Jordan Palmer

No, were doing it a way which make's sure that everything on every page is secured, I don't care how your way work's but all i'll say is, securing every page in my eyes is needed

Cronus has released this as a paid modification..

Go too config.php maybe?

That is one way off doing it yes, but then he'll need your db so he can check everything too.

Ok, Well basically Webster Tried too create this and basically he couldn't and well I liked the basic idea so I went along and create a version, This isn't taken from his script, I've purely coded this, With help from notepad ++ Whats this mod do?; This allows current staff member's to resign, This make's them give a reason, The reason then checks if there's links in the reason supplied, and if there is an link, it'll error and the staff member will have to re do his reason until he gets it right without trying to spam/advertise This then logs the time they resigned and the reason the supplied, So you know why everyone's resigning from staff, So issue's can be resolved alot quicker, This also the IP, So that if a user says it wasn't me blah blah, You can then check what IP signed off as staff What's this consist off?; 1 PHP File 1 SQL One edit too staff_logs.php Anyway here goes, I think it's pretty well secured, However someone could spot an vulnerability, If they do either supply a fix or tell me and I'll sort it out Call this resign.php <?php /*---------------------------------------------------- -- Staff Resign Mod & Logs -- Product Copyright (c) Jordan Palmer 2010 -- Free for ALL Members | Mccode V2 -- Contact me @ [email][email protected][/email] -----------------------------------------------------*/ include_once (DIRNAME(__FILE__). '/sglobals.php'); $_GET['resign'] = isset($_GET['resign']) && ctype_alpha($_GET['resign']) ? trim($_GET['resign']) : 'Index'; switch($_GET['resign']) { case 'Yes': Remove(); break; case 'No': take_home(); break; default: Index(); break; } if (!in_array($_GET['resign'], array('Index', 'Yes', 'No'))) { echo('Invalid Command!'); exit($h->endpage()); } function Index() { echo '<h3 style="text-decoration: underline;">Staff Resign</h3>'; print ' You are currently choosing if you wish to leave staff and go back to a member, Please be sure as there is no way to undo this action, When you click leave staff you leave ALL your powers behind, Please remember this '; echo '[url="?resign=Yes"]Resign Now[/url] [url="?resign=No"]No, take me home[/url] '; } function Remove() { global $userid,$h,$db,$IP; if(isset($_POST['Resign_Reason'])) { if($_POST['Resign_Reason'] == "") { print "You did not supply a reason, We need you supply one so we can make the game better "; exit($h->endpage()); } if (preg_match('~(www\.|http\://|\.com|\.co\.uk|\.net|\.org)~', $_POST['Resign_Reason'])) { echo 'Links cannot be used in your reason'; exit($h->endpage()); } else { $_POST['Resign_Reason']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['Resign_Reason']); $db->query("UPDATE users SET user_level=1 WHERE userid=$userid"); $db->query("INSERT INTO resign_log VALUES(NULL, $userid, unix_timestamp(), '".mysql_real_escape_string($_POST['Resign_Reason'])."', '$IP')"); print "Your now a member, Thank you for your help and support"; } } else { print "<h3>Resign Form</h3> Please supply a reason why you have resigned from staff, It could help us, And may help you. <form action='?resign=Yes' method='post'> Reason: <input type='text' name='Resign_Reason' value='' /> <input type='submit' value='Resign' /></form>"; } } function Take_home() { global $userid; print 'We are taking you home now, Thank you for staying on'; print '<meta http-equiv="refresh" content="4;url=/index.php" />'; event_add($userid,"We noticed you went to resign, Please mail ID 1 if you have any issues",$c); } $h->endpage(); ?>   SQL; [mysql]CREATE TABLE IF NOT EXISTS `resign_log` ( `id` int(11) NOT NULL auto_increment, `user` int(11) NOT NULL default '0', `time` int(11) NOT NULL default '0', `reason` varchar(255) NOT NULL default '', `ip` varchar(15) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;[/mysql] Staff logs edits; Case; case 'resignlog': resigned_log(); break;   Function; function resigned_log() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 2) { echo("403"); $h->endpage(); exit; } $_GET['st']=abs(@intval($_GET['st'])); $rpp=100; print '<h3 style="text-align: left; text-decoration: underline;">Resign Logs</h3> <table border="1" width="100%" class="table" cellspacing="0" cellpadding="2"> <tr style="text-align:center;"> <th>User</th> <th>Reason</th> <th>Time</th> <th>IP</th>'; $logs=mysql_query("SELECT s.*, u.* FROM resign_log AS s LEFT JOIN users AS u ON s.user=u.userid ORDER BY s.time DESC LIMIT {$_GET['st']},$rpp"); while($r=$db->fetch_row($logs)) { print "<tr><td>[url='/viewuser.php?u=".$r[']".$r['username']." [".number_format($r['userid'])."][/url]</td> <td>".htmlentities(stripslashes($r['reason']))."</td> <td>".date('F j Y g:i:s a', $r['time'])."</td> <td>".$r['ip']."</td></tr>"; } print "</table> "; $mypage=floor($_GET['st']/$rpp)+1; $q2=mysql_query("SELECT id FROM resign_log"); $rs=$db->num_rows($q2); $pages=ceil($rs/$rpp); print "Pages: "; for($i=1;$i<=$pages;$i++) { $st=($i-1)*$rpp; print "[url='staff_logs.php?action=resignlog&st=$st']$i[/url]"; if($i % 7 == 0) { print " \n"; } } }   I don't think I've missed anything, I won't supply screen shots as I've already stated what it does and what not so yeah

Care to elaborate? All I'll say is i wont use this. Simply because if a staff member wishes to resign a simple mail too me would cover it :)

That's what I was trying too say, It's a stupid idea

Good Point xD

Every tried adding a query? [mysql]UPDATE users SET new_mail=new_mail+1 WHERE userid={$r['userid']}[/mysql] That should be correct, You should know where to add it -.- :P

This is pretty decent, I do like JavaScript menu (: Not good colours but I won't be using it anyway - Good work :)

You've made some very good points there kyle!

Sorry read the first post wrong. Immortal, Ask you're host too have a quick look, They'll know if its an server error . I've never had this issue so..I don't know what too say really

All I've done is made it work, I think thats what he was after, All he has to do is edit

Redex, You've used die(); then echo(); in the die(); You cannot do that -.-, Also the $gang still isn't defined. Here's a working code, All it does if the user has been in the gang for 30days then they can declare war <?php require_once (DIRNAME(__FILE__) . '/globals.php'); global $ir,$h; if($ir['daysingang'] < 30) { echo "You cannot declear war right now"; $h->endpage(); exit; } else if($ir['daysingang'] > 30) { echo "You can now [url='yourgang.php?action=staff&act2=declare'][b]Declare War[/b][/url] "; } $h->endpage(); ?>   Not tested but I think it'll work

Pointless post much?

He could also do with some more info on the pages, There isn't enough to make me wanna hire him yet

I really don't think it needs changing, If you're post is too long simply PM him

What do you mean?

Do you define the GET? Is the link correct?

Good find Illusions, I do this manually, however great for those who don't wish too

I have to admit, I've seen alot off post's about how bad PardioWars is however It does look successful :)

Looking good, Very good engine too use too :)

I couldn't be bothered to think off nicer words lol

One single mod won't secure your game lol It's not a crime to ask for help, If you do it in the right section :)

I wouldn't say mine is either :)