POG1

Re: [mccode] 8 Lines to secure your site from known sql injections. 1. slow funftion 2. bbcode uses some chars in that string which would mean you would need something different for any bbcode string..

Re: [mccode] 8 Lines to secure your site from known sql injections.   you dont wona do that

Re: [mccode v2.0] for each record that is returned the whole loop is done, try optimizing it; probably wont work but its a general idea   <?php $month = (int) time() - 60*60*24*7*4; $rem = mysql_query("SELECT * FROM users WHERE fedjail = 0 AND user_level == 1 AND reminder = 0 AND laston > ".$month); while($rem1 = mysql_fetch_array($rem,MYSQL_ASSOC)) { $db->query("UPDATE users SET reminder=1 WHERE userid={$rem1['userid']}"); $body = "Underground Evolution Reminder.\n\n". "Username: ".$rem1['username']."\n". "Email: ".$rem1['email']."\n". "\n". "We have noticed that you have not logged in over 1 month. A lot of changes have happened in our site since then. Why don't you ". "come and try it out. Your account details are still active. If you do not remember your password, no problem! Just go to our reset ". "password utility on our home page and your new password will be sent to your registered email. So come on and lets all have fun together."; mail($rem1['email'],"Welcome to Underground Evolution", $body,"From: Underground Evolution <[email protected]>"); } ?>

Re: [mccode v2.0] even with like 100 members it will be very slow, not the best method to use..

Re: Weird Situation   ay?

Re: Weird Situation   That would only show users that were last online on the last 5 minutes ;) I thought that was u wanted, it seems like a pretty stupid idea otherwise.   $hour = 60*60*24; $howMany = 4; // set the days $stamp = $day * $howMany; 'SELECT * FROM users WHERE laston > (unix_timestamp() - '.$stamp.' )';'

Re: [v2] Donator Only Shop   if(!$_GET['confirm']) } echo ' Are you sure you want to buy a '.$VARNAME.' for '.VARCOST.'?</p>'. '[url="URL&confirm=true"]Yes i am sure![/url]</p>'; $h->endpage(); die; }

Re: [v2] Donator Only Shop Looks good but it would make sense to have some kind of confirmation before they buy the item.

Re: Weird Situation A friend asked me for a little change on the users online to show only users active since a certain amount of days... so far so good, though there is 1 user that simply doesn't show. wouldn't it be something like this.. SELECT * FROM users WHERE laston > (unix_timestamp() - 300) AND days_old > '2'

Re: Member-list   wouldn't that return 1 record?

Re: [mccode v2] userADS   why not post the funtion? i posted 1 here a while ago. Something to think about; mysql_real_escape_string was used for numbers which isnt really the best idea ;)

Re: explorer.php is blank? If you had a editor with syntax highlighting it would of been so easy to spot the error

Re: [Competition Questions] SQL Quoting Good point, if you wanted to also add other things such as unix_timestamp() it would treat it as a string.. If thats what your trying to say

Re: [mccode v2] Updated Newspaper - more than one page then change it so its harder to spam

Re: www.sniper-wars.net It's a bit plain

Re: V2 Mainmenu the href was closed, the anchor tag wasn't

Re: [mccodes] MCCODES EVERYWERE whats your point?

Re: V2 Mainmenu   For a CSS menu take a look at list menus ([*]<a href="link.html">link)

Re: [mccode V2] Search Islands   you got a link? He aint got a game... I have asked him a few times... he sounds like a "foney"

Re: [mccode V2] Search Islands   you got a link?

Re: [mccode] 8 Lines to secure your site from known sql injections. to secure the data it would be wise to create a set of functions that you can call to instead of declaring variables in the header. With the code provided even if there is no viewforum it will be "secured", is there any point?   $count = 3; $x = -1; while($x < $count) { $places_to_be_secured = array("ID","viewforum","viewtopic"); $x++; $_GET[$places_to_be_secured[$x]] = abs(@intval($_GET[$places_to_be_secured[$x]])); }   Also, if the get variables changed here are not a number then an error will be produced and you don't want a mysql error on screen ;) Or something along the lines of this will help: $id = (isset($_GET['id']) AND ctype_digit($_GET['id']))?settype($_GET['id'],'integer'):FALSE; if(!$id){echo 'error';die;}

Re: [mccodes v2] Awsome cron help [TIMESTAMP] This is only a guide ( i created this for a non mccodes game ;) )..   <?php $result = $DB->query("SELECT * FROM `updates` WHERE `name` = '5min'"); $result = $DB->fetchRow($result); $howLongAgo = time() - $result['last']; if($howLongAgo > (300)) { $n = floor($howLongAgo / 300); $user = new User($_SESSION['userid']); $energy = ($user->energy) + (5 * $n); $energy = ($energy > $user->maxenergy) ? $user->maxenergy : $energy; $brave = ($user->brave) + (2 * $n); $brave = ($brave > $user->brave) ? $user->maxbrave : $brave; $hp = $user->hp + (($user->maxhp * .25) * $n); $hp = ($hp > $user->maxhp) ? $user->maxhp : $newhp; $will = ($user->will) + (5 * $n); $will = ($will > $user->will) ? $user->maxwill : $will; $string = sprintf("UPDATE `users` SET `energy` = '%u', `brave` = '%u', `hp` = '%u', `will` = '%u'", abs(@intval($energy)),abs(@intval($brave)),abs(@intval($hp,$will))); $DB->query($string); $t = time(); $result = $DB->query("UPDATE `updates` SET `last` = '%u' WHERE `name` = '5min'",$t); $l = $t - (floor($t / 300) * 300); if ($l > 0) { $newUpdate = time() - $l; $result = $DB->query(sprintf("UPDATE `updates` SET `last` = '%u' WHERE `name` = '5min'",$newUpdate)); } } ?>

Re: Login Page's $10 1. 1/10 2. 3/10 3. 4/10 I don't see why the register would be an extra $10

Re: Energy problem There is no point of adding an extra query that is gonna be doing nothing. Do what i said in the previous post, then to display it try something like this   echo '[b]Energy:[/b] '.$ir['energy'].' / '.$ir['maxenergy']. '<div style="height:5px:background:#900;padding:0;width:150px;">'. '<div style="height:5px:background:#090;width:'.floor(($ir['energy'] / $ir['maxenergy']) * 100).'%"></div></div>';

Re: Energy problem in the donatordays add query add maxenergy = 150 then in cron day update users set energy = 100 where donatordays = 0 and maxenergy > 100