<?phpdefine('PUN_ROOT', './');require PUN_ROOT.'include/common.php';if

1. <?php
2.  
3. define('PUN_ROOT', './');
4. require PUN_ROOT.'include/common.php';
5.  
6. if($pun_user['is_guest'])
7. message($lang_common['No permission']);
8.  
9. // Load the register.php language file
10. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
11.  
12. // Load the register.php/profile.php language file
13. require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
14.  
15. $action = isset($_GET['action']) ? $_GET['action'] : null;
16. require PUN_ROOT.'header.php';
17.  
18. if ($action == 'delete') {
19. $id = trim($_GET['user']);
20.  
21. $result = $db->query('SELECT username FROM '.$db->prefix. pk_players WHERE user="'.$username.'"') or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
22. if($db->num_rows($result))
23. message($lang_common['Bad request']);
24.  
25. $user = $db->fetch_assoc($result);
26.  
27. if($pun_user['g_id'] != PUN_ADMIN)
28. message($lang_common['No permission']);
29.  
30. if(isset($_POST['form_sent'])) {
31. $db->query('DELETE FROM '.$db->prefix.'pk_curstats WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete pk_curstats', __FILE__, __LINE__, $db->error());
32. $db->query('DELETE FROM '.$db->prefix.'pk_experience WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete pk_experience', __FILE__, __LINE__, $db->error());
33. $db->query('DELETE FROM '.$db->prefix.'pk_friends WHERE `user`=\''.$db->escape($id).'\' OR `friend`=\''.$db->escape($id).'\'') or error('Unable to delete pk_friends', __FILE__, __LINE__, $db->error());
34. $db->query('DELETE FROM '.$db->prefix.'pk_ignores WHERE `user`=\''.$db->escape($id).'\' OR `ignore`=\''.$db->escape($id).'\'') or error('Unable to delete pk_ignores', __FILE__, __LINE__, $db->error());
35. $db->query('DELETE FROM '.$db->prefix.'pk_invitems WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete pk_invitems', __FILE__, __LINE__, $db->error());
36. $db->query('DELETE FROM '.$db->prefix.'pk_players WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete pk_players', __FILE__, __LINE__, $db->error());
37. $db->query('DELETE FROM '.$db->prefix.'pk_reports WHERE `from`=\''.$db->escape($id).'\' OR `about`=\''.$db->escape($id).'\'') or error('Unable to delete pk_reports', __FILE__, __LINE__, $db->error());
38.  
39. session_name($id);
40.  
41. redirect('profile.php?section=rsca&id='.$pun_user['id'], 'Player deleted');
42.  
43. }
44.  
45. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Confirm Delete';
46. require PUN_ROOT.'header.php';
47. ?>
48. <div class="blockform">
49. <h2><span>Confirm Delete</span></h2>
50. <div class="box">
51. <form action="rscd.php?action=delete&user=<?php echo pun_htmlspecialchars($id); ?>" method="POST">
52. <div class="inform">
53. <fieldset>
54. <input type="hidden" name="form_sent" value="1" />
55. <legend>Delete Player</legend>
56. <div class="infldset" style="text-align:center">
57. <p><input type="submit" name="delete" value="Confirm Delete" style="width:200px" /></p>
58. <p>Please confirm you wish to delete the player "<?php echo pun_htmlspecialchars($user ['username']); ?>". <b>This action is not reversible!</b></p>
59. </div>
60. </fieldset>
61. </div>
62. </form>
63. </div>
64. </div>
65. <?php
66. require PUN_ROOT.'footer.php';
67.  
68. }
69. else if ($action == 'change_pass') {
70. $id = trim($_GET['user']);
71.  
72. $result = $db->query('SELECT pass FROM '.$db->prefix. 'pk_players WHERE user="'.$password.'"')or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
73. if(!$db->num_rows($result))
74.  
75.  
76. $user = $db->fetch_assoc($result);
77.  
78.  
79. if($user['owner'] != $pun_user['id'] && $pun_user['g_id'] != PUN_ADMIN)
80. message($lang_common['No permission']);
81.  
82. if(isset($_POST['form_sent'])) {
83. $password1 = trim($_POST['req_password1']);
84. $password2 = trim($_POST['req_password2']);
85.  
86. if (strlen($password1) < 4)
87. message($lang_prof_reg['Pass too short']);
88. else if ($password1 != $password2)
89. message($lang_prof_reg['Pass not match']);
90.  
91. if($pun_user['g_id'] != PUN_ADMIN) {
92. $old_password = md5(pun_trim($_POST['old_password']));
93.  
94. $result = $db->query('SELECT pass FROM '.$db->prefix.'pk_players WHERE `user`=\''.$password.'\' AND `pass`=\''.$old_password.'\'') or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
95. if(!$db->num_rows($result)) {
96. message('The provided password does not match!');
97. }
98. }
99.  
100. $db->query('UPDATE '.$db->prefix.'pk_players SET pass=\''.md5($password1).'\' WHERE user=\''.$id.'\'') or error('Unable to update players password', __FILE__, __LINE__, $db->error());
101.  
102. redirect('profile.php?section=rsca&id='.$pun_user['id'], 'Password updated');
103. }
104.  
105. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Change Password';
106. $required_fields = array('req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
107. $focus_element = array('register', 'req_password1');
108. require PUN_ROOT.'header.php';
109.  
110. ?>
111. <div class="blockform">
112. <h2><span>Change Password</span></h2>
113. <div class="box">
114. <form id="register" method="post" action="rscd.php?action=change_pass&user=<?php echo $id; ?>" onsubmit="this.register.disabled=true;if(process_form(this)){return true;}else{this.register.disabled=false;return false;}">
115. <div class="inform">
116. <fieldset>
117. <legend>Please enter and confirm your new password</legend>
118. <div class="infldset">
119. <input type="hidden" name="form_sent" value="1" />
120. <?php if($pun_user['g_id'] != PUN_ADMIN): ?> <label class="conl"><strong>Old Password</strong><br /><input type="password" name="old_password" size="16" maxlength="16" /><br /></label>
121. <?php endif; ?> <label class="conl"><strong>New Password</strong><br /><input type="password" name="req_password1" size="16" maxlength="16" /><br /></label>
122. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="16" maxlength="16" /><br /></label>
123. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
124. </div>
125. </fieldset>
126. </div>
127. <p><input type="submit" name="change_pass" value="Change Password" /></p>
128. </form>
129. </div>
130. </div>
131. <?php
132.  
133. require PUN_ROOT.'footer.php';
134.  
135. }
136. else if ($action == 'register') {
137. // Load the register.php language file
138. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
139.  
140. if(isset($_GET['cancel']))
141. redirect('index.php', $lang_register['Reg cancel redirect']);
142. else if($pun_config['o_rscd_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent'])) {
143.  
144. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Register'];
145. require PUN_ROOT.'header.php';
146.  
147.  
148. ?>
149. <div class="blockform">
150. <h2><span>RSCD Rules</span></h2>
151. <div class="box">
152. <form method="get" action="rscd.php">
153. <div class="inform">
154. <input type="hidden" name="action" value="register" />
155. <fieldset>
156. <legend><?php echo $lang_register['Rules legend'] ?></legend>
157. <div class="infldset">
158. <p><?php echo $pun_config['o_rscd_rules_message'] ?></p>
159. </div>
160. </fieldset>
161. </div>
162. <p><input type="submit" name="agree" value="<?php echo $lang_register['Agree'] ?>" /><input type="submit" name="cancel" value="<?php echo $lang_register['Cancel'] ?>" /></p>
163. </form>
164. </div>
165. </div>
166.  
167. <?php
168.  
169.  
170. require PUN_ROOT.'footer.php';
171. }
172. else if (isset($_POST['form_sent'])) {
173. $username = pun_trim($_POST['req_username']);
174. $password1 = trim($_POST['req_password1']);
175. $password2 = trim($_POST['req_password2']);
176.  
177.  
178. $username_hash = utf8_encode($username);
179. $username = utf8_decode($username_hash);
180.  
181. // Validate username and passwords
182. if (!$username_hash)
183. message('Invalid username');
184. else if (strlen($username) < 2)
185. message($lang_prof_reg['Username too short']);
186. else if (pun_strlen($username) > 12) // This usually doesn't happen since the form element only accepts 12 characters
187. message($lang_common['Bad request']);
188. else if (strlen($password1) < 4)
189. message($lang_prof_reg['Pass too short']);
190. else if (pun_strlen($password1) > 16) // This usually doesn't happen since the form element only accepts 16 characters
191. message($lang_common['Bad request']);
192. else if ($password1 != $password2)
193. message($lang_prof_reg['Pass not match']);
194. else if (preg_match('/^Mod\s+/i', $username) || preg_match('/^Admin\s+/i', $username))
195. message('Usernames may not start with "Mod " or "Admin ". Please choose another username.');
196.  
197. // Check that the username (or a too similar username) is not already registered
198. $result = $db->query('SELECT username FROM '.$db->prefix.'pk_players WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/\s\s+/', ' ', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
199.  
200. if ($db->num_rows($result))
201. {
202. $busy = $db->result($result);
203. message($lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2']);
204. }
205.  
206. $db->query('INSERT INTO '.$db->prefix.'pk_curstats(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
207. $db->query('INSERT INTO '.$db->prefix.'pk_experience(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill experience', __FILE__, __LINE__, $db->error());
208. $db->query('INSERT INTO '.$db->prefix.'pk_players(`user`, `username`, `owner`, `pass`, `creation_date`, `creation_ip`) VALUES(\''.$db->escape($username_hash).'\', \''.$db->escape($username).'\', \''.intval($pun_user['id']).'\', \''.md5($password1).'\', \''.time().'\', \''.get_remote_address().'\')') or error('Unable to fill players', __FILE__, __LINE__, $db->error());
209. $db->query('INSERT INTO '.$db->prefix."pk_invitems(`user`, `id`, `amount`, `wielded`, `slot`) VALUES
210. ('".$db->escape($username_hash)."', '10', '1000', '0', '0'),
211. ('".$db->escape($username_hash)."', '1263', '1', '0', '1'),
212. ('".$db->escape($username_hash)."', '77', '1', '0', '2')
213. ") or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
214.  
215. redirect('profile.php?section=rsca&id='.$pun_user['id'], 'Your rsc Online account has been created.');
216. }
217.  
218. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
219. $required_fields = array('req_username' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
220. $focus_element = array('register', 'req_username');
221. require PUN_ROOT.'header.php';
222.  
223. ?>
224. <div class="blockform">
225. <h2><span><?php echo $lang_register['Register'] ?></span></h2>
226. <div class="box">
227. <form id="register" method="post" action="rscd.php?action=register" onsubmit="return process_form(this);">
228. <div class="inform">
229. <fieldset>
230. <legend>Please enter a username between 2 and 12 characters long</legend>
231. <div class="infldset">
232. <input type="hidden" name="form_sent" value="1" />
233. <label><strong><?php echo $lang_common['Username'] ?></strong><br /><input type="text" name="req_username" size="20" maxlength="12" /><br /></label>
234. </div>
235. </fieldset>
236. </div>
237. <div class="inform">
238. <fieldset>
239. <legend>Please enter and confirm your chosen password</legend>
240. <div class="infldset">
241. <label class="conl"><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password1" size="20" maxlength="16" /><br /></label>
242. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="20" maxlength="16" /><br /></label>
243. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
244. </div>
245. </fieldset>
246. </div>
247. <p><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
248. </form>
249. </div>
250. </div>
251. <?php
252.  
253. require PUN_ROOT.'footer.php';
254.  
255. }
256. else
257. message($lang_common['Bad request']);
258. require PUN_ROOT.'footer.php';