seanybob

A tip of my hat to the MWG community (and to the old CE community), Wanted to leave a few updates as to what I've been up to since you last saw me. First, pretty much all my mods for McCodes are open source. http://teachthe.net/?page_id=1263 http://teachthe.net/?page_id=190 Also, a while back I compiled a quick list of McCode vulnerabilities I'd noted in my research. Likely they are all old news and have been patched, I've heard good things about how McCode's creators have stepped up to the plate and started patching their work. http://teachthe.net/?cat=59 Finally, I got involved in a project called Social Paste involving wxPython and PHP. Quick video: For those not interested in watching the video, in essence what we've created is a way to copy/paste between computers, utilizing social networks to send 'pastes' to friends. The program adds a few new shortcuts to your computer, Social Copy (ctrl+shift+c) and Social Paste (ctrl+shift+v) being the main two. Reason I bring it up is that we're releasing the wxPython code open source. I know most of you guys are PHP developers, but I encourage you to take a look at it when we release it. We'll be fully opening up the API as well, and there is some nice money people could make by converting the wxPython to work on a Mac, or by writing mobile applications for it (which you could write in PHP and wrap with PhoneGap into a native app and sell in the app store). We also have a kickstarter campaign going for it, which you can take a look at: Anyway, I'll definitely be coming back and letting you know when we release it open source. Any questions, feel free to post in this thread (for a slow response) or shoot me an email - [email protected] - (for a faster response). Take care all, and happy PHP coding ;) -Seanybob

Just a little update on this multiplayer system. We're doing a special deal for the next 10 days where if you buy the seven game package, you will get a new bonus game thrown in for free. The bonus game is Stratego, a classic ctf-war game. Read more about the deal at the link below: [mp]227[/mp]

Hey Paddy, A lot of the code was revamped, including the entire draw_board function. I unfortunately didn't keep a list of the things changed, so it's not possible to run through and tell you what lines are changed. I think the only files we didn't make alterations to were ttt_config, sb_chat, and sb_header. One of these programs may help you though: http://www.thefreecountry.com/programming/filecomparison.shtml Again, sorry - in hindsight I should have documented the changes. -Seanybob

Mod Updated! For those of you who have it installed, re-download it from the first post. Ignore the instructions - all you need to do to update your version on your servers is to re-upload all the files (no sql changes were made). All the bug fixes sent to us via PM/this thread have been fixed. (If we overlooked one, feel free to point it out to us!) Some of these fixes applied for the other games as well, so those of you who have purchased the games will receive an email to your inbox shortly with the patch files. Thanks all ;)

Currently, we are mostly focusing on two-player games. Monopoly/Snakes & Ladders is usually about 4 players... The main issue with doing those games is that they add a whole new level of complexity to the code. To do them properly would take a month, instead of just a couple days like the other 2 player games. Because of this, it wouldn't make sense - since the McCode community is used to buying cheap mods, I sincerely doubt whether I could sell Monopoly or Snakes/Ladders for more than 30 bucks, and it would suck up a month of my time. If ten people bought it, that would be $300, for ~30 days worth of work, several hours a day... which would equate to way less than minimum wage.

Interesting error - We managed to duplicate it. It existed when someone left and a new person joined within the <5 second period before the player who stayed's page refreshed and checked to see if a person left. An update will be pushed out shortly.

Hehe, thanks mate. And... I'm not much of a graphics guy (as many people can attest to). Looks good.

5 seconds is what we decided was optimal. Playing with 2 players, when each player usually takes about 10-15 seconds per move, an extra 1-5 seconds of lag won't be noticed. We could have put 5 times the strain on the server and lowered it to 1 second always, or put twice as much strain on the server and made it 2.5 seconds max, but 5 seconds seemed just fine to us. If you have a high-end server and no bandwith concerns, feel free to up it to 3 seconds per refresh. I wouldn't recommend 1 (the benefit vs. cost isn't worth it there).

Hehe :P You're really intent on getting that Hall of Fame working for Tic-Tac-Toe. I'd have to recode portions of Tic-Tac-Toe to make it fully compatible with the hall of fame... and... I really don't want to. I'll toss the idea to my partner though, see if he wants to do it. I just hate the idea of making a hall of fame for a "solved" game like Tic-Tac-Toe that people can ensure they always win or tie on.

Paddy is completely correct. The hall of fame is only functional for the other paid games, not this free game. As for the surrender option - the person auto-loses if the game has started and they leave the table (which I guess is what you're looking for?). For those who really like this mod, you should totally be checking out the other games - they are, quite simply, a lot better. I'm always willing to haggle a little on price.

This mod was not made for version 1, that's why. You must have converted it wrong. It'd be fairly difficult to convert mate - I honestly wouldn't bother. You'd have to go through every file and restructure the queries, you'd have to change the global variables in all the functions from $db to $c, you'd have to change the headers in the files from the mcv2 to mcv1, and that's just what I remember off the top of my head. There's a reason I didn't make a v1 version of this mate. I do wish you the best of luck though if you continue trying to convert it, but I really want no part in that - seems liike a waste of time to me. Edit: As for the error you were getting in that file you posted, I have no way of knowing. I have no idea what's in your mysql.php file. However... it looks like perhaps a connection to the database isn't being established properly on that page, for one reason or another.

Also, just a note, we've cut the prices in half for the paid games. Check out the new listing below:   [mp]198[/mp]

Yes, of course. However, we choose not to. It's useful having the framework in separate files, so to create a new game we just have to create 3 new files. Oh, and the config file could be jammed into another file. The func file doesn't really have to be separate from the play file. Etc, etc. However, it seems much more readable and easier to navigate that way (as well as making more logical sense in my mind), so that is the way we'll keep it.

There was a minor ascetic bug in this mod (as a result of an overzealous copy and paste session). It could not be exploited. The files above have been updated, so if you download the files after this post, it will already be fixed. If you downloaded the files before this post, to fix: 1) Open up ttt_play.php 2) Find $db->query("INSERT INTO man_chat (man_room, timestamp, txt) VALUES($roomid, unix_timestamp(), '$txt')"); 3) Replace with $db->query("INSERT INTO ttt_chat (ttt_room, timestamp, txt) VALUES($roomid, unix_timestamp(), '$txt')"); Sorry about that. ;)

A partner and I have just finished coding several multiplayer games using a framework we developed. To highlight our new products, we specifically created a Tic-Tac-Toe mod using that framework that we are releasing for free to the McCode community. Screenshot: Download: Tic-Tac-Toe.zip Demo: Demo Site *Note - You'll need two people (or two browsers logged into two different accounts) to experience much in the demo. Our other, paid products: Multiplayer Mancala Multiplayer Connect 4 Multiplayer Backgammon Multiplayer Battleship Multiplayer Othello Multiplayer Checkers Multiplayer Minesweeper All available at: [mp]198[/mp]

I fail to see how you can pay for hosting (Minimum $5 a month, real servers cost $40+ a month) and can't afford a domain ($8 a YEAR). Your logic is so full of holes. Gambino, you're full of it. Your script is McCodes with a few tweaks. Take your scams elsewhere. Thread locked. Edit: He sent me a PM, attempting to prove his codes weren't a rip-off of McCodes. The file he sent me was globals.php (but renamed with a different name). It's identical to the McCodes, with changed names for several variables, but the same exact structure. Any doubts I had were erased.

Anyone know what happened to that free space template that was on here a lil while ago? I remember stumbling across it in one of the folders, but cannot find it via browsing or searching. I wanted it for a development test-site, to give it a bit more aesthetically pleasing look while it's being developed.

Sigh.

I don't mean to keep disagreeing with you, but... that is irrelevant. The mod he posted in the first post automatically grants the user the bonus when they first login. There is no 'claiming' involved, just login for the first time and 'poof' you get it.   Meh, to each his own. I disagree completely - no need to use a function that is full of bloated junk you don't need, but you're way works just fine too here.

I may have missed something, but I see no need for item_add here... item_add just adds a new item to a user's inventory, quantifying it with other items that exist within a user's inventory. However, a new user is guaranteed to have an empty inventory. So... no reason to quantify it.

Nifty. However, you save save yourself the extra field in the user's table by just adding this to the register page, immediately after inserting data into the user's table. ;)

Ok. Indeed, if it's hosted on another server (say, their server) you'd have to worry about that. However, you'll notice all major sites immediately upload the image to their own servers. You may say that's just because they have the space to - but I'd say the focus is more on the fact that they would prefer not to rely on ANY other site but their own to maintain security. That is what I would do. I'd verify that the file was an image, and store a local copy of it on my server. I would consider setting up some complex regex to allow 'possibly' one off-site image storing service like photobucket (which would get rid of your htaccess problem). Uploading images to your server though would have it's own special security in place, and I would not take care of that in header.php, but would do that separately.   Good to hear! I'd also suggest (if you haven't already) getting deeply involved in javascript (and specifically jquery and ajax). That, combined with php, is where the future of the web is at.

Yeah, I agree with that basic principle - thus my condition. I don't do 'incentivized' traffic. Sure, it's cheap, but those aren't the kind of people I'm looking for.   Indeed. Although, you could pay for clicks (but really being desiring the impressions). I've used Adwords for that in the past - got hundreds of thousands impressions for the price of a couple clicks. 'Course, after a while my ad stopped being shown... Bertrand, curious if you have any recommendations for PPI advertisers (not Google). I've used Adbrite in the past, but wasn't really satisfied.

And, for those <10 inputs in game that require a different method of sanitizing, you could set a flag on that page. Simple. These include, as I started mentioning before but didn't make a full list, profile signatures, mailboxes, and forums.   That is actually quite easy. The output was already secured. Why? Because we secured the INPUT, when it was received, as it should have been - which can easily be done through header.   Actually, no. In McCodes, there are three types of input. Numbers, strings consisting of just a-zA-Z0-9, and more complex strings - and the more complex strings I mentioned above (forums, mailboxes, etc.).   Yes, using many of the securing methods you guys use on here would cause problems if you used them in header. You'd have to be a bit more creative.   If you have an excessive amount of time on your hands, and are getting paid based on how 'hard' your project is, then yes, you're absolutely correct. However, if you're looking to advance your understanding in the Computer Sciences in general (and specifically algorithms) I disagree entirely. If I were to do a binary search on 100 numbers, I could go through and make 100 if statements, checking to see if the number I'm searching for is a specific number, 1-100. Or... I could use a while loop with 1 if/else statement, and get the job done in about 3 lines of coding.   Actually, you are correct here. I forgot that the default McCodes separates login and authenticate - in that case, yes, it would be authenticate.   All in all, you guys are decent programmers. You know more than a lot of the people I work with do. Except, having learned from and never (ok, rarely - there are a few) seeming to move beyond McCodes programming, you all fail at algorithms, and prefer to 'brute force' program instead.   (Also, I'd just like to note that here I'm talking about securing inputs in general. Making sure people don't access information that is not theirs [i.e. changing the message ID on mailbox to view someone else's messages] is something I'd just assume people would do in their code. I have to wonder if you guys secure that sort of thing too when you go through the 126 [or however many] files of McCodes.)

For the record, I disagree with those above. You should be securing about 3 files. Header.php, register.php, and login.php. I'd probably secure mailboxes and forums separately, so that may bring the total up to 5. You're all doing it the hard way. ;)