Compare commits

..

4 Commits

11 changed files with 194 additions and 128 deletions

View File

@ -40,8 +40,7 @@ $r->get('/spell/:id', 'healspells');
$r->get('/showchar', 'showchar'); $r->get('/showchar', 'showchar');
$r->get('/onlinechar/:id', 'onlinechar'); $r->get('/onlinechar/:id', 'onlinechar');
$r->get('/showmap', 'showmap'); $r->get('/showmap', 'showmap');
$r->get('/babblebox', 'babblebox'); $r->form('/babblebox', 'babblebox');
$r->post('/babblebox', 'babblebox');
// [code, handler, params, middleware] // [code, handler, params, middleware]
$l = $r->lookup($_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI']); $l = $r->lookup($_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI']);
@ -169,7 +168,7 @@ function showchar()
if ($userrow["magiclist"] == "") $userrow["magiclist"] = "None"; if ($userrow["magiclist"] == "") $userrow["magiclist"] = "None";
$array = ["content" => parsetemplate(gettemplate("showchar"), $userrow), "title" => "Character Information"]; $array = ["content" => parsetemplate(gettemplate("showchar"), $userrow), "title" => "Character Information"];
echo parsetemplate("<html>\n" . gettemplate("minimal"), $array); echo render('minimal', $array);
} }
function onlinechar($id) function onlinechar($id)
@ -205,31 +204,39 @@ function onlinechar($id)
function showmap() function showmap()
{ {
$array = ["content" => "<center><img src=\"/img/map.gif\" alt=\"Map\" /></center>", "title" => "Map"]; global $userrow;
echo parsetemplate("<html>\n" . gettemplate("minimal"), $array);
$pos = sprintf(
'<div style="position: absolute; width: 5px; height: 5px; border-radius: 1000px; border: solid 1px black; background-color: red; left: %dpx; top: %dpx;"></div>',
round(258 + $userrow['longitude'] * (500 / 500) - 3),
round(258 - $userrow['latitude'] * (500 / 500) - 3)
);
echo render('minimal', [
'content' => '<img src="/img/map.gif" alt="Map">'.$pos,
'title' => 'Map'
]);
} }
/**
* Either render the latest 40 chats to the babblebox, or add a chat to it and redirect. This is used
* within an iframe.
*/
function babblebox() function babblebox()
{ {
global $userrow; global $userrow;
if (isset($_POST["babble"])) { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$safecontent = makesafe($_POST["babble"]); $safecontent = make_safe($_POST["babble"]);
if (!empty($safecontent)) { if (!empty($safecontent)) {
db()->query('INSERT INTO babble (posttime, author, babble) VALUES (CURRENT_TIMESTAMP, ?, ?);', [$userrow['username'], $safecontent]); db()->query('INSERT INTO babble (posttime, author, babble) VALUES (CURRENT_TIMESTAMP, ?, ?);',
[$userrow['username'], $safecontent]);
} }
redirect('/babblebox'); redirect('/babblebox');
} }
$babblebox['content'] = '';
$query = db()->query('SELECT * FROM babble ORDER BY id DESC LIMIT 40;'); $query = db()->query('SELECT * FROM babble ORDER BY id DESC LIMIT 40;');
while ($babblerow = $query->fetchArray(SQLITE3_ASSOC)) { echo render('babblebox', ['messages' => $query]);
$new = "<div class=\"message\">[<b>{$babblerow["author"]}</b>] {$babblerow["babble"]}</div>\n";
$babblebox["content"] = $new . $babblebox["content"];
}
$babblebox["content"] .= '<form action="/babblebox" method="post" style="margin-top: 1rem;"><input type="text" name="babble" maxlength="255" style="width: 100%;"><br><input type="submit" name="submit" value="Babble"><input type="reset" name="reset" value="Clear"></form>';
echo parsetemplate("<html>\n" . gettemplate("babblebox"), $babblebox);
} }
/** /**

View File

@ -11,31 +11,31 @@ function register_routes(Router $r): Router
global $userrow; global $userrow;
if (isset($userrow) && $userrow !== false && $userrow['authlevel'] === 1) { if (isset($userrow) && $userrow !== false && $userrow['authlevel'] === 1) {
$r->get('/admin', 'Admin\donothing'); $r->get('/admin', 'Admin\donothing');
$r->get('/admin/main', 'Admin\primary');
$r->post('/admin/main', 'Admin\primary'); $r->form('/admin/main', 'Admin\primary');
$r->get('/admin/items', 'Admin\items'); $r->get('/admin/items', 'Admin\items');
$r->get('/admin/items/:id', 'Admin\edititem'); $r->form('/admin/items/:id', 'Admin\edititem');
$r->post('/admin/items/:id', 'Admin\edititem');
$r->get('/admin/drops', 'Admin\drops'); $r->get('/admin/drops', 'Admin\drops');
$r->get('/admin/drops/:id', 'Admin\editdrop'); $r->form('/admin/drops/:id', 'Admin\editdrop');
$r->post('/admin/drops/:id', 'Admin\editdrop');
$r->get('/admin/towns', 'Admin\towns'); $r->get('/admin/towns', 'Admin\towns');
$r->get('/admin/towns/:id', 'Admin\edittown'); $r->form('/admin/towns/:id', 'Admin\edittown');
$r->post('/admin/towns/:id', 'Admin\edittown');
$r->get('/admin/monsters', 'Admin\monsters'); $r->get('/admin/monsters', 'Admin\monsters');
$r->get('/admin/monsters/:id', 'Admin\editmonster'); $r->form('/admin/monsters/:id', 'Admin\editmonster');
$r->post('/admin/monsters/:id', 'Admin\editmonster');
$r->get('/admin/level', 'Admin\levels'); $r->get('/admin/level', 'Admin\levels');
$r->get('/admin/level/:id', 'Admin\editlevel'); $r->form('/admin/level/:id', 'Admin\editlevel');
$r->post('/admin/level/:id', 'Admin\editlevel');
$r->get('/admin/spells', 'Admin\spells'); $r->get('/admin/spells', 'Admin\spells');
$r->get('/admin/spells/:id', 'Admin\editspell'); $r->form('/admin/spells/:id', 'Admin\editspell');
$r->post('/admin/spells/:id', 'Admin\editspell');
$r->get('/admin/users', 'Admin\users'); $r->get('/admin/users', 'Admin\users');
$r->get('/admin/users/:id', 'Admin\edituser'); $r->form('/admin/users/:id', 'Admin\edituser');
$r->post('/admin/users/:id', 'Admin\edituser');
$r->get('/admin/news', 'Admin\addnews'); $r->form('/admin/news', 'Admin\addnews');
$r->post('/admin/news', 'Admin\addnews');
} }
return $r; return $r;
} }
@ -318,7 +318,7 @@ function edittown($id)
if ($mp < 0) $errors[] = "Map price must be a number greater than or equal to 0."; if ($mp < 0) $errors[] = "Map price must be a number greater than or equal to 0.";
if ($tp < 0) $errors[] = "Travel points must be a number greater than or equal to 0."; if ($tp < 0) $errors[] = "Travel points must be a number greater than or equal to 0.";
if ($errors == 0) { if (count($errors) === 0) {
db()->query('UPDATE towns SET name=?, latitude=?, longitude=?, innprice=?, mapprice=?, travelpoints=?, itemslist=? WHERE id=?;', [ db()->query('UPDATE towns SET name=?, latitude=?, longitude=?, innprice=?, mapprice=?, travelpoints=?, itemslist=? WHERE id=?;', [
$n, $la, $lo, $ip, $mp, $tp, $il, $id $n, $la, $lo, $ip, $mp, $tp, $il, $id
]); ]);

View File

@ -8,11 +8,9 @@ use Router;
function register_routes(Router $r): Router function register_routes(Router $r): Router
{ {
$r->get('/fight', 'Fights\fight'); $r->form('/fight', 'Fights\fight');
$r->post('/fight', 'Fights\fight');
$r->get('/victory', 'Fights\victory'); $r->get('/victory', 'Fights\victory');
$r->get('/drop', 'Fights\drop'); $r->form('/drop', 'Fights\drop');
$r->post('/drop', 'Fights\drop');
$r->get('/dead', 'Fights\dead'); $r->get('/dead', 'Fights\dead');
return $r; return $r;
} }

View File

@ -9,8 +9,7 @@ use Router;
function register_routes(Router $r): Router function register_routes(Router $r): Router
{ {
$r->get('/forum/thread/:x/:x', 'Forum\showthread'); $r->get('/forum/thread/:x/:x', 'Forum\showthread');
$r->get('/forum/new', 'Forum\newthread'); $r->form('/forum/new', 'Forum\newthread');
$r->post('/forum/new', 'Forum\newthread');
$r->post('/forum/reply', 'Forum\reply'); $r->post('/forum/reply', 'Forum\reply');
$r->get('/forum/list/:x', 'Forum\donothing'); $r->get('/forum/list/:x', 'Forum\donothing');
$r->get('/forum', 'Forum\donothing'); $r->get('/forum', 'Forum\donothing');

View File

@ -8,8 +8,7 @@ use Router;
function register_routes(Router $r): Router function register_routes(Router $r): Router
{ {
$r->get('/inn', 'Towns\inn'); $r->form('/inn', 'Towns\inn');
$r->post('/inn', 'Towns\inn');
$r->get('/buy', 'Towns\buy'); $r->get('/buy', 'Towns\buy');
$r->get('/buy2/:id', 'Towns\buy2'); $r->get('/buy2/:id', 'Towns\buy2');
$r->post('/buy3/:id', 'Towns\buy3'); $r->post('/buy3/:id', 'Towns\buy3');

View File

@ -6,17 +6,12 @@ use Router;
function register_routes(Router $r): Router function register_routes(Router $r): Router
{ {
$r->get('/login', 'Users\login'); $r->form('/login', 'Users\login');
$r->post('/login', 'Users\login');
$r->get('/logout', 'Users\logout'); $r->get('/logout', 'Users\logout');
$r->get('/register', 'Users\register'); $r->form('/register', 'Users\register');
$r->post('/register', 'Users\register'); $r->form('/lostpassword', 'Users\lostpassword');
$r->get('/lostpassword', 'Users\lostpassword'); $r->form('/changepassword', 'Users\changepassword');
$r->post('/lostpassword', 'Users\lostpassword'); $r->form('/verify', 'Users\verify');
$r->get('/changepassword', 'Users\changepassword');
$r->post('/changepassword', 'Users\changepassword');
$r->get('/verify', 'Users\verify');
$r->post('/verify', 'Users\verify');
return $r; return $r;
} }

View File

@ -2,9 +2,10 @@
require_once __DIR__ . '/database.php'; require_once __DIR__ . '/database.php';
define('VERSION', '1.2.3'); define('VERSION', '1.2.5');
define('BUILD', 'Reawaken'); define('BUILD', 'Reawaken');
define('START', microtime(true)); define('START', microtime(true));
define('DEBUG', true);
/** /**
* Open or get SQLite database connection. * Open or get SQLite database connection.
@ -23,6 +24,26 @@ function redirect(string $location): void
exit; exit;
} }
/**
* Return the path to a view file.
*/
function template(string $name): string
{
return "../templates/$name.php";
}
/**
* Render a view with the given data. Looks for `$path_to_base_view` through `template()`. Can be used redundantly
* within the template.
*/
function render(string $path_to_base_view, array $data = []): string|false
{
ob_start();
extract($data);
require template($path_to_base_view);
return ob_get_clean();
}
function gettemplate($templatename) { // SQL query for the template. function gettemplate($templatename) { // SQL query for the template.
$filename = __DIR__ . "/../templates/" . $templatename . ".php"; $filename = __DIR__ . "/../templates/" . $templatename . ".php";
@ -65,8 +86,12 @@ function is_email($email) { // Thanks to "mail(at)philipp-louis.de" from php.net
} }
function makesafe($d) { /**
return htmlentities($d); * Use htmlentities with UTF-8 encoding to ensure we're only outputting healthy, safe and effective HTML.
*/
function make_safe(string $content): string
{
return htmlentities($content, ENT_QUOTES, 'UTF-8');
} }
/** /**
@ -211,7 +236,8 @@ function display($content, $title, $topnav=true, $leftnav=true, $rightnav=true,
"totaltime" => round(getmicrotime() - START, 4), "totaltime" => round(getmicrotime() - START, 4),
"numqueries" => db()->count, "numqueries" => db()->count,
"version" => VERSION, "version" => VERSION,
"build" => BUILD "build" => BUILD,
"querylog" => DEBUG ? '<pre>'.print_r(db()->log, true).'</pre>' : ''
]); ]);
echo "<html>\n" . $page; echo "<html>\n" . $page;
@ -557,3 +583,4 @@ function guest_only(): void
{ {
if (checkcookies()) redirect('/login'); if (checkcookies()) redirect('/login');
} }

View File

@ -151,6 +151,32 @@ class Router
return $this->add('PATCH', $route, $handler); return $this->add('PATCH', $route, $handler);
} }
/**
* Register multiple verbs to the same route.
*/
public function many(array $methods, string $route, callable $handler): Router
{
foreach ($methods as $method) $this->add($method, $route, $handler);
return $this;
}
/**
* Register all verbs to the same route.
*/
public function any(string $route, callable $handler): Router
{
foreach (SELF::VALID_METHODS as $method) $this->add($method, $route, $handler);
return $this;
}
/**
* Some pages function entirely as forms; thus we can shorthand a GET/POST route.
*/
public function form(string $route, callable $handler): Router
{
return $this->many(['GET', 'POST'], $route, $handler);
}
/** /**
* Validate the given method against valid HTTP verbs. * Validate the given method against valid HTTP verbs.
*/ */

View File

@ -1,10 +1,9 @@
<?php <html lang="en">
$template = <<<HTML
<head> <head>
<title>Babblebox</title> <title>Babblebox</title>
<style type="text/css"> <style type="text/css">
body { body {
background-image: url(/img/background.jpg); background-image: url('/img/background.jpg');
color: black; color: black;
font: 11px verdana; font: 11px verdana;
margin: 0px; margin: 0px;
@ -37,8 +36,23 @@ $template = <<<HTML
} }
</style> </style>
</head> </head>
<body onload="window.scrollTo(0, 99999)"> <body onload="window.scrollTo(0, 99999)">
{{content}} <?php
$has_chats = false;
while ($row = $messages->fetchArray(SQLITE3_ASSOC)):
$has_chats = true;
?>
<div class="message">[<b><?= $row['author'] ?></b>] <?= $row['babble'] ?></div>
<?php
endwhile;
if (!$has_chats) echo 'There are no messages. :(';
?>
<form action="/babblebox" method="post" style="margin-top: 1rem;">
<input type="text" name="babble" maxlength="255" style="width: 100%;"><br>
<input type="submit" name="submit" value="Babble">
<input type="reset" name="reset" value="Clear">
</form>
</body> </body>
</html> </html>
HTML;

View File

@ -1,7 +1,6 @@
<?php <html lang="en">
$template = <<<THEVERYENDOFYOU
<head> <head>
<title>{{title}}</title> <title><?= $title ?></title>
<style type="text/css"> <style type="text/css">
body { body {
background-image: url(/img/background.jpg); background-image: url(/img/background.jpg);
@ -60,9 +59,9 @@ a:hover {
} }
</style> </style>
</head> </head>
<body><center> <body>
{{content}} <center>
</center></body> <?= $content ?>
</center>
</body>
</html> </html>
THEVERYENDOFYOU;
?>

View File

@ -38,6 +38,8 @@ $template = <<<HTML
<div>{{totaltime}} Seconds, {{numqueries}} Queries</div> <div>{{totaltime}} Seconds, {{numqueries}} Queries</div>
<div>Version {{version}} {{build}}</div> <div>Version {{version}} {{build}}</div>
</footer> </footer>
{{querylog}}
</div> </div>
</body> </body>
</html> </html>