QBD

Re: Create Gang Help Try this and see if it helps..   mysql_query("INSERT INTO gangs VALUES('','ThE GaNgStErZ','join if ur invited','','',0,0,100,60,60,5,0,0,'')");   or   mysql_query("INSERT INTO gangs VALUES('','ThE GaNgStErZ','join if ur invited','','',0,0,100,60,60,5,0,0,'','')");

I came across a little unpatched code thats open to XSS attacks and i will not go into detail about how it works but, the register.php page is vulnerable to this attack. I have fixed this on my site by adding..   $_GET['REF']=strip_tags($_GET['REF']);   Above the..   if($_GET['REF']) { print $_GET['REF']; }   part of the code.. i have done a lot of reading on this and i have read you can also use..   $_GET['REF']=htmlentities($_GET['REF']); $_GET['REF']=htmlspecialchars($_GET['REF']);   as well to the code.. i have tested this out and it works for me as it strips the malicious code. If this is in the wrong place to discuss this feel free to move it or remove it.. i just wanted to let game owners know about this XSS exploit in mccode.

Re: [V2]Editing Organised Crimes Thanks.. i forgot to add the link.. Lol.. Open smenu.php and add this somewhere under Gangs   > [url='staff_gangs.php?action=editocb']Edit Organised Crime[/url]

This is something that i made probably a few months ago and i haven't seen one posted here yet.. so here's one of my modifications for editing organised crimes In staff_gangs.php find.. default: print "Error: This script requires an action."; break; Add this part above it.. case 'editocb': edit_oc_form_begin(); break; case 'editoc': edit_oc_form(); break; case 'editocsub': edit_oc_sub(); break; Then add this somewhere near the bottom of the file.. function edit_oc_form_begin() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } print "<h4>Select OC ID To Edit</h4> You can edit any aspect of the OC. <form action='staff_gangs.php?action=editoc' method='POST'> OC Name: ".orgcrime_dropdown($c,'ocID')." <input type='submit' value='Edit OC' /></form>"; } function edit_oc_form() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } $q=$db->query("SELECT * FROM orgcrimes WHERE ocID='{$_POST['ocID']}'"); $r2=$db->fetch_row($q); print " <form action='staff_gangs.php?action=editocsub' method='POST'> <input type='hidden' name='ocID' value='{$_POST['ocID']}' /> <h4>Edit OC</h4> Name the OC: <input type='text' name='ocNAME' value='{$r2['ocNAME']}' /> Minimum users for crime: <input type='text' name='ocUSERS' value='{$r2['ocUSERS']}' /> Beginning Text: <input type='text' name='ocSTARTTEXT' value='{$r2['ocSTARTTEXT']}' /> Success Text: <input type='text' name='ocSUCCTEXT' value='{$r2['ocSUCCTEXT']}' /> Failure Text <input type='text' name='ocFAILTEXT' value='{$r2['ocFAILTEXT']}' /> Minimum Possible Money <input type='text' name='ocMINMONEY' value='{$r2['ocMINMONEY']}' /> Maximum Possible Money <input type='text' name='ocMAXMONEY' value='{$r2['ocMAXMONEY']}' /> <input type='submit' value='Go' /> </form>"; } function edit_oc_sub() { global $ir,$c,$userid,$db,$h; if($ir['user_level'] != 2) { die("403"); } $db->query("UPDATE orgcrimes SET ocNAME='{$_POST['ocNAME']}', ocUSERS='{$_POST['ocUSERS']}', ocSTARTTEXT='{$_POST['ocSTARTTEXT']}', ocSUCCTEXT='{$_POST['ocSUCCTEXT']}', ocFAILTEXT='{$_POST['ocFAILTEXT']}', ocMINMONEY='{$_POST['ocMINMONEY']}', ocMAXMONEY='{$_POST['ocMAXMONEY']}' WHERE ocID='{$_POST['ocID']}'"); print " The organised crime was successfully edited. [url='staff_gangs.php?action=editocb']>Back[/url] "; stafflog_add("Edited Organised Crime {$_POST['name']}"); } $h->endpage(); Next open global_func.php find.. function crimegroup_dropdown($connection,$ddname="crimegroup",$selected=-1) { global $db; $ret="<select name='$ddname' type='dropdown'>"; $q=$db->query("SELECT * FROM crimegroups ORDER BY cgNAME ASC"); if($selected == -1) { $first=0; } else { $first=1; } while($r=$db->fetch_row($q)) { $ret.="\n<option value='{$r['cgID']}'"; if ($selected == $r['cgID'] || $first == 0) { $ret.=" selected='selected'";$first=1; } $ret.=">{$r['cgNAME']}</option>"; } $ret.="\n</select>"; return $ret; } Add this under the function mentioned above.. function orgcrime_dropdown($connection,$ddname="orgcrime",$selected=-1) { global $db; $ret="<select name='$ddname' type='dropdown'>"; $q=$db->query("SELECT * FROM orgcrimes ORDER BY ocID ASC"); if($selected == -1) { $first=0; } else { $first=1; } while($r=$db->fetch_row($q)) { $ret.="\n<option value='{$r['ocID']}'"; if ($selected == $r['ocID'] || $first == 0) { $ret.=" selected='selected'";$first=1; } $ret.=">{$r['ocNAME']}</option>"; } $ret.="\n</select>"; return $ret; } Thats all.. I hope this mod works well for you as it has for me.. Enjoy. :-)

Re: Attack Bug I know of one attack bug that is found in V2 but i don't know if this is what you are looking for but it may help you and others.. Find in attacklost.php: <?php $atkpage=1; include "globals.php"; if ($ir['hospital'] > 0 || $ir['jail'] > 0) { die("You cannot access this page while you are in the hospital or in jail."); } $_GET['ID']==abs((int) $_GET['ID']); $_SESSION['attacking']=0; $_SESSION['attacklost']=0;   Add this under the previous code as mentioned above: if($ir['attacking']==0) { print "WTF are you trying to do?"; $h->endpage(); $_SESSION['attacking']=0; $ir['attacking']=0; $db->query("UPDATE users SET attacking=0 WHERE userid=$userid"); exit; }

I made this simple script to keep track of donator packs, will potions and bodyguards donations. This script may be of some use to you to keep you from going into your database and looking for the logs of a donation. You may not need the bodyguard logs part, if you don't just comment them out or delete them. staffdonators.php <?php /*---------------------------- Staff Donator Logs By QBD 2008 ----------------------------*/ include "sglobals.php"; if($ir['user_level'] != 2) { print " Only Admins has access to this part."; $h->endpage(); exit; } switch($_GET['action']) { case 'dplogs': view_dplogs_logs(); break; case 'wplogs': view_wplogs_logs(); break; case 'bglogs': view_bglogs_logs(); break; default: print "Error: This script requires an action."; break; } function view_dplogs_logs() { global $db,$ir,$c,$h,$userid; print "<h3>Donators</h3>"; $_GET['st'] = abs((int) $_GET['st']); $st=($_GET['st']) ? $_GET['st'] : 0; if(!$_GET['dpID']) { $dplogs=$db->num_rows($db->query("SELECT * FROM `dps_accepted`")); $showrows=25; //This can be changed to be shown how many you want to display in one page $pages=(int) ($dplogs/$showrows)+1; if($showrows == 1) { $pages--; } print "Pages: "; for($i=1;$i <= $pages;$i++) { $stl=($i-1)*$showrows; print "[url='staffdonators.php?action=dplogs&st=$stl']$i[/url] "; } } print " "; $q=$db->query("SELECT * FROM `dps_accepted` ORDER BY `dpID` ASC LIMIT $st,25"); print " <table width=90% cellspacing=1><tr><th align=center>DP ID</th><th align=center>Donator</th><th align=center>Donator For</th><th align=center>Donator Type</th><th>Time</th><th>Transaction ID</th></tr>"; while($dp=$db->fetch_row($q)) { $t=$db->query("SELECT * FROM users WHERE userid={$dp['dpBUYER']}",$c); $dps=$db->fetch_row($t); print "<tr><td>{$dp['dpID']}</td><td align=center>[url='viewuser.php?u={$dps[']{$dps['username']}[/url]</td><td align=center>{$dp['dpFOR']}</td><td align=center>{$dp['dpTYPE']}</td><td>" . date("F j, Y, g:i:s a",$dp['dpTIME']) . "</td><td align=center>{$dp['dpTXN']}</td></tr>"; } } print "</table>"; function view_wplogs_logs() { global $db,$ir,$c,$h,$userid; print "<h3>Donators</h3>"; $_GET['st'] = abs((int) $_GET['st']); $st=($_GET['st']) ? $_GET['st'] : 0; if(!$_GET['dpID']) { $dplogs=$db->num_rows($db->query("SELECT * FROM `willps_accepted`")); $showrows=25; //This can be changed to be shown how many you want to display in one page $pages=(int) ($dplogs/$showrows)+1; if($showrows == 1) { $pages--; } print "Pages: "; for($i=1;$i <= $pages;$i++) { $stl=($i-1)*$showrows; print "[url='staffdonators.php?action=wplogs&st=$stl']$i[/url] "; } } print " "; $q=$db->query("SELECT * FROM `willps_accepted` ORDER BY `dpID` ASC LIMIT $st,25"); print "<table width=90% cellspacing=1><tr><th align=center>DP ID</th><th align=center>Donator</th><th align=center>Donator For</th><th align=center>Donator Amount</th><th>Time</th><th>Transaction ID</th></tr>"; while($dp=$db->fetch_row($q)) { $t=$db->query("SELECT * FROM users WHERE userid={$dp['dpBUYER']}",$c); $dps=$db->fetch_row($t); print "<tr><td>{$dp['dpID']}</td><td align=center>[url='viewuser.php?u={$dps[']{$dps['username']}[/url]</td><td align=center>{$dp['dpFOR']}</td><td align=center>{$dp['dpAMNT']}</td><td>" . date("F j, Y, g:i:s a",$dp['dpTIME']) . "</td><td align=center>{$dp['dpTXN']}</td></tr>"; } } print "</table>"; function view_bglogs_logs() { global $db,$ir,$c,$h,$userid; print "<h3>Donators</h3>"; $_GET['st'] = abs((int) $_GET['st']); $st=($_GET['st']) ? $_GET['st'] : 0; if(!$_GET['dpID']) { $dplogs=$db->num_rows($db->query("SELECT * FROM `bodygds_accepted`")); $showrows=25; //This can be changed to be shown how many you want to display in one page $pages=(int) ($dplogs/$showrows)+1; if($showrows == 1) { $pages--; } print "Pages: "; for($i=1;$i <= $pages;$i++) { $stl=($i-1)*$showrows; print "[url='staffdonators.php?action=bglogs&st=$stl']$i[/url] "; } } print " "; $q=$db->query("SELECT * FROM `bodygds_accepted` ORDER BY `dpID` ASC LIMIT $st,25"); print "<table width=90% cellspacing=1><tr><th align=center>DP ID</th><th align=center>Donator</th><th align=center>Donator For</th><th align=center>Donator Amount</th><th>Time</th><th>Transaction ID</th></tr>"; while($dp=$db->fetch_row($q)) { $t=$db->query("SELECT * FROM users WHERE userid={$dp['dpBUYER']}",$c); $dps=$db->fetch_row($t); print "<tr><td>{$dp['dpID']}</td><td align=center>[url='viewuser.php?u={$dps[']{$dps['username']}[/url]</td><td align=center>{$dp['dpFOR']}</td><td align=center>{$dp['dpAMNT']}</td><td>" . date("F j, Y, g:i:s a",$dp['dpTIME']) . "</td><td align=center>{$dp['dpTXN']}</td></tr>"; } } print "</table>"; $h->endpage(); exit; ?>   And here's a part for your staff menu..   if($ir['user_level']==2) { print "<hr />[b]Donator Logs[/b] > [url='staffdonators.php?action=dplogs']Donator Pack Logs[/url] > [url='staffdonators.php?action=wplogs']Will Potion Logs[/url] > [url='staffdonators.php?action=bglogs']Bodyguard Logs[/url] "; }

Re: Crystal market exploit? How i stopped this was very easy.. first you find the.. $q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID={$_GET['ID']}"); under the function crystal_buy() and replace it with.. $q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID='".mysql_real_escape_string($_GET['ID'])."'"); and it stops the exploit from working. Hope this helps. :-)

Re: error help please There is no print function on line 53.. it should be.. print "President: {$ldr['username']} ";