Hey Epvp.
I had a conversation with the admin of Luna2 in skype (Akaja). But now he dont anwsere me and dont give me my part of the deal i made with him.
I had accsess to the Rootserver System of Luna2.
So the fact is i got all the files of the gameservers and also got some parts of the homepage.
The other reason i release this here is, that the passwords are saved in clear letters to the database ( No MYSQL hash ) so he simply ripps the useres of, of he want. I made him offer to get his servers secure but hes not anwsering.
If you want have the Files add me on skype ( peter.enis93 ). I have uploadet the files as well and in the next time i will upload some parts of the databases with clear letter passes.
I will attach the registration PHP of luna2 webserver here, so you can have a look on the querys.
Have a gn
Register.php :
I had a conversation with the admin of Luna2 in skype (Akaja). But now he dont anwsere me and dont give me my part of the deal i made with him.
I had accsess to the Rootserver System of Luna2.
So the fact is i got all the files of the gameservers and also got some parts of the homepage.
The other reason i release this here is, that the passwords are saved in clear letters to the database ( No MYSQL hash ) so he simply ripps the useres of, of he want. I made him offer to get his servers secure but hes not anwsering.
If you want have the Files add me on skype ( peter.enis93 ). I have uploadet the files as well and in the next time i will upload some parts of the databases with clear letter passes.
I will attach the registration PHP of luna2 webserver here, so you can have a look on the querys.
Have a gn
Register.php :
Code:
<h2>Luna2 Registration</h2> <div id="con-mid"><div id="con_mid_con"> <?PHP $regCoins = 0; // Startcoins $laufZeit = 365; //Tage autoloot,safebox $calcLZ = (60*60*24)*365; $expireStamp = time()+$calcLZ; $expireDate = date("Y-m-d H:i:s",$expireStamp); if($serverSettings['register_on'] && !isset($_SESSION['user_admin'])) { if(isset($_POST['submit']) && $_POST['submit']=="registrieren") { if((checkAnum($_POST['account']) && strlen($_POST['account'])>=8 && strlen($_POST['account'])<=16) && checkAnum($_POST['pass']) && strlen($_POST['pass'])>=8 && strlen($_POST['pass2'])<=16 && !empty($_POST['pass2']) && (checkName($_POST['uname']) && strlen($_POST['uname'])>=3 && strlen($_POST['uname'])<=20) && $_POST['pass']==$_POST['pass2'] && checkMail($_POST['email']) && strlen($_POST['email'])<=40 && $_POST['captcha']==$_SESSION['captcha_id'] && $_POST['email']==$_POST['email2'] && (checkAnum($_POST['sicherheitsa']) && strlen($_POST['sicherheitsa'])>=3 && strlen($_POST['sicherheitsa'])<=16) && checkInt($_POST['sicherheitsf']) && (checkAnum($_POST['loeschcode']) && strlen($_POST['loeschcode'])==7)) { $hashSF = md5($_POST['sicherheitsa']); $sfNum = mysql_real_escape_string($_POST['sicherheitsf']); $lcode = mysql_real_escape_string($_POST['loeschcode']); $zuFall = rand(99999,999999999); $userpass=mysql_real_escape_string($_POST['pass']); $aktivHash = ($serverSettings['mail_activation']) ? md5($zuFall):''; $accountStatus = ($serverSettings['mail_activation']) ? 'BLOCK':'OK'; $sqlCmd = "INSERT INTO account.account (login,password,real_name,email,social_id,question1,answer1,create_time,status,coins,autoloot_expire,safebox_expire,web_aktiviert,password2) VALUES ('".$_POST['account']."',PASSWORD('".$userpass."'),'".mysql_real_escape_string($_POST['uname'])."','".mysql_real_escape_string($_POST['email'])."','".$lcode."','".$sfNum."','".$hashSF."','".$sqlZeit."','".$accountStatus."','".$regCoins."','".$expireDate."','".$expireDate."','".$aktivHash."','".$userpass."')"; $sqlQry = mysql_query($sqlCmd,$sqlServ); if($sqlQry) { $absender = $serverSettings['titel']." Registration"; $email = $serverSettings['reg_mail']; $empfaenger = $_POST['email']; $mail_body = "Hallo ".$_POST['uname'].", deine Registration auf ".$serverSettings['titel']." war erfolgreich! Um auch auf dem Server spielen zu können, musst du deinen Account aktivieren. Das kannst du über den folgenden Link tun: ".$serverSettings['url']."/index.php?s=login&do=aktivieren&hash=".$aktivHash." Deine Daten sind: Account: ".$_POST['account']." Passwort: ".$userpass." Löschcode: ".$lcode." Sicherheitsfrage: ".$sFrage[$sfNum]." Antwort: ".$_POST['sicherheitsa']." Viel Spaß beim Spielen, Dein ".$serverSettings['titel']."-Team Diese E-Mail wurde automatisch generiert. Bitte keine Antworten an diese Adresse schicken."; $titel = "Registrierung auf ".$serverSettings['titel']; $header = "X-Priority: 3\n"; $header .= "X-Mailer: ".$serverSettings['titel']." Homepage Mailer\n"; $header .= "MIME-Version: 1.0\n"; $header .= "From: ".$absender." <".$serverSettings['reg_mail'].">\n"; $header .= "Reply-To: ".$serverSettings['reg_mail']."\n"; $header .= "Content-Type: text/plain; charset=iso-8859-1\n"; if($serverSettings['mail_activation']) { mail($empfaenger, $titel, $mail_body, $header); echo'<p class="meldung">Account erfolgreich angelegt. Bitte überprüfen Sie Ihr Postfach, um die Registrierung zu bestätigen.</p>'; } else { echo'<center><font color="#00C00">Account erfolgreich angelegt! Sie können sich nun anmelden.</font></center>'; } } else { echo'<center><font color="#FF0000">Registrierung fehlgeschlagen: Der Account existiert bereits.</font></center>'; } } else { echo'<center><font color="#FF0000">Registrierung fehlgeschlagen: bitte alle Felder richtig angeben.</font></center>'; } } ?> <center> <div class="infobox">Alle Felder sind Pflichtfelder und müssen ausgefüllt werden.</div> <div class="errormsgbox">ACHTUNG: Benutzt keine Account-Daten von anderen PServern oder Accountdetails die Ihr bereits verwendet habt!</div> <?PHP if($serverSettings['mail_activation']) { echo'<br/><b>Der Account wird per E-Mail aktiviert, also eine richtige E-Mail eingeben!</b>'; } ?></font></center> <div class="p"> <form action="index.php?s=register" method="POST"> <table width="100%"> <tr> <th class="topLine">Account:</th> <td class="tdunkel"><input type="text" name="account" maxlength="16" size="16"/></td> <td class="thell">6-16 Zeichen (nur a-Z,0-9)</td> </tr> <tr> <th class="topLine">Name:</th> <td class="thell"><input type="text" name="uname" maxlength="16" size="16"/></td> <td class="thell">3-20 Zeichen (nur a-Z,0-9)</td> </tr> <tr> <th class="topLine">Password:</th> <td class="tdunkel"><input type="password" name="pass" maxlength="16" size="16"/></td> <td class="thell">8-16 Zeichen (nur a-Z,0-9)</td> </tr> <tr> <th class="topLine">Password wiederholen:</th> <td class="thell"><input type="password" name="pass2" maxlength="16" size="16"/></td> <td class="thell"></td> </tr> <tr> <th class="topLine">E-Mail:</th> <td class="tdunkel"><input type="text" name="email" maxlength="50" size="25"/></td> <td class="thell">max. 40 Zeichen</td> </tr> <tr> <th class="topLine">E-Mail wiederholen:</th> <td class="thell"><input type="text" name="email2" maxlength="50" size="25"/></td> <td class="thell"></td> </tr> <tr> <th class="topLine">Löschcode:</th> <td class="tdunkel"><input type="text" name="loeschcode" maxlength="7" size="7"/> </td> <td class="thell">7 Zeichen (nur a-Z,0-9)</td> </tr> <tr> <th class="topLine">Sicherheitsfrage:</th> <td class="thell"> <select name="sicherheitsf"> <?PHP foreach($sFrage AS $fragew => $frage) { echo'<option value="'.$fragew.'">'.$frage.'</option>'; } ?> </select> <input type="text" name="sicherheitsa" maxlength="16" size="16"/> 3-16 Zeichen (nur a-Z,0-9) </td><td class="thell"></td> </tr> <tr> <th class="topLine">Captcha:</th> <td class="tdunkel"><img src="./captcha/captcha.php" title="Captcha"/> <input type="text" name="captcha" maxlength="5" size="5"/></td> <td class="thell"></td> </tr> <tr> <th class="topLine" style="text-align:center;" colspan="3"><input type="submit" name="submit" value="registrieren" class="long"/> • <input class="superlong" type="reset" value="zurücksetzen"/></th> </tr> </table> </form> </div> <?PHP } else { echo'<p class="meldung">Die Registration ist deaktiviert oder Sie sind bereits angemeldet. Es kann kein weiterer Account erstellt werden.</p>'; } ?> </div></div> <div id="con-bot"></div>