From fb86861447a8b5cfcddd75922c418a2a1b9d8ee6 Mon Sep 17 00:00:00 2001
From: Kuzirashi <kuzirashi@interia.pl>
Date: Fri, 18 Apr 2014 23:22:12 +0200
Subject: [PATCH 1/2] Fixed errors in Marketplace

Solved `undefined index[...]` and `invalid argument supplied[...]`
errors in Marketplace.
---
 market.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/market.php b/market.php
index b876008..07097d9 100644
--- a/market.php
+++ b/market.php
@@ -3,7 +3,7 @@
 $server = $config['shop']['imageServer'];
 $imageType = $config['shop']['imageType'];
 
-$compare = getValue($_GET['compare']);
+$compare = getValue(@$_GET['compare']);
 
 // If you are not comparing any items, present the list.
 if (!$compare) {
@@ -33,7 +33,7 @@ if (!$compare) {
 			<td>Compare</td>
 		</tr>
 		<?php
-		foreach ($offers['wts'] as $o) {
+		foreach (($offers['wts'] ? $offers['wts'] : array()) as $o) {
 		?>
 		<tr>
 			<td><img src="<?php echo "http://".$server."/".$o['item_id'].".".$imageType; ?>" alt="Item Image"></td>
@@ -58,7 +58,7 @@ if (!$compare) {
 			<td>Compare</td>
 		</tr>
 		<?php
-		foreach ($offers['wtb'] as $o) {
+		foreach (($offers['wtb'] ? $offers['wtb'] : array()) as $o) {
 		?>
 		<tr>
 			<td><img src="<?php echo "http://".$server."/".$o['item_id'].".".$imageType; ?>" alt="Item Image"></td>

From a5bf484fdbfab382e43cd0f83f07dcf042cc0f07 Mon Sep 17 00:00:00 2001
From: Kuzirashi <kuzirashi@interia.pl>
Date: Sat, 19 Apr 2014 01:43:49 +0200
Subject: [PATCH 2/2] Delay to character deletion has been added.

When user requests character delete, he will have to wait delay from
config. During this time when user logs in on his account, on website,
player will see information that character is awaiting delete. User can
cancel this operation.
---
 config.php                  |  2 ++
 engine/database/connect.php |  9 +++++++++
 engine/function/users.php   | 33 +++++++++++++++++++++++++++++++++
 myaccount.php               | 28 ++++++++++++++++++++++++++--
 4 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/config.php b/config.php
index 44a0423..7513fd2 100644
--- a/config.php
+++ b/config.php
@@ -161,6 +161,8 @@
 		'status_port' => "7171",
 		);
 
+	$config['delete_character_interval'] = '3 DAY'; // Delay after user character delete request is executed eg. 1 DAY, 2 HOUR, 3 MONTH etc. 
+
 	$config['validate_IP'] = true; // Only allow legal IP addresses to register and create character.
 	$config['salt'] = false; // Some noob 0.3.6 servers don't support salt.
 	
diff --git a/engine/database/connect.php b/engine/database/connect.php
index b64ae59..00d7b27 100644
--- a/engine/database/connect.php
+++ b/engine/database/connect.php
@@ -205,6 +205,15 @@ CREATE TABLE IF NOT EXISTS `znote_forum_posts` (
   `updated` int(11) NOT NULL,
   PRIMARY KEY (`id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+CREATE TABLE IF NOT EXISTS `znote_deleted_characters` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `original_account_id` int(11) NOT NULL,
+  `character_name` varchar(255) NOT NULL,
+  `time` datetime NOT NULL,
+  `done` tinyint(1) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
 </textarea>
 	</li>
 	<li>
diff --git a/engine/function/users.php b/engine/function/users.php
index cc04e78..35da1f8 100644
--- a/engine/function/users.php
+++ b/engine/function/users.php
@@ -759,6 +759,31 @@ function user_delete_character($char_id) {
 	mysql_delete("DELETE FROM `znote_players` WHERE `player_id`='$char_id';");
 }
 
+// Delete character with supplied id with a delay.
+function user_delete_character_soft($char_id) {
+	$char_id = (int)$char_id;
+	
+	$char_name = user_character_name($char_id);
+	$original_acc_id = user_character_account_id($char_name);
+	if(!user_character_pending_delete($char_name))
+		mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . Config('delete_character_interval') . '), 0)');
+	else
+		return false;
+}
+
+// Check if character will be deleted soon.
+function user_character_pending_delete($char_name) {
+	$char_name = sanitize($char_name);
+	$result = mysql_select_single('SELECT `done` FROM `znote_deleted_characters` WHERE `character_name` = "' . $char_name . '"');
+	return ($result === false) ? false : !$result['done'];
+}
+
+// Get pending character deletes for supplied account id.
+function user_pending_deletes($acc_id) {
+	$acc_id = (int)$acc_id;
+	return mysql_select_multi('SELECT `id`, `character_name`, `time` FROM `znote_deleted_characters` WHERE `original_account_id` = ' . $acc_id . ' AND `done` = 0');
+}
+
 // Parameter: accounts.id returns: An array containing detailed information of every character on the account.
 // Array: [0] = name, [1] = level, [2] = vocation, [3] = town_id, [4] = lastlogin, [5] = online
 function user_character_list($account_id) {
@@ -1372,6 +1397,14 @@ function user_character_id($charname) {
 	else return false;
 }
 
+// Get character name from character ID
+function user_character_name($charID) {
+	$charID = (int)$charID;
+	$char = mysql_select_single('SELECT `name` FROM `players` WHERE `id` = ' . $charID);
+	if ($char !== false) return $char['name'];
+	else return false;
+}
+
 // Hide user character.
 function user_character_hide($username) {
 	$username = sanitize($username);
diff --git a/myaccount.php b/myaccount.php
index aa3bdca..717d3b0 100644
--- a/myaccount.php
+++ b/myaccount.php
@@ -32,13 +32,13 @@ if (!empty($_POST['selected_delete'])) {
 		if ($charid !== false) {
 			if ($config['TFSVersion'] === 'TFS_10') {
 				if (!user_is_online_10($charid)) {
-					if (guild_leader_gid($charid) === false) user_delete_character($charid);
+					if (guild_leader_gid($charid) === false) user_delete_character_soft($charid);
 					else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.';
 				} echo 'Character must be offline first.';
 			} else {
 				$chr_data = user_character_data($charid, 'online');
 				if ($chr_data['online'] != 1) {
-					if (guild_leader_gid($charid) === false) user_delete_character($charid);
+					if (guild_leader_gid($charid) === false) user_delete_character_soft($charid);
 					else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.';
 				} else echo 'Character must be offline first.';
 			}
@@ -46,6 +46,19 @@ if (!empty($_POST['selected_delete'])) {
 	}
 }
 // end
+
+#region CANCEL CHARACTER DELETE
+$undelete_id = @$_GET['cancel_delete_id'];
+if($undelete_id) {
+	$undelete_id = (int)$undelete_id;
+	$undelete_q1 = mysql_select_single('SELECT `character_name` FROM `znote_deleted_characters` WHERE `done` = 0 AND `id` = ' . $undelete_id . ' AND `original_account_id` = ' . $session_user_id . ' AND NOW() < `time`');
+	if($undelete_q1) {
+		mysql_delete('DELETE FROM `znote_deleted_characters` WHERE `id` = ' . $undelete_id);
+		echo 'Pending delete of ' . $undelete_q1['character_name'] . ' has been successfully cancelled.<br/>';
+	}
+}
+#endregion
+
 // CHANGE character name
 if (!empty($_POST['change_name'])) {
 	if (!Token::isValid($_POST['token'])) {
@@ -179,6 +192,17 @@ if (!empty($_POST['selected_comment'])) {
 } else {
 	// end
 	$char_count = user_character_list_count($session_user_id);
+	$pending_delete = user_pending_deletes($session_user_id);
+	if($pending_delete)
+		foreach($pending_delete as $delete) {
+			if(new DateTime($delete['time']) > new DateTime())
+				echo '<b>CAUTION!</b> Your character with name <b>' . $delete['character_name'] . ' will be deleted on ' . $delete['time'] . '</b>. <a href="myaccount.php?cancel_delete_id=' . $delete['id'] . '">Cancel this operation.</a><br/>';
+			else {
+				user_delete_character(user_character_id($delete['character_name']));
+				mysql_update('UPDATE `znote_deleted_characters` SET `done` = 1');
+				echo '<b>Character ' . $delete['character_name'] . ' has been deleted</b>. This operation was requested by owner of this account.';
+			}
+		}
 	?>
 	<div id="myaccount">
 		<h1>My account</h1>