Cetanu Posted August 20, 2009 Share Posted August 20, 2009 Hey, I am working on a series of scripts that I've made by myself. The scripts start off by allowing you to make your own character, and follow some parameters. I've just completed the character creator script. I need some guys to tell me how it works and stuff. I have tested it, but you guys may now somethings I don't (about Firebug or something). NOTE: This is tested using SESSIONs from my website. Please go here: http://mythscape.freezoka.com And log in as: Username: test Password: test THEN click this: Thanks http://mythscape.freezoka.com/chrisrpg/rpgtest.php All feedback is appreciated. Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/ Share on other sites More sharing options...
Eiolon Posted August 21, 2009 Share Posted August 21, 2009 It seems to be working, though the color scheme throughout the site is enough to make me want to put a fork in my eyes. Can you do anything once the character is created? Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-903253 Share on other sites More sharing options...
Adam Posted August 21, 2009 Share Posted August 21, 2009 I tried to create one but it appears you can only have 1 character per user. Not very effective error handling: Duplicate entry 'test' for key 2 Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-903303 Share on other sites More sharing options...
seopaul Posted August 21, 2009 Share Posted August 21, 2009 hiya, i held back abit yesterday on your other post, mainly because i make PBBG's to, the script that had the elseif error needs to check that the user can create a new charactor, if you wanted to have it so they can have multiple chars per account you will have to change the primary key col to be a auto increment int so the username col can have duplicate data in. I tried to create one but it appears you can only have 1 character per user. Not very effective error handling: there is none on the code that does that, a copy of it was posted yesterday =) Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-903315 Share on other sites More sharing options...
Adam Posted August 21, 2009 Share Posted August 21, 2009 Found it. or die(mysql_error()); Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-903326 Share on other sites More sharing options...
Cetanu Posted August 21, 2009 Author Share Posted August 21, 2009 It seems to be working, though the color scheme throughout the site is enough to make me want to put a fork in my eyes. Can you do anything once the character is created? The color scheme is purely for testing. As I said, I designed it for a friend, so I'm going to give him the code and he's going to put design to it...but if he changes the PHP I'm going to jump off of a cliff. You cannot do anything yet ('cause I spent so much time on the creation and the shop ), but when I get around to it, you will be able to fight randomly generated creatures, or other members, buy items in the shop to upgrade your character, put money in the bank to gain interest, and probably more that I haven't been told yet. -.-" I tried to create one but it appears you can only have 1 character per user. Not very effective error handling: Duplicate entry 'test' for key 2 I was debating whether or not to allow one character per user...I just set the 'player' column to Unique. I guess I could change it, but I'd have to ask the guy who wants the script. If we have multiple characters it could just make it waaaay too confusing. hiya, i held back abit yesterday on your other post, mainly because i make PBBG's to, the script that had the elseif error needs to check that the user can create a new charactor, if you wanted to have it so they can have multiple chars per account you will have to change the primary key col to be a auto increment int so the username col can have duplicate data in. I tried to create one but it appears you can only have 1 character per user. Not very effective error handling: there is none on the code that does that, a copy of it was posted yesterday =) Found it. or die(mysql_error()); I don't get those two posts....maybe I'm not reading them right. Thanks guys. I have cleared the database so that a new character can be made. Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-903348 Share on other sites More sharing options...
Coreye Posted August 22, 2009 Share Posted August 22, 2009 Cross Site Scripting(XSS): You can submit code when registering and it will execute on the members page. http://mythscape.freezoka.com/member.php Cross Site Scripting(XSS): You can submit ">code when editing the profile field "website" and it will execute when viewing a profile. http://mythscape.freezoka.com/profile.php?username=test Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-903853 Share on other sites More sharing options...
Cetanu Posted August 22, 2009 Author Share Posted August 22, 2009 Cross Site Scripting(XSS): You can submit code when registering and it will execute on the members page. http://mythscape.freezoka.com/member.php Cross Site Scripting(XSS): You can submit ">code when editing the profile field "website" and it will execute when viewing a profile. http://mythscape.freezoka.com/profile.php?username=test I thought I did the htmlentities() thing on the profile. Did you use <script>alert("")</script> ? Because it wouldn't let me execute any html tags. HOW DID YOU EDIT THE MEMBERS' PAGE?!?!?!?!!?!?!!!? Please let me know so I can fix the problem, I didn't even know you could!!! >.> <.< Well thanks for showing me some errors in my main site, but I was testing the RPG creator. -.-" Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-903928 Share on other sites More sharing options...
darkfreaks Posted August 22, 2009 Share Posted August 22, 2009 should always use strip_tags(),trim(),htmlspecialchars() whenh dealing with XSS Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-904012 Share on other sites More sharing options...
Cetanu Posted August 25, 2009 Author Share Posted August 25, 2009 should always use strip_tags(),trim(),htmlspecialchars() whenh dealing with XSS I forgot to add some htmlentities() to some profile fields, but I want to know how he messed with my member list. Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-905451 Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 you still have XSS in register.php XSS function,htmlpurifier Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-916224 Share on other sites More sharing options...
darkfreaks Posted September 10, 2009 Share Posted September 10, 2009 Email adress Found Fix: implement a robots.txt file User-agent: * Disallow: / User-agent: * Disallow: /contact.php User-agent: * Disallow: /profile.php User-agent: * Disallow: /profilecp.php User-agent: * Disallow: /agogwe.php User-agent: * Disallow: /cmain.php User-agent: * Disallow: /cpea.php User-agent: * Disallow: /emela.php User-agent: * Disallow: /kingc.php User-agent: * Disallow: /lusca.php User-agent: * Disallow: /mgor.php User-agent: * Disallow: /logindex.php User-agent: * Disallow: /marozi.php User-agent: * Disallow: /nandi.php User-agent: * Disallow: /nguma.php User-agent: * Disallow: /nyala.php User-agent: * Disallow: /okapi.php User-agent: * Disallow: /phippo.php User-agent: * Disallow: /registration.php Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-916241 Share on other sites More sharing options...
Cetanu Posted September 11, 2009 Author Share Posted September 11, 2009 Email adress Found Fix: implement a robots.txt file User-agent: * Disallow: / User-agent: * Disallow: /contact.php User-agent: * Disallow: /profile.php User-agent: * Disallow: /profilecp.php User-agent: * Disallow: /agogwe.php User-agent: * Disallow: /cmain.php User-agent: * Disallow: /cpea.php User-agent: * Disallow: /emela.php User-agent: * Disallow: /kingc.php User-agent: * Disallow: /lusca.php User-agent: * Disallow: /mgor.php User-agent: * Disallow: /logindex.php User-agent: * Disallow: /marozi.php User-agent: * Disallow: /nandi.php User-agent: * Disallow: /nguma.php User-agent: * Disallow: /nyala.php User-agent: * Disallow: /okapi.php User-agent: * Disallow: /phippo.php User-agent: * Disallow: /registration.php What will this do? Doesn't robots.txt stop robots from crawling? Also, I will implement that function, thanks. Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-916444 Share on other sites More sharing options...
darkfreaks Posted September 11, 2009 Share Posted September 11, 2009 yes it does stop bots from crawling Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-916460 Share on other sites More sharing options...
Cetanu Posted September 11, 2009 Author Share Posted September 11, 2009 Why would I want that? Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-916922 Share on other sites More sharing options...
darkfreaks Posted September 11, 2009 Share Posted September 11, 2009 it stops bots from harvesting emails and then spamming them Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-916938 Share on other sites More sharing options...
448191 Posted September 12, 2009 Share Posted September 12, 2009 Somehow I doubt that. A search engine crawler may respect your robots.txt, a malicious crawler has no reason to. Link to comment https://forums.phpfreaks.com/topic/171231-beta-test-character-maker/#findComment-917298 Share on other sites More sharing options...
Recommended Posts