My Game [Dark Assassinz] With Link To Game

[Baseball435]

Hey everyone, well im creating a game in php from scratch (not from forsaken sanctum) and im planning on making it a thieving game where you can rob other people, houses, shops, etc. So far though i have logging in, displaying stats, showing members at your location, and owning a house where you can put gold in your house storage and take it out. I am working on resources right now though and should be done it in like...an hour or so and then im going to move onto the fighting system and then the map system.(EDIT)I have added a lot of new stuff just didnt feel like making pictures so go to the link below! The game isnt finished yet still. Still lots to do. (EDIT)

Main Page:



Someone elses house (protected):



Your house:



so thats what i have so far. tell me what you think!!

PS: http://darkassassin.herobo.com/ That is the link to the game! So far though i only have houses and buying items and inventory and stuff. the fighting isnt working yet!

[Jackolantern]

Looks good so far!

Don't worry about a name for now. Instead, cut out the code that has your banner, and put it in a PHP file in an echo statement. Then, in your page files, just use a

Code: Select all

include "pageHeader.php";

..call where the header code would go. That way you can come up with a name later when your game is closer to complete and you have more of a feel for it. You can update the name in one place instead of having to update it on every single page you make.

[hallsofvallhalla]

looks good so far.

[Baseball435]

yeah ill just do that. Thanks halls!

[Baseball435]

http://darkassassin.herobo.com/ That is the link to the game! So far though i only have houses and buying items and inventory and stuff. the fighting isnt working yet!

[Chris]

I hope you have a backup!

http://darkassassin.herobo.com/checkreg.php

Cannot Execute:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

No, I'll have to resist. Please don't let people hack your site this easy.

[Baseball435]

wtf did you do? I cant register at all and my backup is the same way. wtf.

[Jackolantern]

He says he didn't do anything. Did that script run something that users shouldn't have had access to?

[Baseball435]

no it was the register form. When i click the register button on the register page it goes to the checkreg.php page. Here are the two files and the error above is what the error is.

register.php:

Code: Select all

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
	<head>
    <LINK href="style.css" rel="stylesheet" type="text/css">
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
		<title>Register Form</title>
	</head>
	<body alink="#00FF00" vlink="#00FF00" link="#00FF00">
	<CENTER><form method="post" action="checkreg.php"><br />
	Username:<br /> <input type="text" name="username"><br />
	Email:<br />    <input type="text" name="email"><br />
	Password:<br /> <input type="password" name="password"><br />
	<input type="submit" value="Register">
	</form>
    <a href="index.php">Back To Login</a>
	</CENTER>
	</body>
</html>

checkreg.php:

Code: Select all

<?php

include './config/connect.php';

	$username = $_POST['username'];
	$password = $_POST['password'];
	$email = $_POST['email'];
	
	$dupe1 = "select * from users where username = '$username'" or die('Cannot Execute: '. mysql_error());
	$checkresults = mysql_query($dupe1) or die('Cannot Execute: '. mysql_error());
	$row = mysql_fetch_assoc($checkresults);

   if($row['username'] == $_POST['username']) {
   	?>
   	<CENTER>That Username Is Already Being Used! <a href="register.php">Retry<a></CENTER>
   	<?php
	} elseif($_POST['username'] == "") {
		?>
   	<CENTER>Please Enter A Username! <a href="register.php">Retry<a></CENTER>
   	<?php
	} elseif($_POST['password'] == "") {
		?>
   	<CENTER>Please Enter A Password! <a href="register.php">Retry<a></CENTER>
   	<?php	
	} elseif($_POST['email'] == "") {
		?>
   	<CENTER>Please Enter A Email! <a href="register.php">Retry<a></CENTER>
   	<?php
	} else {
		$sql = mysql_query("INSERT INTO users (username,password,email,sneak,strength,lockpicking,hp,stanima,agility,defence,level,map,money,havehouse,strengthexp,defenceexp,sneakexp,agilityexp,lockpickingexp,lumber,rock,iron,crops,head,chest,weapon,ring,legs,shoes) VALUES('$username','$password','$email',5,5,3,100,100,3,10,1,'Asbar',100,0,0,0,0,0,0,100,100,100,100,0,0,0,0,0,0") or die('Cannot Execute:'. mysql_error());
?>
<html>
<LINK href="style.css" rel="stylesheet" type="text/css">
<head>
</head>


</html>
<LINK href="style.css" rel="stylesheet" type="text/css">
<body alink="#00FF00" vlink="#00FF00" link="#00FF00">
<CENTER>Thank You For Registering! You may now <a href="index.php">Log In<a></CENTER>
</body>
</html>
<?php
}
?>

HELP!

[Chris]

Code: Select all

$dupe1 = "SELECT * FROM `users` WHERE `username` = '". mysql_real_escape_string($username) ."'" or die('Cannot Execute: '. mysql_error());