In-game MassMailer(GM purposes)

[Lindoz12]

If you want it for mangos i's just a few small changes, not too hard, I'm not sure but i think its even possible by just changing the character and mailbox tables in the config

Agreed, if there is a mangos table for incomming mails it should just be a small change in the config.

[Lindoz12]

This is terribly dangerous to use on a server. Aside from the fact you aren't checking GM accounts, SQL injection would be easy as well. For example, if I enter the following in the item ID field your mail table would be dropped from the database.

Code:

0');DROP TABLE mailbox_insert_queue; --

Why does this work? Lets look at your query.

Code:

("INSERT INTO" .$mailbox_queue. " VALUES ('$charID', '$charID', '$subject', '$text', '62', '0', '$itemid', '0')

What would it look like if I entered the above?

Code:

("INSERT INTO" .$mailbox_queue. " VALUES ('$charID', '$charID', '$subject', '$text', '62', '0', '0');DROP TABLE mailbox_insert_queue; --', '0')

At least use PHP: mysql_real_escape_string - Manual if you're going to be inserting things into the database. This isn't entirely secure, but it's certainly more than you have here. I'd also recommend reading the following.

http://dev.mysql.com/tech-resources/...curity-ch3.pdf

Its supposed to be a private script, not for public use...
Sure ive could of just added that, but it wouldnt be any point, i made this script when i was sitting on the bus in ~30 min.

[SupernovaHH]

i had the same exact idea as this. but what im working on is a bit different. it lets you mail any character you select, from the site. if your account permissions are level AZ you have an option to send mail to ALL players. very useful tho +rep x2