Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing

PHP ADVEXT user panel

Celestine
 Share

Recommended Posts

Celestine Challenger

Celestine

Posted
Posted (edited)

Hello, this is the functional ADVEXT user panel for all chronicles, from interlude to h5 L2off of course, I made small changes to it so that it also works with Vanganth and the Eressea extender (MyExt64)

The information of the panel is here: http://www.depmax64.com/forum/index.php?threads/account-panel.1882/ It costs 165 Dollars

You can download it here: Download

To configure it is very simple, you just have to edit the conf.php file that is in the root folder.

Its functions are:

 

Changing password

Password recovery

Ip binding

Account logs

Inventory viewer

Changing character name, or color name/title

Function "I'm stucked", which gives ability to teleport to nearest town.

Edited by Celestine
  • Like 2
  • Thanks 1
Nightw0lf Mentor

Nightw0lf

Posted
Posted (edited)

yeah it has some <<small issues>>

if you for example try to pass any other malicious shit other than that 

public function secure($check_string)
	{
	    $ret_string = $check_string;
	    $ret_string = htmlspecialchars ($ret_string);
	    $ret_string = strip_tags ($ret_string);
	    $ret_string = trim ($ret_string);
	    $ret_string = str_replace ('\\l', '', $ret_string);
	    $ret_string = str_replace (' ', '', $ret_string);
	    $ret_string  = str_replace("'", "", $ret_string );
	    $ret_string  = str_replace("\"", "",$ret_string );
	    $ret_string  = str_replace("--", "",$ret_string );
	    $ret_string  = str_replace("^", "",$ret_string );
	    $ret_string  = str_replace("&", "",$ret_string );
	    $ret_string  = str_replace("(", "",$ret_string );
	    $ret_string  = str_replace(")", "",$ret_string );
	    $ret_string  = str_replace("=", "",$ret_string );
	    $ret_string  = str_replace("+", "",$ret_string );
	    $ret_string  = str_replace("%00", "",$ret_string );
	    $ret_string  = str_replace(";", "",$ret_string );
	    $ret_string  = str_replace(":", "",$ret_string );
	    $ret_string  = str_replace("|", "",$ret_string );
	    $ret_string  = str_replace("<", "",$ret_string );
	    $ret_string  = str_replace(">", "",$ret_string );
	    $ret_string  = str_replace("~", "",$ret_string );
	    $ret_string  = str_replace("`", "",$ret_string );
	    $ret_string  = str_replace("%20and%20", "",$ret_string );
	    $ret_string = stripslashes ($ret_string);
	    return $ret_string;
	}

in general:

1) I had to change all classes and functions  to the date

2) lost sessions

3) captcha deprecated functions cause errors (i think its not even working) replace with google recaptcha

4) vendor components like smarty not working on latest PHP 7.4+ (even if you update them)

5) there are code violations in almost everything (at some point i was wondering how it even works)

6) Important: cached functions (specially on interlude need critical fixes)

7) this can run on special host they provide (NO SSL) and PHP 5.6 MAX

😎 if you try to run the panel with SSL it will refuse

9) if you know how to make a new template DO it codes are missing

10) statistics not working and are big jokes on terms of code

11) statistics functions ASC/DESC not working

12) there is no trace of error catching system

13) if your server restart people can see your database password user name and ip and everything

14) there are some cheat functions that not checking for certain conditions for example if char is online

15) almost all code is dated back to 2010 when mysql_connect function removed

16) images missing the existing ones are extracted by name not by id (thats an easy part)

17) you will have random logouts cause user session is not working correctly at some parts of the website

18) clown custom functions like "main" and "mail" are hazard is like naming a function function

19) all this are the tip of the iceberg

20) PHPMailer was so old i was going high school i think...

 

so after a month i managed to rebuild it and keep only the template structure and fix/test the cached functions in the end thats what left worth....

this is the biggest joke on l2 the price is half it was 3 years ago it was 300+

the guy who coded this probably used internet tutorials and still to this date hates PHP

i was selling it with extra responsive template even on phones, payment functions Paypal G2APay and more but it was too much time consuming to sell it cause of the installation since nobody know how to do it even with guides eventually instead of selling it i gave up cause nobody wanted so expensive l2off shit

 

http://prntscr.com/139jbzo

http://prntscr.com/139jgwy

http://prntscr.com/139jiog

http://prntscr.com/139jktn

http://prntscr.com/139jlu8

 

PS the share is an account panel NOT a website

PS Congratulations if you end up make it working 🙂

PS The security is not only 1 badly written function is not even checking for XSS attacks, or utfmb4 (imagine some Chinese character (简 化 字) having sexy time with your database)

but as i said what i mention is the tip of the iceberg..

Edited by Nightw0lf
  • Upvote 2
Celestine Challenger

Celestine

Posted
  • Author
Posted

Thanks for posting the issues of this User Panel @Nightw0lf i had an friend who managed to fix/solve the issues of this he sent me and i shared it for those who need test fix it by them selves.

  • Upvote 1
Nightw0lf Mentor

Nightw0lf

Posted
Posted

oh shit i found my tester 

<?php
/*************************************************************************************
 *
 * Author Nightwolf
 * Designer Dehnise
 * Created for Denart Designs that holds the ownership of this files.
 *
 * Purchased at https://shop.denart-designs.com/ get updates latest news and support.
 *
 * Copyright (C) 2019 DenArt-Designs <info@denart-designs.com>, Inc - All Rights Reserved
 * Unauthorized copying of this file, via any medium is strictly prohibited
 * This file is part of DenArt Panel.
 * Parts of the code can not be copied and/or distributed under any circumstances.
 *
 * For further questions contact us.
 * Email <info@denart-designs.com>
 * Skype <denart_grafistiki>
 *
 * Thank you for supporting us and helping to improve DenArt Designs.
 *
 *************************************************************************************/

error_reporting(E_ALL);
ini_set("display_errors", true);
setlocale(LC_TIME, 'en_US.UTF-8');
ini_set("max_execution_time", 10);
?>
<!doctype html>
<html lang="en">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
		<title>Test Web Host</title>
		<meta name="author" content="DenArt">
	</head>
<body>
<center>
<h1>SQL Server Connection Test</h1><br>
Detail: if you don't see any "Success" message then you cant use our panel because your web host does not support this kind of connections.<br>
You can try to switch the PHP Version and check again<br>
Recommended PHP Version 7.3.0+ <br>
Using PHP Version:<b><?php echo phpversion(); ?></b><br>
<hr/>
</center>
Curl: <?php echo function_exists('curl_version') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
Array_merge: <?php echo function_exists('array_merge') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (G2A Function)<br>
openssl_pkey_get_public: <?php echo function_exists('openssl_pkey_get_public') ? "<font color='green'>PASS</font>" : "<font color='orange'>FAIL</font>" ; ?> (Paysera Function)<br>
Simplexml_load_string: <?php echo function_exists('simplexml_load_string') ? "<font color='green'>PASS</font>" : "<font color='red'>FAIL</font>" ; ?><br>
<?php
// EDIT THIS
$host = "CPU\SQLEXPRESS"; // server IP Address
$user = "sa";
$pass = "sa";

// ONLY IF NEED EDIT THIS
$base = "lin2world";
$port = 1433;
$q = 'SELECT top 10 char_name FROM user_data';

// DO NOT EDIT ABOVE

$charset = 'utf8';
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];
// if you get error message excecution time exceed remove 2 and 4
$methods = array(1, 2, 3, 4, 5);
foreach ($methods as $method)
{
	$message = null;
	if ($method == 1)
	{
		echo "------------------------<br>";
		echo "Testing mssql_connect()...<br>";
		try
		{
			if (function_exists('mssql_connect'))
			{
				$con = mssql_connect($host, $user, $pass);
				if ($con)
				{
					echo "mssql_connect() successfully connected!<br>";
					$db_selected = mssql_select_db($base, $con);
					if (!$db_selected)
						echo ('Can\'t use db : ' . mssql_get_last_message());
					$result = mssql_query($q);
					if (!$result)
						echo ('Invalid query: ' . mssql_get_last_message());
					$Count = mssql_num_rows($result);
					print "Showing $Count rows:\n\n";
					while ($Row = mssql_fetch_assoc($result))
					{
						echo "<pre>" . $Row['char_name'] . "</pre><br>";
					}
					mssql_close($con);
				}
				else
				{
					echo "mssql_connect() failed to connect!<br>";
				}
			}
			else
			{
				echo "mssql_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mssql_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	
	if ($method == 2)
	{
		echo "------------------------<br>";
		echo "Testing odbc_connect()...<br>";
		try
		{
			if (function_exists('odbc_connect'))
			{
				$con = odbc_connect("DRIVER={SQL Server};SERVER=".$host.";Port=1433;Database=".$base, $user, $pass);
				if($con)
				{
					echo "odbc_connect() successfully connected!<br>";
					$result = odbc_exec($q,$con);
				}
				else
					echo "odbc_connect() failed to connect!<br>";
			}
			else
			{
				echo "odbc_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "odbc_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 3)
	{
		echo "------------------------<br>";
		echo "Testing PDO(all available drivers)...<br>";
		$dsn = null;
		try
		{
			foreach (PDO::getAvailableDrivers() as $driver)
			{
				if ($driver == "odbc")
				{
					$driver = "odbc:Driver={SQL Server}";
				}
				$driver .= ":";
				$dsn = $driver."Server=$host,$port;Database=$base";
				if ($driver == "sqlsrv:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo "<pre>".$row['char_name']."</pre>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "odbc:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else if ($driver == "dblib:")
				{
					$con = new PDO($dsn, $user, $pass, $options);
					if ($con)
					{
						echo "PDO $driver successfully connected!<br>";
						$stmt = $con->prepare($q);
						$stmt->execute();
						echo "Results of char_name:<br>";
						while ($row = $stmt->fetch())
						{
							echo $row['char_name']."<br>";
						}
						unset($con); unset($stmt);
					}
				}
				else 
					echo $driver." Failed or will not be checked<br>";
			}
			
		}
		catch (\PDOException $e)
		{
			echo $e->getMessage(). ' '.(int)$e->getCode();
		}
	}
	if ($method == 4)
	{
		echo "------------------------<br>";
		echo "Testing mysqli_connect()...<br>";
		try
		{
			if (function_exists('mysqli_connect'))
			{
				$con = mysqli_connect("p:".$host.":1433", $user, $pass, $base);
				if ($con)
				{
					echo "mysqli_connect() successfully connected!" . PHP_EOL;
					echo "Host information: " . mysqli_get_host_info($con) . PHP_EOL;
				}
				else
				{
					echo "mysqli_connect() failed to connect!" . PHP_EOL;
					echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
					echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
				}

				mysqli_close($con);
			}
			else
			{
				echo "mysqli_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "mysqli_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
	if ($method == 5)
	{
		echo "------------------------<br>";
		echo "Testing sqlsrv_connect()...<br>";
		try
		{
			if (function_exists('sqlsrv_connect'))
			{
				$con = sqlsrv_connect($host, array("Database" =>$base, "UID" => $user, "PWD" => $pass));
				if ($con)
				{
					echo "sqlsrv_connect() successfully connected!<br>";
					if(($result = sqlsrv_query($con, $q)) !== false)
					{
						echo "Results of char_name:<br>";
						while($obj = sqlsrv_fetch_object($result))
						{
							echo "<pre>".$obj->char_name."</pre>";
						}
					}
				}
				else
				{
					print_r(sqlsrv_errors(), true);
					echo "sqlsrv_connect() failed to connect!<br>";
				}
				//sqlsrv_close($con);
			}
			else
			{
				echo "sqlsrv_connect() function is not available.<br />";
			}
		}
		catch (Exception $e)
		{
			echo "qlsrv_connect() Failed to connect! ".$e->getMessage()."<br>";
		}
	}
}

echo phpinfo();

 

this will show you if the HOST you are on will make the panel finally work

since this tester is for my panel with payment functions ignore the PASS/FAIL messages

focus on the connection

 

PS : OVH is not a host for this panel

  • 4 months later...
Bearus Enthusiast

Bearus

Posted
Posted (edited)

Thanks for this amazing !!!

ive edited the config.php looks okay,

 

Can this panel work without connecting it to the server instead making a database on the webhosting?

Edited by Bearus
Victory Collaborator

Victory

Posted
Posted
On 10/21/2021 at 2:50 PM, MK Arigato said:

Can this panel work without connecting it to the server instead making a database on the webhosting?


Hello, @MK Arigato !

It's better to connect it with your database otherwise it will loose the main functions you were looking for. 
You want to make a data transfers and to stream the database records for the chosen user directly on the panel right.. ?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • L2-Genesis
      L2Genesis

      By L2-Genesis · Posted

      I’m coming to you with a small update — internal testing is currently underway. We’re working on catching minor issues and resolving them before the server launch 😉 In the near future, we’re planning public tests, which you’ll all be invited to. At the same time, I’ll be sharing a few Quality of Life changes coming to L2 Genesis.   Even if you’re not interested in playing right now, but you are a long-time Lineage 2 player, feel free to join our community. We would greatly appreciate your experience and feedback to help us improve and develop our project. Join the growing L2Genesis community: https://discord.gg/mcuHsQzNCm Also check our website: https://l2genesis.com/   Offline Shop System — run your shop without being online.   Buff Shop System — playing as a buffer? When you’re not in the game, sell buffs! Reworked classic interface, adapted to Interlude — shown here with the inventory menu as an example. New custom mob drop and spoil preview. DualBox Verification System — each player can only use one active account at a time. Genesis Wiki — a collection of all essential information about items, NPCs, drops, spoils, and quests.
    • MarGaZeaS
      L2 Interlude C6 Private Server Project

      By MarGaZeaS · Posted

      https://gitlab.com/Tryskell/acis_public nai swsta, exeis kati pio updated na mas protineis? 
    • TheDarknessFear
      Paid server pack - Free server

      By TheDarknessFear · Posted

      Answered, locked.
    • Red-Hair-Shanks
      L2Gold-Enma

      By Red-Hair-Shanks · Posted

      🔥 L2Gold Enma – High Rate PvP Interlude 🔥 Interlude Chronicle • C6 Skills • Pure PvP Experience Welcome to L2Gold Enma, a high-rate PvP server designed for players who want instant action, balanced gameplay and nonstop PvP, without pointless grinding. ⚔️ Server Rates XP / SP: x1000 Adena / Drops: x10 Chronicle: Interlude Skills: C6 balanced skills Buff duration: 2 hours No weight limit 🎮 Gameplay Philosophy Fast leveling, instant PvP Clean Interlude experience No pay-to-win mechanics Focus on skill-based PvP 🛡️ Core Features Global Gatekeeper Offline shops Auto events (TvT, DM, CTF, etc.) Retail-like Olympiad with custom balance Active Raid Bosses Easy access to PvP gear 🏰 PvP & Competition Mass PvP & clan wars Meaningful castle sieges Olympiad focused on player skill Balanced classes for both solo & group PvP ⚡ Why L2Gold Enma? Interlude nostalgia with C6 skills High rates, low grind Stable server & active development Community-focused updates 💥 Join L2Gold Enma and dominate the battlefield! This is not a farm server. This is PvP   https://l2gold-enma.com/ https://discord.com/invite/Ba9cHj3HUJ
    • madocter
      Super share: Clients - Server - Tools - Sources [Prelude-c6]

      By madocter · Posted

      Hi I'm still online for this but making backup of everything in that time I didn't organize well so let me create a pack and upload to archive.org maybe. Thanks ! we can enrich togethers this if everyone add more and more old files.

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..