Magictallguy

Re: Cheats SQL Injection into the cmarket.php most likely Unless you know how to secure your game, I'd suggest removing your forums too. Add this into your header for a quick fix. $_GET['ID'] = abs(@intval($_GET['ID'])); $_GET['viewtopic'] = abs(@intval($_GET['viewtopic'])); $_GET['viewforum'] = abs(@intval($_GET['viewforum']));

Re: Free 2 - Gym HAHA!! Oh Nyna you make me laugh 'tis always a good idea!

Re: User Rating Also pretty easy to spoof with decent IP tools... Deletion of the installer.php lessens the need for work. Why not just re-upload it when you need it (which shouldn't be ever if you do it right)!   ummm...you do know that u could keep the installer up and just make it where only ur ip can do it if seen games like that like this one game iplay has certain stuff like he can chosse to run his crons mainully witih one click ut onlyhis ip and his coder's can do it This is really quite simple to do. yes XD just like a simple few lines of code bam all ip's except the one ur running is workable with that feature/mod

Re: [mccodes] Anti-cheat/injection mod - Lose money/crystals if you get too much. Something I just noticed, Nyna's code would break your page!! :O Unless you remove the quote mark (") from userid=%u"

Re: V2 Staff Applications! Slightly better version staff.php additions: <?php /* Be sure to remove the php tags! */ function app_view() { global $db,$ir,$c,$h,$userid; print "<h3>Staff Applications</h3> <font color=blue> This is where you may accept and or decline users staff applications! Please be sure that staff concur with eachother that a new member should be added to staff! <table width=80%> <tr style='background:gray'> <th>Applicant ID</th> <th>Position</th> <th>Application</th> <th>Links</th> </tr>"; $q = $db->query( "SELECT s.*, u.username, u.userid " . "FROM staffapps AS s " . "LEFT JOIN users AS u ON (s.applicant = u.userid) " "ORDER BY s.appID DESC",$c) or die(mysql_error()); while($r=$db->fetch_row($q)) { if($r['position'] == 2) { $position = "Admin"; } else if($r['position'] == 3) { $position = "Secretary"; } else if($r['position'] == 5) { $position = "Assistant"; } else { $position = "Unknown"; } echo ("<tr>"); echo sprintf("<td>[url='viewuser.php?u=%u']%s[/url] [%u]</td>", $r['applicant'], $r['username'], $r['applicant']); echo sprintf("<td>%s</td>", $position); echo sprintf("<td>%s</td>", nl2br($r['application'])); echo sprintf("<td>[url='staff.php?action=appaccept&ID=%u&user=%u&staff=%u']<font color=blue>Accept</font>[/url] ", $r['appID'], $r['applicant'], $r['position']); echo sprintf("[url='staff.php?action=appdeny&ID=%u&user=%u']<font color=red>Decline</font>[/url] </td>", $r['appID'], $r['applicant']); echo ("</tr>"); } print "</table> "; } function app_accept() { global $db,$ir,$c,$h,$userid; $_GET['ID'] = abs((int) $_GET['ID']); $db->query("DELETE FROM staffapps WHERE appID={$_GET['ID']}",$c); $db->query("UPDATE users SET user_level='{$_GET['staff']}' WHERE userid='{$_GET['user']}'",$c); $db->query("INSERT INTO mail VALUES('', '0', 'System', '{$_GET['user']}', unix_timestamp(),'Your Staff Application' ,'Congratulations, your application has been reviwed and you are now a staff member. Please view our rules so you do not loose this job.')",$c); print "Application Accepted [url='admin.php?action=appview']> Back[/url]"; } function app_deny() { global $db,$ir,$c,$h,$userid; $_GET['ID'] = abs((int) $_GET['ID']); $db->query("DELETE FROM staffapps WHERE appID={$_GET['ID']}",$c); $db->query("INSERT INTO mail VALUES('', '0', 'System', '{$_GET['user']}', unix_timestamp(),'Your Staff Application' ,'Our staff has reviewed your staff application and unfortunately we feel you are not qualified to be a staff member. Feel free to fill in another application.')",$c); print "Application Denied [url='admin.php?action=appview']> Back[/url]"; } /* Be sure to remove the php tags! */ ?>

Re: Have mails dont show Are you attempting to send a mass mail via the staff panel? If so, then it won't update unless you edit the code and tell it to update!

Re: Main Menu I hate IE anyway :P and reading through what you said now makes more sense to me than it did when you first posted it... Thanks again :)   Hmm... I suggest you read up on CSS selectors MTG. ID's are required to be unique within a page, however classes may be shared. Making basic assumptions here can cause a lot of problems later on down the line. Learn the basic CSS standards (which are of course generally ignored by Internet Explorer - but that's something you will have to live with).  

Re: Burn House for V2   $db->query(sprintf("UPDATE `users` SET `money` = `money` + '%d', `warehouse` = `warehouse` + '%d' WHERE `userid` = ('%u')", $cash, 1, $userid));  

Re: random.php Obviously...

Re: Crimes give random money Looking good jamboy :)

Re: learning mysql_real_escape_string just need to verify. htmlentities() / htmlspecialchars() comes into play here I believe?

Re: Simplify for V1 (and make it easier to use V2 mods) I put <?php session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header('Location: login.php');exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.*,h.*,p.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid LEFT JOIN houses h ON h.hWILL=u.maxwill LEFT JOIN persnotes p ON u.userid=p.notesID WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); check_crimexp(); get_gamerank(); $fm=money_formatter($ir['money']); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm); $h->menuarea(); ?> into a file called v1.php I created another file called status.php <?php include(DIRNAME(__FILE__) . '/v1.php'); if($ir['jail'] > 0) { echo sprintf("You're in jail for %s more minute%s ", number_format($ir['jail']), ($ir['jail'] == 1) ? "" : "s"); } if($ir['hospital'] > 0) { echo sprintf("You're in hospital for %s more minute%s ", number_format($ir['hospital']), ($ir['hospital'] == 1) ? "" : "s"); } ?> Then just include v1.php in every file (or leave as it is..) and include status.php in whichever files you want. Or you could change echo() into die() and include into the files you don't want your users to get into while in jail/hospital A slightly longer way, but it works for me!

Re: online/offline/total users This one: <?php //Be sure to remove this tag - I put it in because it looks nicer on here :P $sql = "SELECT COUNT(userid) FROM users"; $rs = mysql_query($sql); $row = mysql_fetch_array($rs); $total_users = $row[0]; $sql = sprintf("SELECT COUNT(userid) FROM users WHERE (laston > %u)", time() - 900); $rs = mysql_query($sql); $row = mysql_fetch_array($rs); $users_online = $row[0]; $users_offline = $total_users - $users_online; /* Be sure to remove this tag too!! */ ?>  

Re: random.php Just showing the irony in telling people to learn to spell when they, evidently, can't!

Re: Updated Explore V.2 I'm about to make it but I won't be posting it on here due to the fact that Joker is here... We've had an interesting dispute. Anything I make will not be provided to him. Anything who wishes to gain a copy will have to catch me on MSN or gain it via PM on here MSN: [email protected]

Re: random.php Maybe you should learn to spell please. Then maybe you could re-attempt it. And I guess it wasn't bad for a first try either All words in bold are words that you spelt wrong. Have a nice day.

Re: Updated Explore V.2 Haven't created it yet.. But soon..

Re: Login [Free] He's one step ahead of you xD

Re: Register [Free] Just remove this -.- $t = mysql_query("SELECT * FROM ips WHERE userIP='{$IP}'"); if($a = mysql_num_rows($t)> 0) { die('YOU ARE BANNED NOW BYE!'); }  

Re: Login [Free] Confirmed, he did make it before I saw it.

Re: Crimes (Players Can Go To Hospital) [V2]   ALTER TABLE `crimes` ADD ( `crimeHTEXT` text NOT NULL DEFAULT '', `crimeHOSPTIME` int(10) NOT NULL default '0', `crimeHREASON` varchar(255) NOT NULL default '' );  

Re: Media Area/Room Simple, yet effective. Although I won't be using it, I do like it :)

Re: [v2]Html text converter[v2] Thanks for the shoutout The Ace :D

Re: Multiple Houses [V2]   <?php //remember to remove the php tags echo ("<table width='95%' class='table' border='1' cellpadding='2' cellspacing='1'>"); echo ("<tr>"); echo ("<th>Name</th>"); echo ("<th>Price</th>"); echo ("<th>Will</th>"); echo ("<th>Link</th>"); echo ("</tr>"); $hq=$db->query("SELECT * FROM houses WHERE hWILL>{$ir['maxwill']} ORDER BY hWILL ASC",$c); while($r=$db->fetch_row($hq)) { echo ("<tr>"); echo sprintf("<td style='text-align:center;'>%s</td>", $r['hNAME']); echo sprintf("<td style='text-align:right;'>%s</td>", number_format($r['hPRICE'])); echo sprintf("<td style='text-align:right;'>%s</td>", number_format($r['hWILL'])); echo sprintf("<td style='text-align:center;'>[[url='estate.php?ID=%u']Buy[/url]]</td>", $r['hID']); echo ("</tr>"); } echo ("</table>"); ?>  

Re: Updated Explore V.2 Not hard to do if you think about it. Take my "multi-page newspaper mod" into account. A simple SQL table will be sufficient.. Joker, no... -.- And I'll be creating it free. Give me an hour or so :P