Compare commits

..

10 Commits

Author SHA1 Message Date
Jamin Blount
aa4d338c96 Update README.md 2017-02-12 11:00:10 -06:00
Jamin Blount
3efde5e558 Include license in readme 2017-02-05 11:18:01 -06:00
Jamin Blount
5d0ec593d2 v1.1.11
### 1.1.11 (3.26.2006) ###
### Thanks to r0xes & Adam. :)
- Added recursive htmlspecialchars to the rest of the superglobal
security in lib.php.
- Fixed a bug that allowed blank passwords.
- Updated copyright dates as necessary.
2017-02-05 11:12:22 -06:00
Jamin Blount
00528a7396 v1.1.10b
### 1.1.10b (10.25.2005) ###
- Fixed addslashes_deep() to actually add slashes, instead of strip
them. Man, I'm dumb.
2017-02-05 11:11:41 -06:00
Jamin Blount
fbf3c6ba75 v1.1.10a
### 1.1.10a (10.1.2005) ###
### Thanks to obliv. :)
- Fixed a security error.
2017-02-05 11:10:55 -06:00
Jamin Blount
e8e4cc9e54 v1.1.10
### 1.1.10 (3.13.2005) ###
### Thanks to Gary13579. :)
- Fixed a security error.
- Added verified/banned checking in the built-in forum.
2017-02-05 11:10:15 -06:00
Jamin Blount
7aca9dfc9c v1.1.9
### 1.1.9 (3.2.2005) ###
### Thanks to xudzh and ChAoS and Adam. :)
- Character names now have validation checking.
- Fixed babblebox bug when used in Internet Exploder.
- Updated the admin menu link to the main game page for the new path.
- Updated the link to the official DK forums in the Help file.
2017-02-05 11:09:00 -06:00
Jamin Blount
6ccb346ee9 v1.1.8
### 1.1.8 (2.6.2005) ###
- Added extra security to prevent SQL injection exploits.
- admin.php is now in the game root directory rather than the /admin/
sub.
2017-02-05 11:08:10 -06:00
Jamin Blount
34747b3c19 v1.1.7
### 1.1.7 (12.29.2004) ###
### Thanks to Adam. :)
- Fixed URL cheat that allowed people to continue fighting after
victory.

### 1.1.6a (11.20.2004) ###
- Fixed problem where goldbonus was added to experience instead of gold.
- Fixed a typo in fight.php.
2017-02-05 11:06:58 -06:00
Jamin Blount
a5364b3b1b v1.1.6
### 1.1.6 (11.6.2004) ###
### Thanks to Shadowbq, joshman, Adam, and Tsufo. :)
- Fixed variable name reference in fight.php.
- Fixed URL cheat that allowed people to buy any item from any town.
- Fixed URL cheat that allowed people to travel anywhere without having
the map.
- Fixed display bug in the error messages generated by cheat attempts.
- Fixed admin/editlevels that caused all level values to be reset to
zero.
2017-02-05 11:05:09 -06:00
16 changed files with 182 additions and 86 deletions

View File

@ -1,4 +1,7 @@
# Dragon Knight
- See also: [Dragon Scourge](https://github.com/renderse7en/dragon-scourge)
- [Live Demo](http://dragon.se7enet.com/)
Many years ago, when I was young and dumb, I wrote a simple little game based on the game *Dragon Warrior* for the NES. It was fun, it helped me learn how to code, and a lot of people liked it.
I am now turning it over to the open source community. Fork it, do what you want, make it your own.
Couple things to keep in mind though:
@ -23,3 +26,26 @@ Couple things to keep in mind though:
5. In your browser, run `install.php` and follow the instructions.
6. After completing installation, delete `install.php` from your Dragon Knight directory for security.
7. Enjoy the game.
# License
MIT License
Copyright (c) 2017 renderse7en
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@ -1,7 +1,7 @@
<?php // admin.php :: primary administration script.
include('../lib.php');
include('../cookies.php');
include('lib.php');
include('cookies.php');
$link = opendb();
$userrow = checkcookies();
if ($userrow == false) { die("Please log in to the <a href=\"../login.php?do=login\">game</a> before using the control panel."); }
@ -526,57 +526,57 @@ function editlevel() {
extract($_POST);
$errors = 0;
$errorlist = "";
if ($_POST["1_exp"] == "") { $errors++; $errorlist .= "Class 1 Experience is required.<br />"; }
if ($_POST["1_hp"] == "") { $errors++; $errorlist .= "Class 1 HP is required.<br />"; }
if ($_POST["1_mp"] == "") { $errors++; $errorlist .= "Class 1 MP is required.<br />"; }
if ($_POST["1_tp"] == "") { $errors++; $errorlist .= "Class 1 TP is required.<br />"; }
if ($_POST["1_strength"] == "") { $errors++; $errorlist .= "Class 1 Strength is required.<br />"; }
if ($_POST["1_dexterity"] == "") { $errors++; $errorlist .= "Class 1 Dexterity is required.<br />"; }
if ($_POST["1_spells"] == "") { $errors++; $errorlist .= "Class 1 Spells is required.<br />"; }
if (!is_numeric($_POST["1_exp"])) { $errors++; $errorlist .= "Class 1 Experience must be a number.<br />"; }
if (!is_numeric($_POST["1_hp"])) { $errors++; $errorlist .= "Class 1 HP must be a number.<br />"; }
if (!is_numeric($_POST["1_mp"])) { $errors++; $errorlist .= "Class 1 MP must be a number.<br />"; }
if (!is_numeric($_POST["1_tp"])) { $errors++; $errorlist .= "Class 1 TP must be a number.<br />"; }
if (!is_numeric($_POST["1_strength"])) { $errors++; $errorlist .= "Class 1 Strength must be a number.<br />"; }
if (!is_numeric($_POST["1_dexterity"])) { $errors++; $errorlist .= "Class 1 Dexterity must be a number.<br />"; }
if (!is_numeric($_POST["1_spells"])) { $errors++; $errorlist .= "Class 1 Spells must be a number.<br />"; }
if ($_POST["one_exp"] == "") { $errors++; $errorlist .= "Class 1 Experience is required.<br />"; }
if ($_POST["one_hp"] == "") { $errors++; $errorlist .= "Class 1 HP is required.<br />"; }
if ($_POST["one_mp"] == "") { $errors++; $errorlist .= "Class 1 MP is required.<br />"; }
if ($_POST["one_tp"] == "") { $errors++; $errorlist .= "Class 1 TP is required.<br />"; }
if ($_POST["one_strength"] == "") { $errors++; $errorlist .= "Class 1 Strength is required.<br />"; }
if ($_POST["one_dexterity"] == "") { $errors++; $errorlist .= "Class 1 Dexterity is required.<br />"; }
if ($_POST["one_spells"] == "") { $errors++; $errorlist .= "Class 1 Spells is required.<br />"; }
if (!is_numeric($_POST["one_exp"])) { $errors++; $errorlist .= "Class 1 Experience must be a number.<br />"; }
if (!is_numeric($_POST["one_hp"])) { $errors++; $errorlist .= "Class 1 HP must be a number.<br />"; }
if (!is_numeric($_POST["one_mp"])) { $errors++; $errorlist .= "Class 1 MP must be a number.<br />"; }
if (!is_numeric($_POST["one_tp"])) { $errors++; $errorlist .= "Class 1 TP must be a number.<br />"; }
if (!is_numeric($_POST["one_strength"])) { $errors++; $errorlist .= "Class 1 Strength must be a number.<br />"; }
if (!is_numeric($_POST["one_dexterity"])) { $errors++; $errorlist .= "Class 1 Dexterity must be a number.<br />"; }
if (!is_numeric($_POST["one_spells"])) { $errors++; $errorlist .= "Class 1 Spells must be a number.<br />"; }
if ($_POST["2_exp"] == "") { $errors++; $errorlist .= "Class 2 Experience is required.<br />"; }
if ($_POST["2_hp"] == "") { $errors++; $errorlist .= "Class 2 HP is required.<br />"; }
if ($_POST["2_mp"] == "") { $errors++; $errorlist .= "Class 2 MP is required.<br />"; }
if ($_POST["2_tp"] == "") { $errors++; $errorlist .= "Class 2 TP is required.<br />"; }
if ($_POST["2_strength"] == "") { $errors++; $errorlist .= "Class 2 Strength is required.<br />"; }
if ($_POST["2_dexterity"] == "") { $errors++; $errorlist .= "Class 2 Dexterity is required.<br />"; }
if ($_POST["2_spells"] == "") { $errors++; $errorlist .= "Class 2 Spells is required.<br />"; }
if (!is_numeric($_POST["2_exp"])) { $errors++; $errorlist .= "Class 2 Experience must be a number.<br />"; }
if (!is_numeric($_POST["2_hp"])) { $errors++; $errorlist .= "Class 2 HP must be a number.<br />"; }
if (!is_numeric($_POST["2_mp"])) { $errors++; $errorlist .= "Class 2 MP must be a number.<br />"; }
if (!is_numeric($_POST["2_tp"])) { $errors++; $errorlist .= "Class 2 TP must be a number.<br />"; }
if (!is_numeric($_POST["2_strength"])) { $errors++; $errorlist .= "Class 2 Strength must be a number.<br />"; }
if (!is_numeric($_POST["2_dexterity"])) { $errors++; $errorlist .= "Class 2 Dexterity must be a number.<br />"; }
if (!is_numeric($_POST["2_spells"])) { $errors++; $errorlist .= "Class 2 Spells must be a number.<br />"; }
if ($_POST["two_exp"] == "") { $errors++; $errorlist .= "Class 2 Experience is required.<br />"; }
if ($_POST["two_hp"] == "") { $errors++; $errorlist .= "Class 2 HP is required.<br />"; }
if ($_POST["two_mp"] == "") { $errors++; $errorlist .= "Class 2 MP is required.<br />"; }
if ($_POST["two_tp"] == "") { $errors++; $errorlist .= "Class 2 TP is required.<br />"; }
if ($_POST["two_strength"] == "") { $errors++; $errorlist .= "Class 2 Strength is required.<br />"; }
if ($_POST["two_dexterity"] == "") { $errors++; $errorlist .= "Class 2 Dexterity is required.<br />"; }
if ($_POST["two_spells"] == "") { $errors++; $errorlist .= "Class 2 Spells is required.<br />"; }
if (!is_numeric($_POST["two_exp"])) { $errors++; $errorlist .= "Class 2 Experience must be a number.<br />"; }
if (!is_numeric($_POST["two_hp"])) { $errors++; $errorlist .= "Class 2 HP must be a number.<br />"; }
if (!is_numeric($_POST["two_mp"])) { $errors++; $errorlist .= "Class 2 MP must be a number.<br />"; }
if (!is_numeric($_POST["two_tp"])) { $errors++; $errorlist .= "Class 2 TP must be a number.<br />"; }
if (!is_numeric($_POST["two_strength"])) { $errors++; $errorlist .= "Class 2 Strength must be a number.<br />"; }
if (!is_numeric($_POST["two_dexterity"])) { $errors++; $errorlist .= "Class 2 Dexterity must be a number.<br />"; }
if (!is_numeric($_POST["two_spells"])) { $errors++; $errorlist .= "Class 2 Spells must be a number.<br />"; }
if ($_POST["3_exp"] == "") { $errors++; $errorlist .= "Class 3 Experience is required.<br />"; }
if ($_POST["3_hp"] == "") { $errors++; $errorlist .= "Class 3 HP is required.<br />"; }
if ($_POST["3_mp"] == "") { $errors++; $errorlist .= "Class 3 MP is required.<br />"; }
if ($_POST["3_tp"] == "") { $errors++; $errorlist .= "Class 3 TP is required.<br />"; }
if ($_POST["3_strength"] == "") { $errors++; $errorlist .= "Class 3 Strength is required.<br />"; }
if ($_POST["3_dexterity"] == "") { $errors++; $errorlist .= "Class 3 Dexterity is required.<br />"; }
if ($_POST["3_spells"] == "") { $errors++; $errorlist .= "Class 3 Spells is required.<br />"; }
if (!is_numeric($_POST["3_exp"])) { $errors++; $errorlist .= "Class 3 Experience must be a number.<br />"; }
if (!is_numeric($_POST["3_hp"])) { $errors++; $errorlist .= "Class 3 HP must be a number.<br />"; }
if (!is_numeric($_POST["3_mp"])) { $errors++; $errorlist .= "Class 3 MP must be a number.<br />"; }
if (!is_numeric($_POST["3_tp"])) { $errors++; $errorlist .= "Class 3 TP must be a number.<br />"; }
if (!is_numeric($_POST["3_strength"])) { $errors++; $errorlist .= "Class 3 Strength must be a number.<br />"; }
if (!is_numeric($_POST["3_dexterity"])) { $errors++; $errorlist .= "Class 3 Dexterity must be a number.<br />"; }
if (!is_numeric($_POST["3_spells"])) { $errors++; $errorlist .= "Class 3 Spells must be a number.<br />"; }
if ($_POST["three_exp"] == "") { $errors++; $errorlist .= "Class 3 Experience is required.<br />"; }
if ($_POST["three_hp"] == "") { $errors++; $errorlist .= "Class 3 HP is required.<br />"; }
if ($_POST["three_mp"] == "") { $errors++; $errorlist .= "Class 3 MP is required.<br />"; }
if ($_POST["three_tp"] == "") { $errors++; $errorlist .= "Class 3 TP is required.<br />"; }
if ($_POST["three_strength"] == "") { $errors++; $errorlist .= "Class 3 Strength is required.<br />"; }
if ($_POST["three_dexterity"] == "") { $errors++; $errorlist .= "Class 3 Dexterity is required.<br />"; }
if ($_POST["three_spells"] == "") { $errors++; $errorlist .= "Class 3 Spells is required.<br />"; }
if (!is_numeric($_POST["three_exp"])) { $errors++; $errorlist .= "Class 3 Experience must be a number.<br />"; }
if (!is_numeric($_POST["three_hp"])) { $errors++; $errorlist .= "Class 3 HP must be a number.<br />"; }
if (!is_numeric($_POST["three_mp"])) { $errors++; $errorlist .= "Class 3 MP must be a number.<br />"; }
if (!is_numeric($_POST["three_tp"])) { $errors++; $errorlist .= "Class 3 TP must be a number.<br />"; }
if (!is_numeric($_POST["three_strength"])) { $errors++; $errorlist .= "Class 3 Strength must be a number.<br />"; }
if (!is_numeric($_POST["three_dexterity"])) { $errors++; $errorlist .= "Class 3 Dexterity must be a number.<br />"; }
if (!is_numeric($_POST["three_spells"])) { $errors++; $errorlist .= "Class 3 Spells must be a number.<br />"; }
if ($errors == 0) {
$updatequery = <<<END
UPDATE {{table}} SET
1_exp='$1_exp', 1_hp='$1_hp', 1_mp='$1_mp', 1_tp='$1_tp', 1_strength='$1_strength', 1_dexterity='$1_dexterity', 1_spells='$1_spells',
2_exp='$2_exp', 2_hp='$2_hp', 2_mp='$2_mp', 2_tp='$2_tp', 2_strength='$2_strength', 2_dexterity='$2_dexterity', 2_spells='$2_spells',
3_exp='$3_exp', 3_hp='$3_hp', 3_mp='$3_mp', 3_tp='$3_tp', 3_strength='$3_strength', 3_dexterity='$3_dexterity', 3_spells='$3_spells'
1_exp='$one_exp', 1_hp='$one_hp', 1_mp='$one_mp', 1_tp='$one_tp', 1_strength='$one_strength', 1_dexterity='$one_dexterity', 1_spells='$one_spells',
2_exp='$two_exp', 2_hp='$two_hp', 2_mp='$two_mp', 2_tp='$two_tp', 2_strength='$two_strength', 2_dexterity='$two_dexterity', 2_spells='$two_spells',
3_exp='$three_exp', 3_hp='$three_hp', 3_mp='$three_mp', 3_tp='$three_tp', 3_strength='$three_strength', 3_dexterity='$three_dexterity', 3_spells='$three_spells'
WHERE id='$id' LIMIT 1
END;
$query = doquery($updatequery, "levels");
@ -605,33 +605,33 @@ Experience values for each level should be the cumulative total amount of experi
<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>
<tr><td width="20%">$class1name Experience:</td><td><input type="text" name="1_exp" size="10" maxlength="8" value="{{1_exp}}" /></td></tr>
<tr><td width="20%">$class1name HP:</td><td><input type="text" name="1_hp" size="5" maxlength="5" value="{{1_hp}}" /></td></tr>
<tr><td width="20%">$class1name MP:</td><td><input type="text" name="1_mp" size="5" maxlength="5" value="{{1_mp}}" /></td></tr>
<tr><td width="20%">$class1name TP:</td><td><input type="text" name="1_tp" size="5" maxlength="5" value="{{1_tp}}" /></td></tr>
<tr><td width="20%">$class1name Strength:</td><td><input type="text" name="1_strength" size="5" maxlength="5" value="{{1_strength}}" /></td></tr>
<tr><td width="20%">$class1name Dexterity:</td><td><input type="text" name="1_dexterity" size="5" maxlength="5" value="{{1_dexterity}}" /></td></tr>
<tr><td width="20%">$class1name Spells:</td><td><input type="text" name="1_spells" size="5" maxlength="3" value="{{1_spells}}" /></td></tr>
<tr><td width="20%">$class1name Experience:</td><td><input type="text" name="one_exp" size="10" maxlength="8" value="{{1_exp}}" /></td></tr>
<tr><td width="20%">$class1name HP:</td><td><input type="text" name="one_hp" size="5" maxlength="5" value="{{1_hp}}" /></td></tr>
<tr><td width="20%">$class1name MP:</td><td><input type="text" name="one_mp" size="5" maxlength="5" value="{{1_mp}}" /></td></tr>
<tr><td width="20%">$class1name TP:</td><td><input type="text" name="one_tp" size="5" maxlength="5" value="{{1_tp}}" /></td></tr>
<tr><td width="20%">$class1name Strength:</td><td><input type="text" name="one_strength" size="5" maxlength="5" value="{{1_strength}}" /></td></tr>
<tr><td width="20%">$class1name Dexterity:</td><td><input type="text" name="one_dexterity" size="5" maxlength="5" value="{{1_dexterity}}" /></td></tr>
<tr><td width="20%">$class1name Spells:</td><td><input type="text" name="one_spells" size="5" maxlength="3" value="{{1_spells}}" /></td></tr>
<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>
<tr><td width="20%">$class2name Experience:</td><td><input type="text" name="2_exp" size="10" maxlength="8" value="{{2_exp}}" /></td></tr>
<tr><td width="20%">$class2name HP:</td><td><input type="text" name="2_hp" size="5" maxlength="5" value="{{2_hp}}" /></td></tr>
<tr><td width="20%">$class2name MP:</td><td><input type="text" name="2_mp" size="5" maxlength="5" value="{{2_mp}}" /></td></tr>
<tr><td width="20%">$class2name TP:</td><td><input type="text" name="2_tp" size="5" maxlength="5" value="{{2_tp}}" /></td></tr>
<tr><td width="20%">$class2name Strength:</td><td><input type="text" name="2_strength" size="5" maxlength="5" value="{{2_strength}}" /></td></tr>
<tr><td width="20%">$class2name Dexterity:</td><td><input type="text" name="2_dexterity" size="5" maxlength="5" value="{{2_dexterity}}" /></td></tr>
<tr><td width="20%">$class2name Spells:</td><td><input type="text" name="2_spells" size="5" maxlength="3" value="{{2_spells}}" /></td></tr>
<tr><td width="20%">$class2name Experience:</td><td><input type="text" name="two_exp" size="10" maxlength="8" value="{{2_exp}}" /></td></tr>
<tr><td width="20%">$class2name HP:</td><td><input type="text" name="two_hp" size="5" maxlength="5" value="{{2_hp}}" /></td></tr>
<tr><td width="20%">$class2name MP:</td><td><input type="text" name="two_mp" size="5" maxlength="5" value="{{2_mp}}" /></td></tr>
<tr><td width="20%">$class2name TP:</td><td><input type="text" name="two_tp" size="5" maxlength="5" value="{{2_tp}}" /></td></tr>
<tr><td width="20%">$class2name Strength:</td><td><input type="text" name="two_strength" size="5" maxlength="5" value="{{2_strength}}" /></td></tr>
<tr><td width="20%">$class2name Dexterity:</td><td><input type="text" name="two_dexterity" size="5" maxlength="5" value="{{2_dexterity}}" /></td></tr>
<tr><td width="20%">$class2name Spells:</td><td><input type="text" name="two_spells" size="5" maxlength="3" value="{{2_spells}}" /></td></tr>
<tr><td colspan="2" style="background-color:#cccccc;">&nbsp;</td></tr>
<tr><td width="20%">$class3name Experience:</td><td><input type="text" name="3_exp" size="10" maxlength="8" value="{{3_exp}}" /></td></tr>
<tr><td width="20%">$class3name HP:</td><td><input type="text" name="3_hp" size="5" maxlength="5" value="{{3_hp}}" /></td></tr>
<tr><td width="20%">$class3name MP:</td><td><input type="text" name="3_mp" size="5" maxlength="5" value="{{3_mp}}" /></td></tr>
<tr><td width="20%">$class3name TP:</td><td><input type="text" name="3_tp" size="5" maxlength="5" value="{{3_tp}}" /></td></tr>
<tr><td width="20%">$class3name Strength:</td><td><input type="text" name="3_strength" size="5" maxlength="5" value="{{3_strength}}" /></td></tr>
<tr><td width="20%">$class3name Dexterity:</td><td><input type="text" name="3_dexterity" size="5" maxlength="5" value="{{3_dexterity}}" /></td></tr>
<tr><td width="20%">$class3name Spells:</td><td><input type="text" name="3_spells" size="5" maxlength="3" value="{{3_spells}}" /></td></tr>
<tr><td width="20%">$class3name Experience:</td><td><input type="text" name="three_exp" size="10" maxlength="8" value="{{3_exp}}" /></td></tr>
<tr><td width="20%">$class3name HP:</td><td><input type="text" name="three_hp" size="5" maxlength="5" value="{{3_hp}}" /></td></tr>
<tr><td width="20%">$class3name MP:</td><td><input type="text" name="three_mp" size="5" maxlength="5" value="{{3_mp}}" /></td></tr>
<tr><td width="20%">$class3name TP:</td><td><input type="text" name="three_tp" size="5" maxlength="5" value="{{3_tp}}" /></td></tr>
<tr><td width="20%">$class3name Strength:</td><td><input type="text" name="three_strength" size="5" maxlength="5" value="{{3_strength}}" /></td></tr>
<tr><td width="20%">$class3name Dexterity:</td><td><input type="text" name="three_dexterity" size="5" maxlength="5" value="{{3_dexterity}}" /></td></tr>
<tr><td width="20%">$class3name Spells:</td><td><input type="text" name="three_spells" size="5" maxlength="3" value="{{3_spells}}" /></td></tr>
</table>
<input type="submit" name="submit" value="Submit" /> <input type="reset" name="reset" value="Reset" />
</form>

View File

@ -15,7 +15,7 @@ function checkcookies() {
if (mysql_num_rows($query) != 1) { die("Invalid cookie data (Error 1). Please clear cookies and log in again."); }
$row = mysql_fetch_array($query);
if ($row["id"] != $theuser[0]) { die("Invalid cookie data (Error 2). Please clear cookies and log in again."); }
if (md5($row["password"] . "--" . $dbsettings["secretword"]) != $theuser[2]) { die("Invalid cookie data (Error 3). Please clear cookies and log in again."); }
if (md5($row["password"] . "--" . $dbsettings["secretword"]) !== $theuser[2]) { die("Invalid cookie data (Error 3). Please clear cookies and log in again."); }
// If we've gotten this far, cookie should be valid, so write a new one.
$newcookie = implode(" ",$theuser);

View File

@ -3,6 +3,7 @@
function fight() { // One big long function that determines the outcome of the fight.
global $userrow, $controlrow;
if ($userrow["currentaction"] != "Fighting") { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
$pagearray = array();
$playerisdead = 0;
@ -189,7 +190,7 @@ function fight() { // One big long function that determines the outcome of the f
foreach($userspells as $a => $b) {
if ($b == $pickedspell) { $spell = true; }
}
if ($pickedspell != true) { display("You have not yet learned this spell. Please go back and try again.", "Error"); die(); }
if ($spell != true) { display("You have not yet learned this spell. Please go back and try again.", "Error"); die(); }
if ($userrow["currentmp"] < $newspellrow["mp"]) { display("You do not have enough Magic Points to cast this spell. Please go back and try again.", "Error"); die(); }
if ($newspellrow["type"] == 1) { // Heal spell.

View File

@ -8,7 +8,12 @@ if ($userrow == false) { display("The forum is for registered players only.", "F
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery);
// Close game.
if ($controlrow["gameopen"] == 0) { display("The game is currently closed for maintanence. Please check back later.","Game Closed"); die(); }
// Force verify if the user isn't verified yet.
if ($controlrow["verifyemail"] == 1 && $userrow["verify"] != 1) { header("Location: users.php?do=verify"); die(); }
// Block user if he/she has been banned.
if ($userrow["authlevel"] == 2) { die("Your account has been blocked. Please try back later."); }
if (isset($_GET["do"])) {
$do = explode(":",$_GET["do"]);

View File

@ -312,12 +312,12 @@ the heal spell. These may not be used during fights, however - you have to use t
Please visit the following sites for more information:<br />
<a href="http://www.se7enet.com" target="_new">Se7enet</a> (Jamin's homepage)<br />
<a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a> (official DK homepage)<br />
<a href="http://se7enet.com/eve" target="_new">Forums</a> (official DK forums)<br /><br />
All original coding and graphics for the <i>Dragon Knight</i> game engine are &copy; 2003-2004 by Jamin Seven.<br /><br />
<a href="http://se7enet.com/forums" target="_new">Forums</a> (official DK forums)<br /><br />
All original coding and graphics for the <i>Dragon Knight</i> game engine are &copy; 2003-2005 by Jamin Seven.<br /><br />
[ <a href="#top">Top</a> ]
<br /><br />
<table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table>
</body>
</html>

View File

@ -149,7 +149,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
</table>
<br />
<table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table>
</body>
</html>

View File

@ -135,7 +135,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
Experience points listed are total values up until that point. All other values are just the new amount that you gain for each level.
<br /><br />
<table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table>
</body>
</html>

View File

@ -90,7 +90,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
</table>
<br />
<table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table>
</body>
</html>

View File

@ -100,7 +100,7 @@ while ($itemsrow = mysql_fetch_array($itemsquery)) {
<li /><b>+Defense</b> spells reduce the total damage you take from the monster by X percent until the end of each fight.
</ul>
<table class="copyright" width="100%"><tr>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2004 by renderse7en</td>
<td width="50%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="50%" align="center">&copy; 2003-2006 by renderse7en</td>
</tr></table>
</body>
</html>

View File

@ -253,7 +253,7 @@ function babblebox() {
global $userrow;
if (isset($_POST["submit"])) {
if (isset($_POST["babble"])) {
$safecontent = makesafe($_POST["babble"]);
if ($safecontent == "" || $safecontent == " ") { //blank post. do nothing.
} else { $insert = doquery("INSERT INTO {{table}} SET id='',posttime=NOW(),author='".$userrow["charname"]."',babble='$safecontent'", "babble"); }

47
lib.php
View File

@ -2,9 +2,52 @@
$starttime = getmicrotime();
$numqueries = 0;
$version = "1.1.5";
$version = "1.1.11";
$build = "";
// Handling for servers with magic_quotes turned on.
// Example from php.net.
if (get_magic_quotes_gpc()) {
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
$_POST = array_map('addslashes_deep', $_POST);
$_POST = array_map('html_deep', $_POST);
$_GET = array_map('addslashes_deep', $_GET);
$_GET = array_map('html_deep', $_GET);
$_COOKIE = array_map('addslashes_deep', $_COOKIE);
$_COOKIE = array_map('html_deep', $_COOKIE);
function stripslashes_deep($value) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
function addslashes_deep($value) {
$value = is_array($value) ?
array_map('addslashes_deep', $value) :
addslashes($value);
return $value;
}
function html_deep($value) {
$value = is_array($value) ?
array_map('html_deep', $value) :
htmlspecialchars($value);
return $value;
}
function opendb() { // Open database connection.
include('config.php');
@ -159,7 +202,7 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
if ($userrow["longitude"] < 0) { $userrow["longitude"] = $userrow["longitude"] * -1 . "W"; } else { $userrow["longitude"] .= "E"; }
$userrow["experience"] = number_format($userrow["experience"]);
$userrow["gold"] = number_format($userrow["gold"]);
if ($userrow["authlevel"] == 1) { $userrow["adminlink"] = "<a href=\"admin/admin.php\">Admin</a><br />"; } else { $userrow["adminlink"] = ""; }
if ($userrow["authlevel"] == 1) { $userrow["adminlink"] = "<a href=\"admin.php\">Admin</a><br />"; } else { $userrow["adminlink"] = ""; }
// HP/MP/TP bars.
$stathp = ceil($userrow["currenthp"] / $userrow["maxhp"] * 100);

View File

@ -54,7 +54,7 @@ a:hover {
<b><u>DK Administration</u></b><br /><br />
<b>Links:</b><br />
<a href="admin.php">Admin Home</a><br />
<a href="../index.php">Game Home</a><br /><br />
<a href="index.php">Game Home</a><br /><br />
<b>Primary Data:</b><br />
<a href="admin.php?do=main">Main Settings</a><br />
<a href="admin.php?do=news">Add News Post</a><br />
@ -71,7 +71,7 @@ a:hover {
</td></tr></table>
<br />
<table class="copyright" width="90%"><tr>
<td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td>
<td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003-2006 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td>
</center></body>
</html>
THEVERYENDOFYOU;

View File

@ -82,7 +82,7 @@ winpops=window.open(popurl,"","width=520,height=520,scrollbars")
</tr>
</table><br />
<table class="copyright" width="90%"><tr>
<td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003-2004 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td>
<td width="25%" align="center">Powered by <a href="http://dragon.se7enet.com/dev.php" target="_new">Dragon Knight</a></td><td width="25%" align="center">&copy; 2003-2006 by renderse7en</td><td width="25%" align="center">{{totaltime}} Seconds, {{numqueries}} Queries</td><td width="25%" align="center">Version {{version}} {{build}}</td>
</tr></table>
</center></body>
</html>

View File

@ -5,7 +5,7 @@ function inn() { // Staying at the inn resets all expendable stats to their max
global $userrow, $numqueries;
$townquery = doquery("SELECT name,innprice FROM {{table}} WHERE latitude='".$userrow["latitude"]."' AND longitude='".$userrow["longitude"]."' LIMIT 1", "towns");
if (mysql_num_rows($townquery) != 1) { display("Cheat attempt detected.<br /><br />Get a life, loser."); }
if (mysql_num_rows($townquery) != 1) { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
$townrow = mysql_fetch_array($townquery);
if ($userrow["gold"] < $townrow["innprice"]) { display("You do not have enough gold to stay at this Inn tonight.<br /><br />You may return to <a href=\"index.php\">town</a>, or use the direction buttons on the left to start exploring.", "Inn"); die(); }
@ -41,7 +41,7 @@ function buy() { // Displays a list of available items for purchase.
global $userrow, $numqueries;
$townquery = doquery("SELECT name,itemslist FROM {{table}} WHERE latitude='".$userrow["latitude"]."' AND longitude='".$userrow["longitude"]."' LIMIT 1", "towns");
if (mysql_num_rows($townquery) != 1) { display("Cheat attempt detected.<br /><br />Get a life, loser."); }
if (mysql_num_rows($townquery) != 1) { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
$townrow = mysql_fetch_array($townquery);
$itemslist = explode(",",$townrow["itemslist"]);
@ -79,6 +79,12 @@ function buy2($id) { // Confirm user's intent to purchase item.
global $userrow, $numqueries;
$townquery = doquery("SELECT name,itemslist FROM {{table}} WHERE latitude='".$userrow["latitude"]."' AND longitude='".$userrow["longitude"]."' LIMIT 1", "towns");
if (mysql_num_rows($townquery) != 1) { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
$townrow = mysql_fetch_array($townquery);
$townitems = explode(",",$townrow["itemslist"]);
if (! in_array($id, $townitems)) { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
$itemsquery = doquery("SELECT * FROM {{table}} WHERE id='$id' LIMIT 1", "items");
$itemsrow = mysql_fetch_array($itemsquery);
@ -121,6 +127,12 @@ function buy3($id) { // Update user profile with new item & stats.
global $userrow;
$townquery = doquery("SELECT name,itemslist FROM {{table}} WHERE latitude='".$userrow["latitude"]."' AND longitude='".$userrow["longitude"]."' LIMIT 1", "towns");
if (mysql_num_rows($townquery) != 1) { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
$townrow = mysql_fetch_array($townquery);
$townitems = explode(",",$townrow["itemslist"]);
if (! in_array($id, $townitems)) { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
$itemsquery = doquery("SELECT * FROM {{table}} WHERE id='$id' LIMIT 1", "items");
$itemsrow = mysql_fetch_array($itemsquery);
@ -343,7 +355,9 @@ function travelto($id, $usepoints=true) { // Send a user to a town from the Trav
if ($usepoints==true) {
if ($userrow["currenttp"] < $townrow["travelpoints"]) {
display("You do not have enough TP to travel here. Please go back and try again when you get more TP.", "Travel To"); die();
}
}
$mapped = explode(",",$userrow["towns"]);
if (!in_array($id, $mapped)) { display("Cheat attempt detected.<br /><br />Get a life, loser.", "Error"); }
}
if (($userrow["latitude"] == $townrow["latitude"]) && ($userrow["longitude"] == $townrow["longitude"])) { display("You are already in this town. <a href=\"index.php\">Click here</a> to return to the main town screen.", "Travel To"); die(); }

View File

@ -29,6 +29,12 @@ function register() { // Register a new account.
if (preg_match("/[^A-z0-9_\-]/", $username)==1) { $errors++; $errorlist .= "Username must be alphanumeric.<br />"; } // Thanks to "Carlos Pires" from php.net!
$usernamequery = doquery("SELECT username FROM {{table}} WHERE username='$username' LIMIT 1","users");
if (mysql_num_rows($usernamequery) > 0) { $errors++; $errorlist .= "Username already taken - unique username required.<br />"; }
// Process charname.
if ($charname == "") { $errors++; $errorlist .= "Character Name field is required.<br />"; }
if (preg_match("/[^A-z0-9_\-]/", $charname)==1) { $errors++; $errorlist .= "Character Name must be alphanumeric.<br />"; } // Thanks to "Carlos Pires" from php.net!
$characternamequery = doquery("SELECT charname FROM {{table}} WHERE charname='$charname' LIMIT 1","users");
if (mysql_num_rows($characternamequery) > 0) { $errors++; $errorlist .= "Character Name already taken - unique Character Name required.<br />"; }
// Process email address.
if ($email1 == "" || $email2 == "") { $errors++; $errorlist .= "Email fields are required.<br />"; }
@ -38,6 +44,7 @@ function register() { // Register a new account.
if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.<br />"; }
// Process password.
if (trim($password1) == "") { $errors++; $errorlist .= "Password field is required.<br />"; }
if (preg_match("/[^A-z0-9_\-]/", $password1)==1) { $errors++; $errorlist .= "Password must be alphanumeric.<br />"; } // Thanks to "Carlos Pires" from php.net!
if ($password1 != $password2) { $errors++; $errorlist .= "Passwords don't match.<br />"; }
$password = md5($password1);