コード例 #1
0
ファイル: settings.php プロジェクト: divyinfo/SuperNova
 $config->game_mode = sys_get_param_int('game_mode');
 $config->game_speed = sys_get_param_float('game_speed', 1);
 $config->fleet_speed = sys_get_param_float('fleet_speed', 1);
 $config->resource_multiplier = sys_get_param_float('resource_multiplier', 1);
 $config->user_vacation_disable = sys_get_param_int('user_vacation_disable', 0);
 $config->url_faq = sys_get_param_str_unsafe('url_faq');
 $config->url_forum = sys_get_param_str_unsafe('url_forum');
 $config->url_rules = sys_get_param_str_unsafe('url_rules');
 $config->url_purchase_metamatter = sys_get_param_str_unsafe('url_purchase_metamatter');
 $config->game_disable = sys_get_param_int('game_disable');
 $config->game_disable_reason = sys_get_param_str_unsafe('game_disable_reason');
 $config->server_updater_check_auto = sys_get_param_int('server_updater_check_auto');
 $config->eco_scale_storage = sys_get_param_int('eco_scale_storage');
 $config->game_default_language = sys_get_param_str_unsafe('game_default_language', DEFAULT_LANG);
 $config->game_default_skin = sys_get_param_str_unsafe('game_default_skin', DEFAULT_SKINPATH);
 $config->game_default_template = sys_get_param_str_unsafe('game_default_template', TEMPLATE_NAME);
 $config->game_maxGalaxy = sys_get_param_int('game_maxGalaxy', 5);
 $config->game_maxSystem = sys_get_param_int('game_maxSystem', 199);
 $config->game_maxPlanet = sys_get_param_int('game_maxPlanet', 16);
 $config->player_max_colonies = sys_get_param_int('player_max_colonies', -1);
 $config->fleet_bashing_attacks = sys_get_param_int('fleet_bashing_attacks', 3);
 $config->fleet_bashing_interval = sys_get_param_int('fleet_bashing_interval', 30 * 60);
 $config->fleet_bashing_scope = sys_get_param_int('fleet_bashing_scope', 24 * 60 * 60);
 $config->fleet_bashing_war_delay = sys_get_param_int('fleet_bashing_war_delay', 12 * 60 * 60);
 $config->fleet_bashing_waves = sys_get_param_int('fleet_bashing_waves', 3);
 $config->allow_buffing = sys_get_param_int('allow_buffing');
 $config->ally_help_weak = sys_get_param_int('ally_help_weak');
 $config->game_email_pm = sys_get_param_int('game_email_pm');
 $config->rpg_exchange_metal = sys_get_param_int('rpg_exchange_metal', 1);
 $config->rpg_exchange_crystal = sys_get_param_int('rpg_exchange_crystal', 2);
 $config->rpg_exchange_deuterium = sys_get_param_int('rpg_exchange_deuterium', 4);
コード例 #2
0
ファイル: banned.php プロジェクト: divyinfo/SuperNova
 * @version 1.3  copyright (c) 2009 by Gorlum for http://supernova.ws
 *   [~] Optimized SQL-queries
 * @version 1.2 - Security checked for SQL-injection by Gorlum for http://supernova.ws
 * @version 1.1  - (c) Copyright by Gorlum for http://supernova.ws
 * @version 1.0  - copyright 2008 by Chlorel for XNova
 *
 */
define('INSIDE', true);
define('INSTALL', false);
define('IN_ADMIN', true);
require '../common.' . substr(strrchr(__FILE__, '.'), 1);
if ($user['authlevel'] < 1) {
    AdminMessage($lang['adm_err_denied']);
}
$mode = sys_get_param_str('mode', 'banit');
$name_unsafe = sys_get_param_str_unsafe('name');
$name_output = sys_safe_output($name_unsafe);
$action = sys_get_param_str('action');
$player_banned_row = db_user_by_username($name_unsafe);
if ($mode == 'banit' && $action) {
    if ($player_banned_row) {
        $reas = $_POST['why'];
        $days = $_POST['days'];
        $hour = $_POST['hour'];
        $mins = $_POST['mins'];
        $secs = $_POST['secs'];
        //    $isVacation = $_POST['isVacation'];
        $BanTime = $days * 86400;
        $BanTime += $hour * 3600;
        $BanTime += $mins * 60;
        $BanTime += $secs;
コード例 #3
0
ファイル: tools.php プロジェクト: hayalolsam/SuperNova
switch ($mode) {
    case ADM_TOOL_CONFIG_RELOAD:
        $config->db_loadAll();
        sys_refresh_tablelist($config->db_prefix);
        $config->db_loadItem('game_watchlist');
        if ($config->game_watchlist) {
            $config->game_watchlist_array = explode(';', $config->game_watchlist);
        } else {
            unset($config->game_watchlist_array);
        }
        break;
    case ADM_TOOL_MD5:
        $template = gettemplate("admin/md5enc", true);
        $password_seed = sys_get_param_str_unsafe('seed', SN_SYS_SEC_CHARS_ALLOWED);
        $password_length = sys_get_param_int('length', 16);
        $string = ($string = sys_get_param_str_unsafe('string')) ? $string : sys_random_string($password_length, $password_seed);
        $template->assign_vars(array('SEED' => $password_seed, 'LENGTH' => $password_length, 'STRING' => htmlentities($string), 'MD5' => md5($string)));
        display($template, $lang['adm_tools_md5_header'], false, '', true);
        break;
    case ADM_TOOL_FORCE_ALL:
        $config->db_saveItem('db_version', 0);
        require_once '../includes/update.php';
        break;
    case ADM_TOOL_FORCE_LAST:
        $config->db_saveItem('db_version', floor($config->db_version - 1));
        require_once '../includes/update.php';
        break;
    case ADM_TOOL_INFO_PHP:
        phpinfo();
        break;
    case ADM_TOOL_INFO_SQL:
コード例 #4
0
define('INSIDE', true);
define('INSTALL', false);
define('IN_ADMIN', true);
require '../common.' . substr(strrchr(__FILE__, '.'), 1);
if ($user['authlevel'] < 3) {
    AdminMessage($lang['adm_err_denied']);
}
$template = gettemplate('admin/planet_compensate', true);
$galaxy_src = sys_get_param_int('galaxy_src');
$system_src = sys_get_param_int('system_src');
$planet_src = sys_get_param_int('planet_src');
$galaxy_dst = sys_get_param_int('galaxy_dst');
$system_dst = sys_get_param_int('system_dst');
$planet_dst = sys_get_param_int('planet_dst');
$bonus = sys_get_param_float('bonus', 1);
$username_unsafe = sys_get_param_str_unsafe('username');
$username = sys_get_param_escaped('username');
if ($galaxy_src) {
    sn_db_transaction_start();
    $errors = array();
    $owner = db_user_by_username($username_unsafe, false, '*', true, true);
    $planet = sys_o_get_updated($owner, array('galaxy' => $galaxy_src, 'system' => $system_src, 'planet' => $planet_src, 'planet_type' => 1), SN_TIME_NOW);
    $que = $planet['que'];
    $planet = $planet['planet'];
    if (!$planet) {
        $errors[] = $lang['adm_pl_comp_err_0'];
    }
    if ($planet['destruyed']) {
        $errors[] = $lang['adm_pl_comp_err_1'];
    }
    if ($planet['id_owner'] != $owner['id'] || !$username) {
コード例 #5
0
ファイル: uni_rename.php プロジェクト: divyinfo/SuperNova
    }
    $uni_row = doquery("select * from `{{universe}}` where `universe_galaxy` = {$uni_galaxy} and `universe_system` = {$uni_system} limit 1;", '', true);
    $uni_row['universe_price'] += $uni_system ? $config->uni_price_system : $config->uni_price_galaxy;
    $uni_row['universe_name'] = strip_tags($uni_row['universe_name'] ? $uni_row['universe_name'] : ($uni_system ? "{$lang['sys_system']} [{$uni_galaxy}:{$uni_system}]" : "{$lang['sys_galaxy']} {$uni_galaxy}"));
    if (sys_get_param_str('uni_name_submit')) {
        $uni_row['universe_name'] = strip_tags(sys_get_param_str('uni_name'));
        $uni_price = sys_get_param_float('uni_price');
        if ($uni_price < $uni_row['universe_price']) {
            throw new exception($lang['uni_msg_error_low_price'], ERR_ERROR);
        }
        $uni_row['universe_price'] = $uni_price;
        sn_db_transaction_start();
        $user = db_user_by_id($user['id'], true);
        // if($user[get_unit_param(RES_DARK_MATTER, P_NAME)] < $uni_price)
        if (mrc_get_level($user, null, RES_DARK_MATTER) < $uni_price) {
            throw new exception($lang['uni_msg_error_no_dm'], ERR_ERROR);
        }
        if (!rpg_points_change($user['id'], RPG_RENAME, -$uni_price, "Renaming [{$uni_galaxy}:{$uni_system}] to " . sys_get_param_str_unsafe('uni_name'))) {
            throw new exception($lang['sys_msg_err_update_dm'], ERR_ERROR);
        }
        doquery("replace {{universe}} set `universe_galaxy` = {$uni_galaxy}, `universe_system` = {$uni_system}, `universe_name` = '{$uni_row['universe_name']}', `universe_price` = {$uni_row['universe_price']};");
        $debug->warning(sprintf($lang['uni_msg_admin_rename'], $user['id'], $user['username'], $uni_price, $uni_system ? $lang['uni_system_of'] : $lang['uni_galaxy_of'], $uni_galaxy, $uni_system ? ":{$uni_system}" : '', strip_tags(sys_get_param_str_unsafe('uni_name'))), $lang['uni_naming'], LOG_INFO_UNI_RENAME);
        sn_db_transaction_commit();
        sys_redirect("galaxy.php?mode=name&galaxy={$uni_galaxy}&system={$uni_system}");
    }
} catch (exception $e) {
    sn_db_transaction_rollback();
    $template->assign_block_vars('result', array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage()));
}
$template->assign_vars(array('GALAXY' => $uni_galaxy, 'SYSTEM' => $uni_system, 'NAME' => sys_safe_output($uni_row['universe_name']), 'PRICE' => $uni_row['universe_price'], 'PAGE_HINT' => $lang['uni_name_page_hint']));
display($template, $lang['sys_universe'] . ' - ' . $lang['uni_naming'], true, '', false);
コード例 #6
0
ファイル: options.php プロジェクト: divyinfo/SuperNova
function sn_options_model()
{
    global $user, $user_option_list, $lang, $template_result, $config;
    $language_new = sys_get_param_str('langer', $user['lang']);
    if ($language_new != $user['lang']) {
        $lang->lng_switch($language_new);
    }
    lng_include('options');
    lng_include('messages');
    $FMT_DATE = preg_replace(array('/d/', '/m/', '/Y/'), array('DD', 'MM', 'YYYY'), FMT_DATE);
    if (sys_get_param_str('mode') == 'change') {
        if ($user['authlevel'] > 0) {
            $planet_protection = sys_get_param_int('adm_pl_prot') ? $user['authlevel'] : 0;
            db_planet_set_by_owner($user['id'], "`id_level` = '{$planet_protection}'");
            db_user_set_by_id($user['id'], "`admin_protection` = '{$planet_protection}'");
            $user['admin_protection'] = $planet_protection;
        }
        if (sys_get_param_int('vacation') && !$config->user_vacation_disable) {
            sn_db_transaction_start();
            if ($user['authlevel'] < 3) {
                if ($user['vacation_next'] > SN_TIME_NOW) {
                    message($lang['opt_vacation_err_timeout'], $lang['Error'], 'index.php?page=options', 5);
                    die;
                }
                $is_building = doquery("SELECT * FROM `{{fleets}}` WHERE `fleet_owner` = '{$user['id']}' LIMIT 1;", true);
                if ($is_building) {
                    message($lang['opt_vacation_err_your_fleet'], $lang['Error'], 'index.php?page=options', 5);
                    die;
                }
                $que = que_get($user['id'], false);
                if (!empty($que)) {
                    message($lang['opt_vacation_err_que'], $lang['Error'], 'index.php?page=options', 5);
                    die;
                }
                $query = classSupernova::db_get_record_list(LOC_PLANET, "`id_owner` = {$user['id']}");
                foreach ($query as $planet) {
                    // $planet = sys_o_get_updated($user, $planet, SN_TIME_NOW);
                    // $planet = $planet['planet'];
                    db_planet_set_by_id($planet['id'], "last_update = " . SN_TIME_NOW . ", energy_used = '0', energy_max = '0',\n            metal_perhour = '{$config->metal_basic_income}', crystal_perhour = '{$config->crystal_basic_income}', deuterium_perhour = '{$config->deuterium_basic_income}',\n            metal_mine_porcent = '0', crystal_mine_porcent = '0', deuterium_sintetizer_porcent = '0', solar_plant_porcent = '0',\n            fusion_plant_porcent = '0', solar_satelit_porcent = '0', ship_sattelite_sloth_porcent = 0");
                }
                $user['vacation'] = SN_TIME_NOW + $config->player_vacation_time;
            } else {
                $user['vacation'] = SN_TIME_NOW;
            }
            sn_db_transaction_commit();
        }
        foreach ($user_option_list as $option_group_id => $option_group) {
            foreach ($option_group as $option_name => $option_value) {
                if ($user[$option_name] !== null) {
                    $user[$option_name] = sys_get_param_str($option_name);
                } else {
                    $user[$option_name] = $option_value;
                }
            }
        }
        $options = sys_user_options_pack($user);
        $player_options = sys_get_param('options');
        if (!empty($player_options)) {
            array_walk($player_options, function (&$value) {
                // TODO - Когда будет больше параметров - сделать больше проверок
                $value = intval($value);
            });
            classSupernova::$user_options->offsetSet($player_options);
            // pdump($player_options);die();
            //      player_save_option_array($user, $player_options);
        }
        $username = substr(sys_get_param_str_unsafe('username'), 0, 32);
        $username_safe = db_escape($username);
        if ($username && $user['username'] != $username && $config->game_user_changename != SERVER_PLAYER_NAME_CHANGE_NONE && sys_get_param_int('username_confirm') && !strpbrk($username, LOGIN_REGISTER_CHARACTERS_PROHIBITED)) {
            // проверка на корректность
            sn_db_transaction_start();
            $name_check = doquery("SELECT * FROM {{player_name_history}} WHERE `player_name` LIKE \"{$username_safe}\" LIMIT 1 FOR UPDATE;", true);
            if (!$name_check || $name_check['player_id'] == $user['id']) {
                $user = db_user_by_id($user['id'], true);
                switch ($config->game_user_changename) {
                    case SERVER_PLAYER_NAME_CHANGE_PAY:
                        if (mrc_get_level($user, $planetrow, RES_DARK_MATTER) < $config->game_user_changename_cost) {
                            $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_no_dm']);
                            break;
                        }
                        rpg_points_change($user['id'], RPG_NAME_CHANGE, -$config->game_user_changename_cost, sprintf('Пользователь ID %d сменил имя с "%s" на "%s"', $user['id'], $user['username'], $username));
                    case SERVER_PLAYER_NAME_CHANGE_FREE:
                        db_user_set_by_id($user['id'], "`username` = '{$username_safe}'");
                        doquery("REPLACE INTO {{player_name_history}} SET `player_id` = {$user['id']}, `player_name` = '{$username_safe}'");
                        // TODO: Change cookie to not force user relogin
                        // sn_setcookie(SN_COOKIE, '', time() - PERIOD_WEEK, SN_ROOT_RELATIVE);
                        $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_name_changed']);
                        $user['username'] = $username;
                        break;
                }
            } else {
                $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_used_name']);
            }
            sn_db_transaction_commit();
        }
        if ($new_password = sys_get_param('newpass1')) {
            try {
                if ($new_password != sys_get_param('newpass2')) {
                    throw new Exception($lang['opt_err_pass_unmatched'], ERR_WARNING);
                }
                if (!classSupernova::$auth->password_change(sys_get_param('db_password'), $new_password)) {
                    throw new Exception($lang['opt_err_pass_wrong'], ERR_WARNING);
                }
                throw new Exception($lang['opt_msg_pass_changed'], ERR_NONE);
            } catch (Exception $e) {
                $template_result['.']['result'][] = array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage());
            }
        }
        $user['email'] = sys_get_param_str('db_email');
        //    if(!$template_result[F_ACCOUNT]['account_email'] && ($email_2 = sys_get_param_str('db_email2'))) {
        //      core_auth::email_set($email_2);
        //    }
        $user['dpath'] = sys_get_param_str('dpath');
        $user['lang'] = sys_get_param_str('langer', $user['lang']);
        //    if($lang->lng_switch($user['lang'])) {
        //      lng_include('options');
        //      lng_include('messages');
        //    }
        $user['design'] = sys_get_param_int('design');
        $user['noipcheck'] = sys_get_param_int('noipcheck');
        // $user['spio_anz'] = sys_get_param_int('spio_anz');
        // $user['settings_fleetactions'] = sys_get_param_int('settings_fleetactions', 1);
        // $user['settings_tooltiptime'] = sys_get_param_int('settings_tooltiptime');
        // $user['settings_esp'] = sys_get_param_int('settings_esp');
        // $user['settings_wri'] = sys_get_param_int('settings_wri');
        // $user['settings_bud'] = sys_get_param_int('settings_bud');
        // $user['settings_mis'] = sys_get_param_int('settings_mis');
        // $user['settings_statistics'] = sys_get_param_int('settings_statistics');
        // $user['settings_info'] = sys_get_param_int('settings_info');
        // $user['settings_rep'] = sys_get_param_int('settings_rep');
        // $user['planet_sort']  = sys_get_param_int('settings_sort');
        // $user['planet_sort_order'] = sys_get_param_int('settings_order');
        $user['deltime'] = !sys_get_param_int('deltime') ? 0 : ($user['deltime'] ? $user['deltime'] : SN_TIME_NOW + $config->player_delete_time);
        $gender = sys_get_param_int('gender', $user['gender']);
        !isset($lang['sys_gender_list'][$gender]) ? $gender = $user['gender'] : false;
        $user['gender'] = $user['gender'] == GENDER_UNKNOWN ? $gender : $user['gender'];
        try {
            if ($user['birthday']) {
                throw new exception();
            }
            $user_birthday = sys_get_param_str_unsafe('user_birthday');
            if (!$user_birthday || $user_birthday == $FMT_DATE) {
                throw new exception();
            }
            // Some black magic to parse any valid date format - those that contains all three "d", "m" and "Y" and any of the delimeters "\", "/", ".", "-"
            $pos['d'] = strpos(FMT_DATE, 'd');
            $pos['m'] = strpos(FMT_DATE, 'm');
            $pos['Y'] = strpos(FMT_DATE, 'Y');
            asort($pos);
            $i = 0;
            foreach ($pos as &$position) {
                $position = ++$i;
            }
            $regexp = "/" . preg_replace(array('/\\\\/', '/\\//', '/\\./', '/\\-/', '/d/', '/m/', '/Y/'), array('\\\\\\', '\\/', '\\.', '\\-', '(\\d?\\d)', '(\\d?\\d)', '(\\d{4})'), FMT_DATE) . "/";
            if (!preg_match($regexp, $user_birthday, $match)) {
                throw new exception();
            }
            if (!checkdate($match[$pos['m']], $match[$pos['d']], $match[$pos['Y']])) {
                throw new exception();
            }
            $user['user_birthday'] = db_escape("{$match[$pos['Y']]}-{$match[$pos['m']]}-{$match[$pos['d']]}");
            // EOF black magic! Now we have valid SQL date in $user['user_birthday'] - independent of date format
            $year = date('Y', SN_TIME_NOW);
            if (mktime(0, 0, 0, $match[$pos['m']], $match[$pos['d']], $year) > SN_TIME_NOW) {
                $year--;
            }
            $user['user_birthday_celebrated'] = db_escape("{$year}-{$match[$pos['m']]}-{$match[$pos['d']]}");
            $user_birthday = ", `user_birthday` = '{$user['user_birthday']}', `user_birthday_celebrated` = '{$user['user_birthday_celebrated']}'";
        } catch (exception $e) {
            $user_birthday = '';
        }
        require_once 'includes/includes/sys_avatar.php';
        $avatar_upload_result = sys_avatar_upload($user['id'], $user['avatar']);
        $template_result['.']['result'][] = $avatar_upload_result;
        $user_time_diff = playerTimeDiff::user_time_diff_get();
        if (sys_get_param_int('PLAYER_OPTION_TIME_DIFF_FORCED')) {
            playerTimeDiff::user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => sys_get_param_int('PLAYER_OPTION_TIME_DIFF'), PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 1, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL));
        } elseif (sys_get_param_int('opt_time_diff_clear') || $user_time_diff[PLAYER_OPTION_TIME_DIFF_FORCED]) {
            playerTimeDiff::user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => '', PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 0, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL));
        }
        $user_options_safe = db_escape($user['options']);
        db_user_set_by_id($user['id'], "`email` = '{$user['email']}', `lang` = '{$user['lang']}', `avatar` = '{$user['avatar']}',\n      `dpath` = '{$user['dpath']}', `design` = '{$user['design']}', `noipcheck` = '{$user['noipcheck']}',\n      `deltime` = '{$user['deltime']}', `vacation` = '{$user['vacation']}', `options` = '{$user_options_safe}', `gender` = {$user['gender']}\n      {$user_birthday}");
        $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']);
    } elseif (sys_get_param_str('result') == 'ok') {
        $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']);
    }
    $user = db_user_by_id($user['id']);
    $options = sys_user_options_unpack($user);
}
コード例 #7
0
ファイル: buddy.php プロジェクト: divyinfo/SuperNova
                 sn_db_transaction_commit();
                 throw new exception('buddy_err_delete_own', ERR_NONE);
             } elseif ($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_WAITING) {
                 msg_send_simple_message($buddy_row['BUDDY_SENDER_ID'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_deny_title'], sprintf($lang['buddy_msg_deny_text'], $user['username']));
                 doquery("UPDATE {{buddy}} SET `BUDDY_STATUS` = " . BUDDY_REQUEST_DENIED . " WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;");
                 sn_db_transaction_commit();
                 throw new exception('buddy_err_deny_none', ERR_NONE);
             }
             break;
     }
 }
 // New request?
 // Checking for user ID - in case if it was request from outside buddy system
 if ($new_friend_id = sys_get_param_id('request_user_id')) {
     $new_friend_row = db_user_by_id($new_friend_id, true, '`id`, `username`');
 } elseif ($new_friend_name = sys_get_param_str_unsafe('request_user_name')) {
     $new_friend_row = db_user_by_username($new_friend_name, true, '`id`, `username`');
     $new_friend_name = db_escape($new_friend_name);
 }
 if ($new_friend_row['id'] == $user['id']) {
     unset($new_friend_row);
     throw new exception('buddy_err_adding_self', ERR_ERROR);
 }
 // Checking for user name & request text - in case if it was request to adding new request
 if (isset($new_friend_row['id']) && ($new_request_text = sys_get_param_str('request_text'))) {
     $check_relation = doquery("SELECT `BUDDY_ID` FROM {{buddy}} WHERE\n      (`BUDDY_SENDER_ID` = {$user['id']} AND `BUDDY_OWNER_ID` = {$new_friend_row['id']})\n      OR\n      (`BUDDY_SENDER_ID` = {$new_friend_row['id']} AND `BUDDY_OWNER_ID` = {$user['id']})\n      LIMIT 1 FOR UPDATE;", true);
     if (isset($check_relation['BUDDY_ID'])) {
         throw new exception('buddy_err_adding_exists', ERR_WARNING);
     }
     msg_send_simple_message($new_friend_row['id'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_adding_title'], sprintf($lang['buddy_msg_adding_text'], $user['username']));
     doquery($q = "INSERT INTO {{buddy}} SET `BUDDY_SENDER_ID` = {$user['id']}, `BUDDY_OWNER_ID` = {$new_friend_row['id']}, `BUDDY_REQUEST` = '{$new_request_text}';");
コード例 #8
0
ファイル: adm_metamatter.php プロジェクト: divyinfo/SuperNova
define('INSIDE', true);
define('INSTALL', false);
define('IN_ADMIN', true);
require '../common.' . substr(strrchr(__FILE__, '.'), 1);
if (!sn_module_get_active_count('payment')) {
    sys_redirect(SN_ROOT_VIRTUAL . 'admin/overview.php');
}
if ($user['authlevel'] < 3) {
    AdminMessage($lang['adm_err_denied']);
}
$template = gettemplate("admin/adm_metamatter", true);
$message = '';
$message_status = ERR_ERROR;
if ($points = sys_get_param_float('points')) {
    try {
        $username = sys_get_param_str_unsafe('id_user');
        if (empty($username)) {
            throw new Exception($lang['adm_mm_no_dest']);
        }
        $an_account = new Account(classSupernova::$auth->account->db);
        if (!$an_account->db_get_by_id($username) && !$an_account->db_get_by_name($username) && !$an_account->db_get_by_email($username)) {
            throw new Exception(sprintf($lang['adm_mm_user_none'], $username));
        }
        if (!$an_account->metamatter_change(RPG_ADMIN, $points, sprintf($lang['adm_matter_change_log_record'], $an_account->account_id, db_escape($an_account->account_name), $user['id'], db_escape($user['username']), db_escape(sys_get_param_str('reason'))))) {
            throw new Exception($lang['adm_mm_add_err']);
        }
        $message = sprintf($lang['adm_mm_user_added'], $an_account->account_name, $an_account->account_id, pretty_number($points));
        $isNoError = true;
        $message_status = ERR_NONE;
    } catch (Exception $e) {
        $message = $e->getMessage();
コード例 #9
0
ファイル: qst_quest.php プロジェクト: divyinfo/SuperNova
function qst_render_page()
{
    global $lang, $user, $template, $config;
    $user_id = sys_get_param_id('user_id', false);
    $mode = sys_get_param_str('mode');
    $quest_units_allowed = sn_get_groups(array('structures', 'tech', 'fleet', 'defense'));
    $quest_reward_allowed = sn_get_groups('quest_rewards');
    $in_admin = defined('IN_ADMIN') && IN_ADMIN === true;
    if ($in_admin) {
        $quest_id = sys_get_param_id('id');
        $quest_name = sys_get_param_str_unsafe('QUEST_NAME');
        if (!empty($quest_name)) {
            $quest_description = sys_get_param_str_unsafe('QUEST_DESCRIPTION');
            try {
                $quest_rewards_list = sys_get_param('QUEST_REWARDS_LIST');
                $quest_rewards = array();
                foreach ($quest_rewards_list as $quest_rewards_id => $quest_rewards_amount) {
                    if (!in_array($quest_rewards_id, $quest_reward_allowed)) {
                        throw new Exception($lang['qst_adm_err_reward_type']);
                    }
                    if ($quest_rewards_amount < 0) {
                        throw new Exception($lang['qst_adm_err_reward_amount']);
                    } elseif ($quest_rewards_amount > 0) {
                        $quest_rewards[] = "{$quest_rewards_id},{$quest_rewards_amount}";
                    }
                }
                if (empty($quest_rewards)) {
                    throw new Exception($lang['qst_adm_err_reward_empty']);
                }
                $quest_rewards = implode(';', $quest_rewards);
                $quest_unit_id = sys_get_param_int('QUEST_UNIT_ID');
                if (!in_array($quest_unit_id, $quest_units_allowed)) {
                    throw new Exception($lang['qst_adm_err_unit_id']);
                }
                $quest_unit_amount = sys_get_param_float('QUEST_UNIT_AMOUNT');
                if ($quest_unit_amount <= 0) {
                    throw new Exception($lang['qst_adm_err_unit_amount']);
                }
                $quest_conditions = "{$quest_unit_id},{$quest_unit_amount}";
                // TODO: Change quest type
                $quest_type = 0;
                if ($mode == 'edit') {
                    $quest_name = db_escape($quest_name);
                    $quest_description = db_escape($quest_description);
                    doquery("UPDATE {{quest}} SET\n              `quest_name` = '{$quest_name}',\n              `quest_type` = '{$quest_type}',\n              `quest_description` = '{$quest_description}',\n              `quest_conditions` = '{$quest_conditions}',\n              `quest_rewards` = '{$quest_rewards}'\n            WHERE `quest_id` = {$quest_id} LIMIT 1;");
                } else {
                    sn_db_perform('{{quest}}', array('quest_name' => $quest_name, 'quest_type' => $quest_type, 'quest_description' => $quest_description, 'quest_conditions' => $quest_conditions, 'quest_rewards' => $quest_rewards));
                }
                // TODO: Add mass mail for new quests
                /*
                if(sys_get_param_int('news_mass_mail'))
                {
                  msg_send_simple_message('*', 0, 0, MSG_TYPE_PLAYER, $lang['sys_administration'], $lang['news_title'], $text);
                }
                */
            } catch (Exception $e) {
                message($e->getMessage(), $lang['sys_error']);
            }
            $mode = '';
        }
        switch ($mode) {
            case 'del':
                doquery("DELETE FROM {{quest}} WHERE `quest_id` = {$quest_id} LIMIT 1;");
                $mode = '';
                break;
            case 'edit':
                $template->assign_var('QUEST_ID', $quest_id);
            case 'copy':
                $quest = doquery("SELECT * FROM {{quest}} WHERE `quest_id` = {$quest_id} LIMIT 1;", '', true);
                break;
        }
        $query = doquery("SELECT count(*) AS count FROM {{quest}};", '', true);
        $config->db_saveItem('quest_total', $query['count']);
    } elseif (!$user_id) {
        $user_id = $user['id'];
    }
    $quest_list = qst_get_quests($user_id);
    $template->assign_vars(array('AUTHLEVEL' => $user['authlevel'], 'TOTAL' => count($quest_list), 'mode' => $mode, 'USER_ID' => $user_id, 'IN_ADMIN' => $in_admin));
    if ($quest) {
        $quest_templatized = qst_templatize(qst_quest_parse($quest, false));
    } else {
        $quest_templatized['quest_rewards_list'] = array();
    }
    foreach ($quest_reward_allowed as $unit_id) {
        $found = false;
        foreach ($quest_templatized['quest_rewards_list'] as $quest_templatized_reward) {
            if ($quest_templatized_reward['ID'] == $unit_id) {
                $found = true;
                break;
            }
        }
        if (!$found) {
            $quest_templatized['quest_rewards_list'][$unit_id] = array('ID' => $unit_id, 'NAME' => $lang['tech'][$unit_id], 'AMOUNT' => 0);
        }
    }
    qst_assign_to_template($template, $quest_templatized);
    foreach ($quest_list as $quest_data) {
        qst_assign_to_template($template, qst_templatize($quest_data, true), 'quest');
    }
    foreach ($quest_units_allowed as $unit_id) {
        $template->assign_block_vars('allowed_unit', array('ID' => $unit_id, 'NAME' => $lang['tech'][$unit_id]));
    }
}
コード例 #10
0
ファイル: auth_local.php プロジェクト: divyinfo/SuperNova
 protected function prepare()
 {
     $this->input_login_unsafe = sys_get_param_str_unsafe('username', sys_get_param_str_unsafe('email'));
     // TODO переделать эту порнографию
     $this->is_login = sys_get_param('login') ? true : false;
     $this->is_register = sys_get_param('register') ? true : false;
     $this->is_password_reset = sys_get_param('password_reset') ? true : false;
     $this->is_password_reset_confirm = sys_get_param('password_reset_confirm') ? true : false;
     $this->remember_me = intval(sys_get_param_int('rememberme') || $this->is_register);
     $this->input_login_password_raw = sys_get_param('password');
     $this->input_login_password_raw_repeat = sys_get_param('password_repeat');
     $this->input_email_unsafe = sys_get_param_str_unsafe('email');
     $this->input_language_unsafe = sys_get_param_str_unsafe('lang', DEFAULT_LANG);
     $this->input_language_safe = sys_get_param_str('lang', DEFAULT_LANG);
 }
コード例 #11
0
ファイル: general.php プロジェクト: hayalolsam/SuperNova
function sys_get_param_phone($param_name, $default = '')
{
    $phone_raw = sys_get_param_str_unsafe($param_name, $default = '');
    if ($phone_raw) {
        $phone = $phone_raw[0] == '+' ? '+' : '';
        for ($i = 0; $i < strlen($phone_raw); $i++) {
            $ord = ord($phone_raw[$i]);
            if ($ord >= 48 && $ord <= 57) {
                $phone .= $phone_raw[$i];
            }
        }
        $phone = strlen($phone) < 11 ? '' : $phone;
    } else {
        $phone = '';
    }
    return array('raw' => $phone_raw, 'phone' => $phone);
}
コード例 #12
0
ファイル: core_auth.php プロジェクト: divyinfo/SuperNova
 public function player_register_model()
 {
     // TODO ВСЕГДА ПРЕДЛАГАТЬ РЕГАТЬ ИГРОКА ИЛИ ПОДКЛЮЧИТЬ ИМЕЮЩЕГОСЯ!
     // TODO в auth_local делать проверку БД на существование имени игрока в локальной БД - что бы избежать лишнего шага (см.выше)
     // TODO Хотя тут может получится вечный цикл - ПОДУМАТЬ
     // TODO Тут же можно пробовать провести попытку слияния аккаунтов - хотя это и очень небезопасно
     if (sys_get_param('login_player_register_logout')) {
         $this->logout();
     }
     $original_suggest = '';
     // Смотрим - есть ли у нас данные от пользователя
     if ($player_name_submitted = sys_get_param('submit_player_name')) {
         // Попытка регистрации нового игрока из данных, введенных пользователем
         $this->player_suggested_name = sys_get_param_str_unsafe('player_suggested_name');
     } else {
         foreach ($this->providers_authorised as $provider) {
             if ($this->player_suggested_name = $provider->player_name_suggest()) {
                 // OK 4.5
                 $original_suggest = $provider->player_name_suggest();
                 break;
             }
         }
     }
     // Если у нас провайдеры не дают имени и пользователь не дал свой вариант - это у нас первый логин в игру
     if (!$this->player_suggested_name) {
         $max_user_id = db_player_get_max_id();
         // 4.5
         // TODO - предлагать имя игрока по локали
         // Проверить наличие такого имени в истории имён
         do {
             sn_db_transaction_rollback();
             $this->player_suggested_name = 'Emperor ' . mt_rand($max_user_id + 1, $max_user_id + 1000);
             sn_db_transaction_start();
         } while (db_player_name_exists($this->player_suggested_name));
     }
     if ($player_name_submitted) {
         $this->register_player_db_create($this->player_suggested_name);
         // OK 4.5
         if ($this->register_status == LOGIN_SUCCESS) {
             sys_redirect(SN_ROOT_VIRTUAL . 'overview.php');
         } elseif ($this->register_status == REGISTER_ERROR_PLAYER_NAME_EXISTS && $original_suggest == $this->player_suggested_name) {
             // self::$player_suggested_name .= ' ' . $this->account->account_id;
         }
         //      if(self::$login_status != LOGIN_SUCCESS) {
         //        // TODO Ошибка при регистрации нового игрока под текущим именем
         //      }
     }
 }
コード例 #13
0
ファイル: sys_security.php プロジェクト: hayalolsam/SuperNova
function sec_login(&$result)
{
    sec_login_prepare($result);
    $username_unsafe = sys_get_param_str_unsafe('username');
    $password_raw = sys_get_param('password');
    $email_unsafe = sys_get_param_str_unsafe('email');
    // Проверяем регу
    if (sys_get_param('register')) {
        $password_repeat_raw = trim(sys_get_param('password_repeat'));
        $language = sys_get_param_str('lang', DEFAULT_LANG);
        if ($password_raw != $password_repeat_raw) {
            // throw new exception(REGISTER_ERROR_PASSWORD_DIFFERENT, ERR_ERROR);
            $result[F_LOGIN_STATUS] = REGISTER_ERROR_PASSWORD_DIFFERENT;
        } else {
            $result[F_LOGIN_STATUS] = sec_login_register($username_unsafe, $password_raw, $email_unsafe, $language, sys_get_param_int('rememberme'));
        }
    }
    // Если есть в параметрах логин и пароль...
    //  if($username_unsafe && $password_raw) {
    //    }
    if (sys_get_param('login') && in_array($result['status'], array(LOGIN_UNDEFINED, REGISTER_SUCCESS))) {
        $result[F_LOGIN_STATUS] = sec_login_username($username_unsafe, $password_raw, sys_get_param_int('rememberme'));
    } elseif (sys_get_param('confirm_code_send') && ($email_unsafe = sys_get_param_str_unsafe('email'))) {
        // TODO - test
        $result[F_LOGIN_STATUS] = sec_restore_password_send_email($email_unsafe);
    } elseif (sys_get_param('confirm_code_submit') && ($confirm_safe = sys_get_param_str('confirm'))) {
        // TODO - test
        sec_restore_password_confirm($confirm_safe, $result);
    }
    // Тут всякие логины по внешним плагинам
    //pdump($result, 'security');
    // В этой точке должен быть установлена кука СН - логинимся по ней
    if (in_array($result['status'], array(LOGIN_UNDEFINED, REGISTER_SUCCESS))) {
        sec_login_cookie($result);
    }
    // TODO -          ЗАМЕНИТЬ F_LOGIN_MESSAGE       на сообщения по   F_LOGIN_STATUS
    // return $result;
}
コード例 #14
0
ファイル: messages.php プロジェクト: divyinfo/SuperNova
         }
         if (empty($error_list)) {
             $error_list[] = array('MESSAGE' => $lang['msg_not_message_sent'], 'STATUS' => ERR_NONE);
             $user_safe_name = db_escape($user['username']);
             $recipient_name = db_escape($recipient_name);
             msg_send_simple_message($recipient_id, $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, "{$user_safe_name} [{$user['galaxy']}:{$user['system']}:{$user['planet']}]", $subject, $text, true);
             //$recipient_id = 0;
             //$recipient_name = '';
             //$subject = '';
             $text = '';
             $msg_sent = true;
         } else {
             $subject = sys_get_param_str_unsafe('subject');
             $text = sys_get_param_str_unsafe('text');
         }
         $recipient_name = sys_get_param_str_unsafe('recipient_name');
     }
     $subject = $subject ? $subject : $lang['msg_subject_default'];
     $template->assign_vars(array('RECIPIENT_ID' => $recipient_id, 'RECIPIENT_NAME' => htmlspecialchars($recipient_name), 'SUBJECT' => htmlspecialchars($subject), 'TEXT' => htmlspecialchars($text)));
     foreach ($error_list as $error_message) {
         $template->assign_block_vars('result', $error_message);
     }
     $message_query = doquery("SELECT * FROM {{messages}}\n        WHERE\n          `message_type` = '" . MSG_TYPE_PLAYER . "' AND\n          ((`message_owner` = '{$user['id']}' AND `message_sender` = '{$recipient_id}')\n          OR\n          (`message_sender` = '{$user['id']}' AND `message_owner` = '{$recipient_id}')) ORDER BY `message_time` DESC LIMIT 20;");
     while ($message_row = db_fetch($message_query)) {
         $template->assign_block_vars('messages', array('ID' => $message_row['message_id'], 'DATE' => date(FMT_DATE_TIME, $message_row['message_time'] + SN_CLIENT_TIME_DIFF), 'FROM' => htmlspecialchars($message_row['message_from']), 'SUBJ' => htmlspecialchars($message_row['message_subject']), 'TEXT' => in_array($message_row['message_type'], array(MSG_TYPE_PLAYER, MSG_TYPE_ALLIANCE)) && $message_row['message_sender'] ? nl2br(htmlspecialchars($message_row['message_text'])) : nl2br($message_row['message_text']), 'FROM_ID' => $message_row['message_sender']));
     }
     break;
 case 'delete':
     $query_add = '';
     $message_range = sys_get_param_str('message_range');
     switch ($message_range) {
コード例 #15
0
ファイル: art_artifact.php プロジェクト: divyinfo/SuperNova
function art_use(&$user, &$planetrow, $unit_id)
{
    global $lang;
    if (!in_array($unit_id, sn_get_groups('artifacts'))) {
        return;
    }
    sn_db_transaction_start();
    $user = db_user_by_id($user['id'], true);
    $unit_level = $artifact_level_old = mrc_get_level($user, array(), $unit_id, true);
    if ($unit_level > 0) {
        $db_changeset = array();
        switch ($unit_id) {
            case ART_LHC:
            case ART_HOOK_SMALL:
            case ART_HOOK_MEDIUM:
            case ART_HOOK_LARGE:
                $has_moon = db_planet_by_parent($planetrow['id'], true, '`id`');
                if ($planetrow['planet_type'] == PT_PLANET && !$has_moon['id']) {
                    $unit_level--;
                    $moon_chance = $unit_id == ART_LHC ? uni_calculate_moon_chance($planetrow['debris_metal'] + $planetrow['debris_crystal']) : ($unit_id == ART_HOOK_MEDIUM ? mt_rand(1100, 8999) : ($unit_id == ART_HOOK_SMALL ? 1100 : 8999));
                    $random = $unit_id == ART_LHC ? mt_rand(1, 100) : $moon_chance;
                    if ($random <= $moon_chance) {
                        $new_moon_row = uni_create_moon($planetrow['galaxy'], $planetrow['system'], $planetrow['planet'], $user['id'], $moon_chance);
                        $message = sprintf($lang['art_moon_create'][$unit_id], $new_moon_row['name'], uni_render_coordinates($planetrow), pretty_number($moon_chance));
                    } else {
                        $message = $lang['art_lhc_moon_fail'];
                    }
                    msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_ADMIN, $lang['art_lhc_from'], $lang['art_lhc_subj'], $message);
                } else {
                    $message = $lang['art_moon_exists'];
                }
                break;
            case ART_RCD_SMALL:
            case ART_RCD_MEDIUM:
            case ART_RCD_LARGE:
                $planetrow = db_planet_by_id($planetrow['id'], true);
                if ($planetrow['planet_type'] != PT_PLANET) {
                    $message = $lang['art_rcd_err_moon'];
                    break;
                }
                $que = que_get($user['id'], $planetrow['id'], QUE_STRUCTURES, false);
                if (!empty($que['items'])) {
                    $message = $lang['art_rcd_err_que'];
                    break;
                }
                $artifact_deploy = get_unit_param($unit_id, P_DEPLOY);
                // $deployment_str = '';
                $sectors_used = 0;
                foreach ($artifact_deploy as $deploy_unit_id => $deploy_unit_level) {
                    if (!($levels_deployed = max(0, $deploy_unit_level - mrc_get_level($user, $planetrow, $deploy_unit_id, true, true)))) {
                        continue;
                    }
                    $sectors_used += $levels_deployed;
                    $db_changeset['unit'][] = sn_db_unit_changeset_prepare($deploy_unit_id, $levels_deployed, $user, $planetrow['id']);
                    //$deploy_unit_name = get_unit_param($deploy_unit_id, P_NAME);
                    //$deployment_str .= ",`{$deploy_unit_name}` = GREATEST(`{$deploy_unit_name}`, {$deploy_unit_level})";
                }
                if ($sectors_used == 0) {
                    $message = $lang['art_rcd_err_no_sense'];
                    break;
                }
                $unit_level--;
                db_planet_set_by_id($planetrow['id'], "`field_current` = `field_current` + {$sectors_used}");
                $message = sprintf($lang['art_rcd_ok'], $lang['tech'][$unit_id], $planetrow['name'], uni_render_coordinates($planetrow));
                msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_QUE, $lang['art_rcd_subj'], $lang['art_rcd_subj'], $message);
                break;
            case ART_HEURISTIC_CHIP:
                $que_item = null;
                $que = que_get($user['id'], $planetrow['id'], QUE_RESEARCH, true);
                $current_que =& $que['ques'][QUE_RESEARCH][$user['id']][0];
                if (!empty($current_que)) {
                    reset($current_que);
                    $que_item =& $que['ques'][QUE_RESEARCH][$user['id']][0][key($current_que)];
                }
                if (!empty($que_item) && $que_item['que_time_left'] > 60) {
                    $unit_level--;
                    $old_time = $que_item['que_time_left'];
                    $que_item['que_time_left'] = $que_item['que_time_left'] > PERIOD_HOUR ? ceil($que_item['que_time_left'] / 2) : 0;
                    db_que_set_time_left_by_id($que_item['que_id'], $que_item['que_time_left']);
                    $message = sprintf($lang['art_heurestic_chip_ok'], $lang['tech'][$que_item['que_unit_id']], $que_item['que_unit_level'], sys_time_human($old_time - $que_item['que_time_left']));
                    msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_QUE, $lang['art_heurestic_chip_subj'], $lang['art_heurestic_chip_subj'], $message);
                } else {
                    $message = $lang['art_heurestic_chip_no_research'];
                }
                break;
            case ART_NANO_BUILDER:
                $planetrow = db_planet_by_id($planetrow['id'], true);
                $que_item = null;
                $que = que_get($user['id'], $planetrow['id'], QUE_STRUCTURES, true);
                $current_que =& $que['ques'][QUE_STRUCTURES][$user['id']][$planetrow['id']];
                // $que_item = &$que['que'][QUE_STRUCTURES][0];
                if (!empty($current_que)) {
                    reset($current_que);
                    $que_item =& $que['ques'][QUE_STRUCTURES][$user['id']][$planetrow['id']][key($current_que)];
                }
                if (isset($que_item) && $que_item['que_time_left'] > 60) {
                    $unit_level--;
                    $old_time = $que_item['que_time_left'];
                    $que_item['que_time_left'] = $que_item['que_time_left'] > PERIOD_HOUR ? ceil($que_item['que_time_left'] / 2) : 0;
                    db_que_set_time_left_by_id($que_item['que_id'], $que_item['que_time_left']);
                    $message = sprintf($lang['art_nano_builder_ok'], $que_item['que_unit_mode'] == BUILD_CREATE ? $lang['art_nano_builder_build'] : $lang['art_nano_builder_destroy'], $lang['tech'][$que_item['que_unit_id']], $que_item['que_unit_level'], $planetrow['name'], uni_render_coordinates($planetrow), sys_time_human($old_time - $que_item['que_time_left']));
                    msg_send_simple_message($user['id'], 0, 0, MSG_TYPE_QUE, $lang['art_nano_builder_subj'], $lang['art_nano_builder_subj'], $message);
                } else {
                    $message = $lang['art_nano_builder_no_que'];
                }
                break;
        }
        if ($unit_level != $artifact_level_old) {
            $db_changeset['unit'][] = sn_db_unit_changeset_prepare($unit_id, $unit_level - $artifact_level_old, $user);
            db_changeset_apply($db_changeset);
        }
    } else {
        $message = $lang['art_err_no_artifact'];
    }
    sn_db_transaction_commit();
    message($message, "{$lang['tech'][UNIT_ARTIFACTS]} - {$lang['tech'][$unit_id]}", ($request_uri = sys_get_param_str_unsafe('REQUEST_URI')) ? $request_uri : 'artifacts' . DOT_PHP_EX . '#' . $unit_id, 5);
}