chaoswar4u

Id be willing to provide hosting for members that need it for an arranged fee. Fee depends on resources needed. Been running my server for over 5 years and runs smoothly. Support for 1 minute crons or any other time available. Latest cPANEL interface provided. Interested contact me via email - [email protected]

Well I have a few scripts I have purchased down the line and no longer have use for. So Im offering them for sale here. They come fully licensed and accounts will be transfered to new owners. Scripts - 1) phpArcadeScript - Original price $45.00 - Will sell for $30.00 (33% Discount). Allows you to make an online arcade site. Has advertising management and the works. Also can be provided with a domain name and can be hosted or installed for an arranged fee. 2) Arrowchat - Original price $45.00 - Will sell for $30.00 (33% Discount). This adds a chat bar to your website in facebook style. You can add all sorts of links whilst running live global chat on your site. Supports private messaging. If anyone is interested please contact me via email - [email protected] Please note these are 100% legal and proof of purchase will be supplied.

Well I didnt really like the idea of making another file just for this so I decided to rob the idea from the delete user method. Unsure if there would be an issue but this is it, Seems to work ok.   Find     if($r['effect1_on']) { $einfo=unserialize($r['effect1']); if($einfo['inc_type']=="percent") {     Add above     switch ($_GET['step']) { default: echo "<h3>Items</h3> Are you sure you want to use the item {$r['itmname']}? <form action='itemuse.php?ID={$_GET['ID']}&step=2' method='post'> <input type='submit' value='Confirm' /></form>"; break; case 2:     Then add a } at the bottom of the script. Job done.

Gee we are all screwed nothing works. Not telling me this issue has not been resolved anywhere.   TC seems to have it patched.   They seem to have it where if its an image it works as normal bit if you enter a .php it kill the bb tag and loads just the text.   Any help to anyone to resolve this?

To me it does not check nothing.   It executes the same as normal including none images.

Unless im doing it wrong Dayo it does not work.

Dayo your a star my friend.   Ill look forward to you reply with the fix on it.

I fixed the parse error on your example CrimGame however all it does is make all the images show as text.

Parse error :(

Lines needed to be secured. $text = preg_replace("/\/", "", $text); $text = preg_replace("/\[img\](.+?)\[\/img\]/", "", $text);

Can someone please post a fix to this.   To be honest ive spent hrs on the internet. Everyone has the issue and not one place ive been to offers an effective fix.

Well id like to thank everyone for there help on this however im yet to come up with anything that im happy with.   Ive tried the getimage size method but as I expected kills the whole signature.   I chose to mess around with Seany Bobs method.   I thought about using the following -   $text = str_replace(array(".php" , ".html", ".htm"), array("", "", ""), $text);   Im unsure if this is a good way to go.   It seems to resolve the linking issue. I will no doubt change the file that usally gets exploited for giving staff powers to people who exploit such a bug for extra security.   I did this awhile ago but due to past issues ive removed the and tags. The tag is a pain in the arse in general. Not only the issue with setting as admin on clicking on there profile but with members setting out links for normal actions to be made by any member. The email tag I removed due to a wierd bypass I had sometime ago where they used a redirect using them tags to do site actions also. I think the fix above may have stopped this anyway however I dont think the codes are required. Does this above example break any of the BBCODE that anyone can see. Thoughts and improvements welcome.

Thanks to Immortalthug trying his tricks on my site the logs showed me all his methods and some bugs fixed. I would say Immortalthug to ask in future before messing around on my site, unless your intent was to cause chaos, then as they say what goes around comes around. Be careful with this dude people! This issue im unsure on resolving is my forums and profile signatures. They indeed use BBCODE which has security issues that link to the session hijacking exploit. Im aware of the methods and have them implemented regarding verifing a single image but unsure of the most effective way to secure a forum or profile sig that contains multiple images. Most of which use the tag and of which is used to exploit the session hijacking. Yes I could disable this tag but would also disable 75% of all sigs on my site that contain images. Im aware that I could change the file that is always exploited however id prefer to stop the exploit direct. Does anyone have any advice to resolve this issue. Many thanks in advance. Chaos

For the most accurate results use decimal as suggested as small percentage increases at say level 1 will not work due to the figure being low thus being rounded off to zero.   If set to store as decimal will store the figure exactly.

Thanks fbiss worked that time. Just to ask though. Is there any security issues with doing such a thing?

Gee ive tried every example on here and not one has worked. Please test before posting to ensure it works. If any example here does work then please say so as it then could be a fault my end.

Still cannot get this to work.   All I can manage to do is get it to session one result but not the combonation of the limit 3 results. e.g top 3 members.   Any ideas folks??

No dont work.

No dont work.

In my attempt to reduce server load im now down to my last issue. I have a few things that are loaded via the header thus every page load a query is loaded per addional info.   I wanting to get this information updated via the use of sessions but unsure how to go about it.   Here is 1 or the queries that load.     $fivgz=$db->query("SELECT gangNAME, gangID FROM gangs ORDER BY gangRESPECT DESC LIMIT 3"); while($r=$db->fetch_row($fivgz)) { print "[size=1]<a href='gangs.php?action=view&ID={$r['gangID']}'>{$r['gangNAME']}<a> [/size]";[code]   Im still unsure if the limits regarding sessions and the like.   How would you session this. I have the updates part sorted as per the help from fbiss on a past post however im stuck on this. The main reason is the query pulling a limit 3. All my attempts have failed with just showing one session result and not the 3 that are required.   Many thanks in advance for any help.

Thanks for the reply fbiss.   With the code you provided it helped me to resolve the issue. I run mccodes v2. The get rank query has been left as standard and not changed to your example as not required.   Ive done the following edits.   In gym.php add above stats -     // Session resolve to reduce query load from mass training if($_SESSION['granktime'] < time()) { $_SESSION['strank'] = get_rank($ir['strength'],'strength'); $_SESSION['agirank'] = get_rank($ir['agility'],'agility'); $_SESSION['guarank'] = get_rank($ir['guard'],'guard'); $_SESSION['labrank'] = get_rank($ir['labour'],'labour'); $_SESSION['granktime'] = time()+60; } // End     Then update the select menu so that that rank comes from the query.     <option style='color:red;' value='Strength'>Strength (Have {$ir['strength']}, Ranked {$_SESSION['strank']}) <option style='color:blue;' value='Agility'>Agility (Have {$ir['agility']}, Ranked {$_SESSION['agirank']}) <option style='color:green;' value='Guard'>Guard (Have {$ir['guard']}, Ranked {$_SESSION['guarank']}) <option style='color:brown;' value='Labour'>Labour (Have {$ir['labour']}, Ranked {$_SESSION['labrank']})     Seems to work ok this end. When I click my gym first it has 17 Query and when the sessions are set it drops to 11 Query until 60 seconds session update. This can be set to what ever you like.   Thanks fbiss for your method. Helped to construct my resolution. :P

fbiss could you supply me with an example. To be honest ive spent all day on getting this to work and getting no where. Im unsure if I over analising this and making it much harder than it actually is.

Can the following 2 queries be merges as one -     $db->query("UPDATE users SET energy=maxenergy WHERE userid=$userid AND test1 > 0 "); $db->query("UPDATE users SET will=maxwill WHERE userid=$userid AND test2 > 0 ");     As you can see they both have different where claues. Is there a mehod to merge the query but still obtain the same goal?   Any help as always has many thanks in advance.

Hi. I run a very high competitve game. Training is key but ive also notice that the gym is killing my server load just on the ranks part. (Many that use the F5 and enter method)   If I was to remove the ranks code from the gym I would save myself 4 queries and my server load would be perfect but with it running it pathetic so Ive come to ask for the community for alittle help to try and resolve this issue for me and fellow gamers.   As per page load the following is called. Each one generating a query.     $ir['strank']=get_rank($ir['strength'],'strength'); $ir['agirank']=get_rank($ir['agility'],'agility'); $ir['guarank']=get_rank($ir['guard'],'guard'); $ir['labrank']=get_rank($ir['labour'],'labour'); $ir['fitrank']=get_rank($ir['fitness'],'fitness'); $ir['weaponrank']=get_rank($ir['weaponskill'],'weaponskill');     The get rank pulls from the global_func.php with the following -     function get_rank($stat, $mykey) { global $ir,$userid,$db,$c; $q=$db->query("SELECT count(*) FROM userstats us LEFT JOIN users u ON us.userid=u.userid WHERE us.$mykey > $stat AND us.userid != $userid AND u.user_level != 0") ; return $db->fetch_single($q)+1; }     Can either the way the rank is pulled be optimised any better or is there another method to drag the rank without mass queries for such a small job. Pulling 1 query per rank is not acceptable to me but I would like to resolve the issue with some better coding than remove it from the gym page.   Many thanks in advance for any help that can be provided.

Oh my bad lol.