Miks

I bought Raven Mafia Script which looks like a copy of Mccodes, I'm pretty sure I read somewhere they have a license to sell it. I just tested my cron from logging into a standard user and they were able to run the cron directly. How would I go about preventing this, can you copy and paste what you use?

Is there a way to prevent users from running the cron jobs manually? Or should I relabel them?

Has someone got a working copy for the latest V2 that they wouldn't mind sharing?

@1331 I added the line as you suggest i.e echo 'if ('.$r['wlevel'].' > '.$ir['level'].')'; if ($r['wlevel'] > $ir['level']) { echo "You are not at a high enough level to equip this.<br><a href='inventory.php'> Return to inventory</a>"; $h->endpage(); exit; } The result was if ( > 4)Item Chainsaw equipped successfully. Return to inventory The weapon level I am testing this on is 12 and my level is 4.

I can get the script to work like this which isnt correct. If you're higher than the weapon level you cant have the weapon, but when the weapon level is higher than your level it works. I know its a case of changing the bracket to ">" but weirdly it doesnt work like that but does work "<" if (isset($_POST['type'])) { if (!in_array($_POST['type'], array("equip_primary", "equip_secondary"), true)) { echo "This slot ID is not valid."; $h->endpage(); exit; } if ($r['wlevel'] > $ir['level']) { echo "You are not at a high enough level to equip this."; $h->endpage(); exit; } if ($ir[$_POST['type']] > 0) { item_add($userid, $ir[$_POST['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query( "UPDATE `users` SET `{$_POST['type']}` = {$r['itmid']} WHERE `userid` = {$userid}"); echo "Item {$r['itmname']} equipped successfully."; The above is how it should be but doesnt work. if (isset($_POST['type'])) { if (!in_array($_POST['type'], array("equip_primary", "equip_secondary"), true)) { echo "This slot ID is not valid."; $h->endpage(); exit; } if ($r['wlevel'] < $ir['level']) { echo "You are not at a high enough level to equip this."; $h->endpage(); exit; } if ($ir[$_POST['type']] > 0) { item_add($userid, $ir[$_POST['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query( "UPDATE `users` SET `{$_POST['type']}` = {$r['itmid']} WHERE `userid` = {$userid}"); echo "Item {$r['itmname']} equipped successfully."; But when the bracket is round the wrong way it does work but not how I want it.   Hope that made sense, any further help is greatly appreciated!!

Hopefully its the final post but I had to alter the above code and replace it with if ($r['wlevel'] >= $ir['level']) { echo "You are not at a high enough level to equip this."; $h->endpage(); exit; } As far as I am aware it is working correctly now

Sorry I mean I had to replce if ($r['wlevel'] > $ir['level']) with if ($r['wlevel'] < $ir['level'])

It works!! I had to replce else if ($r['wlevel'] > $ir['level']) with else if ($r['wlevel'] < $ir['level'])

Hi KyleMassacre, Thanks for the tip. I tried replace the else if with just if and it was producing the same results, its like its bypassing the level restriction......

This is the contents of the equip_weapon.php file <?php /** * MCCodes Version 2.0.5b * Copyright © 2005-2012 Dabomstew * All rights reserved. * * Redistribution of this code in any form is prohibited, except in * the specific cases set out in the MCCodes Customer License. * * This code license may be used to run one (1) game. * A game is defined as the set of users and other game database data, * so you are permitted to create alternative clients for your game. * * If you did not obtain this code from MCCodes.com, you are in all likelihood * using it illegally. Please contact MCCodes to discuss licensing options * in this case. * * File: equip_weapon.php * Signature: 5fa6ce6f751fd7f09cde14b86ba287bf * Date: Fri, 20 Apr 12 08:50:30 +0000 */ require_once('globals.php'); $_GET['ID'] = (isset($_GET['ID']) && is_numeric($_GET['ID'])) ? abs((int) $_GET['ID']) : 0; $id = $db->query( "SELECT `weapon`, `itmid`, `itmname` FROM `inventory` AS `iv` LEFT JOIN `items` AS `it` ON `iv`.`inv_itemid` = `it`.`itmid` WHERE `iv`.`inv_id` = {$_GET['ID']} AND `iv`.`inv_userid` = $userid LIMIT 1"); if ($db->num_rows($id) == 0) { $db->free_result($id); echo "Invalid item ID"; $h->endpage(); exit; } else { $r = $db->fetch_row($id); $db->free_result($id); } if (!$r['weapon']) { echo "This item cannot be equipped to this slot."; $h->endpage(); exit; } if (isset($_POST['type'])) { if (!in_array($_POST['type'], array("equip_primary", "equip_secondary"), true)) { echo "This slot ID is not valid."; $h->endpage(); exit; } elseif ($r['wlevel'] > $ir['level']) { echo "You are not at a high enough level to equip this."; $h->endpage(); exit; } if ($ir[$_POST['type']] > 0) { item_add($userid, $ir[$_POST['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query( "UPDATE `users` SET `{$_POST['type']}` = {$r['itmid']} WHERE `userid` = {$userid}"); echo "Item {$r['itmname']} equipped successfully."; } else { echo "<h3>Equip Weapon</h3><hr /> <form action='equip_weapon.php?ID={$_GET['ID']}' method='post'> Please choose the slot to equip {$r['itmname']} to, if there is already a weapon in that slot, it will be removed back to your inventory.<br /> <input type='radio' name='type' value='equip_primary' checked='checked' /> Primary<br /> <input type='radio' name='type' value='equip_secondary' /> Secondary<br /> <input type='submit' value='Equip Weapon' /> </form>"; } $h->endpage();

Cheers KyleMassacre My error has now disappeared but the script ignores the level restriction command and equips the weapons. I have a weapon set to wlevel 8 and my level is 4 but instead of throwing back "You are not at a high enough level to equip this" it stills assigns the weapon.

Ok I have tried to edit equip_weapon.php but I need some help as I'm not a coder. I get this error "Parse error: syntax error, unexpected T_ELSE " $plevel=($r['level']); if ($ir['wlevel'] > $plevel); { echo "Can't equip. Level up!"; } else ($ir[$_POST['type']] > 0); { item_add($userid, $ir[$_POST['type']], 1); } item_remove($userid, $r['itmid'], 1); $db->query( "UPDATE `users` SET `{$_POST['type']}` = {$r['itmid']} WHERE `userid` = {$userid}"); echo "Item {$r['itmname']} equipped successfully."; I have updated the item table and added a new field called wlevel. Just cant get this part to work.

Is there a way to to restrict items (primarily weapons) to a certain level. The problem is I dont want the lower down levels i.e newbs to be able to purchase the high powered weapons. Is there an easy way to add level restrictions to the item creation page?

@Sniko I'm not a coder so that should probably answer your question lol (In the process of learning) It works the way I mentioned surprisingly buy I have updated it to the way you have mentioned. I only posted as the attack feature wouldn't have worked with its current link.

This is a really nice layout and my opinion better than the original. However you have made one small mistake with the user menu on the profile page: <li><a href="contactlist.php?action=add&ID=<? echo $r['userid']; ?>">Attack</a></li> Should be: <li><a href="attack.php?action=add&ID=<? echo $r['userid']; ?>">Attack</a></li> Like I said its a minor issue but one you should update in your code for future users :) Thanks for sharing