Printable View
it will be added on update 0.5 i hope :D till then will wait for it :D.Quote:
Originally Posted by Smutny
p.s: diablo can you add on that webshop socket sistem? and limit to sockets from config.cfg ?:D
and yes the site got some errors with clt codes for s6(only for DL the last transformation i think, because the DL's are not apearing on ranks and top 5) but i will fix that np just today i've seen it lol
webshop will be added soon, need little time to have to finish it, cause i got a lot to study to finish the collage, when i get free some time i will finish it
diablo im not that good in site coding but if you help me with this thing i need to change the clt code for lord emperor at top 5 thing to worck i entered in modules to it but i didnt find the clt code to change there only at online users and ranking i found those but for top 5 i didnt , i need only the file where to edit , tnx vm :D and sorry for my english:( ( i just seen you're message up so then after you finish you're studies , we will wait :D )
in rankings.php find:
if ($row[2] == 64) { $row[2] = "Dark Lord"; }
if ($row[2] == 65) { $row[2]= "Lord Emperor"; }
if ($row[2] == 66) { $row[2] = "Lord Emperor"; }
change it with your code if its other should fix your problem in displaying the hero in ranking
the clt code for LE is 66 in my server but i even tried every possibility to change 65 to 66 then to remove one and it's still not worcking, and now i have some problems with Quest 3 , i will wait till the update 5 will come out is no problem :D
i realy appriciate you're suport to us :D
share your problem with your quest module so we can fix it
well when someone tryes to make that quest lvl 3 he/she is lvl 400 with quests at marlon done when they try the page will say that account dose not exist and they are offline from the server
okey this problem is fixed, try it now:
1. open _mods/quest3.php and replace the code with this one:
2. EnjoyCode:<?
/*
MFS Team Web 0.5
by Diablo
http://famous-scripters.net/
*/
?>
<?
include("config.php");
?>
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$time = date("l dS of F Y h:i:s A");
$script = $_SERVER[PATH_TRANSLATED];
$fp = fopen ("C:/MuServer/[WEB]SQL_InjectionQuest.txt", "a+");
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace
$sql_inject_2 = array("", "","","""); #To wont replace
$GET_KEY = array_keys($_GET); #array keys from $_GET
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE
/*begin clear $_GET */
for($i=0;$i<count($GET_KEY);$i++)
{
$real_get[$i] = $_GET[$GET_KEY[$i]];
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]]));
if($real_get[$i] != $_GET[$GET_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: GET\r\n");
fwrite ($fp, "Value: $real_get[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_GET */
/*begin clear $_POST */
for($i=0;$i<count($POST_KEY);$i++)
{
$real_post[$i] = $_POST[$POST_KEY[$i]];
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]]));
if($real_post[$i] != $_POST[$POST_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: POST\r\n");
fwrite ($fp, "Value: $real_post[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_POST */
/*begin clear $_COOKIE */
for($i=0;$i<count($COOKIE_KEY);$i++)
{
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]];
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]]));
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]])
{
fwrite ($fp, "IP: $ip\r\n");
fwrite ($fp, "Method: COOKIE\r\n");
fwrite ($fp, "Value: $real_cookie[$i]\r\n");
fwrite ($fp, "Script: $script\r\n");
fwrite ($fp, "Time: $time\r\n");
fwrite ($fp, "==================================\r\n");
}
}
/*end clear $_COOKIE */
fclose ($fp);
?>
<?
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "./log.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "You think you can hack me? Now You will eat the BANN!!";
}
?>
<?php
function GetField($input) {
$input=strip_tags($input);
$input=str_replace("<","<",$input);
$input=str_replace(">",">",$input);
$input=str_replace("#","%23",$input);
$input=str_replace("'","`",$input);
$input=str_replace(";","%3B",$input);
$input=str_replace("script","",$input);
$input=str_replace("%3c","",$input);
$input=str_replace("%3e","",$input);
$input=trim($input);
return $input;
}
?>
<script language="JavaScript" type="text/JavaScript">
//<![CDATA[
function validate(form)
{
if (form.acc.value =="") {
form.acc.focus();
alert("Enter Account.");
return false;
}
var filter = /^([a-zA-Z0-9\-\_])+$/;
if (!filter.test(form.acc.value)) {
form.acc.focus();
alert('Error.. use only text (a-Z) and symbols (0-9).');
return false;
}
if (form.acc.value.length<4) {
form.acc.focus();
alert("It is necessary for the account and password carry more than 4 digits.");
return false;
}
if (form.pass.value =="" ) {
form.pass.focus();
alert("Password.");
return false;
}
var filter = /^([a-zA-Z0-9\-\_])+$/;
if (!filter.test(form.pass.value)) {
form.pass.focus();
alert('Error.. use only text (a-Z) and symbols (0-9).');
return false;
}
if (form.pass.value.length<4) {
form.pass.focus();
alert("It is necessary for the account and password carry more than 4 digits.");
return false;
}
if (form.character.value =="") {
form.character.focus();
alert("Character.");
return false;
}
var filter = /^([a-zA-Z0-9\-\_])+$/;
if (!filter.test(form.character.value)) {
form.character.focus();
alert('Error.. use only text (a-Z) and symbols (0-9).');
return false;
}
if (form.character.value.length<4) {
form.character.focus();
alert("It is necessary for the account and password carry more than 4 digits.");
return false;
}
}
</script>
<table width="331" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td><div align="center">
<form action="" method="post" name="register_from" id="register_from">
<table align="center" width="100" border="0" cellspacing="2" cellpadding="2">
<tr>
<td><div align="right">Account</font></div></td>
<td colspan="4"><div align="left">
<input name="acc" type="text" class="input" id="acc" size="14" maxlength="10" value="">
</div></td>
</tr>
<tr>
<td><div align="right">Password</font></div></td>
<td colspan="4"><div align="left">
<input name="pass" type="password" class="input" id="pass" size="14" maxlength="15" value="">
</div></td>
</tr>
<tr>
<td><div align="right">Character</font></div></td>
<td colspan="4"><div align="left">
<input name="character" type="text" class="input" id="character" size="14" maxlength="10" value="">
</div></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><label>
<input name="quest" type="hidden" id="quest" value="quest">
<input type="submit" name="submit" value="Evolution!" class="button" onClick="return validate(document.register_from);">
</label><br><Br></td>
</tr>
</FORM> </div></td>
</tr>
</table>
<?php
If(htmlspecialchars(addslashes(isset($_POST[quest])))){
$account=clean_var($_POST[acc]);
$account = secure(htmlspecialchars(addslashes($_POST['acc'])));
$f = array("(",")","\"", "\\", "/", "=", "&", "%", "#", "*", "<", ">", "|", "'", ";", ":", "`", "?", "!", "DROP", "SELECT", "UPDATE", "DELETE", "WHERE", "drop", "select", "update", "delete", "where", "delete", "truncate", "TRUNCATE", "distinct", "DISTINCT", "having", "HAVING", "replace", "REPLACE", "handler", "HANDLER", "like", "LIKE", "procedure", "PROCEDURE", "limit", "LIMIT", "order by", "ORDER BY", "group by", "GROUP BY", "asc", "ASC", "desc", "DESC");
$account = str_replace($f,"",$account);
$character = secure(htmlspecialchars(addslashes($_POST['character'])));
$character = str_replace($f,"",$character);
$character = str_replace(";","",$character);
$character = str_replace("'","",$character);
$pass=clean_var($_POST[pass]);
$pass = secure(htmlspecialchars(addslashes($_POST['pass'])));
$pass = str_replace($f,"",$pass);
$query=mssql_fetch_row(mssql_query("select connectstat from memb_stat where memb___id='$account'"));
$query2=mssql_query("select name,class,clevel from character where name='$character' and accountid='$account'");
$query3=mssql_num_rows(mssql_query("select memb___id from memb_info where memb___id='$account' and memb__pwd='$pass'"));
$row=mssql_fetch_row($query2);
if($query3 < 1){$error=1;
echo("$warning_start The account you entered does not exist!. $warning_end"); }
elseif(mssql_num_rows($query2)<1){$error=1;
echo("$warning_start The character you typed does not exist on this account! $warning_end"); }
elseif($row[1]==0 or $row[1]==16 or $row[1]==32 or $row[1]==80 or $row[1]==96){$error=1;
echo("$warning_start You need first to finish the previous quests! $warning_end"); }
elseif($row[1]==2 or $row[1]==18 or $row[1]==34 or $row[1]==50 or $row[1]==66 or $row[1]==82 or $row[1]==99){$error=1;
echo("$warning_start This character is already 3rd evolution. $warning_end"); }
elseif($row[2] < 400){$error=1;
echo("$warning_start You need to be at 400 for evolution. $warning_end"); }
elseif($query[0] > 0){$error=1;
echo("$warning_start Your account is online! $warning_end"); }
If($error!=1){
if($row[1]==48 or $row[1]==64){$class=$row[1]+2;} else{$class=$row[1]+1;}
$run=mssql_query("update character set class='$class',quest=convert(varbinary(50),0xAAEAFFFFFFFFFFFFFFFFFFFFFFFFFFFF) where name='$character'");
echo("$ok_start The character $character has been Evoluted successfully!. $ok_end");
}
}
?></table>
another one when someone tryes to change password it will say "Module change_pass not found." and the clear inventory one is the same .
p.s: im posting this due to player posts so im sorry if i put you to much to worck :(
Thanks for information , i had forgoten to add the file
1. Open _mods/
2. Create new .php file
3. Insert this code inside
Tested and working ;) if you found other bugs report so to be fixed ;) .. Soon new update will be relased with the new fixesCode:<?
/*
MFS Team Web 0.5
by Diablo
http://famous-scripters.net/
*/
?>
<?php
if(isset($_POST['submit'])) { change_password(); }
?>
<table border=0 cellspacing=5 cellpadding=0>
<td width='290'>
<form name="" method="post" action="">
<table width="100%" border="0" cellspacing="1" cellpadding="1">
<tr>
<td width="70"><font color=>Login ID :</td><td width="100">
<input name="login" type="text" id="login" maxlength="10">
</td>
</tr>
<tr>
<td width="70"><font color=>Old Password :</td>
<td>
<input name="oldpwd" type="password" id="oldpwd" maxlength="10">
</td>
</tr>
<tr>
<td width="70"><font color=>New Password :</td>
<td><input name="newpwd" type="password" id="newpwd" maxlength="16">
</td>
</tr>
<tr>
<td width="70"><font color=>Repeat Password :</td>
<td><input name="renewpwd" type="password" id="renewpwd" maxlength="16">
</td>
</tr>
<tr>
<td width="70"> </td>
</tr>
<tr>
<tr>
<td width="100" align="right"><input type="submit" class=button name="submit" value="Reset"></td>
<td><input type="reset" class=button name="Submit2" value="Clear"></td>
</tr>
</table>
</form>
</div>
</td>
</table>
Diablo71 ive got error in ODBC? already used the one thats in the files.
the only one bug that i have for now it's the clear inventory one and the top 5 characters but this one is not that important i fixed with dl etc but still not worcking, and yes can you post if you have a script for vote reward ranking to see whitch players are in top 20 or something like this i need that one badly i hope the next update to have it included :D
Okey , added new module
- Top Voters
1. Create new .php file in folder _mods/ , named top_voters.php
2. Insert this code inside:
About the inventory bug it's been fixedCode:<?
/*
MFS Team Web 0.5
by Diablo
http://famous-scripters.net/
*/
?>
<table border=0 cellPadding=2 cellSpacing=2 align='center' class='maintable'>
<thead>
<tr>
<td align='center'>#</td>
<td align='center'>Name</td>
<td align='center'>Votes</td>
</tr>
</thead>
<?php
$topq = mssql_query("Select ToP 5 memb___id,votes from memb_info order by votes desc");
for($i=0; $i < mssql_num_rows($topq); ++$i)
{
$rank = $i+1;
$row = mssql_fetch_row($topq);
echo"
<tr>
<td align='center'>$rank.</td>
<td align='center'>$row[0]</td>
<td align='center'>$row[1]</td>
</tr>
";
}
?>
</table>
1. Open _inc/mfs.class.php
2. Find function clear_inventara()
3. Replace the hole code with this one:
3. Test and enjoyCode:function clear_inventara()
{
$character = secure($_POST['character']);
$account = secure($_POST['login']);
$password = secure($_POST['password']);
check_inject();
$queryonline = mssql_query("Select * from MEMB_STAT where memb___id='$account' and connectstat='1'");
$onlinecheck = mssql_num_rows($queryonline);
$queryaccount = mssql_query("Select * from MEMB_INFO where memb___id='$account'");
$accountcheck = mssql_num_rows($queryaccount);
$querypassword = mssql_query("Select * from MEMB_INFO where memb___id='$account' and memb__pwd='$password'");
$passwordcheck = mssql_num_rows($querypassword);
$querychar = mssql_query("Select * from Character where Name='$character'");
$charcheck = mssql_num_rows($querychar);
if(empty($character) or empty($account) or empty($password)) { echo"<font color='red'>You cannot leave any fields blank!</font><br>"; $error=1; }
elseif($accountcheck <= 0) { echo"<font color='red'>Your Login does not exist in our database. Please go back and try again!</font><br>"; $error=1; }
elseif($passwordcheck <= 0) { echo"<font color='red'>Your Password does not exist in our database. Please go back and try again!</font><br>"; $error=1; }
elseif($charcheck <= 0) { echo"<font color='red'>Your Character does not exist in our database. Please go back and try again!</font><br>"; $error=1; }
elseif($onlinecheck >= 1) { echo"<font color='red'>Account $account is online!Please LogOff First!</font><br>"; $error=1;}
if($error != 1) {
echo"<font color='green'>Character $character Inventory has been succesfully cleared.</font><br>";
$a = mssql_query("UPDATE Character SET [inventory]=CONVERT(varbinary(1560), null) WHERE Name='$character'");
}
}
in mfs_class.php it was not a function clear_inventara() but i added it down betwen the last script and ?> and it's worcking like a charm the only thing is that is deleting the character set too but that is not a problem :D , and the top voters script same worcking , thanks very much for you're time mate :D
p.s: the new update will have webshop and with sockets included? i need a script for webshop an continue to that querry or webshop that the items bought can have 3 sockets on them :D it dose not matter if they cant get the option to add the seeds in socket i need only when they buy to get 3 sockets clean , if it's possible. i realy appriciate you're worck and i will wait for the new release and i will post every error i will have , MFS IS THE BEST !!!
For the webshop i will need someone that can decode ioncube protection to PM me
i have 1 request, i need the script for online/offline server but to add port to see CS and NON-PVP server online offline. why i need to add with port because with $gsport is not worcking for sql server 2008... other else worcks fine only this one problem because it shows server offline every time and i changed the offline in online ,and it will be nice if i have for CS and NON-PVP server too :D . Thank you very much :D
-----------------------------------------------------------------Quote:
Originally Posted by diablo71
http://img190.imageshack.us/img190/6720/topvoters.gif Uploaded with ImageShack.us
Thx Bro, MFS perfect...
add perfect top_voters.php
if you had more ideas share them, soon when i finish the last codes i will update it to update 5
you can also add that trade thing on the website for example i trade titanium gloves +15 FO with 5 sockets for other gloves same or something like this if i remember right and if you can add an webshop that can give 3 sockets max i mean when you buy it dose not matter if you cant set the item with socket i need only that items to get empty sockets.
And yes if you can cooldown for each event if it's possible :D(only the events with cool down like raklion,happy hour , etc :D )
And i need the online server thing to worck on windows server 2008 and sql server 2008,ty ^^
1. This is market system maybe will work on it
2. i had alot new modules that are for private stuff only
3. new modules added on next update : Trade online time (normal players) + (vip players) ;)
well is not a problem that you dont give private modules :D you already made many players happy with this release ^_^, and also you have a big THANKS from me because you have suported me very much and i realy apriciate it :D, i will ask my players ideas for the site i will edit this post in the future :D
@diablo71
You could add Market, Virtual Vault, Raklion Top, Top Imperial Guardian, User Support, eg, ticket, VIP users as options for bronze, silver and gold, etc. .... wcoin direct sale of the site, it would be great ....
Bro, next contribuition
Print Screen...
http://img705.imageshack.us/img705/4637/gens.gif Uploaded with ImageShack.us
Thanks for share, but if someone wants it he can add it , i use default stuff :P
.. Looking for someone that can make 1 good template for this website, waiting for reply..
You can manipulate every table in server with php, easy you can make rankings for everything
contact leandro daldegam, it can help
Leandro Daldegam
how to edit the news?
ok i already fix it
How to put a module?
webshop??
then.!
When i test grand reset the credits is not Put in webshop