Exemplo n.º 1
0
 // Verify that user can afford this offer.
 if ($player_points >= $buy['points']) {
     $data = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$cid}';");
     if (!$data) {
         die("0: Account is not converted to work with Znote AAC");
     }
     $old_points = $data['points'];
     if ((int) $old_points != (int) $player_points) {
         die("1: Failed to equalize your points.");
     }
     // Remove points if they can afford
     // Give points to user
     $expense_points = $buy['points'];
     $new_points = $old_points - $expense_points;
     $update_account = mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='{$cid}'");
     $data = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$cid}';");
     $verify = $data['points'];
     if ((int) $old_points == (int) $verify) {
         die("2: Failed to equalize your points." . var_dump((int) $old_points, (int) $verify, $new_points, $expense_points));
     }
     // Do the magic (insert into db, or change sex etc)
     // If type is 2 or 3
     if ($buy['type'] == 2) {
         // Add premium days to account
         user_account_add_premdays($cid, $buy['count']);
         echo '<font color="green" size="4">You now have ' . $buy['count'] . ' additional days of premium membership.</font>';
     } else {
         if ($buy['type'] == 3) {
             // Character Gender
             mysql_insert("INSERT INTO `znote_shop_orders` (`account_id`, `type`, `itemid`, `count`, `time`) VALUES ('{$cid}', '" . $buy['type'] . "', '" . $buy['itemid'] . "', '" . $buy['count'] . "', '{$time}')");
             echo '<font color="green" size="4">You now have access to change character gender on your characters. Visit <a href="myaccount.php">My Account</a> to select character and change the gender.</font>';
Exemplo n.º 2
0
function user_character_is_compatible($pid)
{
    $data = mysql_select_single("SELECT COUNT(`player_id`) AS `count` from `znote_players` WHERE `player_id` = '{$pid}';");
    return $data !== false ? $data['count'] : 0;
}
Exemplo n.º 3
0
function getCache()
{
    $results = mysql_select_single("SELECT `cached` FROM `znote`;");
    return $results !== false ? $results['cached'] : false;
}
Exemplo n.º 4
0
                $newpass = rand(100000000, 999999999);
                $salt = '';
                if ($config['TFSVersion'] != 'TFS_03') {
                    // TFS 0.2 and 1.0
                    $password = sha1($newpass);
                } else {
                    // TFS 0.3/4
                    if (config('salt') === true) {
                        $saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='{$email}' LIMIT 1;");
                        if ($saltdata !== false) {
                            $salt .= $saltdata['salt'];
                        }
                    }
                    $password = sha1($salt . $newpass);
                }
                $user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name`, `a`.`id` AS `account_id` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '{$character}' AND `a`.`email` = '{$email}' AND `a`.`name` = '{$username}' LIMIT 1;");
                if ($user !== false) {
                    // Found user
                    // Give him the new password
                    mysql_update("UPDATE `accounts` SET `password`='{$password}' WHERE `id`='" . $user['account_id'] . "' LIMIT 1;");
                    // Send him a mail with the new password
                    $mailer = new Mail($config['mailserver']);
                    $title = "{$_SERVER['HTTP_HOST']}: Your new password";
                    $body = "<h1>Account Recovery</h1>";
                    $body .= "<p>Your new password is: <b>{$newpass}</b><br>";
                    $body .= "We recommend you to login and change it before you continue playing. <br>";
                    $body .= "Enjoy your stay at " . $config['mailserver']['fromName'] . ". <br>";
                    $body .= "<hr>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
                    $mailer->sendMail($email, $title, $body, $user['name']);
                    ?>
					<h1>Account Found!</h1>
Exemplo n.º 5
0
}
//if (isset($_POST['name'])) $name = getValue($_POST['name']);
// Stage 2: Fetch user id and skills
$skills = false;
$pid = 0;
if ($name !== false) {
    if (user_character_exist($name)) {
        $pid = user_character_id($name);
        if ($config['TFSVersion'] != 'TFS_10') {
            $skills = mysql_select_multi("SELECT `value` FROM `player_skills` WHERE `player_id`='{$pid}' LIMIT 7;");
            $player = mysql_select_single("SELECT `maglevel`, `level`, `vocation` FROM `players` WHERE `id`='{$pid}' LIMIT 1;");
            $skills[] = array('value' => $player['maglevel']);
            $skills[] = array('value' => $player['level']);
            $skills[] = array('value' => $player['vocation']);
        } else {
            $player = mysql_select_single("SELECT `skill_fist`, `skill_club`, `skill_sword`, `skill_axe`, `skill_dist`, `skill_shielding`, `skill_fishing`, `maglevel`, `level`, `vocation` FROM `players` WHERE `id`='{$pid}' LIMIT 1;");
            $skills = array(0 => array('value' => $player['skill_fist']), 1 => array('value' => $player['skill_club']), 2 => array('value' => $player['skill_sword']), 3 => array('value' => $player['skill_axe']), 4 => array('value' => $player['skill_dist']), 5 => array('value' => $player['skill_shielding']), 6 => array('value' => $player['skill_fishing']), 7 => array('value' => $player['maglevel']), 8 => array('value' => $player['level']), 9 => array('value' => $player['vocation']));
        }
        //data_dump($skills, false, "Player skills");
    } else {
        $name = false;
    }
}
?>
<form action="" method="<?php 
if (!$name) {
    echo "get";
} else {
    echo "post";
}
?>
Exemplo n.º 6
0
include 'layout/overall/header.php';
protect_page();
admin_only($user_data);
// Declare as int
$view = isset($_GET['view']) && (int) $_GET['view'] > 0 ? (int) $_GET['view'] : false;
if ($view !== false) {
    if (!empty($_POST['reply_text'])) {
        sanitize($_POST['reply_text']);
        // Save ticket reply on database
        $query = array('tid' => $view, 'username' => getValue($_POST['username']), 'message' => getValue($_POST['reply_text']), 'created' => time());
        $fields = '`' . implode('`, `', array_keys($query)) . '`';
        $data = '\'' . implode('\', \'', $query) . '\'';
        mysql_insert("INSERT INTO `znote_tickets_replies` ({$fields}) VALUES ({$data})");
        mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`='{$view}' LIMIT 1;");
    }
    $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='{$view}' LIMIT 1;");
    ?>
	<h1>View Ticket #<?php 
    echo $ticketData['id'];
    ?>
</h1>
	<table class="znoteTable ThreadTable table table-striped">
		<tr class="yellow">
			<th>
				<?php 
    echo getClock($ticketData['creation'], true);
    ?>
				 - Created by: 
				 <?php 
    echo $ticketData['username'];
    ?>
Exemplo n.º 7
0
                // POST update
                if ($changelogId > 0) {
                    mysql_update("UPDATE `znote_changelog` SET `text`='{$changelogText}' WHERE `id`='{$changelogId}' LIMIT 1;");
                    echo "<h2>Changelog message updated!</h2>";
                    $updateCache = true;
                } else {
                    // POST create
                    $time = time();
                    mysql_insert("INSERT INTO `znote_changelog` (`text`, `time`, `report_id`, `status`) VALUES ('{$changelogText}', '{$time}', '0', '35');");
                    echo "<h2>Changelog message created!</h2>";
                    $updateCache = true;
                }
            }
        }
        if ($action === 2) {
            $old = mysql_select_single("SELECT `text` FROM `znote_changelog` WHERE `id`='{$changelogId}' LIMIT 1;");
        }
        // HTML to create or update
        ?>
		<h3>Add or update changelog</h3>
		<form action="" method="POST">
			<input name="changelogId" type="hidden" value="<?php 
        echo $action === 2 ? $changelogId : 0;
        ?>
">
			<textarea rows="7" cols="40" maxlength="254" name="changelogText"><?php 
        echo $action === 2 ? $old['text'] : '';
        ?>
</textarea><br>
			<input type="submit" value="Add or update changelog">
		</form>
Exemplo n.º 8
0
 $oldname = $char_name;
 $newname = isset($_POST['newName']) ? getValue($_POST['newName']) : '';
 $player = false;
 if ($config['TFSVersion'] === 'TFS_10') {
     $player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '{$oldname}'");
     $player['online'] = user_is_online_10($player['id']) ? 1 : 0;
 } else {
     $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '{$oldname}'");
 }
 // Check if user is online
 if ($player['online'] == 1) {
     $errors[] = 'Character must be offline first.';
 }
 // Check if player has bough ticket
 $accountId = $player['account_id'];
 $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '{$accountId}' LIMIT 1;");
 if ($order === false) {
     $errors[] = 'Did not find any name change tickets, buy them in our <a href="shop.php">shop!</a>';
 }
 // Check if player and account matches
 if ($session_user_id != $accountId || $session_user_id != $order['account_id']) {
     $errors[] = 'Failed to sync your account. :|';
 }
 $newname = validate_name($newname);
 if ($newname === false) {
     $errors[] = 'Your name can not contain more than 2 words.';
 } else {
     if (empty($newname)) {
         $errors[] = 'Please enter a name!';
     } else {
         if (user_character_exist($newname) !== false) {
Exemplo n.º 9
0
             }
             $errors[] = 'The password to the account of character name: ' . $_POST['reset_pass'] . ' has been set to: ' . $_POST['new_pass'] . '.';
         } else {
             header('Location: changepassword.php');
             exit;
         }
     }
 }
 // Give points to character
 if (empty($_POST['points_char']) === false && empty($_POST['points_value']) === false) {
     $char = sanitize($_POST['points_char']);
     $points = (int) $_POST['points_value'];
     data_dump($_POST, false, "post data");
     $account = mysql_select_single("SELECT `account_id` FROM `players` WHERE `name`='{$char}' LIMIT 1;");
     data_dump($account, false, "fetching account id from players table");
     $znote_account = mysql_select_single("SELECT `id`, `points` FROM `znote_accounts` WHERE `account_id`='" . $account['account_id'] . "';");
     data_dump($znote_account, false, "Fetching existing points from znote_accounts");
     data_dump(array('Old:' => $znote_account['points'], 'New:' => $points, 'Total:' => $znote_account['points'] + $points), false, "Points calculation:");
     $points += $znote_account['points'];
     mysql_update("UPDATE `znote_accounts` SET `points`='{$points}' WHERE `account_id`='" . $account['account_id'] . "';");
 }
 // Set character position
 if (empty($_POST['position_name']) === false && empty($_POST['position_type']) === false) {
     if (user_character_exist($_POST['position_name'])) {
         if (array_key_exists($_POST['position_type'], $config['ingame_positions'])) {
             if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') {
                 set_ingame_position($_POST['position_name'], $_POST['position_type']);
             } else {
                 if ($config['TFSVersion'] == 'TFS_03') {
                     set_ingame_position03($_POST['position_name'], $_POST['position_type']);
                 }
Exemplo n.º 10
0
function user_login_03($username, $password)
{
    if (config('salt') === true) {
        $username = sanitize($username);
        $data = mysql_select_single("SELECT `salt`, `id`, `password`, `name` FROM `accounts` WHERE `name`='{$username}';");
        $salt = $data['salt'];
        if (!empty($salt)) {
            $password = sha1($salt . $password);
        } else {
            $password = sha1($password);
        }
        return $data !== false && $data['name'] == $username && $data['password'] == $password ? $data['id'] : false;
    } else {
        return user_login($username, $password);
    }
}
Exemplo n.º 11
0
                if (count($path) === 1) {
                    $path = explode('\\', $entity->getPathname());
                }
                $plugins[$path[1]] = $path[2];
            }
        }
    }
}
$response['modules'] = $plugins;
$response['data']['title'] = $config['site_title'];
$response['data']['slogan'] = $config['site_title_context'];
$response['data']['time'] = getClock(time(), false, true);
$response['data']['time_formatted'] = getClock(time(), true, true);
// Account count
$accounts = mysql_select_single("SELECT COUNT('id') AS `count` FROM `accounts`;");
$response['data']['accounts'] = $accounts !== false ? $accounts['count'] : 0;
// Player count
$players = mysql_select_single("SELECT COUNT('id') AS `count` FROM `players`;");
$response['data']['players'] = $players !== false ? $players['count'] : 0;
// online player count
if ($config['TFSVersion'] != 'TFS_10') {
    $online = mysql_select_single("SELECT COUNT('id') AS `count` FROM `players` WHERE `status`='1';");
} else {
    $online = mysql_select_single("SELECT COUNT('player_id') AS `count` FROM `players_online`;");
}
$response['data']['online'] = $online !== false ? $online['count'] : 0;
$response['data']['client'] = $config['client'];
$response['data']['port'] = $config['port'];
$response['data']['guildwar'] = $config['guildwar_enabled'];
$response['data']['forum'] = $config['forum']['enabled'];
SendResponse($response);
Exemplo n.º 12
0
					<input name="create_thread_title" type="text" placeholder="Thread Subject" style="width: 592px;"><br><br>
					<textarea name="create_thread_text" style="width: 100%; height: 250px" placeholder="Message"></textarea><br>
					<br><input type="submit" value="Create Thread" class="btn btn-success">
				</form>
				<?php 
                        } else {
                            echo '<p><b><font color="red">Permission to create thread denied.</font></b></p>';
                        }
                    }
                } else {
                    /////////////////////
                    // When category is specified
                    if ($getCat !== false) {
                        $getCat = (int) $getCat;
                        // Fetch category rules
                        $category = mysql_select_single("SELECT `name`, `access`, `closed`, `hidden`, `guild_id` FROM `znote_forum` WHERE `id`='{$getCat}' AND `access`<='{$yourAccess}' LIMIT 1;");
                        if ($category !== false && $category['guild_id'] > 0 && !$admin) {
                            $access = false;
                            foreach ($charData as $char) {
                                if ($category['guild_id'] == $char['guild']) {
                                    $access = true;
                                }
                            }
                            if ($access !== true) {
                                $category = false;
                            }
                        }
                        if ($category !== false) {
                            // TODO : Verify guild access
                            //foreach($charData)
                            echo "<strong><a href='forum.php'>Forum</a> &raquo; " . $category['name'] . "</strong><br><br>";
Exemplo n.º 13
0
        }
    }
    ?>
<!-- leave guild with character -->
<?php 
    $bool = false;
    if (user_logged_in() === true) {
        for ($i = 0; $i < $char_count; $i++) {
            foreach ($players as $player) {
                if ($player['name'] == $characters[$i]) {
                    $bool = true;
                }
            }
        }
        if ($bool) {
            $forumExist = mysql_select_single("SELECT `id` FROM `znote_forum` WHERE `guild_id`='{$gid}' LIMIT 1;");
            if ($forumExist !== false) {
                ?>
 - <font size="4"><a href="forum.php?cat=<?php 
                echo $forumExist['id'];
                ?>
">Visit Guild Board</a></font><br><br><br><?php 
            }
            ?>

<form action="" method="post">
	<ul>
		<li>
			Leave Guild:<br>
			<select name="leave_guild">
				<option disabled>With...</option>
Exemplo n.º 14
0
 if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') {
     $login = user_login($username, $password);
 } else {
     if ($config['TFSVersion'] == 'TFS_03') {
         $login = user_login_03($username, $password);
     } else {
         $login = false;
     }
 }
 if ($login === false) {
     $errors[] = 'Username and password combination is wrong.';
 } else {
     // Check if user have access to login
     $status = false;
     if ($config['mailserver']['register']) {
         $authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='{$login}' AND `active`='1' LIMIT 1;");
         if ($authenticate !== false) {
             $status = true;
         } else {
             $errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account.";
         }
     } else {
         $status = true;
     }
     if ($status) {
         setSession('user_id', $login);
         // if IP is not set (etc acc created before Znote AAC was in use)
         $znote_data = user_znote_account_data($login);
         if ($znote_data['ip'] == 0) {
             $update_data = array('ip' => ip2long(getIP()));
             user_update_znote_account($update_data);
Exemplo n.º 15
0
/*	PLAYER SKILLS REPAIR SCRIPT IF YOU SOMEHOW DELETE PLAYER SKILLS
	---------------------------------------------------------------
		Place in root web directory, login to admin account, 
		and enter site.com/repairSkills.php (with big S). 
*/
protect_page();
admin_only($user_data);
$Splayers = 0;
$Salready = 0;
$Sfixed = 0;
$players = mysql_select_multi("SELECT `id` FROM `players`;");
if ($players !== false) {
    $Splayers = count($players);
    foreach ($players as $char) {
        // Check if player have skills
        $skills = mysql_select_single("SELECT `value` FROM `player_skills` WHERE `player_id`='" . $char['id'] . "' AND `skillid`='2' LIMIT 1;");
        // If he dont have any skills
        if ($skills === false) {
            $Sfixed++;
            // Loop through every skill id and give him default skills.
            $query = "INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ";
            for ($i = 0; $i < 7; $i++) {
                if ($i != 6) {
                    $query .= "('" . $char['id'] . "', '{$i}', '10', '0'), ";
                } else {
                    $query .= "('" . $char['id'] . "', '{$i}', '10', '0');";
                }
            }
            mysql_insert($query);
        } else {
            $Salready++;
Exemplo n.º 16
0
             $results[$i]['forum_id'] = false;
         } else {
             $results[$i]['title'] = stripBBCode($results[$i]['title']);
             $results[$i]['text'] = stripBBCode($results[$i]['text']);
         }
     }
     //if ($results !== false) data_dump($results, false, "Search results");
     //else echo "<br><b>No results.</b>";
     break;
 case 6:
     // Search posts
     $results = mysql_select_multi("SELECT `thread_id`, `player_name`, `text` FROM `znote_forum_posts` ORDER BY `id` DESC LIMIT {$searchResults};");
     // Missing ['forum_id'], ['title'], lets get them
     for ($i = 0; $i < count($results); $i++) {
         // $results[$i]['asd']
         $thread = mysql_select_single("SELECT `forum_id`, `title` FROM `znote_forum_threads` WHERE `id`='" . $results[$i]['thread_id'] . "' LIMIT 1;");
         if ($thread !== false) {
             $results[$i]['forum_id'] = $thread['forum_id'];
             $results[$i]['title'] = $thread['title'];
             if (!in_array($results[$i]['forum_id'], $allowedForums)) {
                 $results[$i]['forum_id'] = false;
             } else {
                 $results[$i]['title'] = stripBBCode($results[$i]['title']);
                 $results[$i]['text'] = stripBBCode($results[$i]['text']);
             }
         } else {
             $results[$i]['forum_id'] = false;
         }
     }
     // DONE. :)
     //data_dump(false, $results, "DATA");
Exemplo n.º 17
0
        }
        if ($updatechangelog) {
            // Cache changelog
            $cache = new Cache('engine/cache/changelog');
            $cache->setContent(mysql_select_multi("SELECT `id`, `text`, `time`, `report_id`, `status` FROM `znote_changelog` ORDER BY `id` DESC;"));
            $cache->save();
        }
    }
    // If we should give user price
    if ($price > 0) {
        $account = mysql_select_single("SELECT `a`.`id`, `a`.`email` FROM `accounts` AS `a` \n            INNER JOIN `players` AS `p` ON `p`.`account_id` = `a`.`id`\n            WHERE `p`.`name` = '{$playerName}' LIMIT 1;");
        if ($account !== false) {
            // transaction log
            mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '{$reportId}', 'report@admin." . $user_data['name'] . " to " . $account['email'] . "', '" . $account['id'] . "', '0', '" . $price . "')");
            // Process payment
            $data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='" . $account['id'] . "';");
            // Give points to user
            $new_points = $data['old_points'] + $price;
            mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='" . $account['id'] . "'");
            // Remind GM that he sent points to character
            echo "<font color='green' size='5'>" . $playerName . " has been granted " . $price . " points for his reports.</font>";
        }
    }
    // GET logic (Edit report data and specify how many [if any] points to give to user)
} elseif (!empty($_GET)) {
    // Fetch GET data
    $action = getValue($_GET['action']);
    $playerName = getValue($_GET['name']);
    $reportId = getValue($_GET['id']);
    // Fetch the report we intend to modify
    foreach ($reports as $sid => $sa) {
Exemplo n.º 18
0
    if ($ticketData['status'] !== 'CLOSED') {
        ?>
		<form action="" method="post">
			<input type="hidden" name="username" value="<?php 
        echo $ticketData['username'];
        ?>
"><br>
			<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
			<input name="" type="submit" value="Post Reply" class="btn btn-primary">
		</form>
	<?php 
    }
    ?>
	<?php 
} else {
    $account = mysql_select_single("SELECT name,email FROM accounts WHERE id = {$session_user_id}");
    if (!empty($_POST)) {
        $required_fields = array('username', 'email', 'subject', 'message');
        foreach ($_POST as $key => $value) {
            if (empty($value) && in_array($key, $required_fields) === true) {
                $errors[] = 'You need to fill in all fields.';
                break 1;
            }
        }
        // check errors (= user exist, pass long enough
        if (empty($errors) === true) {
            /* Token used for cross site scripting security */
            if (!Token::isValid($_POST['token'])) {
                $errors[] = 'Token is invalid.';
            }
            if ($config['use_captcha']) {
Exemplo n.º 19
0
            ?>
			
<h3 class="header-ok">Achievements</h3>
<div id="accordion">
  <h3>Show/hide player achievements</h3>
  <div>
<table class="table table-striped table-bordered">
<tbody>
<style>
#secondD {
margin-left:0px;
}
</style>
	<?php 
            foreach ($config['achievements'] as $key => $achiv) {
                $uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='{$user_id}' AND `key`='{$key}' LIMIT 1;");
                foreach ($uery as $luery) {
                    if ($luery == $key) {
                        if (!array_key_exists($achiv, $config['achievements'])) {
                            echo '<tr><td width="17%">' . $achiv[0] . '</td><td>' . $achiv[1] . '</td>';
                            if ($achiv['secret'] == true) {
                                echo '<td><img id="secondD" src="http://img04.imgland.net/PuMz0mVqSG.gif"></td>';
                                echo '<td>' . $achiv['points'] . '</td>';
                            } else {
                                echo '<td></td><td>' . $achiv['points'] . '</td>';
                            }
                            echo '<tr>';
                        }
                    }
                }
            }
Exemplo n.º 20
0
if (isset($_GET['success']) && empty($_GET['success'])) {
    if ($config['mailserver']['register']) {
        ?>
		<h1>Email authentication required</h1>
		<p>We have sent you an email with an activation link to your submitted email address.</p>
		<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
		<?php 
    } else {
        echo 'Congratulations! Your account has been created. You may now login to create a character.';
    }
} elseif (isset($_GET['authenticate']) && empty($_GET['authenticate'])) {
    // Authenticate user, fetch user id and activation key
    $auid = isset($_GET['u']) && (int) $_GET['u'] > 0 ? (int) $_GET['u'] : false;
    $akey = isset($_GET['k']) && (int) $_GET['k'] > 0 ? (int) $_GET['k'] : false;
    // Find a match
    $user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='{$auid}' AND `activekey`='{$akey}' AND `active`='0' LIMIT 1;");
    if ($user !== false) {
        $user = $user['id'];
        // Enable the account to login
        mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='{$user}' LIMIT 1;");
        echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>';
    } else {
        echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
    }
} else {
    if (empty($_POST) === false && empty($errors) === true) {
        if ($config['log_ip']) {
            znote_visitor_insert_detailed_data(1);
        }
        //Register
        $register_data = array('name' => $_POST['username'], 'password' => $_POST['password'], 'email' => $_POST['email'], 'ip' => ip2long(getIP()), 'created' => time());
Exemplo n.º 21
0
</li>
		<li><b>Rent</b>: <?php 
    echo $house['rent'];
    ?>
</li>
	</ul>
	<?php 
    // AUCTION MARKUP INIT
    if ($house['owner'] == 0) {
        ?>
		<h2>This house is up on auction!</h2>
		<?php 
        if ($house['highest_bidder'] == 0) {
            echo "<b>This house don't have any bidders yet.</b>";
        } else {
            $bidder = mysql_select_single("SELECT `name` FROM `players` WHERE `id`='" . $house['highest_bidder'] . "' LIMIT 1;");
            echo "<b>This house have bidders! If you want this house, now is your chance!</b>";
            echo "<br><b>Active bid:</b> " . $house['last_bid'] . "gp";
            echo "<br><b>Active bid by:</b> <a href='characterprofile.php?name=" . $bidder['name'] . "' target='_BLANK'>" . $bidder['name'] . "</a>";
            echo "<br><b>Bid will end on:</b> " . getClock($house['bid_end'], true);
        }
        if ($house['bid_end'] == 0 || $house['bid_end'] > time()) {
            if (user_logged_in()) {
                // Your characters, indexed by char_id
                $yourChars = mysql_select_multi("SELECT `id`, `name`, `balance` FROM `players` WHERE `account_id`='" . $user_data['id'] . "';");
                if ($yourChars !== false) {
                    $charData = array();
                    foreach ($yourChars as $char) {
                        $charData[$char['id']] = $char;
                    }
                    ?>
Exemplo n.º 22
0
		<td>Status</td>
	</tr>
	<?php 
// Rolling through quests
foreach ($quests as $key => $quest) {
    // Is quest NOT an array (advanced quest?)
    if (!is_array($quest)) {
        // Query to find quest results
        $query = mysql_select_single("SELECT `value` FROM `player_storage` WHERE `key`='{$quest}' AND `player_id`='{$user_id}' AND `value`='1' LIMIT 1;");
        if ($query !== false) {
            $quest = $completed;
        } else {
            $quest = $notstarted;
        }
    } else {
        $query = mysql_select_single("SELECT `value` FROM `player_storage` WHERE `key`='" . $quest[0] . "' AND `player_id`='{$user_id}' AND `value`>'0' LIMIT 1;");
        if (!$query) {
            $quest = $notstarted;
        } else {
            if ($query['value'] >= $quest[1]) {
                $quest = $completed;
            } else {
                $quest = Progress($query['value'], $quest[1]);
            }
        }
    }
    ?>
		<tr>
			<td><?php 
    echo $key;
    ?>
Exemplo n.º 23
0
require 'config.php';
require 'engine/database/connect.php';
// check that the request comes from PayGol server
if (!in_array($_SERVER['REMOTE_ADDR'], array('109.70.3.48', '109.70.3.146', '109.70.3.58'))) {
    header("HTTP/1.0 403 Forbidden");
    die("Error: Unknown IP");
}
// get the variables from PayGol system
$message_id = $_GET['message_id'];
$service_id = $_GET['service_id'];
$shortcode = $_GET['shortcode'];
$keyword = $_GET['keyword'];
$message = $_GET['message'];
$sender = $_GET['sender'];
$operator = $_GET['operator'];
$country = $_GET['country'];
$custom = $_GET['custom'];
$points = $_GET['points'];
$price = $_GET['price'];
$currency = $_GET['currency'];
$paygol = $config['paygol'];
$new_points = $paygol['points'];
// Update logs:
mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '{$custom}', '{$price}', '{$new_points}', '{$message_id}', '{$service_id}', '{$shortcode}', '{$keyword}', '{$message}', '{$sender}', '{$operator}', '{$country}', '{$currency}')");
// Fetch points
$account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$custom}';");
// Calculate new points
$new_points = $account['points'] + $new_points;
// Update new points
mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='{$custom}'");
Exemplo n.º 24
0
 /**
  * Create player.
  *
  * @param  none
  * @access public
  * @return bool $status
  **/
 public function create()
 {
     // If player already have an id, the player already exist.
     if (is_null($this->_playerdata['id']) && is_string($this->_playerdata['name'])) {
         // Confirm player does not exist
         $name = format_character_name($this->_playerdata['name']);
         $name = validate_name($name);
         $name = sanitize($name);
         $exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='{$name}' LIMIT 1;");
         if ($exist !== false) {
             $this->errors[] = "A player with the name [{$name}] already exist.";
             return false;
         }
         $config = fullConfig();
         if (user_character_exist($_POST['name']) !== false) {
             $errors[] = 'Sorry, that character name already exist.';
         }
         if (!preg_match("/^[a-zA-Z_ ]+\$/", $_POST['name'])) {
             $errors[] = 'Your name may only contain a-z, A-Z and spaces.';
         }
         if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) {
             $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
         }
         // name restriction
         $resname = explode(" ", $_POST['name']);
         foreach ($resname as $res) {
             if (in_array(strtolower($res), $config['invalidNameTags'])) {
                 $errors[] = 'Your username contains a restricted word.';
             } else {
                 if (strlen($res) == 1) {
                     $errors[] = 'Too short words in your name.';
                 }
             }
         }
         // Validate vocation id
         if (!in_array((int) $_POST['selected_vocation'], $config['available_vocations'])) {
             $errors[] = 'Permission Denied. Wrong vocation.';
         }
         // Validate town id
         if (!in_array((int) $_POST['selected_town'], $config['available_towns'])) {
             $errors[] = 'Permission Denied. Wrong town.';
         }
         // Validate gender id
         if (!in_array((int) $_POST['selected_gender'], array(0, 1))) {
             $errors[] = 'Permission Denied. Wrong gender.';
         }
         if (vocation_id_to_name($_POST['selected_vocation']) === false) {
             $errors[] = 'Failed to recognize that vocation, does it exist?';
         }
         if (town_id_to_name($_POST['selected_town']) === false) {
             $errors[] = 'Failed to recognize that town, does it exist?';
         }
         if (gender_exist($_POST['selected_gender']) === false) {
             $errors[] = 'Failed to recognize that gender, does it exist?';
         }
         // Char count
         $char_count = user_character_list_count($session_user_id);
         if ($char_count >= $config['max_characters']) {
             $errors[] = 'Your account is not allowed to have more than ' . $config['max_characters'] . ' characters.';
         }
         if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
             $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
         }
         echo "create player";
         // Make sure all neccesary values are set
         //Register
         $character_data = array('name' => format_character_name($_POST['name']), 'account_id' => $session_user_id, 'vocation' => $_POST['selected_vocation'], 'town_id' => $_POST['selected_town'], 'sex' => $_POST['selected_gender'], 'lastip' => ip2long(getIP()), 'created' => time());
         array_walk($character_data, 'array_sanitize');
         $cnf = fullConfig();
         if ($character_data['sex'] == 1) {
             $outfit_type = $cnf['maleOutfitId'];
         } else {
             $outfit_type = $cnf['femaleOutfitId'];
         }
         // Create the player
     } else {
         echo "Player already exist.";
         return false;
     }
 }