1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
// TMW2 Script
// Author:
// Jesusalva
function script UserCtrlPanel {
do
{
clear;
setnpcdialogtitle l("User Control Panel");
mes l("This menu gives you some options which affect your account.");
mes l("In some cases, your pincode will be required.");
mes "";
mes l("What do you want to access?");
next;
select
l("Rules"),
l("Game News"),
l("Account Information"),
l("Change Language"),
rif(is_admin() && $@GM_OVERRIDE, l("LoF Merge")),
l("Quit");
switch (@menu)
{
case 1: GameRules; break;
case 2: GameNews; break;
case 3:
if (!validatepin())
break;
if (!@lgc) {
query_sql("SELECT email,logincount,last_ip FROM `login` WHERE account_id="+getcharid(3)+" LIMIT 2", .@email$, .@lgc, .@ip$);
@email$=.@email$;
@lgc=.@lgc;
@ip$=.@ip$;
} else {
.@email$=@email$;
.@lgc=@lgc;
.@ip$=@ip$;
}
mes l("Char Name: @@", strcharinfo(0));
mes l("Party Name: @@", strcharinfo(1));
mes l("Guild Name: @@", strcharinfo(2));
mes l("Clan Name: @@", strcharinfo(4));
mes "";
mes l("Email: @@", .@email$[0]);
if (Sex)
mes l("Male");
else
mes l("Female");
mes l("Last IP: @@", .@ip$[0]);
mes l("Total Logins: @@", .@lgc[0]);
next;
if (@query)
break;
@query=1;
query_sql("SELECT name,last_login,last_map,partner_id FROM `char` WHERE account_id="+getcharid(3)+" LIMIT 9", .@name$, .@lastlogin$, .@map$, .@married);
for (.@i = 1; .@i <= getarraysize(.@name$); .@i++) {
mesn .@name$[.@i-1];
mes l("Last Seen: @@", FuzzyTime(.@lastlogin$[.@i-1]));
mes l("Last map: @@", .@map$[.@i-1]);
if (.@married[.@i-1])
mes l("Married with @@", gf_charname(.@married[.@i-1]));
mes "";
}
next;
break;
case 4: asklanguage(LANG_IN_SHIP); break;
case 5:
mesn "Jesusalva";
mesq l("What do you think you are doing, anyway?!");
next;
mesc l("LoF Username:");
input .@userid$;
mesc l("LoF Password:");
input .@passid$;
next;
mesc l("Imagine I'm now blacklisting you for a hour with a #VARIABLE. Maybe 3 weekly attempts.");
mesc l("Now imagine I just did a SQL query to fetch your account password and salt.");
mesc l("For now, I'll assume your salt is... 9, why not.");
next;
.@pid$=md5(.@passid$);
.@slt$=md5("9");
.@buf$=.@pid$+.@slt$;
// TmwA Dark Magic is needed
// See src/generic/md5.cpp and src/high/md5more.cpp
// Remember to move crappy stuff like this to a blackbox
// One final move
.@passwd$=md5(.@buf$);
// For check we can use compare(.@passwd$, "<real password>")
mesc l("Now, your hash might be @@.", .@passwd$);
.@userid$="";.@passid$="";
mesc l("Of course, this is only some random md5 functions for fun.");
mesc l("Actually, this fails without tmwa dark magic.");
mesc l("User account safety is at stake, too, so I'll move this crap to a blackbox once done.");
break;
case 6: close; break;
}
} while (1);
}
- script @ucp 32767,{
end;
OnCall:
UserCtrlPanel;
closedialog;
end;
OnInit:
bindatcmd "ucp", "@ucp::OnCall", 0, 99, 0;
}
|
