NonStopCoding

  Cool i have accepted it :)

  Yes i would like the job :) Are you able to send me a message via skype or gmail? Skype dundeeboy09 Gmail [email protected]

if your still looking ill take the job :)

  Yea the formula was annoying i recoded the crime system

I have used crons from mccodes before on x10 and never had a issue when using this method to send the cron out. curl http://website/cronfile.php?code=code from config.php goes here

I did noticed you never escaped your question also the error is in validate.php can you post that file or 5 lines above and 5 lines below the error please

  i hardly get messages too i was exploring the new design see what's changed and noticed it

it tells you in your profile your join date too

Just like to say nice job its looking good i like the design clean and good on the eyes. The features sound cool will be cool to see the game completed and good luck :)

i believe there is one on here that [uSER=53425]Magictallguy[/uSER] started.

  yep they look grpg to me

yea you can contact me via skype: dundeeboy09 or [email protected] if you wish to talk more

  What do you mean by doing a whole game?

fixed up some stuff and cleaned up the code Paste bin - http://pastebin.com/ASdwaXFd Edit line 4 should be ctype_alnum not ctype_alphanum   <?php require(__DIR__.'/globals.php'); print "<h3>Item Market</h3>"; $_GET['action'] = isset($_GET['action']) && ctype_alnum($_GET['action']) ? strtolower(trim($_GET['action'])) : false; switch($_GET['action']) { case "buy": item_buy(); break; case "gift1": item_gift1(); break; case "gift2": item_gift2(); break; case "remove": itemm_remove(); break; default: imarket_index(); break; } // going to add the code for get id here as its used multiple times $_GET['ID'] = isset($_GET['ID']) && ctype_digit($_GET['ID']) ? abs(intval($_GET['ID'])) : 0; // or simple // $_GET['ID'] = abs(intval($_GET['ID'])); function imarket_index() { global $db,$ir,$c,$userid,$h; // whats this for? $check = $db->query("SELECT im.*,i.* FROM `itemmarket` im LEFT JOIN `items` i ON im.imITEM=i.itmid WHERE `imID` = {$_GET['ID']} AND `imADDER` = $userid"); print "Viewing all listings... <table width=75% cellspacing=1 class='table'> <tr style='background:gray'> <th>Adder</th> <th>Item</th> <th>Price</th> <th>Links</th> </tr>"; $q = $db->query("SELECT im.*, i.*, u.*,it.* FROM `itemmarket` im LEFT JOIN `items` i ON im.imITEM=i.itmid LEFT JOIN `users` u ON u.userid=im.imADDER LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid ORDER BY i.itmtype, i.itmname ASC"); $lt = ""; while($r=$db->fetch_row($q)) { if($lt!=$r['itmtypename']) { $lt = $r['itmtypename']; print "\n<tr style='background: gray;'><th colspan=4>{$lt}</th></tr>"; } if($r['imCURRENCY']=="money") $price="\$".number_format($r['imPRICE']); else $price=number_format($r['imPRICE'])." crystals"; if($r['imADDER'] == $userid) $link = "[<a href='itemmarket.php?action=remove&ID={$r['imID']}'>Remove</a>]"; else $link = "[<a href='itemmarket.php?action=buy&ID={$r['imID']}'>Buy</a>] [<a href='itemmarket.php?action=gift1&ID={$r['imID']}'>Gift</a>]"; print "\n <tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>{$r['itmname']}</td> <td>$price</td> <td>[<a href='iteminfo.php?ID={$r['itmid']}'>Info</a>] $link</td> </tr>"; } print "</table>"; } function itemm_remove() { global $db,$ir,$c,$userid,$h; $q = $db->query("SELECT im.*,i.* FROM itemmarket im LEFT JOIN items i ON im.imITEM=i.itmid WHERE imID={$_GET['ID']} AND imADDER=$userid"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or you are not the owner.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); item_add($userid, $r['imITEM'], 1); $i = ($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_GET['ID']}"); $db->query("INSERT INTO imremovelogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} removed a {$r['itmname']} from the item market.')"); print "Item removed from market!<br /> <a href='itemmarket.php'>> Back</a>"; } function item_buy() { global $db,$ir,$c,$userid,$h; $q = $db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_GET['ID']}",$c); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); $curr = $r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($userid, $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_GET['ID']}"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr == "money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for ".money_formatter($r['imPRICE'])."."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']}')"); print "You bought the {$r['itmname']} from the market for ".money_formatter($r['imPRICE'], '')." crystals."; } } function item_gift1() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_GET['ID']}"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); $curr = $r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } if($curr == "money") { print "Buying the <b>{$r['itmname']}</b> for ".money_formatter($r['imPRICE'])." as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /> </form>"; } else { print "Buying the <b>{$r['itmname']}</b> for ".money_formatter($r['imPRICE'], '')." crystals as a gift...<br /> <form action='itemmarket.php?action=gift2' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> User to give gift to: ".user_dropdown($c,'user')."<br /> <input type='submit' value='Buy Item and Send Gift' /> </form>"; } } $usercheck = $db->query("SELECT `userid` FROM `users` WHERE `userid` = ".$_POST['userid']); // Preform check using num_rows() if(!$db->num_rows($usercheck)) { // error $h->endpage(); exit; } function item_gift2() { global $db,$ir,$c,$userid,$h; $_POST['user'] = isset($_POST['user']) && ctype_digit($_POST['user']) ? abs(intval($_POST['user'])) : 0; if(empty($_POST['user']) || empty($_POST['ID'])) { echo "Something went wrong. <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $q = $db->query("SELECT * FROM itemmarket im LEFT JOIN items i ON i.itmid=im.imITEM WHERE imID={$_POST['ID']}"); if(!$db->num_rows($q)) { print "Error, either this item does not exist, or it has already been bought.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } $r = $db->fetch_row($q); $curr = $r['imCURRENCY']; if($r['imPRICE'] > $ir[$curr]) { print "Error, you do not have the funds to buy this item.<br /> <a href='itemmarket.php'>> Back</a>"; $h->endpage(); exit; } item_add($_POST['user'], $r['imITEM'], 1); $i=($db->insert_id()) ? $db->insert_id() : 99999; $db->query("DELETE FROM itemmarket WHERE imID={$_POST['ID']}"); $db->query("UPDATE users SET $curr=$curr-{$r['imPRICE']} where userid=$userid"); $db->query("UPDATE users SET $curr=$curr+{$r['imPRICE']} where userid={$r['imADDER']}"); if($curr == "money") { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for \$".number_format($r['imPRICE']).".",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); if(!$db->num_rows($u)) { echo "Invalid User."; $h->endpage(); exit; } $uname = ($db->num_rows($u)) ? $db->fetch_single($u) : "Error Invalid User"; $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for \${$r['imPRICE']} from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for \$".number_format($r['imPRICE'])." and sent the gift to $uname."; } else { event_add($r['imADDER'],"<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought your {$r['itmname']} item from the market for ".number_format($r['imPRICE'])." crystals.",$c); event_add($_POST['user'], "<a href='viewuser.php?u=$userid'>{$ir['username']}</a> bought you a {$r['itmname']} from the item market as a gift.",$c); $u=$db->query("SELECT username FROM users WHERE userid={$_POST['user']}"); if(!$db->num_rows($u)) { echo "Invalid User."; $h->endpage(); exit; } $uname = ($db->num_rows($u)) ? $db->fetch_single($u) : "Error Invalid User"; $db->query("INSERT INTO imbuylogs VALUES ('', {$r['imITEM']}, {$r['imADDER']}, $userid, {$r['imPRICE']}, {$r['imID']}, $i, unix_timestamp(), '{$ir['username']} bought a {$r['itmname']} from the item market for {$r['imPRICE']} crystals from user ID {$r['imADDER']} as a gift for $uname [{$_POST['user']}]')"); print "You bought the {$r['itmname']} from the market for ".number_format($r['imPRICE'])." crystals and sent the gift to $uname."; } } $h->endpage(); ?>   You need to go through each function and find if its using the get variable and then do a check to see if its empty i did it in one of the functions for you just look for that and try type it rather than copy and paste reason for that is your really not learning from copying and pasting.

  You can add the security to the start of the function to make things easier so you don't need to add it to each and every query   function something() { global $var,$var2; $_GET['whatever'] = abs(intval($_GET['whatever'])); $check = $db->query("SELECT `something` FROM `someplace` WHERE `whatever` = ".$_GET['whatever']); }   quick scan also noticed that in your gift2 function you never secured the [{$_POST['user']}] also need to do checks to make sure that the info your searching for is real if not then kill script   $usercheck = $db->query("SELECT `userid` FROM `users` WHERE `userid` = ".$_POST['userid']); // Preform check using num_rows() if(!$db->num_rows($usercheck)) { // error $h->endpage(); exit; }

  $amt = isset($var) && ctype_digit($var) ? abs(intval($var)) : 0;   Here are some of the functions used http://php.net/manual/en/function.isset.php http://php.net/manual/en/function.ctype-digit.php http://php.net/manual/en/function.abs.php http://php.net/manual/en/function.intval.php Hope this helps  

  <script type="text/javascript"> var count = <?= $infed['fj_time'] ?>; var now = Math.floor(new Date().getTime() / 1000); count = count - now; var counter = setInterval(timer, 1000); //1000 will* run it every 1 second function timer() { count = count - 1; if(count == -1) { clearInterval(counter); return; } var seconds = count % 60; var minutes = Math.floor(count / 60); var hours = Math.floor(minutes / 60); var days = Math.floor(hours / 24); minutes %= 60; hours %= 24; document.getElementById("clock").innerHTML = days + " days " + hours + " hours " + minutes + " minutes and " + seconds + " seconds"; } </script> ??

Yea that's my website

just to let you know that eregi is deprecated now and wont be used in later versions or already not being used i believe its preg_match now correct me if iam wrong?

a simple fix up would be $_GET['ID'] = abs(intval($_GET['ID']));   also if its not already done you need to check if the id is empty using the function empty() .

open up lib/installer_error_handler.php and change the false to a true then return to installer and try again assuming your using v2.05b

must be something in your css file that affects the span tag i would of said use a div but that would break the text into a new line   <span id='clock' style='background:#ececec;'></span>

[MENTION=68406]-BRAIDZ-[/MENTION] try this http://pastebin.com/fQjyRFXw

Where it says var count = <?=$time['timeleft']?>; you need to change the $time['timeleft'] with users jail or hosp time.   <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script> <script type="text/javascript"> var count = <?=$time['timeleft']?>; var counter = setInterval(timer, 1000); //1000 will run it every 1 second function timer() { count = count - 1; if (count == -1) { clearInterval(counter); return; } var seconds = count % 60; var minutes = Math.floor(count / 60); var hours = Math.floor(minutes / 60); minutes %= 60; hours %= 60; document.getElementById("clock").innerHTML = hours + "hours " + minutes + "minutes and " + seconds + " seconds left"; } </script> then to show it just <span id='clock'></span> you can see a js fiddle here https://jsfiddle.net/hm2rz6a0/

only took a quick look but bank.php inventory.php needs security added to it.