chaoswar4u

Id be willing to provide hosting for members that need it for an arranged fee. Fee depends on resources needed. Been running my server for over 5 years and runs smoothly. Support for 1 minute crons or any other time available. Latest cPANEL interface provided. Interested contact me via email - [email protected]

Well I have a few scripts I have purchased down the line and no longer have use for. So Im offering them for sale here. They come fully licensed and accounts will be transfered to new owners. Scripts - 1) phpArcadeScript - Original price $45.00 - Will sell for $30.00 (33% Discount). Allows you to make an online arcade site. Has advertising management and the works. Also can be provided with a domain name and can be hosted or installed for an arranged fee. 2) Arrowchat - Original price $45.00 - Will sell for $30.00 (33% Discount). This adds a chat bar to your website in facebook style. You can add all sorts of links whilst running live global chat on your site. Supports private messaging. If anyone is interested please contact me via email - [email protected] Please note these are 100% legal and proof of purchase will be supplied.

Well I didnt really like the idea of making another file just for this so I decided to rob the idea from the delete user method. Unsure if there would be an issue but this is it, Seems to work ok.   Find     if($r['effect1_on']) { $einfo=unserialize($r['effect1']); if($einfo['inc_type']=="percent") {     Add above     switch ($_GET['step']) { default: echo "<h3>Items</h3> Are you sure you want to use the item {$r['itmname']}? <form action='itemuse.php?ID={$_GET['ID']}&step=2' method='post'> <input type='submit' value='Confirm' /></form>"; break; case 2:     Then add a } at the bottom of the script. Job done.

Gee we are all screwed nothing works. Not telling me this issue has not been resolved anywhere.   TC seems to have it patched.   They seem to have it where if its an image it works as normal bit if you enter a .php it kill the bb tag and loads just the text.   Any help to anyone to resolve this?

To me it does not check nothing.   It executes the same as normal including none images.

Unless im doing it wrong Dayo it does not work.

Dayo your a star my friend.   Ill look forward to you reply with the fix on it.

I fixed the parse error on your example CrimGame however all it does is make all the images show as text.

Parse error :(

Lines needed to be secured. $text = preg_replace("/\/", "", $text); $text = preg_replace("/\[img\](.+?)\[\/img\]/", "", $text);

Can someone please post a fix to this.   To be honest ive spent hrs on the internet. Everyone has the issue and not one place ive been to offers an effective fix.

Well id like to thank everyone for there help on this however im yet to come up with anything that im happy with.   Ive tried the getimage size method but as I expected kills the whole signature.   I chose to mess around with Seany Bobs method.   I thought about using the following -   $text = str_replace(array(".php" , ".html", ".htm"), array("", "", ""), $text);   Im unsure if this is a good way to go.   It seems to resolve the linking issue. I will no doubt change the file that usally gets exploited for giving staff powers to people who exploit such a bug for extra security.   I did this awhile ago but due to past issues ive removed the and tags. The tag is a pain in the arse in general. Not only the issue with setting as admin on clicking on there profile but with members setting out links for normal actions to be made by any member. The email tag I removed due to a wierd bypass I had sometime ago where they used a redirect using them tags to do site actions also. I think the fix above may have stopped this anyway however I dont think the codes are required. Does this above example break any of the BBCODE that anyone can see. Thoughts and improvements welcome.

Thanks to Immortalthug trying his tricks on my site the logs showed me all his methods and some bugs fixed. I would say Immortalthug to ask in future before messing around on my site, unless your intent was to cause chaos, then as they say what goes around comes around. Be careful with this dude people! This issue im unsure on resolving is my forums and profile signatures. They indeed use BBCODE which has security issues that link to the session hijacking exploit. Im aware of the methods and have them implemented regarding verifing a single image but unsure of the most effective way to secure a forum or profile sig that contains multiple images. Most of which use the tag and of which is used to exploit the session hijacking. Yes I could disable this tag but would also disable 75% of all sigs on my site that contain images. Im aware that I could change the file that is always exploited however id prefer to stop the exploit direct. Does anyone have any advice to resolve this issue. Many thanks in advance. Chaos

For the most accurate results use decimal as suggested as small percentage increases at say level 1 will not work due to the figure being low thus being rounded off to zero.   If set to store as decimal will store the figure exactly.

Thanks fbiss worked that time. Just to ask though. Is there any security issues with doing such a thing?