Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-06-15 17:24:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from Znote/master

Browse Source 
k
This commit is contained in:
Atte 2015-03-06 16:31:29 +02:00
commit 493601c143
43 changed files with 1514 additions and 1373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
LUA/TFS_10/creaturescript firstitems/firstitems.lua
View File

@ -1,77 +1,72 @@
-- With Rookgaard
--[[
local firstItems = {2050, 2382}
function onLogin(cid)
local storage = 30055 -- storage value
local sorcItems = {
2460, -- Brass helmet
2465, -- Brass armor
2190, -- Wand of vortex
2511, -- Brass shield
2478, -- Brass legs
2643, -- Leather boots
1988, -- Brown backpack
2050 -- torch
}
local druidItems = {
2460, -- Brass helmet
2465, -- Brass armor
2511, -- Brass shield
2182, -- Snakebite rod
2478, -- Brass legs
2643, -- Leather boots
1988, -- Brown backpack
2050 -- torch
}
local pallyItems = {
2460, -- Brass helmet
2465, -- Brass armor
2456, -- Bow
2478, -- Brass legs
2643, -- Leather boots
1988, -- Brown backpack
}
local kinaItems = {
2460, -- Brass helmet
2465, -- Brass armor
2511, -- Brass shield
2412, -- Katana
2478, -- Brass legs
2643, -- Leather boots
1988, -- Brown backpack
2050 -- torch
}
if getPlayerStorageValue(cid, storage) == -1 then
setPlayerStorageValue(cid, storage, 1)
if getPlayerVocation(cid) == 1 then
-- Sorcerer
for i = 1, table.getn(sorcItems), 1 do
doPlayerAddItem(cid, sorcItems[i], 1, FALSE)
end
elseif getPlayerVocation(cid) == 2 then
-- Druid
for i = 1, table.getn(druidItems), 1 do
doPlayerAddItem(cid, druidItems[i], 1, FALSE)
end
elseif getPlayerVocation(cid) == 3 then
-- Paladin
for i = 1, table.getn(pallyItems), 1 do
doPlayerAddItem(cid, pallyItems[i], 1, FALSE)
end
-- 8 arrows
doPlayerAddItem(cid, 2544, 8, FALSE)
elseif getPlayerVocation(cid) == 4 then
-- Knight
for i = 1, table.getn(kinaItems), 1 do
doPlayerAddItem(cid, kinaItems[i], 1, FALSE)
end
local player = Player(cid)
if player:getLastLoginSaved() <= 0 then
for i = 1, #firstItems do
player:addItem(firstItems[i], 1)
end
-- Common for all
doPlayerAddItem(cid, 2674, 5, FALSE) -- 5 apples
doPlayerAddItem(cid, 2120, 1, FALSE) -- 1 rope
player:addItem(player:getSex() == 0 and 2651 or 2650, 1)
player:addItem(1987, 1)
player:addItem(2674, 1)
end
return true
end
]]--
-- Without Rookgaard
local config = {
[1] = {
--equipment spellbook, wand of vortex, magician's robe, mage hat, studded legs, leather boots, scarf
items = {{2175, 1}, {2190, 1}, {8819, 1}, {8820, 1}, {2468, 1}, {2643, 1}, {2661, 1}},
--container rope, shovel, mana potion
container = {{2120, 1}, {2554, 1}, {7620, 1}}
},
[2] = {
--equipment spellbook, snakebite rod, magician's robe, mage hat, studded legs, leather boots scarf
items = {{2175, 1}, {2182, 1}, {8819, 1}, {8820, 1}, {2468, 1}, {2643, 1}, {2661, 1}},
--container rope, shovel, mana potion
container = {{2120, 1}, {2554, 1}, {7620, 1}}
},
[3] = {
--equipment dwrven shield, 5 spear, ranger's cloak, ranger legs scarf, legion helmet
items = {{2525, 1}, {2389, 5}, {2660, 1}, {8923, 1}, {2643, 1}, {2661, 1}, {2480, 1}},
--container rope, shovel, health potion, bow, 50 arrow
container = {{2120, 1}, {2554, 1}, {7618, 1}, {2456, 1}, {2544, 50}}
},
[4] = {
--equipment dwarven shield, steel axe, brass armor, brass helmet, brass legs scarf
items = {{2525, 1}, {8601, 1}, {2465, 1}, {2460, 1}, {2478, 1}, {2643, 1}, {2661, 1}},
--container jagged sword, daramian mace, rope, shovel, health potion
container = {{8602, 1}, {2439, 1}, {2120, 1}, {2554, 1}, {7618, 1}}
}
}
function onLogin(cid)
local player = Player(cid)
local targetVocation = config[player:getVocation():getId()]
if not targetVocation then
return true
end
if player:getLastLoginSaved() ~= 0 then
return true
end
for i = 1, #targetVocation.items do
player:addItem(targetVocation.items[i][1], targetVocation.items[i][2])
end
local backpack = player:addItem(1988)
if not backpack then
return true
end
for i = 1, #targetVocation.container do
backpack:addItem(targetVocation.container[i][1], targetVocation.container[i][2])
end
return true
end

4
LUA/TFS_10/creaturescript playerdeath/playerdeath.lua
View File

@ -86,11 +86,11 @@ function onDeath(cid, corpse, killer, mostDamage, unjustified, mostDamage_unjust
end
if guildKills1 >= fragLimit or guildKills2 >= fragLimit then
broadcastMessage(string.format("%s has just won the war against %s.", killerGuild:getName(), playerGuild:getName()), MESSAGE_EVENT_ADVANCE)
Game.broadcastMessage(string.format("%s has just won the war against %s.", killerGuild:getName(), playerGuild:getName()), MESSAGE_EVENT_ADVANCE)
db.query("UPDATE `guild_wars` SET `status` = 4, `ended` = " .. os.time() .. " WHERE `status` = 1 AND `id` = " .. warId)
end
end
end
end
end
end
end

5
LUA/TFS_10/other.md/powergamers.lua
View File

@ -1,6 +1,7 @@
function onThink(interval, lastExecution, thinkInterval)
if (tonumber(os.date("%d")) ~= getGlobalStorageValue(23856)) then
setGlobalStorageValue(23856, (tonumber(os.date("%d"))))
if tonumber(os.date("%d")) ~= Game.getStorageValue(23856) then
Game.setStorageValue(23856, (tonumber(os.date("%d"))))
db.query("UPDATE `znote_players` SET `onlinetime7`=`onlinetime6`, `onlinetime6`=`onlinetime5`, `onlinetime5`=`onlinetime4`, `onlinetime4`=`onlinetime3`, `onlinetime3`=`onlinetime2`, `onlinetime2`=`onlinetime1`, `onlinetime1`=`onlinetimetoday`, `onlinetimetoday`=0;")
db.query("UPDATE `znote_players` `z` INNER JOIN `players` `p` ON `p`.`id`=`z`.`player_id` SET `z`.`exphist7`=`z`.`exphist6`, `z`.`exphist6`=`z`.`exphist5`, `z`.`exphist5`=`z`.`exphist4`, `z`.`exphist4`=`z`.`exphist3`, `z`.`exphist3`=`z`.`exphist2`, `z`.`exphist2`=`z`.`exphist1`, `z`.`exphist1`=`p`.`experience`-`z`.`exphist_lastexp`, `z`.`exphist_lastexp`=`p`.`experience`;")
end

26
LUA/TFS_10/talkaction report system/adminreport.lua
View File

@ -1,21 +1,19 @@
-- <talkaction words="!report" separator=" " script="adminreport.lua"/>
-- Coded by Dark ShaoOz, modified by Znote
function onSay(cid, words, param, channel)
local storage = 6708 -- (You can change the storage if its already in use)
local delaytime = 30 -- (Exhaust In Seconds.)
local x = getPlayerPosition(cid).x -- (Do not edit this.)
local y = getPlayerPosition(cid).y -- (Do not edit this.)
local z = getPlayerPosition(cid).z -- (Do not edit this.)
if(param == '') then
doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_ORANGE, "Command param required.")
local player = Player(cid)
local storage = 6708 -- You can change the storage if its already in use
local delaytime = 30 -- Exhaust In Seconds.
if param == '' then
player:sendTextMessage(MESSAGE_STATUS_CONSOLE_ORANGE, "Command param required.")
return true
end
if (getPlayerStorageValue(cid, storage) <= os.time()) then
doPlayerSendTextMessage(cid, MESSAGE_INFO_DESCR, "Your report has been received successfully!")
db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , '" .. getPlayerName(cid) .. "', '" .. x .. "', '" .. y .. "', '" .. z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')")
setPlayerStorageValue(cid,storage,os.time()+delaytime)
if player:getStorageValue(storage) <= os.time() then
player:sendTextMessage(MESSAGE_INFO_DESCR, "Your report has been received successfully!")
db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , " .. db.escapeString(player:getName()) .. ", '" .. player:getPosition().x .. "', '" .. player:getPosition().y .. "', '" .. player:getPosition().z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')")
player:setStorageValue(storage, os.time() + delaytime)
else
doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "You have to wait "..getPlayerStorageValue(cid, storage) - os.time().." seconds to report again.")
player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have to wait " .. player:getStorageValue(storage) - os.time() .. " seconds to report again.")
end
return TRUE
end
return true
end

39
LUA/TFS_10/talkaction shopsystem/znoteshop.lua
View File

@ -2,14 +2,14 @@
function onSay(cid, words, param)
local storage = 54073 -- Make sure to select non-used storage. This is used to prevent SQL load attacks.
local cooldown = 15 -- in seconds.
if getPlayerStorageValue(cid, storage) <= os.time() then
setPlayerStorageValue(cid, storage, os.time() + cooldown)
local accid = getAccountNumberByPlayerName(getCreatureName(cid))
local player = Player(cid)
if player:getStorageValue(storage) <= os.time() then
player:setStorageValue(storage, os.time() + cooldown)
-- Create the query
local orderQuery = db.storeQuery("SELECT `id`, `type`, `itemid`, `count` FROM `znote_shop_orders` WHERE `account_id` = " .. accid .. " LIMIT 1;")
local orderQuery = db.storeQuery("SELECT `id`, `type`, `itemid`, `count` FROM `znote_shop_orders` WHERE `account_id` = " .. player:getAccountId() .. " LIMIT 1;")
-- Detect if we got any results
if orderQuery ~= false then
-- Fetch order values
@ -18,19 +18,17 @@ function onSay(cid, words, param)
local q_itemid = result.getDataInt(orderQuery, "itemid")
local q_count = result.getDataInt(orderQuery, "count")
result.free(orderQuery)
-- ORDER TYPE 1 (Regular item shop products)
if q_type == 1 then
-- Get wheight
local playerCap = getPlayerFreeCap(cid)
local itemweight = getItemWeight(q_itemid, q_count)
if playerCap >= itemweight then
db.query("DELETE FROM `znote_shop_orders` WHERE `id` = " .. q_id .. ";")
doPlayerAddItem(cid, q_itemid, q_count)
doPlayerSendTextMessage(cid, MESSAGE_INFO_DESCR, "Congratulations! You have recieved ".. q_count .." "..getItemName(q_itemid).."(s)!")
else
doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "Need more CAP!")
end
if player:getFreeCapacity() >= ItemType(q_itemid):getWeight(q_count) then
db.query("DELETE FROM `znote_shop_orders` WHERE `id` = " .. q_id .. ";")
player:addItem(q_itemid, q_count)
player:sendTextMessage(MESSAGE_INFO_DESCR, "Congratulations! You have received " .. q_count .. " x " .. ItemType(q_itemid):getName() .. "!")
else
player:sendTextMessage(MESSAGE_STATUS_WARNING, "Need more CAP!")
end
end
-- Add custom order types here
-- Type 2 is reserved for premium days and is handled on website, not needed here.
@ -39,11 +37,10 @@ function onSay(cid, words, param)
-- if q_type == 4 then
-- end
else
doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "You have no orders.")
player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have no orders.")
end
else
doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_BLUE, "Can only be executed once every "..cooldown.." seconds. Remaining cooldown: ".. getPlayerStorageValue(cid, storage) - os.time())
player:sendTextMessage(MESSAGE_STATUS_CONSOLE_BLUE, "Can only be executed once every " .. cooldown .. " seconds. Remaining cooldown: " .. player:getStorageValue(storage) - os.time())
end
return false
end
end

2
admin.php
View File

@ -50,7 +50,7 @@ if (empty($_POST) === false) {
$acc_id = user_character_account_id($_POST['reset_pass']);
if ($acc_id != $session_user_id) {
if ($config['TFSVersion'] == 'TFS_02') {
if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') {
user_change_password($acc_id, $_POST['new_pass']);
} else if ($config['TFSVersion'] == 'TFS_03') {
user_change_password03($acc_id, $_POST['new_pass']);

227
admin_helpdesk.php
View File

@ -1,124 +1,147 @@
<?php require_once 'engine/init.php'; include 'layout/overall/header.php';
<?php require_once 'engine/init.php'; include 'layout/overall/header.php';
protect_page();
admin_only($user_data);
// Declare as int
$view = (int)$_GET['view'];
if ($view){
$view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false;
if ($view !== false){
if (!empty($_POST['reply_text'])) {
sanitize($_POST['reply_text']);
sanitize($_POST['reply_text']);
// Save ticket reply on database
$query = array(
'tid' => $_GET['view'],
'username'=> $_POST['username'],
'message' => $_POST['reply_text'],
'tid' => $view,
'username'=> getValue($_POST['username']),
'message' => getValue($_POST['reply_text']),
'created' => time(),
);
$fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\'';
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`=". $_GET['view']);
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`='$view' LIMIT 1;");
}
} else if (!empty($_POST['admin_ticket_close'])) {
$ticketId = (int) $_POST['admin_ticket_id'];
mysql_update("UPDATE `znote_tickets` SET `status` = 'CLOSED' WHERE `id` ='$ticketId' LIMIT 1;");
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
} else if (!empty($_POST['admin_ticket_open'])) {
$ticketId = (int) $_POST['admin_ticket_id'];
mysql_update("UPDATE `znote_tickets` SET `status` = 'Open' WHERE `id` ='$ticketId' LIMIT 1;");
} else if (!empty($_POST['admin_ticket_delete'])) {
$ticketId = (int) $_POST['admin_ticket_id'];
mysql_delete("DELETE FROM `znote_tickets` WHERE `id`='$ticketId' LIMIT 1;");
header("Location: admin_helpdesk.php");
}
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;");
?>
<h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
echo getClock($ticketData['creation'], true);
?>
- Created by:
<?php
echo $ticketData['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($ticketData['message']); ?></p>
</td>
</tr>
</table>
<h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". addslashes((int)$_GET['view']) ."' ORDER BY `created`;");
if ($replies !== false) {
foreach($replies as $reply) {
echo getClock($ticketData['creation'], true);
?>
- Created by:
<?php
echo $ticketData['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($ticketData['message']); ?></p>
</td>
</tr>
</table>
<?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='$view' ORDER BY `created`;");
if ($replies !== false) {
foreach($replies as $reply) {
?>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
echo getClock($reply['created'], true);
?>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
echo getClock($reply['created'], true);
?>
- Posted by:
<?php
echo $reply['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($reply['message']); ?></p>
</td>
</tr>
</table>
<hr class="bighr">
<?php
}
}
?>
<form action="" method="post">
<input type="hidden" name="username" value="ADMIN"><br>
<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
<input name="" type="submit" value="Post Reply" class="btn btn-primary">
</form>
<?php
}else{
?>
<h1>Latest Tickets</h1>
- Posted by:
<?php
echo $reply['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($reply['message']); ?></p>
</td>
</tr>
</table>
<?php
}
}
?>
$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets ORDER BY creation DESC");
if ($tickets !== false) {
<!-- Open/Close Ticket -->
<table class="znoteTable ThreadTable table table-striped">
<tr>
<td>
<form action="" method="post" align="center">
<input type="hidden" name="admin_ticket_id" value="<?php echo $ticketData['id']; ?>">
<?php if ($ticketData['status'] !== 'CLOSED') { ?>
<input type="submit" name="admin_ticket_close" value="Close Ticket" class="btn btn-warning">
<?php } else { ?>
<input type="submit" name="admin_ticket_open" value="Open Ticket" class="btn btn-success">
<?php } ?>
</form>
</td>
<td>
<form action="" method="post" align="center" onClick="return confirm('Are you sure you want to delete this ticket?');">
<input type="hidden" name="admin_ticket_id" value="<?php echo $ticketData['id']; ?>">
<input type="submit" name="admin_ticket_delete" value="Delete Ticket" class="btn btn-danger">
</form>
</td>
</tr>
</table>
<?php if ($ticketData['status'] !== 'CLOSED') { ?>
<hr class="bighr">
<form action="" method="post">
<input type="hidden" name="username" value="ADMIN"><br>
<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
<input name="" type="submit" value="Post Reply" class="btn btn-primary">
</form>
<?php } ?>
<?php
} else {
?>
<h1>Latest Tickets</h1>
<?php
$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets ORDER BY creation DESC");
if ($tickets !== false) {
?>
<table>
<tr class="yellow">
<td>ID:</td>
<td>Subject:</td>
<td>Creation:</td>
<td>Status:</td>
</tr>
<table>
<tr class="yellow">
<td>ID:</td>
<td>Subject:</td>
<td>Creation:</td>
<td>Status:</td>
</tr>
<?php
foreach ($tickets as $ticket) {
echo '<tr class="special">';
echo '<td>'. $ticket['id'] .'</td>';
echo '<td><a href="admin_helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
echo '<td>'. getClock($ticket['creation'], true) .'</td>';
echo '<td>'. $ticket['status'] .'</td>';
echo '</tr>';
}
?>
</table>
<?php
foreach ($tickets as $ticket) {
echo '<tr class="special">';
echo '<td>'. $ticket['id'] .'</td>';
echo '<td><a href="admin_helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
echo '<td>'. getClock($ticket['creation'], true) .'</td>';
echo '<td>'. $ticket['status'] .'</td>';
}}
?>
</table>
<?php
} else echo 'No helpdesk tickets has been submitted.';
}
include 'layout/overall/footer.php';
?>
include 'layout/overall/footer.php';
?>

2
admin_news.php
View File

@ -41,7 +41,7 @@ if (empty($_POST) === false) {
}
?>
</select>
<input type="text" name="title" value="" placeholder="Title"><br />
<input type="text" name="title" value="" placeholder="Title"> [youtube]wK0w0x62PjA[/youtube] <br />
<textarea name="text" id="area1" cols="75" rows="10" placeholder="Contents..." style="width: 100%"></textarea><br />
<input type="submit" value="Create News">
</form>

4
admin_reports.php
View File

@ -41,9 +41,9 @@ if (!empty($_POST)) {
$customPoints = getValue($_POST['customPoints']);
$reportId = getValue($_POST['id']);
$changelogReportId = &$_POST['changelogReportId'];
$changelogReportId = (int)$_POST['changelogReportId'];
$changelogValue = &$_POST['changelogValue'];
$changelogText = &$_POST['changelogText'];
$changelogText = getValue($_POST['changelogText']);
$changelogStatus = ($changelogReportId !== false && $changelogValue === '2' && $changelogText !== false) ? true : false;
if ($customPoints !== false) $price = (int)($price + $customPoints);

2
buypoints.php
View File

@ -43,7 +43,7 @@ if ($paypal['enabled']) {
<input type="hidden" name="cancel_return" value="<?php echo $paypal['failed']; ?>">
<input type="hidden" name="rm" value="2">
<input type="hidden" name="notify_url" value="<?php echo $paypal['ipn']; ?>" />
<input type="hidden" name="custom" value="<?php echo (int)$_SESSION['user_id']; ?>">
<input type="hidden" name="custom" value="<?php echo (int)$session_user_id; ?>">
<input type="submit" value=" PURCHASE ">
</form>
</td>

60
captcha/examples/display_value.php
View File

@ -1,60 +0,0 @@
<?php
/**
* Display Value Captcha Example
* 2012-04-18
* @version 3.2RC2 (April 2012)
*
* This example shows how to use the "display_value" option in Securimage which
* allows the application to define the code that will be displayed on the
* captcha image.
*
* Note: This value is not stored in the session or database! The display_value
* parameter would be used by a 3rd party application that uses Securimage only
* to display captcha images, but generates and manages the codes independently.
*
*/
// Set debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Defines Securimage class
require_once '../securimage.php';
// Create an array of options to give to Securimage
// This example sets the captcha text to the current time
// In order to use the display_value, a captchaId must be supplied so a random one is created
// Next we set turn off some unnecessary options and set properties of captcha
// image_width makes the image wide enough to hold the time
// no_session tells Securimage not to start or use a session to store codes
// no_exit tells Securimage not to terminate after calling Securimage::show()
// use_sqlite_db tells Securimage not to use SQLite
// send_headers tells Securimage not to send HTTP headers for the image; by not
// sending headers, you can capture the output and save it to file or serve it
// to the browser
$options = array('display_value' => date('h:i:s a'),
'captchaId' => sha1(uniqid($_SERVER['REMOTE_ADDR'] . $_SERVER['REMOTE_PORT'])),
'image_width' => 250,
'no_session' => true,
'no_exit' => true,
'use_sqlite_db' => false,
'send_headers' => false);
// construct new Securimage object with the given options
$img = new Securimage($options);
// show the image using the supplied display_value
// this demonstrates how to use output buffering to capture the output
ob_start(); // start the output buffer
$img->show(); // output the image so it is captured by the buffer
$imgBinary = ob_get_contents(); // get contents of the buffer
ob_end_clean(); // turn off buffering and clear the buffer
header('Content-Type: image/png');
header('Content-Length: ' . strlen($imgBinary));
echo $imgBinary;

65
captcha/examples/securimage_show_example.php
View File

@ -1,65 +0,0 @@
<?php
/**
* Project: Securimage: A PHP class for creating and managing form CAPTCHA images<br />
* File: securimage_show_example.php<br />
*
* Copyright (c) 2012, Drew Phillips
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* Any modifications to the library should be indicated clearly in the source code
* to inform users that the changes are not a part of the original software.<br /><br />
*
* If you found this script useful, please take a quick moment to rate it.<br />
* http://www.hotscripts.com/rate/49400.html Thanks.
*
* @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
* @link http://www.phpcaptcha.org/latest.zip Download Latest Version
* @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
* @copyright 2012 Drew Phillips
* @author Drew Phillips <drew@drew-phillips.com>
* @version 3.2RC2 (April 2012)
* @package Securimage
*
*/
require_once '../securimage.php';
$img = new Securimage();
//Change some settings
$img->image_width = 250;
$img->image_height = 80;
$img->perturbation = 0.85;
$img->image_bg_color = new Securimage_Color("#f6f6f6");
$img->use_transparent_text = true;
$img->text_transparency_percentage = 30; // 100 = completely transparent
$img->num_lines = 7;
$img->line_color = new Securimage_Color("#eaeaea");
$img->image_signature = 'phpcaptcha.org';
$img->signature_color = new Securimage_Color(rand(0, 64), rand(64, 128), rand(128, 255));
$img->use_wordlist = true;
$img->show('backgrounds/bg3.jpg'); // alternate use: $img->show('/path/to/background_image.jpg');

63
captcha/examples/securimage_show_example2.php
View File

@ -1,63 +0,0 @@
<?php
/**
* Project: Securimage: A PHP class for creating and managing form CAPTCHA images<br />
* File: securimage_show_example2.php<br />
*
* Copyright (c) 2012, Drew Phillips
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* Any modifications to the library should be indicated clearly in the source code
* to inform users that the changes are not a part of the original software.<br /><br />
*
* If you found this script useful, please take a quick moment to rate it.<br />
* http://www.hotscripts.com/rate/49400.html Thanks.
*
* @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
* @link http://www.phpcaptcha.org/latest.zip Download Latest Version
* @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
* @copyright 2012 Drew Phillips
* @author Drew Phillips <drew@drew-phillips.com>
* @version 3.2RC2 (April 2012)
* @package Securimage
*
*/
require_once '../securimage.php';
$img = new Securimage();
//Change some settings
$img->image_width = 280;
$img->image_height = 100;
$img->perturbation = 0.9; // high level of distortion
$img->code_length = rand(5,6); // random code length
$img->image_bg_color = new Securimage_Color("#ffffff");
$img->num_lines = 12;
$img->noise_level = 5;
$img->text_color = new Securimage_Color("#000000");
$img->noise_color = $img->text_color;
$img->line_color = new Securimage_Color("#cccccc");
$img->show();

98
captcha/examples/static_captcha.php
View File

@ -1,98 +0,0 @@
<?php
/**
* Static Captcha Example Script
* 2012-04-18
* @version 3.2RC2 (April 2012)
*
* The static captcha exposes an easy to use interface that applications can
* use to generate captcha challenges and validate them by a unique ID. A
* captcha image can be associated with an ID and no PHP sessions are required.
* The captcha ID can be stored in a SQLite database by Securimage.
*
* Tip: To give the user a refresh captcha button, use Ajax to request a new ID,
* update the hidden form input with the new captcha ID, and update the image source
* to securimage_show.php providing the captcha ID.
*/
// set debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
// defines Securimage class
require_once '../securimage.php';
// get the captcha ID from the url (if supplied)
$captchaId = (isset($_GET['id'])) ? $_GET['id'] : '';
// if the validate option is set
if (isset($_GET['validate'])) {
// get the user input of the captcha code
$input = (isset($_GET['input'])) ? $_GET['input'] : '';
// call Securimage::checkCaptchaId to validate input
// returns true if the code and id are a valid pair, false if not
if (Securimage::checkByCaptchaId($captchaId, $input) == true) {
echo "<h2>Success</h2>"
."<span style='color: #33cc00'>The captcha code entered was correct!</span>"
."<br /><br />";
} else {
echo "<h2>Incorrect Code</h2>"
."<span style='color: #f00'>Incorrect captcha code, try again.</span>"
."<br /><br />";
}
} else if (isset($_GET['display'])) {
// display the captcha with the supplied ID from the URL
// construct options specifying the existing captcha ID
// also tell securimage not to start a session
$options = array('captchaId' => $captchaId,
'no_session' => true);
$captcha = new Securimage($options);
// show the image, this sends proper HTTP headers
$captcha->show();
exit;
}
// generate a new captcha ID and challenge
$captchaId = Securimage::getCaptchaId();
// output the captcha ID, and a form to validate it
// the form submits to itself and is validated above
echo <<<EOD
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<title>Static Captcha Example</title>
</head>
<body>
<h2>Static Captcha Example</h2>
<div>
Synopsis:
<ul>
<li>Request new captchaId using <em>Securimage::getCaptchaId()</em></li>
<li>Display form with hidden field containing captchaId</li>
<li>Display captcha image passing the captchaId to the image</li>
<li>Validate captcha input against captchaId using <em>Securimage::checkByCaptchaId()</em></li>
</ul>
</div>
<p>&nbsp;</p>
<div>
Captcha ID: $captchaId<br /><br />
<img src="{$_SERVER['PHP_SELF']}?display&amp;id=$captchaId" alt="Captcha Image" /><br />
<form method="get" action="{$_SERVER['PHP_SELF']}">
<input type="hidden" name="validate" value="1" />
<input type="hidden" name="id" value="$captchaId" />
Enter Code:
<input type="text" name="input" value="" />
<input type="submit" name="submit" value="Check Captcha" />
</form>
</div>
</body>
</html>
EOD;

6
changepassword.php
View File

@ -29,14 +29,12 @@ if (empty($_POST) === false) {
$errors[] = 'Your new passwords do not match.';
} else if (strlen($_POST['new_password']) < 6) {
$errors[] = 'Your new passwords must be at least 6 characters.';
} else if (strlen($_POST['new_password']) > 32) {
$errors[] = 'Your new passwords must be less than 33 characters.';
} else if (strlen($_POST['new_password']) > 100) {
$errors[] = 'Your new passwords must be less than 100 characters.';
}
} else {
$errors[] = 'Your current password is incorrect.';
}
print_r($errors);
}
include 'layout/overall/header.php'; ?>

156
characterprofile.php
View File

@ -51,84 +51,100 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false) {
echo 'Never.';
}
?></font></li>
?></font>
</li>
<!-- Achievement start -->
<?php if ($config['Ach'] == true) {
foreach ($achievementPoints as $achievement)
{
if ($achievement > 0) //if player doesn't have any achievement points it won't echo the line below.
echo '<tr><td>Achievement Points</td><td>' .$achievement. ' </td></tr>';
}
<?php
if ($config['Ach'] == true) {
foreach ($achievementPoints as $achievement) {
if ($achievement > 0) //if player doesn't have any achievement points it won't echo the line below.
echo '<li>Achievement Points: ' .$achievement. '</li>';
}
}
?>
<!-- Achievement end -->
<?php $houses = array();
$houses = mysql_select_multi("SELECT `id`, `owner`, `name`, `town_id` FROM `houses` WHERE `owner` = $user_id ;");
if ($houses !== false) {
$playerlist = array();
foreach ($houses as $h)
if ($h['owner'] > 0)
$playerlist[] = $h['owner'];
if ($profile_data['id'] = $h['owner']) { ?>
<li>House: <?php echo $h['name']; ?>, <?php
foreach ($config['towns'] as $key=>$value) {
if ($key == $h['town_id']) {
echo $value;
}
} ?></li>
<li><font class="profile_font" name="profile_font_status">Status:</font> <?php }}
if ($config['TFSVersion'] == 'TFS_10') {
if ($profile_data['online']) {
echo '<font class="profile_font" name="profile_font_online" color="green"><b>ONLINE</b></font>';
} else {
echo '<font class="profile_font" name="profile_font_online" color="red"><b>OFFLINE</b></font>';
}
} else {
if ($profile_data['online'] == 1) {
echo '<font class="profile_font" name="profile_font_online" color="green"><b>ONLINE</b></font>';
} else {
echo '<font class="profile_font" name="profile_font_online" color="red"><b>OFFLINE</b></font>';
<!-- Display house start -->
<?php
if ($config['TFSVersion'] !== 'TFS_02') {
$townid = ($config['TFSVersion'] === 'TFS_03') ? 'town' : 'town_id';
$houses = mysql_select_multi("SELECT `id`, `owner`, `name`, `$townid` AS `town_id` FROM `houses` WHERE `owner` = $user_id;");
if ($houses !== false) {
$playerlist = array();
foreach ($houses as $h) {
if ($h['owner'] > 0)
$playerlist[] = $h['owner'];
if ($profile_data['id'] = $h['owner']) {
?>
<li>House: <?php echo $h['name']; ?>, <?php
foreach ($config['towns'] as $key=>$value) {
if ($key == $h['town_id']) {
echo $value;
}
}
?>
</li>
<?php
}
}
?></li>
}
}
?>
<!-- Display house end -->
<li><font class="profile_font" name="profile_font_status">Status:</font> <?php
if ($config['TFSVersion'] == 'TFS_10') {
if ($profile_data['online']) {
echo '<font class="profile_font" name="profile_font_online" color="green"><b>ONLINE</b></font>';
} else {
echo '<font class="profile_font" name="profile_font_online" color="red"><b>OFFLINE</b></font>';
}
} else {
if ($profile_data['online'] == 1) {
echo '<font class="profile_font" name="profile_font_online" color="green"><b>ONLINE</b></font>';
} else {
echo '<font class="profile_font" name="profile_font_online" color="red"><b>OFFLINE</b></font>';
}
}
?>
</li>
<li><font class="profile_font" name="profile_font_created">Created: <?php echo getClock($profile_znote_data['created'], true); ?></font></li>
<li><font class="profile_font" name="profile_font_comment">Comment:</font> <br><textarea name="profile_comment_textarea" cols="70" rows="10" readonly="readonly" class="span12"><?php echo $profile_znote_data['comment']; ?></textarea></li>
<!-- Achievements start -->
<?php if ($config['Ach'] == true) { ?>
<h3 class="header-ok">Achievements</h3>
<div id="accordion">
<h3>Show/hide player achievements</h3>
<div>
<table class="table table-striped table-bordered">
<tbody>
<style>
#secondD {
margin-left:0px;
}
</style>
<?php
foreach ($config['achievements'] as $key => $achiv) {
$uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='$user_id' AND `key`='$key' LIMIT 1;");
foreach ($uery as $luery)
if (($luery) == $key)
{
if (!array_key_exists(($achiv), $config['achievements'])) {
echo '<tr><td width="17%">' .$achiv[0]. '</td><td>' .$achiv[1]. '</td>';
if ($achiv['secret'] == true) {
echo '<td><img id="secondD" src="http://img04.imgland.net/PuMz0mVqSG.gif"></td>';
echo '<td>'. $achiv['points'] .'</td>';
} else {
echo '<td></td><td>'. $achiv['points'] .'</td>';
}
echo '<tr>';
}
}
}
?>
</tbody>
</table>
</div></div>
<!-- Achievements start -->
<?php if ($config['Ach']) { ?>
<h3 class="header-ok">Achievements</h3>
<div id="accordion">
<h3>Show/hide player achievements</h3>
<div>
<table class="table table-striped table-bordered">
<tbody>
<style>
#secondD {
margin-left:0px;
}
</style>
<?php
foreach ($config['achievements'] as $key => $achiv) {
$uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='$user_id' AND `key`='$key' LIMIT 1;");
if (!empty($uery) || $uery !== false) {
foreach ($uery as $luery) {
if ($luery == $key) {
if (!array_key_exists($key, $achiv)) {
echo '<tr><td width="17%">' .$achiv[0]. '</td><td>' .$achiv[1]. '</td>';
if (!isset($achiv['secret'])) {
echo '<td><img id="secondD" src="http://img04.imgland.net/PuMz0mVqSG.gif"></td>';
}
echo '<td>'. $achiv['points'] .'</td>';
echo '<tr>';
}
}
}
}
}
?>
</tbody>
</table>
</div>
</div>
<br>
<?php } ?>
<!-- Achievements end -->

114
config.php
View File

File diff suppressed because one or more lines are too long

2
createcharacter.php
View File

@ -28,7 +28,7 @@ if (empty($_POST) === false) {
$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
}
if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) {
$errors[] = 'Your character name must be between 4 - 20 characters long.';
$errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
}
// name restriction
$resname = explode(" ", $_POST['name']);

4
engine/database/connect.php
View File

@ -30,6 +30,8 @@ CREATE TABLE IF NOT EXISTS `znote_accounts` (
`created` int(10) NOT NULL,
`points` int(10) DEFAULT 0,
`cooldown` int(10) DEFAULT 0,
`active` tinyint(4) NOT NULL DEFAULT '0',
`activekey` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
@ -121,7 +123,7 @@ CREATE TABLE IF NOT EXISTS `znote_shop` (
`type` int(11) NOT NULL,
`itemid` int(11) DEFAULT NULL,
`count` int(11) NOT NULL DEFAULT '1',
`describtion` varchar(255) NOT NULL,
`description` varchar(255) NOT NULL,
`points` int(11) NOT NULL DEFAULT '10',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

12
engine/function/general.php
View File

@ -1,4 +1,12 @@
<?php
function setSession($key, $data) {
global $sessionPrefix;
$_SESSION[$sessionPrefix.$key] = $data;
}
function getSession($key) {
global $sessionPrefix;
return (isset($_SESSION[$sessionPrefix.$key])) ? $_SESSION[$sessionPrefix.$key] : false;
}
// Fetch and sanitize POST and GET values
function getValue($value) {
return (!empty($value)) ? sanitize($value) : false;
@ -152,7 +160,7 @@ function znote_visitor_insert_detailed_data($type) {
$time = time();
$ip = ip2long(getIP());
if (user_logged_in()) {
$acc = $_SESSION['user_id'];
$acc = (int)getSession('user_id');
mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '$acc')");
} else mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '0')");
}
@ -495,7 +503,7 @@ function check_image($image) {
// Check guild logo
function logo_exists($guild) {
$guild = sanitize($guild);
if (file_exists('engine/guildimg/'.$guild.'.gif')) {
echo'engine/guildimg/'.$guild.'.gif';

93
engine/function/mail.php Normal file
View File

@ -0,0 +1,93 @@
<?php
class Mail {
protected $_config = false;
/**
* @param array $config
* @access public
* @return void
**/
public function __construct($config) {
$this->_config = $config;
}
/**
* Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!).
*
* @param string $to, string $title, string $text, string $accname
* @access public
* @return boolean
**/
public function sendMail($to, $title, $text, $accname = '') {
//SMTP needs accurate times, and the PHP time zone MUST be set
//This should be done in your php.ini, but this is how to do it if you don't have access to that
//date_default_timezone_set('Etc/UTC');
require 'PHPMailer/PHPMailerAutoload.php';
//Create a new PHPMailer instance
$mail = new PHPMailer();
//Tell PHPMailer to use SMTP
$mail->isSMTP();
//Enable SMTP debugging
// 0 = off (for production use)
// 1 = client messages
// 2 = client and server messages
$mail->SMTPDebug = ($this->_config['debug']) ? 2 : 0;
//Ask for HTML-friendly debug output
$mail->Debugoutput = 'html';
//Set the hostname of the mail server
$mail->Host = $this->_config['host'];
//Set the SMTP port number - likely to be 25, 465 or 587
$mail->Port = $this->_config['port'];
//Whether to use SMTP authentication
$mail->SMTPAuth = true;
$mail->SMTPSecure = $this->_config['securityType'];
//Username to use for SMTP authentication
$mail->Username = $this->_config['username'];
//Password to use for SMTP authentication
$mail->Password = $this->_config['password'];
//Set who the message is to be sent from
$mail->setFrom($this->_config['username'], $this->_config['fromName']);
//Set who the message is to be sent to
$mail->addAddress($to, $accname);
//Set the subject line
$mail->Subject = $title;
// Body
$mail->Body = $text;
// Convert HTML -> plain for legacy mail recievers
// Create new lines instead of <br> html tags.
$text = str_replace("<br>", "\n", $text);
$text = str_replace("<br\>", "\n", $text);
$text = str_replace("<br \>", "\n", $text);
// Then get rid of the rest of the html tags.
$text = strip_tags($text);
//Replace the plain text body with one created manually
$mail->AltBody = $text;
//send the message, check for errors
$status = false;
if (!$mail->send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
exit();
} else {
$status = true;
}
return $status;
}
}

81
engine/function/users.php
View File

@ -241,7 +241,7 @@ function shop_account_gender_tickets($accid) {
//
function guild_remove_member($cid) {
$cid = (int)$cid;
mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid");
mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid");
}
function guild_remove_member_10($cid) {
$cid = (int)$cid;
@ -330,7 +330,7 @@ function guild_delete($gid) {
// Player leave guild
function guild_player_leave($cid) {
$cid = (int)$cid;
mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid LIMIT 1;");
mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid LIMIT 1;");
}
function guild_player_leave_10($cid) {
$cid = (int)$cid;
@ -409,6 +409,27 @@ function update_player_guild_position_10($cid, $rid) {
mysql_update("UPDATE `guild_membership` SET `rank_id`='$rid' WHERE `player_id`=$cid");
}
// Update player's guild nick
function update_player_guildnick($cid, $nick) {
$cid = (int)$cid;
$nick = sanitize($nick);
if (!empty($nick)) {
mysql_update("UPDATE `players` SET `guildnick`='$nick' WHERE `id`=$cid");
} else {
mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid");
}
}
function update_player_guildnick_10($cid, $nick) {
$cid = (int)$cid;
$nick = sanitize($nick);
if (!empty($nick)) {
mysql_update("UPDATE `guild_membership` SET `nick`='$nick' WHERE `player_id`=$cid");
} else {
mysql_update("UPDATE `guild_membership` SET `nick`= NULL WHERE `player_id`=$cid");
}
}
// Get guild data, using guild id.
function get_guild_rank_data($gid) {
$gid = (int)$gid;
@ -422,7 +443,7 @@ function create_guild($cid, $name) {
$time = time();
// Create the guild
mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', 'The guild has been created!');");
mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', '');");
// Get guild id
$gid = get_guild_id($name);
@ -505,8 +526,23 @@ function get_guilds_list() {
// Get array of player data related to a guild.
function get_guild_players($gid) {
$gid = (int)$gid; // Sanitizing the parameter id
if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;");
else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name");
if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.guildnick, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;");
else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gm.nick AS `guildnick`, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name");
}
// Get guild level data (avg level, total level, count of players)
function get_guild_level_data($gid) {
$gid = (int)$gid;
$data = (config('TFSVersion') !== 'TFS_10') ? mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid';") : mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name;");
$members = 0;
$totallevels = 0;
if ($data !== false) {
foreach ($data as $player) {
$members++;
$totallevels += $player['level'];
}
return array('avg' => (int)($totallevels / $members), 'total' => $totallevels, 'players' => $members);
} else return false;
}
// Returns total members in a guild (integer)
@ -772,7 +808,7 @@ function user_delete_character_soft($char_id) {
$char_name = user_character_name($char_id);
$original_acc_id = user_character_account_id($char_name);
if(!user_character_pending_delete($char_name))
mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . Config('delete_character_interval') . '), 0)');
mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . config('delete_character_interval') . '), 0)');
else
return false;
}
@ -994,7 +1030,7 @@ function user_update_account($update_data) {
$update[] = '`'. $field .'` = \''. $data .'\'';
}
$user_id = sanitize($_SESSION['user_id']);
$user_id = (int)getSession('user_id');
mysql_update("UPDATE `accounts` SET ". implode(', ', $update) ." WHERE `id`=". $user_id .";");
}
@ -1008,7 +1044,7 @@ function user_update_znote_account($update_data) {
$update[] = '`'. $field .'` = \''. $data .'\'';
}
$user_id = sanitize($_SESSION['user_id']);
$user_id = (int)getSession('user_id');
mysql_update("UPDATE `znote_accounts` SET ". implode(', ', $update) ." WHERE `account_id`=". $user_id .";");
}
@ -1042,7 +1078,7 @@ function user_character_set_hide($char_id, $value) {
}
// CREATE ACCOUNT
function user_create_account($register_data) {
function user_create_account($register_data, $maildata) {
array_walk($register_data, 'array_sanitize');
if (config('TFSVersion') == 'TFS_03' && config('salt') === true) {
@ -1064,10 +1100,25 @@ function user_create_account($register_data) {
mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)");
$account_id = user_id($register_data['name']);
mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')");
$activeKey = rand(100000000,999999999);
mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('$account_id', '$ip', '$created', '$activeKey')");
//TO-DO: mail server and verification.
// http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/
if ($maildata['register']) {
$thisurl = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$thisurl .= "?authenticate&u=".$account_id."&k=".$activeKey;
$mailer = new Mail($maildata);
$title = "Please authenticate your account at $_SERVER[HTTP_HOST].";
$body = "<h1>Please click on the following link to authenticate your account:</h1>";
$body .= "<p><a href='$thisurl'>$thisurl</a></p>";
$body .= "<p>Thank you for registering and enjoy your stay at $maildata[fromName].</p>";
$body .= "<hr><p>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
$mailer->sendMail($register_data['email'], $title, $body, $register_data['name']);
}
}
// CREATE CHARACTER
@ -1197,7 +1248,7 @@ function user_count_accounts() {
*/
function user_character_data($user_id) {
$data = array();
$user_id = sanitize($user_id);
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
@ -1449,7 +1500,7 @@ function user_login_03($username, $password) {
// Verify that user is logged in
function user_logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
return (getSession('user_id') !== false) ? true : false;
}
function guild_war_invitation($cid, $gid) {
@ -1481,4 +1532,4 @@ function cancel_war_invitation($cid, $gid) {
mysql_update("UPDATE `guild_wars` SET `status` = 3, `ended` = '$time' WHERE `guild2` = '$cid' AND `guild1` = '$gid';");
}
?>
?>

53
engine/init.php
View File

@ -1,7 +1,4 @@
<?php
// Verify the PHP version, gives tutorial if fail.
if (version_compare(phpversion(), '5.3.3', '<')) die('PHP 5.3.3 is required<br><br>WINDOWS:<br>Download and use the latest Uniform Server.<br><a href="http://www.uniformserver.com/">CLICK ME</a> to get to their website. <br> XAMPP sucks and is insecure. Kthxbye.<br><br>LINUX DEBIAN:<br>Edit /etc/apt/sources.list<br>etc if you use nano text editor, make sure you are root and do<br>nano /etc/apt/sources.list<br><br>At the bottom, add this:<br><br>deb http://packages.dotdeb.org stable all<br>deb-src http://packages.dotdeb.org stable all<br><br>save file. <br><br>Then in terminal, do these 2 commands:<br>gpg --keyserver keys.gnupg.net --recv-key 89DF5277<br><br>gpg -a --export 89DF5277 | sudo apt-key add -<br><br>And then do these 2 commands:<br><br>apt-get update<br>apt-get upgrade<br><br>You now have the latest stable PHP version.<br>');
<?php if (version_compare(phpversion(), '5.3.3', '<')) die('PHP version 5.3.3 or higher is required.');
$time = time();
$version = '1.5_SVN';
@ -11,34 +8,33 @@ $accQueriesData = array();
session_start();
ob_start();
require 'config.php';
require_once 'config.php';
$sessionPrefix = $config['session_prefix'];
if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) {
$curlcheck = function_exists('curl_version') ? true : false;
if (!$curlcheck) die("php cURL is not enabled. It is required to for paypal and ZEOTSS services.<br>1. Find your php.ini file.<br>2. Uncomment extension=php_curl<br>Restart web server.<br><br><b>If you don't want this then disable zeotss and paypal in config.php.</b>");
}
require 'database/connect.php';
require 'function/general.php';
require 'function/users.php';
require 'function/cache.php';
require 'function/token.php';
require 'function/itemparser/itemlistparser.php';
require_once 'database/connect.php';
require_once 'function/general.php';
require_once 'function/users.php';
require_once 'function/cache.php';
require_once 'function/mail.php';
require_once 'function/token.php';
require_once 'function/itemparser/itemlistparser.php';
if (isset($_SESSION['token'])) {
$_SESSION['old_token'] = $_SESSION['token'];
//var_dump($_SESSION['old_token'], $_SESSION['token']);
}
Token::generate();
if (user_logged_in() === true) {
$session_user_id = $_SESSION['user_id'];
$session_user_id = getSession('user_id');
$user_data = user_data($session_user_id, 'id', 'name', 'password', 'email', 'premdays');
$user_znote_data = user_znote_account_data($session_user_id, 'ip', 'created', 'points', 'cooldown');
}
$errors = array();
// Log IP
if ($config['log_ip']) {
$visitor_config = $config['ip_security'];
@ -113,4 +109,31 @@ if ($config['log_ip']) {
//var_dump($v_activity, $v_register, $v_highscore, $v_c_char, $v_s_char, $v_form);
//echo ' <--- IP logging activity past 10 seconds.';
}
// Sub page override system
if ($config['allowSubPages']) {
require_once 'layout/sub.php';
$filename = explode('/', $_SERVER['PHP_SELF']);
$filename = $filename[count($filename)-1];
if (isset($subpages) && !empty($subpages)) {
foreach ($subpages as $page) {
if ($page['override'] && $page['file'] === $filename) {
require_once 'layout/overall/header.php';
require_once 'layout/sub/'.$page['file'];
require_once 'layout/overall/footer.php';
exit;
}
}
} else {
?>
<div style="background-color: white; padding: 20px; width: 100%; float:left;">
<h2 style="color: black;">Old layout!</h2>
<p style="color: black;">The layout is running an outdated sub system which is not compatible with this version of Znote AAC.</p>
<p style="color: black;">The file /layout/sub.php is outdated.
<br>Please update it to look like <a style="color: orange;" target="_BLANK" href="https://github.com/Znote/ZnoteAAC/blob/master/layout/sub.php">THIS.</a>
</p>
</div>
<?php
}
}
?>

1
forum.php
View File

@ -23,6 +23,7 @@ function TransformToBBCode($string) {
'[link={$1}]{$2}[/link]' => '<a href="$1" target="_BLANK">$2</a>',
'[color={$1}]{$2}[/color]' => '<font color="$1">$2</font>',
'[*]{$1}[/*]' => '<li>$1</li>',
'[youtube]{$1}[/youtube]' => '<div class="youtube"><div class="aspectratio"><iframe src="//www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe></div></div>',
);
foreach ($tags as $tag => $value) {

4
gallery.php
View File

@ -9,7 +9,7 @@ if ($logged_in === true) {
<form action="" method="post">
Image URL:<br /><input type="text" name="image" size="70"><br />
Image Title:<br /><input type="text" name="title" size="70"><br />
Image Describtion:<br /><textarea name="desc" cols="55" rows="15"></textarea><br />
Image Description:<br /><textarea name="desc" cols="55" rows="15"></textarea><br />
<input type="submit" name="Submit" value="Post Image Article">
</form>
<?php
@ -101,5 +101,5 @@ echo $url;
$url = explode("!", $url);
<a href="<?php echo 'http://'. $url[0] .'.imgland.net/'. $url[1] .'.'. $url[2]; ?>"><img src="<?php echo 'http://'. $url[0] .'.imgland.net/'. $url[1] .'.'. $url[2]; ?>" width="650"/></a>
echo time();
//insertImage(2, "Yaay!", "Super describtion!", "1!pxpmul!jpg");
//insertImage(2, "Yaay!", "Super description!", "1!pxpmul!jpg");
*/?>

120
guilds.php
View File

@ -1,6 +1,26 @@
<?php require_once 'engine/init.php';
if ($config['require_login']['guilds']) protect_page();
$isOtx = ($config['CustomVersion'] == 'OTX') ? true : false;
function guild_list($TFSVersion) {
$cache = new Cache('engine/cache/guildlist');
if ($cache->hasExpired()) {
if ($TFSVersion != 'TFS_10') $guilds = mysql_select_multi("SELECT `t`.`id`, `t`.`name`, `t`.`creationdata`, `motd`, (SELECT count(p.rank_id) FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id =`t`.`id`) AS `total` FROM `guilds` as `t` ORDER BY `t`.`name`;");
else $guilds = mysql_select_multi("SELECT `id`, `name`, `creationdata`, `motd`, (SELECT COUNT('guild_id') FROM `guild_membership` WHERE `guild_id`=`id`) AS `total` FROM `guilds` ORDER BY `name`;");
// Add level data info to guilds
if ($guilds !== false)
for ($i = 0; $i < count($guilds); $i++)
$guilds[$i]['level'] = get_guild_level_data($guilds[$i]['id']);
$cache->setContent($guilds);
$cache->save();
} else {
$guilds = $cache->load();
}
return $guilds;
}
include 'layout/overall/header.php';
if (user_logged_in() === true) {
@ -21,31 +41,42 @@ if (user_logged_in() === true) {
if (empty($_GET['name'])) {
// Display the guild list
?>
<h1>Guild List:</h1>
<?php
//data_dump($guild, false, "guild data");
if ($config['TFSVersion'] != 'TFS_10') $guilds = mysql_select_multi("SELECT `t`.`id`, `t`.`name`, `t`.`creationdata`, (SELECT count(p.rank_id) FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id =`t`.`id`) AS `total` FROM `guilds` as `t` ORDER BY `t`.`name`;");
else $guilds = mysql_select_multi("SELECT `id`, `name`, `creationdata`, (SELECT COUNT('guild_id') FROM `guild_membership` WHERE `guild_id`=`id`) AS `total` FROM `guilds` ORDER BY `name`;");
if ($guilds !== false) {
$guilds = guild_list($config['TFSVersion']);
if (isset($guilds) && !empty($guilds) && $guilds !== false) {
//data_dump($guilds, false, "Guilds");
?>
<table id="guildsTable" class="table table-striped table-hover">
<tr class="yellow">
<th>Guild name:</th>
<th>Members:</th>
<th>Founded:</th>
<th>Logo</th>
<th>Description</th>
<th>Guild data</th>
<!-- <th>Founded:</th> -->
</tr>
<?php
foreach ($guilds as $guild) {
if ($guild['total'] >= 1) {
$url = url("guilds.php?name=". $guild['name']);
echo '<tr class="special" onclick="javascript:window.location.href=\'' . $url . '\'">';
echo '<td>'. $guild['name'] .'</td>';
echo '<td>'. $guild['total'] .'</td>';
echo '<td>'. getClock($guild['creationdata'], true) .'</td>';
echo '</tr>';
?>
<tr class="special" onclick="javascript:window.location.href='<?php echo $url; ?>'">
<td style="width: 100px;">
<img style="max-height: 100px; margin: auto; display: block;" src="<?php logo_exists($guild['name']); ?>">
</td>
<td>
<b><?php echo $guild['name']; ?></b>
<?php if (strlen($guild['motd']) > 0) echo '<br>'.$guild['motd']; ?>
</td>
<td>
<?php echo "Total members: ".$guild['level']['players']; ?>
<br><?php echo "Average level: ".$guild['level']['avg'].""; ?>
<br><?php echo "Guild level: ".$guild['level']['total']; ?>
</td>
</tr>
<?php
//echo '<td>'. getClock($guild['creationdata'], true) .'</td>';
}
}
?>
@ -87,6 +118,8 @@ if (user_logged_in() === true) {
$gid = get_guild_id($guildname);
if ($gid === false) {
create_guild($user_id, $guildname);
// Re-cache the guild list
$guilds = guild_list($config['TFSVersion']);
header('Location: success.php');
exit();
} else echo 'A guild with that name already exist.';
@ -176,7 +209,7 @@ if (user_logged_in() === true) {
<?php echo (isset($_GET['error'])) ? "<font size='5' color='red'>".sanitize($_GET['error'])."</font><br><br>" : ""; ?>
<?php if ($config['use_guild_logos']): ?>
<div id="guildImageDiv" style="float: left; margin-right: 10px;">
<img style="max-width: 100px; max-height: 100px;" src="<?php logo_exists(sanitize($_GET['name'])); ?>"></img>
<img style="max-width: 100px; max-height: 100px;" src="<?php logo_exists(sanitize($_GET['name'])); ?>">
</div>
<?php endif; ?>
<div id="guildDescription">
@ -206,13 +239,19 @@ if (user_logged_in() === true) {
}
}
//data_dump($players, false, "Data");
$rankName = '';
foreach ($players as $player) {
if ($config['TFSVersion'] !== 'TFS_10') {
$chardata['online'] = $player['online'];
} else $chardata['online'] = (in_array($player['id'], $onlinelist)) ? 1 : 0;
echo '<tr>';
echo '<td>'. $player['rank_name'] .'</td>';
echo '<td><a href="characterprofile.php?name='. $player['name'] .'">'. $player['name'] .'</a></td>';
echo '<td>' . ($rankName !== $player['rank_name'] ? $player['rank_name'] : '') . '</td>';
$rankName = $player['rank_name'];
echo '<td><a href="characterprofile.php?name='. $player['name'] .'">'. $player['name'] .'</a>';
if (!empty($player['guildnick'])) {
echo ' ('. $player['guildnick'] .')';
}
echo '</td>';
echo '<td>'. $player['level'] .'</td>';
echo '<td>'. $config['vocations'][$player['vocation']] .'</td>';
if ($chardata['online'] == 1) echo '<td> <b><font color="green"> Online </font></b></td>';
@ -341,6 +380,26 @@ if (user_logged_in() === true) {
if ($highest_access >= 2) {
// Guild leader stuff
// Change Guild Nick
if (!empty($_POST['player_guildnick'])) {
$p_cid = user_character_id($_POST['player_guildnick']);
$p_guild = get_player_guild_data($p_cid);
if (preg_match("/^[a-zA-Z_ ]+$/", $_POST['guildnick']) || empty($_POST['guildnick'])) {
// Only allow normal symbols as guild nick
$p_nick = sanitize($_POST['guildnick']);
if ($p_guild['guild_id'] == $gid) {
if ($config['TFSVersion'] !== 'TFS_10') $chardata = user_character_data($p_cid, 'online');
else $chardata['online'] = (user_is_online_10($p_cid)) ? 1 : 0;
if ($chardata['online'] == 0) {
if ($config['TFSVersion'] !== 'TFS_10') update_player_guildnick($p_cid, $p_nick);
else update_player_guildnick_10($p_cid, $p_nick);
header('Location: guilds.php?name='. $_GET['name']);
exit();
} else echo '<font color="red" size="4">Character not offline.</font>';
}
} else echo '<font color="red" size="4">Character guild nick may only contain a-z, A-Z and spaces.</font>';
}
// Promote character to guild position
if (!empty($_POST['promote_character']) && !empty($_POST['promote_position'])) {
// Verify that promoted character is from this guild.
@ -617,6 +676,33 @@ if ($highest_access >= 2) {
</li>
</ul>
</form>
<!-- FORMS TO CHANGE GUILD NICK -->
<form action="" method="post">
<ul>
<li>
Change Guild Nick:<br>
<select name="player_guildnick">
<?php
//$gid = get_guild_id($_GET['name']);
//$players = get_guild_players($gid);
foreach ($players as $player) {
$pl_data = get_player_guild_data(user_character_id($player['name']));
if ($pl_data['rank_level'] != 3) {
echo '<option value="'. $player['name'] .'">'. $player['name'] .'</option>';
} else {
if ($highest_access == 3) {
echo '<option value="'. $player['name'] .'">'. $player['name'] .'</option>';
}
}
}
?>
</select>
<input type="text" name="guildnick" maxlength="15" placeholder="leave blank to erase">
<input type="submit" value="Change Nick">
</li>
</ul>
</form>
<!-- END FORMS TO CHANGE GUILD NICK -->
<?php if ($members > 1) { ?>
<!-- FORMS TO PROMOTE CHARACTER-->
<form action="" method="post">

433
helpdesk.php
View File

@ -1,243 +1,232 @@
<?php
require_once 'engine/init.php';
if (user_logged_in() === false) {
header('Location: register.php');
}
include 'layout/overall/header.php';
$view = (int)$_GET['view'];
if ($view) {
$view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false;
if ($view !== false) {
if (!empty($_POST['reply_text'])) {
sanitize($_POST['reply_text']);
// Save ticket reply on database
$query = array(
'tid' => $_GET['view'],
'username'=> $_POST['username'],
'message' => $_POST['reply_text'],
'tid' => $view,
'username'=> getValue($_POST['username']),
'message' => getValue($_POST['reply_text']),
'created' => time(),
);
$fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`='$view' LIMIT 1;");
}
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;");
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`=". $_GET['view']);
}
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
if($ticketData['owner'] != $session_user_id){
echo 'You can not view this ticket!';
die;
}
if($ticketData['owner'] != $session_user_id) {
echo 'You can not view this ticket!';
include 'layout/overall/footer.php';
die;
}
?>
<h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
echo getClock($ticketData['creation'], true);
?>
- Created by:
<?php
echo $ticketData['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($ticketData['message']); ?></p>
</td>
</tr>
</table>
<h1>View Ticket #
<?php
echo $ticketData['id'];
if ($ticketData['status'] === 'CLOSED') {
echo '<span style="color:red">[CLOSED]</SPAN>';
}
?></h1>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". (int)$_GET['view'] ."' ORDER BY `created`;");
if ($replies !== false) {
foreach($replies as $reply) {
?>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
echo getClock($reply['created'], true);
?>
- Posted by:
<?php
echo $reply['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($reply['message']); ?></p>
</td>
</tr>
</table>
<hr class="bighr">
<?php
}
}
?>
<form action="" method="post">
<input type="hidden" name="username" value="<?php echo $ticketData['username']; ?>"><br>
<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
<input name="" type="submit" value="Post Reply" class="btn btn-primary">
</form>
<?php
}else{
$account = mysql_select_single("SELECT name,email FROM accounts WHERE id = $session_user_id");
if (empty($_POST) === false) {
// $_POST['']
$required_fields = array('username', 'email', 'subject', 'message');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You need to fill in all fields.';
break 1;
}
}
// check errors (= user exist, pass long enough
if (empty($errors) === true) {
/* Token used for cross site scripting security */
if (!Token::isValid($_POST['token'])) {
$errors[] = 'Token is invalid.';
}
if ($config['use_captcha']) {
include_once 'captcha/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
$errors[] = 'Captcha image verification was submitted wrong.';
}
}
if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
}
}
}
?>
<h1>Latest Tickets</h1>
<?php
$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets WHERE owner=$session_user_id ORDER BY creation DESC");
if ($tickets !== false) {
?>
<table>
<tr class="yellow">
<td>ID:</td>
<td>Subject:</td>
<td>Creation:</td>
<td>Status:</td>
</tr>
<?php
foreach ($tickets as $ticket) {
echo '<tr class="special">';
echo '<td>'. $ticket['id'] .'</td>';
echo '<td><a href="helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
echo '<td>'. getClock($ticket['creation'], true) .'</td>';
echo '<td>'. $ticket['status'] .'</td>';
}}
?>
</table>
<h1>Helpdesk</h1>
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Congratulations! Your ticket has been created. We will reply up to 24 hours.';
} else {
if (empty($_POST) === false && empty($errors) === true) {
if ($config['log_ip']) {
znote_visitor_insert_detailed_data(1);
}
//Save ticket on database
$query = array(
'owner' => $session_user_id,
'username'=> $_POST['username'],
'subject' => $_POST['subject'],
'message' => $_POST['message'],
'ip' => ip2long(getIP()),
'creation' => time(),
'status' => 'Open'
);
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)");
header('Location: helpdesk.php?success');
exit();
} else if (empty($errors) === false){
echo '<font color="red"><b>';
echo output_errors($errors);
echo '</b></font>';
}
?>
<form action="" method="post">
<ul>
<li>
Account Name:<br>
<input type="text" name="username" size="40" value="<?php echo $account['name']; ?>" disabled>
</li>
<li>
Email:<br>
<input type="text" name="email" size="40" value="<?php echo $account['email']; ?>" disabled>
</li>
<li>
Subject:<br>
<input type="text" name="subject" size="40">
</li>
<li>
Message:<br>
<textarea name="message" rows="7" cols="30"></textarea>
</li>
<?php
if ($config['use_captcha']) {
echo getClock($ticketData['creation'], true);
?>
- Created by:
<?php
echo $ticketData['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($ticketData['message']); ?></p>
</td>
</tr>
</table>
<?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='$view' ORDER BY `created`;");
if ($replies !== false) {
foreach($replies as $reply) {
?>
<table class="znoteTable ThreadTable table table-striped">
<tr class="yellow">
<th>
<?php
echo getClock($reply['created'], true);
?>
- Posted by:
<?php
echo $reply['username'];
?>
</th>
</tr>
<tr>
<td>
<p><?php echo nl2br($reply['message']); ?></p>
</td>
</tr>
</table>
<hr class="bighr">
<?php
}
}
?>
<?php if ($ticketData['status'] !== 'CLOSED') { ?>
<form action="" method="post">
<input type="hidden" name="username" value="<?php echo $ticketData['username']; ?>"><br>
<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
<input name="" type="submit" value="Post Reply" class="btn btn-primary">
</form>
<?php } ?>
<?php
} else {
$account = mysql_select_single("SELECT name,email FROM accounts WHERE id = $session_user_id");
if (!empty($_POST)) {
$required_fields = array('username', 'email', 'subject', 'message');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You need to fill in all fields.';
break 1;
}
}
// check errors (= user exist, pass long enough
if (empty($errors) === true) {
/* Token used for cross site scripting security */
if (!Token::isValid($_POST['token'])) {
$errors[] = 'Token is invalid.';
}
if ($config['use_captcha']) {
include_once 'captcha/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
$errors[] = 'Captcha image verification was submitted wrong.';
}
}
// Reversed this if, so: first check if you need to validate, then validate.
if ($config['validate_IP'] === true && validate_ip(getIP()) === false) {
$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
}
}
}
?>
<h1>Latest Tickets</h1>
<?php
$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets WHERE owner=$session_user_id ORDER BY creation DESC");
if ($tickets !== false) {
?>
<table>
<tr class="yellow">
<td>ID:</td>
<td>Subject:</td>
<td>Creation:</td>
<td>Status:</td>
</tr>
<?php
foreach ($tickets as $ticket) {
echo '<tr class="special">';
echo '<td>'. $ticket['id'] .'</td>';
echo '<td><a href="helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
echo '<td>'. getClock($ticket['creation'], true) .'</td>';
echo '<td>'. $ticket['status'] .'</td>';
echo '</tr>';
}
?>
</table>
<?php
}
?>
<h1>Helpdesk</h1>
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Congratulations! Your ticket has been created. We will reply up to 24 hours.';
} else {
if (empty($_POST) === false && empty($errors) === true) {
if ($config['log_ip']) {
znote_visitor_insert_detailed_data(1);
}
//Save ticket on database
$query = array(
'owner' => $session_user_id,
'username'=> getValue($_POST['username']),
'subject' => getValue($_POST['subject']),
'message' => getValue($_POST['message']),
'ip' => ip2long(getIP()),
'creation' => time(),
'status' => 'Open'
);
$fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)");
header('Location: helpdesk.php?success');
exit();
} else if (empty($errors) === false) {
echo '<font color="red"><b>';
echo output_errors($errors);
echo '</b></font>';
}
?>
<form action="" method="post">
<ul>
<li>
<b>Write the image symbols in the text field to verify that you are a human:</b>
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
Account Name:<br>
<input type="text" name="username" size="40" value="<?php echo $account['name']; ?>" disabled>
</li>
<li>
Email:<br>
<input type="text" name="email" size="40" value="<?php echo $account['email']; ?>" disabled>
</li>
<li>
Subject:<br>
<input type="text" name="subject" size="40">
</li>
<li>
Message:<br>
<textarea name="message" rows="7" cols="30"></textarea>
</li>
<?php
}
?>
<?php
/* Form file */
Token::create();
?>
<li>
<input type="hidden" name="username" value="<?php echo $account['name']; ?>">
<input type="submit" value="Submit ticket">
</li>
</ul>
</form>
<?php
}}
if ($config['use_captcha']) {
?>
<li>
<b>Write the image symbols in the text field to verify that you are a human:</b>
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
</li>
<?php
}
?>
<?php
/* Form file */
Token::create();
?>
<li>
<input type="hidden" name="username" value="<?php echo $account['name']; ?>">
<input type="submit" value="Submit ticket">
</li>
</ul>
</form>
<?php
}
}
include 'layout/overall/footer.php';
?>
?>

1
index.php
View File

@ -63,6 +63,7 @@
'[link={$1}]{$2}[/link]' => '<a href="$1" target="_BLANK">$2</a>',
'[color={$1}]{$2}[/color]' => '<font color="$1">$2</font>',
'[*]{$1}[/*]' => '<li>$1</li>',
'[youtube]{$1}[/youtube]' => '<div class="youtube"><div class="aspectratio"><iframe src="//www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe></div></div>',
);
foreach ($tags as $tag => $value) {
$code = preg_replace('/placeholder([0-9]+)/', '(.*?)', preg_quote(preg_replace('/\{\$([0-9]+)\}/', 'placeholder$1', $tag), '/'));

9
ipn.php
View File

@ -1,4 +1,7 @@
<?php
if (gethostbyaddr($_SERVER['REMOTE_ADDR']) !== 'notify.paypal.com') {
exit();
}
// Require the functions to connect to database and fetch config values
require 'config.php';
@ -65,9 +68,9 @@
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];
$txn_id = getValue($_POST['txn_id']);
$receiver_email = getValue($_POST['receiver_email']);
$payer_email = getValue($_POST['payer_email']);
$custom = (int)$_POST['custom'];
$connectedIp = $_SERVER['REMOTE_ADDR'];

39
killers.php
View File

@ -85,7 +85,6 @@ if ($latests) {
} else echo 'No player kills exist.';
} else if ($config['TFSVersion'] == 'TFS_03') {
/////////
$cache = new Cache('engine/cache/killers');
if ($cache->hasExpired()) {
$deaths = fetchLatestDeaths_03(30, true);
@ -94,25 +93,25 @@ if ($latests) {
} else {
$deaths = $cache->load();
}
?>
<h1>Latest Killers</h1>
<table id="deathsTable" class="table table-striped">
<tr class="yellow">
<th>Killer</th>
<th>Time</th>
<th>Victim</th>
</tr>
<?php foreach ($deaths as $death) {
echo '<tr>';
echo "<td><a href='characterprofile.php?name=". $death['killed_by'] ."'>". $death['killed_by'] ."</a></td>";
echo "<td>". getClock($death['time'], true) ."</td>";
echo "<td>At level ". $death['level'] .": <a href='characterprofile.php?name=". $death['victim'] ."'>". $death['victim'] ."</a></td>";
echo '</tr>';
} ?>
</table>
<?php
/////////
if ($deaths && !empty($deaths)) {
?>
<h1>Latest Killers</h1>
<table id="deathsTable" class="table table-striped">
<tr class="yellow">
<th>Killer</th>
<th>Time</th>
<th>Victim</th>
</tr>
<?php foreach ($deaths as $death) {
echo '<tr>';
echo "<td><a href='characterprofile.php?name=". $death['killed_by'] ."'>". $death['killed_by'] ."</a></td>";
echo "<td>". getClock($death['time'], true) ."</td>";
echo "<td>At level ". $death['level'] .": <a href='characterprofile.php?name=". $death['victim'] ."'>". $death['victim'] ."</a></td>";
echo '</tr>';
} ?>
</table>
<?php
} else echo 'No player deaths exist.';
}
include 'layout/overall/footer.php'; ?>

22
layout/css/style.css
View File

@ -628,3 +628,25 @@ hr {
background-color: green;
border: 1px solid black;
}
/* ///////////\/\\\\\\\\\\\
// Znote YOUTUBE BB \\
///////////\/\\\\\\\\\\\ */
div.youtube {
width: 100%;
max-width: 560px;
}
div.aspectratio {
width: 100%;
padding-bottom: 56.25%; /* 16:9 */
position: relative;
}
div.aspectratio > iframe {
position: absolute;
top: 0; bottom: 0; left: 0; right: 0;
width: 100%;
height: 100%;
}

52
layout/sub.php
View File

@ -1,19 +1,37 @@
<?php
switch ($_GET['page'])
{
case 'blank':
include 'layout/sub/blank.php';
break;
case 'houses':
include 'layout/sub/houses.php';
break;
case 'bomberman':
include 'layout/sub/bomberman.php';
break;
default:
echo '<h2>Sub page not recognized.</h2><p>The sub page you requested is not recognized.</p>';
}
/* Znote AAC Sub System
- Used to create custom pages
- Place the contents of the page in /layout/sub/ folder.
: You don't need to include init, header or footer.
Its already taken care of, just write the contents you want.
Then add that page to the configuration below. Config syntax:
'PAGENAME' => array(
'file' => 'fileName.php',
'override' => false
),
................
There are 2 ways to view your page, by using sub.php file, or by overriding an existing default page.
1: yourwebiste.com/sub.php?page=PAGENAME
2: By having override => true, then it will load your sub file instead of the default znote aac file.
*/
$subpages = array(
// website.com/sub.php?page=blank
'blank' => array(
// layout/sub/blank.php
'file' => 'blank.php',
// false means don't run this file instead of the regular file at website.com/blank.php
'override' => false
),
'houses' => array(
'file' => 'houses.php',
'override' => false
),
'downloads' => array(
'file' => 'downloads.php',
'override' => false
),
);
?>

35
layout/sub/downloads.php Normal file
View File

@ -0,0 +1,35 @@
<div style="background-color: pink;">
<h1>Downloads</h1>
<h2>Sub system Override DEMO</h2>
<p>In order to play, you need an compatible IP changer and a Tibia client.</p>
<p>Download otland IP changer <a href="http://static0.otland.net/ipchanger.exe">HERE</a>.</p>
<p>Download Tibia client <?php echo ($config['client'] / 100); ?> for windows <a href="<?php echo $config['client_download']; ?>">HERE</a>.</p>
<p>Download Tibia client <?php echo ($config['client'] / 100); ?> for linux <a href="<?php echo $config['client_download_linux']; ?>">HERE</a>.</p>
<h2>How to connect and play:</h2>
<ol>
<li>
<a href="<?php echo $config['client_download']; ?>">Download</a> and install the tibia client if you havent already.
</li>
<li>
<a href="http://static0.otland.net/ipchanger.exe">Download</a> and run the IP changer.
</li>
<li>
In the IP changer, write this in the IP field: <?php echo $_SERVER['SERVER_NAME']; ?>
</li>
<li>
In the IP changer, click on <strong>Settings</strong> and then <strong>Add new Tibia client.</strong>
</li>
<li>
In the IP changer, in the Version field, write your desired version.
</li>
<li>
In the IP changer, click on <strong>Browse</strong>, navigate to your desired Tibia version folder, select Tibia.exe and click <strong>Add</strong>. Then click <strong>Close</strong>
</li>
<li>
Now you can successfully login on the tibia client and play clicking on <strong>Apply</strong> every time you want.<br>
If you do not have an account to login with, you need to register an account <a href="register.php">HERE</a>.
</li>
</ol>
</div>

41
login.php
View File

@ -30,20 +30,33 @@ if (empty($_POST) === false) {
if ($login === false) {
$errors[] = 'Username and password combination is wrong.';
} else {
$_SESSION['user_id'] = $login;
// if IP is not set (etc acc created before Znote AAC was in use)
$znote_data = user_znote_account_data($_SESSION['user_id']);
if ($znote_data['ip'] == 0) {
$update_data = array(
'ip' => ip2long(getIP()),
);
user_update_znote_account($update_data);
}
// Send them to myaccount.php
header('Location: myaccount.php');
exit();
// Check if user have access to login
$status = false;
if ($config['mailserver']['register']) {
$authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$login' AND `active`='1' LIMIT 1;");
if ($authenticate !== false) {
$status = true;
} else {
$errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account.";
}
} else $status = true;
if ($status) {
setSession('user_id', $login);
// if IP is not set (etc acc created before Znote AAC was in use)
$znote_data = user_znote_account_data($login);
if ($znote_data['ip'] == 0) {
$update_data = array(
'ip' => ip2long(getIP()),
);
user_update_znote_account($update_data);
}
// Send them to myaccount.php
header('Location: myaccount.php');
exit();
}
}
}
} else {

570
myaccount.php
View File

@ -1,52 +1,6 @@
<?php require_once 'engine/init.php';
protect_page();
include 'layout/overall/header.php';
// Change character comment PAGE2 (Success).
if (!empty($_POST['comment']) &&!empty($_POST['charn'])) {
if (!Token::isValid($_POST['token'])) {
exit();
}
if (user_character_account_id($_POST['charn']) === $session_user_id) {
user_update_comment(user_character_id($_POST['charn']), $_POST['comment']);
echo 'Successfully updated comment.';
}
} else {
// Hide character
if (!empty($_POST['selected_hide'])) {
if (!Token::isValid($_POST['token'])) {
exit();
}
$hide_array = explode("!", $_POST['selected_hide']);
if (user_character_account_id($hide_array[0]) === $session_user_id) {
user_character_set_hide(user_character_id($hide_array[0]), $hide_array[1]);
}
}
// end
// DELETE character
if (!empty($_POST['selected_delete'])) {
if (!Token::isValid($_POST['token'])) {
exit();
}
if (user_character_account_id($_POST['selected_delete']) === $session_user_id) {
$charid = user_character_id($_POST['selected_delete']);
if ($charid !== false) {
if ($config['TFSVersion'] === 'TFS_10') {
if (!user_is_online_10($charid)) {
if (guild_leader_gid($charid) === false) user_delete_character_soft($charid);
else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.';
} else echo 'Character must be offline first.';
} else {
$chr_data = user_character_data($charid, 'online');
if ($chr_data['online'] != 1) {
if (guild_leader_gid($charid) === false) user_delete_character_soft($charid);
else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.';
} else echo 'Character must be offline first.';
}
}
}
}
// end
#region CANCEL CHARACTER DELETE
$undelete_id = @$_GET['cancel_delete_id'];
if($undelete_id) {
@ -59,153 +13,217 @@ if($undelete_id) {
}
#endregion
// CHANGE character name
if (!empty($_POST['change_name'])) {
if (!Token::isValid($_POST['token'])) {
exit();
}
$oldname = getValue($_POST['change_name']);
$newname = getValue($_POST['newName']);
// Variable used to check if main page should be rendered after handling POST (Change comment page)
$render_page = true;
// Handle POST
if (!empty($_POST['selected_character'])) {
if (!empty($_POST['action'])) {
// Validate token
if (!Token::isValid($_POST['token'])) {
exit();
}
// Sanitize values
$action = getValue($_POST['action']);
$char_name = getValue($_POST['selected_character']);
// Handle actions
switch($action) {
// Change character comment PAGE2 (Success).
case 'update_comment':
if (user_character_account_id($char_name) === $session_user_id) {
user_update_comment(user_character_id($char_name), getValue($_POST['comment']));
echo 'Successfully updated comment.';
}
break;
// end
// Hide character
case 'toggle_hide':
$hide = (user_character_hide($char_name) == 1 ? 0 : 1);
if (user_character_account_id($char_name) === $session_user_id) {
user_character_set_hide(user_character_id($char_name), $hide);
}
break;
// end
// DELETE character
case 'delete_character':
if (user_character_account_id($char_name) === $session_user_id) {
$charid = user_character_id($char_name);
if ($charid !== false) {
if ($config['TFSVersion'] === 'TFS_10') {
if (!user_is_online_10($charid)) {
if (guild_leader_gid($charid) === false) user_delete_character_soft($charid);
else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.';
} else echo 'Character must be offline first.';
} else {
$chr_data = user_character_data($charid, 'online');
if ($chr_data['online'] != 1) {
if (guild_leader_gid($charid) === false) user_delete_character_soft($charid);
else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.';
} else echo 'Character must be offline first.';
}
}
}
break;
// end
// CHANGE character name
case 'change_name':
$oldname = $char_name;
$newname = isset($_POST['newName']) ? getValue($_POST['newName']) : '';
$player = false;
if ($config['TFSVersion'] === 'TFS_10') {
$player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '$oldname'");
$player['online'] = (user_is_online_10($player['id'])) ? 1 : 0;
} else $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '$oldname'");
// Check if user is online
if ($player['online'] == 1) {
$errors[] = 'Character must be offline first.';
}
// Check if player has bough ticket
$accountId = $player['account_id'];
$order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '$accountId' LIMIT 1;");
if ($order === false) {
$errors[] = 'Did not find any name change tickets, buy them in our <a href="shop.php">shop!</a>';
}
// Check if player and account matches
if ($session_user_id != $accountId || $session_user_id != $order['account_id']) {
$errors[] = 'Failed to sync your account. :|';
}
// Check if user is online
$player = false;
if ($config['TFSVersion'] === 'TFS_10') {
$player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '$oldname'");
$player['online'] = (user_is_online_10($player['id'])) ? 1 : 0;
} else $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '$oldname'");
// Check if player has bough ticket
$order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id`='".$player['account_id']."' LIMIT 1;");
if ($order !== false) {
//data_dump($order, array($player['account_id'], $session_user_id), "data");
// Check if player and account matches
if ($session_user_id == $player['account_id'] && $session_user_id == $order['account_id']) {
// Check if new name is not occupied
$exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='$newname';");
if (!$exist) {
// Check if new name follow rules
$newname = validate_name($newname);
if ($newname !== false) {
$error = false;
if ($newname === false) {
$errors[] = 'Your name can not contain more than 2 words.';
} else {
if (empty($newname)) {
$errors[] = 'Please enter a name!';
} else if (user_character_exist($newname) !== false) {
$errors[] = 'Sorry, that character name already exist.';
} else if (!preg_match("/^[a-zA-Z_ ]+$/", $newname)) {
$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
} else if (strlen($newname) < $config['minL'] || strlen($newname) > $config['maxL']) {
$errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
} else if (!ctype_upper($newname{0})) {
$errors[] = 'The first letter of a name has to be a capital letter!';
}
// name restriction
$resname = explode(" ", $newname);
$resname = explode(" ", $_POST['newName']);
foreach($resname as $res) {
if(in_array(strtolower($res), $config['invalidNameTags'])) {
$error = true;
}
else if(strlen($res) == 1) {
$error = true;
$errors[] = 'Your username contains a restricted word.';
} else if(strlen($res) == 1) {
$errors[] = 'Too short words in your name.';
}
}
// Check name for illegal characters.
function checkNewNameForIllegal($name) {
if (preg_match('#^[\0-9åäö&()+%/*$€é,.\'"-]*$#i', $name)) {
return true;
}
return false;
}
if (checkNewNameForIllegal($newname)) {
$error = true;
echo 'This name contains illegal characters.';
}
if ($error === false) {
// Change the name!
mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;");
mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;");
}
} else echo "Name validation failed, use another name.";
} else echo "The character name you wish to change to already exist.";
} else echo "Failed to sync your account. :|";
} else echo "Did not find any name change tickets, but them in our <a href='shop.php'>shop!</a>";
}
// end
// Change character sex
if (!empty($_POST['change_gender'])) {
if (!Token::isValid($_POST['token'])) {
exit();
}
if (user_character_account_id($_POST['change_gender']) === $session_user_id) {
$char_name = sanitize($_POST['change_gender']);
$char_id = (int)user_character_id($char_name);
$account_id = user_character_account_id($char_name);
if ($config['TFSVersion'] == 'TFS_10') {
$chr_data = user_is_online_10($char_id);
} else $chr_data = user_character_data($char_id, 'online');
if ($chr_data['online'] != 1) {
// Verify that we are not messing around with data
if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging.");
// Fetch character tickets
$tickets = shop_account_gender_tickets($account_id);
if ($tickets !== false || $config['free_sex_change'] == true) {
// They are allowed to change gender
$last = false;
$infinite = false;
$tks = 0;
// Do we have any infinite tickets?
foreach ($tickets as $ticket) {
if ($ticket['count'] == 0) $infinite = true;
else if ($ticket > 0 && $infinite === false) $tks += (int)$ticket['count'];
}
if ($infinite === true) $tks = 0;
$dbid = (int)$tickets[0]['id'];
// If they dont have unlimited tickets, remove a count from their ticket.
if ($tickets[0]['count'] > 1) { // Decrease count
$tks--;
$tkr = ((int)$tickets[0]['count'] - 1);
shop_update_row_count($dbid, $tkr);
} else if ($tickets[0]['count'] == 1) { // Delete record
shop_delete_row_order($dbid);
$tks--;
if (!empty($newname) && empty($errors)) {
echo 'You have successfully changed your character name to ' . $newname . '.';
mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;");
mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;");
} else if (!empty($errors)) {
echo '<font color="red"><b>';
echo output_errors($errors);
echo '</b></font>';
}
// Change character gender:
//
user_character_change_gender($char_name);
echo 'You have successfully changed gender on character '. $char_name .'.';
if ($tks > 0) echo '<br>You have '. $tks .' gender change tickets left.';
else if ($infinite !== true) echo '<br>You are out of tickets.';
} else echo 'You don\'t have any character gender tickets, buy them in the <a href="shop.php">SHOP</a>!';
} else echo 'Your character must be offline.';
break;
// end
// Change character sex
case 'change_gender':
if (user_character_account_id($char_name) === $session_user_id) {
$char_id = (int)user_character_id($char_name);
$account_id = user_character_account_id($char_name);
if ($config['TFSVersion'] == 'TFS_10') {
$chr_data['online'] = user_is_online_10($char_id) ? 1 : 0;
} else $chr_data = user_character_data($char_id, 'online');
if ($chr_data['online'] != 1) {
// Verify that we are not messing around with data
if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging.");
// Fetch character tickets
$tickets = shop_account_gender_tickets($account_id);
if ($tickets !== false || $config['free_sex_change'] == true) {
// They are allowed to change gender
$last = false;
$infinite = false;
$tks = 0;
// Do we have any infinite tickets?
foreach ($tickets as $ticket) {
if ($ticket['count'] == 0) $infinite = true;
else if ($ticket > 0 && $infinite === false) $tks += (int)$ticket['count'];
}
if ($infinite === true) $tks = 0;
$dbid = (int)$tickets[0]['id'];
// If they dont have unlimited tickets, remove a count from their ticket.
if ($tickets[0]['count'] > 1) { // Decrease count
$tks--;
$tkr = ((int)$tickets[0]['count'] - 1);
shop_update_row_count($dbid, $tkr);
} else if ($tickets[0]['count'] == 1) { // Delete record
shop_delete_row_order($dbid);
$tks--;
}
// Change character gender:
//
user_character_change_gender($char_name);
echo 'You have successfully changed gender on character '. $char_name .'.';
if ($tks > 0) echo '<br>You have '. $tks .' gender change tickets left.';
else if ($infinite !== true) echo '<br>You are out of tickets.';
} else echo 'You don\'t have any character gender tickets, buy them in the <a href="shop.php">SHOP</a>!';
} else echo 'Your character must be offline.';
}
break;
// end
// Change character comment PAGE1:
case 'change_comment':
$render_page = false; // Regular "myaccount" page should not render
if (user_character_account_id($char_name) === $session_user_id) {
$comment_data = user_znote_character_data(user_character_id($char_name), 'comment');
?>
<!-- Changing comment MARKUP -->
<h1>Change comment on:</h1>
<form action="" method="post">
<ul>
<li>
<input name="action" type="hidden" value="update_comment">
<input name ="selected_character" type="text" value="<?php echo $char_name; ?>" readonly="readonly">
</li>
<li>
<font class="profile_font" name="profile_font_comment">Comment:</font> <br>
<textarea name="comment" cols="70" rows="10"><?php echo $comment_data['comment']; ?></textarea>
</li>
<?php
/* Form file */
Token::create();
?>
<li><input type="submit" value="Update Comment"></li>
</ul>
</form>
<?php
}
break;
//end
}
}
}
// end
// Change character comment PAGE1:
if (!empty($_POST['selected_comment'])) {
if (!Token::isValid($_POST['token'])) {
exit();
}
if (user_character_account_id($_POST['selected_comment']) === $session_user_id) {
$comment_data = user_znote_character_data(user_character_id($_POST['selected_comment']), 'comment');
?>
<!-- Changing comment MARKUP -->
<h1>Change comment on:</h1>
<form action="" method="post">
<ul>
<li>
<input name ="charn" type="text" value="<?php echo $_POST['selected_comment']; ?>" readonly="readonly">
</li>
<li>
<font class="profile_font" name="profile_font_comment">Comment:</font> <br>
<textarea name="comment" cols="70" rows="10"><?php echo $comment_data['comment']; ?></textarea>
</li>
<?php
/* Form file */
Token::create();
?>
<li><input type="submit" value="Update Comment"></li>
</ul>
</form>
<?php
}
} else {
// end
if ($render_page) {
$char_count = user_character_list_count($session_user_id);
$pending_delete = user_pending_deletes($session_user_id);
if($pending_delete)
if ($pending_delete) {
foreach($pending_delete as $delete) {
if(new DateTime($delete['time']) > new DateTime())
echo '<b>CAUTION!</b> Your character with name <b>' . $delete['character_name'] . ' will be deleted on ' . $delete['time'] . '</b>. <a href="myaccount.php?cancel_delete_id=' . $delete['id'] . '">Cancel this operation.</a><br/>';
@ -216,6 +234,8 @@ if (!empty($_POST['selected_comment'])) {
$char_count--;
}
}
}
?>
<div id="myaccount">
<h1>My account</h1>
@ -223,7 +243,6 @@ if (!empty($_POST['selected_comment'])) {
You have <?php echo $user_data['premdays']; ?> days remaining premium account.</p>
<h2>Character List: <?php echo $char_count; ?> characters.</h2>
<?php
//data_dump($user_data, false, "data");
// Echo character list!
$char_array = user_character_list($user_data['id']);
// Design and present the list
@ -244,133 +263,80 @@ if (!empty($_POST['selected_comment'])) {
}
?>
</table>
<!-- FORMS TO HIDE CHARACTER-->
<!-- FORMS TO EDIT CHARACTER-->
<form action="" method="post">
<ul>
<li>
Character hide:<br>
<select name="selected_hide" multiple="multiple">
<?php
for ($i = 0; $i < $char_count; $i++) {
if (user_character_hide($characters[$i]) == 1) {
echo '<option value="'. $characters[$i] .'!0">'. $characters[$i] .'</option>';
} else {
echo '<option value="'. $characters[$i] .'!1">'. $characters[$i] .'</option>';
<table class="table">
<tr>
<td>
<select id="selected_character" name="selected_character" class="form-control">
<?php
for ($i = 0; $i < $char_count; $i++) {
if (user_character_hide($characters[$i]) == 1) {
echo '<option value="'. $characters[$i] . '">'. $characters[$i] .'</option>';
} else {
echo '<option value="'. $characters[$i] . '">'. $characters[$i] .'</option>';
}
}
}
?>
</select>
<?php
/* Form file */
Token::create();
?>
<input type="submit" value="Toggle hide" class="btn btn-info">
</li>
</ul>
?>
</select>
</td>
<td>
<select id="action" name="action" class="form-control" onChange="changedOption(this)">
<option value="none" selected>Select action</option>
<option value="toggle_hide">Toggle hide</option>
<option value="change_comment">Change comment</option>
<option value="change_gender">Change gender</option>
<option value="change_name">Change name</option>
<option value="delete_character" class="needconfirmation">Delete character</option>
</select>
</td>
<td id="submit_form">
<?php
/* Form file */
Token::create();
?>
<input id="submit_button" type="submit" value="Submit" class="btn btn-primary btn-block"></input>
</td>
</tr>
</table>
</form>
<!-- FORMS TO CHANGE CHARACTER COMMENT-->
<form action="" method="post">
<ul>
<li>
Character comment:<br>
<select name="selected_comment" multiple="multiple">
<?php
for ($i = 0; $i < $char_count; $i++) {
echo '<option value="'. $characters[$i] .'">'. $characters[$i] .'</option>';
}
?>
</select>
<?php
/* Form file */
Token::create();
?>
<input type="submit" value="Change comment" class="btn btn-info">
</li>
</ul>
</form>
<!-- FORMS TO CHANGE CHARACTER GENDER-->
<form action="" method="post">
<ul>
<li>
Change character gender:<br>
<select name="change_gender" multiple="multiple">
<?php
for ($i = 0; $i < $char_count; $i++) {
echo '<option value="'. $characters[$i] .'">'. $characters[$i] .'</option>';
}
?>
</select>
<?php
/* Form file */
Token::create();
?>
<input type="submit" value="Change gender" class="btn btn-info">
</li>
</ul>
</form>
<!-- FORMS TO CHANGE CHARACTER NAME-->
<form action="" method="post">
<ul>
<li>
Change character name:<br>
<select name="change_name" multiple="multiple">
<?php
for ($i = 0; $i < $char_count; $i++) {
echo '<option value="'. $characters[$i] .'">'. $characters[$i] .'</option>';
}
?>
</select>
<input type="text" name="newName" placeholder="New Name">
<?php
/* Form file */
Token::create();
?>
<input type="submit" value="Change name" class="btn btn-info">
</li>
</ul>
</form>
<!-- FORMS TO DELETE CHARACTER-->
<form action="" method="post">
<ul>
<li>
Delete character:<br>
<select id="selected_delete" name="selected_delete" multiple="multiple">
<?php
for ($i = 0; $i < $char_count; $i++) {
echo '<option value="'. $characters[$i] .'">'. $characters[$i] .'</option>';
}
?>
</select>
<?php
/* Form file */
Token::create();
?>
<input type="submit" value="Delete Character" class="btn btn-danger needconfirmation">
</li>
</ul>
</form>
<script src="engine/js/jquery-1.10.2.min.js" type="text/javascript"></script>
<script>
$(document).ready(function(){
$(".needconfirmation").each(function(e){
$(this).click(function(e){
var itemname = $(this).attr("data-item-name");
var r = confirm("Do you really want to DELETE character: "+$('#selected_delete').find(":selected").text()+"?")
if(r == false){
e.preventDefault();
}
});
});
});
</script>
<?php
} else {
echo 'You don\'t have any characters. Why don\'t you <a href="createcharacter.php">create one</a>?';
}
//Done.
<?php
} else {
echo 'You don\'t have any characters. Why don\'t you <a href="createcharacter.php">create one</a>?';
}
?>
</div>
<script>
function changedOption(e) {
// If selection is 'Change name' add a name field in the form
// Else remove name field if it exists
if (e.value == 'change_name') {
var lastCell = document.getElementById('submit_form');
var x = document.createElement('TD');
x.id = "new_name";
x.innerHTML = '<input type="text" name="newName" placeholder="New Name" class="form-control">';
lastCell.parentNode.insertBefore(x, lastCell);
} else {
var child = document.getElementById('new_name');
if (child) {
child.parentNode.removeChild(child);
}
}
}
</script>
<script src="engine/js/jquery-1.10.2.min.js" type="text/javascript"></script>
<script>
$(document).ready(function(){
$("#submit_button").click(function(e){
if ($("#action").find(":selected").attr('class') == "needconfirmation") {
var r = confirm("Do you really want to DELETE character: "+$('#selected_character').find(":selected").text()+"?")
if (r == false) {
e.preventDefault();
}
}
});
});
</script>
<?php
}
include 'layout/overall/footer.php';

24
paygol_ipn.php
View File

@ -10,18 +10,18 @@ if(!in_array($_SERVER['REMOTE_ADDR'],
}
// get the variables from PayGol system
$message_id = $_GET['message_id'];
$service_id = $_GET['service_id'];
$shortcode = $_GET['shortcode'];
$keyword = $_GET['keyword'];
$message = $_GET['message'];
$sender = $_GET['sender'];
$operator = $_GET['operator'];
$country = $_GET['country'];
$custom = $_GET['custom'];
$points = $_GET['points'];
$price = $_GET['price'];
$currency = $_GET['currency'];
$message_id = getValue($_GET['message_id']);
$service_id = getValue($_GET['service_id']);
$shortcode = getValue($_GET['shortcode']);
$keyword = getValue($_GET['keyword']);
$message = getValue($_GET['message']);
$sender = getValue($_GET['sender']);
$operator = getValue($_GET['operator']);
$country = getValue($_GET['country']);
$custom = getValue($_GET['custom']);
$points = getValue($_GET['points']);
$price = getValue($_GET['price']);
$currency = getValue($_GET['currency']);
$paygol = $config['paygol'];
$new_points = $paygol['points'];

216
recovery.php
View File

@ -1,92 +1,142 @@
<?php require_once 'engine/init.php';
logged_in_redirect();
include 'layout/overall/header.php'; ?>
include 'layout/overall/header.php';
if ($config['mailserver']['accountRecovery']) {
// Fetch, sanitize and assign POST and GET variables.
$mode = (isset($_GET['mode']) && !empty($_GET['mode'])) ? getValue($_GET['mode']) : false;
$email = (isset($_POST['email']) && !empty($_POST['email'])) ? getValue($_POST['email']) : false;
$character = (isset($_POST['character']) && !empty($_POST['character'])) ? getValue($_POST['character']) : false;
$password = (isset($_POST['password']) && !empty($_POST['password'])) ? getValue($_POST['password']) : false;
$username = (isset($_POST['username']) && !empty($_POST['username'])) ? getValue($_POST['username']) : false;
//data_dump($_GET, $_POST, "Posted data.");
<h1>Account Recovery</h1>
<!-- Success markup -->
<?php
$mode_allowed = array('username', 'password');
if (isset($_GET['mode']) === true && in_array($_GET['mode'], $mode_allowed) === true) {
if (isset($_POST['email']) === true && empty($_POST['email']) === false) {
if (user_email_exist($_POST['email']) === true) {
znote_visitor_insert_detailed_data(5);
$mail = $_POST['email'];
$acc_id = user_id_from_email($mail);
if (isset($_POST['character']) === true && empty($_POST['character']) === false) {
if (user_character_exist($_POST['character']) === true) {
// EDOM
if ($_GET['mode'] === 'username') { // Recover password, edom == username
// edom == password
if (isset($_POST['edom']) === true && empty($_POST['edom']) === false) {
if (user_password_match($_POST['edom'], $acc_id) === true) {
// User exist, email exist, character exist. Lets start the recovery function
user_recover($_GET['mode'], $_POST['edom'], $_POST['email'], $_POST['character'], ip2long(getIP()));
//echo 'password';
} else {
echo 'That password is incorrect.';
}
} else { echo 'You forgot to write password.'; }
//echo 'username';
} else {
if (isset($_POST['edom']) === true && empty($_POST['edom']) === false) {
if (user_exist($_POST['edom']) === true) {
// User exist, email exist, character exist. Lets start the recovery function
user_recover($_GET['mode'], $_POST['edom'], $_POST['email'], $_POST['character'], ip2long(getIP()));
//echo 'password';
} else { echo 'That username ['. $_POST['edom'] .'] is incorrect.'; }
} else { echo 'You forgot to write username.'; }
if (!empty($_POST)) {
$status = true;
if ($config['use_captcha']) {
include_once 'captcha/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
$status = false;
}
}
if ($status) {
if (!$username) {
// Recover username
$salt = '';
if ($config['TFSVersion'] != 'TFS_03') {
// TFS 0.2 and 1.0
$password = sha1($password);
} else {
// TFS 0.3/4
if (config('salt') === true) {
$saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='$email' LIMIT 1;");
if ($saltdata !== false) $salt .= $saltdata['salt'];
}
// end EDOM
} else { echo 'That character name does not exist.'; }
} else { echo 'You need to type in a character name from your account.'; }
$password = sha1($salt.$password);
}
$user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '$character' AND `a`.`email` = '$email' AND `a`.`password` = '$password' LIMIT 1;");
if ($user !== false) {
// Found user
$mailer = new Mail($config['mailserver']);
$title = "$_SERVER[HTTP_HOST]: Your username";
$body = "<h1>Account Recovery</h1>";
$body .= "<p>Your username is: <b>$user[name]</b><br>";
$body .= "Enjoy your stay at ".$config['mailserver']['fromName'].". <br>";
$body .= "<hr>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
$mailer->sendMail($email, $title, $body, $user['name']);
?>
<h1>Account Found!</h1>
<p>We have sent your username to <b><?php echo $email; ?></b>.</p>
<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
<?php
} else {
// Wrong submitted info
?>
<h1>Account recovery failed!</h1>
<p>Submitted data is wrong.</p>
<?php
}
} else {
// Recover password
$newpass = rand(100000000, 999999999);
$salt = '';
if ($config['TFSVersion'] != 'TFS_03') {
// TFS 0.2 and 1.0
$password = sha1($newpass);
} else {
// TFS 0.3/4
if (config('salt') === true) {
$saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='$email' LIMIT 1;");
if ($saltdata !== false) $salt .= $saltdata['salt'];
}
$password = sha1($salt.$newpass);
}
$user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name`, `a`.`id` AS `account_id` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '$character' AND `a`.`email` = '$email' AND `a`.`name` = '$username' LIMIT 1;");
if ($user !== false) {
// Found user
// Give him the new password
mysql_update("UPDATE `accounts` SET `password`='$password' WHERE `id`='".$user['account_id']."' LIMIT 1;");
// Send him a mail with the new password
$mailer = new Mail($config['mailserver']);
$title = "$_SERVER[HTTP_HOST]: Your new password";
$body = "<h1>Account Recovery</h1>";
$body .= "<p>Your new password is: <b>$newpass</b><br>";
$body .= "We recommend you to login and change it before you continue playing. <br>";
$body .= "Enjoy your stay at ".$config['mailserver']['fromName'].". <br>";
$body .= "<hr>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
$mailer->sendMail($email, $title, $body, $user['name']);
?>
<h1>Account Found!</h1>
<p>We have sent your new password to <b><?php echo $email; ?></b>.</p>
<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
<?php
} else {
// Wrong submitted info
?>
<h1>Account recovery failed!</h1>
<p>Submitted data is wrong.</p>
<?php
}
}
} else echo "Captcha image verification was submitted wrong.";
} else {
?>
<h1>Account Recovery</h1>
<!-- HTML code -->
<?php
if (in_array($mode, array('username', 'password'))) {
?>
<form action="" method="POST">
<label for="email">Email:</label><input type="text" name="email" placeholder="name@mail.com"><br>
<label for="Character">Character: </label><input type="text" name="character"><br>
<?php
if ($mode === 'password') echo '<label for="username">Username:</label> <input type="text" name="username"><br>';
else echo '<label for="password">Password:</label> <input type="password" name="password"><br>';
if ($config['use_captcha']) {
?>
<b>Write the image symbols in the text field to verify that you are a human:</b>
<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
<input type="text" name="captcha_code" size="10" maxlength="6" />
<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
<?php
}
?>
<input type="submit" value="Recover Account">
</form>
<?php
} else {
echo 'We couldn\'t find that email address!';
?>
<p>Do you wish to recover your <a href="?mode=username">username</a> or <a href="?mode=password">password</a>?</p>
<?php
}
}
?>
<form action="" method="post">
<ul>
<li>
Please enter your email address:<br>
<input type="text" name="email">
</li>
<li>
Please enter your <?php
if (isset($_GET['mode']) === true && in_array($_GET['mode'], $mode_allowed) === true) {
if ($_GET['mode'] === 'username') {
echo 'password';
} else {
echo 'username';
}
} else { echo'[Error: Mode not recognized.]'; exit(); }
?>:<br>
<input type="<?php
if (isset($_GET['mode']) === true && in_array($_GET['mode'], $mode_allowed) === true) {
if ($_GET['mode'] === 'username') {
echo 'password';
} else {
echo 'text';
}
} else { echo'[Error: Mode not recognized.]'; }
?>" name="edom">
</li>
<li>
Character name on your account:<br>
<input type="text" name="character">
</li>
<li>
<input type="submit" value="Recover">
</li>
</ul>
</form>
<?php
} else {
header('Location: index.php');
exit();
?>
<h1>System Disabled</h1>
<p>The admin have disabled automatic account recovery.</p>
<?php
}
?>
<?php include 'layout/overall/footer.php'; ?>
include 'layout/overall/footer.php'; ?>

30
register.php
View File

@ -57,8 +57,8 @@ if (empty($_POST) === false) {
if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters.';
}
if (strlen($_POST['password']) > 33) {
$errors[] = 'Your password must be less than 33 characters.';
if (strlen($_POST['password']) > 100) {
$errors[] = 'Your password must be less than 100 characters.';
}
if ($_POST['password'] !== $_POST['password_again']) {
$errors[] = 'Your passwords do not match.';
@ -82,7 +82,27 @@ if (empty($_POST) === false) {
<h1>Register Account</h1>
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Congratulations! Your account has been created. You may now login to create a character.';
if ($config['mailserver']['register']) {
?>
<h1>Email authentication required</h1>
<p>We have sent you an email with an activation link to your submitted email address.</p>
<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
<?php
} else echo 'Congratulations! Your account has been created. You may now login to create a character.';
} elseif (isset($_GET['authenticate']) && empty($_GET['authenticate'])) {
// Authenticate user, fetch user id and activation key
$auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false;
$akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
// Find a match
$user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' AND `active`='0' LIMIT 1;");
if ($user !== false) {
$user = $user['id'];
// Enable the account to login
mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='$user' LIMIT 1;");
echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>';
} else {
echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
}
} else {
if (empty($_POST) === false && empty($errors) === true) {
if ($config['log_ip']) {
@ -97,8 +117,8 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
'created' => time()
);
user_create_account($register_data);
header('Location: register.php?success');
user_create_account($register_data, $config['mailserver']);
if (!$config['mailserver']['debug']) header('Location: register.php?success');
exit();
//End register

2
settings.php
View File

@ -24,8 +24,6 @@ if (empty($_POST) === false) {
$errors[] = 'That email address is already in use.';
}
}
print_r($errors);
}
?>
<h1>Settings</h1>

4
shop.php
View File

@ -95,7 +95,7 @@ if ($config['shop_auction']['characterAuction']) {
<?php
foreach ($shop_list as $key => $offers) {
echo '<tr class="special">';
echo '<td>'. $offers['describtion'] .'</td>';
echo '<td>'. $offers['description'] .'</td>';
if ($config['shop']['showImage']) echo '<td><img src="http://'. $config['shop']['imageServer'] .'/'. $offers['itemid'] .'.'. $config['shop']['imageType'] .'" alt="img"></td>';
if ($offers['type'] == 2) echo '<td>'. $offers['count'] .' Days</td>';
else if ($offers['type'] == 3 && $offers['count'] == 0) echo '<td>Unlimited</td>';
@ -105,7 +105,7 @@ if ($config['shop_auction']['characterAuction']) {
?>
<form action="" method="POST">
<input type="hidden" name="buy" value="<?php echo (int)$key; ?>">
<input type="submit" value=" PURCHASE " class="needconfirmation" data-item-name="<?php echo $offers['describtion']; ?>" data-item-cost="<?php echo $offers['points']; ?>">
<input type="submit" value=" PURCHASE " class="needconfirmation" data-item-name="<?php echo $offers['description']; ?>" data-item-cost="<?php echo $offers['points']; ?>">
</form>
<?php
echo '</td>';

12
special/database2znoteaac.php
View File

@ -82,23 +82,25 @@ require '../engine/function/users.php';
if (isset($old_accounts) && $old_accounts !== false) {
$time = time();
foreach ($old_accounts as $old) {
// Get acc id
$old_id = $old['id'];
// Make acc data compatible:
mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$old', '0', '$time')");
mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$old_id', '0', '$time')");
$updated_acc += 1;
// Fetch unsalted password
if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) {
$password = user_data($old, 'password', 'salt');
$password = user_data($old_id, 'password', 'salt');
$p_pass = str_replace($password['salt'],"",$password['password']);
}
if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) {
$password = user_data($old, 'password');
$password = user_data($old_id, 'password');
$p_pass = $password['password'];
}
// Verify lenght of password is less than 28 characters (most likely a plain password)
if (strlen($p_pass) < 28 && $old > 1) {
if (strlen($p_pass) < 28 && $old_id > 1) {
// encrypt it with sha1
if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) $p_pass = sha1($p_pass);
if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) $p_pass = sha1($password['salt'].$p_pass);

14
sub.php
View File

@ -1,6 +1,10 @@
<?php require_once 'engine/init.php'; include 'layout/overall/header.php';
if ($config['allowSubPages']) include 'layout/sub.php';
<?php require_once 'engine/init.php'; require_once 'layout/overall/header.php';
if ($config['allowSubPages']) {
$page = (isset($_GET['page']) && !empty($_GET['page'])) ? getValue($_GET['page']) : '';
if (isset($subpages[$page]['file'])) require_once 'layout/sub/'.$subpages[$page]['file'];
else {
if (isset($subpages)) echo '<h2>Sub page not recognized.</h2><p>The sub page you requested is not recognized.</p>';
}
}
else echo '<h2>System disabled.</h2><p>The sub page system is disabled.</p>';
include 'layout/overall/footer.php'; ?>
require_once 'layout/overall/footer.php'; ?>

1
success.php
View File

@ -1,3 +1,4 @@
<?php require_once 'engine/init.php'; include 'layout/overall/header.php'; ?>
<h1>Success!</h1>
Go <script> document.write('<a href="' + document.referrer + '">back</a>'); </script>
<?php include 'layout/overall/footer.php'; ?>