From e808904f76ca80ed164ea3a21d360d1f5797d054 Mon Sep 17 00:00:00 2001 From: slawkens1 Date: Tue, 2 May 2017 18:05:29 +0200 Subject: [PATCH] Version v0.0.2 * updated forum links to use friendly_urls * some more info will be shown when cannot connect to database * show more error infos when creating character * fixed forum link on newses * fixed spells loading when there's vocation name instead of id * fixed bug when you have changed template but it doesn't exist anymore * fixed vocations with promotion loading * fixed support for gesior pages and templates * added function OTS_Acount:getGroupId() --- .htaccess | 3 + config.php | 2 +- index.php | 2 +- system/functions.php | 133 +++++++++++++++++++++-------- system/init.php | 6 +- system/libs/pot/OTS_Account.php | 63 ++++++++------ system/libs/pot/OTS_DB_MySQL.php | 11 +-- system/pages/accountmanagement.php | 5 +- system/pages/changelog.php | 4 +- system/pages/forum.php | 38 ++++----- system/pages/news.php | 4 +- system/pages/spells.php | 15 +++- system/template.php | 13 ++- system/templates/news.php | 1 - templates/tibiacom/index.php | 102 ++++++++++------------ templates/tibiacom/news.php | 13 +-- 16 files changed, 244 insertions(+), 171 deletions(-) diff --git a/.htaccess b/.htaccess index 13e5791d..274c5988 100644 --- a/.htaccess +++ b/.htaccess @@ -11,6 +11,9 @@ RewriteRule ^images/items/([0-9]+)\.gif$ tools/item.php?id=$1 RewriteRule ^characters/([A-Za-z0-9-_+']+)$ index.php?subtopic=characters&name=$1 RewriteRule ^guilds/([A-Za-z0-9-_+']+)$ index.php?subtopic=guilds&action=show&guild=$1 RewriteRule ^forum/board/([0-9]+)$ index.php?subtopic=forum&action=show_board&id=$1 +RewriteRule ^forum/board/([0-9]+)/([0-9]+)$ index.php?subtopic=forum&action=show_board&id=$1&page=$2 +RewriteRule ^forum/thread/([0-9]+)$ index.php?subtopic=forum&action=show_thread&id=$1 +RewriteRule ^forum/board/([0-9]+)/([0-9]+)$ index.php?subtopic=forum&action=show_thread&id=$1&page=$2 RewriteRule ^account/manage$ index.php?subtopic=accountmanagement RewriteRule ^account/create$ index.php?subtopic=createaccount RewriteRule ^account/lost$ index.php?subtopic=lostaccount diff --git a/config.php b/config.php index abd4d9c0..11ddcc4f 100644 --- a/config.php +++ b/config.php @@ -48,7 +48,7 @@ $config = array( 'site_closed_title' => 'Closed', 'site_closed_message' => 'Server is under maintance, please visit later.

', - 'debug_level' => 0, // 0 - disabled, 1 - show load time, 2 - show db query counter, 3 - both + 'debug_level' => 0, // 0 - disabled, 1 - show load time, 2 - show db query counter, 3 - both, 4 - memory usage, 5 - load time & load time, 6 - queries & memory usage, 7 - all 'language' => 'en', // default language (currently only 'en' available) 'language_allow_change' => false, diff --git a/index.php b/index.php index 306a1e0e..0f432839 100644 --- a/index.php +++ b/index.php @@ -1 +1 @@ - * @copyright 2017 MyAAC * @version 0.0.1 * @link http://my-aac.org */ require_once('common.php'); require_once(BASE . 'config.local.php'); if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed'])) { header('Location: ' . BASE_DIR . '/install/'); die('Setup detected that install/ directory exists. Please visit this url to start MyAAC Installation.
Delete install/ directory if you already installed MyAAC.
Remember to REFRESH this page when you\'re done!'); } // define page visited, so it can be used within events system $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_GET['p']) ? $_GET['p'] : ''); if(empty($page) || preg_match('/[^A-z0-9_\-]/', $page)) $page = 'news'; $page = strtolower($page); define('PAGE', $page); $template_place_holders = array(); // event system require_once(SYSTEM . 'events.php'); $events = new Events(); $events->trigger('STARTUP'); require_once(SYSTEM . 'functions.php'); require_once(SYSTEM . 'init.php'); require_once(SYSTEM . 'login.php'); require_once(SYSTEM . 'status.php'); require_once(SYSTEM . 'template.php'); if($config['views_counter']) require_once(SYSTEM . 'counter.php'); if($config['visitors_counter']) { require_once(SYSTEM . 'libs/visitors.php'); $visitors = new Visitors($config['visitors_counter_ttl']); } // page content loading if(!isset($content[0])) $content = ''; $load_it = true; // check if site has been closed if($config['site_closed']) { if(!admin()) { $title = $config['site_closed_title']; $content .= $config['site_closed_message']; $load_it = false; } if(!$logged) { ob_start(); require(SYSTEM . 'pages/accountmanagement.php'); $content .= ob_get_contents(); ob_end_clean(); $load_it = false; } } if($load_it) { if($config['site_closed'] && admin()) $content .= '

Site is under maintenance (closed mode). Only privileged users can see it.

'; if($config['backward_support']) require(SYSTEM . 'compat_pages.php'); $ignore = false; $file = SYSTEM . 'pages/' . $page . '.php'; if(!@file_exists($file)) { $logged_access = 0; if($logged && $account_logged && $account_logged->isLoaded()) { $logged_access = $account_logged->getAccess(); } $query = $db->query( 'SELECT `title`, `body`, `php`' . ' FROM `' . TABLE_PREFIX . 'pages`' . ' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access)); if($query->rowCount() > 0) // found page { $ignore = true; $query = $query->fetch(); $title = $query['title']; if($query['php'] == '1') // execute it as php code { $tmp = substr($query['body'], 0, 10); if(($pos = strpos($tmp, ' $errno, 'errstr' => $errstr); } set_error_handler('error_handler'); ob_start(); eval($tmp); $content .= ob_get_contents(); ob_end_clean(); restore_error_handler(); if(isset($php_errors[0]) && superAdmin()) { var_dump($php_errors); } } else $content .= $query['body']; // plain html } else { $page = '404'; $file = SYSTEM . 'pages/404.php'; } } ob_start(); if($events->trigger('BEFORE_PAGE')) { if(!$ignore) require($file); } $content .= ob_get_contents(); ob_end_clean(); $events->trigger('AFTER_PAGE'); } $title_full = (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName']; if(file_exists($template_path . '/index.php')) require($template_path . '/index.php'); else if(file_exists($template_path . '/template.php')) // deprecated require($template_path . '/template.php'); else if($config['backward_support'] && file_exists($template_path . '/layout.php')) { // backward support for gesior $SQL = $db; $layout_header = template_header(); $layout_name = $template_path; $main_content = $content; $config['access_admin_panel'] = 2; $group_id_of_acc_logged = 0; if($logged && $account_logged) $group_id_of_acc_logged = $account_logged->getCustomField('group_id'); $config['gifts_system'] = ($config['site']['shop_system'] == 1); //$config['site']['shop_system'] = $config['gifts_system'] ? '1' : '0'; $config['serverinfo_page'] = 1; $config['download_page'] = 1; if($config['forum'] != '') $config['forum_link'] = (strtolower($config['forum']) == 'site' ? internalLayoutLink('forum') : $config['forum']); $config['site'] = &$config; require($template_path . '/layout.php'); } else { // TODO: save more info to log file die('ERROR: Cannot load template.'); } echo '' . "\n"; if(($config['debug_level'] & 1) == 1) echo ''; if(($config['debug_level'] & 2) == 2) echo "\n" . ''; if(($config['debug_level'] & 4) == 4 && function_exists('memory_get_peak_usage')) echo "\n" . ''; $events->trigger('FINISH'); ?> \ No newline at end of file + * @copyright 2017 MyAAC * @version 0.0.1 * @link http://my-aac.org */ require_once('common.php'); require_once(BASE . 'config.local.php'); if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['installed'])) { header('Location: ' . BASE_DIR . '/install/'); die('Setup detected that install/ directory exists. Please visit this url to start MyAAC Installation.
Delete install/ directory if you already installed MyAAC.
Remember to REFRESH this page when you\'re done!'); } // define page visited, so it can be used within events system $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_GET['p']) ? $_GET['p'] : ''); if(empty($page) || preg_match('/[^A-z0-9_\-]/', $page)) $page = 'news'; $page = strtolower($page); define('PAGE', $page); $template_place_holders = array(); // event system require_once(SYSTEM . 'events.php'); $events = new Events(); $events->trigger('STARTUP'); require_once(SYSTEM . 'functions.php'); require_once(SYSTEM . 'init.php'); require_once(SYSTEM . 'login.php'); require_once(SYSTEM . 'status.php'); require_once(SYSTEM . 'template.php'); if($config['views_counter']) require_once(SYSTEM . 'counter.php'); if($config['visitors_counter']) { require_once(SYSTEM . 'libs/visitors.php'); $visitors = new Visitors($config['visitors_counter_ttl']); } // page content loading if(!isset($content[0])) $content = ''; $load_it = true; // check if site has been closed if($config['site_closed']) { if(!admin()) { $title = $config['site_closed_title']; $content .= $config['site_closed_message']; $load_it = false; } if(!$logged) { ob_start(); require(SYSTEM . 'pages/accountmanagement.php'); $content .= ob_get_contents(); ob_end_clean(); $load_it = false; } } if($config['backward_support']) { // backward support for gesior define('INITIALIZED', true); $SQL = $db; $layout_header = template_header(); $layout_name = $template_path; $main_content = $content; $config['access_admin_panel'] = 2; $group_id_of_acc_logged = 0; if($logged && $account_logged) $group_id_of_acc_logged = $account_logged->getGroupId(); $config['site'] = &$config; $config['server'] = &$config['lua']; //$config['gifts_system'] = ($config['site']['shop_system'] == 1); $config['site']['shop_system'] = $config['gifts_system']; $config['serverinfo_page'] = 1; $config['download_page'] = 1; if($config['forum'] != '') $config['forum_link'] = (strtolower($config['forum']) == 'site' ? internalLayoutLink('forum') : $config['forum']); } if($load_it) { if($config['site_closed'] && admin()) $content .= '

Site is under maintenance (closed mode). Only privileged users can see it.

'; if($config['backward_support']) require(SYSTEM . 'compat_pages.php'); $ignore = false; $file = SYSTEM . 'pages/' . $page . '.php'; if(!@file_exists($file)) { $logged_access = 0; if($logged && $account_logged && $account_logged->isLoaded()) { $logged_access = $account_logged->getAccess(); } $query = $db->query( 'SELECT `title`, `body`, `php`' . ' FROM `' . TABLE_PREFIX . 'pages`' . ' WHERE `name` LIKE ' . $db->quote($page) . ' AND `hidden` != 1 AND `access` <= ' . $db->quote($logged_access)); if($query->rowCount() > 0) // found page { $ignore = true; $query = $query->fetch(); $title = $query['title']; if($query['php'] == '1') // execute it as php code { $tmp = substr($query['body'], 0, 10); if(($pos = strpos($tmp, ' $errno, 'errstr' => $errstr); } set_error_handler('error_handler'); ob_start(); eval($tmp); $content .= ob_get_contents(); ob_end_clean(); restore_error_handler(); if(isset($php_errors[0]) && superAdmin()) { var_dump($php_errors); } } else $content .= $query['body']; // plain html } else { $page = '404'; $file = SYSTEM . 'pages/404.php'; } } ob_start(); if($events->trigger('BEFORE_PAGE')) { if(!$ignore) require($file); } if($config['backward_support'] && isset($main_content)) $content .= $main_content; $content .= ob_get_contents(); ob_end_clean(); $events->trigger('AFTER_PAGE'); } $title_full = (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName']; if(file_exists($template_path . '/index.php')) require($template_path . '/index.php'); else if(file_exists($template_path . '/template.php')) // deprecated require($template_path . '/template.php'); else if($config['backward_support'] && file_exists($template_path . '/layout.php')) { require($template_path . '/layout.php'); } else { // TODO: save more info to log file die('ERROR: Cannot load template.'); } echo '' . "\n"; if(($config['debug_level'] & 1) == 1) echo ''; if(($config['debug_level'] & 2) == 2) echo "\n" . ''; if(($config['debug_level'] & 4) == 4 && function_exists('memory_get_peak_usage')) echo "\n" . ''; $events->trigger('FINISH'); ?> \ No newline at end of file diff --git a/system/functions.php b/system/functions.php index 11753cce..02b93e88 100644 --- a/system/functions.php +++ b/system/functions.php @@ -45,6 +45,32 @@ function getPageLink($page, $action = null) } function internalLayoutLink($page, $action = null) {return getPageLink($page, $action);} +function getForumThreadLink($thread_id, $page = NULL) +{ + global $config; + + $url = ''; + if($config['friendly_urls']) + $url = BASE_URL . 'forum/thread/' . (int)$thread_id . (isset($page) ? '/' . $page : ''); + else + $url = BASE_URL . '?subtopic=forum&action=show_thread&id=' . (int)$thread_id . (isset($page) ? '&page=' . $page : ''); + + return $url; +} + +function getForumBoardLink($board_id, $page = NULL) +{ + global $config; + + $url = ''; + if($config['friendly_urls']) + $url = BASE_URL . 'forum/board/' . (int)$board_id . (isset($page) ? '/' . $page : ''); + else + $url = BASE_URL . '?subtopic=forum&action=show_board&id=' . (int)$board_id . (isset($page) ? '&page=' . $page : ''); + + return $url; +} + function getPlayerLink($name, $generate = true) { global $ots, $config; @@ -455,7 +481,7 @@ function check_account_name($name, &$error = '') } //is it valid nick for new char? -function check_name_new_char($name) +function check_name_new_char($name, &$error = '') { global $db, $config; @@ -464,92 +490,127 @@ function check_name_new_char($name) $first_words_blocked = array('admin ', 'administrator ', 'gm ', 'cm ', 'god ','tutor ', "'", '-'); foreach($first_words_blocked as $word) { - if($word == substr($name_lower, 0, strlen($word))) + if($word == substr($name_lower, 0, strlen($word))) { + $error = 'Your name contains blocked words.'; return false; + } } - if(substr($name_lower, -1) == "'" || substr($name_lower, -1) == "-") + if(substr($name_lower, -1) == "'" || substr($name_lower, -1) == "-") { + $error = 'Your name contains illegal characters.'; return false; + } - if(substr($name_lower, 1, 1) == ' ') + if(substr($name_lower, 1, 1) == ' ') { + $error = 'Your name contains illegal space.'; return false; + } - if(substr($name_lower, -2, 1) == " ") + if(substr($name_lower, -2, 1) == " ") { + $error = 'Your name contains illegal space.'; return false; + } - if(strtolower($config['lua']['serverName']) == $name_lower) + if(strtolower($config['lua']['serverName']) == $name_lower) { + $error = 'Your name cannot be same as server name.'; return false; + } $names_blocked = array('admin', 'administrator', 'gm', 'cm', 'god', 'tutor'); foreach($names_blocked as $word) { - if($word == $name_lower) - return false; - } - - $name_length = strlen($name_lower); - for($i = 0; $i < $name_length; $i++) - { - if(isset($name_lower[$i - 1]) && $name_lower[$i - 1] == ' ' && isset($name_lower[$i + 1]) && $name_lower[$i + 1] == ' ') + if($word == $name_lower) { + $error = 'Your name contains blocked words.'; return false; + } } $words_blocked = array('admin', 'administrator', 'gamemaster', 'game master', 'game-master', "game'master", '--', "''","' ", " '", '- ', ' -', "-'", "'-", 'fuck', 'sux', 'suck', 'noob', 'tutor'); foreach($words_blocked as $word) { - if(!(strpos($name_lower, $word) === false)) + if(!(strpos($name_lower, $word) === false)) { + $error = 'Your name contains illegal words.'; return false; + } + } + + $name_length = strlen($name_lower); + for($i = 0; $i < $name_length; $i++) + { + if(isset($name_lower[$i]) && isset($name_lower[$i + 1]) && $name_lower[$i] == $name_lower[$i + 1] && isset($name_lower[$i + 2]) && $name_lower[$i] == $name_lower[$i + 2]) { + $error = 'Your name is invalid.'; + return false; + } } for($i = 0; $i < $name_length; $i++) { - if(isset($name_lower[$i]) && isset($name_lower[$i + 1]) && $name_lower[$i] == $name_lower[$i + 1] && isset($name_lower[$i + 2]) && $name_lower[$i] == $name_lower[$i + 2]) - return false; - } - - for($i = 0; $i < $name_length; $i++) - { - if(isset($name_lower[$i - 1]) && $name_lower[$i - 1] == ' ' && isset($name_lower[$i + 1]) && $name_lower[$i + 1] == ' ') + if(isset($name_lower[$i - 1]) && $name_lower[$i - 1] == ' ' && isset($name_lower[$i + 1]) && $name_lower[$i + 1] == ' ') { + $error = 'Your name contains too many spaces.'; return false; + } } if(isset($config['monsters'])) { - if(in_array($name_lower, $config['monsters'])) + if(in_array($name_lower, $config['monsters'])) { + $error = 'Your name cannot contains monster name.'; return false; + } } $monsters = $db->query( 'SELECT ' . $db->fieldName('name') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'monsters') . ' WHERE ' . $db->fieldName('name') . ' LIKE ' . $db->quote($name_lower)); - if($monsters->rowCount() > 0) + if($monsters->rowCount() > 0) { + $error = 'Your name cannot contains monster name.'; return false; + } $spells_name = $db->query( 'SELECT ' . $db->fieldName('name') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'spells') . ' WHERE ' . $db->fieldName('name') . ' LIKE ' . $db->quote($name_lower)); - if($spells_name->rowCount() > 0) + if($spells_name->rowCount() > 0) { + $error = 'Your name cannot contains spell name.'; return false; + } $spells_words = $db->query( 'SELECT ' . $db->fieldName('words') . ' FROM ' . $db->tableName(TABLE_PREFIX . 'spells') . ' WHERE ' . $db->fieldName('words') . ' = ' . $db->quote($name_lower)); - if($spells_words->rowCount() > 0) + if($spells_words->rowCount() > 0) { + $error = 'Your name cannot contains spell name.'; return false; - - if(isset($config['npc'])) - { - if(in_array($name_lower, $config['npc'])) - return false; } - if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- '") != $name_length) - return false; + if(isset($config['npc'])) + { + if(in_array($name_lower, $config['npc'])) { + $error = 'Your name cannot contains NPC name.'; + return false; + } + } - return preg_match("/[A-z ']{3,28}/", $name); + if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- '") != $name_length) { + $error = 'This name contains invalid letters, words or format. Please use only a-Z, - , \' and space.'; + return false; + } + + if($name_length < 3 || $name_length > 28) { + $error = 'Your name cannot be shorter than 3 characters and longer than 28 characters.'; + return false; + } + + + if(!preg_match("/[A-z ']{3,28}/", $name)) { + $error = 'Your name containst illegal characters.'; + return false; + } + + return true; } function check_rank_name($name) @@ -778,7 +839,7 @@ function template_form() else { $templates = get_templates(); - $cache->set('templates', serialize($templates), 120); + $cache->set('templates', serialize($templates), 30); } } else @@ -815,7 +876,7 @@ function getCreatureName($killer, $showStatus = false, $extendedInfo = false) if(!$showStatus) return $str.''.$player->getName().''; - $str .= ''.$player->getName().''; + $str .= '' . $player->getName() . ''; if($extendedInfo) { $str .= '
'.$player->getLevel().' '.$config['vocations'][$player->getVocation()].''; } diff --git a/system/init.php b/system/init.php index f2fa6ff5..6c982b5a 100644 --- a/system/init.php +++ b/system/init.php @@ -121,10 +121,10 @@ else { $config['vocations'] = array(); foreach($vocations->getElementsByTagName('vocation') as $vocation) { $id = $vocation->getAttribute('id'); - if($id == $vocation->getAttribute('fromvoc')) + //if($id == $vocation->getAttribute('fromvoc')) $config['vocations'][$id] = $vocation->getAttribute('name'); - else - $config['vocations'][$id + 4] = $vocation->getAttribute('name'); + //else + // $config['vocations'][$id] = $vocation->getAttribute('name'); } if($cache->enabled()) { diff --git a/system/libs/pot/OTS_Account.php b/system/libs/pot/OTS_Account.php index 7d54bc99..dc8c8617 100644 --- a/system/libs/pot/OTS_Account.php +++ b/system/libs/pot/OTS_Account.php @@ -167,7 +167,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable public function load($id) { // SELECT query on database - $this->data = $this->db->query('SELECT ' . $this->db->fieldName('id') . ', ' . $this->db->fieldName('name') . ', ' . $this->db->fieldName('password') . ', ' . $this->db->fieldName('salt') . ', ' . $this->db->fieldName('email') . ', ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . $this->db->fieldName('premdays') . ', ' . $this->db->fieldName('lastday') . ', ' . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch(); + $this->data = $this->db->query('SELECT ' . $this->db->fieldName('id') . ', ' . $this->db->fieldName('name') . ', ' . $this->db->fieldName('password') . ', ' . $this->db->fieldName('email') . ', ' . $this->db->fieldName('blocked') . ', ' . $this->db->fieldName('rlname') . ', ' . $this->db->fieldName('location') . ', ' . $this->db->fieldName('web_flags') . ', ' . $this->db->fieldName('premdays') . ', ' . $this->db->fieldName('lastday') . ', ' . $this->db->fieldName('created') . ' FROM ' . $this->db->tableName('accounts') . ' WHERE ' . $this->db->fieldName('id') . ' = ' . (int) $id)->fetch(); } /** @@ -247,13 +247,7 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable } // UPDATE query on database -<<<<<<< .mine $this->db->query('UPDATE `accounts` SET `name` = ' . $this->db->quote($this->data['name']) . ', `password` = ' . $this->db->quote($this->data['password']) . ', `email` = ' . $this->db->quote($this->data['email']) . ', `blocked` = ' . (int) $this->data['blocked'] . ', `rlname` = ' . $this->db->quote($this->data['rlname']) . ', `location` = ' . $this->db->quote($this->data['location']) . ', `web_flags` = ' . (int) $this->data['web_flags'] . ', `premdays` = ' . (int) $this->data['premdays'] . ', `lastday` = ' . (int) $this->data['lastday'] . ' WHERE `id` = ' . $this->data['id']); -||||||| .r19 - $this->db->query('UPDATE ' . $this->db->tableName('accounts') . ' SET ' . $this->db->fieldName('password') . ' = ' . $this->db->quote($this->data['password']) . ', ' . $this->db->fieldName('email') . ' = ' . $this->db->quote($this->data['email']) . ', ' . $this->db->fieldName('blocked') . ' = ' . (int) $this->data['blocked'] . ', ' . $this->db->fieldName('rlname') . ' = ' . $this->db->quote($this->data['rlname']) . ', ' . $this->db->fieldName('location') . ' = ' . $this->db->quote($this->data['location']) . ', ' . $this->db->fieldName('web_flags') . ' = ' . (int) $this->data['web_flags'] . ', ' . $this->db->fieldName('premdays') . ' = ' . (int) $this->data['premdays'] . ', ' . $this->db->fieldName('lastday') . ' = ' . (int) $this->data['lastday'] . ' WHERE ' . $this->db->fieldName('id') . ' = ' . $this->data['id']); -======= - $this->db->query('UPDATE ' . $this->db->tableName('accounts') . ' SET ' . $this->db->fieldName('password') . ' = ' . $this->db->quote($this->data['password']) . ', ' . $this->db->fieldName('salt') . ' = ' . $this->db->quote($this->data['salt']) . ', ' . $this->db->fieldName('email') . ' = ' . $this->db->quote($this->data['email']) . ', ' . $this->db->fieldName('blocked') . ' = ' . (int) $this->data['blocked'] . ', ' . $this->db->fieldName('rlname') . ' = ' . $this->db->quote($this->data['rlname']) . ', ' . $this->db->fieldName('location') . ' = ' . $this->db->quote($this->data['location']) . ', ' . $this->db->fieldName('web_flags') . ' = ' . (int) $this->data['web_flags'] . ', ' . $this->db->fieldName('premdays') . ' = ' . (int) $this->data['premdays'] . ', ' . $this->db->fieldName('lastday') . ' = ' . (int) $this->data['lastday'] . ' WHERE ' . $this->db->fieldName('id') . ' = ' . $this->data['id']); ->>>>>>> .r40 } /** @@ -449,16 +443,6 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable $this->data['password'] = (string) $password; } - public function getSalt() - { - if( !isset($this->data['salt']) ) - { - throw new E_OTS_NotLoaded(); - } - - return $this->data['salt']; - } - public function setSalt($salt) { $this->data['salt'] = (string) $salt; @@ -801,20 +785,20 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable */ public function getAccess() { + global $groups; + if(!isset($groups)) + $groups = new OTS_Groups_List(); + // by default $access = 0; if(fieldExist('group_id', 'accounts')) { $query = $this->db->query('SELECT `group_id` FROM `accounts` WHERE `id` = ' . (int) $this->getId())->fetch(); // if anything was found - if(isset($query['group_id'])) - $access = $query['group_id']; - - return $access; - } - global $groups; - if(!isset($groups)) - $groups = new OTS_Groups_List(); + $group = $groups->getGroup($query['group_id']); + if(!$group) return 0; + return $group->getAccess(); + } // finds groups of all characters foreach( $this->getPlayersList() as $player) @@ -831,6 +815,35 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable return $access; } + public function getGroupId() + { + global $groups; + if(!isset($groups)) + $groups = new OTS_Groups_List(); + + $group_id = 0; + if(fieldExist('group_id', 'accounts')) { + $query = $this->db->query('SELECT `group_id` FROM `accounts` WHERE `id` = ' . (int) $this->getId())->fetch(); + // if anything was found + if(isset($query['group_id'])) + return $query['group_id']; + } + + // finds groups of all characters + foreach( $this->getPlayersList() as $player) + { + $group = $player->getGroup(); + + // checks if group's access level is higher then previouls found highest + if( $group->getId() > $group_id) + { + $group_id = $group->getId(); + } + } + + return $group_id; + } + /** * Checks highest access level of account in given guild. * diff --git a/system/libs/pot/OTS_DB_MySQL.php b/system/libs/pot/OTS_DB_MySQL.php index aa40aade..e21bfc6b 100644 --- a/system/libs/pot/OTS_DB_MySQL.php +++ b/system/libs/pot/OTS_DB_MySQL.php @@ -92,16 +92,7 @@ class OTS_DB_MySQL extends OTS_Base_DB $this->prefix = $params['prefix']; } - // PDO constructor - try - { - parent::__construct('mysql:' . implode(';', $dns), $user, $password); - } - catch(PDOException $error) - { - echo 'Can\'t connect to MySQL database.'; - exit; - } + parent::__construct('mysql:' . implode(';', $dns), $user, $password); } /** diff --git a/system/pages/accountmanagement.php b/system/pages/accountmanagement.php index d4111708..1d8b4811 100644 --- a/system/pages/accountmanagement.php +++ b/system/pages/accountmanagement.php @@ -833,8 +833,9 @@ function checkName() if(empty($newchar_errors)) { - if(!check_name_new_char($newchar_name)) - $newchar_errors[] = 'This name contains invalid letters, words or format. Please use only a-Z, - , \' and space.'; + $error = ''; + if(!check_name_new_char($newchar_name, $error)) + $newchar_errors[] = $error; if($newchar_sex != 1 && $newchar_sex != "0") $newchar_errors[] = 'Sex must be equal 0 (female) or 1 (male).'; if(!in_array($newchar_town, $config['character_towns'])) diff --git a/system/pages/changelog.php b/system/pages/changelog.php index b1195bd2..f053c54b 100644 --- a/system/pages/changelog.php +++ b/system/pages/changelog.php @@ -11,8 +11,8 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Changelog'; -$_page = $_GET['page']; -$id = $_GET['id']; +$_page = isset($_GET['page']) ? $_GET['page'] : 0; +$id = isset($_GET['id']) ? $_GET['id'] : 0; $limit = 30; $offset = $_page * $limit; ?> diff --git a/system/pages/forum.php b/system/pages/forum.php index 7a39fb1f..a006b00b 100644 --- a/system/pages/forum.php +++ b/system/pages/forum.php @@ -138,7 +138,7 @@ if(empty($action)) foreach($sections as $id => $section) { $last_post = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`section` = ".(int) $id." AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch(); - echo ''.$section['name'].'
'.$section['description'].''.(int) (isset($counters[$id]['posts']) ? $counters[$id]['posts'] : 0).''.(int) (isset($counters[$id]['threads']) ? $counters[$id]['threads'] : 0).''; + echo ''.$section['name'].'
'.$section['description'].''.(int) (isset($counters[$id]['posts']) ? $counters[$id]['posts'] : 0).''.(int) (isset($counters[$id]['threads']) ? $counters[$id]['threads'] : 0).''; if(isset($last_post['name'])) echo date('d.m.y H:i:s', $last_post['post_date']).'
by ' . getPlayerLink($last_post['name']); else @@ -158,11 +158,11 @@ if($action == 'show_board') for($i = 0; $i < $threads_count['threads_count'] / $config['forum_threads_per_page']; $i++) { if($i != $_page) - $links_to_pages .= ''.($i + 1).' '; + $links_to_pages .= ''.($i + 1).' '; else $links_to_pages .= ''.($i + 1).' '; } - echo 'Boards >> '.$sections[$section_id]['name'].''; + echo 'Boards >> '.$sections[$section_id]['name'].''; if(!$sections[$section_id]['closed'] || Forum::isModerator()) { echo '

@@ -182,7 +182,7 @@ if($action == 'show_board') echo '[MOVE]'; echo '[REMOVE] '; } - echo ''.htmlspecialchars($thread['post_topic']).'
'.htmlspecialchars(substr($thread['post_text'], 0, 50)).'...' . getPlayerLink($thread['name']) . ''.(int) $thread['replies'].''.(int) $thread['views'].''; + echo ''.htmlspecialchars($thread['post_topic']).'
'.htmlspecialchars(substr($thread['post_text'], 0, 50)).'...' . getPlayerLink($thread['name']) . ''.(int) $thread['replies'].''.(int) $thread['views'].''; if($thread['last_post'] > 0) { $last_post = $db->query("SELECT `players`.`name`, `" . TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch(); @@ -214,14 +214,14 @@ if($action == 'show_thread') for($i = 0; $i < $posts_count['posts_count'] / $config['forum_threads_per_page']; $i++) { if($i != $_page) - $links_to_pages .= ''.($i + 1).' '; + $links_to_pages .= ''.($i + 1).' '; else $links_to_pages .= ''.($i + 1).' '; } $threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `players`.`account_id`, `players`.`vocation`" . (fieldExist('promotion', 'players') ? ", `players`.`promotion`" : "") . ", `players`.`level`, `" . TABLE_PREFIX . "forum`.`id`,`" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`section`,`" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_date`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`last_edit_aid`, `" . TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." ORDER BY `" . TABLE_PREFIX . "forum`.`post_date` LIMIT ".$config['forum_posts_per_page']." OFFSET ".($_page * $config['forum_posts_per_page']))->fetchAll(); if(isset($threads[0]['name'])) $db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id); - echo 'Boards >> '.$sections[$threads[0]['section']]['name'].' >> '.$thread_name['post_topic'].''; + echo 'Boards >> '.$sections[$threads[0]['section']]['name'].' >> '.$thread_name['post_topic'].''; echo '



Page: '.$links_to_pages.'
'; $player = $ots->createObject('Player'); foreach($threads as $thread) @@ -296,14 +296,14 @@ if($action == 'remove_post') if($post['id'] == $post['first_post']) { $db->query("DELETE FROM `" . TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']); - header('Location: ?subtopic=forum&action=show_board&id='.$post['section']); + header('Location: ' . getForumBoardLink($post['section'])); } else { $post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch(); $_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1; $db->query("DELETE FROM `" . TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']); - header('Location: ?subtopic=forum&action=show_thread&id='.$post['first_post'].'&page='.(int) $_page); + header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page)); } } else @@ -319,7 +319,7 @@ if($action == 'new_post') $players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll(); $thread_id = (int) $_REQUEST['thread_id']; $thread = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id." LIMIT 1")->fetch(); - echo 'Boards >> '.$sections[$thread['section']]['name'].' >> '.$thread['post_topic'].' >> Post new reply

'.$thread['post_topic'].'

'; + echo 'Boards >> '.$sections[$thread['section']]['name'].' >> '.$thread['post_topic'].' >> Post new reply

'.$thread['post_topic'].'

'; if(isset($thread['id'])) { $quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL; @@ -374,8 +374,8 @@ if($action == 'new_post') $db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `replies`=`replies`+1, `last_post`=".time()." WHERE `id` = ".(int) $thread_id); $post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".time()." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id'])->fetch(); $_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1; - header('Location: ?subtopic=forum&action=show_thread&id='.$thread_id.'&page='.$_page); - echo '
Thank you for posting.
GO BACK TO LAST THREAD'; + header('Location: ' . getForumThreadLink($thread_id, $_page)); + echo '
Thank you for posting.
GO BACK TO LAST THREAD'; } } if(!$saved) @@ -435,7 +435,7 @@ if($action == 'edit_post') if(isset($thread['id'])) { $first_post = $db->query("SELECT `" . TABLE_PREFIX . "forum`.`author_guid`, `" . TABLE_PREFIX . "forum`.`author_aid`, `" . TABLE_PREFIX . "forum`.`first_post`, `" . TABLE_PREFIX . "forum`.`post_topic`, `" . TABLE_PREFIX . "forum`.`post_text`, `" . TABLE_PREFIX . "forum`.`post_smile`, `" . TABLE_PREFIX . "forum`.`id`, `" . TABLE_PREFIX . "forum`.`section` FROM `" . TABLE_PREFIX . "forum` WHERE `" . TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch(); - echo 'Boards >> '.$sections[$thread['section']]['name'].' >> '.$first_post['post_topic'].' >> Edit post'; + echo 'Boards >> '.$sections[$thread['section']]['name'].' >> '.$first_post['post_topic'].' >> Edit post'; if($account_logged->getId() == $thread['author_aid'] || Forum::isModerator()) { $players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll(); @@ -483,8 +483,8 @@ if($action == 'edit_post') $db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `author_guid` = ".(int) $char_id.", `post_text` = ".$db->quote($text).", `post_topic` = ".$db->quote($post_topic).", `post_smile` = ".(int) $smile.", `last_edit_aid` = ".(int) $account_logged->getId().",`edit_date` = ".time()." WHERE `id` = ".(int) $thread['id']); $post_page = $db->query("SELECT COUNT(`" . TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . TABLE_PREFIX . "forum`.`author_guid` AND `" . TABLE_PREFIX . "forum`.`post_date` <= ".$thread['post_date']." AND `" . TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['first_post'])->fetch(); $_page = (int) ceil($post_page['posts_count'] / $config['forum_threads_per_page']) - 1; - header('Location: ?subtopic=forum&action=show_thread&id='.$thread['first_post'].'&page='.$_page); - echo '
Thank you for editing post.
GO BACK TO LAST THREAD'; + header('Location: ' . getForumThreadLink($thread['first_post'], $_page)); + echo '
Thank you for editing post.
GO BACK TO LAST THREAD'; } } else @@ -531,7 +531,7 @@ if($action == 'new_topic') { $players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll(); $section_id = (int) $_REQUEST['section_id']; - echo 'Boards >> '.$sections[$section_id]['name'].' >> Post new thread
'; + echo 'Boards >> '.$sections[$section_id]['name'].' >> Post new thread
'; if(isset($sections[$section_id]['name'])) { if($sections[$section_id]['closed'] && !Forum::isModerator()) @@ -590,8 +590,8 @@ if($action == 'new_topic') $db->query("INSERT INTO `" . TABLE_PREFIX . "forum` (`id` ,`first_post` ,`last_post` ,`section` ,`replies` ,`views` ,`author_aid` ,`author_guid` ,`post_text` ,`post_topic` ,`post_smile` ,`post_date` ,`last_edit_aid` ,`edit_date`, `post_ip`) VALUES ('null', '0', '".time()."', '".(int) $section_id."', '0', '0', '".$account_logged->getId()."', '".(int) $char_id."', ".$db->quote($text).", ".$db->quote($post_topic).", '".(int) $smile."', '".time()."', '0', '0', '".$_SERVER['REMOTE_ADDR']."')"); $thread_id = $db->lastInsertId(); $db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `first_post`=".(int) $thread_id." WHERE `id` = ".(int) $thread_id); - header('Location: ?subtopic=forum&action=show_thread&id='.$thread_id); - echo '
Thank you for posting.
GO BACK TO LAST THREAD'; + header('Location: ' . getForumThreadLink($thread_id)); + echo '
Thank you for posting.
GO BACK TO LAST THREAD'; } } if(!$saved) @@ -648,7 +648,7 @@ if($action == 'move_thread')
Select the new board:  - +
'.htmlspecialchars($thread_name['post_topic']).'
by ' . getPlayerLink($thread_name['name']) . '
Author 
'; } } @@ -672,7 +672,7 @@ if($action == 'moved_thread') { $db->query("UPDATE `" . TABLE_PREFIX . "forum` SET `section` = ".$board." WHERE `id` = ".$post['id']."") or die(mysql_error()); $nPost = $db->query( 'SELECT `section` FROM `' . TABLE_PREFIX . 'forum` WHERE `id` = \''.$id.'\' LIMIT 1;' )->fetch(); - header('Location: ?subtopic=forum&action=show_board&id='.$nPost['section']); + header('Location: ' . getForumBoardLink($nPost['section'])); } } else diff --git a/system/pages/news.php b/system/pages/news.php index 62fee7fd..6d187c38 100644 --- a/system/pages/news.php +++ b/system/pages/news.php @@ -48,7 +48,7 @@ if(isset($_GET['archive'])) $author = $query['name']; } - echo news_parse($news['title'], $news['body'], $news['date'], $categories[$news['category']]['icon_id'], $config['news_author'] ? $author : '', $news['comments']); + echo news_parse($news['title'], $news['body'], $news['date'], $categories[$news['category']]['icon_id'], $config['news_author'] ? $author : '', getForumThreadLink($news['comments'])); } else echo 'This news doesn\'t exist or is hidden.
'; @@ -444,7 +444,7 @@ if(!$news_cached) '; } - echo news_parse($news['title'], $news['body'] . $admin_options, $news['date'], $categories[$news['category']]['icon_id'], $config['news_author'] ? $author : '', $news['comments']); + echo news_parse($news['title'], $news['body'] . $admin_options, $news['date'], $categories[$news['category']]['icon_id'], $config['news_author'] ? $author : '', getForumThreadLink($news['comments'])); } } diff --git a/system/pages/spells.php b/system/pages/spells.php index 8438c62e..1c10e253 100644 --- a/system/pages/spells.php +++ b/system/pages/spells.php @@ -22,6 +22,7 @@ if(isset($_POST['reload_spells']) && $canEdit) foreach($config_vocations as $voc_id => $voc_name) { $vocations_ids[$voc_name] = $voc_id; } + $allspells = new OTS_SpellsList($config['data_path'].'spells/spells.xml'); //add conjure spells $conjurelist = $allspells->getConjuresList(); @@ -89,8 +90,12 @@ if(isset($_POST['reload_spells']) && $canEdit) $nr_of_vocations = count($vocations); $vocations_to_db = ""; $voc_nr = 0; - foreach($vocations as $vocation_to_add_name) { - $vocations_to_db .= $vocation_to_add_name; + foreach($vocations as $vocation_to_add) { + if(check_number($vocation_to_add)) { + $vocations_to_db .= $vocation_to_add; + } + else + $vocations_to_db .= $vocations_ids[$vocation_to_add]; $voc_nr++; if($voc_nr != $nr_of_vocations) { @@ -234,8 +239,10 @@ else $showed_vocations = 0; foreach($spell_vocations as $spell_vocation) { - echo $config_vocations[$spell_vocation]; - $showed_vocations++; + if(isset($config_vocations[$spell_vocation])) { + echo $config_vocations[$spell_vocation]; + $showed_vocations++; + } if($showed_vocations != count($spell_vocations)) echo '
'; } diff --git a/system/template.php b/system/template.php index 916856b1..e53e7a5c 100644 --- a/system/template.php +++ b/system/template.php @@ -26,14 +26,22 @@ if($config['template_allow_change']) } else if(isset($_SESSION['template'])) { - if(!preg_match("/[^A-z0-9_\-]/", $_SESSION['template'])) + if(!preg_match("/[^A-z0-9_\-]/", $_SESSION['template'])) { $template_name = $_SESSION['template']; - else + } + else { $template_name = $config['template']; + } } } $template_path = 'templates/' . $template_name; +if(!file_exists($template_path . '/config.php')) +{ + $template_name = 'kathrine'; + $template_path = 'templates/' . $template_name; +} + $file = $template_path . '/config.ini'; $exists = file_exists($file); if($exists || ($config['backward_support'] && file_exists($template_path . '/layout_config.ini'))) @@ -92,6 +100,7 @@ $template['link_screenshots'] = internalLayoutLink('screenshots'); $template['link_movies'] = internalLayoutLink('movies'); $template['link_serverInfo'] = internalLayoutLink('serverInfo'); $template['link_experienceTable'] = internalLayoutLink('experienceTable'); +$template['link_faq'] = internalLayoutLink('faq'); $template['link_points'] = internalLayoutLink('points'); $template['link_gifts'] = internalLayoutLink('gifts'); $template['link_gifts_history'] = internalLayoutLink('gifts', 'show_history'); diff --git a/system/templates/news.php b/system/templates/news.php index 7aab1e44..8dfff9eb 100644 --- a/system/templates/news.php +++ b/system/templates/news.php @@ -3,7 +3,6 @@ defined('MYAAC') or die('Direct access not allowed!'); function news_parse($title, $content, $date, $icon = 0, $author = '', $comments = '') { global $template_path, $config; - //$tmp = $template_path.'/images/letters/'.$content[0].'.gif'; //if(file_exists($tmp)) { // $firstLetter = ''.$content[0].''; diff --git a/templates/tibiacom/index.php b/templates/tibiacom/index.php index 1345130d..bc367652 100644 --- a/templates/tibiacom/index.php +++ b/templates/tibiacom/index.php @@ -75,16 +75,16 @@ if(isset($config['boxes'])) function LoginButtonAction() { if(loginStatus == "false") { - window.location = ""; + window.location = ""; } else { - window.location = ""; + window.location = ""; } } function LoginstatusTextAction(source) { if(loginStatus == "false") { - window.location = ""; + window.location = ""; } else { - window.location = "&action=logout"; + window.location = ""; } } @@ -204,7 +204,7 @@ if(isset($config['boxes'])) - +