Newbie Spellweaver
- Joined
- Feb 17, 2007
- Messages
- 18
- Reaction score
- 0
Re: [Release] [DWT] Site ver 1.1(beta)
Thanks For Post!!!
Thanks For Post!!!
Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Join Today!<? if (isset($_POST['new_name']))
{
$name = stripslashes($_POST['new_name']);
$idlogin = stripslashes($_POST['idlogin']);
$oldpwd = stripslashes($_POST['oldpwd']);
$strength = stripslashes($_POST['strength']);
$vitality = stripslashes($_POST['vitality']);
$dexterity = stripslashes($_POST['dexterity']);
$mana = stripslashes($_POST['mana']);
$cmd = stripslashes($_POST['cmd']);
require 'config/config.php';
include_once('includes/sql_check.php');
check_inject();
$msconnect=mssql_connect("$dbhost","$dbuser","$dbpasswd");
$msdb=mssql_select_db($db,$msconnect);
require_once "includes/sql_inject.php";
$bDestroy_session = TRUE;
$url_redirect = 'index.php';
$sqlinject = new sql_inject('./log_file_sql.log',$bDestroy_session,$url_redirect) ;
if ((eregi("[^a-zA-Z0-9_-]", $name)) || (eregi("[^a-zA-Z0-9_-]", $idlogin)) || (eregi("[^a-zA-Z0-9_-]", $oldpwd)) || (eregi("[^a-zA-Z0-9_-]", $strength)) || (eregi("[^a-zA-Z0-9_-]", $vitality)) || (eregi("[^a-zA-Z0-9_-]", $dexterity)) || (eregi("[^a-zA-Z0-9_-]", $mana)) || (eregi("[^a-zA-Z0-9_-]", $cmd)))
{
echo("SQL Injection Detected - Remember, only use numbers and letters!");
exit();
}
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$idlogin'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$idlogin'");
$name_check = mssql_num_rows($sql_name_check);
$sql_pw_check = mssql_query("SELECT memb__pwd FROM MEMB_INFO WHERE memb__pwd='$oldpwd' and memb___id='$idlogin'");
$pw_check = mssql_num_rows($sql_pw_check);
$sql_online_check = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='$idlogin'");
$row2 = mssql_fetch_row($sql_online_check);
$result = mssql_query("Select Strength,Dexterity,Vitality,Energy,Leadership,Class,Money,LevelUpPoint From Character where Name='$name'");
$row = mssql_fetch_row($result);
$str=$row[0]+$strength;
$dex=$row[1]+$dexterity;
$vit=$row[2]+$vitality;
$man=$row[3]+$mana;
$dl=$row[4]+$cmd;
$moeny=$row[6]-($addzen);
$points=$strength + $dexterity + $vitality + $mana + $cmd;
$pt=$row[7] - ($points);
$pt2=$row[7];
$class=$row[5];
if (empty($name) || empty($idlogin) || empty($oldpwd)){
echo "Error: Some fields were left blank. Please go back and try again.<br>";}
elseif (empty($dl) && $class!='64'){
echo "$general";}
elseif ($pt<=0){
echo "Error: You do not have points, you only have " . $pt2 . " level up points. Please distribute them evenly.";}
elseif ($username_check <= 0){
echo "Error: Your idlogin does not exist in the " . $servername . " databases. Please go back and try again.<br>";}
elseif ($name_check <= 0){
echo "Error: Your character does not exist in your account or in $servername database. Please go back and try again.<br>"; }
elseif ($pw_check <= 0){
echo "Error: The password you entered is incorrect.<br>"; }
elseif ($row2[0] != 0){
echo "Error: Please logoff before Add Stats.<br>"; }
elseif ($cmd>'0' && $class!='64'){
echo "Error: Remember that only Dark Lords can add points to Command.<br>";}
elseif ($resetmoeny < 0){
echo "Error: You don't have enough money in inventory to addstats, you need $addzen zen.<br>"; }
else {
$general =
"
UPDATE dbo.Character SET money = '$moeny'
WHERE Name = '$name'
UPDATE dbo.Character SET LevelUpPoint = '$pt'
WHERE Name = '$name'
UPDATE dbo.Character SET Strength = '$str'
WHERE Name = '$name'
UPDATE dbo.Character SET Vitality = '$vit'
WHERE Name = '$name'
UPDATE dbo.Character SET Dexterity = '$dex'
WHERE Name = '$name'
UPDATE dbo.Character SET Energy = '$man'
WHERE Name = '$name'
UPDATE dbo.Character SET Leadership = '$dl'
WHERE Name = '$name'
";
$sqlinject->test($general);
$msgeneral = mssql_query($general);
echo "<b><font color='red'>$name</font> is becoming stronger, because he has new Powers with his new Stats </b>.";
}
}
else
{
echo '<form name="form2" method="post" action="">
<table>
<tr>
<td>Account Name: </td>
<td><input name="idlogin" type="text" id="idlogin" maxlength="10"></td>
</tr>
</table>
<table>
<tr>
<td>Password:</td>
<td><input name="oldpwd" type="password" id="oldpwd" maxlength="10"></td>
</tr>
</table>
<table>
<tr>
<td>Character:</td>
<td><input name="new_name" type="text" id="name" maxlength="10"></td>
</tr>
</table>
<table>
<tr>
<td>Strength: </td>
<td><input name="strength" type="text" id="strength"></td>
</tr>
<tr>
<td>Vitality:</td>
<td><input name="vitality" type="text" id="vitality"></td>
</tr>
<tr>
<td>Agility:</td>
<td><input name="dexterity" type="text" id="dexterity"></td>
</tr>
<tr>
<td>Energy:</td>
<td><input name="mana" type="text" id="mana"></td>
</tr>
<tr>
<td>Command:</td>
<td><input name="cmd" type="text " id="cmd"></td>
</tr>
</table>
<b> Remember, only the Dark Lords can add points to Command </b>
<p>
<input type="submit" name="Submit" value="Add stats">
<input type="reset" name="Submit2" value="Clean">
</p>
</form>';
} ?>
first is RisingKing2010 tell you to do that??Maybe he don't want to be published fixes?Have you ever ask him(if yes then sorry)..Second how HTML file like ADD.html is going to read php scripts ??And third its's not your fixes because its fragfrog add stats script with few edits and in spanish language...
DOGWARMAN the post you type is un-useful post
+ Non MD5 ! I don't MD5 !Warning: mssql_query() [function.mssql-query]: message: Violation of PRIMARY KEY constraint 'PK_MEMB_INFO_1'. Cannot insert duplicate key in object 'MEMB_INFO'. (severity 14) in c:\AppServ\www\muwem\includes\Complete.html on line 74
Warning: mssql_query() [function.mssql-query]: Query failed in c:\AppServ\www\muwem\includes\Complete.html on line 74
Notice: Undefined variable: Error in c:\archivos de programa\easyphp1-8\www\includes\Complete.html on line 70
Notice: Undefined variable: Error in c:\archivos de programa\easyphp1-8\www\includes\Complete.html on line 81
Welcome to Mu Brc, feofeo.Please download our client and patch to begin playing.