From 5d499bc5e687699d6e3948f9e089054866124114 Mon Sep 17 00:00:00 2001 From: slawkens Date: Sat, 15 Feb 2020 03:37:18 +0100 Subject: [PATCH] Patch some changes/fixes from 0.8 branch Fix Gesior signature double dollar $$ Add some missing
to online page Use $config['last_kills_limit'] in lastkills.php Fix save_ranks.php: getLastError(); Fix PHPMailer autoloader Fix leaking sensitive informations on MySQL Connection Fail Add nginx-sample.conf Change myaac_monsters.loot to text Add more files to ignore file --- .gitignore | 33 +++++++++++- install/includes/schema.sql | 2 +- install/steps/5-database.php | 56 ++++++++++----------- nginx-sample.conf | 25 +++++++++ system/database.php | 2 +- system/libs/phpmailer/PHPMailerAutoload.php | 16 ------ system/pages/guilds/save_ranks.php | 2 +- system/pages/lastkills.php | 2 +- system/templates/online.html.twig | 1 + tools/signature/gesior.php | 2 +- tools/validate.php | 2 +- 11 files changed, 92 insertions(+), 51 deletions(-) create mode 100644 nginx-sample.conf diff --git a/.gitignore b/.gitignore index a0613837..c2bbbf61 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,34 @@ Thumbs.db .DS_Store -.idea \ No newline at end of file +.idea + +releases +config.local.php +PERSONAL_NOTES + +# all custom templates +templates/* +!templates/tibiacom +!templates/kathrine + +# guild images +images/guilds/* +!images/guilds/default.gif + +# cache +system/cache/* +!system/cache/index.html +!system/cache/twig/index.html +!system/cache/signatures/index.html + +# logs +system/logs/* +!system/logs/index.html + +# plugins +plugins/* +!plugins/.htaccess +!plugins/example.json +!plugins/account-create-hint.json +!plugins/account-create-hint +landing diff --git a/install/includes/schema.sql b/install/includes/schema.sql index fa1e16cf..4c9fe673 100644 --- a/install/includes/schema.sql +++ b/install/includes/schema.sql @@ -236,7 +236,7 @@ CREATE TABLE `myaac_monsters` ( `summonable` tinyint(1) NOT NULL, `convinceable` tinyint(1) NOT NULL, `race` varchar(255) NOT NULL, - `loot` varchar(500) NOT NULL, + `loot` text NOT NULL, PRIMARY KEY (`id`) ) ENGINE = MyISAM; diff --git a/install/steps/5-database.php b/install/steps/5-database.php index b6ae2678..8e15514a 100644 --- a/install/steps/5-database.php +++ b/install/steps/5-database.php @@ -34,13 +34,13 @@ if(!$error) { } } } - + require(BASE . 'install/includes/config.php'); - + if(!$error) { success($locale['step_database_importing']); require(BASE . 'install/includes/database.php'); - + if(!tableExist('accounts')) { $locale['step_database_error_table'] = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']); error($locale['step_database_error_table']); @@ -70,14 +70,14 @@ if(!$error) { error($locale['step_database_error_schema'] . ' ' . $error_); $error = true; } - + if(!$error) { registerDatabaseConfig('database_version', DATABASE_VERSION); $locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']); success($locale['step_database_success_schema']); } } - + if(!$error) { if(fieldExist('key', 'accounts')) { if(query("ALTER TABLE `accounts` MODIFY `key` VARCHAR(64) NOT NULL DEFAULT '';")) @@ -87,32 +87,32 @@ if(!$error) { if(query("ALTER TABLE `accounts` ADD `key` VARCHAR(64) NOT NULL DEFAULT '' AFTER `email`;")) success($locale['step_database_adding_field'] . ' accounts.key...'); } - + if(!fieldExist('blocked', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `blocked` TINYINT(1) NOT NULL DEFAULT FALSE COMMENT 'internal usage' AFTER `key`;")) success($locale['step_database_adding_field'] . ' accounts.blocked...'); } - + if(!fieldExist('created', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `created` INT(11) NOT NULL DEFAULT 0 AFTER `" . (fieldExist('group_id', 'accounts') ? 'group_id' : 'blocked') . "`;")) success($locale['step_database_adding_field'] . ' accounts.created...'); } - + if(!fieldExist('rlname', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `rlname` VARCHAR(255) NOT NULL DEFAULT '' AFTER `created`;")) success($locale['step_database_adding_field'] . ' accounts.rlname...'); } - + if(!fieldExist('location', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `location` VARCHAR(255) NOT NULL DEFAULT '' AFTER `rlname`;")) success($locale['step_database_adding_field'] . ' accounts.location...'); } - + if(!fieldExist('country', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `country` VARCHAR(3) NOT NULL DEFAULT '' AFTER `location`;")) success($locale['step_database_adding_field'] . ' accounts.country...'); } - + if(fieldExist('page_lastday', 'accounts')) { if(query("ALTER TABLE `accounts` CHANGE `page_lastday` `web_lastlogin` INT(11) NOT NULL DEFAULT 0;")) { $tmp = str_replace('$FIELD$', 'accounts.page_lastday', $locale['step_database_changing_field']); @@ -124,32 +124,32 @@ if(!$error) { if(query("ALTER TABLE `accounts` ADD `web_lastlogin` INT(11) NOT NULL DEFAULT 0 AFTER `country`;")) success($locale['step_database_adding_field'] . ' accounts.web_lastlogin...'); } - + if(!fieldExist('web_flags', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `web_flags` INT(11) NOT NULL DEFAULT 0 AFTER `web_lastlogin`;")) success($locale['step_database_adding_field'] . ' accounts.web_flags...'); } - + if(!fieldExist('email_hash', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `email_hash` VARCHAR(32) NOT NULL DEFAULT '' AFTER `web_flags`;")) success($locale['step_database_adding_field'] . ' accounts.email_hash...'); } - + if(!fieldExist('email_verified', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `email_hash`;")) success($locale['step_database_adding_field'] . ' accounts.email_verified...'); } - + if(!fieldExist('email_new', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_hash`;")) success($locale['step_database_adding_field'] . ' accounts.email_new...'); } - + if(!fieldExist('email_new_time', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `email_new_time` INT(11) NOT NULL DEFAULT 0 AFTER `email_new`;")) success($locale['step_database_adding_field'] . ' accounts.email_new_time...'); } - + if(!fieldExist('email_code', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `email_code` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_new_time`;")) success($locale['step_database_adding_field'] . ' accounts.email_code...'); @@ -168,7 +168,7 @@ if(!$error) { if(query("ALTER TABLE `accounts` ADD `email_next` INT(11) NOT NULL DEFAULT 0 AFTER `email_code`;")) success($locale['step_database_adding_field'] . ' accounts.email_next...'); } - + if(!fieldExist('premium_points', 'accounts')) { if(query("ALTER TABLE `accounts` ADD `premium_points` INT(11) NOT NULL DEFAULT 0 AFTER `email_next`;")) success($locale['step_database_adding_field'] . ' accounts.premium_points...'); @@ -183,7 +183,7 @@ if(!$error) { if(query("ALTER TABLE `guilds` ADD `description` TEXT NOT NULL;")) success($locale['step_database_adding_field'] . ' guilds.description...'); } - + if(fieldExist('logo_gfx_name', 'guilds')) { if(query("ALTER TABLE `guilds` CHANGE `logo_gfx_name` `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) { $tmp = str_replace('$FIELD$', 'guilds.logo_gfx_name', $locale['step_database_changing_field']); @@ -195,15 +195,15 @@ if(!$error) { if(query("ALTER TABLE `guilds` ADD `logo_name` VARCHAR( 255 ) NOT NULL DEFAULT 'default.gif';")) success($locale['step_database_adding_field'] . ' guilds.logo_name...'); } - + if(!fieldExist('created', 'players')) { if(query("ALTER TABLE `players` ADD `created` INT(11) NOT NULL DEFAULT 0;")) success($locale['step_database_adding_field'] . ' players.created...'); } - + if(!fieldExist('deleted', 'players') && !fieldExist('deletion', 'players')) { if(query("ALTER TABLE `players` ADD `deleted` TINYINT(1) NOT NULL DEFAULT 0;")) - success($locale['step_database_adding_field'] . ' players.comment...'); + success($locale['step_database_adding_field'] . ' players.deleted...'); } if(fieldExist('hide_char', 'players')) { @@ -219,16 +219,16 @@ if(!$error) { if(query("ALTER TABLE `players` ADD `hidden` TINYINT(1) NOT NULL DEFAULT 0;")) success($locale['step_database_adding_field'] . ' players.hidden...'); } - + if(!fieldExist('comment', 'players')) { if(query("ALTER TABLE `players` ADD `comment` TEXT NOT NULL;")) success($locale['step_database_adding_field'] . ' players.comment...'); } - + if(fieldExist('rank_id', 'players')) { if(query("ALTER TABLE players MODIFY `rank_id` INT(11) NOT NULL DEFAULT 0;")) success($locale['step_database_modifying_field'] . ' players.rank_id...'); - + if(fieldExist('guildnick', 'players')) { if(query("ALTER TABLE players MODIFY `guildnick` VARCHAR(255) NOT NULL DEFAULT '';")) { success($locale['step_database_modifying_field'] . ' players.guildnick...'); @@ -236,7 +236,7 @@ if(!$error) { } } } - + if(!$error && (!isset($_SESSION['saved']))) { $content .= '$config[\'installed\'] = true;'; $content .= PHP_EOL; @@ -251,7 +251,7 @@ if(!$error) { error($locale['step_config_mail_address_error']); $error = true; } - + $content .= '$config[\'client_download\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/exe/windows\';'; $content .= PHP_EOL; $content .= '$config[\'client_download_linux\'] = \'http://tibia-clients.com/clients/download/\'. $config[\'client\'] . \'/tar/linux\';'; @@ -260,7 +260,7 @@ if(!$error) { $content .= PHP_EOL; $content .= '$config[\'cache_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';'; $content .= PHP_EOL; - + $file = fopen(BASE . 'config.local.php', 'a+'); if($file) { if(!$error) { diff --git a/nginx-sample.conf b/nginx-sample.conf new file mode 100644 index 00000000..f826d21d --- /dev/null +++ b/nginx-sample.conf @@ -0,0 +1,25 @@ +server { + listen 80; + root /home/otserv/www/public; + index index.php; + server_name your-domain.com; + + location / { + try_files $uri $uri/ /index.php; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_read_timeout 240; + fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; + } + + location ~ /\.ht { + deny all; + } + + location /system { + deny all; + return 404; + } +} diff --git a/system/database.php b/system/database.php index 7427fecd..5a91ff36 100644 --- a/system/database.php +++ b/system/database.php @@ -95,7 +95,7 @@ defined('MYAAC') or die('Direct access not allowed!'); '' . $error); + '' . $error->getMessage()); } $db = POT::getInstance()->getDBHandle(); diff --git a/system/libs/phpmailer/PHPMailerAutoload.php b/system/libs/phpmailer/PHPMailerAutoload.php index eaa2e303..40141dcc 100644 --- a/system/libs/phpmailer/PHPMailerAutoload.php +++ b/system/libs/phpmailer/PHPMailerAutoload.php @@ -30,20 +30,4 @@ function PHPMailerAutoload($classname) } } -if (version_compare(PHP_VERSION, '5.1.2', '>=')) { - //SPL autoloading was introduced in PHP 5.1.2 - if (version_compare(PHP_VERSION, '5.3.0', '>=')) { spl_autoload_register('PHPMailerAutoload', true, true); - } else { - spl_autoload_register('PHPMailerAutoload'); - } -} else { - /** - * Fall back to traditional autoload for old PHP versions - * @param string $classname The name of the class to load - */ - function __autoload($classname) - { - PHPMailerAutoload($classname); - } -} diff --git a/system/pages/guilds/save_ranks.php b/system/pages/guilds/save_ranks.php index 55f80e60..5158e490 100644 --- a/system/pages/guilds/save_ranks.php +++ b/system/pages/guilds/save_ranks.php @@ -12,7 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!'); $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null; if(!Validator::guildName($guild_name)) { - $errors[] = Validator::get; + $errors[] = Validator::getLastError(); } if(empty($errors)) { diff --git a/system/pages/lastkills.php b/system/pages/lastkills.php index c746cf0d..a50f8cf5 100644 --- a/system/pages/lastkills.php +++ b/system/pages/lastkills.php @@ -84,7 +84,7 @@ if(tableExist('player_killers')) // tfs 0.3 else { //$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";"); -$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT 20;"); +$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";"); if(!empty($players_deaths)) { diff --git a/system/templates/online.html.twig b/system/templates/online.html.twig index 5576d73f..e4c3eec4 100644 --- a/system/templates/online.html.twig +++ b/system/templates/online.html.twig @@ -26,6 +26,7 @@ +
{# vocation statistics #} {% if config.online_vocations %}
diff --git a/tools/signature/gesior.php b/tools/signature/gesior.php index 11ec9d52..d3b4edce 100644 --- a/tools/signature/gesior.php +++ b/tools/signature/gesior.php @@ -20,7 +20,7 @@ if($rank->isLoaded()) { imagettftext($image , $fontsize, 0, 20, 75, $color, $font, 'Guild:'); - imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $$rank->getGuild()->getName()); + imagettftext($image , $fontsize, 0, 70, 75, $color, $font, $player->getRank()->getName() . ' of the ' . $rank->getGuild()->getName()); } imagettftext($image , $fontsize, 0, 20, 95, $color, $font, 'Last Login:'); imagettftext($image , $fontsize, 0, 100, 95, $color, $font, (($player->getLastLogin() > 0) ? date("j F Y, g:i a", $player->getLastLogin()) : 'Never logged in.')); diff --git a/tools/validate.php b/tools/validate.php index ff2d77d5..5cfe3537 100644 --- a/tools/validate.php +++ b/tools/validate.php @@ -1,7 +1,7 @@