Floydian

Re: Secure all pages using globals or header No, but judging from version 1, and also going on user input as being a major source of vulnerabilities, we could make a list like:   login registration any shop or market file forums preferences   Those would probably be the ones I'd have a high priority on hitting. Most of them would have POST, GET, or REQUEST vars that are different from any file, and would need to be looked at closely.   Good luck ;)

Re: Secure all pages using globals or header I think my previous statement applies to your second statement.   If you want to secure a crystal market, go into the crystal market file and find/fix any security holes that exist there. I could see something like if (isset($GET['ID']) {$GET['ID'] = abs((int)$GET['ID']); }   BUT BUT BUT you have to add one in for POST too BUT BUT BUT what if another file uses Id? then you have to add those in as well, or id, or iD you'd have to do post get for both of those, and if you use any of my code, I use REQUEST, so you mise well do GET, POST and REQUEST for all of those   BUT BUT BUT what if somewhere you use ID to pass something that has letters in it? then your code is broke because you applied an overreaching "fix" that wasn't really a fix. It's bad technique, it doesn't work 100%, you will fell safe, but there will be unique security holes on each page. If you just patch over ID, you'll be missing a lot.... You really should --- not be lazy --- and do the hard work of digging into any file you think might have security holes.   In closing, I'll leave you with a simple statement that sums up what will happen with your approach:   FALSE SENSE OF SECURITY

Re: Php lol yup I'm sure you'll agree with me on this mdshare, that you're more likely to find higher quality programming examples and teaching in a book than a free online tutorial. Although the php manual typically has examples that do things in a pretty good way, but those examples are also typically too narrowly focused to be of much help to the person starting out in php. I think that if you have a good handle on php already, those examples will give a bit of clarity if the definition doesn't exactly make sense though. Everyone should read at least one book that covers their favorite programming language.

Re: Need Help Surely you can afford 5 to 10 bucks a month. You can easily get a host that allows cron jobs for that kind of money.

Re: Php Buy a book. I've found Larry Ullman's PHP books to be extremely helpful.   http://www.dmcinsights.com/bk_pages/books.php

Re: Secure all pages using globals or header There isn't something you can just put in the header to secure your game. It's the proverbial "too good to be true" deal.

Re: cron There isn't really anything you can reliably do to replace a cron daemon with something else if you're not willing to "looking the time function" errr, umm, I would have said you should use timestamps... You could have windows schedualer setup to activate your browser which then loads a script on your site at specified intervals, but it's a pain, and very unreliable.... I think you should RTFM lol (I jest of course)

Re: Copyright issues - torncity They don't have power to shut anyone down period. What they can do is (but not necessarily limited to) go to the company that hosts a website that has material that might be impinging on TC's copyrights. The host company will likely require that the offending material be removed (if it's a third offense or more, they may shut down the site immediately). It's basically a case of TC asking a company to pull strings for them. TC doesn't have power to shut anyone down, and if you have a valid mccodes license, and you get shut down for having that, then I'd think the sellers of mccodes would be liable for your losses. (I.e., fraud in the inducement. because they can't sell material they don't have permission to sell or don't own the copyright to. So, by definition, for them to sell it, means they claim they have rights to sell it, and hence the fraud in the inducement.)

Re: Bank Interest You're welcome ;)

Re: Slight Issue You're welcome ;) I hope it does turn out to be as simple as that lol

Re: Bank Interest I'd suggest getting rid of the "or die..." part. Sure, it's possible the query might fail, but do you really want the rest of your cron to not execute? Seems drastic to me.   $db->query("UPDATE users SET bankmoney=bankmoney+(bankmoney/50) where bankmoney > 0 AND laston > unix_timestamp() - 60*60*24") or die(mysql_error());   Note the change of less than to greater than after last on.

Re: Slight Issue Perhaps the problem is the www subdomain. If they were on the top level domain (i.e., no www in the url) and then are redirected to www, that would cause the problem. The best way to prevent such a thing, is to use relative links and if you do use full links, always have it either with the www, or without. If you have it one way in one place, and another way in another place, that will cause problems.

Re: Gang surrender accept, SQL error. lol @ "normal problem" in a 300 dollar game engine...

Re: Gang surrender accept, SQL error. See, that means that that variable is being submitted empty. The problem is either in the form, or before the form.

Re: Gang surrender accept, SQL error. Before the error, put in: echo $_POST['war']; and see if anything is output. my money is still on the form not actually have a war value to submit (that doesn't mean the form doesn't submit an empty value for war, it means that the form may not be getting an actual value for it)

Re: Gang surrender accept, SQL error. The problem could be in the form page. If you don't pass that war id field, you would get that error.

Re: Mccode username Here is how the Horizons Game Engine does user name validation, and it works 100% guaranteed, with no possibility of anything except letters, numbers, spaces and underscores.   if (!isset($_REQUEST['ulogin'])) { $reg_error = "[*]Please submit a login name."; $form_highlight[1] = true; } else { $ulogin = $_REQUEST['ulogin']; if (strlen(trim($ulogin)) < 7) { $reg_error = "[*]The login name must be at least 7 characters long."; $form_highlight[1] = true; } elseif (strlen(trim($ulogin)) > 20) { $reg_error = "[*]The login name must be 20 characters or less."; $form_highlight[1] = true; } elseif (!ctype_alnum(ereg_replace('[ _]', '', $ulogin))) { $reg_error = "[*]The login name may only contain letters, numbers, spaces, or underscores."; $form_highlight[1] = true; } }   This portion here:   if (!ctype_alnum(ereg_replace('[ _]', '', $ulogin)))   is the portion that does what you want. ;) it will detect an invalid name

Re: Cron trouble? Check your cron logs? Register an error handler so you can log any errors that might be missed by the cpanel error deal (that deal gets you fatal errors, but not necessarily minor errors) Send cron output to an email you can check (do this from cpanel) OR alternatively, you can put in some debug type echoes through your cron file, snatch them all up using an output buffer, and mail them to an email (this is done completely from within your cron)

Re: Cron trouble? You've got a syntax error at the very end there     Replace this: $db->query("INSERT INTO events VALUES("$userid,unix_timestamp(),0,'Congratulations, you completed the {$coud['crNAME']} and gained $ev!')")"); } ?>   With this: $db->query("INSERT INTO events VALUES($userid,unix_timestamp(),0,'Congratulations, you completed the {$coud['crNAME']} and gained $ev!')"); } ?>   And see if that doesn't fix it.

Re: Simple CSS menu I'd recommend using Yahoo YUI MenuBar for that. YUI MenuBar link

Re: EXP% Cap It sounds to me like $ir['exp_needed'] isn't holding the correct value. $expperc=(int) ($expgain/$ir['exp_needed']*100); That line there takes $expgain and turns it into a % of exp needed.   $expgain = $expgain > floor($ir['exp_needed'] * 0.2) ? floor($ir['exp_needed'] * 0.2) : $expgain; // that should do it   Look at: floor($ir['exp_needed'] * 0.2) Here I calculate what 20% of exp needed is I then test of expgain is greater than that raw amount, if it is, set it to 20% of exp needed, if not, leave the orig value.   The math on that code will work. Unfortunately I cannot do anything more for you without actually testing out your script.

Re: Mc V2 codes isnt connecting to database If I had sold the codes to you, I'd have a vested interested in getting them to work. I'm sure the folks that sold you version 2 would do the same assuming you bought it from them...

Re: EXP% Cap   $qe=$r['level']*$r['level']*$r['level']; $expgain=rand($qe/2,$qe); $expgain = $expgain > floor($ir['exp_needed'] * 0.2) ? floor($ir['exp_needed'] * 0.2) : $expgain; // that should do it $expperc=(int) ($expgain/$ir['exp_needed']*100); print "and gained $expperc% EXP!   Alrighty, try that out. If that doesn't work for you, can you be more specific as to what you want. As in, you want exp gain that is no greater than 20%, but 20% of what? I think that will work though. ;)

Re: EXP% Cap If you mean a cap exp gain at 20% of EXP NEEDED, then:   $qe=$r['level']*$r['level']*$r['level']; $expgain=rand($qe/2,$qe); $expperc=(int) ($expgain/$ir['exp_needed']*100); $expperc = $expperc > $ir['exp_needed'] *0.2 ? $ir['exp_needed'] * 0.2 : $expperc; // this is the dealy print "and gained $expperc% EXP!

Re: Manage gang problem need really good help there's definitely an error in that sprintf deal I guess you'll have to play around with it a bit.