Exemplo n.º 1
0
function sn_options_model()
{
    global $user, $user_option_list, $lang, $template_result, $config;
    $FMT_DATE = preg_replace(array('/d/', '/m/', '/Y/'), array('DD', 'MM', 'YYYY'), FMT_DATE);
    if (sys_get_param_str('mode') == 'change') {
        if ($user['authlevel'] > 0) {
            $planet_protection = sys_get_param_int('adm_pl_prot') ? $user['authlevel'] : 0;
            db_planet_set_by_owner($user['id'], "`id_level` = '{$planet_protection}'");
            db_user_set_by_id($user['id'], "`admin_protection` = '{$planet_protection}'");
            $user['admin_protection'] = $planet_protection;
        }
        if (sys_get_param_int('vacation') && !$config->user_vacation_disable) {
            sn_db_transaction_start();
            if ($user['authlevel'] < 3) {
                if ($user['vacation_next'] > SN_TIME_NOW) {
                    message($lang['opt_vacation_err_timeout'], $lang['Error'], 'index.php?page=options', 5);
                    die;
                }
                $is_building = doquery("SELECT * FROM `{{fleets}}` WHERE `fleet_owner` = '{$user['id']}' LIMIT 1;", true);
                if ($is_building) {
                    message($lang['opt_vacation_err_your_fleet'], $lang['Error'], 'index.php?page=options', 5);
                    die;
                }
                $que = que_get($user['id'], false);
                if (!empty($que)) {
                    message($lang['opt_vacation_err_que'], $lang['Error'], 'index.php?page=options', 5);
                    die;
                }
                $query = classSupernova::db_get_record_list(LOC_PLANET, "`id_owner` = {$user['id']}");
                foreach ($query as $planet) {
                    // $planet = sys_o_get_updated($user, $planet, SN_TIME_NOW);
                    // $planet = $planet['planet'];
                    db_planet_set_by_id($planet['id'], "last_update = " . SN_TIME_NOW . ", energy_used = '0', energy_max = '0',\n            metal_perhour = '{$config->metal_basic_income}', crystal_perhour = '{$config->crystal_basic_income}', deuterium_perhour = '{$config->deuterium_basic_income}',\n            metal_mine_porcent = '0', crystal_mine_porcent = '0', deuterium_sintetizer_porcent = '0', solar_plant_porcent = '0',\n            fusion_plant_porcent = '0', solar_satelit_porcent = '0', ship_sattelite_sloth_porcent = 0");
                }
                $user['vacation'] = SN_TIME_NOW + $config->player_vacation_time;
            } else {
                $user['vacation'] = SN_TIME_NOW;
            }
            sn_db_transaction_commit();
        }
        foreach ($user_option_list as $option_group_id => $option_group) {
            foreach ($option_group as $option_name => $option_value) {
                if ($user[$option_name] !== null) {
                    $user[$option_name] = sys_get_param_str($option_name);
                } else {
                    $user[$option_name] = $option_value;
                }
            }
        }
        $options = sys_user_options_pack($user);
        $player_options = sys_get_param('options');
        if (!empty($player_options)) {
            array_walk($player_options, function (&$value) {
                // TODO - Когда будет больше параметров - сделать больше проверок
                $value = intval($value);
            });
            player_save_option_array($user, $player_options);
            if ($player_options[PLAYER_OPTION_MENU_HIDE_SHOW_BUTTON] == PLAYER_OPTION_MENU_HIDE_SHOW_BUTTON_HIDDEN) {
                sn_setcookie(SN_COOKIE . '_menu_hidden', '0', time() - PERIOD_WEEK, SN_ROOT_RELATIVE);
            }
        }
        $username = substr(sys_get_param_str_unsafe('username'), 0, 32);
        $username_safe = db_escape($username);
        if ($username && $user['username'] != $username && $config->game_user_changename != SERVER_PLAYER_NAME_CHANGE_NONE && sys_get_param_int('username_confirm')) {
            // проверка на корректность
            sn_db_transaction_start();
            $name_check = doquery("SELECT * FROM {{player_name_history}} WHERE `player_name` LIKE \"{$username_safe}\" LIMIT 1 FOR UPDATE;", true);
            if (!$name_check || $name_check['player_id'] == $user['id']) {
                $user = db_user_by_id($user['id'], true);
                switch ($config->game_user_changename) {
                    case SERVER_PLAYER_NAME_CHANGE_PAY:
                        if (mrc_get_level($user, $planetrow, RES_DARK_MATTER) < $config->game_user_changename_cost) {
                            $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_no_dm']);
                            break;
                        }
                        rpg_points_change($user['id'], RPG_NAME_CHANGE, -$config->game_user_changename_cost, sprintf('Пользователь ID %d сменил имя с "%s" на "%s"', $user['id'], $user['username'], $username));
                    case SERVER_PLAYER_NAME_CHANGE_FREE:
                        db_user_set_by_id($user['id'], "`username` = '{$username_safe}'");
                        doquery("REPLACE INTO {{player_name_history}} SET `player_id` = {$user['id']}, `player_name` = \"{$username_safe}\"");
                        // TODO: Change cookie to not force user relogin
                        sn_setcookie(SN_COOKIE, '', time() - PERIOD_WEEK, SN_ROOT_RELATIVE);
                        $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_name_changed']);
                        $user['username'] = $username;
                        break;
                }
            } else {
                $template_result['.']['result'][] = array('STATUS' => ERR_ERROR, 'MESSAGE' => $lang['opt_msg_name_change_err_used_name']);
            }
            sn_db_transaction_commit();
        }
        $new_password = sys_get_param('newpass1');
        if ($new_password) {
            try {
                if ($new_password != sys_get_param('newpass2')) {
                    throw new Exception($lang['opt_err_pass_unmatched'], ERR_WARNING);
                }
                //if(sec_password_encode(sys_get_param('db_password'), $user['salt']) != $user['password']) {
                if (!sec_password_change($user, $new_password, sys_get_param('db_password'), 1)) {
                    // OK
                    throw new Exception($lang['opt_err_pass_wrong'], ERR_WARNING);
                }
                //sec_set_cookie_by_user($user, 1);
                // Не нужно - мы просто перечитаем запись
                //$aUser = db_user_by_id($user['id']);
                //$user['password'] = $aUser['password'];
                //$user['salt'] = $aUser['salt'];
                //        if(!sec_password_check($user, sys_get_param('db_password'))) {
                //          throw new Exception($lang['opt_err_pass_wrong'], ERR_WARNING);
                //        }
                //
                //        $user['salt'] = sec_password_salt_generate();
                //        $user['password'] = sec_password_encode($new_password, $user['salt']);
                // Changed cookie to not force user relogin
                // sn_setcookie(SN_COOKIE, '', time() - PERIOD_WEEK, SN_ROOT_RELATIVE);
                // sn_cookie_set_user($user, 1);
                // sec_set_cookie_by_fields($user['id'], $user['username'], $user['password'], 1);
                throw new Exception($lang['opt_msg_pass_changed'], ERR_NONE);
            } catch (Exception $e) {
                $template_result['.']['result'][] = array('STATUS' => in_array($e->getCode(), array(ERR_NONE, ERR_WARNING, ERR_ERROR)) ? $e->getCode() : ERR_ERROR, 'MESSAGE' => $e->getMessage());
            }
        }
        $user['email'] = sys_get_param_str('db_email');
        if (!$user['email_2']) {
            $user['email_2'] = sys_get_param_str('db_email2');
        }
        $user['dpath'] = sys_get_param_str('dpath');
        $user['lang'] = sys_get_param_str('langer', $user['lang']);
        if ($lang->lng_switch($user['lang'])) {
            lng_include('options');
            lng_include('messages');
        }
        $user['design'] = sys_get_param_int('design');
        $user['noipcheck'] = sys_get_param_int('noipcheck');
        $user['spio_anz'] = sys_get_param_int('spio_anz');
        $user['settings_tooltiptime'] = sys_get_param_int('settings_tooltiptime');
        $user['settings_fleetactions'] = sys_get_param_int('settings_fleetactions', 1);
        $user['settings_esp'] = sys_get_param_int('settings_esp');
        $user['settings_wri'] = sys_get_param_int('settings_wri');
        $user['settings_bud'] = sys_get_param_int('settings_bud');
        $user['settings_mis'] = sys_get_param_int('settings_mis');
        $user['settings_statistics'] = sys_get_param_int('settings_statistics');
        $user['settings_info'] = sys_get_param_int('settings_info');
        $user['settings_rep'] = sys_get_param_int('settings_rep');
        $user['planet_sort'] = sys_get_param_int('settings_sort');
        $user['planet_sort_order'] = sys_get_param_int('settings_order');
        $user['deltime'] = !sys_get_param_int('deltime') ? 0 : ($user['deltime'] ? $user['deltime'] : SN_TIME_NOW + $config->player_delete_time);
        $gender = sys_get_param_int('gender', $user['gender']);
        !isset($lang['sys_gender_list'][$gender]) ? $gender = $user['gender'] : false;
        $user['gender'] = $user['gender'] == GENDER_UNKNOWN ? $gender : $user['gender'];
        try {
            if ($user['birthday']) {
                throw new exception();
            }
            $user_birthday = sys_get_param_str_unsafe('user_birthday');
            if (!$user_birthday || $user_birthday == $FMT_DATE) {
                throw new exception();
            }
            // Some black magic to parse any valid date format - those that contains all three "d", "m" and "Y" and any of the delimeters "\", "/", ".", "-"
            $pos['d'] = strpos(FMT_DATE, 'd');
            $pos['m'] = strpos(FMT_DATE, 'm');
            $pos['Y'] = strpos(FMT_DATE, 'Y');
            asort($pos);
            $i = 0;
            foreach ($pos as &$position) {
                $position = ++$i;
            }
            $regexp = "/" . preg_replace(array('/\\\\/', '/\\//', '/\\./', '/\\-/', '/d/', '/m/', '/Y/'), array('\\\\\\', '\\/', '\\.', '\\-', '(\\d?\\d)', '(\\d?\\d)', '(\\d{4})'), FMT_DATE) . "/";
            if (!preg_match($regexp, $user_birthday, $match)) {
                throw new exception();
            }
            if (!checkdate($match[$pos['m']], $match[$pos['d']], $match[$pos['Y']])) {
                throw new exception();
            }
            $user['user_birthday'] = db_escape("{$match[$pos['Y']]}-{$match[$pos['m']]}-{$match[$pos['d']]}");
            // EOF black magic! Now we have valid SQL date in $user['user_birthday'] - independent of date format
            $year = date('Y', SN_TIME_NOW);
            if (mktime(0, 0, 0, $match[$pos['m']], $match[$pos['d']], $year) > SN_TIME_NOW) {
                $year--;
            }
            $user['user_birthday_celebrated'] = db_escape("{$year}-{$match[$pos['m']]}-{$match[$pos['d']]}");
            $user_birthday = ", `user_birthday` = '{$user['user_birthday']}', `user_birthday_celebrated` = '{$user['user_birthday_celebrated']}'";
        } catch (exception $e) {
            $user_birthday = '';
        }
        require_once 'includes/includes/sys_avatar.php';
        $avatar_upload_result = sys_avatar_upload($user['id'], $user['avatar']);
        $template_result['.']['result'][] = $avatar_upload_result;
        $user_time_diff = user_time_diff_get();
        if (sys_get_param_int('user_time_diff_forced')) {
            user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => sys_get_param_int('user_time_diff'), PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 1, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL));
        } elseif (sys_get_param_int('opt_time_diff_clear') || $user_time_diff[PLAYER_OPTION_TIME_DIFF_FORCED]) {
            user_time_diff_set(array(PLAYER_OPTION_TIME_DIFF => '', PLAYER_OPTION_TIME_DIFF_UTC_OFFSET => 0, PLAYER_OPTION_TIME_DIFF_FORCED => 0, PLAYER_OPTION_TIME_DIFF_MEASURE_TIME => SN_TIME_SQL));
        }
        $user_options_safe = db_escape($user['options']);
        //      `username` = '{$username_safe}',
        // `password` = '{$user['password']}', `salt` = '{$user['salt']}',
        db_user_set_by_id($user['id'], "`email` = '{$user['email']}', `email_2` = '{$user['email_2']}', `lang` = '{$user['lang']}', `avatar` = '{$user['avatar']}',\n      `dpath` = '{$user['dpath']}', `design` = '{$user['design']}', `noipcheck` = '{$user['noipcheck']}',\n      `planet_sort` = '{$user['planet_sort']}', `planet_sort_order` = '{$user['planet_sort_order']}', `spio_anz` = '{$user['spio_anz']}',\n      `settings_tooltiptime` = '{$user['settings_tooltiptime']}', `settings_fleetactions` = '{$user['settings_fleetactions']}', `settings_esp` = '{$user['settings_esp']}',\n      `settings_wri` = '{$user['settings_wri']}', `settings_bud` = '{$user['settings_bud']}', `settings_statistics` = '{$user['settings_statistics']}',\n      `settings_info` = '{$user['settings_info']}', `settings_mis` = '{$user['settings_mis']}', `settings_rep` = '{$user['settings_rep']}',\n      `deltime` = '{$user['deltime']}', `vacation` = '{$user['vacation']}', `options` = '{$user_options_safe}', `gender` = {$user['gender']}\n      {$user_birthday}");
        $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']);
    } elseif (sys_get_param_str('result') == 'ok') {
        $template_result['.']['result'][] = array('STATUS' => ERR_NONE, 'MESSAGE' => $lang['opt_msg_saved']);
    }
    $user = db_user_by_id($user['id']);
    $options = sys_user_options_unpack(&$user);
}
Exemplo n.º 2
0
function player_create($username_unsafe, $password_raw, $email_unsafe, $options)
{
    global $config, $lang;
    static $player_options_string = 'opt_mnl_spy^1|opt_email_mnl_spy^0|opt_email_mnl_joueur^0|opt_email_mnl_alliance^0|opt_mnl_attaque^1|opt_email_mnl_attaque^0|opt_mnl_exploit^1|opt_email_mnl_exploit^0|opt_mnl_transport^1|opt_email_mnl_transport^0|opt_email_msg_admin^1|opt_mnl_expedition^1|opt_email_mnl_expedition^0|opt_mnl_buildlist^1|opt_email_mnl_buildlist^0|opt_int_navbar_resource_force^1|';
    empty($options['planet_options']) ? $options['planet_options'] = array() : false;
    $field_set = array('server_name' => SN_ROOT_VIRTUAL, 'register_time' => SN_TIME_NOW, 'user_bot' => $options['user_bot'] = empty($options['user_bot']) ? USER_BOT_PLAYER : $options['total_points'], 'username' => $username_unsafe, 'email' => $email_unsafe, 'email_2' => $email_unsafe, 'lang' => $options['language_iso'] ? $options['language_iso'] : DEFAULT_LANG, 'dpath' => DEFAULT_SKINPATH, 'total_points' => $options['total_points'] = empty($options['total_points']) ? 0 : $options['total_points'], 'options' => (empty($options['options']) ? $player_options_string : $options['options']) . (empty($options['options_extra']) ? '' : $options['options_extra']), 'galaxy' => $options['galaxy'] = intval($options['galaxy'] ? $options['galaxy'] : 0), 'system' => $options['system'] = intval($options['system'] ? $options['system'] : 0), 'planet' => $options['planet'] = intval($options['planet'] ? $options['planet'] : 0));
    $user_new = classSupernova::db_ins_field_set(LOC_USER, $field_set);
    sec_password_change($user_new, $password_raw, false, $options['remember_me'] = intval(!empty($options['remember_me'])));
    $username_safe = db_escape($username_unsafe);
    //  $options['language_iso'] = db_escape($options['language_iso'] ? $options['language_iso'] : DEFAULT_LANG);
    //  $options['remember_me'] = intval(!empty($options['remember_me']));
    //
    //  $skin_safe = db_escape(DEFAULT_SKINPATH);
    //  $email_safe = db_escape($email_unsafe);
    //
    //  // sn_db_field_set_make_safe($field_set, $serialize = false)
    //
    //  $user_new = classSupernova::db_ins_record(LOC_USER, "`username` = '{$username_safe}', `email` = '{$email_safe}', `email_2` = '{$email_safe}', `dpath` = '{$skin_safe}',
    //      `lang` = '{$options['language_iso']}', `register_time` = " . SN_TIME_NOW . ", `server_name` = '" . db_escape(SN_ROOT_VIRTUAL) . "',
    //      `options` = 'opt_mnl_spy^1|opt_email_mnl_spy^0|opt_email_mnl_joueur^0|opt_email_mnl_alliance^0|opt_mnl_attaque^1|opt_email_mnl_attaque^0|opt_mnl_exploit^1|opt_email_mnl_exploit^0|opt_mnl_transport^1|opt_email_mnl_transport^0|opt_email_msg_admin^1|opt_mnl_expedition^1|opt_email_mnl_expedition^0|opt_mnl_buildlist^1|opt_email_mnl_buildlist^0|opt_int_navbar_resource_force^1|';");
    doquery("REPLACE INTO {{player_name_history}} SET `player_id` = {$user_new['id']}, `player_name` = '{$username_safe}'");
    if (!empty($options['partner_id']) && ($referral_row = db_user_by_id($options['partner_id'], true))) {
        doquery("INSERT INTO {{referrals}} SET `id` = {$user_new['id']}, `id_partner` = {$options['partner_id']}");
    }
    if (!($options['galaxy'] && $options['system'] && $options['planet'])) {
        $options['galaxy'] = $config->LastSettedGalaxyPos;
        $options['system'] = $config->LastSettedSystemPos;
        $segment_size = floor($config->game_maxPlanet / 3);
        $segment = floor($config->LastSettedPlanetPos / $segment_size);
        $segment++;
        $options['planet'] = mt_rand(1 + $segment * $segment_size, ($segment + 1) * $segment_size);
        // $new_planet_id = 0;
        while (true) {
            if ($options['planet'] > $config->game_maxPlanet) {
                $options['planet'] = mt_rand(0, $segment_size - 1) + 1;
                $options['system']++;
            }
            if ($options['system'] > $config->game_maxSystem) {
                $options['system'] = 1;
                $options['galaxy']++;
            }
            $options['galaxy'] > $config->game_maxGalaxy ? $options['galaxy'] = 1 : false;
            $galaxy_row = db_planet_by_gspt($options['galaxy'], $options['system'], $options['planet'], PT_PLANET, true, 'id');
            if (!$galaxy_row['id']) {
                $config->db_saveItem(array('LastSettedGalaxyPos' => $options['galaxy'], 'LastSettedSystemPos' => $options['system'], 'LastSettedPlanetPos' => $options['planet']));
                // $new_planet_id = uni_create_planet($options['galaxy'], $options['system'], $options['planet'], $user_new['id'], $username_unsafe . ' ' . $lang['sys_capital'], true, $options['planet_options']);
                break;
            }
            $options['planet'] += 3;
        }
    }
    $new_planet_id = uni_create_planet($options['galaxy'], $options['system'], $options['planet'], $user_new['id'], $username_unsafe . ' ' . $lang['sys_capital'], true, $options['planet_options']);
    sys_player_new_adjust($user_new['id'], $new_planet_id);
    db_user_set_by_id($user_new['id'], "`id_planet` = '{$new_planet_id}', `current_planet` = '{$new_planet_id}', `galaxy` = '{$options['galaxy']}', `system` = '{$options['$system']}', `planet` = '{$options['$planet']}'");
    $config->db_saveItem('users_amount', $config->users_amount + 1);
    return db_user_by_id($user_new['id']);
}
Exemplo n.º 3
0
function sec_restore_password_confirm($confirm_safe, &$result)
{
    global $lang, $config;
    try {
        $last_confirm = doquery("SELECT *, UNIX_TIMESTAMP(`create_time`) as `unix_time` FROM {{confirmations}} WHERE `code` = '{$confirm_safe}' AND `type` = " . CONFIRM_PASSWORD_RESET . " LIMIT 1;", true);
        if (!isset($last_confirm['id'])) {
            throw new exception(PASSWORD_RESTORE_ERROR_CODE_WRONG);
        }
        if (SN_TIME_NOW - $last_confirm['unix_time'] > PERIOD_DAY) {
            throw new exception(PASSWORD_RESTORE_ERROR_CODE_TOO_OLD);
        }
        $new_password = sys_random_string(8, SN_SYS_SEC_CHARS_CONFIRMATION);
        // $salt_unsafe = sec_password_salt_generate();
        // $md5 = sec_password_encode($new_password, $salt_unsafe);
        // $salt_safe = db_escape($salt_unsafe);
        //if(!db_user_set_by_id($last_confirm['id_user'], "`password` = '{$md5}', `salt` = '{$salt_safe}'")) {
        if (!sec_password_change($last_confirm['id_user'], $new_password, false, 1)) {
            // OK
            throw new exception(PASSWORD_RESTORE_ERROR_CHANGE);
        }
        $message = sprintf($lang['log_lost_email_pass'], $config->game_name, $new_password);
        @($operation_result = mymail($last_confirm['email'], sprintf($lang['log_lost_email_title'], $config->game_name), htmlspecialchars($message)));
        $message = sys_bbcodeParse($message) . '<br><br>';
        $result[F_PASSWORD_NEW] = $new_password;
        $result[F_LOGIN_STATUS] = $operation_result ? PASSWORD_RESTORE_SUCCESS_PASSWORD_SENT : PASSWORD_RESTORE_SUCCESS_PASSWORD_SEND_ERROR;
        $result[F_LOGIN_MESSAGE] = $message . ($operation_result ? $lang['log_lost_sent_pass'] : $lang['log_lost_err_sending']);
        doquery("DELETE FROM {{confirmations}} WHERE `id` = '{$last_confirm['id']}' AND `type` = " . CONFIRM_PASSWORD_RESET . " LIMIT 1;");
        // sys_redirect('login.php');
    } catch (exception $e) {
        $result[F_LOGIN_STATUS] = $e->getMessage();
    }
}