kiz5000

I have mailed cronus several times on here and have checked his last online status and noticed that he has logged on after each mail but it seem's that he doesn't feel like replying to me? I have mailed him all the info about the transaction including the unique paypal transaction id and emails ect but im getting no reply at all. Does anybody have contact with him or is anybody able to provide me a with a copy of the mod's? I legally own them and have the right to use them but i just dont have access to download the scripts. His site stated that i could download the script as many times as i want and would have full support by mccodes mods staff, I seem to be getting none of this, all i want is a copy of the scripts i paid for and it's not as if he doesnt have access to them as he has them listed on the mccodes marketplace aswell. The scripts were: Gang armoury Bounty List Auction House Facebook Connect Smuggle Weapons Fancy Crimes

Do anybody have contact with this guy? I purchased 6 scripts from his website mccodesmods.com a few months ago which i don't have access to downloading anymore due to somebody else taking over his website.

hmm, the only other things i can see in global_func.php is function make_bigint($str, $positive=1) { $str = (string) $str; $ret = ""; for($i=0;$i<strlen($str);$i++) { if((ord($str[$i]) > 47 && ord($str[$i]) < 58) or ($str[$i]=="-" && $positive == 0)) { $ret.=$str[$i]; } } if(strlen($ret) == 0) { return "0"; } return $ret; }   and function mysql_escape($str) { return str_replace("'","''",$str); }

Pm has now been Sent.

The first 2 attacks did not work, i have people trying them all the time, im checking the logs now but cant find anything suspicious, one thing im noticing is that everytime the password are changed they are 5 digit number passwords which makes me think the password is being auto produced by the system?

Ok so today a hacker has been targeting my game all day with different sql injections for the cmarket ect, i have a system that logs them and he was trying things like [/cmarket.phpaction=buy&ID=2 union all select 1,99999999,0,0]. [/cmarket.phpaction=remove&ID=2 union all select 1,CHAR(57,57,57,57,57,44,109,111,110,101,121,61,109,111,110,101,121,43,53),0,0 –]..   Unfortunately with all the sql injections he has been using he has found a way to change everybody's password in the game at once to a password of his choice, i don't know how he's doing this but he is doing it repeatedly and is managing to ruin my game does anybody know how he is doing this or is their any known exploits?

This is located at the very top of global functions, do you think this might be the line of code im looking for function Clean($Var) { if (get_magic_globals_gpc() == 1) { $Var = stripslashes($Var); } $Var = mysql_real_escape_string(htmlentities($Var)); return $Var; }

When myself or others type the words "delete" or "where" (without quotations of course) in a forum post or a message, they don't show up. For example if i typed I need to delete some posts on the forum it would appear as I need to some posts on the forum. I have checked the bbcode files but the is nothing in there about it, i have heard that it may be in the global functions file but i dont know what im looking for, anybody else experienced this problem before?

As a previous customer of peters i can also say that his work is the best I've seen, definitely worth the money and will be using him again in a future project.

Im having this exact same problem, which part did you remove from the global functions was it function Clean($Var) { if (get_magic_globals_gpc() == 1) { $Var = stripslashes($Var); } $Var = mysql_real_escape_string(htmlentities($Var)); return $Var; }

Oh sorry mixmaster i read your post wrong. Yeah i did feel abit alarmed about the fact that if you did manage to get the passwords from the database you can search on google and easily decrypt passwords but like Haunted said not all the passwords are in those tables as 3 out of the 20 i tried couldn't be found but it did only try 2 or 3 sites. I will look at that link and look into upgrading in the future, Thanks.

Hey thanks for the advice, The pass word is already md5 encrypted and gets encrypted in the INSERT command but to show the pass word to them i just show the POST password variable which has no encryption on it at the time of showing if you get what i mean.

Hey thanks for the reply, Yeah ive owned a few games before and i understand that your looking at about 100 players out of every 1,000 that will stay active, It just confuses me about the people who sign up and then never login once, And i may have to look into your idea about the automatic login after signup, This way they will be in the game instantly, I just cannot understand why over 49 people have signed up to the game and then suddenly just thought.. "No actually, i dont feel like logging in"..

Hi ive just noticed how many people have signed up to my game but have never actually logged in. After browsing through my members and noticing a few people who have never logged in i decided to do a quick sql select command to show how many people have actually never logged in, And out of the 400 members 49 of them have never logged in which is a pretty alarming number as it sits at over 10% of the game population. I was just wondering if anybody had noticed this on their games and if so what percentage of your members have never signed in? I cannot understand it as ive checked the signup process and the links and login form on the page work fine so im lost for ideas on why they would be doing this, i thought at first that maybe some of them are that thick that they forget their user/pass within seconds of signing up so i started displaying their user/pass to them with the text that tells them the signup was successful but its still happening??

Yes, here is the code. Also what puzzles me is the fact that i cant find the "loggedin" variable anywhere in the database or in any other scripts. Its only ever used in this one bit of code but seems to have been working fine for the past 3 months if($_SESSION['loggedin']==0){ header("Location: login.php");exit; } $userid=$_SESSION['userid'];