~Rob0t

Just to point out... From the w3; > The objective of this technique is to enable redirects on the client side without confusing the user. Redirects are preferably implemented on the server side [...] The page containing the redirect code should only contain information related to the redirect. So "better" in terms of lazy development, sure. ;) Also, read http://www.w3.org/TR/2015/NOTE-WCAG20-TECHS-20150226/SVR1 Edit What if the value of $_POST['refer'] is; " content=""><META http-equiv="refresh" content="0;URL= http://my-malicious-site.com/hack_damonds_account.php"><foo bar="   Where is the sanitisation?

Sure, on some installs. Depends on your sysadmin though. Also, if you have a shared server, it may be disabled.

[MENTION=70655]Damond[/MENTION] - I read your OP and saw you haven't had a lot of time programming, so here's some pointers;   Don't send output before a header() redirect (line 12 and line 21) - you'll get a "Headers already sent" error message (unless you use output control) file_get_contents Don't wrap json_decode() around file_get_contents() as this can return FALSE and not JSON (line 16). Ensure you have JSON before trying to decode. file_get_contents() will only work on external URLs if you've configured PHP to do so with allow_url_fopen. Either ensure that setting is set to 1, use curl, or fsockopen  

Yeah, dead. RC Engine isn't old - pretty sure Firecamp was the guy who had it first, then IceColdCola bought it (or the other way around - I don't think ICC was the actual creator though). Picture McCodes, then take a shit on it, then microwave it so everything becomes liquid, then stir... You've successfully cloned RC code base.

I'll sum everything up for you, Henna Boy ;)   McCodes pays the bills for this site [MENTION=68711]KyleMassacre[/MENTION] moderates it [MENTION=71663]IllegalPigeon[/MENTION] comes here for coding lessons from [MENTION=69823]jcvenom[/MENTION]     Then come to Slack Chat ;)

[MENTION=69823]jcvenom[/MENTION] / [MENTION=69347]crimec[/MENTION] got roasted (more info if you read TIL when you're right, you're wrong) New slack chat - come and join us operation-x got announced by some guys who can't code ([MENTION=71663]IllegalPigeon[/MENTION] & [MENTION=71662]CaptainQuack[/MENTION])

ITT: People blow their own whistle, people out of the loop, people circlejerking I don't play sports... Here's a more accurate representation of what I'm trying to say.

I'm available - though I'll start October 7th.   Will buy you 2hrs of my time per week.

As we all know, the personality behind the handle [MENTION=69823]jcvenom[/MENTION] (aka [MENTION=69347]crimec[/MENTION]) is "hated/in bad light" because of some previous events that went down - generally big-mouth-no-action and attempting to drop some tables - don't take this post as me trying to defend his previous actions because it's not; I joined in on this talk regarding those actions and was against him (see this thread (Jcvenom) for those who missed it) but There was a thread (Maps) that was posted by [MENTION=58812]peterisgb[/MENTION] that gave away a free modification. I replied with a negative, yet helpful review and it was accepted by the community. [MENTION=69347]crimec[/MENTION] then replied some time after - which is basically the same negative review I gave (http://makewebgames.io/showthread.php/46665-Maps?p=313951&viewfull=1#post313951) and he's not wrong in his post - the ideas behind his message convey the same as I wrote, yet he was called out only because he's;   Not contributed enough to the community His past actions has made him a bad person   Please note, his reply and my reply convey the same (he's not wrong), but the community diverged the thread just to point out that he's done nothing to the community. TL;DR Keep things on topic, don't diverge. Don't "make someone wrong even if they're correct because they aren't liked".

<font> is deprecated Why inline styling? Use classes/ids and make the free system more adaptable to your audience Why so many $locationx and $locationy if() statements? Use array logic for this! Constants defined in the middle of the script - ew. Functions that echo HTML... ew. Staff actions have no real indenting - it's hard to read. Staff actions are vulnerable to SQL injection. Hardcoded cost values... ew. Where's the classes? The extendibility? The awesome?!   Though, great attempt but please read and consider the above - if you need any assistance with of the points, Slack me.

The backend is treating the string as a literal string and not query language. See paramatised queries: http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/

With a crude query (hint: not defining the fields before the values), adding a new column can cause data to not be inserted, thus loss of data. Don't suggest SQL injections to make any attempt ethical if you don't cover all bases ;) Also, an SQL injection isn't always/necessarily modification of the database, it's about injecting query language into the query. > SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. For example, if your query was supposed to be SELECT foo FROM bar WHERE faz = 1   But instead it ran SELECT foo, 5 FROM bar WHERE faz = 1   It's still an injection of query language :)

TIL trying to drop a database table (twice, and probably more) means you don't want to do any harm

Note: This user has a long collaboration experience thread against him by a reputable member ([MENTION=53425]Magictallguy[/MENTION]) regarding this game - http://makewebgames.io/showthread.php/45815-Donnie?p=310663&viewfull=1#post310663

Just 6 more pages and we will get an embarrassing secret spilled!

Probably behind 7 proxies, so you'll never find him. http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies

I'm on my phone so I'm not going to write it all, but you can use break; and continue; to manipulate loops. That knowledge will come in handy ;) Put the max turns as the while condition ($i <= 100) Increment $i each iteration If $lose > 0 then break; Etc...

Though it's probably likely to be him, > implying nobody else can sign up with that name

media queries?

You should have sat down and learnt grammar, punctuation, and how to use paragraphs.

Edit your post and remove "post the data". It doesn't increase the logic security any further at all. Sessions are foolproof (implying the fool is the client and not the developer) as the client holds a reference to the session file that is stored on the server - unless of course you're referencing to session poisoning, but then you have a bigger problem than just catching minions. Just reiterate what Magictallguy said. Also, enhance the UI and put this GIF up when they press "Capture Them?"

  /reiterating

  It's not an engine Your investment alone doesn't make a product a specific price that you pull out of thin air Help tutorial doesn't even work - or is set up... what even is that popup? Your onhover box on the menu buttons doesn't flow. It's horrible, infact. Your BBCode is still insecure

Ah, damnit! I thought we had something then. ffs why do people always have 100% secure scripts around here?!