Jump to content

Recommended Posts

Posted

Hi all, I need these php codes for my web page, if someone were so kind to them and to put them here, would be very grateful. I canno't find in google, and if found it not work with sky fire.(the 90& are for arcmu) > character customization > character rename > retrieving password I have a php code for unstucker , if anyone wants it. <?php include("THANKS!!.php"); ?> :D!!

Posted

not sure if i remember this correct but all the account passwords are encrypted in SHA1 & thats how it stays non-decriptable, that is ofc if you ment the login password for the client :)

Posted

not sure if i remember this correct but all the account passwords are encrypted in SHA1 & thats how it stays non-decriptable, that is ofc if you ment the login password for the client :)

You don't need decriptable for anything, its only login. If you want see, take, tets this, it's an autounstucker.

<?php
#####################################
#Config##############################
#####################################
//Database Host
$host = "localhost";
//Database User
$user = "root";
//Database Pass
$pass = "root";
//Logon Database
$logon = "auth";
//Realm Database
$char = "characters";
#####################################
#End Config###Do Not Edit Below######
#####################################
function char_unstuck(){
global $host, $user, $pass, $logon, $char;
if(isset($_POST['unstuck'])){
//Connect To Database
$connect = mysql_connect("$host", "$user", "$pass") or die('Connection Error: ' . mysql_error());
//Get Username From Input
$username = $_POST['username'];
//Get Password From Input
$password = $_POST['password'];
//Get Character From Input
$character = $_POST['char'];
//Encrypt Password
$password = sha1(strtoupper($username) . ":" . strtoupper($password));
//Check If Account Is Valid
$valid_account = mysql_query("SELECT * FROM $logon.account WHERE username='$username' AND sha_pass_hash='$password'");
$account_valid = mysql_num_rows($valid_account);
if($account_valid != 1){print'Invalid Account.<br/>';}else{
//Account Is Valid, Now Check If Character Is Valid
while($get_char = mysql_fetch_array($valid_account)){
$valid_char = mysql_query("SELECT * FROM $char.characters WHERE name='$character'");
$char_valid = mysql_num_rows($valid_char);
if($char_valid != 1){print'Invalid Character.<br/>';}else{
//Character Is Valid, Check If Character Belongs To Account
$char_acc = mysql_query("SELECT * FROM $char.characters WHERE account='".$get_char['id']."' AND name='$character'");
$acc_char = mysql_num_rows($char_acc);
if($acc_char != 1){print'That Character Is Not Yours.<br/>';}else{
//Get Character HomeBind
while($acc_id = mysql_fetch_array($char_acc)){
$homeb = mysql_query("SELECT * FROM $char.character_homebind WHERE guid='".$acc_id['guid']."'");
while($home = mysql_fetch_array($homeb)){
$px = $home['position_x'];//Position X
$py = $home['position_y'];//Position Y
$pz = $home['position_z'];//Position Z
$z = $home['zone'];//Zone
$m = $home['map'];//Map
//Unstuck Character
$unstuck = mysql_query("UPDATE $char.characters SET position_x = '$px', position_y = '$py', position_z = '$pz', zone = '$z', map = '$m' WHERE name='$character'") or die('UnStuck Failed: ' . mysql_error());
//Success
print'Tu personaje está desbloqueado.';
}}}}}}}}
print'<table align="center">
<form action="" method="post">
<tr>Desbloqueador de Personaje
<tr><td>Usuario: </td> <td><input type="text" name="username"></td></tr>
<tr><td>Contraseña:</td> <td><input type="password" name="password"></td></tr>
<tr><td>Personaje:</td> <td><input type="text" name="char"></td></tr>
<tr><td></td> <td align="center"><input type="submit" name="unstuck" value="Desatascar!"></td></tr>
</form>
</table>
<center>';
char_unstuck();
print'</center>';
?>
Posted

should choose "trinity(mail patch)*BETA*" or "trinity (RA mail)? :blink: What's the difference? ty for reply.

  • 3 weeks later...
Posted

should choose "trinity(mail patch)*BETA*" or "trinity (RA mail)? :blink:

What's the difference?

ty for reply.

Webwow v2

  • 2 months later...
Posted

You don't need decriptable for anything, its only login. If you want see, take, tets this, it's an autounstucker.

<?php
#####################################
#Config##############################
#####################################
//Database Host
$host = "localhost";
//Database User
$user = "root";
//Database Pass
$pass = "root";
//Logon Database
$logon = "auth";
//Realm Database
$char = "characters";
#####################################
#End Config###Do Not Edit Below######
#####################################
function char_unstuck(){
global $host, $user, $pass, $logon, $char;
if(isset($_POST['unstuck'])){
//Connect To Database
$connect = mysql_connect("$host", "$user", "$pass") or die('Connection Error: ' . mysql_error());
//Get Username From Input
$username = $_POST['username'];
//Get Password From Input
$password = $_POST['password'];
//Get Character From Input
$character = $_POST['char'];
//Encrypt Password
$password = sha1(strtoupper($username) . ":" . strtoupper($password));
//Check If Account Is Valid
$valid_account = mysql_query("SELECT * FROM $logon.account WHERE username='$username' AND sha_pass_hash='$password'");
$account_valid = mysql_num_rows($valid_account);
if($account_valid != 1){print'Invalid Account.<br/>';}else{
//Account Is Valid, Now Check If Character Is Valid
while($get_char = mysql_fetch_array($valid_account)){
$valid_char = mysql_query("SELECT * FROM $char.characters WHERE name='$character'");
$char_valid = mysql_num_rows($valid_char);
if($char_valid != 1){print'Invalid Character.<br/>';}else{
//Character Is Valid, Check If Character Belongs To Account
$char_acc = mysql_query("SELECT * FROM $char.characters WHERE account='".$get_char['id']."' AND name='$character'");
$acc_char = mysql_num_rows($char_acc);
if($acc_char != 1){print'That Character Is Not Yours.<br/>';}else{
//Get Character HomeBind
while($acc_id = mysql_fetch_array($char_acc)){
$homeb = mysql_query("SELECT * FROM $char.character_homebind WHERE guid='".$acc_id['guid']."'");
while($home = mysql_fetch_array($homeb)){
$px = $home['position_x'];//Position X
$py = $home['position_y'];//Position Y
$pz = $home['position_z'];//Position Z
$z = $home['zone'];//Zone
$m = $home['map'];//Map
//Unstuck Character
$unstuck = mysql_query("UPDATE $char.characters SET position_x = '$px', position_y = '$py', position_z = '$pz', zone = '$z', map = '$m' WHERE name='$character'") or die('UnStuck Failed: ' . mysql_error());
//Success
print'Tu personaje est&#225; desbloqueado.';
}}}}}}}}
print'<table align="center">
<form action="" method="post">
<tr>Desbloqueador de Personaje
<tr><td>Usuario: </td> <td><input type="text" name="username"></td></tr>
<tr><td>Contrase&#241;a:</td> <td><input type="password" name="password"></td></tr>
<tr><td>Personaje:</td> <td><input type="text" name="char"></td></tr>
<tr><td></td> <td align="center"><input type="submit" name="unstuck" value="Desatascar!"></td></tr>
</form>
</table>
<center>';
char_unstuck();
print'</center>';
?>

Please do this community a favor and delete your post.

I can think 1 trillion ways to exploit such an poorly-written algorithm.

For instance: What happens if $_POST["username"] is 'or' '1'='1' -- ' ?

I'd suggest you to learn the basics of input serialization before rushing into writing code like this. Your Interpreter will not complain but your database handles the data differently.

Posted

SkyFire does not support any public servers so the prevention of mysql injections would only stop yourself from hacking your own server. :-P PS: I kinda like hacking into my own server.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.