paintballrefjosh / mangoswebv4 Goto Github PK
View Code? Open in Web Editor NEWThis is a continuation of the MaNGOSWebV3 project.
License: GNU General Public License v3.0
This is a continuation of the MaNGOSWebV3 project.
License: GNU General Public License v3.0
Everytime i try to buy an item in the shop i get following error:
Sending Items, Please wait...
Fatal error: Maximum execution time of 30 seconds exceeded in /srv/www/htdocs/azer/core/SDL/class.rasocket.php on line 72
i can connect to my server via telnet and username and password are matching.
Can somebody point me to the right solution?
I add gold but when i click add to get from points i get this
Please contact an administrator as there is an error connecting or authenticating with the server. You will NOT be charged Web Points at this time
Database Config in Admin Panel not working well its not a big issue but will be good to get it working thou
An error should be generated if you try using Character Tools on a character that is online. Any changes made while the character is online are reverted when the player logs out.
Hi i would like to have a working wow armory maybe also compatible with wow 1.12.2
Page generate error:
Couldnt Run Query: SELECT * FROM mw_realm WHERE realm_id='1'
Error: File './mangosweb/mw_realm.MYD' not found (Errcode: 30 - Read-only file system)
�ово�ти when writing Russian language
Sorry for my bad English
I've install mangosweb v4 but the realm status always offline, and player online display 0
I'm getting a blank page after accepting the Terms. I checked the apache2 error.log file and there's nothing in there. The access.log file only shows loading the favicon.
Any ideas?
IN admin Panel i setup everything to be shown and realm server and everything but nothing is showing ??? IS this a bug ?
I try add news it was working till today here is the error
','1','1490958537')
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's are on hire !!!!!
','1','1490958537')' at line 1
after update my files with the latest updates cant access the Database Config section of the Admin Panel.
Warning: include(inc/admin/template_files/admin.dbconfig.php): failed to open stream: No such file or directory in /var/www/html/index.php on line 223 Warning: include(): Failed opening 'inc/admin/template_files/admin.dbconfig.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/html/index.php on line 223
You could display the list of available themes but if you select one of the page refresh but nothing happens. You are stuck with WoTLK theme.
i get this error at try to virsualize the site after sucesfull installation:
Fatal error: Uncaught Error: Call to undefined function simplexml_load_file() in /var/www/test2/core/class.template.php:148 Stack trace: #0 /var/www/test2/index.php(164): MangosTemplate->loadTemplateXML() #1 {main} thrown in /var/www/test2/core/class.template.php on line 148
Hello:
I have find a Reflected XSS vulnerability in admin.faq.php.
The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to "MaNGOSWebV4-master/inc/admin/template_files/admin. donate.php ". The infected source code is line 37, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 37 will trigger untrusted code to be executed on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.donate.php?id="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):
Discoverer: ADLab of Venustech
Hello:
I have find a Reflected XSS vulnerability in admin.vote.php.
The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to " MaNGOSWebV4-master/inc/admin/template_files/admin.vote.php ". The infected source code is line 36, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.vote.php?id="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):
Discoverer: ADLab of Venustech
advantage of mail() is that there is no need for any account or painfull configuration.
mails are forged this way:
$to = '[email protected], [email protected]';
$subject = 'the subject';
$message = 'Hello, world.<br>';
// To send HTML mail, the Content-type header must be set
$headers[] = 'MIME-Version: 1.0';
$headers[] = 'Content-type: text/html; charset=utf-8';
$headers[] = 'To: User1 <[email protected]>, User2 <[email protected]>';
$headers[] = 'From: MaNGOSWebV4 <[email protected]>';
$headers[] = 'Reply-To: [email protected]';
$headers[] = 'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, implode("\r\n", $headers));
Some people have similar problem with your soap implementation:
Notice: Undefined variable: cmd in /var/www/html/web/core/SDL/class.rasocket.php on line 310 Warning: fopen(core/logs/RA_Debug.log): failed to open stream: No such file or directory in /var/www/html/web/core/SDL/class.rasocket.php on line 195 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 200
any fix available ?
If i try to open the RSS Link i get
Cannot open file (core/cache/rss/news.xml)
any options on that ?
I fresh installed your CMS System.
Now i get following error:
Fatal error: Uncaught Error: Call to a member function get() on array in /var/www/html/web/core/core.php:78 Stack trace: #0 /var/www/html/web/index.php(92): Core->setGlobals() #1 {main} thrown in /var/www/html/web/core/core.php on line 78
I noticed these 2 feature are not working and enabled, it woul be good to implement these :)
Hello:
I have find a Reflected XSS vulnerability in this project.
The vulnerability exists due to insufficient filtration of user-supplied data in "step" HTTP parameter that will be passed to "MaNGOSWebV4-master/install/index.php". The infected source code is line 35, there is no protection on $_GET['step']; if $_GET['step'] contains evil js code, line 41 will trigger untrusted code to be excuted on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/install/index.php?step=><script>alert(1);</script><
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit )
Discoverer: ADLab of Venustech
There is an old error of Media missing
Warning: include(templates/blizzlike/media/media.screen.php): failed to open stream: No such file or directory in C:\xampp\htdocs\index.php on line 249 Warning: include(): Failed opening 'templates/blizzlike/media/media.screen.php' for inclusion (include_path='C:\xampp\php\PEAR') in C:\xampp\htdocs\index.php on line 249
When want enter in screenshots etc.
Good afternoon,
I would like to know if you continue with the project or abandoned.
I was very interested with it.
Thanks
Hello:
I have find a Reflected XSS vulnerability in admin.faq.php.
The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to "MaNGOSWebV4-master/inc/admin/template_files/admin.faq.php ". The infected source code is line 36, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.faq.php?id="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):
Discoverer: ADLab of Venustech
Hello guys i have fixed the mysql erros finnaly 📦
now i would like to add items trought the store i can do it from db side, but on the site you dont have a option to select the realm you want to.
and also the shop can find the items of the Blizzlike realm and thats great.
but when i add my custom items from the fun realm it says invalid item ID.
example item ids.
can somone help me to fix this?.
if i clic Logout button from the frontpage it doesnt close my current session. Instead its redirects me to my account page, same behavior as if i clic profile button.
Currently using Mist of Pandaria v1.0 Theme.
Now after 6800cca
Some errors during registration process. After fill the form with data i got some errors. Even if i disable secrets questions in admin panel.
Account Registration
Notice: Undefined index: reg_secret_questions in /var/www/html/inc/account/account.register.php on line 99 Notice: Undefined variable: Config in /var/www/html/inc/account/account.register.php on line 173 Fatal error: Call to a member function get() on a non-object in /var/www/html/inc/account/account.register.php on line 173
I noticed in these templates:
Instead on Sunwell template is missing the folder /images/buttons
I copied all from wotlk theme
Hello:
I have find a Reflected XSS vulnerability in admin.fplinks.php.
The vulnerability exists due to insufficient filtration of user-supplied data in "linkid " HTTP parameter that will be passed to " MaNGOSWebV4-master/inc/admin/template_files/admin. fplinks.php ". The infected source code is line 36, there is no protection on $_GET[‘linkid’]; if $_GET[‘linkid’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.fplinks.php?linkid="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):
Discoverer: ADLab of Venustech
I will suggest an integration on the RAF Feature for Trinitycore.
To setup the Recruit a Friend (well manually at least), set the recruiter column in the auth.account table to the id of the account that "recruited" them.
That is, lets say there is an account called Alice (account id 10) and she recruits Bob (account id 20). The following SQL query would do the trick.
Code:
update account set recruiter = 10 where id = 20;
It would be great if this can be integrated in the Registration Form - i will also make a donate via paypal.
Regards,
Hellangel
When i click More Info Link in the Frontpage in the Server info block i receive folllowing error
Warning: include(templates/blizzlike/server/server.info.php): failed to open stream: No such file or directory in /var/www/html/index.php on line 249 Warning: include(): Failed opening 'templates/blizzlike/server/server.info.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/html/index.php on line 249
Hello:
I have find a Reflected XSS vulnerability in admin.shop.php.
The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to " MaNGOSWebV4-master/inc/admin/template_files/admin.shop.php ". The infected source code is line 36, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.shop.php?id="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):
Discoverer: ADLab of Venustech
As per with every release of this site ever made, the shop system still doesn't work.
Using SOAP, I get this error.
Sending Items, Please wait...
Fatal error: Class 'SoapClient' not found in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 357
Using RA, I get this error.
Warning: fopen(core/logs/RA_Debug.log): failed to open stream: No such file or directory in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 195 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fclose() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 200
http://www.mistvale.com/?p=server&sub=commands
here there is the error
Notice: Undefined index: permission in /var/www/templates/blizzlike/server/server.commands.php on line 17 Couldnt Run Query: SELECT name
FROM rbac_permissions
WHERE id IN (SELECT id
FROM rbac_linked_permissions
WHERE linkedId = )
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
Hi,
would be great if we can sync the PHPBB Usernames and Passwords with your Site.
Any hint how to get this to work ?
Donation also possible.
Regards,
Hellangel
When add news to the site via Admin Panel i get this in front page
Couldnt Run Query: SELECT username FROM account WHERE id = '1'
Error: Table 'wowsite.account' doesn't exist
Also when add in db its working but the name who posted not changing its always Mistvale.com Dev Team
Network consists of Web server and Game server.
Have allowed Web server MaNGOSWebV4 to talk to actual vanilla wow DB.
Install succeed - asked me to delete /install directory and /update directory.
Upon doing this was presented with the accept TOC page, clicked accept.
Now I get the following error everytime I browse to the page:
Fatal error: Uncaught Error: Call to undefined function simplexml_load_file() in /var/www/html/core/class.template.php:148 Stack trace: #0 /var/www/html/index.php(164): MangosTemplate->loadTemplateXML() #1 {main} thrown in /var/www/html/core/class.template.php on line 148
Modules: ToS
Error: 404
Screenshot: http://prntscr.com/hd6fdk
I have tried to fix the 404 error related to the images. I still haven't found a solution.
I keep to see this error on top:
Notice: Undefined offset: 3 in /var/www/core/class.template.php on line 126 /
I have been testing the project and is working good so far with MoP expansion.
Mail sent through ACP, shop system (SOAP), registration keys.. etc all good
but when a user is trying to register only classic, TBC and WotLK are valid options..
Any way to add MoP to that list?
Also when you access
/?p=server&sub=statistic
There is no room for goblins, Worgen or Pandaren.. (Any chance of support those races?) or maybe you can give me an idea which files should i edit to do it.
Thanks in advance...
I will detail all steps to reproduce the problem.
1 - Enable Account Registration in Admin Panel
2 - Enable Require Account Activation in Admin Panel
3 - Enable Require Invite in Admin panel
4 - Copy and Paste your registration Key to enable registration form
4 - Do the normal registration process (Fill the required data.. Username, password, mail, etc..)
5 - Receive registration mail in your inbox with your register details and a activation link)
6 - Clic on Link provided in the email to activate your account.
Then an error message is displayed.
If i am right after d379fb1 mangosweb tables are stored in a separate DB so no account table in mangosweb DB
When i try to register a new account and fill all needed data the system validates me and shows me a message telling me that i need to check my inbox to validate my account. Problem is that i didnt receive any mail.
My server email settings are fine because if i use the Send mail link from the Admin panel then i receive the mail without problems..
putting a single-quote when editing frontage link titles bring an SQL error.
These form fields should be protecter with either addslashes() or mysqli_real_escape_string() to avoid errors and also for security reasons.
I try to add gold for vote item shop i get this
Couldnt Run Query: INSERT INTO mw_shop_items( item_number
, itemset
, gold
, quanity
, desc
, wp_cost
, realms
) VALUES( '0', '0', '500000', '', 'Gold is all u need !', '100', '0' )
Error: Incorrect integer value: '' for column 'quanity' at row 1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.