static function mod_pg($pg)
{
$p = plugins::getinst();
$user = $p->d->getrow('SELECT * FROM users WHERE name="' . $pg . '";');
if ($user->account_id == $_SESSION['datiaccount']['id']) {
$t = new template('template/mod_pg.tpl');
$t->assign_var('PG_NAME', $pg);
if ($_POST) {
$query = 'UPDATE users SET description="' . $_POST['desc'] . '",image="' . $_POST['image'] . '" WHERE name="' . $pg . '";';
$upd = $p->d->query($query);
if (!$upd) {
$t->start_block('mod_failed');
$t->end_block('mod_failed');
} else {
$t->start_block('mod_success');
$t->end_block('mod_success');
}
} else {
$t->start_block('mod_failed');
$t->end_block('mod_failed');
}
$p->action('mod_pg');
$t->out();
}
}
static function guestbook_page()
{
$p = plugins::getinst();
$t = new template('template/guestbook.tpl');
//Eseguo l'azione "guestbook_page"
$p->action('guestbook_page');
//Se il messaggio non è vuoto
if (!empty($_POST['message'])) {
//Variabili
$username = mysql_real_escape_string(htmlentities($_POST['username']));
$text = mysql_real_escape_string(htmlentities($_POST['message']));
//Imposto un filtro sul messaggio
$text = $p->filter('guestbook_message_send', $text);
//Eseguo la query e ne controllo l'esito
$query = 'INSERT INTO guestbook SET username="******",text="' . $text . '",time=NOW();';
if ($p->d->query($query)) {
$t->block_null('new_success');
}
}
//Eseguo la query per selezionare tutti i messaggi
$select = 'SELECT * FROM guestbook ORDER BY time DESC;';
$messaggi = $p->d->getresults($select);
//Aggiungo i messaggi al template
foreach ($messaggi as $m) {
$t->block_assign('message', array('USERNAME' => $m->username, 'MESSAGE' => $m->text));
}
$t->out();
}
public function getOutput($templateName, $t = array())
{
ob_start();
template::out($templateName, $t);
$r = ob_get_contents();
ob_end_clean();
return $r;
}
static function master_adm_page()
{
global $t;
$p = plugins::getinst();
//controllo che l'utente sia master
control_access(MASTER_ACCESS) != 1 ? header('Location: ../logout') : NULL;
$t = new template('template/master.tpl');
//eseguo l'azione master_menu
$p->action('master_menu');
@$t->out();
}
static function news_list()
{
$p = plugins::getinst();
$t = new template('template/news_list.tpl');
$messages = $p->d->getresults('SELECT * FROM news ORDER BY id DESC;');
foreach ($messages as $news) {
$t->start_block('news_row');
$t->assign_block_vars(array('AUTHOR' => $news->author, 'DATE' => $news->date, 'TEXT' => stripslashes($news->text)));
$t->end_block('news_row');
}
$t->out();
}
function guestbook()
{
global $p, $t, $game_name;
$t = new template('template/guestbook.tpl');
$t->assign_var('NAME', $game_name);
if (!empty($_POST['message'])) {
$username = mysql_real_escape_string(htmlentities($_POST['username']));
$text = mysql_real_escape_string(htmlentities($_POST['message']));
$query = 'INSERT INTO guestbook SET username="******",text="' . $text . '",time=NOW();';
if ($p->d->query($query)) {
$t->to_comp['new_success'][] = array();
}
}
$select = 'SELECT * FROM guestbook ORDER BY time DESC;';
$messaggi = $p->d->getresults($select);
foreach ($messaggi as $m) {
$t->to_comp['message'][] = array('USERNAME' => $m->username, 'MESSAGE' => $m->text);
}
$t->out();
}
static function password_rec()
{
$p = plugins::getinst();
$t = new template('template/rec_password.tpl');
//se è stata scritta in POST l'email
if ($_POST['mail']) {
$mail = mysql_real_escape_string($_POST['mail']);
//controllo che si trovi nel database
$user = $p->d->getrow('SELECT * FROM accounts WHERE email="' . $mail . '";');
if ($user) {
//creo la nuova password
$lettere = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '$', '£');
for ($i = 0; $i < 8; $i++) {
$password .= $lettere[rand(0, 65)];
}
$to = $user->email;
$object = "Recupero password di " . $user->username . " su " . config::game_name . " .";
$text = 'Questa mail ti é stata inviata perché hai richiesto il recupero della tua password per il login al gioco.
<br/><br/>Username:'******'<br/>Password Nuova:' . htmlentities($password) . '<br/>
Ti ricordiamo di cambiarla ogni 6 mesi e di usare caratteri alfanumerici, maiuscole e segni in modo da renderla più sicura.';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'To:' . $user->username . '<"' . $user->email . '">' . "\r\n";
$headers .= 'From: ' . config::game_name . '' . "\r\n";
if (!mail($to, $object, $text, $headers)) {
$t->block_null('rec_password_failed');
} else {
$t->block_null('rec_password_success');
$p->d->query('UPDATE accounts SET password="******" WHERE id="' . $user->id . '";');
}
} else {
$t->block_null('rec_password_failed');
}
} else {
$t->block_null('rec_password_form');
}
$t->out();
}
<?php
template::out('404');
static function account_switch($action = '')
{
/* prendo l'istanza della classe plugin dal singleton | Call Singleton Plugin */
$p = plugins::getinst();
/* prendo l'id dell'account | gain account id
* TODO Fix filtraggio input
*/
$account_id = $_SESSION['datiaccount']['id'];
$t = new template('template/account_switch.tpl');
/* se si vuole usare un utente | "Use a User Profile" Action */
if ($action == 'use_user') {
/* vedo se esiste l'utente selezionato e se è dell'account che lo ha selezionato | Check existance and proprietary account on selected one
* TODO Fix filtraggio input
*/
$cond = $p->d->getrow('SELECT COUNT(id) AS count, account_id FROM users WHERE id="' . mysql_real_escape_string($_POST['pg_id']) . '" GROUP BY id;');
/* se supera l'if metto nella sessione i dati del pg separati da quelli dell'account, cambio pg_id nella tabella sessioni e mando l'utente alla pagina main |
* save usre data out of account data, update pg_id in session table, redirect to main page */
if ($cond->count > 0 && $cond->account_id == $_SESSION['datiaccount']['id']) {
$_SESSION['datiuser'] = get_object_vars($p->d->getrow('SELECT * FROM users WHERE id="' . $_POST['pg_id'] . '";'));
$updsess = $p->d->query('UPDATE sessioni SET pg_id="' . $_POST['pg_id'] . '" WHERE session_id="' . session_id() . '";');
header('Location:' . config::game_dir . '/plugins.php/main');
/* command to redirect */
}
}
/* se si vuole cambiare la password | Change Password OF FULL ACCOUNT */
if ($action == 'change_pwd') {
/* cripto in md5 quella nuova | md5 encript
* TODO Fix filtraggio input
*/
$password = md5(mysql_real_escape_string($_POST['password']));
/* faccio l'update della password sul db | update query */
$query = 'UPDATE accounts SET password="******",last_change_pwd=NOW() WHERE id="' . $account_id . '";';
if ($p->d->query($query) > 0) {
$t->block_null('new_password_success');
} else {
$t->block_null('new_password_failed');
}
}
/* se si vuole creare un nuovo utente | New User */
if ($action == 'new_user') {
/* prendo tutti i dati passati in POST e li passo a mysql_real_escape_string e htmlentities per evitare XSS e SQL injections | Input filtering
* TODO Fix filtraggio input
*/
$name = mysql_real_escape_string(htmlentities($_POST['name']));
$surname = mysql_real_escape_string(htmlentities($_POST['surname']));
$sex = mysql_real_escape_string(htmlentities($_POST['sex']));
$race = mysql_real_escape_string(htmlentities($_POST['race']));
/* vedo se sono stati riempiti tutti i campi | no empty fields */
if ($name == NULL || ($surname = NULL || $sex == NULL || $race == NULL)) {
die('Non hai riempito tutti i campi <br/> <a href="javascript:history.back();">torna indietro</a>');
}
/* java function to reload form */
/* controllo che il personaggio non esista già | Check in DB for duplicate entries */
if ($p->d->getvar('SELECT COUNT(id) as count FROM users WHERE name="' . $name . '";') > 0) {
die('Il personaggio che vuoi creare esiste già! <br/> <a href="javascript:history.back();">torna indietro</a>');
}
/* vedo se l'utente ha già raggiunto il massimo di pg consentiti (settati nel config) | check for max number of users in account */
if ($p->d->getvar('SELECT COUNT(*) FROM users WHERE account_id="' . $account_id . '";') < config::max_pg) {
/* creo il pg e lo collego all'account che lo ha creato | add user in db and link it to account */
$query = 'INSERT INTO users SET account_id="' . $account_id . '",name="' . $name . '",surname="' . $surname . '",sex="' . $sex . '",race="' . $race . '";';
$p->d->query($query);
/* faccio un refresh della pagina, per evitare che lo faccia manualmente l'utente creando un'altro utente vuoto | force a refresh so no duplicate entries for hand-made refreshes */
header('Location:' . config::game_dir . '/plugins.php/account_switch');
} else {
echo 'Hai raggiunto il numero massimo di personaggi consentiti... <br/> <a href="javascript:history.back();">torna indietro</a>';
}
/* | if already has all slot full display a warning and rollback */
}
/* assegno l'account id e il path di questa pagina al template | view init: assign account id and path to template */
$t->assign_var('ID', $account_id);
$t->assign_var('ACTION', config::game_dir . '/plugins.php/account_switch');
/* | Check for last changed password
* TODO Fix filtraggio input
*/
$time_password = $p->d->getvar('SELECT COUNT(id) FROM accounts WHERE id="' . $_SESSION['datiaccount']['id'] . '" AND last_change_pwd < (NOW() - INTERVAL 6 MONTH);');
if ($time_password > 0) {
$t->block_null('change_password');
}
/* seleziono i pg dell'utente | extract from db account's pc */
$users = $p->d->getresults('SELECT * FROM users WHERE account_id="' . $account_id . '" LIMIT 0,' . config::max_pg . ';');
/* se ce ne sono li aggiungo al template | if any add it to template */
if (count($users) > 0) {
foreach ($users as $user) {
$t->start_block('user');
$t->assign_block_vars(array('PG_ID' => $user->id, 'PG_NAME' => $user->name, 'PG_SURNAME' => $user->surname, 'PG_IMAGE' => $user->image, 'PG_DESC' => isset($user->description) ? $user->description : 'nessuna descrizione'));
$t->end_block('user');
/* assegnazioni per gli editor in-place per le modifiche dei PG | set editor-in-place for PC mod */
$t->block_assign('javascript_inplace_row_surname', 'ID', $user->id);
$t->block_assign('javascript_inplace_row_desc', 'ID', $user->id);
}
}
/* se il numero di utenti è minore del numero massimo consentito visualizzo il form di creazione pg | If
* number of current pc is less than max allowed per account, show new PC form */
if (count($users) < config::max_pg) {
/* | Use config constant to perform check */
$query = 'SELECT * FROM razze WHERE evolution!=1;';
/* TODO implementare uso delle sottorazze e razze avanzate */
$races = $p->d->getresults($query);
/* ogni razza a cui sia possibile aggiungere il pg è aggiunta nel template | add any pc's allowed race to template */
$t->start_block('new_user_form');
foreach ($races as $race) {
$t->block_assign('race_row', array('RACE_ID' => $race->id, 'RACE_NAME' => $race->name));
}
$t->end_block('new_user_form');
}
// endif
$t->out();
}
static function mp_view($id = 0)
{
global $t;
$p = plugins::getinst();
$t = new template('template/mp_view.tpl');
$mess = $p->d->getrow('SELECT * FROM messaggi WHERE id="' . $id . '" AND (mittente="' . $_SESSION['datiuser']['id'] . '" OR dest="' . $_SESSION['datiuser']['id'] . '");');
if (!$mess) {
$t->to_comp['if_message_dont_exist'][0] = array();
$p->action('mp_view_error');
} else {
$t->to_comp['if_message_exist'][0] = array();
$t->assign_vars(array('TIME' => $mess->time, 'FROM' => $p->d->getvar('SELECT name FROM users WHERE id="' . $mess->mittente . '";'), 'TO' => $p->d->getvar('SELECT name FROM users WHERE id="' . $mess->dest . '";'), 'TEXT' => stripslashes($mess->text)));
if ($mess->dest == $_SESSION['datiuser']['id']) {
$t->to_comp['if_message_exist'][0]['if_message_arrived'][0] = array();
$p->d->query('UPDATE messaggi SET letto=1 WHERE id="' . $mess->id . '";');
}
$p->action('mp_view');
}
@$t->out();
}
static function chat_add()
{
global $t;
$p = plugins::getinst();
$t = new template('template/new_chat.tpl');
$access = control_access(ADMIN_ACCESS);
if (!$access) {
$t->to_comp['not_admin'][] = array();
$t->out();
exit;
}
$name = mysql_real_escape_string($_POST['name']);
$img = mysql_real_escape_string($_POST['img']);
$desc = mysql_real_escape_string($_POST['desc']);
$query = 'INSERT INTO stanze SET name="' . $name . '",image="' . $img . '",description="' . $desc . '";';
$new = $p->d->query($query);
if (!$new) {
$t->to_comp['is_admin'][0]['new_failed'][] = array();
} else {
$t->to_comp['is_admin'][0]['new_success'][] = array();
}
$p->action('chat_new');
$t->out();
}
static function logout()
{
$p = plugins::getinst();
$t = new template('template/logout.tpl');
//Elimino l'utente dalle sessioni
$query = 'DELETE FROM sessioni WHERE session_id="' . session_id() . '";';
$p->d->query($query);
//Elimino le variabili di sessione resettando $_SESSION
$_SESSION = array();
$t->start_block('logout');
//Eseguo l'azione "logout"
$p->action('logout');
$t->end_block('logout');
$t->out();
}
static function edit_post($forum_id = 0, $id = 0)
{
$p = plugins::getinst();
if ($id != 0) {
$t = new template('template/forum_message.tpl');
$t->assign_var('FORUM_ID', $forum_id);
//controllo se la bacheca è riservata al master e in caso controllo che l'utente lo sia
if ($p->d->getvar('SELECT master FROM forums WHERE id="' . $forum_id . '";') == 1 && control_access(MASTER_ACCESS) != 1) {
$t->start_block('access_denied');
$t->end_block('access_denied');
} else {
$post = $p->d->getrow('SELECT * FROM posts WHERE id="' . $id . '"');
if (!$_POST) {
$t->start_block('message_form');
if ($post->title != NULL && $post->topic_id == 0) {
$t->block_assign('is_topic', 'TOPIC_TITLE', $post->title);
}
$t->assign_block_var('TEXT', $post->text);
$t->assign_block_var('SUBMIT_TEXT', 'modifica messaggio');
$t->assign_block_var('ACTION', '{ROOT}/plugins.php/edit_post/' . $forum_id . '/' . $id);
$t->end_block('message_form');
} else {
if (isset($_POST['title'])) {
$title = mysql_real_escape_string(htmlentities($_POST['title']));
} else {
$title = $post->title;
}
$text = $p->filter('topic_message_edited', mysql_real_escape_string(htmlentities($_POST['text'])));
$query = 'UPDATE posts SET title="' . $title . '",text="' . $text . '" WHERE id="' . $id . '"';
$res = $p->d->query($query);
if ($res > 0) {
$t->block_assign('success', 'TEXT_SUCCESS', 'Messaggio modificato!');
} else {
$t->block_assign('failed', 'TEXT_FAILED', 'Messaggio NON modificato: ' . mysql_error());
}
}
}
$t->out();
}
}
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
session_start();
include 'class.db.php';
include 'config.php';
include 'functions.php';
include 'class.template.php';
include 'class.plugins.php';
//Istanzio le classi
$d = new db(config::db_user, config::db_password, config::db_host, config::db_name);
$t = new template('template/index_body.tpl');
$p = plugins::getinst();
function __autoload($name)
{
global $d;
$plugin_file = $d->getvar('SELECT file FROM plugins WHERE name="' . $name . '" AND active=1;');
include_once $plugin_file . '.php';
}
//Eseguo l'azione "index"
$p->action('index');
//Visualizzo l'output del template
$t->out();
function online()
{
$p = plugins::getinst();
$t = new template('template/online.tpl');
//seleziono distintamente le stanze dove si trovano i pg
$stanze = $p->d->getresults('SELECT DISTINCT chat_name,chat_id FROM sessioni GROUP BY chat_id ASC;');
//per ogni stanza aggiungo al template i pg presenti
for ($i = 0; $i < count($stanze); $i++) {
$chat = $stanze[$i];
$t->start_block('online_chat');
$t->assign_block_vars(array('CHAT_ID' => $chat->chat_id, 'CHAT_NAME' => $chat->chat_name));
$users = $p->d->getcol('SELECT pg_id FROM sessioni WHERE chat_id="' . $chat->chat_id . '";');
foreach ($users as $user) {
$username = $p->d->getvar('SELECT name FROM users WHERE id="' . $user . '";');
$t->start_block('online_row');
$t->assign_block_var('USERNAME', $username);
$t->end_block('online_row');
}
$t->end_block('online_chat');
}
@$t->out();
}
static function get_chat($last_time = NULL)
{
$p = plugins::getinst();
$t = new template('template/chat_messages.tpl');
$chat_id = $_SESSION['stanza'];
$query = 'SELECT * FROM messaggi_chat WHERE time > "' . $last_time . '" AND chat_id="' . $chat_id . '" ORDER BY time DESC;';
if (empty($last_time)) {
$query = 'SELECT * FROM messaggi_chat WHERE time > ' . (time() * 1000 - 30 * 60 * 1000) . ' AND chat_id="' . $chat_id . '" ORDER BY time DESC;';
}
$messages = $p->d->getresults($query);
if ($messages) {
foreach ($messages as $mess) {
$time = date('H:i', $mess->time / 1000);
$t->start_block('message');
$message = array('HOUR' => $time, 'USERNAME' => $mess->user, 'TEXT' => stripslashes($mess->text));
switch ($mess->text[0]) {
//in base al primo carattere del messaggio
//se è un + il messaggio è in terza persona
case '+':
$t->start_block('third_person');
$message['TEXT'] = substr($message['TEXT'], 1);
$t->assign_block_vars($message);
//assegno l'array message preparato prima
$t->end_block('third_person');
break;
//se è * è del master, ma controllo che chi l'ha scritto sia realmente un master prima
//se è * è del master, ma controllo che chi l'ha scritto sia realmente un master prima
case '*':
$master = $p->d->getvar('SELECT master FROM accounts WHERE id=(SELECT account_id FROM users WHERE name="' . $mess->user . '");');
if ($master == 1) {
$t->start_block('master');
$message['TEXT'] = substr($message['TEXT'], 1);
$t->assign_block_vars($message);
//assegno l'array message preparato prima
$t->end_block('master');
} else {
$t->to_comp['message'][]['normal'][] = $message;
}
break;
//altrimenti è un messaggio normale
//altrimenti è un messaggio normale
default:
$t->start_block('normal');
$t->assign_block_vars($message);
//assegno l'array message preparato prima
$t->end_block('normal');
break;
}
$t->end_block('message');
}
}
//$p->action('chat_body');
@$t->out();
}
static function register_action()
{
global $p;
$t = new template('template/register.tpl');
//inizializzo il template
if ($_POST) {
//controllo e modifico le stringhe passate per evitare bugs
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$username = mysql_real_escape_string(htmlspecialchars($_POST['username']));
//$surname=mysql_real_escape_string(htmlspecialchars($_POST['surname']));
$password = md5($_POST['password']);
//$race_id=$_POST['race'];
//$sex=$_POST['sex'];
//controllo se l'email dell'utente esiste già, per evitare i doppi
if ($p->d->getvar('SELECT COUNT(id) FROM accounts WHERE email="' . $email . '" OR username="******";') > 0) {
$t->start_block('register_failed');
$t->end_block('register_failed');
$p->action('register_failed');
} else {
//$query='INSERT INTO users SET name="'.$username.'",surname="'.$surname.'",password="******",email="'.$email.'",sex="'.$sex.'",race="'.$race_id.'";';
$query = 'INSERT INTO accounts SET username="******",password="******",email="' . $email . '",last_change_pwd=NOW() ;';
$result = $p->d->query($query);
if ($result == 1) {
$t->start_block('register_success');
$t->assign_block_var('USERNAME', $username);
$t->end_block('register_success');
} else {
$t->start_block('register_failed');
$t->end_block('register_failed');
}
}
} else {
$t->start_block('register_failed');
$t->end_block('register_failed');
}
$t->out();
}
<?php
template::out('webylene');
