Battle Engine

[ILYAS415]

Hi everyone.

I made a battle system and it needs testing (took me about 2 hours to do ).

Its quite simple and uses functions.

 

Heres the link...

http://www.ragingmortals.com/engine/index.php

 

Need to test sql injection and other stuff to see if everything works AOK 

Thanks

[Coreye]

Cross Site Scripting(XSS):

You can submit ">code in the 'Name' field.

[prcollin]

Cross Site Scripting(XSS):

You can submit ">code in the 'Name' field.

 

I created a game just like this only the battle shots came one at a time and depended on your weapon and clothing and defense rating. I like the idea alot

[xoligy]

Check out duels.com they have one like what prcollin is on about pretty popular game i believe now

[blufish]

I looked at it... I like the idea those things are pretty cool.

 

Things to improve on

 

The form at the beginning, try organizing it with tables, like

Name:	|          |
Offense:	|          |
Defense:	|          |

 

Instead of

 

Name: |         |

Offense: |         |

Defense: |         |

 

Trust me it looks way more proffesional.

 

I did the code for you just for fun:

 

<table>
<form method="post">
<tr><td>Name:</td><td><input type="text" name="name" maxlength="50" /></td></tr>
<tr><td>Offense:</td><td><input type="text" name="offense" maxlength="2" /></td></tr>
<tr><td>Defense:</td><td><input type="text" name="defense" maxlength="2" /></td></tr>
</table>
<input type="submit" name="create" value="Create" /><br />
</form>
Other stats:<br />
<table>
<tr>
<td>Health:</td><td>100/100</td>
</tr>
<tr>
<td>Level:</td><td>1</td>
</tr>
<tr>
<td>Weapon:</td><td>Fists</td>
</tr>
<tr>
<td>Armour:</td><td>Rags</td>
</tr>
</table>

 

Another thing to note:

Why are we allowed to set the Defense and Offense levels, everyone will set them to the max, you should make it so if you have a offense level of 40 your defense can't excede 60.  That would make it more challenging.  Overall pretty good though, nice idea, good job. 

[eldorik]

When you get killed you might want to remove 'Attack again', instead of when clicking it, it tells you have been killed, and leads you back to the start.

[ILYAS415]

Thanks im going to make the changes ASAP

[blufish]

Also, you might get more visitors if you updated the design to be more "Battle Enginey."

[Warptweet]

BATTLE SYSTEM ENGINE 1.2

You attacked Rank 1 Elite Human for 11 damage! 
Rank 1 Elite Human attacked you for 151 damage! OVERKILL 


Fatal error: Maximum execution time of 30 seconds exceeded in /home/ragingmo/public_html/engine/fight.php on line 42

 

Perhaps you should improve the efficiency of your functions, or increase the maximum execution time.

[serverman]

logout doesnt seem to work... ???

[ILYAS415]

Dnt want u to leave the game

nah jus kiddin

Logout works for me both on ie and firefox.

Should work for you.

[darkfreaks]

Vulnerability description

This alert was generated using only banner information. It may be a false positive.

 

Stefan Esser reported some vulnerabilities in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected. For a detailed explanation of the vulnerability read the referenced article.

Vendor has released PHP 5.2.0 which fixes this issue.

 

Affected PHP versions (up to 4.4.4/5.1.6).

 

This vulnerability affects PHP.

The impact of this vulnerability

Denial of service, remote code execution.

 

Attack details

Current version is PHP/4.4.4

 

How to fix this vulnerability

Upgrade PHP to the latest version.

 

Vulnerability description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

Attack details

No details are available.

 

How to fix this vulnerability

Disable TRACE Method on the web server.