Zero-Affect

I would personally recommend MTG he's one of the only other coders i would trust to do a good job, You have a fair point like my game has been in production for about a year (counting ideas time and planning) which i would say it's even at this point more advanced in ideas and methods than any games of it's type. Ideas are normally only limited to the persons imagination but if you can think it im sure someone on MWG will be able to code it. May cost a few bucks but you need to spend money to make money in this industry and we all know it's a multi-million dollar industry. Good luck with any further projects i look forward to seeing them prosper.

Yikes Google is going into world domination plans :) You are right about if you don't appear on google your site isn't worth opening, i have 20 mg connection for about 40 quid so imagine the 1 gig prices... If they are lower than that i'd be very worried for companies. Google need to put more time into Chrome=>youtube=>google search engine and many of their other projects rather than messing with ISP's.

I played a pirate mc game originally which eventually got me to another site then here, Pirate games are fun but get boring quickly i think. There are limits to the options and possibilities.

Yeah i was able to set crons up on the demo website i created on a free host and basically it wouldn't run them.

We could explore the possibility that some free hosts don't allow crons...

i use another method   $_GET['NUM'] = ( ctype_digit($_GET['NUM']) AND isset($_GET['NUM']) ) ? $_GET['NUM'] : '' ; // Filter variable if ( empty($_GET['NUM']) ) { echo 'Error!'; die; // ERROR } mysql_query("UPDATE `table` SET `column` = {$_GET['NUM']} WHERE `othercol` = 1"); // UPDATE EXAMPLE // OR mysql_query("SELECT `column` FROM `table` WHERE `othercol` = {$_GET['NUM']}"); // SELECT EXAMPLE seems to work for me

MTG you have a point but your fetch for sheep we should keep quiet ;) I really couldn't care a less about him/her but he/she did good programming...

lol typical Google

I use a simple solution but im sure there are different ways   echo ' <table cellpadding="1" cellspacing="1" width="75%" border="0"> <tr> <th>Numbers</th> </tr> '; $cblah = 1; while( $cblah <= 10 ) { $colory = ( $cblah % 2 ) ? '#ABABAB' : '#B0B0B0'; echo ' <tr style="background-color: '.$colory.'; color: #000000; font-weight: BOLD;"> <td>'.$cblah.'</td> </tr> '; $cblah++; } echo ' </table> '; Hope this helps (didn't test this).

Google are taking the pee in my eyes they are just ruining it for companies without such a dominating brand name, Most people know what google but i don't get the point in it being more than a Search Engine FFS google get over yourself seriously. World domination next? Why not do a airline next? At least people try hiding it with umbrella companies google openly are trying to take over the world, they do all sorts including one of the lamest OS's ever. Wonder if they are doing GooglePal => paypal or maybe Gbay... They will offer us Google Oxygen next:)

Yeah Epic fail! Why do people assume these horrid scripts will work, seriously.

What's so "lol" about them?

http://www.gamesitetemplates.com/photoshop-templates/fantasy/medieval/crusader-interface-template/prod_293.html It is very good

Yes it's simple and some people are just basic tossers and hack RPG accounts for a laugh, im sure a high ranking TC account would be worth afew quid... Restricting functions is a bad solution in my eyes due to the obvious draw backs when users get bored with having to input data to be validated all the time. Think if it's the password they input i would basically setup a fake validation which prompts they input the data and it goes to my external link then it simply goes to "gym.php validation" they will assume it was a wrong password. Auto submit the data into a validator on a script then opening the script and them believing nothing is wrong. Then i just bypassed your validation and stole a users password which then no session hacking is needed.

We don't store bank details... Paypal doesn't share information so no such possibility really, unless they edit the donation script to load a fake PP script and then simply grab the information when they login (i don't think this would work). Grabbing user agent is simple, load a external file via a little js or basically redirect them to another site which then logs their ip, reference link, session and user_agent not so difficult.

Looks great Peter, Nice work.

This may have cropped up already but did you add a email? They normally don't run unless a email is added, use one from your domain and empty it regularly.

He used to have a go at me all the time lol don't miss him that much. I believe he left due to personal issues, maybe been a dude and acting like a chick...

ah you have a point there because IN is a function in MySQL it will error, You could just rename in to inv => $bombexists = "SELECT inv.`inv_itemid`, `inv_userid`, i.`itmid`, `itmname`, u.`userid` FROM `inventory` inv LEFT JOIN `items` i ON inv.`inv_itemid` = i.`itmid` LEFT JOIN `users` u ON inv.`inv_userid` = u.`userid` WHERE inv.`inv_itemid` = 3"; $bombboom = $db->query( $bombexists );

no need to swear, Dude...

Ah Zeggy sadly i just thought about it and noticed it's flawed.   Yeah that's what i noticed, bugger ain't it lol From a users point of view if they have to put in a password or something every time they want to do something they will be annoyed, filtering inputs and outputs is probably the best solution really. user agent can be stolen Zeddicus think maybe CSRF.

Zeddicus IP's can be changed i simply would change my IP to a AOL one to prevent the IP check, then change user agent and imply a little js to get session's. Mac Address is possible solution but that can be changed, something unique which can't be gathered maybe. If you're like me and on shared hosting you can't access most things so maybe MySQL table with a hashed session involved? Formula: login_name+userid+8 rand chars hashed into whirlpool then imputed in Sessions table column session and have a column for users id Then simply check if the login_name+userid+8 rand chars (stored somewhere in users table) hashed into whirlpool equals the stored one for their ID. Simple really lol remember you'd obviously change the formula around abit so that it's not easy to guess and maybe change the name of the column in users don't call it "rand_chars_for_session" lol a simple edit in authenticate, register and header really. If no one finds a issue with that ill code it up.

Thanks for the feedback Zeggy, You do have a point the hashing isn't really needed since it's server side, I believe the original by Zedd uses ip's but you then would have issues with AOL users would you not?

Firefox also lol i have it which is why i keep stating it's flawed.

There are afew people which say it's flawed i'm one of the people, somewhere it will be flawed but if it works against the MCC "hackers" then why not let the people have it.