[RELEASE] CoEmu v2 Character Creation Page

Zeroxelli · 05/29/2009, 03:09

Since the only one I saw was only a copy that created a username, I made one that does a tad more.

Source code: EDIT: People can't use pastebin worth crap, so I'll use PHP tags.

PHP Code:


			
<?php
    /* Bypass the 'or *' restriction */
    function BypassErrors ($errMsg, $errLne, &$ERRORS, &$F_LINE)
    {
        $ERRORS[] = $errMsg;
        $F_LINE[] = $errLne;
    }
    
    /* Check the database for the specified field */
    function CheckExists ($data, $field, $table, &$DB, &$ERRORS)
    {
        $sql = mysql_query("SELECT {$field} FROM {$table} WHERE {$field}='{$data}'", $DB);
        while ($row = mysql_fetch_array($sql))
            $ERRORS[] = 'A player already exists with that '.$field.'.';
    }
    
    /* Properties & Config variables */
    $TITLE = "CoEmu - Character Creation";
    $DEBUG = false; // SHOW DEBUG MESSAGES
    $INSERT = array();
    $PASSES = array();
    $ERRORS = array();
    $F_LINE = array();
    $JOB_ID = array
    (
        0 => 20,
        1 => 10,
        2 => 100,
        3 => 40,
        4 => 50,
    );
    $AT_PNT = array
    (
        'str' => array
        (
            0 => 28,
            1 => 28,
            2 => 0,
            3 => 12,
            4 => 6,
        ),
        'agi' => array
        (
            0 => 10,
            1 => 10,
            2 => 10,
            3 => 35,
            4 => 39,
        ),
        'vit' => array
        (
            0 => 14,
            1 => 14,
            2 => 17,
            3 => 5,
            4 => 7,
        ),
        'spi' => array
        (
            0 => 0,
            1 => 0,
            2 => 25,
            3 => 0,
            4 => 0,
        ),
    );
    
    /* Database Configuration */
    $DBi = array
    (
        'USER_NAME' => 'coemu',
        'PASSWORD' => 'coemuv2sqldatabasepassword',
        'SERVER' => '127.0.0.1',
        'DATA_BASE' => 'coemu',
    );
    
    /* Ensure configuration is filled out */
    foreach ($DBi as $k => $id)
        if (empty ($id))
            $ERRORS[] = "{$k}: No value.";
            $PASSES[] = 'Pass configuration check.';
    
    /* Connect to the SQL server */
    $DB = mysql_connect(
        $DBi['SERVER'], 
        $DBi['USER_NAME'], 
        $DBi['PASSWORD'])
        or BypassErrors (mysql_error($DB), __LINE__, &$ERRORS, &$F_LINE);
        if (!in_array(__LINE__ - 1, $F_LINE))
            $PASSES[] = 'Connected to the server.';
            else
            $ERRORS[] = 'Failed to connect to the server.';
        
    /* Log into the database */
    mysql_select_db(
        $DBi['DATA_BASE'])
        or BypassErrors (mysql_error($DB), __LINE__, &$ERRORS, &$F_LINE);
        if (!in_array(__LINE__ - 1, $F_LINE))
            $PASSES[] = 'Logged into the database.';
            else
            $ERRORS[] = 'Failed to log into the database.';
        
    /* Page head */
?>
<html>
    <head>
        <title><?php echo $TITLE; ?></title>
    </head>
    <body>
<?php
    /* Registration Check */
    if (!empty($_POST['submit']))
    {    
        if (!empty($_POST['login']))
        {
            if (preg_match('/[^a-zA-Z0-9]/', $_POST['login']))
            {
                $ERRORS[] = 'Login name can not contain any char other than: Alphabetical (a-z, A-Z), Numeric (0-9)';
            }
            else
            {
                if (!empty($_POST['char']))
                {
                    if (preg_match('/(\[|\{|\()(gm|pm)(\]|\}|\))?/i', $_POST['char']))
                    {
                        $ERRORS[] = 'In your dreams, wannabe. Only true admins may be a GM/PM.';
                    }
                    if (preg_match('/[^a-zA-Z0-9\-\~\_\*\^\$\#\@\!\(\)\[\]\{\}\+]/', $_POST['char']))
                    {
                        $ERRORS[] = 'Character name can not contain any char other than: Alphabetical (a-z, A-Z), Numeric (0-9), And these symbols: -~_*^$#@!()[]{}+';
                    }
                    else
                    {
                        if (isset($_POST['class']))
                        {
                            if ($_POST['class'] >= 0 && $_POST['class'] <= 4
                                && $_POST['body'] >= 671001 && $_POST['body'] <= 671004)
                            {
                                $INSERT['login'] = mysql_escape_string($_POST['login']);
                                $INSERT['char'] = mysql_escape_string($_POST['char']);
                                $INSERT['class'] = mysql_escape_string($_POST['class']);
                                $INSERT['body'] = mysql_escape_string($_POST['body']);
                                if ($INSERT['body'] == 671003 or $INSERT['body'] == 671004)
                                {
                                    $INSERT['hair'] = 321;
                                }
                                else $INSERT['hair'] = 322;
                                CheckExists ($INSERT['login'], 'AccountID', 'accounts', &$DB, &$ERRORS);
                                CheckExists ($INSERT['char'], 'Name', 'characters', &$DB, &$ERRORS);
                                if (count($ERRORS) == 0)
                                {
                                    mysql_query("INSERT INTO accounts SET ".
                                        "AccountID='{$INSERT['login']}', ".
                                        "SecretNumber='". mt_rand(111, 999) ."'")
                                        or die(mysql_error());
                                    mysql_query("INSERT INTO characters SET ".
                                        "Account='{$INSERT['login']}', ".
                                        "Name='{$INSERT['char']}', ".
                                        "Server='CoEmu', ".
                                        "Str='".$AT_PNT['str'][$INSERT['class']]."', ".
                                        "Dex='".$AT_PNT['agi'][$INSERT['class']]."', ".
                                        "Vit='".$AT_PNT['vit'][$INSERT['class']]."', ".
                                        "Spi='".$AT_PNT['spi'][$INSERT['class']]."', ".
                                        "Model={$INSERT['body']}, HairStyle={$INSERT['hair']}, Money=5000, ".
                                        "Class='".$JOB_ID[$INSERT['class']]."'")
                                        or die(mysql_error());
                                    echo "Done, character should be created. You may now log into the game.".
                                    "<br />Note: The password you log in with at first will be your password permanently.";
                                }
                            }
                            else
                            {
                                $ERRORS[] = 'Class/Body must be one of the five provided.';
                            }
                        }
                        else
                        {
                            $ERRORS[] = 'CSRF Attempt, your IP has been logged and reported to the host.';
                        }
                    }
                }
                else
                {
                    $ERRORS[] = 'CSRF Attempt, your IP has been logged and reported to the host.';
                }
            }
        }
        else
        {
            $ERRORS[] = 'CSRF Attempt, your IP has been logged and reported to the host.';
        }
    }
    
    /* Notification box */
    echo "\t\t<center><div style=\"".
        "width: 550px; border: 1px white solid;".
        "background-color: #000000; color: white;".
        "\">";
        
    /* Errors, passes. */
    if ($DEBUG)
        echo "\n\t\t\t<h3>Debug</h3>\n";
        
    if ($DEBUG && count ($PASSES) > 0) // Sorta useless, but I do this for most all things with MySQL
        foreach ($PASSES as $PASS)
            echo "\t\t\t<font color=\"lime\"><b>Pass:</b> {$PASS}</font><br />\n";
            
    if (count ($ERRORS) > 0)
        foreach ($ERRORS as $ERROR)
            echo "\t\t\t<font color=\"red\"><b>Error:</b> {$ERROR}</font><br />\n";
            
    /* End notification box */
    echo "\t\t</div></center><br />\n";
    
    /* Signup forms */
    if (count($ERRORS) == 0)
    {        
?>
        <form action="./" method="POST">
            <b>Login name:</b><br />
            <input type="text" name="login" <?php echo (!empty($_POST['login']) ? "value=\"{$_POST['login']}\" " : '');?>/><br />
            <b>Character name:</b><br />
            <input type="text" name="char" <?php echo (!empty($_POST['char']) ? "value=\"{$_POST['char']}\" " : '');?>/><br />
            <b>Character Class:</b><br />
            <select name="class">
                <option <?php echo ($_POST['class'] == 0 ? 'selected="selected"' : ''); ?> value="0">Warrior</option>
                <option <?php echo ($_POST['class'] == 1 ? 'selected="selected"' : ''); ?> value="1">Trojan</option>
                <option <?php echo ($_POST['class'] == 2 ? 'selected="selected"' : ''); ?> value="2">Taoist</option>
                <option <?php echo ($_POST['class'] == 3 ? 'selected="selected"' : ''); ?> value="3">Archer</option>
                <option <?php echo ($_POST['class'] == 4 ? 'selected="selected"' : ''); ?> value="4">Ninja</option>
            </select><br />
            <b>Character body:</b><br />
            <select name="body">
                <option <?php echo ($_POST['body'] == 671003 ? 'selected="selected"' : ''); ?> value="671003">Male (Small)</option>
                <option <?php echo ($_POST['body'] == 671004 ? 'selected="selected"' : ''); ?> value="671004">Male (Big)</option>
                <option <?php echo ($_POST['body'] == 671001 ? 'selected="selected"' : ''); ?> value="671001">Female (Small)</option>
                <option <?php echo ($_POST['body'] == 671002 ? 'selected="selected"' : ''); ?> value="671002">Female (Big)</option>
            </select><br />
            <input type="submit" value="Create" name="submit" />
        </form>
<?php
    }
    else echo '<button onClick="history.go(-1);">Go back.</button>';
?>
    </body>
</html>

Screenshot:

I may make one later with JS that lets you preview body sizes & hair styles, dunno. Class consumes a lot of my time lately.

EDIT: Btw, this actually checks and sanitizes shit; Not just goes allio and shoots injection code into the database...

Guide:

the part that says :

Code:

        /* Database Configuration */

        $DBi = array

        (

                'USER_NAME' => 'coemu',

                'PASSWORD' => 'coemuv2sqldatabasepassword',

                'SERVER' => '127.0.0.1',

                'DATA_BASE' => 'coemu',

        );

Should contain the same credentials as the DatabaseConnection.cs file in your coemu project, thus the same var names..

danielachraf · 05/29/2009, 03:18

Nice .. Should use it if someone can't create the account from the client

+Thanks

Zeroxelli · 05/29/2009, 03:22

Quote:

Originally Posted by danielachraf

Nice .. Should use it if someone can't create the account from the client +Thanks

Hm, I was wondering about the client creation process. I'd have to study the packets for that though, it should be quite possible.

Zimbolt · 05/29/2009, 05:11

Very nice.

Zeroxelli · 05/29/2009, 05:17

Quote:

Originally Posted by Zimbolt

Very nice.

Thanks, Glad it helped

jvt619 · 05/29/2009, 05:27

nyc job dude! great help!

Zeroxelli · 05/29/2009, 05:36

Quote:

Originally Posted by jvt619

nyc job dude! great help!

Thanks!

BrokeN^WinG · 05/29/2009, 08:21

can tell me what error when i try make account sorry im bad at php

The requested URL /reg/ was not found on this server.
Apache/2.2.8 (Win32) PHP/5.2.6 Server at 5.73.140.65 Port 80

'USER_NAME' => 'root',

'PASSWORD' => '12345',

'SERVER' => '127.0.0.1',

'DATA_BASE' => 'conqueremu',

Zeroxelli · 05/29/2009, 08:47

Code:

The requested URL /reg/ was not found on this server.

That's a problem with the server, not the script. Make sure you've placed the file in a folder by itself, and have gone to the URL pointing to that folder

|Jonny| · 05/29/2009, 12:33

Quote:

Originally Posted by Zeroxelli

Hm, I was wondering about the client creation process. I'd have to study the packets for that though, it should be quite possible.

you don't need a packet for that it find the auth part and it would be something like

if (name.startwith "NEW")
{
command = INSERT into accountid
}

anyway i'm not looking at the source and i can't code for **** if im not looking at it lol but if you mess around with that sort of stuff you'd get it eventually.

Zeroxelli · 05/29/2009, 21:01

Quote:

Originally Posted by |Jonny|

you don't need a packet for that it find the auth part and it would be something like

if (name.startwith "NEW")
{
command = INSERT into accountid
}

anyway i'm not looking at the source and i can't code for **** if im not looking at it lol but if you mess around with that sort of stuff you'd get it eventually.

No, there's a functionality in the client that lets you pick class, size, name, etc. All from the interface.

|Jonny| · 05/30/2009, 13:05

Quote:

Originally Posted by Zeroxelli

No, there's a functionality in the client that lets you pick class, size, name, etc. All from the interface.

hm well there wouldn't be alot of difference if you think about it, you create the accountID like NEWtest then you login with it and thats when you create your character. i don't actually get what you mean because its the same thing.

Zeroxelli · 05/30/2009, 23:15

Quote:

Originally Posted by |Jonny|

hm well there wouldn't be alot of difference if you think about it, you create the accountID like NEWtest then you login with it and thats when you create your character. i don't actually get what you mean because its the same thing.

On the real Conquer, you create an account on the website. You then login to a server with that account, and it gives you a GUI to select your class (Male trojan, female trojan, male ninja, female ninja, etc), the next screen in that GUI lets you select Body Size and your Char Name for that server.

~~Xanrry~~ · 05/31/2009, 13:04

Not Working See :

Need help

suboy · 05/31/2009, 13:09

nice there are alot of releases of the coemu source