Magictallguy

== "Weapons") { $shopname = "If its Weapons you need your here"; $from = "items"; $type = "weapon > '0'"; $show = 100; } elseif ($_GET == "Armour") { $shopname = "Our Best Armour Shop"; $from = "items"; $type = "armor > '0'"; $show = 100; } elseif ($_GET == "Medical") { $shopname = "Our Best Medical Supplies Shop"; $from = "items"; $type = "itmtype = 'ID OF ITEM TYPES FOR MEDICAL ITEMS'"; $show = 100; } else { echo"<h1> this shop dont exsist</h1>"; die(); } $res = mysql_query("SELECT * FROM $from WHERE $type ORDER BY itmbuyprice ASC") or die(mysql_error()); echo "<p class=\"heading\">$shopname</p>"; echo "<table style=\"margin: 0 auto 0 auto; border: solid #292929 0px; width: 90%;\"> <tr style=\"background-color: #6fde45;\"><td style=\"width: 1px;\"><p style=\"margin: 0 0 0 0; font-weight: bold; color: #ffffff;\">Img</p></td> <td><p style=\"margin: 0 0 0 0; font-weight: bold; color: #ffffff;\">Item</p></td> <td><p style=\"margin: 0 0 0 0; font-weight: bold; color: #ffffff;\">Price</p></td> <td><p style=\"margin: 0 0 0 0; font-weight: bold; color: #ffffff;\">Buy</p></td></tr>"; while ($row = mysql_fetch_array($res)) { if ($row[itmbuyable] == 0) continue; $rfc = mt_rand(0, 100); if ($show < $rfc) continue; if (!$i) { $bg = "#ffffff"; $i = 1; } elseif ($i) { $bg = "#ececec"; $i = 0; } $imageuri = $row[itempic]; if (!$imageuri) $imageuri = "images/items/default.jpg"; echo "<tr style=\"background-color: $bg;\"><td><p style=\"margin: 0 0 0 0;\"><img src=\"$imageuri\" title=\"$row[itmdesc]\" style=\"height: 45px;\" /></p></td> <td><p style=\"margin: 0 0 0 0;\"><a href=\""; if ($from == "items") echo "item"; else echo "weapon"; echo "info.php?ID=$row[itmid]\">$row[itmname]</a></p></td> <td><p style=\"margin: 0 0 0 0;\">$". number_format($row[itmbuyprice]) ."</p></td> <td><p style=\"margin: 0 0 0 0;\"><a href=\"item"; if ($from == "items") echo "buy"; else echo "buy"; echo ".php?id=$row[id]\">Buy</a></p></td></tr>"; } echo "</table>"; $h->endpage(); ?> Just to be annoying, and keep my word - recoded towards my personal preferences <?php include(DIRNAME(__FILE__) . '/globals.php'); $pages = array('Weapons', 'Armour', 'Medical'); if(!in_array($_GET['page'], $pages)) { echo "This shop does not exist!"; $h->endpage(); exit; } if($_GET['page'] == "Weapons") { $shopname = "If its Weapons you need you're here"; $from = "items"; $type = "weapon > 0"; $show = 100; } else if($_GET['page'] == "Armour") { $shopname = "Our Best Armour Shop"; $from = "items"; $type = "armor > 0"; $show = 100; } else if($_GET['page'] == "Medical") { $shopname = "Our Best Medical Supplies Shop"; $from = "items"; $type = "itmtype = 'ID OF ITEM TYPES FOR MEDICAL ITEMS'"; $show = 100; } $res = $db->query(sprintf("SELECT * FROM %s WHERE %s ORDER BY itmbuyprice ASC", $from, $type)); echo "<p class='heading'>".$shopname."</p> <table style='margin: 0 auto 0 auto; border: solid #292929 0px; width: 90%;'> <tr style='background-color: #6fde45;'> <td style='width: 1px;'><p style='margin: 0 0 0 0; font-weight: bold; color: #ffffff;'>Img</p></td> <td><p style='margin: 0 0 0 0; font-weight: bold; color: #ffffff;'>Item</p></td> <td><p style='margin: 0 0 0 0; font-weight: bold; color: #ffffff;'>Price</p></td> <td><p style='margin: 0 0 0 0; font-weight: bold; color: #ffffff;'>Buy</p></td> </tr>"; while($row = $db->fetch_row($res)) { if(!$row['itmbuyable']) continue; $rfc = mt_rand(0, 100); if($show < $rfc) continue; if(!$i) { $bg = "#ffffff"; $i = 1; } else { $bg = "#ececec"; $i = 0; } $imageuri = $row['itempic']; if(!$imageuri) $imageuri = "images/items/default.jpg"; echo "<tr style='background-color: $bg;'> <td><p style='margin: 0 0 0 0;'>[img=".$imageuri."]</p></td> <td><p style='margin: 0 0 0 0;'><a href='"; echo ($from == "items") ? "item" : "weapon"; echo "info.php?ID=".$row['itmid']."'>".$row['itmname']."</a></p></td> <td><p style='margin: 0 0 0 0;'>$". number_format($row['itmbuyprice']) ."</p></td> <td><p style='margin: 0 0 0 0;'>[url='itembuy.php?id=".$row[']Buy[/url]</p></td> </tr>"; } echo "</table>"; $h->endpage(); ?>

I've been busy finding a place to live - I got kicked out of my old place and disowned by my mother 11 months ago - only just managed to find a decent place to live with internet access

And what the hell gives you the right to put others down? Alright, we get it, you can code. You were worse than he is a one point, and you didn't like it when others put you down. Heck, I had to council you once just to get you back into WebDev'ing. Get off your high horse, and start appreciating people for who they are, and not their skill level in Website Development.

In my defence, all I did was recode the standard MC Craps v2 forums.php, I didn't add any aestehic updates. You want those? Find a decent graphics designer

<?php function gang_staff_pic() { global $db, $ir, $c, $userid, $gangdata; if($gangdata['gangPRESIDENT'] != $userid) { echo "You are not the gang leader"; $h->endpage(); exit; } if(isset($_POST['vp'])) { if(empty($_POST['vp'])) { print "You did not enter a new pic. [url='yourgang.php?action=staff']> Back[/url]"; $h->endpage(); exit; } if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['newpic'])) { echo "Invalid Extension!"; $h->endpage(); exit; } if(@getimagesize($_POST['newpic']) === FALSE) { echo "Invalid Extension!"; $h->endpage(); exit; } $_POST['vp'] = str_replace(array(".php"), array(""), $_POST['vp']); $_POST['vp']=str_replace('\\\'','\'', $_POST['vp']); $_POST['vp'] = $db->escape($_POST['vp']); $db->query("UPDATE gangs SET gangPIC='{$_POST['vp']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang pic changed! [url='yourgang.php?action=staff']> Back[/url]"; } else { print "Current Pic: "; if($gangdata['gangPIC']) { print "[img=".htmlspecialchars(stripslashes($gangdata[]"; } else { print "[b]No Gang Picture[/b]"; } print"<hr /><form action='yourgang.php?action=staff&act2=pic' method='post'> Please note that the pic must be externally hosted, [url='http://tinypic.com']Tinypic[/url] is our recommendation. Any pics that are not 400x100 will be automatically resized. Pic: <input type='text' name='vp' value='' /> <input type='submit' value='Change' /></form>"; } }

$whitelist = "the tags here"; You were missing the =

Show us lines 8 - 11 of jailshout.php

I develop my code to run without magic_quotes(), that and I don't use MC Craps.. So yeah :P

You stated re-design, I was just saying it isn't a re-design its a whole new forum base ;) I.e. A redesign ;)

Not a hack, just a basic exploit. Secure your source, or hire someone to do so

Well said sir :)

Easily done, simply link up your BBCode Parser (normally something like bccode_engine.php), and make it parse what it should ;)

Code updated :)

I presume you're using MC Codes. If so, then you want to change `admin` to `user_level`. The second error I can't help with until I see the rest of that form code

Already created, and can be seen working at Deadly Country

include(DIRNAME(DIRNAME(__FILE__)) . '/includes/functions.php');

<?php include(DIRNAME(__FILE__) . '/globals.php'); $_GET['time'] = isset($_GET['time']) && is_string($_GET['time']) ? strtolower(trim($_GET['time'])) : false; if($_GET['time'] == 'fiveminutes') { $time = 300; } else if($_GET['time'] == 'thirtyminutes') { $time = 1800; } else if($_GET['time'] == 'onehour') { $time = 3600; } else { $time = 86400; } echo "<table width='90%' border='1' height='20' class='table'> <tr> <th><u>[url='usersonline.php?online=fiveminutes']Five Minutes[/url]</u></th> <th><u>[url='usersonline.php?online=thirtyminutes']Thirty Minutes[/url]</u></th> <th><u>[url='usersonline.php?online=onehour']One Hour[/url]</u></th> <th><u>[url='usersonline.php?online=oneday']One Day[/url]</u></th> </tr> </table>"; echo "<table width='90%' border='1' height='20' class='table'> <tr style='text-decoration:underline;'> <th height='6'>Order</th> <th>Name</th> <th>ID</th> <th>Level</th> <th>Gender</th> <th>Last Action</th> <th>Money</th> <th>Attack</th> </tr>"; $q = $db->query("SELECT `username`,`userid`,`laston`,`gender`,`money`,`level` FROM users WHERE laston > (unix_timestamp() - ".$time.") ORDER BY laston DESC"); while($r = $db->fetch_row($q)) { $la = time() - $r['laston']; $unit = "secs"; if($la >= 60) { $la = (int) ($la / 60); $unit = "mins"; } if($la >= 60) { $la = (int) ($la / 60); $unit = "hours"; if($la >= 24) { $la = (int) ($la / 24); $unit = "days"; } } if($r['laston'] > 0) { $unit = "seconds"; if($la >= 60) { $la = (int) ($la / 60); $unit = "minutes"; } if($la >= 60) { $la = (int) ($la / 60); $unit = "hours"; if($la >= 24) { $la = (int) ($la / 24); $unit = "days"; } } $str = $la." ".$unit." ago"; } else { $str = "--"; } if($r['last_login'] > 0) { $ll = time() - $r['last_login']; $unit2 = "seconds"; if($ll >= 60) { $ll = (int) ($ll / 60); $unit2 = "minutes"; } if($ll >= 60) { $ll = (int) ($ll / 60); $unit2 = "hours"; if($ll >= 24) { $ll = (int) ($ll / 24); $unit2 = "days"; } } $str2 = $ll." ".$unit2." ago"; } else { $str2 = "--"; } $cn++; echo "<tr> <th>".$cn."</th> <th>[url='viewuser.php?u=".$r[']".rasheed($r['username'])."[/url]</th> <th>".rasheed($r['userid'])."</th> <th>".rasheed($r['level'])."</th> <th>".$r['gender']."</th> <th>".$str."</th> <th>\$".rasheed($r['money'])."</th> <th><a href='attack.php?ID=".$r['userid']."'>Attack "; echo ($r['gender'] == 'Female') ? "her" : "him"; echo "</a></th> </tr>"; } echo "</table>"; $h->endpage(); ?>   Untested, but should work fine

You are welcome to do some yourself if you want ;)

Source for the JavaScript http://www.dynamicdrive.com/dynamicindex11/arrowtitle.htm And it does work on the login/register

Ah, my Bank PIN mod. Haven't seen that for a while.. I should really update that sometime lol

Looks like Karlos' code ;)

Hey John, welcome to Make Web Games :) Got any questions, just give me a shout

Fair enough :)

Revisited this thread after randomly searching my name and noticed I hadn't updated the code in a while.. Here's my update - functionality is very similar, it just runs slightly faster (and obviously has no errors lol) <?php include(DIRNAME(__FILE__) . '/globals.php'); echo "<h3>Crystal Bank</h3>"; if($ir['crystalbank'] > -1) { $_GET['action'] = isset($_GET['action']) && ctype_alpha($_GET['action']) ? strtolower(trim($_GET['action'])) : false; switch($_GET['action']) { case "deposit": deposit(); break; case "withdraw": withdraw(); break; default: index(); break; } } else { $cost = 25000; #Change this to the price you would like $s = ($cost == 1) ? '' : 's'; #Do not change this line $currency = 'money'; #Change money to crystals if you would prefer to charge crystals for a crystal bank account $display = ($currency == 'money') ? '$'.number_format($cost) : number_format($cost).'crystal'.$s; #Do not change this line if(isset($_GET['buy'])) { if($ir[$currency] > $cost) { echo "Congratulations, you bought a crystal bank account for ".$what."! [url='crystalbank.php']Start using my account[/url]"; $db->query("UPDATE users SET ".$currency." = ".$currency." - ".$cost.", crystalbank = 0 WHERE (userid = ".$userid.")"); } else { echo "You do not have enough ".$currency." to open an account. [url='explore.php']Back to town...[/url]"; } } else { echo "Open a crystal bank account today, just ".$display."! [url='crystalbank.php?buy']> Yes, sign me up![/url]"; } } function index() { global $db, $ir,$c,$userid,$h; $s = ($ir['crystalbank'] == 1) ? '' : 's'; echo "[b]You currently have ".number_format($ir['crystalbank'])." crystal".$s." in your Crystal bank.[/b] <table width='75%' cellspacing='1' class='table'> <tr> <td width='50%'>[b]Deposit Crystals[/b] <form action='crystalbank.php?action=deposit' method='post'> Amount: <input type='text' name='deposit' value='".number_format($ir['crystals'])."' /> <input type='submit' value='Deposit' /> </form></td> <td>[b]Withdraw Crystals[/b] <form action='crystalbank.php?action=withdraw' method='post'> Amount: <input type='text' name='withdraw' value='".number_format($ir['crystalbank'])."' /> <input type='submit' value='Withdraw' /> </form></td> </tr> </table>"; } function deposit() { global $db, $ir, $userid, $h; $_POST['deposit'] = str_replace(',', '', $_POST['deposit']); $_POST['deposit'] = abs(@floatval($_POST['deposit'])); if($_POST['deposit'] > $ir['crystals']) { echo "You do not have enough crystals to deposit in the bank."; $h->endpage(); exit; } $gain = $_POST['deposit'] - $fee; $ir['crystals'] += $gain; $db->query("UPDATE users SET crystalbank = crystalbank + ".$gain.", crystals = crystals - ".$_POST['deposit']." WHERE (userid = ".$userid.")"); $s = ($_POST['deposit'] == 1) ? '' : 's'; $s2 = ($ir['crystalbank'] == 1) ? '' : 's'; echo "You hand over ".number_format($_POST['deposit'])." crystal".$s." to be deposited, ".number_format($gain)." crystal".$s." are added to your account. [b]You now have ".number_format($ir['crystalbank'])." crystal".$s2." in the crystal bank.[/b] [url='crystalbank.php']> Back[/url]"; } function withdraw() { global $db, $ir, $userid, $h; $_POST['withdraw'] = str_replace(',', '', $_POST['withdraw']); $_POST['withdraw'] = abs(@floatval($_POST['withdraw'])); if($_POST['withdraw'] > $ir['crystalbank']) { echo "You do not have enough crystals to withdraw from the bank."; $h->endpage(); exit; } $gain = $_POST['withdraw']; $ir['crystalbank'] -= $gain; $db->query("UPDATE users SET crystalbank = crystalbank - ".$gain.", crystals = crystals + ".$gain." WHERE (userid = ".$userid.")"); $s = ($gain == 1) ? '' : 's'; $s2 = ($ir['crystalbank'] == 1) ? '' : 's'; echo "You ask to withdraw ".number_format($gain)." crystal".$s.", the banking lady grudgingly hands it over. [b]You now have ".number_format($ir['crystalbank'])." crystal".$s2." in the bank.[/b] [url='crystalbank.php']> Back[/url]"; } $h->endpage(); ?>

Remove the print from that code. It'll error if you don't