Zero-Affect

Got a screenshot or demo?

http://browsershots.org i actually found a interesting one yesterday, so much easier than installing plugins or downloading loads of browsers browsershots.org it's very good, maybe a little slow but isn't everything.

I was about to put "goodbye" in here and then noticed it was a old post, you ruined it X( Welcome back Shedh

Interesting mod Lithium, i suppose you could make it move the bars with abit of work, why not do this like $attackpage hides mainmenu

I'm so proud no *'s paddy but may i suggest one little thing, `` on $it = $db->query("SELECT userid, username FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=".$_GET['ID']."");

foreach($_POST as $k => $v) { $_POST[$k] = preg_replace("/[^0-9a-zA-Z\s]/", "", $v); } foreach($_GET as $k => $v) { $_GET[$k] = preg_replace("/[^0-9a-zA-Z\s]/", "", $v); } I think im reading this right (i don't usually use preg_replace) but this basically only allows numeric and alpha correct? so $_POST['mail'] wouldn't be a issue then? even if my message had emote codes in like :-) It's better to go into the file than assume one simple little "crap" script will fix it all, maybe if you added it in a functions file and pulled different filters for different things but then it wouldn't be a header fix would it ;( I remember someone saying something about a way around that type of code in header also when it was first posted here.

a innocent party would request police presence if one were to try and prove innocence.

basically in cronjobs / advanced unix they should be set out like so   0 * * * * curl [url]http://www.website.com/cron_hour.php.php?code=yourcodefromconfigfile[/url] * * * * * curl [url]http://www.website.com/cron_minute.php?code=yourcodefromconfigfile[/url] 0 0 * * * curl [url]http://www.website.com/cron_day.php?code=yourcodefromconfigfile[/url] */5 * * * * curl [url]http://www.website.com/cron_fivemins.php?code=yourcodefromconfigfile[/url] Again i would like to Specify a email is needed don't forget to add it. Hope this helps

i'm sure this is a cron issue try running cron_minute.php manually with the code from config.php so it would look like so http://www.website.com/cron_minute.php?code=codefromconfighere if the time goes down then it's a cronjob issue you probably need to reset them in cpanel, in the cronjobs / advanced unix section => you can find out what they are in the install file just ctrl+f and fine * it should come up. Don't forget to set a email. NOTE: do not upload install.php i simply meant open it with notepad and find * to see the cron_minute.php configuration

so there will be a log...

Was it just Mcfarlin's website that got hacked or more?

Just say i was you, i would simply use my IP then claim conspiracy... not difficult i mean people would never assume you would use your real IP therefore it wasn't you.

This is program of SOTHINK i dislike the others are very good this is the only let down in my opinion.

as always filtering something slows down the result so imagine if your using sprintf on every query even if they ain't needed. Echos with sprintf i don't understand slowing your code down doesn't make it secure.

Seems were both offering our services eh Eternal, either way I'm sure it will be secured up-to a point.

i can give you a push in the right direction,   function do_name_change() { global $db,$ir,$c,$userid,$h; $_POST['newname']= mysql_real_escape_string(strip_tags($_POST['newname'])); if(empty($_POST['newname'])) { echo 'You didn\'t enter a new name <a href=\'prefernces.php?action=namechange\'>Back</a>'; } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); $db->query("UPDATE `users` SET `username`='".$_POST['newname']."' WHERE (`userid`=$userid)"); print "Username changed!"; } } just for starters would a filter be a good idea maybe restrict it to only allow alpha numeric space and underscore?

appreciate it now maybe some of you guys who posted could give him a hand fixing some issues then he can remove [OPINION]?

Danny, I'm not allowed to be mean anymore so let me just ask you a question or two... Why is your script pulling 3 full tables? * is not the way avert from using it unless necessary. People who have not done their research use sprintf everywhere like they have nothing better to do than slow down their script, at first i admit i did the same but there comes a time when you need to stop following the sheep and learn how to become a Shepard... SprintF is basically a filter $getfed = sprintf("SELECT f.*,u.username,u2.username AS jailer FROM fedjail f LEFT JOIN users u ON f.fed_userid=u.userid LEFT JOIN users u2 ON f.fed_jailedby=u2.userid ORDER BY f.fed_days ASC"); I'm not gunna sit here explaining for you whats wrong with most of this code but i will say i wouldn't use it in a million years. i call this tough love and if you want to cry then go ahead waste posts but basically people on here need to get with the program rather than being the problem. I mean no disrespect to you personally you obviously have some kind of talent just maybe you need a kick in the ass.

all free hosts are crap, there's only one good one i can think of and that's byethost.com

MRES simply adds slashes i use it on stuff like user notepad or where it's varchar 255 or so on text's but not really needed on strings which are secured by ctype_alnum or ctype_alpha because they restrict chars already, just a hint.

in most fetching data exploits on MC what is the most common mistake made with MySQL queries? hint: * selects every single column... so in my opinion if they can error the script even in the slightest then it's possible to select any or all columns in a table... again i say add [OPINION] on the end of your subject on the first post.

Redex please change the title of your original post to [mccode v2.x] Secured preferences.php [OPINION] because in my opinion it isn't secure in the slightest, i prefer not to pussy foot around and just come out with it because people may use this believing it's secure when it's not.

Actually it's addon domain to a folder inside public_html i do it myself so i know for a fact it's addon domain. so http://www.website.com is the first website http://www.website.com/website2 is the folder for the second site, then set the link to that folder in addon domains and simply http://www.website2.com will goto http://www.website.com/website2 but will show as http://www.website2.com rather than http://www.website.com/website2 . Also may wanna check if your hosting allows addon domains.

Not going to happen, we don't make enough money as it is giving away all our secrets in a tutorial for other coders to then lose out on money from, only someone with no respect would do that. that's like selling someone else's mods you don't do it under any circumstances.

  It can changed for that, yes. Currently as I knocked this up real quick, you get a mail from yourself. But I will change it to Anonymous   Whats that supposed to mean? It's not actually a game....It's a forum, with Mccodes uploaded to it. I know i wasn't being sarcastic i like the site name mcaddons is a good name