G7470

Well, you were right that it has to do with this line:   if(!$_GET['spend'])   In relation to this error: "Notice: Undefined index: spend in /home/public_html/citypark.php on line 27" This is because you are attempting to check the value of $_GET['spend'] without evaluating whether the variable is even set or not. (I have seen this MANY times and it is very poor programming practice to keep this as-is.) So, to fix this problem, you will want to check whether or not $_GET['spend'] is set:   if(isset($_GET['spend']) && !$_GET['spend']) { print " <div class='desc2'> <div class='citstat'> <style type='text/css'> }   isset() in PHP manual: http://php.net/manual/en/function.isset.php That should remove the notice. This notice is actually pretty informative as to what the problem is, so if you encounter a notice like this again, watch for these evaluation statements (if, switch, while, for) checking variables. Make sure that variable is explicitly set first before evaluating its value. If not, then you should first evaluate whether it is set or not BEFORE evaluating its value. :) Hope this helps! ~G7470

Agreed. If particular events will give players rewards, then I would suggest not using $_GET. $_POST would be more appropriate for that. ~G7470

Agreed with [MENTION=70674]ArchEclipse[/MENTION]. In database structure design, you should make the data size the smallest that is possible in order to limit the amount of unused space. It is a rather mute point nowadays because of how large database space is now, but I would recommend still following that practice. Other than that, it is an interesting mod; however, I would recommend maybe expanding on this a bit and instead of having it just two times a day, why not make it a little more random as to whether they escape or not. On top of that, if they "fail", then penalize them. ;) ~G7470

The coverupload.php is where it is insecure. Before you update the users table with that cover pic, you have to validate that the text that is in the textbox that the user fills out is legitimate. All you're doing right now is checking whether it is set or not, which is a start, but the text in and of itself could be anything, including SQL, which could be an easy target for SQL injection. If [MENTION=70854]Truefalse[/MENTION] can't help you out completely, then I can help tackle this problem as well. Until that security hole is fixed, I would not recommend using this mod. ~G7470

Look at where your while loop is located. Currently, this is your while loop:   while($row = $db->fetch_row($result)) // using MCCodes fetch_row function, which can works as both fetch_array and fetch_row in mysql and mysqli { print " <table class='mytable'> <tr> "; }   Do you notice something wrong there? A couple things to note:   Where are your results from each row in this loop? They're not there, it's just formatting. Keep an eye out for when your loop starts and ends. You should only be printing the <table> tag and the <tr> tag once. Right now, you're creating four tables and one row per table.   Those notes should at least help get you back on the right track. :) ~G7470

You almost have it...there are a few things that have to be adjusted, but not too bad for just starting out. I'll make the code change and note the differences for you for future reference.   include "globals.php"; $result = $db->query("SELECT username FROM users ORDER BY posts DESC LIMIT 4"); // moved $result to equal the query, as $db->query runs that query // $result = mysql_query($db); Not needed while($row = $db->fetch_row($result)) // using MCCodes fetch_row function, which can works as both fetch_array and fetch_row in mysql and mysqli { print $row['username']; // References the column itself (username) when printing. Also, no need for double quotes when you're solely printing a variable } $h->endpage();   Hopefully this helps. If you're still a little confused on exactly how this works, feel free to post questions on this thread about it. I'm sure if I cannot answer them for whatever reason, I'm sure others could help. ~G7470

In MCCodes, it requires a GET code in order to kick off a cron job at all. You could make that code as complex as you would want, really. Relabeling them may also help make it more difficult for those attempting to run your crons manually to do so, but I would say the built-in GET code with MCCodes is your best bet. ~G7470

Could be, but you have to also account for the current expression match based upon what exactly you are looking for. Maybe you could do a combination of both, like use the expression match but then also say that this function (stristr) must return false as well in order for the condition to be satisfied. If you use stristr(), you could also put the apostrophe into a variable or something like that in order to ensure that it is taken as an apostrophe instead of a string beginning/end tag like what the PHP compiler will probably do with the expression match I gave you. ~G7470

The preg_match should be: /^[a-z0-9_]+([\\s]{1}(([a-z0-9_\S]|[a-z0-9_\S])+[^\']))+$/i However, this may play a problem in code (as PHP recognizes ' as the start/end of a string), so this may not work...but that would be what it is. Source: http://www.regexr.com/ - good resource if you want to try building custom regular expressions like this in the future. ~G7470

Any particular reason why you want an AJAX mail system? I think if that would be defined better, there may be a better solution than AJAX for your purposes. At any rate, [MENTION=70347]NonStopCoding[/MENTION] is a reliable coder, so I'm pretty confident in knowing that he would be able to create something for your provided that he knows what you would want. I would throw my hat in the ring on this, but I still have school for the next couple of months, so I don't have any time to do contract work. Best of luck though! I'm sure that if someone is available and can do it that you'll get your mods done. ~G7470

Thanks for the response, just wanted to ensure that nobody was getting screwed over. Interesting mod I must say - Hybridd, would you be providing installation support of this mod if someone is having trouble?   Saying blanket statements like that can usually lead you to destruction as a seller. If they find a bug, they could potentially ask for a full refund because you supplied them a mod with the premise of "no bugs". Just a FYI. ~G7470

Were you given the rights to re-sell or even re-distribute this mod that as you mentioned [MENTION=70347]NonStopCoding[/MENTION] created? ~G7470

In the cases I mentioned, yes. I guess a possibility for that could be opened up, but personally, I would pick a friend to look after it over a contractor any day if I had the choice. ~G7470

I wouldn't say "easy", especially if you're somebody who has trouble with trusting other people to run your game. However, before your game even gets going, you should always have a couple of reliable people to back you up just in case. It's just like going on vacation and you want someone to watch your house for you. You don't want a random stranger watching your house, do you? Heck no! You get someone you can trust to keep an eye on things - which is basically what you would want as well to keep an eye on things as an admin while you're away. As for technical stuff, the same rules apply - have some people to back you up technically so that the game just doesn't die while you're gone. ~G7470

It looks like you are referencing the incorrect variable in order to determine whether it is "active" or not. You should be referencing $r['qActive'] instead of $coud['qActive'] on line 61. Also, I'm pretty sure you can do some clean-up here too. Here's the new block of code with some clean-up:   if ($_GET['qstart']) { $_GET['qstart'] = abs((int) $_GET['qstart']); //Verify. $cd = $db->query("SELECT * FROM questing WHERE qID={$_GET['qstart']}"); $coud = $db->fetch_row($cd); $item = $db->query("SELECT * FROM inventory WHERE inv_itemid={$coud['qItem']}"); // $f = $db->fetch_row($item); if ($db->num_rows($cd) == 0) { showErrMsg('You are trying to start a nonexistent quest!'); } if ($db->num_rows($item) < 1) { showErrMsg('You don\'t have the '.$coud["qItem"].'. You must get one before starting this quest.'); } $cd = $db->query("SELECT * FROM questing WHERE qID={$_GET['qstart']}"); $coud = $db->fetch_row($cd); $db->query("UPDATE users SET quest=".$coud['qID'].",quest_time=".$coud['qStart'].", quest_step=1 WHERE userid=$userid"); print "".$coud['qStartText'].", it will take ".$coud['qStart']." minutes to finish this step."; } else { //list courses print "Here is a list of quests that are available to you."; if ($ir['user_level'] == 2) { $q = $db->query("SELECT * FROM questing ORDER BY qID ASC"); } else { $q = $db->query("SELECT * FROM questing WHERE qActive=1 ORDER BY qID ASC"); } print " <table id='demo-table3' width=100% cellspacing=1 class='table'> <tr> <th>Quest</th> <th>Description</th> <th>Item Needed</th> <th>Start</th>"; if ($ir['user_level']==2) { print" <th>Active</th> <th>Edit</th>"; } print "</tr>"; while ($r = $db->fetch_row($q)) { $cdo = $db->query("SELECT * FROM quest_done WHERE userid=$userid AND questid={$r['qID']}"); if ($db->num_rows($cdo) == 5) { // 5 allowed per day $do = "<i>Done</i>"; } else { $do = "<a href='questing.php?qstart={$r['qID']}'>Take</a>"; } // $cd = $db->query("SELECT * FROM questing"); // $coud = $db->fetch_row($cd); $n = $db->query("SELECT itmname FROM items WHERE itmid={$r['qItem']}"); $need = $db->fetch_row($n); print " <tr align=center> <td width=20%>".$r['qName']."</td> <td>".$r['qDescription']."</td> <td width=15%>".$need['itmname']."</td> <td width=10%>$do</td>"; if ($ir['user_level']==2) { print" <td width=7%>"; if ($r['qActive'] == 1) { print"<font color=green>Yes</font>"; } else { print"<font color=red>No</font>"; } print"</td> <td width=7%><a href='staff_quest.php?action=editquest'>Edit</a></td>"; } print"</tr>"; } print "</table>"; } }   Notes: Commented out fetching the row of $item on line 7. I'm not too sure why it's there really since it's not being referenced anywhere. Commented out lines 48 and 49. This is part of the problem area because this query will only grab the first row. Line 51, changed $coud['qItem'] to $r['qItem'] since it is existing already. Line 61, changed $coud['qActive'] to $r['qActive'], which was the problem area because again, $coud can only retrieve one row, which will be the first row.   So in conclusion, your while loop starting on line 41 loops through all of the quests, so you do not need to re-query that same table again to gather more information about the quest when you already have it through the $r data row. Hope this helps. :) ~G7470

I think #3 looks the best, at least on the desktop. I'm not sure how it would look on a mobile phone, but as I would imagine it would still look pretty nice. ~G7470

Out of curiosity, for the register form, why did you make the textboxes change to a white when filled in? When that happens, I cannot see what I put into the textbox, which really throws me off. ~G7470

If a knowledgeable attacker would want to gain administrative access to your site, they will find a way. As with what [MENTION=65530]Coly010[/MENTION] said, there is no way to make a game 100% secured. On a personal standpoint, when it comes to securing a site, yes, locking down access is of course very important, but also making it difficult for the attacker to find your administrative access is also very effective. Back in August, I didn't really take note of [MENTION=64684]Dayo[/MENTION]'s comment about using SSH access, which by the way is rather a secure method to administer the site. Is it fool-proof, no, but an attacker would really have to work at it in order to gain this access. In terms of security, one of the easiest methods to gain administrative access to the site is really by a social engineering attack (i.e. getting the access credentials by a threat, doing the administrator a "favor" by doing whatever, etc). By not giving out your credentials to untrustworthy people and your credentials passing over a secure channel, I think that in of itself is pretty effective. ~G7470

Agreed to a point. The style feels like it was thrown together, and the left menu's links seem really clustered together without any regard to the users' eyes. [MENTION=70718]kodiak[/MENTION] if you are just a member of this game, I would highly suggest sending the owner these suggestions from this forum in order to improve the game. Just a thought. :) ~G7470

PDO offers additional features that, quite frankly, most people on here wouldn't ever need or use. We're not building enterprise or very heavy traffic websites here. I feel that using PDO vs mySQLi is based upon personal preference of coding style versus the actual features that they provide.   People who use mySQLi on a daily basis (like myself) would tell you that if a database was moved, all they would have to do is change one line of code that establishes the database connection, and they would be done. It's pretty simple and straight-forward. Many people code their sites like that. PDO offers easy migrations like that, and that's understandable, but just know that there are many other ways to do it instead of the simple "just use PDO" response. It's really a matter of personal preference. ~G7470

The black text in front of the background is difficult to read in spots where the background is a dark grey or just about black. Also, it seems like this page is lacking color. The only color I see is the login button and the CCM sign. The rest is a grey-black combination. I think a little more splash of color could really help the design. ~G7470

No harm done for me either. Kudos to you for apologizing in a more professional manner. ~G7470

Sorry to hear that this forum isn't worth your time. Wish you the best in your endeavors. ~G7470

Well, how exactly did you put your website into maintenance? What were the steps you took? ~G7470

If your website is in maintenance, you should still be able to access the back-end of your website through cPanel or another source (such as FTP/sFTP) in order to get out of maintenance. If you have blocked yourself out of even logging in through cPanel or FTP/sFTP, then you will probably have to get your hosting provider involved. ~G7470