To the one that coded it:
It's really noobish, I'm sorry. Some places it selects everything from the database and then count the number of results. That's a ****ing load for a simple number. Just select the AID only, that should be enough.
Also, a COOKIE can be edited and a SESSION can be spoofed. So at both ways we'll need to apply the antisql function.
About the antisql function, it was copy/pasted from the web, but you forgot the UPDATE and the WHERE. Both SQL commands can be used together in a malicious way.
Let's hope you're doing better after >.>.
P.S. It's also required to add a check that checks if both SESSION['UserID'] and SESSION['Password'] are actually matching. Spoofing, remind?
For the username/password check use the following code (Copied from the GunZ CMS I'm working on):
PHP Code:
//Let's have a look at the SESSIONS and kill some people if needed.
//Note that this is extra secutity.
if (isset($_SESSION['UserID']) || isset($_SESSION['Password']))
{
$query = odbc_exec($connect,"SELECT AID FROM Login WHERE UserID = '" . antisql($_SESSION['UserID']) . "' AND Password = '" . antisql($_SESSION['Password']) . "'");
$count = num_rows($query);
//If some weird guy got a SESSION spoofed.
if ($count == 0)
{
session_destroy();
gtfo("That was funny. Sessions cleared though <3.");
}
}
Same for the sessions, session_destroy is good enough, no need to destroy every single SESSION.
This fix only includes a fixed antisql function and the antisql function used over each SESSION and the COOKIE check. Any other bugs or parts of bad coding are NOT fixed. You'll need to do it yourself or just switch back to a simple regpage.
Also, it's true that I'm working on a GunZ CMS that'll have the following features:
1) Great layout (Griever FTW?)
2) Itemshop. You create sets and add any ItemID's with it.
3) AdminCP.
4) UserCP.
5) ClanCP.
And more. The good news is also that it's going to be written with the connectiontype ODBC, with almost each line commented so you can learn a bit of PHP.
Please note that you can't expect any release date, if I even have the time to finish it.
Downloadlinks: (Attachments are great, as long as they allow files bigger than 1 Mb)
[Only registered and activated users can see links. ] [Only registered and activated users can see links. ]
After a lot of work, I am releasing my new admin panel.
Features:
New skin, that makes the panel more comfortable
Updated Notepad, for communicating between Admins/Mods
New search Engine, With more search options
Fixed and New Account and Character management functions
Added Clan management functions
Added Country restriction functions
Installation:
First download the panel from the attachment
Then create a folder at your gunz website for the panel, named like panel or admin, w/e
Unpack all the files of the panel inside that folder, password for unpacking: emisandrz08
Open the config.php file.
There you have to set the SQL connection options.
At $_MSSQL[Host] you have to set the SQL server address, like MYCOMP\SQLEXPRESS or 127.0.0.1\SQLEXPRESS
Then, at $_MSSQL[User] you have to set the MSSQL User, at $_MSSQL[Pass] the MSSQL Password and at $_MSSQL[DBNa] the Gunz Database
Then you can select the Panel's Language, if you want it in english, just leave $_CONFIG[Language] = "english"; and if you want it in spanish, set it to $_CONFIG[Language] = "espanol";
You can create a new language pack, you have to go to the lang folder and traslate one of the language packs there to your language and then save it with the language name, that name will be set at $_CONFIG[Language]
Then if you never changed you GunzDB table names, don't touch the table configurations, if you changed them, there you can set the new names.
Finally, If you use my Country Restriction System for Gunz ([Only registered and activated users can see links. ])
You can enable the country restriction functions by setting $_CONFIG[CountryBlock] = 1;
That will allow you to allow or block the countries you want easily.
After that, all is set and you can save the config.php
The panel is ready to use.
Information:
Logs are saved at logs folder, there you can check your admin's and mod's activity
The UgradeIDs that are allowed to log in into the panel are: 255, 254 and 252, if you want to change that go to functions.php and edit function login() and function check_ugradeid()
Screenshots:
Credits:
Panel fully coded by me.
Skin designed by Lambda
I hope you enjoy it.
If you have any problem, ask at this thread.
Password: emisandrz08
Download: [Only registered and activated users can see links. ]
I was bored and i still had the basics of the prevorious so i thought ... why not create a better regpage then the current ones.
Features:
- You can easiliy put YOUR servername in it. (Just edit $servername)
- Same for the Account and Login table. ($accounttable and $logintable)
- IP Banning manually. (No database, just a matter of removing comment lines and putting the IP in it.)
- Banned Accounts are IP blocked. So if you ban someone, they can't register again under the same IP Address they've played with.
- E-mail check. No more fake emails.
- Age check. Checks if the age if numeric.
- It checks the Username and Email. If they're already in the database, an error message appears.
Tutorial:
1) Unpack the .rar (Duhhh)
2) Put the regpage in your www folder. (Or htdocs, w/e.)
3) Edit the variables at the top. (Servername, accounttable and logintable).
4) Edit the ODBC connection.
5) There is no 5th step. You're done!
This will be the last PHP script from me, apart from the shop i'm working on. I'm done with GunZ, i was just bored. Don't expect me to help you via PM with errors. (Apart from errors with this script).
I guess i'm clear about my copyright. If you don't want the copyright, then don't use this regpage. Easy enough.
Download: [Only registered and activated users can see links. ]
This is just a little tool I made to simplify some zitem tasks.
It can:
Change all zitem prices
Generate the id's either programatically (1,2,3,4), by type or by slot
Rip all strings.xml strings to zitem. (Takes a second or so)
Remove all comments
Generate shop.xml
If you have any errors, please post them
If you have any ideas to implement, please post them as well.
Version History
1.0
Basic version, few tools.
1.1
+ New Interface
+ Numerical order starting from X
+ Comments remover
+ DLL removed
What's going to be added
Here are a list of things that should/might be implemented.
Actual ordering (As in moving each item node)
Shop.xml generation that doesn't include Staff, Event or Donor items.
A better interface - Buttons instead of text, etc.
Instructions
Download from below.
Either put the program in a folder with your zitem.xml (And strings.xml, if you want to use the strings ripper) or run it and browse for the zitem. - You must have the dll in the same folder as the exe.
Modify your zitem. - You only have to save once you're all done, you can make multiple edits in one go.
MAKE SURE TO PRESS SAVE ZITEM! - it will also create zitem.xml.bak, In case you didn't back it up yourself.
If you ran the program in your system folder, be sure to remove the program, .bak, and any dll's left over. Wouldn't want to increase filesize would we :P.
Done!
Downloads
[Only registered and activated users can see links. ]
Xiao's June Runnable [26/07/08]
Editable Runnable Important Note :-
the game wont start if u dont open by launcher
The Runnable features :-
Xtrap Skipped :D.
Forced to open client with launcher
Respawns with updating launcher
No Virus [AVG,Avast,Kaspersky,ESET Nod32 friendly]
Custom Maps Enabled
Loads Map Banner
Filelist Enabled in Xiao's June-Runnable [FileList Enabled].rar
FileList Disabled in Xiao's June-Runnable [FileList Skip].rar
If there are any bugs found in the runnable pls do post here
i may try to find a fix :)
Tutorial
Choose which runnable u need
Place it in ur Gunz directory
Download this [Only registered and activated users can see links. ] also works with Official Launcher Like the India gunz and the Br gunz launcher
Place it in Gunz Directory
Start the game with Launcher or it wont Start
Code:
Note :-
THe CRC32 value and MD5 value Changes when u edit it
Xiao's June-Runnable [FileList Skip]
MD5 Value = 0DA85A966066BC04F0FF59A607F2C51A
CRC32 Value = AFBCFA58
Xiao's June-Runnable [FileList Enabled]
MD5 Value = E2CBD135DE1E78BEDFA613034B2912E1
CRC32 Value = D6896816
Special thanks for makin june almost stable :) Emisand
Rotana
Maxtrax
maxteam
7-Eleven
System32
ROA
Download (Supported Launchers): [Only registered and activated users can see links. ]
Download (FileList Disabled): [Only registered and activated users can see links. ]
Download (FileList Enabled): [Only registered and activated users can see links. ]
================================================== =
==================GunZ DB Manager====================
================================================== =
Quote:
New Version of GunzDB Manager V2.2 Beta1 Final release ( no newer version )!
* Accounts Table.
* Account Items Table.
* Characters Table.
* Characters Items Table.
* Clans Table.
* Clan Members Table.
* Locator Status Table.
* Server Status Table.
* Server load.
* Help, how to use.
* About / contacts.
* Renew Connections option.
* Show/Hide Connection info.
* Exit the program.
* Refresh Connection Option.
* New Design, new Picture.
* Item Table added
* Server Logs added.
* Game Logs Added.
* Quest game Logs added.
* Tables re-ordered.
* Wide window.
* Tables got Groups.
* DeX V1.1 tables added * Most of the GunzDB used Tables added
Installation for V2.2 beta1 Final Release :[/SIZE][/B]
[I] Open the .exe file, and install it normally, then open the file name GunzDB Manager V2.2 Beta1 Final.exe.
Nothing else,,, there mustn't be any Error!!!!!
in the Custom login, didn't test it, maybe it works, and may not!
I hope this Manager is more usefull......
DOWNLOAD, GunzDB Manager V2.2 beta1 Final :[Only registered and activated users can see links. ]
*NOTE:-
* The functions all work fine with the BR-Jan 2007 Database engines*
* Close the program in using File--->Exit GunzDB Manager to prevent errors..*
* This program is just to make it fast to edit/view/add your GunZ Database*
*I'm not a coder or a programmer, I'm doing that in trying and a little reading, google made most of the work*
---------------------------------------------------------------------------------------
Sorry for my bad English ( English is not my mother language )..
Edited Channelrule.xml is included, place this in your system.mrs, it does not need to be present in your Matchserver folder
Also Remember in Server.ini your server must be set to clan, or it WILL NOT show up
[Only registered and activated users can see links. ]
Download Matchserver.exe [Only registered and activated users can see links. ] [Only registered and activated users can see links. ] [Only registered and activated users can see links. ] [Only registered and activated users can see links. ]
Download Channelrule.xml [Only registered and activated users can see links. ] [Only registered and activated users can see links. ] [Only registered and activated users can see links. ] [Only registered and activated users can see links. ]
You will not be able to Join your Clan Channel UNLESS Your Clan Name Has No Spaces
Partial Credits to Phail for Giving Me The Last Pieces of the Puzzle
Weapons/Equips that you get FROM the ijji Gamble Boxes.
Kung Fu Set, Xian Tactical Set, Pioneer, Koala Hat, Bugged Dual Daggers, Dual Shotguns and more.
Model/Man/Woman.mrs provided... So no missing models..
Shop.xml are rearranged by me. Still abit messy though.
All items are 0 bounty and sellable.
Download link: [Only registered and activated users can see links. ]
062909 Update:
Added more stuffs. Bow/Nail Gun, Navy set, etc.
Download Link: [Only registered and activated users can see links. ]
Enjoy... I will add custom items/weapons in the next update i think...
Credits: Ilovepie
------------------
I'll add more releases + tutorials later when I get back on.
I take no credit for any of these releases. I will not help you if you have problems. Have fun, and enjoy.
P.S: I have used every one of these releases. They are fine to use.
Some of them may come up as a virus/trojan , but they are harmless.
Last edited by shortymant; 10-07-2009 at 04:54 PM.
Is Always A Good Way To Show You Care <3
Hybrid Mode
