<?phpclass logon { var $online = false; var $rank = 0; var $username;

1. <?php
2. class logon {
3. var $online = false;
4. var $rank = 0;
5. var $username;
6. var $acct;
7. var $c;
8. var $db;
9.  
10. function __construct() {
11. global $db;
12.  
13. $this->c = mysql_pconnect($db['logon']['host'], $db['logon']['user'], $db['logon']['pass']) or die("Realmd: ".mysql_error());
14. $this->db = $db['logon']['db'];
15.  
16. if(isset($_SESSION['user'])) {
17. $this->online = true;
18.  
19. $this->get_info();
20. }
21. }
22.  
23. function get_info() {
24. $user_q = mysql_query("SELECT `id`, `username` FROM ".$this->db.".account WHERE username='".$_SESSION['user']."'", $this->c);
25. $user_r = mysql_fetch_assoc($user_q);
26.  
27. $this->username = $user_r['username'];
28. $this->acct = $user_r['id'];
29.  
30. $rank_q = @mysql_query("SELECT gmlevel FROM ".$this->db.".account_access WHERE id='".$this->acct."' ORDER BY gmlevel DESC", $this->c) or die(mysql_error());
31. $rank_r = @mysql_fetch_assoc($rank_q);
32.  
33. if(isset($rank_r['gmlevel'])) {
34. $this->rank = $rank_r['gmlevel'];
35. }
36. }
37.  
38. function user_stats() {
39. global $cms;
40.  
41. $expansions = array(0 => "None", 1 => "TBC", 2 => "WotLK", 3 => "Cataclysm");
42.  
43. $user_q = mysql_query("SELECT id, username, last_login, last_ip, email, expansion FROM ".$this->db.".account WHERE username='".$_SESSION['user']."'", $this->c) or die(mysql_error());
44. $user_r = mysql_fetch_assoc($user_q);
45.  
46. $user_q2 = mysql_query("SELECT * FROM ".$cms->db.".account_info WHERE user='".$_SESSION['user']."'", $cms->c) or die(mysql_error());
47. $user_r2 = mysql_fetch_assoc($user_q2);
48.  
49. return '<table width="100%" style="font-size:11px;" cellpadding="0" cellspacing="0">
50. <tr>
51. <td width="50%"><b>Expansion:</b></td>
52. <td>'.$expansions[$user_r['expansion']].' [<a href="?p=changeexp">change</a>]</td>
53. </tr>
54. <tr>
55. <td><b>Last IP:</b></td>
56. <td>'.$user_r['last_ip'].'</td>
57. </tr>
58. <tr>
59. <td><b>Current IP:</b></td>
60. <td>'.$_SERVER['REMOTE_ADDR'].'</td>
61. </tr>
62. <tr>
63. <td>&nbsp;</td>
64. <td>&nbsp;</td>
65. </tr>
66. <tr>
67. <td><b>VP:</b></td>
68. <td>'.$user_r2['vp'].'</td>
69. </tr>
70. <tr>
71. <td><b>DP:</b></td>
72. <td>'.$user_r2['dp'].'</td>
73. </tr>
74. <tr>
75. <td><b>Shop orders:</b></td>
76. <td>'.$user_r2['purchases'].'</td>
77. </tr>
78. <tr>
79. <td>&nbsp;</td>
80. <td>&nbsp;</td>
81. </tr>
82. <tr>
83. <td><b>Forum rank:</b></td>
84. <td>'.$user_r2['forum_rank'].'</td>
85. </tr>
86. <tr>
87. <td><b>Reputation:</b></td>
88. <td>'.$user_r2['forum_reputation'].'</td>
89. </tr>
90. <tr>
91. <td><b>Threads:</b></td>
92. <td>'.$user_r2['forum_threads'].'</td>
93. </tr>
94. <tr>
95. <td><b>Posts:</b></td>
96. <td>'.$user_r2['forum_posts'].'</td>
97. </tr>
98. </table>
99. <center>
100. <input type="submit" value="User panel" onClick="window.location=\'?p=splash\'"/>
101. </center>';
102. }
103.  
104. function get_acc_info($u) {
105. global $cms;
106.  
107. $user_q = mysql_query("SELECT id, username, last_login, last_ip, email, expansion FROM ".$this->db.".account WHERE username='".$u."'", $this->c);
108. $user_r = mysql_fetch_assoc($user_q);
109.  
110. if(empty($user_r['username'])) {
111. echo "User doesn't exist.";
112. } else {
113.  
114. $user_q3 = mysql_query("SELECT gmlevel FROM ".$this->db.".account_access WHERE id='".$user_r['id']."'", $this->c);
115. $user_r3 = mysql_fetch_assoc($user_q3);
116.  
117. $user_q2 = mysql_query("SELECT * FROM ".$cms->db.".account_info WHERE user='".$u."'", $cms->c);
118. $user_r2 = mysql_fetch_assoc($user_q2);
119.  
120. if($user_r['expansion'] == 2) { $exp_sel[1] = "selected"; }
121. elseif($user_r['expansion'] == 3) { $exp_sel[4] = "selected"; } # cata
122. elseif($user_r['expansion'] == 1) { $exp_sel[2] = "selected"; }
123. elseif($user_r['expansion'] == 0) { $exp_sel[3] = "selected"; }
124.  
125. if(cataclysm) {
126. $cataclysm = '<option value="3" '.@$exp_sel[4].'>Cataclysm</option>';
127. }
128.  
129. echo '<table>
130. <tr class="table_top">
131. <td>Field</td>
132. <td>Data</td>
133. </tr>
134. <tr>
135. <td>Username (ID):</td>
136. <td>'.$user_r['username'].' ('.$user_r['id'].')<input type="hidden" id="acct" value="'.$user_r['id'].'" /></td>
137. </tr>
138. <tr>
139. <td>Email:</td>
140. <td>'.$user_r['email'].'</td>
141. </tr>
142. <tr>
143. <td>Expansion:</td>
144. <td><select id="expansion">
145. '.@$cataclysm.'
146. <option value="2" '.@$exp_sel[1].'>WoTLK</option>
147. <option value="1" '.@$exp_sel[2].'>TBC</option>
148. <option value="0" '.@$exp_sel[3].'>None</option>
149. </select></td>
150. </tr>
151. <tr>
152. <td>Last IP:</td>
153. <td>'.$user_r['last_ip'].'</td>
154. </tr>
155. <tr>
156. <td>Last login:</td>
157. <td>'.$user_r['last_login'].'</td>
158. </tr>
159. <tr>
160. <td>GM level:</td>
161. <td><input type="text" value="'.$user_r3['gmlevel'].'" id="gm"/></td>
162. </tr>
163. <tr>
164. <td>Forum rank:</td>
165. <td><input type="text" value="'.$user_r2['forum_rank'].'" id="forum_rank"/></td>
166. </tr>
167. <tr>
168. <td>Voting points:</td>
169. <td><input type="text" value="'.$user_r2['vp'].'" id="vp"/><input type="hidden" id="ovp" value="'.$user_r2['vp'].'" /></td>
170. </tr>
171. <tr>
172. <td>Voting points ever:</td>
173. <td>'.$user_r2['totalvp'].'<input type="hidden" id="tvp" value="'.$user_r2['totalvp'].'" /></td>
174. </tr>
175. <tr>
176. <td>Donation points:</td>
177. <td><input type="text" value="'.$user_r2['dp'].'" id="dp"/><input type="hidden" id="odp" value="'.$user_r2['dp'].'" /></td>
178. </tr>
179. <tr>
180. <td>Donation points ever:</td>
181. <td>'.$user_r2['totaldp'].'<input type="hidden" id="tdp" value="'.$user_r2['totaldp'].'" /></td>
182. </tr>
183. <tr>
184. <td>Shop purchases:</td>
185. <td>'.$user_r2['purchases'].'</td>
186. </tr>
187. </table>
188. <input type="submit" value="Update account!" onClick="update_user(\''.$user_r['username'].'\')" />
189. ';
190. }
191. }
192.  
193. function save_acc_info($id, $user, $exp, $gm) {
194. mysql_query("UPDATE ".$this->db.".account SET expansion='".$exp."' WHERE `username`='".$user."'", $this->c) or die(mysql_error());
195. mysql_query("UPDATE ".$this->db.".account_access SET gmlevel='".$gm."' WHERE `id`='".$id."'", $this->c) or die(mysql_error());
196. }
197.  
198. function register() {
199. if(!$this->online) {
200.  
201. $bot_string = rand(1000000, 9999999);
202.  
203. // validation
204. if(!isset($_POST['reg_submit'])) {
205. $r_user = "";
206. $r_pass = "";
207. $r_pass2 = "";
208. $r_email = "";
209. $r_bot = "";
210. } else {
211. $errors = 0;
212.  
213. if(!empty($_POST['reg_user']) && !$this->user_exists($_POST['reg_user']) && ctype_alnum($_POST['reg_user'])) {
214. $r_user = "&nbsp;&nbsp;<img src='images/icons/accept.png' />";
215. } else {
216. $errors++; $r_user = "&nbsp;&nbsp;<img src='images/icons/error.png' />";
217. }
218.  
219. if(!empty($_POST['reg_pass'])) {
220. $r_pass = "&nbsp;&nbsp;<img src='images/icons/accept.png' />";
221. } else {
222. $errors++; $r_pass = "&nbsp;&nbsp;<img src='images/icons/error.png' />";
223. }
224.  
225. if(!empty($_POST['reg_pass2']) && $_POST['reg_pass2'] === $_POST['reg_pass']) {
226. $r_pass2 = "&nbsp;&nbsp;<img src='images/icons/accept.png' />";
227. } else {
228. $errors++; $r_pass2 = "&nbsp;&nbsp;<img src='images/icons/error.png' />";
229. }
230.  
231. if(!empty($_POST['reg_email']) && filter_var($_POST['reg_email'], FILTER_VALIDATE_EMAIL)) {
232. $r_email = "&nbsp;&nbsp;<img src='images/icons/accept.png' />";
233. } else {
234. $errors++; $r_email = "&nbsp;&nbsp;<img src='images/icons/error.png' />";
235. }
236.  
237. if(empty($_POST['reg_bot']) || $_POST['reg_bot'] !== $_POST['reg_bot_ans']) {
238. $errors++; $r_bot = "&nbsp;&nbsp;<img src='images/icons/error.png' />";
239. } else {
240. $r_bot = "";
241. }
242.  
243. if($errors == 0) { $this->create_account($_POST['reg_user'], $_POST['reg_pass'], $_POST['reg_email'], $_POST['reg_flags']); }
244.  
245. }
246.  
247. if(cataclysm) {
248. $cataclysm = '<option value="3" selected>Cataclysm</option>';
249. }
250.  
251. return '<div class="right_box">
252. <div class="right_box_top">Account creation</div>
253. <div class="right_box_body">
254. <form action="?p=register" method="post">
255. <table class="table" width="550px" id="register">
256. <tr>
257. <td width="35%" style="padding-left:20px;">Username:</td>
258. <td width="65%"><input type="text" name="reg_user" value="'.@$_POST['reg_user'].'"/><span id="user">'.$r_user.'</span></td>
259. </tr>
260. <tr>
261. <td style="padding-left:20px;">Password:</td>
262. <td><input type="password" name="reg_pass" value="'.@$_POST['reg_pass'].'"/><span id="pass">'.$r_pass.'</span></td>
263. </tr>
264. <tr>
265. <td style="padding-left:20px;">Confirm password:</td>
266. <td><input type="password" name="reg_pass2" value="'.@$_POST['reg_pass2'].'"/><span id="pass2">'.$r_pass2.'</span></td>
267. </tr>
268. <tr>
269. <td style="padding-left:20px;">E-mail:</td>
270. <td><input type="text" name="reg_email" value="'.@$_POST['reg_email'].'"/><span id="email">'.$r_email.'</span></td>
271. </tr>
272. <tr>
273. <td style="padding-left:20px;">Expansion:</td>
274. <td><select name="reg_flags">
275. '.@$cataclysm.'
276. <option value="2">Wrath of the Lich King</option>
277. <option value="1">The Burning Crusade</option>
278. <option value="0">No expansion</option>
279. </select></td>
280. </tr>
281. <tr>
282. <td style="padding-left:20px;">Anti-spam: <img src="inc/captcha.php?t='.$bot_string.'" /></td>
283. <td><input type="hidden" value="'.$bot_string.'" readonly="true" name="reg_bot_ans" /><input type="text" name="reg_bot"/><span id="bot">'.$r_bot.'</span></td>
284. </tr>
285. </table>
286. <center><input type="hidden" name="reg_raf" value="'.@$_REQUEST['raf'].'"/>
287. <input type="submit" name="reg_submit" value="Create account!" /></center>
288. </form>
289. <div class="clear"></div>
290. </div>
291. </div>';
292. } else { header("Location: ?p=home"); }
293. }
294.  
295. function user_exists($u) {
296. $user_q = mysql_query("SELECT COUNT(*) as `exists` FROM ".$this->db.".account WHERE `username`='".mysql_real_escape_string($u)."'", $this->c);
297. $user_r = mysql_fetch_assoc($user_q);
298.  
299. if($user_r['exists'] == 0) {
300. return false;
301. } else {
302. return true;
303. }
304. }
305.  
306. function check_pass($u, $p) {
307. $pass_q = mysql_query("SELECT sha_pass_hash FROM ".$this->db.".account WHERE `username`='".mysql_real_escape_string($u)."'", $this->c);
308. $pass_r = mysql_fetch_assoc($pass_q);
309.  
310. if($pass_r['sha_pass_hash'] == sha1(strtoupper($u.":".$p))|| strtoupper(sha1(strtoupper($u.":".$p)))) {
311. return true;
312. } else {
313. return false;
314. }
315. }
316.  
317. function create_account($u, $p, $e, $f, $r) {
318.  
319. $u = mysql_real_escape_string($u);
320. $p = mysql_real_escape_string($p);
321. $e = mysql_real_escape_string($e);
322. $f = mysql_real_escape_string($f);
323. $r = mysql_real_escape_string($r);
324.  
325. if(raf && !empty($r))
326. {
327. $this->do_raf($r, $u);
328. }
329.  
330. mysql_query("INSERT INTO ".$this->db.".account(`username`, `sha_pass_hash`, `last_ip`, `email`, `expansion`) VALUES('".$u."', '".$p."', '".$_SERVER['REMOTE_ADDR']."', '".$e."', '".$f."')", $this->c) or die(mysql_error());
331.  
332. global $cms;
333. $cms->do_log("register", $_SERVER['REMOTE_ADDR'], $u, time(), date("Y-m-d H:i:s"));
334.  
335. header("Location: ?p=done");
336. }
337.  
338. private function do_raf($user, $reg_user)
339. {
340. global $cms;
341.  
342. $q = @mysql_query("SELECT lastip FROM ".$this->db.".account
343. WHERE `login` = '".mysql_real_escape_string($user)."'
344. LIMIT 1",
345. $this->c)or die(mysql_error());
346. $r = @mysql_fetch_assoc($q);
347.  
348. if(!empty($r['lastip']) && $r['lastip'] != $_SERVER['REMOTE_ADDR'])
349. {
350.  
351. $q2 = @mysql_query("SELECT COUNT(*) AS `total` FROM ".$cms->db.".raf_log
352. WHERE `referral` = '".mysql_real_escape_string($user)."'
353. AND user_ip = '".$_SERVER['REMOTE_ADDR']."'",
354. $cms->c) or die(mysql_error());
355. $r2 = @mysql_fetch_assoc($q2);
356.  
357. if($r2['total'] == 0)
358. {
359. if(raf_reward_type == "vp")
360. {
361. mysql_query("UPDATE ".$cms->db.".account_info
362. SET vp = vp + ".raf_reward.",totalvp = totalvp + ".raf_reward."
363. WHERE `user` = '".$user."'",
364. $cms->c) or die(mysql_error());
365. }
366. elseif(raf_reward_type == "dp")
367. {
368. mysql_query("UPDATE ".$cms->db.".account_info
369. SET dp = dp + ".raf_reward.", totaldp = totaldp + ".raf_reward."
370. WHERE `user` = '".$user."'",
371. $cms->c) or die(mysql_error());
372. }
373.  
374. mysql_query("INSERT INTO ".$cms->db.".raf_log(username, referral, user_ip, `date`)
375. VALUES('".$reg_user."', '".$user."', '".$_SERVER['REMOTE_ADDR']."', '".date("Y-m-d H:i")."')",
376. $cms->c) or die(mysql_error());
377. }
378. }
379. }
380.  
381. function login_page() {
382. if(!$this->online) {
383.  
384. // validation
385. if(!isset($_POST['login_submit'])) {
386. $l_user = "";
387. $l_pass = "";
388. } else {
389. $errors = 0;
390.  
391. if(!empty($_POST['login_user']) && $this->user_exists($_POST['login_user'])) {
392. $l_user = "&nbsp;&nbsp;<img src='images/icons/accept.png' />";
393. } else {
394. $errors++; $l_user = "&nbsp;&nbsp;<img src='images/icons/error.png' />";
395. }
396.  
397. if(!empty($_POST['login_pass']) && $this->check_pass($_POST['login_user'], $_POST['login_pass'])) {
398. $l_pass = "&nbsp;&nbsp;<img src='images/icons/accept.png' />";
399. } else {
400. $errors++; $l_pass = "&nbsp;&nbsp;<img src='images/icons/error.png' />";
401. }
402.  
403. if($errors == 0) { $this->login($_POST['login_user'], $_POST['login_pass']); }
404. }
405.  
406. return '<div class="right_box">
407. <div class="right_box_top">Log in</div>
408. <div class="right_box_body">
409. <form action="?p=login" method="post">
410. <table class="table" width="550px" id="login">
411. <tr>
412. <td width="35%" style="padding-left:20px;">Username:</td>
413. <td width="65%"><input type="text" name="login_user" value="'.@$_POST['login_user'].'"/><span id="user">'.$l_user.'</span></td>
414. </tr>
415. <tr>
416. <td style="padding-left:20px;">Password:</td>
417. <td><input type="password" name="login_pass" value="'.@$_POST['login_pass'].'"/><span id="pass">'.$l_pass.'</span></td>
418. </tr>
419. </table>
420. <center><input type="submit" name="login_submit" value="Log in!" /></center>
421. </form>
422. <div class="clear"></div>
423. </div>
424. </div>';
425. }
426. }
427.  
428. function login($u) {
429. $_SESSION['user'] = $u;
430.  
431. global $cms;
432. $cms->do_log("login", $_SERVER['REMOTE_ADDR'], $u, time(), date("Y-m-d H:i:s"));
433.  
434. die('<script type="text/javascript">window.location="?p=splash"</script>...');
435. }
436.  
437. function logout() {
438. if($this->online) {
439. global $cms;
440. $cms->do_log("logout", $_SERVER['REMOTE_ADDR'], $_SESSION['user'], time(), date("Y-m-d H:i:s"));
441.  
442. unset($_SESSION['user']);
443. die('<script type="text/javascript">window.location="?p=home"</script>...');
444. }
445. }
446.  
447. function change($what) {
448. global $logon;
449.  
450. if(!$logon->online) { header("Location: ?p=home"); }
451.  
452. $output = '<div class="right_box"><div class="right_box_top">Change '.$what.'</div>
453. <div class="right_box_body">';
454.  
455. switch($what) {
456.  
457. case "password":
458.  
459. $output .= '<form action="?p=changepw" method="post">
460. <table class="table" width="550px" id="register">
461. <tr>
462. <td style="padding-left:20px;">New password:</td>
463. <td>
464. <input type="password" name="newpw" value="password" />
465. </td>
466. </tr>
467. </table>
468. <center>
469. <input type="submit"value="Change password!" />
470. </center>
471. </form>';
472.  
473. if(isset($_POST['newpw'])) {
474. $acc = $logon->username;
475. $pw = mysql_real_escape_string($_POST['newpw']);
476.  
477. $pw = sha1(strtoupper($acc.":".$pw));
478.  
479. mysql_query("UPDATE ".$this->db.".account SET sha_pass_hash='$pw' WHERE `username`='$acc'", $this->c) or die(mysql_error());
480. mysql_query("UPDATE ".$this->db.".account SET `v`='0' AND `s`='0' WHERE `username`='$acc'", $this->c) or die(mysql_error());
481.  
482. $output .= "<br /><center>Your password was successfully changed to <b>".$_POST['newpw']."</b>!</center>";
483. }
484.  
485. break;
486.  
487. case "expansion":
488.  
489. if(cataclysm) {
490. $cataclysm = '<option value="3">Cataclysm</option>';
491. }
492.  
493. $output .= '<form action="?p=changeexp" method="post">
494. <table class="table" width="550px" id="register">
495. <tr>
496.  
497. <td style="padding-left:20px;">Expansion:</td>
498.  
499. <td>
500. <select name="newexp">
501. '.@$cataclysm.'
502. <option value="2">Wrath of the Lich King</option>
503.  
504. <option value="1">The Burning Crusade</option>
505.  
506. <option value="0">No expansion</option>
507.  
508. </select></td>
509.  
510. </tr>
511. </table><center><input type="submit"value="Change expansion!" /></center>
512. </form>';
513.  
514. if(isset($_POST['newexp'])) {
515. $acc = $logon->username;
516. $exp = mysql_real_escape_string($_POST['newexp']);
517.  
518.  
519. mysql_query("UPDATE ".$this->db.".account SET expansion='$exp' WHERE `username`='$acc'", $this->c) or die(mysql_error());
520.  
521. if(cataclysm) {
522. $expansions = array(0 => "none",
523. 1 => "The Burning Crusade",
524. 2 => "Wrath of the Lich King",
525. 3 => "Cataclysm");
526. } else {
527. $expansions = array(0 => "none",
528. 1 => "The Burning Crusade",
529. 2 => "Wrath of the Lich King");
530. }
531.  
532. $output .= "<br /><center>Your expansion was successfully changed to <b>".$expansions[$exp]."</b>!</center>";
533. }
534. break;
535.  
536. }
537.  
538. $output .= "</div></div>";
539.  
540. return $output;
541.  
542. }
543. }
544. ?>