Time 4 Crime drops you into a gritty Dutch underworld spanning six real cities where you hustle, climb ranks, and build a criminal empire. Pull off quick-hit crimes every few minutes, trade drugs and alcohol across dynamic markets, steal and store cars, own casinos and factories for steady income, and fight for territory as your reputation grows.
When it’s time to settle scores, hire a detective to locate rivals, plan the hit, and navigate cooldowns, weapon loadouts, and city-by-city movement. Form families with Don–Consigliere–Sottocapo roles, coordinate organized heists, and leverage gambling, honor points, and a shared bank to move your crew from street-level scrappers to feared power brokers.
Game Name: Time 4 Crime
Version: Unknown (database dated 2005-2006)
Genre: Web-based crime/mafia RPG
Developer: Unknown (Belgian, references gerbie.be)
Language: Dutch (Netherlands/Belgium)
Technology: PHP + MySQL
Server: rpg.socialmud.com/time4crime/ (original: gerbie.be/time4crime/)
License: Unknown (likely proprietary)
Release Era: ~2005-2006
Database Date: 2005-2006 (last cron: 2006-01-06)
---
Total Files: 151
File Breakdown:
Total Size: ~1.6 MB
Key Directories:
/ - 92 PHP game files (flat structure)/images/ - 54 graphics (cars/, rank badges, locations)Lines of Code: 13,423 PHP lines
---
PHP Architecture:
Database Configuration (_include-connection.php):
`php
$passwordthatmustbesecret = "";
$hostthatmustbesecret = "localhost";
$usernamethatmustbesecret = "";
$databasethatmustbesecret = "";
function quote_smart($value) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if(version_compare(phpversion(),"4.3.0") == "-1") {
return mysql_escape_string($value);
} else {
return mysql_real_escape_string($value);
}
}
`
Security Approach:
_include-config.php (entry point):
`php
include("_include-connection.php");
$sitelink = "http://rpg.socialmud.com/time4crime/";
if(!(@mysql_pconnect("mysql.socialmud.com","jdungeonadmin","certainlyloud") &&
@mysql_select_db("socialmud_rpg_time4crime"))) {
// Error page
exit;
}
session_start();
include("_include-funcs.php");
// Load user data
if(isset($_SESSION['login'])) {
$dbres = mysql_query("SELECT *,UNIX_TIMESTAMP(signup) AS signup,UNIX_TIMESTAMP(online) AS online FROM [users] WHERE login='{$_SESSION['login']}'");
$data = mysql_fetch_object($dbres);
}
// Omnilog (logging system)
if((count($_POST) > 0 && !isset($_POST['omnilog'])) || ($_POST['omnilog'] == 1 && count($_GET) > 1)) && isset($OMNILOG)) {
$postVars = addslashes(var_export($_POST,TRUE));
$getVars = addslashes(var_export($_GET,TRUE));
mysql_query("INSERT INTO [omnilog] VALUES(NOW(),'{$_COOKIE['login']}','{$_SERVER['REMOTE_ADDR']}','$forwardedFor','{$_SERVER['PHP_SELF']}','$postVars','$getVars')");
}
// Global addslashes
foreach($_POST as $key => $value) {
$_POST[$key] = addslashes($_POST[$key]);
}
foreach($_GET as $key => $value) {
$_GET[$key] = addslashes($_GET[$key]);
}
foreach($_COOKIE as $key => $value) {
$_COOKIE[$key] = addslashes($_COOKIE[$key]);
}
// IP ban check
$dbres = mysql_query("SELECT id FROM [users] WHERE IP='$clientIP' AND level<='-50'");
if(mysql_num_rows($dbres) != 0) {
print "You're banned";
exit;
}
// User ban check
$dbres = mysql_query("SELECT id FROM [users] WHERE level='-1' AND login='{$data->login}'");
if(mysql_num_rows($dbres) != 0) {
// Clear session and exit
}
// Admin power update (BIZARRE!)
mysql_query("UPDATE [users] SET attack='3000',defence='3000',clicks='5' WHERE level>'10'");
// Health check (dead redirect)
$dbres = mysql_query("SELECT id FROM [users] WHERE health<'1' AND login='{$data->login}'");
if(mysql_num_rows($dbres) != 0) {
// Redirect to hospital
}
`
CRITICAL: Hardcoded production credentials exposed!
30+ Tables (XXdatabase.sql.txt):
Core Tables:
[users] - Player accounts (90+ fields!)[online] - Session tracking (time, IP, login, validate)[messages] - Private messaging system[temp] - Temporary data (signup, password reset)[logs] - Action logging[omnilog] - Comprehensive activity log ($_POST/$_GET tracking)Crime Tables:
[detective] - Detective hiring (find players)attempts - Attack attempts tracking[getuige] - Witnesses (murder records)[orgcrime] - Organized crime (group jobs)hitlist - Assassination contractsEconomy Tables:
[buildings] - City buildings (trainstation, bulletfactory, roulette, slot, racetrack)[auto] - Car ownership (soort, schade, owner, land)[garage] - Car storage[drugs] - Drug prices by city (prijs1-5)[drank] - Alcohol prices by city[landen] - Drug inventory (6 areas per 6 cities = 36 markets)[landen1] - Backup drug tableFamily Tables:
[families] - Family/clan system[donates] - Family donationsfambank - Family bank accountSocial Tables:
[honourpoints] - Honour system[handdruk] - Handshake gamblingforummess - Forum messagesplayermess - Player messagespoll - Polling systemGame Mechanics:
[cron] - Scheduled tasks (hour, day, week, month, horserace)[land] - Territory ownership (55 territories)rechtbankusers - Court/ban systemLogin (login.php):
`php
if(isset($_POST['login'],$_POST['pass'])) {
$_POST['login'] = quote_smart($_POST['login']);
$_POST['pass'] = quote_smart($_POST['pass']);
$dbres = mysql_query("SELECT login,activated FROM [users] WHERE login='{$_POST['login']}' AND pass='{$_POST['pass']}'");
if(($data = mysql_fetch_object($dbres)) && $data->activated == 1) {
$validate = rand(0,1000);
setcookie("login",$data->login,time()+606024,"/","http://www.worldcrime.nl/");
setcookie("validate",$validate,time()+606024,"/","http://www.worldcrime.nl/");
mysql_query("REPLACE INTO [online](time,login,IP,validate) values(NOW(),'{$_SERVER['REMOTE_ADDR']}','{$data->login}','$validate')");
$_SESSION['login'] = $data->login;
$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
}
}
`
PLAINTEXT PASSWORDS: Stored unencrypted!
Session Management (_include-funcs.php):
`php
function check_login() {
if(isset($_SESSION['login'],$_SESSION['IP']) && $_SESSION['IP'] == $_SERVER['REMOTE_ADDR']) {
if(! isset($_COOKIE['login'],$_COOKIE['validate'])) {
$validate = md5(rand(0,1000));
setcookie("login",$_SESSION['login'],time()+606024,"/","");
setcookie("validate",$validate,time()+606024,"/","");
}
else
$validate = $_COOKIE['validate'];
mysql_query("REPLACE INTO [online](time,IP,login,validate) values(NOW(),'{$_SERVER['REMOTE_ADDR']}','{$_SESSION['login']}','$validate')");
return TRUE;
}
// ... cookie validation
}
`
register.php:
`php
if(isset($_POST['submit'])) {
$login = $_POST['login'];
$email = $_POST['email'];
$type = $_POST['type'];
$city = $_POST['city'];
$IP = $_SERVER['REMOTE_ADDR'];
// Validation
if(preg_match('/^[a-zA-Z0-9\-]+$/',$login) == 0)
$msgnum = 0; // Invalid characters
if(preg_match('/^.+@.+\..+$/',$email) == 0)
$msgnum = 2; // Invalid email
// Check duplicates
$dbres = mysql_query("SELECT id FROM [users] WHERE login='$login'");
if(mysql_num_rows($dbres) > 0)
$msgnum = 4; // Username taken
$dbres = mysql_query("SELECT id FROM [users] WHERE email='$email' AND health>='1' AND level>'0'");
if(mysql_num_rows($dbres) > 0)
$msgnum = 5; // Email taken
// IP limit
$dbres = mysql_query("SELECT id FROM [users] WHERE ip='$IP' AND ip!='84.81.71.218' AND health!='0'");
if(mysql_num_rows($dbres) > 0)
$msgnum = 6; // IP already registered
if($msgnum == -1) {
include_once("RPG/rndPass.class.php");
$pass=new rndPass(7);
$pass=$pass->PassGen(); // Random password generator
$code = rand(1000,9999);
mysql_query("INSERT INTO [users](signup,login,pass,IP,email,type,City,recruiter) values(NOW(),'$login','$pass','$IP','$email','$type','$city','$recruiter')");
mysql_query("INSERT INTO [temp](login,IP,code,area,time) values('$login','$IP','$code','signup',NOW())");
// Send activation email
mail($email,"Activate jou Time4crime account","Naam: {$login}\nWachtwoord: {$pass}\n...","From: time4crime
}
}
`
Auto-Generated Passwords: 7-character random passwords emailed
---
index.php:
`php
`
3-Panel Layout: Header (140px) + Menu (190px) + Main Content
6 Dutch Cities:
Buildings per City (buildings table):
Building Ownership:
`sql
INSERT INTO [buildings] VALUES ('trainstation', 'Groningen', 'unowned', '2005-12-12 00:12:01', 2500, '0000-00-00 00:00:00', 1069, 0, 0);
-- type, city, owner, start, price, production, profit, active, amount
`
Players can own buildings and earn profits!
crimes.php - Do crimes every 2 minutes:
Crime Mechanics:
`php
$data2 = mysql_query("SELECT *,UNIX_TIMESTAMP(misdaad) AS misdaad,0 FROM [users] WHERE login='{$data->login}' AND level<='10'");
$data1 = mysql_fetch_object($data2);
if($data1->misdaad + 120 > time()){
print "Je kunt elke 2 minuten een misdaad doen"; // Every 2 minutes
exit;
}
$totalpower = round((($data->rankingpoints)/1)+$data->clicks*5);
// Crime success rates based on previous attempts
$p1 = round($data->m1); // Crime type 1 success %
$p2 = round($data->m2*0.7); // Crime type 2 success % (harder)
$p3 = round($data->m3*0.5); // Crime type 3
$p4 = round($data->m4*0.3); // Crime type 4
$p5 = round($data->m5*0.25); // Crime type 5
$p6 = round($data->m6*0.21); // Crime type 6 (hardest)
// Random factors
$em1 = rand(-1,6); // Money variance
$em2 = rand(-3,8);
// ... etc
// Success capped at 100%
if($p1 >=100) {
$p1 = 100;
$em1 = rand(0,-8); // Negative money (diminishing returns!)
}
`
6 Crime Types with escalating difficulty and rewards
Crime Cooldown: 2 minutes (120 seconds)
kill.php - Assassination mechanics:
Attack Requirements:
`php
if(isset($_POST['submit']) && trim($_POST['kogels'])) {
$naam = htmlspecialchars($_POST['naam']);
$kogels = htmlspecialchars($_POST['kogels']); // Bullets to use
$verdediger = mysql_query("SELECT * FROM [users] WHERE login='{$naam}'");
$verdediger = mysql_fetch_object($verdediger1);
$weapon = round($data->weapon+1);
$protection = round($verdediger->protection+1);
// Detective check (must hire detective first!)
$detective = mysql_query("SELECT * FROM [detective] WHERE zoeker='{$data->login}' AND status='1' AND naam='{$verdediger->login}'");
$detective = mysql_num_rows($detective1);
// Last attempt check (3-hour cooldown)
$lastattempt = mysql_query("SELECT *,UNIX_TIMESTAMP(date) AS date FROM attempts WHERE defender='{$verdediger->login}' ORDER BY date DESC LIMIT 0,1");
$lastattempt = mysql_fetch_object($lastattempt1);
if($detective ==0)
print "Huur een detective en vind uit waar hij is."; // Hire detective first
elseif($weapon <= 1)
echo "Je moet een wapen kopen..."; // Need weapon
elseif($kogels > $data->bullets)
print "Jij hebt niet zo veel kogels..."; // Not enough bullets
elseif($verdediger->health == 0)
print "De persoon die je wilt vermoorden is al vermoord"; // Already dead
elseif($naam == $data->login)
print "je kunt niet op je zelf schieten."; // Can't kill self
elseif(round($lastattempt->date/3600-time()/3600) + 3 > 0)
print "Deze persoon loopt nog steeds weg!"; // 3-hour escape time
elseif($data->City != $verdediger->City)
print "Je moet in de zelfde stad zijn..."; // Must be same city
else {
// Combat calculation...
}
}
`
Ranking System (12 ranks):
`php
$totalpower = round(($data->attack+$data->defence)/2+$data->clicks*5);
if ($totalpower <= 1500) { $rank = "1"; }
elseif ($totalpower <= 3000) { $rank = "2"; }
elseif ($totalpower <= 7000) { $rank = "3"; }
elseif ($totalpower <= 15000) { $rank = "4"; }
elseif ($totalpower <= 23000) { $rank = "5"; }
elseif ($totalpower <= 30000) { $rank = "6"; }
elseif ($totalpower <= 45000) { $rank = "7"; }
elseif ($totalpower <= 60000) { $rank = "8"; }
elseif ($totalpower <= 100000) { $rank = "9"; }
elseif ($totalpower <= 150000) { $rank = "10"; }
elseif ($totalpower <= 250000) { $rank = "11"; }
else { $rank = "12"; }
`
Combat Features:
Detective Hiring ([detective] table):
`sql
CREATE TABLE [detective] (
id int(200) NOT NULL auto_increment,
naam varchar(200) default NULL, -- Target
zoeker varchar(200) default NULL, -- Searcher
uren int(200) NOT NULL default '0', -- Hours
tijd datetime NOT NULL, -- Time
vind int(200) NOT NULL default '0', -- Found?
status int(200) NOT NULL default '0', -- Status
land varchar(225) NOT NULL default '', -- Country
PRIMARY KEY (id)
);
`
Must hire detective before attacking - realistic mechanic!
Drug Markets (landen/landen1 tables):
6 Drug Types per city:
`sql
INSERT INTO [landen] VALUES (5, 1, 'groningen', 981, 190);
-- area, land, aantal (quantity), prijs (price)
-- Area 1: Drug type 1 in Groningen, 981 units at 190 price
`
6 Drug Types x 6 Cities = 36 Markets
Drug Prices ([drugs] table):
`sql
CREATE TABLE [drugs] (
land int(10) NOT NULL default '0',
verandertijd datetime NOT NULL, -- Change time
prijs1 int(10) NOT NULL default '0',
prijs2 int(10) NOT NULL default '0',
prijs3 int(10) NOT NULL default '0',
prijs4 int(10) NOT NULL default '0',
prijs5 int(10) NOT NULL default '0'
);
`
Dynamic Pricing: Prices change over time (verandertijd)
Alcohol Trading ([drank] table):
`sql
CREATE TABLE [drank] (
land int(10) NOT NULL default '0',
verandertijd datetime NOT NULL,
prijs1 int(10) NOT NULL default '0',
prijs2 int(10) NOT NULL default '0',
prijs3 int(10) NOT NULL default '0',
prijs4 int(10) NOT NULL default '0',
prijs5 int(10) NOT NULL default '0'
);
`
5 Alcohol Types per city
Car Ownership ([auto] table):
`sql
CREATE TABLE [auto] (
id int(255) NOT NULL auto_increment,
soort int(3) NOT NULL default '0', -- Type
schade int(3) NOT NULL default '0', -- Damage
owner varchar(255) NOT NULL default '', -- Owner
land int(10) NOT NULL default '1', -- Country
PRIMARY KEY (id)
);
`
Car Storage ([garage] table):
`sql
CREATE TABLE [garage] (
id int(11) NOT NULL auto_increment,
car varchar(255) NOT NULL default '',
damage int(2) NOT NULL default '0',
original varchar(255) NOT NULL default '',
city varchar(225) NOT NULL default '',
date datetime NOT NULL,
login varchar(225) NOT NULL default '',
UNIQUE KEY id (id)
);
`
Car Images: images/cars/ subdirectory
GTA Mechanic: auto_stelen.php (car stealing)
Family Structure ([families] table):
`sql
CREATE TABLE [families] (
id int(255) NOT NULL auto_increment,
name varchar(255) NOT NULL default '',
leader varchar(255) NOT NULL default '', -- Don
consig varchar(255) NOT NULL default '', -- Consigliere
sotto varchar(255) NOT NULL default '', -- Sottocapo
charge varchar(255) NOT NULL default '', -- ?
leavecost int(255) NOT NULL default '0',
bank int(255) NOT NULL default '0',
recruit varchar(255) NOT NULL default '',
startdate datetime NOT NULL,
info text NOT NULL,
caponame1 varchar(255) NOT NULL default '',
famimg varchar(255) NOT NULL default '',
activated int(255) NOT NULL default '1',
crush int(255) NOT NULL default '0',
crushsys int(255) NOT NULL default '0',
convsys int(255) NOT NULL default '0',
maxautos varchar(255) NOT NULL default '0',
autosnu varchar(255) NOT NULL default '0',
maxkogels varchar(255) NOT NULL default '0',
PRIMARY KEY (id)
);
`
Mafia-Style Hierarchy: Leader (Don), Consigliere, Sottocapo
Family Bank (fambank table):
Family Garage (famgarage.php):
Family Shop (famshop.php):
Group Jobs ([orgcrime] table):
`sql
CREATE TABLE [orgcrime] (
id int(100) NOT NULL auto_increment,
name1 varchar(100) default NULL, -- Member 1
name2 varchar(100) default NULL, -- Member 2
name3 varchar(100) default NULL, -- Member 3
name4 varchar(100) default NULL, -- Member 4
WEA int(1) NOT NULL default '0', -- Weapons brought?
BEA int(1) NOT NULL default '0', -- Bombs brought?
DRA int(1) NOT NULL default '0', -- Driver available?
wapens varchar(100) NOT NULL default '',
kogels int(100) NOT NULL default '0',
bommen varchar(100) NOT NULL default '',
aantal int(100) NOT NULL default '0',
auto varchar(100) NOT NULL default '',
klaar int(1) NOT NULL default '0',
autoid int(255) NOT NULL default '0',
PRIMARY KEY (id)
);
`
4-Player Heists: Requires weapons, bombs, driver, car
Roulette (roulette.php):
Slot Machines (slot.php):
Horse Racing (racetrack.php):
High/Low (hogerlager.php):
Handshake Gambling ([handdruk] table):
`sql
CREATE TABLE [handdruk] (
id int(255) NOT NULL auto_increment,
naam varchar(255) NOT NULL default '', -- Name
inzet int(255) NOT NULL default '0', -- Bet
wanneer datetime NOT NULL, -- When
land varchar(225) NOT NULL default '0', -- Country
PRIMARY KEY (id)
);
`
Honour Points ([honourpoints] table):
`sql
CREATE TABLE [honourpoints] (
id int(255) NOT NULL auto_increment,
to varchar(255) NOT NULL default '',
from varchar(255) NOT NULL default '',
date datetime NOT NULL,
points int(255) NOT NULL default '0',
PRIMARY KEY (id)
);
`
Players give honour to each other
Assassination Contracts (hitlist table):
`sql
CREATE TABLE hitlist (
id int(255) NOT NULL auto_increment,
naam varchar(255) NOT NULL default '', -- Target
Reason text NOT NULL,
prijs int(50) NOT NULL default '0', -- Price
plaatser varchar(255) NOT NULL default 'Anonymus', -- Poster
date datetime NOT NULL,
echt varchar(225) NOT NULL default '', -- Real name?
PRIMARY KEY (id)
);
`
Players post contracts on targets
Automated Tasks ([cron] table):
`sql
INSERT INTO [cron] VALUES ('2006-01-06 14:06:36', 'hour');
INSERT INTO [cron] VALUES ('2006-01-06 14:06:36', 'day');
INSERT INTO [cron] VALUES ('2006-01-06 14:06:36', 'week');
INSERT INTO [cron] VALUES ('2006-01-06 14:06:36', 'month');
INSERT INTO [cron] VALUES ('2005-12-29 22:24:33', 'horserace');
`
5 Cron Jobs:
55 Territories ([land] table):
`sql
INSERT INTO [land] VALUES ('none', 1);
INSERT INTO [land] VALUES ('none', 2);
-- ... up to 55
`
Territories claimable by players/families
Forum (forummess table):
Player Messages (playermess table):
Private Messages ([messages] table):
`sql
CREATE TABLE [messages] (
id int(9) NOT NULL auto_increment,
IP varchar(32) NOT NULL default '',
forwardedFor varchar(32) default NULL,
time datetime default NULL,
from varchar(45) default NULL,
to varchar(16) default NULL,
subject varchar(50) NOT NULL default '',
message text NOT NULL,
read int(1) NOT NULL default '0',
inbox int(1) default '1',
outbox int(1) default '1',
saved int(1) NOT NULL default '0',
PRIMARY KEY (id)
);
`
Inbox/Outbox/Saved folders
Poll System (poll table):
Jail (gevangenis.php):
Hospital (ziekenhuis.php):
Court System (rechtbankusers table):
`sql
CREATE TABLE rechtbankusers (
id int(4) NOT NULL auto_increment,
login varchar(16) default NULL,
straf varchar(255) NOT NULL default '', -- Punishment
reden text NOT NULL, -- Reason
ip varchar(32) default NULL,
time datetime NOT NULL,
admin varchar(225) NOT NULL default '',
PRIMARY KEY (id),
UNIQUE KEY login (login)
);
`
Admin Levels:
---
1. HARDCODED PRODUCTION CREDENTIALS (EXPOSED!):
`php
// _include-config.php line 7
if(!(@mysql_pconnect("mysql.socialmud.com","jdungeonadmin","certainlyloud") &&
@mysql_select_db("socialmud_rpg_time4crime"))) {
`
2. PLAINTEXT PASSWORDS:
`php
// login.php lines 8-9
$dbres = mysql_query("SELECT login,activated FROM [users] WHERE login='{$_POST['login']}' AND pass='{$_POST['pass']}'");
`
3. SQL INJECTION (Mitigated but not eliminated):
`php
// _include-config.php applies addslashes() globally
foreach($_POST as $key => $value) {
$_POST[$key] = addslashes($_POST[$key]);
}
// But some queries lack quote_smart()
$clientIP = $_SERVER['REMOTE_ADDR'];
$dbres = mysql_query("SELECT id FROM [users] WHERE IP='$clientIP' AND level<='-50'");
`
Partial Protection:
4. SESSION FIXATION:
`php
// _include-funcs.php
$validate = md5(rand(0,1000));
`
5. ADMIN POWER UPDATE (BIZARRE BUG):
`php
// _include-config.php line 118
mysql_query("UPDATE [users] SET attack='3000',defence='3000',clicks='5' WHERE level>'10'");
`
This query runs on EVERY PAGE LOAD:
6. IP BAN BYPASS:
`php
// _include-config.php
$dbres = mysql_query("SELECT id FROM [users] WHERE ip='$IP' AND ip!='84.81.71.218' AND health!='0'");
if(mysql_num_rows($dbres) > 0)
$msgnum = 6; // IP already registered
`
Hardcoded Whitelist: IP 84.81.71.218 can create unlimited accounts!
7. CAPTCHA USING CLIENT-SIDE MD5:
`php
// crimes.php line 343
$code = md5($codene);
// auto.php lines 74, 334
if($_POST['code2'] != md5($_POST['codenn'])) {
// CAPTCHA check
}
$code = md5($codene);
`
Client calculates MD5: Trivially bypassable!
1. mysql_real_escape_string():
`php
// _include-connection.php
function quote_smart($value) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if(version_compare(phpversion(),"4.3.0") == "-1") {
return mysql_escape_string($value);
} else {
return mysql_real_escape_string($value);
}
}
`
Good Practice: Proper escaping function
2. Global addslashes():
`php
// Applied to all $_POST, $_GET, $_COOKIE
foreach($_POST as $key => $value) {
if(gettype($_POST[$key]) == "array")
foreach($_POST[$key] as $key2 => $value2)
$_POST[$key][$key2] = addslashes($_POST[$key][$key2]);
else
$_POST[$key] = addslashes($_POST[$key]);
}
`
Defense in Depth: Multiple layers of escaping
3. Comprehensive Logging:
`php
// Omnilog system
mysql_query("INSERT INTO [omnilog] VALUES(NOW(),'{$_COOKIE['login']}','{$_SERVER['REMOTE_ADDR']}','$forwardedFor','{$_SERVER['PHP_SELF']}','$postVars','$getVars')");
`
Tracks all actions: $_POST/$_GET logged
4. IP Tracking:
`php
$forwardedFor = ($_SERVER['HTTP_X_FORWARDED_FOR'] != "") ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['HTTP_CLIENT_IP'];
`
Proxy detection: X-Forwarded-For tracked
5. Activation System:
`php
// Email activation required
if(($data = mysql_fetch_object($dbres)) && $data->activated == 1) {
`
Prevents spam: Must activate via email
Rationale:
---
Positive Aspects:
Negative Aspects:
1. Detective System:
2. 3-Hour Attack Cooldown:
3. Comprehensive Logging:
4. Building Ownership:
5. Family Hierarchy:
6. Dynamic Market:
7. Territory Control:
8. Referral System:
`php
mysql_query("UPDATE [users] SET recruiters=recruiters+1 WHERE login='{$recruiter}' AND IP!='$IP'");
mysql_query("UPDATE [users] SET bank=bank+10000, clicks=clicks+1 WHERE login='{$recruiter}'");
`
Rewards recruiting: 10,000 money + 1 click
1. Table Naming Convention:
`sql
[users], [messages], [auto], [families]
`
Bracketed names: Unusual MySQL convention
2. Ranking Points Formula:
`php
$totalpower = round((($data->rankingpoints)/1)+$data->clicks*5);
`
Clicks-based progression: Not just stats
3. Crime Success Persistence:
`php
$p1 = round($data->m1); // Remember last success rate
$p2 = round($data->m2*0.7); // Harder crimes degrade faster
`
Dynamic difficulty: Success rates stored per crime type
4. Car Damage System:
`sql
schade int(3) NOT NULL default '0', -- Damage percentage
`
Degradation mechanic: Cars get damaged
5. Witness System:
`sql
CREATE TABLE [getuige] (
naam varchar(255) NOT NULL default '', -- Witness
vermoord varchar(255) NOT NULL default '', -- Victim
moorder varchar(255) NOT NULL default '', -- Killer
);
`
Murder witnesses: Investigation mechanic
---
Year: ~2005-2006
Evidence:
PHP Context: PHP 4.3-5.1 era
Web Gaming Context:
Developer: Unknown
Belgian Origin:
Dutch Language:
Community:
Influenced By:
Similar Games in Collection:
Unique Features:
---
Fully Implemented ( ):
Partially Implemented (⚠️):
Missing ( ):
Playable: YES (but INSECURE)
Requirements:
Installation:
Production Readiness: 0/10
Economy:
Combat:
Progression:
Social:
---
Size: Medium
Security: Poor
Features: Very High
Graphics: Moderate
Code Quality: Poor
Completeness: High
vs Robot Warz (Game 57 - 6/10):
vs Spirit of Gaia (Game 64 - 3/10):
vs Ravan (Game 56 - 4/10):
Strengths:
Weaknesses:
Overall Collection: 35-40th/79
---
| Aspect | Score | Notes |
|---|---|---|
| Security | 3/10 | Hardcoded credentials, plaintext passwords, weak sessions |
| Code Quality | 4/10 | Flat structure, deprecated functions, but comprehensive logging |
| Features | 9/10 | 30+ tables, cities, markets, families, territories, buildings |
| Completeness | 8/10 | 85% complete, most features functional |
| Graphics | 5/10 | 54 images (878 KB), car graphics, rank badges |
| Innovation | 7/10 | Detective mechanic, attack cooldown, building ownership |
| Balance | 7/10 | Crime cooldowns, rank progression, economic depth |
| Playability | 7/10 | Works on PHP 5.x, comprehensive game loop |
| Maintainability | 3/10 | Hardcoded credentials, flat structure, deprecated functions |
"Feature-Rich Dutch Crime RPG with Hardcoded Credentials Catastrophe"
85% Complete - One of most complete games analyzed!
Detective Mechanic - Must hire detective before attacking (unique!)
3-Hour Attack Cooldown - Target escapes after failed attack
Building Ownership - Players own casinos/factories (passive income)
55 Territories - Conquest layer adds strategy
6 Dutch Cities - Realistic city system
36 Drug Markets - Dynamic pricing (6 types x 6 cities)
Family Hierarchy - Mafia-style ranks (Don, Consigliere, Sottocapo)
Organized Crime - 4-player heists
Comprehensive Logging - Omnilog tracks $_POST/$_GET
Cron Job System - Automated hourly/daily/weekly/monthly tasks
HARDCODED PRODUCTION CREDENTIALS - Database exposed in code!
`php
mysql_pconnect("mysql.socialmud.com","jdungeonadmin","certainlyloud")
`
PLAINTEXT PASSWORDS - Stored unencrypted in database
WEAK SESSION VALIDATION - md5(rand(0,1000)) = only 1,001 possibilities
ADMIN BUG - UPDATE query resets admin stats on EVERY page load
FLAT FILE STRUCTURE - 92 PHP files in root directory
FRAMESET UI - Obsolete since ~2000
DEPRECATED FUNCTIONS - mysql_* incompatible with PHP 7.0+
DUTCH ONLY - Limits international audience
CLIENT-SIDE CAPTCHA - md5() calculated by client (bypassable)
HARDCODED IP WHITELIST - IP 84.81.71.218 can create unlimited accounts
Time 4 Crime is a feature-rich Dutch crime RPG with exceptional gameplay depth (30+ database tables, 6 cities, 36 drug markets, 55 territories, family system, building ownership) and innovative mechanics (detective hiring requirement, 3-hour attack cooldown), but it contains one of the WORST security catastrophes possible: hardcoded production database credentials directly in the source code, exposing mysql.socialmud.com with username "jdungeonadmin" and password "certainlyloud". Combined with plaintext passwords, weak session validation (md5(rand(0,1000))), and an obsolete frameset UI, this game is completely undeployable in any modern environment.
The hardcoded credentials in _include-config.php line 7 expose the entire production database server. This is Security 101 violation - credentials must NEVER be in source code. Additionally, passwords are stored in plaintext with direct comparison, and session validation uses only 1,001 possible values (md5(rand(0,1000))), making account hijacking trivial.
Beyond the catastrophic security issues, the game contains a bizarre bug: UPDATE [users] SET attack='3000',defence='3000',clicks='5' WHERE level>'10' runs on EVERY page load, resetting all admin stats constantly! The codebase uses obsolete technologies (framesets, mysql_* functions) and has a flat file structure with 92 PHP files in the root directory.
As a piece of gaming history, Time 4 Crime demonstrates the Dutch browser RPG scene of 2005-2006, with realistic Dutch cities (Groningen, Amsterdam, Den Haag, Rotterdam, Bergen op Zoom, Venlo), comprehensive crime mechanics, and innovative PvP restrictions (detective hiring, attack cooldown). The detective mechanic is particularly brilliant - players must hire a detective to locate their target before attacking, adding realism and preventing griefing. The 3-hour attack cooldown after a failed attempt gives targets time to "escape," preventing revenge harassment.
The game features exceptional depth: 36 drug markets with dynamic pricing, building ownership (players own casinos and factories), 55 claimable territories, organized crime requiring 4-player coordination, family hierarchy (Don/Consigliere/Sottocapo), comprehensive logging (omnilog tracks every $_POST/$_GET), and a sophisticated cron job system. At 85% completion, it's one of the most complete games in the collection.
The game would require 150-200 hours of complete rewrite to be remotely safe: remove all credentials, convert to PDO, replace plaintext passwords with bcrypt, fix session validation, modernize the UI (remove framesets), upgrade to PHP 8.x, restructure file organization, and translate to English. Until then, it's a hacking playground that exposes a production database server to the internet.
High - Represents peak of Dutch/Belgian browser RPG development (2005-2006), demonstrates innovative PvP mechanics (detective hiring, attack cooldown), showcases building ownership economics rarely seen in collection, preserves Dutch crime/mafia culture in gaming, provides reference for territory control systems, documents comprehensive logging approach (omnilog), serves as cautionary tale about credential management, contains one of most complete feature sets in collection (85%), and offers unique family hierarchy system based on real mafia structure. Most importantly: contains production database credentials that expose active server, making it valuable case study for security education despite being completely undeployable.
Revival Potential: Medium - With 150-200 hours of work:
The foundation is excellent - 30+ tables, comprehensive features, innovative mechanics. Someone should fork this and fix the security disasters!
---
Analysis Complete: Game 65/79 (82.3%)
Next: Travian (Game 66) when you say "66 go!"
Running many of the scripts in this archive on a live server presents a serious security risk. These projects were created before modern hardening practices and may contain vulnerabilities that can compromise your system.
We strongly recommend using this code for reference and analysis only, or in isolated local environments. By downloading these files, you accept full responsibility for their use.