Advanced Octet Editor v1 [PHP, Mailer, Guide]

[shadowvzs]

Advanced Octet Editor v1.1 [PHP, Mailer, Guide]

Screenshot and video

Spoiler

You must be registered to see links

You must be registered to see links

Files:
Index.php - main/core
worker.php - what send the mail, doing background save/load file stuff
pwclass.php - most of text/item related data stuff here

How to add new item or addon:
- open pwclass.php with any text editor and insert a new array
- note # is data separator

Spoiler

equipment:
☆☆Gale of the Tiger - item name
20289 - item id in elements.data
16 - this item grade in elements.data
5 - red name color (0,1=normal, 2=blue, 3=green, 4=yellow, 5 = red)

$ItemMod[1][1][] = "☆☆Gale of the Tiger#20289#16#5#3";

mat:
Feng's Steel Armor - mat item name
15254 - mat id
0 - grade, allways 0
0 - normal color in combobox
20 - max stack
0 - proc type
0 - got no octet

$ItemMod[6][4][] = "Feng's Steel Armor#15254#0#0#20 0 0";

Task dice:
Scroll I - item name
7710 - item id
0 - grade, allways 0
0 - normal color in combobox
1972 - quest id what executed when you right click
30 - max stack

$ItemMod[4][8][] = "Scroll I#7710#0#0#1972 30 1";

addon:
2079 - addon id from elements.data ([0] column)
Att Lv. + * - the addon what will be showed on page if you add to item (* will be replaced with your value)
H - this mean addon saved like hexadecimal value (H = reversed hexa octet or F - reversed Float hexa octet)
WAJBM - addon filter, this mean this addon available for both 5 item type (weapon, armor, jewel,bless box, ammo)
Attack Level - Text for combobox list
38 - for version 38 and above

$Addons[]="2079#Att Lv. +*#H#WAJBM#Attack Level#38";

special:
451 142 1 - 451 is the addon id in first column in elements.data, 142 is the the 1st parameter when u check the id 451 in elements data and 1 is the second parameter, everything from elements.data;
Slow: blabla - is the description only for website
S - special addon (berserk, gof, bless, purge etc)
W - filter character, (W=weapon, A=armor, J=Jewels, B=bless box, M=ammo)
Special: Slow - short text for combobox
10 - version number, ex. if version is 40 then addon not visible if you set site to 1.3.6

$AddonsS[]="451 142 1#Slow: Chance for slow target#S#W#Special: Slow#10";

Description:
Php+javascript (not java like .jsp) based octet editor what also help to understand what octet what do, so also caould say a online octet guide also guide.

Features:


Item Menu:
Weapon: Polehammer, Poleaxe, Dual Hammer, Dual Axe, Spear, Polearm, Staff, Mace, Blade, Sword, Dual Blade, Dual Sword, Fist, Claw, Bow, Crossbow, Slingshot, M. Sword, M. Wand, M. Quoit, M. Staff, Dagger, Sphere, Sabre, Schythe
Armor: Heavy/Light/Magic Chest/Leg/Boot/Arm, Heavy Helmet, Magic Helmet, Manteau

Jewels: Physical/Dodge/Magical Necklance/Belt, Physical/Magical Ring

Fashion: Top M/F, Pants M/F, Boot M/F, Glove M/F

Other: Flyer, Pet Egg (inc. Mount, Baby, Battle), Bless Box, Elf (=Genie), HP & MP Hiero, Ammo, Ph. Potion, Task Dice, Grass

Utility: Tome, Boost, Util, Chat, Pages, Dye, Firework, Dragon Quest, Pack Rewards, Pet Scroll, Funny, Fuel, Wine & Bloods

Mats & Herbs: Normal Mats, Jades, Herbs, HH mats, HH souledges, FW mats, CV mats, Molders, Heaven Tear mats, Misc


*i tested with 1.4.2
**each item category also got item list, elf gear, skill, pet skills, socket stone datas, addons data with id in pwclass.php

Mail Packet System:
- example if you create many custom thing or just want make a group of items what you want send to 1 or more people you can do easily, simple make the predefined settings (like set weapon damage, sockets etc or mat quantify, proctype, mail message, target role id etc) then click to Add Packet button and system register into a temporary list, with all of your settings.
- how can be usefull? lets say you want send 1 or more item to 1 or with more people, then want send all mail with short delays (1sec) then you can do it now, also i have more option what make your life easier, like select/ select all packet option and reset mail target role id/delete the mails/send the mails, can send individually or edit the already saved packet infos and their octets aswell (atm only for weapon)
- Mail Packet save the following informations: role id, Gold what you send via mail, mail title, mail body text, item id, item name, item amount, item max stack, item expire date, item mask, proctype, guid1, guid2, octet and few info what you not use/see (example item type, item subtype etc)


Extras:- Custom proctype for gears
- Individual or multiple mail sending by 1 click
- Wide range for item customization (can change manually most of thing)
- Easier understand the octet structure (breaked into pieces and if you hover over it it's tell what it do)
- Math: can convert Dec, Hex, Hex Float vice-versa, normal-reversed and added also the fixes if its a addon id
- Mail Sending system
- Mail Packet system, more about mail packets above.
- Auto Packet loading from file and option for save selected items.
- easy socket/elf skill/elf gear/pet skill adding

- Expiration timer (can set item duration to x min, hour or day, ex. item expire in 5 min)
*Tested on firefox, opera, chrome [linux & android]*
*This tool mainly created for 1.4.2 but i guess could work with different version aswell

Download link:

You must be registered to see links

Online test:
-

You must be registered to see links

(don't worry about incorrect special chars, on your appache will work)

Old Version in dev section

Spoiler

http://forum.ragezone.com/f752/item-octet-creator-php-javascript-1124198/

 

[Calas]

poorly coded but meh can't complain.. at least you done something useful

 

[shadowvzs]

poorly coded but meh can't complain.. at least you done something useful

any tip welcome what improve the tool

Version 1.1
btw added
- math conversion function
- expire timer settings
- save load item stuffs (decode the octets if you double click to your saved item on item list etc)
- packet data changeing (contain 15 data from item, you can change most of them)
- packet tooltip rearranged (if you hover over packet on list)
- alot minor fixes

 

[ninekinsen]

any tip welcome what improve the tool

Version 1.1
btw added
- math conversion function
- expire timer settings
- save load item stuffs (decode the octets if you double click to your saved item on item list etc)
- packet data changeing (contain 15 data from item, you can change most of them)
- packet tooltip rearranged (if you hover over packet on list)
- alot minor fixes

can run on PHP 7.1 ??

 

[shadowvzs]

can run on PHP 7.1 ??

theoretical i guess yes, but tested only with 5.3 or with 5.5, i dont remember exactly, only what i know its 5.3+ and lower than 6.

also there my link about live demo where you can test on lower php

You must be registered to see links

 

[shadowvzs]

*added the RoleName to ID conversion and download link renewed

 

[shadowvzs]

changed the minimum valid roleid from 1024+ => 16+ (included 16)

added a mini guide about How to add new addon/item

 

[shadowvzs]

Since i got no report about bugs and this project look like done, i continue my website with this project implentation+adding few feature like Authentification, Web Shop, when i am done, you can found here. [Web mainly aimed to older version like 141]


few sneak peak

 

[w3bm4ster]

Be careful with the buy function in WebShop, depending on how you handle it, the user can buy 10 weapons for the price of 1.

 

[shadowvzs]

Be careful with the buy function in WebShop, depending on how you handle it, the user can buy 10 weapons for the price of 1.

if you mean to the rapid click then no, that will work same way like this Adv OCtet Editor...

Don't you noticed with this tool you can send how much packet you want with simple click?
you select the packets like in your email inbox, click to send and it will be sent 1 by 1 and still i doubt you can abuse...
How this work?
with hidden iframe and a worker php file in background, when you click to send button or start send multiple mail sending the client 1st change a boolean variable what will block your next sending until current mail not sent or not failed (failed if server off or bad settings), when mail sending progress done or failed the mail sending it change back the boolean variable from server worker.php in client side so you can send item again...
this way could avoid the dublication and indifferent if sending mail progress takes 5 second or 1 milisecond.

before this methode anyway was chance if you click damn fast and server is slow then maybe not every sending executed since page in iframe with worker.php refreshed faster then it was able to reach till the sending progress but this was fixed with methode above with boolean.

 

[GiantAxe]

I don't think he ment clicking the button really fast, more like.

Someone pressing F12, opening developer options.
Manually edits your item in html and posts the modified html.

 

[shadowvzs]

I don't think he ment clicking the button really fast, more like.

Someone pressing F12, opening developer options.
Manually edits your item in html and posts the modified html.

well, server side will check if item pack data (octet, proctype, price etc) is same than the saved item, so until someone can't edit the server side files, this could be hard

 

[shadowvzs]

i did few improvement on item builder aswell but mainly worked on shop, if you think its cheatable tell me here please
http://forum.ragezone.com/f752/php-based-pwadmin-1122225/

try in [HD]

 

[shadowvzs]

Yesterday tested on 1.5.3 and work same well, so I guess this work to any pw version

 

[w3bm4ster]

I know two type of cheat WebShop/Vote/Withdraw:

- Auto Click
- Open the panel in mobile and PC and click in the buy button at the same time.

It's pretty much the same. Respectively you get two items for the price of one / if you have 10 credits you can earn 100 even have just 10.

You can follow this pattern to prevent this:

You must be registered to see links

Example:
In a production server can be extremely harmful.

 

[shadowvzs]

But you was able to cheat with this page? I ask because I double check before send the item?

Btw refresh page without query string how help if someone use option 2?
Btw ty for sharing that, on my other site I also used refresh when used post data send because backing was very annoying
Anyway I will because plus a line not really make any bad
So will update this once again if I also get the XML about new stats on item like spirit, penetrations and skayer/warding etc

 

[w3bm4ster]

But you was able to cheat with this page? I ask because I double check before send the item?

Btw refresh page without query string how help if someone use option 2?
Btw ty for sharing that, on my other site I also used refresh when used post data send because backing was very annoying
Anyway I will because plus a line not really make any bad
So will update this once again if I also get the XML about new stats on item like spirit, penetrations and skayer/warding etc

I don't checked your code. I'm to lazy to create a new VM. And what do you mean with "double check"? In my opinion the PRG Pattern is very efficient in this case. Ah, there's one more thing related to webshop. You should verify if item exists in your webshop table, or the players can change the item ID and buy a GM Weapon.

 

[shadowvzs]

I don't checked your code. I'm to lazy to create a new VM. And what do you mean with "double check"? In my opinion the PRG Pattern is very efficient in this case. Ah, there's one more thing related to webshop. You should verify if item exists in your webshop table, or the players can change the item ID and buy a GM Weapon.

Then I tell how it's work.

Have a parent page (webshop), when it's loaded the it's check user web point and gold in inventory for 1st character and show it.

Have a hidden iframe inside the parent/webshop page.

When you want buy something then parent page check if you have enough point or gold, if yes then pass the roleid, item data, amount to iframe/child page in it's url, like "worker.php? Role=1024&amount=2&itemdata=231#2#64#......"

When worker.php get the data it's check:
User is in session?
Item data is valid and exist with same data in file?
If yes then recheck the roke gold or account web point, refrash variable in parent, calculate again if price isn't higher than what role/user got then send mail, if it's sent then decrease gold or point.



A bit different with in game gold cost:
- because need check if account is logged out
- because that decreased before mail sending part because it's verify if that gold decrease function work (maybe different pw version have different XML structure) so if decreased but mail falid the role get back his money.

In both case have message if mail sent or not sent (JavaScript alert), it's a bit make more annoying the rapid clicker job a bit.


Another thing what I added is Boolean variable what not let parent/webshop to send data to iframe until last mail not sent or sending not failed (that child/iframe change)

 

[GiantAxe]

Question, why are you sending data via an iframe to begin with across a HTTP GET method.
Why not use a regular HTTP POST instead on the same page.

That or use proper javascript AJAX requests.

Theres something we can all agree on though,
Your PHP code works for a simple internal site so an admin can send himself some stuff and do some other things.

However, and this is reality.
The state your site is currently in, echo'ing html and javascript into a site. Doing everything through PHP.
What #w3bm4ster already mentioned, thats just 1 way to abuse your current system you made.

You really have to cleanup your code, put stuff in classes. Get rid of the iframe method and learn proper javascript to handle async post events.
Cause as it is right now, your site is in no way, shape or form "Production" environment ready.

Most big server owners will tell you the same, players will do just about anything to try and abuse anything you make. So unless its absolutely bulletproof its nothing more then a liability right now.

That said though, we all started somewhere with poorly made sites and learned from that so i'm sure that in the future you'll be able to do better work.


But I can speak for most people here when I make this comment,
1. format your project, stop putting everything in single php files
- move css to actual css files
- move your javascript to actual js files
- format your php code to actual classes so its easier to maintain and looks cleaner aswell to work with.
2. spend some time on data validation, concurrent request handling and all that so that a user can only get a item once even if he uses 10 webbrowsers at the same time to get an item.

 

[shadowvzs]

But I can speak for most people here when I make this comment,
1. format your project, stop putting everything in single php files
- move css to actual css files
- move your javascript to actual js files
- format your php code to actual classes so its easier to maintain and looks cleaner aswell to work with.
2. spend some time on data validation, concurrent request handling and all that so that a user can only get a item once even if he uses 10 webbrowsers at the same time to get an item.

i prefer iframe over ajax, not every site use ajax and i don't know any private server where on website have that huge traffic, maybe in game but not on web, still can't understand how can anybody abuse it with fast clicking since money is taken.

i used ajax and not like really, mainly here don't need async at all for buying because what point in that if user anyway buy 1 item per time?

You must be registered to see links

ajax doesnt mean iframe is dead, they have difference and advantage, main advantage of ajax isn't used here (unlike in search engines where ajax clearly alot better than iframe)

i am glad if you want help but i dont change to ajax only because its trendy now, because iframe is also ok with security checks/fix (correct me if i am wrong, i allways accept if someone can prove have a alot better way).

1. formating and separate css/javascript i will do, first i didnt did, simple reason because less file and item builder mainly designed for admin tool/testing stuffs.
2. if you readed what i wrote i hope you understanded you could make 10000 browser but every time you pay for item can't avoid (atleast how i see can't if serverside have money check before paying) but anyway the reload page without query string is good idea because donesn't make any bad
validation is there, user validation, item data validation etc (if have special syntax then can't be same string than in file), but maybe needed a replace for '/"$ characters aswell?

this is how its work when iframe called:

//valid use check before
if ($AllowN !== true){die;}
if (isset($_GET['BuyFromShop'])){
    if ((isset($_GET['Amount']))&&(isset($_GET['buyWith']))&&(isset($_GET['transWith']))&&(isset($_GET['IData']))&&(isset($_GET['roleid']))){
        $idata = trim($_GET['IData']);
        $idata = str_replace('|', '#', trim($_GET['IData']));
        $idata = str_replace('@', '+', $idata);
        //check server if running
        if (strpos($idata, "#") !== false){
            $iArr = explode("#", $idata);
            if (count($iArr) == 19){
                $handle = fopen($ShopItemD, 'r');
                $valid = false; // item data is in file?
                while (($line = fgets($handle)) !== false) {
                    if (strpos($line, $idata) !== false) {
                        $valid = TRUE;
                        break;
                    }
                      }
                fclose($handle);
                if ($valid !== false){
                    $buyWith = intval($_GET['buyWith']);   //1 is coin, 2 is web point
                    $transWith = intval($_GET['transWith']);  //1 is mail, 2 is not added yet
                    $Amount = intval($_GET['Amount']); //how much from item
                    $roleId = intval($_GET['roleid']);      //target role
                    if (($buyWith > 0) && ($transWith > 0) && ($Amount > 0) && ($roleId > 0) && ($iArr[11] >= $Amount)){
                        $sockres =   [USER=493081]fsockopen[/USER]($DB_Host, $ServerPort, $errno, $errstr, 10);
                        if (!$sockres){
                            echo"<script>parent.alert('Server is offline');</script>";
                        }else{
                            @FClose($sockres);
                            //server online
                            $conn = new mysqli($DB_Host, $DB_User, $DB_Password, $DB_Name);
                            if (($conn->connect_error)||(mysqli_connect_error())) {
                                echo"<script>parent.alert('Cannot connect to mysql database');</script>";
                            }else{
                                include("./packet_class.php");
                                if ($buyWith == 2){
                                    //check user point & gold
                                    $query = "SELECT VotePoint FROM users WHERE ID=?";
                                    $statement = $conn->prepare($query);
                                    $statement->bind_param('i', $userid);
                                    $statement->execute();
                                    $statement->bind_result($LWebPoint);
                                    $statement->store_result();
                                    $result = $statement->num_rows;
                                    if (!$result) {
                                        exit;
                                    }else{
                                        while($statement->fetch()) {
                                            $WPoint=$LWebPoint;
                                        }
                                        $price = $iArr[1]*$Amount;
                                                                                if ($WPoint >= $price){
                                            $NPoint = $WPoint - $price;
                                            if ($transWith == 1){ 
                                               echo"<script>parent.MReady = false;
</script>";
                                                $expir = $iArr[14];
                                                if ($expir>0){$expir=$expir+time();}
                                                if (SysSendMail($roleId, ("[SHOP]: ".$iArr[2]), ("Thank you for bought this item from web!"), $iArr[7], $Amount, $iArr[11], $iArr[15], $iArr[9], $expir, $iArr[12], $iArr[13], $iArr[8], 0) == 0){
                                                    $query = "UPDATE users SET VotePoint = $NPoint WHERE ID=?";
                                                    $stmt = $conn->prepare($query);
                                                    $stmt->bind_param('i', $userid);
                                                    $stmt->execute();
                                                     $stmt->close();
                                                    echo"
<script>
                                                    parent.UPoint = parseInt('".$NPoint."', 10);
                                                    parent.document.getElementById('User_Point').innerHTML = parent.UPoint;
                                                    parent.document.getElementById('BuyWindow').style.display='none';
                                                    parent.alert('Mail sent with your item!');
                                                    parent.MReady = true;
                                                    parent.LockItem=false;                                                    parent.SelectIcon(0);
                                                    </script>";
                                                }else{
                                                    echo"<script>
                                                    parent.alert('Error, cannot send mail!');
                                                    parent.document.getElementById('BuyWindow').style.display='none';
                                                    parent.SelectIcon(0);
                                                    parent.MReady = true;
                                                    </script>";
                                                }
                                                 }
                                        }else{
                                            echo"<script>parent.alert('Insufficient point (".($price-$WPoint)." missing)!');</script>";
                                        }
                                    }
                                }
                            }
                            $conn->close();
                        }
                    }
                }else{
                    echo"<script>parent.alert('Item not found!');</script>";
                    }
                                }
                    }
    }
}