![[RELEASE]Luna2 Serverfiles and more](https://www.elitepvpers.com/forum/iconimages/metin2-guides-templates/release-luna2-serverfiles-more_ltr.gif){kind=small}
Hey Epvp.
I had a conversation with the admin of Luna2 in skype (Akaja). But now he dont anwsere me and dont give me my part of the deal i made with him.
I had accsess to the Rootserver System of Luna2.
So the fact is i got all the files of the gameservers and also got some parts of the homepage.
The other reason i release this here is, that the passwords are saved in clear letters to the database ( No MYSQL hash ) so he simply ripps the useres of, of he want. I made him offer to get his servers secure but hes not anwsering.
If you want have the Files add me on skype ( peter.enis93 ). I have uploadet the files as well and in the next time i will upload some parts of the databases with clear letter passes.
I will attach the registration PHP of luna2 webserver here, so you can have a look on the querys.
Have a gn
Register.php :
I had a conversation with the admin of Luna2 in skype (Akaja). But now he dont anwsere me and dont give me my part of the deal i made with him.
I had accsess to the Rootserver System of Luna2.
So the fact is i got all the files of the gameservers and also got some parts of the homepage.
The other reason i release this here is, that the passwords are saved in clear letters to the database ( No MYSQL hash ) so he simply ripps the useres of, of he want. I made him offer to get his servers secure but hes not anwsering.
If you want have the Files add me on skype ( peter.enis93 ). I have uploadet the files as well and in the next time i will upload some parts of the databases with clear letter passes.
I will attach the registration PHP of luna2 webserver here, so you can have a look on the querys.
Have a gn
Register.php :
Code:
<h2>Luna2 Registration</h2>
<div id="con-mid"><div id="con_mid_con">
<?PHP
$regCoins = 0; // Startcoins
$laufZeit = 365; //Tage autoloot,safebox
$calcLZ = (60*60*24)*365;
$expireStamp = time()+$calcLZ;
$expireDate = date("Y-m-d H:i:s",$expireStamp);
if($serverSettings['register_on'] && !isset($_SESSION['user_admin'])) {
if(isset($_POST['submit']) && $_POST['submit']=="registrieren") {
if((checkAnum($_POST['account']) && strlen($_POST['account'])>=8 && strlen($_POST['account'])<=16) && checkAnum($_POST['pass']) && strlen($_POST['pass'])>=8 && strlen($_POST['pass2'])<=16 && !empty($_POST['pass2']) && (checkName($_POST['uname']) && strlen($_POST['uname'])>=3 && strlen($_POST['uname'])<=20) && $_POST['pass']==$_POST['pass2'] && checkMail($_POST['email']) && strlen($_POST['email'])<=40 && $_POST['captcha']==$_SESSION['captcha_id'] && $_POST['email']==$_POST['email2'] && (checkAnum($_POST['sicherheitsa']) && strlen($_POST['sicherheitsa'])>=3 && strlen($_POST['sicherheitsa'])<=16) && checkInt($_POST['sicherheitsf']) && (checkAnum($_POST['loeschcode']) && strlen($_POST['loeschcode'])==7)) {
$hashSF = md5($_POST['sicherheitsa']);
$sfNum = mysql_real_escape_string($_POST['sicherheitsf']);
$lcode = mysql_real_escape_string($_POST['loeschcode']);
$zuFall = rand(99999,999999999);
$userpass=mysql_real_escape_string($_POST['pass']);
$aktivHash = ($serverSettings['mail_activation']) ? md5($zuFall):'';
$accountStatus = ($serverSettings['mail_activation']) ? 'BLOCK':'OK';
$sqlCmd = "INSERT INTO account.account
(login,password,real_name,email,social_id,question1,answer1,create_time,status,coins,autoloot_expire,safebox_expire,web_aktiviert,password2)
VALUES
('".$_POST['account']."',PASSWORD('".$userpass."'),'".mysql_real_escape_string($_POST['uname'])."','".mysql_real_escape_string($_POST['email'])."','".$lcode."','".$sfNum."','".$hashSF."','".$sqlZeit."','".$accountStatus."','".$regCoins."','".$expireDate."','".$expireDate."','".$aktivHash."','".$userpass."')";
$sqlQry = mysql_query($sqlCmd,$sqlServ);
if($sqlQry) {
$absender = $serverSettings['titel']." Registration";
$email = $serverSettings['reg_mail'];
$empfaenger = $_POST['email'];
$mail_body = "Hallo ".$_POST['uname'].",
deine Registration auf ".$serverSettings['titel']." war erfolgreich! Um auch auf dem Server spielen zu können, musst du deinen Account aktivieren.
Das kannst du über den folgenden Link tun:
".$serverSettings['url']."/index.php?s=login&do=aktivieren&hash=".$aktivHash."
Deine Daten sind:
Account: ".$_POST['account']."
Passwort: ".$userpass."
Löschcode: ".$lcode."
Sicherheitsfrage: ".$sFrage[$sfNum]."
Antwort: ".$_POST['sicherheitsa']."
Viel Spaß beim Spielen,
Dein ".$serverSettings['titel']."-Team
Diese E-Mail wurde automatisch generiert. Bitte keine Antworten an diese Adresse schicken.";
$titel = "Registrierung auf ".$serverSettings['titel'];
$header = "X-Priority: 3\n";
$header .= "X-Mailer: ".$serverSettings['titel']." Homepage Mailer\n";
$header .= "MIME-Version: 1.0\n";
$header .= "From: ".$absender." <".$serverSettings['reg_mail'].">\n";
$header .= "Reply-To: ".$serverSettings['reg_mail']."\n";
$header .= "Content-Type: text/plain; charset=iso-8859-1\n";
if($serverSettings['mail_activation']) {
mail($empfaenger, $titel, $mail_body, $header);
echo'<p class="meldung">Account erfolgreich angelegt. Bitte überprüfen Sie Ihr Postfach, um die Registrierung zu bestätigen.</p>';
}
else {
echo'<center><font color="#00C00">Account erfolgreich angelegt! Sie können sich nun anmelden.</font></center>';
}
}
else {
echo'<center><font color="#FF0000">Registrierung fehlgeschlagen: Der Account existiert bereits.</font></center>';
}
}
else {
echo'<center><font color="#FF0000">Registrierung fehlgeschlagen: bitte alle Felder richtig angeben.</font></center>';
}
}
?>
<center>
<div class="infobox">Alle Felder sind Pflichtfelder und müssen ausgefüllt werden.</div>
<div class="errormsgbox">ACHTUNG: Benutzt keine Account-Daten von anderen PServern oder Accountdetails die Ihr bereits verwendet habt!</div>
<?PHP if($serverSettings['mail_activation']) { echo'<br/><b>Der Account wird per E-Mail aktiviert, also eine richtige E-Mail eingeben!</b>'; } ?></font></center>
<div class="p">
<form action="index.php?s=register" method="POST">
<table width="100%">
<tr>
<th class="topLine">Account:</th>
<td class="tdunkel"><input type="text" name="account" maxlength="16" size="16"/></td>
<td class="thell">6-16 Zeichen (nur a-Z,0-9)</td>
</tr>
<tr>
<th class="topLine">Name:</th>
<td class="thell"><input type="text" name="uname" maxlength="16" size="16"/></td>
<td class="thell">3-20 Zeichen (nur a-Z,0-9)</td>
</tr>
<tr>
<th class="topLine">Password:</th>
<td class="tdunkel"><input type="password" name="pass" maxlength="16" size="16"/></td>
<td class="thell">8-16 Zeichen (nur a-Z,0-9)</td>
</tr>
<tr>
<th class="topLine">Password wiederholen:</th>
<td class="thell"><input type="password" name="pass2" maxlength="16" size="16"/></td>
<td class="thell"></td>
</tr>
<tr>
<th class="topLine">E-Mail:</th>
<td class="tdunkel"><input type="text" name="email" maxlength="50" size="25"/></td>
<td class="thell">max. 40 Zeichen</td>
</tr>
<tr>
<th class="topLine">E-Mail wiederholen:</th>
<td class="thell"><input type="text" name="email2" maxlength="50" size="25"/></td>
<td class="thell"></td>
</tr>
<tr>
<th class="topLine">Löschcode:</th>
<td class="tdunkel"><input type="text" name="loeschcode" maxlength="7" size="7"/> </td>
<td class="thell">7 Zeichen (nur a-Z,0-9)</td>
</tr>
<tr>
<th class="topLine">Sicherheitsfrage:</th>
<td class="thell">
<select name="sicherheitsf">
<?PHP
foreach($sFrage AS $fragew => $frage) {
echo'<option value="'.$fragew.'">'.$frage.'</option>';
}
?>
</select>
<input type="text" name="sicherheitsa" maxlength="16" size="16"/> 3-16 Zeichen (nur a-Z,0-9)
</td><td class="thell"></td>
</tr>
<tr>
<th class="topLine">Captcha:</th>
<td class="tdunkel"><img src="./captcha/captcha.php" title="Captcha"/> <input type="text" name="captcha" maxlength="5" size="5"/></td>
<td class="thell"></td>
</tr>
<tr>
<th class="topLine" style="text-align:center;" colspan="3"><input type="submit" name="submit" value="registrieren" class="long"/> • <input class="superlong" type="reset" value="zurücksetzen"/></th>
</tr>
</table>
</form>
</div>
<?PHP
}
else {
echo'<p class="meldung">Die Registration ist deaktiviert oder Sie sind bereits angemeldet. Es kann kein weiterer Account erstellt werden.</p>';
}
?>
</div></div>
<div id="con-bot"></div>
