Here PHP Code
Code:
<?php
require("config.php");
$login = stripslashes($_SESSION['user']);
include_once('sql_check.php');
check_inject();
require_once "sql_inject.php";
require_once "sql.class.php";
$bDestroy_session = TRUE;
$url_redirect = 'error.php';
$sqlinject = new sql_inject('sqlinject/log_file_sql.log',$bDestroy_session,$url_redirect) ;
function valid($word)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for($i=0;$i<strlen($word);$i++)
{
$ch = substr($word,$i,1);
$nol = substr_count($chars,$ch);
if($nol==0)
{
return true;
}
}
return false;
}
function getchar($character)
{
$uid = mssql_fetch_array(mssql_query("SELECT ChaNum FROM RanGame1.dbo.ChaInfo WHERE ChaNum='".$character."'"));
return $uid[0];
}
$error=1;
if($_POST['lostpassword']=='Buy') {
$error = 2;
$account_id = stripslashes($_SESSION['user']);
$Nation = stripslashes($_POST['nation']);
$query = "SELECT header from RanUser.dbo.Web";
$result = $db->Execute($query);
$row = $result->fetchrow();
$idcode = (int)$_POST['idcode'];
$name = stripslashes($_POST['name']);
$row = $result->fetchrow();
$Cost = 150;
$result = mssql_query ("SELECT UserPoint FROM RanUser.dbo.UserInfo Where Username = '$account_id'");
$rows=mssql_num_rows($result);
}
if($error==1) {
$query = "SELECT resetmoney,resetlevel,resetslimit,reset_skill,reset_quest,reset_stat,clean_skills from RanUser.dbo.Web";
$result = $db->Execute($query);
$row = $result->fetchrow();
$login = stripslashes($_SESSION['user']);
$comanda1="SELECT UserNum from RanUser.dbo.UserInfo where Username = '$login' ";
$rezultat2=mssql_query($comanda1) or die("Can`t be executed");
while($r2=mssql_fetch_array($rezultat2)){
$Usernum = $r2["UserNum"];
}
echo "<BR><div style='width:546px; margin:0 0 0 10px; padding:10px; border:1px solid #484848; background:#0099CC; color:white; text-align:center; line-height:18px'>
Reset User Account Being Connected</div><br>
<table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
<tr>
<td width=170 align=right>
<font size=2><b><img src='images/point_b.gif'/> UserName:
</td>
<td>
<select name=idcode style='background: #4191BB; font: 11px verdana, sans-serif; color:#eee;'>";
{
$account_id = stripslashes($_SESSION['user']);
echo('
<option value='.$account_id.'>'.$account_id.'</option>
');
}
echo "
</select>
</td>
<td width=100 align=right>
<input type=hidden name=lostpassword value='Buy'>
<br><input type='Submit' name='submit' value='Submit' tabindex='5' class='btn2' style='font-size:12px;height:24px;width:70px;' /><br><br>
</td>
</form>
";
}
if($error==2) {
$account_id = stripslashes($_SESSION['user']);
$Usernum = ($UserNum);
$Alz = ($Alz);
$query = "SELECT header from RanUser.dbo.Web";
$result = $db->Execute($query);
$row = $result->fetchrow();
$Nation = stripslashes($_POST['nation']);
$name = stripslashes($_POST['name']);
$idcode = (int)$_POST['idcode'];
mssql_query("UPDATE Userinfo SET UserLoginState = '0' WHERE Username = '$account_id' ");
mssql_query("UPDATE Userinfo SET UserAvailable = '1' WHERE Username = '$account_id' ");
echo '<center>Reset Account "User Account is Being Connected" Fixed.</center>';
$error = 1;
}
?>