mmomaker Posted January 2, 2009 Posted January 2, 2009 hi guys i have just found out there is a hack to get 100 exp when u attack ok here i go this how it works say my name iin game was Mmomaker turn it to 'Mmomaker' next i attack someone and i get 100 exp i go 1 lvl up easy i am tellin u this because is there away to disallow ' in the username please help fast as people are cheating thks mmomaker Quote
Lithium Posted January 2, 2009 Posted January 2, 2009 Re: Help!! Mccodes Lvl hack that is not an hack... You should trim usernames to allow only a-zA-Z0-9, and also... it doesn't give 100% exp... You beat xxx and gained 6% EXP! You hide your weapons and drop xxx off outside the hospital entrance. Feeling satisfied, you walk home.QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'triplx'' WHERE userid=5' at line 1 Quote
mmomaker Posted January 2, 2009 Author Posted January 2, 2009 Re: Help!! Mccodes Lvl hack its does on my game, so how do i disallow ' in the names can someone help me pplz Quote
Lithium Posted January 2, 2009 Posted January 2, 2009 Re: Help!! Mccodes Lvl hack Allow alphanumeric only $string = "/^[A-Za-z0-9]+$/"; Allow alphanumeric with spaces $string = "/^[A-Za-z0-9 ]+$/ "; Allow alphanumeric with underscore and dashes $string = "/^[A-Za-z0-9_-]+$/"; Allow alphanumeric with underscore, dashes, and spaces $string = "/^[A-Za-z0-9_- ]+$/"; and then preg_match( $string, "text to remove unwanted chars" ) Quote
radio_active Posted January 2, 2009 Posted January 2, 2009 Re: Help!! Mccodes Lvl hack Allow alphanumeric only $string = "/^[A-Za-z0-9]+$/"; Allow alphanumeric with spaces $string = "/^[A-Za-z0-9 ]+$/ "; Allow alphanumeric with underscore and dashes $string = "/^[A-Za-z0-9_-]+$/"; Allow alphanumeric with underscore, dashes, and spaces $string = "/^[A-Za-z0-9_- ]+$/"; and then preg_match( $string, "text to remove unwanted chars" ) Or you could just use a if statement with an array.. if (!ctype_alnum(str_replace(array('_', ' '), '', $string))) Allowing Alphanumeric with _ and spaces. To use that in your username change you would do something like if (!ctype_alnum(str_replace(array('_', ' '), '', $_POST['newname']))) and implement that into the file So you would then be using something like this.. function do_name_change() { global $db,$ir,$c,$userid,$h; // Edited by zero-affect if($_POST['newname'] == "" || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " || $_POST['newname'] == " " && $_POST['newname'] == " ") { $i = mysql_query("SELECT * FROM users WHERE username='{$_POST['username']}'") or die(mysql_error()); if(mysql_num_rows($i)) {echo 'Username already in use!';$h->endpage(); exit; } print "You did not enter a new name. [url='preferences.php?action=namechange']> Back[/url]"; } else { if (!ctype_alnum(str_replace(array('_', ' '), '', $_POST['newname']))) { echo "You have an invalid character in your name"; } else { $checkun=$db->num_rows($db->query("SELECT * FROM users WHERE username='{$_POST['newname']}' AND userid!=$userid")); if($checkun) { echo "Username is already in use."; $h->endpage(); exit; } $checkln=$db->num_rows($db->query("SELECT * FROM users WHERE login_name='{$_POST['newname']}' AND userid!=$userid")); if($checkln) { echo "Username is already in use."; $h->endpage(); exit; } $db->query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid"); print "Username changed!"; } } } Quote
Haunted Dawg Posted January 2, 2009 Posted January 2, 2009 Re: Help!! Mccodes Lvl hack $_POST['newname'] = str_replace("'","",$_POST['newname']); Quote
Magictallguy Posted January 3, 2009 Posted January 3, 2009 Re: Help!! Mccodes Lvl hack You could always mysql_real_escape_string() $_POST['newname'] = mysql_real_escape_string($_POST['newname']); Quote
Haunted Dawg Posted January 4, 2009 Posted January 4, 2009 Re: Help!! Mccodes Lvl hack You should not use mres because people on this forum get moody altho i still use it and do not care. Quote
Zero-Affect Posted January 4, 2009 Posted January 4, 2009 Re: Help!! Mccodes Lvl hack nice lol noticed my name in there then lol Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.