//===== eAthena Script ======================================= //= Security System //===== By =================================================== //= lllchrislll //===== Version ============================================== //= 1.0 - Script Made //= 1.1 - Fixed SQL Bug (SQL Injection) - Thanks to ToastofDoom //===== Compatible With ====================================== //= Every eAthena MySQL Version //===== Description ========================================== //= Security System - Simple //===== Comments ============================================= //= Bugs possible > PM me <3 // Change the e-mail address at Line 90!! // or add your own text, as well // search for "Summon Ro", replace it with your server's name. //============================================================ - script SecurityLogin -1,{ end; OnPCLoginEvent: if(#security_pass == 2) goto W_Jail; if($security_pass == 0 && #security_pass == 1) { announce "The Security System is momentally offline.",bc_red|bc_self; set #security_pass,3; end; } else if($security_pass == 0 && #security_pass == 0) { end; } else if($security_pass == 1 && #security_pass == 3) { announce "The Security System is back online.",bc_red|bc_self; set #security_pass,1; end; } else if(#security_pass == 0) { mes "[Security Manager]"; mes "Your Security Password hasn't been set yet."; mes "Please come to me and set it or do it via"; mes "NPC:Password. It's like you are whispering to an other player."; mes "After that any kind of text."; close; } else if(#security_pass == 1) { // Check if Password was set query_sql "SELECT `last_ip` FROM `login` WHERE `account_id` = '"+getcharid(3)+"'",@last_ip$; query_sql "SELECT `last_ip` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",@last_ip2$; if (@last_ip$ != @last_ip2$) { // IP Check mes "[Security Manager]"; mes "Please insert the Password for your own Security."; next; input @pass$; query_sql "SELECT `pass` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",@sec_pass$; if(@pass$ == @sec_pass$) { // Inserted Password Check query_sql "UPDATE `security_sys` SET `last_ip` = '"+@last_ip2$+"' WHERE `account_id` = '"+getcharid(3)+"'"; dispbottom "You have successfully logged in. Have Fun with Summon Ro."; close; } else if(@pass$ != @sec_pass$) { mes "[Security Manager]"; mes "The Password you typed is wrong."; mes "You got one more chance to login."; next; input @pass$; if(@pass$ == @sec_pass$) { mes "[Security Manager]"; mes "Thank you for your time."; dispbottom "You have successfully logged in. Have Fun with Summon Ro."; close; } else if (@pass$ != @sec_pass$) { mes "[Security Manager]"; mes "You typed the Password wrong twice."; mes "You will be warped to the Jail now."; mes "After Login in, you have to write the password again and if you are write it"; mes "again wrong your account will be blocked."; close2; atcommand "@jail "+strcharinfo(0); set #security_pass,2; sleep2 5000; atcommand "@kick "+strcharinfo(0); end; } } } else if (@last_ip$ == @last_ip2$) { dispbottom "You have successfully logged in. Have Fun with Summon Ro."; end; } } W_Jail: mes "[Security Manager]"; mes "Please insert the 'correct' Password."; mes "or your account will be blocked and you have to write"; mes "an e-mail to summonro@live.de with the content of the right Password."; next; mes "[Security Manager]"; mes "Like this:"; mes "Subject: Security System - Account Unblock"; mes "Text: Account Name: *x*"; mes " Password: *x*"; next; mes "[Security Manager]"; mes "Start please."; next; input @pass$; query_sql "SELECT `pass` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",@sec_pass$; if(@pass$ == @sec_pass$) { close2; set #security_pass,1; warp "SavePoint",0,0; announce "You have successfully regained your Account. Have Fun with Summon Ro.",bc_red|bc_self; end; } else { mes "[Security Manager]"; mes "The Password you typed is wrong."; mes "Your Account will be blocked now."; close2; atcommand "@block "+strcharinfo(0); end; } } - script Password -1,{ end; OnWhisperGlobal: if($security_pass == 0 && #security_pass == 1) { set #security_pass, 0; } else if($security_pass == 0 && #security_pass == 0) { mes "[Security Manager]"; mes "The System is disabled."; close; } else if($security_pass == 1 && #security_pass == 0) { mes "[Security Manager]"; mes "Hello, "+strcharinfo(0)+"!"; mes "Please insert your Password you want to set."; input @sec_pass$; next; mes "[Security Manager]"; mes "Thank you for your time."; mes "Your Password and IP got saved."; mes "Remember it carefully."; set #security_pass, 1; query_sql "SELECT `last_ip` FROM `login` WHERE `account_id` = '"+getcharid(3)+"'",@last_ip$; query_sql "INSERT INTO `security_sys` (`last_ip` , `account_id` , `pass`) VALUES ('"+@last_ip$+"' , '"+getcharid(3)+"' , '"+escape_sql(@sec_pass$)+"')"; close; } else if($securty_pass == 1 && #security_pass == 1) { mes "[Security Manager]"; mes "So you want to change"; mes "your Password?"; if(select("- Yes:- No") == 2) { close; } else { next; query_sql "SELECT `pass` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",@sec_pass$; mes "[Security Manager]"; mes "Please insert the new Password."; mes "^FF2200 Note: Type \"Cancel\" into"; mes "the box to cancel your attempt.^000000"; input @ch_pass$; next; mes "[Security Manager]"; if(@ch_pass$ == "Cancel") { close; } else if(ch_pass$ == @sec_pass$) { mes "I'm sorry, but the new"; mes "Password matches the old"; mes "one."; close; } mes "The new password is:"; mes @ch_pass$; next; mes "[Security Manager]"; mes "Is that correct?"; if(select("- Yes, it is correct:- No, I don't want to change it.") == 2) { next; mes "[Security Manager]"; mes "Okay, see you next time."; close; } else { next; mes "[Security Manager]"; mes "Thank you for your time."; query_sql "UPDATE `security_sys` SET `pass` = '"+escape_sql(@ch_pass$)+"' WHERE `account_id` = '"+getcharid(3)+"'"; close; } } } } help_lobby.gat,75,136,4 script Security Manager 109,{ set .@n$,"[Security Manager]"; if (getgmlevel() >= 80) { mes .@n$; mes "Which Menu?"; menu "- Player Menu",-,"- GM Menu",M_GM; next; } mes .@n$; mes "Hello, "+strcharinfo(0)+"."; mes "What do you wanna do?"; switch(select("- Add/Change my Password:- Nothing")) { case 1: next; if($security_pass == 0 && #security_pass == 1) { set #security_pass, 0; mes .@n$; mes "The System isn't enabled."; close; } else if($security_pass == 0 && #security_pass == 0) { mes .@n$; mes "The System isn't enabled."; close; } else if($security_pass == 1 && #security_pass == 0) { mes .@n$; mes "Hello, "+strcharinfo(0)+""; mes "So you want to set your Password?"; menu "- Yes, please.",-,"- Naa, not now.",N_now; setit: next; mes .@n$; mes "Okay, type the password you want."; input @sec_pass$; next; mes .@n$; mes "The Password is:"; mes @sec_pass$; mes "Is that correct?"; if(select("- Yes, it is:- No,repeat please") == 1) { next; set #security_pass, 1; query_sql "SELECT `last_ip` FROM `login` WHERE `account_id` = '"+getcharid(3)+"'",@last_ip$; query_sql "INSERT INTO `security_sys` (`last_ip` , `account_id` , `pass`) VALUES ('"+@last_ip$+"' , '"+getcharid(3)+"' , '"+escape_sql(@sec_pass$)+"')"; mes .@n$; mes "Thank you for your time."; mes "Your Password and IP got saved."; mes "Remember it carefully."; close; } else { goto setit; } N_now: next; mes .@n$; mes "Okay, please come back as soon as possible."; close; } else if($security_pass == 1 && #security_pass == 1) { mes .@n$; mes "So you want to change"; mes "your Password?"; if(select("- Yes:- No") == 2) { close; } else { next; query_sql "SELECT `pass` FROM `security_sys` WHERE `account_id` = '"+getcharid(3)+"'",@sec_pass$; mes .@n$; mes "Please insert the new Password."; mes "^FF2200 Note: Type \"Cancel\" into"; mes "the box to cancel your attempt.^000000"; input @ch_pass$; next; mes .@n$; if(@ch_pass$ == "Cancel") { close; } else if(@ch_pass$ == @sec_pass$) { mes "I'm sorry, but the new"; mes "Password matches the old"; mes "one."; close; } mes "The new password is:"; mes @ch_pass$; next; mes .@n$; mes "Is that correct?"; if(select("- Yes, it is correct:- No, I don't want to change it.") == 2) { next; mes .@n$; mes "Okay, see you next time."; close; } else { next; mes .@n$; mes "Thank you for your time."; query_sql "UPDATE `security_sys` SET `pass` = '"+escape_sql(@ch_pass$)+"' WHERE `account_id` = '"+getcharid(3)+"'"; close; } } } default: close; } M_GM: next; if($sec_table_created == 1) { mes .@n$; mes "Hello, "+strcharinfo(0)+"!"; mes "What do you want to do?"; menu "- Disable/Enable the System",-,"- Delete Table",delete,"- Nothing",exit; next; mes .@n$; mes "The Security System is " + ( ($security_pass) ? "^00BB22Enabled^000000." : "^FF2200Disabled^000000."); if($security_pass == 0) { mes "Wanna enable it?"; if(select("- Yes,please:- No,Thanks") == 2) { next; mes .@n$; mes "The Security System is still disabled."; close; } else { next; mes .@n$; mes "The Security System is enabled now."; announce "The Security Systen has been enabled.",bc_yellow|bc_all; set $security_pass, 1; close; } } else if($security_pass == 1) { mes .@n$; mes "The Security System is enabled at the moment."; mes "Wanna disable it?"; if(select("- Yes,please:- No,Thanks") == 2) { next; mes .@n$; mes "The Security System is still enabled."; close; } else { next; mes .@n$; mes "The Security system is disabled now."; announce "The Security Systen has been disabled.",bc_yellow|bc_all; set $security_pass, 0; close; } } delete: next; mes .@n$; mes "Do you really want to delete the whole table?"; switch(select("- Yes, I want!!:- Noooo, I misclicked ya o_O")) { case 1: next; mes .@n$; mes "Okay, it's a 'One-Way Ticket'!!!!"; query_sql "DROP TABLE `security_sys`"; set $sec_table_created,0; set $security_pass,0; close; case 2: next; mes .@n$; mes "Okay, No Problem."; close; } exit: next; mes .@n$; mes "Goodbye, see ya next time."; close; } else { mes .@n$; mes "There isn't a table in your database yet."; mes "Want to create?"; menu "- Yes, I want to create one",-,"- No, don't wanna",N_stop; next; mes .@n$; mes "The Table is created now."; query_sql "CREATE TABLE IF NOT EXISTS `security_sys` ( `last_ip` VARCHAR( 100 ) , `account_id` INT( 11 ) , `pass` VARCHAR( 32 ))"; set $sec_table_created, 1; set $security_pass, 1; close; N_stop: next; mes .@n$; mes "The table wasn't created."; close; } }