Code:
btw are you guys aware that the exe sends data to several links whiles your playing the game open the exe in hex and see what im talking.. multiple links in exe for one thing or another we need to find way to change link direction .[/QUOTE]
Yes the exe has a few links in it for features we don't have, it doesn't use the addresses but you can blank them if you want to be sure it can't use them. There are 2 addresses for the cash shop too, one for the "live" cash shop and one for a LAN address which i assume they use for testing.
[QUOTE="Advocate, post: 4339114, member: 227489"]i got it working but i feel little objective about this script. simple fact of it is that any gm can add anything to the shop even tho us developers try to keep our server secured by adding trust worthy gm but no matter how trust worthy a person may seem there are always will be corruptible gm that will
a.give items out to firends
b.sell items in game for real cash trying to make side profit off server. this script needs to be revamped to only allowed the administrator to add and remove items from shop.[/QUOTE]
Yes i am aware of this. This is only the initial beta and it was designed to be as simple as possible rather than padding it out with whole chunks of code that weren't really necessary and could lead to further bugs until the most important bits are fully tested. A simple "are you a GM" check was far quicker than writing a true authentication method to just allow specific people in, but if you know any php at all it is very very simple to mod it.
webshop.php and admin.php:
[code]$r=mssql_query('select * from '.DB_GAM.'.dbo.cabal_character_table where CharacterIdx between '.$v1.' * 8 and '.$v1.' * 8 + 5 and nation=3');
What this does is check the connecting person's UserNum (v1) and checks if any of their chars are GMs, if so then they are allowed.
Those queries control whether the admin button shows up and whether you can access the admin panel. To let just 1 account in you could just check the v1 manually instead of using mssql
Code:
$r=mssql_query('select * from '.DB_GAM.'.dbo.cabal_character_table where CharacterIdx between '.$v1.' * 8 and '.$v1.' * 8 + 5 and nation=3');
if (mssql_num_rows($r)>0) $is_gm=true;
Just remove both lines and replace with this (assuming your UserNum is 4):
If you wanted more people to access you just need to find something they have in common for the query, or cheat...
Code:
$r=mssql_query('select * from '.DB_ACC.'.dbo.cabal_auth_table where UserNum='.$v1.' and Gender=1');
Normally the gender field in our account db auth table isn't used (maybe use the country table if you do) so i can set it to 1 for all of my trustworthy GMs and now it will only let them in.
I am adding more controls so this can be more easily done, but hey this is beta 1 and i don't expect it to be perfect yet as i'm far from done with this.
The real question is why anyone would have a GM they couldn't trust
tt1: