Dabomstew

Err.. what? $_GET, $_POST, etc are PHP superglobals defined in PHP. From the PHP manual: This means that no matter what context you are using it in, values in $_GET are the same, and if you change it in one place in a script it will remain the same for any code executed after, including that within functions and methods. $db, $ir are just variables made by MCCodes, not PHP-hardcoded superglobals and thus you must define them as globals to use them as such. Example of $_GET as a superglobal:   Output is

Definitely agreed on the principle of good practice. However, for this particular example code, all the input variables used in queries are secured. The ID is secured at the top of the page - which means, as I said earlier, all subsequent uses of it will also be secured since it is a superglobal. The only action which uses other input variables, adding the listings, secures its variables inside the function - thus these are also fine. I might have missed something here - but I'm almost certain that in this case the cmarket hack is prevented in all its facets. It is always good practice to get into the habit of securing things as much as you can, though - for the simple reason that if you sometimes forget to implement one of the measures, you should still be fine as you will be covered by the other measures.

Some comments on both the original post and the corrections by Immortalthug: if(!$_GET['ID']){die(" An error has occured. If this continues, Please contact your game administrator. "); } This isn't going to work. Why not? The crystal market index doesn't take an ID parameter, so the index page will be unable to be viewed unless you randomly append an ID onto the end of the url. Whitelisting: While whitelisting is an effective security technique, it isn't needed in this case because the parameter in question (action) isn't used outside the switch statement, and isn't displayed - if anything besides "add", "remove", or "buy" is passed the index page for the market is shown, which is perfectly fine behavior in this instance.   This is true, this can cut some valuable time off your scripts especially when your users table is quite large and you only want one or two fields.   No, in this case it is fine. Why? $_GET is a superglobal, so the abs(intval()) applied earlier to it at the top of the page will still be in effect when it is used here - so the worst thing that can happen is it searching for a crystal market ID of 0, which will just not find anything. However, enclosing values in your SQL queries with single quotes is always a good idea for MCCodes - since it forces all inputs (GET/POST) to be escaped with magicquotes or equivalent, having quotes around all the input variables you use in queries will block pretty much any possible SQL injection from inputs. (The IP exploit, of course, being a nasty exception - but that wasn't an input anyway, rather a stupid oversight, as SERVER variables escape such filtering) So something like $q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID='{$_GET['ID']}'"); Would be even better - just in case you forget to implement the abs(intval()) filtering! Dabomstew

Re: Proposed Features for DBS/MCcodes Next Ver.   That's the non-upgrade price =P so no Ps3-like price schedules here

Re: Proposed Features for DBS/MCcodes Next Ver. That feature means that the database of old MCCodes v1.1 will be upgraded into new MCCodes vEX allowing you to use new features on an old game without resetting or manually copying the data.

Current New Features * Users, userstats, Fedjail tables combined into one * Marriages (can be turned on/off) * Shared houses for Marriages (can be turned on/off) * Salts for passwords (improves psw security) * Many exploits fixed * "Language" settings - you can rename Energy, Strength etc directly from admin Panel * Improved Estate Agent as seen on MonoCountry * MCC 1.1 to latest version upgrader - Upgrades your game to latest codes * Donator Packs system - instead of preset DPs you specify your own ones. * Shops more secure - you can only visit/buy from a shop if you're in the right location. * Shop item stock - you can set the stock of an item maximum and the amount to refill each day. * Shop item price override - you can make items cost more or less at a certain shop. * DP currency - charge in other currencies than USD with ease * Newspaper Ad System - As seen on MonoCountry, ported from an earlier unreleased alpha of MCCv2 * Set Create Gang Price - You can set how much a gang costs to make * Trash Can Forum - Set a forum for deleted posts to goto instead of them being gone forever. * Friends list, black list combined into Contacts List * Ajax User Profiles & Preferences Definite Features (100% chance of addition before release) * Anti-Piracy System * MCC 2.0x to latest version upgrader Planned New Features (almost definite, 90%-95% chance of addition) * Update fedjail, hospital, jail, forum & mail bans to use timestamps instead of counting down values (saves some cron time on larger games) * Level upgrade system (choose between Auto-Leveling (current) and Upgrade link (TC style)) * Set the amount of energy, brave, HP etc you gain on a level * Set a level cap which players can't pass * Set whether to show the EXP bar, not show it, or let the player choose. * Trades system - players can add stuff (money,crystals(if sendable), items) to trades, trade goes through once both players approve. Possible New Features (could be added) * Custom Banks - you can make banks, set where they can be accessed from, fees, money caps etc * Custom HoF - you can set what stats show in the HoF, etc * NewsPaper Content Blocks - easily add new content to the Newspaper ingame eg real-money-paid advertisements, special columns * Suggestion & Bug Trackers - to track bugs and get suggestions from players This list could be changed at any time Pricing: Not set at this time. MCCv1 and MCCv2 users will get a discount on upgrading. Base price will probably be similar to what MC2's price is at this time. Release Info: No date set. This version is not even guaranteed to be released, but most likely it will be eventually.

Re: [Free] Advanced(ish) Level Upgrade Mod. Very good mod overall :-) But there is one problem - as the variable $upgrade is declared inside a function, it's trapped in that function - you can't get the value of it anywhere else, it'll just give false or NULL. try this for check_level instead function check_level() { global $ir,$c,$userid; $exp_needed=(int) (($ir['level']+1)*($ir['level']+1)*($ir['level']+1)*2.2); if($ir['exp'] >= $exp_needed) { global $upgrade; $upgrade = "Y"; } } and where you want to put upgrade text global $upgrade; if($upgrade == "Y") { print"[url='upgrade.php'][upgrade][/url]"; } and I also fixed another slight error - while things like $y = x; do set $y to "x", it's bad syntax and you should use quotes around the string. Also, this mod slightly changes the workings of the EXP system. Say if you were level 1, needed 100 exp to get to level 2 and had 105 exp. With this mod, you would goto level 2 but still have 105 exp. With the original coding, you would goto level 2 but the 100 would be taken off your exp leaving you with 5. I believe this is what Arson was trying to point out but he worded it badly - this mod will increase the leveling rate on your game due to this change.

Re: [Free] [v1] Profile Image Uploader The profilepics folder will also need to be chmodded 666 or 777 to allow the script to write to it.

Re: Some Body Help Me Plz NO, that fix posted there is bad. It actually removes the item_remove function in itemmarket.php so you cant take items off the itemmarket! Use this fix instead (on a clean v2 itemmarket.php with the redeclaring glitch still there): Find: function item_remove() Replace With: function itemm_remove() Find: case "remove": item_remove(); Replace With: case "remove": itemm_remove();

Re: Strange problem in V2 NO, that fix posted there is bad. It actually removes the item_remove function in itemmarket.php so you cant take items off the itemmarket! Use this fix instead (on a clean v2 itemmarket.php with the redeclaring glitch still there): Find: function item_remove() Replace With: function itemm_remove() Find: case "remove": item_remove(); Replace With: case "remove": itemm_remove();

Re: Making A template Even without moving the script, unless your config.php isn't actually a php file (just plaintext that is parsed), it would have to print something to give any info away - going to the MCcodes v2.0 config.php in a browser just gives a blank page as nothing is outputted - it's all PHP code (unless there's a server error which makes PHP source display instead of run - this happened on TC once or twice)

Re: [Free] [v1] Help Bot Slight improvement - <?php /*----------------------------------------------------- -- Isomerizer Copright 2007. -- Help Bot (Free Mod) -----------------------------------------------------*/ session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); // CONFIGURATION \\ // Use || to add multiple words \\ // $question is the question asked, and the $answerq is the reply \\ $question=strtolower($_POST['question']); $ask=" <form action=bot.php method=POST>Question: <input type=text name=question> <input type=submit value=Ask></form>"; $answer="<h2>Answer</h2> "; print "<h3>Help Bot</h3>"; print "(The help bot can help you with various things, Type in the keyword to see if it can help....) [i]*Typing in lower can will help more*[/i] "; if ($question=="") { print $ask; exit; } else { //The stat variables can be changed to suit your game \\ $strenght="might"; $agility="stealth"; $force="defence"; $labour="force"; $energy="power"; $nerve="bottle"; $education="college"; $exlore="jungle"; $gang="tribe"; $game="Amazon Survival"; if ($question=="help") { $answerq="What do you need help with?"; } if ($question=="hello"||$question=="helo"||$question=="hi"||$question=="hey") { $answerq="Hello how are you?"; } if ($question=="good") { $answerq="Im glad to hear your good."; } if ($question=="$strenght") { $answerq="This stat is used to calculate how much damage a weapon does."; } if ($question=="$agility") { $answerq="This stat is used for dodging attacks."; } if ($question=="$force") { $answerq="This stat is used to calculate how much damage is done to you."; } if ($question=="$labour") { $answerq="This stat is used for getting promoted in jobs."; } if ($question=="$IQ") { $answerq="This stat is stat is gained from courses and used for promotions."; } if ($question=="crystals") { $answerq="Crystals are used for various things under <a href=crystaltemple.php>Crystal Temple</a>"; } if ($question=="cash") { $answerq="Cash is used to buy stuff all over the game"; } if ($question==$energy) { $answerq="This is used mainly for training and attacking"; } if ($question==$nerve) { $answerq="This is used for doing crimes"; } if ($question=="health") { $answerq="How much health you have in a fight"; } if ($question=="skill") { $answerq="Skill is used for mining"; } if ($question=="mine") { $answerq="Mining a great way to earn crystals"; } if ($question=="job") { $answerq="Nice way to earn cash and stats"; } if ($question=="garage") { $answerq="Where you keep your cars"; } if ($question=="$education") { $answerq="Used for gaining $IQ"; } if ($question=="mail") { $answerq="Your own personal mail system"; } if ($question=="events") { $answerq="What happens to you is recorded here"; } if ($question=="logout") { $answerq="Used to logout of the game, duh."; } if ($question=="$explore") { $answerq="Where the main links are listed"; } if ($question=="search") { $answerq="Search for other players!"; } if ($question=="friend list") { $answerq="Record your friends"; } if ($question=="black list") { $answerq="Record your enemys"; } if ($question=="$gang") { $answerq="Used for varios things, make friends, war etc, Join a $gang!"; } if ($question=="forums") { $answerq="Discuss various topics"; } if ($question=="preferences") { $answerq="Used to change your account around"; } if ($question=="donate") { $answerq="Donate to the game and be awared donator features"; } if ($question=="vote") { $answerq="Voting earns you stats and it helps the game grow"; } if ($question=="item"||$question=="items") { $answerq="Items are a main part of the game and used for doing lots of things"; } if ($question=="church") { $answerq="Used for getting married"; } if ($question=="stats") { $answerq="Stats are what determines your account and how good you are"; } if ($question=="travel") { $answerq="Travel around the game"; } if ($question=="casino") { $answerq="Casino, play various games earning you some cash"; } if ($question=="quests") { $answerq="Quests do varios tasks to earn rewards"; } if ($question=="banned") { $answerq="Users banned are listed in dungeon"; } if ($question=="war") { $answerq="War is when 2 $gang 's fight each other"; } if ($question=="staff") { $answerq="Main staff can be listed under Staff, ID 1 is the overall owner"; } if ($question=="prison") { $answerq="Sent here when failing crimes"; } if ($question=="hospital"||$question=="hosp") { $answerq="Sent here when attacked"; } if ($question=="noob"||$question=="n00b") { $answerq="Who you calling a noob?"; } if ($question=="fuck"||$question=="shit"||$question=="prick"||$question=="cunt"||$question=="bitch") { $answerq="Please do not swear"; } if ($question=="robot"||$question=="bot") { $answerq="Who you calling a bot!"; } if ($question=="who are you") { $answerq="I am the $game Bot"; } if ($question=="isomerizer") { $answerq="The elite one"; } print "[i]You asked the Bot:[/i] $question"; print " "; print "[i]The Bot replied:"; if ($answerq=="") { print " Sorry, I dont know the answer"; } print " [/i] "; print $answerq; print $ask; exit; } $h->endpage(); ?> This way the upper/lower-case doesn't matter :-D Otherwise, it's a decent mod.

Re: Left and right hand menu?   Those pages are missing </table> tags at the end of the pages (before $h->endpage() call) so the layout doesn't close right. Adding said </table> tags will fix this issue.

Re: v3 game engine All I will say is, there is a new version of MCCodes in the works, but its not a huge priority atm and its not necessarily v3. And any major new version that comes out will be protected from piracy more than previous versions.

Re: [site tools] Useful little function: Get_url   It's a universal function that should work in any php app. For v2, you can place it in global_func.php then use it anywhere in the game files you want.

Re: Current V2 Problems (Minor Bugs) Help Required?   In this case, does it really matter? We're not using it in a loop, we're using it once - both functions will take virtually no time to execute, so there's little to no point in a 10-20% gain if the time is 0.001s to start with. To solve your problems, as Hack3rmatt stated, you should check if the input is empty when its posted, and if so stop them creating their gang/changing gang name/posting a topic.

Re: End page error Also, the cities table name in MCCodes is cities, unless you changed it. Here's your code working for v1 (you dont specify a cityid, its automatically generated on insert) <?php /** * @author ShannenName * @copyright 2007 */ session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm); $h->menuarea(); if ($ir['user_level'] != 2) { print "You sneak, get out of here!"; $h->endpage(); exit; } $posta = mysql_real_escape_string(print_r($_POST, 1), $c); $geta = mysql_real_escape_string(print_r($_GET, 1), $c); mysql_query("INSERT INTO adminlogs VALUES('', $userid, '$posta', '$geta', unix_timestamp() )", $c); switch ($_GET['action']) { case 'newcity': new_city(); break; case 'newcitysub': new_city_sub(); break; case 'editcity': edit_city(); break; case 'editcitysub': edit_city_sub(); break; function new_city() { global $ir, $c, $h, $userid; print "<h3>Create New City</h3> This will create a new city. <form action='newcity.php?action=newcitysub' method='post'> cityname: <input type='text' name='cityname' /> citydesc: <input type='text' name='citydesc' /> cityminlevel <input type='text' name='cityminlevel' /> <input type='submit' value='Create New city' /></form>"; } function new_city_sub() { global $ir, $c, $h, $userid; $_POST['cityminlevel']=abs((int) $_POST['cityminlevel']); mysql_query("INSERT INTO cities (cityname, citydesc, cityminlevel) VALUES ('{$_POST['cityname']}', '{$_POST['citydesc']}', '{$_POST['cityminlevel']}');", $c); print "[url='admin.php']> Back[/url]"; $h->endpage(); } ?>

Re: Looking for help When u reset the game make sure to use the empty table function in phpmyadmin rather than just deleting all the records. This will ensure that the counters for the ID numbers are reset back to 1 as well. In query form thats: TRUNCATE TABLE `x`; instead of DELETE FROM `x`;

Re: How Can I Judge The Legal From The Illigal Codes?   The codebase of www.monocountry.com is similar to MCCodes v1.1 but as it is the third iteration/version of the game the codes are named after people often mistakenly refer to it as using MCCodes 3.

Re: Problem With My Mod :S Somone Please Help Theres also a chance that you've somehow made an error in the code making it stuck in a certain loop forever (infinite loop) and thus passing the maximum execution time, although this is less likely to happen with for loops than with while loops. Quick example of an infinite loop: while(1==1) { $i++; } or for($i=1;$i<50;$i=1) { //do whatever }

Re: Random Error - Not Sure What Is Wrong Your user no longer has an entry in userstats, for whatever reason. Insert a new entry into userstats with your ID and it should be fixed.

Re: Free codes?? here is the updated version link (the previous link posted was the old version) http://www.dabomstew.com/codes-lite-v101-gnu.zip

This is most likely the final pricing structure for MCCodes 2.0. Fresh install (1 license) - USD 300 Upgrade from MCCodes 1.x ($75 paid for 1.x) (1 license) - USD 250 Upgrade from MCCodes 1.x ($150 or more paid for 1.x) (1 license) - USD 225 Additional licenses 1-5 - 200 USD each 6 - 10 - 175 USD each 11+ - 150 USD each

To owners of MCCode Games: If you have ever bought a mod from myself or ColdBlooded, I need to know about it - that is, transaction details, payment date, PayPal receipts and the like. I need this info to index it for various reasons including possible V2 upgrades for mods and just general updates. Please PM me with: List of mods you have bought Dates you bought those mods PayPal receipts for those mods Problems you have experienced with these mods; did these get fixed by us or did you have to fix it yourself or get someone else in? If you do not do this, you may be illegible for any possible updates to your Mods you have bought. Also, if you know MCCode game owners that do not visit this forum, please let them know of this.

User Notepad This allows anyone to edit anyones notes... its just like a public staff notes o.O