function updatecookie() { // Refresh the cookie with username/password - Times out after 60 mins, and player must login again. global $gamepath, $gamedomain, $userpass, $username, $password, $user_ship_id, $user_ip_address, $user_agent, $user_host; $shared_function = new shared(); $ip_array = $shared_function->sortIP(); $user_ip_address = $ip_array[0]; $user_agent = $_SERVER['HTTP_USER_AGENT']; $user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']); $cookie_session_id = md5($user_agent); $data = array('username' => $username, 'password' => $cookie_session_id, 'user_id' => $user_ship_id, 'user_ip' => $user_ip_address, 'user_host' => $user_host, 'user_agent' => $user_agent); $data = serialize($data); setcookie("userID", $data, time() + 3600 * 24 * 365, $gamepath, $gamedomain); }
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see <http://www.gnu.org/licenses/>. // // File: option2.php include "config/config.php"; if (checklogin()) { die; } global $l_opt2_title; $title = $l_opt2_title; if ($newpass1 == $newpass2 && $password == $oldpass && $newpass1 != "") { $shared_function = new shared(); $ip_array = $shared_function->sortIP(); $user_ip_address = $ip_array[0]; $user_agent = $_SERVER['HTTP_USER_AGENT']; $user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']); $cookie_session_id = md5($user_agent); $data = array('username' => $username, 'password' => $cookie_session_id, 'user_id' => $user_ship_id, 'user_ip' => $user_ip_address, 'user_host' => $user_host, 'user_agent' => $user_agent); $data = serialize($data); setcookie("userID", $data, time() + 3600 * 24 * 365, $gamepath, $gamedomain); } if (!preg_match("/^[\\w]+\$/", $newlang)) { $newlang = $default_lang; } else { $lang = $_POST['newlang']; } // New database driven language entries load_languages($db, $lang, array('option2', 'common', 'global_includes', 'global_funcs', 'combat', 'footer', 'news'), $langvars, $db_logging);
function checklogin() { $flag = 0; $shared_function = new shared(); global $username, $password, $db, $l, $user_ship_id, $user_cookie_ip, $user_cookie_host, $user_cookie_agent, $lang; $result1 = $db->Execute("SELECT * FROM {$db->prefix}ships WHERE ship_id=? LIMIT 1", array($user_ship_id)); db_op_result($db, $result1, __LINE__, __FILE__); $playerinfo = $result1->fields; // Check the cookie to see if username/password are empty - check password against database //needs changing to check session ID inside cookie matches session ID on server DB, if not force user to log in again! /*Check user browser and cookie match*/ $shared_function = new shared(); $ip_array = $shared_function->sortIP(); $user_ip_address = $ip_array[0]; $user_agent = $_SERVER['HTTP_USER_AGENT']; $user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']); if ($username == "" or $user_ship_id == "" or $password == "") { $title = $l->get('l_error'); include "header.php"; echo str_replace("[here]", "<a href='index.php'>" . $l->get('l_here') . "</a>", $l->get('l_global_needlogin')); include "footer.php"; $flag = 1; } else { /*check computers match*/ if ($user_cookie_ip == $user_ip_address && $user_cookie_host == $user_host && $user_cookie_agent == $user_agent) { if ($playerinfo) { $ip = $_SERVER['REMOTE_ADDR']; $stamp = date("Y-m-d H:i:s"); $timestamp['now'] = (int) strtotime($stamp); $timestamp['last'] = (int) strtotime($playerinfo['last_login']); // Update the players last_login ever 60 seconds to cut back SQL Queries. if ($timestamp['now'] >= $timestamp['last'] + 60) { $update = $db->Execute("UPDATE {$db->prefix}ships SET last_login = ?, ip_address = ? WHERE ship_id = ?;", array($stamp, $ip, $playerinfo['ship_id'])); } } } else { $title = $l->get('l_error'); include "header.php"; echo str_replace("[here]", "<a href='index.php'>" . $l->get('l_here') . "</a>", $l->get('l_global_needlogin')); include "footer.php"; $flag = 1; } } /* // Check for destroyed ship if ($playerinfo['ship_destroyed'] == "Y") { // if the player has an escapepod, set the player up with a new ship if ($playerinfo['dev_escapepod'] == "Y") { $result2 = $db->Execute("UPDATE {$db->prefix}ships SET hull=0, engines=0, power=0, computer=0,sensors=0, beams=0, torp_launchers=0, torps=0, armor=0, armor_pts=100, cloak=0, shields=0, sector=0, ship_ore=0, ship_organics=0, ship_energy=1000, ship_colonists=0, ship_goods=0, ship_fighters=100, ship_damage=0, on_planet='N', dev_warpedit=0, dev_genesis=0, dev_beacon=0, dev_emerwarp=0, dev_escapepod='N', dev_fuelscoop='N', dev_minedeflector=0, ship_destroyed='N',dev_lssd='N' WHERE email=?", array($username)); db_op_result ($db, $result2, __LINE__, __FILE__); echo str_replace("[here]", "<a href='main.php'>" . $l->get('l_here') . "</a>", $l->get('l_login_died')); $flag = 1; } else { // if the player doesn't have an escapepod - they're dead, delete them. But we can't delete them yet. // (This prevents the self-distruct inherit bug) echo str_replace("[here]", "<a href='log.php'>" . ucfirst($l->get('l_here')) . "</a>", $l->get('l_global_died')) . "<br><br>" . $l->get('l_global_died2'); echo str_replace("[logout]", "<a href='logout.php'>" . $l->get('l_logout') . "</a>", $l->get('l_die_please')); $flag = 1; } } */ global $server_closed; if ($server_closed && $flag == 0) { $title = $l->get('l_login_closed_message'); include "header.php"; echo $l->get('l_login_closed_message'); include "footer.php"; $flag = 1; } return $flag; }
public function player_log($user_id, $event_id, $a, $b, $c, $tracking, $log_priority, $log_title) { global $db_prefix; $shared_function = new shared(); if ($tracking == "notrack") { $user_ip_address = ""; $user_agent = ""; $user_host = ""; } else { $ip_array = $shared_function->sortIP(); $user_ip_address = $ip_array[0]; $user_agent = $_SERVER['HTTP_USER_AGENT']; $user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']); } $event_content = $this->player_log_data($event_id, $a, $b, $c, $ip_array); $timestamp = $shared_function->manage_time("full"); $create_log = $this->connect->prepare("INSERT INTO " . $db_prefix . "player_logs SET ship_id = ? , type = ? , time = ?, data = ?, user_agent = ?, user_host = ?, user_ip = ?, priority = ?, title = ?"); $create_log->bindParam(1, $user_id, PDO::PARAM_INT); $create_log->bindParam(2, $event_id, PDO::PARAM_INT); $create_log->bindParam(3, $timestamp, PDO::PARAM_STR); $create_log->bindParam(4, $event_content, PDO::PARAM_STR); $create_log->bindParam(5, $user_agent, PDO::PARAM_STR); $create_log->bindParam(6, $user_host, PDO::PARAM_STR); $create_log->bindParam(7, $user_ip_address, PDO::PARAM_STR); $create_log->bindParam(8, $log_priority, PDO::PARAM_STR); $create_log->bindParam(9, $log_title, PDO::PARAM_STR); if ($create_log->execute()) { # Do nothing, log was created!!! # } else { # Log failed to work..... log this in the admin logs.... hopefully it will work there?! # if ($user_id > 0) { /*username is valid... why else would the log fail?*/ if ($event_id > 0) { /*NO other known reason this should be failing.*/ $this->security_log($user_id, 3, $create_log->errorInfo()); } else { /*Invalid Event ID*/ $this->security_log($user_id, 2, $event_id); } } else { /*Invalid User ID*/ $this->security_log(0, 1, $event_id); } } }