[SHOCKWAVE] Proj. Fanasty Roleplay [RP][C#][PHP]

[Riley H]

Project Fantasy Roleplay is a v26 emulator and CMS, designed to emulate fantasy gameplay.

Core Features:

• Most things will be cached
• Comprehensive error logging
• Stabilization and DDoS protection

Roleplay features:

• Race system (races will have specialized skills and powers)
  
  
• Skill system such as Thieving, Herblore, Magic, Smithing and more
• More realistic combat (more detailed, partially animated, more types of attacks and spells)
• Experience system (users will level things such as strength by fighting rather than waiting at the gym)
• Hunger system (Rather than dying when your hunger is compromised, things such as strength, mana will progressively degrade)
• Buying/selling system (Users will be able to buy things from stores, sell them back, and trade with other users)
• More to come...

Screenshots:

Spoiler:

[MentaL]

[vLife]

Approved.
Good luck on your RP project, hope you see it to the end.
And also you have 24 hours to post snippets of code.

[Chapo]

Good luck with the project, i love the creative ideas that you'll try to make in the emulator but i think is better to have first a very stable and complete Emulator for the RELEASE 26 before of add this new good things, it'd be great if you also tell us about the emulator and CMS features.

Now i'm very busy working with HabboDavinci and studying but if you need to edit some things in the r26 DCR's im expert in shockwave and is possible that one day i could help you, i prefer the r14-18 ones but it doesn't matter.

A screen shot of my Hotel right now (i changed a little bit the interface to make a good mix):

Very good, but this is not your develop thread i guess.

[Riley H]

Good luck with the project, i love the creative ideas that you'll try to make in the emulator but i think is better to have first a very stable and complete Emulator for the RELEASE 26 before of add this new good things, it'd be great if you also tell us about the emulator and CMS features.

Now i'm very busy working with HabboDavinci and studying but if you need to edit some things in the r26 DCR's im expert in shockwave and is possible that one day i could help you, i prefer the r14-18 ones but it doesn't matter.

A screen shot of my Hotel right now (i changed a little bit the interface to make a good mix):

Sure, I could use your help with editing some of the interface. I'll PM you.

Also, snippet:

Code:

	 
	int newLevel;
        string exp;
	exp = dbClient.getString("SELECT herblorexp FROM users WHERE name = '" + _Username + "'");	
        if (exp = "max")


{
	        using (DatabaseClient dbClient = Eucalypt.dbManager.GetClient())
                          dbClient.runQuery("UPDATE users SET herblore = herblore + 1 WHERE name = '" + _Username + "'"); 
	        dbClient.runQuery("UPDATE users SET herblorexp = NULL WHERE name = '" + _Username + "'");
                          newLevel = dbClient.getInt("SELECT herblore FROM users WHERE name = '" + _Username + "'");
                          sendData("BK" + "Level Up! \r" + "You are now a level " + newLevel + " Herbalist\r" +"You may now: " + newAbility + "");
}

Also a screenshot of the 2nd step of registration, a simple radio form that inputs the selected race into the user's table and changes everything else accordingly:

[Chapo]

Cool :-)

[Emily]

Sure, I could use your help with editing some of the interface. I'll PM you.

Also, snippet:

PHP Code:

    int newLevel;
        string exp;
    exp = dbClient.getString("SELECT herblorexp FROM users WHERE name = '" + _Username + "'");    
        if (exp = "max")


{
            using (DatabaseClient dbClient = Eucalypt.dbManager.GetClient())
                          dbClient.runQuery("UPDATE users SET herblore = herblore + 1 WHERE name = '" + _Username + "'"); 
            dbClient.runQuery("UPDATE users SET herblorexp = NULL WHERE name = '" + _Username + "'");
                          newLevel = dbClient.getInt("SELECT herblore FROM users WHERE name = '" + _Username + "'");
                          sendData("BK" + "Level Up! \r" + "You are now a level " + newLevel + " Herbalist\r" +"You may now: " + newAbility + "");
} 


Also a screenshot of the 2nd step of registration, a simple radio form that inputs the selected race into the user's table and changes everything else accordingly:

Please..

exp = dbClient.getString("SELECT herblorexp FROM users WHERE name = '" + _Username + "'");

Tell me this needs some improving? Why not use MySqlParams? This is fully injectable.

[Jubatus]

I'm really looking forward to this project, it's so unique!

What server is this based on, I'm guessing Holo?

[Chapo]

Please..

exp = dbClient.getString("SELECT herblorexp FROM users WHERE name = '" + _Username + "'");

Tell me this needs some improving? Why not use MySqlParams? This is fully injectable.

Its not because its not used for something like uh uh.. navigator (just a example) doh..

[Riley H]

Please..

exp = dbClient.getString("SELECT herblorexp FROM users WHERE name = '" + _Username + "'");

Tell me this needs some improving? Why not use MySqlParams? This is fully injectable.

Firstly, I hope you understand that was a C# snippet and not PHP -- just incase there was any misunderstanding there. Secondly, I would like to point out the fact that I'm implementing all of the basic features and functions first, then going back and securing the code later.

I'm really looking forward to this project, it's so unique!

What server is this based on, I'm guessing Holo?

Yeah, thanks man, that was the goal.

Updates:

• Users with level 5+ Thieving may now pickpocket users
• Users with Higher Thieving levels can now steal more food at one time, and have less of a chance of being caught
• Finished CMS design for me, community
• Finished CMS registration functions -- working on design

Me:

[Chapo]

Firstly, I hope you understand that was a C# snippet and not PHP -- just incase there was any misunderstanding there. Secondly, I would like to point out the fact that I'm implementing all of the basic features and functions first, then going back and securing the code later.



Yeah, thanks man, that was the goal.

Updates:

• Users with level 5+ Thieving may now pickpocket users
• Users with Higher Thieving levels can now steal more food at one time, and have less of a chance of being caught
• Finished CMS design for me, community
• Finished CMS registration functions -- working on design

Me:

So you guy think its only impossible to exploit/inject/whatever in C#? I'm very sure its possible, And i'm also very sure that Tha knows what C# is lulz.

[Riley H]

So you guy think its only impossible to exploit/inject/whatever in C#? I'm very sure its possible, And i'm also very sure that Tha knows what C# is lulz.

I've never heard of an SQL injection in C# except when using ASP.NET. I also never said that he didn't know what C# was. It is very possible he mistook it as PHP related to the screenshot I included in the same post, as the line he quoted could also be used as PHP code.

Edit: I now see I used PHP code tags instead of basic code tags, that is why Tha mistook my snippet for PHP.

[vLife]

SQL injection inside of C# is very much real. And if this emulator your building around is Holo more than likely its there. Parameters are there for a reason, don't secure later what you can do now.

[Cody Allan]

maybe i should open an RP hotel :o they're getting pretty neat!

[Riley H]

SQL injection inside of C# is very much real. And if this emulator your building around is Holo more than likely its there. Parameters are there for a reason, don't secure later what you can do now.

C# can be injected -- I'm not denying that. However, an injection could only be performed, in this case, if the console itself had an input field of some kind and generated a SQL query with it. Which it does not. Therefore, the emulator is not directly vulnerable to SQL injections.

[Emily]

Thanks for everybody coming up. I didn't know it first but I knew there were MySqlParameters for a reason. I learnt it's pretty much for making it unexploitable at my own thread (I guess it was Myrax who pointed it out)

I hope you decide to use MySqlParameters for 99,999999% of the code. Good luck, good to see there is still somebody caring about shockwave!