AlabamaHit

v2 is just php. mccodes is 'not' a language. Can I ask you a serious question? Why post this as new topic every 3 days? You just posted this same topic not long ago........ If you need money that bad get a job. No age don't matter. I started working at 13 so don't go with i'm to young.

</tr> <?php }// while loop ?> <tr>   should be one would assume...   </tr> <?php printf('}');// while loop ?> <tr>

I was using the str_replace() and strip_tags for seperate reasons. Mostly just in case there is an attack that don't involve a full comment. When I found the function it already had the htmlspecialchars, so i just didn't remove it lol. The printf yeah i know it is not required on most I type, but it is habit lol. Also, thanks for the responce :)

That sucks I might need to rethink some of my engine, as I used sha1 to encrypt the passwords. Thanks for the info I really didn't know their was any table or nohting to work around sha1. I knew there was on md5. But sha1 should still be very safe, as really md5 is. As long as you use a good password... if you use somethign like baller then yeah it will get busted but if you use baller3938baller9 That wouldn't be in the table lol.

It's what Crimegame.com said. (Zero right?) http://en.wikipedia.org/wiki/Ternary_operation Their is a link to it.

Ok, I'm currently working on a script. (Not McCodes). The thing is I belive it is right, but I want to verify with some people. When I mres (For example) Hit's In the database it only shows up as Hit's I think this is right. Cause if I'm not mistaken it is only escaped in the query so it will not show up as Hit\'s In the database (unless magic quotes) Which I'm not using. Here is a snippet of example code. This is the function I'm using. (Opinions on that is open also). Also I didn't make the function I found it on the net. So I ofcourse don't take credit for it.   function mres($text) { $text = trim($text); $text = str_replace("<", "<", $text); $text = str_replace(">", ">", $text); $text = strip_tags($text); $text = htmlspecialchars($text, ENT_NOQUOTES); $text = mysql_real_escape_string($text); return $text; }   Now the code For sending the info.   $get_name = $db->query_first("SELECT users_name FROM users WHERE users_id = ".$user.""); printf('Your current name is '.$get_name['users_name'].' '); printf('If you wish to change it just enter a new name in the input area below. '); printf('If you do not wish to change it, just click the link below to go back. '); printf('<form action="'.$url.'settings" method="post"> '); printf('<input type="text" name="do_name" /> '); printf('<input type="submit" value="Change Name" />'); printf('</form>');   This is the code taht is entering into the database   $clean_name_input = sprintf("UPDATE users SET users_name = '%s' WHERE users_id = ".$user."",mres($_POST['do_name'])); $db->query($clean_name_input); printf('Your name has just been changed to '.$_POST['do_name'].'');   Now here is the main reason I think it is right. If on the printf statement I put the mres it does show up as Hit\'s. But the database don't. I'm sure this is correct. Just wanted to verify.

sha1 has been cracked? Crap I didn't know that lol.

lol, just cause it don't make sense don't mean it won't work. lol But really I have not tested that., You should try it on a test site first. but I think it should work.

So you want 50% for non-donators and a "value" of 6 for donators?   if($_GET['wepid']) { if($_SESSION['attacking']==0 && $ir['attacking'] == 0) { $energy_cost = $ir['donatordays'] == 0 ? $youdata['maxenergy'] / 2 : '6'; if ($youdata['energy'] >= $energy_cost) { $energy_cost = floor($energy_cost); $db->query("UPDATE users SET energy=energy - {$energy_cost} WHERE userid=$userid"); $_SESSION['attacklog']=""; $_SESSION['attackdmg']=0; } else { print "You can only attack someone when you have 50% energy"; $h->endpage(); exit;   This is not a complete work over jsut a quick thing that should it work.

If you can't get a macro to work, just make it where they can't refresh the page.

$test = mysql_fetch_array(mysql_query("SELECT username from users where userid = 1"); echo $test; YOu where missing the array.

Thanks for the help eveyone

No, I don't know anything about doing that.

Your selling mods but can't secure your game? Or did I read that wrong?... In that theory, that would say that the mods would be un-secure....

lol yeah typo. I'm tryig to find my old keyboard, this new one sucks. I hate the low keys lol

$on = $r['laston'] >= time()-15*60 ? ("<img scr='online.png' />") : ("<img scr='offlinee.png' />");

Can you use the mail() function in xampp? Or does it not work. I get errors. Figured it might be somethign with the localhost just not allowing, Figured I would ask before I went looking into this to far.

where is $rlist defined? If I missed it my bad I just had a quick look but don't see it defined

TY :D

Yeah been gone for quite a while. Got busy on making a script.. :thumbup:

headers already sent is a normal v1 and lite problem. you need to look into ob_start();

That is why I get paided first..

Yeah, it must be your name lol. I never get mentioned lol...

Dude your a tool I can tell that just by this one topic. You posted and 2 hours later expect EVERYONE on the site to be online to help??? wtf honestly. I will never help you or anyone that acts like that. You ask for help you WAIT for someone to help. Don't come back and bitch about it an 2 hours later.

lol., Don't tell everyone :)