Ejemplo n.º 1
0
        public void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (StreamReader rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
            using (var db = new Database())
            {
                var acc = db.GetAccount(int.Parse(query["accountId"]));
                var chr = db.LoadCharacter(acc, int.Parse(query["charId"]));

                var cmd = db.CreateQuery();
                cmd.CommandText = @"SELECT time, killer, firstBorn FROM death WHERE accId=@accId AND chrId=@charId;";
                cmd.Parameters.AddWithValue("@accId", query["accountId"]);
                cmd.Parameters.AddWithValue("@charId", query["charId"]);
                int time;
                string killer;
                bool firstBorn;
                using (var rdr = cmd.ExecuteReader())
                {
                    rdr.Read();
                    time = Database.DateTimeToUnixTimestamp(rdr.GetDateTime("time"));
                    killer = rdr.GetString("killer");
                    firstBorn = rdr.GetBoolean("firstBorn");
                }

                using (StreamWriter wtr = new StreamWriter(context.Response.OutputStream))
                    wtr.Write(chr.FameStats.Serialize(acc, chr, time, killer, firstBorn));
            }
        }
Ejemplo n.º 2
0
        public void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (StreamReader rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            using (var db = new Database())
            {
                var acc = db.Verify(query["guid"], query["password"]);
                byte[] status;
                if (acc == null)
                {
                    status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>");
                }
                else
                {
                    var cmd = db.CreateQuery();
                    cmd.CommandText = "UPDATE accounts SET password=SHA1(@password) WHERE id=@accId;";
                    cmd.Parameters.AddWithValue("@accId", acc.AccountId);
                    cmd.Parameters.AddWithValue("@password", query["newPassword"]);
                    if (cmd.ExecuteNonQuery() > 0)
                        status = Encoding.UTF8.GetBytes("<Success />");
                    else
                        status = Encoding.UTF8.GetBytes("<Error>ChangePassword.cs error</Error>");
                }
                context.Response.OutputStream.Write(status, 0, status.Length);
            }
        }
Ejemplo n.º 3
0
        //exploit where editing the gold amount in the url will give that amount of gold, need to change url requesting
        public void HandleRequest(HttpListenerContext context)
        {
            string status;
            using (var db = new Database())
            {
                var query = HttpUtility.ParseQueryString(context.Request.Url.Query);

                var cmd = db.CreateQuery();
                cmd.CommandText = "SELECT id FROM accounts WHERE uuid=@uuid";
                cmd.Parameters.AddWithValue("@uuid", query["guid"]);
                object id = cmd.ExecuteScalar();

                if (id != null)
                {
                    int amount = int.Parse(query["jwt"]);
                    cmd = db.CreateQuery();
                    cmd.CommandText = "UPDATE stats SET credits = credits + @amount WHERE accId=@accId";
                    cmd.Parameters.AddWithValue("@accId", (int)id);
                    cmd.Parameters.AddWithValue("@amount", amount);
                    int result = (int)cmd.ExecuteNonQuery();
                    if (result > 0)
                        status = "";
                    else
                        status = "You dun goofed.";
                }
                else
                    status = "Severe server error. Should not be getting this!";
            }

            var res = Encoding.UTF8.GetBytes(
            @"<html>
            <head>
            <title>White Lotus - Purchase Complete</title>
            </head>
            <body style='background: #333333'>
            <h1 style='color: #FF00FF; text-align: center'>
            </h1>
            " + status + @"
            <center><p><font color='#FF00FF'>You can donate to my PayPal: [email protected]</font></p></center>
            <center><p><font color='#00FFFF'>Check out the rest of the website <a href='http://25.92.155.93:8888/website/index'>here</a></font></p></center>
            </body>
            </html>");
            context.Response.OutputStream.Write(res, 0, res.Length);
        }
Ejemplo n.º 4
0
        //fame = fame II gold = credits
        public void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (StreamReader rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            using (var db = new Database())
            {
                var acc = db.Verify(query["guid"], query["password"]);
                byte[] status;
                if (acc == null)
                {
                    status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>");
                }
                else
                {
                    var cmd = db.CreateQuery();
                    cmd.CommandText = "SELECT credits FROM stats WHERE accId=@accId;";
                    cmd.Parameters.AddWithValue("@accId", acc.AccountId);
                    if ((int)cmd.ExecuteScalar() < 0)
                        status = Encoding.UTF8.GetBytes("<Error>Not enough gold</Error>");
                    else
                    {
                        cmd = db.CreateQuery();
                        cmd.CommandText = "UPDATE stats SET credits = credits - 1000 WHERE accId=@accId"; //gold=credits fame=fame NOTE: the "- 1000" takes away 1000 of whatever currency, but to be able to get it to show up as 1000 in the client, edit Database.cs
                        cmd.Parameters.AddWithValue("@accId", acc.AccountId);
                        if ((int)cmd.ExecuteNonQuery() > 0)
                        {
                            cmd = db.CreateQuery();
                            cmd.CommandText = "UPDATE accounts SET maxCharSlot = maxCharSlot + 1 WHERE id=@accId";
                            cmd.Parameters.AddWithValue("@accId", acc.AccountId);
                            if ((int)cmd.ExecuteNonQuery() > 0)
                                status = Encoding.UTF8.GetBytes("<Success/>");
                            else
                                status = Encoding.UTF8.GetBytes("<Error>CharSlot.cs error</Error>");
                        }
                        else
                            status = Encoding.UTF8.GetBytes("<Error>CharSlot.cs Error</Error>");
                    }
                }
                context.Response.OutputStream.Write(status, 0, status.Length);
            }
        }
Ejemplo n.º 5
0
        public void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (StreamReader rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            using (var db = new Database())
            {
                var acc = db.Verify(query["guid"], query["password"]);
                byte[] status;
                if (acc == null)
                {
                    status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>");
                }
                else
                {
                    var cmd = db.CreateQuery();
                    object exescala;
                    cmd.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;";
                    cmd.Parameters.AddWithValue("@name", query["name"]);
                    exescala = cmd.ExecuteScalar();
                    if (int.Parse(exescala.ToString()) > 0)
                        status = Encoding.UTF8.GetBytes("<Error>Name in use</Error>");
                    else
                    {
                        cmd = db.CreateQuery();
                        cmd.CommandText = "UPDATE accounts SET name=@name, namechosen=TRUE WHERE id=@accId;";
                        cmd.Parameters.AddWithValue("@accId", acc.AccountId);
                        cmd.Parameters.AddWithValue("@name", query["name"]);
                        if (cmd.ExecuteNonQuery() != 0)
                            status = Encoding.UTF8.GetBytes("<Success />");
                        else
                            status = Encoding.UTF8.GetBytes("<Error>SetName.cs error</Error>");
                    }
                }
                context.Response.OutputStream.Write(status, 0, status.Length);
            }
        }
Ejemplo n.º 6
0
        //public bool IsValidEmail(string strIn)
        //{
        //    var invalid = false;
        //    if (String.IsNullOrEmpty(strIn))
        //        return false;
        //    MatchEvaluator DomainMapper = match =>
        //    {
        //         IdnMapping class with default property values.
        //        IdnMapping idn = new IdnMapping();
        //        string domainName = match.Groups[2].Value;
        //        try
        //        {
        //            domainName = idn.GetAscii(domainName);
        //        }
        //        catch (ArgumentException)
        //        {
        //            invalid = false; //should be false
        //        }
        //        return match.Groups[1].Value + domainName;
        //    };
        //     Use IdnMapping class to convert Unicode domain names.
        //    strIn = Regex.Replace(strIn, @"(@)(.+)$", DomainMapper);
        //    if (invalid)
        //        return false;
        //     Return true if strIn is in valid e-mail format.
        //    return Regex.IsMatch(strIn,
        //              @"^(?("")(""[^""]+?""@)|(([0-9a-z]((\.(?!\.))|[-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*)(?<=[0-9a-z])@))" +
        //              @"(?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])|(([0-9a-z][-\w]*[0-9a-z]*\.)+[a-z0-9]{2,17}))$",
        //              RegexOptions.IgnoreCase);
        //}
        public void HandleRequest(HttpListenerContext context)
        {
            NameValueCollection query;
            using (StreamReader rdr = new StreamReader(context.Request.InputStream))
                query = HttpUtility.ParseQueryString(rdr.ReadToEnd());

            using (var db = new Database())
            {
                byte[] status;
                if (0 != 0 /*!IsValidEmail(query["newGUID"])*/)
                    status = Encoding.UTF8.GetBytes("<Error>Invalid Email</Error>");
                else
                {
                    if (db.HasUuid(query["guid"]) &&
                        db.Verify(query["guid"], "") != null)
                    {
                        if (db.HasUuid(query["newGUID"]))
                            status = Encoding.UTF8.GetBytes("<Error>Email is already in use!</Error>");
                        else
                        {
                            var cmd = db.CreateQuery();
                            cmd.CommandText = "UPDATE accounts SET uuid=@newUuid, name=@newUuid, password=SHA1(@password), guest=FALSE WHERE uuid=@uuid, name=@name;";
                            cmd.Parameters.AddWithValue("@uuid", query["guid"]);
                            cmd.Parameters.AddWithValue("@newUuid", query["newGUID"]);
                            cmd.Parameters.AddWithValue("@password", query["newPassword"]);
                            if (cmd.ExecuteNonQuery() > 0)
                                status = Encoding.UTF8.GetBytes("<Success />");
                            else
                                status = Encoding.UTF8.GetBytes("<Error>Register.cs error</Error>");
                        }
                    }
                    else
                    {
                        if (db.Register(query["newGUID"], query["newPassword"], false) != null)
                            status = Encoding.UTF8.GetBytes("<Success />");
                        else
                            status = Encoding.UTF8.GetBytes("<Error>Register.cs error</Error>");
                    }
                }
                context.Response.OutputStream.Write(status, 0, status.Length);
            }
        }
Ejemplo n.º 7
0
 public void Execute(Player player, string[] args)
 {
     if (args.Length < 2)
     {
         player.SendHelp("Usage: /grank <username> <number>");
     }
     else
     {
         try
         {
             using (Database dbx = new Database())
             {
                 var cmd = dbx.CreateQuery();
                 cmd.CommandText = "UPDATE accounts SET guildRank=@guildRank WHERE name=@name";
                 cmd.Parameters.AddWithValue("@guildRank", args[1]);
                 cmd.Parameters.AddWithValue("@name", args[0]);
                 if (cmd.ExecuteNonQuery() == 0)
                 {
                     player.SendInfo("Could not change guild rank. Use 10, 20, 30, 40, or 50 (invisible)");
                 }
                 else
                     player.SendInfo("Guild rank successfully changed");
                 Console.ForegroundColor = ConsoleColor.Yellow;
                 Console.Out.WriteLine(args[1] + "'s guild rank has been changed");
                 Console.ForegroundColor = ConsoleColor.White;
             }
         }
         catch
         {
             player.SendInfo("Server error. Please edit manually in database.");
         }
         var dir = @"logs";
         if (!System.IO.Directory.Exists(dir))
             System.IO.Directory.CreateDirectory(dir);
         using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
         {
             writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /grank");
         }
     }
 }
Ejemplo n.º 8
0
 public void Execute(Player player, string[] args)
 {
     if (args.Length == 0)
     {
         player.SendHelp("Usage: /ban <username>");
     }
     try
     {
         using (Database dbx = new Database())
         {
             var cmd = dbx.CreateQuery();
             cmd.CommandText = "UPDATE accounts SET banned=1, rank=0 WHERE name=@name";
             cmd.Parameters.AddWithValue("@name", args[0]);
             if (cmd.ExecuteNonQuery() == 0)
             {
                 player.SendInfo("Could not ban");
             }
             else
             {
                 foreach (var i in player.Owner.Players)
                 {
                     if (i.Value.nName.ToLower() == args[0].ToLower().Trim())
                     {
                         i.Value.Client.Disconnect();
                         player.SendInfo("Account successfully banned");
                         Console.ForegroundColor = ConsoleColor.Yellow;
                         Console.Out.WriteLine(args[0] + " was banned.");
                         Console.ForegroundColor = ConsoleColor.White;
                     }
                 }
             }
         }
     }
     catch
     {
         player.SendInfo("Server error. Please edit manually in database.");
     }
     var dir = @"logs";
     if (!System.IO.Directory.Exists(dir))
         System.IO.Directory.CreateDirectory(dir);
     using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
     {
         writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /ban");
     }
 }
Ejemplo n.º 9
0
        public void Execute(Player player, string[] args)
        {
            if (args.Length == 0)
            {
                player.SendHelp("Usage: /whitelist <username>");
            }
            try
            {
                using (Database dbx = new Database())
                {
                    var cmd = dbx.CreateQuery();
                    cmd.CommandText = "UPDATE accounts SET rank=1 WHERE name=@name";
                    cmd.Parameters.AddWithValue("@name", args[0]);
                    if (cmd.ExecuteNonQuery() == 0)
                    {
                        player.SendInfo("Could not whitelist!");
                    }
                    else
                    {
                        player.SendInfo("Account successfully whitelisted!");
                        Console.ForegroundColor = ConsoleColor.Yellow;
                        Console.Out.WriteLine(player.nName + " has whitelisted " + args[0]);
                        Console.ForegroundColor = ConsoleColor.White;

                        var dir = @"logs";
                        if (!System.IO.Directory.Exists(dir))
                            System.IO.Directory.CreateDirectory(dir);
                        using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\WhitelistLog.txt", true))
                        {
                            writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " Has Whitelisted " + args[0]);
                        }
                    }
                }
            }
            catch
            {
                player.SendInfo("Server error. Please edit manually in database.");
            }
        }
Ejemplo n.º 10
0
 public void Execute(Player player, string[] args)
 {
     if (args.Length == 0 || args.Length == 1)
     {
         player.SendHelp("Use /rename <OldPlayerName> <NewPlayerName>");
     }
     else if (args.Length == 2)
     {
         using (Database db = new Database())
         {
             var db1 = db.CreateQuery();
             db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;";
             db1.Parameters.AddWithValue("@name", args[1]);
             if ((int)(long)db1.ExecuteScalar() > 0)
             {
                 player.SendError("Name Already In Use.");
             }
             else
             {
                 db1 = db.CreateQuery();
                 db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name";
                 db1.Parameters.AddWithValue("@name", args[0]);
                 if ((int)(long)db1.ExecuteScalar() < 1)
                 {
                     player.SendError("Name Not Found.");
                 }
                 else
                 {
                     db1 = db.CreateQuery();
                     db1.CommandText = "UPDATE accounts SET name=@newName, namechosen=TRUE WHERE name=@oldName;";
                     db1.Parameters.AddWithValue("@newName", args[1]);
                     db1.Parameters.AddWithValue("@oldName", args[0]);
                     if (db1.ExecuteNonQuery() > 0)
                     {
                         foreach (var playerX in RealmManager.Worlds)
                         {
                             if (playerX.Key != 0)
                             {
                                 World world = playerX.Value;
                                 foreach (var p in world.Players)
                                 {
                                     Player Client = p.Value;
                                     if ((player.Name.ToLower() == args[0].ToLower()) && player.NameChosen)
                                     {
                                         player.Name = args[1];
                                         player.NameChosen = true;
                                         player.UpdateCount++;
                                         break;
                                     }
                                 }
                             }
                         }
                         player.SendInfo("Success!");
                     }
                     else
                     {
                         player.SendError("Server error. Please edit manually in database.");
                     }
                 }
             }
         }
     }
     var dir = @"logs";
     if (!System.IO.Directory.Exists(dir))
         System.IO.Directory.CreateDirectory(dir);
     using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
     {
         writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /rename");
     }
 }
Ejemplo n.º 11
0
 public void Execute(Player player, string[] args)
 {
     if (args.Length < 2)
     {
         player.SendHelp("Usage: /admin <username> <number>\n0: Player\n1: Game Master\n2: Admin\n3: Project Leader");
     }
     else
     {
         try
         {
             using (Database dbx = new Database())
             {
                 var cmd = dbx.CreateQuery();
                 cmd.CommandText = "UPDATE accounts SET rank=@rank WHERE name=@name";
                 cmd.Parameters.AddWithValue("@rank", args[1]);
                 cmd.Parameters.AddWithValue("@name", args[0]);
                 if (cmd.ExecuteNonQuery() == 0)
                 {
                     player.SendInfo("Could not change rank");
                 }
                 else
                     player.SendInfo("Account rank successfully changed");
             }
         }
         catch
         {
             player.SendInfo("Server error. Please edit manually in database.");
         }
         var dir = @"logs";
         if (!System.IO.Directory.Exists(dir))
             System.IO.Directory.CreateDirectory(dir);
         using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
         {
             writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /admin");
         }
     }
 }
Ejemplo n.º 12
0
 public void Execute(Player player, string[] args)
 {
     if (args.Length == 0)
     {
         player.SendHelp("Use /name <name>");
     }
     else if (args.Length == 1)
     {
         using (Database db = new Database())
         {
             var db1 = db.CreateQuery();
             db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;";
             db1.Parameters.AddWithValue("@name", args[0]);
             if ((int)(long)db1.ExecuteScalar() > 0)
             {
                 player.SendError("Name Already In Use.");
             }
             else
             {
                 db1 = db.CreateQuery();
                 db1.CommandText = "UPDATE accounts SET name=@name WHERE id=@accId";
                 db1.Parameters.AddWithValue("@name", args[0].ToString());
                 db1.Parameters.AddWithValue("@accId", player.Client.Account.AccountId.ToString());
                 if (db1.ExecuteNonQuery() > 0)
                 {
                     player.Client.Player.Credits = db.UpdateCredit(player.Client.Account, -0);
                     player.Client.Player.Name = args[0];
                     player.Client.Player.NameChosen = true;
                     player.Client.Player.UpdateCount++;
                     player.SendInfo("Success!");
                 }
                 else
                 {
                     player.SendError("Server error. Please edit manually in database.");
                 }
             }
         }
     }
     var dir = @"logs";
     if (!System.IO.Directory.Exists(dir))
         System.IO.Directory.CreateDirectory(dir);
     using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
     {
         writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /name");
     }
 }
Ejemplo n.º 13
0
        public void HandleRequest(HttpListenerContext context)
        {
            string status;
            using (var db = new Database())
            {
                var query = HttpUtility.ParseQueryString(context.Request.Url.Query);

                var cmd = db.CreateQuery();
                cmd.CommandText = "SELECT id FROM accounts WHERE uuid=@uuid";
                cmd.Parameters.AddWithValue("@uuid", query["guid"]);
                object id = cmd.ExecuteScalar();

                if (id != null)
                {
                    int amount = int.Parse(query["links"]);
                    cmd = db.CreateQuery();
                    cmd.CommandText = "UPDATE stats SET totalCredits = totalCredits + @amount WHERE accId=@accId";
                    cmd.Parameters.AddWithValue("@accId", (int)id);
                    cmd.Parameters.AddWithValue("@amount", amount);
                    int result = (int)cmd.ExecuteNonQuery();
                    if (result > 0)
                        status = "";
                    else
                        status = "You dun goofed.";
                }
                else
                    status = "Severe server error. Should not be getting this!";
            }

            var res = Encoding.UTF8.GetBytes(
            @"<!DOCTYPE html>
            <html>
            <head>
            <link href='http://fonts.googleapis.com/css?family=Press+Start+2P' rel='stylesheet' type='text/css'>
            <title>The White Lotus</title>
            </head>
            <body>
            <style>
            *{
            background-color: black;
            }
            #Logo {
            position: relative;
            margin-top: 50px;
            margin-left: 39.8%;
            }
            ::-webkit-input-placeholder { /* WebKit browsers */
            color:    #AC1D00;
            }
            :-moz-placeholder { /* Mozilla Firefox 4 to 18 */
            color:    #AC1D00;
            opacity:  1;
            }
            ::-moz-placeholder { /* Mozilla Firefox 19+ */
            color:    #AC1D00;
            opacity:  1;
            }
            :-ms-input-placeholder { /* Internet Explorer 10+ */
            color:    #AC1D00;
            }
            ::-webkit-input-submit :hover{
            background-color: #FF8000;
            }
            :-moz-submit :hover{
            background-color: #FF8000;
            opacity:  1;
            }
            ::-moz-submit :hover{
            background-color: #FF8000;
            opacity:  1;
            }
            :-ms-input-submit :hover{
            background-color: #FF8000;
            }
            #Username {
            font-size: 8pt;
            font-family: 'Press Start 2P', cursive;
            height: 30px;
            color: #820000;
            border:4px dotted #D54A00;
            border-radius: 5px;
            background-color: #D56B00;
            text-align: center;
            margin-left: 43%;
            }
            #Password {
            font-size: 8pt;
            font-family: 'Press Start 2P', cursive;
            height: 30px;
            color: #820000;
            border:4px dotted #D54A00;
            border-radius: 5px;
            background-color: #D56B00;
            text-align: center;
            margin-left: 43%;
            }
            #pUsername {
            font-size: 10pt;
            font-family: 'Press Start 2P', cursive;
            color: #AC1D00;
            margin-top: 100px;
            text-align: center;
            }
            #pPassword {
            font-size: 10pt;
            font-family: 'Press Start 2P', cursive;
            color: #AC1D00;
            text-align: center;
            }
            #Login {
            font-size: 8pt;
            font-family: 'Press Start 2P', cursive;
            width: 80px;
            height: 40px;
            color: #820000;
            border:2px dotted #D54A00;
            border-radius: 5px;
            background-color: #D56B00;
            margin-top: 20px;
            margin-left: 47.5%;
            }
            </style>
            <div id='Logo'><img src='http://i.imgur.com/dEdk8No.png'></div>
            <div id='Panel'>
            <p id='pUsername'>Username</p>
            <input id='Username' Type='text' placeholder='Username'>
            <p id='pPassword'>Password</p>
            <input id='Password' Type='password' placeholder='Password'><br>
            <input id='Login' type='submit' value='Log in'></input>
            </div>
            </body>
            </html>");
            context.Response.OutputStream.Write(res, 0, res.Length);
        }