public function LookupKingdomAward($request)
{
if (valid_id($request['KingdomAwardId'])) {
$kingdomaward = new yapo($this->db, DB_PREFIX . 'kingdomaward');
$kingdomaward->clear();
$kingdomaward->kingdomaward_id = $request['KingdomAwardId'];
$kingdomaward->find();
return array($kingdomaward->award_id, $kingdomaward->kingdom_id);
}
}
public function GetParkLocations($request)
{
$this->park->clear();
$this->park->active = 'Active';
$locations = array();
if (valid_id($request['KingdomId'])) {
$this->park->kingdom_id = $request['KingdomId'];
}
$kingdoms = Ork3::$Lib->kingdom->GetKingdoms(array());
if ($this->park->find()) {
do {
$locations[] = array('Location' => $this->park->location, 'ParkId' => $this->park->park_id, 'Directions' => $this->park->directions, 'Description' => $this->park->description, 'HasHeraldry' => $this->park->has_heraldry, 'Name' => $this->park->name, 'KingdomId' => $this->park->kingdom_id, 'KingdomName' => $kingdoms['Kingdoms'][$this->park->kingdom_id]['KingdomName'], 'KingdomColor' => $kingdoms['Kingdoms'][$this->park->kingdom_id]['KingdomColor']);
} while ($this->park->next());
}
return array('Parks' => $locations);
}
function fetch_award_option_list($kingdom_id = 0)
{
if (valid_id($kingdom_id)) {
$awards = $this->Kingdom->GetAwardList(['IsLadder' => null, 'IsTitle' => null, 'KingdomId' => $kingdom_id]);
} else {
$awards = $this->Award->GetAwardList(['IsLadder' => null, 'IsTitle' => null]);
}
if ($awards['Status']['Status'] == 0) {
foreach ($awards['Awards'] as $k => $award) {
$options .= "<option value='{$award['KingdomAwardId']}'>{$award['KingdomAwardName']}</option>\n";
}
return $options;
} else {
return false;
}
}
public function __construct($call = null, $id = null)
{
parent::__construct($call, $id);
$this->load_model('Park');
$this->load_model('Kingdom');
$params = explode('/', $id);
$event_id = $params[0];
$this->data['EventDetails'] = $this->Event->get_event_details($event_id);
if ($this->data['EventDetails']['Status']['Status'] != 0) {
$this->data['Error'] = $this->data['EventDetails']['Status']['Error'];
}
if (valid_id($this->data['EventDetails']['KingdomId'])) {
$this->data['menu']['kingdom'] = ['url' => UIR . 'Kingdom/index/' . $this->data['EventDetails']['KingdomId'], 'display' => $this->data['EventDetails']['EventInfo'][0]['KingdomName']];
}
if (valid_id($this->data['EventDetails']['ParkId'])) {
$this->data['menu']['park'] = ['url' => UIR . 'Park/index/' . $this->data['EventDetails']['ParkId'], 'display' => $this->data['EventDetails']['EventInfo'][0]['ParkName']];
}
$this->data['menu']['event'] = ['url' => UIR . 'Event/index/' . $id, 'display' => $this->data['EventDetails']['Name']];
$this->data['menu']['admin'] = ['url' => UIR . 'Admin/event/' . $id, 'display' => 'Admin'];
$this->data['menulist']['admin'] = [['url' => UIR . 'Admin/event/' . $id, 'display' => 'Event']];
}
public function RemoveAward($request)
{
logtrace("RemoveAward()", $request);
$mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token']);
$awards = new yapo($this->db, DB_PREFIX . 'awards');
$awards->clear();
$awards->awards_id = $request['AwardsId'];
if (valid_id($request['AwardsId']) && $awards->find()) {
$mundane = $this->player_info($awards->mundane_id);
if (valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_PARK, $mundane['ParkId'], AUTH_EDIT)) {
$awards->delete();
} else {
return NoAuthorization();
}
} else {
return InvalidParameter();
}
}
function CacheMap($ork_t, $ork_id, $reverse = false, $ork_t_opp = null)
{
if (!valid_id($ork_id)) {
die("<h3>Must select a valid ork id!: CacheMap({$ork_t}, {$ork_id}, {$reverse} = false, {$ork_t_opp} = null)</h3>");
}
$this->cache->clear();
if ($reverse) {
$table = 'ork3_table';
$id = 'ork3_id';
$rtable = 'ork2_table';
$rid = 'ork2_id';
} else {
$table = 'ork2_table';
$id = 'ork2_id';
$rtable = 'ork3_table';
$rid = 'ork3_id';
}
$this->cache->{$table} = $ork_t;
$this->cache->{$id} = $ork_id;
if (!is_null($ork_t_opp)) {
$this->cache->{$rtable} = $ork_t_opp;
}
if ($this->cache->find()) {
return array($this->cache->{$rtable}, $this->cache->{$rid});
}
}
public function kingdom($id)
{
$params = explode('/', $id);
$id = $params[0];
if (count($params) > 1) {
$action = $params[1];
}
if (strlen($action) > 0) {
$this->request->save('Award_addawards', true);
$r = array('Status' => 0);
if (!isset($this->session->user_id)) {
header('Location: ' . UIR . "Login/login/Award/kingdom/{$id}");
} else {
switch ($action) {
case 'addaward':
if (!valid_id($this->request->Award_addawards->MundaneId)) {
$this->data['Error'] = 'You must choose a recipient. Award not added!';
break;
}
if (!valid_id($this->request->Award_addawards->AwardId)) {
$this->data['Error'] = 'You must choose an award. Award not added!';
break;
}
if (!valid_id($this->request->Award_addawards->GivenById)) {
$this->data['Error'] = 'Who gave this award? Award not added!';
break;
}
$r = $this->Player->add_player_award(array('Token' => $this->session->token, 'RecipientId' => $this->request->Award_addawards->MundaneId, 'KingdomAwardId' => $this->request->Award_addawards->AwardId, 'Rank' => $this->request->Award_addawards->Rank, 'Date' => $this->request->Award_addawards->Date, 'GivenById' => $this->request->Award_addawards->GivenById, 'Note' => $this->request->Award_addawards->Note, 'ParkId' => valid_id($this->request->Award_addawards->ParkId) ? $this->request->Award_addawards->ParkId : 0, 'KingdomId' => valid_id($this->request->Award_addawards->KingdomId) ? $this->request->Award_addawards->KingdomId : 0, 'EventId' => valid_id($this->request->Award_addawards->EventId) ? $this->request->Award_addawards->EventId : 0));
break;
}
if ($r['Status'] == 0) {
$this->data['Message'] = 'Award recorded for ' . $this->request->Award_addawards->GivenTo;
$this->request->clear('Player_index');
unset($_REQUEST['MundaneId']);
unset($_REQUEST['AwardId']);
unset($_REQUEST['Rank']);
unset($_REQUEST['Note']);
unset($_REQUEST['GivenTo']);
$this->request->save('Award_addawards', true);
} else {
if ($r['Status'] == 5) {
header('Location: ' . UIR . "Login/login/Award/kingdom/{$id}");
} else {
$this->data['Error'] = $r['Error'] . ':<p>' . $r['Detail'];
}
}
}
}
$this->template = 'Award_addawards.tpl';
if ($this->request->exists('Award_addawards')) {
$this->data['Award_addawards'] = $this->request->Award_addawards->Request;
}
$this->data['AwardOptions'] = $this->Award->fetch_award_option_list($this->session->kingdom_id);
$this->data['Id'] = $id;
}
public function RemoveAttendance($request)
{
logtrace("Attendance->RemoveAttendance()", $request);
if ($this->AttendanceAuthority($request) === false) {
return NoAuthorization();
}
$this->attendance->clear();
$this->attendance->attendance_id = $request['AttendanceId'];
if (!valid_id($request['AttendanceId']) || !$this->attendance->find()) {
return InvalidParameter();
}
$this->attendance->delete();
return Success($this->attendance->attendance_id);
}
public function GetActivePlayers($request)
{
if (strlen($request['MinimumWeeklyAttendance']) == 0) {
$request['MinimumWeeklyAttendance'] = 0;
}
if (strlen($request['MinimumDailyAttendance']) == 0) {
$request['MinimumDailyAttendance'] = 6;
}
if (strlen($request['MonthlyCreditMaximum']) == 0) {
$request['MonthlyCreditMaximum'] = 6;
}
if (strlen($request['MinimumCredits']) == 0) {
$request['MinimumCredits'] = 9;
}
if (strlen($request['PerWeeks']) == 0 && strlen($request['PerMonths']) == 0) {
$request['PerMonths'] = 6;
}
if (strlen($request['ReportFromDate']) == 0) {
$request['ReportFromDate'] = 'curdate()';
}
if (strlen($request['PerWeeks']) > 0) {
$per_period = mysql_real_escape_string($request['PerWeeks']) . ' week';
} else {
$per_period = mysql_real_escape_string($request['PerMonths']) . ' month';
}
if (valid_id($request['ParkId'])) {
$location = " and m.park_id = '" . mysql_real_escape_string($request['ParkId']) . "'";
$duesclause = "a.park_id = '" . mysql_real_escape_string($request['ParkId']) . "'";
if (valid_id($request['ByLocalPark'])) {
$park_comparator = " and a.park_id = '" . mysql_real_escape_string($request['ParkId']) . "' ";
}
} else {
if (strlen($request['KingdomId']) > 0 && $request['KingdomId'] > 0) {
$location = " and m.kingdom_id = '" . mysql_real_escape_string($request['KingdomId']) . "'";
$duesclause = "a.kingdom_id = '" . mysql_real_escape_string($request['KingdomId']) . "'";
if (valid_id($request['ByKingdom'])) {
$park_list = Ork3::$Lib->Kingdom->GetParks($request);
$parks = array();
foreach ($park_list['Parks'] as $p => $park) {
$parks[] = $p['ParkId'];
}
$park_comparator = " and a.park_id in (" . implode($parks) . ") ";
}
} else {
$park_comparator = "";
}
}
if ($request['KingdomId'] > 0 || $request['ParkId'] > 0) {
if ($request['DuesPaid']) {
$has_dues = "and s.is_dues = 1";
}
$duespaid_clause = "\n\t\t\t\t\tleft join \n\t\t\t\t\t\t(select distinct case split_id when null then 0 else 1 end as split_id, src_mundane_id \n\t\t\t\t\t\t\tfrom " . DB_PREFIX . "split s \n\t\t\t\t\t\t\tleft join " . DB_PREFIX . "account a on s.account_id = a.account_id \n\t\t\t\t\t\t\t\tand {$duesclause}\n\t\t\t\t\t\t\t\t{$has_dues}\n\t\t\t\t\t\t\twhere s.dues_through > curdate()) dues on attendance_summary.mundane_id = dues.src_mundane_id\n\t\t\t";
$duespaid_field = ',
ifnull(split_id,0) as duespaid';
$duespaid_order = 'duespaid desc, ';
}
if (trimlen($request['Peerage']) > 0) {
$peerage = "\n left join\n (select distinct awards.mundane_id, award.peerage \n from " . DB_PREFIX . "awards awards\n left join " . DB_PREFIX . "kingdomaward ka on ka.kingdomaward_id = awards.kingdomaward_id\n left join " . DB_PREFIX . "award award on ka.award_id = award.award_id\n left join " . DB_PREFIX . "mundane m on awards.mundane_id = m.mundane_id\n where award.peerage = '" . mysql_real_escape_string($request['Peerage']) . "' and awards.mundane_id > 0 {$location}\n group by awards.mundane_id\n ) peers on attendance_summary.mundane_id = peers.mundane_id\n ";
$peerage_clause = "and peers.peerage = '" . mysql_real_escape_string($request['Peerage']) . "'";
$peer_field = 'peers.peerage, ';
}
if ($request['Waivered']) {
$waiver_clause = ' and m.waivered = 1';
} else {
if ($request['UnWaivered']) {
$waiver_clause = ' and m.waivered = 0';
}
}
$sql = "\n select main_summary.*, total_monthly_credits, credit_counts.daily_credits, credit_counts.rop_limited_credits\n from\n (select \n \t\t\t\t\t\t{$peer_field} count(week) as weeks_attended, sum(weekly_attendance) as park_days_attended, sum(daily_attendance) as days_attended, sum(credits_earned) total_credits, attendance_summary.mundane_id, \n \t\t\t\t\t\t\tmundane.persona, kingdom.kingdom_id, park.park_id, kingdom.name kingdom_name, kingdom.parent_kingdom_id, park.name park_name, attendance_summary.waivered {$duespaid_field}\n \t\t\t\t\tfrom\n \t\t\t\t\t\t(select \n \t\t\t\t\t\t\t\ta.park_id > 0 as weekly_attendance, count(a.park_id > 0) as daily_attendance, a.mundane_id, \n week(a.date,3) as week, year(a.date) as year, a.kingdom_id, a.park_id, max(credits) as credits_earned, m.waivered \n \t\t\t\t\t\t\tfrom " . DB_PREFIX . "attendance a\n \t\t\t\t\t\t\t\tleft join " . DB_PREFIX . "mundane m on a.mundane_id = m.mundane_id\n \t\t\t\t\t\t\twhere \n date > adddate(curdate(), interval -{$per_period}) {$park_comparator} {$location} {$waiver_clause}\n \t\t\t\t\t\t\tgroup by week(date,3), year(date), mundane_id) attendance_summary \n \t\t\t\t\tleft join " . DB_PREFIX . "mundane mundane on mundane.mundane_id = attendance_summary.mundane_id\n \t\t\t\t\t\tleft join " . DB_PREFIX . "kingdom kingdom on kingdom.kingdom_id = mundane.kingdom_id\n \t\t\t\t\t\tleft join " . DB_PREFIX . "park park on park.park_id = mundane.park_id\n \t\t\t\t\t{$duespaid_clause}\n {$peerage}\n \t\t\t\t\tgroup by mundane_id\n \t\t\t\t\thaving\n \t\t\t\t\t\tweeks_attended >= '" . mysql_real_escape_string($request['MinimumWeeklyAttendance']) . "'\n and days_attended >= '" . mysql_real_escape_string($request['MinimumDailyAttendance']) . "'\n and total_credits >= '" . mysql_real_escape_string($request['MinimumCredits']) . "'\n {$peerage_clause}\n \t\t\t\t\torder by {$duespaid_order} kingdom_name, park_name, persona) main_summary\n left join\n (select mundane_id, sum(monthly_credits) as total_monthly_credits\n from\n (select \n \t\t\t\t\t\t\tleast(sum(credits), " . mysql_real_escape_string($request['MonthlyCreditMaximum']) . ") as monthly_credits, a.mundane_id\n \t\t\t\t\t\t\tfrom ork_attendance a\n \t\t\t\t\t\t\t\tleft join ork_mundane m on a.mundane_id = m.mundane_id\n \t\t\t\t\t\t\twhere \n date > adddate(curdate(), interval -{$per_period}) {$location} {$waiver_clause}\n \t\t\t\t\t\t\tgroup by month(date), year(date), mundane_id) monthly_list\n group by monthly_list.mundane_id) monthly_summary on main_summary.mundane_id = monthly_summary.mundane_id\n left join\n (select mundane_id, sum(daily_credits) as daily_credits, sum(rop_limited_credits) as rop_limited_credits\n from \n (select least(" . mysql_real_escape_string($request['MonthlyCreditMaximum']) . ", sum(daily_credits)) as daily_credits, least(" . mysql_real_escape_string($request['MonthlyCreditMaximum']) . ", sum(rop_credits)) rop_limited_credits, mundane_id\n from\n (select \n \t\t\t\t\t\t\tmax(credits) as daily_credits, 1 as rop_credits, a.mundane_id, a.date\n \t\t\t\t\t\t\tfrom ork_attendance a\n \t\t\t\t\t\t\t\tleft join ork_mundane m on a.mundane_id = m.mundane_id\n \t\t\t\t\t\t\twhere \n date > adddate(curdate(), interval -{$per_period}) {$location} {$waiver_clause}\n \t\t\t\t\t\t\tgroup by dayofyear(date), year(date), mundane_id) credit_list_source\n \t\t\t\t\t group by mundane_id, month(`date`)) credit_list\n group by credit_list.mundane_id) credit_counts on main_summary.mundane_id = credit_counts.mundane_id\n\t\t\t\t\t";
// For last join, need to limit monthly credits to monthly credit maximum per kingdom config
logtrace('Report: GetActivePlayers', array($request, $sql));
$r = $this->db->query($sql);
$report = array();
if ($r !== false && $r->size() > 0) {
do {
$report[] = array('KingdomName' => $r->kingdom_name, 'KingdomId' => $r->kingdom_id, 'ParentKingdomId' => $r->parent_kingodm_id, 'ParkName' => $r->park_name, 'ParkId' => $r->park_id, 'Persona' => $r->persona, 'MundaneId' => $r->mundane_id, 'TotalCredits' => $r->total_credits, 'TotalMonthlyCredits' => $r->total_monthly_credits, 'WeeksAttended' => $r->weeks_attended, 'ParkDaysAttended' => $r->park_days_attended, 'DaysAttended' => $r->days_attended, 'DailyCredits' => $r->daily_credits, 'RopLimitedCredits' => $r->rop_limited_credits, 'DuesPaid' => $r->duespaid, 'Waivered' => $r->waivered);
} while ($r->next());
}
$response = array('Status' => Success(), 'ActivePlayerSummary' => $report);
return $response;
}
public function HasAuthority($mundane_id, $type, $id, $role)
{
logtrace("HasAuthority", [$mundane_id, $type, $id, $role]);
if (valid_id($mundane_id) && (valid_id($id) || $type == AUTH_ADMIN)) {
} else {
if ($type == AUTH_ADMIN && valid_id($mundane_id)) {
} else {
return false;
}
}
// Is Admin?
$this->auth->clear();
$this->auth->mundane_id = $mundane_id;
$this->auth->role = AUTH_ADMIN;
if ($this->auth->find() && $this->auth->size() > 0) {
return true;
}
// Playing shenanigans
if (0 == $id) {
return false;
}
// Check for bans
$this->mundane->clear();
$this->mundane->mundane_id = $mundane_id;
if (!$this->mundane->find()) {
return false;
} else {
if ($this->mundane->penalty_box == 1) {
return false;
}
}
$this->auth->clear();
$this->auth->mundane_id = $mundane_id;
// Basic check -- does the user have direct access?
// NOTE: Admin check here does not check for admin privileges per se, but for whether
// an Admin Authorization request is avail (Admin == Admin)
// For elevated privileges (Admin > Park|Kingdom|Event|Unit), the check is handled below
switch ($type) {
case AUTH_PARK:
$this->auth->park_id = $id;
break;
case AUTH_KINGDOM:
$this->auth->kingdom_id = $id;
break;
case AUTH_EVENT:
$this->auth->event_id = $id;
break;
case AUTH_UNIT:
$this->auth->unit_id = $id;
break;
case AUTH_ADMIN:
$this->auth->role = AUTH_ADMIN;
break;
default:
return false;
}
if ($this->auth->find() && $id != 0) {
$sufficient = false;
do {
switch ($this->auth->role) {
case AUTH_EDIT:
$sufficient |= AUTH_EDIT == $role;
case AUTH_CREATE:
return true;
case AUTH_ADMIN:
return true;
}
} while ($this->auth->next());
// Something matched, fly away my pretty!
if ($sufficient) {
return true;
}
}
if ($type == AUTH_ADMIN) {
return false;
}
// Upper-level authority check, we have to find the parents of
// of the subject, and check their auths
// !$sufficient is redundant, but I don't trust the next guy to hold the invariant
if (!$sufficient && $type != AUTH_KINGDOM) {
switch ($type) {
case AUTH_PARK:
$park = new yapo($this->db, DB_PREFIX . 'park');
$park->clear();
$park->park_id = $id;
if ($park->find()) {
$id = $park->kingdom_id;
if ($this->HasAuthority($mundane_id, AUTH_KINGDOM, $id, $role)) {
return true;
}
}
break;
case AUTH_EVENT:
$event = new yapo($this->db, DB_PREFIX . 'event');
$event->clear();
$event->event_id = $id;
if ($event->find()) {
if ($this->HasAuthority($mundane_id, AUTH_KINGDOM, $event->kingdom_id, $role) || $this->HasAuthority($mundane_id, AUTH_PARK, $event->park_id, $role) || ($event->mundane_id = $mundane_id)) {
return true;
}
}
break;
}
}
return $sufficient;
}
public function SetKingdomParkTitles($request)
{
$response = [];
if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) > 0 && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_KINGDOM, $request['KingdomId'], AUTH_EDIT)) {
$this->log->Write('Kingdom', $mundane_id, LOG_EDIT, $request);
if (is_array($request['ParkTitles'])) {
$parktitle = new yapo($this->db, DB_PREFIX . 'parktitle');
foreach ($request['ParkTitles'] as $k => $title) {
switch ($title['Action']) {
case CFG_REMOVE:
$parktitle->clear();
$parktitle->parktitle_id = $title['ParkTitleId'];
if (valid_id($title['ParkTitleId']) && $parktitle->find()) {
if ($parktitle->kingdom_id != $request['KingdomId']) {
$response['Status'] = NoAuthorization('You cannot edit the park titles of another kingdom.');
return $response;
}
$parktitle->delete();
}
break;
case CFG_EDIT:
$parktitle->clear();
$parktitle->parktitle_id = $title['ParkTitleId'];
if (valid_id($title['ParkTitleId']) && $parktitle->find()) {
if ($parktitle->kingdom_id != $request['KingdomId']) {
$response['Status'] = NoAuthorization('You cannot edit the park titles of another kingdom.');
return $response;
}
$parktitle->title = strlen($title['Title']) ? $title['Title'] : $parktitle->title;
$parktitle->class = strlen($title['Class']) ? $title['Class'] : $parktitle->class;
$parktitle->minimumattendance = strlen($title['MinimumAttendance']) ? $title['MinimumAttendance'] : $parktitle->minimumattendance;
$parktitle->minimumcutoff = strlen($title['MinimumCutoff']) ? $title['MinimumCutoff'] : $parktitle->minimumcutoff;
$parktitle->period = strlen($title['Period']) ? $title['Period'] : $parktitle->period;
$parktitle->period_length = strlen($title['PeriodLength']) ? $title['PeriodLength'] : $parktitle->period_length;
$parktitle->save();
}
break;
case CFG_ADD:
$parktitle->clear();
$parktitle->kingdom_id = $request['KingdomId'];
$parktitle->title = $title['Title'];
$parktitle->class = $title['Class'];
$parktitle->minimumattendance = $title['MinimumAttendance'];
$parktitle->minimumcutoff = $title['MinimumCutoff'];
$parktitle->period = $title['Period'];
$parktitle->period_length = $title['PeriodLength'];
$parktitle->save();
break;
}
}
}
$response = Success();
} else {
$response = NoAuthorization(null, $mundane_id);
}
return $response;
}
function sendmessage_closed($call_id)
{
$call_id = valid_id($call_id);
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
$mail = new PHPMailer();
//Set who the message is to be sent from
$mail->SetFrom(FROM_EMAIL);
//Set who the message is to be sent to
$call_email = $db->get_var("SELECT call_email FROM site_calls WHERE call_id = {$call_id};");
$mail->AddAddress($call_email);
//Set the subject line
$mail->Subject = 'Ticket ' . FHD_TITLE . ' [# ' . $call_id . '] Closed.';
//Read an HTML message body from an external file, convert referenced images to embedded, convert HTML into a basic plain-text alternative body
$call_solution = $db->get_var("SELECT call_solution FROM site_calls WHERE call_id = {$call_id};");
$econtent = "Ticket Closed.<br><hr>" . $call_solution;
$mail->MsgHTML($econtent . "<br>");
//Send the message
$mail->Send();
}
public function SetEvent($request)
{
$mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token']);
if (valid_id($mundane_id) && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_EVENT, $request['EventId'], AUTH_EDIT)) {
$this->event->clear();
$this->event->event_id = $request['EventId'];
$response = array();
if (valid_id($request['EventId']) && $this->event->find()) {
if (is_numeric($request['KingdomId'])) {
$this->event->kingdom_id = $request['KingdomId'];
}
if (is_numeric($request['ParkId'])) {
$this->event->park_id = $request['ParkId'];
$p = Ork3::$Lib->park->GetParkShortInfo(array('ParkId' => $request['ParkId']));
if ($p['Status']['Status'] != 0) {
return $p['Status'];
} else {
$this->event->kingdom_id = $p['KingdomId'];
}
}
if (is_numeric($request['MundaneId'])) {
$this->event->mundane_id = $request['MundaneId'];
}
if (is_numeric($request['UnitId'])) {
$this->event->unit_id = $request['UnitId'];
}
if (trimlen($request['Name'])) {
$this->event->name = $request['Name'];
}
$this->event->save();
Ork3::$Lib->heraldry->SetEventHeraldry($request);
logtrace("SetEvent", array($request, $this->event));
return Success();
} else {
return InvalidParameter('Event Id is not a valid id.');
}
} else {
return NoAuthorization();
}
}
public function GetParkDays($request)
{
$parkday = new yapo($this->db, DB_PREFIX . 'parkday');
$parkday->clear();
$parkday->park_id = $request['ParkId'];
$response = array('Status' => Success(), 'ParkDays' => array());
if (valid_id($request['ParkId']) && $parkday->find()) {
do {
$response['ParkDays'][] = array('ParkDayId' => $parkday->parkday_id, 'ParkId' => $parkday->park_id, 'Recurrence' => $parkday->recurrence, 'WeekOfMonth' => $parkday->week_of_month, 'WeekDay' => $parkday->week_day, 'MonthDay' => $parkday->month_day, 'Time' => $parkday->time, 'Purpose' => $parkday->purpose, 'Description' => $parkday->description, 'AlternateLocation' => $parkday->alternate_location, 'Address' => $parkday->address, 'City' => $parkday->city, 'Province' => $parkday->province, 'PostalCode' => $parkday->postal_code, 'MapUrl' => $parkday->map_url, 'LocationUrl' => $parkday->location_url);
} while ($parkday->next());
} else {
$response['Status'] = InvalidParameter();
}
return $response;
}
function get_pager_from($val)
{
if (isset($val['from']) && valid_id($val['from'])) {
return $val['from'];
}
return 0;
}
public function index($id)
{
$this->load_model('Unit');
$params = explode('/', $id);
$id = $params[0];
if (count($params) > 1) {
$action = $params[1];
}
if (count($params) > 2) {
$roastbeef = $params[2];
}
if (strlen($action) > 0) {
$this->request->save('Player_index', true);
$r = ['Status' => 0];
if (!isset($this->session->user_id)) {
header('Location: ' . UIR . "Login/login/Player/index/{$id}");
} else {
switch ($action) {
case 'updateclasses':
$class_update = [];
if (is_array($this->request->Reconciled)) {
foreach ($this->request->Reconciled as $class_id => $qty) {
$class_update[] = ['ClassId' => $class_id, 'Quantity' => $qty];
}
$this->Player->update_class_reconciliation(['Token' => $this->session->token, 'MundaneId' => $id, 'Reconcile' => $class_update]);
}
break;
case 'update':
if ($_FILES['Heraldry']['size'] > 0 && Common::supported_mime_types($_FILES['Heraldry']['type'])) {
if (move_uploaded_file($_FILES['Heraldry']['tmp_name'], DIR_TMP . sprintf("h_%06d", $id))) {
$h_im = file_get_contents(DIR_TMP . sprintf("h_%06d", $id));
$h_imdata = base64_encode($h_im);
}
}
if ($_FILES['Waiver']['size'] > 0 && Common::supported_mime_types($_FILES['Waiver']['type'])) {
if (move_uploaded_file($_FILES['Waiver']['tmp_name'], DIR_TMP . sprintf("w_%06d", $id))) {
$w_im = file_get_contents(DIR_TMP . sprintf("w_%06d", $id));
$w_imdata = base64_encode($w_im);
}
}
if ($_FILES['PlayerImage']['size'] > 0 && Common::supported_mime_types($_FILES['PlayerImage']['type'])) {
if (move_uploaded_file($_FILES['PlayerImage']['tmp_name'], DIR_TMP . sprintf("pi_%06d", $id))) {
$pi_im = file_get_contents(DIR_TMP . sprintf("pi_%06d", $id));
$pi_imdata = base64_encode($w_im);
}
}
$r = $this->Player->update_player(['MundaneId' => $id, 'GiveName' => $this->request->Player_index->GivenName, 'Surname' => $this->request->Player_index->Surname, 'Persona' => $this->request->Player_index->Persona, 'UserName' => $this->request->Player_index->UserName, 'Password' => $this->request->Player_index->Password == $this->request->Player_index->PasswordAgain ? $this->request->Player_index->Password : null, 'Email' => $this->request->Player_index->Email, 'Restricted' => $this->request->Player_index->Restricted == 'Restricted' ? 1 : 0, 'Active' => $this->request->Player_index->Active == 'Active' ? 1 : 0, 'HasImage' => strlen($pi_imdata), 'Image' => strlen($pi_imdata) > 0 ? $pi_imdata : null, 'ImageMimeType' => strlen($pi_imdata) > 0 ? $_FILES['PlayerImage']['type'] : '', 'Heraldry' => strlen($h_imdata) > 0 ? $h_imdata : null, 'HeraldryMimeType' => strlen($h_imdata) > 0 ? $_FILES['Heraldry']['type'] : '', 'Waivered' => strlen($w_imdata), 'Waiver' => strlen($w_imdata) > 0 ? $w_imdata : null, 'WaiverMimeType' => strlen($w_imdata) > 0 ? $_FILES['Waiver']['type'] : '', 'Token' => $this->session->token]);
if ($this->request->Player_index->Password != $this->request->Player_index->PasswordAgain) {
$this->data['Error'] = 'Passwords do not match.';
}
break;
case 'addaward':
$r = $this->Player->add_player_award(['Token' => $this->session->token, 'RecipientId' => $id, 'AwardId' => $this->request->Player_index->AwardId, 'Rank' => $this->request->Player_index->Rank, 'Date' => $this->request->Player_index->Date, 'GivenById' => $this->request->Player_index->MundaneId, 'Note' => $this->request->Player_index->Note, 'ParkId' => valid_id($this->request->Player_index->ParkId) ? $this->request->Player_index->ParkId : 0, 'KingdomId' => valid_id($this->request->Player_index->KingdomId) ? $this->request->Player_index->KingdomId : 0, 'EventId' => valid_id($this->request->Player_index->EventId) ? $this->request->Player_index->EventId : 0]);
break;
case 'deleteaward':
$r = $this->Player->delete_player_award(['Token' => $this->session->token, 'AwardsId' => $roastbeef]);
break;
case 'updateaward':
$r = $this->Player->update_player_award(['Token' => $this->session->token, 'AwardsId' => $roastbeef, 'RecipientId' => $id, 'AwardId' => $this->request->Player_index->AwardId, 'Rank' => $this->request->Player_index->Rank, 'Date' => $this->request->Player_index->Date, 'GivenById' => $this->request->Player_index->MundaneId, 'Note' => $this->request->Player_index->Note, 'ParkId' => valid_id($this->request->Player_index->ParkId) ? $this->request->Player_index->ParkId : 0, 'KingdomId' => valid_id($this->request->Player_index->KingdomId) ? $this->request->Player_index->KingdomId : 0, 'EventId' => valid_id($this->request->Player_index->EventId) ? $this->request->Player_index->EventId : 0]);
break;
}
if ($r['Status'] == 0) {
$this->data['Message'] = 'Player has been updated';
$this->request->clear('Player_index');
} else {
if ($r['Status'] == 5) {
header('Location: ' . UIR . "Login/login/Player/index/{$id}");
} else {
$this->data['Error'] = $r['Error'] . ':<p>' . $r['Detail'];
}
}
}
}
if ($this->request->exists('Player_index')) {
$this->data['Player_index'] = $this->request->Player_index->Request;
}
$this->data['KingdomId'] = $this->session->kingdom_id;
$this->data['AwardOptions'] = $this->Award->fetch_award_option_list($this->session->kingdom_id);
$this->data['Player'] = $this->Player->fetch_player($id);
$this->data['Details'] = $this->Player->fetch_player_details($id);
$this->data['Notes'] = $this->Player->get_notes($id);
$this->data['Units'] = $this->Unit->get_unit_list(['MundaneId' => $id, 'IncludeCompanies' => 1, 'IncludeHouseHolds' => 1, 'IncludeEvents' => 1, 'ActiveOnly' => 1]);
$this->data['menu']['admin'] = ['url' => UIR . "Admin/player/{$id}", 'display' => 'Admin'];
$this->data['menu']['player'] = ['url' => UIR . "Player/index/{$id}", 'display' => $this->data['Player']['Persona']];
}
public function map($kingdom_id = null)
{
if (valid_id($kingdom_id)) {
$this->data['Parks'] = $this->Kingdom->GetParks(['KingdomId' => $kingdom_id]);
}
}
public function Player($type, $search, $limit = 15, $kingdom_id = null, $park_id = null, $waivered = null, $persona_required = true)
{
$searchtokens = preg_split("/[\\s,-]+/", $search);
$opt = array("1");
$limit = min(valid_id($limit) ? $limit : 15, 50);
switch (strtoupper($type)) {
case 'PERSONA':
if (count($searchtokens) > 0) {
$s = implode(' or ', array_map(function ($t) {
return "`persona` like '%" . mysql_real_escape_string($t) . "%'";
}, $searchtokens));
}
$order = "order by persona,surname,given_name";
$opt[] = "length(`persona`) > 0";
break;
case 'MUNDANE':
if (count($searchtokens) > 0) {
$s = implode(' or ', array_map(function ($t) {
return "`given_name` like '%" . mysql_real_escape_string($t) . "%' or `surname` like '%" . mysql_real_escape_string($t) . "%'";
}, $searchtokens));
}
$order = "order by surname,given_name";
$opt[] = "(length(`surname`) > 0 or length(`given_name`) > 0)";
break;
case 'USER':
if (count($searchtokens) > 0) {
$s = implode(' or ', array_map(function ($t) {
return "`username` like '%" . mysql_real_escape_string($t) . "%'";
}, $searchtokens));
}
$order = "order by username,surname,given_name";
$opt[] = "length(`username`) > 0";
break;
default:
$zztop = implode('* ', $searchtokens) . '*';
$s = "match(`given_name`, `surname`, `other_name`, `username`, `persona`) against ('" . mysql_real_escape_string($zztop) . "' in boolean mode)";
break;
}
if ($persona_required === true) {
$opt[] = "length(`persona`) > 0";
}
if (is_numeric($kingdom_id) && $kingdom_id > 0) {
$opt[] = "m.kingdom_id =" . mysql_real_escape_string($kingdom_id);
}
if (is_numeric($park_id) && $park_id > 0) {
$opt[] = "m.park_id =" . mysql_real_escape_string($park_id);
}
if (is_numeric($waivered) && $waivered > 0) {
$opt[] = "waivered =" . ($waivered ? 1 : 0);
}
$sql = "select \n\t\t\t\t\t\t{$parameters}\n\t\t\t\t\t\t`mundane_id`, `given_name`, `surname`, `other_name`, concat(`given_name`,' ',`surname`) as `mundane`, `username`, `persona`, p.park_id, k.kingdom_id, \n\t\t\t\t\t\t`restricted`, `waivered`, `company_id`, `penalty_box`, k.name as kingdom_name, p.name as park_name, p.abbreviation as p_abbr, k.abbreviation as k_abbr\n\t\t\t\t\tfrom " . DB_PREFIX . "mundane m\n\t\t\t\t\t\tleft join " . DB_PREFIX . "kingdom k on k.kingdom_id = m.kingdom_id\n\t\t\t\t\t\tleft join " . DB_PREFIX . "park p on p.park_id = m.park_id\n\t\t\t\t\twhere ({$s}) and (" . implode(' and ', $opt) . ") {$order}\n\t\t\t\t\tlimit {$limit}";
$i = 0;
$q = $this->db->query($sql);
if ($q !== false && $q->size() > 0) {
$r = array();
do {
$r[$i++] = array('MundaneId' => $q->mundane_id, 'GivenName' => '', 'Surname' => '', 'Mundane' => '', 'UserName' => $q->username, 'Persona' => $q->persona, 'Restricted' => $q->restricted, 'KingdomId' => $q->kingdom_id, 'ParkId' => $q->park_id, 'KingdomName' => $q->kingdom_name, 'ParkName' => $q->park_name, 'Waivered' => $q->waivered, 'PenaltyBox' => $q->penalty_box, 'KAbbr' => $q->k_abbr, 'PAbbr' => $q->p_abbr);
if (is_numeric($limit)) {
if ($limit == 0) {
break;
}
$limit--;
}
} while ($q->next());
return $r;
} else {
return array();
}
}
$auth = db_select_one('reset_password', array('id', 'user_id', 'auth_key'), array('auth_key' => $_POST['auth_key'], 'user_id' => $_POST['id']));
if (!$auth['user_id']) {
message_error('No reset data found');
}
}
// stage 1, part 2
if ($_POST['action'] == 'reset_password') {
$user = db_select_one('users', array('id', 'team_name', 'email'), array('email' => $_POST[md5(CONFIG_SITE_NAME . 'EMAIL')]));
if ($user['id']) {
$auth_key = hash('sha256', generate_random_string(128));
db_insert('reset_password', array('added' => time(), 'user_id' => $user['id'], 'ip' => get_ip(true), 'auth_key' => $auth_key));
$email_subject = 'Password recovery for team ' . htmlspecialchars($user['team_name']);
// body
$email_body = htmlspecialchars($user['team_name']) . ', please follow the link below to reset your password:'******'reset_password?action=choose_password&auth_key=' . $auth_key . '&id=' . $user['id'] . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME;
// send details to user
send_email(array($user['email']), $email_subject, $email_body);
}
message_generic('Success', 'If the email you provided was found in the database, an email has now been sent to it with further instructions!');
} else {
if ($_POST['action'] == 'choose_password' && valid_id($auth['user_id'])) {
$new_password = $_POST[md5(CONFIG_SITE_NAME . 'PWD')];
if (empty($new_password)) {
message_error('You can\'t have an empty password');
}
$new_passhash = make_passhash($new_password);
db_update('users', array('passhash' => $new_passhash), array('id' => $auth['user_id']));
db_delete('reset_password', array('id' => $auth['id']));
message_generic('Success', 'Your password has been reset.');
}
}
}
public function GetParticipants($request)
{
if (valid_id($request['TournamentId'])) {
$where = " and p.tournament_id = {$request['TournamentId']}";
}
if (valid_id($request['BracketId'])) {
$where .= " and p.bracket_id = {$request['BracketId']}";
}
$sql = "select p.*, player.*, m.persona, k.name as kingdom_name, park.name as park_name, u.name as unit_name, t.name as team_name\n\t\t\t\t\tfrom " . DB_PREFIX . "participant p\n\t\t\t\t\t\tleft join " . DB_PREFIX . "participant_mundane player on player.participant_id = p.participant_id\n\t\t\t\t\t\t\tleft join " . DB_PREFIX . "mundane m on player.mundane_id = m.mundane_id\n\t\t\t\t\t\tleft join " . DB_PREFIX . "unit u on p.unit_id = u.unit_id\n\t\t\t\t\t\tleft join " . DB_PREFIX . "park on p.park_id = park.park_id\n\t\t\t\t\t\tleft join " . DB_PREFIX . "kingdom k on k.kingdom_id = p.kingdom_id\n\t\t\t\t\t\tleft join " . DB_PREFIX . "team t on t.team_id = p.team_id\n\t\t\t\t\twhere 1 {$where}\n\t\t\t";
}
public function create_officers($kingdom_id, $park_id, $principality_id = 0)
{
$this->create_officer($kingdom_id, $park_id, 'Monarch', 'create');
$this->create_officer($kingdom_id, $park_id, 'Regent', 'create');
$this->create_officer($kingdom_id, $park_id, 'Prime Minister', 'create');
$this->create_officer($kingdom_id, $park_id, 'Champion', null);
if (valid_id($for_principality)) {
$this->create_officer($kingdom_id, $park_id, 'Monarch', 'create', 1, $principality_id);
$this->create_officer($kingdom_id, $park_id, 'Regent', 'create', 1, $principality_id);
$this->create_officer($kingdom_id, $park_id, 'Prime Minister', 'create', 1, $principality_id);
$this->create_officer($kingdom_id, $park_id, 'Champion', null, 1, $principality_id);
}
}
<?php
require '../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
head('IP log');
menu_management();
// show a users IP log
if (isset($_GET['id']) && valid_id($_GET['id'])) {
$user = db_select_one('users', array('team_name'), array('id' => $_GET['id']));
section_head('IP log for team: <a href="' . CONFIG_SITE_URL . 'user?id=' . $_GET['id'] . '">' . htmlspecialchars($user['team_name']) . '</a>', '', false);
user_ip_log($_GET['id']);
} else {
if (isset($_GET['ip']) && valid_ip($_GET['ip'])) {
section_head('Teams using IP ' . $_GET['ip']);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>Team name</th>
<th>Hostname</th>
<th>First used</th>
<th>Last used</th>
<th>Times used</th>
</tr>
</thead>
<tbody>
';
$entries = db_query_fetch_all('
SELECT
INET_NTOA(ipl.ip) AS ip,
ipl.added,
public function createpark($params = null)
{
$params = explode('/', $params);
if ('submit' == $params[0]) {
$post = 'submit';
$this->data['KingdomId'] = $this->session->kingdom_id;
} else {
if ('park' == $params[0]) {
$park_id = $params[1];
$this->data['ParkId'] = $park_id;
$this->data['KingdomId'] = $this->session->kingdom_id;
} else {
if ('kingdom' == $params[0]) {
$kingdom_id = $params[1];
$this->data['KingdomId'] = $kingdom_id;
}
}
}
logtrace('createpark', $params);
if (strlen($post) > 0) {
$this->request->save('Admin_createpark', true);
if (!isset($this->session->user_id)) {
header('Location: ' . UIR . 'Login/login/Admin/createpark' . ($post != null ? '/' . $post : ''));
} else {
if (trimlen($this->request->Admin_createpark->Name) == 0) {
$this->data['Error'] = "Park must have a name.";
} else {
if (trimlen($this->request->Admin_createpark->Abbreviation) == 0) {
$this->data['Error'] = "Park must have an abbreviation.";
} else {
if (!valid_id($this->request->Admin_createpark->kingdom_id)) {
$this->data['Error'] = "Somehow, a Kingdom was not selected. Good luck with that.";
} else {
if (!valid_id($this->request->Admin_createpark->ParkTitleId)) {
$this->data['Error'] = "Parks must have a title.";
} else {
$r = $this->Park->create_park(['Token' => $this->session->token, 'Name' => $this->request->Admin_createpark->Name, 'Abbreviation' => $this->request->Admin_createpark->Abbreviation, 'KingdomId' => $this->session->kingdom_id, 'ParkTitleId' => $this->request->Admin_createpark->ParkTitleId]);
if ($r['Status'] == 0) {
$this->request->clear('Admin_createpark');
//header( 'Location: '.UIR.'Park/index/'.$r['Detail'] );
} else {
if ($r['Status'] == 5) {
header('Location: ' . UIR . 'Login/login/Admin/createpark' . ($post != null ? '/' . $post : ''));
} else {
$this->data['Error'] = $r['Error'] . ':<p>' . $r['Detail'];
}
}
}
}
}
}
}
}
$this->data['ParkTitleId_options'] = [];
$r = $this->Kingdom->get_kingdom_details($this->session->kingdom_id);
foreach ($r['ParkTitles'] as $key => $detail) {
$this->data['ParkTitleId_options'][$detail['ParkTitleId']] = $detail['Title'];
}
if ($this->request->exists('Admin_createpark')) {
$this->data['Admin_createpark'] = $this->request->Admin_createpark->Request;
}
}
function get_attendance_for_event($event_id, $detail_id)
{
if (valid_id($event_id)) {
return $this->Report->AttendanceForEvent(['EventId' => $event_id, 'EventCalendarDetailId' => $detail_id]);
}
}
public function SetMember($request)
{
$this->members->clear();
$this->members->unit_mundane_id = $request['UnitMundaneId'];
if (valid_id($request['UnitMundaneId']) && $this->members->find()) {
$unit_id = $this->members->unit_id;
if (($mundane_id = Ork3::$Lib->authorization->IsAuthorized($request['Token'])) > 0 && Ork3::$Lib->authorization->HasAuthority($mundane_id, AUTH_UNIT, $unit_id, AUTH_CREATE)) {
$this->members->clear();
$this->members->unit_mundane_id = $request['UnitMundaneId'];
$this->members->find();
$this->members->active = $request['Active'];
$this->members->role = $request['Role'];
$this->members->title = $request['Title'];
$this->members->save();
return Success();
}
return NoAuthorization();
}
return InvalidParameter();
}
protected function set_game_state($game_id, $objective_id, $state)
{
if (valid_id($game_id) && valid_id($objective_id)) {
$this->objective->game_objective_id = $objective_id;
if ($this->objective->find() && $this->game->game_objective_id == $objective_id) {
$this->objective->state = json_encode($state);
$this->objective->save();
return true;
}
} else {
if (valid_id($game_id)) {
$this->game->game_id = $game_id;
if ($this->game->find() && $this->game->game_id == $game_id) {
$this->game->state = json_encode($state);
$this->game->save();
return true;
}
}
}
return false;
}
function register_account($email, $password, $team_name, $country, $type = null)
{
if (!CONFIG_ACCOUNTS_SIGNUP_ALLOWED) {
message_error('Registration is currently closed.');
}
if (empty($email) || empty($password) || empty($team_name)) {
message_error('Please fill in all the details correctly.');
}
if (isset($type) && !valid_id($type)) {
message_error('That does not look like a valid team type.');
}
if (strlen($team_name) > CONFIG_MAX_TEAM_NAME_LENGTH || strlen($team_name) < CONFIG_MIN_TEAM_NAME_LENGTH) {
message_error('Your team name was too long or too short.');
}
validate_email($email);
if (!allowed_email($email)) {
message_error('Email not on whitelist. Please choose a whitelisted email or contact organizers.');
}
$num_countries = db_select_one('countries', array('COUNT(*) AS num'));
if (!isset($country) || !valid_id($country) || $country > $num_countries['num']) {
message_error('Please select a valid country.');
}
$user = db_select_one('users', array('id'), array('team_name' => $team_name, 'email' => $email), null, 'OR');
if ($user['id']) {
message_error('An account with this team name or email already exists.');
}
$user_id = db_insert('users', array('email' => $email, 'passhash' => make_passhash($password), 'team_name' => $team_name, 'added' => time(), 'enabled' => CONFIG_ACCOUNTS_DEFAULT_ENABLED ? '1' : '0', 'user_type' => isset($type) ? $type : 0, 'country_id' => $country));
// insertion was successful
if ($user_id) {
// log signup IP
log_user_ip($user_id);
// signup email
$email_subject = 'Signup successful - account details';
// body
$email_body = htmlspecialchars($team_name) . ', your registration at ' . CONFIG_SITE_NAME . ' was successful.' . "\r\n" . "\r\n" . 'Your username is: ' . $email . "\r\n";
if (CONFIG_ACCOUNTS_EMAIL_PASSWORD_ON_SIGNUP) {
$email_body .= 'Your password is: ' . $password . "\r\n";
}
$email_body .= "\r\n" . 'Please stay tuned for updates!' . "\r\n" . "\r\n" . 'Regards,' . "\r\n" . CONFIG_SITE_NAME . "\r\n" . CONFIG_SITE_URL;
// send details to user
send_email(array($email), $email_subject, $email_body);
// if account isn't enabled by default, display message and die
if (!CONFIG_ACCOUNTS_DEFAULT_ENABLED) {
message_generic('Signup successful', 'Thank you for registering!
Your chosen email is: ' . htmlspecialchars($email) . '.
Please stay tuned for updates!');
} else {
return true;
}
}
// no rows were inserted
return false;
}