/**
* 重新生成授权信息
* @param int $power_id 权限ID
* @return json
*/
public function regen_auth_key()
{
$power_id = $this->input->get_post('id', TRUE);
if ($this->form_validation->run() == FALSE) {
$error = validation_errors();
$this->to_api_message(0, $error);
}
$power = $this->power->get($power_id);
if (empty($power)) {
$this->to_api_message(0, 'unknow_power');
}
$this->load->helper('rand');
$updateData = $where = array();
$updateData = array('power_id' => create_rand_string(20), 'power_key' => create_rand_string(32));
$where = array('id' => $power_id);
$op_description = sprintf("修改了%s权限的授权信息", $power['name']);
$update = $this->power->update($updateData, $where);
if ($update) {
$this->add_op_log($op_description, 1);
$this->to_api_message(1, 'update_power_success', $updateData);
} else {
$this->add_op_log($op_description, 0);
$this->to_api_message(0, 'update_power_failed');
}
}
function login_to_server($pseudo = '', $mdp = '', $bpUserId = 0, $returnSession = false, $fbUserId = 0)
{
global $p_user, $db_name, $directories, $st, $cw;
$login_name = mysql_escape_string($pseudo ? $pseudo : (string) $_POST['pseudo']);
$agent_hash = hash_user_agent();
/********************** Admin Login *******************/
if ($login_name == "Admin") {
$password = mysql_escape_string((string) $_POST['mdp']);
db("select * from se_games where admin_pw = '{$password}'");
$games_info = dbr(1);
if (empty($games_info)) {
//invalid admin login
insert_history(1, "Bad login Attempt");
sleep(3);
//so as to minimise trouble caused by people trying to guess the pass, and who don't know about the back button. :)
exit("Login Failed. Do no pass go, do not collect your new Harvestor Mammoth.");
} else {
//Admin successfully logged into game
$db_name = $games_info['db_name'];
$session = create_rand_string(32);
SetCookie("login_id", 1, 0);
SetCookie("login_name", "Admin", time() + 2592000);
SetCookie("session_id", $session, 0);
flush();
//send cookies immediatly
$expire = time() + SESSION_TIME_LIMIT;
insert_history(1, "Successfully logged into {$db_name}");
dbn("update {$db_name}_users set game_login_count = game_login_count + 1 where login_id = '1'");
dbn("update se_games set session_id = '{$session}', session_exp = '{$expire}', user_agent = '{$agent_hash}' where db_name = '{$db_name}'");
echo "<script>self.location='location.php';</script> <noscript>You cannot login without JavaScript. Please enable Javascript, or use a browser that supports it.</noscript>";
exit;
}
} elseif (preg_match("/^admin\$/i", $login_name)) {
//other spelling of admin.
sleep(5);
exit("Sod off - you can't even spell 'admin' properly can you?");
}
/*************************User Login************************/
db("select * from user_accounts where login_name = '{$login_name}'");
$p_user = dbr(1);
if (!isset($_POST['enc_pass']) || $mdp) {
//user entered pass on login form
$enc_pass = md5($mdp ? $mdp : $_POST['mdp']);
$pre_enc_pass = 0;
} else {
//pass coming from being hidden in auth. so set pre_enc to ensure auth is checked.
$enc_pass = $_POST['enc_pass'];
$pre_enc_pass = 1;
}
if (empty($p_user)) {
//incorrect username
print_header($cw['login_problem']);
echo "<blockquote>" . sprintf($st[1816], $login_name) . "<br />\r\n\t\t" . $st[1817] . "<p />\r\n\t\t<p /> <a href='inscription.php'>\r\n\t\t" . $cw['sign_up2'] . "</a> <p /> <a href=\"" . URL_PREFIX . "/index.php\">" . $st[1818] . "</a></b></blockquote>";
print_footer();
} elseif ($enc_pass != $p_user['passwd'] && !$bpUserId && !$fbUserId) {
//incorrect password
print_header($cw['bad_passwd']);
echo "<blockquote><b>" . $st[1819] . "<br />" . $st[1820] . "\r\n\t\t<p /><a href=\"javascript:history.back()\">" . $st[1818] . "</a></b><p />" . $st[789] . " ? <a href=change_pass.php?stage_one=1>" . $cw['click_here'] . "</a></blockquote><p />";
insert_history($p_user['login_id'], $cw['bad_login']);
print_footer();
} elseif ($p_user['bp_user_id'] && !$bpUserId) {
// joueur BP connexion classique
print_header("Problème de connexion");
echo "<blockquote><b>Erreur</b><br /><br />Il semble que vous vous soyez inscrit via notre partenaire <a href='http://www.bigpoint.com/' target='_blank'>BigPoint</a>, veuillez utiliser <a href='http://fr.bigpoint.com/games/astravires/' target='_blank'>la fiche jeu Astra Vires</a> sur son portail pour vous connecter.</blockquote><p />";
insert_history($p_user['login_id'], 'Joueur BP connexion classique');
print_footer();
//valid username/pass combination.
//But MUST enter a auth code to continue, as pre_enc_pass was set.
//or no auth code yet entered, and sendmail is set
} elseif ($pre_enc_pass == 1 || $p_user['auth'] != 0 || $bpUserId) {
//get user to enter auth code.
if ((empty($_POST['auth_code']) || $_POST['auth_code'] != $p_user['auth'] && $p_user['auth'] != 0) && !$bpUserId) {
print_header("Authorisation Code Required");
$rs = "";
if (empty($_POST['auth_code'])) {
echo "Please enter the Authorisation Code that was sent to your email address:<br /><br />";
} else {
echo "Authorisation Code did not match.<br />";
}
echo "<form name=get_var_form action={$_SERVER['PHP_SELF']} method=POST>";
echo "<input type=hidden name=l_name value='{$login_name}'><input type=hidden name=enc_pass value='{$enc_pass}'>";
echo "<input type=text name=auth_code value='' size=20> - ";
echo "<input type=submit value=Submit></form>";
print_footer();
} elseif ($_POST['auth_code'] == $p_user['auth'] || $bpUserId) {
dbn("update user_accounts set auth = '0' where login_id = '{$p_user['login_id']}'");
} else {
print_page("hmm", "Something Broke");
}
}
/*****************User successfully logged in***********************/
if ($p_user['mdp']) {
setAutoLoginCookie($p_user['login_id'], $p_user['login_name'], $p_user['mdp']);
}
$session = create_rand_string(32);
SetCookie("login_id", $p_user['login_id'], time() + 2592000);
SetCookie("login_name", $p_user['login_name'], time() + 2592000);
SetCookie("session_id", $session, 0);
$expire = time() + SESSION_TIME_LIMIT;
if (!$returnSession) {
dbn("update user_accounts set last_login = "******", session_id = '{$session}', session_exp = '{$expire}', last_ip = '" . $_SERVER['REMOTE_ADDR'] . "', login_count = login_count + 1, user_agent = '{$agent_hash}' where login_id = '{$p_user['login_id']}'");
insert_history($p_user['login_id'], "Logged Into GameList");
} else {
dbn("update user_accounts set session_id = '{$session}', session_exp = '{$expire}' where login_id = '{$p_user['login_id']}'");
}
// update the password in clear to delete the encrypted one in the future
dbn("update user_accounts set mdp = '" . $_POST['mdp'] . "' where login_id = '" . $p_user[login_id] . "'");
if ($p_user['last_login'] == 0 && !$returnSession) {
//first login. show them the story.
print_header("Histoire");
//load story
$results = load_xml("{$directories['includes']}/stories.xml");
$story = $results['story']['Histoire'];
echo "<a href='game_listing.php'>Continuer</a><br /><br />";
echo "\n<a name=top><center><b>{$story['title']}</b></center></a><br>{$story['content']} <p />Ecrit par <b class=b1>{$story['author']}</b>";
echo "<br /><br /><a href='game_listing.php'>Continuer</a>";
$rs = '';
print_footer();
}
if ($returnSession) {
return $session;
}
}
$since_last = array(0 => 0);
$final_str .= "\n\n<hr><p>Beginning Server Maintenance...<p>";
/**********************
* Quick Maints
**********************/
//Change the tip for the day.
db("select tip_id from daily_tips order by RAND() limit 1");
$tip_count = dbr(1);
dbn("update se_central_table set todays_tip = '{$tip_count['tip_id']}'");
$final_str .= "\n<br />New tip chosen - tip # {$tip_count['tip_id']}...<br />";
//delete accounts that have not been authorised within a week
$time_to_del_from = time() - 604800;
dbn("delete from user_accounts where signed_up <= '{$time_to_del_from}' && session_exp = 0 && login_id > 5 && login_count = 0");
$final_str .= "\n<br />" . mysql_affected_rows() . " unauthorised user accounts deleted...<br />";
//change AI passwords daily. Wouldn't do to have someone get access to them.
$p_pass = md5(create_rand_string(50));
dbn("update user_accounts set passwd = '{$p_pass}' where login_id = '2' || login_id = 3 || login_id = 4 || login_id = 5");
$final_str .= "\n<br />Special accounts pass changed...<br />";
//delete user history older than 3 weeks.
dbn("delete from user_history where timestamp < " . time() . "-1814400");
$final_str .= "\n<br />" . mysql_affected_rows() . " old rows from the user_history deleted...<br />";
//delete posts to the central forum that are older than 3 weeks.
dbn("delete from se_central_messages where timestamp < " . time() . "-1814400");
$final_str .= "\n<br />" . mysql_affected_rows() . " messages from the central forum were deleted...<br />";
print_time();
//backup the DB if requested. & delete old files
if ($make_database_backups == 1) {
backup_db();
print_time();
delete_old_backups($max_num_db_backups, "_db_backup");
print_time();
//user entered e-mail addy. Check it and send e-mail if valid
} elseif (isset($_POST['stage_two'])) {
print_header($cw['password_changing']);
if (empty($_POST['mail_addy'])) {
echo $st[1023] . ". {$back_link}.";
} else {
//Connect to the database
db_connect();
db("select login_id, email_address, real_name from user_accounts where email_address = '" . mysql_escape_string($_POST['mail_addy']) . "'");
$account_details = dbr(1);
if (empty($account_details['login_id'])) {
//couldn't find account
echo $st[1024] . "{$back_link}";
} else {
//create the random string
$changing_data = create_rand_string(32);
//enter number, and timestamp into db.
dbn("update user_accounts set pass_change = '" . $changing_data . "*" . time() . "' where login_id = '{$account_details['login_id']}'");
//create the url
$url = URL_PREFIX . "/change_pass.php?data_var=" . $changing_data . "&lid=" . $account_details['login_id'];
$message = sprintf($st[1025], $account_details[real_name]) . SERVER_NAME . sprintf($st[1026], $url);
//try to send the mail
if (send_mail(SERVER_NAME, $_SERVER['SERVER_ADMIN'], $account_details['real_name'], $account_details['email_address'], SERVER_NAME . $cw['password_reset'], $message)) {
echo $st[1027];
} else {
echo $st[1028];
echo $st[1029];
}
}
}
//user has clicked the link
