$Joueur['Suppr'] = sqlesc($_POST['Suppr' . $i]);
$Joueur['pass'] = sqlesc($_POST['pass' . $i]);
$i++;
$modif = false;
foreach ($Joueur as $k => $v) {
if ($v != $OldJoueur[$k]) {
$modif = true;
break;
}
}
if ($modif) {
DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `Points`=\'' . $Joueur['ModifPoints'] . '\', `Grade`=\'' . $Joueur['ModifGrade'] . '\', `Race`=\'' . $Joueur['ModifRace'] . '\' WHERE `Joueur`=\'' . $Joueur['ID'] . '\'');
DataEngine::sql_spool('UPDATE `SQL_PREFIX_Users` SET `Permission`=\'' . $Joueur['ModifPermission'] . '\' WHERE `Login`=\'' . $Joueur['ID'] . '\'');
}
if ($Joueur['pass'] && Members::CheckPerms('MEMBRES_NEWPASS')) {
DataEngine::sql_spool('UPDATE `SQL_PREFIX_Users` SET `Password`=md5(\'' . $Joueur['pass'] . '\') WHERE `Login`=\'' . $Joueur['ID'] . '\'');
}
if ($Joueur['Suppr'] && Members::CheckPerms('MEMBRES_DELETE')) {
Members::DeleteUser($Joueur['ID']);
}
}
//while
if (DataEngine::has_sql_spool()) {
DataEngine::sql_do_spool();
}
}
//if
$mysql_result = DataEngine::sql('SELECT `GradeId`, `Grade`, `Niveau`, `Rattachement` from `SQL_PREFIX_Grade` ORDER BY `Rattachement`, `Niveau`');
$i = 0;
while ($ligne = mysql_fetch_assoc($mysql_result)) {
$Grades[] = $ligne;
$login = sqlesc(mb_strtolower($_POST['login'], 'utf8'), false);
$mdp = md5($_POST['mdp']);
$query = 'SELECT LOWER(u.`Login`) as `Login`, u.`Permission`, m.`carte_prefs` from `SQL_PREFIX_Users` u, `SQL_PREFIX_Membres` m WHERE LOWER(u.`Login`)=LOWER(\'' . $login . '\') AND u.`Password`=\'' . $mdp . '\' AND (m.`Joueur`=LOWER(\'' . $login . '\'))';
$mysql_result = DataEngine::sql($query);
$ligne = mysql_fetch_assoc($mysql_result);
if (is_array($ligne) && $ligne['Login'] == $login) {
// session valide
$validsession = true;
$_SESSION['_login'] = $login;
$_SESSION['_pass'] = $mdp;
$_SESSION['_Perm'] = $ligne['Permission'];
$_SESSION['carte_prefs'] = $ligne['carte_prefs'];
$_SESSION['_IP'] = Get_IP();
$_SESSION['_permkey'] = sha1($mdp . $_SESSION['_IP']);
DataEngine::sql_spool('INSERT INTO `SQL_PREFIX_Log` (`DATE`,`log`,`IP`) VALUES(NOW(),\'login:'******'\',\'' . $_SESSION['_IP'] . '\')');
DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `Date`=now() WHERE `Joueur`=\'' . $login . '\'');
} else {
// login/pass pas bon...
$validsession = -1;
$login_msg = $lng['wronglogin'];
$query = 'INSERT INTO `SQL_PREFIX_Log` (`DATE`,`log`,`IP`) VALUES(NOW(),"login,err:' . $login . '",\'' . Get_IP() . '\')';
DataEngine::sql($query);
}
}
// Vérification de session, si existante et si elle viens pas d'être validé ;)
if ($validsession === false && isset($_SESSION['_login']) && $_SESSION['_login'] != "") {
$login = $_SESSION['_login'];
$mdp = $_SESSION['_pass'];
$query = 'SELECT LOWER(u.`Login`) as `Login`, u.`Permission`, m.`carte_prefs` from `SQL_PREFIX_Users` u, `SQL_PREFIX_Membres` m WHERE LOWER(u.`Login`)=LOWER(\'' . $login . '\') AND u.`Password`=\'' . $mdp . '\' AND (m.`Joueur`=LOWER(\'' . $login . '\'))';
$mysql_result = DataEngine::sql($query);
// or mysql_die($query,__file__,__line__);
public function save_prefs()
{
$this->perms_prefs();
$tmp = implode(';', array($this->vortex, $this->joueur, $this->planete, $this->asteroide, $this->sc, $this->taille, $this->pnj, $this->ennemis, $this->allys));
if ($_SESSION['carte_prefs'] != $tmp || $_SESSION['carte_prefs'] == '') {
DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `carte_prefs`=\'' . $tmp . '\' WHERE `Joueur`=\'' . $_SESSION['_login'] . '\'');
}
}
/**
* lance le spool de requète sql
*/
public static function sql_do_spool()
{
$spoolactive = false;
if (count(self::$conf_save) > 0) {
foreach (self::$conf_save as $key => $value) {
self::sql_spool('UPDATE `SQL_PREFIX_Config` SET `value` =\'' . sqlesc(serialize($value)) . '\' WHERE `key`=\'' . $key . '\' LIMIT 1');
}
self::$conf_save = array();
}
if (count(self::$sql_spool) > 0) {
if (IN_DEV) {
self::$sqls[] = array(0, 'Spooler...');
$spoolactive = true;
}
foreach (self::$sql_spool as $sql) {
$time = microtime(true);
$sql = str_replace('SQL_PREFIX_', SQL_PREFIX_, $sql);
mysql_unbuffered_query($sql);
$time = round((microtime(true) - $time) * 1000, 3);
if (IN_DEV) {
self::$sqls[] = array($time, $sql);
}
}
self::$sql_spool = array();
}
if (class_exists('cartographie')) {
cartographie::getinstance()->do_spooler();
}
if (IN_DEV && $spoolactive) {
self::$sqls[] = array(0, '...Spooler');
}
}
public function Log($value)
{
$value = sqlesc($value);
$query = sprintf('INSERT INTO `SQL_PREFIX_Log` (`DATE`,`log`,`IP`) VALUES(NOW(),\'cron: %s (%1.4fsec.)\',\'%s\')', $value, microtime(true) - START, Get_IP());
DataEngine::sql_spool($query);
}
header('HTTP/1.1 403 Forbidden');
output::_DoOutput("<eude><alert>{$lng['err_wrongserver']}</alert><GM_active>0</GM_active></eude>");
}
$xml = array();
$carto = cartographie::getinstance();
switch ($_GET['act']) {
case 'init':
//-------------------------------------------------------------
$xml['GM_galaxy_info'] = Members::CheckPerms('CARTOGRAPHIE_PLAYERS') ? '1' : '0';
$xml['GM_planet_info'] = Members::CheckPerms('CARTOGRAPHIE_PLANETS') ? '1' : '0';
$xml['GM_asteroid_info'] = Members::CheckPerms('CARTOGRAPHIE_ASTEROID') ? '1' : '0';
$xml['GM_pnj_info'] = Members::CheckPerms('CARTOGRAPHIE_PNJ') ? '1' : '0';
$xml['GM_troops_battle'] = Members::CheckPerms('PERSO_TROOPS_BATTLE') ? '1' : '0';
$xml['GM_empire_maj'] = Members::CheckPerms('EMPIRE_GREASE') ? '1' : '0';
DataEngine::sql_spool('INSERT INTO `SQL_PREFIX_Log` (`DATE`,`LOGIN`,`IP`) VALUES(NOW(),\'gm:' . sqlesc($_SESSION['_login']) . '\',\'' . $_SESSION['_IP'] . '\')');
DataEngine::sql_spool('UPDATE `SQL_PREFIX_Membres` SET `Date`=now() WHERE `Joueur`=\'' . sqlesc($_SESSION['_login']) . '\'');
case 'config':
//-----------------------------------------------------------
$msg = $xml['log'] = $lng['config_helloworld'];
$xml['logtype'] = 'none';
$xml['GM_active'] = '1';
break;
case 'mafiche':
//----------------------------------------------------------
$query = <<<q
UPDATE `SQL_PREFIX_Membres` SET `POINTS`='%d',
`Economie`='%d', `Commerce`='%d', `Recherche`='%d', `Combat`='%d',
`Construction`='%s', `Navigation`='%d', `Race`='%s',
`Titre`='%s', `GameGrade`='%s', `pts_architecte`='%d', `pts_mineur`='%d',
`pts_science`='%d', `pts_commercant`='%d', `pts_amiral`='%d',
`pts_guerrier`='%d', `Date`=now() WHERE `Joueur`='%s'
