<?php
/**
* STRESS WEB
* @author Alexandr Yuschenko (S.T.R.E.S.S.)
* @copyright 2008 - 2009 STRESS WEB
* @version 8.0
* @web http://stressweb.ru
*/
if (!defined("STRESSWEB"))
die("Hacking!!!");
if (is_loged())
{
$menu = <<< HTML
<table width="90%" cellpadding="0" cellspacing="0" class="tabProfileMenu">
<tr>
<td align="center" height="30">
<form action="" method="post" name="do_logout"><a href="/" onclick="javascript: document.do_logout.submit(); return false;"> [Завершить сеанс] </a><input type="hidden" value="1" name="sw_do_exit"></form>
</td>
</tr>
<tr>
<td align="center">
<a href="index.php?f=lk&opt=chars">::Персонажи::</a>
<a href="index.php?f=lk&opt=chpass">::Сменить пароль::</a>
<a href="index.php?f=lk&opt=chdata">::Добавить данные::</a>
<a href="index.php?f=lk&opt=donate">::Пожертвование::</a>
<a href="index.php?f=lk&opt=shop">::Магазин::</a>
</td>
</tr>
</table>
HTML;
$_option = isset($_REQUEST["opt"]) ? phpInjection(sqlInjection(@$_REQUEST["opt"])) : "";
//$_act = isset($_GET["act"]) ? phpInjection(sqlInjection(@$_GET["act"])) : "";
$profile = "";
/**
* =========================
* Change Password
* =========================
*/
if ($_option == "chpass")
{
$profile = <<< HTML
<div align="center"><form name="chpass" action="index.php?f=lk&opt=chpass" method="post" onsubmit="return checkformCP(this)">
<table width="300" cellpadding="0" cellspacing="0" class="tabForm">
<tr>
<td colspan="2" align="center"><p>Смена пароля</p></td>
</tr>
<tr>
<td class="tdLeft">Текущий пароль:</td>
<td class="tdRight"><input maxlength="15" name="l2oldpass" type="password" class="input"></td>
</tr>
<tr>
<td class="tdLeft">Новый пароль:</td>
<td class="tdRight"><input maxlength="15" name="l2newpass1" type="password" class="input"></td>
</tr>
<tr>
<td class="tdLeft">Повторите пароль:</td>
<td class="tdRight"><input maxlength="15" name="l2newpass2" type="password" class="input"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Сменить" class="button"></td>
</tr>
</table>
</form></div>
HTML;
if (isset($_POST["submit"]) && $_POST["submit"])
{
$_this_error = "";
$_l2old_pass = $ldb->safe($_POST["l2oldpass"]);
$_l2new_pass1 = $ldb->safe($_POST["l2newpass1"]);
$_l2new_pass2 = $ldb->safe($_POST["l2newpass2"]);
if (empty($_l2old_pass) || empty($_l2new_pass1) || empty($_l2new_pass2))
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>Заполнены не все поля!</div>";
} elseif (pass_encode($_l2old_pass) != getPass())
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>Старый пароль введен не верно!</div>";
} elseif (strlen($_l2new_pass1) < 4 || strlen($_l2new_pass1) > 15)
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>Новый пароль должен быть не меньше 4 и не больше 15 символов!</div>";
} elseif ($_l2new_pass1 != $_l2new_pass2)
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>Подтверждение нового пароля не правильно!</div>";
}
if (empty($_this_error))
{
$ldb->query($ldb->_parse_query($qList[$l2db_ls]["setPassword"], array("pass" => pass_encode($_l2new_pass1), "login" => $_SESSION["sw_user_name"])));
if ($ldb->affectedrows() > 0)
{
$_SESSION["sw_user_id"] = pass_encode($_l2new_pass1);
$_this_error = "<div class='noerror'>Пароль успешно изменен.</div>";
}
else
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>Ошибка базы данных!</div>";
}
}
if (!empty($_this_error))
{
$error_msg = $_this_error;
}
}
}
/**
* =========================
* List characters
* =========================
*/
if ($_option == "chars" || $_option == "")
{
/**************************
* teleport
**************************/
$coordinats = array("1" => array("name" => "Dark Elven Village", "x" => "9745", "y" => "15606", "z" => "-4574"), "2" => array("name" => "Town of Aden", "x" => "147450", "y" => "26741", "z" => "-2204"), "3" => array("name" => "Dwarven Village", "x" => "115113", "y" => "-178212", "z" => "-901"), "4" => array("name" => "Town of Dion", "x" => "15670", "y" => "142983", "z" => "-2705"), "5" => array("name" =>
"Elven Village", "x" => "46934", "y" => "51467", "z" => "-2977"), "6" => array("name" => "Floran Village", "x" => "17838", "y" => "170274", "z" => "-3508"), "7" => array("name" => "Orc Village", "x" => "-44836", "y" => "-112352", "z" => "-239"), "8" => array("name" => "Town of Giran", "x" => "83400", "y" => "147943", "z" => "-3404"), "9" => array("name" => "Talking Island Village", "x" => "-84318",
"y" => "244579", "z" => "-3730"), "10" => array("name" => "Gludin Village", "x" => "-80826", "y" => "149775", "z" => "-3043"), "11" => array("name" => "Town of Gludio", "x" => "-12672", "y" => "122776", "z" => "-3116"), "12" => array("name" => "Heine", "x" => "111322", "y" => "219320", "z" => "-3538"), "13" => array("name" => "Hunters Village", "x" => "117110", "y" => "76883", "z" => "-2695"),
"14" => array("name" => "Ivory Tower", "x" => "85337", "y" => "12728", "z" => "-3787"), "15" => array("name" => "Town of Oren", "x" => "82956", "y" => "53162", "z" => "-1495"), "16" => array("name" => "Rune Township", "x" => "43799", "y" => "-47727", "z" => "-798"), "17" => array("name" => "Town of Goddard", "x" => "147928", "y" => "-55273", "z" => "-2734"), "18" => array("name" =>
"Town of Schuttgart", "x" => "87386", "y" => "-143246", "z" => "-1293"), "19" => array("name" => "Enchat valley", "x" => "122310", "y" => "43087", "z" => "-4537"), );
if (isset($_POST["teleport"]))
{
$tp_char_id = $_POST["charid"];
$_server = $_POST["server"];
$town = $_POST["town"];
$tp_error = "";
if ($l2db["gameserver"][$_server]["teleport"]["allow"] == 1)
{
$l2db_gs_tp = $versionList[$l2db["gameserver"][$_server]["version"]];
include_once INC_DIR . '/l2db/l2j_' . $l2db_gs_tp . '.php';
$lastTeleport_data = $gdb[$_server]->fetch_array($gdb[$_server]->query($gdb[$_server]->_parse_query($qList[$l2db_gs_tp]["getLastTeleport"], array("charID" => $tp_char_id))));
if (($lastTeleport_data["lastteleport"] + 60 * $l2db["gameserver"][$_server]["teleport"]["time"]) > time())
{
$tp_error = "<div class='error'>До следующего использования телепорта осталось " . date("i мин. s сек.", ($lastTeleport_data["lastteleport"] + ($l2db["gameserver"][$_server]["teleport"]["time"] * 60)) - time()) . "</div>";
}
if (intval($lastTeleport_data["online"]))
{
$tp_error = "<div class='error'>Персонаж <b>{$lastTeleport_data["char_name"]}</b> находится онлайн.</div>";
}
if (intval($lastTeleport_data["in_jail"]))
{
$tp_error = "<div class='error'>Персонаж <b>{$lastTeleport_data["char_name"]}</b> находится в тюрьме.</div>";
}
if (intval($lastTeleport_data["accesslevel"] < 0))
{
$tp_error = "<div class='error'>Персонаж <b>{$lastTeleport_data["char_name"]}</b> забанен.</div>";
}
if ($tp_error == "")
{
$gdb[$_server]->query($gdb[$_server]->_parse_query($qList[$l2db_gs_tp]["setTeleport"], array("x" => $coordinats[$town]["x"], "y" => $coordinats[$town]["y"], "z" => $coordinats[$town]["z"], "lastteleport" => time(), "charID" => $tp_char_id)));
if ($gdb[$_server]->affectedrows() > 0)
$tp_error = "<div class='noerror'>Персонаж <b>{$lastTeleport_data["char_name"]}</b> успешно телепортирован в <b>" . $coordinats[$town]['name'] . "</b></div>";
else
$tp_error = "<div class='error'>Ошибка базы данных</div>";
}
}
else
{
$tp_error = "<div class='error'>Возможность телепортации на этом сервере отключена администратором</div>";
}
$error_msg = $tp_error;
}
/**************************
* characters
**************************/
if (cache_get("l2login_{$_SESSION["sw_user_name"]}_time") > $_TIME && $config["cache"]["allow"])
{
$profile .= cache_get("l2login_{$_SESSION["sw_user_name"]}");
}
else
{
$account_data = $ldb->fetch_array($sel_account_data = $ldb->query($ldb->_parse_query($qList[$l2db_ls]["getAccount"], array("login" => $_SESSION["sw_user_name"], "where" => ""))));
$account_data["lastactive"] = DateFormat($account_data["lastactive"], $config["date"]["timezone"]);
$selecttown = "<select size='1' name='town' style='width: 110px; font-size: 9px;'>";
for ($i = 1; $i <= count($coordinats); $i++)
{
$selecttown .= "<option value='" . $i . "'>" . $coordinats[$i]['name'] . "</option>";
}
$selecttown .= "</select>";
$profile_chars = "<table cellpadding='0' cellspacing='0' id='l2'>
<thead>
<tr>
<th colspan='6'>Здравствуйте, <b>{$_SESSION["sw_user_name"]}</b>!<br>Последний раз Вы заходили в игру {$account_data["lastactive"]} с IP {$account_data["lastIP"]}</th>
</tr>
<tr>
<th width=''>Nick</th>
<th width=''>Status</th>
<th width=''>Level</th>
<th width=''>Game Time</th>
<th width=''>Last Visit</th>
<th width=''>Action</th>
</tr>
</thead>";
foreach ($serverList as $_serv)
{
$l2db_gs_char = $versionList[$l2db["gameserver"][$_serv]["version"]];
include_once INC_DIR . '/l2db/l2j_' . $l2db_gs_char . '.php';
$profile_chars .= "
<tr>
<th colspan='6' class='serv'>{$l2db["gameserver"][$_serv]["title"]}</th>
</tr>";
$query_chars = $gdb[$_serv]->query($gdb[$_serv]->_parse_query($qList[$l2db_gs_char]["getAccountCharacters"], array("account" => $_SESSION["sw_user_name"])));
if ($gdb[$_serv]->numrows($query_chars) > 0)
{
while ($char_data = $gdb[$_serv]->fetch_array($query_chars))
{
if ($char_data["accesslevel"] < 0)
{
$status = "<span class='l2offline'>Бан</span>";
} elseif ($char_data["in_jail"])
{
$status = "<span class='l2offline'>Тюрьма</span>";
}
else
{
$status = $char_data["online"] ? "<span class='l2online'>Online</span>" : "<span class='l2offline'>Offline</span>";
}
$char_data["onlinetime"] = round($char_data["onlinetime"] / 3600);
$char_data["lastAccess"] = DateFormat($char_data["lastAccess"], $config["date"]["timezone"]);
$profile_chars .= "
<tr>
<td class='name'><a href='/index.php?f=lk&opt=view&char={$char_data["charID"]}&server={$_serv}'>{$char_data["char_name"]}</a><br>Клан: {$char_data["clan_name"]}</td>
<td>{$status}</td>
<td>{$char_data["level"]}</td>
<td>{$char_data["onlinetime"]}ч.</td>
<td>{$char_data["lastAccess"]}</td>
<td><form action='/index.php?f=lk&opt=chars' method='post'>{$selecttown}<input type='hidden' value='{$char_data["charID"]}' name='charid'><input type='hidden' value='{$_serv}' name='server'><input type='submit' value='в город' name='teleport' class='l2button'></form></td>
</tr> ";
}
}
else
{
$profile_chars .= "
<tr>
<td colspan='6'><div class='error'>На этом сервере у Вас нет персонажей</div></td>
</tr>";
}
}
$profile_chars .= "</table>";
$profile .= $profile_chars;
if ($config["cache"]["allow"])
{
cache_set("l2login_{$_SESSION["sw_user_name"]}_time", $_TIME + 60 * $config["cache"]["login"]);
cache_set("l2login_{$_SESSION["sw_user_name"]}", $profile_chars);
}
}
}
/**
* =========================
* View character
* =========================
*/
if ($_option == "view")
{
$_char_fail = true;
$charID = isset($_REQUEST["char"]) ? intval($_REQUEST["char"]) : 0;
if ($charID > 0)
{
$query = $gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getCharacterInfo"], array("charID" => $charID)));
if ($gdb[$_serv_id]->numrows($query) == 1)
{
$char_data = $gdb[$_serv_id]->fetch_array($query);
if (strtolower($char_data["account_name"]) != strtolower($_SESSION["sw_user_name"]))
{
unset($char_data);
}
else
{
$_char_fail = false;
}
}
}
function CountFormat($num)
{
if ($num > 1)
{
return " (" . number_format($num, 0, ".", ",") . ")";
}
return "";
}
/* if ($charID == 0)
$charID = -1;*/
if ($_char_fail == false)
{
if (cache_get("l2char_serv_{$_serv_id}_{$charID}_time") > $_TIME && $config["cache"]["allow"])
{
$profile = cache_get("l2char_serv_{$_serv_id}_{$charID}");
}
else
{
if ($char_data["accesslevel"] >= 0)
{
/**************************
* items paperdoll
**************************/
$query_paperdoll = $gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getCharInventory"], array("charID" => $charID, "loc" => "PAPERDOLL")));
$paperdoll = "";
while ($paperdoll_data = $gdb[$_serv_id]->fetch_array($query_paperdoll))
{
$name = ($paperdoll_data["armorName"] != "") ? $paperdoll_data["armorName"] : (($paperdoll_data["weaponName"] != "") ? $paperdoll_data["weaponName"] : $paperdoll_data["etcName"]);
$name = str_replace("'", "\\'", $name);
$grade = ($paperdoll_data["armorType"] != "") ? ((strtolower($paperdoll_data["armorType"]) == "none") ? "ng" : $paperdoll_data["armorType"]) : (($paperdoll_data["weaponType"] != "") ? ((strtolower($paperdoll_data["weaponType"]) == "none") ? "ng" : $paperdoll_data["weaponType"]) : "");
$grade = (!empty($grade)) ? "<img border=\\'0\\' src=\\'" . TPL_DIR . "/images/grade/grade_" . $grade . ".gif\\'>" : "";
$enchant = $paperdoll_data["enchant_level"] > 0 ? " +" . $paperdoll_data["enchant_level"] : "";
$count = CountFormat($paperdoll_data["count"]);
$img = (is_image($paperdoll_data["item_id"])) ? $paperdoll_data["item_id"] : "blank";
$type = $qList[$l2db_gs]["itemType"][$paperdoll_data["loc_data"]];
$paperdoll .= "
<div id='item' class='{$type}'><img border='0' src='items/{$img}.gif' onmouseover=\"Tip('{$name} {$count} {$enchant} {$grade}', FONTCOLOR, '#333333',BGCOLOR, '#FFFFFF', BORDERCOLOR, '#666666', FADEIN, 500, FADEOUT, 500, FONTWEIGHT, 'bold')\"></div>";
}
/**************************
* items inventory
**************************/
$query = $gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getCharInventory"], array("charID" => $charID, "loc" => "INVENTORY")));
$inv = "";
while ($inv_data = $gdb[$_serv_id]->fetch_array($query))
{
$name = ($inv_data["armorName"] != "") ? $inv_data["armorName"] : (($inv_data["weaponName"] != "") ? $inv_data["weaponName"] : $inv_data["etcName"]);
$name = str_replace("'", "\\'", $name);
$grade = ($inv_data["armorType"] != "") ? ((strtolower($inv_data["armorType"]) == "none") ? "ng" : $inv_data["armorType"]) : (($inv_data["weaponType"] != "") ? ((strtolower($inv_data["weaponType"]) == "none") ? "ng" : $inv_data["weaponType"]) : "");
$grade = (!empty($grade)) ? "<img border=\\'0\\' src=\\'" . TPL_DIR . "/images/grade/grade_" . $grade . ".gif\\'>" : "";
$enchant = $inv_data["enchant_level"] > 0 ? " +" . $inv_data["enchant_level"] : "";
$count = CountFormat($inv_data["count"]);
$img = (is_image($inv_data["item_id"])) ? $inv_data["item_id"] : "blank";
$inv .= "<img class='floated' border='0' src=\"items/{$img}.gif\" onmouseover=\"Tip('{$name} {$count} {$enchant} {$grade}', FONTCOLOR, '#333333',BGCOLOR, '#FFFFFF', BORDERCOLOR, '#666666', FADEIN, 500, FADEOUT, 500, FONTWEIGHT, 'bold')\">\n";
}
$tpl->get_template("character.tpl");
$tpl->set_var("{THEME}", TPL_DIR);
$tpl->set_var("{prof}", "<img src='" . TPL_DIR . "/images/prof/{$char_data["base_class"]}.gif'>");
$tpl->set_var("{charname}", $char_data["char_name"]);
$tpl->set_var("{sex}", "<img src='" . TPL_DIR . "/images/face/{$char_data["race"]}_{$char_data["sex"]}.gif'>");
$tpl->set_var("{race}", $raceList[$char_data["race"]]);
$tpl->set_var("{level}", $char_data["level"]);
$tpl->set_var('{cp}', $char_data["maxCp"]);
$tpl->set_var('{hp}', $char_data["maxHp"]);
$tpl->set_var('{mp}', $char_data["maxMp"]);
$tpl->set_var('{pvp}', $char_data["pvpkills"]);
$tpl->set_var('{pk}', $char_data["pkkills"]);
$tpl->set_var('{karma}', $char_data["karma"]);
$tpl->set_var('{str}', $char_data["STR"]);
$tpl->set_var('{dex}', $char_data["DEX"]);
$tpl->set_var('{con}', $char_data["CON"]);
$tpl->set_var('{int}', $char_data["_INT"]);
$tpl->set_var('{wit}', $char_data["WIT"]);
$tpl->set_var('{men}', $char_data["MEN"]);
$tpl->set_var('{exp}', $char_data["exp"]);
$tpl->set_var('{sp}', $char_data["sp"]);
$tpl->set_var('{paperdoll}', $paperdoll);
$tpl->set_var('{inventory}', $inv);
$tpl->parse("l2character");
$profile = $tpl->result["l2character"];
$tpl->clear();
if ($config["cache"]["allow"])
{
cache_set("l2char_serv_{$_serv_id}_{$charID}_time", $_TIME + 60 * $config["cache"]["char"]);
cache_set("l2char_serv_{$_serv_id}_{$charID}", $profile);
}
}
else
{
$profile = "<div class='error'>Этот персонаж забанен</div>";
}
}
}
}
/**
* =========================
* Add Secret Question/Answer
* or Email
* =========================
*/
if ($_option == "chdata")
{
$profile = <<< HTML
<div align="center"><form name="form" action="index.php?f=lk&opt=chdata" method="post" onsubmit="return checkformData(this)">
<table width="300" cellpadding="0" cellspacing="0" class="tabForm">
<tr>
<td colspan="2" align="center"><p>Добавление данных</p><br>
<small>Секретный вопрос, ответ и E-Mail могут добавить только пользователи у которых они отсутствуют!</small>
</td>
</tr>
<tr>
<td class="tdLeft">Секретный вопрос:</td>
<td class="tdRight"><input type="text" name="l2question" maxlength="64" class="input"></td>
</tr>
<tr>
<td class="tdLeft">Ответ на вопрос:</td>
<td class="tdRight"><input type="text" name="l2answer" maxlength="64" class="input"></td>
</tr>
<tr>
<td class="tdLeft">Email:<br><span class="description">(Вводите только действующий e-mail адрес.)</span></td>
<td class="tdRight"><input type="text" name="l2email" maxlength="64" class="input"></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Отправить" class="button"></td>
</tr>
</table>
</form></div>
HTML;
if (isset($_POST["submit"]) && $_POST["submit"])
{
$_this_error = "";
$_l2question = $ldb->safe($_POST["l2question"]);
$_l2answer = $ldb->safe($_POST["l2answer"]);
$_l2email = $ldb->safe($_POST["l2email"]);
if (empty($_l2question) && empty($_l2answer) && empty($_l2email))
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>Хотя бы одно поле должно быть заполнено.</div>";
} elseif ((!empty($_l2question) && strlen($_l2question) < 4) || (!empty($_l2answer) && strlen($_l2answer) < 4))
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>Вопрос и ответ должны быть не меньше 4 символов.</div>";
} elseif (!empty($_l2email) && !email_check($_l2email))
{
$_this_error = "<div class='error'>Обнаружены следующие ошибки:<br>E-Mail указан не верно.</div>";
}
if (empty($_this_error))
{
$data = $ldb->fetch_array($ldb->query("SELECT `l2question`,`l2answer`,`l2email` FROM `accounts` WHERE `login`='{$_SESSION["sw_user_name"]}'"));
if (!empty($_l2question))
{
if (empty($data["l2question"]))
{
$ldb->query("UPDATE `accounts` SET `l2question`='{$_l2question}' WHERE `login`='{$_SESSION["sw_user_name"]}'");
if ($ldb->affectedrows() > 0)
{
$_this_error .= "<div class='noerror'>Секретный вопрос успешно добавлен.</div>";
}
else
{
$_this_error .= "<div class='error'>Ошибка базы данных! Секретный вопрос не был добавлен.</div>";
}
}
else
{
$_this_error .= "<div class='error'>У Вас уже есть секретный вопрос.</div>";
}
}
if (!empty($_l2answer))
{
if (empty($data["l2answer"]))
{
$ldb->query("UPDATE `accounts` SET `l2answer`='{$_l2answer}' WHERE `login`='{$_SESSION["sw_user_name"]}'");
if ($ldb->affectedrows() > 0)
{
$_this_error .= "<div class='noerror'>Ответ на вопрос успешно добавлен.</div>";
}
else
{
$_this_error .= "<div class='error'>Ошибка базы данных! Ответ на вопрос не был добавлен.</div>";
}
}
else
{
$_this_error .= "<div class='error'>У Вас уже есть ответ на секретный вопрос.</div>";
}
}
if (!empty($_l2email))
{
if (empty($data["l2email"]) || $data["l2email"] == "null@null")
{
if (!$config["site"]["reg"]["multi"] && ($ldb->numrows($ldb->query("SELECT * FROM accounts WHERE l2email='{$_l2email}' LIMIT 1")) || $db->numrows($db->query("SELECT * FROM stress_users_tmp WHERE email='{$_l2email}' LIMIT 1"))))
{
$_this_error .= "<div class='error'>Обнаружены следующие ошибки:<br>Такой E-Mail уже используется.</div>";
}
else
{
$ldb->query("UPDATE `accounts` SET `l2email`='{$_l2email}' WHERE `login`='{$_SESSION["sw_user_name"]}'");
if ($ldb->affectedrows() > 0)
{
$_this_error .= "<div class='noerror'>E-Mail адрес успешно добавлен.</div>";
}
else
{
$_this_error .= "<div class='error'>Ошибка базы данных! E-Mail адрес не был добавлен.</div>";
}
}
}
else
{
$_this_error .= "<div class='error'>У Вас уже есть E-Mail адрес.</div>";
}
}
}
if (!empty($_this_error))
{
$error_msg = $_this_error;
}
}
}
/**
* =========================
* Donate
* =========================
*/
if ($_option == "donate")
{
if ($config["wm"]["enable"] == 1)
{
$tpl->get_template("donate.tpl");
$_act = isset($_GET["act"]) ? phpInjection(sqlInjection($_GET["act"])) : "";
if ($_act == "")
{
$money_query = $ldb->query("SELECT `money` FROM `stress_donate_money` WHERE `account`='{$_SESSION["sw_user_name"]}'");
if ($ldb->numrows($money_query) != 1)
{
$money_count = 0;
}
else
{
$money_count = $ldb->result($money_query);
}
$tpl->set_block("'\\[donate\\](.*?)\\[/donate\\]'si", "\\1");
$tpl->set_block("'\\[setmoney\\](.*?)\\[/setmoney\\]'si", "");
$tpl->set_block("'\\[paymoney\\](.*?)\\[/paymoney\\]'si", "");
$tpl->set_var("{money_count}", $money_count);
$tpl->set_var("{money_name}", $config["wm"]["money"]);
$tpl->set_var("{url}", "index.php?f=lk&opt=donate&act=setmoney");
}
if ($_act == "setmoney")
{
$tpl->set_block("'\\[donate\\](.*?)\\[/donate\\]'si", "");
$tpl->set_block("'\\[setmoney\\](.*?)\\[/setmoney\\]'si", "\\1");
$tpl->set_block("'\\[paymoney\\](.*?)\\[/paymoney\\]'si", "");
if ($config["wm"]["id"]["wmz"] != "")
$tpl->set_block("'\\[wmz\\](.*?)\\[/wmz\\]'si", "\\1");
else
$tpl->set_block("'\\[wmz\\](.*?)\\[/wmz\\]'si", "");
if ($config["wm"]["id"]["wmr"] != "")
$tpl->set_block("'\\[wmr\\](.*?)\\[/wmr\\]'si", "\\1");
else
$tpl->set_block("'\\[wmr\\](.*?)\\[/wmr\\]'si", "");
if ($config["wm"]["id"]["wme"] != "")
$tpl->set_block("'\\[wme\\](.*?)\\[/wme\\]'si", "\\1");
else
$tpl->set_block("'\\[wme\\](.*?)\\[/wme\\]'si", "");
if ($config["wm"]["id"]["wmu"] != "")
$tpl->set_block("'\\[wmu\\](.*?)\\[/wmu\\]'si", "\\1");
else
$tpl->set_block("'\\[wmu\\](.*?)\\[/wmu\\]'si", "");
$tpl->set_var("{wmr}", $config["wm"]["rate"]["wmr"]);
$tpl->set_var("{wme}", $config["wm"]["rate"]["wme"]);
$tpl->set_var("{wmu}", $config["wm"]["rate"]["wmu"]);
$tpl->set_var("{credits}", $config["wm"]["credits"]);
$tpl->set_var("{money_name}", $config["wm"]["money"]);
$tpl->set_var("{url}", "index.php?f=lk&opt=donate&act=paymoney");
}
if ($_act == "paymoney")
{
if (isset($_REQUEST["pay"]))
{
$wm_rnd = strtoupper(substr(md5(uniqid(microtime(), 1)) . getmypid(), 1, 8));
$wm_units = array("wmz", "wmr", "wme", "wmu");
if (isset($_REQUEST["unit"]) && in_array($_REQUEST["unit"], $wm_units))
{
$wm_unit = $_REQUEST["unit"];
$wm_amount = isset($_REQUEST["money_amount"]) ? floatval($_REQUEST["money_amount"]) : 0;
$wm_sum = floatval(($wm_amount * $config["wm"]["rate"][$wm_unit])/$config["wm"]["credits"]);
}
else
{
$wm_sum = 0;
}
if ($wm_sum > 0)
{
$ldb->query("INSERT INTO stress_donate_wm SET
`wm_rnd` = '" . $ldb->safe($wm_rnd) . "',
`wm_account` = '{$_SESSION["sw_user_name"]}',
`wm_type` = '{$wm_unit}',
`wm_count` = '{$wm_sum}',
`wm_time` = '" . time() . "',
`wm_ip` = '" . $ldb->safe($_SERVER["REMOTE_ADDR"]) . "',
`wm_stage` = 'I',
`wm_success` = '0',
`wm_comment` = ''
");
$wm_number = $ldb->nextid();
$wm_paynumber = "{$_SESSION["sw_user_name"]}@{$wm_number}";
$tpl->set_block("'\\[donate\\](.*?)\\[/donate\\]'si", "");
$tpl->set_block("'\\[setmoney\\](.*?)\\[/setmoney\\]'si", "");
$tpl->set_block("'\\[paymoney\\](.*?)\\[/paymoney\\]'si", "\\1");
$tpl->set_var('{number}', $wm_number);
$tpl->set_var('{account}', "{$_SESSION["sw_user_name"]}");
$tpl->set_var('{paynumber}', $wm_paynumber);
$tpl->set_var('{amount}', $wm_amount);
$tpl->set_var('{unit}', strtoupper($wm_unit));
$tpl->set_var('{sum}', $wm_sum);
$tpl->set_var('{description}', $config["wm"]["description"]);
$tpl->set_var('{wm_id}', $config["wm"]["id"][$wm_unit]);
$tpl->set_var('{rnd}', $wm_rnd);
}
else
{
$tpl->template = "<div class='error'>Не верная сумма для оплаты.</div>";
}
}
else
{
redirect("index.php?f=lk&opt=donate&act=setmoney");
}
}
$tpl->parse("l2donate");
$profile = $tpl->result["l2donate"];
$tpl->clear();
}
else
{
$profile = "<div class='error'>Пожертвования отключены</div>";
}
}
/**
* =========================
* Donate Shop
* =========================
*/
if ($_option == "shop")
{
if ($config["wm"]["enable"] == 1)
{
$_act = isset($_GET["act"]) ? phpInjection(sqlInjection($_GET["act"])) : "";
// l2money count
$money_query = $ldb->query("SELECT `money` FROM `stress_donate_money` WHERE `account`='{$_SESSION["sw_user_name"]}'");
if ($ldb->numrows($money_query) != 1)
{
$money_count = 0;
}
else
{
$money_count = $ldb->result($money_query);
}
/**************************
* show items
**************************/
if ($_act == "")
{
if ($l2db["gameserver"]["count"] > 1)
{
for ($i = 0; $i < $l2db["gameserver"]["count"]; $i++)
{
if ($l2db["gameserver"][$i]["on"] == 1)
{
$tmpServerList[$i] = $l2db["gameserver"][$i]["title"];
}
}
$servSelect = select("server", $tmpServerList, $_serv_id);
$servListHtml = "
<form action='index.php?f=lk&opt=shop' method='POST'>
Выберите сервер: {$servSelect} <input type='submit' value='показать' /><br /><br />
</form>";
}
else
{
$servListHtml = "";
}
$profile = "<div>На вашем счету <b>{$money_count}</b> {$config["wm"]["money"]}.</div><br />{$servListHtml}";
// Вывод списка вещей
$item_query = $ldb->query("SELECT * FROM `stress_donate_shop` WHERE `active`='1' AND `server`='{$_serv_id}' ORDER BY `category` DESC, `price_sell` ASC");
if ($ldb->numrows($item_query) > 0)
{
$typeList = array("weapon" => "Оружие", "armor" => "Броня", "etcitem" => "Другое", );
$profile .= "<form action='index.php?f=lk&opt=shop&act=get&server={$_serv_id}' method='POST'>";
$profile .= "
<table id='l2wm' cellpadding='0' cellspacing='0'>
<tr>
<th width='34px'> </th>
<th width='120px'>Название</th>
<th width='72px'>Категория</th>
<th width=''>Описание</th>
<th width='42px'>Цена</th>
<th width='42px'>Выбор</th>
</tr>";
$n = 0;
while ($item_data = $ldb->fetch_array($item_query))
{
$trClass = $n++ % 2 ? "" : "trWM";
$img = (is_image($item_data["item_id"])) ? $item_data["item_id"] : "blank";
$profile .= "
<tr class='{$trClass}'>
<td style='padding: 1px;'><img src='items/{$img}.gif'></td>
<td class='name'>{$item_data["item_name"]}</td>
<td>{$typeList[$item_data["category"]]}</td>
<td>{$item_data["description"]} </td>
<td>{$item_data["price_sell"]}</td>
<td><input type='checkbox' name='item_id[]' value='{$item_data["id"]}'></td>
</tr>";
}
$profile .= "</table><br />";
$profile .= "<center><input type='submit' value='Продолжить' class='button'></center></form>";
}
else
{
$profile .= "<div>Список вещей пуст.</div>";
}
}
/**************************
* show selected items
**************************/
if ($_act == "get")
{
$itemList = isset($_REQUEST["item_id"]) ? $_REQUEST["item_id"] : array();
if (is_array($itemList) && count($itemList) > 0)
{
$items = implode(",", array_map("intval", $itemList));
}
else
{
$items = "NULL";
}
$query = $ldb->query("SELECT * FROM `stress_donate_shop` WHERE id IN ({$items}) AND `active` = '1' AND `server` = '{$_serv_id}' ORDER BY `count` ASC");
if ($ldb->numrows() > 0)
{
$charList = "";
$price = 0;
$itemList = "";
while ($item_data = $ldb->fetch_array($query))
{
$price += floatval($item_data["price_sell"]);
if ($item_data["count"] == 0)
{
$count = "<input type='text' style='width: 75%' name='items[{$item_data["id"]}]' value='1' />";
}
else
{
$count = $item_data["count"] . "<input type='hidden' name='items[{$item_data["id"]}]' value='1' />";
}
$img = (is_image($item_data["item_id"])) ? $item_data["item_id"] : "blank";
$itemList .= "
<tr>
<td style='padding: 1px;'><img src='" . TPL_DIR . "/images/items/{$img}.gif'></td>
<td class='name'>{$item_data["item_name"]}</td>
<td>{$item_data["description"]}</td>
<td>{$count}</td>
<td>{$item_data["price_sell"]}</td>
</tr>";
}
if ($money_count >= $price)
{
$query = $gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getAccountCharacters"], array("account" => $_SESSION["sw_user_name"])));
while ($char_data = $gdb[$_serv_id]->fetch_array($query))
{
$charList .= "<option value='{$char_data["charID"]}'>{$l2db["gameserver"][$_serv_id]["title"]} - {$char_data["char_name"]}</option>";
}
$profile = "
<form method='POST' action='index.php?f=lk&opt=shop&act=put'>
<input type='hidden' id='server' name='server' value='{$_serv_id}'>
<table id='l2wm' cellpadding='0' cellspacing='0'>
<tr>
<th width='34px'> </th>
<th width='120px'>Название</th>
<th width=''>Описание</th>
<th width='80px'>Кол-во</th>
<th width='50px'>Цена</th>
</tr>
{$itemList}
<tr>
<td class='right' colspan='5'>Всего: <b>{$price} {$config["wm"]["money"]}</b></td>
</tr>
<tr>
<td colspan='5'>
<br>Ник вашего персонажа:<br>
<select id='charList' name='id'>
<option value='0'>Выберите персонажа</option>
{$charList}
</select>
</td>
</tr>
<tr>
<td colspan='5'>
<input type='button' class='button' value='Отменить' onclick=\"javascript:history.go(-1);return false;\"> <input type='submit' class='button' value='Продолжить'>
</td>
</tr>
</table>
</form>";
}
else
{
$profile = "<div class='error'>У вас не хватает кредитов для совершения операции!</div>";
}
}
else
{
$profile = "<div class='error'>Вы не выбрали ни одной вещи!</div>";
}
}
/**************************
* give items
**************************/
if ($_act == "put")
{
$id = isset($_REQUEST["id"]) ? intval($_REQUEST["id"]) : 0;
$itemList = isset($_REQUEST["items"]) ? $_REQUEST["items"] : array();
$itemListKeys = array_keys($itemList);
if (is_array($itemListKeys) && count($itemListKeys) > 0)
{
$items = implode(",", array_map("intval", $itemListKeys));
}
else
{
$items = "NULL";
}
$query = $gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getCharacter"], array("charID" => $id)));
$character_data = $gdb[$_serv_id]->fetch_array($query);
if ($config["wm"]["type"] == "telnet" && @$character_data["online"] != "1")
{
$character_data = false;
$error = "online";
} elseif ($config["wm"]["type"] == "mysql" && @$character_data["online"] == "1")
{
$character_data = false;
$error = "offline";
} elseif ($config["wm"]["type"] != "telnet" && $config["wm"]["type"] != "mysql")
{
$character_data = false;
}
$query1 = $ldb->query("SELECT `id`,`price_sell`,`count` FROM `stress_donate_shop` WHERE id IN ({$items}) AND `active` = '1' AND `server` = '{$_serv_id}'");
$price = 0;
while ($price_data = $ldb->fetch_array($query1))
{
if ($price_data["count"] > 0)
{
$price += $price_data["price_sell"];
}
else
{
$price += $price_data["price_sell"] * $itemList[$price_data["id"]];
}
}
$query2 = $ldb->query("SELECT * FROM `stress_donate_shop` WHERE id IN ({$items}) AND `active` = '1' AND `server` = '{$_serv_id}'");
if ($ldb->numrows($query2) > 0 && $character_data)
{
if ($money_count >= $price)
{
// get l2money
$l2money = floatval($money_count - $price);
$ldb->query("UPDATE `stress_donate_money` SET `money` = '{$l2money}' WHERE `account`='{$_SESSION["sw_user_name"]}'");
$ldb->query("INSERT INTO `stress_log_donate` SET
`account` = '{$_SESSION["sw_user_name"]}',
`char_name` = '{$character_data["char_name"]}',
`char_id` = '{$id}',
`server` = '{$_serv_id}',
`money` = '{$l2money}',
`price` = '{$price}',
`time` = '" . time() . "',
`ip` = '" . $ldb->safe($_SERVER["REMOTE_ADDR"]) . "'");
$next = $ldb->nextid();
$telnet = false;
while ($item_data = $ldb->fetch_array($query2))
{
$itemStatus = false;
$itemCount = ($item_data["count"] > 0) ? $item_data["count"] : $itemList[$item_data["id"]];
// Give items - Telnet
if ($config["wm"]["type"] == "telnet")
{
if (!$telnet)
{
$host = $l2db["gameserver"][$_serv_id]["server"]["host"];
$port = $l2db["gameserver"][$_serv_id]["telnet"]["port"];
$timeout = $l2db["gameserver"][$_serv_id]["telnet"]["timeout"];
$telnet = @fsockopen($host, $port, $errno, $errstr, $timeout);
if ($telnet)
{
fputs($telnet, $l2db["gameserver"][$_serv_id]["telnet"]["pass"]);
fputs($telnet, "\r\n");
if (!empty($l2db["gameserver"][$_serv_id]["telnet"]["gmname"]))
{
fputs($telnet, $l2db["gameserver"][$_serv_id]["telnet"]["gmname"]);
fputs($telnet, "\r\n");
}
}
}
if ($telnet)
{
fputs($telnet, "give {$character_data["char_name"]} {$item_data["item_id"]} {$itemCount}");
$itemStatus = true;
}
// Give items - MySQL
}
else
{
if ($item_data["single"] == '0')
{
$sel_item = $gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getItem"], array("charID" => $id, "itemID" => $item_data["item_id"])));
if ($gdb[$_serv_id]->numrows($sel_item) > 0)
{
$item = $gdb[$_serv_id]->fetch_array($sel_item);
$gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["setItemCount"], array("ownerID" => $id, "objectID" => $item["object_id"], "count" => $item["count"] + $itemCount)));
if ($gdb[$_serv_id]->affectedrows() > 0)
{
$itemStatus = true;
}
}
else
{
$object_id = $gdb[$_serv_id]->fetch_array($gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getMax"])));
$gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["insItem"], array("ownerID" => $id, "objectID" => $object_id["max"], "itemID" => $item_data["item_id"], "count" => $itemCount)));
if ($gdb[$_serv_id]->affectedrows() > 0)
{
$itemStatus = true;
}
}
}
else
{
for ($i = 0; $i < $itemCount; $i++)
{
$object_id = $gdb[$_serv_id]->fetch_array($gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["getMax"])));
$gdb[$_serv_id]->query($gdb[$_serv_id]->_parse_query($qList[$l2db_gs]["insItem"], array("ownerID" => $id, "objectID" => $object_id["max"], "itemID" => $item_data["item_id"], "count" => 1)));
if ($gdb[$_serv_id]->affectedrows() > 0)
{
$itemStatus = true;
}
}
}
}
$success = ($itemStatus == true) ? "1" : "0";
// write log items
$ldb->query("INSERT INTO `stress_log_items` SET
`log_id` = '{$next}',
`sd_shop_id` = '{$item_data["id"]}',
`item_count` = '{$itemCount}',
`success` = '{$success}'");
}
if ($telnet)
{
fclose($telnet_sock);
}
$profile = "<div class='noerror'>Вы успешно получили вознаграждение!</div>";
}
else
{
$profile = "<div class='error'>У вас не хватает кредитов, для совершения операции!</div>";
}
}
else
{
if ($error == "online")
{
$profile = "<div class='error'>Ваш персонаж должен быть онлайн!</div>";
} elseif ($error == "offline")
{
$profile = "<div class='error'>Ваш персонаж должен быть оффлайн!</div>";
}
else
{
$profile = "<div class='error'>Ошибка, попробуйте еще раз!</div>";
}
}
}
}
else
{
$profile = "<div class='error'>Пожертвования отключены</div>";
}
}
/**
* ------------------------------------------------------------
*/
$tpl->get_template("profile.tpl");
$tpl->set_var("{THEME}", TPL_DIR);
$tpl->set_var("[profile]", "");
$tpl->set_var("[/profile]", "");
$tpl->set_var("{menu}", $menu);
$tpl->set_var("{content}", $profile);
$tpl->set_block("'\\[login\\](.*?)\\[/login\\]'si", "");
$tpl->parse("content");
$tpl->clear();
}
else
{
$tpl->get_template("profile.tpl");
$tpl->set_var("{THEME}", TPL_DIR);
$tpl->set_block("'\\[profile\\](.*?)\\[/profile\\]'si", "");
$tpl->set_var("[login]", "");
$tpl->set_var("[/login]", "");
$tpl->set_var("{error_msg}", $error_msg);
$tpl->parse("content");
$tpl->clear();
}
?>
Проблема Stressweb 8.0
