public function Enter() { global $Template, $Database, $BaseURL; $Arguments = func_get_args(); if (count($Arguments) > 1) { MessageHandler::HandleUserError("Argument not specified."); return; } $WorldID = intval($Arguments[0]); $WorldQuery = "SELECT * FROM worlds WHERE WorldID = '{$WorldID}'"; $WorldQuery = $Database->Query($WorldQuery); if (mysql_num_rows($WorldQuery) < 1) { MessageHandler::HandleUserError("The world you requested to enter does not exist!"); return; } if ($World = mysql_fetch_array($WorldQuery)) { if ($World['MinLevel'] > $_SESSION['CharacterInfo']['Level']) { MessageHandler::HandleUserError("Your level is not suitable for this world. Dangerous monsters lie there."); return; } $_SESSION['CurrentWorld'] = $World['WorldID']; header("Location: {$BaseURL}/index.php/Worlds/View/{$World['WorldID']}"); return; } }
public function _do() { global $Database, $Template; $Template->set_filenames(array('register' => 'templates/register.html', 'register_successfull' => 'templates/regsuccess.html')); $Username = mysql_real_escape_string($_POST['username']); $Password = md5($_POST['password']); $Mail = mysql_real_escape_string($_POST['email']); $IP = $_SERVER['REMOTE_ADDR']; if (mysql_num_rows($Database->Query("SELECT username FROM users WHERE username='******'")) > 0) { MessageHandler::HandleUserError("Sorry, but it appears that your username is already in use! " . $Database->LastQueryString); $Template->assign_block_vars('predef', array('username' => $Username, 'password' => $_POST['password'], 'email' => $Mail)); $this->Handle = "register"; return; } if ($Mail != filter_var($Mail, FILTER_VALIDATE_EMAIL)) { MessageHandler::HandleUserError("I couldn't recognize your email. Perhaps you made a typo?"); $this->Handle = "register"; return; } $Database->Query("INSERT INTO users(username,password,email,ip,registered,rank) VALUES('{$Username}','{$Password}','{$Mail}','{$IP}',CURRENT_TIMESTAMP,1)"); $Template->assign_var("username", $Username); $this->Handle = 'register_successfull'; }
public function _do() { global $Database, $Template; if (empty($_POST['username']) || empty($_POST['password'])) { MessageHandler::HandleUserError("Hmmm, mind checking if you filled all fields?"); $this->Handle = 'login'; return; } $Username = mysql_real_escape_string($_POST['username']); $Password = mysql_real_escape_string($_POST['password']); $Query = $Database->Query("SELECT * FROM users WHERE username = '******'"); if (mysql_num_rows($Query) > 0 && ($Row = mysql_fetch_array($Query))) { if ($Row['username'] == $Username && md5($Password) == $Row['password']) { $_SESSION['USERINFO'] = $Row; header("Location: " . BaseURL . "index.php"); return; } else { MessageHandler::HandleUserError("Sorry, but it appears that the password is incorrect"); } } else { MessageHandler::HandleUserError("I was unable to find a user named like that. Mind checking it?"); } $this->Handle = 'login'; }
public function Enter() { global $Database, $Template, $Character; LoggedInOnlyFeature(); if (func_num_args() < 1) { trigger_error("Invalid URL"); return; } $CharacterID = intval(func_get_arg(0)); if ($CharacterID == 0) { trigger_error("Invalid URL"); $this->Render(); return; } $CharacterQuery = $Database->Query("SELECT * FROM characters WHERE CharacterID='{$CharacterID}'"); if (mysql_num_rows($CharacterQuery) < 1) { MessageHandler::HandleUserError('Character does not exist'); $this->Render(); return; } if ($Row = mysql_fetch_array($CharacterQuery)) { $_SESSION['CharacterInfo'] = $Row; header("Location: " . BaseURL); } else { trigger_error("WTF"); } }