mirror of
https://github.com/slawkens/myaac.git
synced 2025-09-14 12:33:35 +02:00
Compare commits
52 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
016138ab55 | ||
|
|
77efb80a12 | ||
|
|
02eea950e4 | ||
|
|
2793c41655 | ||
|
|
62d3c198d5 | ||
|
|
ef62b53cec | ||
|
|
7181b988e9 | ||
|
|
8b0b123f42 | ||
|
|
f98332c698 | ||
|
|
b1660bf27a | ||
|
|
191ad25eb2 | ||
|
|
7469be6efb | ||
|
|
47a3bfd265 | ||
|
|
5ae0be2323 | ||
|
|
42154d55a0 | ||
|
|
9dcc08ee6e | ||
|
|
ba537b42bb | ||
|
|
9c318f9012 | ||
|
|
a88103a956 | ||
|
|
e26e6f3a1c | ||
|
|
08d67a07e0 | ||
|
|
6e9a89cb2e | ||
|
|
e3aa3d4031 | ||
|
|
156a68f8bd | ||
|
|
6a28da5d33 | ||
|
|
ee32384dca | ||
|
|
19afd73e8a | ||
|
|
eead6a2975 | ||
|
|
11b11dd3ee | ||
|
|
483155cf4c | ||
|
|
55dbade8d5 | ||
|
|
d1bc63d07a | ||
|
|
83a91ec540 | ||
|
|
7b43c972dd | ||
|
|
3fdf1d3f44 | ||
|
|
764db0c203 | ||
|
|
538076bc45 | ||
|
|
4327b66f91 | ||
|
|
3f27724569 | ||
|
|
9c0c2bbece | ||
|
|
946144016b | ||
|
|
5c3b01aca4 | ||
|
|
50983a2b85 | ||
|
|
765886f0c7 | ||
|
|
8ea78a5852 | ||
|
|
063cbab93e | ||
|
|
f1670f4012 | ||
|
|
6fcf0f7117 | ||
|
|
7a07763625 | ||
|
|
8d2172a649 | ||
|
|
b8f65207b6 | ||
|
|
ea675afe86 |
2
.github/workflows/phplint.yml
vendored
2
.github/workflows/phplint.yml
vendored
@@ -10,7 +10,7 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: overtrue/phplint@7.4
|
||||
- uses: overtrue/phplint@3.4.0
|
||||
with:
|
||||
path: .
|
||||
options: --exclude="system/libs/polyfill-mbstring/bootstrap80.php"
|
||||
|
||||
8
.gitignore
vendored
8
.gitignore
vendored
@@ -11,10 +11,12 @@ vendor
|
||||
|
||||
# npm
|
||||
node_modules
|
||||
tools/ext
|
||||
|
||||
# cypress
|
||||
cypress.env.json
|
||||
cypress/e2e/2-advanced-examples
|
||||
cypress/screenshots
|
||||
|
||||
# created by release.sh
|
||||
releases
|
||||
@@ -35,6 +37,12 @@ images/guilds/*
|
||||
images/editor/*
|
||||
!images/editor/index.html
|
||||
|
||||
# gallery images
|
||||
images/gallery/*
|
||||
!images/gallery/index.html
|
||||
!images/gallery/demon.jpg
|
||||
!images/gallery/demon_thumb.gif
|
||||
|
||||
# cache
|
||||
system/cache/*
|
||||
!system/cache/index.html
|
||||
|
||||
48
CHANGELOG.md
48
CHANGELOG.md
@@ -1,5 +1,53 @@
|
||||
# Changelog
|
||||
|
||||
## [0.8.17 - 15.04.2024]
|
||||
|
||||
### Added
|
||||
* TwigTypeCastingExtension (https://github.com/slawkens/myaac/commit/7181b988e9518320d57486670ca4e2d3b2fe1cfa)
|
||||
|
||||
### Fixed
|
||||
* fix XSS in creatures.php (https://github.com/slawkens/myaac/commit/02eea950e4fd756e8d5c32e56181986d51f5ac70, @gesior)
|
||||
* don't allow redirect to external website (https://github.com/slawkens/myaac/commit/ef62b53cec5a479cc85aa15940ad9ebbcefde876)
|
||||
* change_info if account_country is disabled (https://github.com/slawkens/myaac/commit/62d3c198d567541a90900fe2d7ede070e7b1ff68)
|
||||
|
||||
### Changed
|
||||
* use word-break: break-all in guilds description + character comment (https://github.com/slawkens/myaac/commit/191ad25eb2d4c1cec6f6668da7a345fec0ad2a7f)
|
||||
* set default status_ip to 127.0.0.1, most server are hosted locally anyway (https://github.com/slawkens/myaac/commit/2793c41655b47f7db295143a298ccda70f11462b)
|
||||
|
||||
## [0.8.16 - 12.02.2024]
|
||||
|
||||
### Fixed
|
||||
* broken installation
|
||||
* database and finish step warnings/errors (https://github.com/slawkens/myaac/pull/245, @danilopucci)
|
||||
* silently ignore if the hook does not exist
|
||||
|
||||
## [0.8.15 - 09.12.2023]
|
||||
|
||||
More security fixes, especially in bugtracker.
|
||||
|
||||
## [0-8.14 - 27.11.2023]
|
||||
Security fixes.
|
||||
|
||||
### Fixed
|
||||
* XSS vulnerability in bugtracker (https://github.com/slawkens/myaac/commit/83a91ec540072d319dd338abff45f8d5ebf48190)
|
||||
* XSS vulnerability in forum (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc + https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)
|
||||
* Session Fixation (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)
|
||||
* displaying ban info on account page (https://github.com/slawkens/myaac/commit/764db0c203d1826ffce3a5a78f83a97e56bd0685)
|
||||
|
||||
### Changed
|
||||
* Clear some additional cache keys - like database cache (https://github.com/slawkens/myaac/commit/4327b66f915d06dce504211692173606b9ef3b4e)
|
||||
|
||||
## [0.8.13 - 16.09.2023]
|
||||
|
||||
### Added
|
||||
* latest client versions to config (https://github.com/slawkens/myaac/commit/765886f0c782807400c429577cde5e45bd7c308f)
|
||||
* patching from develop - twig context for hooks (https://github.com/slawkens/myaac/commit/f1670f4012cc7595433fe0b1937c1f9b15a60b07)
|
||||
|
||||
### Fixed
|
||||
* fixed XSS vulnerability in some pages (https://github.com/slawkens/myaac/commit/5c3b01aca4f3cfe8abc86b8ce48194b2da87b808)
|
||||
|
||||
Nothing more or less!
|
||||
|
||||
## [0.8.12 - 07.08.2023]
|
||||
I've moved the repository back to my personal account. (Just so you know!)
|
||||
|
||||
|
||||
38
README.md
38
README.md
@@ -1,24 +1,29 @@
|
||||
# [MyAAC](https://my-aac.org)
|
||||
|
||||
[](https://travis-ci.org/github/slawkens/myaac)
|
||||
[](https://opensource.org/licenses/gpl-license)
|
||||
[](https://github.com/slawkens/myaac/releases)
|
||||
[](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
|
||||
[](https://discord.gg/2J39Wus)
|
||||
[](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
|
||||
|
||||
MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
|
||||
|
||||
Official website: https://my-aac.org
|
||||
|
||||
[](https://github.com/slawkens/myaac/actions)
|
||||
[](https://opensource.org/licenses/gpl-license)
|
||||
[](https://github.com/slawkens/myaac/releases)
|
||||
[](https://discord.gg/2J39Wus)
|
||||
[](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
|
||||
|
||||
| Version | Status | Branch | Requirements |
|
||||
|:--------|:-----------------------|:--------|:---------------|
|
||||
| **1.x** | **Active development** | develop | **PHP >= 8.1** |
|
||||
| 0.9.x | Not developed anymore | 0.9 | PHP >= 7.2.5 |
|
||||
| 0.8.x | Active support | master | PHP >= 7.2.5 |
|
||||
| 0.7.x | End Of Life | 0.7 | PHP >= 5.3.3 |
|
||||
|
||||
### Requirements
|
||||
|
||||
- PHP 7.2.5 or later
|
||||
- MySQL database
|
||||
- PDO PHP Extension
|
||||
- XML PHP Extension
|
||||
- ZIP PHP Extension
|
||||
- (optional) mod_rewrite to use friendly_urls
|
||||
- PHP Extensions: pdo, xml, json
|
||||
- (optional) apache2 mod_rewrite (to use friendly_urls)
|
||||
- (optional) zip PHP Extension (to install plugins)
|
||||
- (optional) gd PHP Extension (for generating signature images)
|
||||
|
||||
### Installation
|
||||
|
||||
@@ -42,7 +47,8 @@ Official website: https://my-aac.org
|
||||
|
||||
### Configuration
|
||||
|
||||
Check *config.php* to get more informations.
|
||||
Check *config.php* to get more informations. (Notice: MyAAC 1.0+ doesn't use config.php anymore, it has been moved to Admin Panel - Settings page).
|
||||
|
||||
Use *config.local.php* for your local configuration changes.
|
||||
|
||||
### Branches
|
||||
@@ -73,6 +79,12 @@ Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our w
|
||||
|
||||
If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
|
||||
|
||||
## Project supported by JetBrains
|
||||
|
||||
Many thanks to Jetbrains for kindly providing a license for me to work on this and other open-source projects.
|
||||
|
||||
[](https://www.jetbrains.com/?from=https://github.com/slawkens)
|
||||
|
||||
### License
|
||||
|
||||
This program and all associated files are released under the GNU Public License.
|
||||
|
||||
16
SECURITY.md
Normal file
16
SECURITY.md
Normal file
@@ -0,0 +1,16 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 1.x.y | :white_check_mark: |
|
||||
| 0.9.x | :x: |
|
||||
| 0.8.x | :white_check_mark: |
|
||||
| < 0.7 | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you found a security vulnerability, please write an email to security@my-aac.org
|
||||
|
||||
All reports will be taken very seriously, and a fix will be posted as soon as possible.
|
||||
@@ -426,7 +426,7 @@ else if ($id > 0 && isset($account) && $account->isLoaded()) {
|
||||
<div class="box-body">
|
||||
<form action="<?php echo $base; ?>" method="post">
|
||||
<div class="input-group input-group-sm">
|
||||
<input type="text" class="form-control" name="search_name" value="<?php echo $search_account; ?>"
|
||||
<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_account); ?>"
|
||||
maxlength="32" size="32">
|
||||
<span class="input-group-btn">
|
||||
<button type="submit" type="button" class="btn btn-info btn-flat">Search</button>
|
||||
|
||||
@@ -10,8 +10,8 @@
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
$title = 'Load items.xml';
|
||||
|
||||
require LIBS . 'items.php';
|
||||
require LIBS . 'weapons.php';
|
||||
require_once LIBS . 'items.php';
|
||||
require_once LIBS . 'weapons.php';
|
||||
|
||||
$twig->display('admin.items.html.twig');
|
||||
|
||||
|
||||
@@ -784,7 +784,7 @@ else if ($id > 0 && isset($player) && $player->isLoaded())
|
||||
<div class="box-body">
|
||||
<form action="<?php echo $base; ?>" method="post">
|
||||
<div class="input-group input-group-sm">
|
||||
<input type="text" class="form-control" name="search_name" value="<?php echo $search_name; ?>"
|
||||
<input type="text" class="form-control" name="search_name" value="<?php echo escapeHtml($search_name); ?>"
|
||||
maxlength="32" size="32">
|
||||
<span class="input-group-btn">
|
||||
<button type="submit" type="button" class="btn btn-info btn-flat">Search</button>
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
|
||||
|
||||
define('MYAAC', true);
|
||||
define('MYAAC_VERSION', '0.8.12');
|
||||
define('MYAAC_VERSION', '0.8.17');
|
||||
define('DATABASE_VERSION', 33);
|
||||
define('TABLE_PREFIX', 'myaac_');
|
||||
define('START_TIME', microtime(true));
|
||||
@@ -100,6 +100,10 @@ for($i = 1; $i < $size; $i++)
|
||||
$basedir = str_replace(array('/admin', '/install', '/tools'), '', $basedir);
|
||||
define('BASE_DIR', $basedir);
|
||||
|
||||
if (file_exists(BASE . 'config.local.php') && !defined('MYAAC_INSTALL')) {
|
||||
require BASE . 'config.local.php';
|
||||
}
|
||||
|
||||
if(!IS_CLI) {
|
||||
if (isset($_SERVER['HTTP_HOST'][0])) {
|
||||
$baseHost = $_SERVER['HTTP_HOST'];
|
||||
@@ -116,7 +120,8 @@ if(!IS_CLI) {
|
||||
define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
|
||||
|
||||
//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
|
||||
|
||||
if(@$config['env'] === 'dev') {
|
||||
require SYSTEM . 'exception.php';
|
||||
}
|
||||
}
|
||||
require SYSTEM . 'autoload.php';
|
||||
|
||||
@@ -268,9 +268,9 @@ $config = array(
|
||||
|
||||
// status, took automatically from config file if empty
|
||||
'status_enabled' => true, // you can disable status checking by settings this to "false"
|
||||
'status_ip' => '',
|
||||
'status_ip' => '127.0.0.1',
|
||||
'status_port' => '',
|
||||
'status_timeout' => 2, // how long to wait for the initial response from the server (default: 2 seconds)
|
||||
'status_timeout' => 1.0, // how long to wait for the initial response from the server (default: 1 second)
|
||||
|
||||
// how often to connect to server and update status (default: every minute)
|
||||
// if your status timeout in config.lua is bigger, that it will be used instead
|
||||
|
||||
0
images/gallery/index.html
Normal file
0
images/gallery/index.html
Normal file
@@ -11,8 +11,10 @@ $error = false;
|
||||
require BASE . 'install/includes/config.php';
|
||||
|
||||
ini_set('max_execution_time', 300);
|
||||
|
||||
@ob_end_flush();
|
||||
ob_implicit_flush();
|
||||
ob_end_flush();
|
||||
|
||||
header('X-Accel-Buffering: no');
|
||||
|
||||
if(!$error) {
|
||||
|
||||
@@ -8,8 +8,10 @@ require BASE . 'install/includes/functions.php';
|
||||
require BASE . 'install/includes/locale.php';
|
||||
|
||||
ini_set('max_execution_time', 300);
|
||||
|
||||
@ob_end_flush();
|
||||
ob_implicit_flush();
|
||||
ob_end_flush();
|
||||
|
||||
header('X-Accel-Buffering: no');
|
||||
|
||||
if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
|
||||
|
||||
@@ -13,9 +13,16 @@ server {
|
||||
return 404;
|
||||
}
|
||||
|
||||
# block .htaccess
|
||||
location ~ /\.ht {
|
||||
location /vendor {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# block .htaccess, CHANGELOG.md, composer.json etc.
|
||||
# this is to prevent finding software versions
|
||||
location ~\.(ht|md|json|dist)$ {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
# block git files and folders
|
||||
@@ -25,7 +32,7 @@ server {
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php;
|
||||
try_files $uri $uri/ /index.php?$query_string;;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
|
||||
@@ -4,12 +4,12 @@ defined('MYAAC') or die('Direct access not allowed!');
|
||||
$reward = config('account_mail_confirmed_reward');
|
||||
|
||||
$hasCoinsColumn = $db->hasColumn('accounts', 'coins');
|
||||
if ($reward['coins'] > 0 && $hasCoinsColumn) {
|
||||
if ($reward['coins'] > 0 && !$hasCoinsColumn) {
|
||||
log_append('email_confirm_error.log', 'accounts.coins column does not exist.');
|
||||
}
|
||||
|
||||
if (!isset($account) || !$account->isLoaded()) {
|
||||
log_append('email_confirm_error.log', 'Account not loaded.');
|
||||
//log_append('email_confirm_error.log', 'Account not loaded.');
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -99,4 +99,10 @@ $config['clients'] = [
|
||||
1291,
|
||||
|
||||
1300,
|
||||
1310,
|
||||
1311,
|
||||
1312,
|
||||
1316,
|
||||
1320,
|
||||
1321,
|
||||
];
|
||||
|
||||
@@ -1146,9 +1146,30 @@ function clearCache()
|
||||
if ($cache->fetch('failed_logins', $tmp))
|
||||
$cache->delete('failed_logins');
|
||||
|
||||
global $template_name;
|
||||
if ($cache->fetch('template_ini' . $template_name, $tmp))
|
||||
$cache->delete('template_ini' . $template_name);
|
||||
foreach (get_templates() as $template) {
|
||||
if ($cache->fetch('template_ini_' . $template, $tmp)) {
|
||||
$cache->delete('template_ini_' . $template);
|
||||
}
|
||||
}
|
||||
|
||||
if ($cache->fetch('template_menus', $tmp)) {
|
||||
$cache->delete('template_menus');
|
||||
}
|
||||
if ($cache->fetch('database_tables', $tmp)) {
|
||||
$cache->delete('database_tables');
|
||||
}
|
||||
if ($cache->fetch('database_columns', $tmp)) {
|
||||
$cache->delete('database_columns');
|
||||
}
|
||||
if ($cache->fetch('database_checksum', $tmp)) {
|
||||
$cache->delete('database_checksum');
|
||||
}
|
||||
if ($cache->fetch('hooks', $tmp)) {
|
||||
$cache->delete('hooks');
|
||||
}
|
||||
if ($cache->fetch('last_kills', $tmp)) {
|
||||
$cache->delete('last_kills');
|
||||
}
|
||||
}
|
||||
|
||||
deleteDirectory(CACHE . 'signatures', ['index.html'], true);
|
||||
@@ -1244,7 +1265,7 @@ function getCustomPage($page, &$success)
|
||||
}
|
||||
|
||||
function escapeHtml($html) {
|
||||
return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
|
||||
return htmlspecialchars($html);
|
||||
}
|
||||
|
||||
function displayErrorBoxWithBackButton($errors, $action = null) {
|
||||
|
||||
36
system/libs/TwigTypeCastingExtension.php
Normal file
36
system/libs/TwigTypeCastingExtension.php
Normal file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace MyAAC\Twig\Extension;
|
||||
|
||||
use Twig\Extension\AbstractExtension;
|
||||
use Twig\TwigFilter;
|
||||
|
||||
final class TwigTypeCastingExtension extends AbstractExtension
|
||||
{
|
||||
/** @return array<int, TwigFilter> */
|
||||
public function getFilters(): array
|
||||
{
|
||||
return [
|
||||
new TwigFilter('int', function ($value) {
|
||||
return (int)$value;
|
||||
}),
|
||||
new TwigFilter('float', function ($value) {
|
||||
return (float)$value;
|
||||
}),
|
||||
new TwigFilter('string', function ($value) {
|
||||
return (string)$value;
|
||||
}),
|
||||
new TwigFilter('bool', function ($value) {
|
||||
return (bool)$value;
|
||||
}),
|
||||
new TwigFilter('array', function (object $value) {
|
||||
return (array)$value;
|
||||
}),
|
||||
new TwigFilter('object', function (array $value) {
|
||||
return (object)$value;
|
||||
}),
|
||||
];
|
||||
}
|
||||
}
|
||||
@@ -74,6 +74,10 @@ class Plugins {
|
||||
if (isset($plugin['hooks'])) {
|
||||
foreach ($plugin['hooks'] as $_name => $info) {
|
||||
if (defined('HOOK_'. $info['type'])) {
|
||||
if (strpos($info['type'], 'HOOK_') !== false) {
|
||||
$info['type'] = str_replace('HOOK_', '', $info['type']);
|
||||
}
|
||||
|
||||
$hook = constant('HOOK_'. $info['type']);
|
||||
$hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']];
|
||||
} else {
|
||||
|
||||
@@ -42,12 +42,6 @@ if(ACTION === 'logout' && !isset($_REQUEST['account_login'])) {
|
||||
|
||||
$logged = false;
|
||||
unset($account_logged);
|
||||
|
||||
if(isset($_REQUEST['redirect']))
|
||||
{
|
||||
header('Location: ' . urldecode($_REQUEST['redirect']));
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -94,6 +88,7 @@ else
|
||||
&& (!isset($t) || $t['attempts'] < 5)
|
||||
)
|
||||
{
|
||||
session_regenerate_id();
|
||||
setSession('account', $account_logged->getId());
|
||||
setSession('password', encrypt(($config_salt_enabled ? $account_logged->getCustomField('salt') : '') . $login_password));
|
||||
if($remember_me) {
|
||||
|
||||
@@ -1,18 +1,3 @@
|
||||
<?php
|
||||
|
||||
if(!$db->hasColumn(TABLE_PREFIX . 'monsters', 'elements')) {
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `elements` TEXT NOT NULL AFTER `immunities`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `pushable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `convinceable`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canpushitems` TINYINT(1) NOT NULL DEFAULT '0' AFTER `pushable`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canpushitems`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonenergy`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonpoison`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `runonhealth` TINYINT(1) NOT NULL DEFAULT '0' AFTER `canwalkonfire`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `hostile` TINYINT(1) NOT NULL DEFAULT '0' AFTER `runonhealth`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `attackable` TINYINT(1) NOT NULL DEFAULT '0' AFTER `hostile`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `rewardboss` TINYINT(1) NOT NULL DEFAULT '0' AFTER `attackable`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `defense` INT(11) NOT NULL DEFAULT '0' AFTER `rewardboss`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `armor` INT(11) NOT NULL DEFAULT '0' AFTER `defense`;");
|
||||
$db->exec("ALTER TABLE `" . TABLE_PREFIX . "monsters` ADD `summons` TEXT NOT NULL AFTER `loot`;");
|
||||
}
|
||||
// removed, but kept for compatibility
|
||||
|
||||
@@ -11,19 +11,28 @@
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
$show_form = true;
|
||||
$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : NULL;
|
||||
$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : NULL;
|
||||
$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : NULL;
|
||||
$new_rlname = isset($_POST['info_rlname']) ? htmlspecialchars(stripslashes($_POST['info_rlname'])) : '';
|
||||
$new_location = isset($_POST['info_location']) ? htmlspecialchars(stripslashes($_POST['info_location'])) : '';
|
||||
$new_country = isset($_POST['info_country']) ? htmlspecialchars(stripslashes($_POST['info_country'])) : '';
|
||||
if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) {
|
||||
if(!isset($config['countries'][$new_country]))
|
||||
if(config('account_country') && !isset($config['countries'][$new_country])) {
|
||||
$errors[] = 'Country is not correct.';
|
||||
}
|
||||
|
||||
if(empty($errors)) {
|
||||
//save data from form
|
||||
$account_logged->setCustomField("rlname", $new_rlname);
|
||||
$account_logged->setCustomField("location", $new_location);
|
||||
$account_logged->setCustomField("country", $new_country);
|
||||
$account_logged->logAction('Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b> and Country to <b>' . $config['countries'][$new_country] . '</b>.');
|
||||
|
||||
$log = 'Changed Real Name to <b>' . $new_rlname . '</b>, Location to <b>' . $new_location . '</b>';
|
||||
if (config('account_country')) {
|
||||
$log .= ' and Country to <b>' . $config['countries'][$new_country] . '</b>';
|
||||
}
|
||||
$log .= '.';
|
||||
|
||||
$account_logged->logAction($log);
|
||||
|
||||
$twig->display('success.html.twig', array(
|
||||
'title' => 'Public Information Changed',
|
||||
'description' => 'Your public information has been changed.'
|
||||
|
||||
@@ -52,9 +52,16 @@ $errors = array();
|
||||
{
|
||||
$redirect = urldecode($_REQUEST['redirect']);
|
||||
|
||||
// should never happen, unless hacker modify the URL
|
||||
if (strpos($_REQUEST['redirect'], BASE_URL) === false) {
|
||||
error('Fatal error: Cannot redirect outside the website.');
|
||||
return;
|
||||
}
|
||||
|
||||
$twig->display('account.redirect.html.twig', array(
|
||||
'redirect' => $redirect
|
||||
));
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -54,7 +54,7 @@ $showed = $post = $reply = false;
|
||||
$value = '<span style="color: blue">[NEW ANSWER]</span>';
|
||||
|
||||
echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].' '.$value.'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.escapeHtml($bug[2]['subject']).' '.$value.'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$light.'"><td><i><b>Posted by</b></i></td><td>';
|
||||
|
||||
foreach($players as $player)
|
||||
@@ -64,7 +64,7 @@ $showed = $post = $reply = false;
|
||||
|
||||
echo '</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2><i><b>Description</b></i></td></tr>';
|
||||
echo '<TR BGCOLOR="'.$light.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$light.'"><td colspan=2>'.nl2br(escapeHtml($bug[2]['text'])).'</td></tr>';
|
||||
echo '</TABLE>';
|
||||
|
||||
$answers = $db->query('SELECT * FROM '.$db->tableName(TABLE_PREFIX . 'bugtracker').' where `account` = '.$_REQUEST['acc'].' and `id` = '.$_REQUEST['id'].' and `type` = 2 order by `reply`');
|
||||
@@ -75,10 +75,10 @@ $showed = $post = $reply = false;
|
||||
else
|
||||
$who = '<span style="color: green">[PLAYER]</span>';
|
||||
|
||||
echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>';
|
||||
echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.escapeHtml($answer['reply']).'</B></TD></TR>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td width=70%><i><b>Posted by</b></i></td><td>'.$who.'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br(escapeHtml($answer['text'])).'</td></tr>';
|
||||
echo '</TABLE>';
|
||||
}
|
||||
if($bug[2]['status'] != 3)
|
||||
@@ -137,7 +137,7 @@ $showed = $post = $reply = false;
|
||||
elseif($report['status'] == 1)
|
||||
$value = '<span style="color: blue">[NEW ANSWER]</span>';
|
||||
|
||||
echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';
|
||||
echo '<TR BGCOLOR="' . getStyle($i) . '"><td width=75%><a href="?subtopic=bugtracker&control=true&id='.$report['id'].'&acc='.$report['account'].'">'.$tags[$report['tag']].' '.escapeHtml($report['subject']).'</a></td><td>'.$value.'</td></tr>';
|
||||
|
||||
$showed=true;
|
||||
$i++;
|
||||
@@ -181,9 +181,9 @@ $showed = $post = $reply = false;
|
||||
$value = '<span style="color: red">[CLOSED]</span>';
|
||||
|
||||
echo '<TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Bug Tracker</B></TD></TR>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.$bug[2]['subject'].' '.$value.'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td width=40%><i><b>Subject</b></i></td><td>'.$tags[$bug[2]['tag']].' '.escapeHtml($bug[2]['subject']).' '.$value.'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($bug[2]['text']).'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br(escapeHtml($bug[2]['text'])).'</td></tr>';
|
||||
echo '</TABLE>';
|
||||
|
||||
$answers = $db->query('SELECT * FROM '.$db->tableName('myaac_bugtracker').' where `account` = '.$account_logged->getId().' and `id` = '.$id.' and `type` = 2 order by `reply`');
|
||||
@@ -194,10 +194,10 @@ $showed = $post = $reply = false;
|
||||
else
|
||||
$who = '<span style="color: green">[YOU]</span>';
|
||||
|
||||
echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.$answer['reply'].'</B></TD></TR>';
|
||||
echo '<br><TABLE BORDER=0 CELLSPACING=1 CELLPADDING=4 WIDTH=100%><TR BGCOLOR='.$config['vdarkborder'].'><TD COLSPAN=2 CLASS=white><B>Answer #'.escapeHtml($answer['reply']).'</B></TD></TR>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td width=70%><i><b>Posted by</b></i></td><td>'.$who.'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$light.'"><td colspan=2><i><b>Description</b></i></td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br($answer['text']).'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$dark.'"><td colspan=2>'.nl2br(escapeHtml($answer['text'])).'</td></tr>';
|
||||
echo '</TABLE>';
|
||||
}
|
||||
if($bug[2]['status'] != 3)
|
||||
@@ -274,7 +274,7 @@ $showed = $post = $reply = false;
|
||||
$bgcolor = $light;
|
||||
}
|
||||
|
||||
echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.$report['subject'].'</a></td><td>'.$value.'</td></tr>';
|
||||
echo '<TR BGCOLOR="'.$bgcolor.'"><td width=75%><a href="?subtopic=bugtracker&id='.$report['id'].'">'.$tags[$report['tag']].' '.escapeHtml($report['subject']).'</a></td><td>'.$value.'</td></tr>';
|
||||
|
||||
$showed=true;
|
||||
}
|
||||
|
||||
@@ -400,7 +400,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
|
||||
'rank' => isset($guild_name) ? $rank_of_player->getName() : null,
|
||||
'link' => isset($guild_name) ? getGuildLink($guild_name) : null
|
||||
),
|
||||
'comment' => !empty($comment) ? wordwrap(nl2br($comment), 60, "<br/>", true) : null,
|
||||
'comment' => !empty($comment) ? nl2br($comment) : null,
|
||||
'skills' => isset($skills) ? $skills : null,
|
||||
'quests_enabled' => $quests_enabled,
|
||||
'quests' => isset($quests) ? $quests : null,
|
||||
|
||||
@@ -157,7 +157,7 @@ if (empty($_REQUEST['creature'])) {
|
||||
echo '</td></tr>';
|
||||
echo '</TABLE>';
|
||||
} else {
|
||||
echo "Monster with name <b>" . $monster_name . "</b> doesn't exist.";
|
||||
echo "Monster with name <b>" . htmlspecialchars($monster_name) . "</b> doesn't exist.";
|
||||
}
|
||||
|
||||
//back button
|
||||
|
||||
@@ -37,6 +37,10 @@ if(Forum::canPost($account_logged))
|
||||
$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
|
||||
$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
|
||||
|
||||
if (!superAdmin()) {
|
||||
$html = 0;
|
||||
}
|
||||
|
||||
$length = strlen($post_topic);
|
||||
if(($length < 1 || $length > 60) && $thread['id'] == $thread['first_post'])
|
||||
$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";
|
||||
|
||||
@@ -33,6 +33,11 @@ if(Forum::canPost($account_logged))
|
||||
$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
|
||||
$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
|
||||
$saved = false;
|
||||
|
||||
if (!superAdmin()) {
|
||||
$html = 0;
|
||||
}
|
||||
|
||||
if(isset($_REQUEST['quote']))
|
||||
{
|
||||
$quoted_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $quote)->fetchAll();
|
||||
|
||||
@@ -26,6 +26,11 @@ if(Forum::canPost($account_logged))
|
||||
$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
|
||||
$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
|
||||
$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
|
||||
|
||||
if (!superAdmin()) {
|
||||
$html = 0;
|
||||
}
|
||||
|
||||
$saved = false;
|
||||
if (isset($_REQUEST['save'])) {
|
||||
$length = strlen($post_topic);
|
||||
|
||||
@@ -25,7 +25,7 @@ if(count($guilds_list) > 0)
|
||||
$description = $guild->getCustomField('description');
|
||||
$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
|
||||
if ($count < $config['guild_description_lines_limit'])
|
||||
$description = wordwrap(nl2br($description), 60, "<br />", true);
|
||||
$description = nl2br($description);
|
||||
|
||||
$guildName = $guild->getName();
|
||||
$guilds[] = array('name' => $guildName, 'logo' => $guild_logo, 'link' => getGuildLink($guildName, false), 'description' => $description);
|
||||
|
||||
@@ -83,7 +83,7 @@ if(empty($guild_logo) || !file_exists('images/guilds/' . $guild_logo))
|
||||
$description = $guild->getCustomField('description');
|
||||
$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
|
||||
if($count < $config['guild_description_lines_limit'])
|
||||
$description = wordwrap(nl2br($description), 60, "<br />", true);
|
||||
$description = nl2br($description);
|
||||
//$description = $description_with_lines;
|
||||
|
||||
$guild_owner = $guild->getOwner();
|
||||
|
||||
@@ -142,7 +142,7 @@
|
||||
{% set rows = rows + 1 %}
|
||||
<tr bgcolor="{{ getStyle(rows) }}">
|
||||
<td valign="top">Comment:</td>
|
||||
<td>{{ comment|raw }}</td>
|
||||
<td style="word-break: break-all">{{ comment|raw }}</td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -44,7 +44,7 @@
|
||||
<img src="images/guilds/{{ guild.logo }}" width="64" height="64">
|
||||
</td>
|
||||
|
||||
<td>
|
||||
<td style="word-break: break-all">
|
||||
<span{% if guild.description is not empty %} valign="top"{% endif %}>
|
||||
<b>{{ guild.name }}</b>{% if isAdmin %}<a href="?subtopic=guilds&action=delete_by_admin&guild={{ guild.name }}"> - Delete this guild (for ADMIN only!)</a>{% endif %}
|
||||
</span>
|
||||
|
||||
@@ -47,7 +47,7 @@
|
||||
<table style="width:100%;">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>
|
||||
<td style="word-break: break-all">
|
||||
<div id="GuildInformationContainer">
|
||||
{% if description is not empty %}
|
||||
{{ description|raw }}
|
||||
|
||||
@@ -24,6 +24,9 @@ if($dev_mode) {
|
||||
}
|
||||
unset($dev_mode);
|
||||
|
||||
require LIBS . 'TwigTypeCastingExtension.php';
|
||||
$twig->addExtension(new MyAAC\Twig\Extension\TwigTypeCastingExtension());
|
||||
|
||||
$function = new TwigFunction('getStyle', function ($i) {
|
||||
return getStyle($i);
|
||||
});
|
||||
@@ -44,15 +47,23 @@ $function = new TwigFunction('getGuildLink', function ($s, $p) {
|
||||
});
|
||||
$twig->addFunction($function);
|
||||
|
||||
$function = new TwigFunction('hook', function ($hook) {
|
||||
$function = new TwigFunction('hook', function ($context, $hook, array $params = []) {
|
||||
global $hooks;
|
||||
|
||||
if(is_string($hook)) {
|
||||
if (defined($hook)) {
|
||||
$hook = constant($hook);
|
||||
}
|
||||
else {
|
||||
// plugin/template has a hook that this version of myaac does not support
|
||||
// just silently return
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$hooks->trigger($hook);
|
||||
});
|
||||
$params['context'] = $context;
|
||||
$hooks->trigger($hook, $params);
|
||||
}, ['needs_context' => true]);
|
||||
$twig->addFunction($function);
|
||||
|
||||
$function = new TwigFunction('config', function ($key) {
|
||||
|
||||
@@ -35,7 +35,7 @@
|
||||
<td>
|
||||
<img src="{{ template_path }}/images/content/headline-bracer-left.gif" />
|
||||
</td>
|
||||
<td style="text-align:center;vertical-align:middle;horizontal-align:center;font-size:17px;font-weight:bold;" >{{ welcome_message }}<br/></td>
|
||||
<td style="text-align:center;vertical-align:middle;horizontal-align:center;font-size:17px;font-weight:bold;" >{{ welcome_message|raw }}<br/></td>
|
||||
<td><img src="{{ template_path }}/images/content/headline-bracer-right.gif" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
@@ -21,7 +21,7 @@ if(isset($config['boxes']))
|
||||
<?php
|
||||
if(PAGE !== 'news') {
|
||||
if(strpos(URI, 'subtopic=') !== false) {
|
||||
$tmp = $_REQUEST['subtopic'];
|
||||
$tmp = escapeHtml($_REQUEST['subtopic']);
|
||||
if($tmp === 'accountmanagement') {
|
||||
$tmp = 'accountmanage';
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user