Was kann dieser Hack?
Wenn ein User im LoGD erstellt wird, wird auch ein User im WBB erstellt. (@Artemis1988: Es wird vorher geprüft, ob der User im WBB schon existiert
)Wenn ein User im LoGD gelöscht wird (Inaktivität, Löschen durch User, Löschen durch Admin), wird er auch im WBB gelöscht.
WBB Lite in LoGD einbinden (für WBB2 siehe weiter unten)
Lade zuerst folgendes Archiv runter, entpacke das Archiv, öffne die wbb.php und passe dort die MySQL Angaben an:
Dateianhang:
Lade die wbb.php in das Hauptverzeichnis von deinem LoGD. Passe die folgenden Dateien an:
Öffne create.php
SUCHE
PHP:
require_once "common.php";
FÜGE -DAHINTER- EIN
PHP:
//WBB Modifikation Start
require_once('wbb.php');
//WBB Modifikation Ende
require_once('wbb.php');
//WBB Modifikation Ende
SUCHE
PHP:
$sql = "INSERT INTO accounts
(name,
title,
password,
sex,
login,
laston,
uniqueid,
lastip,
superuser,
gold,
emailaddress,
emailvalidation,
referer,
birthday
(name,
title,
password,
sex,
login,
laston,
uniqueid,
lastip,
superuser,
gold,
emailaddress,
emailvalidation,
referer,
birthday
FÜGE -DAVOR- EIN
PHP:
// WBB Modifikation Start
wbbquery("INSERT INTO ".WBBPREFIX."users
(username,
password,
email,
groupid,
rankid,
activation,
regdate,
lastvisit,
lastactivity
) VALUES (
'$shortname',
MD5('$_POST[pass1]'),
'$_POST[email]',
'4',
'4',
'1',
'".time()."',
'".time()."',
'".time()."'
)");
// WBB Modifikation ENDE
wbbquery("INSERT INTO ".WBBPREFIX."users
(username,
password,
email,
groupid,
rankid,
activation,
regdate,
lastvisit,
lastactivity
) VALUES (
'$shortname',
MD5('$_POST[pass1]'),
'$_POST[email]',
'4',
'4',
'1',
'".time()."',
'".time()."',
'".time()."'
)");
// WBB Modifikation ENDE
SUCHE
PHP:
if (!$blockaccount){
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
ERSETZE VOLLSTÄNDIG MIT
PHP:
// WBB Modifikation Start
if (!$blockaccount){
$userexisting = wbbquery("SELECT * FROM ".WBBPREFIX."users WHERE username LIKE '".$shortname."'");
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0 || mysql_num_rows($userexisting)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
// WBB Modifikation Ende
if (!$blockaccount){
$userexisting = wbbquery("SELECT * FROM ".WBBPREFIX."users WHERE username LIKE '".$shortname."'");
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0 || mysql_num_rows($userexisting)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
// WBB Modifikation Ende
Öffne prefs.php
SUCHE
PHP:
// user löschen
$sql = "DELETE FROM accounts WHERE acctid='$HTTP_GET_VARS[userid]'";
db_query($sql);
$sql = "DELETE FROM accounts WHERE acctid='$HTTP_GET_VARS[userid]'";
db_query($sql);
FÜGE -DARUNTER- EIN
PHP:
// WBB Modifikation Start
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$session['user']['login']."'");
// WBB Modifikation Ende
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$session['user']['login']."'");
// WBB Modifikation Ende
Öffne user.php
SUCHE
PHP:
$sql = "DELETE FROM pvp WHERE acctid2=$_GET[userid] OR acctid1=$_GET[userid]";
db_query($sql) or die(db_error(LINK));
db_query($sql) or die(db_error(LINK));
FÜGE -DARUNTER- EIN
PHP:
// WBB Modifikation Start
$sql = "SELECT login FROM accounts WHERE acctid='".$_GET['userid']."'";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
$sql = "SELECT login FROM accounts WHERE acctid='".$_GET['userid']."'";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
Öffne setnewday.php
SUCHE
PHP:
$old+=5;
FÜGE DAHINTER EIN
PHP:
// WBB Modifikation Start
$sql = "SELECT * FROM accounts WHERE superuser<=1 AND (1=0\n"
.($old>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$old days"))."\")\n":"")
.($new>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$new days"))."\" AND level=1 AND dragonkills=0)\n":"")
.($trash>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-".($trash+1)." days"))."\" AND level=1 AND experience < 10 AND dragonkills=0)\n":"")
.")";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
$sql = "SELECT * FROM accounts WHERE superuser<=1 AND (1=0\n"
.($old>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$old days"))."\")\n":"")
.($new>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$new days"))."\" AND level=1 AND dragonkills=0)\n":"")
.($trash>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-".($trash+1)." days"))."\" AND level=1 AND experience < 10 AND dragonkills=0)\n":"")
.")";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
Save & Close all Files.
WBB 2 in LoGD einbinden
Lade zuerst folgendes Archiv runter, entpacke das Archiv, öffne die wbb.php und passe dort die MySQL Angaben an:
Dateianhang:
Lade die wbb.php in das Hauptverzeichnis von deinem LoGD. Passe die folgenden Dateien an:
Öffne create.php
SUCHE
PHP:
require_once "common.php";
FÜGE -DAHINTER- EIN
PHP:
//WBB Modifikation Start
require_once('wbb.php');
//WBB Modifikation Ende
require_once('wbb.php');
//WBB Modifikation Ende
SUCHE
PHP:
$sql = "INSERT INTO accounts
(name,
title,
password,
sex,
login,
laston,
uniqueid,
lastip,
superuser,
gold,
emailaddress,
emailvalidation,
referer,
birthday
(name,
title,
password,
sex,
login,
laston,
uniqueid,
lastip,
superuser,
gold,
emailaddress,
emailvalidation,
referer,
birthday
FÜGE -DAVOR- EIN
PHP:
// WBB Modifikation Start
wbbquery("INSERT INTO ".WBBPREFIX."users
(username,
password,
email,
groupcombinationid,
rankid,
activation,
regdate,
lastvisit,
lastactivity
) VALUES (
'$shortname',
MD5('$_POST[pass1]'),
'$_POST[email]',
'4',
'4',
'1',
'".time()."',
'".time()."',
'".time()."'
)");
// WBB Modifikation ENDE
wbbquery("INSERT INTO ".WBBPREFIX."users
(username,
password,
email,
groupcombinationid,
rankid,
activation,
regdate,
lastvisit,
lastactivity
) VALUES (
'$shortname',
MD5('$_POST[pass1]'),
'$_POST[email]',
'4',
'4',
'1',
'".time()."',
'".time()."',
'".time()."'
)");
// WBB Modifikation ENDE
SUCHE
PHP:
if (!$blockaccount){
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
ERSETZE VOLLSTÄNDIG MIT
PHP:
// WBB Modifikation Start
if (!$blockaccount){
$userexisting = wbbquery("SELECT * FROM ".WBBPREFIX."users WHERE username LIKE '".$shortname."'");
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0 || mysql_num_rows($userexisting)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
// WBB Modifikation Ende
if (!$blockaccount){
$userexisting = wbbquery("SELECT * FROM ".WBBPREFIX."users WHERE username LIKE '".$shortname."'");
$sql = "SELECT name FROM accounts WHERE login='$shortname'";
$result = db_query($sql) or die(db_error(LINK));
if (db_num_rows($result)>0 || mysql_num_rows($userexisting)>0){
output("`\$Fehler`^: Diesen Namen gibt es schon. Bitte versuchs nochmal.");
$HTTP_GET_VARS[op]="";
}else{
$title = ($HTTP_POST_VARS[sex]?"Bauernmädchen":"Bauernjunge");
if (getsetting("requirevalidemail",0)){
$emailverification=md5(date("Y-m-d H:i:s").$_POST[email]);
}
if ($_GET['r']>""){
$sql = "SELECT acctid FROM accounts WHERE login='".rawurldecode($_GET['r'])."'";
//$sql = "SELECT acctid FROM accounts WHERE login='{$_GET['r']}'";
$result = db_query($sql);
$ref = db_fetch_assoc($result);
$referer=$ref['acctid'];
}else{
$referer=0;
}
// WBB Modifikation Ende
Öffne prefs.php
SUCHE
PHP:
// user löschen
$sql = "DELETE FROM accounts WHERE acctid='$HTTP_GET_VARS[userid]'";
db_query($sql);
$sql = "DELETE FROM accounts WHERE acctid='$HTTP_GET_VARS[userid]'";
db_query($sql);
FÜGE -DAHINTER- EIN
PHP:
// WBB Modifikation Start
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$session['user']['login']."'");
// WBB Modifikation Ende
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$session['user']['login']."'");
// WBB Modifikation Ende
Öffne user.php
SUCHE[/b
PHP:
$sql = "DELETE FROM pvp WHERE acctid2=$_GET[userid] OR acctid1=$_GET[userid]";
db_query($sql) or die(db_error(LINK));
db_query($sql) or die(db_error(LINK));
[b]FÜGE -DARUNTER- EIN
PHP:
// WBB Modifikation Start
$sql = "SELECT login FROM accounts WHERE acctid='".$_GET['userid']."'";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
$sql = "SELECT login FROM accounts WHERE acctid='".$_GET['userid']."'";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
Öffne setnewday.php
SUCHE
PHP:
$old+=5;
FÜGE DARUNTER EIN
PHP:
// WBB Modifikation Start
$sql = "SELECT * FROM accounts WHERE superuser<=1 AND (1=0\n"
.($old>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$old days"))."\")\n":"")
.($new>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$new days"))."\" AND level=1 AND dragonkills=0)\n":"")
.($trash>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-".($trash+1)." days"))."\" AND level=1 AND experience < 10 AND dragonkills=0)\n":"")
.")";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
$sql = "SELECT * FROM accounts WHERE superuser<=1 AND (1=0\n"
.($old>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$old days"))."\")\n":"")
.($new>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-$new days"))."\" AND level=1 AND dragonkills=0)\n":"")
.($trash>0?"OR (laston < \"".date("Y-m-d H:i:s",strtotime(date("r")."-".($trash+1)." days"))."\" AND level=1 AND experience < 10 AND dragonkills=0)\n":"")
.")";
$qry = db_query($sql);
$loginqry = db_fetch_assoc($qry);
require_once('wbb.php');
wbbquery("DELETE FROM ".WBBPREFIX."users WHERE username='".$loginqry['login']."'");
// WBB Modifikation Ende
Save & Close all Files.