die("<h3>{GAME_NAME} Error</h3>\n\tYou did not fill in the login form!<br />\n\t<a href='login.php'>> Back</a>"); } $form_username = mysql_real_escape_string(stripslashes($username), $c); $raw_password = stripslashes($password); $uq = mysql_query("SELECT `userid`, `userpass`, `pass_salt`\n FROM `users`\n WHERE `login_name` = '{$form_username}'", $c); if (mysql_num_rows($uq) == 0) { die("<h3>{GAME_NAME} Error</h3>\n\tInvalid username or password!<br />\n\t<a href='login.php'>> Back</a>"); } else { $mem = mysql_fetch_assoc($uq); $login_failed = false; // Pass Salt generation: autofix if (empty($mem['pass_salt'])) { if (md5($raw_password) != $mem['userpass']) { $login_failed = true; } $salt = generate_pass_salt(); $enc_psw = encode_password($mem['userpass'], $salt, true); $e_salt = mysql_real_escape_string($salt, $c); // in case of changed salt function $e_encpsw = mysql_real_escape_string($enc_psw, $c); // ditto for password encoder mysql_query("UPDATE `users`\n \t\t SET `pass_salt` = '{$e_salt}', `userpass` = '{$e_encpsw}'\n \t\t WHERE `userid` = {$mem['userid']}", $c); } else { $login_failed = !verify_user_password($raw_password, $mem['pass_salt'], $mem['userpass']); } if ($login_failed) { die("<h3>{GAME_NAME} Error</h3>\n\t\tInvalid username or password!<br />\n\t\t<a href='login.php'>> Back</a>"); } if ($mem['userid'] == 1 && file_exists('./installer.php')) { die("<h3>{GAME_NAME} Error</h3>\n The installer still exists! You need to delete installer.php immediately.<br />\n <a href='login.php'>> Back</a>"); }
function new_user_submit() { global $ir, $c, $userid; if (!isset($_POST['username']) || !isset($_POST['login_name']) || !isset($_POST['userpass'])) { print "You missed one or more of the required fields. Please go back and try again.<br />\n<a href='new_staff.php?action=newuser'>> Back</a>"; $h->endpage(); exit; } $level = abs((int) $_POST['level']); $money = abs((int) $_POST['money']); $crystals = abs((int) $_POST['crystals']); $donator = abs((int) $_POST['donatordays']); $ulevel = abs((int) $_POST['user_level']); $strength = abs((int) $_POST['strength']); $agility = abs((int) $_POST['agility']); $guard = abs((int) $_POST['guard']); $labour = abs((int) $_POST['labour']); $iq = abs((int) $_POST['iq']); $energy = 10 + $level * 2; $brave = 3 + $level * 2; $hp = 50 + $level * 50; $username = mysql_real_escape_string(strip_tags(stripslashes($_POST['username'])), $c); $loginname = mysql_real_escape_string(strip_tags(stripslashes($_POST['login_name'])), $c); $password = stripslashes($_POST['userpass']); $salt = generate_pass_salt(); $enc_psw = encode_password($password, $salt, false); $i_salt = mysql_real_escape_string($salt, $c); $i_encpsw = mysql_real_escape_string($enc_psw, $c); $email = mysql_real_escape_string(strip_tags(stripslashes($_POST['email'])), $c); $gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female')) ? $_POST['gender'] : 'Male'; mysql_query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays,\n user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender,\n signedup, email, bankmoney, pass_salt)\n VALUES( '{$username}', '{$loginname}', '{$i_encpsw}', {$level},\n {$money}, {$crystals}, {$donator}, {$ulevel}, {$energy}, {$energy}, 100, 100, {$brave}, {$brave}, {$hp}, {$hp}, 1,\n '{$gender}', " . time() . ", '{$email}', -1, '{$i_salt}')", $c); $i = mysql_insert_id($c); mysql_query("INSERT INTO userstats VALUES({$i}, {$strength}, {$agility}, {$guard}, {$labour}, {$iq})", $c); print "User created!"; }
function install() { menuprint('sql'); $paypal = isset($_POST['paypal']) && valid_email($_POST['paypal']) ? gpc_cleanup($_POST['paypal']) : ''; $adm_email = isset($_POST['a_email']) && valid_email($_POST['a_email']) ? gpc_cleanup($_POST['a_email']) : ''; $adm_username = isset($_POST['a_username']) && strlen($_POST['a_username']) > 3 ? gpc_cleanup($_POST['a_username']) : ''; $adm_gender = isset($_POST['gender']) && in_array($_POST['gender'], array('Male', 'Female'), true) ? $_POST['gender'] : 'Male'; $description = isset($_POST['game_description']) ? gpc_cleanup($_POST['game_description']) : ''; $owner = isset($_POST['game_owner']) && strlen($_POST['game_owner']) > 3 ? gpc_cleanup($_POST['game_owner']) : ''; $game_name = isset($_POST['game_name']) ? gpc_cleanup($_POST['game_name']) : ''; $adm_pswd = isset($_POST['a_password']) && strlen($_POST['a_password']) > 3 ? gpc_cleanup($_POST['a_password']) : ''; $adm_cpswd = isset($_POST['a_cpassword']) ? gpc_cleanup($_POST['a_cpassword']) : ''; $db_hostname = isset($_POST['hostname']) ? gpc_cleanup($_POST['hostname']) : ''; $db_username = isset($_POST['username']) ? gpc_cleanup($_POST['username']) : ''; $db_password = isset($_POST['password']) ? gpc_cleanup($_POST['password']) : ''; $db_database = isset($_POST['database']) ? gpc_cleanup($_POST['database']) : ''; $errors = array(); if (empty($db_hostname)) { $errors[] = 'No Database hostname specified'; } if (empty($db_username)) { $errors[] = 'No Database username specified'; } if (empty($db_database)) { $errors[] = 'No Database database specified'; } if (empty($adm_username) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $adm_username)) { $errors[] = 'Invalid admin username specified'; } if (empty($adm_pswd)) { $errors[] = 'Invalid admin password specified'; } if ($adm_pswd !== $adm_cpswd) { $errors[] = 'The admin passwords did not match'; } if (empty($adm_email)) { $errors[] = 'Invalid admin email specified'; } if (empty($owner) || !preg_match("/^[a-z0-9_]+([\\s]{1}[a-z0-9_]|[a-z0-9_])+\$/i", $owner)) { $errors[] = 'Invalid game owner specified'; } if (empty($game_name)) { $errors[] = 'Invalid game name specified'; } if (empty($description)) { $errors[] = 'Invalid game description specified'; } if (empty($paypal)) { $errors[] = 'Invalid game PayPal specified'; } if (count($errors) > 0) { echo "Installation failed.<br />\n There were one or more problems with your input.<br />\n <br />\n <b>Problem(s) encountered:</b>\n <ul>"; foreach ($errors as $error) { echo "<li><span style='color: red;'>{$error}</span></li>"; } echo "</ul>\n > <a href='installer.php?code=config'>Go back to config</a>"; require_once 'installer_foot.php'; exit; } // Try to establish DB connection first... echo 'Attempting DB connection...<br />'; $c = mysql_connect($db_hostname, $db_username, $db_password); mysql_select_db($db_database, $c); // Done, move on echo '... Successful.<br />'; echo 'Writing game config file...<br />'; echo 'Write DB Connector...<br />'; $code = md5(rand(1, 100000000000)); if (file_exists("mysql.php")) { unlink("mysql.php"); } $e_db_hostname = addslashes($db_hostname); $e_db_username = addslashes($db_username); $e_db_password = addslashes($db_password); $e_db_database = addslashes($db_database); $config_file = <<<EOF <?php \$c = mysql_connect('{$e_db_hostname}', '{$e_db_username}', '{$e_db_password}') or die(mysql_error()); mysql_select_db('{$e_db_database}', \$c); EOF; $f = fopen('mysql.php', 'w'); fwrite($f, $config_file); fclose($f); echo '... file written.<br />'; echo 'Writing base database schema...<br />'; $fo = fopen("dbdata.sql", "r"); $query = ''; $lines = explode("\n", fread($fo, 1024768)); fclose($fo); foreach ($lines as $line) { if (!(strpos($line, "--") === 0) && trim($line) != '') { $query .= $line; if (!(strpos($line, ";") === FALSE)) { mysql_query($query); $query = ''; } } } echo '... done.<br />'; echo 'Writing game configuration...<br />'; $ins_username = mysql_real_escape_string(htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1'), $c); $salt = generate_pass_salt(); $e_salt = mysql_real_escape_string($salt, $c); $encpsw = encode_password($adm_pswd, $salt); $e_encpsw = mysql_real_escape_string($encpsw, $c); $ins_email = mysql_real_escape_string($adm_email, $c); $IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR'], $c); $ins_game_name = htmlentities($game_name, ENT_QUOTES, 'ISO-8859-1'); $ins_game_desc = nl2br(htmlentities($description, ENT_QUOTES, 'ISO-8859-1')); $ins_game_owner = htmlentities($owner, ENT_QUOTES, 'ISO-8859-1'); $ins_game_id1name = htmlentities($adm_username, ENT_QUOTES, 'ISO-8859-1'); mysql_query("INSERT INTO `users`\n (`username`, `login_name`, `userpass`, `level`, `money`,\n `crystals`, `donatordays`, `user_level`, `energy`, `maxenergy`,\n `will`, `maxwill`, `brave`, `maxbrave`, `hp`, `maxhp`, `location`,\n `gender`, `signedup`, `email`, `bankmoney`, `lastip`,\n `pass_salt`)\n VALUES ('{$ins_username}', '{$ins_username}', '{$e_encpsw}', 1,\n 100, 0, 0, 2, 12, 12, 100, 100, 5, 5, 100, 100, 1,\n '{$adm_gender}', " . time() . ", '{$ins_email}', -1, '{$IP}',\n '{$e_salt}')", $c) or die(mysql_error()); $i = mysql_insert_id($c); mysql_query("INSERT INTO `userstats`\n \t\t VALUES({$i}, 10, 10, 10, 10, 10)", $c); $gamename_files = array('authenticate.php', 'donator.php', 'explore.php', 'gamerules.php', 'header.php', 'helptutorial.php', 'loggedin.php', 'login.php', 'new_staff.php', 'register.php', 'voting.php'); $gameowner_files = array('header.php', 'login.php'); $paypal_files = array('donator.php', 'willpotion.php'); $gamedesc_files = array('login.php'); $id1_files = array('gamerules.php'); $cron_files = array('crons/cron_day.php', 'crons/cron_fivemins.php', 'crons/cron_hour.php', 'crons/cron_minute.php'); foreach ($gamename_files as $file) { file_update($file, '{GAME_NAME}', $ins_game_name); } foreach ($gameowner_files as $file) { file_update($file, '{GAME_OWNER}', $ins_game_owner); } foreach ($paypal_files as $file) { file_update($file, '{PAYPAL}', $paypal); } foreach ($gamedesc_files as $file) { file_update($file, '{GAME_DESCRIPTION}', $ins_game_desc); } foreach ($id1_files as $file) { file_update($file, '{ID1_NAME}', $ins_game_id1name); } foreach ($cron_files as $file) { file_update($file, '{CRON_CODE}', $code); } echo '... Done.<br />'; $path = dirname($_SERVER['SCRIPT_FILENAME']); echo "\n <h2>Installation Complete!</h2>\n <hr />\n <h3>Cron Info</h3>\n <br />\n This is the cron info you need for section <b>1.2 Cronjobs</b> of the installation instructions.<br />\n <pre>\n */5 * * * * php {$path}/crons/cron_fivemins.php {$code}\n * * * * * php {$path}/crons/cron_minute.php {$code}\n 0 * * * * php {$path}/crons/cron_hour.php {$code}\n 0 0 * * * php {$path}/crons/cron_day.php {$code}\n </pre>\n "; echo "<h3>Installer Security</h3>\n Attempting to remove installer... "; @unlink('./installer.php'); $success = !file_exists('./installer.php'); echo "<span style='color: " . ($success ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />"; if (!$success) { echo "Attempting to lock installer... "; @touch('./installer.lock'); $success2 = file_exists('installer.lock'); echo "<span style='color: " . ($success2 ? "green;'>Succeeded" : "red;'>Failed") . "</span><br />"; if ($success2) { echo "<span style='font-weight: bold;'>" . "You should now remove dbdata.sql, installer.php, installer_foot.php and installer_home.php from your server." . "</span>"; } else { echo "<span style='font-weight: bold; font-size: 20pt;'>" . "YOU MUST REMOVE dbdata.sql, installer.php, " . "installer_foot.php and installer_home.php from your server.<br />" . "Failing to do so will allow other people " . "to run the installer again and potentially " . "mess up your game entirely." . "</span>"; } } else { require_once 'installer_foot.php'; @unlink('./installer_head.php'); @unlink('./installer_foot.php'); @unlink('./dbdata.sql'); exit; } }