Galactic Warz

Game Title: Galactic Warz

Version: v0.1 (Beta) - Incomplete/In Development

Developer: Unknown

Target Release: January 2, 2008 or March 11, 2008

Genre: Space-themed Text-Based MMORPSG (typo: should be MMORPG)

Language: PHP 4.x/5.x

License: Unlicensed / Proprietary

Server: GoDaddy shared hosting (p50mysql51.secureserver.net)

Status: INCOMPLETE - notes.txt lists unfinished features

Historical Context

Galactic Warz is an abandoned beta space-themed browser RPG from late 2007/early 2008. The archive contains:

• notes.txt: "Things to be done: session, while loop for the upgrades"
• Promotional text: "Site still Under Construction... Beta will be up somewhere between now and 01/02/08"
• Signup bonus: "This action lasts until 11-03-08"

Critical Finding: The [connect.php](d:_HOUSESOCIALMUDWWW_MUD Gamesunzippedgalactic_warzGalactic warzconnect.php) file contains hardcoded production server credentials:

      $db = mysql_connect("p50mysql51.secureserver.net", "age1beta", "djm,1Udkm!")
      or die("Error In Connection - ". mysql_error());
      mysql_select_db("age1beta", $db);

• Server: GoDaddy shared hosting (p50mysql51.secureserver.net)
• Username: age1beta
• Password: djm,1Udkm!
• Database: age1beta

This is the only game in the collection with credentials to a production shared hosting server (not localhost).

Archive Characteristics

• Archive Type: Incomplete beta snapshot
• Total Files: 57 files
• Total Size: ~540 KB
• Documentation: notes.txt only (TODO list)
• Database: No SQL file (production server only)

---

File Statistics

• 52 PHP files (~529 KB)
• 2 PNG files (~7 KB) - food.png, gold.png (resource icons)
• 1 CSS file (0.21 KB) - Minimal styling
• 1 JS file (~5 KB) - alttxt.js (alt text tooltips)
• 1 TXT file (0.12 KB) - notes.txt (TODO list)

Game Features (from filenames)

Core Systems:

• Login/Register (index.php, register.php, no-login.php)
• Galaxy map (galaxy.php, alliance_galaxy.php)
• Home planet (home_planet.php, do_home-planet.php)
• Command center (command_center.php)

Combat/Economy:

• Armory (armory.php, armory_1/2/3.php, do_armory_*.php)
• Market (market.php, do_market.php)
• Mercenary market (mercenary_market.php)
• Private trader (private_trader.php)
• Training center (training_center.php, training_center_1/2/3.php)
• Upgrades (upgrades.php, do_upgrades.php)

Premium Features:

• Store (store.php)
• Store tiers (store_bronze.php, store_silver.php, store_golden.php, store_tds.php)

Social/Admin:

• News (news.php)
• Rules (rules.php)
• Voting (vote.php)
• Preferences (10+ preference files for settings)

Database Schema (from notes.txt):

• "I made 3 extra tables in the db: items, ships, and upgrades"
• Likely additional tables for users, planets, market, etc.

---

Security Score: 0/10 (Catastrophic)

CRITICAL: Production Server Credentials Exposed

      // connect.php - HARDCODED GODADDY CREDENTIALS
      $db = mysql_connect("p50mysql51.secureserver.net", "age1beta", "djm,1Udkm!");

Severity: CVSS 10.0 (CRITICAL) - Worse than localhost credentials

Why This is Worse:

• Production server (not localhost) = Live database exposed
• GoDaddy shared hosting = Multi-tenant environment
• age1beta username = Identifiable account
• Password in plaintext = Permanent compromise
• Database name = username = No obscurity

Impact if Credentials Valid (2008-2025):

• Full database access - Read all user data, passwords, emails
• Data modification - Insert admin accounts, modify game state
• Data deletion - DROP DATABASE age1beta
• Server reconnaissance - Enumerate other databases on shared server
• Lateral movement - Potential access to other accounts if password reused
• 17-year exposure window - Credentials in archive since 2008

Other Vulnerabilities:

• SQL Injection (no parameterized queries visible)
• No password hashing visible (likely plaintext or MD5)
• parse_str($QUERY_STRING) - register_globals emulation (deprecated/dangerous)
• mysql_* functions (removed PHP 7.0)
• No CSRF protection
• Minimal XSS protection

---

Quality Score: 1/10

Critical Issues:

1. Production Credentials:

      // NEVER commit production credentials to code!
      $db = mysql_connect("p50mysql51.secureserver.net", "age1beta", "djm,1Udkm!");

2. Deprecated Code:

      // parse_str with QUERY_STRING = register_globals emulation
      parse_str("$QUERY_STRING");  // Security disaster

3. Incomplete Implementation:

// notes.txt

Things to be done:

session // Sessions not implemented!

while loop for the upgrades

• No session management = Can't maintain login state
• Broken core functionality

4. No Error Handling:

      $db = mysql_connect(...) or die("Error In Connection - ". mysql_error());
      // Exposes mysql_error() to users (information disclosure)

5. Poor Organization:

• All 52 files in root directory
• No includes/ folder (despite includes/_top.php reference)
• "do_*.php" action handlers mixed with page files

---

Deployment Feasibility: IMPOSSIBLE

Fatal Blockers:

• Hardcoded GoDaddy credentials - Cannot deploy without changing
• Sessions not implemented - Cannot login (notes.txt confirms)
• parse_str($QUERY_STRING) - Deprecated, dangerous
• mysql_* functions - Removed PHP 7.0
• Incomplete features - Core gameplay missing
• Production DB required - No local SQL dump

This game is literally unplayable:

• notes.txt: "Things to be done: session"
• Without sessions, authentication doesn't work
• Beta never launched (2008 dates passed)

Technical Debt Score: 10/10 (Maximum)

Why Maximum Debt:

• Incomplete implementation (TODO list)
• Production credentials (security disaster)
• parse_str() (register_globals emulation)
• No sessions (broken auth)
• mysql_* functions (PHP 7.0+ incompatible)
• Zero documentation beyond notes.txt
• Small codebase BUT fundamentally broken

Modernization Effort: NOT WORTH ATTEMPTING

• Core features incomplete
• Would need to:
• Remove production credentials (5 min)
• Implement sessions (20 hours)
• Fix parse_str() (10 hours)
• Convert mysql_* to PDO (30 hours)
• Complete TODO features (unknown hours)
• Recreate database schema (no SQL file)
• TOTAL: Unknown (100-300+ hours?)

---

Preservation Worthiness: 2/10 (Low)

Why Low Value:

• Incomplete beta (never launched)
• No unique innovations
• Generic space RPG theme
• Small codebase (57 files)
• Zero documentation
• Production credential artifact (unique in collection)

Only Historical Value:

• Documents abandoned beta phenomenon (common in indie games)
• Shows GoDaddy shared hosting era (2008)
• Credential exposure case study for security education

For Historians/Archivists

Archive Minimally:

• Preserve as-is (document abandoned state)
• Redact/note production credentials
• ⚠️ Contact GoDaddy abuse if credentials still active
• Not worth deep analysis (incomplete)

For Developers

DO NOT STUDY THIS CODE

What NOT to Learn:

• Never hardcode production credentials
• Never use parse_str($QUERY_STRING)
• Never commit incomplete code with TODO lists
• Never skip session implementation
• Never expose mysql_error() to users

Only Lesson: "How NOT to deploy a game"

For Players

UNPLAYABLE

• No sessions = Cannot login
• notes.txt confirms incomplete
• Production DB inaccessible to public
• Beta never launched (2008)

---

Summary: Galactic Warz v0.1 Beta is an abandoned space-themed browser RPG from late 2007/early 2008 that never launched. With only 57 files and a notes.txt TODO list confirming incomplete implementation ("Things to be done: session, while loop"), this beta is fundamentally unplayable. Most critically, [connect.php](d:_HOUSESOCIALMUDWWW_MUD Gamesunzippedgalactic_warzGalactic warzconnect.php) contains hardcoded credentials to a production GoDaddy server (p50mysql51.secureserver.net, age1beta/djm,1Udkm!), making it the only game in the collection with live production server exposure.

Key Tragedy: Developer built armory, market, training, upgrades, premium store... but never finished sessions (authentication), rendering entire game unusable.

Security Disaster: 17-year exposure of production credentials (2008-2025) if credentials never rotated.

Historical Significance: Documents the abandoned indie game beta phenomenon - partially-built games left in archives with production credentials exposed.

Best Use Cases in 2025:

• ⚠️ Security education - "Never commit production credentials" case study
• ⚠️ Abandoned project case study - Incomplete TODO lists in archives
• NOT playable - Core auth missing
• NOT refactorable - Too incomplete to salvage
• NOT worth studying - Poor code quality, incomplete features

Comparison to Collection:

• ezRPG: Professional framework, clean code
• Eternal Duel: Bloated but complete (491 files)
• Galactic Warz: Incomplete beta (57 files), broken auth, production credentials

Preservation Priority: LOW (2/10) - Archive for credential exposure case study only

Epitaph: "They built a store before building authentication - priorities inverted."

---

Analysis Completed: December 2025

Confidence Level: 92% (complete file review, notes.txt TODO confirmed, connect.php credentials verified)

Recommended Action: Archive with credential redaction, document as abandoned beta

Security Warning: 🚨 PRODUCTION GODADDY CREDENTIALS EXPOSED - p50mysql51.secureserver.net

Status: 💀 Abandoned beta, never launched, fundamentally broken (no sessions)

Next Game: generic_mafia_rpg (26/79 complete - 32.9%)