public function AddAward($request)
{
if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) == 0) {
return NoAuthorization();
}
$mundane = new yapo($this->db, DB_PREFIX . 'mundane');
$mundane->clear();
$mundane->mundane_id = $mundane_id;
if (!$mundane->find()) {
return InvalidParameter();
}
$authorizer = ['KingdomId' => $mundane->kingdom_id, 'ParkId' => $mundane->park_id];
if (valid_id($request['AwardId'])) {
$request['KingdomAwardId'] = Ork3::$Lib->award->LookupAward(['KingdomId' => $recipient['KingdomId'], 'AwardId' => $request['AwardId']]);
} else {
if (valid_id($request['KingdomAwardId'])) {
list($kingdom_id, $request['AwardId']) = Ork3::$Lib->award->LookupKingdomAward(['KingdomAwardId' => $recipient['KingdomAwardId']]);
}
}
if (valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $authorizer['ParkId'], AUTH_EDIT)) {
if (valid_id($request['GivenById'])) {
$given_by = $this->GetPlayer(['MundaneId' => $request['GivenById']]);
}
if (valid_id($request['ParkId'])) {
$Park = new Park();
$park_info = $Park->GetParkShortInfo(['ParkId' => $given_by['Player']['ParkId']]);
if ($park_info['Status']['Status'] != 0) {
return InvalidParameter('Invalid Parameter 2');
}
}
if (valid_id($request['AwardId'])) {
$request['KingdomAwardId'] = Ork3::$Lib->award->LookupAward(['KingdomId' => $request['KingdomId'], 'AwardId' => $request['AwardId']]);
}
$awards = new yapo($this->db, DB_PREFIX . 'awards');
$awards->clear();
$awards->kingdomaward_id = $request['KingdomAwardId'];
$awards->award_id = $request['AwardId'];
$awards->custom_name = $request['CustomName'];
$awards->unit_id = $request['RecipientId'];
$awards->rank = $request['Rank'];
$awards->date = $request['Date'];
$awards->given_by_id = $request['GivenById'];
$awards->at_park_id = valid_id($request['ParkId']) ? $request['ParkId'] : 0;
$awards->at_kingdom_id = valid_id($request['KingdomId']) ? $request['KingdomId'] : 0;
$awards->at_event_id = valid_id($request['EventId']) ? $request['EventId'] : 0;
$awards->note = $request['Note'];
// If no event, then go Park!
if (valid_id($request['GivenById'])) {
$awards->park_id = valid_id($given_by['Player']['ParkId']) ? $given_by['Player']['ParkId'] : 0;
// If no event and valid parkid, go Park! Otherwise, go Kingdom. Unless it's an event. Then go ... ZERO!
$awards->kingdom_id = valid_id($given_by['Player']['KingdomId']) ? $given_by['Player']['KingdomId'] : 0;
}
// Events are awesome.
$awards->save();
return Success($awards->awards_id);
} else {
return NoAuthorization('No Authorization');
}
}
public function CreateEvent($request)
{
logtrace("CreateEvent()", $request);
$log = '';
$mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token']);
// Common event setup
$this->event->clear();
$this->event->kingdom_id = $request['KingdomId'];
$this->event->park_id = $request['ParkId'];
$this->event->mundane_id = $request['MundaneId'];
$this->event->unit_id = $request['UnitId'];
$this->event->name = $request['Name'];
$this->event->modified = date('Y-m-d H:i:s');
if (valid_id($request['MundaneId']) && !valid_id($request['UnitId'])) {
$this->event->kingdom_id = 0;
$this->event->park_id = 0;
$this->event->unit_id = 0;
$this->event->save();
} else {
if (valid_id($request['UnitId'])) {
$this->event->kingdom_id = 0;
$this->event->park_id = 0;
$this->event->save();
} else {
if (valid_id($request['ParkId']) && valid_id($request['KingdomId']) && valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $request['ParkId'], AUTH_CREATE)) {
$park = new yapo($this->db, DB_PREFIX . 'park');
$park->clear();
$park->park_id = $request['ParkId'];
if ($park->find()) {
$this->event->mundane_id = 0;
$this->event->unit_id = 0;
$this->event->save();
} else {
return InvalidParameter(NULL, 'Problem processing request.');
}
} else {
if (valid_id($request['KingdomId']) && valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_KINGDOM, $request['KingdomId'], AUTH_CREATE)) {
$kingdom = new yapo($this->db, DB_PREFIX . 'kingdom');
$kingdom->clear();
$kingdom->kingdom_id = $request['KingdomId'];
if ($kingdom->find()) {
$this->event->park_id = 0;
$this->event->mundane_id = 0;
$this->event->unit_id = 0;
$this->event->save();
} else {
return InvalidParameter(NULL, 'Problem processing request.');
}
} else {
// Bailout without committing
return NoAuthorization();
}
}
}
}
Ork3::$Lib->heraldry->SetEventHeraldry($request);
return Success($this->event->event_id);
}
public function LookupKingdomAward($request)
{
if (valid_id($request['KingdomAwardId'])) {
$kingdomaward = new yapo($this->db, DB_PREFIX . 'kingdomaward');
$kingdomaward->clear();
$kingdomaward->kingdomaward_id = $request['KingdomAwardId'];
$kingdomaward->find();
return array($kingdomaward->award_id, $kingdomaward->kingdom_id);
}
}
public function Park($name, $kingdom_id = null, $limit = null)
{
$park = new yapo($this->db, DB_PREFIX . 'park');
$park->clear();
$park->name = "%{$name}%";
$park->name_term = 'like';
if (is_numeric($kingdom_id)) {
$park->kingdom_id = $kingdom_id;
}
$i = 0;
if ($park->find(array('name'))) {
$r = array();
do {
$r[$i++] = array('ParkId' => $park->park_id, 'KingdomId' => $park->kingdom_id, 'Name' => $park->name, 'Active' => $park->active);
if (is_numeric($limit)) {
if ($limit == 0) {
break;
}
$limit--;
}
} while ($park->next());
return $r;
} else {
return array();
}
}
public function HasAuthority($mundane_id, $type, $id, $role)
{
logtrace("HasAuthority", [$mundane_id, $type, $id, $role]);
if (valid_id($mundane_id) && (valid_id($id) || $type == AUTH_ADMIN)) {
} else {
if ($type == AUTH_ADMIN && valid_id($mundane_id)) {
} else {
return false;
}
}
// Is Admin?
$this->auth->clear();
$this->auth->mundane_id = $mundane_id;
$this->auth->role = AUTH_ADMIN;
if ($this->auth->find() && $this->auth->size() > 0) {
return true;
}
// Playing shenanigans
if (0 == $id) {
return false;
}
// Check for bans
$this->mundane->clear();
$this->mundane->mundane_id = $mundane_id;
if (!$this->mundane->find()) {
return false;
} else {
if ($this->mundane->penalty_box == 1) {
return false;
}
}
$this->auth->clear();
$this->auth->mundane_id = $mundane_id;
// Basic check -- does the user have direct access?
// NOTE: Admin check here does not check for admin privileges per se, but for whether
// an Admin Authorization request is avail (Admin == Admin)
// For elevated privileges (Admin > Park|Kingdom|Event|Unit), the check is handled below
switch ($type) {
case AUTH_PARK:
$this->auth->park_id = $id;
break;
case AUTH_KINGDOM:
$this->auth->kingdom_id = $id;
break;
case AUTH_EVENT:
$this->auth->event_id = $id;
break;
case AUTH_UNIT:
$this->auth->unit_id = $id;
break;
case AUTH_ADMIN:
$this->auth->role = AUTH_ADMIN;
break;
default:
return false;
}
if ($this->auth->find() && $id != 0) {
$sufficient = false;
do {
switch ($this->auth->role) {
case AUTH_EDIT:
$sufficient |= AUTH_EDIT == $role;
case AUTH_CREATE:
return true;
case AUTH_ADMIN:
return true;
}
} while ($this->auth->next());
// Something matched, fly away my pretty!
if ($sufficient) {
return true;
}
}
if ($type == AUTH_ADMIN) {
return false;
}
// Upper-level authority check, we have to find the parents of
// of the subject, and check their auths
// !$sufficient is redundant, but I don't trust the next guy to hold the invariant
if (!$sufficient && $type != AUTH_KINGDOM) {
switch ($type) {
case AUTH_PARK:
$park = new yapo($this->db, DB_PREFIX . 'park');
$park->clear();
$park->park_id = $id;
if ($park->find()) {
$id = $park->kingdom_id;
if ($this->HasAuthority($mundane_id, AUTH_KINGDOM, $id, $role)) {
return true;
}
}
break;
case AUTH_EVENT:
$event = new yapo($this->db, DB_PREFIX . 'event');
$event->clear();
$event->event_id = $id;
if ($event->find()) {
if ($this->HasAuthority($mundane_id, AUTH_KINGDOM, $event->kingdom_id, $role) || $this->HasAuthority($mundane_id, AUTH_PARK, $event->park_id, $role) || ($event->mundane_id = $mundane_id)) {
return true;
}
}
break;
}
}
return $sufficient;
}
public function RemoveAward($request)
{
logtrace("RemoveAward()", $request);
$mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token']);
$awards = new yapo($this->db, DB_PREFIX . 'awards');
$awards->clear();
$awards->awards_id = $request['AwardsId'];
if (valid_id($request['AwardsId']) && $awards->find()) {
$mundane = $this->player_info($awards->mundane_id);
if (valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $mundane['ParkId'], AUTH_EDIT)) {
$awards->delete();
} else {
return NoAuthorization();
}
} else {
return InvalidParameter();
}
}
public function fetch_account_pointers($type, $id)
{
$config = new yapo($this->db, DB_PREFIX . 'configuration');
$config->clear();
$config->type = ucfirst($type);
$config->id = $id;
$config->key = 'AccountPointers';
if ($config->find()) {
return json_decode($config->value, true);
} else {
return false;
}
}
public static function get_configs($id, $type = CFG_KINGDOM)
{
global $DB;
$config = new yapo($DB, DB_PREFIX . 'configuration');
$config->clear();
$config->type = $type;
$config->id = $id;
$response = [];
if ($config->find()) {
do {
$response[$config->key] = ['ConfigurationId' => $config->configuration_id, 'Type' => $config->var_type, 'Key' => $config->key, 'Value' => json_decode(stripslashes($config->value)), 'UserSetting' => $config->user_setting, 'AllowedValues' => json_decode(stripslashes($config->allowed_values))];
} while ($config->next());
}
return $response;
}
echo "<h2>Create Admin</h2>";
$sql = "INSERT INTO `" . DB_PREFIX . "mundane` (`mundane_id`, `given_name`, `surname`, `other_name`, `username`, `persona`, `email`, `park_id`, `kingdom_id`, `token`, `modified`, `restricted`, `waivered`, `waiver_ext`, `has_heraldry`, `has_image`, `company_id`, `token_expires`, `password_expires`, `password_salt`, `xtoken`, `penalty_box`, `active`) VALUES (1, 'admin', 'admin', 'admin', 'admin', 'admin', '*****@*****.**', 0, 0, '', '2013-04-24 12:55:31', 0, 0, '', 0, 0, 0, '0000-00-00 00:00:00', '2014-04-24 11:55:31', 'b1a838cc8bbbdc7d2008ac00890cb8eb', '', 0, 1)";
$DB->query($sql);
$sql = "INSERT INTO `" . DB_PREFIX . "credential` (`key`, `expiration`) VALUES ('e.I0/92KStOsJu3dq5/WAErF..MkctX2KwjhsIn7vcB1Y3cim2nemAiVsc4byiUXzuhQu0', '2014-09-29 23:08:36')";
$DB->query($sql);
$sql = "INSERT INTO `" . DB_PREFIX . "authorization` (`authorization_id`, `mundane_id`, `park_id`, `kingdom_id`, `event_id`, `unit_id`, `role`, `modified`) VALUES (1, 1, 0, 0, 0, 0, 'admin', '2013-04-24 13:28:25')";
$DB->query($sql);
$adminuser = '******';
$adminpassword = '******';
$Authorization = new APIModel('Authorization');
$T = $Authorization->Authorize(array('UserName' => $adminuser, 'Password' => $adminpassword));
$Token = $T['Token'];
$Award = new APIModel('Award');
echo "<h2>Cache Classes & Find Matches</h2>";
$class_namemap = array("Antipaladin" => 'Anti-Paladin', "Archer" => 'Archer', "Assassin" => 'Assassin', "Barbarian" => 'Barbarian', "Bard" => 'Bard', "Color" => 'Color', "Druid" => 'Druid', "Healer" => 'Healer', "Monk" => 'Monk', "Monster" => 'Monster', "Paladin" => 'Paladin', "Peasant" => 'Peasant', "Raider" => 'Color', "Reeve" => 'Reeve', "Scout" => 'Scout', "Warrior" => 'Warrior', "Wizard" => 'Wizard');
$classes->clear();
$classes->find();
$class_map = array();
$Attendance->create_system_classes();
$orkclasses = $Attendance->GetClasses(array());
do {
foreach ($orkclasses['Classes'] as $idx => $classinfo) {
if ($classinfo['Name'] == $class_namemap[$classes->classname]) {
$classid = $classinfo['ClassId'];
break;
}
}
$class_map[$classes->classpk] = $classid;
} while ($classes->next());
pre_print_r($class_map);
echo "<h2>Create System Awards</h2>";
public function SetKingdomParkTitles($request)
{
$response = [];
if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) > 0 && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_KINGDOM, $request['KingdomId'], AUTH_EDIT)) {
$this->log->Write('Kingdom', $mundane_id, LOG_EDIT, $request);
if (is_array($request['ParkTitles'])) {
$parktitle = new yapo($this->db, DB_PREFIX . 'parktitle');
foreach ($request['ParkTitles'] as $k => $title) {
switch ($title['Action']) {
case CFG_REMOVE:
$parktitle->clear();
$parktitle->parktitle_id = $title['ParkTitleId'];
if (valid_id($title['ParkTitleId']) && $parktitle->find()) {
if ($parktitle->kingdom_id != $request['KingdomId']) {
$response['Status'] = NoAuthorization('You cannot edit the park titles of another kingdom.');
return $response;
}
$parktitle->delete();
}
break;
case CFG_EDIT:
$parktitle->clear();
$parktitle->parktitle_id = $title['ParkTitleId'];
if (valid_id($title['ParkTitleId']) && $parktitle->find()) {
if ($parktitle->kingdom_id != $request['KingdomId']) {
$response['Status'] = NoAuthorization('You cannot edit the park titles of another kingdom.');
return $response;
}
$parktitle->title = strlen($title['Title']) ? $title['Title'] : $parktitle->title;
$parktitle->class = strlen($title['Class']) ? $title['Class'] : $parktitle->class;
$parktitle->minimumattendance = strlen($title['MinimumAttendance']) ? $title['MinimumAttendance'] : $parktitle->minimumattendance;
$parktitle->minimumcutoff = strlen($title['MinimumCutoff']) ? $title['MinimumCutoff'] : $parktitle->minimumcutoff;
$parktitle->period = strlen($title['Period']) ? $title['Period'] : $parktitle->period;
$parktitle->period_length = strlen($title['PeriodLength']) ? $title['PeriodLength'] : $parktitle->period_length;
$parktitle->save();
}
break;
case CFG_ADD:
$parktitle->clear();
$parktitle->kingdom_id = $request['KingdomId'];
$parktitle->title = $title['Title'];
$parktitle->class = $title['Class'];
$parktitle->minimumattendance = $title['MinimumAttendance'];
$parktitle->minimumcutoff = $title['MinimumCutoff'];
$parktitle->period = $title['Period'];
$parktitle->period_length = $title['PeriodLength'];
$parktitle->save();
break;
}
}
}
$response = Success();
} else {
$response = NoAuthorization(null, $mundane_id);
}
return $response;
}
public function SetParkDetails($request)
{
logtrace("SetParkDetails", $request);
$response = array();
$this->park->clear();
if (trimlen($request['Name']) > 0) {
$this->park->name = trim($request['Name']);
if ($this->park->find()) {
if ($this->park->park_id != $request['ParkId']) {
return InvalidParameter('This park name already exists.');
}
}
}
$this->park->clear();
$this->park->park_id = $request['ParkId'];
if ($this->park->find()) {
if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) > 0 && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $request['ParkId'], AUTH_EDIT)) {
$this->log->Write('Park', $mundane_id, LOG_EDIT, $request);
$this->park->modified = date("Y-m-d H:i:s", time());
if (Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_KINGDOM, $this->park->kingdom_id, AUTH_EDIT)) {
$this->park->name = trimlen($request['Name']) == 0 ? $this->park->name : $request['Name'];
$this->park->abbreviation = trimlen($request['Abbreviation']) == 0 ? $this->park->abbreviation : $request['Abbreviation'];
$parktitle = new yapo($this->db, DB_PREFIX . 'parktitle');
$parktitle->clear();
if (isset($request['ParkTitleId']) && $request['ParkTitleId'] != $this->park->parktitle_id) {
$parktitle->parktitle_id = $request['ParkTitleId'];
if ($parktitle->find()) {
$this->park->parktitle_id = $request['ParkTitleId'];
}
}
$this->park->active = trimlen($request['Active']) == 0 ? $this->park->active : $request['Active'];
}
$address_change = false;
if (isset($request['Address']) && ($this->park->address != $request['Address'] || trimlen($this->park->location) == 0)) {
$address_change = true;
}
$this->park->url = isset($request['Url']) ? $request['Url'] : $this->park->url;
$this->park->address = isset($request['Address']) ? $request['Address'] : $this->park->address;
$this->park->city = isset($request['City']) ? $request['City'] : $this->park->city;
$this->park->province = isset($request['Province']) ? $request['Province'] : $this->park->province;
$this->park->postal_code = isset($request['PostalCode']) ? $request['PostalCode'] : $this->park->postal_code;
$this->park->directions = isset($request['Directions']) ? $request['Directions'] : $this->park->directions;
$this->park->description = isset($request['Description']) ? $request['Description'] : $this->park->description;
$this->park->map_url = isset($request['MapUrl']) ? $request['MapUrl'] : $this->park->map_url;
$this->park->save();
$this->park->clear();
$this->park->park_id = $request['ParkId'];
if ($this->park->find()) {
if ($address_change) {
if (isset($request['GeoCode']) && trimlen($request['GeoCode']) > 0) {
$this->park_geocode_h($request['GeoCode']);
} else {
$this->park_geocode_h();
}
}
$response = Success();
if ($request['KingdomId'] > 0 && $this->park->kingdom_id != $request['KingdomId']) {
// Seriously? You couldn't work it out somehow?
// AKA Blackspire Code, AKA Golden Plains Exception
if (Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_ADMIN, $request['KingdomId'], AUTH_ADMIN)) {
$this->park->kingdom_id = $request['KingdomId'];
} else {
$response = Warning('You do not have permissions to move this Park [' . $this->park->park_id . ', ' . $this->park->kingdom_id . '] to another Kingdom [' . $request['KingdomId'] . '].');
}
}
if (strlen($request['Heraldry'])) {
Ork3::$Lib->heraldry->SetParkHeraldry($request);
}
$this->park->save();
$response = Success($this->park->park_id);
} else {
$response = InvalidParameter('ParkId could not be found.');
}
} else {
$response = NoAuthorization('You do not have permissions to perform this action: ' . $mundane_id);
}
} else {
$response = InvalidParameter('ParkId could not be found.');
}
return $response;
}
