AAC discussion

[Avarian]

@averatec
I would buy it for sure..

@Pandarohoo
There is a big difference between averatec and znote in php coding.. lal

Uhm, you said more fancy high scores list ?!
Gesior/Modern AAC are full of sql injections, easy hackable and easy fuckableee !! And you're searching for a "fancy" aac, i'm searching for a "SECURED" aac, and btw Amoaz is selling pentesting to secure your website for 40 euros, averatec is actually selling the whole aac for 5-10 euros.
In my opinion that will be great.

SQL Injections are easy enough to prevent, search through your code and anywhere that accepts user input (examples: login, search, ect) wrap it with function mysql_real_escape_string(); (assuming your using the MySQL database) or better yet, switch over to PHP PDO which can't be SQL-Injected.

I think the only people who would be willing to pay for such a basic service are the same kids who download and run and sell items for their server. People with zero skills.
If everyone here only sold scripts instead of releasing them, I would teach myself to program that particular language and then release a free version of that script.

 

[averatec]

SQL Injections are easy enough to prevent, search through your code and anywhere that accepts user input (examples: login, search, ect) wrap it with function mysql_real_escape_string(); (assuming your using the MySQL database) or better yet, switch over to PHP PDO which can't be SQL-Injected.

I think the only people who would be willing to pay for such a basic service are the same kids who download and run and sell items for their server. People with zero skills.
If everyone here only sold scripts instead of releasing them, I would teach myself to program that particular language and then release a free version of that script.

who said PDO can't be SQL-Injected? I think when you use PDO::quote() or PDO::bindParam(), then can't be.
when $_GET['name'] equals "name;truncate users"
I think it's possible, but I can be wrong.

<?php	
try
{
	$pdo = new PDO('mysql:host=localhost;dbname=sth', 'root', 'root');
	$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	$stmt = $pdo->query("SELECT * FROM `users` WHERE `name` = '{$_GET['name']}'");
	//...
}
catch(PDOException $e)
{
	echo 'error: ' . $e->getMessage();
}
?>

@edit
Remember I want only to know your opinion. I don't know yet if I would release it, even for sell.

 

[Zisly]

who said PDO can't be SQL-Injected? I think when you use PDO::quote() or PDO::bindParam(), then can't be.
when $_GET['name'] equals "name;truncate users"
I think it's possible, but I can be wrong.

<?php	
try
{
	$pdo = new PDO('mysql:host=localhost;dbname=sth', 'root', 'root');
	$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	$stmt = $pdo->query("SELECT * FROM `users` WHERE `name` = '{$_GET['name']}'");
	//...
}
catch(PDOException $e)
{
	echo 'error: ' . $e->getMessage();
}
?>

@edit
Remember I want only to know your opinion. I don't know yet if I would release it, even for sell.

I'm pretty sure he was talking about correct usage of PDO.

 

[averatec]

I'm pretty sure he was talking about correct usage of PDO.

I know it, but I can say it's correct usage, because maybe somebody wants to make "backdoors", like some script which were included in gesior aac.
Of course, you're right, it's bad way to use PDO.

 

[Avarian]

There's only one way to use PDO, which is the correct way, not trying to sound like a dick but I wouldn't understand why someone would take PDO and some how possibly use it wrong, unless they were an extremely lazy programmer I guess? Anyway, I was just trying to give that guy a helpful hint.

My opinion is that Otserv can use as many projects and releases as possible, if you make it and sell it and people buy it then congratz, but if there's anyone else here like me, they would simply be bothered by that and create and release a free version. After all thats what the project was and should still be about, an open source emulator that everyone is free to use and contribute too.

 

[sn3ejk]

You should use PDO/Prepare function, because this is very usefull. Description and example: PHP: PDO/prepare - Manual

 

[Zisly]

My opinion is that Otserv can use as many projects and releases as possible, if you make it and sell it and people buy it then congratz, but if there's anyone else here like me, they would simply be bothered by that and create and release a free version. After all thats what the project was and should still be about, an open source emulator that everyone is free to use and contribute too.

Haha, if he starts working on an AAC to sell then that sure is gonna motivate me to finish my AAC, guess I'm like you

 

[PhoOwned]

who said PDO can't be SQL-Injected? I think when you use PDO::quote() or PDO::bindParam(), then can't be.
when $_GET['name'] equals "name;truncate users"
I think it's possible, but I can be wrong.

<?php	
try
{
	$pdo = new PDO('mysql:host=localhost;dbname=sth', 'root', 'root');
	$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
	$stmt = $pdo->query("SELECT * FROM `users` WHERE `name` = '{$_GET['name']}'");
	//...
}
catch(PDOException $e)
{
	echo 'error: ' . $e->getMessage();
}
?>

@edit
Remember I want only to know your opinion. I don't know yet if I would release it, even for sell.

That way it can't be injected
PHP MySQL = 1 query per 1 query, can't use ; to send more queries in one query

@topic
GOGO Release!

 

[Zisly]

That way it can't be injected
PHP MySQL = 1 query per 1 query, can't use ; to send more queries in one query

@topic
GOGO Release!

What are you talking about? :S

 

[sn3ejk]

The best way in PDO to protection your website is prepare statements and create transcations (PDO/beginTransaction, PDO/rollBack, PDO/commit).
It makes your website safer.

 

[averatec]

@lxuemao4
spam bot?

@PhoOwned
I was only an example, which should not work, but if you change 'something' in query it'll work.

@Zisly
I don't work on an AAC for money, it's my project for myself, I said I want only to know your opinion about selling license, I didn't say I will sell it.

 

[Gesior.pl]

Sell license? Bad.
Sell access to forum with your support/fast updates/fast fixes? Good idea!

 

[Ancore]

Very good idea Averatec, 100% aproved and add me to the list of buyers

 

[Raggaer]

PDO->prepare(shit)
PDO->bindShit

If (PDO->execute())

-Anyway I think its better to do what Zisly sayed

 

[averatec]

Do not refresh almost died threads, thanks.