a_bertrand

I saw some post of those people... thanks for sharing your knowledge, as this may help some people here. I made the post sticky.

2 things: 1) there will be only one backup, as new one will overwrite old one. I prefer to keep old backups for a while. 2) Doing the gzip directly from the pipe slows downs the mysqldump and therefore takes more time with locked tables. I would suggest to do it in 2 steps. Here is what I do: #!/bin/sh filename=`date '+/[backup_dir]/%d_%m_%Y.sql'` rm -f "$filename.gz" mysqldump -u[user] -p[pass] [dbname] --add-drop-table > $filename gzip $filename   Now replace [backup_dir] with your directory where you want the backup files replace the[user] with the DB username replace the [pass] with the DB password replace the [dbname] with the DB name

Here you are, if you have photoshop it's certainly not an hard work took me 3 min.

Not bad, but talk basically on the chat / community but not on the game content itself... which is also why people would play a game :whistling:

This part hurts me:   ob_start(); include_once($fetch_url); $page = ob_get_contents(); ob_end_clean();   First of all, retreiving content with an include, means it could run whatever code as if it found the <?php ?> tags it will be run on your site! Also, the quickest way to retrieve content from another page would be:   $page=file_get_contents($fetch_url);   Now if you need more control over the HTTP protocol you can use the curl library or even the sockets directly but this is kinda overkill.

I wonder how you would have the money to pay the players... but well good luck with your project!

You have basically 2 solutions: 1) You store the last time somebody requested a page (or the last time you gave the money), and if it's over the period you want to give, then you will divide the time by the period, and give X times the money, and store the remaining unused time in the time field. (Not sure I'm really clear here :P) 2) Second solution (and honestly not the smartest one), you use a cron which add money every X min to your players. However this will use CPU and DB even for players inactive.

I checked. First of all it looks more a mix between Javascript and Python than C, and second, works only on linux and mac osx. Honestly, I don't see the need of "yet another language" unless they come up with a huge library like Microsoft did with .NET Also from the design, like you cannot define operators and others, honestly that would not be the language I would prefer, but that's me... Let's see if something grows around it...

There is no definitive solution, however you could have a "step id" on the url, and if already had it the user will loose, same with other hidden fields or similar. However the smartest way to handle it, is that if you reload nothing happen.

Can you give us an example or two of websites you did beside your own one?

you have [mysql]game_consoles.id='game_data.platform_id'[/mysql] This means that game_consoles.id will check for a string which is game_data.platform_id. I doubt this is what you want, so try to remove the quotes around game_data.platform_id and it should work.

Try the query within phpMyAdmin and see it works there, that's the easiest way to debug a query.

I quickly tested the demo myself, I found it interesting, and the art very well done (specially for an open source project). However the map is REALLY slow, and really painful to use.

Welcome back ;-)

You may also use something derived from my "BBCode" or HTML cleaner here: A simple BB code support as well as filtering the HTML It ensures that only some tags are accepted and those tags with only the defined parameters.

Haunted Dawg: Yep sorry should be "stripslashes" and not "stripslash"... my mistake :rolleyes:. For the mysql_escape_string, it will be still valid up to PHP 6.0 but you are right you should use mysql_real_escape_string if possible instead. And... again I simply typed something out of memory without checking right as it cannot be mysql_real_escape (as Zerro-Affect pointed out) but mysql_real_escape_string. Sorry for those oddies. Zero-Affect: Personally I don't care how Nyna was handling the job before me. People here are either new in the field, or too lazy to check back, so pointing out EXACTLY what's wrong is the way I choose to help. Of course if I can point out to some past thread or some articles from complex things I will do it. Still, I believe that a clear answer is better than simply "hey it is not safe". Also, a simple stripslashes and then addslashes is not the same as using mysql_real_escape_string, also, addslashes may work only on some databases and not on others and doesn't seems to cover all the issues even for MySQL: quoted from the PHP mysql_real_escape_string manual "This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. "

Zerro: You can open and close the PHP tags as many times as you want inside your files and whatever is outside the tags will simply be printed out like inside an echo, so it's certainly not a bad idea to close the tag to just have some static HTML.

around line 34 you have this: { .... }   Well sorry but that will simply not work. Also your { counts doesn't seems to match the } and finally... your script does nothing beside checking for all kind of problems. I mean, it will never create an account unless you write the account information on a database or something similar.

Well making templates or skins is not something you do in 5 min nor learn in 15 min. You will have first to come with some design idea and you can then try them on paper, yes really just plain old paper and pen. Draw your template there, and check how it will look like, then once you are happy with the places of the things, start drawing / composing your template with photoshop. This will require more or less knowledge on photoshop depending of how complex the template design is. Finally you will have to cut this single image in parts and make it work via HTML / CSS / JS. Finally once this is done, you need to code it into your engine, and make the engine produce the wished HTML. So as you see there is multiple "passes" or "phases" in designing a template, and therefore it will take time to master them all. Also this makes difficult to find simple tutorials about how to make them. Now if you have specific questions about a single thing, then maybe we can help you more.

Sorry but this made me jump. I don't know how you program, but 2500 lines per hours seems way off. Even for the best of the best out there. Unless of course the 2500 lines are copy / paste from old codes or things like that. Still, 65$ to go through all the McCode and find all the hacks is nothing. I would personally charge nothing less than 100$ per hour of work, and I'm sure it would cost me something like at least a good day to go through it. Now of course 800$ to secure a code which cost 200$ is insane. And don't worry I'm not working as outsourcer. Yet if you think about the following: - If you sell a code multiple time, the real cost of the code is actually split over the number of sales. - If you need to work on a custom made code, you cannot do the same trick and the customer will pay the full cost. Now if you tell me that you will reuse your own sources to replace McCode with your own modified things, then of course it could be cheaper. But yet 20$ seems really cheap, as it doesn't seems such a small work overall.

Sorry Zero but your suggestion is by NO WAY more secure. To all: any string saved in the DB MUST be correctly quoted, and the automatic slashing of PHP will be by default disabled in future version and is already disabled on many websites. So, relying on this is not an option. The solution is to use mysql_real_escape for all the strings, and for number either use a sprintf with a %d or force the unknown type to a number with something like ($_POST["myval"]+0) which will returns either a 0 if it's some sort of string or the number. For this query this would be a real solution: $db->Execute("UPDATE users SET username = '".mysql_real_escape(stripslash($_POST['newname']))."', display_pic= '".mysql_real_escape(stripslash($_POST['newpic']))."',forums_avatar= '".mysql_real_escape(stripslash($_POST['forums_avatar']))."' .....   I don't continue as you can understand from this how it should go on :rolleyes:

Would be great that you post the reasons why such mod is not secure then, as just saying you could take control over a site is too easy if you don't really offer any solution.

Nope the and (&&) is correct here. The only reason why it would show only a few of the directory is file / directory access rights. Beside that I don't see any other issues.

ok I saw you said only made in HTML... then NO you cannot include any other HTML inside HTML. The tag you shown is called SSI (server side includes) and will only work if your host is configured to accept them. Honestly I don't use them since ages.

Attacking back an hacker is certainly not smart ;) and would put the person attacking in troubles. Not a forum where somebody wrote a number on it. Also even if you provide what you think is the correct IP for a person, honestly it doesn't mean much as anybody could use proxies or other things to actually hide the real IP. Finally, an IP is like a telephone number, you could write up a random number and you have an high chance to find somebody, is just the number sensitive? No, but if you give phone number AND name, then yes. Also, if you are so convince that just an IP is a sensitive information, then try to find a law article about it. I did searched the net and found nothing about privacy and IP. Here is some of my own results: http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2244 http://www.theregister.co.uk/2008/01/22/eu_ip_numbers_personal/ http://www.huntonprivacyblog.com/2009/07/articles/online-privacy/washington-court-rules-that-ip-addresses-are-not-personally-identifiable-information/ So basically IP doesn't seems to be related to "Personally Identifiable Information" and therefore are not covered by privacy laws. Of course now if you link the IP with the real name of a person things change. But this wasn't the case. So warn that somebody did something wrong while using a certain IP, well sorry but this is certainly NOTHING again any of the current laws I saw.