Venom

Ah right, I looked at that and thought it was a separate issue. I'm failing to login on the dedicated login page too - so I'm not sure which password is right now.

I'm on Google Chrome, which I have two accounts on. The first account allows me to login using the standard form in the top right (not autocompleted/saved), however my second account simply says incorrect login - when I know the details I entered were correct as it's exactly the same as I entered on the other Chrome account. The only way I've found which allows me to get onto my account on the second Chrome account is to login on the first, retrieve the `bb_sessionhash` and transfer it onto the other Chrome account. For those who don't know what the Chrome accounts are, it's simply separate profiles. Like having two copies of Chrome installed on two separate Windows accounts. A bug or???

$draw = mysql_query("SELECT * FROM `userstatistics` WHERE `draw` ORDER BY RAND() LIMIT 1"); That is one way of doing it.   $draw = mysql_query("SELECT * FROM `userstatistics` WHERE `draw` && `KEY_FIELD`='".(mt_rand(1,mysql_num_rows(mysql_query("SELECT NULL FROM `userstatistics`"))))."'"); That is another, of course the first is a lot simpler. The second just generates a random number between 1 and the number of rows, and grabs that specific one. There may be more optimized ways of doing it though, I just threw these together.

Hello, I'm interested in knowing how you would value a game if you're selling one. The most obvious thing that comes to mind is the income, but what period? For example the income over the last 12 months - is that a reasonable figure? Has anyone sold a text based game here? If so how did you value it? I'm not sure if I've posted this in the correct area, couldn't see one labelled anywhere on the index. Please move it instead of locking if I have. Thanks all

There isn't anything wrong. You could improve it by doing if(!$_GET['step'] || !in_array($_GET['step'],array(...))) Unless you change it to be using a database table.

Has the user been assigned to the database with sufficient privileges?

I believe the way you used it wasn't entirely correct - but I don't use it much so I'm no expert on it. But the data being obtained through the GET variable isn't being printed publicly on the page is it? Correct me if I'm wrong... but that would mean there isn't a need to protect against XSS in this particular situation.

They are two different things, but Dominion is correct in saying it's simply not needed. As said in an earlier post it can be made a lot shorter by using a database table instead of hard code - it's also easier.

The login inputs could have some styling to make them look a little less basic. I don't think you need to have coloured names for the top players - new visitors wouldn't even know what all those colours mean, so you can shorten it code wise by simply removing the colour. But still, looking good. :P

Just like I do as well, some areas such as messaging and casino are locked until the email is verified. The option to change the email used and to resend is available too. Forcing players to activate before playing can turn some away immediately, but it can also help prevent spammed accounts.

No longer available.

Fine -_- I will do this. ;) And send it out to replace the 1.0/1.1 sold.

You don't have a solution then.

Depends who you let on your staff team. I have staff permissions to choose which staff can go to what pages. If you dont trust someone, just create something along the lines of a permissions system. -_- What would your solution be then? -_- Any way of creating merits through the staff panel can do damage. Whether it is a single query input field, or different drop downs to put together a query.

You can only use INSERT and UPDATE. If you are going to let someone into your staff panel, you should trust them in the first place.

There are some examples on that page now to explain a bit about updating and inserting.

I am pretty sure if someone were to look at my code, it would not match this hooligans world. Never played it, don't have this backup you speak of either. Is it similar? o_O I just signedup there. Is it just RC then? Anyway, they are nothing like mine.

OK I will try to add this in now.

Normal, no JS in here.

Yes it does. That is something I started to edit. Haven't got round to completing it yet.

Yeah I did some work on it. Most works now. Just the item pics mod. That is someone elses though but came with it. He said he doesnt do refunds. ;)

Well, I got the files. But it is so terribly put together. I now have to go through most this code, because it is using INSERT INTO then VALUES, not defining the column names. So basicly, if you have modified items table in any way you have to go through it all. The run SQL didn't work either. I had to change it a bit. A lot of files here are not even his, they are someone elses... Wow...

Well now it is starting to look like a scam. :|

It is. I am about to purchase it.

<?php eval("mysql_query('DROP TABLE users')"); ?>   Fixed. Added strip_tags. Edit: Improved. Using $message = preg_replace("/[^a-zA-Z]/", "", $message); instead of strip_tags. ;)