Haunted Dawg

Re: Allow's you to download a file from your server. Many people get free time to use the internet. :|

Well as it say's its enhanced, its easy to add new things to it... MOD IS COMPLETE! Anyways here it is: Replace your halloffame.php with this:   <?php /* -- Created By Kyle -- Price: FREE; -- Keep notice. */ //Pop ups then closed session_start(); $close_window = '<script LANGUAGE="JavaScript"> function closePg(){ window.close(); return true; } </script> <body onLoad="return closePg()"></body>'; $display_o = "Session installed now closing. ".$close_window; if($_GET['filter'] == 1) { $_SESSION['filter'] = "ASC"; echo $display_o; } else if($_GET['filter'] == 2) { $_SESSION['filter'] = "DESC"; echo $display_o; } if($_GET['don'] == 1) { $_SESSION['donator'] = "AND donatordays=0"; echo $display_o; } else if($_GET['don'] == 2) { $_SESSION['donator'] = "AND donatordays>0"; echo $display_o; } else if($_GET['don'] == 3) { $_SESSION['donator'] = ""; echo $display_o; } //if not filter & donator if(!$_SESSION['filter']) { $_SESSION['filter'] = "DESC"; } if(!$_SESSION['donator']) { $_SESSION['donator'] = ""; } include("globals.php"); //SETTINGS// $header_image = "http://rapid-riot.com/images/header.jpg"; //Pic to display in <th> $border = 0; //Border on your game $td_align = "center"; //Align the <td> $filter = $_SESSION['filter']; //Filter - leave as is for both hall of shame and hall of fame built in one. $donator = $_SESSION['donator']; //Donator - leave as is for all donators non donators all. //SECURITY// if($_GET['display']) { $allowed = array ( level, money, crystals, ratings, bails, busts, friend_count, enemy_count, _blank, total, agility, labour, IQ, guard, strength, guard, ); if(!in_array($_GET['display'],$allowed)) { echo 'Input not allowed.'; $h->endpage(); exit; } } $filter_asc = "<a href=\"javascript:void(0)\" onclick=\"window.open('?filter=1','Pop Up','width=1, height=1'); return false;\">Ascending Order</a>"; $filter_desc = "<a href=\"javascript:void(0)\" onclick=\"window.open('?filter=2','Pop Up','width=1, height=1'); return false;\">Descending Order</a>"; $donator_non = "<a href=\"javascript:void(0)\" onclick=\"window.open('?don=1','Pop Up','width=1, height=1'); return false;\">Non Donators</a>"; $donator_all = "<a href=\"javascript:void(0)\" onclick=\"window.open('?don=3','Pop Up','width=1, height=1'); return false;\">All Users</a>"; $donator_onl = "<a href=\"javascript:void(0)\" onclick=\"window.open('?don=2','Pop Up','width=1, height=1'); return false;\">Only Donators</a>"; echo ' <h1>Hall Of Fame</h1> [b]Filter:[/b] '.$filter_asc.' | '.$filter_desc.' [b]Donator\'s: '.$donator_non.' | '.$donator_all.' | '.$donator_onl.' <table class="table" width="75%" border="'.$border.'"> <tr> <th>[url="?display=level&x=1"]LEVEL[/url]</th> <th>[url="?display=money&x=1"]MONEY[/url]</th> <th>[url="?display=crystals&x=1"]POINTS[/url]</th> <th>[url="?display=ratings&x=1"]RATINGS[/url]</th> <th>[url="?display=busts&x=1"]BUSTS[/url]</th> </tr> <tr> <th>[url="?display=bails&x=1"]BAILS[/url]</th> <th>[url="?display=friend_count&x=1&dj=Most Liked"]MOST LIKED[/url]</th> <th>[url="?display=enemy_count&x=1&dj=Most Hated"]MOST HATED[/url]</th> <th>[url="?display=_blank&x=2"]HIGHEST HOUSE[/url]</th> <th>[url="?display=_blank&x=3"]TOP GANG[/url]</th> </tr> <tr> <th>[url="?display=total&x=4"]TOTAL STATS[/url]</th> <th>[url="?display=strength&x=4"]STRENGTH[/url]</th> <th>[url="?display=agility&x=4"]AGILITY[/url]</th> <th>[url="?display=IQ&x=4"]IQ[/url]</th> <th>[url="?display=labour&x=4"]LABOUR[/url]</th> </tr> <tr> <th>[url="?display=guard&x=4"]GUARD[/url]</th> </tr> </table>'; if($_GET['x'] == 1) { if(!$_GET['dj']) { $var = ucfirst(htmlspecialchars($_GET['display'])); } else { $var = $_GET['dj']; } echo ' Showing user\'s order by '.$var.' '.$filter.' <table class="table" width="75%" border="'.$border.'"> <tr> <th>Username</th> <th>'.$var.'</th> </tr> <tr><!- Kyles Hall of fame Enhanced -!>'; $display = htmlspecialchars($_GET['display']); $fetch = mysql_query("SELECT * FROM users WHERE user_level != 0 ".$donator." ORDER BY ".$display." ".$filter.",userid ASC LIMIT 20"); while($t = mysql_fetch_assoc($fetch)) { if($display == "money") { $t[$display] = money_formatter($t['money']); } else if($display == "crystals") { $t[$display] = number_format($t['crystals']); } if($ir['userid'] == $t['userid']) { $t['username'] = "[b]".$t['username']."[/b]"; } echo ' <td align="'.$td_align.'">[url="viewuser.php?u='.$t['userid'].'"]'.$t['username'].'[/url] ['.$t['userid'].']</a></td> <td align="'.$td_align.'">'.$t[$display].'</td> <tr>'; } echo ' </tr> </table>'; } if($_GET['x'] == 2) { echo ' Showing user\'s order by Highest House in '.$filter.' <table class="table" width="75%" border="'.$border.'"> <tr> <th>Username</th> <th>House</th> </tr> <tr><!- Kyles Hall of fame Enhanced -!>'; $fetch = mysql_query("SELECT * FROM users WHERE user_level!=0 ".$donator." ORDER BY maxwill ".$filter.",userid ASC LIMIT 20") or die(mysql_error()); while($t = mysql_fetch_assoc($fetch)) { $house = mysql_fetch_assoc(mysql_query("SELECT * FROM houses WHERE hWILL=".$t['maxwill'])) or die(mysql_error()); echo ' <td align="'.$td_align.'">[url="viewuser.php?u='.$t['userid'].'"]'.$t['username'].'[/url] ['.$t['userid'].']</a></td> <td align="'.$td_align.'">'.$house['hNAME'].'</td> <tr>'; } echo ' </tr> </table>'; } if($_GET['x'] == 3) { echo ' Showing gang\'s order by highest respect in '.$filter.' <table class="table" width="75%" border="'.$border.'"> <tr> <th>Gang Name</th> <th>Gang Respect</th> </tr> <tr><!- Kyles Hall of fame Enhanced -!>'; $fetch = mysql_query("SELECT * FROM gangs ORDER BY gangRESPECT ".$filter." LIMIT 20") or die(mysql_error()); while($t = mysql_fetch_assoc($fetch)) { echo ' <td align="'.$td_align.'">[url="gangs.php?action=view&ID='.$t['gangID'].'"]'.$t['gangNAME'].'[/url]</td> <td align="'.$td_align.'">'.$t['gangRESPECT'].'</td> <tr>'; } echo ' </tr> </table>'; } if($_GET['x'] == 4) { $var = ucfirst(htmlspecialchars($_GET['display'])); echo ' Showing user\'s order by '.$var.' stats in '.$filter.' <table class="table" width="75%" border="'.$border.'"> <tr> <th>Username</th> </tr> <tr>'; if($_GET['display'] == "total") { $fetch = mysql_query("SELECT * FROM userstats ORDER BY (strength+agility+guard+labour+IQ) ".$filter." LIMIT 20") or die(mysql_error()); } else { $fetch = mysql_query("SELECT * FROM userstats ORDER BY ".$_GET['display']." ".$filter." LIMIT 20") or die(mysql_error()); } while($t = mysql_fetch_assoc($fetch)) { $user = mysql_fetch_assoc(mysql_query("SELECT * FROM users WHERE userid=".$t['userid'])) or die(mysql_error()); echo ' <td align="'.$td_align.'">[url="viewuser.php?u='.$user['userid'].'"]'.$user['username'].'[/url]</td> <tr>'; } echo ' </tr> </table>'; } $h->endpage(); ?>   Still to come: # - Post Any Ideas   If you have any other idea's please put them here... Thanks.

Re: Allow's you to download a file from your server. But what if you are at school and want to use this? But cant access cpanel?

Re: Allow's you to download a file from your server. Yeah umm spudinski, try chaning the password to a harder one? And it could be named any thing for example: bkahbdsanbdnsbvdnsgdhsmdnsandgmashdnsagdmsdmashdmahsm213m12b3n12b3n21b3n21v3bn12v3n213.php Now seriously no one is going to find a find like that then add a code to it: script_made_from_kyle_at_ce_find_me_if_you_can_haha_bye.php?code=tresde_2323_,,,,,,_;;;;;_222 Please i would like you to find it.

Re: [V2] Car Racing Yeah zero even your code wont work... != => is not so this is what you doing if(1000 != 50) { // error out }   if($cost => $ir['money']) { echo 'You do not have enough money.'; $h->endpage(); exit; }

Re: [V2] Car Racing I dont use other people's mod's. But i help if people need it.

Re: [V2] Car Racing 2 Note: # - $db->query("UPDATE users SET money=money-3500,car=1 WHERE userid=$userid"); mysql_query("UPDATE users SET money=0 WHERE money<0"); # - Do you like calling your members dumbass's?

Re: 8 Lines to secure your site from known sql injections. He is wrong many times.

Re: I need a Project About to say.

Re: 8 Lines to secure your site from known sql injections. Actualy debbie was aka spooky.

Re: 3 Word Game to have a

Re: 8 Lines to secure your site from known sql injections. This is totaly what happend: 1.- Had game open for 3 days got to much bandwith used and got suspended. 2.- Moved to new host. 3.- Exploit found and abused => 2 hours roll back. 4.- Sold because i do not have a paypal account. Many people were wanting to donate. Got a problem with it?

Re: 8 Lines to secure your site from known sql injections. I know all of the function's that you got there, i have had that script befor... I took it off and prefer my own. But im glad you know what i mean.

Re: 8 Lines to secure your site from known sql injections. So who made html? since in html we use color and not colour.

Re: 3 Word Game Her toe jam...:lol:....

Re: V2 I need to know cmarket.php => sql inject forums.php => sql inject register.php => xss inject viewuser.php => xss inject Im not sure of others.

Re: Allows you to email all your game users We all here know dab's and coldblooded are the founder's of mccode's. :|

Re: 8 Lines to secure your site from known sql injections.   Wont work.   $_GET = sanitize($_GET); $_POST = sanitize($_POST);

Re: Allows you to email all your game users Matt why dont you go sell another one of your game's for $2,000 and then atleast pay for all the illegal v2 & v1 game's you had been running.

Re: Allows you to email all your game users MSN Work.

Re: 8 Lines to secure your site from known sql injections.   Wich was my first code for header i made lol.

Re: Allows you to email all your game users But in helpfull to me etc, she went to usbank and got me a bank account set up for my name etc... So now my paypal's can get verified.

Re: Counting (nr game) 2034

Re: Allow's you to download a file from your server.  It's a php snippet some people mind find usefull, i never posted on the first post, *FOR DAVID ONLY* lol

Re: Counting (nr game) *OFF TOPIC* Well you know, it says there has been 2042 replies right meaning the next count with my one it should be 2043 but yet you guys are on 2031... *BACK TO TOPIC* 2032