$Joueur['Suppr'] = sqlesc($_POST['Suppr' . $i]); $Joueur['pass'] = sqlesc($_POST['pass' . $i]); $i++; $modif = false; foreach ($Joueur as $k => $v) { if ($v != $OldJoueur[$k]) { $modif = true; break; } } if ($modif) { DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `Points`=\'' . $Joueur['ModifPoints'] . '\', `Grade`=\'' . $Joueur['ModifGrade'] . '\', `Race`=\'' . $Joueur['ModifRace'] . '\' WHERE `Joueur`=\'' . $Joueur['ID'] . '\''); DataEngine::sql_spool('UPDATE `SQL_PREFIX_Users` SET `Permission`=\'' . $Joueur['ModifPermission'] . '\' WHERE `Login`=\'' . $Joueur['ID'] . '\''); } if ($Joueur['pass'] && Members::CheckPerms('MEMBRES_NEWPASS')) { DataEngine::sql_spool('UPDATE `SQL_PREFIX_Users` SET `Password`=md5(\'' . $Joueur['pass'] . '\') WHERE `Login`=\'' . $Joueur['ID'] . '\''); } if ($Joueur['Suppr'] && Members::CheckPerms('MEMBRES_DELETE')) { Members::DeleteUser($Joueur['ID']); } } //while if (DataEngine::has_sql_spool()) { DataEngine::sql_do_spool(); } } //if $mysql_result = DataEngine::sql('SELECT `GradeId`, `Grade`, `Niveau`, `Rattachement` from `SQL_PREFIX_Grade` ORDER BY `Rattachement`, `Niveau`'); $i = 0; while ($ligne = mysql_fetch_assoc($mysql_result)) { $Grades[] = $ligne;
$login = sqlesc(mb_strtolower($_POST['login'], 'utf8'), false); $mdp = md5($_POST['mdp']); $query = 'SELECT LOWER(u.`Login`) as `Login`, u.`Permission`, m.`carte_prefs` from `SQL_PREFIX_Users` u, `SQL_PREFIX_Membres` m WHERE LOWER(u.`Login`)=LOWER(\'' . $login . '\') AND u.`Password`=\'' . $mdp . '\' AND (m.`Joueur`=LOWER(\'' . $login . '\'))'; $mysql_result = DataEngine::sql($query); $ligne = mysql_fetch_assoc($mysql_result); if (is_array($ligne) && $ligne['Login'] == $login) { // session valide $validsession = true; $_SESSION['_login'] = $login; $_SESSION['_pass'] = $mdp; $_SESSION['_Perm'] = $ligne['Permission']; $_SESSION['carte_prefs'] = $ligne['carte_prefs']; $_SESSION['_IP'] = Get_IP(); $_SESSION['_permkey'] = sha1($mdp . $_SESSION['_IP']); DataEngine::sql_spool('INSERT INTO `SQL_PREFIX_Log` (`DATE`,`log`,`IP`) VALUES(NOW(),\'login:'******'\',\'' . $_SESSION['_IP'] . '\')'); DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `Date`=now() WHERE `Joueur`=\'' . $login . '\''); } else { // login/pass pas bon... $validsession = -1; $login_msg = $lng['wronglogin']; $query = 'INSERT INTO `SQL_PREFIX_Log` (`DATE`,`log`,`IP`) VALUES(NOW(),"login,err:' . $login . '",\'' . Get_IP() . '\')'; DataEngine::sql($query); } } // Vérification de session, si existante et si elle viens pas d'être validé ;) if ($validsession === false && isset($_SESSION['_login']) && $_SESSION['_login'] != "") { $login = $_SESSION['_login']; $mdp = $_SESSION['_pass']; $query = 'SELECT LOWER(u.`Login`) as `Login`, u.`Permission`, m.`carte_prefs` from `SQL_PREFIX_Users` u, `SQL_PREFIX_Membres` m WHERE LOWER(u.`Login`)=LOWER(\'' . $login . '\') AND u.`Password`=\'' . $mdp . '\' AND (m.`Joueur`=LOWER(\'' . $login . '\'))'; $mysql_result = DataEngine::sql($query); // or mysql_die($query,__file__,__line__);
public function save_prefs() { $this->perms_prefs(); $tmp = implode(';', array($this->vortex, $this->joueur, $this->planete, $this->asteroide, $this->sc, $this->taille, $this->pnj, $this->ennemis, $this->allys)); if ($_SESSION['carte_prefs'] != $tmp || $_SESSION['carte_prefs'] == '') { DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `carte_prefs`=\'' . $tmp . '\' WHERE `Joueur`=\'' . $_SESSION['_login'] . '\''); } }
/** * lance le spool de requète sql */ public static function sql_do_spool() { $spoolactive = false; if (count(self::$conf_save) > 0) { foreach (self::$conf_save as $key => $value) { self::sql_spool('UPDATE `SQL_PREFIX_Config` SET `value` =\'' . sqlesc(serialize($value)) . '\' WHERE `key`=\'' . $key . '\' LIMIT 1'); } self::$conf_save = array(); } if (count(self::$sql_spool) > 0) { if (IN_DEV) { self::$sqls[] = array(0, 'Spooler...'); $spoolactive = true; } foreach (self::$sql_spool as $sql) { $time = microtime(true); $sql = str_replace('SQL_PREFIX_', SQL_PREFIX_, $sql); mysql_unbuffered_query($sql); $time = round((microtime(true) - $time) * 1000, 3); if (IN_DEV) { self::$sqls[] = array($time, $sql); } } self::$sql_spool = array(); } if (class_exists('cartographie')) { cartographie::getinstance()->do_spooler(); } if (IN_DEV && $spoolactive) { self::$sqls[] = array(0, '...Spooler'); } }
public function Log($value) { $value = sqlesc($value); $query = sprintf('INSERT INTO `SQL_PREFIX_Log` (`DATE`,`log`,`IP`) VALUES(NOW(),\'cron: %s (%1.4fsec.)\',\'%s\')', $value, microtime(true) - START, Get_IP()); DataEngine::sql_spool($query); }
header('HTTP/1.1 403 Forbidden'); output::_DoOutput("<eude><alert>{$lng['err_wrongserver']}</alert><GM_active>0</GM_active></eude>"); } $xml = array(); $carto = cartographie::getinstance(); switch ($_GET['act']) { case 'init': //------------------------------------------------------------- $xml['GM_galaxy_info'] = Members::CheckPerms('CARTOGRAPHIE_PLAYERS') ? '1' : '0'; $xml['GM_planet_info'] = Members::CheckPerms('CARTOGRAPHIE_PLANETS') ? '1' : '0'; $xml['GM_asteroid_info'] = Members::CheckPerms('CARTOGRAPHIE_ASTEROID') ? '1' : '0'; $xml['GM_pnj_info'] = Members::CheckPerms('CARTOGRAPHIE_PNJ') ? '1' : '0'; $xml['GM_troops_battle'] = Members::CheckPerms('PERSO_TROOPS_BATTLE') ? '1' : '0'; $xml['GM_empire_maj'] = Members::CheckPerms('EMPIRE_GREASE') ? '1' : '0'; DataEngine::sql_spool('INSERT INTO `SQL_PREFIX_Log` (`DATE`,`LOGIN`,`IP`) VALUES(NOW(),\'gm:' . sqlesc($_SESSION['_login']) . '\',\'' . $_SESSION['_IP'] . '\')'); DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `Date`=now() WHERE `Joueur`=\'' . sqlesc($_SESSION['_login']) . '\''); case 'config': //----------------------------------------------------------- $msg = $xml['log'] = $lng['config_helloworld']; $xml['logtype'] = 'none'; $xml['GM_active'] = '1'; break; case 'mafiche': //---------------------------------------------------------- $query = <<<q UPDATE `SQL_PREFIX_Membres` SET `POINTS`='%d', `Economie`='%d', `Commerce`='%d', `Recherche`='%d', `Combat`='%d', `Construction`='%s', `Navigation`='%d', `Race`='%s', `Titre`='%s', `GameGrade`='%s', `pts_architecte`='%d', `pts_mineur`='%d', `pts_science`='%d', `pts_commercant`='%d', `pts_amiral`='%d', `pts_guerrier`='%d', `Date`=now() WHERE `Joueur`='%s'