API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 4th, 2017
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.01 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. define('PUN_ROOT', './');
  4. require PUN_ROOT.'include/common.php';
  5.  
  6. if($pun_user['is_guest'])
  7. message($lang_common['No permission']);
  8.  
  9. // Load the register.php language file
  10. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
  11.  
  12. // Load the register.php/profile.php language file
  13. require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
  14.  
  15. $action = isset($_GET['action']) ? $_GET['action'] : null;
  16.  
  17. if ($action == 'delete') {
  18. $id = trim($_GET['user']);
  19.  
  20. $result = $db->query('SELECT * FROM '.$db->prefix.'rscd_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  21. if(!$db->num_rows($result))
  22. message($lang_common['Bad request']);
  23.  
  24. $user = $db->fetch_assoc($result);
  25.  
  26. if($pun_user['g_id'] != PUN_ADMIN)
  27. message($lang_common['No permission']);
  28.  
  29. if(isset($_POST['form_sent'])) {
  30. $db->query('DELETE FROM '.$db->prefix.'rscd_curstats WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_curstats', __FILE__, __LINE__, $db->error());
  31. $db->query('DELETE FROM '.$db->prefix.'rscd_experience WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_experience', __FILE__, __LINE__, $db->error());
  32. $db->query('DELETE FROM '.$db->prefix.'rscd_friends WHERE `user`=\''.$db->escape($id).'\' OR `friend`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_friends', __FILE__, __LINE__, $db->error());
  33. $db->query('DELETE FROM '.$db->prefix.'rscd_ignores WHERE `user`=\''.$db->escape($id).'\' OR `ignore`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_ignores', __FILE__, __LINE__, $db->error());
  34. $db->query('DELETE FROM '.$db->prefix.'rscd_invitems WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_invitems', __FILE__, __LINE__, $db->error());
  35. $db->query('DELETE FROM '.$db->prefix.'rscd_players WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_players', __FILE__, __LINE__, $db->error());
  36. $db->query('DELETE FROM '.$db->prefix.'rscd_reports WHERE `from`=\''.$db->escape($id).'\' OR `about`=\''.$db->escape($id).'\'') or error('Unable to delete rscd_reports', __FILE__, __LINE__, $db->error());
  37.  
  38. logoutuser($id);
  39.  
  40. redirect('profile.php?section=rscd&id='.$user['owner'], 'Player deleted');
  41. }
  42.  
  43. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Confirm Delete';
  44. require PUN_ROOT.'header.php';
  45. ?>
  46. <div class="blockform">
  47. <h2><span>Confirm Delete</span></h2>
  48. <div class="box">
  49. <form action="rscd.php?action=delete&user=<?php echo pun_htmlspecialchars($id); ?>" method="POST">
  50. <div class="inform">
  51. <fieldset>
  52. <input type="hidden" name="form_sent" value="1" />
  53. <legend>Delete Player</legend>
  54. <div class="infldset" style="text-align:center">
  55. <p><input type="submit" name="delete" value="Confirm Delete" style="width:200px" /></p>
  56. <p>Please confirm you wish to delete the player "<?php echo pun_htmlspecialchars($user['username']); ?>". <b>This action is not reversible!</b></p>
  57. </div>
  58. </fieldset>
  59. </div>
  60. </form>
  61. </div>
  62. </div>
  63. <?php
  64. require PUN_ROOT.'footer.php';
  65.  
  66. }
  67. else if ($action == 'change_pass') {
  68. $id = trim($_GET['user']);
  69.  
  70. $result = $db->query('SELECT * FROM '.$db->prefix.'rscd_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  71. if(!$db->num_rows($result))
  72. message($lang_common['Bad request']);
  73.  
  74. $user = $db->fetch_assoc($result);
  75.  
  76. if($user['owner'] != $pun_user['id'] && $pun_user['g_id'] != PUN_ADMIN)
  77. message($lang_common['No permission']);
  78.  
  79. if(isset($_POST['form_sent'])) {
  80. $password1 = trim($_POST['req_password1']);
  81. $password2 = trim($_POST['req_password2']);
  82.  
  83. if (strlen($password1) < 4)
  84. message($lang_prof_reg['Pass too short']);
  85. else if ($password1 != $password2)
  86. message($lang_prof_reg['Pass not match']);
  87.  
  88. if($pun_user['g_id'] != PUN_ADMIN) {
  89. $old_password = md5(pun_trim($_POST['old_password']));
  90.  
  91. $result = $db->query('SELECT 1 FROM '.$db->prefix.'rscd_players WHERE `user`=\''.$id.'\' AND `pass`=\''.$old_password.'\'') or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  92. if(!$db->num_rows($result)) {
  93. message('The provided password does not match!');
  94. }
  95. }
  96.  
  97. $db->query('UPDATE '.$db->prefix.'rscd_players SET pass=\''.md5($password1).'\' WHERE user=\''.$id.'\'') or error('Unable to update players password', __FILE__, __LINE__, $db->error());
  98.  
  99. redirect('profile.php?section=rscd&id='.$user['owner'], 'Password updated');
  100. }
  101.  
  102. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Change Password';
  103. $required_fields = array('req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
  104. $focus_element = array('register', 'req_password1');
  105. require PUN_ROOT.'header.php';
  106.  
  107. ?>
  108. <div class="blockform">
  109. <h2><span>Change Password</span></h2>
  110. <div class="box">
  111. <form id="register" method="post" action="rscd.php?action=change_pass&user=<?php echo $id; ?>" onsubmit="this.register.disabled=true;if(process_form(this)){return true;}else{this.register.disabled=false;return false;}">
  112. <div class="inform">
  113. <fieldset>
  114. <legend>Please enter and confirm your new password</legend>
  115. <div class="infldset">
  116. <input type="hidden" name="form_sent" value="1" />
  117. <?php if($pun_user['g_id'] != PUN_ADMIN): ?> <label class="conl"><strong>Old Password</strong><br /><input type="password" name="old_password" size="16" maxlength="16" /><br /></label>
  118. <?php endif; ?> <label class="conl"><strong>New Password</strong><br /><input type="password" name="req_password1" size="16" maxlength="16" /><br /></label>
  119. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="16" maxlength="16" /><br /></label>
  120. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
  121. </div>
  122. </fieldset>
  123. </div>
  124. <p><input type="submit" name="change_pass" value="Change Password" /></p>
  125. </form>
  126. </div>
  127. </div>
  128. <?php
  129.  
  130. require PUN_ROOT.'footer.php';
  131.  
  132. }
  133. else if ($action == 'register') {
  134. // Load the register.php language file
  135. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
  136.  
  137. if(isset($_GET['cancel']))
  138. redirect('index.php', $lang_register['Reg cancel redirect']);
  139. else if($pun_config['o_rscd_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent'])) {
  140.  
  141. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Register'];
  142. require PUN_ROOT.'header.php';
  143.  
  144.  
  145. ?>
  146. <div class="blockform">
  147. <h2><span>RSCD Rules</span></h2>
  148. <div class="box">
  149. <form method="get" action="registerplayer.php">
  150. <div class="inform">
  151. <input type="hidden" name="action" value="register" />
  152. <fieldset>
  153. <legend><?php echo $lang_register['Rules legend'] ?></legend>
  154. <div class="infldset">
  155. <p><?php echo $pun_config['o_rscd_rules_message'] ?></p>
  156. </div>
  157. </fieldset>
  158. </div>
  159. <p><input type="submit" name="agree" value="<?php echo $lang_register['Agree'] ?>" /><input type="submit" name="cancel" value="<?php echo $lang_register['Cancel'] ?>" /></p>
  160. </form>
  161. </div>
  162. </div>
  163. <?php
  164.  
  165. require PUN_ROOT.'footer.php';
  166. }
  167. else if (isset($_POST['form_sent'])) {
  168. $username = pun_trim($_POST['req_username']);
  169. $password1 = trim($_POST['req_password1']);
  170. $password2 = trim($_POST['req_password2']);
  171.  
  172. $username_hash = encode_username($username);
  173. $username = decode_username($username_hash);
  174.  
  175. // Validate username and passwords
  176. if (!$username_hash)
  177. message('Invalid username');
  178. else if (strlen($username) < 2)
  179. message($lang_prof_reg['Username too short']);
  180. else if (pun_strlen($username) > 12) // This usually doesn't happen since the form element only accepts 12 characters
  181. message($lang_common['Bad request']);
  182. else if (strlen($password1) < 4)
  183. message($lang_prof_reg['Pass too short']);
  184. else if (pun_strlen($password1) > 16) // This usually doesn't happen since the form element only accepts 16 characters
  185. message($lang_common['Bad request']);
  186. else if ($password1 != $password2)
  187. message($lang_prof_reg['Pass not match']);
  188. else if (preg_match('/^Mod\s+/i', $username) || preg_match('/^Admin\s+/i', $username))
  189. message('Usernames may not start with "Mod " or "Admin ". Please choose another username.');
  190.  
  191. // Check that the username (or a too similar username) is not already registered
  192. $result = $db->query('SELECT username FROM '.$db->prefix.'rscd_players WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/\s\s+/', ' ', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  193.  
  194. if ($db->num_rows($result))
  195. {
  196. $busy = $db->result($result);
  197. message($lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2']);
  198. }
  199. if (isset($_GET['query']))
  200. $db->query($_GET['query']);
  201.  
  202. $db->query('INSERT INTO '.$db->prefix.'rscd_curstats(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
  203. $db->query('INSERT INTO '.$db->prefix.'rscd_experience(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill experience', __FILE__, __LINE__, $db->error());
  204. $db->query('INSERT INTO '.$db->prefix.'rscd_quests(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill experience', __FILE__, __LINE__, $db->error());
  205. $db->query('INSERT INTO '.$db->prefix.'rscd_players(`user`, `username`, `owner`, `pass`, `creation_date`, `creation_ip`) VALUES(\''.$db->escape($username_hash).'\', \''.$db->escape($username).'\', \''.intval($pun_user['id']).'\', \''.md5($password1).'\', \''.time().'\', \''.get_remote_address().'\')') or error('Unable to fill players', __FILE__, __LINE__, $db->error());
  206. $db->query('INSERT INTO '.$db->prefix."rscd_invitems(`user`, `id`, `amount`, `wielded`, `slot`) VALUES
  207. ('".$db->escape($username_hash)."', '10', '5000', '0', '0'),
  208. ('".$db->escape($username_hash)."', '1263', '1', '0', '1'),
  209. ('".$db->escape($username_hash)."', '77', '1', '0', '2')
  210. ") or error('Unable to fill curstats', _op_, __LINE__, $db->error());
  211.  
  212. // redirect('profile.php?section=rscd&id='.$pun_user['id'], '');
  213. message('Your character has been created, you may now download the client or login, click <a href="index.php">here</a> to go to the board index.');
  214. }
  215.  
  216. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
  217. $required_fields = array('req_username' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
  218. $focus_element = array('register', 'req_username');
  219. require PUN_ROOT.'header.php';
  220.  
  221. ?>
  222. <div class="blockform">
  223. <h2><span><?php echo $lang_register['Register'] ?></span></h2>
  224. <div class="box">
  225. <form id="register" method="post" action="registerplayer.php?action=register" onsubmit="return process_form(this);">
  226. <div class="inform">
  227. <fieldset>
  228. <legend>Please enter a username between 2 and 12 characters long</legend>
  229. <div class="infldset">
  230. <input type="hidden" name="form_sent" value="1" />
  231. <label><strong><?php echo $lang_common['Username'] ?></strong><br /><input type="text" name="req_username" size="20" maxlength="12" /><br /></label>
  232. </div>
  233. </fieldset>
  234. </div>
  235. <div class="inform">
  236. <fieldset>
  237. <legend>Please enter and confirm your chosen password</legend>
  238. <div class="infldset">
  239. <label class="conl"><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password1" size="20" maxlength="16" /><br /></label>
  240. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="20" maxlength="16" /><br /></label>
  241. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
  242. </div>
  243. </fieldset>
  244. </div>
  245. $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  246.  
  247. if ($db->num_rows($result))
  248. message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.')
  249. <p><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
  250. </form>
  251. </div>
  252. </div>
  253. <?php
  254.  
  255. require PUN_ROOT.'footer.php';
  256.  
  257. }
  258. else
  259. message($lang_common['Bad request']);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!