Game Security

[Gucci Mane]

I have my own game, I havestarted about 2 weeks back. I need someone to help me secure it. I only have the IP hack secured.

Please Help.

[Nicholas]

in cmarket.php put this under include "globals.php";

 

$_GET['ID'] = abs(@intval($_GET['ID']));

 

find this in header.php, login.php, register.php, authenticate.php, then finally in global_func.php find function stafflog_add.

 

$IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) 
? $_SERVER['HTTP_X_FORWARDED_FOR'] 
: $_SERVER['REMOTE_ADDR'];

 

and change it to this

 

$IP = $_SERVER['REMOTE_ADDR']; 
$IP = mysql_real_escape_string($IP);

 

not 100% sure this is right but i think this is will secure the forums.

find this in forums.php which is usually found near

You have been forum banned for {$ir['forumban']} days.

 

$_GET['viewforum']=(int) $_GET['viewforum']; 
if($_GET['viewtopic'] and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; } 
if($_GET['viewforum']) { $_GET['act']='viewforum'; } 
if($_GET['reply']) { $_GET['act']='reply'; } 
if($_GET['empty']==1 && $_GET['code']=='kill' && $_SESSION['owner']) 
{

 

replace it with this

 

$_GET['viewforum'] = abs(@intval($_GET['viewforum'])); 
$_GET['viewtopic'] = abs(@intval($_GET['viewtopic'])); 
$_GET['reply'] = abs(@intval($_GET['reply'])); 
$_GET['quote'] = abs(@intval($_GET['quote'])); 
$_GET['empty'] = abs(@intval($_GET['empty'])); 
$_GET['topic'] = abs(@intval($_GET['topic'])); 
$_GET['post'] = abs(@intval($_GET['post'])); 
$_GET['act'] = isset($_GET['act']) && is_string($_GET['act']) ? strtolower(trim($_GET['act'])) : false; 

if($_GET['viewtopic'] and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; } 

if($_GET['viewforum']) { $_GET['act']='viewforum'; } 
if($_GET['reply']) { $_GET['act']='reply'; } 
if($_GET['empty']==1 && $_GET['code']=='kill' && $_SESSION['owner']) 
{

[Danny696]

but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol.

Because you havent got php5, you get an error, if you follow the damn insturctions then its not annoting.

[warnbox]Post edit reason: Do not dish members, be helpfull and respectfull[/warnbox]

[Gucci Mane]

Tanks :D

Thnk nichlas I appreciae i alot

Dany 696 hes trying to help no need to be mean lol

[Gucci Mane]

Nicholas

I dont have

 

$IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) 
? $_SERVER['HTTP_X_FORWARDED_FOR'] 
: $_SERVER['REMOTE_ADDR'];

 

I only have

$IP = $_SERVER['REMOTE_ADDR'];

[Nicholas]

RE: Nicholas

 

I dont have

 

 
$IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) 
? $_SERVER['HTTP_X_FORWARDED_FOR'] 
: $_SERVER['REMOTE_ADDR']; 

 

I only have

 
$IP = $_SERVER['REMOTE_ADDR']; 

 

 

add under

 

$IP = $_SERVER['REMOTE_ADDR'];

 

$IP = mysql_real_escape_string($IP);

[AlabamaHit]

there is no need to Escape an IP.

$IP = $_SERVER['REMOTE_ADDR'];

Is more than enough.

[wolfe]

If you are installing the basic code you will really need to go thru each file and make sure everything is secured. If you use the search feature there are a lot of helpful threads on here to help you do that.

[Djkanna]

but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol.

Um no he hasn't you can simply remove the format function from the script and replace it with stripslashes(htmlspecialchars()) or none that's up to you but if I remember correctly your the one that didn't read the instructions then complained that you got the function error.

So before you even try to disrespect other's mods/work, how about do it yourself and read a manual instead of asking for things on a silver platter (This is in reference to the ammount of stuff he has asked for). Or perhaps spending a few bucks, dollars, pounds, euros whatever on a coder to do it for you instead of wanting the stuff free.

I think I've gone off topic.

Um yeah you can NOT secure your site/game with just a few lines of code, you need to go through every file and manually secure it, which if you know what your doing and have the time doesn't really take long, (Not speaking from experience as I'm only just learning the basics but from what I've been told).

Moderators: If you feel I've stepped over the line with the whole Nicholas thing then remove it I don't mind or care :P

DJK :whistling:

[Nicholas]

but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol.

Um no he hasn't you can simply remove the format function from the script and replace it with stripslashes(htmlspecialchars()) or none that's up to you but if I remember correctly your the one that didn't read the instructions then complained that you got the function error.

So before you even try to disrespect other's mods/work, how about do it yourself and read a manual instead of asking for things on a silver platter (This is in reference to the ammount of stuff he has asked for). Or perhaps spending a few bucks, dollars, pounds, euros whatever on a coder to do it for you instead of wanting the stuff free.

I think I've gone off topic.

Um yeah you can NOT secure your site/game with just a few lines of code, you need to go through every file and manually secure it, which if you know what your doing and have the time doesn't really take long, (Not speaking from experience as I'm only just learning the basics but from what I've been told).

Moderators: If you feel I've stepped over the line with the whole Nicholas thing then remove it I don't mind or care :P

DJK :whistling:

when did i disrespect other peoples mods/work? i was just saying that magictallguy's forum is confusing to work out how to get it to work if your a beginner, like i was (still am, but i learn more and more each day) when i first got his forum mod...

why does everyone think im disrespecting someone or whatever when im not even trying too...

[Danny696]

Off-Topic - You said his mods are annying, thats insulting.

"magictallguy's forum is confusing to work out how to get it to work if your a beginner" - Im sure a beginner will read thougharlly (Wheres the damn spell check!) the instructions, if i said to a newbie, "Install this Forum" im sure they would do it without and hassle, because they would read what to do. Im sick and tierd of people never reading what has to be done to make a mod work, Lets take an example of an old mod from the CE days, a cocky newb installed it to their game, and then complained it didnt work, they posted the error, they didnt run the SQL. Then lets take an example of one of Nicholas 'errors' HE installed a mod that MTG made, then posted ip the error saying the function wasnt their, when it said, as clear as day, that you need that function. N00B's becoming worse and worse every day.

On-Topic - DJK's right if you want a secure site, re-code it or pay someone like mtg :whistling: to do it

[Djkanna]

but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol.

Um no he hasn't you can simply remove the format function from the script and replace it with stripslashes(htmlspecialchars()) or none that's up to you but if I remember correctly your the one that didn't read the instructions then complained that you got the function error.

So before you even try to disrespect other's mods/work, how about do it yourself and read a manual instead of asking for things on a silver platter (This is in reference to the ammount of stuff he has asked for). Or perhaps spending a few bucks, dollars, pounds, euros whatever on a coder to do it for you instead of wanting the stuff free.

I think I've gone off topic.

Um yeah you can NOT secure your site/game with just a few lines of code, you need to go through every file and manually secure it, which if you know what your doing and have the time doesn't really take long, (Not speaking from experience as I'm only just learning the basics but from what I've been told).

Moderators: If you feel I've stepped over the line with the whole Nicholas thing then remove it I don't mind or care :P

DJK :whistling:

when did i disrespect other peoples mods/work? i was just saying that magictallguy's forum is confusing to work out how to get it to work if your a beginner, like i was (still am, but i learn more and more each day) when i first got his forum mod...

why does everyone think im disrespecting someone or whatever when im not even trying too...

It's the words in which you choose you use ;)

@Danny: So true (The spellcheck statement anyway) xD

[Nicholas]

oh right... well it wernt meant to be said in a nasty way, just way i type on computers lol.

[Nicholas]

updated the secure game post, up top... hopefully that will secure the forums :)