Sky/Dragon-Scourge
Sky/Dragon-Scourge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make playable

Browse Source
This commit is contained in:
Sky Johnson 2024-08-08 12:55:08 -05:00
parent ae49476b96
commit 6f782914ca
9 changed files with 1385 additions and 328 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
config.php

10
changelog.txt
View File

@ -3,6 +3,12 @@ Changelog
***** BETA FIVE *****
8.8.2024 - Build 21 (Make Playable):
- Add a mysql_ shim to replace old database functions
- Modify some SQL to make it work with MySQL 8.0+
- Create botcheck folder and add a .gitkeep to pass tests
- Remove magic quotes functions as they have entirely been removed
9.2.2007 - Build 20 (Consolation Prize Part Deux):
- Fixed incorrect story values in install.sql.
- Some changes to the version/copyright/moddedby display.
@ -192,7 +198,7 @@ Changelog
- Fights happen slightly less often now (1/5 rather than 1/4).
- Added anti-macro image verification for protection against space robots.
4.1.2005 - Build 03 (Holy Hand Grenade):
4.1.2005 - Build 03 (Holy Hand Grenade):
- Fixed problem that prevented users from registering.
- Fixed exploit in the Bank and Post Office that allowed users to withdraw/deposit/send negative numbers.
- Added God Mode cheat: index.php?do=iddqd
@ -236,4 +242,4 @@ Changelog
- Added language indexes for x_submit and x_reset.
7.19.2004 - Build 20 (pr0n):
- Initial public testing release.
- Initial public testing release.

14
config.php
View File

@ -15,11 +15,11 @@
// (see our website for that).
$dbsettings = Array(
"server" => "localhost", // MySQL server name. (Usually localhost.)
"user" => "", // MySQL username.
"pass" => "", // MySQL password.
"name" => "", // MySQL database name.
"server" => "127.0.0.1", // MySQL server name. (Usually localhost.)
"user" => "root", // MySQL username.
"pass" => "root", // MySQL password.
"name" => "scourge", // MySQL database name.
"prefix" => "sx", // Prefix for table names.
"secretword" => ""); // Secret word used when hashing information for cookies.
?>
"secretword" => "poop"); // Secret word used when hashing information for cookies.
?>

0
images/botcheck/.gitkeep Normal file
View File

118
install.php
View File

@ -14,16 +14,10 @@
// within the confines of the Dragon Scourge License Agreement
// (see our website for that).
require_once 'shim.php';
opendb();
// Handling for servers with magic_quotes turned on.
if (get_magic_quotes_gpc()) {
$_POST = array_map('uber_ss', $_POST);
$_GET = array_map('uber_ss', $_GET);
$_COOKIE = array_map('uber_ss', $_COOKIE);
}
$_POST = array_map('uber_mres', $_POST);
$_POST = array_map('uber_hsc', $_POST);
$_GET = array_map('uber_mres', $_GET);
@ -43,30 +37,30 @@ switch ($page) {
}
function uber_ss($value) {
$value = is_array($value) ?
array_map('uber_ss', $value) :
stripslashes($value);
return $value;
}
function uber_mres($value) {
$value = is_array($value) ?
array_map('uber_mres', $value) :
mysql_real_escape_string($value);
return $value;
}
function uber_hsc($value) {
$value = is_array($value) ?
array_map('uber_hsc', $value) :
htmlspecialchars($value);
return $value;
}
function opendb() { // Open database connection.
@ -85,27 +79,27 @@ function opendb() { // Open database connection.
define("DBRESULT", true);
}
}
return $link;
//return $link;
}
function doquery($query) { // Something of a tiny little database abstraction layer.
include('config.php');
$sqlquery = mysql_query(preg_replace("/<<([a-zA-Z0-9_\-]+)>>/", $dbsettings["prefix"]."_$1", $query));
if ($sqlquery == false) {
die(mysql_error() . "<br /><br />" . $query);
}
return $sqlquery;
}
function dorow($sqlquery, $force = "") { // Abstraction layer part deux.
switch (mysql_num_rows($sqlquery)) {
case 0:
$row = false;
break;
@ -128,11 +122,11 @@ function dorow($sqlquery, $force = "") { // Abstraction layer part deux.
}
}
break;
}
return $row;
}
// Thanks to Predrag Supurovic from php.net for this function!
@ -153,11 +147,11 @@ function dobatch($p_query) {
/***** DONE WITH ALL THE SETUP STUFF, SO ACTUALLY START INSTALLING. *****/
function one() {
// Test file permissions.
$botcheck = false;
$f = fopen("images/botcheck/test.txt", "a");
if ($f) {
if ($f) {
if (fwrite($f,"test")) {
$botcheck = true;
fclose($f);
@ -166,20 +160,20 @@ function one() {
}
$users = false;
$f = fopen("images/users/test.txt", "a");
if ($f) {
if ($f) {
if (fwrite($f,"test")) {
$users = true;
fclose($f);
unlink("images/users/test.txt");
}
}
// Display status.
if ($botcheck) { $botcheck = "<span style=\"color: Green;\">Pass</span>"; } else { $botcheck = "<span style=\"color: red;\">Fail</span>"; }
if ($users) { $users = "<span style=\"color: Green;\">Pass</span>"; } else { $users = "<span style=\"color: red;\">Fail</span>"; }
if (MYSQLRESULT) { $mysqlresult = "<span style=\"color: Green;\">Pass</span>"; } else { $mysqlresult = "<span style=\"color: red;\">Fail</span>"; }
if (DBRESULT) { $dbresult = "<span style=\"color: Green;\">Pass</span>"; } else { $dbresult = "<span style=\"color: red;\">Fail</span>"; }
// Done. Show page.
$page = <<<THEVERYENDOFYOU
<html>
@ -195,7 +189,7 @@ $page = <<<THEVERYENDOFYOU
</head>
<body><center>
<div class="main" style="width: 700px;">
<h3>Dragon Scourge :: Installation (Step 1)</h3>
<ol>
<li><b>Verify Settings</b></li>
@ -203,7 +197,7 @@ $page = <<<THEVERYENDOFYOU
<li>Primary Game Settings</li>
<li>Create Admin User</li>
</ol>
<table border="1">
<tr><th colspan="2">Verify Settings</th></tr>
<tr><td>MySQL Connection</td><td>$mysqlresult</td></tr>
@ -211,16 +205,16 @@ $page = <<<THEVERYENDOFYOU
<tr><td>File Permissions: /images/users/</td><td>$users</td></tr>
<tr><td>File Permissions: /images/botcheck/</td><td>$botcheck</td></tr>
</table><br /><br />
If any of the above settings display <span style="color: red;">Fail</span>, please go back and make sure everything is correct.<br /><br />
For failures on either MySQL Connection or MySQL Database, please ensure that you have inserted the correct values for your server configuration into config.php, and make sure that the database to which you will be installing Dragon Scourge already exists on your server.<br /><br />
For failures on either of the two File Permissions settings, make sure that the appropriate folders have been CHMODed to 0777 (on Unix/Linux servers), or are not set to read-only (on Windows servers). If you need help with this, <a href="http://www.stadtaus.com/en/tutorials/chmod-ftp-file-permissions.php" target="_new">click here</a> for tutorials on how to do this in several major FTP clients.<br /><br />
Once you have checked all the appropriate settings, reload this page and make sure that all four tests indicate <span style="color: green;">Pass</span> before continuing.<br /><br />
Once all tests pass, click the link below to continue to step two.<br /><br />
<a href="install.php?page=two">Continue to Step Two: Install Database</a><br />
Installing the database may take several seconds. Please click the link only once.
</div>
</center></body>
</html>
@ -230,10 +224,10 @@ die($page);
}
function two() {
$installsql = file_get_contents("install.sql");
$status = dobatch($installsql);
$page = <<<THEVERYENDOFYOU
<html>
<head>
@ -248,7 +242,7 @@ $page = <<<THEVERYENDOFYOU
</head>
<body><center>
<div class="main" style="width: 700px;">
<h3>Dragon Scourge :: Installation (Step 2)</h3>
<ol>
<li>Verify Settings</li>
@ -256,11 +250,11 @@ $page = <<<THEVERYENDOFYOU
<li>Primary Game Settings</li>
<li>Create Admin User</li>
</ol>
The database installation is now complete. Click the link below to set up your initial game settings.<br /><br />
<a href="install.php?page=three">Continue to Step Three: Primary Game Settings</a>
</div>
</center></body>
</html>
@ -270,7 +264,7 @@ die($page);
}
function three() {
// Path stuff. Easy.
$gamepath = str_replace("install.php","",__FILE__);
$gamepath = str_replace("\\","/",$gamepath);
@ -278,8 +272,8 @@ function three() {
$gameurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"];
$gameurl = str_replace("install.php","",$gameurl);
$avatarurl = $gameurl . "images/users/";
$page = <<<THEVERYENDOFYOU
<html>
<head>
@ -295,7 +289,7 @@ $page = <<<THEVERYENDOFYOU
</head>
<body><center>
<div class="main" style="width: 700px;">
<h3>Dragon Scourge :: Installation (Step 3)</h3>
<ol>
<li>Verify Settings</li>
@ -303,7 +297,7 @@ $page = <<<THEVERYENDOFYOU
<li><b>Primary Game Settings</b></li>
<li>Create Admin User</li>
</ol>
<form action="install.php?page=four" method="post">
<table cellspacing="0" cellpadding="5" width="98%">
<tr><td width="25%">Game Name</td><td><input type="text" name="gamename" size="20" maxlength="50" value="Dragon Scourge" /><br /><span class="grey">The name of your game. Used in page titles and when sending email to new users.</span><br /><br /></td></tr>
@ -332,7 +326,7 @@ $page = <<<THEVERYENDOFYOU
</center></td></tr>
</table>
</form>
</div>
</center></body>
</html>
@ -342,7 +336,7 @@ die($page);
}
function four() {
// Check for errors.
$requires = array("gamename","gamepath","gameurl","avatarpath","avatarurl","avatarmaxsize","adminemail","botcheck","pvprefresh","pvptimeout","guildstartup","guildstartlvl","guildjoinlvl","guildupdate");
$numerics = array("avatarmaxsize","botcheck","pvprefresh","pvptimeout","guildstartup","guildstartlvl","guildjoinlvl","guildupdate");
@ -355,15 +349,15 @@ function four() {
if (!is_numeric($_POST[$b])) { $errors .= "$b field must contain numbers only.<br />"; }
}
if ($errors != "") { die("The following errors occurred. Please go back and correct these errors before continuing.<br /><br />$errors"); }
// Check toggles.
foreach($toggles as $a => $b) {
if (!isset($_POST[$b])) { $_POST[$b] = "0"; }
}
// No errors, so set up the table.
extract($_POST);
doquery("INSERT INTO <<control>> SET
doquery("INSERT INTO <<control>> SET
id='1',
gamename='$gamename',
gameopen='1',
@ -393,7 +387,7 @@ function four() {
guildjoinlvl='$guildjoinlvl',
guildupdate='$guildupdate'
");
// Done with the controlrow creator. Now show admin user creation form.'
$page = <<<THEVERYENDOFYOU
<html>
@ -410,7 +404,7 @@ $page = <<<THEVERYENDOFYOU
</head>
<body><center>
<div class="main" style="width: 700px;">
<h3>Dragon Scourge :: Installation (Step 4)</h3>
<ol>
<li>Verify Settings</li>
@ -418,7 +412,7 @@ $page = <<<THEVERYENDOFYOU
<li>Primary Game Settings</li>
<li><b>Create Admin User</b></li>
</ol>
<form action="install.php?page=five" method="post">
<table cellspacing="0" cellpadding="5" width="98%">
<tr><td width="25%">Username</td><td><input type="text" name="username" size="20" maxlength="30" value="" /><br /><br /></td></tr>
@ -429,7 +423,7 @@ $page = <<<THEVERYENDOFYOU
</center></td></tr>
</table>
</form>
</div>
</center></body>
</html>
@ -438,7 +432,7 @@ die($page);
}
function five() {
// Check for errors.
$requires = array("username","password","emailaddress");
$errors = "";
@ -446,12 +440,12 @@ function five() {
if (!isset($_POST[$b]) || trim($_POST[$b])=="") { $errors .= "$b field is required.<br />"; }
}
if ($errors != "") { die("The following errors occurred. Please go back and correct these errors before continuing.<br /><br />$errors"); }
// No errors, so set up the table.
extract($_POST);
$password = md5($password);
doquery("INSERT INTO <<accounts>> SET
doquery("INSERT INTO <<accounts>> SET
id='1',
username='$username',
password='$password',
@ -466,7 +460,7 @@ function five() {
imageformat='.png',
minimap='1'
");
// Done with the controlrow creator. Now show admin user creation form.'
$page = <<<THEVERYENDOFYOU
<html>
@ -483,12 +477,12 @@ $page = <<<THEVERYENDOFYOU
</head>
<body><center>
<div class="main" style="width: 700px;">
<h3>Dragon Scourge :: Installation Complete</h3>
Dragon Scourge Installation has now completed. Congratulations.<br /><br />
For security reasons, <b>please delete install.php and install.sql from your game directory at this time!</b><br /><br />
<a href="login.php?do=login">Click here</a> to log into your game for the first time. Once you log in, you will be asked to create your first Character.
</div>
</center></body>
</html>
@ -496,4 +490,4 @@ THEVERYENDOFYOU;
die($page);
}
?>
?>

72
install.sql
View File

@ -5,7 +5,7 @@ CREATE TABLE `<<accounts>>` (
`password` varchar(32) NOT NULL default '',
`emailaddress` varchar(200) NOT NULL default '',
`verifycode` varchar(32) NOT NULL default '',
`regdate` datetime NOT NULL default '0000-00-00 00:00:00',
`regdate` datetime NOT NULL default NOW(),
`regip` varchar(16) NOT NULL default '',
`authlevel` tinyint(3) unsigned NOT NULL default '1',
`language` varchar(30) NOT NULL default '',
@ -14,18 +14,18 @@ CREATE TABLE `<<accounts>>` (
`imageformat` varchar(4) NOT NULL default '0',
`minimap` tinyint(3) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<babblebox>>`;
CREATE TABLE `<<babblebox>>` (
`id` int(11) unsigned NOT NULL auto_increment,
`posttime` datetime NOT NULL default '0000-00-00 00:00:00',
`posttime` datetime NOT NULL default NOW(),
`charname` varchar(30) NOT NULL default '',
`charid` int(11) unsigned NOT NULL default '0',
`content` varchar(255) NOT NULL default '',
`guild` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<classes>>`;
CREATE TABLE `<<classes>>` (
@ -39,9 +39,9 @@ CREATE TABLE `<<classes>>` (
`mpperenergy` float unsigned NOT NULL default '0',
`description` text NOT NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<classes>>` (`id`, `name`, `expbonus`, `goldbonus`, `damageperstrength`, `defenseperdex`, `hpperlife`, `mpperenergy`, `description`) VALUES
INSERT INTO `<<classes>>` (`id`, `name`, `expbonus`, `goldbonus`, `damageperstrength`, `defenseperdex`, `hpperlife`, `mpperenergy`, `description`) VALUES
(1, 'Barbarian', 0, 0, 3, 1, 2, 1, 'Barbarians specialize in physical damage. 3 damage per strength point, 1 defense per dexterity point, 2 hp per life point, 1 mp per energy point.'),
(2, 'Sorceress', 0, 0, 1, 1, 2, 3, 'Sorceresses specialize in magical damage. 1 damage per strength point, 1 defense per dexterity point, 2 hp per life point, 3 mp per energy point.'),
(3, 'Paladin', 0, 0, 1, 2, 3, 1, 'Paladins specialize in staying alive. 1 damage per strength point, 2 defense per dexterity point, 3 hp per life point, 1 mp per energy point.');
@ -77,7 +77,7 @@ CREATE TABLE `<<control>>` (
`guildjoinlvl` int(10) unsigned NOT NULL default '0',
`guildupdate` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<difficulties>>`;
CREATE TABLE `<<difficulties>>` (
@ -88,9 +88,9 @@ CREATE TABLE `<<difficulties>>` (
`multiplier` float NOT NULL default '0',
`deathpenalty` tinyint(3) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<difficulties>>` (`id`, `name`, `expbonus`, `goldbonus`, `multiplier`, `deathpenalty`) VALUES
INSERT INTO `<<difficulties>>` (`id`, `name`, `expbonus`, `goldbonus`, `multiplier`, `deathpenalty`) VALUES
(1, 'Easy', 0, 0, 1, 0),
(2, 'Medium', 3, 3, 1.5, 3),
(3, 'Hard', 5, 5, 2, 7);
@ -102,7 +102,7 @@ CREATE TABLE `<<guildapps>>` (
`charid` int(10) unsigned NOT NULL default '0',
`charname` varchar(30) NOT NULL default '',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<guilds>>`;
CREATE TABLE `<<guilds>>` (
@ -127,7 +127,7 @@ CREATE TABLE `<<guilds>>` (
`statement` text NOT NULL,
`news` text NOT NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<itembase>>`;
CREATE TABLE `<<itembase>>` (
@ -157,9 +157,9 @@ CREATE TABLE `<<itembase>>` (
`mod6name` varchar(50) NOT NULL default '',
`mod6attr` smallint(5) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<itembase>>` (`id`, `name`, `slotnumber`, `isunique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`, `mod1name`, `mod1attr`, `mod2name`, `mod2attr`, `mod3name`, `mod3attr`, `mod4name`, `mod4attr`, `mod5name`, `mod5attr`, `mod6name`, `mod6attr`) VALUES
INSERT INTO `<<itembase>>` (`id`, `name`, `slotnumber`, `isunique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`, `mod1name`, `mod1attr`, `mod2name`, `mod2attr`, `mod3name`, `mod3attr`, `mod4name`, `mod4attr`, `mod5name`, `mod5attr`, `mod6name`, `mod6attr`) VALUES
(1, 'Pointy Stick', 1, 0, 1, 10, 5, 1, 0, 0, 0, 'physattack', 3, '', 0, '', 0, '', 0, '', 0, '', 0, '', 0),
(2, 'Big Stick', 1, 0, 1, 15, 8, 1, 0, 0, 0, 'physattack', 4, '', 0, '', 0, '', 0, '', 0, '', 0, '', 0),
(3, 'Dagger', 1, 0, 1, 20, 10, 1, 0, 0, 0, 'physattack', 5, '', 0, '', 0, '', 0, '', 0, '', 0, '', 0),
@ -341,9 +341,9 @@ CREATE TABLE `<<itemmodnames>>` (
`prettyname` varchar(50) NOT NULL default '',
`percent` tinyint(3) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<itemmodnames>>` (`id`, `fieldname`, `prettyname`, `percent`) VALUES
INSERT INTO `<<itemmodnames>>` (`id`, `fieldname`, `prettyname`, `percent`) VALUES
(1, 'expbonus', 'Experience Bonus', 1),
(2, 'goldbonus', 'Gold Bonus', 1),
(3, 'maxhp', 'Max HP', 0),
@ -381,9 +381,9 @@ CREATE TABLE `<<itemprefixes>>` (
`basename` varchar(50) NOT NULL default '',
`baseattr` smallint(5) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<itemprefixes>>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES
INSERT INTO `<<itemprefixes>>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES
(1, 'Sharp', 1, 0, 0, 5, 3, 1, 0, 0, 0, 'physattack', 2),
(2, 'Magic', 1, 0, 0, 8, 4, 1, 0, 0, 0, 'magicattack', 5);
@ -403,16 +403,16 @@ CREATE TABLE `<<itemsuffixes>>` (
`basename` varchar(50) NOT NULL default '',
`baseattr` smallint(5) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<itemsuffixes>>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES
INSERT INTO `<<itemsuffixes>>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES
(1, 'of the Vampire', 1, 0, 0, 5, 3, 1, 0, 0, 0, 'hpleech', 5),
(2, 'of the Bear', 1, 0, 0, 5, 3, 1, 0, 0, 0, 'strength', 5);
DROP TABLE IF EXISTS `<<messages>>`;
CREATE TABLE `<<messages>>` (
`id` int(10) unsigned NOT NULL auto_increment,
`postdate` datetime NOT NULL default '0000-00-00 00:00:00',
`postdate` datetime NOT NULL default NOW(),
`senderid` int(10) unsigned NOT NULL default '0',
`sendername` varchar(30) NOT NULL default '',
`recipientid` int(10) unsigned NOT NULL default '0',
@ -422,7 +422,7 @@ CREATE TABLE `<<messages>>` (
`message` text NOT NULL,
`gold` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<monsters>>`;
CREATE TABLE `<<monsters>>` (
@ -449,9 +449,9 @@ CREATE TABLE `<<monsters>>` (
`newstory` int(10) unsigned NOT NULL default '0',
`hpleech` tinyint(3) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<monsters>>` (`id`, `name`, `world`, `level`, `maxexp`, `maxgold`, `maxhp`, `physattack`, `physdefense`, `magicattack`, `magicdefense`, `fireattack`, `firedefense`, `lightattack`, `lightdefense`, `spell1`, `spell2`, `spellimmune1`, `spellimmune2`, `boss`, `newstory`, `hpleech`) VALUES
INSERT INTO `<<monsters>>` (`id`, `name`, `world`, `level`, `maxexp`, `maxgold`, `maxhp`, `physattack`, `physdefense`, `magicattack`, `magicdefense`, `fireattack`, `firedefense`, `lightattack`, `lightdefense`, `spell1`, `spell2`, `spellimmune1`, `spellimmune2`, `boss`, `newstory`, `hpleech`) VALUES
(1, 'Small Slime', 1, 1, 4, 2, 3, 3, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0),
(2, 'Shade', 1, 1, 4, 2, 3, 4, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0),
(3, 'Slime', 1, 2, 4, 2, 3, 3, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0),
@ -673,7 +673,7 @@ CREATE TABLE `<<pvp>>` (
`turntime` timestamp NOT NULL,
`fightrow` text NOT NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<spells>>`;
CREATE TABLE `<<spells>>` (
@ -686,9 +686,9 @@ CREATE TABLE `<<spells>>` (
`classonly` int(10) unsigned NOT NULL default '0',
`classexclude` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<spells>>` (`id`, `name`, `fname`, `value`, `mp`, `minlevel`, `classonly`, `classexclude`) VALUES
INSERT INTO `<<spells>>` (`id`, `name`, `fname`, `value`, `mp`, `minlevel`, `classonly`, `classexclude`) VALUES
(1, 'Heal 1', 'heal', 5, 2, 5, 2, 0),
(2, 'Heal 2', 'heal', 10, 5, 10, 0, 0),
(3, 'Heal 3', 'heal', 20, 10, 15, 0, 0),
@ -783,9 +783,9 @@ CREATE TABLE `<<story>>` (
`rewardname` varchar(30) NOT NULL default '',
`rewardattr` int(11) NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<story>>` (`id`, `title`, `story`, `world`, `latitude`, `longitude`, `nextstory`, `targetmonster`, `targetitem`, `targetworld`, `targetlat`, `targetlon`, `targetaction`, `rewardname`, `rewardattr`) VALUES
INSERT INTO `<<story>>` (`id`, `title`, `story`, `world`, `latitude`, `longitude`, `nextstory`, `targetmonster`, `targetitem`, `targetworld`, `targetlat`, `targetlon`, `targetaction`, `rewardname`, `rewardattr`) VALUES
(1, 'Prologue', 'The light has forsaken this land, and not for the first time. Centuries ago, it was overrun by darkness and then saved by a hero whose lifelong quest was to eradicate evil. The hero succeeded, and in the end, Lucifuge, King of the Dragons, was destroyed... at least for the time being. In the many long years since that time, Lucifuge has been gathering his forces and his power, and has finally regained enough of his former strength to return.\r\n\r\nSo the land is once again in need of a saviour. It will be no easy task, dear adventurer. In the last age, Lucifuge and his minions controlled but a small country. This time, he has sent his forces to sow chaos and darkness throughout the world. Only a brave adventurer will be able to conquer him and restore peace and order to the world.\r\n\r\nContinue on, dear adventurer. You shall be tested dearly, but the rewards will be great.', 1, 0, 0, 2, 0, '', 1, 0, 0, '', '', 0),
(2, 'Queen of Demons', 'You come to a great stone door, with the inscription ''RAZORA'' carved in the Language of the Fallen. Next to the door lie the skeletons of several dead warriors who failed to enter. One of the skeletons is holding a scrap of paper, which reads:\r\n\r\n"We finally made it. The legends are true, Razora does exist. As I write this, we are standing outside the demon queen''s throneroom. Something is following us, though, and has been for several days. We''re making camp tonight, and we''ll head inside in the morning. After the months of travelling, we definitely need our rest if we''re really preparing to face Razora. We''ve survived this far, surely whatever is following us will hold off one more night..."\r\n\r\nYou are now faced with a choice, dear adventurer. Are you ready to face the demon queen Razora, or do you still need more preparation?', 1, 100, -100, 0, 201, '', 0, 0, 0, '', '', 0),
(3, 'Fallen Queen', 'Razora, the Demon Queen, lies dead at your feet. Even now, her body and all the black blood spilled from it are melting away into the nether. Soon, all that''s left is her heart, which you take with you as proof that you destroyed her.\r\n\r\nOne section of the wall crumbles and falls, and leads to a doorway, guarded by a large statue of an angel. In the angel''s hand is a sword with flames engraved in the blade.\r\n\r\nIt wouldn''t be too much trouble to take the sword, and it does seem like your right to take it, after all the trouble you went through to kill Razora. You can now take the sword and continue through the doorway, or just continue on without it.', 1, 100, -100, 4, 0, '', 2, 0, 0, '', 'maxhp', 50),
@ -820,9 +820,9 @@ CREATE TABLE `<<towns>>` (
`itemminlvl` int(10) unsigned NOT NULL default '0',
`itemmaxlvl` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<towns>>` (`id`, `name`, `world`, `latitude`, `longitude`, `innprice`, `mapprice`, `travelpoints`, `itemminlvl`, `itemmaxlvl`) VALUES
INSERT INTO `<<towns>>` (`id`, `name`, `world`, `latitude`, `longitude`, `innprice`, `mapprice`, `travelpoints`, `itemminlvl`, `itemmaxlvl`) VALUES
(1, 'Middleton', 1, 0, 0, 5, 0, 0, 1, 5),
(2, 'Norfolk', 1, 25, 25, 10, 25, 5, 3, 8),
(3, 'Calentia', 1, 50, -50, 25, 50, 15, 6, 11),
@ -853,9 +853,9 @@ DROP TABLE IF EXISTS `<<users>>`;
CREATE TABLE `<<users>>` (
`id` int(10) unsigned NOT NULL auto_increment,
`account` int(10) unsigned NOT NULL default '0',
`birthdate` datetime NOT NULL default '0000-00-00 00:00:00',
`birthdate` datetime NOT NULL default NOW(),
`lastip` varchar(16) NOT NULL default '',
`onlinetime` datetime NOT NULL default '0000-00-00 00:00:00',
`onlinetime` datetime NOT NULL default NOW(),
`exploreverify` varchar(6) NOT NULL default '',
`exploreverifyimage` varchar(12) NOT NULL default '',
`explorefailed` int(10) unsigned NOT NULL default '0',
@ -953,7 +953,7 @@ CREATE TABLE `<<users>>` (
`bonusdefense` smallint(5) unsigned NOT NULL default '0',
PRIMARY KEY (`id`),
FULLTEXT KEY `item1name` (`item1name`)
) TYPE=MyISAM ;
);
DROP TABLE IF EXISTS `<<worlds>>`;
CREATE TABLE `<<worlds>>` (
@ -961,11 +961,11 @@ CREATE TABLE `<<worlds>>` (
`name` varchar(30) NOT NULL default '',
`size` smallint(5) unsigned NOT NULL default '0',
PRIMARY KEY (`id`)
) TYPE=MyISAM ;
);
INSERT INTO `<<worlds>>` (`id`, `name`, `size`) VALUES
INSERT INTO `<<worlds>>` (`id`, `name`, `size`) VALUES
(1, 'Raenslide', 100),
(2, 'Lorenfall', 100),
(3, 'Borderlands', 100),
(4, 'Inferno', 100),
(5, 'Unreality', 100);
(5, 'Unreality', 100);

97
lib.php
View File

@ -20,24 +20,19 @@
//if (file_exists("install.php")) { die("Please remove the <b>install.php</b> and <b>install.sql</b> files from your game directory before continuing."); }
//if (file_exists("install.sql")) { die("Please remove the install.php file from your game directory before continuing."); }
require_once 'shim.php';
// Setup for superglobal stuff that can't go in globals.php.
$starttime = getmicrotime();
$numqueries = 0;
$link = opendb();
$version = "Beta 5";
$bnumber = "20";
$bname = "Consolation Prize Part Deux";
$bdate = "9.2.2007";
$bnumber = "21";
$bname = "Make Playable";
$bdate = "8.8.2024";
include("lib2.php");
// Handling for servers with magic_quotes turned on.
if (get_magic_quotes_gpc()) {
$_POST = array_map('uber_ss', $_POST);
$_GET = array_map('uber_ss', $_GET);
$_COOKIE = array_map('uber_ss', $_COOKIE);
}
$_POST = array_map('uber_mres', $_POST);
$_POST = array_map('uber_hsc', $_POST);
$_GET = array_map('uber_mres', $_GET);
@ -46,30 +41,30 @@ $_COOKIE = array_map('uber_mres', $_COOKIE);
$_COOKIE = array_map('uber_hsc', $_COOKIE);
function uber_ss($value) {
$value = is_array($value) ?
array_map('uber_ss', $value) :
stripslashes($value);
return $value;
}
function uber_mres($value) {
$value = is_array($value) ?
array_map('uber_mres', $value) :
mysql_real_escape_string($value);
return $value;
}
function uber_hsc($value) {
$value = is_array($value) ?
array_map('uber_hsc', $value) :
htmlspecialchars($value);
return $value;
}
function opendb() { // Open database connection.
@ -83,7 +78,7 @@ function opendb() { // Open database connection.
}
function doquery($query) { // Something of a tiny little database abstraction layer.
include('config.php');
global $numqueries, $controlrow;
$sqlquery = mysql_query(preg_replace('/<<([a-zA-Z0-9_\-]+)>>/', $dbsettings["prefix"].'_$1', $query));
@ -91,16 +86,16 @@ function doquery($query) { // Something of a tiny little database abstraction la
if ($sqlquery == false) {
if ($controlrow["debug"] == 1) { die(mysql_error() . "<br /><br />" . $query); } else { die("A MySQL query error occurred. Please contact the game administrator for more help."); }
}
$numqueries++;
return $sqlquery;
}
function dorow($sqlquery, $force = "") { // Abstraction layer part deux.
switch (mysql_num_rows($sqlquery)) {
case 0:
$row = false;
break;
@ -123,34 +118,34 @@ function dorow($sqlquery, $force = "") { // Abstraction layer part deux.
}
}
break;
}
return $row;
}
function gettemplate($templatename) { // SQL query for the template.
$filename = "templates/" . $templatename . ".php";
include("$filename");
return $template;
}
function parsetemplate($template, $array) { // Replace template with proper content. Also does languages.
foreach($array as $a => $b) {
$template = str_replace("{{{$a}}}", $b, $template);
}
return $template;
}
function getmicrotime() { // Used for timing script operations.
list($usec, $sec) = explode(" ",microtime());
return ((float)$usec + (float)$sec);
list($usec, $sec) = explode(" ",microtime());
return ((float)$usec + (float)$sec);
}
@ -164,18 +159,18 @@ function mymail($to, $title, $body, $from = '') { // thanks to arto dot PLEASE d
global $controlrow;
extract($controlrow);
$from = trim($from);
if (!$from) {
$from = "<$adminemail>";
}
$rp = $adminemail;
$org = "$gameurl";
$mailer = "PHP";
$head = "";
$head .= "Content-Type: text/plain \r\n";
$head .= "Date: ". date('r'). " \r\n";
@ -187,26 +182,26 @@ function mymail($to, $title, $body, $from = '') { // thanks to arto dot PLEASE d
$head .= "X-Sender: $from \r\n";
$head .= "X-Priority: 3 \r\n";
$head .= "X-Mailer: $mailer \r\n";
$body = str_replace("\r\n", "\n", $body);
$body = str_replace("\n", "\r\n", $body);
return mail($to, $title, $body, $head);
}
function err($error, $system = false, $panels = true) { // Basic little error handler.
$errmsg = "One or more errors have occurred:<br /><br /><b>$error</b><br /><br />Please <a href=\"javascript:history.go(-1);\">go back</a> and try again.";
display("Error", $errmsg, $panels);
}
function display($title, $content, $panels = true) { // Finalize page and output to browser.
include('config.php');
global $controlrow, $userrow, $worldrow, $numqueries, $starttime, $version, $build;
if (!isset($controlrow)) {
$controlrow = dorow(doquery("SELECT * FROM <<control>> WHERE id='1' LIMIT 1"));
}
@ -216,7 +211,7 @@ function display($title, $content, $panels = true) { // Finalize page and output
. "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"DTD/xhtml1-transitional.dtd\">\n"
. "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">\n";
$page .= gettemplate("primary");
// Setup for primary page array indexes.
$row = array();
$row["gamename"] = $controlrow["gamename"];
@ -232,24 +227,24 @@ function display($title, $content, $panels = true) { // Finalize page and output
} else {
$row["info"] = "Version <a href=\"index.php?do=version\">" . $row["version"] . "</a> " . $row["debug"];
}
// Setup for side panels.
include("panels.php");
if ($panels == true) {
$row["leftnav"] = panelleft();
if ($panels == true) {
$row["leftnav"] = panelleft();
$row["rightnav"] = panelright();
$row["topnav"] = paneltop(true);
$row["bottomnav"] = panelbottom();
$row["middlenav"] = panelmiddle();
} else {
$row["leftnav"] = "";
} else {
$row["leftnav"] = "";
$row["rightnav"] = "";
$row["topnav"] = paneltop(false);
$row["bottomnav"] = "";
}
$page = rtrim($page, "<-!");
$page .= <<<THEVERYENDOFYOU
<table cellspacing="0" cellpadding="3" style="width: 95px; color: #ffffff; border: solid 1px #ffffff; background-color: #000000; margin-top: 2px;">
<tr>
@ -267,13 +262,13 @@ $page .= <<<THEVERYENDOFYOU
</center></body>
</html>
THEVERYENDOFYOU;
// Finalize control array for output.
$page = parsetemplate($page, $row);
$page = parsetemplate($page, $row);
if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); }
echo $page;
die();
}
?>
?>

1061
shim.php Normal file
View File

File diff suppressed because it is too large Load Diff

340
users.php
View File

@ -20,7 +20,7 @@ include("globals.php");
if(isset($_GET["do"])) {
$do = explode(":",$_GET["do"]);
switch ($do[0]) {
case "register": register(); break;
case "profile": profile(); break;
case "characters": characters(); break;
@ -30,26 +30,26 @@ if(isset($_GET["do"])) {
case "levelup": levelup(); break;
case "levelspell": levelspell(); break;
default: donothing();
}
} else {
donothing();
}
function donothing() {
die(header("Location: index.php"));
}
function register() {
if(isset($_POST["submit"])) {
extract($_POST);
global $controlrow;
$errors = 0; $errorlist = "";
// Process username.
if (trim($username) == "") { $errors++; $errorlist .= "Username field is required.<br />"; }
if (preg_match("/[^A-z0-9_\-]/", $username)==1) { $errors++; $errorlist .= "Username must be alphanumeric.<br />"; } // Thanks to "Carlos Pires" from php.net!
@ -60,20 +60,20 @@ function register() {
if (trim($password1) == "") { $errors++; $errorlist .= "Password fields is required.<br />"; }
if ($password1 != $password2) { $errors++; $errorlist .= "Passwords don't match.<br />"; }
$password = md5($password1);
// Process email address.
if (trim($email1) == "") { $errors++; $errorlist .= "Email field is required.<br />"; }
if ($email1 != $email2) { $errors++; $errorlist .= "Emails don't match.<br />"; }
if (! is_email($email1)) { $errors++; $errorlist .= "Email isn't valid.<br />"; }
$emailquery = doquery("SELECT emailaddress FROM <<accounts>> WHERE emailaddress='$email1' LIMIT 1");
if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.<br />"; }
// Process other stuff.
if ($imageformat != ".png" && $imageformat != ".gif") { $errors++; $errorlist .= "Invalid input for image format selection.<br />"; }
if (!is_numeric($minimap)) { $errors++; $errorlist .= "Invalid input for minimap selection.<br />"; }
if ($errors == 0) {
if ($controlrow["verifyemail"] == 1) {
$verifycode = "";
for ($i=0; $i<8; $i++) {
@ -83,10 +83,10 @@ function register() {
} else {
$verifycode='1';
}
// Now update.
$query = doquery("INSERT INTO <<accounts>> SET id='',regdate=NOW(),regip='".$_SERVER["REMOTE_ADDR"]."',verifycode='$verifycode',username='$username',password='$password',emailaddress='$email1',language='English',imageformat='$imageformat', minimap='$minimap'") or die(mysql_error());
// Send confirmation email if necessary.
if ($controlrow["verifyemail"] == 1) {
if (sendregmail($email1, $verifycode) == true) {
@ -97,34 +97,34 @@ function register() {
} else {
$page = "Your account was created succesfully.<br /><br />You may now continue to the <a href=\"login.php?do=login\">Login Page</a> and continue playing ".$controlrow["gamename"]."!";
}
} else {
// Die gracefully on errors.
$page = "The following error(s) occurred when your account was being made:<br /><span style=\"color:red;\">$errorlist</span><br />Please <a href=\"users.php?do=register\">go back</a> and try again.";
}
display("Register", $page, false);
}
$row["imageformat"] = "<option value=\".png\">PNG</option><option value=\".gif\">GIF</option>";
$row["minimap"] = "<option value=\"1\">Yes</option><option value=\"0\">No</option>";
display("Register", parsetemplate(gettemplate("users_register1"), $row), false);
}
function sendregmail($emailaddress, $vercode) {
global $controlrow;
extract($controlrow);
$verurl = $gameurl . "verify.php?code=$vercode";
$email = <<<END
You or someone using your email address recently signed up for an account on the $gamename server, located at $gameurl.
This email is sent to verify your registration email. In order to begin using your account, you must verify your email address.
This email is sent to verify your registration email. In order to begin using your account, you must verify your email address.
Please click on the link below or copy/paste it into your browser to activate your account. You will not be able to play the game until your account is activated.
Verification URL:
@ -135,15 +135,15 @@ END;
$status = mymail($emailaddress, "$gamename Account Verification", $email);
return $status;
}
function profile() {
global $userrow;
$newuserrow = $userrow;
$template = "users_profile";
// Setup for viewing other people's profiles.
if(isset($_GET["uid"])) {
if (!is_numeric($_GET["uid"])) { err("Invalid UID."); }
@ -151,10 +151,10 @@ function profile() {
if ($newuserrow == false) { err("No such UID."); }
$template = "users_onlinechar";
}
if ($newuserrow["guild"] != 0) {
if ($newuserrow["guild"] != 0) {
$newuserrow["newcharname"] = "[<span style=\"color: ".$newuserrow["tagcolor"].";\">".$newuserrow["guildtag"]."</span>]<span style=\"color: ".$newuserrow["namecolor"].";\">".$newuserrow["charname"]."</span>";
} else {
} else {
$newuserrow["newcharname"] = $newuserrow["charname"];
}
@ -163,83 +163,83 @@ function profile() {
} else {
$newuserrow["profcharpicture"] = "<img src=\"images/users/nopicture.gif\" alt=\"".$newuserrow["charname"]."\" />";
}
$newuserrow["formatexperience"] = number_format($newuserrow["experience"]);
$newuserrow["formatgold"] = number_format($newuserrow["gold"]);
if ($newuserrow["expbonus"] == 0) { $newuserrow["expbonus"] = ""; } else { if ($newuserrow["expbonus"]>0) { $expsign="+"; } else { $expsign=""; } $newuserrow["expbonus"] = "($expsign".$newuserrow["expbonus"]."%)"; }
if ($newuserrow["goldbonus"] == 0) { $newuserrow["goldbonus"] = ""; } else { if ($newuserrow["goldbonus"]>0) { $goldsign="+"; } else { $goldsign=""; }$newuserrow["goldbonus"] = "($goldsign".$newuserrow["goldbonus"]."%)"; }
// Next level.
$leveltotal = 15;
$leveladd = 15;
$i = 2;
while ($i < ($newuserrow["level"] + 1)) {
$levelstart = $leveltotal;
if ($i < 4) {
if ($i < 4) {
$leveladd = ceil($leveladd * 2.0);
} elseif ($i < 13) {
} elseif ($i < 13) {
$leveladd = floor($leveladd * 1.45);
} elseif ($i < 40) {
} elseif ($i < 40) {
$leveladd = floor($leveladd * 1.20);
} elseif ($i < 60) {
} elseif ($i < 60) {
$leveladd = 150000;
} elseif ($i < 80) {
} elseif ($i < 80) {
$leveladd = 200000;
} elseif ($i < 100) {
} elseif ($i < 100) {
$leveladd = 300000;
} elseif ($i >= 100) {
} elseif ($i >= 100) {
$leveladd = 500000;
}
$leveltotal = $levelstart + $leveladd;
$i++;
}
$newuserrow["formatnextlvl"] = number_format($leveltotal);
// Level points.
if ($newuserrow["levelup"] != 0 || $newuserrow["levelspell"] != 0) { $newuserrow["levelpointscharnotice"] = "You have Level/Spell Points available."; } else { $newuserrow["levelpointscharnotice"] = ""; }
// Class.
$class = dorow(doquery("SELECT * FROM <<classes>> WHERE id='".$newuserrow["charclass"]."' LIMIT 1"));
$newuserrow["charclass"] = $class["name"];
display("Extended Profile",parsetemplate(gettemplate($template),$newuserrow));
}
function settings() {
global $acctrow;
if (isset($_POST["submit"])) {
extract($_POST);
$errors = 0;
$errorlist = "";
// Process password.
if (trim($password1) != "") {
if (trim($password1) != "") {
if (md5($oldpassword) != $acctrow["password"]) { $errors++; $errorlist .= "Incorrect old password.<br />"; }
if ($password1 != $password2) { $errors++; $errorlist .= "New passwords don't match.<br />"; }
$password = "password='".md5($password1)."',";
$newpass = true;
} else { $password = ""; }
// Process email address.
if (trim($email) == "") { $errors++; $errorlist .= "Email field is required.<br />"; }
if (! is_email($email)) { $errors++; $errorlist .= "Email isn't valid.<br />"; }
$emailquery = doquery("SELECT emailaddress FROM <<accounts>> WHERE emailaddress='$email' AND id != '".$acctrow["id"]."' LIMIT 1");
if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.<br />"; }
// Process other stuff.
if ($imageformat != ".png" && $imageformat != ".gif") { $errors++; $errorlist .= "Invalid input for image format selection.<br />"; }
if (!is_numeric($minimap)) { $errors++; $errorlist .= "Invalid input for minimap selection.<br />"; }
if ($errors == 0) {
if ($errors == 0) {
$query = doquery("UPDATE <<accounts>> SET $password emailaddress='$email', imageformat='$imageformat', minimap='$minimap' WHERE id='".$acctrow["id"]."' LIMIT 1");
if (isset($newpass)) {
if (isset($newpass)) {
setcookie("scourge", "", (time()-3600), "/", "", 0);
$page = "Your information was updated successfully. Because you changed your password, you have been logged out to avoid cookie errors.<br /><br />Please use the Log In link above to log back into the game and continue playing.";
unset($GLOBALS["acctrow"]);
@ -248,18 +248,18 @@ function settings() {
$page = "Your information was updated successfully. You may now continue <a href=\"index.php\">playing</a>.";
display("Account Settings", $page);
}
} else {
err("The following error(s) occurred when your account was being made:<br /><span style=\"color:red;\">$errorlist</span><br />Please <a href=\"users.php?do=settings\">go back</a> and try again.");
}
}
$row["emailaddress"] = $acctrow["emailaddress"];
$row["language"] = "<option value=\"English\">English</option>";
if ($acctrow["imageformat"] == ".png") {
if ($acctrow["imageformat"] == ".png") {
$row["imageformat"] = "<option value=\".png\" selected=\"selected\">PNG</option><option value=\".gif\">GIF</option>";
} else {
$row["imageformat"] = "<option value=\".png\">PNG</option><option value=\".gif\" selected=\"selected\">GIF</option>";
@ -270,15 +270,15 @@ function settings() {
$row["minimap"] = "<option value=\"1\">Yes</option><option value=\"0\">No</option>";
}
display("Account Settings", parsetemplate(gettemplate("users_settings"), $row));
}
function characters() {
global $acctrow, $userrow, $controlrow;
if (isset($_POST["submit"])) {
if (isset($_POST["submit"])) {
// Change the active character for the account.
if (!is_numeric($_POST["makeactive"])) { err("Invalid UID."); }
$newuserrow = dorow(doquery("SELECT * FROM <<users>> WHERE id='".$_POST["makeactive"]."' LIMIT 1"));
@ -286,12 +286,12 @@ function characters() {
if ($newuserrow["account"] != $acctrow["id"]) { err("You don't own that UID."); }
$setnewchar = doquery("UPDATE <<accounts>> SET activechar='".$_POST["makeactive"]."' WHERE id='".$acctrow["id"]."' LIMIT 1");
die(header("Location: users.php?do=characters"));
}
if ($userrow != false) {
// Pagerow setup.
if ($userrow != false) {
// Pagerow setup.
$row["characters"] = $acctrow["characters"];
$row["remaining"] = 4 - $acctrow["characters"];
$row["activecharname"] = $userrow["charname"];
@ -300,26 +300,26 @@ function characters() {
if($row["characters"] < 4) {
$row["newcharlink"] = "<a href=\"users.php?do=charnew\">Click here to create a new character.</a><br />";
} else { $row["newcharlink"] = ""; }
// Grab characters.
$charrow = dorow(doquery("SELECT *, DATE_FORMAT(birthdate, '%m.%d.%Y') AS fregdate FROM <<users>> WHERE account='".$acctrow["id"]."' ORDER BY birthdate"), "id");
foreach($charrow as $a=>$b) {
if ($b["id"] == $acctrow["activechar"]) {
foreach($charrow as $a=>$b) {
if ($b["id"] == $acctrow["activechar"]) {
$row["selectcharlist"] .= "<option value=\"".$b["id"]."\" selected=\"selected\">".$b["charname"]." (Default)</option>";
$b["isdefault"] = "<span class=\"red\">(Default)</span>";
} else {
$row["selectcharlist"] .= "<option value=\"".$b["id"]."\">".$b["charname"]."</option>";
$b["isdefault"] = "";
}
if ($b["charpicture"] != "") {
$b["avatar"] = "<img src=\"".$b["charpicture"]."\" alt=\"".$b["charname"]."\" />";
} else {
$b["avatar"] = "<img src=\"images/users/nopicture.gif\" alt=\"".$b["charname"]."\" />";
}
if ($controlrow["showsigbot"] == 1) {
$sigboturl = $controlrow["gameurl"] . "sigbot/" . $userrow["id"] . ".png";
$b["sigboturl"] = "SigBot URL: <a href=\"$sigboturl\" target=\"_new\">$sigboturl</a><br />";
@ -327,107 +327,107 @@ function characters() {
$b["sigboturl"] = "";
}
$row["fullcharlist"] .= parsetemplate(gettemplate("users_charlistrow"), $b);
}
display("Characters", parsetemplate(gettemplate("users_charlist"), $row));
} else {
display("Characters", gettemplate("users_charlistnew"));
}
}
function charnew() {
global $controlrow, $acctrow;
if ($acctrow["characters"] >= 4) { err("You are not allowed to make any more new characters."); }
if (isset($_POST["submit"])) {
extract($_POST);
$errors = 0;
$errorlist = "";
// Process charname.
if (trim($charname) == "") { $errors++; $errorlist .= "Character Name field is required.<br />"; }
if (preg_match("/[^A-z\ 0-9_\-]/", $charname)==1) { $errors++; $errorlist .= "Character names can only contain letters, numbers, spaces and hyphens.<br />"; } // Thanks to "Carlos Pires" from php.net!
$characternamequery = doquery("SELECT charname FROM <<users>> WHERE charname='$charname' LIMIT 1");
if (mysql_num_rows($characternamequery) > 0) { $errors++; $errorlist .= "Character Name already taken - unique Character Name required.<br />"; }
// Upload new charpicture, if required.
if ($_FILES["intavatar"]["error"] != 4) {
$allowed = array(".gif",".jpg",".png");
$type = substr($_FILES["intavatar"]["name"],-4);
// Errors.
if (!in_array(strtolower($type),$allowed)) { die("Unallowed filetype for avatar."); }
if ($_FILES["intavatar"]["size"] > $controlrow["avatarmaxsize"]) { die("Avatar filesize too big."); }
$imagesize = getimagesize($_FILES["intavatar"]["tmp_name"]);
if (($imagesize[0]>50) || ($imagesize[1]>50)) { die("Avatar dimensions too big."); }
if (($imagesize[0]>50) || ($imagesize[1]>50)) { die("Avatar dimensions too big."); }
// Move file and finish.
$randomext = "";
for($i=0; $i<8; $i++) { $randomext .= rand(0,9); }
$uploadfile = $controlrow["avatarpath"] . $acctrow["username"] . $randomext . $type;
if (!move_uploaded_file($_FILES["intavatar"]["tmp_name"], $uploadfile)) { die("Unable to upload avatar."); }
$newcharpicture = $controlrow["avatarurl"] . $acctrow["username"] . $randomext . $type;
}
// Process everything else important.
if (!is_numeric($charclass)) { $errors++; $errorlist .= "Invalid character class.<br />"; }
if (!is_numeric($difficulty)) { $errors++; $errorlist .= "Invalid character class.<br />"; }
// Get bonuses and multipliers from classes/difficulties tables.
$expbonus = 0;
$goldbonus = 0;
$classes = dorow(doquery("SELECT * FROM <<classes>> WHERE id='$charclass' LIMIT 1"));
if ($classes != false) {
$expbonus += $classes["expbonus"];
$goldbonus += $classes["goldbonus"];
if ($classes != false) {
$expbonus += $classes["expbonus"];
$goldbonus += $classes["goldbonus"];
} else { $errors++; $errorlist .= "Invalid character class"; }
$difficulties = dorow(doquery("SELECT * FROM <<difficulties>> WHERE id='$difficulty' LIMIT 1"));
if ($difficulties != false) {
$expbonus += $difficulties["expbonus"];
$goldbonus += $difficulties["goldbonus"];
if ($difficulties != false) {
$expbonus += $difficulties["expbonus"];
$goldbonus += $difficulties["goldbonus"];
$difficulty = $difficulties["multiplier"];
$deathpenalty = $difficulties["deathpenalty"];
} else { $errors++; $errorlist .= "Invalid character class"; }
if ($errors == 0) {
// Now everything's cool. Create new character row.
$query = doquery("INSERT INTO <<users>> SET id='', account='".$acctrow["id"]."', birthdate=NOW(), lastip='".$_SERVER["REMOTE_ADDR"]."', onlinetime=NOW(), charname='$charname', charpicture='$newcharpicture', charclass='$charclass', difficulty='$difficulty', deathpenalty='$deathpenalty', expbonus='$expbonus', goldbonus='$goldbonus'");
$query = doquery("INSERT INTO <<users>> SET account='".$acctrow["id"]."', birthdate=NOW(), lastip='".$_SERVER["REMOTE_ADDR"]."', onlinetime=NOW(), charname='$charname', charpicture='$newcharpicture', charclass='$charclass', difficulty='$difficulty', deathpenalty='$deathpenalty', expbonus='$expbonus', goldbonus='$goldbonus'");
// Update account row.
$default = "";
if (isset($setdefault)) { $default = "activechar='".mysql_insert_id()."', "; }
if ($acctrow["characters"] == 0) { $default = "activechar='".mysql_insert_id()."', "; }
$query2 = doquery("UPDATE <<accounts>> SET $default characters=characters+1 WHERE id='".$acctrow["id"]."' LIMIT 1");
// And we're finished.
die(header("Location: users.php?do=characters"));
} else {
// Die gracefully on errors.
if ($acctrow["characters"] != 0) {
err("The following error(s) occurred when your character was being made:<br /><span style=\"color:red;\">$errorlist</span><br />Please <a href=\"users.php?do=charnew\">go back</a> and try again.");
} else {
die("The following error(s) occurred when your character was being made:<br /><span style=\"color:red;\">$errorlist</span><br />Please <a href=\"users.php?do=charnew\">go back</a> and try again.");
}
}
}
$classes = dorow(doquery("SELECT * FROM <<classes>> ORDER BY id"));
$row["charclass"] = "";
$row["classdesc"] = "";
@ -443,108 +443,108 @@ function charnew() {
foreach($difficulty as $a=>$b) {
$row["difficulty"] .= "<option value=\"".$b["id"]."\">".$b["name"]."</option>";
}
if ($acctrow["characters"] == 0) { $row["defaultenabled"] = "disabled=\"disabled\""; } else { $row["defaultenabled"] = ""; }
$row["maxsize"] = round($controlrow["avatarmaxsize"] / 1000, 1);
display("Characters", parsetemplate(gettemplate("users_charnew"), $row), false);
}
function charedit() {
global $controlrow, $acctrow;
// Change the active character for the account.
if (!is_numeric($_GET["uid"])) { err("Invalid UID."); }
$newuserrow = dorow(doquery("SELECT * FROM <<users>> WHERE id='".$_GET["uid"]."' LIMIT 1"));
if ($newuserrow == false) { err("No such UID."); }
if ($newuserrow["account"] != $acctrow["id"]) { err("You don't own that UID."); }
if (isset($_POST["submit"])) {
extract($_POST);
// Upload new charpicture, if required.
if ($_FILES["intavatar"]["error"] != 4) {
$allowed = array(".gif",".jpg",".png");
$type = substr($_FILES["intavatar"]["name"],-4);
// Errors.
if (!in_array(strtolower($type),$allowed)) { err("Unallowed filetype for avatar."); }
if ($_FILES["intavatar"]["size"] > $controlrow["avatarmaxsize"]) { err("Avatar filesize too big."); }
$imagesize = getimagesize($_FILES["intavatar"]["tmp_name"]);
if (($imagesize[0]>50) || ($imagesize[1]>50)) { err("Avatar dimensions too big."); }
if (($imagesize[0]>50) || ($imagesize[1]>50)) { err("Avatar dimensions too big."); }
// Move file and finish.
$randomext = "";
for($i=0; $i<8; $i++) { $randomext .= rand(0,9); }
$uploadfile = $controlrow["avatarpath"] . $acctrow["username"] . $randomext . $type;
if (!move_uploaded_file($_FILES["intavatar"]["tmp_name"], $uploadfile)) { err("Unable to upload avatar."); }
$newcharpicture = $controlrow["avatarurl"] . $acctrow["username"] . $randomext . $type;
if ($newuserrow["charpicture"] != "") {
$oldav = ltrim($newuserrow["charpicture"], $controlrow["avatarurl"]);
unlink($controlrow["avatarpath"] . $oldav);
}
}
// Now everything's cool.
$query = doquery("UPDATE <<users>> SET charpicture='$newcharpicture' WHERE id='".$newuserrow["id"]."' LIMIT 1");
die(header("Location: users.php?do=characters"));
} elseif (isset($_POST["delete"])) {
if ($acctrow["characters"] == 1) { err("You only have one character on your account. If you wish to delete this character, please make a new one first before trying to delete this one."); }
display("Characters", parsetemplate(gettemplate("users_chardelete"), $newuserrow));
} elseif (isset($_POST["ultrakill"])) {
// First we delete the char.
$query = doquery("DELETE FROM <<users>> WHERE id='".$newuserrow["id"]."'");
// Then we gotta update acctrow accordingly.
$query2 = dorow(doquery("SELECT * FROM <<users>> WHERE account='".$acctrow["id"]."' ORDER BY id LIMIT 1"));
$query3 = doquery("UPDATE <<accounts>> SET characters=characters-1, activechar='".$query2["id"]."' WHERE id='".$acctrow["id"]."' LIMIT 1");
die(header("Location: users.php?do=characters"));
} elseif (isset($_POST["wimpout"])) {
die(header("Location: users.php?do=characters"));
}
$newuserrow["maxsize"] = round($controlrow["avatarmaxsize"] / 1000, 1);
display("Characters", parsetemplate(gettemplate("users_charedit"), $newuserrow));
}
function levelup() {
global $userrow;
if ($userrow["levelup"] == 0) { err("You do not currently have any Level Points to spend."); }
$classrow = dorow(doquery("SELECT * FROM <<classes>> WHERE id='".$userrow["charclass"]."' LIMIT 1"));
if (isset($_POST["submit"])) {
unset($_POST["submit"]);
// Check to make sure they didn't mess with the input names.
foreach($_POST as $a=>$b) {
foreach($_POST as $a=>$b) {
if (!is_numeric($a)) { err("Invalid input format."); }
}
// Loop through and add points where appropriate.
// Note that we loop through the number of points in $userrow, rather than the number of fields.
// Note that we loop through the number of points in $userrow, rather than the number of fields.
// This is to ensure that people don't edit the source to just add more fields.
$total = $userrow["levelup"];
for($i=0; $i<$total; $i++) {
switch($_POST[$i]) {
case "str":
case "str":
$userrow["strength"]++;
$userrow["physattack"] += (1 * $classrow["damageperstrength"]);
$userrow["levelup"]--;
@ -570,19 +570,19 @@ function levelup() {
break;
}
}
// Round down any fractions.
$userrow["physattack"] = floor($userrow["physattack"]);
$userrow["physdefense"] = floor($userrow["physdefense"]);
$userrow["maxhp"] = floor($userrow["maxhp"]);
$userrow["maxmp"] = floor($userrow["maxmp"]);
// Finish.
updateuserrow();
display("Level Points", parsetemplate(gettemplate("users_levelup2"), $userrow));
} else {
$row["dropdowns"] = "";
for($i=0; $i<$userrow["levelup"]; $i++) {
$row["dropdowns"] .= "<div style=\"padding-bottom: 5px;\"><select name=\"$i\"><option value=\"0\">Pick One</option><option value=\"str\">Strength</option><option value=\"dex\">Dexterity</option><option value=\"lif\">Life</option><option value=\"enr\">Energy</option></select></div>\n";
@ -593,31 +593,31 @@ function levelup() {
$row["hpperlife"] = $classrow["hpperlife"];
$row["mpperenergy"] = $classrow["mpperenergy"];
$row["levelup"] = $userrow["levelup"];
display("Level Points", parsetemplate(gettemplate("users_levelup1"), $row));
}
}
function levelspell() {
global $userrow, $spells;
if ($userrow["levelspell"] == 0) { err("You do not currently have any Spell Points to spend."); }
if (isset($_POST["submit"])) {
unset($_POST["submit"]);
// Check to make sure they didn't mess with the input names.
foreach($_POST as $a=>$b) {
$a = ltrim($a,"spelot");
if (!is_numeric($a)) { err("Invalid input format."); }
}
// Loop through and add points where appropriate.
// Note that we loop through the number of points in $userrow, rather than the number of fields.
// Note that we loop through the number of points in $userrow, rather than the number of fields.
// This is to ensure that people don't edit the source to just add more fields.
$total = $userrow["levelspell"];
for($i=0; $i<$total; $i++) {
@ -629,19 +629,19 @@ function levelspell() {
$userrow["levelspell"]--;
}
}
// Finish.
updateuserrow();
display("Spell Points", parsetemplate(gettemplate("users_levelspell2"), $userrow));
} else {
if ($userrow["levelspell"] != 0) {
$row["spelldropdowns"] = "";
for ($j=0; $j<$userrow["levelspell"]; $j++) {
$row["spelldropdowns"] .= "<select name=\"spell$j\"><option value=\"0\">Pick One</option>\n";
foreach($spells as $a=>$b) {
if (($b["minlevel"] <= $userrow["level"]) && ($b["classonly"] == $userrow["charclass"] ^ $b["classexclude"] != $userrow["charclass"])) {
if (($b["minlevel"] <= $userrow["level"]) && ($b["classonly"] == $userrow["charclass"] ^ $b["classexclude"] != $userrow["charclass"])) {
$row["spelldropdowns"] .= "<option value=\"".$b["id"]."\">".$b["name"]."</option>\n";
}
}
@ -649,7 +649,7 @@ function levelspell() {
for ($k=1; $k<11; $k++) {
if ($userrow["spell".$k."id"] != 0) {
$row["spelldropdowns"] .= "<option value=\"$k\">Slot $k: ".$userrow["spell".$k."name"]."</option>";
} else {
} else {
$row["spelldropdowns"] .= "<option value=\"$k\">Slot $k: Empty</option>";
}
}
@ -657,13 +657,13 @@ function levelspell() {
}
$row["spelldropdowns"] .= "<br />";
}
$row["levelspell"] = $userrow["levelspell"];
display("Spell Points", parsetemplate(gettemplate("users_levelspell1"), $row));
}
}
?>
?>