[PHP] AccountManager

Hello,

I start program in PHP and this is my first creation.

[FONT=‘comic sans ms’][SIZE=24px]Function:[/FONT][/SIZE]

Change Expansion

Change Password


Change Email

Rename

Lotery with golds

Donate

Extract files and edit include/config.php

Account Manager is for TrinityCore2 can be used for OregonCore(Donate can’t)

Demo: < Link Removed>

account: test

password: test

Download: Filebeam - Beam up that File Scottie!

it looks nice, very nice i havent downloaded it yet, so i cant say if the coding is correct.

First about html: its bad, really bad. eg:

<div class="">

or using ’ instead of ". Login form doesnt submit when i hit Enter/Return

Now a fast look into your code, includes dir:

functions.php

[CODE] function wClass($class)

{

switch($class)

{

case 1:

$class = “Warrior”;

break;

// rest of code

}

}[/CODE]

Really? Why dont you just:

[CODE]

$class = array(

1 => “Warrior”

// etc

);[/CODE]

And then echo $class[$class_id] ? Same with race and expansion. Your whole functions.php except sha1_pass() is useless

I dont like how language variable is declared, you should name the array keys, eg $lang[‘pass’] etc.

login/index.php

I dont like how you handle with mysql, this can be done better. Use PDO for it.

Also, $_POST variables should be verified with PHP aswell, i cant see a single preg_match there.

$_SESSION['username'] = ucwords(strtolower($overeni_fetch['username']));

Thats bad, why dont you use a single function like ucfirst() here?

pages/email.php

filter_var is a nice approach on validating email but it will return true when some1 puts [email protected]

changing an email should require email validation (you send an email with confirmation linkto old adress,

user clicks the link and then mail is changed) same should be done with password.

pages/password.php

$pass_sql  = "UPDATE account SET sha_pass_hash='".sha1_pass($_SESSION['username'], $pass_mres)."' WHERE id=".$_SESSION['id'];

Wont work, you have to reset (set to 0) v, s and session_key columns in account table aswell. You should wipe

the session and force user to relogin after changing a pass.

pages/rename.php

Done wrong, you dont control the input name at all, eg Aw3s0m_e will be a valid name. Not mentioning this

is not how rename should go. You are updating the name in characters table instead of updating at_login column.

Why? Wouldnt be better to let the game handle rename? What if some1 picks a name that is owned by some1 allready?

[CODE]$char_exist_sql = “SELECT * FROM characters WHERE name='”.$rename_mres.“'”;

$char_exist_q = mysql_query($char_exist_sql);

$char_exist = mysql_num_rows($char_exist_q);

$golds_sql = “SELECT * FROM characters WHERE guid=”.$name_mres;[/CODE]
What? Such a fail, and im sure theres more of those in your code ;-p

Why SELECT * ? Why 2 SQL’s? “SELECT id, name, mone FROM…” Theres 71 colums in characters table

some of them hold large amount of data and you really dont need all of those. Also, SELECTs should

be done by id when its possible, and it is possible in this case.

I see same SQL fail in pages/lottery.php. I dont like your variable naming aswell, some times you use your

local language instead of english, if i wouldnt know php i would have problems with understanding whats

going on in the code.

Ok, i think its enought :wink: GL & HF fixing your code.

Also there’s alot fails in there… you should also protect with SQL injections and data insertion testing.

I know the link is to a demo site. yet the host still shows a private server. we do not allow linking to private servers on these forums.