+- Mirage Source (https://mirage-engine.uk/forums)
+-- Forum: Mirage Source (Nostalgia) (https://mirage-engine.uk/forums/forumdisplay.php?fid=61)
+--- Forum: Archive (2006-2011) (https://mirage-engine.uk/forums/forumdisplay.php?fid=18)
+---- Forum: Resources (https://mirage-engine.uk/forums/forumdisplay.php?fid=49)
+---- Thread: Account Dupe Fix (/showthread.php?tid=457)
Account Dupe Fix - Matt - 09-12-2006
Originally posted by GodSentDeath
Originaly Posted By: Jobs
This was made by Danny
On server side
in modServerTCP
in the
Code:
' ::::::::::::::::::::
' :: Login packet ::
' ::::::::::::::::::::add
[code]
' Prevent Dupeing
For i = 1 To Len(Name)
n = Asc(Mid(Name, i, 1))
If (n >= 65 And n = 97 And n = 48 And n
Re: Account Dupe Fix - Acruno - 11-08-2008
Sorry for the Necro, but what does this actually do?
Re: Account Dupe Fix - GIAKEN - 11-08-2008
It only allows certain characters for the person to use in their name. This needs to be done wherever there's an input for character data (guild, password, whatever) because you can easily get Access=4 or whatever you want with something like Name & vbNewLine & Access=4 and so on.
Re: Account Dupe Fix - Matt - 11-08-2008
With default Mirage, and in any game that has not added this fix, you can login with your username and password, for example:
ID: MyName
Pass: 1234
Then you can open the client again and login again, on the same account, by using this:
ID: /MyName
Pass: 1234
Again, and again. Dropping your items on one client, picking them up on another, then logging out with the empty account first. Then logging out on the account with all the items, saving all your duped, illgotten items, money, etc.
^_^
Re: Account Dupe Fix - GIAKEN - 11-08-2008
Well I just figured out the admin thing on Labmonkey's game by having the source and sending the guild name packet
Re: Account Dupe Fix - Acruno - 12-08-2008
Thanks, I understand now
Re: Account Dupe Fix - Matt - 12-08-2008
Asrrin29 Wrote:If you use MySQL, I don't think any of these injection type attacks would work. But is the account duping still present or does it depend on using ini files?
I have no idea. Give it a try on your game.
Re: Account Dupe Fix - Labmonkey - 12-08-2008
you can sql inject
lol, it was reposted by like 4 people.
Re: Account Dupe Fix - Joost - 14-08-2008
[code]' Prevent Dupeing
For i = 1 To Len(Name)
n = Asc(Mid(Name, i, 1))
IfNot (n >= 65 And n = 97 And n = 48 And n
Re: Account Dupe Fix - Matt - 14-08-2008
[quote="Joost"][code]' Prevent Dupeing
For i = 1 To Len(Name)
n = Asc(Mid(Name, i, 1))
IfNot (n >= 65 And n = 97 And n = 48 And n
Re: Account Dupe Fix - Acruno - 14-08-2008
Dave Wrote:
![[Image: bobbytableshq2.png]](http://img147.imageshack.us/img147/5315/bobbytableshq2.png)
LOL
Just out of interest, why DOES putting in certain characters/strings have an effect?
Re: Account Dupe Fix - Reece - 14-08-2008
Dave Wrote:As for the /name thing I think it checks if the account is online before it cleans the string of "bad" characters.
As for the admin = 5 thing,
If you write "Name = " and let the person specifiy what comes after that... they can make it say, "Dave & VBNewLine & Access = 5"
Then the file will look like this:
Name = Dave
Access = 5
See the problem?
SQL injections are similar.
Can't you just check to see if "VbNewLine" is in the textbox?