radio_active

Re: [mccode v2] Better Crystal Temple! I think its funny, if someone like Nyna or Luke says something like killah said, everyones like, Wooow, you amaze me... *Heads up there arses* (Seems to be the fad phrase in this topic)   lol :lol:

Re: [mccode v2] Av Bank Haha i said like "fuck" or "shit" in one of my posts and Tezza edited it to something else.   Tezza: START EDITING!

Re: [mccode v2] Better Crystal Temple!   Am just saying its not in my arse too So people know Hahahaha, yeah just getting it out there! lol nice :lol:   I'm going to be keeping a close eye on this topic, interesting! :-) Continue!

Re: [V2] Advanced Robbery Hmmm, well $10=$15 is a but too much for what you have coded and were going to attempt to sell, so i think its better that you have posted it free because it isn't actually worth that from scanning the code. None the less good work and all the best! (Happy new year aswell)

Re: [mccode v2] Scare People Thanks for the note! :-)

Re: [mccode v2] Scare People Just one thing Jamboy.. You are aware that you can do this..   print " <a href='blah.php'> ' ' ' ' ' ' "; and or print ' < a href="blah.php"> " " " " " ';   However its better to use echo instead of print, or so i have heard! But you can do that instead of black slashing the " out again like you are doing..   print " <a href=\"blah.php\'> \"\"\"\"\"\" ";   :-)

Re: [mccode v2] Preferences   Why state the alpha numeric characters? Why wouldnt you just declare an alphanumeric if statement with arrays to show more symbols if needed? like this.   if (!ctype_alnum(str_replace(array('_', ' '), '', $_POST['newname']))) { echo "You have an invalid character in your name"; }   That is what i use in my username change.   In the example it was a display pic change so even if they changed there display pic to -_1'#?#'!"??"$^., nothing is going to happen..   Zero, i thought d = defined and u = undefined??? Ill have to google that again.

Re: [mccode v1] Punch Mod You can give him a Virtual punch on his game if he has one using his Hack -> Punch Me mod. Doesn't give the same feeling of sensation however.

Re: [mccode v2] Preferences   Which part of the "changing a username" was not secure exactly? Also for future advice.. on a query such as this one. $_POST['newpic']=str_replace('\\\'',''', $_POST['newpic']); $userupdate = sprintf("UPDATE users SET display_pic = '{$_POST['newpic']}' WHERE userid = '%u' ", ($userid)); mysql_query($userupdate); print "Pic changed!";   Try using something like this instead. $_POST['newpic'] = mysql_real_escape_string($_POST['newpic']); $userupdate = sprintf("UPDATE users SET display_pic = ('%d') WHERE userid = ('%u') ", $_POST['newpic'], $userid); $db->query($userupdate); print "Pic changed!";   The mysql_real_escape_string may not be a necessity here but it will cut any of these " \x00, \n, \r, \, ', " and \x1a. " out of the POST... I believe that is probably more efficient then the str_replace('\\\'',''',   But who knows...I could recode this again for everyone as a "revamp" of sniko's but i dont think its really necessary, maybe the only thing that needs securing would be the change password function and then just have filters on the username changing etc. Ill see if Nyna replies to this xD

Re: [mccode v2] Player of the week... Yeah like yesterday i went back into table knowledge and learned what the "colspan" does.. lol Havn't had use of it up until now, i was a little embarrassed when i realized i didn't know how to do what i was doing and had to google table tags, lol But hey, least i know everything about tables that i need to know, for now! :-)

Re: Working Proxy Blocker - Blocks MOST Proxies [$10] Maybe you let users sign up but cannot login? Because first proxy i chose gave me that xD

Re: Calling it a Day :)   True xD But yeah, take care man, merry christmas.

Wierd people smell funny We will wait for someone else to post a screenshot then Sniko, i have no doubt that it is probably good!

Re: [mccode v2]View User   The time it takes to install compared to the time it takes to look at a screen shot, i think i know what i would choose.

Re: [mccode v2] Item sell code revamp ~ Last of the lot Where it showed "ysis" in my previous post was A.nalysis but it censored out a.n.a.l!!!   I just revamped an original and posted it. Whether i use it or not is irrelevant. But as zero said, that log comes with the original.

Re: [mccode v2] Item sell code revamp ~ Last of the lot   You have performed some basic checks -- you are using sprintf and typecasting incoming data, however you are still injecting data into a table without quoting that data. Now on *your* game, that's fine, I've no doubt you have taken all necessary precautions elsewhere, but what about other games? I've seen complex names for items and *very* complex names for users -- to the extent of permitting all sorts of html tags, and quotation marks). Consider rewriting the INSERT INTO itemselllogs ... query. NEVER assume that people have the same protection you have. This is paramount to releasing quality "mods" or any type of source that interacts with the browser and/or the database. I'd also be looking closely at every point that displays textual information from the database. Are they all properly sanitized? Again, the answer is probably yes *in your case*, but others could well be opening themselves up to a serious XSS/SCRIPT/SQLi attack here. Finally, there is the possibility of what has been refered here as "duping". But I'll leave that one for another day - it has been discussed at length by Floydian IIRC. 4 queries -- 3 possible problems -- I'd call that serious enough to warrant attention. That there is the answer i LOVE to hear, it gives me an in-depth analysis on what i should improve on and what i am doing okay. Shows me where to improve and i thank you for that. :-)

Re: [mccode v2] Item sell code revamp ~ Last of the lot   I take on board everything you say (that i see) and try to learn from it, in this case however i do not believe there is any task at hand to be preformed.

Re: [mccode v2] Item sell code revamp ~ Last of the lot Well then to get this clear... First off Zero - To patronize is to treat in a condescending manner. So when i referred to this quote Its true to be patronizing and demeaning, however you see it.l   Luke: I understand that you are one of the best programmers on CE and you will probably receive mail from tonnes of people asking you to fix something rather then learning and doing it themselves and gaining knowledge from the coincidence. But i for one am not a kid, i take on board everything that i can when people give me advice and i try to improve my skills as much as i can, when i post some of my work for free, it doesn't give you or nyna or whoever the RIGHT to de-mean, patronize or show me up as i have no chance against you guys. For one I'm posting free so not only am i benefiting for myself but others to have the option to use a new fresher, better script. Im happy to positive feedback or constructive negative feedback but just plain negative or "I am the superior one" comments, you can get lost because i don't want to hear it. Thankyou

Re: [MCcode V2] Item sell code revamp ~ Last of the lot     $_POST['user'] = (isset($_POST['user']) AND is_string($_POST['user'])) ? mysql_real_escape_string($_POST['user']) : FALSE ;   Will be enough to input. To output... simple stuff =]   Why? Rather us keep quiet and let you believe you are doing right? What comments like "Is not secure" does, hopefully, is gets you thinking and looking for answers. Okay luke, but tell me what part of this was not "Patronizing" and or "demeaning"   Im fine with you putting word out there saying that its secure but when you act like your on a much higher level of superiority, thats when that sort of shit pisses me off. Hope you understand where i am coming from.

Re: Updated forums [mccodes v2]   Completely secure with that, absolutely NO WAY that ANYWAY could hack into those brilliant forums that were coded so securely. As long as you have that. :lol: Duuuudeeeee you are soo incorrect, lol! The most secure files may be 99% secure, but there is always the 1% chance or so. Thats why banks employ "Programmers" to attempt to hack into there online sites and if they find a whole they patch it. And i assure you, the code used to make those online banking sites is x10000 more secure then any MCcode file. Just so we have that clear xD its not hard to create a 100% secure page, here is an example;   nothing can be hacked there! Lol, or just  

Re: Updated forums [mccodes v2] What are you talking about?   That was completely sarcastic, just so that is clear.

Re: (V2) Equip item to use agility in battles. I remember a chap creating a script not to long ago which allows you to equip boots, torso, helmet, gloves etc...You should find it.. Search terms such as "Inventory" or "items" oor "equip" etc in the free mods board.

Re: [MCcode V2] Item Info revamp! No problems, enjoy!

Re: [MCcode V2] Item sell code revamp ~ Last of the lot Well yes it is NOT 100% secure Nyna and i do not claim it to be but it is much "Better" then the original. That is all i have to say. (Now what im posting here is a secure working revamped version of itemsell.php) - I realize what i wrote in that sentence as soon as i posted, i did not edit however. There is no need to be so demeaning, you do not give any "support" or "guidance" in making it better and securer. You basically just say "You suck, you dont know how to secure" instead of guiding and or giving advice. I would highly appreciate if you can tell me where im going wrong and where im on the right track. I use (INT) on the get variables as they are "less" lenient then mysql_real_escape_strings, i did not see the point in Magic quotes so i did what i new at "attempting" to secure the $_POST and $_GET variables. I do say, i really dont feel any urge to post free mods where i hear "statements" or "opinions" like that. Just harsh and irrelevant.

Re: [MCcode V2] Item sell code revamp ~ Last of the lot haha well there you go. I will look into your code and try and familiarize with it and work on your "style" :-) Ps, technically it is a "mod" meaning Modification of an original therefore that is a "mod" whereas you said else wise in your //header