'; } } #endregion // Variable used to check if main page should be rendered after handling POST (Change comment page) $render_page = true; // Handle GET (verify email) if (isset($_GET['authenticate']) && $config['mailserver']['myaccount_verify_email']): // If we need to process email verification if (isset($_GET['u']) && isset($_GET['k'])) { // Authenticate user, fetch user id and activation key $auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false; $akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false; if ($auid !== false && $akey !== false) { // Find a match $user = mysql_select_single("SELECT `id`, `active`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$auid}' AND `activekey`='{$akey}' LIMIT 1;"); if ($user !== false) { $user = (int) $user['id']; $active = (int) $user['active']; $active_email = (int) $user['active_email']; $verify_points = ($active_email == 0 && $config['mailserver']['verify_email_points'] > 0) ? ", `points` = `points` + {$config['mailserver']['verify_email_points']}" : ''; // Enable the account to login if ($active == 0 || $active_email == 0) { $new_activeKey = rand(100000000, 999999999); mysql_update("UPDATE `znote_accounts` SET `active`='1', `active_email`='1', `activekey`='{$new_activeKey}' {$verify_points} WHERE `id`= {$user} LIMIT 1;"); } echo '
Your email has been verified.
'; if ($verify_points !== '') echo "As thanks for having a verified email, you have received {$config['mailserver']['verify_email_points']} shop points!
"; $user_znote_data['active_email'] = 1; // Todo: Bonus points as thanks for verifying email } else { echo 'Either the activation link is wrong, or your account is already activated.
'; } } else { echo 'Either the activation link is wrong, or your account is already activated.
'; } } else { // We need to send email verification $verify_account_id = (int)$session_user_id; $user = mysql_select_single("SELECT `id`, `activekey`, `active_email` FROM `znote_accounts` WHERE `account_id`='{$verify_account_id}' LIMIT 1;"); if ($user !== false) { $thisurl = config('site_url') . "myaccount.php"; $thisurl .= "?authenticate&u=".$verify_account_id."&k=".$user['activekey']; $mailer = new Mail($config['mailserver']); $title = "Please authenticate your email at {$_SERVER['HTTP_HOST']}."; $body = "Thank you for verifying your email and enjoy your stay at {$config['mailserver']['fromName']}.
"; $body .= "I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.
"; $user_name = ($config['ServerEngine'] !== 'OTHIRE') ? $user_data['name'] : $user_data['id']; //echo "We have sent you an email with a verification link to your email address:
If you can't find the email within 5 minutes, check your junk/trash inbox (spam filter) as it may be misplaced there.
Authentication failedFailed to verify user when trying to send a verification email.
'; } } endif; // Handle POST if (!empty($_POST['selected_character'])) { if (!empty($_POST['action'])) { // Validate token if (!Token::isValid($_POST['token'])) { exit(); } // Sanitize values $action = getValue($_POST['action']); $char_name = getValue($_POST['selected_character']); // Handle actions switch($action) { // Change character comment PAGE2 (Success). case 'update_comment': if ((int)user_character_account_id($char_name) === $session_user_id) { user_update_comment(user_character_id($char_name), getValue($_POST['comment'])); echo 'Successfully updated comment.'; } break; // end // Hide character case 'toggle_hide': $hide = (user_character_hide($char_name) == 1 ? 0 : 1); if ((int)user_character_account_id($char_name) === $session_user_id) { user_character_set_hide(user_character_id($char_name), $hide); } break; // end // DELETE character case 'delete_character': if ((int)user_character_account_id($char_name) === $session_user_id) { $charid = user_character_id($char_name); if ($charid !== false) { if (!user_is_online_10($charid)) { if (guild_leader_gid($charid) === false) user_delete_character_soft($charid); else echo 'Character is leader of a guild, you must disband the guild or change leadership before deleting character.'; } else echo 'Character must be offline first.'; } } break; // end // CHANGE character name case 'change_name': $oldname = $char_name; $newname = isset($_POST['newName']) ? getValue($_POST['newName']) : ''; $player = false; $player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '$oldname'"); $player['online'] = (user_is_online_10($player['id'])) ? 1 : 0; // Check if user is online if ($player['online'] == 1) { $errors[] = 'Character must be offline first.'; } // Check if player has bough ticket $accountId = $player['account_id']; $order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '$accountId' LIMIT 1;"); if ($order === false) { $errors[] = 'Did not find any name change tickets, buy them in our shop!'; } // Check if player and account matches if ($session_user_id != $accountId || $session_user_id != $order['account_id']) { if (empty($errors)) { $errors[] = 'Failed to sync your account. :|'; } } $newname = validate_name($newname); if ($newname === false) { $errors[] = 'Your name can not contain more than 2 words.'; } else { if (empty($newname)) { $errors[] = 'Please enter a name!'; } else if (user_character_exist($newname) !== false) { $errors[] = 'Sorry, that character name already exist.'; } else if (!preg_match("/^[a-zA-Z_ ]+$/", $newname)) { $errors[] = 'Your name may only contain a-z, A-Z and spaces.'; } else if (strlen($newname) < $config['minL'] || strlen($newname) > $config['maxL']) { $errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.'; } else if (!ctype_upper($newname[0])) { $errors[] = 'The first letter of a name has to be a capital letter!'; } // name restriction $resname = explode(" ", $_POST['newName']); foreach($resname as $res) { if(in_array(strtolower($res), $config['invalidNameTags'])) { $errors[] = 'Your username contains a restricted word.'; } else if(strlen($res) == 1) { $errors[] = 'Too short words in your name.'; } } } if (!empty($newname) && empty($errors)) { echo 'You have successfully changed your character name to ' . $newname . '.'; mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;"); mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;"); } else if (!empty($errors)) { echo ''; echo output_errors($errors); echo ''; } break; // end // Change character sex case 'change_gender': if ((int)user_character_account_id($char_name) === $session_user_id) { $char_id = (int)user_character_id($char_name); $account_id = user_character_account_id($char_name); $chr_data['online'] = user_is_online_10($char_id) ? 1 : 0; if ($chr_data['online'] != 1) { // Verify that we are not messing around with data if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging."); // Fetch character tickets $tickets = shop_account_gender_tickets($account_id); if ($tickets !== false || $config['free_sex_change'] == true) { // They are allowed to change gender $last = false; $infinite = false; $tks = 0; // Do we have any infinite tickets? foreach ($tickets as $ticket) { if ($ticket['count'] == 0) $infinite = true; else if ($ticket > 0 && $infinite === false) $tks += (int)$ticket['count']; } if ($infinite === true) $tks = 0; $dbid = (int)$tickets[0]['id']; // If they dont have unlimited tickets, remove a count from their ticket. if ($tickets[0]['count'] > 1) { // Decrease count $tks--; $tkr = ((int)$tickets[0]['count'] - 1); shop_update_row_count($dbid, $tkr); } else if ($tickets[0]['count'] == 1) { // Delete record shop_delete_row_order($dbid); $tks--; } // Change character gender: // user_character_change_gender($char_name); echo 'You have successfully changed gender on character '. $char_name .'.'; if ($tks > 0) echo 'Welcome to your account page, 
			
Email:  (Verified).
Your email is not verified! Please verify it.
		
Account security with Two-factor Authentication:
| NAME | LEVEL | VOCATION | TOWN | LAST LOGIN | STATUS | HIDE | 
|---|---|---|---|---|---|---|