<?php
if (isset($_GET['uid'])) {
if (security::isSecureString($_GET['uid'], 3)) {
$uid = $_GET['uid'];
if (core::$sql->numRows("select * from PW_Restore where RandomPASS = '******'") == 0) {
echo 'this UID is incorrect or have been changed , request a new UID.';
} else {
if (isset($_POST['submit'])) {
//process data
if (!security::isSecureString($_POST['password_new'], 3)) {
$errors[] = "Password [new] contains forbidden symbols";
}
if (strlen($_POST['password_new']) > 32) {
$errors[] = "Password [new] too long";
}
if (strlen($_POST['password_new']) < 6) {
$errors[] = "Passwrod [new] too short";
}
if ($_POST['password_new'] !== $_POST['password_new_confirm']) {
$errors[] = "New Passwords does not match!.";
}
if (count($errors) > 0) {
foreach ($errors as $nElement) {
echo $nElement . ".<br/>";
}
misc::back();
} else {
//verify
if (user::RestorePass($_GET['uid'], $_POST['password_new'])) {
echo "Password changed successfully. <br/>";
<?php
if (isset($_GET['uid'])) {
if (security::isSecureString($_GET['uid'], 3)) {
$uid = $_GET['uid'];
if (core::$sql->numRows("select * from Email_Change where RandomPASS = '******'") == 0) {
echo 'this UID is incorrect or have been changed , request a new UID.';
} else {
if (isset($_POST['submit'])) {
//process data
if (!security::isSecureString($_POST['email_first'], 2)) {
$errors[] = "Password [new] contains forbidden symbols";
}
if (!security::isSecureString($_POST['email_first'], 2)) {
$errors[] = "Password [new] contains forbidden symbols";
}
if (!filter_var($_POST['email_first'], FILTER_VALIDATE_EMAIL)) {
$errors[] = "Email is invalid.";
}
if (strlen($_POST['email_first']) > 54) {
$errors[] = "Email too long";
}
if (strlen($_POST['email_first']) < 10) {
$errors[] = "Email too short";
}
if ($_POST['email_first'] !== $_POST['email_verify']) {
$errors[] = "Emails does not match!.";
}
if (count($errors) > 0) {
foreach ($errors as $nElement) {
echo $nElement . ".<br/>";
} else {
echo "You can't delete message that does not belong to you.<br/>";
}
}
} else {
echo "No messages in inbox";
}
break;
case 'mychars':
//module disabled
if ($core->aConfig['allowListChars'] == 0) {
echo "This module is currently disabled.";
return;
}
if (isset($_GET['charname'])) {
if (!security::isSecureString($_GET['charname'], 3)) {
echo "Invalid char name<br/>";
misc::back();
break;
}
if (user::usernameByCharname($_GET['charname']) != $_SESSION['username']) {
echo "This character is not yours !<br/>";
misc::back();
break;
}
if (isset($_GET['charname']) && isset($_GET['char_act'])) {
switch ($_GET['char_act']) {
case 'reset_pos':
if ($core->aConfig['allowCharTeleport'] == 0) {
echo "This function is disabled.<br/>";
break;
<?php
if (isset($_GET['username']) && security::isSecureString($_GET['username'], 3)) {
$userData = core::$sql->fetchArray("select * from srcms_userprofiles where JID='" . user::accountJIDbyUsername($_GET['username']) . "'");
if ($userData['ispublic'] == '1') {
user::viewProfile($_GET['username']);
//send msg there too
} else {
user::viewProfile($_GET['username']);
//send msg there too
}
} else {
echo "No username specified, or username contains forbidden symbols.<br/>";
}
if ($nMsgCountUnread > 0) {
$msgText = "[<b>{$nMsgCount} / " . $core->aConfig['maxPrivMsg'] . "]</a></b>";
} else {
$msgText = "[{$nMsgCount} / " . $core->aConfig['maxPrivMsg'] . "]</a>";
}
}
echo "{$msgText}\r\n\t<br />\t<td><a href='./?pg=ucp&act=logout'>Logout</a></td>\r\n\t\t</tr>\r\n</table>\r\n\t";
} else {
if ($_POST['submit'] != 'login') {
ucp::showLoginForm();
} else {
//process login
if (security::isSecureString($_POST['username'], 3) == false) {
$errors[] = "Username contains forbidden symbols";
}
if (security::isSecureString($_POST['password'], 3) == false) {
$errors[] = "Password contains forbidden symbols";
}
if (strlen($_POST['username']) > 16) {
$errors[] = "Username too long";
}
if (strlen($_POST['username']) < 3) {
$errors[] = "Username too short";
}
if (strlen($_POST['password']) > 32) {
$errors[] = "Password too long";
}
if (strlen($_POST['password']) < 6) {
$errors[] = "Password too short";
}
if (count($errors) > 0) {
//Guilds Ranking
case 'guild':
core::$sql->changeDB('shard');
if (!isset($_GET['name'])) {
$hQuery = core::$sql->exec("select top 50 * from _Guild where ID > 0 and ID != 24 order by Lvl desc,GatheredSP desc");
echo "<table id='table-3' class='tborder' width='100%' border='0' cellpadding='0' cellspacing='0'>\r\n\t\t\t\t\t<td align='center' class='thead'>Rank</td>\r\n\t\t\t\t\t<td align='center' class='thead'>Name</td>\r\n\t\t\t\t\t<td align='center' class='thead'>Level</td>\r\n\t\t\t\t\t<td align='center' class='thead'>Members</td>\r\n\t\t\t\t\t<td align='center' class='thead'>Points</td><tr/>\r\n\t\t\t\t\t";
$nGuild = 1;
while ($row = mssql_fetch_array($hQuery)) {
$nMembers = core::$sql->getRow("select count(*) from _GuildMember where GuildID='{$row['ID']}'");
echo "\r\n\t\t\t\t<td align='center'>{$nGuild}</td>\r\n\t\t\t\t<td align='center'><a href='?pg=rank&type=guild&name={$row['Name']}'>{$row['Name']}</a></td>\r\n\t\t\t\t<td align='center'>{$row['Lvl']}</td>\r\n\t\t\t\t<td align='center'>{$nMembers}</td>\r\n\t\t\t\t<td align='center'>{$row['GatheredSP']}</td><tr/>";
$nGuild++;
}
echo "</table>";
misc::back();
} else {
if (security::isSecureString($_GET['name'], 3)) {
if (core::$sql->numRows("select * from _Guild where Name='{$_GET['name']}'") == 0) {
echo "Guild with such name not found.";
} else {
$hGuildData = mssql_fetch_array(mssql_query("select * from _Guild where Name='{$_GET['name']}'"));
$hGuildMembers = core::$sql->exec("select * from _GuildMember where GuildID='{$hGuildData['ID']}' order by MemberClass asc,Contribution DESC,GuildWarKill DESC,CharLevel DESC,GP_Donation DESC");
/*
for guild Gold add those lines :
<td align='center'>Gold</td>
<td align='center'>$hGuildData[Gold]</td>
*/
echo "<table id='table-3' class='tborder' width='100%' border='0' cellpadding='0' cellspacing='0'>\r\n\t\t\t\t\t\t\t<td align='center'>Name</td>\r\n\t\t\t\t\t\t\t<td align='center'>{$hGuildData['Name']}</td><tr/>\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t<td align='center'>Level</td>\r\n\t\t\t\t\t\t\t<td align='center'>{$hGuildData['Lvl']}</td><tr/>\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t<td align='center'>Points</td>\r\n\t\t\t\t\t\t\t<td align='center'>{$hGuildData['GatheredSP']}</td><tr/>\r\n\t\t\t\t\t\t\t\r\n\t\t\t\t\t\t\t<td align='center'>Foundation</td>\r\n\t\t\t\t\t\t\t<td align='center'>{$hGuildData['FoundationDate']}</td><tr/>\r\n\t\t\t\t\t\t</table>\r\n\t\t\t\t\t\t<br/><br/>";
echo "<table id='table-3' class='tborder' width='100%' border='0' cellpadding='0' cellspacing='0'>\r\n\t\t\t\t\t\t\t\t<td width='5%' align='center' class='thead'>Rank</td>\r\n\t\t\t\t\t\t\t\t<td width='5%' align='center' class='thead'>Race</td>\r\n\t\t\t\t\t\t\t\t<td width='15%' align='center' class='thead'>Charname</td>\r\n\t\t\t\t\t\t\t\t<td width='15%' align='center' class='thead'>Nick</td>\r\n\t\t\t\t\t\t\t\t<td width='10%' align='center' class='thead'>Level</td>\r\n\t\t\t\t\t\t\t\t<td width='15%' align='center' class='thead'>Donation</td>\r\n\t\t\t\t\t\t\t\t<td width='15%' align='center' class='thead'>Guild War Kills</td>\r\n\t\t\t\t\t\t\t\t<td width='15%' align='center' class='thead'>Guild War Killed</td>\r\n\t\t\t\t\t\t\t\t<td width='15%' align='center' class='thead'>Type</td><tr/>\r\n\t\t\t\t\t\t\t\t";
$n = 1;
while ($row = mssql_fetch_array($hGuildMembers)) {
$cName = char::charnameByCharID($row['CharID']);
