public function AddAward($request) { if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) == 0) { return NoAuthorization(); } $mundane = new yapo($this->db, DB_PREFIX . 'mundane'); $mundane->clear(); $mundane->mundane_id = $mundane_id; if (!$mundane->find()) { return InvalidParameter(); } $authorizer = ['KingdomId' => $mundane->kingdom_id, 'ParkId' => $mundane->park_id]; if (valid_id($request['AwardId'])) { $request['KingdomAwardId'] = Ork3::$Lib->award->LookupAward(['KingdomId' => $recipient['KingdomId'], 'AwardId' => $request['AwardId']]); } else { if (valid_id($request['KingdomAwardId'])) { list($kingdom_id, $request['AwardId']) = Ork3::$Lib->award->LookupKingdomAward(['KingdomAwardId' => $recipient['KingdomAwardId']]); } } if (valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $authorizer['ParkId'], AUTH_EDIT)) { if (valid_id($request['GivenById'])) { $given_by = $this->GetPlayer(['MundaneId' => $request['GivenById']]); } if (valid_id($request['ParkId'])) { $Park = new Park(); $park_info = $Park->GetParkShortInfo(['ParkId' => $given_by['Player']['ParkId']]); if ($park_info['Status']['Status'] != 0) { return InvalidParameter('Invalid Parameter 2'); } } if (valid_id($request['AwardId'])) { $request['KingdomAwardId'] = Ork3::$Lib->award->LookupAward(['KingdomId' => $request['KingdomId'], 'AwardId' => $request['AwardId']]); } $awards = new yapo($this->db, DB_PREFIX . 'awards'); $awards->clear(); $awards->kingdomaward_id = $request['KingdomAwardId']; $awards->award_id = $request['AwardId']; $awards->custom_name = $request['CustomName']; $awards->unit_id = $request['RecipientId']; $awards->rank = $request['Rank']; $awards->date = $request['Date']; $awards->given_by_id = $request['GivenById']; $awards->at_park_id = valid_id($request['ParkId']) ? $request['ParkId'] : 0; $awards->at_kingdom_id = valid_id($request['KingdomId']) ? $request['KingdomId'] : 0; $awards->at_event_id = valid_id($request['EventId']) ? $request['EventId'] : 0; $awards->note = $request['Note']; // If no event, then go Park! if (valid_id($request['GivenById'])) { $awards->park_id = valid_id($given_by['Player']['ParkId']) ? $given_by['Player']['ParkId'] : 0; // If no event and valid parkid, go Park! Otherwise, go Kingdom. Unless it's an event. Then go ... ZERO! $awards->kingdom_id = valid_id($given_by['Player']['KingdomId']) ? $given_by['Player']['KingdomId'] : 0; } // Events are awesome. $awards->save(); return Success($awards->awards_id); } else { return NoAuthorization('No Authorization'); } }
public function CreateEvent($request) { logtrace("CreateEvent()", $request); $log = ''; $mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token']); // Common event setup $this->event->clear(); $this->event->kingdom_id = $request['KingdomId']; $this->event->park_id = $request['ParkId']; $this->event->mundane_id = $request['MundaneId']; $this->event->unit_id = $request['UnitId']; $this->event->name = $request['Name']; $this->event->modified = date('Y-m-d H:i:s'); if (valid_id($request['MundaneId']) && !valid_id($request['UnitId'])) { $this->event->kingdom_id = 0; $this->event->park_id = 0; $this->event->unit_id = 0; $this->event->save(); } else { if (valid_id($request['UnitId'])) { $this->event->kingdom_id = 0; $this->event->park_id = 0; $this->event->save(); } else { if (valid_id($request['ParkId']) && valid_id($request['KingdomId']) && valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $request['ParkId'], AUTH_CREATE)) { $park = new yapo($this->db, DB_PREFIX . 'park'); $park->clear(); $park->park_id = $request['ParkId']; if ($park->find()) { $this->event->mundane_id = 0; $this->event->unit_id = 0; $this->event->save(); } else { return InvalidParameter(NULL, 'Problem processing request.'); } } else { if (valid_id($request['KingdomId']) && valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_KINGDOM, $request['KingdomId'], AUTH_CREATE)) { $kingdom = new yapo($this->db, DB_PREFIX . 'kingdom'); $kingdom->clear(); $kingdom->kingdom_id = $request['KingdomId']; if ($kingdom->find()) { $this->event->park_id = 0; $this->event->mundane_id = 0; $this->event->unit_id = 0; $this->event->save(); } else { return InvalidParameter(NULL, 'Problem processing request.'); } } else { // Bailout without committing return NoAuthorization(); } } } } Ork3::$Lib->heraldry->SetEventHeraldry($request); return Success($this->event->event_id); }
public function LookupKingdomAward($request) { if (valid_id($request['KingdomAwardId'])) { $kingdomaward = new yapo($this->db, DB_PREFIX . 'kingdomaward'); $kingdomaward->clear(); $kingdomaward->kingdomaward_id = $request['KingdomAwardId']; $kingdomaward->find(); return array($kingdomaward->award_id, $kingdomaward->kingdom_id); } }
public function Park($name, $kingdom_id = null, $limit = null) { $park = new yapo($this->db, DB_PREFIX . 'park'); $park->clear(); $park->name = "%{$name}%"; $park->name_term = 'like'; if (is_numeric($kingdom_id)) { $park->kingdom_id = $kingdom_id; } $i = 0; if ($park->find(array('name'))) { $r = array(); do { $r[$i++] = array('ParkId' => $park->park_id, 'KingdomId' => $park->kingdom_id, 'Name' => $park->name, 'Active' => $park->active); if (is_numeric($limit)) { if ($limit == 0) { break; } $limit--; } } while ($park->next()); return $r; } else { return array(); } }
public function HasAuthority($mundane_id, $type, $id, $role) { logtrace("HasAuthority", [$mundane_id, $type, $id, $role]); if (valid_id($mundane_id) && (valid_id($id) || $type == AUTH_ADMIN)) { } else { if ($type == AUTH_ADMIN && valid_id($mundane_id)) { } else { return false; } } // Is Admin? $this->auth->clear(); $this->auth->mundane_id = $mundane_id; $this->auth->role = AUTH_ADMIN; if ($this->auth->find() && $this->auth->size() > 0) { return true; } // Playing shenanigans if (0 == $id) { return false; } // Check for bans $this->mundane->clear(); $this->mundane->mundane_id = $mundane_id; if (!$this->mundane->find()) { return false; } else { if ($this->mundane->penalty_box == 1) { return false; } } $this->auth->clear(); $this->auth->mundane_id = $mundane_id; // Basic check -- does the user have direct access? // NOTE: Admin check here does not check for admin privileges per se, but for whether // an Admin Authorization request is avail (Admin == Admin) // For elevated privileges (Admin > Park|Kingdom|Event|Unit), the check is handled below switch ($type) { case AUTH_PARK: $this->auth->park_id = $id; break; case AUTH_KINGDOM: $this->auth->kingdom_id = $id; break; case AUTH_EVENT: $this->auth->event_id = $id; break; case AUTH_UNIT: $this->auth->unit_id = $id; break; case AUTH_ADMIN: $this->auth->role = AUTH_ADMIN; break; default: return false; } if ($this->auth->find() && $id != 0) { $sufficient = false; do { switch ($this->auth->role) { case AUTH_EDIT: $sufficient |= AUTH_EDIT == $role; case AUTH_CREATE: return true; case AUTH_ADMIN: return true; } } while ($this->auth->next()); // Something matched, fly away my pretty! if ($sufficient) { return true; } } if ($type == AUTH_ADMIN) { return false; } // Upper-level authority check, we have to find the parents of // of the subject, and check their auths // !$sufficient is redundant, but I don't trust the next guy to hold the invariant if (!$sufficient && $type != AUTH_KINGDOM) { switch ($type) { case AUTH_PARK: $park = new yapo($this->db, DB_PREFIX . 'park'); $park->clear(); $park->park_id = $id; if ($park->find()) { $id = $park->kingdom_id; if ($this->HasAuthority($mundane_id, AUTH_KINGDOM, $id, $role)) { return true; } } break; case AUTH_EVENT: $event = new yapo($this->db, DB_PREFIX . 'event'); $event->clear(); $event->event_id = $id; if ($event->find()) { if ($this->HasAuthority($mundane_id, AUTH_KINGDOM, $event->kingdom_id, $role) || $this->HasAuthority($mundane_id, AUTH_PARK, $event->park_id, $role) || ($event->mundane_id = $mundane_id)) { return true; } } break; } } return $sufficient; }
public function RemoveAward($request) { logtrace("RemoveAward()", $request); $mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token']); $awards = new yapo($this->db, DB_PREFIX . 'awards'); $awards->clear(); $awards->awards_id = $request['AwardsId']; if (valid_id($request['AwardsId']) && $awards->find()) { $mundane = $this->player_info($awards->mundane_id); if (valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $mundane['ParkId'], AUTH_EDIT)) { $awards->delete(); } else { return NoAuthorization(); } } else { return InvalidParameter(); } }
public function fetch_account_pointers($type, $id) { $config = new yapo($this->db, DB_PREFIX . 'configuration'); $config->clear(); $config->type = ucfirst($type); $config->id = $id; $config->key = 'AccountPointers'; if ($config->find()) { return json_decode($config->value, true); } else { return false; } }
public static function get_configs($id, $type = CFG_KINGDOM) { global $DB; $config = new yapo($DB, DB_PREFIX . 'configuration'); $config->clear(); $config->type = $type; $config->id = $id; $response = []; if ($config->find()) { do { $response[$config->key] = ['ConfigurationId' => $config->configuration_id, 'Type' => $config->var_type, 'Key' => $config->key, 'Value' => json_decode(stripslashes($config->value)), 'UserSetting' => $config->user_setting, 'AllowedValues' => json_decode(stripslashes($config->allowed_values))]; } while ($config->next()); } return $response; }
echo "<h2>Create Admin</h2>"; $sql = "INSERT INTO `" . DB_PREFIX . "mundane` (`mundane_id`, `given_name`, `surname`, `other_name`, `username`, `persona`, `email`, `park_id`, `kingdom_id`, `token`, `modified`, `restricted`, `waivered`, `waiver_ext`, `has_heraldry`, `has_image`, `company_id`, `token_expires`, `password_expires`, `password_salt`, `xtoken`, `penalty_box`, `active`) VALUES (1, 'admin', 'admin', 'admin', 'admin', 'admin', '*****@*****.**', 0, 0, '', '2013-04-24 12:55:31', 0, 0, '', 0, 0, 0, '0000-00-00 00:00:00', '2014-04-24 11:55:31', 'b1a838cc8bbbdc7d2008ac00890cb8eb', '', 0, 1)"; $DB->query($sql); $sql = "INSERT INTO `" . DB_PREFIX . "credential` (`key`, `expiration`) VALUES ('e.I0/92KStOsJu3dq5/WAErF..MkctX2KwjhsIn7vcB1Y3cim2nemAiVsc4byiUXzuhQu0', '2014-09-29 23:08:36')"; $DB->query($sql); $sql = "INSERT INTO `" . DB_PREFIX . "authorization` (`authorization_id`, `mundane_id`, `park_id`, `kingdom_id`, `event_id`, `unit_id`, `role`, `modified`) VALUES (1, 1, 0, 0, 0, 0, 'admin', '2013-04-24 13:28:25')"; $DB->query($sql); $adminuser = '******'; $adminpassword = '******'; $Authorization = new APIModel('Authorization'); $T = $Authorization->Authorize(array('UserName' => $adminuser, 'Password' => $adminpassword)); $Token = $T['Token']; $Award = new APIModel('Award'); echo "<h2>Cache Classes & Find Matches</h2>"; $class_namemap = array("Antipaladin" => 'Anti-Paladin', "Archer" => 'Archer', "Assassin" => 'Assassin', "Barbarian" => 'Barbarian', "Bard" => 'Bard', "Color" => 'Color', "Druid" => 'Druid', "Healer" => 'Healer', "Monk" => 'Monk', "Monster" => 'Monster', "Paladin" => 'Paladin', "Peasant" => 'Peasant', "Raider" => 'Color', "Reeve" => 'Reeve', "Scout" => 'Scout', "Warrior" => 'Warrior', "Wizard" => 'Wizard'); $classes->clear(); $classes->find(); $class_map = array(); $Attendance->create_system_classes(); $orkclasses = $Attendance->GetClasses(array()); do { foreach ($orkclasses['Classes'] as $idx => $classinfo) { if ($classinfo['Name'] == $class_namemap[$classes->classname]) { $classid = $classinfo['ClassId']; break; } } $class_map[$classes->classpk] = $classid; } while ($classes->next()); pre_print_r($class_map); echo "<h2>Create System Awards</h2>";
public function SetKingdomParkTitles($request) { $response = []; if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) > 0 && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_KINGDOM, $request['KingdomId'], AUTH_EDIT)) { $this->log->Write('Kingdom', $mundane_id, LOG_EDIT, $request); if (is_array($request['ParkTitles'])) { $parktitle = new yapo($this->db, DB_PREFIX . 'parktitle'); foreach ($request['ParkTitles'] as $k => $title) { switch ($title['Action']) { case CFG_REMOVE: $parktitle->clear(); $parktitle->parktitle_id = $title['ParkTitleId']; if (valid_id($title['ParkTitleId']) && $parktitle->find()) { if ($parktitle->kingdom_id != $request['KingdomId']) { $response['Status'] = NoAuthorization('You cannot edit the park titles of another kingdom.'); return $response; } $parktitle->delete(); } break; case CFG_EDIT: $parktitle->clear(); $parktitle->parktitle_id = $title['ParkTitleId']; if (valid_id($title['ParkTitleId']) && $parktitle->find()) { if ($parktitle->kingdom_id != $request['KingdomId']) { $response['Status'] = NoAuthorization('You cannot edit the park titles of another kingdom.'); return $response; } $parktitle->title = strlen($title['Title']) ? $title['Title'] : $parktitle->title; $parktitle->class = strlen($title['Class']) ? $title['Class'] : $parktitle->class; $parktitle->minimumattendance = strlen($title['MinimumAttendance']) ? $title['MinimumAttendance'] : $parktitle->minimumattendance; $parktitle->minimumcutoff = strlen($title['MinimumCutoff']) ? $title['MinimumCutoff'] : $parktitle->minimumcutoff; $parktitle->period = strlen($title['Period']) ? $title['Period'] : $parktitle->period; $parktitle->period_length = strlen($title['PeriodLength']) ? $title['PeriodLength'] : $parktitle->period_length; $parktitle->save(); } break; case CFG_ADD: $parktitle->clear(); $parktitle->kingdom_id = $request['KingdomId']; $parktitle->title = $title['Title']; $parktitle->class = $title['Class']; $parktitle->minimumattendance = $title['MinimumAttendance']; $parktitle->minimumcutoff = $title['MinimumCutoff']; $parktitle->period = $title['Period']; $parktitle->period_length = $title['PeriodLength']; $parktitle->save(); break; } } } $response = Success(); } else { $response = NoAuthorization(null, $mundane_id); } return $response; }
public function SetParkDetails($request) { logtrace("SetParkDetails", $request); $response = array(); $this->park->clear(); if (trimlen($request['Name']) > 0) { $this->park->name = trim($request['Name']); if ($this->park->find()) { if ($this->park->park_id != $request['ParkId']) { return InvalidParameter('This park name already exists.'); } } } $this->park->clear(); $this->park->park_id = $request['ParkId']; if ($this->park->find()) { if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) > 0 && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $request['ParkId'], AUTH_EDIT)) { $this->log->Write('Park', $mundane_id, LOG_EDIT, $request); $this->park->modified = date("Y-m-d H:i:s", time()); if (Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_KINGDOM, $this->park->kingdom_id, AUTH_EDIT)) { $this->park->name = trimlen($request['Name']) == 0 ? $this->park->name : $request['Name']; $this->park->abbreviation = trimlen($request['Abbreviation']) == 0 ? $this->park->abbreviation : $request['Abbreviation']; $parktitle = new yapo($this->db, DB_PREFIX . 'parktitle'); $parktitle->clear(); if (isset($request['ParkTitleId']) && $request['ParkTitleId'] != $this->park->parktitle_id) { $parktitle->parktitle_id = $request['ParkTitleId']; if ($parktitle->find()) { $this->park->parktitle_id = $request['ParkTitleId']; } } $this->park->active = trimlen($request['Active']) == 0 ? $this->park->active : $request['Active']; } $address_change = false; if (isset($request['Address']) && ($this->park->address != $request['Address'] || trimlen($this->park->location) == 0)) { $address_change = true; } $this->park->url = isset($request['Url']) ? $request['Url'] : $this->park->url; $this->park->address = isset($request['Address']) ? $request['Address'] : $this->park->address; $this->park->city = isset($request['City']) ? $request['City'] : $this->park->city; $this->park->province = isset($request['Province']) ? $request['Province'] : $this->park->province; $this->park->postal_code = isset($request['PostalCode']) ? $request['PostalCode'] : $this->park->postal_code; $this->park->directions = isset($request['Directions']) ? $request['Directions'] : $this->park->directions; $this->park->description = isset($request['Description']) ? $request['Description'] : $this->park->description; $this->park->map_url = isset($request['MapUrl']) ? $request['MapUrl'] : $this->park->map_url; $this->park->save(); $this->park->clear(); $this->park->park_id = $request['ParkId']; if ($this->park->find()) { if ($address_change) { if (isset($request['GeoCode']) && trimlen($request['GeoCode']) > 0) { $this->park_geocode_h($request['GeoCode']); } else { $this->park_geocode_h(); } } $response = Success(); if ($request['KingdomId'] > 0 && $this->park->kingdom_id != $request['KingdomId']) { // Seriously? You couldn't work it out somehow? // AKA Blackspire Code, AKA Golden Plains Exception if (Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_ADMIN, $request['KingdomId'], AUTH_ADMIN)) { $this->park->kingdom_id = $request['KingdomId']; } else { $response = Warning('You do not have permissions to move this Park [' . $this->park->park_id . ', ' . $this->park->kingdom_id . '] to another Kingdom [' . $request['KingdomId'] . '].'); } } if (strlen($request['Heraldry'])) { Ork3::$Lib->heraldry->SetParkHeraldry($request); } $this->park->save(); $response = Success($this->park->park_id); } else { $response = InvalidParameter('ParkId could not be found.'); } } else { $response = NoAuthorization('You do not have permissions to perform this action: ' . $mundane_id); } } else { $response = InvalidParameter('ParkId could not be found.'); } return $response; }