diff --git a/admin/admin.php b/admin/admin.php
index a48585c..02596b2 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -57,7 +57,7 @@ function main() {
if ($diff3mod == "") { $errors++; $errorlist .= "Difficulty 3 value is required. "; }
if ($errors == 0) {
- $query = doquery("UPDATE {{table}} SET gamename='$gamename',gamesize='$gamesize',forumtype='$forumtype',forumaddress='$forumaddress',compression='$compression',class1name='$class1name',class2name='$class2name',class3name='$class3name',diff1name='$diff1name',diff2name='$diff2name',diff3name='$diff3name',diff2mod='$diff2mod',diff3mod='$diff3mod',gameopen='$gameopen' WHERE id='1' LIMIT 1", "control");
+ $query = doquery("UPDATE {{table}} SET gamename='$gamename',gamesize='$gamesize',forumtype='$forumtype',forumaddress='$forumaddress',compression='$compression',class1name='$class1name',class2name='$class2name',class3name='$class3name',diff1name='$diff1name',diff2name='$diff2name',diff3name='$diff3name',diff2mod='$diff2mod',diff3mod='$diff3mod',gameopen='$gameopen',verifyemail='$verifyemail',gameurl='$gameurl',adminemail='$adminemail',shownews='$shownews',showonline='$showonline',showbabble='$showbabble' WHERE id='1' LIMIT 1", "control");
display("Settings updated.","Main Settings");
} else {
display("Errors:
$errorlist
Please go back and try again.", "Main Settings");
@@ -73,10 +73,16 @@ These options control several major settings for the overall game engine. <
Game Open:
Close the game if you are upgrading or working on settings and don't want to cause odd errors for end-users. Closing the game will completely halt all activity.
Game Name:
Default is "Dragon Knight". Change this if you want to change to call your game something different.
+
Game URL:
Please specify the full URL to your game installation ("http://www.server.com/dkpath/index.php"). This gets used in the registration email sent to users. If you leave this field blank or incorrect, users may not be able to register correctly.
+
Admin Email:
Please specify your email address. This gets used when the game has to send an email to users.
Map Size:
Default is 250. This is the size of each map quadrant. Note that monster levels increase every 5 spaces, so you should ensure that you have at least (map size / 5) monster levels total, otherwise there will be parts of the map without any monsters, or some monsters won't ever get used. Ex: with a map size of 250, you should have 50 monster levels total.
Forum Type:
'Disabled' removes the forum link. 'Internal' uses the built-in (and very stripped-down) forum program included with Dragon Knight, if you don't have your own forums software already installed. 'External' uses the address provided below and links to your own forums software.
External Forum:
If the above value is set to 'External,' please specify the complete URL to your forums here.
Page Compression:
Enable page compression if it is supported by your server, and this will greatly reduce the amount of bandwidth required by the game.
+
Email Verification:
Make users verify their email address for added security.
Set to "Blocked" to temporarily (or permanently) ban a user.
@@ -850,6 +864,7 @@ END;
if ($row["authlevel"] == 0) { $row["auth0select"] = "selected=\"selected\" "; } else { $row["auth0select"] = ""; }
if ($row["authlevel"] == 1) { $row["auth1select"] = "selected=\"selected\" "; } else { $row["auth1select"] = ""; }
+ if ($row["authlevel"] == 2) { $row["auth2select"] = "selected=\"selected\" "; } else { $row["auth2select"] = ""; }
if ($row["charclass"] == 1) { $row["class1select"] = "selected=\"selected\" "; } else { $row["class1select"] = ""; }
if ($row["charclass"] == 2) { $row["class2select"] = "selected=\"selected\" "; } else { $row["class2select"] = ""; }
if ($row["charclass"] == 3) { $row["class3select"] = "selected=\"selected\" "; } else { $row["class3select"] = ""; }
diff --git a/config.php b/config.php
index 5900948..ef22de2 100644
--- a/config.php
+++ b/config.php
@@ -10,7 +10,7 @@ $dbsettings = Array(
// These are used for display purposes only. Technically you could change them, but it's not going to
// do anything special. And I'd prefer if you didn't, just to keep things all nice and standardized.
-$version = "1.0.4";
+$version = "1.1.0";
$build = "";
?>
\ No newline at end of file
diff --git a/fight.php b/fight.php
index 3b5d780..8eb1279 100644
--- a/fight.php
+++ b/fight.php
@@ -10,9 +10,14 @@ function fight() { // One big long function that determines the outcome of the f
$userspells = explode(",",$userrow["spells"]);
$spellquery = doquery("SELECT id,name FROM {{table}}", "spells");
while ($spellrow = mysql_fetch_array($spellquery)) {
- if ($userspells[$spellrow["id"]] == 1) {
+ $spell = false;
+ foreach ($userspells as $a => $b) {
+ if ($b == $spellrow["id"]) { $spell = true; }
+ }
+ if ($spell == true) {
$pagearray["magiclist"] .= "\n";
}
+ unset($spell);
}
if ($pagearray["magiclist"] == "") { $pagearray["magiclist"] = "\n"; }
$magiclist = $pagearray["magiclist"];
@@ -180,7 +185,11 @@ function fight() { // One big long function that determines the outcome of the f
$newspellquery = doquery("SELECT * FROM {{table}} WHERE id='$pickedspell' LIMIT 1", "spells");
$newspellrow = mysql_fetch_array($newspellquery);
- if ($userspells[$pickedspell] != 1) { display("You have not yet learned this spell. Please go back and try again.", "Error"); die(); }
+ $spell = false;
+ foreach($userspells as $a => $b) {
+ if ($b == $pickedspell) { $spell = true; }
+ }
+ if ($pickedspell != true) { display("You have not yet learned this spell. Please go back and try again.", "Error"); die(); }
if ($userrow["currentmp"] < $newspellrow["mp"]) { display("You do not have enough Magic Points to cast this spell. Please go back and try again.", "Error"); die(); }
if ($newspellrow["type"] == 1) { // Heal spell.
@@ -379,9 +388,7 @@ function victory() {
$newlevel = $levelrow["id"];
if ($levelrow[$userrow["charclass"]."_spells"] != 0) {
- $userspells = explode(",",$userrow["spells"]);
- $userspells[$levelrow[$userrow["charclass"]."_spells"]] = 1;
- $userspells = implode(",",$userspells);
+ $userspells = $userrow["spells"] .= ",".$levelrow[$userrow["charclass"]."_spells"];
$newspell = "spells='$userspells',";
$spelltext = "You have learned a new spell. ";
} else { $spelltext = ""; $newspell=""; }
diff --git a/heal.php b/heal.php
index d569f6c..24ae715 100644
--- a/heal.php
+++ b/heal.php
@@ -9,7 +9,11 @@ function healspells($id) {
$spellrow = mysql_fetch_array($spellquery);
// All the various ways to error out.
- if ($userspells[$id] != 1) { display("You have not yet learned this spell. Please go back and try again.", "Error"); die(); }
+ $spell = false;
+ foreach ($userspells as $a => $b) {
+ if ($b == $id) { $spell = true; }
+ }
+ if ($spell != true) { display("You have not yet learned this spell. Please go back and try again.", "Error"); die(); }
if ($spellrow["type"] != 1) { display("This is not a healing spell. Please go back and try again.", "Error"); die(); }
if ($userrow["currentmp"] < $spellrow["mp"]) { display("You do not have enough Magic Points to cast this spell. Please go back and try again.", "Error"); die(); }
if ($userrow["currentaction"] == "Fighting") { display("You cannot use the Quick Spells list during a fight. Please go back and select the Healing Spell you wish to use from the Spells box on the main fighting screen to continue.", "Error"); die(); }
diff --git a/index.php b/index.php
index 473e833..ee68d45 100644
--- a/index.php
+++ b/index.php
@@ -4,12 +4,23 @@ if (file_exists('install.php')) { die("Please delete install.php from you
include('lib.php');
include('login.php');
$link = opendb();
-$userrow = checkcookies();
-if ($userrow == false) { header("Location: login.php?do=login"); die(); }
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery);
+// Login (or verify) if not logged in.
+$userrow = checkcookies();
+if ($userrow == false) {
+ if (isset($_GET["do"])) {
+ if ($_GET["do"] == "verify") { header("Location: users.php?do=verify"); die(); }
+ }
+ header("Location: login.php?do=login"); die();
+}
+// Close game.
if ($controlrow["gameopen"] == 0) { display("The game is currently closed for maintanence. Please check back later.","Game Closed"); die(); }
+// Force verify if the user isn't verified yet.
+if ($controlrow["verifyemail"] == 1 && $userrow["verify"] != 1) { header("Location: users.php?do=verify"); die(); }
+// Block user if he/she has been banned.
+if ($userrow["authlevel"] == 2) { die("Your account has been blocked. Please try back later."); }
if (isset($_GET["do"])) {
$do = explode(":",$_GET["do"]);
@@ -35,6 +46,7 @@ if (isset($_GET["do"])) {
elseif ($do[0] == "dead") { include('fight.php'); dead(); }
// Misc functions.
+ elseif ($do[0] == "verify") { header("Location: users.php?do=verify"); die(); }
elseif ($do[0] == "spell") { include('heal.php'); healspells($do[1]); }
elseif ($do[0] == "showchar") { showchar(); }
elseif ($do[0] == "onlinechar") { onlinechar($do[1]); }
@@ -65,22 +77,36 @@ function donothing() {
function dotown() { // Spit out the main town page.
- global $userrow, $numqueries;
+ global $userrow, $controlrow, $numqueries;
$townquery = doquery("SELECT * FROM {{table}} WHERE latitude='".$userrow["latitude"]."' AND longitude='".$userrow["longitude"]."' LIMIT 1", "towns");
if (mysql_num_rows($townquery) == 0) { display("There is an error with your user account, or with the town data. Please try again.","Error"); }
$townrow = mysql_fetch_array($townquery);
// News box. Grab latest news entry and display it. Something a little more graceful coming soon maybe.
- $newsquery = doquery("SELECT * FROM {{table}} ORDER BY id DESC LIMIT 1", "news");
- $newsrow = mysql_fetch_array($newsquery);
- $townrow["news"] = "[".prettydate($newsrow["postdate"])."] ".nl2br($newsrow["content"]);
+ if ($controlrow["shownews"] == 1) {
+ $newsquery = doquery("SELECT * FROM {{table}} ORDER BY id DESC LIMIT 1", "news");
+ $newsrow = mysql_fetch_array($newsquery);
+ $townrow["news"] = "
\n";
+ } else { $townrow["babblebox"] = ""; }
$page = gettemplate("towns");
$page = parsetemplate($page, $townrow);
@@ -146,8 +172,12 @@ function showchar() {
$userspells = explode(",",$userrow["spells"]);
$userrow["magiclist"] = "";
while ($spellrow = mysql_fetch_array($spellquery)) {
- if ($userspells[$spellrow["id"]] == 1) {
- $userrow["magiclist"] .= $spellrow["name"] . " ";
+ $spell = false;
+ foreach($userspells as $a => $b) {
+ if ($b == $spellrow["id"]) { $spell = true; }
+ }
+ if ($spell == true) {
+ $userrow["magiclist"] .= $spellrow["name"]." ";
}
}
if ($userrow["magiclist"] == "") { $userrow["magiclist"] = "None"; }
@@ -197,21 +227,6 @@ function onlinechar($id) {
elseif ($userrow["difficulty"] == 2) { $userrow["difficulty"] = $controlrow["diff2name"]; }
elseif ($userrow["difficulty"] == 3) { $userrow["difficulty"] = $controlrow["diff3name"]; }
- $spellquery = doquery("SELECT id,name FROM {{table}}","spells");
- $userspells = explode(",",$userrow["spells"]);
- $userrow["magiclist"] = "";
- while ($spellrow = mysql_fetch_array($spellquery)) {
- if ($userspells[$spellrow["id"]] == 1) {
- $userrow["magiclist"] .= $spellrow["name"] . " ";
- }
- }
- if ($userrow["magiclist"] == "") { $userrow["magiclist"] = "None"; }
-
- // Make page tags for XHTML validation.
- $xml = "\n"
- . "\n"
- . "\n";
-
$charsheet = gettemplate("onlinechar");
$page = parsetemplate($charsheet, $userrow);
display($page, "Character Information");
diff --git a/install.php b/install.php
index a8d0665..17c701f 100644
--- a/install.php
+++ b/install.php
@@ -94,6 +94,8 @@ CREATE TABLE `$control` (
`gamename` varchar(50) NOT NULL default '',
`gamesize` smallint(5) unsigned NOT NULL default '0',
`gameopen` tinyint(3) unsigned NOT NULL default '0',
+ `gameurl` varchar(200) NOT NULL default '',
+ `adminemail` varchar(100) NOT NULL default '',
`forumtype` tinyint(3) unsigned NOT NULL default '0',
`forumaddress` varchar(200) NOT NULL default '',
`class1name` varchar(50) NOT NULL default '',
@@ -106,14 +108,19 @@ CREATE TABLE `$control` (
`diff3name` varchar(50) NOT NULL default '',
`diff3mod` float unsigned NOT NULL default '0',
`compression` tinyint(3) unsigned NOT NULL default '0',
+ `verifyemail` tinyint(3) unsigned NOT NULL default '0',
+ `shownews` tinyint(3) unsigned NOT NULL default '0',
+ `showbabble` tinyint(3) unsigned NOT NULL default '0',
+ `showonline` tinyint(3) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM;
+
END;
if (dobatch($query) == 1) { echo "Control table created. "; } else { echo "Error creating Control table."; }
unset($query);
$query = <<"; } else { echo "Error populating Control table."; }
unset($query);
@@ -691,8 +698,8 @@ CREATE TABLE `$users` (
`slot2name` varchar(30) NOT NULL default 'None',
`slot3name` varchar(30) NOT NULL default 'None',
`dropcode` mediumint(8) unsigned NOT NULL default '0',
- `spells` varchar(50) NOT NULL default '0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0',
- `towns` varchar(50) NOT NULL default '0,1,0,0,0,0,0,0,0',
+ `spells` varchar(50) NOT NULL default '0,',
+ `towns` varchar(50) NOT NULL default '0,',
PRIMARY KEY (`id`)
) TYPE=MyISAM;
END;
@@ -752,7 +759,7 @@ function fourth() { // Final page: insert new user row, congratulate the person
global $dbsettings;
$users = $dbsettings["prefix"] . "_users";
- $query = mysql_query("INSERT INTO $users SET id='1',username='$username',password='$password',email='$email1',verify='1',charname='$charname',regdate=NOW(),onlinetime=NOW(),authlevel='1'") or die(mysql_error());
+ $query = mysql_query("INSERT INTO $users SET id='1',username='$username',password='$password',email='$email1',verify='1',charname='$charname',charclass='$charclass',regdate=NOW(),onlinetime=NOW(),authlevel='1'") or die(mysql_error());
$page = <<
diff --git a/lib.php b/lib.php
index 446944b..04b396e 100644
--- a/lib.php
+++ b/lib.php
@@ -172,7 +172,11 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
$userspells = explode(",",$userrow["spells"]);
$userrow["magiclist"] = "";
while ($spellrow = mysql_fetch_array($spellquery)) {
- if ($userspells[$spellrow["id"]] == 1 && $spellrow["type"] == 1) {
+ $spell = false;
+ foreach($userspells as $a => $b) {
+ if ($b == $spellrow["id"] && $spellrow["type"] == 1) { $spell = true; }
+ }
+ if ($spell == true) {
$userrow["magiclist"] .= "".$spellrow["name"]." ";
}
}
@@ -183,7 +187,13 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
$townquery2 = doquery("SELECT * FROM {{table}} ORDER BY id", "towns");
$userrow["townslist"] = "";
while ($townrow2 = mysql_fetch_array($townquery2)) {
- if ($townslist[$townrow2["id"]] == 1) { $userrow["townslist"] .= "".$townrow2["name"]." \n"; }
+ $town = false;
+ foreach($townslist as $a => $b) {
+ if ($b == $townrow2["id"]) { $town = true; }
+ }
+ if ($town == true) {
+ $userrow["townslist"] .= "".$townrow2["name"]." \n";
+ }
}
} else {
diff --git a/templates/changepassword.php b/templates/changepassword.php
new file mode 100644
index 0000000..0ef6baf
--- /dev/null
+++ b/templates/changepassword.php
@@ -0,0 +1,14 @@
+
+
+
Use the form below to change your password. All fields are required. New passwords must be 10 alphanumeric characters or less.
+
Username:
+
Old Password:
+
New Password:
+
Verify New Password:
+
+
+
+THEVERYENDOFYOU;
+?>
\ No newline at end of file
diff --git a/templates/leftnav.php b/templates/leftnav.php
index e37744e..8bd3d6b 100644
--- a/templates/leftnav.php
+++ b/templates/leftnav.php
@@ -31,6 +31,7 @@ Travel To:
diff --git a/templates/verify.php b/templates/verify.php
new file mode 100644
index 0000000..3c5d3a7
--- /dev/null
+++ b/templates/verify.php
@@ -0,0 +1,14 @@
+
+
+
Thank you for registering a character. Please enter your username, email address, and the verification code
+that was emailed to you to unlock your character.
+
Username:
+
Email Address:
+
Verification Code:
+
+
+
+THEVERYENDOFYOU;
+?>
\ No newline at end of file
diff --git a/towns.php b/towns.php
index 9980c55..5725f83 100644
--- a/towns.php
+++ b/towns.php
@@ -349,11 +349,16 @@ function travelto($id, $usepoints=true) { // Send a user to a town from the Trav
// If they got here by exploring, add this town to their map.
$mapped = explode(",",$userrow["towns"]);
- if ($mapped[$id] == 0) {
- $mapped[$id] = 1;
- $mapped = "towns='".implode(",",$mapped)."',";
- } else {
- $mapped = "";
+ $town = false;
+ foreach($mapped as $a => $b) {
+ if ($b == $id) { $town = true; }
+ }
+ $mapped = implode(",",$mapped);
+ if ($town == false) {
+ $mapped .= ",$id";
+ $mapped = "towns='".$mapped."',";
+ } else {
+ $mapped = "towns='".$mapped."',";
}
$updatequery = doquery("UPDATE {{table}} SET currentaction='In Town',$mapped currenttp='$newtp',latitude='$newlat',longitude='$newlon' WHERE id='$newid' LIMIT 1", "users");
diff --git a/upgrade_to_110.php b/upgrade_to_110.php
new file mode 100644
index 0000000..d0f1c3f
--- /dev/null
+++ b/upgrade_to_110.php
@@ -0,0 +1,96 @@
+"; } else { echo "Error upgrading Control table."; }
+unset($query);
+
+$query = <<"; } else { echo "Error populating Control table."; }
+unset($query);
+
+$query = mysql_query("SELECT * FROM $users ORDER BY id") or die(mysql_error());
+$errors = 0; $errorlist = "";
+while ($row = mysql_fetch_array($query)) {
+ $id = $row["id"];
+ $oldspells = explode(",",$row["spells"]);
+ $newspells = "0,";
+ $oldtowns = explode(",",$row["towns"]);
+ $newtowns = "0,";
+ foreach($oldspells as $a => $b) {
+ if ($b == 1) { $newspells .= "$a,"; }
+ }
+ $newspells = rtrim($newspells,",");
+ foreach($oldtowns as $c => $d) {
+ if ($d == 1) { $newtowns .= "$c,"; }
+ }
+ $newtowns = rtrim($newtowns,",");
+ $update = mysql_query("UPDATE $users SET spells='$newspells',towns='$newtowns',verify='1' WHERE id='$id' LIMIT 1");
+ if ($update == false) { $errors++; $errorlist .= mysql_error() . " "; } else { echo "User $id upgraded. "; }
+}
+if ($errors != 0) {
+ echo " The following errors occurred while upgrading the users list: $errorlist";
+} else {
+ echo " The upgrade completed successfully. Please log in to the game and visit the control panel to update your main game settings.
You should also delete this file from your Dragon Knight directory for security reasons.";
+}
+
+} else {
+
+ echo "Click the button below to run the upgrade script. ";
+ die();
+
+}
+
+?>
\ No newline at end of file
diff --git a/users.php b/users.php
index af33a7c..7345845 100644
--- a/users.php
+++ b/users.php
@@ -7,6 +7,9 @@ if (isset($_GET["do"])) {
$do = $_GET["do"];
if ($do == "register") { register(); }
+ elseif ($do == "verify") { verify(); }
+ elseif ($do == "lostpassword") { lostpassword(); }
+ elseif ($do == "changepassword") { changepassword(); }
}
@@ -24,33 +27,43 @@ function register() { // Register a new account.
// Process username.
if ($username == "") { $errors++; $errorlist .= "Username field is required. "; }
if (preg_match("/[^A-z0-9_\-]/", $username)==1) { $errors++; $errorlist .= "Username must be alphanumeric. "; } // Thanks to "Carlos Pires" from php.net!
- $usernamequery = mysql_query("SELECT username FROM dk_users WHERE username='$username' LIMIT 1");
+ $usernamequery = doquery("SELECT username FROM {{table}} WHERE username='$username' LIMIT 1","users");
if (mysql_num_rows($usernamequery) > 0) { $errors++; $errorlist .= "Username already taken - unique username required. "; }
// Process email address.
if ($email1 == "" || $email2 == "") { $errors++; $errorlist .= "Email fields are required. "; }
if ($email1 != $email2) { $errors++; $errorlist .= "Emails don't match. "; }
if (! is_email($email1)) { $errors++; $errorlist .= "Email isn't valid. "; }
- $emailquery = mysql_query("SELECT email FROM dk_users WHERE email='$email1' LIMIT 1");
+ $emailquery = doquery("SELECT email FROM {{table}} WHERE email='$email1' LIMIT 1","users");
if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required. "; }
// Process password.
+ if (preg_match("/[^A-z0-9_\-]/", $password1)==1) { $errors++; $errorlist .= "Password must be alphanumeric. "; } // Thanks to "Carlos Pires" from php.net!
if ($password1 != $password2) { $errors++; $errorlist .= "Passwords don't match. "; }
$password = md5($password1);
if ($errors == 0) {
- $verifycode = "";
- for ($i=0; $i<8; $i++) {
- $verifycode .= chr(rand(65,90));
+ if ($controlrow["verifyemail"] == 1) {
+ $verifycode = "";
+ for ($i=0; $i<8; $i++) {
+ $verifycode .= chr(rand(65,90));
+ }
+ } else {
+ $verifycode='1';
}
$query = doquery("INSERT INTO {{table}} SET id='',regdate=NOW(),verify='$verifycode',username='$username',password='$password',email='$email1',charname='$charname',charclass='$charclass',difficulty='$difficulty'", "users") or die(mysql_error());
- //if (sendregmail($email1, $verifycode)) {
- $page = "Your account was created successfully.
You may now continue to the Log In page and start playing ".$controlrow["gamename"]."!";
- //} else {
- // $page = "Your account was created successfully.
However, there was a problem sending your verification email. Please check with the game administrator to help resolve this problem.
You may now continue to the Log In page and start playing ".$controlrow["gamename"]."!";
- //}
+
+ if ($controlrow["verifyemail"] == 1) {
+ if (sendregmail($email1, $verifycode) == true) {
+ $page = "Your account was created successfully.
You should receive an Account Verification email shortly. You will need the verification code contained in that email before you are allowed to log in. Once you have received the email, please visit the Verification Page to enter your code and start playing.";
+ } else {
+ $page = "Your account was created successfully.
However, there was a problem sending your verification email. Please check with the game administrator to help resolve this problem.";
+ }
+ } else {
+ $page = "Your account was created succesfully.
You may now continue to the Login Page and continue playing ".$controlrow["gamename"]."!";
+ }
} else {
@@ -61,6 +74,11 @@ function register() { // Register a new account.
} else {
$page = gettemplate("register");
+ if ($controlrow["verifyemail"] == 1) {
+ $controlrow["verifytext"] = " A verification code will be sent to the address above, and you will not be able to log in without first entering the code. Please be sure to enter your correct email address.";
+ } else {
+ $controlrow["verifytext"] = "";
+ }
$page = parsetemplate($page, $controlrow);
}
@@ -70,30 +88,150 @@ function register() { // Register a new account.
}
-function sendregmail($emailaddress, $vercode) {
+function verify() {
- include('config.php');
- extract($appsettings);
+ if (isset($_POST["submit"])) {
+ extract($_POST);
+ $userquery = doquery("SELECT username,email,verify FROM {{table}} WHERE username='$username' LIMIT 1","users");
+ if (mysql_num_rows($userquery) != 1) { die("No account with that username."); }
+ $userrow = mysql_fetch_array($userquery);
+ if ($userrow["verify"] == 1) { die("Your account is already verified."); }
+ if ($userrow["email"] != $email) { die("Incorrect email address."); }
+ if ($userrow["verify"] != $verify) { die("Incorrect verification code."); }
+ // If we've made it this far, should be safe to update their account.
+ $updatequery = doquery("UPDATE {{table}} SET verify='1' WHERE username='$username' LIMIT 1","users");
+ display("Your account was verified successfully.
You may now continue to the Login Page and start playing the game.
Thanks for playing!","Verify Email",false,false,false);
+ }
+ $page = gettemplate("verify");
+ $topnav = "";
+ display($page, "Verify Email", false, false, false);
- $headers = "";
- $headers .= "From: $adminname<$adminemail>\n";
- $headers .= "X-Sender: <$adminemail>\n";
- $headers .= "Return-Path: $adminname<$adminemail>\n";
- $headers .= "X-Mailer: PHP\n";
+}
+function lostpassword() {
+
+ if (isset($_POST["submit"])) {
+ extract($_POST);
+ $userquery = doquery("SELECT email FROM {{table}} WHERE email='$email' LIMIT 1","users");
+ if (mysql_num_rows($userquery) != 1) { die("No account with that email address."); }
+ $newpass = "";
+ for ($i=0; $i<8; $i++) {
+ $newpass .= chr(rand(65,90));
+ }
+ $md5newpass = md5($newpass);
+ $updatequery = doquery("UPDATE {{table}} SET password='$md5newpass' WHERE email='$email' LIMIT 1","users");
+ if (sendpassemail($email,$newpass) == true) {
+ display("Your new password was emailed to the address you provided.
Once you receive it, you may Log In and continue playing.
Thank you.","Lost Password",false,false,false);
+ } else {
+ display("There was an error sending your new password.
Please check with the game administrator for more information.
We apologize for the inconvience.","Lost Password",false,false,false);
+ }
+ die();
+ }
+ $page = gettemplate("lostpassword");
+ $topnav = "";
+ display($page, "Lost Password", false, false, false);
+
+}
+
+function changepassword() {
+
+ if (isset($_POST["submit"])) {
+ extract($_POST);
+ $userquery = doquery("SELECT * FROM {{table}} WHERE username='$username' LIMIT 1","users");
+ if (mysql_num_rows($userquery) != 1) { die("No account with that username."); }
+ $userrow = mysql_fetch_array($userquery);
+ if ($userrow["password"] != md5($oldpass)) { die("The old password you provided was incorrect."); }
+ if (preg_match("/[^A-z0-9_\-]/", $newpass1)==1) { die("New password must be alphanumeric."); } // Thanks to "Carlos Pires" from php.net!
+ if ($newpass1 != $newpass2) { die("New passwords don't match."); }
+ $realnewpass = md5($newpass1);
+ $updatequery = doquery("UPDATE {{table}} SET password='$realnewpass' WHERE username='$username' LIMIT 1","users");
+ if (isset($_COOKIE["dkgame"])) { setcookie("dkgame", "", time()-100000, "/", "", 0); }
+ display("Your password was changed successfully.
You have been logged out of the game to avoid cookie errors.
Please log back in to continue playing.","Change Password",false,false,false);
+ die();
+ }
+ $page = gettemplate("changepassword");
+ $topnav = "";
+ display($page, "Change Password", false, false, false);
+
+}
+
+function sendpassemail($emailaddress, $password) {
+
+ $controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
+ $controlrow = mysql_fetch_array($controlquery);
+ extract($controlrow);
+
$email = <<
\ No newline at end of file
![\"Log](\"images/button_login.gif\")
![\"Register\"](\"images/button_register.gif\")
![\"Help\"](\"images/button_help.gif\")
";
+ display($page, "Verify Email", false, false, false);
- $headers = "";
- $headers .= "From: $adminname<$adminemail>\n";
- $headers .= "X-Sender: <$adminemail>\n";
- $headers .= "Return-Path: $adminname<$adminemail>\n";
- $headers .= "X-Mailer: PHP\n";
+}
+function lostpassword() {
+
+ if (isset($_POST["submit"])) {
+ extract($_POST);
+ $userquery = doquery("SELECT email FROM {{table}} WHERE email='$email' LIMIT 1","users");
+ if (mysql_num_rows($userquery) != 1) { die("No account with that email address."); }
+ $newpass = "";
+ for ($i=0; $i<8; $i++) {
+ $newpass .= chr(rand(65,90));
+ }
+ $md5newpass = md5($newpass);
+ $updatequery = doquery("UPDATE {{table}} SET password='$md5newpass' WHERE email='$email' LIMIT 1","users");
+ if (sendpassemail($email,$newpass) == true) {
+ display("Your new password was emailed to the address you provided.