Rally an army, choose your race, and rise through the ranks in a classic era of browser war gaming. Recruit allies via your unique link, fortify your defenses, and strike with precision as you climb specialized ladders for offense, defense, and covert ops. Turns tick in steady beats, gold flows from your legions, and every raid adds a line to your legend.
Seasonal “Ages,” viral recruitment, and a thriving community made Kings of Chaos a phenomenon—mixing strategic unit builds, armory management, and intelligence warfare into a fast, fiercely competitive loop. Whether you lead as Human, Dwarf, Elf, or Orc, the path to power is a balance of timing, teamwork, and tactical audacity.
Directory: kings_of_chaos/King of Chaos/
Game Name: Kings of Chaos - Massively Multiplayer Online Role Playing Game
Official Domain: kingsofchaos.com (mentioned in index.php)
Developer Contact:
Development Date: March-May 2004 (SQL dump timestamps, Age 3 Beta Feb 2004)
Version: Age 3 Public Beta (February 7, 2004 launch)
Database: MySQL 4.0.16, phpMyAdmin 2.5.3
PHP Version: 4.3.3 (from SQL comments)
License: No license found (proprietary commercial game)
Player Base: Over 500,000 players (per meta description!)
Historical Context: This is a REAL commercial MMORPG from 2004 with half a million players! One of the biggest browser-based games of the mid-2000s era. Features merchandise store, prize competitions, and active community.
---
Total Files: 240 files
PHP Scripts: 144 files (0.76 MB) - most code
Graphics: 76 images (0.19 MB)
Fonts: 3 TTF files (0.87 MB) - custom fonts!
JavaScript: 3 JS files (0.02 MB)
CSS: 2 stylesheets (0.00 MB)
SQL: 2 database files (0.00 MB)
Audio: 1 WAV file (0.01 MB)
Backups: 4 BAK files (0.01 MB)
HTML: 2 HTM files (0.00 MB)
Documentation: 2 TXT files (regex.txt, koc.sql.txt)
Notable Features:
chat/ subdirectory with ~70 files)Directory Structure:
King of Chaos/
├── Core Game (40+ PHP files)
├── admin/ (admin panel)
├── chat/ (phpMyChat integration - 70+ files)
│ ├── admin/ (chat moderation)
│ ├── lib/ (chat libraries)
│ └── install/ (chat setup SQL)
├── php/ (utilities?)
├── pic/ (71 GIFs - race shields, icons)
├── css/ (2 stylesheets)
├── js/ (3 JavaScript files)
└── fonts/ (3 TTF custom fonts)
---
Architecture: Procedural PHP with Global Functions (1,436-line vsys.php monolith!)
1. Configuration System (lib.php - 356 lines):
$conf["sites_database_name"] = "db1663b";
$conf["sites_database_login"] = "us1663b";
$conf["sites_database_password"] = "us1663b1663";
$conf["path"] = '/demos/games/kings';
// Game Balance
$conf["gold_from_soldier"] = 25;
$conf["minutes_per_turn"] = 30;
$conf["mercenaries_per_turn"] = 5;
$conf["days_to_hold_logs"] = 5;
$conf["hours_to_block_same_user_recruiting"] = 24;
// Race definitions (Humans, Dwarves, Elves, Orcs)
$conf["race"][0]["name"] = "Humans";
$conf["race"][0]["income"] = "25"; // 25% income bonus
Excellent: All game balance in config arrays. Each race has bonuses, fortification levels, pricing.
2. Main System (vsys.php - 1,436 lines!):
session_start();
include "lib.php";
// Register globals emulation (PHP 4 era)
foreach($HTTP_POST_VARS as $key => $value) {
$cgi[$key] = $value;
}
foreach($HTTP_GET_VARS as $key => $value) {
$cgi[$key] = $value;
}
$db = @mysql_connect('localhost', $conf["sites_database_login"], $conf["sites_database_password"]);
Monolithic Design: Single 1,436-line file contains ALL game logic functions! No OOP, pure procedural.
3. Authentication (vsys.php lines 24-63):
if ($cgi["uname"]) {
$isLogined1 = isLogined($cgi["uname"], $cgi["uemail"], $cgi["psword"]);
if ($isLogined1) {
$usT = getUserDetails($isLogined1, " active ");
logIP($isLogined1);
if ($usT->active == 1) {
$_SESSION["isLogined"] = $isLogined1;
header("Location: base.php");
} elseif ($usT->active == 2) {
// Banned
} elseif ($usT->active == 4) {
// Admin
header("Location: admin/index.php");
}
}
}
Login Function (vsys.php lines 88-103):
function isLogined($uname, $uemail, $psword) {
$str = "select * from UserDetails where userName='$uname' and e_mail='$uemail' and password='$psword'";
$q = @mysql_query($str);
if (!@mysql_num_rows($q)) {
return 0;
} else {
$st = mysql_fetch_object($q);
return $st->ID;
}
}
CRITICAL FLAW: Direct SQL interpolation - SQL injection vulnerability!
4. Database Layer:
mysql_* functions throughout$db connection variable@ operator5. Chat Integration (phpMyChat):
chat/ directory with 70+ files6. Front-End:
index.php includes top.php, left.php, bottom.php)---
Core Concept: Fantasy war game where players choose a race, recruit officers, build armies, and attack other players.
1. Humans - 25% Income Bonus
2. Dwarves - 25% Defense Bonus
3. Elves - 25% Spy Bonus
4. Orcs - 25% Attack Bonus
Each race has unique fortification levels:
Gold - Primary currency
Soldiers (regular troops)
Mercenaries (paid troops):
Equipment stored in armory
1. Attack (attack.php)
2. Spy (intel.php)
3. Sabotage (removed in Age 3 Beta!)
Overall Rank + 4 Specialized Ranks:
Attack Log (attacklog.php, AtackLog table - note typo!)
Battle Log (battlelog.php)
Spy Log (spylog.php, SpyLog table)
Messaging (inbox.php, message.php, writemail.php)
Messages table (ID, userID, fromID, subject, text, date)Chat (phpMyChat integration)
Unique Recruit Links (viral growth mechanic!)
Status Levels:
Anti-Cheating:
IPs table stores 20 IPs per user)Age 2 ended March 20, 2004 with prize winners
Age 3 Beta launched February 7, 2004
---
Total Tables: 12
Engine: MyISAM (TYPE=MyISAM)
Charset: latin1 (from phpMyAdmin SQL dump)
Encoding Issues: Russian/Cyrillic characters in SQL comments (suggests Russian developer or localization)
1. UserDetails (not in provided SQL excerpt but referenced in code)
2. AtackLog (sic - typo!) - Attack history
3. IPs - IP tracking for anti-cheat
4. Mercenaries - Global mercenary pool
5. Messages - In-game mail
6. Ranks - Player rankings
7. SpyLog - Espionage records
Additional Tables (referenced in chat system):
Strengths:
Weaknesses:
---
1. Monolithic Design 🔥
vsys.php = 1,436 lines in single file!2. No Code Organization
vsys.php without namespacing$conf array3. PHP 4 Antiquated Patterns
foreach($HTTP_POST_VARS as $key => $value) { // PHP 4 era
$cgi[$key] = $value;
}
Modern equivalent: $_POST superglobal (available since PHP 4.1.0 but not used)
4. Error Suppression
$db = @mysql_connect(...); // @ hides errors!
if (!@mysql_num_rows($q)) { ... }
Suppresses critical errors = silent failures
5. Inconsistent Naming
AtackLog (typo) vs SpyLog$cgi array (CGI-era naming)6. No Documentation
7. Configuration Duplication ⚠️
$conf["sites_database_name"] = "gamerpg";
$conf["sites_database_name"] = "db1663b"; // Overwrites previous!
Development vs production values mixed in same file
1. Configuration Arrays ⭐⭐
$conf arrays2. phpMyChat Integration ⭐
3. Comprehensive Logging ⭐
Modernization Cost: 280-360 hours ($21K-$27K at $75/hr)
Required:
---
PHP Version: 4.3.3 (March 2003)
EOL: December 2004 (1 year after this code!)
MySQL: 4.0.16 (2003)
Current Standard: PHP 8.2+, MySQL 8.0+
Critical Issues:
---
1. SQL Injection - 10/10 Severity 🔥🔥🔥
$str = "select * from UserDetails where userName='$uname' and e_mail='$uemail' and password='$psword'";
Direct interpolation, zero escaping = instant database compromise.
2. Plaintext Passwords - 10/10 Severity 🔥🔥🔥
password='$psword'3. register_globals Emulation - 9/10 Severity 🔥🔥
foreach($HTTP_POST_VARS as $key => $value) {
$cgi[$key] = $value;
}
User input populates $cgi array without validation = variable injection.
4. Error Suppression - 7/10 Severity 🔥
@mysql_connect() hides database errors5. XSS Vulnerabilities - 8/10 Severity 🔥
6. Hardcoded Credentials - 8/10 Severity 🔥🔥
$conf['admin_login'] = 'login';
$conf['admin_password'] = 'password'; // Literally "password"!
7. IP Spoofing - 6/10 Severity 🔥
---
1. Viral Recruitment System ⭐⭐⭐⭐
2. Age System with Resets ⭐⭐⭐
3. Multi-Category Rankings ⭐⭐⭐
4. Race Bonuses ⭐⭐
5. Merchandise Integration ⭐⭐
6. phpMyChat Integration ⭐
500,000+ players in 2004 = one of the largest browser games of its era. Competed with:
Viral mechanics predated modern social media games by years. This was Facebook game design before Facebook!
Innovation Rating: 6/10 - Viral recruitment brilliant, execution poor, but commercially successful.
---
1. Game Design Study ⭐⭐⭐⭐⭐
2. Historical Research ⭐⭐⭐⭐
3. Business Case Study ⭐⭐⭐
4. Security Training ⭐⭐
Archive Status: TIER 2 - HISTORICAL SIGNIFICANCE ⭐⭐⭐⭐
Rationale:
Preservation Actions:
Document Gameplay (viral recruitment, Age system)
Screenshot UI (4 race selection, shields)
Archive Source (240 files including chat system)
Research Impact (Find Age 2 winners, prize data)
Extract Design Lessons (viral growth, not code quality)
Security Case Study (production SQL injection example)
Do NOT:
---
| Metric | Value |
|---|---|
| Files | 240 (144 PHP, 76 images, 3 fonts, 3 JS, 2 CSS) |
| Database | 12 tables (MyISAM, latin1) |
| Code Size | ~10,000+ lines (vsys.php = 1,436 lines alone!) |
| Dev Date | March-May 2004 (Age 3 Beta) |
| PHP Version | 4.3.3 (EOL Dec 2004, 21 years obsolete) |
| Players | 500,000+ (per meta description) |
| Security | 2/10 (SQL injection, plaintext passwords) |
| Innovation | 6/10 (viral recruitment, Age resets) |
| Architecture | 3/10 (1,436-line monolith, procedural) |
| Code Quality | 3/10 (no OOP, poor organization) |
| Commercial Success | ⭐⭐⭐⭐⭐ (merchandise, prizes, huge playerbase) |
| Modernization | $21K-$27K (280-360 hours) |
| Preservation | Tier 2 - Historical Significance |
Key Strengths: Viral recruitment = growth masterclass, Age system = early seasons, real commercial success with 500K players, merchandise monetization
Key Weaknesses: 1,436-line monolith, SQL injection, plaintext passwords, PHP 4 procedural code, won't run on modern PHP
Best Use: Game design study (viral mechanics), historical research (browser gaming peak), business case study (monetization)
Historical Significance: Proves great game design > code quality - this succeeded DESPITE terrible code!
Lesson: You can build a successful game with bad code, but you'll pay the price in maintenance. Kings of Chaos likely had massive security breaches and technical debt that limited growth.
---
| Category | Rating | Commentary |
|---|---|---|
| Innovation & Originality | ★★★★★☆☆☆☆☆ 5/10 | Early browser MMORPG, recruiting-based gameplay, large player base |
| Code Quality | ★★★☆☆☆☆☆☆☆ 3/10 | Procedural PHP 4.3, 1,436-line monolith, minimal structure |
| Security Posture | ★☆☆☆☆☆☆☆☆☆ 1/10 | Register globals, no input validation, plaintext passwords likely |
| Documentation | ★★☆☆☆☆☆☆☆☆ 2/10 | Minimal: regex.txt, koc.sql.txt only |
| Gameplay Design | ★★★★★★★☆☆☆ 7/10 | Viral recruiting mechanics, 11 races, 500K+ players achieved |
| Technical Architecture | ★★★☆☆☆☆☆☆☆ 3/10 | Monolithic vsys.php, basic phpMyChat integration |
| Completeness | ★★★★★★★☆☆☆ 7/10 | 240 files, chat system, admin panel, custom fonts |
| Historical Significance | ★★★★★★★★☆☆ 8/10 | MAJOR: 500K players, successful commercial MMO from 2004 |
| Preservation Value | ★★★★★★★☆☆☆ 7/10 | Important example of early browser MMO success story |
Summary: Kings of Chaos is a historically significant commercial browser MMORPG from 2004 that achieved 500,000+ players through innovative viral recruiting mechanics. With 11 playable races, alliance system, and integrated phpMyChat, it represents a successful commercial game from the era. However, typical 2004 security practices (register globals, basic PHP 4.3) and monolithic architecture (1,436-line vsys.php) show its age. The lack of license file and proprietary nature limit modern use to historical study only. Important artifact of browser MMO history when games like this competed with early graphical MMOs.
Running many of the scripts in this archive on a live server presents a serious security risk. These projects were created before modern hardening practices and may contain vulnerabilities that can compromise your system.
We strongly recommend using this code for reference and analysis only, or in isolated local environments. By downloading these files, you accept full responsibility for their use.