Thorkarim Posted June 2, 2011 Posted June 2, 2011 Hi all, I need these php codes for my web page, if someone were so kind to them and to put them here, would be very grateful. I canno't find in google, and if found it not work with sky fire.(the 90& are for arcmu) > character customization > character rename > retrieving password I have a php code for unstucker , if anyone wants it. <?php include("THANKS!!.php"); ?> !! Quote
DJLKM-1 Posted June 4, 2011 Posted June 4, 2011 not sure if i remember this correct but all the account passwords are encrypted in SHA1 & thats how it stays non-decriptable, that is ofc if you ment the login password for the client :) Quote
Dolf Posted June 4, 2011 Posted June 4, 2011 I have a php code for unstucker , if anyone wants it. would be great! Greets, Dolf Quote
Thorkarim Posted June 5, 2011 Author Posted June 5, 2011 not sure if i remember this correct but all the account passwords are encrypted in SHA1 & thats how it stays non-decriptable, that is ofc if you ment the login password for the client You don't need decriptable for anything, its only login. If you want see, take, tets this, it's an autounstucker. <?php ##################################### #Config############################## ##################################### //Database Host $host = "localhost"; //Database User $user = "root"; //Database Pass $pass = "root"; //Logon Database $logon = "auth"; //Realm Database $char = "characters"; ##################################### #End Config###Do Not Edit Below###### ##################################### function char_unstuck(){ global $host, $user, $pass, $logon, $char; if(isset($_POST['unstuck'])){ //Connect To Database $connect = mysql_connect("$host", "$user", "$pass") or die('Connection Error: ' . mysql_error()); //Get Username From Input $username = $_POST['username']; //Get Password From Input $password = $_POST['password']; //Get Character From Input $character = $_POST['char']; //Encrypt Password $password = sha1(strtoupper($username) . ":" . strtoupper($password)); //Check If Account Is Valid $valid_account = mysql_query("SELECT * FROM $logon.account WHERE username='$username' AND sha_pass_hash='$password'"); $account_valid = mysql_num_rows($valid_account); if($account_valid != 1){print'Invalid Account.<br/>';}else{ //Account Is Valid, Now Check If Character Is Valid while($get_char = mysql_fetch_array($valid_account)){ $valid_char = mysql_query("SELECT * FROM $char.characters WHERE name='$character'"); $char_valid = mysql_num_rows($valid_char); if($char_valid != 1){print'Invalid Character.<br/>';}else{ //Character Is Valid, Check If Character Belongs To Account $char_acc = mysql_query("SELECT * FROM $char.characters WHERE account='".$get_char['id']."' AND name='$character'"); $acc_char = mysql_num_rows($char_acc); if($acc_char != 1){print'That Character Is Not Yours.<br/>';}else{ //Get Character HomeBind while($acc_id = mysql_fetch_array($char_acc)){ $homeb = mysql_query("SELECT * FROM $char.character_homebind WHERE guid='".$acc_id['guid']."'"); while($home = mysql_fetch_array($homeb)){ $px = $home['position_x'];//Position X $py = $home['position_y'];//Position Y $pz = $home['position_z'];//Position Z $z = $home['zone'];//Zone $m = $home['map'];//Map //Unstuck Character $unstuck = mysql_query("UPDATE $char.characters SET position_x = '$px', position_y = '$py', position_z = '$pz', zone = '$z', map = '$m' WHERE name='$character'") or die('UnStuck Failed: ' . mysql_error()); //Success print'Tu personaje está desbloqueado.'; }}}}}}}} print'<table align="center"> <form action="" method="post"> <tr>Desbloqueador de Personaje <tr><td>Usuario: </td> <td><input type="text" name="username"></td></tr> <tr><td>Contraseña:</td> <td><input type="password" name="password"></td></tr> <tr><td>Personaje:</td> <td><input type="text" name="char"></td></tr> <tr><td></td> <td align="center"><input type="submit" name="unstuck" value="Desatascar!"></td></tr> </form> </table> <center>'; char_unstuck(); print'</center>'; ?> Quote
DJLKM-1 Posted June 5, 2011 Posted June 5, 2011 sorry, but im not sure what passwords you want to retrive. Quote
Admin/Master Developers SkyFire Posted June 5, 2011 Admin/Master Developers Posted June 5, 2011 Webwow works with skyfire. Google it. Quote
Meldo Posted June 11, 2011 Posted June 11, 2011 should choose "trinity(mail patch)*BETA*" or "trinity (RA mail)? What's the difference? ty for reply. Quote
xavi Posted June 27, 2011 Posted June 27, 2011 no idea !! but i dont like webwow , i hav troule with the login ! Quote
Clothahump Posted July 5, 2011 Posted July 5, 2011 > retrieving password Since the passes are encrypted, you can only change them. Quote
THOR Posted July 6, 2011 Posted July 6, 2011 should choose "trinity(mail patch)*BETA*" or "trinity (RA mail)? What's the difference? ty for reply. Webwow v2 Quote
NT_SYSTEM Posted September 26, 2011 Posted September 26, 2011 You don't need decriptable for anything, its only login. If you want see, take, tets this, it's an autounstucker. <?php ##################################### #Config############################## ##################################### //Database Host $host = "localhost"; //Database User $user = "root"; //Database Pass $pass = "root"; //Logon Database $logon = "auth"; //Realm Database $char = "characters"; ##################################### #End Config###Do Not Edit Below###### ##################################### function char_unstuck(){ global $host, $user, $pass, $logon, $char; if(isset($_POST['unstuck'])){ //Connect To Database $connect = mysql_connect("$host", "$user", "$pass") or die('Connection Error: ' . mysql_error()); //Get Username From Input $username = $_POST['username']; //Get Password From Input $password = $_POST['password']; //Get Character From Input $character = $_POST['char']; //Encrypt Password $password = sha1(strtoupper($username) . ":" . strtoupper($password)); //Check If Account Is Valid $valid_account = mysql_query("SELECT * FROM $logon.account WHERE username='$username' AND sha_pass_hash='$password'"); $account_valid = mysql_num_rows($valid_account); if($account_valid != 1){print'Invalid Account.<br/>';}else{ //Account Is Valid, Now Check If Character Is Valid while($get_char = mysql_fetch_array($valid_account)){ $valid_char = mysql_query("SELECT * FROM $char.characters WHERE name='$character'"); $char_valid = mysql_num_rows($valid_char); if($char_valid != 1){print'Invalid Character.<br/>';}else{ //Character Is Valid, Check If Character Belongs To Account $char_acc = mysql_query("SELECT * FROM $char.characters WHERE account='".$get_char['id']."' AND name='$character'"); $acc_char = mysql_num_rows($char_acc); if($acc_char != 1){print'That Character Is Not Yours.<br/>';}else{ //Get Character HomeBind while($acc_id = mysql_fetch_array($char_acc)){ $homeb = mysql_query("SELECT * FROM $char.character_homebind WHERE guid='".$acc_id['guid']."'"); while($home = mysql_fetch_array($homeb)){ $px = $home['position_x'];//Position X $py = $home['position_y'];//Position Y $pz = $home['position_z'];//Position Z $z = $home['zone'];//Zone $m = $home['map'];//Map //Unstuck Character $unstuck = mysql_query("UPDATE $char.characters SET position_x = '$px', position_y = '$py', position_z = '$pz', zone = '$z', map = '$m' WHERE name='$character'") or die('UnStuck Failed: ' . mysql_error()); //Success print'Tu personaje está desbloqueado.'; }}}}}}}} print'<table align="center"> <form action="" method="post"> <tr>Desbloqueador de Personaje <tr><td>Usuario: </td> <td><input type="text" name="username"></td></tr> <tr><td>Contraseña:</td> <td><input type="password" name="password"></td></tr> <tr><td>Personaje:</td> <td><input type="text" name="char"></td></tr> <tr><td></td> <td align="center"><input type="submit" name="unstuck" value="Desatascar!"></td></tr> </form> </table> <center>'; char_unstuck(); print'</center>'; ?> Please do this community a favor and delete your post. I can think 1 trillion ways to exploit such an poorly-written algorithm. For instance: What happens if $_POST["username"] is 'or' '1'='1' -- ' ? I'd suggest you to learn the basics of input serialization before rushing into writing code like this. Your Interpreter will not complain but your database handles the data differently. Quote
regenx Posted September 29, 2011 Posted September 29, 2011 LOL, where is mysql_real_escape_string in your syntax ? http://www.codehive.net/Secure-Input-and-Preventing-MySQL-Injection-2.html Have fun! Quote
CaptSilver Posted September 30, 2011 Posted September 30, 2011 SkyFire does not support any public servers so the prevention of mysql injections would only stop yourself from hacking your own server. :-P PS: I kinda like hacking into my own server. Quote
THOR Posted September 30, 2011 Posted September 30, 2011 but It is very good for learning. (C++, SQL, MySQL, PHP, XHTLM, HTML, JAVA, ...) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.