<?php
// Load the installation directory
include './installation-configs/ins-directory.php';
// Load the API
include $_SERVER['DOCUMENT_ROOT'] . $INS_DIR . 'load.php';
if (isset($_GET['username'])) {
$v_username = $_GET['username'];
if (isset($_GET['id'])) {
$v_id = $_GET['id'];
if (userExists($v_username)) {
$v_email_status = getUserInfo($v_username, 'email-status');
if ($v_email_status == 'not-verified') {
$v_email_code = getUserInfo($v_username, 'email-code');
if ($v_id == $v_email_code) {
setUserInfo($v_username, 'email-status', 'verified');
echo 'Account Verified';
} else {
die('Invalid Verification Link');
}
} else {
if ($v_email_status == 'verified') {
die('This account is already verified.');
} else {
die('There was a problem with this link.');
}
}
} else {
die('Invalid Verification Link');
}
} else {
function checkLoginStatus($getPage_connection2)
{
$loginArray = array("status" => false, "loggingIn" => false);
$loggingIn = false;
$resetLoginVars = false;
$checkCreds = false;
if (!isset($_SESSION["login"])) {
$_SESSION["login"] = 0;
}
// if
// if not logged in,
if ($_SESSION["login"] != 1) {
// attempting login
// if login info has been submitted
if (isset($_POST["username"]) && isset($_POST["password"])) {
$cleaned_username = cleanString($_POST["username"], true);
$cleaned_password = cleanString($_POST["password"], true);
if (strlen($cleaned_username) >= 1 && strlen($cleaned_password) >= 1) {
$loggingIn = true;
}
// if
}
// if
if ($loggingIn === true) {
$userInfo1 = getUserInfoByName($getPage_connection2, $cleaned_username);
if ($userInfo1["id"] >= 1) {
$final_salt = '$2y$09$' . $userInfo1["salt"] . '$';
$created_password = crypt($cleaned_password . $userInfo1["salt"], $final_salt);
$created_string = hash('sha512', $created_password . $userInfo1["token"]);
$actual_string = hash('sha512', $userInfo1["password"] . $userInfo1["token"]);
if ($actual_string == $created_string) {
$_SESSION["user_id"] = $userInfo1["id"];
$_SESSION["username"] = $cleaned_username;
$_SESSION["login_string"] = $created_string;
$_SESSION["login"] = 1;
$_SESSION["nation_id"] = $userInfo1["id"];
$_SESSION["admin"] = $userInfo1["admin"];
$new_date = date("Y-m-d H:i:s");
$nationInfoLogin = getNationInfo($getPage_connection2, $_SESSION["nation_id"]);
setUserInfo($getPage_connection2, $userInfo1["id"], $userInfo1["name"], $userInfo1["avatar"], $userInfo1["joined"], $new_date, $userInfo1["password"], $userInfo1["salt"], $userInfo1["token"], $userInfo1["thread"], $userInfo1["admin"]);
$_SESSION["success_message"] = "User has logged in successfully!";
$_SESSION["pageTypeInfo"] = getPageTypeInfo($getPage_connection2, "map");
$loginArray["status"] = true;
$loginArray["loggingIn"] = true;
$_POST["continent"] = $nationInfoLogin["home"];
$_SESSION["continent_id"] = $nationInfoLogin["home"];
$_SESSION["nation_id"] = $nationInfoLogin["id"];
$_SESSION["prev_xpos"] = 1;
$_SESSION["prev_ypos"] = 1;
$_SESSION["xpos"] = 1;
$_SESSION["ypos"] = 1;
$_POST["overlay"] = "nations";
$_GET["overlay"] = "nations";
$_SESSION["prev_overlay"] = "nations";
$_SESSION["overlay"] = "nations";
$mapMemoryInfo = getMapMemoryInfo($getPage_connection2, $_SESSION["user_id"]);
$_SESSION["terrainMapContents"] = $mapMemoryInfo["terrain"];
$_SESSION["terrainMapContentsTokens"] = $mapMemoryInfo["terraintokens"];
$_SESSION["controlMapContents"] = $mapMemoryInfo["control"];
$_SESSION["controlMapContentsTokens"] = $mapMemoryInfo["controltokens"];
$_SESSION["claimsMapContents"] = $mapMemoryInfo["claims"];
$_SESSION["claimsMapContentsTokens"] = $mapMemoryInfo["claimstokens"];
$_SESSION["unitsMapContents"] = $mapMemoryInfo["units"];
$_SESSION["unitsMapContentsTokens"] = $mapMemoryInfo["unitstokens"];
$_SESSION["nationsMapContents"] = $mapMemoryInfo["nations"];
$_SESSION["nationsMapContentsTokens"] = $mapMemoryInfo["nationstokens"];
} else {
$resetLoginVars = true;
$_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted.";
}
// else
} else {
$resetLoginVars = true;
$_SESSION["warning_message"] = "Cannot complete action: invalid user name credentials submitted.";
}
// else
} else {
$resetLoginVars = true;
}
// else
} else {
$resetLoginVars = false;
$checkCreds = true;
}
// else
if ($checkCreds === true) {
// check creds 50% of time...
$rand_cred = mt_rand(1, 10);
if ($rand_cred > 5) {
// checking for login details match
if (isset($_SESSION["login_string"])) {
if (isset($_SESSION["user_id"])) {
$userInfo1 = array("id" => 0, "name" => "", "password" => "", "salt" => "", "token" => 0, "thread" => 0, "admin" => 0);
if ($stmt654 = $getPage_connection2->prepare("SELECT id,name,password,salt,token,thread,admin FROM users WHERE id=? LIMIT 1")) {
$stmt654->bind_param("i", $_SESSION["user_id"]);
$stmt654->execute();
$stmt654->bind_result($r_id, $r_name, $r_password, $r_salt, $r_token, $r_thread, $r_admin);
$stmt654->fetch();
$userInfo1["id"] = $r_id;
$userInfo1["name"] = $r_name;
$userInfo1["password"] = $r_password;
$userInfo1["salt"] = $r_salt;
$userInfo1["token"] = $r_token;
$userInfo1["thread"] = $r_thread;
$userInfo1["admin"] = $r_admin;
$stmt654->close();
} else {
$resetLoginVars = true;
}
// else
// if match, assign user details
if ($_SESSION["login_string"] == hash('sha512', $userInfo1["password"] . $userInfo1["token"])) {
$_SESSION["login"] = 1;
$loginArray["status"] = true;
$loginArray["loggingIn"] = false;
$_SESSION["success_message"] = "";
$_SESSION["user_id"] = $userInfo1["id"];
// unique ID number of user
$_SESSION["username"] = $userInfo1["name"];
// unique string name of user
$_SESSION["nation_id"] = $userInfo1["id"];
// nation
$_SESSION["admin"] = $userInfo1["admin"];
// admin
} else {
$resetLoginVars = true;
}
// else
} else {
$resetLoginVars = true;
}
// else
} else {
$resetLoginVars = true;
}
// else
} else {
$_SESSION["login"] = 1;
$loginArray["status"] = true;
$loginArray["loggingIn"] = false;
$resetLoginVars = false;
}
// else
}
// if
if ($resetLoginVars === true) {
$_SESSION["login"] = 0;
$loginArray["status"] = false;
$loginArray["loggingIn"] = false;
$_SESSION["success_message"] = "";
$_SESSION["user_id"] = 0;
$_SESSION["username"] = "";
$_SESSION["nation_id"] = 0;
$_SESSION["admin"] = 0;
$resetLoginVars = false;
}
// if
return $loginArray;
}
if (rights($author) == 'admin') {
echo ' style="color: #CC0000;" title="' . $author . ' is an administrator."';
} elseif (rights($author) == 'moderator') {
echo ' style="color: #00CC00;" title="' . $author . ' is a moderator."';
}
echo '>' . $author . '</a></h2>';
echo '<br /><div id="description" class="shown">' . $description;
if ($_SESSION['user'] == $author || rights($_SESSION['user']) == 'admin' || rights($_SESSION['user']) == 'moderator') {
echo ' <a href="#"><img src="images/edit.gif" border="0" onclick="editDescription()"></a></div>';
echo '<div id="editDescription" class="hidden"><textarea name="newDescription" class="editDescription" cols="64" rows="10">' . $editdescription . '</textarea> <a href="#"><img src="images/check.gif" border="0" onclick="document.edit.submit();"></a></div>';
}
echo '<br /> <br /> <br />';
if (isset($_SESSION['user'])) {
if (checkUserInfo("viewed", $_REQUEST['id']) === false) {
setInfo($_REQUEST['id'], "views", strval(intval(getInfo($_REQUEST['id'], "views")) + 1));
setUserInfo("viewed", $_REQUEST['id']);
}
}
$rating = getInfo($_REQUEST['id'], "rating");
if (empty($rating)) {
echo '<table align="center" cellpadding="0" cellspacing="0"><tr><td style="font-weight: bold;">Track Rating:</td><td width="8"></td><td style="background: url(\'nostars.png\'); color: #FFFFFF;" width="86">Not Yet Rated</td></tr>';
if ($_SESSION['user'] != $author && isset($_SESSION['user'])) {
echo '<tr class="trshown" id="ratebutton"><td colspan="4" align="center"><input type="button" value="Rate It!" class="rateit" onclick="rateIt();"></td></tr>';
echo '<tr class="hidden" id="rateline"><td colspan="4" align="center"><table cellpadding="0" cellspacing="0" border="0"><tr><td><select name="rating">';
echo '<option>No Rating</option>';
for ($i = 1; $i <= 5; $i++) {
echo '<option value="' . $i . '">' . $i . ' Stars</option>';
}
echo '</select></td><td width="4"></td><td><a href="#"><img src="images/check.gif" border="0" onclick="document.edit.submit();"></a></td></tr></table></td></tr>';
}
echo '</table>';
$app->notFound();
}
});
$app->post('/pwreset/:guid', function () use($app) {
setGUIDPassword($app->db, $app->request->post('guid'), $app->request->post('newPassword1'), $app->request->post('newPassword2'));
$app->redirect($app->urlFor('login'));
});
$app->get('/unsubscribe/:guid', function ($guid) use($app) {
//TODO: Deal with this somehow.
$app->render('html/unsubscribe.html', array('guid', $guid));
});
$app->get('/profile', function () use($app) {
$app->render('html/profile.html');
})->name('profile');
$app->post('/profile/details', function () use($app) {
setUserInfo($app->auth->getIdentity()['user'], $app->db, $app->request->post('email'));
$data = $app->auth->getIdentity();
$data['email'] = $app->request->post('email');
$app->auth->getStorage()->write($data);
$app->redirect($app->urlFor('profile'));
});
$app->post('/profile/password', function () use($app) {
setUserPassword($app->auth->getIdentity()['user'], $app->request->post('newPassword1'), $app->request->post('newPassword2'));
$app->redirect($app->urlFor('profile'));
});
$app->get('/admin', function () use($app) {
$app->render('html/admin.html');
});
$app->get('/admin/allowances/list', function () use($app) {
$users = getUsers($app->db, 'all');
$periods = $app->periods->getAllPeriods();
function changeSettings($getPage_connection2)
{
if ($_SESSION["action"] == "change") {
if (strlen($_SESSION["current_password"]) > 0) {
$userInfo1 = getUserInfoByName($getPage_connection2, $_SESSION["username"]);
if ($userInfo1["id"] >= 1) {
$final_salt = '$2y$09$' . $userInfo1["salt"] . '$';
$created_password = crypt($_SESSION["current_password"] . $userInfo1["salt"], $final_salt);
$created_string = hash('sha512', $created_password . $userInfo1["token"]);
$actual_string = hash('sha512', $userInfo1["password"] . $userInfo1["token"]);
if ($actual_string == $created_string) {
if ($_SESSION["setting_password"] == $_SESSION["setting_password_confirm"]) {
if (strlen($_SESSION["setting_password"]) >= 8 && strlen($_SESSION["setting_password"]) <= 35 && (strlen($_SESSION["setting_password_confirm"]) >= 8 && strlen($_SESSION["setting_password_confirm"]) <= 35)) {
$new_salt = "";
$allowed_chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$chars_length = 63;
for ($i = 0; $i < 51; $i++) {
$new_salt .= $allowed_chars[mt_rand(0, $chars_length)];
}
// for
$new_token = mt_rand(1000, 9999);
$final_salt = '$2y$09$' . $new_salt . '$';
$created_password = crypt($_SESSION["setting_password"] . $new_salt, $final_salt);
setUserInfo($getPage_connection2, $userInfo1["id"], $userInfo1["name"], $userInfo1["avatar"], $userInfo1["joined"], $userInfo1["lastplayed"], $created_password, $new_salt, $new_token, $userInfo1["thread"], $userInfo1["admin"]);
$created_string2 = hash('sha512', $created_password . $new_token);
$_SESSION["user_id"] = $userInfo1["id"];
$_SESSION["username"] = $userInfo1["name"];
$_SESSION["login_string"] = $created_string2;
$_SESSION["login"] = 1;
$_SESSION["nation_id"] = $userInfo1["id"];
$_SESSION["admin"] = $userInfo1["admin"];
$_SESSION["pageTypeInfo"] = getPageTypeInfo($getPage_connection2, "map");
$_SESSION["success_message"] = "User has been updated successfully!";
} else {
$_SESSION["warning_message"] = "Cannot complete action: New password must be 8-35 characters.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: new password not submitted correctly. Check to make sure both new password fields are identically submitted.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid user submitted.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid action.";
}
// else
}
function deactivateAccount($getPage_connection2)
{
if ($_SESSION["action"] == "yes") {
if (strlen($_SESSION["current_password"]) > 0) {
$userInfo1 = getUserInfoByName($getPage_connection2, $_SESSION["username"]);
if ($userInfo1["id"] >= 1) {
$final_salt = '$2y$09$' . $userInfo1["salt"] . '$';
$created_password = crypt($_SESSION["current_password"] . $userInfo1["salt"], $final_salt);
$created_string = hash('sha512', $created_password . $userInfo1["token"]);
$actual_string = hash('sha512', $userInfo1["password"] . $userInfo1["token"]);
if ($actual_string == $created_string) {
// setup inaccessible passwords
setUserInfo($getPage_connection2, $userInfo1["id"], $userInfo1["name"], $userInfo1["avatar"], $userInfo1["joined"], $userInfo1["lastplayed"], "aaaaaaab", "aaaaaaab", 1212, $userInfo1["thread"], $userInfo1["admin"]);
resetSession(false);
$_SESSION["success_message"] = "User de-activation has been registered successfully!";
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid user submitted.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid user password credentials submitted.";
}
// else
} else {
$_SESSION["warning_message"] = "Cannot complete action: invalid action.";
}
// else
}
function enableeUser($username)
{
setUserInfo($username, 'disabled', false);
}
}
}
if ($x > 1000) {
break;
}
}
}
if ($_REQUEST['downloadTracks'] == true) {
$file = fopen("tracks/managers/" . $_SESSION['user'] . ".manager", "r");
$ids = fread($file, filesize("tracks/managers/" . $_SESSION['user'] . ".manager"));
fclose($file);
$ids = explode("\r\n", $ids);
foreach ($ids as $id) {
if (!empty($id)) {
if (checkUserInfo("downloaded", $id) == false) {
setUserInfo("downloaded", $id);
setInfo($id, "downloads", strval(intval(getInfo($id, "downloads")) + 1));
}
}
}
$ids = implode(chr(9), $ids);
mergeTracks($_SESSION['user'], $ids);
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="savedLines.sol"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize("tracks/managers/" . $_SESSION['user'] . ".sol"));
readfile("tracks/managers/" . $_SESSION['user'] . ".sol");
exit;
}
if ($_REQUEST['rename'] == 'yes') {
$newmanager = '';
