示例#1
0
function doCheckLogin()
{
    global $config;
    if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
        return;
    }
    $username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
    $password = stripslashes(@$_POST[LOGIN_FORM_PASSWORD]);
    session_init();
    if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
        echo '<p style="color: red;">PHP Session seems to have failed!</p>';
        CSRF::ValidateToken();
        exit;
    }
    CSRF::ValidateToken();
    $password = md5($password);
    $config['user']->doLogin($username, $password);
    if ($config['user']->isOk() && getVar('error') == '') {
        // success
        $lastpage = getLastPage();
        if (strpos($lastpage, 'login') !== FALSE) {
            $lastpage = './';
        }
        ForwardTo($lastpage);
        exit;
    }
    unset($username, $password);
}
示例#2
0
 public function Display()
 {
     global $config, $lpaths;
     // render header/footer
     $this->outputs['header'] = RenderHTML::LoadHTML('header.php');
     $this->outputs['footer'] = RenderHTML::LoadHTML('footer.php');
     $this->outputs['header'] = str_replace('{AddToHeader}', $this->tempHeader, $this->outputs['header']);
     // insert css
     $this->outputs['css'] = trim($this->outputs['css']);
     if (!empty($this->outputs['css'])) {
         $this->outputs['css'] = "\n" . $this->outputs['css'] . "\n";
     }
     $this->outputs['header'] = str_replace('{css}', $this->outputs['css'], $this->outputs['header']);
     // common tags
     $this->tags['site title'] = $config['site title'];
     $this->tags['page title'] = $config['title'];
     $this->tags['lastpage'] = getLastPage();
     $this->tags['sitepage title'] = $config['site title'] . (empty($config['title']) ? '' : ' - ' . $config['title']);
     $this->tags['token'] = CSRF::getTokenURL();
     $this->tags['token form'] = CSRF::getTokenForm();
     // finish rendering page
     $output = $this->outputs['header'] . "\n" . $this->outputs['body'] . "\n" . $this->outputs['footer'] . "\n";
     RenderHTML::RenderTags($output, $this->tags);
     echo $output;
     unset($output, $this->outputs);
 }
function doChangePassword()
{
    global $config;
    if (!isset($_POST[CHANGEPASS_FORM_PASSWORD]) || !isset($_POST[CHANGEPASS_FORM_CONFIRM])) {
        return NULL;
    }
    $password = trim(stripslashes(@$_POST[CHANGEPASS_FORM_PASSWORD]));
    $confirm = trim(stripslashes(@$_POST[CHANGEPASS_FORM_CONFIRM]));
    unset($_POST[CHANGEPASS_FORM_PASSWORD]);
    unset($_POST[CHANGEPASS_FORM_CONFIRM]);
    session_init();
    if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
        echo '<p style="color: red;">PHP Session seems to have failed!</p>';
        CSRF::ValidateToken();
        exit;
    }
    CSRF::ValidateToken();
    // check passwords match
    if ($password !== $confirm) {
        $_SESSION['error'][] = 'Passwords don\'t match. Please try again.';
        return FALSE;
    }
    // check password length
    if (strlen($password) < 6) {
        $_SESSION['error'][] = 'Password is to short, must be at least 6 characters long.';
        return FALSE;
    }
    // update password in database
    $result = $config['user']->ChangePassword(md5($password));
    // successful change
    if ($result !== FALSE) {
        // password has been changed
        $_SESSION['Temp Pass'] = FALSE;
        $lastpage = getLastPage();
        if (strpos($lastpage, 'login') !== FALSE || strpos($lastpage, 'changepass') !== FALSE) {
            $lastpage = './';
        }
        ForwardTo($lastpage);
        exit;
    }
    return FALSE;
}
示例#4
0
function doCheckLogin()
{
    global $config;
    if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
        return NULL;
    }
    $username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
    $password = trim(stripslashes(@$_POST[LOGIN_FORM_PASSWORD]));
    unset($_POST[LOGIN_FORM_PASSWORD]);
    session_init();
    if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
        echo '<p style="color: red;">PHP Session seems to have failed!</p>';
        CSRF::ValidateToken();
        exit;
    }
    CSRF::ValidateToken();
    // check hashed password
    $result = $config['user']->doLogin($username, md5($password));
    // try temporary password
    if ($result !== TRUE && strlen($password) < 32) {
        //    unset($_GET['error']);
        $result = $config['user']->doLogin($username, $password);
        if ($result === TRUE && $config['user']->isOk() && getVar('error') == '') {
            $_SESSION['Temp Pass'] = TRUE;
            unset($_SESSION['error']);
        }
    }
    // successful login
    if ($result !== FALSE && $config['user']->isOk() && getVar('error') == '') {
        $lastpage = getLastPage();
        if (strpos($lastpage, 'login') !== FALSE) {
            $lastpage = './';
        }
        ForwardTo($lastpage);
        exit;
    }
    unset($username, $password);
    return TRUE;
}
示例#5
0
    }
    echo $config['error'];
    exit;
}
if ($config['action'] == 'cancel') {
    CSRF::ValidateToken();
    // inventory is locked
    if ($config['user']->isLocked()) {
        echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
        ForwardTo(getLastPage(), 4);
        exit;
    }
    // cancel auction
    if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
        echo '<center><h2>Auction canceled!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
        ForwardTo(getLastPage(), 2);
        exit;
    }
    echo $config['error'];
    exit;
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
    global $config, $html;
    //file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
    header('Content-Type: text/plain');
    // list auctions
    $auctions = QueryAuctions::QueryCurrent();
    $TotalDisplaying = QueryAuctions::TotalDisplaying();
    $TotalAllRows = QueryAuctions::TotalAllRows();
            $_SESSION['success'][] = 'Auction purchased successfully!';
            ForwardTo(getLastPage(), 0);
            exit;
        }
    }
}
if ($config['action'] == 'cancel') {
    CSRF::ValidateToken();
    // inventory is locked
    if ($config['user']->isLocked()) {
        $_SESSION['error'][] = 'Your inventory is currently locked.<br />Please close your in game inventory and try again.';
    } else {
        // cancel auction
        if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
            $_SESSION['success'][] = 'Auction canceled!';
            ForwardTo(getLastPage(), 0);
            exit;
        }
    }
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
    global $config, $html;
    //file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
    header('Content-Type: text/plain');
    // list auctions
    $auctions = QueryAuctions::QueryCurrent();
    $TotalDisplaying = QueryAuctions::TotalDisplaying();
    $TotalAllRows = QueryAuctions::TotalAllRows();
    $outputRows = "{\n" . "\t" . '"iTotalDisplayRecords" : ' . $TotalDisplaying . ",\n" . "\t" . '"iTotalRecords" : ' . $TotalAllRows . ",\n" . "\t" . '"sEcho" : ' . (int) getVar('sEcho', 'int') . ",\n" . "\t" . '"aaData" : [' . "\n";
示例#7
0
<?php

// do logout
CSRF::ValidateToken();
global $config;
$config['user']->doLogout();
ForwardTo(getLastPage());
exit;
示例#8
0
function RenderPage_sell()
{
    global $config, $html, $user, $settings;
    $output = '';
    $id = getVar('id', 'int');
    $qty = getVar('qty');
    $priceEach = getVar('price', 'double');
    // query item
    $Item = QueryItems::QuerySingle($user->getName(), $id);
    if (!$Item) {
        return '<h2 style="text-align: center;">The item you\'re trying to sell couldn\'t be found!</h2>';
    }
    //echo '<pre>';print_r($Item);exit();
    if (empty($qty)) {
        $qty = $Item->getItemQty();
    }
    if ($priceEach == 0.0) {
        $priceEach = '';
        $priceTotal = '';
    } else {
        $priceTotal = (double) $priceEach * (double) $qty;
    }
    $html->addToHeader('
<script type="text/javascript" language="javascript">
function updateTotal(thisfield,otherfieldid){
  otherfield = document.getElementById(otherfieldid);
  document.getElementById("pricetotal").innerHTML = (thisfield.value * otherfield.value).toFixed(2);
//  $("pricetotal").update( thisfield.value * otherfield.value );
}
</script>
');
    //if(isset($_SESSION['error'])) {
    //  $output.='<p style="color:red">'.$_SESSION['error'].'</p>';
    //  unset($_SESSION['error']);
    //}
    //if(isset($_SESSION['success'])) {
    //  $output.='<p style="color: green;">'.$_SESSION['success'].'</p>';
    //  unset($_SESSION['success']);
    //}
    $output .= '
<!-- mainTable example -->
<form action="./" method="post">
{token form}
<input type="hidden" name="page"     value="' . $config['page'] . '" />
<input type="hidden" name="action"   value="newauction" />
<input type="hidden" name="lastpage" value="' . getLastPage() . '" />
<input type="hidden" name="id"       value="' . getVar('id', 'int') . '" />
<table border="0" cellpadding="0" cellspacing="0" id="createauctionTable">
';
    // input errors
    if (!isset($config['error'])) {
        if (!$user->hasPerms('canSell')) {
            $config['error'] = 'You don\'t have permission to sell.';
        }
    }
    if (isset($config['error'])) {
        $output .= '<tr><td align="center" style="padding-top: 20px; color: red; font-size: larger;">' . $config['error'] . '</td></tr>';
    }
    // add enchantments to this link!
    //  '<a href="./?page=graph&amp;name='.((int)$Item->getItemId()).'&amp;damage='.$Item->getItemDamage().'">'.' .
    $output .= '
<tr><td align="center"><h2>Create a New Auction</h2></td></tr>
<tr><td align="center"><div class="input" style="width: 150px; padding-top: 15px; padding-bottom: 15px; text-align: center;">' . $Item->getDisplay() . '</div></td></tr>
<tr><td height="20"></td></tr>

<tr><td align="center"><b>You have <font size="+2">' . (int) $Item->getItemQty() . '</font> items</b></td></tr>
<tr><td><table border="0" cellpadding="0" cellspacing="10" align="center">
<tr>
  <td align="right"><b>Quantity:</b></td>
  <td><div style="position: absolute; margin-top: 10px; margin-left: 8px; font-size: larger; font-weight: bold;">x</div>' . '<input type="text" name="qty" value="' . (int) $qty . '" id="qty" class="input" style="width: 160px; text-align: center;" ' . 'onkeypress="return numbersonly(this, event);" onkeyup="updateTotal(this,\'price\');" /></td>
</tr>
<tr>
  <td align="right"><b>Price Each:</b></td>
  <td><div style="position: absolute; margin-top: 8px; margin-left: 8px; font-size: larger; font-weight: bold;">' . SettingsClass::getString('Currency Prefix') . '</div>' . '<input type="text" name="price" value="' . $priceEach . '" id="price" class="input" style="width: 160px; text-align: center;" ' . 'onkeypress="return numbersonly(this, event);" onkeyup="updateTotal(this,\'qty\');" />' . '<b>&nbsp;' . SettingsClass::getString('Currency Postfix') . '</b></td>
</tr>
<tr>
  <td align="right"><b>Price Total:</b></td>
  <td><div style="position: absolute; margin-top: 8px; margin-left: 8px; font-size: larger; font-weight: bold;">' . SettingsClass::getString('Currency Prefix') . '</div>' . '<div id="pricetotal" class="input" style="float: left; width: 160px; text-align: center; font-size: larger; font-weight: bold;">&nbsp;</div>' . '<div style="margin-top: 8px;"><b>&nbsp;' . SettingsClass::getString('Currency Postfix') . '</b></div></td>
</tr>
</table></td></tr>
<tr><td height="20"></td></tr>
';
    // custom descriptions
    if (SettingsClass::getString('Custom Descriptions')) {
        $output .= '
<tr><td colspan="2" align="center">&nbsp;&nbsp;<b>Description:</b> (optional)</td></tr>
<tr><td height="10"></td></tr>
<tr><td colspan="2" align="center"><textarea name="desc" class="input" style="width: 80%; height: 55px;" readonly>Coming soon!</textarea></td></tr>
<tr><td height="30"></td></tr>
';
    }
    $output .= '
<tr><td colspan="2" align="center"><input type="submit" value="Create Auction" class="input" /></td></tr>
<tr><td height="30"></td></tr>
</table>
</form>
';
    unset($Item);
    return $output;
}