niemka
Newbe
Dołączył: 29 Lip 2006
Posty: 11
Przeczytał: 0 tematów
Ostrzeżeń: 0/5
|
|
Błąd w Gracze online
Aby naprawic ten błąd edytujemy plik online.php w folderze mupagecore.
Usuwamy całą zawartość pliku online.php i wklejamy ten kod:
Kod:
<?php
$miasto = array(0 => 'Lorencia', 1 => 'Dungeon', 2 => 'Devias', 3 => 'Noria', 4 => 'Lost Tower', 5 => 'Place of Exile', 6 => 'Arena', 7 => 'Atlans', 8 => 'Tarkan', 9 => 'Devil Square', 10 => 'Icarus', 11 => 'Blood Castle 1', 12 => 'Blood Castle 2', 13 => 'Blood Castle 3', 14 => 'Blood Castle 4', 15 => 'Blood Castle 5', 16 => 'Blood Castle 6', 18 => 'Chaos Castle', 19 => 'Dare Devil', 22 => 'Lands of Kundum', 23 => 'Krynn', 24 => 'Kalima');
$result = mssql_query('SELECT [Name], [MapNumber], [ServerName]
FROM [Character]
JOIN [AccountCharacter] ON [Character].[Name] COLLATE Chinese_PRC_CI_AI = [AccountCharacter].[GameIDC] COLLATE Chinese_PRC_CI_AI
JOIN [MEMB_STAT] ON [Character].[AccountID] COLLATE Chinese_PRC_CS_AI = [MEMB_STAT].[memb___id] COLLATE Chinese_PRC_CS_AI
WHERE ([ConnectStat] = 1)
ORDER BY [ServerName] ASC, [ConnectTM] ASC;');
echo('<table width="50%" align="center">');
$i = 0;
while($row = mssql_fetch_assoc($result))
{
$i++;
echo('<tr>');
echo('<td align="left" width="10%">'.$i.'</td>');
echo('<td align="left" width="45%"><b>'.htmlspecialchars($row['Name']).'</b></td>');
echo('<td align="left" width="45%">'.$miasto[$row['MapNumber']].'<b></td>');
echo('<td align="left" width="45%">'.$row['ServerName'].'<b></td>');
echo('</tr>');
}
echo('</table>');
?>
Bład w ranking graczy
Edytujemy plik ranking.php w folderze mupagecore. Usuwamy całą zawartość pliku ranking.php i wklejamy ten kod:
Kod:
<?
/*-----------------------------------------------------*\
| SkyTeam MuPage file |
| this file is connected with module $page["ranking"] |
| File version 1.0 |
| by Amelek (szklarzewicz@wp.pl) |
| [link widoczny dla zalogowanych] |
\*-----------------------------------------------------*/
if(!defined('SkyTeamPageRUNNING'))
{
die("Include error..");
}
?>
<div style="text-align:center">
<form name=sortowanie method=post action="?strona=ranking">
<br>
<input type=hidden name=strona value=ranking>
<table>
<tr><td colspan=6><?= $lang_ranking_order_by ?></td></tr>
<tr>
<td><? echo $lang_Strength; ?></td><td><input type=radio value=str name=prim checked></td>
<td><? echo $lang_Strength; ?></td><td><input type=radio value=str name=sec checked></td>
<td><? echo $classes[0]; ?></td><td><input type=checkbox name=wizard value=1 checked></td>
</tr>
<tr>
<td><? echo $lang_Dexterity; ?></td><td><input type=radio value=agl name=prim></td>
<td><? echo $lang_Dexterity; ?></td><td><input type=radio value=agl name=sec></td>
<td><? echo $classes[16]; ?></td><td><input type=checkbox name=knight value=1 checked></td>
</tr>
<tr>
<td><? echo $lang_Vitality; ?></td><td><input type=radio value=vit name=prim></td>
<td><? echo $lang_Vitality; ?></td><td><input type=radio value=vit name=sec></td>
<td><? echo $classes[32]; ?></td><td><input type=checkbox name=elf value=1 checked></td>
</tr>
<tr>
<td><? echo $lang_Energy; ?></td><td><input type=radio value=enr name=prim></td>
<td><? echo $lang_Energy; ?></td><td><input type=radio value=enr name=sec></td>
<td><? echo $classes[48]; ?></td><td><input type=checkbox name=gladiator value=1 checked></td>
</tr>
<tr>
<td><? echo $lang_level; ?></td><td><input type=radio value=lvl name=prim></td>
<td><? echo $lang_level; ?></td><td><input type=radio value=lvl name=sec></td>
<td><? echo $classes[64]; ?></td><td><input type=checkbox name=lord value=1 checked></td>
</tr>
<tr>
<td><? echo $lang_Reset; ?></td><td><input type=radio value=res name=prim></td>
<td><? echo $lang_Reset; ?></td><td><input type=radio value=res name=sec></td>
<td> </td><td> </td>
</tr>
<tr>
<td>
<select name=sortdir_prim>
<option value=asc>Asc</option>
<option value=desc>Desc</option>
</select>
</td><td> </td><td>
<select name=sortdir_sec>
<option value=asc>Asc</option>
<option value=desc>Desc</option>
</select>
</td><td> </td>
<td><input type=text name=start_from title='From witch field show results?' value=0 size=3> - <input type=text name=count_result title='How many result should be shown?' value=100 size=3></td><td> </td>
</tr>
</table>
<br>
<input type="submit" value="<? if(!$use_button_images) echo $lang_sort; ?>" class=rank_sort>
</form>
</div>
<table width=100% align=center>
<td align=left width=10%> Lp </td>
<td align=left width=15%> <? echo $lang_Name; ?> </td>
<td align=left width=15%> <? echo $lang_race; ?> </td>
<td align=left width=10%> <? echo $lang_level; ?> </td>
<td align=left width=10%> <? echo $lang_Strength; ?> </td>
<td align=left width=10%> <? echo $lang_Dexterity; ?> </td>
<td align=left width=10%> <? echo $lang_Vitality; ?> </td>
<td align=left width=10%> <? echo $lang_Energy; ?> </td>
<td align=left width=10%> <? echo $lang_Reset; ?> </td>
<br><tr></tr>
<?php
if(isset($_POST['prim']))
{
settype($_POST['start_from'],'int');
settype($_POST['count_result'],'int');
if($_POST['count_result'] > 300)
echo 'Too many requests';
else
{
$sql = array ('str' => 'Strength',
'agl' => 'Dexterity',
'vit' => 'Vitality',
'enr' => 'Energy',
'lvl' => 'cLevel',
'res' => $res_column_name);
$first = $sql[$_POST['prim']];
$second = $sql[$_POST['sec']];
if(empty($first)) echo 'sort error';
else
{
$first = 'Order By '.$first;
if($_POST['sortdir_prim'] == 'desc') $first .= ' Desc';
elseif($_POST['sortdir_prim'] == 'asc') $first .= ' Asc';
if(!empty($second) AND $second != $sql[$_POST['prim']])
{
$first .= ', '.$second;
if($_POST['sortdir_sec'] == 'desc') $first .= ' Desc';
elseif($_POST['sortdir_sec'] == 'desc') $first .= ' Asc';
}
$klasy = array (
'wizard' => ' Class = 0 OR Class = 1 ',
'knight' => ' Class = 16 OR Class = 17 ',
'elf' => ' Class = 32 OR Class = 33 ',
'gladiator' => ' Class = 48 ',
'lord' => ' Class = 64'
);
$class_add = null;
if(!empty($_POST['wizard']))
$class_add .= $klasy['wizard'];
if(!empty($_POST['knight']))
$class_add .= $klasy['knight'];
if(!empty($_POST['elf']))
$class_add .= $klasy['elf'];
if(!empty($_POST['gladiator']))
$class_add .= $klasy['gladiator'];
if(!empty($_POST['lord']))
$class_add .= $klasy['lord'];
$class_add = str_replace(' ',' OR ',$class_add);
if(empty($class_add))
echo 'Nie wybrano żadnej profesji!';
else
{
//echo "SELECT TOP ".($_POST['start_from']+$_POST['count_result'])." Name, Class, cLevel, Strength, Dexterity, Vitality, Energy, $res_column_name, $isadmin_column_name FROM Character WHERE (".$class_add.") AND $isadmin_column_name != 1 $first;";
$result = mssql_query("SELECT TOP ".($_POST['start_from']+$_POST['count_result'])." Name, Class, cLevel, Strength, Dexterity, Vitality, Energy, $res_column_name, $isadmin_column_name FROM Character WHERE (".$class_add.") AND $isadmin_column_name != 1 $first;") OR die('Query FAILED');
}
}
}
}
else
$result = mssql_query("SELECT TOP 100 Name, Class, cLevel, Strength, Dexterity, Vitality, Energy, $res_column_name, $isadmin_column_name FROM Character WHERE $isadmin_column_name != 1 Order By $res_column_name desc, CLevel desc") OR die('Query FAILED');
if(!empty($result))
{
$a = $_POST['start_from'];
for($i=0;$i<mssql_num_rows($result);++$i)
{
//$row = mssql_result($result,$i);
$row = mssql_fetch_row($result);
if($i >= $_POST['start_from'])
{
$row[0] = htmlspecialchars ($row[0]);
if ($row[8] != 1)
{
$a = $a+1;
echo "<tr>";
echo "<td align=left width=10%>".$a;
echo "<td align=left width=15%> <b>".$row[0]."</b></td>";
echo "<td align=left width=15%>" .$classes[$row[1]]."<b></td>";
echo "<td align=left width=10%> ".$row[2]."</td>";
echo "<td align=left width=10%> ".$row[3]."</td>";
echo "<td align=left width=10%> ".$row[4]."</td>";
echo "<td align=left width=10%> ".$row[5]."</td>";
echo "<td align=left width=10%> ".$row[6]."</td>";
echo "<td align=left width=10%> ".$row[7]."</td>";
echo "</tr>";
}
}
}
}
?>
</table>
Bład w rejestracji
Otwieramy plik rejestracja2.php, usuwamy całą jego zawartość i wklejamy ten kod:
Kod:
<?
/*-----------------------------------------------------*\
| SkyTeam MuPage file |
| this file is connected with module $page["rejestracja"]|
| File version 1.0 |
| by Amelek (szklarzewicz@wp.pl) |
| [link widoczny dla zalogowanych] |
\*-----------------------------------------------------*/
if(!defined('SkyTeamPageRUNNING') OR !$page["rejestracja"])
{
die("Include error..");
}
?>
<div style="text-align:center">
<?php
if($reg == 1)
{
include "mupagecore/coreincludes/logsth.php";
$login = $_POST["login"];
$pw = $_POST["pw"];
$cpw = $_POST["cpw"];
$login = trim($login);
$pw = trim($pw);
$cpw = trim($cpw);
$name = $login;
if($page["validate_by_email"])
{
$naglowki = $lang_email_header;
function IsEMail($e)
{
$atom = '[-a-z0-9!#$%&\'*+/=?^_`{|}~]'; // allowed characters for part before "at" character
$domain = '([a-z]([-a-z0-9]*[a-z0-9]+)?)'; // allowed characters for part after "at" character
$regex = '^' . $atom . '+' . // One or more atom characters.
'(\.' . $atom . '+)*'. // Followed by zero or more dot separated sets of one or more atom characters.
'@'. // Followed by an "at" character.
'(' . $domain . '{1,63}\.)+'. // Followed by one or max 63 domain characters (dot separated).
$domain . '{2,63}'. // Must be followed by one set consisting a period of two
'$'; // or max 63 domain characters.
if (strlen($e) == 0)
{
return false;
}
elseif(count(explode("@",$e)) != 2)
{
return false;
}
else
{
if (eregi($regex, $e))
{
return true;
}
else
{
return false;
}
}
return false;
}
if(isEMail($_POST['email']))
{
// check if its in database..
if(strpos($_POST['email'], "'") !== false)
$email = false;
else
{
$check_mail = mssql_query("SELECT EMail FROM ST_EMAIL WHERE EMail = '".$_POST['email']."'");
$check_mail = mssql_fetch_row($check_mail);
if($check_mail[0] == $_POST['email'])
{
echo $lang_email_alredy_used.'<br>';
$email = false;
}
else
{
$email = $_POST['email'];
$mail_hash = md5(md5($nazwa.$email).md5($login,psw).md5(date('U')));
}
}
}
else
{
$email = false;
}
}
else
{
$email = 'Rejestracja przez strone';
}
//temp
//$email = 'Rejestracja przez strone';
$prq = "pyt";
$pra = "odp";
if(!$email)
{
echo $lang_email_error;
addtolog("<b>Wrong Email ".$_POST['email']."</b>","REG");
}
elseif((strtoupper($_POST['regconfirm']) != $HTTP_SESSION_VARS['regcode'] OR empty($_POST['regconfirm'])) AND $page["reg_code"])
{
echo $lang_reg_wrong_confirm_code;
addtolog("<b>Wrong code</b>","REG");
}
elseif(ereg("[^0-9a-zA-Z_-]", $login, $str))
{
echo $lang_login_wrong_chars;
addtolog("<b>Wrong Chars (login) $login</b>","REG");
}
elseif(ereg("[^0-9a-zA-Z_-]", $pw, $str))
{
echo $lang_pw_wrong_chars;
addtolog("<b>Wrong Chars (pass) $pass</b>","REG");
}
else
{
$login_test = strtolower($login);
$resultx = mssql_query("SELECT LOWER(memb___id) FROM MEMB_INFO WHERE LOWER(memb___id) = ('$login_test')") or die;
if (mssql_num_rows($resultx))
{
echo $lang_this_acc_exist;
addtolog("<b>Exist account $login</b>","REG");
}
elseif (empty($login) || empty($name) || empty($email) || empty($pw) || empty($cpw))
{
echo $lang_fill_fields;
}
elseif (strlen($login) < 4)
{
echo $lang_login_too_short;
}
elseif (strlen($pw) < 4)
{
echo $lang_pass_too_short;
}
elseif (strlen($pw) > 10)
{
echo $lang_pass_too_long;
}
elseif (strlen($login) > 10)
{
echo $lang_login_too_long;
}
elseif ($pw != $cpw)
{
echo $lang_pass_not_correct;
}
else
{
if($page["validate_by_email"] AND !$page["register_after_validation"]) // send mail..
{
mail($_POST['email'], $nazwa.$lang_email_title, sprintf($lang_email_content_1,$login,$nazwa,$mail_hash), $naglowki);
mssql_query("INSERT INTO ST_EMAIL (AccountID,EMail,Fine,hash) values('$login','$email',0,'$mail_hash',".date('U').")");
echo $lang_email_you_will_get_it.'<br>';
}
if(!$page["register_after_validation"] OR !$page["validate_by_email"])
{
addtolog("<b>REG: $login $pw</b>","REG");
mssql_query("INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days ) VALUES ('20055','1',1234,'$login','$login',1,'7','6','3','6','6',getdate(), 0 )") or die('error, account exists');
mssql_query("SET IDENTITY_INSERT MEMB_INFO ON INSERT INTO MEMB_INFO (memb_guid,memb___id,memb__pwd,memb_name,sno__numb,post_code,addr_info,addr_deta,tel__numb,mail_addr,phon_numb,fpas_ques,fpas_answ,job__code,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code) VALUES ('1','$login','$pw','$name', '1','1234','11111','personalid','12343','$email','$email','$prq','$pra','1',getdate(),getdate(),getdate(),getdate(),'1','0','1')") or die('error, query failed');
echo $lang_acc_done;
}
else
{
mail($_POST['email'], $nazwa.$lang_email_title, sprintf($lang_email_content_2,$login,$nazwa,$mail_hash), $naglowki);
mssql_query("INSERT INTO ST_EMAIL (AccountID,EMail,Fine,hash) values('$login','$email',0,'$mail_hash',".date('U').")");
addtolog("<b>Wait to register: $login $pw [$mail_hash]</b>","REG");
echo $lang_email_you_need_to_veryf_your_acc_before_you_can_play;
}
}
}
}
else
{
echo $lang_sorry_reg_off;
include "mupagecore/coreincludes/logsth.php";
addtolog("<b>TRYING TO HACK REG SCRIPT: $login $pw</b>","REG");
}
$login2 = $HTTP_SESSION_VARS['loginvar'];
$login = $HTTP_SESSION_VARS['loginvar'];
?>
</div>
Błąd po zalogowaniu na konto z wiadomościami
Edytuj plik mupagecore/mopageaccount/messages/menu.php:
Znajdź w nim:
Kod:
$wiadomosci = mssql_query('SELECT Name,
(SELECT count(do) FROM MAILSYSTEM where do = Character.Name AND Odczytana = 1) as Odczytane,
(SELECT count(do) FROM MAILSYSTEM where do = Character.Name AND Odczytana = 0) as NieOdczytane,
CtlCode
FROM Character WHERE AccountId = \''.$login.'\';');
zmień na:
Kod:
$wiadomosci = mssql_query('SELECT [Name],
(SELECT COUNT(do) FROM [MAILSYSTEM] WHERE ([do] COLLATE Chinese_PRC_CI_AI = [Character].[Name] COLLATE Chinese_PRC_CI_AI) AND ([Odczytana] = 1)) AS [Odczytane],
(SELECT COUNT(do) FROM [MAILSYSTEM] WHERE( [do] COLLATE Chinese_PRC_CI_AI = [Character].[Name] COLLATE Chinese_PRC_CI_AI) AND ([Odczytana] = 0)) AS [NieOdczytane],
[CtlCode]
FROM [Character]
WHERE ([AccountId] = \''.$login.'\');');
Jeśli to nic nie pomoże to otwieramy plik mupagecore\mupageaccount\messages\menu.php, usuwamy całą jego zawartość i wklejamy ten kod:
Kod:
<?
if(!defined('SkyTeamPageRUNNING'))
{
die("Include error..");
}
?>
<?php
if($page["prvmsg"])
{
if(strpos($login, "'") !== false)
die('Hacking Attempt!');
$wiadomosci = mssql_query('SELECT [Name],
(SELECT COUNT(do) FROM [MAILSYSTEM] WHERE ([do] COLLATE Chinese_PRC_CI_AI = [Character].[Name] COLLATE Chinese_PRC_CI_AI) AND ([Odczytana] = 1)) AS [Odczytane],
(SELECT COUNT(do) FROM [MAILSYSTEM] WHERE( [do] COLLATE Chinese_PRC_CI_AI = [Character].[Name] COLLATE Chinese_PRC_CI_AI) AND ([Odczytana] = 0)) AS [NieOdczytane],
[CtlCode]
FROM [Character]
WHERE ([AccountId] = \''.$login.'\');');
$wiadomosci_nowe = 0;
$wiadomosci_odczytane = 0;
for($x=0;$x<mssql_num_rows($wiadomosci);++$x)
{
$row = mssql_fetch_row($wiadomosci);
$wiadomosci_nowe += $row[2];
$wiadomosci_odczytane += $row[1];
}
add_menu_module('?strona=mupageaccount/messages/main',$lang_prvmsg['menu'].' '.$wiadomosci_odczytane.'/'.$wiadomosci_nowe);
}
?>
Następnie otwieramy plik main.php, usuwamy całą jego zawartość i wklejamy ten kod:
Kod:
<?
if(!defined('SkyTeamPageRUNNING'))
{
die("Include error..");
}
?>
<div style="text-align:center">
<?php
if($page["prvmsg"])
{
if(!empty($login) AND strlen($login) < 12)
{
if(strpos($login, "'") !== false)
die('Hacking Attempt!');
echo '<h2 class=highlight>'.$lang_prvmsg['menu'].'</h2>';
$sql_char_check = mssql_query("SELECT TOP 6 Name, CLevel, Reset, CtlCode FROM Character WHERE AccountID = '$login'");
$char_check = mssql_num_rows($sql_char_check);
if ($char_check <= 0)
{
echo $lang_a_no_characters;
}
else
{
echo '<b>'.$lang_prvmsg['your_characters_and_messages_to_them'].'</b><br>';
$mail_list = mssql_query('SELECT [Name],
(SELECT COUNT(do) FROM [MAILSYSTEM] WHERE ([do] COLLATE Chinese_PRC_CI_AI = [Character].[Name] COLLATE Chinese_PRC_CI_AI) AND ([Odczytana] = 1)) AS [Odczytane],
(SELECT COUNT(do) FROM [MAILSYSTEM] WHERE( [do] COLLATE Chinese_PRC_CI_AI = [Character].[Name] COLLATE Chinese_PRC_CI_AI) AND ([Odczytana] = 0)) AS [NieOdczytane],
[CtlCode]
FROM [Character]
WHERE ([AccountId] = \''.$login.'\');');
$wszystkich = 0;
$przeczytanych = 0;
for($x=0;$x<$char_check;++$x)
{
$row = mssql_fetch_row($mail_list);
if($row[4] == $login)
{
if($row[3] == 
{
echo '<span class=game_master_highlight>';
}
elseif($row[3] == 1)
{
echo '<span class=banned_highlight>';
}
else echo '<span>';
echo '<a href="?strona=mupageaccount/messages/mail&char='.$row[0].'">'.htmlspecialchars($row[0]).' ('.$row[1].'/'.$row[2].')</a></span><br>';
$wszystkich += $row[1]+$row[2];
$przeczytanych += $row[2];
}
}
printf($lang_prvmsg['all_new'],$wszystkich,$przeczytanych);
echo '<br>';
}
echo '<br><a href=?strona=mupageaccount/messages/napisz><img border=0 src=grafika/mail_new.png><br>'.$lang_prvmsg['write_new'].'</a><br><br>';
}
else echo $lang_login_error;
echo '<br><a href=?strona=mupageaccount/main>'.$lang_prvmsg['back_to_main_admin'].'</b></a>';
}
?>
</div>
|
|
