Aventro

Since the Bank module was gone I remade it. Here's some pictures: The Bank.zip is attached on this topic. Installation Instructions: 1. Put the Bank folder in modules/ directory. 2. Put the bank.tpl in smarty/templates. 3. Log in to your admin account, go to index.php?mod=Bank&act=install 4. It should now be installed and ready to use. This is basically a simple remake of the bank module Zeggy once did. Bank.zip

Here you can request any module you like too see implemented in the engine. You can also request a port (from MCCodes to ezRPG), for example. But it is important that you give us all the code provided for that module.

Have a look at the ezRPG. It's getting active again. I think Spud will bring back the old modules per request. And I will do any modules suggested

Easy one. Nothing fancy really, just saves some time, it displays top 10 players, you can order the top list via money/level.   <?php //This file cannot be viewed, it must be included defined('IN_EZRPG') or exit; class Module_TopPlayers extends Base_Module { public function start() { //Require login requireLogin(); switch ($_GET['order']) { case 'level': $order = 'level'; break; case 'money': $order = 'money'; break; default: $order = 'level'; } $query = $this->db->execute('SELECT `username`, `level`, `money` FROM `<ezrpg>players` ORDER BY ' . $order . ' DESC LIMIT 10'); $members = $this->db->fetchAll($query); $this->tpl->assign('members', $members); $this->tpl->display('topplayers.tpl'); } }   topplayers.tpl   {include file="header.tpl" TITLE="Top 10 Players"} <h2>Top 10 Players</h2> <table width="90%"> <tr> <th style="text-align: left;">Username</th> <th style="text-align: left;"><a href="index.php?mod=TopPlayers&order=level">Level</a></th> <th style="text-align: left;"><a href="index.php?mod=TopPlayers&order=money">Money</a></th> </tr> {foreach from=$members item=member} <tr> <td>{$member->username}</td> <td>{$member->level}</td> <td>{$member->money}</td> </tr> {/foreach} </table> {include file="footer.tpl"}   Installation 1. Make a folder named TopPlayers in your modules directory. 2. Place the index.php file with the first code snippet above. 3. Place the topplayers.tpl file in the smarty/templates directory with the second code snippet above.

As this is the forums that is supported, making regularly updated having effect on current running games I'd like to know how many actual games are running on ezRPG right now. If we would have some sort of idea of this it would be easier to make proposals and making updates that side-effects games running on current version, less people actually using it right now makes a market to make the core better.

Glad to hear! We'll see you soon then :)

That would require to store the old password which would need to reorganize the table structure of the database, but yes, that's one solution as well. My point is too make it happen!

We discussed back earlier on the password hashing, as it is currently weak, I think we all can agree on this. The problem was that Boother didn't want to break games running on the current version of ezRPG as it would disallowing them making further updated. However, I think that reason is bad, seeing as: 1) Not many games are running on ezRPG, it is a dead engine with loads of potential. 2) It makes the game more insecure than needed. My proposal is to implement a new password hashing algorithm, i.e. one used in the rework of ezRPG that never was finished. But to keep it backward compatible we simply first checks the password with our new password implementation and If it's incorrect (returns false) we simply check with the old one, if that one is correct we simply rehash the password, storing it in the database, and hey, we never getting to that else if statement again!

What you doin', any updates coming soon? Bring ezrpg alive again.

How production friendly is NW?

Just to be noted, you can't really do "MVC" in php, however MVC-related solutions are often implemented, such as MVP. :)

1. That is correct, if using i.e Mccodes or Nw-engine as they provide many many modules based on functionality and game themes. However, engines like ezrpg provides a boilerplate which let you focus on programming your own game. 2. Well, if you can't do it yourself you probably won't be able to write from scratch either way, just because you use an engine doesn't mean you code entirely differently 3. Sure, but these are patched as soon as they are notified; Are you saying that by writing by scratch there will be no vulnerabilities? I think not.

If I am lucky to receive a dev version, ill pump modules faster than bertrand can say quidditch

Good job. Some pointers: - The donating seem to give really a lot. I disagree with doing that, donating shouldn't provide you benefit, I am quite sure without doing a donation you would be having problem competing with the "top players". It would remove the competitiveness play between non-donator and donaters, note I'm just speculating, but hey, it seems like ****loads of stuff. Have a look what Travian does, that's more fair "benefits". - You should put the posts in the forums in some box, or structure it better, it looks and is confusing and hard-to read, and I believe with many posts it would become very unstructured. - Make the tutorial happening, I have no idea what to do, and I am ranking #5 ;) (Nevermind I found one (the tutorial link in the top navigation doesn't work), hey put some pictures here, i barely want to read this wall of text. - More soldier "classes"? :) - Images on http://drugdistrict.com/shops.php broken. - CRITICAL ERROR. ****. - "Every farm that you can purchase will have a "Price Modifier". A Price Modifier tells you how much of an increase in price your next farm will cost compared to the price of the last one you bought, so for example if the original price of an farm is $1000.00 and the Price Modifier is at 50% then your second purchase will be $1500.00 and your third purchase will be an extra 50% on top of the cost of your second purchase which will be $2250.00 and so on. The Price Modifier prevents a cumulative monopoly effect, so instead the price goes up by whatever % the Price Modifier is set at for every additional duplicate of that farm that you buy." The price modifier should be 150% :P math. - "Hire Soldiers", make some UI which simplifes the buying, maybe crisp it up a bit, for example if i select 50, i would want to know instantly how much that costs without having to open my calculator. - A better UI/overview of my farms. - Where can I see my "score"? Apparently, I can't attack some players. Filter for this? I'd rather see some, 3 days similar, will there be any type of map for this? Or just go straight to the user list -> attack?

You should enable overriding permissions as well as disabling certain permissions.

You shouldn't have too worry that much about it. I mean, let's face it, How many are actually using the current engine? Keep the Version 1.X going, but make sure to make a next stable release like Version 2.0.

I can see why requirements_id exists, but why required_it? And, how would I store the actual fact that the user is actually upgrading to level 2 at this moment (say from 8 to 9 it takes to go to level to in building a)

I am not very experienced with database storage as I would like to be. For example, let's say users have different buildings, i.e. farms, barracks etc. Each building has a level. Now, let's say a user would like to upgrade an building and based on an condition is allowed to upgrade x buildings at a time (upgrading a building would obviously take certain time, like one hour, our two based on what level the building currently is on). What would I need to store, how would the table be structured? It should also be noted that it may not only be buildings that may be upgrades, let's assume even some other resource/entity could be upgraded such as troops. Also, how would I store the conditions required (let's say to upgrade Building A to level 2, I need Building B in level 1). ( I am well aware this could be hard-coded, If, let's say I had a class for each building, but is that essential, or is data storing in a database, or just to make it simpler, we don't use classes for each building (which may be the way to go...) Not much information provided, but let's start off from here, you can make your own assumptions if needed, we're not talking about a current game with a current architecture, but just generally - as I'd like to plan out my game architecture before actually writing it.

Just make sure you copyright the tiles then or make dem daaamn ugly!

If Implemented correctly, I would actually consider buying the engine! However a demo on the map would be succifient.

Sorry, I don't know how McCodes works, as I've never looked at its source code. However, yes, you can place the database connection in the config.php file and if including that file, you will have access to the connection. However, I wouldn't recommend using globals, it's considered bad practise, essentially in large projects, like a web based game can be. This among other reasons is why you should use a proper framework to avoid architecture problems, I seriously consider making an engine based upon a framework.

You don't have to worry about closing the link as it per automatic will close the connection on the end of the page.

If you are using mysqli, you should have a look at http://php.net/manual/en/mysqli.prepare.php

No, this is not entirely secure. It's a reason why it's called the "real" escape function, it's because the older one was insecure. It didn't take character set under consideration. My point is protecting against SQL injection shouldn't be done using some sort of a blacklist, escaping special characters. A reliable and SECURE way to prevent sql injections is to use prepared statements. Yes, mysql_real_escape_string() has been vulnerable to SQL-injection and still is. Not sure about mysqli function, but I WOULD never rely on a blacklist (hence i.e why htmlpurifier uses a whitelist to allow HTML tags rather than disallowing). Here's more about the topic: http://php.net/manual/en/pdo.prepared-statements.php, Note: You can still use prepared statements with mysqli, don't worry. Just google it.

Why would you need addslashes? It just adds complexity. On output, I would use htmlspecialchars as you do, but that only. It's fine. When inserting data, the best way is to use prepared statements. Google it. mysql_ API is being deprecated anyway.