Guest User

Untitled

a guest
Dec 11th, 2017
82
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.23 KB | None | 0 0
  1. <?php
  2.  
  3. define('PUN_ROOT', './');
  4. require PUN_ROOT.'include/common.php';
  5.  
  6. if($pun_user['is_guest'])
  7. message($lang_common['No permission']);
  8.  
  9. // Load the register.php language file
  10. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
  11.  
  12. // Load the register.php/profile.php language file
  13. require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
  14.  
  15. $action = isset($_GET['action']) ? $_GET['action'] : null;
  16.  
  17. if ($action == 'delete') {
  18. $id = trim($_GET['user']);
  19.  
  20. $result = $db->query('SELECT * FROM '.$db->prefix.'rsca2_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  21. if(!$db->num_rows($result))
  22. message($lang_common['Bad request']);
  23.  
  24. $user = $db->fetch_assoc($result);
  25.  
  26. if($pun_user['g_id'] != PUN_ADMIN)
  27. message($lang_common['No permission']);
  28.  
  29. if(isset($_POST['form_sent'])) {
  30. $db->query('DELETE FROM '.$db->prefix.'rsca2_curstats WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_curstats', __FILE__, __LINE__, $db->error());
  31. $db->query('DELETE FROM '.$db->prefix.'rsca2_experience WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_experience', __FILE__, __LINE__, $db->error());
  32. $db->query('DELETE FROM '.$db->prefix.'rsca2_friends WHERE `user`=\''.$db->escape($id).'\' OR `friend`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_friends', __FILE__, __LINE__, $db->error());
  33. $db->query('DELETE FROM '.$db->prefix.'rsca2_ignores WHERE `user`=\''.$db->escape($id).'\' OR `ignore`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_ignores', __FILE__, __LINE__, $db->error());
  34. $db->query('DELETE FROM '.$db->prefix.'rsca2_invitems WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_invitems', __FILE__, __LINE__, $db->error());
  35. $db->query('DELETE FROM '.$db->prefix.'rsca2_players WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_players', __FILE__, __LINE__, $db->error());
  36. $db->query('DELETE FROM '.$db->prefix.'rsca2_reports WHERE `from`=\''.$db->escape($id).'\' OR `about`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_reports', __FILE__, __LINE__, $db->error());
  37.  
  38. logoutuser($id);
  39.  
  40. redirect('profile.php?section=rsca&id='.$user['owner'], 'Player deleted');
  41. }
  42.  
  43. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Confirm Delete';
  44. require PUN_ROOT.'header.php';
  45. ?>
  46. <div class="blockform">
  47. <h2><span>Confirm Delete</span></h2>
  48. <div class="box">
  49. <form action="rscd.php?action=delete&user=<?php echo pun_htmlspecialchars($id); ?>" method="POST">
  50. <div class="inform">
  51. <fieldset>
  52. <input type="hidden" name="form_sent" value="1" />
  53. <legend>Delete Player</legend>
  54. <div class="infldset" style="text-align:center">
  55. <p><input type="submit" name="delete" value="Confirm Delete" style="width:200px" /></p>
  56. <p>Please confirm you wish to delete the player "<?php echo pun_htmlspecialchars($user['username']); ?>". <b>This action is not reversible!</b></p>
  57. </div>
  58. </fieldset>
  59. </div>
  60. </form>
  61. </div>
  62. </div>
  63. <?php
  64. require PUN_ROOT.'footer.php';
  65.  
  66. }
  67. else if ($action == 'change_pass') {
  68. $id = trim($_GET['user']);
  69.  
  70. $result = $db->query('SELECT * FROM '.$db->prefix.'rsca2_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  71. if(!$db->num_rows($result))
  72. message($lang_common['Bad request']);
  73.  
  74. $user = $db->fetch_assoc($result);
  75.  
  76. if($user['owner'] != $pun_user['id'] && $pun_user['g_id'] != PUN_ADMIN)
  77. message($lang_common['No permission']);
  78.  
  79. if(isset($_POST['form_sent'])) {
  80. $password1 = trim($_POST['req_password1']);
  81. $password2 = trim($_POST['req_password2']);
  82.  
  83. if (strlen($password1) < 4)
  84. message($lang_prof_reg['Pass too short']);
  85. else if ($password1 != $password2)
  86. message($lang_prof_reg['Pass not match']);
  87.  
  88. if($pun_user['g_id'] != PUN_ADMIN) {
  89. $old_password = md5(pun_trim($_POST['old_password']));
  90.  
  91. $result = $db->query('SELECT 1 FROM '.$db->prefix.'rsca2_players WHERE `user`=\''.$id.'\' AND `pass`=\''.$old_password.'\'') or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  92. if(!$db->num_rows($result)) {
  93. message('The provided password does not match!');
  94. }
  95. }
  96.  
  97. $db->query('UPDATE '.$db->prefix.'rsca2_players SET pass=\''.md5($password1).'\' WHERE user=\''.$id.'\'') or error('Unable to update players password', __FILE__, __LINE__, $db->error());
  98.  
  99. redirect('profile.php?section=rsca&id='.$user['owner'], 'Password updated');
  100. }
  101.  
  102. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Change Password';
  103. $required_fields = array('req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
  104. $focus_element = array('register', 'req_password1');
  105. require PUN_ROOT.'header.php';
  106.  
  107. ?>
  108. <div class="blockform">
  109. <h2><span>Change Password</span></h2>
  110. <div class="box">
  111. <form id="register" method="post" action="rscd.php?action=change_pass&user=<?php echo $id; ?>" onsubmit="this.register.disabled=true;if(process_form(this)){return true;}else{this.register.disabled=false;return false;}">
  112. <div class="inform">
  113. <fieldset>
  114. <legend>Please enter and confirm your new password</legend>
  115. <div class="infldset">
  116. <input type="hidden" name="form_sent" value="1" />
  117. <?php if($pun_user['g_id'] != PUN_ADMIN): ?> <label class="conl"><strong>Old Password</strong><br /><input type="password" name="old_password" size="16" maxlength="16" /><br /></label>
  118. <?php endif; ?> <label class="conl"><strong>New Password</strong><br /><input type="password" name="req_password1" size="16" maxlength="16" /><br /></label>
  119. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="16" maxlength="16" /><br /></label>
  120. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
  121. </div>
  122. </fieldset>
  123. </div>
  124. <p><input type="submit" name="change_pass" value="Change Password" /></p>
  125. </form>
  126. </div>
  127. </div>
  128. <?php
  129.  
  130. require PUN_ROOT.'footer.php';
  131.  
  132. }
  133. else if ($action == 'register') {
  134. // Load the register.php language file
  135. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
  136.  
  137. if(isset($_GET['cancel']))
  138. redirect('index.php', $lang_register['Reg cancel redirect']);
  139. else if($pun_config['o_rscd_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent'])) {
  140.  
  141. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Register'];
  142. require PUN_ROOT.'header.php';
  143.  
  144.  
  145. ?>
  146. <div class="blockform">
  147. <h2><span>RSCD Rules</span></h2>
  148. <div class="box">
  149. <form method="get" action="rscd.php">
  150. <div class="inform">
  151. <input type="hidden" name="action" value="register" />
  152. <fieldset>
  153. <legend><?php echo $lang_register['Rules legend'] ?></legend>
  154. <div class="infldset">
  155. <p><?php echo $pun_config['o_rscd_rules_message'] ?></p>
  156. </div>
  157. </fieldset>
  158. </div>
  159. <p><input type="submit" name="agree" value="<?php echo $lang_register['Agree'] ?>" /><input type="submit" name="cancel" value="<?php echo $lang_register['Cancel'] ?>" /></p>
  160. </form>
  161. </div>
  162. </div>
  163.  
  164.  
  165. <?php
  166.  
  167. require PUN_ROOT.'footer.php';
  168. }
  169. else if (isset($_POST['form_sent'])) {
  170. $username = pun_trim($_POST['req_username']);
  171. $password1 = trim($_POST['req_password1']);
  172. $password2 = trim($_POST['req_password2']);
  173.  
  174.  
  175. $username_hash = encode_username($username);
  176. $username = decode_username($username_hash);
  177.  
  178. // Validate username and passwords
  179. if (!$username_hash)
  180. message('Invalid username');
  181. else if (strlen($username) < 2)
  182. message($lang_prof_reg['Username too short']);
  183. else if (pun_strlen($username) > 12) // This usually doesn't happen since the form element only accepts 12 characters
  184. message($lang_common['Bad request']);
  185. else if (strlen($password1) < 4)
  186. message($lang_prof_reg['Pass too short']);
  187. else if (pun_strlen($password1) > 16) // This usually doesn't happen since the form element only accepts 16 characters
  188. message($lang_common['Bad request']);
  189. else if ($password1 != $password2)
  190. message($lang_prof_reg['Pass not match']);
  191. else if (preg_match('/^Mod\s+/i', $username) || preg_match('/^Admin\s+/i', $username))
  192. message('Usernames may not start with "Mod " or "Admin ". Please choose another username.');
  193.  
  194. // Check that the username (or a too similar username) is not already registered
  195. $result = $db->query('SELECT username FROM '.$db->prefix.'rsca2_players WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/\s\s+/', ' ', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  196.  
  197. if ($db->num_rows($result))
  198. {
  199. $busy = $db->result($result);
  200. message($lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2']);
  201. }
  202.  
  203. $db->query('INSERT INTO '.$db->prefix.'rsca2_curstats(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
  204. $db->query('INSERT INTO '.$db->prefix.'rsca2_experience(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill experience', __FILE__, __LINE__, $db->error());
  205. $db->query('INSERT INTO '.$db->prefix.'rsca2_players(`user`, `username`, `owner`, `pass`, `creation_date`, `creation_ip`) VALUES(\''.$db->escape($username_hash).'\', \''.$db->escape($username).'\', \''.intval($pun_user['id']).'\', \''.md5($password1).'\', \''.time().'\', \''.get_remote_address().'\')') or error('Unable to fill players', __FILE__, __LINE__, $db->error());
  206. $db->query('INSERT INTO '.$db->prefix."rsca2_invitems(`user`, `id`, `amount`, `wielded`, `slot`) VALUES
  207. ('".$db->escape($username_hash)."', '10', '1000', '0', '0'),
  208. ('".$db->escape($username_hash)."', '1263', '1', '0', '1'),
  209. ('".$db->escape($username_hash)."', '77', '1', '0', '2')
  210. ") or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
  211.  
  212. redirect('profile.php?section=rsca&id='.$pun_user['id'], 'Your Piru Online account has been created.');
  213. }
  214.  
  215. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
  216. $required_fields = array('req_username' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
  217. $focus_element = array('register', 'req_username');
  218. require PUN_ROOT.'header.php';
  219.  
  220. ?>
  221. <div class="blockform">
  222. <h2><span><?php echo $lang_register['Register'] ?></span></h2>
  223. <div class="box">
  224. <form id="register" method="post" action="rscd.php?action=register" onsubmit="return process_form(this);">
  225. <div class="inform">
  226. <fieldset>
  227. <legend>Please enter a username between 2 and 12 characters long</legend>
  228. <div class="infldset">
  229. <input type="hidden" name="form_sent" value="1" />
  230. <label><strong><?php echo $lang_common['Username'] ?></strong><br /><input type="text" name="req_username" size="20" maxlength="12" /><br /></label>
  231. </div>
  232. </fieldset>
  233. </div>
  234. <div class="inform">
  235. <fieldset>
  236. <legend>Please enter and confirm your chosen password</legend>
  237. <div class="infldset">
  238. <label class="conl"><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password1" size="20" maxlength="16" /><br /></label>
  239. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="20" maxlength="16" /><br /></label>
  240. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
  241. </div>
  242. </fieldset>
  243. </div>
  244. <p><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
  245. </form>
  246. </div>
  247. </div>
  248. <?php
  249.  
  250. require PUN_ROOT.'footer.php';
  251.  
  252. }
  253. else
  254. message($lang_common['Bad request']);
  255. require PUN_ROOT.'footer.php';
Add Comment
Please, Sign In to add comment