index.php - orodlin-1-pub in Orodlin v.1

<?php
/**
 *   File functions:
 *   Main site of game
 *
 *   @name                 : index.php
 *   @copyright            : (C) 2004,2005,2006 Vallheru Team based on Gamers-Fusion ver 2.5
 *   @author               : thindil <thindil@users.sourceforge.net>
 *   @version              : 1.3
 *   @since                : 22.11.2006
 *
 */

//
//
//       This program is free software; you can redistribute it and/or modify
//   it under the terms of the GNU General Public License as published by
//   the Free Software Foundation; either version 2 of the License, or
//   (at your option) any later version.
//
//   This program is distributed in the hope that it will be useful,
//   but WITHOUT ANY WARRANTY; without even the implied warranty of
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//   GNU General Public License for more details.
//
//   You should have received a copy of the GNU General Public License
//   along with this program; if not, write to the Free Software
//   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
//
// $Id: index.php 835 2006-11-22 17:40:22Z thindil $

require_once ('includes/config.php');
if (!$gamename)
{
    $host = $_SERVER['HTTP_HOST'];
    $path = str_replace("index.php","",$_SERVER['PHP_SELF']);
    $address = "http://".$host.$path."install/install.php";
    $meta = "<META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0; URL=".$address."\">";
    print "<html><head>".$meta."</head><body></body></html>";
    exit;
}
    else
{

	require_once ('includes/main/base.php');

	require_once ('includes/getlang.php');
	GetLang ();
	GetLoc ('mainpage');
	GetLoc ('index');

	GameCloseRoutine ();
    
 
	require_once ('includes/main/counter.php');
	require_once ('includes/main/record.php');
	require_once ('includes/main/online.php');
        require_once ('includes/main/usersever.php');

	require_once ('includes/right.php');

    /**
    * Main Page
    */
    if (!isset ($_GET['step']))
    {
        $uquery = $db -> SelectLimit("SELECT * FROM updates WHERE lang='".$strTranslation."' ORDER BY id DESC", 1);
        $update = "<center><b>".$uquery -> fields['title']."</b> ".WRITE_BY." <b>".$uquery -> fields['starter']."</b>".$time."...</center>\"".$uquery -> fields['updates']."\"."; 
        $uquery -> Close();

        $adminmail1 = str_replace("@","[at]",$adminmail);

        $objCodexdate = $db -> Execute("SELECT `date` FROM `court` WHERE `title`='".CODEX." ".$gamename."'");

        $smarty->assign( array ("Update" => $update,
                                "Adminname" => $adminname,
                                "Adminmail" => $adminmail,
                                "Adminmail1" => $adminmail1,
                                "Codexdate" => $objCodexdate -> fields['date'],
                                "Pagetitle" => WELCOME));
        $smarty->display('index.tpl');
        $objCodexdate -> Close();
    }

    /**
    * Game rules
    */
    if (isset ($_GET['step']) && $_GET['step'] == 'rules')
    {
        $objRules = $db -> Execute("SELECT body FROM court WHERE title='".CODEX." ".$gamename."'");
        $smarty -> assign(array("Rules2" => $objRules -> fields['body'],
                                "Pagetitle" => RULES));
        $smarty -> display('rules.tpl');
        $objRules -> Close();
    }

    /**
    * Password reminder
    */
    if (isset($_GET['step']) && $_GET['step'] == 'lostpasswd')
    {
        $strMessage = '';
        if (isset($_GET['action']) && $_GET['action'] == 'haslo')
        {
            if (!$_POST['email'])
            {
                $smarty -> assign ("Error", ERROR_MAIL);
                $smarty -> display ('error.tpl');
                exit;
            }
            $_POST['email'] =  strip_tags($_POST['email']);
            $query = $db -> Execute("SELECT `id` FROM `players` WHERE `email`='".$_POST['email']."'");
            $intId = $query -> fields['id'];
            $query -> Close();

            if (!$intId)
            {
                $smarty -> assign ("Error", ERROR_NOEMAIL);
                $smarty -> display ('error.tpl');
                exit;
            }
            $new_pass = substr(md5(uniqid(rand(), true)), 3, 9);
            $intNumber = substr(md5(uniqid(rand(), true)), 3, 9);
            $strLink = $gameadress."/index.php?step=lostpasswd&code=".$intNumber."&email=".$_POST['email'];
            $adress = $_POST['email'];
            $message = MESSAGE_PART1." ".$gamename.".".MESSAGE_PART2." \n".$new_pass."\n ".MESSAGE_PART3."\n ".$strLink."\n".MESSAGE_PART4." ".$gamename."\n".$adminname;
            $subject = MESSAGE_SUBJECT." ".$gamename;
            require_once('mailer/mailerconfig.php');
            if (!$mail -> Send())
            {
                $smarty -> assign ("Error", MESSAGE_NOT_SEND." ".$mail -> ErrorInfo);
                $smarty -> display ('error.tpl');
                exit;
            }
            $strPass = md5($new_pass);
            $db -> Execute("INSERT INTO `lost_pass` (`number`, `email`, `newpass`, `id`) VALUES('".$intNumber."', '".$_POST['email']."', '".$strPass."', ".$intId.")") or $db -> ErrorMsg();
        }

        /**
         * Write new password to database
         */
        if (isset($_GET['code']) && isset($_GET['email']))
        {
            $strEmail =  strip_tags($_GET['email']);
            $strCode =  strip_tags($_GET['code']);
            if (empty($strCode) || empty($strEmail))
            {
                $smarty -> assign ("Error", ERROR);
                $smarty -> display ('error.tpl');
                exit;
            }
            $objTest = $db -> Execute("SELECT `newpass`, `id` FROM `lost_pass` WHERE `number`='".$strCode."' AND `email`='".$strEmail."'");
            if (!$objTest -> fields['newpass'])
            {
                $smarty -> assign ("Error", ERROR);
                $smarty -> display ('error.tpl');
                exit;
            }
            $db -> Execute("UPDATE `players` SET `pass`='".$objTest -> fields['newpass']."' WHERE `email`='".$strEmail."' AND `id`=".$objTest -> fields['id']);
            $db -> Execute("DELETE FROM `lost_pass` WHERE `number`='".$strCode."' AND `email`='".$strEmail."' AND `id`=".$objTest -> fields['id']);
            $objTest -> Close();
            $strMessage = PASS_CHANGED;
        }

        /**
        * Initializantion of variable
        */
        if (!isset($_GET['action']))
        {
            $_GET['action'] = '';
        }
        $smarty -> assign(array("Action" => $_GET['action'],
                                "Message" => $strMessage,
                                "Pagetitle" => LOST_PASSWORD));
        $smarty -> display ('passwd.tpl');
    }

    /**
     * Write new email to database
     */
    if (isset($_GET['code']) && isset($_GET['email']) && (isset($_GET['step']) && $_GET['step'] == 'newemail'))
    {
        $strEmail =  strip_tags($_GET['email']);
        $strCode =  strip_tags($_GET['code']);
        if (empty($strCode) || empty($strEmail))
        {
            $smarty -> assign ("Error", ERROR);
            $smarty -> display ('error.tpl');
            exit;
        }
        $objTest = $db -> Execute("SELECT `email`, `id` FROM `lost_pass` WHERE `number`='".$strCode."' AND `newemail`='".$strEmail."'");
        if (!$objTest -> fields['email'])
        {
            $smarty -> assign ("Error", ERROR);
            $smarty -> display ('error.tpl');
            exit;
        }
        $db -> Execute("UPDATE `players` SET `email`='".$strEmail."' WHERE `email`='".$objTest -> fields['email']."' AND `id`=".$objTest -> fields['id']);
        $db -> Execute("DELETE FROM `lost_pass` WHERE `number`='".$strCode."' AND `newemail`='".$strEmail."' AND `id`=".$objTest -> fields['id']);
        $objTest -> Close();
        $smarty -> assign(array("Error" => MAIL_CHANGED));
        $smarty -> display('error.tpl');
        exit;
    }

    $db -> Close();
}
?>

1	<?php
2	/**
3	* File functions:
4	* Main site of game
5	*
6	* @name : index.php
7	* @copyright : (C) 2004,2005,2006 Vallheru Team based on Gamers-Fusion ver 2.5
8	* @author : thindil <thindil@users.sourceforge.net>
9	* @version : 1.3
10	* @since : 22.11.2006
11	*
12	*/
13
14	//
15	//
16	// This program is free software; you can redistribute it and/or modify
17	// it under the terms of the GNU General Public License as published by
18	// the Free Software Foundation; either version 2 of the License, or
19	// (at your option) any later version.
20	//
21	// This program is distributed in the hope that it will be useful,
22	// but WITHOUT ANY WARRANTY; without even the implied warranty of
23	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24	// GNU General Public License for more details.
25	//
26	// You should have received a copy of the GNU General Public License
27	// along with this program; if not, write to the Free Software
28	// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29	//
30	// $Id: index.php 835 2006-11-22 17:40:22Z thindil $
31
32	require_once ('includes/config.php');
33	if (!$gamename)
34	{
35	$host = $_SERVER['HTTP_HOST'];
36	$path = str_replace("index.php","",$_SERVER['PHP_SELF']);
37	$address = "http://".$host.$path."install/install.php";
38	$meta = "<META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0; URL=".$address."\">";
39	print "<html><head>".$meta."</head><body></body></html>";
40	exit;
41	}
42	else
43	{
44
45	require_once ('includes/main/base.php');
46
47	require_once ('includes/getlang.php');
48	GetLang ();
49	GetLoc ('mainpage');
50	GetLoc ('index');
51
52	GameCloseRoutine ();
53
54
55	require_once ('includes/main/counter.php');
56	require_once ('includes/main/record.php');
57	require_once ('includes/main/online.php');
58	require_once ('includes/main/usersever.php');
59
60	require_once ('includes/right.php');
61
62	/**
63	* Main Page
64	*/
65	if (!isset ($_GET['step']))
66	{
67	$uquery = $db -> SelectLimit("SELECT * FROM updates WHERE lang='".$strTranslation."' ORDER BY id DESC", 1);
68	$update = "<center><b>".$uquery -> fields['title']."</b> ".WRITE_BY." <b>".$uquery -> fields['starter']."</b>".$time."...</center>\"".$uquery -> fields['updates']."\".";
69	$uquery -> Close();
70
71	$adminmail1 = str_replace("@","[at]",$adminmail);
72
73	$objCodexdate = $db -> Execute("SELECT `date` FROM `court` WHERE `title`='".CODEX." ".$gamename."'");
74
75	$smarty->assign( array ("Update" => $update,
76	"Adminname" => $adminname,
77	"Adminmail" => $adminmail,
78	"Adminmail1" => $adminmail1,
79	"Codexdate" => $objCodexdate -> fields['date'],
80	"Pagetitle" => WELCOME));
81	$smarty->display('index.tpl');
82	$objCodexdate -> Close();
83	}
84
85	/**
86	* Game rules
87	*/
88	if (isset ($_GET['step']) && $_GET['step'] == 'rules')
89	{
90	$objRules = $db -> Execute("SELECT body FROM court WHERE title='".CODEX." ".$gamename."'");
91	$smarty -> assign(array("Rules2" => $objRules -> fields['body'],
92	"Pagetitle" => RULES));
93	$smarty -> display('rules.tpl');
94	$objRules -> Close();
95	}
96
97	/**
98	* Password reminder
99	*/
100	if (isset($_GET['step']) && $_GET['step'] == 'lostpasswd')
101	{
102	$strMessage = '';
103	if (isset($_GET['action']) && $_GET['action'] == 'haslo')
104	{
105	if (!$_POST['email'])
106	{
107	$smarty -> assign ("Error", ERROR_MAIL);
108	$smarty -> display ('error.tpl');
109	exit;
110	}
111	$_POST['email'] = strip_tags($_POST['email']);
112	$query = $db -> Execute("SELECT `id` FROM `players` WHERE `email`='".$_POST['email']."'");
113	$intId = $query -> fields['id'];
114	$query -> Close();
115
116	if (!$intId)
117	{
118	$smarty -> assign ("Error", ERROR_NOEMAIL);
119	$smarty -> display ('error.tpl');
120	exit;
121	}
122	$new_pass = substr(md5(uniqid(rand(), true)), 3, 9);
123	$intNumber = substr(md5(uniqid(rand(), true)), 3, 9);
124	$strLink = $gameadress."/index.php?step=lostpasswd&code=".$intNumber."&email=".$_POST['email'];
125	$adress = $_POST['email'];
126	$message = MESSAGE_PART1." ".$gamename.".".MESSAGE_PART2." \n".$new_pass."\n ".MESSAGE_PART3."\n ".$strLink."\n".MESSAGE_PART4." ".$gamename."\n".$adminname;
127	$subject = MESSAGE_SUBJECT." ".$gamename;
128	require_once('mailer/mailerconfig.php');
129	if (!$mail -> Send())
130	{
131	$smarty -> assign ("Error", MESSAGE_NOT_SEND." ".$mail -> ErrorInfo);
132	$smarty -> display ('error.tpl');
133	exit;
134	}
135	$strPass = md5($new_pass);
136	$db -> Execute("INSERT INTO `lost_pass` (`number`, `email`, `newpass`, `id`) VALUES('".$intNumber."', '".$_POST['email']."', '".$strPass."', ".$intId.")") or $db -> ErrorMsg();
137	}
138
139	/**
140	* Write new password to database
141	*/
142	if (isset($_GET['code']) && isset($_GET['email']))
143	{
144	$strEmail = strip_tags($_GET['email']);
145	$strCode = strip_tags($_GET['code']);
146	if (empty($strCode) \|\| empty($strEmail))
147	{
148	$smarty -> assign ("Error", ERROR);
149	$smarty -> display ('error.tpl');
150	exit;
151	}
152	$objTest = $db -> Execute("SELECT `newpass`, `id` FROM `lost_pass` WHERE `number`='".$strCode."' AND `email`='".$strEmail."'");
153	if (!$objTest -> fields['newpass'])
154	{
155	$smarty -> assign ("Error", ERROR);
156	$smarty -> display ('error.tpl');
157	exit;
158	}
159	$db -> Execute("UPDATE `players` SET `pass`='".$objTest -> fields['newpass']."' WHERE `email`='".$strEmail."' AND `id`=".$objTest -> fields['id']);
160	$db -> Execute("DELETE FROM `lost_pass` WHERE `number`='".$strCode."' AND `email`='".$strEmail."' AND `id`=".$objTest -> fields['id']);
161	$objTest -> Close();
162	$strMessage = PASS_CHANGED;
163	}
164
165	/**
166	* Initializantion of variable
167	*/
168	if (!isset($_GET['action']))
169	{
170	$_GET['action'] = '';
171	}
172	$smarty -> assign(array("Action" => $_GET['action'],
173	"Message" => $strMessage,
174	"Pagetitle" => LOST_PASSWORD));
175	$smarty -> display ('passwd.tpl');
176	}
177
178	/**
179	* Write new email to database
180	*/
181	if (isset($_GET['code']) && isset($_GET['email']) && (isset($_GET['step']) && $_GET['step'] == 'newemail'))
182	{
183	$strEmail = strip_tags($_GET['email']);
184	$strCode = strip_tags($_GET['code']);
185	if (empty($strCode) \|\| empty($strEmail))
186	{
187	$smarty -> assign ("Error", ERROR);
188	$smarty -> display ('error.tpl');
189	exit;
190	}
191	$objTest = $db -> Execute("SELECT `email`, `id` FROM `lost_pass` WHERE `number`='".$strCode."' AND `newemail`='".$strEmail."'");
192	if (!$objTest -> fields['email'])
193	{
194	$smarty -> assign ("Error", ERROR);
195	$smarty -> display ('error.tpl');
196	exit;
197	}
198	$db -> Execute("UPDATE `players` SET `email`='".$strEmail."' WHERE `email`='".$objTest -> fields['email']."' AND `id`=".$objTest -> fields['id']);
199	$db -> Execute("DELETE FROM `lost_pass` WHERE `number`='".$strCode."' AND `newemail`='".$strEmail."' AND `id`=".$objTest -> fields['id']);
200	$objTest -> Close();
201	$smarty -> assign(array("Error" => MAIL_CHANGED));
202	$smarty -> display('error.tpl');
203	exit;
204	}
205
206	$db -> Close();
207	}
208	?>

Gitorious