The Monk

Personally I don't like the idea of my users being able to steal items or points from one and another. Money is a given, you leave it outside of the bank for too long, you get mugged. That's actually reasonably real to life. Item stealing is as well but seeing as my game items are weapons and armor only it seems out of place. With users paying for points I certainly don't like the idea of others being able to take them. That being said I wish your sales all the best.

MW2 was good but not great, If black ops works over the kinks(which Treyarch are not know for, cough, WaW, cough) in MW2 then I can see BO being the best game since COD4.

I wouldn't say choosing the first engine you see is a good idea, the code is still very important. The end user would obviously prefer content over clean code. If you don't find a good balance of both it could be quite lethal, at least at the start of a project.

http://php.net/manual/en/function.mysql-real-escape-string.php Have a look at that function. Using that in your queries can remove a lot of SQL Injections, its not a 1 step instant security solution but it does haves a lot of pros for such a small bit of editing in your queries.

$5.00 or so. If the 'steal every 30 minutes' is NOT based of running a cron then you might get a bit more.

http://www.google.com That's the only one I know of. I just learnt by trial and error, its quite a good technique if your as stubborn as me haha.

[mccode v2.x] One-Click-Attack System I use my own edited version of that system. Makes sure that someone always wins and someone always loses, its reasonably easy to edit because the code is set-out pretty well. I think its based of GRPG's attack script.

I think Dayo is right. ::1 = localhost.

Its not brand new to mafia game's but I believe its one not used by a lot of MCCodes based games, although I truly haven't played enough to know.

Right on the money. I re-structured my 'fed-jail' so that users are now 'frozen', its easier to distinguish between jail, frozen and banned in my opinion. Frozen also makes more sense for the status of the user, not banned but not allowed to play temporarily. As for the question the thread is related too you can either check each individual value or use an array. Personally I prefer individual values as they are easier for things like gym.php which i still want my users to be able to use while in jail.

lottery.php <?php require_once "globals.php"; $money = (int)$ir['money']+0; print "<h3>Lottery</h3> [b]Ticket Cost: $1,000[/b] "; if($money < 1000) { print " You do not have enough money to buy a lottery ticket."; $h->endpage(); exit; } else { print "<form action='buy_ticket.php' method='POST'><input type='submit' name='submit' value='Buy Ticket'></form>"; } $h->endpage(); ?>   No reason to make a query for the users money, globals.php already has that. You can remove $money = (int)$ir['money']+0; if you feel its unnecessary but there are no queries ran on this page, load time shouldn't be any issue.

Slicing a PSD is easy, making it display you want in CSS/HTML is slightly more tricky but its something that the more you do, the faster you get at it. If you need CSS/HTML tutorials: http://www.w3schools.com Slicing tutorials are reasonably easy to find on google, personally I just used trial and error to learn slicing.

Update 2: More security added, uses database now, database removes hidden input cheating.

if($ir['user_level'] > 2) That would allow normal users to warn people if im not mistaken?   if($ir['user_level'] !== 2) That would allow only admins to warn.

W3Schools + PHP Manual was what started me out, I first learned HTML before PHP because I was told it was an easy concept to grasp. Once I understood the ins-and-outs of HTML I started reading W3S's PHP section, I made scripts that were very basic, majority of them were <form>'s that used POST/GET to relay messages. I wanted to learn a bit more in-depth PHP so I joined PHP coding sites, looked at what other people had coded and tried my best to understand it. In short, I believe the best way of learning a PHP is to edit/view other peoples work (With their permission).

I was just thinking I could use MySQL table or add a field to 'users'. I'm not sure whether it would be a good idea though, adds another thing for the server to process and another thing to secure.

If you can't secure it then release it free, I'm sure over time other members would help you get it fixed up good :)

I'd split the PHP files up. One for the shops(buy/sell). One for the trophies. One for stats. One for hunting. 1 table for shops. Merge items into inventory(Don't create a new one for this specifically). 1 table for kills. 1 extra field in 'users' table for total hunting trips. 1 table for animals etc(including forumlas). That's would be my way of approaching it(From a first glance at your ideas). The idea is good, executing it properly will likely be more than a 2-3 day job depending on how many hours you put in. Based on the depth of the whole idea, providing it was secured, clean(graphically and the actual code layout) and tested, you could probably sell it. Whether or not you want to make a bit of cash on the side or not is up to you.

I didn't think the bet would matter because the bet amount if being checked with the !in_array statement? One solution for the bet amount could be too only have 1 bet amount that wasn't declared in a hidden input.

I think I understand, they could edit the hidden value to 10 and keep guessing low. Is that what you mean?

That's fine, I don't expect you to spend hours doing something you can get payed for, I've already found out a decent amount of new stuff from the bits you changed. Edit: Should I add this in the make sure 'choice' is high or low? if(!in_array($guess, array('high','low'))) { echo '<center>You can only chose high or low.</center>'; $h->endpage(); exit; } or is there a better way of checking that? Edit again: Should I check the prize the same way? $prize = isset($prize) && is_numeric($prize) ? abs((int) $prize) : false; if(!in_array($prize, array('1000','2000','10000','20000'))) { echo '<center>An invalid amount of prize money has been determined.</center>'; $h->endpage(); exit; } or is there once again a better/more secure way.

Thanks Josh, that is exactly what I meant by feel free to tear it up :) After I posted this last night and turned my computer off the first thing I though was oh sh*t you can chance bet to anything so i'm glad that's fixed. Do you think I should use an array or switch statement for card images?

Feel free to point me in the right direction, even just by telling me what the result of the security flaw would be.

[align=center]The Monk's High/Low Mod for MCCodes V2 [/align] I was searching through the requests section and I found an old topic, high/low seemed easy enough. This is the first mod I made from scratch. I'll try to update this in the future and might release a paid premium version.   <?php require_once('globals.php'); echo '<center> <h3>High/Low</h3> </center>'; // Check submmited stuff// $bet = (int)$_POST['bet']+0; $oldnum = (int)$_POST['oldnum']+0; $choice = mysql_real_escape_string($_POST['choice']); // Stop checks // if ($_POST['bet'] && !$_POST['choice']) // Player entered bet but hasn't began game { if (!in_array($bet, array('500', '1000', '5000', '10000'))) { echo '<center>The bet you selected is not available.</center>'; $h->endpage(); exit; } if($bet > $ir['money']) { echo '<center>Not enough money!</center>'; $h->endpage(); exit; } $num = number_format(rand(1,10)); $check = $db->query("SELECT `userid` FROM `highlow` WHERE `userid` = '".($userid+0)."'"); if($db->fetch_row($check) == 1) { $db->query("UPDATE `highlow` SET `oldnum` = '".($num+0)."' WHERE `userid` = ".($userid+0).""); } else if ($db->fetch_row($check) == 0) { $db->query("INSERT INTO `highlow` VALUES ('".($userid+0)."','".($num+0)."')"); } echo '<center>The number is '.$num.'. Will the next number be higher or lower than '.$num.'? <table> <tr> <td> <form method="post"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="high" name="choice"> <input type="submit" value="Higher"> </form> </td> <td> <form method="post"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="low" name="choice"> <input type="submit" value="Lower"> </form> </td> </tr> </table> </center>'; } else if ($_POST['choice'] && $_POST['bet']) // Player chose high/low { if (!in_array($bet, array('500', '1000', '5000', '10000'))) { echo '<center>The bet you selected is not available.</center>'; $h->endpage(); exit; } if($bet > $ir['money']) { echo '<center>Not enough money!</center>'; $h->endpage(); exit; } if(!in_array($choice, array('high','low'))) { echo '<center>Invalid guess, must be high or low.</center>'; $h->endpage(); exit; } $newnum = number_format(rand(1,10)); $oldn = $db->query("SELECT `oldnum` FROM `highlow` WHERE `userid` = '".($userid+0)."'"); $oldnum = $db->fetch_row($oldn); if($oldnum['oldnum'] <= 0 || $oldnum['oldnum'] >= 11) { echo '<center>Invalid number generated, please message [url="/viewuser.php?u=1"]UserID 1[/url]</center>'; $h->endpage(); exit; } if($newnum < $oldnum) { $lala = 'low'; } else if($newnum > $oldnum) { $lala = 'high'; } else if($newnum === $oldnum) { $lala = 'same'; } if($lala !== $guess) { $result = 2; } else if($lala === $guess) { $result = 1; } else if($lala === 'same') { $result = 1; } if(!$result) { die("Error, contact [url='/viewuser.php?u=1']UserID 1[/url]!"); } // No result was generated $db->query("UPDATE `users` SET `money` = `money` - '".$bet."' WHERE `userid` = '".($userid+0)."'", $bet); if($result === 1) // Player won { $prize=$bet * 2; if(!in_array($prize, array('1000','2000','10000','20000'))) { echo '<center>An invalid amount of prize money has been determined.</center>'; $h->endpage(); exit; } echo '<center>Congratulations! You won your bet of '.money_formatter($bet,'$').' '; $db->query("UPDATE `users` SET `money` = `money` + '".($prize+0)."' WHERE `userid` = '".($userid+0)."'", $prize, $userid); $db->query("UPDATE `highlow` SET `oldnum` = '".($newnum+0)."' WHERE `userid` = '".($userid+0)."'"); echo 'You guessed '.$guess.', the previous number was '.number_format($oldnum['oldnum']).' and the new number was '.number_format($newnum).'. Is the next number going to be higher or lower than '.number_format($newnum).'? <table> <tr> <td> <form method="post"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="high" name="choice"> <input type="submit" value="Higher"> </form> </td> <td> <form method="post"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="low" name="choice"> <input type="submit" value="Lower"> </form> </td> </tr> </table> </center>'; } else if($result === 2) // Player lost { $db->query("UPDATE `highlow` SET `oldnum` = '".($newnum+0)."' WHERE `userid` = '".($userid+0)."'"); echo '<center>Sorry you lost your bet of $'.number_format($bet).' You guessed '.$guess.', the previous number was '.number_format($oldnum['oldnum']).' and the new number was '.number_format($newnum).'. Is the next number going to be higher or lower than '.number_format($newnum).'? <table> <tr> <td> <form method="post"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="high" name="choice"> <input type="submit" value="Higher"> </form> </td> <td> <form method="post"> <input type="hidden" value="'.$newnum.'" name="oldnum"> <input type="hidden" value="'.$bet.'" name="bet"> <input type="hidden" value="low" name="choice"> <input type="submit" value="Lower"> </form> </td> </tr> </table> </center>'; } } else { // Choose bet here echo '<center>Welcome to the High/Low casino! <form action="highlow.php" method="post"> Select your bet: <select type="dropdown" name="bet"> <option value="500">$500</option> <option value="1000">$1000</option> <option value="5000">$5000</option> <option value="10000">$10000</option> </select> <input type="submit" value="Start Game!"> </form> </center>'; } $h->endpage(); ?>   [mysql]CREATE TABLE IF NOT EXISTS `highlow` ( `userid` int(11) NOT NULL, `oldnum` int(11) NOT NULL, PRIMARY KEY (`userid`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1;[/mysql] A couple comments here and there to explain the point of some things. I'd love input/feedback, feel free to tear it up and re-post your 'better' version. Update 1: Secured querys + variables to the best of my knowledge. Update 2.1: Added support for MySQL table, removed hidden input editing vuln. Update 2.2: Re-secured in everything to use less processing power.

The image is too small, I can't see any of the text :S