chaoswar4u

With the example from crimegroup.com ive come up with the following -     // Security fix $st=(ctype_digit($_GET['st']) AND isset($_GET['st']) ) ? $_GET['st'] : 0; $by=$_GET['by'] = ( isset($_GET['by']) AND in_array($_GET['by'], array('userid', 'username', 'level', 'gender')) ) ? $_GET['by'] : 'userid' ; $ord=$_GET['ord'] = ( isset($_GET['ord']) AND in_array($_GET['ord'], array('asc', 'desc')) ) ? $_GET['ord'] : 'asc' ; // End     Seems to work for me. Please post below if something can be improved upon.

Many thanks for the feedback on this people. Lol seems to have made an impact.

Hi. I require alittle help on how to secure userlist.php.   The following -   $st=($_GET['st']) ? $_GET['st'] : 0; $by=($_GET['by']) ? $_GET['by'] : 'userid'; $ord=($_GET['ord']) ? $_GET['ord'] : 'asc';   ultimatly can be injected to effect the following query -   $q=$db->query("SELECT u.*,g.* FROM users u LEFT JOIN gangs g ON u.gang=g.gangID ORDER BY $by $ord LIMIT $st,100");   Can anyone provide a clear method on how to secure this setup without effecting the sort options on userlist.php in mccodes v2.   Many thx in advance for any help.

Basic any items that have an effect enabled.

Im aware of that method but im looking for something more integrated so it takes into account any item I add to my mccodes v2 game. If that is indeed possible.

Well amongst fixing everything that is annoying with mccodes v2 I come to my next issue. Has any one tried or now how to resolve the issue. A member uses an item made and if say that items effect is already at 100% or say its an hospital item and you use it but not even in hospital. Is there an effective way that will take all items into account (v2 system) to ensure that if a value is at 100% etc that the item comes up with x item is already at 100% etc. I would post the code but I dont know if I will get spanked for using the whole of mccodes v2 source code and posting here for review.   Any insight would be cool. Regards Chaos

HI sorry. Was assuming everyone has the file to check this.   The queries I refer to are -     global $jobquery, $housequery; if($jobquery) { $is=$db->query("SELECT u.*,us.*,j.*,jr.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid LEFT JOIN jobs j ON j.jID=u.job LEFT JOIN jobranks jr ON jr.jrID=u.jobrank WHERE u.userid=$userid"); } else if($housequery) { $is=$db->query("SELECT u.*,us.*,h.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid LEFT JOIN houses h ON h.hWILL=u.maxwill WHERE u.userid=$userid"); } else { $is=$db->query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid"); } $ir=$db->fetch_row($is);     Can these queries be improved. Thet are usally in effect the most so if any performance can be gained I wish to take it.

Well im on a mission of reducing my server load and come to the globals.php.   Ive reduced query load by making the queries better via the header.php alone however is there anything that can be done in globals.php.   The queries in globals run every page load so Im after gaining some more performance. I dont see anything that can be done myself but I may have missed something. Can the existing queries be better constructed???   Any info would be great.   Many thx Chaos

Works a treat! Thx MD

I would say this is the $IP variable hack. Simple search of the forum here will show a multitude of fix methods for this.

Re: Mccodes v2 need help Well hes great at harassment. Anyone that does any deal with this noob will live to regret it.

Re: [MMCODES V2] HACKING ATTEMPTS LOGGED Hey, I think mods from both people are very helpful, however my current issue is pointed to PHP Scene. Great mod by the way. Ive had a mess around with it as I require this mod to also log SQL injection attempts. This would then be a great way to locate affected files that are being abused. The only issue is the IF statement does not seem to work correctly. For normal query errors it works fine however if you chuck in a SQL injection it still gives the message error reported however it does not submit anything to the database. This has been tried with an empty DB also. I tried to make the code more accurate by using - $_SERVER['REQUEST_URI']; however still does not allow the IF statement to work correctly. Any ideas?

Well I thought its about time to have a mailing system in place for when a member goes inactive however Im faced with a problem that im unsure how to tackle. Im well aware that I can make a system that will Email say people who go inactive over a set amount of time however this is an issue if I wish to Email loads of people that come under this criteria. What im trying to do is send mass Email to utilize some free advertising to members who are inactive for x amount of time however this needs to be done on a databse of about 6000. My problem is a simple timestamp search will have the server try to send mass Emails all at once which in time causes the PHP script to timeout. Is there a method I can use to do this task more effectivly. Many thx in advance for any help.

Re: FlashChat 4.7 Auto Login?   Wrong, viewsource show's the hidden field's. @ chaoswar4u, the password field for flashchat is only for admin's therefor, remove the password bit and it will only use the username.. Simple as That. The password entry is needed as I plan to have flashchat intergrated to my username / password field. Hence why I require a method to keep these details hidden.

Re: FlashChat 4.7 Auto Login? <font color=silver>Chat Room</font> Heres my issue with this. The information is displayed in the address bar. Yes the password is in the form of MD5 however on lookers of a member may decide to take this information on the basis of decrypting the MD5 and accessing the account. Would there be a way to make this information not shown or a better way to auto login flashchat behind the scenes.

Re: How good CronWerks/Cronus is Strange that when I purchased the newspaper mod that had bugs I submitted a support ticket and got a responce of that its my fault and ive not installed it correctly. Then today months later I get an email saying - As many know, the newspaper mod sold here on cronwerks had a few errors. Those have now all been squashed. If you have already purchased, download a new copy by going to the download link given to you on your original purchase. We apologize for the long wait for a fix. Not bad to say it was my fault last time.

Re: How good CronWerks/Cronus is LMAO :mrgreen: I grow tired of these posts regarding Cronus and really the bad feedback in my opinion is true. So ill just stick my feedback in. As ive seen with alot of posts you get the reply (Submit a ticket to get support). Great, no problem if Cronus didnt just do the normal replies and excuses such as it works for me or its for V1 etc etc. I see what hes trying to do here with his little venture however I smell EPIC FAILURE. Conflicts between his methods are growing ever greater and he never changes his attitude to rectify the situation. Bottom line as long as hes got his money from you the customer is always WRONG. Proceed at you own risk I say.

Re: How much bandwidth does your game use? 100 - 125 Gig PM www.chaoticwars.co.uk

Re: FlashChat 4.7 Auto Login? Hi, Haunted via MSN shown me the way and works great. Here it is - print "<a href='flashchat_v4712/chat/flashchat.php?username=".$ir['username']."&lang=undefined>"; Thx haunted. :-D

Hi. Im aware that flashchat can have an auto login method. Does anyone here no what modifications need to be done etc. Willing to pay for this. Please post here or email me [email protected] Many thx in advance for any help that can be provided.

Re: [mccode lite / V1] Basic Forums   I am a 17 year old dyslexic coder :mrgreen: Doomed before you start bro LMFAO

Re: Important Security Issue For All McCode Owners ! Ive looked into this issue. The fix posted at the very start solves the issue. As for ones that are not protected. Im no hacker but gee god help the un-protected!!!!! Effects very but needless to say you can add anything to the amount you have. Example would be max money / crystals etc.

Re: [mccode] BLIP Tables (Blocked IPv4 Addresses by CIDR) Has anyone manged to get this working correctly. Ive tried this and everything seems to work fine until you add an IP. The whole site then gets blocked. Now before its stated that ive filled the information incorrectly and thats why it blocked the whole site I fail to see why. Ive used nyna example to just ban one IP address and just adding that 1 IP bans all IPs. Anyone managed to solve this issue? I see some have had the same issue in here however that was blaimed for incorrect installation. If anyone has had this issue and can help resolve it than I give you many thx in advance for any help that you can provide.

Re: MDShare's mod recomendation from general discussion (item sales graphs) Works great. Alittle tweaking to run V2 but great mod.

Re: mccodes License Just ask for proof of payment. If they cant provide then thats everything you need to know :mrgreen: