$sql = "UPDATE {$db_prefix}players SET plLoginCounter = " . ++$iLoginCounter . " " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'";
//Log failed login attempt
$sLogWarn = "Failed login attempt\nE-mail: {$sEmail}\n" . "Attempt was made from IP address {$_SERVER['REMOTE_ADDR']}";
LogWarning($sLogWarn);
//Check for too many failed logins
if ($iLoginCounter > LOGIN_TRIES && $row['plPassword'] != 'ACCOUNT DISABLED') {
//Change SQL query so that plPassword and plLoginCounter are both updated
$sql = "UPDATE {$db_prefix}players SET plPassword = '******', plLoginCounter = " . $iLoginCounter . " WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'";
$sMessage = "You have entered an incorrect password too many times. Your account has been disabled.<br>" . "An e-mail has been sent to your e-mail address with instructions on how to re-enable your account.";
//E-mail user
$sBody = "This is an automated message from " . SYSTEM_NAME . ". Your account has been disabled, because " . "an incorrect password was entered too many times. You can re-enable your account by resetting your " . "password (Follow the 'Get a new password' link from the front page). If you have any problems, " . "please contact " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . " to have your account re-enabled.\n\n" . fnSystemURL();
mail($sEmail, SYSTEM_NAME . ' - account disabled', $sBody, "From:" . SYSTEM_NAME . " <" . TECH_CONTACT_MAIL . ">");
//E-mail admin and log a warning
$sBody = "Account with e-mail address {$sEmail} has been disabled, after too many failed login attempts.\n" . "Latest attempt was from IP address {$_SERVER['REMOTE_ADDR']}\n" . "An e-mail has been sent to the user.\n\n" . fnSystemURL();
mail(TECH_CONTACT_MAIL, SYSTEM_NAME . ' - account disabled', $sBody, "From:" . SYSTEM_NAME . " <" . TECH_CONTACT_MAIL . ">");
LogWarning($sBody);
} elseif ($row['plPassword'] == 'ACCOUNT DISABLED') {
//Account has been previously disabled. Just display message - do not send e-mail
$sMessage = "Your account has been disabled. To re-enable it, either <a href = 'retrieve.php'>request a new password</a>" . " or e-mail " . TECH_CONTACT_NAME . ", using the link below";
}
//Run query to update plLoginCounter (and plPassword, if account is being disabled)
ba_db_query($link, $sql) . $sql;
}
} else {
//User is not logging in, so reset login cookies
//Cookies are reset here, but values will not be available until next page load. Note that Lynx (and others?)
//do not seem to reset cookies when they are set null value, so we set them to zero, then set them to null
setcookie('BA_PlayerID', 0);
setcookie('BA_PlayerID', '');
setcookie('BA_LoginTime', 0);
setcookie('BA_LoginTime', '');
/**
* Log a warning message.
* @param string $message The message.
*/
function warn($message)
{
LogWarning($message, $this);
}
|
| You should have received a copy of the GNU General Public License along with
| Bitsand. If not, see <http://www.gnu.org/licenses/>.
+---------------------------------------------------------------------------*/
//Get access level for logged-in user
$sql = "SELECT plAccess FROM " . DB_PREFIX . "players WHERE plPlayerID = {$PLAYER_ID}";
LogWarning("SQL to check player is admin:\n{$sql}");
$result = ba_db_query($link, $sql);
$row = ba_db_fetch_assoc($result);
//Redirect to start page if user is not an admin
//Note that root user is also an admin
$inc_admin_log = "Checking user is an admin\n";
$inc_admin_log .= "ROOT_USER_ID: " . ROOT_USER_ID . "\n";
$inc_admin_log .= '$PLAYER_ID: ' . "{$PLAYER_ID}\n";
$inc_admin_log .= '$row ["plAccess"] : ' . $row['plAccess'] . "\n";
if (ROOT_USER_ID == $PLAYER_ID && $PLAYER_ID != 0) {
$inc_admin_log .= "User is root\n";
} elseif ($row['plAccess'] == 'admin') {
$inc_admin_log .= "User is an admin\n";
} else {
$inc_admin_log .= "User is NOT an admin\n";
}
LogWarning($inc_admin_log);
if (ROOT_USER_ID != $PLAYER_ID && $row['plAccess'] != 'admin') {
LogWarning("Player ID {$PLAYER_ID} tried to access an admin-only page (" . basename($_SERVER["SCRIPT_FILENAME"]) . ")\n");
//Make up URL & redirect
$sURL = SYSTEM_URL . 'start.php?warn=' . urlencode('You do not have permission to access that page');
header("Location: {$sURL}");
}
//If this script is included, then the page is an admin page. Set CSS prefix
$CSS_PREFIX = '../';
/**
* Submit a PHP log message through this logger.
* @param int $errno The PHP error number.
* @param string $errmsg The error message.
* @param string $filename The file the message originated in.
* @param string $linenum The line number in the file the message
* originated in.
*/
function submitFromPHP($errno, $errmsg, $filename, $linenum)
{
global $PHP_ERRORTYPES;
if (array_key_exists($errno, $PHP_ERRORTYPES)) {
$errorType = $PHP_ERRORTYPES[$errno];
} else {
LogWarning("Unknown PHP error type {$errno}, assuming E_ERROR");
$errorType = $PHP_ERRORTYPES[E_ERROR];
}
$this->submit($errorType[0], "{$errno} " . $errorType[1] . " ({$filename}:{$linenum}): {$errmsg}");
}
| Bitsand. If not, see <http://www.gnu.org/licenses/>.
+---------------------------------------------------------------------------*/
//Do not need login check for this page
$bLoginCheck = False;
include 'inc/inc_head_db.php';
$db_prefix = DB_PREFIX;
// Get POST into variables
$email = $_POST['email'];
$password = sha1($_POST['password'] . PW_SALT);
$ic = (int) $_POST['ic'];
//Set up & run query
$sql = "SELECT plPlayerID FROM {$db_prefix}players " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $email) . "' AND plPassword = '******'";
$result = ba_db_query($link, $sql);
if (ba_db_num_rows($result) > 1) {
//Log warning if there was more than one row returned
LogWarning("export.php - more than one result from e-mail and password\n{$sql}");
}
if (ba_db_num_rows($result) > 0) {
//Successfully logged in
$row = ba_db_fetch_assoc($result);
$id = $row['plPlayerID'];
} else {
die("ERROR: Wrong e-mail or password");
}
// Export as a CSV file
header("Content-Type: text/csv");
// Get OOC details
$key = CRYPT_KEY;
$sql = "SELECT plFirstName, " . "plSurname, " . "AES_DECRYPT(pleAddress1, '{$key}') AS dAddress1, " . "AES_DECRYPT(pleAddress2, '{$key}') AS dAddress2, " . "AES_DECRYPT(pleAddress3, '{$key}') AS dAddress3, " . "AES_DECRYPT(pleAddress4, '{$key}') AS dAddress4, " . "AES_DECRYPT(plePostcode, '{$key}') AS dPostcode, " . "AES_DECRYPT(pleTelephone, '{$key}') AS dTelephone, " . "AES_DECRYPT(pleMobile, '{$key}') AS dMobile, " . "plEmail, " . "plDOB, " . "AES_DECRYPT(pleMedicalInfo, '{$key}') AS dMedicalInfo, " . "plEmergencyName, " . "AES_DECRYPT(pleEmergencyNumber, '{$key}') AS dEmergencyNumber, " . "plEmergencyRelationship, " . "plCarRegistration, " . "plDietary " . "FROM {$db_prefix}players WHERE plPlayerID = {$id}";
$result = ba_db_query($link, $sql);
$row = ba_db_fetch_assoc($result);
$sWarn = '';
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '' && CheckReferrer('ic_form.php')) {
$sNameWarn = IC_Check();
//Character details - check if character exists
$sql = "SELECT * FROM {$db_prefix}characters WHERE chPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
//If character does not exist insert a row so that UPDATE query will work
if (ba_db_num_rows($result) == 0) {
$sql = "INSERT INTO {$db_prefix}characters (chPlayerID) VALUES ({$PLAYER_ID})";
if (!ba_db_query($link, $sql)) {
$sWarn = "There was a problem updating your IC details";
LogError("Error inserting player ID into characters table prior to running UPDATE query.\nPlayer ID: {$PLAYER_ID}");
}
} elseif (ba_db_num_rows($result) > 1) {
LogWarning("Multiple rows in characters table with player ID {$PLAYER_ID}");
}
if ($_POST['selGroup'] == 'Other (enter name below)') {
$sSelGroupName = '';
} else {
$sSelGroupName = $_POST['selGroup'];
}
if ($_POST['selAncestor'] == 'Other (enter name below)') {
$sSelAncestorName = '';
} else {
$sSelAncestorName = $_POST['selAncestor'];
}
//Build up UPDATE query
if ($sNameWarn == '') {
//IC Check passed try to save
$sql = "UPDATE {$db_prefix}characters SET chName = '" . ba_db_real_escape_string($link, $_POST['txtCharName']) . "', " . "chPreferredName = '" . ba_db_real_escape_string($link, $_POST['txtPreferredName']) . "', " . "chRace = '" . ba_db_real_escape_string($link, $_POST['selRace']) . "', " . "chGender = '" . ba_db_real_escape_string($link, $_POST['selGender']) . "', " . "chGroupSel = '" . ba_db_real_escape_string($link, $sSelGroupName) . "', " . "chGroupText = '" . ba_db_real_escape_string($link, $_POST['txtGroup']) . "', " . "chFaction = '" . ba_db_real_escape_string($link, $_POST['selFaction']) . "', " . "chAncestor = '" . ba_db_real_escape_string($link, $_POST['txtAncestor']) . "', " . "chAncestorSel = '" . ba_db_real_escape_string($link, $sSelAncestorName) . "', " . "chLocation = '" . ba_db_real_escape_string($link, $_POST['selLocation']) . "', " . "chNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', " . "chOSP = '" . ba_db_real_escape_string($link, $_POST['txtSpecial']) . "' " . "WHERE chPlayerID = {$PLAYER_ID}";
} else {
$iByPost = 1;
}
//Set up UPDATE query
$refnumber = (int) $_POST["txtRefNumber{$value}"];
$marshal = stripslashes($_POST["cboMarshal{$value}"]);
$sEmail = ba_db_real_escape_string($link, SafeEmail($_POST['txtEmail']));
$sql = "UPDATE {$db_prefix}players SET plFirstName = '" . ba_db_real_escape_string($link, $_POST['txtFirstName']) . "', " . "plSurname = '" . ba_db_real_escape_string($link, $_POST['txtSurname']) . "', " . "pleAddress1 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress1']) . "', '{$key}'), " . "pleAddress2 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress2']) . "', '{$key}'), " . "pleAddress3 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress3']) . "', '{$key}'), " . "pleAddress4 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress4']) . "', '{$key}'), " . "plePostcode = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPostcode']) . "', '{$key}'), " . "pleTelephone = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPhone']) . "', '{$key}'), " . "pleMobile = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtMobile']) . "', '{$key}'), " . "plEmail = '{$sEmail}', " . "plDOB = '{$dob}', " . "pleMedicalInfo = AES_ENCRYPT('" . ba_db_real_escape_string($link, $sMedInfo) . "', '{$key}'), " . "plEmergencyName = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyName']) . "', " . "pleEmergencyNumber = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtEmergencyNumber']) . "', '{$key}'), " . "plEmergencyRelationship = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyRelationship']) . "', " . "plCarRegistration = '{$sCarReg}', " . "plDietary = '" . ba_db_real_escape_string($link, $_POST['selDiet']) . "', " . "plNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', " . "plAdminNotes = '" . ba_db_real_escape_string($link, $_POST['txtAdminNotes']) . "', ";
$sql .= "plRefNumber = {$refnumber}, plMarshal = '{$marshal}',";
$sql .= "plEventPackByPost = {$iByPost} ";
$sql .= "WHERE plPlayerID = {$admin_player_id}";
//Run UPDATE query
if (ba_db_query($link, $sql)) {
//Query should affect exactly one row. Log a warning if it affected more
if (ba_db_affected_rows($link) > 1) {
LogWarning("More than one row updated during admin OOC update (admin_edit_ooc.php). Player ID: {$admin_player_id}");
}
//Do not redirect if there are any warnings (required fields not filled in, etc)
if ($sWarn == '') {
//Make up URL & redirect
$sURL = fnSystemURL() . "admin_viewdetails.php?pid={$admin_player_id}&green=" . urlencode("OOC details updated");
header("Location: {$sURL}");
}
} else {
$sWarn = "There was a problem updating the OOC details";
LogError("Error updating OOC information (admin_edit_ooc.php). Player ID: {$admin_player_id}");
}
}
//Get existing details if there are any
$sql = "SELECT plFirstName, " . "plSurname, " . "AES_DECRYPT(pleAddress1, '{$key}') AS dAddress1, " . "AES_DECRYPT(pleAddress2, '{$key}') AS dAddress2, " . "AES_DECRYPT(pleAddress3, '{$key}') AS dAddress3, " . "AES_DECRYPT(pleAddress4, '{$key}') AS dAddress4, " . "AES_DECRYPT(plePostcode, '{$key}') AS dPostcode, " . "AES_DECRYPT(pleTelephone, '{$key}') AS dTelephone, " . "AES_DECRYPT(pleMobile, '{$key}') AS dMobile, " . "plEmail, " . "plDOB, " . "AES_DECRYPT(pleMedicalInfo, '{$key}') AS dMedicalInfo, " . "plEmergencyName, " . "AES_DECRYPT(pleEmergencyNumber, '{$key}') AS dEmergencyNumber, " . "plEmergencyRelationship, " . "plCarRegistration, " . "plDietary, " . "plNotes, " . "plAdminNotes, " . "plEventPackByPost, " . "plRefNumber, " . "plMarshal " . "FROM {$db_prefix}players WHERE plPlayerID = {$admin_player_id}";
$result = ba_db_query($link, $sql);
/**
* Remove an object.
* @param ChunsuObject $removeme The object to remove.
* @param DataSource $source The data source to remove the object from.
* @return bool TRUE is successful, FALSE otherwise.
*/
function remove(&$removeme, $source)
{
parent::remove($removeme, $source);
$gen = new SQLGenerator($removeme->getCore());
$removequeries = $gen->delete($this->config);
foreach ($removequeries as $rq) {
$cursor =& $source->query($rq);
$rv = $cursor->getNext();
if (!$rv) {
LogError("remove query failed! removing " . print_r($removeme, TRUE));
return FALSE;
}
}
$rv = $cursor->getNext();
if (!$rv) {
LogError("Remove failed! Removing " . print_r($removeme, TRUE));
return FALSE;
}
if ($rows = $cursor->get('affected-rows') > 1) {
LogWarning("{$rows} records deleted removing " . print_r($removeme, TRUE));
}
$removeme->is_new = $removeme->config->get('create-on-save');
return TRUE;
}
function CheckReferrer($Referrer_Check, $Referrer_Check_2 = "")
{
global $PLAYER_ID;
$bForceLogin = True;
//Get referrer, minus the query string
$sReferrer = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_SCHEME) . '://' . parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) . parse_url($_SERVER['HTTP_REFERER'], PHP_URL_PATH);
if ($sReferrer == fnSystemURL() . $Referrer_Check) {
$bForceLogin = False;
}
if ($sReferrer == fnSystemURL() . $Referrer_Check_2) {
$bForceLogin = False;
}
//Special case - start page, with trailing slash but no 'index.php'
if (fnSystemURL() == $sReferrer && $Referrer_Check == 'index.php') {
$bForceLogin = False;
}
//Special case - start page, with no trailing slash
if (substr(fnSystemURL(), 0, strlen(fnSystemURL()) - 1) == $Referrer && $Referrer_Check == 'index.php') {
$bForceLogin = False;
}
if ($bForceLogin) {
//Delete any existing session and force new login
$sql = "DELETE FROM " . DB_PREFIX . "sessions WHERE ssPlayerID = {$PLAYER_ID}";
ba_db_query($link, $sql);
LogWarning("Form submitted from {$sReferrer} (expected " . fnSystemURL() . "{$Referrer_Check})\nPlayer ID: {$PLAYER_ID}");
ForceLogin();
} else {
return True;
}
}
}
$refnumber = (int) $_POST["txtRefNumber{$value}"];
$marshal = stripslashes($_POST["cboMarshal{$value}"]);
//Set up UPDATE query
$sql = "UPDATE {$db_prefix}players SET plFirstName = '" . ba_db_real_escape_string($link, $_POST['txtFirstName']) . "', " . "plSurname = '" . ba_db_real_escape_string($link, $_POST['txtSurname']) . "', " . "pleAddress1 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress1']) . "', '{$key}'), " . "pleAddress2 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress2']) . "', '{$key}'), " . "pleAddress3 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress3']) . "', '{$key}'), " . "pleAddress4 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress4']) . "', '{$key}'), " . "plePostcode = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPostcode']) . "', '{$key}'), " . "pleTelephone = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPhone']) . "', '{$key}'), " . "pleMobile = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtMobile']) . "', '{$key}'), " . "plDOB = '{$dob}', " . "pleMedicalInfo = AES_ENCRYPT('" . ba_db_real_escape_string($link, $sMedInfo) . "', '{$key}'), " . "plEmergencyName = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyName']) . "', " . "pleEmergencyNumber = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtEmergencyNumber']) . "', '{$key}'), " . "plEmergencyRelationship = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyRelationship']) . "', " . "plCarRegistration = '{$sCarReg}', " . "plDietary = '" . ba_db_real_escape_string($link, $_POST['selDiet']) . "', ";
//"plBookAs = '" . ba_db_real_escape_string ($link, $_POST ['selBookAs']) . "', ";
//if (AUTO_ASSIGN_BUNKS == False)
// $sql .= "plBunkRequested = $iBunk, ";
$sql .= "plNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', ";
$sql .= "plRefNumber = {$refnumber}, plMarshal = '{$marshal}',";
$sql .= "plEventPackByPost = {$iByPost} " . "WHERE plPlayerID = {$PLAYER_ID}";
//Run UPDATE query
if (ba_db_query($link, $sql)) {
//Query should affect exactly one row. Log a warning if it affected more
if (ba_db_affected_rows($link) > 1) {
LogWarning("More than one row updated during OOC update. Player ID: {$PLAYER_ID}");
}
//Do not redirect if there are any warnings (required fields not filled in, etc)
if ($sWarn == '') {
//Update Monster only if person is playing
//$sql = "update {$db_prefix}players inner join {$db_prefix}characters on plPlayerID = chPlayerID set chMonsterOnly = 0 where plBookAs = 'Player' and plPlayerID = $PLAYER_ID";
//ba_db_query ($link, $sql);
//Send e-mail
$sBody = "Your OOC details have been entered at " . SYSTEM_NAME . ".\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $_POST['txtFirstName'] . " " . $_POST['txtSurname'] . "\n\n" . fnSystemURL();
if ($bEmailOOCChange) {
$sql = "Select plEmail FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
$playerrow = ba_db_fetch_assoc($result);
mail($playerrow['plEmail'], SYSTEM_NAME . ' - OOC details', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
//Make up URL & redirect to index.php with message
if ($_POST['txtPassword1'] != $_POST['txtPassword2']) {
$sWarn = "Passwords do not match<br>\n";
}
//Check password length
if (strlen($_POST['txtPassword1']) < MIN_PASS_LEN) {
$sWarn .= "Password must be at least " . MIN_PASS_LEN . " characters long<br>\n";
}
if ($sWarn == '') {
//Set up UPDATE query
$sHashPass = sha1($_POST['txtPassword1'] . PW_SALT);
$sql = "UPDATE {$db_prefix}players SET plPassword = '******', plLoginCounter = 0 " . "WHERE plPlayerID = {$admin_player_id}";
//Run UPDATE query
if (ba_db_query($link, $sql)) {
//Query should affect exactly one row. Log a warning if it affected more
if (ba_db_affected_rows($link) > 1) {
LogWarning("More than one row updated during password reset (admin_pw_reset.php). Player ID: {$admin_player_id}");
}
//Get user's e-mail address
$result = ba_db_query($link, "SELECT plEmail FROM {$db_prefix}players WHERE plPlayerID = {$admin_player_id}");
$row = ba_db_fetch_assoc($result);
$sEmail = $row['plEmail'];
if (SEND_PASSWORD) {
//E-mail user with new password
$sBody = "Your password for " . SYSTEM_NAME . " has been changed. " . "Your new details are below:\n\n" . "E-mail: {$sEmail}\nPassword: {$_POST[txtPassword1]}\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $admin_player_id) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL();
mail($sEmail, SYSTEM_NAME . ' - password change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
} else {
$sWarn = "There was a problem resetting the password<br>\n";
LogError("Error updating OOC information (admin_pw_reset.php). Player ID: {$admin_player_id}");
}
//Redirect to start page
/**
* Get all of the configured storage methods .
* @param string $pclass Persistent object class.
* @return Configuration All configured data sources.
*/
function &GetStorageMethods($pclass)
{
global $CONFIGURED_STORAGEMETHODS;
$pclass = strtolower($pclass);
if (!class_exists($pclass)) {
if (IsLogEnabled('WARN')) {
LogWarning("Persistent object class {$pclass} does not exist");
}
}
if (is_null($CONFIGURED_STORAGEMETHODS)) {
$CONFIGURED_STORAGEMETHODS = GetConfiguration();
}
if (!$CONFIGURED_STORAGEMETHODS->has($pclass)) {
$CONFIGURED_STORAGEMETHODS->set(GetConfiguration(), $pclass);
}
return $CONFIGURED_STORAGEMETHODS->get($pclass);
}
}
} else {
$sNotes = ba_db_real_escape_string($link, $_POST['txtNotes']);
}
//Character details - check if character exists
$sql = "SELECT * FROM {$db_prefix}characters WHERE chPlayerID = {$admin_player_id}";
$result = ba_db_query($link, $sql);
//If character does not exist insert a row so that UPDATE query will work
if (ba_db_num_rows($result) == 0) {
$sql = "INSERT INTO {$db_prefix}characters (chPlayerID) VALUES ({$admin_player_id})";
if (!ba_db_query($link, $sql)) {
$sWarn = "There was a problem updating the IC details";
LogError("Error inserting player ID into characters table prior to running UPDATE query (admin_edit_ic.php). " . "Player ID: {$admin_player_id}");
}
} elseif (ba_db_num_rows($result) > 1) {
LogWarning("Multiple rows in characters table with player ID (admin_edit_ic.php) {$admin_player_id}");
}
if ($_POST['selGroup'] == 'Other (enter name below)') {
$sSelGroupName = '';
} else {
$sSelGroupName = $_POST['selGroup'];
}
if ($_POST['selAncestor'] == 'Other (enter name below)') {
$sSelAncestorName = '';
} else {
$sSelAncestorName = $_POST['selAncestor'];
}
//Build up UPDATE query
$sql = "UPDATE {$db_prefix}characters SET chName = '" . ba_db_real_escape_string($link, $_POST['txtCharName']) . "', " . "chPreferredName = '" . ba_db_real_escape_string($link, $_POST['txtPreferredName']) . "', " . "chRace = '" . ba_db_real_escape_string($link, $_POST['selRace']) . "', " . "chGender = '" . ba_db_real_escape_string($link, $_POST['selGender']) . "', " . "chGroupSel = '" . ba_db_real_escape_string($link, $sSelGroupName) . "', " . "chGroupText = '" . ba_db_real_escape_string($link, $_POST['txtGroup']) . "', " . "chFaction = '" . ba_db_real_escape_string($link, $_POST['selFaction']) . "', " . "chAncestor = '" . ba_db_real_escape_string($link, $_POST['txtAncestor']) . "', " . "chAncestorSel = '" . ba_db_real_escape_string($link, $sSelAncestorName) . "', " . "chLocation = '" . ba_db_real_escape_string($link, $_POST['selLocation']) . "', " . "chNotes = '" . $sNotes . "', " . "chOSP = '" . ba_db_real_escape_string($link, $_POST['txtOSP']) . "' " . "WHERE chPlayerID = {$admin_player_id}";
//Run query
if (!ba_db_query($link, $sql)) {
} else {
//Send e-mail
$sTo = $sEmail;
$sSubject = SYSTEM_NAME . " - password reset";
$sBody = "Hi,\nYour password at " . SYSTEM_NAME . " has been reset. " . "Your new password is:\n{$sNewPass}\nYou can log in using this new password.\n\n" . fnSystemURL();
ini_set("sendmail_from", EVENT_CONTACT_MAIL);
$mail = mail($sTo, $sSubject, $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">", '-f' . EVENT_CONTACT_MAIL);
if ($mail) {
$sMsg = "A new password has been sent to {$sEmail}. Please check your e-mail for your new password.<br />\n" . "If you do not get the e-mail, check your Junk/Spam folder - it may have been marked as spam " . "(this appears to be particularly common with web-based e-mail services)";
} else {
$sMsg = "There was an error sending your reset email. Please contact <a href = 'mailto:" . Obfuscate(TECH_CONTACT_MAIL) . "'>" . TECH_CONTACT_NAME . "</a> to reset your password manually";
}
}
if (ba_db_affected_rows($link) > 1) {
//More than one record updated - log warning
LogWarning("retrieve.php - Multiple records updated from SQL query\n{$sql}");
}
}
?>
<h1><?php
echo TITLE;
?>
- Lost Password</h1>
<?php
if ($sMsg != '') {
echo "<p class = 'green'>{$sMsg}</p>\n";
}
?>
