boionfire81

I think a drag & drop is what I'm looking for. I'm fairly inexperienced when it comes to js. I want something that will allow me to have a background image and players be able to drop in "items" and the script save the location so next time they view the page it looks just like the last time they left.

Bruh. I haven't even completed or come half way done with coding it. I'm collecting 0. But in reference to what the guy before said. We have to give the user access to any data collected about them.

Yes, but talking gdpr if they request data deletion what can you do?

Here's my question for logging. When the action being logged is between 2 players and player 1 deletes their data. How does that effect player 2s data? Example. Member 1 doesn't like member 2. Member 1 creates a false account and starts harassing member 2. Then member 1 deletes their fake account and all records of it existing. Now member 1 has been harrased, but no record of it to block an ip or anything. 🤷‍♂️

staff-view-as.php <?php require_once($_SERVER['DOCUMENT_ROOT'].'/sglobals.php'); if(!isset($_GET['action'])){ $_GET['action'] = ''; } switch ($_GET['action']){ case 'view-as-npc': view_as_npc(); break; case 'switch-role': switch_role(); break; default: echo "Error: This script requires an action."; break; } function view_as_npc(){ global $ir,$h; if($ir['user_level'] < 2){ header("Location: index.php"); exit; } if(isset($_POST['npc'])){ $_SESSION['npc'] = $_POST['npc']; echo "You are now viewing as {$_SESSION['npc']}"; }else{ echo "<form action='staff-view-as.php?action=view-as-npc' method='POST'>View As: <select name='npc'>"; if(isset($_SESSION['userid']) && !empty($_SESSION['userid']) && $ir['userid'] != $_SESSION['userid']){ echo "<option value='{$ir['userid']}'>{$ir['username']}</option>"; } $get_npcs=$db->query("SELECT `username`,`userid` FROM `users` WHERE `user_level`='0'"); while($npc=$db->fetch_row($get_npcs)){ echo "<option value='{$npc['userid']}'>{$npc['username']} ({$npc['userid']})</option>"; } echo "</select><button type='submit'> Switch </button></form>"; } } function switch_role(){ global $ir,$h; if($ir['user_level'] < 2){ header("Location: index.php"); exit; } if(isset($_POST['role'])){ $_SESSION['original']=$ir['user_level']; $_SESSION['role'] = $_POST['role']; echo "You are now viewing as user level {$_SESSION['role']}"; }else{ echo "<form action='staff-view-as.php?action=switch-role' method='POST'> Switch Role To: <input type='number' name='role' required> <p> <button type='submit'> Switch </button> </p> </form>"; } } $h->endpage(); exit; ?> in globals.php only above the $is = $db->query if(isset($_SESSION['npc']) && !empty($_SESSION['npc'])){ $userid=$_SESSION['userid']; }else{ $userid=$_SESSION['userid']; } in globals.php only add just after the $ir = $db->fetch_row if(isset($_SESSION['role']) && !empty($_SESSION['role'])){ $ir['user_level'] = $_SESSION['role']; } Links are To switch between npc and self - ( staff-view-as.php?action=view-as-npc ) To switch user role/level - ( staff-view-as.php?action=switch-role ) Anything else? I'm happy to help.

For me, I use it to test the system. How other people use it 🤷‍♂️

What this does is allow you to view your website as any member you choose Add to your globals file before the $is=$db->query if(isset($_SESSION['switch_to']) && !empty($_SESSION['switch_to'])){ if($_SESSION['switch_to'] == 1 && $_SESSION['userid'] == 1){ $_SESSION['switch_to'] = ""; $userid=$_SESSION['userid']; }elseif($_SESSION['switch_to'] == 1 && $_SESSION['userid'] != 1){ $_SESSION['switch_to'] = ""; $userid=$_SESSION['userid']; }else{ $userid=$_SESSION['switch_to']; } }else{ $userid=$_SESSION['userid']; } Create staff_view_as.php <?php require_once($_SERVER['DOCUMENT_ROOT'].'/sglobals.php'); global $db,$ir,$userid,$h; if($ir['user_level'] < 2){ $index=$_SERVER['DOCUMENT_ROOT'].'/index.php'; header("Location: $index"); }else{ if(isset($_POST['switch_to'])){ if($_POST['switch_to'] == 1 && $_SESSION['userid'] == 1){ $_SESSION['switch_to'] = ""; }elseif($_POST['switch_to'] == 1 && $_SESSION['userid'] != 1){ $_SESSION['switch_to'] = ""; }else{ $_SESSION['switch_to'] = $_POST['switch_to']; } echo "You are now viewing as {$_SESSION['switch_to']}"; }else{ echo "<form action='staff_view_as.php' method='POST'>Switch to: <select name='switch_to'>"; $get_user_options=$db->query("SELECT `username`,`userid` FROM `users` WHERE `userid` != $userid"); while($user_options=$db->fetch_row($get_user_options)){ echo "<option value='{$user_options['userid']}'>{$user_options['username']} ({$user_options['userid']})</option>"; } echo "</select><button type='submit'> Switch </button></form>"; } } $h->endpage(); exit; ?> Uridium's edit to switch user_level (i.e. Admin to Member role and vice versa) <?PHP include "globals.php"; switch($_GET['action']) { case 'become_member': become_member(); break; case 'become_admin': become_admin(); break; case 'become_moderator': become_moderator(); break; default: prefs_home(); break; } function prefs_home() { global $db,$ir,$c,$userid,$h; print "<h3>Your Staff Status Page</h3> <a href='?action=become_member'><h3>Become a normal game player</a></h3> <a href='?action=become_admin'><h3>Become Game Admin</a></h3> <a href='?action=become_moderator'><h3>Become Game Moderator</a></h3> "; } function become_member() { global $db,$ir,$c,$userid,$h; $db->query("UPDATE users SET user_level=3 WHERE userid=$userid"); Print"<h3>You have now become a Normal User</h3><br><br><a href='RENAME ME.php'>Return To Choices</a></h3>"; } function become_admin() { global $db,$ir,$c,$userid,$h; $db->query("UPDATE users SET user_level=2 WHERE userid=$userid"); Print"<h3>You have now become an Admin</h3><br><br><a href='RENAME ME.php'>Return To Choices</a></h3>"; } function become_moderator() { global $db,$ir,$c,$userid,$h; $db->query("UPDATE users SET user_level=3 WHERE userid=$userid"); Print"<h3>You have now become a Moderator</h3><br><br><a href='RENAME ME.php'>Return To Choices</a></h3>"; } Thanks to Uridium for the additional option

Trying a new way: Main struggle part is globals if(isset($_SESSION['switch_to']) && !empty($_SESSION['switch_to'])){ if($_SESSION['switch_to'] == 1 && $_SESSION['userid'] == 1){ $_SESSION['switch_to'] = ""; $userid=$_SESSION['userid']; }elseif($_SESSION['switch_to'] == 1 && $_SESSION['userid'] != 1){ $_SESSION['switch_to'] = ""; $userid=$_SESSION['userid']; }else{ $userid=$_SESSION['switch_to']; } }else{ $userid=$_SESSION['userid']; } The server recognizes the $_SESSION['switch_to'] variable, and will echo it. But it still has me logged in and shows me as the admin. And decided to make a staff page which is: require_once($_SERVER['DOCUMENT_ROOT'].'/sglobals.php'); global $db,$ir,$userid,$h; if($ir['user_level'] < 2){ $index=$_SERVER['DOCUMENT_ROOT'].'/index.php'; header("Location: $index"); }else{ if(isset($_POST['switch_to'])){ if($_POST['switch_to'] == 1 && $_SESSION['userid'] == 1){ $_SESSION['switch_to'] = ""; }elseif($_POST['switch_to'] == 1 && $_SESSION['userid'] != 1){ $_SESSION['switch_to'] = ""; }else{ $_SESSION['switch_to'] = $_POST['switch_to']; } echo "You are now viewing as {$_SESSION['switch_to']}"; }else{ echo "<form action='staff_view_as.php' method='POST'>Switch to: <select name='switch_to'>"; $get_user_options=$db->query("SELECT `username`,`userid` FROM `users` WHERE `userid` != $userid"); while($user_options=$db->fetch_row($get_user_options)){ echo "<option value='{$user_options['userid']}'>{$user_options['username']} ({$user_options['userid']})</option>"; } echo "</select><button type='submit'> Switch </button></form>"; } } $h->endpage(); What I'm trying to do is view as a specific member. What I'm trying to do is view as a specific member. Nevermind, found it. I'm switch from $ir to $user and the $user variable was still pulling the $_SESSION['userid']

Sorry forgot to include the staff.php edit where its set if(isset($_POST['switch_to'])){ if($_SESSION['userid'] == 1 && $_POST['switch_to'] == 1){ $_SESSION['switch_to'] = ""; }else{ if($_POST['switch_to'] != 1){ $_SESSION['switch_to'] == $_POST['switch_to']; } } header("Location: index.php"); exit; }

I'm trying to make it possible to switch between user accounts to view the game as another member other than the super admin/logged in userid. I created this form: if($_SESSION['userid'] == 1){ echo "<form action='staff.php' method='POST'><select name='switch_to'>"; $get_switch_to=$db->query("SELECT * FROM `users` WHERE `userid` != '{$user['userid']}'"); while($switch_to=$db->fetch_row($get_switch_to)){ echo "<option value='{$switch_to['userid']}'>{$switch_to['username']} ({$switch_to['userid']})</option>"; } echo "</select><br><button type='submit' class='btn btn-primary'> Switch </button></form>"; } In globals & sglobals I have: if(isset($_SESSION['userid'])){ if(!isset($_SESSION['switch_to'])){ $_SESSION['switch_to'] = ""; } if(!empty($_SESSION['switch_to'])){ $userid=$_POST['switch_to']; }else{ $userid=$_SESSION['userid']; } }else{ if(isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){ $protocol = "https://"; }else{ $protocol = "http://"; } $domain= $protocol."/".$_SERVER['SERVER_NAME']; $login_url = $domain."/login.php"; header("Location: $login_url"); } It's placed right below the session_name('MCCSID'); session_start(); if (!isset($_SESSION['started'])){ session_regenerate_id(); $_SESSION['started'] = true; } It has 0 effect on which user info is being pulled. What am I missing?

Ok. I'm rewriting the education portion. I'm trying to use the multiselect for the city to add it to. But simply adding [] to the select box name throws a 500 error. Here's the code: function add_degree(){ global $db,$ir,$h; if($_SERVER['REQUEST_METHOD'] === 'POST'){ $count=0; foreach($_POST['city'] as $cities){ $db->query("INSERT INTO `edu_degrees` VALUES('','{$_POST['name']}','{$_POST['desc']}','{$cities}','{$_POST['unlocks']}')"); $count=$count+1; } echo $_POST['name']." added to ".number_format($count)." cities."; }else{ echo "<center>Add A Degree</center><br><form action='staff_school.php?action=add-degree' method='POST'> <table> <tr> <td> <b>Name</b>: </td> <td> <input type='text' name='name'> </td> </tr> <tr> <td> <b>Description</b>: </td> <td> <textarea name='desc' rows='4' cols='50'></textarea> </td> </tr> <tr> <td> <b>Available At</b>: </td> <td> <select name='city[]' multiple>"; $get_cities=$db->query("SELECT `cityname`,`cityid` FROM `cities` ORDER BY `cityname` ASC"); while($cities=$db->fetch_row($get_cities)){ $city_id=$cities['cityid']; echo "<option value='$city_id'>{$cities['cityname']}</option>"; } echo "</select> </td> </tr> <tr> <td> <b>Unlocks</b>: </td> <td> <input type='text' name='unlocks'> </td> </tr> </table> <button type='submit'>Add</button> </form>"; } }

I'm modifiying the shop items as with over 300 items and close to 200 locations the single line insert will be overwhelming on the server. I've decided to use an array in a new shops column called shopITEMS. I'd like to create an array like this: itemid => price problem here is I don't know how to store it with each new insert and pull it from the database to display each on their own line in the shop page. Any help appreciated.

bodyguard.php <?php /* Mod created by Dragon Blade. Free Modfication to all MCCodes Users Realese Date - 25/06/2013 UK Date. */ require("globals.php"); if(!isset($_GET['action'])){ $_GET['action'] = ''; } switch($_GET['action']) { case "accept": accept(); break; case "decline": decline(); break; case "request": request(); break; default: index(); break; } function index() { global $db,$ir,$h; echo" <h3>User BodyGuard</h3><hr width=75%>Like to hire a user as a bodyguard? Well you came to the right place!<br /> Your bodyguard will protect you from being attacked ingame.<br /> Only time you will be attacked is when your bodyguard is in jail or hospital.<br /> Click <a href='bodyguard.php?action=request'>here</a> to make a request.<hr width=75%>"; print "<h3>Bodyguard Request(s)</h3><hr width=100%><table width=100% cellspacing='1' class='table'><tr style='background:gray'><th>User</th><th>Pay Job</th><th>Days</th><th>Links</th></tr>"; $q=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguard_apps` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userBG` WHERE `b`.`userID`={$ir['userid']}"); $q1=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguard_apps` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userID` WHERE `b`.`userBG`={$ir['userid']}"); if($db->num_rows($q) || $db->num_rows($q1)){ if($db->num_rows($q)){ while($r=$db->fetch_row($q)){ print "<tr><td><a href='viewuser.php?u={$r['userBG']}'>{$r['username']}</a></td><td>\${$r['userPAY']}</td> <td>{$r['userDAYS']}</td><td><a href='bodyguard.php?action=decline&id={$r['uid']}'><b>Delete</b></a></td></tr>"; } } if($db->num_rows($q1)){ while($r2=$db->fetch_row($q1)){ print "<tr><td><a href='viewuser.php?u={$r2['userID']}'>{$r2['username']}</a></td><td>\${$r2['userPAY']}</td> <td>{$r2['userDAYS']}</td><td><a href='bodyguard.php?action=accept&id={$r2['uid']}'><b>Accept</b></a> | <a href='bodyguard.php?action=decline&id={$r2['uid']}'><b>Decline</b></a></td></tr>"; } } }else{ echo "<tr><td colspan='4'>No pending application(s)</td></tr>"; } echo "</table>"; print "<h3>Bodyguard(s)</h3><hr width=100%><table width=100% cellspacing='1' class='table'><tr style='background:gray'><th>User</th><th>Pay Job</th><th>Days</th><th>Links</th></tr>"; $get_guards=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguards` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userBG` WHERE `b`.`userid`={$ir['userid']}"); if($db->num_rows($get_guards)){ $guard=$db->fetch_row($get_guard); print "<tr><td><a href='viewuser.php?u={$guard['userBG']}'>{$guard['username']}</a></td><td>\${$guard['userPAY']}</td> <td>{$guard['userDAYS']}</td><td><a href='bodyguard.php?action=accept&id={$guard['uid']}'><b>Accept</b></a> | <a href='bodyguard.php?action=decline&id={$guard['userID']}'><b>Decline</b></a></td></tr>"; }else{ echo "<tr><td colspan='4'>No active bodyguard(s)</td></tr>"; } print "</table> <hr width=100%><a href='bodyguard.php'>Go Back</a><hr width=100%><br />"; } function request(){ global $db,$ir,$h; if(!isset($_GET['id'])){ $_GET['id'] = ''; } if($_SERVER['REQUEST_METHOD'] != "POST"){ echo" <form action='bodyguard.php?action=request' method='POST'> Players ID: <input type='text' size=5 name='bodyguard' value='"; if(!empty($_GET['id'])){ echo $_GET['id']; } echo "'><br />Days: <input type='text' size=5 name='days' value='1'><br />Pay: <input type='text' size=5 name='money' value='100'><br /><br /><input type='submit' value='Send Request'></form><hr width='75%'><a href='index.php'>> Go Home</a><hr width='75%'>"; }else{ $check_guard=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguards` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userBG` WHERE `userBG`={$_POST['bodyguard']}"); if($db->num_rows($check_guard)){ $guard=$db->fetch_row($get_guard); echo "{$guard['username']} is already working for someone else."; $h->endpage(); exit; } $check_app=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguard_apps` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userBG` WHERE `b`.`userid`={$ir['userid']} AND `b`.`userBG`={$_POST['bodyguard']}"); if($db->num_rows($check_app)){ echo "You already have a pending application for this user. Delete that request before opening a new one."; $h->endpage(); exit; } $db->query("INSERT INTO `bodyguard_apps` VALUES('',{$ir['userid']},{$_POST['bodyguard']},{$_POST['days']}, {$_POST['money']},'')"); $id = $db->insert_id(); event_add($_POST['bodyguard'],"{$ir['username']} has requested you to be there bodyguard. <a href='bodyguard.php?action=accept&id=$id'>Accept</a> | <a href='bodyguard.php?action=decline&id=$id'>Decline</a>"); echo "Request sent."; } } function accept(){ global $db, $ir, $userid, $h; if(!isset($_GET['id'])){ echo "Invalid use of file."; $h->endpage(); exit; } $get_app=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguard_apps` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userBG` WHERE `b`.`uid`={$_GET['id']}"); if($db->num_rows($get_app)){ $app=$db->fetch_row($get_app); $db->query("INSERT INTO `bodyguards` VALUES('',{$app['userID']},{$app['userBG']},{$app['userDAYS']},{$app['userPAY']},'')"); $get_apps=$db->query("SELECT * FROM `bodyguard_apps` WHERE `userBG`=$userid AND `uid` != {$_GET['id']}"); if($db->num_rows($get_apps)){ while($apps=$db->fetch_row($get_apps)){ event_add($apps['userID'],"{$app['username']} has declined your bodyguard request."); $db->query("DELETE FROM `bodyguard_apps` WHERE `uid`={$apps['uid']}"); } } event_add($app['userID'],"{$app['username']} has declined your bodyguard request."); print "<hr width='50%'>Please read the confirmation message.<hr width='50%'><h3>! CONFIRMATION</h3>You accepted {$app['username']}'s bodyguard request.<br/><br/><hr width='50%'><a href='bodyguard.php'>> Go Back</a><hr width='50%'>"; }else{ echo "Request not found."; } } function decline() { global $db, $ir, $userid, $h; if(!isset($_GET['id'])){ echo "Invalid use of file."; $h->endpage(); exit; } $get_app=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguard_apps` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userid` WHERE `b`.`uid`={$_GET['id']}"); $get_app2=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguard_apps` AS `b` JOIN `users` AS `u` ON `b`.`userBG`=`u`.`userid` WHERE `uid`={$_GET['id']}"); $get_guard=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguards` AS `b` JOIN `users` AS `u` ON `u`.`userid`=`b`.`userid` WHERE `uid`={$_GET['id']}"); $get_guard2=$db->query("SELECT `b`.*,`u`.`username` FROM `bodyguards` AS `b` JOIN `users` AS `u` ON `b`.`userBG`=`u`.`userid` WHERE `uid`={$_GET['id']}"); if($db->num_rows($get_app) || $db->num_rows($get_app2)){ $db->query("DELETE FROM `bodyguard_apps` WHERE `uid`={$_GET['id']}"); if($db->num_rows($get_app)){ $app=$db->fetch_row($get_app); event_add($app['userBG'],"{$app['username']} has declined your bodyguard request."); print "<hr width='50%'>Please read the confirmation message.<hr width='50%'><h3>! CONFIRMATION</h3>You removed {$app['username']}'s bodyguard request.<br/><br/><hr width='50%'><a href='bodyguard.php'>> Go Back</a><hr width='50%'>"; }elseif($db->num_rows($get_app2)){ $event=$db->fetch_row($get_app2); event_add($event['userID'],"".$event['username']." has withdrawn their bodyguard request."); echo "You have declined {$event['username']}'s bodyguard job."; } }elseif($db->num_rows($get_guard) || $db->num_rows($get_guard2)){ $db->query("DELETE FROM `bodyguard` WHERE `uid`={$_GET['id']}"); if($db->num_rows($get_guard)){ $event=$db->fetch_row($get_guard); echo "You have fired {$event['username']}."; }elseif($db->num_rows($get_guard2)){ $event=$db->fetch_row($get_guard); event_add($event['userID'],"{$event['username']} has quit your bodyguard job."); echo "You have quit your bodyguard job."; } }else{ echo "Request not found."; } } $h->endpage(); ?> Attack.php find $youdata = $ir; $odata_sql = <<<SQL SELECT `u`.`userid`, `hp`, `hospital`, `jail`, `equip_armor`, `username`, `equip_primary`, `equip_secondary`, `gang`, `location`, `maxhp`, `guard`, `agility`, `strength`, `gender` FROM `users` AS `u` INNER JOIN `userstats` AS `us` ON `u`.`userid` = `us`.`userid` WHERE `u`.`userid` = {$_GET['ID']} LIMIT 1 SQL; $q = $db->query($odata_sql); if ($db->num_rows($q) == 0) { echo 'That user doesn&#39;t exist<br />&gt; <a href="index.php">Go Home</a>'; die($h->endpage()); } $odata = $db->fetch_row($q); Replace with $get_bodyguard=$db->query("SELECT * FROM `bodyguards` WHERE `userID`={$_GET['ID']} AND `userBG` != $userid"); if($db->num_rows($get_bodyguard)){ while($bodyguard=$db->fetch_row($get_bodyguard)){ $odata_sql ="SELECT `u`.`userid`, `hp`, `hospital`, `jail`, `equip_armor`, `username`, `equip_primary`, `equip_secondary`, `gang`, `location`, `maxhp`, `guard`, `agility`, `strength`, `gender` FROM `users` AS `u` INNER JOIN `userstats` AS `us` ON `u`.`userid` = `us`.`userid` WHERE `u`.`userid` = {$bodyguard['userBG']} LIMIT 1"; $q = $db->query($odata_sql); $odata = $db->fetch_row($q); if($odata['hospital'] === '0'){ echo "You are fighting with the players bodyguard"; $_SESSION['attacking'] = $odata['userid']; break; } } }else{ $odata_sql ="SELECT `u`.`userid`, `hp`, `hospital`, `jail`, `equip_armor`, `username`, `equip_primary`, `equip_secondary`, `gang`, `location`, `maxhp`, `guard`, `agility`, `strength`, `gender` FROM `users` AS `u` INNER JOIN `userstats` AS `us` ON `u`.`userid` = `us`.`userid` WHERE `u`.`userid` = {$_GET['ID']} LIMIT 1"; $q = $db->query($odata_sql); if(!$db->num_rows($q)){ echo 'That user doesn&#39;t exist<br />&gt; <a href="index.php">Go Home</a>'; die($h->endpage()); }else{ $odata = $db->fetch_row($q); } } $youdata = $ir; In attackbeat.php, attacklost.php, attackwon.php, and attacktake.php you will need to replace {$_GET['ID']} with {$_SESSION['attacking']} unless anyone else wants to take a shot at the final files

Staff panel edit (staff_crimes.php) Add Description: <textarea name='desc'></textarea> <br /> After Name: <input type='text' name='cgNAME' /> <br /> Find in new_crimegroup_submit() $_POST['cgNAME'] = (isset($_POST['cgNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['cgNAME'])) ? $db->escape(strip_tags(stripslashes($_POST['cgNAME']))) : ''; Add after $_POST['desc'] = preg_replace('/\x00|<[^>]*>?/', '', $_POST['desc']); $_POST['desc'] = str_replace(["'", '"'], ['&#39;', '&#34;'],$_POST['desc']); Find $db->query( "INSERT INTO `crimegroups` (`cgNAME`, `cgORDER`) VALUES('{$_POST['cgNAME']}', '{$_POST['cgORDER']}')"); Replace with $db->query( "INSERT INTO `crimegroups` (`cgNAME`, `cgORDER`, `cgDESC`) VALUES('{$_POST['cgNAME']}', '{$_POST['cgORDER']}', '{$_POST['desc']}')"); In edit_crimegroup_form() Find Name: <input type='text' name='cgNAME' value='{$itemi['cgNAME']}' /> <br /> Add after Description: <textarea name='desc'></textarea> <br /> In edit_crimegroup_sub() Find $_POST['cgNAME'] = (isset($_POST['cgNAME']) && preg_match( "/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+$/i", $_POST['cgNAME'])) ? $db->escape(strip_tags(stripslashes($_POST['cgNAME']))) : ''; Add after $_POST['desc'] = preg_replace('/\x00|<[^>]*>?/', '', $_POST['desc']); $_POST['desc'] = str_replace(["'", '"'], ['&#39;', '&#34;'],$_POST['desc']); Find $db->query( "UPDATE `crimegroups` SET `cgNAME` = '{$_POST['cgNAME']}', `cgORDER` = '{$_POST['cgORDER']}' WHERE `cgID` = '{$_POST['cgID']}'"); Replace with $db->query( "UPDATE `crimegroups` SET `cgNAME` = '{$_POST['cgNAME']}', `cgDESC`='{$_POST['desc']}', `cgORDER` = '{$_POST['cgORDER']}' WHERE `cgID` = '{$_POST['cgID']}'"); Your done

Definitely. Time for V3 #2021