function SpawnSession()
{
global $TABLE_USERS, $FORUM, $rpgDB;
// If forum software is being used for authentication, don't create sessions.
if ($FORUM) {
return;
}
// Ensure the session state is set correctly.
$this->_is_session_valid = false;
// Ensure we have both a username and password.
if (!(isset($_POST['user']) && isset($_POST['pwd']))) {
return false;
}
// Validate the data.
$err = array();
if (!(is_valid_pname($_POST['user'], $err) && is_valid_password($_POST['pwd'], $err))) {
return false;
}
// Check the user against the db.
$res = $rpgDB->query(sprintf("SELECT iplog, slength, email, dm FROM %s WHERE pname = '%s' " . "AND (pwd = PASSWORD('%s') OR pwd = OLD_PASSWORD('%s'))", $TABLE_USERS, addslashes($_POST['user']), addslashes($_POST['pwd']), addslashes($_POST['pwd'])));
if (!$res) {
__printFatalErr("Failed to query database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
return false;
}
$row = $rpgDB->fetch_row($res);
// Record the userdata.
$this->_username = $_POST['user'];
$this->_iplog = unserialize(stripslashes($row['iplog']));
$this->_slength = $row['slength'];
$this->_email = $row['email'];
$this->_dm = $row['dm'] == 'Y';
// Update the iplog.
$this->update_iplog();
// Generate the sid.
$this->_sid = $this->GenerateId();
// Set the session cookie.
setcookie('sid', $this->_sid);
// Determine character access permissions.
$this->_permission = new CharPermission($this->_username, null);
// Update the db.
$res = $rpgDB->query(sprintf("UPDATE %s SET iplog = '%s', ip = '%s', sid = '%s', pwd_key = NULL WHERE pname = '%s'", $TABLE_USERS, addslashes(serialize($this->_iplog)), addslashes($this->_ip), addslashes($this->_sid), addslashes($this->_username)));
if (!$res) {
__printFatalErr("Failed to update database.", __LINE__, __FILE__);
}
if ($rpgDB->num_rows() != 1) {
__printFatalErr("Failed to update user data.", __LINE__, __FILE__);
}
// Now record that this session is valid.
$this->_is_session_valid = true;
// Return success.
return true;
}
function apply_remove_profile(&$character, $profile)
{
$err = array();
if (is_valid_pname($profile, $err)) {
if ($character->RemoveAccessFrom($profile)) {
return true;
}
}
return false;
}
}
if (isset($_POST['user'])) {
// User data was sent:
// Attempt to register the new user.
include_once "{$INCLUDE_PATH}/engine/validation.php";
include_once "{$INCLUDE_PATH}/engine/db.php";
include_once "{$INCLUDE_PATH}/error.php";
// Collect the user data.
$user = $_POST['user'];
$pwd1 = $_POST['pwd1'];
$pwd2 = $_POST['pwd2'];
$email = $_POST['email'];
// The error array.
$err = array();
// Validate the user data.
is_valid_pname($user, $err);
is_valid_password($pwd1, $err);
is_valid_password($pwd2, $err);
is_valid_email($email, $err);
// Check the passwords for consistency.
if ($pwd1 != $pwd2) {
array_push($err, "Your passwords do not match.");
}
$title = 'Error';
$error_page = 'register_error.php';
// Check for errors.
if (sizeof($err) > 0) {
$messages = $err;
draw_page($error_page);
exit;
}
// changepwd.php
// Changes the users password based off a supplied key that must have
// been retrieved via email. The mail would have been sent out via resetpwd.php.
include_once "config.php";
include_once "{$INCLUDE_PATH}/engine/db.php";
include_once "{$INCLUDE_PATH}/engine/validation.php";
include_once "{$INCLUDE_PATH}/engine/sid.class.php";
include_once "{$INCLUDE_PATH}/engine/id.class.php";
include_once "{$INCLUDE_PATH}/engine/templates.php";
include_once "{$INCLUDE_PATH}/error.php";
global $rpgDB;
$sid = new SId();
// Validate the profile name.
$pname = $_POST['pname'];
$err_dummy = array();
if (!is_valid_pname($pname, $err_dummy)) {
__printFatalErr("Invalid profile name.");
}
// Validate the key.
$key = $_POST['key'];
$keygen = new Id();
if (!$keygen->ValidateId($key)) {
__printFatalErr("Invalid key.");
}
// Validate the passwords.
$pwd1 = $_POST['pwd1'];
$pwd2 = $_POST['pwd2'];
$err = array();
if ($pwd1 != $pwd2) {
array_push($err, "Your passswords do not match.");
}