Spudinski

Weapons, you mean?

Nice share. But I don't think I'd redirect them to MS, rather Chrome or Opera.

I'm not trying to shoot you down; I'm giving my reply, as I'm entitled to. I never mentioned C. Please reread, but if you do: please notice PHP as well. I think with a little bit of work, one could make a small version of MSN on win'95. IRC still isn't basic. But, if you would like to debate it further, please create a new thread. @Anon: Sure, the protocols have changed. But it still can do anything MSN can, though it will take additional editing to something like UnrealIRCd's source.

@ShadyCoco: Nope, DJK uses another template.   You sound childish and immature, and given your spelling, grammar and overall attitude, I'm positive that you are. I might limit as to who my users are, but by doing that I'm able to achieve greater things, and make use of the latest and greatest. You are stuck in the closet, using the same old techniques to patch outdated browsers, virtually trapping yourself in an old-vs-new type prison. Please see the bigger picture here: everybody have their opinion, not everyone is wrong, they might just have a different perspective. Oh, and PS.: Programming isn't my job, it's one of my hobbies.

So you say a lot of "devs" use Notepad for creating C#, Java, PHP? Not a chance, there's a reason people call them IDEs. I've also heard of a lot of "devs" using DreamWeaver, mind you. Everyone uses what they like, regardless of what others think or say. As to your regard of "basic", IRC isn't basic, it possesses a lot of the things IMs have*(file transfer, etc). It's just older.

I'd think the most viable temporary solution is to 404 on all Range headers, eg.: Range: bytes=0-100   Since this seems to be the most used by attackers. Of course, this is only viable for "games", and not if you run a download site.

See Naked Security I'd advise sysadmins to work around this; see Apache's docs. There is as of yet no patch available, since it's not really an vulnerability as much as a future.

I agree. I'm guessing you forgot the "only", as in "not only".

I'm the type of developer that keeps up with the latest and greatest, so excuse me for not wanting to waste my time developing dependencies. Let's take for instance HTML5, and some of it's uses like storage, drag&drop, sql, etc.. Now if I develop and offline application, I know IE 6 won't run these. So that will either mean that I have to abandon the project due to one inferior browser, or I will have to create a plugin able to do all this offline(Java, SL, etc.). If you still make two applications for the purpose of accomplishing one thing, you are a fool. And to get back on topic, this is his portfolio, it shouldn't matter anyways. As long as it has the same basic functionality in all browser, it's good. It's not a company website, it doesn't have to work for everyone; it only has to work for the people who want to know more about them. In that aspect, I doubt he will get any hits from IE6 unless it's CSRF.

I prefer #1, it's elegant, artistic and professional. If I may ask, where did you buy it? Or if you created it, for how much are you willing to sell? (PM me)   The website is designed for people who want to know more about him, not the other way around. Going by the assumption that javascript is disabled, is quite and old idea - browsers these days are much more intelligent, and most vulnerabilities are long gone(such as Chrome, no breaks as of yet). In my opinion, if they want to know more about him, they will make a sacrifice. It's not that they don't have it, or that they don't use it, it's just that they are paranoid.

The thing is that most addons just add more columns to the user table, which make it larger and more difficult to maintain. I would agree that one need to split it, but I think mods need to have their own table, or joined ones.

Hackers(the correct definition) are the reason why most applications continue to be more secure and better than ever, with that I agree. And I do appreciate the input you've given, as said. My main point of focus is that: a) every past script/addon I have released, is done to the best I can and the best the platform enables, and if more is required I provide it, b) optimizing one script wouldn't be worth the effort when compared to the whole of the likes of MCCodes (agreed), like training one soldier in an army of a thousand - useless. I acknowledge that you did not directly say that I should change the script, but you made it pretty clear what you thought of the idea that I would not alter this script to improve it.

Oh, ok. Google WAMP or XAMPP.

I get that. But I'm talking about generally just optimizing the general design of the database.

My script isn't of poor quality. I dare you to go look at other addons available on this forum. I do consider that a main factor when developing - quality. If you want to bash me on that, you are way out of line. I take that personally. Restrictive: I don't see the restrictive side of this, other than it not being able to deal with large systems. But even the base won't handle that. Until you personally remake the entire base to be optimized to handle large quantities of data, I will hold this script as is. It's useless trying to effectively optimize one script in an entire application(engine) that isn't - somewhere you have to draw the line. Design: I do believe that this script is designed in a way that complements it's function - to search through a paginated set of users. It does that extremely well. When keeping in mind said above, it is designed to be effective within the extent of the engine's capabilities. Marketplace: If you know me by any nature at all, you would know that I offer my help for free when selling an addon. I'm willing to help and alter the script to the clients exact needs; if there are faults, I repair them. But, I released this as "free", as a commodity for others. Everything here is out of my own generosity. The main subject here is the creators of MCCodes, not the developers that extend it. You can't blame me for their mistakes, and you certainly can blame me for not doing something that the application isn't capable of in the first place.

You mean load balancing, backups or what? Please specify?

As for unnecessary data: I completely agree, but I also didn't intend this to be used by >10k users. One would think they would have programmers to create these things. Nonetheless, it could be optimized with relation to that. Caching: I thought I did turn on chaching client-side, guess not. As for server-side caching, I agree that one could cache certain data. I've seen this being used by larger games. But I didn't think it would be needed for the audience of this addon. .txt extension: It's GPL, so I thought best to include instead and avoid confusion. And also, I've used that class for some time, and I feel it's worth the extra load. jQuery version: As said, this was created over a year ago. Thank you for your input, although I won't change this addon to accommodate those suggestions, I will keep it in mind.

Thanks for your input. A whole engine is quite a bit more than just an installer and a db, and it takes a lot more time. I've been busy perfecting mine for the last year and a half, and it's still just a core. I have no plans on building an engine to share, anyways. I just want to rewrite small parts of MCCodes, that is for me at least, not very well thought out.

All above problems mentioned, are now sorted. Please re-download.

What version are you currently using? I have re-uploaded a script for all versions. Please download it again.   I'd very much appreciate if you could point out those "many bad-practices" I used in this script.

It's always good to have allround good security. One never know when an admin might get hacked, or even non-technological admins.

Hi, I've read my fair share of installation issues on this forum regarding to MCCodes. I do believe that it's not properly thought out from the get-go, and doesn't actually give descriptive information as to certain errors, and what is happening. I am willing to make an installer that is user-friendly, and maybe has a few features like: - Reading mysql/ftp/etc. info from an email(control panels, inc.& esp. cPanel). - Provides a human readable description of what errors mean, with solutions. - Web install(for lite, other versions I'll speak to CB if needed) - FTP capabilities - A proper and optimized DB from the get-go(seriously, does MCC have any idea of what this even means?) - Hardening if installation file security - Customization(template maybe?) - Other bits&bobs (activation & licensing to MCC) I just don't know if there's a need for an alternative MCCodes installer, if you guys can give your input it would be much appreciated. I'll be willing to go into further depth on each point made.

No, warnings are a good indicator that the script is malfunctioning(executing not as defined).   That usually means you have not set the correct permissions to the file mentioned. A good permission set for most files being read & executed(like .php), are 0755. To make it writable, you will need to set the permissions to 0777. Please contact your host for assistance with this. The second error: Now this could mean a few things. 1. The config file isn't readable. (permisions, nonexistant, etc.) 2. The config file isn't being included. (again, permisions, nonexistant, etc. | PHP's default mysql auth is user:root & pwd:null) 3. The config file is not configured to the correct mysql auth values. I would suggest you contact your host to either find these values, or have them set it up.

A huge flaw I want to alert you about: You need to do a range check, inval is prone to negative numbers. And the addition of abs() only changes the polarity of the integer. I would suggest: $number = settype($number, 'int');; // turn to int, POST[k] & GET[k] are strings $number = ($number < 0) ? intval((0 - $number)) : $number;

I can't believe I forget about that. But anyways, it quite easy to setup a session to do it. I agree, there are methods to bypass these. But it's a possible counterpart to bots.