<?
$conection = mssql_connect("ServerName","UserName","Password") or die("SQL connection fail, verify your connection config.");
mssql_select_db("MuOnline",$conection);
function anti_injection( $mensaje )
{
$banlist = array
("insert","select","drop","update","delete","distinct","having","truncate","replace",
"handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-");
if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) )
{
$mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) );
}
else
{
$mensaje = NULL;
}
return $mensaje;
}
if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "")
{
$sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'";
$result = mssql_query($sql);
if($row = mssql_fetch_array($result))
{
$sqlexiste = "SELECT AccountID FROM EXTWAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'";
$resultexiste = mssql_query($sqlexiste);
if($rowexiste = mssql_fetch_array($resultexiste))
{
$sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'");
$rschar = mssql_fetch_array($sqlchar);
if(($rschar['ConnectStat'])==0)
{
$sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'");
$rsbaul = mssql_fetch_array($sqlbaul);
if(($rsbaul['number'])==1)
{
/* If I want my original vault */
/* Save 2nd vault in extwarehouse table */
$sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
$sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Update main vault to original content */
$sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
$sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Set vault number */
$sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Clean main vault last data */
$sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
}
if(($rsbaul['number'])==0)
{
/* If I want 2nd vault */
/* Save main vault data into charbaul table */
$sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')";
mssql_query($sql);
/* Update main vault to 2nd vault data */
$sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
$sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
/* Set vault number */
$sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
mssql_query($sql);
}
echo "-".anti_injection($HTTP_POST_VARS["id"])." vault changed successfully !!!";
}
else
{
echo "You must be off line, vault change not proceed !!!";
}
}
else
{
echo "You don't have extravault, contact your administrator !!!";
}
}
else
{
echo "Login fail !!!";
}
mssql_free_result($result);
}
else
{
echo "You must to complete all field to login ok !!!";
}
mssql_close();
?>