KeyWorld

Don't say something I didn't write. It's not because I post a list of technologies than all have to be used, even if it's a base from a good framework, the pros and crons have to be studied before writing a piece of code. If I had enough time to write a CP, it will be already done for years but I already have some problems to regularly work on my personal projects to add a new one to the queue. The exploits i were talking are already in discussion with Xantara and CalciumKid to find the better approach to fix it without potentially provoke a massive hack of a big part of pservers. The main problem of this exploit : it required some fix on templates folder but no servers are using the default one because of theirs custom design (so it's an update that will break all current servers). I'm not here to promote myself, just to discuss but it seems like when an opinion diverges from yours we just are the bad guys and you need to spit on me to discredit myself and all I said, just grow up guys, I think you are enough older to have a discussion without bashing the guy in front of you.

@Gepard Rewriting an emulator from scratch is a lot of work, you can't compare it to a CP. Yeah FluxCP is the most advanced CP currently available for RO (talking about structure, organization, documentation and support), but it's not for this reason it's the best code ever. It was a list for general reasons to rewrite a code, not specialy related to FluxCP. Just talking about technologies and organization (not about features since it can be add at all time) : HMVC ORM Namespace Anonymous function/Closures Optionnal ajax support Optionnal Template Engine Hook system And of course I investigated FluxCP source code, that's why I complain about it, its structure and its exploits. @Haru Well I have to agree, if you don't have a talented web developer (and specialized in security audit), there is no point to create a new CP from scratch, you will just create a complete copy of others CP with maybe some more hacks.

Re-writing this pieces of software allow to get better performance, cleaner code, maintainable code, knowing what can be avoid or optimized, using latest technologies features for better experiences or speed up the process, remove deprecated element... A lot of big softwares are rewriting from scratch from a version to another (just in PHP framework for example: Laravel, Symfony, ...), and they never get so optimized and easy to use. To finish, it's not because you don't know or heard about exploits that they don't exist. Lucky admins, RO hackers seems to have a pretty bad level and just know about SQLI, LFI (and DDOS of course)

No need to be unpleasant with my awesomes greens eyes it's what I personally feel when reading this topic.To be honest there is no officials control panel suitable for Ragnarok Online, that's why I think it's better to start a new one from scratch instead of using an outdated one, with some conception fails and criticals exploits. Did I hear from the past than Hercules was build to look further ? FluxCP is definitively from the past (as ceres, stargame, rudra, etc.).

Am I alone to see this post as an advertising : "Hercules recommend you to use FluxCP, the best CP ever, for your website, and you will get cookies <3 !". In my opinion it would be better to create your own CP, or at least, create repositories for others CP (maybe it's planned ?), currently it's a little unfair competition, forcing users to switch to FluxCP when there are some other alternatives (not so good alternatives yeah I know...). Just my two cents. PS: Yes I wrote this post just because I don't love FluxCP lol

@hemagx You should at least check what you wrote in the configs, the error is from you, not from me. @all Fix an error on the lastest version with doridori and body animation. Add a generator, to create your own characters, can be used in a char simulator for example: Just complete the url: /generate/body=M-0-0/hair=0-0-0/hats=0-0-0/equip=0-0-0/option=0/actdir=0-0-0 Info: /generate/body=<sex>-<job>-<clothes color>/hair=<hair style>-<hair color>-<doridori>/hats=<hat top>-<hat middle>-<hat bottom>/equip=<weapon>-<shield>-<robe>/option=<option>/actdir=<direction>-<action>-<animation> Have fun~

Updates : [*]Correct 3rd job file name. [*]Robes are now fully working (it was missing the inherent job list). [*]Background color can be change in RORender::$background_color. [*]Add htaccess to avoid access to client directory (if you have content you don't want to share...) Suggestions ? Bugs ? Problems ? Report it

Thank you You have to upload it in the client folder (and complete the data.ini file).

Addded a debug mode to trace errors in the latest version if you have problem installing it. Just open index.php and uncomment the line: // Set on the debug//Debug::enable(); Once it's done you will have access to all debugs, infos and errors: Hope it helps

Yeah it is.

Edited

Hmmm... The guild notice is send with some others guild informations to the client before some parameters to avoid some display problems. All npc events runs after all this parameters. So... It can be done, but there is high chances to have big problems with data not initialized before running the scripts so I don't recommend to do this modification. Or you have to send guild informations without the notice, and send it after running script event, but I'm not sure if the function is used somewhere else. It will look to something like: src/map/guild.c if(sd->state.connect_new) { //Note that this works because it is invoked in parse_LoadEndAck before connect_new is cleared. clif->guild_belonginfo(sd,g);- clif->guild_notice(sd,g);+ //clif->guild_notice(sd,g); sd->guild_emblem_id = g->emblem_id; }src/map/clif.c //Login Event npc_script_event(sd, NPCE_LOGIN);++ if(sd->status.guild_id) {+ struct guild *g = guild_search(sd->status.guild_id);+ if(g!=NULL) {+ clif_guild_notice(sd,g);+ }+ }

You're welcome ! I forget to talk about three known problems related to PHP GD (it sucks !). I show you this problems in only one monster : The Bloody Knight ! [*]Do you see the fire ? There is a white rectangle around. this problems occurs on RGBA images in Sprite files when you try to merge them with the main image. [*]Check the shield, there is a white border around it. When rotating an image it's possible to have this problem : the image border is merging with the transparent background (which is white) and cause this bug. I replace the transparent background by a transparent white background to avoid getting a magenta border (or other flashy border). [*]Check the shield again, poor quality ! Due to image rotation + image scale. The problem n°1 just occurred in some monsters (effects), I don't think there is one hat or character using RGBA frames for now in RO. The problem n°2 and 3 can occurred in all monsters/characters, depend of the scale and rotation. To conclude, PHP GD sucks, I have noone of this problems in javascript (<3).

You're welcome

GMs accounts are supported but don't render the GM skin (just the basic job). Try to remove the cache (index.php) during the test: Cache::$time = 15 * 60 ; // cache for 15 mins (set to 0 if you want to disable cache). Set it to 0, so if there is a change, you will see it in an instant instead of waiting 15 minutes. Try to check that your data files are in the proper location. You can also add a little check on core/class.Client.php to see if some files are not properly loaded: Replace: return "data://application/octet-stream;base64," . base64_encode($content); } } return false; } By return "data://application/octet-stream;base64," . base64_encode($content); } } header('Content-type:text/plain'); exit("Exiting. File not found {$local_path}."); return false; }

Ok so it's a problem of data. You have to put a data folder with all your sprites and palette on client/data/. Or add your GRFs in client/ and modify data.ini with your grf files to load. If you don't have data, it can't render anything.

Maybe it can't connect to your DB, or you don't have any files set in the client folder ? Try using the debug mode, uncomment the two lines in index.php to know if there is an error: ini_set('display_errors', 1); error_reporting(E_ALL);

Happy to see you like it ! Without using the core files and controllers, you have to do this (good to build a char simulator as ratemyserver has) : <?php define('__ROOT__', dirname(__FILE__) . '/'); // Loading CORE files require_once( __ROOT__ . 'core/class.Controller.php'); require_once( __ROOT__ . 'core/class.Cache.php'); require_once( __ROOT__ . 'core/class.Client.php'); require_once( __ROOT__ . 'core/class.DB.php'); // Initialize the client (load GRF, load DB, etc.) Client::init(); // What do you want to display ? // Full Character ? // So include the render needed require_once( __ROOT__ . 'render/class.CharacterRender.php' ); // Set up the header header('Content-type:image/png'); // Since you use class.CharacterRender, use it : $chargen = new CharacterRender(); // Set your datas here $chargen->action = CharacterRender::ACTION_READYFIGHT; // You can see constants in $chargen->direction = CharacterRender::DIRECTION_SOUTHEAST; // render/class.RORender.php $chargen->body_animation = 0; $chargen->doridori = 0; $chargen->sex = "M"; $chargen->class = 4002; $chargen->clothes_color = 0; $chargen->hair = 5; $chargen->hair_color = 12; $chargen->head_top = 0; $chargen->head_mid = 0; $chargen->head_bottom = 0; $chargen->weapon = 0; $chargen->shield = 0; $chargen->robe = 0; $chargen->option = 0; // Generate the image and display it $img = $chargen->render(); imagepng($img); ?>

ROChargenPHP Features Core [*]Support for .spr, .act, .pal, .grf, ... [*].act file completed support (transparency, scale, color, rotate, ...) [*]Characters fully implemented ( body, head, hats, weapon, shield, robe, mount) with palettes support. [*]Can modify action, animation and direction. [*]Class to generate : Full Character / Character Head only / Monster-NPC-Homunculus / Avatar / Signature. [*]Cache system available (and can be set off) with configurable time to cache. [*]Emblem Loader available. Client [*]Data.ini file support (to list your GRFs) [*]Support GRF (0x200 version only without DES encryption - repack before uploading) - the data folder is always read first. [*]Auto-Extract files from GRF if needed (optimize performance) [*]Updater script available to convert some lua files to PHP. How to use Really url-friendly: myserver.com/chargen/<controller>/<data> // with url-rewritingmyserver.com/chargen/index.php/<controller>/<data> // without url-rewriting Example for my character called "KeyWorld":myserver.com/chargen/avatar/KeyWorld // avatarmyserver.com/chargen/signature/KeyWorld // signaturemyserver.com/chargen/character/KeyWorld // full Charactermyserver.com/chargen/characterhead/KeyWorld // Character's head You can change the default link by modify the array $routes in the index.php file:// $routes['url'] = controller$routes['/avatar/(.*)'] = 'Avatar';$routes['/character/(.*)'] = 'Character';$routes['/characterhead/(.*)'] = 'CharacterHead';$routes['/monster/(d+)'] = 'Monster';$routes['/signature/(.*)'] = 'Signature'; Custom display At least, the tool is really easy to use, here an example on how to display a static character: $chargen = new CharacterRender(); $chargen->action = CharacterRender::ACTION_READYFIGHT; $chargen->direction = CharacterRender::DIRECTION_SOUTHEAST; $chargen->body_animation = 0; $chargen->doridori = 0; // Custom data: $chargen->sex = "M"; $chargen->class = 4002; $chargen->clothes_color = 0; $chargen->hair = 5; $chargen->hair_color = 12; // ... head_top, head_mid, head_bottom, robe, weapon, shield, ... // Generate Image $img = $chargen->render(); imagepng($img); Examples / Demos Sources Get the source (Thanks to report all bugs) License Instead of selling it, I give a try to "Open Source project with Donation". So if you think, you would have buy it if i was selling it, think to give a donation ? Notes [*]A directory "client" is in the project, it will be a good idea to move it to a directory not accessible by the user (for example /home/client/). [*]If you use generate images from GRFs you have to know it's a little slower, i recommend you in this case to allow the "AutoExtract" option to gain performance. [*]GRFs have to be save as 0x200 version without any encryption (even the official DES), good idea is to remove unused folders ( textures, wav, models).. [*]If you use the options Cache and AutoExtract, don't forget the script need to have a write access to the client and cache folder. [*]Thanks to Khazou for the acces to his server to fully testing the tool

What ? Session don't protect from Brute force attack. Session: give a key stored in a cookie to reference some variables on the server. If you clean cookie (or just don't create it), server will not recognize you. The best ways I see: Use RECaptcha. Send a mail with a key to confirm registration (avoid getting invalid mail), and maybe checking the mail in a black list. Store IP adress for some times in a database, to block the next registration with the same IP the next time until a specify date. Just chek in your ragnarok database the IP stored in login and login_log to avoid creating an account if the IP is present more than x times. CRONS: Captcha can be bypass if you pay some guys on china (or somewhere else) to resolve captcha you send to them (but I still recommend RECaptcha it's the best in the market). IP restriction is totally useless in case of proxy or botnet. Hope it help.