function msg_send_simple_message($owners, $sender, $timestamp, $message_type, $from, $subject, $text, $escaped = false, $force = false) { global $config, $user, $sn_message_class_list; if (!$owners) { return; } $timestamp = $timestamp ? $timestamp : SN_TIME_NOW; $sender = intval($sender); if (!is_array($owners)) { $owners = array($owners); } if (!$escaped) { $from = db_escape($from); $subject = db_escape($subject); $text = db_escape($text); } $text_unescaped = stripslashes(str_replace(array('\\r\\n', "\r\n"), "<br />", $text)); $message_class = $sn_message_class_list[$message_type]; $message_class_email = $message_class['email']; $message_class_switchable = $message_class['switchable']; $message_class_name = $message_class['name']; $message_class_name_total = $sn_message_class_list[MSG_TYPE_NEW]['name']; if ($owners[0] == '*') { if ($user['authlevel'] < 3) { return false; } // TODO Добавить $timestamp - рассылка может быть и отсроченной // TODO Добавить $sender - рассылка может быть и от кого-то db_message_insert_all($message_type, $from, $subject, $text); $owners = array(); } else { $insert_values = array(); $insert_template = "('%u'," . str_replace('%', '%%', " '{$sender}', '{$timestamp}', '{$message_type}', '{$from}', '{$subject}', '{$text}')"); foreach ($owners as $owner) { if ($user['id'] != $owner) { $owner_row = db_user_by_id($owner); } else { $owner_row = $user; } sys_user_options_unpack($owner_row); if ($force || !$message_class_switchable || $owner_row["opt_{$message_class_name}"]) { $insert_values[] = sprintf($insert_template, $owner); } if ($message_class_email && $config->game_email_pm && $owner_row["opt_email_{$message_class_name}"]) { @($result = mymail($owner_row['email'], $subject, $text_unescaped, '', true)); } } if (empty($insert_values)) { return; } doquery($QryInsertMessage = 'INSERT INTO {{messages}} (`message_owner`, `message_sender`, `message_time`, `message_type`, `message_from`, `message_subject`, `message_text`) ' . 'VALUES ' . implode(',', $insert_values)); } db_user_list_set_mass_mail($owners, "`{$message_class_name}` = `{$message_class_name}` + 1, `{$message_class_name_total}` = `{$message_class_name_total}` + 1"); if (in_array($user['id'], $owners) || $owners[0] == '*') { $user[$message_class_name]++; $user[$message_class_name_total]++; } }
function msg_send_simple_message($owners, $sender, $timestamp, $message_type, $from, $subject, $text, $escaped = false) { global $config, $user, $sn_message_class_list, $time_now; $timestamp = $timestamp ? $timestamp : $time_now; $sender = intval($sender); if (!is_array($owners)) { $owners = array($owners); } if (!$escaped) { $from = mysql_real_escape_string($from); $subject = mysql_real_escape_string($subject); $text = mysql_real_escape_string($text); } $text_unescaped = stripslashes(str_replace(array('\\r\\n', "\r\n"), "<br />", $text)); $message_class = $sn_message_class_list[$message_type]; $message_class_email = $message_class['email']; $message_class_switchable = $message_class['switchable']; $message_class_name = $message_class['name']; $message_class_name_total = $sn_message_class_list[MSG_TYPE_NEW]['name']; $QryInsertMessage = 'INSERT INTO {{messages}} (`message_owner`, `message_sender`, `message_time`, `message_type`, `message_from`, `message_subject`, `message_text`) '; $QryUpdateUser = "******"; if ($owners[0] == '*') { if ($user['authlevel'] < 3) { return false; } $QryInsertMessage .= "SELECT `id`, 0, unix_timestamp(now()), {$message_type}, '{$from}', '{$subject}', '{$text}' FROM {{users}}; "; } else { $insert_values = array(); $insert_template = "('%u'," . str_replace('%', '%%', " '{$sender}', '{$timestamp}', '{$message_type}', '{$from}', '{$subject}', '{$text}')"); foreach ($owners as $owner) { if ($user['id'] != $owner) { $owner_row = doquery("SELECT * FROM {{users}} WHERE id = {$owner} LIMIT 1;", '', true); sys_user_options_unpack($owner_row); } else { $owner_row =& $user; } if (!$message_class_switchable || $owner_row["opt_{$message_class_name}"]) { $insert_values[] = sprintf($insert_template, $owner); } if ($message_class_email && $config->game_email_pm && $owner_row["opt_email_{$message_class_name}"]) { @($result = mymail($owner_row['email'], $subject, $text_unescaped, '', true)); } } if (empty($insert_values)) { return; } $QryInsertMessage .= 'VALUES ' . implode(',', $insert_values) . ';'; $QryUpdateUser .= 'WHERE `id` IN (' . implode(',', $owners) . ');'; } doquery($QryInsertMessage); doquery($QryUpdateUser); if (in_array($user['id'], $owners) || $owners[0] == '*') { $user[$message_class_name]++; $user[$message_class_name_total]++; } }
function sn_login($username, $password, $remember_me = '1') { global $lang; $username = mysql_real_escape_string($username); $login = doquery("SELECT * FROM {{users}} WHERE `username` = '{$username}' LIMIT 1;", '', true); if (!$login) { $status = LOGIN_ERROR_USERNAME; $error_msg = $lang['Login_FailUser']; $login = array(); } elseif ($login['password'] != md5($password)) { $status = LOGIN_ERROR_PASSWORD; $error_msg = $lang['Login_FailPassword']; $login = array(); } else { sys_user_options_unpack($login); sn_set_cookie($login, $remember_me); $status = LOGIN_SUCCESS; $error_msg = ''; } return array('status' => $status, 'error_msg' => $error_msg, 'user_row' => $login); }
sn_ali_fill_user_ally($user); if (!$user['ally']['player']['id']) { sn_sys_logout(false, true); $debug->error("User ID {$user['id']} has ally ID {$user['ally_id']} but no ally info", 'User record error', 502); } // TODO UNCOMMENT que_process($user['ally']['player']); db_user_set_by_id($user['ally']['player']['id'], '`onlinetime` = ' . SN_TIME_NOW); sn_db_transaction_commit(); } // TODO - в режиме эмуляции, на самом деле! sn_db_transaction_start(); $global_data = sys_o_get_updated($user['id'], $planet_id, SN_TIME_NOW); sn_db_transaction_commit(); $planetrow = $global_data['planet']; if (!($planetrow && isset($planetrow['id']) && $planetrow['id'])) { sn_sys_logout(false, true); $debug->error("User ID {$user['id']} has no current planet and no homeworld", 'User record error', 502); } $que = $global_data['que']; } require_once 'includes/vars_menu.php'; if ($sn_mvc['model']['']) { foreach ($sn_mvc['model'][''] as $hook) { if (is_callable($hook_call = is_string($hook) ? $hook : (is_array($hook) ? $hook['callable'] : $hook->callable))) { call_user_func($hook_call); } } } sys_user_options_unpack($user);
function sn_options_model() { global $user, $user_option_list, $lang, $template_result, $config; $language_new = sys_get_param_str('langer', $user['lang']); if ($language_new != $user['lang']) { $lang->lng_switch($language_new); } lng_include('options'); lng_include('messages'); $FMT_DATE = preg_replace(array('/d/', '/m/', '/Y/'), array('DD', 'MM', 'YYYY'), FMT_DATE); if (sys_get_param_str('mode') == 'change') { if ($user['authlevel'] > 0) { $planet_protection = sys_get_param_int('adm_pl_prot') ? $user['authlevel'] : 0; db_planet_set_by_owner($user['id'], "`id_level` = '{$planet_protection}'"); db_user_set_by_id($user['id'], "`admin_protection` = '{$planet_protection}'"); $user['admin_protection'] = $planet_protection; } if (sys_get_param_int('vacation') && !$config->user_vacation_disable) { sn_db_transaction_start(); if ($user['authlevel'] < 3) { if ($user['vacation_next'] > SN_TIME_NOW) { message($lang['opt_vacation_err_timeout'], $lang['Error'], 'index.php?page=options', 5); die; } $is_building = doquery("SELECT * FROM `{{fleets}}` WHERE `fleet_owner` = '{$user['id']}' LIMIT 1;", true); if ($is_building) { message($lang['opt_vacation_err_your_fleet'], $lang['Error'], 'index.php?page=options', 5); die; } $que = que_get($user['id'], false); if (!empty($que)) { message($lang['opt_vacation_err_que'], $lang['Error'], 'index.php?page=options', 5); die; } $query = classSupernova::db_get_record_list(LOC_PLANET, "`id_owner` = {$user['id']}"); foreach ($query as $planet) { // $planet = sys_o_get_updated($user, $planet, SN_TIME_NOW); // $planet = $planet['planet']; db_planet_set_by_id($planet['id'], "last_update = " . SN_TIME_NOW . ", energy_used = '0', energy_max = '0',\n metal_perhour = '{$config->metal_basic_income}', crystal_perhour = '{$config->crystal_basic_income}', deuterium_perhour = '{$config->deuterium_basic_income}',\n metal_mine_porcent = '0', crystal_mine_porcent = '0', deuterium_sintetizer_porcent = '0', solar_plant_porcent = '0',\n fusion_plant_porcent = '0', solar_satelit_porcent = '0', ship_sattelite_sloth_porcent = 0"); } $user['vacation'] = SN_TIME_NOW + $config->player_vacation_time; } else { $user['vacation'] = SN_TIME_NOW; } sn_db_transaction_commit(); } foreach ($user_option_list as $option_group_id => $option_group) { foreach ($option_group as $option_name => $option_value) { if ($user[$option_name] !== null) { $user[$option_name] = sys_get_param_str($option_name); } else { $user[$option_name] = $option_value; } } } $options = sys_user_options_pack($user); $player_options = sys_get_param('options'); if (!empty($player_options)) { array_walk($player_options, function (&$value) { // TODO - Когда будет больше параметров - сделать больше проверок $value = intval($value); }); classSupernova::$user_options->offsetSet($player_options); // pdump($player_options);die(); // player_save_option_array($user, $player_options); } $username = substr(sys_get_param_str_unsafe('username'), 0, 32); $username_safe = db_escape($username); if ($username && $user['username'] != $username && $config->game_user_changename != SERVER_PLAYER_NAME_CHANGE_NONE && sys_get_param_int('username_confirm') && !strpbrk($username, LOGIN_REGISTER_CHARACTERS_PROHIBITED)) { // проверка на корректность sn_db_transaction_start(); $name_check = doquery("SELECT * FROM {{player_name_history}} WHERE `player_name` LIKE \"{$username_safe}\" LIMIT 1 FOR UPDATE;", true); if (!$name_check || $name_check['player_id'] == $user['id']) { $user = db_user_by_id($user['id'], true); switch ($config->game_user_changename) { case SERVER_PLAYER_NAME_CHANGE_PAY: if (mrc_get_level($user, $planetrow, RES_DARK_MATTER) < $config->game_user_changename_cost) { $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_no_dm']); break; } rpg_points_change($user['id'], RPG_NAME_CHANGE, -$config->game_user_changename_cost, sprintf('Пользователь ID %d сменил имя с "%s" на "%s"', $user['id'], $user['username'], $username)); case SERVER_PLAYER_NAME_CHANGE_FREE: db_user_set_by_id($user['id'], "`username` = '{$username_safe}'"); doquery("REPLACE INTO {{player_name_history}} SET `player_id` = {$user['id']}, `player_name` = '{$username_safe}'"); // TODO: Change cookie to not force user relogin // sn_setcookie(SN_COOKIE, '', time() - PERIOD_WEEK, SN_ROOT_RELATIVE); $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_name_changed']); $user['username'] = $username; break; } } else { $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_used_name']); } sn_db_transaction_commit(); } if ($new_password = sys_get_param('newpass1')) { try { if ($new_password != sys_get_param('newpass2')) { throw new Exception($lang['opt_err_pass_unmatched'], ERR_WARNING); } if (!classSupernova::$auth->password_change(sys_get_param('db_password'), $new_password)) { throw new Exception($lang['opt_err_pass_wrong'], ERR_WARNING); } throw new Exception($lang['opt_msg_pass_changed'], ERR_NONE); } catch (Exception $e) { $template_result['.']['result'][] = array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage()); } } $user['email'] = sys_get_param_str('db_email'); // if(!$template_result[F_ACCOUNT]['account_email'] && ($email_2 = sys_get_param_str('db_email2'))) { // core_auth::email_set($email_2); // } $user['dpath'] = sys_get_param_str('dpath'); $user['lang'] = sys_get_param_str('langer', $user['lang']); // if($lang->lng_switch($user['lang'])) { // lng_include('options'); // lng_include('messages'); // } $user['design'] = sys_get_param_int('design'); $user['noipcheck'] = sys_get_param_int('noipcheck'); // $user['spio_anz'] = sys_get_param_int('spio_anz'); // $user['settings_fleetactions'] = sys_get_param_int('settings_fleetactions', 1); // $user['settings_tooltiptime'] = sys_get_param_int('settings_tooltiptime'); // $user['settings_esp'] = sys_get_param_int('settings_esp'); // $user['settings_wri'] = sys_get_param_int('settings_wri'); // $user['settings_bud'] = sys_get_param_int('settings_bud'); // $user['settings_mis'] = sys_get_param_int('settings_mis'); // $user['settings_statistics'] = sys_get_param_int('settings_statistics'); // $user['settings_info'] = sys_get_param_int('settings_info'); // $user['settings_rep'] = sys_get_param_int('settings_rep'); // $user['planet_sort'] = sys_get_param_int('settings_sort'); // $user['planet_sort_order'] = sys_get_param_int('settings_order'); $user['deltime'] = !sys_get_param_int('deltime') ? 0 : ($user['deltime'] ? $user['deltime'] : SN_TIME_NOW + $config->player_delete_time); $gender = sys_get_param_int('gender', $user['gender']); !isset($lang['sys_gender_list'][$gender]) ? $gender = $user['gender'] : false; $user['gender'] = $user['gender'] == GENDER_UNKNOWN ? $gender : $user['gender']; try { if ($user['birthday']) { throw new exception(); } $user_birthday = sys_get_param_str_unsafe('user_birthday'); if (!$user_birthday || $user_birthday == $FMT_DATE) { throw new exception(); } // Some black magic to parse any valid date format - those that contains all three "d", "m" and "Y" and any of the delimeters "\", "/", ".", "-" $pos['d'] = strpos(FMT_DATE, 'd'); $pos['m'] = strpos(FMT_DATE, 'm'); $pos['Y'] = strpos(FMT_DATE, 'Y'); asort($pos); $i = 0; foreach ($pos as &$position) { $position = ++$i; } $regexp = "/" . preg_replace(array('/\\\\/', '/\\//', '/\\./', '/\\-/', '/d/', '/m/', '/Y/'), array('\\\\\\', '\\/', '\\.', '\\-', '(\\d?\\d)', '(\\d?\\d)', '(\\d{4})'), FMT_DATE) . "/"; if (!preg_match($regexp, $user_birthday, $match)) { throw new exception(); } if (!checkdate($match[$pos['m']], $match[$pos['d']], $match[$pos['Y']])) { throw new exception(); } $user['user_birthday'] = db_escape("{$match[$pos['Y']]}-{$match[$pos['m']]}-{$match[$pos['d']]}"); // EOF black magic! Now we have valid SQL date in $user['user_birthday'] - independent of date format $year = date('Y', SN_TIME_NOW); if (mktime(0, 0, 0, $match[$pos['m']], $match[$pos['d']], $year) > SN_TIME_NOW) { $year--; } $user['user_birthday_celebrated'] = db_escape("{$year}-{$match[$pos['m']]}-{$match[$pos['d']]}"); $user_birthday = ", `user_birthday` = '{$user['user_birthday']}', `user_birthday_celebrated` = '{$user['user_birthday_celebrated']}'"; } catch (exception $e) { $user_birthday = ''; } require_once 'includes/includes/sys_avatar.php'; $avatar_upload_result = sys_avatar_upload($user['id'], $user['avatar']); $template_result['.']['result'][] = $avatar_upload_result; $user_time_diff = playerTimeDiff::user_time_diff_get(); if (sys_get_param_int('PLAYER_OPTION_TIME_DIFF_FORCED')) { playerTimeDiff::user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => sys_get_param_int('PLAYER_OPTION_TIME_DIFF'), PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 1, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL)); } elseif (sys_get_param_int('opt_time_diff_clear') || $user_time_diff[PLAYER_OPTION_TIME_DIFF_FORCED]) { playerTimeDiff::user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => '', PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 0, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL)); } $user_options_safe = db_escape($user['options']); db_user_set_by_id($user['id'], "`email` = '{$user['email']}', `lang` = '{$user['lang']}', `avatar` = '{$user['avatar']}',\n `dpath` = '{$user['dpath']}', `design` = '{$user['design']}', `noipcheck` = '{$user['noipcheck']}',\n `deltime` = '{$user['deltime']}', `vacation` = '{$user['vacation']}', `options` = '{$user_options_safe}', `gender` = {$user['gender']}\n {$user_birthday}"); $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']); } elseif (sys_get_param_str('result') == 'ok') { $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']); } $user = db_user_by_id($user['id']); $options = sys_user_options_unpack($user); }
protected function make_return_array() { global $config; $user_id = !empty(self::$user['id']) ? self::$user['id'] : 0; // if(!empty($user_id) && !$user_impersonator) { // $user_id не может быть пустым из-за констраинтов в таблице SPE // self::db_security_entry_insert(); self::$device->db_security_entry_insert($user_id); $result = array(); if ($user_id && empty($this->is_impersonating)) { // self::db_counter_insert(); self::$device->db_counter_insert($user_id); $user =& self::$user; sys_user_options_unpack($user); if ($user['banaday'] && $user['banaday'] <= SN_TIME_NOW) { $user['banaday'] = 0; $user['vacation'] = SN_TIME_NOW; } $user['user_lastip'] = self::$device->ip_v4_string; // $ip['ip']; $user['user_proxy'] = self::$device->ip_v4_proxy_chain; //$ip['proxy_chain']; $result[F_BANNED_STATUS] = $user['banaday']; $result[F_VACATION_STATUS] = $user['vacation']; $proxy_safe = static::$db->db_escape(self::$device->ip_v4_proxy_chain); db_user_set_by_id($user['id'], "`onlinetime` = " . SN_TIME_NOW . ",\n `banaday` = " . static::$db->db_escape($user['banaday']) . ", `vacation` = " . static::$db->db_escape($user['vacation']) . ",\n `user_lastip` = '" . static::$db->db_escape($user['user_lastip']) . "', `user_last_proxy` = '{$proxy_safe}', `user_last_browser_id` = " . self::$device->browser_id); } if ($extra = $config->security_ban_extra) { $extra = explode(',', $extra); array_walk($extra, 'trim'); in_array(self::$device->device_id, $extra) and die; } $result[F_LOGIN_STATUS] = self::$login_status = empty($this->providers_authorised) ? self::$login_status : LOGIN_SUCCESS; $result[F_PLAYER_REGISTER_STATUS] = $this->register_status; $result[F_USER] = self::$user; // $result[AUTH_LEVEL] = isset(self::$user['authlevel']) ? self::$user['authlevel'] : AUTH_LEVEL_ANONYMOUS; $result[AUTH_LEVEL] = $this->auth_level_max_local; $result[F_IMPERSONATE_STATUS] = $this->is_impersonating; $result[F_IMPERSONATE_OPERATOR] = $this->impersonator_username; // TODO // self::$hidden[F_IMPERSONATE_OPERATOR] = $found_provider->data[F_IMPERSONATE_OPERATOR]; //TODO Сол и Парол тоже вкинуть в хидден $result[F_ACCOUNTS_AUTHORISED] = $this->providers_authorised; return $result; }
function sec_login_process(&$result) { $user =& $result[F_LOGIN_USER]; sys_user_options_unpack($user); if ($user['banaday'] && $user['banaday'] <= SN_TIME_NOW) { $user['banaday'] = 0; $user['vacation'] = SN_TIME_NOW; } $ip = sec_player_ip(); $user['user_lastip'] = $ip['ip']; $user['user_proxy'] = $ip['proxy_chain']; $result[F_BANNED_STATUS] = $user['banaday']; $result[F_VACATION_STATUS] = $user['vacation']; sec_login_change_state($result); }