API tools faq
paste
Guest User

Untitled

a guest
Dec 10th, 2017
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.20 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. define('PUN_ROOT', './');
  4. require PUN_ROOT.'include/common.php';
  5.  
  6. if($pun_user['is_guest'])
  7. message($lang_common['No permission']);
  8.  
  9. // Load the register.php language file
  10. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
  11.  
  12. // Load the register.php/profile.php language file
  13. require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
  14.  
  15. $action = isset($_GET['action']) ? $_GET['action'] : null;
  16.  
  17. if ($action == 'delete') {
  18. $id = trim($_GET['user']);
  19.  
  20. $result = $db->query('SELECT * FROM '.$db->prefix.'rsca2_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  21. if(!$db->num_rows($result))
  22. message($lang_common['Bad request']);
  23.  
  24. $user = $db->fetch_assoc($result);
  25.  
  26. if($pun_user['g_id'] != PUN_ADMIN)
  27. message($lang_common['No permission']);
  28.  
  29. if(isset($_POST['form_sent'])) {
  30. $db->query('DELETE FROM '.$db->prefix.'rsca2_curstats WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_curstats', __FILE__, __LINE__, $db->error());
  31. $db->query('DELETE FROM '.$db->prefix.'rsca2_experience WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_experience', __FILE__, __LINE__, $db->error());
  32. $db->query('DELETE FROM '.$db->prefix.'rsca2_friends WHERE `user`=\''.$db->escape($id).'\' OR `friend`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_friends', __FILE__, __LINE__, $db->error());
  33. $db->query('DELETE FROM '.$db->prefix.'rsca2_ignores WHERE `user`=\''.$db->escape($id).'\' OR `ignore`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_ignores', __FILE__, __LINE__, $db->error());
  34. $db->query('DELETE FROM '.$db->prefix.'rsca2_invitems WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_invitems', __FILE__, __LINE__, $db->error());
  35. $db->query('DELETE FROM '.$db->prefix.'rsca2_players WHERE `user`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_players', __FILE__, __LINE__, $db->error());
  36. $db->query('DELETE FROM '.$db->prefix.'rsca2_reports WHERE `from`=\''.$db->escape($id).'\' OR `about`=\''.$db->escape($id).'\'') or error('Unable to delete rsca2_reports', __FILE__, __LINE__, $db->error());
  37.  
  38. logoutuser($id);
  39.  
  40. redirect('profile.php?section=rsca&id='.$user['owner'], 'Player deleted');
  41. }
  42.  
  43. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Confirm Delete';
  44. require PUN_ROOT.'header.php';
  45. ?>
  46. <div class="blockform">
  47. <h2><span>Confirm Delete</span></h2>
  48. <div class="box">
  49. <form action="rscd.php?action=delete&user=<?php echo pun_htmlspecialchars($id); ?>" method="POST">
  50. <div class="inform">
  51. <fieldset>
  52. <input type="hidden" name="form_sent" value="1" />
  53. <legend>Delete Player</legend>
  54. <div class="infldset" style="text-align:center">
  55. <p><input type="submit" name="delete" value="Confirm Delete" style="width:200px" /></p>
  56. <p>Please confirm you wish to delete the player "<?php echo pun_htmlspecialchars($user['username']); ?>". <b>This action is not reversible!</b></p>
  57. </div>
  58. </fieldset>
  59. </div>
  60. </form>
  61. </div>
  62. </div>
  63. <?php
  64. require PUN_ROOT.'footer.php';
  65.  
  66. }
  67. else if ($action == 'change_pass') {
  68. $id = trim($_GET['user']);
  69.  
  70. $result = $db->query('SELECT * FROM '.$db->prefix.'rsca2_players WHERE `user`='.$id) or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  71. if(!$db->num_rows($result))
  72. message($lang_common['Bad request']);
  73.  
  74. $user = $db->fetch_assoc($result);
  75.  
  76. if($user['owner'] != $pun_user['id'] && $pun_user['g_id'] != PUN_ADMIN)
  77. message($lang_common['No permission']);
  78.  
  79. if(isset($_POST['form_sent'])) {
  80. $password1 = trim($_POST['req_password1']);
  81. $password2 = trim($_POST['req_password2']);
  82.  
  83. if (strlen($password1) < 4)
  84. message($lang_prof_reg['Pass too short']);
  85. else if ($password1 != $password2)
  86. message($lang_prof_reg['Pass not match']);
  87.  
  88. if($pun_user['g_id'] != PUN_ADMIN) {
  89. $old_password = md5(pun_trim($_POST['old_password']));
  90.  
  91. $result = $db->query('SELECT 1 FROM '.$db->prefix.'rsca2_players WHERE `user`=\''.$id.'\' AND `pass`=\''.$old_password.'\'') or error('Unable to fetch player info', __FILE__, __LINE__, $db->error());
  92. if(!$db->num_rows($result)) {
  93. message('The provided password does not match!');
  94. }
  95. }
  96.  
  97. $db->query('UPDATE '.$db->prefix.'rsca2_players SET pass=\''.md5($password1).'\' WHERE user=\''.$id.'\'') or error('Unable to update players password', __FILE__, __LINE__, $db->error());
  98.  
  99. redirect('profile.php?section=rsca&id='.$user['owner'], 'Password updated');
  100. }
  101.  
  102. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Change Password';
  103. $required_fields = array('req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
  104. $focus_element = array('register', 'req_password1');
  105. require PUN_ROOT.'header.php';
  106.  
  107. ?>
  108. <div class="blockform">
  109. <h2><span>Change Password</span></h2>
  110. <div class="box">
  111. <form id="register" method="post" action="rscd.php?action=change_pass&user=<?php echo $id; ?>" onsubmit="this.register.disabled=true;if(process_form(this)){return true;}else{this.register.disabled=false;return false;}">
  112. <div class="inform">
  113. <fieldset>
  114. <legend>Please enter and confirm your new password</legend>
  115. <div class="infldset">
  116. <input type="hidden" name="form_sent" value="1" />
  117. <?php if($pun_user['g_id'] != PUN_ADMIN): ?> <label class="conl"><strong>Old Password</strong><br /><input type="password" name="old_password" size="16" maxlength="16" /><br /></label>
  118. <?php endif; ?> <label class="conl"><strong>New Password</strong><br /><input type="password" name="req_password1" size="16" maxlength="16" /><br /></label>
  119. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="16" maxlength="16" /><br /></label>
  120. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
  121. </div>
  122. </fieldset>
  123. </div>
  124. <p><input type="submit" name="change_pass" value="Change Password" /></p>
  125. </form>
  126. </div>
  127. </div>
  128. <?php
  129.  
  130. require PUN_ROOT.'footer.php';
  131.  
  132. }
  133. else if ($action == 'register') {
  134. // Load the register.php language file
  135. require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';
  136.  
  137. if(isset($_GET['cancel']))
  138. redirect('index.php', $lang_register['Reg cancel redirect']);
  139. else if($pun_config['o_rscd_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent'])) {
  140.  
  141. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Register'];
  142. require PUN_ROOT.'header.php';
  143.  
  144.  
  145. ?>
  146. <div class="blockform">
  147. <h2><span>RSCD Rules</span></h2>
  148. <div class="box">
  149. <form method="get" action="rscd.php">
  150. <div class="inform">
  151. <input type="hidden" name="action" value="register" />
  152. <fieldset>
  153. <legend><?php echo $lang_register['Rules legend'] ?></legend>
  154. <div class="infldset">
  155. <p><?php echo $pun_config['o_rscd_rules_message'] ?></p>
  156. </div>
  157. </fieldset>
  158. </div>
  159. <p><input type="submit" name="agree" value="<?php echo $lang_register['Agree'] ?>" /><input type="submit" name="cancel" value="<?php echo $lang_register['Cancel'] ?>" /></p>
  160. </form>
  161. </div>
  162. </div>
  163. <?php
  164.  
  165. require PUN_ROOT.'footer.php';
  166. }
  167. else if (isset($_POST['form_sent'])) {
  168. $username = pun_trim($_POST['req_username']);
  169. $password1 = trim($_POST['req_password1']);
  170. $password2 = trim($_POST['req_password2']);
  171.  
  172. $username_hash = encode_username($username);
  173. $username = decode_username($username_hash);
  174.  
  175. // Validate username and passwords
  176. if (!$username_hash)
  177. message('Invalid username');
  178. else if (strlen($username) < 2)
  179. message($lang_prof_reg['Username too short']);
  180. else if (pun_strlen($username) > 12) // This usually doesn't happen since the form element only accepts 12 characters
  181. message($lang_common['Bad request']);
  182. else if (strlen($password1) < 4)
  183. message($lang_prof_reg['Pass too short']);
  184. else if (pun_strlen($password1) > 16) // This usually doesn't happen since the form element only accepts 16 characters
  185. message($lang_common['Bad request']);
  186. else if ($password1 != $password2)
  187. message($lang_prof_reg['Pass not match']);
  188. else if (preg_match('/^Mod\s+/i', $username) || preg_match('/^Admin\s+/i', $username))
  189. message('Usernames may not start with "Mod " or "Admin ". Please choose another username.');
  190.  
  191. // Check that the username (or a too similar username) is not already registered
  192. $result = $db->query('SELECT username FROM '.$db->prefix.'rsca2_players WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/\s\s+/', ' ', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
  193.  
  194. if ($db->num_rows($result))
  195. {
  196. $busy = $db->result($result);
  197. message($lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2']);
  198. }
  199.  
  200. $db->query('INSERT INTO '.$db->prefix.'rsca2_curstats(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
  201. $db->query('INSERT INTO '.$db->prefix.'rsca2_experience(`user`) VALUES(\''.$db->escape($username_hash).'\')') or error('Unable to fill experience', __FILE__, __LINE__, $db->error());
  202. $db->query('INSERT INTO '.$db->prefix.'rsca2_players(`user`, `username`, `owner`, `pass`, `creation_date`, `creation_ip`) VALUES(\''.$db->escape($username_hash).'\', \''.$db->escape($username).'\', \''.intval($pun_user['id']).'\', \''.md5($password1).'\', \''.time().'\', \''.get_remote_address().'\')') or error('Unable to fill players', __FILE__, __LINE__, $db->error());
  203. $db->query('INSERT INTO '.$db->prefix."rsca2_invitems(`user`, `id`, `amount`, `wielded`, `slot`) VALUES
  204. ('".$db->escape($username_hash)."', '10', '1000', '0', '0'),
  205. ('".$db->escape($username_hash)."', '1263', '1', '0', '1'),
  206. ('".$db->escape($username_hash)."', '77', '1', '0', '2')
  207. ") or error('Unable to fill curstats', __FILE__, __LINE__, $db->error());
  208.  
  209. redirect('profile.php?section=rsca&id='.$pun_user['id'], 'Your Piru Online account has been created.');
  210. }
  211.  
  212. $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
  213. $required_fields = array('req_username' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass']);
  214. $focus_element = array('register', 'req_username');
  215. require PUN_ROOT.'header.php';
  216.  
  217. ?>
  218. <div class="blockform">
  219. <h2><span><?php echo $lang_register['Register'] ?></span></h2>
  220. <div class="box">
  221. <form id="register" method="post" action="rscd.php?action=register" onsubmit="return process_form(this);">
  222. <div class="inform">
  223. <fieldset>
  224. <legend>Please enter a username between 2 and 12 characters long</legend>
  225. <div class="infldset">
  226. <input type="hidden" name="form_sent" value="1" />
  227. <label><strong><?php echo $lang_common['Username'] ?></strong><br /><input type="text" name="req_username" size="20" maxlength="12" /><br /></label>
  228. </div>
  229. </fieldset>
  230. </div>
  231. <div class="inform">
  232. <fieldset>
  233. <legend>Please enter and confirm your chosen password</legend>
  234. <div class="infldset">
  235. <label class="conl"><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password1" size="20" maxlength="16" /><br /></label>
  236. <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="20" maxlength="16" /><br /></label>
  237. <p class="clearb">Passwords can be between 4 and 16 characters long. Passwords are case sensitive.</p>
  238. </div>
  239. </fieldset>
  240. </div>
  241. <p><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
  242. </form>
  243. </div>
  244. </div>
  245. <?php
  246.  
  247. require PUN_ROOT.'footer.php';
  248.  
  249. }
  250. else
  251. message($lang_common['Bad request']);
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!