// Verify that user can afford this offer.
if ($player_points >= $buy['points']) {
$data = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$cid}';");
if (!$data) {
die("0: Account is not converted to work with Znote AAC");
}
$old_points = $data['points'];
if ((int) $old_points != (int) $player_points) {
die("1: Failed to equalize your points.");
}
// Remove points if they can afford
// Give points to user
$expense_points = $buy['points'];
$new_points = $old_points - $expense_points;
$update_account = mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='{$cid}'");
$data = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$cid}';");
$verify = $data['points'];
if ((int) $old_points == (int) $verify) {
die("2: Failed to equalize your points." . var_dump((int) $old_points, (int) $verify, $new_points, $expense_points));
}
// Do the magic (insert into db, or change sex etc)
// If type is 2 or 3
if ($buy['type'] == 2) {
// Add premium days to account
user_account_add_premdays($cid, $buy['count']);
echo '<font color="green" size="4">You now have ' . $buy['count'] . ' additional days of premium membership.</font>';
} else {
if ($buy['type'] == 3) {
// Character Gender
mysql_insert("INSERT INTO `znote_shop_orders` (`account_id`, `type`, `itemid`, `count`, `time`) VALUES ('{$cid}', '" . $buy['type'] . "', '" . $buy['itemid'] . "', '" . $buy['count'] . "', '{$time}')");
echo '<font color="green" size="4">You now have access to change character gender on your characters. Visit <a href="myaccount.php">My Account</a> to select character and change the gender.</font>';
function user_character_is_compatible($pid)
{
$data = mysql_select_single("SELECT COUNT(`player_id`) AS `count` from `znote_players` WHERE `player_id` = '{$pid}';");
return $data !== false ? $data['count'] : 0;
}
function getCache()
{
$results = mysql_select_single("SELECT `cached` FROM `znote`;");
return $results !== false ? $results['cached'] : false;
}
$newpass = rand(100000000, 999999999);
$salt = '';
if ($config['TFSVersion'] != 'TFS_03') {
// TFS 0.2 and 1.0
$password = sha1($newpass);
} else {
// TFS 0.3/4
if (config('salt') === true) {
$saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='{$email}' LIMIT 1;");
if ($saltdata !== false) {
$salt .= $saltdata['salt'];
}
}
$password = sha1($salt . $newpass);
}
$user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name`, `a`.`id` AS `account_id` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '{$character}' AND `a`.`email` = '{$email}' AND `a`.`name` = '{$username}' LIMIT 1;");
if ($user !== false) {
// Found user
// Give him the new password
mysql_update("UPDATE `accounts` SET `password`='{$password}' WHERE `id`='" . $user['account_id'] . "' LIMIT 1;");
// Send him a mail with the new password
$mailer = new Mail($config['mailserver']);
$title = "{$_SERVER['HTTP_HOST']}: Your new password";
$body = "<h1>Account Recovery</h1>";
$body .= "<p>Your new password is: <b>{$newpass}</b><br>";
$body .= "We recommend you to login and change it before you continue playing. <br>";
$body .= "Enjoy your stay at " . $config['mailserver']['fromName'] . ". <br>";
$body .= "<hr>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
$mailer->sendMail($email, $title, $body, $user['name']);
?>
<h1>Account Found!</h1>
}
//if (isset($_POST['name'])) $name = getValue($_POST['name']);
// Stage 2: Fetch user id and skills
$skills = false;
$pid = 0;
if ($name !== false) {
if (user_character_exist($name)) {
$pid = user_character_id($name);
if ($config['TFSVersion'] != 'TFS_10') {
$skills = mysql_select_multi("SELECT `value` FROM `player_skills` WHERE `player_id`='{$pid}' LIMIT 7;");
$player = mysql_select_single("SELECT `maglevel`, `level`, `vocation` FROM `players` WHERE `id`='{$pid}' LIMIT 1;");
$skills[] = array('value' => $player['maglevel']);
$skills[] = array('value' => $player['level']);
$skills[] = array('value' => $player['vocation']);
} else {
$player = mysql_select_single("SELECT `skill_fist`, `skill_club`, `skill_sword`, `skill_axe`, `skill_dist`, `skill_shielding`, `skill_fishing`, `maglevel`, `level`, `vocation` FROM `players` WHERE `id`='{$pid}' LIMIT 1;");
$skills = array(0 => array('value' => $player['skill_fist']), 1 => array('value' => $player['skill_club']), 2 => array('value' => $player['skill_sword']), 3 => array('value' => $player['skill_axe']), 4 => array('value' => $player['skill_dist']), 5 => array('value' => $player['skill_shielding']), 6 => array('value' => $player['skill_fishing']), 7 => array('value' => $player['maglevel']), 8 => array('value' => $player['level']), 9 => array('value' => $player['vocation']));
}
//data_dump($skills, false, "Player skills");
} else {
$name = false;
}
}
?>
<form action="" method="<?php
if (!$name) {
echo "get";
} else {
echo "post";
}
?>
include 'layout/overall/header.php';
protect_page();
admin_only($user_data);
// Declare as int
$view = isset($_GET['view']) && (int) $_GET['view'] > 0 ? (int) $_GET['view'] : false;
if ($view !== false) {
if (!empty($_POST['reply_text'])) {
sanitize($_POST['reply_text']);
// Save ticket reply on database
$query = array('tid' => $view, 'username' => getValue($_POST['username']), 'message' => getValue($_POST['reply_text']), 'created' => time());
$fields = '`' . implode('`, `', array_keys($query)) . '`';
$data = '\'' . implode('\', \'', $query) . '\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ({$fields}) VALUES ({$data})");
mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`='{$view}' LIMIT 1;");
}
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='{$view}' LIMIT 1;");
?>
<h1>View Ticket #<?php
echo $ticketData['id'];
?>
</h1>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
echo getClock($ticketData['creation'], true);
?>
- Created by:
<?php
echo $ticketData['username'];
?>
// POST update
if ($changelogId > 0) {
mysql_update("UPDATE `znote_changelog` SET `text`='{$changelogText}' WHERE `id`='{$changelogId}' LIMIT 1;");
echo "<h2>Changelog message updated!</h2>";
$updateCache = true;
} else {
// POST create
$time = time();
mysql_insert("INSERT INTO `znote_changelog` (`text`, `time`, `report_id`, `status`) VALUES ('{$changelogText}', '{$time}', '0', '35');");
echo "<h2>Changelog message created!</h2>";
$updateCache = true;
}
}
}
if ($action === 2) {
$old = mysql_select_single("SELECT `text` FROM `znote_changelog` WHERE `id`='{$changelogId}' LIMIT 1;");
}
// HTML to create or update
?>
<h3>Add or update changelog</h3>
<form action="" method="POST">
<input name="changelogId" type="hidden" value="<?php
echo $action === 2 ? $changelogId : 0;
?>
">
<textarea rows="7" cols="40" maxlength="254" name="changelogText"><?php
echo $action === 2 ? $old['text'] : '';
?>
</textarea><br>
<input type="submit" value="Add or update changelog">
</form>
$oldname = $char_name;
$newname = isset($_POST['newName']) ? getValue($_POST['newName']) : '';
$player = false;
if ($config['TFSVersion'] === 'TFS_10') {
$player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '{$oldname}'");
$player['online'] = user_is_online_10($player['id']) ? 1 : 0;
} else {
$player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '{$oldname}'");
}
// Check if user is online
if ($player['online'] == 1) {
$errors[] = 'Character must be offline first.';
}
// Check if player has bough ticket
$accountId = $player['account_id'];
$order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '{$accountId}' LIMIT 1;");
if ($order === false) {
$errors[] = 'Did not find any name change tickets, buy them in our <a href="shop.php">shop!</a>';
}
// Check if player and account matches
if ($session_user_id != $accountId || $session_user_id != $order['account_id']) {
$errors[] = 'Failed to sync your account. :|';
}
$newname = validate_name($newname);
if ($newname === false) {
$errors[] = 'Your name can not contain more than 2 words.';
} else {
if (empty($newname)) {
$errors[] = 'Please enter a name!';
} else {
if (user_character_exist($newname) !== false) {
}
$errors[] = 'The password to the account of character name: ' . $_POST['reset_pass'] . ' has been set to: ' . $_POST['new_pass'] . '.';
} else {
header('Location: changepassword.php');
exit;
}
}
}
// Give points to character
if (empty($_POST['points_char']) === false && empty($_POST['points_value']) === false) {
$char = sanitize($_POST['points_char']);
$points = (int) $_POST['points_value'];
data_dump($_POST, false, "post data");
$account = mysql_select_single("SELECT `account_id` FROM `players` WHERE `name`='{$char}' LIMIT 1;");
data_dump($account, false, "fetching account id from players table");
$znote_account = mysql_select_single("SELECT `id`, `points` FROM `znote_accounts` WHERE `account_id`='" . $account['account_id'] . "';");
data_dump($znote_account, false, "Fetching existing points from znote_accounts");
data_dump(array('Old:' => $znote_account['points'], 'New:' => $points, 'Total:' => $znote_account['points'] + $points), false, "Points calculation:");
$points += $znote_account['points'];
mysql_update("UPDATE `znote_accounts` SET `points`='{$points}' WHERE `account_id`='" . $account['account_id'] . "';");
}
// Set character position
if (empty($_POST['position_name']) === false && empty($_POST['position_type']) === false) {
if (user_character_exist($_POST['position_name'])) {
if (array_key_exists($_POST['position_type'], $config['ingame_positions'])) {
if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') {
set_ingame_position($_POST['position_name'], $_POST['position_type']);
} else {
if ($config['TFSVersion'] == 'TFS_03') {
set_ingame_position03($_POST['position_name'], $_POST['position_type']);
}
function user_login_03($username, $password)
{
if (config('salt') === true) {
$username = sanitize($username);
$data = mysql_select_single("SELECT `salt`, `id`, `password`, `name` FROM `accounts` WHERE `name`='{$username}';");
$salt = $data['salt'];
if (!empty($salt)) {
$password = sha1($salt . $password);
} else {
$password = sha1($password);
}
return $data !== false && $data['name'] == $username && $data['password'] == $password ? $data['id'] : false;
} else {
return user_login($username, $password);
}
}
if (count($path) === 1) {
$path = explode('\\', $entity->getPathname());
}
$plugins[$path[1]] = $path[2];
}
}
}
}
$response['modules'] = $plugins;
$response['data']['title'] = $config['site_title'];
$response['data']['slogan'] = $config['site_title_context'];
$response['data']['time'] = getClock(time(), false, true);
$response['data']['time_formatted'] = getClock(time(), true, true);
// Account count
$accounts = mysql_select_single("SELECT COUNT('id') AS `count` FROM `accounts`;");
$response['data']['accounts'] = $accounts !== false ? $accounts['count'] : 0;
// Player count
$players = mysql_select_single("SELECT COUNT('id') AS `count` FROM `players`;");
$response['data']['players'] = $players !== false ? $players['count'] : 0;
// online player count
if ($config['TFSVersion'] != 'TFS_10') {
$online = mysql_select_single("SELECT COUNT('id') AS `count` FROM `players` WHERE `status`='1';");
} else {
$online = mysql_select_single("SELECT COUNT('player_id') AS `count` FROM `players_online`;");
}
$response['data']['online'] = $online !== false ? $online['count'] : 0;
$response['data']['client'] = $config['client'];
$response['data']['port'] = $config['port'];
$response['data']['guildwar'] = $config['guildwar_enabled'];
$response['data']['forum'] = $config['forum']['enabled'];
SendResponse($response);
<input name="create_thread_title" type="text" placeholder="Thread Subject" style="width: 592px;"><br><br>
<textarea name="create_thread_text" style="width: 100%; height: 250px" placeholder="Message"></textarea><br>
<br><input type="submit" value="Create Thread" class="btn btn-success">
</form>
<?php
} else {
echo '<p><b><font color="red">Permission to create thread denied.</font></b></p>';
}
}
} else {
/////////////////////
// When category is specified
if ($getCat !== false) {
$getCat = (int) $getCat;
// Fetch category rules
$category = mysql_select_single("SELECT `name`, `access`, `closed`, `hidden`, `guild_id` FROM `znote_forum` WHERE `id`='{$getCat}' AND `access`<='{$yourAccess}' LIMIT 1;");
if ($category !== false && $category['guild_id'] > 0 && !$admin) {
$access = false;
foreach ($charData as $char) {
if ($category['guild_id'] == $char['guild']) {
$access = true;
}
}
if ($access !== true) {
$category = false;
}
}
if ($category !== false) {
// TODO : Verify guild access
//foreach($charData)
echo "<strong><a href='forum.php'>Forum</a> » " . $category['name'] . "</strong><br><br>";
}
}
?>
<!-- leave guild with character -->
<?php
$bool = false;
if (user_logged_in() === true) {
for ($i = 0; $i < $char_count; $i++) {
foreach ($players as $player) {
if ($player['name'] == $characters[$i]) {
$bool = true;
}
}
}
if ($bool) {
$forumExist = mysql_select_single("SELECT `id` FROM `znote_forum` WHERE `guild_id`='{$gid}' LIMIT 1;");
if ($forumExist !== false) {
?>
- <font size="4"><a href="forum.php?cat=<?php
echo $forumExist['id'];
?>
">Visit Guild Board</a></font><br><br><br><?php
}
?>
<form action="" method="post">
<ul>
<li>
Leave Guild:<br>
<select name="leave_guild">
<option disabled>With...</option>
if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') {
$login = user_login($username, $password);
} else {
if ($config['TFSVersion'] == 'TFS_03') {
$login = user_login_03($username, $password);
} else {
$login = false;
}
}
if ($login === false) {
$errors[] = 'Username and password combination is wrong.';
} else {
// Check if user have access to login
$status = false;
if ($config['mailserver']['register']) {
$authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='{$login}' AND `active`='1' LIMIT 1;");
if ($authenticate !== false) {
$status = true;
} else {
$errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account.";
}
} else {
$status = true;
}
if ($status) {
setSession('user_id', $login);
// if IP is not set (etc acc created before Znote AAC was in use)
$znote_data = user_znote_account_data($login);
if ($znote_data['ip'] == 0) {
$update_data = array('ip' => ip2long(getIP()));
user_update_znote_account($update_data);
/* PLAYER SKILLS REPAIR SCRIPT IF YOU SOMEHOW DELETE PLAYER SKILLS
---------------------------------------------------------------
Place in root web directory, login to admin account,
and enter site.com/repairSkills.php (with big S).
*/
protect_page();
admin_only($user_data);
$Splayers = 0;
$Salready = 0;
$Sfixed = 0;
$players = mysql_select_multi("SELECT `id` FROM `players`;");
if ($players !== false) {
$Splayers = count($players);
foreach ($players as $char) {
// Check if player have skills
$skills = mysql_select_single("SELECT `value` FROM `player_skills` WHERE `player_id`='" . $char['id'] . "' AND `skillid`='2' LIMIT 1;");
// If he dont have any skills
if ($skills === false) {
$Sfixed++;
// Loop through every skill id and give him default skills.
$query = "INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ";
for ($i = 0; $i < 7; $i++) {
if ($i != 6) {
$query .= "('" . $char['id'] . "', '{$i}', '10', '0'), ";
} else {
$query .= "('" . $char['id'] . "', '{$i}', '10', '0');";
}
}
mysql_insert($query);
} else {
$Salready++;
$results[$i]['forum_id'] = false;
} else {
$results[$i]['title'] = stripBBCode($results[$i]['title']);
$results[$i]['text'] = stripBBCode($results[$i]['text']);
}
}
//if ($results !== false) data_dump($results, false, "Search results");
//else echo "<br><b>No results.</b>";
break;
case 6:
// Search posts
$results = mysql_select_multi("SELECT `thread_id`, `player_name`, `text` FROM `znote_forum_posts` ORDER BY `id` DESC LIMIT {$searchResults};");
// Missing ['forum_id'], ['title'], lets get them
for ($i = 0; $i < count($results); $i++) {
// $results[$i]['asd']
$thread = mysql_select_single("SELECT `forum_id`, `title` FROM `znote_forum_threads` WHERE `id`='" . $results[$i]['thread_id'] . "' LIMIT 1;");
if ($thread !== false) {
$results[$i]['forum_id'] = $thread['forum_id'];
$results[$i]['title'] = $thread['title'];
if (!in_array($results[$i]['forum_id'], $allowedForums)) {
$results[$i]['forum_id'] = false;
} else {
$results[$i]['title'] = stripBBCode($results[$i]['title']);
$results[$i]['text'] = stripBBCode($results[$i]['text']);
}
} else {
$results[$i]['forum_id'] = false;
}
}
// DONE. :)
//data_dump(false, $results, "DATA");
}
if ($updatechangelog) {
// Cache changelog
$cache = new Cache('engine/cache/changelog');
$cache->setContent(mysql_select_multi("SELECT `id`, `text`, `time`, `report_id`, `status` FROM `znote_changelog` ORDER BY `id` DESC;"));
$cache->save();
}
}
// If we should give user price
if ($price > 0) {
$account = mysql_select_single("SELECT `a`.`id`, `a`.`email` FROM `accounts` AS `a` \n INNER JOIN `players` AS `p` ON `p`.`account_id` = `a`.`id`\n WHERE `p`.`name` = '{$playerName}' LIMIT 1;");
if ($account !== false) {
// transaction log
mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '{$reportId}', 'report@admin." . $user_data['name'] . " to " . $account['email'] . "', '" . $account['id'] . "', '0', '" . $price . "')");
// Process payment
$data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='" . $account['id'] . "';");
// Give points to user
$new_points = $data['old_points'] + $price;
mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='" . $account['id'] . "'");
// Remind GM that he sent points to character
echo "<font color='green' size='5'>" . $playerName . " has been granted " . $price . " points for his reports.</font>";
}
}
// GET logic (Edit report data and specify how many [if any] points to give to user)
} elseif (!empty($_GET)) {
// Fetch GET data
$action = getValue($_GET['action']);
$playerName = getValue($_GET['name']);
$reportId = getValue($_GET['id']);
// Fetch the report we intend to modify
foreach ($reports as $sid => $sa) {
if ($ticketData['status'] !== 'CLOSED') {
?>
<form action="" method="post">
<input type="hidden" name="username" value="<?php
echo $ticketData['username'];
?>
"><br>
<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
<input name="" type="submit" value="Post Reply" class="btn btn-primary">
</form>
<?php
}
?>
<?php
} else {
$account = mysql_select_single("SELECT name,email FROM accounts WHERE id = {$session_user_id}");
if (!empty($_POST)) {
$required_fields = array('username', 'email', 'subject', 'message');
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You need to fill in all fields.';
break 1;
}
}
// check errors (= user exist, pass long enough
if (empty($errors) === true) {
/* Token used for cross site scripting security */
if (!Token::isValid($_POST['token'])) {
$errors[] = 'Token is invalid.';
}
if ($config['use_captcha']) {
?>
<h3 class="header-ok">Achievements</h3>
<div id="accordion">
<h3>Show/hide player achievements</h3>
<div>
<table class="table table-striped table-bordered">
<tbody>
<style>
#secondD {
margin-left:0px;
}
</style>
<?php
foreach ($config['achievements'] as $key => $achiv) {
$uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='{$user_id}' AND `key`='{$key}' LIMIT 1;");
foreach ($uery as $luery) {
if ($luery == $key) {
if (!array_key_exists($achiv, $config['achievements'])) {
echo '<tr><td width="17%">' . $achiv[0] . '</td><td>' . $achiv[1] . '</td>';
if ($achiv['secret'] == true) {
echo '<td><img id="secondD" src="http://img04.imgland.net/PuMz0mVqSG.gif"></td>';
echo '<td>' . $achiv['points'] . '</td>';
} else {
echo '<td></td><td>' . $achiv['points'] . '</td>';
}
echo '<tr>';
}
}
}
}
if (isset($_GET['success']) && empty($_GET['success'])) {
if ($config['mailserver']['register']) {
?>
<h1>Email authentication required</h1>
<p>We have sent you an email with an activation link to your submitted email address.</p>
<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
<?php
} else {
echo 'Congratulations! Your account has been created. You may now login to create a character.';
}
} elseif (isset($_GET['authenticate']) && empty($_GET['authenticate'])) {
// Authenticate user, fetch user id and activation key
$auid = isset($_GET['u']) && (int) $_GET['u'] > 0 ? (int) $_GET['u'] : false;
$akey = isset($_GET['k']) && (int) $_GET['k'] > 0 ? (int) $_GET['k'] : false;
// Find a match
$user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='{$auid}' AND `activekey`='{$akey}' AND `active`='0' LIMIT 1;");
if ($user !== false) {
$user = $user['id'];
// Enable the account to login
mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='{$user}' LIMIT 1;");
echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>';
} else {
echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
}
} else {
if (empty($_POST) === false && empty($errors) === true) {
if ($config['log_ip']) {
znote_visitor_insert_detailed_data(1);
}
//Register
$register_data = array('name' => $_POST['username'], 'password' => $_POST['password'], 'email' => $_POST['email'], 'ip' => ip2long(getIP()), 'created' => time());
</li>
<li><b>Rent</b>: <?php
echo $house['rent'];
?>
</li>
</ul>
<?php
// AUCTION MARKUP INIT
if ($house['owner'] == 0) {
?>
<h2>This house is up on auction!</h2>
<?php
if ($house['highest_bidder'] == 0) {
echo "<b>This house don't have any bidders yet.</b>";
} else {
$bidder = mysql_select_single("SELECT `name` FROM `players` WHERE `id`='" . $house['highest_bidder'] . "' LIMIT 1;");
echo "<b>This house have bidders! If you want this house, now is your chance!</b>";
echo "<br><b>Active bid:</b> " . $house['last_bid'] . "gp";
echo "<br><b>Active bid by:</b> <a href='characterprofile.php?name=" . $bidder['name'] . "' target='_BLANK'>" . $bidder['name'] . "</a>";
echo "<br><b>Bid will end on:</b> " . getClock($house['bid_end'], true);
}
if ($house['bid_end'] == 0 || $house['bid_end'] > time()) {
if (user_logged_in()) {
// Your characters, indexed by char_id
$yourChars = mysql_select_multi("SELECT `id`, `name`, `balance` FROM `players` WHERE `account_id`='" . $user_data['id'] . "';");
if ($yourChars !== false) {
$charData = array();
foreach ($yourChars as $char) {
$charData[$char['id']] = $char;
}
?>
<td>Status</td>
</tr>
<?php
// Rolling through quests
foreach ($quests as $key => $quest) {
// Is quest NOT an array (advanced quest?)
if (!is_array($quest)) {
// Query to find quest results
$query = mysql_select_single("SELECT `value` FROM `player_storage` WHERE `key`='{$quest}' AND `player_id`='{$user_id}' AND `value`='1' LIMIT 1;");
if ($query !== false) {
$quest = $completed;
} else {
$quest = $notstarted;
}
} else {
$query = mysql_select_single("SELECT `value` FROM `player_storage` WHERE `key`='" . $quest[0] . "' AND `player_id`='{$user_id}' AND `value`>'0' LIMIT 1;");
if (!$query) {
$quest = $notstarted;
} else {
if ($query['value'] >= $quest[1]) {
$quest = $completed;
} else {
$quest = Progress($query['value'], $quest[1]);
}
}
}
?>
<tr>
<td><?php
echo $key;
?>
require 'config.php';
require 'engine/database/connect.php';
// check that the request comes from PayGol server
if (!in_array($_SERVER['REMOTE_ADDR'], array('109.70.3.48', '109.70.3.146', '109.70.3.58'))) {
header("HTTP/1.0 403 Forbidden");
die("Error: Unknown IP");
}
// get the variables from PayGol system
$message_id = $_GET['message_id'];
$service_id = $_GET['service_id'];
$shortcode = $_GET['shortcode'];
$keyword = $_GET['keyword'];
$message = $_GET['message'];
$sender = $_GET['sender'];
$operator = $_GET['operator'];
$country = $_GET['country'];
$custom = $_GET['custom'];
$points = $_GET['points'];
$price = $_GET['price'];
$currency = $_GET['currency'];
$paygol = $config['paygol'];
$new_points = $paygol['points'];
// Update logs:
mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '{$custom}', '{$price}', '{$new_points}', '{$message_id}', '{$service_id}', '{$shortcode}', '{$keyword}', '{$message}', '{$sender}', '{$operator}', '{$country}', '{$currency}')");
// Fetch points
$account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$custom}';");
// Calculate new points
$new_points = $account['points'] + $new_points;
// Update new points
mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='{$custom}'");
/**
* Create player.
*
* @param none
* @access public
* @return bool $status
**/
public function create()
{
// If player already have an id, the player already exist.
if (is_null($this->_playerdata['id']) && is_string($this->_playerdata['name'])) {
// Confirm player does not exist
$name = format_character_name($this->_playerdata['name']);
$name = validate_name($name);
$name = sanitize($name);
$exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='{$name}' LIMIT 1;");
if ($exist !== false) {
$this->errors[] = "A player with the name [{$name}] already exist.";
return false;
}
$config = fullConfig();
if (user_character_exist($_POST['name']) !== false) {
$errors[] = 'Sorry, that character name already exist.';
}
if (!preg_match("/^[a-zA-Z_ ]+\$/", $_POST['name'])) {
$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
}
if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) {
$errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
}
// name restriction
$resname = explode(" ", $_POST['name']);
foreach ($resname as $res) {
if (in_array(strtolower($res), $config['invalidNameTags'])) {
$errors[] = 'Your username contains a restricted word.';
} else {
if (strlen($res) == 1) {
$errors[] = 'Too short words in your name.';
}
}
}
// Validate vocation id
if (!in_array((int) $_POST['selected_vocation'], $config['available_vocations'])) {
$errors[] = 'Permission Denied. Wrong vocation.';
}
// Validate town id
if (!in_array((int) $_POST['selected_town'], $config['available_towns'])) {
$errors[] = 'Permission Denied. Wrong town.';
}
// Validate gender id
if (!in_array((int) $_POST['selected_gender'], array(0, 1))) {
$errors[] = 'Permission Denied. Wrong gender.';
}
if (vocation_id_to_name($_POST['selected_vocation']) === false) {
$errors[] = 'Failed to recognize that vocation, does it exist?';
}
if (town_id_to_name($_POST['selected_town']) === false) {
$errors[] = 'Failed to recognize that town, does it exist?';
}
if (gender_exist($_POST['selected_gender']) === false) {
$errors[] = 'Failed to recognize that gender, does it exist?';
}
// Char count
$char_count = user_character_list_count($session_user_id);
if ($char_count >= $config['max_characters']) {
$errors[] = 'Your account is not allowed to have more than ' . $config['max_characters'] . ' characters.';
}
if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
}
echo "create player";
// Make sure all neccesary values are set
//Register
$character_data = array('name' => format_character_name($_POST['name']), 'account_id' => $session_user_id, 'vocation' => $_POST['selected_vocation'], 'town_id' => $_POST['selected_town'], 'sex' => $_POST['selected_gender'], 'lastip' => ip2long(getIP()), 'created' => time());
array_walk($character_data, 'array_sanitize');
$cnf = fullConfig();
if ($character_data['sex'] == 1) {
$outfit_type = $cnf['maleOutfitId'];
} else {
$outfit_type = $cnf['femaleOutfitId'];
}
// Create the player
} else {
echo "Player already exist.";
return false;
}
}
