Jump to content
MakeWebGames

Recommended Posts

Sounds like u got exploited 🙂

Check DB class?

Or directory search files on server and your backup copy for '+2' or '+ 2'. If your lucky your find the issue. 

The real issue is, how did it happen.

Link to post
Share on other sites

Yes it's mccodes and I don't know what triggered this. 

I've checked the db,global func, everything and everything I see seems fine , however everything going up by 2 in the inventory. 

function itemtype_dropdown($connection, $ddname = "item_type", $selected = -1)

{

    global $db;

    $ret = "<select name='$ddname' type='dropdown'>";

    $q = $db->query("SELECT * FROM itemtypes ORDER BY itmtypename ASC");

    if ($selected == -1) {

        $first = 0;

    } else {

        $first = 1;

    }

    while ($r = $db->fetch_row($q)) {

        $ret .= "\n<option value='{$r['itmtypeid']}'";

        if ($selected == $r['itmtypeid'] || $first == 0) {

            $ret .= " selected='selected'";

            $first = 1;

        }

        $ret .= ">{$r['itmtypename']}</option>";

    }

    $ret .= "\n</select>";

    return $ret;

}


function item_dropdown($connection, $ddname = "item", $selected = -1)

{

    global $db;

    $ret = "<select name='$ddname' type='dropdown'>";

    $q = $db->query("SELECT * FROM items ORDER BY itmname ASC");

    if ($selected == -1) {

        $first = 0;

    } else {

        $first = 1;

    }

    while ($r = $db->fetch_row($q)) {

        $ret .= "\n<option value='{$r['itmid']}'";

        if ($selected == $r['itmid'] || $first == 0) {

            $ret .= " selected='selected'";

            $first = 1;

        }

        $ret .= ">{$r['itmname']}</option>";

    }

    $ret .= "\n</select>";

    return $ret;

}


function item2_dropdown($connection, $ddname = "item", $selected = -1)

{

    global $db;

    $ret = "<select name='$ddname' type='dropdown'>";

    $q = $db->query("SELECT * FROM items ORDER BY itmname ASC");

    if ($selected < 1) {

        $ret .= "<option value='0' selected='selected'>-- None --</option>";

    } else {

        $ret .= "<option value='0'>-- None --</option>";

    }

    while ($r = $db->fetch_row($q)) {

        $ret .= "\n<option value='{$r['itmid']}'";

        if ($selected == $r['itmid']) {

            $ret .= " selected='selected'";

            $first = 1;

        }

        $ret .= ">{$r['itmname']}</opJavaScripttion>";

    }

    $ret .= "\n</select>";

    return $ret;

}

 

This is the function that I have in globals func.

Link to post
Share on other sites

The item function itemuse.php is fine I've checked everything

This is happening on everything ,itemuse, Brave, leveling up, streets, turns , item buy 

<a href='itemuse.php?ID={$_GET['ID']}'>Use Again</a> |

<a href='inventory.php'>Inventory</a>

</div></div>

 

 

 

 

";

        item_remove($userid, $r['inv_itemid'], 1);

    }

}

$h->endpage();

 

Link to post
Share on other sites
1 hour ago, athena26 said:

I'm using android I never seem to find that bottom, sorry. 

Change mode to desktop mode and that button will be displayed. 

Link to post
Share on other sites
1 hour ago, athena26 said:

Nice found it , can you help me fix this issue sim? I'll pay you

 

I just did. 😂 $10plz

  • Haha 1
Link to post
Share on other sites

Items aren't having multiples used at one time. I checked that.

As for the leveling stuff you have crime exp set so high that when they do some crimes some of them gain massive amounts of exp and that in turn causes them to have levels stored up. So every page load will cause them to level up until they run out of exp.

Link to post
Share on other sites

But I have 0 exp and me and everyone else is using 2000 brave but wastes 4000 same for item use , trust me there is a issue there I don't know how you ain't seeing it even when they use donator items so o should lower the crime to int?

So what's causing this issue for everyone else ?

Link to post
Share on other sites
On 6/3/2021 at 4:10 PM, athena26 said:

I've been looking everywhere for this error will check the dB class

This happened since I changed all MySQL queries to $db->query .

check your Database for any inserted JS or CSS code 

On 6/3/2021 at 11:17 PM, KyleMassacre said:

That is just a function to make the drop downs. You want to look at the item_add function (I think that’s what it’s called lol)

Plus if hes double clicking its going to block the entry from first time he sent the form information.

Quote

I've been looking everywhere for this error will check the dB class

This happened since I changed all MySQL queries to $db->query .

I guess you have went from v1 to v2 make sure both mysql and mysqli driver are not both running causing double queries..

V2.05b is secure to what i know of lol but its already converted to the mysqli driver selected upon installation.

<?php
require_once __DIR__.'/globals.php';


// Run this code in a file on its own and see if which number returns.
Scans userid from the ```users``` table and if it finds a result it will show below which we are going to fetch single item no point in wasting unesserry resources.

$UserCount = $db->query('SELECT COUNT(userid) FROM users WHERE user_level > 0 ORDER BY userid'); 

// because we are only need 1 item from the column which is Count() function with column userid which scans database faster plus saves resources..
// Below we are echo or printing out the result from the query but instead of making new variables and shit we will do it this way.
echo !$db->fetch_single($UserCount) ? "Could not find any users in the game." : '.money_formatter($db->fetch_single($UserCount)).' members in your game.
// So basicly if there is no records in the users table that Message "Could not find any users in the game." will display on there screen otherwise it will show something like this (1,000 players so the result should echo out 1,000 members in your game. (example it rounds the records in the table well columns)

// or just scan your whole database and make sure there is no xss attacks my theroey is both old  MYSQL DRIVER AND THE MYSQLI drivers are running at same time doubling the query.
/*
Some Steps to follow to try fix.

1. Make sure both MYSQL & MYSQLI drivers are not running at sane time. (try Remove the old one and keep the MYSQLI one)
2. Can't you do a copy + paste into a subdomsin see if issue pressists.
3. Do freah install of Mccodes V2.05b which works fine accept the staff files (*COUGH STILL NOT FIXED A WORKAROUND FOR INSERTING 0 INTO THE DATABASE LAST TIME I CHECKED IT WAS NOT IF IT HAS BEEN FIXED NOW MY APPOLIGIES IF NOT THEN AH WELL SHOW THEM THE FIX UP TO WHOEVER USES IT...)*/

# If your having issues inserting 0s into the staff files you need to find the checks where they check if its empty(either post or get variable but ninetimes out of 10 it will be post for staff side unless editing..

// base code example
if (empty($_POST['buyable'])) {
	echo "This must be set a price.;
	$h->endpage();
	exit;
}
// but if you add a small bit of logic to it to make it inserts 0's and avove.
if (empty($_POST['buyable']) && !is_numeric($_POST['buyable'])) {
	echo "This must be set a price.;
	$h->endpage();
	exit;
}
# Done now u can set 0s in staff files.

 

Link to post
Share on other sites
6 hours ago, SwiftGameR said:

check your Database for any inserted JS or CSS code 

Plus if hes double clicking its going to block the entry from first time he sent the form information.

I guess you have went from v1 to v2 make sure both mysql and mysqli driver are not both running causing double queries..

V2.05b is secure to what i know of lol but its already converted to the mysqli driver selected upon installation.

<?php require_once __DIR__.'/globals.php'; // Run this code in a file on its own and see if which number returns. Scans userid from the ```users``` table and if it finds a result it will show below which we are going to fetch single item no point in wasting unesserry resources. $UserCount = $db->query('SELECT COUNT(userid) FROM users WHERE user_level > 0 ORDER BY userid'); // because we are only need 1 item from the column which is Count() function with column userid which scans database faster plus saves resources.. // Below we are echo or printing out the result from the query but instead of making new variables and shit we will do it this way. echo !$db->fetch_single($UserCount) ? "Could not find any users in the game." : '.money_formatter($db->fetch_single($UserCount)).' members in your game. // So basicly if there is no records in the users table that Message "Could not find any users in the game." will display on there screen otherwise it will show something like this (1,000 players so the result should echo out 1,000 members in your game. (example it rounds the records in the table well columns) // or just scan your whole database and make sure there is no xss attacks my theroey is both old MYSQL DRIVER AND THE MYSQLI drivers are running at same time doubling the query. /* Some Steps to follow to try fix. 1. Make sure both MYSQL & MYSQLI drivers are not running at sane time. (try Remove the old one and keep the MYSQLI one) 2. Can't you do a copy + paste into a subdomsin see if issue pressists. 3. Do freah install of Mccodes V2.05b which works fine accept the staff files (*COUGH STILL NOT FIXED A WORKAROUND FOR INSERTING 0 INTO THE DATABASE LAST TIME I CHECKED IT WAS NOT IF IT HAS BEEN FIXED NOW MY APPOLIGIES IF NOT THEN AH WELL SHOW THEM THE FIX UP TO WHOEVER USES IT...)*/ # If your having issues inserting 0s into the staff files you need to find the checks where they check if its empty(either post or get variable but ninetimes out of 10 it will be post for staff side unless editing.. // base code example if (empty($_POST['buyable'])) { echo "This must be set a price.; $h->endpage(); exit; } // but if you add a small bit of logic to it to make it inserts 0's and avove. if (empty($_POST['buyable']) && !is_numeric($_POST['buyable'])) { echo "This must be set a price.; $h->endpage(); exit; } # Done now u can set 0s in staff files.

<?php
require_once __DIR__.'/globals.php';


// Run this code in a file on its own and see if which number returns.
Scans userid from the ```users``` table and if it finds a result it will show below which we are going to fetch single item no point in wasting unesserry resources.

$UserCount = $db->query('SELECT COUNT(userid) FROM users WHERE user_level > 0 ORDER BY userid'); 

// because we are only need 1 item from the column which is Count() function with column userid which scans database faster plus saves resources..
// Below we are echo or printing out the result from the query but instead of making new variables and shit we will do it this way.
echo !$db->fetch_single($UserCount) ? "Could not find any users in the game." : '.money_formatter($db->fetch_single($UserCount)).' members in your game.
// So basicly if there is no records in the users table that Message "Could not find any users in the game." will display on there screen otherwise it will show something like this (1,000 players so the result should echo out 1,000 members in your game. (example it rounds the records in the table well columns)

// or just scan your whole database and make sure there is no xss attacks my theroey is both old  MYSQL DRIVER AND THE MYSQLI drivers are running at same time doubling the query.
/*
Some Steps to follow to try fix.

1. Make sure both MYSQL & MYSQLI drivers are not running at sane time. (try Remove the old one and keep the MYSQLI one)
2. Can't you do a copy + paste into a subdomsin see if issue pressists.
3. Do freah install of Mccodes V2.05b which works fine accept the staff files (*COUGH STILL NOT FIXED A WORKAROUND FOR INSERTING 0 INTO THE DATABASE LAST TIME I CHECKED IT WAS NOT IF IT HAS BEEN FIXED NOW MY APPOLIGIES IF NOT THEN AH WELL SHOW THEM THE FIX UP TO WHOEVER USES IT...)*/

# If your having issues inserting 0s into the staff files you need to find the checks where they check if its empty(either post or get variable but ninetimes out of 10 it will be post for staff side unless editing..

// base code example
if (empty($_POST['buyable'])) {
	echo "This must be set a price.;
	$h->endpage();
	exit;
}
// but if you add a small bit of logic to it to make it inserts 0's and avove.
if (empty($_POST['buyable']) && !is_numeric($_POST['buyable'])) {
	echo "This must be set a price.;
	$h->endpage();
	exit;
}
# Done now u can set 0s in staff files.

 

I've checked everything and this also includes crimes for brave. Exp,item use , levelling,buying items , everything really just goes up by 2

6 hours ago, SwiftGameR said:

check your Database for any inserted JS or CSS code 

Plus if hes double clicking its going to block the entry from first time he sent the form information.

I guess you have went from v1 to v2 make sure both mysql and mysqli driver are not both running causing double queries..

V2.05b is secure to what i know of lol but its already converted to the mysqli driver selected upon installation.

<?php require_once __DIR__.'/globals.php'; // Run this code in a file on its own and see if which number returns. Scans userid from the ```users``` table and if it finds a result it will show below which we are going to fetch single item no point in wasting unesserry resources. $UserCount = $db->query('SELECT COUNT(userid) FROM users WHERE user_level > 0 ORDER BY userid'); // because we are only need 1 item from the column which is Count() function with column userid which scans database faster plus saves resources.. // Below we are echo or printing out the result from the query but instead of making new variables and shit we will do it this way. echo !$db->fetch_single($UserCount) ? "Could not find any users in the game." : '.money_formatter($db->fetch_single($UserCount)).' members in your game. // So basicly if there is no records in the users table that Message "Could not find any users in the game." will display on there screen otherwise it will show something like this (1,000 players so the result should echo out 1,000 members in your game. (example it rounds the records in the table well columns) // or just scan your whole database and make sure there is no xss attacks my theroey is both old MYSQL DRIVER AND THE MYSQLI drivers are running at same time doubling the query. /* Some Steps to follow to try fix. 1. Make sure both MYSQL & MYSQLI drivers are not running at sane time. (try Remove the old one and keep the MYSQLI one) 2. Can't you do a copy + paste into a subdomsin see if issue pressists. 3. Do freah install of Mccodes V2.05b which works fine accept the staff files (*COUGH STILL NOT FIXED A WORKAROUND FOR INSERTING 0 INTO THE DATABASE LAST TIME I CHECKED IT WAS NOT IF IT HAS BEEN FIXED NOW MY APPOLIGIES IF NOT THEN AH WELL SHOW THEM THE FIX UP TO WHOEVER USES IT...)*/ # If your having issues inserting 0s into the staff files you need to find the checks where they check if its empty(either post or get variable but ninetimes out of 10 it will be post for staff side unless editing.. // base code example if (empty($_POST['buyable'])) { echo "This must be set a price.; $h->endpage(); exit; } // but if you add a small bit of logic to it to make it inserts 0's and avove. if (empty($_POST['buyable']) && !is_numeric($_POST['buyable'])) { echo "This must be set a price.; $h->endpage(); exit; } # Done now u can set 0s in staff files.

<?php
require_once __DIR__.'/globals.php';


// Run this code in a file on its own and see if which number returns.
Scans userid from the ```users``` table and if it finds a result it will show below which we are going to fetch single item no point in wasting unesserry resources.

$UserCount = $db->query('SELECT COUNT(userid) FROM users WHERE user_level > 0 ORDER BY userid'); 

// because we are only need 1 item from the column which is Count() function with column userid which scans database faster plus saves resources..
// Below we are echo or printing out the result from the query but instead of making new variables and shit we will do it this way.
echo !$db->fetch_single($UserCount) ? "Could not find any users in the game." : '.money_formatter($db->fetch_single($UserCount)).' members in your game.
// So basicly if there is no records in the users table that Message "Could not find any users in the game." will display on there screen otherwise it will show something like this (1,000 players so the result should echo out 1,000 members in your game. (example it rounds the records in the table well columns)

// or just scan your whole database and make sure there is no xss attacks my theroey is both old  MYSQL DRIVER AND THE MYSQLI drivers are running at same time doubling the query.
/*
Some Steps to follow to try fix.

1. Make sure both MYSQL & MYSQLI drivers are not running at sane time. (try Remove the old one and keep the MYSQLI one)
2. Can't you do a copy + paste into a subdomsin see if issue pressists.
3. Do freah install of Mccodes V2.05b which works fine accept the staff files (*COUGH STILL NOT FIXED A WORKAROUND FOR INSERTING 0 INTO THE DATABASE LAST TIME I CHECKED IT WAS NOT IF IT HAS BEEN FIXED NOW MY APPOLIGIES IF NOT THEN AH WELL SHOW THEM THE FIX UP TO WHOEVER USES IT...)*/

# If your having issues inserting 0s into the staff files you need to find the checks where they check if its empty(either post or get variable but ninetimes out of 10 it will be post for staff side unless editing..

// base code example
if (empty($_POST['buyable'])) {
	echo "This must be set a price.;
	$h->endpage();
	exit;
}
// but if you add a small bit of logic to it to make it inserts 0's and avove.
if (empty($_POST['buyable']) && !is_numeric($_POST['buyable'])) {
	echo "This must be set a price.;
	$h->endpage();
	exit;
}
# Done now u can set 0s in staff files.

 

Also I only have the class mysqli when I went from v1 to V2 after changing all queries to $db-> I deleted the file of class keeping only class mysqli and I've checked every query's every CSS file and the issue still continues 😞

Link to post
Share on other sites
1 hour ago, athena26 said:

Willing to pay 40$ to whoever can fix all my bugs on my website !

I done offered. It's been a week now and still hasn't gotten any files

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...