Kieran-R

Ill get a few screenshots sorted in a momment.

no longer for sale.

If someone could tell me if the updated post is secured, then that would be great!

Hello. I was wondering if anyone has an ajax view user for sale? Or is willing to make one? Basicly, an ajax view user shows you the users profile on a slide coming down from the top of the page. So you wouldnt need to reload a new page when clicking on a users profile.

Original post has been updated...

ohh shit XD Thanks for letting me know. Ill update first post...

Yeah but it cannot be for mccode. anything can be made for mccodes...

If you could point out where I have gone wrong then that would be great. Im sure I have secured the $_POST, and $_GET variables, and one of the SQL's...

Hey. Im sure I have secured cyberbank.php. So im going to post it here :) Enjoy cyberbank.php: <?php require_once(dirname(__file__) .'/globals.php'); print "<h3>Cyber Bank</h3>"; if($ir['cybermoney']>-1) { switch($_GET['action']) { case "deposit": deposit(); break; case "withdraw": withdraw(); break; default: index(); break; } } else { if(isset($_GET['buy'])) { if($ir['money']>9999999) { print "Congratulations, you bought a bank account for \$10,000,000! [url='cyberbank.php']Start using my account[/url]"; $db->query("UPDATE users SET money=money-10000000,cybermoney=0 WHERE userid=$userid"); } else { print "You do not have enough money to open an account. [url='explore.php']Back to town...[/url]"; } } else { print "Open a bank account today, just \$10,000,000! [url='cyberbank.php?buy']> Yes, sign me up![/url]"; } } function index() { global $db,$ir,$c,$userid,$h; print "\n[b]You currently have \${$ir['cybermoney']} in the bank.[/b] At the end of each day, your bank balance will go up by 7%. <table width='75%' border='2'> <tr> <td width='50%'>[b]Deposit Money[/b] It will cost you 15% of the money you deposit, rounded up. The maximum fee is \$1,500,000.<form action='cyberbank.php?action=deposit' method='post'> Amount: <input type='text' name='deposit' value='{$ir['money']}' /> <input type='submit' value='Deposit' /></form></td> <td> [b]Withdraw Money[/b] It will cost you 7.5% of the money you withdraw, rounded up. The maximum fee is \$750,000.<form action='cyberbank.php?action=withdraw' method='post'> Amount: <input type='text' name='withdraw' value='{$ir['cybermoney']}' /> <input type='submit' value='Withdraw' /></form></td> </tr> </table>"; } function deposit() { global $db,$ir,$c,$userid,$h; $_POST['deposit']= abs(@intval($_POST['deposit'])); if($_POST['deposit'] > $ir['money']) { print "You do not have enough money to deposit this amount."; } else { $fee=ceil($_POST['deposit']*15/100); if($fee > 1500000) { $fee=1500000; } $gain=$_POST['deposit']-$fee; $ir['cybermoney']+=$gain; $sql = sprintf("UPDATE users SET cybermoney=cybermoney+$gain, money=money-'%s' where userid=$userid",$_POST['deposit']); $db->query($sql); print "You hand over \${$_POST['deposit']} to be deposited, after the fee is taken (\$$fee), \$$gain is added to your account. [b]You now have \${$ir['cybermoney']} in the Cyber Bank.[/b] [url='cyberbank.php']> Back[/url]"; } } function withdraw() { global $db,$ir,$c,$userid,$h; $_POST['withdraw']=abs(@intval($_POST['withdraw'])); if($_POST['withdraw'] > $ir['cybermoney']) { print "You do not have enough banked money to withdraw this amount."; } else { $fee=ceil($_POST['withdraw']*75/1000); if($fee > 750000) { $fee=750000; } $gain=$_POST['withdraw']-$fee; $ir['cybermoney']-=$gain; $db->query("UPDATE users SET cybermoney=cybermoney-$gain, money=money+$gain where userid=$userid"); print "You ask to withdraw $gain, the teller hands it over after she takes the bank fees. [b]You now have \${$ir['cybermoney']} in the Cyber Bank.[/b] [url='cyberbank.php']> Back[/url]"; } } $h->endpage(); ?>   If you feel this code is not secured, or can be secured further, then please post

I think he means like the one on torn. Basicly an admin adds games and odds to be betted on, and players can bet on which team they think will win.

Im also interested in something similar... And I will pay obv... lol

Hello. Well while surfing, I found this function while "supposedly" secured all your $_GET and $_POST variables:   function anti_inject($campo) { foreach($campo as $key => $val) { $val = mysql_real_escape_string($val); // store it back into the array $campo[$key] = $val; } return $campo; //Returns the the var clean } //the next two lines make sure all post and get vars are filtered through this function $_POST = anti_inject($_POST); $_GET = anti_inject($_GET);   I was wondering if simply putting this in globals protects your game from these kind of attacks? Thanks

How about ajax gym? ajax crystal temple? ajax player player report...

thanks Equinox for the tip! But is the code I posted secure? Because I have done something similar to a few other files on my game.

Hey. Im trying to learn security, and i've tried to secure the player report on my own. here it is:   <?php include(DIRNAME(__FILE__).'/globals.php'); $_GET['ID'] = (isset($_GET['ID']) && !empty($_GET['ID'])) ? intval($_GET['ID']) : false; $_GET['report'] = isset($_GET['report']) && !empty($_GET['report']) && ctype_alnum($_GET['report']) ? $_GET['report'] : FALSE; $_POST['report'] = (isset($_POST['report']) && !empty($_POST['report'])) ? $db->escape(strip_tags($_POST['report'])) : false; if($_POST['report']) { $_POST['player'] = (isset($_POST['player']) && !empty($_POST['player'])) ? intval($_POST['player']) : false; $db->query("INSERT INTO preports VALUES('',$userid,{$_POST['player']},'{$_POST['report']}')"); print "Report processed!"; } else { print "<h3>Player Report</h3> Know of a player that's breaking the rules? Don't hesitate to report them. Reports are kept confidential. <form action='preport.php' method='post'> Player's ID: <input type='text' name='player' value='{$_GET['ID']}' /> What they've done: <textarea rows='7' cols='40' name='report'>{$_GET['report']}</textarea> <input type='submit' value='Send Report' /></form>"; } $h->endpage(); ?>   Im sure that is secure, but if you think otherwise, please tell me where I went wrong! Thanks

Hello. I'm looking for an experienced coder to make me an advanced housig system for my MCCode game. I am willing to pay upto $40 depending on the experience you have, whether you can include all I want, and whether you wish to resell the mod. Here is what should be included in the mod: - House Rentals. Users can rent houses from other players paying a set amount of cash per day of the rent. - Rental Market. Users can put any of there houses up for let of the rental Market specifying the house, cost per day, and max rental period. - House Market. Users can put there houses FOR SALE for a set amount of cash chosen by them instead of selling there house to the game. That Is the main concept of what I am looking for. And as I sayed, $40 is the max I'm paying so noob coder, dot come say to me 'I'll make it for 40...'. The mod MUST be fully working and fairly easy for me to install. I know there is a free one made by Richard, bu that is full of bugs and errors. I you wish to discuss further, them send me a mail and we will discuss. Include your price in the mail.

Looks great danny. But if you want alot more sales, I HIGHLY suggest making the search a little more advanced. Any game looking for some great potential needs a better search. I myself would buy this if the search features were more in depth. Something you should look at. Anyway, good luck with your sales! Really cheap for the amountof work put in...

Thanks for the advice guys. Well after looking at a few tutorials, I'm thinking mabe I should really be securing my game on my own. I'm looking at many tutorials, and I think I now understand how to secure mysql querys. Do you think that they are the most vurnreable to attack? And the other ways of exploiting, is there any clear tutorials for them that I could follow? Thanks again.

Hello. Well im still working on my new game, and im ready to hire someone to secure it. However, to keep the budget as low as possible for the security, I was wondering if someone could assist me to tell me what parts/files of MCCodes are insecure. (Please. I know its nearly all insecure lol...) Also, If someone could tell me what parts of a PHP code are most vulnerable to attack/exploit. Please be as detailed as possible! Thanks Alot!!! Glucose...

Mabe an ajax mailbox or gym? :)

Try this:   function get_gameranks($level, $sapphire, $jade, $diamond, $garnet, $amber) { global $ir,$c,$userid,$level; $tp=$level; $sapphire=$r['smspph']; $diamond=$r['smdiam']; $jade=$r['smjade']; $amber=$r['smambr']; $garnet=$r['smgrnt']; if ( $tp = 500 & $sapphire >= 150 & $amber >= 150 & $diamond >= 150 & $garnet >= 150 & $jade >= 150 ) { return " Emperor"; } else if ( $tp < 401 & $sapphire >= 150 & $amber >= 150 & $diamond >= 150 & $garnet >= 150 & $jade >= 150 ) { return " King"; } else if ( $tp > 401 & $sapphire <= 149 || $amber <= 149 || $diamond <= 149 || $garnet <= 149 || $jade <= 149) { return " King"; } else if ( $tp < 301 & $sapphire >= 100 & $amber >= 100 & $diamond >= 100 & $garnet >= 100 & $jade >= 100 ) { return " Prince"; } else if ( $tp > 301 & $sapphire <= 99 || $amber <= 99 || $diamond <= 99 || $garnet <= 99 || $jade <= 100 ) { return " Prince"; } else if ( $tp < 226 & $sapphire >= 100 & $amber >= 100 & $diamond >= 100 & $garnet >= 100 & $jade >= 100 ) { return " Duke"; } else if ( $tp > 226 & $sapphire <= 74 || $amber <= 74 || $diamond <= 74 || $garnet <= 74 || $jade <= 74 ) { return " Duke"; } else if ( $tp < 151 & $sapphire >= 75 & $amber >= 75 & $diamond >= 75 & $garnet >= 75 & $jade >= 75 ) { return " Chancellor"; } else if ( $tp > 151 & $sapphire <= 74 || $amber <= 74 || $diamond <= 74 || $garnet <= 74 || $jade <= 74 ) { return " Chancellor"; } else if ( $tp < 101 & $sapphire >= 75 & $amber >= 75 & $diamond >= 75 & $garnet >= 75 & $jade >= 75 ) { return " Grand General"; } else if ( $tp > 101 & $sapphire <= 74 || $amber <= 74 || $diamond <= 74 || $garnet <= 74 || $jade <= 74 ) { return " Grand General"; } else if ( $tp < 76 & $sapphire >= 75 & $amber >= 75 & $diamond >= 75 & $garnet >= 75 & $jade >= 75 ) { return " Regent"; } else if ( $tp > 76 & $sapphire <= 74 || $amber <= 74 || $diamond <= 74 || $garnet <= 74 || $jade <= 74 ) { return " Regent"; } else if ( $tp < 51 & $sapphire >= 50 & $amber >= 50 & $diamond >= 50 & $garnet >= 50 & $jade >= 50 ) { return " General"; } else if ( $tp > 51 & $sapphire <= 49 || $amber <= 49 || $diamond <= 49 || $garnet <= 49 || $jade <= 49 ) { return " General"; } else if ( $tp < 31 & $sapphire >= 30 & $amber >= 30 & $diamond >= 30 & $garnet >= 30 & $jade >= 30 ) { return " Governor"; } else if ( $tp > 31 & $sapphire <= 29 || $amber <= 29 || $diamond <= 29 || $garnet <= 29 || $jade <= 29 ) { return " Governor"; } else if ( $tp < 21 & $sapphire >= 20 & $amber >= 20 & $diamond >= 20 & $garnet >= 20 & $jade >= 20 ) { return " Captain"; } else if ( $tp > 21 & $sapphire <= 19 || $amber <= 19 || $diamond <= 19 || $garnet <= 19 || $jade <= 19 ) { return " Captain"; } else if ( $tp < 11 & $sapphire >= 10 & $amber >= 10 & $diamond >= 10 & $garnet >= 10 & $jade >= 10 ) { return " Lt. Governor"; } else if ( $tp > 11 & $sapphire <= 9 || $amber <= 9 || $diamond <= 9 || $garnet <= 9 || $jade <= 9 ) { return " Lt. Governor"; } else if ( $tp < 6 & $sapphire >= 5 & $amber >= 5 & $diamond >= 5 & $garnet >= 5 & $jade >= 5 ) { return " Officer"; } else if ( $tp > 6 & $sapphire <= 4 || $amber <= 4 || $diamond <= 4 || $garnet <= 4 || $jade <= 4 ) { return " Officer"; } else {return " Recruit"; } }

ahh right. But when I remove the $c, then its saying it cant connect to the db...

@ Dayo: Still same error :( I am using V.2, and the only file that is being included is config.php. Globals is not needed in this file as its included in another file with globals.

Hello. Im having a problem with one of my MySQL querys, but I fail to understand where the error is! Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home3/mafianat/public_html/parse_comments.php on line 13 Line 13 = $Query = mysql_query("SELECT * FROM `comments` WHERE `userID` = ".$_GET['u']." ORDER BY `commentID` DESC LIMIT 5", $c); To me, that query looks fine... Can someone please assist me here?   Thanks!

Could you give a price for each 100x100 sized basic item image? Im looking for something similar to this