public static function resourceLimiter($name, $seconds)
{
global $User;
/*
Disabled while fixing https://github.com/kestasjk/webDiplomacy/issues/159
At the time of writing (5 Aug 2015), no code that calls this function
needs users to be logged in, so disabling this seems safe.
if( !$User->type['User'] )
libHTML::notice(
l_t('Denied'),
l_t("Please <a href='register.php' class='light'>register</a> or ".
"<a href='logon.php' class='light'>log in</a> to %s.",l_t($name))
);
*/
if (!isset($_SESSION['resources'])) {
$_SESSION['resources'] = array();
}
if (isset($_SESSION['resources'][$name]) && time() - $_SESSION['resources'][$name] < $seconds) {
libHTML::notice(l_t('Denied'), l_t("One %s per %s seconds, please wait and try again.", $name, $seconds));
}
$_SESSION['resources'][$name] = time();
}
/**
* Log-on, create/update a session record, and take information for user access logging for meta-gamers
*/
function logon()
{
global $DB;
session_name('wD_Sess_User-' . $this->id);
/*if( $this->type['User'] )
session_cache_limiter('private_no_expire');
else
session_cache_limiter('public');*/
session_start();
// Non-users can't get banned
if ($this->type['Guest']) {
return;
}
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$userAgentHash = substr(md5($_SERVER['HTTP_USER_AGENT']), 0, 4);
} else {
$userAgentHash = '0000';
}
if (!isset($_COOKIE['wD_Code']) or intval($_COOKIE['wD_Code']) == 0 or intval($_COOKIE['wD_Code']) == 1) {
// Making this larger than 2^31 makes it negative..
$cookieCode = rand(2, 2000000000);
setcookie('wD_Code', $cookieCode, time() + 365 * 7 * 24 * 60 * 60);
} else {
$cookieCode = (int) $_COOKIE['wD_Code'];
}
if ($this->type['Banned']) {
libHTML::notice(l_t('Banned'), l_t('You have been banned from this server. If you think there has been a mistake contact the moderator team at %s , and if you still aren\'t satisfied contact the admin at %s (with details of what happened).', Config::$modEMail, Config::$adminEMail));
}
/*
$bans=array();
$tabl = $DB->sql_tabl("SELECT numberType, number, userID FROM wD_BannedNumbers
WHERE ( number = INET_ATON('".$_SERVER['REMOTE_ADDR']."') AND numberType='IP')
OR ( number = ".$cookieCode." AND numberType='CookieCode')
OR ( userID=".$this->id.")");
while(list($banType,$banNum)=$DB->tabl_row($tabl))
$bans[$banType]=$banNum;
if($this->type['Banned'])
{
//if( isset($bans['IP']) and $cookieCode!=$bans['CookieCode'] )
//setcookie('wD_Code', $bans['CookieCode'],time()+365*7*24*60*60);
if(!isset($bans['IP']) || ip2long($_SERVER['REMOTE_ADDR'])!=$bans['IP'])
self::banIP(ip2long($_SERVER['REMOTE_ADDR']), $this->id);
libHTML::notice('Banned', 'You have been banned from this server. If you think there has been
a mistake contact '.Config::$adminEMail.' .');
}
elseif( isset($bans['IP']) )
{
self::banUser($this->id,"You share an IP with a banned user account.", $_SERVER['REMOTE_ADDR']);
libHTML::notice('Banned', 'You have been banned from this server. If you think there has been
a mistake contact '.Config::$adminEMail.' .');
}*/
$DB->sql_put("INSERT INTO wD_Sessions (userID, lastRequest, hits, ip, userAgent, cookieCode)\r\n\t\t\t\t\tVALUES (" . $this->id . ",CURRENT_TIMESTAMP,1, INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "'),\r\n\t\t\t\t\t\t\tUNHEX('" . $userAgentHash . "'), " . $cookieCode . " )\r\n\t\t\t\t\tON DUPLICATE KEY UPDATE hits=hits+1");
$this->online = true;
}
$onlineUsers = array();
while (list($userID) = $DB->tabl_row($tabl)) {
$onlineUsers[] = $userID;
}
file_put_contents($onlineFile, 'onlineUsers=$A([' . implode(',', $onlineUsers) . ']);');
//- Update misc values (if running as admin/mod)
if (!$User->type['System'] || time() % (15 * 60) <= 5 * 60) {
print l_t('Updating Misc values') . '<br />';
miscUpdate::errorLog();
miscUpdate::forum();
miscUpdate::game();
miscUpdate::user();
}
//- Check last process time, pause processing/save current process time
if (time() - $Misc->LastProcessTime > Config::$downtimeTriggerMinutes * 60) {
libHTML::notice(l_t('Games not processing'), libHTML::admincp('resetLastProcessTime', null, l_t('Continue processing now')));
}
$Misc->LastProcessTime = time();
$Misc->write();
$startTime = time();
// Only do ~30 sec of processing per cycle
$tabl = $DB->sql_tabl("SELECT * FROM wD_Games\r\n\tWHERE processStatus='Not-processing' AND processTime <= " . time() . " AND NOT phase='Finished'");
while (time() - $startTime < 30 && ($gameRow = $DB->tabl_hash($tabl))) {
$Variant = libVariant::loadFromVariantID($gameRow['variantID']);
$Game = $Variant->Game($gameRow);
print '<a href="board.php?gameID=' . $Game->id . '">gameID=' . $Game->id . ': ' . $Game->name . '</a>: ';
try {
if ($Game->processStatus != 'Crashed' && $Game->attempts > count($Game->Members->ByID) * 2) {
$Game = $Variant->processGame($Game->id);
$Game->crashed();
$DB->sql_put("COMMIT");
} elseif (isset($_SESSION['viewthread'])) {
$viewthread = $_SESSION['viewthread'];
}
if (!$viewthread) {
$viewthread = false;
}
$forumPager = new PagerForum($Misc->ForumThreads);
//$pageCount = $currentPage = ceil(($Misc->ForumThreads+1)/$forumPager->pageCount);
if (!isset($_SESSION['lastSeenForum']) || $_SESSION['lastSeenForum'] < $User->timeLastSessionEnded) {
$_SESSION['lastSeenForum'] = $User->timeLastSessionEnded;
}
if (!isset($_REQUEST['page']) && isset($_REQUEST['viewthread']) && $viewthread) {
unset($orderIndex);
list($orderIndex) = $DB->sql_row("SELECT b.latestReplySent FROM wD_ForumMessages b WHERE b.id = " . $viewthread);
if (!isset($orderIndex) || !$orderIndex) {
libHTML::notice(l_t('Thread not found'), l_t("The thread you requested wasn't found."));
}
list($position) = $DB->sql_row("SELECT COUNT(*)-1 FROM wD_ForumMessages a WHERE a.latestReplySent >= " . $orderIndex . " AND a.type='ThreadStart'");
$forumPager->currentPage = $forumPager->pageCount - floor($position / PagerForum::$defaultPostsPerPage);
}
if (!isset($_REQUEST['newmessage'])) {
$_REQUEST['newmessage'] = '';
}
if (!isset($_REQUEST['newsubject'])) {
$_REQUEST['newsubject'] = '';
}
$new = array('message' => "", 'subject' => "", 'id' => -1);
if (isset($_REQUEST['newmessage']) and $User->type['User'] and $_REQUEST['newmessage'] != "") {
// We're being asked to send a message.
$new['message'] = $DB->msg_escape($_REQUEST['newmessage']);
if (isset($_REQUEST['newsubject'])) {
$types[] = $type;
}
}
$types = implode(',', $types);
$DB->sql_put("UPDATE wD_Users SET type = '" . $types . "' WHERE id = " . $User->id);
$User->type['Donator'] = false;
libHTML::notice(l_t("Opt-out"), l_t("You've decided to re-add the Plura applet, thanks! By running the Plura applet you " . "help keep this server running."));
}
}
if (isset($_REQUEST['emailToken'])) {
if (!($email = libAuth::emailToken_email($_REQUEST['emailToken']))) {
libHTML::notice(l_t("E-mail change validation"), l_t("A bad e-mail token was given, please check the validation link try again"));
}
$email = $DB->escape($email);
if (User::findEmail($email)) {
libHTML::notice(l_t("E-mail change validation"), l_t("The given e-mail address is already in use, please use a unique e-mail address"));
}
$DB->sql_put("UPDATE wD_Users SET email='" . $email . "' WHERE id = " . $User->id);
$User->email = $email;
print '<div class="content"><p class="notice">' . l_t('Your e-mail address has been succesfully changed') . '</p></div>';
}
if (isset($_REQUEST['userForm'])) {
$formOutput = '';
try {
$errors = array();
$SQLVars = User::processForm($_REQUEST['userForm'], $errors);
if (count($errors)) {
throw new Exception(implode('. ', $errors));
}
unset($errors);
$allowed = array('E-mail' => 'email', 'E-mail hiding' => 'hideEmail', 'Homepage' => 'homepage', 'Comment' => 'comment');
if (!$fb_user) {
if (!isset($_REQUEST['wD_FB_AuthNow'])) {
libHTML::notice(l_t('Not authorized'), l_t('To play in webDiplomacy games you need to authorize this application, so that ' . 'it can send you notifications informing you when a game you\'re playing in needs your attention. ' . 'Please <a href="index.php?wD_FB_AuthNow=on">authorize this application</a> to continue.'));
} else {
$fb_user = $facebook->require_login();
}
}
}
require_once l_r('lib/auth.php');
if (!defined('AJAX')) {
if (isset($_REQUEST['logoff'])) {
$success = libAuth::keyWipe();
$User = new User(GUESTID);
// Give him a guest $User
header('refresh: 4; url=logon.php?noRefresh=on');
libHTML::notice(l_t("Logged out"), l_t("You have been logged out, and are being redirected to the logon page."));
}
global $User;
$User = libAuth::auth();
if ($User->type['Admin']) {
Config::$debug = true;
if (isset($_REQUEST['auid']) || isset($_SESSION['auid'])) {
$User = libAuth::adminUserSwitch($User);
} else {
define('AdminUserSwitch', $User->id);
}
} elseif ($Misc->Maintenance) {
unset($DB);
// This lets libHTML know there's a problem
libHTML::error(Config::$serverMessages['Maintenance']);
}
die;
}
if ($User->type['Admin'] && isset($_REQUEST['viewErrorLog'])) {
$log = (int) $_REQUEST['viewErrorLog'];
if (!($data = file_get_contents(Config::errorlogDirectory() . '/' . $log . '.txt'))) {
trigger_error(l_t("Couldn't open file %s.txt", $log));
}
header('Content-type:text/plain');
print $data;
die;
}
if ($User->type['Admin'] && isset($_REQUEST['systemTask'])) {
if ($Misc->Maintenance == 0) {
$Misc->Maintenance = 1;
$Misc->write();
libHTML::notice(l_t('Wait'), l_t("Make sure you're in maintenance-mode and no-one " . "else is using the system before running a system-task!") . "<br /> " . l_t("Maintenance mode has been set, please wait 3 mins to make sure all " . "other users are done, then click " . "<a href='admincp.php?systemTask=%s'>here</a> to " . "run the system-task safely.", $_REQUEST['systemTask']) . "<br /><br /> " . l_t("Once it has run successfully, maintenance-mode can be disabled."));
} else {
ini_set('memory_limit', "32M");
// 8M is the default
ini_set('max_execution_time', '120');
switch ($_REQUEST['systemTask']) {
case 'defragTables':
require_once l_r('admin/systemTasks/defragTables.php');
die;
case 'resetCountryIDBalancer':
require_once l_r('admin/systemTasks/resetCountryIDBalancer.php');
die;
}
}
}
libHTML::starthtml();
static function checkDeleteNote()
{
global $User, $DB;
if (!$User->type['Moderator'] || !isset($_REQUEST['modNoteDelete'])) {
return;
}
$params = explode('_', $_REQUEST['modNoteDelete']);
if (count($params) != 3 || $params[0] != 'User' && $params[0] != 'Game') {
throw new Exception("Invalid mod-note deletion command given");
}
list($linkIDType, $linkID, $timeSent) = $params;
$linkID = (int) $linkID;
$timeSent = (int) $timeSent;
$DB->sql_put("DELETE FROM wD_ModeratorNotes WHERE linkIDType='" . $linkIDType . "' AND linkID=" . $linkID . " AND timeSent=" . $timeSent);
libHTML::notice('Deleted', 'Moderator note successfully deleted.');
}
/**
* Redirect to a game after joining it. Script ends here.
*/
function joinedRedirect()
{
// We have successfully joined, now give a message to tell the user so
header('refresh: 4; url=board.php?gameID=' . $this->Game->id);
$message = '<p class="notice">' . l_t('You are being redirected to %s. Good luck!', '<a href="board.php?gameID=' . $this->Game->id . '">' . $this->Game->name . '</a>') . '</p>';
libHTML::notice(l_t("Joined %s", $this->Game->name), $message);
}
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with webDiplomacy. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @package Base
* @subpackage Forms
*/
require_once 'header.php';
if ($Misc->Panic) {
libHTML::notice(l_t('Game creation disabled'), l_t("Game creation has been temporarily disabled while we take care of an " . "unexpected problem. Please try again later, sorry for the inconvenience."));
}
if (!$User->type['User']) {
libHTML::notice(l_t('Not logged on'), l_t("Only a logged on user can create games, guests can't. " . "Please <a href='logon.php' class='light'>log on</a> to create your own games."));
}
libHTML::starthtml();
//print '<div class="content">';
if (isset($_REQUEST['newGame']) and is_array($_REQUEST['newGame'])) {
try {
$form = $_REQUEST['newGame'];
// This makes $form look harmless when it is unsanitized; the parameters must all be sanitized
$input = array();
$required = array('variantID', 'name', 'password', 'passwordcheck', 'bet', 'potType', 'phaseMinutes', 'joinPeriod', 'anon', 'pressType', 'missingPlayerPolicy', 'drawType', 'minimumReliabilityRating');
if (!isset($form['missingPlayerPolicy'])) {
$form['missingPlayerPolicy'] = 'Normal';
}
foreach ($required as $requiredName) {
if (isset($form[$requiredName])) {
$input[$requiredName] = $form[$requiredName];
} else {
if ($Game->needsProcess()) {
$DB->sql_put("UPDATE wD_Games SET attempts=attempts+1 WHERE id=" . $Game->id);
$DB->sql_put("COMMIT");
require_once l_r('gamemaster/game.php');
$Game = $Game->Variant->processGame($Game->id);
if ($Game->needsProcess()) {
try {
$Game->process();
$DB->sql_put("UPDATE wD_Games SET attempts=0 WHERE id=" . $Game->id);
$DB->sql_put("COMMIT");
} catch (Exception $e) {
if ($e->getMessage() == "Abandoned" || $e->getMessage() == "Cancelled") {
assert('$Game->phase=="Pre-game" || $e->getMessage() == "Cancelled"');
$DB->sql_put("COMMIT");
libHTML::notice(l_t('Cancelled'), l_t("Game was cancelled or didn't have enough players to start."));
} else {
$DB->sql_put("ROLLBACK");
}
throw $e;
}
}
}
}
}
if ($Game instanceof processGame) {
$Game = $Game->Variant->panelGameBoard($Game->id);
$Game->Members->makeUserMember($User->id);
$Member = $Game->Members->ByUserID[$User->id];
}
if ('Pre-game' != $Game->phase && $Game->phase != 'Finished') {
$Misc->Maintenance = 1;
$Misc->write();
libHTML::error('Cannot update unless in maintenance mode; maintenance mode set, wait a minute for clients to
finish and run again.');
}
ini_set('memory_limit',"20M"); // 8M is the default
ini_set('max_execution_time','120');
$DB->get_lock('install',0); // Make sure only one person performs the update
$Misc->read(); // Check we haven't updated while waiting for the lock
if( $Misc->Version == VERSION )
libHTML::notice('Complete','Update complete');
*/
if ($Misc->Version == 98 || $Misc->Version == 99) {
$Misc->Version = 100;
$Misc->write();
libHTML::notice('Updated', 'Updated version number, please refresh.');
} elseif ($Misc->Version == 104 || $Misc->Version == 130) {
$Misc->Version = 131;
$Misc->write();
libHTML::notice('Updated', 'Updated version number, please refresh.');
} else {
unset($DB);
// Prevent libHTML from trying to do anything fancy if the database is out of sync with the code
libHTML::error("Database version " . $Misc->Version / 100 . " and code\r\n\t\t\tversion " . VERSION / 100 . " don't match, and no\r\n\t\t\tauto-update script is available for this version.\r\n\t\t\tPlease wait while the admin runs update.sql");
}
print '</div>';
libHTML::footer();
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with webDiplomacy. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @package Base
* @subpackage Forms
*/
require_once 'header.php';
require_once l_r('objects/mailer.php');
global $Mailer;
$Mailer = new Mailer();
if ($Misc->Panic) {
libHTML::notice(l_t('Registration disabled'), l_t("Registration has been temporarily disabled while we take care of an " . "unexpected problem. Please try again later, sorry for the inconvenience."));
}
// The user must be guest to register a new account
if ($User->type['User']) {
libHTML::error(l_t("You're attempting to create a " . "new user account when you already have one. Please use " . "your existing user account."));
}
libHTML::starthtml();
$page = 'firstValidationForm';
if (isset($_COOKIE['imageToken']) && isset($_REQUEST['imageText']) && isset($_REQUEST['emailValidate'])) {
try {
// Validate and send e-mail
$imageToken = explode('|', $_COOKIE['imageToken'], 2);
if (count($imageToken) != 2) {
throw new Exception(l_t("A bad anti-script code was given, please try again"));
}
list($Hash, $Time) = $imageToken;
/**
* Return a Variant object given its short name (the preferred/quickest way)
* @param string $variantName
* @return Variant
*/
public static function loadFromVariantName($variantName)
{
global $DB, $Misc;
if (!isset(self::$Variants[$variantName])) {
$variantCache = self::cacheDir($variantName) . '/data.php';
if (!file_exists($variantCache)) {
self::installLock();
if (file_exists($variantCache)) {
libHTML::notice(l_t("Installed variant"), l_t("Variant '%s' installed, please refresh.", $variantName));
}
$classname = $variantName . 'Variant';
$Variant = new $classname();
// variants/variant.php __autoload() will find the class for this
// The object will have loaded all the cacheable data and be ready to be saved for next time
file_put_contents($variantCache, serialize($Variant));
} else {
// This variant is saved, and doesn't need to waste database queries retreiving this data again
$variantData = file_get_contents($variantCache);
$Variant = unserialize($variantData);
if (isset($Variant->codeVersion) && $Variant->codeVersion != null && $Variant->codeVersion != 0) {
// Cache version checking is enabled
if (!isset($Variant->cacheVersion) || $Variant->cacheVersion == null || $Variant->cacheVersion < $Variant->codeVersion || !$Variant->cacheVersion) {
// An old cache version has been loaded; wipe this variant's cache and try again.
self::wipe($variantName);
$Variant = self::loadFromVariantName($variantName);
}
}
}
self::$Variants[$variantName] = $Variant;
}
return self::$Variants[$variantName];
}
