jedigunz

with the v2 version I've got i have to use PHP-4.2 or PHP-4.3 ,.. as it relies on Magic Quotes and Magic Quotes has been permanent false from PHP-4.4 ,. really annoying to be honest,.. but don't really notice it as i have to use an older version anyway do you own http://nonstopcoding.com/ by the way ??

Fixed It !! this worked in the header.php   -=-=-=-=--=-=-=--=-=-=-=-=-=-=-=-   $hc = $set['hospital_count']; $jc = $set['jail_count']; $ec = $ir['new_events']; $mc = $ir['new_mail']; $ids_checkpost=urldecode($_SERVER['QUERY_STRING']); if(eregi("[\'|'/'\''<'>'*'~'`']",$ids_checkpost) || strstr($ids_checkpost,'union') || strstr($ids_checkpost,'java') || strstr($ids_checkpost,'script') || strstr($ids_checkpost,'substring(') || strstr($ids_checkpost,'ord()')){ $passed=0; echo "<center>What are you trying to do? whatever it is stop it!</center>"; // or blank so they not know they failed.. event_add(3,"<font color=red>".$ir['username']."</font> <b> Tried to use [".$_SERVER['SCRIPT_NAME']."{$ids_checkpost}].. "); exit; }

Thing is with v2 ,. I got the original version maybe around 10 years ago when it first come out,. I no longer have access to the email accounts that it was purchased with lool,. there's a few injections possible like this,. I have no idea about SQL injections and how to prevent them, what would you need to look at maybe i can post it here

Hi Everyone its been a while since I've been on the forums but was hoping someone could help Has anyone got a piece of script to stop this SQL injection ?? cmarket.php?action=buy&ID=1 union all select 1,99999999,0,0 I used to have something that went in the header.php to stop SQL Injections can anyone lend a hand please ?? -JediGunz

well they have been delaying it for years,.. lets be honest,. ive been in contact with Kunal for a fair while and still never seems to release any news,. but for there to be a response from them saying we are doing something gives me a bit of hope that they will finally release some news atleast,. maybe what they've got in place so far,. or something of the sort, they could make themselves a fair fortune from releasing i well made V3,. i just hope they realize that and have something in place for the coding community

[ATTACH=CONFIG]1162[/ATTACH]   Heres what MC-CODE STAFF have sent back as a reply,. so what do you think people ??,. reckon there will be news released after all this time ????   whats your opinions ? :)

  i mean the database,. what does it get changed to when it calls the database ,.. as $ir['gang']) would have to be connected to a different part of the database

what will it be changed to ???

what about the if statement for your gang in the mainmenu ,.. ??   if(!$ir['jail'] && $ir['gang']) { print "<a href='yourgang.php' class='rollover' title=''>Your Gang</a>"; }

im using cronus's facebook login/register mod on my website if you wanna take a look ,.. http://www.modernearth.co.uk

yeah mine seems to work,. its not how i would like it style wise but it is working,.. whats going wrong with it ???

oh yeah didnt think about that :p,. slipped my mind

i can agree on that,. not that ive paid him for any services,. but has offered me coding for prices,. which wernt really needed as i had better coders on hand,.

well basically,. im guessing your power bar shows the ammount of power the weapon item is capable off now to have a bar wouldnt you need a maximum power allowance to have set percentages for the bars ?? i did not realise there was a set maximum in the power allowance for a weapon item,. ive just thought with mccodes the higher the number the stronger it would be... but to be honest i havnt really made to many items in mccodes before,. always wrote a list and got someone else to do it for me,. seems to time consuming sometimes,. but that doesnt mean that i cant organize a script to look a certain way when being accessed through different web browsers,,.

i like it,.. but i would suggest a new colour for the bars as coldblooded suggested,. ive always preferred my menu on the left hand side aswell,. but thats me apart from that,. looks pretty neat

but also,. people like dragon blade charge for anything that anyone wants done by him,.. have you considered that ??

i didnt know that the power on items had a maximum lool,. but he wasnt asking for a power bar,. he was asking for re-organization and neatening of the script,. that has nothing to do with the bars but would need the script for it if he also wanted that included,. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   and the bars to show the power of an item

seker,. could have made $5 man

if you have already got the scripting for the power ill make that inventory for yuh,. aslong as you have the power bar script,. cos i dont have that, and not sure but your making me think if mccodes, when you make attack items is there maximum for attack and defense ??

Also lines : 17 through to 53 ,.. they're not in a table,. either close the table before line 17 or in the if statements include it into the tables and work out your colspan's and rowspans for those table cells,. ill complete your script for you for a price or some sort of arangement,.. im not spending time onit for nothing back,. but ive helped you enough to figure it out yourself :)

line 6: missing </th> & </tr> line 13: missing </tr> lines 14, 15 & 16: missing </td> im not going to go into it all,. but its missing loads of code which is confusing the fuk out of the browser lool,. re-read through your script and tie up the ends ;) there's commands started and not finished,.

Im not sure what you mean rockwood ,. can you give me an example,. ??,. and my post after this would this be a working script ?? i havnt got a second paypal to test this out with

maybe you could have different hourly rewards for different levels,. if$ir level 10 rand $500 - $3000 if$ir level 20 rand $3000 - $10000 etc,. just an example

so do i replace this   $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30);   With This   $header .= "POST /cgi-bin/webscr HTTP/1.1\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Host: www.paypal.com\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n"; $header .= "Connection: close\r\n\r\n"; $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);   and replace this if (strcmp ($res, "VERIFIED") == 0) {   with this if (strcmp (trim($res), 'VERIFIED') == 0) {   ?? what are these for $site_id = $_POST['custom']; $custom = $_POST['custom'];

so what do i do do i add that in place off my ipn_donator.php i really need some help with this,. im using cronus's donator mod,.. could somebody recode this for me please   <? //------------------------------------------------ //Mod created by Cronus. //You can find more of his mods for sale //and join his MCCode developers community here: //http://www.cronwerks.com/forum //------------------------------------------------ $primarypaypal="[email protected]"; $currency="GBP"; include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; require 'global_func.php'; $set=array(); $settq=$db->query("SELECT * FROM settings"); while($r=$db->fetch_row($settq)) { $set[$r['conf_name']]=$r['conf_value']; } // read the post from PayPal system and add 'cmd' $req = 'cmd=_notify-validate'; foreach ($_POST as $key => $value) { $value = urlencode(stripslashes($value)); $req .= "&$key=$value"; } // post back to PayPal system to validate $header .= "POST /cgi-bin/webscr HTTP/1.0\r\n"; $header .= "Content-Type: application/x-www-form-urlencoded\r\n"; $header .= "Content-Length: " . strlen($req) . "\r\n\r\n"; $fp = fsockopen ('www.paypal.com', 80, $errno, $errstr, 30); // assign posted variables to local variables $item_name = $_POST['item_name']; $item_number = $_POST['item_number']; $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; $txn_id = $_POST['txn_id']; $receiver_email = $_POST['receiver_email']; $payer_email = $_POST['payer_email']; if (!$fp) { // HTTP ERROR } else { fputs ($fp, $header . $req); while (!feof($fp)) { $res = fgets ($fp, 1024); if (strcmp ($res, "VERIFIED") == 0) { // check the payment_status is Completed if($payment_status != "Completed") { fclose ($fp);die(""); } // check that txn_id has not been previously processed // check that receiver_email is your Primary PayPal email if($receiver_email != $primarypaypal) { fclose ($fp);die(""); } // check that payment_amount/payment_currency are correct if($payment_currency != "GBP") { fclose ($fp);die(""); } // parse for pack $packr=explode('|',$item_name); if(str_replace("www.","",$packr[0]) != str_replace("www.","",$_SERVER['HTTP_HOST'])) { fclose($fp); die(""); } $meki=$db->query("SELECT * FROM dpacks WHERE id={$packr[1]} AND active=1"); if($db->num_rows($meki) == 0) { fclose($fp); die(""); } else { $r=$db->fetch_row($meki); } $total=$r['price']*$packr[2]; if($total != $payment_amount) { fclose($fp); die(""); } // grab IDs $buyer=$packr[3]; $number=$packr[2]; // all seems to be in order, credit it. $time=time(); $db->query("INSERT INTO dplogs VALUES('','$buyer',{$r['id']},'$number','$time', '$payment_amount')") or die(mysql_error()); $db->query("UPDATE users SET donated=donated+$payment_amount WHERE userid={$r['id']}"); $db->query("UPDATE users SET donated=donated+$payment_amount WHERE userid=1"); if($r['bogo'] > 0) { $add=floor($number/$r['bogo']); $number=$number+$add; } $db->query("INSERT INTO inventory VALUES('',{$r['id']},'$buyer','$number')",$c) or die(mysql_error()); // process payment event_add($buyer, "Your donation has been successfully credited to you. Thank you for your support.", $c); event_add(1, "ID $buyer has purchased $number {$r['name']}(s) for $$payment_amount.", $c); } else if (strcmp ($res, "INVALID") == 0) { } } fclose ($fp); } ?>