[Help] InspiredWeb 0.1 Beta 1 Problem

DemonuMu

Well-Known Member
Joined
May 26, 2011
Messages
1,180
Reaction score
235
this Muweb have small problem

Login Panel works but Characters Panel have problem

no works Reset Character,Stats Adder,Pk Remover

Reset Character=Error: Character Demonu haven't got 400 to reset !
Error: Character Demonu haven't god enought money to reset !

but I have lvl 400 and zen maxim 2000000000

Stats Adder=Error: Character Demonu haven't got enought points !

I have 5000 point but no works

Pk Remover no works

Error: Character Demonu haven't got any kills to clear !

I love old muweb for old version such as 97d+99i

but this muweb no works for 97d+99i

Who can I fix it to works for old version 97d+99i ?

Download Muweb DrakE Web New Project

GirlShare - Download DrakE Web New Project.rar

Screen 1 Reset Character

nyy4cg.jpg


Screen 2 Stats Adder

2hwmufm.jpg


Screen 3 Pk Remover

2u6gvlv.jpg
 
Last edited:
I think the code is ok (except the bugs with adding -points or empty post and etc..). But it should work even like that. To make it works properly is strongly individual thing

First of all you have to make sure your Database can respond to the required queries and to give the right results ( check tables names/columns/ and etc)

I don't think someone can fix it just like that it needs more than just take a look into the code.

It needs to be done online and to test all together because even one missing check in the function can do a lot troubles later
 
I think the code is ok (except the bugs with adding -points or empty post and etc..). But it should work even like that. To make it works properly is strongly individual thing

First of all you have to make sure your Database can respond to the required queries and to give the right results ( check tables names/columns/ and etc)

I don't think someone can fix it just like that it needs more than just take a look into the code.

It needs to be done online and to test all together because even one missing check in the function can do a lot troubles later

ok thanks for help this is the muweb

I have sql server 2000 and windows xp sp3

download DrakE Web New Project

GirlShare - Download DrakE Web New Project.rar

Login Panel works but another problem

Pk Remover no works

Error: Character Demonu haven't got any kills to clear !

Reset Character no works

Reset Character=Error: Character Demonu haven't got 400 to reset !
Error: Character Demonu haven't god enought money to reset !

but I have lvl 400 and zen maxim 2000000000

Stats Adder no works

Stats Adder=Error: Character Demonu haven't got enought points !

I have 5000 point but no works

Warp Character Demonu inventory successfuly warped !

Clear Inventory Character Demonu inventory successfuly cleared !

Clear Skills Character Demonu magic list successfuly cleared !
 
Last edited:
Screen 1 Reset Character

nyy4cg.jpg


Screen 2 Stats Adder

2hwmufm.jpg


Screen 3 Pk Remover

2u6gvlv.jpg
 
Здравей,

Прегледаx кода набързо. Като идея ми изглежда правилно, но доколкото знам SQL(става въпрос за името на колоните) е case-sensitive(тоест разбира от малки и големи букви и прави разлика). Понеже нямам MSSQL и не мога да подкарам базата за да тествам ти предлагам да провериш drake.class.php и да разгледаш, където име SQL( string-a на функциите mssql_query) имената на колоните да ги сравниш с тези в базата и да ги направиш както трябва.

По принцип очаквам, че ако наистина е това да ти вади грешки с извикването на SQL-a(но то не вади, тоест най-вероятно не е това), ако искаш мога да пробвам да ти помогна, но понеже както казах нямам MSSQL да замениш този файл и да ми пратиш какво ти вади :)
 
Last edited:
Здравей,

Прегледаx кода набързо. Като идея ми изглежда правилно,...

Не знам какво имаш предвид под "Като идея ми изглежда правилно",
но аз лично открих грешки на няколко места ( още във функцията "register()" ).
А не знам дали разгледа и "function secure()" ...
Ще се чувствам толкова защитен с нея,че мога да отида на море даже :D
И не виждам какъв е смисълът да защитаваш сесия ...secure($_SESSION['user']) (tmi)
Но както и да е. Въпросът е там,че този пич има някакви проблеми със самия SQL/DataBase,
защото и в друга тема скоро писа пак за същите проблеми,
и аз съм сигурен,че проблемът не му е в сайта и скриптовете му.
 
This site is similar as others even equal with same problems. So I have some experience with but like I said it's not possible to fix anything like that without checking all together SQL and modules. Here till now you're losing your time thinking someone can fix it properly just like that.
You can send me the files SQL and the web and I can fix it for you.. It's my hobby and won't cost you anything.
I don't have a time to take a look with Teamview and etc, but can fix your web between my work because it's easy job and will be easer to do so. Let me tell you I'm not professional but good enough to fix those shits.
You have another choice just pay someone to fix it up for you. They are so many people ready to take your money for unknown results out there.
 
This site is similar as others even equal with same problems. So I have some experience with but like I said it's not possible to fix anything like that without checking all together SQL and modules. Here till now you're losing your time thinking someone can fix it properly just like that.
You can send me the files SQL and the web and I can fix it for you.. It's my hobby and won't cost you anything.
I don't have a time to take a look with Teamview and etc, but can fix your web between my work because it's easy job and will be easer to do so. Let me tell you I'm not professional but good enough to fix those shits.
You have another choice just pay someone to fix it up for you. They are so many people ready to take your money for unknown results out there.

thanks for help but do not pay for a free MuWeb

Download Muweb DrakE Web New Project

GirlShare - Download DrakE Web New Project.rar
 
Last edited:
1st. First of all it doesn't do DB connect checks config.php (fixed)

It was like that:
PHP:
<?php
error_reporting(E_ALL ^E_NOTICE ^E_WARNING);
$DrakEWeb['title'] = 'DrakE :: MuOnline';
$host = '127.0.0.1';
$user = 'sa';
$password = 'SQL password';
$database = 'MuOnline';

$servername = 'DrakE MuOnline';

$pkclearmoney = '1000';
$resetlevel = '400';
$resetpoints = '500';
$resettype = 'keep';
$resetmoney = '100000';
$maxresets = '999';

mssql_connect($host,$user ,$password);
mssql_select_db($database);

?>

I did it like that:

PHP:
<?php
error_reporting(E_ALL ^E_NOTICE ^E_WARNING);
$DrakEWeb['title'] = 'DrakE :: MuOnline';
$mssql_host = 'r00tme-pc';
$mssql_user = 'sa';
$mssql_pass = 'alabala';
$database = 'MuOnline';

$servername   = 'DrakE MuOnline';

$pkclearmoney = 1000;
$resetlevel   = 400;
$resetpoints  = 500;
$resettype    = 'keep';
$resetmoney   = 100000;
$maxresets    = 999;


$mssql_connect = mssql_connect($mssql_host, $mssql_user, $mssql_pass) or die('Couldn't connect to SQL Server!');
$db_connect = mssql_select_db($database, $mssql_connect) or die('Couldn't open database: ' . $database);
	

?>


2nd. You had a problems with the registration module(fixed) You had problems with getmail.php and getname.php - phrase errors

It was like that:
PHP:
<?php

mssql_connect(localhost,sa ,SQL Password);
mssql_select_db(MuOnline);

$mail=$_GET['w'];
$mail = str_replace("'" , "", $mail);
$mail = str_replace(";" , "", $mail);
$sql="SELECT * FROM MEMB_INFO WHERE mail_addr='$mail'";
$w=mssql_query($sql);
$broi=mssql_num_rows($w);
if($broi==0){echo "<img src='images/allow.gif'>";}
else {echo "<img src='images/deny.gif'>";}
?>

<?php

mssql_connect(localhost,sa ,SQL Password);
mssql_select_db(MuOnline); 
 
$name=$_GET['q']; 
$name = str_replace("'" , "", $name);
$name = str_replace(";" , "", $name);
$sql="SELECT * FROM MEMB_INFO WHERE memb___id='$name'"; 
$q=mssql_query($sql); 
$broi=mssql_num_rows($q); 
if($broi==0){echo "<img src='images/allow.gif'>";} 
else {echo "<img src='images/deny.gif'>";} 
?>


I did it like that:

PHP:
<?php
include('config.php');
$mail=$_GET['w'];
$mail = str_replace("'" , "", $mail);
$mail = str_replace(";" , "", $mail);
$sql="SELECT * FROM MEMB_INFO WHERE mail_addr='$mail'";
$w=mssql_query($sql);
$broi=mssql_num_rows($w);
if($broi==0){echo "<img src='images/allow.gif'>";}
else {echo "<img src='images/deny.gif'>";}
?>

3rd. Addstats (Your request) was completely bugged. A lot of problems with the security and the function at all. First of all you shouldn't allow the users to leave empty fields or 0 or -4 or type a letters instead of numbers. They are couple of tricks I have used (server-side and client/browser-side).

The original form was like that
PHP:
<?php $user = secure($_SESSION['user']); ?>
<form action='' name='' method='post'>
<table align='center' width='400' class='maintable'>
<thead>
<tr>
<td align='center'>Stats Adder</td>
</tr>
</thead>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td align='center'>Select Character:

<select class='maintable' name='character'><optgroup label='Select a character'>
<?php

$charq = mssql_query("Select name,leveluppoint from Character where AccountID='$user'");

for($i=0;$i < mssql_num_rows($charq);++$i)
{
$row = mssql_fetch_row($charq);

echo"
<option value='$row[0]'><span class='maintable'><b>$row[0] [$row[1]]</span></option>
";
}
?>
</select>

</td>
</tr>
<tr><td align='center'><table width='400' align='center'>
<tr>
<td align='right' width='50%'>Strength:</td>
<td align='left'><input type='text' class='register_field' maxlength='5' name='strength'></td>
</tr>
<tr>
<td align='right'>Agility:</td>
<td align='left'><input type='text' class='register_field' maxlength='5' name='agility'></td>
</tr>
<tr>
<td align='right'>Vitality:</td>
<td align='left'><input type='text' class='register_field' maxlength='5' name='vitality'></td>
</tr>
<tr>
<td align='right'>Energy:</td>
<td align='left'><input type='text' class='register_field' maxlength='5' name='energy'></td>
</tr>
<tr>
<td align='right'>Command:</td>
<td align='left'><input type='text' class='register_field' maxlength='5' name='command'></td>
</tr>

</table></td></tr>
</tr>
<td align='center'><input type='submit' name='addstats' value='Add Stats'></td>
</tr>
</tr>
<?php
if(isset($_POST['addstats'])) {add_stats(); } 
?>



</table>
</form>

I did it like that :

PHP:
<?php $user = secure($_SESSION['user']); ?>
<form action='' name='' method='post'>
<table align='center' width='400' class='maintable'>
<thead>
<tr>
<td align='center'>Stats Adder</td>
</tr>
</thead>
<tr>
<td>&nbsp;</td>
</tr>
<tr>
<td align='center'>Select Character:

<select class='maintable' name='character'><optgroup label='Select a character'>
<?php

$charq = mssql_query("Select name,leveluppoint from Character where AccountID='$user'");

for($i=0;$i < mssql_num_rows($charq);++$i)
{
$row = mssql_fetch_row($charq);

echo"
<option value='$row[0]'><span class='maintable'><b>$row[0] [$row[1]]</span></option>
";
}
?>
</select>

</td>
</tr>
<tr><td align='center'><table width='400' align='center'>
<tr>
<td align='right' width='50%'>Strength:</td>
<td align='left'><input type='number' min ="1" max="32767" class='register_field' onkeypress='return event.charCode >= 48 && event.charCode <= 57' maxlength='5' name='strength'></td>
</tr>
<tr>
<td align='right'>Agility:</td>
<td align='left'><input type='number' min ="1" max="32767" class='register_field' onkeypress='return event.charCode >= 48 && event.charCode <= 57' maxlength='5' name='agility'></td>
</tr>
<tr>
<td align='right'>Vitality:</td>
<td align='left'><input type='number' min ="1" max="32767" class='register_field' onkeypress='return event.charCode >= 48 && event.charCode <= 57' maxlength='5'  name='vitality'></td>
</tr>
<tr>
<td align='right'>Energy:</td>
<td align='left'><input type='number' min ="1" max="32767" class='register_field' onkeypress='return event.charCode >= 48 && event.charCode <= 57' maxlength='5' name='energy'></td>
</tr>
<tr>
<td align='right'>Command:</td>
<td align='left'><input type='number' min ="1" max="32767" class='register_field' maxlength='5' onkeypress='return event.charCode >= 48 && event.charCode <= 57' name='command'></td>
</tr>

</table></td></tr>
</tr>
<td align='center'><input type='submit' name='addstats' value='Add Stats'></td>
</tr>
</tr>
<?php
if(isset($_POST['addstats'])) {add_stats(); } 
?>



</table>
</form>

The form doesn't allow different types instead of numbers, bigger numbers than 32676 or 0. This is not 100% secured because can be exploited with some tools and we need the server-side to work the same way too.

The original function was like that :

PHP:
function add_stats() { 

$character = secure($_POST['character']);
$account = secure($_SESSION['user']);
$strength = secure($_POST['strength']);
$agility = secure($_POST['agility']);
$vitality = secure($_POST['vitality']);
$energy = secure($_POST['energy']);
$command = secure($_POST['command']);

check_inject();

$charq = mssql_query("Select leveluppoint,Strength,Dexterity,Vitality,Energy,Leadership,class from Character where name='$character'");
$char = mssql_fetch_row($charq);

$newstrength = $strength + $char[1];
$newagility = $agility + $char[2];
$newvitality = $vitality + $char[3];
$newenergy = $energy + $char[4];
$newcommand = $command + $char[5];

$allstats = $strength+$agility+$vitality+$energy+$command;

$newleveluppoints = $char[0] - $allstats;

$statusaq = mssql_query("select * from MEMB_STAT where memb___id='$account' and connectstat='1'");
$statusa = mssql_num_rows($statusaq);
if($statusa != 0) { $statusq = mssql_query("select GameIDC From AccountCharacter where Id='$account'"); $statusr = mssql_fetch_row($statusq); }

if(empty($character)) { echo"<tr><td align='center' class='modules'><b>Error:</b> Please select Character !</td></tr>"; $error=1; }
else{
if($statusr[0] == $character) { echo"<tr><td align='center' class='modules'><b>Error:</b> Character $character Is Online ! Please Log Off !</td></tr>"; $error=1; }
if($char[0] < $allstats) { echo"<tr><td align='center' class='modules'><b>Error:</b> Character $character haven't got enought points !</td></tr>"; $error=1; }
elseif($newstrength > 32767  or $newagility > 32767 or $newvitality > 32767 or $newenergy > 32767 or $newcommand > 32767) { echo"<tr><td align='center' class='modules'><b>Error:</b> You can't add more than 32767 points !</td></tr>"; $error=1; }
if($char[6] != 64 and $command > 0 or $char[6] != 66 and $command > 0) { echo"<tr><td align='center' class='modules'><b>Error:</b> Only Lords can add command !</td></tr>"; $error=1; }
if($error != 1)
{
echo"<tr><td align='center' class='modules'><span class='online'>Points Successfuly added and now $character have $newstrength Strenght , $newagility Agility , $newvitality Vitality , $newenergy Energy and $newleveluppoints points to add ! </span></td></tr>";

$a = mssql_query("Update Character set leveluppoint='$newleveluppoints',Strength='$newstrength',Dexterity='$newagility',Vitality='$newvitality',Energy='$newenergy',Leadership='$newcommand' where name='$character'");



}}}

I did it like that:
PHP:
function add_stats() { 

$error_message = array();
$character = secure($_POST['character']);
$account = secure($_SESSION['user']);
$strength = secure($_POST['strength']);
$agility = secure($_POST['agility']);
$vitality = secure($_POST['vitality']);
$energy = secure($_POST['energy']);
$command = secure($_POST['command']);

check_inject();

$charq = mssql_query("Select leveluppoint,Strength,Dexterity,Vitality,Energy,Leadership,class from Character where name='$character'");
$char = mssql_fetch_row($charq);

$newstrength = $strength + $char[1];
$newagility = $agility + $char[2];
$newvitality = $vitality + $char[3];
$newenergy = $energy + $char[4];
$newcommand = $command + $char[5];

$allstats = $strength+$agility+$vitality+$energy+$command;

$newleveluppoints = $char[0] - $allstats;

$statusaq = mssql_query("select * from MEMB_STAT where memb___id='$account' and connectstat='1'");
$statusa = mssql_num_rows($statusaq);
    if($statusa != 0) { 
    $statusq = mssql_query("select GameIDC From AccountCharacter where Id='$account'"); 
	$statusr = mssql_fetch_row($statusq); 
	}
    if(empty($character)) { 
    $error_message[] = "<tr><td align='center' class='modules'><b>Error:</b> Please select Character !</td></tr>"; 
	$error=1;
	}
    if(($strength < 0) or  ($command < 0) or ($energy < 0) or ($agility < 0) or ($vitality < 0)){
	$error_message[] = "<tr><td align='center' class='modules'><b>Error:</b> Please type proper numbers!</td></tr>"; 
    $error=1;		
	}
	if(empty($strength) &&  empty($command) && empty($energy) && empty($agility) && empty($vitality)){
	$error_message[] = "<tr><td align='center' class='modules'><b>Error:</b> Do not leave empty fields !</td></tr>"; 
    $error=1;		
	}
    if($statusr[0] == $character) { 
	$error_message[] = "<tr><td align='center' class='modules'><b>Error:</b> Character $character Is Online ! Please Log Off !</td></tr>"; 
	$error=1; 
	}
    if($char[0] < $allstats) { 
	$error_message[] = "<tr><td align='center' class='modules'><b>Error:</b> Character $character haven't got enought points !</td></tr>"; 
	$error=1; 
	}
    if($newstrength > 32767  or $newagility > 32767 or $newvitality > 32767 or $newenergy > 32767 or $newcommand > 32767) { 
	$error_message[] = "<tr><td align='center' class='modules'><b>Error:</b> You can't add more than 32767 points !</td></tr>"; 
	$error=1; 
	}
    if($char[6] != 64 and $command > 0 or $char[6] != 66 and $command > 0) { 
	$error_message[] = "<tr><td align='center' class='modules'><b>Error:</b> Only Lords can add command !</td></tr>"; 
	$error=1; 
	   } 
    if($error != 1){
	 mssql_query("Update Character set leveluppoint='$newleveluppoints',Strength='$newstrength',Dexterity='$newagility',Vitality='$newvitality',Energy='$newenergy',Leadership='$newcommand' where name='$character'");
	 echo"<tr><td align='center' class='modules'><span class='online'>Points Successfuly added and now $character have $newstrength Strenght , $newagility Agility , $newvitality Vitality , $newenergy Energy and $newleveluppoints points to add ! </span></td></tr>";
   }
   else {
	   foreach($error_message as $m){
	   echo $m;
   }
 }
}


4th. I do not like the idea the webto check GS ports or etc this will slow down the web speed and stability.

I haven't check anything else because it's a lot of work and no point to do it. You have a lot job to do if you want to keep this web. Job, I'm not sure you can do by yourself. Better find some other proper and tested(used) website with proven identity.
 
Last edited:
I did the tests with my own DB don't need it any more. But really, do not use this web it's not even web.
 
Login Panel works but Characters Panel have problem

can someone fix ? to works for old version 97d+99i ?