[PHP] Utilities

TrinityCore Development TrinityCore Code Discussion
1

Config:

[CODE]<?php

$port = “3306”;

$host = “”;

$user = “”;

$pass = “”;

$characters = “”;

$auth = “”;

$cod = ‘utf8’;

?>[/CODE]

Register

[CODE]<?php

$realmd = array(

‘db_host’=> ‘localhost’, // Host IP

‘db_username’ => ‘root’, // Database login-name

‘db_password’ => ‘mangos’, // Database login-pass

‘db_name_realm’=> ‘realmd’, // Database name of realm

);

function check_for_symbols($string)

{

$len=strlen($string);

$allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i]))

    return TRUE;

return FALSE;

}

function sha_password($user,$pass)

{

$user = strtoupper($user);

$pass = strtoupper($pass);

return SHA1($user.':'.$pass);

}

if ($realmd[db_host] != “” && $realmd[db_username] != “” && $realmd[db_password] != “” && $realmd[db_name_realm] != “”)

{

$new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);

if ($new_connect)

    $selectdb = mysql_select_db($realmd[db_name_realm],$new_connect);

else

{

    echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect";

    die;

}


if ($new_connect && !$selectdb)

{

    echo "Could NOT connect to db: Database does not exist!";

    die; 

}


if ($_POST['registration'])

{

    $username = $_POST['username'];

    $password = sha_password($username,$_POST['password']);

    $expansionnumber = $_POST['expansion'];


    $check_username = mysql_query("SELECT username FROM `account` WHERE username='$username'");

    if ($username == "")

    {

        echo "Field username is empty!";

    }

    else if ($password == "")

    {

        echo "Field password is empty!";

    }

    else if (check_for_symbols($_POST[password]) == TRUE)

    {

        echo "Error with creating account: password has invalid symbols in it.";

    }

    else if (check_for_symbols($username) == TRUE)

    {

        echo "Error with creating account: username has invalid symbols in it.";

    }

    else if (mysql_num_rows($check_username) != 0)

    {

        echo "Error with creating account: name is already in use.";

    }

    else

    {

        $username = mysql_real_escape_string($username);

        mysql_query("INSERT INTO account (username,sha_pass_hash,expansion) VALUES

(‘$username’,‘$password’,‘$expansionnumber’)");

        if (mysql_error)

            echo mysql_errno($new_connect) . ": " . mysql_error($new_connect). "\n";

        else

        {

            echo "Account created.";

            mysql_close($new_connect);

        }

    }

}

else

{

    ?>

    <html>

    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">

    Username <input type="text" name="username">

    Password <input type="password" name="password">

    Expansion Selection<select name="expansion">

        <option value="1">Vanilla</option>

        <option value="2">TBC</option>

        <option value="3">WotLK</option>

    </select>

    <input type="submit" name="registration">

    </form>

    </html>

    <?php

}

}

else

echo "Config file either not present or connection variables are empty";

?>[/CODE]

Top honor:

[CODE]<?php

include (“config.php”);

$connect = mysql_connect($host,$user,$pass) OR DIE(“'Can’t connect with $host”);

mysql_select_db($characters,$connect) or die(mysql_error());

$result = mysql_query("SELECT * FROM characters ORDER BY totalKills DESC LIMIT 0 , 100 ");

?>

<table align=center cellpadding="0" cellspacing="0"  border="1" width=100%>

<thead>

    <td width="4%"><center>Nº</center></td>

    <td width="16%"><center>Character Name</center></td>

    <td width="4%"><center>level</center></td>

    <td width="5%"><center>Honor</center></td>

    <td width="4%"><center>Kills</center></td>

</thead>

<tbody>
<?php while($rows = mysql_fetch_object($result)) { $i++; $name = $rows->name; $level = $rows->level; $Total_Kills = $rows->totalKills; $Total_Honor = $rows->totalHonorPoints; echo " ",$i," ",$name," ",$level," ",$Total_Honor," ",$Total_Kills," "; } mysql_close($characters); ?>[/CODE]

Arena Top:

[CODE]

Top Arena body { background: #000000; color: #8f7e4b; font: 10pt tahoma, verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif; margin: 0px 0px 0px 0px; padding: 0px; text-align: center; } a:link { color: #d4c8a2; text-decoration: none; } a:visited { color: #d4c8a2; text-decoration: none; } a:hover, a:active { color: #FFFFFF; text-decoration: none; } <? include ("config.php"); $j=1; $teamType = array( '2' => '2x2', '3' => '3x3', '5' => '5x5' ); $connect = mysql_connect($host,$user,$pass) OR DIE("'Can't connect with $host"); mysql_select_db($characters,$connect) or die(mysql_error()); mysql_query("SET NAMES '$cod'"); if(!isset($_GET['guid'])){ $sql = mysql_query("SELECT * FROM `arena_team` ORDER by `name`"); echo ""; while ($row = mysql_fetch_array($sql)){ $query_num = mysql_query("SELECT COUNT(*) FROM `arena_team_member` WHERE `arenateamid`='$row[arenateamid]'"); $gleader = "SELECT name,race FROM `characters` WHERE `guid`='$row[captainguid]'"; $myrow = mysql_fetch_array(mysql_query($gleader)); $top = mysql_query("SELECT * FROM `arena_team_stats` WHERE `arenateamid`='$row[arenateamid]'"); $toprow = mysql_fetch_array($top); if($myrow['race']=="1" or $myrow['race']=="3" or $myrow['race']=="4" or $myrow['race']=="7" or $myrow['race']=="11"){ $faction = "alliance"; }else{ $faction = "horde";} echo " "; } echo "
Team Name Command Type Team Leader Faction Rating

".$row['name']."

 ".$teamType[$row['type']]." ".$myrow['name']."

".$toprow['rating']."


"; } if (@$_GET['guid'] ) { $name = "SELECT * FROM `arena_team` WHERE `arenateamid`='$_GET[guid]'"; $nrow = mysql_fetch_array(mysql_query($name)); $top = "SELECT * FROM `arena_team_stats` WHERE `arenateamid`='$_GET[guid]'"; $trow = mysql_fetch_array(mysql_query($top)); $member = "SELECT * FROM `arena_team_member` WHERE `arenateamid`='$_GET[guid]'"; $mrow = mysql_fetch_array(mysql_query($member)); $sql = mysql_query("SELECT * FROM `characters`, `arena_team_member` WHERE `characters`.`guid`=`arena_team_member`.`guid` and `arenateamid` = '".$_GET["guid"]."' "); $row = mysql_fetch_array($sql); $data = explode(' ',$row['data']); $lvl = $data[$ver]; $gender = dechex($data[36]); $gender = str_pad($gender,8, 0, STR_PAD_LEFT); $gender = $gender{3}; $guid = $row['guid']; $race = $row['race']; $class = $row['class']; $online = $row['online']; $j=1; echo "
Team Name ".$nrow['name']."
Rating ".$trow['rating']."
Command Type ".$teamType[$nrow['type']]."
Statistics of the Week
Played: ".$trow['games']." Won: ".$trow['wins']."
Stats
Played: ".$trow['played']." Won: ".$trow['wins2']."
"; echo " "; echo " "; echo "
# Nombre del Jugador lvl Raza Clase Game of the Week Won week Games for the season Won season Personal rating Online
$j ".$row[name]." $lvl ".$mrow['played_week']." ".$mrow['wons_week']." ".$mrow['played_season']." ".$mrow['wons_season']." ".$mrow['personal_rating']."



"; echo "
Index
"; } ?> [/CODE]

[B]

Uptime Server:[/B]

[CODE]<?php

require_once ( ‘config.php’);

mysql_connect($host, $user, $pass) or die (“Can’t connect with $host”);

mysql_selectdb (“$auth”);

$sql = mysql_query (“SELECT * FROM $auth.uptime ORDER BY starttime DESC LIMIT 1”);

$uptime_results = mysql_fetch_array($sql);

if ($uptime_results[‘uptime’] > 86400) {

$uptime =  round(($uptime_results['uptime'] / 24 / 60 / 60),2)." Days";

}

elseif($uptime_results[‘uptime’] > 3600) {

$uptime =  round(($uptime_results['uptime'] / 60 / 60),2)." Hours";

}

else {

$uptime =  round(($uptime_results['uptime'] / 60),2)." Min";

}

echo “Uptime:$uptime
”;

?>[/CODE]

Recover Password:

[CODE]<?php

/*

Very important! You need to run SQL update!

ALTER TABLE account ADD reset_password VARCHAR( 50 ) NOT NULL;

*/

/Config/

require_once ( ‘config.php’);

$conn = mysql_connect($host, $user, $pass, $realmd) or die('Connection failed: ’ . mysql_error());

$config = array(

‘path_to_thisfile’ => ‘http://www.fantasywow.es/lol/ownage/wow/pass_recovery.php’, // Example: http://mysite.com/lol/ownage/wow/

‘email_from’ => ‘[email protected]’, // Who should the email be sent from ?

‘email_subject’ => ‘Recupera tu contraseña!’, // Subject of the mail ??

);

function sha_password($user,$pass){

$user = strtoupper($user);

$pass = strtoupper($pass);

return SHA1($user.‘:’.$pass);

}

function random_string($counts){

$str = “abcdefghijklmnopqrstuvwxyz”;//Count 0-25

for($i=0;$i<$counts;$i++){

if ($o == 1){

$output .= rand(0,9);

$o = 0;

}else{

$o++;

$output .= $str[rand(0,25)];

}

}

return $output;

}

$realmd_bc_new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);

$selectdb = mysql_select_db($realmd[db_name],$realmd_bc_new_connect);

if ($_GET[h] && $_GET[h] != ‘’ && $_GET[h] != ‘0’){

$output_random_pass = random_string(10);

$query = mysql_query(“SELECT username FROM account WHERE reset_password=‘$_GET[h]’”);

$res = mysql_fetch_array($query);

if (mysql_num_rows($query) == 1){

echo “Hi $res[username], Your password is: $output_random_pass. Please change your password fast as possible.”;

$pass_hash = sha_password($res[username],$output_random_pass);

mysql_query(“UPDATE account SET sha_pass_hash=‘$pass_hash’ WHERE reset_password=‘$_GET[h]’”);

mysql_query(“UPDATE account SET reset_password=‘’ WHERE username=‘$res[username]’”);

}else{

echo “Error.”;

}

}else{

?>

<?php //this is where user fill in and send by email if ($_POST[password_takeback]){ $check_security = mysql_query("SELECT id FROM `account` WHERE username='$_POST[username]' AND email='$_POST[email]'"); if (isset($_POST['username']) && isset($_POST['email']) && mysql_num_rows($check_security) == 1){ $rand = random_string(40); mysql_query("UPDATE `account` SET reset_password='$rand' WHERE username='$_POST[username]'"); $to = $_POST["email"]; $from = "From: $config[email_from]"; $subject = $config[email_subject]; $message= "Hi $_POST[username], you have submitted a password recovery on our site. IF YOU DIDNT SUBMIT A PASSWORD REQUEST JUST DELETE THIS MAIL!. Please follow this link to complete the operation: $config[path_to_thisfile]?h=$rand"; mail($to, $subject, $message, $from); // This work if you have configured your php.ini file to send email, !on linux its default. echo "An Email has been sent to you, please follow the email to complete the process."; }else{ echo "Incorrect details, Please be sure that you submitted right Email and Username to your account"; } }else{ ?>

Tu Email:

<input type="text" name="email">

Tu Usuario:

<?php } }// End GET ?>[/CODE]

2c2:

[CODE]<?php

// MySQL

//Añadir el fondo deseado

echo “”;

$WoWHostname = “”; // MySQL server address

$WoWUsername = “”; // MySQL username

$WoWPassword = “”; // MySQL password

$CharacterDatabase = ‘’; // TC characters database

$RealmDatabase = ‘’; // TC relamd database

$WorldDatabase = ‘’; // TC world database

$CharacterDatabaseEncoding = ‘utf8’; // database character encoding

/*

*/

// DO NOT EDIT BELOW HERE IF YOU DON’T KNOW WHAT IT IS!!!

$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ’ . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ’ . mysql_error());

$sql = “SELECT * FROM characters WHERE online = 1 ORDER BY name”;

$result = mysql_query($sql, $WoWconn) or die('Query failed: ’ . mysql_error());

$count = 0;

?>

<?php // 5º parte $link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword); $db_selected = mysql_select_db($CharacterDatabase, $link); $sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '2' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10 $result = mysql_query($sql); if (!$result) { die('Invalid query: ' . mysql_error()); // en caso de error... } mysql_close($link); //Cerrar comando de rankin 2c2 $row = mysql_fetch_row($result); $i=1; echo "


"; echo "

Rankin 2c2

"; echo "
"; echo ""; while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada { echo ""; $row = mysql_fetch_row($result); } echo "
"; echo "

Nombre del grupo

Puntos de grupo
"; echo $row[0]; echo " "; echo $row[3]; echo "
"; // Fin parte 5 // Funciona: ?>[/CODE]

3c3:

[CODE]<?php

// MySQL

//Añadir el fondo deseado

echo “”;

$WoWHostname = “”; // MySQL server address

$WoWUsername = “”; // MySQL username

$WoWPassword = “”; // MySQL password

$CharacterDatabase = ‘’; // TC characters database

$RealmDatabase = ‘’; // TC relamd database

$WorldDatabase = ‘’; // TC world database

$CharacterDatabaseEncoding = ‘utf8’; // database character encoding

/*

*/

// DO NOT EDIT BELOW HERE IF YOU DON’T KNOW WHAT IT IS!!!

$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ’ . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ’ . mysql_error());

$sql = “SELECT * FROM characters WHERE online = 1 ORDER BY name”;

$result = mysql_query($sql, $WoWconn) or die('Query failed: ’ . mysql_error());

$count = 0;

?>

<?php // 5º parte $link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword); $db_selected = mysql_select_db($CharacterDatabase, $link); $sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '3' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10 $result = mysql_query($sql); if (!$result) { die('Invalid query: ' . mysql_error()); // en caso de error... } mysql_close($link); //Cerrar comando de rankin 2c2 $row = mysql_fetch_row($result); $i=1; echo "


"; echo "

Rankin 3c3

"; echo "
"; echo ""; while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada { echo ""; $row = mysql_fetch_row($result); } echo "
"; echo "

Nombre del grupo

Puntos de grupo
"; echo $row[0]; echo " "; echo $row[3]; echo "
"; // Fin parte 5 // Funciona: ?>[/CODE]

5c5:

[CODE]<?php

// MySQL

//Añadir el fondo deseado

echo “”;

$WoWHostname = “”; // MySQL server address

$WoWUsername = “”; // MySQL username

$WoWPassword = “”; // MySQL password

$CharacterDatabase = ‘’; // TC characters database

$RealmDatabase = ‘’; // TC relamd database

$WorldDatabase = ‘’; // TC world database

$CharacterDatabaseEncoding = ‘utf8’; // database character encoding

/*

*/

// DO NOT EDIT BELOW HERE IF YOU DON’T KNOW WHAT IT IS!!!

$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ’ . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ’ . mysql_error());

$sql = “SELECT * FROM characters WHERE online = 1 ORDER BY name”;

$result = mysql_query($sql, $WoWconn) or die('Query failed: ’ . mysql_error());

$count = 0;

?>

<?php // 5º parte $link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword); $db_selected = mysql_select_db($CharacterDatabase, $link); $sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '5' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10 $result = mysql_query($sql); if (!$result) { die('Invalid query: ' . mysql_error()); // en caso de error... } mysql_close($link); //Cerrar comando de rankin 2c2 $row = mysql_fetch_row($result); $i=1; echo "


"; echo "

Rankin 5c5

"; echo "
"; echo ""; while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada { echo ""; $row = mysql_fetch_row($result); } echo "
"; echo "

Nombre del grupo

Puntos de grupo
"; echo $row[0]; echo " "; echo $row[3]; echo "
"; // Fin parte 5 // Funciona: ?>[/CODE]
2

And… the images? xd



‘images/status/“.$online.”.gif’



Good contribution.

3

Mind you, these examples are unsafe as you can get. I recommend you update the script with sanitized variables rather than licking whichever the client gives.

4

and your topic title doesnt even say for what this utility is, so for what is this utility? /emoticons/default_biggrin.png

5

i don’t know much about mysql injections

don’t take it the wrong way but

shouldn’t you add some htmlspecialchars / stipslashes / strip_tags

to the $_GET variable ?

$sql = mysql_query(“SELECT * FROM characters, arena_team_member WHERE characters.guid=arena_team_member.guid and arenateamid = '”.$_GET[“guid”]."’ ");

happy new year

6

sorry, but this Utilities is for what??

an user can register in a realm??

/emoticons/default_biggrin.png thanks…

7

You are right, it’s sql inj.

Just add ’

.php?guid=1’

and you have mysql error /emoticons/default_smile.png

.php?guid=-1’;drop table characters /emoticons/default_unsure.png

I think to create new topic with a lot of scripts on php (safely scripts). Or post they here. Any ideas?

8

What is this???

function check_for_symbols($string) { $len=strlen($string); $allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i])) return TRUE; return FALSE; }[/php]
Just do so:

[php]function check_for_symbols($string) {
if (preg_match(‘/\W+/s’, $string) == 1) {return FALSE;}
return TRUE;
}

9

Recover Password:

[CODE]<?php

/*

Very important! You need to run SQL update!

ALTER TABLE account ADD reset_password VARCHAR( 50 ) NOT NULL;

*/

/Config/

require_once ( ‘config.php’);

$conn = mysql_connect($host, $user, $pass, $realmd) or die('Connection failed: ’ . mysql_error());

$config = array(

‘path_to_thisfile’ => ‘http://www.fantasywow.es/lol/ownage/wow/pass_recovery.php’, // Example: http://mysite.com/lol/ownage/wow/

‘email_from’ => ‘[email protected]’, // Who should the email be sent from ?

‘email_subject’ => ‘Recupera tu contraseña!’, // Subject of the mail ??

);

function sha_password($user,$pass){

$user = strtoupper($user);

$pass = strtoupper($pass);

return SHA1($user.‘:’.$pass);

}

function random_string($counts){

$str = “abcdefghijklmnopqrstuvwxyz”;//Count 0-25

for($i=0;$i<$counts;$i++){

if ($o == 1){

$output .= rand(0,9);

$o = 0;

}else{

$o++;

$output .= $str[rand(0,25)];

}

}

return $output;

}

$realmd_bc_new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);

$selectdb = mysql_select_db($realmd[db_name],$realmd_bc_new_connect);

if ($_GET[h] && $_GET[h] != ‘’ && $_GET[h] != ‘0’){

$output_random_pass = random_string(10);

$query = mysql_query(“SELECT username FROM account WHERE reset_password=‘$_GET[h]’”);

$res = mysql_fetch_array($query);

if (mysql_num_rows($query) == 1){

echo “Hi $res[username], Your password is: $output_random_pass. Please change your password fast as possible.”;

$pass_hash = sha_password($res[username],$output_random_pass);

mysql_query(“UPDATE account SET sha_pass_hash=‘$pass_hash’ WHERE reset_password=‘$_GET[h]’”);

mysql_query(“UPDATE account SET reset_password=‘’ WHERE username=‘$res[username]’”);

}else{

echo “Error.”;

}

}else{

?>

<?php //this is where user fill in and send by email if ($_POST[password_takeback]){ $check_security = mysql_query("SELECT id FROM `account` WHERE username='$_POST[username]' AND email='$_POST[email]'"); if (isset($_POST['username']) && isset($_POST['email']) && mysql_num_rows($check_security) == 1){ $rand = random_string(40); mysql_query("UPDATE `account` SET reset_password='$rand' WHERE username='$_POST[username]'"); $to = $_POST["email"]; $from = "From: $config[email_from]"; $subject = $config[email_subject]; $message= "Hi $_POST[username], you have submitted a password recovery on our site. IF YOU DIDNT SUBMIT A PASSWORD REQUEST JUST DELETE THIS MAIL!. Please follow this link to complete the operation: $config[path_to_thisfile]?h=$rand"; mail($to, $subject, $message, $from); // This work if you have configured your php.ini file to send email, !on linux its default. echo "An Email has been sent to you, please follow the email to complete the process."; }else{ echo "Incorrect details, Please be sure that you submitted right Email and Username to your account"; } }else{ ?>

Tu Email:

<input type="text" name="email">

Tu Usuario:

<?php } }// End GET ?>[/CODE]
10

I updated the register script to make it look cool in tables as well as cross check between 2 passwords and 2 emails and enter emails into it.

[CODE]<?php

$realmd = array(

‘db_host’=> ‘localhost’, // Host IP

‘db_username’ => ‘’, // Database login-name

‘db_password’ => ‘’, // Database login-pass

‘db_name_realm’=> ‘’, // Auth database

);

function check_for_symbols($string)

{

$len=strlen($string);

$allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";

for($i=0;$i<$len;$i++)if(!strstr($allowed_chars,$string[$i]))

    return TRUE;

return FALSE;

}

function sha_password($user,$pass)

{

$user = strtoupper($user);

$pass = strtoupper($pass);

return SHA1($user.':'.$pass);

}

if ($realmd[db_host] != “” && $realmd[db_username] != “” && $realmd[db_password] != “” && $realmd[db_name_realm] != “”)

{

$new_connect = mysql_connect($realmd[db_host],$realmd[db_username],$realmd[db_password]);

if ($new_connect)

    $selectdb = mysql_select_db($realmd[db_name_realm],$new_connect);

else

{

    echo "Could NOT connect to db: Configs (Name/Pass/Port/IP) are incorrect";

    die;

}


if ($new_connect && !$selectdb)

{

    echo "Could NOT connect to db: Database does not exist!";

    die; 

}


if ($_POST['registration'])

{

    $username = $_POST['username'];

    $password = sha_password($username,$_POST['password']);

$passcheck1 = $_POST['password'];

$passcheck2 = $_POST['password2'];

$email = $_POST['email'];

	$email2 = $_POST['email2'];

    $expansionnumber = $_POST['expansion'];


    $check_username = mysql_query("SELECT username FROM `account` WHERE username='$username'");

    if ($username == "")

    {

        echo "Username is empty!";

    }

    else if ($password == "")

    {

        echo "Password is empty!";

    }

	else if ($passcheck2 == "")

	{

		echo "Please confirm your password!";

	}

    else if (check_for_symbols($_POST[password]) == TRUE)

    {

        echo "Error with creating account: password has invalid symbols in it.";

    }

    else if (check_for_symbols($username) == TRUE)

    {

        echo "Error with creating account: username has invalid symbols in it.";

    }

    else if (mysql_num_rows($check_username) != 0)

    {

        echo "Error with creating account: name is already in use.";

    }

	else if ($passcheck1 != $passcheck2)

	{

		echo "Passwords don't match!";

	}

	else if ($email == "")

	{

		echo "Email is empty!";

	}

	else if ($email2 == "")

	{

		echo "Please confirm your email!";

	}

	else if ($email != $email2)

	{

		echo "Emails don't match!";

	}

    else

    {

        $username = mysql_real_escape_string($username);

		$email = mysql_real_escape_string($email);

        mysql_query("INSERT INTO account (username,sha_pass_hash,email,expansion) VALUES

(‘$username’,‘$password’,‘$email’,‘$expansionnumber’)");

        if (mysql_error)

            echo mysql_errno($new_connect) . ": " . mysql_error($new_connect). "\n";

        else

        {

            echo "Account created.";

            mysql_close($new_connect);

        }

    }

}

else

{

    ?>

    <html>

<td><center>Account Registration</center></td>

<td><center><form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">

  <table width="100%" border="1">

    <tr>

      <td width="50%">Username:</td>

      <td width="50%"><input type="text" name="username" /></td>

    </tr>

    <tr>

      <td>Password:<br/>

        Confirm Password:</td>

      <td width="50%"><input type="password" name="password" />            <input type="password" name="password2" /></td>

    </tr>

    <tr>

      <td>Expansion Selection:</td>

      <td width="50%"><select name="expansion">

        <option value="1">Vanilla</option>

        <option value="2">TBC</option>

        <option selected value="3">WotLK</option>

        </select></td>

    </tr>

    <tr>

      <td>Email:<br/>

        Confirm Email:</td>

      <td width="50%"><input type="text" name="email" />            <input type="text" name="email2" /></td>

    </tr>

    </table>

    <input type="submit" name="registration" />

  </p>

</form></center></td>

    </html>

    <?php

}

}

else

{

echo "Config file either not present or connection variables are empty";

}

?>[/CODE]

11

as for mysql injection prevention its better to use pdo

12

And data validation, and so hard functions, as mysql_num_rows… It’s very bad script.

13

At least put the credits little troll!

interesting-scripts-for-your-website

14

The PHP: Recover Password

Everything works well, I sent the mail, you give the link and Update your password, so good.

But when login in the game, only works with the old password …

If you log with the old password and use .account password only lets change your password with the new password … do not understand.

15

It’s the same mistake almost everyone makes when making a password reset script… the v s and sessionkey columns need to be set to 0.

16

omg, yes thx /emoticons/default_biggrin.png

P.D. Dian change this:

[CODE]mysql_query(“UPDATE account SET sha_pass_hash=‘$pass_hash’ WHERE reset_password=‘$_GET[h]’”);

-mysql_query(“UPDATE account SET reset_password=‘’ WHERE username=‘$res[username]’”);

+mysql_query(“UPDATE account SET reset_password=‘’, sessionkey = ‘0’, v = ‘0’, s = ‘0’ WHERE username=‘$res[username]’”);

}else{

echo “Error.”;[/CODE]

17

2c2:

[CODE]<?php

// MySQL

//Añadir el fondo deseado

echo “”;

$WoWHostname = “”; // MySQL server address

$WoWUsername = “”; // MySQL username

$WoWPassword = “”; // MySQL password

$CharacterDatabase = ‘’; // TC characters database

$RealmDatabase = ‘’; // TC relamd database

$WorldDatabase = ‘’; // TC world database

$CharacterDatabaseEncoding = ‘utf8’; // database character encoding

/*

*/

// DO NOT EDIT BELOW HERE IF YOU DON’T KNOW WHAT IT IS!!!

$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ’ . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ’ . mysql_error());

$sql = “SELECT * FROM characters WHERE online = 1 ORDER BY name”;

$result = mysql_query($sql, $WoWconn) or die('Query failed: ’ . mysql_error());

$count = 0;

?>

<?php // 5º parte $link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword); $db_selected = mysql_select_db($CharacterDatabase, $link); $sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '2' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10 $result = mysql_query($sql); if (!$result) { die('Invalid query: ' . mysql_error()); // en caso de error... } mysql_close($link); //Cerrar comando de rankin 2c2 $row = mysql_fetch_row($result); $i=1; echo "


"; echo "

Rankin 2c2

"; echo "
"; echo ""; while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada { echo ""; $row = mysql_fetch_row($result); } echo "
"; echo "

Nombre del grupo

Puntos de grupo
"; echo $row[0]; echo " "; echo $row[3]; echo "
"; // Fin parte 5 // Funciona: ?>[/CODE]

3c3:

[CODE]<?php

// MySQL

//Añadir el fondo deseado

echo “”;

$WoWHostname = “”; // MySQL server address

$WoWUsername = “”; // MySQL username

$WoWPassword = “”; // MySQL password

$CharacterDatabase = ‘’; // TC characters database

$RealmDatabase = ‘’; // TC relamd database

$WorldDatabase = ‘’; // TC world database

$CharacterDatabaseEncoding = ‘utf8’; // database character encoding

/*

*/

// DO NOT EDIT BELOW HERE IF YOU DON’T KNOW WHAT IT IS!!!

$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ’ . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ’ . mysql_error());

$sql = “SELECT * FROM characters WHERE online = 1 ORDER BY name”;

$result = mysql_query($sql, $WoWconn) or die('Query failed: ’ . mysql_error());

$count = 0;

?>

<?php // 5º parte $link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword); $db_selected = mysql_select_db($CharacterDatabase, $link); $sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '3' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10 $result = mysql_query($sql); if (!$result) { die('Invalid query: ' . mysql_error()); // en caso de error... } mysql_close($link); //Cerrar comando de rankin 2c2 $row = mysql_fetch_row($result); $i=1; echo "


"; echo "

Rankin 3c3

"; echo "
"; echo ""; while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada { echo ""; $row = mysql_fetch_row($result); } echo "
"; echo "

Nombre del grupo

Puntos de grupo
"; echo $row[0]; echo " "; echo $row[3]; echo "
"; // Fin parte 5 // Funciona: ?>[/CODE]

5c5:

[CODE]<?php

// MySQL

//Añadir el fondo deseado

echo “”;

$WoWHostname = “”; // MySQL server address

$WoWUsername = “”; // MySQL username

$WoWPassword = “”; // MySQL password

$CharacterDatabase = ‘’; // TC characters database

$RealmDatabase = ‘’; // TC relamd database

$WorldDatabase = ‘’; // TC world database

$CharacterDatabaseEncoding = ‘utf8’; // database character encoding

/*

*/

// DO NOT EDIT BELOW HERE IF YOU DON’T KNOW WHAT IT IS!!!

$WoWconn = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword) or die('Connection failed: ’ . mysql_error());

mysql_select_db($CharacterDatabase, $WoWconn) or die('Select DB failed: ’ . mysql_error());

$sql = “SELECT * FROM characters WHERE online = 1 ORDER BY name”;

$result = mysql_query($sql, $WoWconn) or die('Query failed: ’ . mysql_error());

$count = 0;

?>

<?php // 5º parte $link = mysql_connect($WoWHostname, $WoWUsername, $WoWPassword); $db_selected = mysql_select_db($CharacterDatabase, $link); $sql = "SELECT `arena_team`.`name`, `arena_team`.`arenateamid`, `arena_team_stats`.`arenateamid`, `arena_team_stats`.`rating` FROM $CharacterDatabase.`arena_team`, $CharacterDatabase.`arena_team_stats` WHERE `arena_team_stats`.`arenateamid` = `arena_team`.`arenateamid` AND `arena_team`.`type` = '5' ORDER BY `arena_team_stats`.`rating` DESC LIMIT 30"; //Comando de rankin arenas 2c2 top10 $result = mysql_query($sql); if (!$result) { die('Invalid query: ' . mysql_error()); // en caso de error... } mysql_close($link); //Cerrar comando de rankin 2c2 $row = mysql_fetch_row($result); $i=1; echo "


"; echo "

Rankin 5c5

"; echo "
"; echo ""; while ($row != NULL) // Si hay algun resultado => proceder / ningun resultado => nada { echo ""; $row = mysql_fetch_row($result); } echo "
"; echo "

Nombre del grupo

Puntos de grupo
"; echo $row[0]; echo " "; echo $row[3]; echo "
"; // Fin parte 5 // Funciona: ?>[/CODE]
18

Original script has SQL injection written all over it. Have fun =P

19

I need php script for show gear score player

20

have you tested it?

pw still doesn’t work in-game.