2024-09-27 18:45:33 -05:00
|
|
|
<?php
|
|
|
|
|
2024-09-28 18:33:17 -05:00
|
|
|
/*
|
|
|
|
Setup
|
|
|
|
*/
|
2024-09-27 18:45:33 -05:00
|
|
|
define('SRC', __DIR__ . '/../src');
|
|
|
|
require_once SRC . '/bootstrap.php';
|
|
|
|
|
2024-10-24 18:23:55 -05:00
|
|
|
$r = new Router;
|
2024-09-27 18:45:33 -05:00
|
|
|
|
2024-09-28 18:33:17 -05:00
|
|
|
/*
|
|
|
|
Home
|
|
|
|
*/
|
2024-11-13 20:53:05 -06:00
|
|
|
$r->get('/', function() {
|
|
|
|
if (!user()) redirect('/login');
|
|
|
|
redirect('/world');
|
2024-09-27 18:45:33 -05:00
|
|
|
});
|
|
|
|
|
2024-09-28 18:33:17 -05:00
|
|
|
/*
|
|
|
|
Auth
|
|
|
|
*/
|
2024-11-13 20:53:05 -06:00
|
|
|
$r->get('/register', function() {
|
|
|
|
guest_only();
|
|
|
|
echo render('layouts/basic', ['view' => 'pages/auth/register']);
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->post('/register', function() {
|
|
|
|
guest_only();
|
|
|
|
csrf_ensure();
|
|
|
|
|
|
|
|
$errors = [];
|
|
|
|
|
|
|
|
$u = trim($_POST['u'] ?? '');
|
|
|
|
$e = trim($_POST['e'] ?? '');
|
|
|
|
$p = $_POST['p'] ?? '';
|
|
|
|
|
|
|
|
/*
|
|
|
|
A username is required.
|
|
|
|
A username must be at least 3 characters long and at most 18 characters long.
|
|
|
|
A username must contain only alphanumeric characters and spaces.
|
|
|
|
*/
|
|
|
|
if (empty($u) || strlen($u) < 3 || strlen($u) > 18 || !ctype_alnum(str_replace(' ', '', $u))) {
|
|
|
|
$errors['u'][] = 'Username is required and must be between 3 and 18 characters long and contain only
|
|
|
|
alphanumeric characters and spaces.';
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
An email is required.
|
|
|
|
An email must be at most 255 characters long.
|
|
|
|
An email must be a valid email address.
|
|
|
|
*/
|
|
|
|
if (empty($e) || strlen($e) > 255 || !filter_var($e, FILTER_VALIDATE_EMAIL)) {
|
|
|
|
$errors['e'][] = 'Email is required must be a valid email address.';
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
A password is required.
|
|
|
|
A password must be at least 6 characters long.
|
|
|
|
*/
|
|
|
|
if (empty($p) || strlen($p) < 6) {
|
|
|
|
$errors['p'][] = 'Password is required and must be at least 6 characters long.';
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
A username must be unique.
|
|
|
|
*/
|
|
|
|
if (User::username_exists($u)) {
|
|
|
|
$errors['u'][] = 'Username is already taken.';
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
An email must be unique.
|
|
|
|
*/
|
|
|
|
if (User::email_exists($e)) {
|
|
|
|
$errors['e'][] = 'Email is already taken.';
|
|
|
|
}
|
|
|
|
|
|
|
|
// If there are errors at this point, send them to the page with errors flashed.
|
|
|
|
if (!empty($errors)) {
|
|
|
|
$GLOBALS['form-errors'] = $errors;
|
|
|
|
echo page('auth/register');
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (User::create($u, $e, $p) === false) error_response(400);
|
|
|
|
|
|
|
|
$_SESSION['user'] = serialize(User::find($u));
|
|
|
|
Wallet::create(user()->id);
|
|
|
|
redirect('/character/create-first');
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->get('/login', function() {
|
|
|
|
guest_only();
|
|
|
|
echo render('layouts/basic', ['view' => 'pages/auth/login']);
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->post('/login', function() {
|
|
|
|
guest_only();
|
|
|
|
csrf_ensure();
|
|
|
|
|
|
|
|
$errors = [];
|
|
|
|
|
|
|
|
$u = trim($_POST['u'] ?? '');
|
|
|
|
$p = $_POST['p'] ?? '';
|
|
|
|
|
|
|
|
if (empty($u)) $errors['u'][] = 'Username is required.';
|
|
|
|
if (empty($p)) $errors['p'][] = 'Password is required.';
|
|
|
|
|
|
|
|
// If there are errors at this point, send them to the page with errors flashed.
|
|
|
|
if (!empty($errors)) {
|
|
|
|
$GLOBALS['form-errors'] = $errors;
|
|
|
|
echo render('layouts/basic', ['view' => 'pages/auth/login']);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
$user = User::find($u);
|
|
|
|
if ($user === false || !$user->check_password($p)) {
|
|
|
|
$errors['x'][] = 'Invalid username or password.';
|
|
|
|
$GLOBALS['form-errors'] = $errors;
|
|
|
|
echo render('layouts/basic', ['view' => 'pages/auth/login']);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
$_SESSION['user'] = serialize($user);
|
|
|
|
|
|
|
|
if ($_POST['remember'] ?? false) {
|
|
|
|
$token = token();
|
|
|
|
$expires = strtotime('+30 days');
|
|
|
|
$result = db_query(
|
|
|
|
db_auth(),
|
|
|
|
"INSERT INTO sessions (token, user_id, expires) VALUES (:t, :u, :e)",
|
|
|
|
[':t' => $token, ':u' => user()->id, ':e' => $expires]
|
|
|
|
);
|
|
|
|
if (!$result) error_response(400);
|
|
|
|
set_cookie('remember_me', $token, $expires);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (user()->char_count() === 0) {
|
|
|
|
redirect('/character/create-first');
|
|
|
|
} elseif (!change_user_character(user()->char_id)) {
|
|
|
|
echo "failed to change user character (aclp)";
|
|
|
|
error_response(999);
|
|
|
|
}
|
|
|
|
|
|
|
|
redirect('/');
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->post('/logout', function() {
|
|
|
|
csrf_ensure();
|
|
|
|
session_delete(user()->id);
|
|
|
|
unset($_SESSION['user']);
|
|
|
|
set_cookie('remember_me', '', 1);
|
|
|
|
redirect('/');
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->get('/debug/logout', function() {
|
|
|
|
session_delete(user()->id);
|
|
|
|
unset($_SESSION['user']);
|
|
|
|
set_cookie('remember_me', '', 1);
|
|
|
|
redirect('/');
|
|
|
|
});
|
2024-09-27 18:45:33 -05:00
|
|
|
|
2024-09-28 18:33:17 -05:00
|
|
|
/*
|
|
|
|
Characters
|
|
|
|
*/
|
2024-11-13 20:53:05 -06:00
|
|
|
$r->get('/characters', function() {
|
|
|
|
auth_only_and_must_have_character();
|
|
|
|
|
|
|
|
$GLOBALS['active_nav_tab'] = 'chars';
|
|
|
|
echo page('chars/list', ['chars' => user()->char_list()]);
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->post('/characters', function() {
|
|
|
|
auth_only_and_must_have_character();
|
|
|
|
csrf_ensure();
|
|
|
|
|
|
|
|
$GLOBALS['active_nav_tab'] = 'chars';
|
|
|
|
|
|
|
|
$char_id = (int) ($_POST['char_id'] ?? 0);
|
|
|
|
$action = $_POST['action'] ?? '';
|
|
|
|
|
|
|
|
// If the character ID is not a number, or the action is not a string, return a 400.
|
|
|
|
if (!is_numeric($char_id) || !is_string($action)) error_response(400);
|
|
|
|
|
|
|
|
// If the character ID is 0, return to the list.
|
|
|
|
if ($char_id === 0) {
|
|
|
|
flash('alert_character_list_1', ['', 'No character selected.']);
|
|
|
|
redirect('/characters');
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the action is not one of the allowed actions, return a 400.
|
|
|
|
if (!in_array($action, ['select', 'delete'])) error_response(400);
|
|
|
|
|
|
|
|
// If the action is to select a character, change the user's selected character.
|
|
|
|
if ($action === 'select') {
|
|
|
|
// If the character ID is the current character, do nothing.
|
|
|
|
if ($char_id === user()->char_id || $char_id === 0) {
|
|
|
|
flash('alert_character_list_1', ['info', 'You are already using <b>' . char()->name . '</b>.']);
|
|
|
|
redirect('/characters');
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!Character::belongs_to($char_id, user()->id)) error_response(999);
|
|
|
|
|
|
|
|
change_user_character($char_id);
|
|
|
|
|
|
|
|
flash('alert_character_list_1', ['success', 'Switched to <b>' . char()->name . '</b>!']);
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the action is to delete a character, move to the confirmation page.
|
|
|
|
if ($action === 'delete') {
|
|
|
|
if (!Character::belongs_to($char_id, user()->id)) error_response(999);
|
|
|
|
|
|
|
|
echo page('chars/delete', ['char' => Character::find($char_id)]);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
redirect('/characters');
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->get('/character/create-first', function() {
|
|
|
|
auth_only();
|
|
|
|
|
|
|
|
$GLOBALS['active_nav_tab'] = 'chars';
|
|
|
|
|
|
|
|
// If the user already has a character, redirect them to the main page.
|
|
|
|
if (user()->char_count() > 0) redirect('/');
|
|
|
|
|
|
|
|
echo page('chars/first');
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->post('/character/create', function() {
|
|
|
|
auth_only(); csrf_ensure();
|
|
|
|
|
|
|
|
$GLOBALS['active_nav_tab'] = 'chars';
|
|
|
|
|
|
|
|
$errors = [];
|
|
|
|
|
|
|
|
$name = trim($_POST['n'] ?? '');
|
|
|
|
|
|
|
|
/*
|
|
|
|
A name is required.
|
|
|
|
A name must be between 3 and 18 characters.
|
|
|
|
A name must contain only alphanumeric characters and spaces.
|
|
|
|
*/
|
|
|
|
if (empty($name) || strlen($name) < 3 || strlen($name) > 18 || !ctype_alnum(str_replace(' ', '', $name))) {
|
|
|
|
$errors['n'][] = 'Name is required and must be between 3 and 18 characters long and contain only alphanumeric characters and spaces.';
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
A character's name must be unique.
|
|
|
|
*/
|
|
|
|
if (Character::name_exists($name)) $errors['n'][] = 'Name is already taken.';
|
|
|
|
|
|
|
|
// If there are errors at this point, send them to the page with errors flashed.
|
|
|
|
if (!empty($errors)) {
|
|
|
|
$GLOBALS['form-errors-create-character'] = $errors;
|
|
|
|
|
|
|
|
if (isset($_POST['first']) && $_POST['first'] === 'true') {
|
|
|
|
// If this is the first character, return to the first character creation page.
|
|
|
|
echo page('chars/first');
|
|
|
|
exit;
|
|
|
|
} else {
|
|
|
|
// If this is not the first character, return to the character list page.
|
|
|
|
echo page('chars/list', ['chars' => user()->char_list()]);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (($char = Character::create(user()->id, $name)) === false) error_response(400);
|
|
|
|
|
|
|
|
// Create the auxiliary tables
|
|
|
|
$char->create_location();
|
|
|
|
$char->create_gear();
|
|
|
|
|
|
|
|
// Award the Adventurer title.
|
|
|
|
$char->award_title(1);
|
|
|
|
|
|
|
|
// Set the character as the user's selected character
|
|
|
|
change_user_character($char->id);
|
|
|
|
|
|
|
|
flash('alert_character_list_1', ['success', 'Character <b>' . $name . '</b> created!']);
|
|
|
|
redirect('/characters');
|
|
|
|
});
|
|
|
|
|
|
|
|
$r->post('/character/delete', function() {
|
|
|
|
auth_only_and_must_have_character();
|
|
|
|
csrf_ensure();
|
|
|
|
|
|
|
|
$char_id = (int) ($_POST['char_id'] ?? 0);
|
|
|
|
|
|
|
|
// If the character ID is not a number, return a 400.
|
|
|
|
if (!is_numeric($char_id)) error_response(400);
|
|
|
|
|
|
|
|
// Ensure the character ID is valid and belongs to the user.
|
|
|
|
if (!Character::belongs_to($char_id, user()->id)) error_response(999);
|
|
|
|
|
|
|
|
$char = Character::find($char_id);
|
|
|
|
|
|
|
|
// Confirm the name matches the name of the character. CASE SENSITIVE.
|
|
|
|
if ($char['name'] !== trim($_POST['n'] ?? '')) {
|
|
|
|
flash('alert_character_list_1', ['danger', 'Failed to delete <b>' . $char['name'] . '</b>. Name confirmation did not match.']);
|
|
|
|
redirect('/characters');
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete the character
|
|
|
|
Character::delete($char_id);
|
|
|
|
|
|
|
|
// If the character being deleted is the currently selected character, select the first character.
|
|
|
|
if (user()->char_id === $char_id) {
|
|
|
|
$chars = user()->char_list();
|
|
|
|
if (count($chars) > 0) change_user_character($chars[0]['id']);
|
|
|
|
}
|
|
|
|
|
|
|
|
flash('alert_character_list_1', ['danger', 'Character <b>' . $char['name'] . '</b> deleted.']);
|
|
|
|
redirect('/characters');
|
|
|
|
});
|
2024-09-28 18:33:17 -05:00
|
|
|
|
2024-10-10 13:14:14 -05:00
|
|
|
/*
|
|
|
|
World
|
|
|
|
*/
|
2024-11-13 20:53:05 -06:00
|
|
|
$r->get('/world', function() {
|
|
|
|
auth_only_and_must_have_character();
|
|
|
|
echo render('layouts/game');
|
|
|
|
});
|
2024-10-10 13:14:14 -05:00
|
|
|
|
2024-11-13 20:53:05 -06:00
|
|
|
$r->post('/move', function() {
|
|
|
|
/*
|
|
|
|
This endpoint is used to move the character around the world. The client sends a POST request with the direction
|
|
|
|
they want to move the character. The server will update the character's position in the database and return the
|
|
|
|
new position to the client.
|
2024-10-16 22:55:47 -05:00
|
|
|
|
2024-11-13 20:53:05 -06:00
|
|
|
We should only be using this endpoint as an AJAX request from the world page. Since we don't need all the character's
|
|
|
|
data to move them, we can just get and update their lcoation using the user's currently selected character ID.
|
|
|
|
*/
|
2024-10-12 10:46:03 -05:00
|
|
|
|
2024-11-13 20:53:05 -06:00
|
|
|
ajax_only(); auth_only(); csrf_ensure();
|
2024-10-12 10:46:03 -05:00
|
|
|
|
2024-11-13 20:53:05 -06:00
|
|
|
define('directions', [
|
|
|
|
[0, -1], // Up
|
|
|
|
[0, 1], // Down
|
|
|
|
[-1, 0], // Left
|
|
|
|
[1, 0] // Right
|
|
|
|
]);
|
|
|
|
|
|
|
|
// direction must exist
|
|
|
|
$d = (int) $_POST['direction'] ?? -1;
|
|
|
|
|
|
|
|
// Update the character's position
|
|
|
|
// 0 = up, 1 = down, 2 = left, 3 = right
|
|
|
|
$x = location('x');
|
|
|
|
$y = location('y');
|
|
|
|
|
|
|
|
if (isset(directions[$d])) {
|
|
|
|
$x += directions[$d][0];
|
|
|
|
$y += directions[$d][1];
|
|
|
|
} else {
|
|
|
|
error_response(999);
|
|
|
|
}
|
|
|
|
|
|
|
|
$r = db_query(db_live(), 'UPDATE char_locations SET x = :x, y = :y WHERE char_id = :c', [
|
|
|
|
':x' => $x,
|
|
|
|
':y' => $y,
|
|
|
|
':c' => user()->char_id
|
|
|
|
]);
|
|
|
|
|
|
|
|
if ($r === false) throw new Exception('Failed to move character. (wcmp)');
|
|
|
|
|
|
|
|
json_response(['x' => $x, 'y' => $y]);
|
|
|
|
});
|
2024-11-07 11:19:33 -06:00
|
|
|
|
2024-10-23 17:39:48 -05:00
|
|
|
/*
|
2024-11-13 20:53:05 -06:00
|
|
|
UI
|
2024-10-23 17:39:48 -05:00
|
|
|
*/
|
2024-11-13 20:53:05 -06:00
|
|
|
$r->post('/ui/stats', function() {
|
|
|
|
ui_guard();
|
|
|
|
echo c_profile_stats(char());
|
|
|
|
});
|
2024-10-23 17:39:48 -05:00
|
|
|
|
2024-09-28 18:33:17 -05:00
|
|
|
/*
|
|
|
|
Router
|
|
|
|
*/
|
2024-09-27 18:45:33 -05:00
|
|
|
// [code, handler, params]
|
2024-10-05 18:28:04 -05:00
|
|
|
stopwatch_start('router');
|
2024-10-24 18:23:55 -05:00
|
|
|
$l = $r->lookup($_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI']);
|
2024-10-05 18:28:04 -05:00
|
|
|
stopwatch_stop('router');
|
|
|
|
|
2024-10-10 13:14:14 -05:00
|
|
|
stopwatch_start('handler');
|
2024-10-24 18:23:55 -05:00
|
|
|
if ($l['code'] !== 200) error_response($l['code']);
|
2024-09-27 18:45:33 -05:00
|
|
|
$l['handler'](...$l['params'] ?? []);
|
2024-10-10 13:14:14 -05:00
|
|
|
stopwatch_stop('handler');
|
2024-09-28 18:33:17 -05:00
|
|
|
|
|
|
|
/*
|
|
|
|
Cleanup
|
|
|
|
*/
|
2024-09-27 18:45:33 -05:00
|
|
|
clear_flashes();
|