Zeggy

<div class="quote> <div class="quote>nested quote here</div> outside quote here </div> Is this what you mean?

You've only waited 30 minutes, not everybody is online when you post a question. Have some patience :)

I don't know if maybe you misread the description, but this isn't similar to hackquest and other challenge sites. This is mainly a tutorial with some hands-on sections to try stuff out. But it can be treated as an article too. I think the target audience for this site is perfect for the web developers on this forum who want to learn more about web security. Sure, python's not the most popular web dev language but it is just as appropriate for web dev as ruby is. Personally I use python for my own web development and I find it much nicer than using PHP.

Google made a very nice tutorial on website exploits and how to protect against them. http://jarlsberg.appspot.com/ You get your own copy of a buggy website, and follow the instructions to exploit and fix this website. Covers xss, csrf, and much more!   The website is written in python so if you use php you may not understand the code, but the underlying principles are the same and these attacks can still be applied to your website!

That's all there is to quote because key_exists hasn't officially existed since 4.0. It was renamed and the php manual barely makes a reference to the old name. An alias of the function was kept because it caused incompatibilities but I'm sure it will be removed eventually (php 6). tldr; the function exists, but only for legacy purposes so you shouldn't be using it at all unless you're working on code that's over ten years old.

Well, if somebody managed to upload a file that can be run as a php file, then there really isn't anything you can do to stop it from doing whatever it wants, as any security features you add can be defeated quite easily when you can upload scripts run on the server side. By this point you've already lost. You need to prevent them from ever getting to this stage.

What kind of exploit does this protect from?

Trying to stop browser refresh is like trying to stop the mouse from leaving the window or the user from entering a url to navigate away from your page - it's impossible. If you're trying to prevent refreshing, then your problem lies somewhere else (like in your code). Rewrite your features so refreshes are harmless. For example, refreshing a page after performing an action should only reload the result message, not the database update/insert.

I'm very familiar with css, thanks. Sorry I misunderstood, your first post isn't very accurate. The code boxes are not 'too large', they are 'just the right size for the code'. What you want to do is reduce the box size, not (as I assumed) correct faulty css. You suggested setting code boxes to 500px, not putting a limit on the height. I didn't look at the code you included, but now that I have, why would you only want overflow scrolling vertically? Why not have it horizontally as well, otherwise you'd be scrolling the entire screen as opposed to just the code box.

...is this a browser thing? If the css has no height attribute for it, the smart thing for a browser to do is to fit the box to the size of its contents. All the code boxes I see are just large enough to contain the code within it, ie. the code box in your first post is like 50 pixels high. Why would you set it to 500px?

Or you could implement it just like openid where the participating games don't require a user password from your service...

You should not rely on client-side code to perform operations that should clearly be run server-side. By using ajax, you must assume that this request can be made by the user at any time, as often as the (ab)user wants. Is your system able to manage this? Some users don't have javascript turned on. How do you handle this?   It is annoying to detect if a user has closed the browser. HTTP is stateless, the web page is fetched from your server, the connection is closed and that is all you know. How do you tell the distinction between leaving a page and closing the browser? Closing a browser has nothing to do with the internet, it's a local application. Or leaving the browser open but not playing? If you don't want to go with the timeouts as suggested above, you could use ajax to perform a keep-alive operation. As long as the user has the page open, you can use ajax to regularly query a page that keeps the user's status as 'online'. Put a timeout so users can't just keep their browser open and leave. And then you still perform the lock/unlock operation on the server-side (through cron for example). The problem with this solution is you will need to require your users to have javascript turned on, and the request to keep the user alive can also be abused if not coded properly.

The ingredients are available on the side of every can/bottle of coke :D It's the process of creating coke (the recipe) that is top secret.

It takes whatever number you enter into the program after you run it.

cin >> i; That line takes a number from standard input (your keyboard) and puts it in the variable i.

If you have a host that is able to host warez (and these do exist), then not much can be done about it. Most likely though, these hosts are not very high quality. As for the pirate bay example, it is not valid as they do not actually host anything illegal on their own servers.

Remove 'var' in the loop, you are redeclaring current_th as a local variable.

Top browser games have huge advertising budgets too, not just platform video games.   We all have unique and fresh ideas. Everybody has ideas. That's the one thing EVERYBODY can have. There is more to running a game to the degree that you can live off the profits and start your own company off it than just having a good idea. Seeing as how this guy clearly intends to start off and do everything by himself, judging from his posts he lacks a certain amount of necessary skills in order to run a game to the necessary degree of success (ie. technical proficiency). Also, 'unique' does not necessarily translate to successful. If you are simply out to make money, there are plenty of established game types/mechanics that you could copy and make a decent amount of money in a relatively short amount of time.   That was some practical real world advice. He didn't say 'give up on your dream completely'. This guy was clearly 'dreaming' in the short term - he intends to drop out his university and live off income from his game. That gives him a time-frame of 1-4 years to achieve this dream. It's one thing to dream, it's another to dream unrealistically. Being highly motivated and dreamy doesn't translate to success either. Clearly this guy is inexperienced, and this adventure would most likely (but possibly not) end in disappointment, and it would be extremely irresponsible to encourage him to give up his university degree.

I think the post is asking for a publisher to help publish their game in new languages/regions.

Try this instead: <?php mysql_query("UPDATE users SET credits=credits+economy"); ?>

With over 20 modules already available for FREE on the ezrpg forum, ezRPG v1.0 has finally been released! Download it now: http://ezrpg.googlecode.com/files/ezrpg1.0.zip Some of the changes made: Header messages fixed Small bug fixes Database class extended Hook system updated More hooks added   If you are running a release candidate, you can upgrade by simply replacing all files EXCEPT config.php (and don't upload install.php).   Remember to check out the ezRPG support forums to see if any of your questions have already been answered. Feel free to contact me here by private message or making a new topic, or on the ezrpg forum.

Those are some sweet images :) Good luck with your search.

srachit: yeah, so far I've only got the map working and jobs (jobs only on local host). Thanks zed :)

The computer screens will be holographic, and the pictures change slightly if you move your head to the side? :P

So I've been bored lately and decided to start making my own game :) It's a gangster-themed rpg, with a heavy emphasis on team play. Players start off as regular civilians, and as they progress through the game they can choose to become police or join a gang (or start their own gang). The game focuses on traveling around a map, where each tile can be bought/sold by players and buildings built on it (such as casinos to make money, or hospitals to heal fellow gang members, etc.) So far I've not got much done but I'm looking for testers to help spot bugs, give ideas and test the load on the server. If you really want to help, you can find me on irc. http://www.gangriot.com/ Registration is closed but I have a demo account if anybody wants to take a look around: Username: demo Password: demo   Let me know what you think! Thanks :)   Edit: oh yeah, use the arrow keys to move around the map. javascript need to be enabled.