Isomerizer

Re: Note to all ce users! Nice one.

Re: Energy Orb [$5] Wtf, Isn't this just the 150 energy mod i made, buy you've just made an item for it...

Re: [v2] Stafflist enhanced [v2]   I'm sure Dambomstew put a lot more effort into MCCODES, some of you guys don't realise, He was probably pretty new to PHP when he started the engine, If someone said my coding was poor due to an old mod i may have made back when i was pretty new (I am still pretty new to PHP), I would be quite annoyed, I don't see the difference if its a game engine...

Re: Burn House for V2 If you succeed, it also lets the user your burning down, out of jail..   $db->query("UPDATE users SET jail=0 WHERE userid={$r['userid']}");

Re: [mccode] Jail for Lite if ($ir['jail'] > 0) { echo '<font color="red" size="5">You are in prison.</font>'; }

Re: Horse Racing[v1 + v2]   Well the SQL query can not find the value of $crystals, are you sure it exists? ;)

Re: Lottery [v1 and v2]   Think oxi made it, the copyright headers at the top are very similar, compare this to the topic just below this, Horse Racing.

Re: Horse Racing[v1 + v2]   i just found it on another forum in free mods lol   Does not allways mean its a free modification..

Re: Advanced Break In [$20] Updates - Code cleaned up. - Less sessions. - Security updated. - Indents added. :roll:

Re: House Break In [$15]   For peek sakes, when will you learn, If i chose not to indent code, it does not mean its poorly coded.   Lol @ Obvious lie. Anyways, I'm home now and gonna revise this modification, anyone who bought it and is reading this, I advise not to buy this re-done crap, but to contact me for a new updated version, that should be completed very soon. - Thanks.

Re: House Break In [$15] Lol, done nothing about it? You only notified my of this last night, and didn't tell me the exploit..... Since then i have been at college and haven't had time... The exploits you found are easy, your just changing an item id, And then you say my mod does not work at all. :s You sure you have not just broke yours? I've seen your code, of course its still exploitable, and doesn't look to efficient, you should learn to only select date from a table / database that is needed. I'll be fixing the exploits in my mod tonight and be changing some of the security (sessions) to something more secure and stable, as a lot multi tab and cause the sessions to reset. Your code is very messy too, heck yes congratz you have learnt to indent, but you should really learn to use functions instead of loads of isset($_POST['blah']) 's. Switch your $_GET and direct it to a function, so much easier to edit a certain part. What happens if i POST various actions at a time? The mod will go mad. Allowing stealing of cash & items at the same time. Some of your mod you have just taken code from mine and edited slightly, I'm not stupid...

Re: Advanced Break In [$20]   Lol, I still haven't got into the habbit of indenting.

Re: [Free] MySQL Control Panel Updated 8-)

Re: Hey everybody! Think Zeggy is inactive now anyways..

Ben2, Spammed my users today with his epic of a failure site, this guys trying to re-sell mccodes rofl. IP: 81.98.4.157 <-- I'd suggest banning, before he spams your site. Site Promoting: www.systmlive.com <-- Maybe Dambonstew or w/e his name is can do something about it. Email: [email protected] Just a heads up on this idiot.... Whois Information... Domain name: SYSTMLIVE.COM Administrative Contact: Griffiths, Ben [email protected] 9 Broadway Gardens Peterborough, NA PE1 4DU GB +1.441733756827 Hosting on: IXWEBHOSTING.COM

Re: [Free] MySQL Control Panel   <?php /*----------------------------------------------------- -- MySQL Admin -- Copyright held 2007-2008 by Isomerizer.com -- Free Source Script. -- sqladmin.php -----------------------------------------------------*/ // v1 version... session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); if ($userid!=1 && $ir['userid']!=1 && $ir['user_level']!=2) { echo '<font size="5" color="red">Access Denied</font>'; $h->endpage(); exit; } // Must be User ID 1 and Admin! echo '<h3>MySQL Control Panel</h3>'; switch($_GET['sql']) { case 'update': update(); break; case 'select': select(); break; case 'drop': drop(); break; case 'delete': delete(); break; case 'truncate': truncate(); break; default: sql_index(); break; } function select_tables() { global $c; $tables = mysql_query("SHOW TABLES"); echo '<select name="table">'; $databasename = 'prefix_database'; // <---- PSST Edit Database name! $table = 'Tables_in_'.$databasename; while($tab = mysql_fetch_object($tables)) { $name = $tab->$table; echo '<option value="'.$name.'">'.$name.'</option>'; } echo '</select>'; } function sql_commands() { echo '<select name="sql_commands"> <option value="=">=</option> <option value="!=">!=</option> </select>'; } function check_pass() { global $h; // Password Verification $salt="helloce"; // Edit Salt! $password=md5("$salt"."password123abc"); // Edit Password! $input=$_POST['password']; $input_password=md5("$salt"."$input"); if ($input_password != $password) { echo '<font color="red">Access Denied!</font> [url="'.$_SERVER['PHP_SELF'].'"]Back[/url]'; $h->endpage(); exit; } } function anti_injection($string) { global $c; if (ini_get('magic_quotes_gpc')) { $string = stripslashes($string); } $string = mysql_real_escape_string(htmlentities(trim($string)), $c); return $string; } if ($_GET['sql']!='update' && $_GET['sql']!='select' && $_GET['sql']!='drop' && $_GET['sql']!='delete' && $_GET['sql']!='truncate') { echo 'Invalid use of file!'; $h->endpage(); exit; // If sql is unknown } function back_index() { echo ' [url="'.$_SERVER['PHP_SELF'].'"]Back[/url]'; } function end_script() { global $h; $h->endpage(); exit; } function sql_index() { global $ir,$c,$userid,$h; echo '<form action="'.$_SERVER['PHP_SELF'].'" method="GET"> Command: <select name="sql"> <option value="update">UPDATE</option> <option value="select">SELECT</option> <option value="delete">DELETE</option> <option value="drop">DROP</option> <option value="truncate">TRUNCATE</option> </select> <input type="submit" value="Perform" /></form> <hr width="75%" /> Information... Here you can execute an MySQL command without editing your source code or accessing PhpMyAdmin.</p>'; end_script(); } function update() { global $ir,$c,$userid,$h; if (isset($_POST['execute']) && isset($_POST['password'])) { check_pass(); $table = anti_injection($_POST['table']); $where = anti_injection($_POST['where']); $where_what = anti_injection($_POST['where_what']); $commands = anti_injection($_POST['sql_commands']); $equals = anti_injection($_POST['equals']); $limit = anti_injection($_POST['limit']); $column = anti_injection($_POST['column']); if (empty($limit)) { $limit=0; } if (abs(@intval($where_what))) { $where_what = ''.$where_what.''; } $query = sprintf("UPDATE `$table` SET `$column` $commands '$equals' "); if (!empty($where) && !empty($where_what)) { $query = sprintf("UPDATE `$table` SET `$column` = '$equals' WHERE `$where` $commands $where_what"); } $finish = mysql_query($query, $c); if (!$finish) { echo 'Error: '.mysql_error(); back_index(); end_script(); } else { echo 'MySQL Query Successful! Table: '.$table.' Colum Updated: '.$column.' Updated to: '.$equals; if (!empty($where) && !empty($where_what)) { echo ' WHERE '.$where.' '.$commands.' '.$where_what; } back_index(); end_script(); } } else { echo '<form action="'.$_SERVER['PHP_SELF'].'?sql=update" method="POST"> UPDATE '; select_tables(); echo ' SET <input type="text" size="6" name="column" /> = <input type="text" size="6" name="equals" /> WHERE <input type="text" size="6" name="where" /> '; sql_commands(); echo '<input type="text" size="6" name="where_what" /> Password: <input type="password" name="password" value="" /> <input type="submit" name="execute" value="Execute MySQL" /></form>'; back_index(); end_script(); } } function select() { global $ir,$c,$userid,$h; if (isset($_POST['execute']) && isset($_POST['password'])) { check_pass(); $table = anti_injection($_POST['table']); $where = anti_injection($_POST['where']); $where_what = anti_injection($_POST['where_what']); $commands = anti_injection($_POST['sql_commands']); $equals = anti_injection($_POST['equals']); $limit = anti_injection($_POST['limit']); $select = anti_injection($_POST['select']); if (empty($limit)) { $limit=0; } if (abs(@intval($where_what))) { $where_what = ''.$where_what.''; } $query = sprintf("SELECT $select FROM `$table` ", $c); if (!empty($where) && !empty($where_what)) { $query = sprintf("SELECT $select FROM `$table` WHERE `$where` $commands $where_what", $c); } $finish = mysql_query($query, $c); if (!$finish) { echo 'Error: '.mysql_error(); back_index(); end_script(); } else { echo 'MySQL Query Successful! Results (Selecting '.$select.')... '; while($result = mysql_fetch_object($finish)) { echo $result->$select.' '; } back_index(); end_script(); } end_script(); } else { echo '<form action="'.$_SERVER['PHP_SELF'].'?sql=select" method="POST"> SELECT <input type="text" name="select" size="6" /> FROM '; select_tables(); echo ' WHERE <input type="text" size="6" name="where" /> '; sql_commands(); echo '<input type="text" size="6" name="where_what" /> Password: <input type="password" name="password" value="" /> <input type="submit" name="execute" value="Execute MySQL" /></form>'; back_index(); end_script(); } } function delete() { global $ir,$c,$userid,$h; if (isset($_POST['execute']) && isset($_POST['password'])) { check_pass(); $table = anti_injection($_POST['table']); if (empty($limit)) { $limit=0; } if (abs(@intval($where_what))) { $where_what = ''.$where_what.''; } $query = sprintf("DELETE FROM `$table`", $c); if (!empty($where) && !empty($where_what)) { $query = sprintf("DELETE FROM `$table` WHERE `$where` $commands $where_what ", $c); } $finish = mysql_query($query, $c); if (!$finish) { echo 'Error: '.mysql_error(); back_index(); end_script(); } else { echo 'MySQL Query Successful! Selected Content Deleted!'; back_index(); end_script(); } } echo '<form action="'.$_SERVER['PHP_SELF'].'?sql=delete" method="POST"> DELETE FROM '; select_tables(); echo ' WHERE <input type="text" size="6" name="where" /> '; sql_commands(); echo '<input type="text" size="6" name="where_what" /> Password: <input type="password" name="password" value="" /> <input type="submit" name="execute" value="Execute MySQL" /></form>'; back_index(); end_script(); } function drop() { global $ir,$c,$userid,$h; if (isset($_POST['execute']) && isset($_POST['password'])) { check_pass(); $table = anti_injection($_POST['table']); $query = sprintf("DROP TABLE `$table`", $c); $finish = mysql_query($query, $c); if (!$finish) { echo 'Error: '.mysql_error(); back_index(); end_script(); } else { echo 'MySQL Query Successful! Table: '.$table.' Dropped!'; back_index(); end_script(); } } echo '<form action="'.$_SERVER['PHP_SELF'].'?sql=drop" method="POST"> DROP TABLE '; select_tables(); echo ' Password: <input type="password" name="password" value="" /> <input type="submit" name="execute" value="Execute MySQL" /></form>'; back_index(); end_script(); } function truncate() { global $ir,$c,$userid,$h; if (isset($_POST['execute']) && isset($_POST['password'])) { check_pass(); $table = anti_injection($_POST['table']); $query = sprintf("TRUNCATE TABLE `$table`", $c); $finish = mysql_query($query, $c); if (!$finish) { echo 'Error: '.mysql_error(); back_index(); end_script(); } else { echo 'MySQL Query Successful! Table: '.$table.' Emptied!'; back_index(); end_script(); } } echo '<form action="'.$_SERVER['PHP_SELF'].'?sql=truncate" method="POST"> TRUNCATE TABLE '; select_tables(); echo ' Password: <input type="password" name="password" value="" /> <input type="submit" name="execute" value="Execute MySQL" /></form>'; back_index(); end_script(); } ?>   Should work v1..

Re: [Free] MySQL Control Panel   Sure thats not true.. I'm on PHP 4, works fine for me.. Sure you have set $databasename = 'prefix_database'; Correctly?

Re: [Free] MySQL Control Panel   Lol, thanks. One of the main reasons i made this was because my database password is random letters etc. Very hard to remember, this way i can login without loading Plesk / Cpanel > phpmyadmin each time. Also great for when I'm in college and wanna mess with the database. :P

This is a mod that should let you play around with your database without having to login to PhpMyAdmin.. It will allow 8 MySQL Syntax's atm, such as UPDATE, SELECT, DELETE, TRUNCATE, DROP, REPAIR, CHECK, IMPORT, SHOW, OPTIMIZE..   Available here: http://isomerizer.com/index.php?page=sqladmin Enjoy

Re: 3 Word Game and got slightly

Re: Free 2 - Search   Tell us something we don't know! :lol:

Re: Free 2 - Roulette Sweeeet

Re: Secure Your Crons.   Yes, but the IP inserted will just be $_SERVER['SERVER_ADDR'] as this predefined php variable will auto detect your server IP...   I think she meant to run the cron somewhere not public on your server.. cgi-bin/ maybe other then public_html / httpdocs. Not a completely different site. :s

Re: Secure Your Crons. Whats with all the SQL? Why not just...   $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; if ($IP != $_SERVER['SERVER_ADDR']) { die('Error'); }

Re: My Newist Discovery Hmmm..   Is it something like....   if (!empty($_REQUEST)) { foreach ($_REQUEST as $key => $value) { if (ini_get('magic_quotes_gpc')) { $_GET[$key] = stripslashes($_GET[$key]); } $_GET[$key] = htmlentities(strip_tags(trim($value))); unset($key); unset($value); } }