• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Znote AAC 1.4 - [TFS 0.2.13+] & [TFS 0.3.6+/0.4]

HalfAway said:
You need phpcURL enabled.
Check the database table incase you have any errors.
Click to expand...
it does not show anything in the shops or znote_paypal on the database? its like it wont add it to the database, but everything else works
 
For some reason, I can log in on the website, create accounts and characters.. but not use them when logging into the server.
It only says "incorrect password", and when I check the SQL database, i can see this password for my account "c749807f3057e821bc85416c3b210a570c7a7954"...
 
When i try to install the znote sql functionality into my phpmyadmin, everything seems to work fine, and i can go onto znote but from there i cant do anything, all of the links are broken
 
When someone tries to create a new account, this error message appears:

string(118) "INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('13', '', '1429436440', '867312622')"
(query - SQL error)
Type: voidQuery (voidQuery is used for update, insert or delete from database)

Unknown column 'activekey' in 'field list'


Their account is still created, but a znote_account is not created for them in the database. Any suggestions? I'm pretty new to this.. Thanks!
 
Blaggo said:
When someone tries to create a new account, this error message appears:

string(118) "INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('13', '', '1429436440', '867312622')"
(query - SQL error)
Type: voidQuery (voidQuery is used for update, insert or delete from database)

Unknown column 'activekey' in 'field list'


Their account is still created, but a znote_account is not created for them in the database. Any suggestions? I'm pretty new to this.. Thanks!
Click to expand...



I found a solution for this in case anyone else runs into the problem....

ALTER TABLE `znote_accounts` ADD `activekey` int(11) NOT NULL;
Click to expand...

(Courtesy of "Limos" in another thread.)
 
In admin.php there does exist a security vulnerability:
PHP: 
$errors[] = 'Character '. $_POST['del_name'] .' permanently deleted.';
$errors[] = 'Character '. $_POST['del_name'] .' permanently deleted.';

A cross site scripting attack is possible if $errors is output in a HTML context, so that $_POST that is user-configurable is output.
 
Damon said:
In admin.php there does exist a security vulnerability:
PHP: 
$errors[] = 'Character '. $_POST['del_name'] .' permanently deleted.';
$errors[] = 'Character '. $_POST['del_name'] .' permanently deleted.';

A cross site scripting attack is possible if $errors is output in a HTML context, so that $_POST that is user-configurable is output.
Click to expand...

It would be a big issue if the post variable was sent to a database. It is not. Anyway lets forget that and consider this a critical thing:
https://github.com/Znote/ZnoteAAC/blob/master/admin.php#L3
In order to exploit that, you need to get access to admin.php, which means you need to be an admin.
So if the admin really wants, he can exploit it on himself or on other admins to create a funny error message.

Perhaps if the admin is really stupid, one of his users may trick him to click a link that has an iframe in it controlled by javascript ajax, if you have cross origin globally enabled, they may give you a funny message in your admin panel.

But rest assured, I will make sure to patch it up. In the end it is sloppy work by me.
 
Last edited:
Znote said:
It would be a big issue if the post variable was sent to a database. It is not. Anyway lets forget that and consider this a critical thing:
https://github.com/Znote/ZnoteAAC/blob/master/admin.php#L3
In order to exploit that, you need to get access to admin.php, which means you need to be an admin.
So if the admin really wants, he can exploit it on himself or on other admins to create a funny error message.

Perhaps if the admin is really stupid, one of his users may trick him to click a link that has an iframe in it controlled by javascript ajax, if you have cross origin globally enabled, they may give you a funny message in your admin panel.

But rest assured, I will make sure to patch it up. In the end it is sloppy work by me.
Click to expand...
Hey there Znote and thanks for the reply^^ A friend of mine just mentioned this security risk and I thought Id better pass it on in case it is something crucial.

Kind regards,
Damon
 
Damon said:
Hey there Znote and thanks for the reply^^ A friend of mine just mentioned this security risk and I thought Id better pass it on in case it is something crucial.

Kind regards,
Damon
Click to expand...
Thanks. Feel free to pull the latest version of admin.php now, I have patched it up. :) the getValue() function is basically a swiss army knife to sanitize user input data.
Thumb rule:
If some code is using GET or POST, be in doubt. If in doubt, use getValue function. And your good to go.
 
Last edited:
i dont get it work :/ i think i get some misstake :( i use theforgottenserver-v0.2.15-win64gui whit this website creator but the website dosn`t work onley get this message :/

Failed to connect to MySQL: (1045) Access denied for user 'otserv'@'localhost' (using password: YES)
Install:


  1. Make sure you have imported TFS database. (OTdir/forgottenserver.sql OR OTdir/schemas/mysql.sql)
  2. Import the below schema to a TFS database in phpmyadmin:
  3. Edit config.php with correct mysql connection details.
    CREATE TABLE IF NOT EXISTS `znote` (
    `id` int(10) NOT NULL AUTO_INCREMENT,
    `version` varchar(30) NOT NULL COMMENT 'Znote AAC version',
    `installed` int(10) NOT NULL,
    `cached` int(11) DEFAULT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

    INSERT INTO `znote` (`version`, `installed`) VALUES
    ('1.5_SVN', '1432312113');

    CREATE TABLE IF NOT EXISTS `znote_accounts` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `account_id` int(11) NOT NULL,
    `ip` int(10) NOT NULL,
    `created` int(10) NOT NULL,
    `points` int(10) DEFAULT 0,
    `cooldown` int(10) DEFAULT 0,
    `active` tinyint(4) NOT NULL DEFAULT '0',
    `activekey` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

    INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES
    ('1', '0', '1432312113');

    CREATE TABLE IF NOT EXISTS `znote_news` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `title` varchar(30) NOT NULL,
    `text` text NOT NULL,
    `date` int(11) NOT NULL,
    `pid` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_images` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `title` varchar(30) NOT NULL,
    `desc` text NOT NULL,
    `date` int(11) NOT NULL,
    `status` int(11) NOT NULL,
    `image` varchar(30) NOT NULL,
    `account_id` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_paypal` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `txn_id` varchar(30) NOT NULL,
    `email` varchar(255) NOT NULL,
    `accid` int(11) NOT NULL,
    `price` int(11) NOT NULL,
    `points` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_paygol` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `account_id` int(11) NOT NULL,
    `price` int(11) NOT NULL,
    `points` int(11) NOT NULL,
    `message_id` varchar(255) NOT NULL,
    `service_id` varchar(255) NOT NULL,
    `shortcode` varchar(255) NOT NULL,
    `keyword` varchar(255) NOT NULL,
    `message` varchar(255) NOT NULL,
    `sender` varchar(255) NOT NULL,
    `operator` varchar(255) NOT NULL,
    `country` varchar(255) NOT NULL,
    `currency` varchar(255) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_players` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `player_id` int(11) NOT NULL,
    `created` int(11) NOT NULL,
    `hide_char` tinyint(4) NOT NULL,
    `comment` varchar(255) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    INSERT INTO `znote_players` (`player_id`, `created`, `hide_char`, `comment`) VALUES
    ('1', '1432312113', '0', '. . .');

    CREATE TABLE IF NOT EXISTS `znote_player_reports` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `name` varchar(50) NOT NULL,
    `posx` int(6) NOT NULL,
    `posy` int(6) NOT NULL,
    `posz` int(6) NOT NULL,
    `report_description` VARCHAR(255) NOT NULL,
    `date` INT(11) NOT NULL,
    `status` TINYINT(3) NOT NULL DEFAULT '0',
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_changelog` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `text` VARCHAR(255) NOT NULL,
    `time` INT(11) NOT NULL,
    `report_id` INT(11) NOT NULL,
    `status` TINYINT(3) NOT NULL DEFAULT '0',
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_shop` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `type` int(11) NOT NULL,
    `itemid` int(11) DEFAULT NULL,
    `count` int(11) NOT NULL DEFAULT '1',
    `description` varchar(255) NOT NULL,
    `points` int(11) NOT NULL DEFAULT '10',
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_shop_logs` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `account_id` int(11) NOT NULL,
    `player_id` int(11) NOT NULL,
    `type` int(11) NOT NULL,
    `itemid` int(11) NOT NULL,
    `count` int(11) NOT NULL,
    `points` int(11) NOT NULL,
    `time` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_shop_orders` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `account_id` int(11) NOT NULL,
    `type` int(11) NOT NULL,
    `itemid` int(11) NOT NULL,
    `count` int(11) NOT NULL,
    `time` int(11) NOT NULL DEFAULT '0',
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_visitors` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `ip` int(11) NOT NULL,
    `value` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_visitors_details` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `ip` int(11) NOT NULL,
    `time` int(11) NOT NULL,
    `type` tinyint(4) NOT NULL,
    `account_id` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_forum` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `name` varchar(50) NOT NULL,
    `access` tinyint(4) NOT NULL,
    `closed` tinyint(4) NOT NULL,
    `hidden` tinyint(4) NOT NULL,
    `guild_id` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    INSERT INTO `znote_forum` (`name`, `access`, `closed`, `hidden`, `guild_id`) VALUES
    ('Staff Board', '4', '0', '0', '0'),
    ('Tutors Board', '2', '0', '0', '0'),
    ('Discussion', '1', '0', '0', '0'),
    ('Feedback', '1', '0', '1', '0');

    CREATE TABLE IF NOT EXISTS `znote_forum_threads` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `forum_id` int(11) NOT NULL,
    `player_id` int(11) NOT NULL,
    `player_name` varchar(50) NOT NULL,
    `title` varchar(50) NOT NULL,
    `text` text NOT NULL,
    `created` int(11) NOT NULL,
    `updated` int(11) NOT NULL,
    `sticky` tinyint(4) NOT NULL,
    `hidden` tinyint(4) NOT NULL,
    `closed` tinyint(4) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_forum_posts` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `thread_id` int(11) NOT NULL,
    `player_id` int(11) NOT NULL,
    `player_name` varchar(50) NOT NULL,
    `text` text NOT NULL,
    `created` int(11) NOT NULL,
    `updated` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_deleted_characters` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `original_account_id` int(11) NOT NULL,
    `character_name` varchar(255) NOT NULL,
    `time` datetime NOT NULL,
    `done` tinyint(1) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_guild_wars` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `limit` int(11) NOT NULL DEFAULT '0',
    PRIMARY KEY (`id`),
    FOREIGN KEY (`id`) REFERENCES `guild_wars` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
    ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_tickets` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `owner` int(11) NOT NULL,
    `username` varchar(32) CHARACTER SET latin1 NOT NULL,
    `subject` text CHARACTER SET latin1 NOT NULL,
    `message` text CHARACTER SET latin1 NOT NULL,
    `ip` int(11) NOT NULL,
    `creation` int(11) NOT NULL,
    `status` varchar(20) CHARACTER SET latin1 NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

    CREATE TABLE IF NOT EXISTS `znote_tickets_replies` (
    `id` int(11) NOT NULL AUTO_INCREMENT,
    `tid` int(11) NOT NULL,
    `username` varchar(32) CHARACTER SET latin1 NOT NULL,
    `message` text CHARACTER SET latin1 NOT NULL,
    `created` int(11) NOT NULL,
    PRIMARY KEY (`id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
  4. Edit config.php with correct mysql connection details.
 
When i go to my website this is shown in the middle. How can i get rid of it?

Done Queries
Print: - Array
(
[0] => [0.0224] SELECT `name`, `level`, `experience` FROM `players` WHERE `group_id` < 2 ORDER BY `experience` DESC LIMIT 5;
[1] => [0.024] SELECT COUNT(`id`) AS `count` from `players` WHERE `online` = 1;
[2] => [0.0244] SELECT COUNT(`id`) AS `id` from `accounts`;
[3] => [0.025] SELECT `n`.`id`, `n`.`title`, `n`.`text`, `n`.`date`, `p`.`name` FROM `znote_news` AS `n` INNER JOIN `players` AS `p` ON `n`.`p

Sorry for double post. But whenever i click home the error changes. You can check out nadestry.sytes.net is my website name.
 
Last edited by a moderator:
Fatal error: Cannot redeclare mysql_znote_escape_string() (previously declared in C:\xampp\htdocs\TibiaWebsite\engine\database\connect.php:263) inC:\xampp\htdocs\TibiaWebsite\engine\database\connect.php on line 266
 
Is this compatible with tfs 1.1? Because I can't get out of this place.
332z7ye.jpg
 

Similar threads

Joriku
[ZNOTE ACC] Change login method from Username to Email address
Replies
0
Views
514
Joriku
Joriku
alelu541
  • Question
AAC AAC not connecting with my SQL
Replies
1
Views
322
slaw
slaw
elnelson
  • Question
Linux Znote AAC 1.6 not creating account nor character (no info given by website)
Replies
2
Views
498
tomaszek123
tomaszek123
Back
Top