CrazyT

haha You dont even own one :P Immortalthug - I exploited yours because you exploited people i know.

lmao - MySQL errors willl only show if mysql_error() is there.

Thanks for trying? I can tell you that sqlpro crap will not secure you.

lol - You don't need that "that's to stop him getting sql injected" - But fails.

All ready fails that mod. Will not secure you one bit. Not needed.

Simple just use this. $r['crimeSUCCESSMUNY'] = ($r['crimeSUCCESSMUNY']) ? mt_rand(0, $r['crimeSUCCESSMUNY'] ) : mt_rand(0, 100);   Simple aye? lol

Incorrect - By default sessions last 24 minutes. (i think)

rofl lmao - You some kind of experienced programmer now are you? - I got to love kiddie sql injections. lol

I was about to say that. You beat me to it. lol

Are you kidding, why would you use a stupid code like that? lol

You can do that with like a few simple lines.. *hint* ob_start(); *hint*

They will soon though.. :)

Yup, i only posted that to show you. :) And yeah, you needed to edit it of course :L

You don't need to use $c on the $db->query("somequery", $c); because it already does that in the database class. So it will work fine just like $db->query("SOME QUERY");

$c_name = sprintf('SELECT userid FROM users WHERE UPPER(username) = UPPER("%s") AND userid != %d', $db->escape($_POST['newname']), $ir['userid']); $c_name = $db->query($c_name); if ($db->num_rows($c_name) > 0) { echo "Username already taken. \n"; } $c_login = sprintf('SELECT userid FROM users WHERE UPPER(login_name) = UPPER("%s") AND userid != %d', $db->escape($_POST['new_loginname']), $ir['userid']); $c_login = $db->query($c_login); if ($db->num_rows($c_login) > 0) { echo "Login name already taken. \n"; } There... you can do the rest of it :)

$c_name = sprintf('SELECT userid FROM users WHERE username = "%s" AND userid != %d', $db->escape($_POST['name']), $ir['userid']); $c_name = $db->query($c_name); if ($db->num_rows($c_name) > 0) { echo "Username already taken. "; } There's a starter :)

Ok im bored so putting up a little Challenge.   <?php $ir = array(); $ir['username'] = 'Alan'; function lmao() { echo "Your name: ". $ir['username']; } lmao(); ?>   Now You have to get that username to work in the function. What you Can't do! 1# You cant edit the function 2# You cant global $ir; 3# You cant move the $ir array() into the function. What you can do! 1# Edit the $ir['username'] in the function :) You have the answer: PM ME. Let's see who get's it.

Regex can do this -.- Note - I didnt do the regex came from a regex site. if (isset($_POST['color']) && preg_match("/^#?([a-f]|[A-F]|[0-9]){3}(([a-f]|[A-F]|[0-9]){3})?$/", $_POST['color'])) { printf ('<span style="color: %s">Alan</span> ', $_POST['color']); }

Simple fix (Secure the files :) ) Ideas #1 - Move ALL staff files into a folder. #2 - Give staff keys #3 - Profile sig/forum avatar/display pic - Make sure its a picture :)

[warnbox] Just ask the question, if you have one. No need to try and mock him at the same time. [/warnbox] Why have you got that many queries?

Yes i know i done it like that for him, because thats how his preferences his.

Can use in_array, and just add more to the array who you want to give access to. <?php include("./globals.php"); if (in_array($ir['userid'], array(1))) { //Script Here } else { echo "You don't have access to this page."; } $h->endpage(); ?>

I've posted one above... -.-

Case case 'vacation': vacation(); break; Link [url="preferences.php?action=vacation"]Vacation Change[/url] Function function vacation() { global $db, $ir; $sql = 'UPDATE users SET `vacation` = '. $ir['vacation'] == 1 ? 0 : 1 .' WHERE userid = '. $ir['userid']; $db->query($sql); echo 'You turned vacation '. $ir['varcation'] == 1 ? 'on' : 'off''; }   Note: not tested.

Re: question... Yeah i know :P