function sn_options_model() { global $user, $user_option_list, $lang, $template_result, $config; $FMT_DATE = preg_replace(array('/d/', '/m/', '/Y/'), array('DD', 'MM', 'YYYY'), FMT_DATE); if (sys_get_param_str('mode') == 'change') { if ($user['authlevel'] > 0) { $planet_protection = sys_get_param_int('adm_pl_prot') ? $user['authlevel'] : 0; db_planet_set_by_owner($user['id'], "`id_level` = '{$planet_protection}'"); db_user_set_by_id($user['id'], "`admin_protection` = '{$planet_protection}'"); $user['admin_protection'] = $planet_protection; } if (sys_get_param_int('vacation') && !$config->user_vacation_disable) { sn_db_transaction_start(); if ($user['authlevel'] < 3) { if ($user['vacation_next'] > SN_TIME_NOW) { message($lang['opt_vacation_err_timeout'], $lang['Error'], 'index.php?page=options', 5); die; } $is_building = doquery("SELECT * FROM `{{fleets}}` WHERE `fleet_owner` = '{$user['id']}' LIMIT 1;", true); if ($is_building) { message($lang['opt_vacation_err_your_fleet'], $lang['Error'], 'index.php?page=options', 5); die; } $que = que_get($user['id'], false); if (!empty($que)) { message($lang['opt_vacation_err_que'], $lang['Error'], 'index.php?page=options', 5); die; } $query = classSupernova::db_get_record_list(LOC_PLANET, "`id_owner` = {$user['id']}"); foreach ($query as $planet) { // $planet = sys_o_get_updated($user, $planet, SN_TIME_NOW); // $planet = $planet['planet']; db_planet_set_by_id($planet['id'], "last_update = " . SN_TIME_NOW . ", energy_used = '0', energy_max = '0',\n metal_perhour = '{$config->metal_basic_income}', crystal_perhour = '{$config->crystal_basic_income}', deuterium_perhour = '{$config->deuterium_basic_income}',\n metal_mine_porcent = '0', crystal_mine_porcent = '0', deuterium_sintetizer_porcent = '0', solar_plant_porcent = '0',\n fusion_plant_porcent = '0', solar_satelit_porcent = '0', ship_sattelite_sloth_porcent = 0"); } $user['vacation'] = SN_TIME_NOW + $config->player_vacation_time; } else { $user['vacation'] = SN_TIME_NOW; } sn_db_transaction_commit(); } foreach ($user_option_list as $option_group_id => $option_group) { foreach ($option_group as $option_name => $option_value) { if ($user[$option_name] !== null) { $user[$option_name] = sys_get_param_str($option_name); } else { $user[$option_name] = $option_value; } } } $options = sys_user_options_pack($user); $player_options = sys_get_param('options'); if (!empty($player_options)) { array_walk($player_options, function (&$value) { // TODO - Когда будет больше параметров - сделать больше проверок $value = intval($value); }); player_save_option_array($user, $player_options); if ($player_options[PLAYER_OPTION_MENU_HIDE_SHOW_BUTTON] == PLAYER_OPTION_MENU_HIDE_SHOW_BUTTON_HIDDEN) { sn_setcookie(SN_COOKIE . '_menu_hidden', '0', time() - PERIOD_WEEK, SN_ROOT_RELATIVE); } } $username = substr(sys_get_param_str_unsafe('username'), 0, 32); $username_safe = db_escape($username); if ($username && $user['username'] != $username && $config->game_user_changename != SERVER_PLAYER_NAME_CHANGE_NONE && sys_get_param_int('username_confirm')) { // проверка на корректность sn_db_transaction_start(); $name_check = doquery("SELECT * FROM {{player_name_history}} WHERE `player_name` LIKE \"{$username_safe}\" LIMIT 1 FOR UPDATE;", true); if (!$name_check || $name_check['player_id'] == $user['id']) { $user = db_user_by_id($user['id'], true); switch ($config->game_user_changename) { case SERVER_PLAYER_NAME_CHANGE_PAY: if (mrc_get_level($user, $planetrow, RES_DARK_MATTER) < $config->game_user_changename_cost) { $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_no_dm']); break; } rpg_points_change($user['id'], RPG_NAME_CHANGE, -$config->game_user_changename_cost, sprintf('Пользователь ID %d сменил имя с "%s" на "%s"', $user['id'], $user['username'], $username)); case SERVER_PLAYER_NAME_CHANGE_FREE: db_user_set_by_id($user['id'], "`username` = '{$username_safe}'"); doquery("REPLACE INTO {{player_name_history}} SET `player_id` = {$user['id']}, `player_name` = \"{$username_safe}\""); // TODO: Change cookie to not force user relogin sn_setcookie(SN_COOKIE, '', time() - PERIOD_WEEK, SN_ROOT_RELATIVE); $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_name_changed']); $user['username'] = $username; break; } } else { $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_used_name']); } sn_db_transaction_commit(); } $new_password = sys_get_param('newpass1'); if ($new_password) { try { if ($new_password != sys_get_param('newpass2')) { throw new Exception($lang['opt_err_pass_unmatched'], ERR_WARNING); } //if(sec_password_encode(sys_get_param('db_password'), $user['salt']) != $user['password']) { if (!sec_password_change($user, $new_password, sys_get_param('db_password'), 1)) { // OK throw new Exception($lang['opt_err_pass_wrong'], ERR_WARNING); } //sec_set_cookie_by_user($user, 1); // Не нужно - мы просто перечитаем запись //$aUser = db_user_by_id($user['id']); //$user['password'] = $aUser['password']; //$user['salt'] = $aUser['salt']; // if(!sec_password_check($user, sys_get_param('db_password'))) { // throw new Exception($lang['opt_err_pass_wrong'], ERR_WARNING); // } // // $user['salt'] = sec_password_salt_generate(); // $user['password'] = sec_password_encode($new_password, $user['salt']); // Changed cookie to not force user relogin // sn_setcookie(SN_COOKIE, '', time() - PERIOD_WEEK, SN_ROOT_RELATIVE); // sn_cookie_set_user($user, 1); // sec_set_cookie_by_fields($user['id'], $user['username'], $user['password'], 1); throw new Exception($lang['opt_msg_pass_changed'], ERR_NONE); } catch (Exception $e) { $template_result['.']['result'][] = array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage()); } } $user['email'] = sys_get_param_str('db_email'); if (!$user['email_2']) { $user['email_2'] = sys_get_param_str('db_email2'); } $user['dpath'] = sys_get_param_str('dpath'); $user['lang'] = sys_get_param_str('langer', $user['lang']); if ($lang->lng_switch($user['lang'])) { lng_include('options'); lng_include('messages'); } $user['design'] = sys_get_param_int('design'); $user['noipcheck'] = sys_get_param_int('noipcheck'); $user['spio_anz'] = sys_get_param_int('spio_anz'); $user['settings_tooltiptime'] = sys_get_param_int('settings_tooltiptime'); $user['settings_fleetactions'] = sys_get_param_int('settings_fleetactions', 1); $user['settings_esp'] = sys_get_param_int('settings_esp'); $user['settings_wri'] = sys_get_param_int('settings_wri'); $user['settings_bud'] = sys_get_param_int('settings_bud'); $user['settings_mis'] = sys_get_param_int('settings_mis'); $user['settings_statistics'] = sys_get_param_int('settings_statistics'); $user['settings_info'] = sys_get_param_int('settings_info'); $user['settings_rep'] = sys_get_param_int('settings_rep'); $user['planet_sort'] = sys_get_param_int('settings_sort'); $user['planet_sort_order'] = sys_get_param_int('settings_order'); $user['deltime'] = !sys_get_param_int('deltime') ? 0 : ($user['deltime'] ? $user['deltime'] : SN_TIME_NOW + $config->player_delete_time); $gender = sys_get_param_int('gender', $user['gender']); !isset($lang['sys_gender_list'][$gender]) ? $gender = $user['gender'] : false; $user['gender'] = $user['gender'] == GENDER_UNKNOWN ? $gender : $user['gender']; try { if ($user['birthday']) { throw new exception(); } $user_birthday = sys_get_param_str_unsafe('user_birthday'); if (!$user_birthday || $user_birthday == $FMT_DATE) { throw new exception(); } // Some black magic to parse any valid date format - those that contains all three "d", "m" and "Y" and any of the delimeters "\", "/", ".", "-" $pos['d'] = strpos(FMT_DATE, 'd'); $pos['m'] = strpos(FMT_DATE, 'm'); $pos['Y'] = strpos(FMT_DATE, 'Y'); asort($pos); $i = 0; foreach ($pos as &$position) { $position = ++$i; } $regexp = "/" . preg_replace(array('/\\\\/', '/\\//', '/\\./', '/\\-/', '/d/', '/m/', '/Y/'), array('\\\\\\', '\\/', '\\.', '\\-', '(\\d?\\d)', '(\\d?\\d)', '(\\d{4})'), FMT_DATE) . "/"; if (!preg_match($regexp, $user_birthday, $match)) { throw new exception(); } if (!checkdate($match[$pos['m']], $match[$pos['d']], $match[$pos['Y']])) { throw new exception(); } $user['user_birthday'] = db_escape("{$match[$pos['Y']]}-{$match[$pos['m']]}-{$match[$pos['d']]}"); // EOF black magic! Now we have valid SQL date in $user['user_birthday'] - independent of date format $year = date('Y', SN_TIME_NOW); if (mktime(0, 0, 0, $match[$pos['m']], $match[$pos['d']], $year) > SN_TIME_NOW) { $year--; } $user['user_birthday_celebrated'] = db_escape("{$year}-{$match[$pos['m']]}-{$match[$pos['d']]}"); $user_birthday = ", `user_birthday` = '{$user['user_birthday']}', `user_birthday_celebrated` = '{$user['user_birthday_celebrated']}'"; } catch (exception $e) { $user_birthday = ''; } require_once 'includes/includes/sys_avatar.php'; $avatar_upload_result = sys_avatar_upload($user['id'], $user['avatar']); $template_result['.']['result'][] = $avatar_upload_result; $user_time_diff = user_time_diff_get(); if (sys_get_param_int('user_time_diff_forced')) { user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => sys_get_param_int('user_time_diff'), PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 1, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL)); } elseif (sys_get_param_int('opt_time_diff_clear') || $user_time_diff[PLAYER_OPTION_TIME_DIFF_FORCED]) { user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => '', PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 0, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL)); } $user_options_safe = db_escape($user['options']); // `username` = '{$username_safe}', // `password` = '{$user['password']}', `salt` = '{$user['salt']}', db_user_set_by_id($user['id'], "`email` = '{$user['email']}', `email_2` = '{$user['email_2']}', `lang` = '{$user['lang']}', `avatar` = '{$user['avatar']}',\n `dpath` = '{$user['dpath']}', `design` = '{$user['design']}', `noipcheck` = '{$user['noipcheck']}',\n `planet_sort` = '{$user['planet_sort']}', `planet_sort_order` = '{$user['planet_sort_order']}', `spio_anz` = '{$user['spio_anz']}',\n `settings_tooltiptime` = '{$user['settings_tooltiptime']}', `settings_fleetactions` = '{$user['settings_fleetactions']}', `settings_esp` = '{$user['settings_esp']}',\n `settings_wri` = '{$user['settings_wri']}', `settings_bud` = '{$user['settings_bud']}', `settings_statistics` = '{$user['settings_statistics']}',\n `settings_info` = '{$user['settings_info']}', `settings_mis` = '{$user['settings_mis']}', `settings_rep` = '{$user['settings_rep']}',\n `deltime` = '{$user['deltime']}', `vacation` = '{$user['vacation']}', `options` = '{$user_options_safe}', `gender` = {$user['gender']}\n {$user_birthday}"); $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']); } elseif (sys_get_param_str('result') == 'ok') { $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']); } $user = db_user_by_id($user['id']); $options = sys_user_options_unpack(&$user); }
function player_create($username_unsafe, $password_raw, $email_unsafe, $options) { global $config, $lang; static $player_options_string = 'opt_mnl_spy^1|opt_email_mnl_spy^0|opt_email_mnl_joueur^0|opt_email_mnl_alliance^0|opt_mnl_attaque^1|opt_email_mnl_attaque^0|opt_mnl_exploit^1|opt_email_mnl_exploit^0|opt_mnl_transport^1|opt_email_mnl_transport^0|opt_email_msg_admin^1|opt_mnl_expedition^1|opt_email_mnl_expedition^0|opt_mnl_buildlist^1|opt_email_mnl_buildlist^0|opt_int_navbar_resource_force^1|'; empty($options['planet_options']) ? $options['planet_options'] = array() : false; $field_set = array('server_name' => SN_ROOT_VIRTUAL, 'register_time' => SN_TIME_NOW, 'user_bot' => $options['user_bot'] = empty($options['user_bot']) ? USER_BOT_PLAYER : $options['total_points'], 'username' => $username_unsafe, 'email' => $email_unsafe, 'email_2' => $email_unsafe, 'lang' => $options['language_iso'] ? $options['language_iso'] : DEFAULT_LANG, 'dpath' => DEFAULT_SKINPATH, 'total_points' => $options['total_points'] = empty($options['total_points']) ? 0 : $options['total_points'], 'options' => (empty($options['options']) ? $player_options_string : $options['options']) . (empty($options['options_extra']) ? '' : $options['options_extra']), 'galaxy' => $options['galaxy'] = intval($options['galaxy'] ? $options['galaxy'] : 0), 'system' => $options['system'] = intval($options['system'] ? $options['system'] : 0), 'planet' => $options['planet'] = intval($options['planet'] ? $options['planet'] : 0)); $user_new = classSupernova::db_ins_field_set(LOC_USER, $field_set); sec_password_change($user_new, $password_raw, false, $options['remember_me'] = intval(!empty($options['remember_me']))); $username_safe = db_escape($username_unsafe); // $options['language_iso'] = db_escape($options['language_iso'] ? $options['language_iso'] : DEFAULT_LANG); // $options['remember_me'] = intval(!empty($options['remember_me'])); // // $skin_safe = db_escape(DEFAULT_SKINPATH); // $email_safe = db_escape($email_unsafe); // // // sn_db_field_set_make_safe($field_set, $serialize = false) // // $user_new = classSupernova::db_ins_record(LOC_USER, "`username` = '{$username_safe}', `email` = '{$email_safe}', `email_2` = '{$email_safe}', `dpath` = '{$skin_safe}', // `lang` = '{$options['language_iso']}', `register_time` = " . SN_TIME_NOW . ", `server_name` = '" . db_escape(SN_ROOT_VIRTUAL) . "', // `options` = 'opt_mnl_spy^1|opt_email_mnl_spy^0|opt_email_mnl_joueur^0|opt_email_mnl_alliance^0|opt_mnl_attaque^1|opt_email_mnl_attaque^0|opt_mnl_exploit^1|opt_email_mnl_exploit^0|opt_mnl_transport^1|opt_email_mnl_transport^0|opt_email_msg_admin^1|opt_mnl_expedition^1|opt_email_mnl_expedition^0|opt_mnl_buildlist^1|opt_email_mnl_buildlist^0|opt_int_navbar_resource_force^1|';"); doquery("REPLACE INTO {{player_name_history}} SET `player_id` = {$user_new['id']}, `player_name` = '{$username_safe}'"); if (!empty($options['partner_id']) && ($referral_row = db_user_by_id($options['partner_id'], true))) { doquery("INSERT INTO {{referrals}} SET `id` = {$user_new['id']}, `id_partner` = {$options['partner_id']}"); } if (!($options['galaxy'] && $options['system'] && $options['planet'])) { $options['galaxy'] = $config->LastSettedGalaxyPos; $options['system'] = $config->LastSettedSystemPos; $segment_size = floor($config->game_maxPlanet / 3); $segment = floor($config->LastSettedPlanetPos / $segment_size); $segment++; $options['planet'] = mt_rand(1 + $segment * $segment_size, ($segment + 1) * $segment_size); // $new_planet_id = 0; while (true) { if ($options['planet'] > $config->game_maxPlanet) { $options['planet'] = mt_rand(0, $segment_size - 1) + 1; $options['system']++; } if ($options['system'] > $config->game_maxSystem) { $options['system'] = 1; $options['galaxy']++; } $options['galaxy'] > $config->game_maxGalaxy ? $options['galaxy'] = 1 : false; $galaxy_row = db_planet_by_gspt($options['galaxy'], $options['system'], $options['planet'], PT_PLANET, true, 'id'); if (!$galaxy_row['id']) { $config->db_saveItem(array('LastSettedGalaxyPos' => $options['galaxy'], 'LastSettedSystemPos' => $options['system'], 'LastSettedPlanetPos' => $options['planet'])); // $new_planet_id = uni_create_planet($options['galaxy'], $options['system'], $options['planet'], $user_new['id'], $username_unsafe . ' ' . $lang['sys_capital'], true, $options['planet_options']); break; } $options['planet'] += 3; } } $new_planet_id = uni_create_planet($options['galaxy'], $options['system'], $options['planet'], $user_new['id'], $username_unsafe . ' ' . $lang['sys_capital'], true, $options['planet_options']); sys_player_new_adjust($user_new['id'], $new_planet_id); db_user_set_by_id($user_new['id'], "`id_planet` = '{$new_planet_id}', `current_planet` = '{$new_planet_id}', `galaxy` = '{$options['galaxy']}', `system` = '{$options['$system']}', `planet` = '{$options['$planet']}'"); $config->db_saveItem('users_amount', $config->users_amount + 1); return db_user_by_id($user_new['id']); }
function sec_restore_password_confirm($confirm_safe, &$result) { global $lang, $config; try { $last_confirm = doquery("SELECT *, UNIX_TIMESTAMP(`create_time`) as `unix_time` FROM {{confirmations}} WHERE `code` = '{$confirm_safe}' AND `type` = " . CONFIRM_PASSWORD_RESET . " LIMIT 1;", true); if (!isset($last_confirm['id'])) { throw new exception(PASSWORD_RESTORE_ERROR_CODE_WRONG); } if (SN_TIME_NOW - $last_confirm['unix_time'] > PERIOD_DAY) { throw new exception(PASSWORD_RESTORE_ERROR_CODE_TOO_OLD); } $new_password = sys_random_string(8, SN_SYS_SEC_CHARS_CONFIRMATION); // $salt_unsafe = sec_password_salt_generate(); // $md5 = sec_password_encode($new_password, $salt_unsafe); // $salt_safe = db_escape($salt_unsafe); //if(!db_user_set_by_id($last_confirm['id_user'], "`password` = '{$md5}', `salt` = '{$salt_safe}'")) { if (!sec_password_change($last_confirm['id_user'], $new_password, false, 1)) { // OK throw new exception(PASSWORD_RESTORE_ERROR_CHANGE); } $message = sprintf($lang['log_lost_email_pass'], $config->game_name, $new_password); @($operation_result = mymail($last_confirm['email'], sprintf($lang['log_lost_email_title'], $config->game_name), htmlspecialchars($message))); $message = sys_bbcodeParse($message) . '<br><br>'; $result[F_PASSWORD_NEW] = $new_password; $result[F_LOGIN_STATUS] = $operation_result ? PASSWORD_RESTORE_SUCCESS_PASSWORD_SENT : PASSWORD_RESTORE_SUCCESS_PASSWORD_SEND_ERROR; $result[F_LOGIN_MESSAGE] = $message . ($operation_result ? $lang['log_lost_sent_pass'] : $lang['log_lost_err_sending']); doquery("DELETE FROM {{confirmations}} WHERE `id` = '{$last_confirm['id']}' AND `type` = " . CONFIRM_PASSWORD_RESET . " LIMIT 1;"); // sys_redirect('login.php'); } catch (exception $e) { $result[F_LOGIN_STATUS] = $e->getMessage(); } }