/**
* Update the information of a viewing observer, or player.
**/
function update_activity_info()
{
$sql = new DBAccess();
// ******************** Usage Information of the browser *********************
$remoteAddress = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : NULL;
$userAgent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : NULL;
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : NULL;
// ************** Setting anonymous and player usage information
if (!SESSION::is_set('online')) {
// *** Completely new session, update latest activity log.
if ($remoteAddress) {
// *** Delete prior to trying to re-insert into the people online.
$sql->query("DELETE FROM ppl_online WHERE ip_address='" . $_SERVER['REMOTE_ADDR'] . "'\n\t\t\t\t or session_id = '" . session_id() . "'");
}
// Update viewer data.
$sql->query("INSERT INTO ppl_online (session_id, activity, ip_address, refurl, user_agent) " . "VALUES ('" . session_id() . "', now(), '{$remoteAddress}', '{$referer}', '{$userAgent}')");
SESSION::set('online', true);
} else {
// An already existing session.
if (is_logged_in()) {
// A logged in player, update their activity time
$sql->query("UPDATE ppl_online SET activity=now(), member='y' WHERE session_id='" . session_id() . "'");
} else {
// Un-logged-in observer, as login has not yet occurred.
$sql->query("UPDATE ppl_online SET activity=now() WHERE session_id='" . session_id() . "'");
}
}
}
function getHealth($who)
{
global $sql;
$health = $sql->QueryItem("SELECT health FROM players WHERE uname = '{$who}'");
if ($who == SESSION::get('username')) {
SESSION::set('health', $health);
}
return $health;
}
/**
* Actual login! Performs the login of a user using pre-vetted info!
* Creates the cookie and session stuff for the login process.
**/
function _login_user($p_username, $p_player_id, $p_account_id)
{
if (!$p_username || !$p_player_id || !$p_account_id) {
throw new Exception('Request made to _login_user without all of username, player_id, and account_id being set.');
}
SESSION::commence();
// Start a session on a successful login.
$_COOKIE['username'] = $p_username;
// May want to keep this for relogin easing purposes.
SESSION::set('username', $p_username);
// Actually char name
SESSION::set('player_id', $p_player_id);
// Actually char id.
SESSION::set('account_id', $p_account_id);
update_activity_log($p_player_id);
update_last_logged_in($p_player_id);
$up = "UPDATE players SET active = 1 WHERE player_id = :char_id";
query($up, array(':char_id' => array($p_player_id, PDO::PARAM_INT)));
}
$quickstat = "player";
include SERVER_ROOT . "interface/header.php";
$recent_attack = null;
$start_of_attack = microtime(true);
$attack_spacing = 0.2;
// fraction of a second
if (SESSION::is_set('recent_attack')) {
$recent_attack = SESSION::get('recent_attack');
}
if ($recent_attack && $recent_attack > $start_of_attack - $attack_spacing) {
echo "<p>Even the best of ninjas cannot attack that quickly.</p>";
echo "<a href='attack_player.php'>Return to combat</a>";
SESSION::set('recent_attack', $start_of_attack);
die;
} else {
SESSION::set('recent_attack', $start_of_attack);
}
?>
<span class="brownHeading">Battle Status</span>
<hr>
<?php
// TODO: Turn this page/system into an object to be run.
// *** ********* GET VARS FROM POST - OR GET ************* ***
$attacked = in('attacked');
// boolean for attacking again
$target = $attackee = either(in('target'), in('attackee'));
$username = get_username();
// Pulls from an internal source.
function put_player_info_in_session($player_stats)
{
assert(count($player_stats) > 0);
foreach ($player_stats as $name => $val) {
if (is_string($name)) {
SESSION::set($name, $val);
} else {
if (DEBUG) {
var_dump($player_stats);
throw new Exception('player stat not a string');
}
}
}
}
protected function restoreContext(&$cookie, &$session)
{
if ($session) {
$_COOKIE = array();
foreach ($session as $k => &$v) {
s::set($k, $v);
}
s::regenerateId(false, false);
}
$_COOKIE =& $cookie;
}
$player = get_player_info();
$confirm_delete = false;
$profile_changed = false;
$profile_max_length = 500;
// Should match the limit in limitStatChars.js
$delete_attempts = SESSION::is_set('delete_attempts') ? SESSION::get('delete_attempts') : null;
if ($deleteAccount) {
$verify = false;
$verify = is_authentic($username, $passW);
if ($verify == true && !$delete_attempts) {
// *** Username&password matched, on the first attempt.
pauseAccount($username);
// This may redirect and stuff?
} else {
if ($deleteAccount == 2) {
SESSION::set('delete_attempts', 1);
$error = 'Deleting of account failed, please email ' . SUPPORT_EMAIL;
} else {
$confirm_delete = true;
}
}
} else {
if ($changeprofile == 1) {
// Limit the profile length.
if ($newprofile != "") {
$sql->Update("UPDATE players SET messages = '" . sql($newprofile) . "' WHERE uname = '" . sql($username) . "'");
$affected_rows = $sql->a_rows;
$profile_changed = true;
} else {
$error = "Can not enter a blank profile.";
}
}
}
} else {
if ($victim == "thief") {
// Check the counter to see whether they've attacked a thief multiple times in a row.
if (SESSION::is_set('counter')) {
$counter = SESSION::get('counter');
} else {
$counter = 1;
}
$counter = $counter + 1;
SESSION::set('counter', $counter);
// Save the current state of the counter.
if ($counter > 20 && rand(1, 3) == 3) {
// Only after many attacks do you have the chance to be attacked back by the group of theives.
SESSION::set('counter', 0);
// Reset the counter to zero.
echo "<img src='images/scenes/KunitsunaTrainingWithTengu.jpg' alt='' style='width:1000px'>";
echo "<p>A group of tengu thieves is waiting for you. They seem to be angered by your attacks on their brethren.</p>";
$group_attack = rand(50, 150);
if (!subtractHealth($username, $group_attack)) {
// If the den of theives killed the attacker.
echo "<p>The group of theives does {$group_attack} damage to you!</p>";
echo "<p>The group of thieves have avenged their brotherhood and beaten you to a bloody pulp.</p>";
echo "<p>Go to the <a href=\"shrine.php\">shrine</a> to resurrect.</p>";
} else {
// The den of thieves didn't accomplish their goal
$group_gold = rand(100, 300);
if ($group_attack > 120) {
// Powerful attack gives an additional disadvantage
echo "<p>You overpowered the swine, but the blow to the head they gave you before they ran made you lose some of your memories!</p>";
include "codeheader.php";
include $incdir . "db_verbinden.php";
include $incdir . "session.php";
$user = '';
$userlevel = 99;
// keine Berechtigung
$userfolder = "";
if (NULL === SESSION::get('user')) {
if (isset($post_vars['user'])) {
if (login($post_vars['user'], $post_vars['pass'], $userlevel, $userfolder, $plain)) {
// Erfolgreich eingeloggt
SESSION::set('user', $post_vars['user']);
SESSION::set('userlevel', $userlevel);
SESSION::set('userfolder', $userfolder);
SESSION::set('plain', $plain);
$gherdazu = 'adabei';
// 1x Umleitung, damit beim browser-back nicht die Meldung "bla erneut senden bla" kommt
header("Location: {$php_selbst}");
} else {
// gescheiterter Einloggversuch
SESSION::un_set('user');
SESSION::un_set('userlevel');
SESSION::un_set('userpageid');
$gherdazu = 'tatigern';
}
} else {
// Noch nicht eingeloggt (erster Aufruf der Seite)
$gherdazu = 'sonet';
}
} else {
/**
* Is Test
* Whilst running unit tests, this will be true.
* @return BOOL
*/
public static function isTest()
{
if (isset($_GET['isTest']) && Auth::isAuthenticated() && Auth::currentUser()->can("runTestingTools")) {
SESSION::set("isTest", $_GET['isTest']);
}
return !static::isDev() && (SESSION::get("isTest") || TOUCHBASE_ENV == 'test' || in_array(@$_SERVER['HTTP_HOST'], static::config()->get("servers")->get("testing", [])));
}
$hide_setting = !$searched && SESSION::is_set('hide_dead') ? SESSION::get('hide_dead') : 'dead';
// Defaults to hiding dead via session.
$hide = $searched ? 'none' : in('hide', $hide_setting);
// search override > get setting > session setting
$alive_only = $hide == 'dead';
$page = in('page', 1);
// Page will get changed down below.
$alive_count = 0;
$record_limit = 20;
// *** The number of players that gets shown per page.
$view_type = in('view_type');
$rank = get_rank($char_id);
$dead_count = query_item("SELECT count(player_id) FROM rankings WHERE alive = false");
$page = in('page');
if (!$searched && $hide_setting != $hide) {
SESSION::set('hide_dead', $hide);
}
// Save the toggled state for later.
// Display the clear search and create the where clause for searching.
// If a search was made, specify letter or word-based search.
// If unless showing dead, check that health is > 0, or alive = true from the ranking.
// Otherwise, no searching was done, so the score
$where_clauses = array();
// Array to add where clauses to.
// Select some players from the ranking.
$queryParams = array();
if ($searched) {
$view_type = 'searched';
if (strlen($searched) == 1) {
$where_clauses[] = " (rankings.uname ilike :param" . count($queryParams) . " || '%') ";
$queryParams[] = $searched;
public function login($login, $password)
{
$login = trim($login);
$password = trim($password);
if ($login != '' && $password != '') {
if ($this->CheckLogin($login) && $this->CheckPassword($password)) {
$DB = \DB::init();
if ($DB->connected()) {
$sth = $DB->dbh->prepare("SELECT * FROM `n-users` WHERE LOWER(`usr-login`) = LOWER(?) LIMIT 1;");
\CORE::msg('debug', 'User login check');
$sth->bindParam(1, $login, \PDO::PARAM_STR);
$sth->execute();
$DB->query_count();
if ($sth->rowCount() == 1) {
$r = $sth->fetch();
$salt = $r['usr-salt'];
$hashpass = md5(md5($password) . $salt);
$sth = $DB->dbh->prepare("SELECT * FROM `n-users` WHERE LOWER(`usr-login`)=LOWER(:login) AND `usr-pwd`=:hashpass LIMIT 1;");
$sth->execute(array(':login' => $login, ':hashpass' => $hashpass));
$DB->query_count();
\CORE::msg('debug', 'User login and password check');
if ($sth->rowCount() == 1) {
if ($r['usr-status'] > 0) {
$r = $sth->fetch();
// here will be additional checking via profile data, if needed
\SESSION::start();
// here may be some additional records, like when login, which ip, etc
$uid = (int) $r['usr-uid'];
$gid = (int) $r['usr-gid'];
\SESSION::set('uid', $uid);
\SESSION::set('gid', $gid);
\SESSION::set('user', $login);
if (isset($r['usr-pid'])) {
$pid = (int) $r['usr-pid'];
\SESSION::set('pid', $pid);
}
// setcookie(PREFX.'st',1,time()+3600); // 1 hour
if (isset($_POST['cookie'])) {
//// $time=86400; // 24 hours
//// setcookie(PREFIX."ul", base64_encode($login), time()+$time, "/");
}
$sth = $DB->dbh->prepare("UPDATE `n-users` SET `usr-lastlogin`=CURRENT_TIMESTAMP() WHERE `usr-uid`=?;");
$sth->execute(array($uid));
$DB->query_count();
\CORE::msg('debug', 'User is logged in');
header('Location: ./');
exit;
} else {
\CORE::msg('error', 'Account is currently locked');
}
} else {
\CORE::msg('error', 'Incorrect username or password');
}
} else {
\CORE::msg('error', 'Incorrect username or password');
}
} else {
\CORE::msg('debug', 'DB is not connected');
}
// ?? move to db class
} else {
\CORE::msg('error', 'Username or password is not valid');
}
} else {
\CORE::msg('error', 'Empty username or password');
}
}
/**
* Update the information of a viewing observer, or player.
**/
function update_activity_info()
{
// ******************** Usage Information of the browser *********************
Request::setTrustedProxies(Constants::$trusted_proxies);
$request = Request::createFromGlobals();
$remoteAddress = $request->getClientIp();
$userAgent = isset($_SERVER['HTTP_USER_AGENT']) ? substr($_SERVER['HTTP_USER_AGENT'], 0, 250) : NULL;
// Truncated at 250 char.
$referer = isset($_SERVER['HTTP_REFERER']) ? substr($_SERVER['HTTP_REFERER'], 0, 250) : '';
// Truncated at 250 char.
// ************** Setting anonymous and player usage information
$dbconn = DatabaseConnection::getInstance();
if (!SESSION::is_set('online')) {
// *** Completely new session, update latest activity log. ***
if ($remoteAddress) {
// *** Delete prior to trying to re-insert into the people online. ***
$statement = DatabaseConnection::$pdo->prepare('DELETE FROM ppl_online WHERE ip_address = :ip OR session_id = :sessionID');
$statement->bindValue(':ip', $remoteAddress);
$statement->bindValue(':sessionID', session_id());
$statement->execute();
}
// *** Update viewer data. ***
$statement = DatabaseConnection::$pdo->prepare('INSERT INTO ppl_online (session_id, activity, ip_address, refurl, user_agent) VALUES (:sessionID, now(), :ip, :referer, :userAgent)');
$statement->bindValue(':sessionID', session_id());
$statement->bindValue(':ip', $remoteAddress);
$statement->bindValue(':referer', $referer);
$statement->bindValue(':userAgent', $userAgent);
$statement->execute();
SESSION::set('online', true);
} else {
// *** An already existing session. ***
$statement = DatabaseConnection::$pdo->prepare('UPDATE ppl_online SET activity = now(), member = :member WHERE session_id = :sessionID');
$statement->bindValue(':sessionID', session_id());
$statement->bindValue(':member', is_logged_in(), PDO::PARAM_BOOL);
$statement->execute();
}
}
