Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-17 11:13:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into feature/settings

Browse Source
This commit is contained in:
slawkens
2023-02-08 15:02:56 +01:00
parent 4dbcad5ad5 3a3411c117
commit 1340b8e63e
362 changed files with 7410 additions and 2732 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
system/pages/405.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
/**
* 405 error page
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2021 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = '405 Method Not Allowed';
header('HTTP/1.0 405 Method Not Allowed');
?>
<h1>Method not allowed</h1>
<p>The requested method: <?php echo $_SERVER['REQUEST_METHOD']; ?> for URL <?php echo $_SERVER['REQUEST_URI']; ?> was not found on this server.</p>

29
system/pages/account/base.php Normal file
View File

@@ -0,0 +1,29 @@
<?php
/**
* Account confirm mail
* Keept for compability
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
if(!$logged)
{
if(!empty($errors))
$twig->display('error_box.html.twig', array('errors' => $errors));
$twig->display('account.login.html.twig', array(
'redirect' => $_REQUEST['redirect'] ?? null,
'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
'account_login_by' => getAccountLoginByLabel(),
'error' => $errors[0] ?? null
));
return;
}
else {
$show_form = true;
}

9
system/pages/account/change_comment.php
View File

@@ -10,6 +10,13 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Change Comment';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;
$new_hideacc = isset($_POST['accountvisible']) ? (int)$_POST['accountvisible'] : NULL;
@@ -56,4 +63,4 @@ if($show_form) {
));
}
}
?>
?>

11
system/pages/account/change_email.php
View File

@@ -10,6 +10,13 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Change E-Mail';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$email_new_time = $account_logged->getCustomField("email_new_time");
if($email_new_time > 10) {
@@ -29,7 +36,7 @@ if($email_new_time < 10) {
$errors[] = 'Please enter password to your account.';
}
else {
$post_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $post_password);
$post_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $post_password);
if($post_password != $account_logged->getPassword()) {
$errors[] = 'Wrong password to account.';
}
@@ -159,4 +166,4 @@ if(isset($_POST['emailchangecancel']) && $_POST['emailchangecancel'] == 1) {
'custom_buttons' => $custom_buttons
));
}
?>
?>

16
system/pages/account/change_info.php
View File

@@ -10,6 +10,16 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Change Info';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
if($config['account_country'])
require SYSTEM . 'countries.conf.php';
$show_form = true;
$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
@@ -53,10 +63,10 @@ if($show_form) {
}
$twig->display('account.change_info.html.twig', array(
'countries' => isset($countries) ? $countries : [],
'countries' => $countries ?? [],
'account_rlname' => $account_rlname,
'account_location' => $account_location,
'account_country' => isset($account_country) ? $account_country : ''
'account_country' => $account_country ?? ''
));
}
?>
?>

32
system/pages/account/change_name.php
View File

@@ -10,6 +10,13 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Change Name';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
if((!$config['account_change_character_name']))
@@ -52,6 +59,29 @@ else
$old_name = $player->getName();
$player->setName($name);
$player->save();
if ($db->hasTable('player_deaths') &&
$db->hasColumn('player_deaths', 'mostdamage_is_player') &&
$db->hasColumn('player_deaths', 'killed_by')) {
$namesToChange = $db->query('SELECT `player_id`, `time`, `is_player`, `killed_by`, `mostdamage_is_player`, `mostdamage_by` FROM `player_deaths` WHERE (`is_player` = 1 AND `killed_by` = ' . $db->quote($old_name) . ') OR (`mostdamage_is_player` = 1 AND `mostdamage_by` = ' . $db->quote($old_name) . ');');
if ($namesToChange->rowCount() > 0) {
foreach ($namesToChange->fetchAll(PDO::FETCH_ASSOC) as $row) {
$changeKey = '';
if ($row['is_player'] == '1' && $row['killed_by'] == $old_name) {
$changeKey = 'killed_by';
} else if ($row['mostdamage_is_player'] == '1' && $row['mostdamage_by'] == $old_name) {
$changeKey = 'mostdamage_by';
}
if (!empty($changeKey)) {
$db->update('player_deaths', [$changeKey => $name], ['player_id' => $row['player_id'], 'time' => $row['time']]);
}
}
}
}
$account_logged->setCustomField("premium_points", $points - $config['account_change_character_name_points']);
$account_logged->logAction('Changed name from <b>' . $old_name . '</b> to <b>' . $player->getName() . '</b>.');
$twig->display('success.html.twig', array(
@@ -83,4 +113,4 @@ else
}
}
?>
?>

19
system/pages/account/change_password.php
View File

@@ -10,9 +10,16 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$new_password = isset($_POST['newpassword']) ? $_POST['newpassword'] : NULL;
$new_password2 = isset($_POST['newpassword2']) ? $_POST['newpassword2'] : NULL;
$old_password = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : NULL;
$title = 'Change Password';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$new_password = $_POST['newpassword'] ?? NULL;
$new_password2 = $_POST['newpassword2'] ?? NULL;
$old_password = $_POST['oldpassword'] ?? NULL;
if(empty($new_password) && empty($new_password2) && empty($old_password)) {
$twig->display('account.change_password.html.twig');
}
@@ -32,7 +39,7 @@ else
}
/** @var OTS_Account $account_logged */
$old_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $old_password);
$old_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
if($old_password != $account_logged->getPassword()) {
$errors[] = "Current password is incorrect!";
}
@@ -48,7 +55,7 @@ else
{
$org_pass = $new_password;
if($config_salt_enabled)
if(USE_ACCOUNT_SALT)
{
$salt = generateRandomString(10, false, true, true);
$new_password = $salt . $new_password;
@@ -82,4 +89,4 @@ else
}
}
?>
?>

9
system/pages/account/change_sex.php
View File

@@ -10,6 +10,13 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Change Sex';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$sex_changed = false;
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;
@@ -85,4 +92,4 @@ else
}
}
?>
?>

12
system/pages/account/confirm_email.php
View File

@@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!');
$title = 'Confirm Email';
$hash = isset($_GET['v']) ? $_GET['v'] : '';
$hash = $_GET['hash'] ?? '';
if(empty($hash)) {
warning('Please enter email hash code.<br/>If you copied the link, please try again with full link.');
return;
@@ -23,6 +23,16 @@ if(!$res->rowCount()) {
}
else
{
$query = $db->query('SELECT id FROM accounts WHERE email_hash = ' . $db->quote($hash) . ' AND email_verified = 0');
if ($query->rowCount() == 1) {
$query = $query->fetch(PDO::FETCH_ASSOC);
$account = new OTS_Account();
$account->load($query['id']);
if ($account->isLoaded()) {
$hooks->trigger(HOOK_EMAIL_CONFIRMED, ['account' => $account]);
}
}
$db->update('accounts', array('email_verified' => '1'), array('email_hash' => $hash));
success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this.');
}

129
system/pages/createaccount.php → system/pages/account/create.php
View File

@@ -34,11 +34,13 @@ $errors = array();
$save = isset($_POST['save']) && $_POST['save'] == 1;
if($save)
{
if(USE_ACCOUNT_NAME) {
$account_name = $_POST['account'];
}
else {
$account_id = $_POST['account'];
if(!config('account_login_by_email')) {
if(USE_ACCOUNT_NAME) {
$account_name = $_POST['account'];
}
else {
$account_id = $_POST['account'];
}
}
$email = $_POST['email'];
@@ -46,12 +48,14 @@ if($save)
$password2 = $_POST['password2'];
// account
if(isset($account_id)) {
if(!Validator::accountId($account_id))
if(!config('account_login_by_email')) {
if (isset($account_id)) {
if (!Validator::accountId($account_id)) {
$errors['account'] = Validator::getLastError();
}
} else if (!Validator::accountName($account_name))
$errors['account'] = Validator::getLastError();
}
else if(!Validator::accountName($account_name))
$errors['account'] = Validator::getLastError();
// email
if(!Validator::email($email))
@@ -68,19 +72,6 @@ if($save)
$errors['country'] = 'Country is invalid.';
}
if($config['recaptcha_enabled'])
{
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
{
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$config['recaptcha_secret_key'].'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
if(!$responseData->success)
$errors['verification'] = "Please confirm that you're not a robot.";
}
else
$errors['verification'] = "Please confirm that you're not a robot.";
}
// password
if(empty($password)) {
$errors['password'] = 'Please enter the password for your new account.';
@@ -93,7 +84,7 @@ if($save)
}
// check if account name is not equal to password
if(USE_ACCOUNT_NAME && strtoupper($account_name) == strtoupper($password)) {
if(!config('account_login_by_email') && USE_ACCOUNT_NAME && strtoupper($account_name) == strtoupper($password)) {
$errors['password'] = 'Password may not be the same as account name.';
}
@@ -106,16 +97,28 @@ if($save)
}
$account_db = new OTS_Account();
if(USE_ACCOUNT_NAME)
$account_db->find($account_name);
else
$account_db->load($account_id);
if (config('account_login_by_email')) {
$account_db->findByEMail($email);
}
else {
if(USE_ACCOUNT_NAME) {
$account_db->find($account_name);
}
else {
$account_db->load($account_id);
}
}
if($account_db->isLoaded()) {
if(USE_ACCOUNT_NAME)
$errors['account'] = 'Account with this name already exist.';
else
$errors['account'] = 'Account with this id already exist.';
if (config('account_login_by_email') && !config('account_mail_unique')) {
$errors['account'] = 'Account with this email already exist.';
}
else if (!config('account_login_by_email')) {
if (USE_ACCOUNT_NAME)
$errors['account'] = 'Account with this name already exist.';
else
$errors['account'] = 'Account with this id already exist.';
}
}
if(!isset($_POST['accept_rules']) || $_POST['accept_rules'] !== 'true')
@@ -130,14 +133,17 @@ if($save)
'accept_rules' => isset($_POST['accept_rules']) ? $_POST['accept_rules'] === 'true' : false,
);
if(USE_ACCOUNT_NAME) {
$params['account_name'] = $_POST['account'];
}
else {
$params['account_id'] = $_POST['account'];
if (!config('account_login_by_email')) {
if (USE_ACCOUNT_NAME) {
$params['account_name'] = $_POST['account'];
} else {
$params['account_id'] = $_POST['account'];
}
}
$hooks->trigger(HOOK_ACCOUNT_CREATE_AFTER_SUBMIT, $params);
if (!$hooks->trigger(HOOK_ACCOUNT_CREATE_POST, $params)) {
return;
}
if(config('account_create_character_create')) {
$character_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : null;
@@ -151,13 +157,17 @@ if($save)
if(empty($errors))
{
$new_account = new OTS_Account();
if(USE_ACCOUNT_NAME)
$new_account->create($account_name);
else
$new_account->create(NULL, $account_id);
if (config('account_login_by_email')) {
$new_account->createWithEmail($email);
}
else {
if(USE_ACCOUNT_NAME)
$new_account->create($account_name);
else
$new_account->create(NULL, $account_id);
}
$config_salt_enabled = $db->hasColumn('accounts', 'salt');
if($config_salt_enabled)
if(USE_ACCOUNT_SALT)
{
$salt = generateRandomString(10, false, true, true);
$password = $salt . $password;
@@ -168,7 +178,7 @@ if($save)
$new_account->unblock();
$new_account->save();
if($config_salt_enabled)
if(USE_ACCOUNT_SALT)
$new_account->setCustomField('salt', $salt);
$new_account->setCustomField('created', time());
@@ -183,8 +193,13 @@ if($save)
$new_account->setCustomField('premend', time() + $config['account_premium_days'] * 86400);
}
else { // rest
$new_account->setCustomField('premdays', $config['account_premium_days']);
$new_account->setCustomField('lastday', time());
if ($db->hasColumn('accounts', 'premium_ends_at')) { // TFS 1.4+
$new_account->setCustomField('premium_ends_at', time() + $config['account_premium_days'] * (60 * 60 * 24));
}
else {
$new_account->setCustomField('premdays', $config['account_premium_days']);
$new_account->setCustomField('lastday', time());
}
}
}
@@ -192,7 +207,11 @@ if($save)
$new_account->setCustomField('premium_points', $config['account_premium_points']);
}
$tmp_account = (USE_ACCOUNT_NAME ? $account_name : $account_id);
$tmp_account = $email;
if (!config('account_login_by_email')) {
$tmp_account = (USE_ACCOUNT_NAME ? $account_name : $account_id);
}
if($config['mail_enabled'] && $config['account_mail_verify'])
{
$hash = md5(generateRandomString(16, true, true) . $email);
@@ -223,6 +242,14 @@ if($save)
}
else
{
if(config('account_create_character_create')) {
// character creation
$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
if (!$character_created) {
error('There was an error creating your character. Please create your character later in account management page.');
}
}
if($config['account_create_auto_login']) {
$_POST['account_login'] = USE_ACCOUNT_NAME ? $account_name : $account_id;
$_POST['password_login'] = $password2;
@@ -265,14 +292,6 @@ if($save)
error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log');
}
}
if(config('account_create_character_create')) {
// character creation
$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
if (!$character_created) {
error('There was an error creating your character. Please create your character later in account management page.');
}
}
}
return;

7
system/pages/account/create_character.php
View File

@@ -10,6 +10,13 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Create Character';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$character_name = isset($_POST['name']) ? stripslashes($_POST['name']) : null;
$character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
$character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;

9
system/pages/account/delete_character.php
View File

@@ -10,9 +10,16 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Delete Character';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
$password_verify = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $password_verify);
$password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);
if(isset($_POST['deletecharactersave']) && $_POST['deletecharactersave'] == 1) {
if(empty($player_name) || empty($password_verify)) {
$errors[] = 'Character name or/and password is empty. Please fill in form.';

113
system/pages/account/login.php Normal file
View File

@@ -0,0 +1,113 @@
<?php
// new login with data from form
if(!$logged && isset($_POST['account_login'], $_POST['password_login']))
{
$login_account = $_POST['account_login'];
$login_password = $_POST['password_login'];
$remember_me = isset($_POST['remember_me']);
if(!empty($login_account) && !empty($login_password))
{
if($cache->enabled())
{
$tmp = '';
if($cache->fetch('failed_logins', $tmp))
{
$tmp = unserialize($tmp);
$to_remove = array();
foreach($tmp as $ip => $t)
{
if(time() - $t['last'] >= 5 * 60)
$to_remove[] = $ip;
}
foreach($to_remove as $ip)
unset($tmp[$ip]);
}
else
$tmp = array();
$ip = $_SERVER['REMOTE_ADDR'];
$t = $tmp[$ip] ?? null;
}
$account_logged = new OTS_Account();
if (config('account_login_by_email')) {
$account_logged->findByEMail($login_account);
}
if (!config('account_login_by_email') || config('account_login_by_email_fallback')) {
if(USE_ACCOUNT_NAME) {
$account_logged->find($login_account);
} else {
$account_logged->load($login_account, true);
}
}
if($account_logged->isLoaded() && encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword()
&& (!isset($t) || $t['attempts'] < 5)
)
{
setSession('account', $account_logged->getNumber());
setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
if($remember_me) {
setSession('remember_me', true);
}
$logged = true;
$logged_flags = $account_logged->getWebFlags();
if(isset($_POST['admin']) && !admin()) {
$errors[] = 'This account has no admin privileges.';
unsetSession('account');
unsetSession('password');
unsetSession('remember_me');
$logged = false;
}
else {
$account_logged->setCustomField('web_lastlogin', time());
}
$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
}
else
{
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
$errorMessage = getAccountLoginByLabel() . ' or password is not correct.';
// temporary solution for blocking failed login attempts
if($cache->enabled())
{
if(isset($t))
{
$t['attempts']++;
$t['last'] = time();
if($t['attempts'] >= 5)
$errors[] = 'A wrong password has been entered 5 times in a row. You are unable to log into your account for the next 5 minutes. Please wait.';
else
$errors[] = $errorMessage;
}
else
{
$t = array('attempts' => 1, 'last' => time());
$errors[] = $errorMessage;
}
$tmp[$ip] = $t;
$cache->set('failed_logins', serialize($tmp), 60 * 60); // save for 1 hour
}
else {
$errors[] = $errorMessage;
}
}
}
else {
$errors[] = 'Please enter your ' . getAccountLoginByLabel() . ' and password.';
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
}
$hooks->trigger(HOOK_ACCOUNT_LOGIN_POST);
}

22
system/pages/account/logout.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
/**
* Logout Account
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2021 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Logout';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
require SYSTEM . 'logout.php';
$twig->display('account.logout.html.twig');

13
system/pages/lostaccount.php → system/pages/account/lost.php
View File

@@ -17,7 +17,6 @@ if(!$config['mail_enabled'])
return;
}
$config_salt_enabled = $db->hasColumn('accounts', 'salt');
$action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : '';
if($action == '')
{
@@ -111,7 +110,7 @@ elseif($action == 'sendcode')
else
{
$account->setCustomField('email_next', (time() + 60));
echo '<br /><p class="error">An error occorred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
echo '<br /><p class="error">An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
}
}
else
@@ -292,7 +291,7 @@ elseif($action == 'step3')
$account->setEMail($new_email);
$tmp_new_pass = $new_pass;
if($config_salt_enabled)
if(USE_ACCOUNT_SALT)
{
$salt = generateRandomString(10, false, true, true);
$tmp_new_pass = $salt . $new_pass;
@@ -301,7 +300,7 @@ elseif($action == 'step3')
$account->setPassword(encrypt($tmp_new_pass));
$account->save();
if($config_salt_enabled)
if(USE_ACCOUNT_SALT)
$account->setCustomField('salt', $salt);
echo 'Your account name, new password and new e-mail.<BR>
@@ -330,7 +329,7 @@ elseif($action == 'step3')
}
else
{
echo '<br /><p class="error">An error occorred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
echo '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
}
}
else
@@ -481,7 +480,7 @@ elseif($action == 'setnewpassword')
if(Validator::password($newpassword))
{
$tmp_new_pass = $newpassword;
if($config_salt_enabled)
if(USE_ACCOUNT_SALT)
{
$salt = generateRandomString(10, false, true, true);
$tmp_new_pass = $salt . $newpassword;
@@ -513,7 +512,7 @@ elseif($action == 'setnewpassword')
}
else
{
echo '<br /><p class="error">New password work! An error occorred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
echo '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
}
echo '</TD></TR>
</TABLE>

98
system/pages/account/manage.php Normal file
View File

@@ -0,0 +1,98 @@
<?php
/**
* Account management
*
* @package MyAAC
* @author Gesior <jerzyskalski@wp.pl>
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Account Management';
require __DIR__ . '/login.php';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$groups = new OTS_Groups_List();
$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
$dayOrDays = $account_logged->getPremDays() == 1 ? 'day' : 'days';
/**
* @var OTS_Account $account_logged
*/
if(!$account_logged->isPremium())
$account_status = '<b><span style="color: red">Free Account</span></b>';
else
$account_status = '<b><span style="color: green">' . ($freePremium ? 'Gratis Premium Account' : 'Premium Account, ' . $account_logged->getPremDays() . ' '.$dayOrDays.' left') . '</span></b>';
$recovery_key = $account_logged->getCustomField('key');
if(empty($recovery_key))
$account_registered = '<b><span style="color: red">No</span></b>';
else
{
if($config['generate_new_reckey'] && $config['mail_enabled'])
$account_registered = '<b><span style="color: green">Yes ( <a href="' . getLink('account/register/new') . '"> Buy new Recovery Key </a> )</span></b>';
else
$account_registered = '<b><span style="color: green">Yes</span></b>';
}
$account_created = $account_logged->getCreated();
$account_email = $account_logged->getEMail();
$email_new_time = $account_logged->getCustomField("email_new_time");
if($email_new_time > 1)
$email_new = $account_logged->getCustomField("email_new");
$account_rlname = $account_logged->getRLName();
$account_location = $account_logged->getLocation();
if($account_logged->isBanned())
if($account_logged->getBanTime() > 0)
$welcome_message = '<span style="color: red">Your account is banished until '.date("j F Y, G:i:s", $account_logged->getBanTime()).'!</span>';
else
$welcome_message = '<span style="color: red">Your account is banished FOREVER!</span>';
else
$welcome_message = 'Welcome to your account!';
$email_change = '';
$email_request = false;
if($email_new_time > 1)
{
if($email_new_time < time())
$email_change = '<br>(You can accept <b>'.$email_new.'</b> as a new email.)';
else
{
$email_change = ' <br>You can accept <b>new e-mail after '.date("j F Y", $email_new_time).".</b>";
$email_request = true;
}
}
$actions = array();
foreach($account_logged->getActionsLog(0, 1000) as $action) {
$actions[] = array('action' => $action['action'], 'date' => $action['date'], 'ip' => $action['ip'] != 0 ? long2ip($action['ip']) : inet_ntop($action['ipv6']));
}
$players = array();
/** @var OTS_Players_List $account_players */
$account_players = $account_logged->getPlayersList();
$account_players->orderBy('id');
$twig->display('account.management.html.twig', array(
'welcome_message' => $welcome_message,
'recovery_key' => $recovery_key,
'email_change' => $email_change,
'email_request' => $email_request,
'email_new_time' => $email_new_time,
'email_new' => isset($email_new) ? $email_new : '',
'account' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId(),
'account_email' => $account_email,
'account_created' => $account_created,
'account_status' => $account_status,
'account_registered' => $account_registered,
'account_rlname' => $account_rlname,
'account_location' => $account_location,
'actions' => $actions,
'players' => $account_players
));

13
system/pages/account.php → system/pages/account/redirect.php
View File

@@ -1,16 +1,17 @@
<?php
/**
* Account confirm mail
* Keept for compability
* Change comment
*
* @package MyAAC
* @author Gesior <jerzyskalski@wp.pl>
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
if($action == 'confirm_email') {
require_once PAGES . 'account/confirm_email.php';
}
?>
$redirect = urldecode($_REQUEST['redirect']);
$twig->display('account.redirect.html.twig', array(
'redirect' => $redirect
));

14
system/pages/account/register.php
View File

@@ -10,8 +10,15 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$_POST['reg_password'] = isset($_POST['reg_password']) ? $_POST['reg_password'] : '';
$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
$title = 'Register Account';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
$_POST['reg_password'] = $_POST['reg_password'] ?? '';
$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
$old_key = $account_logged->getCustomField("key");
if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1") {
@@ -22,6 +29,7 @@ if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1")
$account_logged->setCustomField("key", $new_rec_key);
$account_logged->logAction('Generated recovery key.');
$message = '';
if($config['mail_enabled'] && $config['send_mail_when_generate_reckey'])
{
@@ -54,5 +62,3 @@ if($show_form) {
//show form
$twig->display('account.generate_recovery_key.html.twig');
}
?>

19
system/pages/account/register_new.php
View File

@@ -10,12 +10,21 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Register Account';
require __DIR__ . '/base.php';
if(!$logged) {
return;
}
if(isset($_POST['reg_password']))
$reg_password = encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
$reg_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $_POST['reg_password']);
$reckey = $account_logged->getCustomField('key');
if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey))
echo 'You cant get new rec key';
if((!$config['generate_new_reckey'] || !$config['mail_enabled']) || empty($reckey)) {
$errors[] = 'You cant get new recovery key.';
$twig->display('error_box.html.twig', array('errors' => $errors));
}
else
{
$points = $account_logged->getCustomField('premium_points');
@@ -40,7 +49,7 @@ else
$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.$config['generate_new_reckey_price'].' premium points.';
}
else
$message = '<br /><p class="error">An error occorred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>';
$message = '<br /><p class="error">An error occurred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>';
$twig->display('success.html.twig', array(
'title' => 'Account Registered',
@@ -67,5 +76,3 @@ else
));
}
}
?>

151
system/pages/accountmanagement.php
View File

@@ -1,151 +0,0 @@
<?php
/**
* Account management
*
* @package MyAAC
* @author Gesior <jerzyskalski@wp.pl>
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Account Management';
if($config['account_country'])
require SYSTEM . 'countries.conf.php';
$groups = new OTS_Groups_List();
$show_form = true;
$config_salt_enabled = $db->hasColumn('accounts', 'salt');
if(ACTION == "logout" && !isset($_REQUEST['account_login'])) {
if(!defined('HOOK_LOGOUT_DISPLAY') || HOOK_LOGOUT_DISPLAY) { // plugin will take care of this message
$twig->display('account.logout.html.twig');
}
return;
}
if(!$logged)
{
if(ACTION == 'confirm_email') {
require PAGES . 'account/' . ACTION . '.php';
return;
}
if(!empty($errors))
$twig->display('error_box.html.twig', array('errors' => $errors));
$twig->display('account.login.html.twig', array(
'redirect' => isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : null,
'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
'error' => isset($errors[0]) ? $errors[0] : null
));
return;
}
$errors = array();
if(isset($_REQUEST['redirect']))
{
$redirect = urldecode($_REQUEST['redirect']);
$twig->display('account.redirect.html.twig', array(
'redirect' => $redirect
));
return;
}
if($action == '')
{
$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
$dayOrDays = $account_logged->getPremDays() == 1 ? 'day' : 'days';
/**
* @var OTS_Account $account_logged
*/
if(!$account_logged->isPremium())
$account_status = '<b><span style="color: red">Free Account</span></b>';
else
$account_status = '<b><span style="color: green">' . ($freePremium ? 'Gratis Premium Account' : 'Premium Account, ' . $account_logged->getPremDays() . ' '.$dayOrDays.' left') . '</span></b>';
$recovery_key = $account_logged->getCustomField('key');
if(empty($recovery_key))
$account_registered = '<b><span style="color: red">No</span></b>';
else
{
if($config['generate_new_reckey'] && $config['mail_enabled'])
$account_registered = '<b><span style="color: green">Yes ( <a href="' . getLink('account/register/new') . '"> Buy new Recovery Key </a> )</span></b>';
else
$account_registered = '<b><span style="color: green">Yes</span></b>';
}
$account_created = $account_logged->getCreated();
$account_email = $account_logged->getEMail();
$email_new_time = $account_logged->getCustomField("email_new_time");
if($email_new_time > 1)
$email_new = $account_logged->getCustomField("email_new");
$account_rlname = $account_logged->getRLName();
$account_location = $account_logged->getLocation();
if($account_logged->isBanned())
if($account_logged->getBanTime() > 0)
$welcome_message = '<span style="color: red">Your account is banished until '.date("j F Y, G:i:s", $account_logged->getBanTime()).'!</span>';
else
$welcome_message = '<span style="color: red">Your account is banished FOREVER!</span>';
else
$welcome_message = 'Welcome to your account!';
$email_change = '';
$email_request = false;
if($email_new_time > 1)
{
if($email_new_time < time())
$email_change = '<br>(You can accept <b>'.$email_new.'</b> as a new email.)';
else
{
$email_change = ' <br>You can accept <b>new e-mail after '.date("j F Y", $email_new_time).".</b>";
$email_request = true;
}
}
$actions = array();
foreach($account_logged->getActionsLog(0, 1000) as $action) {
$actions[] = array('action' => $action['action'], 'date' => $action['date'], 'ip' => $action['ip'] != 0 ? long2ip($action['ip']) : inet_ntop($action['ipv6']));
}
$players = array();
/** @var OTS_Players_List $account_players */
$account_players = $account_logged->getPlayersList();
$account_players->orderBy('id');
$twig->display('account.management.html.twig', array(
'welcome_message' => $welcome_message,
'recovery_key' => $recovery_key,
'email_change' => $email_change,
'email_request' => $email_request,
'email_new_time' => $email_new_time,
'email_new' => isset($email_new) ? $email_new : '',
'account' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId(),
'account_email' => $account_email,
'account_created' => $account_created,
'account_status' => $account_status,
'account_registered' => $account_registered,
'account_rlname' => $account_rlname,
'account_location' => $account_location,
'actions' => $actions,
'players' => $account_players
));
}
else {
if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
error('Error: Action contains illegal characters.');
}
else if(file_exists(PAGES . 'account/' . $action . '.php')) {
require PAGES . 'account/' . $action . '.php';
}
else {
error('This page does not exists.');
}
}
?>

591
system/pages/admin/accounts.php
View File

@@ -1,591 +0,0 @@
<?php
/**
* Account editor
*
* @package MyAAC
* @author Lee
* @copyright 2020 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Account editor';
$admin_base = BASE_URL . 'admin/?p=accounts';
$use_datatable = true;
if ($config['account_country'])
require SYSTEM . 'countries.conf.php';
$hasSecretColumn = $db->hasColumn('accounts', 'secret');
$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
$hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
$hasTypeColumn = $db->hasColumn('accounts', 'type');
$hasGroupColumn = $db->hasColumn('accounts', 'group_id');
if ($config['account_country']) {
$countries = array();
foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
$countries[$c] = $config['countries'][$c];
$countries['--'] = '----------';
foreach ($config['countries'] as $code => $c)
$countries[$code] = $c;
}
$web_acc = array("None", "Admin", "Super Admin", "(Admin + Super Admin)");
$acc_type = array("None", "Normal", "Tutor", "Senior Tutor", "Gamemaster", "God");
?>
<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
<?php
$id = 0;
$search_account = '';
if (isset($_REQUEST['id']))
$id = (int)$_REQUEST['id'];
else if (isset($_REQUEST['search'])) {
$search_account = $_REQUEST['search'];
if (strlen($search_account) < 3 && !Validator::number($search_account)) {
echo_error('Player name is too short.');
} else {
$query = $db->query('SELECT `id` FROM `accounts` WHERE `name` = ' . $db->quote($search_account));
if ($query->rowCount() == 1) {
$query = $query->fetch();
$id = (int)$query['id'];
} else {
$query = $db->query('SELECT `id`, `name` FROM `accounts` WHERE `name` LIKE ' . $db->quote('%' . $search_account . '%'));
if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
$str_construct = 'Do you mean?<ul class="mb-0">';
foreach ($query as $row)
$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
$str_construct .= '</ul>';
echo_error($str_construct);
} else if ($query->rowCount() > 10)
echo_error('Specified name resulted with too many accounts.');
else
echo_error('No entries found.');
}
}
}
?>
<div class="row">
<?php
$groups = new OTS_Groups_List();
if ($id > 0) {
$account = new OTS_Account();
$account->load($id);
if (isset($account, $_POST['save']) && $account->isLoaded()) {
$error = false;
$_error = '';
$account_db = new OTS_Account();
if (USE_ACCOUNT_NAME) {
$name = $_POST['name'];
$account_db->find($name);
if ($account_db->isLoaded() && $account->getName() != $name)
echo_error('This name is already used. Please choose another name!');
}
$account_db->load($id);
if (!$account_db->isLoaded())
echo_error('Account with this id doesn\'t exist.');
//type/group
if ($hasTypeColumn || $hasGroupColumn) {
$group = $_POST['group'];
}
$password = ((!empty($_POST["pass"]) ? $_POST['pass'] : null));
if (!Validator::password($password)) {
$errors['password'] = Validator::getLastError();
}
//secret
if ($hasSecretColumn) {
$secret = $_POST['secret'];
}
//key
$key = $_POST['key'];
$email = $_POST['email'];
if (!Validator::email($email))
$errors['email'] = Validator::getLastError();
//tibia coins
if ($hasCoinsColumn) {
$t_coins = $_POST['t_coins'];
verify_number($t_coins, 'Tibia coins', 12);
}
// prem days
$p_days = (int)$_POST['p_days'];
verify_number($p_days, 'Prem days', 11);
//prem points
$p_points = $_POST['p_points'];
verify_number($p_points, 'Prem Points', 11);
//rl name
$rl_name = $_POST['rl_name'];
//location
$rl_loca = $_POST['rl_loca'];
//country
$rl_country = $_POST['rl_country'];
$web_flags = $_POST['web_flags'];
verify_number($web_flags, 'Web Flags', 1);
//created
$created = strtotime($_POST['created']);
verify_number($created, 'Created', 11);
//web last login
$web_lastlogin = strtotime($_POST['web_lastlogin']);
verify_number($web_lastlogin, 'Web Last login', 11);
if (!$error) {
if (USE_ACCOUNT_NAME) {
$account->setName($name);
}
if ($hasTypeColumn) {
$account->setCustomField('type', $group);
} elseif ($hasGroupColumn) {
$account->setCustomField('group_id', $group);
}
if ($hasSecretColumn) {
$account->setCustomField('secret', $secret);
}
$account->setCustomField('key', $key);
$account->setEMail($email);
if ($hasCoinsColumn) {
$account->setCustomField('coins', $t_coins);
}
$lastDay = 0;
if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
$lastDay = time();
} else if ($lastDay != 0) {
$lastDay = 0;
}
$account->setPremDays($p_days);
$account->setLastLogin($lastDay);
if ($hasPointsColumn) {
$account->setCustomField('premium_points', $p_points);
}
$account->setRLName($rl_name);
$account->setLocation($rl_loca);
$account->setCountry($rl_country);
$account->setCustomField('created', $created);
$account->setWebFlags($web_flags);
$account->setCustomField('web_lastlogin', $web_lastlogin);
if (isset($password)) {
$config_salt_enabled = $db->hasColumn('accounts', 'salt');
if ($config_salt_enabled) {
$salt = generateRandomString(10, false, true, true);
$password = $salt . $password;
$account->setCustomField('salt', $salt);
}
$password = encrypt($password);
$account->setPassword($password);
if ($config_salt_enabled)
$account->setCustomField('salt', $salt);
}
$account->save();
echo_success('Account saved at: ' . date('G:i'));
}
}
} else if ($id == 0) {
$accounts_db = $db->query('SELECT `id`, `name`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
?>
<div class="col-12 col-sm-12 col-lg-10">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Accounts</h5>
</div>
<div class="card-body">
<table class="acc_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th>ID</th>
<th>Name</th>
<?php if($hasTypeColumn || $hasGroupColumn): ?>
<th>Position</th>
<?php endif; ?>
<th style="width: 40px">Edit</th>
</tr>
</thead>
<tbody>
<?php foreach ($accounts_db as $account_lst): ?>
<tr>
<th><?php echo $account_lst['id']; ?></th>
<td><?php echo $account_lst['name']; ?></a></td>
<?php if($hasTypeColumn || $hasGroupColumn): ?>
<td>
<?php if ($hasTypeColumn) {
echo $acc_type[$account_lst['type']];
} elseif ($hasGroupColumn) {
$group = $groups->getGroups();
echo $group[$account_lst['group_id']];
} ?>
</td>
<?php endif; ?>
<td><a href="?p=accounts&id=<?php echo $account_lst['id']; ?>" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
<?php } ?>
<?php if (isset($account) && $account->isLoaded()) { ?>
<div class="col-12 col-sm-12 col-lg-10">
<div class="card card-primary card-outline card-outline-tabs">
<div class="card-header p-0 border-bottom-0">
<ul class="nav nav-tabs" id="accounts-tab" role="tablist">
<li class="nav-item">
<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
</li>
<li class="nav-item">
<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
</li>
<?php if ($db->hasTable('bans')) : ?>
<li class="nav-item">
<a class="nav-link" id="accounts-bans-tab" data-toggle="pill" href="#accounts-bans">Bans</a>
</li>
<?php endif;
if ($db->hasTable('store_history')) : ?>
<li class="nav-item">
<a class="nav-link" id="accounts-store-tab" data-toggle="pill" href="#accounts-store">Store History</a>
</li>
<?php endif; ?>
</ul>
</div>
<div class="card-body">
<div class="tab-content" id="accounts-tabContent">
<div class="tab-pane fade active show" id="accounts-acc">
<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
<div class="form-group row">
<?php if (USE_ACCOUNT_NAME): ?>
<div class="col-12 col-sm-12 col-lg-4">
<label for="name">Account Name:</label>
<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getName(); ?>"/>
</div>
<?php endif; ?>
<div class="col-12 col-sm-12 col-lg-5">
<div class="form-check">
<input type="checkbox"
name="c_pass"
id="c_pass"
value="false"
class="form-check-input"/>
<label for="c_pass">Password: (check to change)</label>
</div>
<div class="input-group">
<input type="text" class="form-control" id="pass" name="pass" autocomplete="off" maxlength="20" value=""/>
</div>
</div>
<div class="col-12 col-sm-12 col-lg-3">
<label for="account_id" class="control-label">Account ID:</label>
<input type="text" class="form-control" id="account_id" name="account_id" autocomplete="off" size="8" maxlength="11" disabled value="<?php echo $account->getId(); ?>"/>
</div>
</div>
<div class="form-group row">
<?php
$acc_group = $account->getAccGroupId();
if ($hasTypeColumn) {
?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="group">Account Type:</label>
<select name="group" id="group" class="form-control">
<?php foreach ($acc_type as $id => $a_type): ?>
<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
<?php endforeach; ?>
</select>
</div>
<?php
} elseif ($hasGroupColumn) {
?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="group">Account Type:</label>
<select name="group" id="group" class="form-control">
<?php foreach ($groups->getGroups() as $id => $group): ?>
<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
<?php endforeach; ?>
</select>
</div>
<?php } ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="web_flags">Website Access:</label>
<select name="web_flags" id="web_flags" class="form-control">
<?php foreach ($web_acc as $id => $a_type): ?>
<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
<?php endforeach; ?>
</select>
</div>
</div>
<div class="form-group row">
<?php if ($hasSecretColumn): ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="secret">Secret:</label>
<input type="text" class="form-control" id="secret" name="secret" autocomplete="off" value="<?php echo $account->getCustomField('secret'); ?>"/>
</div>
<?php endif; ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="key">Recovery Key:</label>
<input type="text" class="form-control" id="key" name="key" autocomplete="off" value="<?php echo $account->getCustomField('key'); ?>"/>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="email">Email:</label><?php echo (config('mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
</div>
<?php if ($hasCoinsColumn): ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="t_coins">Tibia Coins:</label>
<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
</div>
<?php endif; ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="p_days">Premium Days:</label>
<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
</div>
<?php if ($hasPointsColumn): ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="p_points" class="control-label">Premium Points:</label>
<input type="text" class="form-control" id="p_points" name="p_points" autocomplete="off" maxlength="8" value="<?php echo $account->getCustomField('premium_points') ?>"/>
</div>
<?php endif; ?>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-4">
<label for="rl_name">RL Name:</label>
<input type="text" class="form-control" id="rl_name" name="rl_name"
autocomplete="off" maxlength="20"
value="<?php echo $account->getRLName(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-4">
<label for="rl_loca">Location:</label>
<input type="text" class="form-control" id="rl_loca" name="rl_loca"
autocomplete="off" maxlength="20"
value="<?php echo $account->getLocation(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-4">
<label for="rl_country">Country:</label>
<select name="rl_country" id="rl_country" class="form-control">
<?php foreach ($countries as $id => $a_type): ?>
<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
<?php endforeach; ?>
</select>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="created" class="control-label">Created:</label>
<input type="text" class="form-control" id="created" name="created" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('created')); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="web_lastlogin" class="control-label">Web Last Login:</label>
<input type="text" class="form-control" id="web_lastlogin" name="web_lastlogin" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('web_lastlogin')); ?>"/>
</div>
</div>
<input type="hidden" name="save" value="yes"/>
<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button>
<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
</form>
</div>
<div class="tab-pane fade" id="accounts-chars">
<div class="row">
<?php
if (isset($account) && $account->isLoaded()) {
$account_players = $account->getPlayersList();
$account_players->orderBy('id');
if (isset($account_players)) { ?>
<table class="table table-striped table-condensed table-responsive d-md-table">
<thead>
<tr>
<th>#</th>
<th>Name</th>
<th>Level</th>
<th>Vocation</th>
<th style="width: 40px">Edit</th>
</tr>
</thead>
<tbody>
<?php $i= 0;
foreach ($account_players as $i => $player):
$i++;
$player_vocation = $player->getVocation();
$player_promotion = $player->getPromotion();
if (isset($player_promotion)) {
if ((int)$player_promotion > 0)
$player_vocation += ($player_promotion * $config['vocations_amount']);
}
if (isset($config['vocations'][$player_vocation])) {
$vocation_name = $config['vocations'][$player_vocation];
} ?>
<tr>
<th><?php echo $i; ?></th>
<td><?php echo $player->getName(); ?></td>
<td><?php echo $player->getLevel(); ?></td>
<td><?php echo $vocation_name; ?></td>
<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
</tr>
<?php endforeach ?>
</tbody>
</table>
<?php
}
} ?>
</div>
</div>
<?php if ($db->hasTable('bans')) : ?>
<div class="tab-pane fade" id="accounts-bans">
<?php
$bans = $db->query('SELECT * FROM ' . $db->tableName('bans') . ' WHERE ' . $db->fieldName('active') . ' = 1 AND ' . $db->fieldName('id') . ' = ' . $account->getId() . ' ORDER BY ' . $db->fieldName('added') . ' DESC LIMIT 10');
if ($bans->rowCount()) {
?>
<table class="table table-striped table-condensed table-responsive d-md-table">
<thead>
<tr>
<th>Nick</th>
<th>Type</th>
<th>Expires</th>
<th>Reason</th>
<th>Comment</th>
<th>Added by:</th>
</tr>
</thead>
<tbody>
<?php
foreach ($bans as $ban) {
?>
<tr>
<td><?php
$pName = getPlayerNameByAccount($ban['value']);
echo '<a href="?p=players&search=' . $pName . '">' . $pName . '</a>'; ?>
</td>
<td><?php echo getBanType($ban['type']); ?></td>
<td>
<?php
if ($ban['expires'] == "-1")
echo 'Never';
else
echo date("H:i:s", $ban['expires']) . '<br/>' . date("d M Y", $ban['expires']);
?>
</td>
<td><?php echo getBanReason($ban['reason']); ?></td>
<td><?php echo $ban['comment']; ?></td>
<td>
<?php
if ($ban['admin_id'] == "0")
echo 'Autoban';
else
$aName = getPlayerNameByAccount($ban['admin_id']);
echo '<a href="?p=players&search=' . $aName . '">' . $aName . '</a>';
echo '<br/>' . date("d.m.Y", $ban['added']);
?>
</td>
</tr>
<?php } ?>
</tbody>
</table>
<?php
} else {
echo 'No Account bans.';
} ?>
</div>
<?php endif;
if ($db->hasTable('store_history')) { ?>
<div class="tab-pane fade" id="accounts-store">
<?php $store_history = $db->query('SELECT * FROM `store_history` WHERE `account_id` = "' . $account->getId() . '" ORDER BY `time` DESC')->fetchAll(); ?>
<table class="table table-striped table-condensed table-responsive d-md-table">
<thead>
<tr>
<th>Description</th>
<th>Coins</th>
<th>Date</th>
</tr>
</thead>
<tbody>
<?php foreach ($store_history as $p): ?>
<tr>
<td><?php echo $p['description']; ?></td>
<td><?php echo $p['coin_amount']; ?></td>
<td><?php echo date('d M y H:i:s', $p['time']); ?></td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php } ?>
</div>
</div>
</div>
</div>
<?php } ?>
<div class="col-12 col-sm-12 col-lg-2">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Search Accounts</h5>
</div>
<div class="card-body">
<div class="row">
<div class="col-6 col-lg-12">
<form action="<?php echo $admin_base; ?>" method="post">
<label for="name">Account Name:</label>
<div class="input-group input-group-sm">
<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
</div>
</form>
</div>
<div class="col-6 col-lg-12">
<form action="<?php echo $admin_base; ?>" method="post">
<label for="name">Account ID:</label>
<div class="input-group input-group-sm">
<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
<script>
$(document).ready(function () {
$('#created').datetimepicker({format: "M d Y, H:i:s",});
$('#web_lastlogin').datetimepicker({format: 'M d Y, H:i:s'});
$('#c_pass').change(function () {
const ipass = $('input[name=pass]');
ipass[0].disabled = !this.checked;
ipass[0].value = '';
}).change();
$('.acc_datatable').DataTable({
"order": [[0, "asc"]]
});
});
</script>

140
system/pages/admin/changelog.php
View File

@@ -1,140 +0,0 @@
<?php
/**
* CHANGELOG modifier
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @author Lee
* @copyright 2020 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
echo 'Access denied.';
return;
}
$title = 'Changelog';
$use_datatable = true;
define('CL_LIMIT', 600); // maximum changelog body length
?>
<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
<?php
$id = isset($_GET['id']) ? $_GET['id'] : 0;
require_once LIBS . 'changelog.php';
if(!empty($action))
{
$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
$errors = array();
if($action == 'add') {
if(Changelog::add($body, $type, $where, $player_id, $create_date, $errors)) {
$body = '';
$type = $where = $player_id = $create_date = 0;
success("Added successful.");
}
}
else if($action == 'delete') {
Changelog::delete($id, $errors);
success("Deleted successful.");
}
else if($action == 'edit')
{
if(isset($id) && !isset($body)) {
$cl = Changelog::get($id);
$body = $cl['body'];
$type = $cl['type'];
$where = $cl['where'];
$create_date = $cl['date'];
$player_id = $cl['player_id'];
}
else {
if(Changelog::update($id, $body, $type, $where, $player_id, $create_date,$errors)) {
$action = $body = '';
$type = $where = $player_id = $create_date = 0;
success("Updated successful.");
}
}
}
else if($action == 'hide') {
Changelog::toggleHidden($id, $errors, $status);
success(($status == 1 ? 'Show' : 'Hide') . " successful.");
}
if(!empty($errors))
error(implode(", ", $errors));
}
$changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
$i = 0;
$log_type = [
['id' => 1, 'icon' => 'added'],
['id' => 2, 'icon' => 'removed'],
['id' => 3, 'icon' => 'changed'],
['id' => 4, 'icon' => 'fixed'],
];
$log_where = [
['id' => 1, 'icon' => 'server'],
['id' => 2, 'icon' => 'website'],
];
foreach($changelogs as $key => &$log)
{
$log['type'] = getChangelogType($log['type']);
$log['where'] = getChangelogWhere($log['where']);
}
if($action == 'edit' || $action == 'new') {
if($action == 'edit') {
$player = new OTS_Player();
$player->load($player_id);
}
$account_players = $account_logged->getPlayersList();
$account_players->orderBy('group_id', POT::ORDER_DESC);
$twig->display('admin.changelog.form.html.twig', array(
'action' => $action,
'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'add'),
'cl_id' => isset($id) ? $id : null,
'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
'create_date' => isset($create_date) ? $create_date : '',
'player' => isset($player) && $player->isLoaded() ? $player : null,
'player_id' => isset($player_id) ? $player_id : null,
'account_players' => $account_players,
'type' => isset($type) ? $type : 0,
'where' => isset($where) ? $where : 0,
'log_type' => $log_type,
'log_where' => $log_where,
));
}
$twig->display('admin.changelog.html.twig', array(
'changelogs' => $changelogs,
));
?>
<script>
$(document).ready(function () {
$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
$('.tb_datatable').DataTable({
"order": [[0, "desc"]],
"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
});
});
</script>

25
system/pages/admin/clmd.php
View File

@@ -1,25 +0,0 @@
<?php
/**
* CHANGELOG viewer
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @author Lee
* @copyright 2020 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'MyAAC Changelog';
if (!file_exists(BASE . 'CHANGELOG.md')) {
echo 'File CHANGELOG.md doesn\'t exist.';
return;
}
$changelog = file_get_contents(BASE . 'CHANGELOG.md');
$Parsedown = new Parsedown();
$changelog = $Parsedown->text($changelog); # prints: <p>Hello <em>Parsedown</em>!</p>
echo '<div>' . $changelog . '</div>';

66
system/pages/admin/dashboard.php
View File

@@ -1,66 +0,0 @@
<?php
/**
* Dashboard
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Dashboard';
if (isset($_GET['clear_cache'])) {
if (clearCache()) {
success('Cache cleared.');
} else {
error('Error while clearing cache.');
}
}
if (isset($_GET['maintenance'])) {
$message = (!empty($_POST['message']) ? $_POST['message'] : null);
$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
$_status = ($_status ? '0' : '1');
if (empty($message)) {
error('Message cannot be empty.');
} else if (strlen($message) > 255) {
error('Message is too long. Maximum length allowed is 255 chars.');
} else {
$tmp = '';
if (fetchDatabaseConfig('site_closed', $tmp))
updateDatabaseConfig('site_closed', $_status);
else
registerDatabaseConfig('site_closed', $_status);
if (fetchDatabaseConfig('site_closed_message', $tmp))
updateDatabaseConfig('site_closed_message', $message);
else
registerDatabaseConfig('site_closed_message', $message);
}
}
$is_closed = getDatabaseConfig('site_closed') == '1';
$closed_message = 'Server is under maintenance, please visit later.';
$tmp = '';
if (fetchDatabaseConfig('site_closed_message', $tmp))
$closed_message = $tmp;
echo '<div class="row">';
$twig->display('admin.dashboard.html.twig', array());
echo '</div>';
$configAdminPanelModules = config('admin_panel_modules');
if (isset($configAdminPanelModules)) {
echo '<div class="row">';
$configAdminPanelModules = explode(',', $configAdminPanelModules);
$twig_loader->prependPath(__DIR__ . '/modules/templates');
foreach ($configAdminPanelModules as $box) {
$file = __DIR__ . '/modules/' . $box . '.php';
if (file_exists($file)) {
include($file);
}
}
echo '</div>';
}

13
system/pages/admin/data.php
View File

@@ -1,13 +0,0 @@
<?php
/**
* Load items.xml
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Server Data';
$twig->display('admin.data.html.twig');

0
system/pages/admin/index.html
View File

17
system/pages/admin/login.php
View File

@@ -1,17 +0,0 @@
<?php
/**
* Login
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Login';
$twig->display('admin.login.html.twig', array(
'logout' => ($action == 'logout' ? 'You have been logged out!' : ''),
'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
'errors' => isset($errors)? $errors : ''
));

82
system/pages/admin/logs.php
View File

@@ -1,82 +0,0 @@
<?php
/**
* Logs
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2020 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Logs Viewer';
$files = array();
$aac_path_logs = BASE . 'system/logs/';
foreach (scandir($aac_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
if ($f[0] === '.' || is_dir($aac_path_logs . $f) || $f === 'index.html') {
continue;
}
$files[] = array($f, $aac_path_logs);
}
$server_path_logs = $config['server_path'] . 'logs/';
if (!file_exists($server_path_logs)) {
$server_path_logs = $config['data_path'] . 'logs/';
}
if (file_exists($server_path_logs)) {
foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
if ($f[0] === '.') {
continue;
}
if (is_dir($server_path_logs . $f)) {
foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
if ($f2[0] === '.') {
continue;
}
$files[] = array($f . '/' . $f2, $server_path_logs);
}
continue;
}
$files[] = array($f, $server_path_logs);
}
}
foreach ($files as &$f) {
$f['mtime'] = filemtime($f[1] . $f[0]);
$f['name'] = $f[0];
}
unset($f);
define('EXIST_NONE', 0);
define('EXIST_SERVER_LOG', 1);
define('EXIST_AAC_LOG', 2);
$exist = EXIST_NONE;
$file = isset($_GET['file']) ? $_GET['file'] : null;
if (!empty($file)) {
if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
if (file_exists($aac_path_logs . $file)) {
$exist = EXIST_AAC_LOG;
} else if (file_exists($server_path_logs . $file)) {
$exist = EXIST_SERVER_LOG;
} else {
echo 'Specified file does not exist.';
}
if ($exist !== EXIST_NONE) {
$file_content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
}
} else {
echo 'Invalid file name specified.';
}
}
$twig->display('admin.logs.html.twig', array('files' => $files));

83
system/pages/admin/mailer.php
View File

@@ -1,83 +0,0 @@
<?php
/**
* Mailer
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Mailer';
if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
echo 'Access denied.';
return;
}
if (!config('mail_enabled')) {
echo 'Mail support disabled.';
return;
}
$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
$mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
$mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
if (isset($_POST['submit'])) {
if (empty($mail_subject)) {
warning('Please enter subject of the message.');
}
if (empty($mail_content)) {
warning('Please enter content of the message.');
}
}
if (!empty($mail_to)) {
if(!Validator::email($mail_to)) {
warning('E-Mail is invalid.');
}
else {
if (!empty($mail_content) && !empty($mail_subject)) {
if (_mail($mail_to, $mail_subject, $mail_content)) {
success("Successfully mailed <strong>$mail_to</strong>");
}
else {
error("Error while sending mail to <strong>$mail_to</strong>. More info can be found in system/logs/mailer-error.log");
}
}
}
}
if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
$success = 0;
$failed = 0;
$add = '';
if (config('account_mail_verify')) {
note('Note: Sending only to users with verified E-Mail.');
$add = ' AND `email_verified` = 1';
}
$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
foreach ($query as $email) {
if (_mail($email['email'], $mail_subject, $mail_content)) {
$success++;
}
else {
$failed++;
echo '<br />';
error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
}
}
success('Mailing finished.');
success("$success emails delivered.");
warning("$failed emails failed.");
}
$twig->display('admin.mailer.html.twig', [
'mail_to' => $mail_to,
'mail_subject' => $mail_subject,
'mail_content' => $mail_content
]);

139
system/pages/admin/menus.php
View File

@@ -1,139 +0,0 @@
<?php
/**
* Menus
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Menus';
if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
echo 'Access denied.';
return;
}
if (isset($_REQUEST['template'])) {
$template = $_REQUEST['template'];
if (isset($_REQUEST['menu'])) {
$post_menu = $_REQUEST['menu'];
$post_menu_link = $_REQUEST['menu_link'];
$post_menu_blank = $_REQUEST['menu_blank'];
$post_menu_color = $_REQUEST['menu_color'];
if (count($post_menu) != count($post_menu_link)) {
echo 'Menu count is not equal menu links. Something went wrong when sending form.';
return;
}
$db->query('DELETE FROM `' . TABLE_PREFIX . 'menu` WHERE `template` = ' . $db->quote($template));
foreach ($post_menu as $category => $menus) {
foreach ($menus as $i => $menu) {
if (empty($menu)) // don't save empty menu item
continue;
try {
$db->insert(TABLE_PREFIX . 'menu', array('template' => $template, 'name' => $menu, 'link' => $post_menu_link[$category][$i], 'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0, 'color' => str_replace('#', '', $post_menu_color[$category][$i]), 'category' => $category, 'ordering' => $i));
} catch (PDOException $error) {
warning('Error while adding menu item (' . $menu . '): ' . $error->getMessage());
}
}
}
$cache = Cache::getInstance();
if ($cache->enabled()) {
$cache->delete('template_menus');
}
success('Saved at ' . date('H:i'));
}
$file = TEMPLATES . $template . '/config.php';
if (file_exists($file)) {
require_once $file;
} else {
echo 'Cannot find template config.php file.';
return;
}
if (!isset($config['menu_categories'])) {
echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
return;
}
$title = 'Menus - ' . $template;
?>
<div align="center" class="text-center">
<p class="note">You are editing: <?= $template ?><br/><br/>
Hint: You can drag menu items.<br/>
Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
Not all templates support blank and colorful links.
</p>
</div>
<?php
$menus = array();
$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
foreach ($menus_db as $menu) {
$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
}
$last_id = array();
?>
<form method="post" id="menus-form" action="?p=menus">
<input type="hidden" name="template" value="<?php echo $template ?>"/>
<div class="row">
<?php foreach ($config['menu_categories'] as $id => $cat): ?>
<div class="col-md-12 col-lg-6">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0"><?php echo $cat['name'] ?> <i class="far fa-plus-square add-button" id="add-button-<?php echo $id ?>"></i></h5>
</div>
<div class="card-body">
<ul class="sortable" id="sortable-<?php echo $id ?>">
<?php
if (isset($menus[$id])) {
foreach ($menus[$id] as $i => $menu):
?>
<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo $menu['name'] ?>"/>
<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="#<?php echo $menu['color'] ?>"/>
<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
<?php $last_id[$id] = $i;
endforeach;
} ?>
</ul>
</div>
</div>
</div>
<?php endforeach ?>
</div>
<div class="row pb-2">
<div class="col-md-12">
<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
<?php
echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
?>
</div>
</div>
</form>
<?php
$twig->display('admin.menus.js.html.twig', array(
'menus' => $menus,
'last_id' => $last_id
));
?>
<?php
} else {
$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
foreach ($templates as $key => $value) {
$file = TEMPLATES . $value['template'] . '/config.php';
if (!file_exists($file)) {
unset($templates[$key]);
}
}
$twig->display('admin.menus.form.html.twig', array(
'templates' => $templates
));
}

6
system/pages/admin/modules/balance.php
View File

@@ -1,6 +0,0 @@
<?php
$balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
$twig->display('balance.html.twig', array(
'balance' => $balance
));

6
system/pages/admin/modules/coins.php
View File

@@ -1,6 +0,0 @@
<?php
$coins = ($db->hasColumn('accounts', 'coins') ? $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
$twig->display('coins.html.twig', array(
'coins' => $coins
));

6
system/pages/admin/modules/created.php
View File

@@ -1,6 +0,0 @@
<?php
$players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
$twig->display('created.html.twig', array(
'players' => $players,
));

0
system/pages/admin/modules/index.html
View File

5
system/pages/admin/modules/lastlogin.php
View File

@@ -1,5 +0,0 @@
<?php
$players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
$twig->display('lastlogin.html.twig', array(
'players' => $players,
));

6
system/pages/admin/modules/points.php
View File

@@ -1,6 +0,0 @@
<?php
$points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
$twig->display('points.html.twig', array(
'points' => $points,
));

46
system/pages/admin/modules/server_status.php
View File

@@ -1,46 +0,0 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
if (isset($status)) {
$error_icon = '<i class="fas fa-exclamation-circle text-danger"></i>'; ?>
<div class=" col-md-6 col-lg-6">
<div class="card card-info card-outline">
<div class="card-header border-bottom-0">
<span class="font-weight-bold m-0">Server Status</span> <span class="float-right small"><b>Last checked</b>: <?php echo(isset($status['lastCheck']) ? date("l, d.m.Y H:i:s", $status['lastCheck']) : $error_icon); ?></span>
</div>
<div class="card-body p-0 ">
<table class="table">
<tbody>
<tr>
<th width="30%">Server</th>
<td><?php echo(isset($status['server']) & isset($status['serverVersion']) ? $status['server'] . ' x ' . $status['serverVersion'] : $error_icon) ?></td>
</tr>
<tr>
<th>Client</th>
<td><?php echo(isset($status['clientVersion']) ? $status['clientVersion'] : $error_icon) ?></td>
</tr>
<tr>
<th>Map</th>
<td>
<?php if (isset($status['mapName']) & isset($status['mapAuthor']) & isset($status['mapWidth']) & isset($status['mapHeight'])) {
echo $status['mapName'] . ' by <b>' . $status['mapAuthor'] . '</b><br/>' . $status['mapWidth'] . ' x ' . $status['mapHeight'];
} else {
echo $error_icon;
} ?>
</td>
</tr>
<tr>
<th>Monsters</th>
<td><?php echo (isset($status['monsters']) ? $status['monsters'] : $error_icon); ?></td>
</tr>
<tr>
<th>MOTD:</th>
<td><?php echo(isset($status['motd']) ? $status['motd'] : $error_icon); ?></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<?php } ?>

12
system/pages/admin/modules/statistics.php
View File

@@ -1,12 +0,0 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
$count = $db->query('SELECT
(SELECT COUNT(*) FROM `accounts`) as total_accounts,
(SELECT COUNT(*) FROM `players`) as total_players,
(SELECT COUNT(*) FROM `guilds`) as total_guilds,
(SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
(SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
$twig->display('statistics.html.twig', array(
'count' => $count,
));

31
system/pages/admin/modules/templates/balance.html.twig
View File

@@ -1,31 +0,0 @@
{% if balance is iterable %}
<div class=" col-md-6 col-lg-3">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Top 10 - Balance</h5>
</div>
<div class="card-body p-0">
<table class="table table-striped table-condensed">
<thead>
<tr>
<th>#</th>
<th>Player</th>
<th>Balance</th>
</tr>
</thead>
<tbody>
{% set i = 0 %}
{% for result in balance %}
{% set i = i + 1 %}
<tr>
<th>{{ i }}</th>
<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
<td>{{ result.balance }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
{% endif %}

31
system/pages/admin/modules/templates/coins.html.twig
View File

@@ -1,31 +0,0 @@
{% if coins is iterable %}
<div class=" col-md-6 col-lg-3">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Top 10 - Most coins</h5>
</div>
<div class="card-body p-0">
<table class="table table-striped table-condensed">
<thead>
<tr>
<th>#</th>
<th>Account</th>
<th>Tibia coins</th>
</tr>
</thead>
<tbody>
{% set i = 0 %}
{% for result in coins %}
{% set i = i + 1 %}
<tr>
<th>{{ i }}</th>
<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
<td>{{ result.coins }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
{% endif %}

31
system/pages/admin/modules/templates/created.html.twig
View File

@@ -1,31 +0,0 @@
{% if players is iterable %}
<div class=" col-md-6 col-lg-3">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Last 10 created</h5>
</div>
<div class="card-body p-0">
<table class="table table-striped table-condensed">
<thead>
<tr>
<th>#</th>
<th>Account</th>
<th>Creation Date</th>
</tr>
</thead>
<tbody>
{% set i = 0 %}
{% for result in players %}
{% set i = i + 1 %}
<tr>
<th>{{ i }}</th>
<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
<td>{{ result.created|date("M d Y, H:i:s") }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
{% endif %}

0
system/pages/admin/modules/templates/index.html
View File

31
system/pages/admin/modules/templates/lastlogin.html.twig
View File

@@ -1,31 +0,0 @@
{% if players is iterable %}
<div class=" col-md-6 col-lg-3">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Last 10 logins</h5>
</div>
<div class="card-body p-0">
<table class="table table-striped table-condensed">
<thead>
<tr>
<th>#</th>
<th>Player</th>
<th>Login Date</th>
</tr>
</thead>
<tbody>
{% set i = 0 %}
{% for result in players %}
{% set i = i + 1 %}
<tr>
<th>{{ i }}</th>
<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
{% endif %}

31
system/pages/admin/modules/templates/points.html.twig
View File

@@ -1,31 +0,0 @@
{% if points is iterable %}
<div class=" col-md-6 col-lg-3">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Top 10 - Most premium points</h5>
</div>
<div class="card-body p-0">
<table class="table table-striped table-condensed">
<thead>
<tr>
<th>#</th>
<th>Account</th>
<th>Premium points</th>
</tr>
</thead>
<tbody>
{% set i = 0 %}
{% for result in points %}
{% set i = i + 1 %}
<tr>
<th>{{ i }}</th>
<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
<td>{{ result.premium_points }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
{% endif %}

45
system/pages/admin/modules/templates/statistics.html.twig
View File

@@ -1,45 +0,0 @@
<div class="col">
<div class="info-box">
<span class="info-box-icon bg-info elevation-1"><i class="fas fa-user-plus"></i></span>
<div class="info-box-content">
<span class="info-box-text">Accounts:</span>
<span class="info-box-number">{{ count.total_accounts }}</span>
</div>
</div>
</div>
<div class="col">
<div class="info-box">
<span class="info-box-icon bg-red elevation-1"><i class="fas fa-user-plus"></i></span>
<div class="info-box-content">
<span class="info-box-text">Players:</span>
<span class="info-box-number">{{ count.total_players }}</span>
</div>
</div>
</div>
<div class="col">
<div class="info-box">
<span class="info-box-icon bg-teal elevation-1"><i class="fas fa-pastafarianism"></i></span>
<div class="info-box-content">
<span class="info-box-text">Monsters:</span>
<span class="info-box-number">{{ count.total_monsters }}</span>
</div>
</div>
</div>
<div class="col">
<div class="info-box">
<span class="info-box-icon bg-green elevation-1"><i class="fas fa-chart-pie"></i></span>
<div class="info-box-content">
<span class="info-box-text">Guilds:</span>
<span class="info-box-number">{{ count.total_guilds }}</span>
</div>
</div>
</div>
<div class="col">
<div class="info-box">
<span class="info-box-icon bg-yellow elevation-1"><i class="fas fa-home"></i></span>
<div class="info-box-content">
<span class="info-box-text">Houses:</span>
<span class="info-box-number">{{ count.total_houses }}</span>
</div>
</div>
</div>

39
system/pages/admin/modules/templates/web_status.twig
View File

@@ -1,39 +0,0 @@
<div class="col-12 col-md-6">
<div class="card card-warning card-outline">
<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
<div class="card-header">
<span class="m-0">Website Status<span class="float-right">
<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
</div></span>
</span>
</div>
<div class="card-body p-2">
<div class="col-sm-12">
<label for="message" class="col-form-label">Maintenance Message</label>
<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
<small>(only visible if closed)</small>
</div>
</div>
<div class="card-footer">
<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
</a>
</div>
</form>
</div>
</div>
<script>
$(function() {
$("#status").change(function() {
$statusLabel = $("#status-label");
$statusLabel.html("Closed");
if ($(this).is(':checked')) {
$statusLabel.html("Open");
}
});
});
</script>

10
system/pages/admin/modules/web_status.php
View File

@@ -1,10 +0,0 @@
<?php
defined('MYAAC') or die('Direct access not allowed!');
$twig->display('web_status.twig', array(
'is_closed' => $is_closed,
'closed_message' => $closed_message,
'status' => $status,
'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
));
?>

155
system/pages/admin/news.php
View File

@@ -1,155 +0,0 @@
<?php
/**
* Pages
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
require_once LIBS . 'forum.php';
require_once LIBS . 'news.php';
$title = 'News Panel';
$use_datatable = true;
if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
echo 'Access denied.';
return;
}
header('X-XSS-Protection:0');
// some constants, used mainly by database (cannot by modified without schema changes)
define('TITLE_LIMIT', 100);
define('BODY_LIMIT', 65535); // maximum news body length
define('ARTICLE_TEXT_LIMIT', 300);
define('ARTICLE_IMAGE_LIMIT', 100);
$name = $p_title = '';
if(!empty($action))
{
$id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
$p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
$comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null;
$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
$category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null;
$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
$article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null;
$article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null;
$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
$errors = array();
if($action == 'add') {
if(isset($forum_section) && $forum_section != '-1') {
$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
}
if(News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
$p_title = $body = $comments = $article_text = $article_image = '';
$type = $category = $player_id = 0;
success("Added successful.");
}
}
else if($action == 'delete') {
News::delete($id, $errors);
success("Deleted successful.");
}
else if($action == 'edit')
{
if(isset($id) && !isset($p_title)) {
$news = News::get($id);
$p_title = $news['title'];
$body = $news['body'];
$comments = $news['comments'];
$type = $news['type'];
$category = $news['category'];
$player_id = $news['player_id'];
$article_text = $news['article_text'];
$article_image = $news['article_image'];
}
else {
if(News::update($id, $p_title, $body, $type, $category, $player_id, $forum_section, $article_text, $article_image, $errors)) {
// update forum thread if exists
if(isset($forum_section) && Validator::number($forum_section)) {
$db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $player_id.", `post_text` = ".$db->quote($body).", `post_topic` = ".$db->quote($p_title).", `edit_date` = " . time() . " WHERE `id` = " . $db->quote($forum_section));
}
$action = $p_title = $body = $comments = $article_text = $article_image = '';
$type = $category = $player_id = 0;
success("Updated successful.");
}
}
}
else if($action == 'hide') {
News::toggleHidden($id, $errors, $status);
success(($status == 1 ? 'Show' : 'Hide') . " successful.");
}
if(!empty($errors))
error(implode(", ", $errors));
}
$categories = array();
foreach($db->query('SELECT `id`, `name`, `icon_id` FROM `' . TABLE_PREFIX . 'news_categories` WHERE `hidden` != 1') as $cat)
{
$categories[$cat['id']] = array(
'name' => $cat['name'],
'icon_id' => $cat['icon_id']
);
}
if($action == 'edit' || $action == 'new') {
if($action == 'edit') {
$player = new OTS_Player();
$player->load($player_id);
}
$account_players = $account_logged->getPlayersList();
$account_players->orderBy('group_id', POT::ORDER_DESC);
$twig->display('admin.news.form.html.twig', array(
'action' => $action,
'news_link' => getLink(PAGE),
'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
'news_id' => isset($id) ? $id : null,
'title' => isset($p_title) ? $p_title : '',
'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
'type' => isset($type) ? $type : null,
'player' => isset($player) && $player->isLoaded() ? $player : null,
'player_id' => isset($player_id) ? $player_id : null,
'account_players' => $account_players,
'category' => isset($category) ? $category : 0,
'categories' => $categories,
'forum_boards' => getForumBoards(),
'forum_section' => isset($forum_section) ? $forum_section : null,
'comments' => isset($comments) ? $comments : null,
'article_text' => isset($article_text) ? $article_text : null,
'article_image' => isset($article_image) ? $article_image : null
));
}
$query = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news'));
$newses = array();
foreach ($query as $_news) {
$_player = new OTS_Player();
$_player->load($_news['player_id']);
$newses[$_news['type']][] = array(
'id' => $_news['id'],
'hidden' => $_news['hidden'],
'archive_link' => getLink('news') . '/archive/' . $_news['id'],
'title' => $_news['title'],
'date' => $_news['date'],
'player_name' => isset($_player) && $_player->isLoaded() ? $_player->getName() : '',
'player_link' => isset($_player) && $_player->isLoaded() ? getPlayerLink($_player->getName(), false) : '',
);
}
$twig->display('admin.news.html.twig', array(
'newses' => $newses
));

52
system/pages/admin/notepad.php
View File

@@ -1,52 +0,0 @@
<?php
/**
* Notepad
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Notepad';
$notepad_content = Notepad::get($account_logged->getId());
if (isset($_POST['content'])) {
$_content = html_entity_decode(stripslashes($_POST['content']));
if (!$notepad_content)
Notepad::create($account_logged->getId(), $_content);
else
Notepad::update($account_logged->getId(), $_content);
echo '<div class="success" style="text-align: center;">Saved at ' . date('H:i') . '</div>';
} else {
if ($notepad_content !== false)
$_content = $notepad_content;
}
$twig->display('admin.notepad.html.twig', array('content' => isset($_content) ? $_content : null));
class Notepad
{
static public function get($account_id)
{
global $db;
$query = $db->select(TABLE_PREFIX . 'notepad', array('account_id' => $account_id));
if ($query !== false)
return $query['content'];
return false;
}
static public function create($account_id, $content = '')
{
global $db;
$db->insert(TABLE_PREFIX . 'notepad', array('account_id' => $account_id, 'content' => $content));
}
static public function update($account_id, $content = '')
{
global $db;
$db->update(TABLE_PREFIX . 'notepad', array('content' => $content), array('account_id' => $account_id));
}
}

200
system/pages/admin/pages.php
View File

@@ -1,200 +0,0 @@
<?php
/**
* Pages
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Pages';
if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
echo 'Access denied.';
return;
}
header('X-XSS-Protection:0');
$name = $p_title = '';
$groups = new OTS_Groups_List();
$php = false;
$enable_tinymce = true;
$access = 0;
if (!empty($action)) {
if ($action == 'delete' || $action == 'edit' || $action == 'hide')
$id = $_REQUEST['id'];
if (isset($_REQUEST['name']))
$name = $_REQUEST['name'];
if (isset($_REQUEST['title']))
$p_title = $_REQUEST['title'];
$php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1;
$enable_tinymce = isset($_REQUEST['enable_tinymce']) && $_REQUEST['enable_tinymce'] == 1;
if ($php)
$body = $_REQUEST['body'];
else if (isset($_REQUEST['body'])) {
//$body = $_REQUEST['body'];
$body = html_entity_decode(stripslashes($_REQUEST['body']));
}
if (isset($_REQUEST['access']))
$access = $_REQUEST['access'];
$errors = array();
$player_id = 1;
if ($action == 'add') {
if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
$name = $p_title = $body = '';
$player_id = $access = 0;
$php = false;
$enable_tinymce = true;
}
} else if ($action == 'delete') {
if (Pages::delete($id, $errors))
success('Page with id ' . $id . ' has been deleted');
} else if ($action == 'edit') {
if (isset($id) && !isset($_REQUEST['name'])) {
$_page = Pages::get($id);
$name = $_page['name'];
$p_title = $_page['title'];
$body = $_page['body'];
$php = $_page['php'] == '1';
$enable_tinymce = $_page['enable_tinymce'] == '1';
$access = $_page['access'];
} else {
Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
$action = $name = $p_title = $body = '';
$player_id = 1;
$access = 0;
$php = false;
$enable_tinymce = true;
}
} else if ($action == 'hide') {
Pages::toggleHidden($id, $errors);
}
if (!empty($errors))
error(implode(", ", $errors));
}
$query =
$db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'pages'));
$pages = array();
foreach ($query as $_page) {
$pages[] = array(
'link' => getFullLink($_page['name'], $_page['name'], true),
'title' => substr($_page['title'], 0, 20),
'php' => $_page['php'] == '1',
'id' => $_page['id'],
'hidden' => $_page['hidden']
);
}
$twig->display('admin.pages.form.html.twig', array(
'action' => $action,
'id' => $action == 'edit' ? $id : null,
'name' => $name,
'title' => $p_title,
'php' => $php,
'enable_tinymce' => $enable_tinymce,
'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
'groups' => $groups->getGroups(),
'access' => $access
));
$twig->display('admin.pages.html.twig', array(
'pages' => $pages
));
class Pages
{
static public function get($id)
{
global $db;
$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
if ($query !== false)
return $query;
return false;
}
static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
{
global $db;
if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
if ($query === false)
$db->insert(TABLE_PREFIX . 'pages',
array(
'name' => $name,
'title' => $title,
'body' => $body,
'player_id' => $player_id,
'php' => $php ? '1' : '0',
'enable_tinymce' => $enable_tinymce ? '1' : '0',
'access' => $access
)
);
else
$errors[] = 'Page with this link already exists.';
} else
$errors[] = 'Please fill all inputs.';
return !count($errors);
}
static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
{
global $db;
$db->update(TABLE_PREFIX . 'pages',
array(
'name' => $name,
'title' => $title,
'body' => $body,
'player_id' => $player_id,
'php' => $php ? '1' : '0',
'enable_tinymce' => $enable_tinymce ? '1' : '0',
'access' => $access
),
array('id' => $id));
}
static public function delete($id, &$errors)
{
global $db;
if (isset($id)) {
if ($db->select(TABLE_PREFIX . 'pages', array('id' => $id)) !== false)
$db->delete(TABLE_PREFIX . 'pages', array('id' => $id));
else
$errors[] = 'Page with id ' . $id . ' does not exists.';
} else
$errors[] = 'id not set';
return !count($errors);
}
static public function toggleHidden($id, &$errors)
{
global $db;
if (isset($id)) {
$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
if ($query !== false)
$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
else
$errors[] = 'Page with id ' . $id . ' does not exists.';
} else
$errors[] = 'id not set';
return !count($errors);
}
}
?>

19
system/pages/admin/phpinfo.php
View File

@@ -1,19 +0,0 @@
<?php
/**
* PHP Info
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'PHP Info';
if (!function_exists('phpinfo')) { ?>
<b>phpinfo()</b> function is disabled in your webserver config.<br/>
You can enable it by editing <b>php.ini</b> file.
<?php return;
}
?>
<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"></iframe>

901
system/pages/admin/players.php
View File

@@ -1,901 +0,0 @@
<?php
/**
* Players editor
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Player editor';
$player_base = BASE_URL . 'admin/?p=players';
$use_datatable = true;
require_once LIBS . 'forum.php';
$skills = array(
POT::SKILL_FIST => array('Fist fighting', 'fist'),
POT::SKILL_CLUB => array('Club fighting', 'club'),
POT::SKILL_SWORD => array('Sword fighting', 'sword'),
POT::SKILL_AXE => array('Axe fighting', 'axe'),
POT::SKILL_DIST => array('Distance fighting', 'dist'),
POT::SKILL_SHIELD => array('Shielding', 'shield'),
POT::SKILL_FISH => array('Fishing', 'fish')
);
$hasBlessingsColumn = $db->hasColumn('players', 'blessings');
$hasBlessingColumn = $db->hasColumn('players', 'blessings1');
$hasLookAddons = $db->hasColumn('players', 'lookaddons');
$skull_type = array("None", "Yellow", "Green", "White", "Red", "Black", "Orange");
?>
<link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
<script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
<?php
$id = 0;
$search_player = '';
if (isset($_REQUEST['id']))
$id = (int)$_REQUEST['id'];
else if (isset($_REQUEST['search'])) {
$search_player = $_REQUEST['search'];
if (strlen($search_player) < 3 && !Validator::number($search_player)) {
echo_error('Player name is too short.');
} else {
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($search_player));
if ($query->rowCount() == 1) {
$query = $query->fetch();
$id = (int)$query['id'];
} else {
$query = $db->query('SELECT `id`, `name` FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $search_player . '%'));
if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
$str_construct = 'Do you mean?<ul>';
foreach ($query as $row)
$str_construct .= '<li><a href="' . $player_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
$str_construct .= '</ul>';
echo_error($str_construct);
} else if ($query->rowCount() > 10)
echo_error('Specified name resulted with too many players.');
else
echo_error('No entries found.');
}
}
}
?>
<div class="row">
<?php
$groups = new OTS_Groups_List();
if ($id > 0) {
$player = new OTS_Player();
$player->load($id);
if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save
$error = false;
if ($player->isOnline())
echo_error('This player is actually online. You can\'t edit online players.');
$name = $_POST['name'];
$_error = '';
if (!Validator::characterName($name))
echo_error(Validator::getLastError());
//if(!Validator::newCharacterName($name)
// echo_error(Validator::getLastError());
$player_db = new OTS_Player();
$player_db->find($name);
if ($player_db->isLoaded() && $player->getName() != $name)
echo_error('This name is already used. Please choose another name!');
$account_id = $_POST['account_id'];
verify_number($account_id, 'Account id', 11);
$account_db = new OTS_Account();
$account_db->load($account_id);
if (!$account_db->isLoaded())
echo_error('Account with this id doesn\'t exist.');
$group = $_POST['group'];
if ($groups->getGroup($group) == false)
echo_error('Group with this id doesn\'t exist');
$level = $_POST['level'];
verify_number($level, 'Level', 11);
$experience = $_POST['experience'];
verify_number($experience, 'Experience', 20);
$vocation = $_POST['vocation'];
verify_number($vocation, 'Vocation id', 11);
if (!isset($config['vocations'][$vocation])) {
echo_error("Vocation with this id doesn't exist.");
}
// health
$health = $_POST['health'];
verify_number($health, 'Health', 11);
$health_max = $_POST['health_max'];
verify_number($health_max, 'Health max', 11);
// mana
$magic_level = $_POST['magic_level'];
verify_number($magic_level, 'Magic_level', 11);
$mana = $_POST['mana'];
verify_number($mana, 'Mana', 11);
$mana_max = $_POST['mana_max'];
verify_number($mana_max, 'Mana max', 11);
$mana_spent = $_POST['mana_spent'];
verify_number($mana_spent, 'Mana spent', 11);
// look
$look_body = $_POST['look_body'];
verify_number($look_body, 'Look body', 11);
$look_feet = $_POST['look_feet'];
verify_number($look_feet, 'Look feet', 11);
$look_head = $_POST['look_head'];
verify_number($look_head, 'Look head', 11);
$look_legs = $_POST['look_legs'];
verify_number($look_legs, 'Look legs', 11);
$look_type = $_POST['look_type'];
verify_number($look_type, 'Look type', 11);
if ($hasLookAddons) {
$look_addons = $_POST['look_addons'];
verify_number($look_addons, 'Look addons', 11);
}
// pos
$pos_x = $_POST['pos_x'];
verify_number($pos_x, 'Position x', 11);
$pos_y = $_POST['pos_y'];
verify_number($pos_y, 'Position y', 11);
$pos_z = $_POST['pos_z'];
verify_number($pos_z, 'Position z', 11);
$soul = $_POST['soul'];
verify_number($soul, 'Soul', 10);
$town = $_POST['town'];
verify_number($town, 'Town', 11);
$capacity = $_POST['capacity'];
verify_number($capacity, 'Capacity', 11);
$sex = $_POST['sex'];
verify_number($sex, 'Sex', 1);
$lastlogin = strtotime($_POST['lastlogin']);
verify_number($lastlogin, 'Last login', 20);
$lastlogout = strtotime($_POST['lastlogout']);
verify_number($lastlogout, 'Last logout', 20);
$skull = $_POST['skull'];
verify_number($skull, 'Skull', 1);
$skull_time = $_POST['skull_time'];
verify_number($skull_time, 'Skull time', 11);
if ($db->hasColumn('players', 'loss_experience')) {
$loss_experience = $_POST['loss_experience'];
verify_number($loss_experience, 'Loss experience', 11);
$loss_mana = $_POST['loss_mana'];
verify_number($loss_mana, 'Loss mana', 11);
$loss_skills = $_POST['loss_skills'];
verify_number($loss_skills, 'Loss skills', 11);
$loss_containers = $_POST['loss_containers'];
verify_number($loss_containers, 'Loss loss_containers', 11);
$loss_items = $_POST['loss_items'];
verify_number($loss_items, 'Loss items', 11);
}
if ($db->hasColumn('players', 'offlinetraining_time')) {
$offlinetraining = $_POST['offlinetraining'];
verify_number($offlinetraining, 'Offline Training time', 11);
}
if ($hasBlessingsColumn) {
$blessings = $_POST['blessings'];
verify_number($blessings, 'Blessings', 2);
}
$balance = $_POST['balance'];
verify_number($balance, 'Balance', 20);
if ($db->hasColumn('players', 'stamina')) {
$stamina = $_POST['stamina'];
verify_number($stamina, 'Stamina', 20);
}
$deleted = (isset($_POST['deleted']) && $_POST['deleted'] == 'true');
$hidden = (isset($_POST['hidden']) && $_POST['hidden'] == 'true');
$created = strtotime($_POST['created']);
verify_number($created, 'Created', 11);
$comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'], 0, 2000))) : NULL;
foreach ($_POST['skills'] as $skill => $value)
verify_number($value, $skills[$skill][0], 10);
foreach ($_POST['skills_tries'] as $skill => $value)
verify_number($value, $skills[$skill][0] . ' tries', 10);
if ($hasBlessingColumn) {
$bless_count = $_POST['blesscount'];
for ($i = 1; $i <= $bless_count; $i++) {
$a = 'blessing' . $i;
${'blessing' . $i} = (isset($_POST[$a]) && $_POST[$a] == 'true');
}
}
if (!$error) {
$player->setName($name);
$player->setAccount($account_db);
$player->setGroup($groups->getGroup($group));
$player->setLevel($level);
$player->setExperience($experience);
$player->setVocation($vocation);
$player->setHealth($health);
$player->setHealthMax($health_max);
$player->setMagLevel($magic_level);
$player->setMana($mana);
$player->setManaMax($mana_max);
$player->setManaSpent($mana_spent);
$player->setLookBody($look_body);
$player->setLookFeet($look_feet);
$player->setLookHead($look_head);
$player->setLookLegs($look_legs);
$player->setLookType($look_type);
if ($hasLookAddons)
$player->setLookAddons($look_addons);
if ($db->hasColumn('players', 'offlinetraining_time'))
$player->setCustomField('offlinetraining_time', $offlinetraining);
$player->setPosX($pos_x);
$player->setPosY($pos_y);
$player->setPosZ($pos_z);
$player->setSoul($soul);
$player->setTownId($town);
$player->setCap($capacity);
$player->setSex($sex);
$player->setLastLogin($lastlogin);
$player->setLastLogout($lastlogout);
//$player->setLastIP(ip2long($lastip));
$player->setSkull($skull);
$player->setSkullTime($skull_time);
if ($db->hasColumn('players', 'loss_experience')) {
$player->setLossExperience($loss_experience);
$player->setLossMana($loss_mana);
$player->setLossSkills($loss_skills);
$player->setLossContainers($loss_containers);
$player->setLossItems($loss_items);
}
if ($db->hasColumn('players', 'blessings'))
$player->setBlessings($blessings);
if ($hasBlessingColumn) {
for ($i = 1; $i <= $bless_count; $i++) {
$a = 'blessing' . $i;
$player->setCustomField('blessings' . $i, ${'blessing' . $i} ? '1' : '0');
}
}
$player->setBalance($balance);
if ($db->hasColumn('players', 'stamina'))
$player->setStamina($stamina);
if ($db->hasColumn('players', 'deletion'))
$player->setCustomField('deletion', $deleted ? '1' : '0');
else
$player->setCustomField('deleted', $deleted ? '1' : '0');
$player->setCustomField('hidden', $hidden ? '1' : '0');
$player->setCustomField('created', $created);
if (isset($comment))
$player->setCustomField('comment', $comment);
foreach ($_POST['skills'] as $skill => $value) {
$player->setSkill($skill, $value);
}
foreach ($_POST['skills_tries'] as $skill => $value) {
$player->setSkillTries($skill, $value);
}
$player->save();
echo_success('Player saved at: ' . date('G:i'));
$player->load($id);
}
}
} else if ($id == 0) {
$players_db = $db->query('SELECT `id`, `name`, `level` FROM `players` ORDER BY `id` asc');
?>
<div class="col-12 col-sm-12 col-lg-10">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Players</h5>
</div>
<div class="card-body">
<table class="player_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th>ID</th>
<th>Name</th>
<th>Level</th>
<th style="width: 40px">Edit</th>
</tr>
</thead>
<tbody>
<?php foreach ($players_db as $player_db): ?>
<tr>
<th><?php echo $player_db['id']; ?></th>
<td><?php echo $player_db['name']; ?></a></td>
<td><?php echo $player_db['level']; ?></a></td>
<td><a href="?p=players&id=<?php echo $player_db['id']; ?>" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
</div>
<?php } ?>
<?php
if (isset($player) && $player->isLoaded()) {
$account = $player->getAccount();
?>
<div class="col-12 col-sm-12 col-lg-10">
<div class="card card-primary card-outline card-outline-tabs">
<div class="card-header p-0 border-bottom-0">
<ul class="nav nav-tabs" id="tabs-tab" role="tablist">
<li class="nav-item">
<a class="nav-link active" id="tabs-home-tab" data-toggle="pill" href="#tabs-home">Player</a>
</li>
<li class="nav-item">
<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-stats">Stats</a>
</li>
<li class="nav-item">
<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-skills">Skills</a>
</li>
<li class="nav-item">
<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-pos">Pos/Look</a>
</li>
<li class="nav-item">
<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-misc">Misc</a>
</li>
<li class="nav-item">
<a class="nav-link" id="tabs-posts-tab" data-toggle="pill" href="#tabs-posts">Posts</a>
</li>
<li class="nav-item">
<a class="nav-link" id="tabs-chars-tab" data-toggle="pill" href="#tabs-chars">Characters</a>
</li>
</ul>
</div>
<form action="<?php echo $player_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
<div class="card-body">
<div class="tab-content" id="tabs-tabContent">
<div class="tab-pane fade active show" id="tabs-home">
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="name" class="control-label">Name</label>
<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $player->getName(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="account_id">Account id:</label>
<input type="text" class="form-control" id="account_id" name="account_id" autocomplete="off" size="8" maxlength="11" value="<?php echo $account->getId(); ?>"/>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="group">Group:</label>
<select name="group" id="group" class="form-control custom-select">
<?php foreach ($groups->getGroups() as $id => $group): ?>
<option value="<?php echo $id; ?>" <?php echo($player->getGroup()->getId() == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="vocation">Vocation</label>
<select name="vocation" id="vocation" class="form-control custom-select">
<?php
foreach ($config['vocations'] as $id => $name) {
echo '<option value=' . $id . ($id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
}
?>
</select>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="sex">Sex:</label>
<select name="sex" id="sex" class="form-control custom-select">>
<?php foreach ($config['genders'] as $id => $sex): ?>
<option value="<?php echo $id; ?>" <?php echo($player->getSex() == $id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
<?php endforeach; ?>
</select>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="town">Town:</label>
<select name="town" id="town" class="form-control">
<?php
$configTowns = config('towns');
if (!isset($configTowns[$player->getTownId()])) {
$configTowns[$player->getTownId()] = 'Unknown Town';
}
foreach ($configTowns as $id => $town): ?>
<option value="<?php echo $id; ?>" <?php echo($player->getTownId() == $id ? 'selected' : ''); ?>><?php echo $town; ?></option>
<?php endforeach; ?>
</select>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="skull">Skull:</label>
<select name="skull" id="skull" class="form-control custom-select">
<?php
foreach ($skull_type as $id => $s_name) {
echo '<option value=' . $id . ($id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
}
?>
</select>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="skull_time">Skull time:</label>
<input type="text" class="form-control" id="skull_time" name="skull_time"
autocomplete="off" maxlength="11"
value="<?php echo $player->getSkullTime(); ?>"/>
</div>
</div>
<div class="form-group row">
<?php if ($hasBlessingColumn):
$bless_count = $player->countBlessings();
$bless = $player->checkBlessings($bless_count); ?>
<input type="hidden" name="blesscount" value="<?php echo $bless_count; ?>"/>
<div class="col-12 col-sm-12 col-lg-6">
<label>Blessings:</label><br/>
<?php for ($i = 1; $i <= $bless_count; $i++): ?>
<label><input class="" type="checkbox" name="blessing<?php echo $i; ?>" id="blessing<?php echo $i; ?>" value="true"<?php echo(($bless[$i - 1] == 1) ? ' checked' : '') ?>/><?php echo $i; ?></label>
<?php endfor ?>
</div>
<?php endif; ?>
<?php if ($hasBlessingsColumn): ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="blessings">Blessings:</label>
<input type="text" class="form-control" id="blessings" name="blessings" autocomplete="off" maxlength="11" value="<?php echo $player->getBlessings(); ?>"/>
</div>
<?php endif; ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="balance" class="control-label">Bank Balance:</label>
<input type="text" class="form-control" id="balance" name="balance" autocomplete="off" maxlength="20" value="<?php echo $player->getBalance(); ?>"/>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<div class="custom-control custom-switch custom-switch-on-danger">
<input type="checkbox" class="custom-control-input" name="deleted" id="deleted" value="true" <?php echo($player->getCustomField($db->hasColumn('players', 'deletion') ? 'deletion' : 'deleted') == '1' ? ' checked' : ''); ?>>
<label class="custom-control-label" for="deleted">Deleted</label>
</div>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<div class="custom-control custom-switch custom-switch-on-success">
<input type="checkbox" class="custom-control-input" name="hidden" id="hidden" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
<label class="custom-control-label" for="hidden">Hidden</label>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="tabs-stats">
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="level" class="control-label">Level:</label>
<input type="text" class="form-control" id="level" name="level" autocomplete="off" value="<?php echo $player->getLevel(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="experience" class="control-label">Experience:</label>
<input type="text" class="form-control" id="experience" name="experience" autocomplete="off" value="<?php echo $player->getExperience(); ?>"/>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="magic_level" class="control-label">Magic level:</label>
<input type="text" class="form-control" id="magic_level" name="magic_level" autocomplete="off" size="8" maxlength="11" value="<?php echo $player->getMagLevel(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="mana_spent" class="control-label">Mana spent:</label>
<input type="text" class="form-control" id="mana_spent" name="mana_spent" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getManaSpent(); ?>"/>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="health" class="control-label">Health:</label>
<input type="text" class="form-control" id="health" name="health" autocomplete="off" size="5" maxlength="11" value="<?php echo $player->getHealth(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="health_max" class="control-label">Health max:</label>
<input type="text" class="form-control" id="health_max" name="health_max" autocomplete="off" size="5" maxlength="11" value="<?php echo $player->getHealthMax(); ?>"/>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="mana" class="control-label">Mana:</label>
<input type="text" class="form-control" id="mana" name="mana" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getMana(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="mana_max" class="control-label">Mana max:</label>
<input type="text" class="form-control" id="mana_max" name="mana_max" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getManaMax(); ?>"/>
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="capacity" class="control-label">Capacity:</label>
<input type="text" class="form-control" id="capacity" name="capacity" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getCap(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="soul" class="control-label">Soul:</label>
<input type="text" class="form-control" id="soul" name="soul" autocomplete="off" size="3" maxlength="10" value="<?php echo $player->getSoul(); ?>"/>
</div>
<?php if ($db->hasColumn('players', 'stamina')): ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="stamina" class="control-label">Stamina:</label>
<input type="text" class="form-control" id="stamina" name="stamina" autocomplete="off" maxlength="20" value="<?php echo $player->getStamina(); ?>"/>
</div>
<?php endif; ?>
<?php if ($db->hasColumn('players', 'offlinetraining_time')): ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="offlinetraining" class="control-label">Offline Training
Time:</label>
<input type="text" class="form-control" id="offlinetraining" name="offlinetraining" autocomplete="off" maxlength="11" value="<?php echo $player->getCustomField('offlinetraining_time'); ?>"/>
</div>
<?php endif; ?>
</div>
</div>
<div class="tab-pane fade" id="tabs-skills">
<?php
foreach ($skills as $id => $info) {
?>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<?php echo '<label for="skills[' . $id . ']" class="control-label">' . $info[0] . '</label>
<input type="text" class="form-control" id="skills[' . $id . ']" name="skills[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($id) . '"/>'; ?>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<?php echo '<label for="skills_tries[' . $id . ']" class="control-label">' . $info[0] . ' tries</label>
<input type="text" class="form-control" id="skills_tries[' . $id . ']" name="skills_tries[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($id) . '"/>'; ?>
</div>
</div>
<?php } ?>
</div>
<div class="tab-pane fade" id="tabs-pos">
<?php $outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
<div id="imgchar" style="width:64px;height:64px;position:absolute; top:30px; right:30px">
<img id="player_outfit" style="margin-left:0;margin-top:0;width:64px;height:64px;" src="<?php echo $outfit; ?>" alt="player outfit"/>
</div>
<td>Position:</td>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-4">
<label for="pos_x" class="control-label">X:</label>
<input type="text" class="form-control" id="pos_x" name="pos_x" autocomplete="off" maxlength="11" value="<?php echo $player->getPosX(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-4">
<label for="pos_y" class="control-label">Y:</label>
<input type="text" class="form-control" id="pos_y" name="pos_y" autocomplete="off" maxlength="11" value="<?php echo $player->getPosY(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-4">
<label for="pos_z" class="control-label">Z:</label>
<input type="text" class="form-control" id="pos_z" name="pos_z" autocomplete="off" maxlength="11" value="<?php echo $player->getPosZ(); ?>"/>
</div>
</div>
<td>Look:</td>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-3">
<label for="look_head" class="control-label">Head: <span id="look_head_val" class="font-weight-bold text-primary"></span></label>
<input class="custom-range" type="range" min="0" max="132" id="look_head" name="look_head" value="<?php echo $player->getLookHead(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-3">
<label for="look_body" class="control-label">Body: <span id="look_body_val" class="font-weight-bold text-primary"></span></label>
<input type="range" min="0" max="132"
value="<?php echo $player->getLookBody(); ?>"
class="custom-range" id="look_body" name="look_body">
</div>
<div class="col-12 col-sm-12 col-lg-3">
<label for="look_legs" class="control-label">Legs: <span id="look_legs_val" class="font-weight-bold text-primary"></span></label>
<input type="range" min="0" max="132"
value="<?php echo $player->getLookLegs(); ?>"
class="custom-range" id="look_legs" name="look_legs">
</div>
<div class="col-12 col-sm-12 col-lg-3">
<label for="look_feet" class="control-label">Feet: <span id="look_feet_val" class="font-weight-bold text-primary"></span></label>
<input type="range" min="0" max="132"
value="<?php echo $player->getLookBody(); ?>"
class="custom-range" id="look_feet" name="look_feet">
</div>
</div>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="look_type" class="control-label">Type:</label>
<?php
$outfitlist = null;
$outfitlist = Outfits_loadfromXML();
if ($outfitlist) { ?>
<select name="look_type" id="look_type" class="form-control custom-select">
<?php
foreach ($outfitlist as $id => $outfit) {
if ($outfit['enabled'] == 'yes') ;
echo '<option value=' . $outfit['id'] . ($outfit['id'] == $player->getLookType() ? ' selected' : '') . '>' . $outfit['name'] . ' - ' . ($outfit['type'] == 1 ? 'Male' : 'Female') . '</option>';
}
?>
</select>
<?php } else { ?>
<input type="text" class="form-control" id="look_type" name="look_type" autocomplete="off" maxlength="11" value="<?php echo $player->getLookType(); ?>"/>
<?php } ?>
</div>
<?php if ($hasLookAddons): ?>
<div class="col-12 col-sm-12 col-lg-6">
<label for="look_addons" class="control-label">Addons:</label>
<select name="look_addons" id="look_addons" class="form-control custom-select">
<?php
$addon_type = array(0, 1, 2, 3);
foreach ($addon_type as $id => $s_name) {
echo '<option value=' . $s_name . ($id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
}
?>
</select>
</div>
<?php endif; ?>
</div>
</div>
<div class="tab-pane fade" id="tabs-misc">
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="created" class="control-label">Created:</label>
<input type="text" class="form-control" id="created" name="created"
autocomplete="off"
maxlength="10"
value="<?php echo date("M d Y, H:i:s", $player->getCustomField('created')); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="lastlogin" class="control-label">Last login:</label>
<input type="text" class="form-control" id="lastlogin" name="lastlogin" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $player->getLastLogin()); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="lastlogout" class="control-label">Last logout:</label>
<input type="text" class="form-control" id="lastlogout" name="lastlogout" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $player->getLastLogout()); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="lastip" class="control-label">Last IP:</label>
<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php echo longToIp($player->getLastIP()); ?>" readonly/>
</div>
</div>
<?php if ($db->hasColumn('players', 'loss_experience')): ?>
<div class="form-group row">
<div class="col-12 col-sm-12 col-lg-6">
<label for="loss_experience" class="control-label">Experience
Loss:</label>
<input type="text" class="form-control" id="loss_experience" name="loss_experience" autocomplete="off" maxlength="11" value="<?php echo $player->getLossExperience(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="loss_mana" class="control-label">Mana Loss:</label>
<input type="text" class="form-control" id="loss_mana" name="loss_mana" autocomplete="off" maxlength="11" value="<?php echo $player->getLossMana(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="loss_skills" class="control-label">Skills Loss:</label>
<input type="text" class="form-control" id="loss_skills" name="loss_skills" autocomplete="off" maxlength="11" value="<?php echo $player->getLossSkills(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="loss_containers" class="control-label">Containers Loss:</label>
<input type="text" class="form-control" id="loss_containers" name="loss_containers" autocomplete="off" maxlength="11" value="<?php echo $player->getLossContainers(); ?>"/>
</div>
<div class="col-12 col-sm-12 col-lg-6">
<label for="loss_items" class="control-label">Items Loss:</label>
<input type="text" class="form-control" id="loss_items" name="loss_items" autocomplete="off" maxlength="11" value="<?php echo $player->getLossItems(); ?>"/>
</div>
</div>
<?php endif; ?>
<div class="form-group row">
<div class="col-12">
<label for="comment" class="control-label">Comment:</label>
<textarea class="form-control" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
<small>[max. length: 2000 chars, 50 lines (ENTERs)]</small>
</div>
</div>
</div>
<div class="tab-pane fade" id="tabs-posts">
<table class="table table-striped table-condensed table-responsive d-md-table">
<thead>
<tr>
<th class="w-25">Topic</th>
<th>Content</th>
</tr>
</thead>
<tbody>
<?php
$posts = $db->query('SELECT `author_guid`,`section`,`first_post`,`post_text`,`post_date`, `post_topic`,`post_html`,`post_smile`,`' . TABLE_PREFIX . 'forum_boards`.`name` AS `forum_Name` FROM `' .
TABLE_PREFIX . 'forum` LEFT JOIN `' . TABLE_PREFIX . 'forum_boards` ON `' .
TABLE_PREFIX . 'forum`.section = `' . TABLE_PREFIX . 'forum_boards`.id WHERE `author_guid` = "' . $player->getId() . '" ORDER BY `post_date` DESC LIMIT 10');
if ($posts->rowCount() > 0) {
$posts = $posts->fetchAll();
foreach ($posts as $post) {
$text = ($post['post_html'] > 0 ? $post['post_text'] : htmlspecialchars($post['post_text']));
$post['content'] = ($post['post_html'] > 0 ? $text : Forum::parseBBCode(nl2br($text), $post['post_smile'] == 0));
?>
<tr>
<th><?php echo htmlspecialchars($post['post_topic']); ?><br/><small><?php echo date('d M y H:i:s', $post['post_date']); ?></small><br/>
Topic: <a href="<?php echo getForumThreadLink($post['first_post']); ?>" class="link-black text-sm"><i class="fa fa-share margin-r-5"></i> Link</a><br/>
Forum: <a href="<?php echo getForumBoardLink($post['section']); ?>" class="link-black text-sm"><i class="fa fa-share margin-r-5"></i> <?php echo $post['forum_Name']; ?></a></th>
<th><?php echo $post['content']; ?></th>
</tr>
<?php
}
unset($post);
} else {
echo '<tr><td colspan="2">This user has no posts</td></tr>';
}; ?>
</tbody>
</table>
</div>
<div class="tab-pane fade" id="tabs-chars">
<div class="row">
<?php
if (isset($account) && $account->isLoaded()) {
$account_players = $account->getPlayersList();
$account_players->orderBy('id');
if (isset($account_players)) { ?>
<table class="table table-striped table-condensed table-responsive d-md-table">
<thead>
<tr>
<th>#</th>
<th>Name</th>
<th>Level</th>
<th>Vocation</th>
<th style="width: 40px">Edit</th>
</tr>
</thead>
<tbody>
<?php foreach ($account_players as $i => $player):
$player_vocation = $player->getVocation();
$player_promotion = $player->getPromotion();
if (isset($player_promotion)) {
if ((int)$player_promotion > 0)
$player_vocation += ($player_promotion * $config['vocations_amount']);
}
if (isset($config['vocations'][$player_vocation])) {
$vocation_name = $config['vocations'][$player_vocation];
} ?>
<tr>
<th><?php echo $i; ?></th>
<td><?php echo $player->getName(); ?></td>
<td><?php echo $player->getLevel(); ?></td>
<td><?php echo $vocation_name; ?></td>
<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
</tr>
<?php endforeach ?>
</tbody>
</table>
<?php
}
} ?>
</div>
</div>
</div>
</div>
<div class="card-footer text-center">
<input type="hidden" name="save" value="yes"/>
<button type="submit" class="btn btn-info float-left"><i class="fas fa-update"></i> Update</button>
<a href="<?php echo ADMIN_URL; ?>?p=accounts&id=<?php echo $account->getId(); ?>" class="btn btn-secondary">Edit Account</a>
<a href="<?php echo ADMIN_URL; ?>?p=players" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
</div>
</form>
</div>
</div>
<script type="text/javascript">
$('#lastlogin').datetimepicker({format: "M d Y, H:i:s",});
$('#lastlogout').datetimepicker({format: "M d Y, H:i:s",});
$('#created').datetimepicker({format: "M d Y, H:i:s",});
$(document).ready(function () {
const $headSpan = $('#look_head_val');
const $headvalue = $('#look_head');
$headSpan.html($headvalue.val());
$headvalue.on('input', () => {
$headSpan.html($headvalue.val());
});
$headvalue.on('change', () => {
updateOutfit();
});
const $bodySpan = $('#look_body_val');
const $bodyvalue = $('#look_body');
$bodySpan.html($bodyvalue.val());
$bodyvalue.on('input', () => {
$bodySpan.html($bodyvalue.val());
});
$bodyvalue.on('change', () => {
updateOutfit();
});
const $legsSpan = $('#look_legs_val');
const $legsvalue = $('#look_legs');
$legsSpan.html($legsvalue.val());
$legsvalue.on('input', () => {
$legsSpan.html($legsvalue.val());
});
$legsvalue.on('change', () => {
updateOutfit();
});
const $feetSpan = $('#look_feet_val');
const $feetvalue = $('#look_feet');
$feetSpan.html($feetvalue.val());
$feetvalue.on('input', () => {
$feetSpan.html($feetvalue.val());
});
$feetvalue.on('change', () => {
updateOutfit();
});
const $lookvalue = $('#look_type');
$lookvalue.on('change', () => {
updateOutfit();
});
<?php if($hasLookAddons): ?>
const $addonvalue = $('#look_addons');
$('#look_addons').on('change', () => {
updateOutfit();
});
<?php endif; ?>
});
function updateOutfit() {
const look_head = $('#look_head').val();
const look_body = $('#look_body').val();
const look_legs = $('#look_legs').val();
const look_feet = $('#look_feet').val();
const look_type = $('#look_type').val();
let look_addons = '';
<?php if($hasLookAddons): ?>
look_addons = '&addons=' + $('#look_addons').val();
<?php endif; ?>
$("#player_outfit").attr("src", '<?= $config['outfit_images_url']; ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
}
</script>
<?php } ?>
<div class="col-12 col-sm-12 col-lg-2">
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Search Player</h5>
</div>
<div class="card-body row">
<div class="col-6 col-lg-12">
<form action="<?php echo $player_base; ?>" method="post">
<label for="name">Player Name:</label>
<div class="input-group input-group-sm">
<input type="text" class="form-control" name="search" value="<?php echo $search_player; ?>" maxlength="32" size="32">
<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
</div>
</form>
</div>
<div class="col-6 col-lg-12">
<form action="<?php echo $player_base; ?>" method="post">
<label for="name">Player ID:</label>
<div class="input-group input-group-sm">
<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<script>
$(document).ready(function () {
$('.player_datatable').DataTable({
"order": [[0, "asc"]]
});
});
</script>

114
system/pages/admin/plugins.php
View File

@@ -1,114 +0,0 @@
<?php
/**
* Plugins
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Plugin manager';
require_once LIBS . 'plugins.php';
$twig->display('admin.plugins.form.html.twig');
if (isset($_REQUEST['uninstall'])) {
$uninstall = $_REQUEST['uninstall'];
if (Plugins::uninstall($uninstall)) {
success('Successfully uninstalled plugin ' . $uninstall);
} else {
error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
}
} else if (isset($_FILES["plugin"]["name"])) {
$file = $_FILES["plugin"];
$filename = $file["name"];
$tmp_name = $file["tmp_name"];
$type = $file["type"];
$name = explode(".", $filename);
$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
if (isset($file['error'])) {
$error = 'Error uploading file';
switch ($file['error']) {
case UPLOAD_ERR_OK:
$error = false;
break;
case UPLOAD_ERR_INI_SIZE:
case UPLOAD_ERR_FORM_SIZE:
$error .= ' - file too large (limit of ' . ini_get('upload_max_filesize') . ' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
break;
case UPLOAD_ERR_PARTIAL:
$error .= ' - file upload was not completed.';
break;
case UPLOAD_ERR_NO_FILE:
$error .= ' - zero-length file uploaded.';
break;
default:
$error .= ' - internal error #' . $file['error'];
break;
}
}
if (isset($error) && $error != false) {
error($error);
} else {
if (is_uploaded_file($file['tmp_name'])) {
$filetype = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if ($filetype == 'zip') // check if it is zipped/compressed file
{
$tmp_filename = pathinfo($filename, PATHINFO_FILENAME);
$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
if (move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
if (Plugins::install($targetzip)) {
foreach (Plugins::getWarnings() as $warning) {
warning($warning);
}
$info = Plugins::getPluginJson();
success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
} else {
$error = Plugins::getError();
error(!empty($error) ? $error : 'Unexpected error happened while installing plugin. Please try again later.');
}
unlink($targetzip); // delete the Zipped file
} else
error('There was a problem with the upload. Please try again.');
} else {
error('The file you are trying to upload is not a .zip file. Please try again.');
}
} else {
error('Error uploading file - unknown error.');
}
}
}
$plugins = array();
foreach (get_plugins() as $plugin) {
$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
$string = Plugins::removeComments($string);
$plugin_info = json_decode($string, true);
if ($plugin_info == false) {
warning('Cannot load plugin info ' . $plugin . '.json');
} else {
$plugins[] = array(
'name' => isset($plugin_info['name']) ? $plugin_info['name'] : '',
'description' => isset($plugin_info['description']) ? $plugin_info['description'] : '',
'version' => isset($plugin_info['version']) ? $plugin_info['version'] : '',
'author' => isset($plugin_info['author']) ? $plugin_info['author'] : '',
'contact' => isset($plugin_info['contact']) ? $plugin_info['contact'] : '',
'file' => $plugin,
'uninstall' => isset($plugin_info['uninstall'])
);
}
}
$twig->display('admin.plugins.html.twig', array(
'plugins' => $plugins
));

60
system/pages/admin/reports.php
View File

@@ -1,60 +0,0 @@
<?php
/**
* Reports
*
* @package MyAAC
* @author Lee
* @copyright 2020 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Report Viewer';
$files = array();
$server_path_reports = $config['data_path'] . 'reports/';
if (file_exists($server_path_reports)) {
foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
if ($f[0] === '.') {
continue;
}
if (is_dir($server_path_reports . $f)) {
foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
if ($f2[0] === '.') {
continue;
}
$files[] = array($f . '/' . $f2, $server_path_reports);
}
continue;
}
$files[] = array($f, $server_path_reports);
}
}
foreach ($files as &$f) {
$f['mtime'] = filemtime($f[1] . $f[0]);
$f['name'] = $f[0];
}
unset($f);
$file = isset($_GET['file']) ? $_GET['file'] : NULL;
if (!empty($file)) {
if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
if (file_exists($server_path_reports . $file)) {
$file_content = nl2br(file_get_contents($server_path_reports . $file));
$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
} else {
echo 'Specified file does not exist.';
}
} else {
echo 'Invalid file name specified.';
}
}
$twig->display('admin.reports.html.twig', array('files' => $files));

198
system/pages/admin/settings.php
View File

@@ -1,198 +0,0 @@
<?php
/**
* Menus
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Settings';
require_once SYSTEM . 'clients.conf.php';
if (!isset($_GET['plugin']) || empty($_GET['plugin'])) {
error('Please select plugin name from left Panel.');
return;
}
$plugin = $_GET['plugin'];
if($plugin != 'core') {
$settingsFilePath = PLUGINS . $plugin . '/settings.php';
}
else {
$settingsFilePath = SYSTEM . 'settings.php';
}
if (!file_exists($settingsFilePath)) {
error('This plugin does not exist or does not have settings defined.');
return;
}
if($plugin === 'core') {
$settingsFile = require $settingsFilePath;
}
else {
$settingsFile = require $settingsFilePath;
}
if (!is_array($settingsFile)) {
return;
}
if (isset($_POST['save'])) {
$db->query('DELETE FROM `' . TABLE_PREFIX . 'settings` WHERE `plugin_name` = ' . $db->quote($plugin) . ';');
foreach ($_POST['settings'] as $key => $value) {
try {
$db->insert(TABLE_PREFIX . 'settings', ['plugin_name' => $plugin, 'key' => $key, 'value' => $value]);
} catch (PDOException $error) {
warning('Error while saving setting (' . $plugin . ' - ' . $key . '): ' . $error->getMessage());
}
}
$cache = Cache::getInstance();
if ($cache->enabled()) {
$cache->delete('settings');
}
success('Saved at ' . date('H:i'));
}
$title = ($plugin == 'core' ? 'MyAAC Settings' : 'Plugin Settings - ' . $plugin);
$query = 'SELECT `key`, `value` FROM `' . TABLE_PREFIX . 'settings` WHERE `plugin_name` = ' . $db->quote($plugin) . ';';
$query = $db->query($query);
$settingsDb = [];
if($query->rowCount() > 0) {
foreach($query->fetchAll(PDO::FETCH_ASSOC) as $value) {
$settingsDb[$value['key']] = $value['value'];
}
}
?>
<form method="post">
<div class="row">
<div class="col-md-12">
<div class="box">
<div class="box-body">
<button name="save" type="submit" class="btn btn-primary">Save</button>
</div>
<?php
$checkbox = function ($key, $type, $value) {
echo '<label><input type="radio" id="' . $key . '" name="settings[' . $key . ']" value="' . ($type ? 'true' : 'false') . '" ' . ($value === $type ? 'checked' : '') . '/>' . ($type ? 'Yes' : 'No') . '</label> ';
};
$i = 0;
foreach($settingsFile as $key => $setting) {
if($setting['type'] === 'section') {
if($i++ !== 0) {
echo '</tbody></table>';
}
?>
<h2 style="text-align: center"><strong><?= $setting['title']; ?></strong></h2>
<table class="table table-bordered table-striped">
<thead>
<tr>
<th style="width: 10%">Name</th>
<th style="width: 30%">Value</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<?php
continue;
}
?>
<tr>
<td><label for="<?= $key ?>" class="control-label"><?= $setting['name'] ?></label></td>
<td>
<?php
if ($setting['type'] === 'boolean') {
if(isset($settingsDb[$key])) {
if($settingsDb[$key] === 'true') {
$value = true;
}
else {
$value = false;
}
}
else {
$value = (isset($setting['default']) ? $setting['default'] : false);
}
$checkbox($key, true, $value);
$checkbox($key, false, $value);
}
else if (in_array($setting['type'], ['text', 'number', 'email', 'password'])) {
echo '<input class="form-control" type="' . $setting['type'] . '" name="settings[' . $key . ']" value="' . (isset($settingsDb[$key]) ? $settingsDb[$key] : (!empty($setting['default']) ? $setting['default'] : '')) . '" id="' . $key . '"/>';
}
else if($setting['type'] === 'textarea') {
echo '<textarea class="form-control" name="settings[' . $key . ']" id="' . $key . '">' . (isset($settingsDb[$key]) ? $settingsDb[$key] : (!empty($setting['default']) ? $setting['default'] : '')) . '</textarea>';
}
if ($setting['type'] === 'options') {
if ($setting['options'] === '$templates') {
$templates = [];
foreach (get_templates() as $value) {
$templates[$value] = $value;
}
$setting['options'] = $templates;
}
else if($setting['options'] === '$clients') {
$clients = [];
foreach((array)config('clients') as $client) {
$client_version = (string)($client / 100);
if(strpos($client_version, '.') === false)
$client_version .= '.0';
$clients[$client] = $client_version;
}
$setting['options'] = $clients;
}
echo '<select class="form-control" name="settings[' . $key . ']" id="' . $key . '">';
foreach ($setting['options'] as $value => $option) {
$compareTo = (isset($settingsDb[$key]) ? $settingsDb[$key] : (isset($setting['default']) ? $setting['default'] : ''));
if($value === 'true') {
$selected = $compareTo === true;
}
else if($value === 'false') {
$selected = $compareTo === false;
}
else {
$selected = $compareTo == $value;
}
echo '<option value="' . $value . '" ' . ($selected ? 'selected' : '') . '>' . $option . '</option>';
}
echo '</select>';
}
?>
</td>
<td>
<div class="well">
<?= $setting['desc'] ?>
</div>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
<div class="box-footer">
<button name="save" type="submit" class="btn btn-primary">Save</button>
</div>
</div>
</div>
</div>
</form>

39
system/pages/admin/statistics.php
View File

@@ -1,39 +0,0 @@
<?php
/**
* Statistics
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Statistics';
$query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
$query = $query->fetch();
$total_accounts = $query['how_much'];
$query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
$query = $query->fetch();
$total_players = $query['how_much'];
$query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
$query = $query->fetch();
$total_guilds = $query['how_much'];
$query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
$query = $query->fetch();
$total_houses = $query['how_much'];
$points = $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;');
$twig->display('admin.statistics.html.twig', array(
'total_accounts' => $total_accounts,
'total_players' => $total_players,
'total_guilds' => $total_guilds,
'total_houses' => $total_houses,
'account_type' => (USE_ACCOUNT_NAME ? 'name' : 'number'),
'points' => $points
));
?>

27
system/pages/admin/tools.php
View File

@@ -1,27 +0,0 @@
<?php
/**
* Tools
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Tools';
$tool = $_GET['tool'];
if (!isset($tool)) {
echo 'Tool not set.';
return;
}
if (preg_match("/[^A-z0-9_\-]/", $tool)) {
echo 'Invalid tool.';
return;
}
$file = BASE . 'admin/pages/tools/' . $tool . '.php';
if (!@file_exists($file))
require $file;
?>

50
system/pages/admin/version.php
View File

@@ -1,50 +0,0 @@
<?php
/**
* Version check
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Version check';
// fetch version
//$file = @fopen('https://my-aac.org/VERSION', 'r') or die('Error while fetching version.');
//$myaac_version = fgets($file);
$myaac_version = @file_get_contents('https://my-aac.org/VERSION');
if (!$myaac_version) {
warning('Error while fetching version info from https://my-aac.org<br/>
Please try again later.');
return;
}
// compare them
$version_compare = version_compare($myaac_version, MYAAC_VERSION);
if ($version_compare == 0) {
success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
} else if ($version_compare < 0) {
success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
} else {
warning('You\'re using outdated version.<br/>
Your version: <b>' . MYAAC_VERSION . '</b><br/>
Latest version: <b>' . $myaac_version . '</b><br/>
Download available at: <a href="https://my-aac.org" target="_blank">www.my-aac.org</a>');
}
/*
function version_revert($version)
{
$major = floor($version / 10000);
$version -= $major * 10000;
$minor = floor($version / 100);
$version -= $minor * 100;
$release = $version;
return $major . '.' . $minor . '.' . $release;
}*/
?>

36
system/pages/admin/visitors.php
View File

@@ -1,36 +0,0 @@
<?php
/**
* Visitors viewer
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Visitors';
if (!$config['visitors_counter']): ?>
Visitors counter is disabled.<br/>
You can enable it by editing this configurable in <b>config.local.php</b> file:<br/>
<p style="margin-left: 3em;"><b>$config['visitors_counter'] = true;</b></p>
<?php
return;
endif;
require SYSTEM . 'libs/visitors.php';
$visitors = new Visitors($config['visitors_counter_ttl']);
function compare($a, $b)
{
return $a['lastvisit'] > $b['lastvisit'] ? -1 : 1;
}
$tmp = $visitors->getVisitors();
usort($tmp, 'compare');
$twig->display('admin.visitors.html.twig', array(
'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
'visitors' => $tmp
));
?>

4
system/pages/changelog.php
View File

@@ -10,8 +10,7 @@
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Changelog';
$_page = isset($_GET['page']) ? $_GET['page'] : 0;
$id = isset($_GET['id']) ? $_GET['id'] : 0;
$_page = isset($_GET['page']) ? (int)$_GET['page'] : 0;
$limit = 30;
$offset = $_page * $limit;
$next_page = false;
@@ -43,4 +42,3 @@ $twig->display('changelog.html.twig', array(
'next_page' => $next_page,
'canEdit' => $canEdit,
));
?>

36
system/pages/characters.php
View File

@@ -47,7 +47,7 @@ if(isset($_REQUEST['name']))
if(empty($name))
{
$tmp_link = getPlayerLink($name);
echo 'Here you can get detailed information about a certain player on ' . $config['lua']['serverName'] . '.<BR>';
echo 'Here you can get detailed information about a certain player on ' . $config['lua']['serverName'] . '.<br/>';
echo generate_search_form(true);
return;
}
@@ -82,8 +82,9 @@ if($player->isLoaded() && !$player->isDeleted())
$outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($db->hasColumn('players', 'lookaddons') ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
$flag = '';
if($config['account_country'])
if($config['account_country']) {
$flag = getFlagImage($account->getCountry());
}
$player_sex = 'Unknown';
if(isset($config['genders'][$player->getSex()]))
@@ -147,9 +148,10 @@ if($player->isLoaded() && !$player->isDeleted())
if($config['characters']['skills'])
{
if($db->hasColumn('players', 'skill_fist')) {// tfs 1.0+
$skills_db = $db->query('SELECT `skill_fist`, `skill_club`, `skill_sword`, `skill_axe`, `skill_dist`, `skill_shielding`, `skill_fishing` FROM `players` WHERE `id` = ' . $player->getId())->fetch();
$skills_db = $db->query('SELECT `maglevel`, `skill_fist`, `skill_club`, `skill_sword`, `skill_axe`, `skill_dist`, `skill_shielding`, `skill_fishing` FROM `players` WHERE `id` = ' . $player->getId())->fetch();
$skill_ids = array(
POT::SKILL_MAGIC => 'maglevel',
POT::SKILL_FIST => 'skill_fist',
POT::SKILL_CLUB => 'skill_club',
POT::SKILL_SWORD => 'skill_sword',
@@ -175,8 +177,7 @@ if($player->isLoaded() && !$player->isDeleted())
}
$quests_enabled = $config['characters']['quests'] && !empty($config['quests']);
if($quests_enabled)
{
if($quests_enabled) {
$quests = $config['quests'];
$sql_query_in = '';
$i = 0;
@@ -197,10 +198,10 @@ if($player->isLoaded() && !$player->isDeleted())
foreach($quests as &$storage) {
$storage = isset($player_storage[$storage]) && $player_storage[$storage] > 0;
}
unset($storage);
}
if($config['characters']['equipment'])
{
if($config['characters']['equipment']) {
global $db;
$eq_sql = $db->query('SELECT `pid`, `itemtype` FROM player_items WHERE player_id = '.$player->getId().' AND (`pid` >= 1 and `pid` <= 10)');
$equipment = array();
@@ -284,8 +285,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
$deaths[] = array('time' => $death['date'], 'description' => $description . '.');
}
}
}
else {
} else {
$mostdamage = '';
if($db->hasColumn('player_deaths', 'mostdamage_by'))
$mostdamage = ', `mostdamage_by`, `mostdamage_is_player`, `unjustified`, `mostdamage_unjustified`';
@@ -294,8 +294,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
FROM `player_deaths`
WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;')->fetchAll();
if(count($deaths_db))
{
if(count($deaths_db)) {
$number_of_rows = 0;
foreach($deaths_db as $death)
{
@@ -326,14 +325,12 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
$frags = array();
$frag_add_content = '';
if($config['characters']['frags'] && $db->hasTable('killers'))
{
if($config['characters']['frags'] && $db->hasTable('killers')) {
//frags list by Xampy
$i = 0;
$frags_limit = 10; // frags limit to show? // default: 10
$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';')->fetchAll();
if(count($player_frags))
{
if(count($player_frags)) {
$row_count = 0;
foreach($player_frags as $frag)
{
@@ -346,7 +343,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
// signature
$settings = Settings::getInstance();
if($config['signature_enabled']) {
$signature_url = BASE_URL . ($settings['core.friendly_urls']['value'] ? '' : '?') . urlencode($player->getName()) . '.png';
$signature_url = BASE_URL . ($settings['core.friendly_urls']['value'] ? '' : 'index.php/') . urlencode($player->getName()) . '.png';
}
$hidden = $player->isHidden();
@@ -417,9 +414,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
'search_form' => generate_search_form(),
'canEdit' => hasFlag(FLAG_CONTENT_PLAYERS) || superAdmin()
));
}
else
{
} else {
$search_errors[] = 'Character <b>' . $name . '</b> does not exist or has been deleted.';
$twig->display('error_box.html.twig', array('errors' => $search_errors));
$search_errors = array();
@@ -433,8 +428,7 @@ else
$deleted = 'deletion';
$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)config('characters_search_limit') . ';');
if($query->rowCount() > 0)
{
if($query->rowCount() > 0) {
echo 'Did you mean:<ul>';
foreach($query as $player) {
if(isset($player['promotion'])) {

99
system/pages/creatures.php
View File

@@ -10,9 +10,10 @@
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = "Creatures";
$title = 'Creatures';
if (empty($_REQUEST['creature'])) {
if (empty($_REQUEST['name'])) {
// display list of monsters
$preview = config('creatures_images_preview');
$creatures = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1 '.(empty($_REQUEST['boss']) ? '': 'AND `rewardboss` = 1').' ORDER BY name asc')->fetchAll();
@@ -28,55 +29,55 @@ if (empty($_REQUEST['creature'])) {
'preview' => $preview
));
} else {
$creature_name = urldecode(stripslashes(ucwords(strtolower($_REQUEST['creature']))));
$prep = $db->prepare('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1 AND `name` = ? LIMIT 1;');
$prep->execute([$creature_name]);
$creature = $prep->fetch();
return;
}
if (isset($creature['name'])) {
function sort_by_chance($a, $b)
{
if ($a['chance'] == $b['chance']) {
return 0;
}
return ($a['chance'] > $b['chance']) ? -1 : 1;
// display monster
$creature_name = urldecode(stripslashes(ucwords(strtolower($_REQUEST['name']))));
$prep = $db->prepare('SELECT * FROM `' . TABLE_PREFIX . 'monsters` WHERE `hidden` != 1 AND `name` = ? LIMIT 1;');
$prep->execute([$creature_name]);
$creature = $prep->fetch();
if (isset($creature['name'])) {
function sort_by_chance($a, $b)
{
if ($a['chance'] == $b['chance']) {
return 0;
}
$title = $creature['name'] . " - Creatures";
$creature['img_link']= getCreatureImgPath($creature_name);
$voices = json_decode($creature['voices'], true);
$summons = json_decode($creature['summons'], true);
$elements = json_decode($creature['elements'], true);
$immunities = json_decode($creature['immunities'], true);
$loot = json_decode($creature['loot'], true);
usort($loot, 'sort_by_chance');
foreach ($loot as &$item) {
$item['name'] = getItemNameById($item['id']);
$item['rarity_chance'] = round($item['chance'] / 1000, 2);
$item['rarity'] = getItemRarity($item['chance']);
$item['tooltip'] = ucfirst($item['name']) . '<br/>Chance: ' . $item['rarity'] . (config('creatures_loot_percentage') ? ' ('. $item['rarity_chance'] .'%)' : '') . '<br/>Max count: ' . $item['count'];
}
$creature['loot'] = isset($loot) ? $loot : null;
$creature['voices'] = isset($voices) ? $voices : null;
$creature['summons'] = isset($summons) ? $summons : null;
$creature['elements'] = isset($elements) ? $elements : null;
$creature['immunities'] = isset($immunities) ? $immunities : null;
$twig->display('creature.html.twig', array(
'creature' => $creature,
));
} else {
echo "Creature with name <b>" . $creature_name . "</b> doesn't exist.";
return ($a['chance'] > $b['chance']) ? -1 : 1;
}
//back button
$twig->display('creatures.back_button.html.twig');
}
?>
$title = $creature['name'] . " - Creatures";
$creature['img_link']= getCreatureImgPath($creature_name);
$voices = json_decode($creature['voices'], true);
$summons = json_decode($creature['summons'], true);
$elements = json_decode($creature['elements'], true);
$immunities = json_decode($creature['immunities'], true);
$loot = json_decode($creature['loot'], true);
usort($loot, 'sort_by_chance');
foreach ($loot as &$item) {
$item['name'] = getItemNameById($item['id']);
$item['rarity_chance'] = round($item['chance'] / 1000, 2);
$item['rarity'] = getItemRarity($item['chance']);
$item['tooltip'] = ucfirst($item['name']) . '<br/>Chance: ' . $item['rarity'] . (config('creatures_loot_percentage') ? ' ('. $item['rarity_chance'] .'%)' : '') . '<br/>Max count: ' . $item['count'];
}
$creature['loot'] = isset($loot) ? $loot : null;
$creature['voices'] = isset($voices) ? $voices : null;
$creature['summons'] = isset($summons) ? $summons : null;
$creature['elements'] = isset($elements) ? $elements : null;
$creature['immunities'] = isset($immunities) ? $immunities : null;
$twig->display('creature.html.twig', array(
'creature' => $creature,
));
} else {
echo "Creature with name <b>" . $creature_name . "</b> doesn't exist.";
}
// back button
$twig->display('creatures.back_button.html.twig');

223
system/pages/forum.php
View File

@@ -5,198 +5,59 @@
* @package MyAAC
* @author Gesior <jerzyskalski@wp.pl>
* @author Slawkens <slawkens@gmail.com>
* @copyright 2019 MyAAC
* @copyright 2021 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Forum';
defined('MYAAC') or exit;
if(strtolower($config['forum']) != 'site')
require __DIR__ . '/forum/base.php';
require __DIR__ . '/forum/admin.php';
$errors = [];
if(!empty($action))
{
if($config['forum'] != '')
{
header('Location: ' . $config['forum']);
exit;
if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
error('Error: Action contains illegal characters.');
}
echo 'Forum is disabled on this site.';
return;
}
if(!$logged)
echo 'You are not logged in. <a href="?subtopic=accountmanagement&redirect=' . BASE_URL . urlencode('?subtopic=forum') . '">Log in</a> to post on the forum.<br /><br />';
require_once LIBS . 'forum.php';
$canEdit = Forum::isModerator();
if($canEdit)
{
$groups = new OTS_Groups_List();
if(!empty($action))
{
if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board')
$id = $_REQUEST['id'];
if(isset($_REQUEST['access']))
$access = $_REQUEST['access'];
if(isset($_REQUEST['guild']))
$guild = $_REQUEST['guild'];
if(isset($_REQUEST['name']))
$name = $_REQUEST['name'];
if(isset($_REQUEST['description']))
$description = stripslashes($_REQUEST['description']);
$errors = array();
if($action == 'add_board') {
if(Forum::add_board($name, $description, $access, $guild, $errors))
$action = $name = $description = '';
}
else if($action == 'delete_board') {
Forum::delete_board($id, $errors);
$action = '';
}
else if($action == 'edit_board')
{
if(isset($id) && !isset($name)) {
$board = Forum::get_board($id);
$name = $board['name'];
$access = $board['access'];
$guild = $board['guild'];
$description = $board['description'];
}
else {
Forum::update_board($id, $name, $access, $guild, $description);
$action = $name = $description = '';
$access = $guild = 0;
}
}
else if($action == 'hide_board') {
Forum::toggleHidden_board($id, $errors);
$action = '';
}
else if($action == 'moveup_board') {
Forum::move_board($id, -1, $errors);
$action = '';
}
else if($action == 'movedown_board') {
Forum::move_board($id, 1, $errors);
$action = '';
}
if(!empty($errors)) {
$twig->display('error_box.html.twig', array('errors' => $errors));
$action = '';
}
}
if(empty($action) || $action == 'edit_board') {
$guilds = $db->query('SELECT `id`, `name` FROM `guilds`')->fetchAll();
$twig->display('forum.add_board.html.twig', array(
'link' => getLink('forum', ($action == 'edit_board' ? 'edit_board' : 'add_board')),
'action' => $action,
'id' => isset($id) ? $id : null,
'name' => isset($name) ? $name : null,
'description' => isset($description) ? $description : null,
'access' => isset($access) ? $access : 0,
'guild' => isset($guild) ? $guild : null,
'groups' => $groups,
'guilds' => $guilds
));
if($action == 'edit_board')
$action = '';
}
}
$sections = array();
foreach(getForumBoards() as $section)
{
$sections[$section['id']] = array(
'id' => $section['id'],
'name' => $section['name'],
'description' => $section['description'],
'closed' => $section['closed'] == '1',
'guild' => $section['guild'],
'access' => $section['access']
);
if($canEdit) {
$sections[$section['id']]['hidden'] = $section['hidden'];
else if(file_exists(PAGES . 'forum/' . $action . '.php')) {
require PAGES . 'forum/' . $action . '.php';
return;
}
else {
$sections[$section['id']]['hidden'] = 0;
error('This page does not exists.');
}
}
$number_of_rows = 0;
if(empty($action))
{
$info = $db->query("SELECT `section`, COUNT(`id`) AS 'threads', SUM(`replies`) AS 'replies' FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `first_post` = `id` GROUP BY `section`")->fetchAll();
$info = $db->query("SELECT `section`, COUNT(`id`) AS 'threads', SUM(`replies`) AS 'replies' FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `first_post` = `id` GROUP BY `section`")->fetchAll();
$boards = array();
foreach($info as $data)
$counters[$data['section']] = array('threads' => $data['threads'], 'posts' => $data['replies'] + $data['threads']);
foreach($sections as $id => $section)
{
$show = true;
if(Forum::hasAccess($id)) {
$last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".(int) $id." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
$boards[] = array(
'id' => $id,
'link' => getForumBoardLink($id),
'name' => $section['name'],
'description' => $section['description'],
'hidden' => $section['hidden'],
'posts' => isset($counters[$id]['posts']) ? $counters[$id]['posts'] : 0,
'threads' => isset($counters[$id]['threads']) ? $counters[$id]['threads'] : 0,
'last_post' => array(
'name' => isset($last_post['name']) ? $last_post['name'] : null,
'date' => isset($last_post['post_date']) ? $last_post['post_date'] : null,
'player_link' => isset($last_post['name']) ? getPlayerLink($last_post['name']) : null,
)
);
}
$boards = array();
foreach($info as $data)
$counters[$data['section']] = array('threads' => $data['threads'], 'posts' => $data['replies'] + $data['threads']);
foreach($sections as $id => $section)
{
$show = true;
if(Forum::hasAccess($id)) {
$last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".(int) $id." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
$boards[] = array(
'id' => $id,
'link' => getForumBoardLink($id),
'name' => $section['name'],
'description' => $section['description'],
'hidden' => $section['hidden'],
'posts' => isset($counters[$id]['posts']) ? $counters[$id]['posts'] : 0,
'threads' => isset($counters[$id]['threads']) ? $counters[$id]['threads'] : 0,
'last_post' => array(
'name' => isset($last_post['name']) ? $last_post['name'] : null,
'date' => isset($last_post['post_date']) ? $last_post['post_date'] : null,
'player_link' => isset($last_post['name']) ? getPlayerLink($last_post['name']) : null,
)
);
}
$twig->display('forum.boards.html.twig', array(
'boards' => $boards,
'canEdit' => $canEdit,
'last' => count($sections)
));
return;
}
$errors = array();
if($action == 'show_board' || $action == 'show_thread')
{
require PAGES . 'forum/' . $action . '.php';
return;
}
if(!$logged)
{
$extra_url = '';
if($action == 'new_post' && isset($_GET['thread_id'])) {
$extra_url = '&action=new_post&thread_id=' . $_GET['thread_id'];
}
header('Location: ' . BASE_URL . '?subtopic=accountmanagement&redirect=' . BASE_URL . urlencode('?subtopic=forum' . $extra_url));
return;
}
if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {
error('Error: Action contains illegal characters.');
}
else if(file_exists(PAGES . 'forum/' . $action . '.php')) {
require PAGES . 'forum/' . $action . '.php';
}
else {
error('This page does not exists.');
}
?>
$twig->display('forum.boards.html.twig', array(
'boards' => $boards,
'canEdit' => $canEdit,
'last' => count($sections)
));

95
system/pages/forum/admin.php Normal file
View File

@@ -0,0 +1,95 @@
<?php
/**
* Forum admin
*
* @package MyAAC
* @author Gesior <jerzyskalski@wp.pl>
* @author Slawkens <slawkens@gmail.com>
* @copyright 2021 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or exit('Direct access not allowed!');
$canEdit = Forum::isModerator();
if($canEdit) {
$groups = new OTS_Groups_List();
if(!empty($action))
{
if($action == 'delete_board' || $action == 'edit_board' || $action == 'hide_board' || $action == 'moveup_board' || $action == 'movedown_board')
$id = $_REQUEST['id'];
if(isset($_REQUEST['access']))
$access = $_REQUEST['access'];
if(isset($_REQUEST['guild']))
$guild = $_REQUEST['guild'];
if(isset($_REQUEST['name']))
$name = $_REQUEST['name'];
if(isset($_REQUEST['description']))
$description = stripslashes($_REQUEST['description']);
$errors = array();
if($action == 'add_board') {
if(Forum::add_board($name, $description, $access, $guild, $errors))
$action = $name = $description = '';
}
else if($action == 'delete_board') {
Forum::delete_board($id, $errors);
$action = '';
}
else if($action == 'edit_board')
{
if(isset($id) && !isset($name)) {
$board = Forum::get_board($id);
$name = $board['name'];
$access = $board['access'];
$guild = $board['guild'];
$description = $board['description'];
}
else {
Forum::update_board($id, $name, $access, $guild, $description);
$action = $name = $description = '';
$access = $guild = 0;
}
}
else if($action == 'hide_board') {
Forum::toggleHidden_board($id, $errors);
$action = '';
}
else if($action == 'moveup_board') {
Forum::move_board($id, -1, $errors);
$action = '';
}
else if($action == 'movedown_board') {
Forum::move_board($id, 1, $errors);
$action = '';
}
if(!empty($errors)) {
$twig->display('error_box.html.twig', array('errors' => $errors));
$action = '';
}
}
if(empty($action) || $action == 'edit_board') {
$guilds = $db->query('SELECT `id`, `name` FROM `guilds`')->fetchAll();
$twig->display('forum.add_board.html.twig', array(
'link' => getLink('forum', ($action == 'edit_board' ? 'edit_board' : 'add_board')),
'action' => $action,
'id' => isset($id) ? $id : null,
'name' => isset($name) ? $name : null,
'description' => isset($description) ? $description : null,
'access' => isset($access) ? $access : 0,
'guild' => isset($guild) ? $guild : null,
'groups' => $groups,
'guilds' => $guilds
));
if($action == 'edit_board')
$action = '';
}
}

51
system/pages/forum/base.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
/**
* Forum base
*
* @package MyAAC
* @author Gesior <jerzyskalski@wp.pl>
* @author Slawkens <slawkens@gmail.com>
* @copyright 2021 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Forum';
if(strtolower($config['forum']) != 'site')
{
if($config['forum'] != '')
{
header('Location: ' . $config['forum']);
exit;
}
echo 'Forum is disabled on this site.';
return;
}
if(!$logged)
echo 'You are not logged in. <a href="?subtopic=accountmanagement&redirect=' . BASE_URL . urlencode('?subtopic=forum') . '">Log in</a> to post on the forum.<br /><br />';
require_once LIBS . 'forum.php';
$sections = array();
foreach(getForumBoards() as $section)
{
$sections[$section['id']] = array(
'id' => $section['id'],
'name' => $section['name'],
'description' => $section['description'],
'closed' => $section['closed'] == '1',
'guild' => $section['guild'],
'access' => $section['access']
);
if($canEdit) {
$sections[$section['id']]['hidden'] = $section['hidden'];
}
else {
$sections[$section['id']]['hidden'] = 0;
}
}
$number_of_rows = 0;

4
system/pages/forum/edit_post.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(Forum::canPost($account_logged))
{
$post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false;
@@ -113,4 +115,4 @@ if(Forum::canPost($account_logged))
else
echo "<br/>Your account is banned, deleted or you don't have any player with level " . $config['forum_level_required'] . " on your account. You can't post.";
?>
?>

4
system/pages/forum/move_thread.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(!Forum::isModerator()) {
echo 'You are not logged in or you are not moderator.';
}
@@ -61,4 +63,4 @@ else {
else
echo 'Post with ID ' . $post_id . ' does not exist.';
}
?>
?>

15
system/pages/forum/new_post.php
View File

@@ -10,6 +10,19 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(!$logged)
{
$extra_url = '';
if(isset($_GET['thread_id'])) {
$extra_url = '&action=new_post&thread_id=' . $_GET['thread_id'];
}
header('Location: ' . BASE_URL . '?subtopic=accountmanagement&redirect=' . BASE_URL . urlencode('?subtopic=forum' . $extra_url));
return;
}
if(Forum::canPost($account_logged))
{
$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
@@ -116,4 +129,4 @@ if(Forum::canPost($account_logged))
else
echo "Your account is banned, deleted or you don't have any player with level " . $config['forum_level_required'] . " on your account. You can't post.";
$twig->display('forum.fullscreen.html.twig');
$twig->display('forum.fullscreen.html.twig');

4
system/pages/forum/new_thread.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(Forum::canPost($account_logged))
{
$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
@@ -102,4 +104,4 @@ if(Forum::canPost($account_logged))
else
echo 'Your account is banned, deleted or you don\'t have any player with level '.$config['forum_level_required'].' on your account. You can\'t post.';
?>
?>

4
system/pages/forum/remove_post.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(Forum::isModerator())
{
$id = (int) $_REQUEST['id'];
@@ -33,4 +35,4 @@ if(Forum::isModerator())
echo 'Post with ID ' . $id . ' does not exist.';
}
else
echo 'You are not logged in or you are not moderator.';
echo 'You are not logged in or you are not moderator.';

5
system/pages/forum/show_board.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$links_to_pages = '';
$section_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : null;
@@ -57,8 +59,7 @@ if(isset($last_threads[0]))
foreach($last_threads as $thread)
{
echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
if(Forum::isModerator())
{
if(Forum::isModerator()) {
echo '<a href="?subtopic=forum&action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.$thread['post_topic'].' <?\')"><span style="color: red">[REMOVE]</span></a> ';
}

4
system/pages/forum/show_thread.php
View File

@@ -10,9 +10,11 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$links_to_pages = '';
$thread_id = (int) $_REQUEST['id'];
$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
$_page = (int) ($_REQUEST['page'] ?? 0);
$thread_starter = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`first_post` AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` LIMIT 1")->fetch();
if(empty($thread_starter['name'])) {

8
system/pages/gallery.php
View File

@@ -145,8 +145,8 @@ class Gallery
$pathinfo = pathinfo($image);
$extension = strtolower($pathinfo['extension']);
$thumb_filename = 'images/gallery/' . $pathinfo['filename'] . '_thumb.' . $extension;
$filename = 'images/gallery/' . $pathinfo['filename'] . '.' . $extension;
$thumb_filename = GALLERY_DIR . $pathinfo['filename'] . '_thumb.' . $extension;
$filename = GALLERY_DIR . $pathinfo['filename'] . '.' . $extension;
if($db->insert(TABLE_PREFIX . 'gallery', array(
'comment' => $comment,
'image' => $filename, 'author' => $author,
@@ -172,7 +172,7 @@ class Gallery
$pathinfo = pathinfo($image);
$extension = strtolower($pathinfo['extension']);
$filename = 'images/gallery/' . $pathinfo['filename'] . '.' . $extension;
$filename = GALLERY_DIR . $pathinfo['filename'] . '.' . $extension;
if($db->update(TABLE_PREFIX . 'gallery', array(
'comment' => $comment,
@@ -291,7 +291,7 @@ class Gallery
{
$pathinfo = pathinfo($file);
$extension = strtolower($pathinfo['extension']);
$thumb_filename = 'images/gallery/' . $pathinfo['filename'] . '_thumb.' . $extension;
$thumb_filename = GALLERY_DIR . $pathinfo['filename'] . '_thumb.' . $extension;
if(!self::resize($file, 170, 110, $thumb_filename, $errors))
return false;

9
system/pages/guilds.php
View File

@@ -11,16 +11,9 @@
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Guilds';
if($db->hasTable('guild_members'))
define('GUILD_MEMBERS_TABLE', 'guild_members');
else
define('GUILD_MEMBERS_TABLE', 'guild_membership');
define('MOTD_EXISTS', $db->hasColumn('guilds', 'motd'));
//show list of guilds
if(empty($action)) {
require PAGES . 'guilds/list_of_guilds.php';
require PAGES . 'guilds/list.php';
}
else {
if(!ctype_alnum(str_replace(array('-', '_'), '', $action))) {

17
system/pages/guilds/accept_invite.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
//set rights in guild
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
@@ -39,13 +41,10 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
$player->find($name);
if(!$player->isLoaded()) {
$errors[] = 'Player with name <b>'.$name.'</b> doesn\'t exist.';
}
else
{
$rank_of_player = $player->getRank();
if($rank_of_player->isLoaded()) {
$errors[] = 'Character with name <b>'.$name.'</b> is already in guild. You must leave guild before you join other guild.';
}
}else if ($player->getAccountID() != $account_logged->getId()) {
$errors[] = 'Character with name <b> ' . $name. ' </b> is not in your account.';
}else if ($player->getRank()->isLoaded()){
$errors[] = 'Character with name <b>'.$name.'</b> is already in guild. You must leave guild before you join other guild.';
}
}
}
@@ -65,7 +64,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
}
if(!$is_invited) {
$errors[] = 'Character '.$player->getName.' isn\'t invited to guild <b>'.$guild->getName().'</b>.';
$errors[] = 'Character '.$player->getName() .' isn\'t invited to guild <b>'.$guild->getName().'</b>.';
}
}
}
@@ -123,5 +122,3 @@ else {
));
}
}
?>

4
system/pages/guilds/add_rank.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
$rank_name = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
if(!Validator::guildName($guild_name)) {
@@ -74,4 +76,4 @@ else
}
}
?>
?>

17
system/pages/guilds/base.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
/**
* Guilds base
*
* @package MyAAC
* @author Slawkens <slawkens@gmail.com>
* @copyright 2021 MyAAC
* @link https://my-aac.org
*/
defined('MYAAC') or die('Direct access not allowed!');
if($db->hasTable('guild_members'))
define('GUILD_MEMBERS_TABLE', 'guild_members');
else
define('GUILD_MEMBERS_TABLE', 'guild_membership');
define('MOTD_EXISTS', $db->hasColumn('guilds', 'motd'));

2
system/pages/guilds/change_description.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
if(!Validator::guildName($guild_name)) {
$errors[] = Validator::getLastError();

12
system/pages/guilds/change_logo.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
if(!Validator::guildName($guild_name)) {
$errors[] = Validator::getLastError();
@@ -44,7 +46,7 @@ if(empty($errors)) {
$allowed_ext = array('image/gif', 'image/jpg', 'image/pjpeg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png');
$ext_name = array('image/gif' => 'gif', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/bmp' => 'bmp', 'image/png' => 'png', 'image/x-png' => 'png');
$save_file_name = str_replace(' ', '_', strtolower($guild->getName()));
$save_path = 'images/guilds/' . $save_file_name;
$save_path = GUILD_IMAGES_DIR . $save_file_name;
if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save')
{
$file = $_FILES['newlogo'];
@@ -74,12 +76,12 @@ if(empty($errors)) {
{
$guild_logo = $guild->getCustomField('logo_name');
$guild_logo = str_replace(array('..', '/', '\\'), array('','',''), $guild->getCustomField('logo_name'));
if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo)) {
if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) {
$guild_logo = "default.gif";
}
if($guild_logo != "default.gif" && $guild_logo != $save_file_name.'.'.$extension) {
unlink('images/guilds/' . $guild_logo);
unlink(GUILD_IMAGES_DIR . $guild_logo);
}
}
@@ -94,7 +96,7 @@ if(empty($errors)) {
}
$guild_logo = $guild->getCustomField('logo_name');
if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo)) {
if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) {
$guild_logo = "default.gif";
}
@@ -122,4 +124,4 @@ if(!empty($errors)) {
'action' => '?subtopic=guilds'
));
}
?>
?>

4
system/pages/guilds/change_motd.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(!MOTD_EXISTS)
return;
@@ -74,4 +76,4 @@ if(!empty($errors)) {
));
}
?>
?>

2
system/pages/guilds/change_nick.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(!$logged) {
$errors[] = "You are not logged in. You can't change nick.";
$twig->display('error_box.html.twig', array('errors' => $errors));

4
system/pages/guilds/change_rank.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(!$logged) {
$errors[] = "You are not logged in. You can't change rank.";
}
@@ -86,7 +88,7 @@ if($guild_vice)
else
{
$player_in_guild = false;
if($guild->getName() === $player_to_change->getRank()->getGuild()->getName() || $guild_leader)
if($guild->getName() === $player_to_change->getRank()->getGuild()->getName())
{
$player_in_guild = true;
$player_has_lower_rank = false;

4
system/pages/guilds/cleanup_guilds.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(!$logged)
{
echo "You are not logged in.";
@@ -64,4 +66,4 @@ else
echo "0 guilds found.";
$twig->display('guilds.back_button.html.twig');
?>
?>

4
system/pages/guilds/cleanup_players.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
if(!$logged)
{
echo "You are not logged in.";
@@ -66,4 +68,4 @@ else
echo "0 players found.";
$twig->display('guilds.back_button.html.twig');
?>
?>

4
system/pages/guilds/create.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
$todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL;
@@ -131,4 +133,4 @@ else {
));
}
?>
?>

4
system/pages/guilds/delete_by_admin.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
if(!Validator::guildName($guild_name)) {
$errors[] = Validator::getLastError();
@@ -65,4 +67,4 @@ if(!empty($errors)) {
));
}
?>
?>

4
system/pages/guilds/delete_guild.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
if(!Validator::guildName($guild_name)) {
$errors[] = Validator::getLastError();
@@ -77,4 +79,4 @@ if(!empty($errors)) {
));
}
?>
?>

4
system/pages/guilds/delete_invite.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
$name = stripslashes($_REQUEST['name']);
@@ -113,4 +115,4 @@ else
'guild_name' => $guild->getName()
));
}
}
}

2
system/pages/guilds/delete_rank.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
$rank_to_delete = isset($_REQUEST['rankid']) ? (int) $_REQUEST['rankid'] : null;

4
system/pages/guilds/invite.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
//set rights in guild
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
@@ -122,4 +124,4 @@ if($show) {
$twig->display('guilds.back_button.html.twig', array(
'action' => getLink('guilds') . '/' . $guild_name
));
));

4
system/pages/guilds/kick_player.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
//set rights in guild
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
@@ -118,4 +120,4 @@ else
));
}
}
?>
?>

2
system/pages/guilds/leave_guild.php → system/pages/guilds/leave.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
//set rights in guild
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;

6
system/pages/guilds/list_of_guilds.php → system/pages/guilds/list.php
View File

@@ -11,6 +11,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guilds_list = new OTS_Guilds_List();
$guilds_list->orderBy("name");
@@ -19,7 +21,7 @@ if(count($guilds_list) > 0)
{
foreach ($guilds_list as $guild) {
$guild_logo = $guild->getCustomField('logo_name');
if (empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo))
if (empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo))
$guild_logo = "default.gif";
$description = $guild->getCustomField('description');
@@ -36,4 +38,4 @@ $twig->display('guilds.list.html.twig', array(
'guilds' => $guilds,
'logged' => isset($logged) ? $logged : false,
'isAdmin' => admin(),
));
));

4
system/pages/guilds/manager.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
if(!Validator::guildName($guild_name)) {
$errors[] = Validator::getLastError();
@@ -56,5 +58,3 @@ if(empty($errors)) {
if(!empty($errors)) {
$twig->display('error_box.html.twig', array('errors' => $errors));
}
?>

4
system/pages/guilds/pass_leadership.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
$pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL;
if(!Validator::guildName($guild_name)) {
@@ -116,4 +118,4 @@ if(!empty($guild_errors)) {
echo '<br/><div style="text-align:center"><form action="?subtopic=guilds" method="post">' . $twig->render('buttons.back.html.twig') . '</form></div>';
}
?>
?>

2
system/pages/guilds/save_ranks.php
View File

@@ -10,6 +10,8 @@
*/
defined('MYAAC') or die('Direct access not allowed!');
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
if(!Validator::guildName($guild_name)) {
$errors[] = Validator::getLastError();

7
system/pages/guilds/show.php
View File

@@ -12,6 +12,9 @@
defined('MYAAC') or die('Direct access not allowed!');
$title = 'Guilds';
require __DIR__ . '/base.php';
$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
if(!Validator::guildName($guild_name))
$errors[] = Validator::getLastError();
@@ -77,7 +80,7 @@ if($logged)
//show guild page
$guild_logo = $guild->getCustomField('logo_name');
if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo))
if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo))
$guild_logo = "default.gif";
$description = $guild->getCustomField('description');
@@ -159,4 +162,4 @@ $twig->display('guilds.view.html.twig', array(
'invited_list' => $invited_list,
'show_accept_invite' => $show_accept_invite,
'useGuildNick' => $useGuildNick
));
));

24
system/pages/highscores.php
View File

@@ -15,12 +15,12 @@ $configHighscoresCountryBox = config('highscores_country_box');
if(config('account_country') && $configHighscoresCountryBox)
require SYSTEM . 'countries.conf.php';
$list = isset($_GET['list']) ? $_GET['list'] : 'experience';
$_page = isset($_GET['page']) ? $_GET['page'] : 1;
$vocation = isset($_GET['vocation']) ? $_GET['vocation'] : 'all';
$list = $_GET['list'] ?? 'experience';
$page = $_GET['page'] ?? 1;
$vocation = $_GET['vocation'] ?? 'all';
if(!is_numeric($_page) || $_page < 1 || $_page > PHP_INT_MAX) {
$_page = 1;
if(!is_numeric($page) || $page < 1 || $page > PHP_INT_MAX) {
$page = 1;
}
$add_sql = '';
@@ -47,8 +47,8 @@ if($configHighscoresVocationBox && $vocation !== 'all')
}
}
define('SKILL_FRAGS', -1);
define('SKILL_BALANCE', -2);
const SKILL_FRAGS = -1;
const SKILL_BALANCE = -2;
$skill = POT::SKILL__LEVEL;
if(is_numeric($list))
@@ -139,7 +139,7 @@ $configHighscoresPerPage = config('highscores_per_page');
$limit = $configHighscoresPerPage + 1;
$needReCache = true;
$cacheKey = 'highscores_' . $skill . '_' . $vocation . '_' . $_page . '_' . $configHighscoresPerPage;
$cacheKey = 'highscores_' . $skill . '_' . $vocation . '_' . $page . '_' . $configHighscoresPerPage;
$cache = Cache::getInstance();
if ($cache->enabled()) {
@@ -150,7 +150,7 @@ if ($cache->enabled()) {
}
}
$offset = ($_page - 1) * $configHighscoresPerPage;
$offset = ($page - 1) * $configHighscoresPerPage;
if (!isset($highscores) || empty($highscores)) {
if ($skill >= POT::SKILL_FIRST && $skill <= POT::SKILL_LAST) { // skills
if ($db->hasColumn('players', 'skill_fist')) {// tfs 1.0
@@ -280,14 +280,14 @@ foreach($highscores as $id => &$player)
//link to previous page if actual page is not first
$linkPreviousPage = '';
if($_page > 1) {
$linkPreviousPage = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/' . ($_page - 1);
if($page > 1) {
$linkPreviousPage = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/' . ($page - 1);
}
//link to next page if any result will be on next page
$linkNextPage = '';
if($show_link_to_next_page) {
$linkNextPage = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/' . ($_page + 1);
$linkNextPage = getLink('highscores') . '/' . $list . ($vocation !== 'all' ? '/' . $vocation : '') . '/' . ($page + 1);
}
$types = array(

2
system/pages/news.php
View File

@@ -64,7 +64,6 @@ if(isset($_GET['archive']))
'icon' => $categories[$news['category']]['icon_id'],
'author' => $config['news_author'] ? $author : '',
'comments' => $news['comments'] != 0 ? getForumThreadLink($news['comments']) : null,
'news_date_format' => $config['news_date_format']
));
}
else
@@ -214,7 +213,6 @@ if(!$news_cached)
'icon' => $categories[$news['category']]['icon_id'],
'author' => $config['news_author'] ? $author : '',
'comments' => $news['comments'] != 0 ? getForumThreadLink($news['comments']) : null,
'news_date_format' => $config['news_date_format'],
'hidden'=> $news['hidden']
));
}

3
system/pages/newsarchive.php → system/pages/news/archive.php
View File

@@ -9,5 +9,4 @@
* @link https://my-aac.org
*/
$_GET['archive'] = true;
require 'news.php';
?>
require __DIR__ . '/../news.php';

Some files were not shown because too many files have changed in this diff Show More