We are pleased to announce the stable release of PUArcade 2.3.

This is, by far, the best PUArcade ever. New features include templates, Joomla 1.5 legacy support, and so much more. Head on over and download it now: http://www.pragmaticutopia.com/component/option,com_docman/task,cat_view/gid,28/Itemid,144/

You can also check it out in the Demo Arcade here:
http://www.pragmaticutopia.com/component/option,com_puarcade/Itemid,127/

The upgrade process is the same as always - simply uninstall the old version and install this new one. Games and scores will be retained. For more information, see the upgrade FAQ here:
http://www.pragmaticutopia.com/content/view/160/105/

Check out our developer blog for some more commentary:
http://www.pragmaticutopia.com/content/view/265/125/

Please post any questions, comments, or issues you have in the forums.

Thank you for your very hard work, Pragma

That is great news !

I have one problem thought ! As soon i tried to add an archive of games this error appeared on my pu arcade frontend



Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in /home/www/scissors/mixed.gr/www/components/com_puarcade/cls.puarcade.php on line 1367

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/www/scissors/mixed.gr/www/components/com_puarcade/cls.puarcade.php on line 1367

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in /home/www/scissors/mixed.gr/www/components/com_puarcade/cls.puarcade.php on line 1360


Can we identify the problem ?

Good work pragma!
at the moment i have 2 issues: The first one appears if i deactivate the random games under each folder, and a too wide white space remains between every folder (you can see it in the attached image)

The other one... is still the smf-bridge issue ... Everyone using joomla-smf-bridge will not be able to use this new release?

scissorhands wrote:

QUOTE:
That is great news !

I have one problem thought ! As soon i tried to add an archive of games this error appeared on my pu arcade frontend



Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in /home/www/scissors/mixed.gr/www/components/com_puarcade/cls.puarcade.php on line 1367

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/www/scissors/mixed.gr/www/components/com_puarcade/cls.puarcade.php on line 1367

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'root'@'localhost' (using password: NO) in /home/www/scissors/mixed.gr/www/components/com_puarcade/cls.puarcade.php on line 1360


Can we identify the problem ?

It seems that is trying to log in as administrator on my root database ! Why is that ? it appeared randomly !

I have the same problem as Scissorhands above. I don't know if this is proper programming or not and the effects on other functionality but I find the error dissapears if I change all mysql_real_escape_string($fid) instances to only $fid in all the files it's complaining about.

The function is used to prevent sql injection attacks against the arcade.

If you are going to do this (which is unrecommended). Please ensure you put something like because you use the $fid.

Code:

$fid = intval( $fid );

I believe all parameters are checked anyway, but your sites safety should come first.

Definately the site's safety is most important. If I use the Code above will it eliminate SQL injections? If not, then how do we fix the mysql_real_escape_string($fid) errors.

Sept_de_Neuf wrote:

QUOTE:
Definately the site's safety is most important. If I use the Code above will it eliminate SQL injections? If not, then how do we fix the mysql_real_escape_string($fid) errors.

Yes, the code above would eliminate the SQL injections for $fid. Mysql_real_escape_string is really for textual variables. Since $fid is supposed to be an integer, intval is probably even better.

I have a big problem: many links in my puarcade are wrong.
For example when I click "All games": http://www.oratorioserina.com/oratorio/joomla/index.php?Itemid=89
and not: http://www.oratorioserina.com/oratorio/joomla/index.php?option=com_puarcade&Itemid=89
And it give to me this error:
Fatal error: Unsupported operand types in ../../.../joomla/includes/router.php on line 141

What's the problem?
Thanks

Sounds like a SEF problem. Post a new thread in the support forum with your specific details (SEF type, PUA and Joomla versions, etc)

QUOTE:
Yes, the code above would eliminate the SQL injections for $fid. Mysql_real_escape_string is really for textual variables. Since $fid is supposed to be an integer, intval is probably even better.

Great! Thank you so much for your help.

I now am in the process of adding

Code:

$fid = intval( $fid );

to the files in question and I put this code before the $query lines. Could you tell me if this is the correct placement? Also can I do the same with $gid and $tab?

You can do it with $gid, not with $tab.

Why can't you guys use Mysql_real_escape_string? Your sig says PHP5...that function is available starting with PHP 4.3.

It looks like you don't have an open connection when it is being used...why would that be?

I have no idea why? All I can tell you that may be different from others is that I use MySQLi and PHP FastCGI.

Sorry Pragma, I made a typo above. I was wondering if I can use the same code for $tag (and not $tab).

Sept_de_Neuf wrote:

QUOTE:
Sorry Pragma, I made a typo above. I was wondering if I can use the same code for $tag (and not $tab).

Yep, thats what I was thinking of. $tag isn't a number, so it can't be used with intval.

I guess the best thing to do would be addslashes. So that would be like this:

Code:

$tag = addslashes($tag);

Excellent! Thank you.