Share PHP ADVEXT user panel

Celestine · May 22, 2021

Hello, this is the functional ADVEXT user panel for all chronicles, from interlude to h5 L2off of course, I made small changes to it so that it also works with Vanganth and the Eressea extender (MyExt64)

The information of the panel is here: http://www.depmax64.com/forum/index.php?threads/account-panel.1882/ It costs 165 Dollars

You can download it here: Download

To configure it is very simple, you just have to edit the conf.php file that is in the root folder.

Its functions are:

Changing password

Password recovery

Ip binding

Account logs

Inventory viewer

Changing character name, or color name/title

Function "I'm stucked", which gives ability to teleport to nearest town.

Edited May 22, 2021 by Celestine

Nightw0lf · May 22, 2021

yeah it has some <<small issues>>

if you for example try to pass any other malicious shit other than that

public function secure($check_string)
	{
	    $ret_string = $check_string;
	    $ret_string = htmlspecialchars ($ret_string);
	    $ret_string = strip_tags ($ret_string);
	    $ret_string = trim ($ret_string);
	    $ret_string = str_replace ('\\l', '', $ret_string);
	    $ret_string = str_replace (' ', '', $ret_string);
	    $ret_string  = str_replace("'", "", $ret_string );
	    $ret_string  = str_replace("\"", "",$ret_string );
	    $ret_string  = str_replace("--", "",$ret_string );
	    $ret_string  = str_replace("^", "",$ret_string );
	    $ret_string  = str_replace("&", "",$ret_string );
	    $ret_string  = str_replace("(", "",$ret_string );
	    $ret_string  = str_replace(")", "",$ret_string );
	    $ret_string  = str_replace("=", "",$ret_string );
	    $ret_string  = str_replace("+", "",$ret_string );
	    $ret_string  = str_replace("%00", "",$ret_string );
	    $ret_string  = str_replace(";", "",$ret_string );
	    $ret_string  = str_replace(":", "",$ret_string );
	    $ret_string  = str_replace("|", "",$ret_string );
	    $ret_string  = str_replace("<", "",$ret_string );
	    $ret_string  = str_replace(">", "",$ret_string );
	    $ret_string  = str_replace("~", "",$ret_string );
	    $ret_string  = str_replace("`", "",$ret_string );
	    $ret_string  = str_replace("%20and%20", "",$ret_string );
	    $ret_string = stripslashes ($ret_string);
	    return $ret_string;
	}

in general:

1) I had to change all classes and functions to the date

2) lost sessions

3) captcha deprecated functions cause errors (i think its not even working) replace with google recaptcha

4) vendor components like smarty not working on latest PHP 7.4+ (even if you update them)

5) there are code violations in almost everything (at some point i was wondering how it even works)

6) Important: cached functions (specially on interlude need critical fixes)

7) this can run on special host they provide (NO SSL) and PHP 5.6 MAX

if you try to run the panel with SSL it will refuse

9) if you know how to make a new template DO it codes are missing

10) statistics not working and are big jokes on terms of code

11) statistics functions ASC/DESC not working

12) there is no trace of error catching system

13) if your server restart people can see your database password user name and ip and everything

14) there are some cheat functions that not checking for certain conditions for example if char is online

15) almost all code is dated back to 2010 when mysql_connect function removed

16) images missing the existing ones are extracted by name not by id (thats an easy part)

17) you will have random logouts cause user session is not working correctly at some parts of the website

18) clown custom functions like "main" and "mail" are hazard is like naming a function function

19) all this are the tip of the iceberg

20) PHPMailer was so old i was going high school i think...

so after a month i managed to rebuild it and keep only the template structure and fix/test the cached functions in the end thats what left worth....

this is the biggest joke on l2 the price is half it was 3 years ago it was 300+

the guy who coded this probably used internet tutorials and still to this date hates PHP

i was selling it with extra responsive template even on phones, payment functions Paypal G2APay and more but it was too much time consuming to sell it cause of the installation since nobody know how to do it even with guides eventually instead of selling it i gave up cause nobody wanted so expensive l2off shit

http://prntscr.com/139jbzo

http://prntscr.com/139jgwy

http://prntscr.com/139jiog

http://prntscr.com/139jktn

http://prntscr.com/139jlu8

PS the share is an account panel NOT a website

PS Congratulations if you end up make it working

PS The security is not only 1 badly written function is not even checking for XSS attacks, or utfmb4 (imagine some Chinese character (简化字) having sexy time with your database)

but as i said what i mention is the tip of the iceberg..

Edited September 25, 2022 by Nightw0lf

Celestine · May 22, 2021

Thanks for posting the issues of this User Panel @Nightw0lf i had an friend who managed to fix/solve the issues of this he sent me and i shared it for those who need test fix it by them selves.

Nightw0lf · May 22, 2021

oh shit i found my tester

<?php
/*************************************************************************************
 *
 * Author Nightwolf
 * Designer Dehnise
 * Created for Denart Designs that holds the ownership of this files.
 *
 * Purchased at https://shop.denart-designs.com/ get updates latest news and support.
 *
 * Copyright (C) 2019 DenArt-Designs <info@denart-designs.com>, Inc - All Rights Reserved
 * Unauthorized copying of this file, via any medium is strictly prohibited
 * This file is part of DenArt Panel.
 * Parts of the code can not be copied and/or distributed under any circumstances.
 *
 * For further questions contact us.
 * Email <info@denart-designs.com>
 * Skype <denart_grafistiki>
 *
 * Thank you for supporting us and helping to improve DenArt Designs.
 *
 *************************************************************************************/

error_reporting(E_ALL);
ini_set("display_errors", true);
setlocale(LC_TIME, 'en_US.UTF-8');
ini_set("max_execution_time", 10);
?>
<!doctype html>
<html lang="en">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
		<title>Test Web Host</title>
		<meta name="author" content="DenArt">
	</head>
<body>
<center>
<h1>SQL Server Connection Test</h1><br>
Detail: if you don't see any "Success" message then you cant use our panel because your web host does not support this kind of connections.<br>
You can try to switch the PHP Version and check again<br>
Recommended PHP Version 7.3.0+ <br>
Using PHP Version:<b><?php echo phpversion(); ?></b><br>
<hr/>
</center>
Curl: <?php echo function_exists('curl_version') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
Array_merge: <?php echo function_exists('array_merge') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (G2A Function)<br>
openssl_pkey_get_public: <?php echo function_exists('openssl_pkey_get_public') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (Paysera Function)<br>
Simplexml_load_string: <?php echo function_exists('simplexml_load_string') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
<?php
// EDIT THIS
$host = "CPU\SQLEXPRESS"; // server IP Address
$user = "sa";
$pass = "sa";

// ONLY IF NEED EDIT THIS
$base = "lin2world";
$port = 1433;
$q = 'SELECT top 10 char_name FROM user_data';

// DO NOT EDIT ABOVE

$charset = 'utf8';
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];
// if you get error message excecution time exceed remove 2 and 4
$methods = array(1, 2, 3, 4, 5);
foreach ($methods as $method)
{
	$message = null;
	if ($method == 1)
	{
		echo "------------------------<br>";
		echo "Testing mssql_connect()...<br>";
		try
		{
			if (function_exists('mssql_connect'))
			{
				$con = mssql_connect($host, $user, $pass);
				if ($con)
				{
					echo "mssql_connect() successfully connected!<br>";
					$db_selected = mssql_select_db($base, $con);
					if (!$db_selected)
						echo ('Can\'t use db : ' . mssql_get_last_message());
					$result = mssql_query($q);
					if (!$result)
						echo ('Invalid query: ' . mssql_get_last_message());
					$Count = mssql_num_rows($result);
					print "Showing $Count rows:\n\n";
					while ($Row = mssql_fetch_assoc($result))
					{
						echo "<pre>" . $Row['char_name'] . "</pre><br>";
					}
					mssql_close($con);
				}
				else
				{
					echo "mssql_connect() failed to connect!<br>";
				}
			}
			else
			{
				echo "mssql_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mssql_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	
	if ($method == 2)
	{
		echo "------------------------<br>";
		echo "Testing odbc_connect()...<br>";
		try
		{
			if (function_exists('odbc_connect'))
			{
				$con = odbc_connect("DRIVER={SQL Server};SERVER=".$host.";Port=1433;Database=".$base, $user, $pass);
				if($con)
				{
					echo "odbc_connect() successfully connected!<br>";
					$result = odbc_exec($q,$con);
				}
				else
					echo "odbc_connect() failed to connect!<br>";
			}
			else
			{
				echo "odbc_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "odbc_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 3)
	{
		echo "------------------------<br>";
		echo "Testing PDO(all available drivers)...<br>";
		$dsn = null;
		try
		{
			foreach (PDO::getAvailableDrivers() as $driver)
			{
				if ($driver == "odbc")
				{
					$driver = "odbc:Driver={SQL Server}";
				}
				$driver .= ":";
				$dsn = $driver."Server=$host,$port;Database=$base";
				if ($driver == "sqlsrv:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo "<pre>".$row['char_name']."</pre>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "odbc:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "dblib:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else 
					echo $driver." Failed or will not be checked<br>";
			}
			
		}
		catch (\PDOException $e)
		{
			echo $e->getMessage(). ' '.(int)$e->getCode();
		}
	}
	if ($method == 4)
	{
		echo "------------------------<br>";
		echo "Testing mysqli_connect()...<br>";
		try
		{
			if (function_exists('mysqli_connect'))
			{
				$con = mysqli_connect("p:".$host.":1433", $user, $pass, $base);
				if ($con)
				{
					echo "mysqli_connect() successfully connected!" . PHP_EOL;
					echo "Host information: " . mysqli_get_host_info($con) . PHP_EOL;
				}
				else
				{
					echo "mysqli_connect() failed to connect!" . PHP_EOL;
					echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
					echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
				}

				mysqli_close($con);
			}
			else
			{
				echo "mysqli_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mysqli_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 5)
	{
		echo "------------------------<br>";
		echo "Testing sqlsrv_connect()...<br>";
		try
		{
			if (function_exists('sqlsrv_connect'))
			{
				$con = sqlsrv_connect($host, array("Database" =>$base, "UID" => $user, "PWD" => $pass));
				if ($con)
				{
					echo "sqlsrv_connect() successfully connected!<br>";
					if(($result = sqlsrv_query($con, $q)) !== false)
					{
						echo "Results of char_name:<br>";
						while($obj = sqlsrv_fetch_object($result))
						{
							echo "<pre>".$obj->char_name."</pre>";
						}
					}
				}
				else
				{
					print_r(sqlsrv_errors(), true);
					echo "sqlsrv_connect() failed to connect!<br>";
				}
				//sqlsrv_close($con);
			}
			else
			{
				echo "sqlsrv_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "qlsrv_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
}

echo phpinfo();

this will show you if the HOST you are on will make the panel finally work

since this tester is for my panel with payment functions ignore the PASS/FAIL messages

focus on the connection

PS : OVH is not a host for this panel

Bearus · October 21, 2021

Thanks for this amazing !!!

ive edited the config.php looks okay,

Can this panel work without connecting it to the server instead making a database on the webhosting?

Edited December 28, 2021 by Bearus

Victory · October 27, 2021

On 10/21/2021 at 2:50 PM, MK Arigato said:

Can this panel work without connecting it to the server instead making a database on the webhosting?

Hello, @MK Arigato !

It's better to connect it with your database otherwise it will loose the main functions you were looking for.
You want to make a data transfers and to stream the database records for the chosen user directly on the panel right.. ?

Share PHP ADVEXT user panel

Recommended Posts

Celestine

Nightw0lf

Celestine

Nightw0lf

Bearus

Victory

Join the conversation

Posts

Topics

Browse

Activity

Store