From e0ad3aae09fe3a8425812d14093cf133ad385321 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Wed, 3 Sep 2014 00:59:12 +0200 Subject: [PATCH 01/33] Fix #153 You can now load sub files (custom pages created in layout folder) instead of the default Znote AAC files. (override system). --- engine/init.php | 27 +++++++++++++++++++++ layout/sub.php | 52 +++++++++++++++++++++++++++------------- layout/sub/downloads.php | 35 +++++++++++++++++++++++++++ sub.php | 14 +++++++---- 4 files changed, 106 insertions(+), 22 deletions(-) create mode 100644 layout/sub/downloads.php diff --git a/engine/init.php b/engine/init.php index e405099..9861a2e 100644 --- a/engine/init.php +++ b/engine/init.php @@ -113,4 +113,31 @@ if ($config['log_ip']) { //var_dump($v_activity, $v_register, $v_highscore, $v_c_char, $v_s_char, $v_form); //echo ' <--- IP logging activity past 10 seconds.'; } + +// Sub page override system +if ($config['allowSubPages']) { + require_once 'layout/sub.php'; + $filename = explode('/', $_SERVER['PHP_SELF']); + $filename = $filename[count($filename)-1]; + if (isset($subpages) && !empty($subpages)) { + foreach ($subpages as $page) { + if ($page['override'] && $page['file'] === $filename) { + require_once 'layout/overall/header.php'; + require_once 'layout/sub/'.$page['file']; + require_once 'layout/overall/footer.php'; + exit; + } + } + } else { + ?> +
+

Old layout!

+

The layout is running an outdated sub system which is not compatible with this version of Znote AAC.

+

The file /layout/sub.php is outdated. +
Please update it to look like THIS. +

+
+ \ No newline at end of file diff --git a/layout/sub.php b/layout/sub.php index 23a7c1a..bde9ca2 100644 --- a/layout/sub.php +++ b/layout/sub.php @@ -1,19 +1,37 @@ Sub page not recognized.

The sub page you requested is not recognized.

'; -} +/* Znote AAC Sub System + - Used to create custom pages + - Place the contents of the page in /layout/sub/ folder. + : You don't need to include init, header or footer. + Its already taken care of, just write the contents you want. + + Then add that page to the configuration below. Config syntax: + 'PAGENAME' => array( + 'file' => 'fileName.php', + 'override' => false + ), + ................ + There are 2 ways to view your page, by using sub.php file, or by overriding an existing default page. + 1: yourwebiste.com/sub.php?page=PAGENAME + 2: By having override => true, then it will load your sub file instead of the default znote aac file. + +*/ + +$subpages = array( + // website.com/sub.php?page=blank + 'blank' => array( + // layout/sub/blank.php + 'file' => 'blank.php', + // false means don't run this file instead of the regular file at website.com/blank.php + 'override' => false + ), + 'houses' => array( + 'file' => 'houses.php', + 'override' => false + ), + 'downloads' => array( + 'file' => 'downloads.php', + 'override' => false + ), +); ?> \ No newline at end of file diff --git a/layout/sub/downloads.php b/layout/sub/downloads.php new file mode 100644 index 0000000..6884525 --- /dev/null +++ b/layout/sub/downloads.php @@ -0,0 +1,35 @@ +
+

Downloads

+

Sub system Override DEMO

+

In order to play, you need an compatible IP changer and a Tibia client.

+ +

Download otland IP changer HERE.

+

Download Tibia client for windows HERE.

+

Download Tibia client for linux HERE.

+ +

How to connect and play:

+
    +
  1. + Download and install the tibia client if you havent already. +
    2. +
  2. + Download and run the IP changer. +
    3. +
  3. + In the IP changer, write this in the IP field: +
    4. +
  4. + In the IP changer, click on Settings and then Add new Tibia client. +
    5. +
  5. + In the IP changer, in the Version field, write your desired version. +
    6. +
  6. + In the IP changer, click on Browse, navigate to your desired Tibia version folder, select Tibia.exe and click Add. Then click Close +
    7. +
  7. + Now you can successfully login on the tibia client and play clicking on Apply every time you want.
    + If you do not have an account to login with, you need to register an account HERE. +
    8. +
+
\ No newline at end of file diff --git a/sub.php b/sub.php index 535469c..6fc8ad2 100644 --- a/sub.php +++ b/sub.php @@ -1,6 +1,10 @@ -Sub page not recognized.

The sub page you requested is not recognized.

'; + } +} else echo '

System disabled.

The sub page system is disabled.

'; - -include 'layout/overall/footer.php'; ?> \ No newline at end of file +require_once 'layout/overall/footer.php'; ?> \ No newline at end of file From 8ab9f11ef5dde4742f34073b12a0c28580338b50 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sat, 6 Sep 2014 13:43:49 +0200 Subject: [PATCH 02/33] Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict. --- buypoints.php | 2 +- config.php | 3 +++ engine/function/general.php | 10 +++++++++- engine/function/users.php | 6 +++--- engine/init.php | 11 +++-------- login.php | 4 ++-- 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/buypoints.php b/buypoints.php index df9486f..eec0fe7 100644 --- a/buypoints.php +++ b/buypoints.php @@ -43,7 +43,7 @@ if ($paypal['enabled']) { - + diff --git a/config.php b/config.php index 2d6c843..e4f38d8 100644 --- a/config.php +++ b/config.php @@ -476,6 +476,9 @@ $config['use_token'] = false; $config['use_captcha'] = false; + // Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict. + $config['session_prefix'] = 'znote_'; + /* Store visitor data Store visitor data in the database, logging every IP visitng site, and how many times they have visited the site. And sometimes what diff --git a/engine/function/general.php b/engine/function/general.php index eb0cae7..51b0fc7 100644 --- a/engine/function/general.php +++ b/engine/function/general.php @@ -1,4 +1,12 @@
WINDOWS:
Download and use the latest Uniform Server.
CLICK ME to get to their website.
XAMPP sucks and is insecure. Kthxbye.

LINUX DEBIAN:
Edit /etc/apt/sources.list
etc if you use nano text editor, make sure you are root and do
nano /etc/apt/sources.list

At the bottom, add this:

deb http://packages.dotdeb.org stable all
deb-src http://packages.dotdeb.org stable all

save file.

Then in terminal, do these 2 commands:
gpg --keyserver keys.gnupg.net --recv-key 89DF5277

gpg -a --export 89DF5277 | sudo apt-key add -

And then do these 2 commands:

apt-get update
apt-get upgrade

You now have the latest stable PHP version.
'); + ip2long(getIP()), From d1b3226bc4f6b7e4cb02ef63c6466216366594dd Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sat, 6 Sep 2014 13:47:39 +0200 Subject: [PATCH 03/33] Added #148 --- success.php | 1 + 1 file changed, 1 insertion(+) diff --git a/success.php b/success.php index 15ed4df..b53d677 100644 --- a/success.php +++ b/success.php @@ -1,3 +1,4 @@

Success!

+Go \ No newline at end of file From dac911e1d9443c7bf5d5102ed569513db9ae8670 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sat, 6 Sep 2014 13:49:59 +0200 Subject: [PATCH 04/33] Fix #147 --- changepassword.php | 2 -- settings.php | 2 -- 2 files changed, 4 deletions(-) diff --git a/changepassword.php b/changepassword.php index 8616bfd..0027d5c 100644 --- a/changepassword.php +++ b/changepassword.php @@ -35,8 +35,6 @@ if (empty($_POST) === false) { } else { $errors[] = 'Your current password is incorrect.'; } - - print_r($errors); } include 'layout/overall/header.php'; ?> diff --git a/settings.php b/settings.php index 82c6e81..89b266a 100644 --- a/settings.php +++ b/settings.php @@ -24,8 +24,6 @@ if (empty($_POST) === false) { $errors[] = 'That email address is already in use.'; } } - - print_r($errors); } ?>

Settings

From 048794a3200dd0252f89ae5f1110688983407011 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sat, 6 Sep 2014 16:10:00 +0200 Subject: [PATCH 05/33] Improved the helpdesk code. --- admin_helpdesk.php | 193 ++++++++++----------- helpdesk.php | 424 +++++++++++++++++++++------------------------ 2 files changed, 291 insertions(+), 326 deletions(-) diff --git a/admin_helpdesk.php b/admin_helpdesk.php index 9a4c27c..46f4304 100644 --- a/admin_helpdesk.php +++ b/admin_helpdesk.php @@ -3,122 +3,107 @@ protect_page(); admin_only($user_data); // Declare as int -$view = (int)$_GET['view']; -if ($view){ - +$view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false; +if ($view !== false){ if (!empty($_POST['reply_text'])) { - sanitize($_POST['reply_text']); + sanitize($_POST['reply_text']); // Save ticket reply on database $query = array( - 'tid' => $_GET['view'], - 'username'=> $_POST['username'], - 'message' => $_POST['reply_text'], + 'tid' => $view, + 'username'=> getValue($_POST['username']), + 'message' => getValue($_POST['reply_text']), 'created' => time(), ); + $fields = '`'. implode('`, `', array_keys($query)) .'`'; + $data = '\''. implode('\', \'', $query) .'\''; - //Sanitize array - array_walk($query, 'array_sanitize'); - - $fields = '`'. implode('`, `', array_keys($query)) .'`'; - $data = '\''. implode('\', \'', $query) .'\''; - mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)"); - mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`=". $_GET['view']); - - } - -$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view'])); + mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)"); + mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`='$view' LIMIT 1;"); + } + $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;"); ?> -

View Ticket #

- - - - - - - - -
- - - Created by: - -
-

-
- - View Ticket # + + + + + + + +
+ + - Created by: + +
+

+
+ + + + + + + + +
+ - - - - - - - -
- - - Posted by: - -
-

-
-
- - -
-
- -
- - - -
- - -

Latest Tickets

- + - Posted by: + +
+

+
+
+
+
+
+ +
+ +

Latest Tickets

+ - - - - - - - - +
ID:Subject:Creation:Status:
+ + + + + + + '; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + } + ?> +
ID:Subject:Creation:Status:
'. $ticket['id'] .''. $ticket['subject'] .''. getClock($ticket['creation'], true) .''. $ticket['status'] .'
'; - echo ''. $ticket['id'] .''; - echo ''. $ticket['subject'] .''; - echo ''. getClock($ticket['creation'], true) .''; - echo ''. $ticket['status'] .''; - }} - ?> - - - +?> \ No newline at end of file diff --git a/helpdesk.php b/helpdesk.php index df1f22e..5704c55 100644 --- a/helpdesk.php +++ b/helpdesk.php @@ -1,243 +1,223 @@ 0) ? (int)$_GET['view'] : false; +if ($view !== false) { if (!empty($_POST['reply_text'])) { - sanitize($_POST['reply_text']); // Save ticket reply on database $query = array( - 'tid' => $_GET['view'], - 'username'=> $_POST['username'], - 'message' => $_POST['reply_text'], + 'tid' => $view, + 'username'=> getValue($_POST['username']), + 'message' => getValue($_POST['reply_text']), 'created' => time(), ); + $fields = '`'. implode('`, `', array_keys($query)) .'`'; + $data = '\''. implode('\', \'', $query) .'\''; + mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)"); + mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`='$view' LIMIT 1;"); + } + $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;"); - //Sanitize array - array_walk($query, 'array_sanitize'); - - $fields = '`'. implode('`, `', array_keys($query)) .'`'; - $data = '\''. implode('\', \'', $query) .'\''; - mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)"); - mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`=". $_GET['view']); - - } - -$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view'])); - -if($ticketData['owner'] != $session_user_id){ -echo 'You can not view this ticket!'; -die; -} + if($ticketData['owner'] != $session_user_id) { + echo 'You can not view this ticket!'; + include 'layout/overall/footer.php'; + die; + } ?> -

View Ticket #

- - - - - - - - -
- - - Created by: - -
-

-
- +

View Ticket #

+ + + + + + + +
- - - - - - - -
- - - Posted by: - -
-

-
-
- - -
-
- -
- - -
-$value) { - if (empty($value) && in_array($key, $required_fields) === true) { - $errors[] = 'You need to fill in all fields.'; - break 1; - } - } - - // check errors (= user exist, pass long enough - if (empty($errors) === true) { - /* Token used for cross site scripting security */ - if (!Token::isValid($_POST['token'])) { - $errors[] = 'Token is invalid.'; - } - if ($config['use_captcha']) { - include_once 'captcha/securimage.php'; - $securimage = new Securimage(); - if ($securimage->check($_POST['captcha_code']) == false) { - $errors[] = 'Captcha image verification was submitted wrong.'; - } - } - if (validate_ip(getIP()) === false && $config['validate_IP'] === true) { - $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).'; - } - } -} - -?> -

Latest Tickets

- - - - - - - - - - - '; - echo ''; - echo ''; - echo ''; - echo ''; - }} - ?> -
ID:Subject:Creation:Status:
'. $ticket['id'] .''. $ticket['subject'] .''. getClock($ticket['creation'], true) .''. $ticket['status'] .'
- - - - -

Helpdesk

- $session_user_id, - 'username'=> $_POST['username'], - 'subject' => $_POST['subject'], - 'message' => $_POST['message'], - 'ip' => ip2long(getIP()), - 'creation' => time(), - 'status' => 'Open' - ); - - - //Sanitize array - array_walk($query, 'array_sanitize'); - - $fields = '`'. implode('`, `', array_keys($query)) .'`'; - $data = '\''. implode('\', \'', $query) .'\''; - mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)"); - - header('Location: helpdesk.php?success'); - exit(); - - } else if (empty($errors) === false){ - echo ''; - echo output_errors($errors); - echo ''; - } -?> -
-
    -
  • - Account Name:
    - -
    • -
  • - Email:
    - -
    • -
  • - Subject:
    - -
    • -
  • - Message:
    - -
    • - + - Created by: + +
+

+
+ + + + + + + + +
+ + - Posted by: + +
+

+
+
+ + +
+
+ + + $value) { + if (empty($value) && in_array($key, $required_fields) === true) { + $errors[] = 'You need to fill in all fields.'; + break 1; + } + } + + // check errors (= user exist, pass long enough + if (empty($errors) === true) { + /* Token used for cross site scripting security */ + if (!Token::isValid($_POST['token'])) { + $errors[] = 'Token is invalid.'; + } + if ($config['use_captcha']) { + include_once 'captcha/securimage.php'; + $securimage = new Securimage(); + if ($securimage->check($_POST['captcha_code']) == false) { + $errors[] = 'Captcha image verification was submitted wrong.'; + } + } + // Reversed this if, so: first check if you need to validate, then validate. + if ($config['validate_IP'] === true && validate_ip(getIP()) === false) { + $errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).'; + } + } + } + ?> +

Latest Tickets

+ + + + + + + + + '; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + } + ?> +
ID:Subject:Creation:Status:
'. $ticket['id'] .''. $ticket['subject'] .''. getClock($ticket['creation'], true) .''. $ticket['status'] .'
+ + +

Helpdesk

+ $session_user_id, + 'username'=> getValue($_POST['username']), + 'subject' => getValue($_POST['subject']), + 'message' => getValue($_POST['message']), + 'ip' => ip2long(getIP()), + 'creation' => time(), + 'status' => 'Open' + ); + + $fields = '`'. implode('`, `', array_keys($query)) .'`'; + $data = '\''. implode('\', \'', $query) .'\''; + mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)"); + + header('Location: helpdesk.php?success'); + exit(); + + } else if (empty($errors) === false) { + echo ''; + echo output_errors($errors); + echo ''; + } + ?> +
+
  • - Write the image symbols in the text field to verify that you are a human: - CAPTCHA Image
    - - [ Different Image ]

    + Account Name:
    + +
    • +
  • + Email:
    + +
    • +
  • + Subject:
    + +
    • +
  • + Message:
    +
    • - -
  • - - -
    • -
-
- +
  • + Write the image symbols in the text field to verify that you are a human: + CAPTCHA Image
    + + [ Different Image ]

    +
    • + + +
  • + + +
    • + + + +?> \ No newline at end of file From 3c8474db34594bd1b804f8fb363d4f4e0bdeef44 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sat, 6 Sep 2014 23:29:18 +0200 Subject: [PATCH 06/33] Email authentication system. Integrated with PHPMailer. When enabled, you will send an activation key to registering users, which they need to click to verify that they actually got a real email address, and to activate the account. --- config.php | 17 +++++++ engine/function/mail.php | 93 +++++++++++++++++++++++++++++++++++++++ engine/function/users.php | 23 ++++++++-- engine/init.php | 15 ++++--- login.php | 41 +++++++++++------ register.php | 26 +++++++++-- 6 files changed, 187 insertions(+), 28 deletions(-) create mode 100644 engine/function/mail.php diff --git a/config.php b/config.php index e4f38d8..ef38167 100644 --- a/config.php +++ b/config.php @@ -374,6 +374,23 @@ $config['api'] = array( 'debug' => false, ); + + // Email Server configurations (SMTP) + /* Download PHPMailer: https://github.com/PHPMailer/PHPMailer/archive/master.zip + Extract to Znote AAC directory (where this config.php file is located) + Rename the folder to "PHPMailer". Then configure this with your SMTP mail settings from your email provider. + */ + $config['mailserver'] = array( + 'register' => false, // Send activation mail + 'accountRecovery' => false, // Recover username or password through mail + 'host' => "mailserver.znote.eu", // Outgoing mail server host. + 'securityType' => 'ssl', // ssl or tls + 'port' => 465, // SMTP port number - likely to be 465(ssl) or 587(tls) + 'username' => 'noreply@znote.eu', // Likely the email address + 'password' => 'emailpassword', // The password. + 'debug' => false, // Enable debugging if you have problems and are looking for errors. + 'fromName' => $config['site_title'], + ); // Use Znote's External Open Tibia Services Server // Currently in Alpha and is pretty useless, but will contain paypal blacklist etc in future. // You can use the official server: http://zeotss.znote.eu/ diff --git a/engine/function/mail.php b/engine/function/mail.php new file mode 100644 index 0000000..83ed5fa --- /dev/null +++ b/engine/function/mail.php @@ -0,0 +1,93 @@ +_config = $config; + } + + /** + * Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!). + * + * @param integer $span + * @access public + * @return void + **/ + public function sendMail($to, $title, $text, $accname = '') { + //SMTP needs accurate times, and the PHP time zone MUST be set + //This should be done in your php.ini, but this is how to do it if you don't have access to that + //date_default_timezone_set('Etc/UTC'); + + require 'PHPMailer/PHPMailerAutoload.php'; + + //Create a new PHPMailer instance + $mail = new PHPMailer(); + + //Tell PHPMailer to use SMTP + $mail->isSMTP(); + + //Enable SMTP debugging + // 0 = off (for production use) + // 1 = client messages + // 2 = client and server messages + $mail->SMTPDebug = ($this->_config['debug']) ? 2 : 0; + + //Ask for HTML-friendly debug output + $mail->Debugoutput = 'html'; + + //Set the hostname of the mail server + $mail->Host = $this->_config['host']; + + //Set the SMTP port number - likely to be 25, 465 or 587 + $mail->Port = $this->_config['port']; + + //Whether to use SMTP authentication + $mail->SMTPAuth = true; + $mail->SMTPSecure = $this->_config['securityType']; + + //Username to use for SMTP authentication + $mail->Username = $this->_config['username']; + + //Password to use for SMTP authentication + $mail->Password = $this->_config['password']; + + //Set who the message is to be sent from + $mail->setFrom($this->_config['username'], $this->_config['fromName']); + + //Set who the message is to be sent to + $mail->addAddress($to, $accname); + + //Set the subject line + $mail->Subject = $title; + + // Body + $mail->Body = $text; + + // Convert HTML -> plain for legacy mail recievers + // Create new lines instead of
    html tags. + $text = str_replace("
    ", "\n", $text); + $text = str_replace("", "\n", $text); + $text = str_replace("
    ", "\n", $text); + // Then get rid of the rest of the html tags. + $text = strip_tags($text); + + //Replace the plain text body with one created manually + $mail->AltBody = $text; + + + //send the message, check for errors + $status = false; + if (!$mail->send()) { + echo "Mailer Error: " . $mail->ErrorInfo; + exit(); + } else { + $status = true; + } + return $status; + } +} \ No newline at end of file diff --git a/engine/function/users.php b/engine/function/users.php index 1e30a31..26f4408 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -1042,7 +1042,7 @@ function user_character_set_hide($char_id, $value) { } // CREATE ACCOUNT -function user_create_account($register_data) { +function user_create_account($register_data, $maildata) { array_walk($register_data, 'array_sanitize'); if (config('TFSVersion') == 'TFS_03' && config('salt') === true) { @@ -1064,10 +1064,25 @@ function user_create_account($register_data) { mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)"); $account_id = user_id($register_data['name']); - mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')"); + $activeKey = rand(100000000,999999999); + mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('$account_id', '$ip', '$created', '$activeKey')"); - //TO-DO: mail server and verification. - // http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/ + if ($maildata['register']) { + + $thisurl = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; + $thisurl .= "?authenticate&u=".$account_id."&k=".$activeKey; + + $mailer = new Mail($maildata); + + $title = "Please authenticate your account at $_SERVER[HTTP_HOST]."; + + $body = "

    Please click on the following link to authenticate your account:

    "; + $body .= "

    $thisurl

    "; + $body .= "

    Thank you for registering and enjoy your stay at $maildata[fromName].

    "; + $body .= "

    I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.

    "; + + $mailer->sendMail($register_data['email'], $title, $body, $register_data['name']); + } } // CREATE CHARACTER diff --git a/engine/init.php b/engine/init.php index 202c44c..5efad58 100644 --- a/engine/init.php +++ b/engine/init.php @@ -8,7 +8,7 @@ $accQueriesData = array(); session_start(); ob_start(); -require 'config.php'; +require_once 'config.php'; $sessionPrefix = $config['session_prefix']; if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) { @@ -16,12 +16,13 @@ if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) { if (!$curlcheck) die("php cURL is not enabled. It is required to for paypal and ZEOTSS services.
    1. Find your php.ini file.
    2. Uncomment extension=php_curl
    Restart web server.

    If you don't want this then disable zeotss and paypal in config.php."); } -require 'database/connect.php'; -require 'function/general.php'; -require 'function/users.php'; -require 'function/cache.php'; -require 'function/token.php'; -require 'function/itemparser/itemlistparser.php'; +require_once 'database/connect.php'; +require_once 'function/general.php'; +require_once 'function/users.php'; +require_once 'function/cache.php'; +require_once 'function/mail.php'; +require_once 'function/token.php'; +require_once 'function/itemparser/itemlistparser.php'; if (isset($_SESSION['token'])) { $_SESSION['old_token'] = $_SESSION['token']; diff --git a/login.php b/login.php index 9a7dd99..3d09cd2 100644 --- a/login.php +++ b/login.php @@ -30,20 +30,33 @@ if (empty($_POST) === false) { if ($login === false) { $errors[] = 'Username and password combination is wrong.'; } else { - setSession('user_id', $login); - - // if IP is not set (etc acc created before Znote AAC was in use) - $znote_data = user_znote_account_data($login); - if ($znote_data['ip'] == 0) { - $update_data = array( - 'ip' => ip2long(getIP()), - ); - user_update_znote_account($update_data); - } - - // Send them to myaccount.php - header('Location: myaccount.php'); - exit(); + // Check if user have access to login + $status = false; + if ($config['mailserver']['register']) { + $authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$login' AND `active`='1' LIMIT 1;"); + if ($authenticate !== false) { + $status = true; + } else { + $errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account."; + } + } else $status = true; + + if ($status) { + setSession('user_id', $login); + + // if IP is not set (etc acc created before Znote AAC was in use) + $znote_data = user_znote_account_data($login); + if ($znote_data['ip'] == 0) { + $update_data = array( + 'ip' => ip2long(getIP()), + ); + user_update_znote_account($update_data); + } + + // Send them to myaccount.php + header('Location: myaccount.php'); + exit(); + } } } } else { diff --git a/register.php b/register.php index 4072c97..6286972 100644 --- a/register.php +++ b/register.php @@ -82,7 +82,27 @@ if (empty($_POST) === false) {

    Register Account

    +

    Email authentication required

    +

    We have sent you an email with an activation link to your submitted email address.

    +

    If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.

    + 0) ? (int)$_GET['u'] : false; + $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false; + // Find a match + $user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' AND `active`='0' LIMIT 1;"); + if ($user !== false) { + $user = $user['id']; + // Enable the account to login + mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='$user' LIMIT 1;"); + echo '

    Congratulations!

    Your account has been created. You may now login to create a character.

    '; + } else { + echo '

    Authentication failed

    Either the activation link is wrong, or your account is already activated.

    '; + } } else { if (empty($_POST) === false && empty($errors) === true) { if ($config['log_ip']) { @@ -97,8 +117,8 @@ if (isset($_GET['success']) && empty($_GET['success'])) { 'created' => time() ); - user_create_account($register_data); - header('Location: register.php?success'); + user_create_account($register_data, $config['mailserver']); + if (!$config['mailserver']['debug']) header('Location: register.php?success'); exit(); //End register From 7b4ad9c854fd2a4f2cd3ebe4169dd4457f7f1e61 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sat, 6 Sep 2014 23:34:37 +0200 Subject: [PATCH 07/33] Updated the function description of class methods. --- engine/function/mail.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/engine/function/mail.php b/engine/function/mail.php index 83ed5fa..570387b 100644 --- a/engine/function/mail.php +++ b/engine/function/mail.php @@ -3,7 +3,7 @@ class Mail { protected $_config = false; /** - * @param string $file + * @param array $config * @access public * @return void **/ @@ -14,9 +14,9 @@ class Mail { /** * Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!). * - * @param integer $span + * @param string $to, string $title, string $text, string $accname * @access public - * @return void + * @return boolean **/ public function sendMail($to, $title, $text, $accname = '') { //SMTP needs accurate times, and the PHP time zone MUST be set From 0179b2c97ec68bc7a560e7e693122f7d8fde1c63 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sun, 7 Sep 2014 19:52:27 +0200 Subject: [PATCH 08/33] Fix #38 Automatic Account Recovery through Email. Rewrote recovery.php, and implemented PHPMailer for authentication. Requested account information (username, or a new password) is being sent to registered email address). --- recovery.php | 216 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 133 insertions(+), 83 deletions(-) diff --git a/recovery.php b/recovery.php index d07541b..9fd7f22 100644 --- a/recovery.php +++ b/recovery.php @@ -1,92 +1,142 @@ +include 'layout/overall/header.php'; +if ($config['mailserver']['accountRecovery']) { + // Fetch, sanitize and assign POST and GET variables. + $mode = (isset($_GET['mode']) && !empty($_GET['mode'])) ? getValue($_GET['mode']) : false; + $email = (isset($_POST['email']) && !empty($_POST['email'])) ? getValue($_POST['email']) : false; + $character = (isset($_POST['character']) && !empty($_POST['character'])) ? getValue($_POST['character']) : false; + $password = (isset($_POST['password']) && !empty($_POST['password'])) ? getValue($_POST['password']) : false; + $username = (isset($_POST['username']) && !empty($_POST['username'])) ? getValue($_POST['username']) : false; + //data_dump($_GET, $_POST, "Posted data."); -

    Account Recovery

    - -check($_POST['captcha_code']) == false) { + $status = false; + } + } + if ($status) { + if (!$username) { + // Recover username + $salt = ''; + if ($config['TFSVersion'] != 'TFS_03') { + // TFS 0.2 and 1.0 + $password = sha1($password); + } else { + // TFS 0.3/4 + if (config('salt') === true) { + $saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='$email' LIMIT 1;"); + if ($saltdata !== false) $salt .= $saltdata['salt']; } - // end EDOM - } else { echo 'That character name does not exist.'; } - } else { echo 'You need to type in a character name from your account.'; } - + $password = sha1($salt.$password); + } + $user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '$character' AND `a`.`email` = '$email' AND `a`.`password` = '$password' LIMIT 1;"); + if ($user !== false) { + // Found user + + $mailer = new Mail($config['mailserver']); + $title = "$_SERVER[HTTP_HOST]: Your username"; + $body = "

    Account Recovery

    "; + $body .= "

    Your username is: $user[name]
    "; + $body .= "Enjoy your stay at ".$config['mailserver']['fromName'].".
    "; + $body .= "

    I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.

    "; + $mailer->sendMail($email, $title, $body, $user['name']); + + ?> +

    Account Found!

    +

    We have sent your username to .

    +

    If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.

    + +

    Account recovery failed!

    +

    Submitted data is wrong.

    + Account Recovery"; + $body .= "

    Your new password is: $newpass
    "; + $body .= "We recommend you to login and change it before you continue playing.
    "; + $body .= "Enjoy your stay at ".$config['mailserver']['fromName'].".
    "; + $body .= "

    I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.

    "; + $mailer->sendMail($email, $title, $body, $user['name']); + ?> +

    Account Found!

    +

    We have sent your new password to .

    +

    If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.

    + +

    Account recovery failed!

    +

    Submitted data is wrong.

    + +

    Account Recovery

    + + +
    +
    +
    + Username:
    '; + else echo '
    '; + if ($config['use_captcha']) { + ?> + Write the image symbols in the text field to verify that you are a human: + CAPTCHA Image
    + + [ Different Image ]

    + + +
    + +

    Do you wish to recover your username or password?

    + - -
    -
      -
    • - Please enter your email address:
      - -
      • -
    • - Please enter your :
      - -
      • -
    • - Character name on your account:
      - -
      • -
    • - -
      • -
    -
    - - +

    System Disabled

    +

    The admin have disabled automatic account recovery.

    + - - \ No newline at end of file +include 'layout/overall/footer.php'; ?> \ No newline at end of file From 43510a1fa9f89d02fa516904eab793366cf1548e Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Sun, 7 Sep 2014 23:24:56 +0200 Subject: [PATCH 09/33] Forgot to update the mysql tables. :) --- engine/database/connect.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/engine/database/connect.php b/engine/database/connect.php index a3229e1..8094a68 100644 --- a/engine/database/connect.php +++ b/engine/database/connect.php @@ -30,6 +30,8 @@ CREATE TABLE IF NOT EXISTS `znote_accounts` ( `created` int(10) NOT NULL, `points` int(10) DEFAULT 0, `cooldown` int(10) DEFAULT 0, + `active` tinyint(4) NOT NULL DEFAULT '0', + `activekey` int(11) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ; From 9202c33aab83e78f1f3764c61e8fa6ba163653de Mon Sep 17 00:00:00 2001 From: peonso Date: Wed, 10 Sep 2014 16:31:25 -0300 Subject: [PATCH 10/33] Add guildnick - the one between parentheses Necessary changes at users.php and guilds.php to make possible to edit players guildnick (the one that appear between parentheses) --- engine/function/users.php | 35 +++++++++++++++++++++----- guilds.php | 53 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 81 insertions(+), 7 deletions(-) diff --git a/engine/function/users.php b/engine/function/users.php index 26f4408..7cfad3e 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -240,8 +240,9 @@ function shop_account_gender_tickets($accid) { // GUILDS // function guild_remove_member($cid) { - $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid"); + $cid = (int)$cid; + mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid"); + mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid"); } function guild_remove_member_10($cid) { $cid = (int)$cid; @@ -329,8 +330,9 @@ function guild_delete($gid) { // Player leave guild function guild_player_leave($cid) { - $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid LIMIT 1;"); + $cid = (int)$cid; + mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid LIMIT 1;"); + mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid"); } function guild_player_leave_10($cid) { $cid = (int)$cid; @@ -409,6 +411,27 @@ function update_player_guild_position_10($cid, $rid) { mysql_update("UPDATE `guild_membership` SET `rank_id`='$rid' WHERE `player_id`=$cid"); } +// Update player's guild nick +function update_player_guildnick($cid, $nick) { + $cid = (int)$cid; + $nick = sanitize($nick); + if (!empty($nick)) { + + mysql_update("UPDATE `players` SET `guildnick`='$nick' WHERE `id`=$cid"); + } else { + mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid"); + } +} +function update_player_guildnick_10($cid, $nick) { + $cid = (int)$cid; + $nick = sanitize($nick); + if (!empty($nick)) { + mysql_update("UPDATE `guild_membership` SET `nick`='$nick' WHERE `player_id`=$cid"); + } else { + mysql_update("UPDATE `guild_membership` SET `nick`= NULL WHERE `player_id`=$cid"); + } +} + // Get guild data, using guild id. function get_guild_rank_data($gid) { $gid = (int)$gid; @@ -505,8 +528,8 @@ function get_guilds_list() { // Get array of player data related to a guild. function get_guild_players($gid) { $gid = (int)$gid; // Sanitizing the parameter id - if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;"); - else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name"); + if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.guildnick, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;"); + else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gm.nick AS `guildnick`, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name"); } // Returns total members in a guild (integer) diff --git a/guilds.php b/guilds.php index 5ae903d..4a96d50 100644 --- a/guilds.php +++ b/guilds.php @@ -212,7 +212,11 @@ if (user_logged_in() === true) { } else $chardata['online'] = (in_array($player['id'], $onlinelist)) ? 1 : 0; echo ''; echo ''. $player['rank_name'] .''; - echo ''. $player['name'] .''; + echo ''. $player['name'] .''; + if (!empty($player['guildnick'])) { + echo ' ('. $player['guildnick'] .')'; + } + echo ''; echo ''. $player['level'] .''; echo ''. $config['vocations'][$player['vocation']] .''; if ($chardata['online'] == 1) echo ' Online '; @@ -341,6 +345,26 @@ if (user_logged_in() === true) { if ($highest_access >= 2) { // Guild leader stuff + // Change Guild Nick + if (!empty($_POST['player_guildnick'])) { + $p_cid = user_character_id($_POST['player_guildnick']); + $p_guild = get_player_guild_data($p_cid); + if (preg_match("/^[a-zA-Z_ ]+$/", $_POST['guildnick']) || empty($_POST['guildnick'])) { + // Only allow normal symbols as guild nick + $p_nick = sanitize($_POST['guildnick']); + if ($p_guild['guild_id'] == $gid) { + if ($config['TFSVersion'] !== 'TFS_10') $chardata = user_character_data($p_cid, 'online'); + else $chardata['online'] = (user_is_online_10($p_cid)) ? 1 : 0; + if ($chardata['online'] == 0) { + if ($config['TFSVersion'] !== 'TFS_10') update_player_guildnick($p_cid, $p_nick); + else update_player_guildnick_10($p_cid, $p_nick); + header('Location: guilds.php?name='. $_GET['name']); + exit(); + } else echo 'Character not offline.'; + } + } else echo 'Character guild nick may only contain a-z, A-Z and spaces.'; + } + // Promote character to guild position if (!empty($_POST['promote_character']) && !empty($_POST['promote_position'])) { // Verify that promoted character is from this guild. @@ -617,6 +641,33 @@ if ($highest_access >= 2) { + +
    +
      +
    • + Change Guild Nick:
      + + + +
      • +
    +
    + 1) { ?>
    From 2aef1424e67587b9acb015204af91e9ed93cc1e6 Mon Sep 17 00:00:00 2001 From: Declan Pym Date: Fri, 12 Sep 2014 10:21:10 +1000 Subject: [PATCH 11/33] Update killers.php Added check for killers var to fix issue #158 - Sorry wasn't sure how to change my original commit :S --- killers.php | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/killers.php b/killers.php index e8d19e4..a05aef9 100644 --- a/killers.php +++ b/killers.php @@ -85,7 +85,6 @@ if ($latests) { } else echo 'No player kills exist.'; } else if ($config['TFSVersion'] == 'TFS_03') { - ///////// $cache = new Cache('engine/cache/killers'); if ($cache->hasExpired()) { $deaths = fetchLatestDeaths_03(30, true); @@ -94,25 +93,25 @@ if ($latests) { } else { $deaths = $cache->load(); } - ?> -

    Latest Killers

    - - - - - - - '; - echo ""; - echo ""; - echo ""; - echo ''; - } ?> -
    KillerTimeVictim
    ". $death['killed_by'] ."". getClock($death['time'], true) ."At level ". $death['level'] .": ". $death['victim'] ."
    - - +

    Latest Killers

    + + + + + + + '; + echo ""; + echo ""; + echo ""; + echo ''; + } ?> +
    KillerTimeVictim
    ". $death['killed_by'] ."". getClock($death['time'], true) ."At level ". $death['level'] .": ". $death['victim'] ."
    + From 09b618b67babf4ed17f3e9444097bea49eb7a954 Mon Sep 17 00:00:00 2001 From: EPuncker Date: Fri, 12 Sep 2014 23:17:06 -0300 Subject: [PATCH 12/33] Converted tfs 1.0 scripts to meta, removed some spaces from config and fixed a typo --- .../creaturescript firstitems/firstitems.lua | 139 +++++++++--------- .../playerdeath.lua | 4 +- LUA/TFS_10/other.md/powergamers.lua | 5 +- .../talkaction report system/adminreport.lua | 26 ++-- .../talkaction shopsystem/znoteshop.lua | 39 +++-- config.php | 94 ++++++------ engine/database/connect.php | 2 +- gallery.php | 4 +- shop.php | 4 +- 9 files changed, 151 insertions(+), 166 deletions(-) diff --git a/LUA/TFS_10/creaturescript firstitems/firstitems.lua b/LUA/TFS_10/creaturescript firstitems/firstitems.lua index c0043be..feb18c3 100644 --- a/LUA/TFS_10/creaturescript firstitems/firstitems.lua +++ b/LUA/TFS_10/creaturescript firstitems/firstitems.lua @@ -1,77 +1,72 @@ +-- With Rookgaard + +--[[ +local firstItems = {2050, 2382} + function onLogin(cid) - local storage = 30055 -- storage value - - local sorcItems = { - 2460, -- Brass helmet - 2465, -- Brass armor - 2190, -- Wand of vortex - 2511, -- Brass shield - 2478, -- Brass legs - 2643, -- Leather boots - 1988, -- Brown backpack - 2050 -- torch - } - local druidItems = { - 2460, -- Brass helmet - 2465, -- Brass armor - 2511, -- Brass shield - 2182, -- Snakebite rod - 2478, -- Brass legs - 2643, -- Leather boots - 1988, -- Brown backpack - 2050 -- torch - } - local pallyItems = { - 2460, -- Brass helmet - 2465, -- Brass armor - 2456, -- Bow - 2478, -- Brass legs - 2643, -- Leather boots - 1988, -- Brown backpack - } - local kinaItems = { - 2460, -- Brass helmet - 2465, -- Brass armor - 2511, -- Brass shield - 2412, -- Katana - 2478, -- Brass legs - 2643, -- Leather boots - 1988, -- Brown backpack - 2050 -- torch - } - - if getPlayerStorageValue(cid, storage) == -1 then - setPlayerStorageValue(cid, storage, 1) - if getPlayerVocation(cid) == 1 then - -- Sorcerer - for i = 1, table.getn(sorcItems), 1 do - doPlayerAddItem(cid, sorcItems[i], 1, FALSE) - end - - elseif getPlayerVocation(cid) == 2 then - -- Druid - for i = 1, table.getn(druidItems), 1 do - doPlayerAddItem(cid, druidItems[i], 1, FALSE) - end - - elseif getPlayerVocation(cid) == 3 then - -- Paladin - for i = 1, table.getn(pallyItems), 1 do - doPlayerAddItem(cid, pallyItems[i], 1, FALSE) - end - -- 8 arrows - doPlayerAddItem(cid, 2544, 8, FALSE) - - elseif getPlayerVocation(cid) == 4 then - -- Knight - for i = 1, table.getn(kinaItems), 1 do - doPlayerAddItem(cid, kinaItems[i], 1, FALSE) - end + local player = Player(cid) + if player:getLastLoginSaved() <= 0 then + for i = 1, #firstItems do + player:addItem(firstItems[i], 1) end - - -- Common for all - doPlayerAddItem(cid, 2674, 5, FALSE) -- 5 apples - doPlayerAddItem(cid, 2120, 1, FALSE) -- 1 rope + player:addItem(player:getSex() == 0 and 2651 or 2650, 1) + player:addItem(1987, 1) + player:addItem(2674, 1) + end + return true +end +]]-- + +-- Without Rookgaard +local config = { + [1] = { + --equipment spellbook, wand of vortex, magician's robe, mage hat, studded legs, leather boots, scarf + items = {{2175, 1}, {2190, 1}, {8819, 1}, {8820, 1}, {2468, 1}, {2643, 1}, {2661, 1}}, + --container rope, shovel, mana potion + container = {{2120, 1}, {2554, 1}, {7620, 1}} + }, + [2] = { + --equipment spellbook, snakebite rod, magician's robe, mage hat, studded legs, leather boots scarf + items = {{2175, 1}, {2182, 1}, {8819, 1}, {8820, 1}, {2468, 1}, {2643, 1}, {2661, 1}}, + --container rope, shovel, mana potion + container = {{2120, 1}, {2554, 1}, {7620, 1}} + }, + [3] = { + --equipment dwrven shield, 5 spear, ranger's cloak, ranger legs scarf, legion helmet + items = {{2525, 1}, {2389, 5}, {2660, 1}, {8923, 1}, {2643, 1}, {2661, 1}, {2480, 1}}, + --container rope, shovel, health potion, bow, 50 arrow + container = {{2120, 1}, {2554, 1}, {7618, 1}, {2456, 1}, {2544, 50}} + }, + [4] = { + --equipment dwarven shield, steel axe, brass armor, brass helmet, brass legs scarf + items = {{2525, 1}, {8601, 1}, {2465, 1}, {2460, 1}, {2478, 1}, {2643, 1}, {2661, 1}}, + --container jagged sword, daramian mace, rope, shovel, health potion + container = {{8602, 1}, {2439, 1}, {2120, 1}, {2554, 1}, {7618, 1}} + } +} + +function onLogin(cid) + local player = Player(cid) + local targetVocation = config[player:getVocation():getId()] + if not targetVocation then + return true + end + + if player:getLastLoginSaved() ~= 0 then + return true + end + + for i = 1, #targetVocation.items do + player:addItem(targetVocation.items[i][1], targetVocation.items[i][2]) + end + + local backpack = player:addItem(1988) + if not backpack then + return true + end + + for i = 1, #targetVocation.container do + backpack:addItem(targetVocation.container[i][1], targetVocation.container[i][2]) end return true end diff --git a/LUA/TFS_10/creaturescript playerdeath/playerdeath.lua b/LUA/TFS_10/creaturescript playerdeath/playerdeath.lua index afb2d26..f4fda49 100644 --- a/LUA/TFS_10/creaturescript playerdeath/playerdeath.lua +++ b/LUA/TFS_10/creaturescript playerdeath/playerdeath.lua @@ -86,11 +86,11 @@ function onDeath(cid, corpse, killer, mostDamage, unjustified, mostDamage_unjust end if guildKills1 >= fragLimit or guildKills2 >= fragLimit then - broadcastMessage(string.format("%s has just won the war against %s.", killerGuild:getName(), playerGuild:getName()), MESSAGE_EVENT_ADVANCE) + Game.broadcastMessage(string.format("%s has just won the war against %s.", killerGuild:getName(), playerGuild:getName()), MESSAGE_EVENT_ADVANCE) db.query("UPDATE `guild_wars` SET `status` = 4, `ended` = " .. os.time() .. " WHERE `status` = 1 AND `id` = " .. warId) end end end end end -end \ No newline at end of file +end diff --git a/LUA/TFS_10/other.md/powergamers.lua b/LUA/TFS_10/other.md/powergamers.lua index fefe591..06af3b0 100644 --- a/LUA/TFS_10/other.md/powergamers.lua +++ b/LUA/TFS_10/other.md/powergamers.lua @@ -1,6 +1,7 @@ + function onThink(interval, lastExecution, thinkInterval) - if (tonumber(os.date("%d")) ~= getGlobalStorageValue(23856)) then - setGlobalStorageValue(23856, (tonumber(os.date("%d")))) + if tonumber(os.date("%d")) ~= Game.getStorageValue(23856) then + Game.setStorageValue(23856, (tonumber(os.date("%d")))) db.query("UPDATE `znote_players` SET `onlinetime7`=`onlinetime6`, `onlinetime6`=`onlinetime5`, `onlinetime5`=`onlinetime4`, `onlinetime4`=`onlinetime3`, `onlinetime3`=`onlinetime2`, `onlinetime2`=`onlinetime1`, `onlinetime1`=`onlinetimetoday`, `onlinetimetoday`=0;") db.query("UPDATE `znote_players` `z` INNER JOIN `players` `p` ON `p`.`id`=`z`.`player_id` SET `z`.`exphist7`=`z`.`exphist6`, `z`.`exphist6`=`z`.`exphist5`, `z`.`exphist5`=`z`.`exphist4`, `z`.`exphist4`=`z`.`exphist3`, `z`.`exphist3`=`z`.`exphist2`, `z`.`exphist2`=`z`.`exphist1`, `z`.`exphist1`=`p`.`experience`-`z`.`exphist_lastexp`, `z`.`exphist_lastexp`=`p`.`experience`;") end diff --git a/LUA/TFS_10/talkaction report system/adminreport.lua b/LUA/TFS_10/talkaction report system/adminreport.lua index ce45712..43c9b16 100644 --- a/LUA/TFS_10/talkaction report system/adminreport.lua +++ b/LUA/TFS_10/talkaction report system/adminreport.lua @@ -1,21 +1,19 @@ -- -- Coded by Dark ShaoOz, modified by Znote function onSay(cid, words, param, channel) - local storage = 6708 -- (You can change the storage if its already in use) - local delaytime = 30 -- (Exhaust In Seconds.) - local x = getPlayerPosition(cid).x -- (Do not edit this.) - local y = getPlayerPosition(cid).y -- (Do not edit this.) - local z = getPlayerPosition(cid).z -- (Do not edit this.) - if(param == '') then - doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_ORANGE, "Command param required.") + local player = Player(cid) + local storage = 6708 -- You can change the storage if its already in use + local delaytime = 30 -- Exhaust In Seconds. + if param == '' then + player:sendTextMessage(MESSAGE_STATUS_CONSOLE_ORANGE, "Command param required.") return true end - if (getPlayerStorageValue(cid, storage) <= os.time()) then - doPlayerSendTextMessage(cid, MESSAGE_INFO_DESCR, "Your report has been received successfully!") - db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , '" .. getPlayerName(cid) .. "', '" .. x .. "', '" .. y .. "', '" .. z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')") - setPlayerStorageValue(cid,storage,os.time()+delaytime) + if player:getStorageValue(storage) <= os.time() then + player:sendTextMessage(MESSAGE_INFO_DESCR, "Your report has been received successfully!") + db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , '" .. player:getName() .. "', '" .. player:getPosition().x .. "', '" .. player:getPosition().y .. "', '" .. player:getPosition().z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')") + player:setStorageValue(storage, os.time() + delaytime) else - doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "You have to wait "..getPlayerStorageValue(cid, storage) - os.time().." seconds to report again.") + player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have to wait " .. player:getStorageValue(storage) - os.time() .. " seconds to report again.") end - return TRUE -end \ No newline at end of file + return true +end diff --git a/LUA/TFS_10/talkaction shopsystem/znoteshop.lua b/LUA/TFS_10/talkaction shopsystem/znoteshop.lua index 518fc03..ef0342a 100644 --- a/LUA/TFS_10/talkaction shopsystem/znoteshop.lua +++ b/LUA/TFS_10/talkaction shopsystem/znoteshop.lua @@ -2,14 +2,14 @@ function onSay(cid, words, param) local storage = 54073 -- Make sure to select non-used storage. This is used to prevent SQL load attacks. local cooldown = 15 -- in seconds. - - if getPlayerStorageValue(cid, storage) <= os.time() then - setPlayerStorageValue(cid, storage, os.time() + cooldown) - local accid = getAccountNumberByPlayerName(getCreatureName(cid)) - + local player = Player(cid) + + if player:getStorageValue(storage) <= os.time() then + player:setStorageValue(storage, os.time() + cooldown) + -- Create the query - local orderQuery = db.storeQuery("SELECT `id`, `type`, `itemid`, `count` FROM `znote_shop_orders` WHERE `account_id` = " .. accid .. " LIMIT 1;") - + local orderQuery = db.storeQuery("SELECT `id`, `type`, `itemid`, `count` FROM `znote_shop_orders` WHERE `account_id` = " .. player:getAccountId() .. " LIMIT 1;") + -- Detect if we got any results if orderQuery ~= false then -- Fetch order values @@ -18,19 +18,17 @@ function onSay(cid, words, param) local q_itemid = result.getDataInt(orderQuery, "itemid") local q_count = result.getDataInt(orderQuery, "count") result.free(orderQuery) - + -- ORDER TYPE 1 (Regular item shop products) if q_type == 1 then -- Get wheight - local playerCap = getPlayerFreeCap(cid) - local itemweight = getItemWeight(q_itemid, q_count) - if playerCap >= itemweight then - db.query("DELETE FROM `znote_shop_orders` WHERE `id` = " .. q_id .. ";") - doPlayerAddItem(cid, q_itemid, q_count) - doPlayerSendTextMessage(cid, MESSAGE_INFO_DESCR, "Congratulations! You have recieved ".. q_count .." "..getItemName(q_itemid).."(s)!") - else - doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "Need more CAP!") - end + if player:getFreeCapacity() >= ItemType(q_itemid):getWeight(q_count) then + db.query("DELETE FROM `znote_shop_orders` WHERE `id` = " .. q_id .. ";") + player:addItem(q_itemid, q_count) + player:sendTextMessage(MESSAGE_INFO_DESCR, "Congratulations! You have received " .. q_count .. " x " .. ItemType(q_itemid):getName() .. "!") + else + player:sendTextMessage(MESSAGE_STATUS_WARNING, "Need more CAP!") + end end -- Add custom order types here -- Type 2 is reserved for premium days and is handled on website, not needed here. @@ -39,11 +37,10 @@ function onSay(cid, words, param) -- if q_type == 4 then -- end else - doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "You have no orders.") + player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have no orders.") end - else - doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_BLUE, "Can only be executed once every "..cooldown.." seconds. Remaining cooldown: ".. getPlayerStorageValue(cid, storage) - os.time()) + player:sendTextMessage(MESSAGE_STATUS_CONSOLE_BLUE, "Can only be executed once every " .. cooldown .. " seconds. Remaining cooldown: " .. player:getStorageValue(storage) - os.time()) end return false -end \ No newline at end of file +end diff --git a/config.php b/config.php index 5fb92f7..6daf883 100644 --- a/config.php +++ b/config.php @@ -52,7 +52,7 @@ // CUSTOM SERVER STUFF \\ // ------------------- \\ // Enable / disable Questlog function (true / false) - $config['EnableQuests'] = false; + $config['EnableQuests'] = false; // array for filling questlog (Questid, max value, name, end of the quest fill 1 for the last part 0 for all others) $config['quests'] = array( @@ -113,7 +113,7 @@ array(12035,2,"The Ice Islands Quest",0), array(12036,6,"The Ice Islands Quest",1), ); - + //Achivements based on "https://github.com/PrinterLUA/FORGOTTENSERVER-ORTS/blob/master/data/lib/achievements_lib.lua" (TFS 1.0) $config['Ach'] = false; $config['achievements'] = array( @@ -123,7 +123,6 @@ 'points' => '1', //points 'img' => 'http://www.tibia-wiki.net/images/Dragon.gif', //img link or folder (example)> 'images/dragon.png' ), - 35001 => array( 'Uniwheel', 'You\'re probably one of the very few people with this classic and unique ride, hope it doesn\'t break anytime soon.', //comment @@ -131,132 +130,129 @@ 'img' => 'http://img1.wikia.nocookie.net/__cb20140214234600/tibia/en/images/e/e5/Uniwheel.gif', //img link or folder (example)> 'images/dragon.png' 'secret' => true ), - - 30001 => array( + 30001 => array( 'Allow Cookies?', 'With a perfectly harmless smile you fooled all of those wicecrackers into eating your exploding cookies. Consider a boy or girl scout outfit next time to make the trick even better.', 'points' => '10', // 1-3 points (1star), 4-6 points(2 stars), 7-9 points(3 stars), 10 points => (4 stars) 'secret' => true // show "secret" image ), - 30002 => array( + 30002 => array( 'Backpack Tourist', 'If someone lost a random thing in a random place, you\'re probably a good person to ask and go find it, even if you don\'t know what and where.', 'points' => '7' ), - 30003 => array( + 30003 => array( 'Bearhugger', 'Warm, furry and cuddly - though that same bear you just hugged would probably rip you into pieces if he had been conscious, he reminded you of that old teddy bear which always slept in your bed when you were still small.', 'points' => '4' ), - 30004 => array( + 30004 => array( 'Bone Brother', 'You\'ve joined the undead bone brothers - making death your enemy and your weapon as well. Devouring what\'s weak and leaving space for what\'s strong is your primary goal.', 'points' => '1' ), - 30005 => array( + 30005 => array( 'Chorister', 'Lalalala... you now know the cult\'s hymn sung in Liberty Bay by heart. Not that hard, considering that it mainly consists of two notes and repetitive lyrics.', 'points' => '1' ), - 30006 => array( + 30006 => array( 'Fountain of Life', 'You found and took a sip from the Fountain of Life. Thought it didn\'t grant you eternal life, you feel changed and somehow at peace.', 'points' => '1', 'secret' => true ), - 30007 => array( + 30007 => array( 'Here, Fishy Fishy!', 'Ah, the smell of the sea! Standing at the shore and casting a line is one of your favourite activities. For you, fishing is relaxing - and at the same time, providing easy food. Perfect!', 'points' => '1' ), - 30008 => array( + 30008 => array( 'Honorary Barbarian', 'You\'ve hugged bears, pushed mammoths and proved your drinking skills. And even though you have a slight hangover, a partially fractured rib and some greasy hair on your tongue, you\'re quite proud to call yourself a honorary barbarian from now on.', 'points' => '1' ), - 30009 => array( + 30009 => array( 'Huntsman', 'You\'re familiar with hunting tasks and have carried out quite a few already. A bright career as hunter for the Paw & Fur society lies ahead!', 'points' => '2' ), - 300010 => array( + 300010 => array( 'Just in Time', 'You\'re a fast runner and are good at delivering wares which are bound to decay just in the nick of time, even if you can\'t use any means of transportation or if your hands get cold or smelly in the process.', 'points' => '1' ), - 30011 => array( + 30011 => array( 'Matchmaker', 'You don\'t believe in romance to be a coincidence or in love at first sight. In fact - love potions, bouquets of flowers and cheesy poems do the trick much better than ever could. Keep those hormones flowing!', 'points' => '1', 'secret' => true ), - 30012 => array( + 30012 => array( 'Nightmare Knight', 'You follow the path of dreams and that of responsibility without self-centered power. Free from greed and selfishness, you help others without expecting a reward.', 'points' => '1', 'secret' => true ), - 30013 => array( + 30013 => array( 'Party Animal', 'Oh my god, it\'s a paaaaaaaaaaaarty! You\'re always in for fun, friends and booze and love being the center of attention. There\'s endless reasons to celebrate! Woohoo!', 'points' => '1', 'secret' => true ), - 30014 => array( + 30014 => array( 'Secret Agent', 'Pack your spy gear and get ready for some dangerous missions in service of a secret agency. You\'ve shown you want to - but can you really do it? Time will tell.', 'points' => '1', 'secret' => true ), - 30015 => array( + 30015 => array( 'Talented Dancer', 'You\'re a lord or lady of the dance - and not afraid to use your skills to impress tribal gods. One step to the left, one jump to the right, twist and shout!', 'points' => '1' ), - 30016 => array( + 30016 => array( 'Territorial', 'Your map is your friend - always in your back pocket and covered with countless marks of interesting and useful locations. One could say that you might be lost without it - but luckily there\'s no way to take it from you.', 'points' => '1' ), - 30017 => array( + 30017 => array( 'Worm Whacker', 'Weehee! Whack those worms! You sure know how to handle a big hammer.', 'points' => '1', 'secret' => true ), - 30018 => array( + 30018 => array( 'Allowance Collector', 'You certainly have your ways when it comes to acquiring money. Many of them are pink and paved with broken fragments of porcelain.', 'points' => '1' ), - 30019 => array( + 30019 => array( 'Amateur Actor', 'You helped bringing Princess Buttercup, Doctor Dumbness and Lucky the Wonder Dog to life - and will probably dream of them tonight, since you memorised your lines perfectly. What a .. special piece of.. screenplay.', 'points' => '2' ), - 30020 => array( + 30020 => array( 'Animal Activist', 'Phasellus lacinia odio dolor, in elementum mauris dapibus a. Vivamus nec gravida libero, ac pretium eros. Nam in dictum ealesuada sodales. Nullam eget ex sit amet urna fringilla molestie. Aliquam lobortis urna eros, vel elementum metus accumsan eu. Nulla porttitor in lacus vel ullamcorper.', 'points' => '2', 'secret' => true), - ); - + ); + // TFS 1.0 powergamers and top online - //Before enabling powergamers, make sure that you have added LUA files and possible cloums to your server. - //files can be found at Lua folder. - + //Before enabling powergamers, make sure that you have added LUA files and possible cloums to your server. + //files can be found at Lua folder. + $config['powergamers'] = array( 'enabled' => true, // Enable or disable page 'limit' => 20, //Number of players that it will show. ); - + $config['toponline'] = array( 'enabled' => true, // Enable or disable page 'limit' => 20, //Number of players that it will show. ); - - // Vocation ids and names. $config['vocations'] = array( 0 => 'No vocation', @@ -320,7 +316,7 @@ 'cap' => 25 ), ); - // Town ids and names: (In RME map editor, open map, click CTRL + T to view towns, their names and their IDs. + // Town ids and names: (In RME map editor, open map, click CTRL + T to view towns, their names and their IDs. // townID => 'townName' etc: ['3'=>'Thais'] $config['towns'] = array( 2 => 'Thyrfing', @@ -346,7 +342,7 @@ ); $config['war_status'] = array( - 0 => 'Pending..', + 0 => 'Pending', 1 => 'Accepted', 2 => 'Rejected', 3 => 'Cancelled', @@ -439,8 +435,8 @@ $config['salt'] = false; // Some noob 0.3.6 servers don't support salt. // Restricted names - $config['invalidNameTags'] = array("owner", "gamemaster", "hoster", "admin", "staff", "tibia", "account", "god","anal","ass","fuck","sex","hitler", "pussy","dick","rape","cm","gm","amazon","valkyrie","carrion worm","rotworm","rotworm queen","cockroach","kongra","merlkin","sibang","crystal spider","giant spider","poison spider","scorpion","spider","tarantula","achad","axeitus headbanger","bloodpaw","bovinus","colerian the barbarian","cursed gladiator","frostfur","orcus the cruel","rocky","the hairy one","avalanche","drasilla","grimgor guteater","kreebosh the exile","slim","spirit of earth","spirit of fire","spirit of water","the dark dancer","the hag","darakan the executioner","deathbringer","fallen mooh'tah master ghar","gnorre chyllson","norgle glacierbeard","svoren the mad","the masked marauder","the obliverator","the pit lord","webster","barbarian bloodwalker","barbarian brutetamer","barbarian headsplitter","barbarian skullhunter","bear","panda","polar bear","braindeath","beholder","elder beholder","gazer","chicken","dire penguin","flamingo","parrot","penguin","seagull","terror bird","bazir","infernatil","thul","munster","son of verminor","xenia","zoralurk","big boss trolliver","foreman kneebiter","mad technomancer","man in the cave","lord of the elements","the count","the plasmother","dracola","the abomination","the handmaiden","mr. punish","the countess sorrow","the imperor","massacre","apocalypse","brutus bloodbeard","deadeye devious","demodras","dharalion","fernfang","ferumbras","general murius","ghazbaran","grorlam","lethal lissy","morgaroth","necropharus","orshabaal","ron the ripper","the evil eye","the horned fox","the old widow","tiquandas revenge","apprentice sheng","dog","hellhound","war wolf","winter wolf","wolf","chakoya toolshaper","chakoya tribewarden","chakoya windcaller","blood crab","crab","frost giant","frost giantess","ice golem","yeti","acolyte of the cult","adept of the cult","enlightened of the cult","novice of the cult","ungreez","dark torturer","demon","destroyer","diabolic imp","fire devil","fury","hand of cursed fate","juggernaut","nightmare","plaguesmith","blue djinn","efreet","admin","green djinn","marid","frost dragon","wyrm","sea serpent","dragon lord","dragon","hydra","dragon hatchling","dragon lord hatchling","frost dragon hatchling","dwarf geomancer","dwarf guard","dwarf soldier","dwarf","dworc fleshhunter","dworc venomsniper","dworc voodoomaster","elephant","mammoth","elf arcanist","elf scout","elf","charged energy elemental","energy elemental","massive energy elemental","overcharged energy elemental","energy overlord","cat","lion","tiger","azure frog","coral frog","crimson frog","green frog","orchid frog","toad","jagged earth elemental","muddy earth elemental","earth elemental","massive earth elemental","earth overlord","gargoyle","stone golem","ghost","phantasm","phantasm","pirate ghost","spectre","cyclops smith","cyclops drone","behemoth","cyclops","slick water elemental","roaring water elemental","ice overlord","water elemental","massive water elemental","ancient scarab","butterfly","bug","centipede","exp bug","larva","scarab","wasp","lizard sentinel","lizard snakecharmer","lizard templar","minotaur archer","minotaur guard","minotaur mage","minotaur","squirrel","goblin demon","badger","bat","deer","the halloween hare","hyaena","pig","rabbit","silver rabbit","skunk","wisp","dark monk","monk","tha exp carrier","necromancer","priestess","orc berserker","orc leader","orc rider","orc shaman","orc spearman","orc warlord","orc warrior","orc","goblin leader","goblin scavenger","goblin","goblin assassin","assasin","bandit","black knight","hero","hunter","nomad","smuggler","stalker","poacher","wild warrior","ashmunrah","dipthrah","mahrdis","morguthis","omruc","rahemos","thalas","vashresamun","pirate buccaneer","pirate corsair","pirate cutthroat","pirate marauder","carniphila","spit nettle","fire overlord","massive fire elemental","blistering fire elemental","blazing fire elemental","fire elemental","hellfire fighter","quara constrictor scout","quara hydromancer scout","quara mantassin scout","quara pincher scout","quara predator scout","quara constrictor","quara hydromancer","quara mantassin","quara pincher","quara predator","cave rat","rat","cobra","crocodile","serpent spawn","snake","wyvern","black sheep","sheep","mimic","betrayed wraith","bonebeast","demon skeleton","lost soul","pirate skeleton","skeleton","skeleton warrior","undead dragon","defiler","slime2","slime","bog raider","ice witch","warlock","witch","bones","fluffy","grynch clan goblin","hacker","minishabaal","primitive","tibia bug","undead minion","annihilon","hellgorak","latrivan","madareth","zugurosh","ushuriel","golgordan","thornback tortoise","tortoise","eye of the seven","deathslicer","flamethrower","magicthrower","plaguethrower","poisonthrower","shredderthrower","troll champion","frost troll","island troll","swamp troll","troll","banshee","blightwalker","crypt shambler","ghoul","lich","mummy","vampire","grim reaper","frost dragon","mercenary","zathroth","goshnar","durin","demora","orc champion","dracula","alezzo","prince almirith","elf warlord","magebomb","nightmare scion"); - + $config['invalidNameTags'] = array("owner", "gamemaster", "hoster", "admin", "staff", "tibia", "account", "god", "anal", "ass", "fuck", "sex", "hitler", "pussy", "dick", "rape", "cm", "gm", "amazon", "valkyrie", "carrion worm", "rotworm", "rotworm queen", "cockroach", "kongra", "merlkin", "sibang", "crystal spider", "giant spider", "poison spider", "scorpion", "spider", "tarantula", "achad", "axeitus headbanger", "bloodpaw", "bovinus", "colerian the barbarian", "cursed gladiator", "frostfur", "orcus the cruel", "rocky", "the hairy one", "avalanche", "drasilla", "grimgor guteater", "kreebosh the exile", "slim", "spirit of earth", "spirit of fire", "spirit of water", "the dark dancer", "the hag", "darakan the executioner", "deathbringer", "fallen mooh'tah master ghar", "gnorre chyllson", "norgle glacierbeard", "svoren the mad", "the masked marauder", "the obliverator", "the pit lord", "webster", "barbarian bloodwalker", "barbarian brutetamer", "barbarian headsplitter", "barbarian skullhunter", "bear", "panda", "polar bear", "braindeath", "beholder", "elder beholder", "gazer", "chicken", "dire penguin", "flamingo", "parrot", "penguin", "seagull", "terror bird", "bazir", "infernatil", "thul", "munster", "son of verminor", "xenia", "zoralurk", "big boss trolliver", "foreman kneebiter", "mad technomancer", "man in the cave", "lord of the elements", "the count", "the plasmother", "dracola", "the abomination", "the handmaiden", "mr. punish", "the countess sorrow", "the imperor", "massacre", "apocalypse", "brutus bloodbeard", "deadeye devious", "demodras", "dharalion", "fernfang", "ferumbras", "general murius", "ghazbaran", "grorlam", "lethal lissy", "morgaroth", "necropharus", "orshabaal", "ron the ripper", "the evil eye", "the horned fox", "the old widow", "tiquandas revenge", "apprentice sheng", "dog", "hellhound", "war wolf", "winter wolf", "wolf", "chakoya toolshaper", "chakoya tribewarden", "chakoya windcaller", "blood crab", "crab", "frost giant", "frost giantess", "ice golem", "yeti", "acolyte of the cult", "adept of the cult", "enlightened of the cult", "novice of the cult", "ungreez", "dark torturer", "demon", "destroyer", "diabolic imp", "fire devil", "fury", "hand of cursed fate", "juggernaut", "nightmare", "plaguesmith", "blue djinn", "efreet", "admin", "green djinn", "marid", "frost dragon", "wyrm", "sea serpent", "dragon lord", "dragon", "hydra", "dragon hatchling", "dragon lord hatchling", "frost dragon hatchling", "dwarf geomancer", "dwarf guard", "dwarf soldier", "dwarf", "dworc fleshhunter", "dworc venomsniper", "dworc voodoomaster", "elephant", "mammoth", "elf arcanist", "elf scout", "elf", "charged energy elemental", "energy elemental", "massive energy elemental", "overcharged energy elemental", "energy overlord", "cat", "lion", "tiger", "azure frog", "coral frog", "crimson frog", "green frog", "orchid frog", "toad", "jagged earth elemental", "muddy earth elemental", "earth elemental", "massive earth elemental", "earth overlord", "gargoyle", "stone golem", "ghost", "phantasm", "phantasm", "pirate ghost", "spectre", "cyclops smith", "cyclops drone", "behemoth", "cyclops", "slick water elemental", "roaring water elemental", "ice overlord", "water elemental", "massive water elemental", "ancient scarab", "butterfly", "bug", "centipede", "exp bug", "larva", "scarab", "wasp", "lizard sentinel", "lizard snakecharmer", "lizard templar", "minotaur archer", "minotaur guard", "minotaur mage", "minotaur", "squirrel", "goblin demon", "badger", "bat", "deer", "the halloween hare", "hyaena", "pig", "rabbit", "silver rabbit", "skunk", "wisp", "dark monk", "monk", "tha exp carrier", "necromancer", "priestess", "orc berserker", "orc leader", "orc rider", "orc shaman", "orc spearman", "orc warlord", "orc warrior", "orc", "goblin leader", "goblin scavenger", "goblin", "goblin assassin", "assasin", "bandit", "black knight", "hero", "hunter", "nomad", "smuggler", "stalker", "poacher", "wild warrior", "ashmunrah", "dipthrah", "mahrdis", "morguthis", "omruc", "rahemos", "thalas", "vashresamun", "pirate buccaneer", "pirate corsair", "pirate cutthroat", "pirate marauder", "carniphila", "spit nettle", "fire overlord", "massive fire elemental", "blistering fire elemental", "blazing fire elemental", "fire elemental", "hellfire fighter", "quara constrictor scout", "quara hydromancer scout", "quara mantassin scout", "quara pincher scout", "quara predator scout", "quara constrictor", "quara hydromancer", "quara mantassin", "quara pincher", "quara predator", "cave rat", "rat", "cobra", "crocodile", "serpent spawn", "snake", "wyvern", "black sheep", "sheep", "mimic", "betrayed wraith", "bonebeast", "demon skeleton", "lost soul", "pirate skeleton", "skeleton", "skeleton warrior", "undead dragon", "defiler", "slime2", "slime", "bog raider", "ice witch", "warlock", "witch", "bones", "fluffy", "grynch clan goblin", "hacker", "minishabaal", "primitive", "tibia bug", "undead minion", "annihilon", "hellgorak", "latrivan", "madareth", "zugurosh", "ushuriel", "golgordan", "thornback tortoise", "tortoise", "eye of the seven", "deathslicer", "flamethrower", "magicthrower", "plaguethrower", "poisonthrower", "shredderthrower", "troll champion", "frost troll", "island troll", "swamp troll", "troll", "banshee", "blightwalker", "crypt shambler", "ghoul", "lich", "mummy", "vampire", "grim reaper", "frost dragon", "mercenary", "zathroth", "goshnar", "durin", "demora", "orc champion", "dracula", "alezzo", "prince almirith", "elf warlord", "magebomb", "nightmare scion"); + // Use guild logo system $config['use_guild_logos'] = true; @@ -461,7 +457,7 @@ // What client version and server port are you using on this OT? // Used for the Downloads page. - $config['client'] = 1037; // 954 = tibia 9.54 + $config['client'] = 1041; // 954 = tibia 9.54 // Download link to client. Recommended: // Select download link from remere map editor website! @@ -566,7 +562,7 @@ // BAN STUFF - Don't touch this unless you know what you are doing. // You can order the lines the way you want, from top to bot, in which order you - // wish for them to be displayed in admin panel. Just make sure key[#] represent your describtion. + // wish for them to be displayed in admin panel. Just make sure key[#] represent your description. $config['ban_type'] = array( 4 => 'NOTATION_ACCOUNT', 2 => 'NAMELOCK_PLAYER', @@ -577,7 +573,7 @@ // BAN STUFF - Don't touch this unless you know what you are doing. // You can order the lines the way you want, from top to bot, in which order you - // wish for them to be displayed in admin panel. Just make sure key[#] represent your describtion. + // wish for them to be displayed in admin panel. Just make sure key[#] represent your description. $config['ban_action'] = array( 0 => 'Notation', 1 => 'Name Report', @@ -617,7 +613,7 @@ // BAN STUFF // Ban time duration selection in admin panel - // seconds => describtion + // seconds => description $config['ban_time'] = array( 3600 => '1 hour', 21600 => '6 hours', @@ -629,7 +625,6 @@ 2592000 => '1 month', ); - // --------------- \\ // SECURITY STUFF \\ // --------------- \\ @@ -651,7 +646,6 @@ if table never gets flushed once in a while. So I highly recommend you to configure flush_ip_logs if IPs are logged. */ - $config['log_ip'] = false; // Flush IP logs each configured seconds, 60 * 15 = 15 minutes. @@ -707,7 +701,7 @@ /// PAYGOL SMS /// ////////////////// // !!! Paygol takes 60%~ of the money, and send aprox 40% to your paypal. - // You can configure paygol to send each month, then they will send money + // You can configure paygol to send each month, then they will send money // to you 1 month after recieving 50+ eur. $config['paygol'] = array( 'enabled' => true, @@ -741,7 +735,7 @@ 'requiredLevel' => 50, // Minimum level of sold character 'leastValue' => 10, // Lowest donation points a char can be sold for. 'leastTime' => 24, // In hours. False to disable. - // leastTime = Lowest duration of time an auctioned player has to be + // leastTime = Lowest duration of time an auctioned player has to be // sellable before auctioneer can claim character back. ); @@ -752,7 +746,7 @@ 'type' => 1, // 1 = item id offers, 2 = premium days [itemid ignored], 3 = sex change[itemid & count ignored], 4+ = custom. 'itemid' => 2160, // item to get in-game 'count' => 5, //if type is 2, this represents premium days - 'describtion' => "Crystal coin.", // Describtion shown on website + 'description' => "Crystal coin.", // Description shown on website 'points' => 100, // How many points this offer costs ), @@ -761,7 +755,7 @@ 'type' => 1, 'itemid' => 2392, 'count' => 1, - 'describtion' => "Fire sword.", + 'description' => "Fire sword.", 'points' => 10, ), @@ -770,7 +764,7 @@ 'type' => 2, 'itemid' => 12466, // Item to display on page 'count' => 7, - 'describtion' => "Premium membership.", + 'description' => "Premium membership.", 'points' => 25, ), @@ -779,21 +773,21 @@ 'type' => 3, 'itemid' => 12666, 'count' => 3, - 'describtion' => "Change character gender.", + 'description' => "Change character gender.", 'points' => 10, ), 5 => array( 'type' => 3, 'itemid' => 12666, 'count' => 0, - 'describtion' => "Change character gender.", + 'description' => "Change character gender.", 'points' => 20, ), 5 => array( 'type' => 4, 'itemid' => 12666, 'count' => 1, - 'describtion' => "Change character name.", + 'description' => "Change character name.", 'points' => 20, ), ); diff --git a/engine/database/connect.php b/engine/database/connect.php index 8094a68..783d1f2 100644 --- a/engine/database/connect.php +++ b/engine/database/connect.php @@ -123,7 +123,7 @@ CREATE TABLE IF NOT EXISTS `znote_shop` ( `type` int(11) NOT NULL, `itemid` int(11) DEFAULT NULL, `count` int(11) NOT NULL DEFAULT '1', - `describtion` varchar(255) NOT NULL, + `description` varchar(255) NOT NULL, `points` int(11) NOT NULL DEFAULT '10', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; diff --git a/gallery.php b/gallery.php index d439cbb..480dd1f 100644 --- a/gallery.php +++ b/gallery.php @@ -9,7 +9,7 @@ if ($logged_in === true) { Image URL:

    Image Title:

    - Image Describtion:

    + Image Description:

    "> echo time(); -//insertImage(2, "Yaay!", "Super describtion!", "1!pxpmul!jpg"); +//insertImage(2, "Yaay!", "Super description!", "1!pxpmul!jpg"); */?> \ No newline at end of file diff --git a/shop.php b/shop.php index 6285c59..e002428 100644 --- a/shop.php +++ b/shop.php @@ -95,7 +95,7 @@ if ($config['shop_auction']['characterAuction']) { $offers) { echo ''; - echo ''. $offers['describtion'] .''; + echo ''. $offers['description'] .''; if ($config['shop']['showImage']) echo 'img'; if ($offers['type'] == 2) echo ''. $offers['count'] .' Days'; else if ($offers['type'] == 3 && $offers['count'] == 0) echo 'Unlimited'; @@ -105,7 +105,7 @@ if ($config['shop_auction']['characterAuction']) { ?>
    - +
    '; From ce71cdd16d954c3f89663571690ecff97ccf21b7 Mon Sep 17 00:00:00 2001 From: peonso Date: Wed, 17 Sep 2014 17:14:33 -0300 Subject: [PATCH 13/33] Update users.php --- engine/function/users.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/engine/function/users.php b/engine/function/users.php index 7cfad3e..05d9f80 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -241,8 +241,7 @@ function shop_account_gender_tickets($accid) { // function guild_remove_member($cid) { $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid"); - mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid"); + mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid"); } function guild_remove_member_10($cid) { $cid = (int)$cid; @@ -1519,4 +1518,4 @@ function cancel_war_invitation($cid, $gid) { mysql_update("UPDATE `guild_wars` SET `status` = 3, `ended` = '$time' WHERE `guild2` = '$cid' AND `guild1` = '$gid';"); } -?> \ No newline at end of file +?> From 86819b9bfa7431be7029cd960ed2ddbbc0155026 Mon Sep 17 00:00:00 2001 From: peonso Date: Wed, 17 Sep 2014 17:15:00 -0300 Subject: [PATCH 14/33] Update users.php --- engine/function/users.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/engine/function/users.php b/engine/function/users.php index 05d9f80..b378f35 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -240,8 +240,8 @@ function shop_account_gender_tickets($accid) { // GUILDS // function guild_remove_member($cid) { - $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid"); + $cid = (int)$cid; + mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid"); } function guild_remove_member_10($cid) { $cid = (int)$cid; From 656a5ca04b924f52e0950e25d394e95a013eca8d Mon Sep 17 00:00:00 2001 From: peonso Date: Wed, 17 Sep 2014 17:16:19 -0300 Subject: [PATCH 15/33] Update users.php --- engine/function/users.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/engine/function/users.php b/engine/function/users.php index b378f35..ac1571c 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -240,8 +240,8 @@ function shop_account_gender_tickets($accid) { // GUILDS // function guild_remove_member($cid) { - $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid"); + $cid = (int)$cid; + mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid"); } function guild_remove_member_10($cid) { $cid = (int)$cid; @@ -329,9 +329,8 @@ function guild_delete($gid) { // Player leave guild function guild_player_leave($cid) { - $cid = (int)$cid; - mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid LIMIT 1;"); - mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid"); + $cid = (int)$cid; + mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid LIMIT 1;"); } function guild_player_leave_10($cid) { $cid = (int)$cid; From 3265ba6c99cab66f18fa7f647d516e5398ef2860 Mon Sep 17 00:00:00 2001 From: Stefan Brannfjell Date: Mon, 22 Sep 2014 00:06:20 +0200 Subject: [PATCH 16/33] Fix #170 Bug in characterprofile.php for TFS 0.2/3. --- characterprofile.php | 85 ++++++++++++++++++++++++++------------------ 1 file changed, 50 insertions(+), 35 deletions(-) diff --git a/characterprofile.php b/characterprofile.php index 005af9e..f2b1872 100644 --- a/characterprofile.php +++ b/characterprofile.php @@ -51,47 +51,62 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false) { echo 'Never.'; } - ?> + ?> + - 0) //if player doesn't have any achievement points it won't echo the line below. - echo 'Achievement Points' .$achievement. ' '; - } + 0) //if player doesn't have any achievement points it won't echo the line below. + echo 'Achievement Points' .$achievement. ' '; + } } ?> - 0) - $playerlist[] = $h['owner']; - - if ($profile_data['id'] = $h['owner']) { ?> -
  • House: , $value) { - if ($key == $h['town_id']) { - echo $value; - } - } ?>
    • -
  • Status: ONLINE'; - } else { - echo 'OFFLINE'; - } - } else { - if ($profile_data['online'] == 1) { - echo 'ONLINE'; - } else { - echo 'OFFLINE'; + + 0) + $playerlist[] = $h['owner']; + + if ($profile_data['id'] = $h['owner']) { + ?> +
  • House: , $value) { + if ($key == $h['town_id']) { + echo $value; + } + } + ?> +
    • + + } + } + ?> + +
  • Status: ONLINE'; + } else { + echo 'OFFLINE'; + } + } else { + if ($profile_data['online'] == 1) { + echo 'ONLINE'; + } else { + echo 'OFFLINE'; + } + } + ?> +
  • Created:
  • Comment:
    • From 5af3051c3655f7eb2960dadb6bb5dceaa6f0a13b Mon Sep 17 00:00:00 2001 From: Martin Nylind Date: Thu, 23 Oct 2014 15:37:17 +0200 Subject: [PATCH 17/33] Add BB tag for YouTube videos to news and forum. Use with the video id (after v= in URL) ex. [youtube]wK0w0x62PjA[/youtube] --- forum.php | 1 + index.php | 1 + layout/css/style.css | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/forum.php b/forum.php index c5e02f7..60ab01c 100644 --- a/forum.php +++ b/forum.php @@ -23,6 +23,7 @@ function TransformToBBCode($string) { '[link={$1}]{$2}[/link]' => '$2', '[color={$1}]{$2}[/color]' => '$2', '[*]{$1}[/*]' => '
  • $1
    • ', + '[youtube]{$1}[/youtube]' => '
    ', ); foreach ($tags as $tag => $value) { diff --git a/index.php b/index.php index dc9d0e8..5569974 100644 --- a/index.php +++ b/index.php @@ -63,6 +63,7 @@ '[link={$1}]{$2}[/link]' => '$2', '[color={$1}]{$2}[/color]' => '$2', '[*]{$1}[/*]' => '
  • $1
    • ', + '[youtube]{$1}[/youtube]' => '
    ', ); foreach ($tags as $tag => $value) { $code = preg_replace('/placeholder([0-9]+)/', '(.*?)', preg_quote(preg_replace('/\{\$([0-9]+)\}/', 'placeholder$1', $tag), '/')); diff --git a/layout/css/style.css b/layout/css/style.css index bef6115..49bdc87 100644 --- a/layout/css/style.css +++ b/layout/css/style.css @@ -628,3 +628,25 @@ hr { background-color: green; border: 1px solid black; } + +/* ///////////\/\\\\\\\\\\\ + // Znote YOUTUBE BB \\ + ///////////\/\\\\\\\\\\\ */ + +div.youtube { + width: 100%; + max-width: 560px; +} + +div.aspectratio { + width: 100%; + padding-bottom: 56.25%; /* 16:9 */ + position: relative; +} + +div.aspectratio > iframe { + position: absolute; + top: 0; bottom: 0; left: 0; right: 0; + width: 100%; + height: 100%; +} From 3c70b55ae36de4c33de9c78fda7417d7c53245ee Mon Sep 17 00:00:00 2001 From: Mark Samman Date: Wed, 29 Oct 2014 19:32:48 +0100 Subject: [PATCH 18/33] Fix SQL injection in admin_reports.php --- admin_reports.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/admin_reports.php b/admin_reports.php index 1f735e7..2185b95 100644 --- a/admin_reports.php +++ b/admin_reports.php @@ -41,9 +41,9 @@ if (!empty($_POST)) { $customPoints = getValue($_POST['customPoints']); $reportId = getValue($_POST['id']); - $changelogReportId = &$_POST['changelogReportId']; + $changelogReportId = (int)$_POST['changelogReportId']; $changelogValue = &$_POST['changelogValue']; - $changelogText = &$_POST['changelogText']; + $changelogText = getValue($_POST['changelogText']); $changelogStatus = ($changelogReportId !== false && $changelogValue === '2' && $changelogText !== false) ? true : false; if ($customPoints !== false) $price = (int)($price + $customPoints); From 7a265593b8002780e7941703a412d9c2e2ff29d2 Mon Sep 17 00:00:00 2001 From: Mark Samman Date: Wed, 29 Oct 2014 19:35:19 +0100 Subject: [PATCH 19/33] Fix SQL injection in ipn.php --- ipn.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipn.php b/ipn.php index 2ffb09f..208b521 100644 --- a/ipn.php +++ b/ipn.php @@ -65,9 +65,9 @@ $payment_status = $_POST['payment_status']; $payment_amount = $_POST['mc_gross']; $payment_currency = $_POST['mc_currency']; - $txn_id = $_POST['txn_id']; - $receiver_email = $_POST['receiver_email']; - $payer_email = $_POST['payer_email']; + $txn_id = getValue($_POST['txn_id']); + $receiver_email = getValue($_POST['receiver_email']); + $payer_email = getValue($_POST['payer_email']); $custom = (int)$_POST['custom']; $connectedIp = $_SERVER['REMOTE_ADDR']; From 48363b655ae8ba83232b16dcffd7672be70ea3c8 Mon Sep 17 00:00:00 2001 From: Mark Samman Date: Wed, 29 Oct 2014 19:36:39 +0100 Subject: [PATCH 20/33] Increase security of ipn.php --- ipn.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ipn.php b/ipn.php index 208b521..b53f473 100644 --- a/ipn.php +++ b/ipn.php @@ -1,4 +1,7 @@ Date: Wed, 29 Oct 2014 19:42:16 +0100 Subject: [PATCH 21/33] Fix SQL injections in paygol_ipn.php --- paygol_ipn.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/paygol_ipn.php b/paygol_ipn.php index 3fd715c..56af350 100644 --- a/paygol_ipn.php +++ b/paygol_ipn.php @@ -10,18 +10,18 @@ if(!in_array($_SERVER['REMOTE_ADDR'], } // get the variables from PayGol system -$message_id = $_GET['message_id']; -$service_id = $_GET['service_id']; -$shortcode = $_GET['shortcode']; -$keyword = $_GET['keyword']; -$message = $_GET['message']; -$sender = $_GET['sender']; -$operator = $_GET['operator']; -$country = $_GET['country']; -$custom = $_GET['custom']; -$points = $_GET['points']; -$price = $_GET['price']; -$currency = $_GET['currency']; +$message_id = getValue($_GET['message_id']); +$service_id = getValue($_GET['service_id']); +$shortcode = getValue($_GET['shortcode']); +$keyword = getValue($_GET['keyword']); +$message = getValue($_GET['message']); +$sender = getValue($_GET['sender']); +$operator = getValue($_GET['operator']); +$country = getValue($_GET['country']); +$custom = getValue($_GET['custom']); +$points = getValue($_GET['points']); +$price = getValue($_GET['price']); +$currency = getValue($_GET['currency']); $paygol = $config['paygol']; $new_points = $paygol['points']; From c5c94974a1f6546d3594340daaf2d824ba9b0b6e Mon Sep 17 00:00:00 2001 From: Mark Samman Date: Wed, 29 Oct 2014 19:43:13 +0100 Subject: [PATCH 22/33] Fix SQL injection in adminreport.lua --- LUA/TFS_10/talkaction report system/adminreport.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LUA/TFS_10/talkaction report system/adminreport.lua b/LUA/TFS_10/talkaction report system/adminreport.lua index 43c9b16..b4777ac 100644 --- a/LUA/TFS_10/talkaction report system/adminreport.lua +++ b/LUA/TFS_10/talkaction report system/adminreport.lua @@ -10,7 +10,7 @@ function onSay(cid, words, param, channel) end if player:getStorageValue(storage) <= os.time() then player:sendTextMessage(MESSAGE_INFO_DESCR, "Your report has been received successfully!") - db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , '" .. player:getName() .. "', '" .. player:getPosition().x .. "', '" .. player:getPosition().y .. "', '" .. player:getPosition().z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')") + db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL , " .. db.escapeString(player:getName()) .. ", '" .. player:getPosition().x .. "', '" .. player:getPosition().y .. "', '" .. player:getPosition().z .. "', " .. db.escapeString(param) .. ", '" .. os.time() .. "')") player:setStorageValue(storage, os.time() + delaytime) else player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have to wait " .. player:getStorageValue(storage) - os.time() .. " seconds to report again.") From 496f71a4be0bccd1ea884dc0e308162af5c9bdf4 Mon Sep 17 00:00:00 2001 From: Mark Samman Date: Wed, 29 Oct 2014 19:48:09 +0100 Subject: [PATCH 23/33] Fix SQL injection in user_character_data --- engine/function/users.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/function/users.php b/engine/function/users.php index ac1571c..cb84607 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -1233,7 +1233,7 @@ function user_count_accounts() { */ function user_character_data($user_id) { $data = array(); - $user_id = sanitize($user_id); + $user_id = (int)$user_id; $func_num_args = func_num_args(); $func_get_args = func_get_args(); if ($func_num_args > 1) { From 601c2fcc71f13caef78563d676c78e3118d509a7 Mon Sep 17 00:00:00 2001 From: Mark Samman Date: Wed, 29 Oct 2014 19:50:36 +0100 Subject: [PATCH 24/33] Increase max password length from 32 to 100 --- changepassword.php | 4 ++-- register.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/changepassword.php b/changepassword.php index 0027d5c..8c698ec 100644 --- a/changepassword.php +++ b/changepassword.php @@ -29,8 +29,8 @@ if (empty($_POST) === false) { $errors[] = 'Your new passwords do not match.'; } else if (strlen($_POST['new_password']) < 6) { $errors[] = 'Your new passwords must be at least 6 characters.'; - } else if (strlen($_POST['new_password']) > 32) { - $errors[] = 'Your new passwords must be less than 33 characters.'; + } else if (strlen($_POST['new_password']) > 100) { + $errors[] = 'Your new passwords must be less than 100 characters.'; } } else { $errors[] = 'Your current password is incorrect.'; diff --git a/register.php b/register.php index 6286972..93b2bc3 100644 --- a/register.php +++ b/register.php @@ -57,8 +57,8 @@ if (empty($_POST) === false) { if (strlen($_POST['password']) < 6) { $errors[] = 'Your password must be at least 6 characters.'; } - if (strlen($_POST['password']) > 33) { - $errors[] = 'Your password must be less than 33 characters.'; + if (strlen($_POST['password']) > 100) { + $errors[] = 'Your password must be less than 100 characters.'; } if ($_POST['password'] !== $_POST['password_again']) { $errors[] = 'Your passwords do not match.'; From da8feec5d82dd1464b86ddf24f69e754a4f499e5 Mon Sep 17 00:00:00 2001 From: Znote Date: Sat, 15 Nov 2014 20:35:58 +0100 Subject: [PATCH 25/33] http://3.ii.gl/nhabjNNZb.png Guild list now also shows logo, motd, average level and guild level --- engine/function/general.php | 2 +- engine/function/users.php | 17 +++++++++- guilds.php | 63 ++++++++++++++++++++++++++++--------- 3 files changed, 65 insertions(+), 17 deletions(-) diff --git a/engine/function/general.php b/engine/function/general.php index 51b0fc7..6cd5108 100644 --- a/engine/function/general.php +++ b/engine/function/general.php @@ -503,7 +503,7 @@ function check_image($image) { // Check guild logo function logo_exists($guild) { - + $guild = sanitize($guild); if (file_exists('engine/guildimg/'.$guild.'.gif')) { echo'engine/guildimg/'.$guild.'.gif'; diff --git a/engine/function/users.php b/engine/function/users.php index cb84607..93b3022 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -443,7 +443,7 @@ function create_guild($cid, $name) { $time = time(); // Create the guild - mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', 'The guild has been created!');"); + mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', '');"); // Get guild id $gid = get_guild_id($name); @@ -530,6 +530,21 @@ function get_guild_players($gid) { else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gm.nick AS `guildnick`, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name"); } +// Get guild level data (avg level, total level, count of players) +function get_guild_level_data($gid) { + $gid = (int)$gid; + $data = (config('TFSVersion') !== 'TFS_10') ? mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid';") : mysql_select_multi("SELECT p.level, FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name;"); + $members = 0; + $totallevels = 0; + if ($data !== false) { + foreach ($data as $player) { + $members++; + $totallevels += $player['level']; + } + return array('avg' => (int)($totallevels / $members), 'total' => $totallevels, 'players' => $members); + } else return false; +} + // Returns total members in a guild (integer) function count_guild_members($gid) { $gid = (int)$gid; diff --git a/guilds.php b/guilds.php index 4a96d50..8f96594 100644 --- a/guilds.php +++ b/guilds.php @@ -1,6 +1,26 @@ hasExpired()) { + if ($TFSVersion != 'TFS_10') $guilds = mysql_select_multi("SELECT `t`.`id`, `t`.`name`, `t`.`creationdata`, `motd`, (SELECT count(p.rank_id) FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id =`t`.`id`) AS `total` FROM `guilds` as `t` ORDER BY `t`.`name`;"); + else $guilds = mysql_select_multi("SELECT `id`, `name`, `creationdata`, `motd`, (SELECT COUNT('guild_id') FROM `guild_membership` WHERE `guild_id`=`id`) AS `total` FROM `guilds` ORDER BY `name`;"); + + // Add level data info to guilds + if ($guilds !== false) + for ($i = 0; $i < count($guilds); $i++) + $guilds[$i]['level'] = get_guild_level_data($guilds[$i]['id']); + + $cache->setContent($guilds); + $cache->save(); + } else { + $guilds = $cache->load(); + } + return $guilds; +} + include 'layout/overall/header.php'; if (user_logged_in() === true) { @@ -21,31 +41,42 @@ if (user_logged_in() === true) { if (empty($_GET['name'])) { // Display the guild list -?> -

    Guild List:

    - - - - + + + + = 1) { $url = url("guilds.php?name=". $guild['name']); - echo ''; - echo ''; - echo ''; - echo ''; - echo ''; + ?> + + + + + + '. getClock($guild['creationdata'], true) .''; } } ?> @@ -87,6 +118,8 @@ if (user_logged_in() === true) { $gid = get_guild_id($guildname); if ($gid === false) { create_guild($user_id, $guildname); + // Re-cache the guild list + $guilds = guild_list($config['TFSVersion']); header('Location: success.php'); exit(); } else echo 'A guild with that name already exist.'; @@ -176,7 +209,7 @@ if (user_logged_in() === true) { ".sanitize($_GET['error'])."

    " : ""; ?>
    - +
    From d6efb54577fd067ab890b9ddc8c84ece9c9aff50 Mon Sep 17 00:00:00 2001 From: Znote Date: Sun, 16 Nov 2014 16:00:54 +0100 Subject: [PATCH 26/33] Removing some dodgy sample scripts which are uneccesary. Fixed an issue where the config function was wrong. http://otland.net/threads/znote-aac-1-4-tfs-0-2-13-tfs-0-3-6-0-4.166722/page-45#post-2157676 Added a small tip on how to to use the youtube embed when posting news. --- admin_news.php | 2 +- captcha/examples/display_value.php | 60 ------------ captcha/examples/securimage_show_example.php | 65 ------------ captcha/examples/securimage_show_example2.php | 63 ------------ captcha/examples/static_captcha.php | 98 ------------------- engine/function/users.php | 2 +- 6 files changed, 2 insertions(+), 288 deletions(-) delete mode 100644 captcha/examples/display_value.php delete mode 100644 captcha/examples/securimage_show_example.php delete mode 100644 captcha/examples/securimage_show_example2.php delete mode 100644 captcha/examples/static_captcha.php diff --git a/admin_news.php b/admin_news.php index 98895f2..e9a8dfc 100644 --- a/admin_news.php +++ b/admin_news.php @@ -41,7 +41,7 @@ if (empty($_POST) === false) { } ?> -
    + [youtube]wK0w0x62PjA[/youtube]

    diff --git a/captcha/examples/display_value.php b/captcha/examples/display_value.php deleted file mode 100644 index d4620bc..0000000 --- a/captcha/examples/display_value.php +++ /dev/null @@ -1,60 +0,0 @@ - date('h:i:s a'), - 'captchaId' => sha1(uniqid($_SERVER['REMOTE_ADDR'] . $_SERVER['REMOTE_PORT'])), - 'image_width' => 250, - 'no_session' => true, - 'no_exit' => true, - 'use_sqlite_db' => false, - 'send_headers' => false); - -// construct new Securimage object with the given options -$img = new Securimage($options); - -// show the image using the supplied display_value -// this demonstrates how to use output buffering to capture the output - -ob_start(); // start the output buffer -$img->show(); // output the image so it is captured by the buffer -$imgBinary = ob_get_contents(); // get contents of the buffer -ob_end_clean(); // turn off buffering and clear the buffer - -header('Content-Type: image/png'); -header('Content-Length: ' . strlen($imgBinary)); - -echo $imgBinary; - diff --git a/captcha/examples/securimage_show_example.php b/captcha/examples/securimage_show_example.php deleted file mode 100644 index 0c08cbb..0000000 --- a/captcha/examples/securimage_show_example.php +++ /dev/null @@ -1,65 +0,0 @@ - - * File: securimage_show_example.php
    - * - * Copyright (c) 2012, Drew Phillips - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * Any modifications to the library should be indicated clearly in the source code - * to inform users that the changes are not a part of the original software.

    - * - * If you found this script useful, please take a quick moment to rate it.
    - * http://www.hotscripts.com/rate/49400.html Thanks. - * - * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA - * @link http://www.phpcaptcha.org/latest.zip Download Latest Version - * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation - * @copyright 2012 Drew Phillips - * @author Drew Phillips - * @version 3.2RC2 (April 2012) - * @package Securimage - * - */ - -require_once '../securimage.php'; - -$img = new Securimage(); - -//Change some settings -$img->image_width = 250; -$img->image_height = 80; -$img->perturbation = 0.85; -$img->image_bg_color = new Securimage_Color("#f6f6f6"); -$img->use_transparent_text = true; -$img->text_transparency_percentage = 30; // 100 = completely transparent -$img->num_lines = 7; -$img->line_color = new Securimage_Color("#eaeaea"); -$img->image_signature = 'phpcaptcha.org'; -$img->signature_color = new Securimage_Color(rand(0, 64), rand(64, 128), rand(128, 255)); -$img->use_wordlist = true; - -$img->show('backgrounds/bg3.jpg'); // alternate use: $img->show('/path/to/background_image.jpg'); - diff --git a/captcha/examples/securimage_show_example2.php b/captcha/examples/securimage_show_example2.php deleted file mode 100644 index 2b27157..0000000 --- a/captcha/examples/securimage_show_example2.php +++ /dev/null @@ -1,63 +0,0 @@ - - * File: securimage_show_example2.php
    - * - * Copyright (c) 2012, Drew Phillips - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without modification, - * are permitted provided that the following conditions are met: - * - * - Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - * - * Any modifications to the library should be indicated clearly in the source code - * to inform users that the changes are not a part of the original software.

    - * - * If you found this script useful, please take a quick moment to rate it.
    - * http://www.hotscripts.com/rate/49400.html Thanks. - * - * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA - * @link http://www.phpcaptcha.org/latest.zip Download Latest Version - * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation - * @copyright 2012 Drew Phillips - * @author Drew Phillips - * @version 3.2RC2 (April 2012) - * @package Securimage - * - */ - -require_once '../securimage.php'; - -$img = new Securimage(); - -//Change some settings -$img->image_width = 280; -$img->image_height = 100; -$img->perturbation = 0.9; // high level of distortion -$img->code_length = rand(5,6); // random code length -$img->image_bg_color = new Securimage_Color("#ffffff"); -$img->num_lines = 12; -$img->noise_level = 5; -$img->text_color = new Securimage_Color("#000000"); -$img->noise_color = $img->text_color; -$img->line_color = new Securimage_Color("#cccccc"); - -$img->show(); diff --git a/captcha/examples/static_captcha.php b/captcha/examples/static_captcha.php deleted file mode 100644 index 1dd6234..0000000 --- a/captcha/examples/static_captcha.php +++ /dev/null @@ -1,98 +0,0 @@ -Success" - ."The captcha code entered was correct!" - ."

    "; - } else { - echo "

    Incorrect Code

    " - ."Incorrect captcha code, try again." - ."

    "; - } - -} else if (isset($_GET['display'])) { - // display the captcha with the supplied ID from the URL - - // construct options specifying the existing captcha ID - // also tell securimage not to start a session - $options = array('captchaId' => $captchaId, - 'no_session' => true); - $captcha = new Securimage($options); - - // show the image, this sends proper HTTP headers - $captcha->show(); - exit; -} - -// generate a new captcha ID and challenge -$captchaId = Securimage::getCaptchaId(); - -// output the captcha ID, and a form to validate it -// the form submits to itself and is validated above -echo << - - - - Static Captcha Example - - -

    Static Captcha Example

    - -
    - Synopsis: -
      -
    • Request new captchaId using Securimage::getCaptchaId()
      • -
    • Display form with hidden field containing captchaId
      • -
    • Display captcha image passing the captchaId to the image
      • -
    • Validate captcha input against captchaId using Securimage::checkByCaptchaId()
      • -
    -
    -

     

    -
    - Captcha ID: $captchaId

    - Captcha Image
    - -
    - - - Enter Code: - - - -
    - - -EOD; diff --git a/engine/function/users.php b/engine/function/users.php index 93b3022..b804f0a 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -808,7 +808,7 @@ function user_delete_character_soft($char_id) { $char_name = user_character_name($char_id); $original_acc_id = user_character_account_id($char_name); if(!user_character_pending_delete($char_name)) - mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . Config('delete_character_interval') . '), 0)'); + mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . config('delete_character_interval') . '), 0)'); else return false; } From 05e7b62aec6892b65a6e131ae3909ac6f5c00bf5 Mon Sep 17 00:00:00 2001 From: Martin Nylind Date: Thu, 27 Nov 2014 16:05:04 +0100 Subject: [PATCH 27/33] Revised forms in myaccount.php Combines the separate forms in myaccount.php into a single row with character and action selects. --- myaccount.php | 570 +++++++++++++++++++++++--------------------------- 1 file changed, 260 insertions(+), 310 deletions(-) diff --git a/myaccount.php b/myaccount.php index 22e3c21..dcc8a0b 100644 --- a/myaccount.php +++ b/myaccount.php @@ -1,52 +1,6 @@ shop!"; -} -// end -// Change character sex -if (!empty($_POST['change_gender'])) { - if (!Token::isValid($_POST['token'])) { - exit(); - } - if (user_character_account_id($_POST['change_gender']) === $session_user_id) { - $char_name = sanitize($_POST['change_gender']); - $char_id = (int)user_character_id($char_name); - $account_id = user_character_account_id($char_name); - - if ($config['TFSVersion'] == 'TFS_10') { - $chr_data = user_is_online_10($char_id); - } else $chr_data = user_character_data($char_id, 'online'); - - if ($chr_data['online'] != 1) { - // Verify that we are not messing around with data - if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging."); - - // Fetch character tickets - $tickets = shop_account_gender_tickets($account_id); - if ($tickets !== false || $config['free_sex_change'] == true) { - // They are allowed to change gender - $last = false; - $infinite = false; - $tks = 0; - // Do we have any infinite tickets? - foreach ($tickets as $ticket) { - if ($ticket['count'] == 0) $infinite = true; - else if ($ticket > 0 && $infinite === false) $tks += (int)$ticket['count']; +// Handle POST +if (!empty($_POST['selected_character'])) { + if (!empty($_POST['action'])) { + // Validate token + if (!Token::isValid($_POST['token'])) { + exit(); + } + // Sanitize values + $action = getValue($_POST['action']); + $char_name = getValue($_POST['selected_character']); + + // Handle actions + switch($action) { + // Change character comment PAGE2 (Success). + case 'update_comment': + if (user_character_account_id($char_name) === $session_user_id) { + user_update_comment(user_character_id($char_name), getValue($_POST['comment'])); + echo 'Successfully updated comment.'; } - if ($infinite === true) $tks = 0; - $dbid = (int)$tickets[0]['id']; - // If they dont have unlimited tickets, remove a count from their ticket. - if ($tickets[0]['count'] > 1) { // Decrease count - $tks--; - $tkr = ((int)$tickets[0]['count'] - 1); - shop_update_row_count($dbid, $tkr); - } else if ($tickets[0]['count'] == 1) { // Delete record - shop_delete_row_order($dbid); - $tks--; + break; + // end + // Hide character + case 'toggle_hide': + $hide = (user_character_hide($char_name) == 1 ? 0 : 1); + if (user_character_account_id($char_name) === $session_user_id) { + user_character_set_hide(user_character_id($char_name), $hide); } - - // Change character gender: - // - user_character_change_gender($char_name); - echo 'You have successfully changed gender on character '. $char_name .'.'; - if ($tks > 0) echo '
    You have '. $tks .' gender change tickets left.'; - else if ($infinite !== true) echo '
    You are out of tickets.'; - } else echo 'You don\'t have any character gender tickets, buy them in the SHOP!'; - } else echo 'Your character must be offline.'; + break; + // end + // DELETE character + case 'delete_character': + if (user_character_account_id($char_name) === $session_user_id) { + $charid = user_character_id($char_name); + if ($charid !== false) { + if ($config['TFSVersion'] === 'TFS_10') { + if (!user_is_online_10($charid)) { + if (guild_leader_gid($charid) === false) user_delete_character_soft($charid); + else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.'; + } else echo 'Character must be offline first.'; + } else { + $chr_data = user_character_data($charid, 'online'); + if ($chr_data['online'] != 1) { + if (guild_leader_gid($charid) === false) user_delete_character_soft($charid); + else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.'; + } else echo 'Character must be offline first.'; + } + } + } + break; + // end + // CHANGE character name + case 'change_name': + $oldname = $char_name; + $newname = getValue($_POST['newName']); + + // Check if user is online + $player = false; + if ($config['TFSVersion'] === 'TFS_10') { + $player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '$oldname'"); + $player['online'] = (user_is_online_10($player['id'])) ? 1 : 0; + } else $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '$oldname'"); + + // Check if player has bough ticket + $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' LIMIT 1;"); + if ($order !== false) { + // Check if player and account matches + if ($session_user_id == $player['account_id'] && $session_user_id == $order['account_id']) { + // Check if new name is not occupied + $exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='$newname';"); + if (!$exist) { + // Check if new name follow rules + $newname = validate_name($newname); + if ($newname !== false) { + $error = false; + // name restriction + $resname = explode(" ", $_POST['name']); + foreach($resname as $res) { + if(in_array(strtolower($res), $config['invalidNameTags'])) { + $error = true; + } + else if(strlen($res) == 1) { + $error = true; + } + } + // Check name for illegal characters. + function checkNewNameForIllegal($name) { + if (preg_match('#^[\0-9åäö&()+%/*$€é,.\'"-]*$#i', $name)) { + return true; + } + return false; + } + if (checkNewNameForIllegal($newname)) { + $error = true; + echo 'This name contains illegal characters.'; + } + if ($error === false) { + // Change the name! + mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;"); + mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;"); + } + } else echo 'Name validation failed, use another name.'; + } else echo 'The character name you wish to change to already exist.'; + } else echo 'Failed to sync your account. :|'; + } else echo 'Did not find any name change tickets, but them in our shop!'; + break; + // end + // Change character sex + case 'change_gender': + if (user_character_account_id($char_name) === $session_user_id) { + $char_id = (int)user_character_id($char_name); + $account_id = user_character_account_id($char_name); + + if ($config['TFSVersion'] == 'TFS_10') { + $chr_data = user_is_online_10($char_id); + } else $chr_data = user_character_data($char_id, 'online'); + + if ($chr_data['online'] != 1) { + // Verify that we are not messing around with data + if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging."); + + // Fetch character tickets + $tickets = shop_account_gender_tickets($account_id); + if ($tickets !== false || $config['free_sex_change'] == true) { + // They are allowed to change gender + $last = false; + $infinite = false; + $tks = 0; + // Do we have any infinite tickets? + foreach ($tickets as $ticket) { + if ($ticket['count'] == 0) $infinite = true; + else if ($ticket > 0 && $infinite === false) $tks += (int)$ticket['count']; + } + if ($infinite === true) $tks = 0; + $dbid = (int)$tickets[0]['id']; + // If they dont have unlimited tickets, remove a count from their ticket. + if ($tickets[0]['count'] > 1) { // Decrease count + $tks--; + $tkr = ((int)$tickets[0]['count'] - 1); + shop_update_row_count($dbid, $tkr); + } else if ($tickets[0]['count'] == 1) { // Delete record + shop_delete_row_order($dbid); + $tks--; + } + + // Change character gender: + // + user_character_change_gender($char_name); + echo 'You have successfully changed gender on character '. $char_name .'.'; + if ($tks > 0) echo '
    You have '. $tks .' gender change tickets left.'; + else if ($infinite !== true) echo '
    You are out of tickets.'; + } else echo 'You don\'t have any character gender tickets, buy them in the SHOP!'; + } else echo 'Your character must be offline.'; + } + break; + // end + // Change character comment PAGE1: + case 'change_comment': + $render_page = false; // Regular "myaccount" page should not render + if (user_character_account_id($char_name) === $session_user_id) { + $comment_data = user_znote_character_data(user_character_id($char_name), 'comment'); + ?> + +

    Change comment on:

    +
    +
      +
    • + + +
      • +
    • + Comment:
      + +
      • + +
      • +
    + + - -

    Change comment on:

    -
    -
      -
    • - -
      • -
    • - Comment:
      - -
      • - -
      • -
    - - new DateTime()) echo 'CAUTION! Your character with name ' . $delete['character_name'] . ' will be deleted on ' . $delete['time'] . '. Cancel this operation.
    '; @@ -216,6 +218,8 @@ if (!empty($_POST['selected_comment'])) { $char_count--; } } + } + ?>

    My account

    @@ -223,7 +227,6 @@ if (!empty($_POST['selected_comment'])) { You have days remaining premium account.

    Character List: characters.

    Guild name:Members:Founded:LogoDescriptionGuild data
    '. $guild['name'] .''. $guild['total'] .''. getClock($guild['creationdata'], true) .'
    + + + + 0) echo '
    '.$guild['motd']; ?> +     		+ +
    +
    +
    - -
    -
      -
    • - Character hide:
      - + '. $characters[$i] .''; + } else { + echo ''; + } } - } - ?> - - - -
      • -
    -
    - -
    -
      -
    • - Character comment:
      - - - -
      • -
    -
    - -
    -
      -
    • - Change character gender:
      - - - -
      • -
    -
    - -
    -
      -
    • - Change character name:
      - - - - -
      • -
    -
    - -
    -
      -
    • - Delete character:
      - - - -
      • -
    -
    - - - create one?'; - } - //Done. + ?> + + + + + + + + + + + + + create one?'; } ?> + + + Date: Fri, 28 Nov 2014 17:37:26 +0100 Subject: [PATCH 28/33] Update myaccount.php --- myaccount.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/myaccount.php b/myaccount.php index dcc8a0b..958e46c 100644 --- a/myaccount.php +++ b/myaccount.php @@ -119,7 +119,7 @@ if (!empty($_POST['selected_character'])) { } else echo 'Name validation failed, use another name.'; } else echo 'The character name you wish to change to already exist.'; } else echo 'Failed to sync your account. :|'; - } else echo 'Did not find any name change tickets, but them in our shop!'; + } else echo 'Did not find any name change tickets, buy them in our shop!'; break; // end // Change character sex From e34e9598a06b586225372ae2c5b9fb9d3bcebd5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Bj=C3=B6rkholm?= Date: Fri, 28 Nov 2014 17:54:34 +0100 Subject: [PATCH 29/33] Fix typo (function get_guild_level_data) --- engine/function/users.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/function/users.php b/engine/function/users.php index b804f0a..338d271 100644 --- a/engine/function/users.php +++ b/engine/function/users.php @@ -533,7 +533,7 @@ function get_guild_players($gid) { // Get guild level data (avg level, total level, count of players) function get_guild_level_data($gid) { $gid = (int)$gid; - $data = (config('TFSVersion') !== 'TFS_10') ? mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid';") : mysql_select_multi("SELECT p.level, FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name;"); + $data = (config('TFSVersion') !== 'TFS_10') ? mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid';") : mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name;"); $members = 0; $totallevels = 0; if ($data !== false) { From a15f7eb3648893dfacc3c26243f91bae0b38e535 Mon Sep 17 00:00:00 2001 From: Martin Nylind Date: Sun, 30 Nov 2014 17:01:18 +0100 Subject: [PATCH 30/33] Update special/database2znoteaac.php Now properly passing id and not array to queries and user_data. --- special/database2znoteaac.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/special/database2znoteaac.php b/special/database2znoteaac.php index 56e2c05..45f6207 100644 --- a/special/database2znoteaac.php +++ b/special/database2znoteaac.php @@ -82,23 +82,25 @@ require '../engine/function/users.php'; if (isset($old_accounts) && $old_accounts !== false) { $time = time(); foreach ($old_accounts as $old) { - + // Get acc id + $old_id = $old['id']; + // Make acc data compatible: - mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$old', '0', '$time')"); + mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$old_id', '0', '$time')"); $updated_acc += 1; // Fetch unsalted password if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) { - $password = user_data($old, 'password', 'salt'); + $password = user_data($old_id, 'password', 'salt'); $p_pass = str_replace($password['salt'],"",$password['password']); } if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) { - $password = user_data($old, 'password'); + $password = user_data($old_id, 'password'); $p_pass = $password['password']; } // Verify lenght of password is less than 28 characters (most likely a plain password) - if (strlen($p_pass) < 28 && $old > 1) { + if (strlen($p_pass) < 28 && $old_id > 1) { // encrypt it with sha1 if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) $p_pass = sha1($p_pass); if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) $p_pass = sha1($password['salt'].$p_pass); From b51c168555c065c988c2e495bda1f33aa03aef07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Bj=C3=B6rkholm?= Date: Fri, 16 Jan 2015 08:43:04 +0100 Subject: [PATCH 31/33] Minor fixes --- characterprofile.php | 73 +++++++++++++-------------- createcharacter.php | 2 +- myaccount.php | 116 ++++++++++++++++++++++++------------------- 3 files changed, 104 insertions(+), 87 deletions(-) diff --git a/characterprofile.php b/characterprofile.php index f2b1872..7ad5676 100644 --- a/characterprofile.php +++ b/characterprofile.php @@ -58,7 +58,7 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false) { if ($config['Ach'] == true) { foreach ($achievementPoints as $achievement) { if ($achievement > 0) //if player doesn't have any achievement points it won't echo the line below. - echo 'Achievement Points' .$achievement. ' '; + echo '
  • Achievement Points: ' .$achievement. '
    • '; } } ?> @@ -109,41 +109,42 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false) {
  • Created:
  • Comment:
    • - - -

    Achievements

    -
    -

    Show/hide player achievements

    -
    - - - - $achiv) { - $uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='$user_id' AND `key`='$key' LIMIT 1;"); - foreach ($uery as $luery) - if (($luery) == $key) - { - if (!array_key_exists(($achiv), $config['achievements'])) { - echo ''; - if ($achiv['secret'] == true) { - echo ''; - echo ''; - } else { - echo ''; - } - echo ''; - } - } - } - ?> - -
    ' .$achiv[0]. '' .$achiv[1]. ''. $achiv['points'] .''. $achiv['points'] .'
    -
    + + +

    Achievements

    +
    +

    Show/hide player achievements

    +
    + + + + $achiv) { + $uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='$user_id' AND `key`='$key' LIMIT 1;"); + if (!empty($uery) || $uery !== false) { + foreach ($uery as $luery) { + if ($luery == $key) { + if (!array_key_exists($key, $achiv)) { + echo ''; + if (!isset($achiv['secret'])) { + echo ''; + } + echo ''; + echo ''; + } + } + } + } + } + ?> + +
    ' .$achiv[0]. '' .$achiv[1]. ''. $achiv['points'] .'
    +
    +

    diff --git a/createcharacter.php b/createcharacter.php index 32d34f8..fbbdc19 100644 --- a/createcharacter.php +++ b/createcharacter.php @@ -28,7 +28,7 @@ if (empty($_POST) === false) { $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; } if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) { - $errors[] = 'Your character name must be between 4 - 20 characters long.'; + $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.'; } // name restriction $resname = explode(" ", $_POST['name']); diff --git a/myaccount.php b/myaccount.php index 958e46c..79455f8 100644 --- a/myaccount.php +++ b/myaccount.php @@ -37,6 +37,7 @@ if (!empty($_POST['selected_character'])) { } break; // end + // Hide character case 'toggle_hide': $hide = (user_character_hide($char_name) == 1 ? 0 : 1); @@ -45,6 +46,7 @@ if (!empty($_POST['selected_character'])) { } break; // end + // DELETE character case 'delete_character': if (user_character_account_id($char_name) === $session_user_id) { @@ -66,62 +68,76 @@ if (!empty($_POST['selected_character'])) { } break; // end + // CHANGE character name case 'change_name': $oldname = $char_name; - $newname = getValue($_POST['newName']); + $newname = isset($_POST['newName']) ? getValue($_POST['newName']) : ''; - // Check if user is online $player = false; if ($config['TFSVersion'] === 'TFS_10') { $player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '$oldname'"); $player['online'] = (user_is_online_10($player['id'])) ? 1 : 0; } else $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '$oldname'"); + // Check if user is online + if ($player['online'] == 1) { + $errors[] = 'Character must be offline first.'; + } + // Check if player has bough ticket - $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' LIMIT 1;"); - if ($order !== false) { - // Check if player and account matches - if ($session_user_id == $player['account_id'] && $session_user_id == $order['account_id']) { - // Check if new name is not occupied - $exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='$newname';"); - if (!$exist) { - // Check if new name follow rules - $newname = validate_name($newname); - if ($newname !== false) { - $error = false; - // name restriction - $resname = explode(" ", $_POST['name']); - foreach($resname as $res) { - if(in_array(strtolower($res), $config['invalidNameTags'])) { - $error = true; - } - else if(strlen($res) == 1) { - $error = true; - } - } - // Check name for illegal characters. - function checkNewNameForIllegal($name) { - if (preg_match('#^[\0-9åäö&()+%/*$€é,.\'"-]*$#i', $name)) { - return true; - } - return false; - } - if (checkNewNameForIllegal($newname)) { - $error = true; - echo 'This name contains illegal characters.'; - } - if ($error === false) { - // Change the name! - mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;"); - mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;"); - } - } else echo 'Name validation failed, use another name.'; - } else echo 'The character name you wish to change to already exist.'; - } else echo 'Failed to sync your account. :|'; - } else echo 'Did not find any name change tickets, buy them in our shop!'; + $accountId = $player['account_id']; + $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '$accountId' LIMIT 1;"); + if ($order === false) { + $errors[] = 'Did not find any name change tickets, buy them in our shop!'; + } + + // Check if player and account matches + if ($session_user_id != $accountId || $session_user_id != $order['account_id']) { + $errors[] = 'Failed to sync your account. :|'; + } + + $newname = validate_name($newname); + if ($newname === false) { + $errors[] = 'Your name can not contain more than 2 words.'; + } else { + if (empty($newname)) { + $errors[] = 'Please enter a name!'; + } else if (user_character_exist($newname) !== false) { + $errors[] = 'Sorry, that character name already exist.'; + } else if (!preg_match("/^[a-zA-Z_ ]+$/", $newname)) { + $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; + } else if (strlen($newname) < $config['minL'] || strlen($newname) > $config['maxL']) { + $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.'; + } else if (!ctype_upper($newname{0})) { + $errors[] = 'The first letter of a name has to be a capital letter!'; + } + + // name restriction + $resname = explode(" ", $_POST['newName']); + foreach($resname as $res) { + if(in_array(strtolower($res), $config['invalidNameTags'])) { + $errors[] = 'Your username contains a restricted word.'; + } else if(strlen($res) == 1) { + $errors[] = 'Too short words in your name.'; + } + } + } + + if (!empty($newname) && empty($errors)) { + echo 'You have successfully changed your character name to ' . $newname . '.'; + mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;"); + mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;"); + + } else if (!empty($errors)) { + echo ''; + echo output_errors($errors); + echo ''; + } + break; // end + // Change character sex case 'change_gender': if (user_character_account_id($char_name) === $session_user_id) { @@ -129,9 +145,8 @@ if (!empty($_POST['selected_character'])) { $account_id = user_character_account_id($char_name); if ($config['TFSVersion'] == 'TFS_10') { - $chr_data = user_is_online_10($char_id); + $chr_data['online'] = user_is_online_10($char_id) ? 1 : 0; } else $chr_data = user_character_data($char_id, 'online'); - if ($chr_data['online'] != 1) { // Verify that we are not messing around with data if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging."); @@ -171,6 +186,7 @@ if (!empty($_POST['selected_character'])) { } break; // end + // Change character comment PAGE1: case 'change_comment': $render_page = false; // Regular "myaccount" page should not render @@ -247,9 +263,9 @@ if ($render_page) { } ?> - - - + + +
    - -
    + + create one?'; From 8be97a48b1d6ddded1fc3255fb8556fb8d2696c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Bj=C3=B6rkholm?= Date: Fri, 16 Jan 2015 18:24:58 +0100 Subject: [PATCH 32/33] Minor fixes --- admin.php | 2 +- admin_helpdesk.php | 72 +++++++++++++++++++++++++++++++++++----------- guilds.php | 4 ++- helpdesk.php | 21 ++++++++++---- 4 files changed, 74 insertions(+), 25 deletions(-) diff --git a/admin.php b/admin.php index ef66c40..da5cccb 100644 --- a/admin.php +++ b/admin.php @@ -50,7 +50,7 @@ if (empty($_POST) === false) { $acc_id = user_character_account_id($_POST['reset_pass']); if ($acc_id != $session_user_id) { - if ($config['TFSVersion'] == 'TFS_02') { + if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') { user_change_password($acc_id, $_POST['new_pass']); } else if ($config['TFSVersion'] == 'TFS_03') { user_change_password03($acc_id, $_POST['new_pass']); diff --git a/admin_helpdesk.php b/admin_helpdesk.php index 46f4304..fc41a43 100644 --- a/admin_helpdesk.php +++ b/admin_helpdesk.php @@ -1,4 +1,4 @@ - - - - Created by: - @@ -51,11 +64,11 @@ if ($view !== false){ @@ -66,19 +79,44 @@ if ($view !== false){
    - - - Posted by: -
    -
    -
    -
    -
    - -
    + + + + + + + +
    +
    + + + + + + +
    +     		+
    + + +
    +
    + + +
    +
    +
    +
    + +
    + + ?>

    Latest Tickets

    \ No newline at end of file diff --git a/guilds.php b/guilds.php index 8f96594..3553de9 100644 --- a/guilds.php +++ b/guilds.php @@ -239,12 +239,14 @@ if (user_logged_in() === true) { } } //data_dump($players, false, "Data"); + $rankName = ''; foreach ($players as $player) { if ($config['TFSVersion'] !== 'TFS_10') { $chardata['online'] = $player['online']; } else $chardata['online'] = (in_array($player['id'], $onlinelist)) ? 1 : 0; echo ''; - echo ''. $player['rank_name'] .''; + echo '' . ($rankName !== $player['rank_name'] ? $player['rank_name'] : '') . ''; + $rankName = $player['rank_name']; echo ''. $player['name'] .''; if (!empty($player['guildnick'])) { echo ' ('. $player['guildnick'] .')'; diff --git a/helpdesk.php b/helpdesk.php index 5704c55..6580bc3 100644 --- a/helpdesk.php +++ b/helpdesk.php @@ -29,7 +29,13 @@ if ($view !== false) { die; } ?> -

    View Ticket #

    +

    View Ticket # + [CLOSED]'; + } + ?>

    @@ -76,11 +82,14 @@ if ($view !== false) { } } ?> -
    -
    -
    - -
    + + +
    +
    +
    + +
    + Date: Tue, 17 Feb 2015 15:54:38 +0100 Subject: [PATCH 33/33] Fix #188 No longer prompts users to activate account when email activation is disabled in config. --- register.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/register.php b/register.php index 93b2bc3..094bb79 100644 --- a/register.php +++ b/register.php @@ -82,7 +82,7 @@ if (empty($_POST) === false) {

    Register Account

    Email authentication required

    We have sent you an email with an activation link to your submitted email address.