[Release} PHP script to prevent character creation using ASCII Code

[zaugola]

[Release] PHP script to prevent character creation using ASCII Code

hi all n welcome to 2012

well...if u r a server owner, u will get some trouble maker will stir trouble in ur server by stealing eq through the creation of a char that is using ASCII code.

this is how they do it...

let say ur GM char named Undertaker. u equip ur char with godly eq including ur merc (surely u will do it cos u r GM...). armor 63% elemental with lvl 15 weapon n bla blabla bla bla.
u do the same to ur mercenary too i.e equip mercenary with godly eq.
then come this trouble maker. he create new char named :
Ùndertaker
Ùndertaker
Úndertaker
Úndertaker
Ûndertaker
Ûndertaker
Ündertaker
Ündertaker
see the different? when this troublesome fellow login using any of the character above. this char will replace ur GM char Undertaker and he will have an access to ur godly mercenary. the rest u will know urself.

so this script will detect all those ASCII code n change the status from A to X.

anyway, enjoy this release...

<?php
/*
README
1. Conditions
this will work if n only if u r using PHP 5.3.5 and above. Yes..... i know there is no extension for mssql from the php.net cos they have stopped
developing it which makes me use this new extension from microsoft itself.
u can download php 5.3.8 from below
http://windows.php.net/download/

u can get the php 5.3.8 extension for the new extension mssql from here
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17308


2. Installation
put it in anywhere in ur folder of htdocs/www. the trigger out this script by http://localhost/ASCII.php (or whatever u named this script)

3. this script will prevent the creation of a char that will use special character of ASCII code. this file must run in a server, do not 
use IE to run this script as it cant refresh this script from time to time.
*/

session_start();

$server        = "127.0.0.1";        //IP of the server database reside
$uid        = "DB USER";        //usually this will be "sa"
$pwd        = "DB PASSWORD";    //password of sa
$db            = "ASD";            //the name of the database that 'charac_o' exist

// DO NOT EDIT BELOW THIS LINE UNLESS U KNOW WHAT U R DOING.....

$connectionInfo = array("UID" => $uid, "PWD" => $pwd, "Database"=>$db);
$con = sqlsrv_connect($server, $connectionInfo) or die("<p>cant connect to the database, check ur host, user n password to connect to ur MSSQL server.</p>".print_r( sqlsrv_errors(), true));

echo "<p align='center'><h1><font face='Georgia' color='#FF0000'>DO NOT CLOSE this page, it will auto disable/delete all forbidden ASCII code character.</font></h1></p>";
echo "<p align='center'>".date('d-m-Y g:i:s A')."</p>";

if (empty($_SESSION['count']))
    {
        $_SESSION['count'] = 1;
    }
    else
    {
        $_SESSION['count']++;
    };

echo "<p align='center'>refresh count : ".$_SESSION['count']."</p>";

for ($i = 33; $i <= 36; $i++)
    {
        $string = chr($i);
        echo "<p align='center'>$i $string <br>";
        $sql = "SELECT * FROM charac0 WHERE (c_id LIKE '%$string%')";
        $rs = sqlsrv_query($sql, $con);
        while ($rows = sqlsrv_fetch_array($rs, $con))
            {
                $char = $rows["c_id"];
                echo "<p align='center'>$i $char<br>";
                $sql2 ="UPDATE charac0 SET c_status = 'X' WHERE (c_id = '$char')";
                $rs2 = sqlsrv_query($sql2, $con);
                if (!$rs2)
                    {
                        echo "Damn!! cant disable the $char<br>";
                        //delete the $char
                        $sql3 = "DELETE FROM charac0 WHERE (c_id = '$char')";
                        $rs3 = sqlsrv_query($sql3, $con);
                        if(!$rs3)
                            {
                                echo "<p align='center'>Cant delete $char also<br>";
                            }
                            else
                            {
                                echo "<p align='center'>Succesful deleting $char<br><br>";
                            };
                    }
                    else
                    {
                        echo "<p align='center'>Successfull disable the $char<br><br></p>";
                    };
            };
    };

for ($ij = 40; $ij <= 47; $ij++)
    {
        $string2 = chr($ij);
        echo "<p align='center'>$ij    $string2<br>";
        $string2 = chr($ij);
        $sql = "SELECT * FROM charac0 WHERE (c_id LIKE '%$string2%')";
        $rs = sqlsrv_query($sql, $con);
        while ($rows = sqlsrv_fetch_array($rs, $con))
            {
                $char = $rows["c_id"];
                echo "<p align='center'>$ij $char<br>";
                $sql2 ="UPDATE charac0 SET c_status = 'X' WHERE (c_id = '$char')";
                $rs2 = sqlsrv_query($sql2, $con);
                if (!$rs2)
                    {
                        echo "Damn!! cant disable the $char<br>";
                        //delete the $char
                        $sql3 = "DELETE FROM charac0 WHERE (c_id = '$char')";
                        $rs3 = sqlsrv_query($sql3, $con);
                        if(!$rs3)
                            {
                                echo "<p align='center'>Cant delete $char also<br>";
                            }
                            else
                            {
                                echo "<p align='center'>Succesful deleting $char<br><br>";
                            };
                    }
                    else
                    {
                        echo "<p align='center'>Successfull disable the $char<br><br></p>";
                    };
            };
    };

for ($iq = 123; $iq <= 255; $iq++)
    {
        $string1 = chr($iq);
        echo "<p align='center'>$iq    $string1<br>";
        $string = chr($i);
        $sql = "SELECT * FROM charac0 WHERE (c_id LIKE '%$string1%')";
        $rs = sqlsrv_query($sql, $con);
        while ($rows = sqlsrv_fetch_array($rs, $con))
            {
                $char = $rows["c_id"];
                echo "<p align='center'>$i $char<br>";
                $sql2 ="UPDATE charac0 SET c_status = 'X' WHERE (c_id = '$char')";
                $rs2 = sqlsrv_query($sql2, $con);
                if (!$rs2)
                    {
                        echo "Damn!! cant disable the $char<br>";
                        //delete the $char
                        $sql3 = "DELETE FROM charac0 WHERE (c_id = '$char')";
                        $rs3 = sqlsrv_query($sql3, $con);
                        if(!$rs3)
                            {
                                echo "<p align='center'>Cant delete $char also<br>";
                            }
                            else
                            {
                                echo "<p align='center'>Succesful deleting $char<br><br>";
                            };
                    }
                    else
                    {
                        echo "<p align='center'>Successfull disable the $char<br><br></p>";
                    };
            };
    };
sqlsrv_close($con);
echo "<meta http-equiv='refresh' content='1;url=".$_SERVER['PHP_SELF']."'>";
//session_destroy();
?>

copy all those codes on a notepad n save it any name u like with the extension of file must be .php
open it up using ur firefox n left it like that....
it will disable all the ASCII code interval in 1 seconds. so the creators of the ASCII char cant login anymore.

errr.... im no good at PHP, but this is the best way that i can come out with....
if u guys got more idea, pls do state it overhere....

 

[chrissdegrece]

Have you tried checking the database and see how these 2 chars are stored?

Did you try to set a unique index on char names?

 

[zaugola]

Have you tried checking the database and see how these 2 chars are stored?

yap, i have checked. it seems that a3client.exe cant really read the different as an example that i have shown on my previous post....
i beleve others have the same problems too cos we r the sharing same db...

Did you try to set a unique index on char names?

i dont know how to set unique index on charac0 table for c_id column.

 

[chrissdegrece]

what's stored in DB for that specific example? and how is it shown to the client in char selection screen?

For the index you can check :

You must be registered to see links

You can also try to set an on insert trigger which would check char name and return error for not allowed char names so that you can capture this problem before it happens.

 

[ash.blackdevil]

what's stored in DB for that specific example? and how is it shown to the client in char selection screen?

For the index you can check :

You must be registered to see links

You can also try to set an on insert trigger which would check char name and return error for not allowed char names so that you can capture this problem before it happens.

so we have to create a trigger which will accept ascii codes from A to z? But how will the error be sent back to client?

 

[ast009]

this is the error i have got in sql server 2000 and 2005

Error:
Array ( [0] => Array ( [0] => IMSSP [SQLSTATE] => IMSSP [1] => -49

 => -49 [2] => This extension requires either the Microsoft SQL Server 2008 Native Client (SP1 or later) or the Microsoft SQL Server 2008 R2 Native Client ODBC Driver to communicate with SQL Server. Neither of those ODBC Drivers are currently installed. Access the following URL to download the Microsoft SQL Server 2008 R2 Native Client ODBC driver for x86: http://go.microsoft.com/fwlink/?LinkId=163712 [message] => This extension requires either the Microsoft SQL Server 2008 Native Client (SP1 or later) or the Microsoft SQL Server 2008 R2 Native Client ODBC Driver to communicate with SQL Server. Neither of those ODBC Drivers are currently installed. Access the following URL to download the Microsoft SQL Server 2008 R2 Native Client ODBC driver for x86: http://go.microsoft.com/fwlink/?LinkId=163712 ) [1] => Array ( [0] => IM002 [SQLSTATE] => IM002 [1] => 0 [code] => 0 [2] => [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified [message] => [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified ) )

 

[Prot]

so we have to create a trigger which will accept ascii codes from A to z? But how will the error be sent back to client?

it won't.. The .acl file will get updated but db won't, so it will just create a dummy char which will give error if u try to login. Just edit the chinese error and mention "Special character's not allowed, Delete and create other Char"

 

[chrissdegrece]

Did you also try to create unique index on char name?

 

[Prot]

nope i didn't...

 

[getdeepz]

nope i didn't...

Best way is to code it in A3client, while player enter character name...

 

[Prot]

what if ppl use any other a3client.exe and hex it to the server ip?

 

[zaugola]

this is the error i have got in sql server 2000 and 2005

Error:
Array ( [0] => Array ( [0] => IMSSP [SQLSTATE] => IMSSP [1] => -49

 => -49 [2] => This extension requires either the Microsoft SQL Server 2008 Native Client (SP1 or later) or the Microsoft SQL Server 2008 R2 Native Client ODBC Driver to communicate with SQL Server. Neither of those ODBC Drivers are currently installed. Access the following URL to download the Microsoft SQL Server 2008 R2 Native Client ODBC driver for x86: http://go.microsoft.com/fwlink/?LinkId=163712 [message] => This extension requires either the Microsoft SQL Server 2008 Native Client (SP1 or later) or the Microsoft SQL Server 2008 R2 Native Client ODBC Driver to communicate with SQL Server. Neither of those ODBC Drivers are currently installed. Access the following URL to download the Microsoft SQL Server 2008 R2 Native Client ODBC driver for x86: http://go.microsoft.com/fwlink/?LinkId=163712 ) [1] => Array ( [0] => IM002 [SQLSTATE] => IM002 [1] => 0 [code] => 0 [2] => [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified [message] => [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified ) )[/quote]
go to this link as in the error message n download the driver n install it. u r done...

http://go.microsoft.com/fwlink/?LinkId=163712

 

[Feurial]

what if ppl use any other a3client.exe and hex it to the server ip?

Point hai !!

 

[cvrdheeraj]

yap, i have checked. it seems that a3client.exe cant really read the different as an example that i have shown on my previous post....
i beleve others have the same problems too cos we r the sharing same db...
i dont know how to set unique index on charac0 table for c_id column.

I never had this problem. It all depends upon how you setup your databases.

what's stored in DB for that specific example? and how is it shown to the client in char selection screen?

For the index you can check :

You must be registered to see links

You can also try to set an on insert trigger which would check char name and return error for not allowed char names so that you can capture this problem before it happens.

Accountserver will not be able to handle the trigger violation.

what if ppl use any other a3client.exe and hex it to the server ip?

My Accountserver ain't stupid. tt1:

 

[Prot]

My Accountserver ain't stupid. tt1:

I replied to getdeepz's point. Not talking about ur awesomeness. btw i too dnt have the problem in my db..

 

[zaugola]

this is y ppl have to think so many times just to share something like an idea, solutions n other things. they r afraid for some1 who really knows a lot of things said that what they have done r not so good even if its true while they themselve r not willing to share what they have improved.

anyway, im the thread starter, pls dont get dirty with any flames post overhere. if u wanna improved my idea or my script by pointing the right directions, pls go ahead n ill be gladly appreciate it.......