Jump to content

[Request] PHP code for character customization, retriving password and rename

Thorkarim

By Thorkarim
in Web Scripts

 Share

Recommended Posts

Thorkarim Newbie

Thorkarim

Posted
Posted

Hi all, I need these php codes for my web page, if someone were so kind to them and to put them here, would be very grateful. I canno't find in google, and if found it not work with sky fire.(the 90& are for arcmu) > character customization > character rename > retrieving password I have a php code for unstucker , if anyone wants it. <?php include("THANKS!!.php"); ?> :D!!

Link to comment
Share on other sites
Thorkarim Newbie

Thorkarim

Posted
  • Author
Posted

not sure if i remember this correct but all the account passwords are encrypted in SHA1 & thats how it stays non-decriptable, that is ofc if you ment the login password for the client :)

You don't need decriptable for anything, its only login. If you want see, take, tets this, it's an autounstucker.

<?php
#####################################
#Config##############################
#####################################
//Database Host
$host = "localhost";
//Database User
$user = "root";
//Database Pass
$pass = "root";
//Logon Database
$logon = "auth";
//Realm Database
$char = "characters";
#####################################
#End Config###Do Not Edit Below######
#####################################
function char_unstuck(){
global $host, $user, $pass, $logon, $char;
if(isset($_POST['unstuck'])){
//Connect To Database
$connect = mysql_connect("$host", "$user", "$pass") or die('Connection Error: ' . mysql_error());
//Get Username From Input
$username = $_POST['username'];
//Get Password From Input
$password = $_POST['password'];
//Get Character From Input
$character = $_POST['char'];
//Encrypt Password
$password = sha1(strtoupper($username) . ":" . strtoupper($password));
//Check If Account Is Valid
$valid_account = mysql_query("SELECT * FROM $logon.account WHERE username='$username' AND sha_pass_hash='$password'");
$account_valid = mysql_num_rows($valid_account);
if($account_valid != 1){print'Invalid Account.<br/>';}else{
//Account Is Valid, Now Check If Character Is Valid
while($get_char = mysql_fetch_array($valid_account)){
$valid_char = mysql_query("SELECT * FROM $char.characters WHERE name='$character'");
$char_valid = mysql_num_rows($valid_char);
if($char_valid != 1){print'Invalid Character.<br/>';}else{
//Character Is Valid, Check If Character Belongs To Account
$char_acc = mysql_query("SELECT * FROM $char.characters WHERE account='".$get_char['id']."' AND name='$character'");
$acc_char = mysql_num_rows($char_acc);
if($acc_char != 1){print'That Character Is Not Yours.<br/>';}else{
//Get Character HomeBind
while($acc_id = mysql_fetch_array($char_acc)){
$homeb = mysql_query("SELECT * FROM $char.character_homebind WHERE guid='".$acc_id['guid']."'");
while($home = mysql_fetch_array($homeb)){
$px = $home['position_x'];//Position X
$py = $home['position_y'];//Position Y
$pz = $home['position_z'];//Position Z
$z = $home['zone'];//Zone
$m = $home['map'];//Map
//Unstuck Character
$unstuck = mysql_query("UPDATE $char.characters SET position_x = '$px', position_y = '$py', position_z = '$pz', zone = '$z', map = '$m' WHERE name='$character'") or die('UnStuck Failed: ' . mysql_error());
//Success
print'Tu personaje está desbloqueado.';
}}}}}}}}
print'<table align="center">
<form action="" method="post">
<tr>Desbloqueador de Personaje
<tr><td>Usuario: </td> <td><input type="text" name="username"></td></tr>
<tr><td>Contraseña:</td> <td><input type="password" name="password"></td></tr>
<tr><td>Personaje:</td> <td><input type="text" name="char"></td></tr>
<tr><td></td> <td align="center"><input type="submit" name="unstuck" value="Desatascar!"></td></tr>
</form>
</table>
<center>';
char_unstuck();
print'</center>';
?>
Link to comment
Share on other sites
  • 3 weeks later...
  • 2 months later...
NT_SYSTEM Newbie

NT_SYSTEM

Posted
Posted

You don't need decriptable for anything, its only login. If you want see, take, tets this, it's an autounstucker.

<?php
#####################################
#Config##############################
#####################################
//Database Host
$host = "localhost";
//Database User
$user = "root";
//Database Pass
$pass = "root";
//Logon Database
$logon = "auth";
//Realm Database
$char = "characters";
#####################################
#End Config###Do Not Edit Below######
#####################################
function char_unstuck(){
global $host, $user, $pass, $logon, $char;
if(isset($_POST['unstuck'])){
//Connect To Database
$connect = mysql_connect("$host", "$user", "$pass") or die('Connection Error: ' . mysql_error());
//Get Username From Input
$username = $_POST['username'];
//Get Password From Input
$password = $_POST['password'];
//Get Character From Input
$character = $_POST['char'];
//Encrypt Password
$password = sha1(strtoupper($username) . ":" . strtoupper($password));
//Check If Account Is Valid
$valid_account = mysql_query("SELECT * FROM $logon.account WHERE username='$username' AND sha_pass_hash='$password'");
$account_valid = mysql_num_rows($valid_account);
if($account_valid != 1){print'Invalid Account.<br/>';}else{
//Account Is Valid, Now Check If Character Is Valid
while($get_char = mysql_fetch_array($valid_account)){
$valid_char = mysql_query("SELECT * FROM $char.characters WHERE name='$character'");
$char_valid = mysql_num_rows($valid_char);
if($char_valid != 1){print'Invalid Character.<br/>';}else{
//Character Is Valid, Check If Character Belongs To Account
$char_acc = mysql_query("SELECT * FROM $char.characters WHERE account='".$get_char['id']."' AND name='$character'");
$acc_char = mysql_num_rows($char_acc);
if($acc_char != 1){print'That Character Is Not Yours.<br/>';}else{
//Get Character HomeBind
while($acc_id = mysql_fetch_array($char_acc)){
$homeb = mysql_query("SELECT * FROM $char.character_homebind WHERE guid='".$acc_id['guid']."'");
while($home = mysql_fetch_array($homeb)){
$px = $home['position_x'];//Position X
$py = $home['position_y'];//Position Y
$pz = $home['position_z'];//Position Z
$z = $home['zone'];//Zone
$m = $home['map'];//Map
//Unstuck Character
$unstuck = mysql_query("UPDATE $char.characters SET position_x = '$px', position_y = '$py', position_z = '$pz', zone = '$z', map = '$m' WHERE name='$character'") or die('UnStuck Failed: ' . mysql_error());
//Success
print'Tu personaje est&#225; desbloqueado.';
}}}}}}}}
print'<table align="center">
<form action="" method="post">
<tr>Desbloqueador de Personaje
<tr><td>Usuario: </td> <td><input type="text" name="username"></td></tr>
<tr><td>Contrase&#241;a:</td> <td><input type="password" name="password"></td></tr>
<tr><td>Personaje:</td> <td><input type="text" name="char"></td></tr>
<tr><td></td> <td align="center"><input type="submit" name="unstuck" value="Desatascar!"></td></tr>
</form>
</table>
<center>';
char_unstuck();
print'</center>';
?>

Please do this community a favor and delete your post.

I can think 1 trillion ways to exploit such an poorly-written algorithm.

For instance: What happens if $_POST["username"] is 'or' '1'='1' -- ' ?

I'd suggest you to learn the basics of input serialization before rushing into writing code like this. Your Interpreter will not complain but your database handles the data differently.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept