shrek1609

Re: Donators Gym $2 I really don't believe you!!! The amount of help you have asked for over the last week or so and been given... then you have the nerve to try and sell a two minute edit of code for $2.00

Re: Crystals V2 hmm i stand part corrected i have just tried this... however in globals.php it doesn't work in global_function.php it part works... it doesn't change all instances of it, it has left links in explore as crystal temple etc and a few other places... also i am assuming you still need to change the database fields from crystals to tobacco...

Re: Crystals V2 Nope there is no quick way... i actually have to do this on my new game easiest way i think of doing this is to go through the database and change every database field that is crystals to (in my case) Tobacco (notice the capital letter on Tobacco) then use your file editing software and use the find and replace option... eg: find crystals replace with Tobacco (again notice the capital T) find crystals will find Crystals and crystals ie it will find crystals in sql queries and also find Crystals where you may have a capital letter on displaying the word in game... this saves you having to manually go through and change them... remember though Gold Bars will not work with this method as its two words, so either manually go through all script files or change to just Gold

Re: Yet another attack problem #1 for me. ok this depends alot on how your attack is set up... i cannot remember what the default attack is :? however mine works as follows: There are two ways to train   Strength + Agility Defence + Level if two players had the defence of Player A 50 million Player B 100 million yet player A was say 25 levels higher he would win... for strength + Agility would work as follows: Player A strength 250 million agility 10 million Defence 1 million Player B Strength 500 million Agility 1 million Defence 5 million Player A would win as his Agility is higher and gains first hit, his first hit destroys player B's defence in one hit... hope this helps a bit ;)

Re: [Mccodes][V2] SMF Registration Intergration!!!!! this is fantastic :D would it be possible to also have it auto log them into the forum on login to the game :)

Re: Security of your game... i agree with what you are saying although if you think about these extra suggestions i have stated here, they are good for a live site while you are going through script to securing it... all above would only take a very short time to implement :)

Re: Security of your game... yep spot on Miniman... a few comments from my staff have been for the crystal cap what if someone played before... sold his account and wanted to start again and buy a shed load of crystals... he would end up frozen and upset after spending lots of real life money... so simple solution to this is in the donator files where it updates the crystals after a paypal purchase add a query to increase the cap by the amount of crystals purchased... lets face it a donator is very unlikely to hack :-D

Re: Security of your game... well i've actually revamped this idea... the rolling caps ie upgraded for each day old, if you exceeded the amount allowed your account would be frozen with a message popping up for only staff to see (in header) to investigate it... and either ban or unfreeze as appropriate you could change your rules if people were sending money to freeze peoples accounts then they get banned for x amount of days... crystals wouldnt be a problem no one would send them as too valuable just to get someone frozen...

I have been reading up a lot on security just lately and in the process of recoding all my files securely... however... as i see it there is no such thing as a totally secure site, anything is hackable... Now the problem with hacking attempts as i see it is the injection of large amounts of cash or crystals going into the game... Now before you say code it securely, there is always a way round everything... so i have come up with some ideas... 1. Work out some amounts ie how much money and crystals would be impossible to have under a certain level, then add the code in header eg: if money > x and level < x (then fedjail) this could be done for gang vault, banks etc 2. another idea i've had is to code the bank accounts so that they can only hold a certain amount which increases daily... eg day one $250k day two $500k day 3 $750k (obviously set up for your games economy) 3. crystals, again increase the amount of crystals they can hold daily, my max paypal purchase is 15k of crystals... so day one they can hold 20k day two 21k etc... basically code in a cap on the amount of crystals one member can hold.... ok i've just come up with these ideas, i would appreciate some feedback on these and if enough post then i will code these in and post the code for them...

Re: [REVIEW] Organized Gangstas - Please review!! couple of things, you have white writing on a light grey background, very hard to read... i'm on a widescreen laptop and your header logo has broken the margins of the site... you really need to check what your game looks like on all different screen resolutions :)

This is a new member search with the ability to save last search... I've just finished and have checked and tested all seems fine but really tired so any bugs you find please post and will fix tomorrow night :) enjoy...   CREATE TABLE IF NOT EXISTS `search` ( `searchid` int(11) NOT NULL auto_increment, `userid` int(11) NOT NULL default '0', `moneymin` int(11) NOT NULL default '1', `daysmax` varchar(255) NOT NULL default '', `daysmin` varchar(255) NOT NULL default '', `levelmin` int(11) NOT NULL default '1', `levelmax` int(11) NOT NULL default '500', `id` varchar(255) NOT NULL default '', `location` int(11) NOT NULL default '1', `name` varchar(255) NOT NULL default '', `online` varchar(255) NOT NULL default '0', PRIMARY KEY (`searchid`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;   search.php   <?php include "globals.php"; $sql = sprintf("SELECT * FROM search WHERE userid = %d ", $ir['userid']); $q1 = mysql_query($sql); if(mysql_num_rows($q1) > 0) { $p = $db->fetch_row($q1); print" <table width=60% cellspacing=1 class='table' bordercolor='#636363' border='1'><tr><th colspan='2'>Prisoner Search</th></tr> <tr><td colspan='2'><font color=red>*</font> is a required field. </td></tr> <form action=searchdo.php method=POST> <tr><td>Name: <input type=text name=name value={$p['name']}></td> <td>ID: <input type=text name=id value={$p['id']}></td></tr> <tr><td colspan='2'>Search by Level</td></tr> <tr><td>From: <font color=red>* </font><input type=text name=levelmin value={$p['levelmin']}></td> <td>To: <font color=red>*</font> <input type=text name=levelmax value={$p['levelmax']}></td></tr> <tr><td colspan='2'>Search by Days Old</td></tr> <tr><td>Days Old: From: <input type=text name=daysmin value={$p['daysmin']}></td> <td>To: <input type=text name=daysmax value={$p['daysmax']}></td></tr> <tr><td colspan='2'>Search by Financial Criteria</td></tr> <tr><td>Search by Money Greater than:</td> <td><font color=red>* </font><font color=green size=4>[b]$[/b]</font><input type=text name=moneymin value={$p['moneymin']}></td></tr> <tr><td colspan='2'>Misc. Search criteria</td></tr> <tr><td>Location: <Select name=location type=dropdown value={$p['location']}> "; $sq = sprintf("SELECT cityname FROM cities WHERE cityid = %d ", $p['location']); $q2 = mysql_query($sq); $v = $db->fetch_row($q2); print"<option value={$p['location']} >{$v['cityname']}</option>"; $s = sprintf("SELECT cityid, cityname FROM cities WHERE cityid != %d ", $p['location']); $q = mysql_query($s); while($r=$db->fetch_row($q)) { print "<option value={$r['cityid']}>{$r['cityname']}</option>"; } print"</select> "; print" </td><td>Status: <select name=online type=dropdown value={$p['online']}>"; if($p['online'] !='online') { print"<option value=0>Offline</option><option value=online>Online</option>"; } else { print"<option value=online>Online</option><option value=0>Offline</option>"; } print" </select></td> </tr>"; print" <tr><td colspan='2'> <input type='submit' name='search' value='Search'> <input type='submit' name='save' value='Search and Save'> <input type='submit' name='clear' value='Clear Saved Search'></form></td></tr></table>"; } else { print"<table width=60% cellspacing=1 class='table' bordercolor='#636363' border='1'><tr><th colspan='2'>Prisoner Search</th></tr> <tr><td colspan='2'><font color=red>*</font> is a required field. </td></tr> <form action=searchdo.php method=POST> <tr><td>Name: <input type=text name=name></td> <td>ID: <input type=text name=id></td></tr> <tr><td colspan='2'>Search by Level</td></tr> <tr><td>From: <font color=red>* </font><input type=text name=levelmin value=1></td> <td>To: <font color=red>*</font> <input type=text name=levelmax value=500></td></tr> <tr><td colspan='2'>Search by Days Old</td></tr> <tr><td>Days Old: From: <input type=text name=daysmin></td> <td>To: <input type=text name=daysmax></td></tr> <tr><td colspan='2'>Search by Financial Criteria</td></tr> <tr><td>Search by Money Greater than:</td> <td><font color=red>* </font><font color=green size=4>[b]$[/b]</font><input type=text name=moneymin value=1></td></tr> <tr><td colspan='2'>Misc. Search criteria</td></tr> <tr><td>Location: <Select name=location type=dropdown>"; print"<option value=0 selected >select</option>"; $q=$db->query("Select * from cities"); while($r=$db->fetch_row($q)) { print "<option value={$r['cityid']}>{$r['cityname']}</option>"; } print"</select> </td><td>Status: <select name=online type=dropdown> <option value=0 selected>Offline</option> <option value=online>Online</option></select></td> </tr> <tr><td colspan='2'> <input type='submit' name='search' value='Search'> <input type='submit' name='save' value='Search and Save'> <input type='submit' name='clear' value='Clear Saved Search'></form></td></tr></table>"; } ?>   searchdo.php   <?php include "globals.php"; $_POST['search'] = mysql_real_escape_string($_POST['search']); $_POST['save'] = mysql_real_escape_string($_POST['save']); $_POST['clear'] = mysql_real_escape_string($_POST['clear']); if($_POST['search']) { $_POST['moneymin'] = abs(@intval($_POST['moneymin'])); $_POST['daysmax'] = mysql_real_escape_string($_POST['daysmax']); $_POST['daysmin'] = mysql_real_escape_string($_POST['daysmin']); $_POST['levelmin'] = abs(@intval($_POST['levelmin'])); $_POST['levelmax'] = abs(@intval($_POST['levelmax'])); $_POST['id'] = mysql_real_escape_string($_POST['id']); $_POST['location'] = abs(@intval($_POST['location'])); $_POST['name'] = mysql_real_escape_string($_POST['name']); $levelmin_clause="WHERE level >= {$_POST['levelmin']}"; $levelmax_clause=" AND level <= {$_POST['levelmax']}"; $id_clause=($_POST['id']) ? " AND userid LIKE('%{$_POST['id']}%')" : ""; $name_clause=($_POST['name']) ? " AND username LIKE('%{$_POST['name']}%')" : ""; $location_clause=($_POST['location']) ? " AND location LIKE('{$_POST['location']}')" : ""; $online_clause=($_POST['online']) ? " AND laston >= unix_timestamp()" : ""; $daysmin_clause=($_POST['daysmin']) ? " AND daysold >= {$_POST['daysmin']}" : ""; $daysmax_clause=($_POST['daysmax']) ? " AND daysold <= {$_POST['daysmax']}" : ""; $moneymin_clause=($_POST['moneymin']) ? " AND money > {$_POST['moneymin']}" : ""; $q=$db->query("SELECT * FROM users $levelmin_clause$levelmax_clause$id_clause$name_clause$location_clause$online_clause$daysmin_clause$daysmax_clause$moneymin_clause",$c); print " <table width='75%' cellspacing='1' class='table'><tr><th><h3>Prisoner Search Results</h2></th></tr></table>"; print"<table width='75%'><tr><td colspan='5'>";print mysql_num_rows($q)." Prisoners found. </td></tr><tr class='table'><th>User</th><th>Level</th><th>Money</th><th>Mug</th><th>Attack</th></tr>"; while($r=mysql_fetch_array($q)) { print "<tr><td><a href='viewuser.php?u={$r['userid']}'>"; print" {$r['username']}"; print"</a></td><td>{$r['level']}</td><td>\${$r['money']}</td><td>[url='mug.php?ID={$r['][Mug][/url]</td><td>[url='attack.php?ID={$r['][Attack][/url]</td></tr>"; } print "</table>"; } else if($_POST['save']) { $_POST['moneymin'] = abs(@intval($_POST['moneymin'])); $_POST['daysmax'] = mysql_real_escape_string($_POST['daysmax']); $_POST['daysmin'] = mysql_real_escape_string($_POST['daysmin']); $_POST['levelmin'] = abs(@intval($_POST['levelmin'])); $_POST['levelmax'] = abs(@intval($_POST['levelmax'])); $_POST['id'] = mysql_real_escape_string($_POST['id']); $_POST['location'] = abs(@intval($_POST['location'])); $_POST['name'] = mysql_real_escape_string($_POST['name']); $levelmin_clause="WHERE level >= {$_POST['levelmin']}"; $levelmax_clause=" AND level <= {$_POST['levelmax']}"; $id_clause=($_POST['id']) ? " AND userid LIKE('%{$_POST['id']}%')" : ""; $name_clause=($_POST['name']) ? " AND username LIKE('%{$_POST['name']}%')" : ""; $location_clause=($_POST['location']) ? " AND location LIKE('{$_POST['location']}')" : ""; $online_clause=($_POST['online']) ? " AND laston >= unix_timestamp()" : ""; $daysmin_clause=($_POST['daysmin']) ? " AND daysold >= {$_POST['daysmin']}" : ""; $daysmax_clause=($_POST['daysmax']) ? " AND daysold <= {$_POST['daysmax']}" : ""; $moneymin_clause=($_POST['moneymin']) ? " AND money > {$_POST['moneymin']}" : ""; $q=$db->query("SELECT * FROM users $levelmin_clause$levelmax_clause$id_clause$name_clause$location_clause$online_clause$daysmin_clause$daysmax_clause$moneymin_clause",$c); print " <table width='75%' cellspacing='1' class='table'><tr><th><h3>Prisoner Search Results</h2></th></tr></table>"; print"<table width='75%'><tr><td colspan='5'>";print mysql_num_rows($q)." Prisoners found. </td></tr><tr colspan=1 class='table'><th>User</th><th>Level</th><th>Money</th><th>Mug</th><th>Attack</th></tr>"; while($r=mysql_fetch_array($q)) { print "<tr><td><a href='viewuser.php?u={$r['userid']}'>"; print" {$r['username']}"; print"</a></td><td>{$r['level']}</td><td>\${$r['money']}</td><td>[url='mug.php?ID={$r['][Mug][/url]</td><td>[url='attack.php?ID={$r['][Attack][/url]</td></tr>"; } print "</table>"; $sql = sprintf("SELECT * FROM search WHERE userid = %d ", $ir['userid']); $q1 = mysql_query($sql); if(mysql_num_rows($q1) > 0) { $updatesearch = sprintf ( "UPDATE `search` SET `id` = '%s', `moneymin` = '%d', `daysmax` = '%s', `daysmin` = '%s', `levelmin` = '%d', `levelmax` = '%d', `location` = '%d', name = '%s', `online` = '%s' WHERE `userid` = ('%u')", $_POST['id'], $_POST['moneymin'], $_POST['daysmax'], $_POST['daysmin'] , $_POST['levelmin'], $_POST['levelmax'], $_POST['location'], $_POST['name'], $_POST['online'], $ir['userid'] ); $db->query($updatesearch); } else { $insertsearch = sprintf ( "INSERT INTO `search` values ('' , '%u' , '%u' , '%s' , '%s' , '%u' , '%u' , '%s' , '%u' , '%s', '%s' )", $ir['userid'], $_POST['moneymin'], $_POST['daysmax'], $_POST['daysmin'] , $_POST['levelmin'], $_POST['levelmax'], $_POST['id'], $_POST['location'], $_POST['name'], $_POST['online'] ); $db->query($insertsearch); } } else if($_POST['clear']) { $sql = sprintf("SELECT * FROM search WHERE userid = %d ", $ir['userid']); $q1 = mysql_query($sql); if(mysql_num_rows($q1) > 0) { $deletesearch = sprintf ( "DELETE FROM `search` WHERE `userid` = ('%u')", $ir['userid'] ); $db->query($deletesearch); print"last Search has been Deleted"; } else { print"You have no searches saved to delete... Stupid!!"; } } ?>     Just to note you may have to remove the mug option if you do not have mugging on your game... Also had to do a quick edit as i have gradient coloured names set up on my game, this should still work fine as just removed this code for gradients... Anyway i'm tired now so any problems just post and will sort tomorrow :)

Re: [mccode v2] Weather Gym [$1.00] oh now thats a nice idea, something in header showing the current weather :)

Re: How to use sprintf? thanks floydian :) i've been having a play with mres() abs int and string_replace etc... and i've been echo'ing the results out straight away, never considered the database having an effect on them :) now for the long job of recoding every file :cry: p.s. just out of interest is there a difference between print and echo or is it just personal choice ?

Re: How to use sprintf? just a thought here... if i use mysql_real_escape_string on the input of a username and the username is say dave's then the output of this will surely be dave\'s would this mean i would need to use stripslashes on the output?

Re: [mccode v2] Weather Gym [$1.00] i have to say this BlueDevil23 is one of those rare people in the world who will go that extra mile for you :) Not only has he updated this VERY cheap script but also spent time helping me understand and learn how to secure my games... a great chap and can't recommend highly enough to buy this from him... oh not to mention this is a unique idea and brings a great twist to the training :)

Re: [FAQ] sprintf - no, it's not a phone company i hope i don't get flamed for bumping this but just want to thank Flodian for this, i've been reading so much on sprintf today and this just makes it so simple to understand and the reasons why... thank you :)

Re: How to use sprintf? i believe a string also contains SOME characters other than the alphabet... what i'm a bit confused on is why the need to use sprintf if we mres() or abs int on all the variables going into the query

Re: How to use sprintf? thanks Karlos i really appreciate this... i think what i am getting at is if i secured every variable whether like you say it was hard coded or a member inputed variable and got into the habit of doing this on all my coding... surely i would be much more secure from sql injections and hacking attempts...

Re: How to use sprintf? would this not be a better way... create a function in global_function.php   function check_input($value) { if (get_magic_quotes_gpc()) { $value = stripslashes($value); } if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; }   then for say the userid...   $userid = check_input($userid);   then just run the sql query as normal ?

Re: How to use sprintf? now i'm confused... doesn't   mysql_real_escape_string($color), abs(@intval($crystals)), abs(@intval($userid))   make the sql query more secure as i have secured all the variables in the query ?

Re: How to use sprintf? that helped a bit i think but as an example i have picked a file i coded which is as follows...   <?php include "globals.php"; $_POST['color']=abs((int) $_POST['color']); if( !$_POST['color'] ) { print"<h3><font color='red'>[b][i]?Here you can Purchase a Different Colored Name?[/b][/i]</font></h3>"; print"<table width=95% cellspacing=1 class='table'><tr style='background:gray'><th><font color='orange'>Color</font></th><th><font color='orange'>Cost in Crystals</font></th><th><font color='orange'>Delivery</font></th></tr> <tr><td>[b]<font color='#ffffff'>White</font></td><td>1,000 Crystals</td><td>INSTANT --- Select Below[/b]</td></tr> <td>[b]<font color='#aaaaaa'>Grey</font></td><td>1,500 Crystals</td><td>INSTANT --- Select Below</td></tr> <td>[b]<font color='#ffff00'>Yellow</font></td><td>2,000 Crystals</td><td>INSTANT --- Select Below[/b]</td></tr> <td>[b]<font color='#00ffff'>Cyan</font></td><td>2,500 Crystals</td><td>INSTANT --- Select Below[/b]</td></tr> <td>[b]<font color='#99ff00'>Lime</font></td><td>2,500 Crystals</td><td>INSTANT --- Select Below[/b]</td></tr> <td>[b]<font color='#9966ff'>Lilac</font></td><td>2,500 Crystals</td><td>INSTANT --- Select Below[/b]</td></tr> <td>[b]<font color='#00ff00'>Other Color's</font></td><td>3,500 Crystals</td><td>Message The Shrekinator[/b]</td></tr> <td>[b]<FONT color=#ff0000>G</FONT><FONT color=#ff1111>r</FONT><FONT color=#ff2222>a</FONT><FONT color=#ff3333>d</FONT><FONT color=#ff4444>i</FONT><FONT color=#ff5555>e</FONT><FONT color=#ff6666>n</FONT><FONT color=#ff7777>t</FONT> <FONT color=#ff9999>C</FONT><FONT color=#ffaaaa>o</FONT><FONT color=#ffbbbb>l</FONT><FONT color=#ffcccc>o</FONT><FONT color=#ffdddd>r</FONT><FONT color=#ffeeee>s</FONT> </td><td>10,000 Crystals</td><td>Message The Shrekinator[/b]</td></tr> </table> "; print"<form action='color.php' method='post'> Please Select a color: <select class=textbox name='color'> <option value='0'>Please Select a color</option> <option value='1'>White --- Cost: 1,000 Crystals</option> <option value='2'>Grey --- Cost: 1,500 Crystals</option> <option value='3'>Yellow --- Cost: 2,000 Crystals</option> <option value='4'>Cyan --- Cost: 2,500 Crystals</option> <option value='5'>Lime --- Cost: 2,500 Crystals</option> <option value='6'>Lilac --- Cost: 2,500 Crystals</option> </select> <input class=textbox type='submit' value='Purchase color'> </form>"; } else { $color=$_POST['color']; if ($color == 1) { if($ir['crystals'] < 1000) { print"<font color='red'>[b]Sorry you do not have enough Crystals to make this purchase[/b]</font>"; } else { $color = '#ffffff'; $crystals = 1000; $update = sprintf("UPDATE users SET usercolor=('%s'), crystals=crystals - ('%u') WHERE userid=('%u')", mysql_real_escape_string($color), abs(@intval($crystals)), abs(@intval($userid)) ); $db->query($update); print"<font color='red'>Congratulations, You successfully puchased your colored name...</font> [url='index.php']>Back[/url]"; } } if ($color == 2) { if($ir['crystals'] < 1500) { print"<font color='red'>[b]Sorry you do not have enough Crystals to make this purchase[/b]</font>"; } else { $db->query("UPDATE users SET usercolor='#AAAAAA' WHERE userid=$userid"); $db->query("UPDATE users SET crystals=crystals-1500 WHERE userid=$userid"); print"<font color='red'>Congratulations, You successfully puchased your colored name...</font> [url='index.php']>Back[/url]"; } } if ($color == 3) { if($ir['crystals'] < 2000) { print"<font color='red'>[b]Sorry you do not have enough Crystals to make this purchase[/b]</font>"; } else { $db->query("UPDATE users SET usercolor='#FFFF00' WHERE userid=$userid"); $db->query("UPDATE users SET crystals=crystals-2000 WHERE userid=$userid"); print"<font color='red'>Congratulations, You successfully puchased your colored name...</font> [url='index.php']>Back[/url]"; } } if ($color == 4) { if($ir['crystals'] < 2500) { print"<font color='red'>[b]Sorry you do not have enough Crystals to make this purchase[/b]</font>"; } else { $db->query("UPDATE users SET usercolor='#00FFFF' WHERE userid=$userid"); $db->query("UPDATE users SET crystals=crystals-2500 WHERE userid=$userid"); print"<font color='red'>Congratulations, You successfully puchased your colored name...</font> [url='index.php']>Back[/url]"; } } if ($color == 5) { if($ir['crystals'] < 2500) { print"<font color='red'>[b]Sorry you do not have enough Crystals to make this purchase[/b]</font>"; } else { $db->query("UPDATE users SET usercolor='#99FF00' WHERE userid=$userid"); $db->query("UPDATE users SET crystals=crystals-2500 WHERE userid=$userid"); print"<font color='red'>Congratulations, You successfully puchased your colored name...</font> [url='index.php']>Back[/url]"; } } if ($color == 6) { if($ir['crystals'] < 2500) { print"<font color='red'>[b]Sorry you do not have enough Crystals to make this purchase[/b]</font>"; } else { $db->query("UPDATE users SET usercolor='#9966FF' WHERE userid=$userid"); $db->query("UPDATE users SET crystals=crystals-2500 WHERE userid=$userid"); print"<font color='red'>Congratulations, You successfully puchased your colored name...</font> [url='index.php']>Back[/url]"; } } } $h->endpage(); ?>     The First database query i have tried to secure,   if ($color == 1) { if($ir['crystals'] < 1000) { print"<font color='red'>[b]Sorry you do not have enough Crystals to make this purchase[/b]</font>"; } else { $color = '#ffffff'; $crystals = 1000; $update = sprintf("UPDATE users SET usercolor=('%s'), crystals=crystals - ('%u') WHERE userid=('%u')", mysql_real_escape_string($color), abs(@intval($crystals)), abs(@intval($userid)) ); $db->query($update); print"<font color='red'>Congratulations, You successfully puchased your colored name...</font> [url='index.php']>Back[/url]"; } }   would this "HELP" against hacking attempts, sql injections etc... I realise coding is pretty much impossible to totally secure, but am i wasting my time going through the script and using sprintf and mysql_real _escape_string on all the queries ? like i have done on this above one ?

Re: How to use sprintf? ok i've just spent a hour or so reading up on security in different topics on here... does using the sprintf on every database call whether its an update or a select help prevent against sql injections ? what i'm trying to say is if i go through every file and secure the database queries does it give a high level against sql injections etc

Re: [MCCODES V1 +V2] So who's viewing your profile sorry forgot to say, this will display a list of all members who have viewed that profile in the last 15 minutes...

Re: [MCCODES V1 +V2] So who's viewing your profile here you go mate ;) just threw this together... run this sql query...   CREATE TABLE IF NOT EXISTS `viewing` ( `ID` int(11) NOT NULL auto_increment, `proID` int(11) NOT NULL default '0', `viewID` int(11) NOT NULL default '0', `viewTIME` int(11) NOT NULL default '0', `viewNAME` text NOT NULL, PRIMARY KEY (`ID`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;   open viewuser.php find the main query that fetches the profile members info which should look like this ...   if($db->num_rows($q6) == 0) { print "Sorry, we could not find a user with that ID, check your source."; } else { $r=$db->fetch_row($q6);   add under that...   $q7=$db->query("SELECT * FROM viewing WHERE viewTIME > unix_timestamp()-15*60 AND proID = {$r['userid']} AND viewID = {$ir['userid']}"); if($db->num_rows($q7) == 0) { $db->query("INSERT INTO viewing VALUES('',{$r['userid']},{$ir['userid']}, unix_timestamp() ,'{$ir['username']}' ) "); } else { $db->query("update viewing set viewTIME = unix_timestamp() where proID={$r['userid']} AND viewID={$ir['userid']}"); }   ok this next bit you will have to decide where you want it on their profile...   print"<table><tr><th>[b]Members who viewed your Profile in last 15 minutes:[/b]</th></tr><tr><td>"; $q8=$db->query("SELECT viewNAME FROM viewing WHERE viewTIME>unix_timestamp()-15*60 and proID = {$r['userid']} ORDER BY viewTIME DESC"); while($v=$db->fetch_row($q)) { print"{$v['viewNAME']} , "; } print"</td></tr> </table>";   finally add to cron day...   $q=$db->query("DELETE FROM viewing WHERE viewTIME < (unix_timestamp()-15*60)");

Re: [MCcode v2] Advanced spying script [$10 USD] Sorry for the delay Radio been so busy only just had chance to install this script... ok for a review... install time = couple of minutes... edit the script to suit my game = 10 minutes (thanks to radio for making this so easy by noting through the script what every part is... saved so much time not having to read through the script first) Security of the Script = Excellent Quality of the script fantastic works like a charm no bugs and after spending a further 10 minutes reading through the code there is one hell of alot of random factors involved, making this a fantastic spy script :) definitely recommended to buy and imo very cheap for the quality, i've paid alot more for stuff i've had to discard or recode myself...