Perfect World Account Manager

[LegalSin(scam)]

Hi this little tool is to help you go in game faster it can be used for mass production to.
Instructions:
Place this php file in your server:

PHP Code:

<?php
function cuint($data)
{
    if($data < 64)
            return strrev(pack("C", $data));
    else if($data < 16384)
            return strrev(pack("S", ($data | 0x8000)));
    else if($data < 536870912)
            return strrev(pack("I", ($data | 0xC0000000)));
    return strrev(pack("c", -32) . pack("I", $data));
}

function verify_roles($id){
        $GameServer = "0.0.0.0"; //Your gameserver ip
        $GamedbPort = "1";//Your gameserver port
        $roleid_arr = array();
        $rolename_arr = array();
        $result_array = array();
        $sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
        if(!$sock)
        {
                die(socket_strerror(socket_last_error()));
        }
        if(socket_connect($sock, $GameServer, $GamedbPort))
        {
            socket_set_block($sock);
            $data = cuint(3401)."\x08\x80\x00\x00\x01".pack("N", $id);
                
            $sbytes = socket_send($sock, $data, 8192, 0);
            $rbytes = socket_recv($sock, $buf, 8192, 0);
            
            $strlarge = unpack( "H", substr( $buf, 2, 1 ) );
            if(substr($strlarge[1], 0, 1) == "8")
            {
                $start = 12;
            }
            else
            {
                $start = 11;
            }
            $rolescount = unpack( "c", substr( $buf, $start, 1 ) );
            $start = $start+1;
            $but = 0;
            for($i=0; $i<$rolescount[1]; $i++)
            {
                $roleid = unpack( "N", substr( $buf, $start, 4 ) );
                $start = $start+4;
                $namelarge = unpack( "c*", substr( $buf, $start, 1 ) );
                $start = $start+1;
                $rolename = iconv( "ASCII", "UTF-8", substr( $buf, $start, $namelarge[1] ) );
                $start = $start+$namelarge[1];
                array_push($roleid_arr, $roleid[1]);
                $string = preg_replace('/[^(\x20-\x7F)]*/','', $rolename);
                array_push($rolename_arr, $string);            
            $but++;
            }
                
            socket_set_nonblock($sock);
            socket_close($sock);
        }
        else
        {
            die(socket_strerror(socket_last_error()));
        }
        if($sock)
        {
        socket_close($sock);
        }
array_push($result_array, $roleid_arr);
array_push($result_array, $rolename_arr);        
return $result_array;
}

if(isset($_GET["user"], $_GET["pass"]))
{
    $user = $_GET["user"];
    $pass = $_GET["pass"];    
    $pattern = '^[A-Za-z0-9]+$';
    
    if (!ereg($pattern,$user))
    {
        return;
    }    
    if (!ereg($pattern,$pass))
    {
        return;
    }
    if(strlen($user) < 3 || strlen($user) > 10)
    {
        return;
    }
    if(strlen($pass) < 3 || strlen($pass) > 16)
    {
        return;
    }            

    $sql_server="0.0.0.0";  //Your mysql ip                        
    $sql_user="root";                //Your mysql user
    $sql_pass="root";            //Your mysql pass                
    $sql_data="pw";                    //Your mysql database where users are
    $link=mysql_connect($sql_server, $sql_user, $sql_pass) or die("Cant connect to mysql");
    $xadb=mysql_select_db($sql_data, $link) or  die("Cant connect to mysql");    
    $account = mysql_real_escape_string($user);
    $Salt = $user.$pass;
    $Salt = md5($Salt);
    $Salt = "0x".$Salt;
    
    $Select_pass_from_DB = mysql_query("SELECT * FROM `users` WHERE `name` LIKE '$account' LIMIT 0 , 30");
        if(mysql_num_rows($Select_pass_from_DB) > 0){
            $Array = mysql_fetch_assoc($Select_pass_from_DB);
            $ID = $Array['ID'];
            $Password_from_db = $Array['passwd'];
            $Password_from_db = addslashes($Password_from_db);
            $call_fn_varbintohexsubstring = mysql_query("SELECT fn_varbintohexsubstring (1,'$Password_from_db',1,0) AS result");
            $Row_FN = Mysql_Fetch_Array($call_fn_varbintohexsubstring);
            $getpassresult = $Row_FN[0]; 
            $Compare_Passwords = ($getpassresult == $Salt) ? 'true' : 'false';
                if($Compare_Passwords && $Compare_Passwords == 'true'){
                    header('Content-Type: application/json');
                    $temp = array();
                    $players = array();
                    $temp["logedin"] = true;
                    $temp["id"] = $ID;
                    $roles = verify_roles($ID);
                    for($i = 0; $i< count($roles[1]); $i++)
                    {
                        $players[] = $roles[1][$i];
                    }
                    $temp["players"] = json_encode($players);
                    mysql_close($link);
                    print json_encode($temp);
                    return;
                }
        }
        mysql_close($link);    
}
?>

ofc you can make it more secure or whatever the basic response is here:

PHP Code:

                    header('Content-Type: application/json');
                    $temp = array();
                    $players = array();
                    $temp["logedin"] = true;
                    $temp["id"] = $ID;
                    $roles = verify_roles($ID);
                    for($i = 0; $i< count($roles[1]); $i++)
                    {
                        $players[] = $roles[1][$i];
                    }
                    $temp["players"] = json_encode($players);
                    mysql_close($link);
                    print json_encode($temp);
                    return; 


Edit url in rar with the url to your script.

and thats it.

Questions below please!

[MentaL]

[gebryas]

base64 salt ?

[MaxZeus]

base64 salt ?

base64 ? Quite insecure lol.

[Swoosh91]

base64 ? Quite insecure lol.

B64 is not meant to be secure. It's an encoding scheme.

[MaxZeus]

B64 is not meant to be secure. It's an encoding scheme.

Right, and if you use it as salt, it means it's insecure, depending on the purpose. :)

[Swoosh91]

Right, and if you use it as salt, it means it's insecure, depending on the purpose. :)

Nothing speaks against using output of B64 as a salt, as long as the input to B64 is not predictable.

[LegalSin(scam)]

base64 salt ?

Look at your register script and adjust the php file i posted to your needs.

[shadowvzs]

Why everybody share or scripts without fix???
Mysql is deprecated.... You need use mysqli or pdo...
( also prepared query so don't need mysqlescapestring stuff)

(Why its make faster login? Because send packets for account data and 2nd request faster?)

[gebryas]

ya i did , just said maybe another person need do that too

[LegalSin(scam)]

QUOTE=shadowvzs;8745793]Why everybody share or scripts without fix???
Mysql is deprecated.... You need use mysqli or pdo...
( also prepared query so don't need mysqlescapestring stuff)

(Why its make faster login? Because send packets for account data and 2nd request faster?)[/QUOTE]


Old is stable and well known. Pw is old by using new things you make your life harder. As for your question we dont give redy to use because you have 2 hands and a brain.

[shadowvzs]

QUOTE=shadowvzs;8745793]Why everybody share or scripts without fix???
Mysql is deprecated.... You need use mysqli or pdo...
( also prepared query so don't need mysqlescapestring stuff)

(Why its make faster login? Because send packets for account data and 2nd request faster?)

Old is stable and well known. Pw is old by using new things you make your life harder. As for your question we dont give redy to use because you have 2 hands and a brain.[/QUOTE]

well you have brain too and maybe know slowly will be totally removed those commands since when u use apt-get install mysql no longer will support the old versions and every current version support the new mysqli since 5.3+ (even 343 with his lampp in his package what is new either)

[LegalSin(scam)]

Lampp is open source and i have my own code ;) dont care what they do next!

As stated in the topic notes IT IS A DEMO but is ready to use if you have the right tools.

Think your smart? Make something better and share with the community it took me 2 hours to build both the script and the windows program.

[shadowvzs]

Lampp is open source and i have my own code ;) dont care what they do next!

As stated in the topic notes IT IS A DEMO but is ready to use if you have the right tools.

Think your smart? Make something better and share with the community it took me 2 hours to build both the script and the windows program.

probabil but most of people use apt-get install mysql stuff...

*i don't said i am smarter, just replyed with your style*

btw you can check mine (except pwclass.php what made desmond), unfinished but doing with mysqli n packets, if you think insecure your welcome to reply where and takes less than 2 h to copy pase and configure :p

http://forum.ragezone.com/f752/php-b...admin-1122225/

[LegalSin(scam)]

probabil but most of people use apt-get install mysql stuff...

*i don't said i am smarter, just replyed with your style*

btw you can check mine (except pwclass.php what made desmond), unfinished but doing with mysqli n packets, if you think insecure your welcome to reply where and takes less than 2 h to copy pase and configure :p

http://forum.ragezone.com/f752/php-b...admin-1122225/

Lets get something straight here:
1) I don't care what most people usually use.
2) I don't care what you say next.
3) Mai invata si/sau daca nu stii intreaba.

[Ben]

Be happy that things are getting shared specially in these days, secure or not, for educational purposes it'll have its good/bad things.
Still wondering where the full tutorial of creating pwEditors stays :/ FeelsBadMan