MyBB Hacks

Full Version: MyWar, A New Plugin For MyBB - Need Help
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello!

I am new to php, and wanted help with my code, I wonder if the code is good.

About the plugin, MyWar is a game for two people, the goal of the game is to conquer all the territories on the map.

each type of territory generates a bonus
Forest +30% defense,  +1 population per turn
Mountain +50% defense, +1 population per turn
Strong defense +80%,  +1 population per turn
Cities +0% defense,  +2 population per turn

I have several ideas for mywar, then someone could see the code and help me to improve it?

the image of the map I created using the  civilization 4 (a game), is illegal if I will distribute this image?
And if it is illegal, someone could create a map for mywar?

mywar works in mybb 1.4 and 1.6

sorry for my english
I haven't had much time to really look into your thing, but your coding style seems reasonable.

Some things I noticed:

This is vulnerable to SQL injection attacks:

PHP Code:
        $map = $_POST['mapa'];
        $user = $mybb->user['uid'];
        $db->write_query("INSERT INTO `" . TABLE_PREFIX . "mywar_pre_room` VALUES ('$last', '$user','$pass', '$map','$tt')");

Something like this would be better, and more reliable:

PHP Code:
$db->insert_query('mywar_pre_room', array_map(array($db, 'escape_string'), array(
  'player1' => $user,
  'pass' => $pass,
  'map' => $map,
  'time' => $tt
)));

Here, you're not relying on the ordering of the fields.  Inputs should be escaped so that a malicious user cannot arbitrarily insert code into queries.
Also note that ID fields in tables should be defined as auto_increment (in the CREATE TABLE query) - generally you should not rely on finding the last ID and adding 1 to it.

You should probably stick images in the MyBB images/ folder for consistency (maybe a subfolder in that) - try not to have it in the inc folder.  In general, users probably shouldn't be trying to access anything in the inc folder directly.

I noticed that the mywarimage.class.php file requires PHP 5, whereas MyBB 1.4 doesn't require that - just something to be aware of.

Nice idea BTW.


(08-08-2010 04:39 AM)llnn Wrote: [ -> ]the image of the map I created using the  civilization 4 (a game), is illegal if I will distribute this image?
And if it is illegal, someone could create a map for mywar?
I really don't think that's a problem.  Can be considered an in-material amount of copying.

Hope all that helps.
Reference URL's