protected function secureData($data)
{
foreach ($data as $key => $value) {
if (is_array($value)) {
secureData($value);
} else {
$data[$key] = htmlspecialchars($value);
}
}
return $data;
}
function secure(&$array)
{
if (!is_array($array)) {
$array = secureData($array);
} else {
foreach ($array as $key => $val) {
if (!is_array($val)) {
$array[$key] = secureData($val);
} else {
$array[$key] = array_map('secure', $val);
}
}
}
return $array;
}
if ($amount < 1) { $error = 103; }
switch ($type) {
case 'ship':
$item_table = $table['ships'];
$item_id = 3;
break;
case 'defense':
$item_table = $table['defense'];
$item_id = 4;
break;
}
if ($error< 100) $error = tryShipDefenseProductionAdd($playerdata['id'], $item_id, $item_table, $id, $amount);
}
if ($do == 'cancelprod') {
$prod_id = secureData($_GET['prod_id']);
$sql_findprod = "SELECT `id`, `player_id`, `type_id`, `item_id`, `amount` FROM $table[productions] WHERE `id` = '$prod_id' AND `player_id` = '$playerdata[id]'";
$res_findprod = mysql_query($sql_findprod);
$num_findprod = mysql_num_rows($res_findprod);
if ($num_findprod > 0) {
$rec_findprod = mysql_fetch_assoc($res_findprod);
$item_id = $rec_findprod['item_id'];
$amount = $rec_findprod['amount'];
$sql_findcosts = "SELECT `id`, `cost_steel`, `cost_crystal`, `cost_erbium`, `cost_titanium` FROM $table[ships] WHERE `id` = '$item_id'";
$res_findcosts = mysql_query($sql_findcosts);
if (mysql_num_rows($res_findcosts) > 0) {
$rec_findcosts = mysql_fetch_assoc($res_findcosts);
$playerdata['res_steel'] += (($amount * $rec_findcosts['cost_steel']) * 0.8);
$playerdata['res_crystal'] += (($amount * $rec_findcosts['cost_crystal']) * 0.8);
$playerdata['res_erbium'] += (($amount * $rec_findcosts['cost_erbium']) * 0.8);
if ($playerdata['res_crystal'] < 5000) { $error = 104; }
if (!checkItem($playerdata['id'], $NG_INTELLIGENCE)) { $error = 106; }
if ($error < 100) {
$playerdata['res_crystal'] -= 5000;
updatePlayerData($playerdata['id'], $playerdata);
}
}
if ($do == 'uniscan') {
$findcluster = secureData($_POST['findcluster']);
$order = secureData($_POST['order']);
$excl_galmem = secureData($_POST['excl_galmem']);
$excl_allmem = secureData($_POST['excl_allmem']);
$minscore = secureData($_POST['minscore']);
$maxscore = secureData($_POST['maxscore']);
$minasteroids = secureData($_POST['minasteroids']);
$maxasteroids = secureData($_POST['maxasteroids']);
if ($minasteroids > $maxasteroids) { $error = 112; }
if ($mindscore > $maxscore) { $error = 113; }
if (($maxscore <= 0) || (!is_numeric($maxscore))){ $error = 108; }
if (($maxasteroids <= 0) || (!is_numeric($maxasteroids))){ $error = 109; }
if (($minasteroids < 0) || (!is_numeric($minasteroids))){ $error = 110; }
if (($minscore < 0) || (!is_numeric($minscore))){ $error = 111; }
if ($playerdata['res_crystal'] < 15000) { $error = 104; }
if (!checkItem($playerdata['id'], $UNI_INTELLIGENCE)) { $error = 107; }
if ($error < 100) {
$playerdata['res_crystal'] -= 15000;
<?php
session_start();
include_once 'lib/php/fonction.php';
include_once 'meta_header.php';
//quand on clique sur envoyer
if (isset($_POST['validCom']) && isset($_POST['comment'])) {
//on initialise de contenu
$contenu = '';
//on récupère les données entrées par l'utilisateur
$user_id = $_SESSION['id'];
$user_mail = $_SESSION['email'];
$comment = nl2br(secureData($_POST['comment']));
$datecomments = date('y-m-d H:i:s');
//$heure = date('H:i');
// $date=date("Y-m-d H:i:s");
if (isset($_SESSION['firstname'])) {
$user_pseudo = $_SESSION['firstname'];
} else {
$user_pseudo = $_SESSION['pseudo'];
}
//on se connection
$connection = connectBD();
//si la connection s'effectue
if ($connection) {
try {
//on lance la transaction
$connection->BeginTransaction();
//on prépare la requête
$connection->exec('INSERT INTO comments VALUES (null, "' . $user_id . '", "' . $user_pseudo . '", "' . $user_mail . '", "' . $comment . '", "' . $datecomments . '") ');
<?
require_once('global.inc.php');
$code = secureData($_GET['code']);
$sql_doactivate = "UPDATE `$table[players]` SET `activated` = '1' WHERE `activation_code` = '$code'";
mysql_query($sql_doactivate) or die(mysql_error());
?>
<html>
<head>
<meta http-equiv="Content-Language" content="nl">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<link href="css/default.css" rel="stylesheet" type="text/css">
<title>Imperial-Battle | Account activation</title>
</head>
<body bgcolor="#223137">
<p align="center">Your account has been activated.</p>
<p align="center">Click <a href="index.php" target="_top"><b>here</b></a> to login.</p>
</body>
</html>
if ($subject == '') { $error = 101; }
if ($text == '') { $error = 102; }
if ($error < 100) {
$sql_createthread = "INSERT INTO $table[allianceforum_threads] (`alliance_id`, `subject`, `starter`, `date`)
VALUES ('$alliance_id', '$subject', '$poster_id', '$date')";
mysql_query($sql_createthread);
$thread_id = mysql_insert_id();
$sql_createpost = "INSERT INTO `$table[allianceforum_posts]` (`thread_id`, `alliance_id`, `poster_id`, `text`, `date`)
VALUES ('$thread_id', '$alliance_id', '$poster_id', '$text', '$date')";
mysql_query($sql_createpost);
}
}
if ($do == 'delthread') {
$thread_id = secureData($_GET['thread_id']);
if ((getAllianceCommander($playerdata['alliance_id']) != $playerdata['id']) && (getAllianceSubCommander($playerdata['alliance_id']) != $playerdata['id'])) { $error = 103; }
else {
$sql_delthread = "DELETE FROM $table[allianceforum_threads] WHERE `alliance_id` = '$playerdata[alliance_id]' AND `id` = '$thread_id'";
$sql_delposts = "DELETE FROM $table[allianceforum_posts] WHERE `alliance_id` = '$playerdata[alliance_id]' AND `thread_id` = '$thread_id'";
mysql_query($sql_delthread) or die(mysql_error());
mysql_query($sql_delposts) or die(mysql_error());
if (mysql_affected_rows() > 0) {
$error = 1;
} else {
$error = 104;
}
}
}
switch($error) {
$rec_checkalliance = mysql_fetch_array($res_checkalliance);
if ($num_checkalliance > 0) {
if ($rec_checkalliance['id'] != $playerdata['alliance_id']) {
$playerdata['alliance_id'] = $rec_checkalliance['id'];
updatePlayerData($playerdata['id'], $playerdata);
$error = 3;
} else {
$error = 105;
}
} else {
$error = 106;
}
}
if ($do == 'changerulerplanet') {
$rulername = secureData($_POST['rulername']);
$planetname = secureData($_POST['planetname']);
if (!$rulername || !$planetname) { $error = 108; }
if (getCurrentTick() > 1500) { $error = 109; }
if ((getIdByRulername($rulername)) && ($rulername != $playerdata['rulername'])) { $error = 110; }
if ((getIdByPlanetname($planetname)) && ($planetname != $playerdata['planetname'])) { $error = 111; }
if ($error < 100) {
$sql_updrp = "UPDATE $table[players] SET `rulername` = '$rulername', `planetname` = '$planetname' WHERE `id` = '$playerdata[id]'";
mysql_query($sql_updrp) or die(mysql_error());
$error = 4;
}
}
$playerdata = getPlayerdata($playerdata['id']);
switch($error) {
case 0:
$msg = "Succesfully changed password";
break;
<?
require_once('global.inc.php');
if (!isset($mod)) { $mod = secureData($_GET['mod']); }
if (!isset($mod)) { $mod = secureData($_POST['mod']); }
if (!isset($act)) { $act = secureData($_GET['act']); }
if (!isset($act)) { $act = secureData($_POST['act']); }
?>
<html>
<head>
<meta http-equiv="Content-Language" content="nl">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<link href="css/default.css" rel="stylesheet" type="text/css">
<title>Imperial Battle</title>
</head>
<body bgcolor="#223137" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0">
<?
if (!$user->checkLogin()) {
//header('Location: login.php');
include('login.php');
?>
<!-- <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.imperial-battle.com/"> -->
<?
}
else {
?>
<META HTTP-EQUIV="Refresh" CONTENT="0.1;URL=index2.php">
<?
}
$crystalinv = secureData($_POST['crystalinv']);
$erbiuminv = secureData($_POST['erbiuminv']);
if (!$factory_id) {
$upd_factory = "INSERT INTO $table[titanium_factory] (`player_id`, `steel_investment`, `crystal_investment`, `erbium_investment`)
VALUES ('$playerdata[id]', '$steelinv', '$crystalinv', '$erbiuminv')";
} else {
$upd_factory = "UPDATE $table[titanium_factory] SET `steel_investment` = '$steelinv', `crystal_investment` = '$crystalinv', `erbium_investment` = '$erbiuminv' WHERE `id` = '$factory_id' AND `player_id` = '$playerdata[id]'";
}
mysql_query($upd_factory) or die(mysql_error());
$error = 1;
}
if ($do == 'donate') {
$res_type = secureData($_POST['res_type']);
$amount = secureData($_POST['amount']);
$donate_to = secureData($_POST['donate_to']);
$arrkey = 'res_'.$res_type;
if ($playerdata[$arrkey] < $amount) { $error = 101; }
if (($donate_to != 'fund') && ($donate_to <= 0)) { $error = 102; }
if ($amount <= 0) { $error = 104; }
if (!is_numeric($amount)) { $error = 105; }
if ($error < 100) {
$error = 0;
$playerdata[$arrkey] -= $amount;
if ($donate_to == 'fund') {
$gal_colname = 'fund_'.$res_type;
$sql_donategfund = "UPDATE $table[galaxy] SET `$gal_colname` = `$gal_colname` + '$amount' WHERE `id` = '$playerdata[galaxy_id]'";
mysql_query($sql_donategfund) or die(mysql_error());
if ($moe_id = getMOE($playerdata['galaxy_id'])) {
$c = getXYZ($playerdata['id']);
break;
}
}
if ($do == 'delete') {
$mail_id = secureData($_GET['mail_id']);
$sql_delmail = "DELETE FROM $table[mail] WHERE `id` = '$mail_id' AND `to_player` = '$playerdata[id]'";
mysql_query($sql_delmail);
$msg = "Mail succesfully removed.";
}
if ($do == 'deleteall') {
$sql_delallmail = "DELETE FROM $table[mail] WHERE `to_player` = '$playerdata[id]'";
mysql_query($sql_delallmail) or die(mysql_error());
}
if ($do == 'read') {
$mail_id = secureData($_GET['mail_id']);
?>
<table border="0" cellpadding="0" cellspacing="0" width="800">
<tr>
<td width="4" valign="bottom"><img border="0" src="img/border/L_B.gif" width="20" height="15"></td>
<td width="200">Communication - Reading mail</td>
<td width="592" background="img/border/B.gif"><img border="0" src="img/border/B.gif" width="16" height="15"></td>
<td width="4" valign="bottom"><img border="0" src="img/border/R_B.gif" width="20" height="15"></td>
</tr>
<tr>
<td width="4" background="img/border/L.gif"> </td>
<td width="696" height="100%" valign="top" colspan="2">
<table border="0" cellpadding="0" cellspacing="0" width="800">
<tr>
<td valign="top">
<?
if($_POST['buy2']){
$cost_steel = secureData($_POST['cost_steel']);
$cost_crystal = secureData($_POST['cost_crystal']);
$cost_erbium = secureData($_POST['cost_erbium']);
$cost_titanium = secureData($_POST['cost_titanium']);
$order_id = secureData($_POST['order_id']);
$seller_id = secureData($_POST['seller_id']);
if (checkSteelResource($playerdata['id'], $cost_steel) && checkCrystalResource($playerdata['id'], $cost_crystal) && checkErbiumResource($playerdata['id'], $cost_erbium) && checkTitaniumResource($playerdata['id'], $cost_titanium)) {
$sql_updres = "UPDATE $table[players] SET `res_steel` = `res_steel` - '$cost_steel', `res_crystal` = `res_crystal` - '$cost_crystal', `res_erbium` = `res_erbium` - '$cost_erbium', `res_titanium` = `res_titanium` - '$cost_titanium' WHERE `id` = '$playerdata[id]'";
mysql_query($sql_updres) or die(mysql_error());
$sql_updres2 = "UPDATE $table[players] SET `res_steel` = `res_steel` + '$cost_steel', `res_crystal` = `res_crystal` + '$cost_crystal', `res_erbium` = `res_erbium` + '$cost_erbium', `res_titanium` = `res_titanium` + '$cost_titanium' WHERE `id` = '$seller_id'";
mysql_query($sql_updres2) or die(mysql_error());
$sql_getorderships = "SELECT `order_id`, `ship_id`, `amount` FROM $table[market_ships] WHERE `order_id` = '$order_id'";
$rec_getorderships = mysql_query($sql_getorderships);
while ($res_getordership = mysql_fetch_array($rec_getorderships)) {
$baseships = getBaseShips($playerdata['id'], $res_getordership['ship_id']);
if ($baseships == 0){
$sql_insertship = "INSERT INTO `$table[playerunit]` (`player_id`, `type_id`, `unit_id`, `amount`) VALUES ('$playerdata[id]', '3', '$res_getordership[ship_id]', '$res_getordership[amount]')";
mysql_query($sql_insertship) or die(mysql_error());
}else{
$sql_updships = "UPDATE $table[playerunit] SET `amount` = `amount` + '$res_getordership[amount]' WHERE `player_id` = '$playerdata[id]' AND `unit_id` = '$res_getordership[ship_id]'";
mysql_query($sql_updships) or die(mysql_error());
}
$sql_delships = "DELETE FROM $table[market_ships] WHERE `order_id` = '$order_id' AND `ship_id` = '$res_getordership[ship_id]'";
<?
require_once("global.inc.php");
unset ($user, $_SESSION['user']);
if ($_POST['submit']) {
$secretcode = '3485ghfgh98ghfdghq31qqqzxfjkdfgddkjwer08448534gdfgbdfg'; /* Used for activation code generation */
$username = secureData($_POST['username']);
$rulername = secureData($_POST['rulername']);
$planetname = secureData($_POST['planetname']);
$password = secureData($_POST['password']);
$password2 = secureData($_POST['password2']);
$email = secureData($_POST['email']);
$email2 = secureData($_POST['email2']);
if (getIdByUsername($username)) { $msg = '<font color=red>That username is already taken.</font>'; }
elseif (getIdByRulername($rulername)) { $msg = '<font color=red>That rulername is already taken.</font>'; }
elseif (getIdByPlanetname($planetname)) { $msg = '<font color=red>That planetname is already taken.</font>'; }
elseif (getIdByEmail($email)) { $msg = '<font color=red>The email address you\'re trying to use, is already taken.</font>'; }
elseif ($password != $password2) { $msg = '<font color=red>The passwords don\'t match!</font>'; }
elseif ($email != $email2) { $msg = '<font color=red>The e-mails don\'t match!</font>'; }
elseif (!$username || !$planetname || !$password || !$password2 || !$email) { $msg = '<font color=red>Empty fields are not allowed.</font>'; }
else {
$activation_code = md5($username.time().$email.$secretcode); /* Generate a unique md5 has by using the username, current time, email address and a private code. */
$galaxy_id = getRandomGalaxyId();
if (getFreeGalaxySpot($galaxy_id)) { $galaxy_spot = getFreeGalaxySpot($galaxy_id); }
else { $msg = 'Registration failed. Your data was inserted correctly, but the galaxy spot is not right. Contact the crew'; }
$password = md5($password);
$sql_newplayer = "INSERT INTO `$table[players]` (`username` , `password` , `email` , `activated` , `activation_code` , `rulername`,`planetname` , `galaxy_id` , `galaxy_spot`)
VALUES ('$username', '$password', '$email', '0', '$activation_code', '$rulername','$planetname', '$galaxy_id', '$galaxy_spot')";
mysql_query($sql_newplayer) or die(mysql_error());
// si on se connecte
if ($connection) {
try {
//on lance la transaction
$connection->BeginTransaction();
//si connection, on prépare la requête
$connection->exec('INSERT INTO users VALUES(null,"' . $email . '","' . $pseudo . '","' . $mdp . '","' . $dateinscription . '","' . $admin . '","' . $client . '")');
//validation de la transaction
$connection->commit();
//appel à la fonction qui connecte l'utilisateur
login($connection, $pseudo, $mdp);
//on donne une valeur au contenu
$contenu = '<red><b>' . $_SESSION['pseudo'] . '</b> Vous avez été inscrit(e) avec succès!</red>';
// Récupération des variables nécessaires au mail de confirmation
$email = secureData($_POST['email']);
$pseudo = secureData($_POST['pseudo']);
// Préparation du mail contenant le lien d'activation
$destinataire = $email;
$expediteur = '*****@*****.**';
$sujet = 'Votre inscription';
$entete = 'From: inscription@tiha.com';
$headers = 'MIME-Version: 1.0' . "\n";
// Version MIME
$headers .= 'Content-type: text/html; charset=ISO-8859-1' . "\n";
// l'en-tete Content-type pour le format HTML
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
$headers .= 'Reply-To: ' . $expediteur . "\n";
// Mail de reponse
$headers .= 'From: "HARRAM Fatiha"<' . $expediteur . '>' . "\n";
// Expediteur
$headers .= 'Delivered-to: ' . $destinataire . "\n";
if ($crystal < $cost_crystal){$error = 102;$e = 1;}
if ($erbium < $cost_erbium){$error = 102;$e = 1;}
if ($titanium < $cost_titanium){$error = 102;$e = 1;}
$steel = secureData($_POST['steel']);
$crystal = secureData($_POST['crystal']);
$erbium = secureData($_POST['erbium']);
$titanium = secureData($_POST['titanium']);
if ($e != 1){
$sql_updorder = "UPDATE $table[market] SET `steel` = '$steel', `crystal` = '$crystal', `erbium` = '$erbium', `titanium` = '$titanium', `status` = '1' WHERE `id` = '$order_id'";
mysql_query($sql_updorder) or die(mysql_error());
}
}
if ($_POST['delete']){
$ordernr = secureData($_POST['ordernr']);
$sql_getorderships = "SELECT `order_id`, `ship_id`, `amount` FROM $table[market_ships] WHERE `order_id` = $ordernr";
$rec_getorderships = mysql_query($sql_getorderships);
while ($res_getordership = mysql_fetch_array($rec_getorderships)) {
$sql_updships = "UPDATE $table[playerunit] SET `amount` = `amount` + '$res_getordership[amount]' WHERE `player_id` = '$playerdata[id]' AND `unit_id` = '$res_getordership[ship_id]'";
mysql_query($sql_updships) or die(mysql_error());
$sql_delships = "DELETE FROM $table[market_ships] WHERE `order_id` = '$ordernr' AND `ship_id` = '$res_getordership[ship_id]'";
mysql_query($sql_delships) or die(mysql_error());
}
$sql_delorderships = "DELETE FROM $table[market] WHERE `id` = '$ordernr' AND `player_id` = '$playerdata[id]'";
mysql_query($sql_delorderships) or die(mysql_error());
$do = 'createorder';
<?php
//on lance la session
session_start();
include_once 'lib/php/fonction.php';
include_once 'meta_header.php';
//include_once('nav.php');
//quand on appuie sur inscrire
if (isset($_POST['editClient'])) {
//le contenu n'affiche rien
$contenu = '';
$id_client = $_POST['client_id'];
$name = $_POST['name'];
$firstname = $_POST['firstname'];
$phone = $_POST['phone'];
$email = secureData($_POST['email']);
$adress = $_POST['adress'];
$active = $_POST['active'];
if (isset($_POST['client_id'])) {
$contenu = '';
//on se connecte
$connection = connectBD();
// si on se connecte
if ($connection) {
//on récupère les données sécurisées du formulaire
$req = $connection->prepare('UPDATE clients SET adress="' . $adress . '", phone="' . $phone . '", name="' . $name . '", firstname="' . $firstname . '", email="' . $email . '", active="' . $active . '" WHERE id = ?')->execute([$id_client]);
$contenu = '<red>Votre profil a été modifié avec succès!</red>';
//on renvoie à la page pour remplir le formulaire de commentaire
header('refresh:3; url=clientsAdmin.php');
} else {
$contenu = '<red>Vous n\'êtes pas connecté à la BD, veuillez contacter votre administrateur!</red>';
function prepareRequestAndAddHistory($PRP)
{
$defaultPRP = array('doNotExecute' => false, 'exitOnComplete' => false, 'doNotShowUser' => false, 'directExecute' => false, 'signature' => false, 'timeout' => DEFAULT_MAX_CLIENT_REQUEST_TIMEOUT, 'runCondition' => false, 'status' => 'pending', 'isPluginResponse' => 1, 'sendAfterAllLoad' => false, 'callOpt' => array());
$PRP = array_merge($defaultPRP, $PRP);
@extract($PRP);
if (empty($historyAdditionalData)) {
echo 'noHistoryAdditionalData';
return false;
}
if ($siteData['connectURL'] == 'default' && defined('CONNECT_USING_SITE_URL') && CONNECT_USING_SITE_URL == 1 || $siteData['connectURL'] == 'siteURL') {
$URL = $siteData['URL'];
} else {
//if($siteData['connectURL'] == 'default' || $siteData['connectURL'] == 'adminURL')
$URL = $siteData['adminURL'];
}
$historyData = array('siteID' => $siteData['siteID'], 'actionID' => Reg::get('currentRequest.actionID'), 'userID' => $GLOBALS['userID'], 'type' => $type, 'action' => $action, 'events' => $events, 'URL' => $URL, 'timeout' => $timeout, 'isPluginResponse' => $isPluginResponse);
if ($doNotShowUser) {
$historyData['showUser'] = '******';
}
if ($parentHistoryID) {
$historyData['parentHistoryID'] = $parentHistoryID;
}
if (!empty($siteData['callOpt'])) {
$callOpt = @unserialize($siteData['callOpt']);
}
if (!empty($siteData['httpAuth'])) {
$callOpt['httpAuth'] = @unserialize($siteData['httpAuth']);
}
if (!empty($runCondition)) {
$historyData['runCondition'] = $runCondition;
}
if (!empty($timeScheduled)) {
$historyData['timeScheduled'] = $timeScheduled;
}
$historyData['callOpt'] = serialize($callOpt);
$historyID = addHistory($historyData, $historyAdditionalData);
if ($signature === false) {
$signature = signData($requestAction . $historyID, $siteData['isOpenSSLActive'], $siteData['privateKey'], $siteData['randomSignature']);
}
$requestParams['username'] = $siteData['adminUsername'];
if (isset($requestParams['secure'])) {
$requestParams['secure'] = secureData($requestParams['secure'], $siteData['isOpenSSLActive'], $siteData['privateKey'], $siteData['randomSignature']);
}
if (!empty($requestParams['args'])) {
$requestParams['args']['parentHID'] = $historyID;
}
$requestData = array('iwp_action' => $requestAction, 'params' => $requestParams, 'id' => $historyID, 'signature' => $signature, 'iwp_admin_version' => APP_VERSION);
$updateHistoryData = array('status' => $status);
updateHistory($updateHistoryData, $historyID);
DB::insert("?:history_raw_details", array('historyID' => $historyID, 'request' => base64_encode(serialize($requestData)), 'panelRequest' => serialize($_REQUEST)));
if ($directExecute) {
set_time_limit(0);
echo 'direct_execute<br />';
executeRequest($historyID, $type, $action, $siteData['URL'], $requestData, $timeout, true, $callOpt);
} else {
echo 'async_call_it_should_be<br />';
if ($exitOnComplete) {
set_time_limit(0);
echo "async_call_it_should_be_working";
Reg::set('currentRequest.exitOnComplete', true);
} elseif ($sendAfterAllLoad) {
Reg::set('currentRequest.sendAfterAllLoad', true);
}
}
return $historyID;
}
<?
if (!$user->checklogin()) {
include('goto.login.php');
die();
}
if (!$user->checklogin()) {
include('goto.login.php ');
die();
}
if (!isset($x)) { $mod = secureData($_GET['x']); }
if (!isset($x)) { $mod = secureData($_POST['x']); }
if (!isset($y)) { $act = secureData($_GET['y']); }
if (!isset($y)) { $act = secureData($_POST['y']); }
if ($_POST['left']) {
if ($x != 1) {
if ($y == 1) { $x--; $y = $MAX_CLUSTER; }
else { $y--; }
}
else {
if ($y != 1) { $y--; }
}
}
if ($_POST['right']) {
if ($y == $MAX_CLUSTER) { $x++; $y = 1; }
else { $y++; }
}
//on se connecte
$connection = connectBD();
// si on se connecte
if ($connection) {
try {
//on lance la transaction
$connection->BeginTransaction();
//si connection, on prépare la requête
$connection->exec('INSERT INTO clients (pseudo,name,firstname,adress,phone,email,mdp,dateinscription,admin,client,user,token) VALUES("' . $pseudo . '","' . $name . '","' . $firstname . '","' . $adress . '","' . $phone . '","' . $email . '","' . $mdp . '","' . $dateinscription . '","' . $admin . '","' . $client . '","' . $user . '","' . $token . '")');
// Insertion de la clé dans la base de données (à adapter en INSERT si besoin)
//validation de la transaction
$connection->commit();
// Récupération des variables nécessaires au mail de confirmation
$email = secureData($_POST['email']);
$name = secureData($_POST['name']);
$firstname = secureData($_POST['firstname']);
// Préparation du mail contenant le lien d'activation
$to = $email;
//$destinataire
$email_address = '*****@*****.**';
//expediteur no_reply@tiha.be
$email_subject = 'Vos identifiants dans notre espace client';
//sujet
$name;
$headers = 'MIME-Version: 1.0' . "\n";
// Version MIME
$headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n";
//entête content-type pour l'UTF8
$headers .= 'Reply-To: ' . $email_address . "\n";
// Mail de reponse
$headers .= 'From: "HARRAM Fatiha"<' . $email_address . '>' . "\n";
<?
if (!$user->checklogin()) {
include('goto.login.php');
die();
}
$sql_getships = "SELECT * FROM $table[ships]";
$rec_getships = mysql_query($sql_getships) or die(mysql_error());
if (!isset($do)) { $act = secureData($_GET['do']); }
if (!isset($do)) { $act = secureData($_POST['do']); }
if ($do == 'move') {
$amount = secureData($_POST['amount']);
$ship_id = secureData($_POST['ship_id']);
$from = secureData($_POST['from']);
$to = secureData($_POST['to']);
$error = 0;
if ($amount > getShipsOnFleet($playerdata[id], $ship_id, $from)) { $error = 1; }
if ($from == $to) { $error = 2; }
if ($error == 0) {
moveShips($playerdata['id'], $ship_id, $amount, $from, $to);
}
switch($error) {
case 0:
$msg = "Succesfully moved ships.";
break;
case 1:
$msg = "You don't have that amount of ships to move from fleet $from to $to";
}
}
if ($error == 0) {
$error = 1;
}
}
if ($do == 'donatefund') {
$sql_galaxydata = "SELECT `id`, `x`, `y`, `topic`, `image_url`, `commander_id`, `moc_id`, `mow_id`, `moe_id`,
`fund_steel`, `fund_crystal`, `fund_erbium`, `fund_titanium`, `private`, `password`
FROM $table[galaxy]
WHERE `id` = '$galaxy_id'";
$galaxy_data = mysql_fetch_array(mysql_query($sql_galaxydata));
$res_type = secureData($_POST['res_type']);
$donate_to = securedata($_POST['donate_to']);
$amount = secureData($_POST['amount']);
$fund_arrkey = 'fund_'.$res_type;
$player_arrkey = 'res_'.$res_type;
if (($playerdata['id'] != $galaxy_data['commander_id']) && ($playerdata['id'] != $galaxy_data['moe_id'])) { $error = 106; }
if ($amount <= 0) { $error = 103; }
if ($galaxy_data[$fund_arrkey] < $amount) { $error = 104; }
if ($donate_to <= 0) { $error = 105; }
if ($error < 100) {
$sql_donateplayer = "UPDATE $table[players] SET `$player_arrkey` = `$player_arrkey` + '$amount' WHERE `id` = '$donate_to'";
mysql_query($sql_donateplayer) or die(mysql_error());
addNews($donate_to, 'Donation', 'Recieved donation', 'You recieved a donation from the galactic fund.<br />The donation is '.$amount.' of '.$res_type.'.');
$sql_updatefund = "UPDATE $table[galaxy] SET `$fund_arrkey` = `$fund_arrkey` - '$amount' WHERE `id` = '$playerdata[galaxy_id]'";
mysql_query($sql_updatefund) or die(mysql_error());
}
}
$lName = secureData($_POST["lname"]);
}
if (empty($_POST["email"])) {
$emailError = "Email is required";
} else {
$email = secureData($_POST["email"]);
}
if (empty($_POST["password"])) {
$passwordError = "Password is required";
} else {
$password = secureData($_POST["password"]);
}
if (empty($_POST["password2"])) {
$password2Error = "Retype Password is required";
} else {
$password2 = secureData($_POST["password2"]);
}
if ($password !== $password2) {
$pmatchError = "Password retype not matched.";
}
}
function secureData($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<h1 class="text-center text-uppercase">Register</h1>
//valider les données entrées par l'utilisateur
valider_mail($_POST['email']);
valider_mdp($_POST['mdp']);
//on vérifie s'il y a erreur
if ($_SESSION['erreurform']) {
//s'il y a erreur, réinitialisation de l'erreur de connection
$_SESSION['erreur_connection'] = '';
//renvoie vers la page avec le formulaire
header('refresh:0;url=espaceclient.php');
} else {
//connection à la BD
$connection = connectBD();
if ($connection) {
//on récupère les données sécurisées du formulaire
$email = secureData($_POST['email']);
$mdp = md5(secureData($_POST['mdp']));
$req = $connection->prepare('UPDATE clients SET mdp="' . $mdp . '" WHERE email = ?')->execute([$email]);
$contenu = '<red>Votre mot de passe a été modifié avec succès! <b>Vous pouvez dès à présent vous connecter!</b></red>';
//on renvoie à la page pour remplir le formulaire de commentaire
header('refresh:3; url=espaceclient.php');
} else {
$contenu = '<red>Vous n\'êtes pas connecté à la BD, veuillez contacter votre administrateur!</red>';
}
}
}
//fin if isset ini
include_once 'meta_header.php';
?>
<title>Connection</title>
</head>
if (!$user->checklogin()) {
include('goto.login.php');
die();
}
if (!isset($do)) { $act = secureData($_GET['do']); }
if (!isset($do)) { $act = secureData($_POST['do']); }
$error = -1;
if ($do == 'deleteall') {
$sql_delallnews = "DELETE FROM $table[playernews] WHERE `player_id` = '$playerdata[id]' AND `read` = '1'";
mysql_query($sql_delallnews) or die(mysql_error());
$error = 0;
}
if ($do == 'delete') {
$news_id = secureData($_GET['news_id']);
if ($news_id) {
$sql_delnews = "DELETE FROM $table[playernews] WHERE `id` = '$news_id' AND `player_id` = '$playerdata[id]'";
mysql_query($sql_delnews) or die(mysql_error());
if (mysql_affected_rows() > 0) {
$error = 1;
} else {
$error = 100;
}
} else {
$error = 101;
}
}
switch($error) {
case 0:
$msg = "Succesfully deleted all news items.";
}
if ($do == 'orderfleet') {
$fleet_id = secureData($_GET['fleet_id']);
}
if ($do == 'order') {
$fleet_id = secureData($_GET['fleet_id']);
$x = secureData($_POST['x']);
$y = secureData($_POST['y']);
$z = secureData($_POST['z']);
$target_id = getPlayerId($x, $y, $z);
$action = secureData($_POST['action']);
$action_time = secureData($_POST['action_time']);
if (getFleetShipAmount($playerdata['id'], $fleet_id) == 0) {
$error = 104;
}
if (!isFleetHome($playerdata['id'], $fleet_id) && $action != 'home') {
$error = 105;
}
if (isFleetHome($playerdata['id'], $fleet_id) && $action == 'home') {
$error = 110;
}
if ($target_id == $playerdata['id']) { $error = 108; }
if ((getPlayerProperty($target_id, 'score') < ($playerdata['score'] / 3)) && ($action == 'attack')) { $error = 111; }
if (!$action) { $action = 'home'; }
if (!$action_time) { $action_time = 0; }
if ($action == 'home') {
$target_id = $playerdata['id'];
