die("<h3>{GAME_NAME} Error</h3>\n\tYou did not fill in the login form!<br />\n\t<a href='login.php'>> Back</a>");
}
$form_username = mysql_real_escape_string(stripslashes($username), $c);
$raw_password = stripslashes($password);
$uq = mysql_query("SELECT `userid`, `userpass`, `pass_salt`\n FROM `users`\n WHERE `login_name` = '{$form_username}'", $c);
if (mysql_num_rows($uq) == 0) {
die("<h3>{GAME_NAME} Error</h3>\n\tInvalid username or password!<br />\n\t<a href='login.php'>> Back</a>");
} else {
$mem = mysql_fetch_assoc($uq);
$login_failed = false;
// Pass Salt generation: autofix
if (empty($mem['pass_salt'])) {
if (md5($raw_password) != $mem['userpass']) {
$login_failed = true;
}
$salt = generate_pass_salt();
$enc_psw = encode_password($mem['userpass'], $salt, true);
$e_salt = mysql_real_escape_string($salt, $c);
// in case of changed salt function
$e_encpsw = mysql_real_escape_string($enc_psw, $c);
// ditto for password encoder
mysql_query("UPDATE `users`\n \t\t SET `pass_salt` = '{$e_salt}', `userpass` = '{$e_encpsw}'\n \t\t WHERE `userid` = {$mem['userid']}", $c);
} else {
$login_failed = !verify_user_password($raw_password, $mem['pass_salt'], $mem['userpass']);
}
if ($login_failed) {
die("<h3>{GAME_NAME} Error</h3>\n\t\tInvalid username or password!<br />\n\t\t<a href='login.php'>> Back</a>");
}
if ($mem['userid'] == 1 && file_exists('./installer.php')) {
die("<h3>{GAME_NAME} Error</h3>\n The installer still exists! You need to delete installer.php immediately.<br />\n <a href='login.php'>> Back</a>");
}
function new_user_submit()
{
global $ir, $c, $userid;
if (!isset($_POST['username']) || !isset($_POST['login_name']) || !isset($_POST['userpass'])) {
print "You missed one or more of the required fields. Please go back and try again.<br />\n<a href='new_staff.php?action=newuser'>> Back</a>";
$h->endpage();
exit;
}
$level = abs((int) $_POST['level']);
$money = abs((int) $_POST['money']);
$crystals = abs((int) $_POST['crystals']);
$donator = abs((int) $_POST['donatordays']);
$ulevel = abs((int) $_POST['user_level']);
$strength = abs((int) $_POST['strength']);
$agility = abs((int) $_POST['agility']);
$guard = abs((int) $_POST['guard']);
$labour = abs((int) $_POST['labour']);
$iq = abs((int) $_POST['iq']);
$energy = 10 + $level * 2;
$brave = 3 + $level * 2;
$hp = 50 + $level * 50;
$username = mysql_real_escape_string(strip_tags(stripslashes($_POST['username'])), $c);
$loginname = mysql_real_escape_string(strip_tags(stripslashes($_POST['login_name'])), $c);
$password = stripslashes($_POST['userpass']);
$salt = generate_pass_salt();
$enc_psw = encode_password($password, $salt, false);
$i_salt = mysql_real_escape_string($salt, $c);
$i_encpsw = mysql_real_escape_string($enc_psw, $c);
$email = mysql_real_escape_string(strip_tags(stripslashes($_POST['email'])), $c);
$gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female')) ? $_POST['gender'] : 'Male';
mysql_query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays,\n user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender,\n signedup, email, bankmoney, pass_salt)\n VALUES( '{$username}', '{$loginname}', '{$i_encpsw}', {$level},\n {$money}, {$crystals}, {$donator}, {$ulevel}, {$energy}, {$energy}, 100, 100, {$brave}, {$brave}, {$hp}, {$hp}, 1,\n '{$gender}', " . time() . ", '{$email}', -1, '{$i_salt}')", $c);
$i = mysql_insert_id($c);
mysql_query("INSERT INTO userstats VALUES({$i}, {$strength}, {$agility}, {$guard}, {$labour}, {$iq})", $c);
print "User created!";
}
function install()
{
menuprint('sql');
$paypal = isset($_POST['paypal']) && valid_email($_POST['paypal']) ? gpc_cleanup($_POST['paypal']) : '';
$adm_email = isset($_POST['a_email']) && valid_email($_POST['a_email']) ? gpc_cleanup($_POST['a_email']) : '';
$adm_username = isset($_POST['a_username']) && strlen($_POST['a_username']) > 3 ? gpc_cleanup($_POST['a_username']) : '';
$adm_gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female'), true) ? $_POST['gender'] : 'Male';
$description = isset($_POST['game_description']) ? gpc_cleanup($_POST['game_description']) : '';
$owner = isset($_POST['game_owner']) && strlen($_POST['game_owner']) > 3 ? gpc_cleanup($_POST['game_owner']) : '';
$game_name = isset($_POST['game_name']) ? gpc_cleanup($_POST['game_name']) : '';
$adm_pswd = isset($_POST['a_password']) && strlen($_POST['a_password']) > 3 ? gpc_cleanup($_POST['a_password']) : '';
$adm_cpswd = isset($_POST['a_cpassword']) ? gpc_cleanup($_POST['a_cpassword']) : '';
$db_hostname = isset($_POST['hostname']) ? gpc_cleanup($_POST['hostname']) : '';
$db_username = isset($_POST['username']) ? gpc_cleanup($_POST['username']) : '';
$db_password = isset($_POST['password']) ? gpc_cleanup($_POST['password']) : '';
$db_database = isset($_POST['database']) ? gpc_cleanup($_POST['database']) : '';
$errors = array();
if (empty($db_hostname)) {
$errors[] = 'No Database hostname specified';
}
if (empty($db_username)) {
$errors[] = 'No Database username specified';
}
if (empty($db_database)) {
$errors[] = 'No Database database specified';
}
if (empty($adm_username) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $adm_username)) {
$errors[] = 'Invalid admin username specified';
}
if (empty($adm_pswd)) {
$errors[] = 'Invalid admin password specified';
}
if ($adm_pswd !== $adm_cpswd) {
$errors[] = 'The admin passwords did not match';
}
if (empty($adm_email)) {
$errors[] = 'Invalid admin email specified';
}
if (empty($owner) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $owner)) {
$errors[] = 'Invalid game owner specified';
}
if (empty($game_name)) {
$errors[] = 'Invalid game name specified';
}
if (empty($description)) {
$errors[] = 'Invalid game description specified';
}
if (empty($paypal)) {
$errors[] = 'Invalid game PayPal specified';
}
if (count($errors) > 0) {
echo "Installation failed.<br />\n There were one or more problems with your input.<br />\n <br />\n <b>Problem(s) encountered:</b>\n <ul>";
foreach ($errors as $error) {
echo "<li><span style='color: red;'>{$error}</span></li>";
}
echo "</ul>\n > <a href='installer.php?code=config'>Go back to config</a>";
require_once 'installer_foot.php';
exit;
}
// Try to establish DB connection first...
echo 'Attempting DB connection...<br />';
$c = mysql_connect($db_hostname, $db_username, $db_password);
mysql_select_db($db_database, $c);
// Done, move on
echo '... Successful.<br />';
echo 'Writing game config file...<br />';
echo 'Write DB Connector...<br />';
$code = md5(rand(1, 100000000000));
if (file_exists("mysql.php")) {
unlink("mysql.php");
}
$e_db_hostname = addslashes($db_hostname);
$e_db_username = addslashes($db_username);
$e_db_password = addslashes($db_password);
$e_db_database = addslashes($db_database);
$config_file = <<<EOF
<?php
\$c = mysql_connect('{$e_db_hostname}', '{$e_db_username}', '{$e_db_password}') or die(mysql_error());
mysql_select_db('{$e_db_database}', \$c);
EOF;
$f = fopen('mysql.php', 'w');
fwrite($f, $config_file);
fclose($f);
echo '... file written.<br />';
echo 'Writing base database schema...<br />';
$fo = fopen("dbdata.sql", "r");
$query = '';
$lines = explode("\n", fread($fo, 1024768));
fclose($fo);
foreach ($lines as $line) {
if (!(strpos($line, "--") === 0) && trim($line) != '') {
$query .= $line;
if (!(strpos($line, ";") === FALSE)) {
mysql_query($query);
$query = '';
}
}
}
echo '... done.<br />';
echo 'Writing game configuration...<br />';
$ins_username = mysql_real_escape_string(htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1'), $c);
$salt = generate_pass_salt();
$e_salt = mysql_real_escape_string($salt, $c);
$encpsw = encode_password($adm_pswd, $salt);
$e_encpsw = mysql_real_escape_string($encpsw, $c);
$ins_email = mysql_real_escape_string($adm_email, $c);
$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR'], $c);
$ins_game_name = htmlentities($game_name, ENT_QUOTES, 'ISO-8859-1');
$ins_game_desc = nl2br(htmlentities($description, ENT_QUOTES, 'ISO-8859-1'));
$ins_game_owner = htmlentities($owner, ENT_QUOTES, 'ISO-8859-1');
$ins_game_id1name = htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1');
mysql_query("INSERT INTO `users`\n (`username`, `login_name`, `userpass`, `level`, `money`,\n `crystals`, `donatordays`, `user_level`, `energy`, `maxenergy`,\n `will`, `maxwill`, `brave`, `maxbrave`, `hp`, `maxhp`, `location`,\n `gender`, `signedup`, `email`, `bankmoney`, `lastip`,\n `pass_salt`)\n VALUES ('{$ins_username}', '{$ins_username}', '{$e_encpsw}', 1,\n 100, 0, 0, 2, 12, 12, 100, 100, 5, 5, 100, 100, 1,\n '{$adm_gender}', " . time() . ", '{$ins_email}', -1, '{$IP}',\n '{$e_salt}')", $c) or die(mysql_error());
$i = mysql_insert_id($c);
mysql_query("INSERT INTO `userstats`\n \t\t VALUES({$i}, 10, 10, 10, 10, 10)", $c);
$gamename_files = array('authenticate.php', 'donator.php', 'explore.php', 'gamerules.php', 'header.php', 'helptutorial.php', 'loggedin.php', 'login.php', 'new_staff.php', 'register.php', 'voting.php');
$gameowner_files = array('header.php', 'login.php');
$paypal_files = array('donator.php', 'willpotion.php');
$gamedesc_files = array('login.php');
$id1_files = array('gamerules.php');
$cron_files = array('crons/cron_day.php', 'crons/cron_fivemins.php', 'crons/cron_hour.php', 'crons/cron_minute.php');
foreach ($gamename_files as $file) {
file_update($file, '{GAME_NAME}', $ins_game_name);
}
foreach ($gameowner_files as $file) {
file_update($file, '{GAME_OWNER}', $ins_game_owner);
}
foreach ($paypal_files as $file) {
file_update($file, '{PAYPAL}', $paypal);
}
foreach ($gamedesc_files as $file) {
file_update($file, '{GAME_DESCRIPTION}', $ins_game_desc);
}
foreach ($id1_files as $file) {
file_update($file, '{ID1_NAME}', $ins_game_id1name);
}
foreach ($cron_files as $file) {
file_update($file, '{CRON_CODE}', $code);
}
echo '... Done.<br />';
$path = dirname($_SERVER['SCRIPT_FILENAME']);
echo "\n <h2>Installation Complete!</h2>\n <hr />\n <h3>Cron Info</h3>\n <br />\n This is the cron info you need for section <b>1.2 Cronjobs</b> of the installation instructions.<br />\n <pre>\n */5 * * * * php {$path}/crons/cron_fivemins.php {$code}\n * * * * * php {$path}/crons/cron_minute.php {$code}\n 0 * * * * php {$path}/crons/cron_hour.php {$code}\n 0 0 * * * php {$path}/crons/cron_day.php {$code}\n </pre>\n ";
echo "<h3>Installer Security</h3>\n Attempting to remove installer... ";
@unlink('./installer.php');
$success = !file_exists('./installer.php');
echo "<span style='color: " . ($success ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />";
if (!$success) {
echo "Attempting to lock installer... ";
@touch('./installer.lock');
$success2 = file_exists('installer.lock');
echo "<span style='color: " . ($success2 ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />";
if ($success2) {
echo "<span style='font-weight: bold;'>" . "You should now remove dbdata.sql, installer.php, installer_foot.php and installer_home.php from your server." . "</span>";
} else {
echo "<span style='font-weight: bold; font-size: 20pt;'>" . "YOU MUST REMOVE dbdata.sql, installer.php, " . "installer_foot.php and installer_home.php from your server.<br />" . "Failing to do so will allow other people " . "to run the installer again and potentially " . "mess up your game entirely." . "</span>";
}
} else {
require_once 'installer_foot.php';
@unlink('./installer_head.php');
@unlink('./installer_foot.php');
@unlink('./dbdata.sql');
exit;
}
}
