[Yet to be tested] Reqruit-A-Friend System (ArcEmu/DvEmu or whatever)

[Relexx1]

Wrote this for a friends website, took an hour or so, so it's not uhmm.. Yeah, anyways.. Pretty simple & basic, just thought I'd share it...
(Havn't tested it, database structure requires the characters, account & mailbox table to be under the 'logon'-database.

How it works: Just include it to index.php or something like that
Make your users or whatever, send a link like
domain.com/index.php?r=CharacterName
It should the automatically send an item with the item ID of '1337'(define it at the start of the code) to CharacterName in game, if someone were to click the link..

Without any further ado..? I don't know.. Anyways..


Here it is:

PHP Code:

<?php
//NOTE! If you want to edit the subject / body of the mail sent in-game, go to line #97.

//Note2: Remember that the $_GET['r'] should be the username of the character reqruiting / recieving the mail..

//Note3: The mail script hasn't been tested, I'm 33% sure that it'll work though. :/)


$Item_ID = '1337'; //Edit this to the ID of the reward for reqruiting a friend (sent in mail).

$MySQL_Host    = 'localhost'; //The host IP / hostname
$MySQL_User    = 'root'; //The username used to access the database
$MySQL_Pass    = 'ascent'; //The password used to access the database
$Database_Name = 'logon'; //The database name, this is the database containing the characters, account and mailbox table. 'logon' is your best bet. :]
$Table_1       = 'used'; //This is the table where all IPs wil be stored


//No need to edit below this point.
//#################################


$ip=$_SERVER['REMOTE_ADDR'];

if(!empty($_GET['r']))
{


$connection = mysql_connect("$MySQL_Host", "$MySQL_User", "$MySQL_Pass");
if (!$connection) {
    die('I call shenanigans.');
}
if (!mysql_select_db("$Database_Name")) {
    die('I call shenanigans.');
}

//If the table 'used'($Table_1) doesn't exist, create :]
if(!mysql_num_rows(mysql_query("SHOW TABLES LIKE '$Table_1'")))
{
mysql_query("CREATE TABLE `used` (`IP` VARCHAR (50)) TYPE = MyISAM");
}

//If the Reqruit A Friend -account is not made already, create :]
$lastAccountID = mysql_query("SELECT MAX(acct) FROM accounts");
$lastAccountID = mysql_result($lastAccountID,0)+1;
$reqacciscreated = mysql_num_rows(mysql_query("select * from accounts where login='Reqruit A Friend Name' and password='bs pass'"));
if($reqacciscreated==0)
{
mysql_query("INSERT INTO `accounts` (`acct`, `login`, `password`, `gm`, `flags`, `forceLanguage`)
VALUES ('$lastAccountID', 'Reqruit A Friend Name', 'bs pass', '0', '24', 'enUS');");
}

//If the Reqruit A Friend -player is not made already, create :]
$reqnameiscreated = mysql_num_rows(mysql_query("SELECT * FROM characters WHERE name='Reqruit A Friend'"));
if($reqnameiscreated==0)
{
$lastUserID = mysql_query("SELECT MAX(guid) FROM characters");
$lastUserID = mysql_result($lastUserID,0)+1;
mysql_query("INSERT INTO `characters` (`guid`, `acct`, `name`) VALUES ('$lastUserID', '$lastAccountID', 'Reqruit A Friend');");
}

//Get R :]
$ref=$_GET['r'];



//Remove SQL injection vulnerbilliti.. Vul.. I don't know how it's spelled.. Doesn't matter either. :]
$ref=mysql_real_escape_string($ref);


//If the clicker has already clicked, return 1, else 0 / null?
$hasclicked=mysql_num_rows(mysql_query("select * from $Table_1 where IP='$ip'"));


//Get last message ID
$lastmes = mysql_query("SELECT MAX(message_id) FROM mailbox");
$lastmes = mysql_result($lastmes,0)+1;;

echo $lastmes;

//Get player guid
$playerid = mysql_fetch_array(mysql_query("SELECT * FROM characters WHERE name='$ref'"));
$playerid = $playerid[0];

//Get Reqruit A Friend-id
$rafguid = mysql_fetch_array(mysql_query("SELECT * FROM characters WHERE name='Reqruit A Friend'"));
$rafguid = $rafguid[0];

//Register the visit (add IP to used refs - Send mail to player)
if($hasclicked==0)
{
mysql_query("INSERT INTO $Table_1 
VALUES('$ip')");
if($ref && $playerid!=0)
{
mysql_query("
INSERT INTO mailbox (`message_id`, `message_type`, `player_guid`, `sender_guid`, `subject`, `body`, `money`, `attached_item_guids`, `cod`, `stationary`, `expiry_time`, `delivery_time`, `copy_made`, `read_flag`, `deleted_flag`)
VALUES ('$lastmes', '0', '$playerid', '$rafguid', 'Reqruit-A-Friend reward', 'Thank you for using our a reqruit-a-friend system! As a small token of our appreciation, I\'ve sent you this item.', '0', '$Item_ID', '0', '0', '1266629480', '0', '0', '0', '0');"); //You may want to edit the subject / body.. Can be found on this line
}
}

mysql_close($connection);
//Connection is closed. :]
}
else
{
$connection = mysql_connect("$MySQL_Host", "$MySQL_User", "$MySQL_Pass");
if (!$connection) {
    die('I call shenanigans.');
}
if (!mysql_select_db("$Database_Name")) {
    die('I call shenanigans.');
}
$hasclicked=mysql_num_rows(mysql_query("select * from $Table_1 where IP='$ip'"));
if($hasclicked=='0')
{
mysql_query("INSERT INTO `used` (`IP`) VALUES ('$ip');");
}
mysql_close($connection);
}
?>

There.. Uhmm.. It automatically adds a character with the name of 'Reqruit a Friend' but.. Yeah, I added a few comments so that you should be able to understand it, even though my coding might be a bit uhmm.. Rubbish.. So.. Yeah

Anyways, it hasn't been tested on an actual server - just tried on localhost using my own copy of an arcemu database..

If someone has some spare time and their own little arcemu server, it'd be awesome if they'd try it out & give feedback

Any other feedback would be awesome too, like improvements of the code because.. It's pretty crap imo ^_^


EDIT: Oh, and if you have any ideas on what I could do next / got a request or something, just reply & ask :]

[Sonic Waffle]

Mmm, nice script so far you have there. But a few things could be fixed, like the IP system (I'm a bit tipsy, I'm not really that up for looking for bugs ).

So far, from what I got by reading the script, someone goes to the URL, and then the script does it's magic, etc. After it is done sending the item, it adds the requester's IP to a DB that is checked against to make sure people don't just keep on getting free items. Although, this can simple be bypassed by a numerous amount of proxies.

Just a heads up. (And I might of not made sense or got it properly, but meh)

[Relexx1]

Mmm, nice script so far you have there. But a few things could be fixed, like the IP system (I'm a bit tipsy, I'm not really that up for looking for bugs ).

So far, from what I got by reading the script, someone goes to the URL, and then the script does it's magic, etc. After it is done sending the item, it adds the requester's IP to a DB that is checked against to make sure people don't just keep on getting free items. Although, this can simple be bypassed by a numerous amount of proxies.

Just a heads up. (And I might of not made sense or got it properly, but meh)

>proxies
Weeell, of course.. But I mean.. There's no way you can prevent that in my opinion.. Hooowever, it would be possible to make like an email verification for the reqruit-thing, but I mean.. That uhmm.. Yeah..

But.. Is there a way to detect proxies? I mean.. I could scan if port x(8080 on most proxies) is open, and then denie if it is.. But it could be opened on a normal computer by default so I don't really know..

But thanks for the reply, means a lot to me (Yeeah, I'm a loser IRL ._.)

[Sonic Waffle]

Why do you think you are a loser? I do not see why you would consider yourself that.

On topic: Captcha is a nifty little tool used against bots and lazy humans; just throwing it in there.
Also, as for the proxies, I would strongly discourage blocking proxies as they are used alot by businesses and schools for faster access to the web via cache aswell as a firewall in one.

And well, you cannot really ever get rid of a proxy bypass as you never know if it is legit or not. Although, there are two options available...

1. Make the visitor register before the referee gets the items and don't forget the captcha against the bots.

2. Make a script that checks against public proxies and the host/user agent/etc. info and deny access to them if something is fishy.
Then again, being hasty and using/making this system can, once again, stop people that use proxies for legit reasons get denies.

[Relexx1]

Why do you think you are a loser? I do not see why you would consider yourself that.

On topic: Captcha is a nifty little tool used against bots and lazy humans; just throwing it in there.
Also, as for the proxies, I would strongly discourage blocking proxies as they are used alot by businesses and schools for faster access to the web via cache aswell as a firewall in one.

And well, you cannot really ever get rid of a proxy bypass as you never know if it is legit or not. Although, there are two options available...

1. Make the visitor register before the referee gets the items and don't forget the captcha against the bots.

2. Make a script that checks against public proxies and the host/user agent/etc. info and deny access to them if something is fishy.
Then again, being hasty and using/making this system can, once again, stop people that use proxies for legit reasons get denies.

Of course you could do that, but that'd require you editing the entire website, adding a $_POST / GET on every link for it to work, and since this is just one script and not an entire website, I can't do it ^^

[MEC]

is there any way you could change that so the characters table doesnt have to be in the accounts?

[Relexx1]

is there any way you could change that so the characters table doesnt have to be in the accounts?

Easily - Where else should it be then?