Well, with the emojis removed, there goes my fun. On a more serious note, this server was purchased from the server that existed back in 2013... and the website is pretty awful. Just a copied WoW website template that they broke by inserting an annoying music player. Text that's blurry but isn't an image? A link to 4botters which closed down half a decade ago? Explains the 2012 copyright. Running on two year old hosting software (
[Only registered and activated users can see links. Click Here To Register...] and
[Only registered and activated users can see links. Click Here To Register...]), but hey, at least it's not 10 year old software. The server itself is going to die very very very quickly. 100 million CPs for winning guild war on a server of 5 online people? Yikes.
Account registration is spammable. Put in a password of 4 characters and it says "Password only English letters and numbers.lenght of 4 to 12 ." Guessing that's not inclusive then. You should add captcha. Also, tested your website's folder scope. You installed it to "C:\AppServ\www". I know that because I managed to break your website using an exploit I won't list here (update your bloody hosting software). Your website is in debug mode. Your "forgot password" page just brings you back to home. A SQL injection exploit allows you to access registered accounts .... which is hilarious because I can teleport people around and waste 1,000,000 CPs apparently? Jesus. Not even hard to login... (I won't post my form data due to player security).
Code:
post -f login.json -c cookies.json -v http://nightmarepvp.ddns.net/inc/login_do.php
post -f change.json -c cookies.json -v http://nightmarepvp.ddns.net/inc/changepass_do.php
Oh, and if accessing anyone's account wasn't bad...
It's also very easy to ddos because it's not behind cloudflare or anything.
Code:
post -u -l -i -r 500 -b playername.txt http://nightmarepvp.ddns.net/inc/check.php
[Only registered and activated users can see links. Click Here To Register...]
And I'm sure there's a lot worse I could do if I tried with a fake client (which I'm going to make now that my post utility is doing well). Do us a favor and leave this back in 2013... we don't need another featureless, unoriginal copy server by some illiterate non-programmer. We need servers that are maintainable by competent and interested people.
PS: it's not Conquer 3D. It's Conquer 3.0. It's a version, not a higher dimension.