Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-30 11:19:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Mysqli support added. Many functions improved.

Browse Source
This commit is contained in:
Stefan Brannfjell 2014-02-02 20:23:00 +01:00
parent 85b427ec2d
commit 7a5a4eb410
4 changed files with 198 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
engine/database/connect.php
View File

@ -194,21 +194,29 @@ CREATE TABLE IF NOT EXISTS `znote_forum_posts` (
</ol> </ol>
"; ";
mysql_connect($config['sqlHost'], $config['sqlUser'], $config['sqlPassword']) or die('<h1>Failed to connect to database.</h1>'. $install); $connect = new mysqli($config['sqlHost'], $config['sqlUser'], $config['sqlPassword'], $config['sqlDatabase']);
mysql_select_db($config['sqlDatabase']) or die('<h1>Connection accepted but failed to find configured database name.</h1>'. $install); if ($connect->connect_errno) {
echo "Failed to connect to MySQL: (" . $connect->connect_errno . ") " . $connect->connect_error . $install;
}
function mysql_real_escape_string($escapestr) {
global $connect;
return mysqli_real_escape_string($connect, $escapestr);
}
// Select single row from database // Select single row from database
function mysql_select_single($query) { function mysql_select_single($query) {
$result = mysql_query($query) or die(var_dump($query)."<br>(query - <font color='red'>SQL error</font>) <br>Type: <b>select_single</b> (select single row from database)<br><br>".mysql_error()); global $connect;
$row = mysql_fetch_assoc($result); $result = mysqli_query($connect,$query) or die(var_dump($query)."<br>(query - <font color='red'>SQL error</font>) <br>Type: <b>select_single</b> (select single row from database)<br><br>".mysqli_error($connect));
$row = mysqli_fetch_assoc($result);
return !empty($row) ? $row : false; return !empty($row) ? $row : false;
} }
// Selecting multiple rows from database. // Selecting multiple rows from database.
function mysql_select_multi($query){ function mysql_select_multi($query){
global $connect;
$array = array(); $array = array();
$results = mysql_query($query) or die(var_dump($query)."<br>(query - <font color='red'>SQL error</font>) <br>Type: <b>select_multi</b> (select multiple rows from database)<br><br>".mysql_error()); $results = mysqli_query($connect,$query) or die(var_dump($query)."<br>(query - <font color='red'>SQL error</font>) <br>Type: <b>select_multi</b> (select multiple rows from database)<br><br>".mysqli_error($connect));
while($row = mysql_fetch_assoc($results)) { while($row = mysqli_fetch_assoc($results)) {
$array[] = $row; $array[] = $row;
} }
return !empty($array) ? $array : false; return !empty($array) ? $array : false;
@ -225,6 +233,7 @@ function mysql_insert($query){ voidQuery($query); }
function mysql_delete($query){ voidQuery($query); } function mysql_delete($query){ voidQuery($query); }
// Send a void query // Send a void query
function voidQuery($query) { function voidQuery($query) {
mysql_query($query) or die(var_dump($query)."<br>(query - <font color='red'>SQL error</font>) <br>Type: <b>voidQuery</b> (voidQuery is used for update, insert or delete from database)<br><br>".mysql_error()); global $connect;
mysqli_query($connect,$query) or die(var_dump($query)."<br>(query - <font color='red'>SQL error</font>) <br>Type: <b>voidQuery</b> (voidQuery is used for update, insert or delete from database)<br><br>".mysqli_error($connect));
} }
?> ?>

31
engine/function/general.php
View File

@ -99,23 +99,18 @@ function url($path = false) {
// Get last cached // Get last cached
function getCache() { function getCache() {
return mysql_result(mysql_query("SELECT `cached` FROM `znote`;"), 0, 'cached'); $results = mysql_select_single("SELECT `cached` FROM `znote`;");
return ($results !== false) ? $results['cached'] : false;
} }
function setCache($time) { function setCache($time) {
$time = (int)$time; $time = (int)$time;
mysql_query("UPDATE `znote` set `cached`='$time'"); mysql_update("UPDATE `znote` set `cached`='$time'");
} }
// Get visitor basic data // Get visitor basic data
function znote_visitors_get_data() { function znote_visitors_get_data() {
// select return mysql_select_multi("SELECT `ip`, `value` FROM `znote_visitors`");
$result = mysql_query("SELECT `ip`, `value` FROM `znote_visitors`");
while ($row = mysql_fetch_assoc($result)) {
$data[] = $row;
}
if (isset($data)) return $data;
else return false;
} }
// Set visitor basic data // Set visitor basic data
@ -133,23 +128,17 @@ function znote_visitor_set_data($visitor_data) {
if ($exist && isset($value)) { if ($exist && isset($value)) {
// Update the value // Update the value
$value++; $value++;
mysql_query("UPDATE `znote_visitors` SET `value` = '$value' WHERE `ip` = '$ip'") or die(mysql_error()); mysql_update("UPDATE `znote_visitors` SET `value` = '$value' WHERE `ip` = '$ip'");
} else { } else {
// Insert new row // Insert new row
mysql_query("INSERT INTO `znote_visitors` (`ip`, `value`) VALUES ('$ip', '1')") or die(mysql_error()); mysql_insert("INSERT INTO `znote_visitors` (`ip`, `value`) VALUES ('$ip', '1')");
} }
} }
// Get visitor basic data // Get visitor basic data
function znote_visitors_get_detailed_data($cache_time) { function znote_visitors_get_detailed_data($cache_time) {
$period = (int)time() - (int)$cache_time; $period = (int)time() - (int)$cache_time;
// select return mysql_select_multi("SELECT `ip`, `time`, `type`, `account_id` FROM `znote_visitors_details` WHERE `time` >= '$period' LIMIT 0, 50");
$result = mysql_query("SELECT `ip`, `time`, `type`, `account_id` FROM `znote_visitors_details` WHERE `time` >= '$period' LIMIT 0, 50");
while ($row = mysql_fetch_assoc($result)) {
$data[] = $row;
}
if (isset($data)) return $data;
else return false;
} }
function znote_visitor_insert_detailed_data($type) { function znote_visitor_insert_detailed_data($type) {
@ -163,10 +152,10 @@ function znote_visitor_insert_detailed_data($type) {
*/ */
$time = time(); $time = time();
$ip = ip2long(getIP()); $ip = ip2long(getIP());
if (user_logged_in() === true) { if (user_logged_in()) {
$acc = $_SESSION['user_id']; $acc = $_SESSION['user_id'];
mysql_query("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '$acc')") or die(mysql_error()); mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '$acc')");
} else mysql_query("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '0')") or die(mysql_error()); } else mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '0')");
} }
function something () { function something () {

411
engine/function/users.php
View File

@ -16,13 +16,13 @@ function insertImage($account_id, $title, $desc, $image) {
$image = sanitize($image); $image = sanitize($image);
$account_id = (int)$account_id; $account_id = (int)$account_id;
$time = time(); $time = time();
mysql_query("INSERT INTO `znote_images` (`title`, `desc`, `date`, `status`, `image`, `account_id`) VALUES ('$title', '$desc', '$time', '1', '$image', '$account_id');"); mysql_insert("INSERT INTO `znote_images` (`title`, `desc`, `date`, `status`, `image`, `account_id`) VALUES ('$title', '$desc', '$time', '1', '$image', '$account_id');");
} }
function updateImage($id, $status) { function updateImage($id, $status) {
$id = (int)$id; $id = (int)$id;
$status = (int)$status; $status = (int)$status;
mysql_query("UPDATE `znote_images` SET `status`='$status' WHERE `id`='$id';"); mysql_update("UPDATE `znote_images` SET `status`='$status' WHERE `id`='$id';");
} }
// Fetch killers score // Fetch killers score
@ -149,25 +149,18 @@ function support_list() {
// NEWS // NEWS
function fetchAllNews() { function fetchAllNews() {
$query = mysql_query("SELECT * FROM `znote_news` ORDER BY `id` DESC;"); $data = mysql_select_multi("SELECT * FROM `znote_news` ORDER BY `id` DESC;");
$array = array(); for ($i = 0; $i < count($data); $i++) {
while($row = mysql_fetch_assoc($query)) { $cd = user_character_data($data[$i]['pid'], 'name');
$data = user_character_data($row['pid'], 'name'); $data[$i]['name'] = $cd['name'];
$row['name'] = $data['name']; unset($data[$i]['pid']);
unset($row['pid']);
$array[] = $row;
} }
return !empty($array) ? $array : false; return $data;
} }
// HOUSES // HOUSES
function fetchAllHouses_03() { function fetchAllHouses_03() {
$query = mysql_query("SELECT * FROM `houses`;") or die("ERROR"); return mysql_select_multi("SELECT * FROM `houses`;");
$array = array();
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
} }
// TFS Storage value functions (Warning, I think these things are saved in cache, // TFS Storage value functions (Warning, I think these things are saved in cache,
@ -177,20 +170,13 @@ function fetchAllHouses_03() {
function getPlayerStorageList($storage, $minValue) { function getPlayerStorageList($storage, $minValue) {
$minValue = (int)$minValue; $minValue = (int)$minValue;
$storage = (int)$storage; $storage = (int)$storage;
$query = mysql_query("SELECT `player_id`, `value` FROM `player_storage` WHERE `key`='$storage' AND `value`>='$minValue' ORDER BY `value` DESC;"); return mysql_select_multi("SELECT `player_id`, `value` FROM `player_storage` WHERE `key`='$storage' AND `value`>='$minValue' ORDER BY `value` DESC;");
$array = array();
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
} }
// Get global storage value // Get global storage value
function getGlobalStorage($storage) { function getGlobalStorage($storage) {
$storage = (int)$storage; $storage = (int)$storage;
$query = mysql_query("SELECT `value` FROM `global_storage` WHERE `key`='$storage';"); return mysql_select_single("SELECT `value` FROM `global_storage` WHERE `key`='$storage';");
$row = mysql_fetch_assoc($query);
return !empty($row) ? $row['value'] : false;
} }
// Set global storage value // Set global storage value
@ -200,9 +186,9 @@ function setGlobalStorage($storage, $value) {
// If the storage does not exist yet // If the storage does not exist yet
if (getGlobalStorage($storage) === false) { if (getGlobalStorage($storage) === false) {
mysql_query("INSERT INTO `global_storage` (`key`, `world_id`, `value`) VALUES ('$storage', 0, '$value')") or die(mysql_error()); mysql_insert("INSERT INTO `global_storage` (`key`, `world_id`, `value`) VALUES ('$storage', 0, '$value')");
} else {// If the storage exist } else {// If the storage exist
mysql_query("UPDATE `global_storage` SET `value`='$value' WHERE `key`='$storage'") or die(mysql_error()); mysql_update("UPDATE `global_storage` SET `value`='$value' WHERE `key`='$storage'");
} }
} }
@ -213,9 +199,7 @@ function getPlayerStorage($player_id, $storage, $online = false) {
// user is offline (false), we may safely proceed: // user is offline (false), we may safely proceed:
$player_id = (int)$player_id; $player_id = (int)$player_id;
$storage = (int)$storage; $storage = (int)$storage;
$query = mysql_query("SELECT `value` FROM `player_storage` WHERE `key`='$storage' AND `player_id`='$player_id';"); return mysql_select_single("SELECT `value` FROM `player_storage` WHERE `key`='$storage' AND `player_id`='$player_id';");
$row = mysql_fetch_assoc($query);
return !empty($row) ? $row['value'] : false;
} else return false; } else return false;
} }
@ -227,9 +211,9 @@ function setPlayerStorage($player_id, $storage, $value) {
// If the storage does not exist yet // If the storage does not exist yet
if (getPlayerStorage($storage) === false) { if (getPlayerStorage($storage) === false) {
mysql_query("INSERT INTO `player_storage` (`player_id`, `key`, `value`) VALUES ('$player_id', '$storage', '$value')") or die(mysql_error()); mysql_insert("INSERT INTO `player_storage` (`player_id`, `key`, `value`) VALUES ('$player_id', '$storage', '$value')");
} else {// If the storage exist } else {// If the storage exist
mysql_query("UPDATE `player_storage` SET `value`='$value' WHERE `key`='$storage' AND `player_id`='$player_id'") or die(mysql_error()); mysql_update("UPDATE `player_storage` SET `value`='$value' WHERE `key`='$storage' AND `player_id`='$player_id'");
} }
} }
@ -253,23 +237,18 @@ function user_is_online_10($player_id) {
// Gets a list of tickets and ticket ids // Gets a list of tickets and ticket ids
function shop_delete_row_order($rowid) { function shop_delete_row_order($rowid) {
$rowid = (int)$rowid; $rowid = (int)$rowid;
mysql_query("DELETE FROM `znote_shop_orders` WHERE `id`='$rowid';") or die(mysql_error()); mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='$rowid';");
} }
function shop_update_row_count($rowid, $count) { function shop_update_row_count($rowid, $count) {
$rowid = (int)$rowid; $rowid = (int)$rowid;
$count = (int)$count; $count = (int)$count;
mysql_query("UPDATE `znote_shop_orders` SET `count`='$count' WHERE `id`='$rowid'") or die(mysql_error()); mysql_update("UPDATE `znote_shop_orders` SET `count`='$count' WHERE `id`='$rowid'");
} }
function shop_account_gender_tickets($accid) { function shop_account_gender_tickets($accid) {
$accid = (int)$accid; $accid = (int)$accid;
$query = mysql_query("SELECT `id`, `count` FROM `znote_shop_orders` WHERE `account_id`='$accid' AND `type`='3';"); return mysql_select_multi("SELECT `id`, `count` FROM `znote_shop_orders` WHERE `account_id`='$accid' AND `type`='3';");
$array = array();
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
} }
// GUILDS // GUILDS
@ -288,7 +267,7 @@ function guild_change_rank($rid, $name) {
$rid = (int)$rid; $rid = (int)$rid;
$name = sanitize($name); $name = sanitize($name);
mysql_query("UPDATE `guild_ranks` SET `name`='$name' WHERE `id`=$rid") or die(mysql_error()); mysql_update("UPDATE `guild_ranks` SET `name`='$name' WHERE `id`=$rid");
} }
// Change guild leader (parameters: cid, new and old leader). // Change guild leader (parameters: cid, new and old leader).
@ -333,33 +312,32 @@ function guild_change_leader($nCid, $oCid) {
function guild_new_leader($new_leader, $gid) { function guild_new_leader($new_leader, $gid) {
$new_leader = (int)$new_leader; $new_leader = (int)$new_leader;
$gid = (int)$gid; $gid = (int)$gid;
mysql_query("UPDATE `guilds` SET `ownerid`='$new_leader' WHERE `id`=$gid") or die(mysql_error()); mysql_update("UPDATE `guilds` SET `ownerid`='$new_leader' WHERE `id`=$gid");
} }
// Returns $gid of a guild leader($cid). // Returns $gid of a guild leader($cid).
function guild_leader_gid($leader) { function guild_leader_gid($leader) {
$leader = (int)$leader; $leader = (int)$leader;
$query = mysql_query("SELECT `id` FROM `guilds` WHERE `ownerid`='$leader';"); return mysql_select_single("SELECT `id` FROM `guilds` WHERE `ownerid`='$leader';");
$row = mysql_fetch_assoc($query);
return !empty($row) ? $row['id'] : false;
} }
// Returns guild leader(charID) of a guild. (parameter: guild_ID) // Returns guild leader(charID) of a guild. (parameter: guild_ID)
function guild_leader($gid) { function guild_leader($gid) {
$gid = (int)$gid; $gid = (int)$gid;
return mysql_result(mysql_query("SELECT `ownerid` FROM `guilds` WHERE `id`='$gid';"), 0, 'ownerid'); $data = mysql_select_single("SELECT `ownerid` FROM `guilds` WHERE `id`='$gid';");
return ($data !== false) ? $data['ownerid'] : false;
} }
// Disband guild // Disband guild
function guild_remove_invites($gid) { function guild_remove_invites($gid) {
$gid = (int)$gid; $gid = (int)$gid;
mysql_query("DELETE FROM `guild_invites` WHERE `guild_id`='$gid';"); mysql_delete("DELETE FROM `guild_invites` WHERE `guild_id`='$gid';");
} }
// Remove guild invites // Remove guild invites
function guild_delete($gid) { function guild_delete($gid) {
$gid = (int)$gid; $gid = (int)$gid;
mysql_query("DELETE FROM `guilds` WHERE `id`='$gid';"); mysql_delete("DELETE FROM `guilds` WHERE `id`='$gid';");
} }
// Player leave guild // Player leave guild
@ -423,7 +401,7 @@ function guild_remove_invitation($cid, $gid) {
function guild_invite_player($cid, $gid) { function guild_invite_player($cid, $gid) {
$cid = (int)$cid; $cid = (int)$cid;
$gid = (int)$gid; $gid = (int)$gid;
mysql_query("INSERT INTO `guild_invites` (`player_id`, `guild_id`) VALUES ('$cid', '$gid')") or die(mysql_error()); mysql_insert("INSERT INTO `guild_invites` (`player_id`, `guild_id`) VALUES ('$cid', '$gid')");
} }
// Gets a list of invited players to a particular guild. // Gets a list of invited players to a particular guild.
@ -447,12 +425,7 @@ function update_player_guild_position_10($cid, $rid) {
// Get guild data, using guild id. // Get guild data, using guild id.
function get_guild_rank_data($gid) { function get_guild_rank_data($gid) {
$gid = (int)$gid; $gid = (int)$gid;
$query = mysql_query("SELECT `id`, `guild_id`, `name`, `level` FROM `guild_ranks` WHERE `guild_id`='$gid' ORDER BY `id` DESC LIMIT 0, 30"); return mysql_select_multi("SELECT `id`, `guild_id`, `name`, `level` FROM `guild_ranks` WHERE `guild_id`='$gid' ORDER BY `id` DESC LIMIT 0, 30");
$array = array();
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
} }
// Creates a guild, where cid is the owner of the guild, and name is the name of guild. // Creates a guild, where cid is the owner of the guild, and name is the name of guild.
@ -480,8 +453,8 @@ function create_guild($cid, $name) {
function get_character_guild_rank($cid) { function get_character_guild_rank($cid) {
$cid = (int)$cid; $cid = (int)$cid;
if (config('TFSVersion') !== 'TFS_10') { if (config('TFSVersion') !== 'TFS_10') {
$rid = mysql_result(mysql_query("SELECT `rank_id` FROM `players` WHERE `id`='$cid';"), 0, 'rank_id'); $data = mysql_select_single("SELECT `rank_id` FROM `players` WHERE `id`='$cid';");
return ($rid > 0) ? $rid : false; return ($data !== false && $data['rank_id'] > 0) ? $data['rank_id'] : false;
} else { } else {
$data = mysql_select_single("SELECT `rank_id` FROM `guild_membership` WHERE `player_id`='$cid' LIMIT 1;"); $data = mysql_select_single("SELECT `rank_id` FROM `guild_membership` WHERE `player_id`='$cid' LIMIT 1;");
return ($data !== false) ? $data['rank_id'] : false; return ($data !== false) ? $data['rank_id'] : false;
@ -498,7 +471,8 @@ function get_player_guild_rank($rank_id) {
// Get a player guild position ID, using his rank_id // Get a player guild position ID, using his rank_id
function get_guild_position($rid) { function get_guild_position($rid) {
$rid = (int)$rid; $rid = (int)$rid;
return mysql_result(mysql_query("SELECT `level` FROM `guild_ranks` WHERE `id`=$rid;"), 0, 'level'); $data = mysql_select_single("SELECT `level` FROM `guild_ranks` WHERE `id`=$rid;");
return ($data !== false) ? $data['level'] : false;
} }
// Get a players rank_id, guild_id, rank_level(ID), rank_name(string), using cid(player id) // Get a players rank_id, guild_id, rank_level(ID), rank_name(string), using cid(player id)
@ -526,10 +500,8 @@ function get_guild_name($gid) {
// Returns guild id from name // Returns guild id from name
function get_guild_id($name) { function get_guild_id($name) {
$name = sanitize($name); $name = sanitize($name);
$query = mysql_query("SELECT `id` FROM `guilds` WHERE `name`='$name';"); $data = mysql_select_single("SELECT `id` FROM `guilds` WHERE `name`='$name';");
$row = mysql_fetch_assoc($query); return ($data !== false) ? $data['id'] : false;
return !empty($row) ? $row['id'] : false;
} }
// Get complete list of guilds // Get complete list of guilds
@ -562,28 +534,25 @@ function count_guild_members($gid) {
// Returns guild war entry for id // Returns guild war entry for id
function get_guild_war($warid) { function get_guild_war($warid) {
$warid = (int)$warid; // Sanitizing the parameter id $warid = (int)$warid; // Sanitizing the parameter id
$query = mysql_query("SELECT `id`, `guild1`, `guild2`, `name1`, `name2`, `status`, `started`, `ended` FROM `guild_wars` WHERE `id`=$warid ORDER BY `started`;"); return mysql_select_single("SELECT `id`, `guild1`, `guild2`, `name1`, `name2`, `status`, `started`, `ended` FROM `guild_wars` WHERE `id`=$warid ORDER BY `started`;");
$row = mysql_fetch_assoc($query);
return !empty($row) ? $row : false;
} }
// TFS 0.3 compatibility // TFS 0.3 compatibility
function get_guild_war03($warid) { function get_guild_war03($warid) {
$warid = (int)$warid; // Sanitizing the parameter id $warid = (int)$warid; // Sanitizing the parameter id
$query = mysql_query("SELECT `id`, `guild_id`, `enemy_id`, `status`, `begin`, `end` FROM `guild_wars` ORDER BY `begin` DESC LIMIT 0, 30");
$row = mysql_fetch_assoc($query);
if (!empty($row)) { $wars = mysql_select_multi("SELECT `id`, `guild_id`, `enemy_id`, `status`, `begin`, `end` FROM `guild_wars` ORDER BY `begin` DESC LIMIT 0, 30");
$row['guild1'] = $row['guild_id']; if ($wars !== false) {
$row['guild2'] = $row['enemy_id']; for ($i = 0; $i < count($wars); $i++) {
$row['name1'] = get_guild_name($row['guild_id']); $wars[$i]['guild1'] = $wars[$i]['guild_id'];
$row['name2'] = get_guild_name($row['enemy_id']); $wars[$i]['guild2'] = $wars[$i]['enemy_id'];
$row['started'] = $row['begin']; $wars[$i]['name1'] = get_guild_name($wars[$i]['guild_id']);
$row['ended'] = $row['end']; $wars[$i]['name2'] = get_guild_name($wars[$i]['enemy_id']);
$wars[$i]['started'] = $wars[$i]['begin'];
$wars[$i]['ended'] = $wars[$i]['end'];
}
} }
return $wars;
return !empty($row) ? $row : false;
} }
// List all war entries // List all war entries
@ -591,23 +560,6 @@ function get_guild_wars() {
return mysql_select_multi("SELECT `id`, `guild1`, `guild2`, `name1`, `name2`, `status`, `started`, `ended` FROM `guild_wars` ORDER BY `started` DESC LIMIT 0, 30"); return mysql_select_multi("SELECT `id`, `guild1`, `guild2`, `name1`, `name2`, `status`, `started`, `ended` FROM `guild_wars` ORDER BY `started` DESC LIMIT 0, 30");
} }
/* TFS 0.3 compatibility
function get_guild_wars03() {
$query = mysql_query("SELECT `id`, `guild_id`, `enemy_id`, `status`, `begin`, `end` FROM `guild_wars` ORDER BY `begin` DESC LIMIT 0, 30");
$array = array();
while($row = mysql_fetch_assoc($query)) {
// Generating TFS 0.2 key values for this 0.3 query for web cross compatibility
$row['guild1'] = $row['guild_id'];
$row['guild2'] = $row['enemy_id'];
$row['name1'] = get_guild_name($row['guild_id']);
$row['name2'] = get_guild_name($row['enemy_id']);
$row['started'] = $row['begin'];
$row['ended'] = $row['end'];
$array[] = $row;
}
return !empty($array) ? $array : false;
}*/
// Untested. (TFS 0.3 compatibility) // Untested. (TFS 0.3 compatibility)
function get_guild_wars03() { function get_guild_wars03() {
$array = mysql_select_multi("SELECT `id`, `guild_id`, `enemy_id`, `status`, `begin`, `end` FROM `guild_wars` ORDER BY `begin` DESC LIMIT 0, 30"); $array = mysql_select_multi("SELECT `id`, `guild_id`, `enemy_id`, `status`, `begin`, `end` FROM `guild_wars` ORDER BY `begin` DESC LIMIT 0, 30");
@ -628,51 +580,23 @@ function get_guild_wars03() {
// List kill activity in wars. // List kill activity in wars.
function get_war_kills($war_id) { function get_war_kills($war_id) {
$war_id = (int)$war_id;// Sanitize - verify its an integer. $war_id = (int)$war_id;// Sanitize - verify its an integer.
return mysql_select_multi("SELECT `id`, `killer`, `target`, `killerguild`, `targetguild`, `warid`, `time` FROM `guildwar_kills` WHERE `warid`=$war_id ORDER BY `time` DESC");
$query = mysql_query("SELECT `id`, `killer`, `target`, `killerguild`, `targetguild`, `warid`, `time` FROM `guildwar_kills` WHERE `warid`=$war_id ORDER BY `time` DESC LIMIT 0, 30") or die("02 q");
$array = array();
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
} }
// TFS 0.3 compatibility // TFS 0.3 compatibility
function get_war_kills03($war_id) { function get_war_kills03($war_id) {
$war_id = (int)$war_id;// Sanitize - verify its an integer. $war_id = (int)$war_id;// Sanitize - verify its an integer.
return mysql_select_multi("SELECT `id`, `guild_id`, `war_id`, `death_id` FROM `guild_kills` WHERE `war_id`=$war_id ORDER BY `id` DESC LIMIT 0, 30");
$query = mysql_query("SELECT `id`, `guild_id`, `war_id`, `death_id` FROM `guild_kills` WHERE `war_id`=$war_id ORDER BY `id` DESC LIMIT 0, 30") or die("03 q");
$array = array();
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
}
function get_death_data($did) {
$did = (int)$did; // Sanitizing the parameter id
$query = mysql_query("SELECT `id`, `guild_id`, `enemy_id`, `status`, `begin`, `end` FROM `guild_wars` ORDER BY `begin` DESC LIMIT 0, 30");
$row = mysql_fetch_assoc($query);
return !empty($row) ? $row : false;
} }
// Gesior compatibility port TFS .3 // Gesior compatibility port TFS .3
function gesior_sql_death($warid) { function gesior_sql_death($warid) {
$warid = (int)$warid; // Sanitizing the parameter id $warid = (int)$warid; // Sanitizing the parameter id
$query = mysql_query('SELECT `pd`.`id`, `pd`.`date`, `gk`.`guild_id` AS `enemy`, `p`.`name`, `pd`.`level` FROM `guild_kills` gk LEFT JOIN `player_deaths` pd ON `gk`.`death_id` = `pd`.`id` LEFT JOIN `players` p ON `pd`.`player_id` = `p`.`id` WHERE `gk`.`war_id` = ' . $warid . ' AND `p`.`deleted` = 0 ORDER BY `pd`.`date` DESC'); return mysql_select_multi('SELECT `pd`.`id`, `pd`.`date`, `gk`.`guild_id` AS `enemy`, `p`.`name`, `pd`.`level` FROM `guild_kills` gk LEFT JOIN `player_deaths` pd ON `gk`.`death_id` = `pd`.`id` LEFT JOIN `players` p ON `pd`.`player_id` = `p`.`id` WHERE `gk`.`war_id` = ' . $warid . ' AND `p`.`deleted` = 0 ORDER BY `pd`.`date` DESC');
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
} }
function gesior_sql_killer($did) { function gesior_sql_killer($did) {
$did = (int)$did; // Sanitizing the parameter id $did = (int)$did; // Sanitizing the parameter id
$query = mysql_query('SELECT `p`.`name` AS `player_name`, `p`.`deleted` AS `player_exists`, `k`.`war` AS `is_war` FROM `killers` k LEFT JOIN `player_killers` pk ON `k`.`id` = `pk`.`kill_id` LEFT JOIN `players` p ON `p`.`id` = `pk`.`player_id` WHERE `k`.`death_id` = ' . $did . ' ORDER BY `k`.`final_hit` DESC, `k`.`id` ASC'); return mysql_select_multi('SELECT `p`.`name` AS `player_name`, `p`.`deleted` AS `player_exists`, `k`.`war` AS `is_war` FROM `killers` k LEFT JOIN `player_killers` pk ON `k`.`id` = `pk`.`kill_id` LEFT JOIN `players` p ON `p`.`id` = `pk`.`player_id` WHERE `k`.`death_id` = ' . $did . ' ORDER BY `k`.`final_hit` DESC, `k`.`id` ASC');
while($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
return !empty($array) ? $array : false;
} }
// end gesior // end gesior
// END GUILD WAR // END GUILD WAR
@ -690,8 +614,8 @@ function set_ingame_position($name, $acctype) {
} elseif ($acctype == 6) { } elseif ($acctype == 6) {
$group_id = 3; $group_id = 3;
} }
mysql_query("UPDATE `accounts` SET `type` = '$acctype' WHERE `id` =$acc_id;"); mysql_update("UPDATE `accounts` SET `type` = '$acctype' WHERE `id` =$acc_id;");
mysql_query("UPDATE `players` SET `group_id` = '$group_id' WHERE `id` =$char_id;"); mysql_update("UPDATE `players` SET `group_id` = '$group_id' WHERE `id` =$char_id;");
} }
// .3 // .3
@ -706,7 +630,7 @@ function set_ingame_position03($name, $acctype) {
if ($acctype == 1) { if ($acctype == 1) {
$group_id = 1; $group_id = 1;
} }
mysql_query("UPDATE `players` SET `group_id` = '$acctype' WHERE `id` =$char_id;"); mysql_update("UPDATE `players` SET `group_id` = '$acctype' WHERE `id` =$char_id;");
} }
// Set rule violation. // Set rule violation.
@ -731,28 +655,28 @@ function set_rule_violation($charname, $typeid, $actionid, $reasonid, $time, $co
$bannedby = user_character_id($bannedby); $bannedby = user_character_id($bannedby);
if (Config('TFSVersion') === 'TFS_02') if (Config('TFSVersion') === 'TFS_02')
mysql_query("INSERT INTO `bans` (`type` ,`ip` ,`mask` ,`player` ,`account` ,`time` ,`reason_id` ,`action_id` ,`comment` ,`banned_by`) VALUES ('$typeid', '$charip', '4294967295', '$charid', '$accountid', '$time', '$reasonid', '$actionid', '$comment', '$bannedby');") or die(mysql_error()); mysql_insert("INSERT INTO `bans` (`type` ,`ip` ,`mask` ,`player` ,`account` ,`time` ,`reason_id` ,`action_id` ,`comment` ,`banned_by`) VALUES ('$typeid', '$charip', '4294967295', '$charid', '$accountid', '$time', '$reasonid', '$actionid', '$comment', '$bannedby');");
if (Config('TFSVersion') === 'TFS_03') { if (Config('TFSVersion') === 'TFS_03') {
$now = time(); $now = time();
switch ($typeid) { switch ($typeid) {
case 1: // IP ban case 1: // IP ban
mysql_query("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charip', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');") or die(mysql_error()); mysql_insert("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charip', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');");
break; break;
case 2: // namelock case 2: // namelock
mysql_query("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');") or die(mysql_error()); mysql_insert("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');");
break; break;
case 3: // acc ban case 3: // acc ban
mysql_query("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$accountid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');") or die(mysql_error()); mysql_insert("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$accountid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');");
break; break;
case 4: // notation case 4: // notation
mysql_query("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');") or die(mysql_error()); mysql_insert("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');");
break; break;
case 5: // deletion case 5: // deletion
mysql_query("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');") or die(mysql_error()); mysql_insert("INSERT INTO `bans` (`type`, `value`, `param`, `active`, `expires`, `added`, `admin_id`, `comment`) VALUES ('$typeid', '$charid', '4294967295', '1', '$time', '$now', '$bannedby', '$comment');");
break; break;
} }
@ -774,60 +698,53 @@ function user_fetch_deathlist($char_id) {
// TFS .3 compatibility // TFS .3 compatibility
function user_fetch_deathlist03($char_id) { function user_fetch_deathlist03($char_id) {
$char_id = (int)$char_id; $char_id = (int)$char_id;
$query = mysql_query("SELECT * FROM `player_deaths` WHERE `player_id`='$char_id' order by `date` DESC LIMIT 0, 10") or die(mysql_error()); $data = mysql_select_multi("SELECT * FROM `player_deaths` WHERE `player_id`='$char_id' order by `date` DESC LIMIT 0, 10");
if ($data !== false) {
while($row = mysql_fetch_assoc($query)) { for ($i = 0; $i < count($data); $i++) {
$row['time'] = $row['date']; $data[$i]['time'] = $data[$i]['date'];
$array[] = $row; }
} }
return !empty($array) ? $array : false; return $data;
} }
// same (death id ---> killer id) // same (death id ---> killer id)
function user_get_kid($did) { function user_get_kid($did) {
$did = (int)$did; $did = (int)$did;
return mysql_result(mysql_query("SELECT `id` FROM `killers` WHERE `death_id`='$did';"), 0, 'id'); $data = mysql_select_single("SELECT `id` FROM `killers` WHERE `death_id`='$did';");
return ($data !== false) ? $data['id'] : false;
} }
// same (killer id ---> player id) // same (killer id ---> player id)
function user_get_killer_id($kn) { function user_get_killer_id($kn) {
$kn = (int)$kn; $kn = (int)$kn;
$query = mysql_query("SELECT `player_id` FROM `player_killers` WHERE `kill_id`='$kn';") or die(mysql_error()); $data = mysql_select_single("SELECT `player_id` FROM `player_killers` WHERE `kill_id`='$kn';");
$count = mysql_num_rows($query); return ($data !== false) ? $data['player_id'] : false;
for ($i = 0; $i < $count; $i++) {
$row = mysql_fetch_row($query);
}
if (isset($row)) { return $row[0]; } else {return false;}
} }
// same (killer id ---> monster name) // same (killer id ---> monster name)
function user_get_killer_m_name($mn) { function user_get_killer_m_name($mn) {
$mn = (int)$mn; $mn = (int)$mn;
$data = mysql_select_single("SELECT `name` FROM `environment_killers` WHERE `kill_id`='$mn';");
$query = mysql_query("SELECT `name` FROM `environment_killers` WHERE `kill_id`='$mn';"); return ($data !== false) ? $data['name'] : false;
$data = mysql_fetch_assoc($query);
//return $data;
return mysql_num_rows($query) !== 1 ? false : $data['name'];
} }
// Count character deaths. Counts up 10. // Count character deaths. Counts up 10.
function user_count_deathlist($char_id) { function user_count_deathlist($char_id) {
$char_id = (int)$char_id; $char_id = (int)$char_id;
return mysql_result(mysql_query("SELECT COUNT('id') FROM `player_deaths` WHERE `player_id`='$char_id' order by `time` DESC LIMIT 0, 10"), 0); $data = mysql_select_single("SELECT COUNT('id') AS `id` FROM `player_deaths` WHERE `player_id`='$char_id' order by `time` DESC LIMIT 0, 10");
return ($data !== false) ? $data['id'] : false;
} }
// MY ACCOUNT RELATED \\ // MY ACCOUNT RELATED \\
function user_update_comment($char_id, $comment) { function user_update_comment($char_id, $comment) {
$char_id = sanitize($char_id); $char_id = sanitize($char_id);
$comment = sanitize($comment); $comment = sanitize($comment);
mysql_query("UPDATE `znote_players` SET `comment`='$comment' WHERE `player_id`='$char_id'"); mysql_update("UPDATE `znote_players` SET `comment`='$comment' WHERE `player_id`='$char_id'");
} }
// Permamently delete character id. (parameter: character id) // Permamently delete character id. (parameter: character id)
function user_delete_character($char_id) { function user_delete_character($char_id) {
$char_id = (int)$char_id; $char_id = (int)$char_id;
mysql_query("DELETE FROM `players` WHERE `id`='$char_id';"); mysql_delete("DELETE FROM `players` WHERE `id`='$char_id';");
mysql_query("DELETE FROM `znote_players` WHERE `player_id`='$char_id';"); mysql_delete("DELETE FROM `znote_players` WHERE `player_id`='$char_id';");
} }
// Parameter: accounts.id returns: An array containing detailed information of every character on the account. // Parameter: accounts.id returns: An array containing detailed information of every character on the account.
@ -876,19 +793,14 @@ function user_character_list($account_id) {
function user_character_list_player_id($account_id) { function user_character_list_player_id($account_id) {
//$count = user_character_list_count($account_id); //$count = user_character_list_count($account_id);
$account_id = sanitize($account_id); $account_id = sanitize($account_id);
$query = mysql_query("SELECT `id` FROM `players` WHERE `account_id`='$account_id' ORDER BY `level` DESC LIMIT 0, 30"); return mysql_select_multi("SELECT `id` FROM `players` WHERE `account_id`='$account_id' ORDER BY `level` DESC LIMIT 0, 30");
$count = mysql_num_rows($query);
for ($i = 0; $i < $count; $i++) {
$row = mysql_fetch_row($query);
$array[] = $row[0];
}
if (isset($array)) {return $array; } else {return false;}
} }
// Parameter: accounts.id returns: number of characters on the account. // Parameter: accounts.id returns: number of characters on the account.
function user_character_list_count($account_id) { function user_character_list_count($account_id) {
$account_id = sanitize($account_id); $account_id = sanitize($account_id);
return mysql_result(mysql_query("SELECT COUNT('id') FROM `players` WHERE `account_id`='$account_id'"), 0); $data = mysql_select_single("SELECT COUNT('id') AS `id` FROM `players` WHERE `account_id`='$account_id'");
return ($data !== false) ? $data['id'] : 0;
} }
// END MY ACCOUNT RELATED // END MY ACCOUNT RELATED
@ -935,48 +847,58 @@ function highscore_getSkill_10($id = 8, $from = 0, $to = 30) {
// Returns an array containing up to 30 best players in terms of (selected skillid). Returns player ID and skill value. // Returns an array containing up to 30 best players in terms of (selected skillid). Returns player ID and skill value.
function highscore_skills($skillid) { function highscore_skills($skillid) {
$skillid = (int)$skillid; $skillid = (int)$skillid;
$query = mysql_query("SELECT `player_id`, `value` FROM `player_skills` WHERE `skillid`='$skillid' ORDER BY `value` DESC LIMIT 0, 30");
while ($row = mysql_fetch_assoc($query)) { $data = mysql_select_multi("SELECT `player_id`, `value` FROM `player_skills` WHERE `skillid`='$skillid' ORDER BY `value` DESC LIMIT 0, 30");
if ($skillid == 6 || $skillid == 5) {// If skillid is fish fighting, lets display vocation name instead of id.
$row['vocation'] = vocation_id_to_name(mysql_result(mysql_query("SELECT `vocation` FROM `players` WHERE `id` = '". $row['player_id'] ."';"), 0)); if ($data !== false) {
for ($i = 0; $i < count($data); $i++) {
// Fetch extra data from SQL players table
if ($skillid == 6 || $skillid == 5) $vd = mysql_select_single("SELECT `vocation`, `group_id`, `name` FROM `players` WHERE `id` = '". $data[$i]['player_id'] ."';");
else $vd = mysql_select_single("SELECT `group_id`, `name` FROM `players` WHERE `id` = '". $data[$i]['player_id'] ."';");
// If skillid is fish fighting, lets display vocation name instead of id.
if ($skillid == 6 || $skillid == 5) {
if ($vd !== false) $data[$i]['vocation'] = vocation_id_to_name($vd['vocation']);
else $data[$i]['vocation'] = 'Unknown';
}
// Happen to every skill group
$data[$i]['group_id'] = $vd['group_id'];
$data[$i]['name'] = $vd['name'];
unset($data[$i]['player_id']);
} }
$row['group_id'] = mysql_result(mysql_query("SELECT `group_id` FROM `players` WHERE `id` = '". $row['player_id'] ."';"), 0);
$row['name'] = mysql_result(mysql_query("SELECT `name` FROM `players` WHERE `id` = '". $row['player_id'] ."';"), 0);
unset($row['player_id']);
$array[] = $row;
} }
if (isset($array)) {return $array; } else {return false;}
return $data;
} }
// Returns an array containing up to 30 best players in terms of experience. Returns name, experience, vocation and level. // Returns an array containing up to 30 best players in terms of experience. Returns name, experience, vocation and level.
function highscore_experience() { function highscore_experience() {
//$count = highscore_experience_count(); $data = mysql_select_multi("SELECT `name`, `experience` as `value`, `vocation`, `level`, `group_id` FROM `players` WHERE `experience`>500 ORDER BY `experience` DESC LIMIT 0, 30");
$query = mysql_query("SELECT `name`, `experience` as `value`, `vocation`, `level`, `group_id` FROM `players` WHERE `experience`>500 ORDER BY `experience` DESC LIMIT 0, 30"); if ($data !== false) {
while ($row = mysql_fetch_assoc($query)) { for ($i = 0; $i < count($data); $i++) {
$row['vocation'] = vocation_id_to_name($row['vocation']); $data[$i]['vocation'] = vocation_id_to_name($data[$i]['vocation']);
$array[] = $row; }
} }
if (isset($array)) {return $array; } else {return false;} return $data;
} }
// Returns an array containing up to 30 best players with high magic level (returns their name and magic level) // Returns an array containing up to 30 best players with high magic level (returns their name and magic level)
function highscore_maglevel() { function highscore_maglevel() {
//$count = highscore_experience_count(); // Dosn't matter if I count exp, maglvl is on same table. return mysql_select_multi("SELECT `name`, `maglevel` as `value`, `group_id` FROM `players` WHERE `experience`>500 ORDER BY `maglevel` DESC LIMIT 0, 30");
$query = mysql_query("SELECT `name`, `maglevel` as `value`, `group_id` FROM `players` WHERE `experience`>500 ORDER BY `maglevel` DESC LIMIT 0, 30");
while ($row = mysql_fetch_assoc($query)) {
$array[] = $row;
}
if (isset($array)) {return $array; } else {return false;}
} }
// Count how many skill entries are in the db for a certain skillid (this can relate to how many players exist). // Count how many skill entries are in the db for a certain skillid (this can relate to how many players exist).
function highscore_count($skillid) { function highscore_count($skillid) {
return mysql_result(mysql_query("SELECT COUNT(`player_id`) FROM `player_skills` WHERE `skillid`='$skillid' LIMIT 0, 30"), 0); $data = mysql_select_single("SELECT COUNT(`player_id`) AS `count` FROM `player_skills` WHERE `skillid`='$skillid' LIMIT 0, 30");
return ($data !== false) ? $data['count'] : 0;
} }
// Count how many players have higher exp than 500 // Count how many players have higher exp than 500
function highscore_experience_count() { function highscore_experience_count() {
return mysql_result(mysql_query("SELECT COUNT(`id`) FROM `players` WHERE `experience`>'500' LIMIT 0, 30"), 0); $data = mysql_select_single("SELECT COUNT(`id`) AS `count` FROM `players` WHERE `experience`>'500' LIMIT 0, 30");
return ($data !== false) ? $data['count'] : 0;
} }
// END HIGHSCORE FUNCTIONS // END HIGHSCORE FUNCTIONS
@ -1046,23 +968,26 @@ function user_account_id_from_password($password) {
function user_account_add_premdays($accid, $days) { function user_account_add_premdays($accid, $days) {
$accid = (int)$accid; $accid = (int)$accid;
$days = (int)$days; $days = (int)$days;
$tmp = mysql_result(mysql_query("SELECT `premdays` FROM `accounts` WHERE `id`='$accid';"), 0, 'premdays'); $data = mysql_select_single("SELECT `premdays` FROM `accounts` WHERE `id`='$accid';");
$tmp = $data['premdays'];
$tmp += $days; $tmp += $days;
mysql_query("UPDATE `accounts` SET `premdays`='$tmp' WHERE `id`='$accid'"); mysql_update("UPDATE `accounts` SET `premdays`='$tmp' WHERE `id`='$accid'");
} }
// Name = char name. Changes from male to female & vice versa. // Name = char name. Changes from male to female & vice versa.
function user_character_change_gender($name) { function user_character_change_gender($name) {
$user_id = user_character_id($name); $user_id = user_character_id($name);
$gender = mysql_result(mysql_query("SELECT `sex` FROM `players` WHERE `id`='$user_id';"), 0, 'sex'); $data = mysql_select_single("SELECT `sex` FROM `players` WHERE `id`='$user_id';");
if ($gender == 1) mysql_query("UPDATE `players` SET `sex`='0' WHERE `id`='$user_id'"); $gender = $data['sex'];
else mysql_query("UPDATE `players` SET `sex`='1' WHERE `id`='$user_id'"); if ($gender == 1) mysql_update("UPDATE `players` SET `sex`='0' WHERE `id`='$user_id'");
else mysql_update("UPDATE `players` SET `sex`='1' WHERE `id`='$user_id'");
} }
// Fetch account ID from player NAME // Fetch account ID from player NAME
function user_character_account_id($character) { function user_character_account_id($character) {
$character = sanitize($character); $character = sanitize($character);
return mysql_result(mysql_query("SELECT `account_id` FROM `players` WHERE `name`='$character';"), 0, 'account_id'); $data = mysql_select_single("SELECT `account_id` FROM `players` WHERE `name`='$character';");
return ($data !== false) ? $data['account_id'] : false;
} }
// Verify data from accounts table. Parameter is an array of <columnName> - <data to verify> // Verify data from accounts table. Parameter is an array of <columnName> - <data to verify>
@ -1074,7 +999,8 @@ function user_account_fields_verify_value($verify_data) {
foreach ($verify_data as $field=>$data) { foreach ($verify_data as $field=>$data) {
$verify[] = '`'. $field .'` = \''. $data .'\''; $verify[] = '`'. $field .'` = \''. $data .'\'';
} }
return (mysql_result(mysql_query("SELECT COUNT('id') FROM `accounts` WHERE ". implode(' AND ', $verify) .";"), 0) == 1) ? true : false; $data = mysql_select_single("SELECT COUNT('id') AS `count` FROM `accounts` WHERE ". implode(' AND ', $verify) .";");
return ($data !== false && $data['count'] == 1) ? true : false;
} }
// Update accounts, make sure user is logged in first. // Update accounts, make sure user is logged in first.
@ -1088,7 +1014,7 @@ function user_update_account($update_data) {
$user_id = sanitize($_SESSION['user_id']); $user_id = sanitize($_SESSION['user_id']);
mysql_query("UPDATE `accounts` SET ". implode(', ', $update) ." WHERE `id`=". $user_id .";"); mysql_update("UPDATE `accounts` SET ". implode(', ', $update) ." WHERE `id`=". $user_id .";");
} }
// Update znote_accounts table, make sure user is logged in for this. This is used to etc update lastIP // Update znote_accounts table, make sure user is logged in for this. This is used to etc update lastIP
@ -1102,7 +1028,7 @@ function user_update_znote_account($update_data) {
$user_id = sanitize($_SESSION['user_id']); $user_id = sanitize($_SESSION['user_id']);
mysql_query("UPDATE `znote_accounts` SET ". implode(', ', $update) ." WHERE `account_id`=". $user_id .";"); mysql_update("UPDATE `znote_accounts` SET ". implode(', ', $update) ." WHERE `account_id`=". $user_id .";");
} }
// Change password on account_id (Note: You should verify that he knows the old password before doing this) // Change password on account_id (Note: You should verify that he knows the old password before doing this)
@ -1110,7 +1036,7 @@ function user_change_password($user_id, $password) {
$user_id = sanitize($user_id); $user_id = sanitize($user_id);
$password = sha1($password); $password = sha1($password);
mysql_query("UPDATE `accounts` SET `password`='$password' WHERE `id`=$user_id"); mysql_update("UPDATE `accounts` SET `password`='$password' WHERE `id`=$user_id");
} }
// .3 compatibility // .3 compatibility
function user_change_password03($user_id, $password) { function user_change_password03($user_id, $password) {
@ -1119,7 +1045,7 @@ function user_change_password03($user_id, $password) {
$salt = user_data($user_id, 'salt'); $salt = user_data($user_id, 'salt');
$password = sha1($salt['salt'].$password); $password = sha1($salt['salt'].$password);
mysql_query("UPDATE `accounts` SET `password`='$password' WHERE `id`=$user_id"); mysql_update("UPDATE `accounts` SET `password`='$password' WHERE `id`=$user_id");
} else { } else {
user_change_password($user_id, $password); user_change_password($user_id, $password);
} }
@ -1130,7 +1056,7 @@ function user_character_set_hide($char_id, $value) {
$char_id = sanitize($char_id); $char_id = sanitize($char_id);
$value = sanitize($value); $value = sanitize($value);
mysql_query("UPDATE `znote_players` SET `hide_char`='$value' WHERE `player_id`=$char_id"); mysql_update("UPDATE `znote_players` SET `hide_char`='$value' WHERE `player_id`=$char_id");
} }
// CREATE ACCOUNT // CREATE ACCOUNT
@ -1153,10 +1079,10 @@ function user_create_account($register_data) {
$fields = '`'. implode('`, `', array_keys($register_data)) .'`'; $fields = '`'. implode('`, `', array_keys($register_data)) .'`';
$data = '\''. implode('\', \'', $register_data) .'\''; $data = '\''. implode('\', \'', $register_data) .'\'';
mysql_query("INSERT INTO `accounts` ($fields) VALUES ($data)") or die(mysql_error()); mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)");
$account_id = user_id($register_data['name']); $account_id = user_id($register_data['name']);
mysql_query("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')") or die(mysql_error()); mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')");
//TO-DO: mail server and verification. //TO-DO: mail server and verification.
// http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/ // http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/
@ -1257,25 +1183,29 @@ function user_create_character($character_data) {
$fields_sql = implode("`, `", $fields); // Convert array into SQL compatible string $fields_sql = implode("`, `", $fields); // Convert array into SQL compatible string
$data_sql = implode("', '", $data); // Convert array into SQL compatible string $data_sql = implode("', '", $data); // Convert array into SQL compatible string
echo 1; echo 1;
mysql_query("INSERT INTO `players`(`$fields_sql`) VALUES ('$data_sql');") or die("INSERT ERROR: ". mysql_error()); mysql_insert("INSERT INTO `players`(`$fields_sql`) VALUES ('$data_sql');") or die("INSERT ERROR: ". mysql_error());
$created = time(); $created = time();
$charid = user_character_id($import_data['name']); $charid = user_character_id($import_data['name']);
echo 2; echo 2;
mysql_query("INSERT INTO `znote_players`(`player_id`, `created`, `hide_char`, `comment`) VALUES ('$charid', '$created', '0', '');") or die(mysql_error()); mysql_insert("INSERT INTO `znote_players`(`player_id`, `created`, `hide_char`, `comment`) VALUES ('$charid', '$created', '0', '');");
} }
// Returns counted value of all players online // Returns counted value of all players online
function user_count_online() { function user_count_online() {
if (config('TFSVersion') == 'TFS_10') { if (config('TFSVersion') == 'TFS_10') {
$online = mysql_select_single("SELECT COUNT(`player_id`) AS `value` FROM `players_online`;"); $online = mysql_select_single("SELECT COUNT(`player_id`) AS `value` FROM `players_online`;");
return $online['value']; return ($online !== false) ? $online['value'] : 0;
} else return mysql_result(mysql_query("SELECT COUNT(`id`) from `players` WHERE `online` = 1;"), 0); } else {
$data = mysql_select_single("SELECT COUNT(`id`) AS `count` from `players` WHERE `online` = 1;");
return ($data !== false) ? $data['count'] : 0;
}
} }
// Returns counted value of all accounts. // Returns counted value of all accounts.
function user_count_accounts() { function user_count_accounts() {
return mysql_result(mysql_query("SELECT COUNT(`id`) from `accounts`;"), 0); $result = mysql_select_single("SELECT COUNT(`id`) AS `id` from `accounts`;");
return ($result !== false) ? $result['id'] : 0;
} }
/* user_character_data (fetches whatever data you want from players table)! /* user_character_data (fetches whatever data you want from players table)!
@ -1325,8 +1255,7 @@ function user_znote_data() {
if ($func_num_args > 0) { if ($func_num_args > 0) {
$fields = '`'. implode('`, `', $func_get_args) .'`'; $fields = '`'. implode('`, `', $func_get_args) .'`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `znote`;")); return mysql_select_single("SELECT $fields FROM `znote`;");
return $data;
} else return false; } else return false;
} }
@ -1343,9 +1272,8 @@ function user_znote_account_data($account_id) {
unset($func_get_args[0]); unset($func_get_args[0]);
$fields = '`'. implode('`, `', $func_get_args) .'`'; $fields = '`'. implode('`, `', $func_get_args) .'`';
$data = mysql_select_single("SELECT $fields FROM `znote_accounts` WHERE `account_id` = $accid LIMIT 1;"); return mysql_select_single("SELECT $fields FROM `znote_accounts` WHERE `account_id` = $accid LIMIT 1;");
return $data; } else return false;
}
} }
// return query data from znote_visitors table // return query data from znote_visitors table
@ -1361,9 +1289,8 @@ function user_znote_visitor_data($longip) {
unset($func_get_args[0]); unset($func_get_args[0]);
$fields = '`'. implode('`, `', $func_get_args) .'`'; $fields = '`'. implode('`, `', $func_get_args) .'`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `znote_visitors` WHERE `ip` = $longip;")); return mysql_select_single("SELECT $fields FROM `znote_visitors` WHERE `ip` = $longip;");
return $data; } else return false;
}
} }
// return query data from znote_visitors_details table // return query data from znote_visitors_details table
@ -1379,9 +1306,8 @@ function user_znote_visitor_details_data($longip) {
unset($func_get_args[0]); unset($func_get_args[0]);
$fields = '`'. implode('`, `', $func_get_args) .'`'; $fields = '`'. implode('`, `', $func_get_args) .'`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `znote_visitors_details` WHERE `ip` = $longip;")); return mysql_select_single("SELECT $fields FROM `znote_visitors_details` WHERE `ip` = $longip;");
return $data; } else return false;
}
} }
/* user_data (fetches whatever data you want from accounts table)! /* user_data (fetches whatever data you want from accounts table)!
@ -1400,23 +1326,22 @@ function user_data($user_id) {
unset($func_get_args[0]); unset($func_get_args[0]);
$fields = '`'. implode('`, `', $func_get_args) .'`'; $fields = '`'. implode('`, `', $func_get_args) .'`';
$data = mysql_select_single("SELECT $fields FROM `accounts` WHERE `id` = $user_id LIMIT 1;"); return mysql_select_single("SELECT $fields FROM `accounts` WHERE `id` = $user_id LIMIT 1;");
return $data; } else return false;
}
} }
// Checks if user is activated (Not in use atm) // Checks if user is activated (Not in use atm)
function user_activated($username) { function user_activated($username) {
$username = sanitize($username); $username = sanitize($username);
// Deprecated, removed from DB. // Deprecated, removed from DB.
//return (mysql_result(mysql_query("SELECT COUNT('id') FROM `accounts` WHERE `name`='$username' AND `email_new_time`=1;"), 0) == 1) ? true : false;
return false; return false;
} }
// Checks that username exist in database // Checks that username exist in database
function user_exist($username) { function user_exist($username) {
$username = sanitize($username); $username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT('id') FROM `accounts` WHERE `name`='$username';"), 0) == 1) ? true : false; $data = mysql_select_single("SELECT COUNT('id') FROM `accounts` WHERE `name`='$username';");
return ($data !== false) ? true : false;
} }
function user_name($id) { //USERNAME FROM PLAYER ID function user_name($id) { //USERNAME FROM PLAYER ID
@ -1429,33 +1354,37 @@ function user_name($id) { //USERNAME FROM PLAYER ID
// Checks that character name exist // Checks that character name exist
function user_character_exist($username) { function user_character_exist($username) {
$username = sanitize($username); $username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT('id') FROM `players` WHERE `name`='$username';"), 0) == 1) ? true : false; $data = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='$username';");
return ($data !== false) ? true : false;
} }
// Checks that this email exist. // Checks that this email exist.
function user_email_exist($email) { function user_email_exist($email) {
$email = sanitize($email); $email = sanitize($email);
return (mysql_result(mysql_query("SELECT COUNT('id') FROM `accounts` WHERE `email`='$email';"), 0) >= 1) ? true : false; $data = mysql_select_single("SELECT `id` FROM `accounts` WHERE `email`='$email';");
return ($data !== false) ? true : false;
} }
// Fetch user account ID from registered email. (this is used by etc lost account) // Fetch user account ID from registered email. (this is used by etc lost account)
function user_id_from_email($email) { function user_id_from_email($email) {
$email = sanitize($email); $email = sanitize($email);
$account_id = mysql_result(mysql_query("SELECT `id` FROM `accounts` WHERE `email`='$email';"), 0, 'id'); $data = mysql_select_single("SELECT `id` FROM `accounts` WHERE `email`='$email';");
return $account_id; return ($data !== false) ? $data['id'] : false;
} }
// Checks that a password exist in the database. // Checks that a password exist in the database.
function user_password_exist($password) { function user_password_exist($password) {
$password = sha1($password); // No need to sanitize passwords since we encrypt them. $password = sha1($password); // No need to sanitize passwords since we encrypt them.
return (mysql_result(mysql_query("SELECT COUNT('id') FROM `accounts` WHERE `password`='$password';"), 0) == 1) ? true : false; $data = mysql_select_single("SELECT `id` FROM `accounts` WHERE `password`='$password';");
return ($data !== false) ? true : false;
} }
// Verify that submitted password match stored password in account id // Verify that submitted password match stored password in account id
function user_password_match($password, $account_id) { function user_password_match($password, $account_id) {
$password = sha1($password); // No need to sanitize passwords since we encrypt them. $password = sha1($password); // No need to sanitize passwords since we encrypt them.
$account_id = (int)$account_id; $account_id = (int)$account_id;
return (mysql_result(mysql_query("SELECT COUNT('id') FROM `accounts` WHERE `password`='$password' AND `id`='$account_id';"), 0) == 1) ? true : false; $data = mysql_select_single("SELECT `id` FROM `accounts` WHERE `password`='$password' AND `id`='$account_id';");
return ($data !== false) ? true : false;
} }
// Get user ID from name // Get user ID from name
@ -1482,11 +1411,12 @@ function user_login_id_03($username, $password) {
$user_id = user_id($username); $user_id = user_id($username);
$username = sanitize($username); $username = sanitize($username);
$salt = mysql_result(mysql_query("SELECT `salt` FROM `accounts` WHERE `id`='$user_id';"), 0, 'salt'); $data = mysql_select_single("SELECT `salt`, `id`, `name`, `password` FROM `accounts` WHERE `id`='$user_id';");
$salt = $data['salt'];
if (!empty($salt)) $password = sha1($salt.$password); if (!empty($salt)) $password = sha1($salt.$password);
else $password = sha1($password); else $password = sha1($password);
return mysql_result(mysql_query("SELECT `id` FROM `accounts` WHERE `name`='$username' AND `password`='$password';"), 0, 'id'); return ($data !== false && $data['name'] == $username && $data['password'] == $password) ? $data['id'] : false;
} } else return false;
} else return user_login_id($username, $password); } else return user_login_id($username, $password);
} }
@ -1509,24 +1439,21 @@ function user_character_hide($username) {
// Login with a user. (TFS 0.2) // Login with a user. (TFS 0.2)
function user_login($username, $password) { function user_login($username, $password) {
$user_id = user_login_id($username, $password);
$username = sanitize($username); $username = sanitize($username);
$password = sha1($password); $password = sha1($password);
return (mysql_result(mysql_query("SELECT COUNT('id') FROM accounts WHERE name='$username' AND password='$password';"), 0) == 1) ? $user_id : false; $data = mysql_select_single("SELECT `id` FROM accounts WHERE name='$username' AND password='$password';");
return ($data !== false) ? $data['id'] : false;
} }
// Login a user with TFS 0.3 compatibility // Login a user with TFS 0.3 compatibility
function user_login_03($username, $password) { function user_login_03($username, $password) {
if (config('salt') === true) { if (config('salt') === true) {
$user_id = user_login_id_03($username, $password);
$username = sanitize($username); $username = sanitize($username);
$data = mysql_select_single("SELECT `salt`, `id`, `password`, `name` FROM `accounts` WHERE `name`='$username';");
$salt = mysql_result(mysql_query("SELECT `salt` FROM `accounts` WHERE `id`='$user_id';"), 0, 'salt'); $salt = $data['salt'];
if (!empty($salt)) $password = sha1($salt.$password); if (!empty($salt)) $password = sha1($salt.$password);
else $password = sha1($password); else $password = sha1($password);
return (mysql_result(mysql_query("SELECT COUNT('id') FROM accounts WHERE name='$username' AND password='$password';"), 0) == 1) ? $user_id : false; return ($data !== false && $data['name'] == $username && $data['password'] == $password) ? $data['id'] : false;
} else return user_login($username, $password); } else return user_login($username, $password);
} }

2
engine/init.php
View File

@ -37,7 +37,7 @@ if ($config['log_ip']) {
$timef = $time - $flush; $timef = $time - $flush;
if (getCache() < $timef) { if (getCache() < $timef) {
$timef = $time - $visitor_config['time_period']; $timef = $time - $visitor_config['time_period'];
mysql_query("DELETE FROM znote_visitors_details WHERE time <= '$timef'") or die(mysql_error()); mysql_delete("DELETE FROM znote_visitors_details WHERE time <= '$timef'");
setCache($time); setCache($time);
} }
} }