runthis

Urbanmafia makes a great point, but i think urban, his idea is to invest in a game that someone believes so much in that the $15,000 would seem very tiny compared to it's potential income. I don't plan to retire on $15,000 anytime soon. In essence he would be paying a coder and designer to make a game from scratch. With an actual investment into my game, it would be started from scratch.

I suppose it is really hard to explain the buzz that follows Hacking Games. I guess my best example would be Uplink, if you happen to find yourself around the Uplink forums, the game is over 11 years old and still has 30-50 visitors online at any given moment and alot of posts find themselves in the "Where is uplink 2" section, or "We want uplink online". These games become Cult Classics and time usually tells. Thanks for the quick response. On another note, all games in the same genre no longer exist or are no longer being updated, this leaves a completely untapped market as well. Given the proper resources instead of just me and notepad, i suppose things could move quicker than they do move. On another note, most console games these days sport some sort of Hacking Feature, and it is only a matter of time until one is created and popularized. With a great story line, a great name and a great idea behind the entire concept (which i can email you if you like) could get my game picked up as a potential commercial game for consoles.

i always wondered if old browsers would spew out php code

I am not sure how assigning admins works in mccodes, but when i assign an admin, that just means that they have more access to records. I do not create any sort of employee class that lets someone edit anything. If you want to truly make someone an admin, you are probably doing this because you are moving on to your next project, they just became your business partner, or you know them in real life. You can let your admins/staff play all they want. It's a simple code if(!admin){ echo stats }. Your admins / staff could be the top players and the stats would never show. it is common practice to program that kind of thing. You could also program a way for staff to have 2 accounts that can easily be switched between in-game without having to hit the login screen or register (this is great for bug testing staff)

This became a bust. The OP (Original Poster) seemed like he was interested in nothing here but my ideas. When we started talking privately, nothing came of it. Not sure what this post was really about or maybe he found someone else to invest in. Good Luck MWG. I'm off.

You SHOULD be able to attack other players that are also in the jail or hospital. At least that is what i would do if i programmed an mccodes game. Maybe i am wrong but there are fights in jails, and you should be able to fist fight someone inside the jail with you. Seems like an easy write up.

Thank you. You played "Slavehack" i am sure. Slavehack, although very fun, is extremely outdated, and no updates in over 2 years. The new owner is named Brian (something) and i have him on my messenger. The owner (brian) is 14 years old and lives in the UK, maybe ireland. Although the game was actually created by a real game developer named m2h, the new owner hasnt done much with it since he took over. You can see his other work at "m2h.nl". The community is full of hateful people there and gameplay bores after 1 or two months, sooner if you know someone willing to give you items :(

Hello, my name is Robert Miller. I am 25 years old and I have recently received my Associates Degree in Computer Science. Although there were several classes for programming and database structures in college, i actually began learning how to program in 2003 by downloading large open source projects and editing the source code. I currently live in Pasadena Texas with my Fiance. It is not the best area for starting our family, but it is cheap and we keep to ourselves. The game that i am working on is a Hacking Game. The idea came to me when i was playing an old windows based hacking game from 2001 and i needed some information. When i visited the forum for the hacking game i noticed that there were people (even today) still asking "Wheres the sequel", "Will there be an online version?" etc etc. Usually when i visit that forum it has about 30 non registered guests at any given time of day. Remember, this is for a windows based game that didn't make it to a store near you from 2001. Anyway, i digress. I started programming a very rough copy of a hacking game. When i began i decided "No game engine". A hacker friend of mine (last year) broke into and stole source code from a hacking game website (started in 2005) and asked if i wanted the source code. I told him "I dont want my game to be nothing like that". I wanted my game to be fresh and unique, not the same old hooplah. I did not want my game to look like a website, like so many other games tend to look like. I was hoping for a game that looked like an actual game. I named my game "Pure" and i wanted it to be the kind of game that anyone would want to play, because of it's diversity of features. I decided i was going to try some fancy programming. I wanted the effects of your actions (like cracking a password) to look like it does in the movies, with the digits spinning around and landing on a correct one, etc. I totally did it and as i began to progress in programming this game i realized that this is a really untapped market full of unlimited possibilities. All of the feedback i received was great, i was shocked when one of the users requested that i add a donate button (i didn't think it was ready for one), when i did, i received my first donation, it was for $100. Talk about a moral boost. Some interesting features (not specific to hacking games) is a smart phone made to look like an actual phone, where inside is a complete messaging system with room for much more sections (such as a help section tucked right in there). Smart input boxes, i wanted the inputs to not just let you input, but know what the hell you are trying to say if you copy and paste something wrong. As of now, my partner Ben has not been online in over 3 months. I do not use facebook much so i signed up and pulled up his page, he hasn't been online. I hope everything is well with him because i have no other way of contact. He lives in the UK and is a great guy. I recently contacted customer service after a temporary suspension and managed to add the remaining balance of collected donations of our paypal account into the server via "Gift". I am in need of some small financial backing. We can discuss the goals and structure of the company/game as well as what possible financial backing could bring into the market for Pure. I am available through telephone, email and messenger, and if need be, written letter. My email address is provided below. Any monetary benefits or otherwise you may require as partial owner can be discussed. Shared copyright ownership for the games development will be offered as well.   I hope to hear from you. Robert Miller [email protected]   On a side-note: the community surrounding this game is awesomely nice. There is no flaming that happens, it just for some reason, i cant explain it, has a natural positiveness all over it and the users are always eager to offer ideas and track down possible bug scenarios.

Ok, so my question is this. How can i convert a php timestamp time() to javascripts new Date function. The reason is because, new Date gives the users time. Php gives the server time. The server time is what i want. I understand i could rewrite my entire timing system in javascript to the timezone the server is in, but maybe you know the way without rewriting my javascript functions completely when the server changes

Great replies! Thanks Danny, and Bluegman, i had no idea thanks for sharing the information (especially about the 32bit and 64bity machines, had no clue)! Lucky, i think i will start using the ctype method i previously never used before. Edit: about the bbcode on this forum Bluegman, you can do the phrase noparse after the php code like this [noparse] [noparse]<?php echo 'Hello World!'; ?>[/noparse][/noparse]   To provide that example i did noparse twice so you could see my bbcode, it would return like this   [noparse]<?php echo 'Hello World!'; ?>[/noparse]   The noparse is cool to stop the conversion of smilies, and the removal of the part of the script that stops you from typing in a long string of characters by entering in a space ever so often

I would like to better secure my script. Man i am just a person like you and sometimes a mistake is made. I suppose i could install vBulletin (this forum) and look at how they secure the user input (but is vBulletin secure?), i am sure it is snugly nestled as one function somewhere in a folder. Maybe Alan would post it. The point is (theres a point?), everyone has this question and it always requires a massive explanation, and almost certainly on every forum, an argument. I know that no matter how secure i think my script is, i am not cocky enough to not want to learn and better secure my applications. So really, truly and honestly without any flaming or laughing at anyones methods, post an example of you yourself cleaning a variable on your own application. Maybe in the process, we can learn from real examples and maybe help / teach each other along the way. :) My example (i am assuming your running mysql_real_escape_string on input already): Well i needed my users to be able to control where the icons moved along the screen and save where the icon had landed. Easy enough, later when updating my own code i thought that somehow the icon position update when it landed could be manipulated. I was expecting digits between 1 (which would be the top left edge of the screen) all the way up to 1900+ depending on screen size (could be bigger).   $pos=($_GET['p'] * 1); if($pos =< 1) $pos=1;   $pos stands for the input i was receiving from the user via ajax. What i am asking the script to do is multiply this supposed integer by one. If the value of $_GET['p'] is not an integer, or it has a non integer character in front of it, $pos will return zero. Good, thats exactly what i want, i take whatever the user added in and turned it to zero (which i can manipulate). In the next part i ask the script if the $pos variable is smaller than or equal to one (it would almost never be 0 or 1 in my personal situation of this variable, but i digress), if it is smaller or equal to one, that i say yup, you are one, so if the variable is -5345 * 1 = -5345 * 0 = 0, nope, it equals one. In this situation if a user enters input arbitrarily with the ajax, as far as i can tell, its fully secure, but probably not (refer to first paragraph).

Thank you bluegman991 for doing tests against the post i made instead of just assuming it fails. I really felt like i was being attacked for sharing my method. I always thought i was using classic php methods that are able to suit most peoples needs. I guess i expected Danny to exclaim how the code is bad without providing his own examples. Shame really. Thanks again bluegman991, i must say that the script is not for everyone, as my original post says, you need to modify it to fit your needs as i did mine a year or two back. To the above reply, spool through this thread for some good code from all of us, a few people mentioned using the ctype function, you can also multiply any expected positive number variable by 1 to confirm if its a digit, you can preg_match it as well. If you put all php aside and just think logically mathematically what you could do to confirm its a number, add one digit and than subtract a digit, this automatically removes any character input after any integers, if it starts with a character input instead of integer, it returns 0, unless the number 0 is a real common thing in your script, you could deny if its zero. It can depend on the situation alot of times. To really really answer your question, there is no inherit php function that automatically cleans all your variables, although i sure wish there was.

I guess everyone has been telling their users "Hey hey hey, please dont enter a number bigger than 50 on that box." before you came along and showed us the way of validation! just kidding :)

If you are just going to try and filter the data based on what is in the array, why not like this addition to the original post i made   function sanitize( &$data, $whatToKeep ) { $data = array_intersect_key( $data, $whatToKeep ); foreach ($data as $key => $value) { $data[$key] = sanitizeOne( $data[$key] , $whatToKeep[$key] ); } }   In this example we will assume the get is   Array ( [id] => blabla77 [name] => John [variable1] => somedata [variable2] => somedata )   Now to run a quick filter on this input   sanitize($_GET, array( 'id'=>'int', 'name' => 'str') );   We end up with   Array ( [id] => 77 [name] => John )   So tell me how this is wrong or different from what the OP wants or needs? I am sure i did something horribly wrong that gives Danny more points to his magic scoreboard

Danny, my users can enter in as many negative digits they want anywhere in any input except the one place where i dont want them to, the bank account, so i would not change the class completely, rather i add that in to my code where i want to block it. I think your magic scoreboard is a little off... ?....?!?? !?? In a very nice and fluent way, you have told us that we should confirm a users input and make sure it is in certain ranges of what you expect it to be. Isn't this already EXTREMELY common knowledge, i mean, of course if you have an input that only needs 100-1000 you would secure it this way. I think what the OP is looking for is not a rehash of, "dont let your visitors enter in negative digits" and "if you want them to not enter in 100 dont let them", i think what he was looking for is help securing user submitted data, although your scripts above do confirm that data actually had been entered, as you stated there is no security. Until i gave your reply a good look over i assumed what everyone else is, now i see it looks like a show-off reply with no actual answer on how to secure the variables that the user is inputting. I get a way of validating an integer input as well, if($var < 1){ ##either is not a number, or is smaller than one } success, and in one line.

  In none of my inputs are you able to do that silly nonsense, that is obviously the first thing to block and is as easy as if($var <1 ){ fuck you }

it returns negative ..... Danny 0 - 1 Runthis edit: can you explain the situation in which you are asking the user to enter in a negative number?

You are saying that everyone here secures variables one at a time? That seems like an inefficient waste of time and space. If i wanted to secure a single variable against all attacks, what would be your suggestion whilst still preserving the original text? or maybe you could show me your test in which the script i provided fails.

?? Literally makes it easier ... I fail to see why it does not. Uses classic php methods to clean a variable in one line .... Maybe i missed the memo or the easier method than $var=santizeOne($var) ?

Contrary to the post directly below this one, this is a fast and easy way to never have to worry about xss,sql injections. This is a common script and should be updated to suit your own needs. For instance in my version, several of the cases have been combined into one line and sql escape added to some of the cases Use: for integer = $var=sanitizeOne($var, 'int'); for query = $var=sanitizeOne($var, 'sql'); for nohtml = $var=sanitizeOne($var, 'nohtml'); for evenmore = $var=sanitizeOne($var, 'plain'); best security $var=sanitizeOne($var, 'sql'); $var=sanitizeOne($var, 'plain');     function sanitizeOne($var, $type) { switch ( $type ) { case 'int': // integer $var = (int) $var; break; case 'str': // trim string $var = trim ( $var ); break; case 'nohtml': // trim string, no HTML allowed $var = htmlentities ( trim ( $var ), ENT_QUOTES ); break; case 'plain': // trim string, no HTML allowed, plain text $var = htmlentities ( trim ( $var ) , ENT_NOQUOTES ) ; break; case 'upper_word': // trim string, upper case words $var = ucwords ( strtolower ( trim ( $var ) ) ); break; case 'ucfirst': // trim string, upper case first word $var = ucfirst ( strtolower ( trim ( $var ) ) ); break; case 'lower': // trim string, lower case words $var = strtolower ( trim ( $var ) ); break; case 'urle': // trim string, url encoded $var = urlencode ( trim ( $var ) ); break; case 'trim_urle': // trim string, url decoded $var = urldecode ( trim ( $var ) ); break; case 'telephone': // True/False for a telephone number $size = strlen ($var) ; for ($x=0;$x<$size;$x++) { if ( ! ( ( ctype_digit($var[$x] ) || ($var[$x]=='+') || ($var[$x]=='*') || ($var[$x]=='p')) ) ) { return false } } return true; break; case 'pin': // True/False for a PIN if ( (strlen($var) != 13) || (ctype_digit($var)!=true) ) { return false; } return true; break; case 'id_card': // True/False for an ID CARD if ( (ctype_alpha( substr( $var , 0 , 2) ) != true ) || (ctype_digit( substr( $var , 2 , 6) ) != true ) || ( strlen($var) != 8)) { return false; } return true; break; case 'sql': // True/False if the given string is SQL injection safe // insert code here, I usually use ADODB -> qstr() but depending on your needs you can use mysql_real_escape(); return mysql_real_escape_string($var); break; } return $var; }

  Wouldn't it be more plausible and smaller code where you dont have to perform a fetch if you did it like this   $sql=("SELECT id FROM users WHERE userid=$id AND die_time<$time LIMIT 1"); $n=mysql_num_rows($sql); if($n == 0){ ##do nothing of course }else{ echo "you are dead"; }   or even better with using sessions to display and queries to update update/ add time runyourquery($timetoadd); $_SESSION['die_time']=($_SESSION['die_time'] + $timetoadd);   update/ remove time runyourquery($timetoadd); $_SESSION['die_time']=($_SESSION['die_time'] - $timetoadd);   check time / no query   if($_SESSION['die_time'] < time()){ echo "You are dead"; }

Hey TomW. The best way you can go (for me atleast) is a php timestamp that is being translated by javascript, You do not want to have the user check the database to see if a second has passed (especially if 100 users are playing, just for a timer to countdown that is 100 queries a second. The best way is when the page loads, the php timestamp is given to javascript and javascript counts down on its own. Even if the user disables javascript you still have the original times in the database and this would update on the next page load (get it?). Crons probably are not needed in this situation. Just some classic php timestamps, some javascript and maybe a simple ajax call when the timer hits 0 and they are still online. A cron actually might be necessary to kill the dead users if your entire game is ajax. If its just a regular old click and page reloads kind of game, you shouldnt need any crons. Important Note: If you take the other advice and do not use javascript, your users would refresh the page over and over to watch the time move. its better just to have a simple 3 or 4 line javascript to countdown your timestamp

Back when i first started coding and was worried about security, i looked up everything i could and made a function in which you can clean a variable or an array and choose the way to clean it (sql, html, bbcode, etc). Anyway chances are alot of people have made this kind of thing. A great way to get nothing but an integer is to do $var=($var * 1); if $var is not an integer it will return 0, the only drawback is if your dealing in negative numbers it will reverse the flow

Sorry :( danny for putting the email, i assumed you have several emails, but hey, most times people dont say anything, atleast i did before your account got shut down :)

<solved> .<solved> .