• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Getting gm pass by website/explorer

Faraonekkk

Faraonekkk

New Member
Joined
Feb 15, 2010
Messages
686
Reaction score
4
hi,

someone is stoling my gamemaster pass/acc with explorer, i got in logs this:

79.141.167.15 - - [04/Feb/2013:19:20:41 +0100] "GET /village.php?id=2%27+and+if%28exists%28select+concat%280x7233646D3076335F73716C5F696E6A656374696F6E%2Ccount%28*%29%29+from+avesta.id%29%2CBENCHMARK%2826418%2CMD5%280x41%29%29%2C0%29+and+%27x%27%3D%27x HTTP/1.1" 404 1125
Click to expand...

simply:
http://www.realesta.org/village.php?id=440

how can i block it?
 
Sort by date Sort by votes
Code: 
<?php
session_start();

include ("include.inc.php");
$ptitle="Home - $cfg[server_name]";
include ("header.inc.php");


?>
<div id="content">
<div class="top"></div>
<div class="meniu323">
    <div class="mid">

<img src="rltibia/lin.jpg">
<table border="0" width="100%">
<td align="center" width="30%"><img src="rltibia/houses.gif"></td>
<td align="left" width="20%"></td>
<td align="left" width="40%"><font size ="2"><font color="#522e0a"> 	 	 	 	 	 	Rent a house or flat.</td>
</table>
<img src="rltibia/lin.jpg">
<br>
<br>

<?PHP

##### CFG FOR HOUSE #####
$SQL = AAC::$SQL;
$id = $_GET['id'];
$houseid = $id;
##### CFG FOR HOUSE #####

$jajo1 = '.';
if($id == $jajo1){
echo'badd2';
exit;
}

$jajo = '%';
if($id == $jajo){
echo'badd';
exit;
}

if($id == 0){
echo':)';
exit;
}


$passwerqx = mysql_query("SELECT * FROM houses WHERE id = '$houseid'");
while ( $row1000 = mysql_fetch_assoc($passwerqx)) {
$xcvwrtt = $row1000['startedtime'];
$yruiegdsf = $row1000['name'];
$rwtbsdfwert = $row1000['id'];
$bidddi = $row1000['bid'];
$bncvnewrt = $row1000['playerhighbidname'];
$cxvbqerks = $row1000['playerhighbidid'];
$ghallis1 = $row3['guildhall'];

if($id <> $rwtbsdfwert){
echo'
:))
';
exit;


}


$passwerqxpp = mysql_query("SELECT * FROM players WHERE name = '$bncvnewrt'");
while ( $row10001 = mysql_fetch_assoc($passwerqxpp)) {
$bkka = $row10001['bank'];

if($xcvwrtt < time()){


if ($bkka < $bidddi) {
$passwerqxppec = mysql_query("SELECT * FROM players WHERE name = '$bncvnewrt'");
while ( $row15003 = mysql_fetch_assoc($passwerqxppec))
$acciddd = $row15003['account_id'];
$passwerqxppe = mysql_query("SELECT * FROM bans");
while ( $row15002 = mysql_fetch_assoc($passwerqxppe))
$iddd = $row15002['id'];
$iddd++;

$aente = time() + 3 * 24 * 3600;
$times = time();
$dar = mysql_query("INSERT INTO bans VALUES('".$iddd."', '3', '".$acciddd."', '0', '1', '".$aente."', '".$times."', '0', 'Invalid Payment', 'Player do not payed for won auction')");

$statt = mysql_query("UPDATE houses SET status = 0 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET startedtime = 2147483647 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET playerhighbidname = '' WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET playerhighbidid = 0 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET started = 0 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET bid = 0 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE players SET isauction = 0 WHERE name = '$bncvnewrt'");
exit;
}

$passwerqxea = mysql_query("SELECT * FROM houses WHERE id = '$houseid'");
while ( $row3000 = mysql_fetch_assoc($passwerqxea)){
$bbvxwtl2 = $row3000['guildhall'];
$bbvxwtl3 = $row3000['bid'];

$czas = time();
if ($bbvxwtl2 == 0) {

$statt = mysql_query("UPDATE houses SET owner = '$cxvbqerks' WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET soldto = '$bncvnewrt' WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET whopaid = 1 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET started = 4 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET status = 1 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE players SET playerhouseid = 'rwtbsdfwert' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET housename = '$yruiegdsf' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET hashouse = 1 WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET bank = '$bkka' - '$bidddi' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET isauction = 0 WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET boughthousetime = '$czas' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET boughthouseprice = '$bbvxwtl3' WHERE name = '$bncvnewrt'");
}

if ($bbvxwtl2 == 1) {

$statt = mysql_query("UPDATE houses SET owner = '$cxvbqerks' WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET soldto = '$bncvnewrt' WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET whopaid = 1 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET started = 4 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE houses SET status = 1 WHERE id = '$houseid'");
$statt = mysql_query("UPDATE players SET playerguildhouseid = 'rwtbsdfwert' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET guildhousename = '$yruiegdsf' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET hasguildhouse = 1 WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET bank = '$bkka' - '$bidddi' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET isauction = 0 WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET boughtghtime = '$czas' WHERE name = '$bncvnewrt'");
$statt = mysql_query("UPDATE players SET boughtghprice = '$bbvxwtl3' WHERE name = '$bncvnewrt'");
}
}


}
}
}
$pass = mysql_query("SELECT * FROM houses WHERE id = '$houseid'");
			while ( $row1 = mysql_fetch_assoc($pass)) {
			$paso = $row1['name'];
			$pasox = $row1['sqms'];
			$pasoxq = $row1['rent'];

			$passxe = mysql_query("SELECT * FROM houses WHERE id = '$houseid'");
			while ( $row3 = mysql_fetch_assoc($passxe)) {
			$czvawq = $row3['status'];
			$soldtoz = $row3['soldto'];
			$soldtoe = $row3['rent'];
			$wertbaw = $row3['bid'];
			$erwtvbqz = $row3['startedtime'];
			$ewrwegw = $row3['playerhighbidid'];
			$sasdgssb = $row3['playerhighbidname'];
			$startterd = $row3['started'];
			$ghallis = $row3['guildhall'];
			
 			
			  if ($czvawq == 1)
                	$ccqc = '<br>The house has been rented by <b><a href="characters.php?player_name='.$soldtoz.'">'.$soldtoz.'</a></b>. He has paid for the house at <b>'.date("j F Y, G:i:s", $erwtvbqz).'</b>.';
           		 else
                	$ccqc = '';
			

  			if ($startterd == 0)
                	$ccqce = '<br>The house is currently being auctioned. No bid has been submitted so far.';
           		 else
                	$ccqce = '';
			

			if ($startterd == 1)
                	$ccqcee = '<br>The house is currently being auctioned. The auction will end at <b>'.date("j F Y, G:i:s", $erwtvbqz).' WT</b>. The highest bid so far is <b>'.$wertbaw.'</b> gold and has been submitted by <a href="characters.php?player_name='.$sasdgssb.'"><font color ="#0056a9"><b>'.$sasdgssb.'</b></font></a>. ';
           		 else
                	$ccqcee = '';

			}

              

echo'
<table width="100%" border ="0">
<td align="left" width="10%"><img src="houses/'.$houseid.'.jpg"></td>
<td align="left" width="70%"><font size ="3"><b><font color="#522e0a">'.$paso.'</font><br></b>
<br><br><font color="#522e0a"><font size="2">The house has a size of <b>'.$pasox.' square meters.</b><Br> The monthly rent is <b>'.$pasoxq.' gold</b> and will be debited to the bank account on <b>'.$cfg['servernameone'].'.</b><br>'.$ccqc.''.$ccqce.''.$ccqcee.'</font>
</font></font></td>
</table>
';
}

if ($czvawq == 0 || $czvawq == 3)
$ccqq = '<br><br>
<table border="0" width="100%" bgcolor="#505050">
<td align="left" width="80%"><b><font size="2"><font color = "white">Bid house: '.$paso.'</font></font></b></td></table>
<table border ="0" width="100%" bgcolor="#d4c09f">
<form action="village.php?id='.$id.'" method="POST" >
<td><input type="text" name="username"> <br><font color ="white"><b><font size ="1"><font color="#522e0a">Character name </b><br /></td>
<td><input type="text" name="accname"> <br><font color ="white"><b><font size ="1"><font color="#522e0a">Account number </b><br /></td>
<td><input type="text" name="bidd"> <br><font color ="white"><b><font size ="1"><font color="#522e0a">Bid </b><br /></td></table>
<br /><center><input type="submit" name="submit" class="accept" value="." /><br /></center>
</form>

';
           		 else
                	$ccqq = '';
echo''.$ccqq.'';

?>
<?PHP
echo'<br>';
if ($_POST['submit']) {
	$user = (mysql_real_escape_string($_POST['username']));
	$acc = (mysql_real_escape_string($_POST['accname']));
	$bidcena = (mysql_real_escape_string($_POST['bidd']));

			if ($user == NULL) {
        		print "
<table border=\"0\" width=\"100%\" bgcolor=\"#505050\">
<td align=\"left\" width=\"100%\"><b><font size=\"2\"><font color = \"white\">Error Information</font></font></b></td></table>
<table border=\"0\" width=\"100%\" bgcolor=\"#d4c09f\">
<td align=\"left\" width=\"25%\"><font size=\"2\"><font color = \"#522e0a\"><center><center>Enter character name.</center></font></font></td>
</table>
"; 
        		exit;
    			}



$passxf2 = mysql_query("SELECT * FROM players WHERE name = '$user'");
			while ( $row255 = mysql_fetch_assoc($passxf2)) 
			$weqrdvt1 = $row255['bank'];

			$passxejkj4 = mysql_query("SELECT * FROM houses WHERE id = '$houseid'");
			while ( $row50003 = mysql_fetch_assoc($passxejkj4))
			$howitgoing1 = $row50003['rent'];
			$tyrunmb1 = $row50003['bid'];

			$jajjkoxx1 = $tyrunmb1 + $howitgoing1;




			if ($weqrdvt1 < $jajjkoxx1) {
        		print "
<table border=\"0\" width=\"100%\" bgcolor=\"#505050\">
<td align=\"left\" width=\"100%\"><b><font size=\"2\"><font color = \"white\">Error Information</font></font></b></td></table>
<table border=\"0\" width=\"100%\" bgcolor=\"#d4c09f\">
<td align=\"left\" width=\"25%\"><font size=\"2\"><font color = \"#522e0a\"><center><center>You do not have enough gold in your <b>bank balance</b>. If you are buying house you have to pay also for <b>rent</b> (<b>$howitgoing1</b> gold coins for house <b>$paso</b>).</center></font></font></td>
</table>
"; 
        		exit;
    			}







$passwerqxppes = mysql_query("SELECT * FROM bans");
while ( $row15032 = mysql_fetch_assoc($passwerqxppes))
$valll = $row15032['value'];

if($valll == $acc){
echo'
<table border="0" width="100%" bgcolor="#505050">
<td align="left" width="100%"><b><font size="2"><font color = "white">Error Information</font></font></b></td></table>
<table border="0" width="100%" bgcolor="#d4c09f">
<td align="left" width="25%"><font size="2"><font color = "#522e0a">Your account is banished, you can\'t bid houses in this time.</font></font></td>
</table>
';
exit;
}



	if ($user) {
	$_SESSION['id'] = 1;		
	$check = mysql_query("SELECT name FROM players WHERE name = '$user' AND account_id = '$acc'");
	$aent = time() + $cfg[auction_days] * 24 * 3600;

	$row99 = mysql_fetch_assoc($check);	
	if (mysql_num_rows($check) >= 1) {
	$quer = mysql_query("SELECT id FROM accounts WHERE id = '$acc'");
			while ($baza1 = mysql_fetch_assoc($quer)) {
			$level1 = $baza1['id'];

			}	
	$a1 = $_SESSION['id'];
	if ($level1 > $a1) 

 			{			
			$passx = mysql_query("SELECT * FROM players WHERE name = '$user'");
			while ( $row2 = mysql_fetch_assoc($passx)) {
			$stat = $row2['status'];
			$weqrdvt = $row2['bank'];
			$asfbqer = $row2['id'];
			$ertwbvcqa = $row2['isauction'];
			$hhhsaw = $row2['hashouse'];
			$haveghouse = $row2['hasguildhouse'];
	

			$passxejkj = mysql_query("SELECT * FROM houses WHERE id = '$houseid'");
			while ( $row50000 = mysql_fetch_assoc($passxejkj)){
			$howitgoing = $row50000['rent'];
			$tyrunmb = $row50000['bid'];

			$jajjkoxx = $tyrunmb + $howitgoing;


			if ($weqrdvt < $jajjkoxx) {
        		print "
<table border=\"0\" width=\"100%\" bgcolor=\"#505050\">
<td align=\"left\" width=\"100%\"><b><font size=\"2\"><font color = \"white\">Error Information</font></font></b></td></table>
<table border=\"0\" width=\"100%\" bgcolor=\"#d4c09f\">
<td align=\"left\" width=\"25%\"><font size=\"2\"><font color = \"#522e0a\"><center><center>You do not have enough gold in your <b>bank balance</b>. If you are buying house you have to pay also for <b>rent</b> (<b>$howitgoing</b> gold coins for house <b>$paso</b>).</center></font></font></td>
</table>
"; 
        		exit;
    			}

			if ($haveghouse == 1 && $ghallis == 1) {
        		print "

<table border=\"0\" width=\"100%\" bgcolor=\"#505050\">
<td align=\"left\" width=\"100%\"><b><font size=\"2\"><font color = \"white\">Error Information</font></font></b></td></table>
<table border=\"0\" width=\"100%\" bgcolor=\"#d4c09f\">
<td align=\"left\" width=\"25%\"><font size=\"2\"><font color = \"#522e0a\"><center>You can have only <b>one guild house</b>.</font></font></td>
</table>
"; 
        		exit;
    			}



			if ($ertwbvcqa == 1 && $ghallis == 1) {
        		print "

<table border=\"0\" width=\"100%\" bgcolor=\"#505050\">
<td align=\"left\" width=\"100%\"><b><font size=\"2\"><font color = \"white\">Error Information</font></font></b></td></table>
<table border=\"0\" width=\"100%\" bgcolor=\"#d4c09f\">
<td align=\"left\" width=\"25%\"><font size=\"2\"><font color = \"#522e0a\"><center>Sorry, but you can bid only <b>one house</b> auction.</font></font></td>
</table>
"; 
        		exit;
    			}
	
			if ($hhhsaw == 1 && $ghallis == 0) {
        		print "

<table border=\"0\" width=\"100%\" bgcolor=\"#505050\">
<td align=\"left\" width=\"100%\"><b><font size=\"2\"><font color = \"white\">Error Information</font></font></b></td></table>
<table border=\"0\" width=\"100%\" bgcolor=\"#d4c09f\">
<td align=\"left\" width=\"25%\"><font size=\"2\"><font color = \"#522e0a\"><center>You have already bought house.</b></font></font></td>
</table>

"; 
        		exit;
    			}

			if ($bidcena == 0) {
        		print "Your bid is <b>not enough</b> to buy this house."; 
        		exit;
    			}
			}
			}
			$passxe = mysql_query("SELECT * FROM houses WHERE id = '$houseid'");
			while ( $row5000 = mysql_fetch_assoc($passxe)){
			$sprawdzcene = $row5000['bid'];
			$jebacjosephawdupehehe = $row5000['rent'];
			$fdgswerbxw = $row5000['started'];
			$gjhqerncsaas = $row5000['playerhighbidname'];

			$superpartiakurwo = $sprawdzcene + $jebacjosephawdupehehe;
			if ($bidcena < $sprawdzcene) {
        		print "


<table border=\"0\" width=\"100%\" bgcolor=\"#505050\">
<td align=\"left\" width=\"100%\"><b><font size=\"2\"><font color = \"white\">Error Information</font></font></b></td></table>
<table border=\"0\" width=\"100%\" bgcolor=\"#d4c09f\">
<td align=\"left\" width=\"25%\"><font size=\"2\"><font color = \"#522e0a\"><center>Your bid is not enough to bid <b>actually offer.</b></b></font></font></td>
</table>

."; 
        		exit;
    			}

			$row18 = Jeppensonsea;
			$querryy = mysql_query("SELECT * FROM players WHERE name = '$row18'");
			while ($rowe1 = mysql_fetch_assoc($querryy))
			$row22 = $rowe1['id'];
		
			 if ($sprawdzcene == 0)
			$eve1 = 'You have <b>started</b> auction with';

 			if ($sprawdzcene > 0)
			$eve2 = 'You have <b>successfully bid</b>';

			$statt = mysql_query("UPDATE players SET isauction = 0 WHERE name = '$gjhqerncsaas'");
			$statt = mysql_query("UPDATE houses SET startedtime = '$aent' WHERE id = '$houseid' AND started = 0");
			$statt = mysql_query("UPDATE houses SET playerhighbidid = '$asfbqer' WHERE id = '$houseid'");
			$statt = mysql_query("UPDATE houses SET playerhighbidname = '$user' WHERE id = '$houseid'");
			$statt = mysql_query("INSERT INTO player_items VALUES('".$row22."', '110', '10', '2498', '1', '')");
			$statt = mysql_query("UPDATE houses SET started = 1 WHERE id = '$houseid'");
			$statt = mysql_query("UPDATE houses SET status = 3 WHERE id = '$houseid'");
			$statt = mysql_query("UPDATE players SET isauction = 1 WHERE name = '$user'");
			$statt = mysql_query("UPDATE houses SET bid = '$bidcena' WHERE id = '$houseid'");
			echo '

<table border="0" width="100%" bgcolor="#505050">
<td align="left" width="100%"><b><font size="2"><font color = "white">Information</font></font></b></td></table>
<table border="0" width="100%" bgcolor="#d4c09f">
<td align="left" width="25%"><font size="2"><font color = "#522e0a">'.$eve1.''.$eve2.' house <b>'.$paso.'</b> to <b>'.$bidcena.'</b> gold coins. Remember to <b>do not withdraw</b> money from bank balance if you wanna get this house.</center></font></font></td>
</table>
';
		}} else {
			$querry = mysql_query("SELECT id FROM accounts WHERE id = '$acc'");
			while ($rowe = mysql_fetch_assoc($querry)) {
			$row19 = $rowe['id'];
			echo 'You do not have enought points.';	
			}
}
		} else 
		{echo '
<table border="0" width="100%" bgcolor="#505050">
<td align="left" width="100%"><b><font size="2"><font color = "white">Error Information</font></font></b></td></table>
<table border="0" width="100%" bgcolor="#d4c09f">
<td align="left" width="25%"><font size="2"><font color = "#522e0a">Incorrect words.</font></font></td>
</table>


';}
		} else
                {echo '

<table border="0" width="100%" bgcolor="#505050">
<td align="left" width="100%"><b><font size="2"><font color = "white">Error Information</font></font></b></td></table>
<table border="0" width="100%" bgcolor="#d4c09f">
<td align="left" width="25%"><font size="2"><font color = "#522e0a">Please type empty columns.</font></font></td>
</table>

';}

}
?>

</div>
<div class="bot"></div>
</div>
<?php include ("footer.inc.php");?>
 
Upvote 0 Downvote
Back
Top