[Release] Extra Vault In Your WebSite

FreestyleR

New Member
Joined
May 14, 2008
Messages
129
Reaction score
19
baulextra.php file:
Code:
<form id="form1" name="form1" method="post" action="cambiobaul.php">
<table width="100%" border="1" bordercolor="#000000">
<td colspan="2">
<div></div>
</td>
<tr>
<td width="10%">
<div>ID</div>
</td>
<td width="90%">
<div><input name="id" type="text" maxlength="10" /></div>
</td>
</tr>
<tr>
<td>
<div>Password</div>
</td><td>
<div><input name="clave" type="password" class="Estilo86" maxlength="10" />
</div>
</td>
</tr>
<tr>
<td colspan="2">
<div>Anti-Duppers System</div>
</td>
</tr>
<tr>
<td>
<div><input name="Submit" type="submit" value="Change Vault" />
</div>
</td>
</tr>
</table>
</form>
cambiobaul.php file:
Code:
<?
$conection = mssql_connect("ServerName","UserName","Password") or die("SQL connection fail, verify your connection config.");
mssql_select_db("MuOnline",$conection);
function anti_injection( $mensaje )
{
$banlist = array
("insert","select","drop","update","delete","distinct","having","truncate","replace",
"handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-");
if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) )
{
$mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) );
}
else
{
$mensaje = NULL;
}
return $mensaje;
}
if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "")
{
$sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'";
$result = mssql_query($sql);
if($row = mssql_fetch_array($result))
{
  $sqlexiste = "SELECT AccountID FROM EXTWAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'";
  $resultexiste = mssql_query($sqlexiste);
  if($rowexiste = mssql_fetch_array($resultexiste))
  {
   $sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'");
   $rschar = mssql_fetch_array($sqlchar);
   if(($rschar['ConnectStat'])==0)
   {
    $sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'");
    $rsbaul = mssql_fetch_array($sqlbaul);
    if(($rsbaul['number'])==1)
    {
     /* If I want my original vault */
     /* Save 2nd vault in extwarehouse table */
     $sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Update main vault to original content */
     $sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Clean main vault last data  */
     $sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    if(($rsbaul['number'])==0)
    {
     /* If I want 2nd vault */
     /* Save main vault data into charbaul table */
     $sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')";
     mssql_query($sql);
     /* Update main vault to 2nd vault data */
     $sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     $sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
     /* Set vault number */
     $sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'";
     mssql_query($sql);
    }
    echo "-".anti_injection($HTTP_POST_VARS["id"])." vault changed successfully !!!";
   }
   else
   {
    echo "You must be off line, vault change not proceed !!!";
   }
  }
  else
  {
   echo "You don't have extravault, contact your administrator !!!";
  }
}
else
{
  echo "Login fail !!!";
}
mssql_free_result($result);
}
else
{
echo "You must to complete all field to login ok !!!";
}
mssql_close();
?>
About scripts:

1. This script add a trigger into memb_info table, then will be activated every time an account is INSERTED into this table. This trigger will add a new record into extwarehouse table using the new account ID created:
Code:
CREATE TRIGGER [extware] ON [dbo].[MEMB_INFO] 
FOR INSERT
AS
declare @cuenta varchar(10)
SELECT @cuenta=memb___id FROM INSERTED
insert into extwarehouse values(@cuenta,0,0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF,0,0,0,'')
2. The complicated script:
Code:
ALTER TABLE warehouse ADD exist INTEGER NULL CONSTRAINT [DF_warehouses] DEFAULT ((0))
UPDATE warehouse SET exist=0
UPDATE warehouse SET exist=1 WHERE EXISTS ( SELECT extwarehouse.AccountID FROM extwarehouse WHERE extwarehouse.AccountID = warehouse.AccountID)
INSERT INTO extwarehouse(AccountID,Number,Items,Money,EndUseDate,DbVersion,pw)(select accountid,0,0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF,0,0,0,'' from warehouse where exist=0)
UPDATE warehouse SET exist=1 WHERE EXISTS ( SELECT extwarehouse.AccountID FROM extwarehouse WHERE extwarehouse.AccountID = warehouse.AccountID)
Credits by =MasteR=
Posted by FreestyleR
Nice Works ! :)
 

Attachments

  • baulextra.rar
    368 bytes · Views: 52
  • cambiobaul.rar
    1.2 KB · Views: 37
Last edited:

Murder

New Member
Joined
Apr 21, 2008
Messages
502
Reaction score
74
Защо като напиша ацц и пасс ми пише тфа

Forbidden
You don't have permission to access cambiobaul.php on this server.
 

FreestyleR

New Member
Joined
May 14, 2008
Messages
129
Reaction score
19
Защо като напиша ацц и пасс ми пише тфа

Forbidden
You don't have permission to access cambiobaul.php on this server.

Прочети След "About Scripts" на моя пост горе какво пише
 

Mephisto

New Member
Joined
Apr 10, 2008
Messages
451
Reaction score
240
This is just one form what screens do u want for 3 word ^_^

тва е просто една форма какъв screen искаш за 3 думи
 
Last edited:

Evanescence

Active Member
Joined
Nov 16, 2008
Messages
171
Reaction score
116
А това каде се слага ако мога да попитам :)
 

DIEL

Member
Joined
Dec 1, 2008
Messages
65
Reaction score
5
моля хелп

хора наскоро го направих с тоя но неможах да намеря каде са за променяне на статистиките там над онлине ... сащо така и това дето постоянно дето излиза за реклама на сарвара как да го премахна и сащо така като дам дястното копче излиза нещо искам да пише друг натпис как се правят тия настроики ?!