function updatecookie()
{
// Refresh the cookie with username/password - Times out after 60 mins, and player must login again.
global $gamepath, $gamedomain, $userpass, $username, $password, $user_ship_id, $user_ip_address, $user_agent, $user_host;
$shared_function = new shared();
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$cookie_session_id = md5($user_agent);
$data = array('username' => $username, 'password' => $cookie_session_id, 'user_id' => $user_ship_id, 'user_ip' => $user_ip_address, 'user_host' => $user_host, 'user_agent' => $user_agent);
$data = serialize($data);
setcookie("userID", $data, time() + 3600 * 24 * 365, $gamepath, $gamedomain);
}
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
// File: option2.php
include "config/config.php";
if (checklogin()) {
die;
}
global $l_opt2_title;
$title = $l_opt2_title;
if ($newpass1 == $newpass2 && $password == $oldpass && $newpass1 != "") {
$shared_function = new shared();
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$cookie_session_id = md5($user_agent);
$data = array('username' => $username, 'password' => $cookie_session_id, 'user_id' => $user_ship_id, 'user_ip' => $user_ip_address, 'user_host' => $user_host, 'user_agent' => $user_agent);
$data = serialize($data);
setcookie("userID", $data, time() + 3600 * 24 * 365, $gamepath, $gamedomain);
}
if (!preg_match("/^[\\w]+\$/", $newlang)) {
$newlang = $default_lang;
} else {
$lang = $_POST['newlang'];
}
// New database driven language entries
load_languages($db, $lang, array('option2', 'common', 'global_includes', 'global_funcs', 'combat', 'footer', 'news'), $langvars, $db_logging);
function checklogin()
{
$flag = 0;
$shared_function = new shared();
global $username, $password, $db, $l, $user_ship_id, $user_cookie_ip, $user_cookie_host, $user_cookie_agent, $lang;
$result1 = $db->Execute("SELECT * FROM {$db->prefix}ships WHERE ship_id=? LIMIT 1", array($user_ship_id));
db_op_result($db, $result1, __LINE__, __FILE__);
$playerinfo = $result1->fields;
// Check the cookie to see if username/password are empty - check password against database
//needs changing to check session ID inside cookie matches session ID on server DB, if not force user to log in again!
/*Check user browser and cookie match*/
$shared_function = new shared();
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
if ($username == "" or $user_ship_id == "" or $password == "") {
$title = $l->get('l_error');
include "header.php";
echo str_replace("[here]", "<a href='index.php'>" . $l->get('l_here') . "</a>", $l->get('l_global_needlogin'));
include "footer.php";
$flag = 1;
} else {
/*check computers match*/
if ($user_cookie_ip == $user_ip_address && $user_cookie_host == $user_host && $user_cookie_agent == $user_agent) {
if ($playerinfo) {
$ip = $_SERVER['REMOTE_ADDR'];
$stamp = date("Y-m-d H:i:s");
$timestamp['now'] = (int) strtotime($stamp);
$timestamp['last'] = (int) strtotime($playerinfo['last_login']);
// Update the players last_login ever 60 seconds to cut back SQL Queries.
if ($timestamp['now'] >= $timestamp['last'] + 60) {
$update = $db->Execute("UPDATE {$db->prefix}ships SET last_login = ?, ip_address = ? WHERE ship_id = ?;", array($stamp, $ip, $playerinfo['ship_id']));
}
}
} else {
$title = $l->get('l_error');
include "header.php";
echo str_replace("[here]", "<a href='index.php'>" . $l->get('l_here') . "</a>", $l->get('l_global_needlogin'));
include "footer.php";
$flag = 1;
}
}
/*
// Check for destroyed ship
if ($playerinfo['ship_destroyed'] == "Y")
{
// if the player has an escapepod, set the player up with a new ship
if ($playerinfo['dev_escapepod'] == "Y")
{
$result2 = $db->Execute("UPDATE {$db->prefix}ships SET hull=0, engines=0, power=0, computer=0,sensors=0, beams=0, torp_launchers=0, torps=0, armor=0, armor_pts=100, cloak=0, shields=0, sector=0, ship_ore=0, ship_organics=0, ship_energy=1000, ship_colonists=0, ship_goods=0, ship_fighters=100, ship_damage=0, on_planet='N', dev_warpedit=0, dev_genesis=0, dev_beacon=0, dev_emerwarp=0, dev_escapepod='N', dev_fuelscoop='N', dev_minedeflector=0, ship_destroyed='N',dev_lssd='N' WHERE email=?", array($username));
db_op_result ($db, $result2, __LINE__, __FILE__);
echo str_replace("[here]", "<a href='main.php'>" . $l->get('l_here') . "</a>", $l->get('l_login_died'));
$flag = 1;
}
else
{
// if the player doesn't have an escapepod - they're dead, delete them. But we can't delete them yet.
// (This prevents the self-distruct inherit bug)
echo str_replace("[here]", "<a href='log.php'>" . ucfirst($l->get('l_here')) . "</a>", $l->get('l_global_died')) . "<br><br>" . $l->get('l_global_died2');
echo str_replace("[logout]", "<a href='logout.php'>" . $l->get('l_logout') . "</a>", $l->get('l_die_please'));
$flag = 1;
}
}
*/
global $server_closed;
if ($server_closed && $flag == 0) {
$title = $l->get('l_login_closed_message');
include "header.php";
echo $l->get('l_login_closed_message');
include "footer.php";
$flag = 1;
}
return $flag;
}
public function player_log($user_id, $event_id, $a, $b, $c, $tracking, $log_priority, $log_title)
{
global $db_prefix;
$shared_function = new shared();
if ($tracking == "notrack") {
$user_ip_address = "";
$user_agent = "";
$user_host = "";
} else {
$ip_array = $shared_function->sortIP();
$user_ip_address = $ip_array[0];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
}
$event_content = $this->player_log_data($event_id, $a, $b, $c, $ip_array);
$timestamp = $shared_function->manage_time("full");
$create_log = $this->connect->prepare("INSERT INTO " . $db_prefix . "player_logs SET ship_id = ? , type = ? , time = ?, data = ?, user_agent = ?, user_host = ?, user_ip = ?, priority = ?, title = ?");
$create_log->bindParam(1, $user_id, PDO::PARAM_INT);
$create_log->bindParam(2, $event_id, PDO::PARAM_INT);
$create_log->bindParam(3, $timestamp, PDO::PARAM_STR);
$create_log->bindParam(4, $event_content, PDO::PARAM_STR);
$create_log->bindParam(5, $user_agent, PDO::PARAM_STR);
$create_log->bindParam(6, $user_host, PDO::PARAM_STR);
$create_log->bindParam(7, $user_ip_address, PDO::PARAM_STR);
$create_log->bindParam(8, $log_priority, PDO::PARAM_STR);
$create_log->bindParam(9, $log_title, PDO::PARAM_STR);
if ($create_log->execute()) {
# Do nothing, log was created!!! #
} else {
# Log failed to work..... log this in the admin logs.... hopefully it will work there?! #
if ($user_id > 0) {
/*username is valid... why else would the log fail?*/
if ($event_id > 0) {
/*NO other known reason this should be failing.*/
$this->security_log($user_id, 3, $create_log->errorInfo());
} else {
/*Invalid Event ID*/
$this->security_log($user_id, 2, $event_id);
}
} else {
/*Invalid User ID*/
$this->security_log(0, 1, $event_id);
}
}
}
