| WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more | details. | | You should have received a copy of the GNU General Public License along with | Bitsand. If not, see <http://www.gnu.org/licenses/>. +---------------------------------------------------------------------------*/ include '../inc/inc_head_db.php'; include '../inc/inc_admin.php'; include '../inc/inc_head_html.php'; if ($_GET['btnSubmit'] != '') { $db_prefix = DB_PREFIX; $iID = (int) ba_db_real_escape_string($link, str_replace(PID_PREFIX, '', $_GET['txtID'])); $sFirst = ba_db_real_escape_string($link, $_GET['txtFirstName']); $sSurname = ba_db_real_escape_string($link, $_GET['txtSurname']); $sMail = SafeEmail($_GET['txtEmail']); $sCar = ba_db_real_escape_string($link, str_replace(' ', '', $_GET['txtCarRegistration'])); $sCharName = ba_db_real_escape_string($link, $_GET['txtCharName']); $sql = "SELECT plPlayerID, plFirstName, plSurname, plEmail, plCarRegistration, plPassword, chName " . "FROM {$db_prefix}players LEFT JOIN {$db_prefix}characters ON plPlayerID = chPlayerID "; //$sOR is used to add OR if required $sOR = ''; $sCond = ''; if ($iID != 0) { $sCond .= " plPlayerID = {$iID}"; $sOR = ' OR'; } if ($sFirst != '') { $sCond .= $sOR . " plFirstName LIKE '%{$sFirst}%'"; $sOR = ' OR'; } if ($sSurname != '') {
$sMedInfo = ''; } else { $sMedInfo = ba_db_real_escape_string($link, $_POST['txtMedicalInfo']); } //Remove any spaces in car registration $sCarReg = ba_db_real_escape_string($link, str_replace(' ', '', $_POST['txtCarRegistration'])); //get value of event pack by post if ($_POST['chkEventPackByPost'] == '') { $iByPost = 0; } else { $iByPost = 1; } //Set up UPDATE query $refnumber = (int) $_POST["txtRefNumber{$value}"]; $marshal = stripslashes($_POST["cboMarshal{$value}"]); $sEmail = ba_db_real_escape_string($link, SafeEmail($_POST['txtEmail'])); $sql = "UPDATE {$db_prefix}players SET plFirstName = '" . ba_db_real_escape_string($link, $_POST['txtFirstName']) . "', " . "plSurname = '" . ba_db_real_escape_string($link, $_POST['txtSurname']) . "', " . "pleAddress1 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress1']) . "', '{$key}'), " . "pleAddress2 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress2']) . "', '{$key}'), " . "pleAddress3 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress3']) . "', '{$key}'), " . "pleAddress4 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress4']) . "', '{$key}'), " . "plePostcode = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPostcode']) . "', '{$key}'), " . "pleTelephone = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPhone']) . "', '{$key}'), " . "pleMobile = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtMobile']) . "', '{$key}'), " . "plEmail = '{$sEmail}', " . "plDOB = '{$dob}', " . "pleMedicalInfo = AES_ENCRYPT('" . ba_db_real_escape_string($link, $sMedInfo) . "', '{$key}'), " . "plEmergencyName = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyName']) . "', " . "pleEmergencyNumber = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtEmergencyNumber']) . "', '{$key}'), " . "plEmergencyRelationship = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyRelationship']) . "', " . "plCarRegistration = '{$sCarReg}', " . "plDietary = '" . ba_db_real_escape_string($link, $_POST['selDiet']) . "', " . "plNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', " . "plAdminNotes = '" . ba_db_real_escape_string($link, $_POST['txtAdminNotes']) . "', "; $sql .= "plRefNumber = {$refnumber}, plMarshal = '{$marshal}',"; $sql .= "plEventPackByPost = {$iByPost} "; $sql .= "WHERE plPlayerID = {$admin_player_id}"; //Run UPDATE query if (ba_db_query($link, $sql)) { //Query should affect exactly one row. Log a warning if it affected more if (ba_db_affected_rows($link) > 1) { LogWarning("More than one row updated during admin OOC update (admin_edit_ooc.php). Player ID: {$admin_player_id}"); } //Do not redirect if there are any warnings (required fields not filled in, etc) if ($sWarn == '') { //Make up URL & redirect $sURL = fnSystemURL() . "admin_viewdetails.php?pid={$admin_player_id}&green=" . urlencode("OOC details updated"); header("Location: {$sURL}");
| Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more | details. | | You should have received a copy of the GNU General Public License along with | Bitsand. If not, see <http://www.gnu.org/licenses/>. +---------------------------------------------------------------------------*/ //Do not check that user is logged in $bLoginCheck = False; include 'inc/inc_head_db.php'; $sMessage = ''; $db_prefix = DB_PREFIX; if ($_POST['btnSubmit'] != '') { //User is logging in $sEmail = SafeEmail($_POST['txtEmail']); //Work out which salt to use $sql = "SELECT plPlayerID, plOldSalt FROM {$db_prefix}players WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'"; $result = ba_db_query($link, $sql); $row = ba_db_fetch_assoc($result); $UseOldSalt = $row['plOldSalt']; //Get SHA-1 hash of password using appropriate salt if ($UseOldSalt == 1) { $sPass = sha1($_POST['txtPassword'] . OLD_PW_SALT); } else { $sPass = sha1($_POST['txtPassword'] . PW_SALT); } //Set up & run query $sql = "SELECT plPlayerID FROM {$db_prefix}players " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "' AND plPassword = '******'"; $result = ba_db_query($link, $sql); if (ba_db_num_rows($result) > 1) {
$sql = "UPDATE {$db_prefix}players SET plNewMail = '{$sNewMail}', plNewMailCode = '" . ba_db_real_escape_string($link, $sCode) . "' " . "WHERE plPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql); $sGreen = "A confirmation code has been sent to both your existing, and your new, e-mail addresses.<br>" . "Follow the instructions in the e-mail to confirm the change of e-mail address"; //E-mail user with confirmation code and instructions $sBody = "A request has been received for your e-mail address to be changed at " . SYSTEM_NAME . ". " . "In order to make this change, you must log on to " . SYSTEM_NAME . " at " . fnSystemURL() . " using your existing e-mail address and password, then go to the 'Change password' page " . "and enter the code below:\n\nCode: {$sCode}\n\n" . "Note that the code must be entered *exactly* as above - it is probably easiest to copy and paste it.\n\n" . "If you have any problems, or questions, e-mail " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . "\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL(); mail($row['plEmail'], SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); mail(SafeEmail($_POST['txtEmail']), SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">"); } } if ($_POST['btnConfirm'] != '' && CheckReferrer('change_password.php')) { //Get user's e-mail address $result = ba_db_query($link, "SELECT plNewMail, plNewMailCode FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}"); $row = ba_db_fetch_assoc($result); if ($row['plNewMailCode'] == $_POST['txtCode']) { //Run update query & set message $sql = "UPDATE {$db_prefix}players SET plEmail = '" . SafeEmail($row['plNewMail']) . "', plNewMail = '', plNewMailCode = '' " . "WHERE plPlayerID = {$PLAYER_ID}"; $result = ba_db_query($link, $sql); if ($result === False) { $sWarn = "There was a problem updating your e-mail address"; } else { $sGreen = "Your e-mail address has been updated"; } } } if ($_POST['btnUpdateEmailPreferences'] != '' && CheckReferrer('change_password.php')) { if ($_POST['chkEmailOOCChange'] == 'on') { $bOOCChange = 1; } else { $bOOCChange = 0; } if ($_POST['chkEmailICChange'] == 'on') {