• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Afs-cms

Status
Not open for further replies.
BETA version of 1.6 is released, I sort of know what i'm doing with the fixes and have resolved a few but there are still more. So if you know SQL-Injection/XSS then hack away and send me a report with a fix.

http://www.megaupload.com/?d=NUH4KVMW

I couldn't remember who sent me the ban fix + the guild fix so I didn't give credits but I will in the official release now that I know :p
 
Was I Avarians =)
And I never see my credits in some open project, I'll appreciate it xD

And thx for release.
 
@Avarians, I have one more fix, when u delete a player, it just delete the players in table "players", but dont delete his attributes "player_deaths", "player_skills", "player_items", "player_depotitems", "player_viplist", "player_storage" and "player_spells", it a long of time can take many space on database, and the Last Deaths page will show the ID of the player deletes as the player name doesnt exist anymore.

To fix that, on manager.php change:
PHP: 
if ( isset($_POST['delete']) ) {
    mysql_query('DELETE FROM `players` WHERE `name` = "'.$_POST['char'].'" LIMIT 1');
    mysql_query('DELETE FROM `player_skills` WHERE `player_id` = "'.$_POST['charid'].'" LIMIT 1');
    mysql_query('DELETE FROM `player_playerstorage` WHERE `player_id` = "'.$_POST['charid'].'" LIMIT 1');
    mysql_query('DELETE FROM `player_deaths` WHERE `player_id` = "'.$_POST['charid'].'" LIMIT 1');
    echo $header;
    echo 'Character <b>'.$_POST['char'].'</b> has been deleted!';

}


To:
PHP: 
if ( isset($_POST['delete']) ) {
    mysql_query('DELETE FROM `players` WHERE `name` = "'.$_POST['char'].'" LIMIT 1');
    mysql_query('DELETE FROM `player_deaths` WHERE `player_id` = "'.$player['id'].'"');
    mysql_query('DELETE FROM `player_depotitems` WHERE `player_id` = "'.$player['id'].'"');
    mysql_query('DELETE FROM `player_items` WHERE `player_id` = "'.$player['id'].'"');
    mysql_query('DELETE FROM `player_skills` WHERE `player_id` = "'.$player['id'].'"');
    mysql_query('DELETE FROM `playplayer_spells` WHERE `player_id` = "'.$player['id'].'"');
    mysql_query('DELETE FROM `player_storage` WHERE `player_id` = "'.$player['id'].'"');
    mysql_query('DELETE FROM `player_viplist` WHERE `player_id` = "'.$player['id'].'"');
    echo $header;
    echo 'Character <b>'.$_POST['char'].'</b> has been deleted!';

}


And I can suggest u, to make a system that delete old players that the last login is > than a specific time configured in config. Will be good to make connections to the db more fast. Many players create the account to check the server then nevermore login again. Need to clean it all time =\
 
Last edited:
Thanks for the fix, had never noticed that before..dont know why lol Anyway I can try and work on a system that will delete old players.

Also that beta I released was apparently bugged so you can't make accounts, maybe in a few days i'll have another beta release with more security fixes.
 
Thanks for the info already known massively :p I wont be using POT and a secure release will be out sometime, but for now real life comes first :p
 
And when are you going to release bug-free and secure version? It will be a key date for they who were using your ACC. Even though, You're great! Keep doing :)
 
sircurse said:
@Avarians, I have one more fix, when u delete a player, it just delete the players in table "players", but dont delete his attributes "player_deaths", "player_skills", "player_items", "player_depotitems", "player_viplist", "player_storage" and "player_spells",
Click to expand...
That's why official SVN makes use of triggers :)
As far as I know, TFS does not make use of them for some reason.

Avarian said:
Thanks for the fix, had never noticed that before..dont know why lol Anyway I can try and work on a system that will delete old players.
Click to expand...
If you used Swelia's code as a base, it's a possible reason why. Official SVN uses triggers, and that.


kofel said:
Avarian, please, Use POT! This AAC is dangerous.
Click to expand...
POT is designed for SVN release, and SVN's database uses triggers for many things. So it's not a good base either.
 
Khaos said:
That's why official SVN makes use of triggers :)
As far as I know, TFS does not make use of them for some reason.


If you used Swelia's code as a base, it's a possible reason why. Official SVN uses triggers, and that.



POT is designed for SVN release, and SVN's database uses triggers for many things. So it's not a good base either.
Click to expand...

TFS has used triggers since 0.2.2 I believe (virtually no one used that release because no one could get triggers to import correctly.)

@Kaczooh - Release date unknown, i'm 80% sure I will release a secure release and probably a few updates after it, but right now i'm mainly focusing on a project that i've been putting off for ages that i'm not really going to get into talking about here :p
 
Last edited:
Avarian said:
TFS has used triggers since 0.2.2 I believe (virtually no one used that release because no one could get triggers to import correctly.)
Click to expand...
If TFS has used and is still using triggers (as your sentence suggests) like official SVN does then you do not need to delete other data since that's already managed by triggers.

But by the report given by sircuse, I conclude that is not the case. TFS does not use triggers. (As I'm not a user of TFS I cannot say completely certainly, but evidence points in that direction.)

Nobody could import it? Why, it's easy! I use SQLite and it took a single command line to import the database. I'm pretty sure that similar feat can be achieved with command line version of MySQL client. I heard there are problems with PhpMyAdmin, but that's your problem, people -- you're scared of the command line ;)

The correct solution would be not to remove triggers, but to import the database using TFS.
 
Hello !

I was just wondering, I saw on the first post this :

Added "Send to Temple" to manager. [Avarian]
Click to expand...

Is it possible to disable it in the configs because this feature could kill my server in a way :p
 
I got a problem with this aac....





Someone know how can I fix that? -.-
 
Status
Not open for further replies.

Similar threads

Jpstafe
  • Solved
Erro Rook_Sample created(MYACC)
Replies
2
Views
463
Jpstafe
Jpstafe
Narg
[USA] [Custom / 10.98] NextGen OTServ Season 2 with Attribute Allocation, Custom Map, RPG and Build Versatility, Everyone is welcome!!
2
Replies
32
Views
4K
Narg
Narg
maxumic
  • Locked
[$50] OTC Advanced Guild Module
Replies
13
Views
2K
Niebieski
Niebieski
Nekiro
[CANADA][CUSTOM] Darkrest Online - Lumara
3 4 5
Replies
90
Views
7K
Prawdziwy
Prawdziwy
Mehra
[SWEDEN][13.30] Mehra Tibia | Unique Hazard Feature | Lots of QoL features | 1 year anniversary
Replies
18
Views
2K
Mehra
Mehra
Back
Top