function trymove($name, $login, $zone) { global $language, $charmovezones; if (!$login || !$zone || !$name) { return $login . " / " . $name . " / " . $zone . " - one or more fields was left blank"; } if (!preg_match("/^[a-zA-Z]*\\z/", $name)) { return $login . " / " . $name . " / " . $zone . " - character name contains illegal characters"; } //if (!preg_match("/^[a-zA-Z]*\z/", $login)) return $login." / ".$name." / ".$zone." - login contains illegal characters"; if (!preg_match("/^[a-zA-Z]*\\z/", $zone)) { return $login . " / " . $name . " / " . $zone . " - zone contains illegal characters"; } if (!$charmovezones[$zone]) { return $login . " / " . $name . " / " . $zone . " - zone is not a legal selection"; } //get zone id, and verify shortname from db $template = "SELECT `long_name`, `short_name`, `zoneidnumber` FROM `zone` " . "WHERE LCASE(`short_name`)='%s' " . "LIMIT 1"; $query = sprintf($template, mysql_real_escape_string(strtolower($zone))); if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //added 9/28/2014 $result = mysql_query($query); if (!mysql_num_rows($result)) { return $login . " / " . $name . " / " . $zone . " - zone database error"; } $row = mysql_fetch_array($result); $zonesn = $row['short_name']; $zoneln = $row['long_name']; $zoneid = $row['zoneidnumber']; //verify acct info is correct //updated character table name 9/26/2014 $template = "SELECT `character_data`.`id` FROM `character_data` " . "JOIN `account` " . " ON `account`.`id` = `character_data`.`account_id` " . "WHERE LCASE(`account`.`name`)='%s' " . " AND LCASE(`character_data`.`name`)='%s' " . "LIMIT 1"; $query = sprintf($template, mysql_real_escape_string(strtolower($login)), mysql_real_escape_string(strtolower($name))); if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //added 9/28/2014 $result = mysql_query($query); if (!mysql_num_rows($result)) { sleep(2); return $login . " / " . $name . " / " . $zone . " - Login or character name was not correct"; } $row = mysql_fetch_array($result); $charid = $row['id']; //move em // updated character table name, zone id column name, and removed zonename 9/26/2014 $template = "UPDATE `character_data` " . "SET `zone_id` = '%s' " . " ,`x` = '%s' " . " ,`y` = '%s' " . " ,`z` = '%s' " . "WHERE `id`='%s' "; $query = sprintf($template, mysql_real_escape_string($zoneid), mysql_real_escape_string($charmovezones[$zone]['x']), mysql_real_escape_string($charmovezones[$zone]['y']), mysql_real_escape_string($charmovezones[$zone]['z']), mysql_real_escape_string($charid)); if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //added 9/28/2014 $result = mysql_query($query); return $login . " / " . $name . " - moved to " . $zoneln; }
/** Runs '$query' and returns the value of '$field' of the first (arbitrarily) found row * If no row is selected by '$query', returns an emty string */ function GetFieldByQuery($field, $query) { if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //added 9/28/2014 $QueryResult = mysql_query($query) or mymessage_die('mysql.php', 'GetFiedByQuery', $query, mysql_error()); if (mysql_num_rows($QueryResult) > 0) { $rows = mysql_fetch_array($QueryResult) or message_die('mysql.php', 'GetFiedByQuery', "MYSQL_FETCH_ARRAY", mysql_error()); $Result = $rows[$field]; } else { $Result = ""; } return $Result; }
$charName = $_GET['char']; } //character initializations - rewritten 9/28/2014 $char = new profile($charName); //the profile class will sanitize the character name $charID = $char->char_id(); $name = $char->GetValue('name'); $mypermission = GetPermissions($char->GetValue('gm'), $char->GetValue('anon'), $char->char_id()); //block view if user level doesnt have permission if ($mypermission['corpses']) { message_die($language['MESSAGE_ERROR'], $language['MESSAGE_ITEM_NO_VIEW']); } // pull the characters corpses from the DB $query = "SELECT zone.short_name, zone.zoneidnumber, character_corpses.isburried, character_corpses.x, character_corpses.y, character_corpses.rezzed, character_corpses.timeofdeath FROM zone, character_corpses WHERE character_corpses.charid = " . $charID . " AND zone.zoneidnumber = character_corpses.zoneid ORDER BY character_corpses.timeofdeath DESC;"; if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //added 9/28/2014 $results = mysql_query($query); if (!mysql_num_rows($results)) { message_die($language['CORPSE_CORPSES'] . " - " . $name, $language['MESSAGE_NO_CORPSES']); } //drop page $d_title = " - " . $name . $language['PAGE_TITLES_CORPSE']; include "include/header.php"; //build body template $template->set_filenames(array('corpse' => 'corpse_body.tpl')); $template->assign_vars(array('NAME' => $name, 'L_REZZED' => $language['CORPSE_REZZED'], 'L_TOD' => $language['CORPSE_TOD'], 'L_LOC' => $language['CORPSE_LOC'], 'L_MAP' => $language['CORPSE_MAP'], 'L_CORPSES' => $language['CORPSE_CORPSES'], 'L_AAS' => $language['BUTTON_AAS'], 'L_KEYS' => $language['BUTTON_KEYS'], 'L_FLAGS' => $language['BUTTON_FLAGS'], 'L_SKILLS' => $language['BUTTON_SKILLS'], 'L_CORPSE' => $language['BUTTON_CORPSE'], 'L_FACTION' => $language['BUTTON_FACTION'], 'L_BOOKMARK' => $language['BUTTON_BOOKMARK'], 'L_INVENTORY' => $language['BUTTON_INVENTORY'], 'L_CHARMOVE' => $language['BUTTON_CHARMOVE'], 'L_DONE' => $language['BUTTON_DONE'])); //dump corpses while ($row = mysql_fetch_array($results)) { $template->assign_block_vars("corpses", array('REZZED' => !$row['rezzed'] ? "0" : "1", 'TOD' => $row['timeofdeath'], 'LOC' => $row['isburried'] ? "(burried)" : "(" . floor($row['y']) . ", " . floor($row['x']) . ")", 'ZONE' => $row['isburried'] ? "shadowrest" : $row['short_name'], 'ZONE_ID' => $row["zoneidnumber"], 'X' => floor($row['y']), 'Y' => floor($row['x'])));
function GetPermissions($gm, $anonlevel, $char_id) { global $permissions; $query = "SELECT value FROM quest_globals WHERE charid = {$char_id} and name = 'charbrowser_profile';"; if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //added 9/28/2014 $results = mysql_query($query); if (mysql_num_rows($results)) { $row = mysql_fetch_array($results); if ($row['value'] == 1) { return $permissions['PUBLIC']; } if ($row['value'] == 2) { return $permissions['PRIVATE']; } } if ($gm) { return $permissions['GM']; } if ($anonlevel == 2) { return $permissions['ROLEPLAY']; } if ($anonlevel == 1) { return $permissions['ANON']; } return $permissions['ALL']; }
private function _doCharacterQuery($table_name) { //build the query $template = "SELECT * FROM `%s` WHERE `id` = '%d'"; $query = sprintf($template, $table_name, $this->char_id); //gather database stats if (defined('DB_PERFORMANCE')) { dbp_query_stat('query', $query); } //get the results/error $results = mysql_query($query) or message_die('profile.php', $query, mysql_error()); //serve em up return $results; }