Amazing Collection of online role playing games for your website!

Kings of Chaos

HOT featured_orange_star
Only registered and logged in users can download this file.
Rating
(0 votes)
Technical Details
Filename kings_of_chaos.zip
Size 1002.65 KB
Downloads 114
Author Unknown
Created 2004-02-06
Changed 2025-12-17
System PHP 4.x
Price $0.00
Screenshot
Kings of Chaos

Rally an army, choose your race, and rise through the ranks in a classic era of browser war gaming. Recruit allies via your unique link, fortify your defenses, and strike with precision as you climb specialized ladders for offense, defense, and covert ops. Turns tick in steady beats, gold flows from your legions, and every raid adds a line to your legend.

Seasonal “Ages,” viral recruitment, and a thriving community made Kings of Chaos a phenomenon—mixing strategic unit builds, armory management, and intelligence warfare into a fast, fiercely competitive loop. Whether you lead as Human, Dwarf, Elf, or Orc, the path to power is a balance of timing, teamwork, and tactical audacity.

File Verification
MD5 Checksum
9d7ffb0753586dcaa4fe19cf91310a5b
SHA1 Checksum
a8155250050269386ae9b4a1a8adf9f434283783

Game Analysis: kings_of_chaos - Game Analysis Report

1. Game Metadata & Discovery Context

Directory: kings_of_chaos/King of Chaos/

Game Name: Kings of Chaos - Massively Multiplayer Online Role Playing Game

Official Domain: kingsofchaos.com (mentioned in index.php)

Developer Contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

Development Date: March-May 2004 (SQL dump timestamps, Age 3 Beta Feb 2004)

Version: Age 3 Public Beta (February 7, 2004 launch)

Database: MySQL 4.0.16, phpMyAdmin 2.5.3

PHP Version: 4.3.3 (from SQL comments)

License: No license found (proprietary commercial game)

Player Base: Over 500,000 players (per meta description!)

Historical Context: This is a REAL commercial MMORPG from 2004 with half a million players! One of the biggest browser-based games of the mid-2000s era. Features merchandise store, prize competitions, and active community.

---

2. File Composition & Asset Breakdown

Total Files: 240 files

PHP Scripts: 144 files (0.76 MB) - most code

Graphics: 76 images (0.19 MB)

  • 71 GIFs (0.17 MB) - shields, icons
  • 4 JPGs (0.02 MB)
  • 1 ICO (favicon)

Fonts: 3 TTF files (0.87 MB) - custom fonts!

JavaScript: 3 JS files (0.02 MB)

CSS: 2 stylesheets (0.00 MB)

SQL: 2 database files (0.00 MB)

Audio: 1 WAV file (0.01 MB)

Backups: 4 BAK files (0.01 MB)

HTML: 2 HTM files (0.00 MB)

Documentation: 2 TXT files (regex.txt, koc.sql.txt)

Notable Features:

  • Integrated phpMyChat (full chat system in chat/ subdirectory with ~70 files)
  • Custom fonts suggest branded visual identity
  • Minimal graphics (71 GIFs for race shields/icons)

Directory Structure:


King of Chaos/
├── Core Game (40+ PHP files)
├── admin/ (admin panel)
├── chat/ (phpMyChat integration - 70+ files)
│   ├── admin/ (chat moderation)
│   ├── lib/ (chat libraries)
│   └── install/ (chat setup SQL)
├── php/ (utilities?)
├── pic/ (71 GIFs - race shields, icons)
├── css/ (2 stylesheets)
├── js/ (3 JavaScript files)
└── fonts/ (3 TTF custom fonts)

---

3. Technical Architecture & Design Patterns

Architecture: Procedural PHP with Global Functions (1,436-line vsys.php monolith!)

Core Components:

1. Configuration System (lib.php - 356 lines):


$conf["sites_database_name"] = "db1663b";
$conf["sites_database_login"] = "us1663b";
$conf["sites_database_password"] = "us1663b1663";
$conf["path"] = '/demos/games/kings';
// Game Balance
$conf["gold_from_soldier"] = 25;
$conf["minutes_per_turn"] = 30;
$conf["mercenaries_per_turn"] = 5;
$conf["days_to_hold_logs"] = 5;
$conf["hours_to_block_same_user_recruiting"] = 24;
// Race definitions (Humans, Dwarves, Elves, Orcs)
$conf["race"][0]["name"] = "Humans";
$conf["race"][0]["income"] = "25";  // 25% income bonus

Excellent: All game balance in config arrays. Each race has bonuses, fortification levels, pricing.

2. Main System (vsys.php - 1,436 lines!):


session_start();
include "lib.php";
// Register globals emulation (PHP 4 era)
foreach($HTTP_POST_VARS as $key => $value) {
$cgi[$key] = $value;
}
foreach($HTTP_GET_VARS as $key => $value) {
$cgi[$key] = $value;
}
$db = @mysql_connect('localhost', $conf["sites_database_login"], $conf["sites_database_password"]);

Monolithic Design: Single 1,436-line file contains ALL game logic functions! No OOP, pure procedural.

3. Authentication (vsys.php lines 24-63):


if ($cgi["uname"]) {
$isLogined1 = isLogined($cgi["uname"], $cgi["uemail"], $cgi["psword"]);
if ($isLogined1) {
$usT = getUserDetails($isLogined1, " active ");
logIP($isLogined1);
if ($usT->active == 1) {
$_SESSION["isLogined"] = $isLogined1;
header("Location: base.php");
} elseif ($usT->active == 2) {
// Banned
} elseif ($usT->active == 4) {
// Admin
header("Location: admin/index.php");
}
}
}

Login Function (vsys.php lines 88-103):


function isLogined($uname, $uemail, $psword) {
$str = "select * from UserDetails where userName='$uname' and e_mail='$uemail' and password='$psword'";
$q = @mysql_query($str);
if (!@mysql_num_rows($q)) {
return 0;
} else {
$st = mysql_fetch_object($q);
return $st->ID;
}
}

CRITICAL FLAW: Direct SQL interpolation - SQL injection vulnerability!

4. Database Layer:

  • Raw mysql_* functions throughout
  • No abstraction layer
  • Global $db connection variable
  • Error suppression with @ operator

5. Chat Integration (phpMyChat):

  • Separate chat/ directory with 70+ files
  • Own database tables (MySQL and PostgreSQL support)
  • Admin panel for moderation
  • Localization support (English regex.txt)

6. Front-End:

  • Frame-based layout (index.php includes top.php, left.php, bottom.php)
  • Inline CSS styles mixed with external stylesheets
  • JavaScript form validation
  • Custom TTF fonts for branding

---

4. Gameplay Mechanics & Features

Core Concept: Fantasy war game where players choose a race, recruit officers, build armies, and attack other players.

Race System (4 races):

1. Humans - 25% Income Bonus

2. Dwarves - 25% Defense Bonus

3. Elves - 25% Spy Bonus

4. Orcs - 25% Attack Bonus

Each race has unique fortification levels:

  • Camp (level 0) - Free, 0% defense
  • Palisade (level 1) - 40,000 gold, 25% defense bonus
  • Stronghold (level 2) - 80,000 gold, 50% defense bonus

Resource System:

Gold - Primary currency

  • Soldiers generate 25 gold per turn
  • Turns regenerate every 30 minutes (5 turns per hour)
  • Start with 1,000 gold (Age 3 Beta change)

Unit System:

Soldiers (regular troops)

  • Recruited via recruit links (unique URLs)
  • Officers = friends who join via your link
  • 1 soldier for each officer who activates after you

Mercenaries (paid troops):

  • Attack Specialists - 4,500 gold
  • Defense Specialists - 4,500 gold
  • Untrained - 3,500 gold
  • Purchase limit: 5 mercenaries per turn

Weapon/Armory System:

Equipment stored in armory

  • Weapons have durability (can be damaged)
  • Repair costs adjusted in Age 3 (was buggy - "one point at a time" exploit fixed)
  • Armory damage formula modified to prevent large-scale coordinated weak attacks

Combat Actions:

1. Attack (attack.php)

  • Offensive raids on other players
  • Attack Strength = trained attack units + weapons + race bonus
  • Gold looting based on success
  • Unit casualties tracked (attackers/defenders killed)
  • Phrases: "massacred", "burninated", "devastated", "annihilated" (11 variations)

2. Spy (intel.php)

  • Intelligence gathering
  • Reveals enemy stats: units, weapons, fortifications, turns
  • Success based on Covert Skill + race bonus
  • Spy strength vs spy defense strength

3. Sabotage (removed in Age 3 Beta!)

  • Original feature eliminated: "Sabatoging is no longer a part of the game"

Ranking System:

Overall Rank + 4 Specialized Ranks:

  • Strike Action Rank (offense)
  • Defense Action Rank (defense)
  • Covert Action Rank (espionage)
  • General Rank (overall power)

Logging Systems:

Attack Log (attacklog.php, AtackLog table - note typo!)

  • Records all attacks (attacker, defender, outcome)
  • Gold stolen, units killed, weapons used/lost
  • Phrases for dramatic battle results
  • Kept for 5 days then deleted

Battle Log (battlelog.php)

  • Player vs player combat history

Spy Log (spylog.php, SpyLog table)

  • Espionage success/failure tracking
  • Intelligence gathered (if successful)

Communication:

Messaging (inbox.php, message.php, writemail.php)

  • In-game mail system
  • Messages table (ID, userID, fromID, subject, text, date)

Chat (phpMyChat integration)

  • Real-time chat rooms
  • Admin moderation
  • User profiles with country/website

Recruitment System:

Unique Recruit Links (viral growth mechanic!)

  • Each player gets custom URL
  • Friends who join via link become your officers
  • Officers provide soldiers to your army
  • Regenerated on activation (Age 3 change)
  • 24-hour blocking prevents same-user spam recruiting

Administrative Features:

Status Levels:

  • 0 = Unverified
  • 1 = Normal
  • 2 = Banned
  • 3 = Supporter (premium tier, not fully implemented)
  • 4 = Admin

Anti-Cheating:

  • IP logging (IPs table stores 20 IPs per user)
  • 15 days of inactivity = account deletion
  • Multi-account detection via IP tracking

Age System (Game Resets):

Age 2 ended March 20, 2004 with prize winners

Age 3 Beta launched February 7, 2004

  • Final stats compiled from Age 2
  • Prize distribution (T-shirts, mousepads from 99dogs.com store)
  • Major balance changes between ages

---

5. Database Schema Analysis

Total Tables: 12

Engine: MyISAM (TYPE=MyISAM)

Charset: latin1 (from phpMyAdmin SQL dump)

Encoding Issues: Russian/Cyrillic characters in SQL comments (suggests Russian developer or localization)

Key Tables:

1. UserDetails (not in provided SQL excerpt but referenced in code)

  • userName, e_mail, password, active (status)
  • Primary user account data

2. AtackLog (sic - typo!) - Attack history

  • userID, toUserID, atackTurns, gold, phrase
  • atackStrength, defStrength
  • atackUsersKilled, defUsersKilled
  • Weapon tracking (atackWeapons, defWeapons, counts)
  • time (Unix timestamp)

3. IPs - IP tracking for anti-cheat

  • ip (VARCHAR(15)), userID, time
  • Sample: 13 IPs from May 2004
  • Mix of residential IPs (67.67.147.81, 24.55.128.133)

4. Mercenaries - Global mercenary pool

  • attackSpecCount, defSpecCount, untrainedCount
  • lastTurnTime (for regeneration)
  • Single row (global state table!)

5. Messages - In-game mail

  • userID (recipient), fromID (sender)
  • subject, text, date

6. Ranks - Player rankings

  • userID, rank (overall)
  • strikeActionRank, defenceActionRank, covertActionRank
  • Sample data: ranks 0-6 (higher = better)

7. SpyLog - Espionage records

  • userID (spy), toUserID (target)
  • spyStrength vs spyDefStrength
  • Intelligence data (units, weapons, fortifications)
  • isSuccess (boolean), race, spies count
  • Detailed weapon data (types, quantities, strengths)

Additional Tables (referenced in chat system):

  • Chat user tables
  • Chat room tables
  • Chat message tables

Schema Quality: 5/10

Strengths:

  • Comprehensive logging (attacks, spies)
  • IP tracking for security
  • Global state table (Mercenaries) - clever
  • Ranking system with multiple categories

Weaknesses:

  • Typo in table name ("AtackLog" instead of "AttackLog")
  • VARCHAR for numeric data (weapon counts, strengths stored as strings!)
  • No foreign keys (MyISAM limitation)
  • latin1 charset (should be UTF-8)
  • Inconsistent naming (AtackLog vs SpyLog)

---

6. Code Quality & Maintainability: 3/10

Critical Issues:

1. Monolithic Design 🔥

  • vsys.php = 1,436 lines in single file!
  • All functions mixed together
  • No class structure, pure procedural
  • Impossible to maintain at scale

2. No Code Organization

  • Functions defined in vsys.php without namespacing
  • Global $conf array
  • Mixed presentation/logic (HTML in vsys.php)

3. PHP 4 Antiquated Patterns


foreach($HTTP_POST_VARS as $key => $value) {  // PHP 4 era
$cgi[$key] = $value;
}

Modern equivalent: $_POST superglobal (available since PHP 4.1.0 but not used)

4. Error Suppression


$db = @mysql_connect(...);  // @ hides errors!
if (!@mysql_num_rows($q)) { ... }

Suppresses critical errors = silent failures

5. Inconsistent Naming

  • AtackLog (typo) vs SpyLog
  • $cgi array (CGI-era naming)
  • Mix of camelCase and snake_case

6. No Documentation

  • Zero inline comments in vsys.php excerpt
  • No PHPDoc
  • Function purposes unclear

7. Configuration Duplication ⚠️


$conf["sites_database_name"] = "gamerpg";
$conf["sites_database_name"] = "db1663b";  // Overwrites previous!

Development vs production values mixed in same file

Positive Notes:

1. Configuration Arrays ⭐⭐

  • Game balance in $conf arrays
  • Easy to tune without code changes
  • Race definitions data-driven

2. phpMyChat Integration

  • Used established library (good decision)
  • Saves development time
  • Professional chat features

3. Comprehensive Logging

  • Attack logs, spy logs, IP logs
  • Good for analytics and anti-cheat

Modernization Cost: 280-360 hours ($21K-$27K at $75/hr)

Required:

  • Refactor 1,436-line vsys.php into modules (80 hours)
  • Replace mysql_* with PDO (60 hours)
  • Add input sanitization (50 hours)
  • Implement MVC structure (60 hours)
  • Add unit tests (40 hours)
  • Documentation (30 hours)
  • Security audit (20 hours)

---

7. Modern Development Standards: OBSOLETE

PHP Version: 4.3.3 (March 2003)

EOL: December 2004 (1 year after this code!)

MySQL: 4.0.16 (2003)

Current Standard: PHP 8.2+, MySQL 8.0+

Critical Issues:

  • mysql_* removed in PHP 7.0 - won't run on modern servers
  • PHP 4 - 21+ years obsolete!
  • No OOP - procedural only
  • register_globals emulation - security risk
  • Frame-based UI - outdated since 2005

---

8. Security Analysis: 2/10 - CRITICAL

Catastrophic Vulnerabilities:

1. SQL Injection - 10/10 Severity 🔥🔥🔥


$str = "select * from UserDetails where userName='$uname' and e_mail='$uemail' and password='$psword'";

Direct interpolation, zero escaping = instant database compromise.

2. Plaintext Passwords - 10/10 Severity 🔥🔥🔥

  • Authentication checks raw password='$psword'
  • No hashing observed
  • Half million players with exposed passwords!

3. register_globals Emulation - 9/10 Severity 🔥🔥


foreach($HTTP_POST_VARS as $key => $value) {
$cgi[$key] = $value;
}

User input populates $cgi array without validation = variable injection.

4. Error Suppression - 7/10 Severity 🔥

  • @mysql_connect() hides database errors
  • Silent failures = debugging nightmare

5. XSS Vulnerabilities - 8/10 Severity 🔥

  • Chat system has htmlspecialchars (20+ uses in chat/)
  • Main game has ZERO input sanitization visible
  • User-generated content (messages, usernames) likely vulnerable

6. Hardcoded Credentials - 8/10 Severity 🔥🔥


$conf['admin_login'] = 'login';
$conf['admin_password'] = 'password';  // Literally "password"!

7. IP Spoofing - 6/10 Severity 🔥

  • IP logging for anti-cheat
  • No validation of IP sources
  • HTTP headers easily spoofed

Security Grade: F (2/10) - Commercial game with 500K players had these flaws!

---

9. Innovation & Technical Merit: 6/10

Innovative Aspects (for 2004):

1. Viral Recruitment System ⭐⭐⭐⭐

  • Unique recruit links per player
  • Officers = real friends in game
  • Brilliant growth hack - explains 500K players!
  • Regenerated links on activation (anti-spam)

2. Age System with Resets ⭐⭐⭐

  • Periodic game resets (Ages 1, 2, 3...)
  • Prize competitions for top players
  • Keeps game fresh, prevents stagnation
  • Like seasons in Diablo

3. Multi-Category Rankings ⭐⭐⭐

  • 4 rank types (strike, defense, covert, overall)
  • Allows specialization
  • More interesting than single leaderboard

4. Race Bonuses ⭐⭐

  • 4 races with 25% bonuses
  • Meaningful strategic choices
  • Fortification differences

5. Merchandise Integration ⭐⭐

  • T-shirts, mousepads sold via 99dogs.com
  • Monetization beyond premium accounts
  • Shows professional operation

6. phpMyChat Integration

  • Real-time chat (rare in 2004 browser games)
  • Builds community
  • Standard practice now, novel then

Historical Significance:

500,000+ players in 2004 = one of the largest browser games of its era. Competed with:

  • OGame (2002) - space strategy
  • Travian (2004) - same year launch!
  • Tribal Wars (2003)

Viral mechanics predated modern social media games by years. This was Facebook game design before Facebook!

Technical Limitations:

  • Monolithic code (1,436-line file)
  • No security
  • Procedural PHP 4
  • But it worked for 500K players!

Innovation Rating: 6/10 - Viral recruitment brilliant, execution poor, but commercially successful.

---

10. Recommendations & Preservation Strategy

Use Case Assessment:

NOT Recommended:
  • Production Use - Ancient PHP 4, catastrophic security
  • Code Example - Teaches bad patterns (SQL injection, no OOP)
  • Modern Deployment - Won't run on PHP 7+
Recommended For:

1. Game Design Study ⭐⭐⭐⭐⭐

  • Viral recruitment mechanics = masterclass in growth hacking
  • Age system = early "seasons" concept
  • Multi-category rankings
  • Use Case: Game designers studying player acquisition

2. Historical Research ⭐⭐⭐⭐

  • Real commercial MMORPG with 500K players
  • Mid-2000s browser game peak
  • Shows what worked despite bad code
  • Use Case: Gaming history, web archaeology

3. Business Case Study ⭐⭐⭐

  • Merchandise sales (T-shirts, mousepads)
  • Prize competitions
  • Premium "supporter" tier
  • Use Case: Indie game monetization research

4. Security Training ⭐⭐

  • SQL injection in production code
  • Plaintext passwords at scale
  • Use Case: "How NOT to" security workshops

Preservation Recommendation:

Archive Status: TIER 2 - HISTORICAL SIGNIFICANCE ⭐⭐⭐⭐

Rationale:

  • Real commercial success (500K players)
  • Viral mechanics ahead of its time
  • Poor code quality - not reference material
  • Historical artifact of mid-2000s browser gaming boom

Preservation Actions:

Document Gameplay (viral recruitment, Age system)

Screenshot UI (4 race selection, shields)

Archive Source (240 files including chat system)

Research Impact (Find Age 2 winners, prize data)

Extract Design Lessons (viral growth, not code quality)

Security Case Study (production SQL injection example)

Do NOT:

  • Use as code reference (bad patterns)
  • Deploy (won't run, security disaster)
  • Teach from (except as anti-pattern)

---

Summary Table

Metric Value
Files 240 (144 PHP, 76 images, 3 fonts, 3 JS, 2 CSS)
Database 12 tables (MyISAM, latin1)
Code Size ~10,000+ lines (vsys.php = 1,436 lines alone!)
Dev Date March-May 2004 (Age 3 Beta)
PHP Version 4.3.3 (EOL Dec 2004, 21 years obsolete)
Players 500,000+ (per meta description)
Security 2/10 (SQL injection, plaintext passwords)
Innovation 6/10 (viral recruitment, Age resets)
Architecture 3/10 (1,436-line monolith, procedural)
Code Quality 3/10 (no OOP, poor organization)
Commercial Success ⭐⭐⭐⭐⭐ (merchandise, prizes, huge playerbase)
Modernization $21K-$27K (280-360 hours)
Preservation Tier 2 - Historical Significance

Key Strengths: Viral recruitment = growth masterclass, Age system = early seasons, real commercial success with 500K players, merchandise monetization

Key Weaknesses: 1,436-line monolith, SQL injection, plaintext passwords, PHP 4 procedural code, won't run on modern PHP

Best Use: Game design study (viral mechanics), historical research (browser gaming peak), business case study (monetization)

Historical Significance: Proves great game design > code quality - this succeeded DESPITE terrible code!

Lesson: You can build a successful game with bad code, but you'll pay the price in maintenance. Kings of Chaos likely had massive security breaches and technical debt that limited growth.

---

Overall Assessment & Star Ratings

Category Rating Commentary
Innovation & Originality ★★★★★☆☆☆☆☆ 5/10 Early browser MMORPG, recruiting-based gameplay, large player base
Code Quality ★★★☆☆☆☆☆☆☆ 3/10 Procedural PHP 4.3, 1,436-line monolith, minimal structure
Security Posture ★☆☆☆☆☆☆☆☆☆ 1/10 Register globals, no input validation, plaintext passwords likely
Documentation ★★☆☆☆☆☆☆☆☆ 2/10 Minimal: regex.txt, koc.sql.txt only
Gameplay Design ★★★★★★★☆☆☆ 7/10 Viral recruiting mechanics, 11 races, 500K+ players achieved
Technical Architecture ★★★☆☆☆☆☆☆☆ 3/10 Monolithic vsys.php, basic phpMyChat integration
Completeness ★★★★★★★☆☆☆ 7/10 240 files, chat system, admin panel, custom fonts
Historical Significance ★★★★★★★★☆☆ 8/10 MAJOR: 500K players, successful commercial MMO from 2004
Preservation Value ★★★★★★★☆☆☆ 7/10 Important example of early browser MMO success story

Final Grade: C+

Summary: Kings of Chaos is a historically significant commercial browser MMORPG from 2004 that achieved 500,000+ players through innovative viral recruiting mechanics. With 11 playable races, alliance system, and integrated phpMyChat, it represents a successful commercial game from the era. However, typical 2004 security practices (register globals, basic PHP 4.3) and monolithic architecture (1,436-line vsys.php) show its age. The lack of license file and proprietary nature limit modern use to historical study only. Important artifact of browser MMO history when games like this competed with early graphical MMOs.

Security Warning

Running many of the scripts in this archive on a live server presents a serious security risk. These projects were created before modern hardening practices and may contain vulnerabilities that can compromise your system.

We strongly recommend using this code for reference and analysis only, or in isolated local environments. By downloading these files, you accept full responsibility for their use.