bug Create Character

[Helflin 9]

Bom, esse código do spoiler a seguir refere-se ao arquivo /ajax/check_name.php e refere-se ao accountmanagement.php:

 

Problema:

>> Permite a criação de players com 2 caracteres de espaço... ex: Knight Dois

>> Permite a criação de players com nome de... ex: Adm

 

 

 

 

<?PHP

echo '<?xml version="1.0" encoding="utf-8" standalone="yes"?>';

$config_ini = parse_ini_file('../config/config.ini');

include('../config/config.php');

$name = strtolower(stripslashes(trim($_REQUEST['name'])));

if(empty($name))

{

echo '<font color="red">Please enter new character name.</font>';

exit;

}

//first word can't be:

$first_words_blocked = array('gm ','cm ', 'god ','tutor ','admin ','adm ', "'", '-');

//names blocked:

$names_blocked = array('gm','cm', 'god', 'tutor', 'admin', 'adm');

//name can't contain:

$words_blocked = array('gamemaster', 'game master', 'game-master', "game'master", 'account', 'manager', ' ', '--', "''","' ", " '", '- ', ' -', "-'", "'-", 'fuck', 'sux', 'suck', 'noob', 'tutor');

$temp = strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- '");

if($temp != strlen($name))

{

echo '<font color="red">Name contains illegal letters. Use only: <b>qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- \'</b></font>';

exit;

}

if(strlen($name) > 25)

{

echo '<font color="red">Too long name. Max. lenght <b>25</b> letters.</font>';

exit;

}

foreach($names_blocked as $word)

if($word == $name)

{

echo '<font color="red">Blocked names:<b> '.$names_blocked[0];

if(count($names_blocked) > 1)

foreach($names_blocked as $word)

if($word != $names_blocked[0])

echo ','.$word;

echo '</b></font>';

exit;

}

foreach($config['site']['monsters'] as $word)

if($word == $name)

{

echo '<font color="red"><b>You can not use monster name.</b></font>';

exit;

}

foreach($config['site']['npc'] as $word)

if($word == $name)

{

echo '<font color="red"><b>You can not use NPC name.</b></font>';

exit;

}

foreach($first_words_blocked as $word)

if($word == substr($name, 0, strlen($word)))

{

echo '<font color="red">First letters in name can\'t be:<b> '.$first_words_blocked[0];

if(count($first_words_blocked) > 1)

foreach($first_words_blocked as $word)

if($word != $first_words_blocked[0])

echo ','.$word;

echo '</b></font>';

exit;

}

if(substr($name, -1) == "'" || substr($name, -1) == "-")

{

echo '<font color="red">Last letter can\'t be <b>\'</b> and <b>-</b></font>';

exit;

}

foreach($words_blocked as $word)

if (!(strpos($name, $word) === false))

{

echo '<font color="red">Name can\'t cointain words:<b> '.$words_blocked[0];

if(count($words_blocked) > 1)

foreach($words_blocked as $word)

if($word != $words_blocked[0])

echo ','.$word;

echo '</b></font>';

exit;

}

for($i = 0; $i < strlen($name); $i++)

if($name[$i] == $name[($i+1)] && $name[$i] == $name[($i+2)])

{

echo '<font color="red">Name can\'t contain 3 same letters one by one.</font><br /><font color="green"><u>Good:</u> M<b>oo</b>nster</font><font color="red"><br />Wrong: M<b>ooo</b>nster</font>';

exit;

}

for($i = 0; $i < strlen($name); $i++)

if($name[$i-1] == ' ' && $name[$i+1] == ' ')

{

echo '<font color="red">Use normal name format.</font><br /><font color="green"><u>Good:</u> <b>Gesior</b></font><font color="red"><br />Wrong: <b>G e s ior</b></font>';

exit;

}

if(substr($name, 1, 1) == ' ')

{

echo '<font color="red">Use normal name format.</font><br /><font color="green"><u>Good:</u> <b>Gesior</b></font><font color="red"><br />Wrong: <b>G esior</b></font>';

exit;

}

if(substr($name, -2, 1) == " ")

{

echo '<font color="red">Use normal name format.</font><br /><font color="green"><u>Good:</u> <b>Gesior</b></font><font color="red"><br />Wrong: <b>Gesio r</b></font>';

exit;

}

else

//connect to DB

$server_config = parse_ini_file($config_ini['server_path'].'config.lua');

if(isset($server_config['mysqlHost']))

{

//new (0.2.6+) ots config.lua file

$mysqlhost = $server_config['mysqlHost'];

$mysqluser = $server_config['mysqlUser'];

$mysqlpass = $server_config['mysqlPass'];

$mysqldatabase = $server_config['mysqlDatabase'];

$sqlitefile = $server_config['sqliteDatabase'];

}

elseif(isset($server_config['sqlHost']))

{

//old (0.2.4) ots config.lua file

$mysqlhost = $server_config['sqlHost'];

$mysqluser = $server_config['sqlUser'];

$mysqlpass = $server_config['sqlPass'];

$mysqldatabase = $server_config['sqlDatabase'];

$sqlitefile = $server_config['sqliteDatabase'];

}

// loads #####POT mainfile#####

include('../pot/OTS.php');

// PDO and POT connects to database

$ots = POT::getInstance();

if($server_config['sqlType'] == "mysql")

$ots->connect(POT::DB_MYSQL, array('host' => $mysqlhost, 'user' => $mysqluser, 'password' => $mysqlpass, 'database' => $mysqldatabase) );

elseif($server_config['sqlType'] == "sqlite")

$ots->connect(POT::DB_SQLITE, array('database' => $config_ini['server_path'].$sqlitefile));

$name_db = new OTS_Player();

$name_db->find($name);

if($name_db->isLoaded())

echo '<font color="red"><b>Player with this name already exist.</b></font>';

else

echo '<font color="green">Good. Your name will be:<br />"<b>'.ucwords($name).'</b>"</font>';

?>

 

 

 

Já esse código deste outro spoiler a seguir refere-se ao arquivo /account/ajax_accountname.php e refere-se ao createaccount.php, que é aquele que cria o character junto da conta diretamente:

 

Problema:

>> Ele obriga que tenha letra E numero, por exemplo, queria que fosse permitido criar account com ACCOUNT NAME: 90807060, sem obrigar que tenha LETRAS de A - Z.

 

 

 

<?PHP

ob_start('ob_gzhandler');

header('Connection: close');

if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || $_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest')

exit();

header('X-Ajax-Cip-Response-Type: Container');

function f($e) {

die('{"AjaxObjects": [{"DataType": "Attributes","Data": "style=background-image:url(account/nok.gif)","Target": "#accountname_indicator"},{"DataType": "HTML","Data": "'.$e.'","Target": "#accountname_errormessage"},{"DataType": "Attributes","Data": "class=red","Target": "#accountname_label"}]}');

}

$s = isset($_POST['a_AccountName']) ? $_POST['a_AccountName'] : '';

if($s == '')

f('Please enter an account name!');

elseif(strlen($s) < 4)

f('This account name is too short!');

elseif(strlen($s) > 8)

f('This account name is too long!');

$s = strtoupper($s);

if(!ctype_alnum($s))

f('This account name has an invalid format. Your account name may only consist of numbers 0-9 and letters A-Z!');

elseif(!preg_match('/[A-Z]/', $s))

f('Your account name must include at least one letter A-Z!');

$c = parse_ini_file('../config/config.ini');

$c = parse_ini_file($c['server_path'].'config.lua');

$conn = mysql_pconnect($c['sqlHost'], $c['sqlUser'], $c['sqlPass']) or die();

mysql_select_db($c['sqlDatabase']);

if(mysql_num_rows(mysql_query('SELECT id FROM accounts WHERE name=\''.mysql_escape_string($s).'\' LIMIT 1')) != 0)

f('This account name is already used. Please select another one!');

echo '{"AjaxObjects": [{"DataType": "Attributes","Data": "style=background-image:url(account/ok.gif);","Target": "#accountname_indicator"},{"DataType": "HTML","Data": "","Target": "#accountname_errormessage"},{"DataType": "Attributes","Data": "class=","Target": "#accountname_label"}]}';

ob_end_flush();

?>

 

 

[Piabeta Kun 359]

elseif(!preg_match('/[A-Z]/', $s))

 

creio que seja isso no lance do segundo!

 

malz aew, depois vou dar uma olhada melhor, to mo cota sem mecher nesses lances!

[Helflin 9]

Sim, isso eu resolvi, mas

 

Problema:

>> Permite a criação de players com 2 caracteres de espaço... ex: Knight Dois

>> Permite a criação de players com nome de... ex: Adm

Esse não consegui resolver nao.

[Alayen 14]

Você sabe mexer com um pouco de PHP?

 

Coloca na quinta linha:

 

$name = preg_replace('/\s+/', ' ', strtolower(stripslashes(trim($_REQUEST['name']))));

Que vai substituir todos os espaços duplos por 1 só.

 

Se quiser só detectar em vez de corrigir:

 

preg_match('/\s{2,}/', $x);

Coloca isso do mesmo jeito que tem outros "if preg_match(...)"

[Helflin 9]

Coloquei isso lá na 5ª linha:

$name = preg_replace('/\s+/', ' ', strtolower(stripslashes(trim($_REQUEST['name']))));

Porém ele continua criando Nomes com 2 caracters de espaço... foda isso!! pqp

[Bruno 536]

O tópico foi fechado e movido para lixeira por estar inativo a mais de 10 dias. Caso seja preciso reabrir o mesmo, favor entrar em contato com a equipe.