Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $page = "Character Management";
- include("main_header.php");
- ?>
- <div class="grid_8 alpha" id="left-column">
- <div class="left-column-full">
- <h1>Character Management</h1>
- <?php
- if($pun_user['is_guest']){
- echo "You must be logged in to view this page.";
- } else {
- $totalchars = $db->num_rows($db->query("SELECT * FROM pk_players WHERE owner = '" . $pun_user['id'] . "'"));
- $switchAct = isset($_GET['act']) ? strtolower(trim($_GET['act'])) : null;
- $cmsPre = "CMS Response<br />";
- $cmsSuf = "";
- echo "All characters on a single forum account share the same bank. You are limited to 10 characters per forum account. You will be unable to multi-log two characters on the same forum account.";
- if(empty($pun_user['del_pin']) && $switchAct != 'set_pin'){
- echo "<br /><br />You have not yet set your character deletion pin, would like to set one <a href='?query=cms&act=set_pin'>now</a>?";
- }
- if($switchAct != 'addnew' && $totalchars < 10){
- echo "
- <br /><br />Click <a href='?query=cms&act=addnew'>here</a> if you wish to add a new character.
- ";
- }
- if($totalchars >= 10){
- echo "<br /><br />Sorry but you currently have 10 characters and can not add more. You must either delete one or make a new forum account.";
- }
- echo "
- </div><div class='left-column-full'>
- <h1>My Existing Characters:</h1>";
- $fetchCharacters = $db->query("SELECT * FROM pk_players WHERE owner = '" . $pun_user['id'] . "'");
- if($db->num_rows($fetchCharacters) > 0){
- echo "
- <table style='width:100%;'>
- <tr>
- <td><strong>Character</strong></td>
- <td><strong>Password</strong></td>
- <td><strong>Highscores</strong></td>
- <td><strong>Delete</strong></td>
- </tr>
- ";
- while($r = $db->fetch_assoc($fetchCharacters)){
- $optCheck = $db->fetch_assoc($db->query("SELECT highscoreopt FROM pk_experience WHERE user = '" . $r['user'] . "'"));
- echo "
- <tr>
- <td><a href='highscores.php?query=highscores&user=" . $r['username'] . "&type=1'>" . $r['username'] . "</a></td>
- <td><a href='?query=cms&act=changepass&char=".$r['user']."'>Change</a></td>
- <td>" . (($optCheck['highscoreopt'] == 0) ? "<a href='?query=cms&char=" . $r['user'] . "&act=opt'>Hide</a>" : "<a href='?query=cms&act=opt&char=" . $r['user'] . "'>Show</a>") . "</td>
- <td><a href='?query=cms&act=deletecharacter&char=".$r['user']."'>X</a></td>
- </tr>";
- }
- echo "</table>";
- } else {
- echo "You have not yet <a href='?query=cms&act=addnew'>added a character</a> to this account.";
- }
- switch($switchAct){
- case "set_pin":
- if(!empty($pun_user['del_pin'])){
- echo createTable("You have already set a PIN.");
- } else {
- if(isset($_POST['set_pin'])){
- $pin1 = isset($_POST['pin_1']) ? (is_numeric($_POST['pin_1']) ? $_POST['pin_1'] : null) : null;
- $pin2 = isset($_POST['pin_2']) ? (is_numeric($_POST['pin_2']) ? $_POST['pin_2'] : null) : null;
- if($pin1 == null || $pin2 == null){
- echo createTable("You need to fill in both pin inputs, and ensure that the pin you entered is numeric.");
- } else if ( strlen($pin1) != 4 || strlen($pin2) != 4){
- echo createTable("Please ensure that your pin is 4 characters in length.");
- } else if ($pin1 != $pin2){
- echo createTable("Please ensure that your pins match eachother.");
- } else {
- $set_pin = $db->query("UPDATE users SET del_pin = '" . $pin1 . "' WHERE id = '" . $pun_user['id'] . "'");
- echo createTable("You have successfully set your character management pin. <a href='?query=cms'>Refreshing...</a><meta http-equiv='refresh' content='1;url=?query=cms' />", "Success");
- }
- }
- echo "
- </div><div class='left-column-full'>
- <form method='post' action='?query=cms&act=set_pin'>
- <h1>Set Deletion Pin</h1>
- If you are going to set a character deletion pin, please ensure that you can REMEMBER it, as this will become always required in order to delete characters.<br />
- Pin:<br />
- <input type='password' size='4' maxlength='4' name='pin_1' value='" . (isset($_POST['pin_1']) ? $_POST['pin_1'] : null) . "' /> <input type='password' size='4' maxlength='4' name='pin_2' value='" . (isset($_POST['pin_2']) ? $_POST['pin_2'] : null) . "' /><br />
- <input style='margin-top: 10px' type='submit' name='set_pin' value='Set My Pin' />
- <a href='?query=cms'>Cancel</a>
- </form>
- ";
- }
- break;
- case "opt":
- $cleanChar = (is_numeric($_GET['char']) && $_GET['char'] > 0) ? trim($_GET['char']) : null;
- if(isset($cleanChar)){
- $findInfo = $db->fetch_assoc($db->query("SELECT * FROM pk_players WHERE user = '" . $db->escape($cleanChar) . "'"));
- if($findInfo['owner'] == $pun_user['id']){
- $expSelect = $db->fetch_assoc($db->query("SELECT * FROM pk_experience WHERE user = '" . $findInfo['user'] . "'"));
- if($expSelect['highscoreopt'] == 0){
- $db->query("UPDATE pk_experience SET highscoreopt = '1' WHERE user = '" . $db->escape($cleanChar) . "'") or die();
- #echo "Setting to hide";echo "<a href='?query=cms'>Refreshing...</a><meta http-equiv='refresh' content='1;url=?query=cms' />";
- } else {
- #echo "Setting to show";echo "<a href='?query=cms'>Refreshing...</a><meta http-equiv='refresh' content='1;url=?query=cms' />";
- $db->query("UPDATE pk_experience SET highscoreopt = '0' WHERE user = '" . $db->escape($cleanChar) . "'") or die();
- }
- }
- }
- break;
- case "addnew":
- if($totalchars >= 10){
- echo $cmsPre . "Sorry but you have 10 characters and can not create anymore." . $cmsSuf;
- } else {
- if(isset($_POST['submit_add_char'])){
- $char_username = isset($_POST['char_username']) ? pun_trim($_POST['char_username']) : null;
- $char_password_1 = isset($_POST['char_password_1']) ? $_POST['char_password_1'] : null;
- $char_password_2 = isset($_POST['char_password_2']) ? $_POST['char_password_2'] : null;
- if($char_username == null || $char_password_1 == null || $char_password_2 == null){
- echo $cmsPre . "Please fill in every field." . $cmsSuf;
- } else if (preg_match('/^Mod\s+/i', $char_username) || preg_match('/^Admin\s+/i', $char_username)){
- echo $cmsPre . "Sorry, but you can not create a character that begins with \"Mod\" or \"Admin\"" . $cmsSuf;
- } else if (strlen($char_username) < 2 || strlen($char_username) > 10){
- echo $cmsPre . "Please make sure your username is 2-10 characters in length." . $cmsSuf;
- } else if(!preg_match("/^[a-zA-Z0-9\s]+?$/i",$char_username)){
- echo $cmsPre . "Your username contained an invalid character." . $cmsSuf;
- } else if(strlen($char_password_1) < 5 || strlen($char_password_2) > 16){
- echo $cmsPre . "Your password must be from 5-16 characters in length." . $cmsSuf;
- } else if($char_password_1 != $char_password_2){
- echo $cmsPre. "Your passwords did not match." . $cmsSuf;
- } else {
- $now=time();
- #//Create IGN-Profile
- $char_encode = encode_username($char_username);
- $char_decode = $char_username;
- $dbCheck = $db->query("SELECT * FROM pk_players WHERE username = '" . $db->escape($char_decode) . "'");
- if($db->num_rows($dbCheck) > 0){
- echo $cmsPre . "Sorry but the username '" . $char_decode . "' is already in use." . $cmsSuf;
- } else {
- $db->query("INSERT INTO pk_curstats (user) VALUES ('" . $db->escape($char_encode) . "');");
- $db->query("INSERT INTO pk_experience (user) VALUES ('" . $db->escape($char_encode) . "');");
- $db->query("INSERT INTO pk_players (user,username,owner,pass,creation_date,creation_ip) VALUES ('" . $char_encode . "', '" . $db->escape($char_decode) . "', '" . $pun_user['id'] . "', '" . md5($char_password_1) . "', '".$now."', '". $_SERVER['REMOTE_ADDR'] ."');");
- // Below adds Sleeping Bag, Klanks, Ruby Ammy, I2h
- $db->query("INSERT INTO pk_bank (user,id,amount,slot) VALUES
- ('" . $char_encode . "', '60', '3', '0'),
- ('" . $char_encode . "', '190', '100', '1'),
- ('" . $char_encode . "', '235', '2', '2'),
- ('" . $char_encode . "', '314', '2', '3'),
- ('" . $char_encode . "', '316', '2', '4'),
- ('" . $char_encode . "', '317', '2', '5'),
- ('" . $char_encode . "', '388', '2', '6'),
- ('" . $char_encode . "', '389', '2', '7'),
- ('" . $char_encode . "', '33', '100', '8'),
- ('" . $char_encode . "', '31', '100', '9'),
- ('" . $char_encode . "', '35', '100', '10'),
- ('" . $char_encode . "', '370', '50000', '11');");
- echo $cmsPre . "<style type='text/css'>#createNewChar{display:none;}</style><meta http-equiv='refresh' content='1;url=?query=cms' />Your new character '".$char_decode."' has been added, <a href='?query=cms'>refreshing momentarily</a>." . $cmsSuf;
- }
- }
- }
- echo "
- </div><div class='left-column-full'>
- <form method='post' id='createNewChar'>
- <h1>Add Character</h1>
- Username:<br />
- <input type='text' name='char_username' value='" . (isset($_POST['char_username']) ? $_POST['char_username'] : null) . "' maxlength='11' /><br />
- Password:<br />
- <input type='password' name='char_password_1' value='" . (isset($_POST['char_password_1']) ? $_POST['char_password_1'] : null) . "' maxlength='16' />
- <input type='password' name='char_password_2' value='" . (isset($_POST['char_password_2']) ? $_POST['char_password_2'] : null) . "' maxlength='16' /><br />
- <input style='margin-top: 10px;' type='submit' value='Add Character' name='submit_add_char' />
- <a href='?query=cms'>Cancel</a>
- </form>
- ";
- }
- break;
- case "changepass":
- $grab_char_id = isset($_GET['char']) ? $_GET['char'] : null;
- if(is_numeric($grab_char_id)){
- $lookupinfo = $db->fetch_assoc($db->query("SELECT * FROM pk_players WHERE user = '".$db->escape($grab_char_id)."'"));
- if($lookupinfo['owner'] == $pun_user['id']){
- if(isset($_POST['changepass'])){
- $password1 = $_POST['char_password_1'];
- $password2 = $_POST['char_password_2'];
- if(strlen($password1) < 5 || strlen($password2) > 16){
- echo $cmsPre . "Password must be from 5-16 characters in length." . $cmsSuf;
- } else if ($password1 != $password2){
- echo $cmsPre . "Your passwords did not match." . $cmsSuf;
- } else {
- $db->query("UPDATE pk_players SET pass = '" . md5($password1) . "' WHERE user = '" . $db->escape($grab_char_id) . "'");
- echo $cmsPre . "Password successfully updated." . $cmsSuf;
- }
- } else {
- echo "</div>
- <div class='left-column-full'>
- <form method='post'>
- <h1>Change Password</h1>
- Enter Password<br />
- <input type='password' name='char_password_1' maxlength='16' /> <input type='password' name='char_password_2' maxlength='16' /><br />
- <input style='margin-top: 10px;' type='submit' value='Change Password' name='changepass' />
- <a href='?query=cms'>Cancel</a>
- </form>
- ";
- }
- } else {
- echo $cmsPre . "This is not your character." . $cmsSuf;
- }
- } else {
- echo $cmsPre . "Invalid Character ID." . $cmsSuf;
- }
- break;
- case "deletecharacter":
- $grab_char_id = isset($_GET['char']) ? $_GET['char'] : null;
- if(is_numeric($grab_char_id)){
- $checkdata = $db->fetch_assoc($db->query("SELECT * FROM pk_players WHERE user = '" . $db->escape($grab_char_id) . "'"));
- if($checkdata['owner'] == $pun_user['id']){
- if(isset($_POST['deletechar'])){
- if(!empty($pun_user['del_pin']) && $_POST['deletion_pin'] != $pun_user['del_pin']){
- echo createTable("The pin you entered was incorrect... <meta http-equiv='refresh' content='1;url=?query=cms'><a href='?query=cms'>refreshing momentarily</a>.");
- return;
- }
- $db->query("DELETE FROM pk_players WHERE user = '" . $db->escape($grab_char_id) . "'");
- $db->query("DELETE FROM pk_curstats WHERE user = '" . $db->escape($grab_char_id) . "'");
- $db->query("DELETE FROM pk_experience WHERE user = '" . $db->escape($grab_char_id) . "'");
- $db->query("DELETE FROM pk_invitems WHERE user = '" . $db->escape($grab_char_id). "'");
- $db->query("DELETE FROM pk_logins WHERE user = '" . $db->escape($grab_char_id) . "'");
- #echo $cmsPre . "<meta http-equiv='refresh' content='1;url=?query=cms'>Your character has been successfully deleted, <a href='?query=cms'>refreshing momentarily</a>." . $cmsSuf;
- } else {
- echo "</div><div class='left-column-full'>
- <form method='post'>
- Delete confirmation for '".$checkdata['username']."'
- Are you sure you wish to delete this character? This action is totally irreversible! <br />
- ";
- if(isset($pun_user['del_pin'])){
- echo "
- Enter Deletion Pin:<br />
- <input type='password' name='deletion_pin' value='' size='4' maxlength='4' /><br />
- ";
- }
- echo "
- <input style='margin-top:10px;' type='submit' value='Delete Character' name='deletechar' />
- <a href='?query=cms'>Cancel</a>
- </form>
- ";
- }
- } else {
- echo $cmsPre . "This is not your character." . $cmsSuf;
- }
- } else {
- echo $cmsPre . "Invalid Character ID." . $cmsSuf;
- }
- break;
- default:
- break;
- }
- echo "
- <br />";
- }
- ?>
- </div>
- </div>
- <?php
- include("main_footer.php");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement