Floydian

Re: IE issue Yuri_orlov used incorrect terminology there. What he means by "downloading the php file", he's talking about the HTML output send from the server, not the php code itself. From what I know, zlip will use gzip or deflate compression depending on what compression method the browser that access a page says it will accept. It is possible to have the browser send out the HTTP Header specifying that it accepts a compression that it actually doesn't accept. It's called "shooting yourself in the foot". IE 6 only accepts deflate. So if it's sending out the header: HTTP_ACCEPT_ENCODING with the value "gzip", it's telling php to encode the file with encoding it can't decode. IE 7 accepts both deflate and gzip, so I'd assume you're using a pretty old browser there (IE 8 is in beta at this point (why not upgrade to at least 7???)) Ultimately, HTTP_ACCEPT_ENCODING header is set by default to the correct setting, or it is not set at all which tells php to not encode the file. And as such, MOST browsers, including all IE browsers work fine when zlib is being used, so long as the default behaviour of the browser hasn't been modified.

Re: Contemplating buying mccodes v2, how hard is it to secure the existing code? Oh snap, it wasn't meant harsh? Well, one man's trash is another man's treasure. Of course in this gender neutral age, that saying is a bit outdated, but heheh it still applies ;)

Re: How to add actions I prefer to be definitive ;) Imagine how good my Horizons Game Engine is :D

Re: Contemplating buying mccodes v2, how hard is it to secure the existing code? With all due respect killah, I'll post what I want, when I want, where I want! :D:D

Re: How to add actions Get ready for a baggin :P The first thing you should know is the concept of key and value pairs. key => value key => value key => value key => value key => value key => value That is the basic format of an array. PHP arrays use key and value pairs. Columns in a database table are keys to the value stored in that column, and the primary key is a key to the row in that table. Keys have to be unique. You can't have one key called action, and another key called action. The second one must be called something else. action2 or actiona will suffice to make it unique from action. I typically use case, them_id, item_id, id, and so on for keys submitted in a url query string. What's a query string? Anything that comes after the ????? in a URL is a query string. action=blah&foo=yay&bar=huh is an example URL query string. action, foo, and bar are keys. If you submit a URL with that query string, then the GET super global array in PHP will contain the array keys: array( 'action' => 'foo' => 'bar' => ) That's the $_GET array. I.e., $_GET['action'], $_GET['foo'], $_GET['bar']. The values assigned to that array are as follows: array( 'action' => 'blah', 'foo' => 'yay', 'bar' => 'huh' ) And now, the $_GET array looks like this: $_GET['action'] === 'blah'; $_GET['foo'] === 'yay'; $_GET['bar'] === 'huh'; Alrighty, now you can use any of those in a switch. A php switch looks like: switch($_GET['action']) { case 1: break; case 2: break; case 3: break; case 4: break; case 5: break; default: break; } That switch could easily use the key foo or the key bar.   Like so: switch($_GET['foo']) { case 1: break; case 2: break; case 3: break; case 4: break; case 5: break; default: break; }   Now, depending on the value foo was set to, the code in the case that matches that value will be executed.   case 'yay': call_this_function(); break; In the case of foo, and the query string I demonstrated before, foo has the value "yay". The case of 'yay' will be matched and "call_this_function()" function will be called, and the switch block will be exited. Bam, there you go. Did that help?

Re: Contemplating buying mccodes v2, how hard is it to secure the existing code? Nothing can be 100% hacker proof. Ultimately, you're dependent on the security of all the software and hardware the game is running on. I.e., apache http server, php, mysql, and anything else, perhaps even cpanel and send mail. The mccodes engine itself is relatively easy to patch up for those in the know. Lost One has performed total mccodes securing and I normally refer people to him when they want the entire thing secured. I've worked on coveofpirates.com securing it's mccodes version 1 scripts and the scripts they bought or had custom coded from other sources (like the free scripts area on this forum) and the number of edits I've had to make is extensive. The biggest problem in my humble opinion, that should give people pause when considering purchasing mccodes is the fact that the source code is really not that good at all. Besides the known sql exploits that mccodes still ships with to this day (why don't they patch it?????), there are other problems that they have never fixed. Extremely dirty code. Try putting that thing through an html validator.... Good luck.... Personally, I'd want an engine that comes ready to go and validates under either HTTP 4, or XTHML Transitional or Strict. Want to change the layout? mccodes has a horrible structure with one massive table that contains the entire layout spread over at least three files. There's a header class (why you would put text that is output to a user in a class, and not even use any OOP style programing beats the heck out of me) that contains the header the body, and the footer. There's the main menu file that contains the left hand menu (try adjusting that menu and you have to edit the header as well, and it's a pain...) And then there's the actual scripts that include those two scripts which contain all the rest of the markup. Personally, I'd prefer a css templated system that allows dragging and dropping the source code in order to change the layout. No tables at the top level of the DOM tree, but DIVs that divide up the page (that is what a div is for, i.e.: DIVIDER lol)   Then there's the php code itself. When you want to go in there and edit something as simple as a table layout for something like users online, you have to sift through all the php code with html embedded in it throughout. It's absolutely horrible. Why they don't get all the data, format it, and then plug that data into a fully formatted table at the end of the script is beyond me..... There's a general lack of php know how demonstrated throughout. For instance, why don't they protect against dual page loads? What do I mean? Well, suppose you have a lap top and a desk top computer side by side and you login to the game at the same time on both computers. On one computer, you set up an item transfer from you to a friend. Then, you setup an item transfer on the other computer to another friend. Alrighty, now suppose you only have one of that item. Then using your left and right hands at the same time, you click submit on both computers. If the timing is perfect, you will send that item you only have one of, to both of your friends. :O:O:O Ack!! And there's at least 10 different spots in the game I can think of that suffer from dual query manipulations. Once you do something like that, you now have -1 of the particular item. mccodes normally deletes where item_quantity = 0. But once you go negative, well, you still have the item. And if you install gangs, there's a great exploit, oh okay, I better stop, dun wanna teach too much.   Plain and simply, SQL injection is only the beginning of the problems here. There's all sorts of timing issues and a lack of programming standards, and a lack of patching the engine when things go bad. But hey, if you really know what you're doing, all of those things are fixible. ;)

Re: Problem with User ID #s User id changer? Well, I dunno what you're using that for, but I suspect you're using it to test out accounts? Like say you want to check out the account with user id 56. What I'd do is simply this: $_SESSION['userid'] = $_GET['id']; Now, something like that should ONLY BE ACCESSIBLE BY YOU, not even other staff members should get to use that. Since that doesn't change anything in the database, as soon as you logout, you're back to being your normal userid.   And if you're not using the userid changer for that, then there is no other good use for a user id changer and you should consider finding another way to do what you want to do.   Simply put, there's way to may "cross links" to userid in other tables, and simply changing userid in the users table doesn't do squat....

Re: Special Characters well, if people have to type in your name, i.e., in a user search, they'll likely never type those sorts of characters in. (and on that grounds, I don't allow special characters alone) if you are getting errors in any database queries due to improperly escaped characters or even perhaps using the deprecated mysql_escape instead of the newer mysql_real_escape_string. Although I'm no expert on character encodings, PHP doesn't have the kind of support for the full range of characters as one might expect. PHP 6 (and perhaps PHP 5.3.0) introduces support for UNICODE which is supposed to greatly improve character suppose. That stuff is tricky and it's best to just not allow it IMHO

Re: ADVANCE SQL EXPLOITS As impressive as that list is, it is only "anecdotal evidence".  

Re: Time :s You're welcome ;) You weren't far off there and that stuff trips up everyone lol (including me in the past.)

Re: Cron Hour Gang Crimes $c is set as the database connection in version two.

Re: Time :s That would be due to a seperate error which is the order of your if's and the fact that you'll need elseif's instead of just plain if's.   if ($online<0){$online='0';} elseif ($online>=60*60){$onunits="hrs"; $online=(int)($online/(60*60));} elseif ($online>=60){$onunits="mins"; $online=(int)($online/60);} else { // I guess this would be for seconds..... }

Re: Some Body Help me !!! na, the database class isn't errored. Combine mine and nyna's posts and you get:   Posting the relevant lines will help. looks like something in loggedin.php is in error.   So, you've gotta find where you are using that "fetch_single" method in loggedin.php. It's how you're using the method that's in error, not the method itself.

Re: Time :s   if ($online>=60*60){$onunits="hrs"; $online=(int)($online/(60*60));}   The math on the hours was wrong. You were dividing seconds by 24. That gives you a unit of slightly less than half a minute (half a minute = seconds / 30) So, for hours, it's 60*60 and then divide the seconds by that ;)

Re: The world mite end on Wednesday 10ths september 2008... Those would be "photons" which is to be distinguished from protons. And something we're missing here, is that the protons that are smashed in accelerators, are not just protons, but there's one beam of protons, and another beam of anti protons. Anti protons aren't exactly plentiful and you don't just see protons and anti protons colliding in everyday life. And even if you did, you wouldn't see any new particles coming out of it. The whole idea is that you accelerate the particles to near the speed of light, and then some of the energy stored up as momentum can be converted into new particles during the high speed collision.

Re: Some Body Help me !!! it's a php error looks like something in loggedin.php is in error. can't tell you more than that from the info provided (maybe someone else that knows the bugs that ship with mccodes can tell you better than I)

Re: The world mite end on Wednesday 10ths september 2008... aye caramba! what did I start! You'd think it was the end of the world or something :P

Re: The world mite end on Wednesday 10ths september 2008... Hey hey hey, let's not forget about the second coming of Jesus here. He's gotta get his too! :P

Re: Changing background color. lol @ Templar Are you a lawyer? hehe I can't argue with your logic though ;)

Re: The world mite end on Wednesday 10ths september 2008... There's billions of dollars spent, and hundreds of international scientists involved. It's the most planned and expensive experiment ever. Of course it's stable... lol

Re: quickest way to get cash If you want scripting work, you'll wanna put up a better resume than "I know PHP and im good at designing stuff" And you'll wanna have some examples of work you've done before. Even if all you have for examples are things you've made for yourself, put up examples, screenshots, or something. There's pay to click sites. You could make a few bucks that way pretty quick. Donate blood? lol

Re: Login Pages/Other Questions..? I'd suggest learning HTML. That's the basis of any page layout. Then, you should work on some css for some more in depth control of the layout. But certainly work on learning HTML.

Re: Google Chrome The reason google made chrome can be summed up with this "MICROSOFT" lol google is a direct competitor of microsoft (in case anyone didn't know lol) There's an advertising aspect in this. If people are using your browser, you're advertising your name to them and everyone they talk about the browser to. (very handy...)   One might think google doesn't need more name brand recognition, but if they sit on their laurels (like firefox did with ff3 IMHO) then you're in danger of falling to the wayside...   I hear Chrome doesn't import from Opera, which considering that opera does have a decent share of the market, they really need to hop on that (this info comes from an opera user that had to import to firefox, and then to chrome)   Overall, I like chrome. I do NOT like the IE style application menus.... ffs, can't we have them on the right hand side where they are in 99.9999999999999999999999999% of all other programs? jayzus....................   Another nitpicky thing I don't like about it, it takes too many clicks to clear your cache. You have to uncheck all the deals you don't want to clear out, like cookies, just to clear your cache. That doesn't make me happy. The shift + F5 or control = F5 key short cut that loads a page without using the cache, is nice, however, on the next page load, you're probably back to using what's in the cache, unless the stuff you load during the "no use cache on load" overrights what's in there. (the specifics on that were not mentioned in the manual....) It's hard enough to write css and javascript without making cache control more difficult.   It's mainly small issues with chrome. They've certainly showed that, as newcomers, they're serious about what they're doing and I think that might spark a bit of creativity in mozilla and their lackluster firefox 3 browser..... (yes ff3 is good, but it is hardly that much better than ff2)

Re: The world mite end on Wednesday 10ths september 2008... lol true that   I'll just say this: people have watched nuclear explosions from near ground zero. These folks are immensely calculating...

Re: Sick & Tired What, that doesn't turn you on?