kizaing/LotGDocker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Initial commit

Browse Source
This commit is contained in:
root
2020-08-17 19:16:42 -04:00
commit 61584e0eb2
600 changed files with 50518 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
lotgd-web/lotgd/lib/user/user_.php Executable file
View File

@ -0,0 +1,80 @@
<?php
if ($display == 1){
$q = "";
if ($query) {
$q = "&q=$query";
}
$ops=translate_inline("Ops");
$acid =translate_inline("AcctID");
$login =translate_inline("Login");
$nm =translate_inline("Name");
$lev =translate_inline("Level");
$lon =translate_inline("Last On");
$hits =translate_inline("Hits");
$lip =translate_inline("Last IP");
$lid =translate_inline("Last ID");
$email =translate_inline("Email");
$ed = translate_inline("Edit");
$del = translate_inline("Del");
$conf = translate_inline("Are you sure you wish to delete this user?");
$ban = translate_inline("Ban");
$log = translate_inline("Log");
rawoutput("<table>");
rawoutput("<tr class='trhead'><td>$ops</td><td><a href='user.php?sort=acctid$q'>$acid</a></td><td><a href='user.php?sort=login$q'>$login</a></td><td><a href='user.php?sort=name$q'>$nm</a></td><td><a href='user.php?sort=level$q'>$lev</a></td><td><a href='user.php?sort=laston$q'>$lon</a></td><td><a href='user.php?sort=gentimecount$q'>$hits</a></td><td><a href='user.php?sort=lastip$q'>$lip</a></td><td><a href='user.php?sort=uniqueid$q'>$lid</a></td><td><a href='user.php?sort=emailaddress$q'>$email</a></td></tr>");
addnav("","user.php?sort=acctid$q");
addnav("","user.php?sort=login$q");
addnav("","user.php?sort=name$q");
addnav("","user.php?sort=level$q");
addnav("","user.php?sort=laston$q");
addnav("","user.php?sort=gentimecount$q");
addnav("","user.php?sort=lastip$q");
addnav("","user.php?sort=uniqueid$q");
$rn=0;
$oorder = "";
$number3=db_num_rows($searchresult);
for ($i=0;$i<$number3;$i++){
$row=db_fetch_assoc($searchresult);
$laston = relativedate($row['laston']);
$loggedin =
(date("U") - strtotime($row['laston']) <
getsetting("LOGINTIMEOUT",900) && $row['loggedin']);
if ($loggedin)
$laston=translate_inline("`#Online`0");
$row['laston']=$laston;
if ($row[$order]!=$oorder) $rn++;
$oorder = $row[$order];
rawoutput("<tr class='".($rn%2?"trlight":"trdark")."'>");
rawoutput("<td nowrap>");
rawoutput("[ <a href='user.php?op=edit&userid={$row['acctid']}$m'>$ed</a> | <a href='user.php?op=del&userid={$row['acctid']}' onClick=\"return confirm('$conf');\">$del</a> | <a href='user.php?op=setupban&userid={$row['acctid']}'>$ban</a> | <a href='user.php?op=debuglog&userid={$row['acctid']}'>$log</a> ]");
addnav("","user.php?op=edit&userid={$row['acctid']}$m");
addnav("","user.php?op=del&userid={$row['acctid']}");
addnav("","user.php?op=setupban&userid={$row['acctid']}");
addnav("","user.php?op=debuglog&userid={$row['acctid']}");
rawoutput("</td><td>");
output_notl("%s", $row['acctid']);
rawoutput("</td><td>");
output_notl("%s", $row['login']);
rawoutput("</td><td>");
output_notl("`&%s`0", $row['name']);
rawoutput("</td><td>");
output_notl("`^%s`0", $row['level']);
rawoutput("</td><td>");
output_notl("%s", $row['laston']);
rawoutput("</td><td>");
output_notl("%s", $row['gentimecount']);
rawoutput("</td><td>");
output_notl("%s", $row['lastip']);
rawoutput("</td><td>");
output_notl("%s", $row['uniqueid']);
rawoutput("</td><td>");
output_notl("%s", $row['emailaddress']);
rawoutput("</td></tr>");
$gentimecount+=$row['gentimecount'];
$gentime+=$row['gentime'];
}
rawoutput("</table>");
output("Total hits: %s`n", $gentimecount);
output("Total CPU time: %s seconds`n", round($gentime,3));
output("Average page gen time is %s seconds`n", round($gentime/max($gentimecount,1),4));
}
?>

72
lotgd-web/lotgd/lib/user/user_debuglog.php Executable file
View File

@ -0,0 +1,72 @@
<?php
if ($petition !=""){
addnav("Navigation");
addnav("Return to the petition","viewpetition.php?op=view&id=$petition");
}
$debuglog = db_prefix('debuglog');
$accounts = db_prefix('accounts');
// As mySQL cannot use two different indexes in a single query this query can take up to 25s on its own!
// This happens solely on larger debuglogs (where full table scans take quite long), smaller servers
// should not recognize a change.
// It may seem strange, but in this case two single queries are better!
// $sql = "SELECT count(id) AS c FROM $debuglog WHERE actor=$userid OR target=$userid";
$sql = "SELECT COUNT(id) AS c FROM $debuglog WHERE target=$userid";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$max = $row['c'];
$sql = "SELECT COUNT(id) AS c FROM $debuglog WHERE actor=$userid";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$max += $row['c'];
$start = (int)httpget('start');
$sql = "(
SELECT $debuglog. * , a1.name AS actorname, a2.name AS targetname
FROM $debuglog
LEFT JOIN $accounts AS a1 ON a1.acctid = $debuglog.actor
LEFT JOIN $accounts AS a2 ON a2.acctid = $debuglog.target
WHERE $debuglog.actor = $userid
) UNION (
SELECT $debuglog. * , a2.name AS targetname, a1.name AS actorname
FROM $debuglog
LEFT JOIN $accounts AS a1 ON a1.acctid = $debuglog.actor
LEFT JOIN $accounts AS a2 ON a2.acctid = $debuglog.target
WHERE $debuglog.target = $userid
)
ORDER BY date DESC
LIMIT $start,500";
$next = $start+500;
$prev = $start-500;
addnav("Operations");
addnav("Edit user info","user.php?op=edit&userid=$userid$returnpetition");
addnav("Refresh", "user.php?op=debuglog&userid=$userid&start=$start$returnpetition");
addnav("Debug Log");
if ($next < $max) {
addnav("Next page","user.php?op=debuglog&userid=$userid&start=$next$returnpetition");
}
if ($start > 0) {
addnav("Previous page",
"user.php?op=debuglog&userid=$userid&start=$prev$returnpetition");
}
$result = db_query($sql);
$odate = "";
while ($row = db_fetch_assoc($result)) {
$dom = date("D, M d",strtotime($row['date']));
if ($odate != $dom){
output_notl("`n`b`@%s`0`b`n", $dom);
$odate = $dom;
}
$time = date("H:i:s", strtotime($row['date']))." (".reltime(strtotime($row['date'])).")";
output_notl("`#%s (%s) `^%s - `&%s`7 %s`0", $row['field'], $row['value'], $time, $row['actorname'], $row['message']);
if ($row['target']) {
output(" \\-- Recipient = `\$%s`0", $row['targetname']);
}
output_notl("`n");
}
?>

13
lotgd-web/lotgd/lib/user/user_del.php Executable file
View File

@ -0,0 +1,13 @@
<?php
$sql = "SELECT name from " . db_prefix("accounts") . " WHERE acctid='$userid'";
$res = db_query($sql);
require_once("lib/charcleanup.php");
char_cleanup($userid, CHAR_DELETE_MANUAL);
while ($row = db_fetch_assoc($res)) {
addnews("`#%s was unmade by the gods.", $row['name'], true);
debuglog("deleted user" . $row['name'] . "'0");
}
$sql = "DELETE FROM " . db_prefix("accounts") . " WHERE acctid='$userid'";
db_query($sql);
output( db_affected_rows()." user deleted.");
?>

5
lotgd-web/lotgd/lib/user/user_delban.php Executable file
View File

@ -0,0 +1,5 @@
<?php
$sql = "DELETE FROM " . db_prefix("bans") . " WHERE ipfilter = '".httpget("ipfilter"). "' AND uniqueid = '".httpget("uniqueid")."'";
db_query($sql);
redirect("user.php?op=removeban");
?>

101
lotgd-web/lotgd/lib/user/user_edit.php Executable file
View File

@ -0,0 +1,101 @@
<?php
$result = db_query("SELECT * FROM " . db_prefix("accounts") . " WHERE acctid='$userid'");
$row = db_fetch_assoc($result);
$petition=httpget("returnpetition");
if ($petition != "")
$returnpetition = "&returnpetition=$petition";
if ($petition !=""){
addnav("Navigation");
addnav("Return to the petition","viewpetition.php?op=view&id=$petition");
}
addnav("Operations");
addnav("View last page hit","user.php?op=lasthit&userid=$userid",false,true);
addnav("Display debug log","user.php?op=debuglog&userid=$userid$returnpetition");
addnav("View user bio","bio.php?char=".$row['acctid']."&ret=".urlencode($_SERVER['REQUEST_URI']));
if ($session['user']['superuser'] & SU_EDIT_DONATIONS) {
addnav("Add donation points","donators.php?op=add1&name=".rawurlencode($row['login'])."&ret=".urlencode($_SERVER['REQUEST_URI']));
}
addnav("","user.php?op=edit&userid=$userid$returnpetition");
addnav("Bans");
addnav("Set up ban","user.php?op=setupban&userid={$row['acctid']}");
if (httpget("subop")==""){
rawoutput("<form action='user.php?op=special&userid=$userid$returnpetition' method='POST'>");
addnav("","user.php?op=special&userid=$userid$returnpetition");
$grant = translate_inline("Grant New Day");
rawoutput("<input type='submit' class='button' name='newday' value='$grant'>");
$fix = translate_inline("Fix Broken Navs");
rawoutput("<input type='submit' class='button' name='fixnavs' value='$fix'>");
$mark = translate_inline("Mark Email As Valid");
rawoutput("<input type='submit' class='button' name='clearvalidation' value='$mark'>");
rawoutput("</form>");
//Show a user's usertable
rawoutput("<form action='user.php?op=save&userid=$userid$returnpetition' method='POST'>");
addnav("","user.php?op=save&userid=$userid$returnpetition");
$save = translate_inline("Save");
rawoutput("<input type='submit' class='button' value='$save'>");
if ($row['loggedin']==1 && $row['laston']>date("Y-m-d H:i:s",strtotime("-".getsetting("LOGINTIMEOUT",900)." seconds"))){
output_notl("`\$");
rawoutput("<span style='font-size: 20px'>");
output("`\$Warning:`0");
rawoutput("</span>");
output("`\$This user is probably logged in at the moment!`0");
}
// Okay, munge the display name down to just the players name sans
// title
$row['name'] = get_player_basename($row);
/*careful using this hook! add only things with 'viewonly' in there, nothing will be saved if do otherwise! Example:
do_hook of your module:
array_push($args['userinfo'], "Some Stuff to have a look at,title");
$args['userinfo']['test'] = "The truth!!!,viewonly";
$args['user']['test'] = "Is out there???";
*/
$showformargs = modulehook("modifyuserview", array("userinfo"=>$userinfo, "user"=>$row));
$info = showform($showformargs['userinfo'],$showformargs['user']);
rawoutput("<input type='hidden' value=\"".htmlentities(serialize($info), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\" name='oldvalues'>");
rawoutput("</form>");
output("`n`nLast Page Viewed:`n");
rawoutput("<iframe src='user.php?op=lasthit&userid=$userid' width='100%' height='400'>");
output("You need iframes to view the user's last hit here.");
output("Use the link in the nav instead.");
rawoutput("</iframe>");
}elseif(httpget("subop")=="module"){
//Show a user's prefs for a given module.
addnav("Operations");
addnav("Edit user","user.php?op=edit&userid=$userid$returnpetition");
$module = httpget('module');
$info = get_module_info($module);
if (count($info['prefs']) > 0) {
$data = array();
$msettings = array();
while (list($key,$val)=each($info['prefs'])){
// Handle vals which are arrays.
if (is_array($val)) {
$v = $val[0];
$x = explode("|", $v);
$val[0] = $x[0];
$x[0] = $val;
} else {
$x = explode("|",$val);
}
$msettings[$key] = $x[0];
// Set up the defaults as well.
if (isset($x[1])) $data[$key] = $x[1];
}
$sql = "SELECT * FROM " . db_prefix("module_userprefs") ." WHERE modulename='$module' AND userid='$userid'";
$result = db_query($sql);
while ($row = db_fetch_assoc($result)){
$data[$row['setting']] = $row['value'];
}
rawoutput("<form action='user.php?op=savemodule&module=$module&userid=$userid$returnpetition' method='POST'>");
addnav("","user.php?op=savemodule&module=$module&userid=$userid$returnpetition");
tlschema("module-$module");
showform($msettings,$data);
tlschema();
rawoutput("</form>");
}else{
output("The $module module doesn't appear to define any user preferences.");
}
}
module_editor_navs('prefs', "user.php?op=edit&subop=module&userid=$userid$returnpetition&module=");
addnav("","user.php?op=lasthit&userid=$userid");
?>

8
lotgd-web/lotgd/lib/user/user_lasthit.php Executable file
View File

@ -0,0 +1,8 @@
<?php
$output="";
$sql = "SELECT output FROM " . db_prefix("accounts_output") . " WHERE acctid='$userid'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
echo str_replace(".focus();",".blur();",str_replace("<iframe src=","<iframe Xsrc=",$row['output']));
exit();
?>

131
lotgd-web/lotgd/lib/user/user_removeban.php Executable file
View File

@ -0,0 +1,131 @@
<?php
$subop = httpget("subop");
$none = translate_inline('NONE');
if ($subop=="xml"){
header("Content-Type: text/xml");
$sql = "SELECT DISTINCT " . db_prefix("accounts") . ".name FROM " . db_prefix("bans") . ", " . db_prefix("accounts") . " WHERE (ipfilter='".addslashes(httpget("ip"))."' AND " .
db_prefix("bans") . ".uniqueid='" .
addslashes(httpget("id"))."') AND ((substring(" .
db_prefix("accounts") . ".lastip,1,length(ipfilter))=ipfilter " .
"AND ipfilter<>'') OR (" . db_prefix("bans") . ".uniqueid=" .
db_prefix("accounts") . ".uniqueid AND " .
db_prefix("bans") . ".uniqueid<>''))";
$r = db_query($sql);
echo "<xml>";
$number=db_num_rows($r);
for ($x=0;$x<$number;$x++){
$ro = db_fetch_assoc($r);
echo "<name name=\"";
echo urlencode(appoencode("`0{$ro['name']}"));
echo "\"/>";
}
if (db_num_rows($r)==0)
echo "<name name=\"$none\"/>";
echo "</xml>";
exit();
}
db_query("DELETE FROM " . db_prefix("bans") . " WHERE banexpire < \"".date("Y-m-d")."\" AND banexpire>'0000-00-00'");
$duration = httpget("duration");
if ($duration=="") {
$since = " WHERE banexpire <= '".date("Y-m-d H:i:s",strtotime("+2 weeks"))."' AND banexpire > '0000-00-00'";
output("`bShowing bans that will expire within 2 weeks.`b`n`n");
}else{
if ($duration=="forever") {
$since="";
output("`bShowing all bans`b`n`n");
}else{
$since = " WHERE banexpire <= '".date("Y-m-d H:i:s",strtotime("+".$duration))."' AND banexpire > '0000-00-00'";
output("`bShowing bans that will expire within %s.`b`n`n",$duration);
}
}
addnav("Will Expire Within");
addnav("1 week","user.php?op=removeban&duration=1+week");
addnav("2 weeks","user.php?op=removeban&duration=2+weeks");
addnav("3 weeks","user.php?op=removeban&duration=3+weeks");
addnav("4 weeks","user.php?op=removeban&duration=4+weeks");
addnav("2 months","user.php?op=removeban&duration=2+months");
addnav("3 months","user.php?op=removeban&duration=3+months");
addnav("4 months","user.php?op=removeban&duration=4+months");
addnav("5 months","user.php?op=removeban&duration=5+months");
addnav("6 months","user.php?op=removeban&duration=6+months");
addnav("1 year","user.php?op=removeban&duration=1+year");
addnav("2 years","user.php?op=removeban&duration=2+years");
addnav("4 years","user.php?op=removeban&duration=4+years");
addnav("Forever","user.php?op=removeban&duration=forever");
$sql = "SELECT * FROM " . db_prefix("bans") . " $since ORDER BY banexpire";
$result = db_query($sql);
rawoutput("<script language='JavaScript'>
function getUserInfo(ip,id,divid){
var filename='user.php?op=removeban&subop=xml&ip='+ip+'&id='+id;
//set up the DOM object
var xmldom;
if (document.implementation &&
document.implementation.createDocument){
//Mozilla style browsers
xmldom = document.implementation.createDocument('', '', null);
} else if (window.ActiveXObject) {
//IE style browsers
xmldom = new ActiveXObject('Microsoft.XMLDOM');
}
xmldom.async=false;
xmldom.load(filename);
var output='';
for (var x=0; x<xmldom.documentElement.childNodes.length; x++){
output = output + unescape(xmldom.documentElement.childNodes[x].getAttribute('name').replace(/\\+/g,' ')) +'<br>';
}
document.getElementById('user'+divid).innerHTML=output;
}
</script>
");
rawoutput("<table border=0 cellpadding=2 cellspacing=1 bgcolor='#999999'>");
$ops = translate_inline("Ops");
$bauth = translate_inline("Ban Author");
$ipd = translate_inline("IP/ID");
$dur = translate_inline("Duration");
$mssg = translate_inline("Message");
$aff = translate_inline("Affects");
$l = translate_inline("Last");
rawoutput("<tr class='trhead'><td>$ops</td><td>$bauth</td><td>$ipd</td><td>$dur</td><td>$mssg</td><td>$aff</td><td>$l</td></tr>");
$i=0;
while ($row = db_fetch_assoc($result)) {
$liftban = translate_inline("Lift&nbsp;ban");
$showuser = translate_inline("Click&nbsp;to&nbsp;show&nbsp;users");
rawoutput("<tr class='".($i%2?"trlight":"trdark")."'>");
rawoutput("<td><a href='user.php?op=delban&ipfilter=".URLEncode($row['ipfilter'])."&uniqueid=".URLEncode($row['uniqueid'])."'>");
output_notl("%s", $liftban, true);
rawoutput("</a>");
addnav("","user.php?op=delban&ipfilter=".URLEncode($row['ipfilter'])."&uniqueid=".URLEncode($row['uniqueid']));
rawoutput("</td><td>");
output_notl("`&%s`0", $row['banner']);
rawoutput("</td><td>");
output_notl("%s", $row['ipfilter']);
output_notl("%s", $row['uniqueid']);
rawoutput("</td><td>");
// "43200" used so will basically round to nearest day rather than floor number of days
$expire= sprintf_translate("%s days",
round((strtotime($row['banexpire'])+43200-strtotime("now"))/86400,0));
if (substr($expire,0,2)=="1 ")
$expire= translate_inline("1 day");
if (date("Y-m-d",strtotime($row['banexpire'])) == date("Y-m-d"))
$expire=translate_inline("Today");
if (date("Y-m-d",strtotime($row['banexpire'])) ==
date("Y-m-d",strtotime("1 day")))
$expire=translate_inline("Tomorrow");
if ($row['banexpire']=="0000-00-00")
$expire=translate_inline("Never");
output_notl("%s", $expire);
rawoutput("</td><td>");
output_notl("%s", $row['banreason']);
rawoutput("</td><td>");
$file = "user.php?op=removeban&subop=xml&ip={$row['ipfilter']}&id={$row['uniqueid']}";
rawoutput("<div id='user$i'><a href='$file' target='_blank' onClick=\"getUserInfo('{$row['ipfilter']}','{$row['uniqueid']}',$i); return false;\">");
output_notl("%s", $showuser, true);
rawoutput("</a></div>");
addnav("",$file);
rawoutput("</td><td>");
output_notl("%s", relativedate($row['lasthit']));
rawoutput("</td></tr>");
$i++;
}
rawoutput("</table>");
?>

150
lotgd-web/lotgd/lib/user/user_save.php Executable file
View File

@ -0,0 +1,150 @@
<?php
$sql = "";
$updates=0;
$oldvalues = stripslashes(httppost('oldvalues'));
$oldvalues = unserialize($oldvalues);
// Handle recombining the old name
$otitle = $oldvalues['title'];
if ($oldvalues['ctitle']) $otitle = $oldvalues['ctitle'];
$oldvalues['name'] = $otitle . ' ' . $oldvalues['name'];
$post = httpallpost();
reset($post);
while (list($key,$val)=each($post)){
if (isset($userinfo[$key])){
if ($key=="newpassword" ){
if ($val>"") {
$sql.="password=\"".md5(md5($val))."\",";
$updates++;
output("Password value has been updated.`n");
debuglog($session['user']['name']."`0 changed password to $val",$userid);
if ($session['user']['acctid']==$userid) {
$session['user']['password']=md5(md5($val));
}
}
}elseif ($key=="superuser"){
$value = 0;
while (list($k,$v)=each($val)){
if ($v) $value += (int)$k;
}
//strip off an attempt to set privs that the user doesn't
//have authority to set.
$stripfield = ((int)$oldvalues['superuser'] | $session['user']['superuser'] | SU_ANYONE_CAN_SET | ($session['user']['superuser'] & SU_MEGAUSER ? 0xFFFFFFFF : 0));
$value = $value & $stripfield;
//put back on privs that the user used to have but the
//current user can't set.
$unremovable = ~ ((int)$session['user']['superuser'] | SU_ANYONE_CAN_SET | ($session['user']['superuser'] & SU_MEGAUSER ? 0xFFFFFFFF : 0));
$filteredunremovable = (int)$oldvalues['superuser'] & $unremovable;
$value = $value | $filteredunremovable;
if ((int)$value != (int)$oldvalues['superuser']){
$sql.="$key = \"$value\",";
$updates++;
output("Superuser values have changed.`n");
if ($session['user']['acctid']==$userid) {
$session['user']['superuser']=$value;
}
debuglog($session['user']['name']."`0 changed superuser to ".show_bitfield($value),$userid);
debug("superuser has changed to $value");
}
} elseif ($key=="name" && stripslashes($val)!=$oldvalues[$key]) {
$updates++;
$tmp = sanitize_colorname(getsetting("spaceinname", 0),
stripslashes($val), true);
$tmp = preg_replace("/[`][cHw]/", "", $tmp);
$tmp = sanitize_html($tmp);
if ($tmp != stripslashes($val)) {
output("`\$Illegal characters removed from player name!`0`n");
}
if (soap($tmp) != ($tmp)) {
output("`^The new name doesn't pass the bad word filter!`0");
}
$newname = change_player_name($tmp, $oldvalues);
$sql.="$key = \"".addslashes($newname)."\",";
output("Changed player name to %s`0`n", $newname);
debuglog($session['user']['name'] . "`0 changed player name to $newname`0", $userid);
$oldvalues['name']=$newname;
if ($session['user']['acctid']==$userid) {
$session['user']['name'] = $newname;
}
} elseif ($key=="title" && stripslashes($val)!=$oldvalues[$key]) {
$updates++;
$tmp = sanitize_colorname(true, stripslashes($val), true);
$tmp = preg_replace("/[`][cHw]/", "", $tmp);
$tmp = sanitize_html($tmp);
if ($tmp != stripslashes($val)) {
output("`\$Illegal characters removed from player title!`0`n");
}
if (soap($tmp) != ($tmp)) {
output("`^The new title doesn't pass the bad word filter!`0");
}
$newname = change_player_title($tmp, $oldvalues);
$sql.="$key = \"$val\",";
output("Changed player title from %s`0 to %s`0`n", $oldvalues['title'], $tmp);
$oldvalues[$key]=$tmp;
if ($newname != $oldvalues['name']) {
$sql.="name = \"".addslashes($newname)."\",";
output("Changed player name to %s`0 due to changed dragonkill title`n", $newname);
debuglog($session['user']['name'] . "`0 changed player name to $newname`0 due to changed dragonkill title", $userid);
$oldvalues['name']=$newname;
if ($session['user']['acctid']==$userid) {
$session['user']['name'] = $newname;
}
}
if ($session['user']['acctid']==$userid) {
$session['user']['title'] = $tmp;
}
} elseif ($key=="ctitle" && stripslashes($val)!=$oldvalues[$key]) {
$updates++;
$tmp = sanitize_colorname(true, stripslashes($val), true);
$tmp = preg_replace("/[`][cHw]/", "", $tmp);
$tmp = sanitize_html($tmp);
if ($tmp != stripslashes($val)) {
output("`\$Illegal characters removed from custom title!`0`n");
}
if (soap($tmp) != ($tmp)) {
output("`^The new custom title doesn't pass the bad word filter!`0");
}
$newname = change_player_ctitle($tmp, $oldvalues);
$sql.="$key = \"$val\",";
output("Changed player ctitle from %s`0 to %s`0`n", $oldvalues['ctitle'], $tmp);
$oldvalues[$key]=$tmp;
if ($newname != $oldvalues['name']) {
$sql.="name = \"".addslashes($newname)."\",";
output("Changed player name to %s`0 due to changed custom title`n", $newname);
debuglog($session['user']['name'] . "`0 changed player name to $newname`0 due to changed custom title", $userid);
$oldvalues['name']=$newname;
if ($session['user']['acctid']==$userid) {
$session['user']['name'] = $newname;
}
}
if ($session['user']['acctid']==$userid) {
$session['user']['ctitle'] = $tmp;
}
}elseif ($key=="oldvalues"){
//donothing.
}elseif ($oldvalues[$key]!=stripslashes($val) && isset($oldvalues[$key])){
$sql.="$key = \"$val\",";
$updates++;
output("%s has changed to %s.`n", $key, stripslashes($val));
debuglog($session['user']['name']."`0 changed $key to $val",$userid);
if ($session['user']['acctid']==$userid) {
$session['user'][$key]=stripslashes($val);
}
}
}
}
$sql=substr($sql,0,strlen($sql)-1);
$sql = "UPDATE " . db_prefix("accounts") . " SET " . $sql . " WHERE acctid=\"$userid\"";
$petition = httpget("returnpetition");
if ($petition!="")
addnav("","viewpetition.php?op=view&id=$petition");
addnav("","user.php");
if ($updates>0){
db_query($sql);
debug("Updated $updates fields in the user record with:\n$sql");
output("%s fields in the user's record were updated.", $updates);
}else{
output("No fields were changed in the user's record.");
}
$op = "edit";
httpset($op, "edit");
?>

40
lotgd-web/lotgd/lib/user/user_saveban.php Executable file
View File

@ -0,0 +1,40 @@
<?php
$sql = "INSERT INTO " . db_prefix("bans") . " (banner,";
$type = httppost("type");
if ($type=="ip"){
$sql.="ipfilter";
}else{
$sql.="uniqueid";
}
$sql.=",banexpire,banreason) VALUES ('" . addslashes($session['user']['name']) . "',";
if ($type=="ip"){
$sql.="\"".httppost("ip")."\"";
}else{
$sql.="\"".httppost("id")."\"";
}
$duration = (int)httppost("duration");
if ($duration == 0) $duration="0000-00-00";
else $duration = date("Y-m-d", strtotime("+$duration days"));
$sql.=",\"$duration\",";
$sql.="\"".httppost("reason")."\")";
if ($type=="ip"){
if (substr($_SERVER['REMOTE_ADDR'],0,strlen(httppost("ip"))) ==
httppost("ip")){
$sql = "";
output("You don't really want to ban yourself now do you??");
output("That's your own IP address!");
}
}else{
if ($_COOKIE['lgi']==httppost("id")){
$sql = "";
output("You don't really want to ban yourself now do you??");
output("That's your own ID!");
}
}
if ($sql!=""){
db_query($sql);
output("%s ban rows entered.`n`n", db_affected_rows());
output_notl("%s", db_error(LINK));
debuglog("entered a ban: " . ($type=="ip"? "IP: ".httppost("ip"): "ID: ".httppost("id")) . " Ends after: $duration Reason: \"" . httppost("reason")."\"");
}
?>

25
lotgd-web/lotgd/lib/user/user_savemodule.php Executable file
View File

@ -0,0 +1,25 @@
<?php
//save module settings.
$userid = httpget('userid');
$module = httpget('module');
$post = httpallpost();
$post = modulehook("validateprefs", $post, true, $module);
if (isset($post['validation_error']) && $post['validation_error']) {
tlschema("module-$module");
$post['validation_error'] =
translate_inline($post['validation_error']);
tlschema();
output("Unable to change settings: `\$%s`0", $post['validation_error']);
} else {
reset($post);
while (list($key,$val)=each($post)){
output("Setting %s to %s`n", $key, stripslashes($val));
$sql = "REPLACE INTO " . db_prefix("module_userprefs") . " (modulename,userid,setting,value) VALUES ('$module','$userid','$key','$val')";
db_query($sql);
}
output("`^Preferences for module %s saved.`n", $module);
}
$op = "edit";
httpset("op", "edit");
httpset("subop", "module", true);
?>

76
lotgd-web/lotgd/lib/user/user_setupban.php Executable file
View File

@ -0,0 +1,76 @@
<?php
$sql = "SELECT name,lastip,uniqueid FROM " . db_prefix("accounts") . " WHERE acctid=\"$userid\"";
$result = db_query($sql);
$row = db_fetch_assoc($result);
if ($row['name']!="")
output("Setting up ban information based on `\$%s`0", $row['name']);
rawoutput("<form action='user.php?op=saveban' method='POST'>");
output("Set up a new ban by IP or by ID (recommended IP, though if you have several different users behind a NAT, you can try ID which is easily defeated)`n");
rawoutput("<input type='radio' value='ip' id='ipradio' name='type' checked>");
output("IP: ");
rawoutput("<input name='ip' id='ip' value=\"".HTMLEntities($row['lastip'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\">");
output_notl("`n");
rawoutput("<input type='radio' value='id' name='type'>");
output("ID: ");
rawoutput("<input name='id' value=\"".HTMLEntities($row['uniqueid'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))."\">");
output("`nDuration: ");
rawoutput("<input name='duration' id='duration' size='3' value='14'>");
output("Days (0 for permanent)`n");
$reason = httpget("reason");
if ($reason == "")
$reason=translate_inline("Don't mess with me.");
output("Reason for the ban: ");
rawoutput("<input name='reason' size=50 value=\"$reason\">");
output_notl("`n");
$pban = translate_inline("Post ban");
$conf = translate_inline("Are you sure you wish to issue a permanent ban?");
rawoutput("<input type='submit' class='button' value='$pban' onClick='if (document.getElementById(\"duration\").value==0) {return confirm(\"$conf\");} else {return true;}'>");
rawoutput("</form>");
output("For an IP ban, enter the beginning part of the IP you wish to ban if you wish to ban a range, or simply a full IP to ban a single IP`n`n");
addnav("","user.php?op=saveban");
if ($row['name']!=""){
$id = $row['uniqueid'];
$ip = $row['lastip'];
$name = $row['name'];
output("`0To help locate similar users to `@%s`0, here are some other users who are close:`n", $name);
output("`bSame ID (%s):`b`n", $id);
$sql = "SELECT name, lastip, uniqueid, laston, gentimecount FROM " . db_prefix("accounts") . " WHERE uniqueid='".addslashes($id)."' ORDER BY lastip";
$result = db_query($sql);
while ($row = db_fetch_assoc($result)){
output("`0<> (%s) `%%s`0 - %s hits, last: %s`n", $row['lastip'],
$row['name'], $row['gentimecount'],
reltime(strtotime($row['laston'])));
}
output_notl("`n");
$oip = "";
$dots = 0;
output("`bSimilar IP's`b`n");
for ($x=strlen($ip); $x>0; $x--){
if ($dots>1) break;
$thisip = substr($ip,0,$x);
$sql = "SELECT name, lastip, uniqueid, laston, gentimecount FROM " . db_prefix("accounts") . " WHERE lastip LIKE '$thisip%' AND NOT (lastip LIKE '$oip') ORDER BY uniqueid";
//output("$sql`n");
$result = db_query($sql);
if (db_num_rows($result)>0){
output("<22> IP Filter: %s ", $thisip);
rawoutput("<a href='#' onClick=\"document.getElementById('ip').value='$thisip'; document.getElementById('ipradio').checked = true; return false\">");
output("Use this filter");
rawoutput("</a>");
output_notl("`n");
while ($row=db_fetch_assoc($result)){
output("&nbsp;&nbsp;",true);
output("<EFBFBD> (%s) [%s] `%%s`0 - %s hits, last: %s`n",
$row['lastip'], $row['uniqueid'], $row['name'],
$row['gentimecount'],
reltime(strtotime($row['laston'])));
}
output_notl("`n");
}
if (substr($ip,$x-1,1)==".") {
$x--;
$dots++;
}
$oip = $thisip."%";
}
}
?>

19
lotgd-web/lotgd/lib/user/user_special.php Executable file
View File

@ -0,0 +1,19 @@
<?php
if (httppost("newday") !=""){
# $offset = "-".(24 / (int)getsetting("daysperday",4))." hours";
# $newdate = date("Y-m-d H:i:s",strtotime($offset));
# $sql = "UPDATE " . db_prefix("accounts") . " SET lasthit='$newdate' WHERE acctid='$userid'";
$sql = "UPDATE " . db_prefix("accounts") . " SET lasthit='0000-00-00 00:00:00' WHERE acctid='$userid'";
db_query($sql);
}elseif(httppost("fixnavs")!=""){
$sql = "UPDATE " . db_prefix("accounts") . " SET allowednavs='', restorepage='', specialinc='' WHERE acctid='$userid'";
db_query($sql);
$sql = "DELETE FROM ".db_prefix("accounts_output")." WHERE acctid='$userid';";
db_query($sql);
} elseif(httppost("clearvalidation")!=""){
$sql = "UPDATE " . db_prefix("accounts") . " SET emailvalidation='' WHERE acctid='$userid'";
db_query($sql);
}
$op = "edit";
httpset("op", "edit");
?>