public void HandleRequest(HttpListenerContext context)
{
NameValueCollection query;
using (StreamReader rdr = new StreamReader(context.Request.InputStream))
query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
using (var db = new Database())
{
var acc = db.GetAccount(int.Parse(query["accountId"]));
var chr = db.LoadCharacter(acc, int.Parse(query["charId"]));
var cmd = db.CreateQuery();
cmd.CommandText = @"SELECT time, killer, firstBorn FROM death WHERE accId=@accId AND chrId=@charId;";
cmd.Parameters.AddWithValue("@accId", query["accountId"]);
cmd.Parameters.AddWithValue("@charId", query["charId"]);
int time;
string killer;
bool firstBorn;
using (var rdr = cmd.ExecuteReader())
{
rdr.Read();
time = Database.DateTimeToUnixTimestamp(rdr.GetDateTime("time"));
killer = rdr.GetString("killer");
firstBorn = rdr.GetBoolean("firstBorn");
}
using (StreamWriter wtr = new StreamWriter(context.Response.OutputStream))
wtr.Write(chr.FameStats.Serialize(acc, chr, time, killer, firstBorn));
}
}
public void HandleRequest(HttpListenerContext context)
{
NameValueCollection query;
using (StreamReader rdr = new StreamReader(context.Request.InputStream))
query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
using (var db = new Database())
{
var acc = db.Verify(query["guid"], query["password"]);
byte[] status;
if (acc == null)
{
status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>");
}
else
{
var cmd = db.CreateQuery();
cmd.CommandText = "UPDATE accounts SET password=SHA1(@password) WHERE id=@accId;";
cmd.Parameters.AddWithValue("@accId", acc.AccountId);
cmd.Parameters.AddWithValue("@password", query["newPassword"]);
if (cmd.ExecuteNonQuery() > 0)
status = Encoding.UTF8.GetBytes("<Success />");
else
status = Encoding.UTF8.GetBytes("<Error>ChangePassword.cs error</Error>");
}
context.Response.OutputStream.Write(status, 0, status.Length);
}
}
//exploit where editing the gold amount in the url will give that amount of gold, need to change url requesting
public void HandleRequest(HttpListenerContext context)
{
string status;
using (var db = new Database())
{
var query = HttpUtility.ParseQueryString(context.Request.Url.Query);
var cmd = db.CreateQuery();
cmd.CommandText = "SELECT id FROM accounts WHERE uuid=@uuid";
cmd.Parameters.AddWithValue("@uuid", query["guid"]);
object id = cmd.ExecuteScalar();
if (id != null)
{
int amount = int.Parse(query["jwt"]);
cmd = db.CreateQuery();
cmd.CommandText = "UPDATE stats SET credits = credits + @amount WHERE accId=@accId";
cmd.Parameters.AddWithValue("@accId", (int)id);
cmd.Parameters.AddWithValue("@amount", amount);
int result = (int)cmd.ExecuteNonQuery();
if (result > 0)
status = "";
else
status = "You dun goofed.";
}
else
status = "Severe server error. Should not be getting this!";
}
var res = Encoding.UTF8.GetBytes(
@"<html>
<head>
<title>White Lotus - Purchase Complete</title>
</head>
<body style='background: #333333'>
<h1 style='color: #FF00FF; text-align: center'>
</h1>
" + status + @"
<center><p><font color='#FF00FF'>You can donate to my PayPal: [email protected]</font></p></center>
<center><p><font color='#00FFFF'>Check out the rest of the website <a href='http://25.92.155.93:8888/website/index'>here</a></font></p></center>
</body>
</html>");
context.Response.OutputStream.Write(res, 0, res.Length);
}
//fame = fame II gold = credits
public void HandleRequest(HttpListenerContext context)
{
NameValueCollection query;
using (StreamReader rdr = new StreamReader(context.Request.InputStream))
query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
using (var db = new Database())
{
var acc = db.Verify(query["guid"], query["password"]);
byte[] status;
if (acc == null)
{
status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>");
}
else
{
var cmd = db.CreateQuery();
cmd.CommandText = "SELECT credits FROM stats WHERE accId=@accId;";
cmd.Parameters.AddWithValue("@accId", acc.AccountId);
if ((int)cmd.ExecuteScalar() < 0)
status = Encoding.UTF8.GetBytes("<Error>Not enough gold</Error>");
else
{
cmd = db.CreateQuery();
cmd.CommandText = "UPDATE stats SET credits = credits - 1000 WHERE accId=@accId"; //gold=credits fame=fame NOTE: the "- 1000" takes away 1000 of whatever currency, but to be able to get it to show up as 1000 in the client, edit Database.cs
cmd.Parameters.AddWithValue("@accId", acc.AccountId);
if ((int)cmd.ExecuteNonQuery() > 0)
{
cmd = db.CreateQuery();
cmd.CommandText = "UPDATE accounts SET maxCharSlot = maxCharSlot + 1 WHERE id=@accId";
cmd.Parameters.AddWithValue("@accId", acc.AccountId);
if ((int)cmd.ExecuteNonQuery() > 0)
status = Encoding.UTF8.GetBytes("<Success/>");
else
status = Encoding.UTF8.GetBytes("<Error>CharSlot.cs error</Error>");
}
else
status = Encoding.UTF8.GetBytes("<Error>CharSlot.cs Error</Error>");
}
}
context.Response.OutputStream.Write(status, 0, status.Length);
}
}
public void HandleRequest(HttpListenerContext context)
{
NameValueCollection query;
using (StreamReader rdr = new StreamReader(context.Request.InputStream))
query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
using (var db = new Database())
{
var acc = db.Verify(query["guid"], query["password"]);
byte[] status;
if (acc == null)
{
status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>");
}
else
{
var cmd = db.CreateQuery();
object exescala;
cmd.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;";
cmd.Parameters.AddWithValue("@name", query["name"]);
exescala = cmd.ExecuteScalar();
if (int.Parse(exescala.ToString()) > 0)
status = Encoding.UTF8.GetBytes("<Error>Name in use</Error>");
else
{
cmd = db.CreateQuery();
cmd.CommandText = "UPDATE accounts SET name=@name, namechosen=TRUE WHERE id=@accId;";
cmd.Parameters.AddWithValue("@accId", acc.AccountId);
cmd.Parameters.AddWithValue("@name", query["name"]);
if (cmd.ExecuteNonQuery() != 0)
status = Encoding.UTF8.GetBytes("<Success />");
else
status = Encoding.UTF8.GetBytes("<Error>SetName.cs error</Error>");
}
}
context.Response.OutputStream.Write(status, 0, status.Length);
}
}
//public bool IsValidEmail(string strIn)
//{
// var invalid = false;
// if (String.IsNullOrEmpty(strIn))
// return false;
// MatchEvaluator DomainMapper = match =>
// {
// IdnMapping class with default property values.
// IdnMapping idn = new IdnMapping();
// string domainName = match.Groups[2].Value;
// try
// {
// domainName = idn.GetAscii(domainName);
// }
// catch (ArgumentException)
// {
// invalid = false; //should be false
// }
// return match.Groups[1].Value + domainName;
// };
// Use IdnMapping class to convert Unicode domain names.
// strIn = Regex.Replace(strIn, @"(@)(.+)$", DomainMapper);
// if (invalid)
// return false;
// Return true if strIn is in valid e-mail format.
// return Regex.IsMatch(strIn,
// @"^(?("")(""[^""]+?""@)|(([0-9a-z]((\.(?!\.))|[-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*)(?<=[0-9a-z])@))" +
// @"(?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])|(([0-9a-z][-\w]*[0-9a-z]*\.)+[a-z0-9]{2,17}))$",
// RegexOptions.IgnoreCase);
//}
public void HandleRequest(HttpListenerContext context)
{
NameValueCollection query;
using (StreamReader rdr = new StreamReader(context.Request.InputStream))
query = HttpUtility.ParseQueryString(rdr.ReadToEnd());
using (var db = new Database())
{
byte[] status;
if (0 != 0 /*!IsValidEmail(query["newGUID"])*/)
status = Encoding.UTF8.GetBytes("<Error>Invalid Email</Error>");
else
{
if (db.HasUuid(query["guid"]) &&
db.Verify(query["guid"], "") != null)
{
if (db.HasUuid(query["newGUID"]))
status = Encoding.UTF8.GetBytes("<Error>Email is already in use!</Error>");
else
{
var cmd = db.CreateQuery();
cmd.CommandText = "UPDATE accounts SET uuid=@newUuid, name=@newUuid, password=SHA1(@password), guest=FALSE WHERE uuid=@uuid, name=@name;";
cmd.Parameters.AddWithValue("@uuid", query["guid"]);
cmd.Parameters.AddWithValue("@newUuid", query["newGUID"]);
cmd.Parameters.AddWithValue("@password", query["newPassword"]);
if (cmd.ExecuteNonQuery() > 0)
status = Encoding.UTF8.GetBytes("<Success />");
else
status = Encoding.UTF8.GetBytes("<Error>Register.cs error</Error>");
}
}
else
{
if (db.Register(query["newGUID"], query["newPassword"], false) != null)
status = Encoding.UTF8.GetBytes("<Success />");
else
status = Encoding.UTF8.GetBytes("<Error>Register.cs error</Error>");
}
}
context.Response.OutputStream.Write(status, 0, status.Length);
}
}
public void Execute(Player player, string[] args)
{
if (args.Length < 2)
{
player.SendHelp("Usage: /grank <username> <number>");
}
else
{
try
{
using (Database dbx = new Database())
{
var cmd = dbx.CreateQuery();
cmd.CommandText = "UPDATE accounts SET guildRank=@guildRank WHERE name=@name";
cmd.Parameters.AddWithValue("@guildRank", args[1]);
cmd.Parameters.AddWithValue("@name", args[0]);
if (cmd.ExecuteNonQuery() == 0)
{
player.SendInfo("Could not change guild rank. Use 10, 20, 30, 40, or 50 (invisible)");
}
else
player.SendInfo("Guild rank successfully changed");
Console.ForegroundColor = ConsoleColor.Yellow;
Console.Out.WriteLine(args[1] + "'s guild rank has been changed");
Console.ForegroundColor = ConsoleColor.White;
}
}
catch
{
player.SendInfo("Server error. Please edit manually in database.");
}
var dir = @"logs";
if (!System.IO.Directory.Exists(dir))
System.IO.Directory.CreateDirectory(dir);
using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
{
writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /grank");
}
}
}
public void Execute(Player player, string[] args)
{
if (args.Length == 0)
{
player.SendHelp("Usage: /ban <username>");
}
try
{
using (Database dbx = new Database())
{
var cmd = dbx.CreateQuery();
cmd.CommandText = "UPDATE accounts SET banned=1, rank=0 WHERE name=@name";
cmd.Parameters.AddWithValue("@name", args[0]);
if (cmd.ExecuteNonQuery() == 0)
{
player.SendInfo("Could not ban");
}
else
{
foreach (var i in player.Owner.Players)
{
if (i.Value.nName.ToLower() == args[0].ToLower().Trim())
{
i.Value.Client.Disconnect();
player.SendInfo("Account successfully banned");
Console.ForegroundColor = ConsoleColor.Yellow;
Console.Out.WriteLine(args[0] + " was banned.");
Console.ForegroundColor = ConsoleColor.White;
}
}
}
}
}
catch
{
player.SendInfo("Server error. Please edit manually in database.");
}
var dir = @"logs";
if (!System.IO.Directory.Exists(dir))
System.IO.Directory.CreateDirectory(dir);
using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
{
writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /ban");
}
}
public void Execute(Player player, string[] args)
{
if (args.Length == 0)
{
player.SendHelp("Usage: /whitelist <username>");
}
try
{
using (Database dbx = new Database())
{
var cmd = dbx.CreateQuery();
cmd.CommandText = "UPDATE accounts SET rank=1 WHERE name=@name";
cmd.Parameters.AddWithValue("@name", args[0]);
if (cmd.ExecuteNonQuery() == 0)
{
player.SendInfo("Could not whitelist!");
}
else
{
player.SendInfo("Account successfully whitelisted!");
Console.ForegroundColor = ConsoleColor.Yellow;
Console.Out.WriteLine(player.nName + " has whitelisted " + args[0]);
Console.ForegroundColor = ConsoleColor.White;
var dir = @"logs";
if (!System.IO.Directory.Exists(dir))
System.IO.Directory.CreateDirectory(dir);
using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\WhitelistLog.txt", true))
{
writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " Has Whitelisted " + args[0]);
}
}
}
}
catch
{
player.SendInfo("Server error. Please edit manually in database.");
}
}
public void Execute(Player player, string[] args)
{
if (args.Length == 0 || args.Length == 1)
{
player.SendHelp("Use /rename <OldPlayerName> <NewPlayerName>");
}
else if (args.Length == 2)
{
using (Database db = new Database())
{
var db1 = db.CreateQuery();
db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;";
db1.Parameters.AddWithValue("@name", args[1]);
if ((int)(long)db1.ExecuteScalar() > 0)
{
player.SendError("Name Already In Use.");
}
else
{
db1 = db.CreateQuery();
db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name";
db1.Parameters.AddWithValue("@name", args[0]);
if ((int)(long)db1.ExecuteScalar() < 1)
{
player.SendError("Name Not Found.");
}
else
{
db1 = db.CreateQuery();
db1.CommandText = "UPDATE accounts SET name=@newName, namechosen=TRUE WHERE name=@oldName;";
db1.Parameters.AddWithValue("@newName", args[1]);
db1.Parameters.AddWithValue("@oldName", args[0]);
if (db1.ExecuteNonQuery() > 0)
{
foreach (var playerX in RealmManager.Worlds)
{
if (playerX.Key != 0)
{
World world = playerX.Value;
foreach (var p in world.Players)
{
Player Client = p.Value;
if ((player.Name.ToLower() == args[0].ToLower()) && player.NameChosen)
{
player.Name = args[1];
player.NameChosen = true;
player.UpdateCount++;
break;
}
}
}
}
player.SendInfo("Success!");
}
else
{
player.SendError("Server error. Please edit manually in database.");
}
}
}
}
}
var dir = @"logs";
if (!System.IO.Directory.Exists(dir))
System.IO.Directory.CreateDirectory(dir);
using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
{
writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /rename");
}
}
public void Execute(Player player, string[] args)
{
if (args.Length < 2)
{
player.SendHelp("Usage: /admin <username> <number>\n0: Player\n1: Game Master\n2: Admin\n3: Project Leader");
}
else
{
try
{
using (Database dbx = new Database())
{
var cmd = dbx.CreateQuery();
cmd.CommandText = "UPDATE accounts SET rank=@rank WHERE name=@name";
cmd.Parameters.AddWithValue("@rank", args[1]);
cmd.Parameters.AddWithValue("@name", args[0]);
if (cmd.ExecuteNonQuery() == 0)
{
player.SendInfo("Could not change rank");
}
else
player.SendInfo("Account rank successfully changed");
}
}
catch
{
player.SendInfo("Server error. Please edit manually in database.");
}
var dir = @"logs";
if (!System.IO.Directory.Exists(dir))
System.IO.Directory.CreateDirectory(dir);
using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
{
writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /admin");
}
}
}
public void Execute(Player player, string[] args)
{
if (args.Length == 0)
{
player.SendHelp("Use /name <name>");
}
else if (args.Length == 1)
{
using (Database db = new Database())
{
var db1 = db.CreateQuery();
db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;";
db1.Parameters.AddWithValue("@name", args[0]);
if ((int)(long)db1.ExecuteScalar() > 0)
{
player.SendError("Name Already In Use.");
}
else
{
db1 = db.CreateQuery();
db1.CommandText = "UPDATE accounts SET name=@name WHERE id=@accId";
db1.Parameters.AddWithValue("@name", args[0].ToString());
db1.Parameters.AddWithValue("@accId", player.Client.Account.AccountId.ToString());
if (db1.ExecuteNonQuery() > 0)
{
player.Client.Player.Credits = db.UpdateCredit(player.Client.Account, -0);
player.Client.Player.Name = args[0];
player.Client.Player.NameChosen = true;
player.Client.Player.UpdateCount++;
player.SendInfo("Success!");
}
else
{
player.SendError("Server error. Please edit manually in database.");
}
}
}
}
var dir = @"logs";
if (!System.IO.Directory.Exists(dir))
System.IO.Directory.CreateDirectory(dir);
using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true))
{
writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /name");
}
}
public void HandleRequest(HttpListenerContext context)
{
string status;
using (var db = new Database())
{
var query = HttpUtility.ParseQueryString(context.Request.Url.Query);
var cmd = db.CreateQuery();
cmd.CommandText = "SELECT id FROM accounts WHERE uuid=@uuid";
cmd.Parameters.AddWithValue("@uuid", query["guid"]);
object id = cmd.ExecuteScalar();
if (id != null)
{
int amount = int.Parse(query["links"]);
cmd = db.CreateQuery();
cmd.CommandText = "UPDATE stats SET totalCredits = totalCredits + @amount WHERE accId=@accId";
cmd.Parameters.AddWithValue("@accId", (int)id);
cmd.Parameters.AddWithValue("@amount", amount);
int result = (int)cmd.ExecuteNonQuery();
if (result > 0)
status = "";
else
status = "You dun goofed.";
}
else
status = "Severe server error. Should not be getting this!";
}
var res = Encoding.UTF8.GetBytes(
@"<!DOCTYPE html>
<html>
<head>
<link href='http://fonts.googleapis.com/css?family=Press+Start+2P' rel='stylesheet' type='text/css'>
<title>The White Lotus</title>
</head>
<body>
<style>
*{
background-color: black;
}
#Logo {
position: relative;
margin-top: 50px;
margin-left: 39.8%;
}
::-webkit-input-placeholder { /* WebKit browsers */
color: #AC1D00;
}
:-moz-placeholder { /* Mozilla Firefox 4 to 18 */
color: #AC1D00;
opacity: 1;
}
::-moz-placeholder { /* Mozilla Firefox 19+ */
color: #AC1D00;
opacity: 1;
}
:-ms-input-placeholder { /* Internet Explorer 10+ */
color: #AC1D00;
}
::-webkit-input-submit :hover{
background-color: #FF8000;
}
:-moz-submit :hover{
background-color: #FF8000;
opacity: 1;
}
::-moz-submit :hover{
background-color: #FF8000;
opacity: 1;
}
:-ms-input-submit :hover{
background-color: #FF8000;
}
#Username {
font-size: 8pt;
font-family: 'Press Start 2P', cursive;
height: 30px;
color: #820000;
border:4px dotted #D54A00;
border-radius: 5px;
background-color: #D56B00;
text-align: center;
margin-left: 43%;
}
#Password {
font-size: 8pt;
font-family: 'Press Start 2P', cursive;
height: 30px;
color: #820000;
border:4px dotted #D54A00;
border-radius: 5px;
background-color: #D56B00;
text-align: center;
margin-left: 43%;
}
#pUsername {
font-size: 10pt;
font-family: 'Press Start 2P', cursive;
color: #AC1D00;
margin-top: 100px;
text-align: center;
}
#pPassword {
font-size: 10pt;
font-family: 'Press Start 2P', cursive;
color: #AC1D00;
text-align: center;
}
#Login {
font-size: 8pt;
font-family: 'Press Start 2P', cursive;
width: 80px;
height: 40px;
color: #820000;
border:2px dotted #D54A00;
border-radius: 5px;
background-color: #D56B00;
margin-top: 20px;
margin-left: 47.5%;
}
</style>
<div id='Logo'><img src='http://i.imgur.com/dEdk8No.png'></div>
<div id='Panel'>
<p id='pUsername'>Username</p>
<input id='Username' Type='text' placeholder='Username'>
<p id='pPassword'>Password</p>
<input id='Password' Type='password' placeholder='Password'><br>
<input id='Login' type='submit' value='Log in'></input>
</div>
</body>
</html>");
context.Response.OutputStream.Write(res, 0, res.Length);
}
