Zero-Affect

not a good idea to use when your running secured scripts, it messes up big time.

$count = 3; $x = -1; while($x < $count) { $places_to_be_secured = array("ID","viewforum","viewtopic"); $x++; $_GET[$places_to_be_secured[$x]] = abs(@intval($_GET[$places_to_be_secured[$x]])); } someone i know had a real issue with that, who's code is it?

Posts: 10 You seem very trustworthy but when it comes to people using Pirated scripts and then asking for security on it... say MTG secured the entire thing for 300 then you just simply paid 300 for that yet your game dies what do you do? like every other person who uses pirated scripts you sell your version then putting MTG out of money and the rest of us, i say it's easier to work for trustworthy people than people you have suspicions of.

read your PM, im the one your doing a deal with...

Sounds like a good deal, Kryptonite did i decline doing business with you for a reason of me suspecting you to be reselling the code? so MTG/Immortal i would suggest against doing business with this guy unless you want to not have anymore customers due to him releasing whatever you do for him 8| You only have to look at his website(s) copies of someone elses so it's not even legal MC it's stolen backups of a site...

i've done it Nicholas ;)

i would say your names pretty hypocritically 8o

a host can do so if you request

laying around on your pc meaning it's what stolen or free script?

new ideas and sh*t - lol @ that so just curious but your game is special how? Is it MCcodes and basically your just looking for *sh!t* to shove on there to keep the masses happy for another 5 minutes till they get bored and leave?

lol Love that CrazyT

Daddy who? lol :D

If i could rewrite files i wouldn't need to include one now would i... http://msdn.microsoft.com/en-us/library/cc295228.aspx

I like GTA IV but it gets boring quickly also even with online play. This looks more like classic GTA which i loved, The youtube vid doesn't show lol  

Wow this looks good seanybob well done mate

Care to explain the outcome of the bug or maybe what the bug is? Can you post this code?

someone should, would be nice to see David.   I did integrate SMF with MC but it was rubbish to big looked wrong, wasn't worth the hassle in the end and no one used it... lol David idea Free donation mod ;) hint hint ;)

interesting what where the queries? examples obviously lol im not asking for your SALT

$page = $_GET['module'] $extension = ".php"; $file = "$page$extension"; //so we get page.php include($file); ... so edit $_GET['module'] which $_GET is on the url so http://www.website.com/index.php?module=index => http://www.website.com/index.php?module=http://www.otherwebsite.com/file

i guess if your tired, how do they edit the existing include without editing the file itself...

This does look like a good game, love the name Avalon from king Arthur if im right

if(file_exists($globals)) { include_once($globals); } else { echo "globals file is missing"; exit; } are you kidding me? i think if it's not there you'll know lol many people would say the following isn't a security issue i'd disagree $q = $db->query("SELECT u.*,us.*,c.*,h.*,g.*,f.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid LEFT JOIN cities c ON u.location=c.cityid LEFT JOIN houses h ON u.maxwill=h.hWILL LEFT JOIN gangs g ON g.gangID=u.gang LEFT JOIN fedjail f ON f.fed_userid=u.userid WHERE u.userid={$_GET['u']}"); leave out the *'s   if($r['user_level'] == 1) { $userl="Mobster"; } else if($r['userid'] == 1) { $userl="Owner"; } else if($r['userid'] == 3) { $userl="Owner"; } else if($r['user_level'] == 2) { $userl="Admin"; } else if($r['user_level'] == 0) { $userl="NPC"; } else {$userl="Moderator"; } => $checkulevel = array( '0' => 'NPC', '1' => 'Member', '2' => 'Owner', '3' => 'Secretary', '5' => 'Assistant' ); $userl = ( in_array($r['user_level'], $checkulevel) ) ? $checkulevel[$r['user_level']] : 'NPC' ;   $_GET['u'] = isset($_GET['u']) ? abs(@intval(trim($_GET['u']))) : '0'; => $_GET['u'] = (ctype_digit($_GET['u']) AND !empty($_GET['u']) AND isset($_GET['u'])) ? $_GET['u'] : '' ; if ( !$_GET['u'] ) { echo ' Invalid Command. > [url="index.php"]Back[/url] '; $h->endpage(); exit; }

i've been mad for years mate ;) <?php include "globals.php"; $_GET['u'] = abs((int) $_GET['u']); if(!$_GET['u']) { print "Invalid use of file"; } else { $q = $db->query("SELECT u.*,us.*,c.*,h.*,g.*,f.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid LEFT JOIN cities c ON u.location=c.cityid LEFT JOIN houses h ON u.maxwill=h.hWILL LEFT JOIN gangs g ON g.gangID=u.gang LEFT JOIN fedjail f ON f.fed_userid=u.userid WHERE u.userid={$_GET['u']}"); if($db->num_rows($q) == 0) { print "Sorry, we could not find a user with that ID, check your source."; } else { $r = $db->fetch_row($q); if($r['user_level'] == 1) { $userl="Mobster"; } else if($r['userid'] == 1) { $userl="Owner"; } else if($r['userid'] == 3) { $userl="Owner"; } else if($r['user_level'] == 2) { $userl="Admin"; } else if($r['user_level'] == 0) { $userl="NPC"; } else {$userl="Moderator"; } if($r['fedjail']) { $ustat="[url='fedjail']Federal Jail[/url]"; } else if($r['hospital']) { $ustat="[url='hospital.php']Hospital[/url]"; } else if($r['jail']) { $ustat="[url='jail.php']Jail[/url]"; } else { $ustat="-"; } $lon = ($r['laston'] > 0) ?date('F j',$r['laston']) : "Never"; $sup = date('j F',$r['signedup']); $ts = $r['strength']+$r['agility']+$r['guard']+$r['labour']+$r['IQ']; $d = ""; if($r['laston'] > 0) { $la = time()-$r['laston']; $unit = "seconds"; if($la >= 60) { $la = (int) ($la/60); $unit = "minutes"; } if($la >= 60) { $la = (int) ($la/60); $unit = "hours"; if($la >= 24) { $la = (int) ($la/24); $unit= "days"; } } $str = "$la $unit ago"; } else { $str="--"; } if($r['last_login'] > 0) { $ll=time()-$r['last_login']; $unit2="seconds"; if($ll >= 60) { $ll=(int) ($ll/60); $unit2="minutes"; } if($ll >= 60) { $ll=(int) ($ll/60); $unit2="hours"; if($ll >= 24) { $ll=(int) ($ll/24); $unit2="days"; } } $str2="$ll $unit2 ago"; } else { $str2="--"; } if($r['user_level'] >1){ $r['username'] = "<font color=red>{$r['username']}</font>";} elseif($r['donatordays']) { $r['username'] = "<font color=blue>{$r['username']}</font>";$d="[img=donator.gif]"; } if($r['laston'] >= time()-15*60) { $on="<font color=green>[b]Online[/b]</font>"; } else { $on="<font color=red>[b]Offline[/b]</font>"; } print " <div class='content'> <h3>Profile: {$r['username']} [{$r['userid']}] $d</h3> <table width='100%'> <tr> <td colspan='4'> <table width='100%'> <tr> <td width='100' align='center'>"; if($r['display_pic']) { print "<center>[img={$r[] </center>"; } else { print "<center>[img=http://i38.tinypic.com/29bh8d5.jpg]</center> "; } print " </td> <td style='font-size:30px;' align='center'> <span style='font-weight:bold;'>{$r['username']} [{$r['userid']}] $d</span> </td> </tr> </table> </td> </tr> <tr> <td width='18%'><h4>Name:</h4></td> <td width='32'>[url='viewuser.php?u={$r[']{$r['username']}[/url]</td> <td width='18%'><h4>Type:</h4></td> <td width='32%'>$userl</td> </tr> <tr> <td><h4>Level:</h4></td> <td>{$r['level']}</td> <td><h4>Money:</h4></td> <td>\${$r['money']}</td> </tr> <tr> <td><h4>Age:</h4></td> <td>{$r['daysold']} Days</td> <td><h4>Last Active:</h4></td> <td>$str</td> </tr> <tr> <td><h4>HP:</h4></td> <td>{$r['hp']}/{$r['maxhp']}</td> <td><h4>Gang:</h4></td> <td>"; if($r['gang']) { print "[url='gangs.php?action=view&ID={$r[']{$r['gangNAME']}[/url]"; } else { print "None</td>"; print " </tr> <tr> <td><h4>Location:</h4></td> <td>{$r['cityname']}</td> <td><h4>House:</h4></td> <td>[url='estate.php']{$r['hNAME']}[/url]</td> </tr> <tr> <td><h4>Status:</h4></td> <td>$ustat</td> <td><h4>Online:</h4></td> <td>$on</td> </tr> <tr> <td><h4>Status Message:</h4></td> <td>{$r['sm']}</td> <td><h4>Race:</h4></td> <td>{$r['race']}</td> </tr> <tr> <td><h4>Gender:</h4></td> <td>{$r['gender']}</td> <td><h4>Warnings:</h4></td> <td>"; $w=mysql_query("SELECT * FROM warnings WHERE user={$r['userid']}",$c); print " ".mysql_num_rows($w)." "; if($ir['user_level'] > 1) { print "|| <a href=warnings.php?action=index&user={$r['userid']}>Manage</a>"; } print "</td> </tr> </table> <h3>Actions</h3> <table width='100%'> <tr> <td width='25%' align='center'>[url='mailbox.php?action=compose&ID={$r[']Message[/url]</td> <td width='25%' align='center'>[url='attack.php?ID={$r[']Attack[/url]</td> <td width='25%' align='center'>[url='mug.php?ID={$r[']Mug[/url]</td> <td width='25%' align='center'>[url='spy.php?ID={$r[']Spy[/url]</td> </tr> <tr> <td align='center'>[url='sendcash.php?ID={$r[']Send Money[/url]</td> <td align='center'>[url='sendcrsy.php?ID={$r[']Send Crystals[/url]</td> <td align='center'>[url='contactlist.php?action=add&ID={$r[']Add Contact[/url]</td> <td align='center'>[url=' ']Ignore[/url]</td> </tr> </table> <h3>Profile</h3></div> <div style='text-align: center;'> <table cellspacing=1 class='table' width='95%'> <tr style='background:gray'> <td>{$r['profileSIG']}</td> </tr> </table> </div>"; } } } $h->endpage(); ?> should be alright, not tested it but i would recommend abit more security also.

FAIL much... lol it's text you need the quote it (the 3rd would work)

http://pastebin.com/ ffs...