| WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
| FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
| details.
|
| You should have received a copy of the GNU General Public License along with
| Bitsand. If not, see <http://www.gnu.org/licenses/>.
+---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
if ($_GET['btnSubmit'] != '') {
$db_prefix = DB_PREFIX;
$iID = (int) ba_db_real_escape_string($link, str_replace(PID_PREFIX, '', $_GET['txtID']));
$sFirst = ba_db_real_escape_string($link, $_GET['txtFirstName']);
$sSurname = ba_db_real_escape_string($link, $_GET['txtSurname']);
$sMail = SafeEmail($_GET['txtEmail']);
$sCar = ba_db_real_escape_string($link, str_replace(' ', '', $_GET['txtCarRegistration']));
$sCharName = ba_db_real_escape_string($link, $_GET['txtCharName']);
$sql = "SELECT plPlayerID, plFirstName, plSurname, plEmail, plCarRegistration, plPassword, chName " . "FROM {$db_prefix}players LEFT JOIN {$db_prefix}characters ON plPlayerID = chPlayerID ";
//$sOR is used to add OR if required
$sOR = '';
$sCond = '';
if ($iID != 0) {
$sCond .= " plPlayerID = {$iID}";
$sOR = ' OR';
}
if ($sFirst != '') {
$sCond .= $sOR . " plFirstName LIKE '%{$sFirst}%'";
$sOR = ' OR';
}
if ($sSurname != '') {
$sMedInfo = '';
} else {
$sMedInfo = ba_db_real_escape_string($link, $_POST['txtMedicalInfo']);
}
//Remove any spaces in car registration
$sCarReg = ba_db_real_escape_string($link, str_replace(' ', '', $_POST['txtCarRegistration']));
//get value of event pack by post
if ($_POST['chkEventPackByPost'] == '') {
$iByPost = 0;
} else {
$iByPost = 1;
}
//Set up UPDATE query
$refnumber = (int) $_POST["txtRefNumber{$value}"];
$marshal = stripslashes($_POST["cboMarshal{$value}"]);
$sEmail = ba_db_real_escape_string($link, SafeEmail($_POST['txtEmail']));
$sql = "UPDATE {$db_prefix}players SET plFirstName = '" . ba_db_real_escape_string($link, $_POST['txtFirstName']) . "', " . "plSurname = '" . ba_db_real_escape_string($link, $_POST['txtSurname']) . "', " . "pleAddress1 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress1']) . "', '{$key}'), " . "pleAddress2 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress2']) . "', '{$key}'), " . "pleAddress3 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress3']) . "', '{$key}'), " . "pleAddress4 = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtAddress4']) . "', '{$key}'), " . "plePostcode = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPostcode']) . "', '{$key}'), " . "pleTelephone = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtPhone']) . "', '{$key}'), " . "pleMobile = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtMobile']) . "', '{$key}'), " . "plEmail = '{$sEmail}', " . "plDOB = '{$dob}', " . "pleMedicalInfo = AES_ENCRYPT('" . ba_db_real_escape_string($link, $sMedInfo) . "', '{$key}'), " . "plEmergencyName = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyName']) . "', " . "pleEmergencyNumber = AES_ENCRYPT('" . ba_db_real_escape_string($link, $_POST['txtEmergencyNumber']) . "', '{$key}'), " . "plEmergencyRelationship = '" . ba_db_real_escape_string($link, $_POST['txtEmergencyRelationship']) . "', " . "plCarRegistration = '{$sCarReg}', " . "plDietary = '" . ba_db_real_escape_string($link, $_POST['selDiet']) . "', " . "plNotes = '" . ba_db_real_escape_string($link, $_POST['txtNotes']) . "', " . "plAdminNotes = '" . ba_db_real_escape_string($link, $_POST['txtAdminNotes']) . "', ";
$sql .= "plRefNumber = {$refnumber}, plMarshal = '{$marshal}',";
$sql .= "plEventPackByPost = {$iByPost} ";
$sql .= "WHERE plPlayerID = {$admin_player_id}";
//Run UPDATE query
if (ba_db_query($link, $sql)) {
//Query should affect exactly one row. Log a warning if it affected more
if (ba_db_affected_rows($link) > 1) {
LogWarning("More than one row updated during admin OOC update (admin_edit_ooc.php). Player ID: {$admin_player_id}");
}
//Do not redirect if there are any warnings (required fields not filled in, etc)
if ($sWarn == '') {
//Make up URL & redirect
$sURL = fnSystemURL() . "admin_viewdetails.php?pid={$admin_player_id}&green=" . urlencode("OOC details updated");
header("Location: {$sURL}");
| Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
| WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
| FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
| details.
|
| You should have received a copy of the GNU General Public License along with
| Bitsand. If not, see <http://www.gnu.org/licenses/>.
+---------------------------------------------------------------------------*/
//Do not check that user is logged in
$bLoginCheck = False;
include 'inc/inc_head_db.php';
$sMessage = '';
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '') {
//User is logging in
$sEmail = SafeEmail($_POST['txtEmail']);
//Work out which salt to use
$sql = "SELECT plPlayerID, plOldSalt FROM {$db_prefix}players WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "'";
$result = ba_db_query($link, $sql);
$row = ba_db_fetch_assoc($result);
$UseOldSalt = $row['plOldSalt'];
//Get SHA-1 hash of password using appropriate salt
if ($UseOldSalt == 1) {
$sPass = sha1($_POST['txtPassword'] . OLD_PW_SALT);
} else {
$sPass = sha1($_POST['txtPassword'] . PW_SALT);
}
//Set up & run query
$sql = "SELECT plPlayerID FROM {$db_prefix}players " . "WHERE plEmail LIKE '" . ba_db_real_escape_string($link, $sEmail) . "' AND plPassword = '******'";
$result = ba_db_query($link, $sql);
if (ba_db_num_rows($result) > 1) {
$sql = "UPDATE {$db_prefix}players SET plNewMail = '{$sNewMail}', plNewMailCode = '" . ba_db_real_escape_string($link, $sCode) . "' " . "WHERE plPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
$sGreen = "A confirmation code has been sent to both your existing, and your new, e-mail addresses.<br>" . "Follow the instructions in the e-mail to confirm the change of e-mail address";
//E-mail user with confirmation code and instructions
$sBody = "A request has been received for your e-mail address to be changed at " . SYSTEM_NAME . ". " . "In order to make this change, you must log on to " . SYSTEM_NAME . " at " . fnSystemURL() . " using your existing e-mail address and password, then go to the 'Change password' page " . "and enter the code below:\n\nCode: {$sCode}\n\n" . "Note that the code must be entered *exactly* as above - it is probably easiest to copy and paste it.\n\n" . "If you have any problems, or questions, e-mail " . TECH_CONTACT_NAME . " at " . TECH_CONTACT_MAIL . "\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $PLAYER_ID) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . fnSystemURL();
mail($row['plEmail'], SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
mail(SafeEmail($_POST['txtEmail']), SYSTEM_NAME . ' - email change', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
}
}
if ($_POST['btnConfirm'] != '' && CheckReferrer('change_password.php')) {
//Get user's e-mail address
$result = ba_db_query($link, "SELECT plNewMail, plNewMailCode FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}");
$row = ba_db_fetch_assoc($result);
if ($row['plNewMailCode'] == $_POST['txtCode']) {
//Run update query & set message
$sql = "UPDATE {$db_prefix}players SET plEmail = '" . SafeEmail($row['plNewMail']) . "', plNewMail = '', plNewMailCode = '' " . "WHERE plPlayerID = {$PLAYER_ID}";
$result = ba_db_query($link, $sql);
if ($result === False) {
$sWarn = "There was a problem updating your e-mail address";
} else {
$sGreen = "Your e-mail address has been updated";
}
}
}
if ($_POST['btnUpdateEmailPreferences'] != '' && CheckReferrer('change_password.php')) {
if ($_POST['chkEmailOOCChange'] == 'on') {
$bOOCChange = 1;
} else {
$bOOCChange = 0;
}
if ($_POST['chkEmailICChange'] == 'on') {
