Zero-Affect

i did just scan through this code but am i right in assuming this just checks for .jpg or .gif ? i wondered why people thought that was secure, alot of websites paid for that mistake im sure (not by my hand). Simple to bypass think like someone trying to abuse a bug, if i added whatever.php and got this message "Stop trying to abuse a Bug, Enter a picture format" so now i know the issue, rather than simply saying "invalid command" or something you explained the exact issue so now i know to add my little code to bypass that and presto. Why not look for a photobucket upload script or something external hosting but with guidelines. getimagesize is a unusual one i've not had the pleasure on looking up but im sure there is a issue other than external ej.am edit .htaccess to change .gif to .php which bypasses the editional Preferences check.. but getimagesize isn't to check if it's a image so there will be a draw back somewhere im sure Alain will surely add to this. Maybe it will allow .SWF or even .exe ?

Nicholas i have that available same as the itemmarket, should of asked mate, hit me on MSN if you want it

do me a favor and post the modification code and i may beable to help, isn't Raven Script a Rip from MC?

Spend 500+ on security. Well...I just learn myself, saves money. MTG at MOST charges 2-300. 1k+ on a valid template? Hardly......for 1-200.00 you can get a pretty nice one, or again, learn to do it yourself. Spend Two Months fixing it up? Any game should have well more than 2 months working on it, mccodes or not. Shoot yourself? No thanks, i'll leave that to the pros ^_^ SOS Factory Template which would be a proper none copyright issued template... with coding supplied costly Learning PHP/CSS/HTML + Graphic Design = how long exactly... building from scratch would be easier than building with MC

That looks like a interesting game, i may have to get it.

Coverting is Easy! open in notepad CTRL + H -- find: mysql_ replace with: $db-> -- find: fetch_array replace with: fetch_row -- find: session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); replace with: include_once (DIRNAME(__FILE__) . '/globals.php');   Difficult ain't it lol

I hate XBOX they had to only bring the Episodes out on Xbox it's disgusting specially since i bought a PS3 just to play GTAIV, im considering sending rockstar a complaint email due to it.

would it not be something like [mysql] SELECT `itemPIC` FROM `items` WHERE `itemID` = $ir['equipped'] [/mysql] ...

I'd suggest maybe joining another open source project like ZAP would be easier on you im sure.

I disagree. sprintf(); formats strings. Formatting strings can be important part of security (its important understand what is does and therefore how it can aid security). Say you formatted a value as an integer, it is then safe to say the value is an integer and therefore you could output that value to a page knowing it could not contain html or JavaScript that could make up and xss attack. In the same way you could be sure an integer was being entered into a database. In these cases sprintf is being used to improve security - you do not have to use sprintf, there are many functions and tricks that could do the same, but this is example. Now in another case say we have a variable input by the user as a string that we want to pass to the database. In this case formatting the variable to a string would not add any security because a string can contain everything you need to make an sql injection. Therefore we should pass this variable though mysql_real_escape_string();. sprintf formats a string and the values within the string. Formatting values can be part of security. Formatting values does not always lead to security. sprintf itself (as a single function) is not security When used correctly and as intended it can add/be part of security. I say this in the same was as you can argue mysql_real_escape_string(); is not security, but it does add to security when used as its designed to be used and in the right situations (e.g. it will not help stop an xss attack but could help prevent a mysql injection). There is no one method or function to security. At the end of the day, a function only does what its designed/programmed to do, so understand what it does and use it for that. i agree SprintF can aid security but it isn't the 'wonder function' everyone considers it to be.

I've never actually played assassin's creed this makes me want to get it, looks good

a engine with CSRF LFI/RFI open is more secure than MC v2... This does sound like a interest Engine i may have to get it.

so basically User cities but Gang Cities... with a twist, it's been done before

Yeah you should stop posting mate no one will give you the attention you crave.. lol

i just play to lose... lol

whats the real site then...

lol the only one i'd actually want is the roulette but it doesn't tie in with my game so it's abit of a waste of money in my eyes, unless it was cheaper... lol

i second the PS3 game board, it is abit messed up us with our PS3's don't get a look in but Microsoft Xbox does... weird huh

could use something along these lines maybe   // text ie: mail posting $_POST['post'] = ( isset($_POST['post']) AND !empty($_POST['post']) ) ? preg_replace("/[^A-Za-z0-9. ]/","", $_POST['post']) : ''; if (empty($_POST['post'])) { echo 'section not available'; die; } else { // content... } i am abit tired but that would something along the lines i'd use

i've not been to London wouldn't know...

maybe Strip_Tags() would be good?

lol no not the same, it's basically psychology if you think wow that's wrong then you didn't just read the name and recognize it as a name you read the name and recognized it incorrect which then thinks more.

by 'not that type' what exactly are you getting at there?

it must be me because i just see a blur lol

In my opinion i would say no it's not worth it but say you have no coding experience and want something easily customised then MC is a option but 300+however much someone charges to secure it would cost alot more than a secured engine like horizon but downfall with Horizon is the lack of freedom with the code and lack of community and modifications available for it. Mc is good in a sense that it's easily edited and can be fixed easily with the right coder(s) and with all the available addons for free and paid it's tempting im sure, I myself have had alot of experience securing MC codes, me and Eternal actually offer our services to all so if anyone gets it and needs help with security don't hesitate to visit JustGotHacked.com.