Amazing Collection of online role playing games for your website!
Mroczni Rycerze
Rating
Technical Details
Forge your legend in a Polish medieval fantasy world. Train core stats, equip armor, shield, and sword, and battle in the arena to test your mettle against worthy rivals. Earn gold, invest in gear, and climb the rankings on your path to renown.
Join or found a guild, send messages, embark on expeditions, and balance work and battle cooldowns as you grow stronger. Simple, fast-paced RPG systems make progression satisfying—ideal for quick sessions that steadily build your hero’s power.
File Verification
Mroczni Rycerze v0.2 - Code Archaeology Report - Game Analysis Report
1. GAME IDENTITY & PROVENANCE
Title: Mroczni Rycerze v0.2 (English: "Dark Knights")
Subtitle: Konstrukcja Game v0.2
Genre: Browser-Based Fantasy RPG (Polish Language)
Release Date: ~2007-2008 (estimated)
Developer: CybaWielki.pl
Website: www.CybaWielki.pl (defunct)
Forum: www.forum.CybaWielki.pl (defunct)
License: Proprietary (Custom Polish License)
Project Status: Early beta (v0.2)
Archive Structure:
mroczni_rycerze_v0.2/
└── Mroczni Rycerze v0-2/
├── index.php # Router (switch statement)
├── ustawienia.php # Config (DATABASE CREDENTIALS!)
├── login.php # Login handler
├── logowanie.php # Login form
├── rejestracja.php # Registration
├── wyloguj.php # Logout
├── licencja.txt # Polish license terms
├── MySQL.txt # Database schema (4 tables)
├── strona/
│ ├── gosc/ # Guest pages (kontakt, regulamin, start)
│ ├── gracz/ # Player pages (15 PHP files)
│ ├── administrator/ # Admin panel
│ └── include/ # Header/footer
├── template/
│ ├── styles.css
│ ├── reset.css
│ ├── ie.css
│ └── images/ # 14 PNG images
└── skin/ # 20 JPG imagesHistorical Context:
Mroczni Rycerze ("Dark Knights") is a Polish-language fantasy RPG that represents the localized browser gaming movement in Eastern Europe circa 2007-2008. While Western games like McCodes dominated English markets, Polish developers created their own ecosystem. CybaWielki.pl appears to have been a game development portal offering multiple "construction game" engines (hence "Konstrukcja Game v0.2"). This is the first Polish game encountered in this collection, contrasting with previous Dutch (Mob Star) and international games.
---
POLISH LANGUAGE GAME - Early Beta with Placeholder Credentials
2. TECHNICAL FOUNDATION
Core Technologies
- Backend: PHP (likely PHP 5.x)
- Database: MySQL (MyISAM tables)
- Frontend: HTML with CSS (separate stylesheets!)
- Session Management: PHP $_SESSION (proper session-based auth)
- Password Storage: MD5 hashing (weak but present)
Architecture
FLOW: index.php (router) → $_GET['strona'] → strona/gracz/[feature].php → MySQL
↓
ustawienia.php
(DATABASE CREDENTIALS)Router Pattern (index.php):
switch($_GET['strona']) {
default:
include('strona/gosc/start.php'); // Guest homepage
break;
case 'rejestracja':
include('rejestracja.php'); // Registration
break;
case 'start':
include('strona/gracz/start.php'); // Player dashboard
break;
// ... 20+ cases
}Critical Configuration File (ustawienia.php):
<?php
mysql_connect('host','nazwa mysql','haslo') or die(mysql_error()."...");
mysql_select_db('uzytkownik mysql') or die(mysql_error()."...");
?>- PLACEHOLDER VALUES = better than Mob Star's exposed "jeff" password
- Still problematic if deployed with placeholders unchanged
Code Statistics:
- Total Files: 61 files, 0.67 MB
- PHP Files: 22 files, 1,781 lines
- Images: 20 JPG, 14 PNG
- CSS Files: 3 (styles.css, reset.css, ie.css)
- Database Tables: 4 (gildia, gildia_akcja, uzytkownicy, wiadomosci)
Architectural Improvements vs Mob Star
| Feature | Mob Star (Game 41) | Mroczni Rycerze (Game 42) |
|---|---|---|
| Router | None (direct includes) | Centralized switch() in index.php |
| CSS | Inline/mixed | Separate files (3 stylesheets) |
| Auth | Cookie plaintext | $_SESSION with MD5 hashing |
| Credentials | Exposed ("jeff") | Placeholders (still bad if unchanged) |
| Language | Dutch/English mix | Pure Polish |
| File Structure | Flat | Organized (strona/gracz/, strona/gosc/) |
Verdict: Mroczni Rycerze has significantly better architecture than Mob Star, but both share SQL injection vulnerabilities.
---
3. GAME MECHANICS & FEATURES
Core Systems
1. Character Stats (uzytkownicy table)
`pkt` int(11) NOT NULL, -- Points
`sila` int(11) NOT NULL DEFAULT '1', -- Strength
`atak` int(11) NOT NULL DEFAULT '1', -- Attack
`obrona` int(11) NOT NULL DEFAULT '1', -- Defense
`wytrzymalosc` int(11) NOT NULL DEFAULT '1', -- Endurance
`inteligencja` int(11) NOT NULL DEFAULT '1', -- Intelligence
`obrarzenia_min` int(11) NOT NULL DEFAULT '0', -- Min damage
`obrarzenia_max` int(11) NOT NULL DEFAULT '1', -- Max damage
`zdrowie` int(11) NOT NULL DEFAULT '100', -- Health (100 starting)
`zloto` int(11) NOT NULL DEFAULT '500', -- Gold (500 starting)
`platyna` int(11) NOT NULL DEFAULT '0', -- Platinum (premium currency)2. Equipment System
`zbroja` int(11) NOT NULL DEFAULT '1', -- Armor
`tarcza` int(11) NOT NULL DEFAULT '1', -- Shield
`miecz` int(11) NOT NULL DEFAULT '1', -- Sword3. Activity Timers
`praca` int(11) NOT NULL, -- Work cooldown
`walka` int(11) NOT NULL, -- Battle cooldown4. Arena Combat System (strona/gracz/arena.php - 159 lines)
Combat Algorithm:
// Compare stats (gracz = player, przeciwnik = opponent)
if($przeciwnik['sila'] >= $aktualny['sila']) {
$sila_1 = 10; // Opponent gets 10 points
} else {
$sila_2 = 10; // Player gets 10 points
}
// Repeat for: atak, obrona, wytrzymalosc, inteligencja
// Random damage from weapon range
$zadal_1 = rand($aktualny['obrarzenia_min'], $aktualny['obrarzenia_max']);
$zadal_2 = rand($przeciwnik['obrarzenia_min'], $przeciwnik['obrarzenia_max']);
// Sum all advantages
$gracz_1 = $sila_1 + $atak_1 + $obrona_1 + $wytrzymalosc_1 + $inteligencja_1 + $zadal_1;
$gracz_2 = $sila_2 + $atak_2 + $obrona_2 + $wytrzymalosc_2 + $inteligencja_2 + $zadal_2;
// Determine winner
if($gracz_1 > $gracz_2) {
// Opponent wins
$zloto_zabrane = $aktualny['zloto'] / 10; // Winner takes 10% gold
// Loser: -20 health, Winner: -10 health
}BUG IN COMBAT CODE:
mysql_query("UPDATE `uzytkownicy` SET
`zloto`=`zloto`+'$zloto_zabrane',
`zdrowie`=`zdrowie` - '10',
WHERE `nick`='$nick1' "); // ← Extra comma before WHERE!This query will FAIL, causing combat to malfunction.
5. Guild System (gildia.php - 330 lines)
Guild Features:
- Create guild (rejestruj) - founder becomes owner
- Search guilds (szukaj) - find existing guilds
- Activate guild (aktywuj) - join a guild you've created
- Guild owner panel (gildia_wlasciciel.php) - manage members, avatar, description
- Guild actions log (gildia_akcja table) - tracks guild events
Guild Database Structure:
CREATE TABLE `gildia` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`nazwa` mediumtext NOT NULL, -- Guild name
`zloto` int(11) NOT NULL DEFAULT '0', -- Guild gold
`wlasciciel` int(11) NOT NULL, -- Owner user ID
`opis` text NOT NULL, -- Description
`avatar` text NOT NULL, -- Avatar URL
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2;6. Training System (strona/gracz/trening.php)
- Spend points to increase stats (sila, atak, obrona, wytrzymalosc, inteligencja)
- Cooldown system to prevent spam
7. Work System (strona/gracz/praca.php)
- Earn gold by working
- Cooldown timer (`praca` column)
8. Doctor System (strona/gracz/lekarz.php)
- Heal health points
- Costs gold
9. Equipment Shop (strona/gracz/wyposazenie.php)
- Buy weapons (miecz), armor (zbroja), shields (tarcza)
- Improves combat stats
10. Messaging System (strona/gracz/wiadomosci.php)
CREATE TABLE `wiadomosci` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`akcja` int(11) NOT NULL, -- 0=inbox, 1=sent
`nadawcza` int(11) NOT NULL, -- Sender ID
`odbiorcza` int(11) NOT NULL, -- Recipient ID
`temat` text NOT NULL, -- Subject
`tresc` text NOT NULL, -- Body
`data` mediumtext NOT NULL, -- Date
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=19;11. Expedition System (strona/gracz/wyprawa.php)
- PvE adventures (vs monsters/NPCs)
- Earn rewards
12. Ranking System (strona/gracz/ranking.php)
- Leaderboards by stats
13. Profile System (strona/gracz/profil.php)
- View other players' stats
14. Guild Invitations (strona/gracz/zaproszenie.php)
- Accept/decline guild invites
---
4. SECURITY ASSESSMENT
Security Score: 4/10 - Mixed Improvements but Still Vulnerable
IMPROVEMENTS vs Mob Star:
1. Password Hashing (MD5)
// rejestracja.php:67
$haslo = md5($haslo); //szyfrowanie hasla (password encryption)
// login.php:18
$haslo = md5($haslo); //szyfrowanie hasla- MD5 is weak (broken since 2004), but better than plaintext (Mob Star)
- Should use bcrypt/Argon2, but this was 2007-2008
2. Session-Based Authentication
// arena.php:2-3
$nick = $_SESSION['nick'];
$haslo = $_SESSION['haslo'];- Uses PHP sessions (better than cookies)
- Still stores password hash in session (unnecessary)
3. Some Input Sanitization
// rejestracja.php:11
$nick = substr(addslashes(htmlspecialchars($_POST['nick'])),0,32);
// wiadomosci.php:63-65
$temat = mysql_real_escape_string($_POST['temat']);
$tresc = mysql_real_escape_string($_POST['tresc']);
$adresat = mysql_real_escape_string($_POST['adresat']);
// zaproszenie.php:2
$id = mysql_real_escape_string($_GET['id']);- mysql_real_escape_string() used in 4 locations
- htmlspecialchars() used in 2 locations
- Much better than Mob Star (only 1 addslashes, 6 htmlspecialchars total)
CRITICAL VULNERABILITIES:
1. SQL Injection Still Epidemic
// arena.php:42-43 (NO ESCAPING):
$nick1 = $_POST['przeciwnik'];
$przeciwnik = mysql_fetch_array(mysql_query("SELECT * FROM `uzytkownicy` WHERE `nick`='$nick1' LIMIT 1"));
// arena.php:8 (SESSION TRUST):
$user = mysql_fetch_array(mysql_query("SELECT * FROM `uzytkownicy` WHERE `nick`='$nick' AND `haslo`='$haslo' LIMIT 1"));
// $nick/$haslo from $_SESSION - attacker can manipulate session
// gildia.php:52 (NO ESCAPING):
$nazwa = $_POST['nazwa'];
$tresc_zapytania = "SELECT * FROM `gildia` WHERE `nazwa`='$nazwa'";
// gildia.php:88 (NO ESCAPING):
$nazwa = $_POST['gildia'];
$szukaj = mysql_fetch_array(mysql_query("SELECT * FROM `gildia` WHERE `nazwa`='$nazwa' LIMIT 1"));Grep search found 20+ instances of unescaped $_GET/$_POST/$_SESSION.
2. Syntax Error in Combat Code
// arena.php:95-97 (FATAL SYNTAX ERROR):
mysql_query("UPDATE `uzytkownicy` SET
`zloto`=`zloto`+'$zloto_zabrane',
`zdrowie`=`zdrowie` - '10',
WHERE `nick`='$nick1' ");- Extra comma before WHERE = SQL syntax error
- Combat system completely broken
- Same bug repeated at line 101
3. Placeholders in Config File
// ustawienia.php (TEMPLATE, NOT ACTUAL CREDENTIALS):
mysql_connect('host','nazwa mysql','haslo')
mysql_select_db('uzytkownik mysql')- Better than Mob Star's "jeff" exposure
- But if deployed unchanged = connection failure
- No instructions on how to configure
4. XSS Vulnerabilities
// gildia.php outputs user input without escaping
// Most output uses echo without htmlspecialchars()
// Only 2 uses of htmlspecialchars() in entire codebase5. CSRF Protection: NONE
- No tokens
- No referrer checks
- All forms vulnerable to cross-site request forgery
6. Deprecated mysql_* Functions
- All queries use mysql_* (removed PHP 7.0)
- No mysqli or PDO
- No prepared statements
Comparison to Previous Games
| Game | Security Score | SQL Injection | Password Storage | Auth Method |
|---|---|---|---|---|
| Mob Star | 1/10 | Epidemic | Plaintext cookies | Cookies |
| Mroczni Rycerze | 4/10 | Still prevalent | MD5 hashed | Sessions |
| McCodes | 7/10 | Mostly prevented | Hashed | Sessions |
| MetalMech | 5/10 | Some escaping | N/A (XML) | Sessions |
Verdict: Mroczni Rycerze is better than Mob Star but worse than McCodes. The MD5 hashing and mysql_real_escape_string() usage show security awareness, but inconsistent application leaves major vulnerabilities.
---
5. CODE QUALITY & ARCHITECTURE
Code Quality Score: 5/10 - Organized but Inconsistent
STRENGTHS:
1. Clean Directory Structure
strona/
├── gosc/ # Guest pages (kontakt, regulamin, start)
├── gracz/ # Player pages (15 features)
├── administrator/# Admin panel
└── include/ # Shared header/footer2. Centralized Routing
// index.php: Clean switch statement
switch($_GET['strona']) {
case 'arena':
include('strona/gracz/arena.php');
break;
// 20+ cases
}3. Separate CSS Files
template/
├── styles.css # Main styles
├── reset.css # CSS reset
└── ie.css # IE fixes (remember IE6-8 in 2007?)4. Consistent Polish Language
- No Dutch/English mixing (unlike Mob Star)
- All variables, comments, UI text in Polish
- Professional localization
5. Combat Algorithm Documentation
// arena.php has clear logic flow
// Stat comparison → point assignment → damage roll → winner determinationWEAKNESSES:
1. CRITICAL SYNTAX ERROR in Combat
// arena.php:95-97 & 101-103
mysql_query("UPDATE `uzytkownicy` SET
`zloto`=`zloto`+'$zloto_zabrane',
`zdrowie`=`zdrowie` - '10', ← COMMA!
WHERE `nick`='$nick1' "); ← SQL syntax error- Core feature broken
- Suggests insufficient testing
- Repeated twice = copy-paste error
2. Inconsistent Input Sanitization
// GOOD (wiadomosci.php):
$temat = mysql_real_escape_string($_POST['temat']);
// BAD (arena.php):
$nick1 = $_POST['przeciwnik']; // Direct usage3. No Error Handling
// Most mysql_query() calls have no error checking
// Silent failures = debugging nightmare4. Magic Numbers
// arena.php stat comparisons:
if($przeciwnik['sila'] >= $aktualny['sila']) {
$sila_1 = 10; // Why 10? No constant defined
}5. No Input Validation
// rejestracja.php checks if fields empty
// But no regex for email, no length limits enforced
// Uses substr() for truncation instead of validation6. Typos in Database
`obrarzenia_min` int(11) -- Should be "obrazenia" (wounds)
`nadawcza` int(11) -- Should be "nadawca" (sender)
`odbiorcza` int(11) -- Should be "odbiorca" (recipient)7. Session Security Issues
// Stores password hash in session (unnecessary)
$nick = $_SESSION['nick'];
$haslo = $_SESSION['haslo'];
// Only need user ID, not password hash---
6. DATA STRUCTURES & GAME LOGIC
Database Schema (MySQL.txt - 4 tables)
1. uzytkownicy (Users)
CREATE TABLE `uzytkownicy` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`nick` varchar(44) NOT NULL,
`haslo` text NOT NULL, -- MD5 hash
`email` varchar(44) NOT NULL,
`pkt` int(11) NOT NULL, -- Stat points
`sila` int(11) DEFAULT '1', -- Strength
`atak` int(11) DEFAULT '1', -- Attack
`obrona` int(11) DEFAULT '1', -- Defense
`wytrzymalosc` int(11) DEFAULT '1', -- Endurance
`inteligencja` int(11) DEFAULT '1', -- Intelligence
`obrarzenia_min` int(11) DEFAULT '0', -- Min damage (typo: obrarzenia)
`obrarzenia_max` int(11) DEFAULT '1', -- Max damage
`zdrowie` int(11) DEFAULT '100', -- Health
`zloto` int(11) DEFAULT '500', -- Gold
`platyna` int(11) DEFAULT '0', -- Platinum (premium)
`praca` int(11) NOT NULL, -- Work cooldown
`zbroja` int(11) DEFAULT '1', -- Armor ID
`tarcza` int(11) DEFAULT '1', -- Shield ID
`miecz` int(11) DEFAULT '1', -- Sword ID
`walka` int(11) NOT NULL, -- Battle cooldown
`gildia` mediumtext NOT NULL, -- Guild name
`gildia_id` int(11) NOT NULL, -- Guild ID
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=26;Design Issues:
- `gildia` stores name AND ID (redundant, denormalization)
- `platyna` suggests premium currency (pay-to-win?)
- Cooldown timers (`praca`, `walka`) likely Unix timestamps
- Equipment stored as IDs but no equipment table defined
2. gildia (Guilds)
CREATE TABLE `gildia` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`nazwa` mediumtext NOT NULL, -- Name (should be VARCHAR)
`zloto` int(11) DEFAULT '0', -- Guild gold
`wlasciciel` int(11) NOT NULL, -- Owner user ID
`opis` text NOT NULL, -- Description
`avatar` text NOT NULL, -- Avatar URL
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=2;Design Issues:
- `nazwa` as mediumtext = poor index performance
- No member count column
- No creation date
3. gildia_akcja (Guild Action Log)
CREATE TABLE `gildia_akcja` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`tresc` text COLLATE utf8_polish_ci, -- Message (UTF-8!)
`data` mediumtext NOT NULL, -- Date (should be DATETIME)
`gildia` int(11) NOT NULL, -- Guild ID
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=11;Note: Uses `utf8_polish_ci` collation for Polish characters (ą, ć, ę, ł, ń, ó, ś, ź, ż).
4. wiadomosci (Messages)
CREATE TABLE `wiadomosci` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`akcja` int(11) NOT NULL, -- 0=inbox, 1=sent
`nadawcza` int(11) NOT NULL, -- Sender ID (typo: nadawca)
`odbiorcza` int(11) NOT NULL, -- Recipient ID (typo: odbiorca)
`temat` text NOT NULL, -- Subject
`tresc` text NOT NULL, -- Body
`data` mediumtext NOT NULL, -- Date (should be DATETIME)
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=19;Combat Algorithm
Stat Comparison Logic:
For each stat (sila, atak, obrona, wytrzymalosc, inteligencja):
IF opponent_stat >= player_stat:
opponent_points += 10
ELSE:
player_points += 10
weapon_damage_player = random(min_damage, max_damage)
weapon_damage_opponent = random(min_damage, max_damage)
total_player = stat_points + weapon_damage
total_opponent = stat_points + weapon_damage
IF total_opponent > total_player:
opponent_wins()
ELSE:
player_wins()Issues:
- Equal stats favor opponent (>= vs >)
- Weapon damage adds directly to points (should multiply?)
- No critical hits, dodging, or advanced mechanics
- Simple deterministic comparison = low strategy depth
---
7. HISTORICAL CONTEXT & EVOLUTION
Polish Browser Gaming Ecosystem (2007-2008)
Context:
- Western markets: McCodes (2008), mafia games dominating
- Eastern Europe: Local language gaming emerging
- Poland specifically: Large gaming community, preference for localized content
CybaWielki.pl Portal:
- Appears to be game engine marketplace
- "Konstrukcja Game" = "Construction Game" (DIY game engine)
- v0.2 suggests multiple versions/products
- Forum suggests community support model
Genre Selection:
- Fantasy RPG instead of mafia (bucking Western trend)
- Knights/guilds theme more culturally relevant to Poland
- Medieval fantasy popular in Eastern European gaming
Timeline Position
Pre-Mroczni Rycerze:
- 2005: Mob Star (game 41) - Dutch/English mafia game, catastrophic security
- 2005: MetalMech (game 40) - Mech combat, Smarty templates
- 2008: McCodes (game 39) - Industry standard, better security
Mroczni Rycerze (2007-2008):
- Better architecture than 2005 games (centralized routing, sessions)
- Worse security than 2008 McCodes (SQL injection still prevalent)
- Local focus vs international English games
Post-Mroczni Rycerze:
- Polish browser gaming continues to grow
- Separate ecosystem from Western mafia games
- Language barrier creates isolated markets
Comparison to Contemporaries
vs Mob Star (Game 41, 2005, Dutch):
| Feature | Mob Star | Mroczni Rycerze |
|---|---|---|
| Architecture | Flat files | Organized directories |
| Security | 1/10 | 4/10 |
| Passwords | Plaintext | MD5 hashed |
| Auth | Cookies | Sessions |
| Code Quality | 3/10 | 5/10 |
| Genre | Mafia | Fantasy RPG |
vs McCodes (Game 39, 2008, English):
| Feature | McCodes | Mroczni Rycerze |
|---|---|---|
| Security | 7/10 | 4/10 |
| Community | Massive | Regional (Polish) |
| Completion | Full release | Beta v0.2 |
| Market | International | Poland-only |
Lesson: Regional browser games existed alongside international hits, but language barriers prevented cross-pollination of security best practices.
---
8. INTEGRATION & DEPENDENCIES
External Dependencies
None. Completely self-contained (like most PHP games of era).
PHP Extensions Required
mysql extension (deprecated, removed PHP 7.0)
session support (built-in)
GD library (possibly for images, not verified)
Database Requirements
-- MySQL 4.x or 5.x
-- MyISAM engine
-- UTF-8 support for Polish characters (utf8_polish_ci)
-- 4 tables (very lightweight)Installation Complexity: MEDIUM
Hypothetical Install Process:
- Edit ustawienia.php with MySQL credentials
- Create database
- Import MySQL.txt
- Upload files to web server
- Access index.php
Pros:
- Only 4 database tables
- No external libraries
- Small codebase (1,781 lines)
Cons:
- No installation wizard
- No documentation (only Polish license)
- Configuration file has placeholders
- Requires MySQL setup knowledge
- Combat system has syntax error (needs code fix)
Deployment Requirements
LAMP Stack:
Linux/Windows server
Apache with mod_php
PHP 5.x (will NOT work on PHP 7.0+)
MySQL 4.x-5.x
Polish character support (UTF-8)
Modern Deployment: IMPOSSIBLE without rewrites
- mysql_* functions removed PHP 7.0
- MD5 unsuitable for passwords (use bcrypt)
- SQL injection vulnerabilities
- Syntax error in combat code needs fixing
---
9. PRESERVATION ASSESSMENT
Completeness Score: 7/10 - Functional Beta with Bugs
What's Present:
- Full source code (22 PHP files, 1,781 lines)
- Database schema (MySQL.txt, 4 tables)
- All images (20 JPG, 14 PNG)
- CSS stylesheets (3 files)
- License file (Polish)
- Core systems implemented
What's Missing:
- No README/documentation
- No installation guide
- No English translation
- Admin panel (directory exists but empty?)
- Equipment shop data (items not defined)
What's Broken:
- 💥 Combat system syntax error (extra comma in SQL UPDATE)
- ⚠️ SQL injection vulnerabilities (20+ instances)
- ⚠️ Placeholders in config file
Playability Status:
Can Install: YES (if config edited)
Can Register: YES
Can Login: YES
Can Train: YES
Can Combat: NO (syntax error breaks fights)
Can Guild: YES (with SQL injection risks)
Can Message: YESCultural Value: HIGH - Polish Gaming History
Historical Significance:
- First Polish game in collection (41 games analyzed)
- Regional gaming documentation (Eastern European ecosystem)
- Language preservation (Polish gaming terminology)
- Construction game model (DIY engine marketplace)
- Fantasy RPG alternative to mafia game dominance
Comparative Rarity:
- Polish game (unique)
- CybaWielki.pl domain defunct (lost history)
- Represents local gaming movement vs international hits
Restoration Difficulty: HIGH
To Run on PHP 5.6:
Effort: MEDIUM (8-16 hours)
Fix combat syntax error (remove commas)
Edit ustawienia.php with real credentials
Import database
Test all features
To Run on PHP 7.x+:
Effort: HIGH (40-60 hours)
Replace ALL mysql_* with mysqli/PDO
Fix combat syntax errors
Add prepared statements (SQL injection prevention)
Upgrade MD5 to bcrypt
Fix session security
Add CSRF tokens
Fix all SQL injection points (20+)
To Translate to English:
Effort: MEDIUM (20-30 hours)
Translate all UI text (in PHP files)
Translate database content
Translate CSS class names (optional)
English version of license
Comparative Rarity
In This Collection (Games 1-42):
- Unique: Only Polish-language game
- Rare: Fantasy RPG (vs mafia game dominance)
- Common: PHP/MySQL stack
- Rare: Router pattern (centralized switch)
- Common: SQL injection vulnerabilities
In Wild:
- CybaWielki.pl = defunct (domain parked/expired)
- Forum.CybaWielki.pl = unreachable
- "Konstrukcja Game" = no Google results
- Estimated copies worldwide: <20 (very rare)
---
10. FINAL VERDICT
Overall Rating: 5/10 - Competent Architecture, Beta Execution
RATING BREAKDOWN:
| Category | Score | Reasoning |
|---|---|---|
| Security | 4/10 | MD5 hashing, some escaping, but SQL injection prevalent |
| Code Quality | 5/10 | Organized structure, but syntax error, inconsistent sanitization |
| Completeness | 7/10 | Core features present, combat broken, admin panel missing |
| Innovation | 4/10 | Router pattern good, but standard fantasy RPG mechanics |
| Playability | 5/10 | Works except combat (critical bug) |
| Historical Impact | 6/10 | Regional significance (Polish gaming), zero international impact |
| Preservation Value | 8/10 | Unique Polish game, documents regional gaming history |
STRENGTHS:
- Organized Architecture
- Centralized router (switch statement)
- Clean directory structure (strona/gracz/, strona/gosc/)
- Separate CSS files (reset.css, ie.css compatibility)
- Professional file organization
- Security Improvements vs Mob Star
- MD5 password hashing (weak but present)
- Session-based authentication (not cookies)
- mysql_real_escape_string() used in 4 places
- htmlspecialchars() used correctly in 2 places
- Polish Localization
- Consistent language throughout
- UTF-8 Polish characters supported (ą, ć, ę, ł, ń, ó, ś, ź, ż)
- Cultural relevance (fantasy knights vs mafia)
- Lightweight Codebase
- Only 1,781 lines PHP
- 4 database tables
- 0.67 MB total size
- Easy to understand and modify
WEAKNESSES:
- CRITICAL SYNTAX ERROR
- Combat system completely broken (extra comma in SQL)
- Repeated twice = copy-paste error
- Suggests zero testing before release
- SQL Injection Still Epidemic
- 20+ unescaped $_GET/$_POST/$_SESSION usage
- Inconsistent mysql_real_escape_string() application
- Direct user input in queries
- Beta Quality
- Admin panel directory empty
- Equipment shop missing item definitions
- No documentation
- Placeholders in config file
- Weak Security
- MD5 hashing (broken since 2004)
- No CSRF protection
- Password hash stored in session (unnecessary)
- XSS vulnerabilities (minimal htmlspecialchars())
- Language Barrier
- Zero English documentation
- Polish-only UI
- Limits international adoption
Tier Classification: TIER 3 - Regional Competence, Beta Bugs
Comparison to Collection:
- Better than: Mob Star (1/10), mafia_warz (2/10) - security improvements
- Equal to: Generic mafia games (Tier 3-4) - standard features
- Worse than: McCodes (7/10), MetalMech (6.5/10) - less complete/secure
- Unique: Only Polish game in 42 games analyzed
Preservation Priority: HIGH
Justification:
- Cultural Uniqueness: Only Polish-language browser RPG in collection
- Regional Gaming History: Documents Eastern European gaming ecosystem
- Language Preservation: Polish gaming terminology and UI patterns
- Construction Game Model: CybaWielki.pl engine marketplace (now defunct)
- Rarity: <20 copies estimated worldwide, original site dead
Ideal Use Cases (2024)
Educational Value:
- Comparative Security Study: Shows improvement over 2005 games (Mob Star) but gaps vs 2008 (McCodes)
- Router Pattern Example: Centralized switch() for page routing
- Localization Study: Polish gaming language and cultural adaptation
- ⚠️ Bug Analysis: Syntax error in combat code = testing failure case study
Historical Research:
- Regional Gaming: Eastern European browser gaming movement
- Language Barriers: How local markets developed separately
- Engine Marketplaces: CybaWielki.pl DIY game construction model
Restoration Projects:
- ⚠️ High Effort: 40-60 hours for PHP 7+ compatibility
- ⚠️ Translation Needed: 20-30 hours for English version
- Cultural Preservation: Fix bugs, modernize, preserve Polish gaming history
The Mroczni Rycerze Story
Mroczni Rycerze represents regional browser gaming that existed parallel to international hits:
- 2005-2006: Western mafia games (Mob Star) struggle with security
- 2007-2008: Polish developers create localized fantasy RPG
- 2008: McCodes raises security bar internationally
- 2008-2009: Mroczni Rycerze released as beta v0.2
- 2010?: CybaWielki.pl goes offline, game abandoned
- 2024: Discovered in archive, preserved as Polish gaming artifact
The Lesson: Language creates isolated gaming ecosystems. While English-language games like McCodes spread globally and iterated rapidly, Polish games like Mroczni Rycerze developed independently. Security improvements happened unevenly—MD5 hashing and sessions showed awareness, but SQL injection remained endemic. The combat syntax error suggests rushed release or inadequate QA. The "Konstrukcja Game" model (construction game engine) anticipated modern game engine marketplaces by over a decade.
Final Assessment
Technical Quality: ⚖️ Mid-tier (organized architecture, beta execution)
Security Quality: ⚠️ Below Standard (SQL injection, MD5, syntax error)
Cultural Value: 🏆 HIGH (unique Polish game, regional history)
Playability: 💥 Broken (combat syntax error, SQL injection risks)
Recommendation: PRESERVE as Polish gaming cultural artifact. Mroczni Rycerze is a Polish-language browser RPG, making it invaluable for documenting regional gaming history. The organized architecture (router pattern, separate CSS, session auth) shows competence beyond earlier games like Mob Star, but the critical combat syntax error and prevalent SQL injection reveal beta-quality execution. The fantasy RPG genre (knights, guilds, arenas) offers contrast to mafia game dominance. The extinct CybaWielki.pl site and "Konstrukcja Game" engine model document a lost chapter of Eastern European browser gaming.
CRITICAL WARNING: Combat system has SQL syntax error (extra comma). Fix before any deployment. All user input must be sanitized—SQL injection vulnerabilities throughout codebase.
---
Archive Status: PRESERVED
Analyst Notes: This is a Polish-language game, representing Eastern European regional browser gaming circa 2007-2008. Architecture shows improvements over 2005 games (router pattern, sessions, MD5 hashing) but security gaps persist (SQL injection, combat syntax error). The extinct CybaWielki.pl portal and "Konstrukcja Game" branding suggest a DIY engine marketplace model. Fantasy RPG theme (not mafia) aligns with Polish gaming culture. Unique cultural value as a Polish game. Estimated <20 copies worldwide. Syntax error in arena.php lines 95-97 and 101-103 must be fixed before deployment (remove commas before WHERE clause).
Overall Assessment & Star Ratings
| Category | Rating | Commentary |
|---|---|---|
| Innovation & Originality | ★★★★☆☆☆☆☆☆ 4/10 | Standard fantasy RPG, but a Polish game, "Konstrukcja Game" engine |
| Code Quality | ★★★★★☆☆☆☆☆ 5/10 | Router pattern, separate CSS, organized folders, but syntax errors in arena.php |
| Security Posture | ★★★☆☆☆☆☆☆☆ 3/10 | MD5 hashing (weak), proper sessions, but SQL injection vulnerabilities throughout |
| Documentation | ★★★☆☆☆☆☆☆☆ 3/10 | Polish license, MySQL.txt schema, but no technical docs, entirely in Polish |
| Gameplay Design | ★★★★★★☆☆☆☆ 6/10 | Complete fantasy features: guilds, arena, expeditions, monuments, city, but early beta |
| Technical Architecture | ★★★★★★☆☆☆☆ 6/10 | Router pattern (index.php switch), strona/gosc/gracz separation, template system |
| Completeness | ★★★★☆☆☆☆☆☆ 4/10 | Early beta v0.2, 61 files, incomplete features, syntax errors, abandoned |
| Historical Significance | ★★★★★★★☆☆☆ 7/10 | ONLY Polish game in collection, documents Eastern European browser gaming movement |
| Preservation Value | ★★★★★★☆☆☆☆ 6/10 | Unique cultural artifact, extinct CybaWielki.pl portal, <20 copies estimated |
Final Grade: C+
Summary: Mroczni Rycerze v0.2 (2007-2008) is a Polish-language fantasy RPG - Polish game. Developed by CybaWielki.pl as "Konstrukcja Game v0.2", it documents the Eastern European regional browser gaming movement that paralleled Western McCodes-dominated markets. With 61 files and complete fantasy features (guilds, arena, expeditions, monuments, city), it shows architectural improvements over 2005 games: router pattern (index.php switch statement), proper PHP sessions (vs cookie auth), separate CSS stylesheets, and guest/player folder separation. However, as an early beta v0.2, it suffers from SQL injection vulnerabilities, MD5 password hashing (weak), and syntax errors in arena.php (invalid SQL commas before WHERE). The placeholder database credentials in ustawienia.php (better than Mob Star's exposed "jeff" password) show awareness of security issues, though incomplete. As a cultural artifact documenting Polish browser gaming with extinct CybaWielki.pl portal and estimated <20 copies worldwide, preservation value is significant despite technical limitations. Never deploy without fixing SQL injection and syntax errors.
Security Warning
Running many of the scripts in this archive on a live server presents a serious security risk. These projects were created before modern hardening practices and may contain vulnerabilities that can compromise your system.
We strongly recommend using this code for reference and analysis only, or in isolated local environments. By downloading these files, you accept full responsibility for their use.