iR00T

I got it sorted, I forgot who helped me :S

You mean has anyone got a copy of the torn.com login???? Message me on MSN for furher assitance abou tthis.

I don't want to mess with my site but I will get a WAMP and test this.

I got a question, I've secured all the IP hacks and admin but I need help with Protection from SQL injections Protection from RFI hacks Protection from LFI hacks Protection from crsf Hacks Protection from Session Hi-Jacks Protection from XSS hacks And the $_POST AND $_GET. I was wondering could I watch someone n TV oneday secure a game a default or another beginner game or even create me a tutorial on that? I will pay someone ni februray to give me a good lengthy tutorial and to secure my game is that fair? But there is no way I cuold get a tut now is there? I need my game secured now though.

Yeah, I hate alot od mods these days due to page reloading, likke it all to be on one page click and point, I was thinking abotu putting my whoel game into some type of java. So it wouldn't eed reloading That would be cool.

98.16.209.176 xD - I know that skiddie. I got his msn and all that. Google "r00t-x" if you want to find out more about this dude, I can tell ou a little bit, He's hacked 4,000+ servers I watched him hack hackforums less than 2 months ago, He's pretty good.

Can someone take out the extras in thee three files as I don't have the basic files all my have alot of stuff in it like Spritnf and all thatand I can't add it because I can't seem to fix it up just right???

I have added Magictallguy's style switcher modification and I have a problem, When I cilck style change nothing happens I remain on the same page   <?php include_once (DIRNAME(__FILE__). '/globals.php'); if (!function_exists('error')) { function error( $msg = null ) { global $h; echo is_null($msg) ? "Invalid Page" : $msg; $h->endpage(); exit; } } // XSS Prevention function NoXSS($Var) { return (get_magic_quotes_gpc()) ? htmlspecialchars($Var) : addslashes(htmlspecialchars($Var)); } $_GET['act'] = isset($_GET['act']) && ctype_alpha($_GET['act']) ? trim($_GET['act']) : null; switch ($_GET['act']) { case 'SexChange': SexChange(); break; case 'PassChange': PassChange(); break; case 'NameChange': NameChange(); break; case 'DPChange': DPChange(); break; case 'ForumSig': ForumSig(); break; case 'ProfileSig': ProfileSig(); break; case 'styleswitch':style_switch(); break; case 'styleswitch2':style_switch_sub(); break; case 'stylerand': style_rand(); break; default: Index(); break; } // Index Function function Index() { echo '<h3 style="text-decoration: underline;">Your Preferences</h3> [url="preferences.php?act=SexChange"]Sex Change[/url] [url="preferences.php?act=PassChange"]Password Change[/url] [url="preferences.php?act=NameChange"]Username Change[/url] [url="preferences.php?act=DPChange"]Display Picture Change[/url] [url="preferences.php?act=ForumSig"]Forum Info Change[/url] [url="preferences.php?act=ProfileSig"]Profile Sig Change[/url] [url="preferences.php?act=StyleSwitch"]Change Game Styles[/url] '; } // Sex Change Function function SexChange() { global $ir, $db; $NewGender = ($ir['gender'] == 'Male') ? 'Female' : 'Male'; if (isset($_POST['NewGender'])) { $db->query(sprintf("UPDATE `users` SET `gender`='%s' WHERE `userid`='%d'", $_POST['NewGender'], $ir['userid'])); echo sprintf("You Are Now A %s", $_POST['NewGender']); $h->endpage(); exit; } else { echo '<h3 style="text-decoration: underline;">Sex Change</h3> <form action="preferences.php?act=SexChange" method="post">'; echo sprintf("<input type='hidden' name='NewGender' value='%s' />", $NewGender); echo sprintf("You Are Currently A Are %s, Are You Sure You Want To Become A %s? ", $ir['gender'], $NewGender); echo '<input type="submit" value="Yes!" /> </form>'; } } // Password Change Function function PassChange() { global $ir, $db, $c; $Info = $db->fetch_row($db->query(sprintf("SELECT `userid`, `userpass`, `login_name` FROM `users` WHERE `userid`='%d'", $ir['userid']))); if (isset($_POST['OldPass'], $_POST['NewPass1'])) { if ($_POST['NewPass1'] == '') { echo 'Error! You Entered No Password '; } else if (md5($_POST['OldPass']) != $Info['userpass']) { echo 'Error! The Current Password Is Inncorrect! '; } else { $db->query(sprintf("UPDATE `users` SET `userpass`='%s' WHERE `userid`='%d'", md5($_POST['NewPass1']), $ir['userid'])); echo 'Your Password Has Been Updated! Your New Password Is: [i]'.$_POST['NewPass1'].'[/i] Keep This Password Safe And Don\'t Tell Anyone It. > [url="index.php"]Home[/url]'; } } else { echo '<h3 style="text-decoration: underline;">Password Change</h3> <form action="preferences.php?act=PassChange" method="post"> Current Password: <input type="password" name="OldPass" /> New Password: <input type="password" name="NewPass1" /> <input type="submit" value="Change Password!" /> </form>'; } } // Name Change Function function NameChange() { global $ir, $db; if (isset($_POST['NewName'])) { $CheckLog = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `login_name`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); $CheckGame = $db->num_rows($db->query(sprintf("SELECT `userid`, `username` FROM `users` WHERE `username`='%s' AND `userid`!='%d'", $_POST['NewName'], $ir['userid']))); if (trim($_POST['NewName']) == '') { echo 'Error! You Did Not Enter A New Name '; } else if ($CheckLog) { echo 'Error! This Name Is In Use '; } else if ($CheckGame) { echo 'Error! This Name Is In Use '; } else if (strlen($_POST['NewName']) < '4') { echo 'Error! This Name Is Too Short'; } else if (strlen($_POST['NewName']) > '15') { echo 'Error! This Name Is Too Long'; } else { $_POST['NewName'] = str_replace(array("<", ">", "'", ";"), array("", "", "", ""), $_POST['NewName']); $db->query(sprintf("UPDATE `users` SET `username`='%s' WHERE `userid`='%d'", $_POST['NewName'], $ir['userid'])); echo 'You Have Changed Your Username'; } } else { echo '<h3>Name Change</h3> Please note that you still use the same name to login, this procedure simply changes the name that is displayed. <form action="preferences.php?act=NameChange" method="post"> New Name: <input type="text" name="NewName" /> <input type="submit" value="Change Name" /> </form>'; } } // Display Picture Change Function function DPChange() { global $ir, $db; $Pic = $db->query(sprintf("SELECT `display_pic` FROM `users` WHERE `userid`='%d'", $ir['userid'])); if (isset($_POST['NewPic'])) { if ($_POST['NewPic'] == '') { echo 'You Did Not Enter An Image'; } else { $sizes = @getimagesize($_POST['NewPic']); if ($sizes === true) { Error('Uh.. this isn\'t an image.. o.o'); } if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['NewPic'])) { Error('Invalid Extension!'); } else { $_POST['NewPic'] = str_replace(array("<", ">", "'", ";", ".php", ".html", ".js"), array("", "", "", "", "", "", ""), $_POST['NewPic']); $db->query(sprintf("UPDATE `users` SET `display_pic`='%s' WHERE `userid`='%d'", $_POST['NewPic'], $ir['userid'])); echo 'Picture Changed'; } } } else { echo '<h3>Pic Change</h3> Please note that this must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="preferences.php?act=DPChange" method="post">'; echo sprintf("New Pic: <input type='text' name='NewPic' value='%s' /> ", $Pic['display_pic']); echo ' <input type="submit" value="Change Picture" /> </form>'; } } // Forum Info Change Function function ForumSig() { global $ir, $db; if (isset($_POST['NewFSig'])) { $db->query(sprintf("UPDATE `users` SET `forums_avatar`='%s', `forums_signature`='%s' WHERE `userid`='%d'", NoXSS($_POST['FPic']), NoXSS($_POST['NewFSig']), $ir['userid'])); echo 'Forum Info Updated'; } else { echo '<h3>Forum Info Change</h3> Please note that the avatar must be externally hosted, [url="http://imageshack.us"]ImageShack[/url] is our recommendation. <form action="preferences.php?act=ForumSig" method="post">'; echo sprintf("Avatar: <input type='text' name='NewFPic' value='%s' /> ", $ir['forums_avatar']); echo sprintf("Signature (you may use BBcode): <textarea rows='10' cols='50' name='NewFSig'>%s</textarea> ", $ir['forums_signature']); echo '<input type="submit" value="Change Info" /> </form>'; } } // Profile Sig Change Function function ProfileSig() { global $ir, $db; if (isset($_POST['NewPSig'])) { $db->query(sprintf("UPDATE `users` SET `sig`='%s' WHERE `userid`='%d'", NoXSS($_POST['NewPSig']), $ir['userid'])); echo 'Profile Sig Updated'; } else { echo '<h3>Profile Sig</h3> <form action="preferences.php?act=ProfileSig" method="post">'; echo 'Signature (you may use BBcode): '; echo sprintf("<textarea rows='10' cols='50' name='NewPSig'>%s</textarea> ", $ir['sig']); echo '<input type="submit" value="Change Profile Sig" /> </form>'; } } // Style switchings function style_switch() { global $userid, $ir, $db, $set; echo "<h3>You are able to change the way you view the game with the preset styles!</h3>"; $select = $db->query("SELECT * FROM stylesheets ORDER BY number ASC"); $style = $db->fetch_row($select); echo "<table class='table' width='100%'>"; echo "<tr>"; echo "<th width='20%'>Style</th>"; echo "<th width='5%'>Current</th>"; echo "<th>Description</th>"; echo "</tr>"; $selected1 = ($ir['header'] == 1) ? "[img=/imageicons/bullet_green.png]" : "[img=/imageicons/bullet_red.png]"; echo "<tr>"; echo "<th>[url='preferences.php?action=styleswitch2&style=1']Style 1[/url]</th>"; echo sprintf("<td align='center'>%s</td>", $selected1); echo sprintf("<td>The default style of %s</td>", $set['game_name']); echo "</tr>"; while($css = $db->fetch_row($select)) { $selected = ($ir['header'] == $css['number']) ? "[img=/imageicons/bullet_green.png]" : "[img=/imageicons/bullet_red.png]"; echo "<tr>"; echo sprintf("<th>[url='preferences.php?action=styleswitch2&style=%u']%s[/url]</th>", $css['number'], stripslashes($css['name'])); echo sprintf("<td align='center'>%s</td>", $selected); echo sprintf("<td>%s</td>", stripslashes($css['description'])); echo "</tr>"; } echo "<tr>"; echo "<form action='preferences.php?action=stylerand' method='post'>"; echo sprintf("<td colspan='100%%' style='text-align:center;'>Randomise on every login: <input type='checkbox' name='rand' value='1' %s /> (leave unchecked if no) - <input type='submit' value='Submit' /></td>", ($ir['style_rand_checked']) ? "checked='checked'" : ""); echo "</form>"; echo "</tr>"; echo "</table>"; } function style_switch_sub() { global $db, $ir, $userid, $h; $_GET['style'] = abs(@intval($_GET['style'])); if(!$_GET['style']) { echo "What are you doing?"; $h->endpage(); exit; } $select = sprintf("SELECT name, number FROM stylesheets WHERE (number = %u)", $_GET['style']); $get_ = $db->query($select); if(!$db->num_rows($get_)) { echo "What are you doing?"; $h->endpage(); exit; } if(isset($_POST['rand'])) { $randomise = sprintf("UPDATE users SET style_rand_checked = 1 WHERE (userid = %u)", $userid); $db->query($randomise); } $sql = sprintf("UPDATE users SET header = %u WHERE (userid = %u)", $_GET['style'], $userid); $db->query($sql); $css = $db->fetch_row($get_); echo sprintf("Style switched to “%s” ", stripslashes($css['name'])); echo "[url='preferences.php?action=styleswitch']Back[/url]"; } function style_rand() { global $db, $userid; $_POST['rand'] = abs(@intval($_POST['rand'])); $sql = sprintf("UPDATE users SET style_rand_checked = %u WHERE (userid = %u)", $_POST['rand'], $userid); $db->query($sql); echo sprintf("The styles will %sbe randomised on login from now on", ($_POST['rand'] == 1) ? "" : "no longer "); } $h->endpage( ); ?>

Um, we have a problem, A rather big problem, How long has this mod been made and I bought a copy VERY VERY similar to this for 5$ from someone I was asking why he had made it and sold it for so cheap and the dude say cause I need money so I felt ublidged to buy it. I will relook over the pictures and compare them again hope this isnt the same one.

@Diesel you beat me to it. and yeah if you had a large database I see someone's server failing.

$tester = mysql_real_escape_string($_get['tester']); To secure your crystals on the header it would be $crystals = mysql_real_escape_string($_GET['crystals']); Is that corect? And I'm going to post a couple of things and tell me if there right. $IP = mysql_real_escape_string($_SERVER['REMOTE_ADRR']); - This on the login, register and the header. Instead of the regular IP server requests? if($_GET['ID'] != abs(@intval($_GET['ID']))) - Use this in your header for the federal jail get ID thing Once again $IP = mysql_real_escape_string($_SERVER['REMOTE_ADRR']); on your register replacing your default IP server function ^^ i have that 2 times in my register at the far top and after the style when the page stuff is started. So far that is all I got, I would love for someone to go in-depth with securing that abs and $_GET and $_POST the IP stuff I got covered that's simple . That if($_GET['ID'] != abs(@intval($_GET['ID']))) - should I add this all over my game like this in my header if($_GET['ID'] != abs(@intval($_GET['ID']))) if($_GET['ID'] != abs(@intval($_GET['money']))) if($_GET['ID'] != abs(@intval($_GET['crystals']))) Should that be replaced with my current money crystals etc?

Okay I have added the IP ban manager and view ban manager from this site, It's one mod not two. I have people on my game (Admins) banning people and I want to see what IP they ban and have it added to the staff log I have got this far and I will tell you the errors of the code that I have provided   function ipban() { ?><h3>Ban an IP</h3> <form action='staff.php?action=ipbancon' method='post'> <input type="text" name="ip" /> <input type='submit' value='BAN!' /></form> <hr width="50%" /> [url="staff.php?action=ipbanview"][b]Click to view current IP bans[/b][/url] stafflog_add("Banned a IP"); <? } function ipbancon() { $filename='/home/ganja360/public_html/ipbans/'.$_POST['ip']; $file=fopen($filename,w) or die("Error Creating File"); fclose($file); ?>Done [url="staff.php?action=ipbanview"][b]Back[/b][/url]<? } function ipbanview() { $dir = "/home/ganja360/public_html/ipbans/"; ?> <h3>Viewing banned IP's</h3> <table border="1"> <tr> <th> IP </th> <th> Delete? </th> </tr><? if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if (strlen($file)>4) { ?> <tr> <td> <? echo $file; ?> </td> <td> [url="staff.php?action=ipbanremove&ip=<? echo $file; ?>"][b][img=imageicons/decline.png][/b][/url] stafflog_add("Viewed the banned IP page"); </td> </tr> <? } } closedir($dh); } } ?></table> [url="staff.php"][b]Back[/b][/url] <? } function ipbanremove() { $file=$_GET['ip']; $filepath = "/home/ganja360/public_html/ipbans/".$file; if (! unlink ($filepath)) { echo "Couldn't delete file"; } else { echo "Removed IP: ".$file; stafflog_add("Removed a banned IP"); } ?> [url="staff.php?action=ipbanview"][b]Back[/b][/url] <? } function lstaffaps() { global $db,$ir,$c,$h,$userid,$set; if($ir['user_level'] != 2) { die("403"); } $_GET['lock'] = abs((int) $_GET['lock']); if($_GET['lock'] == '1') { $db->query("UPDATE `settings` SET conf_value='Locked' WHERE conf_name='stafflock'"); stafflog_add("Locked Staff Applications."); echo "Staff applications are now locked. >[url='staff.php']Go Back[/url]"; $h->endpage(); exit; } else if($_GET['lock'] == '2') { $db->query("UPDATE `settings` SET conf_value='Unlocked' WHERE conf_name='stafflock'"); stafflog_add("Unlocked Staff Applications."); echo "Staff applications are now unlocked. >[url='staff.php']Go Back[/url]"; $h->endpage(); exit; } }   The error in that code is that when I ban a IP it says Back then it says right beside that stafflog add etc. Then viewing a banned IP I also see the stafflog add stuff. The only code on that that works is the removeale. When I remove one it actually pastes it into the staff log saying Removed a IP. I would like it to display what IP's are added to the ban manger and what IP was removed is that possible guys??? I tried to do this before to the same mod and I couldn't do it I think I have the stafflog_add(blah); in the wrong place. ?(

I am on msn

I would like to know how to use a pattern in GIMP, I installed it in it's "Pattern" folder bt I don't see a icon to add a pattern. I click "edit" then go down to Fill background with pattern but it gives me a wood template I don't like I want to use the ones I just added.

Not hard to fix. I'll add it to my 'to do' list Thanks man, I just hate going to topics and seeing others say does this post work, etc etc etc. I would like for everyone to start updating the fix with the original post would save time.

Thanks, hey if you want to get togather on MSN and discuss Ideas that is possible.??? @Jordan - Pudda, I know but I wanted it to be in the same thing as Fedjail.php so I can remove that link from my smenu as I have alot up there and yeah. It's somethign diffrent to do that I guarentee 90% of other MCC games don't have that is what is going to seperate my game from most others, I'm changing just about everything, I'm even going to change login to somethign else and register, Atm, When I switch to a EJAM host for testing as I have a host2x.com domain (2x.nu) and they are always down :@. So yeah I was planning on changing the config to somethign else for security and all the crons to somethign else and all links etc. Rename all the files. I know I have about 1 full days work ahead of me but after all this is done I was planning on taken up that one users idea about taken off the .php extensions and just have blah or login or whatever, I forgot who posted that. Does anyone still have the link to that thread.?

I have a new suggestion for MCcodes in general, I think before you can even own a game every host should make you take a test, has 100 simple PHP based questions, If you get more than 10% wrong you don't get your hosting site, EJAM if they did this, 90% of "Beginners" wouldn't have a game. *Smiles, and day dreams* - Imagine if 90% of the sites online were not there because they couldn't pass the test. The internet would unbog :D anyways. Like Zero-Affect said, There is plenty of headers out there, Hell most of them are on this site!. I've given you a header yeasterday, It was even secured by Sql, HTML and most other injections. 50$ worth of security just gone and all because you told me yeasterday I don't like this one, I don't like the layout. It's simple to edit it's called the code inbetween the <style></style> tags, maybe you should change the background like that?/? or maybe even move the code like this to a diffrent section in the header. "<table style='table2' width='50%' border='2'> that isn't the exact code, but it's similar. Off topic, Starting another. As of January , 1st, 2009 AT 12:00AM, I will be flaming less people because of stupidity. :D I still have a few more days though :) --Back on topic--, If you need me to create you a tutorial on using the search box I will be more than glad to. I'm being serious I had someone ask me how to search on MWG 3 days ago. I created him a video tutorial.

I do have a question about the patterns in say GIMP, I have put a new pattern I downloaded into the "patterns" folder inside of root/usr/share/gimp/2.0/patters/ but I go to my GIMP and look I see nothing about patters like in the "edit" there is a thing called fill with a background, I click that and it gives me a modern wood looking background how do I switch or browse the patterns I just installed???

I have a question and I've heard this several times before. mysql_real_escape($_POST) Secure your post and mysql_real_escape($_GET) Well, could someone show me a few examples of security with these two methods like I know this is probably wrong but do I secure it like this mysql_real_escape(INFOHERE) or what?

I wanted to use something other than crons myself, As I really have just found out how much they rely on your server if you have a lot of members. I have found out about something called poormancrons that is something that you go to the pormancrons.install and it installs it on your game, I also figured out that it's not for mccodes but you can convert it to it..but it's a lot of work...   Now, I heard about timestamps, UNIX to be exact, I would love to use them, Someone told me to go to the site and set it up and I got a number like 9202853 or something similar to that but that is all that he told me and that is where I stopped, If someone can help me with this please PM me so we can set this up. Thanks, Ganjafreak.

xD DJ always makes me laugh, anyways back on topic, I would also suggest you to check out those sites Pudda said andto check out others stuff.

I am going to add these three revamps when I get back on my computer, I can't ever seem to get that item house pic to work, It would be cool if there was national cleanup day on here were people would take allthe broken files and update them correctly in the original post. It saves time to having looking threw all the posts for the "Correct" or the "Fix way of it. Either way, I like the revamps man good job.

It's alright, I like it. Good Job.

Hello guys, I've thought of a real simple federal jail add-on for mccodes v2. You know how it already has those tables Who, Jailer, Reason, And days. And below it has what is Well, I was thinking about adding a table called Staff beside the user and have below it the linkes like this "Edit", and "Remove" and when you click edit it, it lets you edit the reason and amount of days the user is in jail , and if you click remove, It removes them from Federal jail. All this should be on the same page so all that should be added is a function or something. Thanks for whomever makes this, I will make them a custom graphic. I also have smaller stuff like this that is real cool and would make a game look great. PM me if you want to team up and start sharing ideas and etc.

I have joined and sent you a message on your game, I would be glad to help you and make you a new template for free. I'm a freelance Website Developer