Exemplo n.º 1
0
function api_val_form($character_get, $con)
{
    $activeUser = $_SESSION['user'];
    if (!empty($_POST['Send_2'])) {
        $apikey_final = mysqli_real_escape_string($con, $_POST['api']);
        $vcode_final = mysqli_real_escape_string($con, $_POST['vcode']);
        $chars = array();
        if (isset($_POST['char1'])) {
            $char1 = $_POST['char1'];
            array_push($chars, $char1);
        } else {
            $char1 = "";
        }
        if (isset($_POST['char2'])) {
            $char2 = $_POST['char2'];
            array_push($chars, $char2);
        } else {
            $char2 = "";
        }
        if (isset($_POST['char3'])) {
            $char3 = $_POST['char3'];
            array_push($chars, $char3);
        } else {
            $char3 = "";
        }
        //$chars = array($char1,$char2,$char3);
        //FINAL SERVER VALIDATION #2 (just in case someone sneaks in HTML5)
        //check if characters belong to API KEY by intersecting both arrays
        $pheal2 = new Pheal($apikey_final, $vcode_final);
        $chars_api = array();
        $chars_name = array();
        $empty = array();
        $result2 = $pheal2->accountScope->APIKeyInfo();
        foreach ($result2->key->characters as $character) {
            array_push($chars_api, $character->characterID);
            array_push($chars_name, $character->characterName);
        }
        if (array_intersect(array_diff($chars, $chars_api), $chars_api) != $empty) {
            echo "Character does not belong to Eve account";
            failed_validation_2();
        } else {
            $query_insert_apikey = mysqli_query($con, "insert ignore INTO `trader`.`api` (`apikey`, `vcode`) " . "VALUES " . "('{$apikey_final}', " . "'{$vcode_final}');") or die(mysqli_error($con));
            //  print_r($chars);
            $pheal3 = new Pheal($apikey_final, $vcode_final, "char");
            foreach ($chars as $row) {
                $row;
                $response_final = $pheal3->CharacterSheet(array("characterID" => $row));
                $name_char = mysqli_real_escape_string($con, $response_final->name);
                $activeUserID = utils::mysqli_result(mysqli_query($con, "SELECT iduser FROM user WHERE username = '******'"), 0, 0);
                $check_existing_character_user = mysqli_query($con, "SELECT * FROM aggr WHERE character_eve_idcharacter = '{$row}'") or die(mysqli_error($con));
                if (mysqli_num_rows($check_existing_character_user) != 1) {
                    $query_insert_character = mysqli_query($con, "replace INTO `trader`.`characters` " . "(`eve_idcharacter`, " . "`name`, " . "`balance`, " . "`api_apikey`," . "`networth`," . "`escrow`," . "`total_sell`," . "`broker_relations`," . "`accounting`) " . "VALUES " . "({$row}, " . "'{$name_char}', " . "'0', " . "'{$apikey_final}'," . "'0'," . "'0'," . "'0'," . "'0'," . "'0');") or die(mysqli_error($con));
                } else {
                    //check if one of the provided characters already exists in the DB. We don't allow for this.
                    $checkExistingCharacter = mysqli_query($con, "SELECT name FROM v_user_characters WHERE character_eve_idcharacter IN (" . implode(",", $chars) . ") AND username != '{$activeUser}'") or die(mysqli_error($con));
                    if (mysqli_num_rows($checkExistingCharacter) > 0) {
                        $duplicates = array();
                        while ($existing_characters = mysqli_fetch_array($checkExistingCharacter)) {
                            array_push($duplicates, $existing_characters['name']);
                        }
                        echo implode(" and ", $duplicates) . " already belong to another account.";
                        echo "<meta http-equiv='refresh' content='3;URL=api_add.php?character={$character_get}'>";
                        return;
                    } else {
                        echo "Character(s) already belongs to this account";
                        echo "<meta http-equiv='refresh' content='3;URL=api_add.php?character={$row}'>";
                        return;
                    }
                }
            }
            // echo $activeUser;
            //create aggregation between characters and account
            foreach ($chars as $row2) {
                //check if the character number has been exceeded
                echo $character_count = utils::mysqli_result(mysqli_query($con, "SELECT COUNT(character_eve_idcharacter) " . "FROM aggr " . "WHERE user_iduser = "******"(SELECT iduser FROM user WHERE username = '******') "), 0, 0);
                if ($character_count >= 10) {
                    echo "You have exceeded your character limit (currently 10)";
                    echo "<meta http-equiv='refresh' content='3;URL=api_add.php?character={$character_get}'>";
                    return;
                }
                $query_insert_aggr = mysqli_query($con, "INSERT IGNORE INTO `trader`.`aggr` " . "(`idaggr`, " . "`user_iduser`, " . "`character_eve_idcharacter`) " . "VALUES " . "(NULL, " . "'{$activeUserID}', " . "'{$row2}');") or die(mysqli_error($con));
            }
            //check if everything is right before commit
            if ($query_insert_apikey && $query_insert_character && $query_insert_aggr) {
                mysqli_query($con, "COMMIT");
                echo "API added successfully." . "<br>" . "You will now logoff so we can update your new character data. <br>";
                session_destroy();
                echo "<meta http-equiv='refresh' content='5;URL=login.php'>";
            } else {
                mysqli_query($con, "ROLLBACK");
                echo "error";
            }
        }
    }
    if (!empty($_POST['Send'])) {
        $apikey = mysqli_real_escape_string($con, $_POST['api']);
        $vcode = mysqli_real_escape_string($con, $_POST['vcode']);
        //Using CURL to fetch API Access Mask
        $curl_url = "https://api.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=" . $apikey . "&vCode=" . $vcode;
        // create curl resource
        $ch = curl_init($curl_url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        // $response contains the XML response string from the API call
        $response = curl_exec($ch);
        // If curl_exec() fails/throws an error, the function will return false
        if ($response === false) {
            // Could add some 404 headers here
            echo 'Curl error: ' . curl_error($ch);
        } else {
            $apiInfo = new SimpleXMLElement($response);
            try {
                checkXML($apiInfo->result->key);
                $accessMask = (int) $apiInfo->result->key->attributes()->accessMask;
            } catch (Exception $e) {
                echo 'Error: ' . $e->getMessage();
                echo "<meta http-equiv='refresh' content='3;URL=api_add.php?character={$character_get}'>";
                return;
            }
        }
        //var_dump($apiInfo->result->key);
        // close curl resource to free up system resources
        curl_close($ch);
        if ($accessMask != '82317323' && $accessMask != '1073741823') {
            echo "Your access mask is " . $accessMask . " which has different permissions than requested. Please <a href = 'https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=82317315' target='_blank'>create one here</a> with the correct permissions and <a href= 'api_add?character?={$character_get}.php'>try again </a>.";
        } else {
            echo "<b>Choose which characters to import:</b><br>";
            //get character List from API KEY using Pheal
            $pheal = new Pheal($apikey, $vcode);
            $result = $pheal->accountScope->APIKeyInfo();
            $count = 0;
            echo "<table class='table table-striped table-bordered table-hover' id='dataTables-api'>";
            echo "<form action = 'api_add.php?character={$character_get}' method = 'POST' >";
            foreach ($result->key->characters as $character) {
                $count = $count + 1;
                echo "<tr><td>" . "<img src='https://image.eveonline.com/Character/" . $character->characterID . "_64.jpg'" . "</td><td>" . $character->characterName . "</td><td>" . "<input type = 'checkbox' name = 'char{$count}' value = '{$character->characterID}'>" . "</td></tr>";
                //there is a KEY HEADER BEFORE THE CHARACTERS ROWSET
            }
            echo "</table><br>";
            //rest of the parameters
            echo "<input type ='hidden' name='api' value='{$apikey}'>";
            echo "<input type ='hidden' name='vcode' value='{$vcode}'>";
            echo "<input type ='Submit' name='Send_2' value ='Send' class='btn btn-lg btn-success btn-block'  />";
            echo "</form>";
        }
    } else {
        api_add_form($character_get);
    }
}
Exemplo n.º 2
0
 public function updateCharacterSkills()
 {
     $db = $this->_db;
     $pheal = new Pheal($this->_keyID, $this->_vCode, 'char');
     try {
         $response = $pheal->CharacterSheet(array('characterID' => $this->_characterID));
         $stmt = $db->prepare('INSERT INTO user_characters_skills (userid,character_id,key_keyid,skill_id,' . 'skill_level) VALUES (?,?,?,?,?) ON DUPLICATE KEY UPDATE userid=VALUES(userid)' . ',key_keyid=VALUES(key_keyid),skill_level=VALUES(skill_level)');
         foreach ($response->skills as $skill) {
             $stmt->execute(array($this->_userID, $this->_characterID, $this->_keyID, $skill->typeID, $skill->level));
         }
         return true;
     } catch (\Pheal\Exceptions\PhealException $phealException) {
         // Putting the pheal exception through our test function to determine if it's a key failure, or an API server failure.
         $this->handleAPIKeyException($phealException);
         return false;
     }
 }
Exemplo n.º 3
0
 public function updateCharacterSkills()
 {
     $db = $this->db;
     $pheal = new Pheal($this->keyID, $this->vCode, 'char');
     try {
         $response = $pheal->CharacterSheet(array('characterID' => $this->characterID));
         $stmt = $db->prepare('INSERT INTO user_skills (uid,gid,charid,userid,skill,skillid,level) VALUES (?,?,?,?,?,?,?) ON DUPLICATE KEY UPDATE gid=VALUES(gid),uid=VALUES(uid),userid=VALUES(userid),level=VALUES(level)');
         $stmtnew = $db->prepare('SELECT * FROM invTypes  WHERE typeID = ?');
         foreach ($response->skills as $skill) {
             $skillID = $skill->typeID;
             $skillLevel = $skill->level;
             $stmtnew->execute(array($skill->typeID));
             $skillInfo = $stmtnew->fetchAll(PDO::FETCH_ASSOC);
             if ($skillInfo[0]['typeName'] === NULL) {
                 $failure = "SDE Failure";
             } else {
                 $stmt->execute(array($this->uid, $this->gid, $this->characterID, $this->keyID, $skillInfo[0]['typeName'], $skillID, $skillLevel));
             }
         }
         if (isset($failure)) {
             return $failure;
         } else {
             return TRUE;
         }
     } catch (\Pheal\Exceptions\PhealException $phealException) {
         // Putting the pheal exception through our test function to determine if it's a key failure, or an API server failure.
         $this->testAPIKeyStatus($phealException);
         return FALSE;
     }
 }
Exemplo n.º 4
0
 ////////////////////////////////////
 /* $xml2 = simplexml_load_file($url);
    $get_acc = $xml2->xpath('/eveapi/result/rowset/row[@typeID=16622]');
    
        if(boolval($get_acc) == 1 )
        {
            $level_acc = $get_acc[0]['level'];
        }
        else 
        {
            $level_acc = 0;   
        } */
 //Using Pheal
 $pheal_acc = new Pheal($apikey, $vcode, "char");
 //set scope
 $response = $pheal_acc->CharacterSheet(array("characterID" => $idcharacter));
 //add parameters
 foreach ($response->skills as $skills2) {
     if ($skills2->typeID == 16622) {
         $level_acc = $skills2->level;
     }
 }
 ///////////////////////////////////////
 //update All faction and corp standings
 /////////////////////////////////////////
 $pheal3 = new Pheal($apikey, $vcode, "char");
 //var_dump($apikey); var_dump($vcode); var_dump($idcharacter);
 $result3 = $pheal->Standings(array("characterID" => $idcharacter));
 //add parameters
 //$corpStandingsArray = array();
 $corpStandingsArray = array();
Exemplo n.º 5
0
function register_val($con)
{
    //require_once('includes/bootstrapper.php');
    //require_once('includes/connect.php');
    //second send validation
    if (!empty($_POST['Send_2'])) {
        $username_final = mysqli_real_escape_string($con, $_POST['username']);
        $password_final = mysqli_real_escape_string($con, $_POST['password']);
        $apikey_final = mysqli_real_escape_string($con, $_POST['api']);
        $vcode_final = mysqli_real_escape_string($con, $_POST['vcode']);
        $email_final = mysqli_real_escape_string($con, $_POST['email']);
        $reports_final = mysqli_real_escape_string($con, $_POST['reports']);
        $dt = new DateTime();
        $tz = new DateTimeZone('Europe/Lisbon');
        $dt->setTimezone($tz);
        $datetime = $dt->format('Y-m-d H:i:s');
        $chars = array();
        if (isset($_POST['char1'])) {
            $char1 = $_POST['char1'];
            array_push($chars, $char1);
        } else {
            $char1 = "";
        }
        if (isset($_POST['char2'])) {
            $char2 = $_POST['char2'];
            array_push($chars, $char2);
        } else {
            $char2 = "";
        }
        if (isset($_POST['char3'])) {
            $char3 = $_POST['char3'];
            array_push($chars, $char3);
        } else {
            $char3 = "";
        }
        //$chars = array($char1,$char2,$char3);
        //FINAL SERVER VALIDATION #2 (just in case someone sneaks in HTML5)
        if (strlen($username_final) < 5 || $username_final == "") {
            echo "Username is too short (5 characters minimum)";
            failed_validation_2();
        } else {
            if ($password_final == "") {
                echo "Input a proper password";
                failed_validation_2();
            } else {
                if (!filter_var($email_final, FILTER_VALIDATE_EMAIL)) {
                    echo "Wrong email format.";
                    failed_validation_2();
                } else {
                    if (!in_array($reports_final, array('none', 'daily', 'weekly', 'monthly'))) {
                        echo "Invalid report type selection";
                        failed_validation_2();
                    } else {
                        //check if characters belong to API KEY by intersecting both arrays
                        $pheal2 = new Pheal($apikey_final, $vcode_final);
                        $chars_api = array();
                        $chars_name = array();
                        $empty = array();
                        $result2 = $pheal2->accountScope->APIKeyInfo();
                        foreach ($result2->key->characters as $character) {
                            array_push($chars_api, $character->characterID);
                            array_push($chars_name, $character->characterName);
                        }
                        if (array_intersect(array_diff($chars, $chars_api), $chars_api) != $empty) {
                            echo "Character does not belong to account";
                            failed_validation_2();
                        } else {
                            $cost = 10;
                            //Before creating the account, let's securely hash the password:
                            $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
                            // Prefix information about the hash so PHP knows how to verify it later.
                            // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
                            $salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
                            // Hash the password with the salt
                            $password_final = crypt($password_final, $salt);
                            //Everything is validated, prepare SQL transaction
                            mysqli_query($con, "START TRANSACTION");
                            $query_insert_user = $con->prepare("INSERT INTO `trader`.`user` (" . "`iduser`, " . "`username`, " . "`registration_date`, " . "`password`, " . "`reports`, " . "`email`, `salt`, `login_count`) " . "VALUES (" . "NULL, " . "?, " . "?, " . "?, " . "?, " . "?, ?, ?);");
                            $zero = 0;
                            $query_insert_user->bind_param("ssssssi", $username_final, $datetime, $password_final, $reports_final, $email_final, $salt, $zero);
                            //ss stands for 2 strings
                            $query_insert_user->execute();
                            $last_id_user = mysqli_insert_id($con);
                            //Insert ignore because api key may already exist
                            $query_insert_apikey = mysqli_query($con, "insert ignore into `trader`.`api` (`apikey`, `vcode`) " . "VALUES " . "('{$apikey_final}', " . "'{$vcode_final}');") or die(mysqli_error($con));
                            //  print_r($chars);
                            $pheal3 = new Pheal($apikey_final, $vcode_final, "char");
                            foreach ($chars as $row) {
                                //echo $row;
                                $response_final = $pheal3->CharacterSheet(array("characterID" => $row));
                                $name_char = mysqli_real_escape_string($con, $response_final->name);
                                $checkExistingCharacter = mysqli_query($con, "SELECT name FROM v_user_characters WHERE character_eve_idcharacter IN" . "(" . implode(",", $chars) . ")") or die(mysqli_error($con));
                                if (mysqli_num_rows($checkExistingCharacter) > 0) {
                                    $duplicates = array();
                                    while ($existing_characters = mysqli_fetch_array($checkExistingCharacter)) {
                                        array_push($duplicates, $existing_characters['name']);
                                    }
                                    echo implode(" and ", $duplicates) . " already belong to another account.";
                                    echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
                                    return;
                                } else {
                                    $query_insert_character = mysqli_query($con, "replace INTO `trader`.`characters` " . "(`eve_idcharacter`, " . "`name`, " . "`balance`, " . "`api_apikey`," . "`networth`," . "`escrow`," . "`total_sell`," . "`broker_relations`," . "`accounting`) " . "VALUES " . "({$row}, " . "'{$name_char}', " . "'0', " . "'{$apikey_final}'," . "'0'," . "'0'," . "'0'," . "'0'," . "'0');") or die(mysqli_error($con));
                                }
                            }
                            //create aggregation between characters and account
                            foreach ($chars as $row2) {
                                $query_insert_aggr = mysqli_query($con, "INSERT INTO `trader`.`aggr` " . "(`idaggr`, " . "`user_iduser`, " . "`character_eve_idcharacter`) " . "VALUES " . "(NULL, " . "'{$last_id_user}', " . "'{$row2}');") or die(mysqli_error($con));
                            }
                            //check if everything is right before commit
                            if ($query_insert_user && $query_insert_apikey && $query_insert_character && $query_insert_aggr) {
                                mysqli_query($con, "COMMIT");
                                echo "Account created sucessfully" . "<br>" . "You may now login.";
                                echo "<br><br>";
                                $dt = new DateTime();
                                $tz = new DateTimeZone('Europe/Lisbon');
                                $dt->setTimezone($tz);
                                $datetime = $dt->format('Y-m-d H:i:s');
                                mysqli_query($con, "INSERT INTO `trader`.`log` (`idlog`, `user_iduser`, `type`, `datetime`) VALUES (NULL, '{$last_id_user}', 'register', '{$datetime}')") or die(mysqli_error($con));
                                redirect_login();
                            } else {
                                mysqli_query($con, "ROLLBACK");
                                echo "There was a problem creating your account. Try again.";
                                echo "<br>";
                                redirect_error();
                            }
                        }
                    }
                }
            }
        }
    } else {
        //first send validation
        if (!empty($_POST['Send'])) {
            $username = mysqli_real_escape_string($con, $_POST['username']);
            //password encryption
            $password1 = $_POST['password'];
            $password2 = $_POST['password2'];
            $cost = 10;
            // Create a random salt
            //$password1 = mysqli_real_escape_string($con,md5($_POST['password']));
            //$password2 = mysqli_real_escape_string($con,md5( $_POST['password2']));
            if ($password1 == $password2) {
                $pw_encr = $password1;
            }
            unset($_POST['password']);
            $apikey = mysqli_real_escape_string($con, $_POST['api']);
            $vcode = mysqli_real_escape_string($con, $_POST['vcode']);
            $reports = mysqli_real_escape_string($con, $_POST['reports']);
            $email = mysqli_real_escape_string($con, $_POST['email']);
            /*$pheal = new Pheal('4458709', 'vR9VUNKD3hSHD9KJRbTOUnPDiRC1Rb87ETUEbKsaxa4c9gXCtiNDNCPwKvdrt0tu');
              $result = $pheal->accountScope->APIKeyInfo();
                  foreach($result->key as $res) {echo $res->accessMask, $res->type;}
              */
            //Using CURL to fetch API Access Mask
            $curl_url = "https://api.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=" . $apikey . "&vCode=" . $vcode;
            // create curl resource
            $ch = curl_init($curl_url);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            // $response contains the XML response string from the API call
            $response = curl_exec($ch);
            // If curl_exec() fails/throws an error, the function will return false
            if ($response === false) {
                // Could add some 404 headers here
                echo 'Curl error: ' . curl_error($ch);
            } else {
                $apiInfo = new SimpleXMLElement($response);
                try {
                    checkXML($apiInfo->result->key);
                    $accessMask = (int) $apiInfo->result->key->attributes()->accessMask;
                } catch (Exception $e) {
                    echo 'Error: ' . $e->getMessage();
                    echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
                    return;
                }
            }
            // close curl resource to free up system resources
            curl_close($ch);
            //***********SERVER VALIDATION #1***************
            //check if email is already taken
            $check_email = mysqli_query($con, "SELECT email FROM user WHERE email = '{$email}'") or die(mysqli_error($con));
            if (mysqli_num_rows($check_email) != 0) {
                echo "Email is already taken";
                redirect_error();
            } else {
                //check if access mask is correct
                if ($accessMask != '82317323' && $accessMask != '1073741823') {
                    echo "Your access mask is " . $accessMask . " which has different permissions than requested. Please <a href = 'https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=82317323' target='_blank'>create one here</a> with the correct permissions and <a href= 'register.php'>try again </a>.";
                } else {
                    //check if passwords match
                    if ($password1 != $password2) {
                        echo "Your passwords must match.";
                        redirect_error();
                    } else {
                        //check if username is already taken
                        $check_username = mysqli_query($con, "SELECT username FROM user WHERE username = '******'") or die(mysqli_error($con));
                        if (mysqli_num_rows($check_username) != 0) {
                            echo "Username is already taken";
                            redirect_error();
                        } else {
                            //check if API KEY is valid
                            echo "<b>Choose which characters to import:</b><br>";
                            //get character List from API KEY using Pheal
                            $pheal = new Pheal($apikey, $vcode);
                            $result = $pheal->accountScope->APIKeyInfo();
                            $count = 0;
                            echo "<table border ='1'>";
                            echo "<form action = {$_SERVER['PHP_SELF']} method = 'POST' >";
                            foreach ($result->key->characters as $character) {
                                $count = $count + 1;
                                echo "<tr><td>" . $character->characterName . "</td><td>" . "<img src='https://image.eveonline.com/Character/" . $character->characterID . "_64.jpg'" . "</td><td>" . "<input type = 'checkbox' name = 'char{$count}' value = '{$character->characterID}'>" . "</td></tr>";
                                //there is a KEY HEADER BEFORE THE CHARACTERS ROWSET
                            }
                            echo "</table><br>";
                            //rest of the parameters
                            echo "<input type ='hidden' name='username' value='{$username}'>";
                            echo "<input type ='hidden' name='password' value='{$pw_encr}'>";
                            echo "<input type ='hidden' name='api' value='{$apikey}'>";
                            echo "<input type ='hidden' name='vcode' value='{$vcode}'>";
                            echo "<input type ='hidden' name='reports' value='{$reports}'>";
                            echo "<input type ='hidden' name='email' value='{$email}'>";
                            echo "<input type ='Submit' name='Send_2' value ='Send' class='btn btn-lg btn-success btn-block'  />";
                            echo "</form>";
                        }
                    }
                }
            }
        } else {
            register_form();
        }
    }
}