Isomerizer

Re: 8 Lines to secure your site from known sql injections.   Then it was exploitable... Meaning, it wasn't exploit proof. Right?

Re: Battle Arena [$20] Ok fair enough, this happened to a few due to a small bug in the orignal code, I did fix it. Just send me your cron, and i'll update it for you.

Re: Battle Arena [$20]   Your mod was encrypted, and the agreement was you could only use it on one domain.

Re: [Free] 50 / 50 Chance Mod   Sure i re-uploaded it more then that, trial and error ftw. :wink:

Nifty little mod...   <?php // BAH - isomerizer.com/ require_once("globals.php"); class chance extends headers { public $error = array(); public $minbet = 1; public $maxbet = 1000; public $maxgames = 10; public function _back() { echo ' [url="javascript: history.go(-1)"]Back[/url]'; } public function _errors($error) { if (!empty($error)) { echo'The following errors occured'; foreach ($error as $er) { echo ' '. $er; } unset($error); $this->_back(); $this->endpage(); exit; } } public function _fetchUser($col) { $SQL = sprintf("SELECT `". $col ."` FROM `users` WHERE `userid` = %u", $_SESSION['userid']); $exe = mysql_query($SQL); $fetch = mysql_fetch_array($exe); return $fetch[$col]; } public function _add() { if(isset($_POST['submit'])) { if (preg_match("/[^0-9]/i", $_POST['amt'])) { $this->error[] = 'Amount must be numeric'; } if($_POST['amt'] < $this->minbet) { $this->error[] = 'The minimum bet is '. $this->minbet; } $SQL = sprintf("SELECT COUNT(`logID`) amount FROM `chance` WHERE `userID` = %u AND `active` = 1", $this->_fetchUser('userid')); $exe = mysql_query($SQL); $check = mysql_fetch_array($exe); if($check['amount'] >= $this->maxgames) { $this->error[] = 'There is a maximum of '. $this->maxgames; } if($_POST['amt'] > $this->_fetchUser('money')) { $this->error[] = 'You cannot afford that amount.'; } $this->_errors($this->error); $SQL_2 = sprintf("UPDATE `users` SET `money` = `money` - %u WHERE `userid` = %u", $_POST['amt'], $this->_fetchUser('userid')); mysql_query($SQL_2); $SQL_3 = sprintf("INSERT INTO `chance` (`logID`, `userID`, `amount`, `active`) VALUES (NULL, %u, %u, 1)", $this->_fetchUser('userid'), $_POST['amt']); mysql_query($SQL_3); echo 'Your game has been set. Good Luck.'; } else { echo 'Adding a game <form action="'.$_SERVER['PHP_SELF'].'?act=add" method="POST"> Cash: <input type="text" name="amt" size="10" maxlength="10" /> <input type="submit" name="submit" value="Add!"></form> « '. $this->maxgames .' games max per user »'; } } public function _view_games() { $SQL = "SELECT t.* , u.username FROM `chance` t LEFT JOIN `users` u on u.userid = t.userID WHERE t.active = 1 ORDER BY t.logID ASC"; $exe = mysql_query($SQL); echo '« [url="'.$_SERVER['PHP_SELF'].'?act=add"]Add Game[/url] » Table of users awaiting a challenge <table width="75%"> <tr> <td><u>Game ID</u></td> <td><u>User</u></td> <td><u>Amount</u></td> <td><u>Challenge</u></td> <td><u>Cancel</u></td> </tr>'; while($r = mysql_fetch_array($exe)) { echo '<tr> <td>'. $r['logID'] .'</td> <td>[url="viewuser.php?u='. $r['userID'] .'"]'. $r['username'] .'[/url] ['. $r['userID'] .']</td> <td>'. $r['amount'] .'</td> <td>[url="'. $_SERVER['PHP_SELF'] .'?act=challenge&ID='. urlencode($r['logID']) .'"]Challenge[/url]</td> <td>'; if($this->_fetchUser('userid') == $r['userID']){ echo '[url="'. $_SERVER['PHP_SELF'] .'?act=cancel&ID='. urlencode($r['logID']) .'"]Cancel[/url]'; } echo '</td> </tr>'; } echo '</table>'; } public function _challenge() { $SQL = sprintf("SELECT t.*, u.username FROM `chance` t LEFT JOIN `users` u ON t.userID = u.userid WHERE t.logID = %u AND t.active = 1 LIMIT 1", $_GET['ID']); $exe = mysql_query($SQL); $fetch = mysql_fetch_array($exe); if(!empty($fetch['logID'])) { if($fetch['amount'] > $this->_fetchUser('money')){ $this->error[] = 'You cannot afford the challenge amount.'; } if($this->_fetchUser('userid') == $r['userID']){ $this->error[] = 'You cannot accept your own challenge.'; } $this->_errors($this->error); if(mt_rand(1,2) == 1) { $winner = $fetch['userID']; $loser = $this->_fetchUser('userid'); $winnername = $fetch['username']; $losername = $this->_fetchUser('username'); $string = '<font color="red">Sorry, you Lost. Better luck next time.</font>'; $SQL_2 = sprintf("UPDATE `users` SET `money` = `money` - %u WHERE `userid` = %u", $fetch['amount'], $this->_fetchUser('userid')); $SQL_3 = sprintf("UPDATE `users` SET `money` = `money` + (%u * 2) WHERE `userid` = %u", $fetch['amount'], $fetch['userID']); mysql_query($SQL_2); mysql_query($SQL_3); } else { $winner = $this->_fetchUser('userid'); $loser = $fetch['userID']; $winnername = $this->_fetchUser('username'); $losername = $fetch['username']; $string = 'You Won! Congratulations! <font color="green"> You Won '. money_formatter($fetch['amount']) .'!</font>'; $SQL_4 = sprintf("UPDATE `users` SET `money` = `money` + %u WHERE `userid` = %u", $fetch['amount'], $this->_fetchUser('userid')); mysql_query($SQL_4); } event_add($winner, 'The game of '. money_formatter($fetch['amount']) .' challenged by [url="viewuser.php?u= '. urlencode($this->_fetchUser('userid')) .'"]'. $this->_fetchUser('username') .'[/url] was won by [url="viewuser.php?u='. urlencode($winner) .'"]'. $winnername .'[/url].', $t); event_add($loser, 'The game of '. money_formatter($fetch['amount']) .' challenged by [url="viewuser.php?u='. urlencode($this->_fetchUser('userid')) .'"]'. $this->_fetchUser('username') .'[/url] was won by [url="viewuser.php?u='. urlencode($winner) .'"]'. $winnername .'[/url].', $t); $SQL_5 = sprintf("UPDATE `chance` SET `active` = 0 WHERE `logID` = %u", $_GET['ID']); mysql_query($SQL_5); echo $string; } else{ echo 'This game has either been cancelled or someone played before you got the 5050.'; } } public function _cancel() { $SQL = sprintf("SELECT `amount` from `chance` where `logID` = %u AND `active` = 1", $_GET['ID']); $exe = mysql_query($SQL); $fetch = mysql_fetch_array($exe); if(!empty($fetch['amount'])) { $SQL_2 = sprintf("UPDATE `users` SET `money` = `money` + %u WHERE `userid` = %u", $fetch['amount'], $this->_fetchUser('userid')); $SQL_3 = sprintf("UPDATE `chance` SET `active` = -1 WHERE `logID` = %u", $_GET['ID']); mysql_query($SQL_2); mysql_query($SQL_3); echo 'The game has been cancelled, and your money has been returned.'; } else { echo 'This game has already been canceled, does not exist, or someone already played.'; } } } $cha = new chance(); echo '<h1>50 / 50 money Game</h1>'; switch($_GET['act']) { case 'cancel': $cha->_cancel(); break; case 'challenge': $cha->_challenge(); break; case 'add': $cha->_add(); break; default: $cha->_view_games(); break; } ?>   SQL: CREATE TABLE `chance` ( `logID` int( 20 ) NOT NULL AUTO_INCREMENT , `userID` int( 11 ) NOT NULL default '0', `amount` int( 11 ) NOT NULL default '0', `active` tinyint( 1 ) NOT NULL default '0', PRIMARY KEY ( `logID` ) ) ENGINE = MYISAM DEFAULT CHARSET = latin1;

Re: 50/50(V2) for money and for crystals   Indeed.. http://criminalexistence.com/ceforums/i ... ic=16147.0 I'll be updating this mod, as the code is poor. Be posting this mod for free later today with several coding upgrades.. The only thing i can say to users who bought this off me is "Sorry" that some guy decided to post it for free...

Re: hey   What would be run every time someone clicks over daily... Bad idea... Gonna run alot of unnecessary queries.

Re: DBS Mod Sale   Its his salt... But i was just saying.. the string was incorrect, and would of caused a php error. Caught my eye with the syntax colours, they come in very handy for debugging.

Re: DBS Mod Sale     $password_file = "ATC//!#"!BS'''";   ....   $password_file = "ATC//!#"!BS'''";

Re: Hey with creating this script ?   Bah, well your gonna have to insert/update the data into the col's in the attackleave/mug/hosp first. http://www.w3schools.com/Sql/sql_update.asp Then in your viewuser your going to have to fetch the data from the col's to display the results. http://www.w3schools.com/Sql/sql_select.asp http://uk3.php.net/mysql_query http://uk.php.net/mysql_fetch_array This is really more crap on the users table, try to look into a way where you can create a new table for this new data.

Re: hey   Hmm, cron could work..not the best of ideas. But the cron you provided will not, $userid & $ir are not defined. Try..   <?php include "config.php"; global $_CONFIG; if($_GET['code'] != $_CONFIG['code']) { die(""); } define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $db->query("UPDATE users SET rank = 'starter' WHERE `rankxp` > 1"); $db->query("UPDATE users SET rank='Pickpocket' WHERE `rankxp` > 150"); $db->query("UPDATE users SET rank='Criminal' WHERE `rankxp` > 400"); $db->query("UPDATE users SET rank='Dealer' WHERE `rankxp` > 550"); $db->query("UPDATE users SET rank='Thug' WHERE `rankxp` > 700"); $db->query("UPDATE users SET rank='Leader' WHERE `rankxp` > 1000"); $db->query("UPDATE users SET rank='Con Artist' WHERE `rankxp` > 2500"); $db->query("UPDATE users SET rank='Caporegime' WHERE `rankxp` > 5000"); $db->query("UPDATE users SET rank='Hitman' WHERE `rankxp` > 10000"); $db->query("UPDATE users SET rank='Crimelord' WHERE `rankxp` > 15000"); $db->query("UPDATE users SET rank='Piciotto' WHERE `rankxp` > 32000"); $db->query("UPDATE users SET rank='Contabile' WHERE `rankxp` > 40000"); $db->query("UPDATE users SET rank='Boss' WHERE `rankxp` > 57000"); $db->query("UPDATE users SET rank='Kingpin' WHERE `rankxp` > 65000"); $db->query("UPDATE users SET rank='Consiglieri' WHERE `rankxp` > 80000"); $db->query("UPDATE users SET rank='Godfather' WHERE `rankxp` > 110000"); $db->query("UPDATE users SET rank='Don' WHERE `rankxp` > 210000"); $db->query("UPDATE users SET rank='Legendary Godfather' WHERE `rankxp` > 310000"); $db->query("UPDATE users SET rank='Legendary Don' WHERE `rankxp` > 410000"); $db->query("UPDATE users SET rank='Untouchable Don' WHERE `rankxp` > 490000"); ?>

Re: DBS Mod Sale   Thanks for the positive feedback Nick, look forward to programming for you more in the future.

Re: Spanish   Lmao. :evil:

Re: CSS [V2] MAYBE [V1] Woah, big mod.. :lol: Wouldn't it fit better here: http://criminalexistence.com/ceforums/h ... .php?f=4.0

Re: Developing a simple application framework (Part #1) Thanks, I have found this tutorial very helpful! :-)

Re: user profile sigs (BBcode)   I'm sure a while back Deception exploited the default bbcode engine. Must be something wrong with it... :-P

Re: [v1] Travel to User Location button on profiles [FREE]   print "   needs to be print ' / echo ' otherwise your script's gonna error.. And $_GET['to'] is still unsecure?

Re: user profile sigs (BBcode)   Oh, my bad.. :lol:

Re: [v1] Travel to User Location button on profiles [FREE] Erm, I may be missing something here.. But i don't see them input variables being filtered... This is prone to obvious xss / sql injections :?

Re: user profile sigs (BBcode)   No.. Also...   require "bbcode_engine.php"; $this->engine= new bbcode_engine;   You haven't supplied us with all of the scripts required to use this bbcode class...

Re: Problem   Huh? :? The query you posted, was an insert query.

Re: Problem   INSERT INTO `crimes` ( `crimeNAME`, `crimeBRAVE`, `crimePERCFORM`, `crimeSUCCESSMUNY`, `crimeSUCCESSCRYS`, `crimeSUCCESSITEM`, `crimeGROUP`, `crimeITEXT`, `crimeSTEXT`, `crimeFTEXT`, `crimeJTEXT`, `crimeJAILTIME`, `crimeJREASON`, `crimeXP`) VALUES ( 'Search the Trash Cans for Money', 1, '((WILL*0.8 ).Cool/2.5)+(LEVEL/4)', 2, NULL, 0, 1, 'You start lurking around the streets....and look for cash around every corner...', 'You manage to fine $2! ', 'Nothing is found...poor you!', 'A copper comes up to you... \"What do you think you are doing? I think we better go down town, and talk about this\"', 16, 'Loitering', 4)

Re: [V2] Ignore User Mail [V2]   echo 'You can't ignore a non-existant user. [url="'.$_SERVER['PHP_SELF'].'?action=ignoreform"]Back[/url]';   Remember back slashes, so PHP can tell the ' is an apostrophe, not you trying to end the string.   echo 'You can\'t ignore a non-existant user. [url="'.$_SERVER['PHP_SELF'].'?action=ignoreform"]Back[/url]';   Notice the change in the syntax colors too. Or you could even use the entitie (')

Re: The world mite end on Wednesday 10ths september 2008... Before i die, I'd like to say one thing. "I love you YoungGold. Together in the afterlife we shall reunite!"

Re: Sick & Tired   Bullet says a lot of things. Doesn't make them them true.