SecurityEh

Thanks again I tweaked it slighty as there were one or two parse errors but nothing majour other then that it works a treat. Edited OP* Cheers :)

Thanks for the criticism Guest, I now look it and think yeah did I really need to add that much space etc cheers I also adding what you said about is_numeric it does make sense to use ctype_digit now I think about it, As for the math side I was'nt if by adding a static number it would do as intended but as you said it woul just calcuate to that static number anyway so it would make sense just to out the static number in the first place. As for ~Rob0t, the functions can be found here http://makewebgames.io/showthread.php/46842-Jail-Hospital-Timestamps?highlight=TheMasterGeneral. As for a staff panel/area It will be something I would definitely look into as it should would work really nicely with it. Other thoughts: What are peoples opinions about adding MySQL to the mix? So maybe have the outcomes in the database for the staff panel as well has having somesort of way of limiting how many times can a user use the Pub. Any more thoughts that anyone would like to add?

Information: The base of it really is to try and add an incentive to gain currency/items and I thought why not have a bit of fun with it :). Features: Use's TheMasterGeneral's Hospital/Jail's functions Chance of player obtaining a small amount of SilverCoins/GoldCoins Chance of Removing x amount of GoldCoins Chance of removing a percentage of Will/Exp Code Below: <?php /* Created by SecurityEh. Credits to TheMasterGeneral. Re-write and DB integration by some ******* on MGW. License - daFuqULike */ require_once('globals.php'); /* Lets throw some functions in the mix real quick */ function hospitalize($id, $time, $reason) { user_punishment_update($id, $time, $reason, 'hospital', 'hospital_reason'); } function lockup($id, $time, $reason) { user_punishment_update($id, $time, $reason, 'jail', 'jail_reason'); } function user_punishment_update($id, $time, $reason, $field, $reason_field) { $id = ctype_digit($id) ? $id : FALSE ; $time = ctype_digit($time) ? $time : FALSE ; $reason = is_string($reason) ? $reason : FALSE ; if ($id && $time && $reason) { $sql = "UPDATE users SET $field = $field + $time, $field_reason = ".$db->escape($reason)." WHERE userid = $id"; $db->query($sql); } } /* Now for ze code */ if ($ir['hospital']) { echo 'Only healthy players can have a drink'; } else if ($ir['jail']) { echo 'Only good players are allowed to have a drink'; } else { if ($ir['goldcoin'] <= 0) { $sql = "UPDATE users SET goldcoin = 0 WHERE userid = ".$userid; $db->query($sql); } if ($ir['exp'] <= 0) { $sql = "UPDATE users SET exp = 0 WHERE userid = ".$userid; $db->query($sql); } if ($ir['will'] <= 0) { $sql = "UPDATE users SET will = 0 WHERE userid = ".$userid; $db->query($sql); } echo '<h2>Welcome to the Pub, '.$ir['username'].'</h2>'; if ($_SERVER['REQUEST_METHOD'] == "POST") { if ($ir['daily_drinks']) { // Since drink doesn't actually define options, when posted, this is just here for future expansion; $drink = isset($_POST['drink']) && ctype_digit($_POST['drink']) ? $_POST['drink'] : FALSE ; // Renamed $drink to $random, since $random is what it be. $random = mt_rand(1, 8); $expgain = max($ir['exp'] / 100, 50); // 1% of current. Maximum of 50. $willloss = MAX($ir['will'] / 20, 50); // 5% of current. Maximum of 50. $goldloss = 20; $goldgain = mt_rand(1, 8); $silvgain = mt_rand(1, 10); if ($random == 1) { echo '<p>Damn, calm down. Sunk that like it was the titanic. Ready for another one? <small>[+'.$goldgain.' Gold]</small></p>'; $sql = "UPDATE users SET goldcoin = goldcoin + $goldgain WHERE userid = ".$userid; $db->query($sql); } else if ($random == 2) { echo '<p><b>Nurse :</b> The results are back. You were drugged. You also hit your head dancing naked in the street. So Smart! <small>[+'.$expgain.' exp]</small></p>'; $time = mt_rand(100, 600); $reason = 'Slightly Tipsy'; hospitalize($userid, $time, $reason); $sql = "UPDATE users SET exp = exp + $expgain WHERE userid = ".$userid; $db->query($sql); } else if ($random == 3) { echo '<p><b>Officer :</b> Starting a fight when drinking, you idiot? Yeah, jail for you!</p>'; $time = mt_rand(20, 400); $reason = 'Fighting outside of the Pub'; lockup($userid, $time, $reason); } else if ($random == 4) { echo '<p><b>Passerby :</b> You alright down there mate? Look a little bit drunk and you may want to wipe that vomit off your face.</p>'; } else if ($random == 5) { echo '<p><b>Nurse :</b> Nothing major, you were just unconcious. <small>[-'.$willloss.' will]</small></p>'; $sql = "UPDATE users SET will = will - $willloss WHERE userid = ".$userid; $db->query($sql); } else if ($random == 6) { echo '<p><b>Officer :</b> Next time, pay for your drink and I won\'t have to send you to jail, you idiot!</p>'; $time = mt_rand(40, 180); $reason = 'Bad Manners.. Tsk Tsk'; lockup($userid, $time, $reason); $sql = "UPDATE users SET exp = exp + $expgain WHERE userid = ".$userid; $db->query($sql); } else if ($random == 7) { $coins = min($ir['goldcoin'], $goldloss); echo '<p><b>Nurse :</b> It would appear that you got mugged. Notice what you are missing? <small>[-'.$coins.' gold]</small></p>'; $time = mt_rand(30, 150); $reason = 'Mugged at the Pub'; hospitalize($userid, $time, $reason); $sql = "UPDATE users SET goldcoin = goldcoin - $coins WHERE userid = ".$userid; $db->query($sql); } else if ($random == 8) { echo '<p><b>Landlord :</b> Here you go, you dropped these. <small>[+'.$silvgain.' silver]</small></p>'; $sql = "UPDATE users SET crystals = crystals + $silvgain WHERE userid = ".$userid; $db->query($sql); } } } if ($ir['daily_drinks']) { echo 'We can not promise you are not going to come to any harm in this place, but we can promise you something alcoholic! So, '.($ir['gender'] == "Male" ? 'Chap' : 'Darlin\'').', what is your choice of sin today? <hr style="margin: 0 auto; width: 30px;" /> <form action="" method="post"> <select name="drink"> <option value="1">Lager</option> <option value="2">Cider</option> <option value="3">Brandy</option> <option value="4">Vodka</option> <option value="5">Wine</option> <option value="6">Gin and Tonic</option> </select> <button>Get Drink</button> </form>'; } else { echo '<h4>You have used up your drink allowance for today, '.($ir['gender'] == "Male" ? 'pal' : 'Darlin\'').'</h4> <p>You\'re drunk, <a href="index.php">go home</a></p>'; } } $h->endpage(); Things to note some of the functions/variables may or may not be in your game just remove or replace these thank you. Added Improvements by Guest ;) Any feedback welcomed. ~SecurityEh

  I agree sha256/sha512 are not 100% secure although slightly better then having no hash I suppose and yeah give someone enough time with a GPU and a decent wordlist would make most brainwallet passwords that are hashed with say sha256 easily beaten.

Myself and TheMasterGeneral have already done so, However I would like to point out that many people still use md5 or plain text and for the majority of people that play said game would not know so in the event of a possible compromise it everyone's password's would be exposed and abused.

I cry every tim, but really plain text passwords this is 2015 people and yet md5 and plain text passwords are still a thing xD. There's only a certian few that I know use sha512/sha256 :)

Can't wait for this for when you get it up and running ;)

Just to point it out here, I "think" is a possible injection though due to me being slightly tired who knows.   SELECT * FROM `forum_ratings` WHERE `postid` = AND `user` = 1   Just to give you a heads up.