* [~] Optimized SQL-queries
* @version 1.2 - Security checked for SQL-injection by Gorlum for http://supernova.ws
* @version 1.1 - (c) Copyright by Gorlum for http://supernova.ws
* @version 1.0 - copyright 2008 by Chlorel for XNova
*
*/
define('INSIDE', true);
define('INSTALL', false);
define('IN_ADMIN', true);
require '../common.' . substr(strrchr(__FILE__, '.'), 1);
if ($user['authlevel'] < 1) {
AdminMessage($lang['adm_err_denied']);
}
$mode = sys_get_param_str('mode', 'banit');
$name_unsafe = sys_get_param_str_unsafe('name');
$name_output = sys_safe_output($name_unsafe);
$action = sys_get_param_str('action');
$player_banned_row = db_user_by_username($name_unsafe);
if ($mode == 'banit' && $action) {
if ($player_banned_row) {
$reas = $_POST['why'];
$days = $_POST['days'];
$hour = $_POST['hour'];
$mins = $_POST['mins'];
$secs = $_POST['secs'];
// $isVacation = $_POST['isVacation'];
$BanTime = $days * 86400;
$BanTime += $hour * 3600;
$BanTime += $mins * 60;
$BanTime += $secs;
// $BannedUntil = SN_TIME_NOW + $BanTime;
function sn_options_view($template = null)
{
global $lang, $template_result, $user, $planetrow, $user_option_list, $user_option_types, $sn_message_class_list, $config;
sys_user_vacation($user);
$FMT_DATE = preg_replace(array('/d/', '/m/', '/Y/'), array('DD', 'MM', 'YYYY'), FMT_DATE);
$template = gettemplate('options', $template);
// $template_result['.']['skin_list'][] = array(
// 'NAME' => $lang['select_skin_path'],
// 'VALUE' => '',
// );
$dir = dir(SN_ROOT_PHYSICAL . 'skins');
while (($entry = $dir->read()) !== false) {
if (is_dir("skins/{$entry}") && $entry[0] != '.') {
$template_result['.']['skin_list'][] = array('VALUE' => $entry, 'NAME' => $entry, 'SELECTED' => $user['dpath'] == "skins/{$entry}/");
}
}
$dir->close();
foreach ($lang['opt_planet_sort_options'] as $key => &$value) {
$template_result['.']['planet_sort_options'][] = array('VALUE' => $key, 'NAME' => $value, 'SELECTED' => classSupernova::$user_options[PLAYER_OPTION_PLANET_SORT] == $key);
}
/*
foreach($lang['opt_planet_sort_ascending'] as $key => &$value) {
$template_result['.']['planet_sort_ascending'][] = array(
'VALUE' => $key,
'NAME' => $value,
'SELECTED' => classSupernova::$user_options[PLAYER_OPTION_PLANET_SORT_INVERSE] == $key,
);
}
*/
foreach ($lang['sys_gender_list'] as $key => $value) {
$template_result['.']['gender_list'][] = array('VALUE' => $key, 'NAME' => $value, 'SELECTED' => $user['gender'] == $key);
}
$lang_list = lng_get_list();
foreach ($lang_list as $lang_id => $lang_data) {
$template_result['.']['languages'][] = array('VALUE' => $lang_id, 'NAME' => $lang_data['LANG_NAME_NATIVE'], 'SELECTED' => $lang_id == $user['lang']);
}
if (isset($lang['menu_customize_show_hide_button_state'])) {
foreach ($lang['menu_customize_show_hide_button_state'] as $key => $value) {
$template->assign_block_vars('menu_customize_show_hide_button_state', array('ID' => $key, 'NAME' => $value));
}
}
$str_date_format = "%3\$02d %2\$0s %1\$04d {$lang['top_of_year']} %4\$02d:%5\$02d:%6\$02d";
$time_now_parsed = getdate($user['deltime']);
$user_time_diff = playerTimeDiff::user_time_diff_get();
// $player_options = player_load_option($user);
$template->assign_vars(array('USER_ID' => $user['id'], 'ACCOUNT_NAME' => sys_safe_output(classSupernova::$auth->account->account_name), 'USER_AUTHLEVEL' => $user['authlevel'], 'menu_customize_show_hide_button' => classSupernova::$user_options[PLAYER_OPTION_MENU_HIDE_SHOW_BUTTON], 'PLAYER_OPTION_MENU_SHOW_ON_BUTTON' => classSupernova::$user_options[PLAYER_OPTION_MENU_SHOW_ON_BUTTON], 'PLAYER_OPTION_MENU_HIDE_ON_BUTTON' => classSupernova::$user_options[PLAYER_OPTION_MENU_HIDE_ON_BUTTON], 'PLAYER_OPTION_MENU_HIDE_ON_LEAVE' => classSupernova::$user_options[PLAYER_OPTION_MENU_HIDE_ON_LEAVE], 'PLAYER_OPTION_MENU_UNPIN_ABSOLUTE' => classSupernova::$user_options[PLAYER_OPTION_MENU_UNPIN_ABSOLUTE], 'PLAYER_OPTION_MENU_ITEMS_AS_BUTTONS' => classSupernova::$user_options[PLAYER_OPTION_MENU_ITEMS_AS_BUTTONS], 'PLAYER_OPTION_MENU_WHITE_TEXT' => classSupernova::$user_options[PLAYER_OPTION_MENU_WHITE_TEXT], 'PLAYER_OPTION_MENU_OLD' => classSupernova::$user_options[PLAYER_OPTION_MENU_OLD], 'PLAYER_OPTION_UNIVERSE_OLD' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_OLD], 'PLAYER_OPTION_UNIVERSE_DISABLE_COLONIZE' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_DISABLE_COLONIZE], 'PLAYER_OPTION_DESIGN_DISABLE_BORDERS' => classSupernova::$user_options[PLAYER_OPTION_DESIGN_DISABLE_BORDERS], 'PLAYER_OPTION_TECH_TREE_TABLE' => classSupernova::$user_options[PLAYER_OPTION_TECH_TREE_TABLE], 'sound_enabled' => classSupernova::$user_options[PLAYER_OPTION_SOUND_ENABLED], 'PLAYER_OPTION_ANIMATION_DISABLED' => classSupernova::$user_options[PLAYER_OPTION_ANIMATION_DISABLED], 'PLAYER_OPTION_PROGRESS_BARS_DISABLED' => classSupernova::$user_options[PLAYER_OPTION_PROGRESS_BARS_DISABLED], 'ADM_PROTECT_PLANETS' => $user['authlevel'] >= 3, 'opt_usern_data' => htmlspecialchars($user['username']), 'opt_mail1_data' => $user['email'], 'opt_mail2_data' => sys_safe_output(classSupernova::$auth->account->account_email), 'OPT_DPATH_DATA' => $user['dpath'], 'PLAYER_OPTION_PLANET_SORT_INVERSE' => classSupernova::$user_options[PLAYER_OPTION_PLANET_SORT_INVERSE], 'PLAYER_OPTION_FLEET_SPY_DEFAULT' => classSupernova::$user_options[PLAYER_OPTION_FLEET_SPY_DEFAULT], 'PLAYER_OPTION_TOOLTIP_DELAY' => classSupernova::$user_options[PLAYER_OPTION_TOOLTIP_DELAY], 'PLAYER_OPTION_BUILD_AUTOCONVERT_HIDE' => classSupernova::$user_options[PLAYER_OPTION_BUILD_AUTOCONVERT_HIDE], 'PLAYER_OPTION_NAVBAR_RESEARCH_WIDE' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_RESEARCH_WIDE], 'PLAYER_OPTION_NAVBAR_DISABLE_EXPEDITIONS' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_DISABLE_EXPEDITIONS], 'PLAYER_OPTION_NAVBAR_DISABLE_FLYING_FLEETS' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_DISABLE_FLYING_FLEETS], 'PLAYER_OPTION_NAVBAR_DISABLE_RESEARCH' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_DISABLE_RESEARCH], 'PLAYER_OPTION_NAVBAR_DISABLE_PLANET' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_DISABLE_PLANET], 'PLAYER_OPTION_NAVBAR_DISABLE_HANGAR' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_DISABLE_HANGAR], 'PLAYER_OPTION_NAVBAR_DISABLE_QUESTS' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_DISABLE_QUESTS], 'PLAYER_OPTION_NAVBAR_DISABLE_META_MATTER' => classSupernova::$user_options[PLAYER_OPTION_NAVBAR_DISABLE_META_MATTER], 'opt_sskin_data' => $user['design'] == 1 ? " checked='checked'" : '', 'opt_noipc_data' => $user['noipcheck'] == 1 ? " checked='checked'" : '', 'deltime' => $user['deltime'], 'deltime_text' => sprintf($str_date_format, $time_now_parsed['year'], $lang['months'][$time_now_parsed['mon']], $time_now_parsed['mday'], $time_now_parsed['hours'], $time_now_parsed['minutes'], $time_now_parsed['seconds']), 'opt_avatar' => $user['avatar'], 'config_game_email_pm' => $config->game_email_pm, 'user_settings_esp' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_ICON_SPYING], 'user_settings_mis' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_ICON_MISSILE], 'user_settings_wri' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_ICON_PM], 'user_settings_statistics' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_ICON_STATS], 'user_settings_info' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_ICON_PROFILE], 'user_settings_bud' => classSupernova::$user_options[PLAYER_OPTION_UNIVERSE_ICON_BUDDY], 'user_time_diff_forced' => $user_time_diff[PLAYER_OPTION_TIME_DIFF_FORCED], 'adm_pl_prot' => $user['admin_protection'], 'user_birthday' => $user['user_birthday'], 'GENDER' => $user['gender'], 'GENDER_TEXT' => $lang['sys_gender_list'][$user['gender']], 'FMT_DATE' => $FMT_DATE, 'JS_FMT_DATE' => js_safe_string($FMT_DATE), 'USER_VACATION_DISABLE' => $config->user_vacation_disable, 'VACATION_NEXT' => $user['vacation_next'], 'VACATION_NEXT_TEXT' => date(FMT_DATE_TIME, $user['vacation_next']), 'VACATION_TIMEOUT' => $user['vacation_next'] - SN_TIME_NOW > 0 ? $user['vacation_next'] - SN_TIME_NOW : 0, 'SN_TIME_NOW' => SN_TIME_NOW, 'SERVER_SEND_EMAIL' => $config->game_email_pm, 'SERVER_NAME_CHANGE' => $config->game_user_changename != SERVER_PLAYER_NAME_CHANGE_NONE, 'SERVER_NAME_CHANGE_PAY' => $config->game_user_changename == SERVER_PLAYER_NAME_CHANGE_PAY, 'SERVER_NAME_CHANGE_ENABLED' => $config->game_user_changename == SERVER_PLAYER_NAME_CHANGE_FREE || $config->game_user_changename == SERVER_PLAYER_NAME_CHANGE_PAY && mrc_get_level($user, $planetrow, RES_DARK_MATTER) >= $config->game_user_changename_cost, 'DARK_MATTER' => pretty_number($config->game_user_changename_cost, true, mrc_get_level($user, $planetrow, RES_DARK_MATTER)), 'PAGE_HEADER' => $lang['opt_header']));
foreach ($user_option_list as $option_group_id => $option_group) {
if ($option_group_id == OPT_MESSAGE) {
foreach ($sn_message_class_list as $message_class_id => $message_class_data) {
if ($message_class_data['switchable'] || $message_class_data['email'] && $config->game_email_pm) {
$option_name = $message_class_data['name'];
$template->assign_block_vars("options_{$option_group_id}", array('NAME' => $message_class_data['name'], 'TEXT' => $lang['msg_class'][$message_class_id], 'PM' => $message_class_data['switchable'] ? $user["opt_{$option_name}"] : -1, 'EMAIL' => $message_class_data['email'] && $config->game_email_pm ? $user["opt_email_{$option_name}"] : -1));
}
}
} else {
foreach ($option_group as $option_name => $option_value) {
if (array_key_exists($option_name, $user_option_types)) {
$option_type = $user_option_types[$option_name];
} else {
$option_type = 'switch';
}
$template->assign_block_vars("options_{$option_group_id}", array('NAME' => $option_name, 'TYPE' => $option_type, 'TEXT' => $lang['opt_custom'][$option_name], 'HINT' => $lang['opt_custom']["{$option_name}_hint"], 'VALUE' => $user[$option_name]));
}
}
}
return parsetemplate($template);
}
}
$uni_row = doquery("select * from `{{universe}}` where `universe_galaxy` = {$uni_galaxy} and `universe_system` = {$uni_system} limit 1;", '', true);
$uni_row['universe_price'] += $uni_system ? $config->uni_price_system : $config->uni_price_galaxy;
$uni_row['universe_name'] = strip_tags($uni_row['universe_name'] ? $uni_row['universe_name'] : ($uni_system ? "{$lang['sys_system']} [{$uni_galaxy}:{$uni_system}]" : "{$lang['sys_galaxy']} {$uni_galaxy}"));
if (sys_get_param_str('uni_name_submit')) {
$uni_row['universe_name'] = strip_tags(sys_get_param_str('uni_name'));
$uni_price = sys_get_param_float('uni_price');
if ($uni_price < $uni_row['universe_price']) {
throw new exception($lang['uni_msg_error_low_price'], ERR_ERROR);
}
$uni_row['universe_price'] = $uni_price;
sn_db_transaction_start();
$user = db_user_by_id($user['id'], true);
// if($user[get_unit_param(RES_DARK_MATTER, P_NAME)] < $uni_price)
if (mrc_get_level($user, null, RES_DARK_MATTER) < $uni_price) {
throw new exception($lang['uni_msg_error_no_dm'], ERR_ERROR);
}
if (!rpg_points_change($user['id'], RPG_RENAME, -$uni_price, "Renaming [{$uni_galaxy}:{$uni_system}] to " . sys_get_param_str_unsafe('uni_name'))) {
throw new exception($lang['sys_msg_err_update_dm'], ERR_ERROR);
}
doquery("replace {{universe}} set `universe_galaxy` = {$uni_galaxy}, `universe_system` = {$uni_system}, `universe_name` = '{$uni_row['universe_name']}', `universe_price` = {$uni_row['universe_price']};");
$debug->warning(sprintf($lang['uni_msg_admin_rename'], $user['id'], $user['username'], $uni_price, $uni_system ? $lang['uni_system_of'] : $lang['uni_galaxy_of'], $uni_galaxy, $uni_system ? ":{$uni_system}" : '', strip_tags(sys_get_param_str_unsafe('uni_name'))), $lang['uni_naming'], LOG_INFO_UNI_RENAME);
sn_db_transaction_commit();
sys_redirect("galaxy.php?mode=name&galaxy={$uni_galaxy}&system={$uni_system}");
}
} catch (exception $e) {
sn_db_transaction_rollback();
$template->assign_block_vars('result', array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage()));
}
$template->assign_vars(array('GALAXY' => $uni_galaxy, 'SYSTEM' => $uni_system, 'NAME' => sys_safe_output($uni_row['universe_name']), 'PRICE' => $uni_row['universe_price'], 'PAGE_HINT' => $lang['uni_name_page_hint']));
display($template, $lang['sys_universe'] . ' - ' . $lang['uni_naming'], true, '', false);
function sn_player_nick_render_array_to_html($nick_array, &$result)
{
global $config, $user;
// ALL STRING ARE UNSAFE!!!
if (isset($nick_array[NICK_BIRTHSDAY])) {
$result[NICK_BIRTHSDAY] = '<img src="design/images/birthday.png" />';
}
if (isset($nick_array[NICK_VACATION])) {
$result[NICK_VACATION] = '<img src="design/images/icon_vacation.png" />';
}
if (isset($nick_array[NICK_GENDER])) {
$result[NICK_GENDER] = '<img src="' . ($user['dpath'] ? $user['dpath'] : DEFAULT_SKINPATH) . 'images/gender_' . $nick_array[NICK_GENDER] . '.png" />';
}
if (isset($nick_array[NICK_AUTH_LEVEL]) || isset($nick_array[NICK_PREMIUM])) {
switch ($nick_array[NICK_AUTH_LEVEL]) {
case 4:
$highlight = $config->chat_highlight_developer;
break;
case 3:
$highlight = $config->chat_highlight_admin;
break;
case 2:
$highlight = $config->chat_highlight_operator;
break;
case 1:
$highlight = $config->chat_highlight_moderator;
break;
default:
$highlight = isset($nick_array[NICK_PREMIUM]) ? $config->chat_highlight_premium : '';
}
if ($highlight) {
list($result[NICK_HIGHLIGHT], $result[NICK_HIGHLIGHT_END]) = explode('$1', $highlight);
}
// $result = preg_replace("#(.+)#", $highlight, $result);
}
if (isset($nick_array[NICK_CLASS])) {
$result[NICK_CLASS] = '<span ' . $nick_array[NICK_CLASS] . '>';
$result[NICK_CLASS_END] = '</span>';
}
$result[NICK_NICK] = sys_safe_output($nick_array[NICK_NICK]);
if (isset($nick_array[NICK_ALLY])) {
$result[NICK_ALLY] = '[' . sys_safe_output($nick_array[NICK_ALLY]) . ']';
}
$result[NICK_HTML] = true;
return $result;
}
public function player_register_view($template = null)
{
global $template_result, $lang;
define('LOGIN_LOGOUT', true);
$template_result[F_PLAYER_REGISTER_MESSAGE] = isset($template_result[F_PLAYER_REGISTER_MESSAGE]) && $template_result[F_PLAYER_REGISTER_MESSAGE] ? $template_result[F_PLAYER_REGISTER_MESSAGE] : ($this->register_status != LOGIN_UNDEFINED ? $lang['sys_login_messages'][$this->register_status] : false);
if ($this->register_status == LOGIN_ERROR_USERNAME_RESTRICTED_CHARACTERS) {
$prohibited_characters = array_map(function ($value) {
return "'" . htmlentities($value, ENT_QUOTES, 'UTF-8') . "'";
}, str_split(LOGIN_REGISTER_CHARACTERS_PROHIBITED));
$template_result[F_PLAYER_REGISTER_MESSAGE] .= implode(', ', $prohibited_characters);
}
// pdump('view');
// die('view');
$template_result = array_merge($template_result, array('NAVBAR' => false, 'PLAYER_SUGGESTED_NAME' => sys_safe_output($this->player_suggested_name), 'PARTNER_ID' => sys_safe_output($this->partner_id), 'SERVER_NAME' => sys_safe_output($this->server_name), 'PLAYER_REGISTER_STATUS' => $this->register_status, 'PLAYER_REGISTER_MESSAGE' => $template_result[F_PLAYER_REGISTER_MESSAGE], 'LOGIN_UNDEFINED' => LOGIN_UNDEFINED));
$template = gettemplate('login_player_register', $template);
return $template;
}
function sn_sec_login_register($username_unsafe, $password_raw, $email_unsafe, $language, $remember_me = 1, &$result)
{
global $lang, $config;
sn_db_transaction_start();
try {
if ($config->game_mode == GAME_BLITZ) {
throw new exception(REGISTER_ERROR_USERNAME_WRONG, ERR_ERROR);
}
if (!$username_unsafe) {
throw new exception(REGISTER_ERROR_USERNAME_WRONG, ERR_ERROR);
}
$username_safe = db_escape($username_unsafe);
$db_check = doquery("SELECT `player_id` FROM {{player_name_history}} WHERE `player_name` = '{$username_safe}' LIMIT 1;", true);
if (!empty($db_check)) {
throw new exception(REGISTER_ERROR_USERNAME_EXISTS, ERR_ERROR);
}
if (strlen(trim($password_raw)) < 4 || strlen(trim($password_raw)) != strlen($password_raw)) {
throw new exception(REGISTER_ERROR_PASSWORD_INSECURE, ERR_ERROR);
}
$password_raw = trim($password_raw);
// $password_repeat_raw = trim(sys_get_param('password_repeat'));
// if($password_raw <> $password_repeat_raw) {
// throw new exception(REGISTER_ERROR_PASSWORD_DIFFERENT, ERR_ERROR);
// }
if (db_user_by_email($email_unsafe, true)) {
throw new exception(REGISTER_ERROR_EMAIL_EXISTS, ERR_ERROR);
}
player_create($username_unsafe, $password_raw, $email_unsafe, array('partner_id' => $partner_id = sys_get_param_int('id_ref', sys_get_param_int('partner_id')), 'language_iso' => $language, 'remember_me' => $remember_me));
sn_db_transaction_commit();
$email_message = sprintf($lang['log_reg_email_text'], $config->game_name, SN_ROOT_VIRTUAL, sys_safe_output($username_unsafe), sys_safe_output($password_raw));
@mymail($email_unsafe, sprintf($lang['log_reg_email_title'], $config->game_name), $email_message);
// sec_set_cookie_by_fields($user['id'], $user['username'], $user['password'], $remember_me);
$result = REGISTER_SUCCESS;
} catch (exception $e) {
sn_db_transaction_rollback();
$result = $e->getMessage();
}
return $result;
}