought ".number_format($shares)." shares from ".$s->sNAME." for $".number_format(floor($shares*$s->sCURRENT))."."; } else { $db->query("INSERT INTO `user_stocks` VALUES('".$stock."','".$_SESSION['userid']."','".$shares."')"); $db->query("UPDATE `users` SET `money`=`money`-".floor($shares*$s->sCURRENT)." WHERE `userid`=".$_SESSION['userid']); echo "You have successfully bought ".number_format($shares)." shares from ".$s->sNAME." for $".number_format(floor($shares*$s->sCURRENT))."."; } } function cmd_index(){ global $db; echo '<h3>Stock Market</h3> '; $q = $db->query("SELECT * FROM `stock_market` ORDER BY `sCURRENT` ASC"); echo '<table width="70%" cellspacing="1" class="table" style="text-align:center;"><tr><th>Company Name</th><th>Shares Worth</th><th>Shares Owned</th><th>Buy/Sell</th></tr>'; while($s = mysql_fetch_object($q)){ $sq = $db->query("SELECT `stID`,`stSHARES` FROM `user_stocks` WHERE `stID`=".$s->sID); $shares=0; while($sf = $db->fetch_row($sq)){ $shares+=$sf['stSHARES']; } $price = '<font color=green>$'.$s->sCURRENT.'</font>'; echo "<tr><td>[b]".strip_my_slashes($s->sNAME)."[/b]</td><td>[b]".$price."[/b]</td><td>[b]".number_format($shares)."[/b]</td><td> [url='stocks.php?cmd=Buy&ID=".$s->sID."']Buy[/url] - [url='stocks.php?cmd=Sell&ID=".$s->sID."']Sell[/url]</td>"; } echo '</table>'; echo ' [b]Note:[/b] Make sure to check back hourly.'; } function cmd_buy(){ global $db,$h; $_GET['ID'] == abs(@intval($_GET['ID'])); echo '<h3>Buy Stock</h3> '; if(!$_GET['ID']){ echo 'Stock doesn\'t exist'; $h->endpage(); exit; } if(!$db->num_rows($db->query("SELECT * FROM `stock_market` WHERE `sID`=".$_GET['ID']))){ echo 'Stock doesn\'t exist'; $h->endpage(); exit; } $s = mysql_fetch_object($db->query("SELECT * FROM `stock_market` WHERE `sID`=".$_GET['ID'])); if(!$_POST['Submit']){ echo '<form action="stocks.php?cmd=Buy&ID='.$_GET['ID'].'" method="POST"> Each share costs $'.$s->sCURRENT.'. How many would you like to buy? <input type="text" name="shares"> <input type="submit" name="Submit" value="Buy Shares"> </form>'; } else { $_POST['shares'] == abs(@intval($_POST['shares'])); add_stock($s->sID,$_POST['shares']); } } function cmd_sell(){ global $db,$h,$userid,$ir; $_GET['ID'] == abs(@intval($_GET['ID'])); echo '<h3>Sell Stock</h3> '; if(!$_GET['ID']){ echo 'Stock doesn\'t exist'; $h->endpage(); exit; } if(!$db->num_rows($db->query("SELECT * FROM `stock_market` WHERE `sID`=".$_GET['ID']))){ echo 'Stock doesn\'t exist'; $h->endpage(); exit; } $sq = $db->query("SELECT s.*,st.* FROM stock_market s LEFT JOIN user_stocks st ON st.stID=s.sID WHERE st.stID=".$_GET['ID']." AND st.stUSER=".$userid); $s = mysql_fetch_object($sq); if(!$db->num_rows($sq)){ echo 'You don\'t appear to have any shares in this stock!'; $h->endpage(); exit; } if(!$_POST['Submit']){ echo '<form action="stocks.php?cmd=Sell&ID='.$_GET['ID'].'" method="POST"> You have <font color=red>'.$s->stSHARES.'</font> [b]'.strip_my_slashes($s->sNAME).'[/b] shares. Each share is worth [b]<font color=green>$'.$s->sCURRENT.'</font>[/b]. How many would you like to sell? <input type="text" name="shares"> <input type="submit" name="Submit" value="Sell Shares"> </form> '; echo '[b]Note:[/b] Any money you recieve will be deposited into your bank account, if you have one.'; } else { $_POST['shares'] == abs(@intval($_POST['shares'])); if($_POST['shares'] > $s->stSHARES){ echo 'You are trying to sell more shares than you have.'; $h->endpage(); exit; } $db->query("UPDATE `user_stocks` SET `stSHARES`=`stSHARES`-".$_POST['shares']." WHERE stID=".$_GET['ID']." AND stUSER=".$userid); if($ir['bankmoney'] > -1){ $db->query("UPDATE `users` SET `bankmoney`=`bankmoney`+".floor($s->sCURRENT*$_POST['shares'])." WHERE `userid`=".$userid); } else { $db->query("UPDATE `users` SET `bankmoney`=`bankmoney`+".floor($s->sCURRENT*$_POST['shares'])." WHERE `userid`=".$userid); } $db->query("DELETE FROM `user_stocks` WHERE `stID`=".$_GET['ID']." AND `stUSER`=".$userid." AND `stSHARES`=0"); echo 'You sold [b]<font color=red>'.number_format($_POST['shares']).'</font>[/b] shares for [b]<font color=green>$'.number_format($s->sCURRENT*$_POST['shares']).'</font>[/b]!'; } } ?> staff_stocks.php <?php /* Modification By Solid Snake for McCodes. Free-to-use and distribute as long as you keep this tag on :). Q&C: [email][email protected][/email] */ require_once(DIRNAME(__FILE__) . '/sglobals.php'); switch($_GET['cmd']){ case 'New': cmd_new(); break; case 'Edit': cmd_edit(); break; case 'Remove': cmd_remove(); break; } function strip_my_slashes($text){ return str_replace(array('/','\\'),array('',''), $text); } function cmd_new(){ global $db; echo '<h3> New Stock </h3> '; if(!$_POST['Submit']){ echo '<table width="35%" cellspacing="1" class="table"> <form action="staff_stocks.php?cmd=New" method="POST"> <tr><th>Company Name:</th><td><input type="text" name="sNAME"></td></tr> <tr><th>Max Amount of Shares Worth:</th><td><input type="text" name="sMAX"></td></tr> <tr><th></th><td><input type="submit" name="Submit" value="New Stock!"></td></tr> </form> </table>'; } else { $_POST['sNAME'] == mysql_real_escape_string(strip_tags($_POST['sNAME'])); $_POST['sMAX'] == abs((int) $_POST['sMAX']); if(!$_POST['sNAME']){ echo 'You haven\'t entered a Company Name. [url="staff_stocks.php?cmd=New"]>>Back<<[/url]'; $h->endpage(); exit; } if(!$_POST['sMAX'] || $_POST['sMAX'] < 0){ echo 'You haven\'t entered a Max Amount for Shares Worth!'; $h->endpage(); exit; } if($db->num_rows($db->query("SELECT `sNAME` FROM `stock_market` WHERE `sNAME`='".$_POST['sNAME']."'"))){ echo 'Stock already exists!'; $h->endpage(); exit; } $db->query("INSERT INTO `stock_market` VALUES('','".$_POST['sNAME']."','".$_POST['sMAX']."','".$_POST['sMAX']."')"); echo 'The Stock [b]'.$_POST['sNAME'].'[/b] was added to the [b]Stock Market[/b]'; } } function cmd_edit(){ global $db,$h; echo '<h3> Edit Stock </h3> '; if(!$_POST['Stock']){ $q = $db->query("SELECT * FROM `stock_market` ORDER BY `sID` ASC"); echo '<form action="staff_stocks.php?cmd=Edit" method="POST"> <select name="Stock" type="dropdown">'; while($r = mysql_fetch_object($q)){ echo '<option value="'.$r->sID.'">'.strip_my_slashes($r->sNAME).'</option>'; } echo '</select> <input type="submit" value="Edit Stock!"> </form>'; } else if(!$_POST['Submit']){ $sq = $db->query("SELECT * FROM `stock_market` WHERE `sID`=".$_POST['Stock']); $s = mysql_fetch_object($sq); if(!$db->num_rows($sq)){ echo 'Stock doesn\'t exist!'; $h->endpage(); exit; } echo '<table width="35%" cellspacing="1" class="table"> <form action="staff_stocks.php?cmd=Edit" method="POST"> <input type="hidden" name="Stock" value="'.$_POST['Stock'].'"> <tr><th>Company Name:</th><td><input type="text" name="sNAME" value="'.strip_my_slashes($s->sNAME).'"></td></tr> <tr><th>Max Amount of Shares Worth:</th><td><input type="text" name="sMAX" value="'.$s->sMAX.'"></td></tr> <tr><th></th><td><input type="submit" name="Submit" value="Edit Stock!"></td></tr> </form> </table>'; } else { $_POST['sNAME'] == mysql_real_escape_string(strip_tags($_POST['sNAME'])); $_POST['sMAX'] == abs((int) $_POST['sMAX']); if(!$_POST['sNAME']){ echo 'You haven\'t entered a Company Name. [url="staff_stocks.php?cmd=New"]>>Back<<[/url]'; $h->endpage(); exit; } if(!$_POST['sMAX'] || $_POST['sMAX'] < 0){ echo 'You haven\'t entered a Max Amount for Shares Worth!'; $h->endpage(); exit; } $db->query("UPDATE `stock_market` SET `sNAME`='".$_POST['sNAME']."',`sMAX`='".$_POST['sMAX']."',`sCURRENT`='".$_POST['sMAX']."' WHERE `sID`=".$_POST['Stock']); echo 'The Stock [b]'.strip_my_slashes($_POST['sNAME']).'[/b] was edited.'; } } function cmd_remove(){ global $db,$h; echo '<h3> Remove Stock </h3> '; if(!$_POST['Stock']){ $q = $db->query("SELECT * FROM `stock_market` ORDER BY `sID` ASC"); echo '<form action="staff_stocks.php?cmd=Remove" method="POST"> <select name="Stock" type="dropdown">'; while($r = mysql_fetch_object($q)){ echo '<option value="'.$r->sID.'">'.strip_my_slashes($r->sNAME).'</option>'; } echo '</select> <input type="submit" value="Remove Stock!"> </form>'; } else { if(!$db->num_rows($db->query("SELECT * FROM `stock_market` WHERE `sID`=".$_POST['Stock']))){ echo 'Stock doesn\'t exist!'; $h->endpage(); exit; } $db->query("DELETE FROM `stock_market` WHERE `sID`=".$_POST['Stock']); $db->query("DELETE FROM `user_stocks` WHERE `stID`=".$_POST['Stock']); echo 'Stock Removed!'; } } ?> cron_hour.php $sq = $db->query("SELECT * FROM `stock_market`"); while($sfetch = $db->fetch_row($sq)){ $rand = mt_rand(1,10); $rand2 = mt_rand(1,2); if($rand2 == 1){ $db->query("UPDATE `stock_market` SET `sCURRENT`=`sCURRENT`+".$rand." WHERE `sID`=".$sfetch['sID']); } else { $db->query("UPDATE `stock_market` SET `sCURRENT`=`sCURRENT`-".$rand." WHERE `sID`=".$sfetch['sID']); } }

How about a new jail system? Lol. Where you can try to "Break Out" of prison once per visit, and if you fail your time is doubled, along with crafting jail keys with a crafting mod, etc. Much better ;). This, however, fails.

@Wreckless: Next time try to fix it yourself before you post. Im not trying to be offensive or anything, its just people do this alot. Post they need help and fix it themselves before anyone replies. But yes fix the IP, and i'd recommend putting a few other things in there to help out.

Yeah, but its all the way down there, a new member wouldnt know that.

There are only a few people that have known qualifications as far as i've observed. More people should learn how to secure lol

Well aren't you supposed to secure every page? Guide is great, just saying. I think you posted this a while back though, so im sure you know by now. As for meta tags working on secured forums, It doesn't work on the ones i made.

Unless they're botting to advertise, then itll just do it for em lol.

Same here. They have the flags, Silk v1.3, and some mini icons or something

Well if u add $h->endpage() above exit for mccodes itll keep the right design.

I figured it'd work to help prevent others that dont have .htaccess that block xss, help get rid of some of it. like i said though wasnt sure if itd be useful or not

[align=center]Silk Icons[/align] [align=justify]This icon set is packed with 1000 quality icons at your disposal. You can use them for practically anything, and they are royalty-free. I DO NOT claim these as my own. All credit is given to the folks at http://famfamfam.com. They've been around for a while but alot of people ask me where to get those silky small icons, so i decided i'd give you the direct link to download them. :)[/align] Silk Icon Download

function check_int($check){ if(preg_match("#\D#is", $check)){ echo 'Error text here.'; exit; } if(!ctype_digit($check) || !is_numeric($check)){ echo 'Error text here.'; exit; } }   Just thought of it. Basically first it checks if it matches anything except a number. Then it checks if its a valid number. Please tell me if its useful or something, not sure but it works.

Take out the '/' before globals.php in require_once('/globals.php') if your in the root directory and itll work :)

EDIT: Topic Changed to Car Modification. Read 1st post for info.

I've decided instead of Trucking Missions, i will be building a new car system. There is an old one, but mine will have a few more features, as well as be secure.

Not really. Then again ive only been here for 2 days

Is anyone going to use it?

I actually offered to Secure Mcv2 full engine for them and even though i would lose out on money with my offer they declined... So in about 2 years when they finally secure it im sure other people will have released their engines and MC will be obsolete. They have the right time to sell the product but with the insecurities with MC people just warez it (i have a legal copy) but i don't see the point in paying for insecure scripts im sure there could be some legal obligation they are breaking by selling it also, Satisfactory rights and so on. GPCG is the best acronym ever (Go Play CrimGame) [note: not mc codes affiliated] Just if anyone asks my price to secure it was 5% of the income per copy sold (they sell it for 100 dollars i'd be asking for 5 dollars of that).   5% would be a great deal. They'd make more money for being able to put secure on their site for the v2 too, so 5 out of every 100 for 100s of dollars is pretty cheap

Ahh thanks for reminding me sniko. It was originally part of the mod but i forgot. Will add in a sec EDIT: Cron is now located under the sql above the rate.php :)

Is it really that big of a deal? It works anyway.