Jump to content
MakeWebGames

Newbie

Members
 View Profile  See their activity

  • Posts

    289

  • Joined

  • Last visited

  • Days Won

    3

 Content Type 

Everything posted by Newbie

  1. Newbie
    Looking much better your getting there :) only thing i dont like is the color of the text good job
  2. Newbie
    i had a set up of ravens script and it is mccodes v2 he has gone through every file and edited it some but its defiantly mccodes v2
  3. Newbie
    goto phpmyadmin type in TRUNCATE TABLE "table name goes here" in case you did not understand here is a example TRUNCATE TABLE users make sure you get the others too "mails" and any others you find
  4. Newbie
    wow goto say that the host is terrible i have 2$ hosting and it runs better than this Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/thugpara/public_html/oc.php:1) in /home/thugpara/public_html/oc.php on line 3 might want to look at that
  5. Newbie

    Gta

    Newbie replied to Newbie's topic in Free Modifications

    Thanks yeh i seen it on gl and bunch of other scripts so i decided to try and make it for mccodes as never seen it done never quite turned out the way i wanted but will deffo put more work into it .
  6. Newbie

    Gta

    Newbie replied to Newbie's topic in Free Modifications

    if he wanted to read is so bad he could of done it himself sure it doesn't take to long :rolleyes:   Oh btw thanks :P
  7. Newbie
    i do have a license i also have a copy of the new v2.b but i said above the code is to complicated for me used to the old version and i don't like the way they done the staff files meaning i would need to add it in from all the database. Feel free to ask Coldblooded there was a mess up on my behalf i added the money to my account on mccodes.com then realized that the cash was to be done through paypal so i contacted cold and we spoke he took the money from my account and then added the license to my account but it wouldn't show so i sent him a screenshot and he send me codes manually Client Email: [email protected] domain name: crimeland.org EDIT: Probz just do it all on older version and transfer the database over this topic can be closed and your still welcome to check my license info is there
  8. Newbie
    Hello all been doing some research on securing the basic unsecured files in mccodes like cmarket $_GET['ID'] = abs((int) $_GET['ID']); would fix that problem i have been looking at the codes for mccodes v2.b and was wondering if it was better to secure each function like they have i am running a older version of mccodes as the vb seems bit complicated for me and would have to go through most staff files and edit bits to get it to work the crimes i managed to get that done due to the help of djkanna and that other topic but couldnt understand some of the other files.(ok back on topic) also is it better to secure it the way they have? $_GET['ID'] = abs((int) $_GET['ID']); <-- is there a way to bypass this as its written diffrent in v2.b or do they both do the same job thanks Steve
  9. Newbie
    ok made a few changes changed php self and made it named file as i read php self is insecure added table and $ sign Still not fixed the user betting against himself 5050.php <?php // BAH - isomerizer.com/ require_once("globals.php"); class chance extends headers { public $error = array(); public $minbet = 1; public $maxbet = 1000; public $maxgames = 10; public function _back() { echo ' <a href="5050.php">Back</a>'; } public function _errors($error) { if (!empty($error)) { echo'The following errors occured'; foreach ($error as $er) { echo ' '. $er; } unset($error); $this->_back(); $this->endpage(); exit; } } public function _fetchUser($col) { $SQL = sprintf("SELECT `". $col ."` FROM `users` WHERE `userid` = %u", $_SESSION['userid']); $exe = mysql_query($SQL); $fetch = mysql_fetch_array($exe); return $fetch[$col]; } public function _add() { if(isset($_POST['submit'])) { if (preg_match("/[^0-9]/i", $_POST['amt'])) { $this->error[] = 'Amount must be numeric'; } if($_POST['amt'] < $this->minbet) { $this->error[] = 'The minimum bet is '. $this->minbet; } $SQL = sprintf("SELECT COUNT(`logID`) amount FROM `chance` WHERE `userID` = %u AND `active` = 1", $this->_fetchUser('userid')); $exe = mysql_query($SQL); $check = mysql_fetch_array($exe); if($check['amount'] >= $this->maxgames) { $this->error[] = 'There is a maximum of '. $this->maxgames; } if($_POST['amt'] > $this->_fetchUser('money')) { $this->error[] = 'You cannot afford that amount.'; } $this->_errors($this->error); $SQL_2 = sprintf("UPDATE `users` SET `money` = `money` - %u WHERE `userid` = %u", $_POST['amt'], $this->_fetchUser('userid')); mysql_query($SQL_2); $SQL_3 = sprintf("INSERT INTO `chance` (`logID`, `userID`, `amount`, `active`) VALUES (NULL, %u, %u, 1)", $this->_fetchUser('userid'), $_POST['amt']); mysql_query($SQL_3); echo 'Your game has been set. Good Luck.<br /> <a href="5050.php">Back to 50/50</a>'; } else { echo 'Adding a game <form action="5050.php?act=add" method="POST"> Cash: <input type="text" name="amt" size="10" maxlength="10" /> <input type="submit" name="submit" value="Add!"></form> « '. $this->maxgames .' games max per user »'; } } public function _view_games() { $SQL = "SELECT t.* , u.username FROM `chance` t LEFT JOIN `users` u on u.userid = t.userID WHERE t.active = 1 ORDER BY t.logID ASC"; $exe = mysql_query($SQL); echo '« <a href="5050.php?act=add">Add Game</a> » <br /> Table of users awaiting a challenge <table width="75%" class="table"> <th>User</th> <th>Amount</th> <th>Challenge</th> <th>Cancel</th> </tr>'; while($r = mysql_fetch_array($exe)) { echo '<tr> <td><a href="viewuser.php?u='.$r['userID'] .'">'. $r['username'] .'</a> ['. $r['userID'] .']</td> <td>$'. $r['amount'] .'</td> <td><a href="5050.php?act=challenge&ID='. urlencode($r['logID']) .'">Challenge</a></td> <td>'; if($this->_fetchUser('userid') == $r['userID']){ echo '<a href="5050.php?act=cancel&ID='. urlencode($r['logID']) .'">Cancel</a>'; } echo '</td> </tr>'; } echo '</table>'; } public function _challenge() { $SQL = sprintf("SELECT t.*, u.username FROM `chance` t LEFT JOIN `users` u ON t.userID = u.userid WHERE t.logID = %u AND t.active = 1 LIMIT 1", $_GET['ID']); $exe = mysql_query($SQL); $fetch = mysql_fetch_array($exe); if(!empty($fetch['logID'])) { if($fetch['amount'] > $this->_fetchUser('money')){ $this->error[] = 'You cannot afford the challenge amount.'; } if($this->_fetchUser('userid') == $r['userID']){ $this->error[] = 'You cannot accept your own challenge.'; } $this->_errors($this->error); if(mt_rand(1,2) == 1) { $winner = $fetch['userID']; $loser = $this->_fetchUser('userid'); $winnername = $fetch['username']; $losername = $this->_fetchUser('username'); $string = '<font color="red">Sorry, you Lost. Better luck next time.</font>'; $SQL_2 = sprintf("UPDATE `users` SET `money` = `money` - %u WHERE `userid` = %u", $fetch['amount'], $this->_fetchUser('userid')); $SQL_3 = sprintf("UPDATE `users` SET `money` = `money` + (%u * 2) WHERE `userid` = %u", $fetch['amount'], $fetch['userID']); mysql_query($SQL_2); mysql_query($SQL_3); } else { $winner = $this->_fetchUser('userid'); $loser = $fetch['userID']; $winnername = $this->_fetchUser('username'); $losername = $fetch['username']; $string = 'You Won! Congratulations! <font color="green"> You Won '. money_formatter($fetch['amount']) .'!</font>'; $SQL_4 = sprintf("UPDATE `users` SET `money` = `money` + %u WHERE `userid` = %u", $fetch['amount'], $this->_fetchUser('userid')); mysql_query($SQL_4); } event_add($winner, 'The game of '. money_formatter($fetch['amount']) .' challenged by <a href="viewuser.php?u= '. urlencode($this->_fetchUser('userid')) .'">'. $this->_fetchUser('username') .'</a> was won by <a href="viewuser.php?u='.urlencode($winner) .'">'. $winnername .'</a>.', $t); event_add($loser, 'The game of '. money_formatter($fetch['amount']) .' challenged by <a href="viewuser.php?u='.urlencode($this->_fetchUser('userid')) .'">'. $this->_fetchUser('username') .'</a> was won by <a href="viewuser.php?u='.urlencode($winner) .'">'. $winnername .'</a>.', $t); $SQL_5 = sprintf("UPDATE `chance` SET `active` = 0 WHERE `logID` = %u", $_GET['ID']); mysql_query($SQL_5); echo $string; } else{ echo 'This game has either been cancelled or someone played before you got the 5050.'; } } public function _cancel() { $SQL = sprintf("SELECT `amount` from `chance` where `logID` = %u AND `active` = 1", $_GET['ID']); $exe = mysql_query($SQL); $fetch = mysql_fetch_array($exe); if(!empty($fetch['amount'])) { $SQL_2 = sprintf("UPDATE `users` SET `money` = `money` + %u WHERE `userid` = %u", $fetch['amount'], $this->_fetchUser('userid')); $SQL_3 = sprintf("UPDATE `chance` SET `active` = -1 WHERE `logID` = %u", $_GET['ID']); mysql_query($SQL_2); mysql_query($SQL_3); echo 'The game has been cancelled, and your money has been returned.'; } else { echo 'This game has already been canceled, does not exist, or someone already played.'; } } } $cha = new chance(); echo '<br /><h2>50/50 money Game</h2><br />'; switch($_GET['act']) { case 'cancel': $cha->_cancel(); break; case 'challenge': $cha->_challenge(); break; case 'add': $cha->_add(); break; default: $cha->_view_games(); break; } $h->endpage(); ?>
  10. Newbie
    Nice one i was planning on fixing this up but you beat me to it :P saved me the work thanks only noticed 1 thing you forgot to end the page EDIT: found a error Players can match there own bet. player is sent 2 events only if you match your own bet ofc
  11. Newbie
    had to edit a couple parts to get it to work but got there gona need to dig out the rest of the files but if anyone cant figure it out from the above code heres a full working copy of staff crimes   EDIT: Forgot to do the edit crime function :) tested and works fine     <?php /** * MCCodes Version 2.0.5b * Copyright (C) 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: staff_crimes.php * Signature: d6f7b3e08025c35caa54144262d8bafe * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('sglobals.php'); if ($ir['user_level'] != 2) { echo 'You cannot access this area.<br /> > <a href="staff.php">Go Back</a>'; die($h->endpage()); } //This contains crime stuffs if (!isset($_GET['action'])) { $_GET['action'] = ''; } switch ($_GET['action']) { case 'newcrime': new_crime_form(); break; case 'newcrimesub': new_crime_submit(); break; case 'editcrime': edit_crime_begin(); break; case 'editcrimeform': edit_crime_form(); break; case 'editcrimesub': edit_crime_sub(); break; case 'delcrime': delcrime(); break; case 'newcrimegroup': new_crimegroup_form(); break; case 'newcrimegroupsub': new_crimegroup_submit(); break; case 'editcrimegroup': edit_crimegroup_begin(); break; case 'editcrimegroupform': edit_crimegroup_form(); break; case 'editcrimegroupsub': edit_crimegroup_sub(); break; case 'delcrimegroup': delcrimegroup(); break; case 'reorder': reorder_crimegroups(); break; default: echo 'Error: This script requires an action.'; break; } function new_crime_form() { $csrf = request_csrf_html('staff_newcrime'); echo " Adding a new crime.<br /> <form action='staff_crimes.php?action=newcrimesub' method='post'> Name: <input type='text' name='name' /> <br /> Brave Cost (1-9 chars only): <input type='text' name='brave' /> <br /> Success % Formula: <input type='text' name='percform' value='((WILL*0.8)/2.5)+(LEVEL/4)' /> <br /> Success Money (1-9 chars only): <input type='text' name='money' /> <br /> Success Item: " . item2_dropdown(NULL, 'item') . " <br /> Group: " . crimegroup_dropdown(NULL, 'group') . " <br /> Initial Text: <textarea rows='4' cols='40' name='itext'></textarea> <br /> Success Text: <textarea rows='4' cols='40' name='stext'></textarea> <br /> Failure Text: <textarea rows='4' cols='40' name='ftext'></textarea> <br /> Jail Text: <textarea rows='4' cols='40' name='jtext'></textarea> <br /> Jail Time (1-9 chars only): <input type='text' name='jailtime' /> <br /> Jail Reason: <input type='text' name='jailreason' /> <br /> Crime XP Given (1-9 chars only): <input type='text' name='crimexp' /> <br /> {$csrf} <input type='submit' value='Create Crime' /> </form> "; } function new_crime_submit() { global $c, $userid, $db, $h; $_POST['name'] = (isset($_POST['name']) && preg_match( "/^[a-z0-9_]+([\s]{1}[a-z0-9_]|[a-z0-9_])*$/i", $_POST['name'])) ? $db->escape(strip_tags(stripslashes($_POST['name']))) : ''; $_POST['brave'] = (isset($_POST['brave']) && is_numeric($_POST['brave'])) ? abs(intval($_POST['brave'])) : ''; $_POST['percform'] = (isset($_POST['percform'])) ? $db->escape(strip_tags(stripslashes($_POST['percform']))) : ''; $_POST['money'] = (isset($_POST['money']) && is_numeric($_POST['money'])) ? abs(intval($_POST['money'])) : ''; $_POST['item'] = (isset($_POST['item']) && is_numeric($_POST['item'])) ? abs(intval($_POST['item'])) : 0; $_POST['group'] = (isset($_POST['group']) && is_numeric($_POST['group'])) ? abs(intval($_POST['group'])) : ''; $_POST['itext'] = (isset($_POST['itext'])) ? $db->escape(strip_tags(stripslashes($_POST['itext']))) : ''; $_POST['stext'] = (isset($_POST['stext'])) ? $db->escape(strip_tags(stripslashes($_POST['stext']))) : ''; $_POST['ftext'] = (isset($_POST['ftext'])) ? $db->escape(strip_tags(stripslashes($_POST['ftext']))) : ''; $_POST['jtext'] = (isset($_POST['jtext'])) ? $db->escape(strip_tags(stripslashes($_POST['jtext']))) : ''; $_POST['jailtime'] = (isset($_POST['jailtime']) && is_numeric($_POST['jailtime'])) ? abs(intval($_POST['jailtime'])) : ''; $_POST['jailreason'] = (isset($_POST['jailreason']) && preg_match( "/^[a-z0-9_]+([\s]{1}[a-z0-9_]|[a-z0-9_])*$/i", $_POST['jailreason'])) ? $db->escape( strip_tags(stripslashes($_POST['jailreason']))) : ''; $_POST['crimexp'] = (isset($_POST['crimexp']) && is_numeric($_POST['crimexp'])) ? abs(intval($_POST['crimexp'])) : ''; if (empty($_POST['name']) || empty($_POST['brave']) || empty($_POST['percform']) || empty($_POST['money']) || empty($_POST['group']) || empty($_POST['itext']) || empty($_POST['stext']) || empty($_POST['ftext']) || empty($_POST['jtext']) || empty($_POST['jailtime']) || empty($_POST['jailreason']) || empty($_POST['crimexp'])) { echo 'One or more of the inputs seems to of the wrong format, please go back and try again.<br /> > <a href="staff_crimes.php?action=newcrime">Go back</a>'; die($h->endpage()); } staff_csrf_stdverify('staff_newcrime', 'staff_crimes.php?action=newcrime'); if (!empty($_POST['item'])) { $qi = $db->query( 'SELECT COUNT(`itmid`) FROM `items` WHERE `itmid` = ' . $_POST['item']); $exist_check = $db->fetch_single($qi); $db->free_result($qi); if ($exist_check == 0) { echo 'Item you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=newcrime">Go back</a>'; die($h->endpage()); } } $db->query( "INSERT INTO `crimes` (`crimeNAME`, `crimeBRAVE`, `crimePERCFORM`, `crimeSUCCESSMUNY`, `crimeSUCCESSITEM`, `crimeGROUP`, `crimeITEXT`, `crimeSTEXT`, `crimeFTEXT`, `crimeJTEXT`, `crimeJAILTIME`, `crimeJREASON`, `crimeXP`) VALUES('{$_POST['name']}', '{$_POST['brave']}', '{$_POST['percform']}', '{$_POST['money']}', {$_POST['item']}, '{$_POST['group']}', '{$_POST['itext']}', '{$_POST['stext']}', '{$_POST['ftext']}', '{$_POST['jtext']}', {$_POST['jailtime']}, '{$_POST['jailreason']}', {$_POST['crimexp']})"); echo 'Crime (' . $_POST['name'] . ') created.<br /> > <a href="staff.php">Goto Main</a>'; stafflog_add('Created crime ' . $_POST['name']); } function edit_crime_begin() { $csrf = request_csrf_html('staff_editcrime1'); echo " <h3>Editing Crime</h3> You can edit any aspect of this crime. <br /> <form action='staff_crimes.php?action=editcrimeform' method='post'> Crime: " . crime_dropdown(NULL, 'crime') . " <br /> {$csrf} <input type='submit' value='Edit Crime' /> </form> "; } function edit_crime_form() { global $c, $h, $userid, $db; $_POST['crime'] = (isset($_POST['crime']) && is_numeric($_POST['crime'])) ? abs(intval($_POST['crime'])) : ''; staff_csrf_stdverify('staff_editcrime1', 'staff_crimes.php?action=editcrime'); $d = $db->query( "SELECT `crimeXP`, `crimeJREASON`, `crimeJAILTIME`, `crimeJTEXT`, `crimeFTEXT`, `crimeSTEXT`, `crimeITEXT`, `crimeGROUP`, `crimeSUCCESSITEM`, `crimeSUCCESSMUNY`, `crimePERCFORM`, `crimeBRAVE`, `crimeNAME` FROM `crimes` WHERE `crimeID` = {$_POST['crime']}"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Crime doesn\'t seem to exist.<br />> <a href="staff_crimes.php?action=newcrime">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $csrf = request_csrf_html('staff_editcrime2'); echo " <h3>Editing Crime</h3> <form action='staff_crimes.php?action=editcrimesub' method='post'> <input type='hidden' name='crimeID' value='{$_POST['crime']}' /> Name: <input type='text' name='crimeNAME' value='{$itemi['crimeNAME']}' /> <br /> Brave Cost: <input type='text' name='crimeBRAVE' value='{$itemi['crimeBRAVE']}' /> <br /> Success % Formula: <input type='text' name='crimePERCFORM' value='{$itemi['crimePERCFORM']}' /> <br /> Success Money: <input type='text' name='crimeSUCCESSMUNY' value='{$itemi['crimeSUCCESSMUNY']}' /> <br /> Success Item: " . item2_dropdown(NULL, 'crimeSUCCESSITEM', $itemi['crimeSUCCESSITEM']) . " <br /> Group: " . crimegroup_dropdown(NULL, 'crimeGROUP', $itemi['crimeGROUP']) . " <br /> Initial Text: <textarea rows='4' cols='40' name='crimeITEXT'>{$itemi['crimeITEXT']}</textarea> <br /> Success Text: <textarea rows='4' cols='40' name='crimeSTEXT'>{$itemi['crimeSTEXT']}</textarea> <br /> Failure Text: <textarea rows='4' cols='40' name='crimeFTEXT'>{$itemi['crimeFTEXT']} </textarea> <br /> Jail Text: <textarea rows='4' cols='40' name='crimeJTEXT'>{$itemi['crimeJTEXT']} </textarea> <br /> Jail Time: <input type='text' name='crimeJAILTIME' value='{$itemi['crimeJAILTIME']}' /> <br /> Jail Reason: <input type='text' name='crimeJREASON' value='{$itemi['crimeJREASON']}' /> <br /> Crime XP Given: <input type='text' name='crimeXP' value='{$itemi['crimeXP']}' /> <br /> {$csrf} <input type='submit' value='Edit Crime' /> </form> "; } function edit_crime_sub() { global $c, $h, $userid, $db; $_POST['crimeNAME'] = (isset($_POST['crimeNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['crimeNAME'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeNAME']))) : ''; $_POST['crimeBRAVE'] = (isset($_POST['crimeBRAVE']) && is_numeric($_POST['crimeBRAVE'])) ? abs(intval($_POST['crimeBRAVE'])) : ''; $_POST['crimePERCFORM'] = (isset($_POST['crimePERCFORM'])) ? $db->escape( strip_tags(stripslashes($_POST['crimePERCFORM']))) : ''; $_POST['crimeSUCCESSMUNY'] = (isset($_POST['crimeSUCCESSMUNY']) && is_numeric($_POST['crimeSUCCESSMUNY'])) ? abs(intval($_POST['crimeSUCCESSMUNY'])) : ''; $_POST['crimeSUCCESSITEM'] = (isset($_POST['crimeSUCCESSITEM']) && is_numeric($_POST['crimeSUCCESSITEM'])) ? abs(intval($_POST['crimeSUCCESSITEM'])) : 0; $_POST['crimeGROUP'] = (isset($_POST['crimeGROUP']) && is_numeric($_POST['crimeGROUP'])) ? abs(intval($_POST['crimeGROUP'])) : ''; $_POST['crimeITEXT'] = (isset($_POST['crimeITEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeITEXT']))) : ''; $_POST['crimeSTEXT'] = (isset($_POST['crimeSTEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeSTEXT']))) : ''; $_POST['crimeFTEXT'] = (isset($_POST['crimeFTEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeFTEXT']))) : ''; $_POST['crimeJTEXT'] = (isset($_POST['crimeJTEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeJTEXT']))) : ''; $_POST['crimeJAILTIME'] = (isset($_POST['crimeJAILTIME']) && is_numeric($_POST['crimeJAILTIME'])) ? abs(intval($_POST['crimeJAILTIME'])) : ''; $_POST['crimeJREASON'] = (isset($_POST['crimeJREASON']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['crimeJREASON'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeJREASON']))) : ''; $_POST['crimeXP'] = (isset($_POST['crimeXP']) && is_numeric($_POST['crimeXP'])) ? abs(intval($_POST['crimeXP'])) : ''; if (empty($_POST['crimeNAME']) || empty($_POST['crimeBRAVE']) || empty($_POST['crimePERCFORM']) || empty($_POST['crimeSUCCESSMUNY']) || empty($_POST['crimeGROUP']) || empty($_POST['crimeITEXT']) || empty($_POST['crimeSTEXT']) || empty($_POST['crimeFTEXT']) || empty($_POST['crimeJTEXT']) || empty($_POST['crimeJAILTIME']) || empty($_POST['crimeJREASON']) || empty($_POST['crimeXP'])) { echo 'One or more of the inputs seems to be of the wrong format, please go back and try again.<br /> > <a href="staff_crimes.php?action=editcrime">Go back</a>'; die($h->endpage()); } staff_csrf_stdverify('staff_editcrime2', 'staff_crimes.php?action=editcrime'); if (!empty($_POST['crimeSUCCESSITEM'])) { $qi = $db->query( 'SELECT COUNT(`itmid`) FROM `items` WHERE `itmid` = ' . $_POST['crimeSUCCESSITEM']); $exist_check = $db->fetch_single($qi); $db->free_result($qi); if ($exist_check == 0) { echo 'Item you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=editcrime">Go back</a>'; die($h->endpage()); } } $db->query( "UPDATE `crimes` SET `crimeNAME` = '{$_POST['crimeNAME']}', `crimeBRAVE` = '{$_POST['crimeBRAVE']}', `crimePERCFORM` = '{$_POST['crimePERCFORM']}', `crimeSUCCESSMUNY` = '{$_POST['crimeSUCCESSMUNY']}', `crimeSUCCESSITEM` = '{$_POST['crimeSUCCESSITEM']}', `crimeGROUP` = '{$_POST['crimeGROUP']}', `crimeITEXT` = '{$_POST['crimeITEXT']}', `crimeSTEXT` = '{$_POST['crimeSTEXT']}', `crimeFTEXT` = '{$_POST['crimeFTEXT']}', `crimeJTEXT` = '{$_POST['crimeJTEXT']}', `crimeJAILTIME` = {$_POST['crimeJAILTIME']}, `crimeJREASON` = '{$_POST['crimeJREASON']}', `crimeXP` = {$_POST['crimeXP']} WHERE `crimeID` = {$_POST['crimeID']}"); echo 'Crime (' . $_POST['crimeNAME'] . ') edited.<br /> > <a href="staff.php">Goto Main</a>'; stafflog_add('Edited crime ' . $_POST['crimeNAME']); } function delcrime() { global $c, $h, $userid, $db; switch ($_GET['step']) { default: $csrf = request_csrf_html('staff_delcrime1'); echo " <h3>Deleting Crime</h3> Here you can delete a crime. <br /> <form action='staff_crimes.php?action=delcrime&step=2' method='post'> Crime: " . crime_dropdown(NULL, 'crime') . " <br /> {$csrf} <input type='submit' value='Delete Crime' /> </form> "; break; case 2: $target = (isset($_POST['crime']) && is_numeric($_POST['crime'])) ? abs(intval($_POST['crime'])) : ''; staff_csrf_stdverify('staff_delcrime1', 'staff_crimes.php?action=delcrime'); if (empty($target)) { echo 'Invalid Crime.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $d = $db->query( "SELECT `crimeNAME` FROM `crimes` WHERE `crimeID` = '$target'"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Crime you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $csrf = request_csrf_html('staff_delcrime2'); echo " <h3>Confirm</h3> Delete crime - " . $itemi["crimeNAME"] . "? <form action='staff_crimes.php?action=delcrime&step=3' method='post'> <input type='hidden' name='crimeID' value='$target' /> {$csrf} <input type='submit' name='yesorno' value='Yes' /> <input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_crimes.php?action=delcrime';\" /> </form> "; break; case 3: $target = (isset($_POST['crimeID']) && is_numeric($_POST['crimeID'])) ? abs(intval($_POST['crimeID'])) : ''; staff_csrf_stdverify('staff_delcrime2', 'staff_crimes.php?action=delcrime'); if (empty($target)) { echo 'Invalid Crime.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $_POST['yesorno'] = (isset($_POST['yesorno']) && in_array($_POST['yesorno'], array('Yes', 'No'))) ? $_POST['yesorno'] : 'No'; if ($_POST['yesorno'] == 'No') { echo ' Crime not deleted.<br /> > <a href="staff.php">Goto Main</a> '; die($h->endpage()); } $d = $db->query( "SELECT `crimeNAME` FROM `crimes` WHERE `crimeID` = '$target'"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Crime you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $db->query( "DELETE FROM `crimes` WHERE `crimeID` = '$target'"); echo 'Crime (' . $itemi['crimeNAME'] . ') Deleted.<br /> > <a href="staff.php">Goto Main.</a>'; stafflog_add('Deleted crime ' . $itemi['crimeNAME']); break; } } function new_crimegroup_form() { $csrf = request_csrf_html('staff_newcrimegroup'); echo " Adding a new crime group. <br /> <form action='staff_crimes.php?action=newcrimegroupsub' method='post'> Name: <input type='text' name='cgNAME' /> <br /> Order Number: <input type='text' name='cgORDER' /> <br /> {$csrf} <input type='submit' value='Create Crime Group' /> </form> "; } function new_crimegroup_submit() { global $c, $userid, $db, $h; $_POST['cgNAME'] = (isset($_POST['cgNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['cgNAME'])) ? $db->escape(strip_tags(stripslashes($_POST['cgNAME']))) : ''; $_POST['cgORDER'] = (isset($_POST['cgORDER']) && is_numeric($_POST['cgORDER'])) ? abs(intval($_POST['cgORDER'])) : ''; if (empty($_POST['cgNAME']) || empty($_POST['cgORDER'])) { echo 'You missed one or more of the required fields. Please go back and try again.<br /> > <a href="staff_crimes.php?action=newcrimegroup">Go Back</a>'; die($h->endpage()); } staff_csrf_stdverify('staff_newcrimegroup', 'staff_crimes.php?action=newcrimegroup'); $d = $db->query( 'SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgORDER` = ' . $_POST['cgORDER']); if ($db->fetch_single($d) > 0) { $db->free_result($d); echo 'You cannot put two crime groups in the same order.<br /> > <a href="staff_crimes.php?action=newcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($d); $db->query( "INSERT INTO `crimegroups` (`cgNAME`, `cgORDER`) VALUES('{$_POST['cgNAME']}', '{$_POST['cgORDER']}')"); echo 'Crime Group created!<br /> > <a href="staff_crimes.php?action=newcrimegroup">Go Back</a>'; stafflog_add('Created Crime Group ' . $_POST['cgNAME']); } function edit_crimegroup_begin() { $csrf = request_csrf_html('staff_editcrimegroup1'); global $c, $h, $userid, $db; echo " <h3>Editing A Crime Group</h3> <form action='staff_crimes.php?action=editcrimegroupform' method='post'> Crime Group: " . crimegroup_dropdown(NULL, 'crimeGROUP') . " <br /> {$csrf} <input type='submit' value='Edit Crime Group' /> </form> "; } function edit_crimegroup_form() { global $c, $h, $userid, $db; $_POST['crimeGROUP'] = (isset($_POST['crimeGROUP']) && is_numeric($_POST['crimeGROUP'])) ? abs(intval($_POST['crimeGROUP'])) : ''; staff_csrf_stdverify('staff_editcrimegroup1', 'staff_crimes.php?action=editcrimegroup'); if (empty($_POST['crimeGROUP'])) { echo 'Invalid Group.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go back</a>'; die($h->endpage()); } $d = $db->query( "SELECT `cgORDER`, `cgNAME` FROM `crimegroups` WHERE `cgID` = {$_POST['crimeGROUP']}"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Group you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $csrf = request_csrf_html('staff_editcrimegroup2'); echo " <h3>Editing Crime Group</h3> <form action='staff_crimes.php?action=editcrimegroupsub' method='post'> <input type='hidden' name='cgID' value='{$_POST['crimeGROUP']}' /> Name: <input type='text' name='cgNAME' value='{$itemi['cgNAME']}' /> <br /> Order Number: <input type='text' name='cgORDER' value='{$itemi['cgORDER']}' /> <br /> {$csrf} <input type='submit' value='Edit Crime Group' /> </form> "; } function edit_crimegroup_sub() { global $c, $h, $userid, $db; $_POST['cgNAME'] = (isset($_POST['cgNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['cgNAME'])) ? $db->escape(strip_tags(stripslashes($_POST['cgNAME']))) : ''; $_POST['cgORDER'] = (isset($_POST['cgORDER']) && is_numeric($_POST['cgORDER'])) ? abs(intval($_POST['cgORDER'])) : ''; $_POST['cgID'] = (isset($_POST['cgID']) && is_numeric($_POST['cgID'])) ? abs(intval($_POST['cgID'])) : ''; staff_csrf_stdverify('staff_editcrimegroup2', 'staff_crimes.php?action=editcrimegroup'); if (empty($_POST['cgNAME']) || empty($_POST['cgORDER'])) { echo 'You missed one or more of the required fields. Please go back and try again.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go Back</a>'; die($h->endpage()); } else { $d = $db->query( 'SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgORDER` = ' . $_POST['cgORDER'] . ' AND `cgID` != ' . $_POST['cgID']); if ($db->fetch_single($d) > 0) { $db->free_result($d); echo 'You cannot put two crime groups in the same order.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($d); $db->query( "UPDATE `crimegroups` SET `cgNAME` = '{$_POST['cgNAME']}', `cgORDER` = '{$_POST['cgORDER']}' WHERE `cgID` = '{$_POST['cgID']}'"); echo 'Crime Group edited<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go Back</a>'; stafflog_add("Edited Crime Group {$_POST['cgNAME']}"); } } function delcrimegroup() { global $c, $h, $userid, $db; switch ($_GET['step']) { default: $csrf = request_csrf_html('staff_delcrimegroup1'); echo " <h3>Deleting Crime Group</h3> <form action='staff_crimes.php?action=delcrimegroup&step=2' method='post' name='theform' onsubmit='return checkme();'> Crime Group: " . crimegroup_dropdown(NULL, 'crimeGROUP') . "<br /> Move crimes in deleted group to: " . crimegroup_dropdown(NULL, 'crimeGROUP2') . "<br /> {$csrf} <input type='submit' value='Delete Crime Group' /> </form>"; break; case 2: $target = (isset($_POST['crimeGROUP']) && is_numeric($_POST['crimeGROUP'])) ? abs(intval($_POST['crimeGROUP'])) : ''; $target2 = (isset($_POST['crimeGROUP2']) && is_numeric($_POST['crimeGROUP2'])) ? abs(intval($_POST['crimeGROUP2'])) : ''; staff_csrf_stdverify('staff_delcrimegroup1', 'staff_crimes.php?action=delcrimegroup'); if ((empty($target) || empty($target2)) || ($target == $target2)) { echo 'One of two things may have went wrong.<br /> 1) You didn\'t input the fields correctly.<br /> 2) Fields are the same.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $q = $db->query( "SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgID` IN($target, $target2)"); if ($db->fetch_single($q) < 2) { $db->free_result($q); echo 'One of the two or both groups selected don\'t exist.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($q); $d = $db->query( "SELECT `cgNAME` FROM `crimegroups` WHERE `cgID` = $target"); $itemi = $db->fetch_single($d); $db->free_result($d); $csrf = request_csrf_html('staff_delcrimegroup2'); echo " <h3>Confirm</h3> Delete crime group - " . $itemi . "? <form action='staff_crimes.php?action=delcrimegroup&step=3' method='post'> <input type='hidden' name='cgID' value='$target' /> <input type='hidden' name='cgID2' value='$target2' /> {$csrf} <input type='submit' name='yesorno' value='Yes' /> <input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_crimes.php?action=delcrimegroup';\" /> </form> "; break; case 3: $target = (isset($_POST['cgID']) && is_numeric($_POST['cgID'])) ? abs(intval($_POST['cgID'])) : ''; $target2 = (isset($_POST['cgID2']) && is_numeric($_POST['cgID2'])) ? abs(intval($_POST['cgID2'])) : ''; staff_csrf_stdverify('staff_delcrimegroup2', 'staff_crimes.php?action=delcrimegroup'); if ((empty($target) || empty($target2)) || ($target == $target2)) { echo 'One of two things may have went wrong.<br /> 1) You didn\'t input the fields correctly.<br /> 2) Fields are the same.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $q = $db->query( "SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgID` IN($target, $target2)"); if ($db->fetch_single($q) < 2) { $db->free_result($q); echo 'One of the two or both groups selected don\'t exist.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($q); $_POST['yesorno'] = (isset($_POST['yesorno']) && in_array($_POST['yesorno'], array('Yes', 'No'))) ? $_POST['yesorno'] : 'No'; if ($_POST['yesorno'] == 'No') { echo 'Group not deleted.<br /> > <a href="staff.php">Goto Main</a>'; die($h->endpage()); } $d = $db->query( "SELECT `cgNAME` FROM `crimegroups` WHERE `cgID` = $target"); $itemi = $db->fetch_row($d); $db->free_result($d); $db->query( "DELETE FROM `crimegroups` WHERE `cgID` = $target"); $db->query( "UPDATE `crimes` SET `crimeGROUP` = {$target2} WHERE `crimeGROUP` = {$target}"); stafflog_add("Deleted crime group {$itemi['cgNAME']}"); echo 'Crime Group deleted.<br /> > <a href="staff.php">Goto Main</a>'; break; } } function reorder_crimegroups() { global $db, $c, $h, $userid; if (isset($_POST['submit'])) { unset($_POST['submit']); staff_csrf_stdverify('staff_reorder_crimegroups', 'staff_crimes.php?action=reorder'); unset($_POST['verf']); $used = array(); foreach ($_POST as $v) { $v = (isset($v) && is_numeric($v)) ? abs(intval($v)) : ''; if (empty($v)) { echo 'Invalid group.<br /> > <a href="staff_crimes.php?action=reorder">Go Back</a>'; die($h->endpage()); } if (in_array($v, $used)) { echo 'You have used the same order number twice.<br /> > <a href="staff_crimes.php?action=reorder">Go Back</a>'; die($h->endpage()); } $used[] = $v; } $ro_cnt = count($used); $ro = implode(',', $used); $c_g = $db->query( 'SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgORDER` IN(' . $ro . ')'); if ($db->fetch_single($c_g) < $ro_cnt) { $db->free_result($c_q); echo 'Group order doesn\'t exist.<br /> > <a href="staff_crimes.php?action=reorder">Go Back</a>'; die($h->endpage()); } $db->free_result($c_q); foreach ($_POST as $k => $v) { $cg = str_replace("order", "", $k); $db->query( "UPDATE `crimegroups` SET `cgORDER` = {$v} WHERE `cgID` = {$cg}"); } echo "Crime group order updated!"; stafflog_add("Reordered crime groups"); } else { $q = $db->query( "SELECT `cgID`, `cgNAME` FROM `crimegroups` ORDER BY `cgORDER` ASC, `cgID` ASC"); $rows = $db->num_rows($q); $i = 0; $csrf = request_csrf_html('staff_reorder_crimegroups'); echo " <h3>Re-ordering Crime Groups</h3><hr /> <table width='100%' cellspacing='1' cellpadding='1' class='table'> <tr> <th>Crime Group</th> <th>Order</th> </tr> <form action='staff_crimes.php?action=reorder' method='post'> <input type='hidden' name='submit' value='1' /> {$csrf} "; while ($r = $db->fetch_row($q)) { $i++; echo " <tr> <td>{$r['cgNAME']}</td> <td><select name='order{$r['cgID']}' type='dropdown'> "; for ($j = 1; $j <= $rows; $j++) { if ($j == $i) { echo "<option value='{$j}' selected='selected'>{$j}</option>"; } else { echo "<option value='{$j}'>{$j}</option>"; } } echo ' </select> </td> </tr> '; } $db->free_result($q); echo " <tr> <td colspan='2' align='center'><input type='submit' value='Reorder' /></td> </tr> </form> </table> "; } } $h->endpage();
  12. Newbie
    link is dead always to late :(
  13. Newbie

    VPS Hosting

    Newbie posted a topic in Web hosting

    I was wondering if anyone could post up some good vps hosting sites that they had good experiences with Thanks Steve
  14. Newbie

    Gta

    Newbie replied to Newbie's topic in Free Modifications

    I am going to be working on a staff file for this to add it easier also will post up some screenshots of working and failing etc when i get back unless someone wants to do it for me :P (post screenshots that is )
  15. Newbie

    Gta

    Newbie posted a topic in Free Modifications

    EDIT: Was stopping users from stealing a car even if they have 0 gtaMAX but fixed and updated post. EDIT2: forgot to add it to users get +1 gta attempts even if they fail all fixed now :) EDIT3: Found a typo :) Info: Lets user steal a car and sell it for cash cars are easy added through php my admin or just copy the insert bit in sql part 2 users get a max of 50 gta's a day (easy changed) I am going to keep at this and try think of things to add into it hope ya enjoy   SQL: ALTER TABLE `users` ADD `maxGTA` INT( 11 ) NOT NULL DEFAULT '0'   SQL PART 2: CREATE TABLE IF NOT EXISTS `gta` ( `carID` int(11) NOT NULL AUTO_INCREMENT, `carPRISON` int(11) NOT NULL DEFAULT '0', `carSVALUE` int(11) NOT NULL DEFAULT '0', `carNAME` text NOT NULL, `carPIC` text NOT NULL, `carIQ` decimal(11,6) NOT NULL DEFAULT '0.000000', PRIMARY KEY (`carID`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ; INSERT INTO `gta` (`carID`, `carPRISON`, `carSVALUE`, `carNAME`, `carPIC`, `carIQ`) VALUES (1, 10, 100, 'Acura Integra', 'http://www.roadmagnet.com/media/catalog/product/cache/1/image/9df78eab33525d08d6e5fb8d27136e95/k/a/kara_integra_co_1.png', '10.000000'), (2, 20, 250, 'Audi 100 Avant quattro', 'http://www.motor-trade-insider.com/images/audi-100-avant-1984.jpg', '100.000000');     gta.php <?php # GTA MOD # FREE MOD FOR MCCODES V2 # CREATED BY STEVE AKA=NEWBIE require_once("globals.php"); switch($_GET['action']) { case "steal": steal_car(); break; default: gta_default(); break; } function gta_default() { global $db, $ir,$c,$userid,$h; echo "<center><h4><font color=green>GTA.</h4> <h5><i>Want to steal a car well here you can have a chance at doing that.</i></h5></font> <img border='0' src='http://www.unitedrecyclinginc.com/ur/images/stories/robber.png' alt='Robber' width='150' height='150' /> <br /><br /> <table width=75% cellspacing=1 class='table'> <tr style='background:gray'> <th>Car Name</th> <th>Picture</th> <th>Sell Value</th> <th>Steal Link</th></tr>"; $c=$db->query("SELECT * FROM gta LEFT JOIN users u ON u.userid=carNAME ORDER BY carID ASC"); while($r=$db->fetch_row($c)) { $steal_link = "<a href='gta.php?action=steal&ID={$r['carID']}'>Steal The Car</a>"; print "\n<tr> <td>{$r['carNAME']}</td> <td><img border='0' src='{$r['carPIC']}'width='75' height='75' /></td> <td>\${$r['carSVALUE']}</td> <td>[$steal_link]</td></tr>"; } print "</table>"; } function steal_car() { global $db, $ir,$c,$userid,$h; if($ir['maxGTA'] == 50) { echo "<font color=red>You have done your maximum gta for today please come back tommorow.<br /> <a href='index.php'>Go Home</a>"; $h->endpage(); exit; } $c=$db->query("SELECT * FROM gta WHERE carID={$_GET['ID']}"); if(!$db->num_rows($c)) { echo "Invalid Car ID contact ID:[1].<br /> <a href='gta.php'>Back</a>"; $h->endpage(); exit; } $r=$db->fetch_row($c); if($ir['IQ'] < $r['carIQ']) { echo "<font color=red>You have failed to steal {$r['carNAME']} & been sent to jail for {$r['carPRISON']}<br />"; $db->query("UPDATE users SET jail=jail+{$r['carPRISON']}, jail_reason = 'Failed to steal {$r['carNAME']}', maxGTA=maxGTA+1 WHERE userid=$userid"); $h->endpage(); exit; } else { echo "<font color=green>You managed to steal {$r['carNAME']} & sold it for \${$r['carSVALUE']}.</font>"; $db->query("UPDATE users SET money=money+{$r['carSVALUE']}, maxGTA=maxGTA+1 WHERE userid=$userid"); } } $h->endpage(); ?>   last but least Put this in cron day   $db->query("UPDATE users SET maxGTA=0 WHERE maxGTA > 0");
  16. Newbie
    i have been with x10 hosting premium and your lucky if your site can hold 50+ members without it lagging out or whatever
  17. Newbie
    my domain name is hosted on godaddy.com i changed my dns before this attack and my website is still up (thank fully)
  18. Newbie

    Buggy files

    Newbie replied to Newbie's topic in Engine Support

    thanks for that dj the script is fine the two topics explained alot :)
  19. Newbie

    Buggy files

    Newbie replied to Newbie's topic in Engine Support

    ok did a fresh install as you said and still nothing still get same error   One or more of the inputs seems to of the wrong format, please go back and try again. > Go back i was able to create a crime group but as soon as it comes to creating a crime i fill in all Fields and get the above error code posted below   <?php /** * MCCodes Version 2.0.5b * Copyright (C) 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: staff_crimes.php * Signature: d6f7b3e08025c35caa54144262d8bafe * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('sglobals.php'); if ($ir['user_level'] != 2) { echo 'You cannot access this area.<br /> > <a href="staff.php">Go Back</a>'; die($h->endpage()); } //This contains crime stuffs if (!isset($_GET['action'])) { $_GET['action'] = ''; } switch ($_GET['action']) { case 'newcrime': new_crime_form(); break; case 'newcrimesub': new_crime_submit(); break; case 'editcrime': edit_crime_begin(); break; case 'editcrimeform': edit_crime_form(); break; case 'editcrimesub': edit_crime_sub(); break; case 'delcrime': delcrime(); break; case 'newcrimegroup': new_crimegroup_form(); break; case 'newcrimegroupsub': new_crimegroup_submit(); break; case 'editcrimegroup': edit_crimegroup_begin(); break; case 'editcrimegroupform': edit_crimegroup_form(); break; case 'editcrimegroupsub': edit_crimegroup_sub(); break; case 'delcrimegroup': delcrimegroup(); break; case 'reorder': reorder_crimegroups(); break; default: echo 'Error: This script requires an action.'; break; } function new_crime_form() { $csrf = request_csrf_html('staff_newcrime'); echo " Adding a new crime.<br /> <form action='staff_crimes.php?action=newcrimesub' method='post'> Name: <input type='text' name='name' /> <br /> Brave Cost (1-9 chars only): <input type='text' name='brave' /> <br /> Success % Formula: <input type='text' name='percform' value='((WILL*0.8)/2.5)+(LEVEL/4)' /> <br /> Success Money (1-9 chars only): <input type='text' name='money' /> <br /> Success Crystals (1-9 chars only): <input type='text' name='crys' /> <br /> Success Item: " . item2_dropdown(NULL, 'item') . " <br /> Group: " . crimegroup_dropdown(NULL, 'group') . " <br /> Initial Text: <textarea rows='4' cols='40' name='itext'></textarea> <br /> Success Text: <textarea rows='4' cols='40' name='stext'></textarea> <br /> Failure Text: <textarea rows='4' cols='40' name='ftext'></textarea> <br /> Jail Text: <textarea rows='4' cols='40' name='jtext'></textarea> <br /> Jail Time (1-9 chars only): <input type='text' name='jailtime' /> <br /> Jail Reason: <input type='text' name='jailreason' /> <br /> Crime XP Given (1-9 chars only): <input type='text' name='crimexp' /> <br /> {$csrf} <input type='submit' value='Create Crime' /> </form> "; } function new_crime_submit() { global $c, $userid, $db, $h; $_POST['name'] = (isset($_POST['name']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])*$/i", $_POST['name'])) ? $db->escape(strip_tags(stripslashes($_POST['name']))) : ''; $_POST['brave'] = (isset($_POST['brave']) && is_numeric($_POST['brave'])) ? abs(intval($_POST['brave'])) : ''; $_POST['percform'] = (isset($_POST['percform'])) ? $db->escape(strip_tags(stripslashes($_POST['percform']))) : ''; $_POST['money'] = (isset($_POST['money']) && is_numeric($_POST['money'])) ? abs(intval($_POST['money'])) : ''; $_POST['crys'] = (isset($_POST['crys']) && is_numeric($_POST['crys'])) ? abs(intval($_POST['crys'])) : ''; $_POST['item'] = (isset($_POST['item']) && is_numeric($_POST['item'])) ? abs(intval($_POST['item'])) : 0; $_POST['group'] = (isset($_POST['group']) && is_numeric($_POST['group'])) ? abs(intval($_POST['group'])) : ''; $_POST['itext'] = (isset($_POST['itext'])) ? $db->escape(strip_tags(stripslashes($_POST['itext']))) : ''; $_POST['stext'] = (isset($_POST['stext'])) ? $db->escape(strip_tags(stripslashes($_POST['stext']))) : ''; $_POST['ftext'] = (isset($_POST['ftext'])) ? $db->escape(strip_tags(stripslashes($_POST['ftext']))) : ''; $_POST['jtext'] = (isset($_POST['jtext'])) ? $db->escape(strip_tags(stripslashes($_POST['jtext']))) : ''; $_POST['jailtime'] = (isset($_POST['jailtime']) && is_numeric($_POST['jailtime'])) ? abs(intval($_POST['jailtime'])) : ''; $_POST['jailreason'] = (isset($_POST['jailreason']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])*$/i", $_POST['jailreason'])) ? $db->escape( strip_tags(stripslashes($_POST['jailreason']))) : ''; $_POST['crimexp'] = (isset($_POST['crimexp']) && is_numeric($_POST['crimexp'])) ? abs(intval($_POST['crimexp'])) : ''; if (empty($_POST['name']) || empty($_POST['brave']) || empty($_POST['percform']) || empty($_POST['money']) || empty($_POST['crys']) || empty($_POST['group']) || empty($_POST['itext']) || empty($_POST['stext']) || empty($_POST['ftext']) || empty($_POST['jtext']) || empty($_POST['jailtime']) || empty($_POST['jailreason']) || empty($_POST['crimexp'])) { echo 'One or more of the inputs seems to of the wrong format, please go back and try again.<br /> > <a href="staff_crimes.php?action=newcrime">Go back</a>'; die($h->endpage()); } staff_csrf_stdverify('staff_newcrime', 'staff_crimes.php?action=newcrime'); if (!empty($_POST['item'])) { $qi = $db->query( 'SELECT COUNT(`itmid`) FROM `items` WHERE `itmid` = ' . $_POST['item']); $exist_check = $db->fetch_single($qi); $db->free_result($qi); if ($exist_check == 0) { echo 'Item you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=newcrime">Go back</a>'; die($h->endpage()); } } $db->query( "INSERT INTO `crimes` (`crimeNAME`, `crimeBRAVE`, `crimePERCFORM`, `crimeSUCCESSMUNY`, `crimeSUCCESSCRYS`, `crimeSUCCESSITEM`, `crimeGROUP`, `crimeITEXT`, `crimeSTEXT`, `crimeFTEXT`, `crimeJTEXT`, `crimeJAILTIME`, `crimeJREASON`, `crimeXP`) VALUES('{$_POST['name']}', '{$_POST['brave']}', '{$_POST['percform']}', '{$_POST['money']}', {$_POST['crys']}, {$_POST['item']}, '{$_POST['group']}', '{$_POST['itext']}', '{$_POST['stext']}', '{$_POST['ftext']}', '{$_POST['jtext']}', {$_POST['jailtime']}, '{$_POST['jailreason']}', {$_POST['crimexp']})"); echo 'Crime (' . $_POST['name'] . ') created.<br /> > <a href="staff.php">Goto Main</a>'; stafflog_add('Created crime ' . $_POST['name']); } function edit_crime_begin() { $csrf = request_csrf_html('staff_editcrime1'); echo " <h3>Editing Crime</h3> You can edit any aspect of this crime. <br /> <form action='staff_crimes.php?action=editcrimeform' method='post'> Crime: " . crime_dropdown(NULL, 'crime') . " <br /> {$csrf} <input type='submit' value='Edit Crime' /> </form> "; } function edit_crime_form() { global $c, $h, $userid, $db; $_POST['crime'] = (isset($_POST['crime']) && is_numeric($_POST['crime'])) ? abs(intval($_POST['crime'])) : ''; staff_csrf_stdverify('staff_editcrime1', 'staff_crimes.php?action=editcrime'); $d = $db->query( "SELECT `crimeXP`, `crimeJREASON`, `crimeJAILTIME`, `crimeJTEXT`, `crimeFTEXT`, `crimeSTEXT`, `crimeITEXT`, `crimeGROUP`, `crimeSUCCESSITEM`, `crimeSUCCESSCRYS`, `crimeSUCCESSMUNY`, `crimePERCFORM`, `crimeBRAVE`, `crimeNAME` FROM `crimes` WHERE `crimeID` = {$_POST['crime']}"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Crime doesn\'t seem to exist.<br />> <a href="staff_crimes.php?action=newcrime">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $csrf = request_csrf_html('staff_editcrime2'); echo " <h3>Editing Crime</h3> <form action='staff_crimes.php?action=editcrimesub' method='post'> <input type='hidden' name='crimeID' value='{$_POST['crime']}' /> Name: <input type='text' name='crimeNAME' value='{$itemi['crimeNAME']}' /> <br /> Brave Cost: <input type='text' name='crimeBRAVE' value='{$itemi['crimeBRAVE']}' /> <br /> Success % Formula: <input type='text' name='crimePERCFORM' value='{$itemi['crimePERCFORM']}' /> <br /> Success Money: <input type='text' name='crimeSUCCESSMUNY' value='{$itemi['crimeSUCCESSMUNY']}' /> <br /> Success Crystals: <input type='text' name='crimeSUCCESSCRYS' value='{$itemi['crimeSUCCESSCRYS']}' /> <br /> Success Item: " . item2_dropdown(NULL, 'crimeSUCCESSITEM', $itemi['crimeSUCCESSITEM']) . " <br /> Group: " . crimegroup_dropdown(NULL, 'crimeGROUP', $itemi['crimeGROUP']) . " <br /> Initial Text: <textarea rows='4' cols='40' name='crimeITEXT'>{$itemi['crimeITEXT']}</textarea> <br /> Success Text: <textarea rows='4' cols='40' name='crimeSTEXT'>{$itemi['crimeSTEXT']}</textarea> <br /> Failure Text: <textarea rows='4' cols='40' name='crimeFTEXT'>{$itemi['crimeFTEXT']} </textarea> <br /> Jail Text: <textarea rows='4' cols='40' name='crimeJTEXT'>{$itemi['crimeJTEXT']} </textarea> <br /> Jail Time: <input type='text' name='crimeJAILTIME' value='{$itemi['crimeJAILTIME']}' /> <br /> Jail Reason: <input type='text' name='crimeJREASON' value='{$itemi['crimeJREASON']}' /> <br /> Crime XP Given: <input type='text' name='crimeXP' value='{$itemi['crimeXP']}' /> <br /> {$csrf} <input type='submit' value='Edit Crime' /> </form> "; } function edit_crime_sub() { global $c, $h, $userid, $db; $_POST['crimeNAME'] = (isset($_POST['crimeNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['crimeNAME'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeNAME']))) : ''; $_POST['crimeBRAVE'] = (isset($_POST['crimeBRAVE']) && is_numeric($_POST['crimeBRAVE'])) ? abs(intval($_POST['crimeBRAVE'])) : ''; $_POST['crimePERCFORM'] = (isset($_POST['crimePERCFORM'])) ? $db->escape( strip_tags(stripslashes($_POST['crimePERCFORM']))) : ''; $_POST['crimeSUCCESSMUNY'] = (isset($_POST['crimeSUCCESSMUNY']) && is_numeric($_POST['crimeSUCCESSMUNY'])) ? abs(intval($_POST['crimeSUCCESSMUNY'])) : ''; $_POST['crimeSUCCESSCRYS'] = (isset($_POST['crimeSUCCESSCRYS']) && is_numeric($_POST['crimeSUCCESSCRYS'])) ? abs(intval($_POST['crimeSUCCESSCRYS'])) : ''; $_POST['crimeSUCCESSITEM'] = (isset($_POST['crimeSUCCESSITEM']) && is_numeric($_POST['crimeSUCCESSITEM'])) ? abs(intval($_POST['crimeSUCCESSITEM'])) : 0; $_POST['crimeGROUP'] = (isset($_POST['crimeGROUP']) && is_numeric($_POST['crimeGROUP'])) ? abs(intval($_POST['crimeGROUP'])) : ''; $_POST['crimeITEXT'] = (isset($_POST['crimeITEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeITEXT']))) : ''; $_POST['crimeSTEXT'] = (isset($_POST['crimeSTEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeSTEXT']))) : ''; $_POST['crimeFTEXT'] = (isset($_POST['crimeFTEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeFTEXT']))) : ''; $_POST['crimeJTEXT'] = (isset($_POST['crimeJTEXT'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeJTEXT']))) : ''; $_POST['crimeJAILTIME'] = (isset($_POST['crimeJAILTIME']) && is_numeric($_POST['crimeJAILTIME'])) ? abs(intval($_POST['crimeJAILTIME'])) : ''; $_POST['crimeJREASON'] = (isset($_POST['crimeJREASON']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['crimeJREASON'])) ? $db->escape( strip_tags(stripslashes($_POST['crimeJREASON']))) : ''; $_POST['crimeXP'] = (isset($_POST['crimeXP']) && is_numeric($_POST['crimeXP'])) ? abs(intval($_POST['crimeXP'])) : ''; if (empty($_POST['crimeNAME']) || empty($_POST['crimeBRAVE']) || empty($_POST['crimePERCFORM']) || empty($_POST['crimeSUCCESSMUNY']) || empty($_POST['crimeSUCCESSCRYS']) || empty($_POST['crimeGROUP']) || empty($_POST['crimeITEXT']) || empty($_POST['crimeSTEXT']) || empty($_POST['crimeFTEXT']) || empty($_POST['crimeJTEXT']) || empty($_POST['crimeJAILTIME']) || empty($_POST['crimeJREASON']) || empty($_POST['crimeXP'])) { echo 'One or more of the inputs seems to be of the wrong format, please go back and try again.<br /> > <a href="staff_crimes.php?action=editcrime">Go back</a>'; die($h->endpage()); } staff_csrf_stdverify('staff_editcrime2', 'staff_crimes.php?action=editcrime'); if (!empty($_POST['crimeSUCCESSITEM'])) { $qi = $db->query( 'SELECT COUNT(`itmid`) FROM `items` WHERE `itmid` = ' . $_POST['crimeSUCCESSITEM']); $exist_check = $db->fetch_single($qi); $db->free_result($qi); if ($exist_check == 0) { echo 'Item you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=editcrime">Go back</a>'; die($h->endpage()); } } $db->query( "UPDATE `crimes` SET `crimeNAME` = '{$_POST['crimeNAME']}', `crimeBRAVE` = '{$_POST['crimeBRAVE']}', `crimePERCFORM` = '{$_POST['crimePERCFORM']}', `crimeSUCCESSMUNY` = '{$_POST['crimeSUCCESSMUNY']}', `crimeSUCCESSCRYS` = '{$_POST['crimeSUCCESSCRYS']}', `crimeSUCCESSITEM` = '{$_POST['crimeSUCCESSITEM']}', `crimeGROUP` = '{$_POST['crimeGROUP']}', `crimeITEXT` = '{$_POST['crimeITEXT']}', `crimeSTEXT` = '{$_POST['crimeSTEXT']}', `crimeFTEXT` = '{$_POST['crimeFTEXT']}', `crimeJTEXT` = '{$_POST['crimeJTEXT']}', `crimeJAILTIME` = {$_POST['crimeJAILTIME']}, `crimeJREASON` = '{$_POST['crimeJREASON']}', `crimeXP` = {$_POST['crimeXP']} WHERE `crimeID` = {$_POST['crimeID']}"); echo 'Crime (' . $_POST['crimeNAME'] . ') edited.<br /> > <a href="staff.php">Goto Main</a>'; stafflog_add('Edited crime ' . $_POST['crimeNAME']); } function delcrime() { global $c, $h, $userid, $db; switch ($_GET['step']) { default: $csrf = request_csrf_html('staff_delcrime1'); echo " <h3>Deleting Crime</h3> Here you can delete a crime. <br /> <form action='staff_crimes.php?action=delcrime&step=2' method='post'> Crime: " . crime_dropdown(NULL, 'crime') . " <br /> {$csrf} <input type='submit' value='Delete Crime' /> </form> "; break; case 2: $target = (isset($_POST['crime']) && is_numeric($_POST['crime'])) ? abs(intval($_POST['crime'])) : ''; staff_csrf_stdverify('staff_delcrime1', 'staff_crimes.php?action=delcrime'); if (empty($target)) { echo 'Invalid Crime.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $d = $db->query( "SELECT `crimeNAME` FROM `crimes` WHERE `crimeID` = '$target'"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Crime you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $csrf = request_csrf_html('staff_delcrime2'); echo " <h3>Confirm</h3> Delete crime - " . $itemi["crimeNAME"] . "? <form action='staff_crimes.php?action=delcrime&step=3' method='post'> <input type='hidden' name='crimeID' value='$target' /> {$csrf} <input type='submit' name='yesorno' value='Yes' /> <input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_crimes.php?action=delcrime';\" /> </form> "; break; case 3: $target = (isset($_POST['crimeID']) && is_numeric($_POST['crimeID'])) ? abs(intval($_POST['crimeID'])) : ''; staff_csrf_stdverify('staff_delcrime2', 'staff_crimes.php?action=delcrime'); if (empty($target)) { echo 'Invalid Crime.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $_POST['yesorno'] = (isset($_POST['yesorno']) && in_array($_POST['yesorno'], array('Yes', 'No'))) ? $_POST['yesorno'] : 'No'; if ($_POST['yesorno'] == 'No') { echo ' Crime not deleted.<br /> > <a href="staff.php">Goto Main</a> '; die($h->endpage()); } $d = $db->query( "SELECT `crimeNAME` FROM `crimes` WHERE `crimeID` = '$target'"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Crime you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=delcrime">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $db->query( "DELETE FROM `crimes` WHERE `crimeID` = '$target'"); echo 'Crime (' . $itemi['crimeNAME'] . ') Deleted.<br /> > <a href="staff.php">Goto Main.</a>'; stafflog_add('Deleted crime ' . $itemi['crimeNAME']); break; } } function new_crimegroup_form() { $csrf = request_csrf_html('staff_newcrimegroup'); echo " Adding a new crime group. <br /> <form action='staff_crimes.php?action=newcrimegroupsub' method='post'> Name: <input type='text' name='cgNAME' /> <br /> Order Number: <input type='text' name='cgORDER' /> <br /> {$csrf} <input type='submit' value='Create Crime Group' /> </form> "; } function new_crimegroup_submit() { global $c, $userid, $db, $h; $_POST['cgNAME'] = (isset($_POST['cgNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['cgNAME'])) ? $db->escape(strip_tags(stripslashes($_POST['cgNAME']))) : ''; $_POST['cgORDER'] = (isset($_POST['cgORDER']) && is_numeric($_POST['cgORDER'])) ? abs(intval($_POST['cgORDER'])) : ''; if (empty($_POST['cgNAME']) || empty($_POST['cgORDER'])) { echo 'You missed one or more of the required fields. Please go back and try again.<br /> > <a href="staff_crimes.php?action=newcrimegroup">Go Back</a>'; die($h->endpage()); } staff_csrf_stdverify('staff_newcrimegroup', 'staff_crimes.php?action=newcrimegroup'); $d = $db->query( 'SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgORDER` = ' . $_POST['cgORDER']); if ($db->fetch_single($d) > 0) { $db->free_result($d); echo 'You cannot put two crime groups in the same order.<br /> > <a href="staff_crimes.php?action=newcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($d); $db->query( "INSERT INTO `crimegroups` (`cgNAME`, `cgORDER`) VALUES('{$_POST['cgNAME']}', '{$_POST['cgORDER']}')"); echo 'Crime Group created!<br /> > <a href="staff_crimes.php?action=newcrimegroup">Go Back</a>'; stafflog_add('Created Crime Group ' . $_POST['cgNAME']); } function edit_crimegroup_begin() { $csrf = request_csrf_html('staff_editcrimegroup1'); global $c, $h, $userid, $db; echo " <h3>Editing A Crime Group</h3> <form action='staff_crimes.php?action=editcrimegroupform' method='post'> Crime Group: " . crimegroup_dropdown(NULL, 'crimeGROUP') . " <br /> {$csrf} <input type='submit' value='Edit Crime Group' /> </form> "; } function edit_crimegroup_form() { global $c, $h, $userid, $db; $_POST['crimeGROUP'] = (isset($_POST['crimeGROUP']) && is_numeric($_POST['crimeGROUP'])) ? abs(intval($_POST['crimeGROUP'])) : ''; staff_csrf_stdverify('staff_editcrimegroup1', 'staff_crimes.php?action=editcrimegroup'); if (empty($_POST['crimeGROUP'])) { echo 'Invalid Group.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go back</a>'; die($h->endpage()); } $d = $db->query( "SELECT `cgORDER`, `cgNAME` FROM `crimegroups` WHERE `cgID` = {$_POST['crimeGROUP']}"); if ($db->num_rows($d) == 0) { $db->free_result($d); echo 'Group you selected doesn\'t seem to exist.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go back</a>'; die($h->endpage()); } $itemi = $db->fetch_row($d); $db->free_result($d); $csrf = request_csrf_html('staff_editcrimegroup2'); echo " <h3>Editing Crime Group</h3> <form action='staff_crimes.php?action=editcrimegroupsub' method='post'> <input type='hidden' name='cgID' value='{$_POST['crimeGROUP']}' /> Name: <input type='text' name='cgNAME' value='{$itemi['cgNAME']}' /> <br /> Order Number: <input type='text' name='cgORDER' value='{$itemi['cgORDER']}' /> <br /> {$csrf} <input type='submit' value='Edit Crime Group' /> </form> "; } function edit_crimegroup_sub() { global $c, $h, $userid, $db; $_POST['cgNAME'] = (isset($_POST['cgNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['cgNAME'])) ? $db->escape(strip_tags(stripslashes($_POST['cgNAME']))) : ''; $_POST['cgORDER'] = (isset($_POST['cgORDER']) && is_numeric($_POST['cgORDER'])) ? abs(intval($_POST['cgORDER'])) : ''; $_POST['cgID'] = (isset($_POST['cgID']) && is_numeric($_POST['cgID'])) ? abs(intval($_POST['cgID'])) : ''; staff_csrf_stdverify('staff_editcrimegroup2', 'staff_crimes.php?action=editcrimegroup'); if (empty($_POST['cgNAME']) || empty($_POST['cgORDER'])) { echo 'You missed one or more of the required fields. Please go back and try again.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go Back</a>'; die($h->endpage()); } else { $d = $db->query( 'SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgORDER` = ' . $_POST['cgORDER'] . ' AND `cgID` != ' . $_POST['cgID']); if ($db->fetch_single($d) > 0) { $db->free_result($d); echo 'You cannot put two crime groups in the same order.<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($d); $db->query( "UPDATE `crimegroups` SET `cgNAME` = '{$_POST['cgNAME']}', `cgORDER` = '{$_POST['cgORDER']}' WHERE `cgID` = '{$_POST['cgID']}'"); echo 'Crime Group edited<br /> > <a href="staff_crimes.php?action=editcrimegroup">Go Back</a>'; stafflog_add("Edited Crime Group {$_POST['cgNAME']}"); } } function delcrimegroup() { global $c, $h, $userid, $db; switch ($_GET['step']) { default: $csrf = request_csrf_html('staff_delcrimegroup1'); echo " <h3>Deleting Crime Group</h3> <form action='staff_crimes.php?action=delcrimegroup&step=2' method='post' name='theform' onsubmit='return checkme();'> Crime Group: " . crimegroup_dropdown(NULL, 'crimeGROUP') . "<br /> Move crimes in deleted group to: " . crimegroup_dropdown(NULL, 'crimeGROUP2') . "<br /> {$csrf} <input type='submit' value='Delete Crime Group' /> </form>"; break; case 2: $target = (isset($_POST['crimeGROUP']) && is_numeric($_POST['crimeGROUP'])) ? abs(intval($_POST['crimeGROUP'])) : ''; $target2 = (isset($_POST['crimeGROUP2']) && is_numeric($_POST['crimeGROUP2'])) ? abs(intval($_POST['crimeGROUP2'])) : ''; staff_csrf_stdverify('staff_delcrimegroup1', 'staff_crimes.php?action=delcrimegroup'); if ((empty($target) || empty($target2)) || ($target == $target2)) { echo 'One of two things may have went wrong.<br /> 1) You didn\'t input the fields correctly.<br /> 2) Fields are the same.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $q = $db->query( "SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgID` IN($target, $target2)"); if ($db->fetch_single($q) < 2) { $db->free_result($q); echo 'One of the two or both groups selected don\'t exist.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($q); $d = $db->query( "SELECT `cgNAME` FROM `crimegroups` WHERE `cgID` = $target"); $itemi = $db->fetch_single($d); $db->free_result($d); $csrf = request_csrf_html('staff_delcrimegroup2'); echo " <h3>Confirm</h3> Delete crime group - " . $itemi . "? <form action='staff_crimes.php?action=delcrimegroup&step=3' method='post'> <input type='hidden' name='cgID' value='$target' /> <input type='hidden' name='cgID2' value='$target2' /> {$csrf} <input type='submit' name='yesorno' value='Yes' /> <input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_crimes.php?action=delcrimegroup';\" /> </form> "; break; case 3: $target = (isset($_POST['cgID']) && is_numeric($_POST['cgID'])) ? abs(intval($_POST['cgID'])) : ''; $target2 = (isset($_POST['cgID2']) && is_numeric($_POST['cgID2'])) ? abs(intval($_POST['cgID2'])) : ''; staff_csrf_stdverify('staff_delcrimegroup2', 'staff_crimes.php?action=delcrimegroup'); if ((empty($target) || empty($target2)) || ($target == $target2)) { echo 'One of two things may have went wrong.<br /> 1) You didn\'t input the fields correctly.<br /> 2) Fields are the same.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $q = $db->query( "SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgID` IN($target, $target2)"); if ($db->fetch_single($q) < 2) { $db->free_result($q); echo 'One of the two or both groups selected don\'t exist.<br /> > <a href="staff_crimes.php?action=delcrimegroup">Go back</a>'; die($h->endpage()); } $db->free_result($q); $_POST['yesorno'] = (isset($_POST['yesorno']) && in_array($_POST['yesorno'], array('Yes', 'No'))) ? $_POST['yesorno'] : 'No'; if ($_POST['yesorno'] == 'No') { echo 'Group not deleted.<br /> > <a href="staff.php">Goto Main</a>'; die($h->endpage()); } $d = $db->query( "SELECT `cgNAME` FROM `crimegroups` WHERE `cgID` = $target"); $itemi = $db->fetch_row($d); $db->free_result($d); $db->query( "DELETE FROM `crimegroups` WHERE `cgID` = $target"); $db->query( "UPDATE `crimes` SET `crimeGROUP` = {$target2} WHERE `crimeGROUP` = {$target}"); stafflog_add("Deleted crime group {$itemi['cgNAME']}"); echo 'Crime Group deleted.<br /> > <a href="staff.php">Goto Main</a>'; break; } } function reorder_crimegroups() { global $db, $c, $h, $userid; if (isset($_POST['submit'])) { unset($_POST['submit']); staff_csrf_stdverify('staff_reorder_crimegroups', 'staff_crimes.php?action=reorder'); unset($_POST['verf']); $used = array(); foreach ($_POST as $v) { $v = (isset($v) && is_numeric($v)) ? abs(intval($v)) : ''; if (empty($v)) { echo 'Invalid group.<br /> > <a href="staff_crimes.php?action=reorder">Go Back</a>'; die($h->endpage()); } if (in_array($v, $used)) { echo 'You have used the same order number twice.<br /> > <a href="staff_crimes.php?action=reorder">Go Back</a>'; die($h->endpage()); } $used[] = $v; } $ro_cnt = count($used); $ro = implode(',', $used); $c_g = $db->query( 'SELECT COUNT(`cgID`) FROM `crimegroups` WHERE `cgORDER` IN(' . $ro . ')'); if ($db->fetch_single($c_g) < $ro_cnt) { $db->free_result($c_q); echo 'Group order doesn\'t exist.<br /> > <a href="staff_crimes.php?action=reorder">Go Back</a>'; die($h->endpage()); } $db->free_result($c_q); foreach ($_POST as $k => $v) { $cg = str_replace("order", "", $k); $db->query( "UPDATE `crimegroups` SET `cgORDER` = {$v} WHERE `cgID` = {$cg}"); } echo "Crime group order updated!"; stafflog_add("Reordered crime groups"); } else { $q = $db->query( "SELECT `cgID`, `cgNAME` FROM `crimegroups` ORDER BY `cgORDER` ASC, `cgID` ASC"); $rows = $db->num_rows($q); $i = 0; $csrf = request_csrf_html('staff_reorder_crimegroups'); echo " <h3>Re-ordering Crime Groups</h3><hr /> <table width='100%' cellspacing='1' cellpadding='1' class='table'> <tr> <th>Crime Group</th> <th>Order</th> </tr> <form action='staff_crimes.php?action=reorder' method='post'> <input type='hidden' name='submit' value='1' /> {$csrf} "; while ($r = $db->fetch_row($q)) { $i++; echo " <tr> <td>{$r['cgNAME']}</td> <td><select name='order{$r['cgID']}' type='dropdown'> "; for ($j = 1; $j <= $rows; $j++) { if ($j == $i) { echo "<option value='{$j}' selected='selected'>{$j}</option>"; } else { echo "<option value='{$j}'>{$j}</option>"; } } echo ' </select> </td> </tr> '; } $db->free_result($q); echo " <tr> <td colspan='2' align='center'><input type='submit' value='Reorder' /></td> </tr> </form> </table> "; } } $h->endpage();
  20. Newbie

    Buggy files

    Newbie replied to Newbie's topic in Engine Support

    hello and thanks for the comments it was a clean install i did not install any modifications on it i only went to create 1 crime and the file kept saying i missed a field when i i never. i tried replacing the staff_crimes.php with a older version and it works fine that way so it was the file for sure   EDIT: could it be anything to do with the version of php i am using? Apache version 2.2.22 PHP version 5.2.17 EDIT AGAIN: forget the last edit as it would have error when installing if php was not up to date
  21. Newbie
    it was my first attempt at creating a template yeh its kinda like the one you just codded i made some changes to it yeh it is simliar to the one you coded for me but i didnt just copy the whole template and edit it i made it from scratch using that as a guide line and then my brain started going overdrive lol so it gave me a basic understanding of where to start and i will keep at it and keep releasing them for free where people want them or not i figure the more i do and play around with it the better ill get. thanks for the post dave
  22. Newbie
    i was wondering if anyone has recently upgraded or puchased mccodes-2.0.5b as for me the staff files dont seem to work
  23. Newbie
    Free psd army theme Layout This is for the inside of the game only be great full if pointers where giving to improving it [ATTACH=CONFIG]631[/ATTACH]   PSD is attached in a zipped folder [ATTACH]632[/ATTACH] army-ingame.zip
  24. Newbie
    $price = $ir['dPRICE'];   i dont think i have the price bit right tbh   Iam trying to get it so it matches the price out of the database In the database there is dID dPRICE dPROFIT i have 2 buildings in the table atm   Weed costs $1000 profit is $10 Cocaine costs $5000 profit $200
  25. Newbie
      Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/drugempi/public_html/drugbuildings.php on line 79 line 79 echo "<font color=green>Success</font> You bought a ($ir['dNAME']).";   had to add this to fix it   echo "<font color=green>Success</font> You bought a " .($ir['dNAME']). " ";   the buy function does not work aswell when a user clicks buy it says Success You bought a even if they dont have the money needed??? when i created the permit.php i was using numbers   if($ir['money'] < '100') { echo "You cant afford this!"; exit; } if($ir['money'] > '99') { echo" congrats you bought a ..... $db->query("UPDATE users SET permit-permit+1 WHERE userid={$userid}");
×
×
  • Create New...