[Release] Extra Vault In Your WebSite

[FreestyleR]

baulextra.php file:

<form id="form1" name="form1" method="post" action="cambiobaul.php">
<table width="100%" border="1" bordercolor="#000000">
<td colspan="2">
<div></div>
</td>
<tr>
<td width="10%">
<div>ID</div>
</td>
<td width="90%">
<div><input name="id" type="text" maxlength="10" /></div>
</td>
</tr>
<tr>
<td>
<div>Password</div>
</td><td>
<div><input name="clave" type="password" class="Estilo86" maxlength="10" />
</div>
</td>
</tr>
<tr>
<td colspan="2">
<div>Anti-Duppers System</div>
</td>
</tr>
<tr>
<td>
<div><input name="Submit" type="submit" value="Change Vault" />
</div>
</td>
</tr>
</table>
</form>

cambiobaul.php file:

<?
$conection = mssql_connect("ServerName","UserName","Password") or die("SQL connection fail, verify your connection config.");
mssql_select_db("MuOnline",$conection);
function anti_injection( $mensaje )
{
$banlist = array
("insert","select","drop","update","delete","distinct","having","truncate","replace",
"handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-");
if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) )
{
$mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) );
}
else
{
$mensaje = NULL;
}
return $mensaje;
}
if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "")
{
$sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'";
$result = mssql_query($sql);
if($row = mssql_fetch_array($result))
{
  $sqlexiste = "SELECT AccountID FROM EXTWAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'";
  $resultexiste = mssql_query($sqlexiste);
  if($rowexiste = mssql_fetch_array($resultexiste))
  {
   $sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'");
   $rschar = mssql_fetch_array($sqlchar);
   if(($rschar['ConnectStat'])==0)
   {
    $sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'");
    $rsbaul = mssql_fetch_array($sqlbaul);
    if(($rsbaul['number'])==1)
    {
     /* If I want my original vault */
     /* Save 2nd vault in extwarehouse table */
     $sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Update main vault to original content */
     $sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Clean main vault last data  */
     $sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    if(($rsbaul['number'])==0)
    {
     /* If I want 2nd vault */
     /* Save main vault data into charbaul table */
     $sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')";
     mssql_query($sql);
     /* Update main vault to 2nd vault data */
     $sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    echo "-".anti_injection($HTTP_POST_VARS["id"])." vault changed successfully !!!";
   }
   else
   {
    echo "You must be off line, vault change not proceed !!!";
   }
  }
  else
  {
   echo "You don't have extravault, contact your administrator !!!";
  }
}
else
{
  echo "Login fail !!!";
}
mssql_free_result($result);
}
else
{
echo "You must to complete all field to login ok !!!";
}
mssql_close();
?>

About scripts:

1. This script add a trigger into memb_info table, then will be activated every time an account is INSERTED into this table. This trigger will add a new record into extwarehouse table using the new account ID created:

CREATE TRIGGER [extware] ON [dbo].[MEMB_INFO] 
FOR INSERT
AS
declare @cuenta varchar(10)
SELECT @cuenta=memb___id FROM INSERTED
insert into extwarehouse values(@cuenta,0,0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF,0,0,0,'')

2. The complicated script:

ALTER TABLE warehouse ADD exist INTEGER NULL CONSTRAINT [DF_warehouses] DEFAULT ((0))
UPDATE warehouse SET exist=0
UPDATE warehouse SET exist=1 WHERE EXISTS ( SELECT extwarehouse.AccountID FROM extwarehouse WHERE extwarehouse.AccountID = warehouse.AccountID)
INSERT INTO extwarehouse(AccountID,Number,Items,Money,EndUseDate,DbVersion,pw)(select accountid,0,0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF,0,0,0,'' from warehouse where exist=0)
UPDATE warehouse SET exist=1 WHERE EXISTS ( SELECT extwarehouse.AccountID FROM extwarehouse WHERE extwarehouse.AccountID = warehouse.AccountID)

Credits by =MasteR=
Posted by FreestyleR
Nice Works !

 

[VaseC]

Супер браяво :2:

 

[Murder]

Защо като напиша ацц и пасс ми пише тфа

Forbidden
You don't have permission to access cambiobaul.php on this server.

 

[FreestyleR]

Защо като напиша ацц и пасс ми пише тфа

Forbidden
You don't have permission to access cambiobaul.php on this server.

Прочети След "About Scripts" на моя пост горе какво пише

 

[AfterShock]

screens ?

 

[MadBoy]

screens ?

Yes please give Screens if you can FreestyleR

 

[Mephisto]

This is just one form what screens do u want for 3 word ^_^

тва е просто една форма какъв screen искаш за 3 думи

 

[AfterShock]

we are not php coders MR. ^^

 

[Evanescence]

А това каде се слага ако мога да попитам

 

[DIEL]

моля хелп

хора наскоро го направих с тоя но неможах да намеря каде са за променяне на статистиките там над онлине ... сащо така и това дето постоянно дето излиза за реклама на сарвара как да го премахна и сащо така като дам дястното копче излиза нещо искам да пише друг натпис как се правят тия настроики ?!