Esempio n. 1
0
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
if ($_GET['btnSubmit'] != '') {
    $db_prefix = DB_PREFIX;
    $iID = (int) ba_db_real_escape_string($link, str_replace(PID_PREFIX, '', $_GET['txtID']));
    $sFirst = ba_db_real_escape_string($link, $_GET['txtFirstName']);
    $sSurname = ba_db_real_escape_string($link, $_GET['txtSurname']);
    $sMail = SafeEmail($_GET['txtEmail']);
    $sCar = ba_db_real_escape_string($link, str_replace(' ', '', $_GET['txtCarRegistration']));
    $sCharName = ba_db_real_escape_string($link, $_GET['txtCharName']);
    $sql = "SELECT plPlayerID, plFirstName, plSurname, plEmail, plCarRegistration, plPassword, chName " . "FROM {$db_prefix}players LEFT JOIN {$db_prefix}characters ON plPlayerID = chPlayerID ";
    //$sOR is used to add OR if required
    $sOR = '';
    $sCond = '';
    if ($iID != 0) {
        $sCond .= " plPlayerID = {$iID}";
        $sOR = ' OR';
    }
    if ($sFirst != '') {
        $sCond .= $sOR . " plFirstName LIKE '%{$sFirst}%'";
        $sOR = ' OR';
    }
    if ($sSurname != '') {
Esempio n. 2
0
     $sMedInfo = '';
 } else {
     $sMedInfo = ba_db_real_escape_string($link, $_POST['txtMedicalInfo']);
 }
 //Remove any spaces in car registration
 $sCarReg = ba_db_real_escape_string($link, str_replace(' ', '', $_POST['txtCarRegistration']));
 //get value of event pack by post
 if ($_POST['chkEventPackByPost'] == '') {
     $iByPost = 0;
 } else {
     $iByPost = 1;
 }
 //Set up UPDATE query
 $refnumber = (int) $_POST["txtRefNumber{$value}"];
 $marshal = stripslashes($_POST["cboMarshal{$value}"]);
 $sEmail = ba_db_real_escape_string($link, SafeEmail($_POST['txtEmail']));
 $sql = "UPDATE {$db_prefix}players SET plFirstName = '" . ba_db_real_escape_string($link, $_POST['txtFirstName']) . "', " . "plSurname = '" . ba_db_real_escape_string($link, $_POST['txtSurname']) . "', " . "pleAddress1 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress1']) . "', '{$key}'), " . "pleAddress2 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress2']) . "', '{$key}'), " . "pleAddress3 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress3']) . "', '{$key}'), " . "pleAddress4 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress4']) . "', '{$key}'), " . "plePostcode = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPostcode']) . "', '{$key}'), " . "pleTelephone = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPhone']) . "', '{$key}'), " . "pleMobile = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtMobile']) . "', '{$key}'), " . "plEmail = '{$sEmail}', " . "plDOB = '{$dob}', " . "pleMedicalInfo = AES_ENCRYPT('" . ba_db_real_escape_string($link, $sMedInfo) . "', '{$key}'), " . "plEmergencyName = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyName']) . "', " . "pleEmergencyNumber = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtEmergencyNumber']) . "', '{$key}'), " . "plEmergencyRelationship = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyRelationship']) . "', " . "plCarRegistration = '{$sCarReg}', " . "plDietary = '" . ba_db_real_escape_string($link, $_POST['selDiet']) . "', " . "plNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', " . "plAdminNotes = '" . ba_db_real_escape_string($link, $_POST['txtAdminNotes']) . "', ";
 $sql .= "plRefNumber = {$refnumber}, plMarshal = '{$marshal}',";
 $sql .= "plEventPackByPost = {$iByPost} ";
 $sql .= "WHERE plPlayerID = {$admin_player_id}";
 //Run UPDATE query
 if (ba_db_query($link, $sql)) {
     //Query should affect exactly one row. Log a warning if it affected more
     if (ba_db_affected_rows($link) > 1) {
         LogWarning("More than one row updated during admin OOC update (admin_edit_ooc.php). Player ID: {$admin_player_id}");
     }
     //Do not redirect if there are any warnings (required fields not filled in, etc)
     if ($sWarn == '') {
         //Make up URL & redirect
         $sURL = fnSystemURL() . "admin_viewdetails.php?pid={$admin_player_id}&green=" . urlencode("OOC details updated");
         header("Location: {$sURL}");
Esempio n. 3
0
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
//Do not check that user is logged in
$bLoginCheck = False;
include 'inc/inc_head_db.php';
$sMessage = '';
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '') {
    //User is logging in
    $sEmail = SafeEmail($_POST['txtEmail']);
    //Work out which salt to use
    $sql = "SELECT plPlayerID, plOldSalt FROM {$db_prefix}players WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'";
    $result = ba_db_query($link, $sql);
    $row = ba_db_fetch_assoc($result);
    $UseOldSalt = $row['plOldSalt'];
    //Get SHA-1 hash of password using appropriate salt
    if ($UseOldSalt == 1) {
        $sPass = sha1($_POST['txtPassword'] . OLD_PW_SALT);
    } else {
        $sPass = sha1($_POST['txtPassword'] . PW_SALT);
    }
    //Set up & run query
    $sql = "SELECT plPlayerID FROM {$db_prefix}players " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "' AND plPassword = '******'";
    $result = ba_db_query($link, $sql);
    if (ba_db_num_rows($result) > 1) {
Esempio n. 4
0
        $sql = "UPDATE {$db_prefix}players SET plNewMail = '{$sNewMail}', plNewMailCode = '" . ba_db_real_escape_string($link, $sCode) . "' " . "WHERE plPlayerID = {$PLAYER_ID}";
        $result = ba_db_query($link, $sql);
        $sGreen = "A confirmation code has been sent to both your existing, and your new, e-mail addresses.<br>" . "Follow the instructions in the e-mail to confirm the change of e-mail address";
        //E-mail user with confirmation code and instructions
        $sBody = "A request has been received for your e-mail address to be changed at " . SYSTEM_NAME . ". " . "In order to make this change, you must log on to " . SYSTEM_NAME . " at " . fnSystemURL() . " using your existing e-mail address and password, then go to the 'Change password' page " . "and enter the code below:\n\nCode: {$sCode}\n\n" . "Note that the code must be entered *exactly* as above - it is probably easiest to copy and paste it.\n\n" . "If you have any problems, or questions, e-mail " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . "\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL();
        mail($row['plEmail'], SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
        mail(SafeEmail($_POST['txtEmail']), SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
    }
}
if ($_POST['btnConfirm'] != '' && CheckReferrer('change_password.php')) {
    //Get user's e-mail address
    $result = ba_db_query($link, "SELECT plNewMail, plNewMailCode FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}");
    $row = ba_db_fetch_assoc($result);
    if ($row['plNewMailCode'] == $_POST['txtCode']) {
        //Run update query & set message
        $sql = "UPDATE {$db_prefix}players SET plEmail = '" . SafeEmail($row['plNewMail']) . "', plNewMail = '', plNewMailCode = '' " . "WHERE plPlayerID = {$PLAYER_ID}";
        $result = ba_db_query($link, $sql);
        if ($result === False) {
            $sWarn = "There was a problem updating your e-mail address";
        } else {
            $sGreen = "Your e-mail address has been updated";
        }
    }
}
if ($_POST['btnUpdateEmailPreferences'] != '' && CheckReferrer('change_password.php')) {
    if ($_POST['chkEmailOOCChange'] == 'on') {
        $bOOCChange = 1;
    } else {
        $bOOCChange = 0;
    }
    if ($_POST['chkEmailICChange'] == 'on') {