Jump to content
MaxCheaters Official Group on X
MaxCheaters Official Group on Discord
--> Place your ad text here <--

PHP ADVEXT user panel

Celestine
 Share

Recommended Posts

Celestine Challenger

Celestine

Posted
Posted (edited)

Hello, this is the functional ADVEXT user panel for all chronicles, from interlude to h5 L2off of course, I made small changes to it so that it also works with Vanganth and the Eressea extender (MyExt64)

The information of the panel is here: http://www.depmax64.com/forum/index.php?threads/account-panel.1882/ It costs 165 Dollars

You can download it here: Download

To configure it is very simple, you just have to edit the conf.php file that is in the root folder.

Its functions are:

 

Changing password

Password recovery

Ip binding

Account logs

Inventory viewer

Changing character name, or color name/title

Function "I'm stucked", which gives ability to teleport to nearest town.

Edited by Celestine
  • Like 2
  • Thanks 1
Nightw0lf Experienced

Nightw0lf

Posted
Posted (edited)

yeah it has some <<small issues>>

if you for example try to pass any other malicious shit other than that 

public function secure($check_string)
	{
	    $ret_string = $check_string;
	    $ret_string = htmlspecialchars ($ret_string);
	    $ret_string = strip_tags ($ret_string);
	    $ret_string = trim ($ret_string);
	    $ret_string = str_replace ('\\l', '', $ret_string);
	    $ret_string = str_replace (' ', '', $ret_string);
	    $ret_string  = str_replace("'", "", $ret_string );
	    $ret_string  = str_replace("\"", "",$ret_string );
	    $ret_string  = str_replace("--", "",$ret_string );
	    $ret_string  = str_replace("^", "",$ret_string );
	    $ret_string  = str_replace("&", "",$ret_string );
	    $ret_string  = str_replace("(", "",$ret_string );
	    $ret_string  = str_replace(")", "",$ret_string );
	    $ret_string  = str_replace("=", "",$ret_string );
	    $ret_string  = str_replace("+", "",$ret_string );
	    $ret_string  = str_replace("%00", "",$ret_string );
	    $ret_string  = str_replace(";", "",$ret_string );
	    $ret_string  = str_replace(":", "",$ret_string );
	    $ret_string  = str_replace("|", "",$ret_string );
	    $ret_string  = str_replace("<", "",$ret_string );
	    $ret_string  = str_replace(">", "",$ret_string );
	    $ret_string  = str_replace("~", "",$ret_string );
	    $ret_string  = str_replace("`", "",$ret_string );
	    $ret_string  = str_replace("%20and%20", "",$ret_string );
	    $ret_string = stripslashes ($ret_string);
	    return $ret_string;
	}

in general:

1) I had to change all classes and functions  to the date

2) lost sessions

3) captcha deprecated functions cause errors (i think its not even working) replace with google recaptcha

4) vendor components like smarty not working on latest PHP 7.4+ (even if you update them)

5) there are code violations in almost everything (at some point i was wondering how it even works)

6) Important: cached functions (specially on interlude need critical fixes)

7) this can run on special host they provide (NO SSL) and PHP 5.6 MAX

😎 if you try to run the panel with SSL it will refuse

9) if you know how to make a new template DO it codes are missing

10) statistics not working and are big jokes on terms of code

11) statistics functions ASC/DESC not working

12) there is no trace of error catching system

13) if your server restart people can see your database password user name and ip and everything

14) there are some cheat functions that not checking for certain conditions for example if char is online

15) almost all code is dated back to 2010 when mysql_connect function removed

16) images missing the existing ones are extracted by name not by id (thats an easy part)

17) you will have random logouts cause user session is not working correctly at some parts of the website

18) clown custom functions like "main" and "mail" are hazard is like naming a function function

19) all this are the tip of the iceberg

20) PHPMailer was so old i was going high school i think...

 

so after a month i managed to rebuild it and keep only the template structure and fix/test the cached functions in the end thats what left worth....

this is the biggest joke on l2 the price is half it was 3 years ago it was 300+

the guy who coded this probably used internet tutorials and still to this date hates PHP

i was selling it with extra responsive template even on phones, payment functions Paypal G2APay and more but it was too much time consuming to sell it cause of the installation since nobody know how to do it even with guides eventually instead of selling it i gave up cause nobody wanted so expensive l2off shit

 

http://prntscr.com/139jbzo

http://prntscr.com/139jgwy

http://prntscr.com/139jiog

http://prntscr.com/139jktn

http://prntscr.com/139jlu8

 

PS the share is an account panel NOT a website

PS Congratulations if you end up make it working 🙂

PS The security is not only 1 badly written function is not even checking for XSS attacks, or utfmb4 (imagine some Chinese character (简 化 字) having sexy time with your database)

but as i said what i mention is the tip of the iceberg..

Edited by Nightw0lf
  • Upvote 2
Celestine Challenger

Celestine

Posted
  • Author
Posted

Thanks for posting the issues of this User Panel @Nightw0lf i had an friend who managed to fix/solve the issues of this he sent me and i shared it for those who need test fix it by them selves.

  • Upvote 1
Nightw0lf Experienced

Nightw0lf

Posted
Posted

oh shit i found my tester 

<?php
/*************************************************************************************
 *
 * Author Nightwolf
 * Designer Dehnise
 * Created for Denart Designs that holds the ownership of this files.
 *
 * Purchased at https://shop.denart-designs.com/ get updates latest news and support.
 *
 * Copyright (C) 2019 DenArt-Designs <info@denart-designs.com>, Inc - All Rights Reserved
 * Unauthorized copying of this file, via any medium is strictly prohibited
 * This file is part of DenArt Panel.
 * Parts of the code can not be copied and/or distributed under any circumstances.
 *
 * For further questions contact us.
 * Email <info@denart-designs.com>
 * Skype <denart_grafistiki>
 *
 * Thank you for supporting us and helping to improve DenArt Designs.
 *
 *************************************************************************************/

error_reporting(E_ALL);
ini_set("display_errors", true);
setlocale(LC_TIME, 'en_US.UTF-8');
ini_set("max_execution_time", 10);
?>
<!doctype html>
<html lang="en">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
		<title>Test Web Host</title>
		<meta name="author" content="DenArt">
	</head>
<body>
<center>
<h1>SQL Server Connection Test</h1><br>
Detail: if you don't see any "Success" message then you cant use our panel because your web host does not support this kind of connections.<br>
You can try to switch the PHP Version and check again<br>
Recommended PHP Version 7.3.0+ <br>
Using PHP Version:<b><?php echo phpversion(); ?></b><br>
<hr/>
</center>
Curl: <?php echo function_exists('curl_version') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
Array_merge: <?php echo function_exists('array_merge') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (G2A Function)<br>
openssl_pkey_get_public: <?php echo function_exists('openssl_pkey_get_public') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (Paysera Function)<br>
Simplexml_load_string: <?php echo function_exists('simplexml_load_string') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
<?php
// EDIT THIS
$host = "CPU\SQLEXPRESS"; // server IP Address
$user = "sa";
$pass = "sa";

// ONLY IF NEED EDIT THIS
$base = "lin2world";
$port = 1433;
$q = 'SELECT top 10 char_name FROM user_data';

// DO NOT EDIT ABOVE

$charset = 'utf8';
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];
// if you get error message excecution time exceed remove 2 and 4
$methods = array(1, 2, 3, 4, 5);
foreach ($methods as $method)
{
	$message = null;
	if ($method == 1)
	{
		echo "------------------------<br>";
		echo "Testing mssql_connect()...<br>";
		try
		{
			if (function_exists('mssql_connect'))
			{
				$con = mssql_connect($host, $user, $pass);
				if ($con)
				{
					echo "mssql_connect() successfully connected!<br>";
					$db_selected = mssql_select_db($base, $con);
					if (!$db_selected)
						echo ('Can\'t use db : ' . mssql_get_last_message());
					$result = mssql_query($q);
					if (!$result)
						echo ('Invalid query: ' . mssql_get_last_message());
					$Count = mssql_num_rows($result);
					print "Showing $Count rows:\n\n";
					while ($Row = mssql_fetch_assoc($result))
					{
						echo "<pre>" . $Row['char_name'] . "</pre><br>";
					}
					mssql_close($con);
				}
				else
				{
					echo "mssql_connect() failed to connect!<br>";
				}
			}
			else
			{
				echo "mssql_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mssql_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	
	if ($method == 2)
	{
		echo "------------------------<br>";
		echo "Testing odbc_connect()...<br>";
		try
		{
			if (function_exists('odbc_connect'))
			{
				$con = odbc_connect("DRIVER={SQL Server};SERVER=".$host.";Port=1433;Database=".$base, $user, $pass);
				if($con)
				{
					echo "odbc_connect() successfully connected!<br>";
					$result = odbc_exec($q,$con);
				}
				else
					echo "odbc_connect() failed to connect!<br>";
			}
			else
			{
				echo "odbc_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "odbc_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 3)
	{
		echo "------------------------<br>";
		echo "Testing PDO(all available drivers)...<br>";
		$dsn = null;
		try
		{
			foreach (PDO::getAvailableDrivers() as $driver)
			{
				if ($driver == "odbc")
				{
					$driver = "odbc:Driver={SQL Server}";
				}
				$driver .= ":";
				$dsn = $driver."Server=$host,$port;Database=$base";
				if ($driver == "sqlsrv:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo "<pre>".$row['char_name']."</pre>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "odbc:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "dblib:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else 
					echo $driver." Failed or will not be checked<br>";
			}
			
		}
		catch (\PDOException $e)
		{
			echo $e->getMessage(). ' '.(int)$e->getCode();
		}
	}
	if ($method == 4)
	{
		echo "------------------------<br>";
		echo "Testing mysqli_connect()...<br>";
		try
		{
			if (function_exists('mysqli_connect'))
			{
				$con = mysqli_connect("p:".$host.":1433", $user, $pass, $base);
				if ($con)
				{
					echo "mysqli_connect() successfully connected!" . PHP_EOL;
					echo "Host information: " . mysqli_get_host_info($con) . PHP_EOL;
				}
				else
				{
					echo "mysqli_connect() failed to connect!" . PHP_EOL;
					echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
					echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
				}

				mysqli_close($con);
			}
			else
			{
				echo "mysqli_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mysqli_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 5)
	{
		echo "------------------------<br>";
		echo "Testing sqlsrv_connect()...<br>";
		try
		{
			if (function_exists('sqlsrv_connect'))
			{
				$con = sqlsrv_connect($host, array("Database" =>$base, "UID" => $user, "PWD" => $pass));
				if ($con)
				{
					echo "sqlsrv_connect() successfully connected!<br>";
					if(($result = sqlsrv_query($con, $q)) !== false)
					{
						echo "Results of char_name:<br>";
						while($obj = sqlsrv_fetch_object($result))
						{
							echo "<pre>".$obj->char_name."</pre>";
						}
					}
				}
				else
				{
					print_r(sqlsrv_errors(), true);
					echo "sqlsrv_connect() failed to connect!<br>";
				}
				//sqlsrv_close($con);
			}
			else
			{
				echo "sqlsrv_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "qlsrv_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
}

echo phpinfo();

 

this will show you if the HOST you are on will make the panel finally work

since this tester is for my panel with payment functions ignore the PASS/FAIL messages

focus on the connection

 

PS : OVH is not a host for this panel

  • 4 months later...
Bearus Enthusiast

Bearus

Posted
Posted (edited)

Thanks for this amazing !!!

ive edited the config.php looks okay,

 

Can this panel work without connecting it to the server instead making a database on the webhosting?

Edited by Bearus
Victory Enthusiast

Victory

Posted
Posted
On 10/21/2021 at 2:50 PM, MK Arigato said:

Can this panel work without connecting it to the server instead making a database on the webhosting?


Hello, @MK Arigato !

It's better to connect it with your database otherwise it will loose the main functions you were looking for. 
You want to make a data transfers and to stream the database records for the chosen user directly on the panel right.. ?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Posts

    • TOPsellers
      ADENA L2REBORN X1

      By TOPsellers · Posted

      +
    • JGUC
      [L2J] H5 (High Five) Source with live bots

      By JGUC · Posted

      The bot video lasts 35 minutes and not everything is shown there, if everything was shown, the video could have lasted several hours. Also, the video quality is reduced so as not to take up much space.The last minutes of the video show bots attacking each other on the event. https://dropmefiles.com/1jMi2
    • JGUC
      [L2J] H5 (High Five) Source with live bots

      By JGUC · Posted

      We also forgot to say that the deal will be the way you want it, we are ready for almost any of your demands. And we ask the administration to review our post as soon as possible, because several hours have passed and it still hasn't passed moderation, thank you in advance!  
    • BoostLike
      ✅BOOST LIKE: MARKETPLACE WITH Github Accounts✅

      By BoostLike · Posted

      💥Super offer GitHub Account  (5 years)💥 ⚠️ Available to order for only $20🔥
    • JGUC
      [L2J] H5 (High Five) Source with live bots

      By JGUC · Posted

      Good day to all! We present to your attention our source code h5, where several projects used and achieved very good results, both in terms of online and in general for the project. (Due to confidentiality, the list of projects, the test server and what the basis of the source code will be provided only to real buyers, where they can go and check them out)   The main feature is bots, which are very animated, one to one like real players. But, in addition to bots, the build has a lot of interesting and modern things. Below will be a video showing bots and a little about the server.   As we said, the build was used on several projects, so the first thing that is there is not a single backdoor on the server, all serious and critical errors have been fixed. Races and classes are closer to the official PTS platform.   And also the server can be used as a classic server, as well as a server with add-ons, because the server has added many new things, weapons, armor, jewelry, hats, cloaks, etc.   The server has a full working community board (alt+b), working locations, quests, geodata, mechanism, working ai, in general there are no problems and complaints. In alt+b, shops, various services, buffer, player statistics, clan statistics, mail, profession change, personal account, registration for events, etc. are available.   Additional services: Premium account, visual costumes, nickname change services (for yourself and your pet), nickname and title painting service, karma/PC cleaning, expand services, weapon/armor/jewelry sharpening service, level up and down service, nobles purchase service, beauty salon (new hairstyle change from higher chronicles and face change), additional window purchase service, clan reputation purchase service, weapon augmentation purchase service.   Internal services: auto potions (acp), referral system, repair services, automatic reward delivery after n. time, additional auction, and other working systems, also many available commands, such as: exact date of epic respawn, password change directly inside the game, offline buffer, auto att, registration for castle sieges directly by entering a command and other available commands.   The server has protection (both on the server side and on the client side) that protects against free software and also several other anti-bot systems that will not give the slightest chance to bot users. But if you want people to use software, you just turn it off.   Bots. As we said, one of the main features of our server is bots, they are one to one like real players, now a little about bots and below is a link to a video about how they work: Server bots are like real players, their AI is copied from the AI ??of real characters, and therefore they get what real players get and you can also do with them everything that can be done with real characters.   They write in chats, in all chats, trade, shout, pm, clan chat, general chat. They walk around the cities, level up, farm, kill each other in pvp and pc, put on weapons, armor, jewelry, sharpen weapons. According to their level, they will choose their professions, join clans, participate in different events, use alt+b services - I'm telling you, their AI is copied and adapted like a real player's AI, so they can do everything that a real player can.   Bot control: You can set a chat and words for bots, how often or rarely they will write in chats, you can control where and how the bots will level up, you can control what events they will be at, you can control what cities they will run in, you can control where they will stand, you can even call them to you and that's not all, they are completely in your hands and you can twist them as you want. The bot video lasts 35 minutes and not everything is shown there, if everything was shown, the video could have lasted several hours. Also, the video quality is reduced so as not to take up much space.   You can check the rest yourself on the test server and we will fully show you everything that bots are capable of and you will be surprised)   Now about the price and a little about our work and what is included in this price. We do not sell only the build, we sell the source code in its entirety, so that you can adapt something for yourself. The price of the source code: 15,000 euros. What is included in this price: 1. We do not have a license, you buy it once and you can use it for the rest of your life. 2. There is no online limit and there is also no limit on running bots, the server can support as much online and bots as your VDS is powerful. 3. Client-side protection. You will not pay extra for protection, the source code already has everything. 4. All builds that we have created for projects that bought the source from us (they have ready-made servers, with their own ready-made concepts, configs, different alt+b designs, for different rates x1, x10, x20, x50, x100, x1200, x5000, there are also servers for classics and servers with add-ons, they all have configured bots for their servers) all this will be included in this price. You will receive all the builds of these projects. 5. Once a year we update and improve the source, we will also improve the bots, make different paths for them, different farming places, and revive them more and more, to get them you will have to pay 20 euros to get the updates. 6. You will receive all the bot settings from our first projects to the last, the video shows little, our last configured bots are almost indistinguishable from real players and you will see this yourself on the test server or later. (Our last setup and development of bots lasted 11 months and these works and what bots can do cannot be described in words, you yourself must see them to feel this work and power) 7. We will teach you how to control both the server and training on setting up and controlling bots. 8. We will provide you with VDS for 3 months and if necessary we will help you as much as we can until the first launch of your project! 9. Our bots move, they don't stand in one place, they walk around the cities and use a teleport, after the teleport they move on to the farming place in random places. They communicate in the chat and if you hit them, they can hit you back. They are in almost every city and farming location, near many key NPCs, instance zone managers, etc. They are automatically updated and move around the cities and farming zones. They attack those who have a flag and those who is pk. These are simply unique bots that can help you in terms of your online and your project in general! 10. As we said, our latest bot development lasted 11 months and we made 92 new farm zones for bots, more than 150,000 new paths for all locations, different methods of dressing their equipment, different methods of their behavior and more than 40,000 universal words in the chat, in different languages, where no one can even doubt that these are bots! Our contact information Telegramm: https://t.me/jg_uc Discord: j.g.u.c_dev

  • Topics

×
×
  • Create New...