SRB

Cronus, Arson, Blue, Scarlet, Decepti0n, hamster, Seanybob, Kronow, Spellbyte... Back in the day, it was great. The biggest ass of all time here.... Oxidati0n - what a cawk!

She did the banner that is still on my old game twisted-turmoil.net She has more, but right now, I can't recall the ones I worked on -- anybody have screen captures of "Lif3"? In fact, I may have a picture laying out in archives. Edit Found one: Attached. [ATTACH=CONFIG]986[/ATTACH]

I changed that variable at the last minute and it seems one slipped through. Edited again.

Updated. Does now.

Scarlet did the graphics and I integrated it into that game's layout. Not sure Scarlet is still making graphics though -- I could email her if you wish?

Feel free to continue to the end of my post for the reply. It will? Care to rate? Go to the bottom too. And agreed, I would have normally put the actual SQL outside of the mysql(i)_ for debugging, but since it's mccode and none of the other pages allow it, I see no point in starting a trend. As much as I hate the format for mccode's database class, it makes sense to use it since if you ever have to update the entire engine, it's wrapped in a class-- have fun chasing down all your sprintf's inside of mysql query, just to update your site -- at which point, you'll probably wrap it in a class to save you time next time. And... BOOM TIME Ok, so I am going to have to reply, since it's clear you believe your skill set is higher than mine because you have adopted the use of the useless known as sprintf. So, you have secured my already secure script? That's the equivalent of painting a blue smartie blue, isn't it? And converted it to V2? Erm... so it wasn't V2 before? I'm pretty certain that being around these forums since '06 and playing with all of the code, would give me the knowledge to create a V2 mod, if I happen to label it as V2, no? Anyway, Octarine has already pointed out the problems with the logic pertaining to your post, but I guess I will go down line of potential cause for concern, for the ill-educated. So firstly, we have: $sql = mysql_query("SELECT * FROM `bank_loans` WHERE `user` = '{$ir['userid']}'"); which for some reason, you felt the need to type cast using sprintf... Tell me this, what can an int(x) row in a database hold? Oh yes, that would be an integer, right? Now, who has control of that number, since it's auto increment? Yes, the system... And what do we, as programmers, need to check? That would be anything users can edit, right? See where I just went with that? Next would be: mysql_query("INSERT INTO `bank_loans` (`user`) VALUES ('{$ir['userid']}')"); See above points. But wait, you felt the need to sprintf the above to make it "secure", but left this one... I guess you did know it didn't need securing after all :o And considering the only 2 changes that I can actually see in your post are adding __DIR__ to the global include (which, by the way, is not needed since your globals.php will be in the directory you're in) and a single sprintf, maybe I should stop, but you know what, while we are here, I may as well continue some. Next up is $repay = (array_key_exists('repay', $_POST) && (is_int($_POST['repay']) || ctype_digit($_POST['repay']))) ? substr($_POST['repay'], 0, 9) : FALSE ; Given that you questioned the $ir['userid, I am unsure why you didn't try and see a problem with this. Maybe even pointing out that both of the functions (is_int and ctype_digit) **should** be enough alone, but alas, PHP has a tendency to be an ass and can occasionally read a $_POST or $_GET variable as a string, even though it is numeric. By using both, you manage to catch it, whether PHP throws it as numeric or a string. Of course, I could use: $repay = (isset($_POST['repay']) && preg_match('`^[0-9]{1,9}$`', $_POST['repay'])) ? $_POST['repay'] : FALSE ; But of course, I also know that isset sucks. Try this code <?php $_POST['check'] = null; echo 'Is set? ' . (isset($_POST['check']) ? 'Yes' : 'No') . '<br /> Key exists? ' . (array_key_exists('check', $_POST) ? 'Yes' : 'No'); Can you guess the result? I'll tell you: Is set? No Key exists? Yes Null is a valid result in programming, so isset has just failed me -- oops! You know what, I can't even be bothered to continue. I could explain why I use $_SERVER['REQUEST_METHOD'] to check for incoming, posted, data or even why the usernames are always wrapped in htmlentities, with ENT_QUOTES and using "UTF-8" (even though most wouldn't even know that for UTF8 to be effective at this level, needs meta charset and database setting to the same, or it's pointless), but even that seems a little too in depth when the world seems to believe that sprintf is the savior to all programming issues. It's so good, that I feel no need to use it, since I actually know everything my code is doing and I force it to do what I want. *Yawn* and moving on -- no issues still on an untested mod? I think I rock. Wheres my useless rep, bishes?

No errors at all? Damn, without even running it -- I rawk! :P

He will only get praise from me when he does work for me... which I need NOW! :P

Taken from my post here. And I was just bored for 15 minutes, so I wrote this: NOTE -- this hasn't uploaded to a server or tested, but should work (Hell, I don't even have it as a saved file -- closed the editor just now) Functionality: -- Allows users to loan a value determined by their level and days old. (New users, won't be worth **** to them) -- For 3 days after taking out a loan, you can't pay it back. -- You can not take out another loan until the current one is paid. Code: <?php include_once('globals.php'); echo '<h2>Office of Bank Loans</h2>'; $maximum = 100000; $max_loan = MIN( ($ir['level'] * $ir['daysold']) * 500, $maximum ); $current = 0; $sql = mysql_query("SELECT * FROM `bank_loans` WHERE `user` = '{$ir['userid']}'"); if ( mysql_num_rows($sql) == 0 ) { mysql_query("INSERT INTO `bank_loans` (`user`) VALUES ('{$ir['userid']}')"); } else { $loan = mysql_fetch_assoc($sql); $current = $loan['amount']; } if ($current > 0) { if($loan['time'] > time()) { echo '<p>Your loan is not repayable until ' . date("D jS M, g:i A", $loan['time']) . '. Come back then.</p>'; } else { $repay = (array_key_exists('repay', $_POST) && (is_int($_POST['repay']) || ctype_digit($_POST['repay']))) ? substr($_POST['repay'], 0, 9) : FALSE ; if ($repay) { if ($repay > $ir['money']) { echo '<p>You do not have enough money to pay $' . number_format($repay) . '.</p>'; } else { if ($repay > $loan['amount']) { $repay = $loan['amount']; } mysql_query("UPDATE `users` SET `money` = `money` - '{$repay}' WHERE `userid` = '{$ir['userid']}'"); mysql_query("UPDATE `bank_loans` SET `amount` = `amount` - '{$repay}' WHERE `user` = '{$ir['userid']}'"); echo '<p>You paid $' . number_format($repay) . ' from your loan balance.</p> <p>Thank You.</p>'; } } else { echo '<p>Welcome back, ' . htmlentities($ir['username'], ENT_QUOTES, "UTF-8") . '.</p> <p>It would appear that you have an outstanding loan balance of $' . number_format($loan['amount']) . '.</p> <p>Would you like to pay some off the balance today?</p> <h4>Pay towards loan debt</h4> <form action="" method="post"> <p>How much would you like to pay?</p> <p> <input type="text" name="repay" value=""> </p> <button>Pay Loan</button> </form>'; } } } else { if ($_SERVER['REQUEST_METHOD'] == "POST") { $amount = (array_key_exists('amount', $_POST) && (is_int($_POST['amount']) || ctype_digit($_POST['amount']))) ? substr($_POST['amount'], 0, 9) : FALSE ; if ($amount) { if ($amount > $max_loan) { echo '<p>You can only have a loan of $' . number_format($max_loan) . ' at most.'; } else { $total = ($amount * 1.05); mysql_query("UPDATE `bank_loans` SET `amount` = '{$total}', `time` = (UNIX_TIMESTAMP() + (86400 * 3)) WHERE `user` = '{$ir['userid']}'"); mysql_query("UPDATE `users` SET `money` = `money` + '{$amount}' WHERE `userid` = '{$ir['userid']}'"); echo '<p>You have taken out a loan for $' . number_format($amount) . ' and with the 5% interest, you will need to pay back $' . number_format($total) . '.</p> <p>Thanks for using us for your business and hope you become a valued customer.</p>'; } } else { echo '<p>You did not enter a valid amount to loan from us.</p>'; } } else { echo '<p>Welcome to the loan department, ' . htmlentities($ir['username'], ENT_QUOTES, "UTF-8") . '.</p> <p>You can take a loan out today, for a maximum of $' . number_format($max_loan) . ', which will be yours for 3 days minimum.</p> <p>Minimum amount you can loan is $100</p> <p>The interest you pay on top of the loan will be 5%.</p> <h4>Would you like to take a loan out, ' . (strtolower($ir['gender']) == "male" ? 'Sir' : 'Madam') . '?</p> <form action="" method="post"> <p>How much would you like to take out?</p> <p> <input type="text" name="amount" value=""> </p> <button>Take Loan</button> </form>'; } } $h->endpage(); Table definitions: CREATE TABLE `bank_loans` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `user` int(11) unsigned NOT NULL DEFAULT '0', `amount` int(11) unsigned NOT NULL DEFAULT '0', `time` int(11) unsigned NOT NULL DEFAULT '0', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; Any errors or problems, post here

And I was just bored for 15 minutes, so I wrote this: NOTE -- this hasn't uploaded to a server or tested, but should work (Hell, I don't even have it as a saved file -- closed the editor just now) Functionality: -- Allows users to loan a value determined by their level and days old. (New users, won't be worth **** to them) -- For 3 days after taking out a loan, you can't pay it back. -- You can not take out another loan until the current one is paid. Code: <?php include_once('globals.php'); echo '<h2>Office of Bank Loans</h2>'; $maximum = 100000; $max_loan = MIN( ($ir['level'] * $ir['daysold']) * 500, $maximum ); $current = 0; $sql = mysql_query("SELECT * FROM `bank_loans` WHERE `user` = '{$ir['userid']}'"); if ( mysql_num_rows($sql) == 0 ) { mysql_query("INSERT INTO `bank_loans` (`user`) VALUES ('{$ir['userid']}')"); } else { $loan = mysql_fetch_assoc($sql); $current = $loan['amount']; } if ($current > 0) { if($loan['time'] > time()) { echo '<p>Your loan is not repayable until ' . date("D jS M, g:i A", $loan['time']) . '. Come back then.</p>'; } else { $repay = (array_key_exists('repay', $_POST) && (is_int($_POST['repay']) || ctype_digit($_POST['repay']))) ? substr($_POST['repay'], 0, 9) : FALSE ; if ($repay) { if ($repay > $ir['money']) { echo '<p>You do not have enough money to pay $' . number_format($repay) . '.</p>'; } else { if ($repay > $loan['amount']) { $repay = $loan['amount']; } echo '<p>You paid $' . number_format($repay) . ' from your loan balance.</p> <p>Thank You.</p>'; } } else { echo '<p>Welcome back, ' . htmlentities($ir['username'], ENT_QUOTES, "UTF-8") . '.</p> <p>It would appear that you have an outstanding loan balance of $' . number_format($run['amount']) . '.</p> <p>Would you like to pay some off the balance today?</p> <h4>Pay towards loan debt</h4> <form action="" method="post"> <p>How much would you like to pay?</p> <p> <input type="text" name="repay" value=""> </p> <button>Pay Loan</button> </form>'; } } } else { if ($_SERVER['REQUEST_METHOD'] == "POST") { $amount = (array_key_exists('amount', $_POST) && (is_int($_POST['amount']) || ctype_digit($_POST['amount']))) ? substr($_POST['amount'], 0, 9) : FALSE ; if ($amount) { if ($amount > $max_loan) { echo '<p>You can only have a loan of $' . number_format($max_loan) . ' at most.'; } else { $total = ($amount * 1.05); mysql_query("UPDATE `bank_loans` SET `amount` = '{$total}', `time` = (UNIX_TIMESTAMP() + (86400 * 3)) WHERE `user` = '{$ir['userid']}'"); mysql_query("UPDATE `users` SET `money` = `money` + '{$amount}' WHERE `userid` = '{$ir['userid']}'"); echo '<p>You have taken out a loan for $' . number_format($amount) . ' and with the 5% interest, you will need to pay back $' . number_format($total) . '.</p> <p>Thanks for using us for your business and hope you become a valued customer.</p>'; } } else { echo '<p>You did not enter a valid amount to loan from us.</p>'; } } else { echo '<p>Welcome to the loan department, ' . htmlentities($ir['username'], ENT_QUOTES, "UTF-8") . '.</p> <p>You can take a loan out today, for a maximum of $' . number_format($max_loan) . ', which will be yours for 3 days minimum.</p> <p>Minimum amount you can loan is $100</p> <p>The interest you pay on top of the loan will be 5%.</p> <h4>Would you like to take a loan out, ' . (strtolower($ir['gender']) == "male" ? 'Sir' : 'Madam') . '?</p> <form action="" method="post"> <p>How much would you like to take out?</p> <p> <input type="text" name="amount" value=""> </p> <button>Take Loan</button> </form>'; } } $h->endpage();   Table definitions: CREATE TABLE `bank_loans` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `user` int(11) unsigned NOT NULL DEFAULT '0', `amount` int(11) unsigned NOT NULL DEFAULT '0', `time` int(11) unsigned NOT NULL DEFAULT '0', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;   Any problems or errors, post in the thread here

It's been pointed out that it's public information, so as it's openly accessible, it's free to post. Now, if they set their privacy levels, like it's there for, their facebook wouldn't show. With all that said... I'd post it regardless of whether I should or not -- The police aren't knocking my door if they follow my IP :P

Gmail doesn't do .co.uk as far as I know.

You do. You just don't realise it if it's wrapped in a class. Maybe you should venture into the class files and see what's actually doing? :P

And you have 1 post....

Well... Let's go for a little journey... From mccodemods.com, the link at the bottom goes to cronwerks, which has a linkedIn account link.... giving his name "Preston Vonderwell" and location of Ohio (Toledo University) So we load up facebook and enter the name and we come to here: https://www.facebook.com/preston.vonderwell/ Maybe try a message there? If no reply, we click the "about link" and see his family: Brother: https://www.facebook.com/calvin.vonderwell Mother: https://www.facebook.com/sue.vonderwell Aunt: https://www.facebook.com/angelar.rn No reply from him.... pester them too :D

Where to start with this?   I assume there is some validation on the $sendto in your actual script?   Something like the following should suffice:   if ($_SERVER['REQUEST_METHOD'] == "POST") { $sendto = (array_key_exists('user1', $_POST) && is_string($_POST['user1'])) ? mysql_real_escape_string($_POST['user1']) : mysql_real_escape_string($_POST['user2']); if (strlen($sendto) > 0) { $q = mysql_query("SELECT `userid` FROM `users` WHERE `username` = '{$sendto}'"); if(mysql_num_rows($q) == 0) { echo '<p>You cannot send mail to nonexistant users.</p> <p><a href="mailbox.php">Go Back</a>'; } else { $to = mysql_fetch_assoc($r); if($ir['user_level'] == 1) { $q_mb = mysql_query("SELECT * FROM `mailblock` WHERE `mb_ADDED` = '{$ir['userid']}' AND `mb_ADDER` = '{$to['userid']}'"); if (mysql_num_rows($q_mb) > 0) { echo '<p style="color: red;">This person has elected <b>NOT</b> to receive mail from you.</p>'; } else { // Send mail here... } } } } }

Proof of this is where? Code snippets? Website examples? Admittance of talking bollox?

Seems they both have licenses. The license checker needs to strip the url's entered into valid format, it seems.

Pretty sure they have one...

Infamous-wars.net maybe? Edit:, no, it's http://infamouswars.net/login.php Need an index.php file @OP Edit 2 Why would you buy a .net when the .com isn't bought?

To answer your questions:   1. None. You would be better off finding a well coded CMS or just well made script in general and learning from that. I'd suggest finding something with OOP and templating systems, since once you get to grips with an engine, your own engine is sure to follow the same paths and then, you may as well just use the engine you learned from.   2. Not really, but it depends. I am unsure on free hosts, but I know when you look at places like HostGator, their VPS support is pretty poor because they're primarily a shared host provider, so their skill set lies mainly in shared, whereas KnownHost provide only VPS and Dedi, so they are more clued up. That said, I've always questioned how quick a free host will update software, since it's free and nobody is funding their servers directly. Then add to the fact that if the free host also runs a paid hosting company as a parent company, then that would take priority. Personally, I would keep it off -- it doesn't benefit you much and players would see that as an ad -- and players don't really like ads.   3. No, not necessary and since your first question implied you're still learning, it may work out complicated to link them both properly and you could end up with data clashes etc.   With my engine, for example, I have an accounts table that holds nothing but: id, name, email, validated -- low row count, fast to load, index keys and links to everything from that small data set -- should be enough.   4. Create secure code to start, but as an extra precaution, you could have something like PHP IDS running in a prepend file and have it store to the database when "threat level" exceeds xx amount.   5. Either is fine and even if you make game.domain.com -- domain.com/game/ is still accessible, so either way is fine and I see no benefit to either. URL looks slightly better with sub domain, but I doubt a search engine result would even be affected by that.   6. Programmers, by nature, are normally quite good with math - something to do with the parts of your brain used for the 2. That said, the maths will always require you to run tests. Whenever I am testing something with mathematical calculations, I always throw it in a loop and make it run a few thousand times and log results, all with different calculations, to check the calculations across multiple numeric values.   7. Don't rush. Take your time, think of a storyline and build around that. Buy your domain last, since from start to end, the game model normally changes and makes your first choice rather redundant.

Code tags too much to master? o.O

Try using a better database engine, like InnoDB   CREATE TABLE IF NOT EXISTS `packages` ( `id` int(11) NOT NULL AUTO_INCREMENT, `money` int(11) NOT NULL, `crystals` int(11) NOT NULL, `iq` int(11) NOT NULL, `ddays` int(11) NOT NULL, `name` varchar(32) NOT NULL, `cost` int(11) NOT NULL, `deleted` int(1) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;   And do it the right way:   $sql = mysql_query("SELECT `id` FROM `packages`"); if (mysql_num_rows($sql) == 0) { echo 'Sorry, but there are no packages in the game yet.'; }

Failed to load resource: the server responded with a status of 502 (Bad Gateway) http://moto-game.org/config.js?1369661314731 Uncaught Error: Script errorhttp://requirejs.org/docs/errors.html#scripterror

Here is some food, for your thoughts.   I do this alone, so why would you need a team? More effective for any programmer who can actually write solid, well formatted code, to simply make these themselves and pay a designer $100 or so.   Why would you buy such a poor domain, with hyphen and abbrevation, when you could just get the full domain? Click here Then add to the fact that you may just face problems with IGS and you're looking to be heading down a rocky road. ALTHOUGH, I doubt this will result in anything worthy of note, so they'll probably not even bother you, since I doubt you'd be competing with them.   See point 1. Why would anybody take 20% if they have the skills to either take an 100% cut (minus design cost, which is minimal at best) or take home a $40+ paycheck working for a professional, already established, company? My 2c, but you can have them for free.