Jump to content

Share PHP ADVEXT user panel


Recommended Posts

Posted (edited)

Hello, this is the functional ADVEXT user panel for all chronicles, from interlude to h5 L2off of course, I made small changes to it so that it also works with Vanganth and the Eressea extender (MyExt64)

The information of the panel is here: http://www.depmax64.com/forum/index.php?threads/account-panel.1882/ It costs 165 Dollars

You can download it here: Download

To configure it is very simple, you just have to edit the conf.php file that is in the root folder.

Its functions are:

 

Changing password

Password recovery

Ip binding

Account logs

Inventory viewer

Changing character name, or color name/title

Function "I'm stucked", which gives ability to teleport to nearest town.

Edited by Celestine
  • Like 2
  • Thanks 1
Link to comment
Share on other sites

yeah it has some <<small issues>>

if you for example try to pass any other malicious shit other than that

public function secure($check_string)
	{
	    $ret_string = $check_string;
	    $ret_string = htmlspecialchars ($ret_string);
	    $ret_string = strip_tags ($ret_string);
	    $ret_string = trim ($ret_string);
	    $ret_string = str_replace ('\\l', '', $ret_string);
	    $ret_string = str_replace (' ', '', $ret_string);
	    $ret_string  = str_replace("'", "", $ret_string );
	    $ret_string  = str_replace("\"", "",$ret_string );
	    $ret_string  = str_replace("--", "",$ret_string );
	    $ret_string  = str_replace("^", "",$ret_string );
	    $ret_string  = str_replace("&", "",$ret_string );
	    $ret_string  = str_replace("(", "",$ret_string );
	    $ret_string  = str_replace(")", "",$ret_string );
	    $ret_string  = str_replace("=", "",$ret_string );
	    $ret_string  = str_replace("+", "",$ret_string );
	    $ret_string  = str_replace("%00", "",$ret_string );
	    $ret_string  = str_replace(";", "",$ret_string );
	    $ret_string  = str_replace(":", "",$ret_string );
	    $ret_string  = str_replace("|", "",$ret_string );
	    $ret_string  = str_replace("<", "",$ret_string );
	    $ret_string  = str_replace(">", "",$ret_string );
	    $ret_string  = str_replace("~", "",$ret_string );
	    $ret_string  = str_replace("`", "",$ret_string );
	    $ret_string  = str_replace("%20and%20", "",$ret_string );
	    $ret_string = stripslashes ($ret_string);
	    return $ret_string;
	}

in general:

1) I had to change all classes and functions  to the date

2) lost sessions

3) captcha deprecated functions cause errors (i think its not even working) replace with google recaptcha

4) vendor components like smarty not working on latest PHP 7.4+ (even if you update them)

5) there are code violations in almost everything (at some point i was wondering how it even works)

6) Important: cached functions (specially on interlude need critical fixes)

7) this can run on special host they provide (NO SSL) and PHP 5.6 MAX

😎 if you try to run the panel with SSL it will refuse

9) if you know how to make a new template DO it codes are missing

10) statistics not working and are big jokes on terms of code

11) statistics functions ASC/DESC not working

12) there is no trace of error catching system

13) if your server restart people can see your database password user name and ip and everything

14) there are some cheat functions that not checking for certain conditions for example if char is online

15) almost all code is dated back to 2010 when mysql_connect function removed

16) images missing the existing ones are extracted by name not by id (thats an easy part)

17) you will have random logouts cause user session is not working correctly at some parts of the website

18) clown custom functions like "main" and "mail" are hazard is like naming a function function

19) all this are the tip of the iceberg

20) PHPMailer was so old i was going high school i think...

 

so after a month i managed to rebuild it and keep only the template structure and fix/test the cached functions in the end thats what left worth....

this is the biggest joke on l2 the price is half it was 3 years ago it was 300+

the guy who coded this probably used internet tutorials and still to this date hates PHP

i was selling it with extra responsive template even on phones, payment functions Paypal G2APay and more but it was too much time consuming to sell it cause of the installation since nobody know how to do it even with guides eventually instead of selling it i gave up cause nobody wanted so expensive l2off shit

 

http://prntscr.com/139jbzo

http://prntscr.com/139jgwy

http://prntscr.com/139jiog

http://prntscr.com/139jktn

http://prntscr.com/139jlu8

 

PS the share is an account panel NOT a website

PS Congratulations if you end up make it working 🙂

PS The security is not only 1 badly written function is not even checking for XSS attacks, or utfmb8 (imagine some Chinese character (简 化 字) having sexy time with your database)

but as i said what i mention is the tip of the iceberg..

  • Upvote 2
Link to comment
Share on other sites

Thanks for posting the issues of this User Panel @Nightw0lf i had an friend who managed to fix/solve the issues of this he sent me and i shared it for those who need test fix it by them selves.

  • Upvote 1
Link to comment
Share on other sites

oh shit i found my tester

<?php
/*************************************************************************************
 *
 * Author Nightwolf
 * Designer Dehnise
 * Created for Denart Designs that holds the ownership of this files.
 *
 * Purchased at https://shop.denart-designs.com/ get updates latest news and support.
 *
 * Copyright (C) 2019 DenArt-Designs <info@denart-designs.com>, Inc - All Rights Reserved
 * Unauthorized copying of this file, via any medium is strictly prohibited
 * This file is part of DenArt Panel.
 * Parts of the code can not be copied and/or distributed under any circumstances.
 *
 * For further questions contact us.
 * Email <info@denart-designs.com>
 * Skype <denart_grafistiki>
 *
 * Thank you for supporting us and helping to improve DenArt Designs.
 *
 *************************************************************************************/

error_reporting(E_ALL);
ini_set("display_errors", true);
setlocale(LC_TIME, 'en_US.UTF-8');
ini_set("max_execution_time", 10);
?>
<!doctype html>
<html lang="en">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
		<title>Test Web Host</title>
		<meta name="author" content="DenArt">
	</head>
<body>
<center>
<h1>SQL Server Connection Test</h1><br>
Detail: if you don't see any "Success" message then you cant use our panel because your web host does not support this kind of connections.<br>
You can try to switch the PHP Version and check again<br>
Recommended PHP Version 7.3.0+ <br>
Using PHP Version:<b><?php echo phpversion(); ?></b><br>
<hr/>
</center>
Curl: <?php echo function_exists('curl_version') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
Array_merge: <?php echo function_exists('array_merge') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (G2A Function)<br>
openssl_pkey_get_public: <?php echo function_exists('openssl_pkey_get_public') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (Paysera Function)<br>
Simplexml_load_string: <?php echo function_exists('simplexml_load_string') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
<?php
// EDIT THIS
$host = "CPU\SQLEXPRESS"; // server IP Address
$user = "sa";
$pass = "sa";

// ONLY IF NEED EDIT THIS
$base = "lin2world";
$port = 1433;
$q = 'SELECT top 10 char_name FROM user_data';

// DO NOT EDIT ABOVE

$charset = 'utf8';
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];
// if you get error message excecution time exceed remove 2 and 4
$methods = array(1, 2, 3, 4, 5);
foreach ($methods as $method)
{
	$message = null;
	if ($method == 1)
	{
		echo "------------------------<br>";
		echo "Testing mssql_connect()...<br>";
		try
		{
			if (function_exists('mssql_connect'))
			{
				$con = mssql_connect($host, $user, $pass);
				if ($con)
				{
					echo "mssql_connect() successfully connected!<br>";
					$db_selected = mssql_select_db($base, $con);
					if (!$db_selected)
						echo ('Can\'t use db : ' . mssql_get_last_message());
					$result = mssql_query($q);
					if (!$result)
						echo ('Invalid query: ' . mssql_get_last_message());
					$Count = mssql_num_rows($result);
					print "Showing $Count rows:\n\n";
					while ($Row = mssql_fetch_assoc($result))
					{
						echo "<pre>" . $Row['char_name'] . "</pre><br>";
					}
					mssql_close($con);
				}
				else
				{
					echo "mssql_connect() failed to connect!<br>";
				}
			}
			else
			{
				echo "mssql_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mssql_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	
	if ($method == 2)
	{
		echo "------------------------<br>";
		echo "Testing odbc_connect()...<br>";
		try
		{
			if (function_exists('odbc_connect'))
			{
				$con = odbc_connect("DRIVER={SQL Server};SERVER=".$host.";Port=1433;Database=".$base, $user, $pass);
				if($con)
				{
					echo "odbc_connect() successfully connected!<br>";
					$result = odbc_exec($q,$con);
				}
				else
					echo "odbc_connect() failed to connect!<br>";
			}
			else
			{
				echo "odbc_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "odbc_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 3)
	{
		echo "------------------------<br>";
		echo "Testing PDO(all available drivers)...<br>";
		$dsn = null;
		try
		{
			foreach (PDO::getAvailableDrivers() as $driver)
			{
				if ($driver == "odbc")
				{
					$driver = "odbc:Driver={SQL Server}";
				}
				$driver .= ":";
				$dsn = $driver."Server=$host,$port;Database=$base";
				if ($driver == "sqlsrv:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo "<pre>".$row['char_name']."</pre>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "odbc:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "dblib:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else 
					echo $driver." Failed or will not be checked<br>";
			}
			
		}
		catch (\PDOException $e)
		{
			echo $e->getMessage(). ' '.(int)$e->getCode();
		}
	}
	if ($method == 4)
	{
		echo "------------------------<br>";
		echo "Testing mysqli_connect()...<br>";
		try
		{
			if (function_exists('mysqli_connect'))
			{
				$con = mysqli_connect("p:".$host.":1433", $user, $pass, $base);
				if ($con)
				{
					echo "mysqli_connect() successfully connected!" . PHP_EOL;
					echo "Host information: " . mysqli_get_host_info($con) . PHP_EOL;
				}
				else
				{
					echo "mysqli_connect() failed to connect!" . PHP_EOL;
					echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
					echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
				}

				mysqli_close($con);
			}
			else
			{
				echo "mysqli_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mysqli_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 5)
	{
		echo "------------------------<br>";
		echo "Testing sqlsrv_connect()...<br>";
		try
		{
			if (function_exists('sqlsrv_connect'))
			{
				$con = sqlsrv_connect($host, array("Database" =>$base, "UID" => $user, "PWD" => $pass));
				if ($con)
				{
					echo "sqlsrv_connect() successfully connected!<br>";
					if(($result = sqlsrv_query($con, $q)) !== false)
					{
						echo "Results of char_name:<br>";
						while($obj = sqlsrv_fetch_object($result))
						{
							echo "<pre>".$obj->char_name."</pre>";
						}
					}
				}
				else
				{
					print_r(sqlsrv_errors(), true);
					echo "sqlsrv_connect() failed to connect!<br>";
				}
				//sqlsrv_close($con);
			}
			else
			{
				echo "sqlsrv_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "qlsrv_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
}

echo phpinfo();

 

this will show you if the HOST you are on will make the panel finally work

since this tester is for my panel with payment functions ignore the PASS/FAIL messages

focus on the connection

 

PS : OVH is not a host for this panel

Link to comment
Share on other sites

  • 4 months later...

Thanks for this amazing share omg this is so wanted!!!

ive edited the config.php looks okay,

 

Can this panel work without connecting it to the server instead making a database on the webhosting?

Edited by MK Arigato
Link to comment
Share on other sites

On 10/21/2021 at 2:50 PM, MK Arigato said:

Can this panel work without connecting it to the server instead making a database on the webhosting?


Hello, @MK Arigato !

It's better to connect it with your database otherwise it will loose the main functions you were looking for. 
You want to make a data transfers and to stream the database records for the chosen user directly on the panel right.. ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share



  • Posts

    • INFORMATIONS Website https://www.l2quickhero.com/ L2QuickHero - Lineage 2 QuickHero Interlude.   Chronicle Interlude Rates All x1000 (PVP) Main town Giran Starting/Subclass level: 80 NPC: Global Gateekeper GMSHOP (free B-Grade items) Buffer (fast buffer and scheme buffer) Skill Enchanter (All Classes) Subclass Manager (All Classes) Augment Manager Siege Manager Event Manager Custom Shop: Armors: Apella Armors, 0% 50% 100% (100% balanced) Weapons: S-Grade Weapons, LvL 1 Quick Weapons LvL 2 Blood Weapon (100% balanced) Accessories: Some +HP +RunSpeed ^ +300 m.def/p.def Jewl Nacklace Of Brakki following effects: MP +42 and +60% resistance to most of the debuffs. Necklace Of Hekaton following effects: MP +42 and +15% CP Necklace Of Naga following effects: MP +42 and +15% HP. Earring Of Garacsia following effects: MP +31, +10% bow resistance and +15 speed. Earring Of Ipos following effects: MP +31, +10% dagger resistance and +15 speed. Earring Of Kandra following effects: MP +31, +20% wind resistance and +15 speed. Earring Of Von Helman following effects: MP +31, +20% dark resistance and +15 speed. Earring Of Vermilion following effects: MP +31, +20% fire resistance and +15 speed. Earring Of Falston following effects: MP +31, +20% water resistance and +15 speed. Ring Of Horuth following effects: MP +21 and +10% P.Def. Ring Of Mos following effects: MP +21 and +10% M.Def. Ring Of Shadith following effects: MP +21 and 500% faster Hp regen. Ring Of Tayr following effects: MP +21 and +100 bow range. Buffer: Buffs Slots: 63 Buffs,+Vote Buff All buffs in NPC Buffer and Scheme System Enchant: Safe: +4 Max: +20 More Info Here Copy and paste in your browser to download >> https://mega.nz/file/LTpwXBTR#ukSoDW4ikjFRzttiA1Lb1UBwLjc7XcPC3sM2x6MPthA Normal Enchant: Max +16. Fail = You get Crystals Blessed Enchant: Max +16 From 16 To 20 With Cristal. Never fail Cristal Scroll: 0-20 +20 Fail? Keep current enchant level. Augment System: Top Grade Life Stone: 5% Chance High Grade Life Stone: 3% Chance Mid Grade Life Stone: 1% Chance Max 1 Active + 1 Passive skill Economy: Apella/Armors and Weapons obtainable by killing Raid Bosses. ALL ITEMS ARE FARMABLE !!. Castle Sieges: Castles:All Castles Siege Period: Every 5-6 days Siege Duration: 120 minutes duration Only registered clans can join the siege Olympiad: Period: 3-4 days Time: 18h to 24h GMT +1 Items: Grade A / No Custom Enchant: +20 Minimum 9 Matches(with at least 1 Win)to be Hero. Raid Drops 76+: RESPAWN 1H X1 Weapon Blood (Random 3%) X1 Blood Armor (Random 3%) X1 Jewl 3% X1 Clan Rep Random Epic Boss Drops 76+: X2 Blood Weapon (Random 100%) X2 Apella Armor (Random 100%) X2 Blood Armor (Random 100%) X1 Clan Rep Random Epic Boss: Queen Ant: Resp 128h Zaken: Resp 128h Baium: Resp 128h Antharas: Resp 128h Valakas: Resp 128h Events: Party Farm Tournament Other: Stable Platform Interlude retail skills Auto Learn Skills Auto pick up Drop Max 3 subclasses Chance Minimum Debuffs - 10% Chance Maximum Debuffs - 90% Geodata and Pathnode Offline Shop System Vote Reward System
    • agree one of the best servers 🙂
    • Great team, with an amazing project. Wish you all the best !
    • guys as i testing one acis pack rev 382 i saw that .gotolove command didnt exist. can someone please give a solution
  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disbaled AdBlock