a_bertrand

Don't you use PHP? If yes then you can do an "include 'myfile.html';" inside the PHP files. Also if you are using McCode, I think there is one or more files which are called already everytime, so include it there.

Nice review, thanks for your hard work!

Having file extensions or not or using query strings or not will not really change how professional a website will look like. I had a chat the other day with some people and they was trying to convince me to hide query string by making some fake path and filename, when I asked why? They answered well it looks better, it's for the SEO, looks more professional and something like "I will not go to a website which use querystrings and don't have a nice URL". Somehow the discussion stopped when I asked if they use google as google uses querystrings. Now, honestly, how much a website look professional or not, DOES NOT depends on the URL. Actually most people don't even watch the URL line and it doesn't have any impact about visits, search engines or whatever else. This is so true, that I still have a lot of question on my own website asking what do I use to make the game, odd the url state clearly a "nbase.php", I would then think that people know that this .php file means it's using PHP under, right? Well they don't look at it. Don't even answer me that the 2% "web developers" (random number) out there do know and you are doing it for those, as whatever small percent of web developers exists don't make the market. If you remove the extensions, fine, you do it for you as you find it more cool to not see the URL, but don't expect it will actually have any real impact out there. Spend more time on the content of your website, the look of your pages, the usability, etc. That will have lot more effects and this is what makes a website professional or not, not the URL.

Choose a free host, and then register. If you do not manage this simple step, then you should wonder if you may manage to run a game. Honestly this is really something simple and doesn't requires our help: http://www.0php.com/free_PHP_webhosting.php So for once start working a bit by your own ;)

There is a lot of tricks here in this forums to avoid SQL injections and other XSS, I would suggest you to use our search tool and then in case come back if you didn't found those. Of course another possibility is to ask someone to do it for you.

As I said before, IP doesn't seems to fall under most privacy laws as anyhow you could "find" IP by just guessing them. Specially if you don't put any real name near the IP.

Kirk: as said, install on your own PC xampp and you will have ALL what you need. Or find a free hosting but that will be for sure lot more complex.

All depends of who did the original art. I mean, if he did all by himself, then the 40$ are nothing. If those are "cliparts" or even worse taken from site without permissions then yes it's not worth 40$ Even if personally I do like the overall result. Even if the images don't match their style (like the top right one with the left guy).

yes you would need to.

To help some of you to find names for NPC or even player names, we worked a bit on a name generator: http://www.playerscorner.org/name_generator.php It offers 5 kinds of names: * Real one * Funny * Short * Medium * Long Beside the real names (taken from a DB of over 5000 names) everything else is generated randomly (with more or less success). Each time you reload the page a new set of names will be shown and you can pick any of those. Be sure to reload a few times as even the syllabus used to compose the random names are taken from multiple "dictionaries" to make really different names. Some may have more english / german sounds where others my have more latin sounds even if the names don't look neither of those at the end. We may try to improves them while offering more options or having known suffix and such, all depends of how much of interest there is in such tools.

Check this: http://www.webmasterworld.com/forum88/4186.htm However using sessions which last that long is not smart. Think that for each session the server will create normally a temporary file (unless you use DB sessions), the longer the session last the more file you will find on your server. As the files are created in /tmp and most linux server do have an automatic /tmp cleaner, you may get in troubles when the cleaner will delete the session file. So either you will run out of disk space (unlikely unless you have small quotas) or the cleaner will go there and delete the file PHP is relying on as nobody used the file since long enough. If you want to have a login which works for a long time, I would drop the session mechanism all together, and use instead a simply cookie to authenticate the player. You will need however to change all the mechanism used right now which was using the session to something else.

No it doesn't help security. You could also make it work as they was html files, but again no change in security. Maybe your players would wonder what makes your script works, but does that really matter?

thanks for the good review ;)

The most difficult part was to have automatic links for URLs written within the text. Should all work, maybe there is some cases not covered. I could less preg_replace functions by feeding it with arrays of expressions and replacement, but thought it would be a bit more readable like that.

Here is a simple way (could be written differently) to avoid HTML / JS injections and at the same time support (some of) the BB tabs:   function view_bb($desc) { $desc=nl2br($desc); $desc=preg_replace("/<ul>/i","[uL]",$desc); $desc=preg_replace("/[list=1]/i","[OL]",$desc); $desc=preg_replace("/<center>/i"," [center]",$desc); $desc=preg_replace("/<\\/[ ]*center>/i","[/center] ",$desc); $desc=preg_replace("/<\\/[ ]*ul>/i","[/uL]",$desc); $desc=preg_replace("/<\\/[ ]*ol>/i","[/OL]",$desc); $desc=preg_replace("/[*]/i","[LI]",$desc); $desc=preg_replace("/<\\/[ ]*li>/i","[/LI]",$desc); $desc=preg_replace("/<\\/[ ]*a>/i","[/A]",$desc); $desc=preg_replace("/<br[ \\/]*>/i","[bR]",$desc); $desc=preg_replace("/[b]/i","[b]",$desc); $desc=preg_replace("/<\\/[ ]*b>/i","[/b]",$desc); $desc=preg_replace("/[b]/i","[b]",$desc); $desc=preg_replace("/<u>/i","[u]",$desc); $desc=preg_replace("/<\\/[ ]*i>/i","[/u]",$desc); $desc=preg_replace("/ /i","[P]",$desc); $desc=preg_replace("/<\\/[ ]*p>/i","[/P]",$desc); $desc=preg_replace("/<s>/i","[b]",$desc); $desc=preg_replace("/[b]/i","[b]",$desc); $desc=preg_replace("/<\\/[ ]*s>/i","[/b]",$desc); $desc=preg_replace("/<\\/[ ]*strong>/i","[/b]",$desc); $desc=preg_replace("/[i]/i","[i]",$desc); $desc=preg_replace("/<\\/[ ]*i>/i","[/i]",$desc); $desc=preg_replace("/<\\/[ ]*font>/i","[/font]",$desc); $desc=preg_replace("/<font size=([\\+\\-0-9]*)>/i","[font SIZE=\$1]",$desc); $desc=preg_replace("/<font color=[ ]*(\\\")?([\\#0-9A-Za-z]*)(\\\")?>/i","[font COLOR=\$2]",$desc); $desc=preg_replace("/<font size=([\\+\\-0-9]*) color=[ ]*[\"]{0,1}([\\#0-9A-Za-z]*)[\"]{0,1}>/i","[font SIZE=\$1 COLOR=\$2]",$desc); $desc=preg_replace("/<font color=[ ]*[\\\"]?([\\#0-9A-Za-z]*)[\\\"]? size=([\\+\\-0-9]*)>/i","[font SIZE=\$2 COLOR=\$1]",$desc); $desc=preg_replace("/<a href\\=[\"]{0,1}([a-zA-Z0-9\\.\\-_:@%\\/\\;\\$\\(\\)~\\?\\+\\\\&]*)[\"]{0,1}>/i","[A HREF=\$1]",$desc); $desc=str_replace(array("<",">"),array("<",">"),$desc); $desc=str_replace(array("[OL]","[uL]","[/uL]","[LI]","[/LI]","[/A]","[bR]","[b]","[/b]"," [center]","[/center] ","[/font]","[P]","[/P]","[i]","[/i]","[u]","[/u]"),array("[list=1]","<UL>","[/list]","<LI>","</LI>","</A>"," ","[b]","[/b]","<CENTER>","</CENTER>","</FONT>"," ","</P>","[i]","[/i]","<U>","</U>"),$desc); $desc=preg_replace("/\\[font SIZE\\=([\\+\\-0-9]*)\\]/","<FONT SIZE=\$1>",$desc); $desc=preg_replace("/\\[font COLOR\\=([\\#0-9A-Za-z]*)\\]/","<FONT COLOR=\$1>",$desc); $desc=preg_replace("/\\[font SIZE\\=([\\+\\-0-9]*) COLOR\\=([\\#0-9A-Za-z]*)\\]/","<FONT SIZE=\$1 COLOR=\$2>",$desc); $desc=preg_replace("/\\[A HREF\\=([a-zA-Z0-9\\.\\-_:@%\\/\\;\\$\\(\\)~\\?\\+\\\\&]*)\\]/","<A HREF=\$1 TARGET=_blank>",$desc); $desc=preg_replace("/\\[img width=([0-9]+)\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$2\" BORDER=0 WIDTH=\$1>",$desc); $desc=preg_replace("/\\[img width=([0-9]+) height=([0-9]+)\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$3\" BORDER=0 WIDTH=\$1 HEIGHT=\$2>",$desc); $desc=preg_replace("/\\[img height=([0-9]+) widht=([0-9]+)\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$3\" BORDER=0 WIDTH=\$2 HEIGHT=\$1>",$desc); $desc=preg_replace("/\\[img\\](.+)\\[\\/[ ]*img\\]/i","<IMG SRC=\"\$1\">",$desc); $desc=preg_replace("/\\[url\\](.+)\\[\\/[ ]*url\\]/i","<A HREF=\"\$1\">\$1</A>",$desc); $desc=preg_replace("/([^\"^'^=](http|https):\\/\\/[a-zA-Z0-9\\.\\-_:@%\\/\\;\\$\\(\\)~\\?\\+\\\\&]*)/","<A HREF=\"\$1\" TARGET=_blank>\$1</A>",$desc); return $desc; }   To use it echo view_bb("This is [b]MY[/b] BB code tool<div onClick='alert(1)'>will not work!</div>");

paint.net is free: http://www.getpaint.net/

Just something which came to my mind. If $_GET["ID"] is not a number, then putting it into a sql like: $db->query("INSERT INTO fedjail VALUES('',{$_GET['ID']}, 300, $userid, 'Hack Attempt')"); Is certainly bad. So replace with: $db->query("INSERT INTO fedjail VALUES('',".($_GET['ID']+0).", 300, $userid, 'Hack Attempt')");

http://www.webmasterworld.com/forum40/1303.htm

If you filter correctly the input yes. That means, for example, that you don't allow HTML with some JS to be displayed, or you don't allow IFRAMES etc...

I doubt the question mark will work in a cron as it will be expanded by shell (as if I remember right it's a special character). So if you need to pass parameters it's with a space, and then you need to parse the thing by hand. Second solution is use wget to actually "load" a php from apache, then you must remember to trash the result otherwise you will fill your space with all sort of junks.

Kirbygamemaker: we pointed you already to some tutorial isn't it? Well that's the only way you will really learn unless you go to a school.

You may send an email to yourself with a BCC to many users at the same time, and then it's up to the mail sever to dispatch it. So on your side it will be quick but will not be much faster on the end user.

True game owners are at the mercy of the reviews. However I doubt game owners pay the reviews. Normally reviews are payed either by a fee asked to players to get access to the journal or e-zine or by adverts inside such things. Reviews for a game owner are normally free beside maybe a copy of the game to the journalists and some materials like in game screenshots or movies premade for them. For our collaboration let me prepare something and I will send you more details tomorrow. Of course we will be fair, and you should not see much difference with what you ask now.

First of all, I must say I do appreciate review websites, now if I may comment on your project, I must say that a few points come to my mind: - Why would a game owner (or yet more even a player) pay you for a review? Specially if the review could actually be a negative review. I do understand that you are offering a service, and it takes you time, but I don't directly see the advantages for a game owner to get a review with may actually put in shadow his game. Also as some others pointed out, you cannot guarantee any number of visits coming from your site. So basically you are offering a service (a good one) but without any gain for the owner. Or an hypothetical one once you get a lot of traffic. - Having your reviews put inside a blog means it will be easy to spot new one, but very hard to find older one unless we use some search or search engine. You would need instead to organize them in directories, and that would work much better. - As we (me and MDShare) are setting up (slowly) a game directory and we was thinking of having game reviews offered on it, I would be interested in some collaboration (payed of course). However 30$ per review seems a bit high right now, where 10$-20$ would be doable. We could actually give you a bunch of games to review, and pre-pay them if you allow to post them on our site. Of course you are free to post the review as well on your website. Actually if you are interested it could be a semi-fix position where you are payed monthly for a fixed number of reviews (like one or 2 per week). This position apply to any other candidate. This kind of scheme where a site pay you seems more fair for both the game owner and for you, as you may then review them in a neutral way without the fear to make people unhappy as they payed you.

The goal would be like having mc-code light running inside phpBB. Now how that will work, no clues ;)