if ($char->online) {
$session->setMessageData("Cannot change {$char->name}'s slot. He/she is currenty online.");
$this->redirect();
}
if (count($_POST)) {
if (!$params->get('changeslot')) {
$this->deny();
}
$slot = (int) $params->get('slot');
if ($slot > $server->maxCharSlots) {
$errorMessage = "Slot number must not be greater than {$server->maxCharSlots}.";
} elseif ($slot < 1) {
$errorMessage = 'Slot number must be a number greater than zero.';
} elseif ($slot === (int) $char->char_num + 1) {
$errorMessage = 'Please choose a different slot.';
} elseif (!Flux_Security::csrfValidate('SlotEdit', $_POST, $error)) {
$errorMessage = $error;
} else {
$sql = "SELECT char_id, name, online FROM {$server->charMapDatabase}.`char` AS ch ";
$sql .= "WHERE account_id = ? AND char_num = ? AND char_id != ?";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($char->account_id, $slot - 1, $charID));
$otherChar = $sth->fetch();
if ($otherChar) {
if ($otherChar->online) {
$errorMessage = "{$otherChar->name} is using that slot, and is currently online.";
} else {
$sql = "UPDATE {$server->charMapDatabase}.`char` SET `char`.char_num = ?";
$sql .= "WHERE `char`.char_id = ?";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($char->char_num, $otherChar->char_id));
}
$this->loginRequired();
$title = Flux::message('MailerTitle');
$preview = '';
if (count($_POST)) {
$prev = (bool) $params->get('_preview');
$to = trim($params->get('to'));
$subject = trim($params->get('subject'));
$body = trim($params->get('body'));
if (!$to) {
$errorMessage = Flux::message('MailerEnterToAddress');
} elseif (!$subject) {
$errorMessage = Flux::message('MailerEnterSubject');
} elseif (!$body) {
$errorMessage = Flux::message('MailerEnterBodyText');
} elseif (!Flux_Security::csrfValidate('Mailer', $_POST, $error)) {
$errorMessage = $error;
}
if (empty($errorMessage)) {
if ($prev) {
require_once 'markdown/markdown.php';
$preview = Markdown($body);
} else {
require_once 'Flux/Mailer.php';
$mail = new Flux_Mailer();
$opts = array('_ignoreTemplate' => true, '_useMarkdown' => true);
if ($mail->send($to, $subject, $body, $opts)) {
$session->setMessageData(sprintf(Flux::message('MailerEmailHasBeenSent'), $to));
$this->redirect();
} else {
$errorMessage = Flux::message('MailerFailedToSend');
$info = trim($params->get('info'));
$image = $files->get('image');
$useExisting = (int) $params->get('use_existing');
if (!$cost) {
$errorMessage = 'Você deve colocar um custo de crédito maior que zero.';
} elseif ($cost > $maxCost) {
$errorMessage = "O custo do item não pode exceder {$maxCost}.";
} elseif (!$quantity) {
$errorMessage = 'Você deve colocar uma quantidade maior que zero.';
} elseif ($quantity > 1 && !$stackable) {
$errorMessage = 'Este item não é acumulável. Quantidade deve ser 1.';
} elseif ($quantity > $maxQty) {
$errorMessage = "A quantidade máxima não pode exceder {$maxQty}.";
} elseif (!$info) {
$errorMessage = 'Você deve colocar alguma informação sobre o item.';
} elseif (!Flux_Security::csrfValidate('ItemShopEdit', $_POST, $error)) {
$errorMessage = $error;
} else {
if ($shop->edit($shopItemID, $category, $cost, $quantity, $info, $useExisting)) {
if ($image && $image->get('size') && !$shop->uploadShopItemImage($shopItemID, $image)) {
$errorMessage = 'Falha ao fazer upload da imagem.';
} else {
$session->setMessageData('Item foi modificado com sucesso.');
$this->redirect($this->url('purchase'));
}
} else {
$errorMessage = 'Falha ao modificar item.';
}
}
}
if (empty($category)) {
$errorMessage = 'Weight must be a number.';
} elseif (!is_null($atk) && !ctype_digit($atk)) {
$errorMessage = 'ATK must be a number.';
} elseif (!is_null($matk) && !ctype_digit($matk)) {
$errorMessage = 'MATK must be a number.';
} elseif (!is_null($defense) && !ctype_digit($defense)) {
$errorMessage = 'Defense must be a number.';
} elseif (!is_null($range) && !ctype_digit($range)) {
$errorMessage = 'Range must be a number.';
} elseif (!is_null($weaponLevel) && !ctype_digit($weaponLevel)) {
$errorMessage = 'Weapon level must be a number.';
} elseif (!is_null($equipLevelMin) && !ctype_digit($equipLevelMin)) {
$errorMessage = 'Minimum equip level must be a number.';
} elseif (!is_null($equipLevelMax) && !ctype_digit($equipLevelMax)) {
$errorMessage = 'Maximum equip level must be a number.';
} elseif (!Flux_Security::csrfValidate('ItemAdd', $_POST, $error)) {
$errorMessage = $error;
} else {
if (empty($errorMessage) && is_array($equipLocs)) {
$locs = Flux::getEquipLocationList();
foreach ($equipLocs as $bit) {
if (!array_key_exists($bit, $locs)) {
$errorMessage = 'Invalid equip location specified.';
$equipLocs = null;
break;
}
}
}
if (empty($errorMessage) && is_array($equipUpper)) {
$upper = Flux::getEquipUpperList();
foreach ($equipUpper as $bit) {
$errorMessage = sprintf(Flux::message('PasswordTooLong'), $passwordMinLength, Flux::config('MaxPasswordLength'));
} elseif (!$confirmNewPassword) {
$errorMessage = Flux::message('ConfirmNewPassword');
} elseif ($newPassword != $confirmNewPassword) {
$errorMessage = Flux::message('PasswordsDoNotMatch');
} elseif ($newPassword == $currentPassword) {
$errorMessage = Flux::message('NewPasswordSameAsOld');
} elseif (Flux::config('PasswordMinUpper') > 0 && preg_match_all('/[A-Z]/', $newPassword, $matches) < $passwordMinUpper) {
$errorMessage = sprintf(Flux::message('NewPasswordNeedUpper'), $passwordMinUpper);
} elseif (Flux::config('PasswordMinLower') > 0 && preg_match_all('/[a-z]/', $newPassword, $matches) < $passwordMinLower) {
$errorMessage = sprintf(Flux::message('NewPasswordNeedLower'), $passwordMinLower);
} elseif (Flux::config('PasswordMinNumber') > 0 && preg_match_all('/[0-9]/', $newPassword, $matches) < $passwordMinNumber) {
$errorMessage = sprintf(Flux::message('NewPasswordNeedNumber'), $passwordMinNumber);
} elseif (Flux::config('PasswordMinSymbol') > 0 && preg_match_all('/[^A-Za-z0-9]/', $newPassword, $matches) < $passwordMinSymbol) {
$errorMessage = sprintf(Flux::message('NewPasswordNeedSymbol'), $passwordMinSymbol);
} elseif (!Flux_Security::csrfValidate('PasswordEdit', $_POST, $error)) {
$errorMessage = $error;
} else {
$sql = "SELECT user_pass AS currentPassword FROM {$server->loginDatabase}.login WHERE account_id = ?";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($session->account->account_id));
$account = $sth->fetch();
$useMD5 = $session->loginServer->config->getUseMD5();
$currentPassword = $useMD5 ? Flux::hashPassword($currentPassword) : $currentPassword;
$newPassword = $useMD5 ? Flux::hashPassword($newPassword) : $newPassword;
if ($currentPassword != $account->currentPassword) {
$errorMessage = Flux::message('OldPasswordInvalid');
} else {
$sql = "UPDATE {$server->loginDatabase}.login SET user_pass = ? WHERE account_id = ?";
$sth = $server->connection->getStatement($sql);
if ($sth->execute(array($newPassword, $session->account->account_id))) {
}
if (count($_POST)) {
if (!$hasNecessaryFunds || !$params->get('changegender')) {
$this->deny();
}
$classes = array();
foreach ($session->loginAthenaGroup->athenaServers as $athenaServer) {
$sql = "SELECT COUNT(1) AS num FROM {$athenaServer->charMapDatabase}.`char` WHERE account_id = ? AND `class` IN (" . implode(',', array_fill(0, count($badJobs), '?')) . ")";
$sth = $athenaServer->connection->getStatement($sql);
$sth->execute(array_merge(array($session->account->account_id), array_keys($badJobs)));
if ($sth->fetch()->num) {
$errorMessage = sprintf(Flux::message('GenderChangeBadChars'), implode(', ', array_values($badJobs)));
break;
}
}
if (empty($errorMessage) && !Flux_Security::csrfValidate('GenderEdit', $_POST, $error)) {
$errorMessage = $error;
}
if (empty($errorMessage)) {
$sex = $session->account->sex == 'M' ? 'F' : 'M';
$sql = "UPDATE {$server->loginDatabase}.login SET sex = ? WHERE account_id = ?";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($sex, $session->account->account_id));
$changeTimes = (int) $session->loginServer->getPref($session->account->account_id, 'NumberOfGenderChanges');
$session->loginServer->setPref($session->account->account_id, 'NumberOfGenderChanges', $changeTimes + 1);
if ($cost && !$auth->allowedToAvoidSexChangeCost) {
$session->loginServer->depositCredits($session->account->account_id, -$cost);
$session->setMessageData(sprintf(Flux::message('GenderChanged'), $cost));
} else {
$session->setMessageData(Flux::message('GenderChangedForFree'));
}
if (!defined('FLUX_ROOT')) {
exit;
}
$this->loginRequired();
$title = 'Área de Confirmação';
if ($server->cart->isEmpty()) {
$session->setMessageData('Seu carrinho está vazio.');
$this->redirect($this->url('purchase'));
} elseif (!$server->cart->hasFunds()) {
$session->setMessageData('Você não tem saldo o suficiente para fazer essa transação!');
$this->redirect($this->url('purchase'));
}
$items = $server->cart->getCartItems();
if (count($_POST) && $params->get('process')) {
if (!Flux_Security::csrfValidate('PurchaseCheckOut', $_POST, $error)) {
$session->setMessageData($error);
$this->redirect($this->url('purchase', 'checkout'));
}
$redeemTable = Flux::config('FluxTables.RedemptionTable');
$creditTable = Flux::config('FluxTables.CreditsTable');
$deduct = 0;
$sql = "INSERT INTO {$server->charMapDatabase}.{$redeemTable} ";
$sql .= "(nameid, quantity, cost, account_id, char_id, redeemed, redemption_date, purchase_date, credits_before, credits_after) ";
$sql .= "VALUES (?, ?, ?, ?, NULL, 0, NULL, NOW(), ?, ?)";
$sth = $server->connection->getStatement($sql);
$balance = $session->account->balance;
foreach ($items as $item) {
$creditsAfter = $balance - $item->shop_item_cost;
$res = $sth->execute(array($item->shop_item_nameid, $item->shop_item_qty, $item->shop_item_cost, $session->account->account_id, $balance, $creditsAfter));
if ($res) {
<?php
if (!defined('FLUX_ROOT')) {
exit;
}
$this->loginRequired();
$shopItemID = $params->get('id');
if (!$shopItemID) {
$this->deny();
}
if (!Flux_Security::csrfValidate('Session', $_GET, $error)) {
$session->setMessageData($error);
$this->redirect($this->url('purchase'));
}
require_once 'Flux/ItemShop.php';
$shop = new Flux_ItemShop($server);
$shop->deleteShopItemImage($shopItemID);
$session->setMessageData('Shop item image has been deleted.');
$this->redirect($this->referer);
$list = $params->get('list');
if (!$auth->allowedToRemoveIpBan || !$list) {
$this->deny();
}
$sql = "SELECT list FROM {$server->loginDatabase}.ipbanlist ";
$sql .= "WHERE rtime > NOW() AND list = ? LIMIT 1";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($list));
$ipban = $sth->fetch();
if (count($_POST)) {
if (!$params->get('remipban')) {
$this->deny();
}
$reason = trim($params->get('reason'));
if (!$list) {
$errorMessage = Flux::message('IpbanEnterIpPattern');
} elseif (!preg_match('/^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|\\*)\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|\\*)\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|\\*)$/', $list, $m)) {
$errorMessage = Flux::message('IpbanInvalidPattern');
} elseif (!$reason) {
$errorMessage = Flux::message('IpbanEnterRemoveReason');
} elseif (!$ipban || !$ipban->list) {
$errorMessage = sprintf(Flux::message('IpbanNotBanned'), $list);
} elseif (!Flux_Security::csrfValidate('IPBanRemove', $_POST, $error)) {
$errorMessage = $error;
} elseif ($server->loginServer->removeIpBan($session->account->account_id, $reason, $list)) {
$session->setMessageData(sprintf(Flux::message('IpbanPatternUnbanned'), $list));
$this->redirect($this->url('ipban'));
} else {
$errorMessage = Flux::message('IpbanRemoveFailed');
}
}
<?php
if (!defined('FLUX_ROOT')) {
exit;
}
$this->loginRequired();
$title = Flux::message('TransferTitle');
if (count($_POST)) {
if ($session->account->balance) {
$credits = (int) $params->get('credits');
$charName = trim($params->get('char_name'));
if (!$credits || $credits < 1) {
$errorMessage = Flux::message('TransferGreaterThanOne');
} elseif (!$charName) {
$errorMessage = Flux::message('TransferEnterCharName');
} elseif (!Flux_Security::csrfValidate('TransferCredit', $_POST, $error)) {
$errorMessage = $error;
} else {
$res = $server->transferCredits($session->account->account_id, $charName, $credits);
if ($res === -3) {
$errorMessage = sprintf(Flux::message('TransferNoCharExists'), $charName);
} elseif ($res === -2) {
$errorMessage = Flux::message('TransferNoBalance');
} elseif ($res !== true) {
$errorMessage = Flux::message('TransferUnexpectedError');
} else {
$session->setMessageData(Flux::message('TransferSuccessful'));
$this->redirect();
}
}
} else {
$this->loginRequired();
$charID = $params->get('id');
if (!$charID) {
$this->deny();
}
$char = $server->getCharacter($charID);
if ($char) {
if ($char->account_id != $session->account->account_id && !$auth->allowedToModifyCharPrefs) {
$this->deny();
}
$prefs = $server->getPrefs($charID, array('HideFromWhosOnline', 'HideMapFromWhosOnline', 'HideFromZenyRanking'));
$hideFromWhosOnline = $prefs->get('HideFromWhosOnline');
$hideMapFromWhosOnline = $prefs->get('HideMapFromWhosOnline');
$hideFromZenyRanking = $prefs->get('HideFromZenyRanking');
if (count($_POST)) {
if (!Flux_Security::csrfValidate('CharacterPreferences', $_POST, $error)) {
$errorMessage = $error;
} else {
$set = array();
$set['HideFromWhosOnline'] = $params->get('hide_from_whos_online') ? 1 : null;
$set['HideMapFromWhosOnline'] = $params->get('hide_map_from_whos_online') ? 1 : null;
if ($auth->allowedToHideFromZenyRank) {
$set['HideFromZenyRanking'] = $params->get('hide_from_zeny_ranking') ? 1 : null;
}
$res = $server->setPrefs($charID, $set);
if ($res) {
$session->setMessageData('Preferências foram modificadas.');
$this->redirect($this->urlWithQs);
} else {
$errorMessage = 'Falha ao modificar preferências.';
}
$partner = $server->getCharacter($char->partner_id);
if (!$partner) {
$session->setMessageData(Flux::message('DivorceInvalidPartner'));
$this->redirect($this->referer);
}
$child = false;
if ($char->child && !($child = $server->getCharacter($char->child))) {
$session->setMessageData(Flux::message('DivorceInvalidChild'));
$this->redirect($this->referer);
}
if ($char->online || $partner->online || !Flux::config('DivorceKeepChild') && $child && $child->online) {
$session->setMessageData(sprintf(Flux::message(Flux::config('DivorceKeepChild') ? 'DivorceMustBeOffline' : 'DivorceMustBeOffline2'), $char->name));
$this->redirect($this->referer);
}
if (count($_POST) && $params->get('divorce')) {
if (!Flux_Security::csrfValidate('Divorce', $_POST, $error)) {
$session->setMessageData($error);
$this->redirect($this->referer);
}
$sql = "UPDATE {$server->charMapDatabase}.`char` SET partner_id = 0 ";
if (!Flux::config('DivorceKeepChild')) {
$sql .= ", child = 0 ";
}
$sql .= "WHERE char_id IN (?, ?)";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($charID, $char->partner_id));
if (!Flux::config('DivorceKeepChild') && $child) {
$sql = "UPDATE {$server->charMapDatabase}.`char` SET father = 0, mother = 0 WHERE char_id = ?";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($char->child));
}
<?php
if (!defined('FLUX_ROOT')) {
exit;
}
$this->loginRequired();
if (!count($_POST) || !$params->get('unban')) {
$this->deny();
}
if (!($unbanList = $params->get('unban_list')) instanceof Flux_Config || !count($unbanList = $unbanList->toArray())) {
$session->setMessageData(Flux::message('IpbanNothingToUnban'));
} elseif (!Flux_Security::csrfValidate('IPUnban', $_POST, $error)) {
$session->setMessageData($error);
} else {
$reason = trim($params->get('reason'));
if (!$reason) {
$session->setMessageData(Flux::message('IpbanEnterUnbanReason'));
} else {
$didAllSucceed = true;
$numFailed = 0;
foreach ($unbanList as $unban) {
if (!$server->loginServer->removeIpBan($session->account->account_id, $reason, $unban)) {
$didAllSucceed = false;
$numFailed++;
}
}
if ($didAllSucceed) {
$session->setMessageData(Flux::message('IpbanUnbanned'));
} else {
$session->setMessageData(sprintf(Flux::message('IpbanUnbanFailed'), $numFailed));
}
