boionfire81

Think it is 100 now :) I found some issues were the $db wasn't being called from the global line >.< how did he miss that???

mysql_fetch_row() expects parameter 1 to be resource, object given Just noticed my forum sig. I have alot of mods going, so probably gonna need to truncate.

Sorry didn't post the code   $lso=$db->query("SELECT * FROM items WHERE itmid={$ws['wITEM']}"); $item=mysql_fetch_array($lso);

Almost have this finished. modified the real escape string thanks to [uSER=69001]Zettieee[/uSER] but now I have the mysql_fetch_array that doesn't work >.<

the second worked! ty!!!!!!

Ok, anyone know how to insert into [uSER=65371]sniko[/uSER] Advanced Property Mod? Just the part about buying a house. Still sleepy, but it would seem to me it would need to be in the property purchase, property move-in and property buy from market. Let alone know what lines to look for.

So, right now I've got several of my features going. But they all seem to be just open to whoever 24/7. Right now I'm wanting to restrict pages based on specific qualifiers. My first qualifier would be by housing id. I could go with if houseid = 1 then show this content. But obviously if there are 20 houses and it can get rather redundant. And in order to avoid future game additions, my thought is how to restrict based on multiple id numbers. Not a range i.e. if <5 or if >= 6. But rather if houseid = 1,2,7, 9, 12 then show. So without being redundant while still allowing further housing how can I do this? Sorry, 6am here and still sleepy.

Believe me I know, but I just believe, you always try. But was just trying to help post resources. geez.

ok tried   <select name=item>"; $nji=$db->query("SELECT * FROM items ORDER BY itmname ASC"); while ($list=mysqli_fetch_row($nji)) { print"<option value=' .{$list['itmid']}. '>{$list['itmname']}</option>"; }   and still nothing

Not trying to relay that they only come through google search for mccodes. Merely that some hackers have a thing for specific scripts especially open source (as the majority probably are free version). As [uSER=65530]Coly010[/uSER] mentions (in a similar form) that is one of many factors. Also for [uSER=65530]Coly010[/uSER], believe me I know. The joke among many SEO's is actually that. The moment Google makes a big change, like the old Panda update, there are literally hundreds of agents claiming the downfall of SEO is almost to an end. But the fact is, if you rely to heavily on one factor (such as 90% links >.<) in the end, it wont be the downfall of all SEO, merely that agent. However, assuming there are "good" hackers, in my view, is like a good criminal vs a career criminal. It seems [uSER=65530]Coly010[/uSER] you're definition of hackers are merely those with the ability to hack. To me those are security agents. They know how to hack and choose to help, because that's what they do. While a hacker to me is someone who makes a living off of hacking into others websites. And [uSER=65371]sniko[/uSER] if you read thoroughly, you would see I mentioned, xss testing, iframe busting, static monitoring, and blacklisting. As well as a slight mention of I discovered that there is almost a directory/list of mccode sites that is said to be used by hackers through google. I still remain that I do NOT want to be in that list. One factor of many.

Thanks. That worked :)

Ok, let me try to explain the idea behind keywords. If you search mccodes there is currently in the us an average of 110 searches per month. If you search rpg online there are currently 60500 searches per month. What are the pros and cons? Pros of being listed in the serps for BOTH mccodes & rpg online = a total of 60610 serp views (based on proximity). Cons - being listed for mccodes can draw potential hackers. While simply removing the mccodes word from the site will reduce 110 possible "finds" could also end you up on on the black ball list. i.e. never being seen in Google again. No b.s. there googles blacklist can take years to resolve even if in your favor. Oh yeah, you CAN be listed for rpg online while NOT being listed for mccodes (if you KNOW what you're doing). Bro, I have done SEO, not SEM, for years on a years on a global and local scale. Please, let it be before you are ripped to shreds on a subject you are unaware of. You may be smarter about php and security (even though you SEEM to insist some hackers trying out your website is ok). BUT SEO, is all me bro.

Also, what the....how the....am I getting invalid username or password several times a day Always, since day 1, had the issue of being logged out randomly, but now I'm being logged out and can't log back in..

So I found richard's business mod update (looks awesome by the way). But this one line is giving me issues.   echo '<p class="heading">Create Company</p>'; $_POST['name'] = mysql_real_escape_string($_POST['name']); $_POST['class'] = abs(@intval($_POST['class']));   Basically, Im using mysqli, but switching to mysqli_real_escape_string returns a fatal also. Will post the exact error in a minute after I can login. >.<  

ok can you enlighten me as to why every in the game has visible profiles. But viewuser.php??u=1 says Sorry, we could not find a user with that ID, check your source.

ok, so what it has come down to at this point I believe anyways is this   else { print"<table width=50% border=1><tr><th colspan=2>Adding An Item To The Workshop...</th></tr><tr><td><center>Item To Create:</center></td><td><center><br><form action='workshop.php?action=itemcreate' method='post'> <select name=item>"; $nji=$db->query("SELECT * FROM items ORDER BY itmname ASC"); while ($list=$db->free_result($nji)) { print"<option value=' .{$list['itmid']}. '>' .{$list['itmname']}. '</option>"; } print"</select><br><br></td></tr>   Originally the ' . . ' where not there but I'm trying lol! Issue is when attempting to make/select item to create the item list returns blank.

Well, not stupid, just new to mccodes and much of php. After the xss, I researched and found out there is basically a directory of all the mccodes sites on the web through google. I simply said I do not want to be on that target list. :)

Don't get me wrong, SEO is my specialty. I love google. But I do NOT want to be one the serp (search engine result page) for mccode sites. If they search for mccodes and find my site. eff em. I don't need them. Now if they search for "My great game title" and find me, I'm happy. It's a matter of knowing what keywords are used ya feel me?

Just saying, you block all hackers. Not only the smart ones, but the dumb ones too. Well you know.

It's more a matter of not all hackers think first to change everything to not be tracked. There are several sites like top seo 1 or something. Basically website that claim to help improve seo through incoming links. Half the time they are blackhat seo and highly known for their tatics. Also, not sure if McCodes recommends this (as I'm sure they don't) but you can actually google for a list of mccode run websites. So the known and prepared vulnerabilities can be done in an instant. Less time of site looks simply like a bounce back. So, I've kept the license code, but I refuse to be on that google list. Also iFrame breakers are a good idea. - See http://seclab.stanford.edu/websec/fr.../framebust.pdf  

So, for those of you, like me, who are not sure about xss here's the cheat sheet to test your script! https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet Click controls to see the filters and security options for them as well. And when in doubt just block em out! I check my awstats regularly to find out some important info on my visitors. First, the refer. Don't know the refer? google them. if they come off spammy. block that refer (.htaccess if nothing else). Had a recent injection? View your latest visitors to that specific page (assuming you know where the injection came form. Filter through the ips, and whois them. Then decide if you want to cdir or simply block that single ip. And do not forget to block AWS Amazon web service. They are mutterfutters for real! Amazon sells various crawlers (like a search engine crawlers) that basically let someone crawl anonymously as a test drive. Amazon full cdir as published by amazon at http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html  

Anyone have this working on v2.0.5? cause nothing looks the same >.<

ok well yeah. Some how (don't say it!) I had an sql injection and several invisible outgoing spam links were placed on my site. So I delete the info they had injected. But now for whatever reason I can't login. Invalid username or password. If it's not MD5 what is it?

Guys :( I don't know why I just can't grasp the undefined. >.< But in Bounty v2 (paid mod) Undefined index: bounty the line code is   echo "<a href='attack.php?nextstep=$ns&ID={$_GET['ID']}&wepid={$r['itmid']}&bounty={$_GET['bounty']}'>{$r['itmname']}</a><br />";   so the   &bounty={$_GET['bounty']}   may or may not exist -.- what to do?

If you're willing to work with me on cool :) I can learn at the same time. pm me and I'll send my details