Jump to content
MakeWebGames

bling

Members
  • Posts

    66
  • Joined

  • Last visited

    Never

Everything posted by bling

  1. Re: So many of one? I feel the same way that is was i don't post mods on here just help some times lmao but in a way its funny to see 10 of the same mods but only have like a few simple {$ir['somethings']} added to it and bang a new version as been made lol but wouldn't that just be edit to and to top it off most of the time they just take off the credits from the top and say its theirs and that they made it but this i why only a few real coders post anything on here all the stealing of code and here say
  2. Re: [mc codes lite] User Credit Card Companys i test this out few few mins ago and come too how do other get loans when the no link to get a loan only start a ccard Company
  3. Re: [mccode] 8 Lines to secure your site from known sql injections. Nyna do you think what i have posted can help ?
  4. Re: [mccode] 8 Lines to secure your site from known sql injections. this will help some add this to your globals function cleanQuery($string) { if(get_magic_quotes_gpc()) // prevents duplicate backslashes { $string = stripslashes($string); } if (phpversion() >= '4.3.0') { $string = mysql_real_escape_string($string); } else { $string = mysql_escape_string($string); } return $string; } you can use the filtering the Query // if you are using form data, use the function like this: if (isset($_POST['itemID'])) $itemID = cleanQuery($_POST['itemID']); // you can also filter the data as part of your query: SELECT * FROM items WHERE itemID = '". cleanQuery($itemID)."' " i know not all of you will get how this works or some thing like function cleanQuery($value="",$filter_type="basic",$data_type="array") { if($data_type=="array") { foreach($value as $x=>$y) { switch($filter_type) { case 'basic': //filter out slashes from a post/get/cookie $retvar[$x]=stripslashes($y); break; case 'dbencode': //encode db data using mysql_escape_string $retvar[$x]=mysql_real_escape_string($y); break; case 'shellencode': //encode shell argument string data $retvar[$x]=escapeshellarg($y); break; case 'htmlencode': //encode for form display with htmlentities $retvar[$x]=htmlentities($y,ENT_QUOTES); break; } } } elseif($data_type=="string") { switch($filter_type) { case 'basic': //filter out slashes from a post/get/cookie $retvar=stripslashes($value); break; case 'dbencode': //encode db data using mysql_escape_string $retvar=mysql_real_escape_string($value); break; case 'shellencode': //encode shell argument string data $retvar=escapeshellarg($value); break; case 'htmlencode': //encode for form display with htmlentities $retvar=htmlentities($value,ENT_QUOTES); break; } } return $retvar; }
  5. Re: [mccode] Crimes give random money   <?php $macropage="docrime.php?c={$_GET['c']}"; include "globals.php"; if($ir['jail'] or $ir['hospital']) { die("This page cannot be accessed while in jail or hospital."); } $_GET['c']=abs((int) $_GET['c']); if(!$_GET['c']) { print "Invalid crime"; } else { $q=$db->query("SELECT * FROM crimes WHERE crimeID={$_GET['c']}",$c); $r=$db->fetch_row($q); if($ir['brave'] < $r['crimeBRAVE']) { print "You do not have enough Brave to perform this crime."; } else { $ec="\$sucrate=".str_replace(array("LEVEL","CRIMEXP","EXP","WILL","IQ"), array($ir['level'], $ir['crimexp'], $ir['exp'], $ir['will'], $ir['IQ']),$r['crimePERCFORM']).";"; eval($ec); print " [b]{$r['crimeITEXT']}[/b]"; $ir['brave']-=$r['crimeBRAVE']; $db->query("UPDATE users SET brave={$ir['brave']} WHERE userid=$userid",$c); if(rand(1,100) <= $sucrate) { print str_replace("{money}",$r['crimeSUCCESSMUNY'],"<font color='green'> [b]{$r['crimeSTEXT']}[/b] </font>"); $muny = rand($r['crimeMINMONEY'],$r['crimeMAXMONEY'])); $ir['money']+=$muny; $ir['crystals']+=$r['crimeSUCCESSCRYS']; $ir['exp']+=(int) ($r['crimeSUCCESSMUNY']/8); $db->query("UPDATE users SET money={$ir['money']}, crystals={$ir['crystals']}, exp=exp+{$r['crimeXP']},crimexp=crimexp+{$r['crimeXP']} WHERE userid=$userid",$c); $db->query("INSERT INTO `criminalrecord` (`crID`, `crCRIME`, `crUSER`, `crRESULT`) VALUES ('', '$_GET[c]', '$userid', '1');",$c); if($r['crimeSUCCESSITEM']) { item_add($userid, $r['crimeSUCCESSITEM'], 1); } } else { if(rand(1, 2) == 1) { print "<font color='orange'> [b]{$r['crimeFTEXT']}[/b] </font>"; } else { print "<font color='red'> [b]{$r['crimeJTEXT']} {$r[crimeJAILTIME]} minutes.[/b] </font>"; $db->query("UPDATE `users` SET `jail` = '$r[crimeJAILTIME]', `jail_reason` = '$r[crimeJREASON]' WHERE `userid` = '$userid'"); $db->query("INSERT INTO `criminalrecord` (`crID`, `crCRIME`, `crUSER`, `crRESULT`) VALUES ('', '$_GET[c]', '$userid', '0');",$c); } } print " [url='docrime.php?c={$_GET[']Try Again[/url] [url='criminal.php']Crimes[/url]"; } } $h->endpage(); ?> try this docrime.php tested works
  6. Re: [mccode] Crimes give random money this $muny=(int) (rand($r['crimesMINMONEY'],$r['crimesMAXMONEY'])); needs to be $muny= rand($r['crimeMINMONEY'],$r['crimeMAXMONEY']);
  7. Re: [mccode] Crimes give random money never mind find it out
  8. Re: [mccode] Crimes give random money ok this might be a little bit off topic but how can i go about to show the Username just like the {money} i have tryed many diff way but it seems it dos not want to show the username can anyone help?
  9. Re: [showcase] D4rk-Forces ok i have updated the hole look of d4rk forc3s let me know what you think of it
  10. Re: [mccode v2] Organizations & Productions lol you don't get it i did read all the code but i also tested and i see when you first go to it the table repeats itself 3 times and when you go to buy it will tell you you don't have enough space
  11. Re: [mccode v2] Organizations & Productions looks to me as if this will not work like this for most lol   $space = $s['tsspace']; because it do's not know where to call it from see you got it in the start of the page <?php //This script was made by illes ignath (a.k.a ishmell) //Please do not delete this credit. //Feel free to edit the script however you may please. //This is just version 2.0 and ill be sure to add more features to it over time. //Thats all for now, I hope you enjoy it. require "globals.php"; global $db,$c,$ir, $set; $totaltroops = $s['bodyguards']+$s['hustlers']+$s['bootleggers']+$s['whores']; $space = $s['tsspace'];--------------here---------- $usersid= $ir['userid'];   so how are the player going to have space
  12. Re: [showcase] D4rk-Forces Thank you Casanova for your reply
  13. Re: [showcase] D4rk-Forces lol well i like the name and is why i bought it and named the game it bro lol and also the game is now open let me know what you all think of it
  14. Re: Basic Stock Market [V2] im not using v1 lol
  15. Re: Basic Stock Market [V2] when i tried it it would not up date a stock and also if the stock hit 0 people could of bought it for 0 and bought millions of the stock also i added it so that it updates a different stock but only one at a time
  16. Re: Basic Stock Market [V2] one thing that did not work for me was the cron i had to make it like this to work right //stock market $stock=mysql_query("SELECT stID FROM stock",$c); $st=mysql_num_rows($stock); $rand_stock = rand(1,$st); $rand1=(int) rand(1,2); $rand2=(int) rand(2,10); if($rand1 == 1) { mysql_query("UPDATE stock SET stCOST=stCOST+$rand2,stPERC='$rand2' WHERE stID={$rand_stock}",$c); } else { mysql_query("UPDATE stock SET stCOST=stCOST-$rand2,stPERC='-$rand2' WHERE stID={$rand_stock}",$c); } mysql_query("UPDATE stock SET stCOST=2 WHERE stCOST<2",$c); and its work good now
  17. Re: Register [Free]   true but did i say copy and paste no that would be a simple as doing this for the password $password=str_replace('\\\'',''', $password); $password=str_replace('refresh','', $password); $password=str_replace('meta','', $password); $password=str_replace('redirect','', $password); $password=str_replace('html','', $password); $password=str_replace('query','', $password); $password=str_replace('UPDATE','', $password); $password=str_replace('SET','', $password); $password=str_replace('style','', $password); $password=str_replace('img','', $password); $password=str_replace('dynsrc','', $password); $password=str_replace('background','', $password); $password=str_replace('.','', $password); $password=str_replace('title','', $password); $password=str_replace('embed','', $password); $password=str_replace('printf','', $password); $password=str_replace('xxs','', $password); $password=str_replace('script','', $password); $password=str_replace('javascript','', $password); $password=str_replace('body','', $password); $password=str_replace('onload','', $password); $password=str_replace('load','', $password); $password=str_replace('frame','', $password); $password=str_replace('FRAME SRC','', $password); $password=str_replace('md5','', $password); $password=str_replace('FRAMESET','', $password); $password=str_replace('query','', $password); $password=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $password); $password=str_replace(array("<", ">"), array("<", ">"), $password); but as most know a simple injection to the password field is to easy and bro this stops a lot of hackable injections to the post fields and it is not to easy for noobs to apply to a page it will need edits but it was point to the right area to see what can be done
  18. Re: Register [Free]   Couldn't you just use htmlentities() in stead of all that. no that would be needed too but by doing it this way you stop most known attacks
  19. Re: Register [Free] not bad i wont be using it but its bad a55 but i think you will wont to remove the session_start();   and add in a bit of protection like   $promo=$_POST['promo']; $promo=str_replace('\\\'',''', $promo); $promo=str_replace('refresh','', $promo); $promo=str_replace('meta','', $promo); $promo=str_replace('redirect','', $promo); $promo=str_replace('html','', $promo); $promo=str_replace('query','', $promo); $promo=str_replace('UPDATE','', $promo); $promo=str_replace('SET','', $promo); $promo=str_replace('style','', $promo); $promo=str_replace('img','', $promo); $promo=str_replace('dynsrc','', $promo); $promo=str_replace('bg','', $promo); $promo=str_replace('background','', $promo); $promo=str_replace('.','', $promo); $promo=str_replace('title','', $promo); $promo=str_replace('embed','', $promo); $promo=str_replace('printf','', $promo); $promo=str_replace('xxs','', $promo); $promo=str_replace('script','', $promo); $promo=str_replace('javascript','', $promo); $promo=str_replace('body','', $promo); $promo=str_replace('onload','', $promo); $promo=str_replace('load','', $promo); $promo=str_replace('div','', $promo); $promo=str_replace('frame','', $promo); $promo=str_replace('FRAME SRC','', $promo); $promo=str_replace('md5','', $promo); $promo=str_replace('FRAMESET','', $promo); $promo=str_replace('db','', $promo); $promo=str_replace('query','', $promo); $promo=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $promo); $promo=str_replace(array("<", ">"), array("<", ">"), $promo); $username=$_POST['username']; $username=str_replace('\\\'',''', $username); $username=str_replace('refresh','', $username); $username=str_replace('meta','', $username); $username=str_replace('redirect','', $username); $username=str_replace('html','', $username); $username=str_replace('query','', $username); $username=str_replace('UPDATE','', $username); $username=str_replace('SET','', $username); $username=str_replace('style','', $username); $username=str_replace('img','', $username); $username=str_replace('dynsrc','', $username); $username=str_replace('bg','', $username); $username=str_replace('background','', $username); $username=str_replace('.','', $username); $username=str_replace('title','', $username); $username=str_replace('embed','', $username); $username=str_replace('printf','', $username); $username=str_replace('xxs','', $username); $username=str_replace('script','', $username); $username=str_replace('javascript','', $username); $username=str_replace('body','', $username); $username=str_replace('onload','', $username); $username=str_replace('load','', $username); $username=str_replace('div','', $username); $username=str_replace('frame','', $username); $username=str_replace('FRAME SRC','', $username); $username=str_replace('md5','', $username); $username=str_replace('FRAMESET','', $username); $username=str_replace('db','', $username); $username=str_replace('query','', $username); $username=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $username); $username=str_replace(array("<", ">"), array("<", ">"), $username); $password=$_POST['password']; $password=str_replace('\\\'',''', $password); $password=str_replace('refresh','', $password); $password=str_replace('meta','', $password); $password=str_replace('redirect','', $password); $password=str_replace('html','', $password); $password=str_replace('query','', $password); $password=str_replace('UPDATE','', $password); $password=str_replace('SET','', $password); $password=str_replace('style','', $password); $password=str_replace('img','', $password); $password=str_replace('dynsrc','', $password); $password=str_replace('bg','', $password); $password=str_replace('background','', $password); $password=str_replace('.','', $password); $password=str_replace('title','', $password); $password=str_replace('embed','', $password); $password=str_replace('printf','', $password); $password=str_replace('xxs','', $password); $password=str_replace('script','', $password); $password=str_replace('javascript','', $password); $password=str_replace('body','', $password); $password=str_replace('onload','', $password); $password=str_replace('load','', $password); $password=str_replace('div','', $password); $password=str_replace('frame','', $password); $password=str_replace('FRAME SRC','', $password); $password=str_replace('md5','', $password); $password=str_replace('FRAMESET','', $password); $password=str_replace('db','', $password); $password=str_replace('query','', $password); $password=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $password); $password=str_replace(array("<", ">"), array("<", ">"), $password); $email=$_POST['email']; $email=str_replace('\\\'',''', $email); $email=str_replace('refresh','', $email); $email=str_replace('meta','', $email); $email=str_replace('redirect','', $email); $email=str_replace('html','', $email); $email=str_replace('query','', $email); $email=str_replace('UPDATE','', $email); $email=str_replace('SET','', $email); $email=str_replace('style','', $email); $email=str_replace('img','', $email); $email=str_replace('dynsrc','', $email); $email=str_replace('bg','', $email); $email=str_replace('background','', $email); $email=str_replace('.','', $email); $email=str_replace('title','', $email); $email=str_replace('embed','', $email); $email=str_replace('printf','', $email); $email=str_replace('xxs','', $email); $email=str_replace('script','', $email); $email=str_replace('javascript','', $email); $email=str_replace('body','', $email); $email=str_replace('onload','', $email); $email=str_replace('load','', $email); $email=str_replace('div','', $email); $email=str_replace('frame','', $email); $email=str_replace('FRAME SRC','', $email); $email=str_replace('md5','', $email); $email=str_replace('FRAMESET','', $email); $email=str_replace('db','', $email); $email=str_replace('query','', $email); $email=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $email); $email=str_replace(array("<", ">"), array("<", ">"), $email);
  20. Re: Own 50% of my game if you help with codeing and adding mods look the guy just needs some help pm me and i will help you out in somethings also i dont see why people want to be so mean to newbies we are all newbies at somethings even some of the best coders needs help with graphics i started in vb programing and when i started php it was so different then vb and after almost 3 years in php i still am on the learning field on it but i do know a lot about it. also it did help to know xhtml and html along with c++ to get me started but it takes a teacher to really help you even if its a friend that helps you learn it   also i dont want 1/2 your game to help you thats just not fair to do
  21. Re: Auto-credited awards[$20]     Would it help if I told you I helped him with some parts of the mod? Second, never judge a coder's worth by the security of his game. Quite frankly, you and I both know it takes more than 10 minutes to fix all the bloody bugs and insecurities in MC Codes. So that means that you're judging this guy by looking at a code you already know is started bugged. So, in turn, you need to refrain from spitting out rude attacks like that until you realize that he is NEW to the scene, and thus the game isn't going to be perfect like you seem to think it should be.   Second, flaming him for price is ridiculous! You may find it easy to do an event and auto-credit, but many do not. You are not amongst this guy's target audience... so chill out and go find a mirror to pick on.       @ bloodcraver - Given that I already told you I like the idea for the mod, many people may like it. Best of luck!   lol with only ten mins of working out bugs you still would have a ton of it would not be too secure it takes hours just on securing exploits with different php files also even then most games that have a really good coder will still only be 99.9% most of the time they are only 88.1-90% secure and thats with a really good coder i have yet to see a site 100% but i am not saying that this mod is not good it might be a good one but all!!!!!! mods need to be secured
  22. Re: House Rentals [V2] i test this on my test site and there no way for them to move in to the rented house there most be a SELECT missing from the properties.php making this happen
  23. Re: Hi, I'm a new game owner. its nice to meet you to :evil:
  24. bling

    Hi Peeps

    Re: Hi Peeps your one one the best members here on ce do to the fact that you help out and stay away from dumb post and keep your cool when i know i would snap lol welcome you
  25. bling

    Hello!

    Re: Hello! Welcome back Arson! missed your game too
×
×
  • Create New...