function update($arr) { if (isset($arr['id'], $arr['type'], $arr['mail'], $arr['phone'])) { $id = $arr['id']; $type = $arr['type']; $mail = $arr['mail'] == 'null' ? NULL : $arr['mail']; $phone = $arr['phone'] == 'null' ? NULL : $arr['phone']; $bdd = getBDD(); if (isset($arr['pwd'])) { $pwd = cryptPassword($arr['pwd']); $request = $bdd->exec("UPDATE at_users SET type = '{$type}', password = '******', mail = '{$mail}', phone = '{$phone}' WHERE id = '{$id}'"); } else { $request = $bdd->exec("UPDATE at_users SET type = '{$type}', mail = '{$mail}', phone = '{$phone}' WHERE id = '{$id}'"); } if ($request == 1) { http_response_code(202); } else { http_response_code(400); } } else { if (isset($arr['cle'])) { $id = $arr['cle']; $bdd = getBDD(); $api = generatePassword(); $request = $bdd->exec("UPDATE at_users SET cle = '{$api}' WHERE id = '{$id}'"); if ($request == 1) { echo $api; http_response_code(202); } else { http_response_code(400); } } } }
function ShowPassEncripterPage() { global $LNG; $Password = HTTP::_GP('md5q', '', true); $template = new template(); $template->assign_vars(array('md5_md5' => $Password, 'md5_enc' => cryptPassword($Password), 'et_md5_encripter' => $LNG['et_md5_encripter'], 'et_encript' => $LNG['et_encript'], 'et_result' => $LNG['et_result'], 'et_pass' => $LNG['et_pass'])); $template->show('PassEncripterPage.tpl'); }
function create_new_user($link, $nickname, $firstname, $lastname, $email, $password) { $password_crypt = cryptPassword($nickname, $password); $ok = mysql_query_exec($link, "\n INSERT INTO users (\n nickname,\n firstname,\n lastname,\n email,\n password,\n creationdate)\n VALUES (\n '{$nickname}',\n '{$firstname}',\n '{$lastname}',\n '{$email}',\n '{$password_crypt}',\n NOW())"); if ($ok && !is_dir("users/{$nickname}")) { $ok = mkdir("users/{$nickname}"); } return $ok; }
function ShowLoginPage() { global $USER, $LNG; if (isset($_REQUEST['admin_pw'])) { $password = cryptPassword($_REQUEST['admin_pw']); if ($password == $USER['password']) { $_SESSION['admin_login'] = $password; HTTP::redirectTo('admin.php'); } } $template = new template(); $template->assign_vars(array('bodyclass' => 'standalone', 'username' => $USER['username'])); $template->show('LoginPage.tpl'); }
private function sendDefault() { global $USER, $PLANET, $CONF, $LNG, $UNI, $SESSION, $THEME; $adminprotection = HTTP::_GP('adminprotection', 0); $username = HTTP::_GP('username', $USER['username'], UTF8_SUPPORT); $password = HTTP::_GP('password', ''); $newpassword = HTTP::_GP('newpassword', ''); $newpassword2 = HTTP::_GP('newpassword2', ''); $email = HTTP::_GP('email', $USER['email']); $timezone = HTTP::_GP('timezone', ''); $language = HTTP::_GP('language', ''); $planetSort = HTTP::_GP('planetSort', 0); $planetOrder = HTTP::_GP('planetOrder', 0); $theme = HTTP::_GP('theme', $THEME->getThemeName()); $queueMessages = HTTP::_GP('queueMessages', 0); $spycount = HTTP::_GP('spycount', 1.0); $fblink = HTTP::_GP('fblink', ''); $fleetactions = HTTP::_GP('fleetactions', 5); $galaxySpy = HTTP::_GP('galaxySpy', 0); $galaxyMessage = HTTP::_GP('galaxyMessage', 0); $galaxyBuddyList = HTTP::_GP('galaxyBuddyList', 0); $galaxyMissle = HTTP::_GP('galaxyMissle', 0); $blockPM = HTTP::_GP('blockPM', 0); $vacation = HTTP::_GP('vacation', 0); $delete = HTTP::_GP('delete', 0); $sirena = HTTP::_GP('sirena', 0); // Vertify $adminprotection = $adminprotection == 1 && $USER['authlevel'] != AUTH_USR ? $USER['authlevel'] : 0; $spycount = min(max(round($spycount), 1), 4294967295); $fleetactions = min(max($fleetactions, 1), 99); $language = array_key_exists($language, $LNG->getAllowedLangs(false)) ? $language : $LNG->getLanguage(); $theme = array_key_exists($theme, Theme::getAvalibleSkins()) ? $theme : $THEME->getThemeName(); $SQL = ""; $redirectTo = 'game.php?page=settings'; if (!empty($username) && $USER['username'] != $username) { if (!CheckName($username)) { $this->printMessage($LNG['op_user_name_no_alphanumeric']); } elseif ($USER['uctime'] >= TIMESTAMP - USERNAME_CHANGETIME) { $this->printMessage($LNG['op_change_name_pro_week']); } else { $Count = $GLOBALS['DATABASE']->getFirstCell("SELECT (SELECT COUNT(*) FROM " . USERS . " WHERE `universe` = " . $UNI . " AND `username` = '" . $GLOBALS['DATABASE']->sql_escape($username) . "') + (SELECT COUNT(*) FROM " . USERS_VALID . " WHERE `universe` = " . $UNI . " AND `username` = '" . $GLOBALS['DATABASE']->sql_escape($username) . "')"); if (!empty($Count)) { $this->printMessage(sprintf($LNG['op_change_name_exist'], $username)); } else { $SQL .= "UPDATE " . USERS . " SET username = '******'DATABASE']->sql_escape($username) . "', uctime = " . TIMESTAMP . " WHERE id = " . $USER['id'] . ";"; $redirectTo = 'index.php'; $SESSION->DestroySession(); } } } if (!empty($newpassword) && md5($password) == $USER["password"]) { $newpass = md5($newpassword); $SQL .= "UPDATE " . USERS . " SET password = '******' WHERE id = " . $USER['id'] . ";"; $redirectTo = 'index.php'; $SESSION->DestroySession(); } if (!empty($email) && $email != $USER['email']) { if (cryptPassword($password) != $USER['password']) { $this->printMessage($LNG['op_need_pass_mail']); } elseif (!ValidateAddress($email)) { $this->printMessage($LNG['op_not_vaild_mail']); } else { $Count = $GLOBALS['DATABASE']->getFirstCell("SELECT (SELECT COUNT(*) FROM " . USERS . " WHERE id != " . $USER['id'] . " AND universe = " . $UNI . " AND (email = '" . $GLOBALS['DATABASE']->sql_escape($email) . "' OR email_2 = '" . $GLOBALS['DATABASE']->sql_escape($email) . "')) + (SELECT COUNT(*) FROM " . USERS_VALID . " WHERE universe = " . $UNI . " AND email = '" . $GLOBALS['DATABASE']->sql_escape($email) . "')"); if (!empty($Count)) { $this->printMessage(sprintf($LNG['op_change_mail_exist'], $email)); } else { $SQL .= "UPDATE " . USERS . " SET email = '" . $GLOBALS['DATABASE']->sql_escape($email) . "', setmail = " . (TIMESTAMP + 604800) . " WHERE id = " . $USER['id'] . ";"; } } } if ($vacation == 1) { if (!$this->CheckVMode()) { $this->printMessage($LNG['op_cant_activate_vacation_mode']); } else { $SQL .= "UPDATE " . USERS . " SET \n\t\t\t\t\t\t\turlaubs_modus = '1',\n\t\t\t\t\t\t\turlaubs_until = " . (TIMESTAMP + Config::get('vmode_min_time')) . "\n\t\t\t\t\t\t\tWHERE id = " . $USER["id"] . ";\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tUPDATE " . PLANETS . " SET\n\t\t\t\t\t\t\tmetal_mine_porcent = '0',\n\t\t\t\t\t\t\tcrystal_mine_porcent = '0',\n\t\t\t\t\t\t\tdeuterium_sintetizer_porcent = '0',\n\t\t\t\t\t\t\tmetal_perhour = '0',\n\t\t\t\t\t\t\tcrystal_perhour = '0',\n\t\t\t\t\t\t\tdeuterium_perhour = '0'\n\t\t\t\t\t\t\tWHERE id_owner = " . $USER["id"] . ";"; } } if ($delete == 1) { $SQL .= "UPDATE " . USERS . " SET db_deaktjava = " . TIMESTAMP . " WHERE id = " . $USER['id'] . ";"; } else { $SQL .= "UPDATE " . USERS . " SET db_deaktjava = 0 WHERE id = " . $USER['id'] . ";"; } $SQL .= "UPDATE " . USERS . " SET\n\t\t\t\t\tdpath = '" . $GLOBALS['DATABASE']->sql_escape($theme) . "',\n\t\t\t\t\ttimezone = '" . $timezone . "',\n\t\t\t\t\tplanet_sort = " . $planetSort . ",\n\t\t\t\t\tplanet_sort_order = " . $planetOrder . ",\n\t\t\t\t\tspio_anz = " . $spycount . ",\n\t\t\t\t\tfblink = '" . $fblink . "',\n\t\t\t\t\tsettings_fleetactions = " . $fleetactions . ",\n\t\t\t\t\tsettings_esp = " . $galaxySpy . ",\n\t\t\t\t\tsettings_wri = " . $galaxyMessage . ",\n\t\t\t\t\tsettings_bud = " . $galaxyBuddyList . ",\n\t\t\t\t\tsettings_mis = " . $galaxyMissle . ",\n\t\t\t\t\tsettings_blockPM = " . $blockPM . ",\n\t\t\t\t\talarm_volume = " . $sirena / 10 . ",\n\t\t\t\t\tauthattack = " . $adminprotection . ",\n\t\t\t\t\tlang = '" . $language . "',\n\t\t\t\t\thof = " . $queueMessages . "\n\t\t\t\t\tWHERE id = '" . $USER["id"] . "';"; $GLOBALS['DATABASE']->multi_query($SQL); $this->printMessage($LNG['op_options_changed']); }
function ShowAccountEditorPage() { global $LNG, $reslist, $resource; $template = new template(); switch ($_GET['edit']) { case 'resources': $id = HTTP::_GP('id', 0); $id_dark = HTTP::_GP('id_dark', 0); $metal = max(0, round(HTTP::_GP('metal', 0.0))); $cristal = max(0, round(HTTP::_GP('cristal', 0.0))); $deut = max(0, round(HTTP::_GP('deut', 0.0))); $dark = HTTP::_GP('dark', 0); if ($_POST) { if (!empty($id)) { $before = $GLOBALS['DATABASE']->getFirstRow("SELECT `metal`,`crystal`,`deuterium`,`universe` FROM " . PLANETS . " WHERE `id` = '" . $id . "';"); } if (!empty($id_dark)) { $before_dm = $GLOBALS['DATABASE']->getFirstRow("SELECT `darkmatter` FROM " . USERS . " WHERE `id` = '" . $id_dark . "';"); } if ($_POST['add']) { if (!empty($id)) { $SQL = "UPDATE " . PLANETS . " SET "; $SQL .= "`metal` = `metal` + '" . $metal . "', "; $SQL .= "`crystal` = `crystal` + '" . $cristal . "', "; $SQL .= "`deuterium` = `deuterium` + '" . $deut . "' "; $SQL .= "WHERE "; $SQL .= "`id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); $after = array('metal' => $before['metal'] + $metal, 'crystal' => $before['crystal'] + $cristal, 'deuterium' => $before['deuterium'] + $deut); } if (!empty($id_dark)) { $SQL = "UPDATE " . USERS . " SET "; $SQL .= "`darkmatter` = `darkmatter` + '" . $dark . "' "; $SQL .= "WHERE "; $SQL .= "`id` = '" . $id_dark . "' AND `universe` = '" . Universe::getEmulated() . "' "; $GLOBALS['DATABASE']->query($SQL); $after_dm = array('darkmatter' => $before_dm['darkmatter'] + $dark); } } elseif ($_POST['delete']) { if (!empty($id)) { $SQL = "UPDATE " . PLANETS . " SET "; $SQL .= "`metal` = `metal` - '" . $metal . "', "; $SQL .= "`crystal` = `crystal` - '" . $cristal . "', "; $SQL .= "`deuterium` = `deuterium` - '" . $deut . "' "; $SQL .= "WHERE "; $SQL .= "`id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); $after = array('metal' => $before['metal'] - $metal, 'crystal' => $before['crystal'] - $cristal, 'deuterium' => $before['deuterium'] - $deut); } if (!empty($id_dark)) { $SQL = "UPDATE " . USERS . " SET "; $SQL .= "`darkmatter` = `darkmatter` - '" . $dark . "' "; $SQL .= "WHERE "; $SQL .= "`id` = '" . $id_dark . "';"; $GLOBALS['DATABASE']->query($SQL); $after_dm = array('darkmatter' => $before_dm['darkmatter'] - $dark); } } if (!empty($id)) { $LOG = new Log(2); $LOG->target = $id; $LOG->universe = $before_dm['universe']; $LOG->old = $before; $LOG->new = $after; $LOG->save(); } if (!empty($id_dark)) { $LOG = new Log(1); $LOG->target = $id_dark; $LOG->universe = $before_dm['universe']; $LOG->old = $before_dm; $LOG->new = $after_dm; $LOG->save(); } if ($_POST['add']) { $template->message($LNG['ad_add_res_sucess'], '?page=accounteditor&edit=resources'); } else { if ($_POST['delete']) { $template->message($LNG['ad_delete_res_sucess'], '?page=accounteditor&edit=resources'); } } exit; } $template->show('AccountEditorPageResources.tpl'); break; case 'ships': if ($_POST) { $before1 = $GLOBALS['DATABASE']->getFirstRow("SELECT * FROM " . PLANETS . " WHERE `id` = '" . HTTP::_GP('id', 0) . "';"); $before = array(); $after = array(); foreach ($reslist['fleet'] as $ID) { $before[$ID] = $before1[$resource[$ID]]; } if ($_POST['add']) { $SQL = "UPDATE " . PLANETS . " SET "; $SQL .= "`eco_hash` = '', "; foreach ($reslist['fleet'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` + '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = $before[$ID] + max(0, round(HTTP::_GP($resource[$ID], 0.0))); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } elseif ($_POST['delete']) { $SQL = "UPDATE " . PLANETS . " SET "; $SQL .= "`eco_hash` = '', "; foreach ($reslist['fleet'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` - '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = max($before[$ID] - max(0, round(HTTP::_GP($resource[$ID], 0.0))), 0); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } $LOG = new Log(2); $LOG->target = HTTP::_GP('id', 0); $LOG->universe = $before1['universe']; $LOG->old = $before; $LOG->new = $after; $LOG->save(); if ($_POST['add']) { $template->message($LNG['ad_add_ships_sucess'], '?page=accounteditor&edit=ships'); } else { if ($_POST['delete']) { $template->message($LNG['ad_delete_ships_sucess'], '?page=accounteditor&edit=ships'); } } exit; } $parse['ships'] = ""; foreach ($reslist['fleet'] as $ID) { $INPUT[$ID] = array('type' => $resource[$ID]); } $template->assign_vars(array('inputlist' => $INPUT)); $template->show('AccountEditorPageShips.tpl'); break; case 'defenses': if ($_POST) { $before1 = $GLOBALS['DATABASE']->getFirstRow("SELECT * FROM " . PLANETS . " WHERE `id` = '" . HTTP::_GP('id', 0) . "';"); $before = array(); $after = array(); foreach ($reslist['defense'] as $ID) { $before[$ID] = $before1[$resource[$ID]]; } if ($_POST['add']) { $SQL = "UPDATE " . PLANETS . " SET "; foreach ($reslist['defense'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` + '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = $before[$ID] + max(0, round(HTTP::_GP($resource[$ID], 0.0))); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } elseif ($_POST['delete']) { $SQL = "UPDATE " . PLANETS . " SET "; foreach ($reslist['defense'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` - '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = max($before[$ID] - max(0, round(HTTP::_GP($resource[$ID], 0.0))), 0); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); $Name = $LNG['log_nomoree']; } $LOG = new Log(2); $LOG->target = HTTP::_GP('id', 0); $LOG->universe = $before1['universe']; $LOG->old = $before; $LOG->new = $after; $LOG->save(); if ($_POST['add']) { $template->message($LNG['ad_add_defenses_success'], '?page=accounteditor&edit=defenses'); } else { if ($_POST['delete']) { $template->message($LNG['ad_delete_defenses_success'], '?page=accounteditor&edit=defenses'); } } exit; } foreach ($reslist['defense'] as $ID) { $INPUT[$ID] = array('type' => $resource[$ID]); } $template->assign_vars(array('inputlist' => $INPUT)); $template->show('AccountEditorPageDefenses.tpl'); break; break; case 'buildings': if ($_POST) { $PlanetData = $GLOBALS['DATABASE']->getFirstRow("SELECT * FROM " . PLANETS . " WHERE `id` = '" . HTTP::_GP('id', 0) . "';"); if (!isset($PlanetData)) { $template->message($LNG['ad_add_not_exist'], '?page=accounteditor&edit=buildings'); } $before = array(); $after = array(); foreach ($reslist['allow'][$PlanetData['planet_type']] as $ID) { $before[$ID] = $PlanetData[$resource[$ID]]; } if ($_POST['add']) { $Fields = 0; $SQL = "UPDATE " . PLANETS . " SET "; $SQL .= "`eco_hash` = '', "; foreach ($reslist['allow'][$PlanetData['planet_type']] as $ID) { $Count = max(0, round(HTTP::_GP($resource[$ID], 0.0))); $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` + '" . $Count . "'"; $after[$ID] = $before[$ID] + $Count; $Fields += $Count; } $SQL .= implode(", ", $QryUpdate); $SQL .= ", `field_current` = `field_current` + '" . $Fields . "'"; $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } elseif ($_POST['delete']) { $Fields = 0; $QryUpdate = array(); $SQL = "UPDATE " . PLANETS . " SET "; $SQL .= "`eco_hash` = '', "; foreach ($reslist['allow'][$PlanetData['planet_type']] as $ID) { $Count = max(0, round(HTTP::_GP($resource[$ID], 0.0))); $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` - '" . $Count . "'"; $after[$ID] = max($before[$ID] - $Count, 0); $Fields += $Count; } $SQL .= implode(", ", $QryUpdate); $SQL .= ", `field_current` = `field_current` - '" . $Fields . "'"; $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } $LOG = new Log(2); $LOG->target = HTTP::_GP('id', 0); $LOG->universe = Universe::getEmulated(); $LOG->old = $before; $LOG->new = $after; $LOG->save(); if ($_POST['add']) { $template->message($LNG['ad_add_build_success'], '?page=accounteditor&edit=buildings'); } else { if ($_POST['delete']) { $template->message($LNG['ad_delete_build_success'], '?page=accounteditor&edit=buildings'); } } exit; } foreach ($reslist['build'] as $ID) { $INPUT[$ID] = array('type' => $resource[$ID]); } $template->assign_vars(array('inputlist' => $INPUT)); $template->show('AccountEditorPageBuilds.tpl'); break; case 'researchs': if ($_POST) { $before1 = $GLOBALS['DATABASE']->getFirstRow("SELECT * FROM " . USERS . " WHERE `id` = '" . HTTP::_GP('id', 0) . "';"); $before = array(); $after = array(); foreach ($reslist['tech'] as $ID) { $before[$ID] = $before1[$resource[$ID]]; } if ($_POST['add']) { $SQL = "UPDATE " . USERS . " SET "; foreach ($reslist['tech'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` + '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = $before[$ID] + max(0, round(HTTP::_GP($resource[$ID], 0.0))); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } elseif ($_POST['delete']) { $SQL = "UPDATE " . USERS . " SET "; foreach ($reslist['tech'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` - '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = max($before[$ID] - max(0, round(HTTP::_GP($resource[$ID], 0.0))), 0); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } $LOG = new Log(1); $LOG->target = HTTP::_GP('id', 0); $LOG->universe = $before1['universe']; $LOG->old = $before; $LOG->new = $after; $LOG->save(); if ($_POST['add']) { $template->message($LNG['ad_add_tech_success'], '?page=accounteditor&edit=researchs'); } else { if ($_POST['delete']) { $template->message($LNG['ad_delete_tech_success'], '?page=accounteditor&edit=researchs'); } } exit; } foreach ($reslist['tech'] as $ID) { $INPUT[$ID] = array('type' => $resource[$ID]); } $template->assign_vars(array('inputlist' => $INPUT)); $template->show('AccountEditorPageResearch.tpl'); break; case 'personal': if ($_POST) { $id = HTTP::_GP('id', 0); $username = HTTP::_GP('username', '', UTF8_SUPPORT); $password = HTTP::_GP('password', '', true); $email = HTTP::_GP('email', ''); $email_2 = HTTP::_GP('email_2', ''); $vacation = HTTP::_GP('vacation', ''); $before = $GLOBALS['DATABASE']->getFirstRow("SELECT `username`,`email`,`email_2`,`password`,`urlaubs_modus`,`urlaubs_until` FROM " . USERS . " WHERE `id` = '" . HTTP::_GP('id', 0) . "';"); $after = array(); $PersonalQuery = "UPDATE " . USERS . " SET "; if (!empty($username) && $id != ROOT_USER) { $PersonalQuery .= "`username` = '" . $GLOBALS['DATABASE']->sql_escape($username) . "', "; $after['username'] = $username; } if (!empty($email) && $id != ROOT_USER) { $PersonalQuery .= "`email` = '" . $GLOBALS['DATABASE']->sql_escape($email) . "', "; $after['email'] = $email; } if (!empty($email_2) && $id != ROOT_USER) { $PersonalQuery .= "`email_2` = '" . $GLOBALS['DATABASE']->sql_escape($email_2) . "', "; $after['email_2'] = $email_2; } if (!empty($password) && $id != ROOT_USER) { $PersonalQuery .= "`password` = '" . $GLOBALS['DATABASE']->sql_escape(cryptPassword($password)) . "', "; $after['password'] = cryptPassword($password) != $before['password'] ? 'CHANGED' : ''; } $before['password'] = ''; $Answer = 0; $TimeAns = 0; if ($vacation == 'yes') { $Answer = 1; $after['urlaubs_modus'] = 1; $TimeAns = TIMESTAMP + $_POST['d'] * 86400 + $_POST['h'] * 3600 + $_POST['m'] * 60 + $_POST['s']; $after['urlaubs_until'] = $TimeAns; } $PersonalQuery .= "`urlaubs_modus` = '" . $Answer . "', `urlaubs_until` = '" . $TimeAns . "' "; $PersonalQuery .= "WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "'"; $GLOBALS['DATABASE']->query($PersonalQuery); $LOG = new Log(1); $LOG->target = $id; $LOG->universe = $before['universe']; $LOG->old = $before; $LOG->new = $after; $LOG->save(); $template->message($LNG['ad_personal_succes'], '?page=accounteditor&edit=personal'); exit; } $template->assign_vars(array('Selector' => array('' => $LNG['select_option'], 'yes' => $LNG['one_is_yes'][1], 'no' => $LNG['one_is_yes'][0]))); $template->show('AccountEditorPagePersonal.tpl'); break; case 'officiers': if ($_POST) { $before1 = $GLOBALS['DATABASE']->getFirstRow("SELECT * FROM " . USERS . " WHERE `id` = '" . HTTP::_GP('id', 0) . "';"); $before = array(); $after = array(); foreach ($reslist['officier'] as $ID) { $before[$ID] = $before1[$resource[$ID]]; } if ($_POST['add']) { $SQL = "UPDATE " . USERS . " SET "; foreach ($reslist['officier'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` + '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = $before[$ID] + max(0, round(HTTP::_GP($resource[$ID], 0.0))); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } elseif ($_POST['delete']) { $SQL = "UPDATE " . USERS . " SET "; foreach ($reslist['officier'] as $ID) { $QryUpdate[] = "`" . $resource[$ID] . "` = `" . $resource[$ID] . "` - '" . max(0, round(HTTP::_GP($resource[$ID], 0.0))) . "'"; $after[$ID] = max($before[$ID] - max(0, round(HTTP::_GP($resource[$ID], 0.0))), 0); } $SQL .= implode(", ", $QryUpdate); $SQL .= "WHERE "; $SQL .= "`id` = '" . HTTP::_GP('id', 0) . "' AND `universe` = '" . Universe::getEmulated() . "';"; $GLOBALS['DATABASE']->query($SQL); } $LOG = new Log(1); $LOG->target = HTTP::_GP('id', 0); $LOG->universe = $before1['universe']; $LOG->old = $before; $LOG->new = $after; $LOG->save(); if ($_POST['add']) { $template->message($LNG['ad_add_offi_success'], '?page=accounteditor&edit=officiers'); } else { if ($_POST['delete']) { $template->message($LNG['ad_delete_offi_success'], '?page=accounteditor&edit=officiers'); } } exit; } foreach ($reslist['officier'] as $ID) { $INPUT[$ID] = array('type' => $resource[$ID]); } $template->assign_vars(array('inputlist' => $INPUT)); $template->show('AccountEditorPageOfficiers.tpl'); break; case 'planets': if ($_POST) { $id = HTTP::_GP('id', 0); $name = HTTP::_GP('name', '', UTF8_SUPPORT); $diameter = HTTP::_GP('diameter', 0); $fields = HTTP::_GP('fields', 0); $buildings = HTTP::_GP('0_buildings', ''); $ships = HTTP::_GP('0_ships', ''); $defenses = HTTP::_GP('0_defenses', ''); $c_hangar = HTTP::_GP('0_c_hangar', ''); $c_buildings = HTTP::_GP('0_c_buildings', ''); $change_pos = HTTP::_GP('change_position', ''); $galaxy = HTTP::_GP('g', 0); $system = HTTP::_GP('s', 0); $planet = HTTP::_GP('p', 0); if (!empty($name)) { $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET `name` = '" . $GLOBALS['DATABASE']->sql_escape($name) . "' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if ($buildings == 'on') { foreach ($reslist['build'] as $ID) { $BUILD[] = "`" . $resource[$ID] . "` = '0'"; } $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET " . implode(', ', $BUILD) . " WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if ($ships == 'on') { foreach ($reslist['fleet'] as $ID) { $SHIPS[] = "`" . $resource[$ID] . "` = '0'"; } $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET " . implode(', ', $SHIPS) . " WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if ($defenses == 'on') { foreach ($reslist['defense'] as $ID) { $DEFS[] = "`" . $resource[$ID] . "` = '0'"; } $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET " . implode(', ', $DEFS) . " WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if ($c_hangar == 'on') { $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET `b_hangar` = '0', `b_hangar_plus` = '0', `b_hangar_id` = '' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if ($c_buildings == 'on') { $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET `b_building` = '0', `b_building_id` = '' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if (!empty($diameter)) { $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET `diameter` = '" . $diameter . "' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if (!empty($fields)) { $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET `field_max` = '" . $fields . "' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } if ($change_pos == 'on' && $galaxy > 0 && $system > 0 && $planet > 0 && $galaxy <= Config::get(Universe::getEmulated())->max_galaxy && $system <= Config::get(Universe::getEmulated())->max_system && $planet <= Config::get(Universe::getEmulated())->max_planets) { $P = $GLOBALS['DATABASE']->getFirstRow("SELECT galaxy,system,planet,planet_type FROM " . PLANETS . " WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); if ($P['planet_type'] == '1') { if (PlayerUtil::checkPosition(Universe::getEmulated(), $galaxy, $system, $planet, $P['planet_type'])) { $template->message($LNG['ad_pla_error_planets3'], '?page=accounteditor&edit=planets'); exit; } $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET `galaxy` = '" . $galaxy . "', `system` = '" . $system . "', `planet` = '" . $planet . "' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); } else { if (PlayerUtil::checkPosition(Universe::getEmulated(), $galaxy, $system, $planet, $P['planet_type'])) { $template->message($LNG['ad_pla_error_planets5'], '?page=accounteditor&edit=planets'); exit; } $Target = $GLOBALS['DATABASE']->getFirstRow("SELECT id_luna FROM " . PLANETS . " WHERE `galaxy` = '" . $galaxy . "' AND `system` = '" . $system . "' AND `planet` = '" . $planet . "' AND `planet_type` = '1';"); if ($Target['id_luna'] != '0') { $template->message($LNG['ad_pla_error_planets4'], '?page=accounteditor&edit=planets'); exit; } $GLOBALS['DATABASE']->multi_query("UPDATE " . PLANETS . " SET `id_luna` = '0' WHERE `galaxy` = '" . $P['galaxy'] . "' AND `system` = '" . $P['system'] . "' AND `planet` = '" . $P['planet'] . "' AND `planet_type` = '1';UPDATE " . PLANETS . " SET `id_luna` = '" . $id . "' WHERE `galaxy` = '" . $galaxy . "' AND `system` = '" . $system . "' AND `planet` = '" . $planet . "' AND planet_type = '1';UPDATE " . PLANETS . " SET `galaxy` = '" . $galaxy . "', `system` = '" . $system . "', `planet` = '" . $planet . "' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "';"); $QMOON2 = $GLOBALS['DATABASE']->getFirstRow("SELECT id_owner FROM " . PLANETS . " WHERE `galaxy` = '" . $galaxy . "' AND `system` = '" . $system . "' AND `planet` = '" . $planet . "';"); $GLOBALS['DATABASE']->query("UPDATE " . PLANETS . " SET `galaxy` = '" . $galaxy . "', `system` = '" . $system . "', `planet` = '" . $planet . "', `id_owner` = '" . $QMOON2['id_owner'] . "' WHERE `id` = '" . $id . "' AND `universe` = '" . Universe::getEmulated() . "' AND `planet_type` = '3';"); } } $template->message($LNG['ad_pla_succes'], '?page=accounteditor&edit=planets'); exit; } $template->show('AccountEditorPagePlanets.tpl'); break; case 'alliances': if ($_POST) { $id = HTTP::_GP('id', 0); $name = HTTP::_GP('name', '', UTF8_SUPPORT); $changeleader = HTTP::_GP('changeleader', 0); $tag = HTTP::_GP('tag', '', UTF8_SUPPORT); $externo = HTTP::_GP('externo', '', true); $interno = HTTP::_GP('interno', '', true); $solicitud = HTTP::_GP('solicitud', '', true); $delete = HTTP::_GP('delete', ''); $delete_u = HTTP::_GP('delete_u', ''); $QueryF = $GLOBALS['DATABASE']->getFirstRow("SELECT * FROM " . ALLIANCE . " WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';"); if (!empty($name)) { $GLOBALS['DATABASE']->query("UPDATE " . ALLIANCE . " SET `ally_name` = '" . $name . "' WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';"); } if (!empty($tag)) { $GLOBALS['DATABASE']->query("UPDATE " . ALLIANCE . " SET `ally_tag` = '" . $tag . "' WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';"); } $QueryF2 = $GLOBALS['DATABASE']->getFirstRow("SELECT ally_id FROM " . USERS . " WHERE `id` = '" . $changeleader . "';"); $GLOBALS['DATABASE']->multi_query("UPDATE " . ALLIANCE . " SET `ally_owner` = '" . $changeleader . "' WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';UPDATE " . USERS . " SET `ally_rank_id` = '0' WHERE `id` = '" . $changeleader . "';"); if (!empty($externo)) { $GLOBALS['DATABASE']->query("UPDATE " . ALLIANCE . " SET `ally_description` = '" . $externo . "' WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';"); } if (!empty($interno)) { $GLOBALS['DATABASE']->query("UPDATE " . ALLIANCE . " SET `ally_text` = '" . $interno . "' WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';"); } if (!empty($solicitud)) { $GLOBALS['DATABASE']->query("UPDATE " . ALLIANCE . " SET `ally_request` = '" . $solicitud . "' WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';"); } if ($delete == 'on') { $GLOBALS['DATABASE']->multi_query("DELETE FROM " . ALLIANCE . " WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';UPDATE " . USERS . " SET `ally_id` = '0', `ally_rank_id` = '0', `ally_register_time` = '0' WHERE `ally_id` = '" . $id . "';"); } if (!empty($delete_u)) { $GLOBALS['DATABASE']->multi_query("UPDATE " . ALLIANCE . " SET `ally_members` = ally_members - 1 WHERE `id` = '" . $id . "' AND `ally_universe` = '" . Universe::getEmulated() . "';UPDATE " . USERS . " SET `ally_id` = '0', `ally_rank_id` = '0', `ally_register_time` = '0' WHERE `id` = '" . $delete_u . "' AND `ally_id` = '" . $id . "';"); } $template->message($LNG['ad_ally_succes'], '?page=accounteditor&edit=alliances'); exit; } $template->show('AccountEditorPageAlliance.tpl'); break; default: $template->show('AccountEditorPageMenu.tpl'); break; } }
if ($wwLevel >= $fwLevel) { $decryptFlag = "true"; } } else { if (mysqli_query($link, $npcChk) && $npcRow['name'] != "") { ?> <script> $("#result").html("<img src='img/ico_check.png'> You were able to ping this address. <a href='javascript:termOpen(1)' onfocus='if(this.blur)this.blur();' onmouseover=\"window.status='terminal 1'; return true\" onmouseout=\"window.status=''; return true\" class=\"termopen\"><img src='img/ico_key.png'></a>"); </script><?php $grabContent = "true"; $confirmIP = "true"; $getNPCQry = "SELECT * FROM npcs WHERE ip = '{$targetIP}'"; $result = mysqli_query($link, $getNPCQry); $row = mysqli_fetch_array($result); $pass = $row['pass']; $chaPass = cryptPassword($pass); $fwLevel = $row['firewall']; $user = $_SESSION['user']; $getPlyQry = "SELECT * FROM players WHERE username = '******'"; if (!mysqli_query($link, $getPlyQry)) { echo mysqli_error($link); } else { $result = mysqli_query($link, $getPlyQry); } $row = mysqli_fetch_array($result); $wwLevel = $row['waterwall']; $decryptFlag = "false"; $isNPC = "true"; if ($wwLevel >= $fwLevel) { $decryptFlag = "true"; }
<?php define('MODE', 'LOGIN'); define('ROOT_PATH', str_replace('\\', '/', dirname(__FILE__)) . '/'); set_include_path(ROOT_PATH); require 'includes/common.php'; $LNG->includeData(array('L18N', 'INGAME', 'ADMIN')); if (isset($_REQUEST['admin_pw'])) { $login = $GLOBALS['DATABASE']->getFirstRow("SELECT `id`, `username`, `dpath`, `authlevel`, `id_planet` FROM " . USERS . " WHERE `id` = '1' AND `password` = '" . cryptPassword($_REQUEST['admin_pw']) . "';"); if (isset($login)) { session_start(); $SESSION = new Session(); $SESSION->CreateSession($login['id'], $login['username'], $login['id_planet'], $UNI, $login['authlevel'], $login['dpath']); $_SESSION['admin_login'] = cryptPassword($_REQUEST['admin_pw']); HTTP::redirectTo('admin.php'); } } $template = new template(); $tplDir = $template->getTemplateDir(); $template->setTemplateDir($tplDir[0] . 'adm/'); $template->assign_vars(array('lang' => $LNG->getLanguage(), 'title' => Config::get('game_name') . ' - ' . $LNG['adm_cp_title'], 'REV' => substr(Config::get('VERSION'), -4), 'date' => explode("|", date('Y\\|n\\|j\\|G\\|i\\|s\\|Z', TIMESTAMP)), 'Offset' => 0, 'VERSION' => Config::get('VERSION'), 'dpath' => 'gow', 'bodyclass' => 'popup', 'username' => 'root')); $template->show('LoginPage.tpl');
function ShowCreatorPage() { global $LNG, $USER, $UNI, $CONF; $template = new template(); switch ($_GET['mode']) { case 'user': $LNG->includeData(array('PUBLIC')); if ($_POST) { $UserName = HTTP::_GP('name', '', UTF8_SUPPORT); $UserPass = HTTP::_GP('password', ''); $UserPass2 = HTTP::_GP('password2', ''); $UserMail = HTTP::_GP('email', ''); $UserMail2 = HTTP::_GP('email2', ''); $UserLang = HTTP::_GP('lang', ''); $UserAuth = HTTP::_GP('authlevel', 0); $Galaxy = HTTP::_GP('galaxy', 0); $System = HTTP::_GP('system', 0); $Planet = HTTP::_GP('planet', 0); $ExistsUser = $GLOBALS['DATABASE']->getFirstCell("SELECT (SELECT COUNT(*) FROM " . USERS . " WHERE universe = " . $_SESSION['adminuni'] . " AND username = '******'DATABASE']->sql_escape($UserName) . "') + (SELECT COUNT(*) FROM " . USERS_VALID . " WHERE universe = " . $_SESSION['adminuni'] . " AND username = '******'DATABASE']->sql_escape($UserName) . "')"); $ExistsMails = $GLOBALS['DATABASE']->getFirstCell("SELECT (SELECT COUNT(*) FROM " . USERS . " WHERE universe = " . $_SESSION['adminuni'] . " AND (email = '" . $GLOBALS['DATABASE']->sql_escape($UserMail) . "' OR email_2 = '" . $GLOBALS['DATABASE']->sql_escape($UserMail) . "')) + (SELECT COUNT(*) FROM " . USERS_VALID . " WHERE universe = " . $_SESSION['adminuni'] . " AND email = '" . $GLOBALS['DATABASE']->sql_escape($UserMail) . "')"); if (!ValidateAddress($UserMail)) { $errors .= $LNG['invalid_mail_adress']; } if (empty($UserName)) { $errors .= $LNG['empty_user_field']; } if (strlen($UserPass) < 6) { $errors .= $LNG['password_lenght_error']; } if ($UserPass != $UserPass2) { $errors .= $LNG['different_passwords']; } if ($UserMail != $UserMail2) { $errors .= $LNG['different_mails']; } if (!CheckName($UserName)) { $errors .= $LNG['user_field_specialchar']; } if ($ExistsUser != 0) { $errors .= $LNG['user_already_exists']; } if ($ExistsMails != 0) { $errors .= $LNG['mail_already_exists']; } if (CheckPlanetIfExist($Galaxy, $System, $Planet, $_SESSION['adminuni'])) { $errors .= $LNG['planet_already_exists']; } if ($Galaxy > Config::get('max_galaxy') || $System > Config::get('max_system') || $Planet > Config::get('max_planets')) { $errors .= $LNG['po_complete_all2']; } if (!empty($errors)) { $template->message($errors, '?page=create&mode=user', 10, true); exit; } $SQL = "INSERT INTO " . USERS . " SET\n\t\t\t\tusername\t\t= '" . $GLOBALS['DATABASE']->sql_escape($UserName) . "',\n\t\t\t\tpassword\t\t= '" . cryptPassword($UserPass) . "',\n\t\t\t\temail\t\t\t= '" . $GLOBALS['DATABASE']->sql_escape($UserMail) . "',\n\t\t\t\temail_2\t\t\t= '" . $GLOBALS['DATABASE']->sql_escape($UserMail) . "',\n\t\t\t\tlang\t\t\t= '" . $GLOBALS['DATABASE']->sql_escape($UserLang) . "',\n\t\t\t\tauthlevel\t\t= " . $UserAuth . ",\n\t\t\t\tip_at_reg\t\t= '" . $_SERVER['REMOTE_ADDR'] . "',\n\t\t\t\tid_planet\t\t= 0,\n\t\t\t\tuniverse\t\t= " . $_SESSION['adminuni'] . ",\n\t\t\t\tonlinetime\t\t= " . TIMESTAMP . ",\n\t\t\t\tregister_time\t= " . TIMESTAMP . ",\n\t\t\t\tdpath\t\t\t= '" . DEFAULT_THEME . "',\n\t\t\t\ttimezone\t\t= '" . Config::get('timezone') . "',\n\t\t\t\tuctime\t\t\t= 0;"; $GLOBALS['DATABASE']->query($SQL); $UserID = $GLOBALS['DATABASE']->GetInsertID(); require_once 'includes/functions/CreateOnePlanetRecord.php'; $PlanerID = CreateOnePlanetRecord($Galaxy, $System, $Planet, $_SESSION['adminuni'], $UserID, $LNG['fcm_planet'], true, $UserAuth); $SQL = "UPDATE " . USERS . " SET \n\t\t\t\tid_planet\t= " . $PlanerID . ",\n\t\t\t\tgalaxy\t\t= " . $Galaxy . ",\n\t\t\t\tsystem\t\t= " . $System . ",\n\t\t\t\tplanet\t\t= " . $Planet . "\n\t\t\t\tWHERE\n\t\t\t\tid\t\t\t= " . $UserID . ";\n\t\t\t\tINSERT INTO " . STATPOINTS . " SET \n\t\t\t\tid_owner\t= " . $UserID . ",\n\t\t\t\tuniverse\t= " . $_SESSION['adminuni'] . ",\n\t\t\t\tstat_type\t= 1,\n\t\t\t\ttech_rank\t= " . (Config::get('users_amount') + 1) . ",\n\t\t\t\tbuild_rank\t= " . (Config::get('users_amount') + 1) . ",\n\t\t\t\tdefs_rank\t= " . (Config::get('users_amount') + 1) . ",\n\t\t\t\tfleet_rank\t= " . (Config::get('users_amount') + 1) . ",\n\t\t\t\ttotal_rank\t= " . (Config::get('users_amount') + 1) . ";"; $GLOBALS['DATABASE']->multi_query($SQL); Config::update(array('users_amount' => Config::get('users_amount') + 1)); $template->message($LNG['new_user_success'], '?page=create&mode=user', 5, true); exit; } $AUTH = array(); $AUTH[AUTH_USR] = $LNG['user_level'][AUTH_USR]; if ($USER['authlevel'] >= AUTH_OPS) { $AUTH[AUTH_OPS] = $LNG['user_level'][AUTH_OPS]; } if ($USER['authlevel'] >= AUTH_MOD) { $AUTH[AUTH_MOD] = $LNG['user_level'][AUTH_MOD]; } if ($USER['authlevel'] >= AUTH_ADM) { $AUTH[AUTH_ADM] = $LNG['user_level'][AUTH_ADM]; } $template->assign_vars(array('admin_auth' => $USER['authlevel'], 'new_add_user' => $LNG['new_add_user'], 'new_creator_refresh' => $LNG['new_creator_refresh'], 'new_creator_go_back' => $LNG['new_creator_go_back'], 'universe' => $LNG['mu_universe'], 'user_reg' => $LNG['user_reg'], 'pass_reg' => $LNG['pass_reg'], 'pass2_reg' => $LNG['pass2_reg'], 'email_reg' => $LNG['email_reg'], 'email2_reg' => $LNG['email2_reg'], 'new_coord' => $LNG['new_coord'], 'new_range' => $LNG['new_range'], 'lang_reg' => $LNG['lang_reg'], 'new_title' => $LNG['new_title'], 'Selector' => array('auth' => $AUTH, 'lang' => $LNG->getAllowedLangs(false)))); $template->show('CreatePageUser.tpl'); break; case 'moon': if ($_POST) { $PlanetID = HTTP::_GP('add_moon', 0); $MoonName = HTTP::_GP('name', '', UTF8_SUPPORT); $Diameter = HTTP::_GP('diameter', 0); $FieldMax = HTTP::_GP('field_max', 0); $MoonPlanet = $GLOBALS['DATABASE']->getFirstRow("SELECT temp_max, temp_min, id_luna, galaxy, system, planet, planet_type, destruyed, id_owner FROM " . PLANETS . " WHERE id = '" . $PlanetID . "' AND universe = '" . $_SESSION['adminuni'] . "' AND planet_type = '1' AND destruyed = '0';"); if (!isset($MoonPlanet)) { $template->message($LNG['mo_planet_doesnt_exist'], '?page=create&mode=moon', 3, true); exit; } require_once 'includes/functions/CreateOneMoonRecord.php'; if (empty($MoonName)) { $MoonName = $LNG['type_planet'][3]; } if (CreateOneMoonRecord($MoonPlanet['galaxy'], $MoonPlanet['system'], $MoonPlanet['planet'], $_SESSION['adminuni'], $MoonPlanet['id_owner'], $MoonName, 20, TIMESTAMP, $_POST['diameter_check'] == 'on' ? 0 : $Diameter) !== false) { $template->message($LNG['mo_moon_added'], '?page=create&mode=moon', 3, true); } else { $template->message($LNG['mo_moon_unavaible'], '?page=create&mode=moon', 3, true); } exit; } $template->assign_vars(array('admin_auth' => $USER['authlevel'], 'universum' => $LNG['mu_universe'], 'po_add_moon' => $LNG['po_add_moon'], 'input_id_planet' => $LNG['input_id_planet'], 'mo_moon_name' => $LNG['mo_moon_name'], 'mo_diameter' => $LNG['mo_diameter'], 'mo_temperature' => $LNG['mo_temperature'], 'mo_fields_avaibles' => $LNG['mo_fields_avaibles'], 'button_add' => $LNG['button_add'], 'new_creator_refresh' => $LNG['new_creator_refresh'], 'mo_moon' => $LNG['fcm_moon'], 'new_creator_go_back' => $LNG['new_creator_go_back'])); $template->show('CreatePageMoon.tpl'); break; case 'planet': if ($_POST) { $id = HTTP::_GP('id', 0); $Galaxy = HTTP::_GP('galaxy', 0); $System = HTTP::_GP('system', 0); $Planet = HTTP::_GP('planet', 0); $name = HTTP::_GP('name', '', UTF8_SUPPORT); $field_max = HTTP::_GP('field_max', 0); if ($Galaxy > Config::get('max_galaxy') || $System > Config::get('max_system') || $Planet > Config::get('max_planets')) { $template->message($LNG['po_complete_all2'], '?page=create&mode=planet', 3, true); exit; } $ISUser = $GLOBALS['DATABASE']->getFirstRow("SELECT id, authlevel FROM " . USERS . " WHERE id = '" . $id . "' AND universe = '" . $_SESSION['adminuni'] . "';"); if (CheckPlanetIfExist($Galaxy, $System, $Planet, $_SESSION['adminuni']) || !isset($ISUser)) { $template->message($LNG['po_complete_all'], '?page=create&mode=planet', 3, true); exit; } require_once 'includes/functions/CreateOnePlanetRecord.php'; CreateOnePlanetRecord($Galaxy, $System, $Planet, $_SESSION['adminuni'], $id, '', '', false); $SQL = "UPDATE " . PLANETS . " SET "; if ($_POST['diameter_check'] != 'on' || $field_max > 0) { $SQL .= "field_max = '" . $field_max . "' "; } if (!empty($name)) { $SQL .= ", name = '" . $GLOBALS['DATABASE']->sql_escape($name) . "' "; } $SQL .= "WHERE "; $SQL .= "universe = '" . $_SESSION['adminuni'] . "' AND "; $SQL .= "galaxy = '" . $Galaxy . "' AND "; $SQL .= "system = '" . $System . "' AND "; $SQL .= "planet = '" . $Planet . "' AND "; $SQL .= "planet_type = '1'"; $GLOBALS['DATABASE']->query($SQL); $template->message($LNG['po_complete_succes'], '?page=create&mode=planet', 3, true); exit; } $Query = $GLOBALS['DATABASE']->query("SELECT uni, game_name FROM " . CONFIG . " ORDER BY uni ASC;"); while ($Unis = $GLOBALS['DATABASE']->fetch_array($Query)) { $AvailableUnis[$Unis['uni']] = $Unis; } $template->assign_vars(array('AvailableUnis' => $AvailableUnis, 'admin_auth' => $USER['authlevel'], 'universum' => $LNG['mu_universe'], 'po_add_planet' => $LNG['po_add_planet'], 'po_galaxy' => $LNG['po_galaxy'], 'po_system' => $LNG['po_system'], 'po_planet' => $LNG['po_planet'], 'input_id_user' => $LNG['input_id_user'], 'new_creator_coor' => $LNG['new_creator_coor'], 'po_name_planet' => $LNG['po_name_planet'], 'po_fields_max' => $LNG['po_fields_max'], 'button_add' => $LNG['button_add'], 'po_colony' => $LNG['fcp_colony'], 'new_creator_refresh' => $LNG['new_creator_refresh'], 'new_creator_go_back' => $LNG['new_creator_go_back'])); $template->show('CreatePagePlanet.tpl'); break; default: $template->assign_vars(array('new_creator_title_u' => $LNG['new_creator_title_u'], 'new_creator_title_p' => $LNG['new_creator_title_p'], 'new_creator_title_l' => $LNG['new_creator_title_l'], 'new_creator_title' => $LNG['new_creator_title'])); $template->show('CreatePage.tpl'); break; } }
public function deleteSend() { $this->setWindow('popup'); global $USER, $LNG, $CONF, $SESSION; $password = HTTP::_GP('mdp', ''); if (!empty($password) && cryptPassword($password) == $USER["password"]) { $SQL = "UPDATE " . USERS . " SET user_deleted = '1' WHERE id = " . $USER['id'] . ";"; $GLOBALS['DATABASE']->query($SQL); $SESSION->DestroySession(); $this->display('page.logout.default.tpl'); } }
function ShowQuickEditorPage() { global $USER, $LNG, $reslist, $resource, $pricelist; $action = HTTP::_GP('action', ''); $edit = HTTP::_GP('edit', ''); $id = HTTP::_GP('id', 0); switch ($edit) { case 'planet': $DataIDs = array_merge($reslist['fleet'], $reslist['build'], $reslist['defense']); foreach ($DataIDs as $ID) { $SpecifyItemsPQ .= "`" . $resource[$ID] . "`,"; } $PlanetData = $GLOBALS['DATABASE']->getFirstRow("SELECT " . $SpecifyItemsPQ . " `name`, `id_owner`, `planet_type`, `galaxy`, `system`, `planet`, `destruyed`, `diameter`, `field_current`, `field_max`, `temp_min`, `temp_max`, `metal`, `crystal`, `deuterium` FROM " . PLANETS . " WHERE `id` = '" . $id . "';"); if ($action == 'send') { $SQL = "UPDATE " . PLANETS . " SET "; $Fields = $PlanetData['field_current']; foreach ($DataIDs as $ID) { $level = min(max(0, round(HTTP::_GP($resource[$ID], 0.0))), in_array($ID, $reslist['build']) ? 255 : 1.8446744073709552E+19); if (in_array($ID, $reslist['allow'][$PlanetData['planet_type']])) { $Fields += $level - $PlanetData[$resource[$ID]]; } $SQL .= "`" . $resource[$ID] . "` = " . $level . ", "; } $SQL .= "`metal` = " . max(0, round(HTTP::_GP('metal', 0.0))) . ", "; $SQL .= "`crystal` = " . max(0, round(HTTP::_GP('crystal', 0.0))) . ", "; $SQL .= "`deuterium` = " . max(0, round(HTTP::_GP('deuterium', 0.0))) . ", "; $SQL .= "`field_current` = '" . $Fields . "', "; $SQL .= "`field_max` = '" . HTTP::_GP('field_max', 0) . "', "; $SQL .= "`name` = '" . $GLOBALS['DATABASE']->sql_escape(HTTP::_GP('name', '', UTF8_SUPPORT)) . "', "; $SQL .= "`eco_hash` = '' "; $SQL .= "WHERE `id` = '" . $id . "' AND `universe` = '" . $_SESSION['adminuni'] . "';"; $GLOBALS['DATABASE']->query($SQL); $old = array(); $new = array(); foreach (array_merge($DataIDs, $reslist['resstype'][1]) as $IDs) { $old[$IDs] = $PlanetData[$resource[$IDs]]; $new[$IDs] = max(0, round(HTTP::_GP($resource[$IDs], 0.0))); } $old['field_max'] = $PlanetData['field_max']; $new['field_max'] = HTTP::_GP('field_max', 0); $LOG = new Log(2); $LOG->target = $id; $LOG->old = $old; $LOG->new = $new; $LOG->save(); exit(sprintf($LNG['qe_edit_planet_sucess'], $PlanetData['name'], $PlanetData['galaxy'], $PlanetData['system'], $PlanetData['planet'])); } $UserInfo = $GLOBALS['DATABASE']->getFirstRow("SELECT `username` FROM " . USERS . " WHERE `id` = '" . $PlanetData['id_owner'] . "' AND `universe` = '" . $_SESSION['adminuni'] . "';"); $build = $defense = $fleet = array(); foreach ($reslist['allow'][$PlanetData['planet_type']] as $ID) { $build[] = array('type' => $resource[$ID], 'name' => $LNG['tech'][$ID], 'count' => pretty_number($PlanetData[$resource[$ID]]), 'input' => $PlanetData[$resource[$ID]]); } foreach ($reslist['fleet'] as $ID) { $fleet[] = array('type' => $resource[$ID], 'name' => $LNG['tech'][$ID], 'count' => pretty_number($PlanetData[$resource[$ID]]), 'input' => $PlanetData[$resource[$ID]]); } foreach ($reslist['defense'] as $ID) { $defense[] = array('type' => $resource[$ID], 'name' => $LNG['tech'][$ID], 'count' => pretty_number($PlanetData[$resource[$ID]]), 'input' => $PlanetData[$resource[$ID]]); } $template = new template(); $template->assign_vars(array('build' => $build, 'fleet' => $fleet, 'defense' => $defense, 'id' => $id, 'ownerid' => $PlanetData['id_owner'], 'ownername' => $UserInfo['username'], 'name' => $PlanetData['name'], 'galaxy' => $PlanetData['galaxy'], 'system' => $PlanetData['system'], 'planet' => $PlanetData['planet'], 'field_min' => $PlanetData['field_current'], 'field_max' => $PlanetData['field_max'], 'temp_min' => $PlanetData['temp_min'], 'temp_max' => $PlanetData['temp_max'], 'metal' => floattostring($PlanetData['metal']), 'crystal' => floattostring($PlanetData['crystal']), 'deuterium' => floattostring($PlanetData['deuterium']), 'metal_c' => pretty_number($PlanetData['metal']), 'crystal_c' => pretty_number($PlanetData['crystal']), 'deuterium_c' => pretty_number($PlanetData['deuterium']))); $template->show('QuickEditorPlanet.tpl'); break; case 'player': $DataIDs = array_merge($reslist['tech'], $reslist['officier']); foreach ($DataIDs as $ID) { $SpecifyItemsPQ .= "`" . $resource[$ID] . "`,"; } $UserData = $GLOBALS['DATABASE']->getFirstRow("SELECT " . $SpecifyItemsPQ . " `username`, `authlevel`, `galaxy`, `system`, `planet`, `id_planet`, `darkmatter`, `authattack`, `authlevel` FROM " . USERS . " WHERE `id` = '" . $id . "';"); $ChangePW = $USER['id'] == ROOT_USER || $id != ROOT_USER && $USER['authlevel'] > $UserData['authlevel']; if ($action == 'send') { $SQL = "UPDATE " . USERS . " SET "; foreach ($DataIDs as $ID) { $SQL .= "`" . $resource[$ID] . "` = " . min(abs(HTTP::_GP($resource[$ID], 0)), 255) . ", "; } $SQL .= "`darkmatter` = '" . max(HTTP::_GP('darkmatter', 0), 0) . "', "; if (!empty($_POST['password']) && $ChangePW) { $SQL .= "`password` = '" . cryptPassword(HTTP::_GP('password', '', true)) . "', "; } $SQL .= "`username` = '" . $GLOBALS['DATABASE']->sql_escape(HTTP::_GP('name', '', UTF8_SUPPORT)) . "', "; $SQL .= "`authattack` = '" . ($UserData['authlevel'] != AUTH_USR && HTTP::_GP('authattack', '') == 'on' ? $UserData['authlevel'] : 0) . "' "; $SQL .= "WHERE `id` = '" . $id . "' AND `universe` = '" . $_SESSION['adminuni'] . "';"; $GLOBALS['DATABASE']->query($SQL); $old = array(); $new = array(); $multi = HTTP::_GP('multi', 0); foreach ($DataIDs as $IDs) { $old[$IDs] = $UserData[$resource[$IDs]]; $new[$IDs] = abs(HTTP::_GP($resource[$IDs], 0)); } $old[921] = $UserData[$resource[921]]; $new[921] = abs(HTTP::_GP($resource[921], 0)); $old['username'] = $UserData['username']; $new['username'] = $GLOBALS['DATABASE']->sql_escape(HTTP::_GP('name', '', UTF8_SUPPORT)); $old['authattack'] = $UserData['authattack']; $new['authattack'] = $UserData['authlevel'] != AUTH_USR && HTTP::_GP('authattack', '') == 'on' ? $UserData['authlevel'] : 0; $old['multi'] = $GLOBALS['DATABASE']->getFirstCell("SELECT COUNT(*) FROM " . MULTI . " WHERE userID = " . $id . ";"); $new['authattack'] = $multi; if ($old['multi'] != $multi) { if ($multi == 0) { $GLOBALS['DATABASE']->query("DELETE FROM " . MULTI . " WHERE userID = " . (int) $id . ";"); } elseif ($multi == 1) { $GLOBALS['DATABASE']->query("INSERT INTO " . MULTI . " SET userID = " . (int) $id . ";"); } } $LOG = new Log(1); $LOG->target = $id; $LOG->old = $old; $LOG->new = $new; $LOG->save(); exit(sprintf($LNG['qe_edit_player_sucess'], $UserData['username'], $id)); } $PlanetInfo = $GLOBALS['DATABASE']->getFirstRow("SELECT `name` FROM " . PLANETS . " WHERE `id` = '" . $UserData['id_planet'] . "' AND `universe` = '" . $_SESSION['adminuni'] . "';"); $tech = array(); $officier = array(); foreach ($reslist['tech'] as $ID) { $tech[] = array('type' => $resource[$ID], 'name' => $LNG['tech'][$ID], 'count' => pretty_number($UserData[$resource[$ID]]), 'input' => $UserData[$resource[$ID]]); } foreach ($reslist['officier'] as $ID) { $officier[] = array('type' => $resource[$ID], 'name' => $LNG['tech'][$ID], 'count' => pretty_number($UserData[$resource[$ID]]), 'input' => $UserData[$resource[$ID]]); } $template = new template(); $template->assign_vars(array('tech' => $tech, 'officier' => $officier, 'id' => $id, 'planetid' => $UserData['id_planet'], 'planetname' => $PlanetInfo['name'], 'name' => $UserData['username'], 'galaxy' => $UserData['galaxy'], 'system' => $UserData['system'], 'planet' => $UserData['planet'], 'authlevel' => $UserData['authlevel'], 'authattack' => $UserData['authattack'], 'multi' => $GLOBALS['DATABASE']->getFirstCell("SELECT COUNT(*) FROM " . MULTI . " WHERE userID = " . $id . ";"), 'ChangePW' => $ChangePW, 'darkmatter' => floattostring($UserData['darkmatter']), 'darkmatter_c' => pretty_number($UserData['darkmatter']))); $template->show('QuickEditorUser.tpl'); break; } }
function delete() { global $LNG, $PLANET, $USER; $password = HTTP::_GP('password', '', true); if (!empty($password)) { $IfFleets = $GLOBALS['DATABASE']->getFirstCell("SELECT COUNT(*) FROM " . FLEETS . " WHERE \n\t\t\t(\n\t\t\t\tfleet_owner = '" . $USER['id'] . "'\n\t\t\t\tAND (\n\t\t\t\t\t\tfleet_start_id = " . $PLANET['id'] . " OR fleet_start_id = " . $PLANET['id_luna'] . "\n\t\t\t\t)\n\t\t\t) OR (\n\t\t\t\tfleet_target_owner = '" . $USER['id'] . "' \n\t\t\t\tAND (\n\t\t\t\t\t\tfleet_end_id = '" . $PLANET['id'] . "' OR fleet_end_id = " . $PLANET['id_luna'] . "\n\t\t\t\t)\n\t\t\t);"); if ($IfFleets > 0) { $this->sendJSON(array('message' => $LNG['ov_abandon_planet_not_possible'])); } elseif ($USER['id_planet'] == $PLANET['id']) { $this->sendJSON(array('message' => $LNG['ov_principal_planet_cant_abanone'])); } elseif (cryptPassword($password) != $USER['password']) { $this->sendJSON(array('message' => $LNG['ov_wrong_pass'])); } else { if ($PLANET['planet_type'] == 1) { $GLOBALS['DATABASE']->multi_query("DELETE FROM " . PLANETS . " WHERE id = " . $PLANET['id_luna'] . ";DELETE FROM " . PLANETS . " WHERE id = " . $PLANET['id'] . ";"); } else { $GLOBALS['DATABASE']->multi_query("UPDATE " . PLANETS . " SET id_luna = '0' WHERE id_luna = " . $PLANET['id'] . ";DELETE FROM " . PLANETS . " WHERE id = " . $PLANET['id'] . ";"); } $_SESSION['planet'] = $USER['id_planet']; $this->sendJSON(array('ok' => true, 'message' => $LNG['ov_planet_abandoned'])); } } }
<?php include_once 'auth.php'; /* ini_set('display_errors',1); ini_set('display_startup_errors',1); error_reporting(-1); print_r($_POST); */ $isInStep2 = false; if (isset($_POST['submit'])) { // crypt sitepassword $options = ['cost' => 11, 'salt' => uniqid(mt_rand(), true)]; $cryptPassword = cryptPassword($_POST['sitepassword'], $options); // Save config file $config = array('login' => array('password' => $cryptPassword, 'options' => $options), 'upload' => array('folder' => $_POST['uploadFolder'])); file_put_contents('config.php', '<?php $config = ' . var_export($config, true) . ';'); // Create upload folder mkdir($_POST['uploadFolder'], 0777, true); // Remove this file unlink('install.php'); $isInStep2 = true; } include_once 'pageHeader.php'; if (!$isInStep2) { ?> <form method="post" action="install.php" autocomplete="off"> <h2>Zugang zur Webseite</h2> <div class="form-group">
function checkPassword($password) { global $config; $options = $config['login']['options']; return cryptPassword($password, $options) == $config['login']['password']; }
function editUser($user_id, $data) { global $_db; /* edit user */ $query = "UPDATE users SET `name` = '" . $data['name'] . "', surname='" . $data['surname'] . "', \r\n\t\t\temail='" . $data['email'] . "', password='******'password']) . "', phone='" . $data['phone'] . "' \r\n\t\t\tWHERE `id` = '" . $user_id . "'"; $report_add_result = $_db->query($query); if (!$report_add_result) { die('Veritabani hatasi: ' . $_db->error); } return $user_id; }
$form = formSendEmailChangePasswordBS(); } break; case "send-email-change-password": sendChangePasswordEmail($nickname, $firstname, $email); $form = formChangePasswordChangedBS(); break; case "confirm-change-password-with-old-password": $link = linkDatabase() or die(_("Connection error!")); $qry = get_user_by_email($link, $email); $user = mysql_fetch_assoc($qry); $nickname_db = $user["nickname"]; $firstname_db = $user["firstname"]; $email_db = $user["email"]; $password_db = $user["password"]; $password_crypt = cryptPassword($nickname_db, $password); $password_new = $_REQUEST["password1"]; $password_new2 = $_REQUEST["password2"]; $error = false; if ($password_crypt !== $password_db) { $error = true; $error_msg = _("Wrong password"); } else { if ($password_new !== $password_new2) { $error = true; $error_msg = _("Different new password and retype"); if ($error) { $form = formPasswordChangeErrorBS($error_msg); } } else { $form = formPasswordChangedBS();