Gucci Mane Posted October 3, 2009 Share Posted October 3, 2009 I have my own game, I havestarted about 2 weeks back. I need someone to help me secure it. I only have the IP hack secured. Please Help. Quote Link to comment Share on other sites More sharing options...
Nicholas Posted October 3, 2009 Share Posted October 3, 2009 in cmarket.php put this under include "globals.php"; $_GET['ID'] = abs(@intval($_GET['ID'])); find this in header.php, login.php, register.php, authenticate.php, then finally in global_func.php find function stafflog_add. $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; and change it to this $IP = $_SERVER['REMOTE_ADDR']; $IP = mysql_real_escape_string($IP); not 100% sure this is right but i think this is will secure the forums. find this in forums.php which is usually found near You have been forum banned for {$ir['forumban']} days. $_GET['viewforum']=(int) $_GET['viewforum']; if($_GET['viewtopic'] and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; } if($_GET['viewforum']) { $_GET['act']='viewforum'; } if($_GET['reply']) { $_GET['act']='reply'; } if($_GET['empty']==1 && $_GET['code']=='kill' && $_SESSION['owner']) { replace it with this $_GET['viewforum'] = abs(@intval($_GET['viewforum'])); $_GET['viewtopic'] = abs(@intval($_GET['viewtopic'])); $_GET['reply'] = abs(@intval($_GET['reply'])); $_GET['quote'] = abs(@intval($_GET['quote'])); $_GET['empty'] = abs(@intval($_GET['empty'])); $_GET['topic'] = abs(@intval($_GET['topic'])); $_GET['post'] = abs(@intval($_GET['post'])); $_GET['act'] = isset($_GET['act']) && is_string($_GET['act']) ? strtolower(trim($_GET['act'])) : false; if($_GET['viewtopic'] and $_GET['act'] != 'quote') { $_GET['act']='viewtopic'; } if($_GET['viewforum']) { $_GET['act']='viewforum'; } if($_GET['reply']) { $_GET['act']='reply'; } if($_GET['empty']==1 && $_GET['code']=='kill' && $_SESSION['owner']) { Quote Link to comment Share on other sites More sharing options...
Danny696 Posted October 3, 2009 Share Posted October 3, 2009 but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol. Because you havent got php5, you get an error, if you follow the damn insturctions then its not annoting. [warnbox]Post edit reason: Do not dish members, be helpfull and respectfull[/warnbox] Quote Link to comment Share on other sites More sharing options...
Gucci Mane Posted October 4, 2009 Author Share Posted October 4, 2009 Tanks :D Thnk nichlas I appreciae i alot Dany 696 hes trying to help no need to be mean lol Quote Link to comment Share on other sites More sharing options...
Gucci Mane Posted October 4, 2009 Author Share Posted October 4, 2009 Nicholas I dont have $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; I only have $IP = $_SERVER['REMOTE_ADDR']; Quote Link to comment Share on other sites More sharing options...
Nicholas Posted October 4, 2009 Share Posted October 4, 2009 RE: Nicholas I dont have $IP = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']; I only have $IP = $_SERVER['REMOTE_ADDR']; add under $IP = $_SERVER['REMOTE_ADDR']; $IP = mysql_real_escape_string($IP); Quote Link to comment Share on other sites More sharing options...
AlabamaHit Posted October 6, 2009 Share Posted October 6, 2009 there is no need to Escape an IP. $IP = $_SERVER['REMOTE_ADDR']; Is more than enough. Quote Link to comment Share on other sites More sharing options...
wolfe Posted October 8, 2009 Share Posted October 8, 2009 If you are installing the basic code you will really need to go thru each file and make sure everything is secured. If you use the search feature there are a lot of helpful threads on here to help you do that. Quote Link to comment Share on other sites More sharing options...
Djkanna Posted October 8, 2009 Share Posted October 8, 2009 but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol. Um no he hasn't you can simply remove the format function from the script and replace it with stripslashes(htmlspecialchars()) or none that's up to you but if I remember correctly your the one that didn't read the instructions then complained that you got the function error. So before you even try to disrespect other's mods/work, how about do it yourself and read a manual instead of asking for things on a silver platter (This is in reference to the ammount of stuff he has asked for). Or perhaps spending a few bucks, dollars, pounds, euros whatever on a coder to do it for you instead of wanting the stuff free. I think I've gone off topic. Um yeah you can NOT secure your site/game with just a few lines of code, you need to go through every file and manually secure it, which if you know what your doing and have the time doesn't really take long, (Not speaking from experience as I'm only just learning the basics but from what I've been told). Moderators: If you feel I've stepped over the line with the whole Nicholas thing then remove it I don't mind or care :P DJK :whistling: Quote Link to comment Share on other sites More sharing options...
Nicholas Posted October 15, 2009 Share Posted October 15, 2009 but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol. Um no he hasn't you can simply remove the format function from the script and replace it with stripslashes(htmlspecialchars()) or none that's up to you but if I remember correctly your the one that didn't read the instructions then complained that you got the function error. So before you even try to disrespect other's mods/work, how about do it yourself and read a manual instead of asking for things on a silver platter (This is in reference to the ammount of stuff he has asked for). Or perhaps spending a few bucks, dollars, pounds, euros whatever on a coder to do it for you instead of wanting the stuff free. I think I've gone off topic. Um yeah you can NOT secure your site/game with just a few lines of code, you need to go through every file and manually secure it, which if you know what your doing and have the time doesn't really take long, (Not speaking from experience as I'm only just learning the basics but from what I've been told). Moderators: If you feel I've stepped over the line with the whole Nicholas thing then remove it I don't mind or care :P DJK :whistling: when did i disrespect other peoples mods/work? i was just saying that magictallguy's forum is confusing to work out how to get it to work if your a beginner, like i was (still am, but i learn more and more each day) when i first got his forum mod... why does everyone think im disrespecting someone or whatever when im not even trying too... Quote Link to comment Share on other sites More sharing options...
Danny696 Posted October 16, 2009 Share Posted October 16, 2009 Off-Topic - You said his mods are annying, thats insulting. "magictallguy's forum is confusing to work out how to get it to work if your a beginner" - Im sure a beginner will read thougharlly (Wheres the damn spell check!) the instructions, if i said to a newbie, "Install this Forum" im sure they would do it without and hassle, because they would read what to do. Im sick and tierd of people never reading what has to be done to make a mod work, Lets take an example of an old mod from the CE days, a cocky newb installed it to their game, and then complained it didnt work, they posted the error, they didnt run the SQL. Then lets take an example of one of Nicholas 'errors' HE installed a mod that MTG made, then posted ip the error saying the function wasnt their, when it said, as clear as day, that you need that function. N00B's becoming worse and worse every day. On-Topic - DJK's right if you want a secure site, re-code it or pay someone like mtg :whistling: to do it Quote Link to comment Share on other sites More sharing options...
Djkanna Posted October 16, 2009 Share Posted October 16, 2009 but remember magictallguy's mods are annoying to set up lol, as he has made it so you have to have a surtain function on a script to get it to work lol. Um no he hasn't you can simply remove the format function from the script and replace it with stripslashes(htmlspecialchars()) or none that's up to you but if I remember correctly your the one that didn't read the instructions then complained that you got the function error. So before you even try to disrespect other's mods/work, how about do it yourself and read a manual instead of asking for things on a silver platter (This is in reference to the ammount of stuff he has asked for). Or perhaps spending a few bucks, dollars, pounds, euros whatever on a coder to do it for you instead of wanting the stuff free. I think I've gone off topic. Um yeah you can NOT secure your site/game with just a few lines of code, you need to go through every file and manually secure it, which if you know what your doing and have the time doesn't really take long, (Not speaking from experience as I'm only just learning the basics but from what I've been told). Moderators: If you feel I've stepped over the line with the whole Nicholas thing then remove it I don't mind or care :P DJK :whistling: when did i disrespect other peoples mods/work? i was just saying that magictallguy's forum is confusing to work out how to get it to work if your a beginner, like i was (still am, but i learn more and more each day) when i first got his forum mod... why does everyone think im disrespecting someone or whatever when im not even trying too... It's the words in which you choose you use ;) @Danny: So true (The spellcheck statement anyway) xD Quote Link to comment Share on other sites More sharing options...
Nicholas Posted October 16, 2009 Share Posted October 16, 2009 oh right... well it wernt meant to be said in a nasty way, just way i type on computers lol. Quote Link to comment Share on other sites More sharing options...
Nicholas Posted October 21, 2009 Share Posted October 21, 2009 updated the secure game post, up top... hopefully that will secure the forums :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.