MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with webDiplomacy. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @package GameMaster
*/
require_once 'header.php';
require_once l_r('gamemaster/game.php');
require_once l_r('gamemaster/misc.php');
if ($Misc->Panic) {
libHTML::notice(l_t('Game processing disabled'), l_t("Game processing has been temporarily disabled while we take care of an " . "unexpected problem. Please try again later, sorry for the inconvenience."));
}
if (!($User->type['Moderator'] or isset($_REQUEST['gameMasterSecret']) and $_REQUEST['gameMasterSecret'] == Config::$gameMasterSecret or isset($_REQUEST['gameMasterToken']) and libAuth::gamemasterToken_Valid($_REQUEST['gameMasterToken']))) {
libHTML::notice(l_t('Denied'), l_t('Only the cron script and moderators can run the gamemaster script.'));
}
if (isset($_REQUEST['gameMasterSecret']) && $User->type['User'] && !$User->type['Moderator'] && $Misc->LastProcessTime == 0) {
// The server has just been installed; make this user the admin now.
$DB->sql_put("UPDATE wD_Users SET type = CONCAT(type,',Moderator,Admin') WHERE id = " . $User->id);
$User->type['Moderator'] = $User->type['Admin'] = true;
$Misc->LastProcessTime = time();
$Misc->write();
libHTML::notice(l_t('Admin'), l_t("You have been made admin. Please continue with the install instructions in README.txt."));
}
libHTML::starthtml(l_t('GameMaster'));
print '<div class="content">';
$DB->sql_put("COMMIT");
// Unlock our user row, to prevent deadlocks below
// This means our $User object should only be used for reading from
public function likeMessageToggleLink($messageID, $fromUserID = -1)
{
if ($this->type['User'] && $this->id != $fromUserID && !in_array($messageID, $this->getLikeMessages())) {
return '<a id="likeMessageToggleLink' . $messageID . '"
href="#" title="' . l_t('Give a mark of approval for this post') . '" class="light likeMessageToggleLink" ' . 'onclick="likeMessageToggle(' . $this->id . ',' . $messageID . ',\'' . libAuth::likeToggleToken($this->id, $messageID) . '\'); ' . 'return false;">' . '+1</a>';
} else {
return '';
}
}
}
require_once l_r('lib/auth.php');
if (!defined('AJAX')) {
if (isset($_REQUEST['logoff'])) {
$success = libAuth::keyWipe();
$User = new User(GUESTID);
// Give him a guest $User
header('refresh: 4; url=logon.php?noRefresh=on');
libHTML::notice(l_t("Logged out"), l_t("You have been logged out, and are being redirected to the logon page."));
}
global $User;
$User = libAuth::auth();
if ($User->type['Admin']) {
Config::$debug = true;
if (isset($_REQUEST['auid']) || isset($_SESSION['auid'])) {
$User = libAuth::adminUserSwitch($User);
} else {
define('AdminUserSwitch', $User->id);
}
} elseif ($Misc->Maintenance) {
unset($DB);
// This lets libHTML know there's a problem
libHTML::error(Config::$serverMessages['Maintenance']);
}
}
// This gets called by libHTML::footer
function close()
{
global $DB, $Misc;
// This isn't put into the database destructor in case of dieing due to an error
if (is_object($DB)) {
if ($User->{$SQLName} == $DB->msg_escape($SQLVars[$SQLName])) {
continue;
}
}
if ($set != '') {
$set .= ', ';
}
$set .= $SQLName . " = '" . $SQLVars[$SQLName] . "'";
$formOutput .= l_t('%s updated successfully.', $name) . ' ';
}
if ($set != '') {
$DB->sql_put("UPDATE wD_Users SET " . $set . " WHERE id = " . $User->id);
}
if (isset($SQLVars['password'])) {
$DB->sql_put("UPDATE wD_Users SET password = "******" WHERE id = " . $User->id);
libAuth::keyWipe();
header('refresh: 3; url=logon.php');
$formOutput .= l_t('Password updated successfully; you have been logged out and ' . 'will need to logon with the new password.') . ' ';
}
} catch (Exception $e) {
$formOutput .= $e->getMessage();
}
// We may have received no new data
if ($formOutput) {
$User->load();
// Reload in case of a change
print '<div class="content"><p class="notice">' . $formOutput . '</p></div>';
}
}
print libHTML::pageTitle(l_t('User account settings'), l_t('Alter the settings for your webDiplomacy user account; e.g. change your password/e-mail.'));
print '<form method="post">
continue;
}
$set .= ', ';
$User->{$SQLName} = $SQLVars[$SQLName];
$set .= $SQLName . " = '" . $SQLVars[$SQLName] . "'";
}
if (count($errors)) {
throw new Exception(implode('. ', $errors));
}
$set .= ', timeJoined = ' . time() . ', timeLastSessionEnded = ' . time();
if (User::findUsername($SQLVars['username'])) {
throw new Exception(l_t("The username '%s' is already in use. Please choose another.", $SQLVars['username']));
} elseif (User::findEmail($SQLVars['email'])) {
throw new Exception(l_t("The e-mail address '%s', is already in use. Please choose another.", $SQLVars['email']));
}
$DB->sql_put("INSERT INTO wD_Users SET " . $set);
$DB->sql_put("COMMIT");
// Re-authenticate with the new password, to create a new session ID
$key = libAuth::userPass_Key($SQLVars['username'], $_REQUEST['userForm']['password']);
$NewUser = libAuth::key_User($key);
$NewUser->sendNotice('No', 'No', l_t("Welcome! This area displays your notices, which let you catch " . "up with what has happened since you were last here"));
// libHTML does not like letting registered users access the registration page
$User = new User(GUESTID);
print libHTML::pageTitle(l_t('Register a webDiplomacy account'), l_t('Validate your e-mail address -> Enter your account settings -> <strong>Play webDiplomacy!</strong>'));
print "<h3>" . l_t("Welcome to webDiplomacy!") . "</h3>\r\n\t\t\t<p>" . l_t("Welcome, %s!", $SQLVars['username']) . "<br /><br />\r\n\r\n\t\t\t\t" . l_t("You can now post in the <a href='forum.php' class='light'>forum</a>, " . "look for <a href='gamelistings.php' class='light'>a game to join</a>, " . "create a <a href='gamecreate.php' class='light'>new game</a>, " . "or get some <a href='help.php' class='light'>help/info</a>.") . "<br /> " . l_t("Be sure to bookmark the <a href='index.php' class='light'>home page</a>, " . "which displays a summary of your games and forum activity.") . "<br /><br />\r\n\r\n\t\t\t\t" . l_t("If you don't know what Diplomacy is about yet check out the quick\r\n\t\t\t\t<a href='intro.php' light='class'>graphical intro to webDiplomacy</a>,\r\n\t\t\t\tso you can get going faster.") . "\r\n\t\t\t</p>";
print '</div>';
libHTML::footer();
} catch (Exception $e) {
$formOutput .= $e->getMessage();
}
print '<div class="content"><p class="notice">' . $formOutput . '</p></div>';
public function resetPass(array $params)
{
global $DB, $User;
$ChangeUser = new User($params['userID']);
if ($ChangeUser->type['Admin'] || $ChangeUser->type['Moderator'] && !$User->type['Admin']) {
throw new Exception(l_t("Cannot reset an admin/moderator's password if you aren't admin."));
}
$password = base64_encode(rand(1000000, 2000000));
$DB->sql_put("UPDATE wD_Users\r\n\t\t\tSET password = UNHEX('" . libAuth::pass_Hash($password) . "')\r\n\t\t\tWHERE id = " . $ChangeUser->id);
return l_t('Users password reset to %s', $password);
}
</form>';
} elseif ($_REQUEST['forgotPassword'] == 2 && isset($_REQUEST['forgotUsername'])) {
try {
$forgottenUser = new User(0, $DB->escape($_REQUEST['forgotUsername']));
} catch (Exception $e) {
throw new Exception(l_t("Cannot find an account for the given username, please " . "<a href='logon.php?forgotPassword=1' class='light'>go back</a> and check your spelling."));
}
require_once l_r('objects/mailer.php');
$Mailer = new Mailer();
$Mailer->Send(array($forgottenUser->email => $forgottenUser->username), l_t('webDiplomacy forgotten password verification link'), l_t("You can use this link to get a new password generated:") . "<br>\r\n" . libAuth::email_validateURL($forgottenUser->email) . "&forgotPassword=3<br><br>\r\n\r\n" . l_t("If you have any further problems contact the server's admin at %s.", Config::$adminEMail) . "<br>");
print '<p>' . l_t('An e-mail has been sent with a verification link, which will allow you to have your password reset. ' . 'If you can\'t find the e-mail in your inbox try your junk folder/spam-box.') . '</p>';
} elseif ($_REQUEST['forgotPassword'] == 3 && isset($_REQUEST['emailToken'])) {
$email = $DB->escape(libAuth::emailToken_email($_REQUEST['emailToken']));
$userID = User::findEmail($email);
$newPassword = base64_encode(rand(1000000000, 2000000000));
$DB->sql_put("UPDATE wD_Users\r\n\t\t\t\tSET password=UNHEX('" . libAuth::pass_Hash($newPassword) . "')\r\n\t\t\t\tWHERE id=" . $userID . " LIMIT 1");
print '<p>' . l_t('Thanks for verifying your address, this is your new password, which you can ' . 'change once you have logged back on:') . '<br /><br />
<strong>' . $newPassword . '</strong></p>
<p><a href="logon.php" class="light">' . l_t('Back to log-on prompt') . '</a></p>';
}
} catch (Exception $e) {
print '<p class="notice">' . $e->getMessage() . '</p>';
}
print '</div>';
libHTML::footer();
}
if (!$User->type['User']) {
print libHTML::pageTitle(l_t('Log on'), l_t('Enter your webDiplomacy account username and password to log into your account.'));
print '
<li class="formlistfield"><input type="submit" class="form-submit" value="' . l_t('Send') . '" /></li>
</form>
</ul>
</div>';
}
libHTML::pagebreak();
$search = new search('Profile');
$profilePager = new PagerGames('profile.php', $total);
$profilePager->addArgs('userID=' . $UserProfile->id);
if (isset($_REQUEST['advanced']) && $User->type['User']) {
print '<a name="search"></a>';
print '<h3>' . l_t('Search %s\'s games:', $UserProfile->username) . ' (<a href="profile.php?page=1&userID=' . $UserProfile->id . '#top" class="light">' . l_t('Close') . '</a>)</h3>';
$profilePager->addArgs('advanced=on');
$searched = false;
if (isset($_REQUEST['search'])) {
libAuth::resourceLimiter('profile game search', 5);
$searched = true;
$_SESSION['search-profile.php'] = $_REQUEST['search'];
$search->filterInput($_SESSION['search-profile.php']);
} elseif (isset($_REQUEST['page']) && isset($_SESSION['search-profile.php'])) {
$searched = true;
$search->filterInput($_SESSION['search-profile.php']);
}
print '<div style="margin:30px">';
print '<form action="profile.php?userID=' . $UserProfile->id . '&advanced=on#top" method="post">';
print '<input type="hidden" name="page" value="1" />';
$search->formHTML();
print '</form>';
print '<p><a href="profile.php?page=1&userID=' . $UserProfile->id . '#top" class="light">' . l_t('Close search') . '</a></p>';
print '</div>';
if ($searched) {
}
if (!libAuth::validate_email($email)) {
throw new Exception(l_t("A first check of this e-mail is finding it invalid. Remember you need one to " . "play, and it will not be spammed or released."));
}
// Prelim checks look okay, lets send the e-mail
$Mailer->Send(array($email => $email), l_t('Your new webDiplomacy account'), l_t("Hello and welcome!") . "<br><br>\r\n\r\n" . l_t("Thanks for validating your e-mail address; just use this link to create your new webDiplomacy account:") . "<br>\r\n" . libAuth::email_validateURL($email) . "<br><br>\r\n\r\n" . l_t("There are two main rules that we want you to be aware of:") . "<br>\r\n\r\n" . l_t("1. No Multi-Accounting") . "<br><br>\r\n\r\n" . l_t("You may only have one account, second accounts are not allowed under any circumstances, and will be banned. This may also lead to your first account also being banned. If you forget your password, use the lost password finder here: http://www.webdiplomacy.net/logon.php?forgotPassword=1. If you are still unable to log in, contact the mods.") . "<br><br>\r\n\r\n" . l_t("2. No Meta-gaming") . "<br><br>\r\n\r\n" . l_t("You cannot play a public game with players that you know outside of the site. In doing so, you create an unfair environment for other players by giving yourself the opportunity to form alliances for reasons outside the game. This includes playing public games with family, friends, relatives, coworkers, or even joining a game with any player of a previous game with a predetermined intent to ally with or attack certain players.") . "<br><br>\r\n\r\n" . l_t("Because Diplomacy is a social game, we always encourage playing with friends. However, you should always do so in a private, password-protected game and make sure that every player knows about any real life connections before the game begins.") . "<br><br>\r\n\r\n" . l_t("The rest of the rules can be found here: http://www.webdiplomacy.net/rules.php") . "<br><br>\r\n" . l_t("If you have any further problems contact the server's admin at %s.", Config::$adminEMail) . "<br><br>\r\n\r\n" . l_t("Enjoy your new account!") . "<br>\r\n");
$page = 'emailSent';
} catch (Exception $e) {
print '<div class="content">';
print '<p class="notice">' . $e->getMessage() . '</p>';
print '</div>';
$page = 'validationForm';
}
} elseif (isset($_REQUEST['emailToken'])) {
try {
if (!($email = libAuth::emailToken_email($_REQUEST['emailToken']))) {
throw new Exception(l_t("A bad e-mail token was given, please try again"));
}
$email = trim($DB->escape($email));
$page = 'userForm';
// The user's e-mail is authenticated; he's not a robot and he has a real e-mail address
// Let him through to the form, or process his form if he has one
if (isset($_REQUEST['userForm'])) {
$_REQUEST['userForm']['email'] = $email;
// If the form is accepted the script will end within here.
// If it isn't accepted they will be shown back to the userForm page
require_once l_r('register/processUserForm.php');
} else {
$_REQUEST['userForm'] = array('email' => $email);
$page = 'firstUserForm';
}
You should have received a copy of the GNU Affero General Public License
along with webDiplomacy. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @package Base
* @subpackage Game
*/
require_once 'header.php';
require_once l_r('gamesearch/search.php');
require_once l_r('pager/pagergame.php');
require_once l_r('objects/game.php');
require_once l_r('gamepanel/game.php');
libHTML::starthtml();
print '<div class="content">';
if (isset($_REQUEST['find'])) {
libAuth::resourceLimiter('search games', 5);
if (isset($_REQUEST['find']['game'])) {
$game = $DB->escape($_REQUEST['find']['game']);
}
if (isset($_REQUEST['find']['member'])) {
$member = $DB->escape($_REQUEST['find']['member']);
}
if (isset($_REQUEST['find']['type']) && $_REQUEST['find']['type'] == 'id') {
$useID = true;
$game = (int) $game;
$member = (int) $member;
} else {
$useID = false;
}
$tabl = $DB->sql_tabl('SELECT g.id, g.variantID FROM wD_Games g
INNER JOIN wD_Members m ON ( m.gameID = g.id )
{
if( !isset($_REQUEST['error'.$varName]) ) return;
$errorVals[$varName] = $_REQUEST['error'.$varName];
}
if( isset($_SERVER['HTTP_USER_AGENT']) )
$errorVars['UserAgent'] = $_SERVER['HTTP_USER_AGENT'];
trigger_error('JavaScript error logged');
}
logJavaScriptError();
*/
$results = array('status' => 'Invalid', 'notice' => 'No valid action specified');
if (isset($_GET['likeMessageToggleToken'])) {
if (libAuth::likeToggleToken_Valid($_GET['likeMessageToggleToken'])) {
$token = explode('_', $_GET['likeMessageToggleToken']);
$userID = (int) $token[0];
$likeMessageID = (int) $token[1];
$DB->sql_put("BEGIN");
list($likeExists) = $DB->sql_row("SELECT COUNT(*) FROM wD_LikePost WHERE userID = " . $userID . " AND likeMessageID = " . $likeMessageID);
if ($likeExists == 0) {
$DB->sql_put("UPDATE wD_ForumMessages SET likeCount = likeCount + 1 WHERE id = " . $likeMessageID);
$DB->sql_put("INSERT INTO wD_LikePost ( userID, likeMessageID ) VALUES ( " . $userID . ", " . $likeMessageID . " )");
} else {
$DB->sql_put("UPDATE wD_ForumMessages SET likeCount = likeCount - 1 WHERE id = " . $likeMessageID);
$DB->sql_put("DELETE FROM wD_LikePost WHERE userID = " . $userID . " AND likeMessageID = " . $likeMessageID);
}
$DB->sql_put("COMMIT");
}
} elseif (isset($_REQUEST['context']) && isset($_REQUEST['contextKey']) && isset($_REQUEST['orderUpdates'])) {
