Magictallguy

Re: [mccodes v2] Combined Gallery and Comment System [$40.00] There is a free version, but read through the code ask yourself this: Is it secure? Does it offer any functionality that mine does? Is the free version closer to what your looking for? I think $40 is a fair price considering I spent over 5 hours on this. I even missed Star Trek for this! xD Thank you to AlabamaHit for, well, defending me. I posted on his topic saying that I don't code for a price. This is a one-off. I'm wanting to see if anyone is interested. I may bring the price down though.

A fully working gallery system with a combined comment system. Allows users to upload and displays galleries to one-another. Abilities to comment on theirs/others pictures. More abilities shown in the screenshots http://www.velocity-islands.co.uk/magic/gallery <-- screenshots found there 1 file, 2 SQL tables, 1 users table addition. Can be seen working on Torn County This took me about 4 hours to create, it's secure, and only certain image formats will be accepted   PM/IM me if interested. [email protected]

Re: Working Proxy Blocker - Blocks MOST Proxies [$10] I've already said that I've removed it..

Re: Working Proxy Blocker - Blocks MOST Proxies [$10] I've removed the proxy blocker as it gave me problems... Sorry Alan

Re: [mccodes v2] Jail Bust Offer [$5.00] Indeed it has! [email protected] <-- email/MSN, feel free to contact me if you get bored :P

Re: [mccodes v2] Jail Bust Offer [$5.00] This is actually one of the reasons I don't charge for my coding.. I'd get people bothering me saying that I'm charging to much for my services for which I'm going out my own way and spending my time on someone else's site.. All in all, I code for free. But not for everyone..

Re: Working Proxy Blocker - Blocks MOST Proxies [$10] To work with AOL proxies, I could use $_SERVER['REMOTE_ADDR'] and edit in a list IP's/IP ranges from AOL themselves. http://webmaster.info.aol.com/proxyinfo.html

Re: Working Proxy Blocker - TESTED WORKS 100% READ!! [$10] This proxy blocker uses a PHP socket function and a specified port (makes sense to me at least) You could've got through as you were using Port 80?

Re: Working Proxy Blocker - TESTED WORKS 100% READ!! [$10] In that case, I'll work with the code as it was one of the sites I work on that it was tested on. I'll see if I can allow AOL proxies while blocking .. proxies!

Re: Giving Item To All Users [FREE]     $name = mysql_fetch_object(mysql_query("SELECT itmname FROM items WHERE itmid = ".$_POST['item']." ")); event_add($r['userid'],"The population has just been given item $name->itmname, Click [url='inventory.php']Here[/url] to check.",$c);   This is untested..... v2 $name = $db->fetch_single($db->query(sprintf("SELECT itmname FROM items WHERE (itmid = %u)", $_POST['item']))); event_add($r['userid'],"The population has just been given a/an ".stripslashes($name).". Click [url='inventory.php']Here[/url] to check.");   Feel free to remove the stripslashes(), as most people don't secure their files (including staff panel), it wouldn't be needed!

Re: Updated Explore V.2 I'm working on the staff side of this mod

Re: Updated Explore V.2 I have now created this, feel free to mail me if you want a copy

Re: Free Jail All in one So you post a script that is obviously not yours to post, can't fix it and now want help?

Re: Warning [me=Magictallguy]has read through this topic and is astonished at the stupidity of people..[/me] And I know Dan (Twizted), he's not that bad but yea.. Ok xD

Re: 8 Lines to secure your site from known sql injections.   In globals.php function clean($string) { $string = mysql_real_escape_string(htmlspecialchars($string)); return $string; } Use as shown (Preferences - Name Change given as example) mysql_query("UPDATE users SET username = ".clean($_POST['newname'])." WHERE userid = $userid"); or $UpdateName = sprintf("UPDATE users SET username = '%s' WHERE (userid = %d)", clean($_POST['newname']), $userid); mysql_query($UpdateName);   Above switch($_GET['action']) $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : "";   Secures $_POST if used properly (alphanumeric) $_POST['blah'] = isset($_POST['blah']) && is_string($_POST['blah']) && preg_match("`^\d+$`ims", $_POST['blah']) ? @intval($_POST['blah']) : 0;

Re: Help Needed (Crons) Speaking of crons help (:P) Anyone got a decent way of running crons when they're not in the game folder? I've tested php -f >> run-parts None work..

Re: Updated Display Pic System [V2] Why you're viewuser? It goes into your Preferences...

Re: Cheats May post a secure forums soon :)

Re: [mod] Flash header all Versions of MCC Well I like it! Just gotta be careful about copyright issues. I'll do some checking later

Re: learning mysql_real_escape_string just need to verify. Looks good to me Killah :)

Re: Mccode username   $_POST['username'] = htmlentities(mysql_real_escape_string($_POST['username'])); Use that

Re: learning mysql_real_escape_string just need to verify. I know, I put that last night. Then, an hour later, I realised I was wrong lol

Re: learning mysql_real_escape_string just need to verify.   echo $user['signature']; // insecure, the data in the database may contain html echo mysql_real_escape_string(htmlentities($user['signature'])); // NOW secure, the html being displayed is now replaced with entities and all quote marks and apostrophies are escaped   You'd use it for any string that's likely to be outputted, so lets say, for profile sig, they input   <script>alert("xss")</script>   This would be XSS, I normally escape the HTML when its fetched from the DB, though some replace HTML before it actually enters the database. So..To secure this, its pretty simple...   echo $user['signature']; // insecure, the data in the database may contain html echo htmlentities($user['signature']); // secure, the html being displayed is now replaced with entities   More info: http://uk3.php.net/htmlentities

Re: Blow members minds with the ULTIMATE explore page Sounds like the perfect program! What's the downside?

Re: Cheats A secure cmarket.php for you too ;) Crystal Market - cmarket.php <?php include("globals.php"); echo ("<h3>Crystal Market</h3>"); //----------- $_GET['ID'] = abs(@intval($_GET['ID'])); //----------- $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : ""; //----------- switch($_GET['action']) { case "buy": crystal_buy(); break; case "remove": crystal_remove(); break; case "add": crystal_add(); break; default: cmarket_index(); break; } function cmarket_index() { global $db,$ir,$c,$userid,$h; print "[url='cmarket.php?action=add']> Add A Listing[/url] Viewing all listings... <table width='95%' cellspacing='2' cellpadding='2' class='table' border='1'> <tr style='background:gray'> <th>Adder</th> <th>Qty</th> <th>Price each</th> <th>Price total</th> <th>Links</th> </tr>"; $SELECT_ALL_NEEDED_INFO_INSTEAD_OF_JUST_EVERYTHING_AS_THAT_IS_VERY_STUPID = ( "SELECT cm.*, u.userid, u.username " . "FROM crystalmarket AS cm " . "LEFT JOIN users AS u ON (u.userid = cm.cmADDER) " . "ORDER BY cmPRICE/cmQTY ASC" ); $q = $db->query($SELECT_ALL_NEEDED_INFO_INSTEAD_OF_JUST_EVERYTHING_AS_THAT_IS_VERY_STUPID); while($r=$db->fetch_row($q)) { $link = ($r['cmADDER'] == $userid) ? sprintf("[url='cmarket.php?action=remove&ID=%u']Remove[/url]", $r['cmID']) : sprintf("[url='cmarket.php?action=buy&ID=%u']Buy[/url]", $r['cmID']); $each = abs(@intval($r['cmPRICE'])) / abs(@intval($r['cmQTY'])); echo ("<tr>"); echo sprintf("<td style='text-align:center;'>[url='viewuser.php?u=%u']%s[/url] [%s]</td>", intval($r['userid']), htmlentities($r['username']), number_format($r['userid'])); echo sprintf("<td style='text-align:right;'>%s</td>", number_format($r['cmQTY'])); echo sprintf("<td style='text-align:right;'>\$%s</td>", number_format($each)); echo sprintf("<td style='text-align:right;'>\$%s</td>", number_format($r['cmPRICE'])); echo sprintf("<td style='text-align:center;'>[%s]</td>", $link); echo ("</tr>"); } echo ("</table>"); } function crystal_remove() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM crystalmarket WHERE cmID={$_GET['ID']} AND cmADDER=$userid"); if(!$db->num_rows($q)) { die("Error, either these crystals do not exist, or you are not the owner. [url='cmarket.php']> Back[/url]"); } $r=$db->fetch_row($q); $UpdateUsers = sprintf("UPDATE users SET crystals = crystals + %u WHERE (userid = %u)", $r['cmQTY'], $userid); $DeleteFromCM = sprintf("DELETE FROM crystals WHERE (cmID = %u)", $_GET['ID']); $db->query($UpdateUsers); $db->query($DeleteFromCM); print "Crystals removed from market! [url='cmarket.php']> Back[/url]"; } function crystal_buy() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID={$_GET['ID']}"); if(!$db->num_rows($q)) { die("Error, either these crystals do not exist, or they have already been bought. [url='cmarket.php']> Back[/url]"); } $r=$db->fetch_row($q); if($r['cmPRICE'] > $ir['money']) { die("Error, you do not have the funds to buy these crystals. [url='cmarket.php']> Back[/url]"); } $GiveCrystals = sprintf("UPDATE users SET crystals = crystals + %u WHERE (userid = %u)", $r['cmQTY'], intval($userid)); $DeleteCMEntry = sprintf("DELETE FROM crystalmarket WHERE (cmID = %u)", $_GET['ID']); $TakeMoney = sprintf("UPDATE users SET money = money - %u WHERE (userid = %u)", intval($r['cmPRICE']), intval($userid)); $GiveMoney = sprintf("UPDATE users SET money = money + %u WHERE (userid = %u)", intval($r['cmPRICE']), intval($r['cmADDER'])); $db->query($GiveCrystals); $db->query($DeleteCMEntry); $db->query($TakeMoney); $db->query($GiveMoney); $CrystalsBoughtEvent = sprintf("[url='viewuser.php?u=%u']%s[/url] [%s] bought your %s crystals from the market. You received %s as payment in full", intval($userid), htmlentites($ir['username']), intval(number_format($userid)), number_format($r['cmQTY']), number_format($r['cmPRICE'])); event_add($r['cmADDER'], $CrystalsBoughtEvent); echo sprintf("You bought the %s crystals from the market for \$%s.", intval($r['cmQTY']), number_format($r['cmPRICE'])); } function crystal_add() { global $db,$ir,$c,$userid,$h; $_POST['amnt'] = abs(@intval($_POST['amnt'])); $_POST['price'] = abs(@intval($_POST['price'])); if($_POST['amnt']) { if($_POST['amnt'] > $ir['crystals']) { die ("You are trying to add more crystals to the market than you have."); } $tp = $_POST['amnt'] * $_POST['price']; $CreateListing = sprintf("INSERT INTO crystalmarket VALUES ('', %u, %u, %u)", $_POST['amnt'], intval($userid), $tp); $DockCrystals = sprintf("UPDATE users SET crystals = crystals - %u WHERE (userid = %u)", $_POST['amnt'], intval($userid)); $db->query($CreateListing); $db->query($DockCrystals); print "Crystals added to market! [url='cmarket.php']> Back[/url]"; } else { echo ("[b]Adding a listing...[/b] "); $s = ($ir['crystals'] == 1) ? "" : "s"; echo sprintf("You have [b]%s[/b] crystal%s that you can add to the market.", number_format($ir['crystals']), $s); echo ("<form action='cmarket.php?action=add' method='post'>"); echo ("<table width=50% border=2>"); echo ("<tr>"); echo ("<td>Crystals:</td>"); echo sprintf("<td><input type='text' name='amnt' value='%u' /></td>", intval($ir['crystals'])); echo ("</tr>"); echo ("<tr>"); echo ("<td>Price Each:</td>"); echo ("<td><input type='text' name='price' /></td>"); echo ("</tr>"); echo ("<tr>"); echo ("<td colspan=2 align=center><input type='submit' value='Add To Market' /></td>"); echo ("</tr>"); echo ("</table>"); echo ("</form>"); } } $h->endpage(); ?>   Edit: Removed an include() where it's not needed