From 6f782914ca1be73ccea08c6ab36ac9a25429446e Mon Sep 17 00:00:00 2001 From: Sky Johnson Date: Thu, 8 Aug 2024 12:55:08 -0500 Subject: [PATCH] Make playable --- .gitignore | 1 + changelog.txt | 10 +- config.php | 14 +- images/botcheck/.gitkeep | 0 install.php | 118 ++--- install.sql | 72 +-- lib.php | 97 ++-- shim.php | 1061 ++++++++++++++++++++++++++++++++++++++ users.php | 340 ++++++------ 9 files changed, 1385 insertions(+), 328 deletions(-) create mode 100644 .gitignore create mode 100644 images/botcheck/.gitkeep create mode 100644 shim.php diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4f4773f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +config.php diff --git a/changelog.txt b/changelog.txt index 84598c7..0b39c1d 100644 --- a/changelog.txt +++ b/changelog.txt @@ -3,6 +3,12 @@ Changelog ***** BETA FIVE ***** +8.8.2024 - Build 21 (Make Playable): +- Add a mysql_ shim to replace old database functions +- Modify some SQL to make it work with MySQL 8.0+ +- Create botcheck folder and add a .gitkeep to pass tests +- Remove magic quotes functions as they have entirely been removed + 9.2.2007 - Build 20 (Consolation Prize Part Deux): - Fixed incorrect story values in install.sql. - Some changes to the version/copyright/moddedby display. @@ -192,7 +198,7 @@ Changelog - Fights happen slightly less often now (1/5 rather than 1/4). - Added anti-macro image verification for protection against space robots. -4.1.2005 - Build 03 (Holy Hand Grenade): +4.1.2005 - Build 03 (Holy Hand Grenade): - Fixed problem that prevented users from registering. - Fixed exploit in the Bank and Post Office that allowed users to withdraw/deposit/send negative numbers. - Added God Mode cheat: index.php?do=iddqd @@ -236,4 +242,4 @@ Changelog - Added language indexes for x_submit and x_reset. 7.19.2004 - Build 20 (pr0n): -- Initial public testing release. \ No newline at end of file +- Initial public testing release. diff --git a/config.php b/config.php index ca61eb2..f29d933 100644 --- a/config.php +++ b/config.php @@ -15,11 +15,11 @@ // (see our website for that). $dbsettings = Array( - "server" => "localhost", // MySQL server name. (Usually localhost.) - "user" => "", // MySQL username. - "pass" => "", // MySQL password. - "name" => "", // MySQL database name. + "server" => "127.0.0.1", // MySQL server name. (Usually localhost.) + "user" => "root", // MySQL username. + "pass" => "root", // MySQL password. + "name" => "scourge", // MySQL database name. "prefix" => "sx", // Prefix for table names. - "secretword" => ""); // Secret word used when hashing information for cookies. - -?> \ No newline at end of file + "secretword" => "poop"); // Secret word used when hashing information for cookies. + +?> diff --git a/images/botcheck/.gitkeep b/images/botcheck/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/install.php b/install.php index 1c1a4ca..7f8c548 100644 --- a/install.php +++ b/install.php @@ -14,16 +14,10 @@ // within the confines of the Dragon Scourge License Agreement // (see our website for that). +require_once 'shim.php'; + opendb(); -// Handling for servers with magic_quotes turned on. -if (get_magic_quotes_gpc()) { - - $_POST = array_map('uber_ss', $_POST); - $_GET = array_map('uber_ss', $_GET); - $_COOKIE = array_map('uber_ss', $_COOKIE); - -} $_POST = array_map('uber_mres', $_POST); $_POST = array_map('uber_hsc', $_POST); $_GET = array_map('uber_mres', $_GET); @@ -43,30 +37,30 @@ switch ($page) { } function uber_ss($value) { - + $value = is_array($value) ? array_map('uber_ss', $value) : stripslashes($value); return $value; - + } function uber_mres($value) { - + $value = is_array($value) ? array_map('uber_mres', $value) : mysql_real_escape_string($value); return $value; - + } function uber_hsc($value) { - + $value = is_array($value) ? array_map('uber_hsc', $value) : htmlspecialchars($value); return $value; - + } function opendb() { // Open database connection. @@ -85,27 +79,27 @@ function opendb() { // Open database connection. define("DBRESULT", true); } } - return $link; + //return $link; } function doquery($query) { // Something of a tiny little database abstraction layer. - + include('config.php'); $sqlquery = mysql_query(preg_replace("/<<([a-zA-Z0-9_\-]+)>>/", $dbsettings["prefix"]."_$1", $query)); - + if ($sqlquery == false) { die(mysql_error() . "

" . $query); } - + return $sqlquery; - + } function dorow($sqlquery, $force = "") { // Abstraction layer part deux. - + switch (mysql_num_rows($sqlquery)) { - + case 0: $row = false; break; @@ -128,11 +122,11 @@ function dorow($sqlquery, $force = "") { // Abstraction layer part deux. } } break; - + } - + return $row; - + } // Thanks to Predrag Supurovic from php.net for this function! @@ -153,11 +147,11 @@ function dobatch($p_query) { /***** DONE WITH ALL THE SETUP STUFF, SO ACTUALLY START INSTALLING. *****/ function one() { - + // Test file permissions. $botcheck = false; $f = fopen("images/botcheck/test.txt", "a"); - if ($f) { + if ($f) { if (fwrite($f,"test")) { $botcheck = true; fclose($f); @@ -166,20 +160,20 @@ function one() { } $users = false; $f = fopen("images/users/test.txt", "a"); - if ($f) { + if ($f) { if (fwrite($f,"test")) { $users = true; fclose($f); unlink("images/users/test.txt"); } } - + // Display status. if ($botcheck) { $botcheck = "Pass"; } else { $botcheck = "Fail"; } if ($users) { $users = "Pass"; } else { $users = "Fail"; } if (MYSQLRESULT) { $mysqlresult = "Pass"; } else { $mysqlresult = "Fail"; } if (DBRESULT) { $dbresult = "Pass"; } else { $dbresult = "Fail"; } - + // Done. Show page. $page = << @@ -195,7 +189,7 @@ $page = <<
- +

Dragon Scourge :: Installation (Step 1)

  1. Verify Settings
    2. @@ -203,7 +197,7 @@ $page = <<Primary Game Settings
  2. Create Admin User
- + @@ -211,16 +205,16 @@ $page = <<
Verify Settings
MySQL Connection$mysqlresult
File Permissions: /images/users/$users
File Permissions: /images/botcheck/$botcheck


- + If any of the above settings display Fail, please go back and make sure everything is correct.

For failures on either MySQL Connection or MySQL Database, please ensure that you have inserted the correct values for your server configuration into config.php, and make sure that the database to which you will be installing Dragon Scourge already exists on your server.

For failures on either of the two File Permissions settings, make sure that the appropriate folders have been CHMODed to 0777 (on Unix/Linux servers), or are not set to read-only (on Windows servers). If you need help with this, click here for tutorials on how to do this in several major FTP clients.

Once you have checked all the appropriate settings, reload this page and make sure that all four tests indicate Pass before continuing.

Once all tests pass, click the link below to continue to step two.

- + Continue to Step Two: Install Database
Installing the database may take several seconds. Please click the link only once. - +
@@ -230,10 +224,10 @@ die($page); } function two() { - + $installsql = file_get_contents("install.sql"); $status = dobatch($installsql); - + $page = << @@ -248,7 +242,7 @@ $page = <<
- +

Dragon Scourge :: Installation (Step 2)

  1. Verify Settings
    2. @@ -256,11 +250,11 @@ $page = <<Primary Game Settings
  2. Create Admin User
- + The database installation is now complete. Click the link below to set up your initial game settings.

- + Continue to Step Three: Primary Game Settings - +
@@ -270,7 +264,7 @@ die($page); } function three() { - + // Path stuff. Easy. $gamepath = str_replace("install.php","",__FILE__); $gamepath = str_replace("\\","/",$gamepath); @@ -278,8 +272,8 @@ function three() { $gameurl = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"]; $gameurl = str_replace("install.php","",$gameurl); $avatarurl = $gameurl . "images/users/"; - - + + $page = << @@ -295,7 +289,7 @@ $page = <<
- +

Dragon Scourge :: Installation (Step 3)

  1. Verify Settings
    2. @@ -303,7 +297,7 @@ $page = <<Primary Game Settings
  2. Create Admin User
- +
@@ -332,7 +326,7 @@ $page = <<
Game Name
The name of your game. Used in page titles and when sending email to new users.

- +
@@ -342,7 +336,7 @@ die($page); } function four() { - + // Check for errors. $requires = array("gamename","gamepath","gameurl","avatarpath","avatarurl","avatarmaxsize","adminemail","botcheck","pvprefresh","pvptimeout","guildstartup","guildstartlvl","guildjoinlvl","guildupdate"); $numerics = array("avatarmaxsize","botcheck","pvprefresh","pvptimeout","guildstartup","guildstartlvl","guildjoinlvl","guildupdate"); @@ -355,15 +349,15 @@ function four() { if (!is_numeric($_POST[$b])) { $errors .= "$b field must contain numbers only.
"; } } if ($errors != "") { die("The following errors occurred. Please go back and correct these errors before continuing.

$errors"); } - + // Check toggles. foreach($toggles as $a => $b) { if (!isset($_POST[$b])) { $_POST[$b] = "0"; } } - + // No errors, so set up the table. extract($_POST); - doquery("INSERT INTO <> SET + doquery("INSERT INTO <> SET id='1', gamename='$gamename', gameopen='1', @@ -393,7 +387,7 @@ function four() { guildjoinlvl='$guildjoinlvl', guildupdate='$guildupdate' "); - + // Done with the controlrow creator. Now show admin user creation form.' $page = << @@ -410,7 +404,7 @@ $page = <<
- +

Dragon Scourge :: Installation (Step 4)

  1. Verify Settings
    2. @@ -418,7 +412,7 @@ $page = <<Primary Game Settings
  2. Create Admin User
- +
@@ -429,7 +423,7 @@ $page = <<
Username

- +
@@ -438,7 +432,7 @@ die($page); } function five() { - + // Check for errors. $requires = array("username","password","emailaddress"); $errors = ""; @@ -446,12 +440,12 @@ function five() { if (!isset($_POST[$b]) || trim($_POST[$b])=="") { $errors .= "$b field is required.
"; } } if ($errors != "") { die("The following errors occurred. Please go back and correct these errors before continuing.

$errors"); } - + // No errors, so set up the table. extract($_POST); $password = md5($password); - - doquery("INSERT INTO <> SET + + doquery("INSERT INTO <> SET id='1', username='$username', password='$password', @@ -466,7 +460,7 @@ function five() { imageformat='.png', minimap='1' "); - + // Done with the controlrow creator. Now show admin user creation form.' $page = << @@ -483,12 +477,12 @@ $page = <<
- +

Dragon Scourge :: Installation Complete

Dragon Scourge Installation has now completed. Congratulations.

For security reasons, please delete install.php and install.sql from your game directory at this time!

Click here to log into your game for the first time. Once you log in, you will be asked to create your first Character. - +
@@ -496,4 +490,4 @@ THEVERYENDOFYOU; die($page); } -?> \ No newline at end of file +?> diff --git a/install.sql b/install.sql index dbf36a9..54db4ed 100644 --- a/install.sql +++ b/install.sql @@ -5,7 +5,7 @@ CREATE TABLE `<>` ( `password` varchar(32) NOT NULL default '', `emailaddress` varchar(200) NOT NULL default '', `verifycode` varchar(32) NOT NULL default '', - `regdate` datetime NOT NULL default '0000-00-00 00:00:00', + `regdate` datetime NOT NULL default NOW(), `regip` varchar(16) NOT NULL default '', `authlevel` tinyint(3) unsigned NOT NULL default '1', `language` varchar(30) NOT NULL default '', @@ -14,18 +14,18 @@ CREATE TABLE `<>` ( `imageformat` varchar(4) NOT NULL default '0', `minimap` tinyint(3) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( `id` int(11) unsigned NOT NULL auto_increment, - `posttime` datetime NOT NULL default '0000-00-00 00:00:00', + `posttime` datetime NOT NULL default NOW(), `charname` varchar(30) NOT NULL default '', `charid` int(11) unsigned NOT NULL default '0', `content` varchar(255) NOT NULL default '', `guild` int(10) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( @@ -39,9 +39,9 @@ CREATE TABLE `<>` ( `mpperenergy` float unsigned NOT NULL default '0', `description` text NOT NULL, PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `expbonus`, `goldbonus`, `damageperstrength`, `defenseperdex`, `hpperlife`, `mpperenergy`, `description`) VALUES +INSERT INTO `<>` (`id`, `name`, `expbonus`, `goldbonus`, `damageperstrength`, `defenseperdex`, `hpperlife`, `mpperenergy`, `description`) VALUES (1, 'Barbarian', 0, 0, 3, 1, 2, 1, 'Barbarians specialize in physical damage. 3 damage per strength point, 1 defense per dexterity point, 2 hp per life point, 1 mp per energy point.'), (2, 'Sorceress', 0, 0, 1, 1, 2, 3, 'Sorceresses specialize in magical damage. 1 damage per strength point, 1 defense per dexterity point, 2 hp per life point, 3 mp per energy point.'), (3, 'Paladin', 0, 0, 1, 2, 3, 1, 'Paladins specialize in staying alive. 1 damage per strength point, 2 defense per dexterity point, 3 hp per life point, 1 mp per energy point.'); @@ -77,7 +77,7 @@ CREATE TABLE `<>` ( `guildjoinlvl` int(10) unsigned NOT NULL default '0', `guildupdate` int(10) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( @@ -88,9 +88,9 @@ CREATE TABLE `<>` ( `multiplier` float NOT NULL default '0', `deathpenalty` tinyint(3) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `expbonus`, `goldbonus`, `multiplier`, `deathpenalty`) VALUES +INSERT INTO `<>` (`id`, `name`, `expbonus`, `goldbonus`, `multiplier`, `deathpenalty`) VALUES (1, 'Easy', 0, 0, 1, 0), (2, 'Medium', 3, 3, 1.5, 3), (3, 'Hard', 5, 5, 2, 7); @@ -102,7 +102,7 @@ CREATE TABLE `<>` ( `charid` int(10) unsigned NOT NULL default '0', `charname` varchar(30) NOT NULL default '', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( @@ -127,7 +127,7 @@ CREATE TABLE `<>` ( `statement` text NOT NULL, `news` text NOT NULL, PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( @@ -157,9 +157,9 @@ CREATE TABLE `<>` ( `mod6name` varchar(50) NOT NULL default '', `mod6attr` smallint(5) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `slotnumber`, `isunique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`, `mod1name`, `mod1attr`, `mod2name`, `mod2attr`, `mod3name`, `mod3attr`, `mod4name`, `mod4attr`, `mod5name`, `mod5attr`, `mod6name`, `mod6attr`) VALUES +INSERT INTO `<>` (`id`, `name`, `slotnumber`, `isunique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`, `mod1name`, `mod1attr`, `mod2name`, `mod2attr`, `mod3name`, `mod3attr`, `mod4name`, `mod4attr`, `mod5name`, `mod5attr`, `mod6name`, `mod6attr`) VALUES (1, 'Pointy Stick', 1, 0, 1, 10, 5, 1, 0, 0, 0, 'physattack', 3, '', 0, '', 0, '', 0, '', 0, '', 0, '', 0), (2, 'Big Stick', 1, 0, 1, 15, 8, 1, 0, 0, 0, 'physattack', 4, '', 0, '', 0, '', 0, '', 0, '', 0, '', 0), (3, 'Dagger', 1, 0, 1, 20, 10, 1, 0, 0, 0, 'physattack', 5, '', 0, '', 0, '', 0, '', 0, '', 0, '', 0), @@ -341,9 +341,9 @@ CREATE TABLE `<>` ( `prettyname` varchar(50) NOT NULL default '', `percent` tinyint(3) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `fieldname`, `prettyname`, `percent`) VALUES +INSERT INTO `<>` (`id`, `fieldname`, `prettyname`, `percent`) VALUES (1, 'expbonus', 'Experience Bonus', 1), (2, 'goldbonus', 'Gold Bonus', 1), (3, 'maxhp', 'Max HP', 0), @@ -381,9 +381,9 @@ CREATE TABLE `<>` ( `basename` varchar(50) NOT NULL default '', `baseattr` smallint(5) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES +INSERT INTO `<>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES (1, 'Sharp', 1, 0, 0, 5, 3, 1, 0, 0, 0, 'physattack', 2), (2, 'Magic', 1, 0, 0, 8, 4, 1, 0, 0, 0, 'magicattack', 5); @@ -403,16 +403,16 @@ CREATE TABLE `<>` ( `basename` varchar(50) NOT NULL default '', `baseattr` smallint(5) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES +INSERT INTO `<>` (`id`, `name`, `slotnumber`, `unique`, `willdrop`, `buycost`, `sellcost`, `reqlevel`, `reqstrength`, `reqdexterity`, `reqenergy`, `basename`, `baseattr`) VALUES (1, 'of the Vampire', 1, 0, 0, 5, 3, 1, 0, 0, 0, 'hpleech', 5), (2, 'of the Bear', 1, 0, 0, 5, 3, 1, 0, 0, 0, 'strength', 5); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( `id` int(10) unsigned NOT NULL auto_increment, - `postdate` datetime NOT NULL default '0000-00-00 00:00:00', + `postdate` datetime NOT NULL default NOW(), `senderid` int(10) unsigned NOT NULL default '0', `sendername` varchar(30) NOT NULL default '', `recipientid` int(10) unsigned NOT NULL default '0', @@ -422,7 +422,7 @@ CREATE TABLE `<>` ( `message` text NOT NULL, `gold` int(10) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( @@ -449,9 +449,9 @@ CREATE TABLE `<>` ( `newstory` int(10) unsigned NOT NULL default '0', `hpleech` tinyint(3) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `world`, `level`, `maxexp`, `maxgold`, `maxhp`, `physattack`, `physdefense`, `magicattack`, `magicdefense`, `fireattack`, `firedefense`, `lightattack`, `lightdefense`, `spell1`, `spell2`, `spellimmune1`, `spellimmune2`, `boss`, `newstory`, `hpleech`) VALUES +INSERT INTO `<>` (`id`, `name`, `world`, `level`, `maxexp`, `maxgold`, `maxhp`, `physattack`, `physdefense`, `magicattack`, `magicdefense`, `fireattack`, `firedefense`, `lightattack`, `lightdefense`, `spell1`, `spell2`, `spellimmune1`, `spellimmune2`, `boss`, `newstory`, `hpleech`) VALUES (1, 'Small Slime', 1, 1, 4, 2, 3, 3, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (2, 'Shade', 1, 1, 4, 2, 3, 4, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), (3, 'Slime', 1, 2, 4, 2, 3, 3, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0), @@ -673,7 +673,7 @@ CREATE TABLE `<>` ( `turntime` timestamp NOT NULL, `fightrow` text NOT NULL, PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( @@ -686,9 +686,9 @@ CREATE TABLE `<>` ( `classonly` int(10) unsigned NOT NULL default '0', `classexclude` int(10) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `fname`, `value`, `mp`, `minlevel`, `classonly`, `classexclude`) VALUES +INSERT INTO `<>` (`id`, `name`, `fname`, `value`, `mp`, `minlevel`, `classonly`, `classexclude`) VALUES (1, 'Heal 1', 'heal', 5, 2, 5, 2, 0), (2, 'Heal 2', 'heal', 10, 5, 10, 0, 0), (3, 'Heal 3', 'heal', 20, 10, 15, 0, 0), @@ -783,9 +783,9 @@ CREATE TABLE `<>` ( `rewardname` varchar(30) NOT NULL default '', `rewardattr` int(11) NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `title`, `story`, `world`, `latitude`, `longitude`, `nextstory`, `targetmonster`, `targetitem`, `targetworld`, `targetlat`, `targetlon`, `targetaction`, `rewardname`, `rewardattr`) VALUES +INSERT INTO `<>` (`id`, `title`, `story`, `world`, `latitude`, `longitude`, `nextstory`, `targetmonster`, `targetitem`, `targetworld`, `targetlat`, `targetlon`, `targetaction`, `rewardname`, `rewardattr`) VALUES (1, 'Prologue', 'The light has forsaken this land, and not for the first time. Centuries ago, it was overrun by darkness and then saved by a hero whose lifelong quest was to eradicate evil. The hero succeeded, and in the end, Lucifuge, King of the Dragons, was destroyed... at least for the time being. In the many long years since that time, Lucifuge has been gathering his forces and his power, and has finally regained enough of his former strength to return.\r\n\r\nSo the land is once again in need of a saviour. It will be no easy task, dear adventurer. In the last age, Lucifuge and his minions controlled but a small country. This time, he has sent his forces to sow chaos and darkness throughout the world. Only a brave adventurer will be able to conquer him and restore peace and order to the world.\r\n\r\nContinue on, dear adventurer. You shall be tested dearly, but the rewards will be great.', 1, 0, 0, 2, 0, '', 1, 0, 0, '', '', 0), (2, 'Queen of Demons', 'You come to a great stone door, with the inscription ''RAZORA'' carved in the Language of the Fallen. Next to the door lie the skeletons of several dead warriors who failed to enter. One of the skeletons is holding a scrap of paper, which reads:\r\n\r\n"We finally made it. The legends are true, Razora does exist. As I write this, we are standing outside the demon queen''s throneroom. Something is following us, though, and has been for several days. We''re making camp tonight, and we''ll head inside in the morning. After the months of travelling, we definitely need our rest if we''re really preparing to face Razora. We''ve survived this far, surely whatever is following us will hold off one more night..."\r\n\r\nYou are now faced with a choice, dear adventurer. Are you ready to face the demon queen Razora, or do you still need more preparation?', 1, 100, -100, 0, 201, '', 0, 0, 0, '', '', 0), (3, 'Fallen Queen', 'Razora, the Demon Queen, lies dead at your feet. Even now, her body and all the black blood spilled from it are melting away into the nether. Soon, all that''s left is her heart, which you take with you as proof that you destroyed her.\r\n\r\nOne section of the wall crumbles and falls, and leads to a doorway, guarded by a large statue of an angel. In the angel''s hand is a sword with flames engraved in the blade.\r\n\r\nIt wouldn''t be too much trouble to take the sword, and it does seem like your right to take it, after all the trouble you went through to kill Razora. You can now take the sword and continue through the doorway, or just continue on without it.', 1, 100, -100, 4, 0, '', 2, 0, 0, '', 'maxhp', 50), @@ -820,9 +820,9 @@ CREATE TABLE `<>` ( `itemminlvl` int(10) unsigned NOT NULL default '0', `itemmaxlvl` int(10) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `world`, `latitude`, `longitude`, `innprice`, `mapprice`, `travelpoints`, `itemminlvl`, `itemmaxlvl`) VALUES +INSERT INTO `<>` (`id`, `name`, `world`, `latitude`, `longitude`, `innprice`, `mapprice`, `travelpoints`, `itemminlvl`, `itemmaxlvl`) VALUES (1, 'Middleton', 1, 0, 0, 5, 0, 0, 1, 5), (2, 'Norfolk', 1, 25, 25, 10, 25, 5, 3, 8), (3, 'Calentia', 1, 50, -50, 25, 50, 15, 6, 11), @@ -853,9 +853,9 @@ DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( `id` int(10) unsigned NOT NULL auto_increment, `account` int(10) unsigned NOT NULL default '0', - `birthdate` datetime NOT NULL default '0000-00-00 00:00:00', + `birthdate` datetime NOT NULL default NOW(), `lastip` varchar(16) NOT NULL default '', - `onlinetime` datetime NOT NULL default '0000-00-00 00:00:00', + `onlinetime` datetime NOT NULL default NOW(), `exploreverify` varchar(6) NOT NULL default '', `exploreverifyimage` varchar(12) NOT NULL default '', `explorefailed` int(10) unsigned NOT NULL default '0', @@ -953,7 +953,7 @@ CREATE TABLE `<>` ( `bonusdefense` smallint(5) unsigned NOT NULL default '0', PRIMARY KEY (`id`), FULLTEXT KEY `item1name` (`item1name`) -) TYPE=MyISAM ; +); DROP TABLE IF EXISTS `<>`; CREATE TABLE `<>` ( @@ -961,11 +961,11 @@ CREATE TABLE `<>` ( `name` varchar(30) NOT NULL default '', `size` smallint(5) unsigned NOT NULL default '0', PRIMARY KEY (`id`) -) TYPE=MyISAM ; +); -INSERT INTO `<>` (`id`, `name`, `size`) VALUES +INSERT INTO `<>` (`id`, `name`, `size`) VALUES (1, 'Raenslide', 100), (2, 'Lorenfall', 100), (3, 'Borderlands', 100), (4, 'Inferno', 100), -(5, 'Unreality', 100); \ No newline at end of file +(5, 'Unreality', 100); diff --git a/lib.php b/lib.php index 97fb4ae..dee10f0 100644 --- a/lib.php +++ b/lib.php @@ -20,24 +20,19 @@ //if (file_exists("install.php")) { die("Please remove the install.php and install.sql files from your game directory before continuing."); } //if (file_exists("install.sql")) { die("Please remove the install.php file from your game directory before continuing."); } +require_once 'shim.php'; + // Setup for superglobal stuff that can't go in globals.php. $starttime = getmicrotime(); $numqueries = 0; $link = opendb(); $version = "Beta 5"; -$bnumber = "20"; -$bname = "Consolation Prize Part Deux"; -$bdate = "9.2.2007"; +$bnumber = "21"; +$bname = "Make Playable"; +$bdate = "8.8.2024"; include("lib2.php"); // Handling for servers with magic_quotes turned on. -if (get_magic_quotes_gpc()) { - - $_POST = array_map('uber_ss', $_POST); - $_GET = array_map('uber_ss', $_GET); - $_COOKIE = array_map('uber_ss', $_COOKIE); - -} $_POST = array_map('uber_mres', $_POST); $_POST = array_map('uber_hsc', $_POST); $_GET = array_map('uber_mres', $_GET); @@ -46,30 +41,30 @@ $_COOKIE = array_map('uber_mres', $_COOKIE); $_COOKIE = array_map('uber_hsc', $_COOKIE); function uber_ss($value) { - + $value = is_array($value) ? array_map('uber_ss', $value) : stripslashes($value); return $value; - + } function uber_mres($value) { - + $value = is_array($value) ? array_map('uber_mres', $value) : mysql_real_escape_string($value); return $value; - + } function uber_hsc($value) { - + $value = is_array($value) ? array_map('uber_hsc', $value) : htmlspecialchars($value); return $value; - + } function opendb() { // Open database connection. @@ -83,7 +78,7 @@ function opendb() { // Open database connection. } function doquery($query) { // Something of a tiny little database abstraction layer. - + include('config.php'); global $numqueries, $controlrow; $sqlquery = mysql_query(preg_replace('/<<([a-zA-Z0-9_\-]+)>>/', $dbsettings["prefix"].'_$1', $query)); @@ -91,16 +86,16 @@ function doquery($query) { // Something of a tiny little database abstraction la if ($sqlquery == false) { if ($controlrow["debug"] == 1) { die(mysql_error() . "

" . $query); } else { die("A MySQL query error occurred. Please contact the game administrator for more help."); } } - + $numqueries++; return $sqlquery; - + } function dorow($sqlquery, $force = "") { // Abstraction layer part deux. - + switch (mysql_num_rows($sqlquery)) { - + case 0: $row = false; break; @@ -123,34 +118,34 @@ function dorow($sqlquery, $force = "") { // Abstraction layer part deux. } } break; - + } - + return $row; - + } function gettemplate($templatename) { // SQL query for the template. - + $filename = "templates/" . $templatename . ".php"; include("$filename"); return $template; - + } function parsetemplate($template, $array) { // Replace template with proper content. Also does languages. - + foreach($array as $a => $b) { $template = str_replace("{{{$a}}}", $b, $template); } return $template; - + } function getmicrotime() { // Used for timing script operations. - list($usec, $sec) = explode(" ",microtime()); - return ((float)$usec + (float)$sec); + list($usec, $sec) = explode(" ",microtime()); + return ((float)$usec + (float)$sec); } @@ -164,18 +159,18 @@ function mymail($to, $title, $body, $from = '') { // thanks to arto dot PLEASE d global $controlrow; extract($controlrow); - + $from = trim($from); if (!$from) { $from = "<$adminemail>"; } - + $rp = $adminemail; $org = "$gameurl"; $mailer = "PHP"; - + $head = ""; $head .= "Content-Type: text/plain \r\n"; $head .= "Date: ". date('r'). " \r\n"; @@ -187,26 +182,26 @@ function mymail($to, $title, $body, $from = '') { // thanks to arto dot PLEASE d $head .= "X-Sender: $from \r\n"; $head .= "X-Priority: 3 \r\n"; $head .= "X-Mailer: $mailer \r\n"; - + $body = str_replace("\r\n", "\n", $body); $body = str_replace("\n", "\r\n", $body); - + return mail($to, $title, $body, $head); - + } function err($error, $system = false, $panels = true) { // Basic little error handler. $errmsg = "One or more errors have occurred:

$error

Please go back and try again."; display("Error", $errmsg, $panels); - + } function display($title, $content, $panels = true) { // Finalize page and output to browser. - + include('config.php'); global $controlrow, $userrow, $worldrow, $numqueries, $starttime, $version, $build; - + if (!isset($controlrow)) { $controlrow = dorow(doquery("SELECT * FROM <> WHERE id='1' LIMIT 1")); } @@ -216,7 +211,7 @@ function display($title, $content, $panels = true) { // Finalize page and output . "\n" . "\n"; $page .= gettemplate("primary"); - + // Setup for primary page array indexes. $row = array(); $row["gamename"] = $controlrow["gamename"]; @@ -232,24 +227,24 @@ function display($title, $content, $panels = true) { // Finalize page and output } else { $row["info"] = "Version " . $row["version"] . " " . $row["debug"]; } - + // Setup for side panels. include("panels.php"); - if ($panels == true) { - $row["leftnav"] = panelleft(); + if ($panels == true) { + $row["leftnav"] = panelleft(); $row["rightnav"] = panelright(); $row["topnav"] = paneltop(true); $row["bottomnav"] = panelbottom(); $row["middlenav"] = panelmiddle(); - } else { - $row["leftnav"] = ""; + } else { + $row["leftnav"] = ""; $row["rightnav"] = ""; $row["topnav"] = paneltop(false); $row["bottomnav"] = ""; } - + $page = rtrim($page, "<-!"); - + $page .= << @@ -267,13 +262,13 @@ $page .= << THEVERYENDOFYOU; - + // Finalize control array for output. - $page = parsetemplate($page, $row); - + $page = parsetemplate($page, $row); + if ($controlrow["compression"] == 1) { ob_start("ob_gzhandler"); } echo $page; die(); } -?> \ No newline at end of file +?> diff --git a/shim.php b/shim.php new file mode 100644 index 0000000..f8db517 --- /dev/null +++ b/shim.php @@ -0,0 +1,1061 @@ +connect_error); + } + # or is this an instance of a mysqli result? + if ($r instanceof mysqli_result) { + return true; + } + return false; + # negative on all other variable types + default: + return false; + } +} + +# alias for is_mysqli_or_resource() +function is_mysql_resource($r) { + return is_mysqli_or_resource($r); +} + +# alias for is_mysqli_or_resource() +function is_generic_resource($r) { + return is_mysqli_or_resource($r); +} + +# to check if an item is a resource/object - replace is_resource with this +# old version, this will break if testing file handles too +function is_mysql_resource_old($result) { + + # first try to treat as resource if original mysql is loaded + if (extension_loaded('mysql')) { + return is_resource($result); + } + + # or if mysqli is loaded, try to check object + if (extension_loaded('mysqli')) { + return is_object($result); + } + + echo 'Fatal error, mysqli extension not loaded.'."\n"; + die(1); +} + +# only do this if mysql extension is not there +if (!extension_loaded('mysql')) { + + # check if mysqli extension is loaded - its required as we rely on it + if (!extension_loaded('mysqli')) { + echo 'Fatal error, mysqli extension not loaded.'."\n"; + die(1); + } + +# --- helper variables and constants ------------------------------------------- + + # a list of connections, used to get the last one + $mysql_links = array(); + + # our own constants to reach default connection values in INI file + if (!defined('MYSQL_DEFAULT_HOST')) { + if (ini_get('mysqli.default_host') !== false) { + define('MYSQL_DEFAULT_HOST', ini_get('mysqli.default_host')); + } else { + define('MYSQL_DEFAULT_HOST', ini_get('mysql.default_host')); + } + } + + if (!defined('MYSQL_DEFAULT_USER')) { + if (ini_get('mysqli.default_user') !== false) { + define('MYSQL_DEFAULT_USER', ini_get('mysqli.default_user')); + } else { + define('MYSQL_DEFAULT_USER', ini_get('mysql.default_user')); + } + } + + if (!defined('MYSQL_DEFAULT_PASSWORD')) { + if (ini_get('mysqli.default_pw') !== false) { + define('MYSQL_DEFAULT_PASSWORD', ini_get('mysqli.default_pw')); + } else { + define('MYSQL_DEFAULT_PASSWORD', ini_get('mysql.default_password')); + } + } + +# --- MySQL constants (from PHP.net) ------------------------------------------- + + # MySQL client constants + + # Use compression protocol + define('MYSQL_CLIENT_COMPRESS', MYSQLI_CLIENT_COMPRESS); + + # Allow space after function names + define('MYSQL_CLIENT_IGNORE_SPACE', MYSQLI_CLIENT_IGNORE_SPACE); + + # Allow interactive_timeout seconds + # (instead of wait_timeout ) of + # inactivity before closing the connection. + define('MYSQL_CLIENT_INTERACTIVE', MYSQLI_CLIENT_INTERACTIVE); + + # Use SSL encryption. This flag is only + # available with version 4.x of the MySQL + # client library or newer. Version 3.23.x is + # bundled both with PHP 4 and Windows binaries + # of PHP 5. + define('MYSQL_CLIENT_SSL', MYSQLI_CLIENT_SSL); + + # mysql_fetch_array() uses a constant for the different types of result + # arrays. The following constants are defined: + + # MySQL fetch constants + + # Columns are returned into the array having + # the fieldname as the array index. + define('MYSQL_ASSOC', MYSQLI_ASSOC); + + # Columns are returned into the array having + # both a numerical index and the fieldname as + # the array index. + define('MYSQL_BOTH', MYSQLI_BOTH); + + # Columns are returned into the array having a + # numerical index to the fields. This index + # starts with 0, the first field in the result. + define('MYSQL_NUM', MYSQLI_NUM); + +# --- helper functions --------------------------------------------------------- + + # internal function to convert bitflags of mysqli to flags in text + # of mysql + # thanks to andre at koethur dot de at + # http://www.php.net/manual/en/mysqli-result.fetch-fields.php#101828 + function mysql_field_bitflags_to_flags($flags_num) { + + $flags = array(); + $constants = get_defined_constants(true); + foreach ($constants['mysqli'] as $c => $n) { + if (preg_match('/MYSQLI_(.*)_FLAG$/', $c, $m)) { + if (!array_key_exists($n, $flags)) { + $flags[$n] = $m[1]; + } + } + } + $result = array(); + foreach ($flags as $n => $t) { + if ($flags_num & $n) { + $result[] = $t; + } + } + return implode(' ', $result); + } + + # function to convert bit-types of mysqli to types in text of mysql + # thanks to andre at koethur dot de at + # http://www.php.net/manual/en/mysqli-result.fetch-fields.php#101828 + function mysql_field_bittypes_to_types($type_id) { + + $types = array(); + $constants = get_defined_constants(true); + foreach ($constants['mysqli'] as $c => $n) { + if (preg_match('/^MYSQLI_TYPE_(.*)/', $c, $m)) { + $types[$n] = $m[1]; + } + } + + if (array_key_exists($type_id, $types)) { + return $types[$type_id]; + } + return NULL; + } + + # lib helper function - to ensure mysql link as mysqli always needs + # one but mysql takes last one + function mysql_ensure_link($link_identifier) { + # no link specified + if ($link_identifier === NULL) { + global $mysql_links; + + # no connection at all - then go null + if (!count($mysql_links)) { + return NULL; + } + + # get the last item of the array + $last = end($mysql_links); + + # return the last stored link + return $last['link']; + } + + return $link_identifier; + } + +# --- MySQL functions (from PHP.net) ------------------------------------------- + + # mysql_affected_rows - Get number of affected rows in previous MySQL + # operation + # int mysql_affected_rows ([ resource $link_identifier = NULL ] ) + # int mysqli_affected_rows ( mysqli $link ) + function mysql_affected_rows($link_identifier = NULL) { + # mysql_affected_rows = -1 if the last query failed + # mysqli_affected_rows = -1 indicates that the query returned + # an error + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_affected_rows( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_client_encoding - Returns the name of the character set + # string mysql_client_encoding ([ resource $link_identifier = NULL ] ) + # mysqli_character_set_name ( mysqli $link ) + function mysql_client_encoding($link_identifier = NULL) { + # note that mysqlI_client_encoding ALSO is deprecated, so we + # cannot it + # mysql_client_encoding/mysqli_character_set_name = Returns + # the default character set name for the current connection. + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_character_set_name( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_close - Close MySQL connection + # bool mysql_close ([ resource $link_identifier = NULL ] ) + # bool mysqli_close ( mysqli $link ) + function mysql_close($link = NULL) { + + # mysql_close/mysqli_close = returns TRUE on success or FALSE + # on failure + global $mysql_links; + $link = mysql_ensure_link($link); + + if (isset($link->thread_id) && is_numeric($link->thread_id)) { + $thread_id = $link->thread_id; + } else { + $thread_id = false; + } + + $result = mysqli_close($link); + + # did the removal suceed and and we have thread id + if ($result && $thread_id) { + # walk the links + foreach ($mysql_links as $k => $v) { + + # does this thread-id match the one we just + # removed? + if ($v['thread_id'] === $thread_id) { + # then remove it from connection array + array_splice($mysql_links, $k, 1); + break; + } + } + + # when connection already has been closed this error appears: + # Couldn't fetch mysqli in mysql-shim.php on line xxx + # and this gives null instead of false + } else if ($result === null) { + return false; + } + + return $result; + } + + # mysql_connect - Open a connection to a MySQL Server + # resource mysql_connect ( + # [ string $server = ini_get('mysql.default_host') + # [, string $username = ini_get('mysql.default_user') + # [, string $password = ini_get('mysql.default_password') + # [, bool $new_link = false [, int $client_flags = 0 ]]]]] ) + # mysqli mysqli_connect ( + # [ string $host = ini_get('mysqli.default_host') + # [, string $username = ini_get('mysqli.default_user') + # [, string $passwd = ini_get('mysqli.default_pw') + # [, string $dbname = '' + # [, int $port = ini_get('mysqli.default_port') + # [, string $socket = ini_get('mysqli.default_socket') ]]]]]] ) + function mysql_connect( + $server = MYSQL_DEFAULT_HOST, + $username = MYSQL_DEFAULT_USER, + $password = MYSQL_DEFAULT_PASSWORD, + $new_link = false, $client_flags = 0 + ) { + global $mysql_links; + + # no new link but s/u/p matches previous ones-take last link + if (!$new_link) { + global $mysql_links; + + # are there previous links? + if ($mysql_links && count($mysql_links)) { + + # get the last one made + $last = end($mysql_links); + + # does the s/u/p match last one? + if ( + $server === $last['server'] && + $username === $last['username'] && + $password === $last['password'] && + is_resource($last['link']) + ) { + # then take that + return mysql_ensure_link(NULL); + } + } + } + + # try to connect using current credentials + $link = mysqli_connect($server, $username, $password, ''); + + if (mysqli_connect_errno()) { + # printf('Connect failed: %s'."\n", + # mysqli_connect_error()); + # die(); + return false; + } + + # store this + $mysql_links[] = array( + 'thread_id' => $link->thread_id, + 'server' => $server, + 'username' => $username, + 'password' => $password, + 'link' => $link + ); + + return $link; + } + + # mysql_createdb - Create a MySQL database - alias for mysql_create_db + function mysql_createdb($database_name, $link_identifier = NULL) { + # return mysql_create_db($database_name, $link_identifier); + $link_identifier = mysql_ensure_link($link_identifier); + return mysqli_query( + $link_identifier, + 'CREATE DATABASE '.mysqli_real_escape_string( + $link_identifier, + $database_name + ) + ); + } + + # mysql_create_db - Create a MySQL database + # bool mysql_create_db ( string $database_name + # [, resource $link_identifier = NULL ] ) + # CREATE DATABASE + function mysql_create_db($database_name, $link_identifier = NULL) { + # mysql_create_db/mysql_query+CREATE DATABASE = false on error + # return mysql_query('CREATE DATABASE '. + # mysql_real_escape_string($database_name), $link_identifier); + $link_identifier = mysql_ensure_link($link_identifier); + return mysqli_query( + $link_identifier, + 'CREATE DATABASE '.mysqli_real_escape_string( + $link_identifier, + $database_name + ) + ); + + } + + # mysql_data_seek - Move internal result pointer + # bool mysql_data_seek ( resource $result , int $row_number ) + # bool mysqli_data_seek ( mysqli_result $result , int $offset ) + function mysql_data_seek($result, $row_number) { + # mysql_data_seek/mysqli_data_seek = false on error + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_data_seek($result, $row_number); + } + + # mysql_db_name - Retrieves database name from the call to + # mysql_list_dbs + # string mysql_db_name ( resource $result , int $row + # [, mixed $field = NULL ] ) + # SELECT DATABASE() + function mysql_db_name($result, $row, $field = NULL) { + # return mysql_query('SELECT DATABASE()', + # mysql_ensure_link($link_identifier)); + # null does not fit mysql_result + $field = $field === null ? 0 : $field; + # return mysql_result($result, $row, $field); + # below is from mysql_result + if (mysqli_data_seek($result, $row) === false) { + return false; + } + $row = mysqli_fetch_array($result); + if ($row === NULL) { + return $row; + } + if (!isset($row[$field])) { + return false; + } + return $row[$field]; + } + + # mysql_dbname - Retrieves database name from the call to + # mysql_list_dbs, alias for mysql_db_name + function mysql_dbname($result, $row, $field = NULL) { + # return mysql_db_name($result, $row, $field); + if (mysqli_data_seek($result, $row) === false) { + return false; + } + $row = mysqli_fetch_array($result); + if ($row === NULL) { + return $row; + } + if (!isset($row[$field])) { + return false; + } + return $row[$field]; + } + + # mysql_db_query - Selects a database and executes a query on it + # resource mysql_db_query ( string $database , string $query + # [, resource $link_identifier = NULL ] ) + # mysqli_select_db() then the query + function mysql_db_query($database, $query, $link_identifier = NULL) { + # mysql_db_query = false on error, mysql_query+sql + # = false on error + # if (mysql_select_db($database, $link_identifier) !== true) { + if (mysqli_select_db($link_identifier, $database) !== true) { + return false; + } + # return mysql_query($query, $link_identifier); + return mysqli_query($link_identifier, $query); + } + + # mysql_drop_db - Drop (delete) a MySQL database + # bool mysql_drop_db ( string $database_name + # [, resource $link_identifier = NULL ] ) + # DROP DATABASE + function mysql_drop_db($database_name, $link_identifier = NULL) { + # mysql_drop_db = false on error, mysql_query + DROP DATABASE + # = false on error + # return mysql_query('DROP DATABASE '. + # mysql_real_escape_string($database_name), $link_identifier); + return mysqli_query( + $link_identifier, + 'DROP DATABASE '. + mysqli_real_escape_string( + $link_identifier, + $database_name + ) + ); + } + + # mysql_errno -Returns the numerical value of the error message from + # previous MySQL operation + # int mysql_errno ([ resource $link_identifier = NULL ] ) + # int mysqli_errno ( mysqli $link ) + function mysql_errno($link_identifier = NULL) { + # mysql_errno/mysqli_errno = returns a number, 0 if no error + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_errno (mysql_ensure_link($link_identifier)); + } + + # mysql_error - Returns the text of the error message from previous + # MySQL operation + # string mysql_error ([ resource $link_identifier = NULL ] ) + # string mysqli_error ( mysqli $link ) + function mysql_error($link_identifier = NULL) { + # mysql_error/mysqli_error = returns empty string on no error + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_error(mysql_ensure_link($link_identifier)); + } + + # mysql_escape_string - Escapes a string for use in a # mysql_query + # string mysql_escape_string ( string $unescaped_string ) + # string mysqli::real_escape_string ( string $escapestr ) + function mysql_escape_string($unescaped_string) { + # mysql_escape_string = returns the escaped string + # mysql_real_escape_string = returns FALSE on error + # return mysql_real_escape_string($unescaped_string); + return mysqli_real_escape_string( + mysql_ensure_link(NULL), + $unescaped_string + ); + } + + # mysql_fetch_array - Fetch a result row as an associative array, a + # numeric array, or both + # array mysql_fetch_array ( resource $result + # [, int $result_type = MYSQL_BOTH ] ) + # mixed mysqli_fetch_array ( mysqli_result $result + # [, int $resulttype = MYSQLI_BOTH ] ) + function mysql_fetch_array($result, $result_type = MYSQL_BOTH) { + # mysql_fetch_array = Returns an array of strings that + # corresponds to the fetched row, or FALSE if there are no more + # rows + # mysqli_fetch_array = Returns an array of strings that + # corresponds to the fetched row or NULL if there are no more + # rows in resultset + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_fetch_array($result, $result_type); + } + + # mysql_fetch_assoc - Fetch a result row as an associative array + # array mysql_fetch_assoc ( resource $result ) + # array mysqli_fetch_assoc ( mysqli_result $result ) + function mysql_fetch_assoc($result) { + # mysql_fetch_assoc = returns FALSE if there are no more rows + # mysqli_fetch_assoc = returns NULL if there are no more rows in + # resultset + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_fetch_assoc($result); + } + + # mysql_fetch_field - Get column information from a result and + # return as an object + # object mysql_fetch_field ( resource $result + # [, int $field_offset = 0 ] ) + # object mysqli_fetch_field ( mysqli_result $result ) - but + # field_offset is missing + function mysql_fetch_field($result, $field_offset = NULL) { + # if field offset is specified + if (is_numeric($field_offset)) { + # then seek to that + mysqli_field_seek($result, $field_offset); + } + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_fetch_field($result); + } + + # mysql_fetch_lengths - Get the length of each output in a result + # array mysql_fetch_lengths ( resource $result ) + # array mysqli_fetch_lengths ( mysqli_result $result ) + function mysql_fetch_lengths($result) { + # mysql_fetch_lengths/mysqli_fetch_lengths = FALSE on error + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_fetch_lengths($result); + } + + # mysql_fetch_object - Fetch a result row as an object + # object mysql_fetch_object ( resource $result [, string $class_name + # [, array $params ]] ) + # object mysqli_fetch_object ( mysqli_result $result + # [, string $class_name [, array $params ]] ) + function mysql_fetch_object($result, $class_name = NULL, + $params = NULL + ) { + + # mysql_fetch_object = FALSE if there are no more rows + # mysqli_fetch_object = NULL if there are no more rows + # in resultset + + if ($class_name !== NULL && $params !== NULL) { + $t = mysqli_fetch_object($result, $class_name, $params); + } else if ($class_name !== NULL) { + $t = mysqli_fetch_object($result, $class_name); + } else { + $t = mysqli_fetch_object($result); + } + # is the result null? + if ($t === NULL) { + # then return false as the old function did + return false; + } + return $t; + } + + # mysql_fetch_row - Get a result row as an enumerated array + # array mysql_fetch_row ( resource $result ) + # mixed mysqli_fetch_row ( mysqli_result $result ) + function mysql_fetch_row($result) { + + # mysql_fetch_row = FALSE if there are no more rows + # mysqli_fetch_row = NULL if there are no more rows in + # result set + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_fetch_row($result); + } + + # mysql_field_flags - Get the flags associated with the specified + # field in a result + # string mysql_field_flags ( resource $result , int $field_offset ) + # mysqli_fetch_field_direct() [flags] + # -> object mysqli_fetch_field_direct ( mysqli_result $result , + # int $fieldnr ) + function mysql_field_flags($result, $field_offset) { + # mysql_field_flags = FALSE on failure + # mysqli_fetch_field_direct = FALSE if no field information for + # specified fieldnr is available + # returns NULL on error natively, tested in PHP 5.6.3 + $t = mysqli_fetch_field_direct($result, $field_offset); + if (!is_object($t)) return $t; + $t = (array)$t; + if (isset($t['flags'])) { + return mysql_field_bitflags_to_flags($t['flags']); + } + return NULL; + } + + # mysql_field_len - Returns the length of the specified field + # int mysql_field_len ( resource $result , int $field_offset ) + # mysqli_fetch_field_direct() [length] + # -> object mysqli_fetch_field_direct ( mysqli_result $result , + # int $fieldnr ) + function mysql_field_len($result, $field_offset) { + # mysql_field_len = FALSE on failure + # mysqli_fetch_field_direct = FALSE if no field information for + # specified fieldnr is available + # returns NULL on error natively, tested in PHP 5.6.3 + $t = mysqli_fetch_field_direct($result, $field_offset); + if (!is_object($t)) return $t; + $t = (array)$t; + return isset($t['length']) ? $t['length'] : NULL; + } + + # mysql_field_name - Get the name of the specified field in a result + # string mysql_field_name ( resource $result , int $field_offset ) + # mysqli_fetch_field_direct() [name] or [orgname] + # -> object mysqli_fetch_field_direct ( mysqli_result $result , + # int $fieldnr ) + function mysql_field_name($result, $field_offset) { + # mysql_field_name = FALSE on failure + # mysqli_fetch_field_direct = FALSE if no field information for + # specified fieldnr is available + # returns NULL on error natively, tested in PHP 5.6.3 + $t = mysqli_fetch_field_direct($result, $field_offset); + if (!is_object($t)) return $t; + $t = (array)$t; + return isset($t['name']) ? $t['name'] : NULL; + } + + # mysql_field_seek - Set result pointer to a specified field offset + # bool mysql_field_seek ( resource $result , int $field_offset ) + # bool mysqli_field_seek ( mysqli_result $result , int $fieldnr ) + function mysql_field_seek($result, $field_offset) { + # mysql_field_seek/mysqli_field_seek = FALSE on failure + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_field_seek($result, $field_offset); + } + + # mysql_field_table - Get name of the table the specified field is in + # string mysql_field_table ( resource $result , int $field_offset ) + # mysqli_fetch_field_direct() [table] or [orgtable] + # -> object mysqli_fetch_field_direct ( mysqli_result $result , + # int $fieldnr ) + function mysql_field_table($result, $field_offset) { + # mysql_field_table = error return value not defined + # mysqli_fetch_field_direct = FALSE if no field information for + # specified fieldnr is available + # returns NULL on error natively, tested in PHP 5.6.3 + $t = mysqli_fetch_field_direct($result, $field_offset); + if (!is_object($t)) return $t; + $t = (array)$t; + return isset($t['table']) ? $t['table'] : NULL; + } + + # mysql_field_type - Get the type of the specified field in a result + # string mysql_field_type ( resource $result , int $field_offset ) + # mysqli_fetch_field_direct() [type] + # -> object mysqli_fetch_field_direct ( mysqli_result $result , + # int $fieldnr ) + function mysql_field_type($result, $field_offset) { + # mysql_field_type = error return value not defined + # mysqli_fetch_field_direct = FALSE if no field information for + # specified fieldnr is available + # returns NULL on error natively, tested in PHP 5.6.3 + $t = mysqli_fetch_field_direct($result, $field_offset); + if (!is_object($t)) return $t; + $t = (array)$t; + if (isset($t['type'])) { + return mysql_field_bittypes_to_types($t['type']); + } + return NULL; + } + + # mysql_free_result - Free result memory + # bool mysql_free_result ( resource $result ) + # void mysqli_free_result ( mysqli_result $result ) + function mysql_free_result($result) { + # mysql_free_result = FALSE on failure + # mysqli_free_result = No value is returned. + mysqli_free_result($result); + # note that mysqli does not return any boolean, so we do it + return true; + } + + # mysql_get_client_info - Get MySQL client info + # string mysql_get_client_info ( void ) + # string mysqli_get_client_info ( mysqli $link ) + function mysql_get_client_info($link_identifier = null) { + # mysql_get_client_info/mysqli_get_client_info = not defined + # what is returned on error + # note that mysql does not have a link argument while mysqli does + return mysqli_get_client_info( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_get_host_info - Get MySQL host info + # string mysql_get_host_info ([ resource $link_identifier = NULL ] ) + # string mysqli_get_host_info ( mysqli $link ) + function mysql_get_host_info($link_identifier = NULL) { + # mysql_get_host_info = FALSE on failure + # mysqli_get_host_info = error return value not defined + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_get_host_info( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_get_proto_info - Get MySQL protocol info + # int mysql_get_proto_info ([ resource $link_identifier = NULL ] ) + # int mysqli_get_proto_info ( mysqli $link ) + function mysql_get_proto_info($link_identifier = NULL) { + # mysql_get_proto_info = FALSE on failure + # mysqli_get_proto_info = error return value not defined + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_get_proto_info( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_get_server_info - Get MySQL server info + # string mysql_get_server_info ([ resource $link_identifier = NULL ] ) + # string mysqli_get_server_info ( mysqli $link ) + function mysql_get_server_info($link_identifier = NULL) { + # mysql_get_server_info = FALSE on failure + # mysqli_get_server_info = error return value not defined + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_get_server_info( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_info - Get information about the most recent query + # string mysql_info ([ resource $link_identifier = NULL ] ) + # string mysqli_info ( mysqli $link ) + function mysql_info($link_identifier = NULL) { + # mysql_info = FALSE on failure + # mysqli_info = returns empty string on failure + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_info( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_insert_id - Get the ID generated in the last query + # int mysql_insert_id ([ resource $link_identifier = NULL ] ) + # mixed mysqli_insert_id ( mysqli $link ) + function mysql_insert_id($link_identifier = NULL) { + # mysql_insert_id = FALSE if no MySQL connection was + # established + # mysqli_insert_id = error value not defined + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_insert_id( + mysql_ensure_link($link_identifier) + ); + } + + # mysql_list_dbs - List databases available on a MySQL server + # resource mysql_list_dbs ([ resource $link_identifier = NULL ] ) + # SQL Query: SHOW DATABASES + function mysql_list_dbs($link_identifier = NULL) { + global $mysql_list_dbs_cache; + + # mysql_list_dbs/mysql_query = FALSE on failure + # $t = mysql_query('SHOW DATABASES', + # mysql_ensure_link($link_identifier)); + $t = mysqli_query( + mysql_ensure_link($link_identifier), + 'SHOW DATABASES' + ); + + $mysql_list_dbs_cache = $t; + # when no working link is passed we get null + # returns NULL on error natively, tested in PHP 5.6.3 + return $t; + } + + # mysql_list_fields - List MySQL table fields + # resource mysql_list_fields ( string $database_name , + # string $table_name [, resource $link_identifier = NULL ] ) + # SQL Query: SHOW COLUMNS FROM sometable + function mysql_list_fields($database_name, $table_name, + $link_identifier = NULL + ) { + # mysql_list_fields/mysql_query = FALSE on failure + $link_identifier = mysql_ensure_link($link_identifier); + # return mysql_query('SHOW COLUMNS FROM '. + # mysql_real_escape_string($database_name).'.`'. + # mysql_real_escape_string($table_name).'`', + # mysql_ensure_link($link_identifier)); + return mysqli_query( + $link_identifier, + 'SHOW COLUMNS FROM '. + mysqli_real_escape_string($link_identifier, $database_name). + '.`'. + mysqli_real_escape_string($link_identifier, $table_name). + '`' + ); + } + + # mysql_list_processes - List MySQL processes + # resource mysql_list_processes + # ([ resource $link_identifier = NULL ] ) + # mysqli_thread_id() + function mysql_list_processes($link_identifier = NULL) { + # mysql_list_processes = FALSE on failure + # returns NULL on error natively, tested in PHP 5.6.3 + # return mysql_query('SHOW PROCESSLIST', + # mysql_ensure_link($link_identifier)); + return mysqli_query( + mysql_ensure_link($link_identifier), + 'SHOW PROCESSLIST' + ); + } + + # mysql_list_tables - List tables in a MySQL database + # resource mysql_list_tables ( string $database + # [, resource $link_identifier = NULL ] ) + # SQL Query: SHOW TABLES FROM sometable + function mysql_list_tables($database_name, $table_name, + $link_identifier = NULL + ) { + # mysql_list_tables/mysql_query = FALSE on failure + $link_identifier = mysql_ensure_link($link_identifier); + # return mysql_query('SHOW TABLES FROM '. + # mysql_real_escape_string($database_name), + # mysql_ensure_link($link_identifier)); + return mysqli_query( + $link_identifier, + 'SHOW TABLES FROM '. + mysqli_real_escape_string($link_identifier, $database_name) + ); + } + + # mysql_num_fields - Get number of fields in result + # int mysql_num_fields ( resource $result ) + # int mysqli_field_count ( mysqli $link ) + function mysql_num_fields($result) { + + # mysql_num_fields/mysqli_fetch_fields = FALSE on failure + + # mysql takes a result, where mysqli takes link and takes the most + # recent query + # so instead we fetch all the fields and then count that + $t = mysqli_fetch_fields($result); + # returns NULL on error natively, tested in PHP 5.6.3 + if ($t === null) { + return $t; + } + return count($t); + } + + # mysql_num_rows - Get number of rows in result + # int mysql_num_rows ( resource $result ) + # int mysqli_num_rows ( mysqli_result $result ) + function mysql_num_rows($result) { + # mysql_num_rows = FALSE on failure + # mysqli_num_rows = NULL on failure + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_num_rows($result); + } + + # mysql_pconnect - Open a persistent connection to a MySQL server + # resource mysql_pconnect ([ string $server = + # ini_get("mysql.default_host") + # [, string $username = ini_get("mysql.default_user") + # [, string $password = ini_get("mysql.default_password") + # [, int $client_flags = 0 ]]]] ) + # mysqli_connect() with p: host prefix + function mysql_pconnect($server = MYSQL_DEFAULT_HOST, + $username = MYSQL_DEFAULT_USER, + $password = MYSQL_DEFAULT_PASSWORD, + $client_flags = 0 + ) { + # mysql_pconnect/mysql_connect = FALSE on error + return mysql_connect( + 'p:'.$server, + $username, + $password, + true, + $client_flags + ); + } + + # mysql_ping - Ping a server connection or reconnect if there is no + # connection + # bool mysql_ping ([ resource $link_identifier = NULL ] ) + # bool mysqli_ping ( mysqli $link ) + function mysql_ping($link_identifier = NULL) { + # mysql_ping/mysqli_ping = FALSE on error + return mysqli_ping(mysql_ensure_link($link_identifier)); + } + + # mysql_query - Send a MySQL query + # resource mysql_query ( string $query + # [, resource $link_identifier = NULL ] ) + # mixed mysqli_query ( mysqli $link , string $query + # [, int $resultmode = MYSQLI_STORE_RESULT ] ) + function mysql_query($query, $link_identifier = NULL) { + # mysql_query/mysqli_query = FALSE on error + return mysqli_query(mysql_ensure_link($link_identifier), $query); + } + + # mysql_real_escape_string - Escapes special characters in a + # string for use in an SQL statement + # string mysql_real_escape_string ( string $unescaped_string + # [, resource $link_identifier = NULL ] ) + # string mysqli_real_escape_string ( mysqli $link , + # string $escapestr ) + function mysql_real_escape_string($unescaped_string, + $link_identifier = NULL + ) { + # mysql_real_escape_string = FALSE on error + # mysqli_real_escape_string = error return value not defined + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_real_escape_string( + mysql_ensure_link($link_identifier), + $unescaped_string + ); + } + + # mysql_result - Get result data + # string mysql_result ( resource $result , int $row [, + # mixed $field = 0 ] ) + # no equivalent function exists in mysqli - mysqli_data_seek() in + # conjunction with mysqli_field_seek() and mysqli_fetch_field() + function mysql_result($result, $row, $field = 0) { + # mysql_result = FALSE on failure + # try to seek position, returns false on failure + # returns NULL on error natively, tested in PHP 5.6.3 + if (mysqli_data_seek($result, $row) === false) return false; + $row = mysqli_fetch_array($result); + if ($row === NULL) return $row; + if (!array_key_exists($field, $row)) { + $row = array_change_key_case($row, CASE_LOWER); + $field = strtolower($field); + if (!array_key_exists($field, $row)) { + return false; + } + } + return $row[$field]; + } + + # mysql_select_db - Select a MySQL database + # bool mysql_select_db ( string $database_name + # [, resource $link_identifier = NULL ] ) + function mysql_select_db($database_name, $link_identifier = NULL) { + # mysql_select_db/mysqli_select_db = FALSE on failure + return mysqli_select_db( + mysql_ensure_link($link_identifier), + $database_name + ); + } + + # alias for mysql_select_db + function mysql_selectdb($database_name, $link_identifier = NULL) { + return mysql_select_db ($database_name, $link_identifier = NULL); + } + + # mysql_set_charset - Sets the client character set + # bool mysql_set_charset ( string $charset + # [, resource $link_identifier = NULL ] ) + # bool mysqli_set_charset ( mysqli $link , string $charset ) + function mysql_set_charset($charset, $link_identifier = NULL) { + # mysql_set_charset/mysqli_set_charset = FALSE on failure + return mysqli_set_charset( + mysql_ensure_link($link_identifier), + $charset + ); + } + + # mysql_stat - Get current system status + # string mysql_stat ([ resource $link_identifier = NULL ] ) + # string mysqli_stat ( mysqli $link ) + function mysql_stat($link_identifier = NULL) { + # mysql_stat = NULL on error + # mysqli_stat = FALSE on error + $t = mysqli_stat(mysql_ensure_link($link_identifier)); + if ($t === FALSE) { + return NULL; + } + return $t; + } + + # mysql_tablename - Get table name of field + # string mysql_tablename ( resource $result , int $i ) + # no mysqli equivalent exists - + # SHOW TABLES [FROM db_name] [LIKE 'pattern'] + function mysql_tablename($result, $i) { + # return mysql_query('SHOW COLUMNS FROM "'. + # mysql_real_escape_string($database_name).'.'. + # mysql_real_escape_string($table_name).'"', + # mysql_ensure_link($link_identifier)); + # return mysql_result($result, $i); + + # below based on mysql_result + $row = $i; + $field = 0; + # mysql_result = FALSE on failure + # try to seek position, returns false on failure + # returns NULL on error natively, tested in PHP 5.6.3 + if (mysqli_data_seek($result, $row) === false) { + return false; + } + $row = mysqli_fetch_array($result); + if ($row === NULL) { + return $row; + } + if (!isset($row[$field])) { + return false; + } + return $row[$field]; + } + + # mysql_thread_id - Return the current thread ID + # int mysql_thread_id ([ resource $link_identifier = NULL ] ) + # int mysqli_thread_id ( mysqli $link ) + function mysql_thread_id($link_identifier = NULL) { + # mysql_thread_id = FALSE on failure + # mysqli_thread_id = no error return value defined + # returns NULL on error natively, tested in PHP 5.6.3 + return mysqli_thread_id(mysql_ensure_link($link_identifier)); + } + + # mysql_unbuffered_query - Send an SQL query to MySQL without + # fetching and buffering the result rows + # resource mysql_unbuffered_query ( string $query + # [, resource $link_identifier = NULL ] ) + # no mysqli equivalent exists - use mysqli_query with + # MYSQLI_USE_RESULT parameter + function mysql_unbuffered_query($query, $link_identifier = NULL) { + # mysql_unbuffered_query/mysqli_query = FALSE on error + return mysqli_query( + mysql_ensure_link($link_identifier), + $query, + MYSQLI_USE_RESULT + ); + } +} diff --git a/users.php b/users.php index 9ab4fc8..627b215 100644 --- a/users.php +++ b/users.php @@ -20,7 +20,7 @@ include("globals.php"); if(isset($_GET["do"])) { $do = explode(":",$_GET["do"]); switch ($do[0]) { - + case "register": register(); break; case "profile": profile(); break; case "characters": characters(); break; @@ -30,26 +30,26 @@ if(isset($_GET["do"])) { case "levelup": levelup(); break; case "levelspell": levelspell(); break; default: donothing(); - + } } else { donothing(); } function donothing() { - + die(header("Location: index.php")); - + } function register() { - + if(isset($_POST["submit"])) { - + extract($_POST); global $controlrow; $errors = 0; $errorlist = ""; - + // Process username. if (trim($username) == "") { $errors++; $errorlist .= "Username field is required.
"; } if (preg_match("/[^A-z0-9_\-]/", $username)==1) { $errors++; $errorlist .= "Username must be alphanumeric.
"; } // Thanks to "Carlos Pires" from php.net! @@ -60,20 +60,20 @@ function register() { if (trim($password1) == "") { $errors++; $errorlist .= "Password fields is required.
"; } if ($password1 != $password2) { $errors++; $errorlist .= "Passwords don't match.
"; } $password = md5($password1); - + // Process email address. if (trim($email1) == "") { $errors++; $errorlist .= "Email field is required.
"; } if ($email1 != $email2) { $errors++; $errorlist .= "Emails don't match.
"; } if (! is_email($email1)) { $errors++; $errorlist .= "Email isn't valid.
"; } $emailquery = doquery("SELECT emailaddress FROM <> WHERE emailaddress='$email1' LIMIT 1"); if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.
"; } - + // Process other stuff. if ($imageformat != ".png" && $imageformat != ".gif") { $errors++; $errorlist .= "Invalid input for image format selection.
"; } if (!is_numeric($minimap)) { $errors++; $errorlist .= "Invalid input for minimap selection.
"; } - + if ($errors == 0) { - + if ($controlrow["verifyemail"] == 1) { $verifycode = ""; for ($i=0; $i<8; $i++) { @@ -83,10 +83,10 @@ function register() { } else { $verifycode='1'; } - + // Now update. $query = doquery("INSERT INTO <> SET id='',regdate=NOW(),regip='".$_SERVER["REMOTE_ADDR"]."',verifycode='$verifycode',username='$username',password='$password',emailaddress='$email1',language='English',imageformat='$imageformat', minimap='$minimap'") or die(mysql_error()); - + // Send confirmation email if necessary. if ($controlrow["verifyemail"] == 1) { if (sendregmail($email1, $verifycode) == true) { @@ -97,34 +97,34 @@ function register() { } else { $page = "Your account was created succesfully.

You may now continue to the Login Page and continue playing ".$controlrow["gamename"]."!"; } - + } else { - + // Die gracefully on errors. $page = "The following error(s) occurred when your account was being made:
$errorlist
Please go back and try again."; - + } - + display("Register", $page, false); - + } $row["imageformat"] = ""; $row["minimap"] = ""; display("Register", parsetemplate(gettemplate("users_register1"), $row), false); - + } function sendregmail($emailaddress, $vercode) { - + global $controlrow; extract($controlrow); $verurl = $gameurl . "verify.php?code=$vercode"; - + $email = <<".$newuserrow["guildtag"]."]".$newuserrow["charname"].""; - } else { + } else { $newuserrow["newcharname"] = $newuserrow["charname"]; } @@ -163,83 +163,83 @@ function profile() { } else { $newuserrow["profcharpicture"] = "\"".$newuserrow["charname"]."\""; } - + $newuserrow["formatexperience"] = number_format($newuserrow["experience"]); $newuserrow["formatgold"] = number_format($newuserrow["gold"]); - + if ($newuserrow["expbonus"] == 0) { $newuserrow["expbonus"] = ""; } else { if ($newuserrow["expbonus"]>0) { $expsign="+"; } else { $expsign=""; } $newuserrow["expbonus"] = "($expsign".$newuserrow["expbonus"]."%)"; } if ($newuserrow["goldbonus"] == 0) { $newuserrow["goldbonus"] = ""; } else { if ($newuserrow["goldbonus"]>0) { $goldsign="+"; } else { $goldsign=""; }$newuserrow["goldbonus"] = "($goldsign".$newuserrow["goldbonus"]."%)"; } - + // Next level. $leveltotal = 15; $leveladd = 15; $i = 2; while ($i < ($newuserrow["level"] + 1)) { $levelstart = $leveltotal; - if ($i < 4) { + if ($i < 4) { $leveladd = ceil($leveladd * 2.0); - } elseif ($i < 13) { + } elseif ($i < 13) { $leveladd = floor($leveladd * 1.45); - } elseif ($i < 40) { + } elseif ($i < 40) { $leveladd = floor($leveladd * 1.20); - } elseif ($i < 60) { + } elseif ($i < 60) { $leveladd = 150000; - } elseif ($i < 80) { + } elseif ($i < 80) { $leveladd = 200000; - } elseif ($i < 100) { + } elseif ($i < 100) { $leveladd = 300000; - } elseif ($i >= 100) { + } elseif ($i >= 100) { $leveladd = 500000; } $leveltotal = $levelstart + $leveladd; $i++; } $newuserrow["formatnextlvl"] = number_format($leveltotal); - + // Level points. if ($newuserrow["levelup"] != 0 || $newuserrow["levelspell"] != 0) { $newuserrow["levelpointscharnotice"] = "You have Level/Spell Points available."; } else { $newuserrow["levelpointscharnotice"] = ""; } - + // Class. $class = dorow(doquery("SELECT * FROM <> WHERE id='".$newuserrow["charclass"]."' LIMIT 1")); $newuserrow["charclass"] = $class["name"]; display("Extended Profile",parsetemplate(gettemplate($template),$newuserrow)); - + } function settings() { - + global $acctrow; - + if (isset($_POST["submit"])) { - + extract($_POST); $errors = 0; $errorlist = ""; - + // Process password. - if (trim($password1) != "") { + if (trim($password1) != "") { if (md5($oldpassword) != $acctrow["password"]) { $errors++; $errorlist .= "Incorrect old password.
"; } if ($password1 != $password2) { $errors++; $errorlist .= "New passwords don't match.
"; } $password = "password='".md5($password1)."',"; $newpass = true; } else { $password = ""; } - + // Process email address. if (trim($email) == "") { $errors++; $errorlist .= "Email field is required.
"; } if (! is_email($email)) { $errors++; $errorlist .= "Email isn't valid.
"; } $emailquery = doquery("SELECT emailaddress FROM <> WHERE emailaddress='$email' AND id != '".$acctrow["id"]."' LIMIT 1"); if (mysql_num_rows($emailquery) > 0) { $errors++; $errorlist .= "Email already taken - unique email address required.
"; } - + // Process other stuff. if ($imageformat != ".png" && $imageformat != ".gif") { $errors++; $errorlist .= "Invalid input for image format selection.
"; } if (!is_numeric($minimap)) { $errors++; $errorlist .= "Invalid input for minimap selection.
"; } - - if ($errors == 0) { - + + if ($errors == 0) { + $query = doquery("UPDATE <> SET $password emailaddress='$email', imageformat='$imageformat', minimap='$minimap' WHERE id='".$acctrow["id"]."' LIMIT 1"); - - if (isset($newpass)) { + + if (isset($newpass)) { setcookie("scourge", "", (time()-3600), "/", "", 0); $page = "Your information was updated successfully. Because you changed your password, you have been logged out to avoid cookie errors.

Please use the Log In link above to log back into the game and continue playing."; unset($GLOBALS["acctrow"]); @@ -248,18 +248,18 @@ function settings() { $page = "Your information was updated successfully. You may now continue playing."; display("Account Settings", $page); } - + } else { - + err("The following error(s) occurred when your account was being made:
$errorlist
Please go back and try again."); - + } } - + $row["emailaddress"] = $acctrow["emailaddress"]; $row["language"] = ""; - if ($acctrow["imageformat"] == ".png") { + if ($acctrow["imageformat"] == ".png") { $row["imageformat"] = ""; } else { $row["imageformat"] = ""; @@ -270,15 +270,15 @@ function settings() { $row["minimap"] = ""; } display("Account Settings", parsetemplate(gettemplate("users_settings"), $row)); - + } function characters() { - + global $acctrow, $userrow, $controlrow; - - if (isset($_POST["submit"])) { - + + if (isset($_POST["submit"])) { + // Change the active character for the account. if (!is_numeric($_POST["makeactive"])) { err("Invalid UID."); } $newuserrow = dorow(doquery("SELECT * FROM <> WHERE id='".$_POST["makeactive"]."' LIMIT 1")); @@ -286,12 +286,12 @@ function characters() { if ($newuserrow["account"] != $acctrow["id"]) { err("You don't own that UID."); } $setnewchar = doquery("UPDATE <> SET activechar='".$_POST["makeactive"]."' WHERE id='".$acctrow["id"]."' LIMIT 1"); die(header("Location: users.php?do=characters")); - + } - - if ($userrow != false) { - - // Pagerow setup. + + if ($userrow != false) { + + // Pagerow setup. $row["characters"] = $acctrow["characters"]; $row["remaining"] = 4 - $acctrow["characters"]; $row["activecharname"] = $userrow["charname"]; @@ -300,26 +300,26 @@ function characters() { if($row["characters"] < 4) { $row["newcharlink"] = "Click here to create a new character.
"; } else { $row["newcharlink"] = ""; } - + // Grab characters. $charrow = dorow(doquery("SELECT *, DATE_FORMAT(birthdate, '%m.%d.%Y') AS fregdate FROM <> WHERE account='".$acctrow["id"]."' ORDER BY birthdate"), "id"); - - foreach($charrow as $a=>$b) { - - if ($b["id"] == $acctrow["activechar"]) { + + foreach($charrow as $a=>$b) { + + if ($b["id"] == $acctrow["activechar"]) { $row["selectcharlist"] .= ""; $b["isdefault"] = "(Default)"; } else { $row["selectcharlist"] .= ""; $b["isdefault"] = ""; } - + if ($b["charpicture"] != "") { $b["avatar"] = "\"".$b["charname"]."\""; } else { $b["avatar"] = "\"".$b["charname"]."\""; } - + if ($controlrow["showsigbot"] == 1) { $sigboturl = $controlrow["gameurl"] . "sigbot/" . $userrow["id"] . ".png"; $b["sigboturl"] = "SigBot URL: $sigboturl
"; @@ -327,107 +327,107 @@ function characters() { $b["sigboturl"] = ""; } $row["fullcharlist"] .= parsetemplate(gettemplate("users_charlistrow"), $b); - + } - + display("Characters", parsetemplate(gettemplate("users_charlist"), $row)); - + } else { - + display("Characters", gettemplate("users_charlistnew")); - + } } function charnew() { - + global $controlrow, $acctrow; - + if ($acctrow["characters"] >= 4) { err("You are not allowed to make any more new characters."); } - + if (isset($_POST["submit"])) { - + extract($_POST); $errors = 0; $errorlist = ""; - + // Process charname. if (trim($charname) == "") { $errors++; $errorlist .= "Character Name field is required.
"; } if (preg_match("/[^A-z\ 0-9_\-]/", $charname)==1) { $errors++; $errorlist .= "Character names can only contain letters, numbers, spaces and hyphens.
"; } // Thanks to "Carlos Pires" from php.net! $characternamequery = doquery("SELECT charname FROM <> WHERE charname='$charname' LIMIT 1"); if (mysql_num_rows($characternamequery) > 0) { $errors++; $errorlist .= "Character Name already taken - unique Character Name required.
"; } - + // Upload new charpicture, if required. if ($_FILES["intavatar"]["error"] != 4) { - + $allowed = array(".gif",".jpg",".png"); $type = substr($_FILES["intavatar"]["name"],-4); - + // Errors. if (!in_array(strtolower($type),$allowed)) { die("Unallowed filetype for avatar."); } if ($_FILES["intavatar"]["size"] > $controlrow["avatarmaxsize"]) { die("Avatar filesize too big."); } $imagesize = getimagesize($_FILES["intavatar"]["tmp_name"]); - if (($imagesize[0]>50) || ($imagesize[1]>50)) { die("Avatar dimensions too big."); } - + if (($imagesize[0]>50) || ($imagesize[1]>50)) { die("Avatar dimensions too big."); } + // Move file and finish. $randomext = ""; for($i=0; $i<8; $i++) { $randomext .= rand(0,9); } $uploadfile = $controlrow["avatarpath"] . $acctrow["username"] . $randomext . $type; if (!move_uploaded_file($_FILES["intavatar"]["tmp_name"], $uploadfile)) { die("Unable to upload avatar."); } $newcharpicture = $controlrow["avatarurl"] . $acctrow["username"] . $randomext . $type; - + } - + // Process everything else important. if (!is_numeric($charclass)) { $errors++; $errorlist .= "Invalid character class.
"; } if (!is_numeric($difficulty)) { $errors++; $errorlist .= "Invalid character class.
"; } - + // Get bonuses and multipliers from classes/difficulties tables. $expbonus = 0; $goldbonus = 0; $classes = dorow(doquery("SELECT * FROM <> WHERE id='$charclass' LIMIT 1")); - if ($classes != false) { - $expbonus += $classes["expbonus"]; - $goldbonus += $classes["goldbonus"]; + if ($classes != false) { + $expbonus += $classes["expbonus"]; + $goldbonus += $classes["goldbonus"]; } else { $errors++; $errorlist .= "Invalid character class"; } - + $difficulties = dorow(doquery("SELECT * FROM <> WHERE id='$difficulty' LIMIT 1")); - if ($difficulties != false) { - $expbonus += $difficulties["expbonus"]; - $goldbonus += $difficulties["goldbonus"]; + if ($difficulties != false) { + $expbonus += $difficulties["expbonus"]; + $goldbonus += $difficulties["goldbonus"]; $difficulty = $difficulties["multiplier"]; $deathpenalty = $difficulties["deathpenalty"]; } else { $errors++; $errorlist .= "Invalid character class"; } - + if ($errors == 0) { - + // Now everything's cool. Create new character row. - $query = doquery("INSERT INTO <> SET id='', account='".$acctrow["id"]."', birthdate=NOW(), lastip='".$_SERVER["REMOTE_ADDR"]."', onlinetime=NOW(), charname='$charname', charpicture='$newcharpicture', charclass='$charclass', difficulty='$difficulty', deathpenalty='$deathpenalty', expbonus='$expbonus', goldbonus='$goldbonus'"); - + $query = doquery("INSERT INTO <> SET account='".$acctrow["id"]."', birthdate=NOW(), lastip='".$_SERVER["REMOTE_ADDR"]."', onlinetime=NOW(), charname='$charname', charpicture='$newcharpicture', charclass='$charclass', difficulty='$difficulty', deathpenalty='$deathpenalty', expbonus='$expbonus', goldbonus='$goldbonus'"); + // Update account row. $default = ""; if (isset($setdefault)) { $default = "activechar='".mysql_insert_id()."', "; } if ($acctrow["characters"] == 0) { $default = "activechar='".mysql_insert_id()."', "; } $query2 = doquery("UPDATE <> SET $default characters=characters+1 WHERE id='".$acctrow["id"]."' LIMIT 1"); - + // And we're finished. die(header("Location: users.php?do=characters")); - + } else { - + // Die gracefully on errors. if ($acctrow["characters"] != 0) { err("The following error(s) occurred when your character was being made:
$errorlist
Please go back and try again."); } else { die("The following error(s) occurred when your character was being made:
$errorlist
Please go back and try again."); } - + } - + } - - + + $classes = dorow(doquery("SELECT * FROM <> ORDER BY id")); $row["charclass"] = ""; $row["classdesc"] = ""; @@ -443,108 +443,108 @@ function charnew() { foreach($difficulty as $a=>$b) { $row["difficulty"] .= ""; } - + if ($acctrow["characters"] == 0) { $row["defaultenabled"] = "disabled=\"disabled\""; } else { $row["defaultenabled"] = ""; } $row["maxsize"] = round($controlrow["avatarmaxsize"] / 1000, 1); - + display("Characters", parsetemplate(gettemplate("users_charnew"), $row), false); - + } function charedit() { - + global $controlrow, $acctrow; - + // Change the active character for the account. if (!is_numeric($_GET["uid"])) { err("Invalid UID."); } $newuserrow = dorow(doquery("SELECT * FROM <> WHERE id='".$_GET["uid"]."' LIMIT 1")); if ($newuserrow == false) { err("No such UID."); } if ($newuserrow["account"] != $acctrow["id"]) { err("You don't own that UID."); } - + if (isset($_POST["submit"])) { - + extract($_POST); - + // Upload new charpicture, if required. if ($_FILES["intavatar"]["error"] != 4) { - + $allowed = array(".gif",".jpg",".png"); $type = substr($_FILES["intavatar"]["name"],-4); - + // Errors. if (!in_array(strtolower($type),$allowed)) { err("Unallowed filetype for avatar."); } if ($_FILES["intavatar"]["size"] > $controlrow["avatarmaxsize"]) { err("Avatar filesize too big."); } $imagesize = getimagesize($_FILES["intavatar"]["tmp_name"]); - if (($imagesize[0]>50) || ($imagesize[1]>50)) { err("Avatar dimensions too big."); } - + if (($imagesize[0]>50) || ($imagesize[1]>50)) { err("Avatar dimensions too big."); } + // Move file and finish. $randomext = ""; for($i=0; $i<8; $i++) { $randomext .= rand(0,9); } $uploadfile = $controlrow["avatarpath"] . $acctrow["username"] . $randomext . $type; if (!move_uploaded_file($_FILES["intavatar"]["tmp_name"], $uploadfile)) { err("Unable to upload avatar."); } $newcharpicture = $controlrow["avatarurl"] . $acctrow["username"] . $randomext . $type; - + if ($newuserrow["charpicture"] != "") { $oldav = ltrim($newuserrow["charpicture"], $controlrow["avatarurl"]); unlink($controlrow["avatarpath"] . $oldav); } - + } - + // Now everything's cool. $query = doquery("UPDATE <> SET charpicture='$newcharpicture' WHERE id='".$newuserrow["id"]."' LIMIT 1"); die(header("Location: users.php?do=characters")); - + } elseif (isset($_POST["delete"])) { - + if ($acctrow["characters"] == 1) { err("You only have one character on your account. If you wish to delete this character, please make a new one first before trying to delete this one."); } display("Characters", parsetemplate(gettemplate("users_chardelete"), $newuserrow)); - + } elseif (isset($_POST["ultrakill"])) { - + // First we delete the char. $query = doquery("DELETE FROM <> WHERE id='".$newuserrow["id"]."'"); - + // Then we gotta update acctrow accordingly. $query2 = dorow(doquery("SELECT * FROM <> WHERE account='".$acctrow["id"]."' ORDER BY id LIMIT 1")); $query3 = doquery("UPDATE <> SET characters=characters-1, activechar='".$query2["id"]."' WHERE id='".$acctrow["id"]."' LIMIT 1"); die(header("Location: users.php?do=characters")); - + } elseif (isset($_POST["wimpout"])) { - + die(header("Location: users.php?do=characters")); - + } - + $newuserrow["maxsize"] = round($controlrow["avatarmaxsize"] / 1000, 1); display("Characters", parsetemplate(gettemplate("users_charedit"), $newuserrow)); - + } function levelup() { - + global $userrow; - + if ($userrow["levelup"] == 0) { err("You do not currently have any Level Points to spend."); } - + $classrow = dorow(doquery("SELECT * FROM <> WHERE id='".$userrow["charclass"]."' LIMIT 1")); - + if (isset($_POST["submit"])) { - + unset($_POST["submit"]); - + // Check to make sure they didn't mess with the input names. - foreach($_POST as $a=>$b) { + foreach($_POST as $a=>$b) { if (!is_numeric($a)) { err("Invalid input format."); } } - + // Loop through and add points where appropriate. - // Note that we loop through the number of points in $userrow, rather than the number of fields. + // Note that we loop through the number of points in $userrow, rather than the number of fields. // This is to ensure that people don't edit the source to just add more fields. $total = $userrow["levelup"]; for($i=0; $i<$total; $i++) { switch($_POST[$i]) { - case "str": + case "str": $userrow["strength"]++; $userrow["physattack"] += (1 * $classrow["damageperstrength"]); $userrow["levelup"]--; @@ -570,19 +570,19 @@ function levelup() { break; } } - + // Round down any fractions. $userrow["physattack"] = floor($userrow["physattack"]); $userrow["physdefense"] = floor($userrow["physdefense"]); $userrow["maxhp"] = floor($userrow["maxhp"]); $userrow["maxmp"] = floor($userrow["maxmp"]); - + // Finish. updateuserrow(); display("Level Points", parsetemplate(gettemplate("users_levelup2"), $userrow)); - + } else { - + $row["dropdowns"] = ""; for($i=0; $i<$userrow["levelup"]; $i++) { $row["dropdowns"] .= "
\n"; @@ -593,31 +593,31 @@ function levelup() { $row["hpperlife"] = $classrow["hpperlife"]; $row["mpperenergy"] = $classrow["mpperenergy"]; $row["levelup"] = $userrow["levelup"]; - + display("Level Points", parsetemplate(gettemplate("users_levelup1"), $row)); - + } - + } function levelspell() { - + global $userrow, $spells; - + if ($userrow["levelspell"] == 0) { err("You do not currently have any Spell Points to spend."); } - + if (isset($_POST["submit"])) { - + unset($_POST["submit"]); - + // Check to make sure they didn't mess with the input names. foreach($_POST as $a=>$b) { $a = ltrim($a,"spelot"); if (!is_numeric($a)) { err("Invalid input format."); } } - + // Loop through and add points where appropriate. - // Note that we loop through the number of points in $userrow, rather than the number of fields. + // Note that we loop through the number of points in $userrow, rather than the number of fields. // This is to ensure that people don't edit the source to just add more fields. $total = $userrow["levelspell"]; for($i=0; $i<$total; $i++) { @@ -629,19 +629,19 @@ function levelspell() { $userrow["levelspell"]--; } } - + // Finish. updateuserrow(); display("Spell Points", parsetemplate(gettemplate("users_levelspell2"), $userrow)); - + } else { - + if ($userrow["levelspell"] != 0) { $row["spelldropdowns"] = ""; for ($j=0; $j<$userrow["levelspell"]; $j++) { $row["spelldropdowns"] .= "