Exemplo n.º 1
0
function msgUserLink($aRequest)
{
    $Out = Out::getInstance();
    if (validAdmin()) {
        $UserInfo = tryGetUserLink($aRequest['userId']);
        if ($UserInfo != null) {
            $Out->pushValue('syncActive', !defined('ALLOW_GROUP_SYNC') || ALLOW_GROUP_SYNC);
            $Out->pushValue('userid', $aRequest['userId']);
            $Out->pushValue('binding', $UserInfo->BindingName);
            $Out->pushValue('group', $UserInfo->Group);
        }
    } else {
        $Out->pushError(L('AccessDenied'));
    }
}
Exemplo n.º 2
0
function msgQueryUser($aRequest)
{
    $Out = Out::getInstance();
    if (registeredUser()) {
        $CurrentUser = UserProxy::getInstance();
        $CharacterIds = array();
        $CharacterGames = array();
        $CharacterNames = array();
        $CharacterClasses = array();
        $CharacterRoles1 = array();
        $CharacterRoles2 = array();
        $Settings = array();
        foreach ($CurrentUser->Characters as $Character) {
            array_push($CharacterIds, $Character->CharacterId);
            array_push($CharacterGames, $Character->Game);
            array_push($CharacterNames, $Character->Name);
            array_push($CharacterClasses, explode(':', $Character->ClassName));
            array_push($CharacterRoles1, $Character->Role1);
            array_push($CharacterRoles2, $Character->Role2);
        }
        $Out->pushValue('registeredUser', true);
        $Out->pushValue('id', $CurrentUser->UserId);
        $Out->pushValue('name', $CurrentUser->UserName);
        $Out->pushValue('characterIds', $CharacterIds);
        $Out->pushValue('characterGames', $CharacterGames);
        $Out->pushValue('characterNames', $CharacterNames);
        $Out->pushValue('characterClass', $CharacterClasses);
        $Out->pushValue('role1', $CharacterRoles1);
        $Out->pushValue('role2', $CharacterRoles2);
        $Out->pushValue('validUser', validUser());
        $Out->pushValue('isRaidlead', validRaidlead());
        $Out->pushValue('isAdmin', validAdmin());
        $Out->pushValue('settings', $CurrentUser->Settings);
        $Session = Session::get();
        if (isset($Session['Calendar'])) {
            $Out->pushValue('calendar', $Session['Calendar']);
        } else {
            $Out->pushValue('calendar', null);
        }
    } else {
        $Out->pushValue('registeredUser', false);
    }
}
Exemplo n.º 3
0
function msgQueryProfile($aRequest)
{
    if (validUser()) {
        global $gGame;
        loadGameSettings();
        $Out = Out::getInstance();
        $UserId = UserProxy::getInstance()->UserId;
        if (validAdmin() && isset($aRequest['userId']) && $aRequest['userId'] != 0) {
            $UserId = intval($aRequest['userId']);
        }
        $Connector = Connector::getInstance();
        $Out->pushValue('show', $aRequest['showPanel']);
        // Admintool relevant data
        $Users = $Connector->prepare('SELECT Login, UNIX_TIMESTAMP(Created) AS CreatedUTC, ExternalBinding, BindingActive FROM `' . RP_TABLE_PREFIX . 'User` WHERE UserId = :UserId LIMIT 1');
        $Users->bindValue(':UserId', $UserId, PDO::PARAM_INT);
        $Data = $Users->fetchFirst();
        if ($Data != null) {
            $Out->pushValue('userid', $UserId);
            $Out->pushValue('name', $Data['Login']);
            $Out->pushValue('bindingActive', $Data['BindingActive'] == 'true');
            $Out->pushValue('binding', $Data['ExternalBinding']);
            $CreatedUTC = $Data['CreatedUTC'];
        }
        // Load settings
        $SettingsQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'UserSetting` WHERE UserId = :UserId');
        $SettingsQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
        $UserSettings = array();
        $SettingsQuery->loop(function ($Data) use(&$UserSettings) {
            $UserSettings[$Data['Name']] = array('number' => $Data['IntValue'], 'text' => $Data['TextValue']);
        });
        $Out->pushValue('settings', $UserSettings);
        // Load characters
        $Characters = array();
        if ($UserId == UserProxy::getInstance()->UserId) {
            foreach (UserProxy::getInstance()->Characters as $Data) {
                if ($Data->Game == $gGame['GameId']) {
                    $Character = array('id' => $Data->CharacterId, 'name' => $Data->Name, 'classname' => explode(':', $Data->ClassName), 'mainchar' => $Data->IsMainChar, 'role1' => $Data->Role1, 'role2' => $Data->Role2);
                    array_push($Characters, $Character);
                }
            }
        } else {
            $CharacterQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'Character` ' . 'WHERE UserId = :UserId AND Game = :Game ' . 'ORDER BY Mainchar, Name');
            $CharacterQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
            $CharacterQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR);
            $CharacterQuery->loop(function ($Row) use(&$Characters) {
                $Character = array('id' => $Row['CharacterId'], 'name' => $Row['Name'], 'classname' => explode(':', $Row['Class']), 'mainchar' => $Row['Mainchar'] == 'true', 'role1' => $Row['Role1'], 'role2' => $Row['Role2']);
                array_push($Characters, $Character);
            });
        }
        $Out->pushValue('character', $Characters);
        // Total raid count
        $NumRaids = 0;
        $RaidsQuery = $Connector->prepare('SELECT COUNT(RaidId) AS `NumberOfRaids` FROM `' . RP_TABLE_PREFIX . 'Raid` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'WHERE Start > FROM_UNIXTIME(:Created) AND Start < FROM_UNIXTIME(:Now) AND Game = :Game');
        $RaidsQuery->bindValue(':Now', time(), PDO::PARAM_INT);
        $RaidsQuery->bindValue(':Created', $CreatedUTC, PDO::PARAM_STR);
        $RaidsQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR);
        $Data = $RaidsQuery->fetchFirst();
        if ($Data != null) {
            $NumRaids = $Data['NumberOfRaids'];
        }
        // Load attendance
        $AttendanceQuery = $Connector->prepare('Select `Status`, `Role`, COUNT(RaidId) AS `Count` ' . 'FROM `' . RP_TABLE_PREFIX . 'Attendance` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Raid` USING(RaidId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'WHERE UserId = :UserId AND Start > FROM_UNIXTIME(:Created) AND Start < FROM_UNIXTIME(:Now) AND Game = :Game ' . 'GROUP BY `Status`, `Role` ORDER BY Status');
        $AttendanceQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
        $AttendanceQuery->bindValue(':Created', $CreatedUTC, PDO::PARAM_INT);
        $AttendanceQuery->bindValue(':Now', time(), PDO::PARAM_INT);
        $AttendanceQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR);
        $AttendanceData = array('raids' => $NumRaids, 'available' => 0, 'unavailable' => 0, 'ok' => 0, 'roles' => array());
        // Pull data
        $AttendanceQuery->loop(function ($Data) use(&$AttendanceData) {
            if ($Data['Status'] != 'undecided') {
                $AttendanceData[$Data['Status']] += $Data['Count'];
            }
            if ($Data['Status'] == 'ok') {
                $RoleId = $Data['Role'];
                if (isset($AttendanceData['roles'][$RoleId])) {
                    $AttendanceData['roles'][$RoleId] += $Data['Count'];
                } else {
                    $AttendanceData['roles'][$RoleId] = $Data['Count'];
                }
            }
        });
        $Out->pushValue('attendance', $AttendanceData);
    } else {
        $Out = Out::getInstance();
        $Out->pushError(L('AccessDenied'));
    }
}
Exemplo n.º 4
0
function msgQuerySettings($aRequest)
{
    if (validAdmin()) {
        global $gGame;
        loadGameSettings();
        $Out = Out::getInstance();
        $Connector = Connector::getInstance();
        // Pass through parameter
        $Out->pushValue('show', $aRequest['showPanel']);
        $Out->pushValue('syncActive', !defined('ALLOW_GROUP_SYNC') || ALLOW_GROUP_SYNC);
        // Load users
        $UserQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'User` ORDER BY Login, `Group`');
        $Users = array();
        $UserQuery->loop(function ($Data) use(&$Users) {
            $UserData = array('id' => $Data['UserId'], 'login' => xmlentities($Data['Login'], ENT_COMPAT, 'UTF-8'), 'bindingActive' => $Data['BindingActive'], 'binding' => $Data['ExternalBinding'], 'group' => $Data['Group']);
            array_push($Users, $UserData);
        });
        $Out->pushValue('user', $Users);
        // Load settings
        $Settings = Settings::getInstance();
        $SettingsJS = array();
        Api::getPrivateToken();
        foreach ($Settings->getProperties() as $Name => $Data) {
            array_push($SettingsJS, array('name' => $Name, 'intValue' => isset($Data['IntValue']) ? $Data['IntValue'] : 0, 'textValue' => isset($Data['TextValue']) ? $Data['TextValue'] : ''));
        }
        $Out->pushValue('setting', $SettingsJS);
        // Load games
        $GameFiles = scandir('../themes/games');
        $Games = array();
        foreach ($GameFiles as $GameFileName) {
            try {
                if (substr($GameFileName, -4) === '.xml') {
                    $Game = @new SimpleXMLElement(file_get_contents('../themes/games/' . $GameFileName));
                    $SimpleGameFileName = substr($GameFileName, 0, strrpos($GameFileName, '.'));
                    if ($Game->name != '') {
                        $GameName = strval($Game->name);
                    } else {
                        $GameName = str_replace('_', ' ', $SimpleGameFileName);
                    }
                    $Groups = array();
                    foreach ($Game->groups->group as $Group) {
                        array_push($Groups, intval($Group['count']));
                    }
                    array_push($Games, array('name' => $GameName, 'family' => strval($Game->family), 'file' => $SimpleGameFileName, 'groups' => $Groups));
                }
            } catch (Exception $e) {
                $Out->pushError('Error parsing gameconfig ' . $GameFileName . ': ' . $e->getMessage());
            }
        }
        $Out->pushValue('game', $Games);
        // Load themes
        $ThemeFiles = scandir('../themes/themes');
        $Themes = array();
        foreach ($ThemeFiles as $ThemeFileName) {
            try {
                if (substr($ThemeFileName, -4) === '.xml') {
                    $Theme = @new SimpleXMLElement(file_get_contents('../themes/themes/' . $ThemeFileName));
                    $SimpleThemeFileName = substr($ThemeFileName, 0, strrpos($ThemeFileName, '.'));
                    $Family = isset($Theme->family) ? explode(',', strtolower($Theme->family)) : 'wow';
                    if ($Theme->name != '') {
                        $ThemeName = strval($Theme->name);
                    } else {
                        $ThemeName = str_replace('_', ' ', $SimpleThemeFileName);
                    }
                    array_push($Themes, array('name' => $ThemeName, 'family' => $Family, 'file' => $SimpleThemeFileName));
                }
            } catch (Exception $e) {
                $Out->pushError('Error parsing themefile ' . $ThemeFileName . ': ' . $e->getMessage());
            }
        }
        $Out->pushValue('theme', $Themes);
        // Query attendance
        $AttendanceString = 'SELECT ' . '`' . RP_TABLE_PREFIX . 'User`.UserId, ' . '`' . RP_TABLE_PREFIX . 'Character`.Name, ' . '`' . RP_TABLE_PREFIX . 'Attendance`.`Status`, ' . 'UNIX_TIMESTAMP(`' . RP_TABLE_PREFIX . 'User`.Created) AS CreatedUTC, ' . 'COUNT(`' . RP_TABLE_PREFIX . 'Raid`.RaidId) AS Count ' . 'FROM `' . RP_TABLE_PREFIX . 'User` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(UserId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Raid` USING(RaidId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Character` ON `' . RP_TABLE_PREFIX . 'User`.UserId = `' . RP_TABLE_PREFIX . 'Character`.UserId ' . 'WHERE `' . RP_TABLE_PREFIX . 'Character`.Mainchar = "true" ' . 'AND `' . RP_TABLE_PREFIX . 'Raid`.Start > `' . RP_TABLE_PREFIX . 'User`.Created ' . 'AND `' . RP_TABLE_PREFIX . 'Raid`.Start < FROM_UNIXTIME(:Now) ' . 'AND `' . RP_TABLE_PREFIX . 'Location`.Game = :Game ' . 'AND `' . RP_TABLE_PREFIX . 'Character`.Game = :Game ' . 'GROUP BY `' . RP_TABLE_PREFIX . 'User`.UserId, `Status`';
        $Attendance = $Connector->prepare($AttendanceString);
        $Attendance->bindValue(':Now', time(), PDO::PARAM_INT);
        $Attendance->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR);
        $UserId = 0;
        $NumRaidsRemain = 0;
        $MainCharName = '';
        $StateCounts = array('undecided' => 0, 'available' => 0, 'unavailable' => 0, 'ok' => 0);
        $Attendances = array();
        $Attendance->loop(function ($Data) use(&$gGame, &$Connector, &$UserId, &$NumRaidsRemain, &$MainCharName, &$StateCounts, &$Attendances) {
            if ($UserId != $Data['UserId']) {
                if ($UserId > 0) {
                    $AttendanceData = array('id' => $UserId, 'name' => $MainCharName, 'ok' => $StateCounts['ok'], 'available' => $StateCounts['available'], 'unavailable' => $StateCounts['unavailable'], 'undecided' => $StateCounts['undecided'] + $NumRaidsRemain);
                    array_push($Attendances, $AttendanceData);
                }
                // Clear cache
                $StateCounts['ok'] = 0;
                $StateCounts['available'] = 0;
                $StateCounts['unavailable'] = 0;
                $StateCounts['undecided'] = 0;
                $NumRaidsRemain = 0;
                $UserId = $Data['UserId'];
                $MainCharName = $Data['Name'];
                // Fetch number of attendable raids
                $Raids = $Connector->prepare('SELECT COUNT(RaidId) AS `NumberOfRaids` ' . 'FROM `' . RP_TABLE_PREFIX . 'Raid` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Location` USING(LocationId) ' . 'WHERE Start > FROM_UNIXTIME(:Created) ' . 'AND Start < FROM_UNIXTIME(:Now) ' . 'AND Game = :Game');
                $Raids->bindValue(':Now', time(), PDO::PARAM_INT);
                $Raids->bindValue(':Created', $Data['CreatedUTC'], PDO::PARAM_INT);
                $Raids->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR);
                $RaidCountData = $Raids->fetchFirst();
                $NumRaidsRemain = $RaidCountData == null ? 0 : $RaidCountData['NumberOfRaids'];
            }
            $StateCounts[$Data['Status']] += $Data['Count'];
            $NumRaidsRemain -= $Data['Count'];
        });
        // Push last user
        if ($UserId != 0) {
            $AttendanceData = array('id' => $UserId, 'name' => $MainCharName, 'ok' => $StateCounts['ok'], 'available' => $StateCounts['available'], 'unavailable' => $StateCounts['unavailable'], 'undecided' => $StateCounts['undecided'] + $NumRaidsRemain);
            array_push($Attendances, $AttendanceData);
        }
        $Out->pushValue('attendance', $Attendances);
        // Locations
        msgQueryLocations($aRequest);
    } else {
        $Out = Out::getInstance();
        $Out->pushError(L('AccessDenied'));
    }
}
function msgSettingsupdate($aRequest)
{
    if (validAdmin()) {
        $Connector = Connector::getInstance();
        // Update settings
        $Settings = Settings::getInstance();
        $Settings['PurgeRaids']['IntValue'] = $aRequest['purgeTime'];
        $Settings['LockRaids']['IntValue'] = $aRequest['lockTime'];
        $Settings['TimeFormat']['IntValue'] = $aRequest['timeFormat'];
        $Settings['StartOfWeek']['IntValue'] = $aRequest['startOfWeek'];
        $Settings['RaidStartHour']['IntValue'] = $aRequest['raidStartHour'];
        $Settings['RaidStartMinute']['IntValue'] = $aRequest['raidStartMinute'];
        $Settings['RaidEndHour']['IntValue'] = $aRequest['raidEndHour'];
        $Settings['RaidEndMinute']['IntValue'] = $aRequest['raidEndMinute'];
        $Settings['RaidSize']['IntValue'] = $aRequest['raidSize'];
        $Settings['RaidMode']['TextValue'] = $aRequest['raidMode'];
        $Settings['Site']['TextValue'] = $aRequest['site'];
        $Settings['Theme']['TextValue'] = $aRequest['theme'];
        $Settings['GameConfig']['TextValue'] = $aRequest['game'];
        $Settings['HelpPage']['TextValue'] = $aRequest['helpPage'];
        $Settings['PrimaryRole']['TextValue'] = $aRequest['primaryRole'];
        $Settings->serialize();
        do {
            // Update locations
            $Connector->beginTransaction();
            $ExistingLocations = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'Location`');
            $CurrentValues = array();
            $ExistingLocations->loop(function ($Data) use(&$CurrentValues) {
                $CurrentValues[$Data['LocationId']] = array('Name' => $Data['Name'], 'Image' => $Data['Image']);
            });
            $QueryString = '';
            $BindValues = array();
            // Build location query
            if (isset($aRequest['locationIds'])) {
                for ($i = 0; $i < count($aRequest['locationIds']); ++$i) {
                    $LocationId = intval($aRequest['locationIds'][$i]);
                    $CurrentLocation = $CurrentValues[$LocationId];
                    $LocationName = requestToXML($aRequest['locationNames'][$i], ENT_COMPAT, 'UTF-8');
                    $LocationImage = isset($aRequest['locationImages']) && isset($aRequest['locationImages'][$i]) && $aRequest['locationImages'][$i] != 'undefined' ? $aRequest['locationImages'][$i] : $CurrentLocation['Image'];
                    if ($LocationName != $CurrentLocation['Name'] || $LocationImage != $CurrentLocation['Image']) {
                        array_push($BindValues, array(':Name' . $LocationId, $LocationName, PDO::PARAM_STR));
                        array_push($BindValues, array(':Image' . $LocationId, $LocationImage, PDO::PARAM_STR));
                        $QueryString .= 'UPDATE `' . RP_TABLE_PREFIX . 'Location` SET Name = :Name' . $LocationId . ', Image = :Image' . $LocationId . ' WHERE LocationId=' . $LocationId . '; ';
                    }
                }
            }
            if (isset($aRequest['locationRemoved'])) {
                foreach ($aRequest['locationRemoved'] as $LocationId) {
                    $QueryString .= 'DELETE `' . RP_TABLE_PREFIX . 'Location`, `' . RP_TABLE_PREFIX . 'Raid`, `' . RP_TABLE_PREFIX . 'Attendance` FROM `' . RP_TABLE_PREFIX . 'Location` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Raid` USING(LocationId) ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(RaidId) ' . ' WHERE LocationId=' . intval($LocationId) . '; ';
                }
            }
            if ($QueryString != '') {
                $LocationUpdate = $Connector->prepare($QueryString);
                foreach ($BindValues as $BindData) {
                    $LocationUpdate->bindValue($BindData[0], $BindData[1], $BindData[2]);
                }
                if (!$LocationUpdate->execute()) {
                    $Connector->rollBack();
                    return;
                    // ### return, error ###
                }
            }
            // Update users and groups
            $BannedIds = isset($aRequest['banned']) ? $aRequest['banned'] : array();
            $MemberIds = isset($aRequest['member']) ? $aRequest['member'] : array();
            $RaidleadIds = isset($aRequest['raidlead']) ? $aRequest['raidlead'] : array();
            $AdminIds = isset($aRequest['admin']) ? $aRequest['admin'] : array();
            $RemovedIds = isset($aRequest['removed']) ? $aRequest['removed'] : array();
            $UnlinkedIds = isset($aRequest['unlinked']) ? $aRequest['unlinked'] : array();
            $RelinkedIds = isset($aRequest['relinked']) ? $aRequest['relinked'] : array();
            if (!updateGroup($Connector, 'none', $BannedIds)) {
                return;
            }
            if (!updateGroup($Connector, 'member', $MemberIds)) {
                return;
            }
            if (!updateGroup($Connector, 'raidlead', $RaidleadIds)) {
                return;
            }
            if (!updateGroup($Connector, 'admin', $AdminIds)) {
                return;
            }
            // Update unlinked users
            foreach ($UnlinkedIds as $UserId) {
                $UnlinkUser = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'User` SET `BindingActive` = "false" WHERE UserId = :UserId LIMIT 1');
                $UnlinkUser->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                if (!$UnlinkUser->execute()) {
                    $Connector->rollBack();
                    return;
                    // ### return, error ###
                }
            }
            // Update relinked users
            foreach ($RelinkedIds as $UserId) {
                $UserInfo = tryGetUserLink($UserId);
                if ($UserInfo != null) {
                    $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'User` SET ' . 'Password = :Password, Salt = :Salt, `Group` = :Group, ' . 'ExternalId = :ExternalId, ExternalBinding = :Binding, BindingActive = "true" ' . 'WHERE UserId = :UserId LIMIT 1');
                    $UpdateQuery->bindValue(':Password', $UserInfo->Password, PDO::PARAM_STR);
                    $UpdateQuery->bindValue(':Group', $UserInfo->Group, PDO::PARAM_STR);
                    $UpdateQuery->bindValue(':Salt', $UserInfo->Salt, PDO::PARAM_STR);
                    $UpdateQuery->bindValue(':Binding', $UserInfo->BindingName, PDO::PARAM_STR);
                    $UpdateQuery->bindValue(':ExternalId', $UserInfo->UserId, PDO::PARAM_STR);
                    $UpdateQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT);
                    if (!$UpdateQuery->execute()) {
                        $Connector->rollBack();
                        return;
                        // ### return, error ###
                    }
                }
            }
            // Update removed users
            foreach ($RemovedIds as $UserId) {
                // remove characters and attendances
                $DropCharacter = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Character` WHERE UserId = :UserId LIMIT 1');
                $DropAttendance = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Attendance` WHERE UserId = :UserId');
                $DropCharacter->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                $DropAttendance->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                if (!$DropCharacter->execute()) {
                    $Connector->rollBack();
                    return;
                    // ### return, error ###
                }
                if (!$DropAttendance->execute()) {
                    $Connector->rollBack();
                    return;
                    // ### return, error ###
                }
                // remove user
                $DropUser = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'User` WHERE UserId = :UserId LIMIT 1');
                $DropUser->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                if (!$DropUser->execute()) {
                    $Connector->rollBack();
                    return;
                    // ### return, error ###
                }
            }
        } while (!$Connector->commit());
        msgQuerySettings($aRequest);
    } else {
        $Out = Out::getInstance();
        $Out->pushError(L('AccessDenied'));
    }
}
Exemplo n.º 6
0
 public static function changePassword($aUserId, $aHashedPassword, $aSalt)
 {
     $IsCurrentUser = self::getInstance()->UserId == $aUserId;
     if (!$IsCurrentUser && !validAdmin()) {
         return false;
     }
     // ### return, security check failed ###
     // Change password to new values.
     // Only accounts with an inactive binding may be changed.
     $Connector = Connector::getInstance();
     $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'User` SET ' . 'ExternalBinding = "none", Password = :Password, Salt = :Salt ' . 'WHERE UserId = :UserId AND (BindingActive="false" OR ExternalBinding="none") LIMIT 1');
     $UpdateQuery->bindValue(':UserId', $aUserId, PDO::PARAM_INT);
     $UpdateQuery->bindValue(':Password', $aHashedPassword, PDO::PARAM_STR);
     $UpdateQuery->bindValue(':Salt', $aSalt, PDO::PARAM_STR);
     $UpdateQuery->execute();
     return true;
 }
Exemplo n.º 7
0
function msgProfileupdate($aRequest)
{
    if (validUser()) {
        global $gGame;
        loadGameSettings();
        $UserId = UserProxy::getInstance()->UserId;
        if (validAdmin() && isset($aRequest['userId']) && $aRequest['userId'] != 0) {
            $UserId = intval($aRequest['userId']);
        }
        $Connector = Connector::getInstance();
        do {
            $Connector->beginTransaction();
            // Update password
            if (isset($aRequest['newPass']) && $aRequest['oldPass'] != '') {
                if (UserProxy::getInstance()->validateCredentials($aRequest['oldPass'])) {
                    // User authenticated with valid password
                    // change the password of the given id. ChangePassword does a check
                    // for validity (e.g. only admin may change other user's passwords)
                    $Salt = UserProxy::generateKey32();
                    $HashedPassword = NativeBinding::nativeHash($aRequest['newPass'], $Salt, 'none');
                    if (!UserProxy::changePassword($UserId, $HashedPassword, $Salt)) {
                        $Out = Out::getInstance();
                        $Out->pushError(L('PasswordLocked'));
                    }
                } else {
                    $Out = Out::getInstance();
                    $Out->pushError(L('WrongPassword'));
                }
            }
            // Update always log in
            if ($aRequest['autoAttend'] == 'true') {
                $ExistsRequest = $Connector->prepare('SELECT UserSettingId FROM `' . RP_TABLE_PREFIX . 'UserSetting` ' . 'WHERE UserId=:UserId and Name="AutoAttend" LIMIT 1');
                $ExistsRequest->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                if ($ExistsRequest->fetchFirst() == null) {
                    $AttendRequest = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (UserId, Name) VALUES (:UserId, "AutoAttend")');
                    $AttendRequest->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                    $AttendRequest->execute();
                }
            } else {
                $RemoveQuery = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'UserSetting` WHERE ' . 'UserId = :UserId AND (Name = "AutoAttend") LIMIT 1');
                $RemoveQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                $RemoveQuery->execute();
            }
            // Update vacation settings
            $Ranges = getVacationData($aRequest);
            $VacationMessage = $aRequest['vacationMessage'] == null ? '' : requestToXML($aRequest['vacationMessage'], ENT_COMPAT, 'UTF-8');
            // Revoke ranges that have been removed
            foreach ($Ranges['revoke'] as $RevokeRange) {
                $RevokeQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Raid` LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING (RaidId) ' . 'SET `' . RP_TABLE_PREFIX . 'Attendance`.Status = "undecided", Comment = "" ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND `' . RP_TABLE_PREFIX . 'Attendance`.Status = "unavailable" AND `' . RP_TABLE_PREFIX . 'Attendance`.UserId = :UserId');
                $RevokeQuery->bindValue(':Start', max($RevokeRange[0], time()), PDO::PARAM_INT);
                $RevokeQuery->bindValue(':End', max($RevokeRange[1], time()), PDO::PARAM_INT);
                $RevokeQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                $RevokeQuery->execute();
            }
            // Update already affected ranges
            foreach ($Ranges['update'] as $UpdateRange) {
                $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Raid` LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(RaidId) ' . 'SET Comment = :Message ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND UserId = :UserId AND Status = "unavailable"');
                $UpdateQuery->bindValue(':Start', $UpdateRange[0], PDO::PARAM_INT);
                $UpdateQuery->bindValue(':End', $UpdateRange[1], PDO::PARAM_INT);
                $UpdateQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                $UpdateQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR);
                $UpdateQuery->execute();
            }
            // Update/Insert new ranges
            foreach ($Ranges['new'] as $NewRange) {
                // Update all raids that already have an attendance record
                $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Raid` LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` USING(RaidId) ' . 'SET Status = "unavailable", Comment = :Message ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND UserId = :UserId');
                $UpdateQuery->bindValue(':Start', $NewRange[0], PDO::PARAM_INT);
                $UpdateQuery->bindValue(':End', $NewRange[1], PDO::PARAM_INT);
                $UpdateQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT);
                $UpdateQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR);
                $UpdateQuery->execute();
                // Find all reaids the do not have an attendance record
                $AffectedQuery = $Connector->prepare('SELECT `' . RP_TABLE_PREFIX . 'Raid`.RaidId FROM `' . RP_TABLE_PREFIX . 'Raid` ' . 'LEFT JOIN `' . RP_TABLE_PREFIX . 'Attendance` ON (`' . RP_TABLE_PREFIX . 'Raid`.RaidId = `' . RP_TABLE_PREFIX . 'Attendance`.RaidId ' . 'AND (`' . RP_TABLE_PREFIX . 'Attendance`.UserId = :UserId OR `' . RP_TABLE_PREFIX . 'Attendance`.UserId IS NULL)) ' . 'WHERE Start >= FROM_UNIXTIME(:Start) AND Start <= FROM_UNIXTIME(:End) ' . 'AND UserId IS NULL ' . 'GROUP BY RaidId');
                $AffectedQuery->bindValue(':Start', $NewRange[0], PDO::PARAM_INT);
                $AffectedQuery->bindValue(':End', $NewRange[1], PDO::PARAM_INT);
                $AffectedQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT);
                $AffectedQuery->loop(function ($aRaid) use(&$Connector, $UserId, $VacationMessage) {
                    // Set user to unavailable
                    $InsertQuery = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'Attendance` ' . '(UserId, RaidId, Status, Comment) ' . 'VALUES (:UserId, :RaidId, "unavailable", :Message)');
                    $InsertQuery->bindValue(':UserId', intval($UserId), PDO::PARAM_INT);
                    $InsertQuery->bindValue(':RaidId', $aRaid['RaidId'], PDO::PARAM_INT);
                    $InsertQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR);
                    $InsertQuery->execute();
                });
            }
            // Update user settings
            if (count($Ranges['new']) == 0 && count($Ranges['update']) == 0) {
                if (count($Ranges['revoke']) > 0) {
                    $RemoveQuery = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'UserSetting` WHERE ' . 'UserId = :UserId AND (Name = "VacationStart" OR Name = "VacationEnd" OR Name = "VacationMessage") LIMIT 3');
                    $RemoveQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                    $RemoveQuery->execute();
                }
            } else {
                if ($Ranges['SettingsFound']) {
                    $UpdateQuery = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'UserSetting` SET IntValue = :Start WHERE UserId = :UserId AND Name = "VacationStart" LIMIT 1;' . 'UPDATE `' . RP_TABLE_PREFIX . 'UserSetting` SET IntValue = :End WHERE UserId = :UserId AND Name = "VacationEnd" LIMIT 1;' . 'UPDATE `' . RP_TABLE_PREFIX . 'UserSetting` SET TextValue = :Message WHERE UserId = :UserId AND Name = "VacationMessage" LIMIT 1;');
                    $UpdateQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                    $UpdateQuery->bindValue(':Start', $aRequest['vacationStart'], PDO::PARAM_INT);
                    $UpdateQuery->bindValue(':End', $aRequest['vacationEnd'], PDO::PARAM_INT);
                    $UpdateQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR);
                    $UpdateQuery->execute();
                } else {
                    $InsertQuery = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (IntValue, UserId, Name) VALUES (:Start, :UserId, "VacationStart");' . 'INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (IntValue, UserId, Name) VALUES (:End, :UserId, "VacationEnd");' . 'INSERT INTO `' . RP_TABLE_PREFIX . 'UserSetting` (TextValue, UserId, Name) VALUES (:Message, :UserId, "VacationMessage");');
                    $InsertQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                    $InsertQuery->bindValue(':Start', $aRequest['vacationStart'], PDO::PARAM_INT);
                    $InsertQuery->bindValue(':End', $aRequest['vacationEnd'], PDO::PARAM_INT);
                    $InsertQuery->bindValue(':Message', $VacationMessage, PDO::PARAM_STR);
                    $InsertQuery->execute();
                }
            }
            // Update characters
            $CharacterQuery = $Connector->prepare('SELECT * FROM `' . RP_TABLE_PREFIX . 'Character` WHERE UserId = :UserId AND Game = :Game ORDER BY Name');
            $CharacterQuery->bindValue(':UserId', $UserId, PDO::PARAM_INT);
            $CharacterQuery->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR);
            $ValidCharacterIds = array();
            $UpdatedCharacteIds = array();
            $CharacterQuery->loop(function ($Data) use(&$ValidCharacterIds) {
                array_push($ValidCharacterIds, $Data['CharacterId']);
            });
            $NumCharacters = isset($aRequest['charId']) && is_array($aRequest['charId']) ? count($aRequest['charId']) : 0;
            // Sanity check mainchar
            $FoundMainChar = false;
            for ($CharIndex = 0; $CharIndex < $NumCharacters; ++$CharIndex) {
                if ($aRequest['mainChar'][$CharIndex] == 'true') {
                    if ($FoundMainChar) {
                        $aRequest['mainChar'][$CharIndex] = 'false';
                    } else {
                        $FoundMainChar = true;
                    }
                }
            }
            if (!$FoundMainChar && $NumCharacters > 0) {
                $aRequest['mainChar'][0] = 'true';
            }
            // Update/insert chars
            for ($CharIndex = 0; $CharIndex < $NumCharacters; ++$CharIndex) {
                $CharId = $aRequest['charId'][$CharIndex];
                $ClassArray = $aRequest['charClass'][$CharIndex];
                $Classes = count($ClassArray) == 1 ? $ClassArray[0] : implode(':', $ClassArray);
                if ($CharId == 0) {
                    // Insert new character
                    $InsertChar = $Connector->prepare('INSERT INTO `' . RP_TABLE_PREFIX . 'Character` ' . '( UserId, Name, Game, Class, Mainchar, Role1, Role2 ) ' . 'VALUES ( :UserId, :Name, :Game, :Class, :Mainchar, :Role1, :Role2 )');
                    $InsertChar->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                    $InsertChar->bindValue(':Name', requestToXML($aRequest['name'][$CharIndex], ENT_COMPAT, 'UTF-8'), PDO::PARAM_STR);
                    $InsertChar->bindValue(':Game', $gGame['GameId'], PDO::PARAM_STR);
                    $InsertChar->bindValue(':Class', $Classes, PDO::PARAM_STR);
                    $InsertChar->bindValue(':Mainchar', $aRequest['mainChar'][$CharIndex], PDO::PARAM_STR);
                    $InsertChar->bindValue(':Role1', $aRequest['role1'][$CharIndex], PDO::PARAM_STR);
                    $InsertChar->bindValue(':Role2', $aRequest['role2'][$CharIndex], PDO::PARAM_STR);
                    if (!$InsertChar->execute()) {
                        $Connector->rollBack();
                        return;
                    }
                } else {
                    if (in_array($CharId, $ValidCharacterIds)) {
                        // Update character
                        array_push($UpdatedCharacteIds, $CharId);
                        $UpdateChar = $Connector->prepare('UPDATE `' . RP_TABLE_PREFIX . 'Character` ' . 'SET Class = :Class, Mainchar = :Mainchar, Role1 = :Role1, Role2 = :Role2 ' . 'WHERE CharacterId = :CharacterId AND UserId = :UserId');
                        $UpdateChar->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                        $UpdateChar->bindValue(':CharacterId', $CharId, PDO::PARAM_INT);
                        $UpdateChar->bindValue(':Class', $Classes, PDO::PARAM_STR);
                        $UpdateChar->bindValue(':Mainchar', $aRequest['mainChar'][$CharIndex], PDO::PARAM_STR);
                        $UpdateChar->bindValue(':Role1', $aRequest['role1'][$CharIndex], PDO::PARAM_STR);
                        $UpdateChar->bindValue(':Role2', $aRequest['role2'][$CharIndex], PDO::PARAM_STR);
                        if (!$UpdateChar->execute()) {
                            $Connector->rollBack();
                            return;
                        }
                    }
                }
            }
            $IdsToRemove = array_diff($ValidCharacterIds, $UpdatedCharacteIds);
            foreach ($IdsToRemove as $CharId) {
                // Remove character
                $DropChar = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Character` ' . 'WHERE CharacterId = :CharacterId AND UserId = :UserId');
                $DropAttendance = $Connector->prepare('DELETE FROM `' . RP_TABLE_PREFIX . 'Attendance` ' . 'WHERE CharacterId = :CharacterId AND UserId = :UserId');
                $DropChar->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                $DropChar->bindValue(':CharacterId', $CharId, PDO::PARAM_INT);
                $DropAttendance->bindValue(':UserId', $UserId, PDO::PARAM_INT);
                $DropAttendance->bindValue(':CharacterId', $CharId, PDO::PARAM_INT);
                if (!$DropChar->execute()) {
                    $Connector->rollBack();
                    return;
                }
                if (!$DropAttendance->execute()) {
                    $Connector->rollBack();
                    return;
                }
            }
        } while (!$Connector->commit());
        UserProxy::getInstance()->updateCharacters();
        msgQueryProfile($aRequest);
    } else {
        $Out = Out::getInstance();
        $Out->pushError(L('AccessDenied'));
    }
}