<?php $page = "Character Management";include("main_header.php");?> <div

1. <?php
2. $page = "Character Management";
3. include("main_header.php");
4. ?>
5. <div class="grid_8 alpha" id="left-column">
6. <div class="left-column-full">
7. <h1>Character Management</h1>
8. <?php
9. if($pun_user['is_guest']){
10. echo "You must be logged in to view this page.";
11. } else {
12. $totalchars = $db->num_rows($db->query("SELECT * FROM pk_players WHERE owner = '" . $pun_user['id'] . "'"));
13. $switchAct = isset($_GET['act']) ? strtolower(trim($_GET['act'])) : null;
14. $cmsPre = "CMS Response<br />";
15. $cmsSuf = "";
16. echo "All characters on a single forum account share the same bank. You are limited to 10 characters per forum account. You will be unable to multi-log two characters on the same forum account.";
17. if(empty($pun_user['del_pin']) && $switchAct != 'set_pin'){
18. echo "<br /><br />You have not yet set your character deletion pin, would like to set one <a href='?query=cms&act=set_pin'>now</a>?";
19. }
20.  
21. if($switchAct != 'addnew' && $totalchars < 10){
22. echo "
23. <br /><br />Click <a href='?query=cms&act=addnew'>here</a> if you wish to add a new character.
24. ";
25. }
26. if($totalchars >= 10){
27. echo "<br /><br />Sorry but you currently have 10 characters and can not add more. You must either delete one or make a new forum account.";
28. }
29. echo "
30. </div><div class='left-column-full'>
31. <h1>My Existing Characters:</h1>";
32. $fetchCharacters = $db->query("SELECT * FROM pk_players WHERE owner = '" . $pun_user['id'] . "'");
33. if($db->num_rows($fetchCharacters) > 0){
34.  
35. echo "
36. <table style='width:100%;'>
37. <tr>
38. <td><strong>Character</strong></td>
39. <td><strong>Password</strong></td>
40. <td><strong>Highscores</strong></td>
41. <td><strong>Delete</strong></td>
42. </tr>
43. ";
44. while($r = $db->fetch_assoc($fetchCharacters)){
45. $optCheck = $db->fetch_assoc($db->query("SELECT highscoreopt FROM pk_experience WHERE user = '" . $r['user'] . "'"));
46. echo "
47. <tr>
48. <td><a href='highscores.php?query=highscores&user=" . $r['username'] . "&type=1'>" . $r['username'] . "</a></td>
49. <td><a href='?query=cms&act=changepass&char=".$r['user']."'>Change</a></td>
50. <td>" . (($optCheck['highscoreopt'] == 0) ? "<a href='?query=cms&char=" . $r['user'] . "&act=opt'>Hide</a>" : "<a href='?query=cms&act=opt&char=" . $r['user'] . "'>Show</a>") . "</td>
51. <td><a href='?query=cms&act=deletecharacter&char=".$r['user']."'>X</a></td>
52. </tr>";
53. }
54. echo "</table>";
55. } else {
56. echo "You have not yet <a href='?query=cms&act=addnew'>added a character</a> to this account.";
57. }
58. switch($switchAct){
59. case "set_pin":
60. if(!empty($pun_user['del_pin'])){
61. echo createTable("You have already set a PIN.");
62. } else {
63. if(isset($_POST['set_pin'])){
64. $pin1 = isset($_POST['pin_1']) ? (is_numeric($_POST['pin_1']) ? $_POST['pin_1'] : null) : null;
65. $pin2 = isset($_POST['pin_2']) ? (is_numeric($_POST['pin_2']) ? $_POST['pin_2'] : null) : null;
66. if($pin1 == null || $pin2 == null){
67. echo createTable("You need to fill in both pin inputs, and ensure that the pin you entered is numeric.");
68. } else if ( strlen($pin1) != 4 || strlen($pin2) != 4){
69. echo createTable("Please ensure that your pin is 4 characters in length.");
70. } else if ($pin1 != $pin2){
71. echo createTable("Please ensure that your pins match eachother.");
72. } else {
73. $set_pin = $db->query("UPDATE users SET del_pin = '" . $pin1 . "' WHERE id = '" . $pun_user['id'] . "'");
74. echo createTable("You have successfully set your character management pin. <a href='?query=cms'>Refreshing...</a><meta http-equiv='refresh' content='1;url=?query=cms' />", "Success");
75. }
76. }
77. echo "
78. </div><div class='left-column-full'>
79. <form method='post' action='?query=cms&act=set_pin'>
80. <h1>Set Deletion Pin</h1>
81. If you are going to set a character deletion pin, please ensure that you can REMEMBER it, as this will become always required in order to delete characters.<br />
82. Pin:<br />
83. <input type='password' size='4' maxlength='4' name='pin_1' value='" . (isset($_POST['pin_1']) ? $_POST['pin_1'] : null) . "' /> <input type='password' size='4' maxlength='4' name='pin_2' value='" . (isset($_POST['pin_2']) ? $_POST['pin_2'] : null) . "' /><br />
84. <input style='margin-top: 10px' type='submit' name='set_pin' value='Set My Pin' />
85. <a href='?query=cms'>Cancel</a>
86. </form>
87. ";
88. }
89. break;
90. case "opt":
91. $cleanChar = (is_numeric($_GET['char']) && $_GET['char'] > 0) ? trim($_GET['char']) : null;
92. if(isset($cleanChar)){
93. $findInfo = $db->fetch_assoc($db->query("SELECT * FROM pk_players WHERE user = '" . $db->escape($cleanChar) . "'"));
94. if($findInfo['owner'] == $pun_user['id']){
95. $expSelect = $db->fetch_assoc($db->query("SELECT * FROM pk_experience WHERE user = '" . $findInfo['user'] . "'"));
96. if($expSelect['highscoreopt'] == 0){
97. $db->query("UPDATE pk_experience SET highscoreopt = '1' WHERE user = '" . $db->escape($cleanChar) . "'") or die();
98. #echo "Setting to hide";echo "<a href='?query=cms'>Refreshing...</a><meta http-equiv='refresh' content='1;url=?query=cms' />";
99. } else {
100. #echo "Setting to show";echo "<a href='?query=cms'>Refreshing...</a><meta http-equiv='refresh' content='1;url=?query=cms' />";
101. $db->query("UPDATE pk_experience SET highscoreopt = '0' WHERE user = '" . $db->escape($cleanChar) . "'") or die();
102. }
103. }
104. }
105. break;
106. case "addnew":
107. if($totalchars >= 10){
108. echo $cmsPre . "Sorry but you have 10 characters and can not create anymore." . $cmsSuf;
109. } else {
110. if(isset($_POST['submit_add_char'])){
111. $char_username = isset($_POST['char_username']) ? pun_trim($_POST['char_username']) : null;
112. $char_password_1 = isset($_POST['char_password_1']) ? $_POST['char_password_1'] : null;
113. $char_password_2 = isset($_POST['char_password_2']) ? $_POST['char_password_2'] : null;
114. if($char_username == null || $char_password_1 == null || $char_password_2 == null){
115. echo $cmsPre . "Please fill in every field." . $cmsSuf;
116. } else if (preg_match('/^Mod\s+/i', $char_username) || preg_match('/^Admin\s+/i', $char_username)){
117. echo $cmsPre . "Sorry, but you can not create a character that begins with \"Mod\" or \"Admin\"" . $cmsSuf;
118. } else if (strlen($char_username) < 2 || strlen($char_username) > 10){
119. echo $cmsPre . "Please make sure your username is 2-10 characters in length." . $cmsSuf;
120. } else if(!preg_match("/^[a-zA-Z0-9\s]+?$/i",$char_username)){
121. echo $cmsPre . "Your username contained an invalid character." . $cmsSuf;
122. } else if(strlen($char_password_1) < 5 || strlen($char_password_2) > 16){
123. echo $cmsPre . "Your password must be from 5-16 characters in length." . $cmsSuf;
124. } else if($char_password_1 != $char_password_2){
125. echo $cmsPre. "Your passwords did not match." . $cmsSuf;
126. } else {
127. $now=time();
128. #//Create IGN-Profile
129. $char_encode = encode_username($char_username);
130. $char_decode = $char_username;
131. $dbCheck = $db->query("SELECT * FROM pk_players WHERE username = '" . $db->escape($char_decode) . "'");
132. if($db->num_rows($dbCheck) > 0){
133. echo $cmsPre . "Sorry but the username '" . $char_decode . "' is already in use." . $cmsSuf;
134. } else {
135. $db->query("INSERT INTO pk_curstats (user) VALUES ('" . $db->escape($char_encode) . "');");
136. $db->query("INSERT INTO pk_experience (user) VALUES ('" . $db->escape($char_encode) . "');");
137. $db->query("INSERT INTO pk_players (user,username,owner,pass,creation_date,creation_ip) VALUES ('" . $char_encode . "', '" . $db->escape($char_decode) . "', '" . $pun_user['id'] . "', '" . md5($char_password_1) . "', '".$now."', '". $_SERVER['REMOTE_ADDR'] ."');");
138. // Below adds Sleeping Bag, Klanks, Ruby Ammy, I2h
139. $db->query("INSERT INTO pk_bank (user,id,amount,slot) VALUES
140. ('" . $char_encode . "', '60', '3', '0'),
141. ('" . $char_encode . "', '190', '100', '1'),
142. ('" . $char_encode . "', '235', '2', '2'),
143. ('" . $char_encode . "', '314', '2', '3'),
144. ('" . $char_encode . "', '316', '2', '4'),
145. ('" . $char_encode . "', '317', '2', '5'),
146. ('" . $char_encode . "', '388', '2', '6'),
147. ('" . $char_encode . "', '389', '2', '7'),
148. ('" . $char_encode . "', '33', '100', '8'),
149. ('" . $char_encode . "', '31', '100', '9'),
150. ('" . $char_encode . "', '35', '100', '10'),
151. ('" . $char_encode . "', '370', '50000', '11');");
152. echo $cmsPre . "<style type='text/css'>#createNewChar{display:none;}</style><meta http-equiv='refresh' content='1;url=?query=cms' />Your new character '".$char_decode."' has been added, <a href='?query=cms'>refreshing momentarily</a>." . $cmsSuf;
153. }
154. }
155. }
156. echo "
157. </div><div class='left-column-full'>
158. <form method='post' id='createNewChar'>
159. <h1>Add Character</h1>
160. Username:<br />
161. <input type='text' name='char_username' value='" . (isset($_POST['char_username']) ? $_POST['char_username'] : null) . "' maxlength='11' /><br />
162. Password:<br />
163. <input type='password' name='char_password_1' value='" . (isset($_POST['char_password_1']) ? $_POST['char_password_1'] : null) . "' maxlength='16' />
164. <input type='password' name='char_password_2' value='" . (isset($_POST['char_password_2']) ? $_POST['char_password_2'] : null) . "' maxlength='16' /><br />
165. <input style='margin-top: 10px;' type='submit' value='Add Character' name='submit_add_char' />
166. <a href='?query=cms'>Cancel</a>
167. </form>
168. ";
169. }
170. break;
171. case "changepass":
172. $grab_char_id = isset($_GET['char']) ? $_GET['char'] : null;
173. if(is_numeric($grab_char_id)){
174. $lookupinfo = $db->fetch_assoc($db->query("SELECT * FROM pk_players WHERE user = '".$db->escape($grab_char_id)."'"));
175. if($lookupinfo['owner'] == $pun_user['id']){
176. if(isset($_POST['changepass'])){
177. $password1 = $_POST['char_password_1'];
178. $password2 = $_POST['char_password_2'];
179. if(strlen($password1) < 5 || strlen($password2) > 16){
180. echo $cmsPre . "Password must be from 5-16 characters in length." . $cmsSuf;
181. } else if ($password1 != $password2){
182. echo $cmsPre . "Your passwords did not match." . $cmsSuf;
183. } else {
184. $db->query("UPDATE pk_players SET pass = '" . md5($password1) . "' WHERE user = '" . $db->escape($grab_char_id) . "'");
185. echo $cmsPre . "Password successfully updated." . $cmsSuf;
186. }
187. } else {
188. echo "</div>
189. <div class='left-column-full'>
190. <form method='post'>
191. <h1>Change Password</h1>
192. Enter Password<br />
193. <input type='password' name='char_password_1' maxlength='16' /> <input type='password' name='char_password_2' maxlength='16' /><br />
194. <input style='margin-top: 10px;' type='submit' value='Change Password' name='changepass' />
195. <a href='?query=cms'>Cancel</a>
196. </form>
197. ";
198. }
199. } else {
200. echo $cmsPre . "This is not your character." . $cmsSuf;
201. }
202. } else {
203. echo $cmsPre . "Invalid Character ID." . $cmsSuf;
204. }
205. break;
206. case "deletecharacter":
207. $grab_char_id = isset($_GET['char']) ? $_GET['char'] : null;
208. if(is_numeric($grab_char_id)){
209. $checkdata = $db->fetch_assoc($db->query("SELECT * FROM pk_players WHERE user = '" . $db->escape($grab_char_id) . "'"));
210. if($checkdata['owner'] == $pun_user['id']){
211. if(isset($_POST['deletechar'])){
212. if(!empty($pun_user['del_pin']) && $_POST['deletion_pin'] != $pun_user['del_pin']){
213. echo createTable("The pin you entered was incorrect... <meta http-equiv='refresh' content='1;url=?query=cms'><a href='?query=cms'>refreshing momentarily</a>.");
214. return;
215. }
216. $db->query("DELETE FROM pk_players WHERE user = '" . $db->escape($grab_char_id) . "'");
217. $db->query("DELETE FROM pk_curstats WHERE user = '" . $db->escape($grab_char_id) . "'");
218. $db->query("DELETE FROM pk_experience WHERE user = '" . $db->escape($grab_char_id) . "'");
219. $db->query("DELETE FROM pk_invitems WHERE user = '" . $db->escape($grab_char_id). "'");
220. $db->query("DELETE FROM pk_logins WHERE user = '" . $db->escape($grab_char_id) . "'");
221. #echo $cmsPre . "<meta http-equiv='refresh' content='1;url=?query=cms'>Your character has been successfully deleted, <a href='?query=cms'>refreshing momentarily</a>." . $cmsSuf;
222. } else {
223. echo "</div><div class='left-column-full'>
224. <form method='post'>
225. Delete confirmation for '".$checkdata['username']."'
226. Are you sure you wish to delete this character? This action is totally irreversible! <br />
227. ";
228. if(isset($pun_user['del_pin'])){
229. echo "
230. Enter Deletion Pin:<br />
231. <input type='password' name='deletion_pin' value='' size='4' maxlength='4' /><br />
232. ";
233. }
234. echo "
235. <input style='margin-top:10px;' type='submit' value='Delete Character' name='deletechar' />
236. <a href='?query=cms'>Cancel</a>
237. </form>
238. ";
239. }
240. } else {
241. echo $cmsPre . "This is not your character." . $cmsSuf;
242. }
243. } else {
244. echo $cmsPre . "Invalid Character ID." . $cmsSuf;
245. }
246. break;
247. default:
248. break;
249. }
250.  
251. echo "
252. <br />";
253. }
254.  
255.  
256. ?>
257.  
258. </div>
259. </div>
260. <?php
261. include("main_footer.php");
262. ?>