Magictallguy

If you're really so bothered about speed, I'm happy to "convert" my code out of sprintf() -.-

strip_tags(), htmlspecialchars()/htmlentities(), and str_replace() can help you here

UPDATE: The ability to notify the players friends (in their friendslist) has been added - suggested by cjholder. I've left it off by default, simply change $notifyFriends = 0; to $notifyFriends = 1; Simple stuff. Here you go :) [mysql]CREATE TABLE `username_requests` ( `req_id` INT( 11 ) NOT NULL AUTO_INCREMENT PRIMARY KEY, `req_time` INT( 11 ) NOT NULL DEFAULT 0, `req_user` INT( 11 ) NOT NULL DEFAULT 0, `req_name` VARCHAR( 255 ) NOT NULL DEFAULT 'n/a' ) ENGINE = MyISAM;[/mysql] Edit smenu.php Add this link: [url='staff_requests.php?action=view']View Username Requests[/url]   For those of you bothered about a few milliseconds of speed, use the codes posted in the SECOND (2ND) expander [expander=Slightly slower method (by a few milliseconds)]Edit: preferences.php Replace the entire name_change() function with this: function name_change() { global $ir, $db, $userid, $h; echo "<h3>Changing your username</h3>"; $select = sprintf("SELECT req_id FROM username_requests WHERE (req_user = %u)", $userid); $query = $db->query($select); if($db->num_rows($query)) { echo "You have already requested a username change. Please wait until your current request is dealt with. [url='preferences.php']Back[/url]"; $h->endpage(); exit; } if(!isset($_POST['submit'])) { echo "<form action='preferences.php?action=namechange' method='post'>"; echo "<table class='table' width='50%' style='text-align:center;'>"; echo "<tr>"; echo "<th>New Name</th>"; echo sprintf("<td><input type='text' name='newName' value=\"%s\" /></td>", stripslashes(htmlspecialchars($ir['username']))); echo "</tr>"; echo "<tr>"; echo "<td colspan='2'><input type='submit' name='submit' value='Request Name Change' /></td>"; echo "</tr>"; echo "</table>"; echo "</form>"; } else { if(empty($_POST['newName']) OR trim($_POST['newName']) == '') { echo "You cannot request a blank name"; $h->endpage(); exit; } $_POST['newName'] = $db->escape($_POST['newName']); $insert = sprintf("INSERT INTO username_requests VALUES ('', %u, %u, '%s')", time(), $userid, $_POST['newName']); $db->query($insert); echo "You username request has been successfully submitted"; } }   Create file: staff_requests.php <?php include(DIRNAME(__FILE__) . '/sglobals.php'); if($ir['user_level'] != 2) { echo "Access denied"; $h->endpage(); exit; } $notifyFriends = 0; $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; switch($_GET['action']) { case 'view': viewRequests(); break; case 'accept': acceptRequest(); break; case 'decline': declineRequest(); break; default: echo "Action not specified"; break; } function viewRequests() { global $db; echo "<h3>Viewing Username Change Requests</h3>"; $select = $db->query( "SELECT r.*, u.username " . "FROM username_requests r " . "LEFT JOIN users u ON (r.req_user = u.userid) " . "ORDER BY r.req_time ASC"); echo "<table class='table' width='75%'>"; echo "<tr>"; echo "<th>User</th>"; echo "<th>Time</th>"; echo "<th>Request</th>"; echo "<th>Actions</th>"; echo "</tr>"; if(!$db->num_rows($select)) { echo "<tr>"; echo "<td colspan='3' style='text-align:center;'>There are currently no requests</td>"; echo "</tr>"; } else { while($row = $db->fetch_row($select)) { echo "<tr>"; echo sprintf("<td>[url='viewuser.php?u=%u']%s[/url] [%s]</a></td>", $row['req_user'], stripslashes(htmlspecialchars($row['username'])), number_format($row['userid'])); echo sprintf("<td>%s</td>", date('H:i:s d/m/y', $row['req_time'])); echo sprintf("<td>%s</td>", stripslashes(htmlspecialchars($row['req_name']))); echo sprintf("<td>[[url='staff_requests.php?action=accept&ID=%u']Accept[/url]] [[url='staff_requests.php?action=decline&ID=%u']Decline[/url]]</td>", $row['req_id'], $row['req_id']); echo "</tr>"; } echo "</table>"; stafflog_add("View the username change requests"); } } function acceptRequest() { global $db, $h, $notifyFriends; echo "<h3>Accepting a username change request</h3>"; $_GET['ID'] = abs(@intval($_GET['ID'])); if(!$_GET['ID']) { echo "No ID specified"; $h->endpage(); exit; } $select = sprintf("SELECT * FROM username_requests WHERE (req_id = %u)", $_GET['ID']); $query = $db->query($select); if(!$db->num_rows($query)) { echo "This request does not exist"; $h->endpage(); exit; } $row = $db->fetch_row($query); $oldName = $db->fetch_single($db->query(sprintf("SELECT username FROM users WHERE (userid = %u)", $row['req_user']))); $updateUser = sprintf("UPDATE users SET username = '%s' WHERE (userid = %u)", $row['req_name'], $row['req_user']); $deleteReq = sprintf("DELETE FROM username_requests WHERE (req_id = %u)", $row['req_id']); $db->query($updateUser); $db->query($deleteReq); event_add($row['req_user'], sprintf("Your username change request that was requested on %s has been accepted.", date('H:i:s, d/m/y', $row['req_time'])); if($notifyFriends) { $selectFriends = sprintf("SELECT fl_ADDED FROM friendslist WHERE (fl_ADDER = %u)", $row['req_user']); $queryFriends = $db->query($selectFriends); if($db->num_rows($queryFriends)) { while($friend = $db->fetch_row($queryFriends)) { event_add($friend['fl_ADDED'], sprintf("[url='viewuser.php?u=%u']%s[/url] [%s] has changed their name to “%s”", $row['req_user'], $oldName, number_format($row['req_user']), $row['req_name'])); } } } stafflog_add(sprintf("Accepted the username change request from %s - now known as %s", $oldName, $row['req_name'])); echo "You have accepted the request"; } function declineRequest() { global $db, $h; echo "<h3>Declining a username change request</h3>"; $_GET['ID'] = abs(@intval($_GET['ID'])); if(!$_GET['ID']) { echo "No ID specified"; $h->endpage(); exit; } $select = sprintf("SELECT * FROM username_requests WHERE (req_id = %u)", $_GET['ID']); $query = $db->query($select); if(!$db->num_rows($query)) { echo "This request does not exist"; $h->endpage(); exit; } $row = $db->fetch_row($query); $currentName = $db->fetch_single($db->query(sprintf("SELECT username FROM users WHERE (userid = %u)", $row['req_user']))); $deleteReq = sprintf("DELETE FROM username_requests WHERE (req_id = %u)", $row['req_id']); $db->query($deleteReq); event_add($row['req_user'], sprintf("Your username change request that was requested on %s has been declined.", date('H:i:s, d/m/y', $row['req_time'])); stafflog_add(sprintf("Declined the username change request from %s", $currentName); echo "You have declined the request"; } $h->endpage(); ?> [/expander] [expander=Slightly faster method]preferences.php edit function name_change() { global $ir, $db, $userid, $h; echo "<h3>Changing your username</h3>"; $query = $db->query("SELECT req_id FROM username_requests WHERE (req_user = ".$userid.")"); if($db->num_rows($query)) { echo "You have already requested a username change. Please wait until your current request is dealt with. [url='preferences.php']Back[/url]"; $h->endpage(); exit; } if(!isset($_POST['submit'])) { echo "<form action='preferences.php?action=namechange' method='post'> <table class='table' width='50%' style='text-align:center;'> <tr> <th>New Name</th> <td><input type='text' name='newName' value=\"".stripslashes(htmlspecialchars($ir['username']))."\" /></td> </tr> <tr> <td colspan='2'><input type='submit' name='submit' value='Request Name Change' /></td> </tr> </table> </form>"; } else { if(empty($_POST['newName']) OR trim($_POST['newName']) == '') { echo "You cannot request a blank name"; $h->endpage(); exit; } $db->query("INSERT INTO username_requests VALUES ('', ".time().", ".$userid.", '".$db->escape($_POST['newName'])."')"); echo "You username request has been successfully submitted"; } }   staff_requests.php <?php include(DIRNAME(__FILE__) . '/sglobals.php'); if($ir['user_level'] != 2) { echo "Access denied"; $h->endpage(); exit; } $notifyFriends = 0; $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; switch($_GET['action']) { case 'view': viewRequests(); break; case 'accept': acceptRequest(); break; case 'decline': declineRequest(); break; default: echo "Action not specified"; break; } function viewRequests() { global $db; echo "<h3>Viewing Username Change Requests</h3>"; $select = $db->query( "SELECT r.*, u.username " . "FROM username_requests r " . "LEFT JOIN users u ON (r.req_user = u.userid) " . "ORDER BY r.req_time ASC"); echo "<table class='table' width='75%'> <tr> <th>User</th> <th>Time</th> <th>Request</th> <th>Actions</th> </tr>"; if(!$db->num_rows($select)) { echo "<tr> <td colspan='3' style='text-align:center;'>There are currently no requests</td> </tr>"; } else { while($row = $db->fetch_row($select)) { echo "<tr> <td>[url='viewuser.php?u=".$row[']".stripslashes(htmlspecialchars($row['username']))."[/url] [".number_format($row['userid'])."]</a></td> <td>".date('H:i:s d/m/y', $row['req_time'])."</td> <td>".stripslashes(htmlspecialchars($row['req_name']))."</td> <td>[[url='staff_requests.php?action=accept&ID=".$row[']Accept[/url]] [[url='staff_requests.php?action=decline&ID=".$row[']Decline[/url]]</td> </tr>"; } echo "</table>"; stafflog_add("View the username change requests"); } } function acceptRequest() { global $db, $h, $notifyFriends; echo "<h3>Accepting a username change request</h3>"; $_GET['ID'] = abs(@intval($_GET['ID'])); if(!$_GET['ID']) { echo "No ID specified"; $h->endpage(); exit; } $query = $db->query("SELECT * FROM username_requests WHERE (req_id = ".$_GET['ID'].")"); if(!$db->num_rows($query)) { echo "This request does not exist"; $h->endpage(); exit; } $row = $db->fetch_row($query); $oldName = $db->fetch_single($db->query("SELECT username FROM users WHERE (userid = ".$row['req_user'].")")); $db->query("UPDATE users SET username = '".$row['req_name']."' WHERE (userid = ".$row['req_user'].")"); $db->query("DELETE FROM username_requests WHERE (req_id = ".$row['req_id'].")"); event_add($row['req_user'], "Your username change request that was requested on ".date('H:i:sd/m/y', $row['req_time'])." has been accepted."); if($notifyFriends) { $queryFriends = $db->query("SELECT fl_ADDED FROM friendslist WHERE (fl_ADDER = ".$row['req_user'].")"); if($db->num_rows($queryFriends)) { while($friend = $db->fetch_row($queryFriends)) { event_add($friend['fl_ADDED'], "[url='viewuser.php?u=".$row[']".$oldName."[/url] [".number_format($row['req_user'])."] has changed their name to “".$row['req_name']."”"); } } } stafflog_add("Accepted the username change request from ".$oldName." - now known as ".$row['req_name']); echo "You have accepted the request"; } function declineRequest() { global $db, $h; echo "<h3>Declining a username change request</h3>"; $_GET['ID'] = abs(@intval($_GET['ID'])); if(!$_GET['ID']) { echo "No ID specified"; $h->endpage(); exit; } $query = $db->query("SELECT * FROM username_requests WHERE (req_id = ".$_GET['ID'].")"); if(!$db->num_rows($query)) { echo "This request does not exist"; $h->endpage(); exit; } $row = $db->fetch_row($query); $currentName = $db->fetch_single($db->query("SELECT username FROM users WHERE (userid = ".$row['req_user'].")")); $db->query("DELETE FROM username_requests WHERE (req_id = ".$row['req_id'].")"); event_add($row['req_user'], "Your username change request that was requested on ".date('H:i:sd/m/y', $row['req_time'])." has been declined."); stafflog_add("Declined the username change request from ".$currentName); echo "You have declined the request"; } $h->endpage(); ?> [/expander] Code is tested, and works fine

  What you fail to realise is my ship is dragging mines! Sorry, your post reminded me of Galaxy Quest (the film) xD

Reasons why I hate Wotlabb.. They need to send out a patch, or MWG admins need to fix it :P

<?php include(DIRNAME(__FILE__) . '/globals.php'); echo "<font size='4' face='Arial, Helvetica, sans-serif'>Your Attack Logs</font> <hr width='75%'> "; switch($_GET['step']) { case 'ayw': ayw(); break; case 'ayl': ayl(); break; default; index(); break; } function index() { echo "So you want to see you attack logs huh? Please choose a section. "; echo "• [url='pal.php?step=ayw']Attacks you've won[/url]. • [url='pal.php?step=ayl']Attacks you've lost[/url]."; echo " <hr width='75%'>> [url='index.php']Home[/url]<hr width='75%'>"; } function ayw() { global $db,$userid; $atks = $db->query( "SELECT a.*, u1.username AS attackern, u2.username AS attackedn " . "FROM attacklogs a " . "LEFT JOIN users u1 ON (a.attacker = u1.userid) " . "LEFT JOIN users u2 ON (a.attacked = u2.userid) " . "WHERE ((u1.userid = $userid) AND (result = 'won')) " . "ORDER BY time DESC LIMIT 100"); echo "The last 100 players you have killed. <table width='75%' cellspacing='1' class='table' style='text-align:center;'> <tr style='background-color:#999;'> <th>Time</th> <th>Attacked</th> </tr>"; while($r = $db->fetch_row($atks)) { $bgcolor = ($bgcolor == "#dfdfdf") ? "#cccccc" : "#dfdfdf"; $d = date('F j, Y, g:i:s a', $r['time']); echo "<tr style='background-color:$bgcolor;'> <td>$d</td> <td>[url='viewuser.php?u={$r[']{$r['attackedn']}[/url]</td> </tr>"; } echo "</table>"; echo " <hr width='75%'>> [url='pal.php']Back[/url]<hr width='75%'>"; } function ayl() { global $db, $userid; $atks = $db->query( "SELECT a.*, u1.username AS attackern, u2.username AS attackedn " . "FROM attacklogs a " . "LEFT JOIN users u1 ON (a.attacker = u1.userid) " . "LEFT JOIN users u2 ON (a.attacked = u2.userid) " . "WHERE ((u2.userid = $userid) AND (result = 'won')) " . "ORDER BY time DESC LIMIT 100"); echo "The last 100 players that killed you. <table width='75%' cellspacing='1' class='table' style='text-align:center;'> <tr style='background-color:#999;'> <th>Time</th> <th>Attacker</th> </tr>"; while($r = $db->fetch_row($atks)) { $bgcolor = ($bgcolor == "#dfdfdf") ? "#cccccc" : "#dfdfdf"; $d = date('F j, Y, g:i:s a', $r['time']); echo "<tr style='background-color:$bgcolor;'> <td>$d</td> <td>[url='viewuser.php?u={$r[']{$r['attackern']}[/url]</td> </tr>"; } echo "</table>"; echo " <hr width='75%'>> [url='pal.php']Back[/url]<hr width='75%'>"; } $h->endpage(); ?>   Works fine for me

<?php include "sglobals.php"; if($ir['user_level'] > 2) { echo "Access Denied"; $h->endpage(); exit; } //This contains course stuffs switch($_GET['action']) { case 'newcrime': new_crime_form(); break; case 'newcrimesub': new_crime_submit(); break; case 'editcrime': edit_crime_begin(); break; case 'editcrimeform': edit_crime_form(); break; case 'editcrimesub': edit_crime_sub(); break; case 'delcrime': delcrime(); break; case 'newcrimegroup': new_crimegroup_form(); break; case 'newcrimegroupsub': new_crimegroup_submit(); break; case 'editcrimegroup': edit_crimegroup_begin(); break; case 'editcrimegroupform': edit_crimegroup_form(); break; case 'editcrimegroupsub': edit_crimegroup_sub(); break; case 'delcrimegroup': delcrimegroup(); break; case 'reorder': reorder_crimegroups(); break; default: print "Error: This script requires an action."; break; } function new_crime_form() { global $ir, $c, $db; print "Adding a new crime. <form action='staff_crimes.php?action=newcrimesub' method='post'> Name: <input type='text' name='name' /> Brave Cost: <input type='text' name='brave' /> Item Needed: ".item2_dropdown($c, 'itemneed')." Success % Formula: <input type='text' name='percform' value='((WILL*0.8)/2.5)+(LEVEL/4)' /> Min Money: <input type='text' name='minmoney' /> Max Money: <input type='text' name='maxmoney' /> Success Crystals: <input type='text' name='crys' /> Success Item: ".item2_dropdown($c, 'item')." Group: ".crimegroup_dropdown($c,'group')." Initial Text: <textarea rows=4 cols=40 name='itext'/></textarea> Success Text: <textarea rows=4 cols=40 name='stext' /></textarea> Failure Text: <textarea rows=4 cols=40 name='ftext' /></textarea> Jail Text: <textarea rows=4 cols=40 name='jtext' /></textarea> Jail Time: <input type='text' name='jailtime' /> Jail Reason: <input type='text' name='jailreason' /> Crime XP Given: <input type='text' name='crimexp' /> <input type='submit' value='Create Crime' /> </form>"; } function new_crime_submit() { global $ir,$c,$userid, $db; if($_POST['itemon'] != "on") { $_POST['item'] = 0; } if(empty($_POST['crys'])) { $_POST['crys'] = 0; } $db->query("INSERT INTO crimes(crimeNAME, crimeBRAVE, crimePERCFORM, crimeMINMONEY, crimesMAXMONEY, crimeSUCCESSCRYS, crimeSUCCESSITEM, crimeGROUP, crimeITEXT, crimeSTEXT, crimeFTEXT, crimeJTEXT, crimeJAILTIME, crimeJREASON, crimeXP, crimeITEM) VALUES('{$_POST['name']}', '{$_POST['brave']}', '{$_POST['percform']}', '{$_POST['minmoney']}', '{$_POST['maxmoney']}', {$_POST['crys']}, {$_POST['item']}, '{$_POST['group']}', '{$_POST['itext']}', '{$_POST['stext']}', '{$_POST['ftext']}', '{$_POST['jtext']}', {$_POST['jailtime']}, '{$_POST['jailreason']}', {$_POST['crimexp']}, {$_POST['itemneed']})"); print "Crime created!"; stafflog_add("Created crime {$_POST['name']}"); } function edit_crime_begin() { global $ir,$c,$h,$userid,$db; print "<h3>Editing Crime</h3>You can edit any aspect of this crime. <form action='staff_crimes.php?action=editcrimeform' method='post'> Crime: ".crime_dropdown($c,'crime')." <input type='submit' value='Edit Crime' /> </form>"; } function edit_crime_form() { global $ir,$c,$h,$userid,$db; $d = $db->query("SELECT * FROM crimes WHERE crimeID={$_POST['crime']}"); $itemi = $db->fetch_row($d); print "<h3>Editing Crime</h3> <form action='staff_crimes.php?action=editcrimesub' method='post'> <input type='hidden' name='crimeID' value='{$_POST['crime']}' /> Name: <input type='text' name='crimeNAME' value='{$itemi['crimeNAME']}' /> Brave Cost: <input type='text' name='crimeBRAVE' value='{$itemi['crimeBRAVE']}' /> Item Needed: ".item2_dropdown($c, 'crimeITEM', $itemi['crimeITEM'])." Success % Formula: <input type='text' name='crimePERCFORM' value='{$itemi['crimePERCFORM']}' /> Min Money: <input type='text' name='crimeMINMONEY' value='{$itemi['crimeMINMONEY']}' /> Min Money: <input type='text' name='crimeMAXMONEY' value='{$itemi['crimeMAXMONEY']}' /> Success Crystals: <input type='text' name='crimeSUCCESSCRYS' value='{$itemi['crimeSUCCESSCRYS']}' /> Success Item: ".item2_dropdown($c, 'crimeSUCCESSITEM', $itemi['crimeSUCCESSITEM'])." Group: ".crimegroup_dropdown($c,'crimeGROUP', $itemi['crimeGROUP'])." Initial Text: <textarea rows=4 cols=40 name='crimeITEXT'/>{$itemi['crimeITEXT']}'</textarea> Success Text: <textarea rows=4 cols=40 name='crimeSTEXT' />{$itemi['crimeSTEXT']}</textarea> Failure Text: <textarea rows=4 cols=40 name='crimeFTEXT' />{$itemi['crimeFTEXT']}</textarea> Jail Text: <textarea rows=4 cols=40 name='crimeJTEXT' />{$itemi['crimeJTEXT']}</textarea> Jail Time: <input type='text' name='crimeJAILTIME' value='{$itemi['crimeJAILTIME']}' /> Jail Reason: <input type='text' name='crimeJREASON' value='{$itemi['crimeJREASON']}' /> Crime XP Given: <input type='text' name='crimeXP' value='{$itemi['crimeXP']}' /> <input type='submit' value='Edit Crime' /> </form>"; } function edit_crime_sub() { global $ir,$c,$h,$userid, $db; $db->query("UPDATE crimes SETcrimeNAME='{$_POST['crimeNAME']}', crimeBRAVE='{$_POST['crimeBRAVE']}', crimePERCFORM='{$_POST['crimePERCFORM']}', crimeSUCCESSMUNY='{$_POST['crimeSUCCESSMUNY']}', crimeSUCCESSCRYS='{$_POST['crimeSUCCESSCRYS']}', crimeSUCCESSITEM='{$_POST['crimeSUCCESSITEM']}', crimeGROUP='{$_POST['crimeGROUP']}', crimeITEXT='{$_POST['crimeITEXT']}', crimeSTEXT='{$_POST['crimeSTEXT']}', crimeFTEXT='{$_POST['crimeFTEXT']}', crimeJTEXT='{$_POST['crimeJTEXT']}', crimeJAILTIME={$_POST['crimeJAILTIME']}, crimeJREASON='{$_POST['crimeJREASON']}', crimeXP={$_POST['crimeXP']}, crimeITEM={$_POST['crimeITEM']}WHERE crimeID={$_POST['crimeID']}"); print "Crime edited..."; stafflog_add("Edited crime {$_POST['crimeNAME']}"); } function delcrime() { global $ir,$c,$h,$userid, $db; switch($_GET['step']) { default: echo "<h3>Deleting Crime</h3> Here you can delete a crime. <form action='staff_crimes.php?action=delcrime&step=2' method='post'> Crime: ".crime_dropdown($c,'crime')." <input type='submit' value='Delete Crime' /> </form>"; break; case 2: $target = $_POST['crime']; $d = $db->query("SELECT crimeNAME FROM crimes WHERE crimeID='$target'"); $itemi = $db->fetch_row($d); print "<h3>Confirm</h3> Delete crime -".$itemi["crimeNAME"]."? <form action='staff_crimes.php?action=delcrime&step=3' method='post'> <input type='hidden' name='crimeID' value='$target' /> <input type='submit' name='yesorno' value='Yes' /> <input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_crimes.php?action=delcrime';\" /> </form>"; break; case 3: $target = $_POST['crimeID']; if($_POST['yesorno']=='No') { echo "Crime not deleted. [url='staff_crimes.php?action=delcrime']>Back to main delete crimes page.[/url]"; $h->endpage(); exit; } if(!in_array($_POST['yesorno'], array("No", "Yes"))) { echo "Invalid choice"; $h->endpage(); exit; } $d = $db->query("SELECT crimeNAME FROM crimes WHERE crimeID='$target'"); $itemi = $db->fetch_row($d); $db->query("DELETE FROM crimes WHERE crimeID='$target'"); echo "Crime {$itemi['crimeNAME']} Deleted. [url='staff_crimes.php?action=delcrime']>Back to main delete crimes page.[/url]"; stafflog_add("Deleted crime {$itemi['crimeNAME']}"); break; } } function new_crimegroup_form() { global $ir, $c,$db; print "Adding a new crime group. <form action='staff_crimes.php?action=newcrimegroupsub' method='post'> Name: <input type='text' name='cgNAME' /> Order Number: <input type='text' name='cgORDER' /> <input type='submit' value='Create Crime Group' /> </form>"; } function new_crimegroup_submit() { global $ir,$c,$userid,$db; if(!isset($_POST['cgNAME']) || !isset($_POST['cgORDER'])) { print "You missed one or more of the required fields. Please go back and try again. [url='staff_crimes.php?action=newcrimegroup']> Back[/url]"; $h->endpage(); exit; } $db->query("INSERT INTO `crimegroups`(`cgNAME`, `cgORDER`) VALUES('{$_POST['cgNAME']}','{$_POST['cgORDER']}')"); print "Crime Group created!"; stafflog_add("Created Crime Group {$_POST['cgNAME']}"); } function edit_crimegroup_begin() { global $ir,$c,$h,$userid,$db; print "<h3>Editing A Crime Group</h3> <form action='staff_crimes.php?action=editcrimegroupform' method='post'> Crime Group: ".crimegroup_dropdown($c,'crimeGROUP')." <input type='submit' value='Edit Crime Group' /> </form>"; } function edit_crimegroup_form() { global $ir,$c,$h,$userid,$db; $d=$db->query("SELECT * FROM crimegroups WHERE cgID={$_POST['crimeGROUP']}"); $itemi=$db->fetch_row($d); print "<h3>Editing Crime Group</h3> <form action='staff_crimes.php?action=editcrimegroupsub' method='post'> <input type='hidden' name='cgID' value='{$_POST['crimeGROUP']}' /> Name: <input type='text' name='cgNAME' value='{$itemi['cgNAME']}' /> Order Number: <input type='text' name='cgORDER' value='{$itemi['cgORDER']}' /> <input type='submit' value='Edit Crime Group' /> </form>"; } function edit_crimegroup_sub() { global $ir,$c,$h,$userid, $db; if(!isset($_POST['cgORDER']) || !isset($_POST['cgNAME'])) { print "You missed one or more of the required fields. Please go back and try again. [url='staff_crimes.php?action=editcrimegroup']> Back[/url]"; $h->endpage(); exit; } else { $db->query("UPDATE crimegroups SETcgNAME='{$_POST['cgNAME']}', cgORDER='{$_POST['cgORDER']}' WHERE cgID='{$_POST['cgID']}'"); print "Crime Group edited..."; stafflog_add("Edited Crime Group {$_POST['cgNAME']}"); } } function delcrimegroup() { global $ir,$c,$h,$userid, $db; switch($_GET['step']) { default: echo "<h3>Deleting Crime Group</h3> <script type='text/javascript'> function checkme() { if(document.theform.crimeGROUP.value == document.theform.crimeGROUP2.value) { alert('You cannot select the same crime group to move the crimes to.'); return false; } return true; } </script> <form action='staff_crimes.php?action=delcrimegroup&step=2' method='post' name='theform' onsubmit='return checkme();'> Crime Group: ".crimegroup_dropdown($c,'crimeGROUP')." Move crimes in deleted group to: ".crimegroup_dropdown($c, 'crimeGROUP2')." <input type='submit' value='Delete Crime Group' /> </form>"; break; case 2: $target = $_POST['crimeGROUP']; $target2 = $_POST['crimeGROUP2']; if($target==$target2) { echo "You cannot select the same crime group to move the crimes to."; $h->endpage(); exit; } $d=$db->query("SELECT cgNAME FROM crimegroups WHERE cgID='$target'"); $itemi=$db->fetch_row($d); print "<h3>Confirm</h3> Delete crime group -".$itemi["cgNAME"]."? <form action='staff_crimes.php?action=delcrimegroup&step=3' method='post'> <input type='hidden' name='cgID' value='$target' /> <input type='hidden' name='cgID2' value='$target2' /> <input type='submit' name='yesorno' value='Yes' /> <input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_crimes.php?action=delcrimegroup';\" /> </form>"; break; case 3: $target = $_POST['cgID']; $target2 = $_POST['cgID2']; if($_POST['yesorno']=='No') { echo "Crime Group not deleted."; $h->endpage(); exit; } if($_POST['yesorno'] !=("No" || "Yes")) die('This shouldnt happen'); $d=$db->query("SELECT cgNAME FROM crimegroups WHERE cgID='$target'"); $itemi=$db->fetch_row($d); $db->query("DELETE FROM crimegroups WHERE cgID='{$_POST['cgID']}'"); $db->query("UPDATE crimes SET crimeGROUP={$target2} WHERE crimeGROUP={$target}"); stafflog_add("Deleted crime group {$itemi['cgNAME']}"); echo "Crime Group deleted."; break; } } function reorder_crimegroups() { global $db,$ir,$c,$h,$userid; if($_POST['submit']) { unset($_POST['submit']); $used = array(); foreach($_POST as $v) { if(in_array($v, $used)) { print "You have used the same order number twice! Go back and try again."; $h->endpage(); exit; } $used[] = $v; } foreach($_POST as $k => $v) { $cg = str_replace("order","", $k); if(is_numeric($cg)) { $db->query("UPDATE crimegroups SET cgORDER={$v} WHERE cgID={$cg}"); } } print "Crime group order updated!"; stafflog_add("Reordered crime groups"); } else { $q = $db->query("SELECT * FROM crimegroups ORDER BY cgORDER ASC, cgID ASC"); $rows = $db->num_rows($q); $i = 0; print "<h3>Re-ordering Crime Groups</h3><hr /> <form action='staff_crimes.php?action=reorder' method='post'> <input type='hidden' name='submit' value='1' /> <table width='80%' cellspacing='1' class='table'> <tr> <th>Crime Group</th> <th>Order</th> </tr>\n\n"; while($r=$db->fetch_row($q)) { $i++; print "<tr> <td>{$r['cgNAME']}</td> <td><select name='order{$r['cgID']}' type='dropdown'>"; for($j = 1; $j <= $rows; $j++) { if($j == $i) { print "<option value='{$j}' selected='selected'>{$j} </option>"; } else { print "<option value='{$j}'>{$j}</option>"; } } print "</select></td> </tr>"; } print "<tr> <td colspan='2' align='center'><input type='submit' value='Reorder' /></td> </tr> </table> </form>"; } } function report_clear() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { echo "Access Denied"; $h->endpage(); exit; } $_GET['ID'] = abs(@intval($_GET['ID'])); stafflog_add("Cleared player report ID {$_GET['ID']}"); $db->query("DELETE FROM preports WHERE prID={$_GET['ID']}"); print "Report cleared and deleted! [url='staff_users.php?action=reportsview']> Back[/url]"; } $h->endpage(); ?>   For the create crime, you must fill in *all* boxes, settings crystals to 0 if you don't wish to use them. - I have edited the code so you no longer have to worry about that. For the edit crime, install your code properly next time..

That, or you could log all queries that involve user input. Yes, it's a taxing system, but used in short bursts can help you

Topic needs splitting then my friend ;)

O.o Dr. Juklaensna :D

The Cruciatus Curse is what you are referring to CrimGame.com ;) Crucio!

By typing {money} in the success text

/me randomly passes by and casts a spell on you.. Levicorpus - I CAN FLY!! :D

MC Codes is mostly 4 languages combined :P (X)HTML, CSS, PHP, and MySQL

By default, it's the $gain variable. Search for it in the gym.php and edit the formula

Meh, may as well list mine seeing as we're going from a help topic to whatever you want to call this :P Anthony Anth Ant Tony Magictallguy Magic MTG Man-whore Man-slut

IF you can code ;) Not everyone can xD If they can't code, then that's their problem - they should learn!

Perhaps converting the system from v2 would help you here

As the game grows, so do the stats - it's inevitable. Limiting the trains seems like a good idea in principle, but you could also/just limit the amount gained from training

HTML fail much?   <?php session_start(); include 'config.php'; global $_CONFIG; define('MONO_ON', 1); require 'class/class_db_'.$_CONFIG['driver'].'.php'; $db = new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c = $db->connection_id; $set = array(); $settq = $db->query('SELECT * FROM settings'); while($r = $db->fetch_row($settq)) { $set[$r['conf_name']] = $r['conf_value']; } ?> <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'> <head> <title><?php echo stripslashes(htmlspecialchars($set['game_name'])); ?></title> </head> <body style='background-color:#CCC;'> <table border='0' style='background-color:#DDE;text-align:center;'> <tr style='background-color:#AAA;'> <td style='text-align:center;'><?php echo stripslashes(htmlspecialchars($set['game_name'])); ?> - Login</td> </tr> <tr> <td> <form action='authenticate.php' method='post'> <input type='text' name='name' /> <input type='password' name='password' /> <input type='image' src='submit.jpg' style='width:84;height:26;' /> </form> </td> </tr> </table> </body> </html>   XHTML valid, Transitional level.

The abs() and intval() on the number coming from the database is not required - and is pretty much a waste of space ;)   $check = $db->query(sprintf("SELECT daily_train_id FROM daily_train WHERE (daily_train_userid = %u)", $ir['userid'])); if($db->num_rows($check)) { $db->query(sprintf("UPDATE daily_train SET daily_train_time = %u WHERE (daily_train_userid = %u)", time(), $ir['userid'])); } else { $db->query(sprintf("INSERT INTO daily_train VALUES ('', %u, %u)", $ir['userid'], time())); }   $allow_train = $db->query(sprintf("SELECT daily_train_time FROM daily_train WHERE (daily_train_userid = %u)", $ir['userid'])); $allow_t = $db->fetch_row($allow_train); if($allow_t['daily_train_time'] < time() - 86400) { echo 'Sorry, you can only train once a day. [url="index.php"]> Go Home[/url]'; $h->endpage(); exit; }

I'd rather just call you Sahid, shedh, or Mr. Chunara :P

Fair enough, all yours :)

Getting back on topic, I can create this - make an offer my friend :P

My edits: Bytes: 9,775 to 8,673 Lines: 221 to 152 <?php /*----------------------------------------------------- - MCCodes V2 || Streets - Revamped by Jordan ('Pudda') - Freebie :D -----------------------------------------------------*/ $noturns = "Sorry you dont see to have any walks left today. Come back tomorrow"; include(DIRNAME(__FILE__) . '/globals.php'); if($ir['turns'] <= 0) { echo $noturns; $h->endpage(); exit; } $_GET['act'] = isset($_GET['act']) && is_string($_GET['act']) ? trim($_GET['act']) : ""; switch($_GET['act']) { case 'search': search_streets(); break; default: index(); break; } function index() { global $db, $ir, $userid, $h, $db; $cityname = $db->fetch_single($db->query("SELECT cityname FROM cities WHERE cityid = ".$ir['location'])); $Type = mt_rand(1, 8); echo "<h2 style='text-align:center;'>".$cityname." Streets</center></h2>"; echo "[img=http://i42.tinypic.com/2h6cd41.jpg] <map name='Map'> <area shape='rect' coords='205,274,270,339' href='?act=search&search=".$Type."'> <area shape='rect' coords='273,3,338,68' href='?act=search&search=".$Type."'> <area shape='rect' coords='138,138,203,203' href='?act=search&search=".$Type."'> <area shape='rect' coords='274,138,339,203' href='?act=search&search=".$Type."'> <area shape='rect' coords='204,137,269,202' href='?act=search&search=".$Type."'> <area shape='rect' coords='2,138,67,203' href='?act=search&search=".$Type."'> <area shape='rect' coords='3,69,68,134' href='?act=search&search=".$Type."'> <area shape='rect' coords='273,207,338,272' href='?act=search&search=".$Type."'> <area shape='rect' coords='275,70,340,135' href='?act=search&search=".$Type."'> <area shape='rect' coords='205,70,270,135' href='?act=search&search=".$Type."'> <area shape='rect' coords='2,274,67,339' href='?act=search&search=".$Type."'> <area shape='rect' coords='69,274,134,339' href='?act=search&search=".$Type."'> <area shape='rect' coords='340,342,405,407' href='?act=search&search=".$Type."'> <area shape='rect' coords='341,409,406,474' href='?act=search&search=".$Type."'> <area shape='rect' coords='273,410,338,475' href='?act=search&search=".$Type."'> <area shape='rect' coords='206,410,271,475' href='?act=search&search=".$Type."'> <area shape='rect' coords='138,410,203,475'href='?act=search&search=".$Type."'> <area shape='rect' coords='70,408,135,473' href='?act=search&search=".$Type."'> <area shape='rect' coords='3,407,68,472' href='?act=search&search=".$Type."'> <area shape='rect' coords='3,341,68,406' href='?act=search&search=".$Type."'> <area shape='rect' coords='138,342,203,407' href='?act=search&search=".$Type."'><area shape='rect' coords='68,341,133,406' href='?act=search&search=".$Type."'> <area shape='rect' coords='206,342,271,407' href='?act=search&search=".$Type."'><area shape='rect' coords='274,342,339,407' href='?act=search&search=".$Type."'> <area shape='rect' coords='272,272,337,337' href='?act=search&search=".$Type."'> </map> </center>"; } function search_streets() { global $db, $ir, $userid, $h; /*----------------------------------------------------- # Start Config # -----------------------------------------------------*/ $cityname = $db->fetch_single($db->query("SELECT cityname FROM cities WHERE cityid = ".$ir['location'])); $nonrecorded = "What you doing here? [url='index.php']Go back[/url]"; $rand = mt_rand(0,2); $randhard = mt_rand(0,3); $randmoney = mt_rand(1,100); $randcrystals = mt_rand(1,8); $itemidsearch2 = 39; //Item id for search 2 $quantitysearch2 = 1; //Item quantity for search 2 $itemidsearch4 = 36; //Item id for search 4 $quantitysearch4 = 1; //Item quantity for search 4 $itemidsearch5 = 37; //Item id for search 5 $quantitysearch5 = 1; //Item quantity for search 5 $itemidsearch7 = 38; //Item id for search 7 $quantitysearch7 = 1; //Item quantity for search 7 $itemidsearch8 = 36; //Item id for search 8 $quantitysearch8 = 1; //Item quantity for search 8 /*----------------------------------------------------- # End Config # -----------------------------------------------------*/ $_GET['search'] = abs(@intval($_GET['search'])); if(!$_GET['search']) { echo $nonrecorded; $h->endpage(); exit; } $db->query("UPDATE `users` SET `turns`=`turns`-1 WHERE `userid`=$userid"); if($_GET['search'] == 1) { if($rand == 1) { $db->query("UPDATE `users` SET `money`=`money`+".$randmoney." WHERE `userid`=$userid"); echo "<span style='color:green;font-weight:700;'>Success</span> You found ".money_formatter($randmoney)." after searching an random box"; } else { echo "<span style='color:red;font-weight:700;'>Unlucky!</span> While searching ".$cityname." You didnt come across anything useful "; } } else if($_GET['search'] == 2) { if($rand == 1) { $db->query("INSERT INTO `inventory` VALUES('',$itemidsearch2,$userid,$quantitysearch2)"); echo "<span style='color:green;font-weight:700;'>Success</span> While searching ".$cityname." you found an mysterious item. Go to your inventory to find out what"; } else { $Time = mt_rand(20,100); echo "<span style='color:red;font-weight:700;'>Unlucky!</span> While searching ".$cityname." a police officer arrested you."; $db->query(sprintf("UPDATE `users` SET `jail` = %u, `jail_reason` = 'Arrested for hanging around %s' WHERE `userid` = %u", $Time, $cityname, $userid)); } } else if($_GET['search'] == 3) { if($rand == 1) { $db->query("UPDATE `users` SET `money`=`money`+".$randmoney." WHERE `userid`=$userid"); echo "<font color = 'green'>[b]Sucess[/b]</font> You found ".money_formatter($randmoney)." after robbing an random old man"; } else { $Time = mt_rand(20,100); echo "<span style='color:red;font-weight:700;'>Unlucky!</span> While searching ".$cityname." you got shot."; $db->query(sprintf("UPDATE `users` SET `hospital` = %u, `hospreason` = 'While searching %s they got shot' WHERE `userid` = %u", $Time, $cityname, $userid)); } } else if($_GET['search'] == 4) { if($randhard == 1) { $db->query("INSERT INTO inventory VALUES('',$itemidsearch4,$userid,$quantitysearch4)"); echo "<span style='color:green;font-weight:700;'>Success</span> While searching ".$cityname." you found an mysterious item. Go to your inventory to find out what"; } else { echo "<span style='color:red;font-weight:700;'>Unlucky!</span> While searching ".$cityname." you found NOTHING!"; } } else if($_GET['search'] == 5) { $db->query("INSERT INTO inventory VALUES('',$itemidsearch5,$userid,$quantitysearch5)"); echo "<span style='color:green;font-weight:700;'>Success</span> While searching ".$cityname." you found an mysterious item. Go to your inventory to find out what"; } else if($_GET['search'] == 6) { if($rand == 1) { $db->query("UPDATE users SET `crystals`=`crystals`+".$randcrystals." WHERE userid=$userid"); echo "<span style='color:green;font-weight:700;'>Success</span> While searching ".$cityname." You fell down a hole and found ".number_format($randcrystals); } else { $Time = mt_rand(20,100); echo "<span style='color:red;font-weight:700;'>Unlucky!</span> While searching ".$cityname." a police officer arrested you."; $db->query(sprintf("UPDATE `users` SET `jail` = %u, `jail_reason` = 'Arrested for hanging around %s' WHERE `userid` = %u", $Time, $cityname, $userid)); } } else if($_GET['search'] == 7) { if($rand == 1) { $db->query("INSERT INTO inventory VALUES('',$itemidsearch7,$userid,$quantitysearch7)"); echo "<span style='color:green;font-weight:700;'>Success</span> While searching ".$cityname." You found an mysterious item. Go to your inventory to find out what"; } else { $Time = mt_rand(20,100); echo "<span style='color:red;font-weight:700;'>Unlucky!</span> While searching ".$cityname." a police officer arrested you."; $db->query(sprintf("UPDATE `users` SET `jail` = %u, `jail_reason` = 'Arrested for hanging around %s' WHERE `userid` = %u", $Time, $cityname, $userid)); } } else if($_GET['search'] == 8) { if($randhard == 1) { $db->query("INSERT INTO inventory VALUES('',$itemidsearch8,$userid,$quantitysearch8)"); echo "<span style='color:green;font-weight:700;'>Success</span> While searching ".$cityname." You found an mysterious item. Go to your inventory to find out what"; } else { $Time = mt_rand(20,100); echo "<span style='color:red;font-weight:700;'>Unlucky!</span> While searching ".$cityname." a police officer arrested you."; $db->query(sprintf("UPDATE `users` SET `jail` = %u, `jail_reason` = 'Arrested for hanging around %s' WHERE `userid` = %u", $Time, $cityname, $userid)); } } } $h->endpage(); ?>