Jump to content
-=-=-=- Software and Hardware maintenance -=-=-=- ×

Metin2API - PHP Script - Mutulic


Recommended Posts

  • Active+ Member

Hello comunity,

This is a API script for Metin2 - PHP version TCP to P2P Connection.
Thanks @ Gurgarath for explain how metin2 works ?

 

Screenshot-12.png

This is the hidden content, please

Alternative download links → 

This is the hidden content, please

  • Metin2 Dev 68
  • Eyes 3
  • Not Good 1
  • Think 1
  • Good 15
  • Love 3
  • Love 33
Link to comment
Share on other sites

  • 2 weeks later...
On 2/20/2024 at 12:40 PM, Mutulic said:

Hello comunity,

This is a API script for Metin2 - PHP version TCP to P2P Connection.
Thanks @ Gurgarath for explain how metin2 works ?

 

Screenshot-12.png

This is the hidden content, please

Alternative download links → 

This is the hidden content, please

 

Thanks bro

one question, It is possible to add more server-side functions to Metin?

  • Good 1
Link to comment
Share on other sites

  • 5 months later...

Hardcoded Credentials:

Storing sensitive information like $password directly in the code is risky. If the file is exposed due to a misconfiguration, anyone can see and use your password.

Recommendation: Store sensitive data outside of your web root, or use environment variables for better security.

Input Validation and Sanitization:

User inputs (playername, playernamemute, and notice) are directly used in socket commands without any validation or sanitization, leading to potential command injection attacks.

Recommendation: Implement input validation, ensuring that user inputs are properly sanitized and conform to expected formats.

Error Handling:

The code exits on errors without proper handling, potentially exposing the server environment or command errors to the user.

Recommendation: Use proper error handling mechanisms (like logging errors) instead of abruptly terminating script execution.

Command Injection Risk:

Users can inject unwanted commands by manipulating the input fields.

Recommendation: Validate commands against a whitelist of allowed commands or use prepared statements if applicable.

CSRF Vulnerability:

The form submissions are susceptible to Cross-Site Request Forgery (CSRF) attacks.

Recommendation: Implement CSRF tokens in form submissions.

Socket Communication Exposure:

If the socket communication is exposed without proper security measures, such as encryption (TLS/SSL), sensitive information can be intercepted.

Recommendation: Consider implementing secure communication channels (like SSL) for socket connections.

  • Not Good 1
Link to comment
Share on other sites

×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.