Sky/Dragon-Knight
Sky/Dragon-Knight
1
0
Fork 0
Code Issues Pull Requests Activity

delete old magic quotes stuff

Browse Source
This commit is contained in:
Sky Johnson 2024-12-11 13:02:22 -06:00
parent 07823cea01
commit c7e1e2ce9a
1 changed files with 29 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
lib.php
View File

@ -5,49 +5,6 @@ $numqueries = 0;
$version = "1.1.11"; $version = "1.1.11";
$build = ""; $build = "";
// Handling for servers with magic_quotes turned on.
// Example from php.net.
if (get_magic_quotes_gpc()) {
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
$_POST = array_map('addslashes_deep', $_POST);
$_POST = array_map('html_deep', $_POST);
$_GET = array_map('addslashes_deep', $_GET);
$_GET = array_map('html_deep', $_GET);
$_COOKIE = array_map('addslashes_deep', $_COOKIE);
$_COOKIE = array_map('html_deep', $_COOKIE);
function stripslashes_deep($value) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
function addslashes_deep($value) {
$value = is_array($value) ?
array_map('addslashes_deep', $value) :
addslashes($value);
return $value;
}
function html_deep($value) {
$value = is_array($value) ?
array_map('html_deep', $value) :
htmlspecialchars($value);
return $value;
}
function opendb() { // Open database connection. function opendb() { // Open database connection.
include('config.php'); include('config.php');
@ -59,7 +16,7 @@ function opendb() { // Open database connection.
} }
function doquery($query, $table) { // Something of a tiny little database abstraction layer. function doquery($query, $table) { // Something of a tiny little database abstraction layer.
include('config.php'); include('config.php');
global $numqueries; global $numqueries;
$sqlquery = mysql_query(str_replace("{{table}}", $dbsettings["prefix"] . "_" . $table, $query)) or die(mysql_error()); $sqlquery = mysql_query(str_replace("{{table}}", $dbsettings["prefix"] . "_" . $table, $query)) or die(mysql_error());
@ -73,22 +30,22 @@ function gettemplate($templatename) { // SQL query for the template.
$filename = "templates/" . $templatename . ".php"; $filename = "templates/" . $templatename . ".php";
include("$filename"); include("$filename");
return $template; return $template;
} }
function parsetemplate($template, $array) { // Replace template with proper content. function parsetemplate($template, $array) { // Replace template with proper content.
foreach($array as $a => $b) { foreach($array as $a => $b) {
$template = str_replace("{{{$a}}}", $b, $template); $template = str_replace("{{{$a}}}", $b, $template);
} }
return $template; return $template;
} }
function getmicrotime() { // Used for timing script operations. function getmicrotime() { // Used for timing script operations.
list($usec, $sec) = explode(" ",microtime()); list($usec, $sec) = explode(" ",microtime());
return ((float)$usec + (float)$sec); return ((float)$usec + (float)$sec);
} }
@ -111,7 +68,7 @@ function is_email($email) { // Thanks to "mail(at)philipp-louis.de" from php.net
} }
function makesafe($d) { function makesafe($d) {
$d = str_replace("\t","",$d); $d = str_replace("\t","",$d);
$d = str_replace("<","&#60;",$d); $d = str_replace("<","&#60;",$d);
$d = str_replace(">","&#62;",$d); $d = str_replace(">","&#62;",$d);
@ -119,19 +76,19 @@ function makesafe($d) {
$d = str_replace("|","??",$d); $d = str_replace("|","??",$d);
$d = str_replace(" "," &nbsp;",$d); $d = str_replace(" "," &nbsp;",$d);
return $d; return $d;
} }
function admindisplay($content, $title) { // Finalize page and output to browser. function admindisplay($content, $title) { // Finalize page and output to browser.
global $numqueries, $userrow, $controlrow, $starttime, $version, $build; global $numqueries, $userrow, $controlrow, $starttime, $version, $build;
if (!isset($controlrow)) { if (!isset($controlrow)) {
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control"); $controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery); $controlrow = mysql_fetch_array($controlquery);
} }
$template = gettemplate("admin"); $template = gettemplate("admin");
// Make page tags for XHTML validation. // Make page tags for XHTML validation.
$xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n" $xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n" . "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n"
@ -150,25 +107,25 @@ function admindisplay($content, $title) { // Finalize page and output to browser
if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); } if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); }
echo $page; echo $page;
die(); die();
} }
function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true, $badstart=false) { // Finalize page and output to browser. function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true, $badstart=false) { // Finalize page and output to browser.
global $numqueries, $userrow, $controlrow, $version, $build; global $numqueries, $userrow, $controlrow, $version, $build;
if (!isset($controlrow)) { if (!isset($controlrow)) {
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control"); $controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery); $controlrow = mysql_fetch_array($controlquery);
} }
if ($badstart == false) { global $starttime; } else { $starttime = $badstart; } if ($badstart == false) { global $starttime; } else { $starttime = $badstart; }
// Make page tags for XHTML validation. // Make page tags for XHTML validation.
$xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n" $xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n" . "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n"
. "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n"; . "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n";
$template = gettemplate("primary"); $template = gettemplate("primary");
if ($rightnav == true) { $rightnav = gettemplate("rightnav"); } else { $rightnav = ""; } if ($rightnav == true) { $rightnav = gettemplate("rightnav"); } else { $rightnav = ""; }
if ($leftnav == true) { $leftnav = gettemplate("leftnav"); } else { $leftnav = ""; } if ($leftnav == true) { $leftnav = gettemplate("leftnav"); } else { $leftnav = ""; }
if ($topnav == true) { if ($topnav == true) {
@ -176,14 +133,14 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
} else { } else {
$topnav = "<a href=\"login.php?do=login\"><img src=\"images/button_login.gif\" alt=\"Log In\" title=\"Log In\" border=\"0\" /></a> <a href=\"users.php?do=register\"><img src=\"images/button_register.gif\" alt=\"Register\" title=\"Register\" border=\"0\" /></a> <a href=\"help.php\"><img src=\"images/button_help.gif\" alt=\"Help\" title=\"Help\" border=\"0\" /></a>"; $topnav = "<a href=\"login.php?do=login\"><img src=\"images/button_login.gif\" alt=\"Log In\" title=\"Log In\" border=\"0\" /></a> <a href=\"users.php?do=register\"><img src=\"images/button_register.gif\" alt=\"Register\" title=\"Register\" border=\"0\" /></a> <a href=\"help.php\"><img src=\"images/button_help.gif\" alt=\"Help\" title=\"Help\" border=\"0\" /></a>";
} }
if (isset($userrow)) { if (isset($userrow)) {
// Get userrow again, in case something has been updated. // Get userrow again, in case something has been updated.
$userquery = doquery("SELECT * FROM {{table}} WHERE id='".$userrow["id"]."' LIMIT 1", "users"); $userquery = doquery("SELECT * FROM {{table}} WHERE id='".$userrow["id"]."' LIMIT 1", "users");
unset($userrow); unset($userrow);
$userrow = mysql_fetch_array($userquery); $userrow = mysql_fetch_array($userquery);
// Current town name. // Current town name.
if ($userrow["currentaction"] == "In Town") { if ($userrow["currentaction"] == "In Town") {
$townquery = doquery("SELECT * FROM {{table}} WHERE latitude='".$userrow["latitude"]."' AND longitude='".$userrow["longitude"]."' LIMIT 1", "towns"); $townquery = doquery("SELECT * FROM {{table}} WHERE latitude='".$userrow["latitude"]."' AND longitude='".$userrow["longitude"]."' LIMIT 1", "towns");
@ -192,18 +149,18 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
} else { } else {
$userrow["currenttown"] = ""; $userrow["currenttown"] = "";
} }
if ($controlrow["forumtype"] == 0) { $userrow["forumslink"] = ""; } if ($controlrow["forumtype"] == 0) { $userrow["forumslink"] = ""; }
elseif ($controlrow["forumtype"] == 1) { $userrow["forumslink"] = "<a href=\"forum.php\">Forum</a><br />"; } elseif ($controlrow["forumtype"] == 1) { $userrow["forumslink"] = "<a href=\"forum.php\">Forum</a><br />"; }
elseif ($controlrow["forumtype"] == 2) { $userrow["forumslink"] = "<a href=\"".$controlrow["forumaddress"]."\">Forum</a><br />"; } elseif ($controlrow["forumtype"] == 2) { $userrow["forumslink"] = "<a href=\"".$controlrow["forumaddress"]."\">Forum</a><br />"; }
// Format various userrow stuffs... // Format various userrow stuffs...
if ($userrow["latitude"] < 0) { $userrow["latitude"] = $userrow["latitude"] * -1 . "S"; } else { $userrow["latitude"] .= "N"; } if ($userrow["latitude"] < 0) { $userrow["latitude"] = $userrow["latitude"] * -1 . "S"; } else { $userrow["latitude"] .= "N"; }
if ($userrow["longitude"] < 0) { $userrow["longitude"] = $userrow["longitude"] * -1 . "W"; } else { $userrow["longitude"] .= "E"; } if ($userrow["longitude"] < 0) { $userrow["longitude"] = $userrow["longitude"] * -1 . "W"; } else { $userrow["longitude"] .= "E"; }
$userrow["experience"] = number_format($userrow["experience"]); $userrow["experience"] = number_format($userrow["experience"]);
$userrow["gold"] = number_format($userrow["gold"]); $userrow["gold"] = number_format($userrow["gold"]);
if ($userrow["authlevel"] == 1) { $userrow["adminlink"] = "<a href=\"admin.php\">Admin</a><br />"; } else { $userrow["adminlink"] = ""; } if ($userrow["authlevel"] == 1) { $userrow["adminlink"] = "<a href=\"admin.php\">Admin</a><br />"; } else { $userrow["adminlink"] = ""; }
// HP/MP/TP bars. // HP/MP/TP bars.
$stathp = ceil($userrow["currenthp"] / $userrow["maxhp"] * 100); $stathp = ceil($userrow["currenthp"] / $userrow["maxhp"] * 100);
if ($userrow["maxmp"] != 0) { $statmp = ceil($userrow["currentmp"] / $userrow["maxmp"] * 100); } else { $statmp = 0; } if ($userrow["maxmp"] != 0) { $statmp = ceil($userrow["currentmp"] / $userrow["maxmp"] * 100); } else { $statmp = 0; }
@ -226,7 +183,7 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
$stattable .= "</td></tr></table></td>\n"; $stattable .= "</td></tr></table></td>\n";
$stattable .= "</tr><tr><td>HP</td><td>MP</td><td>TP</td></tr></table>\n"; $stattable .= "</tr><tr><td>HP</td><td>MP</td><td>TP</td></tr></table>\n";
$userrow["statbars"] = $stattable; $userrow["statbars"] = $stattable;
// Now make numbers stand out if they're low. // Now make numbers stand out if they're low.
if ($userrow["currenthp"] <= ($userrow["maxhp"]/5)) { $userrow["currenthp"] = "<blink><span class=\"highlight\"><b>*".$userrow["currenthp"]."*</b></span></blink>"; } if ($userrow["currenthp"] <= ($userrow["maxhp"]/5)) { $userrow["currenthp"] = "<blink><span class=\"highlight\"><b>*".$userrow["currenthp"]."*</b></span></blink>"; }
if ($userrow["currentmp"] <= ($userrow["maxmp"]/5)) { $userrow["currentmp"] = "<blink><span class=\"highlight\"><b>*".$userrow["currentmp"]."*</b></span></blink>"; } if ($userrow["currentmp"] <= ($userrow["maxmp"]/5)) { $userrow["currentmp"] = "<blink><span class=\"highlight\"><b>*".$userrow["currentmp"]."*</b></span></blink>"; }
@ -244,7 +201,7 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
} }
} }
if ($userrow["magiclist"] == "") { $userrow["magiclist"] = "None"; } if ($userrow["magiclist"] == "") { $userrow["magiclist"] = "None"; }
// Travel To list. // Travel To list.
$townslist = explode(",",$userrow["towns"]); $townslist = explode(",",$userrow["towns"]);
$townquery2 = doquery("SELECT * FROM {{table}} ORDER BY id", "towns"); $townquery2 = doquery("SELECT * FROM {{table}} ORDER BY id", "towns");
@ -254,11 +211,11 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
foreach($townslist as $a => $b) { foreach($townslist as $a => $b) {
if ($b == $townrow2["id"]) { $town = true; } if ($b == $townrow2["id"]) { $town = true; }
} }
if ($town == true) { if ($town == true) {
$userrow["townslist"] .= "<a href=\"index.php?do=gotown:".$townrow2["id"]."\">".$townrow2["name"]."</a><br />\n"; $userrow["townslist"] .= "<a href=\"index.php?do=gotown:".$townrow2["id"]."\">".$townrow2["name"]."</a><br />\n";
} }
} }
} else { } else {
$userrow = array(); $userrow = array();
} }
@ -276,11 +233,11 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
"build"=>$build); "build"=>$build);
$page = parsetemplate($template, $finalarray); $page = parsetemplate($template, $finalarray);
$page = $xml . $page; $page = $xml . $page;
if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); } if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); }
echo $page; echo $page;
die(); die();
} }
?> ?>