<?
if (eregi("includes/functions.user.php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); }
function register() {
$ps_loginname = stripslashes($_POST['ps_loginname']);
$ps_name = stripslashes($_POST['ps_loginname']);
$ps_email = stripslashes($_POST['ps_email']);
$ps_person_id = stripslashes($_POST['ps_person_id']);
$ps_password = stripslashes($_POST['ps_password']);
$ps_repassword = stripslashes($_POST['ps_repassword']);
$ps_recquest = stripslashes($_POST['ps_recquest']);
$ps_recans = stripslashes($_POST['ps_recans']);
$verifyinput2 = stripslashes($_POST['verifyinput2']);
$date = date('m/d/Y');
if ((eregi("[^a-zA-Z0-9_-]", $ps_loginname)) || (eregi("[^0-9.]", $ps_person_id)) || (eregi("[^0-9.]", $verifyinput2)) || (eregi("[^a-zA-Z0-9\.@_-]", $ps_email)) || (eregi("[^a-zA-Z0-9_-]", $ps_name)) || (eregi("[^a-zA-Z0-9_-]", $ps_recans)) || (eregi("[^a-zA-Z0-9_-]", $ps_recquest)) || (eregi("[^a-zA-Z0-9_-]", $ps_password)) || (eregi("[^a-zA-Z0-9_-]", $ps_repassword)))
{
echo("SQL Injection Detected");
exit();
}
require("config.php");
if ($_SESSION['image_random_value'] != md5($verifyinput2)){
$error= 1;
show_error("".text_invalid_code."!");
}
else{
$sql_email_check = mssql_query("SELECT mail_addr FROM MEMB_INFO WHERE mail_addr='$ps_email'");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$ps_loginname'");
$email_check = mssql_num_rows($sql_email_check);
$username_check = mssql_num_rows($sql_username_check);
if (empty($ps_loginname) || empty($ps_email) || empty($ps_person_id) || empty($ps_password) || empty($ps_repassword) || empty($ps_recquest) || empty($ps_recans) ) {
echo "Some fields were left blank. Please go back and try again."; $Error=1;
}
elseif (($email_check > 0) || ($username_check > 0)){
if($email_check > 0){
show_error("".text_email_in_use."!");
$Error=1;
}
if ($username_check > 0){
show_error("".text_acc_in_use."!");
$Error=1;
}
}
if ($Error!=1){
if($devilmu['md5'] == 0){
$insert_account = mssql_query("INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_name,sno__numb,mail_addr,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code,fpas_ques,fpas_answ) VALUES ('$ps_loginname','$ps_password','DeviL Mu','1','$ps_email',$date,$date,'2005-01-03','2005-01-03','1','0','0','$ps_recquest','$ps_recans')");
$insert_account2 = mssql_query("INSERT INTO VI_CURR_INFO (ends_days,chek_code,used_time,memb___id,memb_name,memb_guid,sno__numb,Bill_Section,Bill_value,Bill_Hour,Surplus_Point,Surplus_Minute,Increase_Days )
VALUES ('2005','1',1234,'$ps_loginname','$ps_loginname',1,'7','6','3','6','6','2003-11-23 10:36:00','0' )");
}
if($devilmu['md5'] == 1){
$insert_account = mssql_query("INSERT INTO MEMB_INFO (memb___id,memb__pwd,memb_name,sno__numb,mail_addr,appl_days,modi_days,out__days,true_days,mail_chek,bloc_code,ctl1_code,memb__pwd2,fpas_ques,fpas_answ) VALUES ('$ps_loginname',[dbo].[fn_md5]('$ps_password','$ps_loginname'),'DeviL Mu','$ps_person_id','$ps_email',$date,$date,'2005-01-03','2005-01-03','1','0','0','$ps_password','$ps_recquest','$ps_recans')");
}
show_ok("".text_reg_success."!");
}
}
}
function reset_char() {
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$login = clean_var($login);
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$login'");
$name_check = mssql_num_rows($sql_name_check);
$result = mssql_query("Select Clevel,Resets,Money,LevelUpPoint From Character where Name='$name'");
$row = mssql_fetch_row($result);
$resetup=$row[1] + (1);
if($devilmu['resetzenmode']==1)$resetzen=$devilmu['resetzen'];
if($devilmu['resetzenmode']==2)$resetzen=$resetup * $devilmu['resetzen'];
$resetmoney=$row[2] - $resetzen;
if($devilmu['levelupmode']==1)$resetpt=$devilmu['resetpoints'] * ($row[1] + 1);
if($devilmu['levelupmode']==2)$resetpt=$devilmu['resetpoints'] + $row[3];
if ($username_check <= 0){
show_error("".text_select_character."."); }
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif ($resetup > $devilmu['max_reset']){
show_error("".text_max_reset." $devilmu[max_reset] !"); }
elseif ($row[0] < $devilmu['levelreset']){
show_error("".text_level_reset1." $devilmu[levelreset] ".text_level_reset2." $row[0] !"); }
elseif (acc_online($login)){
show_error("".text_log_off." !"); }
elseif ($resetmoney < 0){
show_error("".text_zen_reset1." ".number_format($resetzen,'','',',')." ".text_zen." ".text_zen_reset2." !"); }
else {
if($devilmu['resetstats']==1)$query=mssql_query("UPDATE dbo.Character SET strength='25' , dexterity='25' , vitality='25' , energy='25' WHERE Name = '$name'");
if($devilmu['clearinventory']==1)$query=mssql_query("UPDATE Character SET [inventory]=CONVERT(varbinary(1560), null) WHERE Name='$name'");
if($devilmu['clearskills']==1)$query=mssql_query("UPDATE Character SET [magiclist]=CONVERT(varbinary(180), null) WHERE Name='$name'");
$general = "UPDATE dbo.Character SET clevel=1 , Resets = '$resetup' , experience = '0' , money = '$resetmoney' , LevelUpPoint = '$resetpt' , MapNumber = '0' , MapPosX= '125' , MapPosY= '125' WHERE Name = '$name'";
$msgeneral = mssql_query($general);
show_ok("".text_reset_success1." $name ".text_reset_success2." $resetup ".text_reset_success3."!");
}
}
function clear_skills() {
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$login = clean_var($login);
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$login'");
$name_check = mssql_num_rows($sql_name_check);
if ($username_check <= 0){
show_error("".text_select_character."."); }
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif (acc_online($login)){
show_error("".text_log_off." !"); }
else {
$general = "UPDATE Character SET [magiclist]=CONVERT(varbinary(180), null) WHERE Name='$name'";
$msgeneral = mssql_query($general);
show_ok("Магиите на $name бяха изтрити успешно!");
}
}
function clear_inventory() {
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$login = clean_var($login);
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$login'");
$name_check = mssql_num_rows($sql_name_check);
if ($username_check <= 0){
show_error("".text_select_character."."); }
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif (acc_online($login)){
show_error("".text_log_off." !"); }
else {
$general = "UPDATE Character SET [inventory]=CONVERT(varbinary(1560), null) WHERE Name='$name'";
$msgeneral = mssql_query($general);
show_ok("Предметите на $name бяха изтрити успешно!");
}
}
function reset_location() {
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$login = clean_var($login);
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$login'");
$name_check = mssql_num_rows($sql_name_check);
if ($username_check <= 0){
show_error("".text_select_character."."); }
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif (acc_online($login)){
show_error("".text_log_off." !"); }
else {
$general = "UPDATE Character SET MapNumber = '0' , MapPosX= '125' , MapPosY= '125' WHERE Name='$name'";
$msgeneral = mssql_query($general);
show_ok("Героят $name беше върнат в Lorencia успешно!");
}
}
function downgrade_class() {
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$login = clean_var($login);
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$login'");
$name_check = mssql_num_rows($sql_name_check);
$query=mssql_query("select name,class,clevel from character where name='$name' and accountid='$login'");
$row=mssql_fetch_row($query);
if ($username_check <= 0){
show_error("".text_select_character."."); }
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif($row[1]!=2 and $row[1]!=18 and $row[1]!=34 and $row[1]!=50 and $row[1]!=66 and $row[1]!=82){
show_error("Не сте изпълнили 3-тия quest!"); }
elseif (acc_online($login)){
show_error("".text_log_off." !"); }
else{
if($row[1]==50 or $row[1]==66){$class=$row[1]-2; $q='F';} else{$class=$row[1]-1; $q='A';}
$run=mssql_query("update character set class='$class',quest=convert(varbinary(50),0xF".$q."FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF) where name='$row[0]'");
show_ok("Класата на героя $row[0] е успешно сменена от ".decode_class($row[1])." на ".decode_class($class).".");
}
}
function reset_stats(){
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$login = clean_var($login);
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$login'");
$name_check = mssql_num_rows($sql_name_check);
$result = mssql_query("Select Clevel,Resets,Money,LevelUpPoint From Character where Name='$name'");
$row = mssql_fetch_row($result);
$resetstats = mssql_query("Select leveluppoint,strength,dexterity,vitality,energy From Character where Name='$name'");
$points = mssql_fetch_row($resetstats);
if($points[0]<0){$points[0]=0;}
if($points[1]<0){$points[1]=32767;}
if($points[2]<0){$points[2]=32767;}
if($points[3]<0){$points[3]=32767;}
if($points[4]<0){$points[4]=32767;}
$resetpt = $points[0] + ($points[1]) + ($points[2]) + ($points[3]) + ($points[4]) ;
if ($username_check <= 0){
show_error("".text_select_character.".");}
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif (acc_online($login)){
show_error("".text_log_off." !"); }
elseif ( $row[1] < $devilmu['reset_stats_min_res']){
show_error("За да си реснеш статса трябва да си поне $devilmu[reset_stats_min_res] реса !"); }
else {
$general ="UPDATE dbo.Character SET strength='0' , dexterity='0' , vitality='0' , energy='0' , LevelUpPoint = $resetpt WHERE Name = '$name'";
$msgeneral = mssql_query($general);
show_ok("$name току що ресна статса си успешно сега имаш $resetpt точки за вдигане!");
}
}
function add_stats(){
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$vitality = stripslashes($_POST['vitality']);
$strength = stripslashes($_POST['strength']);
$energy = stripslashes($_POST['energy']);
$dexterity = stripslashes($_POST['dexterity']);
if ((eregi("[^a-zA-Z0-9_-]", $oldpwd)) || (eregi("[^a-zA-Z0-9_-]", $login)) || (eregi("[^0-9_-]", $vitality)) || (eregi("[^0-9_-]", $strength)) || (eregi("[^0-9_-]", $energy)) || (eregi("[^0-9_-]", $dexterity)))
{
echo("SQL Injection Detected");
exit();
}
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID='$login'");
$name_check = mssql_num_rows($sql_name_check);
$query = "select Vitality,Strength,Energy,Dexterity,LevelUpPoint,class from Character WHERE Name='$name'";
$result = mssql_query($query);
$row = mssql_fetch_row($result);
$new_vit = $row[0] + $vitality;
$new_str = $row[1] + $strength;
$new_eng = $row[2] + $energy;
$new_agi = $row[3] + $dexterity;
$row[4] = $row[4] - $vitality - $strength - $energy - $dexterity;
if ((eregi("[^0-9_-]", $vitality)) ||
(eregi("[^0-9_-]", $strength)) ||
(eregi("[^0-9_-]", $energy)) ||
(eregi("[^0-9_-]", $dexterity)))
{
echo "<font color=red ><b>Използвайте само цифрите от 1 до 9 !</font><br>";
}
if ($username_check <= 0){
show_error("".text_select_character."."); }
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif ($vitality<0 OR $strength<0 OR $energy<0 OR $dexterity<0){
show_error("Не бачкат бъгове тука !"); }
elseif (!empty($_POST['command']) and $row[6]!=66 and $row[6]!=64){
show_error("Можете да добавяте точки на command само на Dark Lord!"); }
elseif ($new_vit>32767 OR $new_str>32767 OR $new_eng>32767 OR $new_agi>32767){
show_error("Не можете да вдигате повече от 32767 точки !"); }
elseif ($row[4] < 0){
show_error("Нямаш достатъчно точки за вдигане: ($row[4])!"); }
else {
$msquery = "
UPDATE dbo.Character SET Vitality = '$new_vit'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET Strength = '$new_str'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET Energy = '$new_eng'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET Dexterity = '$new_agi'
WHERE Name = '$name'
AND AccountID = '$login'
UPDATE dbo.Character SET LevelUpPoint = '$row[4]'
WHERE Name = '$name'
AND AccountID = '$login'";
$msresults= mssql_query($msquery);
show_ok("<font color=green ><b> $name твоите точки сега са:<br><br>
<b>Strength</b> = $new_str<br>
<b>Agility</b> = $new_agi<br>
<b>Vitality</b> = $new_vit<br>
<b>Energy</b> = $new_eng<br>
Останаха ти $row[4] точки за вдигане.<br></font>");
}
}
function clear_pk(){
$name = stripslashes($_POST['name']);
$name = str_replace(";","",$name);
$name = str_replace("'","",$name);
$login = stripslashes($_SESSION['user']);
$login = clean_var($login);
require("config.php");
$sql_username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check = mssql_num_rows($sql_username_check);
$sql_name_check = mssql_query("SELECT Name FROM Character WHERE Name='$name' and AccountID = '$login'");
$name_check = mssql_num_rows($sql_name_check);
$sql_PkLevel_check = mssql_query("SELECT PkLevel FROM Character WHERE PkLevel > 3 and Name='$name'");
$sql_PkCount_check = mssql_query("SELECT PkCount FROM Character WHERE PkLevel > 3 and Name='$name'");
$PkLevel_check = mssql_num_rows($sql_PkLevel_check);
$total_PkCount = mssql_fetch_row($sql_PkCount_check);
$total_PkLevel = mssql_fetch_row($sql_PkLevel_check);
$sql_money1_check = mssql_query("SELECT Money FROM Character WHERE Name='$name'");
$total_money = mssql_fetch_row($sql_money1_check);
$money1_check = $total_money[0] - ($devilmu['pk_reset_cost']);
$money_for_reset= $devilmu['pk_reset_cost'] / 1000000 ;
$money_output = (-1 * $money1_check);
if ($username_check <= 0){
show_error("".text_select_character."."); }
elseif ($name_check <= 0){
show_error("".text_select_character."."); }
elseif ($PkLevel_check <= 0){
show_error("Героят ви не е убиец !"); }
elseif ($money1_check < 0){
show_error("Трябва да имате поне $money_for_reset милиона,за да изчистите убийствата на героя ви !"); }
else {
$msquery = "UPDATE dbo.Character SET PkLevel = '3'
WHERE AccountID = '$login'
AND Name = '$name'
UPDATE dbo.Character SET PkTime = '0'
WHERE AccountID = '$login'
AND Name = '$name'
UPDATE dbo.Character SET Money = $money1_check
WHERE AccountID = '$login'
AND Name = '$name'
";
$msresults= mssql_query($msquery);
show_ok("Убийствата на $name бяха испешно премахнати.");}
}
function change_pass(){
require("config.php");
$login = stripslashes($_SESSION['user']);
$login = clean_var($_SESSION['user']);
$oldpwd = stripslashes($_POST['oldpassword']);
$oldpwd = clean_var($_POST['oldpassword']);
$newpwd = stripslashes($_POST['newpassword']);
$newpwd = clean_var($_POST['newpassword']);
$renewpwd = stripslashes($_POST['renewpassword']);
$renewpwd = clean_var($_POST['renewpassword']);
if($devilmu['md5']==1){
$sql_pw_check = mssql_query("SELECT * FROM dbo.MEMB_INFO WHERE memb___id='$login' AND memb__pwd = [dbo].[fn_md5]('$oldpwd','$login')");
}
elseif($devilmu['md5']==0){
$sql_pw_check = mssql_query("SELECT * FROM MEMB_INFO WHERE memb___id='$login' AND memb__pwd='$oldpwd'");
}
$pw_check = mssql_num_rows($sql_pw_check);
if(acc_online($login)){ show_error("Account Is Online, Must Be Logged Off!"); }
elseif($pw_check <= 0){show_error("Current Password Is Incorrect!"); }
elseif($oldpwd==$newpwd){show_error("The Current Password And The New One Are The Same!");}
elseif($newpwd != $renewpwd){show_error("Passwords Did not Match !"); }
else{
if($devilmu['md5']==1){
$change_password = mssql_query("UPDATE MEMB_INFO SET [memb__pwd]=[dbo].[fn_md5]('$newpwd','$login'),[memb__pwd2]='$newpwd' WHERE memb___id ='$login'");
}
elseif($devilmu['md5']==0){
$change_password = mssql_query("UPDATE MEMB_INFO SET [memb__pwd] ='$newpwd' WHERE memb___id ='$login'");
$change_password = mssql_query("UPDATE MEMB_INFO SET [memb__pwd2]='$newpwd' WHERE memb___id ='$login'");
}
$_SESSION['pass'] = $newpwd;
show_ok("Password SuccessFully Changed!");
}
}
function lost_pass(){
require("config.php");
$login = stripslashes($_POST['username']);
$squestion = stripslashes($_POST['squestion']);
$sanswer = stripslashes($_POST['sanswer']);
$email = stripslashes($_POST['email']);
if ((eregi("[^a-zA-Z0-9_-]", $login)) or ($login =='')) {
show_error("Username Is Invalid (4-10 Alpha-Numeric Characters)");}
elseif ((eregi("[^a-zA-Z0-9\.@_-]", $email)) or ($email =='')) {
show_error("E-mail Is Invalid (4-50 Alpha-Numeric Characters)");}
elseif ((eregi("[^a-zA-Z0-9_-]", $squestion)) or ($squestion =='')) {
show_error("Secret Question Is Invalid (4-10 Alpha-Numeric Characters)");}
elseif ((eregi("[^a-zA-Z0-9_-]", $sanswer)) or ($sanswer =='')) {
show_error("Secret Answer Is Invalid (4-10 Alpha-Numeric Characters)");}
else {
$username_check = mssql_query("SELECT memb___id FROM MEMB_INFO WHERE memb___id='$login'");
$username_check_ = mssql_num_rows($username_check);
$sql_mail_check = mssql_query("SELECT mail_addr FROM MEMB_INFO WHERE mail_addr='$email' and memb___id='$login'");
$sql_pw_check = mssql_query("SELECT memb__pwd2,fpas_ques FROM MEMB_INFO WHERE fpas_ques='$squestion' and memb___id='$login' and fpas_answ='$sanswer'");
if($devilmu['md5'] == 1){
$sql_pw_get = mssql_query("SELECT memb__pwd2,fpas_ques FROM MEMB_INFO WHERE memb___id='$login'");
}
elseif($devilmu['md5'] == 0){
$sql_pw_get = mssql_query("SELECT memb__pwd,fpas_ques FROM MEMB_INFO WHERE memb___id='$login'");
}
$pw_check = mssql_num_rows($sql_pw_check);
$pw_retrieval = mssql_fetch_row($sql_pw_get);
$mail_check = mssql_num_rows($sql_mail_check);
if ($username_check <= 0){
show_error("Username $login Doesn't Exist!");
}
elseif ($pw_check <= 0){
show_error("Secret Question Or Answer Is Incorrect!");
}
elseif ($mail_check <= 0){
show_error("The E-Mail Address You Entered Is Incorect!");
}
else{
show_ok("Your Password Is $pw_retrieval[0] , Change It As Fast As You Can!!!");
}
}
}
?>