Metin2API - PHP Script - Mutulic

[Mutulic 615]

Hello comunity,

This is a API script for Metin2 - PHP version TCP to P2P Connection.
Thanks @ Gurgarath for explain how metin2 works 

 

This is the hidden content, please

• Sign In
• or
• Sign Up

Alternative download links → 

This is the hidden content, please

• Sign In
• or
• Sign Up

[Volvox 1753]

Looks nice, Thx !

[Mutulic 615]

3 hours ago, Volvox said:

Looks nice, Thx !

Welcome

[leunam0830 2]

On 2/20/2024 at 12:40 PM, Mutulic said:

Hello comunity,

This is a API script for Metin2 - PHP version TCP to P2P Connection.
Thanks @ Gurgarath for explain how metin2 works 

 

This is the hidden content, please

• Sign In
• or
• Sign Up

Alternative download links → 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Thanks bro

one question, It is possible to add more server-side functions to Metin?

[Mutulic 615]

8 hours ago, leunam0830 said:

 

Thanks bro

one question, It is possible to add more server-side functions to Metin?

Sure, you can add by game source and using my php code to access it

[Jimmermania 32]

Hi, i changed the details but it keeps loading. Which port this script uses? i use martysama files.

[Mutulic 615]

5 hours ago, Jimmermania said:

Hi, i changed the details but it keeps loading. Which port this script uses? i use martysama files.

i'm not sure, i think 13000 or 13001

[Jimmermania 32]

18 hours ago, Mutulic said:

i'm not sure, i think 13000 or 13001

No it doesnt work. Which port should be there? auth or ch1 ?

[terrorr 15]

Hardcoded Credentials:

Storing sensitive information like $password directly in the code is risky. If the file is exposed due to a misconfiguration, anyone can see and use your password.

Recommendation: Store sensitive data outside of your web root, or use environment variables for better security.

Input Validation and Sanitization:

User inputs (playername, playernamemute, and notice) are directly used in socket commands without any validation or sanitization, leading to potential command injection attacks.

Recommendation: Implement input validation, ensuring that user inputs are properly sanitized and conform to expected formats.

Error Handling:

The code exits on errors without proper handling, potentially exposing the server environment or command errors to the user.

Recommendation: Use proper error handling mechanisms (like logging errors) instead of abruptly terminating script execution.

Command Injection Risk:

Users can inject unwanted commands by manipulating the input fields.

Recommendation: Validate commands against a whitelist of allowed commands or use prepared statements if applicable.

CSRF Vulnerability:

The form submissions are susceptible to Cross-Site Request Forgery (CSRF) attacks.

Recommendation: Implement CSRF tokens in form submissions.

Socket Communication Exposure:

If the socket communication is exposed without proper security measures, such as encryption (TLS/SSL), sensitive information can be intercepted.

Recommendation: Consider implementing secure communication channels (like SSL) for socket connections.

[Mutulic 615]

That's just a demo, bro

[Sauug 74]

On 3/7/2024 at 5:37 PM, Jimmermania said:

No it doesnt work. Which port should be there? auth or ch1 ?

I use too and I have found how to work if you always need I can help you.

[ReFresh 2634]

On 3/6/2024 at 6:21 PM, Jimmermania said:

Hi, i changed the details but it keeps loading. Which port this script uses? i use martysama files.

It should be auth port, but there are two things, which needs to be changed:
ADMINPAGE_IP: 
ADMINPAGE_PASSWORD: 

Because in code is protection against flood:

Spoiler

#ifdef ENABLE_PORT_SECURITY
    if (strcmp(inet_ntoa(peer.sin_addr), "127.0.0.1")) // refuse if remote host != localhost (only the same machine must be able to connect in here)
    {
        sys_log(0, "BLOCK CONNECTION FROM %s", inet_ntoa(peer.sin_addr));
        Destroy();
        return false;
    }
#endif