$config->game_mode = sys_get_param_int('game_mode');
$config->game_speed = sys_get_param_float('game_speed', 1);
$config->fleet_speed = sys_get_param_float('fleet_speed', 1);
$config->resource_multiplier = sys_get_param_float('resource_multiplier', 1);
$config->user_vacation_disable = sys_get_param_int('user_vacation_disable', 0);
$config->url_faq = sys_get_param_str_unsafe('url_faq');
$config->url_forum = sys_get_param_str_unsafe('url_forum');
$config->url_rules = sys_get_param_str_unsafe('url_rules');
$config->url_purchase_metamatter = sys_get_param_str_unsafe('url_purchase_metamatter');
$config->game_disable = sys_get_param_int('game_disable');
$config->game_disable_reason = sys_get_param_str_unsafe('game_disable_reason');
$config->server_updater_check_auto = sys_get_param_int('server_updater_check_auto');
$config->eco_scale_storage = sys_get_param_int('eco_scale_storage');
$config->game_default_language = sys_get_param_str_unsafe('game_default_language', DEFAULT_LANG);
$config->game_default_skin = sys_get_param_str_unsafe('game_default_skin', DEFAULT_SKINPATH);
$config->game_default_template = sys_get_param_str_unsafe('game_default_template', TEMPLATE_NAME);
$config->game_maxGalaxy = sys_get_param_int('game_maxGalaxy', 5);
$config->game_maxSystem = sys_get_param_int('game_maxSystem', 199);
$config->game_maxPlanet = sys_get_param_int('game_maxPlanet', 16);
$config->player_max_colonies = sys_get_param_int('player_max_colonies', -1);
$config->fleet_bashing_attacks = sys_get_param_int('fleet_bashing_attacks', 3);
$config->fleet_bashing_interval = sys_get_param_int('fleet_bashing_interval', 30 * 60);
$config->fleet_bashing_scope = sys_get_param_int('fleet_bashing_scope', 24 * 60 * 60);
$config->fleet_bashing_war_delay = sys_get_param_int('fleet_bashing_war_delay', 12 * 60 * 60);
$config->fleet_bashing_waves = sys_get_param_int('fleet_bashing_waves', 3);
$config->allow_buffing = sys_get_param_int('allow_buffing');
$config->ally_help_weak = sys_get_param_int('ally_help_weak');
$config->game_email_pm = sys_get_param_int('game_email_pm');
$config->rpg_exchange_metal = sys_get_param_int('rpg_exchange_metal', 1);
$config->rpg_exchange_crystal = sys_get_param_int('rpg_exchange_crystal', 2);
$config->rpg_exchange_deuterium = sys_get_param_int('rpg_exchange_deuterium', 4);
* @version 1.3 copyright (c) 2009 by Gorlum for http://supernova.ws
* [~] Optimized SQL-queries
* @version 1.2 - Security checked for SQL-injection by Gorlum for http://supernova.ws
* @version 1.1 - (c) Copyright by Gorlum for http://supernova.ws
* @version 1.0 - copyright 2008 by Chlorel for XNova
*
*/
define('INSIDE', true);
define('INSTALL', false);
define('IN_ADMIN', true);
require '../common.' . substr(strrchr(__FILE__, '.'), 1);
if ($user['authlevel'] < 1) {
AdminMessage($lang['adm_err_denied']);
}
$mode = sys_get_param_str('mode', 'banit');
$name_unsafe = sys_get_param_str_unsafe('name');
$name_output = sys_safe_output($name_unsafe);
$action = sys_get_param_str('action');
$player_banned_row = db_user_by_username($name_unsafe);
if ($mode == 'banit' && $action) {
if ($player_banned_row) {
$reas = $_POST['why'];
$days = $_POST['days'];
$hour = $_POST['hour'];
$mins = $_POST['mins'];
$secs = $_POST['secs'];
// $isVacation = $_POST['isVacation'];
$BanTime = $days * 86400;
$BanTime += $hour * 3600;
$BanTime += $mins * 60;
$BanTime += $secs;
switch ($mode) {
case ADM_TOOL_CONFIG_RELOAD:
$config->db_loadAll();
sys_refresh_tablelist($config->db_prefix);
$config->db_loadItem('game_watchlist');
if ($config->game_watchlist) {
$config->game_watchlist_array = explode(';', $config->game_watchlist);
} else {
unset($config->game_watchlist_array);
}
break;
case ADM_TOOL_MD5:
$template = gettemplate("admin/md5enc", true);
$password_seed = sys_get_param_str_unsafe('seed', SN_SYS_SEC_CHARS_ALLOWED);
$password_length = sys_get_param_int('length', 16);
$string = ($string = sys_get_param_str_unsafe('string')) ? $string : sys_random_string($password_length, $password_seed);
$template->assign_vars(array('SEED' => $password_seed, 'LENGTH' => $password_length, 'STRING' => htmlentities($string), 'MD5' => md5($string)));
display($template, $lang['adm_tools_md5_header'], false, '', true);
break;
case ADM_TOOL_FORCE_ALL:
$config->db_saveItem('db_version', 0);
require_once '../includes/update.php';
break;
case ADM_TOOL_FORCE_LAST:
$config->db_saveItem('db_version', floor($config->db_version - 1));
require_once '../includes/update.php';
break;
case ADM_TOOL_INFO_PHP:
phpinfo();
break;
case ADM_TOOL_INFO_SQL:
define('INSIDE', true);
define('INSTALL', false);
define('IN_ADMIN', true);
require '../common.' . substr(strrchr(__FILE__, '.'), 1);
if ($user['authlevel'] < 3) {
AdminMessage($lang['adm_err_denied']);
}
$template = gettemplate('admin/planet_compensate', true);
$galaxy_src = sys_get_param_int('galaxy_src');
$system_src = sys_get_param_int('system_src');
$planet_src = sys_get_param_int('planet_src');
$galaxy_dst = sys_get_param_int('galaxy_dst');
$system_dst = sys_get_param_int('system_dst');
$planet_dst = sys_get_param_int('planet_dst');
$bonus = sys_get_param_float('bonus', 1);
$username_unsafe = sys_get_param_str_unsafe('username');
$username = sys_get_param_escaped('username');
if ($galaxy_src) {
sn_db_transaction_start();
$errors = array();
$owner = db_user_by_username($username_unsafe, false, '*', true, true);
$planet = sys_o_get_updated($owner, array('galaxy' => $galaxy_src, 'system' => $system_src, 'planet' => $planet_src, 'planet_type' => 1), SN_TIME_NOW);
$que = $planet['que'];
$planet = $planet['planet'];
if (!$planet) {
$errors[] = $lang['adm_pl_comp_err_0'];
}
if ($planet['destruyed']) {
$errors[] = $lang['adm_pl_comp_err_1'];
}
if ($planet['id_owner'] != $owner['id'] || !$username) {
}
$uni_row = doquery("select * from `{{universe}}` where `universe_galaxy` = {$uni_galaxy} and `universe_system` = {$uni_system} limit 1;", '', true);
$uni_row['universe_price'] += $uni_system ? $config->uni_price_system : $config->uni_price_galaxy;
$uni_row['universe_name'] = strip_tags($uni_row['universe_name'] ? $uni_row['universe_name'] : ($uni_system ? "{$lang['sys_system']} [{$uni_galaxy}:{$uni_system}]" : "{$lang['sys_galaxy']} {$uni_galaxy}"));
if (sys_get_param_str('uni_name_submit')) {
$uni_row['universe_name'] = strip_tags(sys_get_param_str('uni_name'));
$uni_price = sys_get_param_float('uni_price');
if ($uni_price < $uni_row['universe_price']) {
throw new exception($lang['uni_msg_error_low_price'], ERR_ERROR);
}
$uni_row['universe_price'] = $uni_price;
sn_db_transaction_start();
$user = db_user_by_id($user['id'], true);
// if($user[get_unit_param(RES_DARK_MATTER, P_NAME)] < $uni_price)
if (mrc_get_level($user, null, RES_DARK_MATTER) < $uni_price) {
throw new exception($lang['uni_msg_error_no_dm'], ERR_ERROR);
}
if (!rpg_points_change($user['id'], RPG_RENAME, -$uni_price, "Renaming [{$uni_galaxy}:{$uni_system}] to " . sys_get_param_str_unsafe('uni_name'))) {
throw new exception($lang['sys_msg_err_update_dm'], ERR_ERROR);
}
doquery("replace {{universe}} set `universe_galaxy` = {$uni_galaxy}, `universe_system` = {$uni_system}, `universe_name` = '{$uni_row['universe_name']}', `universe_price` = {$uni_row['universe_price']};");
$debug->warning(sprintf($lang['uni_msg_admin_rename'], $user['id'], $user['username'], $uni_price, $uni_system ? $lang['uni_system_of'] : $lang['uni_galaxy_of'], $uni_galaxy, $uni_system ? ":{$uni_system}" : '', strip_tags(sys_get_param_str_unsafe('uni_name'))), $lang['uni_naming'], LOG_INFO_UNI_RENAME);
sn_db_transaction_commit();
sys_redirect("galaxy.php?mode=name&galaxy={$uni_galaxy}&system={$uni_system}");
}
} catch (exception $e) {
sn_db_transaction_rollback();
$template->assign_block_vars('result', array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage()));
}
$template->assign_vars(array('GALAXY' => $uni_galaxy, 'SYSTEM' => $uni_system, 'NAME' => sys_safe_output($uni_row['universe_name']), 'PRICE' => $uni_row['universe_price'], 'PAGE_HINT' => $lang['uni_name_page_hint']));
display($template, $lang['sys_universe'] . ' - ' . $lang['uni_naming'], true, '', false);
function sn_options_model()
{
global $user, $user_option_list, $lang, $template_result, $config;
$language_new = sys_get_param_str('langer', $user['lang']);
if ($language_new != $user['lang']) {
$lang->lng_switch($language_new);
}
lng_include('options');
lng_include('messages');
$FMT_DATE = preg_replace(array('/d/', '/m/', '/Y/'), array('DD', 'MM', 'YYYY'), FMT_DATE);
if (sys_get_param_str('mode') == 'change') {
if ($user['authlevel'] > 0) {
$planet_protection = sys_get_param_int('adm_pl_prot') ? $user['authlevel'] : 0;
db_planet_set_by_owner($user['id'], "`id_level` = '{$planet_protection}'");
db_user_set_by_id($user['id'], "`admin_protection` = '{$planet_protection}'");
$user['admin_protection'] = $planet_protection;
}
if (sys_get_param_int('vacation') && !$config->user_vacation_disable) {
sn_db_transaction_start();
if ($user['authlevel'] < 3) {
if ($user['vacation_next'] > SN_TIME_NOW) {
message($lang['opt_vacation_err_timeout'], $lang['Error'], 'index.php?page=options', 5);
die;
}
$is_building = doquery("SELECT * FROM `{{fleets}}` WHERE `fleet_owner` = '{$user['id']}' LIMIT 1;", true);
if ($is_building) {
message($lang['opt_vacation_err_your_fleet'], $lang['Error'], 'index.php?page=options', 5);
die;
}
$que = que_get($user['id'], false);
if (!empty($que)) {
message($lang['opt_vacation_err_que'], $lang['Error'], 'index.php?page=options', 5);
die;
}
$query = classSupernova::db_get_record_list(LOC_PLANET, "`id_owner` = {$user['id']}");
foreach ($query as $planet) {
// $planet = sys_o_get_updated($user, $planet, SN_TIME_NOW);
// $planet = $planet['planet'];
db_planet_set_by_id($planet['id'], "last_update = " . SN_TIME_NOW . ", energy_used = '0', energy_max = '0',\n metal_perhour = '{$config->metal_basic_income}', crystal_perhour = '{$config->crystal_basic_income}', deuterium_perhour = '{$config->deuterium_basic_income}',\n metal_mine_porcent = '0', crystal_mine_porcent = '0', deuterium_sintetizer_porcent = '0', solar_plant_porcent = '0',\n fusion_plant_porcent = '0', solar_satelit_porcent = '0', ship_sattelite_sloth_porcent = 0");
}
$user['vacation'] = SN_TIME_NOW + $config->player_vacation_time;
} else {
$user['vacation'] = SN_TIME_NOW;
}
sn_db_transaction_commit();
}
foreach ($user_option_list as $option_group_id => $option_group) {
foreach ($option_group as $option_name => $option_value) {
if ($user[$option_name] !== null) {
$user[$option_name] = sys_get_param_str($option_name);
} else {
$user[$option_name] = $option_value;
}
}
}
$options = sys_user_options_pack($user);
$player_options = sys_get_param('options');
if (!empty($player_options)) {
array_walk($player_options, function (&$value) {
// TODO - Когда будет больше параметров - сделать больше проверок
$value = intval($value);
});
classSupernova::$user_options->offsetSet($player_options);
// pdump($player_options);die();
// player_save_option_array($user, $player_options);
}
$username = substr(sys_get_param_str_unsafe('username'), 0, 32);
$username_safe = db_escape($username);
if ($username && $user['username'] != $username && $config->game_user_changename != SERVER_PLAYER_NAME_CHANGE_NONE && sys_get_param_int('username_confirm') && !strpbrk($username, LOGIN_REGISTER_CHARACTERS_PROHIBITED)) {
// проверка на корректность
sn_db_transaction_start();
$name_check = doquery("SELECT * FROM {{player_name_history}} WHERE `player_name` LIKE \"{$username_safe}\" LIMIT 1 FOR UPDATE;", true);
if (!$name_check || $name_check['player_id'] == $user['id']) {
$user = db_user_by_id($user['id'], true);
switch ($config->game_user_changename) {
case SERVER_PLAYER_NAME_CHANGE_PAY:
if (mrc_get_level($user, $planetrow, RES_DARK_MATTER) < $config->game_user_changename_cost) {
$template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_no_dm']);
break;
}
rpg_points_change($user['id'], RPG_NAME_CHANGE, -$config->game_user_changename_cost, sprintf('Пользователь ID %d сменил имя с "%s" на "%s"', $user['id'], $user['username'], $username));
case SERVER_PLAYER_NAME_CHANGE_FREE:
db_user_set_by_id($user['id'], "`username` = '{$username_safe}'");
doquery("REPLACE INTO {{player_name_history}} SET `player_id` = {$user['id']}, `player_name` = '{$username_safe}'");
// TODO: Change cookie to not force user relogin
// sn_setcookie(SN_COOKIE, '', time() - PERIOD_WEEK, SN_ROOT_RELATIVE);
$template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_name_changed']);
$user['username'] = $username;
break;
}
} else {
$template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_used_name']);
}
sn_db_transaction_commit();
}
if ($new_password = sys_get_param('newpass1')) {
try {
if ($new_password != sys_get_param('newpass2')) {
throw new Exception($lang['opt_err_pass_unmatched'], ERR_WARNING);
}
if (!classSupernova::$auth->password_change(sys_get_param('db_password'), $new_password)) {
throw new Exception($lang['opt_err_pass_wrong'], ERR_WARNING);
}
throw new Exception($lang['opt_msg_pass_changed'], ERR_NONE);
} catch (Exception $e) {
$template_result['.']['result'][] = array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage());
}
}
$user['email'] = sys_get_param_str('db_email');
// if(!$template_result[F_ACCOUNT]['account_email'] && ($email_2 = sys_get_param_str('db_email2'))) {
// core_auth::email_set($email_2);
// }
$user['dpath'] = sys_get_param_str('dpath');
$user['lang'] = sys_get_param_str('langer', $user['lang']);
// if($lang->lng_switch($user['lang'])) {
// lng_include('options');
// lng_include('messages');
// }
$user['design'] = sys_get_param_int('design');
$user['noipcheck'] = sys_get_param_int('noipcheck');
// $user['spio_anz'] = sys_get_param_int('spio_anz');
// $user['settings_fleetactions'] = sys_get_param_int('settings_fleetactions', 1);
// $user['settings_tooltiptime'] = sys_get_param_int('settings_tooltiptime');
// $user['settings_esp'] = sys_get_param_int('settings_esp');
// $user['settings_wri'] = sys_get_param_int('settings_wri');
// $user['settings_bud'] = sys_get_param_int('settings_bud');
// $user['settings_mis'] = sys_get_param_int('settings_mis');
// $user['settings_statistics'] = sys_get_param_int('settings_statistics');
// $user['settings_info'] = sys_get_param_int('settings_info');
// $user['settings_rep'] = sys_get_param_int('settings_rep');
// $user['planet_sort'] = sys_get_param_int('settings_sort');
// $user['planet_sort_order'] = sys_get_param_int('settings_order');
$user['deltime'] = !sys_get_param_int('deltime') ? 0 : ($user['deltime'] ? $user['deltime'] : SN_TIME_NOW + $config->player_delete_time);
$gender = sys_get_param_int('gender', $user['gender']);
!isset($lang['sys_gender_list'][$gender]) ? $gender = $user['gender'] : false;
$user['gender'] = $user['gender'] == GENDER_UNKNOWN ? $gender : $user['gender'];
try {
if ($user['birthday']) {
throw new exception();
}
$user_birthday = sys_get_param_str_unsafe('user_birthday');
if (!$user_birthday || $user_birthday == $FMT_DATE) {
throw new exception();
}
// Some black magic to parse any valid date format - those that contains all three "d", "m" and "Y" and any of the delimeters "\", "/", ".", "-"
$pos['d'] = strpos(FMT_DATE, 'd');
$pos['m'] = strpos(FMT_DATE, 'm');
$pos['Y'] = strpos(FMT_DATE, 'Y');
asort($pos);
$i = 0;
foreach ($pos as &$position) {
$position = ++$i;
}
$regexp = "/" . preg_replace(array('/\\\\/', '/\\//', '/\\./', '/\\-/', '/d/', '/m/', '/Y/'), array('\\\\\\', '\\/', '\\.', '\\-', '(\\d?\\d)', '(\\d?\\d)', '(\\d{4})'), FMT_DATE) . "/";
if (!preg_match($regexp, $user_birthday, $match)) {
throw new exception();
}
if (!checkdate($match[$pos['m']], $match[$pos['d']], $match[$pos['Y']])) {
throw new exception();
}
$user['user_birthday'] = db_escape("{$match[$pos['Y']]}-{$match[$pos['m']]}-{$match[$pos['d']]}");
// EOF black magic! Now we have valid SQL date in $user['user_birthday'] - independent of date format
$year = date('Y', SN_TIME_NOW);
if (mktime(0, 0, 0, $match[$pos['m']], $match[$pos['d']], $year) > SN_TIME_NOW) {
$year--;
}
$user['user_birthday_celebrated'] = db_escape("{$year}-{$match[$pos['m']]}-{$match[$pos['d']]}");
$user_birthday = ", `user_birthday` = '{$user['user_birthday']}', `user_birthday_celebrated` = '{$user['user_birthday_celebrated']}'";
} catch (exception $e) {
$user_birthday = '';
}
require_once 'includes/includes/sys_avatar.php';
$avatar_upload_result = sys_avatar_upload($user['id'], $user['avatar']);
$template_result['.']['result'][] = $avatar_upload_result;
$user_time_diff = playerTimeDiff::user_time_diff_get();
if (sys_get_param_int('PLAYER_OPTION_TIME_DIFF_FORCED')) {
playerTimeDiff::user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => sys_get_param_int('PLAYER_OPTION_TIME_DIFF'), PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 1, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL));
} elseif (sys_get_param_int('opt_time_diff_clear') || $user_time_diff[PLAYER_OPTION_TIME_DIFF_FORCED]) {
playerTimeDiff::user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => '', PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 0, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL));
}
$user_options_safe = db_escape($user['options']);
db_user_set_by_id($user['id'], "`email` = '{$user['email']}', `lang` = '{$user['lang']}', `avatar` = '{$user['avatar']}',\n `dpath` = '{$user['dpath']}', `design` = '{$user['design']}', `noipcheck` = '{$user['noipcheck']}',\n `deltime` = '{$user['deltime']}', `vacation` = '{$user['vacation']}', `options` = '{$user_options_safe}', `gender` = {$user['gender']}\n {$user_birthday}");
$template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']);
} elseif (sys_get_param_str('result') == 'ok') {
$template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']);
}
$user = db_user_by_id($user['id']);
$options = sys_user_options_unpack($user);
}
sn_db_transaction_commit();
throw new exception('buddy_err_delete_own', ERR_NONE);
} elseif ($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_WAITING) {
msg_send_simple_message($buddy_row['BUDDY_SENDER_ID'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_deny_title'], sprintf($lang['buddy_msg_deny_text'], $user['username']));
doquery("UPDATE {{buddy}} SET `BUDDY_STATUS` = " . BUDDY_REQUEST_DENIED . " WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
sn_db_transaction_commit();
throw new exception('buddy_err_deny_none', ERR_NONE);
}
break;
}
}
// New request?
// Checking for user ID - in case if it was request from outside buddy system
if ($new_friend_id = sys_get_param_id('request_user_id')) {
$new_friend_row = db_user_by_id($new_friend_id, true, '`id`, `username`');
} elseif ($new_friend_name = sys_get_param_str_unsafe('request_user_name')) {
$new_friend_row = db_user_by_username($new_friend_name, true, '`id`, `username`');
$new_friend_name = db_escape($new_friend_name);
}
if ($new_friend_row['id'] == $user['id']) {
unset($new_friend_row);
throw new exception('buddy_err_adding_self', ERR_ERROR);
}
// Checking for user name & request text - in case if it was request to adding new request
if (isset($new_friend_row['id']) && ($new_request_text = sys_get_param_str('request_text'))) {
$check_relation = doquery("SELECT `BUDDY_ID` FROM {{buddy}} WHERE\n (`BUDDY_SENDER_ID` = {$user['id']} AND `BUDDY_OWNER_ID` = {$new_friend_row['id']})\n OR\n (`BUDDY_SENDER_ID` = {$new_friend_row['id']} AND `BUDDY_OWNER_ID` = {$user['id']})\n LIMIT 1 FOR UPDATE;", true);
if (isset($check_relation['BUDDY_ID'])) {
throw new exception('buddy_err_adding_exists', ERR_WARNING);
}
msg_send_simple_message($new_friend_row['id'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_adding_title'], sprintf($lang['buddy_msg_adding_text'], $user['username']));
doquery($q = "INSERT INTO {{buddy}} SET `BUDDY_SENDER_ID` = {$user['id']}, `BUDDY_OWNER_ID` = {$new_friend_row['id']}, `BUDDY_REQUEST` = '{$new_request_text}';");
define('INSIDE', true);
define('INSTALL', false);
define('IN_ADMIN', true);
require '../common.' . substr(strrchr(__FILE__, '.'), 1);
if (!sn_module_get_active_count('payment')) {
sys_redirect(SN_ROOT_VIRTUAL . 'admin/overview.php');
}
if ($user['authlevel'] < 3) {
AdminMessage($lang['adm_err_denied']);
}
$template = gettemplate("admin/adm_metamatter", true);
$message = '';
$message_status = ERR_ERROR;
if ($points = sys_get_param_float('points')) {
try {
$username = sys_get_param_str_unsafe('id_user');
if (empty($username)) {
throw new Exception($lang['adm_mm_no_dest']);
}
$an_account = new Account(classSupernova::$auth->account->db);
if (!$an_account->db_get_by_id($username) && !$an_account->db_get_by_name($username) && !$an_account->db_get_by_email($username)) {
throw new Exception(sprintf($lang['adm_mm_user_none'], $username));
}
if (!$an_account->metamatter_change(RPG_ADMIN, $points, sprintf($lang['adm_matter_change_log_record'], $an_account->account_id, db_escape($an_account->account_name), $user['id'], db_escape($user['username']), db_escape(sys_get_param_str('reason'))))) {
throw new Exception($lang['adm_mm_add_err']);
}
$message = sprintf($lang['adm_mm_user_added'], $an_account->account_name, $an_account->account_id, pretty_number($points));
$isNoError = true;
$message_status = ERR_NONE;
} catch (Exception $e) {
$message = $e->getMessage();
function qst_render_page()
{
global $lang, $user, $template, $config;
$user_id = sys_get_param_id('user_id', false);
$mode = sys_get_param_str('mode');
$quest_units_allowed = sn_get_groups(array('structures', 'tech', 'fleet', 'defense'));
$quest_reward_allowed = sn_get_groups('quest_rewards');
$in_admin = defined('IN_ADMIN') && IN_ADMIN === true;
if ($in_admin) {
$quest_id = sys_get_param_id('id');
$quest_name = sys_get_param_str_unsafe('QUEST_NAME');
if (!empty($quest_name)) {
$quest_description = sys_get_param_str_unsafe('QUEST_DESCRIPTION');
try {
$quest_rewards_list = sys_get_param('QUEST_REWARDS_LIST');
$quest_rewards = array();
foreach ($quest_rewards_list as $quest_rewards_id => $quest_rewards_amount) {
if (!in_array($quest_rewards_id, $quest_reward_allowed)) {
throw new Exception($lang['qst_adm_err_reward_type']);
}
if ($quest_rewards_amount < 0) {
throw new Exception($lang['qst_adm_err_reward_amount']);
} elseif ($quest_rewards_amount > 0) {
$quest_rewards[] = "{$quest_rewards_id},{$quest_rewards_amount}";
}
}
if (empty($quest_rewards)) {
throw new Exception($lang['qst_adm_err_reward_empty']);
}
$quest_rewards = implode(';', $quest_rewards);
$quest_unit_id = sys_get_param_int('QUEST_UNIT_ID');
if (!in_array($quest_unit_id, $quest_units_allowed)) {
throw new Exception($lang['qst_adm_err_unit_id']);
}
$quest_unit_amount = sys_get_param_float('QUEST_UNIT_AMOUNT');
if ($quest_unit_amount <= 0) {
throw new Exception($lang['qst_adm_err_unit_amount']);
}
$quest_conditions = "{$quest_unit_id},{$quest_unit_amount}";
// TODO: Change quest type
$quest_type = 0;
if ($mode == 'edit') {
$quest_name = db_escape($quest_name);
$quest_description = db_escape($quest_description);
doquery("UPDATE {{quest}} SET\n `quest_name` = '{$quest_name}',\n `quest_type` = '{$quest_type}',\n `quest_description` = '{$quest_description}',\n `quest_conditions` = '{$quest_conditions}',\n `quest_rewards` = '{$quest_rewards}'\n WHERE `quest_id` = {$quest_id} LIMIT 1;");
} else {
sn_db_perform('{{quest}}', array('quest_name' => $quest_name, 'quest_type' => $quest_type, 'quest_description' => $quest_description, 'quest_conditions' => $quest_conditions, 'quest_rewards' => $quest_rewards));
}
// TODO: Add mass mail for new quests
/*
if(sys_get_param_int('news_mass_mail'))
{
msg_send_simple_message('*', 0, 0, MSG_TYPE_PLAYER, $lang['sys_administration'], $lang['news_title'], $text);
}
*/
} catch (Exception $e) {
message($e->getMessage(), $lang['sys_error']);
}
$mode = '';
}
switch ($mode) {
case 'del':
doquery("DELETE FROM {{quest}} WHERE `quest_id` = {$quest_id} LIMIT 1;");
$mode = '';
break;
case 'edit':
$template->assign_var('QUEST_ID', $quest_id);
case 'copy':
$quest = doquery("SELECT * FROM {{quest}} WHERE `quest_id` = {$quest_id} LIMIT 1;", '', true);
break;
}
$query = doquery("SELECT count(*) AS count FROM {{quest}};", '', true);
$config->db_saveItem('quest_total', $query['count']);
} elseif (!$user_id) {
$user_id = $user['id'];
}
$quest_list = qst_get_quests($user_id);
$template->assign_vars(array('AUTHLEVEL' => $user['authlevel'], 'TOTAL' => count($quest_list), 'mode' => $mode, 'USER_ID' => $user_id, 'IN_ADMIN' => $in_admin));
if ($quest) {
$quest_templatized = qst_templatize(qst_quest_parse($quest, false));
} else {
$quest_templatized['quest_rewards_list'] = array();
}
foreach ($quest_reward_allowed as $unit_id) {
$found = false;
foreach ($quest_templatized['quest_rewards_list'] as $quest_templatized_reward) {
if ($quest_templatized_reward['ID'] == $unit_id) {
$found = true;
break;
}
}
if (!$found) {
$quest_templatized['quest_rewards_list'][$unit_id] = array('ID' => $unit_id, 'NAME' => $lang['tech'][$unit_id], 'AMOUNT' => 0);
}
}
qst_assign_to_template($template, $quest_templatized);
foreach ($quest_list as $quest_data) {
qst_assign_to_template($template, qst_templatize($quest_data, true), 'quest');
}
foreach ($quest_units_allowed as $unit_id) {
$template->assign_block_vars('allowed_unit', array('ID' => $unit_id, 'NAME' => $lang['tech'][$unit_id]));
}
}
protected function prepare()
{
$this->input_login_unsafe = sys_get_param_str_unsafe('username', sys_get_param_str_unsafe('email'));
// TODO переделать эту порнографию
$this->is_login = sys_get_param('login') ? true : false;
$this->is_register = sys_get_param('register') ? true : false;
$this->is_password_reset = sys_get_param('password_reset') ? true : false;
$this->is_password_reset_confirm = sys_get_param('password_reset_confirm') ? true : false;
$this->remember_me = intval(sys_get_param_int('rememberme') || $this->is_register);
$this->input_login_password_raw = sys_get_param('password');
$this->input_login_password_raw_repeat = sys_get_param('password_repeat');
$this->input_email_unsafe = sys_get_param_str_unsafe('email');
$this->input_language_unsafe = sys_get_param_str_unsafe('lang', DEFAULT_LANG);
$this->input_language_safe = sys_get_param_str('lang', DEFAULT_LANG);
}
function sys_get_param_phone($param_name, $default = '')
{
$phone_raw = sys_get_param_str_unsafe($param_name, $default = '');
if ($phone_raw) {
$phone = $phone_raw[0] == '+' ? '+' : '';
for ($i = 0; $i < strlen($phone_raw); $i++) {
$ord = ord($phone_raw[$i]);
if ($ord >= 48 && $ord <= 57) {
$phone .= $phone_raw[$i];
}
}
$phone = strlen($phone) < 11 ? '' : $phone;
} else {
$phone = '';
}
return array('raw' => $phone_raw, 'phone' => $phone);
}
public function player_register_model()
{
// TODO ВСЕГДА ПРЕДЛАГАТЬ РЕГАТЬ ИГРОКА ИЛИ ПОДКЛЮЧИТЬ ИМЕЮЩЕГОСЯ!
// TODO в auth_local делать проверку БД на существование имени игрока в локальной БД - что бы избежать лишнего шага (см.выше)
// TODO Хотя тут может получится вечный цикл - ПОДУМАТЬ
// TODO Тут же можно пробовать провести попытку слияния аккаунтов - хотя это и очень небезопасно
if (sys_get_param('login_player_register_logout')) {
$this->logout();
}
$original_suggest = '';
// Смотрим - есть ли у нас данные от пользователя
if ($player_name_submitted = sys_get_param('submit_player_name')) {
// Попытка регистрации нового игрока из данных, введенных пользователем
$this->player_suggested_name = sys_get_param_str_unsafe('player_suggested_name');
} else {
foreach ($this->providers_authorised as $provider) {
if ($this->player_suggested_name = $provider->player_name_suggest()) {
// OK 4.5
$original_suggest = $provider->player_name_suggest();
break;
}
}
}
// Если у нас провайдеры не дают имени и пользователь не дал свой вариант - это у нас первый логин в игру
if (!$this->player_suggested_name) {
$max_user_id = db_player_get_max_id();
// 4.5
// TODO - предлагать имя игрока по локали
// Проверить наличие такого имени в истории имён
do {
sn_db_transaction_rollback();
$this->player_suggested_name = 'Emperor ' . mt_rand($max_user_id + 1, $max_user_id + 1000);
sn_db_transaction_start();
} while (db_player_name_exists($this->player_suggested_name));
}
if ($player_name_submitted) {
$this->register_player_db_create($this->player_suggested_name);
// OK 4.5
if ($this->register_status == LOGIN_SUCCESS) {
sys_redirect(SN_ROOT_VIRTUAL . 'overview.php');
} elseif ($this->register_status == REGISTER_ERROR_PLAYER_NAME_EXISTS && $original_suggest == $this->player_suggested_name) {
// self::$player_suggested_name .= ' ' . $this->account->account_id;
}
// if(self::$login_status != LOGIN_SUCCESS) {
// // TODO Ошибка при регистрации нового игрока под текущим именем
// }
}
}
function sec_login(&$result)
{
sec_login_prepare($result);
$username_unsafe = sys_get_param_str_unsafe('username');
$password_raw = sys_get_param('password');
$email_unsafe = sys_get_param_str_unsafe('email');
// Проверяем регу
if (sys_get_param('register')) {
$password_repeat_raw = trim(sys_get_param('password_repeat'));
$language = sys_get_param_str('lang', DEFAULT_LANG);
if ($password_raw != $password_repeat_raw) {
// throw new exception(REGISTER_ERROR_PASSWORD_DIFFERENT, ERR_ERROR);
$result[F_LOGIN_STATUS] = REGISTER_ERROR_PASSWORD_DIFFERENT;
} else {
$result[F_LOGIN_STATUS] = sec_login_register($username_unsafe, $password_raw, $email_unsafe, $language, sys_get_param_int('rememberme'));
}
}
// Если есть в параметрах логин и пароль...
// if($username_unsafe && $password_raw) {
// }
if (sys_get_param('login') && in_array($result['status'], array(LOGIN_UNDEFINED, REGISTER_SUCCESS))) {
$result[F_LOGIN_STATUS] = sec_login_username($username_unsafe, $password_raw, sys_get_param_int('rememberme'));
} elseif (sys_get_param('confirm_code_send') && ($email_unsafe = sys_get_param_str_unsafe('email'))) {
// TODO - test
$result[F_LOGIN_STATUS] = sec_restore_password_send_email($email_unsafe);
} elseif (sys_get_param('confirm_code_submit') && ($confirm_safe = sys_get_param_str('confirm'))) {
// TODO - test
sec_restore_password_confirm($confirm_safe, $result);
}
// Тут всякие логины по внешним плагинам
//pdump($result, 'security');
// В этой точке должен быть установлена кука СН - логинимся по ней
if (in_array($result['status'], array(LOGIN_UNDEFINED, REGISTER_SUCCESS))) {
sec_login_cookie($result);
}
// TODO - ЗАМЕНИТЬ F_LOGIN_MESSAGE на сообщения по F_LOGIN_STATUS
// return $result;
}
}
if (empty($error_list)) {
$error_list[] = array('MESSAGE' => $lang['msg_not_message_sent'], 'STATUS' => ERR_NONE);
$user_safe_name = db_escape($user['username']);
$recipient_name = db_escape($recipient_name);
msg_send_simple_message($recipient_id, $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, "{$user_safe_name} [{$user['galaxy']}:{$user['system']}:{$user['planet']}]", $subject, $text, true);
//$recipient_id = 0;
//$recipient_name = '';
//$subject = '';
$text = '';
$msg_sent = true;
} else {
$subject = sys_get_param_str_unsafe('subject');
$text = sys_get_param_str_unsafe('text');
}
$recipient_name = sys_get_param_str_unsafe('recipient_name');
}
$subject = $subject ? $subject : $lang['msg_subject_default'];
$template->assign_vars(array('RECIPIENT_ID' => $recipient_id, 'RECIPIENT_NAME' => htmlspecialchars($recipient_name), 'SUBJECT' => htmlspecialchars($subject), 'TEXT' => htmlspecialchars($text)));
foreach ($error_list as $error_message) {
$template->assign_block_vars('result', $error_message);
}
$message_query = doquery("SELECT * FROM {{messages}}\n WHERE\n `message_type` = '" . MSG_TYPE_PLAYER . "' AND\n ((`message_owner` = '{$user['id']}' AND `message_sender` = '{$recipient_id}')\n OR\n (`message_sender` = '{$user['id']}' AND `message_owner` = '{$recipient_id}')) ORDER BY `message_time` DESC LIMIT 20;");
while ($message_row = db_fetch($message_query)) {
$template->assign_block_vars('messages', array('ID' => $message_row['message_id'], 'DATE' => date(FMT_DATE_TIME, $message_row['message_time'] + SN_CLIENT_TIME_DIFF), 'FROM' => htmlspecialchars($message_row['message_from']), 'SUBJ' => htmlspecialchars($message_row['message_subject']), 'TEXT' => in_array($message_row['message_type'], array(MSG_TYPE_PLAYER, MSG_TYPE_ALLIANCE)) && $message_row['message_sender'] ? nl2br(htmlspecialchars($message_row['message_text'])) : nl2br($message_row['message_text']), 'FROM_ID' => $message_row['message_sender']));
}
break;
case 'delete':
$query_add = '';
$message_range = sys_get_param_str('message_range');
switch ($message_range) {
function art_use(&$user, &$planetrow, $unit_id)
{
global $lang;
if (!in_array($unit_id, sn_get_groups('artifacts'))) {
return;
}
sn_db_transaction_start();
$user = db_user_by_id($user['id'], true);
$unit_level = $artifact_level_old = mrc_get_level($user, array(), $unit_id, true);
if ($unit_level > 0) {
$db_changeset = array();
switch ($unit_id) {
case ART_LHC:
case ART_HOOK_SMALL:
case ART_HOOK_MEDIUM:
case ART_HOOK_LARGE:
$has_moon = db_planet_by_parent($planetrow['id'], true, '`id`');
if ($planetrow['planet_type'] == PT_PLANET && !$has_moon['id']) {
$unit_level--;
$moon_chance = $unit_id == ART_LHC ? uni_calculate_moon_chance($planetrow['debris_metal'] + $planetrow['debris_crystal']) : ($unit_id == ART_HOOK_MEDIUM ? mt_rand(1100, 8999) : ($unit_id == ART_HOOK_SMALL ? 1100 : 8999));
$random = $unit_id == ART_LHC ? mt_rand(1, 100) : $moon_chance;
if ($random <= $moon_chance) {
$new_moon_row = uni_create_moon($planetrow['galaxy'], $planetrow['system'], $planetrow['planet'], $user['id'], $moon_chance);
$message = sprintf($lang['art_moon_create'][$unit_id], $new_moon_row['name'], uni_render_coordinates($planetrow), pretty_number($moon_chance));
} else {
$message = $lang['art_lhc_moon_fail'];
}
msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_ADMIN, $lang['art_lhc_from'], $lang['art_lhc_subj'], $message);
} else {
$message = $lang['art_moon_exists'];
}
break;
case ART_RCD_SMALL:
case ART_RCD_MEDIUM:
case ART_RCD_LARGE:
$planetrow = db_planet_by_id($planetrow['id'], true);
if ($planetrow['planet_type'] != PT_PLANET) {
$message = $lang['art_rcd_err_moon'];
break;
}
$que = que_get($user['id'], $planetrow['id'], QUE_STRUCTURES, false);
if (!empty($que['items'])) {
$message = $lang['art_rcd_err_que'];
break;
}
$artifact_deploy = get_unit_param($unit_id, P_DEPLOY);
// $deployment_str = '';
$sectors_used = 0;
foreach ($artifact_deploy as $deploy_unit_id => $deploy_unit_level) {
if (!($levels_deployed = max(0, $deploy_unit_level - mrc_get_level($user, $planetrow, $deploy_unit_id, true, true)))) {
continue;
}
$sectors_used += $levels_deployed;
$db_changeset['unit'][] = sn_db_unit_changeset_prepare($deploy_unit_id, $levels_deployed, $user, $planetrow['id']);
//$deploy_unit_name = get_unit_param($deploy_unit_id, P_NAME);
//$deployment_str .= ",`{$deploy_unit_name}` = GREATEST(`{$deploy_unit_name}`, {$deploy_unit_level})";
}
if ($sectors_used == 0) {
$message = $lang['art_rcd_err_no_sense'];
break;
}
$unit_level--;
db_planet_set_by_id($planetrow['id'], "`field_current` = `field_current` + {$sectors_used}");
$message = sprintf($lang['art_rcd_ok'], $lang['tech'][$unit_id], $planetrow['name'], uni_render_coordinates($planetrow));
msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_QUE, $lang['art_rcd_subj'], $lang['art_rcd_subj'], $message);
break;
case ART_HEURISTIC_CHIP:
$que_item = null;
$que = que_get($user['id'], $planetrow['id'], QUE_RESEARCH, true);
$current_que =& $que['ques'][QUE_RESEARCH][$user['id']][0];
if (!empty($current_que)) {
reset($current_que);
$que_item =& $que['ques'][QUE_RESEARCH][$user['id']][0][key($current_que)];
}
if (!empty($que_item) && $que_item['que_time_left'] > 60) {
$unit_level--;
$old_time = $que_item['que_time_left'];
$que_item['que_time_left'] = $que_item['que_time_left'] > PERIOD_HOUR ? ceil($que_item['que_time_left'] / 2) : 0;
db_que_set_time_left_by_id($que_item['que_id'], $que_item['que_time_left']);
$message = sprintf($lang['art_heurestic_chip_ok'], $lang['tech'][$que_item['que_unit_id']], $que_item['que_unit_level'], sys_time_human($old_time - $que_item['que_time_left']));
msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_QUE, $lang['art_heurestic_chip_subj'], $lang['art_heurestic_chip_subj'], $message);
} else {
$message = $lang['art_heurestic_chip_no_research'];
}
break;
case ART_NANO_BUILDER:
$planetrow = db_planet_by_id($planetrow['id'], true);
$que_item = null;
$que = que_get($user['id'], $planetrow['id'], QUE_STRUCTURES, true);
$current_que =& $que['ques'][QUE_STRUCTURES][$user['id']][$planetrow['id']];
// $que_item = &$que['que'][QUE_STRUCTURES][0];
if (!empty($current_que)) {
reset($current_que);
$que_item =& $que['ques'][QUE_STRUCTURES][$user['id']][$planetrow['id']][key($current_que)];
}
if (isset($que_item) && $que_item['que_time_left'] > 60) {
$unit_level--;
$old_time = $que_item['que_time_left'];
$que_item['que_time_left'] = $que_item['que_time_left'] > PERIOD_HOUR ? ceil($que_item['que_time_left'] / 2) : 0;
db_que_set_time_left_by_id($que_item['que_id'], $que_item['que_time_left']);
$message = sprintf($lang['art_nano_builder_ok'], $que_item['que_unit_mode'] == BUILD_CREATE ? $lang['art_nano_builder_build'] : $lang['art_nano_builder_destroy'], $lang['tech'][$que_item['que_unit_id']], $que_item['que_unit_level'], $planetrow['name'], uni_render_coordinates($planetrow), sys_time_human($old_time - $que_item['que_time_left']));
msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_QUE, $lang['art_nano_builder_subj'], $lang['art_nano_builder_subj'], $message);
} else {
$message = $lang['art_nano_builder_no_que'];
}
break;
}
if ($unit_level != $artifact_level_old) {
$db_changeset['unit'][] = sn_db_unit_changeset_prepare($unit_id, $unit_level - $artifact_level_old, $user);
db_changeset_apply($db_changeset);
}
} else {
$message = $lang['art_err_no_artifact'];
}
sn_db_transaction_commit();
message($message, "{$lang['tech'][UNIT_ARTIFACTS]} - {$lang['tech'][$unit_id]}", ($request_uri = sys_get_param_str_unsafe('REQUEST_URI')) ? $request_uri : 'artifacts' . DOT_PHP_EX . '#' . $unit_id, 5);
}
