public void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (StreamReader rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); using (var db = new Database()) { var acc = db.GetAccount(int.Parse(query["accountId"])); var chr = db.LoadCharacter(acc, int.Parse(query["charId"])); var cmd = db.CreateQuery(); cmd.CommandText = @"SELECT time, killer, firstBorn FROM death WHERE accId=@accId AND chrId=@charId;"; cmd.Parameters.AddWithValue("@accId", query["accountId"]); cmd.Parameters.AddWithValue("@charId", query["charId"]); int time; string killer; bool firstBorn; using (var rdr = cmd.ExecuteReader()) { rdr.Read(); time = Database.DateTimeToUnixTimestamp(rdr.GetDateTime("time")); killer = rdr.GetString("killer"); firstBorn = rdr.GetBoolean("firstBorn"); } using (StreamWriter wtr = new StreamWriter(context.Response.OutputStream)) wtr.Write(chr.FameStats.Serialize(acc, chr, time, killer, firstBorn)); } }
public void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (StreamReader rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); using (var db = new Database()) { var acc = db.Verify(query["guid"], query["password"]); byte[] status; if (acc == null) { status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>"); } else { var cmd = db.CreateQuery(); cmd.CommandText = "UPDATE accounts SET password=SHA1(@password) WHERE id=@accId;"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); cmd.Parameters.AddWithValue("@password", query["newPassword"]); if (cmd.ExecuteNonQuery() > 0) status = Encoding.UTF8.GetBytes("<Success />"); else status = Encoding.UTF8.GetBytes("<Error>ChangePassword.cs error</Error>"); } context.Response.OutputStream.Write(status, 0, status.Length); } }
//exploit where editing the gold amount in the url will give that amount of gold, need to change url requesting public void HandleRequest(HttpListenerContext context) { string status; using (var db = new Database()) { var query = HttpUtility.ParseQueryString(context.Request.Url.Query); var cmd = db.CreateQuery(); cmd.CommandText = "SELECT id FROM accounts WHERE uuid=@uuid"; cmd.Parameters.AddWithValue("@uuid", query["guid"]); object id = cmd.ExecuteScalar(); if (id != null) { int amount = int.Parse(query["jwt"]); cmd = db.CreateQuery(); cmd.CommandText = "UPDATE stats SET credits = credits + @amount WHERE accId=@accId"; cmd.Parameters.AddWithValue("@accId", (int)id); cmd.Parameters.AddWithValue("@amount", amount); int result = (int)cmd.ExecuteNonQuery(); if (result > 0) status = ""; else status = "You dun goofed."; } else status = "Severe server error. Should not be getting this!"; } var res = Encoding.UTF8.GetBytes( @"<html> <head> <title>White Lotus - Purchase Complete</title> </head> <body style='background: #333333'> <h1 style='color: #FF00FF; text-align: center'> </h1> " + status + @" <center><p><font color='#FF00FF'>You can donate to my PayPal: [email protected]</font></p></center> <center><p><font color='#00FFFF'>Check out the rest of the website <a href='http://25.92.155.93:8888/website/index'>here</a></font></p></center> </body> </html>"); context.Response.OutputStream.Write(res, 0, res.Length); }
//fame = fame II gold = credits public void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (StreamReader rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); using (var db = new Database()) { var acc = db.Verify(query["guid"], query["password"]); byte[] status; if (acc == null) { status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>"); } else { var cmd = db.CreateQuery(); cmd.CommandText = "SELECT credits FROM stats WHERE accId=@accId;"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); if ((int)cmd.ExecuteScalar() < 0) status = Encoding.UTF8.GetBytes("<Error>Not enough gold</Error>"); else { cmd = db.CreateQuery(); cmd.CommandText = "UPDATE stats SET credits = credits - 1000 WHERE accId=@accId"; //gold=credits fame=fame NOTE: the "- 1000" takes away 1000 of whatever currency, but to be able to get it to show up as 1000 in the client, edit Database.cs cmd.Parameters.AddWithValue("@accId", acc.AccountId); if ((int)cmd.ExecuteNonQuery() > 0) { cmd = db.CreateQuery(); cmd.CommandText = "UPDATE accounts SET maxCharSlot = maxCharSlot + 1 WHERE id=@accId"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); if ((int)cmd.ExecuteNonQuery() > 0) status = Encoding.UTF8.GetBytes("<Success/>"); else status = Encoding.UTF8.GetBytes("<Error>CharSlot.cs error</Error>"); } else status = Encoding.UTF8.GetBytes("<Error>CharSlot.cs Error</Error>"); } } context.Response.OutputStream.Write(status, 0, status.Length); } }
public void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (StreamReader rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); using (var db = new Database()) { var acc = db.Verify(query["guid"], query["password"]); byte[] status; if (acc == null) { status = Encoding.UTF8.GetBytes("<Error>Bad login</Error>"); } else { var cmd = db.CreateQuery(); object exescala; cmd.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;"; cmd.Parameters.AddWithValue("@name", query["name"]); exescala = cmd.ExecuteScalar(); if (int.Parse(exescala.ToString()) > 0) status = Encoding.UTF8.GetBytes("<Error>Name in use</Error>"); else { cmd = db.CreateQuery(); cmd.CommandText = "UPDATE accounts SET name=@name, namechosen=TRUE WHERE id=@accId;"; cmd.Parameters.AddWithValue("@accId", acc.AccountId); cmd.Parameters.AddWithValue("@name", query["name"]); if (cmd.ExecuteNonQuery() != 0) status = Encoding.UTF8.GetBytes("<Success />"); else status = Encoding.UTF8.GetBytes("<Error>SetName.cs error</Error>"); } } context.Response.OutputStream.Write(status, 0, status.Length); } }
//public bool IsValidEmail(string strIn) //{ // var invalid = false; // if (String.IsNullOrEmpty(strIn)) // return false; // MatchEvaluator DomainMapper = match => // { // IdnMapping class with default property values. // IdnMapping idn = new IdnMapping(); // string domainName = match.Groups[2].Value; // try // { // domainName = idn.GetAscii(domainName); // } // catch (ArgumentException) // { // invalid = false; //should be false // } // return match.Groups[1].Value + domainName; // }; // Use IdnMapping class to convert Unicode domain names. // strIn = Regex.Replace(strIn, @"(@)(.+)$", DomainMapper); // if (invalid) // return false; // Return true if strIn is in valid e-mail format. // return Regex.IsMatch(strIn, // @"^(?("")(""[^""]+?""@)|(([0-9a-z]((\.(?!\.))|[-!#\$%&'\*\+/=\?\^`\{\}\|~\w])*)(?<=[0-9a-z])@))" + // @"(?(\[)(\[(\d{1,3}\.){3}\d{1,3}\])|(([0-9a-z][-\w]*[0-9a-z]*\.)+[a-z0-9]{2,17}))$", // RegexOptions.IgnoreCase); //} public void HandleRequest(HttpListenerContext context) { NameValueCollection query; using (StreamReader rdr = new StreamReader(context.Request.InputStream)) query = HttpUtility.ParseQueryString(rdr.ReadToEnd()); using (var db = new Database()) { byte[] status; if (0 != 0 /*!IsValidEmail(query["newGUID"])*/) status = Encoding.UTF8.GetBytes("<Error>Invalid Email</Error>"); else { if (db.HasUuid(query["guid"]) && db.Verify(query["guid"], "") != null) { if (db.HasUuid(query["newGUID"])) status = Encoding.UTF8.GetBytes("<Error>Email is already in use!</Error>"); else { var cmd = db.CreateQuery(); cmd.CommandText = "UPDATE accounts SET uuid=@newUuid, name=@newUuid, password=SHA1(@password), guest=FALSE WHERE uuid=@uuid, name=@name;"; cmd.Parameters.AddWithValue("@uuid", query["guid"]); cmd.Parameters.AddWithValue("@newUuid", query["newGUID"]); cmd.Parameters.AddWithValue("@password", query["newPassword"]); if (cmd.ExecuteNonQuery() > 0) status = Encoding.UTF8.GetBytes("<Success />"); else status = Encoding.UTF8.GetBytes("<Error>Register.cs error</Error>"); } } else { if (db.Register(query["newGUID"], query["newPassword"], false) != null) status = Encoding.UTF8.GetBytes("<Success />"); else status = Encoding.UTF8.GetBytes("<Error>Register.cs error</Error>"); } } context.Response.OutputStream.Write(status, 0, status.Length); } }
public void Execute(Player player, string[] args) { if (args.Length < 2) { player.SendHelp("Usage: /grank <username> <number>"); } else { try { using (Database dbx = new Database()) { var cmd = dbx.CreateQuery(); cmd.CommandText = "UPDATE accounts SET guildRank=@guildRank WHERE name=@name"; cmd.Parameters.AddWithValue("@guildRank", args[1]); cmd.Parameters.AddWithValue("@name", args[0]); if (cmd.ExecuteNonQuery() == 0) { player.SendInfo("Could not change guild rank. Use 10, 20, 30, 40, or 50 (invisible)"); } else player.SendInfo("Guild rank successfully changed"); Console.ForegroundColor = ConsoleColor.Yellow; Console.Out.WriteLine(args[1] + "'s guild rank has been changed"); Console.ForegroundColor = ConsoleColor.White; } } catch { player.SendInfo("Server error. Please edit manually in database."); } var dir = @"logs"; if (!System.IO.Directory.Exists(dir)) System.IO.Directory.CreateDirectory(dir); using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true)) { writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /grank"); } } }
public void Execute(Player player, string[] args) { if (args.Length == 0) { player.SendHelp("Usage: /ban <username>"); } try { using (Database dbx = new Database()) { var cmd = dbx.CreateQuery(); cmd.CommandText = "UPDATE accounts SET banned=1, rank=0 WHERE name=@name"; cmd.Parameters.AddWithValue("@name", args[0]); if (cmd.ExecuteNonQuery() == 0) { player.SendInfo("Could not ban"); } else { foreach (var i in player.Owner.Players) { if (i.Value.nName.ToLower() == args[0].ToLower().Trim()) { i.Value.Client.Disconnect(); player.SendInfo("Account successfully banned"); Console.ForegroundColor = ConsoleColor.Yellow; Console.Out.WriteLine(args[0] + " was banned."); Console.ForegroundColor = ConsoleColor.White; } } } } } catch { player.SendInfo("Server error. Please edit manually in database."); } var dir = @"logs"; if (!System.IO.Directory.Exists(dir)) System.IO.Directory.CreateDirectory(dir); using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true)) { writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /ban"); } }
public void Execute(Player player, string[] args) { if (args.Length == 0) { player.SendHelp("Usage: /whitelist <username>"); } try { using (Database dbx = new Database()) { var cmd = dbx.CreateQuery(); cmd.CommandText = "UPDATE accounts SET rank=1 WHERE name=@name"; cmd.Parameters.AddWithValue("@name", args[0]); if (cmd.ExecuteNonQuery() == 0) { player.SendInfo("Could not whitelist!"); } else { player.SendInfo("Account successfully whitelisted!"); Console.ForegroundColor = ConsoleColor.Yellow; Console.Out.WriteLine(player.nName + " has whitelisted " + args[0]); Console.ForegroundColor = ConsoleColor.White; var dir = @"logs"; if (!System.IO.Directory.Exists(dir)) System.IO.Directory.CreateDirectory(dir); using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\WhitelistLog.txt", true)) { writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " Has Whitelisted " + args[0]); } } } } catch { player.SendInfo("Server error. Please edit manually in database."); } }
public void Execute(Player player, string[] args) { if (args.Length == 0 || args.Length == 1) { player.SendHelp("Use /rename <OldPlayerName> <NewPlayerName>"); } else if (args.Length == 2) { using (Database db = new Database()) { var db1 = db.CreateQuery(); db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;"; db1.Parameters.AddWithValue("@name", args[1]); if ((int)(long)db1.ExecuteScalar() > 0) { player.SendError("Name Already In Use."); } else { db1 = db.CreateQuery(); db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name"; db1.Parameters.AddWithValue("@name", args[0]); if ((int)(long)db1.ExecuteScalar() < 1) { player.SendError("Name Not Found."); } else { db1 = db.CreateQuery(); db1.CommandText = "UPDATE accounts SET name=@newName, namechosen=TRUE WHERE name=@oldName;"; db1.Parameters.AddWithValue("@newName", args[1]); db1.Parameters.AddWithValue("@oldName", args[0]); if (db1.ExecuteNonQuery() > 0) { foreach (var playerX in RealmManager.Worlds) { if (playerX.Key != 0) { World world = playerX.Value; foreach (var p in world.Players) { Player Client = p.Value; if ((player.Name.ToLower() == args[0].ToLower()) && player.NameChosen) { player.Name = args[1]; player.NameChosen = true; player.UpdateCount++; break; } } } } player.SendInfo("Success!"); } else { player.SendError("Server error. Please edit manually in database."); } } } } } var dir = @"logs"; if (!System.IO.Directory.Exists(dir)) System.IO.Directory.CreateDirectory(dir); using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true)) { writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /rename"); } }
public void Execute(Player player, string[] args) { if (args.Length < 2) { player.SendHelp("Usage: /admin <username> <number>\n0: Player\n1: Game Master\n2: Admin\n3: Project Leader"); } else { try { using (Database dbx = new Database()) { var cmd = dbx.CreateQuery(); cmd.CommandText = "UPDATE accounts SET rank=@rank WHERE name=@name"; cmd.Parameters.AddWithValue("@rank", args[1]); cmd.Parameters.AddWithValue("@name", args[0]); if (cmd.ExecuteNonQuery() == 0) { player.SendInfo("Could not change rank"); } else player.SendInfo("Account rank successfully changed"); } } catch { player.SendInfo("Server error. Please edit manually in database."); } var dir = @"logs"; if (!System.IO.Directory.Exists(dir)) System.IO.Directory.CreateDirectory(dir); using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true)) { writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /admin"); } } }
public void Execute(Player player, string[] args) { if (args.Length == 0) { player.SendHelp("Use /name <name>"); } else if (args.Length == 1) { using (Database db = new Database()) { var db1 = db.CreateQuery(); db1.CommandText = "SELECT COUNT(name) FROM accounts WHERE name=@name;"; db1.Parameters.AddWithValue("@name", args[0]); if ((int)(long)db1.ExecuteScalar() > 0) { player.SendError("Name Already In Use."); } else { db1 = db.CreateQuery(); db1.CommandText = "UPDATE accounts SET name=@name WHERE id=@accId"; db1.Parameters.AddWithValue("@name", args[0].ToString()); db1.Parameters.AddWithValue("@accId", player.Client.Account.AccountId.ToString()); if (db1.ExecuteNonQuery() > 0) { player.Client.Player.Credits = db.UpdateCredit(player.Client.Account, -0); player.Client.Player.Name = args[0]; player.Client.Player.NameChosen = true; player.Client.Player.UpdateCount++; player.SendInfo("Success!"); } else { player.SendError("Server error. Please edit manually in database."); } } } } var dir = @"logs"; if (!System.IO.Directory.Exists(dir)) System.IO.Directory.CreateDirectory(dir); using (System.IO.StreamWriter writer = new System.IO.StreamWriter(@"logs\AdminLog.txt", true)) { writer.WriteLine("[" + DateTime.Now + "]" + player.nName + " has used the /name"); } }
public void HandleRequest(HttpListenerContext context) { string status; using (var db = new Database()) { var query = HttpUtility.ParseQueryString(context.Request.Url.Query); var cmd = db.CreateQuery(); cmd.CommandText = "SELECT id FROM accounts WHERE uuid=@uuid"; cmd.Parameters.AddWithValue("@uuid", query["guid"]); object id = cmd.ExecuteScalar(); if (id != null) { int amount = int.Parse(query["links"]); cmd = db.CreateQuery(); cmd.CommandText = "UPDATE stats SET totalCredits = totalCredits + @amount WHERE accId=@accId"; cmd.Parameters.AddWithValue("@accId", (int)id); cmd.Parameters.AddWithValue("@amount", amount); int result = (int)cmd.ExecuteNonQuery(); if (result > 0) status = ""; else status = "You dun goofed."; } else status = "Severe server error. Should not be getting this!"; } var res = Encoding.UTF8.GetBytes( @"<!DOCTYPE html> <html> <head> <link href='http://fonts.googleapis.com/css?family=Press+Start+2P' rel='stylesheet' type='text/css'> <title>The White Lotus</title> </head> <body> <style> *{ background-color: black; } #Logo { position: relative; margin-top: 50px; margin-left: 39.8%; } ::-webkit-input-placeholder { /* WebKit browsers */ color: #AC1D00; } :-moz-placeholder { /* Mozilla Firefox 4 to 18 */ color: #AC1D00; opacity: 1; } ::-moz-placeholder { /* Mozilla Firefox 19+ */ color: #AC1D00; opacity: 1; } :-ms-input-placeholder { /* Internet Explorer 10+ */ color: #AC1D00; } ::-webkit-input-submit :hover{ background-color: #FF8000; } :-moz-submit :hover{ background-color: #FF8000; opacity: 1; } ::-moz-submit :hover{ background-color: #FF8000; opacity: 1; } :-ms-input-submit :hover{ background-color: #FF8000; } #Username { font-size: 8pt; font-family: 'Press Start 2P', cursive; height: 30px; color: #820000; border:4px dotted #D54A00; border-radius: 5px; background-color: #D56B00; text-align: center; margin-left: 43%; } #Password { font-size: 8pt; font-family: 'Press Start 2P', cursive; height: 30px; color: #820000; border:4px dotted #D54A00; border-radius: 5px; background-color: #D56B00; text-align: center; margin-left: 43%; } #pUsername { font-size: 10pt; font-family: 'Press Start 2P', cursive; color: #AC1D00; margin-top: 100px; text-align: center; } #pPassword { font-size: 10pt; font-family: 'Press Start 2P', cursive; color: #AC1D00; text-align: center; } #Login { font-size: 8pt; font-family: 'Press Start 2P', cursive; width: 80px; height: 40px; color: #820000; border:2px dotted #D54A00; border-radius: 5px; background-color: #D56B00; margin-top: 20px; margin-left: 47.5%; } </style> <div id='Logo'><img src='http://i.imgur.com/dEdk8No.png'></div> <div id='Panel'> <p id='pUsername'>Username</p> <input id='Username' Type='text' placeholder='Username'> <p id='pPassword'>Password</p> <input id='Password' Type='password' placeholder='Password'><br> <input id='Login' type='submit' value='Log in'></input> </div> </body> </html>"); context.Response.OutputStream.Write(res, 0, res.Length); }