private function changePassword()
{
$msg = '';
if (empty($_POST['current_password']) || empty($_POST['new_password']) || empty($_POST['new_password2'])) {
$msg = 'You forgot to fill in something!';
} else {
$check = sha1($this->player->secret_key . $_POST['current_password'] . SECRET_KEY);
if ($check != $this->player->password) {
$msg = 'The password you entered does not match this account\'s password.';
} else {
if (!isPassword($_POST['new_password'])) {
$msg = 'Your password must be longer than 3 characters!';
} else {
if ($_POST['new_password'] != $_POST['new_password2']) {
$msg = 'You didn\'t confirm your new password correctly!';
} else {
$new_password = sha1($this->player->secret_key . $_POST['new_password2'] . SECRET_KEY);
$this->db->execute('UPDATE `<ezrpg>players` SET `password`=? WHERE `id`=?', array($new_password, $this->player->id));
$msg = 'You have changed your password.';
}
}
}
}
header('Location: index.php?mod=AccountSettings&msg=' . urlencode($msg));
}
function ctreateAccount($link, $userLogin, $userPassword, $userType)
{
if (!isLogin($userLogin)) {
return 'login_encorretcted';
} elseif (!isPassword($userPassword)) {
return 'password_encorretcted';
} elseif ($userType == 0 || $userType > 3) {
return 'user_type_encorretcted';
} else {
$res = mysqli_query($link, "SELECT `user_id` FROM `users` WHERE `user_login`='{$userLogin}'");
$userId = mysqli_fetch_assoc($res);
if (isset($userId['user_id'])) {
return 'login_found';
} else {
$addUserPass = md5(PASSWORD_SALT . $userPassword);
$firstIp = $_SERVER['REMOTE_ADDR'];
if (mysqli_query($link, "INSERT INTO `users`(`user_login`, `user_password`,`user_type`, `exp`, `money`, `gold`, `user_access`, `user_location_type`, `user_location`,`user_galaxy`, `first_ip`) VALUES ('{$userLogin}','{$addUserPass}','{$userType}',0, 15000, 0, 5,'p',1,1,'{$firstIp}')")) {
$insertId = mysqli_insert_id($link);
mysqli_query($link, "INSERT INTO `user_galaxy`(`user_id`, `user_galaxy_id`) VALUES ('{$insertId}',1)");
return 'complete';
} else {
return 'no_wrtite_to_db';
}
}
}
}
private function changePassword()
{
$msg = '';
if (empty($_POST['current_password']) || empty($_POST['new_password']) || empty($_POST['new_password2'])) {
$msg = $_SESSION['You_forgot_to_fill_in_something'];
} else {
$check = sha1($this->player->secret_key . $_POST['current_password'] . SECRET_KEY);
if ($check != $this->player->password) {
$msg = $_SESSION['The_password_you_entered_does_not_match_this_account_s_password'];
} else {
if (!isPassword($_POST['new_password'])) {
$msg = $_SESSION['Your_password_must_be_longer_than_3_characters'];
} else {
if ($_POST['new_password'] != $_POST['new_password2']) {
$msg = $_SESSION['You_didn_t_confirm_your_new_password_correctly'];
} else {
$new_password = sha1($this->player->secret_key . $_POST['new_password2'] . SECRET_KEY);
$this->db->execute('UPDATE `<ezrpg>players` SET `password`=? WHERE `id`=?', array($new_password, $this->player->id));
$msg = $_SESSION['You_have_changed_your_password'];
}
}
}
}
header('Location: index.php?mod=AccountSettings&msg=' . urlencode($msg));
}
private function register()
{
$error = 0;
$errors = array();
//Check username
$result = $this->db->fetchRow('SELECT COUNT(`id`) AS `count` FROM `<ezrpg>players` WHERE `username`=?', array($_POST['username']));
if (empty($_POST['username'])) {
$errors[] = 'You didn\'t enter your username!';
$error = 1;
} else {
if (!isUsername($_POST['username'])) {
//If username is too short...
$errors[] = 'Your username must be longer than 3 characters and may only contain alphanumerical characters!';
//Add to error message
$error = 1;
//Set error check
} else {
if ($result->count > 0) {
$errors[] = 'That username has already been used. Please create only one account!';
$error = 1;
//Set error check
}
}
}
//Check password
if (empty($_POST['password'])) {
$errors[] = 'You didn\'t enter a password!';
$error = 1;
} else {
if (!isPassword($_POST['password'])) {
//If password is too short...
$errors[] = 'Your password must be longer than 3 characters!';
//Add to error message
$error = 1;
//Set error check
}
}
if ($_POST['password2'] != $_POST['password']) {
$errors[] = 'You didn\'t verify your password correctly!';
$error = 1;
}
//Check email
$result = $this->db->fetchRow('SELECT COUNT(`id`) AS `count` FROM `<ezrpg>players` WHERE `email`=?', array($_POST['email']));
if (empty($_POST['email'])) {
$errors[] = 'You didn\'t enter your email!';
$error = 1;
} else {
if (!isEmail($_POST['email'])) {
$errors[] = 'Your email format is wrong!';
//Add to error message
$error = 1;
//Set error check
} else {
if ($result->count > 0) {
$errors[] = 'That email has already been used. Please create only one account, creating more than one account will get all your accounts deleted!';
$error = 1;
//Set error check
}
}
}
if ($_POST['email2'] != $_POST['email']) {
$errors[] = 'You didn\'t verify your email correctly!';
$error = 1;
}
//Check verification code
if (empty($_POST['reg_verify'])) {
$errors[] = 'You didn\'t enter the verification code!';
$error = 1;
} else {
if ($_SESSION['verify_code'] != sha1(strtoupper($_POST['reg_verify']) . SECRET_KEY)) {
$errors[] = 'You didn\'t enter the correct verification code!';
$error = 1;
}
}
//verify_code must NOT be used again.
session_unset();
session_destroy();
if ($error == 0) {
unset($insert);
$insert = array();
//Add new user to database
$insert['username'] = $_POST['username'];
$insert['email'] = $_POST['email'];
$insert['secret_key'] = createKey(16);
$insert['password'] = sha1($insert['secret_key'] . $_POST['password'] . SECRET_KEY);
$insert['registered'] = time();
global $hooks;
//Run register hook
$insert = $hooks->run_hooks('register', $insert);
$new_player = $this->db->insert('<ezrpg>players', $insert);
//Use $new_player to find their new ID number.
$hooks->run_hooks('register_after', $new_player);
$msg = 'Congratulations, you have registered! Please login now to play!';
header('Location: index.php?msg=' . urlencode($msg));
exit;
} else {
$msg = 'Sorry, there were some mistakes in your registration:<br />';
$msg .= '<ul>';
foreach ($errors as $errmsg) {
$msg .= '<li>' . $errmsg . '</li>';
}
$msg .= '</ul>';
$url = 'index.php?mod=Register&msg=' . urlencode($msg) . '&username='******'username']) . '&email=' . urlencode($_POST['email']) . '&email2=' . urlencode($_POST['email2']);
header('Location: ' . $url);
exit;
}
}
src="images/left.jpg" width="23" /></td>
<td valign="top" width="768" bgcolor="#f6f6f6">
<table width="90%" border="0" cellpadding="0" cellspacing="0" align="center">
<tr>
<td><div align="center"><img src="images/mmxg_t.gif" width="347" height="46" /></div></td>
</tr>
</table>
<table width="90%" border="0" cellpadding="0" cellspacing="0" align="center">
<tr>
<td>';
$userid = $_POST['account'];
$oldpw = $_POST['oldpw'];
$user_pass = $_POST['password1'];
$email = $_POST['email'];
if ($userid != null and $user_pass != null and $email != null and $oldpw != null) {
if (isUser($userid) and isPassword($oldpw) and isPassword($user_pass) and ismail($email)) {
$query = 'select * from login where userid = \'' . $userid . '\' and user_pass = \'' . $oldpw . '\' and email = \'' . $email . '\'';
$result = mysql_query($query);
$data = mysql_fetch_array($result);
if ($data == null) {
echo '<div align="center"><br /><br />帐号或密码或E-mail错误!<br/><br/>请<a href="mmxg.php" class="text1">返回</a>检查!</div>';
} else {
$query = 'update `login` set user_pass = \'' . $user_pass . '\' where userid = \'' . $userid . '\'';
mysql_query($query);
echo '<div align="center"><br /><br />修改成功!<br /><br />欢迎来到' . $ROname . ',请赶快登陆,来体验' . $ROname . '给你带来的乐趣吧!<div>';
}
} else {
echo '<div align="center"><br/><br/>填写不正确!请<a href="mmxg.php" class="text1">返回</a>重新输入!</div>';
}
} else {
echo '<div align="center"><br/><br/>出错啦!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>';
if ($_REQUEST['act'] == 'logout') {
$_SESSION['account'] = NULL;
}
if ($_REQUEST['page'] == NULL) {
$page = 1;
} else {
$page = $_REQUEST['page'];
}
$per_page = 18;
//每页多少条记录
$per_row = 6;
//每行多少条记录
$userid = $_POST['account'];
$user_pass = $_POST['password'];
$ipoint = 0;
if ($userid != NULL && $user_pass != NULL && isUser($userid) && isPassword($user_pass)) {
$query = 'select * from `login` where userid = \'' . $userid . '\' and user_pass = \'' . $user_pass . '\'';
$result = mysql_query($query);
$data = mysql_fetch_array($result);
if ($data != null) {
$_SESSION['account'] = $userid;
$_SESSION['account_id'] = $data['account_id'];
$ipoint = $data['ipoint'];
$_SESSION['ipoint'] = $ipoint;
} else {
$error = '帐号或密码错误!';
}
}
if ($_SESSION['account'] != NULL && $_SESSION['account_id'] != NULL) {
$query = 'select * from `login` where account_id = \'' . $_SESSION['account_id'] . '\'';
$result = mysql_query($query);
session_start();
if ($_REQUEST['act'] == 'logout') {
$_SESSION['admin'] = NULL;
$_SESSION['level'] = NULL;
ob_start();
//打开缓冲区
echo '<script>window.location="admin_login.php";</script>';
header("location:admin_login.php");
//把浏览器重定向
ob_end_flush();
//输出全部内容到浏览器
}
$userid = $_POST['account'];
$user_pass = $_POST['password'];
$email = $_POST['email'];
if ($userid != NULL && $user_pass != NULL && isUser($userid) && isPassword($user_pass) && $email != null) {
$query = 'select * from `login` where level>=99 and userid = \'' . $userid . '\' and user_pass = \'' . $user_pass . '\' and email = \'' . $email . '\'';
$result = mysql_query($query);
$data = mysql_fetch_array($result);
if ($data != null) {
$_SESSION['admin'] = $userid;
$_SESSION['level'] = $data['level'];
} else {
$error = '帐号或密码或E-mail错误!请勿非法登录!';
}
} else {
if ($_SESSION['admin'] == NULL && $_SESSION['level'] == NULL) {
$error = '登录失效!请勿非法登录!';
ob_start();
//打开缓冲区
echo '<script>window.location="admin_login.php";</script>';
function valid_email($address)
{
if (eregi("^([a-z0-9_]|\\-|\\.)+@(([a-z0-9_]|\\-)+\\.)+[a-z]{2,4}\$", $address)) {
return true;
} else {
return false;
}
}
if (isEmpty($username) || isEmpty($password) || isEmpty($repassword) || isPassword($password, $repassword) || isEmpty($first_name) || isEmpty($last_name) || isEmpty($email) || !valid_email($email) || isEmpty($address) || isEmpty($country) || isEmpty($postal_code)) {
echo "<div id=\"errors\">";
echo "<p><em>Oops... the following errors were encountered:</em></p>";
echo "<ul>";
if (isEmpty($username)) {
echo "<li>User name cannot be empty</li>";
}
if (isPassword($password, $repassword)) {
echo "<li>Re Enter same password</li>";
}
if (isEmpty($first_name)) {
echo "<li>First Name cannot be empty</li>";
}
if (isEmpty($last_name)) {
echo "<li>Last Name cannot be empty</li>";
}
if (!valid_email($email)) {
echo "<li>Email Address is not in correct format</li>";
}
if (isEmpty($email)) {
echo "<li>Email Address cannot be empty</li>";
}
if (isEmpty($address)) {
</div>
<div class="row center">
<div class="col s3 offset-s9">
<button class="btn waves-effect waves-light" type="submit" >登录
<i class="material-icons right">send</i>
</button>
</div>
</div>
</form>
<br><br>
</div>
</div>
<?
}else if($_SERVER['REQUEST_METHOD'] == 'POST' || $_COOKIE["isLogin"]==true){
$sql_con = getSqlCon();
if ($_COOKIE["isLogin"]!=true) if ($_POST["Password"]==null ||!isPassword($sql_con,$_POST["Password"])) die("<h1>Access Denied : Worng Password!</h1>");
setcookie("isLogin", true, time()+3600);
?>
<div class="row">
<div class="col s12 m6">
<div class="card green darken-4">
<div class="card-content white-text">
<span class="card-title">页面信息修改</span>
<p>包含网站Title、链接和关于等。</p>
</div>
<div class="card-action">
<a href="./editInfo.php">点击直达</a>
</div>
</div>
</div>
src="images/left.jpg" width="23" /></td>
<td valign="top" width="768" bgcolor="#f6f6f6">
<table width="90%" border="0" cellpadding="0" cellspacing="0" align="center">
<tr>
<td><div align="center"><img src="images/zhzc_t.gif" width="347" height="46" /></div></td>
</tr>
</table>
<table width="90%" border="0" cellpadding="0" cellspacing="0" align="center">
<tr>
<td>';
$userid = $_POST['account'];
$user_pass = $_POST['password1'];
$sex = $_POST['sex'];
$email = $_POST['email'];
if ($userid != null && $user_pass != null && $email != null && $sex != null) {
if (isUser($userid) && isPassword($user_pass) && ismail($email)) {
$query = 'select * from login where userid = \'' . $userid . '\'';
$result = mysql_query($query);
$data = mysql_fetch_array($result);
if ($data != null) {
echo '<div align="center" class="text1"><br /><br />对不起!该帐号已经被注册!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>';
} else {
$query = 'insert into `login` (userid,user_pass,sex,email) values (\'' . $userid . '\',\'' . $user_pass . '\',\'' . $sex . '\',\'' . $email . '\')';
mysql_query($query);
echo '<div align="center"><br /><br />注册成功!<br /><br />欢迎来到' . $ROname . ',请赶快使用注册的账号登陆,来体验' . $ROname . '给你带来的乐趣吧!<div>';
}
} else {
echo '<div align="center"><br/><br/>填写不正确!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>';
}
} else {
echo '<div align="center"><br/><br/>出错啦!请<a href="zhzc.php" class="text1">返回</a>重新输入!</div>';
