function update_dm($dm, &$sid) { global $TABLE_USERS, $rpgDB; $dm = $dm == 'on' ? 'Y' : 'N'; $_r = $rpgDB->query(sprintf("UPDATE %s SET dm = '%s' WHERE pname = '%s' LIMIT 1", $TABLE_USERS, $dm, addslashes($sid->GetUserName()))); if (!$_r) { __printFatalErr("Failed to update database.", __LINE__, __FILE__); } }
function create_user($username) { global $TABLE_USERS, $rpgDB; $sql = sprintf("INSERT INTO %s (pname, slength, dm) VALUES ('%s', %d, 'N')", $TABLE_USERS, $username, 180); $res = $rpgDB->query($sql); if (!$res) { __printFatalErr("Unable to create new user profile: " . $username . '\\n' . $rpgDB->error()); } }
function get_sheet_path($id) { global $TABLE_TEMPLATES, $rpgDB; $res = $rpgDB->query(sprintf("SELECT filename FROM %s WHERE id = %d", $TABLE_TEMPLATES, (int) $id)); if (!$res) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } if ($rpgDB->num_rows($res)) { $row = $rpgDB->fetch_row($res); return $row['filename']; } else { return __printFatalErr("Invalid character sheet identifier"); } }
function GetJoinRequests() { global $TABLE_CHARS, $TABLE_TEMPLATES, $TABLE_CAMPAIGN_REQUESTS, $rpgDB; $characters = array(); $sql = sprintf("SELECT c.cname, c.owner, DATE_FORMAT(c.lastedited, '%%d/%%m/%%Y %%H:%%i') as lastedited, st.name, c.id, cj.status " . "FROM %s c, %s st, %s cj WHERE cj.campaign_id = %d AND c.id = cj.char_id AND st.id = c.template_id " . "ORDER BY UPPER(c.cname)", $TABLE_CHARS, $TABLE_TEMPLATES, $TABLE_CAMPAIGN_REQUESTS, (int) $this->id); $res = $rpgDB->query($sql); if (!$res) { __printFatalErr("Query Failed: {$sql}"); } while ($row = $rpgDB->fetch_row($res)) { array_push($characters, array('name' => $row['cname'], 'owner' => $row['owner'], 'edited' => $row['lastedited'], 'template' => $row['name'], 'id' => $row['id'], 'type' => $row['status'])); } return $characters; }
function authenticate(&$sid) { global $TABLE_USERS, $rpgDB; // Record the session id. if (!isset($_COOKIE['sid'])) { return; } $sid->_sid = $_COOKIE['sid']; // Ensure a valid sid. if (!$sid->ValidateId($sid->_sid)) { return false; } // Attempt to retrieve the session details from the db. $sql = sprintf("SELECT pname, iplog, slength, email, dm FROM %s WHERE UNIX_TIMESTAMP(lastlogin) + (slength * 60) > UNIX_TIMESTAMP(NOW()) AND ip = '%s' AND sid = '%s'", $TABLE_USERS, addslashes($sid->_ip), addslashes($sid->_sid)); //__printFatalErr($sql); $res = $rpgDB->query($sql); if (!$res) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } if ($rpgDB->num_rows($res) != 1) { return false; } // Record the user data. $row = $rpgDB->fetch_row($res); $sid->_username = $row['pname']; $sid->_iplog = unserialize(stripslashes($row['iplog'])); $sid->_slength = $row['slength']; $sid->_email = $row['email']; $sid->_dm = $row['dm'] == 'Y'; // Update the iplog. $sid->update_iplog(); // Update the db. $res = $rpgDB->query(sprintf("UPDATE %s SET iplog = '%s', ip = '%s' WHERE pname = '%s'", $TABLE_USERS, addslashes(serialize($sid->_iplog)), addslashes($sid->_ip), addslashes($sid->_username))); if (!$res) { __printFatalErr("Failed to update database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Failed to update user data.", __LINE__, __FILE__); } return true; }
function SpawnSession() { global $TABLE_USERS, $FORUM, $rpgDB; // If forum software is being used for authentication, don't create sessions. if ($FORUM) { return; } // Ensure the session state is set correctly. $this->_is_session_valid = false; // Ensure we have both a username and password. if (!(isset($_POST['user']) && isset($_POST['pwd']))) { return false; } // Validate the data. $err = array(); if (!(is_valid_pname($_POST['user'], $err) && is_valid_password($_POST['pwd'], $err))) { return false; } // Check the user against the db. $res = $rpgDB->query(sprintf("SELECT iplog, slength, email, dm FROM %s WHERE pname = '%s' " . "AND (pwd = PASSWORD('%s') OR pwd = OLD_PASSWORD('%s'))", $TABLE_USERS, addslashes($_POST['user']), addslashes($_POST['pwd']), addslashes($_POST['pwd']))); if (!$res) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { return false; } $row = $rpgDB->fetch_row($res); // Record the userdata. $this->_username = $_POST['user']; $this->_iplog = unserialize(stripslashes($row['iplog'])); $this->_slength = $row['slength']; $this->_email = $row['email']; $this->_dm = $row['dm'] == 'Y'; // Update the iplog. $this->update_iplog(); // Generate the sid. $this->_sid = $this->GenerateId(); // Set the session cookie. setcookie('sid', $this->_sid); // Determine character access permissions. $this->_permission = new CharPermission($this->_username, null); // Update the db. $res = $rpgDB->query(sprintf("UPDATE %s SET iplog = '%s', ip = '%s', sid = '%s', pwd_key = NULL WHERE pname = '%s'", $TABLE_USERS, addslashes(serialize($this->_iplog)), addslashes($this->_ip), addslashes($this->_sid), addslashes($this->_username))); if (!$res) { __printFatalErr("Failed to update database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Failed to update user data.", __LINE__, __FILE__); } // Now record that this session is valid. $this->_is_session_valid = true; // Return success. return true; }
// Obtain the import script for the format. $res = $rpgDB->query(sprintf("SELECT imp_file, title FROM %s WHERE id = %d", $TABLE_SERIALIZE, (int) $format)); if (!$res) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Failed to obtain import script location.", __FILE__, __LINE__); } $row = $rpgDB->fetch_row($res); } // Include the proper script. include_once "{$INCLUDE_PATH}/serialization/" . $row['imp_file']; // Call the import routine. $char = new Character($id); if (!$char->IsValid()) { __printFatalErr("Failed to obtain current character data."); } if (import_character($contents, $char)) { if ($char->Save($sid)) { print_upload_success($sid); } } // By now, we've failed if we got here. print_upload_failed($sid, $row['title']); //////////////////////////////////////////////////////////////////////// // Helper functions // Show that the autodetect has failed. function print_autodetect_failed($sid, $id) { global $title, $formats; $title = 'Data Upload';
$messages = $err; draw_page($error_page); exit; } // Check to see if the profile name already exists. $_r = $rpgDB->query(sprintf("SELECT COUNT(pname) as cnt FROM %s WHERE pname = '%s'", $TABLE_USERS, addslashes($user))); if (!$_r) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } $r = $rpgDB->fetch_row($_r); if ($r['cnt'] != 0) { array_push($err, "The selected username ({$user}) has already been registered by another user."); $messages = $err; draw_page($error_page); } // Attempt to add the new user. $_r = $rpgDB->query(sprintf("INSERT INTO %s SET pname = '%s', pwd = PASSWORD('%s'), email = '%s'", $TABLE_USERS, addslashes($user), addslashes($pwd1), addslashes($email))); if (!$_r) { __printFatalErr("Failed to update database.", __LINE__, __FILE__); } // Show the user a success message. $title = 'Registration Complete'; $pname = $user; draw_page('register_success.php'); } else { // No data was sent: // Display the registration page. $title = 'Registration'; $pname = $user; draw_page('register.php'); }
function get_campaigns() { global $TABLE_CAMPAIGNS, $TABLE_CHARS, $rpgDB; $this->_campaigns = array(); $sql = sprintf("SELECT ca.id, ca.name, ca.active, ca.open, count(ch.id) as chars " . "FROM %s ca LEFT JOIN %s ch ON ca.id = ch.campaign " . "WHERE ca.owner = '%s' GROUP BY ca.id " . "ORDER BY UPPER(ca.name)", $TABLE_CAMPAIGNS, $TABLE_CHARS, addslashes($this->_pname)); $res = $rpgDB->query($sql); if (!$res) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } while ($row = $rpgDB->fetch_row($res)) { if ($row['active'] == 'Y') { array_push($this->_campaigns, array('id' => $row['id'], 'name' => $row['name'], 'active' => $row['active'] == 'Y', 'open' => $row['open'] == 'Y', 'pcs' => $row['chars'])); } else { array_push($this->_inactive_campaigns, array('id' => $row['id'], 'name' => $row['name'], 'active' => $row['active'] == 'Y', 'open' => $row['open'] == 'Y', 'pcs' => $row['chars'])); } } }
include_once "{$INCLUDE_PATH}/engine/campaign.class.php"; include_once "{$INCLUDE_PATH}/engine/templates.php"; include_once "{$INCLUDE_PATH}/engine/serialization.php"; $sid = RespawnSession(__LINE__, __FILE__); // Validate permission for the requested character. $id = (int) $_POST['id']; if (!$id) { $id = (int) $_GET['id']; } if (!$sid->HasAccessTo($id)) { __printFatalErr("Access denied."); } // Get character details. $character = new Character($id); if (!$character->IsValid()) { __printFatalErr("Failed to retrieve character data.", __LINE__, __FILE__); } // Perform any simple actions that are requested. if (isset($_POST['public'])) { $public_updated = apply_public($sid, $character, $_POST['public'] == 'true') ? 'Updated!' : 'Update Failed!'; } if (isset($_POST['inactive'])) { $inactive_updated = apply_inactive($sid, $character, $_POST['inactive'] == 'true') ? 'Updated!' : 'Update Failed!'; } if (isset($_POST['add_profile'])) { $profiles_updated = apply_add_profile($character, $_POST['add_profile']) ? 'Updated!' : 'Update Failed!'; } if (isset($_POST['tid'])) { $template_updated = apply_template($sid, $character, (int) $_POST['tid']) ? 'Updated!' : 'Update Failed!'; } if (isset($_GET['remove_profile'])) {
$name = $_POST['newname']; $website = $_POST['website']; $err = array(); if (!is_valid_cname($name, $err)) { $title = 'Error'; $success = false; draw_page('new_campaign.php'); exit; } // Add the campaign to the database $_r = $rpgDB->query(sprintf("INSERT INTO %s SET name = '%s', owner = '%s', website = '%s'", $TABLE_CAMPAIGNS, addslashes($name), addslashes($sid->GetUserName()), addslashes($website))); if (!$_r) { __printFatalErr("Failed to update database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Failed to update campaign list.", __LINE__, __FILE__); } // Get the character's id (the character should be the most recent character // edited by this profile, and just to be sure, we restrict the select by // cname as well). $_r = $rpgDB->query(sprintf("select last_insert_id() as id from %s where owner='%s'", $TABLE_CAMPAIGNS, addslashes($sid->GetUserName()))); if (!$_r) { __printFatalErr("Failed to query database for new campaign id.", __LINE__, __FILE__); } $r = $rpgDB->fetch_row($_r); $campaignID = $r['id']; // Everything should be fine, generate the success message. $title = 'New Campaign'; $id = $campaignID; $success = true; draw_page('new_campaign.php');
if ($query_id) { $this->row[$query_id] = mysql_fetch_array($query_id, MYSQL_ASSOC); return $this->row[$query_id]; } else { return false; } } function freeresult($query_id = 0) { if (!$query_id) { $query_id = $this->query_result; } if ($query_id) { unset($this->row[$query_id]); unset($this->rowset[$query_id]); mysql_free_result($query_id); return true; } else { return false; } } function error() { $result['message'] = mysql_error($this->db_connect_id); $result['code'] = mysql_errno($this->db_connect_id); return $result; } } // class sql_db $rpgDB = new mysql_db($DB_HOST, $DB_USER, $DB_PWD, $DB) or __printFatalErr(mysql_error() . 'Failed to find database.', __LINE__, __FILE__);
} } } } // Limit $sql .= "LIMIT " . $recordsPerPage . " "; // Offset if ($page) { $start = 1 + ((int) $page - 1) * $recordsPerPage; $sql .= "OFFSET " . $start . " "; } else { $page = 1; } $res = $rpgDB->query($sql); if (!$res) { __printFatalErr("Failed to query database: {$sql}", __LINE__, __FILE__); } $characters = array(); while ($row = $rpgDB->fetch_row($res)) { array_push($characters, array("id" => $row['id'], "name" => $row['cname'], "lastedited" => $row['lastedited'], "owner" => $row['owner'], "template" => $row['tname'], "campaign" => $row['caname'])); } if (count($characters) == $recordsPerPage) { $nextpage = $page + 1; } if ($page > 1) { $prevpage = $page - 1; } draw_page('search_results.php'); } else { // No query string, show the search page. draw_page('search.php');
$format = (int) $_POST['format']; // Verify access to the character. if (!$sid->HasAccessTo($id)) { __printFatalErr("Access denied."); } // Get the charcter data. $char = new Character($id); if (!$char->IsValid()) { __printFatalErr("Invalid character data (?)"); } // Determine which script to include. $_r = $rpgDB->query(sprintf("SELECT exp_file FROM %s where exp_file != '' AND id = %d LIMIT 1", $TABLE_SERIALIZE, (int) $format)); if (!$_r) { __printFatalErr("Failed to query database.", __LINE__, __FILE__); } $row = $rpgDB->fetch_row($_r); // Verify we have a path. $path = $INCLUDE_PATH . '/serialization/' . $row['exp_file']; if (!is_file($path)) { __printFatalErr("Failed to locate export script.", __LINE__, __FILE__); } // Include the script. include_once $path; // Attempt the export. $data = export_character($char); if (strlen($data)) { header("Cache-Control: no-store, no-cache, must-revalidate"); echo $data; } else { __printFatalErr("Export routine failed."); }
if (!is_valid_email($email, $err_dummy)) { __printFatalErr("An invalid or non-existent email address was found in your profile."); } // Generate a key and put it in the db. $keygen = new Id(); $id = $keygen->GenerateId(); $_r = $rpgDB->query(sprintf("UPDATE %s SET pwd_key = '%s' WHERE pname = '%s' LIMIT 1", $TABLE_USERS, addslashes($id), addslashes($pname)), $rpgDB); if (!$_r) { __printFatalErr("Failed to update database.", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Failed to update profile.", __LINE__, __FILE__); } // Send off the message. $to = $email; $from = "From: {$EMAIL_WEBMASTER}"; $subject = "RPG Web Profiler password reset."; $body = "{$pname},\n\nYour RPG Web Profiler password at {$URI_HOME} was recently requested to be reset. To complete the process, visit the link below and follow the directions that 3EProfiler asks.\n\n{$URI_BASE}/resetpwd.php?p={$pname}&k={$id}\n\nIf you never requested your password to be reset, please disregard this message. No information was given to the person requesting your password."; if (!mail($to, $subject, $body, $from)) { __printFatalErr("Failed to send email to address listed in profile."); } // Send a success message. $title = 'Reset Password'; draw_page('resetpwd_checkmail.php'); } else { // No proper query received: show a form allowing the user to give // their profile name. $title = 'Reset Password'; draw_page('resetpwd.php'); } }
$title = 'Error'; draw_page('new_badname.php'); exit; } // Verify we got a proper template for the character. $template = (int) $_POST['chartemplate']; if (!is_valid_template_id($template)) { __printFatalErr("Invalid template id."); } // Add the character to the master list. $sql = sprintf("INSERT INTO %s SET cname = '%s', editedby = '%s', template_id = %d, owner = '%s'", $TABLE_CHARS, addslashes($name), addslashes($sid->GetUserName()), (int) $template, addslashes($sid->GetUserName())); $_r = $rpgDB->query($sql); if (!$_r) { __printFatalErr("Failed to update database: {$sql}", __LINE__, __FILE__); } if ($rpgDB->num_rows() != 1) { __printFatalErr("Failed to update character list.", __LINE__, __FILE__); } // Get the character's id (the character should be the most recent character // edited by this profile, and just to be sure, we restrict the select by // cname as well). $_r = $rpgDB->query(sprintf("SELECT id FROM %s WHERE editedby = '%s' AND cname = '%s' ORDER BY lastedited DESC LIMIT 1", $TABLE_CHARS, addslashes($sid->GetUserName()), addslashes($name))); if (!$_r) { __printFatalErr("Failed to query database for new character id.", __LINE__, __FILE__); } $r = $rpgDB->fetch_row($_r); $charID = $r['id']; // Everything should be fine, generate the success message. $title = 'New Character'; $id = $charID; draw_page('new_success.php');