grant Posted November 24, 2010 Share Posted November 24, 2010 You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
joshuawdams Posted November 24, 2010 Share Posted November 24, 2010 Always helps to have a screenshot bud. Quote Link to comment Share on other sites More sharing options...
grant Posted November 24, 2010 Author Share Posted November 24, 2010 Always helps to have a screenshot bud.lol My Bad :D Quote Link to comment Share on other sites More sharing options...
indysolo621 Posted November 25, 2010 Share Posted November 25, 2010 incase people dont know to look in reason for edit thing under post here is his screenshot link. http://i878.photobucket.com/albums/ab341/20grant10/untitled-2.jpg Do you have permission to use those images? Quote Link to comment Share on other sites More sharing options...
grant Posted November 25, 2010 Author Share Posted November 25, 2010 permission to use those imagesyes i have permission to use those images Quote Link to comment Share on other sites More sharing options...
The Monk Posted November 25, 2010 Share Posted November 25, 2010 permission to use those imagesyes i have permission to use those images Commercially? They look like something ripped from google or planetrender. Quote Link to comment Share on other sites More sharing options...
joshuawdams Posted November 25, 2010 Share Posted November 25, 2010 Tekken and Soul Calibur charachters I believe. I highly doubt they gave you permission to use those images ;-) Quote Link to comment Share on other sites More sharing options...
grant Posted November 25, 2010 Author Share Posted November 25, 2010 Tekken and Soul Calibur charachters I believe. I highly doubt they gave you permission to use those images ;-) you dont need to use the images wots the big fuss just use your own images ?( was my first go at making the login page X( Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted November 25, 2010 Share Posted November 25, 2010 Not everyones game will be called what you called yours, So change the title tag to read from the db.. ie <? echo $set['game_name']; ?> Delete the $IP it isn't used.. You don't need to select all rows from the db for top user ect... only select what needs to be selected Quote Link to comment Share on other sites More sharing options...
Paddy Posted November 25, 2010 Share Posted November 25, 2010 It seems you are using the "HTTP_X_FORWARDED_FOR" in your game So remove all this You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Change it to this You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Also in header,authenticate, globals ;) Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted November 25, 2010 Share Posted November 25, 2010 Wrong paddy. There is no need to mysql_real_escape_string on IP Quote Link to comment Share on other sites More sharing options...
Dominion Posted November 25, 2010 Share Posted November 25, 2010 Wrong paddy. There is no need to mysql_real_escape_string on IP Does not hurt in fact it could be better (i use it...). There are firefox addons (not that i have one of them :rolleyes: ) that allow you to change what your ip is shown as. for something like mccodes Where everyone knows table name etc it can do some damage, however mres on a number is for the most part pointless on anything else. Just my thought on it. Edit - I am not saying mres is the best way there are things like http://www.w3schools.com/PHP/filter_validate_ip.asp , however it's not "wrong" in this case. Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted November 25, 2010 Share Posted November 25, 2010 You cannot spoof the $_SERVER['REMOTE_ADDR'] variable.. Quote Link to comment Share on other sites More sharing options...
Dominion Posted November 25, 2010 Share Posted November 25, 2010 You cannot spoof the $_SERVER['REMOTE_ADDR'] variable.. I think you missed my point... There are firefox addons that change how your ip looks and IF something ever worked you would be well out of luck >.< At the end of the day mres does not hurt it so it's not "wrong" as you put it. It is an extra check does not effect a number but if it every was anything bad it's there. btw check google i have no idea how it's done, however "$_SERVER['REMOTE_ADDR']" has been spoofed a fair few times by the more professional hackers. That would be why everything is checked over and over and over again. :) Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted November 25, 2010 Share Posted November 25, 2010 I highly doubt there are addons to spoof the $_SERVER['REMOTE_ADDR'] variable. MRES Doesnt hurt however it does show mean you would have to then use stripslashes on output everywhere. If your going to add "extra security" do it right.. if(filter_var($ip, FILTER_VALIDATE_IP)) { // it's valid } else { // it's not valid } However if your using this make sure you have PHP5+ Quote Link to comment Share on other sites More sharing options...
Dominion Posted November 25, 2010 Share Posted November 25, 2010 I highly doubt there are addons to spoof the $_SERVER['REMOTE_ADDR'] variable. again you missed my point. i am not saying the firefox addons can i am saying when they can, however i am also saying it has been done tho i don't think they would use firefox addons... MRES Doesnt hurt however it does show mean you would have to then use stripslashes on output everywhere. Why is that? I thought it was for double escapes only and well thats just silly O_o If your going to add "extra security" do it right.. if(filter_var($ip, FILTER_VALIDATE_IP)) { // it's valid } else { // it's not valid } However if your using this make sure you have PHP5+ I did post a link in one of my posts to the w3 page for that :P I also said "it's not the best way,however it's not "wrong" as you put it" I use afew checks on the $ip just like everything else always good to check it. One thing to note about it tho is it has had bugs in the past so should not be used on it's own in my opinion. I am not 100% sure if the bugs have been fixed. http://bugs.php.net/50830 Quote Link to comment Share on other sites More sharing options...
joshuawdams Posted November 26, 2010 Share Posted November 26, 2010 The arguement is more or less invalid as this is a Login page so the IP variable isn't even used and erego doesnt even need to be in the script for the most part. Authenticate.php is what handles the IP that, or Register Quote Link to comment Share on other sites More sharing options...
Equinox Posted November 26, 2010 Share Posted November 26, 2010 So, Jordan suggests that applying mres to the $ip var would mean that you need to strip slashes on the output? Wrong. mysql_real_escape_string() will not hurt your IP variable, if it leads you to believe that your game is more secure then use it, it will not effect anything. And if there are ways to alter your IP then surely we need to do more than just mysql_real_escape_string() ? REMOTE_ADDR can not be altered, and that is the $IP variable. If you want to do it properly, as said by Palmer : "If your going to add "extra security" do it right.." (don't think that comment was thought through in this situation) Look into INET_NTOA() and INET_ATON(). Don't worry so much about this. Quote Link to comment Share on other sites More sharing options...
Dominion Posted November 26, 2010 Share Posted November 26, 2010 The arguement is more or less invalid as this is a Login page so the IP variable isn't even used and erego doesnt even need to be in the script for the most part. Authenticate.php is what handles the IP that, or Register For this post yes and if they wish me to spilt the topic i will, however learning is never a bad thing. If someone is doing it wrong we would like to know who O-o Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted November 26, 2010 Share Posted November 26, 2010 My bad. However I have never used mres on the IP as I see no need. However everyone has there own ways I suppose Quote Link to comment Share on other sites More sharing options...
Djkanna Posted November 26, 2010 Share Posted November 26, 2010 So, Jordan suggests that applying mres to the $ip var would mean that you need to strip slashes on the output? Wrong. mysql_real_escape_string() will not hurt your IP variable, if it leads you to believe that your game is more secure then use it, it will not effect anything. And if there are ways to alter your IP then surely we need to do more than just mysql_real_escape_string() ? REMOTE_ADDR can not be altered, and that is the $IP variable. If you want to do it properly, as said by Palmer : "If your going to add "extra security" do it right.." (don't think that comment was thought through in this situation) Look into INET_NTOA() and INET_ATON(). Don't worry so much about this. The only reason you should escape it is the fact that people have been known to redeclare the IP variable before hand to something that's not what you expect, IE You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. INET_* are actually used for storing/retrieving IP address so yes that's the better option. @Palmer: You have no understanding of mysql_real_escape_string() if you still believe that it inserts the slash into the database. ;) So down to it all, either use INET functions or just insert as is or maybe even use mres it won't matter either way but if your going to do it at least do it right. Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted November 26, 2010 Share Posted November 26, 2010 I don't believe anything, I was just told to never use it on the IP variable as youd need to strip it down on the output, I always used the mentioned way, so never tested. Quote Link to comment Share on other sites More sharing options...
Djkanna Posted November 26, 2010 Share Posted November 26, 2010 I don't believe anything, I was just told to never use it on the IP variable as youd need to strip it down on the output, I always used the mentioned way, so never tested. Well that would apply itself to anything entered into the db with mres, which then they (whoever they is) would say you need to stripslashes on output which just isn't true but people don't seem to understand this (not you) -.- Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted November 26, 2010 Share Posted November 26, 2010 meh, I should of checked it out but didnt see a point when $_SEVER[remote_addr] worked fine Quote Link to comment Share on other sites More sharing options...
sweetest Posted November 24, 2013 Share Posted November 24, 2013 You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. to many errors to use this code Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.