Isomerizer
-
Posts
1,170 -
Joined
-
Last visited
-
Days Won
3
Content Type
Profiles
Forums
Events
Everything posted by Isomerizer
-
Re: Tabbed Browsing I've allways wanted to know how to prevent this too.
-
Re: Guess the next poster Nope, me. TearsAndSorrow?
-
Re: BUY MODS!!! Ok, I r teh noob mod :(
-
Re: BUY MODS!!! LMFAO, Oh, damn. Wtf. Now I've seen everything
-
Re: [mccode] [TGM] Delete Gang Option [TGM] Is this a joke...? Notepad?
-
Re: [mccode] quantify items automatically Anyone ever create a efficient auto quantify script?
-
Re: [Free] [v1] Profile Image Uploader Thanks fbiss, didn't realise i was missing a } :lol:
-
Re: Advertising Thanks Ferdi, Never knew they accepted paypal, I'm going to start using that soon :)
-
Re: Advertising That is not for advertising, They provide a service creating graphics used for advertising.
-
Hi, I was just wondering what advertising sites you use to advertise your websites? I'm looking for one's that do not require credit cards, and that can have funds added to the advertisers account directly through paypal. Reachad's do this and im using them atm, with 3 campaigns running. Im also using some PTC sites.... Ive tried adsense, adbrite and some other big advertising companies but they require credit cards :(.. Any other good advertising sites that can be payed with paypal? Ive also looked at game advertising online, but that seems way to expensive for a newish small RPG.
-
Re: Please Help <?php /*----------------------------------------------------- -- Mono Country v1.0 BETA -- A product of DBS-entertainment -- Copyright held 2005 by Dabomstew -- INDEX.php -----------------------------------------------------*/ session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); $_GET['ID'] = abs(@intval($_GET['ID'])); //Food if(!$_GET['ID']) { echo "Invalid use of file"; } else { $i=mysql_query("SELECT iv.*,i.*,it.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid WHERE iv.inv_id={$_GET['ID']} AND iv.inv_userid=$userid",$c); if(mysql_num_rows($i) == 0) { echo "Invalid item ID"; } else { $r=mysql_fetch_array($i); if($r['itmtypename'] == 'Food') { $f=mysql_query("SELECT * FROM food WHERE item_id={$r['itmid']}",$c); $fr=mysql_fetch_array($f); mysql_query("UPDATE inventory SET inv_qty=inv_qty-1 WHERE inv_id={$_GET['ID']}",$c); mysql_query("DELETE FROM inventory WHERE inv_qty=0",$c); mysql_query("UPDATE users SET energy=energy+{$fr['energy']} WHERE userid=$userid"); mysql_query("UPDATE users SET energy=maxenergy WHERE energy > maxenergy"); echo "You cram a {$r['itmname']} into your mouth. You feel a bit of energy coming back to you."; } else if($r['itmtypename'] == 'Medical') { $stat="Health"; $f=mysql_query("SELECT * FROM medical WHERE item_id={$r['itmid']}",$c); $fr=mysql_fetch_array($f); mysql_query("UPDATE inventory SET inv_qty=inv_qty-1 WHERE inv_id={$_GET['ID']}",$c); mysql_query("DELETE FROM inventory WHERE inv_qty=0",$c); mysql_query("UPDATE users SET hp=hp+{$fr['health']} WHERE userid=$userid"); mysql_query("UPDATE users SET hp=maxhp WHERE hp > maxhp"); if($r['itmname'] == 'Full Restore') { mysql_query("UPDATE users SET energy=maxenergy,will=maxwill,brave=maxbrave WHERE userid=$userid",$c); $stat="Energy"; } if($r['itmname'] == 'Will Potion') { $stat="Will"; mysql_query("UPDATE users SET will=maxwill WHERE userid=$userid",$c); } echo "You spray a {$r['itmname']} into your mouth. You feel a bit of $stat coming back to you."; } else { echo "You cannot use this item."; } } } $h->endpage(); ?>
-
Just want some advice on securing my game.
Isomerizer replied to Jesse60905's topic in General Discussion
Re: Just want some advice on securing my game. Securing against header injections is pretty simple.. $headerinject = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); foreach($_POST as $k => $v){ foreach($headerinject as $v2){ if(strpos($v, $v2) !== false){ logBadRequest(); header("HTTP/1.0 403 Forbidden"); exit; } } } unset($k, $v, $v2, $allowed, $headerinject); Alot of these security functions can be found on google. ^^^ Was, just edited a little bit. -
Re: Please Help I guess so... Post away...
-
Re: Please Help Try.. if($r['itmname'] == 'Full Restore') { mysql_query("UPDATE users SET energy=maxenergy,will=maxwill,brave=maxbrave WHERE userid=$userid",$c); } } if($r['itmname'] == 'Will Potion') { mysql_query("UPDATE users SET will=maxwill WHERE userid=$userid",$c); } print "You spray a {$r['itmname']} into your mouth. You feel your Chi coming back to you."; } else { print "You cannot use this item."; } } $h->endpage(); ?>
-
Re: Make Money from Your Site with these tips ! Tried alot of PTC's. None are really successful, The best one is probaly Advercash's banner ad. Got me quite a bit of traffic and sign up's. PTC don't work well for games. If i ever do advertise on them its to get me unique visitors :)
-
Re: Make Money from Your Site with these tips ! Just put $40 into my advertisement balance on Reachad's and started a $0.05 PTC campaign for my game, Hopefully should boost my traffic :)
-
Re: Simple user rating system v2 Ratings: {$r['goodratings']} up, {$r['badratings']} down It already has the img tags in there for you, just edit the image location...
-
Re: Free Hosting Sites http://7te.org/ Seems to be popular.
-
Re: Simple user rating system v2 Add them between the links..
-
Re: Simple user rating system v2 Might as well use <font color='green'>+</font> <font color='red'>-</font>
-
Re: SQL Injections Seriously... Use your brain, Its that thing in your skull... How on earth is that related to SQL injections?
-
Re: Seanybob's Official Mod Corner Because he is the one, the only seanybob? Also its an autosig, so he does not type it out everytime.
-
Re: Simple user rating system v2 $result = $db->query("SELECT * FROM users WHERE userid='{$ID}'"); Try replacing that with: $result = mysql_query("SELECT * FROM users WHERE userid='{$ID}'"); You dont need to change ever single mysql_ to $db->
-
Re: Simple user rating system v2 Replace all the $db->real_escape_string with mysql_real_escape_string.
-
Re: Simple user rating system v2 I see no error in the script on line 29...