ohh the files in english or just the database?
ohh the files in english or just the database?
My files are in English and I am translating the whole game in english
Why do i get this error
Warning: Cannot modify header information - headers already sent by (output started at /home/pkmnstar/public_html/index.php:51) in/home/pkmnstar/public_html/pyramid.php on line 21
These errors appeared when i recoded my game in the Bootstrap
i recode in metro ui css and bootstrap too lol
... I am done with the maps .. but the pkmns are not working :/
- - - Updated - - -
help ?
u set there in the db? i don't now how that work because i was asking abou that...
I did what ?
- - - Updated - - -
my ajax map
the only problem it has is that the pokemons are not appearing :/
http://prntscr.com/2c108j
http://prntscr.com/2c10h3
Well that is a ugly map xDOriginally Posted by Raftaar
@HillBilly
its "AN UGLY MAP" not a ugly map ....
I know .. i got other maps
but that one is for testing lol
I don't think that you have ever praised any mere living soul on the planet Earth
Here some small optimized, to increase load time, and lower stress on the server.
Open up index.php
Line: 10
Change it toCode:if(mysql_num_rows(mysql_query("SELECT `user_id` FROM `ban` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."'")) > 0) header("location: banned.php");
Line: 24Code:if(mysql_num_rows(mysql_query("SELECT `user_id` FROM `ban` WHERE `ip`='".$_SERVER['REMOTE_ADDR']."' LIMIT 1")) > 0) header("location: banned.php");
Change it toCode:mysql_query("UPDATE `gebruikers` SET `online`='".time()."' WHERE `user_id`='".$_SESSION['id']."'");
Line: 34Code:mysql_query("UPDATE `gebruikers` SET `online`='".time()."' WHERE `user_id`='".$_SESSION['id']."' LIMIT 1");
Change it toCode:$clanquery = mysql_fetch_assoc(mysql_query ("SELECT clan FROM gebruikers WHERE username='".$_SESSION['naam']."'"));
Line: 46Code:$clanquery = mysql_fetch_assoc(mysql_query ("SELECT clan FROM gebruikers WHERE username='".$_SESSION['naam']."' LIMIT 1"));
Change it toCode:$round_sql = mysql_query("SELECT * FROM `toernooi_ronde` WHERE toernooi='".$tour_info['toernooi']."' AND winnaar_id = '0' AND (user_id_1 = '".$_SESSION['id']."' OR user_id_2 = '".$_SESSION['id']."')");
ingame.inc.phpCode:$round_sql = mysql_query("SELECT * FROM `toernooi_ronde` WHERE toernooi='".$tour_info['toernooi']."' AND winnaar_id = '0' AND (user_id_1 = '".$_SESSION['id']."' OR user_id_2 = '".$_SESSION['id']."') LIMIT 1");
Line: 218
Change it toCode:$spelerrank = mysql_fetch_assoc(mysql_query("SELECT `land`, `rankexp`, `rankexpnodig`, `rank` FROM `gebruikers` WHERE `user_id`='".$_SESSION['id']."'"));
Well i guess you get the gist of how to optimize your handling of the mysql a bit, just add limit 1 where it should be applied.Code:$spelerrank = mysql_fetch_assoc(mysql_query("SELECT `land`, `rankexp`, `rankexpnodig`, `rank` FROM `gebruikers` WHERE `user_id`='".$_SESSION['id']."' LIMIT 1"));
Have not tested nor used the files, was simply a bit bored, these are kinda just a few samples, there are tons of places where this can be applied.
There might also be some places where security is pretty much non existing, So watch out for exploit abuse.
ALWAYS.
Wait let me repeat that:
ALWAYS
use exit(): after a header('Location: <>');
as server still processes the code.
HillBilly, indeed it is something you should not forget!
But trust me when i say there are quite some serious exploits, as i am bored i am looking thru some code and damn.. lol.
Mass delete all pm's ? without admin or even a account ? sounds like a exploit to me.
Depending on server settings, more stuff is exploitable, but even if its setup correctly there are more then a handful of exploits.
well I am done with fixing most of the bugs
And found some new as well
i will share few
For now here something
hunt.php
Code:<?phpinclude("includes/security.php"); include_once('language/language-pages.php'); if(!empty($_POST['bedrag'])){ if(!preg_match('/[A-Za-z_]+$/',$_POST['bedrag'])){ $getal = rand(1,99); $bedrag = highamount($_POST['bedrag']); if($bedrag > $gebruiker['gold']) $bericht = '<div class="red">'.$txt['alert_too_less_gold'].'</div>'; elseif($bedrag < 1) $bericht = '<div class="red">'.$txt['alert_amount_unknown'].'</div>'; elseif(!is_numeric($bedrag)) $bericht = '<div class="red">'.$txt['alert_amount_unknown'].'</div>'; elseif($getal > 30){ $bericht = '<div class="green">U struck a chest .. when u opened you found <img src="images/icons/gold.png" title="gold" /> '.$bedrag.' gold!</div>'; mysql_query("UPDATE `gebruikers` SET `gold`=`gold`+'".$_POST['bedrag']."' WHERE `user_id`='".$_SESSION['id']."'"); } else{ $bericht = '<div class="red">Priates came and they looted <img src="images/icons/gold.png" title="gold" /> '.$bedrag.' gold! from you</div>'; mysql_query("UPDATE `gebruikers` SET `gold`=`gold`-'".$_POST['bedrag']."' WHERE `user_id`='".$_SESSION['id']."'"); } } else $bericht = '<div class="red">'.$txt['alert_no_amount'].'</div>'; } ?> <script language="JavaScript" type="text/javascript" src="javascripts/numeriek.js"></script> <? if($bericht) echo $bericht; ?> <center> <table width="56%" border="0"> <tr> <td><center><p>Treasure hunt</p></center> </td> </tr> <tr> <td><center><div id="reghint"> <font color=white>Treasure hunt . <br>ENTER THE NUMBER OF GOLD U WANT TO FIND<br /><br /></font> </div> <table width="230" border="0"> <form method="post" action="?page=hunt"> <tr> <td width="33"><img src="images/icons/gold.png" title="gold" /> </td> <td width="144"><input type="text" class="text_long" value="10" name="bedrag" maxlength="2" onKeyPress="onlyNumeric(arguments[0])"></td> <td width="45"><input type="submit" value="search" name="doen" class="button_mini"></td> </tr> </form> </table></center> </td> </tr> </table> </center>
Well thats not everything. Even admin panel is exploitable.
