Uridium

Zan are you familiar with PHPMYADMIN and its uses

ive been Quietly making some new mods for 2011 which include.. Graphical Searching area. Advanced Lottery. Improved marriage system.

Thats okies Paul and i wont mention anything about your CRAP SECURITY mods you sold me ;)

I have no complaints over Paul Evans work or securing hes been round long enough with mccodes to understand its vulnerabilities and how to fix/cure them

Ive said this from day one learn to hack your script first then you'll understand how to secure it. How can yu secure something that you dont even know how it was hacked in the first place Its ok you guys saying you'll do it for $150 - $200 that doesnt help anyone. Especially the End user whos game your securing...

Nice work Curt :) can i make a suggestion.. Regards the points (crystals) Wouldnt this feature work better if the current buy rate from the points/crystals market also made an impact on the items market if you choose to buy by points/crystals what i mean is say i put a sword up for 100 points/crystals and no-one buys it for 3 weeks and the average selling per point/crystal on the points/crystal market has risen then buying from the items market wouldnt be true to the selling part...

There are a number of factor when deleting a player... 1 = when you delete a last player example id 10 the next person to sign up gets id 11 this is due to how the increment works 2 = Also just deleting a member from the users list you also need to delete their stats and inventory mentions, mails, events and anything else with that players identity..

Morgan this is what you phpmyadmin tabke should look like for ITEMS   [mysql]CREATE TABLE `items` ( `itmid` int(11) NOT NULL auto_increment, `itmtype` int(11) NOT NULL default '0', `itmname` varchar(255) NOT NULL default '', `itmdesc` text NOT NULL, `itmbuyprice` int(11) NOT NULL default '0', `itmsellprice` int(11) NOT NULL default '0', `itmbuyable` int(11) NOT NULL default '0', `effect1_on` tinyint(4) NOT NULL default '0', `effect1` text NOT NULL, `effect2_on` tinyint(4) NOT NULL default '0', `effect2` text NOT NULL, `effect3_on` tinyint(4) NOT NULL default '0', `effect3` text NOT NULL, `weapon` int(11) NOT NULL default '0', `armor` int(11) NOT NULL default '0', PRIMARY KEY (`itmid`) ) ENGINE=MyISAM ;[/mysql]

Merry Christmas to one and all old and new :)

I made something on the same lines as this mod well not exactly the same on the version i did when you tried to steal an item you were faced with a new screen with a random GUILT or NOT GUILTY feature getting 2 NOT GUILTYS resulted in you being able to buy the item half price 3 NOT GUILTYS meant you got the item for FREE 1 NOT QUILTY resulted in a short stay in Jail but 3 GUILTYS meant you got a longer stay in jail and had to pay back the cost of the item you tried to steal. it didnt take the cost in one go but you paid it back over a week......

This mod will not send out an Email but once user has enter correct email and secret question they can change their password from the same screen.. Failure to get email or secret question correct results in user submission being logged as Failed..

Some time ago i made a mod that a user had to have a secret question which was inputted by the user the resend.php file didnt work very well so ive redone it so it now works flawlessly and will also tell admins which users have been trying to gain access to other users accounts... call this file resend.php   <? include "config.php"; global $_CONFIG; define("MONO_ON", 1); require "class/class_db_{$_CONFIG['driver']}.php"; $db=new database; $db->configure($_CONFIG['hostname'], $_CONFIG['username'], $_CONFIG['password'], $_CONFIG['database'], $_CONFIG['persistent']); $db->connect(); $c=$db->connection_id; $set=array(); $settq=$db->query("SELECT * FROM settings"); if(isset($_POST['resend'])) { $email = mysql_real_escape_string($_POST["email"]); if ($email == '') { echo '<script>alert("Not sure what happened there did you actually give me an address to lookup ?");</script>'; echo '<script>history.back(1);</script>'; exit; } if((!strstr($email , "@")) || (!strstr($email , "."))) { echo '<script>alert("Sorry the Address type was not recognised.");</script>'; echo '<script>history.back(1);</script>'; exit; } $q = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error()); if(mysql_num_rows($q) > 0) { $q2 = mysql_fetch_assoc($q); $username = $q2[username]; //$pass = $q2[pass]; } else { echo '<script>alert("Sorry that Email Address was not found in our Database");</script>'; echo '<script>history.back(1);</script>'; exit; } $password = md5($_POST[password]); $squestion = mysql_real_escape_string($_POST["squestion"]); if ($squestion == '') { echo '<script>alert("Not sure what happened there did you actually give me an address to lookup ?");</script>'; echo '<script>history.back(1);</script>'; exit; } elseif ($password == '') { echo '<script>alert("Not sure what happened there did you actually give me an address to lookup ?");</script>'; echo '<script>history.back(1);</script>'; exit; } $quest = mysql_query("SELECT * FROM users WHERE squestion = '$squestion'") or die(mysql_error()); if(mysql_num_rows($quest) > 0) { $q2 = mysql_fetch_assoc($quest); $username = $q2[username]; } else { ?> <BODY leftmargin="0" topmargin="0" marginwidth="5" marginheight="0" style="color: #FF0000; background-color: #000000"> [list=1] <div align="center"> <center> <TABLE bgcolor=#A1A3B1 borderColorDark=#0000FF borderColorLight=#FFFF00 border=1 CELLPADDING=3 style="border-collapse: collapse" bordercolor="#000000"> <tr> <th scope="col" bgcolor="#FF0000" bordercolor="#000000"> <font face="Verdana" color="#FFFF00" size="3">Secret Question Error!</font></th> </tr> <tr> <td bgcolor="#FF0000" align="center" bordercolor="#000000"><center> <font face="Verdana" color="#FFFF00"><center> ERROR! [i]<?PHP echo "$squestion"; ?>[/i] was not found on our Database for this email address</p></center> <center>[[url="resend.php"] Try Again [/url] ]</font></center> </td> </tr> </tr></center> </div> <table> </table>[/list] <?PHP $IP = $_SERVER['REMOTE_ADDR']; mysql_query("INSERT INTO questreq (email, success, failedquest, fromip, username) VALUES('{$_POST['email']}', '', 'FAILED', '$IP', '$username')"); exit; } $IP = $_SERVER['REMOTE_ADDR']; if ($squestion !== $question) $query = mysql_query( "UPDATE users SET userpass = '$password' WHERE email = '$email' AND username = '$username'" ) or die(mysql_error()); mysql_query("INSERT INTO questreq (email, success, failedquest, fromip, username) VALUES('{$_POST['email']}', 'SUCCESS', '', '$IP', '$username')"); echo ' <BODY leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" style="color: #FF0000; background-color: #000000"> [list=1] <div align="center"> <center> <TABLE bgcolor=#A1A3B1 borderColorDark=#0000FF borderColorLight=#FFFF00 border=1 CELLPADDING=3 style="border-collapse: collapse" bordercolor="#000000"> <tr> <th scope="col" bgcolor="#FF0000" bordercolor="#000000"> <font face="Verdana" color="#FFFF00" size="4">PASSWORD CHANGED</font></th> </tr> <tr> <td bgcolor="#FF0000" align="center" bordercolor="#000000"><center> <font face="Verdana" color="#FFFF00">Account Data Found For Username:[b]['.$username.'][/b] Using This Email:'.$email.' New Password Changed and Updated. <center>[[url="index.php"] Login [/url] ]</font></center> </td> </tr> </tr></center> </div> <table> </table>[/list]'; } else { ?> <BODY leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" style="color: #FF0000; background-color: #000000"> [list=1] <div align="center"> <center> <TABLE bgcolor=#A1A3B1 borderColorDark=#0000FF borderColorLight=#FFFF00 border=1 CELLPADDING=3 style="border-collapse: collapse" bordercolor="#000000"> <tr> <th scope="col" bgcolor="#FF0000" bordercolor="#000000"> <font face="Verdana" color="#FFFF00" size="3">Change Password Form</font></th> </tr> <tr> <td bgcolor="#FF0000" align="center" bordercolor="#000000"><center> <font face="Verdana" color="#FFFF00"> We will Require your Email and Secret Password you used to Join the Game with.</p> <form method="post" action="resend.php"> Email: <input name="email" type="text" class="textBox"> Secret Question you gave when you signed up: <input name="squestion" type="text" class="textBox"> Enter your new password <input name="password" type="password" class="textBox"> <input name="resend" type="submit" class="textBox" id="resend" value="Accept New Password"> </form> </p>Illusions 2010</font></center> </td> </tr> </tr></center> </div> <table> </table>[/list] <? } ?>   now add these SQLS [mysql] CREATE TABLE `questreq` ( `dataID` int(11) NOT NULL auto_increment, `email` varchar(255) NOT NULL default '', `success` varchar(255) NOT NULL default '', `failedquest` varchar(255) NOT NULL, `fromip` varchar(255) NOT NULL default '', PRIMARY KEY (`dataID`) ) ENGINE=MyISAM ; [/mysql] This mod is to be used in conjunction with the resend mod which can be found here. >> CLICK FOR MOD <<

try getting rid of the ,$c on your lines

Jordan lets be honest its V2 with a facelift cos if the system was better it would be packaged by now and ready to be sold as V3. All youve really done is extend the mods on it which is what we could have done anyway..   You cant really tell us this cos we dont even know the facts yet

Just to update: Curt has 2 sites both similar so i suggested that the none working script be placed on his first to which the script worked flawlessly We then tried taking the header from the working site and place it in the none working site then it wouldnt load... Iv'e told Curt to take all his files from Localhost and test it on another test site to see if this cures the problem. So we can narrow down any problems caused on the none working site. Still waiting for an outcome. But over all his script did work on the working site so it cant be a script error. So must have something to do with whats been added to the none working site. or the database...

I dont have a Licence ? and i make free mods for everyone dont hear anyone complaining when my mods roll off production.. Give the lad a chance he may even have a licence or intend on getting one :)

William everything you need to learn about mccodes scripts has already been done for you in the game just pick out a file and read through it and see how which Function does what and how another files links to it for more info :)

You may need to add a piece to cron_day.php to refill users turns each day mysql_query("UPDATE users SET guess = 10 WHERE guess < 1 OR guess = 0");

Not mocking your script Devonbnice by any means as its free and an excellent addition :)

You could change from mysql_query("UPDATE users SET hospital = $time WHERE userid=$userid"); mysql_query("UPDATE users SET hospreason = 'Severe burns' WHERE userid=$userid"); mysql_query("UPDATE users SET bomb = 0 WHERE userid=$userid");   to mysql_query("UPDATE users SET hospital = $time, hospreason = 'Severe burns', bomb = 0 WHERE userid=$userid"); save some space :)

Sorry you will have to excuse me as i didnt read the whole page fully then noticed after i posted that, that it was meant for an addition into the explore.php sorry about that..

I regd about 20 mins ago still waiting for validation email :) Username is illusions if staff can activate me. :)

Nice mod but just one Query why is if ( $ir['bomb'] < 1 ) { print " What are you doing? "; print " <hr>> Back<hr>"; exit; Pointing to Zero when your add to database is also 0 wouldnt this continously give the above message as it cant insert or add to database to make it 1 so making it if ( $ir['bomb'] == 1 ) should cure that problem..

K1ngscorp1o what they are trying to say is we know from experience that using. $ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; on a mcc script caused users games to be hacked via a Firefox plugin. So for their peace of mind what makes the use of the above safer in your scripts than in anyone elses And im not having a go at your script abilities id just like to understand your reasoning for the above...

Damn hope no-one asks me to post my old scripts id be here for years oops lol