[PHP] Nation Transfer Script (种族转换脚本)
<?phpinclude('./anti_inject.php');
parth1tr();
parth1('100%', 2, 'center');
echo 'Nation Transfer ;
parth2();
parth2tr();
if (isset($_SESSION['sesuser'])) {
if ($_GET['Confirmed'] == 1) {
$connect = odbc_connect("$dbname", "$dbuser", "$dbpass");
$query = "SELECT strCharID1, strCharID2, strCharID3 FROM Account_Char WHERE strAccountID ='" . $_SESSION['sesuser'] . "' ";
$results = odbc_exec($connect, $query);
// Store all char names in var's.....
while (odbc_fetch_row($results)) {
$char1 = odbc_result($results, 1);
$char2 = odbc_result($results, 2);
$char3 = odbc_result($results, 3);
}
// Confirm they have a character
if ((empty($char1)) && (empty($char2)) && (empty($char3))) {
part1('100%', 1, 1, 'center');
echo '
Your not part of a Nation, how do you expect to change it?';
echo '
Back
';
part2();
} else {
// Confirm none of the chars are logged in..
// Updated during the for loop
$query = "SELECT count(strCharID) FROM CURRENTUSER WHERE strCharID = '" . $char1 . "' OR strCharID = '" . $char2 . "' OR strCharID = '" . $char3 . "'";
$results = odbc_exec($connect, $query);
while (odbc_fetch_row($results)) {
$online = odbc_result($results, 1);
}
if (strlen(trim($online)) > 0) {
part1('100%', 1, 1, 'center');
echo '
All characters must be logged out of the game first!';
echo '
Back
';
part2();
die();
}
// Check they aren't in a clan on any of 3 characters.
$query = "SELECT count(Knights) FROM USERDATA WHERE strUserID = '" . $char1 . "' OR strUserID = '" . $char2 . "' OR strUserID = '" . $char3 . "'";
$results = odbc_exec($connect, $query);
while (odbc_fetch_row($results)) {
$knights = odbc_result($results, 1);
}
if ($knights != 0) {
part1('100%', 1, 1, 'center');
echo '
All characters on account have to be clanless.';
echo '
Back
';
part2();
die();
}
$query = "SELECT COUNT(*) FROM NT_LOG WHERE DATEDIFF(Hour,,GETDATE()) < 48 AND Account = '" . $_SESSION['sesuser'] . "'";
$results = odbc_exec($connect, $query);
while (odbc_fetch_row($results)) {
$logcheck = odbc_result($results, 1);
}
if ($logcheck > 0) {
part1('100%', 1, 1, 'center');
echo '
You may only use this feature once every 48hours.';
echo '
Back
';
part2();
die();
} else {
// Get the nation and calculate desired nation
$query = "SELECT strAccountID, bNation FROM ACCOUNT_CHAR WHERE strAccountID = '" . $_SESSION['sesuser'] . "'";
$results = odbc_exec($connect, $query);
while (odbc_fetch_row($results)) {
$nation = odbc_result($results, 2);
}
if ($nation == 1) $desiredNation = 2;
if ($nation == 2) $desiredNation = 1;
// Test 1
$check1 = odbc_exec($connect, "SELECT COUNT(*) FROM USERDATA WHERE Nation='" . $desiredNation . "'");
$check2 = odbc_exec($connect, "SELECT COUNT(*) FROM USERDATA");
$tot1 = odbc_result ($check1, 1);
$tot2 = odbc_result($check2, 1);
if ($tot1 / $tot2 > 0.6) {
part1('100%', 1, 1, 'center');
echo '
Sorry your desired nation has too many users.';
echo '
The desired population must be less than 60% Population!';
echo '
Back
';
part2();
die();
}
// Test 2
$check3 = odbc_exec($connect, "SELECT SUM(Loyalty) AS nps FROM TB_USER WHERE Nation='" . $desiredNation . "'");
$check4 = odbc_exec($connect, "SELECT SUM(Loyalty) AS totnps FROM TB_USER");
$nps = odbc_result_all($check3);
$totnps = odbc_result_all($check4);
if ($nps / $totnps > 0.575) {
part1('100%', 1, 1, 'center');
echo '
Sorry your desired nation has too many National Points.';
echo '
The desired population must be less than 57% total National Points!';
echo '
Back
';
part2();
die();
} else {
// Calculate the newrace + class of the characters..
foreach (array($char1, $char2, $char3) as $char) {
if ($char != "") {
$getuser = "SELECT strCharID FROM CURRENTUSER where strCharID = '" . $char . "'";
$getusere = odbc_exec($connect, $getuser);
$characterID = odbc_result($getusere, 1);
if (strlen(trim($characterID)) > 0) {
$killed = 1;
KillUserAndWait(trim($characterID), $connect);
}
$query = "SELECT strUserID, Race, Class FROM USERDATA WHERE strUserID = '" . $char . "'";
$results = odbc_exec($connect, $query);
while (odbc_fetch_row($results)) {
$race = odbc_result($results, 2);
$class = odbc_result($results, 3);
}
if ($race < 12) {
$hashmap = array (1 => 11, 2 => 12, 3 => 13, 4 => 13, 11 => 1);
$NewRace = $hashmap[$race];
} elseif (($race == 12) || ($race == 13) || ($race == 14)) {
if ($class == 201) $NewRace = 1;
elseif ($class == 202) $NewRace = 2;
elseif ($class == 203) $NewRace = 3;
elseif ($class == 204) $NewRace = 4;
elseif ($class == 205) $NewRace = 1;
elseif ($class == 207) $NewRace = 2;
elseif ($class == 209) $NewRace = 3;
elseif ($class == 211) $NewRace = 4;
}
if ($class >= 199) {
$NewClass = $class - 100;
} else {
$NewClass = $class + 100;
}
if (($NewRace == '') || ($NewClass == '')) {
part1('100%', 1, 1, 'center');
echo 'Error: (Char: ' . $char . ')
New Class:';
echo $NewClass;
echo '
New Race:';
echo $NewRace;
echo '
Old Class:';
echo $class;
echo '
Old Race:';
echo $race;
echo '
Back
';
part2();
die();
}
$query = "UPDATE USERDATA SET Nation = '" . $desiredNation . "', Race = '" . $NewRace . "', Class = '" . $NewClass . "', Zone = 21, PX = 33550, PZ = 38400, PY = 0 WHERE strUserID = '" . $char . "'";
$results = odbc_exec($connect, $query);
}
}
$query = "INSERT INTO NT_LOG(, Account, Char1, Char2, Char3, NationTo) VALUES (GETDATE(), '" . $_SESSION['sesuser'] . "', '" . $char1 . "', '" . $char2 . "', '" . $char3 . "', '" . $desiredNation . "')";
$results = odbc_exec($connect, $query);
$query = "UPDATE ACCOUNT_CHAR SET bNation = '" . $desiredNation . "' WHERE strAccountID = '" . $_SESSION['sesuser'] . "'";
$results = odbc_exec($connect, $query);
}
// Done
part1tr();
part1('100%', 1, 1, 'center');
echo 'Done';
echo '
Back';
if ($killed == 1) { echo '
A character was disconnected during this process'; }
part2();
part2tr();
}
}
} else {
part1tr();
part1('25%', 1, 1, 'center');
echo 'Please confirm your transfer:
You must be logged out of all characters
You must be Clanless on all characters
You may only use this feature once every 48hours
The Desired Nation must be Less Than 60% Total Population
The Desired Nation must be Less Than 57.5% Total National Points
';
part2();
part2tr();
}
} else {
part1('100%', 1, 1, 'center');
echo 'You must login first!';
part2();
}
?>
附文中引用的anti_inject.php(反SQL注入功能)
<?php//simple anti sql injection function written by Heretic
include('sql_inject_log.php');
function test($tekst)
{
$tekst = strtolower($tekst);
$helpTekst = $tekst;
$tekst = strip_tags($tekst);
$banlist = array ("'", ";", "%", "$", "-", ">", "drop", "\"", "<", "\\", "|", "/", "=", "echo", "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "procedure", "limit", "order by", "group by", "asc", "desc", "union", "include", "userdata", "tb_user", "account_char");
$tekst = str_replace($banlist, " ", $tekst);
$tekst = trim($tekst);
if (strcmp($helpTekst,$tekst)) filelogs('attack_log', $helpTekst);
return($tekst);
}
function test_link($linkx)
{
$linkx = strtolower($linkx);
$helpLink = $linkx;
$linkx = strip_tags($linkx);
$banlist = array ("'", ";", "%", "$", "-", ">", "drop", "\"", "<", "\\", "|", "=", "echo", "insert", "select", "update", "delete", "distinct", "having", "truncate", "replace", "handler", "like", "procedure", "limit", "order by", "group by", "asc", "desc", "union", "include", "userdata", "tb_user", "account_char");
$linkx = str_replace($banlist, " ", $linkx);
$linkx = trim($linkx);
if (strcmp($helpLink,$linkx))
{
return true;
}else return false;
}
?>
sql_inject_log.php
<?php//function downloaded from ragezone.com, post written by john_d
function filelogs($type, $query)
{
$agent = $_SERVER['HTTP_USER_AGENT'];
$uri = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$ref = $_SERVER['HTTP_REFERER'];
$dtime = date('r');
if($ref == ""){
$ref = "None";
}
if($user == ""){
$user = "None";
}
$location = "./Logs/";
$type = $location . $type . ".txt";
$entry_line = "$dtime - IP: $ip | Agent: $agent| URL: $uri | Referrer: $ref | Query : $query \n";
$fp = fopen("$type", "a");
fputs($fp, $entry_line);
fclose($fp);
}
?>
页:
[1]