### 1.1.3 (5.20.2004) ###
- Fixed several bugs related small bugs related to new version info
location.
- Moved checkcookies() out of login.php, into cookies.php.
- Deleted admin/lib.php, moved requisite functions into standard
lib.php.
- Fixed minor display bug in admin template.
This commit is contained in:
Jamin Blount 2017-02-05 11:01:23 -06:00
parent a70f7ed93d
commit 449297a763
6 changed files with 105 additions and 218 deletions

View File

@ -1,6 +1,7 @@
<?php // admin.php :: primary administration script. <?php // admin.php :: primary administration script.
include('lib.php'); include('../lib.php');
include('../cookies.php');
$link = opendb(); $link = opendb();
$userrow = checkcookies(); $userrow = checkcookies();
if ($userrow == false) { die("Please log in to the <a href=\"../login.php?do=login\">game</a> before using the control panel."); } if ($userrow == false) { die("Please log in to the <a href=\"../login.php?do=login\">game</a> before using the control panel."); }
@ -33,7 +34,7 @@ if (isset($_GET["do"])) {
function donothing() { function donothing() {
$page = "Welcome to the Dragon Knight Administration section. Use the links on the left bar to control and edit various elements of the game.<br /><br />Please note that the control panel has been created mostly as a shortcut for certain individual settings. It is meant for use primarily with editing one thing at a time. If you need to completely replace an entire table (say, to replace all stock monsters with your own new ones), it is suggested that you use a more in-depth database tool such as <a href=\"http://www.phpmyadmin.net\" target=\"_new\">phpMyAdmin</a>. Also, you may want to have a copy of the Dragon Knight development kit, available from the <a href=\"http://dragon.se7enet.com/dev.php\">Dragon Knight homepage</a>.<br /><br />Also, you should be aware that certain portions of the DK code are dependent on the formatting of certain database results (for example, the special attributes on item drops). While I have attempted to point these out throughout the admin script, you should definitely pay attention and be careful when editing some fields, because mistakes in the database content may result in script errors or your game breaking completely."; $page = "Welcome to the Dragon Knight Administration section. Use the links on the left bar to control and edit various elements of the game.<br /><br />Please note that the control panel has been created mostly as a shortcut for certain individual settings. It is meant for use primarily with editing one thing at a time. If you need to completely replace an entire table (say, to replace all stock monsters with your own new ones), it is suggested that you use a more in-depth database tool such as <a href=\"http://www.phpmyadmin.net\" target=\"_new\">phpMyAdmin</a>. Also, you may want to have a copy of the Dragon Knight development kit, available from the <a href=\"http://dragon.se7enet.com/dev.php\">Dragon Knight homepage</a>.<br /><br />Also, you should be aware that certain portions of the DK code are dependent on the formatting of certain database results (for example, the special attributes on item drops). While I have attempted to point these out throughout the admin script, you should definitely pay attention and be careful when editing some fields, because mistakes in the database content may result in script errors or your game breaking completely.";
display($page, "Admin Home"); admindisplay($page, "Admin Home");
} }
@ -58,9 +59,9 @@ function main() {
if ($errors == 0) { if ($errors == 0) {
$query = doquery("UPDATE {{table}} SET gamename='$gamename',gamesize='$gamesize',forumtype='$forumtype',forumaddress='$forumaddress',compression='$compression',class1name='$class1name',class2name='$class2name',class3name='$class3name',diff1name='$diff1name',diff2name='$diff2name',diff3name='$diff3name',diff2mod='$diff2mod',diff3mod='$diff3mod',gameopen='$gameopen',verifyemail='$verifyemail',gameurl='$gameurl',adminemail='$adminemail',shownews='$shownews',showonline='$showonline',showbabble='$showbabble' WHERE id='1' LIMIT 1", "control"); $query = doquery("UPDATE {{table}} SET gamename='$gamename',gamesize='$gamesize',forumtype='$forumtype',forumaddress='$forumaddress',compression='$compression',class1name='$class1name',class2name='$class2name',class3name='$class3name',diff1name='$diff1name',diff2name='$diff2name',diff3name='$diff3name',diff2mod='$diff2mod',diff3mod='$diff3mod',gameopen='$gameopen',verifyemail='$verifyemail',gameurl='$gameurl',adminemail='$adminemail',shownews='$shownews',showonline='$showonline',showbabble='$showbabble' WHERE id='1' LIMIT 1", "control");
display("Settings updated.","Main Settings"); admindisplay("Settings updated.","Main Settings");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Main Settings"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Main Settings");
} }
} }
@ -113,7 +114,7 @@ END;
if ($controlrow["gameopen"] == 0) { $controlrow["open0select"] = "selected=\"selected\" "; } else { $controlrow["open0select"] = ""; } if ($controlrow["gameopen"] == 0) { $controlrow["open0select"] = "selected=\"selected\" "; } else { $controlrow["open0select"] = ""; }
$page = parsetemplate($page, $controlrow); $page = parsetemplate($page, $controlrow);
display($page, "Main Settings"); admindisplay($page, "Main Settings");
} }
@ -128,7 +129,7 @@ function items() {
} }
if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No items found.</td></tr>\n"; } if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No items found.</td></tr>\n"; }
$page .= "</table>"; $page .= "</table>";
display($page, "Edit Items"); admindisplay($page, "Edit Items");
} }
@ -148,9 +149,9 @@ function edititem($id) {
if ($errors == 0) { if ($errors == 0) {
$query = doquery("UPDATE {{table}} SET name='$name',type='$type',buycost='$buycost',attribute='$attribute',special='$special' WHERE id='$id' LIMIT 1", "items"); $query = doquery("UPDATE {{table}} SET name='$name',type='$type',buycost='$buycost',attribute='$attribute',special='$special' WHERE id='$id' LIMIT 1", "items");
display("Item updated.","Edit Items"); admindisplay("Item updated.","Edit Items");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Items"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Items");
} }
} }
@ -191,7 +192,7 @@ END;
if ($row["type"] == 3) { $row["type3select"] = "selected=\"selected\" "; } else { $row["type3select"] = ""; } if ($row["type"] == 3) { $row["type3select"] = "selected=\"selected\" "; } else { $row["type3select"] = ""; }
$page = parsetemplate($page, $row); $page = parsetemplate($page, $row);
display($page, "Edit Items"); admindisplay($page, "Edit Items");
} }
@ -206,7 +207,7 @@ function drops() {
} }
if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No items found.</td></tr>\n"; } if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No items found.</td></tr>\n"; }
$page .= "</table>"; $page .= "</table>";
display($page, "Edit Drops"); admindisplay($page, "Edit Drops");
} }
@ -225,9 +226,9 @@ function editdrop($id) {
if ($errors == 0) { if ($errors == 0) {
$query = doquery("UPDATE {{table}} SET name='$name',mlevel='$mlevel',attribute1='$attribute1',attribute2='$attribute2' WHERE id='$id' LIMIT 1", "drops"); $query = doquery("UPDATE {{table}} SET name='$name',mlevel='$mlevel',attribute1='$attribute1',attribute2='$attribute2' WHERE id='$id' LIMIT 1", "drops");
display("Item updated.","Edit Drops"); admindisplay("Item updated.","Edit Drops");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Drops"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Drops");
} }
} }
@ -263,7 +264,7 @@ defensepower - total defense power
END; END;
$page = parsetemplate($page, $row); $page = parsetemplate($page, $row);
display($page, "Edit Drops"); admindisplay($page, "Edit Drops");
} }
@ -278,7 +279,7 @@ function towns() {
} }
if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No towns found.</td></tr>\n"; } if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No towns found.</td></tr>\n"; }
$page .= "</table>"; $page .= "</table>";
display($page, "Edit Towns"); admindisplay($page, "Edit Towns");
} }
@ -305,9 +306,9 @@ function edittown($id) {
if ($errors == 0) { if ($errors == 0) {
$query = doquery("UPDATE {{table}} SET name='$name',latitude='$latitude',longitude='$longitude',innprice='$innprice',mapprice='$mapprice',travelpoints='$travelpoints',itemslist='$itemslist' WHERE id='$id' LIMIT 1", "towns"); $query = doquery("UPDATE {{table}} SET name='$name',latitude='$latitude',longitude='$longitude',innprice='$innprice',mapprice='$mapprice',travelpoints='$travelpoints',itemslist='$itemslist' WHERE id='$id' LIMIT 1", "towns");
display("Town updated.","Edit Towns"); admindisplay("Town updated.","Edit Towns");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Towns"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Towns");
} }
} }
@ -334,7 +335,7 @@ $page = <<<END
END; END;
$page = parsetemplate($page, $row); $page = parsetemplate($page, $row);
display($page, "Edit Towns"); admindisplay($page, "Edit Towns");
} }
@ -360,7 +361,7 @@ function monsters() {
} }
if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No towns found.</td></tr>\n"; } if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No towns found.</td></tr>\n"; }
$page .= "</table>"; $page .= "</table>";
display($page, "Edit Monster"); admindisplay($page, "Edit Monster");
} }
@ -387,9 +388,9 @@ function editmonster($id) {
if ($errors == 0) { if ($errors == 0) {
$query = doquery("UPDATE {{table}} SET name='$name',maxhp='$maxhp',maxdam='$maxdam',armor='$armor',level='$level',maxexp='$maxexp',maxgold='$maxgold',immune='$immune' WHERE id='$id' LIMIT 1", "monsters"); $query = doquery("UPDATE {{table}} SET name='$name',maxhp='$maxhp',maxdam='$maxdam',armor='$armor',level='$level',maxexp='$maxexp',maxgold='$maxgold',immune='$immune' WHERE id='$id' LIMIT 1", "monsters");
display("Monster updated.","Edit monsters"); admindisplay("Monster updated.","Edit monsters");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit monsters"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit monsters");
} }
} }
@ -421,7 +422,7 @@ END;
if ($row["immune"] == 3) { $row["immune3select"] = "selected=\"selected\" "; } else { $row["immune3select"] = ""; } if ($row["immune"] == 3) { $row["immune3select"] = "selected=\"selected\" "; } else { $row["immune3select"] = ""; }
$page = parsetemplate($page, $row); $page = parsetemplate($page, $row);
display($page, "Edit Monsters"); admindisplay($page, "Edit Monsters");
} }
@ -436,7 +437,7 @@ function spells() {
} }
if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No spells found.</td></tr>\n"; } if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No spells found.</td></tr>\n"; }
$page .= "</table>"; $page .= "</table>";
display($page, "Edit Spells"); admindisplay($page, "Edit Spells");
} }
@ -455,9 +456,9 @@ function editspell($id) {
if ($errors == 0) { if ($errors == 0) {
$query = doquery("UPDATE {{table}} SET name='$name',mp='$mp',attribute='$attribute',type='$type' WHERE id='$id' LIMIT 1", "spells"); $query = doquery("UPDATE {{table}} SET name='$name',mp='$mp',attribute='$attribute',type='$type' WHERE id='$id' LIMIT 1", "spells");
display("Spell updated.","Edit Spells"); admindisplay("Spell updated.","Edit Spells");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Spells"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Spells");
} }
} }
@ -487,7 +488,7 @@ END;
if ($row["type"] == 5) { $row["type5select"] = "selected=\"selected\" "; } else { $row["type5select"] = ""; } if ($row["type"] == 5) { $row["type5select"] = "selected=\"selected\" "; } else { $row["type5select"] = ""; }
$page = parsetemplate($page, $row); $page = parsetemplate($page, $row);
display($page, "Edit Spells"); admindisplay($page, "Edit Spells");
} }
@ -511,13 +512,13 @@ $options
</form> </form>
END; END;
display($page, "Edit Levels"); admindisplay($page, "Edit Levels");
} }
function editlevel() { function editlevel() {
if (!isset($_POST["level"])) { display("No level to edit.", "Edit Levels"); die(); } if (!isset($_POST["level"])) { admindisplay("No level to edit.", "Edit Levels"); die(); }
$id = $_POST["level"]; $id = $_POST["level"];
if (isset($_POST["submit"])) { if (isset($_POST["submit"])) {
@ -579,9 +580,9 @@ UPDATE {{table}} SET
WHERE id='$id' LIMIT 1 WHERE id='$id' LIMIT 1
END; END;
$query = doquery($updatequery, "levels"); $query = doquery($updatequery, "levels");
display("Level updated.","Edit Levels"); admindisplay("Level updated.","Edit Levels");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Spells"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Spells");
} }
} }
@ -637,7 +638,7 @@ Experience values for each level should be the cumulative total amount of experi
END; END;
$page = parsetemplate($page, $row); $page = parsetemplate($page, $row);
display($page, "Edit Levels"); admindisplay($page, "Edit Levels");
} }
@ -652,7 +653,7 @@ function users() {
} }
if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No spells found.</td></tr>\n"; } if (mysql_num_rows($query) == 0) { $page .= "<tr><td width=\"8%\" style=\"background-color: #eeeeee;\">No spells found.</td></tr>\n"; }
$page .= "</table>"; $page .= "</table>";
display($page, "Edit Users"); admindisplay($page, "Edit Users");
} }
@ -767,9 +768,9 @@ slot1name="$slot1name", slot2name="$slot2name", slot3name="$slot3name", dropcode
towns="$towns" WHERE id="$id" LIMIT 1 towns="$towns" WHERE id="$id" LIMIT 1
END; END;
$query = doquery($updatequery, "users"); $query = doquery($updatequery, "users");
display("User updated.","Edit Users"); admindisplay("User updated.","Edit Users");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Users"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Edit Users");
} }
} }
@ -873,7 +874,7 @@ END;
if ($row["difficulty"] == 3) { $row["diff3select"] = "selected=\"selected\" "; } else { $row["diff3select"] = ""; } if ($row["difficulty"] == 3) { $row["diff3select"] = "selected=\"selected\" "; } else { $row["diff3select"] = ""; }
$page = parsetemplate($page, $row); $page = parsetemplate($page, $row);
display($page, "Edit Users"); admindisplay($page, "Edit Users");
} }
@ -888,9 +889,9 @@ function addnews() {
if ($errors == 0) { if ($errors == 0) {
$query = doquery("INSERT INTO {{table}} SET id='',postdate=NOW(),content='$content'", "news"); $query = doquery("INSERT INTO {{table}} SET id='',postdate=NOW(),content='$content'", "news");
display("News post added.","Add News"); admindisplay("News post added.","Add News");
} else { } else {
display("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Add News"); admindisplay("<b>Errors:</b><br /><div style=\"color:red;\">$errorlist</div><br />Please go back and try again.", "Add News");
} }
} }
@ -904,7 +905,7 @@ Type your post below and then click Submit to add it.<br />
</form> </form>
END; END;
display($page, "Add News"); admindisplay($page, "Add News");
} }

View File

@ -1,147 +0,0 @@
<?php // lib.php :: Common functions used throughout the program.
$starttime = getmicrotime();
$numqueries = 0;
function opendb() { // Open database connection.
include('../config.php');
extract($dbsettings);
$link = mysql_connect($server, $user, $pass) or die(mysql_error());
mysql_select_db($name) or die(mysql_error());
return $link;
}
function doquery($query, $table) { // Something of a tiny little database abstraction layer.
include('../config.php');
global $numqueries;
$sqlquery = mysql_query(str_replace("{{table}}", $dbsettings["prefix"] . "_" . $table, $query)) or die(mysql_error());
$numqueries++;
return $sqlquery;
}
function gettemplate($templatename) { // SQL query for the template.
$filename = "../templates/" . $templatename . ".php";
include("$filename");
return $template;
}
function parsetemplate($template, $array) { // Replace template with proper content.
foreach($array as $a => $b) {
$template = str_replace("{{{$a}}}", $b, $template);
}
return $template;
}
function getmicrotime() { // Used for timing script operations.
list($usec, $sec) = explode(" ",microtime());
return ((float)$usec + (float)$sec);
}
function prettydate($uglydate) { // Change the MySQL date format (YYYY-MM-DD) into something friendlier.
return date("F j, Y", mktime(0,0,0,substr($uglydate, 5, 2),substr($uglydate, 8, 2),substr($uglydate, 0, 4)));
}
function is_email($email) { // Thanks to "mail(at)philipp-louis.de" from php.net!
return(preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i",$email));
}
function my_htmlspecialchars($text) { // Thanks to "etymxris at yahoo dot com" from php.net!
$ALLOWABLE_TAGS = array("b", "i", "u", "p", "blockquote", "ol", "ul", "li");
static $PATTERNS = array();
static $REPLACEMENTS = array();
if (count($PATTERNS) == 0) {
foreach ($ALLOWABLE_TAGS as $tag) {
$PATTERNS[] = "/&lt;$tag&gt;/i";
$PATTERNS[] = "/&lt;\/$tag&gt;/i";
$REPLACEMENTS[] = "<$tag>";
$REPLACEMENTS[] = "</$tag>";
}
}
$result = str_replace(array(">", "<", "\"", "'"),
array("&gt;", "&lt;", "&quot;", "&#039;"),
$text);
$result = preg_replace($PATTERNS, $REPLACEMENTS, $result);
return $result;
}
function checkcookies() {
include('../config.php');
$row = false;
if (isset($_COOKIE["dkgame"])) {
// COOKIE FORMAT:
// {ID} {USERNAME} {PASSWORDHASH} {REMEMBERME}
$theuser = explode(" ",$_COOKIE["dkgame"]);
$query = doquery("SELECT * FROM {{table}} WHERE username='$theuser[1]'", "users");
if (mysql_num_rows($query) != 1) { die("Invalid cookie data (Error 1). Please clear cookies and log in again."); }
$row = mysql_fetch_array($query);
if ($row["id"] != $theuser[0]) { die("Invalid cookie data (Error 2). Please clear cookies and log in again."); }
if (md5($row["password"] . "--" . $dbsettings["secretword"]) != $theuser[2]) { die("Invalid cookie data (Error 3). Please clear cookies and log in again."); }
// If we've gotten this far, cookie should be valid, so write a new one.
$newcookie = implode(" ",$theuser);
if ($theuser[3] == 1) { $expiretime = time()+31536000; } else { $expiretime = 0; }
setcookie ("dkgame", $newcookie, $expiretime, "/", "", 0);
$onlinequery = doquery("UPDATE {{table}} SET onlinetime=NOW() WHERE id='$theuser[0]' LIMIT 1", "users");
}
return $row;
}
function display($content, $title) { // Finalize page and output to browser.
include('../config.php');
global $numqueries, $userrow, $controlrow, $starttime;
if (!isset($controlrow)) {
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery);
}
$template = gettemplate("admin");
// Make page tags for XHTML validation.
$xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n"
. "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n";
$finalarray = array(
"title"=>$title,
"content"=>$content,
"totaltime"=>round(getmicrotime() - $starttime, 4),
"numqueries"=>$numqueries,
"version"=>$version,
"build"=>$build);
$page = parsetemplate($template, $finalarray);
$page = $xml . $page;
if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); }
echo $page;
die();
}
?>

32
cookies.php Normal file
View File

@ -0,0 +1,32 @@
<?php // cookies.php :: Handles cookies. (Mmm, tasty!)
function checkcookies() {
include('config.php');
$row = false;
if (isset($_COOKIE["dkgame"])) {
// COOKIE FORMAT:
// {ID} {USERNAME} {PASSWORDHASH} {REMEMBERME}
$theuser = explode(" ",$_COOKIE["dkgame"]);
$query = doquery("SELECT * FROM {{table}} WHERE username='$theuser[1]'", "users");
if (mysql_num_rows($query) != 1) { die("Invalid cookie data (Error 1). Please clear cookies and log in again."); }
$row = mysql_fetch_array($query);
if ($row["id"] != $theuser[0]) { die("Invalid cookie data (Error 2). Please clear cookies and log in again."); }
if (md5($row["password"] . "--" . $dbsettings["secretword"]) != $theuser[2]) { die("Invalid cookie data (Error 3). Please clear cookies and log in again."); }
// If we've gotten this far, cookie should be valid, so write a new one.
$newcookie = implode(" ",$theuser);
if ($theuser[3] == 1) { $expiretime = time()+31536000; } else { $expiretime = 0; }
setcookie ("dkgame", $newcookie, $expiretime, "/", "", 0);
$onlinequery = doquery("UPDATE {{table}} SET onlinetime=NOW() WHERE id='$theuser[0]' LIMIT 1", "users");
}
return $row;
}
?>

View File

@ -2,7 +2,7 @@
if (file_exists('install.php')) { die("Please delete <b>install.php</b> from your Dragon Knight directory before continuing."); } if (file_exists('install.php')) { die("Please delete <b>install.php</b> from your Dragon Knight directory before continuing."); }
include('lib.php'); include('lib.php');
include('login.php'); include('cookies.php');
$link = opendb(); $link = opendb();
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control"); $controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery); $controlrow = mysql_fetch_array($controlquery);

33
lib.php
View File

@ -2,7 +2,7 @@
$starttime = getmicrotime(); $starttime = getmicrotime();
$numqueries = 0; $numqueries = 0;
$version = "1.1.2"; $version = "1.1.3";
$build = ""; $build = "";
function opendb() { // Open database connection. function opendb() { // Open database connection.
@ -91,6 +91,37 @@ function my_htmlspecialchars($text) { // Thanks to "etymxris at yahoo dot com" f
} }
function admindisplay($content, $title) { // Finalize page and output to browser.
global $numqueries, $userrow, $controlrow, $starttime, $version, $build;
if (!isset($controlrow)) {
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery);
}
$template = gettemplate("admin");
// Make page tags for XHTML validation.
$xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n"
. "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n";
$finalarray = array(
"title"=>$title,
"content"=>$content,
"totaltime"=>round(getmicrotime() - $starttime, 4),
"numqueries"=>$numqueries,
"version"=>$version,
"build"=>$build);
$page = parsetemplate($template, $finalarray);
$page = $xml . $page;
if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); }
echo $page;
die();
}
function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true, $badstart=false) { // Finalize page and output to browser. function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true, $badstart=false) { // Finalize page and output to browser.
global $numqueries, $userrow, $controlrow, $version, $build; global $numqueries, $userrow, $controlrow, $version, $build;

View File

@ -1,44 +1,14 @@
<?php // login.php :: Handles logins and cookies. <?php // login.php :: Handles logins and cookies.
include('lib.php');
if (isset($_GET["do"])) { if (isset($_GET["do"])) {
if ($_GET["do"] == "login") { login(); } if ($_GET["do"] == "login") { login(); }
elseif ($_GET["do"] == "logout") { logout(); } elseif ($_GET["do"] == "logout") { logout(); }
} }
function checkcookies() {
include('config.php');
$row = false;
if (isset($_COOKIE["dkgame"])) {
// COOKIE FORMAT:
// {ID} {USERNAME} {PASSWORDHASH} {REMEMBERME}
$theuser = explode(" ",$_COOKIE["dkgame"]);
$query = doquery("SELECT * FROM {{table}} WHERE username='$theuser[1]'", "users");
if (mysql_num_rows($query) != 1) { die("Invalid cookie data (Error 1). Please clear cookies and log in again."); }
$row = mysql_fetch_array($query);
if ($row["id"] != $theuser[0]) { die("Invalid cookie data (Error 2). Please clear cookies and log in again."); }
if (md5($row["password"] . "--" . $dbsettings["secretword"]) != $theuser[2]) { die("Invalid cookie data (Error 3). Please clear cookies and log in again."); }
// If we've gotten this far, cookie should be valid, so write a new one.
$newcookie = implode(" ",$theuser);
if ($theuser[3] == 1) { $expiretime = time()+31536000; } else { $expiretime = 0; }
setcookie ("dkgame", $newcookie, $expiretime, "/", "", 0);
$onlinequery = doquery("UPDATE {{table}} SET onlinetime=NOW() WHERE id='$theuser[0]' LIMIT 1", "users");
}
return $row;
}
function login() { function login() {
include('lib.php');
include('config.php'); include('config.php');
$starttime = getmicrotime();
$link = opendb(); $link = opendb();
if (isset($_POST["submit"])) { if (isset($_POST["submit"])) {
@ -56,7 +26,7 @@ function login() {
$page = gettemplate("login"); $page = gettemplate("login");
$title = "Log In"; $title = "Log In";
display($page, $title, false, false, false, $starttime); display($page, $title, false, false, false, false);
} }