function update_dm($dm, &$sid)
{
global $TABLE_USERS, $rpgDB;
$dm = $dm == 'on' ? 'Y' : 'N';
$_r = $rpgDB->query(sprintf("UPDATE %s SET dm = '%s' WHERE pname = '%s' LIMIT 1", $TABLE_USERS, $dm, addslashes($sid->GetUserName())));
if (!$_r) {
__printFatalErr("Failed to update database.", __LINE__, __FILE__);
}
}
function create_user($username)
{
global $TABLE_USERS, $rpgDB;
$sql = sprintf("INSERT INTO %s (pname, slength, dm) VALUES ('%s', %d, 'N')", $TABLE_USERS, $username, 180);
$res = $rpgDB->query($sql);
if (!$res) {
__printFatalErr("Unable to create new user profile: " . $username . '\\n' . $rpgDB->error());
}
}
function get_sheet_path($id)
{
global $TABLE_TEMPLATES, $rpgDB;
$res = $rpgDB->query(sprintf("SELECT filename FROM %s WHERE id = %d", $TABLE_TEMPLATES, (int) $id));
if (!$res) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows($res)) {
$row = $rpgDB->fetch_row($res);
return $row['filename'];
} else {
return __printFatalErr("Invalid character sheet identifier");
}
}
function GetJoinRequests()
{
global $TABLE_CHARS, $TABLE_TEMPLATES, $TABLE_CAMPAIGN_REQUESTS, $rpgDB;
$characters = array();
$sql = sprintf("SELECT c.cname, c.owner, DATE_FORMAT(c.lastedited, '%%d/%%m/%%Y %%H:%%i') as lastedited, st.name, c.id, cj.status " . "FROM %s c, %s st, %s cj WHERE cj.campaign_id = %d AND c.id = cj.char_id AND st.id = c.template_id " . "ORDER BY UPPER(c.cname)", $TABLE_CHARS, $TABLE_TEMPLATES, $TABLE_CAMPAIGN_REQUESTS, (int) $this->id);
$res = $rpgDB->query($sql);
if (!$res) {
__printFatalErr("Query Failed: {$sql}");
}
while ($row = $rpgDB->fetch_row($res)) {
array_push($characters, array('name' => $row['cname'], 'owner' => $row['owner'], 'edited' => $row['lastedited'], 'template' => $row['name'], 'id' => $row['id'], 'type' => $row['status']));
}
return $characters;
}
function authenticate(&$sid)
{
global $TABLE_USERS, $rpgDB;
// Record the session id.
if (!isset($_COOKIE['sid'])) {
return;
}
$sid->_sid = $_COOKIE['sid'];
// Ensure a valid sid.
if (!$sid->ValidateId($sid->_sid)) {
return false;
}
// Attempt to retrieve the session details from the db.
$sql = sprintf("SELECT pname, iplog, slength, email, dm FROM %s WHERE UNIX_TIMESTAMP(lastlogin) + (slength * 60) > UNIX_TIMESTAMP(NOW()) AND ip = '%s' AND sid = '%s'", $TABLE_USERS, addslashes($sid->_ip), addslashes($sid->_sid));
//__printFatalErr($sql);
$res = $rpgDB->query($sql);
if (!$res) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows($res) != 1) {
return false;
}
// Record the user data.
$row = $rpgDB->fetch_row($res);
$sid->_username = $row['pname'];
$sid->_iplog = unserialize(stripslashes($row['iplog']));
$sid->_slength = $row['slength'];
$sid->_email = $row['email'];
$sid->_dm = $row['dm'] == 'Y';
// Update the iplog.
$sid->update_iplog();
// Update the db.
$res = $rpgDB->query(sprintf("UPDATE %s SET iplog = '%s', ip = '%s' WHERE pname = '%s'", $TABLE_USERS, addslashes(serialize($sid->_iplog)), addslashes($sid->_ip), addslashes($sid->_username)));
if (!$res) {
__printFatalErr("Failed to update database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
__printFatalErr("Failed to update user data.", __LINE__, __FILE__);
}
return true;
}
function SpawnSession()
{
global $TABLE_USERS, $FORUM, $rpgDB;
// If forum software is being used for authentication, don't create sessions.
if ($FORUM) {
return;
}
// Ensure the session state is set correctly.
$this->_is_session_valid = false;
// Ensure we have both a username and password.
if (!(isset($_POST['user']) && isset($_POST['pwd']))) {
return false;
}
// Validate the data.
$err = array();
if (!(is_valid_pname($_POST['user'], $err) && is_valid_password($_POST['pwd'], $err))) {
return false;
}
// Check the user against the db.
$res = $rpgDB->query(sprintf("SELECT iplog, slength, email, dm FROM %s WHERE pname = '%s' " . "AND (pwd = PASSWORD('%s') OR pwd = OLD_PASSWORD('%s'))", $TABLE_USERS, addslashes($_POST['user']), addslashes($_POST['pwd']), addslashes($_POST['pwd'])));
if (!$res) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
return false;
}
$row = $rpgDB->fetch_row($res);
// Record the userdata.
$this->_username = $_POST['user'];
$this->_iplog = unserialize(stripslashes($row['iplog']));
$this->_slength = $row['slength'];
$this->_email = $row['email'];
$this->_dm = $row['dm'] == 'Y';
// Update the iplog.
$this->update_iplog();
// Generate the sid.
$this->_sid = $this->GenerateId();
// Set the session cookie.
setcookie('sid', $this->_sid);
// Determine character access permissions.
$this->_permission = new CharPermission($this->_username, null);
// Update the db.
$res = $rpgDB->query(sprintf("UPDATE %s SET iplog = '%s', ip = '%s', sid = '%s', pwd_key = NULL WHERE pname = '%s'", $TABLE_USERS, addslashes(serialize($this->_iplog)), addslashes($this->_ip), addslashes($this->_sid), addslashes($this->_username)));
if (!$res) {
__printFatalErr("Failed to update database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
__printFatalErr("Failed to update user data.", __LINE__, __FILE__);
}
// Now record that this session is valid.
$this->_is_session_valid = true;
// Return success.
return true;
}
// Obtain the import script for the format.
$res = $rpgDB->query(sprintf("SELECT imp_file, title FROM %s WHERE id = %d", $TABLE_SERIALIZE, (int) $format));
if (!$res) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
__printFatalErr("Failed to obtain import script location.", __FILE__, __LINE__);
}
$row = $rpgDB->fetch_row($res);
}
// Include the proper script.
include_once "{$INCLUDE_PATH}/serialization/" . $row['imp_file'];
// Call the import routine.
$char = new Character($id);
if (!$char->IsValid()) {
__printFatalErr("Failed to obtain current character data.");
}
if (import_character($contents, $char)) {
if ($char->Save($sid)) {
print_upload_success($sid);
}
}
// By now, we've failed if we got here.
print_upload_failed($sid, $row['title']);
////////////////////////////////////////////////////////////////////////
// Helper functions
// Show that the autodetect has failed.
function print_autodetect_failed($sid, $id)
{
global $title, $formats;
$title = 'Data Upload';
$messages = $err;
draw_page($error_page);
exit;
}
// Check to see if the profile name already exists.
$_r = $rpgDB->query(sprintf("SELECT COUNT(pname) as cnt FROM %s WHERE pname = '%s'", $TABLE_USERS, addslashes($user)));
if (!$_r) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
$r = $rpgDB->fetch_row($_r);
if ($r['cnt'] != 0) {
array_push($err, "The selected username ({$user}) has already been registered by another user.");
$messages = $err;
draw_page($error_page);
}
// Attempt to add the new user.
$_r = $rpgDB->query(sprintf("INSERT INTO %s SET pname = '%s', pwd = PASSWORD('%s'), email = '%s'", $TABLE_USERS, addslashes($user), addslashes($pwd1), addslashes($email)));
if (!$_r) {
__printFatalErr("Failed to update database.", __LINE__, __FILE__);
}
// Show the user a success message.
$title = 'Registration Complete';
$pname = $user;
draw_page('register_success.php');
} else {
// No data was sent:
// Display the registration page.
$title = 'Registration';
$pname = $user;
draw_page('register.php');
}
function get_campaigns()
{
global $TABLE_CAMPAIGNS, $TABLE_CHARS, $rpgDB;
$this->_campaigns = array();
$sql = sprintf("SELECT ca.id, ca.name, ca.active, ca.open, count(ch.id) as chars " . "FROM %s ca LEFT JOIN %s ch ON ca.id = ch.campaign " . "WHERE ca.owner = '%s' GROUP BY ca.id " . "ORDER BY UPPER(ca.name)", $TABLE_CAMPAIGNS, $TABLE_CHARS, addslashes($this->_pname));
$res = $rpgDB->query($sql);
if (!$res) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
while ($row = $rpgDB->fetch_row($res)) {
if ($row['active'] == 'Y') {
array_push($this->_campaigns, array('id' => $row['id'], 'name' => $row['name'], 'active' => $row['active'] == 'Y', 'open' => $row['open'] == 'Y', 'pcs' => $row['chars']));
} else {
array_push($this->_inactive_campaigns, array('id' => $row['id'], 'name' => $row['name'], 'active' => $row['active'] == 'Y', 'open' => $row['open'] == 'Y', 'pcs' => $row['chars']));
}
}
}
include_once "{$INCLUDE_PATH}/engine/campaign.class.php";
include_once "{$INCLUDE_PATH}/engine/templates.php";
include_once "{$INCLUDE_PATH}/engine/serialization.php";
$sid = RespawnSession(__LINE__, __FILE__);
// Validate permission for the requested character.
$id = (int) $_POST['id'];
if (!$id) {
$id = (int) $_GET['id'];
}
if (!$sid->HasAccessTo($id)) {
__printFatalErr("Access denied.");
}
// Get character details.
$character = new Character($id);
if (!$character->IsValid()) {
__printFatalErr("Failed to retrieve character data.", __LINE__, __FILE__);
}
// Perform any simple actions that are requested.
if (isset($_POST['public'])) {
$public_updated = apply_public($sid, $character, $_POST['public'] == 'true') ? 'Updated!' : 'Update Failed!';
}
if (isset($_POST['inactive'])) {
$inactive_updated = apply_inactive($sid, $character, $_POST['inactive'] == 'true') ? 'Updated!' : 'Update Failed!';
}
if (isset($_POST['add_profile'])) {
$profiles_updated = apply_add_profile($character, $_POST['add_profile']) ? 'Updated!' : 'Update Failed!';
}
if (isset($_POST['tid'])) {
$template_updated = apply_template($sid, $character, (int) $_POST['tid']) ? 'Updated!' : 'Update Failed!';
}
if (isset($_GET['remove_profile'])) {
$name = $_POST['newname'];
$website = $_POST['website'];
$err = array();
if (!is_valid_cname($name, $err)) {
$title = 'Error';
$success = false;
draw_page('new_campaign.php');
exit;
}
// Add the campaign to the database
$_r = $rpgDB->query(sprintf("INSERT INTO %s SET name = '%s', owner = '%s', website = '%s'", $TABLE_CAMPAIGNS, addslashes($name), addslashes($sid->GetUserName()), addslashes($website)));
if (!$_r) {
__printFatalErr("Failed to update database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
__printFatalErr("Failed to update campaign list.", __LINE__, __FILE__);
}
// Get the character's id (the character should be the most recent character
// edited by this profile, and just to be sure, we restrict the select by
// cname as well).
$_r = $rpgDB->query(sprintf("select last_insert_id() as id from %s where owner='%s'", $TABLE_CAMPAIGNS, addslashes($sid->GetUserName())));
if (!$_r) {
__printFatalErr("Failed to query database for new campaign id.", __LINE__, __FILE__);
}
$r = $rpgDB->fetch_row($_r);
$campaignID = $r['id'];
// Everything should be fine, generate the success message.
$title = 'New Campaign';
$id = $campaignID;
$success = true;
draw_page('new_campaign.php');
if ($query_id) {
$this->row[$query_id] = mysql_fetch_array($query_id, MYSQL_ASSOC);
return $this->row[$query_id];
} else {
return false;
}
}
function freeresult($query_id = 0)
{
if (!$query_id) {
$query_id = $this->query_result;
}
if ($query_id) {
unset($this->row[$query_id]);
unset($this->rowset[$query_id]);
mysql_free_result($query_id);
return true;
} else {
return false;
}
}
function error()
{
$result['message'] = mysql_error($this->db_connect_id);
$result['code'] = mysql_errno($this->db_connect_id);
return $result;
}
}
// class sql_db
$rpgDB = new mysql_db($DB_HOST, $DB_USER, $DB_PWD, $DB) or __printFatalErr(mysql_error() . 'Failed to find database.', __LINE__, __FILE__);
}
}
}
}
// Limit
$sql .= "LIMIT " . $recordsPerPage . " ";
// Offset
if ($page) {
$start = 1 + ((int) $page - 1) * $recordsPerPage;
$sql .= "OFFSET " . $start . " ";
} else {
$page = 1;
}
$res = $rpgDB->query($sql);
if (!$res) {
__printFatalErr("Failed to query database: {$sql}", __LINE__, __FILE__);
}
$characters = array();
while ($row = $rpgDB->fetch_row($res)) {
array_push($characters, array("id" => $row['id'], "name" => $row['cname'], "lastedited" => $row['lastedited'], "owner" => $row['owner'], "template" => $row['tname'], "campaign" => $row['caname']));
}
if (count($characters) == $recordsPerPage) {
$nextpage = $page + 1;
}
if ($page > 1) {
$prevpage = $page - 1;
}
draw_page('search_results.php');
} else {
// No query string, show the search page.
draw_page('search.php');
$format = (int) $_POST['format'];
// Verify access to the character.
if (!$sid->HasAccessTo($id)) {
__printFatalErr("Access denied.");
}
// Get the charcter data.
$char = new Character($id);
if (!$char->IsValid()) {
__printFatalErr("Invalid character data (?)");
}
// Determine which script to include.
$_r = $rpgDB->query(sprintf("SELECT exp_file FROM %s where exp_file != '' AND id = %d LIMIT 1", $TABLE_SERIALIZE, (int) $format));
if (!$_r) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
$row = $rpgDB->fetch_row($_r);
// Verify we have a path.
$path = $INCLUDE_PATH . '/serialization/' . $row['exp_file'];
if (!is_file($path)) {
__printFatalErr("Failed to locate export script.", __LINE__, __FILE__);
}
// Include the script.
include_once $path;
// Attempt the export.
$data = export_character($char);
if (strlen($data)) {
header("Cache-Control: no-store, no-cache, must-revalidate");
echo $data;
} else {
__printFatalErr("Export routine failed.");
}
if (!is_valid_email($email, $err_dummy)) {
__printFatalErr("An invalid or non-existent email address was found in your profile.");
}
// Generate a key and put it in the db.
$keygen = new Id();
$id = $keygen->GenerateId();
$_r = $rpgDB->query(sprintf("UPDATE %s SET pwd_key = '%s' WHERE pname = '%s' LIMIT 1", $TABLE_USERS, addslashes($id), addslashes($pname)), $rpgDB);
if (!$_r) {
__printFatalErr("Failed to update database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
__printFatalErr("Failed to update profile.", __LINE__, __FILE__);
}
// Send off the message.
$to = $email;
$from = "From: {$EMAIL_WEBMASTER}";
$subject = "RPG Web Profiler password reset.";
$body = "{$pname},\n\nYour RPG Web Profiler password at {$URI_HOME} was recently requested to be reset. To complete the process, visit the link below and follow the directions that 3EProfiler asks.\n\n{$URI_BASE}/resetpwd.php?p={$pname}&k={$id}\n\nIf you never requested your password to be reset, please disregard this message. No information was given to the person requesting your password.";
if (!mail($to, $subject, $body, $from)) {
__printFatalErr("Failed to send email to address listed in profile.");
}
// Send a success message.
$title = 'Reset Password';
draw_page('resetpwd_checkmail.php');
} else {
// No proper query received: show a form allowing the user to give
// their profile name.
$title = 'Reset Password';
draw_page('resetpwd.php');
}
}
$title = 'Error';
draw_page('new_badname.php');
exit;
}
// Verify we got a proper template for the character.
$template = (int) $_POST['chartemplate'];
if (!is_valid_template_id($template)) {
__printFatalErr("Invalid template id.");
}
// Add the character to the master list.
$sql = sprintf("INSERT INTO %s SET cname = '%s', editedby = '%s', template_id = %d, owner = '%s'", $TABLE_CHARS, addslashes($name), addslashes($sid->GetUserName()), (int) $template, addslashes($sid->GetUserName()));
$_r = $rpgDB->query($sql);
if (!$_r) {
__printFatalErr("Failed to update database: {$sql}", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
__printFatalErr("Failed to update character list.", __LINE__, __FILE__);
}
// Get the character's id (the character should be the most recent character
// edited by this profile, and just to be sure, we restrict the select by
// cname as well).
$_r = $rpgDB->query(sprintf("SELECT id FROM %s WHERE editedby = '%s' AND cname = '%s' ORDER BY lastedited DESC LIMIT 1", $TABLE_CHARS, addslashes($sid->GetUserName()), addslashes($name)));
if (!$_r) {
__printFatalErr("Failed to query database for new character id.", __LINE__, __FILE__);
}
$r = $rpgDB->fetch_row($_r);
$charID = $r['id'];
// Everything should be fine, generate the success message.
$title = 'New Character';
$id = $charID;
draw_page('new_success.php');
