Analog

Nice work!!! Might add a logging system to it, just in case it falls into the wrong hands...

You could try a simple function to check the last time that a user posted to the forums. Here is a little function you could call in the forum code that should do the trick. function stop_spam($poster) { global $db; //Time Limit in second $PostLimit = 30; $q = $db->query("SELECT fp_poster_id FROM fourm_posts WHERE fp_time > fp_time - $PostLimt AND fp_poster_id = $poster"); if($db->num_rows($q)) { echo "Sorry, you can only post once every $PostLimit seconds."; exit; } }   This is untested, so may need tweaked some

The concept sounds good, sounds like it would be easily adaptable to other uses... Ex... "Biggest Loser" --- basically your mod in reverse, instead of wins it uses losses.. Could you setup a demo account for users to see it in action. Screen shots are also helpful... Most people wont sign up for your game just to have a look at a mod...

Line 31 event_add($_POST['ID'],"[url='viewuser.php?u=$userid']{$ir['username']} [{$ir['userid']}][/url] You have lost! </a>   Your event_add function call is not closed...   event_add($_POST['ID'],"[url='viewuser.php?u=$userid']{$ir['username']} [{$ir['userid']}][/url] You have lost! </a>",$c);

Good point, as users can shut off js! It was the only thing that came to mind. A "timeout" function would probably be best, as suggested by a_bertrand. Something like after xx seconds of last known action then change "lock"

providing the user has js on... could you use on unload command?

Just take some time to plug in some numbers to figure out what you want your settings at.. This is for 50%, assuming your player has 100 will and is level 1 ((WILL*0.8)/1.75)+(LEVEL * 5) with 100 will and level 1 this equals (rounded) 50.7143

This is an add on for the gang system created by Floydian (Gang Replacement) With this add on all gangs start in a passive mode in which they can not war or have war declared on them. Once the leader/pres decides, they can choose to enter an aggressive mode. However, once they enter the aggressive mode, they can not return to the passive mode. Installation: 1 file, 1 sql, and 2 files to edit First run this sql ALTER TABLE `gangs` ADD `gangSTATUS` INT( 1 ) NOT NULL DEFAULT '1'   Then the file you will be adding. It will be saved to /gangs/plugins/private/ gang_status.php   <?php /** * @name gang_status.php * @author TwiztedFake * @version 1.0.0 * @copyright All rights reserved by TwiztedFake 2010 * All rights reserved. No piracy is permitted. Use this file at your own risk. * There is no warrenty, and the author assumes no liability. ALTER TABLE `gangs` ADD `gangSTATUS` INT( 1 ) NOT NULL DEFAULT '1' */ if (!defined('GANG_MODULE')) { return; } $gvars->actions += array( 'sgang_status' => 'sgang_status', 'sgang_status_update' => 'sgang_status_update', ); $gvars->links_staff += array( 'sgang_status' => array( 'label' => 'Status', 'order' => 11 ), ); function sgang_status() { global $gvars; if (!gang_auth_all($gvars->userid, array('pres', 'vice'))) { echo "<h3>You are not authorized to access this portion of the staff panel.</h3>"; gang_go_back('yourgang.php'); return; } if($gvars->data['gangSTATUS'] == 1) { echo " <h2>Gang Status</h2> <p style='width: 450px; text-align: left;'>Your gang is currently in a passive state thus excluding it from any warring. You may change your gangs status to aggressive at any time. However, once you enter an aggressive state, your gang can not return to a passive state. Once you put your gang in the aggressive state you are able to declare war against other gangs and other gangs can declare war against you. During a war, if your gang losses all of its respect, the gang will be lost. Every thing stored in your gangs vault will be lost (money, crystals, items).</p> [b]To enter aggressive state, just click the button below.[/b]</p> <form action=\"yourgang.php?action=sgang_status_update\" method=\"POST\"> <input type=\"submit\" value=\"Go Aggressive\" /> </form>"; } else { print " [b]Your gang is in an aggressive state and can not be changed[/b]"; } } function sgang_status_update() { global $gvars; if (!gang_auth_all($gvars->userid, array('pres', 'vice'))) { echo "<h3>You are not authorized to access this portion of the staff panel.</h3>"; gang_go_back('yourgang.php'); return; } mysql_query("UPDATE gangs SET gangSTATUS = 2 WHERE gangID = {$gvars->data['gangID']}"); echo "<h2>Your gang is now in an aggressive state.</h2>"; }   Open file gangs/plugins/private/gang_staff.php Find function sgang_war() { global $gvars;   Replace that entire function with the following function sgang_war() { global $gvars; if (!gang_auth_all($gvars->userid, array('pres', 'vice'))) { echo "<h3>You are not authorized to access this portion of the staff panel.</h3>"; gang_go_back('yourgang.php?action=sgang_home'); return; } $gang_list = array(); $q_get = sprintf('select gangID, gangNAME from gangs where gangID != %d AND gangSTATUS = 2 order by gangNAME', $gvars->ir['gang']); $q_get = mysql_query($q_get); if ($q_get and mysql_num_rows($q_get) > 0) { while (list($gang_id, $gang_name) = mysql_fetch_row($q_get)) { $gang_list[$gang_id] = $gang_name; } } // warID, warDECLARER, warDECLARED, warTIME <<< gangwars // surID, surWAR, surWHO, surTO, surMSG <<< surrenders $war_list = ''; $war_ids = array(); $q_get = sprintf('select w.warID as war_id, ga.gangID as us_id, ga.gangNAME as us_name, gb.gangID as them_id, gb.gangNAME as them_name, a.surID as us_sur_id, a.surMSG as us_sur_msg, b.surID as them_sur_id, b.surMSG as them_sur_msg from gangwars as w left join surrenders as a on w.warID = a.surWAR and w.warDECLARER = a.surWHO left join surrenders as b on w.warID = b.surWAR and w.warDECLARED = b.surWHO left join gangs as ga on w.warDECLARER = ga.gangID left join gangs as gb on w.warDECLARED = gb.gangID where %d in (warDECLARER, warDECLARED)', $gvars->ir['gang']); $q_get = mysql_query($q_get); if ($q_get and mysql_num_rows($q_get) > 0) { while ($row = mysql_fetch_assoc($q_get)) { if (is_null($row['us_id']) or is_null($row['them_id'])) { $q_del = sprintf('delete from gangwars where warID = %d', $row['war_id']); mysql_query($q_del); continue; } if ($gvars->ir['gang'] == $row['us_id']) { $war_ids[$row['them_id']] = $row['them_id']; } else { $war_ids[$row['us_id']] = $row['us_id']; } $us_p = gang_get_gang_link($row['us_id'], $row['us_name']); $them_p = gang_get_gang_link($row['them_id'], $row['them_name']); $surrender = "No"; $surrender_msg = "N/A"; $surrender_accept = "<td colspan=\"2\">N/A</td>"; $surrender_accept = sprintf(' <td colspan="2" class="ygang_menu"> [url="yourgang.php?action=sgang_war_surrender&war_id=%d"]Offer Surrender[/url] </td>', $row['war_id']); if ($row['us_sur_id']) { $surrender = $us_p; $surrender_msg = $row['us_sur_msg']; if ($gvars->ir['gang'] != $row['us_id']) { $surrender_accept = sprintf(' <td class="ygang_menu"> [url="yourgang.php?action=sgang_war_accept&sur_id=%d"]Accept[/url] </td> <td class="ygang_menu"> [url="yourgang.php?action=sgang_war_decline&sur_id=%d"]Decline[/url] </td> ', $row['us_sur_id'], $row['us_sur_id']); } else { $surrender_accept = ' <td colspan="2"> N/A </td>'; } } if ($row['them_sur_id']) { $surrender = $them_p; $surrender_msg = $row['them_sur_msg']; if ($gvars->ir['gang'] != $row['them_id']) { $surrender_accept = sprintf(' <td class="ygang_menu"> [url="yourgang.php?action=sgang_war_accept&sur_id=%d"]Accept[/url] </td> <td class="ygang_menu"> [url="yourgang.php?action=sgang_war_decline&sur_id=%d"]Decline[/url] </td> ', $row['them_sur_id'], $row['them_sur_id']); } else { $surrender_accept = ' <td colspan="2"> N/A </td>'; } } $war_list .= sprintf(' <tr> <td> %s </td> <td> %s </td> <td> %s </td> <td> %s </td> %s </tr>%s ', $us_p, $them_p, $surrender, $surrender_msg, $surrender_accept, "\n"); } } $potential_wars = array_diff_key($gang_list, $war_ids); $potential_war_list = ''; foreach ($potential_wars as $key => $value) { $potential_war_list .= <<<EOT <option value="$key">$value</option>\n EOT; } echo <<<EOT <h2>War Management</h2> <table> <tr> <th> Declarer </th> <th> Declared </th> <th> Surrendered? </th> <th> Surrender Msg </th> <th colspan="2"> Surrender Links </th> </tr> $war_list </table> <p class="bold center">Declare War</p> <form method="post" action="yourgang.php?action=sgang_war_declare"> <table style="width: 220px"> <tr> <th> Declare war on: <select name="gang_id"> <option value="0">Select one...</option $potential_war_list </select> </th> </tr> <tr> <th> <input type="submit" value="Declare"> </th> </tr> </table> </form> EOT; }   Next Find function sgang_war_declare() { global $gvars;   Replace entire function with the following function sgang_war_declare() { global $gvars; if (!gang_auth_all($gvars->userid, array('pres', 'vice'))) { echo "<h3>You are not authorized to access this portion of the staff panel.</h3>"; gang_go_back('yourgang.php?action=sgang_home'); return; } if($gvars->data['gangSTATUS'] != 2) { echo "<h3>You can not declare war while the gang is in a passive state.</h3>"; gang_go_back('yourgang.php?action=sgang_home'); return; } if (!isset($_REQUEST['gang_id']) or intval($_REQUEST['gang_id']) < 1) { echo "<h3>Which $gvars->name_sl are you declaring war on?</h3>"; gang_go_back('yourgang.php?action=sgang_war'); return; } $them_id = intval($_REQUEST['gang_id']); $q_get = sprintf('select gangNAME from gangs where gangID = %d', $them_id); $q_get = mysql_query($q_get); if (!$q_get or mysql_num_rows($q_get) < 1) { echo "<h3>The $gvars->name_sl you are declaring war on does not exist.</h3>"; gang_go_back('yourgang.php?action=sgang_war'); return; } list($other_name) = mysql_fetch_row($q_get); $other_p = gang_get_gang_link($them_id, $other_name); $q_get = sprintf('select count(*) from gangwars where %d in (warDECLARER, warDECLARED) and %d in (warDECLARER, warDECLARED)', $gvars->ir['gang'], $them_id); $q_get = mysql_query($q_get); list($has_war) = mysql_fetch_row($q_get); if ($has_war) { echo "<h3>You are already in a war with $other_name.</h3>"; gang_go_back('yourgang.php?action=sgang_war'); return; } //Check for aggresive status $cc = sprintf('select gangSTATUS from gangs where gangID = %d', $them_id); $cc = mysql_query($cc); list($gstat) = mysql_fetch_row($cc); if ($gstat != 2) { echo "<h3>This gang is passive and cannot be warred.</h3>"; gang_go_back('yourgang.php?action=sgang_war'); return; } // warID, warDECLARER, warDECLARED, warTIME <<< gangwars $q_set = sprintf('insert into gangwars (warDECLARER, warDECLARED, warTIME) values (%d, %d, unix_timestamp())', $gvars->ir['gang'], $them_id); mysql_query($q_set); if (mysql_affected_rows() < 1) { echo "<h3>The war could not be declared.</h3>"; } else { echo "<h3>The war has been declared.</h3>"; $us_p = gang_get_profile_link($gvars->ir['userid'], $gvars->ir['username']); $us_gang__p = gang_get_profile_link($gvars->ir['gang'], $gvars->data['gangNAME']); gang_new_event($gvars->ir['gang'], sprintf('%s declared war on %s.', $us_p, $other_p), 'escape'); gang_new_event($them_id, sprintf('%s declared war.', $us_gang__p), 'escape'); } gang_go_back('yourgang.php?action=sgang_war'); }   Save & Close file gang_staff.php Open gangs/plugins/public/gang_list.php Find function gang_list() { global $gvars;   Replace the entire function with the following function gang_list() { global $gvars; // gangID, gangNAME, gangDESC, gangPREF, gangSUFF, gangMONEY, gangCRYSTALS, gangRESPECT, gangPRESIDENT, gangVICEPRES, gangCAPACITY, gangCRIME, gangCHOURS, gangAMENT $where = array(); if (!isset($_REQUEST['letter']) or strlen($_REQUEST['letter']) != 1 or !ctype_alpha($_REQUEST['letter'])) { $letter = ''; $form_letter = ''; } else { $letter = $_REQUEST['letter']; $where[] = sprintf('g.gangNAME like("%s%%")', $letter); $form_letter = sprintf('<input type="hidden" name="letter" value="%s">', $letter); } if (!empty($where)) { $where = 'where ' . implode(' and ', $where); } else { $where = ''; } if (!isset($_REQUEST['offset']) or intval($_REQUEST['offset']) < 1) { $offset = 0; } else { $offset = intval($_REQUEST['offset']); } if (!isset($_REQUEST['limit']) or intval($_REQUEST['limit']) < 25) { $limit = 25; } else if (intval($_REQUEST['limit']) > 100) { $limit = 100; } else { $limit = intval($_REQUEST['limit']); } $q_get = sprintf('select count(*) from gangs as g %s ', $where); $q_get = mysql_query($q_get); list($total_results) = mysql_fetch_row($q_get); $num_pages = ceil($total_results / $limit); $current_page = floor($offset / $limit) + 1; $q_get = sprintf('select gangID as gang_id, gangNAME as name, gangDESC as description, gangPREF as prefix, gangSUFF as suffix, gangMONEY as money, gangCRYSTALS as crystals, gangRESPECT as respect, gangPRESIDENT as president, gangVICEPRES as vice_president, gangCAPACITY as capacity, gangCRIME as crime, gangCHOURS as crime_hours, gangSTATUS as status, gangAMENT as announcement, up.username as pres_name, uv.username as vice_name from gangs as g left join users as up on gangPRESIDENT = up.userid left join users as uv on gangVICEPRES = uv.userid %s order by g.gangNAME limit %d, %d ', $where, $offset, $limit); $q_get = mysql_query($q_get); if (!$q_get or mysql_num_rows($q_get) < 1) { $gang_list = <<<EOT <tr> <td colspan="6"> <h3>No $gvars->name_pl found.</h3> </td> </tr> EOT; } else { $gang_list = ''; while ($data = mysql_fetch_assoc($q_get)) { $respect = number_format($data['respect']); //Status setup if($data['status'] == 2) { $status = "<b style='color:red;'>Aggressive[/b]"; } else { $status = "<b style='color:green;'>Passive[/b]"; } if ($gvars->ir['gang']) { $app_link = ''; } else { $app_link = sprintf('| [url="gangs.php?action=gang_app&gang_id=%d"]Apply[/url]', $data['gang_id']); } $gang_list .= sprintf(' <tr> <td> %1$s </td> <td> %2$s </td> <td> %3$s </td> <td class="right"> %4$s </td> <td class="center"> %7$s </td> <td class="center"> %5$s %6$s </td> </tr> ', gang_get_gang_link($data['gang_id'], $data['name']), gang_get_profile_link($data['president'], $data['pres_name']), gang_get_profile_link($data['vice_president'], $data['vice_name']), $respect, gang_get_gang_link($data['gang_id'], 'View'), $app_link,$status); } } $atoz = range('A', 'Z'); $all_selected = ' selected'; foreach ($atoz as $key => &$value) { if (strtoupper($letter) === $value) { $selected = ' selected'; $all_selected = ''; } else { $selected = ''; } $value = <<<EOT [url="gangs.php?action=gang_list&letter=$value"]$value[/url] EOT; } unset($value); $atoz = implode(' ', $atoz); $page_options = ''; for ($x = 1; $x <= $num_pages; $x++) { $page_offset = $x * $limit - $limit; if ($current_page == $x) { $selected = ' selected="selected"'; } else { $selected = ''; } $page_options .= <<<EOT <option value="$page_offset"$selected>$x</option> EOT; } echo <<<EOT <h2>$gvars->name_su List</h2> <table> <tr> <td> $atoz [url="gangs.php?action=gang_list"]All[/url] </td> </tr> <tr> <td class="center"> <form method="get" action="gangs.php"> $form_letter <input type="hidden" name="action" value="gang_list"> Page Number <select name="offset">$page_options</select> <input type="submit" value="Go"> </form> </td> </tr> </table> <table style="width: 600px"> <tr> <th> $gvars->name_su </th> <th> $gvars->pres </th> <th> $gvars->vice_pres </th> <th> Respect </th> <th> Status </th> <th> Links </th> </tr> $gang_list </table> EOT; }   Find function gang_view() { global $gvars;   Replace entire function with the following function gang_view() { global $gvars; if (!isset($_REQUEST['gang_id']) or intval($_REQUEST['gang_id']) < 1) { echo "<h3>Which $gvars->name_sl are you looking for?</h3>"; return; } $gang_id = intval($_REQUEST['gang_id']); // gangID, gangNAME, gangDESC, gangPREF, gangSUFF, gangMONEY, gangCRYSTALS, gangRESPECT, gangPRESIDENT, // gangVICEPRES, gangCAPACITY, gangCRIME, gangCHOURS, gangAMENT $q_get = sprintf('select g.gangNAME, g.gangDESC, g.gangRESPECT, g.gangPRESIDENT, g.gangVICEPRES, g.gangCAPACITY, g.gangSTATUS from gangs as g where g.gangID = %d', $gang_id); $q_get = mysql_query($q_get); if (!$q_get or mysql_num_rows($q_get) < 1) { echo "<h3>The $gvars->name_sl you selected could not be found.</h3>"; return; } list($gang_name, $desc, $respect, $pres_id, $vice_id, $capacity, $gstat) = mysql_fetch_row($q_get); $desc = nl2br($desc); $pres_name = 'N/A'; $vice_name = 'N/A'; $q_get = sprintf('select userid, username, daysingang, level from users where gang = %d', $gang_id); $q_get = mysql_query($q_get); if (!$q_get or mysql_num_rows($q_get) < 1) { echo "<h3>The $gvars->name_sl you selected does not have any members.</h3>"; _gang_delete($gang_id); return; } $user_list = ''; $member_count = mysql_num_rows($q_get); while (list($them_id, $them_name, $daysingang, $level) = mysql_fetch_row($q_get)) { $profile = gang_get_profile_link($them_id, $them_name); if ($pres_id == $them_id) { $pres_name = $profile; } if ($vice_id == $them_id) { $vice_name = $profile; } $user_list .= <<<EOT <tr class="right"> <td class="left"> $profile </td> <td> $level </td> <td> $daysingang </td> </tr>\n EOT; } if ($gvars->ir['gang']) { $app_link = ''; } else { $app_link = sprintf('<p class="center">[url="gangs.php?action=gang_app&gang_id=%d"]Apply[/url]</p>', $gang_id); } //Status setup if($gstat == 2) { $status = "<b style='color:red;'>Aggressive[/b]"; } else { $status = "<b style='color:green;'>Passive[/b]"; } echo <<<EOT <h3>$gang_name</h3> $app_link <table style="width:400px;"> <tr> <th> $gvars->pres </th> <th> $gvars->vice_pres </th> <th> Members </th> <th> Respect Level </th> <th> Status </th> </tr> <tr class="right"> <td class="left"> $pres_name </td> <td class="left"> $vice_name </td> <td> $member_count </td> <td> $respect </td> <td class="center"> $status </td> </tr> <tr> <th colspan="5"> Description </th> </tr> <tr> <td colspan="5"> $desc </td> </tr> </table> <h3>User List</h3> <table style="width:400px;"> <tr> <th> User </th> <th> Level </th> <th> Days In Gang </th> </tr> $user_list </table> EOT; }

A good staff team. All to often I have came across staff members that forget how to deal with players as people. Its that human interaction I value the most. Even when a player is in the wrong, staff should always be polite and respectful, no matter how childish the players behavior is. Building a reputation of having a staff team that players can relate too, and openly talk to is a valuable commodity to a game.

Secure every file!

Here is a start for ya.. $q = mysql_query("SELECT itmid, minSell, maxSell FROM table"); while($x = mysql_fetch_array($q)) { $sp = rand($x['minSell'],$x['maxSell']); mysql_query("UPDATE table SET sellPrice = $sp WHERE itmid = {$x['itmid']}"); }

I'm not sure how to secure the tag but... With the seasion hi-jacking couldn't you store an accounts host (not IP) at login in a separate table and then check against that to prevent it.

That is sad to see any body have to go through that. I lost my older brother in 1993 due to leukaemia, he was only 15 when he died.

Actually, no it won't. You need to secure every input that comes from a player. Every $_POST, $_GET, $_REQUEST can be compromised.

add this to check if you set the get? if(!$_GET['mail_id']) { print "Error: No variable set"; exit; }   If that stops your code, then the problem is that the link is not passing the variable on to the next function. So you would need to be looking at how the link is built in the view function.

Yeah, I was pretty confident already on the base security especially regarding all the form inputs. Which in turn I completely overlooked the _Get inputs... 1 more update to make, then i think the base should be good.

updated numerous files to filiter incoming url information

Has a run through with crimgame.com this morning on the game. Pointed out some things I may have missed, so going to do a check of all files. Hit him up if you need some security help..

Sleep is always good...

@CrimGame.com - Could you send me details via private messeage with what you found please? @wrx - thanks for the heads up will explore other methods to stop

Game: Chaotic Worlds Stage: Beta Story Line: Futuristic, still working on URL: http://www.chaotic-worlds.net Demo Account Username: demo Password: pass Well, its basically McCodes v2 right now, not much added to it yet. I believe security issues have been taken care of. What I need! I want some people to test it all out. It is open to the public, but need some people with the know how to try and break the system basically. Log in page is temporary. New one is in the works that will flow with the in game layout. General layout of pages is still being done. Has been up for 3 weeks with no glitches thus far. Everything is backed up, so no fear if it gets broke...

/gangs/plugins/private/gang_staff.php

Thanks Pudda... and GRRRR.... didn't realize i was outside of "Free Addons" -- staff move it please, thanks

Forgot the link to buy insurance... Add this where ever you would like to give players the option to purchase home insurance. I'd recommend it be on the estate page somewhere... print "([url='arson.php?action=ins']Purchase Insurance[/url])";

Name: Arson Mod Version: 1.0.0 Game Engine: McCodes V2 Description: This mod allows players to burn down the houses of their opposition. It also allows players to purchase insurance for their house which slows down the burn rate. A rebuild feature is also included to repair the damage from an arson attack. All parts of the code must be used in order for the mod to work correctly. Notes: This mod require the use of 2 items from the game. Preferably the items should be named "Gas Can" and "Matches". You will need to create these items and then set the variables in the configuration settings of arson.php to the item id of those items. Also go through and set the configuration variables to your liking to fit the economy of your game. Any problems, post them here. This is the main file for the arson mod. Create a file with the name arson.php, copy this code and paste it <?php /********************************************************* -- House Arson -- Author TwiztedFake -- [url]http://www.chaotic-worlds.net[/url] -- Version 1.0.0 -- copyright 2010, TwiztedFake and Chaotic-Worlds.net Permission is granted to use and distribute this script without charge. This script can be edited/altered and any edits/alterations are the sole property of the auther of the edits/alterations. The altered script can be sold and distributed so long as a copy of the original script is distributed along with the new script. **********************************************************/ ##################### ## YOUR HEADER CODE## ##################### require "globals.php"; ######################## ## Configuration Settings ## ######################## //Set $ON to turn this feature On/Off, True=On, False=Off $ON = True; // Cash Cost Per Arson Attempt $ArsonCashCost = 1500; // Brave Cost Per Arson Attempt $ArsonBraveCost = 10; //Minimum Burn Time in minutes $MinBurn = 120; //Maximum Burn Time in minutes $MaxBurn = 1440; //Basic Insurance Cost //Can be a flat fee, based on level, or however you would like //based on level would be $InsCost = 250 * $ir['level']; $BasicInsCost = 1500; //Premium Insurance Cost //Can be a flat fee, based on level, or however you would like //based on level would be $InsCost = 250 * $ir['level']; $PremiumInsCost = 2500; //Minimum Hosptial Time $MinHospital = 20; //Maximum Hospital Time $MaxHospital = 120; //Minimum Jail Time $MinJail = 20; //Maximum Jail Time $MaxJail = 120; //Rebuild Cost, this is (cost * will lost) $RebuildCost = 1; //Gas Can Item $Gas = 17; //Matches Item $Matches = 18; //Donators Only? True = yes, False = No $donator = False; ####################### ## The Code Starts Now ## ####################### //Check if feature is open to public if($ir['user_level'] < 2 && !$ON) { print "This feature is not available to the public yet."; $h->endpage(); exit; } //Check if donator only and display error if($donator) { if(!$ir['donatordays']) { print "Sorry, this feature is for donors only."; $h->endpage(); exit; } } //Check hospital and jail status if($ir['hospital'] || $ir['jail']) { print "The arson feature is disabled while in the hosiptal/jail."; $h->endpage(); exit; } //The switch calls the neccesary function for the requested action from the player switch($_GET['action']) { case 'arson': arson(); break; case 'save': save(); break; case 'ins': ins(); break; } //This function does the rebuild after an arson attack function save() { global $h, $db, $userid, $ir, $RebuildCost; $bz = $db->query("SELECT bWILL FROM burn WHERE bUSER = $userid"); if(!$db->num_rows($bz)) { print "Error: please contact staff"; $h->endpage(); exit; } $zz = $db->fetch_row($bz); $cost = ($zz['bWILL'] - $ir['maxwill']) * $RebuildCost; if($ir['money'] < $cost) { print "You don't have enough money to rebuild your house."; $h->endpage(); exit; } $db->query("UPDATE users SET maxwill = {$zz['bWILL']}, money = money - $cost WHERE userid = $userid"); $db->query("DELETE FROM burn WHERE bUSER = $userid"); print "You have rebuilt your house at a cost of $$cost."; $h->endpage(); exit; } //This function starts the arson on a players house function arson() { global $h, $db, $userid, $ir, $ArsonCashCost, $ArsonBraveCost, $MinHospital, $MaxHospital, $MinJail, $MaxJail, $MinBurn, $MaxBurn, $Gas, $Matches; $who = abs((int)$_GET['u']); $q = $db->query("SELECT userid, maxwill FROM users WHERE userid = $who"); //Check for a player if(!$db->num_rows($q)) { print "No player was found with the given ID."; $h->endpage(); exit; } //Check that arsonist has enough cash if($ir['money'] < $ArsonCashCost) { print "You don't have enough cash for supplies."; $h->endpage(); exit; } //Check that arsonist has enough brave if($ir['brave'] < $ArsonBraveCost) { print "Your brave is too low to complete an arson attempt."; $h->endpage(); exit; } $z = $db->fetch_row($q); //Check that player owns a house if($z['maxwill'] <= 100) { print "This player doesn't own a house"; $h->endpage(); exit; } //Check that players house isn't already burnt $bh = $db->query("SELECT bUSER FROM burn WHERE bUSER = $who"); if($db->num_rows($bh)) { print "This players house has already burnt to the ground"; $h->endpage(); exit; } //Check for items (gas can & matches) $inv = $db->query("SELECT iv.*,i.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid WHERE iv.inv_userid={$userid} AND iv.inv_itemid=$Gas LIMIT 1"); if(!$db->num_rows($inv)) { $inv = $db->query("SELECT * FROM items WHERE itmid=$Gas LIMIT 1"); $need = $db->fetch_row($inv); print "You need [b]{$need['itmname']}[/b] to attempt an arson. "; $h->endpage(); exit; } $inv = $db->query("SELECT iv.*,i.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid WHERE iv.inv_userid={$userid} AND iv.inv_itemid=$Matches LIMIT 1"); if(!$db->num_rows($inv)) { $inv = $db->query("SELECT * FROM items WHERE itmid=$Matches LIMIT 1"); $need = $db->fetch_row($inv); print "You need [b]{$need['itmname']}[/b] to attempt an arson. "; $h->endpage(); exit; } $chance = rand(1,100); if($chance < 50) { //Succesful outcome, so lets set the fire $length = rand($MinBurn,$MaxBurn); $db->query("INSERT INTO burn VALUES('$who','$length','{$z['maxwill']}')"); $db->query("UPDATE users SET brave = brave - $ArsonBraveCost, money = money - $ArsonCashCost WHERE userid = $userid"); item_remove($userid,$Matches,1); $show = rand(1,2); if($show == 1) { event_add($who,"Someone set your house on fire"); } else { event_add($who,"[url='viewuser.php?u=$userid']{$ir['username']}[/url] set fire to your house."); } print "You sneak past security and set the house on fire."; $h->endpage(); exit; } else { //Failed, so lets give an outcome $db->query("UPDATE users SET brave = brave - $ArsonBraveCost, money = money - $ArsonCashCost WHERE userid = $userid"); $go = rand(1,2); if($go == 1) { $length = rand($MinHospital,$MaxHospital); $text = "Was badly burnt during an arson attempt"; $db->query("UPDATE users SET hospital = $length, hospreason = '$text' WHERE userid = $userid"); item_remove($userid,$Matches,1); print "You manage to sneak past the security but just as you light the match a car drove by. You dropped the match and caught you pants on fire. You have been sent to the hospital for $length minutes."; $h->endpage(); exit; } else { $length = rand($MinJail,$MaxJail); $text = "Busted during an attempted arson"; $db->query("UPDATE users SET jail = $length, jail_reason = '$text' WHERE userid = $userid"); item_remove($userid,$Matches,1); item_remove($userid,$Gas,1); print "Just when you were about to light the match the cops pulled up. You have been thrown in jail for $length minutes."; $h->endpage(); exit; } } } // This function allows player to purchase insurance on their home which slows the burn rate function ins() { global $h, $db, $userid, $BasicInsCost, $PremiumInsCost; if(isset($_POST['type'])) { $type = abs((int)$_POST['type']); $userid = abs((int)$userid); $cost = ($type == 2) ? $PremiumInsCost : $BasicInsCost; //Check that player has enough money if($ir['money'] < $cose) { print "This insurance cost /$$cost. You don't have enough to purchase it."; $h->endpage(); } $db->query("INSERT INTO insurance VALUES('$userid','$type')"); $db->query("UPDATE users SET money = money - $cost WHERE userid = $userid"); print "You have purchased homeowners insurance for /$$cost"; $h->endpage(); exit; } $q = $db->query("SELECT insUSER FROM insurance WHERE insUSER = $userid"); if($db->num_rows($q)) { print "Sorry, you already have insurance."; $h->endpage(); exit; } print <<<EOF Purchase House Insurance <form action='arson.php?action=ins' method='post'> <select name='type' type='dropdown'> <option value='1'>Basic Homeowners Insurance</option> <option value='2'>Premium Homeowners Insurance</option> </select> <input type='submit' value='Buy Insurance' /> </form> EOF; } print "Error: No action requested!"; $h->endpage(); ?>   This code needs to be added to a cron that runs every minute #################### # Arson Code Start # #################### //Base Damage $BaseDamage = 3; //Basic Insurance Damage $BasicDamage = 2; //Premium Insurance Damage $PremiumDamage = 1; $q = $db->query("SELECT * FROM burn WHERE bTIME > 0"); while($z = $db->fetch_row($q)) { $x = $db->query("SELECT insTYPE FROM insurance WHERE insUSER = {$z['bUSER']}"); if($db->num_rows($x)) { $y = $db->fetch_row($x); if($y['insTYPE'] == 2) { $lost = $PremiumDamage; } else if($y['insTYPE'] == 1) { $lost = $BasicDamage; } else { $lost = $BaseDamage; } } else { $lost = $BaseDamage; } $db->query("UPDATE users SET maxwill = maxwill - $lost, will = will - $lost WHERE userid = {$z['bUSER']}"); } #################### # Arson Code End # ####################   Add this to your viewuser.php or where ever you would like the link to appear. print "[[url='arson.php?action=arson&u={$r[']Arson[/url]] ";   This needs to be added to your estate.php file, add it below the line include "globals.php"; #################### # Arson Code Start # #################### $bz = $db->query("SELECT bUSER FROM burn WHERE bUSER = $userid"); if($db->num_rows($bz)) { print "An arsonist has hit your house. [url='arson.php?action=save']Repair It[/url]"; $h->endpage(); exit; } #################### # Arson Code End # ####################   You will also need to run this sql on your database -- -- Table structure for table `burn` -- CREATE TABLE IF NOT EXISTS `burn` ( `bUSER` int(7) NOT NULL, `bTIME` int(5) NOT NULL, `bWILL` int(11) NOT NULL, PRIMARY KEY (`bUSER`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- -- Table structure for table `insurance` -- CREATE TABLE IF NOT EXISTS `insurance` ( `insUSER` int(7) NOT NULL, `insTYPE` int(1) NOT NULL, PRIMARY KEY (`insUSER`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1;