• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[Gesior ACC] Help fast lost account hack!

Natan Beckman

Natan Beckman

Well-Known Member
Joined
Aug 1, 2010
Messages
548
Reaction score
52
Location
Teresina-PI/Br
I do not know how else has a guy getting picks the passwords for a bug in lost account ...
He has no access to my db.
I use sha1.
I know he asks for a password and going to email the owner and for his mail.

Lost Account.php

I need one solution please!
 
Sort by date Sort by votes
This is why I've written a shorter and a more simple version for myself, altough it doesn't use emails but only recovery keys.
 
Upvote 0 Downvote
Code: 
<?PHP
function box($a, $b, $_POST=array()) {
$s='
<div class="TableContainer">
	<table class="Table5" cellpadding="0" cellspacing="0">
		<tr>
			<div class="CaptionContainer">
				<div class="CaptionInnerContainer">
					<span class="CaptionEdgeLeftTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif)"></span>
					<span class="CaptionEdgeRightTop" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif)"></span>
					<span class="CaptionBorderTop" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif)">
					</span><span class="CaptionVerticalLeft" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif)"></span>
					<div class="Text">'.$a.'</div>
						<span class="CaptionVerticalRight" style="background-image:url('.$layout_name.'/images/content/box-frame-vertical.gif)"></span>
						<span class="CaptionBorderBottom" style="background-image:url('.$layout_name.'/images/content/table-headline-border.gif)"></span>
						<span class="CaptionEdgeLeftBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif)"></span>
						<span class="CaptionEdgeRightBottom" style="background-image:url('.$layout_name.'/images/content/box-frame-edge.gif)"></span>
				</div>
			</div>
		</tr>
		<tr>
			<td>
				<div class="InnerTableContainer">
					<table style="width:100%">
						<tr style="height:22px">
							<td align="left" valign="top">'.$b.'</td>
						</tr>
					</table>
				</div>
			</td>
		</tr>
	</table>
</div><br/>
<center>
	<table border="0" cellpadding="0" cellspacing="0">';
if($_POST == 1)
$s.='		<form action="?subtopic=accountmanagement" method="post">
			<tr>
				<td>
					<input type="image" name="Login" alt="Login" src="'.$layout_name.'/images/buttons/sbutton_login.gif"/>';
else {
$s.='		<form action="?subtopic=lostaccount" method="post">
		<tr>
			<td>';
	$s.=(isset($_POST['step']) && in_array($_POST['step'], array('problem','password','name','sendconfirmation')) ? '
<input type="hidden" name="step" value="'.$_POST['step'].'"/>' : '');
	foreach(array('character', 'accountname', 'password','recovery','newpass') as $k) {
		$s.=(isset($_POST[$k]) ? '
<input type="hidden" name="'.$k.'" value="'.htmlspecialchars($_POST[$k]).'"/>' : '');
	}
	$s.='					<input type="image" name="Back" alt="Back" src="'.$layout_name.'/images/buttons/sbutton_back.gif"/>';
}$s.='				</td>
			</tr>
		</form>
	</table>
</center>';
return $s;
}
$step=$_POST['step'];
if($step == 'problem'){
	$name=stripslashes(trim(urldecode($_POST['character'])));
	if(empty($name) || strlen($name) < 3 || strlen($name) > 25 || strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ") != strlen($name)) {
		$main_content .= box('Error', 'Please enter the name of a character on the lost account. If your account does not contain any characters, please create a new account.');
		return;
	}

	$p=$SQL->query('SELECT id FROM players WHERE name=\''.$name.'\' LIMIT 1')->fetch();
	if(!$p || !$p['id']) {
		$main_content .= box('Error', 'Character <b>'.$name.'</b> does not exist. Please make sure to enter the character name correctly. Note that characters are deleted automatically if they have not been used for a long time.');
		return;
	}

$main_content .= 'The Lost Account Interface can help you to solve all problems listed below. Please select your problem and click on "Submit".<br/><br/>

<form action="?subtopic=lostaccount" method="post">
<input type="hidden" name="character" value="'.$name.'"/>
<table cellspacing="1" cellpadding="4" border="0" width="100%">
<tr><td bgcolor="'.$config['site']['vdarkborder'].'" class="white"><b>Specify Your Problem</b></td></tr>
<tr><td bgcolor="'.$config['site']['darkborder'].'">
<input type=radio name="step" value="password"/> I have forgotten my password.<br/>
<input type=radio name="step" value="name"/> I have forgotten my account name.<br/>
</td></tr>
</table>
<br/>
<center><input type="image" name="Submit" alt="Submit" src="'.$layout_name.'/images/buttons/sbutton_submit.gif"/>
</form></center>';
}
elseif($step == 'password') {
	$name=stripslashes(trim(urldecode($_POST['character'])));
	if(empty($name) || strlen($name) < 3 || strlen($name) > 25 || strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ") != strlen($name)) {
		$main_content .= box('Error', 'Please enter the name of a character on the lost account. If your account does not contain any characters, please create a new account.');
		return;
	}

	$p=$SQL->query('SELECT id FROM players WHERE name=\''.$name.'\' LIMIT 1')->fetch();
	if(!$p || !$p['id']) {
		$main_content .= box('Error', 'Character <b>'.htmlspecialchars($name).'</b> does not exist. Please make sure to enter the character name correctly. Note that characters are deleted automatically if they have not been used for a long time.');
		return;
	}

$main_content.='<form action="?subtopic=lostaccount" method="post">
<input type="hidden" name="character" value="'.htmlspecialchars($name).'"/>
<input type="hidden" name="step" value="sendconfirmation"/>
<table cellspacing="1" cellpadding="3" border="0" width="100%">
<tr><td bgcolor="'.$config['site']['vdarkborder'].'" class="white"><b>Request New Password</b></td></tr>
<tr><td bgcolor="'.$config['site']['lightborder'].'">
<table style="border: 1px solid '.$config['site']['darkborder'].'" cellpadding="4" cellspacing="2" width="100%">
	<tr bgcolor="'.$config['site']['darkborder'].'">
		<td width="23%">Account Name:</td>
		<td><input type="password" name="accountname" value="'.htmlspecialchars($_POST['accountname']).'"/></td>
	</tr>

	<tr bgcolor="'.$config['site']['lightborder'].'">
		<td width="23%">Recovery key:</td>
		<td><input name="recovery" value="'.htmlspecialchars($_POST['recovery']).'" maxlength="10"/></td>
	</tr>
	<tr bgcolor="'.$config['site']['darkborder'].'">
		<td width="23%">New Password:</td>
		<td><input type="password" name="newpass" value="'.htmlspecialchars($_POST['newpass']).'"/></td>
	</tr>
		</table><br/>
	<table align="center"><tr><td><input type="image" name="Submit" alt="Submit" src="'.$layout_name.'/images/buttons/sbutton_submit.gif"/></td></tr></table>
</td></tr>
</table></form>
';
}
elseif($step == 'sendconfirmation') {
	$name=stripslashes(trim(urldecode($_POST['character'])));
	if(empty($name) || strlen($name) < 3 || strlen($name) > 25 || strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ") != strlen($name)) {
		$main_content .= box('Error', 'Please enter the name of a character on the lost account. If your account does not contain any characters, please create a new account.');
		return;
	}

	if(!isset($_POST['accountname']) && !isset($_POST['password'])) {
		header('Location: ?subtopic=lostaccount');
		exit();
	}

	$p=$SQL->query('SELECT players.id,accounts.name,accounts.id as `acc`'.(isset($_POST['password']) ? ',accounts.password' : '').',`accounts`.`key` FROM players,accounts WHERE players.name=\''.$name.'\' AND players.account_id = accounts.id LIMIT 1')->fetch();
	if(!$p || !$p['id']) {
		$main_content .= box('Error', 'Character <b>'.htmlspecialchars($name).'</b> does not exist. Please make sure to enter the character name correctly. Note that characters are deleted automatically if they have not been used for a long time.');
		return;
	}

	if(isset($_POST['accountname'])) {
		$k=strtoupper($_POST['accountname']);
		$v=array('step'=>'password','character'=>$name,'accountname'=>$_POST['accountname'],'recovery'=>$_POST['recovery'],'newpass'=>$_POST['newpass']);
		if(empty($k) || strlen($k) > 25 || !check_account_name($k)){
			$main_content .= box('Error', 'Please enter a valid account name.', $v);
			return;}

		$i=strtoupper(trim($_POST['recovery']));
		if(empty($i) || strlen($i) != 10 || strlen($i) != strspn($i, "QWERTYUIOPASDFGHJKLZXCVBNM0123456789")){
			$main_content .= box('Error', 'Please enter a valid recovery key.', $v);
			return;}

		$c=$_POST['newpass'];
		if(empty($c) || strlen($c) < 4 || strlen($c) > 29 || strspn("$c", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890") != strlen($c)){
			$main_content .= box('Error', 'Please enter a valid password.', $v);
			return;
		}

		if($p['name'] != $k || $p['key'] != $i || $SQL->query('UPDATE accounts SET password=\''.password_ency($c).'\' WHERE id='.$p['acc'].' AND `key`=\''.$i.'\'  LIMIT 1')->rowCount() == 0){
			$main_content .= box('Error', 'Incorrect account name or recovery key, or new password is same as current.', $v);
			return;}

		$main_content .= box('Recovery Successful', 'Your password has been succesfully updated.', 1);
		return;
	}
	$k=$_POST['password'];
	if(isset($k)) {
		$v=array('step'=>'name','character'=>$name,'password'=>$_POST['password'],'recovery'=>$_POST['recovery']);
		if(empty($k) || !check_password($k)){
			$main_content .= box('Error', 'Please enter a valid password.', $v);
			return;}

		$i=strtoupper(trim($_POST['recovery']));
		if(empty($i) || strlen($i) != 10 || strlen($i) != strspn($i, "QWERTYUIOPASDFGHJKLZXCVBNM0123456789")){
			$main_content .= box('Error', 'Please enter a valid recovery key.', $v);
			return;}

		if($p['password'] != password_ency($k) || $p['key'] != $i){
			$main_content .= box('Error', 'Incorrect password or recovery key.', $v);
			return;}

		$main_content .= box('Recovery Successful', 'You have successfully recovered your account name.<br/><br/><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr><td width="13%"><b>Account Name:</b></td><td><input type="text" readonly="readonly" size="'.(strlen($p['name'])-1).'" onclick="this.select()" value="'.$p['name'].'"/></td></tr></table>', 1);
		return;
	}
}
elseif($step == 'name') {
	$name=stripslashes(trim(urldecode($_POST['character'])));
	if(empty($name) || strlen($name) < 3 || strlen($name) > 25 || strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ") != strlen($name)) {
		$main_content .= box('Error', 'Please enter the name of a character on the lost account. If your account does not contain any characters, please create a new account.');
		return;
	}

	$p=$SQL->query('SELECT id FROM players WHERE name=\''.$name.'\' LIMIT 1')->fetch();
	if(!$p || !$p['id']) {
		$main_content .= box('Error', 'Character <b>'.htmlspecialchars($name).'</b> does not exist. Please make sure to enter the character name correctly. Note that characters are deleted automatically if they have not been used for a long time.');
		return;
	}

$main_content.='<form action="?subtopic=lostaccount" method="post">
<input type="hidden" name="character" value="'.htmlspecialchars($name).'"/>
<input type="hidden" name="step" value="sendconfirmation"/>
<table cellspacing="1" cellpadding="3" border="0" width="100%">
<tr><td bgcolor="'.$config['site']['vdarkborder'].'" class="white"><b>Request Account Name</b></td></tr>
<tr><td bgcolor="'.$config['site']['lightborder'].'">
<table style="border: 1px solid '.$config['site']['darkborder'].'" cellpadding="4" cellspacing="2" width="100%">
	<tr bgcolor="'.$config['site']['darkborder'].'">
		<td width="23%">Password:</td>
		<td><input type="password" name="password" value="'.htmlspecialchars($_POST['password']).'"/></td>
	</tr>

	<tr bgcolor="'.$config['site']['lightborder'].'">
		<td width="23%">Recovery key:</td>
		<td><input name="recovery" value="'.htmlspecialchars($_POST['recovery']).'" maxlength="10"/></td>
	</tr>

	</table><br/>
	<table align="center"><tr><td><input type="image" name="Submit" alt="Submit" src="'.$layout_name.'/images/buttons/sbutton_submit.gif"/></td></tr></table>
</td></tr>
</table></form>
';
}
else {
	$name=stripslashes(trim(urldecode($_POST['character'])));
	if(!empty($name) && strlen($name) > 2 && strlen($name) < 26 && strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ") == strlen($name)) {
		$main_content .= box('Error', 'Please specify your problem.', array('step'=>'problem','character'=>$name));
		return;
	}
	$main_content .= '<table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td>
	<b>Welcome to the Lost Account Interface!</b><br/><br/>

	If you have lost access to your account, this interface can help you. Of course, you need to prove that your claim to the account is justified. Enter the requested data and follow the instructions carefully. Please understand there is no way to get access to your lost account if the interface cannot help you.<br/><br/>

	By using the Lost Account Interface you can
	<ul><li>get a new password if you have lost the current password,</li>
	<li>receive your account name if you do not know it anymore.</li></ul>
	As a first step to use the Lost Account Interface please enter the name of a character on the lost account and click on "Submit".<br/><br/>
	</td></tr></table>
	<form action="?subtopic=lostaccount" method="post">
		<input type="hidden" name="step" value="problem"/>
		<table cellspacing="1" cellpadding="4" border="0" width="98%" align="center">
			<tr><td bgcolor="'.$config['site']['vdarkborder'].'" class="white"><b>Enter Character Name</b></td></tr>
			<tr><td bgcolor="'.$config['site']['darkborder'].'">Character name: <input name="character" size="30" maxlength="25"/></td></tr>
		</table><br/>
		<table cellspacing="0" cellpadding="0" border="0" width="100%">
			<tr>
				<td align="center">
					<input type="image" name="Submit" alt="Submit" src="'.$layout_name.'/images/buttons/sbutton_submit.gif"/>
				</td>
			</tr>
		</table>
	</form>';
}
?>
 
Last edited:
Upvote 0 Downvote
Great Cyko.. only one detail about those players who have a code name ' >> example: Cykotita'n this name no is correct for script and can't proceed
 
Upvote 0 Downvote
Well, I didn't allow those symbols in names, but you could try replacing all instances of:
PHP: 
strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ")
with:
PHP: 
strspn("$name", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM '")
 
Upvote 0 Downvote

Similar threads

Sebastian Ching
  • Solved
block access to site to x account? gesior acc
Replies
6
Views
253
Sebastian Ching
Sebastian Ching
Izaack
  • Solved
Linux HTTP ERROR 500 WHILE DISPLAYING CHARACTER ON WEBPAGE GESIOR ACC 2012
Replies
5
Views
477
Izaack
Izaack
Shoorkill
  • Question
AAC gesior creates an account, but when selecting a character in the game he receives an account error or wrong password.
Replies
2
Views
280
Shoorkill
Shoorkill
Duzo
  • Solved
Zone ACC Version 1.5 Can't Register Account. TFS 1.0
Replies
6
Views
808
kibo433
K
Back
Top