Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- $fail=false;
- function _htmlspecialchars($str)
- {
- $str = preg_replace('/&(?!#[0-9]+;)/s', '&', $str);
- $str = str_replace(array('<', '>', '"'), array('<', '>', '"'), $str);
- return $str;
- }
- $con = @mysql_connect($_SESSION['wwcmsv2install']['db_host'], $_SESSION['wwcmsv2install']['db_user'], $_SESSION['wwcmsv2install']['db_pass']) or $fail=true;
- if ($fail)
- echo ' <font color="red">'._htmlspecialchars($_GET['f']).'</font> ('.mysql_error().")";
- else
- {
- if ($_SESSION['wwcmsv2install']['core']=='ArcEmu')
- {
- $sql1 = mysql_query("SELECT * FROM ". $_SESSION['wwcmsv2install']['logon_db'] .".accounts WHERE login='".$_POST['admin_username']."' LIMIT 1")or die(mysql_error());
- if (mysql_num_rows($sql1)=='1')//account is found
- {
- //check password
- $sql2=mysql_fetch_assoc($sql1);
- if ($sql2['password']==$_POST['admin_password'])
- {
- //user if confirmed, add him to website db with admin privilages
- mysql_query("INSERT INTO ". $_SESSION['wwcmsv2install']['web_db'] .".wwc2_users_more (acc_login,vp,userid,dp,gmlevel) VALUES ('".$sql2['login']."','0','".$sql2['acct']."','0','az')")or die(mysql_error());
- }
- else
- {
- echo 'Admin password is wrong.';exit;
- }
- }
- else //account is not found, create new one
- {
- mysql_query("INSERT INTO ". $_SESSION['wwcmsv2install']['logon_db'] .".accounts (login, password, gm) VALUES ('".$_POST['admin_username']."','".$_POST['admin_password']."','az')") or die(mysql_error());
- $sql3 = mysql_query("SELECT * FROM ". $_SESSION['wwcmsv2install']['logon_db'] .".accounts WHERE login='".$_POST['admin_username']."' LIMIT 1")or die(mysql_error());
- $sql4=mysql_fetch_assoc($sql3);
- mysql_query("INSERT INTO ". $_SESSION['wwcmsv2install']['web_db'] .".wwc2_users_more (acc_login,vp,userid,dp,gmlevel) VALUES ('".$sql4['login']."','0','".$sql4['acct']."','0','az')")or die(mysql_error());
- }
- }
- elseif($_SESSION['wwcmsv2install']['core']=='Trinity' or $_SESSION['wwcmsv2install']['core']=='MaNGOS')
- {
- $enc_pass=sha1(strtoupper($_POST['admin_username'].':'.$_POST['admin_password']));
- $sql1 = mysql_query("SELECT * FROM ". $_SESSION['wwcmsv2install']['logon_db'] .".account WHERE username='".$_POST['admin_username']."' LIMIT 1")or die(mysql_error());
- if (mysql_num_rows($sql1)=='1')//account is found
- {
- //check password
- $sql2=mysql_fetch_assoc($sql1);
- if ($sql2['sha_pass_hash']==$enc_pass)
- {
- //user if confirmed, add him to website db with admin privilages
- mysql_query("INSERT INTO ". $_SESSION['wwcmsv2install']['web_db'] .".wwc2_users_more (acc_login,vp,userid,dp,gmlevel) VALUES ('".$sql2['username']."','0','".$sql2['id']."','0','4')")or die(mysql_error());
- }
- else
- {
- echo 'Admin password is wrong.';exit;
- }
- }
- else //account is not found, create new one
- {
- mysql_query("INSERT INTO ". $_SESSION['wwcmsv2install']['logon_db'] .".account (username, sha_pass_hash) VALUES ('".$_POST['admin_username']."','".$enc_pass."')") or die(mysql_error());
- $sql3 = mysql_query("SELECT * FROM ". $_SESSION['wwcmsv2install']['logon_db'] .".account WHERE username='".$_POST['admin_username']."' LIMIT 1")or die(mysql_error());
- $sql4=mysql_fetch_assoc($sql3);
- mysql_query("INSERT INTO ". $_SESSION['wwcmsv2install']['web_db'] .".wwc2_users_more (acc_login,vp,userid,dp,gmlevel) VALUES ('".$sql4['username']."','0','".$sql4['id']."','0','az')")or die(mysql_error());
- }
- }
- else
- {
- echo "Unknown core.";exit;
- }
- echo '<font color="green">Success!</font><br><br><input name="next" type="submit" value="'.$_GET['l'].' (7/8)"></form>';
- }
- @mysql_close( $con );
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement