DAMINK

Damn i bet i was the last stupid one to buy the gRPG engine. (buggy farkin thing it is)

Thats what i got emailed so i assume you edited your post or something??   I do have money to pay. But limited i agree. I have spent quite a bit already which several here can testify. Infact everyone i paid upfront. Infact 4 or 5 coders here have failed me and had to send me money back or i just gave up trying to get work done. I have had countless people from here or directed by posts here contact me about work and then ultimately say they cant do what i want. Yes i am reluctant to pay anyone now. I dont have a lot of money. My experience here has not been great. Even as i type this i am waiting for a coder to pay me back as i paid for work 3 weeks ago and its not done. Oh yea great work posting my emails. Shows real form. As for the work. Well i ended up doing it myself :) So i guess this thread can close.

Ok i decided to setup the reg to be salted. Here is what i have done. Created a column in grpgusers called salt which on registration puts a random string in that column. Then changed the main login code to this.   <? if(isset($_POST['submit'])){ $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; $sql= "SELECT * FROM grpgusers WHERE username='$username'"; $result=mysql_query($sql); $row=mysql_fetch_array($result); $salt = $row["salt"]; $auth_user = hash('sha256', $salt.$password); $user_class = new User($row['id']); if($row["password"] == $auth_user){ echo "Your now logged in and being redirected thankyou"; include ('foot.php'); echo '<meta http-equiv="refresh" content="3;url=main.php">'; $_SESSION["id"] = $row['id']; die(); } else { echo "Username and/or password are incorrect"; } } ?>   That seems to work ok. The salt works and hashes the password nicely. Also it checks to make sure its correct.   ** UPDATE ** Ended up fixing the session issue :) Just made some silly mistakes but still would like to know if its an acceptable way to do it or if its even safe to use this method?

The registration email is a bit messed up. It has the link in the subject not in the content. The game itsself looks mighty familiar. Cant quite put my finger on it but it does look familiar.

  No no.... I got head in the park........ oh wait.... what?

Yea but my game is a little different. I just grabbed the main bits i felt relevant.   if ($user_class->jail > 0){ echo "You are in jail for " . floor($user_class->jail / 60) . " more minutes."; }   I dont show this like the default does so did not show it. Normally this is in the header somewhere if thats what your talking about.

Grabbed a snippet of code from my grpg engine.

$checkjail = mysql_query("SELECT * FROM `grpgusers` WHERE `jail`!='0'"); $nummsgs = mysql_num_rows($checkjail); $jail = "[".$nummsgs."]";   Then <!_-jail-_!>   Unless im missing something.

No i just gave my opinion and then noticed someone with "resident troll" replying to me post. Fact is neither of us could have known if this site did infact have there passwords hashed short of testing further or asking right? I mean based on simply registering its hard to know. The fact the pass was sent in raw text i felt alarming and worth saying something. I did actually ask the game owner this exact question as i felt he needed to know, in the event it wasnt. Anyway enough of the troll. At OP its a lot better now in regards to the login i have to say. What you had a few days ago was nasty. Now it does not look so bad. From a players point of view, i dont overly like the navigation but that could just be because i am not familiar with it. Still i find myself hitting the gym button so i guess its not that bad. Is there a reason you have the game left justified? Or it feels like everything is pushed to the left? I personally think a new theme is needed to really make the game feel comfortable. Just my opinion though.

I agree with you 100% Lucky for sure. Some sort of mitm attack could grab it and given its not a temp type password it could be dangerous. Not so much on a game obviously but that said i was under the understanding its just bad practice. I guess if it was a one time type password then it might not be so bad. Where you are forced to make a new one after you login.

Yes ofcourse i understand that. I guess i looked at it like this.... Sending your raw password through email is dangerous. So if that was not addressed and very little was done on the theme i wondered if infact this was the case. Would not be the first game to open without addressing security at all! I can think of one that got taken down by members from here only a day or 2 ago! I certainly did not expect to get my password sent to me apon registering.

lol someone is upset. Damn you claim to be the resident troll yet your getting a little upset broskie? Have a nice day there Guest.

You think? I certainly do not. Just noticed this....   Sooooooooooo are they encrypted Resident Troll?

Yep horrible register and login. Actually to be honest i dont like the game layout one bit either. Meters not refreshing sucks. The email activation does nothing apart from send your password to you raw which tells me you are not hashing your passwords or salting them right? Sorry i dont like it one bit.

hahah no one wants to see my ugly mug. If i post a pic of myself i may very well scare away any kids that are wanting to learn from this site so in the interest of those young kids i will have to say no :)

Well not me. I dont really care either way. I dont play your game and you did not spam mine. However i do think its a ****ty way to get members. (which i now think you agree) Sure let your player base go spam places if they want to get banned but you as the game admin should act a little more professional than that. Anyway all that aside. Is this not an opportunity to learn? Clearly your game is not ready. So perhaps spend some time securing it before release. Perhaps make that 3 shoe thread? Make it humorous rather than humiliating. That way you can atleast open your game again without getting it hammered. Hell you never know the same people may even help you secure it if you act nicely. Thats my advice for what it is worth.

Your game gone down mate?

Your crazy bro. Some very skilled coders here. Dont want to be getting on there bad side. Can i just say. Even from my extremely limited knowledge, its appears your site is quite vulnerable. Perhaps you should be focused on that and not on spamming your game link man?

Great idea Kyle. Can i just say what a great thread. Reminds me of that old saying. Play with fire and you get burnt. ps i absolutely love that video you added at the end :)

  Yep i think his globals are working.

14 was my best of 3 goes.

Thankyou G7470 pm sent.

Thats ok Kyle. Thankyou anyway. It appears anyone that did know anything about gRPG is long dead. Ya know what i ask has been done before on gRPG. i know of a couple of sites that have exactly this already and there base is gRPG.

A couple of things i changed as a choice and a couple are important i think. 1) Secure the $reason better. I also used strip tags and it seemed to stop java popups i was otherwise able to create. 2) Add csrf protection to the form. Not sure it really matters but i am trying to do it to all forms. Would love clarification on that. 3) Limit $reason characters. Because i was able to add a truck load of characters and corrupt the table. Atleast i think thats what did it. Either way a limit should be there. 4) Prevent non existent ids from being added. Obvious reasons for that. 5) Limit the amount of hits per user. Otherwise people could just go stupid and add thousands. I know i am being picky on some things but i just feel to make a hitlist complete it needs most of them.

I will try. I want to have blocks of levels like below. level 1 - level 5 is one block. level 6 - level 25 is a second block. level 26 - 45 is a third block and so on. all the way to 200 so prob 10 blocks or so. Each block using a different maths to determine the exp needed per level so.... Block 1 has maths X to determine. 75+(level/20))*(Level^2)) Block 2 has maths Y to determine. 75+(level/10))*(Level^2)) Block 3 has maths Z to determine. 75+(level/5))*(Level^2)) KEEP IN MIND THAT MATHS HAS NOTHING TO DO WITH IT. JUST AN EXAMPLE. MATHS WOULD LOOK NOTHING LIKE THAT! I want to tie levels with locations. (which is already is ofcourse) When someone reaches a certain level they can access a new location. However because they are in a new block of exp there levels start out easy and get harder within the block of levels. So that it takes more exp to get through level 25 (block 2) than it will for 26 (start of block 3) As it currently stands the exp and levels i have are USELESS! Here is the default i have. Well i believe this is the function for it. I recognize its an entire rewrite of this but i need it done.   function experience($L) { $a=0; $end=0; for($x=1; $x<$L; $x++) { $a += floor($x+1500*pow(4, ($x/7))); } return floor($a/4); } function Get_The_Level($exp) { $a=0; $end =0; for($x=1; ($end==0 && $x<100); $x++) { $a += floor($x+1500*pow(4, ($x/7))); if ($exp >= floor($a/4)){ } else { return $x; $end=1; } } } function Get_Max_Exp($L){ $end=0; if ($exp == 0){ return 457; $end =1; } for($L=1;($L<100 && $end==0);$L++) { $exp = experience($L); //echo $exp; if ($exp >= $user_class->exp){ return $exp; $end=1; } } }