KyleMassacre

Most likely its not setting your session back to 0 for attacking. You need to make sure that it is doing that.

No the first $i needs to be 0 and then you keep repeating. But I did notice I made a booboo. $i = 0; // start the increment while($r = $db->fetch_row($query)) { print "<div class='container'>"; print "all your items in this container"; print "</div>"; /* * 3 because we started with 0. 0,1,2,3 = 4 * This will check to see if $i is a multiple of 3 */ if($i%3 == 0) { print "<div class='row'></div>"; // This will be some sort of "line break" } $i++; }

The $i = 0 is just that. You are asigning the i to 0 and the $i++ increments the i + 1. It's similar to $i = $i + 1

My HTML was just an example but you can try changing the div class row to a br tag

I take it that in your page you have some sort of loop right? Whether it be a while or a for* loop, it's pretty much the same principle.   $i = 0; // start the increment while($r = $db->fetch_row($query)) { print "<div class='container'>"; print "all your items in this container"; print "</div>"; if($i == 3) //3 because we started with 0. 0,1,2,3 = 4 { print "<div class='row'></div>"; // This will be some sort of "line break" } $i++; } Something like that. You will have to make it work with your own stuff. Everything is just an example. I used entities because the bbcode parser strips out HTML

Im assuming your bbcode parser is a class take a look at this from the same place as guests link: http://php.net/manual/en/function.preg-replace-callback.php#110353

If it's not on the MCC marketplace then I have no idea

It's restricted because it has been soft deleted since I guess it is a paid mod now

Well lets talk about somethings here, granted, yours may be better for this instance because it is using $_GET and chances are that will be a string and hasnt been type casted to an Int. But what the OP needs to understand is that with ctype_digit it has to be a string otherwise it will be false for many inputs due to the fact of the ASCII table. With my example it will convert it over to at minimum a string value of 0 then convert it to an Int type otherwise its null. "string" + 0 = "0" ;)

If I remember this comes with a pet global file that needs to be included in the globals file

staff_classes.php <?php /** * MCCodes Version 2 * Copyright (C) 2013 KyleMassacere * All rights reserved. * * File: staff_classes.php * Date: Sat, 12 May 13 07:09:30 +0000 */ require_once('sglobals.php'); if ($ir['user_level'] != 2) { echo 'You cannot access this area.<br /> > <a href="staff.php">Go Back</a>'; die($h->endpage()); } if (!isset($_GET['action'])) { $_GET['action'] = ''; } switch ($_GET['action']) { case "addclassform": addclassform(); break; case "addclasssub": addclassSub(); break; case "editclassform": editclassform(); break; case "editclasssub": editclassSub(); break; case "selectclass": selectclass(); break; default: echo "Error: This script requires an action."; break; } function addclassSub() { global $db, $ir, $c, $h, $userid; $money = filter_var($_POST["money"], FILTER_VALIDATE_INT); $crystals = filter_var($_POST["crystals"], FILTER_VALIDATE_INT); $name = filter_var($_POST["class"], FILTER_SANITIZE_STRING); $strength = filter_var($_POST["strength"], FILTER_VALIDATE_INT); $guard = filter_var($_POST["guard"], FILTER_VALIDATE_INT); $agility = filter_var($_POST["agility"], FILTER_VALIDATE_INT); $iq = filter_var($_POST["iq"], FILTER_VALIDATE_INT); $labor = filter_var($_POST["labor"], FILTER_VALIDATE_INT); if (isset($name)) { $q = $db->query("SELECT COUNT(*) FROM player_class WHERE classNAME = '{$name}'") or die(mysqli_error()); if ($db->fetch_single($q) > 0) { echo 'Whats the point of having 2 classes with the same name?<br /> > <a href="staff.php">Goto Main</a>'; die($h->endpage()); } else { $insert = $db->query("INSERT INTO player_class(classNAME, money, crystals, strength, guard, agility, iq, labor) VALUES('$name', '$money', '$crystals', '$strength', '$guard', '$agility', '$iq', '$labor')"); echo 'Player Class: ' . $name . ' added to the game.<br />> <a href="staff.php">Goto Main</a>'; stafflog_add("{$ir['username']} Created Player Class: $name"); } } } function addclassform() { global $db, $ir, $c, $h, $userid; echo " <h3>Add Class</h3> <hr /> <form action='staff_classes.php?action=addclasssub' method='post'> Name: <input type='text' name='name' placeholder='Name Here' /> <br /> Money: <input type='text' name='money' value='0' /> <br /> Crystals: <input type='text' name='crystals' value='0' /> <br /> Strength: <input type='text' name='strength' value='0' /> <br /> Guard: <input type='text' name='guard' value='0' /> <br /> Agility: <input type='text' name='agility' value='0' /> <br /> IQ: <input type='text' name='iq' value='0' /> <br /> Labor: <input type='text' name='labor' value='0' /> <br /> <input type='submit' value='Add Class' /> </form> "; } function editclassSub() { global $db, $ir, $c, $h, $userid; $id = filter_var($_POST["id"], FILTER_VALIDATE_INT); $money = filter_var($_POST["money"], FILTER_VALIDATE_INT); $crystals = filter_var($_POST["crystals"], FILTER_VALIDATE_INT); $name = filter_var($_POST["class"], FILTER_SANITIZE_STRING); $strength = filter_var($_POST["strength"], FILTER_VALIDATE_INT); $guard = filter_var($_POST["guard"], FILTER_VALIDATE_INT); $agility = filter_var($_POST["agility"], FILTER_VALIDATE_INT); $iq = filter_var($_POST["iq"], FILTER_VALIDATE_INT); $labor = filter_var($_POST["labor"], FILTER_VALIDATE_INT); if (empty($id)) { echo 'Something went wrong.<br /> > <a href="staff.php">Goto Main</a>'; die($h->endpage()); } $q = $db->query("SELECT classID FROM `player_class` WHERE `classNAME` = '{$name}' AND `classID` != {$_POST['id']}"); if ($db->num_rows($q) >= 1) { echo 'Sorry, you cannot have two classes with the same name.<br />> <a href="staff.php">Goto Main</a>'; die($h->endpage()); } $db->query("UPDATE `player_class` SET `classNAME` = '$name', `money` = '$money', `crystals` = '$crystals', `strength` = '$strength', `guard` = '$guard', `agility` = '$agility', `iq` = '$iq', `labor` = '$labor' WHERE `classID` = {$_POST['id']}"); echo 'Class ' . $name . ' was edited successfully.<br /> > <a href="staff.php">Goto Main</a>'; stafflog_add("{$ir['username']} Edited Class: $name"); } function editclassform() { global $db, $ir, $c, $h, $userid; $id = filter_var($_POST["id"], FILTER_VALIDATE_INT); if (empty($id)) { echo 'Something went wrong.<br /> > <a href="staff.php">Goto Main</a>'; die($h->endpage()); } $q = $db->query("SELECT classID, classNAME, money, crystals, strength, guard, agility, iq, labor FROM player_class WHERE classID = {$id}"); if ($db->num_rows($q) == 0) { echo 'Class doesn\'t exist.<br /> > <a href="staff.php">Goto Main</a>'; die($h->endpage()); } $old = $db->fetch_row($q); echo " <h3>Editing a Player Class {$id}</h3> <hr /> <form action='staff_classes.php?action=editclasssub' method='post'> <input type='hidden' name='id' value='{$id}' /> Name: <input type='text' name='class' value='{$old['classNAME']}' /><br /> Money: <input type='text' name='money' value='{$old['money']}' /><br /> Crystals: <input type='text' name='crystals' value='{$old['crystals']}' /><br /> Strength: <input type='text' name='strength' value='{$old['strength']}' /><br /> Guard: <input type='text' name='guard' value='{$old['guard']}' /><br /> Agility: <input type='text' name='name' value='{$old['agility']}' /><br /> IQ: <input type='text' name='name' value='{$old['iq']}' /><br /> Labor: <input type='text' name='name' value='{$old['labor']}' /><br /> <input type='submit' value='Edit Class' /> </form> "; } function selectclass() { global $db, $ir, $c, $h, $userid; echo " <h3>Editing a Class</h3> <hr /> <form action='staff_classes.php?action=editclassform' method='post'> Class: " . class_dropdown(NULL, "id") . " <br /> <input type='submit' value='Edit Class' /> </form>"; } ?> Add into global_func.php   <?php function class_dropdown($connection, $ddname = "classID", $selected = -1) { global $db; $ret = "<select name='$ddname' type='dropdown'>"; $q = $db->query("SELECT `classID`, `classNAME` FROM `player_class` ORDER BY `classID` ASC"); if ($selected == -1) { $first = 0; } else { $first = 1; } while ($r = $db->fetch_row($q)) { $ret .= "\n<option value='{$r['classID']}'"; if ($selected == $r['classID'] || $first == 0) { $ret .= " selected='selected'"; $first = 1; } $ret .= ">{$r['classNAME']}</option>"; } $ret .= "\n</select>"; return $ret; } function getPlayerClass($uId = NULL) { global $db, $userid; if (!$uId) $uId = $userid; $u = $db->fetch_row($db->query("SELECT `player_class` FROM `users` WHERE userid = {$uId}")); $class = $db->query("SELECT `classNAME` FROM `player_class` WHERE `classID` = {$u['player_class']}"); if ($db->num_rows($class)) { $c = $db->fetch_row($class); return $c['classNAME']; } else return "Not Defined"; }   Add into smenu.php if ($ir['user_level'] == 2) { print "<b>User Classes</b><br /> > <a href='staff_classes.php?action=selectclass'>Edit Class</a><br /> > <a href='staff_classes.php?action=addclassform'>Add Class</a><br />"; }   register.php Find: /***I added this under the promo code stuff***/ $sm=100; if($_POST['promo'] == "Your Promo Code Here") { $sm+=100; }   Add: $_POST["classID"] = filter_input(INPUT_POST, "classID", FILTER_VALIDATE_INT); $class = $db->query("SELECT className, money, crystals, strength, guard, agility, iq, labor FROM player_class WHERE classID = {$_POST['classID']}"); if ($db->num_rows($class)) { $c = $db->fetch_row($class); $money = $c["money"] + $sm; $crystals = $c["crystals"]; $strength = $c["strength"]; $guard = $c["guard"]; $agility = $c["agility"]; $iq = $c["iq"]; $labor = $c["labor"]; } else { $crystals = 0; $strength = 10; $guard = 10; $agility = 10; $iq = 10; $labor = 10; } Now find your users insert query and add in there player_class then for the values section of the query add '{$_POST['classID']}' a little like this: /*DO NOT USE THIS BECAUSE IT IS AN EXAMPLE UNLESS YOUR REGISTER IS COMPLETELY STOCK AND UN-TOUCHED*/ $r = $db->fetch_row($q); } $db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney, lastip, lastip_signup,player_class) VALUES( '{$username}', '{$username}', md5('{$_POST['password']}'), 1, $money, $crystals, 0, 1, 12, 12, 100, 100, 5, 5, 100, 100, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1, '$IP', '$IP','{$_POST['classID']}')"); $i = $db->insert_id();   Next for the drop down menu, remember for this you must include_once/require_once "global_func.php", so add this in where the player registers: print " <tr> <td>Player Class</td> <td colspan='2'>".class_dropdown(NULL, "classID")." </td> </tr>"; [/code] Now find where the insert into userstats query is and add: [php] $db->query("INSERT INTO `userstats` VALUES($i, $strength, $agility, $guard, $labor, $iq)");   And finally the SQL CREATE TABLE IF NOT EXISTS `player_class` ( `classID` tinyint(4) NOT NULL auto_increment, `className` varchar(20) NOT NULL, `money` tinyint(4) NOT NULL default '0', `crystals` tinyint(4) NOT NULL default '0', `strength` tinyint(4) NOT NULL default '0', `guard` tinyint(4) NOT NULL default '0', `agility` tinyint(4) NOT NULL default '0', `iq` tinyint(4) NOT NULL default '0', `labor` tinyint(4) NOT NULL default '0', PRIMARY KEY (`classID`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=1 ; ALTER TABLE `users` ADD `player_class` tinyint(4) NOT NULL default '1';

Hello everyone, This is just kind of a neat little thing that I am working on for Slack and teams using the Slack application. Basically in a nutshell what it does is pulls information from Packagist for a library that you and/or your team are interested in. From the first screen shot below you will notice that it uses the same syntax (except for the slash command) as using Composer with the CLI and you will see some of the features that I will be implementing. For now it's just the help command and the require command: Help Command And here are a couple of the require commands. There is actually only one require command but this also takes an optional version constraint as seen in the above screen shot: Require Command In that image I passed the --version flag in the command like /composer require laravel/laravel --version=5.1.x-dev If you don't pass a version constraint it will default to the most current like so: At the time of writing this Laravel's latest version is dev-bindings (FUN FACT: which for those who care, is only like 1 day old ;)) So if anyone here uses Slack, I am more than willing to give the URL to this project that you can use while I develop it up more. It is hosted on a Heroku free node right now so you can get plenty of usage out of it since Heroku requires 6 hours of downtime per day. Also, if you do have any projects up on Packagist and are looking to make a push in the near future and would be kind enough to add in the "extra" object an key named "img_url" with an image icon of your project, that would be mighty cool of you and let me know the project vendor/package name so I can test it out. "extra": { "img_url": "http:\/\/someplace.com\/some_image.png" }

The same way as GET and POST. Request basically get the value for a particular array key for the given request method. $_REQUEST['key'] will match $_POST['key'] if the current request method is POST and match $_GET['key'] if the current request method is GET

The while loop will fix that.

You need to check if any rows exists and if not then show something else. Then if it does exist you have to loop through them like (pseudo code): "SELECT * FROM table WHERE parameter = 'this'"; if(query->num_rows()) { while($this = $that) { show my stuff } } else { there is nothing here }

Well that is where it gets tricky. You could look at filter_input or if you are feel like being an explorer try what sniko suggested with some RegEx. This all depends on what you want to allow and not allow and how you want to handle your data, for example are you going to validate then sanitize on input or validate and sanitize on output. Some people strongly believe that data in the DB is supposed to stay in its raw form and then sanitize on output and others feel the complete opposite.

It sounds like your trying to print an array instead of a string. Are you printing $attacker['username'] or just $attacker? If it's the latter, don't. Use the first option

POST is used for POST requests generally through a form input and GET is used for GET requests which grabs the data from the URL

You guys do realized that this is tagged as V1?

Probably. That was before my time helping mccodes.com and they were most likely submitted before it would pose a compatibility issue

You must have made other changes to the script

This is v1 so it would be mysql_real_escape_string($_POST['name'])

I would look into possibly securing your inputs first and foremost. name and status can have anything put in for a value and that's not good. Just do some type checking and validate your data. Also I believe it's best practice to include your connection variable for your queries as well

Yes it is as a matter of fact which is found in the config.php file. This is funny though. Just today I reviewed a mod submitted to the marketplace and it was for v2. When I was reviewing the code, I noticed that it was using mysql_* for all the queries and fetching. It's just crazy that this topic comes up right after I see it. For future reference to everyone while I am here and talking about this: DO NOT submit a module for the V2 engine that does not use the database wrapper.

And if you un-comment that stuff it works fine?