Jump to content
MakeWebGames

[MOD] Item Market Auction


Uridium
 Share

Recommended Posts

Guest Anonymous

Re: [MOD] Item Market Auction

Just have a look in these forums, there are plenty of topics discussing various methods of protecting this type of code. - All I'm doing is pointing out that the software as it stands should not be used on production boxes,

Link to comment
Share on other sites

Re: [MOD] Item Market Auction

Im hoping this one will solve the solution if not i will remove the post until i can make it safe..

Place below the include "globals.php"; on each page

 

function escapeString($string) { 
if (get_magic_quotes_gpc()) $string = stripslashes($string); 
return mysql_real_escape_string($string); 
}
Link to comment
Share on other sites

Guest Anonymous

Re: [MOD] Item Market Auction

 

what do you mean by very insecure? cos im a noob and its working perfectly :?

Well.... what can I say --

Running a game covers a lot of skills, initially it (IMO) requires the ability to create something "new" -- I've looked at hundreds of this genre of game, and seen none that are different or unusual enough to make me stop and pay more attention.

Next is the ability to make it look good - Almost all these games are the same:

+------------------+
| Header           |
+------+-----------+
| Menu | Body      |
+------+-----------+
| Copyright        |
+------------------+

 

Try to think outside the box. This requires HTML, and CSS skills

Next... your target audience - Well I know from looking around that there are a lot of angry, infantile people out there who just want to cause mayhem wherever they go.

This requires a lot more thought -- Good PHP and SQL knowledge is essential here. I won't explain *why* the script above is insecure, as it's not my place and it would not be responsible, however lets say it won't be running on any systems I run.

People *will* attempt to abuse your system - the standard DBS/MCcode system has zero, zilch, nada, bugger all, etc logging facilities that are strong enough to track down these abusers, so you have to learn to secure your system because quite simply as sure as rain comes down, you will get attacked at some point.

There is unfortunately no simple solution - you have to learn to read the manuals, to understand the comments here in other topics and to pay attention to those of us who might just have spent more then 4 milliseconds looking at PHP.

Auction markets are great - They can be a handy extension to these types of games, and yes, the OP has provided something that does work -- however I stand by my comment: *** Very Insecure ***

Once you learn *why*, you will be on the road to understanding how conceptually complex any web-based application can be.

Link to comment
Share on other sites

Re: [MOD] Item Market Auction

 

This auction market is the one by DBS i belive.

I think the only auction markets that have been created are by dbs and lostone.

(lostone's is more sucure and dosn't use a cron)

Paid mod im pretty sure.

So what your saying is LostOnes script is more secure and yet this one is a paid mod and by the reading on Nynas Post is the most unsecure Mod made for the mccodes purchasers....

 

That doesnt make me feel good about purchasing any Paid script off here then

Few quotes...

 

This requires a lot more thought -- Good PHP and SQL knowledge is essential here. I won't explain *why* the script above is insecure, as it's not my place and it would not be responsible, however lets say it won't be running on any systems I run.

But apparently the scripts already in cirulation here ?

 

the standard DBS/MCcode system has zero, zilch, nada, bugger all, etc logging facilities that are strong enough to track down these abusers,

So the basics to that is NO SCRIPT on here is secure ?

 

Auction markets are great - They can be a handy extension to these types of games, and yes, the OP has provided something that does work -- however I stand by my comment: *** Very Insecure ***

which is basically the same as itemmarkets and crystal markets.

So to catagorise all the above info we find that MCCODES is insecure, people are charging others to have their websites hacked. and CriminalExistance is allowing this.. HMMMM time to find a better solution

Link to comment
Share on other sites

Guest Anonymous

Re: [MOD] Item Market Auction

Hehe, sorry Illusions -- I may have just shattered some of your illusions as it were...

Yes, there are paid mods and there are free mods -- Which are better? Well IMO free mods. Why? because *everybody* has a chance to analyze the source code, and make improvements -- This is the basic tenant of Open-Source.

I have never paid for a script from here, nor am I likely to, although I am asked by certain authors to check their code prior to release to find those difficult to spot but nasty like points that could put somebodies game at risk.

As for the scripts here - Well there are a few good ones, I won't comment on mine, but take for example LostOne's work - He's competent enough, he understands most of the processes used to "break" a script and is capable of blocking these types of attacks - so yes, his code is pretty safe. He also seems to come up with some rather off-the wall ideas which strangely work rather well (:p).

There *are* secure scripts here. but it is up to you as a game designer/author/"coder" to determine which is safe, stable, and useful in your game.

Scripts with glaringly obvious flaws I feel should be pointed out to unwary, unsuspecting, or "new" "coders" otherwise, they will learn nothing except that there are a lot of people out there who are not interested in playing, but just want to make your life a misery.

And no CE does not condone people charging to hack? (crack is the proper term) sites, nor do be automatically remove poor quality scripts, however I feel that pointing out that a script ~may~ be or ~is~ insecure is useful.

Maybe I should setup a points service -- submit your script for analysis, I'll examine it and award points for secure code ... Hmm ...

Link to comment
Share on other sites

Re: [MOD] Item Market Auction

I think we need something here. Instead of people crying, and whining about scripts, cant we work along to better them? Alot of people say this -n- that, and are negative, stop the bitching, and lets really make MC work. For example the attack script is a piece of crap, yet there are not that many posts about it here. Why is that. I have seen people post here, and be completely ripped apart, while others post, and are loved by all. Where do I sign up to get in the loop? Illusions you should leave the script up, and lets try to resolve the security issues here. I would rather see them worked out, than have to buy another crap mod that dont work, and fix it myself.

Link to comment
Share on other sites

Re: [MOD] Item Market Auction

The script does work JD i tested it on two servers. but regards the injection bit im not up on the safety aspect of the code all i know is it works..

yes your right it would be nice to see this script with a more secure rating.. when i got the script of a dodgy website Granted it never worked but ive put a lot of my work into it to make it work and share with others.. The reason im not selling it for 1 its not mine 2 i dont see the point in charging for something when the Bloody stupid Mccodes Program cost the person $300 to begin with.

So what you get for $300..

ATTACK doesnt work i spend more time getting a message saying bad bad girl...

FORUMS. Was pointed out in previous posts to be very insecure

HEADER. well thats just a waste of space you add html to any script and you get an heading error.

Has anyone been on the Mono Country website lately half of theri site doesnt even work...

But i can guarantee you this when they launch the next mccodes I bet you half the mods on this forum will be implemented into it in some way or another,,

Link to comment
Share on other sites

Re: [MOD] Item Market Auction

 

Maybe I have too much of a business based mind set, but other sites flaws is a bonus to yourself - aka, if they get hacked, they will lose players, players which may make it to your game, which is secure - if you know how.

So what your basically saying then your watching people on here that dont know about the security isuuses on their games. so when some poor coder has worked months to get the site as they want it all the sleepless nights trying to get it up and running for the public. Unknowing that some day he's gonna get hacked.

And that some person with the security knowledge is going to reep all the benefits by luring his players and watch his his hard work goes to ruins.

Thats not a business mind thats just fecking evil.

Link to comment
Share on other sites

Re: [MOD] Item Market Auction

Many modifications on here are very insecure.

But as an owner as pointed out before you should be the one making sure you are not using insure mods and if you do PATCH them up!

CE is a great resource in helping people better there work and learn.

The DBSv2 $300 script is very insecure but so worth the money in my opinion. If Dabs had not created this code you would never have this community and the support for coders around!

It's not the point in if a game mod works it's the point is it secure?

Fair enough we should be helping secure mods but not condone the use of illegal one's i believe this mod should be removed because of this.

Nyna i like your idea i would like to see this happen but it would cause you allot of extra work.

Any ways in a simple answer to your question "are the safe mods on CE (secure)",

Yes there is but it's up to you to notice and decide which ones are secure.

Link to comment
Share on other sites

Re: [MOD] Item Market Auction

 

Many modifications on here are very insecure.

But as an owner as pointed out before you should be the one making sure you are not using insure mods and if you do PATCH them up!

CE is a great resource in helping people better there work and learn.

The DBSv2 $300 script is very insecure but so worth the money in my opinion. If Dabs had not created this code you would never have this community and the support for coders around!

It's not the point in if a game mod works it's the point is it secure?

Fair enough we should be helping secure mods but not condone the use of illegal one's i believe this mod should be removed because of this.

Nyna i like your idea i would like to see this happen but it would cause you allot of extra work.

Any ways in a simple answer to your question "are the safe mods on CE (secure)",

Yes there is but it's up to you to notice and decide which ones are secure.

 

Well i have to say that shines a new light on things your post made the most sense. as i said before im not good with how to secure an SQL injection and to be honest im not even sure how they do it. But all i know is everyone on this forum is helping someone else and then you get One Person who Bitches and the rest flock like lemmings. Which too me is uncalled for.

But i would like to lean and know hwo the SQL injection system works so i can work on better coding routines.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...