[Release] MuWeb 0.8 90% Secured
- Thread starter OmaRuCat
- Start date
10/10
diablo21
Banned
- Joined
- Sep 9, 2008
- Messages
- 1,052
- Reaction score
- 475
omaru как да направя кода да работи така:
в индекс.пхп в топ играчи и т.н като цъкне човек на името да отваря инфото за героя
p.p ще може ли да кажеш кои файлове си променил в упдейт 1.6 за да не свалям сайта на ново и да го настройвам на ново ако може ми направиш на 1 рар само новият упдейт
в индекс.пхп в топ играчи и т.н като цъкне човек на името да отваря инфото за героя
p.p ще може ли да кажеш кои файлове си променил в упдейт 1.6 за да не свалям сайта на ново и да го настройвам на ново ако може ми направиш на 1 рар само новият упдейт
diablo21
Banned
- Joined
- Sep 9, 2008
- Messages
- 1,052
- Reaction score
- 475
omaru да не се забрави :Д
p.p omaru знаешли какво ще му е добре към сайта:
в узер панела с геройте да се сложи реферал линк ( демек хората да могат си земат 1 пик на сървърът дето показва името на героя му левела и ресета в момента) демек да се упдейтва постоянно това можешли да го направиш ?
p.p omaru знаешли какво ще му е добре към сайта:
в узер панела с геройте да се сложи реферал линк ( демек хората да могат си земат 1 пик на сървърът дето показва името на героя му левела и ресета в момента) демек да се упдейтва постоянно това можешли да го направиш ?
Last edited:
мога да направя с пика се ъпдейт ама рефералния линк
П.п пиши ми по късно в скайп ще ти помогна другите от този форум са използват труда на хората и после ...
П.п пиши ми по късно в скайп ще ти помогна другите от този форум са използват труда на хората и после ...
diablo21
Banned
- Joined
- Sep 9, 2008
- Messages
- 1,052
- Reaction score
- 475
пробвай този character.class.php
Code:
<?
include("modules/sql_check.php");
include("modules/sql_inject.php");
class option{
function statsfix($name)
{
$name = clean_var($name);
$query = mssql_query("SELECT * FROM Character WHERE Name='$name'");
$row = mssql_fetch_array($query);
$sql_online_check = mssql_query("SELECT * FROM MEMB_STAT WHERE memb___id='$row[AccountID]'");
$conn = mssql_fetch_array($sql_online_check);
if($row['Strength'] <0) { $str =32000; } else { $str = $row['Strength']; }
if($row['Dexterity'] <0) { $agg =32000; } else { $agg = $row['Dexterity']; }
if($row['Vitality'] <0) { $vit=32000; } else { $vit = $row['Vitality']; }
if($row['Energy'] <0) { $ene =32000; } else { $ene = $row['Energy']; }
if ($conn['ConnectStat'] != 0) { echo "<center>Account is online.Please logoff!</center>"; $error=1; }
if ($error !=1) {
$update = "UPDATE character SET [Strength]='$str',[Dexterity]='$agg',[Vitality]='$vit',[Energy]='$ene' WHERE Name='$name'";
$sql_reset_exec = mssql_query($update);
echo "<center>$name stats was successfully fixed!</center>";
}
}
function register()
{
$account = stripslashes($_POST['account']);
$password = stripslashes($_POST['password']);
$repassword = stripslashes($_POST['repassword']);
$email = stripslashes($_POST['email']);
$squestion = stripslashes($_POST['question']);
$sanswer = stripslashes($_POST['answer']);
$verifyinput2 = stripslashes($_POST['verifyinput2']);
$country = stripslashes($_POST['country']);
$gender = stripslashes($_POST['gender']);
$idcode = stripslashes($_POST['idcode']);
$date = date('m/d/Y');
$account = str_replace("drop","",$account);
$password = str_replace("drop","",$password);
$repassword = str_replace("drop","",$repassword);
$email = str_replace("drop","",$email);
$squestion = str_replace("drop","",$squestion);
$sanswer = str_replace("drop","",$sanswer);
$verifyinput2 = str_replace("drop","",$verifyinput2);
$country = str_replace("drop","",$country);
$idcode = str_replace("drop","",$idcode);
$verifyinput2 = str_replace("drop","",$verifyinput2);
$gender = str_replace("drop","",$gender);
$account = str_replace(";","",$account);
$password = str_replace(";","",$password);
$repassword = str_replace(";","",$repassword);
$email = str_replace(";","",$email);
$squestion = str_replace(";","",$squestion);
$sanswer = str_replace(";","",$sanswer);
$verifyinput2 = str_replace(";","",$verifyinput2);
$country = str_replace(";","",$country);
$idcode = str_replace(";","",$idcode);
$verifyinput2 = str_replace(";","",$verifyinput2);
$gender = str_replace(";","",$gender);
$account = str_replace("shutdown","",$account);
$password = str_replace("shutdown","",$password);
$repassword = str_replace("shutdown","",$repassword);
$email = str_replace("shutdown","",$email);
$squestion = str_replace("shutdown","",$squestion);
$sanswer = str_replace("shutdown","",$sanswer);
$verifyinput2 = str_replace("shutdown","",$verifyinput2);
$country = str_replace("shutdown","",$country);
$idcode = str_replace("shutdown","",$idcode);
$verifyinput2 = str_replace("shutdown","",$verifyinput2);
$gender = str_replace("shutdown","",$gender);
$account = str_replace("UPDATE","",$account);
$password = str_replace("UPDATE","",$password);
$repassword = str_replace("UPDATE","",$repassword);
$email = str_replace("UPDATE","",$email);
$squestion = str_replace("UPDATE","",$squestion);
$sanswer = str_replace("UPDATE","",$sanswer);
$verifyinput2 = str_replace("UPDATE","",$verifyinput2);
$country = str_replace("UPDATE","",$country);
$idcode = str_replace("UPDATE","",$idcode);
$verifyinput2 = str_replace("UPDATE","",$verifyinput2);
$gender = str_replace("UPDATE","",$gender);
if ((eregi("[^a-zA-Z0-9_-]", account)) || (eregi("[^0-9.]", $idcode)) || (eregi("[^0-9.]", $verifyinput2)) || (eregi("[^a-zA-Z0-9\.@_-]", $email)) || (eregi("[^a-zA-Z0-9_-]", $account)) || (eregi("[^a-zA-Z0-9_-]", $sanswer)) || (eregi("[^a-zA-Z0-9_-]", $squestion)) || (eregi("[^a-zA-Z0-9_-]", $password)) || (eregi("[^a-zA-Z0-9_-]", $repassword)))
{
echo("SQL Injection Detected");
exit();
}
require("config.php");
include("includes/sql_check2.php");
check_inject2();
require("config.php");
include("includes/validate.class.php");
$username_check = $db->Execute("SELECT memb___id FROM MEMB_INFO WHERE memb___id=?",array($account));
$username_verify = $username_check->numrows();
$email_check = $db->Execute("SELECT mail_addr FROM MEMB_INFO WHERE mail_addr=?",array($email));
$email_verify = $email_check->numrows();
$elems[] = array('name'=>'account','label'=>''.$warning_start.' <font color=FFFFFF>Account ID Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text','uname'=>'true', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha');
$elems[] = array('name'=>'email', 'label'=>''.$warning_start.' <font color=FFFFFF>Email Is Invalid (ex. [email protected] MAX: 50)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_max'=>50, 'cont' => 'email');
$elems[] = array('name'=>'password', 'label'=>''.$warning_start.' <font color=FFFFFF>Password Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha');
$elems[] = array('name'=>'repassword', 'label'=>''.$warning_start.' <font color=FFFFFF>Passwords Did not Match</font> '.$warning_end.'','type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha','equal'=> array('password'));
$elems[] = array('name'=>'question', 'label'=>''.$warning_start.' <font color=FFFFFF>Secret Question Is Invalid (4-10 Alpha-Numeric Characters ( NO SPACES ))</font> '.$warning_end.'','type'=>'text', 'required'=>true, 'len_max'=>'10', 'cont' =>'alpha');
$elems[] = array('name'=>'answer', 'label'=>''.$warning_start.' <font color=FFFFFF>Secret Answer Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'','type'=>'text', 'required'=>true, 'len_max'=>'10', 'cont' =>'alpha');
$elems[] = array('name'=>'idcode','label'=>''.$warning_start.' <font color=FFFFFF>Personal ID Code Is Invalid (12 Numeric Characters)</font> '.$warning_end.'', 'type'=>'text','uname'=>'true', 'required'=>true, 'len_min'=>12,'len_max'=>12, 'cont' =>'digit');
$f = new FormValidator($elems);
$err = $f->validate($_POST);
if ( $err === true ) {
$valid = $f->getValidElems();
foreach ( $valid as $k => $v ) {
if ( $valid[$k][0][1] == false ) {
if ( empty($valid[$k][0][2]) ) {
show_error($valid[$k][0][2]);
}else {
show_error($valid[$k][0][2]);
}
}
}
} else {
if ($_SESSION['image_random_value'] != md5($verifyinput2)){
$error= 1;
show_error("$warning_start <font color=#FFFFFF>Please Go Back And Write Code Correctly!</font> $warning_end");
}
if ($username_verify > 0){
$error= 1;
show_error("$warning_start <font color=#FFFFFF>Account Is Already In Use, Please Choose Another!</font> $warning_end");
}
if ($email_verify > 0){
$error= 1;
show_error("$warning_start <font color=#FFFFFF>E-Mail Is Already In Use, Please Choose Another!</font> $warning_end");
}
if ($error!=1){
if($muweb['md5'] == 1){
$insert_account = $db->Execute("INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_name,sno__numb,mail_addr,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code,memb__pwd2,fpas_ques,fpas_answ,country,gender) VALUES (?,[dbo].[fn_md5](?,?),'MuWeb',?,?,$date,$date,'2005-01-03','2005-01-03','1','0','0',?,?,?,?,?)",array($account,$password,$account,$idcode,$email,$password,$squestion,$sanswer,$country,$gender));
}
elseif($muweb['md5'] == 0){
$insert_account = $db->Execute("INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_name,sno__numb,mail_addr,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code,memb__pwd2,fpas_ques,fpas_answ,country,gender) VALUES (?,?,'MuWeb',?,?,$date,$date,'2005-01-03','2005-01-03','1','0','0',?,?,?,?,?)",array($account,$password,1,$email,$password,$squestion,$sanswer,$country,$gender));
$insert_account2 = $db->Execute("INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days )
VALUES ('2005','1',1234,?,?,1,'7','6','3','6','6','2003-11-23 10:36:00','0' )", array($account,$account));
}
show_error("$ok_start Your Account Has Been Created SuccesFully! $ok_end");
}
}
}
function reset($charactername)
{
if ((isset($_SESSION['pass'])) && (isset($_SESSION['user'])));
{
require("config.php");
$loginid = "$_SESSION[user]";
$character_check = $db->Execute("SELECT Name FROM Character WHERE Name=? and AccountID=?",array($charactername,$loginid));
$character_check_ = $character_check->numrows();
$online_check = $db->Execute("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id=?",array($loginid));
$row2 = $online_check->fetchrow();
$result = $db->Execute("Select Clevel,Resets,Money,LevelUpPoint,class,Inventory From Character where Name=?",array($charactername));
$row = $result->fetchrow();
$resetup=$row[1] + (1);
//$resetmoeny=$row[2]-($muweb['resetmoney']*($row[1]+(1)));
$resetmoeny=$row[2]-($muweb['resetmoney']);
$resetpt=$row[3] + ($muweb['resetpoints']);
$resetpt1=$muweb['resetpoints'] * ($row[1] + 1);
$inv = substr(bin2hex($row[5]),0,240);
$newinv = str_pad('',240,'f');
if (empty($charactername) || empty($loginid)){$error=1;
show_error("$warning_start Some Fields Were Left Blank! $warning_end");
}
if ($character_check_ <= 0){$error=1;
show_error("$warning_start Character $charactername Does Not Exist! $warning_end");
}
if ($row2[0] != 0){ $error=1;
show_error("$warning_start Character $charactername Is Online, Must Be Logged Off! $warning_end");
}
if ($resetmoeny < 0){ $error=1;
show_error("$warning_start $charactername Need ($muweb[resetmoney]*($row[1]+(1))) Zen To Reset! $warning_end");
}
if ($row[0] < $muweb['resetlevel']){ $error=1;
show_error("$warning_start $charactername Need Level $muweb[resetlevel] To Reset! $warning_end");
}
if ($row[1] > $muweb['resetslimit']){ $error=1;
show_error("$warning_start Resets limit is set to $muweb[resetslimit]! $warning_end");
}
if($muweb['clean_inventory']=='yes') {
if($inv != $newinv) { show_error("$warning_start Inventory is not empty! Please Remove all items! $warning_end"); $error=1; }
}
if($error!=1){
if(($muweb['resetmode']=='keep') AND ($muweb['levelupmode']=='normal')){
$sql_reset_script="Update character set [clevel]='1',[experience]='0',[money]='$resetmoeny',[LevelUpPoint]='$resetpt',[resets]='$resetup' where name=?";}
elseif(($muweb['resetmode']=='reset') AND ($muweb['levelupmode']=='extra')){
$sql_reset_script="Update character set [strength]='25',[dexterity]='25',[vitality]='25',[energy]='25',[clevel]='1',[experience]='0',[money]='$resetmoeny',[LevelUpPoint]='$resetpt1',[resets]='$resetup' where name=?";}
elseif(($muweb['resetmode']=='keep') AND ($muweb['levelupmode']=='extra')){
$sql_reset_script="Update character set [clevel]='1',[experience]='0',[money]='$resetmoeny',[LevelUpPoint]='$resetpt1',[resets]='$resetup' where name=?";}
elseif(($muweb['resetmode']=='reset') AND ($muweb['levelupmode']=='normal')){
$sql_reset_script="Update character set [strength]='25',[dexterity]='25',[vitality]='25',[energy]='25',[clevel]='1',[experience]='0',[money]='$resetmoeny',[LevelUpPoint]='$resetpt',[resets]='$resetup' where name=?";}
if($muweb['clean_inventory']=='yes' && $muweb['clean_skills']=='yes'){
$sql_reset_script2="UPDATE character Set [inventory]=CONVERT(varbinary(1080), null),[magiclist]= CONVERT(varbinary(180), null) Where name=?";}
elseif($muweb['clean_inventory']=='no' && $muweb['clean_skills']=='no'){
$sql_reset_script2="Select name from character where name=?";}
elseif($muweb['clean_inventory']=='yes' && $muweb['clean_skills']=='no'){
$sql_reset_script2="UPDATE character Set [inventory]=CONVERT(varbinary(1080), null) Where name=?";}
elseif($muweb['clean_inventory']=='no' && $muweb['clean_skills']=='yes'){
$sql_reset_script2="UPDATE character Set [SCFMasterSkills]= CONVERT(varbinary(180), null) Where name=?";}
$sql_reset_exec = $db->Execute($sql_reset_script,array($charactername));
$sql_reset_exec2 = $db->Execute($sql_reset_script2,array($charactername));
show_error("$ok_start $charactername SuccessFully Reseted! $ok_end");
$logfile = 'logs/resets_logs.php';
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('Y-m-d H:i');
$data = "Character $_POST[reset_character] Has Been <font color=#FF0000>Reseted</font>, Before Reset:$row[1](resets), After Reset:$resetup(resets), All Those On $date By ip:$ip \n";
$fp = fopen($logfile, 'a');
fputs($fp, $data);
fclose($fp);
}
}
}
function add_stats($name)
{
if ((isset($_SESSION['pass'])) && (isset($_SESSION['user'])));
{
require("config.php");
require("includes/validate.class.php");
$login = stripslashes($_SESSION['user']);
$vitality = stripslashes($_POST['vitality']);
$strength = stripslashes($_POST['strength']);
$energy = stripslashes($_POST['energy']);
$dexterity = stripslashes($_POST['agility']);
$login = str_replace(";","",$login);
$vitality = str_replace(";","",$vitality);
$strength = str_replace(";","",$strength);
$energy = str_replace(";","",$energy);
$dexterity = str_replace(";","",$dexterity);
$login = str_replace("drop","",$login);
$vitality = str_replace("drop","",$vitality);
$strength = str_replace("drop","",$strength);
$energy = str_replace("drop","",$energy);
$dexterity = str_replace("drop","",$dexterity);
$login = str_replace("shutdown","",$login);
$vitality = str_replace("shutdown","",$vitality);
$strength = str_replace("shutdown","",$strength);
$energy = str_replace("shutdown","",$energy);
$dexterity = str_replace("shutdown","",$dexterity);
$sql_online_check = $db->Execute("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id=?",array($login));
$row2 = $sql_online_check->fetchrow();
$result = $db->Execute("select Vitality,Strength,Energy,Dexterity,LevelUpPoint from Character WHERE Name=?",array($name));
$row = $result->fetchrow();
$result2 = $db->Execute("select LevelUpPoint from Character WHERE Name=?",array($name));
$points = $result2->fetchrow();
$new_vit = $row[0] + $vitality;
$new_str = $row[1] + $strength;
$new_eng = $row[2] + $energy;
$new_agi = $row[3] + $dexterity;
$row[4] = $row[4] - $vitality - $strength - $energy - $dexterity;
$elems[] = array('name'=>'vitality', 'label'=>''.$warning_start.' <font color=FFFFFF>Vitality: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32500, 'cont' =>'digit');
$elems[] = array('name'=>'energy', 'label'=>''.$warning_start.' <font color=FFFFFF>Energy: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32600, 'cont' =>'digit');
$elems[] = array('name'=>'agility', 'label'=>''.$warning_start.' <font color=FFFFFF>Agility: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32500, 'cont' =>'digit');
$elems[] = array('name'=>'strength', 'label'=>''.$warning_start.' <font color=FFFFFF>Strength: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32500, 'cont' =>'digit');
$f = new FormValidator($elems);
$err = $f->validate($_POST);
if ( $err === true ) {
$valid = $f->getValidElems();
foreach ( $valid as $k => $v ) {
if ( $valid[$k][0][1] == false ) {
if ( empty($valid[$k][0][2]) ) {
show_error($valid[$k][0][2]);
}else {
show_error($valid[$k][0][2]);
}
}
}
} else {
if ($row2[0] != 0){$error = 1;
show_error("$warning_start Character $name Is Online, Must Be Logged Off! $warning_end");
}
if ($row[4] < 0){$error = 1;
show_error("$warning_start $name Don't Have Enough Points (Currently: $points[0])! $warning_end");
}
if($error!=1){
$add_stats= $db->Execute("UPDATE Character SET [Vitality]='$new_vit',[Strength]='$new_str',[Energy]='$new_eng',[Dexterity]='$new_agi',[LevelUpPoint]='$row[4]' WHERE Name =?",array($name));
show_error("$ok_start Stats SuccessFully Added!<br>Points Left To Add: $row[4] $ok_end");
$logfile = 'logs/stats_logs.php';
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('Y-m-d H:i');
$data = "Character $_POST[character] Has Been <font color=#FF0000>Updated</font> Stats with the next ->Strength:$new_str|Agiltiy:$new_agi|Vitality:$new_vit|Energy:$new_eng,Levelup Points Left:$row[4] All Those On $date By ip:$ip \n";
$fp = fopen($logfile, 'a');
fputs($fp, $data);
fclose($fp);
}
}
}
}
function add_stats_dl($name)
{
if ((isset($_SESSION['pass'])) && (isset($_SESSION['user'])));
{
require("config.php");
require("includes/validate.class.php");
$login = stripslashes($_SESSION['user']);
$vitality = stripslashes($_POST['vitality']);
$strength = stripslashes($_POST['strength']);
$energy = stripslashes($_POST['energy']);
$dexterity = stripslashes($_POST['agility']);
$command = stripslashes($_POST['command']);
$login = str_replace(";","",$login);
$vitality = str_replace(";","",$vitality);
$strength = str_replace(";","",$strength);
$energy = str_replace(";","",$energy);
$dexterity = str_replace(";","",$agility);
$command = str_replace(";","",$command);
$login = str_replace("drop","",$login);
$vitality = str_replace("drop","",$vitality);
$strength = str_replace("drop","",$strength);
$energy = str_replace("drop","",$energy);
$dexterity = str_replace("drop","",$agility);
$command = str_replace("drop","",$command);
$login = str_replace("shutdown","",$login);
$vitality = str_replace("shutdown","",$vitality);
$strength = str_replace("shutdown","",$strength);
$energy = str_replace("shutdown","",$energy);
$dexterity = str_replace("shutdown","",$agility);
$command = str_replace("shutdown","",$command);
$sql_online_check = $db->Execute("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id=?",array($login));
$row2 = $sql_online_check->fetchrow();
$result = $db->Execute("select vitality,strength,energy,dexterity,levelupPoint,leadership from Character WHERE Name=?",array($name));
$row = $result->fetchrow();
$result2 = $db->Execute("select LevelUpPoint from Character WHERE Name=?",array($name));
$points = $result2->fetchrow();
$new_vit = $row[0] + $vitality;
$new_str = $row[1] + $strength;
$new_eng = $row[2] + $energy;
$new_agi = $row[3] + $dexterity;
$new_command = $row[5] + $command;
$row[4] = $row[4] - $vitality - $strength - $energy - $dexterity - $command;
$elems[] = array('name'=>'vitality', 'label'=>''.$warning_start.' <font color=FFFFFF>Vitality: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32500, 'cont' =>'digit');
$elems[] = array('name'=>'energy', 'label'=>''.$warning_start.' <font color=FFFFFF>Energy: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32600, 'cont' =>'digit');
$elems[] = array('name'=>'agility', 'label'=>''.$warning_start.' <font color=FFFFFF>Agility: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32500, 'cont' =>'digit');
$elems[] = array('name'=>'strength', 'label'=>''.$warning_start.' <font color=FFFFFF>Strength: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32500, 'cont' =>'digit');
$elems[] = array('name'=>'command', 'label'=>''.$warning_start.' <font color=FFFFFF>Command: Digits Only Please dont go over 32500</font> '.$warning_end.'', 'type'=>'text', 'val_min'=> 0, 'val_max'=>32500, 'cont' =>'digit');
$f = new FormValidator($elems);
$err = $f->validate($_POST);
if ( $err === true ) {
$valid = $f->getValidElems();
foreach ( $valid as $k => $v ) {
if ( $valid[$k][0][1] == false ) {
if ( empty($valid[$k][0][2]) ) {
show_error($valid[$k][0][2]);
}else {
show_error($valid[$k][0][2]);
}
}
}
} else {
if ($row2[0] != 0){$error = 1;
show_error("$warning_start Character $name Is Online, Must Be Logged Off! $warning_end");
}
if ($row[4] < 0){$error = 1;
show_error("$warning_start $name Don't Have Enough Points (Currently: $points[0])! $warning_end");
}
if($error!=1){
$add_stats= $db->Execute("UPDATE Character SET [Vitality]='$new_vit',[Strength]='$new_str',[Energy]='$new_eng',[Dexterity]='$new_agi',[leadership]='$new_command',[LevelUpPoint]='$row[4]' WHERE Name =?",array($name));
show_error("$ok_start Stats SuccessFully Added!<br>Points Left To Add: $row[4] $ok_end");
$logfile = 'logs/stats_logs.php';
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('Y-m-d H:i');
$data = "Character $_POST[character] Has Been <font color=#FF0000>Updated</font> Stats with the next ->Strength:$new_str|Agiltiy:$new_agi|Vitality:$new_vit|Energy:$new_eng|Command:$new_command,Levelup Points Left:$row[4] All Those On $date By ip:$ip \n";
$fp = fopen($logfile, 'a');
fputs($fp, $data);
fclose($fp);
}
}
}
}
function clear_pk($name)
{
if ((isset($_SESSION['pass'])) && (isset($_SESSION['user'])));
{
require("config.php");
$name = stripslashes($_POST['clearpk_character']);
$loginid = stripslashes($_SESSION['user']);
$name = str_replace(";","",$name);
$loginid = str_replace(";","",$loginid);
$name = str_replace("drop","",$name);
$loginid = str_replace("drop","",$loginid);
$name = str_replace("shutdown","",$name);
$loginid = str_replace("shutdown","",$loginid);
$online_check = $db->Execute("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id=?",array($loginid));
$row2 = $online_check->fetchrow();
$sql_PkLevel_check = $db->Execute("SELECT PkLevel FROM Character WHERE PkLevel > 3 and Name=?",array($name));
$sql_PkCount_check = $db->Execute("SELECT PkCount FROM Character WHERE PkLevel > 3 and Name=?",array($name));
$PkLevel_check = $sql_PkLevel_check->numrows();
$total_PkCount = $sql_PkCount_check->fetchrow();
$total_PkLevel = $sql_PkLevel_check->fetchrow();
$sql_money1_check = $db->Execute("SELECT Money FROM Character WHERE Name=?",array($name));
$total_money = $sql_money1_check->fetchrow();
$money1_check = $total_money[0] - ($muweb['pkmoney']);
if (empty($name) || empty($loginid)){$error = 1;
show_error("$warning_start Some Fields Were Left Blank! $warning_end");
}
if ($row2[0] != 0){$error = 1;
show_error("$warning_start Character $name Is Online, Must Be Logged Off! $warning_end");
}
if ($PkLevel_check <= 0){$error = 1;
show_error("$warning_start Character $name Is Not a Killer, 2nd Level Killer Or a Phono! $warning_end");
}
if ($money1_check < 0){$error = 1;
show_error("$warning_start Character $name Need $muweb[pkmoney] Zen To Clear Pk! $warning_end");
}
if($error!=1){
$clear_pk= $db->Execute("UPDATE Character SET [PkLevel]='3',[PkTime]='0',[Money]='$money1_check' where Name=?",array($name));
show_error("$ok_start $name Has Been SuccessFully Cleared! $ok_end");
$logfile = 'logs/clearpk_logs.php';
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('Y-m-d H:i');
$data = "Character $_POST[clearpk_character] Has Been <font color=#FF0000>Cleaned</font> His Pk Status On $date By ip:$ip \n";
$fp = fopen($logfile, 'a');
fputs($fp, $data);
fclose($fp);
}
}
}
function changepassword()
{
if ((isset($_SESSION['pass'])) && (isset($_SESSION['user'])));
{
require("config.php");
require("includes/validate.class.php");
$login = stripslashes($_SESSION['user']);
$oldpwd = stripslashes($_POST['oldpassword']);
$newpwd = stripslashes($_POST['newpassword']);
$renewpwd = stripslashes($_POST['renewpassword']);
$login = str_replace(";","",$login);
$oldpwd = str_replace(";","",$oldpwd);
$newpwd = str_replace(";","",$newpwd);
$renewpwd = str_replace(";","",$renewpwd);
$login = str_replace("drop","",$login);
$oldpwd = str_replace("drop","",$oldpwd);
$newpwd = str_replace("drop","",$newpwd);
$renewpwd = str_replace("drop","",$renewpwd);
$login = str_replace("shutdown","",$login);
$oldpwd = str_replace("shutdown","",$oldpwd);
$newpwd = str_replace("shutdown","",$newpwd);
$renewpwd = str_replace("shutdown","",$renewpwd);
$online_check = $db->Execute("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id=?",array($login));
$row2 = $online_check->fetchrow();
if($muweb['md5']==1){
$sql_pw_check = $db->Execute("SELECT * FROM dbo.MEMB_INFO WHERE memb___id=? AND memb__pwd = [dbo].[fn_md5](?,?)",array($login,$oldpwd,$login));
}
elseif($muweb['md5']==0){
$sql_pw_check = $db->Execute("SELECT * FROM dbo.MEMB_INFO WHERE memb___id=? AND memb__pwd=?",array($login,$oldpwd));
}
$pw_check = $sql_pw_check->numrows();
$elems[] = array('name'=>'oldpassword', 'label'=>''.$warning_start.' <font color=FFFFFF>Curent Password Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha');
$elems[] = array('name'=>'newpassword', 'label'=>''.$warning_start. '<font color=FFFFFF>New Password Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha');
$elems[] = array('name'=>'renewpassword', 'label'=>''.$warning_start.' <font color=FFFFFF>Passwords Did not Match</font> '.$warning_end.'','type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha','equal'=> array('newpassword'));
$f = new FormValidator($elems);
$err = $f->validate($_POST);
if ( $err === true ) {
$valid = $f->getValidElems();
foreach ( $valid as $k => $v ) {
if ( $valid[$k][0][1] == false ) {
if ( empty($valid[$k][0][2]) ) {
show_error($valid[$k][0][2]);
}else {
show_error($valid[$k][0][2]);
}
}
}
} else {
if ($row2[0] != 0){$error = 1;
show_error("$warning_start Account Is Online, Must Be Logged Off! $warning_end");
}
if ($oldpwd==$newpwd){$error = 1;
show_error("$warning_start The Current Password And The New One Are The Same! $warning_end");
}
if ($pw_check <= 0){$error = 1;
show_error("$warning_start Current Password Is Incorrect! $warning_end");
}
if($error!=1){
if($muweb['md5']==1){
$change_password = $db->Execute("UPDATE MEMB_INFO SET [memb__pwd]=[dbo].[fn_md5](?,?),[memb__pwd2]=? WHERE memb___id =?",array($newpwd,$login,$newpwd,$login));
}
elseif($muweb['md5']==0){
$change_password = $db->Execute("UPDATE MEMB_INFO SET [memb__pwd]=?,[memb__pwd2]=? WHERE memb___id =?",array($newpwd,$newpwd,$login));
}
$_SESSION['pass'] = $newpwd;
show_error("$ok_start Password SuccessFully Changed! $ok_end");
}
}
}
}
function lostpassword()
{
require("config.php");
require("includes/validate.class.php");
$login = stripslashes($_POST['username']);
$squestion = stripslashes($_POST['squestion']);
$sanswer = stripslashes($_POST['sanswer']);
$email = stripslashes($_POST['email']);
$login = str_replace(";","",$login);
$squestion = str_replace(";","",$squestion);
$sanswer = str_replace(";","",$sanswer);
$email = str_replace(";","",$email);
$login = str_replace("drop","",$login);
$squestion = str_replace("drop","",$squestion);
$sanswer = str_replace("drop","",$sanswer);
$email = str_replace("drop","",$email);
$login = str_replace("shutdown","",$login);
$squestion = str_replace("shutdown","",$squestion);
$sanswer = str_replace("shutdown","",$sanswer);
$email = str_replace("shutdown","",$email);
$username_check = $db->Execute("SELECT memb___id FROM MEMB_INFO WHERE memb___id=?",array($login));
$username_check_ = $username_check->numrows();
$sql_mail_check = $db->Execute("SELECT mail_addr FROM MEMB_INFO WHERE mail_addr=? and memb___id=?",array($email,$login));
$sql_pw_check = $db->Execute("SELECT memb__pwd2,fpas_ques FROM MEMB_INFO WHERE fpas_ques=? and memb___id=? and fpas_answ=?",array($squestion,$login,$sanswer));
if($muweb['md5'] == 1){
$sql_pw_get = $db->Execute("SELECT memb__pwd2,fpas_ques FROM MEMB_INFO WHERE memb___id=?",array($login));
}
elseif($muweb['md5'] == 0){
$sql_pw_get = $db->Execute("SELECT memb__pwd,fpas_ques FROM MEMB_INFO WHERE memb___id=?",array($login));
}
$pw_check = $sql_pw_check->numrows();
$pw_retrieval = $sql_pw_get->fetchrow();
$mail_check = $sql_mail_check->numrows();
$elems[] = array('name'=>'username', 'label'=>''.$warning_start.' <font color=FFFFFF>Username Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha');
$elems[] = array('name'=>'squestion', 'label'=>''.$warning_start. '<font color=FFFFFF>Secret Question Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha');
$elems[] = array('name'=>'sanswer', 'label'=>''.$warning_start. '<font color=FFFFFF>Secret Answer Is Invalid (4-10 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>10, 'cont' =>'alpha');
$elems[] = array('name'=>'email', 'label'=>''.$warning_start. '<font color=FFFFFF>E-mail Is Invalid (4-50 Alpha-Numeric Characters)</font> '.$warning_end.'', 'type'=>'text', 'required'=>true, 'len_min'=>4,'len_max'=>50, 'cont' =>'alpha');
$f = new FormValidator($elems);
$err = $f->validate($_POST);
if ( $err === true ) {
$valid = $f->getValidElems();
foreach ( $valid as $k => $v ) {
if ( $valid[$k][0][1] == false ) {
if ( empty($valid[$k][0][2]) ) {
show_error($valid[$k][0][2]);
}else {
show_error($valid[$k][0][2]);
}
}
}
} else {
if ($username_check <= 0){$error = 1;
show_error("$warning_start Username $login Doesn't Exist! $warning_end");
}
if ($pw_check <= 0){$error = 1;
show_error("$warning_start Secret Question Or Answer Is Incorrect! $warning_end");
}
if ($mail_check <= 0){$error = 1;
show_error("$warning_start The E-Mail Address You Entered Is Incorect! $warning_end");
}
if($error!=1){
show_error("$ok_start Your Password Is $pw_retrieval[0] , Change It As Fast As You Can!!! $ok_end");
}
}
}
function profile($account)
{
require("config.php");
$age = stripslashes($_POST['age']);
$country = stripslashes($_POST['country']);
$avatar = stripslashes($_POST['avatar']);
$gender = stripslashes($_POST['gender']);
$hide_profile = stripslashes($_POST['hide_profile']);
$y = stripslashes($_POST['y']);
$msn = stripslashes($_POST['msn']);
$aim = stripslashes($_POST['aim']);
$icq = stripslashes($_POST['icq']);
$skype = stripslashes($_POST['skype']);
$age = str_replace(";","",$age);
$country = str_replace(";","",$country);
$avatar = str_replace(";","",$avatar);
$gender = str_replace(";","",$gender);
$hide_profile = str_replace(";","",$hide_profile);
$y = str_replace(";","",$y);
$msn = str_replace(";","",$msn);
$aim = str_replace(";","",$aim);
$icq = str_replace(";","",$icq);
$skype = str_replace(";","",$skype);
$age = str_replace("drop","",$age);
$country = str_replace("drop","",$country);
$avatar = str_replace("drop","",$avatar);
$gender = str_replace("drop","",$gender);
$hide_profile = str_replace("drop","",$hide_profile);
$y = str_replace("drop","",$y);
$msn = str_replace("drop","",$msn);
$aim = str_replace("drop","",$aim);
$icq = str_replace("drop","",$icq);
$skype = str_replace("drop","",$skype);
$age = str_replace("shutdown","",$age);
$country = str_replace("shutdown","",$country);
$avatar = str_replace("shutdown","",$avatar);
$gender = str_replace("shutdown","",$gender);
$hide_profile = str_replace("shutdown","",$hide_profile);
$y = str_replace("shutdown","",$y);
$msn = str_replace("shutdown","",$msn);
$aim = str_replace("shutdown","",$aim);
$icq = str_replace("shutdown","",$icq);
$skype = str_replace("shutdown","",$skype);
$update_profile_sql=$db->Execute("Update memb_info set [country]=?,[gender]=?,[age]=?,[avatar]=?,[hide_profile]=?,[y]=?,[msn]=?,[aim]=?,[icq]=?,[skype]=? where memb___id=?",array($country,$gender,$age,$avatar,$hide_profile,$y,$msn,$aim,$icq,$skype,$account));
show_error("$ok_start Profile SuccessFully Edited! $ok_end");
}
function warp($name)
{
require("config.php");
$name = stripslashes($_POST['character_warp']);
$map = stripslashes($_POST['map']);
$name = str_replace(";","",$name);
$map = str_replace(";","",$map);
$name = str_replace("drop","",$name);
$map = str_replace("drop","",$map);
$name = str_replace("shutdown","",$name);
$map = str_replace("shutdown","",$map);
if($map == '0'){$x="125"; $y="125";}
elseif($map == '3'){$x="175"; $y="112";}
elseif($map == '2'){$x="211"; $y="40";}
elseif($map == '1'){$x="232"; $y="126";}
elseif($map == '7'){$x="24"; $y="19";}
elseif($map == '4'){$x="209"; $y="71";}
elseif($map == '8'){$x="187"; $y="58";}
elseif($map == '6'){$x="64"; $y="116";}
elseif($map == '10'){$x="15"; $y="13";}
elseif($map == '30'){$x="93"; $y="37";}
elseif($map == '33'){$x="82"; $y="8";}
elseif($map == '34'){$x="120"; $y="8";}
$select_zen_sql=$db->Execute("Select money from character where name=?",array($name));
$select_zen=$select_zen_sql->fetchrow();
$warp_zen=$select_zen[0]-($muweb['warp_zen']);
if(empty($name)){
show_error("$warning_start Some Fields Where Left Blank! $warning_end");}
elseif($warp_zen < 0 ){
show_error("$warning_start $name Need $muweb[warp_zen] Zen To Warp! $warning_end"); }
else
{
$warp=$db->Execute("Update character set [mapnumber]=?,[mapposx]='$x',[mapposy]='$y',[money]='$warp_zen' where name=?",array($map,$name));
show_error("$ok_start $name SuccessFully Warped! $ok_end");
}
}
function upload_screen()
{
require("config.php");
$by=stripslashes($_POST['by_character']);
$title=stripslashes($_POST['image_title']);
$by = str_replace(";","",$by);
$title = str_replace(";","",$title);
$by = str_replace("drop","",$by);
$title = str_replace("drop","",$title);
$by = str_replace("shutdown","",$by);
$title = str_replace("shutdown","",$title);
$target_path = "modules/user_gallery/";
$MAX_SIZE = 2000000;
$FILE_MIMES = array('image/jpeg','image/jpg');
$FILE_EXTS = array('.jpg');
$target_path = $target_path . basename( $_FILES['userfile']['name']);
$_FILES['userfile']['tmp_name'];
$target_path = "modules/user_gallery/";
$file_name = $_FILES['userfile']['name'];
$filenamecheck = "modules/user_gallery/$file_name";
$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_name= str_replace("'","",$file_name);
$file_name= str_replace(";","",$file_name);
$target_path = $target_path . basename( $_FILES['userfile']['name']);
if(empty($by) || empty($title) || empty($file_name)){
show_error("$warning_start Some Fields Where Left Blank! $warning_end");}
elseif (!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS)){
show_error("$warning_start Only .jpg files are allowed! $warning_end");}
elseif(file_exists($filenamecheck)){
show_error("$warning_start Image $file_name is already uploaded, please change file name! $warning_end");}
elseif ( $_FILES['userfile']['size'] > $MAX_SIZE){
show_error("$warning_start Image $file_name has more then 2MB! $warning_end");}
else{
$logfile="modules/user_gallery/$file_name.php";
$ip = $_SERVER['REMOTE_ADDR'];
$date = date('Y-m-d H:i');
$data = "<?\n\$by=\"$_POST[by_character]\";\n\$title=\"$_POST[image_title]\";\n ?>";
$fp = fopen($logfile, 'w');
fputs($fp, $data);
fclose($fp);
if(move_uploaded_file($_FILES['userfile']['tmp_name'], $target_path)) {
show_error("$ok_start Image $file_name SuccessFully Uploaded! $ok_end");}
}
}
}
?>
