public function last_activity_stamp($ship_id)
{
global $db_prefix;
$manage_log = new manage_log();
$shared_function = new shared();
if ($ship_id > 0) {
$timestamp = $shared_function->manage_time("full");
$timestamp_ship = $this->connect->prepare("UPDATE " . $db_prefix . "ships SET last_login='******' WHERE ship_id='" . $ship_id . "'");
if ($timestamp_ship->execute()) {
} else {
}
} else {
}
}
function updatecookie()
{
// Refresh the cookie with username/password - Times out after 60 mins, and player must login again.
global $gamepath, $gamedomain, $userpass, $username, $password, $user_ship_id, $user_ip_address, $user_agent, $user_host;
$shared_function = new shared();
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$cookie_session_id = md5($user_agent);
$data = array('username' => $username, 'password' => $cookie_session_id, 'user_id' => $user_ship_id, 'user_ip' => $user_ip_address, 'user_host' => $user_host, 'user_agent' => $user_agent);
$data = serialize($data);
setcookie("userID", $data, time() + 3600 * 24 * 365, $gamepath, $gamedomain);
}
private function _checkLogin()
{
$shared_function = new shared();
$this->_isLogged = false;
$time_date_full = $shared_function->manage_time("full");
if (isset($_SESSION['logged']) && $_SESSION['logged']) {
$sth = $this->connect->query("SELECT * FROM WHERE user_id = " . $_SESSION['user_id']);
$result = $sth->fetch();
if ($result['ip'] == $_SESSION['ip']) {
$this->_isLogged = true;
$this->_isFullName = $result['name'];
$this->_isUsername = $result['username'];
$this->_isIndentification = $result['facebook_id'];
$this->_isDatabaseID = $result['user_id'];
}
} else {
if (isset($_COOKIE['XRLogin']) && $_COOKIE['XRLogin']) {
$cookieData = unserialize(stripslashes($_COOKIE['XRLogin']));
$sth = $this->connect->query("SELECT * FROM WHERE user_id = " . $cookieData['user_id']);
$result = $sth->fetch();
if ($result['ip'] == $cookieData['ip']) {
$this->_isLogged = true;
$this->_setLogin($result);
$this->_isFullName = $result['name'];
$this->_isUsername = $result['username'];
$this->_isIndentification = $result['facebook_id'];
$this->_isDatabaseID = $result['user_id'];
}
}
}
if ($this->_isDatabaseID > 0) {
$sth = $this->connect->prepare("UPDATE SET last_activity = ? WHERE user_id = ?");
if ($sth->execute(array($time_date_full, $this->_isDatabaseID))) {
//update successful
} else {
//user not logged in
}
}
}
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
// File: option2.php
include "config/config.php";
if (checklogin()) {
die;
}
global $l_opt2_title;
$title = $l_opt2_title;
if ($newpass1 == $newpass2 && $password == $oldpass && $newpass1 != "") {
$shared_function = new shared();
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$cookie_session_id = md5($user_agent);
$data = array('username' => $username, 'password' => $cookie_session_id, 'user_id' => $user_ship_id, 'user_ip' => $user_ip_address, 'user_host' => $user_host, 'user_agent' => $user_agent);
$data = serialize($data);
setcookie("userID", $data, time() + 3600 * 24 * 365, $gamepath, $gamedomain);
}
if (!preg_match("/^[\\w]+\$/", $newlang)) {
$newlang = $default_lang;
} else {
$lang = $_POST['newlang'];
}
// New database driven language entries
header('Location: index.php');
exit;
}
}
$sth = $db->prepare("SELECT * FROM " . $db_prefix . "account WHERE username = ?");
$sth->execute(array($register['username']));
if (!$sth->fetch()) {
$sth = $db->prepare("SELECT * FROM " . $db_prefix . "account WHERE email = ?");
$sth->execute(array($register['email']));
if (false != $sth->fetch() && $fbId != 0) {
$sth = $db->prepare("UPDATE " . $db_prefix . "account SET facebook_id = ? WHERE email = ?");
if ($sth->execute(array($fbId, $register['email']))) {
$status = $user->fbLogin($fbId);
}
} else {
$shared_function = new shared();
$time_date_full = $shared_function->manage_time("full");
$location = $register['location'];
if (is_array($location)) {
$location = $location['name'];
}
if ($fbId > 1) {
#user has a facebook id, use it
$account_id = $fbId;
} else {
#create a randomly large id
$account_id = rand(1, 999) . rand(1, 999) . rand(1, 999);
}
$sql = "INSERT INTO " . $db_prefix . "account (facebook_id, username, password, name, email, location, gender, ip, registration_date, handle, active_ship, user_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$data = array($fbId, $register['username'], md5($register['password']), $register['name'], $register['email'], $location, $register['gender'], $_SERVER['REMOTE_ADDR'], $time_date_full, $register['handle'], 0, $account_id);
$sth = $db->prepare($sql);
function checklogin()
{
$flag = 0;
$shared_function = new shared();
global $username, $password, $db, $l, $user_ship_id, $user_cookie_ip, $user_cookie_host, $user_cookie_agent, $lang;
$result1 = $db->Execute("SELECT * FROM {$db->prefix}ships WHERE ship_id=? LIMIT 1", array($user_ship_id));
db_op_result($db, $result1, __LINE__, __FILE__);
$playerinfo = $result1->fields;
// Check the cookie to see if username/password are empty - check password against database
//needs changing to check session ID inside cookie matches session ID on server DB, if not force user to log in again!
/*Check user browser and cookie match*/
$shared_function = new shared();
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if ($username == "" or $user_ship_id == "" or $password == "") {
$title = $l->get('l_error');
include "header.php";
echo str_replace("[here]", "<a href='index.php'>" . $l->get('l_here') . "</a>", $l->get('l_global_needlogin'));
include "footer.php";
$flag = 1;
} else {
/*check computers match*/
if ($user_cookie_ip == $user_ip_address && $user_cookie_host == $user_host && $user_cookie_agent == $user_agent) {
if ($playerinfo) {
$ip = $_SERVER['REMOTE_ADDR'];
$stamp = date("Y-m-d H:i:s");
$timestamp['now'] = (int) strtotime($stamp);
$timestamp['last'] = (int) strtotime($playerinfo['last_login']);
// Update the players last_login ever 60 seconds to cut back SQL Queries.
if ($timestamp['now'] >= $timestamp['last'] + 60) {
$update = $db->Execute("UPDATE {$db->prefix}ships SET last_login = ?, ip_address = ? WHERE ship_id = ?;", array($stamp, $ip, $playerinfo['ship_id']));
}
}
} else {
$title = $l->get('l_error');
include "header.php";
echo str_replace("[here]", "<a href='index.php'>" . $l->get('l_here') . "</a>", $l->get('l_global_needlogin'));
include "footer.php";
$flag = 1;
}
}
/*
// Check for destroyed ship
if ($playerinfo['ship_destroyed'] == "Y")
{
// if the player has an escapepod, set the player up with a new ship
if ($playerinfo['dev_escapepod'] == "Y")
{
$result2 = $db->Execute("UPDATE {$db->prefix}ships SET hull=0, engines=0, power=0, computer=0,sensors=0, beams=0, torp_launchers=0, torps=0, armor=0, armor_pts=100, cloak=0, shields=0, sector=0, ship_ore=0, ship_organics=0, ship_energy=1000, ship_colonists=0, ship_goods=0, ship_fighters=100, ship_damage=0, on_planet='N', dev_warpedit=0, dev_genesis=0, dev_beacon=0, dev_emerwarp=0, dev_escapepod='N', dev_fuelscoop='N', dev_minedeflector=0, ship_destroyed='N',dev_lssd='N' WHERE email=?", array($username));
db_op_result ($db, $result2, __LINE__, __FILE__);
echo str_replace("[here]", "<a href='main.php'>" . $l->get('l_here') . "</a>", $l->get('l_login_died'));
$flag = 1;
}
else
{
// if the player doesn't have an escapepod - they're dead, delete them. But we can't delete them yet.
// (This prevents the self-distruct inherit bug)
echo str_replace("[here]", "<a href='log.php'>" . ucfirst($l->get('l_here')) . "</a>", $l->get('l_global_died')) . "<br><br>" . $l->get('l_global_died2');
echo str_replace("[logout]", "<a href='logout.php'>" . $l->get('l_logout') . "</a>", $l->get('l_die_please'));
$flag = 1;
}
}
*/
global $server_closed;
if ($server_closed && $flag == 0) {
$title = $l->get('l_login_closed_message');
include "header.php";
echo $l->get('l_login_closed_message');
include "footer.php";
$flag = 1;
}
return $flag;
}
public function player_log($user_id, $event_id, $a, $b, $c, $tracking, $log_priority, $log_title)
{
global $db_prefix;
$shared_function = new shared();
if ($tracking == "notrack") {
$user_ip_address = "";
$user_agent = "";
$user_host = "";
} else {
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
}
$event_content = $this->player_log_data($event_id, $a, $b, $c, $ip_array);
$timestamp = $shared_function->manage_time("full");
$create_log = $this->connect->prepare("INSERT INTO " . $db_prefix . "player_logs SET ship_id = ? , type = ? , time = ?, data = ?, user_agent = ?, user_host = ?, user_ip = ?, priority = ?, title = ?");
$create_log->bindParam(1, $user_id, PDO::PARAM_INT);
$create_log->bindParam(2, $event_id, PDO::PARAM_INT);
$create_log->bindParam(3, $timestamp, PDO::PARAM_STR);
$create_log->bindParam(4, $event_content, PDO::PARAM_STR);
$create_log->bindParam(5, $user_agent, PDO::PARAM_STR);
$create_log->bindParam(6, $user_host, PDO::PARAM_STR);
$create_log->bindParam(7, $user_ip_address, PDO::PARAM_STR);
$create_log->bindParam(8, $log_priority, PDO::PARAM_STR);
$create_log->bindParam(9, $log_title, PDO::PARAM_STR);
if ($create_log->execute()) {
# Do nothing, log was created!!! #
} else {
# Log failed to work..... log this in the admin logs.... hopefully it will work there?! #
if ($user_id > 0) {
/*username is valid... why else would the log fail?*/
if ($event_id > 0) {
/*NO other known reason this should be failing.*/
$this->security_log($user_id, 3, $create_log->errorInfo());
} else {
/*Invalid Event ID*/
$this->security_log($user_id, 2, $event_id);
}
} else {
/*Invalid User ID*/
$this->security_log(0, 1, $event_id);
}
}
}
