Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[RELEASE]Ban Appeal PHP

Status
Not open for further replies.
Junior Spellweaver
Joined
Jul 2, 2008
Messages
109
Reaction score
1
Hi this is a ban appeal PHP i made.
Credits goes to me and a person that made the GM applications. (changed everything to make a ban appeal)

Tested and working on KakaCMSv3 (not sure about other CMS)

First edit your navigation.php and add in this under the last page.

Code:
<li><a href="banappeal.php"  >Ban Appeal</a><li>


Then start copying the code below and paste it to a notepad and save it to the right folder.


C:\wamp\www\banappeal.php

PHP:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php require ("./inc/info.inc.php"); ?>
<title>TardMS</title>
<link rel=stylesheet href="style.css" type="text/css">



<body class="thrColFixHdr">
<br />
<br />
<br />
<div id="container">
<?php include ("header.php"); ?>
<?php include ("navigation.php"); ?>
<?php include ("status.php"); ?>

<center>
<table cellspacing=1 cellpadding=5>
<tr><td class=listtitle colspan=2><center><b>Ban Appeal</b></center></td></tr>
<form action="banappeal_do.php" method="POST">
<tr><td class=list align=right>Character Name:</td><td class=list><input type=text name=charactername maxlength="30"></td></tr>
<tr><td class=list align=right>Reason:</td><td class=list><input type=text name=reason maxlength="200"></td></tr>
<tr><td class=list align=right>Account Name:</td><td class=list><input type=text name=accountname maxlength="30"></td></tr>
<tr><td class=list align=right>Email</td><td class=list><input type=text name=email maxlength="50"></td></tr>
<tr><td class=list align=right>AutoBan or Ban by Who</td><td class=list><input type=text name=autobanorbanbywho maxlength="50"></td></tr>
<tr><td class=listtitle align=right colspan=2><center><input type=submit name=submit value='Register Appeal'</td></tr></center>
</form>
</table>
<br>




<!-- do not remove-->
<br class="clearfloat" />
<?php include ("footer.php"); ?>
</div>
<!-- end #container -->
<Br />
<br />
<Br />
</body>
</html>

C:\wamp\www\banappeal_do.php


PHP:
<?php
/* Store user details */
$charactername = $_POST['charactername'];
$reason = $_POST['reason'];
$accountname = $_POST['accountname'];
$email = $_POST['email'];
$autobanorbanbywho = $_POST['autobanorbanbywho'];
include('./config2.php');
$sel = 'SELECT * FROM accounts WHERE name="'.$_POST['name'].'"';
if($charactername == ""){
echo 'No name filled in.';
exit();
}elseif($reason == ""){
echo '<link rel=stylesheet href="style.css" type="text/css"><center>No reason filled in.</center>';
exit();
}else{

$d = 'INSERT INTO banapp (charactername, reason, accountname, email, autobanorbanbywho) VALUES ("'.$charactername.'", "'.$reason.'", "'.$accountname.'", "'.$email.'", "'.$autobanorbanbywho.'")';
mysql_query($d) OR die (mysql_error());
echo '<link rel=stylesheet href="style.css" type="text/css"><center>Your ban appeal has been created, wait for a reply!</center>';
}
?>

C:\wamp\www\page\banappeal.php

PHP:
<html>
<head>
<title>Make a Ban Appeal</title>
</head>
<center>
<table cellspacing=1 cellpadding=5>
<tr><td class=listtitle colspan=2><center><span class='title2'><?=$config['server_name'];?> application</span></center></td></tr>
<form action="banappeal_do.php" method="POST">
<tr><td class=list align=right>Character Name:</td><td class=list><input type=text name=charactername maxlength="30"></td></tr>
<tr><td class=list align=right>Reason:</td><td class=list><input type=text name=reason maxlength="200"></td></tr>
<tr><td class=list align=right>Account Name:</td><td class=list><input type=text name=accountname maxlength="30"></td></tr>
<tr><td class=list align=right>Email:</td><td class=list><input type=text name=email maxlength="30"></td></tr>
<tr><td class=list align=right>AutoBan or Ban by Who:</td><td class=list><input type=text name=autobanorbanbywho maxlength="30"></td></tr>
<tr><td class=listtitle align=right colspan=2><center><input type=submit name=submit value='Register Appeal'</td></tr></center>
</form>
</table>
<br>

C:\wamp\www\page\banappeal_do.php


PHP:
<?php
/* Store user details */
$charactername = mysql_real_escape_string()$_POST['charactername'];
$reason = mysql_real_escape_string()$_POST['reason'];
$accountname = mysql_real_escape_string()$_POST['accountname'];
$email = mysql_real_escape_string()$_POST['email'];
$autobanorbanbywho = mysql_real_escape_string()$_POST['autobanorbanbywho'];
include('./config2.php');
$sel = 'SELECT * FROM accounts WHERE name="'.$_POST['name'].'"';
if($charactername == ""){
echo 'No name filled in.';
exit();
}elseif($reason == ""){
echo '<style>*{ 
FONT-SIZE: 10pt; 
FONT-FAMILY: arial; 
COLOR: #ffffff;}</style><center>No reason filled in.</center>';
exit();
}else{
Thanks to Antv912

Make a new script and Execute this into your schema

Code:
DROP TABLE IF EXISTS `banapp`;
CREATE TABLE `banapp` (
`charactername` varchar(100) NOT NULL default '0',
`reason` varchar(100) NOT NULL default '0',
`accountname` varchar(100) NOT NULL default '0',
`email` varchar(100) NOT NULL default '0',
`autobanorbanbywho` tinytext NOT NULL
)

Have fun ^^ unbanning people!
 
Last edited:
You've got my respect!
Joined
Apr 8, 2008
Messages
508
Reaction score
147
You didn't sanitize your inputs. This could be used for SQL injection.
 
Elite Diviner
Joined
Feb 28, 2007
Messages
446
Reaction score
4
You should add mysql_real_escape_string's If you want it more secure.
 
Junior Spellweaver
Joined
Jul 2, 2008
Messages
109
Reaction score
1
im confused what does this exactly do

Its an aplication for ban appeals. Like if someone got banned from your server and they didnt do anything bad, they should fill this out and from your SQL browser you will check it out if the person should be unbanned or not.
 
Junior Spellweaver
Joined
Jul 2, 2008
Messages
109
Reaction score
1
You should add mysql_real_escape_string's If you want it more secure.

not good with scripting >.> as i wrote before i changed evrything inside the GM applications thing

just wanted to have a ban appeal page =/
 
Elite Diviner
Joined
Feb 28, 2007
Messages
446
Reaction score
4
Could someone sanitize it or something?
PHP:
<?php
/* Store user details */
$name = mysql_real_escape_string($_POST['name']);
$charactername = mysql_real_escape_string($_POST['charactername']);
$reason = mysql_real_escape_string($_POST['reason']);
$accountname = mysql_real_escape_string($_POST['accountname']);
$email = mysql_real_escape_string($_POST['email']);
$autobanorbanbywho = mysql_real_escape_string($_POST['autobanorbanbywho']);
include('./config2.php');
$sel = 'SELECT * FROM accounts WHERE name="'.$name."';
if($charactername == ""){
echo 'No name filled in.';
exit();
}elseif($reason == ""){
echo '<style>*{ 
FONT-SIZE: 10pt; 
FONT-FAMILY: arial; 
COLOR: #ffffff;}</style><center>No reason filled in.</center>';
exit();
}else{
?>

That should be correct any one feel free to Correct me.
 
Junior Spellweaver
Joined
Jul 2, 2008
Messages
109
Reaction score
1
PHP:
<?php
/* Store user details */
$name = mysql_real_escape_string($_POST['name']);
$charactername = mysql_real_escape_string($_POST['charactername']);
$reason = mysql_real_escape_string($_POST['reason']);
$accountname = mysql_real_escape_string($_POST['accountname']);
$email = mysql_real_escape_string($_POST['email']);
$autobanorbanbywho = mysql_real_escape_string($_POST['autobanorbanbywho']);
include('./config2.php');
$sel = 'SELECT * FROM accounts WHERE name="'.$name."';
if($charactername == ""){
echo 'No name filled in.';
exit();
}elseif($reason == ""){
echo '<style>*{ 
FONT-SIZE: 10pt; 
FONT-FAMILY: arial; 
COLOR: #ffffff;}</style><center>No reason filled in.</center>';
exit();
}else{
?>

That should be correct any one feel free to Correct me.

Thanks antv it still works. I edit the C:\wamp\www\page\register_do.php to yours
 
Experienced Elementalist
Joined
May 29, 2008
Messages
241
Reaction score
0
however, you can improve on some stuff like..

makign it check if email matches email of accout and also make it use java popup instead of a dull echo page
 

DtN

Initiate Mage
Joined
Apr 5, 2008
Messages
80
Reaction score
1
PHP:
<?php
/* Store user details */
$charactername = mysql_real_escape_string$_POST['charactername'];
$reason = mysql_real_escape_string$_POST['reason'];
$accountname = mysql_real_escape_string$_POST['accountname'];
$email = mysql_real_escape_string$_POST['email'];
$autobanorbanbywho = $_POST['autobanorbanbywho'];
include('./config2.php');
$sel = 'SELECT * FROM accounts WHERE name="'.$_POST['name'].'"';
if($charactername == ""){
echo 'No name filled in.';
exit();
}elseif($reason == ""){
echo '<style>*{ 
FONT-SIZE: 10pt; 
FONT-FAMILY: arial; 
COLOR: #ffffff;}</style><center>No reason filled in.</center>';
exit();
}else{

You forgot ( and )'s to open and close mysql_real_escape_string's.
 
Junior Spellweaver
Joined
Jul 2, 2008
Messages
109
Reaction score
1
PHP:
<?php
/* Store user details */
$charactername = mysql_real_escape_string$_POST['charactername'];
$reason = mysql_real_escape_string$_POST['reason'];
$accountname = mysql_real_escape_string$_POST['accountname'];
$email = mysql_real_escape_string$_POST['email'];
$autobanorbanbywho = $_POST['autobanorbanbywho'];
include('./config2.php');
$sel = 'SELECT * FROM accounts WHERE name="'.$_POST['name'].'"';
if($charactername == ""){
echo 'No name filled in.';
exit();
}elseif($reason == ""){
echo '<style>*{ 
FONT-SIZE: 10pt; 
FONT-FAMILY: arial; 
COLOR: #ffffff;}</style><center>No reason filled in.</center>';
exit();
}else{

You forgot ( and )'s to open and close mysql_real_escape_string's.

fixed it
 
bleh....
Member
Joined
Oct 15, 2008
Messages
2,898
Reaction score
1,129
:facepalm: Not only is it a failure to bump a 2 year old thread, regardless of how useful it is, which do you think is easier for players/owners? Player filling this out and owner (only owner or admin accessed) having to go into MySQL to view it (NOTE: MAJORITY OF NUB OWNERS DON'T EVEN KNOW HOW TO EXECUTE SQLS, LET ALONE FIND A DAMN TABLE), or player posting a thread on a forum and owner/admin/gm's being able to review it? Don't get me wrong, it's a good release, but I wouldn't say it's any easier having this.
 
Status
Not open for further replies.
Back
Top