If you're wondering where I've been recently in terms of updates, that will all become apparent tomorrow as my 100+ script update syncs over from the development server. Sadly none of these updates are interesting, just a mass security update for CSRF exploits. In the end the original idea of monitoring what scripts people came from fell through as it could be bypassed with the clever use of frames and javascript.

Instead this update will use unique tokens generated on scripts that are about to do something, then passed to the scripts that actually perform the action and checked. This change will mean that you cannot use the back button and then perform most actions. I'll be monitoring how much of an impact this has on players and how often this error occurs over the coming days.

This security fix has required me to manually edit pretty much every script in the game that performs any action. It was very boring, involved thousands of lines of copying and pasting but now it is done. As a result image tags will be re-enabled on forums after this update goes live, I'll also be posting proof of concept code of this exploit to anyone interested or worried that it may effect other sites.

Ok, so the problem I'm having with images is quite complicated. Basically a lot of scripts in this game "do stuff". For example, the script gangs8_1.php when navigated to will make you leave your current gang (this is what I did with my proof of concept exploit). In order to link someone to this script you need to first steal their session ID and then redirect them to the relevant URL, very easy to do if we allow IMG tags on the forums.

My fix for this is to implement code that upon arrival at gangs8_1.php (and the hundred or so other scripts like it) checks the page you came from. So if you did not come from the page leading to it, then it will error. However, this error would also pop up if you used the back button on your browser before clicking a link to do something.

I don't know how often players use the back button when playing my game so I have no idea how inconvenient this fix is going to become. All I can do is implement it and see, this will be done once all the scripts are updated.

Just so everyone knows updates haven't stopped, I'm just ill at the moment so hard to concentrate on stuff. The attack system did get pushed back unfortunately, I don't like releasing new systems when old systems have bugs. As I hope you've noticed I've been catching up on tickets and old issues... and regularly checking Suggestions. This will continue, so keep posting small ideas. Big ideas will not be taken on right now though.

The feedback system on updates works well it seems. I recently had a problem where guards respawning on a square with hidden players on it could leave the players trapped and unable to run away. I figured it would be easy to fix just by pulling people out of stealth but the vast amount of negative feedback that update got quickly made it apparent that was wrong.

That update is now fixed and no longer effects cloak, which it clearly never should have. As for Slot Machines, CodeHydro and myself have been running simulations to work out what the optimal playing style is. Once we worked that much out it was easy to adjust the payouts to a much better percentage. The payout for 3 x Sevens may look quite big but even if you hold every 7 you see, you'll only get 3 x Sevens 1% of games. But yeah like all casino games, the house always wins!