if ($char->online) { $session->setMessageData("Cannot change {$char->name}'s slot. He/she is currenty online."); $this->redirect(); } if (count($_POST)) { if (!$params->get('changeslot')) { $this->deny(); } $slot = (int) $params->get('slot'); if ($slot > $server->maxCharSlots) { $errorMessage = "Slot number must not be greater than {$server->maxCharSlots}."; } elseif ($slot < 1) { $errorMessage = 'Slot number must be a number greater than zero.'; } elseif ($slot === (int) $char->char_num + 1) { $errorMessage = 'Please choose a different slot.'; } elseif (!Flux_Security::csrfValidate('SlotEdit', $_POST, $error)) { $errorMessage = $error; } else { $sql = "SELECT char_id, name, online FROM {$server->charMapDatabase}.`char` AS ch "; $sql .= "WHERE account_id = ? AND char_num = ? AND char_id != ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($char->account_id, $slot - 1, $charID)); $otherChar = $sth->fetch(); if ($otherChar) { if ($otherChar->online) { $errorMessage = "{$otherChar->name} is using that slot, and is currently online."; } else { $sql = "UPDATE {$server->charMapDatabase}.`char` SET `char`.char_num = ?"; $sql .= "WHERE `char`.char_id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($char->char_num, $otherChar->char_id));
} $this->loginRequired(); $title = Flux::message('MailerTitle'); $preview = ''; if (count($_POST)) { $prev = (bool) $params->get('_preview'); $to = trim($params->get('to')); $subject = trim($params->get('subject')); $body = trim($params->get('body')); if (!$to) { $errorMessage = Flux::message('MailerEnterToAddress'); } elseif (!$subject) { $errorMessage = Flux::message('MailerEnterSubject'); } elseif (!$body) { $errorMessage = Flux::message('MailerEnterBodyText'); } elseif (!Flux_Security::csrfValidate('Mailer', $_POST, $error)) { $errorMessage = $error; } if (empty($errorMessage)) { if ($prev) { require_once 'markdown/markdown.php'; $preview = Markdown($body); } else { require_once 'Flux/Mailer.php'; $mail = new Flux_Mailer(); $opts = array('_ignoreTemplate' => true, '_useMarkdown' => true); if ($mail->send($to, $subject, $body, $opts)) { $session->setMessageData(sprintf(Flux::message('MailerEmailHasBeenSent'), $to)); $this->redirect(); } else { $errorMessage = Flux::message('MailerFailedToSend');
$info = trim($params->get('info')); $image = $files->get('image'); $useExisting = (int) $params->get('use_existing'); if (!$cost) { $errorMessage = 'Você deve colocar um custo de crédito maior que zero.'; } elseif ($cost > $maxCost) { $errorMessage = "O custo do item não pode exceder {$maxCost}."; } elseif (!$quantity) { $errorMessage = 'Você deve colocar uma quantidade maior que zero.'; } elseif ($quantity > 1 && !$stackable) { $errorMessage = 'Este item não é acumulável. Quantidade deve ser 1.'; } elseif ($quantity > $maxQty) { $errorMessage = "A quantidade máxima não pode exceder {$maxQty}."; } elseif (!$info) { $errorMessage = 'Você deve colocar alguma informação sobre o item.'; } elseif (!Flux_Security::csrfValidate('ItemShopEdit', $_POST, $error)) { $errorMessage = $error; } else { if ($shop->edit($shopItemID, $category, $cost, $quantity, $info, $useExisting)) { if ($image && $image->get('size') && !$shop->uploadShopItemImage($shopItemID, $image)) { $errorMessage = 'Falha ao fazer upload da imagem.'; } else { $session->setMessageData('Item foi modificado com sucesso.'); $this->redirect($this->url('purchase')); } } else { $errorMessage = 'Falha ao modificar item.'; } } } if (empty($category)) {
$errorMessage = 'Weight must be a number.'; } elseif (!is_null($atk) && !ctype_digit($atk)) { $errorMessage = 'ATK must be a number.'; } elseif (!is_null($matk) && !ctype_digit($matk)) { $errorMessage = 'MATK must be a number.'; } elseif (!is_null($defense) && !ctype_digit($defense)) { $errorMessage = 'Defense must be a number.'; } elseif (!is_null($range) && !ctype_digit($range)) { $errorMessage = 'Range must be a number.'; } elseif (!is_null($weaponLevel) && !ctype_digit($weaponLevel)) { $errorMessage = 'Weapon level must be a number.'; } elseif (!is_null($equipLevelMin) && !ctype_digit($equipLevelMin)) { $errorMessage = 'Minimum equip level must be a number.'; } elseif (!is_null($equipLevelMax) && !ctype_digit($equipLevelMax)) { $errorMessage = 'Maximum equip level must be a number.'; } elseif (!Flux_Security::csrfValidate('ItemAdd', $_POST, $error)) { $errorMessage = $error; } else { if (empty($errorMessage) && is_array($equipLocs)) { $locs = Flux::getEquipLocationList(); foreach ($equipLocs as $bit) { if (!array_key_exists($bit, $locs)) { $errorMessage = 'Invalid equip location specified.'; $equipLocs = null; break; } } } if (empty($errorMessage) && is_array($equipUpper)) { $upper = Flux::getEquipUpperList(); foreach ($equipUpper as $bit) {
$errorMessage = sprintf(Flux::message('PasswordTooLong'), $passwordMinLength, Flux::config('MaxPasswordLength')); } elseif (!$confirmNewPassword) { $errorMessage = Flux::message('ConfirmNewPassword'); } elseif ($newPassword != $confirmNewPassword) { $errorMessage = Flux::message('PasswordsDoNotMatch'); } elseif ($newPassword == $currentPassword) { $errorMessage = Flux::message('NewPasswordSameAsOld'); } elseif (Flux::config('PasswordMinUpper') > 0 && preg_match_all('/[A-Z]/', $newPassword, $matches) < $passwordMinUpper) { $errorMessage = sprintf(Flux::message('NewPasswordNeedUpper'), $passwordMinUpper); } elseif (Flux::config('PasswordMinLower') > 0 && preg_match_all('/[a-z]/', $newPassword, $matches) < $passwordMinLower) { $errorMessage = sprintf(Flux::message('NewPasswordNeedLower'), $passwordMinLower); } elseif (Flux::config('PasswordMinNumber') > 0 && preg_match_all('/[0-9]/', $newPassword, $matches) < $passwordMinNumber) { $errorMessage = sprintf(Flux::message('NewPasswordNeedNumber'), $passwordMinNumber); } elseif (Flux::config('PasswordMinSymbol') > 0 && preg_match_all('/[^A-Za-z0-9]/', $newPassword, $matches) < $passwordMinSymbol) { $errorMessage = sprintf(Flux::message('NewPasswordNeedSymbol'), $passwordMinSymbol); } elseif (!Flux_Security::csrfValidate('PasswordEdit', $_POST, $error)) { $errorMessage = $error; } else { $sql = "SELECT user_pass AS currentPassword FROM {$server->loginDatabase}.login WHERE account_id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($session->account->account_id)); $account = $sth->fetch(); $useMD5 = $session->loginServer->config->getUseMD5(); $currentPassword = $useMD5 ? Flux::hashPassword($currentPassword) : $currentPassword; $newPassword = $useMD5 ? Flux::hashPassword($newPassword) : $newPassword; if ($currentPassword != $account->currentPassword) { $errorMessage = Flux::message('OldPasswordInvalid'); } else { $sql = "UPDATE {$server->loginDatabase}.login SET user_pass = ? WHERE account_id = ?"; $sth = $server->connection->getStatement($sql); if ($sth->execute(array($newPassword, $session->account->account_id))) {
} if (count($_POST)) { if (!$hasNecessaryFunds || !$params->get('changegender')) { $this->deny(); } $classes = array(); foreach ($session->loginAthenaGroup->athenaServers as $athenaServer) { $sql = "SELECT COUNT(1) AS num FROM {$athenaServer->charMapDatabase}.`char` WHERE account_id = ? AND `class` IN (" . implode(',', array_fill(0, count($badJobs), '?')) . ")"; $sth = $athenaServer->connection->getStatement($sql); $sth->execute(array_merge(array($session->account->account_id), array_keys($badJobs))); if ($sth->fetch()->num) { $errorMessage = sprintf(Flux::message('GenderChangeBadChars'), implode(', ', array_values($badJobs))); break; } } if (empty($errorMessage) && !Flux_Security::csrfValidate('GenderEdit', $_POST, $error)) { $errorMessage = $error; } if (empty($errorMessage)) { $sex = $session->account->sex == 'M' ? 'F' : 'M'; $sql = "UPDATE {$server->loginDatabase}.login SET sex = ? WHERE account_id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($sex, $session->account->account_id)); $changeTimes = (int) $session->loginServer->getPref($session->account->account_id, 'NumberOfGenderChanges'); $session->loginServer->setPref($session->account->account_id, 'NumberOfGenderChanges', $changeTimes + 1); if ($cost && !$auth->allowedToAvoidSexChangeCost) { $session->loginServer->depositCredits($session->account->account_id, -$cost); $session->setMessageData(sprintf(Flux::message('GenderChanged'), $cost)); } else { $session->setMessageData(Flux::message('GenderChangedForFree')); }
if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(); $title = 'Área de Confirmação'; if ($server->cart->isEmpty()) { $session->setMessageData('Seu carrinho está vazio.'); $this->redirect($this->url('purchase')); } elseif (!$server->cart->hasFunds()) { $session->setMessageData('Você não tem saldo o suficiente para fazer essa transação!'); $this->redirect($this->url('purchase')); } $items = $server->cart->getCartItems(); if (count($_POST) && $params->get('process')) { if (!Flux_Security::csrfValidate('PurchaseCheckOut', $_POST, $error)) { $session->setMessageData($error); $this->redirect($this->url('purchase', 'checkout')); } $redeemTable = Flux::config('FluxTables.RedemptionTable'); $creditTable = Flux::config('FluxTables.CreditsTable'); $deduct = 0; $sql = "INSERT INTO {$server->charMapDatabase}.{$redeemTable} "; $sql .= "(nameid, quantity, cost, account_id, char_id, redeemed, redemption_date, purchase_date, credits_before, credits_after) "; $sql .= "VALUES (?, ?, ?, ?, NULL, 0, NULL, NOW(), ?, ?)"; $sth = $server->connection->getStatement($sql); $balance = $session->account->balance; foreach ($items as $item) { $creditsAfter = $balance - $item->shop_item_cost; $res = $sth->execute(array($item->shop_item_nameid, $item->shop_item_qty, $item->shop_item_cost, $session->account->account_id, $balance, $creditsAfter)); if ($res) {
<?php if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(); $shopItemID = $params->get('id'); if (!$shopItemID) { $this->deny(); } if (!Flux_Security::csrfValidate('Session', $_GET, $error)) { $session->setMessageData($error); $this->redirect($this->url('purchase')); } require_once 'Flux/ItemShop.php'; $shop = new Flux_ItemShop($server); $shop->deleteShopItemImage($shopItemID); $session->setMessageData('Shop item image has been deleted.'); $this->redirect($this->referer);
$list = $params->get('list'); if (!$auth->allowedToRemoveIpBan || !$list) { $this->deny(); } $sql = "SELECT list FROM {$server->loginDatabase}.ipbanlist "; $sql .= "WHERE rtime > NOW() AND list = ? LIMIT 1"; $sth = $server->connection->getStatement($sql); $sth->execute(array($list)); $ipban = $sth->fetch(); if (count($_POST)) { if (!$params->get('remipban')) { $this->deny(); } $reason = trim($params->get('reason')); if (!$list) { $errorMessage = Flux::message('IpbanEnterIpPattern'); } elseif (!preg_match('/^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|\\*)\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|\\*)\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|\\*)$/', $list, $m)) { $errorMessage = Flux::message('IpbanInvalidPattern'); } elseif (!$reason) { $errorMessage = Flux::message('IpbanEnterRemoveReason'); } elseif (!$ipban || !$ipban->list) { $errorMessage = sprintf(Flux::message('IpbanNotBanned'), $list); } elseif (!Flux_Security::csrfValidate('IPBanRemove', $_POST, $error)) { $errorMessage = $error; } elseif ($server->loginServer->removeIpBan($session->account->account_id, $reason, $list)) { $session->setMessageData(sprintf(Flux::message('IpbanPatternUnbanned'), $list)); $this->redirect($this->url('ipban')); } else { $errorMessage = Flux::message('IpbanRemoveFailed'); } }
<?php if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(); $title = Flux::message('TransferTitle'); if (count($_POST)) { if ($session->account->balance) { $credits = (int) $params->get('credits'); $charName = trim($params->get('char_name')); if (!$credits || $credits < 1) { $errorMessage = Flux::message('TransferGreaterThanOne'); } elseif (!$charName) { $errorMessage = Flux::message('TransferEnterCharName'); } elseif (!Flux_Security::csrfValidate('TransferCredit', $_POST, $error)) { $errorMessage = $error; } else { $res = $server->transferCredits($session->account->account_id, $charName, $credits); if ($res === -3) { $errorMessage = sprintf(Flux::message('TransferNoCharExists'), $charName); } elseif ($res === -2) { $errorMessage = Flux::message('TransferNoBalance'); } elseif ($res !== true) { $errorMessage = Flux::message('TransferUnexpectedError'); } else { $session->setMessageData(Flux::message('TransferSuccessful')); $this->redirect(); } } } else {
$this->loginRequired(); $charID = $params->get('id'); if (!$charID) { $this->deny(); } $char = $server->getCharacter($charID); if ($char) { if ($char->account_id != $session->account->account_id && !$auth->allowedToModifyCharPrefs) { $this->deny(); } $prefs = $server->getPrefs($charID, array('HideFromWhosOnline', 'HideMapFromWhosOnline', 'HideFromZenyRanking')); $hideFromWhosOnline = $prefs->get('HideFromWhosOnline'); $hideMapFromWhosOnline = $prefs->get('HideMapFromWhosOnline'); $hideFromZenyRanking = $prefs->get('HideFromZenyRanking'); if (count($_POST)) { if (!Flux_Security::csrfValidate('CharacterPreferences', $_POST, $error)) { $errorMessage = $error; } else { $set = array(); $set['HideFromWhosOnline'] = $params->get('hide_from_whos_online') ? 1 : null; $set['HideMapFromWhosOnline'] = $params->get('hide_map_from_whos_online') ? 1 : null; if ($auth->allowedToHideFromZenyRank) { $set['HideFromZenyRanking'] = $params->get('hide_from_zeny_ranking') ? 1 : null; } $res = $server->setPrefs($charID, $set); if ($res) { $session->setMessageData('Preferências foram modificadas.'); $this->redirect($this->urlWithQs); } else { $errorMessage = 'Falha ao modificar preferências.'; }
$partner = $server->getCharacter($char->partner_id); if (!$partner) { $session->setMessageData(Flux::message('DivorceInvalidPartner')); $this->redirect($this->referer); } $child = false; if ($char->child && !($child = $server->getCharacter($char->child))) { $session->setMessageData(Flux::message('DivorceInvalidChild')); $this->redirect($this->referer); } if ($char->online || $partner->online || !Flux::config('DivorceKeepChild') && $child && $child->online) { $session->setMessageData(sprintf(Flux::message(Flux::config('DivorceKeepChild') ? 'DivorceMustBeOffline' : 'DivorceMustBeOffline2'), $char->name)); $this->redirect($this->referer); } if (count($_POST) && $params->get('divorce')) { if (!Flux_Security::csrfValidate('Divorce', $_POST, $error)) { $session->setMessageData($error); $this->redirect($this->referer); } $sql = "UPDATE {$server->charMapDatabase}.`char` SET partner_id = 0 "; if (!Flux::config('DivorceKeepChild')) { $sql .= ", child = 0 "; } $sql .= "WHERE char_id IN (?, ?)"; $sth = $server->connection->getStatement($sql); $sth->execute(array($charID, $char->partner_id)); if (!Flux::config('DivorceKeepChild') && $child) { $sql = "UPDATE {$server->charMapDatabase}.`char` SET father = 0, mother = 0 WHERE char_id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($char->child)); }
<?php if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(); if (!count($_POST) || !$params->get('unban')) { $this->deny(); } if (!($unbanList = $params->get('unban_list')) instanceof Flux_Config || !count($unbanList = $unbanList->toArray())) { $session->setMessageData(Flux::message('IpbanNothingToUnban')); } elseif (!Flux_Security::csrfValidate('IPUnban', $_POST, $error)) { $session->setMessageData($error); } else { $reason = trim($params->get('reason')); if (!$reason) { $session->setMessageData(Flux::message('IpbanEnterUnbanReason')); } else { $didAllSucceed = true; $numFailed = 0; foreach ($unbanList as $unban) { if (!$server->loginServer->removeIpBan($session->account->account_id, $reason, $unban)) { $didAllSucceed = false; $numFailed++; } } if ($didAllSucceed) { $session->setMessageData(Flux::message('IpbanUnbanned')); } else { $session->setMessageData(sprintf(Flux::message('IpbanUnbanFailed'), $numFailed)); }