Everytime i try to buy an item in the shop i get following error:

Sending Items, Please wait...

Fatal error: Maximum execution time of 30 seconds exceeded in /srv/www/htdocs/azer/core/SDL/class.rasocket.php on line 72

i can connect to my server via telnet and username and password are matching.

Can somebody point me to the right solution?

Now after 6800cca

Some errors during registration process. After fill the form with data i got some errors. Even if i disable secrets questions in admin panel.

Account Registration
Notice: Undefined index: reg_secret_questions in /var/www/html/inc/account/account.register.php on line 99 Notice: Undefined variable: Config in /var/www/html/inc/account/account.register.php on line 173 Fatal error: Call to a member function get() on a non-object in /var/www/html/inc/account/account.register.php on line 173

When add news to the site via Admin Panel i get this in front page

Couldnt Run Query: SELECT username FROM account WHERE id = '1'
Error: Table 'wowsite.account' doesn't exist

Also when add in db its working but the name who posted not changing its always Mistvale.com Dev Team

If i try to open the RSS Link i get

Cannot open file (core/cache/rss/news.xml)

any options on that ?

Hello:
I have find a Reflected XSS vulnerability in this project.

The vulnerability exists due to insufficient filtration of user-supplied data in "step" HTTP parameter that will be passed to "MaNGOSWebV4-master/install/index.php". The infected source code is line 35, there is no protection on $_GET['step']; if $_GET['step'] contains evil js code, line 41 will trigger untrusted code to be excuted on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/install/index.php?step=><script>alert(1);</script><

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit )

Discoverer: ADLab of Venustech

putting a single-quote when editing frontage link titles bring an SQL error.
These form fields should be protecter with either addslashes() or mysqli_real_escape_string() to avoid errors and also for security reasons.

Perdon, for my english.

If i have activated the confirmation via email i recive theese error:

Array ( ) 1

i send a image:

I noticed in these templates:

• Burning_Crusade
• Illidan
• sunwell
  on /images/icons
  are missing these folder (or it errorly moved these on "icon" folder, also there is icon2 folder, useless i think)
• race
• pvpranks
• factions
• class

Instead on Sunwell template is missing the folder /images/buttons

I copied all from wotlk theme

IN admin Panel i setup everything to be shown and realm server and everything but nothing is showing ??? IS this a bug ?

Hello guys i have fixed the mysql erros finnaly 📦
now i would like to add items trought the store i can do it from db side, but on the site you dont have a option to select the realm you want to.

and also the shop can find the items of the Blizzlike realm and thats great.
but when i add my custom items from the fun realm it says invalid item ID.

example item ids.

can somone help me to fix this?.

Some people have similar problem with your soap implementation:

Notice: Undefined variable: cmd in /var/www/html/web/core/SDL/class.rasocket.php on line 310 Warning: fopen(core/logs/RA_Debug.log): failed to open stream: No such file or directory in /var/www/html/web/core/SDL/class.rasocket.php on line 195 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 198 Warning: fclose() expects parameter 1 to be resource, boolean given in /var/www/html/web/core/SDL/class.rasocket.php on line 200

any fix available ?

Modules: ToS
Error: 404
Screenshot: http://prntscr.com/hd6fdk

I have tried to fix the 404 error related to the images. I still haven't found a solution.

When i try to register a new account and fill all needed data the system validates me and shows me a message telling me that i need to check my inbox to validate my account. Problem is that i didnt receive any mail.

My server email settings are fine because if i use the Send mail link from the Admin panel then i receive the mail without problems..

I try to add gold for vote item shop i get this

Couldnt Run Query: INSERT INTO mw_shop_items( item_number, itemset, gold, quanity, desc, wp_cost, realms) VALUES( '0', '0', '500000', '', 'Gold is all u need !', '100', '0' )
Error: Incorrect integer value: '' for column 'quanity' at row 1

As per with every release of this site ever made, the shop system still doesn't work.

Using SOAP, I get this error.

Sending Items, Please wait...
Fatal error: Class 'SoapClient' not found in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 357

Using RA, I get this error.
Warning: fopen(core/logs/RA_Debug.log): failed to open stream: No such file or directory in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 195 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 198 Warning: fclose() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\testsite\core\SDL\class.rasocket.php on line 200

I'm getting a blank page after accepting the Terms. I checked the apache2 error.log file and there's nothing in there. The access.log file only shows loading the favicon.

Any ideas?

Good afternoon,
I would like to know if you continue with the project or abandoned.
I was very interested with it.

Thanks

If i create an account and the account name is taken, send my theese error:

Send capture:

Hi,

would be great if we can sync the PHPBB Usernames and Passwords with your Site.

Any hint how to get this to work ?

Donation also possible.

Regards,
Hellangel

Database Config in Admin Panel not working well its not a big issue but will be good to get it working thou

There is an old error of Media missing

Warning: include(templates/blizzlike/media/media.screen.php): failed to open stream: No such file or directory in C:\xampp\htdocs\index.php on line 249 Warning: include(): Failed opening 'templates/blizzlike/media/media.screen.php' for inclusion (include_path='C:\xampp\php\PEAR') in C:\xampp\htdocs\index.php on line 249

When want enter in screenshots etc.

I try add news it was working till today here is the error

','1','1490958537')
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's are on hire !!!!!

','1','1490958537')' at line 1

Hello:
I have find a Reflected XSS vulnerability in admin.vote.php.

The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to " MaNGOSWebV4-master/inc/admin/template_files/admin.vote.php ". The infected source code is line 36, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.vote.php?id="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech

I noticed these 2 feature are not working and enabled, it woul be good to implement these :)

You could display the list of available themes but if you select one of the page refresh but nothing happens. You are stuck with WoTLK theme.

Hello:
I have find a Reflected XSS vulnerability in admin.faq.php.

The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to "MaNGOSWebV4-master/inc/admin/template_files/admin.faq.php ". The infected source code is line 36, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.faq.php?id="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech

An error should be generated if you try using Character Tools on a character that is online. Any changes made while the character is online are reverted when the player logs out.

Hi i would like to have a working wow armory maybe also compatible with wow 1.12.2

I keep to see this error on top:
Notice: Undefined offset: 3 in /var/www/core/class.template.php on line 126 /

Hello:
I have find a Reflected XSS vulnerability in admin.faq.php.

The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to "MaNGOSWebV4-master/inc/admin/template_files/admin. donate.php ". The infected source code is line 37, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 37 will trigger untrusted code to be executed on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.donate.php?id="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech

Hello:
I have find a Reflected XSS vulnerability in admin.fplinks.php.

The vulnerability exists due to insufficient filtration of user-supplied data in "linkid " HTTP parameter that will be passed to " MaNGOSWebV4-master/inc/admin/template_files/admin. fplinks.php ". The infected source code is line 36, there is no protection on $_GET[‘linkid’]; if $_GET[‘linkid’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.fplinks.php?linkid="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech

Network consists of Web server and Game server.
Have allowed Web server MaNGOSWebV4 to talk to actual vanilla wow DB.
Install succeed - asked me to delete /install directory and /update directory.
Upon doing this was presented with the accept TOC page, clicked accept.
Now I get the following error everytime I browse to the page:
Fatal error: Uncaught Error: Call to undefined function simplexml_load_file() in /var/www/html/core/class.template.php:148 Stack trace: #0 /var/www/html/index.php(164): MangosTemplate->loadTemplateXML() #1 {main} thrown in /var/www/html/core/class.template.php on line 148

after update my files with the latest updates cant access the Database Config section of the Admin Panel.

Error..

Warning: include(inc/admin/template_files/admin.dbconfig.php): failed to open stream: No such file or directory in /var/www/html/index.php on line 223 Warning: include(): Failed opening 'inc/admin/template_files/admin.dbconfig.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/html/index.php on line 223

Hi,

how to change the WoWhead Language Gateway?

i allready changed it to de.wowhead.com -> that works on hovering the Item as below:

but i want also to change the text showing in the "Rewards" Box here:

Any ideas ?

Thanks & Regards,

Hellangel

I will suggest an integration on the RAF Feature for Trinitycore.

To setup the Recruit a Friend (well manually at least), set the recruiter column in the auth.account table to the id of the account that "recruited" them.

That is, lets say there is an account called Alice (account id 10) and she recruits Bob (account id 20). The following SQL query would do the trick.
Code:
update account set recruiter = 10 where id = 20;

It would be great if this can be integrated in the Registration Form - i will also make a donate via paypal.

Regards,

Hellangel

When i click More Info Link in the Frontpage in the Server info block i receive folllowing error

Warning: include(templates/blizzlike/server/server.info.php): failed to open stream: No such file or directory in /var/www/html/index.php on line 249 Warning: include(): Failed opening 'templates/blizzlike/server/server.info.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/html/index.php on line 249

I will detail all steps to reproduce the problem.

1 - Enable Account Registration in Admin Panel
2 - Enable Require Account Activation in Admin Panel
3 - Enable Require Invite in Admin panel
4 - Copy and Paste your registration Key to enable registration form
4 - Do the normal registration process (Fill the required data.. Username, password, mail, etc..)
5 - Receive registration mail in your inbox with your register details and a activation link)
6 - Clic on Link provided in the email to activate your account.

Then an error message is displayed.

If i am right after d379fb1 mangosweb tables are stored in a separate DB so no account table in mangosweb DB

i get this error at try to virsualize the site after sucesfull installation:
Fatal error: Uncaught Error: Call to undefined function simplexml_load_file() in /var/www/test2/core/class.template.php:148 Stack trace: #0 /var/www/test2/index.php(164): MangosTemplate->loadTemplateXML() #1 {main} thrown in /var/www/test2/core/class.template.php on line 148

if i clic Logout button from the frontpage it doesnt close my current session. Instead its redirects me to my account page, same behavior as if i clic profile button.

Currently using Mist of Pandaria v1.0 Theme.

I add gold but when i click add to get from points i get this

Please contact an administrator as there is an error connecting or authenticating with the server. You will NOT be charged Web Points at this time

Hello:
I have find a Reflected XSS vulnerability in admin.shop.php.

The vulnerability exists due to insufficient filtration of user-supplied data in "id" HTTP parameter that will be passed to " MaNGOSWebV4-master/inc/admin/template_files/admin.shop.php ". The infected source code is line 36, there is no protection on $_GET[‘id’]; if $_GET[‘id’] contains evil js code, line 36 will trigger untrusted code to be executed on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/inc/admin/template_files/admin.shop.php?id="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech

http://www.mistvale.com/?p=server&sub=commands
here there is the error

Notice: Undefined index: permission in /var/www/templates/blizzlike/server/server.commands.php on line 17 Couldnt Run Query: SELECT name FROM rbac_permissions WHERE id IN (SELECT id FROM rbac_linked_permissions WHERE linkedId = )
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1

I have been testing the project and is working good so far with MoP expansion.
Mail sent through ACP, shop system (SOAP), registration keys.. etc all good

but when a user is trying to register only classic, TBC and WotLK are valid options..

Any way to add MoP to that list?

Also when you access
/?p=server&sub=statistic

There is no room for goblins, Worgen or Pandaren.. (Any chance of support those races?) or maybe you can give me an idea which files should i edit to do it.

Thanks in advance...

I fresh installed your CMS System.

Now i get following error:

Fatal error: Uncaught Error: Call to a member function get() on array in /var/www/html/web/core/core.php:78 Stack trace: #0 /var/www/html/web/index.php(92): Core->setGlobals() #1 {main} thrown in /var/www/html/web/core/core.php on line 78

advantage of mail() is that there is no need for any account or painfull configuration.
mails are forged this way:

$to      = '[email protected], [email protected]';
$subject = 'the subject';
$message = 'Hello, world.<br>';
// To send HTML mail, the Content-type header must be set
$headers[] = 'MIME-Version: 1.0';
$headers[] = 'Content-type: text/html; charset=utf-8';
$headers[] = 'To: User1 <[email protected]>, User2 <[email protected]>';
$headers[] = 'From: MaNGOSWebV4 <[email protected]>';
$headers[] = 'Reply-To: [email protected]';
$headers[] = 'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, implode("\r\n", $headers));

�ово�ти when writing Russian language

sum @paintballrefjosh

If i try to customize the character i get this error:

web/web/?p=account&sub=customize

Notice: Undefined index: char_recustomize_success in /var/www/html/web/inc/account/account.customize.php on line 63

Page generate error:
Couldnt Run Query: SELECT * FROM mw_realm WHERE realm_id='1'
Error: File './mangosweb/mw_realm.MYD' not found (Errcode: 30 - Read-only file system)

Hello i got a issue when i try to buy something from the Shop.

Sorry for my bad English

I've install mangosweb v4 but the realm status always offline, and player online display 0