- * - * Copyright (c) 2012, Drew Phillips - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * Any modifications to the library should be indicated clearly in the source code - * to inform users that the changes are not a part of the original software.
- * - * If you found this script useful, please take a quick moment to rate it.
- * http://www.hotscripts.com/rate/49400.html Thanks. - * - * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA - * @link http://www.phpcaptcha.org/latest.zip Download Latest Version - * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation - * @copyright 2012 Drew Phillips - * @author Drew Phillips
"; - } else { - echo "
Incorrect Code
" - ."Incorrect captcha code, try again." - .""; - } - -} else if (isset($_GET['display'])) { - // display the captcha with the supplied ID from the URL - - // construct options specifying the existing captcha ID - // also tell securimage not to start a session - $options = array('captchaId' => $captchaId, - 'no_session' => true); - $captcha = new Securimage($options); - - // show the image, this sends proper HTTP headers - $captcha->show(); - exit; -} - -// generate a new captcha ID and challenge -$captchaId = Securimage::getCaptchaId(); - -// output the captcha ID, and a form to validate it -// the form submits to itself and is validated above -echo <<
Static Captcha Example
- -
- Synopsis:
-
- -
-
- Request new captchaId using Securimage::getCaptchaId() -
- Display form with hidden field containing captchaId -
- Display captcha image passing the captchaId to the image -
- Validate captcha input against captchaId using Securimage::checkByCaptchaId() -
-
- Captcha ID: $captchaId
-
- - -
-
-
-EOD;
diff --git a/changepassword.php b/changepassword.php
index 8616bfd..8c698ec 100644
--- a/changepassword.php
+++ b/changepassword.php
@@ -29,14 +29,12 @@ if (empty($_POST) === false) {
$errors[] = 'Your new passwords do not match.';
} else if (strlen($_POST['new_password']) < 6) {
$errors[] = 'Your new passwords must be at least 6 characters.';
- } else if (strlen($_POST['new_password']) > 32) {
- $errors[] = 'Your new passwords must be less than 33 characters.';
+ } else if (strlen($_POST['new_password']) > 100) {
+ $errors[] = 'Your new passwords must be less than 100 characters.';
}
} else {
$errors[] = 'Your current password is incorrect.';
}
-
- print_r($errors);
}
include 'layout/overall/header.php'; ?>
diff --git a/characterprofile.php b/characterprofile.php
index 005af9e..7ad5676 100644
--- a/characterprofile.php
+++ b/characterprofile.php
@@ -51,84 +51,100 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false) {
echo 'Never.';
}
- ?>
+ ?>
+
- 0) //if player doesn't have any achievement points it won't echo the line below.
- echo '-
- - -
Achievements
-
-
+
+
+ Show/hide player achievements
-
-
-
-
- $achiv) {
- $uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='$user_id' AND `key`='$key' LIMIT 1;");
- foreach ($uery as $luery)
- if (($luery) == $key)
- {
- if (!array_key_exists(($achiv), $config['achievements'])) {
- echo '
-
| ' .$achiv[0]. ' | ' .$achiv[1]. ' | '; - if ($achiv['secret'] == true) { - echo ' | ';
- echo ''. $achiv['points'] .' | '; - } else { - echo ''. $achiv['points'] .' | '; - } - echo '|
Achievements
+
+
Show/hide player achievements
+
+
+
+
+ $achiv) {
+ $uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='$user_id' AND `key`='$key' LIMIT 1;");
+ if (!empty($uery) || $uery !== false) {
+ foreach ($uery as $luery) {
+ if ($luery == $key) {
+ if (!array_key_exists($key, $achiv)) {
+ echo '
+
+ | ' .$achiv[0]. ' | ' .$achiv[1]. ' | '; + if (!isset($achiv['secret'])) { + echo ' | ';
+ }
+ echo ''. $achiv['points'] .' | '; + echo '
diff --git a/config.php b/config.php index 265eb43..6daf883 100644 --- a/config.php +++ b/config.php @@ -52,7 +52,7 @@ // CUSTOM SERVER STUFF \\ // ------------------- \\ // Enable / disable Questlog function (true / false) - $config['EnableQuests'] = false; + $config['EnableQuests'] = false; // array for filling questlog (Questid, max value, name, end of the quest fill 1 for the last part 0 for all others) $config['quests'] = array( @@ -113,7 +113,7 @@ array(12035,2,"The Ice Islands Quest",0), array(12036,6,"The Ice Islands Quest",1), ); - + //Achivements based on "https://github.com/PrinterLUA/FORGOTTENSERVER-ORTS/blob/master/data/lib/achievements_lib.lua" (TFS 1.0) $config['Ach'] = false; $config['achievements'] = array( @@ -123,7 +123,6 @@ 'points' => '1', //points 'img' => 'http://www.tibia-wiki.net/images/Dragon.gif', //img link or folder (example)> 'images/dragon.png' ), - 35001 => array( 'Uniwheel', 'You\'re probably one of the very few people with this classic and unique ride, hope it doesn\'t break anytime soon.', //comment @@ -131,132 +130,129 @@ 'img' => 'http://img1.wikia.nocookie.net/__cb20140214234600/tibia/en/images/e/e5/Uniwheel.gif', //img link or folder (example)> 'images/dragon.png' 'secret' => true ), - - 30001 => array( + 30001 => array( 'Allow Cookies?', 'With a perfectly harmless smile you fooled all of those wicecrackers into eating your exploding cookies. Consider a boy or girl scout outfit next time to make the trick even better.', 'points' => '10', // 1-3 points (1star), 4-6 points(2 stars), 7-9 points(3 stars), 10 points => (4 stars) 'secret' => true // show "secret" image ), - 30002 => array( + 30002 => array( 'Backpack Tourist', 'If someone lost a random thing in a random place, you\'re probably a good person to ask and go find it, even if you don\'t know what and where.', 'points' => '7' ), - 30003 => array( + 30003 => array( 'Bearhugger', 'Warm, furry and cuddly - though that same bear you just hugged would probably rip you into pieces if he had been conscious, he reminded you of that old teddy bear which always slept in your bed when you were still small.', 'points' => '4' ), - 30004 => array( + 30004 => array( 'Bone Brother', 'You\'ve joined the undead bone brothers - making death your enemy and your weapon as well. Devouring what\'s weak and leaving space for what\'s strong is your primary goal.', 'points' => '1' ), - 30005 => array( + 30005 => array( 'Chorister', 'Lalalala... you now know the cult\'s hymn sung in Liberty Bay by heart. Not that hard, considering that it mainly consists of two notes and repetitive lyrics.', 'points' => '1' ), - 30006 => array( + 30006 => array( 'Fountain of Life', 'You found and took a sip from the Fountain of Life. Thought it didn\'t grant you eternal life, you feel changed and somehow at peace.', 'points' => '1', 'secret' => true ), - 30007 => array( + 30007 => array( 'Here, Fishy Fishy!', 'Ah, the smell of the sea! Standing at the shore and casting a line is one of your favourite activities. For you, fishing is relaxing - and at the same time, providing easy food. Perfect!', 'points' => '1' ), - 30008 => array( + 30008 => array( 'Honorary Barbarian', 'You\'ve hugged bears, pushed mammoths and proved your drinking skills. And even though you have a slight hangover, a partially fractured rib and some greasy hair on your tongue, you\'re quite proud to call yourself a honorary barbarian from now on.', 'points' => '1' ), - 30009 => array( + 30009 => array( 'Huntsman', 'You\'re familiar with hunting tasks and have carried out quite a few already. A bright career as hunter for the Paw & Fur society lies ahead!', 'points' => '2' ), - 300010 => array( + 300010 => array( 'Just in Time', 'You\'re a fast runner and are good at delivering wares which are bound to decay just in the nick of time, even if you can\'t use any means of transportation or if your hands get cold or smelly in the process.', 'points' => '1' ), - 30011 => array( + 30011 => array( 'Matchmaker', 'You don\'t believe in romance to be a coincidence or in love at first sight. In fact - love potions, bouquets of flowers and cheesy poems do the trick much better than ever could. Keep those hormones flowing!', 'points' => '1', 'secret' => true ), - 30012 => array( + 30012 => array( 'Nightmare Knight', 'You follow the path of dreams and that of responsibility without self-centered power. Free from greed and selfishness, you help others without expecting a reward.', 'points' => '1', 'secret' => true ), - 30013 => array( + 30013 => array( 'Party Animal', 'Oh my god, it\'s a paaaaaaaaaaaarty! You\'re always in for fun, friends and booze and love being the center of attention. There\'s endless reasons to celebrate! Woohoo!', 'points' => '1', 'secret' => true ), - 30014 => array( + 30014 => array( 'Secret Agent', 'Pack your spy gear and get ready for some dangerous missions in service of a secret agency. You\'ve shown you want to - but can you really do it? Time will tell.', 'points' => '1', 'secret' => true ), - 30015 => array( + 30015 => array( 'Talented Dancer', 'You\'re a lord or lady of the dance - and not afraid to use your skills to impress tribal gods. One step to the left, one jump to the right, twist and shout!', 'points' => '1' ), - 30016 => array( + 30016 => array( 'Territorial', 'Your map is your friend - always in your back pocket and covered with countless marks of interesting and useful locations. One could say that you might be lost without it - but luckily there\'s no way to take it from you.', 'points' => '1' ), - 30017 => array( + 30017 => array( 'Worm Whacker', 'Weehee! Whack those worms! You sure know how to handle a big hammer.', 'points' => '1', 'secret' => true ), - 30018 => array( + 30018 => array( 'Allowance Collector', 'You certainly have your ways when it comes to acquiring money. Many of them are pink and paved with broken fragments of porcelain.', 'points' => '1' ), - 30019 => array( + 30019 => array( 'Amateur Actor', 'You helped bringing Princess Buttercup, Doctor Dumbness and Lucky the Wonder Dog to life - and will probably dream of them tonight, since you memorised your lines perfectly. What a .. special piece of.. screenplay.', 'points' => '2' ), - 30020 => array( + 30020 => array( 'Animal Activist', 'Phasellus lacinia odio dolor, in elementum mauris dapibus a. Vivamus nec gravida libero, ac pretium eros. Nam in dictum ealesuada sodales. Nullam eget ex sit amet urna fringilla molestie. Aliquam lobortis urna eros, vel elementum metus accumsan eu. Nulla porttitor in lacus vel ullamcorper.', 'points' => '2', 'secret' => true), - ); - + ); + // TFS 1.0 powergamers and top online - //Before enabling powergamers, make sure that you have added LUA files and possible cloums to your server. - //files can be found at Lua folder. - + //Before enabling powergamers, make sure that you have added LUA files and possible cloums to your server. + //files can be found at Lua folder. + $config['powergamers'] = array( 'enabled' => true, // Enable or disable page 'limit' => 20, //Number of players that it will show. ); - + $config['toponline'] = array( 'enabled' => true, // Enable or disable page 'limit' => 20, //Number of players that it will show. ); - - // Vocation ids and names. $config['vocations'] = array( 0 => 'No vocation', @@ -320,7 +316,7 @@ 'cap' => 25 ), ); - // Town ids and names: (In RME map editor, open map, click CTRL + T to view towns, their names and their IDs. + // Town ids and names: (In RME map editor, open map, click CTRL + T to view towns, their names and their IDs. // townID => 'townName' etc: ['3'=>'Thais'] $config['towns'] = array( 2 => 'Thyrfing', @@ -346,7 +342,7 @@ ); $config['war_status'] = array( - 0 => 'Pending..', + 0 => 'Pending', 1 => 'Accepted', 2 => 'Rejected', 3 => 'Cancelled', @@ -439,8 +435,8 @@ $config['salt'] = false; // Some noob 0.3.6 servers don't support salt. // Restricted names - $config['invalidNameTags'] = array("owner", "gamemaster", "hoster", "admin", "staff", "tibia", "account", "god","anal","ass","fuck","sex","hitler", "pussy","dick","rape","cm","gm","amazon","valkyrie","carrion worm","rotworm","rotworm queen","cockroach","kongra","merlkin","sibang","crystal spider","giant spider","poison spider","scorpion","spider","tarantula","achad","axeitus headbanger","bloodpaw","bovinus","colerian the barbarian","cursed gladiator","frostfur","orcus the cruel","rocky","the hairy one","avalanche","drasilla","grimgor guteater","kreebosh the exile","slim","spirit of earth","spirit of fire","spirit of water","the dark dancer","the hag","darakan the executioner","deathbringer","fallen mooh'tah master ghar","gnorre chyllson","norgle glacierbeard","svoren the mad","the masked marauder","the obliverator","the pit lord","webster","barbarian bloodwalker","barbarian brutetamer","barbarian headsplitter","barbarian skullhunter","bear","panda","polar bear","braindeath","beholder","elder beholder","gazer","chicken","dire penguin","flamingo","parrot","penguin","seagull","terror bird","bazir","infernatil","thul","munster","son of verminor","xenia","zoralurk","big boss trolliver","foreman kneebiter","mad technomancer","man in the cave","lord of the elements","the count","the plasmother","dracola","the abomination","the handmaiden","mr. punish","the countess sorrow","the imperor","massacre","apocalypse","brutus bloodbeard","deadeye devious","demodras","dharalion","fernfang","ferumbras","general murius","ghazbaran","grorlam","lethal lissy","morgaroth","necropharus","orshabaal","ron the ripper","the evil eye","the horned fox","the old widow","tiquandas revenge","apprentice sheng","dog","hellhound","war wolf","winter wolf","wolf","chakoya toolshaper","chakoya tribewarden","chakoya windcaller","blood crab","crab","frost giant","frost giantess","ice golem","yeti","acolyte of the cult","adept of the cult","enlightened of the cult","novice of the cult","ungreez","dark torturer","demon","destroyer","diabolic imp","fire devil","fury","hand of cursed fate","juggernaut","nightmare","plaguesmith","blue djinn","efreet","admin","green djinn","marid","frost dragon","wyrm","sea serpent","dragon lord","dragon","hydra","dragon hatchling","dragon lord hatchling","frost dragon hatchling","dwarf geomancer","dwarf guard","dwarf soldier","dwarf","dworc fleshhunter","dworc venomsniper","dworc voodoomaster","elephant","mammoth","elf arcanist","elf scout","elf","charged energy elemental","energy elemental","massive energy elemental","overcharged energy elemental","energy overlord","cat","lion","tiger","azure frog","coral frog","crimson frog","green frog","orchid frog","toad","jagged earth elemental","muddy earth elemental","earth elemental","massive earth elemental","earth overlord","gargoyle","stone golem","ghost","phantasm","phantasm","pirate ghost","spectre","cyclops smith","cyclops drone","behemoth","cyclops","slick water elemental","roaring water elemental","ice overlord","water elemental","massive water elemental","ancient scarab","butterfly","bug","centipede","exp bug","larva","scarab","wasp","lizard sentinel","lizard snakecharmer","lizard templar","minotaur archer","minotaur guard","minotaur mage","minotaur","squirrel","goblin demon","badger","bat","deer","the halloween hare","hyaena","pig","rabbit","silver rabbit","skunk","wisp","dark monk","monk","tha exp carrier","necromancer","priestess","orc berserker","orc leader","orc rider","orc shaman","orc spearman","orc warlord","orc warrior","orc","goblin leader","goblin scavenger","goblin","goblin assassin","assasin","bandit","black knight","hero","hunter","nomad","smuggler","stalker","poacher","wild warrior","ashmunrah","dipthrah","mahrdis","morguthis","omruc","rahemos","thalas","vashresamun","pirate buccaneer","pirate corsair","pirate cutthroat","pirate marauder","carniphila","spit nettle","fire overlord","massive fire elemental","blistering fire elemental","blazing fire elemental","fire elemental","hellfire fighter","quara constrictor scout","quara hydromancer scout","quara mantassin scout","quara pincher scout","quara predator scout","quara constrictor","quara hydromancer","quara mantassin","quara pincher","quara predator","cave rat","rat","cobra","crocodile","serpent spawn","snake","wyvern","black sheep","sheep","mimic","betrayed wraith","bonebeast","demon skeleton","lost soul","pirate skeleton","skeleton","skeleton warrior","undead dragon","defiler","slime2","slime","bog raider","ice witch","warlock","witch","bones","fluffy","grynch clan goblin","hacker","minishabaal","primitive","tibia bug","undead minion","annihilon","hellgorak","latrivan","madareth","zugurosh","ushuriel","golgordan","thornback tortoise","tortoise","eye of the seven","deathslicer","flamethrower","magicthrower","plaguethrower","poisonthrower","shredderthrower","troll champion","frost troll","island troll","swamp troll","troll","banshee","blightwalker","crypt shambler","ghoul","lich","mummy","vampire","grim reaper","frost dragon","mercenary","zathroth","goshnar","durin","demora","orc champion","dracula","alezzo","prince almirith","elf warlord","magebomb","nightmare scion"); - + $config['invalidNameTags'] = array("owner", "gamemaster", "hoster", "admin", "staff", "tibia", "account", "god", "anal", "ass", "fuck", "sex", "hitler", "pussy", "dick", "rape", "cm", "gm", "amazon", "valkyrie", "carrion worm", "rotworm", "rotworm queen", "cockroach", "kongra", "merlkin", "sibang", "crystal spider", "giant spider", "poison spider", "scorpion", "spider", "tarantula", "achad", "axeitus headbanger", "bloodpaw", "bovinus", "colerian the barbarian", "cursed gladiator", "frostfur", "orcus the cruel", "rocky", "the hairy one", "avalanche", "drasilla", "grimgor guteater", "kreebosh the exile", "slim", "spirit of earth", "spirit of fire", "spirit of water", "the dark dancer", "the hag", "darakan the executioner", "deathbringer", "fallen mooh'tah master ghar", "gnorre chyllson", "norgle glacierbeard", "svoren the mad", "the masked marauder", "the obliverator", "the pit lord", "webster", "barbarian bloodwalker", "barbarian brutetamer", "barbarian headsplitter", "barbarian skullhunter", "bear", "panda", "polar bear", "braindeath", "beholder", "elder beholder", "gazer", "chicken", "dire penguin", "flamingo", "parrot", "penguin", "seagull", "terror bird", "bazir", "infernatil", "thul", "munster", "son of verminor", "xenia", "zoralurk", "big boss trolliver", "foreman kneebiter", "mad technomancer", "man in the cave", "lord of the elements", "the count", "the plasmother", "dracola", "the abomination", "the handmaiden", "mr. punish", "the countess sorrow", "the imperor", "massacre", "apocalypse", "brutus bloodbeard", "deadeye devious", "demodras", "dharalion", "fernfang", "ferumbras", "general murius", "ghazbaran", "grorlam", "lethal lissy", "morgaroth", "necropharus", "orshabaal", "ron the ripper", "the evil eye", "the horned fox", "the old widow", "tiquandas revenge", "apprentice sheng", "dog", "hellhound", "war wolf", "winter wolf", "wolf", "chakoya toolshaper", "chakoya tribewarden", "chakoya windcaller", "blood crab", "crab", "frost giant", "frost giantess", "ice golem", "yeti", "acolyte of the cult", "adept of the cult", "enlightened of the cult", "novice of the cult", "ungreez", "dark torturer", "demon", "destroyer", "diabolic imp", "fire devil", "fury", "hand of cursed fate", "juggernaut", "nightmare", "plaguesmith", "blue djinn", "efreet", "admin", "green djinn", "marid", "frost dragon", "wyrm", "sea serpent", "dragon lord", "dragon", "hydra", "dragon hatchling", "dragon lord hatchling", "frost dragon hatchling", "dwarf geomancer", "dwarf guard", "dwarf soldier", "dwarf", "dworc fleshhunter", "dworc venomsniper", "dworc voodoomaster", "elephant", "mammoth", "elf arcanist", "elf scout", "elf", "charged energy elemental", "energy elemental", "massive energy elemental", "overcharged energy elemental", "energy overlord", "cat", "lion", "tiger", "azure frog", "coral frog", "crimson frog", "green frog", "orchid frog", "toad", "jagged earth elemental", "muddy earth elemental", "earth elemental", "massive earth elemental", "earth overlord", "gargoyle", "stone golem", "ghost", "phantasm", "phantasm", "pirate ghost", "spectre", "cyclops smith", "cyclops drone", "behemoth", "cyclops", "slick water elemental", "roaring water elemental", "ice overlord", "water elemental", "massive water elemental", "ancient scarab", "butterfly", "bug", "centipede", "exp bug", "larva", "scarab", "wasp", "lizard sentinel", "lizard snakecharmer", "lizard templar", "minotaur archer", "minotaur guard", "minotaur mage", "minotaur", "squirrel", "goblin demon", "badger", "bat", "deer", "the halloween hare", "hyaena", "pig", "rabbit", "silver rabbit", "skunk", "wisp", "dark monk", "monk", "tha exp carrier", "necromancer", "priestess", "orc berserker", "orc leader", "orc rider", "orc shaman", "orc spearman", "orc warlord", "orc warrior", "orc", "goblin leader", "goblin scavenger", "goblin", "goblin assassin", "assasin", "bandit", "black knight", "hero", "hunter", "nomad", "smuggler", "stalker", "poacher", "wild warrior", "ashmunrah", "dipthrah", "mahrdis", "morguthis", "omruc", "rahemos", "thalas", "vashresamun", "pirate buccaneer", "pirate corsair", "pirate cutthroat", "pirate marauder", "carniphila", "spit nettle", "fire overlord", "massive fire elemental", "blistering fire elemental", "blazing fire elemental", "fire elemental", "hellfire fighter", "quara constrictor scout", "quara hydromancer scout", "quara mantassin scout", "quara pincher scout", "quara predator scout", "quara constrictor", "quara hydromancer", "quara mantassin", "quara pincher", "quara predator", "cave rat", "rat", "cobra", "crocodile", "serpent spawn", "snake", "wyvern", "black sheep", "sheep", "mimic", "betrayed wraith", "bonebeast", "demon skeleton", "lost soul", "pirate skeleton", "skeleton", "skeleton warrior", "undead dragon", "defiler", "slime2", "slime", "bog raider", "ice witch", "warlock", "witch", "bones", "fluffy", "grynch clan goblin", "hacker", "minishabaal", "primitive", "tibia bug", "undead minion", "annihilon", "hellgorak", "latrivan", "madareth", "zugurosh", "ushuriel", "golgordan", "thornback tortoise", "tortoise", "eye of the seven", "deathslicer", "flamethrower", "magicthrower", "plaguethrower", "poisonthrower", "shredderthrower", "troll champion", "frost troll", "island troll", "swamp troll", "troll", "banshee", "blightwalker", "crypt shambler", "ghoul", "lich", "mummy", "vampire", "grim reaper", "frost dragon", "mercenary", "zathroth", "goshnar", "durin", "demora", "orc champion", "dracula", "alezzo", "prince almirith", "elf warlord", "magebomb", "nightmare scion"); + // Use guild logo system $config['use_guild_logos'] = true; @@ -461,7 +457,7 @@ // What client version and server port are you using on this OT? // Used for the Downloads page. - $config['client'] = 1037; // 954 = tibia 9.54 + $config['client'] = 1041; // 954 = tibia 9.54 // Download link to client. Recommended: // Select download link from remere map editor website! @@ -517,6 +513,23 @@ $config['api'] = array( 'debug' => false, ); + + // Email Server configurations (SMTP) + /* Download PHPMailer: https://github.com/PHPMailer/PHPMailer/archive/master.zip + Extract to Znote AAC directory (where this config.php file is located) + Rename the folder to "PHPMailer". Then configure this with your SMTP mail settings from your email provider. + */ + $config['mailserver'] = array( + 'register' => false, // Send activation mail + 'accountRecovery' => false, // Recover username or password through mail + 'host' => "mailserver.znote.eu", // Outgoing mail server host. + 'securityType' => 'ssl', // ssl or tls + 'port' => 465, // SMTP port number - likely to be 465(ssl) or 587(tls) + 'username' => 'noreply@znote.eu', // Likely the email address + 'password' => 'emailpassword', // The password. + 'debug' => false, // Enable debugging if you have problems and are looking for errors. + 'fromName' => $config['site_title'], + ); // Use Znote's External Open Tibia Services Server // Currently in Alpha and is pretty useless, but will contain paypal blacklist etc in future. // You can use the official server: http://zeotss.znote.eu/ @@ -549,7 +562,7 @@ // BAN STUFF - Don't touch this unless you know what you are doing. // You can order the lines the way you want, from top to bot, in which order you - // wish for them to be displayed in admin panel. Just make sure key[#] represent your describtion. + // wish for them to be displayed in admin panel. Just make sure key[#] represent your description. $config['ban_type'] = array( 4 => 'NOTATION_ACCOUNT', 2 => 'NAMELOCK_PLAYER', @@ -560,7 +573,7 @@ // BAN STUFF - Don't touch this unless you know what you are doing. // You can order the lines the way you want, from top to bot, in which order you - // wish for them to be displayed in admin panel. Just make sure key[#] represent your describtion. + // wish for them to be displayed in admin panel. Just make sure key[#] represent your description. $config['ban_action'] = array( 0 => 'Notation', 1 => 'Name Report', @@ -600,7 +613,7 @@ // BAN STUFF // Ban time duration selection in admin panel - // seconds => describtion + // seconds => description $config['ban_time'] = array( 3600 => '1 hour', 21600 => '6 hours', @@ -612,13 +625,15 @@ 2592000 => '1 month', ); - // --------------- \\ // SECURITY STUFF \\ // --------------- \\ $config['use_token'] = false; $config['use_captcha'] = false; + // Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict. + $config['session_prefix'] = 'znote_'; + /* Store visitor data Store visitor data in the database, logging every IP visitng site, and how many times they have visited the site. And sometimes what @@ -631,7 +646,6 @@ if table never gets flushed once in a while. So I highly recommend you to configure flush_ip_logs if IPs are logged. */ - $config['log_ip'] = false; // Flush IP logs each configured seconds, 60 * 15 = 15 minutes. @@ -687,7 +701,7 @@ /// PAYGOL SMS /// ////////////////// // !!! Paygol takes 60%~ of the money, and send aprox 40% to your paypal. - // You can configure paygol to send each month, then they will send money + // You can configure paygol to send each month, then they will send money // to you 1 month after recieving 50+ eur. $config['paygol'] = array( 'enabled' => true, @@ -721,7 +735,7 @@ 'requiredLevel' => 50, // Minimum level of sold character 'leastValue' => 10, // Lowest donation points a char can be sold for. 'leastTime' => 24, // In hours. False to disable. - // leastTime = Lowest duration of time an auctioned player has to be + // leastTime = Lowest duration of time an auctioned player has to be // sellable before auctioneer can claim character back. ); @@ -732,7 +746,7 @@ 'type' => 1, // 1 = item id offers, 2 = premium days [itemid ignored], 3 = sex change[itemid & count ignored], 4+ = custom. 'itemid' => 2160, // item to get in-game 'count' => 5, //if type is 2, this represents premium days - 'describtion' => "Crystal coin.", // Describtion shown on website + 'description' => "Crystal coin.", // Description shown on website 'points' => 100, // How many points this offer costs ), @@ -741,7 +755,7 @@ 'type' => 1, 'itemid' => 2392, 'count' => 1, - 'describtion' => "Fire sword.", + 'description' => "Fire sword.", 'points' => 10, ), @@ -750,7 +764,7 @@ 'type' => 2, 'itemid' => 12466, // Item to display on page 'count' => 7, - 'describtion' => "Premium membership.", + 'description' => "Premium membership.", 'points' => 25, ), @@ -759,21 +773,21 @@ 'type' => 3, 'itemid' => 12666, 'count' => 3, - 'describtion' => "Change character gender.", + 'description' => "Change character gender.", 'points' => 10, ), 5 => array( 'type' => 3, 'itemid' => 12666, 'count' => 0, - 'describtion' => "Change character gender.", + 'description' => "Change character gender.", 'points' => 20, ), 5 => array( 'type' => 4, 'itemid' => 12666, 'count' => 1, - 'describtion' => "Change character name.", + 'description' => "Change character name.", 'points' => 20, ), ); diff --git a/createcharacter.php b/createcharacter.php index 32d34f8..fbbdc19 100644 --- a/createcharacter.php +++ b/createcharacter.php @@ -28,7 +28,7 @@ if (empty($_POST) === false) { $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; } if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) { - $errors[] = 'Your character name must be between 4 - 20 characters long.'; + $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.'; } // name restriction $resname = explode(" ", $_POST['name']); diff --git a/engine/database/connect.php b/engine/database/connect.php index a3229e1..783d1f2 100644 --- a/engine/database/connect.php +++ b/engine/database/connect.php @@ -30,6 +30,8 @@ CREATE TABLE IF NOT EXISTS `znote_accounts` ( `created` int(10) NOT NULL, `points` int(10) DEFAULT 0, `cooldown` int(10) DEFAULT 0, + `active` tinyint(4) NOT NULL DEFAULT '0', + `activekey` int(11) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ; @@ -121,7 +123,7 @@ CREATE TABLE IF NOT EXISTS `znote_shop` ( `type` int(11) NOT NULL, `itemid` int(11) DEFAULT NULL, `count` int(11) NOT NULL DEFAULT '1', - `describtion` varchar(255) NOT NULL, + `description` varchar(255) NOT NULL, `points` int(11) NOT NULL DEFAULT '10', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; diff --git a/engine/function/general.php b/engine/function/general.php index eb0cae7..6cd5108 100644 --- a/engine/function/general.php +++ b/engine/function/general.php @@ -1,4 +1,12 @@ _config = $config; + } + + /** + * Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!). + * + * @param string $to, string $title, string $text, string $accname + * @access public + * @return boolean + **/ + public function sendMail($to, $title, $text, $accname = '') { + //SMTP needs accurate times, and the PHP time zone MUST be set + //This should be done in your php.ini, but this is how to do it if you don't have access to that + //date_default_timezone_set('Etc/UTC'); + + require 'PHPMailer/PHPMailerAutoload.php'; + + //Create a new PHPMailer instance + $mail = new PHPMailer(); + + //Tell PHPMailer to use SMTP + $mail->isSMTP(); + + //Enable SMTP debugging + // 0 = off (for production use) + // 1 = client messages + // 2 = client and server messages + $mail->SMTPDebug = ($this->_config['debug']) ? 2 : 0; + + //Ask for HTML-friendly debug output + $mail->Debugoutput = 'html'; + + //Set the hostname of the mail server + $mail->Host = $this->_config['host']; + + //Set the SMTP port number - likely to be 25, 465 or 587 + $mail->Port = $this->_config['port']; + + //Whether to use SMTP authentication + $mail->SMTPAuth = true; + $mail->SMTPSecure = $this->_config['securityType']; + + //Username to use for SMTP authentication + $mail->Username = $this->_config['username']; + + //Password to use for SMTP authentication + $mail->Password = $this->_config['password']; + + //Set who the message is to be sent from + $mail->setFrom($this->_config['username'], $this->_config['fromName']); + + //Set who the message is to be sent to + $mail->addAddress($to, $accname); + + //Set the subject line + $mail->Subject = $title; + + // Body + $mail->Body = $text; + + // Convert HTML -> plain for legacy mail recievers + // Create new lines instead of
html tags. + $text = str_replace("
", "\n", $text); + $text = str_replace("
", "\n", $text); + // Then get rid of the rest of the html tags. + $text = strip_tags($text); + + //Replace the plain text body with one created manually + $mail->AltBody = $text; + + + //send the message, check for errors + $status = false; + if (!$mail->send()) { + echo "Mailer Error: " . $mail->ErrorInfo; + exit(); + } else { + $status = true; + } + return $status; + } +} \ No newline at end of file diff --git a/engine/function/users.php b/engine/function/users.php index b66bf85..338d271 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -241,7 +241,7 @@ function shop_account_gender_tickets($accid) { // function guild_remove_member($cid) { $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid"); + mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid"); } function guild_remove_member_10($cid) { $cid = (int)$cid; @@ -330,7 +330,7 @@ function guild_delete($gid) { // Player leave guild function guild_player_leave($cid) { $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid LIMIT 1;"); + mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid LIMIT 1;"); } function guild_player_leave_10($cid) { $cid = (int)$cid; @@ -409,6 +409,27 @@ function update_player_guild_position_10($cid, $rid) { mysql_update("UPDATE `guild_membership` SET `rank_id`='$rid' WHERE `player_id`=$cid"); } +// Update player's guild nick +function update_player_guildnick($cid, $nick) { + $cid = (int)$cid; + $nick = sanitize($nick); + if (!empty($nick)) { + + mysql_update("UPDATE `players` SET `guildnick`='$nick' WHERE `id`=$cid"); + } else { + mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid"); + } +} +function update_player_guildnick_10($cid, $nick) { + $cid = (int)$cid; + $nick = sanitize($nick); + if (!empty($nick)) { + mysql_update("UPDATE `guild_membership` SET `nick`='$nick' WHERE `player_id`=$cid"); + } else { + mysql_update("UPDATE `guild_membership` SET `nick`= NULL WHERE `player_id`=$cid"); + } +} + // Get guild data, using guild id. function get_guild_rank_data($gid) { $gid = (int)$gid; @@ -422,7 +443,7 @@ function create_guild($cid, $name) { $time = time(); // Create the guild - mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', 'The guild has been created!');"); + mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', '');"); // Get guild id $gid = get_guild_id($name); @@ -505,8 +526,23 @@ function get_guilds_list() { // Get array of player data related to a guild. function get_guild_players($gid) { $gid = (int)$gid; // Sanitizing the parameter id - if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;"); - else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name"); + if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.guildnick, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;"); + else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gm.nick AS `guildnick`, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name"); +} + +// Get guild level data (avg level, total level, count of players) +function get_guild_level_data($gid) { + $gid = (int)$gid; + $data = (config('TFSVersion') !== 'TFS_10') ? mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid';") : mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name;"); + $members = 0; + $totallevels = 0; + if ($data !== false) { + foreach ($data as $player) { + $members++; + $totallevels += $player['level']; + } + return array('avg' => (int)($totallevels / $members), 'total' => $totallevels, 'players' => $members); + } else return false; } // Returns total members in a guild (integer) @@ -772,7 +808,7 @@ function user_delete_character_soft($char_id) { $char_name = user_character_name($char_id); $original_acc_id = user_character_account_id($char_name); if(!user_character_pending_delete($char_name)) - mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . Config('delete_character_interval') . '), 0)'); + mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . config('delete_character_interval') . '), 0)'); else return false; } @@ -994,7 +1030,7 @@ function user_update_account($update_data) { $update[] = '`'. $field .'` = \''. $data .'\''; } - $user_id = sanitize($_SESSION['user_id']); + $user_id = (int)getSession('user_id'); mysql_update("UPDATE `accounts` SET ". implode(', ', $update) ." WHERE `id`=". $user_id .";"); } @@ -1008,7 +1044,7 @@ function user_update_znote_account($update_data) { $update[] = '`'. $field .'` = \''. $data .'\''; } - $user_id = sanitize($_SESSION['user_id']); + $user_id = (int)getSession('user_id'); mysql_update("UPDATE `znote_accounts` SET ". implode(', ', $update) ." WHERE `account_id`=". $user_id .";"); } @@ -1042,7 +1078,7 @@ function user_character_set_hide($char_id, $value) { } // CREATE ACCOUNT -function user_create_account($register_data) { +function user_create_account($register_data, $maildata) { array_walk($register_data, 'array_sanitize'); if (config('TFSVersion') == 'TFS_03' && config('salt') === true) { @@ -1064,10 +1100,25 @@ function user_create_account($register_data) { mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)"); $account_id = user_id($register_data['name']); - mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')"); + $activeKey = rand(100000000,999999999); + mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('$account_id', '$ip', '$created', '$activeKey')"); - //TO-DO: mail server and verification. - // http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/ + if ($maildata['register']) { + + $thisurl = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; + $thisurl .= "?authenticate&u=".$account_id."&k=".$activeKey; + + $mailer = new Mail($maildata); + + $title = "Please authenticate your account at $_SERVER[HTTP_HOST]."; + + $body = "
Please click on the following link to authenticate your account:
"; + $body .= ""; + $body .= "Thank you for registering and enjoy your stay at $maildata[fromName].
"; + $body .= "I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.
"; + + $mailer->sendMail($register_data['email'], $title, $body, $register_data['name']); + } } // CREATE CHARACTER @@ -1197,7 +1248,7 @@ function user_count_accounts() { */ function user_character_data($user_id) { $data = array(); - $user_id = sanitize($user_id); + $user_id = (int)$user_id; $func_num_args = func_num_args(); $func_get_args = func_get_args(); if ($func_num_args > 1) { @@ -1449,7 +1500,7 @@ function user_login_03($username, $password) { // Verify that user is logged in function user_logged_in() { - return (isset($_SESSION['user_id'])) ? true : false; + return (getSession('user_id') !== false) ? true : false; } function guild_war_invitation($cid, $gid) { @@ -1481,4 +1532,4 @@ function cancel_war_invitation($cid, $gid) { mysql_update("UPDATE `guild_wars` SET `status` = 3, `ended` = '$time' WHERE `guild2` = '$cid' AND `guild1` = '$gid';"); } -?> \ No newline at end of file +?> diff --git a/engine/init.php b/engine/init.php index e405099..5efad58 100644 --- a/engine/init.php +++ b/engine/init.php @@ -1,7 +1,4 @@ -WINDOWS:
Download and use the latest Uniform Server.
CLICK ME to get to their website.
XAMPP sucks and is insecure. Kthxbye.
LINUX DEBIAN:
Edit /etc/apt/sources.list
etc if you use nano text editor, make sure you are root and do
nano /etc/apt/sources.list
At the bottom, add this:
deb http://packages.dotdeb.org stable all
deb-src http://packages.dotdeb.org stable all
save file.
Then in terminal, do these 2 commands:
gpg --keyserver keys.gnupg.net --recv-key 89DF5277
gpg -a --export 89DF5277 | sudo apt-key add -
And then do these 2 commands:
apt-get update
apt-get upgrade
You now have the latest stable PHP version.
'); +1. Find your php.ini file.
2. Uncomment extension=php_curl
Restart web server.
If you don't want this then disable zeotss and paypal in config.php."); } -require 'database/connect.php'; -require 'function/general.php'; -require 'function/users.php'; -require 'function/cache.php'; -require 'function/token.php'; -require 'function/itemparser/itemlistparser.php'; +require_once 'database/connect.php'; +require_once 'function/general.php'; +require_once 'function/users.php'; +require_once 'function/cache.php'; +require_once 'function/mail.php'; +require_once 'function/token.php'; +require_once 'function/itemparser/itemlistparser.php'; if (isset($_SESSION['token'])) { $_SESSION['old_token'] = $_SESSION['token']; - //var_dump($_SESSION['old_token'], $_SESSION['token']); } Token::generate(); if (user_logged_in() === true) { - $session_user_id = $_SESSION['user_id']; + $session_user_id = getSession('user_id'); $user_data = user_data($session_user_id, 'id', 'name', 'password', 'email', 'premdays'); $user_znote_data = user_znote_account_data($session_user_id, 'ip', 'created', 'points', 'cooldown'); } - $errors = array(); - // Log IP if ($config['log_ip']) { $visitor_config = $config['ip_security']; @@ -113,4 +109,31 @@ if ($config['log_ip']) { //var_dump($v_activity, $v_register, $v_highscore, $v_c_char, $v_s_char, $v_form); //echo ' <--- IP logging activity past 10 seconds.'; } + +// Sub page override system +if ($config['allowSubPages']) { + require_once 'layout/sub.php'; + $filename = explode('/', $_SERVER['PHP_SELF']); + $filename = $filename[count($filename)-1]; + if (isset($subpages) && !empty($subpages)) { + foreach ($subpages as $page) { + if ($page['override'] && $page['file'] === $filename) { + require_once 'layout/overall/header.php'; + require_once 'layout/sub/'.$page['file']; + require_once 'layout/overall/footer.php'; + exit; + } + } + } else { + ?> +
+
+
\ No newline at end of file
diff --git a/forum.php b/forum.php
index c5e02f7..60ab01c 100644
--- a/forum.php
+++ b/forum.php
@@ -23,6 +23,7 @@ function TransformToBBCode($string) {
'[link={$1}]{$2}[/link]' => '$2',
'[color={$1}]{$2}[/color]' => '$2',
'[*]{$1}[/*]' => 'Old layout!
+The layout is running an outdated sub system which is not compatible with this version of Znote AAC.
+The file /layout/sub.php is outdated.
+
Please update it to look like THIS.
+
',
);
foreach ($tags as $tag => $value) {
diff --git a/gallery.php b/gallery.php
index d439cbb..480dd1f 100644
--- a/gallery.php
+++ b/gallery.php
@@ -9,7 +9,7 @@ if ($logged_in === true) {
">
Guild List:
-| Guild name: | -Members: | -Founded: | +Logo | +Description | +Guild data | +|||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| '. $guild['name'] .' | '; - echo ''. $guild['total'] .' | '; - echo ''. getClock($guild['creationdata'], true) .' | '; - echo '||||||||||||||||||||||||
|
+ |
+
+
+ 0) echo ' '.$guild['motd']; ?> + |
+
+
+ + + |
+ ||||||||||||||||||||||||
| '. $player['rank_name'] .' | '; - echo ''. $player['name'] .' | '; + echo '' . ($rankName !== $player['rank_name'] ? $player['rank_name'] : '') . ' | '; + $rankName = $player['rank_name']; + echo ''. $player['name'] .''; + if (!empty($player['guildnick'])) { + echo ' ('. $player['guildnick'] .')'; + } + echo ' | '; echo ''. $player['level'] .' | '; echo ''. $config['vocations'][$player['vocation']] .' | '; if ($chardata['online'] == 1) echo 'Online | '; @@ -341,6 +380,26 @@ if (user_logged_in() === true) { if ($highest_access >= 2) { // Guild leader stuff + // Change Guild Nick + if (!empty($_POST['player_guildnick'])) { + $p_cid = user_character_id($_POST['player_guildnick']); + $p_guild = get_player_guild_data($p_cid); + if (preg_match("/^[a-zA-Z_ ]+$/", $_POST['guildnick']) || empty($_POST['guildnick'])) { + // Only allow normal symbols as guild nick + $p_nick = sanitize($_POST['guildnick']); + if ($p_guild['guild_id'] == $gid) { + if ($config['TFSVersion'] !== 'TFS_10') $chardata = user_character_data($p_cid, 'online'); + else $chardata['online'] = (user_is_online_10($p_cid)) ? 1 : 0; + if ($chardata['online'] == 0) { + if ($config['TFSVersion'] !== 'TFS_10') update_player_guildnick($p_cid, $p_nick); + else update_player_guildnick_10($p_cid, $p_nick); + header('Location: guilds.php?name='. $_GET['name']); + exit(); + } else echo 'Character not offline.'; + } + } else echo 'Character guild nick may only contain a-z, A-Z and spaces.'; + } + // Promote character to guild position if (!empty($_POST['promote_character']) && !empty($_POST['promote_position'])) { // Verify that promoted character is from this guild. @@ -617,6 +676,33 @@ if ($highest_access >= 2) { + + + 1) { ?> + + $value) { + if (empty($value) && in_array($key, $required_fields) === true) { + $errors[] = 'You need to fill in all fields.'; + break 1; + } + } + + // check errors (= user exist, pass long enough + if (empty($errors) === true) { + /* Token used for cross site scripting security */ + if (!Token::isValid($_POST['token'])) { + $errors[] = 'Token is invalid.'; + } + if ($config['use_captcha']) { + include_once 'captcha/securimage.php'; + $securimage = new Securimage(); + if ($securimage->check($_POST['captcha_code']) == false) { + $errors[] = 'Captcha image verification was submitted wrong.'; + } + } + // Reversed this if, so: first check if you need to validate, then validate. + if ($config['validate_IP'] === true && validate_ip(getIP()) === false) { + $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).'; + } + } + } + ?> +
| ID: | +Subject: | +Creation: | +Status: | +'. $ticket['id'] .' | '; + echo ''. $ticket['subject'] .' | '; + echo ''. getClock($ticket['creation'], true) .' | '; + echo ''. $ticket['status'] .' | '; + echo ''; + } + ?> +
Helpdesk
+ $session_user_id, + 'username'=> getValue($_POST['username']), + 'subject' => getValue($_POST['subject']), + 'message' => getValue($_POST['message']), + 'ip' => ip2long(getIP()), + 'creation' => time(), + 'status' => 'Open' + ); + + $fields = '`'. implode('`, `', array_keys($query)) .'`'; + $data = '\''. implode('\', \'', $query) .'\''; + mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)"); + + header('Location: helpdesk.php?success'); + exit(); + + } else if (empty($errors) === false) { + echo ''; + echo output_errors($errors); + echo ''; + } + ?> + - ++ + [ Different Image ]
+
',
);
foreach ($tags as $tag => $value) {
$code = preg_replace('/placeholder([0-9]+)/', '(.*?)', preg_quote(preg_replace('/\{\$([0-9]+)\}/', 'placeholder$1', $tag), '/'));
diff --git a/ipn.php b/ipn.php
index 2ffb09f..b53f473 100644
--- a/ipn.php
+++ b/ipn.php
@@ -1,4 +1,7 @@
hasExpired()) {
$deaths = fetchLatestDeaths_03(30, true);
@@ -94,25 +93,25 @@ if ($latests) {
} else {
$deaths = $cache->load();
}
- ?>
-
Latest Killers
-| Killer | -Time | -Victim | -". $death['killed_by'] ." | "; - echo "". getClock($death['time'], true) ." | "; - echo "At level ". $death['level'] .": ". $death['victim'] ." | "; - echo ''; - } ?> -
|---|
Latest Killers
+| Killer | +Time | +Victim | +". $death['killed_by'] ." | "; + echo "". getClock($death['time'], true) ." | "; + echo "At level ". $death['level'] .": ". $death['victim'] ." | "; + echo ''; + } ?> +
|---|
The sub page you requested is not recognized.
'; -} +/* Znote AAC Sub System + - Used to create custom pages + - Place the contents of the page in /layout/sub/ folder. + : You don't need to include init, header or footer. + Its already taken care of, just write the contents you want. + + Then add that page to the configuration below. Config syntax: + 'PAGENAME' => array( + 'file' => 'fileName.php', + 'override' => false + ), + ................ + There are 2 ways to view your page, by using sub.php file, or by overriding an existing default page. + 1: yourwebiste.com/sub.php?page=PAGENAME + 2: By having override => true, then it will load your sub file instead of the default znote aac file. + +*/ + +$subpages = array( + // website.com/sub.php?page=blank + 'blank' => array( + // layout/sub/blank.php + 'file' => 'blank.php', + // false means don't run this file instead of the regular file at website.com/blank.php + 'override' => false + ), + 'houses' => array( + 'file' => 'houses.php', + 'override' => false + ), + 'downloads' => array( + 'file' => 'downloads.php', + 'override' => false + ), +); ?> \ No newline at end of file diff --git a/layout/sub/downloads.php b/layout/sub/downloads.php new file mode 100644 index 0000000..6884525 --- /dev/null +++ b/layout/sub/downloads.php @@ -0,0 +1,35 @@ +
+
\ No newline at end of file
diff --git a/login.php b/login.php
index 1f0c198..3d09cd2 100644
--- a/login.php
+++ b/login.php
@@ -30,20 +30,33 @@ if (empty($_POST) === false) {
if ($login === false) {
$errors[] = 'Username and password combination is wrong.';
} else {
- $_SESSION['user_id'] = $login;
-
- // if IP is not set (etc acc created before Znote AAC was in use)
- $znote_data = user_znote_account_data($_SESSION['user_id']);
- if ($znote_data['ip'] == 0) {
- $update_data = array(
- 'ip' => ip2long(getIP()),
- );
- user_update_znote_account($update_data);
- }
-
- // Send them to myaccount.php
- header('Location: myaccount.php');
- exit();
+ // Check if user have access to login
+ $status = false;
+ if ($config['mailserver']['register']) {
+ $authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$login' AND `active`='1' LIMIT 1;");
+ if ($authenticate !== false) {
+ $status = true;
+ } else {
+ $errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account.";
+ }
+ } else $status = true;
+
+ if ($status) {
+ setSession('user_id', $login);
+
+ // if IP is not set (etc acc created before Znote AAC was in use)
+ $znote_data = user_znote_account_data($login);
+ if ($znote_data['ip'] == 0) {
+ $update_data = array(
+ 'ip' => ip2long(getIP()),
+ );
+ user_update_znote_account($update_data);
+ }
+
+ // Send them to myaccount.php
+ header('Location: myaccount.php');
+ exit();
+ }
}
}
} else {
diff --git a/myaccount.php b/myaccount.php
index 22e3c21..79455f8 100644
--- a/myaccount.php
+++ b/myaccount.php
@@ -1,52 +1,6 @@
shop!';
+ }
+
+ // Check if player and account matches
+ if ($session_user_id != $accountId || $session_user_id != $order['account_id']) {
+ $errors[] = 'Failed to sync your account. :|';
+ }
- // Check if user is online
- $player = false;
- if ($config['TFSVersion'] === 'TFS_10') {
- $player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '$oldname'");
- $player['online'] = (user_is_online_10($player['id'])) ? 1 : 0;
- } else $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '$oldname'");
-
- // Check if player has bough ticket
- $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id`='".$player['account_id']."' LIMIT 1;");
- if ($order !== false) {
- //data_dump($order, array($player['account_id'], $session_user_id), "data");
- // Check if player and account matches
- if ($session_user_id == $player['account_id'] && $session_user_id == $order['account_id']) {
- // Check if new name is not occupied
- $exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='$newname';");
- if (!$exist) {
- // Check if new name follow rules
$newname = validate_name($newname);
- if ($newname !== false) {
- $error = false;
+ if ($newname === false) {
+ $errors[] = 'Your name can not contain more than 2 words.';
+ } else {
+ if (empty($newname)) {
+ $errors[] = 'Please enter a name!';
+ } else if (user_character_exist($newname) !== false) {
+ $errors[] = 'Sorry, that character name already exist.';
+ } else if (!preg_match("/^[a-zA-Z_ ]+$/", $newname)) {
+ $errors[] = 'Your name may only contain a-z, A-Z and spaces.';
+ } else if (strlen($newname) < $config['minL'] || strlen($newname) > $config['maxL']) {
+ $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
+ } else if (!ctype_upper($newname{0})) {
+ $errors[] = 'The first letter of a name has to be a capital letter!';
+ }
+
// name restriction
- $resname = explode(" ", $newname);
+ $resname = explode(" ", $_POST['newName']);
foreach($resname as $res) {
if(in_array(strtolower($res), $config['invalidNameTags'])) {
- $error = true;
- }
- else if(strlen($res) == 1) {
- $error = true;
+ $errors[] = 'Your username contains a restricted word.';
+ } else if(strlen($res) == 1) {
+ $errors[] = 'Too short words in your name.';
}
}
- // Check name for illegal characters.
- function checkNewNameForIllegal($name) {
- if (preg_match('#^[\0-9åäö&()+%/*$€é,.\'"-]*$#i', $name)) {
- return true;
- }
- return false;
- }
- if (checkNewNameForIllegal($newname)) {
- $error = true;
- echo 'This name contains illegal characters.';
- }
- if ($error === false) {
- // Change the name!
- mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;");
- mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;");
- }
- } else echo "Name validation failed, use another name.";
- } else echo "The character name you wish to change to already exist.";
- } else echo "Failed to sync your account. :|";
- } else echo "Did not find any name change tickets, but them in our shop!";
-}
-// end
-// Change character sex
-if (!empty($_POST['change_gender'])) {
- if (!Token::isValid($_POST['token'])) {
- exit();
- }
- if (user_character_account_id($_POST['change_gender']) === $session_user_id) {
- $char_name = sanitize($_POST['change_gender']);
- $char_id = (int)user_character_id($char_name);
- $account_id = user_character_account_id($char_name);
-
- if ($config['TFSVersion'] == 'TFS_10') {
- $chr_data = user_is_online_10($char_id);
- } else $chr_data = user_character_data($char_id, 'online');
-
- if ($chr_data['online'] != 1) {
- // Verify that we are not messing around with data
- if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging.");
-
- // Fetch character tickets
- $tickets = shop_account_gender_tickets($account_id);
- if ($tickets !== false || $config['free_sex_change'] == true) {
- // They are allowed to change gender
- $last = false;
- $infinite = false;
- $tks = 0;
- // Do we have any infinite tickets?
- foreach ($tickets as $ticket) {
- if ($ticket['count'] == 0) $infinite = true;
- else if ($ticket > 0 && $infinite === false) $tks += (int)$ticket['count'];
}
- if ($infinite === true) $tks = 0;
- $dbid = (int)$tickets[0]['id'];
- // If they dont have unlimited tickets, remove a count from their ticket.
- if ($tickets[0]['count'] > 1) { // Decrease count
- $tks--;
- $tkr = ((int)$tickets[0]['count'] - 1);
- shop_update_row_count($dbid, $tkr);
- } else if ($tickets[0]['count'] == 1) { // Delete record
- shop_delete_row_order($dbid);
- $tks--;
+
+ if (!empty($newname) && empty($errors)) {
+ echo 'You have successfully changed your character name to ' . $newname . '.';
+ mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;");
+ mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;");
+
+ } else if (!empty($errors)) {
+ echo '';
+ echo output_errors($errors);
+ echo '';
}
-
- // Change character gender:
- //
- user_character_change_gender($char_name);
- echo 'You have successfully changed gender on character '. $char_name .'.';
- if ($tks > 0) echo 'Downloads
+Sub system Override DEMO
+In order to play, you need an compatible IP changer and a Tibia client.
+ +Download otland IP changer HERE.
+Download Tibia client for windows HERE.
+Download Tibia client for linux HERE.
+ +How to connect and play:
+-
+
- + Download and install the tibia client if you havent already. + +
- + Download and run the IP changer. + +
- + In the IP changer, write this in the IP field: + +
- + In the IP changer, click on Settings and then Add new Tibia client. + +
- + In the IP changer, in the Version field, write your desired version. + +
- + In the IP changer, click on Browse, navigate to your desired Tibia version folder, select Tibia.exe and click Add. Then click Close + +
-
+ Now you can successfully login on the tibia client and play clicking on Apply every time you want.
+ If you do not have an account to login with, you need to register an account HERE. +
+
You have '. $tks .' gender change tickets left.'; - else if ($infinite !== true) echo '
You are out of tickets.'; - } else echo 'You don\'t have any character gender tickets, buy them in the SHOP!'; - } else echo 'Your character must be offline.'; + + break; + // end + + // Change character sex + case 'change_gender': + if (user_character_account_id($char_name) === $session_user_id) { + $char_id = (int)user_character_id($char_name); + $account_id = user_character_account_id($char_name); + + if ($config['TFSVersion'] == 'TFS_10') { + $chr_data['online'] = user_is_online_10($char_id) ? 1 : 0; + } else $chr_data = user_character_data($char_id, 'online'); + if ($chr_data['online'] != 1) { + // Verify that we are not messing around with data + if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging."); + + // Fetch character tickets + $tickets = shop_account_gender_tickets($account_id); + if ($tickets !== false || $config['free_sex_change'] == true) { + // They are allowed to change gender + $last = false; + $infinite = false; + $tks = 0; + // Do we have any infinite tickets? + foreach ($tickets as $ticket) { + if ($ticket['count'] == 0) $infinite = true; + else if ($ticket > 0 && $infinite === false) $tks += (int)$ticket['count']; + } + if ($infinite === true) $tks = 0; + $dbid = (int)$tickets[0]['id']; + // If they dont have unlimited tickets, remove a count from their ticket. + if ($tickets[0]['count'] > 1) { // Decrease count + $tks--; + $tkr = ((int)$tickets[0]['count'] - 1); + shop_update_row_count($dbid, $tkr); + } else if ($tickets[0]['count'] == 1) { // Delete record + shop_delete_row_order($dbid); + $tks--; + } + + // Change character gender: + // + user_character_change_gender($char_name); + echo 'You have successfully changed gender on character '. $char_name .'.'; + if ($tks > 0) echo '
You have '. $tks .' gender change tickets left.'; + else if ($infinite !== true) echo '
You are out of tickets.'; + } else echo 'You don\'t have any character gender tickets, buy them in the SHOP!'; + } else echo 'Your character must be offline.'; + } + break; + // end + + // Change character comment PAGE1: + case 'change_comment': + $render_page = false; // Regular "myaccount" page should not render + if (user_character_account_id($char_name) === $session_user_id) { + $comment_data = user_znote_character_data(user_character_id($char_name), 'comment'); + ?> + +
Change comment on:
+ + - -Change comment on:
- - new DateTime()) echo 'CAUTION! Your character with name ' . $delete['character_name'] . ' will be deleted on ' . $delete['time'] . '. Cancel this operation.'; @@ -216,6 +234,8 @@ if (!empty($_POST['selected_comment'])) { $char_count--; } } + } + ?>
My account
@@ -223,7 +243,6 @@ if (!empty($_POST['selected_comment'])) { You have days remaining premium account.Character List: characters.
Account Recovery
- -check($_POST['captcha_code']) == false) { + $status = false; + } + } + if ($status) { + if (!$username) { + // Recover username + $salt = ''; + if ($config['TFSVersion'] != 'TFS_03') { + // TFS 0.2 and 1.0 + $password = sha1($password); + } else { + // TFS 0.3/4 + if (config('salt') === true) { + $saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='$email' LIMIT 1;"); + if ($saltdata !== false) $salt .= $saltdata['salt']; } - // end EDOM - } else { echo 'That character name does not exist.'; } - } else { echo 'You need to type in a character name from your account.'; } - + $password = sha1($salt.$password); + } + $user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '$character' AND `a`.`email` = '$email' AND `a`.`password` = '$password' LIMIT 1;"); + if ($user !== false) { + // Found user + + $mailer = new Mail($config['mailserver']); + $title = "$_SERVER[HTTP_HOST]: Your username"; + $body = "Account Recovery
"; + $body .= "Your username is: $user[name]
";
+ $body .= "Enjoy your stay at ".$config['mailserver']['fromName'].".
";
+ $body .= "
I am an automatic no-reply e-mail. Any emails sent back to me will be ignored."; + $mailer->sendMail($email, $title, $body, $user['name']); + + ?> +
Account Found!
+We have sent your username to .
+If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.
+ +Account recovery failed!
+Submitted data is wrong.
+ Account Recovery"; + $body .= "Your new password is: $newpass
";
+ $body .= "We recommend you to login and change it before you continue playing.
";
+ $body .= "Enjoy your stay at ".$config['mailserver']['fromName'].".
";
+ $body .= "
I am an automatic no-reply e-mail. Any emails sent back to me will be ignored."; + $mailer->sendMail($email, $title, $body, $user['name']); + ?> +
Account Found!
+We have sent your new password to .
+If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.
+ +Account recovery failed!
+Submitted data is wrong.
+ +Account Recovery
+ + + + +Do you wish to recover your username or password?
+ - - - - +System Disabled
+The admin have disabled automatic account recovery.
+ - - \ No newline at end of file +include 'layout/overall/footer.php'; ?> \ No newline at end of file diff --git a/register.php b/register.php index 4072c97..094bb79 100644 --- a/register.php +++ b/register.php @@ -57,8 +57,8 @@ if (empty($_POST) === false) { if (strlen($_POST['password']) < 6) { $errors[] = 'Your password must be at least 6 characters.'; } - if (strlen($_POST['password']) > 33) { - $errors[] = 'Your password must be less than 33 characters.'; + if (strlen($_POST['password']) > 100) { + $errors[] = 'Your password must be less than 100 characters.'; } if ($_POST['password'] !== $_POST['password_again']) { $errors[] = 'Your passwords do not match.'; @@ -82,7 +82,27 @@ if (empty($_POST) === false) {Register Account
+Email authentication required
+We have sent you an email with an activation link to your submitted email address.
+If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.
+ 0) ? (int)$_GET['u'] : false; + $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false; + // Find a match + $user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' AND `active`='0' LIMIT 1;"); + if ($user !== false) { + $user = $user['id']; + // Enable the account to login + mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='$user' LIMIT 1;"); + echo 'Congratulations!
Your account has been created. You may now login to create a character.
'; + } else { + echo 'Authentication failed
Either the activation link is wrong, or your account is already activated.
'; + } } else { if (empty($_POST) === false && empty($errors) === true) { if ($config['log_ip']) { @@ -97,8 +117,8 @@ if (isset($_GET['success']) && empty($_GET['success'])) { 'created' => time() ); - user_create_account($register_data); - header('Location: register.php?success'); + user_create_account($register_data, $config['mailserver']); + if (!$config['mailserver']['debug']) header('Location: register.php?success'); exit(); //End register diff --git a/settings.php b/settings.php index 82c6e81..89b266a 100644 --- a/settings.php +++ b/settings.php @@ -24,8 +24,6 @@ if (empty($_POST) === false) { $errors[] = 'That email address is already in use.'; } } - - print_r($errors); } ?>Settings
diff --git a/shop.php b/shop.php index 6285c59..e002428 100644 --- a/shop.php +++ b/shop.php @@ -95,7 +95,7 @@ if ($config['shop_auction']['characterAuction']) { $offers) { echo 'The sub page you requested is not recognized.
'; + } +} else echo 'System disabled.
The sub page system is disabled.
'; - -include 'layout/overall/footer.php'; ?> \ No newline at end of file +require_once 'layout/overall/footer.php'; ?> \ No newline at end of file diff --git a/success.php b/success.php index 15ed4df..b53d677 100644 --- a/success.php +++ b/success.php @@ -1,3 +1,4 @@