-
Posts
-
Following the only useful feedback, I tried to apply the tips in some places. @Nightw0lf -
By UnknownSoldier · Posted
If they ask you to write something, you should ask for the full context. We had a private chat between the administrators of mxc and gx ext. He was allowed back on the forum on the condition that he did not spam unnecessary posts. As far as I'm concerned, it shouldn't be allowed because it involves multiple scams. We want and aim for a stronger community. He's not only doing this with this account, but with several, since this user has multiple accounts. As for what one user or another contributes, that's irrelevant; I often provide support to the community and I don't need to make it public. But I repeat, if they ask you to write a comment, just ask for the full context, nothing more than that. Or if you want a direct answer from me, feel free to message me privately so we can avoid spamming a post about an extender. That's the problem with second chances -
I currently have a working custom quest, but the problem is that I can't see it in the game's quest log. I've added it to questname-e.dat, but I still don't see it. I think there's another file where I need to add it, but I can't find it. For the items and skills I've added, I've always put it in the name and grp fields, but there's nothing related to questgrp.dat in the quest log. Could you tell me where I can add it? -
thats true, I try to keep my topsites clean of fake/paid votes I ban multiple accounts made by players my numbers are low but thats what I sacrifise to keep the vote system of the server owners that trust my topsites clean from multiple rewards. @4TOP I would reply what happens here and how to fix but you replied you fixed that already. Once the installation is completed, the script should create a marker file such as installed.txt or any other persistent flag that indicates the system is already installed. In index.php, you must first check if this marker file exists. If it does not exist, redirect the user to install.php to start the installation process. If the marker file exists, you must then check if install.php is still present. If it is, stop execution immediately and display an error requiring the user to delete the installer file, or remove it automatically for security reasons. If the marker file exists and install.php does not exist, continue with the normal application execution. This approach ensures the installation runs only once, prevents reinstallation attempts, and enforces removal of the installer for security. NOTE: Do not trust the AI you can possibly destroy alot of things with AI, when you create a file you have to include some core protection logic to defend against common threats coming from the user input, that input should ALWAYS be treated as malicious, and check against what you expect versus not what was expected, for example: you input a username in a form the input $_POST['username'] can be anything malicious checking this global variable against an expected string or alnumeric a-Z0-9 is a way to check if the string contained other than expected chars now from that string you should apply some cleanup methods like regex in example: $raw_username = $_POST['username'] ?? ''; (personally i always use type casting) like: $raw_username = (string) ($_POST['username'] ?? ''); //or $raw_id = (int) ($_POST['item_id'] ?? 0); //array object etc... if (!is_string($raw_username) || $raw_username === '') { return 'Invalid input'; } if (preg_match('/^[a-zA-Z0-9]+$/', $raw_username) !== 1) { return 'Invalid characters'; } // do not execute the code further because return error stops the code you can make various matches against other languages and such with the help of AI but you need to know the tricks and have a firewall logic that you build something that has to be protected, only then you can give a decent application in public that attackers can easily read and find the way in since this is a public repository this is an issue because the first rule is violated "security through obscurity" this is not a secret code and that means you have to protect it. asside all that its a vote system for a game not that much of attack can happen, even atual studio survived such attacks except 1 that can fill a server with infinite donation coins 🙂 that few people know how to do it and still people use it so worry not. thats typical forgotten developer testing correction: $tokenOk = isset($top['token']) && hash_equals((string)$top['token'], $secret); -
Great logic Nothing is developed by you this looks like a very poor attemp to one shot a vote system with AI $tokenOk = ($secret === 'TEST') || empty($top['token']) || hash_equals((string)$top['token'], $secret);
-
-
Topics
-
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now