Spudinski

Salt: I think you're not getting the point. If I know the salt, and I know the hashing algorithm, it's just the "bits in between" I need to figure out. It's not secure if the salt is revealed, even if you do quadrupole hashing. Eg.: concat(x, 'mysalt') = '69c509c5b5a375a20c789caa3df2fb46' All I'd have to do is compare sequences of alpnum characters to the hash. match = (concat('helloworld', 'mysalt') == '69c509c5b5a375a20c789caa3df2fb46') ? true : false; In my honest opinion, it's like giving the private encryption key of your data, and keep the rest "safe". It's not as secure as it could be. PHP end tag: A debate about 16 bits(assuming utf-8) or 2bytes of a file isn't worth it. As for white space, see my post, I did say: "If you do not plan on producing HTML/output after the PHP syntax, there is no need to escape out of PHP".

Some rather long while ago, there was an InfoSec forum named W4cking. Members there made an improved version on the original C99 shell. It's formally named "W4cking Shell", but w4cking-c99 is more descriptive. Edit: Ref: http://en.wikipedia.org/wiki/Shell_(computing)

  @Neon I think you're reading it wrong. The salt, is stored alongside the password within the same table, within the same database, using the same user for authentication. 0_o, Basically, once you know what hashing function the script uses(I'll guess md5 or sha1), your in(dictionary attack, basically). @Danny: But at that point, your better off just altering the database to suit your form of attack. I'm pretty sure MCCodes runs some database extracted content with PHP, or even if not, you could modify unfiltered database content like mail and inject an XSS worm into an admin's message to gain whatever you need. The admin should have an HTML5 and Javascript compliant browser, so you could, theoretically, store all the admin's actions within a client-side database and simply use Ajax to send yourself a neat little message. Would take days if not weeks to discover the breach if you don't alter anything in an obvious manner. But, also theoretically, one could just use MySQL to upload yourself a w4cking-c99 if they run with escalated user privileges. Wouldn't be very smart, but I've seen people owned using this method.   There's no "benefits" towards omitting the closing tag. It's purely preference. The <?php & ?> tags(or more formally, escape characters) mean you are either escaping into or out of, PHP... similar to XML syntax. If you do not plan on producing HTML/output after the PHP syntax, there is no need to escape out of PHP, some developers just think it's cleaner to use closing tags with each script. On the other hand, C( # / ++ ) developers will omit it(eg. a_bertrand, see his scripts) simply because they're used to not having to escape their code. PHP is designed this way, since it's original usage is within HTML, text, etc...

Of course not, but it's rather weird that it's lower than five. It's a recent misconfiguration if you ask me.

Yes, Star Wars is awesome.

What did he try? When did it happen? What should it do? I'd refer to http://catb.org/esr/faqs/smart-questions.html.

Please re-read my post again, before trying to use my words against me. You clearly missed the point I made. The OP's post wasn't clear, or even a little bit detailed on what was required.

See http://makewebgames.io/showthread.php/39796-Makewebgames-Mccodes-Relation

Arrogance much? Everyone has their field of expertise... seems yours isn't being utilized here, if that's your view on matters.

Really useful, thank you. I wish more people would implement this.

If I may might a suggestion: 5 queries would be slower than the original. The JOIN method can still be kept, but it's usage can just be lowered upon. Two, maybe three queries should suffice. I would also like to point the OP into the right direction for learning about this: Ref 1: http://dev.mysql.com/doc/refman/5.6/en/join.html Ref 2: http://dev.mysql.com/doc/refman/5.6/en/union.html Red 3: http://dev.mysql.com/doc/refman/5.6/en/select.html

I don't get what this is all about? Is it just because h4x0r is on a bit of a pity spree? It's irrational. Let's look at the reasons people stay here: - They like to help out - They have some free time - They are interested in thoughts discussed on this forum Now, let's look at the reasons people flee from here: - Childish arrogance - The lack of quality content - Assumptions made by others This is a few I could think of out the top of my head, and it's not so far fetched. I for one see most threads being posted here, and my idea on a post can be read here. The main reason why people aren't willing to help is because you help once, you either get spammed by other "less-knowledgeable" people for help, or they simply demand to much. It's not our job to help people here, if we do so, we do so with better intentions than the person who posted the question in the first place. Now, let's take another "help" site per comparison: stackoverflow (it's relevant). Why aren't there spam? One simple reason, when a useless help thread is posted, it's voted down and closed. This saves everyone the time reading through garbage, and discussing their opinion on it(what people here refer to as spam nowadays). But, this is a collaborative forum. We actually discuss topics around here, we don't (always) just give the answer. Sometimes we require more details from a person to posted help, and meanwhile, another arrogant fool whom thinks they know everything there is to know, jumps in right at the middle and halts the process, the result? We get tired, you aren't helped. And on the other hand, why are you people moaning about relevant tips to code being posted? I would think you'd appreciate it. I just think it's terrible that people can't just "take a joke". On a positive side, the moderators are active enough. If you can't see their work, then it's your problem. But when I report/ask assistance to a moderator or staff, it's very quickly dealt with(in comparison to "other" forums). Edit: @Nickson: It's not the syntax highlighter that is causing the problem, it's the WYSIWYG editor, it's tried to format the code as text. It has happened many times that "styling" is applied to the code I post, which just is a hassle.

No, this isn't an "official" support forum. If he wants support from the proper people, I'd suggest he contacts MCCodes. If you're not paying for something, you're not the client. MWG has got those, pfft.

I didn't mention Europe... I was using US in a broad sense, It could be any country. I just gave reasons why people prefer not to run a host with local hardware. Though, I'd love to take you up on that offer of finding 10 decent DCs within a 25km radius of where you live. Ref: http://en.wikipedia.org/wiki/Data_center#Requirements_for_modern_data_centers

Ah, ok then.

Decimal? Ok. I would've suggestion BIGINT, unless you need floats.

Something -somewhat- original, congrats. It's very console like style, so I might have a doubt about it in a web-game. But, I've seen people do amazing things with layouts like this. Nice job, man.

It's cheaper. Why: maintenance is limited, if any, and thus the costs of running it somewhere else is much cheaper for them. Setting up(and running) your own hosting company with local hardware is frustrating, and can cost a lot for a small-medium sized company.It's not just as simple as getting a machine an plugging a cable into a NIC, you have to: Get a line, not just any ordinary line. A T1 at least, or I've seen implementations where multiple standard lines are multiplexed(costs are debatable, over a commercial line). Hardware, and good luck running a hosting company on just a few machines. You'd actually have to get a (few) decent server capable of handling the data throughput, such as Sun(I hate oracle) or IBM. Data centre aspects, cooling for one, is not cheap and keeping the servers cool is a very daunting task. And then geography: I don't know if people here have ever heard a Sun server running, but it's not something pleasant to listen to. You're average backyard won't do, you'll need to get a location that is suitable for a data centre(have fun looking). Network, no, your average Linksys router won't do. You'll need a decent router, in the lines of Cisco medium-enterprise. Other things, like server and network setup, dealing with hardware issues, IDSs, firewalls, etc... Not as easy as one would think it to be. Now, compare those costs, over having " a few machines somewhere over in the US".

I like my dubstep. @Djk: No, it's ripped.

Nice job, man. Would be nice if you could expand it with a couple of example modules as well.

Work on ur skillz a bit more, then try to sell something. That "image" isn't even usable as a template.

I don't know why you are querying for so much unwanted data. Let's make it a little more simpler: You're queries: (SELECT u.* FROM `users` WHERE u.userid = 1) (SELECT us.* FROM `userstats` WHERE us.userid = 1) (SELECT c.* FROM `cities` WHERE u.location = c.cityid) (SELECT g.* FROM `gangs` WHERE g.gangID=u.gang) (SELECT f.* FROM `fedjail` WHERE f.fed_userid=u.userid)   If you really need all the data, or don't know what to expect, I'd suggest these queries seperately: SELECT u.*, g.*, c.* FROM `users` u LEFT JOIN gangs g ON g.gangID = u.gang LEFT JOIN cities c ON u.location = c.cityid WHERE u.userid = 1 And: SELECT f.*, us.* FROM fedjail f LEFT JOIN userstats us ON fed_userid = us.userid WHERE f.fed_userid= 1 Quickly tested, and seems to work, apart from the obvious that no userstats would should if no fedjail record is present for that specific ID. Though, it's still not optimized in any way.

I've been following Facebook for quite some time, so I'd beg to differ. http://developers.facebook.com/docs/authentication/

Thanks. -tooshort-

It's See-qual. Not S-Q-L. But at least you've gotten better at making videos.