function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = stripslashes(@$_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
$password = md5($password);
$config['user']->doLogin($username, $password);
if ($config['user']->isOk() && getVar('error') == '') {
// success
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
}
public function Display()
{
global $config, $lpaths;
// render header/footer
$this->outputs['header'] = RenderHTML::LoadHTML('header.php');
$this->outputs['footer'] = RenderHTML::LoadHTML('footer.php');
$this->outputs['header'] = str_replace('{AddToHeader}', $this->tempHeader, $this->outputs['header']);
// insert css
$this->outputs['css'] = trim($this->outputs['css']);
if (!empty($this->outputs['css'])) {
$this->outputs['css'] = "\n" . $this->outputs['css'] . "\n";
}
$this->outputs['header'] = str_replace('{css}', $this->outputs['css'], $this->outputs['header']);
// common tags
$this->tags['site title'] = $config['site title'];
$this->tags['page title'] = $config['title'];
$this->tags['lastpage'] = getLastPage();
$this->tags['sitepage title'] = $config['site title'] . (empty($config['title']) ? '' : ' - ' . $config['title']);
$this->tags['token'] = CSRF::getTokenURL();
$this->tags['token form'] = CSRF::getTokenForm();
// finish rendering page
$output = $this->outputs['header'] . "\n" . $this->outputs['body'] . "\n" . $this->outputs['footer'] . "\n";
RenderHTML::RenderTags($output, $this->tags);
echo $output;
unset($output, $this->outputs);
}
function doChangePassword()
{
global $config;
if (!isset($_POST[CHANGEPASS_FORM_PASSWORD]) || !isset($_POST[CHANGEPASS_FORM_CONFIRM])) {
return NULL;
}
$password = trim(stripslashes(@$_POST[CHANGEPASS_FORM_PASSWORD]));
$confirm = trim(stripslashes(@$_POST[CHANGEPASS_FORM_CONFIRM]));
unset($_POST[CHANGEPASS_FORM_PASSWORD]);
unset($_POST[CHANGEPASS_FORM_CONFIRM]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check passwords match
if ($password !== $confirm) {
$_SESSION['error'][] = 'Passwords don\'t match. Please try again.';
return FALSE;
}
// check password length
if (strlen($password) < 6) {
$_SESSION['error'][] = 'Password is to short, must be at least 6 characters long.';
return FALSE;
}
// update password in database
$result = $config['user']->ChangePassword(md5($password));
// successful change
if ($result !== FALSE) {
// password has been changed
$_SESSION['Temp Pass'] = FALSE;
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE || strpos($lastpage, 'changepass') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
return FALSE;
}
function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return NULL;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = trim(stripslashes(@$_POST[LOGIN_FORM_PASSWORD]));
unset($_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check hashed password
$result = $config['user']->doLogin($username, md5($password));
// try temporary password
if ($result !== TRUE && strlen($password) < 32) {
// unset($_GET['error']);
$result = $config['user']->doLogin($username, $password);
if ($result === TRUE && $config['user']->isOk() && getVar('error') == '') {
$_SESSION['Temp Pass'] = TRUE;
unset($_SESSION['error']);
}
}
// successful login
if ($result !== FALSE && $config['user']->isOk() && getVar('error') == '') {
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
return TRUE;
}
}
echo $config['error'];
exit;
}
if ($config['action'] == 'cancel') {
CSRF::ValidateToken();
// inventory is locked
if ($config['user']->isLocked()) {
echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 4);
exit;
}
// cancel auction
if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
echo '<center><h2>Auction canceled!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 2);
exit;
}
echo $config['error'];
exit;
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
global $config, $html;
//file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
header('Content-Type: text/plain');
// list auctions
$auctions = QueryAuctions::QueryCurrent();
$TotalDisplaying = QueryAuctions::TotalDisplaying();
$TotalAllRows = QueryAuctions::TotalAllRows();
$_SESSION['success'][] = 'Auction purchased successfully!';
ForwardTo(getLastPage(), 0);
exit;
}
}
}
if ($config['action'] == 'cancel') {
CSRF::ValidateToken();
// inventory is locked
if ($config['user']->isLocked()) {
$_SESSION['error'][] = 'Your inventory is currently locked.<br />Please close your in game inventory and try again.';
} else {
// cancel auction
if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
$_SESSION['success'][] = 'Auction canceled!';
ForwardTo(getLastPage(), 0);
exit;
}
}
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
global $config, $html;
//file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
header('Content-Type: text/plain');
// list auctions
$auctions = QueryAuctions::QueryCurrent();
$TotalDisplaying = QueryAuctions::TotalDisplaying();
$TotalAllRows = QueryAuctions::TotalAllRows();
$outputRows = "{\n" . "\t" . '"iTotalDisplayRecords" : ' . $TotalDisplaying . ",\n" . "\t" . '"iTotalRecords" : ' . $TotalAllRows . ",\n" . "\t" . '"sEcho" : ' . (int) getVar('sEcho', 'int') . ",\n" . "\t" . '"aaData" : [' . "\n";
<?php // do logout CSRF::ValidateToken(); global $config; $config['user']->doLogout(); ForwardTo(getLastPage()); exit;
function RenderPage_sell()
{
global $config, $html, $user, $settings;
$output = '';
$id = getVar('id', 'int');
$qty = getVar('qty');
$priceEach = getVar('price', 'double');
// query item
$Item = QueryItems::QuerySingle($user->getName(), $id);
if (!$Item) {
return '<h2 style="text-align: center;">The item you\'re trying to sell couldn\'t be found!</h2>';
}
//echo '<pre>';print_r($Item);exit();
if (empty($qty)) {
$qty = $Item->getItemQty();
}
if ($priceEach == 0.0) {
$priceEach = '';
$priceTotal = '';
} else {
$priceTotal = (double) $priceEach * (double) $qty;
}
$html->addToHeader('
<script type="text/javascript" language="javascript">
function updateTotal(thisfield,otherfieldid){
otherfield = document.getElementById(otherfieldid);
document.getElementById("pricetotal").innerHTML = (thisfield.value * otherfield.value).toFixed(2);
// $("pricetotal").update( thisfield.value * otherfield.value );
}
</script>
');
//if(isset($_SESSION['error'])) {
// $output.='<p style="color:red">'.$_SESSION['error'].'</p>';
// unset($_SESSION['error']);
//}
//if(isset($_SESSION['success'])) {
// $output.='<p style="color: green;">'.$_SESSION['success'].'</p>';
// unset($_SESSION['success']);
//}
$output .= '
<!-- mainTable example -->
<form action="./" method="post">
{token form}
<input type="hidden" name="page" value="' . $config['page'] . '" />
<input type="hidden" name="action" value="newauction" />
<input type="hidden" name="lastpage" value="' . getLastPage() . '" />
<input type="hidden" name="id" value="' . getVar('id', 'int') . '" />
<table border="0" cellpadding="0" cellspacing="0" id="createauctionTable">
';
// input errors
if (!isset($config['error'])) {
if (!$user->hasPerms('canSell')) {
$config['error'] = 'You don\'t have permission to sell.';
}
}
if (isset($config['error'])) {
$output .= '<tr><td align="center" style="padding-top: 20px; color: red; font-size: larger;">' . $config['error'] . '</td></tr>';
}
// add enchantments to this link!
// '<a href="./?page=graph&name='.((int)$Item->getItemId()).'&damage='.$Item->getItemDamage().'">'.' .
$output .= '
<tr><td align="center"><h2>Create a New Auction</h2></td></tr>
<tr><td align="center"><div class="input" style="width: 150px; padding-top: 15px; padding-bottom: 15px; text-align: center;">' . $Item->getDisplay() . '</div></td></tr>
<tr><td height="20"></td></tr>
<tr><td align="center"><b>You have <font size="+2">' . (int) $Item->getItemQty() . '</font> items</b></td></tr>
<tr><td><table border="0" cellpadding="0" cellspacing="10" align="center">
<tr>
<td align="right"><b>Quantity:</b></td>
<td><div style="position: absolute; margin-top: 10px; margin-left: 8px; font-size: larger; font-weight: bold;">x</div>' . '<input type="text" name="qty" value="' . (int) $qty . '" id="qty" class="input" style="width: 160px; text-align: center;" ' . 'onkeypress="return numbersonly(this, event);" onkeyup="updateTotal(this,\'price\');" /></td>
</tr>
<tr>
<td align="right"><b>Price Each:</b></td>
<td><div style="position: absolute; margin-top: 8px; margin-left: 8px; font-size: larger; font-weight: bold;">' . SettingsClass::getString('Currency Prefix') . '</div>' . '<input type="text" name="price" value="' . $priceEach . '" id="price" class="input" style="width: 160px; text-align: center;" ' . 'onkeypress="return numbersonly(this, event);" onkeyup="updateTotal(this,\'qty\');" />' . '<b> ' . SettingsClass::getString('Currency Postfix') . '</b></td>
</tr>
<tr>
<td align="right"><b>Price Total:</b></td>
<td><div style="position: absolute; margin-top: 8px; margin-left: 8px; font-size: larger; font-weight: bold;">' . SettingsClass::getString('Currency Prefix') . '</div>' . '<div id="pricetotal" class="input" style="float: left; width: 160px; text-align: center; font-size: larger; font-weight: bold;"> </div>' . '<div style="margin-top: 8px;"><b> ' . SettingsClass::getString('Currency Postfix') . '</b></div></td>
</tr>
</table></td></tr>
<tr><td height="20"></td></tr>
';
// custom descriptions
if (SettingsClass::getString('Custom Descriptions')) {
$output .= '
<tr><td colspan="2" align="center"> <b>Description:</b> (optional)</td></tr>
<tr><td height="10"></td></tr>
<tr><td colspan="2" align="center"><textarea name="desc" class="input" style="width: 80%; height: 55px;" readonly>Coming soon!</textarea></td></tr>
<tr><td height="30"></td></tr>
';
}
$output .= '
<tr><td colspan="2" align="center"><input type="submit" value="Create Auction" class="input" /></td></tr>
<tr><td height="30"></td></tr>
</table>
</form>
';
unset($Item);
return $output;
}