function msgUserLink($aRequest) { $Out = Out::getInstance(); if (validAdmin()) { $UserInfo = tryGetUserLink($aRequest['userId']); if ($UserInfo != null) { $Out->pushValue('syncActive', !defined('ALLOW_GROUP_SYNC') || ALLOW_GROUP_SYNC); $Out->pushValue('userid', $aRequest['userId']); $Out->pushValue('binding', $UserInfo->BindingName); $Out->pushValue('group', $UserInfo->Group); } } else { $Out->pushError(L('AccessDenied')); } }
function msgQueryUser($aRequest) { $Out = Out::getInstance(); if (registeredUser()) { $CurrentUser = UserProxy::getInstance(); $CharacterIds = array(); $CharacterGames = array(); $CharacterNames = array(); $CharacterClasses = array(); $CharacterRoles1 = array(); $CharacterRoles2 = array(); $Settings = array(); foreach ($CurrentUser->Characters as $Character) { array_push($CharacterIds, $Character->CharacterId); array_push($CharacterGames, $Character->Game); array_push($CharacterNames, $Character->Name); array_push($CharacterClasses, explode(':', $Character->ClassName)); array_push($CharacterRoles1, $Character->Role1); array_push($CharacterRoles2, $Character->Role2); } $Out->pushValue('registeredUser', true); $Out->pushValue('id', $CurrentUser->UserId); $Out->pushValue('name', $CurrentUser->UserName); $Out->pushValue('characterIds', $CharacterIds); $Out->pushValue('characterGames', $CharacterGames); $Out->pushValue('characterNames', $CharacterNames); $Out->pushValue('characterClass', $CharacterClasses); $Out->pushValue('role1', $CharacterRoles1); $Out->pushValue('role2', $CharacterRoles2); $Out->pushValue('validUser', validUser()); $Out->pushValue('isRaidlead', validRaidlead()); $Out->pushValue('isAdmin', validAdmin()); $Out->pushValue('settings', $CurrentUser->Settings); $Session = Session::get(); if (isset($Session['Calendar'])) { $Out->pushValue('calendar', $Session['Calendar']); } else { $Out->pushValue('calendar', null); } } else { $Out->pushValue('registeredUser', false); } }
function msgQueryProfile($aRequest) { if (validUser()) { global $gGame; loadGameSettings(); $Out = Out::getInstance(); $UserId = UserProxy::getInstance()->UserId; if (validAdmin() && isset($aRequest['userId']) && $aRequest['userId'] != 0) { $UserId = intval($aRequest['userId']); } $Connector = Connector::getInstance(); $Out->pushValue('show', $aRequest['showPanel']); // Admintool relevant data $Users = $Connector->prepare('SELECT Login, UNIX_TIMESTAMP(Created) AS CreatedUTC, ExternalBinding, BindingActive FROM `' . RP_TABLE_PREFIX . 'User` WHERE UserId = :UserId LIMIT 1'); $Users->bindValue(':UserId', $UserId, PDO::PARAM_INT); $Data = $Users->fetchFirst(); if ($Data != null) { $Out->pushValue('userid', $UserId); $Out->pushValue('name', $Data['Login']); $Out->pushValue('bindingActive', $Data['BindingActive'] == 'true'); $Out->pushValue('binding', $Data['ExternalBinding']); $CreatedUTC = $Data['CreatedUTC']; } // Load settings $SettingsQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'UserSetting` WHERE UserId = :UserId'); $SettingsQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $UserSettings = array(); $SettingsQuery->loop(function ($Data) use(&$UserSettings) { $UserSettings[$Data['Name']] = array('number' => $Data['IntValue'], 'text' => $Data['TextValue']); }); $Out->pushValue('settings', $UserSettings); // Load characters $Characters = array(); if ($UserId == UserProxy::getInstance()->UserId) { foreach (UserProxy::getInstance()->Characters as $Data) { if ($Data->Game == $gGame['GameId']) { $Character = array('id' => $Data->CharacterId, 'name' => $Data->Name, 'classname' => explode(':', $Data->ClassName), 'mainchar' => $Data->IsMainChar, 'role1' => $Data->Role1, 'role2' => $Data->Role2); array_push($Characters, $Character); } } } else { $CharacterQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'Character` ' . 'WHERE UserId = :UserId AND Game = :Game ' . 'ORDER BY Mainchar, Name'); $CharacterQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $CharacterQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR); $CharacterQuery->loop(function ($Row) use(&$Characters) { $Character = array('id' => $Row['CharacterId'], 'name' => $Row['Name'], 'classname' => explode(':', $Row['Class']), 'mainchar' => $Row['Mainchar'] == 'true', 'role1' => $Row['Role1'], 'role2' => $Row['Role2']); array_push($Characters, $Character); }); } $Out->pushValue('character', $Characters); // Total raid count $NumRaids = 0; $RaidsQuery = $Connector->prepare('SELECT COUNT(RaidId) AS `NumberOfRaids` FROM `' . RP_TABLE_PREFIX . 'Raid` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'WHERE Start > FROM_UNIXTIME(:Created) AND Start < FROM_UNIXTIME(:Now) AND Game = :Game'); $RaidsQuery->bindValue(':Now', time(), PDO::PARAM_INT); $RaidsQuery->bindValue(':Created', $CreatedUTC, PDO::PARAM_STR); $RaidsQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR); $Data = $RaidsQuery->fetchFirst(); if ($Data != null) { $NumRaids = $Data['NumberOfRaids']; } // Load attendance $AttendanceQuery = $Connector->prepare('Select `Status`, `Role`, COUNT(RaidId) AS `Count` ' . 'FROM `' . RP_TABLE_PREFIX . 'Attendance` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Raid` USING(RaidId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'WHERE UserId = :UserId AND Start > FROM_UNIXTIME(:Created) AND Start < FROM_UNIXTIME(:Now) AND Game = :Game ' . 'GROUP BY `Status`, `Role` ORDER BY Status'); $AttendanceQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $AttendanceQuery->bindValue(':Created', $CreatedUTC, PDO::PARAM_INT); $AttendanceQuery->bindValue(':Now', time(), PDO::PARAM_INT); $AttendanceQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR); $AttendanceData = array('raids' => $NumRaids, 'available' => 0, 'unavailable' => 0, 'ok' => 0, 'roles' => array()); // Pull data $AttendanceQuery->loop(function ($Data) use(&$AttendanceData) { if ($Data['Status'] != 'undecided') { $AttendanceData[$Data['Status']] += $Data['Count']; } if ($Data['Status'] == 'ok') { $RoleId = $Data['Role']; if (isset($AttendanceData['roles'][$RoleId])) { $AttendanceData['roles'][$RoleId] += $Data['Count']; } else { $AttendanceData['roles'][$RoleId] = $Data['Count']; } } }); $Out->pushValue('attendance', $AttendanceData); } else { $Out = Out::getInstance(); $Out->pushError(L('AccessDenied')); } }
function msgQuerySettings($aRequest) { if (validAdmin()) { global $gGame; loadGameSettings(); $Out = Out::getInstance(); $Connector = Connector::getInstance(); // Pass through parameter $Out->pushValue('show', $aRequest['showPanel']); $Out->pushValue('syncActive', !defined('ALLOW_GROUP_SYNC') || ALLOW_GROUP_SYNC); // Load users $UserQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'User` ORDER BY Login, `Group`'); $Users = array(); $UserQuery->loop(function ($Data) use(&$Users) { $UserData = array('id' => $Data['UserId'], 'login' => xmlentities($Data['Login'], ENT_COMPAT, 'UTF-8'), 'bindingActive' => $Data['BindingActive'], 'binding' => $Data['ExternalBinding'], 'group' => $Data['Group']); array_push($Users, $UserData); }); $Out->pushValue('user', $Users); // Load settings $Settings = Settings::getInstance(); $SettingsJS = array(); Api::getPrivateToken(); foreach ($Settings->getProperties() as $Name => $Data) { array_push($SettingsJS, array('name' => $Name, 'intValue' => isset($Data['IntValue']) ? $Data['IntValue'] : 0, 'textValue' => isset($Data['TextValue']) ? $Data['TextValue'] : '')); } $Out->pushValue('setting', $SettingsJS); // Load games $GameFiles = scandir('../themes/games'); $Games = array(); foreach ($GameFiles as $GameFileName) { try { if (substr($GameFileName, -4) === '.xml') { $Game = @new SimpleXMLElement(file_get_contents('../themes/games/' . $GameFileName)); $SimpleGameFileName = substr($GameFileName, 0, strrpos($GameFileName, '.')); if ($Game->name != '') { $GameName = strval($Game->name); } else { $GameName = str_replace('_', ' ', $SimpleGameFileName); } $Groups = array(); foreach ($Game->groups->group as $Group) { array_push($Groups, intval($Group['count'])); } array_push($Games, array('name' => $GameName, 'family' => strval($Game->family), 'file' => $SimpleGameFileName, 'groups' => $Groups)); } } catch (Exception $e) { $Out->pushError('Error parsing gameconfig ' . $GameFileName . ': ' . $e->getMessage()); } } $Out->pushValue('game', $Games); // Load themes $ThemeFiles = scandir('../themes/themes'); $Themes = array(); foreach ($ThemeFiles as $ThemeFileName) { try { if (substr($ThemeFileName, -4) === '.xml') { $Theme = @new SimpleXMLElement(file_get_contents('../themes/themes/' . $ThemeFileName)); $SimpleThemeFileName = substr($ThemeFileName, 0, strrpos($ThemeFileName, '.')); $Family = isset($Theme->family) ? explode(',', strtolower($Theme->family)) : 'wow'; if ($Theme->name != '') { $ThemeName = strval($Theme->name); } else { $ThemeName = str_replace('_', ' ', $SimpleThemeFileName); } array_push($Themes, array('name' => $ThemeName, 'family' => $Family, 'file' => $SimpleThemeFileName)); } } catch (Exception $e) { $Out->pushError('Error parsing themefile ' . $ThemeFileName . ': ' . $e->getMessage()); } } $Out->pushValue('theme', $Themes); // Query attendance $AttendanceString = 'SELECT ' . '`' . RP_TABLE_PREFIX . 'User`.UserId, ' . '`' . RP_TABLE_PREFIX . 'Character`.Name, ' . '`' . RP_TABLE_PREFIX . 'Attendance`.`Status`, ' . 'UNIX_TIMESTAMP(`' . RP_TABLE_PREFIX . 'User`.Created) AS CreatedUTC, ' . 'COUNT(`' . RP_TABLE_PREFIX . 'Raid`.RaidId) AS Count ' . 'FROM `' . RP_TABLE_PREFIX . 'User` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(UserId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Raid` USING(RaidId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Character` ON `' . RP_TABLE_PREFIX . 'User`.UserId = `' . RP_TABLE_PREFIX . 'Character`.UserId ' . 'WHERE `' . RP_TABLE_PREFIX . 'Character`.Mainchar = "true" ' . 'AND `' . RP_TABLE_PREFIX . 'Raid`.Start > `' . RP_TABLE_PREFIX . 'User`.Created ' . 'AND `' . RP_TABLE_PREFIX . 'Raid`.Start < FROM_UNIXTIME(:Now) ' . 'AND `' . RP_TABLE_PREFIX . 'Location`.Game = :Game ' . 'AND `' . RP_TABLE_PREFIX . 'Character`.Game = :Game ' . 'GROUP BY `' . RP_TABLE_PREFIX . 'User`.UserId, `Status`'; $Attendance = $Connector->prepare($AttendanceString); $Attendance->bindValue(':Now', time(), PDO::PARAM_INT); $Attendance->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR); $UserId = 0; $NumRaidsRemain = 0; $MainCharName = ''; $StateCounts = array('undecided' => 0, 'available' => 0, 'unavailable' => 0, 'ok' => 0); $Attendances = array(); $Attendance->loop(function ($Data) use(&$gGame, &$Connector, &$UserId, &$NumRaidsRemain, &$MainCharName, &$StateCounts, &$Attendances) { if ($UserId != $Data['UserId']) { if ($UserId > 0) { $AttendanceData = array('id' => $UserId, 'name' => $MainCharName, 'ok' => $StateCounts['ok'], 'available' => $StateCounts['available'], 'unavailable' => $StateCounts['unavailable'], 'undecided' => $StateCounts['undecided'] + $NumRaidsRemain); array_push($Attendances, $AttendanceData); } // Clear cache $StateCounts['ok'] = 0; $StateCounts['available'] = 0; $StateCounts['unavailable'] = 0; $StateCounts['undecided'] = 0; $NumRaidsRemain = 0; $UserId = $Data['UserId']; $MainCharName = $Data['Name']; // Fetch number of attendable raids $Raids = $Connector->prepare('SELECT COUNT(RaidId) AS `NumberOfRaids` ' . 'FROM `' . RP_TABLE_PREFIX . 'Raid` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'WHERE Start > FROM_UNIXTIME(:Created) ' . 'AND Start < FROM_UNIXTIME(:Now) ' . 'AND Game = :Game'); $Raids->bindValue(':Now', time(), PDO::PARAM_INT); $Raids->bindValue(':Created', $Data['CreatedUTC'], PDO::PARAM_INT); $Raids->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR); $RaidCountData = $Raids->fetchFirst(); $NumRaidsRemain = $RaidCountData == null ? 0 : $RaidCountData['NumberOfRaids']; } $StateCounts[$Data['Status']] += $Data['Count']; $NumRaidsRemain -= $Data['Count']; }); // Push last user if ($UserId != 0) { $AttendanceData = array('id' => $UserId, 'name' => $MainCharName, 'ok' => $StateCounts['ok'], 'available' => $StateCounts['available'], 'unavailable' => $StateCounts['unavailable'], 'undecided' => $StateCounts['undecided'] + $NumRaidsRemain); array_push($Attendances, $AttendanceData); } $Out->pushValue('attendance', $Attendances); // Locations msgQueryLocations($aRequest); } else { $Out = Out::getInstance(); $Out->pushError(L('AccessDenied')); } }
function msgSettingsupdate($aRequest) { if (validAdmin()) { $Connector = Connector::getInstance(); // Update settings $Settings = Settings::getInstance(); $Settings['PurgeRaids']['IntValue'] = $aRequest['purgeTime']; $Settings['LockRaids']['IntValue'] = $aRequest['lockTime']; $Settings['TimeFormat']['IntValue'] = $aRequest['timeFormat']; $Settings['StartOfWeek']['IntValue'] = $aRequest['startOfWeek']; $Settings['RaidStartHour']['IntValue'] = $aRequest['raidStartHour']; $Settings['RaidStartMinute']['IntValue'] = $aRequest['raidStartMinute']; $Settings['RaidEndHour']['IntValue'] = $aRequest['raidEndHour']; $Settings['RaidEndMinute']['IntValue'] = $aRequest['raidEndMinute']; $Settings['RaidSize']['IntValue'] = $aRequest['raidSize']; $Settings['RaidMode']['TextValue'] = $aRequest['raidMode']; $Settings['Site']['TextValue'] = $aRequest['site']; $Settings['Theme']['TextValue'] = $aRequest['theme']; $Settings['GameConfig']['TextValue'] = $aRequest['game']; $Settings['HelpPage']['TextValue'] = $aRequest['helpPage']; $Settings['PrimaryRole']['TextValue'] = $aRequest['primaryRole']; $Settings->serialize(); do { // Update locations $Connector->beginTransaction(); $ExistingLocations = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'Location`'); $CurrentValues = array(); $ExistingLocations->loop(function ($Data) use(&$CurrentValues) { $CurrentValues[$Data['LocationId']] = array('Name' => $Data['Name'], 'Image' => $Data['Image']); }); $QueryString = ''; $BindValues = array(); // Build location query if (isset($aRequest['locationIds'])) { for ($i = 0; $i < count($aRequest['locationIds']); ++$i) { $LocationId = intval($aRequest['locationIds'][$i]); $CurrentLocation = $CurrentValues[$LocationId]; $LocationName = requestToXML($aRequest['locationNames'][$i], ENT_COMPAT, 'UTF-8'); $LocationImage = isset($aRequest['locationImages']) && isset($aRequest['locationImages'][$i]) && $aRequest['locationImages'][$i] != 'undefined' ? $aRequest['locationImages'][$i] : $CurrentLocation['Image']; if ($LocationName != $CurrentLocation['Name'] || $LocationImage != $CurrentLocation['Image']) { array_push($BindValues, array(':Name' . $LocationId, $LocationName, PDO::PARAM_STR)); array_push($BindValues, array(':Image' . $LocationId, $LocationImage, PDO::PARAM_STR)); $QueryString .= 'UPDATE `' . RP_TABLE_PREFIX . 'Location` SET Name = :Name' . $LocationId . ', Image = :Image' . $LocationId . ' WHERE LocationId=' . $LocationId . '; '; } } } if (isset($aRequest['locationRemoved'])) { foreach ($aRequest['locationRemoved'] as $LocationId) { $QueryString .= 'DELETE `' . RP_TABLE_PREFIX . 'Location`, `' . RP_TABLE_PREFIX . 'Raid`, `' . RP_TABLE_PREFIX . 'Attendance` FROM `' . RP_TABLE_PREFIX . 'Location` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Raid` USING(LocationId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(RaidId) ' . ' WHERE LocationId=' . intval($LocationId) . '; '; } } if ($QueryString != '') { $LocationUpdate = $Connector->prepare($QueryString); foreach ($BindValues as $BindData) { $LocationUpdate->bindValue($BindData[0], $BindData[1], $BindData[2]); } if (!$LocationUpdate->execute()) { $Connector->rollBack(); return; // ### return, error ### } } // Update users and groups $BannedIds = isset($aRequest['banned']) ? $aRequest['banned'] : array(); $MemberIds = isset($aRequest['member']) ? $aRequest['member'] : array(); $RaidleadIds = isset($aRequest['raidlead']) ? $aRequest['raidlead'] : array(); $AdminIds = isset($aRequest['admin']) ? $aRequest['admin'] : array(); $RemovedIds = isset($aRequest['removed']) ? $aRequest['removed'] : array(); $UnlinkedIds = isset($aRequest['unlinked']) ? $aRequest['unlinked'] : array(); $RelinkedIds = isset($aRequest['relinked']) ? $aRequest['relinked'] : array(); if (!updateGroup($Connector, 'none', $BannedIds)) { return; } if (!updateGroup($Connector, 'member', $MemberIds)) { return; } if (!updateGroup($Connector, 'raidlead', $RaidleadIds)) { return; } if (!updateGroup($Connector, 'admin', $AdminIds)) { return; } // Update unlinked users foreach ($UnlinkedIds as $UserId) { $UnlinkUser = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'User` SET `BindingActive` = "false" WHERE UserId = :UserId LIMIT 1'); $UnlinkUser->bindValue(':UserId', $UserId, PDO::PARAM_INT); if (!$UnlinkUser->execute()) { $Connector->rollBack(); return; // ### return, error ### } } // Update relinked users foreach ($RelinkedIds as $UserId) { $UserInfo = tryGetUserLink($UserId); if ($UserInfo != null) { $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'User` SET ' . 'Password = :Password, Salt = :Salt, `Group` = :Group, ' . 'ExternalId = :ExternalId, ExternalBinding = :Binding, BindingActive = "true" ' . 'WHERE UserId = :UserId LIMIT 1'); $UpdateQuery->bindValue(':Password', $UserInfo->Password, PDO::PARAM_STR); $UpdateQuery->bindValue(':Group', $UserInfo->Group, PDO::PARAM_STR); $UpdateQuery->bindValue(':Salt', $UserInfo->Salt, PDO::PARAM_STR); $UpdateQuery->bindValue(':Binding', $UserInfo->BindingName, PDO::PARAM_STR); $UpdateQuery->bindValue(':ExternalId', $UserInfo->UserId, PDO::PARAM_STR); $UpdateQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT); if (!$UpdateQuery->execute()) { $Connector->rollBack(); return; // ### return, error ### } } } // Update removed users foreach ($RemovedIds as $UserId) { // remove characters and attendances $DropCharacter = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Character` WHERE UserId = :UserId LIMIT 1'); $DropAttendance = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Attendance` WHERE UserId = :UserId'); $DropCharacter->bindValue(':UserId', $UserId, PDO::PARAM_INT); $DropAttendance->bindValue(':UserId', $UserId, PDO::PARAM_INT); if (!$DropCharacter->execute()) { $Connector->rollBack(); return; // ### return, error ### } if (!$DropAttendance->execute()) { $Connector->rollBack(); return; // ### return, error ### } // remove user $DropUser = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'User` WHERE UserId = :UserId LIMIT 1'); $DropUser->bindValue(':UserId', $UserId, PDO::PARAM_INT); if (!$DropUser->execute()) { $Connector->rollBack(); return; // ### return, error ### } } } while (!$Connector->commit()); msgQuerySettings($aRequest); } else { $Out = Out::getInstance(); $Out->pushError(L('AccessDenied')); } }
public static function changePassword($aUserId, $aHashedPassword, $aSalt) { $IsCurrentUser = self::getInstance()->UserId == $aUserId; if (!$IsCurrentUser && !validAdmin()) { return false; } // ### return, security check failed ### // Change password to new values. // Only accounts with an inactive binding may be changed. $Connector = Connector::getInstance(); $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'User` SET ' . 'ExternalBinding = "none", Password = :Password, Salt = :Salt ' . 'WHERE UserId = :UserId AND (BindingActive="false" OR ExternalBinding="none") LIMIT 1'); $UpdateQuery->bindValue(':UserId', $aUserId, PDO::PARAM_INT); $UpdateQuery->bindValue(':Password', $aHashedPassword, PDO::PARAM_STR); $UpdateQuery->bindValue(':Salt', $aSalt, PDO::PARAM_STR); $UpdateQuery->execute(); return true; }
function msgProfileupdate($aRequest) { if (validUser()) { global $gGame; loadGameSettings(); $UserId = UserProxy::getInstance()->UserId; if (validAdmin() && isset($aRequest['userId']) && $aRequest['userId'] != 0) { $UserId = intval($aRequest['userId']); } $Connector = Connector::getInstance(); do { $Connector->beginTransaction(); // Update password if (isset($aRequest['newPass']) && $aRequest['oldPass'] != '') { if (UserProxy::getInstance()->validateCredentials($aRequest['oldPass'])) { // User authenticated with valid password // change the password of the given id. ChangePassword does a check // for validity (e.g. only admin may change other user's passwords) $Salt = UserProxy::generateKey32(); $HashedPassword = NativeBinding::nativeHash($aRequest['newPass'], $Salt, 'none'); if (!UserProxy::changePassword($UserId, $HashedPassword, $Salt)) { $Out = Out::getInstance(); $Out->pushError(L('PasswordLocked')); } } else { $Out = Out::getInstance(); $Out->pushError(L('WrongPassword')); } } // Update always log in if ($aRequest['autoAttend'] == 'true') { $ExistsRequest = $Connector->prepare('SELECT UserSettingId FROM `' . RP_TABLE_PREFIX . 'UserSetting` ' . 'WHERE UserId=:UserId and Name="AutoAttend" LIMIT 1'); $ExistsRequest->bindValue(':UserId', $UserId, PDO::PARAM_INT); if ($ExistsRequest->fetchFirst() == null) { $AttendRequest = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (UserId, Name) VALUES (:UserId, "AutoAttend")'); $AttendRequest->bindValue(':UserId', $UserId, PDO::PARAM_INT); $AttendRequest->execute(); } } else { $RemoveQuery = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'UserSetting` WHERE ' . 'UserId = :UserId AND (Name = "AutoAttend") LIMIT 1'); $RemoveQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $RemoveQuery->execute(); } // Update vacation settings $Ranges = getVacationData($aRequest); $VacationMessage = $aRequest['vacationMessage'] == null ? '' : requestToXML($aRequest['vacationMessage'], ENT_COMPAT, 'UTF-8'); // Revoke ranges that have been removed foreach ($Ranges['revoke'] as $RevokeRange) { $RevokeQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Raid` LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING (RaidId) ' . 'SET `' . RP_TABLE_PREFIX . 'Attendance`.Status = "undecided", Comment = "" ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND `' . RP_TABLE_PREFIX . 'Attendance`.Status = "unavailable" AND `' . RP_TABLE_PREFIX . 'Attendance`.UserId = :UserId'); $RevokeQuery->bindValue(':Start', max($RevokeRange[0], time()), PDO::PARAM_INT); $RevokeQuery->bindValue(':End', max($RevokeRange[1], time()), PDO::PARAM_INT); $RevokeQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $RevokeQuery->execute(); } // Update already affected ranges foreach ($Ranges['update'] as $UpdateRange) { $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Raid` LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(RaidId) ' . 'SET Comment = :Message ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND UserId = :UserId AND Status = "unavailable"'); $UpdateQuery->bindValue(':Start', $UpdateRange[0], PDO::PARAM_INT); $UpdateQuery->bindValue(':End', $UpdateRange[1], PDO::PARAM_INT); $UpdateQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $UpdateQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR); $UpdateQuery->execute(); } // Update/Insert new ranges foreach ($Ranges['new'] as $NewRange) { // Update all raids that already have an attendance record $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Raid` LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(RaidId) ' . 'SET Status = "unavailable", Comment = :Message ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND UserId = :UserId'); $UpdateQuery->bindValue(':Start', $NewRange[0], PDO::PARAM_INT); $UpdateQuery->bindValue(':End', $NewRange[1], PDO::PARAM_INT); $UpdateQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT); $UpdateQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR); $UpdateQuery->execute(); // Find all reaids the do not have an attendance record $AffectedQuery = $Connector->prepare('SELECT `' . RP_TABLE_PREFIX . 'Raid`.RaidId FROM `' . RP_TABLE_PREFIX . 'Raid` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` ON (`' . RP_TABLE_PREFIX . 'Raid`.RaidId = `' . RP_TABLE_PREFIX . 'Attendance`.RaidId ' . 'AND (`' . RP_TABLE_PREFIX . 'Attendance`.UserId = :UserId OR `' . RP_TABLE_PREFIX . 'Attendance`.UserId IS NULL)) ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND UserId IS NULL ' . 'GROUP BY RaidId'); $AffectedQuery->bindValue(':Start', $NewRange[0], PDO::PARAM_INT); $AffectedQuery->bindValue(':End', $NewRange[1], PDO::PARAM_INT); $AffectedQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT); $AffectedQuery->loop(function ($aRaid) use(&$Connector, $UserId, $VacationMessage) { // Set user to unavailable $InsertQuery = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'Attendance` ' . '(UserId, RaidId, Status, Comment) ' . 'VALUES (:UserId, :RaidId, "unavailable", :Message)'); $InsertQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT); $InsertQuery->bindValue(':RaidId', $aRaid['RaidId'], PDO::PARAM_INT); $InsertQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR); $InsertQuery->execute(); }); } // Update user settings if (count($Ranges['new']) == 0 && count($Ranges['update']) == 0) { if (count($Ranges['revoke']) > 0) { $RemoveQuery = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'UserSetting` WHERE ' . 'UserId = :UserId AND (Name = "VacationStart" OR Name = "VacationEnd" OR Name = "VacationMessage") LIMIT 3'); $RemoveQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $RemoveQuery->execute(); } } else { if ($Ranges['SettingsFound']) { $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'UserSetting` SET IntValue = :Start WHERE UserId = :UserId AND Name = "VacationStart" LIMIT 1;' . 'UPDATE `' . RP_TABLE_PREFIX . 'UserSetting` SET IntValue = :End WHERE UserId = :UserId AND Name = "VacationEnd" LIMIT 1;' . 'UPDATE `' . RP_TABLE_PREFIX . 'UserSetting` SET TextValue = :Message WHERE UserId = :UserId AND Name = "VacationMessage" LIMIT 1;'); $UpdateQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $UpdateQuery->bindValue(':Start', $aRequest['vacationStart'], PDO::PARAM_INT); $UpdateQuery->bindValue(':End', $aRequest['vacationEnd'], PDO::PARAM_INT); $UpdateQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR); $UpdateQuery->execute(); } else { $InsertQuery = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (IntValue, UserId, Name) VALUES (:Start, :UserId, "VacationStart");' . 'INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (IntValue, UserId, Name) VALUES (:End, :UserId, "VacationEnd");' . 'INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (TextValue, UserId, Name) VALUES (:Message, :UserId, "VacationMessage");'); $InsertQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $InsertQuery->bindValue(':Start', $aRequest['vacationStart'], PDO::PARAM_INT); $InsertQuery->bindValue(':End', $aRequest['vacationEnd'], PDO::PARAM_INT); $InsertQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR); $InsertQuery->execute(); } } // Update characters $CharacterQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'Character` WHERE UserId = :UserId AND Game = :Game ORDER BY Name'); $CharacterQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT); $CharacterQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR); $ValidCharacterIds = array(); $UpdatedCharacteIds = array(); $CharacterQuery->loop(function ($Data) use(&$ValidCharacterIds) { array_push($ValidCharacterIds, $Data['CharacterId']); }); $NumCharacters = isset($aRequest['charId']) && is_array($aRequest['charId']) ? count($aRequest['charId']) : 0; // Sanity check mainchar $FoundMainChar = false; for ($CharIndex = 0; $CharIndex < $NumCharacters; ++$CharIndex) { if ($aRequest['mainChar'][$CharIndex] == 'true') { if ($FoundMainChar) { $aRequest['mainChar'][$CharIndex] = 'false'; } else { $FoundMainChar = true; } } } if (!$FoundMainChar && $NumCharacters > 0) { $aRequest['mainChar'][0] = 'true'; } // Update/insert chars for ($CharIndex = 0; $CharIndex < $NumCharacters; ++$CharIndex) { $CharId = $aRequest['charId'][$CharIndex]; $ClassArray = $aRequest['charClass'][$CharIndex]; $Classes = count($ClassArray) == 1 ? $ClassArray[0] : implode(':', $ClassArray); if ($CharId == 0) { // Insert new character $InsertChar = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'Character` ' . '( UserId, Name, Game, Class, Mainchar, Role1, Role2 ) ' . 'VALUES ( :UserId, :Name, :Game, :Class, :Mainchar, :Role1, :Role2 )'); $InsertChar->bindValue(':UserId', $UserId, PDO::PARAM_INT); $InsertChar->bindValue(':Name', requestToXML($aRequest['name'][$CharIndex], ENT_COMPAT, 'UTF-8'), PDO::PARAM_STR); $InsertChar->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR); $InsertChar->bindValue(':Class', $Classes, PDO::PARAM_STR); $InsertChar->bindValue(':Mainchar', $aRequest['mainChar'][$CharIndex], PDO::PARAM_STR); $InsertChar->bindValue(':Role1', $aRequest['role1'][$CharIndex], PDO::PARAM_STR); $InsertChar->bindValue(':Role2', $aRequest['role2'][$CharIndex], PDO::PARAM_STR); if (!$InsertChar->execute()) { $Connector->rollBack(); return; } } else { if (in_array($CharId, $ValidCharacterIds)) { // Update character array_push($UpdatedCharacteIds, $CharId); $UpdateChar = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Character` ' . 'SET Class = :Class, Mainchar = :Mainchar, Role1 = :Role1, Role2 = :Role2 ' . 'WHERE CharacterId = :CharacterId AND UserId = :UserId'); $UpdateChar->bindValue(':UserId', $UserId, PDO::PARAM_INT); $UpdateChar->bindValue(':CharacterId', $CharId, PDO::PARAM_INT); $UpdateChar->bindValue(':Class', $Classes, PDO::PARAM_STR); $UpdateChar->bindValue(':Mainchar', $aRequest['mainChar'][$CharIndex], PDO::PARAM_STR); $UpdateChar->bindValue(':Role1', $aRequest['role1'][$CharIndex], PDO::PARAM_STR); $UpdateChar->bindValue(':Role2', $aRequest['role2'][$CharIndex], PDO::PARAM_STR); if (!$UpdateChar->execute()) { $Connector->rollBack(); return; } } } } $IdsToRemove = array_diff($ValidCharacterIds, $UpdatedCharacteIds); foreach ($IdsToRemove as $CharId) { // Remove character $DropChar = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Character` ' . 'WHERE CharacterId = :CharacterId AND UserId = :UserId'); $DropAttendance = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Attendance` ' . 'WHERE CharacterId = :CharacterId AND UserId = :UserId'); $DropChar->bindValue(':UserId', $UserId, PDO::PARAM_INT); $DropChar->bindValue(':CharacterId', $CharId, PDO::PARAM_INT); $DropAttendance->bindValue(':UserId', $UserId, PDO::PARAM_INT); $DropAttendance->bindValue(':CharacterId', $CharId, PDO::PARAM_INT); if (!$DropChar->execute()) { $Connector->rollBack(); return; } if (!$DropAttendance->execute()) { $Connector->rollBack(); return; } } } while (!$Connector->commit()); UserProxy::getInstance()->updateCharacters(); msgQueryProfile($aRequest); } else { $Out = Out::getInstance(); $Out->pushError(L('AccessDenied')); } }