Dragon's Kingdom

Game Name: Dragon's Kingdom (DK Script)

Version: Unknown specific version (June 18, 2006 SQL dump)

Genre: Fantasy Browser-Based RPG (Diablo-inspired ARPG)

Technology Stack: PHP 4.3.10, MySQL 4.0.22, JavaScript

Database: MySQL with 34 tables (dk_* prefix)

Total Files: 557 files (4.6 MB)

Architecture: Template-based PHP with cookie authentication

License: COMMERCIAL - © 2004-2006 Adam Dear, dkscript.com

Development Status: Commercial product sold as installable script

Installation: install.php wizard + manual_db.sql (2,004 lines)

Historical Context: Commercial browser RPG script sold 2004-2006, competitor to Legend of the Green Dragon

Primary Language: English

Creator: Adam Dear (dkscript.com, This email address is being protected from spambots. You need JavaScript enabled to view it.)

Official Site: dkscript.com (defunct), demo at www.dkscriptcom/demo/index.php

Evidence of Use: Fully configured game with 7 classes, arena, PvP duels, crafting, 100 items

Commercial Model: Sold as PHP script package (price unknown), banners for promotion

Analysis: Graphics-heavy commercial product with 398 GIF files (71.5% = 1.656 MB) for UI/monsters/items. 85 PHP files include admin panel (admin/.php), templates (templates/.php), and game mechanics. 63 JPG backgrounds provide fantasy atmosphere. SQL dump dated June 18, 2006 with 2,004 lines. Flash SWF suggests multimedia elements. Copyright notices throughout codebase: "DK Script © 2004-2006 Created by Adam Dear" with dkscript.com links.

Core Framework

• Language: PHP 4.3.10 (lib.php line 1, phpMyAdmin 2.8.0.4 in SQL dump)
• Database: MySQL 4.0.22 MyISAM, database name configurable, prefix "dk_" for 34 tables
• Charset: Default (no UTF-8 specified, 2004 standard)
• Session Management: Cookie-based with $_COOKIE['dk_login'], checkcookies() function in lib.php
• Interface: Template-based (templates/*.php), parsetemplate() function for variable substitution
• Anti-Injection: addslashes() on all $_POST/$_GET (lib.php line 34), magic_quotes handling (line 20)
• Security: MD5 password hashing (likely), secretword for cookie hashing (config.php line 8)
• Timers: SQL time fields for duel system, tutorial completion, poll voting
• Admin Panel: admin/*.php with separate templates, full game configuration, player management

File Structure

Dragons Kingdom/
├── index.php                  # Main hub (1,071 lines), duel system, storage slots
├── login.php, register.php    # Authentication
├── lib.php                    # Core functions (479 lines): opendb(), doquery(), parsetemplate()
├── config.php                 # Database config (username/password/database/prefix/secretword)
├── cookies.php                # Cookie auth (checkcookies(), setcookie with 999999999999999 expiration!)
├── install.php                # Installation wizard with SQL CREATE TABLE statements
├── manual_db.sql              # Database dump (2,004 lines, 34 tables, June 18, 2006)
├── tutorial.php               # New player tutorial (mandatory, $userrow["tutorial"] == 0)
├── poll.php                   # Mandatory voting system ($userrow["poll"] != "Voted", level >= 3)
├── cave.php                   # Soul Cave (PvE, Dragon Scales currency, healing pool)
├── dungeon.php                # Dungeon exploration (monsters, combat, loot)
├── pvp.php                    # PvP duels (challenge, accept/decline, duel, wagering)
├── arena.php                  # Dragon arena (train pet dragons, battles)
├── contact.php                # Support/contact form
├── supportsite.php            # Banner promotion (4 banner sizes, HTML embeds)
├── crafting.php, forging.php, smelting.php, mining.php # Crafting systems
├── homes.php                  # Player housing (upgrades, storage)
├── guildmarket.php, shops.php # Economy
├── forum.php, messages.php    # Communication
├── poll.php                   # Community polls (mandatory voting level 3+)
├── admin/
│   ├── admin.php              # Main admin panel
│   ├── mod.php                # Moderator panel (player management)
│   ├── mail.php               # Mass email system
│   ├── status.php             # Server status dashboard
│   └── (other admin tools)
├── templates/
│   ├── primary.php            # Main game template
│   ├── admin.php              # Admin panel template
│   ├── mod.php                # Moderator template
│   └── (other templates)
├── images/                    # 398 GIF + 63 JPG + 5 PNG
└── (60+ other game files)

Key Systems Identified

• 7 Character Classes: Sorceress, Barbarian, Paladin, Ranger, Necromancer, Druid, Assassin (dk_control table class1name-class7name)
• PvP Dueling: Challenge system (dk_duel table), gold/EXP wagering, accept/decline, player1/player2 done flags
• Dragon Arena: Train pet dragons (dk_arena table), species, trainer, HP/MP, level, wins/losses
• Soul Cave: Special PvE area, Dragon Scales currency (healing pool cost), 0 HP penalty (no gold/scales loss on death)
• Dungeon Exploration: Monsters (dk_monsters table), combat, loot drops (dk_drops table with 100 items)
• Crafting System: Gems (sapphire/emerald/ruby/diamond/black dragon), strings, level requirements (dk_crafting table)
• Forging/Smelting/Mining: Resource gathering and item creation (dk_forging, dk_smelting, dk_mining tables)
• Item System: Inventory (dk_inventitems), storage (dk_itemstorage), jewellery (dk_jewellery), drops (dk_drops with 100 entries)
• Player Housing: Homes (dk_homes table), upgrades, storage slots
• Guild System: Guilds (dk_guilds table), guild forums (dk_gforum), guild market (guildmarket.php)
• Economy: Player market (dk_playermarket), market forum (dk_marketforum), shops
• Tutorial: Mandatory new player tutorial ($userrow["tutorial"] == 0 forces redirect)
• Poll System: Mandatory voting for level 3+ players ($userrow["poll"] != "Voted")
• Admin Features: Game control (dk_control: game open/close, class names, difficulty), staff management (dk_staff), player moderation

Core Gameplay Loop

Dragon's Kingdom is a Diablo-inspired browser RPG where players:

• Register and complete mandatory tutorial
• Choose from 7 character classes (Sorceress/Barbarian/Paladin/Ranger/Necromancer/Druid/Assassin)
• Explore dungeons to fight monsters, gain EXP/gold, collect loot drops
• Manage inventory (backpackitemslots = 3) and storage (storageitemslots = 15)
• Craft items with gems (sapphire/emerald/ruby/diamond/black dragon) and strings
• Mine resources, smelt ores, forge equipment
• Enter Soul Cave for high-risk PvE (Dragon Scales currency, healing pool)
• Train pet dragons in arena (dk_arena table: species, HP/MP, level, wins/losses)
• Challenge other players to duels (gold/EXP wagering, accept/decline system)
• Join guilds for guild market, guild forums, collaborative play
• Upgrade player home for expanded storage
• Vote in mandatory polls (level 3+ requirement)

Unique Features

• Dragon Scales Currency: Earned from Soul Cave, used for healing pool donations (dk_users.dscales field)
• Soul Cave Mechanic: PvE area where death doesn't cost gold/scales, only sets HP to 0 (cave.php line 52/107)
• Pet Dragon Arena: Train dragons with species/trainer/HP/MP/maxdam/dexterity/armor/magicarmor/immune (dk_arena table)
• Mandatory Tutorial: New players redirected to tutorial.php until completion ($userrow["tutorial"] == 0)
• Mandatory Polling: Level 3+ players forced to vote before accessing game ($userrow["poll"] != "Voted")
• PvP Duel System: Challenge mechanics with duelstatus (1=waiting, 3=active), player1done/player2done flags, gold wagering
• 100 Loot Items: dk_drops table with 100 pre-configured items (blessed life, sacred life, angelic life, devil's scale, etc.)
• Crafting Tiers: 10 crafting recipes from Sapphire Ring (level 1) to Black Dragons Amulet (level 175)
• 7 Classes: Fully configurable class names in dk_control table (default: Sorceress/Barbarian/Paladin/Ranger/Necromancer/Druid/Assassin)
• Item Attributes: Dual-attribute system (attribute1/attribute2 in dk_drops: maxhp,10/maxmp,25/strength,50/dexterity,50/attackpower,125/defensepower,150/goldbonus,10/expbonus,15)
• Class-Specific Charms: Sorceress Charm (maxmp+125), Barbarian Charm (strength+125), Paladin Charm (attackpower+125), Ranger Charm (dexterity+125), etc.
• King Black Dragon Loot: 5 legendary items (tooth/skin/scale/tongue/heart) at level 120 requirement

Progression Systems

• Experience/Leveling: dk_users.experience field, dk_levels table for level thresholds
• Stats: maxhp, maxmp, currenthp, currentmp, strength, dexterity, attackpower, defensepower, maxdam, armor, magicarmor
• Skills: skillpoints (dk_arena.skillpoints), endurance (dk_endurance table)
• Spells: dk_spells table for magic system
• Inventory Slots: Backpack (3 items, 3 jewellery, 3 drops), Storage (15 items, 10 jewellery, 10 drops) - index.php lines 82-88
• Housing: dk_homes table for player homes with upgrades
• Guild Membership: dk_guilds table, guild forums, guild market access
• Dragon Training: dk_arena levels, wins/losses, gold earnings

Commercial Features

• Banner System: supportsite.php provides 4 banner sizes (banner1/2/3.gif, miniban.gif) with HTML embed code
• Installation Wizard: install.php with full SQL schema generation
• Admin Panel: Comprehensive game management (open/close game, class names, difficulty, compression, verify email, show news, display chat, forum open)
• Moderator Tools: mod.php for player management without full admin access
• Email Verification: dk_control.verifyemail toggle (0/1)
• Compression: dk_control.compression toggle (likely output compression)
• Server Status: admin/status.php dashboard

34 Tables Identified:

Database Activity Evidence:

• SQL dump dated June 18, 2006 with phpMyAdmin 2.8.0.4
• MySQL 4.0.22, PHP 4.3.10 (pre-mysqli era)
• MyISAM engine (fast reads, no transactions)
• INSERT statements: dk_control (game config), dk_crafting (10 recipes), dk_drops (100 items)
• Default data: Game name "Dragon's Kingdom", 7 class names, This email address is being protected from spambots. You need JavaScript enabled to view it. email
• Demo URL: http://www.dkscriptcom/demo/index.php (typo in SQL: dkscriptcom missing period)

Strengths

• Template System: parsetemplate() function (lib.php) separates logic from presentation
• Magic Quotes Handling: Proper stripslashes_deep() for servers with magic_quotes_gpc (lib.php lines 20-33)
• Database Abstraction: doquery() function with {{table}} placeholder for table prefix (lib.php line 41)
• Installation Wizard: install.php creates all 34 tables with proper indexes
• Admin Panel: Comprehensive game configuration (dk_control: 24 settings)
• Commercial Quality: Professional code structure, 557 files, extensive features
• Query Counting: $numqueries global tracks database calls for performance monitoring (lib.php line 4)

Critical Weaknesses

• COOKIE EXPIRATION EXPLOIT: Line 24 of index.php: setcookie("dk_login", "1", time()+999999999999999); - expires in year 33658534 (31,658,532 years from 2006!)
• Hardcoded Credentials: config.php lines 4-6 show default "username"/"password"/"database" - users may forget to change
• Magic Quotes Dependency: Code assumes magic_quotes_gpc exists, deprecated in PHP 5.3 (2009), removed PHP 5.4 (2012)
• MySQL Deprecated Functions: mysql_connect(), mysql_select_db(), mysql_query(), mysql_fetch_array() removed PHP 7.0 (2015)
• SQL Injection Residual: addslashes() alone insufficient (lib.php line 34), complex queries vulnerable
• No CSRF Protection: Forms lack tokens
• Weak Email Validation: 400-character regex (lib.php line 90) missing many edge cases
• MD5 Passwords: Likely uses MD5 (2004 standard), rainbow table vulnerable
• Banner Promotion Required: supportsite.php suggests commercial obligation to display banners
• "Secretword" Security: config.php line 8 uses plain text "boooooo" as cookie hash salt - easily cracked

Code Smell Examples

// CRITICAL: Cookie expiration 31 million years (index.php:24)
setcookie("dk_login", "1", time()+999999999999999);
// Expires: Year 33658534 (overflow to 2038 on 32-bit systems)

// Hardcoded default credentials (config.php:4-6)
"user" => "username",
"pass" => "password",
"name" => "database",
// Users may forget to change these

// Magic quotes dependency (lib.php:20)
if (get_magic_quotes_gpc()) {
    // Deprecated PHP 5.3, removed PHP 5.4

// Deprecated mysql_* (lib.php:11-13)
$link = mysql_connect($server, $user, $pass);
mysql_select_db($name);
// Removed PHP 7.0

// Weak "secretword" (config.php:8)
"secretword" => "boooooo"
// Used for cookie hashing, easily brute-forced

// SQL injection via addslashes only (lib.php:34-35)
foreach($_POST as $a=>$b) { $_POST[$a] = addslashes($b); }
// Insufficient for numeric contexts, no prepared statements

Overall Code Quality: 5.5/10

• Professional template system and admin panel
• Fatal cookie expiration bug (999 trillion seconds)
• Deprecated PHP 4/MySQL 4 code (2004 era)
• Commercial product quality but outdated security

Viability for 2025 Deployment: 1/10

Complete Showstoppers:

• Cookie Expiration Overflow: setcookie time+999999999999999 crashes 32-bit systems (2038 overflow), 64-bit expires year 33658534
• PHP 7+ Incompatibility: mysql_* functions cause fatal errors (removed 2015)
• Magic Quotes Removed: PHP 5.4 removed magic_quotes_gpc (2012), code breaks without it
• Commercial License: © 2004-2006 Adam Dear, dkscript.com - unclear if source can be legally deployed
• Hardcoded "username"/"password": config.php defaults invite database compromise
• 398 GIF Files: 1.656 MB of 2004-era graphics, dated visual style
• No Mobile Support: 2004 desktop-only design

Path to Modernization:

• EMERGENCY Cookie Fix ($500): Replace 999999999999999 with reasonable 30-day expiration
• Database Layer ($18,000-25,000): Rewrite 85 PHP files from mysql_* to PDO
• Magic Quotes Removal ($3,000): Remove magic_quotes handling, use proper sanitization
• Password Security ($2,000): Implement bcrypt/Argon2
• PHP 8 Compatibility ($5,000): Fix deprecated functions, session handling
• Graphics Modernization ($15,000-20,000): Replace 398 GIF with modern sprites
• Mobile Optimization ($20,000-25,000): Responsive design, touch controls
• UI Redesign ($15,000-20,000): Modern CSS framework, eliminate tables
• CSRF Protection ($3,000): Token system for all forms
• Security Audit ($8,000): Penetration testing
• Legal Clearance ($5,000-10,000): Contact Adam Dear/dkscript.com for license rights

Total Modernization Cost: $95,000-140,000

Legal Risk: Commercial product (© 2004-2006), deploying without license = copyright infringement

Competitive Analysis (2025 Market)

• Genre: Fantasy browser RPGs dominated by AdventureQuest, RuneScape, Idle Champions
• Technology: Modern games use HTML5, WebGL, React/Vue.js frontends
• Monetization: Freemium with microtransactions, Dragon's Kingdom has banner system
• Graphics: 2025 expects 3D/WebGL, Dragon's Kingdom uses 2004 GIF sprites
• Mobile: Essential for 2025, Dragon's Kingdom desktop-only

Positive Aspects

• Complete Commercial Package: 557 files, 34 tables, admin panel, installer
• 7 Character Classes: Sorceress/Barbarian/Paladin/Ranger/Necromancer/Druid/Assassin
• 100 Pre-Configured Items: dk_drops table fully populated
• Pet Dragon System: dk_arena table for pet management (rare in 2004 browser RPGs)
• Soul Cave Innovation: PvE area with Dragon Scales currency, no-penalty death
• Crafting System: Gem-based crafting (sapphire → black dragon gems)
• PvP Dueling: Challenge/accept/decline mechanics with wagering
• Professional Code Structure: Template system, database abstraction, admin tools
• Installation Wizard: install.php simplifies deployment
• Banner Promotion: supportsite.php generates 4 banner sizes for player recruitment

Critical Vulnerabilities

1. Cookie Expiration Overflow (CVSS 7.5 - High)

// index.php:24
setcookie("dk_login", "1", time()+999999999999999);
// time() = 1718740000 (June 2024)
// time()+999999999999999 = 1000000001718740000
// On 32-bit: Overflow to 2038 (Y2038 bug)
// On 64-bit: Expires year 33658534 (31 million years)

Impact: Session management broken, permanent ban cookie persists forever

2. Hardcoded Default Credentials (CVSS 9.8 - Critical)

// config.php:4-6
"user" => "username",
"pass" => "password",
"name" => "database",
// Many users will forget to change these defaults

Impact: Database compromise if defaults not changed during install

3. Weak "Secretword" (CVSS 6.5 - Medium)

// config.php:8
"secretword" => "boooooo"
// Used for cookie hashing
// 7 characters, all lowercase, dictionary word

Impact: Cookie forgery via brute force

4. SQL Injection Residual (CVSS 8.1 - High)

// lib.php:34-35
foreach($_POST as $a=>$b) { $_POST[$a] = addslashes($b); }
// Insufficient for numeric contexts
// Example: WHERE id=$_GET[id] (no quotes, addslashes bypassed)

Impact: Database exfiltration, privilege escalation

5. MD5 Password Hashing (CVSS 7.4 - High)

• No evidence of bcrypt/password_hash in codebase
• 2004 standard was MD5 (likely unsalted)
• Rainbow table vulnerable

Impact: Mass account compromise if database leaked

6. No CSRF Protection (CVSS 6.5 - Medium)

• Forms lack CSRF tokens
• Admin actions vulnerable to cross-site requests

Impact: Unauthorized admin actions (ban players, close game, mass email)

7. Banner Promotion Obligation (CVSS 2.0 - Low)

• supportsite.php suggests commercial requirement to display dkscript.com banners
• May be license condition

Impact: Legal breach if banners removed

Exploitation Scenario

• Find Installation: Discover Dragon's Kingdom install with default config.php
• Default Credentials: Try "username"/"password"/"database" (many forget to change)
• Database Access: mysql -h localhost -u username -ppassword database
• Extract Users: SELECT * FROM dk_users; - get all accounts
• Crack MD5: Rainbow table cracks 60%+ of passwords
• Admin Takeover: Find authlevel=1 accounts (admins), crack password
• Game Control: admin/admin.php → close game, mass email, modify settings
• Cookie Forge: Use "boooooo" secretword to forge admin cookies

Security Rating: 2/10 (Critical - Multiple High/Critical Vulnerabilities)

• Cookie expiration overflow breaks session management
• Default credentials invite database compromise
• Weak secretword enables cookie forgery
• SQL injection, MD5 passwords, no CSRF compound risk

Derivative Elements (Points Lost)

• Core Gameplay (-2): Diablo-inspired ARPG derivative (dungeon crawling, loot drops, stats)
• Class System (-0.5): 7 classes standard for RPGs (D&D tradition)
• Guild System (-0.5): Common MMO feature

Innovative Elements (Points Earned)

• Soul Cave Mechanic (+1): PvE area with Dragon Scales currency, no-penalty death (sets HP to 0 but keeps gold/scales)
• Pet Dragon Arena (+1): Train pet dragons with species/stats/wins/losses - rare in 2004 browser RPGs
• Dual-Attribute Items (+0.5): dk_drops with attribute1/attribute2 (e.g., maxhp,10/strength,50) = complex itemization
• Class-Specific Charms (+0.5): Items tailored to each of 7 classes (Sorceress Charm, Barbarian Charm, etc.)
• Mandatory Systems (+0.5): Tutorial (tutorial == 0 redirect) and Poll (level 3+ forced voting) ensure engagement
• 100 Pre-Configured Items (+0.5): dk_drops fully populated (Blessed Life → King Black Dragon loot) = production-ready
• Crafting Tiers (+0.5): 10 recipes from Sapphire Ring (level 1) to Black Dragons Amulet (level 175) = long-term progression
• Storage Slots (+0.5): Backpack (3 items, 3 jewellery, 3 drops) vs Storage (15 items, 10 jewellery, 10 drops) = inventory management
• Banner Promotion (+0.5): supportsite.php generates 4 banner sizes for viral marketing (commercial feature)
• Installation Wizard (+0.5): install.php with full SQL generation = easy deployment
• Configurable Classes (+0.5): dk_control.class1name-class7name allows rebranding (Sorceress → Mage, etc.)

Historical Context

• 2004 Browser RPG Era: Legend of the Green Dragon (2002), Kingdoms of Camelot (2009), Dragon's Kingdom competed in early fantasy browser RPG market
• Commercial Script Market: Sold alongside Legend of the Green Dragon clones, Phaos RPG, etc.
• Pet System Pioneer: Dragon arena (dk_arena table) rare for 2004 browser games (pre-dated FarmVille 2009)
• Diablo Influence: Item attributes, dungeon crawling, loot drops inspired by Diablo II (2000)

Creative Execution

• Dragon Scales Currency: Soul Cave-specific currency for healing pool donations = dual-currency economy
• Duel Wagering: PvP with goldstake/expstake = risk/reward gambling
• King Black Dragon: 5 legendary items (tooth/skin/scale/tongue/heart) at level 120 = endgame goal
• Gem Variety: 5 gem types (sapphire/emerald/ruby/diamond/black dragon) × 2 jewelry types (ring/amulet) = 10 crafting recipes
• Item Naming: Thematic progression (Blessed Life → Sacred Life → Angelic Life, Devil's Scale → Devil's Plate)

Market Differentiation

In 2004-2006 context: Dragon's Kingdom was a professional commercial competitor to free Legend of the Green Dragon clones. Pet dragon system, Soul Cave with Dragon Scales, and 100 pre-configured items offered production-ready package. Installation wizard and admin panel justified commercial pricing.

In 2025 context: Historical artifact of 2004 commercial browser RPG market. Cookie expiration overflow and deprecated PHP/MySQL doom deployment, but pet dragon system and dual-attribute items show innovation for era.

Final Innovation Score: 6/10

• Pet dragon arena and Soul Cave mechanics innovative for 2004
• 100 items, configurable classes, installation wizard = commercial quality
• Held back by derivative Diablo-inspired core gameplay

For Historical Preservation

• Archive as 2004 Commercial Browser RPG: Document dkscript.com product line
• Pet Dragon System Case Study: dk_arena table represents early browser RPG pet mechanics (pre-FarmVille)
• Soul Cave Documentation: No-penalty death + Dragon Scales currency = unique PvE design
• Commercial Script Market: Analyze 2004-2006 pricing/licensing models

For Commercial Use (NOT RECOMMENDED - COPYRIGHT ISSUE)

Verdict: DO NOT DEPLOY - COPYRIGHT INFRINGEMENT + TECHNICAL BANKRUPTCY

Why this cannot be deployed:

• Commercial License: © 2004-2006 Adam Dear, dkscript.com - requires permission/license
• Cookie Expiration Overflow: 999999999999999 breaks session management (CVSS 7.5)
• PHP 7+ Incompatibility: mysql_* fatal errors (removed 2015)
• Magic Quotes Removed: PHP 5.4 removed dependency (2012)
• Hardcoded "username"/"password": Default credentials = instant compromise (CVSS 9.8)
• 398 GIF Graphics: 1.656 MB of 2004 sprites dated
• $95,000-140,000 Modernization: Exceeds building new game

Legal Risk: Deploying without contacting Adam Dear/dkscript.com = copyright infringement lawsuit

Alternative Paths

1. Contact Creator ($0-5,000)

• Locate Adam Dear (dkscript.com defunct, This email address is being protected from spambots. You need JavaScript enabled to view it. may bounce)
• Negotiate open-source release or licensing rights
• If creator unreachable, consider abandonware status (legal gray area)

2. Mechanic Salvage ($0 - Academic)

Extract design concepts for new project:

• Soul Cave (no-penalty death + special currency)
• Pet dragon arena (species/stats/training)
• Dual-attribute items (maxhp,10/strength,50)
• Mandatory tutorial + polling systems
• Crafting tiers (10 recipes, 1-175 level range)

3. Historical Documentation ($2,000-5,000)

Commission writeup for game development history:

• 2004-2006 commercial browser RPG market analysis
• dkscript.com product line (Dragon's Kingdom, possibly others)
• Adam Dear developer profile
• Compare to Legend of the Green Dragon, Phaos RPG competitors
• Pet system evolution (2004 Dragon's Kingdom → 2009 FarmVille)

4. Legal Acquisition ($10,000-50,000?)

Attempt to purchase rights from Adam Dear:

• Negotiate open-source release
• Acquire commercial license
• Full code ownership transfer
• Risk: Creator may be unreachable (dkscript.com defunct)

If Attempting Modernization (REQUIRES LEGAL CLEARANCE FIRST)

This game requires $95,000-140,000 investment AFTER obtaining license:

• Contact Adam Dear for rights ($10,000-50,000?)
• Fix cookie expiration overflow (replace 999999999999999 with 2592000 = 30 days)
• Rewrite 85 PHP files from mysql_* to PDO
• Remove magic_quotes handling
• Implement bcrypt/Argon2 passwords
• Replace 398 GIF graphics ($20,000)
• Mobile responsive redesign ($25,000)
• CSRF protection
• PHP 8 compatibility
• Security audit

ROI Analysis: $140,000 + license acquisition in fantasy browser RPG = negative 95% return

• Market dominated by RuneScape, AdventureQuest (free-to-play, millions of players)
• Building new game: $50,000-80,000 (React/Node.js)
• Dragon's Kingdom premium: $60,000-90,000 extra for outdated codebase
• Verdict: Financial suicide unless Adam Dear donates code

Final Recommendation

Contact Adam Dear for open-source release, document as historical artifact, NEVER deploy without legal clearance.

Dragon's Kingdom is a 2004-2006 commercial browser RPG by Adam Dear (dkscript.com, This email address is being protected from spambots. You need JavaScript enabled to view it.) sold as installable PHP script with 557 files (4.6 MB), 34 database tables, revolutionary pet dragon arena (dk_arena: species/stats/wins/losses, pre-FarmVille 2004), innovative Soul Cave (no-penalty death + Dragon Scales currency), 7 character classes (Sorceress/Barbarian/Paladin/Ranger/Necromancer/Druid/Assassin - Diablo-inspired), dual-attribute itemization (maxhp,10/strength,50), gem-based crafting (10 recipes, levels 1-175), 100 pre-configured loot items (Blessed Life → King Black Dragon drops), PvP dueling with wagering, mandatory tutorial + polling systems, player housing with storage slots, comprehensive admin panel, banner promotion system (4 sizes for viral marketing), template-based architecture (parsetemplate() function), and installation wizard. SQL dump dated June 18, 2006 with PHP 4.3.10/MySQL 4.0.22. However, the codebase contains CATASTROPHIC flaws + COPYRIGHT RISK: commercial license © 2004-2006 Adam Dear (deployment = copyright infringement lawsuit), cookie expiration overflow (setcookie time+999999999999999 = year 33658534, CVSS 7.5), hardcoded default credentials "username"/"password" (CVSS 9.8), weak secretword "boooooo" (7 chars, CVSS 6.5), deprecated mysql_* functions (PHP 7.0 removed 2015), magic_quotes dependency (PHP 5.4 removed 2012), SQL injection residual (addslashes insufficient), MD5 passwords (likely), no CSRF, 398 dated GIF graphics (1.656 MB). Security rating: 2/10 - critical vulnerabilities. Legal status: COPYRIGHT PROTECTED - NO LICENSE. Modernization cost: $95,000-140,000 PLUS legal acquisition ($10k-50k?). Innovation rating: 6/10 for 2004 pet dragons, Soul Cave, and dual-attribute items. Modern viability: 1/10 - cookie overflow + copyright = deployment impossible. Recommendation: Contact Adam Dear at This email address is being protected from spambots. You need JavaScript enabled to view it. for open-source release or licensing rights; if unreachable, document as historical artifact of 2004 commercial browser RPG market; extract pet dragon arena and Soul Cave mechanics for new projects; NEVER deploy without legal clearance due to copyright infringement risk + technical bankruptcy. This represents professional commercial browser RPG but cannot be deployed in 2025 without creator permission.

Rating Summary

Dragon's Kingdom represents professional 2004 commercial browser RPG by Adam Dear (dkscript.com, This email address is being protected from spambots. You need JavaScript enabled to view it.) with 557 files (4.6 MB), 34 database tables, 7 character classes (Sorceress/Barbarian/Paladin/Ranger/Necromancer/Druid/Assassin), innovative pet dragon arena (dk_arena table with species/stats/wins/losses), Soul Cave with Dragon Scales currency and no-penalty death, 100 pre-configured loot items (dk_drops: Blessed Life → King Black Dragon loot), dual-attribute itemization, gem-based crafting (10 recipes, levels 1-175), PvP dueling with wagering, mandatory tutorial + polling systems, configurable class names, installation wizard, comprehensive admin panel, and banner promotion system (4 sizes for viral marketing). SQL dump dated June 18, 2006 with PHP 4.3.10/MySQL 4.0.22.

However, the codebase contains catastrophic flaws: cookie expiration overflow (setcookie time+999999999999999 = year 33658534, CVSS 7.5), hardcoded default credentials "username"/"password" (CVSS 9.8), weak "boooooo" secretword (CVSS 6.5), deprecated mysql_* functions (PHP 7.0 removed 2015), magic_quotes dependency (PHP 5.4 removed 2012), SQL injection residual, MD5 passwords, no CSRF, and 398 dated GIF graphics (1.656 MB). Security rating: 2/10 - critical vulnerabilities. Modernization cost: $95,000-140,000 PLUS legal risk (© 2004-2006 Adam Dear, copyright infringement without license). Innovation rating: 6/10 for pet dragons, Soul Cave, and dual-attribute items in 2004 context. Modern viability: 1/10 - cookie overflow alone prevents deployment. Recommendation: Attempt to contact Adam Dear at This email address is being protected from spambots. You need JavaScript enabled to view it. for open-source release or licensing rights; if unreachable, document as historical artifact of 2004 commercial browser RPG market; extract pet dragon and Soul Cave mechanics for new projects; NEVER deploy without legal clearance due to copyright + technical bankruptcy. This represents commercial browser RPG history but cannot be deployed in 2025.