TheMasterGeneral

I am currently using 1and1 for the fact that when I registered my domain, it costed $1 for the first year. Hindsight tells me I should have lied/faked some of the information I put on it, because well, phone calls, email spam, etc. I haven't got any other bad experiences with 1and1 personally, mainly because I set the DNS and haven't logged in since. (LOL)

2.0.5b is a lot more secure, but as Kyle said, it needs touch-ups in places. 2.0.5b also has issues out of the gate as well. (Gang surrenders*, NPC Battle Tent, from just the top of my head) * Could be an issue of how my gangs table is set up as well.

I'll have to end up figuring out the mail() php function. Seems it won't send at all from my POV. Could be an issue with the VPS I've got, I'll check with the host.   That seems like the most promising though. Security question, then email a random password to the account.

[MENTION=70990]Jacko11208[/MENTION] told me of a security flaw that could be used to gain access to the owner account. This flaw consisted of a domain whois lookup, which would show the registered email (assuming the admin used the same email in the login-process.) Which would make it pretty much easy to gain access to the owner's account. To fix this, I setup an if command that tests for the inputted user id and if it equals to whatever numbers are in the array, it'll tell them "Invalid user." Since its an "in_array", all you have to do is edit the field to add whatever user ID's you want denied. You could easily set that to user_level, and have it list all the user_levels who aren't a member (NPCs, Admins, Secretaries, Assistants, etc..) Jack's doing some extra testing, will let you know in a bit if he discovers more flaws.

I'll lend a hand if needed, as well. :P

The problem I noticed with McCodes is it offers no default way to recover passwords. Sure you could have a staff panel and do it manually, but that really doesn't help when an actual user cannot log into their account. So, enter, Password Recovery! This should be pretty fool-proof. It makes the user input a few fields a true owner would only know. (Login name, User ID, registered email) and allows then to specify a password, then confirm a captcha. I believed this to be the best way, since most users will change their name in game at least once, which already makes one of the inputs hard to figure out. The email (in most games) would be hidden from public view, so only the owner (of the game, and account) will know that as well. Involves creating a single file, and editing a file. Righto, lets get started. pwform.php <?php require('globals_nonauth.php'); print <<<EOF <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>{$set['game_name']}</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <script type="text/javascript" src="{$set['jquery_location']}"></script> <script type="text/javascript" src="js/register.js"></script> <link href="css/blue.css" type="text/css" rel="stylesheet" /> <div class='content'> </head> <!-- Begin Main Content --> EOF; ?> <?php if (!isset($_GET['step'])) { $_GET['step'] = ''; } switch ($_GET['step']) { case '1': step1(); break; case '2': step2(); break; default: home(); break; } function home() { die("Wrong URL. Check your source or <a href='?step=1'>Start Here</a>."); } function step1() { $chars = "1234567890"; $len = strlen($chars); $_SESSION['captcha'] = ""; for ($i = 0; $i < 4; $i++) $_SESSION['captcha'] .= $chars[rand(0, $len - 1)]; ?> Input the information correctly and you can reset your account. If you have troubles, please email [email protected]<br /><br /> <form method='post' action='?step=2'> <table> <tr><td>User ID:</td><td> <input type='text' name='userid' placeholder='Enter the account User ID'></td></tr> <tr><td>Login Name:</td><td> <input type='text' name='username' placeholder='Enter login name'></td></tr> <tr><td>Email:</td><td> <input type='text' name='email' placeholder='Enter the account email'></td></tr> <tr><td>New Password:</td><td> <input type='password' name='npw' placeholder='Enter the new password'></td></tr> <tr><td>Confirm Password:</td><td> <input type='password' name='cpw' placeholder='Confirm the password'></td></tr> <tr><td></td><td><img src='captcha_verify.php?bgcolor=C3C3C3' /></td></tr> <tr><td></td><td><input type='text' name='captcha' placeholder='Confirm captcha' /></td></tr> <td></td><td><input type="submit" value='Submit'></td> </table> </form> <?php } function step2() { global $db,$h; $_POST['userid'] = abs((int) $_POST['userid']); $_POST['username'] = (isset($_POST['username']) && preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['username']) && ((strlen($_POST['username']) < 32) && (strlen($_POST['username']) >= 3))) ? stripslashes($_POST['username']) : ''; $_POST['email']=(stripslashes($_POST['email'])); $_POST['npw'] = (isset($_POST['npw'])) ? $db->escape(strip_tags(stripslashes($_POST['npw']))) : ''; $_POST['cpw'] = (isset($_POST['cpw'])) ? $db->escape(strip_tags(stripslashes($_POST['cpw']))) : ''; if (!$_SESSION['captcha'] || !isset($_POST['captcha']) || $_SESSION['captcha'] != $_POST['captcha']) { unset($_SESSION['captcha']); die("Captcha Test Failed<br /> > <a href='login.php'>Back</a>"); } unset($_SESSION['captcha']); if (empty($_POST['username'])) { die("You did not specify a username."); } if (empty($_POST['email'])) { die("You did not specify an email."); } if (empty($_POST['npw']) || empty($_POST['cpw'])) { die("You did not specify a password"); } if ($_POST['npw'] != $_POST['cpw']) { die("Passwords do not match."); } if (in_array($_POST['userid'], array(1,122,8))) //Add the User ID's to this array who's password should not be changed { echo 'Invalid user.<br /> > <a href="?action=step1">Go Back</a>'; die($h->endpage()); } $t = $db->query( 'SELECT `user_level` FROM `users` WHERE `userid` = ' . $_POST['userid']); if ($db->num_rows($t) == 0) { $db->free_result($t); die('User ID not found.'); } $u = $db->query( "SELECT `user_level` FROM `users` WHERE `username` = '{$_POST['username']}'"); if ($db->num_rows($u) == 0) { $db->free_result($u); die('Username not found.'); } $e = $db->query( "SELECT `user_level` FROM `users` WHERE `email` = '{$_POST['email']}'"); if ($db->num_rows($e) == 0) { $db->free_result($e); die('Email not found.'); } if (empty($_POST['userid'])) { die("You did not specify a User ID."); } $q=$db->query("SELECT `email`,`userid`,`login_name`,`pass_salt` FROM `users` WHERE `userid` = {$_POST['userid']}"); while ($r=$db->fetch_row($q)) { if ($r['userid'] != ($_POST['userid'])) { die("User ID does not match what you entered."); } if ($r['login_name'] != ($_POST['username'])) { die("Username does not match what you entered."); } if ($r['email'] != ($_POST['email'])) { die("Email does not match what you entered."); } $new_psw = $db->escape(encode_password($_POST['npw'], $r['pass_salt'])); $db->query( "UPDATE `users` SET `userpass` = '{$new_psw}' WHERE `userid` = {$_POST['userid']}"); echo "Password changed!<br />"; } } ?> </body> Save, upload. Open login.php Find: <input type='submit' value='Login'> Paste after: <font size=1> <a href="pwform.php?step=1" onclick="javascript:void window.open('pwform.php?step=1','1428946907530','width=500,height=500,toolbar=0,menubar=0,location=0,status=1,scrollbars=1,resizable=1,left=0,top=0');return false;">Forgot Password?</a></font> Screenie: [ATTACH=CONFIG]1879[/ATTACH] Unintentional game advertising is unintentional. >_> Update: Security flaw fixed.

I'm still working on this in my free time. There's tidbits of logic left to be done. I think I should be able to get a demo going in a week.

Don't worry, Jack. We figured it out :P Updated code: <?php //Password Reset Fail - Coming You're Way Thanks To Jacko11208 require_once('sglobals.php'); if (!in_array($ir['user_level'], array(2,7))) { $db->query( "INSERT INTO `fedjail` VALUES(NULL, {$userid}, 3, 1, 'URL Manipulation')"); $db->query( "INSERT INTO `jaillogs` VALUES(NULL, 1, {$userid}, 3, 'URL Manipulation', " . time() . ")"); $db->query( "UPDATE `users` SET `fedjail` = 1 WHERE `userid` = {$userid}"); die("Hidden URL. Jail time!"); } if (!isset($_GET['action'])) { $_GET['action'] = ''; } switch ($_GET['action']) { case "passreset2": passreset2(); break; default: passreset(); break; } function passreset() { global $c; $_GET['XID'] = (isset($_GET['XID']) && is_numeric($_GET['XID'])) ? abs(intval($_GET['XID'])) : 0; echo " <h3>Password Reset</h3> Select the user you wish to reset the password for. <br /> <form action='staff_pwreset.php?action=passreset2' method='post'> User: " . user_dropdown(NULL, 'user', $_GET['XID']) . " <br /> New Password: <input type='text' name='newpassword' /> <br /> Confirm Password: <input type='text' name='cnewpassword' /> <br /> <input type='submit' value='Reset Password' /> </form> "; } function passreset2() { global $db, $ir, $c, $userid, $h; $_POST['user'] = (isset($_POST['user']) && is_numeric($_POST['user'])) ? abs(intval($_POST['user'])) : ''; $_POST['newpassword'] = (isset($_POST['newpassword'])) ? $db->escape(strip_tags(stripslashes($_POST['newpassword']))) : ''; $_POST['cnewpassword'] = (isset($_POST['cnewpassword'])) ? $db->escape(strip_tags(stripslashes($_POST['cnewpassword']))) : ''; if (empty($_POST['user']) | empty($_POST['newpassword'])) { echo 'You need to fill in all the fields.<br /> > <a href="staff_pwreset.php?action=passreset">Go Back</a>'; die($h->endpage()); } if ($_POST['cnewpassword'] != $_POST['newpassword']) { echo"Passwords did not match."; die($h->endpage()); } $q=$db->query("SELECT `pass_salt`,`userid` FROM `users` WHERE `userid`={$_POST['user']}"); while ($r=$db->fetch_row($q)) { $new_psw = $db->escape(encode_password($_POST['newpassword'], $r['pass_salt'])); $db->query( "UPDATE `users` SET `userpass` = '{$new_psw}' WHERE `userid` = {$_POST['user']}"); echo "Password changed!<br /> > <a href='preferences.php'>Go Back</a>"; } }

Curse you, mtg! I had a weekend of family planned and you come in with your faster coding and remake the mod no sweat. :-( Ya no life n00b ;p I'm kidding, I'll check it out when I get off of 3G and into a wifi spot.

I have no idea, tbh. :(

What is coding?

I'll remake this mod later if anyone would be interested in it. I've been needing to get a one together for my game. :P

A nice little addon. However, I would have done something like:   <?php $randmessage = mt_rand(1,3); if ($randmessage==1) { $echo=('blah'); } if ($randmessage==2) { $echo=('blah2'); } if ($randmessage==3) { $echo=('other blah'); } print"<img src='http://ezisite.com.au/masonry/widgets/simple/skindefault/admin/q.gif'> {$echo}";   Also, maybe you could implement it in SQL, so you don't have to manually enter the files? It'd be something like: $chance=mt_rand(1,333); if ($chance) { $q=$db->query("SELECT `hint_text` FROM `hints` WHERE `hintid` = {$chance}"); while ($r=$db->fetch_row($q)); { echo"<img src='http://ezisite.com.au/masonry/widgets/simple/skindefault/admin/q.gif'> {$r['hint_text']}"; } }   Probably won't work, but you get the idea.

That will work. Thanks dude! :D

MTG, mind throwing me the copy you're making up? Thanks in advanced! :)

Try checking this out. Might help on basic exploits. (Yes I know you're not on MCCodes, but basic requirements are there.) Bloody hell, the game's slow. I know my 3rd World Interwebz have something to do with that, but jesus. O_o

Heh whoopsy! Fixing the OP now.   Check lines 135-141   $q = $db->query('SELECT `user_level` FROM `users` WHERE `userid` = ' . $_POST['id'] . ''); if ($db->num_rows($q) == 0) { $db->free_result($q); die('Invalid user.<br /> > <a href="rroulette.php">Go Back</a>'); }   I think that's a valid check. Someone could correct me if its not the case.   Yeah, it appears to be the forum. My local copy seems fine.   Huh. Never would have thought that. I would guess this would be stopped with an "if (!$_GET['bet'])", right? At least I think that's how I did it in the past.   I hadn't did that originally. I believe there was a specific reason I did it this time, but for the life of me, I cannot remember. Thanks Veramis!

I threw a little russian roulette mod together as I couldn't find a free one that seemed like something I want. What the mod does: -Allows players to challenge another player to a round of russian roulette. Players may bet. Winner receives the payout, loser is dead* (hospital/infirmary) Things to note: I haven't extensively tested this. I did basic tests for logic'ing and basic security injections and had no issues. This mod does log the outcomes. HOWEVER, I did not make a staff_log.php function for it. Its easy to do, so I'm sure you can do it. (If not, bug me and I'll get around to it) Time for the code, then! HERE ME RORE. I R SQL CREATE TABLE IF NOT EXISTS `rr_challenges` ( `rrid` int(11) unsigned NOT NULL AUTO_INCREMENT, `rr_challenger` int(11) unsigned NOT NULL, `rr_receive` int(11) unsigned NOT NULL, `rr_time` int(11) unsigned NOT NULL, `rr_bet` int(11) unsigned NOT NULL, PRIMARY KEY (`rrid`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; CREATE TABLE IF NOT EXISTS `rr_logs` ( `rrid` int(11) unsigned NOT NULL, `rr_p1` int(11) unsigned NOT NULL, `rr_p2` int(11) unsigned NOT NULL, `rr_winner` int(11) unsigned NOT NULL, `rr_time` int(11) unsigned NOT NULL, `rr_bet` int(11) unsigned NOT NULL, PRIMARY KEY (`rrid`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; rroulette.php <?php /* Russian Roulette (Multiplayer) TheMasterGeneral 2015 Allows players to shoot each other in the head. How fun is that? No unauthorized sale,trading,etc... :P */ require("globals.php"); if ($ir['hospital']) { die("Only healthy players can gamble."); } if ($ir['jail']) { die("Only good players can gamble."); } echo "<h2>Russian Roulette</h2>"; function rr_addlog($who,$whom,$bet,$winner,$id) { global $db; $time=time(); $db->query("INSERT INTO `rr_logs` (`rrid`, `rr_p1`, `rr_p2`, `rr_winner`, `rr_time`, `rr_bet`) VALUES ('{$id}', '{$who}', '{$whom}', '{$winner}', '{$time}', '{$bet}')"); } if (!isset($_GET['action'])) { $_GET['action'] = ''; } switch ($_GET['action']) { case 'challenge': rr_challenge(); break; case 'accept': rr_accept(); break; case 'decline': rr_decline(); break; case 'cancel': rr_cancel(); break; default: rr_home(); break; } function rr_home() { global $db,$userid; echo "Welcome to the Russian Roulette center. The smell of blood and fear surround you as you enter. Feeling ballsy, brave soul? Prove it! Challenge a player to a round of Russian Roulette. You both must stand at the table. You can do anything, but leave. We will even nail your feet to the floor if needed. You can cry for your mommy or defecate in your pants, we don't care. You will be a man and face this challenge head on.<br /> <br /> <form action='?action=challenge' method='post'> Input a User ID to challenge:<br /> <input type='text' name='id' placeholder='Input a user ID' /><br /> Input a bet (Optional):<br /> <input type='text' name='bet' placeholder='Input a bet' /> <br /> <input type='submit' value='Challenge User!' /> </form><br /><br />"; $q=$db->query("SELECT * FROM `rr_challenges` WHERE `rr_challenger` = {$userid} OR `rr_receive` = {$userid}"); echo"<table width=40% cellspacing='1' cellpadding='1' class='table'> <tr> <th>FROM</th> <th>TO</th> <th>BET</th> <th>LINKS</th> </tr>"; while ($r = $db->fetch_row($q)) { $u=$db->query("SELECT `username`,`userid` FROM `users` WHERE `userid` = {$r['rr_challenger']}"); while ($un1=$db->fetch_row($u)) { echo"<tr><td>{$un1['username']}</td>"; } $u2=$db->query("SELECT `username`,`userid` FROM `users` WHERE `userid` = {$r['rr_receive']}"); while ($un2=$db->fetch_row($u2)) { echo"<td>{$un2['username']}</td>"; } echo"<td>{$r['rr_bet']} <img src='/images/statusbars/coppercoin.png' title='Copper Coins' height='11' width='11' /></td>"; if ($r['rr_challenger'] != $userid) { echo" <td><a href='?action=accept&challenge={$r['rrid']}'>ACCEPT</a> || <a href='?action=decline&challenge={$r['rrid']}'>DECLINE</a></td></tr>"; } else { echo" <td><a href='?action=cancel&challenge={$r['rrid']}'>CANCEL</a></td></tr>"; } } } function rr_challenge() { global $db,$userid,$ir; $_POST['bet'] = (isset($_POST['bet']) && is_numeric($_POST['bet'])) ? abs(intval($_POST['bet'])) : ''; $_POST['id'] = (isset($_POST['id']) && is_numeric($_POST['id'])) ? abs(intval($_POST['id'])) : ''; if (empty($_POST['id'])) { die("You did not input a user to challenge.<br /> > <a href='rroulette.php'>Go Back</a>"); } if ($ir['money'] < $_POST['bet']) { die("You do not have the copper coins to place this bet. <br /> > <a href='rroulette.php'>Go Back</a>"); } $q = $db->query('SELECT `user_level` FROM `users` WHERE `userid` = ' . $_POST['id'] . ''); if ($db->num_rows($q) == 0) { $db->free_result($q); die('Invalid user.<br /> > <a href="rroulette.php">Go Back</a>'); } //Not sure if this is needed, but will //make sure that if the bet is not //specified, it will pass along a 0. if ($_POST['id'] == $userid) { die('You cannot challenge yourself.<br /> > <a href="rroulette.php">Go Back</a>'); } if (empty($_POST['bet'])) { $_POST['bet'] = ('0'); } $time=time(); $db->query("INSERT INTO `rr_challenges` (`rrid`, `rr_challenger`, `rr_receive`, `rr_time`, `rr_bet`) VALUES (NULL, '{$userid}', '{$_POST['id']}', '{$time}', '{$_POST['bet']}')"); $db->query("UPDATE `users` SET `money`=`money`-{$_POST['bet']} WHERE `userid` = {$userid}"); $moneyformat = money_formatter($_POST['bet']); if ($_POST['bet'] > 0) { event_add($_POST['id'],"<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> has challenged you to a round of Russian Roulette. View it <a href='rroulette.php'>here</a>."); die("User has been challenged. {$moneyformat} <img src='/images/statusbars/coppercoin.png' title='Copper Coin' height='11' width='11' /> has been taken from your funds. Good luck!"); } else { event_add($_POST['id'],"<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> has challenged you to a round of Russian Roulette. View it <a href='rroulette.php'>here</a>."); die("User has been challenged. Good luck!"); } } function rr_accept() { global $db,$userid,$ir; $_GET['challenge'] = (isset($_GET['challenge']) && is_numeric($_GET['challenge'])) ? abs(intval($_GET['challenge'])) : 0; $rr=$db->query("SELECT `rrid` FROM `rr_challenges` WHERE `rrid` = {$_GET['challenge']}"); $q=$db->query("SELECT * FROM `rr_challenges` WHERE `rrid`={$_GET['challenge']} LIMIT 1"); while ($r = $db->fetch_row($q)) { if (!$_GET['challenge']) { die("This is not your match to control."); } if ($_GET['challenge'] == 0) { die("Match does not exist."); } if (!$userid == $r['rr_receive'] || !$userid == $r['rr_challenger']) { die("This is not your match to accept."); } if (!$db->num_rows($rr)) { die('Match does not exist.'); } if ($r['rr_bet'] > 0) { if ($ir['money'] < $r['rr_bet']) { die("You do not have enough cash on hand to accept this round."); } } $chance=mt_rand(1,2); $u=$db->query("SELECT `username`,`userid` FROM `users` WHERE `userid` = {$r['rr_challenger']}"); $hospital=mt_rand(100,400); $reason=('Deadly Games'); $db->query("UPDATE `users` SET `money`=`money`-{$r['rr_bet']} WHERE `userid` = {$userid}"); $moneywon=($r['rr_bet']*2); while ($un1=$db->fetch_row($u)) { if ($chance == 1) { echo "While yourself and {$un1['username']} are at the table. He shoots you a grin. He's a cocky son of a jerk. We should change that. You take the cold gun and point it at your temple. You begin to sweat and {$un1['username']} continues to grin. Your hand trembles. {$un1['username']} laughs at your cowardliness. You sigh deeply and pull the trigger. Boom. For you, that is where the story ends.<br /> <br /> <br /> <b>You lost this round of russian roulette and lost {$r['rr_bet']} <img src='/images/statusbars/coppercoin.png' title='Copper Coins' height='11' width='11' /></b>"; $db->query("UPDATE `users` SET `hospital`=`hospital`+{$hospital},`hospreason`='{$reason}' WHERE `userid` = {$userid}"); $db->query("UPDATE `users` SET `money`=`money`+{$moneywon} WHERE `userid` = {$r['rr_challenger']}"); rr_addlog($r['rr_challenger'],$userid,$r['rr_bet'],$r['rr_challenger'],$r['rrid']); event_add($r['rr_challenger'],"You won russian roulette and profitted {$r['rr_bet']} copper coins."); $db->query("DELETE FROM `rr_challenges` WHERE `rrid` = {$r['rrid']}"); } if ($chance == 2) { echo "You and {$un1['username']} have a stare-off. After about three minutes, you both grow tired. You stretch for the gun and put it to your temple. You smile confidentially and pull the trigger. All you hear is a click. You hand the gun to {$un1['username']}. He beings to look nervous and sweat. He buys himself some time until he inevitably has to put the gun to his head. He puts the gun to his head and pulls the trigger. Boom. There's guts everywhere now<br /> <br /> <br /> <b>You won this round of russian roulette and won {$r['rr_bet']} <img src='/images/statusbars/coppercoin.png' title='Copper Coins' height='11' width='11' /></b>"; $db->query("UPDATE `users` SET `hospital`=`hospital`+{$hospital},`hospreason`='{$reason}' WHERE `userid` = {$r['rr_challenger']}"); $db->query("UPDATE `users` SET `money`=`money`+{$moneywon} WHERE `userid` = {$userid}"); rr_addlog($r['rr_challenger'],$userid,$r['rr_bet'],$userid,$r['rrid']); event_add($r['rr_challenger'],"You lost russian roulette and lost {$r['rr_bet']} copper coins."); $db->query("DELETE FROM `rr_challenges` WHERE `rrid` = {$r['rrid']}"); } } } } function rr_decline() { global $db,$userid,$ir; $_GET['challenge'] = (isset($_GET['challenge']) && is_numeric($_GET['challenge'])) ? abs(intval($_GET['challenge'])) : 0; $rr=$db->query("SELECT `rrid` FROM `rr_challenges` WHERE `rrid` = {$_GET['challenge']}"); $q=$db->query("SELECT * FROM `rr_challenges` WHERE `rrid`={$_GET['challenge']} LIMIT 1"); while ($r = $db->fetch_row($q)) { if (!$_GET['challenge']) { die("This is not your match to control."); } if ($_GET['challenge'] == 0) { die("Match does not exist."); } if (!$userid == $r['rr_receive'] || !$userid == $r['rr_challenger']) { die("This is not your match to accept."); } if (!$db->num_rows($rr)) { die('Match does not exist.'); } if ($r['rr_bet'] > 0) { if ($ir['money'] < $r['rr_bet']) { die("You do not have enough cash on hand to accept this round."); } } echo"You have declined this match of Russian Roulette. I guess you were too chicken."; $db->query("UPDATE `users` SET `money`=`money`+{$r['rr_bet']} WHERE `userid` = {$r['rr_challenger']}"); event_add($r['rr_challenger'],"<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> has declined your offer to play russian roulette. Your money has been refunded."); $db->query("DELETE FROM `rr_challenges` WHERE `rrid` = {$r['rrid']}"); } } function rr_cancel() { global $db,$userid,$ir; $_GET['challenge'] = (isset($_GET['challenge']) && is_numeric($_GET['challenge'])) ? abs(intval($_GET['challenge'])) : 0; $rr=$db->query("SELECT `rrid` FROM `rr_challenges` WHERE `rrid` = {$_GET['challenge']}"); $q=$db->query("SELECT * FROM `rr_challenges` WHERE `rrid`={$_GET['challenge']} LIMIT 1"); while ($r = $db->fetch_row($q)) { if (!$_GET['challenge']) { die("This is not your match to control."); } if ($_GET['challenge'] == 0) { die("Match does not exist."); } if (!$userid == $r['rr_receive'] || !$userid == $r['rr_challenger']) { die("This is not your match to accept."); } if (!$db->num_rows($rr)) { die('Match does not exist.'); } echo"You have cancelled this Russian Roulette match. I guess your balls shrank, eh?"; $db->query("UPDATE `users` SET `money`=`money`+{$r['rr_bet']} WHERE `userid` = {$r['rr_challenger']}"); event_add($r['rr_receive'],"<a href='viewuser.php?u={$userid}'>{$ir['username']}</a> has cancelled the previous Russian Roulette match they had with you."); $db->query("DELETE FROM `rr_challenges` WHERE `rrid` = {$r['rrid']}"); } } Report back to me logic bombs, and/or security loopholes. :P

Bigint plz <3

Hey hud, try something like this:   <?php require('globals.php'); //Your user tests $chance=mt_rand(1,10); if ($chance == 1) { //then me } //continue for the rest of the outputs.   That code should be used for a rough guess. I'm not on my main PC, so I have no formatting colors. Lol. If you have further questions, ask here or PM me directly. -TMG

This seemed like the right spot to post it at, so yeah. ---------------------------------------------------------- Player Owned Districts ---------------------------------------------------------- Mod Name: Player Owned Districts Mod Developers/TradeMark: TheMasterGeneral Mod Status: In-dev Availability: MCCodes V2.0.5b Cost: TBD, Probably $10-15 USD About the mod and how it works: Essentially, its a turf war mod. You must buy troops (ranged/melee) to take another district. Holding a district costs some cash, and other players can attack your district. You can fortify a district to increase your defense level and your daily payroll production. Players are limited to two movements per 24 hours. Players are given the option to set their district background color to whichever color they want. (Blue, red, etc.) Users can deposit money into a payroll, which is essentially a bank. They cannot withdraw from this account however. Players are given a barracks, which holds, at maximum, 2000 melee troops and 1000 ranged troops. *Comes with a HEAVILY modifiable configuration file* -Customize the name of troops, costs, movements per day, default colors, and pretty much whatever you can think of. Screenshots/Demo/Product Download: User Info: [ATTACH=CONFIG]1838[/ATTACH] Change Color: [ATTACH=CONFIG]1837[/ATTACH] Staff Menu: [ATTACH=CONFIG]1839[/ATTACH] Staff View District: [ATTACH=CONFIG]1840[/ATTACH] Staff View User: [ATTACH=CONFIG]1842[/ATTACH] Staff Reset Map: [ATTACH=CONFIG]1843[/ATTACH] Map: [ATTACH=CONFIG]1844[/ATTACH] Info Page: [ATTACH=CONFIG]1845[/ATTACH]  

Oh yes, good old McCodes. Lol. I'll take a look.

Ouch. I had to do something similar a month ago, but, it was with nearly 1TB of data. Had to break my RAID-10 so I could dump my stuff from my 1TB scratch disc onto it. lol.

No problem. :)

Looks basic, but still nicely put together. I'd have to say I need to see your whole template before I can say much. (Assuming its going on your template somewhere) Edit; Just realized how old this thread is. :(