Magictallguy

Haha, I'm African! Nagubal Wbeqna

I taught myself from MC Craps v1 and v2.. Hey, don't knock it until you've tried it! I can code pretty well (if I do say so myself :P), and I taught myself from that - so yeah!

Your reasoning seems fair. If you're serious about this, I'd be happy to help you here :)

Is it wrong to want to hide your identity online? Are you not wanting to keep yourself safe from online predators of information (or more)? I, personally, couldn't give a crap what people find out about me, I have very little to hide.

What made you want to start a game? (just curious)

I like working with classes, it allows me to change anything about how my site handles itself (i.e. my profile() function in a personal class, including username colours, formatting, etc. - my entire game uses that function instead of constantly selecting and displaying a username and donator icon (functions FTW)), from 1 file! I prefer using them to be honest, it makes things so much easier. OOP FTW!

That's a security fail - that won't help you. Wrapping the output in nl2br() would help you here.

"Nyna", an alias of "Alan", a Website Developer, programmer, and hack artist.

Meh, what can I say.. People are money grabbers these days - I can think of a few personally, I "work" with one

[mccode v2] Gym Quick 2 second search :P

Or write your own class.. The v2 database class is a *very* simple one - basic (and outdated, unless you've brought it out of the stone ages!). Heck, I'll write one for you if you want

:/ Database -> users table -> brave and maxbrave rows. Files -> global_func.php -> check_level() function -> updating.

If these 2 haven't done it, feel free to contact me. I'm happy to do it free MSN/Email: [email protected]

If you're going to use sprintf() operators, make sure you actually wrap the code in sprintf().

You're only displaying a message, you're not killing the page too ;) $q = $db->query("SELECT * FROM drugs_bank WHERE ((db_time = unix_timestamp - 21600) AND (userid = $userid))"); if(!$db->num_rows($q)) { echo "The time limit has expired yet please wait some more time"; $h->endpage(); exit; }

That way works too (and is more efficient for those that care).. But you may want to add: $quote = array(); above that to ensure there are no errors (error_reporting(E_ALL))

You hadn't checked if the user ID supplied actually exists.

Only sprintf()'ing a few things, the rest I left virtually intact

<?php /* MCCode V2 - Send.php Coded by Immortal; MAGICTALLGUY'S NOTICE Lines increased from 253 to 267. Code bytes increased from 8,701 to 10,726. Code fixed and correctly secured. Aesthetic updates, XHTML validated (if it doesn't show as validated, it's your fault, not mine ;)) END NOTICE; -- FREE TO ALL MEMBERS OF THE FORUM -- */ include(DIRNAME(__FILE__) . '/globals.php'); $_GET['ID'] = isset($_GET['ID']) && is_numeric($_GET['ID']) ? abs(@intval($_GET['ID'])) : false; $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; $_POST['points'] = isset($_POST['points']) && is_numeric($_POST['points']) ? abs(@intval($_POST['points'])) : null; switch($_GET['action']) { case 'sendbank': sendbank(); break; case 'sendoff': sendoff(); break; case 'sendcash': sendcash(); break; case 'sendpoints': sendpoints(); break; } if(!in_array($_GET['action'], array('sendbank', 'sendoff', 'sendcash', 'sendpoints'))) { echo "Operation not understood!"; $h->endpage(); exit; } function sendbank() { global $db, $h, $ir, $userid; if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending money to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } $selectUser = sprintf("SELECT `userid`, `username`, `bankmoney`, `lastip` FROM `users` WHERE (`userid` = %u)", $_GET['ID']); $queryUser = $db->query($selectUser); if(!$db->num_rows($queryUser)) { echo "This player does not exist"; $h->endpage(); exit; } $er = $db->fetch_row($queryUser); if($er['bankmoney'] == -1 || $ir['bankmoney'] == -1) { echo "Sorry,you or the person you are sending cash to does not have a bank account. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_POST['points']) { if($_POST['points'] > $ir['bankmoney']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } $db->query(sprintf("UPDATE `users` SET `bankmoney` = `bankmoney` - %u WHERE (`userid` = %u)", $_POST['points'], $userid)); $db->query(sprintf("UPDATE `users` SET `bankmoney` = `bankmoney` + %u WHERE (`userid` = %u)", $_POST['points'], $_GET['ID'])); echo sprintf("You transferred \$%sto %s's bank.", number_format($_POST['points']), stripslashes(htmlspecialchars($er['username']))); event_add($_GET['ID'],"You received \$".number_format($_POST['points'])." into your bank account from ".$ir['username']."."); $db->query(sprintf("INSERT INTO `bankxferlogs` VALUES ('', %u, %u, %u, %u, '%s', '%s', 'bank')", $userid, $_GET['ID'], $_POST['points'], time(), $ir['lastip'], $er['lastip'])); } else { echo "<h3>Bank Xfer</h3> You are sending bank money to [b]".stripslashes(htmlspecialchars($er['username']))."[/b]. You have [b]\$".number_format($ir['bankmoney'])."[/b] you can send. <form action='send.php?action=sendbank&ID=".$_GET['ID']."' method='post'> Money: <input type='text' name='points' /> <input type='submit' value='Send' /> </form>"; } } function sendoff() { global $db, $ir, $h, $userid; if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending money to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } $selectUser = sprintf("SELECT `userid`, `username`, `cybermoney`, `lastip` FROM `users` WHERE (`userid` = %u)", $_GET['ID']); $queryUser = $db->query($selectUser); if(!$db->num_rows($queryUser)) { echo "This player does not exist"; $h->endpage(); exit; } $er = $db->fetch_row($queryUser); if($er['cybermoney'] == -1 || $ir['cybermoney'] == -1) { echo "Sorry,you or the person you are sending cash to does not have an off-shore account. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_POST['points']) { if($_POST['points'] > $ir['cybermoney']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } $db->query(sprintf("UPDATE `users` SET `cybermoney` = `cybermoney` - %u WHERE (`userid` = %u)", $_POST['points'], $userid)); $db->query(sprintf("UPDATE `users` SET `cybermoney` = `cybermoney` + %u WHERE (`userid` = %u)", $_POST['points'], $_GET['ID'])); echo sprintf("You transferred \$%s to %s's Cyber Bank.", number_format($_POST['points']), stripslashes(htmlspecialchars($er['username']))); event_add($_GET['ID'],"You received \${$_POST['points']} into your cyber bank account from ".$ir['username']."."); $db->query(sprintf("INSERT INTO bankxferlogs VALUES ('', %u, %u, %u, %u, '%s', '%s', 'cyber')", $userid, $_GET['ID'], $_POST['points'], time(), $ir['lastip'], $er['lastip'])); } else { echo "<h3>Cyber Bank Transfer</h3> You are transferring money to the Cyber Bank of [b]".stripslashes(htmlspecialchars($er['username']))."[/b]. You have [b]\$".number_format($ir['cybermoney'])."[/b] you can send. <form action='send.php?action=sendoff&ID=".$_GET['ID']."' method='post'> Money: <input type='text' name='points' /> <input type='submit' value='Send' /> </form>"; } } function sendpoints() { global $db, $userid, $ir, $h; if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending points to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } $selectUser = sprintf("SELECT userid, username, lastip FROM users WHERE (userid = %u)", $_GET['ID']); $queryUser = $db->query($selectUser); if(!$db->num_rows($queryUser)) { echo "This player does not exist"; $h->endpage(); exit; } $er = $db->fetch_row($queryUser); if($_POST['points']) { if($_POST['points'] > $ir['crystals']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } $db->query(sprintf("UPDATE `users` SET `crystals` = `crystals` - %u WHERE (`userid` = %u)", $_POST['points'], $userid)); $db->query(sprintf("UPDATE `users` SET `crystals` = `crystals` + %u WHERE (`userid` = %u)", $_POST['points'], $_GET['ID'])); echo sprintf("You sent %s crystal%s to %s.", number_format($_POST['points']), ($_POST['points'] == 1) ? '' : 's', stripslashes(htmlspecialchars($er['username']))); event_add($_GET['ID'], sprintf("You received %s crystal%s from %s.", number_format($_POST['points']), ($_POST['points'] == 1) ? '' : 's', $ir['username'])); $db->query(sprintf("INSERT INTO `crystalxferlogs` VALUES ('', %u, %u, %u, %u, '%s', '%s')", $userid, $_GET['ID'], $_POST['points'], time(), $ir['lastip'], $er['lastip'])); } else { echo "<h3>Sending Crystals</h3> You are sending points to [b]".stripslashes(htmlspecialchars($er['username']))."[/b]. You have [b]".number_format($ir['crystals'])."[/b] points you can send. <form action='send.php?action=sendpoints&ID=".$_GET['ID']."' method='post'> Points: <input type='text' name='points' /> <input type='submit' value='Send' /> </form>"; echo "<h3>Latest 5 Transfers</h3> <table class='table' width='75%' border='2'> <tr> <th>Time</th> <th>User From</th> <th>User To</th> <th>Amount</th> </tr>"; $selectTransfers = sprintf( "SELECT cx.*, u1.username AS sender, u2.username AS receiver " . "FROM crystalxferlogs cx " . "LEFT JOIN users u1 ON (cx.cxFROM = u1.userid) " . "LEFT JOIN users u2 ON (cx.cxTO = u2.userid) " . "WHERE (cx.cxFROM = %u) " . "ORDER BY cx.cxTIME DESC LIMIT 5", $userid); $queryTransfers = $db->query($selectTransfers); while($log = $db->fetch_row($queryTransfers)) { echo "<tr>"; echo sprintf("<td>%s</td>", date("F j, Y, g:i:s a", $log['cxTIME'])); echo sprintf("<td>[url='viewuser.php?u=%u']%s[/url] [%s]</td>", $log['cxFROM'], stripslashes(htmlspecialchars($log['sender'])), number_format($log['cxFROM'])); echo sprintf("<td>[url='viewuser.php?u=%u']%s[/url] [%s]</td>", $log['cxTO'], stripslashes(htmlspecialchars($log['receiver'])), number_format($log['cxTO'])); echo sprintf("<td>%s crystal%s</td>", number_format($log['cxAMOUNT']), ($log['cxAMOUNT'] == 1) ? '' : 's'); echo "</tr>"; } echo "</table>"; } } function sendcash() { global $db, $ir, $userid, $h; if(!$_GET['ID']) { echo "Invalid ID. [url='index.php']Back[/url]"; $h->endpage(); exit; } if($_GET['ID'] == $userid) { echo "Is there a particular reason you are sending cash to yourself? [url='index.php']Back[/url]"; $h->endpage(); exit; } $selectUser = sprintf("SELECT userid, username, lastip FROM users WHERE (userid = %u)", $_GET['ID']); $queryUser = $db->query($selectUser); if(!$db->num_rows($queryUser)) { echo "This player does not exist"; $h->endpage(); exit; } $er = $db->fetch_row($queryUser); if(isset($_POST['cash'])) { $_POST['cash'] = abs(@intval($_POST['cash'])); if($_POST['cash'] > $ir['money']) { echo "You are trying to send more than you have. [url='index.php']Back[/url]"; $h->endpage(); exit; } $db->query(sprintf("UPDATE `users` SET `money` = `money` - %u WHERE (`userid` = %u)", $_POST['cash'], $userid)); $db->query(sprintf("UPDATE `users` SET `money` = `money` + %u WHERE (`userid` = %u)", $_POST['cash'], $_GET['ID'])); echo sprintf("You sent \$%s to %s.", number_format($_POST['cash']), stripslashes(htmlspecialchars($er['lastip']))); event_add($_GET['ID'], "You received \${$_POST['cash']} from {$ir['username']}."); $db->query(sprintf("INSERT INTO cashxferlogs VALUES ('', %u, %u, %u, %u, '%s', '%s')", $userid, $_GET['ID'], $_POST['cash'], time(), $ir['lastip'], $er['lastip'])); } else { echo "<h3> Sending Money</h3> You are sending money to [b]".stripslashes(htmlspecialchars($er['username']))."[/b]. You have [b]\$".number_format($ir['money'])."[/b] you can send. <form action='send.php?action=sendcash&ID=".$_GET['ID']."' method='post'> Amount: <input type='text' name='cash' /> <input type='submit' value='Send' /> </form>"; echo "<h3>Latest 5 Transfers</h3> <table class='table' width='75%' border='2'> <tr> <th>Time</th> <th>User From</th> <th>User To</th> <th>Amount</th> </tr>"; $selectTransfers = sprintf( "SELECT cx.*, u1.username AS sender, u2.username AS receiver " . "FROM cashxferlogs cx " . "LEFT JOIN users u1 ON (cx.cxFROM = u1.userid) " . "LEFT JOIN users u2 ON (cx.cxTO = u2.userid) " . "WHERE (cx.cxFROM = %u) " . "ORDER BY cx.cxTIME DESC LIMIT 5", $userid); $queryTransfers = $db->query($selectTransfers); while($log = $db->fetch_row($queryTransfers)) { echo "<tr>"; echo sprintf("<td>%s</td>", date("F j, Y, g:i:s a",$log['cxTIME'])); echo sprintf("<td>[url='viewuser.php?u=%u']%s[/url] [%s]</td>", $log['cxFROM'], stripslashes(htmlspecialchars($log['sender'])), number_format($log['cxFROM'])); echo sprintf("<td>[url='viewuser.php?u=%u']%s[/url] [%s]</td>", $log['cxTO'], stripslashes(htmlspecialchars($log['receiver'])), number_format($log['cxTO'])); echo sprintf("<td>\$%s</td>", number_format($log['cxAMOUNT'])); echo "</tr>"; } echo "</table>"; } } $h->endpage(); ?>

Dante, from the Devil May Cry (DMC) series.. I've also played this game too, it offers decent challenges to those old and new to this game.

Edit the BBCode Engine that comes standard with MC Craps v2 to include images - read up on basic RegEx to see in detail how it works, or simply learn from the code itself (as I did ;))

Why use files?   $rand = mt_rand(1,4); if($rand == 1) { $outcome = 'Some outcome - 1'; } else if($rand == 2) { $outcome = 'something else'; } else if($rand == 3) { $outcome = 'blah'; } else { $outcome == 'spoons!'; }   Simple stuff ;)

The IP address is normally inserted into the database - users table, lastip* column. It's a string that can be changed by the user who knows what they're doing. Escaping the incoming data would be a good practice ;) * = lastip, lastip_login, lastip_signup

Perhaps more than x amount of players found stretch the page ;) I've done it on my game ;)

Something isn't updating the database. Check all your queries, make sure they are updating what they're supposed to. If not, you could always use a SELECT COUNT() query.