// Verify that user can afford this offer. if ($player_points >= $buy['points']) { $data = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$cid}';"); if (!$data) { die("0: Account is not converted to work with Znote AAC"); } $old_points = $data['points']; if ((int) $old_points != (int) $player_points) { die("1: Failed to equalize your points."); } // Remove points if they can afford // Give points to user $expense_points = $buy['points']; $new_points = $old_points - $expense_points; $update_account = mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='{$cid}'"); $data = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$cid}';"); $verify = $data['points']; if ((int) $old_points == (int) $verify) { die("2: Failed to equalize your points." . var_dump((int) $old_points, (int) $verify, $new_points, $expense_points)); } // Do the magic (insert into db, or change sex etc) // If type is 2 or 3 if ($buy['type'] == 2) { // Add premium days to account user_account_add_premdays($cid, $buy['count']); echo '<font color="green" size="4">You now have ' . $buy['count'] . ' additional days of premium membership.</font>'; } else { if ($buy['type'] == 3) { // Character Gender mysql_insert("INSERT INTO `znote_shop_orders` (`account_id`, `type`, `itemid`, `count`, `time`) VALUES ('{$cid}', '" . $buy['type'] . "', '" . $buy['itemid'] . "', '" . $buy['count'] . "', '{$time}')"); echo '<font color="green" size="4">You now have access to change character gender on your characters. Visit <a href="myaccount.php">My Account</a> to select character and change the gender.</font>';
function user_character_is_compatible($pid) { $data = mysql_select_single("SELECT COUNT(`player_id`) AS `count` from `znote_players` WHERE `player_id` = '{$pid}';"); return $data !== false ? $data['count'] : 0; }
function getCache() { $results = mysql_select_single("SELECT `cached` FROM `znote`;"); return $results !== false ? $results['cached'] : false; }
$newpass = rand(100000000, 999999999); $salt = ''; if ($config['TFSVersion'] != 'TFS_03') { // TFS 0.2 and 1.0 $password = sha1($newpass); } else { // TFS 0.3/4 if (config('salt') === true) { $saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='{$email}' LIMIT 1;"); if ($saltdata !== false) { $salt .= $saltdata['salt']; } } $password = sha1($salt . $newpass); } $user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name`, `a`.`id` AS `account_id` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '{$character}' AND `a`.`email` = '{$email}' AND `a`.`name` = '{$username}' LIMIT 1;"); if ($user !== false) { // Found user // Give him the new password mysql_update("UPDATE `accounts` SET `password`='{$password}' WHERE `id`='" . $user['account_id'] . "' LIMIT 1;"); // Send him a mail with the new password $mailer = new Mail($config['mailserver']); $title = "{$_SERVER['HTTP_HOST']}: Your new password"; $body = "<h1>Account Recovery</h1>"; $body .= "<p>Your new password is: <b>{$newpass}</b><br>"; $body .= "We recommend you to login and change it before you continue playing. <br>"; $body .= "Enjoy your stay at " . $config['mailserver']['fromName'] . ". <br>"; $body .= "<hr>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>"; $mailer->sendMail($email, $title, $body, $user['name']); ?> <h1>Account Found!</h1>
} //if (isset($_POST['name'])) $name = getValue($_POST['name']); // Stage 2: Fetch user id and skills $skills = false; $pid = 0; if ($name !== false) { if (user_character_exist($name)) { $pid = user_character_id($name); if ($config['TFSVersion'] != 'TFS_10') { $skills = mysql_select_multi("SELECT `value` FROM `player_skills` WHERE `player_id`='{$pid}' LIMIT 7;"); $player = mysql_select_single("SELECT `maglevel`, `level`, `vocation` FROM `players` WHERE `id`='{$pid}' LIMIT 1;"); $skills[] = array('value' => $player['maglevel']); $skills[] = array('value' => $player['level']); $skills[] = array('value' => $player['vocation']); } else { $player = mysql_select_single("SELECT `skill_fist`, `skill_club`, `skill_sword`, `skill_axe`, `skill_dist`, `skill_shielding`, `skill_fishing`, `maglevel`, `level`, `vocation` FROM `players` WHERE `id`='{$pid}' LIMIT 1;"); $skills = array(0 => array('value' => $player['skill_fist']), 1 => array('value' => $player['skill_club']), 2 => array('value' => $player['skill_sword']), 3 => array('value' => $player['skill_axe']), 4 => array('value' => $player['skill_dist']), 5 => array('value' => $player['skill_shielding']), 6 => array('value' => $player['skill_fishing']), 7 => array('value' => $player['maglevel']), 8 => array('value' => $player['level']), 9 => array('value' => $player['vocation'])); } //data_dump($skills, false, "Player skills"); } else { $name = false; } } ?> <form action="" method="<?php if (!$name) { echo "get"; } else { echo "post"; } ?>
include 'layout/overall/header.php'; protect_page(); admin_only($user_data); // Declare as int $view = isset($_GET['view']) && (int) $_GET['view'] > 0 ? (int) $_GET['view'] : false; if ($view !== false) { if (!empty($_POST['reply_text'])) { sanitize($_POST['reply_text']); // Save ticket reply on database $query = array('tid' => $view, 'username' => getValue($_POST['username']), 'message' => getValue($_POST['reply_text']), 'created' => time()); $fields = '`' . implode('`, `', array_keys($query)) . '`'; $data = '\'' . implode('\', \'', $query) . '\''; mysql_insert("INSERT INTO `znote_tickets_replies` ({$fields}) VALUES ({$data})"); mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`='{$view}' LIMIT 1;"); } $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='{$view}' LIMIT 1;"); ?> <h1>View Ticket #<?php echo $ticketData['id']; ?> </h1> <table class="znoteTable ThreadTable table table-striped"> <tr class="yellow"> <th> <?php echo getClock($ticketData['creation'], true); ?> - Created by: <?php echo $ticketData['username']; ?>
// POST update if ($changelogId > 0) { mysql_update("UPDATE `znote_changelog` SET `text`='{$changelogText}' WHERE `id`='{$changelogId}' LIMIT 1;"); echo "<h2>Changelog message updated!</h2>"; $updateCache = true; } else { // POST create $time = time(); mysql_insert("INSERT INTO `znote_changelog` (`text`, `time`, `report_id`, `status`) VALUES ('{$changelogText}', '{$time}', '0', '35');"); echo "<h2>Changelog message created!</h2>"; $updateCache = true; } } } if ($action === 2) { $old = mysql_select_single("SELECT `text` FROM `znote_changelog` WHERE `id`='{$changelogId}' LIMIT 1;"); } // HTML to create or update ?> <h3>Add or update changelog</h3> <form action="" method="POST"> <input name="changelogId" type="hidden" value="<?php echo $action === 2 ? $changelogId : 0; ?> "> <textarea rows="7" cols="40" maxlength="254" name="changelogText"><?php echo $action === 2 ? $old['text'] : ''; ?> </textarea><br> <input type="submit" value="Add or update changelog"> </form>
$oldname = $char_name; $newname = isset($_POST['newName']) ? getValue($_POST['newName']) : ''; $player = false; if ($config['TFSVersion'] === 'TFS_10') { $player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '{$oldname}'"); $player['online'] = user_is_online_10($player['id']) ? 1 : 0; } else { $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '{$oldname}'"); } // Check if user is online if ($player['online'] == 1) { $errors[] = 'Character must be offline first.'; } // Check if player has bough ticket $accountId = $player['account_id']; $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '{$accountId}' LIMIT 1;"); if ($order === false) { $errors[] = 'Did not find any name change tickets, buy them in our <a href="shop.php">shop!</a>'; } // Check if player and account matches if ($session_user_id != $accountId || $session_user_id != $order['account_id']) { $errors[] = 'Failed to sync your account. :|'; } $newname = validate_name($newname); if ($newname === false) { $errors[] = 'Your name can not contain more than 2 words.'; } else { if (empty($newname)) { $errors[] = 'Please enter a name!'; } else { if (user_character_exist($newname) !== false) {
} $errors[] = 'The password to the account of character name: ' . $_POST['reset_pass'] . ' has been set to: ' . $_POST['new_pass'] . '.'; } else { header('Location: changepassword.php'); exit; } } } // Give points to character if (empty($_POST['points_char']) === false && empty($_POST['points_value']) === false) { $char = sanitize($_POST['points_char']); $points = (int) $_POST['points_value']; data_dump($_POST, false, "post data"); $account = mysql_select_single("SELECT `account_id` FROM `players` WHERE `name`='{$char}' LIMIT 1;"); data_dump($account, false, "fetching account id from players table"); $znote_account = mysql_select_single("SELECT `id`, `points` FROM `znote_accounts` WHERE `account_id`='" . $account['account_id'] . "';"); data_dump($znote_account, false, "Fetching existing points from znote_accounts"); data_dump(array('Old:' => $znote_account['points'], 'New:' => $points, 'Total:' => $znote_account['points'] + $points), false, "Points calculation:"); $points += $znote_account['points']; mysql_update("UPDATE `znote_accounts` SET `points`='{$points}' WHERE `account_id`='" . $account['account_id'] . "';"); } // Set character position if (empty($_POST['position_name']) === false && empty($_POST['position_type']) === false) { if (user_character_exist($_POST['position_name'])) { if (array_key_exists($_POST['position_type'], $config['ingame_positions'])) { if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') { set_ingame_position($_POST['position_name'], $_POST['position_type']); } else { if ($config['TFSVersion'] == 'TFS_03') { set_ingame_position03($_POST['position_name'], $_POST['position_type']); }
function user_login_03($username, $password) { if (config('salt') === true) { $username = sanitize($username); $data = mysql_select_single("SELECT `salt`, `id`, `password`, `name` FROM `accounts` WHERE `name`='{$username}';"); $salt = $data['salt']; if (!empty($salt)) { $password = sha1($salt . $password); } else { $password = sha1($password); } return $data !== false && $data['name'] == $username && $data['password'] == $password ? $data['id'] : false; } else { return user_login($username, $password); } }
if (count($path) === 1) { $path = explode('\\', $entity->getPathname()); } $plugins[$path[1]] = $path[2]; } } } } $response['modules'] = $plugins; $response['data']['title'] = $config['site_title']; $response['data']['slogan'] = $config['site_title_context']; $response['data']['time'] = getClock(time(), false, true); $response['data']['time_formatted'] = getClock(time(), true, true); // Account count $accounts = mysql_select_single("SELECT COUNT('id') AS `count` FROM `accounts`;"); $response['data']['accounts'] = $accounts !== false ? $accounts['count'] : 0; // Player count $players = mysql_select_single("SELECT COUNT('id') AS `count` FROM `players`;"); $response['data']['players'] = $players !== false ? $players['count'] : 0; // online player count if ($config['TFSVersion'] != 'TFS_10') { $online = mysql_select_single("SELECT COUNT('id') AS `count` FROM `players` WHERE `status`='1';"); } else { $online = mysql_select_single("SELECT COUNT('player_id') AS `count` FROM `players_online`;"); } $response['data']['online'] = $online !== false ? $online['count'] : 0; $response['data']['client'] = $config['client']; $response['data']['port'] = $config['port']; $response['data']['guildwar'] = $config['guildwar_enabled']; $response['data']['forum'] = $config['forum']['enabled']; SendResponse($response);
<input name="create_thread_title" type="text" placeholder="Thread Subject" style="width: 592px;"><br><br> <textarea name="create_thread_text" style="width: 100%; height: 250px" placeholder="Message"></textarea><br> <br><input type="submit" value="Create Thread" class="btn btn-success"> </form> <?php } else { echo '<p><b><font color="red">Permission to create thread denied.</font></b></p>'; } } } else { ///////////////////// // When category is specified if ($getCat !== false) { $getCat = (int) $getCat; // Fetch category rules $category = mysql_select_single("SELECT `name`, `access`, `closed`, `hidden`, `guild_id` FROM `znote_forum` WHERE `id`='{$getCat}' AND `access`<='{$yourAccess}' LIMIT 1;"); if ($category !== false && $category['guild_id'] > 0 && !$admin) { $access = false; foreach ($charData as $char) { if ($category['guild_id'] == $char['guild']) { $access = true; } } if ($access !== true) { $category = false; } } if ($category !== false) { // TODO : Verify guild access //foreach($charData) echo "<strong><a href='forum.php'>Forum</a> » " . $category['name'] . "</strong><br><br>";
} } ?> <!-- leave guild with character --> <?php $bool = false; if (user_logged_in() === true) { for ($i = 0; $i < $char_count; $i++) { foreach ($players as $player) { if ($player['name'] == $characters[$i]) { $bool = true; } } } if ($bool) { $forumExist = mysql_select_single("SELECT `id` FROM `znote_forum` WHERE `guild_id`='{$gid}' LIMIT 1;"); if ($forumExist !== false) { ?> - <font size="4"><a href="forum.php?cat=<?php echo $forumExist['id']; ?> ">Visit Guild Board</a></font><br><br><br><?php } ?> <form action="" method="post"> <ul> <li> Leave Guild:<br> <select name="leave_guild"> <option disabled>With...</option>
if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') { $login = user_login($username, $password); } else { if ($config['TFSVersion'] == 'TFS_03') { $login = user_login_03($username, $password); } else { $login = false; } } if ($login === false) { $errors[] = 'Username and password combination is wrong.'; } else { // Check if user have access to login $status = false; if ($config['mailserver']['register']) { $authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='{$login}' AND `active`='1' LIMIT 1;"); if ($authenticate !== false) { $status = true; } else { $errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account."; } } else { $status = true; } if ($status) { setSession('user_id', $login); // if IP is not set (etc acc created before Znote AAC was in use) $znote_data = user_znote_account_data($login); if ($znote_data['ip'] == 0) { $update_data = array('ip' => ip2long(getIP())); user_update_znote_account($update_data);
/* PLAYER SKILLS REPAIR SCRIPT IF YOU SOMEHOW DELETE PLAYER SKILLS --------------------------------------------------------------- Place in root web directory, login to admin account, and enter site.com/repairSkills.php (with big S). */ protect_page(); admin_only($user_data); $Splayers = 0; $Salready = 0; $Sfixed = 0; $players = mysql_select_multi("SELECT `id` FROM `players`;"); if ($players !== false) { $Splayers = count($players); foreach ($players as $char) { // Check if player have skills $skills = mysql_select_single("SELECT `value` FROM `player_skills` WHERE `player_id`='" . $char['id'] . "' AND `skillid`='2' LIMIT 1;"); // If he dont have any skills if ($skills === false) { $Sfixed++; // Loop through every skill id and give him default skills. $query = "INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES "; for ($i = 0; $i < 7; $i++) { if ($i != 6) { $query .= "('" . $char['id'] . "', '{$i}', '10', '0'), "; } else { $query .= "('" . $char['id'] . "', '{$i}', '10', '0');"; } } mysql_insert($query); } else { $Salready++;
$results[$i]['forum_id'] = false; } else { $results[$i]['title'] = stripBBCode($results[$i]['title']); $results[$i]['text'] = stripBBCode($results[$i]['text']); } } //if ($results !== false) data_dump($results, false, "Search results"); //else echo "<br><b>No results.</b>"; break; case 6: // Search posts $results = mysql_select_multi("SELECT `thread_id`, `player_name`, `text` FROM `znote_forum_posts` ORDER BY `id` DESC LIMIT {$searchResults};"); // Missing ['forum_id'], ['title'], lets get them for ($i = 0; $i < count($results); $i++) { // $results[$i]['asd'] $thread = mysql_select_single("SELECT `forum_id`, `title` FROM `znote_forum_threads` WHERE `id`='" . $results[$i]['thread_id'] . "' LIMIT 1;"); if ($thread !== false) { $results[$i]['forum_id'] = $thread['forum_id']; $results[$i]['title'] = $thread['title']; if (!in_array($results[$i]['forum_id'], $allowedForums)) { $results[$i]['forum_id'] = false; } else { $results[$i]['title'] = stripBBCode($results[$i]['title']); $results[$i]['text'] = stripBBCode($results[$i]['text']); } } else { $results[$i]['forum_id'] = false; } } // DONE. :) //data_dump(false, $results, "DATA");
} if ($updatechangelog) { // Cache changelog $cache = new Cache('engine/cache/changelog'); $cache->setContent(mysql_select_multi("SELECT `id`, `text`, `time`, `report_id`, `status` FROM `znote_changelog` ORDER BY `id` DESC;")); $cache->save(); } } // If we should give user price if ($price > 0) { $account = mysql_select_single("SELECT `a`.`id`, `a`.`email` FROM `accounts` AS `a` \n INNER JOIN `players` AS `p` ON `p`.`account_id` = `a`.`id`\n WHERE `p`.`name` = '{$playerName}' LIMIT 1;"); if ($account !== false) { // transaction log mysql_insert("INSERT INTO `znote_paypal` VALUES ('', '{$reportId}', 'report@admin." . $user_data['name'] . " to " . $account['email'] . "', '" . $account['id'] . "', '0', '" . $price . "')"); // Process payment $data = mysql_select_single("SELECT `points` AS `old_points` FROM `znote_accounts` WHERE `account_id`='" . $account['id'] . "';"); // Give points to user $new_points = $data['old_points'] + $price; mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='" . $account['id'] . "'"); // Remind GM that he sent points to character echo "<font color='green' size='5'>" . $playerName . " has been granted " . $price . " points for his reports.</font>"; } } // GET logic (Edit report data and specify how many [if any] points to give to user) } elseif (!empty($_GET)) { // Fetch GET data $action = getValue($_GET['action']); $playerName = getValue($_GET['name']); $reportId = getValue($_GET['id']); // Fetch the report we intend to modify foreach ($reports as $sid => $sa) {
if ($ticketData['status'] !== 'CLOSED') { ?> <form action="" method="post"> <input type="hidden" name="username" value="<?php echo $ticketData['username']; ?> "><br> <textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br> <input name="" type="submit" value="Post Reply" class="btn btn-primary"> </form> <?php } ?> <?php } else { $account = mysql_select_single("SELECT name,email FROM accounts WHERE id = {$session_user_id}"); if (!empty($_POST)) { $required_fields = array('username', 'email', 'subject', 'message'); foreach ($_POST as $key => $value) { if (empty($value) && in_array($key, $required_fields) === true) { $errors[] = 'You need to fill in all fields.'; break 1; } } // check errors (= user exist, pass long enough if (empty($errors) === true) { /* Token used for cross site scripting security */ if (!Token::isValid($_POST['token'])) { $errors[] = 'Token is invalid.'; } if ($config['use_captcha']) {
?> <h3 class="header-ok">Achievements</h3> <div id="accordion"> <h3>Show/hide player achievements</h3> <div> <table class="table table-striped table-bordered"> <tbody> <style> #secondD { margin-left:0px; } </style> <?php foreach ($config['achievements'] as $key => $achiv) { $uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='{$user_id}' AND `key`='{$key}' LIMIT 1;"); foreach ($uery as $luery) { if ($luery == $key) { if (!array_key_exists($achiv, $config['achievements'])) { echo '<tr><td width="17%">' . $achiv[0] . '</td><td>' . $achiv[1] . '</td>'; if ($achiv['secret'] == true) { echo '<td><img id="secondD" src="http://img04.imgland.net/PuMz0mVqSG.gif"></td>'; echo '<td>' . $achiv['points'] . '</td>'; } else { echo '<td></td><td>' . $achiv['points'] . '</td>'; } echo '<tr>'; } } } }
if (isset($_GET['success']) && empty($_GET['success'])) { if ($config['mailserver']['register']) { ?> <h1>Email authentication required</h1> <p>We have sent you an email with an activation link to your submitted email address.</p> <p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p> <?php } else { echo 'Congratulations! Your account has been created. You may now login to create a character.'; } } elseif (isset($_GET['authenticate']) && empty($_GET['authenticate'])) { // Authenticate user, fetch user id and activation key $auid = isset($_GET['u']) && (int) $_GET['u'] > 0 ? (int) $_GET['u'] : false; $akey = isset($_GET['k']) && (int) $_GET['k'] > 0 ? (int) $_GET['k'] : false; // Find a match $user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='{$auid}' AND `activekey`='{$akey}' AND `active`='0' LIMIT 1;"); if ($user !== false) { $user = $user['id']; // Enable the account to login mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='{$user}' LIMIT 1;"); echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>'; } else { echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>'; } } else { if (empty($_POST) === false && empty($errors) === true) { if ($config['log_ip']) { znote_visitor_insert_detailed_data(1); } //Register $register_data = array('name' => $_POST['username'], 'password' => $_POST['password'], 'email' => $_POST['email'], 'ip' => ip2long(getIP()), 'created' => time());
</li> <li><b>Rent</b>: <?php echo $house['rent']; ?> </li> </ul> <?php // AUCTION MARKUP INIT if ($house['owner'] == 0) { ?> <h2>This house is up on auction!</h2> <?php if ($house['highest_bidder'] == 0) { echo "<b>This house don't have any bidders yet.</b>"; } else { $bidder = mysql_select_single("SELECT `name` FROM `players` WHERE `id`='" . $house['highest_bidder'] . "' LIMIT 1;"); echo "<b>This house have bidders! If you want this house, now is your chance!</b>"; echo "<br><b>Active bid:</b> " . $house['last_bid'] . "gp"; echo "<br><b>Active bid by:</b> <a href='characterprofile.php?name=" . $bidder['name'] . "' target='_BLANK'>" . $bidder['name'] . "</a>"; echo "<br><b>Bid will end on:</b> " . getClock($house['bid_end'], true); } if ($house['bid_end'] == 0 || $house['bid_end'] > time()) { if (user_logged_in()) { // Your characters, indexed by char_id $yourChars = mysql_select_multi("SELECT `id`, `name`, `balance` FROM `players` WHERE `account_id`='" . $user_data['id'] . "';"); if ($yourChars !== false) { $charData = array(); foreach ($yourChars as $char) { $charData[$char['id']] = $char; } ?>
<td>Status</td> </tr> <?php // Rolling through quests foreach ($quests as $key => $quest) { // Is quest NOT an array (advanced quest?) if (!is_array($quest)) { // Query to find quest results $query = mysql_select_single("SELECT `value` FROM `player_storage` WHERE `key`='{$quest}' AND `player_id`='{$user_id}' AND `value`='1' LIMIT 1;"); if ($query !== false) { $quest = $completed; } else { $quest = $notstarted; } } else { $query = mysql_select_single("SELECT `value` FROM `player_storage` WHERE `key`='" . $quest[0] . "' AND `player_id`='{$user_id}' AND `value`>'0' LIMIT 1;"); if (!$query) { $quest = $notstarted; } else { if ($query['value'] >= $quest[1]) { $quest = $completed; } else { $quest = Progress($query['value'], $quest[1]); } } } ?> <tr> <td><?php echo $key; ?>
require 'config.php'; require 'engine/database/connect.php'; // check that the request comes from PayGol server if (!in_array($_SERVER['REMOTE_ADDR'], array('109.70.3.48', '109.70.3.146', '109.70.3.58'))) { header("HTTP/1.0 403 Forbidden"); die("Error: Unknown IP"); } // get the variables from PayGol system $message_id = $_GET['message_id']; $service_id = $_GET['service_id']; $shortcode = $_GET['shortcode']; $keyword = $_GET['keyword']; $message = $_GET['message']; $sender = $_GET['sender']; $operator = $_GET['operator']; $country = $_GET['country']; $custom = $_GET['custom']; $points = $_GET['points']; $price = $_GET['price']; $currency = $_GET['currency']; $paygol = $config['paygol']; $new_points = $paygol['points']; // Update logs: mysql_insert("INSERT INTO `znote_paygol` VALUES ('', '{$custom}', '{$price}', '{$new_points}', '{$message_id}', '{$service_id}', '{$shortcode}', '{$keyword}', '{$message}', '{$sender}', '{$operator}', '{$country}', '{$currency}')"); // Fetch points $account = mysql_select_single("SELECT `points` FROM `znote_accounts` WHERE `account_id`='{$custom}';"); // Calculate new points $new_points = $account['points'] + $new_points; // Update new points mysql_update("UPDATE `znote_accounts` SET `points`='{$new_points}' WHERE `account_id`='{$custom}'");
/** * Create player. * * @param none * @access public * @return bool $status **/ public function create() { // If player already have an id, the player already exist. if (is_null($this->_playerdata['id']) && is_string($this->_playerdata['name'])) { // Confirm player does not exist $name = format_character_name($this->_playerdata['name']); $name = validate_name($name); $name = sanitize($name); $exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='{$name}' LIMIT 1;"); if ($exist !== false) { $this->errors[] = "A player with the name [{$name}] already exist."; return false; } $config = fullConfig(); if (user_character_exist($_POST['name']) !== false) { $errors[] = 'Sorry, that character name already exist.'; } if (!preg_match("/^[a-zA-Z_ ]+\$/", $_POST['name'])) { $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; } if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) { $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.'; } // name restriction $resname = explode(" ", $_POST['name']); foreach ($resname as $res) { if (in_array(strtolower($res), $config['invalidNameTags'])) { $errors[] = 'Your username contains a restricted word.'; } else { if (strlen($res) == 1) { $errors[] = 'Too short words in your name.'; } } } // Validate vocation id if (!in_array((int) $_POST['selected_vocation'], $config['available_vocations'])) { $errors[] = 'Permission Denied. Wrong vocation.'; } // Validate town id if (!in_array((int) $_POST['selected_town'], $config['available_towns'])) { $errors[] = 'Permission Denied. Wrong town.'; } // Validate gender id if (!in_array((int) $_POST['selected_gender'], array(0, 1))) { $errors[] = 'Permission Denied. Wrong gender.'; } if (vocation_id_to_name($_POST['selected_vocation']) === false) { $errors[] = 'Failed to recognize that vocation, does it exist?'; } if (town_id_to_name($_POST['selected_town']) === false) { $errors[] = 'Failed to recognize that town, does it exist?'; } if (gender_exist($_POST['selected_gender']) === false) { $errors[] = 'Failed to recognize that gender, does it exist?'; } // Char count $char_count = user_character_list_count($session_user_id); if ($char_count >= $config['max_characters']) { $errors[] = 'Your account is not allowed to have more than ' . $config['max_characters'] . ' characters.'; } if (validate_ip(getIP()) === false && $config['validate_IP'] === true) { $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).'; } echo "create player"; // Make sure all neccesary values are set //Register $character_data = array('name' => format_character_name($_POST['name']), 'account_id' => $session_user_id, 'vocation' => $_POST['selected_vocation'], 'town_id' => $_POST['selected_town'], 'sex' => $_POST['selected_gender'], 'lastip' => ip2long(getIP()), 'created' => time()); array_walk($character_data, 'array_sanitize'); $cnf = fullConfig(); if ($character_data['sex'] == 1) { $outfit_type = $cnf['maleOutfitId']; } else { $outfit_type = $cnf['femaleOutfitId']; } // Create the player } else { echo "Player already exist."; return false; } }