Compare commits

..

No commits in common. "169e6179892143e71a91446e80edd6efa3e76bac" and "3bc53c1a31e56ebba96ebed4b504dbee7a68819f" have entirely different histories.

25 changed files with 352 additions and 698 deletions

View File

@ -1,6 +0,0 @@
debug = true
smtp_host = smtp.foobar.com
smtp_port = 546
smtp_encryption = tls
smtp_username = foo
smtp_password = bar123

2
.gitignore vendored
View File

@ -1,5 +1,3 @@
.installed .installed
database.db database.db
database.db-* database.db-*
.env
logs

View File

@ -8,11 +8,7 @@ html {
} }
body { body {
background-image: url('/img/backgrounds/classic.jpg'); background-image: url('/img/background.jpg');
&.skin-1 {
background-image: url('/img/backgrounds/snowstorm.jpg');
}
} }
div#game-container { div#game-container {
@ -183,19 +179,3 @@ div.town-content {
div.town-content div.options, div.town-content div.news { div.town-content div.options, div.town-content div.news {
grid-column: span 2; grid-column: span 2;
} }
div.stat-table div.stat-row {
display: flex;
justify-content: space-around;
gap: 0.5rem;
}
div.stat-bar {
position: relative;
}
div.stat-bar > div {
width: 100%;
position: absolute;
bottom: 0;
}

View File

Before

Width:  |  Height:  |  Size: 6.1 KiB

After

Width:  |  Height:  |  Size: 6.1 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 386 KiB

View File

@ -7,18 +7,20 @@ require_once '../src/bootstrap.php';
$r = new Router; $r = new Router;
$r->get('/', function() { $r->get('/', function() {
if (user()->currentaction === "In Town") { global $userrow;
if ($userrow["currentaction"] == "In Town") {
$page = dotown(); $page = dotown();
$title = "In Town"; $title = "In Town";
} elseif (user()->currentaction === "Exploring") { } elseif ($userrow["currentaction"] == "Exploring") {
$page = doexplore(); $page = doexplore();
$title = "Exploring"; $title = "Exploring";
} elseif (user()->currentaction === "Fighting") { } elseif ($userrow["currentaction"] == "Fighting") {
redirect('/fight'); redirect('/fight');
} }
display($page, $title); display($page, $title);
}); })->middleware('auth_only');
$r->get('/ninja', function() { $r->get('/ninja', function() {
exit('NINJA! 🥷'); exit('NINJA! 🥷');
@ -49,13 +51,15 @@ $l['handler'](...$l['params'] ?? []);
function donothing() function donothing()
{ {
if (user()->currentaction == "In Town") { global $userrow;
if ($userrow["currentaction"] == "In Town") {
$page = dotown(); $page = dotown();
$title = "In Town"; $title = "In Town";
} elseif (user()->currentaction == "Exploring") { } elseif ($userrow["currentaction"] == "Exploring") {
$page = doexplore(); $page = doexplore();
$title = "Exploring"; $title = "Exploring";
} elseif (user()->currentaction == "Fighting") { } elseif ($userrow["currentaction"] == "Fighting") {
redirect('/fight'); redirect('/fight');
} }
@ -67,9 +71,9 @@ function donothing()
*/ */
function dotown() function dotown()
{ {
global $controlrow; global $userrow, $controlrow;
$townrow = get_town_by_xy(user()->longitude, user()->latitude); $townrow = get_town_by_xy($userrow['longitude'], $userrow['latitude']);
if ($townrow === false) display("There is an error with your user account, or with the town data. Please try again.","Error"); if ($townrow === false) display("There is an error with your user account, or with the town data. Please try again.","Error");
$townrow["news"] = ""; $townrow["news"] = "";
@ -85,12 +89,7 @@ function dotown()
// Who's Online. Currently just members. Guests maybe later. // Who's Online. Currently just members. Guests maybe later.
if ($controlrow["showonline"] == 1) { if ($controlrow["showonline"] == 1) {
$onlinequery = db()->query(<<<SQL $onlinequery = db()->query("SELECT id, username FROM users WHERE strftime('%s', onlinetime) >= strftime('%s', 'now') - 600 ORDER BY username");
SELECT id, username
FROM users
WHERE onlinetime >= datetime('now', '-600 seconds')
ORDER BY username;
SQL);
$online_count = 0; $online_count = 0;
$online_rows = []; $online_rows = [];
@ -115,11 +114,6 @@ function dotown()
HTML; HTML;
} }
$u = User::find(1);
$u->gold += 100;
$u->save();
var_dump($u->gold);
return render('towns', ['town' => $townrow]); return render('towns', ['town' => $townrow]);
} }
@ -146,7 +140,7 @@ function show_character_info(int $id = 0): void
{ {
global $controlrow, $userrow; global $controlrow, $userrow;
$userrow = ($id === 0) ? $userrow : get_user($id); $userrow = ($id === 0) ? $userrow : get_user_by_id($id);
if ($userrow === false) exit('Failed to show info for user ID '.$id); if ($userrow === false) exit('Failed to show info for user ID '.$id);
$levelrow = db()->query("SELECT `{$userrow["charclass"]}_exp` FROM levels WHERE id=? LIMIT 1;", [$userrow['level'] + 1])->fetchArray(SQLITE3_ASSOC); $levelrow = db()->query("SELECT `{$userrow["charclass"]}_exp` FROM levels WHERE id=? LIMIT 1;", [$userrow['level'] + 1])->fetchArray(SQLITE3_ASSOC);
@ -172,10 +166,12 @@ function show_character_info(int $id = 0): void
function showmap() function showmap()
{ {
global $userrow;
$pos = sprintf( $pos = sprintf(
'<div style="position: absolute; width: 5px; height: 5px; border-radius: 1000px; border: solid 1px black; background-color: red; left: %dpx; top: %dpx;"></div>', '<div style="position: absolute; width: 5px; height: 5px; border-radius: 1000px; border: solid 1px black; background-color: red; left: %dpx; top: %dpx;"></div>',
round(258 + user()->longitude * (500 / 500) - 3), round(258 + $userrow['longitude'] * (500 / 500) - 3),
round(258 - user()->latitude * (500 / 500) - 3) round(258 - $userrow['latitude'] * (500 / 500) - 3)
); );
echo render('minimal', [ echo render('minimal', [
@ -190,11 +186,13 @@ function showmap()
*/ */
function babblebox() function babblebox()
{ {
global $userrow;
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$safecontent = make_safe($_POST["babble"]); $safecontent = make_safe($_POST["babble"]);
if (!empty($safecontent)) { if (!empty($safecontent)) {
db()->query('INSERT INTO babble (posttime, author, babble) VALUES (CURRENT_TIMESTAMP, ?, ?);', db()->query('INSERT INTO babble (posttime, author, babble) VALUES (CURRENT_TIMESTAMP, ?, ?);',
[user()->username, $safecontent]); [$userrow['username'], $safecontent]);
} }
redirect('/babblebox'); redirect('/babblebox');
} }

View File

@ -8,7 +8,8 @@ use Router;
function register_routes(Router $r): Router function register_routes(Router $r): Router
{ {
if (user('authlevel') === 1) { global $userrow;
if (isset($userrow) && $userrow !== false && $userrow['authlevel'] === 1) {
$r->get('/admin', 'Admin\donothing'); $r->get('/admin', 'Admin\donothing');
$r->form('/admin/main', 'Admin\primary'); $r->form('/admin/main', 'Admin\primary');

View File

@ -1,56 +0,0 @@
<?php
// explore.php :: Handles all map exploring, chances to fight, etc.
function move() {
global $controlrow;
// Early exit if fighting
if (user()->currentaction == 'Fighting') redirect('/fight');
// Validate direction
$form = validate($_POST, ['direction' => ['in:north,west,east,south']]);
if (!$form['valid']) display(ul_from_validate_errors($form['errors']), 'Move Error');
// Current game state
$game_size = $controlrow['gamesize'];
$latitude = user('latitude');
$longitude = user('longitude');
$direction = $form['data']['direction'];
// Calculate new coordinates with boundary checks
switch ($direction) {
case 'north':
$latitude = min($latitude + 1, $game_size);
break;
case 'south':
$latitude = max($latitude - 1, -$game_size);
break;
case 'east':
$longitude = min($longitude + 1, $game_size);
break;
case 'west':
$longitude = max($longitude - 1, -$game_size);
break;
}
// Check for town
$town = get_town_by_xy($longitude, $latitude);
if ($town !== false) {
Towns\travelto($town['id'], false);
return;
}
// Determine action (1 in 5 chance of fighting)
$action = (rand(1, 5) === 1)
? "currentaction='Fighting', currentfight='1',"
: "currentaction='Exploring',";
// Update user's position
db()->query(
"UPDATE users SET $action latitude = ?, longitude = ?, dropcode = 0 WHERE id = ?;",
[$latitude, $longitude, user()->id]
);
redirect('/');
}

View File

@ -41,8 +41,6 @@ function first()
*/ */
function second() function second()
{ {
if (file_exists('../database.db')) unlink('../database.db');
echo "<html><head><title>Dragon Knight Installation</title></head><body><b>Dragon Knight Installation: Page Two</b><br><br>"; echo "<html><head><title>Dragon Knight Installation</title></head><body><b>Dragon Knight Installation: Page Two</b><br><br>";
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
@ -54,7 +52,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Babble', 'create'); echo $query === true ? 'Babble Box table created.<br>' : 'Error creating Babble Box table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE control ( CREATE TABLE control (
@ -74,14 +72,11 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Control', 'create'); echo $query === true ? 'Control table created.<br>' : 'Error creating Control table.';
$query = db()->query("INSERT INTO control VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", [ $query = db()->exec("INSERT INTO control VALUES (1, 'Dragon Knight', 250, 1, '', '', 'Mage', 'Warrior', 'Paladin', 1, 1, 1, 1);");
1, 'Dragon Knight', 250, 1, $_SERVER['SERVER_NAME'], 'noreply@'.$_SERVER['SERVER_NAME'],
'Mage', 'Warrior', 'Paladin', 1, 1, 1, 1
]);
echo table_status_msg($query !== false, 'Control', 'populate'); echo $query === true ? 'Control table populated.<br>' : 'Error populating Control table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE drops ( CREATE TABLE drops (
@ -94,7 +89,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Drops', 'create'); echo $query == true ? 'Drops table created.<br>' : 'Error creating Drops table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
INSERT INTO drops VALUES INSERT INTO drops VALUES
@ -132,7 +127,7 @@ function second()
(32, 'Fortune Drop', 5, 1, 'goldbonus,10', 'X'); (32, 'Fortune Drop', 5, 1, 'goldbonus,10', 'X');
SQL); SQL);
echo table_status_msg($query === true, 'Drops', 'populate'); echo $query === true ? 'Drops table populated.<br>' : 'Error populating Drops table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE forum ( CREATE TABLE forum (
@ -147,7 +142,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Forum', 'create'); echo $query === true ? 'Forum table created.<br>' : 'Error creating Forum table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE items ( CREATE TABLE items (
@ -160,7 +155,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Items', 'create'); echo $query === true ? 'Items table created.<br>' : 'Error creating Items table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
INSERT INTO items VALUES INSERT INTO items VALUES
@ -199,7 +194,7 @@ function second()
(33, 3, 'Destiny Aegis', 25000, 100, 'maxhp,50'); (33, 3, 'Destiny Aegis', 25000, 100, 'maxhp,50');
SQL); SQL);
echo table_status_msg($query === true, 'Drops', 'populate'); echo $query === true ? 'Items table populated.<br>' : 'Error populating Items table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE levels ( CREATE TABLE levels (
@ -228,7 +223,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Levels', 'create'); echo $query === true ? 'Levels table created.<br>' : 'Error creating Levels table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
INSERT INTO levels VALUES INSERT INTO levels VALUES
@ -334,7 +329,7 @@ function second()
(100, 16777215, 0, 0, 0, 0, 0, 0, 16777215, 0, 0, 0, 0, 0, 0, 16777215, 0, 0, 0, 0, 0, 0); (100, 16777215, 0, 0, 0, 0, 0, 0, 16777215, 0, 0, 0, 0, 0, 0, 16777215, 0, 0, 0, 0, 0, 0);
SQL); SQL);
echo table_status_msg($query === true, 'Levels', 'populate'); echo $query === true ? 'Levels table populated.<br>' : 'Error populating Levels table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE monsters ( CREATE TABLE monsters (
@ -350,7 +345,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Monsters', 'create'); echo $query === true ? 'Monsters table created.<br>' : 'Error creating Monsters table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
INSERT INTO monsters VALUES INSERT INTO monsters VALUES
@ -507,7 +502,7 @@ function second()
(151, 'Lucifuge', 600, 600, 400, 50, 10000, 10000, 2); (151, 'Lucifuge', 600, 600, 400, 50, 10000, 10000, 2);
SQL); SQL);
echo table_status_msg($query === true, 'Monsters', 'populate'); echo $query === true ? 'Monsters table populated.<br>' : 'Error populating Monsters table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE news ( CREATE TABLE news (
@ -518,11 +513,11 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'News', 'create'); echo $query === true ? 'News table created.<br>' : 'Error creating News table.';
$query = db()->exec("INSERT INTO news (content) VALUES ('This is the first news post. Please use the admin control panel to add another one and make this one go away.');"); $query = db()->exec("INSERT INTO news (content) VALUES ('This is the first news post. Please use the admin control panel to add another one and make this one go away.');");
echo table_status_msg($query === true, 'News', 'populate'); echo $query === true ? 'News table populated.<br>' : 'Error populating News table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE spells ( CREATE TABLE spells (
@ -534,7 +529,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Spells', 'create'); echo $query === true ? 'Spells table created.<br>' : 'Error creating Spells table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
INSERT INTO spells VALUES INSERT INTO spells VALUES
@ -559,7 +554,7 @@ function second()
(19, 'Barrier', 30, 50, 5); (19, 'Barrier', 30, 50, 5);
SQL); SQL);
echo table_status_msg($query === true, 'Spells', 'populate'); echo $query === true ? 'Spells table populated.<br>' : 'Error populating Spells table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE towns ( CREATE TABLE towns (
@ -574,7 +569,7 @@ function second()
); );
SQL); SQL);
echo table_status_msg($query === true, 'Towns', 'create'); echo $query === true ? 'Towns table created.<br>' : 'Error creating Towns table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
INSERT INTO towns VALUES INSERT INTO towns VALUES
@ -588,7 +583,7 @@ function second()
(8, 'Endworld', -250, -250, 125, 9000, 160, '16,27,33'); (8, 'Endworld', -250, -250, 125, 9000, 160, '16,27,33');
SQL); SQL);
echo table_status_msg($query === true, 'Towns', 'populate'); echo $query === true ? 'Towns table populated.<br>' : 'Error populating Towns table.';
$query = db()->exec(<<<SQL $query = db()->exec(<<<SQL
CREATE TABLE users ( CREATE TABLE users (
@ -640,12 +635,11 @@ function second()
`slot3name` TEXT NOT NULL default 'None', `slot3name` TEXT NOT NULL default 'None',
`dropcode` INTEGER NOT NULL default 0, `dropcode` INTEGER NOT NULL default 0,
`spells` TEXT NOT NULL default '0', `spells` TEXT NOT NULL default '0',
`towns` TEXT NOT NULL default '0', `towns` TEXT NOT NULL default '0'
`game_skin` INTEGER NOT NULL DEFAULT 0
); );
SQL); SQL);
echo table_status_msg($query === true, 'Users', 'create'); echo $query === true ? 'Users table created.<br>' : 'Error creating Users table.';
$time = round((microtime(true) - START), 4); $time = round((microtime(true) - START), 4);
echo "<br>Database setup complete in $time seconds.<br><br><a href=\"/install/third\">Click here to continue with installation.</a></body></html>"; echo "<br>Database setup complete in $time seconds.<br><br><a href=\"/install/third\">Click here to continue with installation.</a></body></html>";
@ -697,7 +691,7 @@ function fourth()
$form = $form['data']; $form = $form['data'];
if (db()->query( if (db()->query(
"INSERT INTO users (username, password, email, verify, charclass, authlevel) VALUES (?, ?, ?, 'g2g', ?, 1)", "INSERT INTO users (username, password, email, verify, charclass, authlevel) VALUES (?, ?, ?, 1, ?, 1)",
[$form['username'], password_hash($form['password'], PASSWORD_ARGON2ID), $form['email'], $form['charclass']] [$form['username'], password_hash($form['password'], PASSWORD_ARGON2ID), $form['email'], $form['charclass']]
) === false) { ) === false) {
exit("Failed to create user."); exit("Failed to create user.");
@ -748,17 +742,3 @@ function fifth()
</html> </html>
HTML; HTML;
} }
function table_status_msg(bool $condition, string $table_name, string $verb): string
{
$verb = match($verb) {
'create' => ['created', 'creating'],
'populate' => ['populated', 'populating']
};
if ($condition === false) {
return "Error {$verb[1]} $table_name table. (".db()->lastErrorMsg().")<br>";
}
return "$table_name table {$verb[0]}.<br>";
}

View File

@ -25,18 +25,20 @@ function register_routes(Router $r): Router
*/ */
function inn() function inn()
{ {
$townrow = get_town_by_xy(user()->longitude, user()->latitude); global $userrow;
$townrow = get_town_by_xy($userrow["longitude"], $userrow["latitude"]);
if ($townrow === false) { display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); } if ($townrow === false) { display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); }
if (user()->gold < $townrow["innprice"]) { if ($userrow["gold"] < $townrow["innprice"]) {
display("You do not have enough gold to stay at this Inn tonight.<br><br>You may return to <a href=\"/\">town</a>, or use the direction buttons on the left to start exploring.", "Inn"); display("You do not have enough gold to stay at this Inn tonight.<br><br>You may return to <a href=\"/\">town</a>, or use the direction buttons on the left to start exploring.", "Inn");
} }
if (isset($_POST["submit"])) { if (isset($_POST["submit"])) {
$newgold = user()->gold - $townrow["innprice"]; $newgold = $userrow["gold"] - $townrow["innprice"];
db()->query( db()->query(
'UPDATE users SET gold=?, currenthp=?, currentmp=?, currenttp=? WHERE id=?', 'UPDATE users SET gold=?, currenthp=?, currentmp=?, currenttp=? WHERE id=?',
[$newgold, user()->maxhp, user()->maxmp, user()->maxtp, user()->id [$newgold, $userrow['maxhp'], $userrow['maxmp'], $userrow['maxtp'], $userrow['id']
]); ]);
$title = "Inn"; $title = "Inn";
$page = "You wake up feeling refreshed and ready for action.<br><br>You may return to <a href=\"/\">town</a>, or use the direction buttons on the left to start exploring."; $page = "You wake up feeling refreshed and ready for action.<br><br>You may return to <a href=\"/\">town</a>, or use the direction buttons on the left to start exploring.";
@ -61,7 +63,9 @@ function inn()
*/ */
function buy() function buy()
{ {
$townrow = get_town_by_xy(user()->longitude, user()->latitude); global $userrow;
$townrow = get_town_by_xy($userrow['longitude'], $userrow['latitude']);
if ($townrow === false) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); if ($townrow === false) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error");
$items = db()->query("SELECT * FROM items WHERE id IN ({$townrow["itemslist"]});"); $items = db()->query("SELECT * FROM items WHERE id IN ({$townrow["itemslist"]});");
@ -75,7 +79,7 @@ function buy()
2 => '<img src="/img/icon_armor.gif" alt="armor" /></td>', 2 => '<img src="/img/icon_armor.gif" alt="armor" /></td>',
3 => '<img src="/img/icon_shield.gif" alt="shield" /></td>' 3 => '<img src="/img/icon_shield.gif" alt="shield" /></td>'
}; };
if (user()->weaponid == $itemsrow["id"] || user()->armorid == $itemsrow["id"] || user()->shieldid == $itemsrow["id"]) { if ($userrow["weaponid"] == $itemsrow["id"] || $userrow["armorid"] == $itemsrow["id"] || $userrow["shieldid"] == $itemsrow["id"]) {
$page .= "<td width=\"32%\"><span class=\"light\">".$itemsrow["name"]."</span></td><td width=\"32%\"><span class=\"light\">$attrib ".$itemsrow["attribute"]."</span></td><td width=\"32%\"><span class=\"light\">Already purchased</span></td></tr>\n"; $page .= "<td width=\"32%\"><span class=\"light\">".$itemsrow["name"]."</span></td><td width=\"32%\"><span class=\"light\">$attrib ".$itemsrow["attribute"]."</span></td><td width=\"32%\"><span class=\"light\">Already purchased</span></td></tr>\n";
} else { } else {
if ($itemsrow["special"] != "X") { $specialdot = "<span class=\"highlight\">&#42;</span>"; } else { $specialdot = ""; } if ($itemsrow["special"] != "X") { $specialdot = "<span class=\"highlight\">&#42;</span>"; } else { $specialdot = ""; }
@ -94,19 +98,21 @@ function buy()
*/ */
function buy2($id) function buy2($id)
{ {
$townrow = get_town_by_xy(user()->longitude, user()->latitude); global $userrow;
$townrow = get_town_by_xy($userrow['longitude'], $userrow['latitude']);
if ($townrow === false) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); if ($townrow === false) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error");
$townitems = explode(",", $townrow["itemslist"]); $townitems = explode(",", $townrow["itemslist"]);
if (!in_array($id, $townitems)) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); if (!in_array($id, $townitems)) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error");
$item = get_item($id); $item = get_item($id);
if (user()->gold < $item["buycost"]) { if ($userrow["gold"] < $item["buycost"]) {
display("You do not have enough gold to buy this item.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/buy\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Items"); display("You do not have enough gold to buy this item.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/buy\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Items");
} }
$type_to_row_mapping = [1 => 'weaponid', 2 => 'armorid', 3 => 'shieldid']; $type_to_row_mapping = [1 => 'weaponid', 2 => 'armorid', 3 => 'shieldid'];
$current_equipped_id = user()[$type_to_row_mapping[$item['type']] ?? 0]; $current_equipped_id = $userrow[$type_to_row_mapping[$item['type']] ?? 0];
if ($current_equipped_id != 0) { if ($current_equipped_id != 0) {
$item2 = get_item($current_equipped_id); $item2 = get_item($current_equipped_id);
@ -126,14 +132,16 @@ function buy3($id)
if (isset($_POST["cancel"])) redirect('/'); if (isset($_POST["cancel"])) redirect('/');
$townrow = get_town_by_xy(user()->longitude, user()->latitude); global $userrow;
$townrow = get_town_by_xy($userrow['longitude'], $userrow['latitude']);
if ($townrow === false) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); if ($townrow === false) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error");
$townitems = explode(",", $townrow["itemslist"]); $townitems = explode(",", $townrow["itemslist"]);
if (!in_array($id, $townitems)) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); if (!in_array($id, $townitems)) display("Cheat attempt detected.<br><br>Get a life, loser.", "Error");
$item = get_item($id); $item = get_item($id);
if (user()->gold < $item["buycost"]) { if ($userrow["gold"] < $item["buycost"]) {
display("You do not have enough gold to buy this item.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/buy\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Items"); display("You do not have enough gold to buy this item.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/buy\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Items");
} }
@ -149,7 +157,7 @@ function buy3($id)
} }
// Retrieve current equipped item or create a default // Retrieve current equipped item or create a default
$current_equip_id = user()[$type_mapping[$item["type"]]['id']]; $current_equip_id = $userrow[$type_mapping[$item["type"]]['id']];
if ($current_equip_id != 0) { if ($current_equip_id != 0) {
$item2 = get_item($current_equip_id); $item2 = get_item($current_equip_id);
} else { } else {
@ -167,9 +175,9 @@ function buy3($id)
$toChange = $special[0]; $toChange = $special[0];
$changeAmount = $index === 0 ? $special[1] : -$special[1]; $changeAmount = $index === 0 ? $special[1] : -$special[1];
user()[$toChange] += $changeAmount; $userrow[$toChange] += $changeAmount;
$specialFields[] = "$toChange = ?"; $specialFields[] = "$toChange = ?";
$specialValues[] = user()[$toChange]; $specialValues[] = $userrow[$toChange];
// Adjust attack or defense power // Adjust attack or defense power
if ($toChange == "strength" || $toChange == "dexterity") { if ($toChange == "strength" || $toChange == "dexterity") {
@ -182,15 +190,15 @@ function buy3($id)
// Determine power and type-specific updates // Determine power and type-specific updates
$currentType = $type_mapping[$item["type"]]; $currentType = $type_mapping[$item["type"]];
$powerField = $currentType['power']; $powerField = $currentType['power'];
$newPower = user()[$powerField] + $item["attribute"] - $item2["attribute"]; $newPower = $userrow[$powerField] + $item["attribute"] - $item2["attribute"];
// Calculate new gold with trade-in value // Calculate new gold with trade-in value
$newGold = user()->gold + ceil($item2["buycost"]/2) - $item["buycost"]; $newGold = $userrow["gold"] + ceil($item2["buycost"]/2) - $item["buycost"];
// Ensure current HP/MP/TP don't exceed max values // Ensure current HP/MP/TP don't exceed max values
$newhp = min(user()->currenthp, user()->maxhp); $newhp = min($userrow["currenthp"], $userrow["maxhp"]);
$newmp = min(user()->currentmp, user()->maxmp); $newmp = min($userrow["currentmp"], $userrow["maxmp"]);
$newtp = min(user()->currenttp, user()->maxtp); $newtp = min($userrow["currenttp"], $userrow["maxtp"]);
$updateFields = array_merge( $updateFields = array_merge(
$specialFields, $specialFields,
@ -215,7 +223,7 @@ function buy3($id)
$newhp, $newhp,
$newmp, $newmp,
$newtp, $newtp,
user()->id $userrow["id"]
] ]
); );
@ -230,7 +238,9 @@ function buy3($id)
*/ */
function maps() function maps()
{ {
$mappedtowns = explode(",", user()->towns); global $userrow;
$mappedtowns = explode(",", $userrow["towns"]);
$page = "Buying maps will put the town in your Travel To box, and it won't cost you as many TP to get there.<br><br>\n"; $page = "Buying maps will put the town in your Travel To box, and it won't cost you as many TP to get there.<br><br>\n";
$page .= "Click a town name to purchase its map.<br><br>\n"; $page .= "Click a town name to purchase its map.<br><br>\n";
@ -262,9 +272,11 @@ function maps()
*/ */
function maps2($id) function maps2($id)
{ {
global $userrow;
$townrow = get_town_by_id($id); $townrow = get_town_by_id($id);
if (user()->gold < $townrow["mapprice"]) { if ($userrow["gold"] < $townrow["mapprice"]) {
display("You do not have enough gold to buy this map.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/maps\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Maps"); display("You do not have enough gold to buy this map.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/maps\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Maps");
} }
@ -280,16 +292,18 @@ function maps3($id)
{ {
if (isset($_POST["cancel"])) redirect('/'); if (isset($_POST["cancel"])) redirect('/');
global $userrow;
$townrow = get_town_by_id($id); $townrow = get_town_by_id($id);
if (user()->gold < $townrow["mapprice"]) { if ($userrow["gold"] < $townrow["mapprice"]) {
display("You do not have enough gold to buy this map.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/maps\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Maps"); display("You do not have enough gold to buy this map.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/maps\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Maps");
} }
$mappedtowns = user()->towns.",$id"; $mappedtowns = $userrow["towns"].",$id";
$newgold = user()->gold - $townrow["mapprice"]; $newgold = $userrow["gold"] - $townrow["mapprice"];
db()->query('UPDATE users SET towns=?, gold=? WHERE id=?;', [$mappedtowns, $newgold, user()->id]); db()->query('UPDATE users SET towns=?, gold=? WHERE id=?;', [$mappedtowns, $newgold, $userrow['id']]);
display("Thank you for purchasing this map.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/maps\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Maps"); display("Thank you for purchasing this map.<br><br>You may return to <a href=\"/\">town</a>, <a href=\"/maps\">store</a>, or use the direction buttons on the left to start exploring.", "Buy Maps");
} }
@ -299,30 +313,32 @@ function maps3($id)
*/ */
function travelto($id, bool $usepoints = true) function travelto($id, bool $usepoints = true)
{ {
if (user()->currentaction == "Fighting") redirect('/fight'); global $userrow;
if ($userrow["currentaction"] == "Fighting") redirect('/fight');
$townrow = get_town_by_id($id); $townrow = get_town_by_id($id);
if ($usepoints) { if ($usepoints) {
if (user()->currenttp < $townrow["travelpoints"]) { if ($userrow["currenttp"] < $townrow["travelpoints"]) {
display("You do not have enough TP to travel here. Please go back and try again when you get more TP.", "Travel To"); display("You do not have enough TP to travel here. Please go back and try again when you get more TP.", "Travel To");
} }
$mapped = explode(",",user()->towns); $mapped = explode(",",$userrow["towns"]);
if (!in_array($id, $mapped)) { display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); } if (!in_array($id, $mapped)) { display("Cheat attempt detected.<br><br>Get a life, loser.", "Error"); }
} }
if ((user()->latitude == $townrow["latitude"]) && (user()->longitude == $townrow["longitude"])) { if (($userrow["latitude"] == $townrow["latitude"]) && ($userrow["longitude"] == $townrow["longitude"])) {
display("You are already in this town. <a href=\"/\">Click here</a> to return to the main town screen.", "Travel To"); display("You are already in this town. <a href=\"/\">Click here</a> to return to the main town screen.", "Travel To");
} }
$newtp = ($usepoints) ? user()->currenttp - $townrow["travelpoints"] : user()->currenttp; $newtp = ($usepoints) ? $userrow["currenttp"] - $townrow["travelpoints"] : $userrow["currenttp"];
$newlat = $townrow["latitude"]; $newlat = $townrow["latitude"];
$newlon = $townrow["longitude"]; $newlon = $townrow["longitude"];
$newid = user()->id; $newid = $userrow["id"];
// If they got here by exploring, add this town to their map. // If they got here by exploring, add this town to their map.
$mapped = explode(",",user()->towns); $mapped = explode(",",$userrow["towns"]);
$town = false; $town = false;
foreach($mapped as $b) if ($b == $id) $town = true; foreach($mapped as $b) if ($b == $id) $town = true;
$mapped = implode(",", $mapped); $mapped = implode(",", $mapped);

View File

@ -12,7 +12,6 @@ function register_routes(Router $r): Router
$r->form('/lostpassword', 'Users\lostpassword'); $r->form('/lostpassword', 'Users\lostpassword');
$r->form('/changepassword', 'Users\changepassword'); $r->form('/changepassword', 'Users\changepassword');
$r->form('/verify', 'Users\verify'); $r->form('/verify', 'Users\verify');
$r->form('/settings', 'Users\settings');
return $r; return $r;
} }
@ -21,7 +20,7 @@ function register_routes(Router $r): Router
*/ */
function login() function login()
{ {
global $auth; if (checkcookies() !== false) redirect('/');
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$form = validate($_POST, [ $form = validate($_POST, [
@ -35,8 +34,11 @@ function login()
} }
$form = $form['data']; $form = $form['data'];
$row = get_user($form['username']);
if ($row === false || !$auth->login($form['username'], $form['password'])) $query = db()->query('SELECT id, username, password FROM users WHERE username = ? COLLATE NOCASE LIMIT 1;', [$form['username']]);
$row = $query ? $query->fetchArray(SQLITE3_ASSOC) : false;
if ($row === false || !password_verify($_POST['password'] ?? '', $row['password']))
die("Invalid username or password. Please go back and try again."); die("Invalid username or password. Please go back and try again.");
$expiretime = $form['remember'] ? time() + 31536000 : 0; $expiretime = $form['remember'] ? time() + 31536000 : 0;
@ -55,8 +57,6 @@ function login()
*/ */
function logout() function logout()
{ {
global $auth;
$auth->logout();
set_cookie("dkgame", "", -3600); set_cookie("dkgame", "", -3600);
redirect('/login'); redirect('/login');
} }
@ -185,25 +185,6 @@ function changepassword()
display(render('changepassword'), "Change Password", true, false, false); display(render('changepassword'), "Change Password", true, false, false);
} }
function settings()
{
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$form = validate($_POST, [
'game_skin' => ['in:0,1']
]);
if (!$form['valid']) exit(ul_from_validate_errors($form['errors']));
$form = $form['data'];
user()->game_skin = $form['game_skin'];
user()->save();
$alert = '<div class="alert">Settings updated</div>';
display($alert . render('settings'), "Account Settings");
}
display(render('settings'), "Account Settings");
}
function sendpassemail($emailaddress, $password) function sendpassemail($emailaddress, $password)
{ {
global $controlrow; global $controlrow;
@ -219,14 +200,15 @@ function sendpassemail($emailaddress, $password)
Thanks for playing. Thanks for playing.
HTML; HTML;
return send_email($emailaddress, "$gamename Lost Password", $email); $status = mymail($emailaddress, "$gamename Lost Password", $email);
return $status;
} }
function sendregmail($emailaddress, $vercode) function sendregmail($emailaddress, $vercode)
{ {
global $controlrow; global $controlrow;
extract($controlrow); extract($controlrow);
$verurl = $gameurl . "/verify"; $verurl = $gameurl . "?do=verify";
$email = <<<HTML $email = <<<HTML
You or someone using your email address recently signed up for an account on the $gamename server, located at $gameurl. You or someone using your email address recently signed up for an account on the $gamename server, located at $gameurl.
@ -238,5 +220,40 @@ function sendregmail($emailaddress, $vercode)
If you were not the person who signed up for the game, please disregard this message. You will not be emailed again. If you were not the person who signed up for the game, please disregard this message. You will not be emailed again.
HTML; HTML;
return send_email($emailaddress, "$gamename Account Verification", $email); $status = mymail($emailaddress, "$gamename Account Verification", $email);
return $status;
}
/**
* thanks to arto dot PLEASE dot DO dot NOT dot SPAM at artoaaltonen dot fi.
*/
function mymail($to, $title, $body, $from = '')
{
global $controlrow;
extract($controlrow);
$from = trim($from);
if (!$from) $from = '<'.$controlrow["adminemail"].'>';
$rp = $controlrow["adminemail"];
$org = '$gameurl';
$mailer = 'PHP';
$head = '';
$head .= "Content-Type: text/plain \r\n";
$head .= "Date: ". date('r'). " \r\n";
$head .= "Return-Path: $rp \r\n";
$head .= "From: $from \r\n";
$head .= "Sender: $from \r\n";
$head .= "Reply-To: $from \r\n";
$head .= "Organization: $org \r\n";
$head .= "X-Sender: $from \r\n";
$head .= "X-Priority: 3 \r\n";
$head .= "X-Mailer: $mailer \r\n";
$body = str_replace("\r\n", "\n", $body);
$body = str_replace("\n", "\r\n", $body);
return mail($to, $title, $body, $head);
} }

View File

@ -1,104 +0,0 @@
<?php
/*
This is an experimental new class for handling user auth. The idea is to rely as much as possible on PHP's native
session handling. When authenticated, the class will store use data in GLOBALS state.
*/
class Auth
{
/**
* Set up the auth manager; adjust PHP session settings on the fly to improve security. Starts the session for
* this request.
*/
public function __construct()
{
// enhance the native session's sessid cryptography
ini_set('session.sid_length', 64);
ini_set('session.sid_bits_per_character', 6);
session_set_cookie_params([
'lifetime' => 2592000, // 30 days
'path' => '/',
'secure' => true,
'httponly' => true,
'samesite' => 'Strict'
]);
session_start();
$this->validate();
}
private function validate(): void
{
// Check for IP address change
if (!isset($_SESSION['ip_address'])) {
$_SESSION['ip_address'] = $_SERVER['REMOTE_ADDR'];
} elseif ($_SESSION['ip_address'] !== $_SERVER['REMOTE_ADDR']) {
$this->destroy(); // Possible hijacking
exit;
}
// Check for User-Agent change
if (!isset($_SESSION['user_agent'])) {
$_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
} elseif ($_SESSION['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) {
$this->destroy(); // Possible hijacking
exit;
}
// Regenerate session ID periodically for security
if (!isset($_SESSION['last_regeneration'])) {
$_SESSION['last_regeneration'] = time();
} elseif (time() - $_SESSION['last_regeneration'] > 300) { // Every 5 minutes
$this->regenerate();
}
}
public function login(string $username, string $password): bool
{
$user = get_user($username);
if ($user === false) return false;
if (password_verify($password, $user['password'])) {
$_SESSION['authenticated'] = true;
$_SESSION['user_id'] = $user['id'];
$_SESSION['login_time'] = time();
$this->regenerate();
return true;
}
return false;
}
public function good(): bool
{
return isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true;
}
public function logout(): void
{
$this->destroy();
}
private function regenerate(): void
{
session_regenerate_id(true);
$_SESSION['last_regeneration'] = time();
}
public function destroy(): void
{
$_SESSION = [];
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
session_destroy();
}
}

View File

@ -2,10 +2,8 @@
require_once 'lib.php'; require_once 'lib.php';
require_once 'router.php'; require_once 'router.php';
require_once 'auth.php'; require_once 'explore.php';
require_once 'mail.php'; require_once 'heal.php';
require_once 'actions/explore.php';
require_once 'actions/heal.php';
require_once 'actions/users.php'; require_once 'actions/users.php';
require_once 'actions/help.php'; require_once 'actions/help.php';
require_once 'actions/towns.php'; require_once 'actions/towns.php';
@ -13,14 +11,8 @@ require_once 'actions/fight.php';
require_once 'actions/forum.php'; require_once 'actions/forum.php';
require_once 'actions/install.php'; require_once 'actions/install.php';
require_once 'actions/admin.php'; require_once 'actions/admin.php';
require_once 'models/model.php';
require_once 'models/user.php';
env_load('../.env');
$uri = uri(); $uri = uri();
$GLOBALS['cache'] = [];
$GLOBALS['state'] = [];
if (!file_exists('../.installed') && $uri[0] !== 'install') { if (!file_exists('../.installed') && $uri[0] !== 'install') {
redirect('/install'); redirect('/install');
@ -33,26 +25,26 @@ if (!file_exists('../.installed') && $uri[0] !== 'install') {
display("The game is currently closed for maintanence. Please check back later.", "Game Closed"); display("The game is currently closed for maintanence. Please check back later.", "Game Closed");
} }
$auth = new Auth;
// Login (or verify) if not logged in. // Login (or verify) if not logged in.
if (user() === false) { if (($userrow = checkcookies()) === false) {
if (!in_array($uri[0], ['login', 'register', 'verify', 'lostpassword', 'help'])) { if (!in_array($uri[0], ['login', 'register', 'verify', 'lostpassword', 'help'])) {
redirect('/login'); redirect('/login');
} }
} else { } else {
// Block user if he/she has been banned. // Block user if he/she has been banned.
if (user()->authlevel === 2) { if ($userrow["authlevel"] === 2) {
exit("Your account has been banned."); exit("Your account has been banned.");
} }
// Force verify if the user isn't verified yet. // Force verify if the user isn't verified yet.
if ($controlrow['verifyemail'] && user()->verify !== 'g2g' && !in_array($uri[0], ['verify', 'logout'])) { if ($controlrow["verifyemail"] && (bool) $userrow["verify"] === false) {
redirect('/verify'); redirect('/verify');
header("Location: users.php?do=verify");
exit;
} }
// Ensure the user can't use the admin panel. // Ensure the user can't use the admin panel.
if (user()->authlevel !== 1 && $uri[0] === 'admin') { if ($userrow['authlevel'] !== 1 && $uri[0] === 'admin') {
redirect('/'); redirect('/');
} }
} }

View File

@ -28,18 +28,12 @@ class Database extends SQLite3
public function query(string $query, array $params = []): SQLite3Result|false public function query(string $query, array $params = []): SQLite3Result|false
{ {
$p = strpos($query, '?') !== false; $p = strpos($query, '?') !== false;
try {
$stmt = $this->prepare($query); $stmt = $this->prepare($query);
foreach ($params ?? [] as $k => $v) $stmt->bindValue($p ? $k + 1 : $k, $v, $this->getSQLiteType($v)); foreach ($params ?? [] as $k => $v) $stmt->bindValue($p ? $k + 1 : $k, $v, $this->getSQLiteType($v));
} catch (Exception $e) {
exit("Failed to prepare query ($query): ".$this->lastErrorMsg());
}
$start = microtime(true); $start = microtime(true);
$error = '';
$r = $stmt->execute(); $r = $stmt->execute();
$this->log($query, microtime(true) - $start);
$this->log($query, microtime(true) - $start, $error);
return $r; return $r;
} }
@ -74,11 +68,11 @@ class Database extends SQLite3
/** /**
* Log the query, including the time it took. Increment the query counter. * Log the query, including the time it took. Increment the query counter.
*/ */
private function log(string $query, float $time_taken, string $error = ''): void private function log(string $query, float $time_taken): void
{ {
$this->count++; $this->count++;
$this->query_time += $time_taken; $this->query_time += $time_taken;
$this->log[] = [$query, $time_taken, $error]; $this->log[] = [$query, $time_taken];
} }
/** /**

36
src/explore.php Normal file
View File

@ -0,0 +1,36 @@
<?php
// explore.php :: Handles all map exploring, chances to fight, etc.
function move()
{
global $userrow, $controlrow;
if ($userrow["currentaction"] == "Fighting") { redirect('/fight'); }
$latitude = $userrow["latitude"];
$longitude = $userrow["longitude"];
$form = validate($_POST, [
'direction' => ['in:north,west,east,south']
]);
if (!$form['valid']) display(ul_from_validate_errors($form['errors']), 'Move Error');
$d = $form['data']['direction'];
if ($d === 'north') { $latitude++; if ($latitude > $controlrow["gamesize"]) { $latitude = $controlrow["gamesize"]; } }
if ($d === 'south') { $latitude--; if ($latitude < ($controlrow["gamesize"]*-1)) { $latitude = ($controlrow["gamesize"]*-1); } }
if ($d === 'east') { $longitude++; if ($longitude > $controlrow["gamesize"]) { $longitude = $controlrow["gamesize"]; } }
if ($d === 'west') { $longitude--; if ($longitude < ($controlrow["gamesize"]*-1)) { $longitude = ($controlrow["gamesize"]*-1); } }
$town = get_town_by_xy($longitude, $latitude);
if ($town !== false) {
Towns\travelto($town['id'], false);
return;
}
$chancetofight = rand(1, 5);
$action = $chancetofight === 1 ? "currentaction='Fighting', currentfight='1'," : "currentaction='Exploring',";
db()->query("UPDATE users SET $action latitude = ?, longitude = ?, dropcode = 0 WHERE id = ?;", [$latitude, $longitude, $userrow['id']]);
redirect('/');
}

View File

@ -5,6 +5,7 @@ require_once __DIR__ . '/database.php';
define('VERSION', '1.2.5'); define('VERSION', '1.2.5');
define('BUILD', 'Reawaken'); define('BUILD', 'Reawaken');
define('START', microtime(true)); define('START', microtime(true));
define('DEBUG', false);
/** /**
* Open or get SQLite database connection. * Open or get SQLite database connection.
@ -99,10 +100,10 @@ function display_admin($content, $title)
*/ */
function display($content, $title, bool $topnav = true, bool $leftnav = true, bool $rightnav = true): void function display($content, $title, bool $topnav = true, bool $leftnav = true, bool $rightnav = true): void
{ {
global $controlrow; global $userrow, $controlrow;
if ($topnav == true) { if ($topnav == true) {
if (user() !== false) { // user should be logged in if ($userrow !== false) { // user should be logged in
$topnav = <<<HTML $topnav = <<<HTML
<a href='/logout'><img src='/img/button_logout.gif' alt='Log Out' title='Log Out'></a> <a href='/logout'><img src='/img/button_logout.gif' alt='Log Out' title='Log Out'></a>
<a href='/help'><img src='/img/button_help.gif' alt='Help' title='Help'></a> <a href='/help'><img src='/img/button_help.gif' alt='Help' title='Help'></a>
@ -118,66 +119,101 @@ function display($content, $title, bool $topnav = true, bool $leftnav = true, bo
$topnav = ''; $topnav = '';
} }
if (user() !== false) { if (isset($userrow) && $userrow !== false) {
if (user()->currentaction == 'In Town') {
$town = get_town_by_xy(user()->latitude, user()->longitude); // Get userrow again, in case something has been updated.
$current_town = "Welcome to <b>{$town['name']}</b>.<br><br>"; $userquery = db()->query('SELECT * FROM users WHERE id = ? LIMIT 1;', [$userrow['id']]);
unset($userrow);
$userrow = $userquery->fetchArray(SQLITE3_ASSOC);
// Current town name.
if ($userrow["currentaction"] == "In Town") {
$townquery = db()->query('SELECT * FROM towns WHERE latitude = ? AND longitude = ? LIMIT 1;', [$userrow["latitude"], $userrow["longitude"]]);
$townrow = $townquery->fetchArray(SQLITE3_ASSOC);
$userrow["currenttown"] = "Welcome to <b>".$townrow["name"]."</b>.<br><br>";
} else { } else {
$current_town = ''; $userrow["currenttown"] = "";
} }
$userrow["forumslink"] = '<a href="/forum">Forum</a><br>';
// Format various userrow stuffs... // Format various userrow stuffs...
if (user()->latitude < 0) { user()->latitude = user()->latitude * -1 . "S"; } else { user()->latitude .= "N"; } if ($userrow["latitude"] < 0) { $userrow["latitude"] = $userrow["latitude"] * -1 . "S"; } else { $userrow["latitude"] .= "N"; }
if (user()->longitude < 0) { user()->longitude = user()->longitude * -1 . "W"; } else { user()->longitude .= "E"; } if ($userrow["longitude"] < 0) { $userrow["longitude"] = $userrow["longitude"] * -1 . "W"; } else { $userrow["longitude"] .= "E"; }
user()->experience = number_format(user()->experience); $userrow["experience"] = number_format($userrow["experience"]);
user()->gold = number_format(user()->gold); $userrow["gold"] = number_format($userrow["gold"]);
if ($userrow["authlevel"] == 1) { $userrow["adminlink"] = "<a href=\"/admin\">Admin</a><br>"; } else { $userrow["adminlink"] = ""; }
// HP/MP/TP bars.
$stathp = ceil($userrow["currenthp"] / $userrow["maxhp"] * 100);
if ($userrow["maxmp"] != 0) { $statmp = ceil($userrow["currentmp"] / $userrow["maxmp"] * 100); } else { $statmp = 0; }
$stattp = ceil($userrow["currenttp"] / $userrow["maxtp"] * 100);
$stattable = "<table width=\"100\"><tr><td width=\"33%\">\n";
$stattable .= "<table cellspacing=\"0\" cellpadding=\"0\"><tr><td style=\"padding:0px; width:15px; height:100px; border:solid 1px black; vertical-align:bottom;\">\n";
if ($stathp >= 66) { $stattable .= "<div style=\"padding:0px; height:".$stathp."px; border-top:solid 1px black; background-image:url(/img/bars_green.gif);\"><img src=\"/img/bars_green.gif\" alt=\"\" /></div>"; }
if ($stathp < 66 && $stathp >= 33) { $stattable .= "<div style=\"padding:0px; height:".$stathp."px; border-top:solid 1px black; background-image:url(/img/bars_yellow.gif);\"><img src=\"/img/bars_yellow.gif\" alt=\"\" /></div>"; }
if ($stathp < 33) { $stattable .= "<div style=\"padding:0px; height:".$stathp."px; border-top:solid 1px black; background-image:url(/img/bars_red.gif);\"><img src=\"/img/bars_red.gif\" alt=\"\" /></div>"; }
$stattable .= "</td></tr></table></td><td width=\"33%\">\n";
$stattable .= "<table cellspacing=\"0\" cellpadding=\"0\"><tr><td style=\"padding:0px; width:15px; height:100px; border:solid 1px black; vertical-align:bottom;\">\n";
if ($statmp >= 66) { $stattable .= "<div style=\"padding:0px; height:".$statmp."px; border-top:solid 1px black; background-image:url(/img/bars_green.gif);\"><img src=\"/img/bars_green.gif\" alt=\"\" /></div>"; }
if ($statmp < 66 && $statmp >= 33) { $stattable .= "<div style=\"padding:0px; height:".$statmp."px; border-top:solid 1px black; background-image:url(/img/bars_yellow.gif);\"><img src=\"/img/bars_yellow.gif\" alt=\"\" /></div>"; }
if ($statmp < 33) { $stattable .= "<div style=\"padding:0px; height:".$statmp."px; border-top:solid 1px black; background-image:url(/img/bars_red.gif);\"><img src=\"/img/bars_red.gif\" alt=\"\" /></div>"; }
$stattable .= "</td></tr></table></td><td width=\"33%\">\n";
$stattable .= "<table cellspacing=\"0\" cellpadding=\"0\"><tr><td style=\"padding:0px; width:15px; height:100px; border:solid 1px black; vertical-align:bottom;\">\n";
if ($stattp >= 66) { $stattable .= "<div style=\"padding:0px; height:".$stattp."px; border-top:solid 1px black; background-image:url(/img/bars_green.gif);\"><img src=\"/img/bars_green.gif\" alt=\"\" /></div>"; }
if ($stattp < 66 && $stattp >= 33) { $stattable .= "<div style=\"padding:0px; height:".$stattp."px; border-top:solid 1px black; background-image:url(/img/bars_yellow.gif);\"><img src=\"/img/bars_yellow.gif\" alt=\"\" /></div>"; }
if ($stattp < 33) { $stattable .= "<div style=\"padding:0px; height:".$stattp."px; border-top:solid 1px black; background-image:url(/img/bars_red.gif);\"><img src=\"/img/bars_red.gif\" alt=\"\" /></div>"; }
$stattable .= "</td></tr></table></td>\n";
$stattable .= "</tr><tr><td>HP</td><td>MP</td><td>TP</td></tr></table>\n";
$userrow["statbars"] = $stattable;
// Now make numbers stand out if they're low. // Now make numbers stand out if they're low.
if (user()->currenthp <= (user()->maxhp/5)) { user()->currenthp = "<blink><span class=\"highlight\"><b>*".user()->currenthp."*</b></span></blink>"; } if ($userrow["currenthp"] <= ($userrow["maxhp"]/5)) { $userrow["currenthp"] = "<blink><span class=\"highlight\"><b>*".$userrow["currenthp"]."*</b></span></blink>"; }
if (user()->currentmp <= (user()->maxmp/5)) { user()->currentmp = "<blink><span class=\"highlight\"><b>*".user()->currentmp."*</b></span></blink>"; } if ($userrow["currentmp"] <= ($userrow["maxmp"]/5)) { $userrow["currentmp"] = "<blink><span class=\"highlight\"><b>*".$userrow["currentmp"]."*</b></span></blink>"; }
$user_spells = explode(',', user()->spells); $spellquery = db()->query('SELECT id, name, type FROM spells;');
$spellquery = get_spells_from_list($user_spells); $userspells = explode(",",$userrow["spells"]);
user()->magiclist = ''; $userrow["magiclist"] = "";
while ($spell = $spellquery->fetchArray(SQLITE3_ASSOC)) { while ($spellrow = $spellquery->fetchArray(SQLITE3_ASSOC)) {
$spell = false; $spell = false;
foreach($user_spells as $id) { foreach($userspells as $a => $b) {
if ($id === $spell['id'] && $spell['type'] == 1) $spell = true; if ($b == $spellrow["id"] && $spellrow["type"] == 1) { $spell = true; }
} }
if ($spell == true) { if ($spell == true) {
user()->magiclist .= "<a href=\"/spell/{$spell['id']}\">".$spell['name']."</a><br>"; $userrow["magiclist"] .= "<a href=\"/spell/{$spellrow["id"]}\">".$spellrow["name"]."</a><br>";
} }
} }
if (user()->magiclist == "") { user()->magiclist = "None"; } if ($userrow["magiclist"] == "") { $userrow["magiclist"] = "None"; }
// Travel To list. // Travel To list.
$townslist = explode(",",user()->towns); $townslist = explode(",",$userrow["towns"]);
$townquery2 = db()->query('SELECT * FROM towns ORDER BY id;'); $townquery2 = db()->query('SELECT * FROM towns ORDER BY id;');
$town_list_html = ''; $userrow["townslist"] = "";
while ($townrow2 = $townquery2->fetchArray(SQLITE3_ASSOC)) { while ($townrow2 = $townquery2->fetchArray(SQLITE3_ASSOC)) {
$town = false; $town = false;
foreach($townslist as $id) { foreach($townslist as $a => $b) {
if ($id == $townrow2["id"]) { $town = true; } if ($b == $townrow2["id"]) { $town = true; }
} }
if ($town == true) { if ($town == true) {
$town_list_html .= "<a href=\"/gotown/{$townrow2["id"]}\">".$townrow2["name"]."</a><br>\n"; $userrow["townslist"] .= "<a href=\"/gotown/{$townrow2["id"]}\">".$townrow2["name"]."</a><br>\n";
} }
} }
} else {
$userrow = [];
} }
echo render('primary', [ echo render('primary', [
"dkgamename" => $controlrow["gamename"], "dkgamename" => $controlrow["gamename"],
"title" => $title, "title" => $title,
"content" => $content, "content" => $content,
"game_skin" => user()->game_skin ??= '0', 'rightnav' => $rightnav ? render('rightnav', ['user' => $userrow]) : '',
'rightnav' => $rightnav ? render('rightnav', ['statbars' => create_stat_table(user())]) : '', "leftnav" => $leftnav ? render('leftnav', ['user' => $userrow]) : '',
"leftnav" => $leftnav ? render('leftnav', ['town_list' => $town_list_html, 'current_town' => $current_town]) : '',
"topnav" => $topnav, "topnav" => $topnav,
"totaltime" => round(microtime(true) - START, 4), "totaltime" => round(microtime(true) - START, 4),
"numqueries" => db()->count, "numqueries" => db()->count,
"version" => VERSION, "version" => VERSION,
"build" => BUILD, "build" => BUILD,
"querylog" => env('debug', false) ? db()->log : [] "querylog" => DEBUG ? db()->log : []
]); ]);
exit; exit;
@ -234,15 +270,9 @@ function get_control_row(): array|false
*/ */
function get_town_by_xy(int $x, int $y): array|false function get_town_by_xy(int $x, int $y): array|false
{ {
$cache_tag = "town-$x-$y";
if (!isset($GLOBALS['cache'][$cache_tag])) {
$query = db()->query('SELECT * FROM towns WHERE longitude = ? AND latitude = ? LIMIT 1;', [$x, $y]); $query = db()->query('SELECT * FROM towns WHERE longitude = ? AND latitude = ? LIMIT 1;', [$x, $y]);
if ($query === false) return false; if ($query === false) return false;
$GLOBALS['cache'][$cache_tag] = $query->fetchArray(SQLITE3_ASSOC); return $query->fetchArray(SQLITE3_ASSOC);
}
return $GLOBALS['cache'][$cache_tag];
} }
/** /**
@ -256,14 +286,11 @@ function get_town_by_id(int $id): array|false
} }
/** /**
* Get a user's data by their ID, username or email. * Get a user's data by their ID.
*/ */
function get_user(int|string $id, string $data = '*'): array|false function get_user_by_id(int $id): array|false
{ {
$query = db()->query( $query = db()->query('SELECT * FROM users WHERE id = ? LIMIT 1;', [$id]);
"SELECT $data FROM users WHERE id=? OR username=? COLLATE NOCASE OR email=? COLLATE NOCASE LIMIT 1;",
[$id, $id, $id]
);
if ($query === false) return false; if ($query === false) return false;
return $query->fetchArray(SQLITE3_ASSOC); return $query->fetchArray(SQLITE3_ASSOC);
} }
@ -527,91 +554,18 @@ function uri(): array
} }
/** /**
* Load the environment variables from the .env file. * Redirect to login if not authenticated.
*/ */
function env_load(string $filePath): void function auth_only(): void
{ {
if (!file_exists($filePath)) throw new Exception("The .env file does not exist. (el)"); if (!checkcookies()) redirect('/login');
$lines = file($filePath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach ($lines as $line) {
$line = trim($line);
// Skip lines that are empty after trimming or are comments
if ($line === '' || str_starts_with($line, '#')) continue;
// Skip lines without an '=' character
if (strpos($line, '=') === false) continue;
[$name, $value] = explode('=', $line, 2);
$name = trim($name);
$value = trim($value, " \t\n\r\0\x0B\"'"); // Trim whitespace and quotes
if (!array_key_exists($name, $_SERVER) && !array_key_exists($name, $_ENV)) {
putenv("$name=$value");
$_ENV[$name] = $value;
$_SERVER[$name] = $value;
}
}
}
/**
* Retrieve an environment variable.
*/
function env(string $key, mixed $default = null): mixed
{
$v = $_ENV[$key] ?? $_SERVER[$key] ?? (getenv($key) ?: $default);
return match(true) {
$v === 'true' => true,
$v === 'false' => false,
is_numeric($v) => (int) $v,
is_float($v) => (float) $v,
default => $v
};
} }
/** /**
* Get the data on spells from a given list of IDs. * Redirect to home if authenticated.
*/ */
function get_spells_from_list(array|string $spell_ids): SQLite3Result|false function guest_only(): void
{ {
if (is_string($spell_ids)) $spell_ids = explode(',', $spell_ids); if (checkcookies()) redirect('/login');
$placeholders = implode(',', array_fill(0, count($spell_ids), '?'));
$query = db()->query("SELECT id, name, type FROM spells WHERE id IN($placeholders)", $spell_ids);
if ($query === false) return false;
return $query;
} }
function generate_stat_bar($current, $max)
{
$percent = ($max === 0) ? 0 : ceil($current / $max * 100);
$color = $percent >= 66 ? 'green' : ($percent >= 33 ? 'yellow' : 'red');
return '<div class="stat-bar" style="width: 15px; height: 100px; border: solid 1px black;">' .
'<div style="height: ' . $percent . 'px; background-image: url(/img/bars_' . $color . '.gif);"></div>' .
'</div>';
}
function create_stat_table($userrow)
{
$stat_table = '<div class="stat-table">' .
'<div class="stat-row">' .
'<div class="stat-col">' . generate_stat_bar(user()->currenthp, user()->maxhp) . '<div>HP</div></div>' .
'<div class="stat-col">' . generate_stat_bar(user()->currentmp, user()->maxmp) . '<div>MP</div></div>' .
'<div class="stat-col">' . generate_stat_bar(user()->currenttp, user()->maxtp) . '<div>TP</div></div>' .
'</div>' .
'</div>';
return $stat_table;
}
/**
* Returns the user in the GLOBALS state, if there is one. If not, populates it if there is a SESSION user_id.
*/
function user(): User|false
{
$GLOBALS['state']['user'] ??= ($_SESSION['user_id'] ? User::find($_SESSION['user_id']) : false);
return $GLOBALS['state']['user'];
}

View File

@ -1,113 +0,0 @@
<?php
/**
* Send an email or log email details
*
* @param string $to Recipient email address
* @param string $subject Email subject
* @param string $message Email body
* @param array $options Optional configuration options
* @return bool Success status of email sending or logging
*/
function send_email(string $to, string $subject, string $message, array $options = []): bool
{
global $controlrow;
$from_addr = empty($controlrow['adminemail']) ? 'noreply@'.$_SERVER['SERVER_NAME'] : $controlrow['adminemail'];
// Default configuration
$config = array_merge([
'from' => $from_addr,
'log_path' => '../logs/email.log',
'method' => 'smtp', // 'smtp' or 'log'
'smtp_host' => env('smtp_host', 'localhost'),
'smtp_port' => env('smtp_port', 25),
'smtp_username' => env('smtp_username', null),
'smtp_password' => env('smtp_password', null),
'smtp_encryption' => env('smtp_encryption', null)
], $options);
// Always send to log during debug
if (env('debug', false)) $config['method'] = 'log';
// Validate input
if (empty($to) || empty($subject) || empty($message)) {
error_log('Email sending failed: Missing required parameters');
return false;
}
// Prepare email headers
$headers = [
'From: ' . $config['from'],
'X-Mailer: PHP/' . phpversion()
];
// Choose sending method
switch ($config['method']) {
case 'log':
// Log email details to file
$logMessage = sprintf(
"[%s] To: %s, Subject: %s, Message:\n\n %s\n\n\n\n",
date('Y-m-d H:i:s'),
$to,
$subject,
$message
);
// Attempt to log to file
if (file_put_contents($config['log_path'], $logMessage, FILE_APPEND) === false) {
error_log('Failed to write to log file: ' . $config['log_path']);
return false;
}
return true;
case 'smtp':
default:
// Attempt to send via SMTP
try {
// Prepare SMTP connection
$smtpConfig = [
'host' => $config['smtp_host'],
'port' => $config['smtp_port'],
'username' => $config['smtp_username'],
'password' => $config['smtp_password'],
'encryption' => $config['smtp_encryption']
];
// Send email using PHP's mail function (basic SMTP)
$result = mail(
$to,
$subject,
$message,
implode("\r\n", $headers)
);
if (!$result) {
error_log('SMTP email sending failed');
return false;
}
return true;
} catch (Exception $e) {
error_log('Email sending error: ' . $e->getMessage());
return false;
}
}
}
// Example usage:
// Send via SMTP
// send_email('recipient@example.com', 'Test Subject', 'Email body text');
// Send via log
// send_email('recipient@example.com', 'Test Subject', 'Email body text', ['method' => 'log']);
// Customize SMTP settings
// send_email('recipient@example.com', 'Test Subject', 'Email body text', [
// 'method' => 'smtp',
// 'smtp_host' => 'smtp.yourserver.com',
// 'smtp_port' => 587,
// 'smtp_username' => 'your_username',
// 'smtp_password' => 'your_password',
// 'smtp_encryption' => 'tls'
// ]);

View File

@ -1,42 +0,0 @@
<?php
class Model
{
protected string $table_name = '';
protected array $original_data = [];
protected array $changes = [];
public function __construct(array $data)
{
$this->original_data = $data;
$this->changes = [];
}
public function __get(string $key): mixed
{
return array_key_exists($key, $this->changes) ? $this->changes[$key] : $this->original_data[$key] ?? false;
}
public function __set(string $key, mixed $value): void
{
if (array_key_exists($key, $this->original_data)) $this->changes[$key] = $value;
}
public function save(): bool
{
if (empty($this->changes)) return true;
$placeholders = [];
$values = [];
foreach ($this->changes as $key => $value) {
$placeholders[] = "$key=?";
$values[] = $value;
}
$values[] = $this->id;
$query = 'UPDATE ' . $this->table_name . ' SET ' . implode(', ', $placeholders) . ' WHERE id = ?;';
$result = db()->query($query, $values);
return $result === false ? false : true;
}
}

View File

@ -1,21 +0,0 @@
<?php
class User extends Model
{
protected string $table_name = 'users';
/**
* Find a user by their ID, username or email. Returns false on any failure.
*/
public static function find(int|string $id): User|false
{
$query = db()->query(
"SELECT * FROM users WHERE id=? OR username=? COLLATE NOCASE OR email=? COLLATE NOCASE LIMIT 1;",
[$id, $id, $id]
);
if ($query === false) return false;
$data = $query->fetchArray(SQLITE3_ASSOC);
if ($data === false) return false;
return new User($data);
}
}

View File

@ -1,8 +1,8 @@
<section> <section>
<div class="title"><img src="/img/button_location.gif" alt="Location" title="Location"></div> <div class="title"><img src="/img/button_location.gif" alt="Location" title="Location"></div>
Currently: <?= user()->currentaction ?><br> Currently: <?= $user['currentaction'] ?><br>
Latitude: <?= user()->latitude ?><br> Latitude: <?= $user['latitude'] ?><br>
Longitude: <?= user()->longitude ?><br> Longitude: <?= $user['longitude'] ?><br>
<a href="javascript:openmappopup()">View Map</a><br> <a href="javascript:openmappopup()">View Map</a><br>
<form action="/move" method="post" class="move-compass"> <form action="/move" method="post" class="move-compass">
<button type="submit" name="direction" value="north" class="north">North</button> <button type="submit" name="direction" value="north" class="north">North</button>
@ -16,25 +16,17 @@
<section> <section>
<div class="title"><img src="/img/button_towns.gif" alt="Towns" title="Towns"></div> <div class="title"><img src="/img/button_towns.gif" alt="Towns" title="Towns"></div>
<?php <?= $user['currenttown'] ?>
if (user()->currentaction == 'In Town') {
$town = get_town_by_xy((int) user()->latitude, (int) user()->longitude);
echo "Welcome to <b>{$town['name']}</b>.<br><br>";
}
?>
Travel To:<br> Travel To:<br>
<?= $town_list ?> <?= $user['townslist'] ?>
</section> </section>
<section> <section>
<div class="title"><img src="/img/button_functions.gif" alt="Functions" title="Functions"></div> <div class="title"><img src="/img/button_functions.gif" alt="Functions" title="Functions"></div>
<a href="/">Home</a><br> <a href="/">Home</a><br>
<a href="/forum">Forum</a><br> <?= $user['forumslink'] ?>
<a href="/settings">Settings</a><br> <?= $user['adminlink'] ?>
<a href="/changepassword">Change Password</a><br> <a href="/changepassword">Change Password</a><br>
<a href="/logout">Log Out</a><br> <a href="/logout">Log Out</a><br>
<?php if (user()->authlevel === 1): ?>
<a href="/admin">Admin</a><br>
<?php endif; ?>
<a href="/help">Help</a> <a href="/help">Help</a>
</section> </section>

View File

@ -1,9 +1,63 @@
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title><?= $title ?></title> <title><?= $title ?></title>
<link rel="stylesheet" href="/css/dk.css"> <style type="text/css">
body {
background-image: url('/img/background.jpg');
color: black;
font: 11px verdana;
}
table {
border-style: none;
padding: 0px;
font: 11px verdana;
}
td {
border-style: none;
padding: 3px;
vertical-align: top;
}
td.top {
border-bottom: solid 2px black;
}
td.left {
width: 150px;
border-right: solid 2px black;
}
td.right {
width: 150px;
border-left: solid 2px black;
}
a {
color: #663300;
text-decoration: none;
font-weight: bold;
}
a:hover {
color: #330000;
}
.small {
font: 10px verdana;
}
.highlight {
color: red;
}
.light {
color: #999999;
}
.title {
border: solid 1px black;
background-color: #eeeeee;
font-weight: bold;
padding: 5px;
margin: 3px;
}
.copyright {
border: solid 1px black;
background-color: #eeeeee;
font: 10px verdana;
}
</style>
</head> </head>
<body> <body>
<?= $content ?> <?= $content ?>

View File

@ -19,7 +19,7 @@
} }
</script> </script>
</head> </head>
<body class="skin-<?= $game_skin ?>"> <body>
<div id="game-container"> <div id="game-container">
<header> <header>
<img id="logo" src="/img/logo.gif" alt="<?= $dkgamename ?>" title="<?= $dkgamename ?>"> <img id="logo" src="/img/logo.gif" alt="<?= $dkgamename ?>" title="<?= $dkgamename ?>">
@ -42,11 +42,7 @@
<?php <?php
if (!empty($querylog)) { if (!empty($querylog)) {
echo '<pre>'; echo '<pre>';
foreach ($querylog as $record) { foreach ($querylog as $record) echo '<div>['.round($record[1], 2)."s] {$record[0]}</div>";
$query_string = str_replace(["\r\n", "\n", "\r"], ' ', $record[0]);
$error_string = !empty($record[2]) ? '// '.$record[2] : '';
echo '<div>['.round($record[1], 2)."s] {$query_string}{$error_string}</div>";
}
echo '</pre>'; echo '</pre>';
} }
?> ?>

View File

@ -1,13 +1,13 @@
<section> <section>
<div class="title"><img src="/img/button_character.gif" alt="Character" title="Character"></div> <div class="title"><img src="/img/button_character.gif" alt="Character" title="Character"></div>
<b><?= user()->username ?></b><br> <b><?= $user['username'] ?></b><br>
Level: <?= user()->level ?><br> Level: <?= $user['level'] ?><br>
Exp: <?= user()->experience ?><br> Exp: <?= $user['experience'] ?><br>
Gold: <?= user()->gold ?><br> Gold: <?= $user['gold'] ?><br>
HP: <?= user()->currenthp ?><br> HP: <?= $user['currenthp'] ?><br>
MP: <?= user()->currentmp ?><br> MP: <?= $user['currentmp'] ?><br>
TP: <?= user()->currenttp ?><br><br> TP: <?= $user['currenttp'] ?><br>
<?= $statbars ?><br> <?= $user['statbars'] ?><br>
<a href="javascript:opencharpopup()">Extended Stats</a> <a href="javascript:opencharpopup()">Extended Stats</a>
</section> </section>

View File

@ -1,12 +0,0 @@
<h1>Account Settings</h1>
<p>Here you can change some basic settings for your account.</p>
<form action="/settings" method="post">
<label for="game_skin">Game Skin</label>
<select id="game_skin" name="game_skin">
<option value="0">Default</option>
<option value="1">Snowstorm</option>
</select>
<button type="submit">Save</button>
</form>