IsleHorse/HISP
1
0
Fork 0
mirror of https://github.com/islehorse/HISP.git synced 2025-04-06 21:25:42 +12:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update web

Browse source
This commit is contained in:
SilicaAndPina 2021-06-27 13:18:43 +12:00
parent 852b5f33ec
commit 6e32fc9aca
18 changed files with 480 additions and 158 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Horse Isle Server/HorseIsleServer/Server/GameServer.cs
View file

@ -7115,7 +7115,7 @@ namespace HISP.Server
}
else
{
Logger.WarnPrint(sender.RemoteIp + " Attempted to login to: " + username + " with incorrect password " + password);
Logger.WarnPrint(sender.RemoteIp + " Attempted to login to: " + username + " with incorrect password ");
byte[] ResponsePacket = PacketBuilder.CreateLoginPacket(false);
sender.SendPacket(ResponsePacket);
}

186
WebInterface/game-site/account.php
View file

@ -1,106 +1,73 @@
<HEAD>
<TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
<META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
<META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
<link rel="icon" href="/favicon.ico" type="image/x-icon">
<link rel="meta" href="//horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "//horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1) gen true for "//hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
<style type="text/css">
hr {
height: 1;
color: #000000;
background-color: #000000;
border: 0;
}
a {
font: bold 14px arial;
color: #6E3278;
}
TH {
background-color: #EDE5B4;
padding: 1px 6px;
border: 2px dotted #6E3278;
font: small-caps 900 14px arial;
color: #000000;
}
TR.a0 {
background-color: #EDE5B4;
}
TR.a1 {
background-color: #D4CCA1;
}
TD {
font: 14px arial;
color: #000000;
}
TD.forum {
font: 12px arial;
color: #000000;
}
TD.forumlist {
padding: 1px 6px;
border: 2px dotted #6E3278;
background-color: #EDE5B4;
text-align: center;
font: bold 14px arial;
color: #000000;
}
TD.forumpost {
padding: 5px 10px;
border: 2px dotted #6E3278;
background-color: #EDE5B4;
text-align: left;
}
TD.newslist {
padding: 4px 4px;
border: 2px dotted #6E3278;
background-color: #FFDDEE;
text-align: left;
font: 14px arial;
color: #000000;
}
FORUMSUBJECT {
font: bold 14px arial;
color: #004400;
}
FORUMUSER {
font: 12px arial;
color: #000044;
}
FORUMDATE {
font: 12px arial;
color: #444444;
}
FORUMTEXT {
font: 14px arial;
color: #440000;
<?php
include("web/common.php");
include("web/crosserver.php");
include("config.php");
if(isset($_POST["USER"], $_POST["PASS"]))
{
$username = $_POST["USER"];
$password = $_POST["PASS"];
if(!user_exists($username))
goto auth_failed;
$id = get_userid($username);
if(check_password($id, $password))
{
$_SESSION['LOGGED_IN'] = "YES";
$_SESSION['PLAYER_ID'] = $id;
$_SESSION['USERNAME'] = $username;
$_SESSION['SEX'] = get_sex($id);
$_SESSION['ADMIN'] = get_admin($id);
$_SESSION['MOD'] = get_mod($id);
$_SESSION['PASSWORD_HASH'] = get_password_hash($id);
$_SESSION['SALT'] = get_salt($id);
}
else
{
auth_failed:
include("web/header.php");
echo('<TABLE CELLPADDING=10 WIDTH=100%><TR><TD><HR><B>Username or Password is not valid. Please try again. <BR>Note: Upon too many attempts the account will be temporarily blocked from your IP.</B><BR><BR>If you have not logged on yet, make sure you have clicked the activation link in the email that was sent to you.<BR><BR>click <A HREF=/web/forgotpass.php>HERE</A> to Have your password emailed to you.<HR></TD></TR></TABLE>');
include('web/footer.php');
exit();
}
}
</style>
</HEAD>
<BODY BGCOLOR=E0D8AA>
<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
<TR WIDTH=100%>
<TD WIDTH=512 ROWSPAN=3><A HREF=/><IMG SRC=/web/hoilgui1.gif ALT="Welcome to Horse Isle" BORDER=0></A></TD>
<TD WIDTH=100% BACKGROUND=/web/hoilgui2.gif>&nbsp;</TD>
<TD WIDTH=29><IMG SRC=/web/hoilgui3.gif></TD>
</TR>
<TR>
<TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
<B>
if(isset($_GET["SLID"], $_GET["C"]))
{
$id = $_GET['SLID'];
$code = $_GET['C'];
$hmac = GenHmacMessage((string)$playerId, "CrossSiteLogin");
$hmacSent = base64_decode(bin2hex($hmac));
if(hash_equals($hmacSent,$hmac))
{
$_SESSION['LOGGED_IN'] = "YES";
$_SESSION['PLAYER_ID'] = $id;
$_SESSION['USERNAME'] = get_username($id);
$_SESSION['SEX'] = get_sex($id);
$_SESSION['ADMIN'] = get_admin($id);
$_SESSION['MOD'] = get_mod($id);
$_SESSION['PASSWORD_HASH'] = get_password_hash($id);
$_SESSION['SALT'] = get_salt($id);
}
else
{
$login_error = "Error in Automatic Login Authentication!";
}
}
if(!is_logged_in())
{
include("web/header.php");
echo("
<B>Username or Password is not valid or your account has timed out. Please Log in again.</B><BR><BR></TD></TR></TABLE>");
$_SESSION['LOGGED_IN'] = "NO";
include("web/footer.php");
exit();
}
<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B><A HREF=/account.php>PINTO.HORSEISLE.COM</A><BR>Logged in as: SilicaAndPina<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=//hi1.horseisle.com/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=//hi1.horseisle.com/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>
</TD>
<TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>
<TR>
<TD WIDTH=100% BACKGROUND=/web/hoilgui6.gif>&nbsp;</TD>
<TD WIDTH=29><IMG SRC=/web/hoilgui7.gif></TD></TR>
</TABLE>
<CENTER>
include("web/header.php");
?>
@ -363,26 +330,5 @@ Select: <SELECT NAME=quantity>
<HR>
</TD><TD VALIGN=top><DIV ID="PLAYERS"><BR></DIV></TD></TR></TABLE><TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
<TR>
<TD><IMG SRC=/web/hoilgui10.gif></TD>
<TD WIDTH=100% BACKGROUND=/web/hoilgui11.gif></TD>
<TD><IMG SRC=/web/hoilgui12.gif></TD>
</TR></TABLE>
<CENTER><B>
[ <A HREF=http://hi1.horseisle.com/web/rules.php>Rules</A> ]
[ <A HREF=http://hi1.horseisle.com/web/termsandconditions.php>Terms and Conditions</A> ]
[ <A HREF=http://hi1.horseisle.com/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
[ <A HREF=http://hi1.horseisle.com/web/expectedbehavior.php>Expected Behavior</A> ]
[ <A HREF=http://hi1.horseisle.com/web/contactus.php>Contact Us</A> ]
[ <A HREF=http://hi1.horseisle.com/web/credits.php>Credits</A> ]<BR>
<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2020 Horse Isle</FONT>
<!-- Google Analytics -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-1805076-1";
urchinTracker();
</script>
</TD><TD VALIGN=top><DIV ID="PLAYERS"><BR></DIV></TD></TR></TABLE><?php include("web/footer.php"); ?>

2
WebInterface/game-site/config.php
View file

@ -13,7 +13,7 @@ $dbhost = '127.0.0.1';
# NOTE: if someone knows this secret they can login to ANYONES account
# Ideally, this would be a random string of numbers, letters and symbols like 20 characters long T-T
$hmac_secret = "!!NOTSET!!";
$master_site = "http://server.islehorse.com";
$master_site = "//server.islehorse.com";
# Password for /web/admin
$admin_portal_password = "!!NOTSET!!";
?>

147
WebInterface/game-site/web/common.php
View file

@ -12,4 +12,151 @@ function hash_salt(string $input, string $salt)
return hash('sha512',$xor_hash,false);
}
function is_logged_in()
{
if(session_status() !== PHP_SESSION_ACTIVE)
return false;
if(isset($_SESSION["LOGGED_IN"]))
if($_SESSION["LOGGED_IN"] === "YES")
return true;
return false;
}
function user_exists(string $username)
{
include('config.php');
$usernameUppercase = strtoupper($username);
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?");
$stmt->bind_param("s", $usernameUppercase);
$stmt->execute();
$result = $stmt->get_result();
$count = intval($result->fetch_row()[0]);
return $count>0;
}
function get_username(string $id)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Username FROM Users WHERE Id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result();
$usetname = intval($result->fetch_row()[0]);
return $usetname;
}
function get_userid(string $username)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$usernameUppercase = strtoupper($username);
$stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?");
$stmt->bind_param("s", $usernameUppercase);
$stmt->execute();
$result = $stmt->get_result();
$id = intval($result->fetch_row()[0]);
return $id;
}
function get_sex(int $userid)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
$stmt->execute();
$result = $stmt->get_result();
return $result->fetch_row()[0];
}
function get_admin(int $userid)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
$stmt->execute();
$result = $stmt->get_result();
return $result->fetch_row()[0];
}
function get_mod(int $userid)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
$stmt->execute();
$result = $stmt->get_result();
return $result->fetch_row()[0];
}
function get_password_hash(int $userid)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
$stmt->execute();
$result = $stmt->get_result();
return $result->fetch_row()[0];
}
function get_salt(int $userid)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
$stmt->execute();
$result = $stmt->get_result();
return $result->fetch_row()[0];
}
function check_password(int $userId, string $password)
{
$passhash = get_password_hash($userId);
$passsalt = hex2bin(get_salt($userId));
$acturalhash = hash_salt($password, $passsalt);
if($acturalhash === $passhash)
return true;
else
return false;
}
function populate_db()
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");
}
function startsWith( $haystack, $needle ) {
$length = strlen( $needle );
return substr( $haystack, 0, $length ) === $needle;
}
function endsWith( $haystack, $needle ) {
$length = strlen( $needle );
if( !$length ) {
return true;
}
return substr( $haystack, -$length ) === $needle;
}
?>

3
WebInterface/game-site/web/config.php Normal file
View file

@ -0,0 +1,3 @@
<?php
include("../config.php");
?>

121
WebInterface/game-site/web/crosserver.php Normal file
View file

@ -0,0 +1,121 @@
<?php
function GenHmacMessage(string $data, string $channel)
{
include('config.php');
if($hmac_secret === "!!NOTSET!!"){
echo("<script>alert('Please set HMAC_SECRET !')</script>");
echo("<h1>Set \$hmac_secret in config.php!</h1>");
exit();
}
return $hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mhdY'));
}
function getNoPlayersOnlineInServer($database)
{
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
return $onlineUsers->fetch_row()[0];
}
function getNoSubbedPlayersOnlineInServer($database)
{
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
return $onlineSubscribers->fetch_row()[0];
}
function getNoModPlayersOnlineInServer($database)
{
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
return $onlineModerators->fetch_row()[0];
}
function getServerById(string $id)
{
include('servers.php');
for($i = 0; $i < count($server_list); $i++)
{
if($server_list[$i]['id'] == $id)
return $server_list[$i];
}
return null;
}
function userid_exists(string $database, string $userid)
{
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
$stmt->execute();
$result = $stmt->get_result();
$count = intval($result->fetch_row()[0]);
return $count>0;
}
function createAccountOnServer(string $database)
{
include('config.php');
$dbname = $database;
$id = intval($_SESSION['PLAYER_ID']);
$username = $_SESSION['USERNAME'];
$sex = $_SESSION['SEX'];
$admin = $_SESSION['ADMIN'];
$mod = $_SESSION['MOD'];
$passhash = $_SESSION['PASSWORD_HASH'];
$salt = $_SESSION['SALT'];
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)");
$stmt->bind_param("issssss", $id, $username, $passhash, $salt, $sex, $admin, $mod);
$stmt->execute();
}
# Global Functions
function getNoPlayersOnlineGlobal()
{
include('servers.php');
$playersOn = 0;
for($i = 0; $i < count($server_list); $i++)
{
$playersOn += getNoPlayersOnlineInServer($server_list[$i]['database']);
}
return $playersOn;
}
function getNoSubbedPlayersOnlineGlobal()
{
include('servers.php');
$playersOn = 0;
for($i = 0; $i < count($server_list); $i++)
{
$playersOn += getNoSubbedPlayersOnlineInServer($server_list[$i]['database']);
}
return $playersOn;
}
function getNoModPlayersOnlineGlobal()
{
include('servers.php');
$playersOn = 0;
for($i = 0; $i < count($server_list); $i++)
{
$playersOn += getNoModPlayersOnlineInServer($server_list[$i]['database']);
}
return $playersOn;
}
?>

18
WebInterface/game-site/web/footer.php
View file

@ -1,3 +1,7 @@
<?php
if(!isset($master_site))
include("config.php");
?>
<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
<TR>
<TD><IMG SRC=/web/hoilgui10.gif></TD>
@ -5,13 +9,13 @@
<TD><IMG SRC=/web/hoilgui12.gif></TD>
</TR></TABLE>
<CENTER><B>
[ <A HREF=http://hi1.horseisle.com/web/rules.php>Rules</A> ]
[ <A HREF=http://hi1.horseisle.com/web/termsandconditions.php>Terms and Conditions</A> ]
[ <A HREF=http://hi1.horseisle.com/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
[ <A HREF=http://hi1.horseisle.com/web/expectedbehavior.php>Expected Behavior</A> ]
[ <A HREF=http://hi1.horseisle.com/web/contactus.php>Contact Us</A> ]
[ <A HREF=http://hi1.horseisle.com/web/credits.php>Credits</A> ]<BR>
<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2020 Horse Isle</FONT>
[ <A HREF=http:<?php echo($master_site); ?>/web/rules.php>Rules</A> ]
[ <A HREF=http:<?php echo($master_site); ?>/web/termsandconditions.php>Terms and Conditions</A> ]
[ <A HREF=http:<?php echo($master_site); ?>/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
[ <A HREF=http:<?php echo($master_site); ?>/web/expectedbehavior.php>Expected Behavior</A> ]
[ <A HREF=http:<?php echo($master_site); ?>/web/contactus.php>Contact Us</A> ]
[ <A HREF=http:<?php echo($master_site); ?>/web/credits.php>Credits</A> ]<BR>
<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; <?php echo(date("Y")); ?> Horse Isle</FONT>
<!-- Google Analytics -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

36
WebInterface/game-site/web/header.php
View file

@ -1,11 +1,25 @@
<?php
if(!isset($master_site))
include('config.php');
if(session_status() !== PHP_SESSION_ACTIVE)
session_start();
if(!function_exists('is_logged_in'))
include('common.php');
$info = parse_url($_SERVER['HTTP_HOST']);
$host = $info['host'];
?>
<HEAD>
<TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
<META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
<META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
<link rel="icon" href="/favicon.ico" type="image/x-icon">
<link rel="meta" href="//horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "//horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1) gen true for "//hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
<link rel="meta" href="<?php echo("//".$host); ?>/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "<?php echo("//".$host); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1) gen true for "<?php echo($master_site); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
<style type="text/css">
hr {
height: 1;
@ -90,9 +104,23 @@ color: #440000;
<TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
<B>
<?php if(isset($login_error)){echo($login_error);} ?>
<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B><A HREF=/account.php>PINTO.HORSEISLE.COM</A><BR>Logged in as: SilicaAndPina<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=//hi1.horseisle.com/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=//hi1.horseisle.com/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>
<?php
if(is_logged_in())
{
$username = $_SESSION['USERNAME'];
echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><A HREF=/account.php>'.$_SERVER['HTTP_HOST'].'</A><BR>Logged in as: '.$username.'<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF='.$master_site.'/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF='.$master_site.'/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF='.$master_site.'/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF='.$master_site.'/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF='.$master_site.'/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
}
else
{
echo('<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
<TR><TD><B>USER:</B></TD><TD><INPUT TYPE=TEXT SIZE=14 NAME=USER></TD></TR>
<TR><TD><B>PASS:</B></TD><TD><INPUT TYPE=PASSWORD SIZE=14 NAME=PASS></TD></TR>
<TR><TD></TD><TD><INPUT TYPE=SUBMIT VALUE=LOGIN> (<A HREF='.$master_site.'/web/forgotpass.php>Forgot?</A>)</TD></TR></FORM></TABLE>');
}
?>
</TD>
<TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>

38
WebInterface/labels.rdf Normal file
View file

@ -0,0 +1,38 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:label="http://www.w3.org/2004/12/q/contentlabel#"
xmlns:icra="http://www.icra.org/rdfs/vocabularyv03#">
<rdf:Description rdf:about="">
<dc:creator rdf:resource="http://www.icra.org" />
<dcterms:issued>2010-5-8</dcterms:issued>
<label:authorityFor>http://www.icra.org/rdfs/vocabularyv03#</label:authorityFor>
</rdf:Description>
<label:Ruleset>
<label:hasHostRestrictions>
<label:Hosts>
<label:hostRestriction>horseisle.com</label:hostRestriction>
</label:Hosts>
</label:hasHostRestrictions>
<label:hasDefaultLabel rdf:resource="#label_1" />
</label:Ruleset>
<label:ContentLabel rdf:ID="label_1">
<rdfs:comment>Label for all/most of website</rdfs:comment>
<icra:nz>1</icra:nz>
<icra:sz>1</icra:sz>
<icra:vz>1</icra:vz>
<icra:lz>1</icra:lz>
<icra:oz>1</icra:oz>
<icra:ca>1</icra:ca>
<label:hasModifier><icra:xa /></label:hasModifier>
<label:hasModifier><icra:xb /></label:hasModifier>
<rdfs:label>No nudity; No sexual material; No violence; No potentially offensive language; No potentially harmful activities; User-generated content such as chat rooms and message boards (moderated); This material appears in an artistic context; This material appears in an educational context; </rdfs:label>
</label:ContentLabel>
</rdf:RDF>

2
WebInterface/master-site/account.php
View file

@ -51,7 +51,7 @@ if(isset($_GET['CONNECT']))
{
$playerId = $_SESSION['PLAYER_ID'];
$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin".$_SERVER['REMOTE_ADDR'].date('m/d/Y'));
$hmac = GenHmacMessage((string)$playerId, "CrossSiteLogin");
$redirectUrl = $server['site'];
if(!endsWith($redirectUrl, '/'))

36
WebInterface/master-site/common.php
View file

@ -26,23 +26,37 @@ function is_logged_in()
function user_exists(string $username)
{
include('dbconfig.php');
include('config.php');
$usernameUppercase = strtoupper($username);
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?");
$stmt->bind_param("s", strtoupper($username));
$stmt->bind_param("s", $usernameUppercase);
$stmt->execute();
$result = $stmt->get_result();
$count = intval($result->fetch_row()[0]);
return $count>0;
}
function get_username(string $id)
{
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Username FROM Users WHERE Id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
$result = $stmt->get_result();
$usetname = intval($result->fetch_row()[0]);
return $usetname;
}
function get_userid(string $username)
{
include('dbconfig.php');
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$usernameUppercase = strtoupper($username);
$stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?");
$stmt->bind_param("s", strtoupper($username));
$stmt->bind_param("s", $usernameUppercase);
$stmt->execute();
$result = $stmt->get_result();
$id = intval($result->fetch_row()[0]);
@ -51,7 +65,7 @@ function get_userid(string $username)
function get_sex(int $userid)
{
include('dbconfig.php');
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?");
@ -64,7 +78,7 @@ function get_sex(int $userid)
function get_admin(int $userid)
{
include('dbconfig.php');
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?");
@ -77,7 +91,7 @@ function get_admin(int $userid)
function get_mod(int $userid)
{
include('dbconfig.php');
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?");
@ -90,7 +104,7 @@ function get_mod(int $userid)
function get_password_hash(int $userid)
{
include('dbconfig.php');
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
@ -102,7 +116,7 @@ function get_password_hash(int $userid)
function get_salt(int $userid)
{
include('dbconfig.php');
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?");
$stmt->bind_param("i", $userid);
@ -125,7 +139,7 @@ function check_password(int $userId, string $password)
function populate_db()
{
include('dbconfig.php');
include('config.php');
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");

0
WebInterface/master-site/dbconfig.php → WebInterface/master-site/config.php Executable file → Normal file
View file

19
WebInterface/master-site/crosserver.php
View file

@ -1,8 +1,17 @@
<?php
function GenHmacMessage(string $data, string $channel)
{
if($hmac_secret === "!!NOTSET!!"){
die("Please set HMAC_SECRET !");
exit();
}
return $hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mhdY'));
}
function getNoPlayersOnlineInServer($database)
{
include('dbconfig.php');
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
@ -11,7 +20,7 @@ function getNoPlayersOnlineInServer($database)
function getNoSubbedPlayersOnlineInServer($database)
{
include('dbconfig.php');
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
@ -20,7 +29,7 @@ function getNoSubbedPlayersOnlineInServer($database)
function getNoModPlayersOnlineInServer($database)
{
include('dbconfig.php');
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
@ -41,7 +50,7 @@ function getServerById(string $id)
function userid_exists(string $database, string $userid)
{
include('dbconfig.php');
include('config.php');
$dbname = $database;
$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Id=?");
@ -54,7 +63,7 @@ function userid_exists(string $database, string $userid)
function createAccountOnServer(string $database)
{
include('dbconfig.php');
include('config.php');
$dbname = $database;
$id = intval($_SESSION['PLAYER_ID']);

12
WebInterface/master-site/index.php
View file

@ -1,9 +1,17 @@
<?php
include('common.php');
include('crosserver.php');
include('dbconfig.php');
include('config.php');
populate_db();
// Handle logout
if(isset($_GET["LOGOUT"]))
{
if($_GET["LOGOUT"] == 1)
{
session_destroy();
}
}
$onlineUsers = getNoPlayersOnlineGlobal();
$onlineSubscribers = getNoSubbedPlayersOnlineGlobal();
@ -55,7 +63,7 @@ HREF=/web/parents.php>Parent's Guide</A> <BR>
if($hasIntl)
echo numfmt_format($fmt, $onlineUsers);
else
echo $onlineUser;
echo $onlineUsers;
?></B></FONT> Players Online Now<BR>
<FONT COLOR=550000><B><?php
if($hasIntl)

2
WebInterface/master-site/joinserver.php
View file

@ -1,6 +1,6 @@
<?php
session_start();
include('dbconfig.php');
include('config.php');
include('crosserver.php');
include('common.php');

4
WebInterface/master-site/web/footer.php
View file

@ -5,14 +5,14 @@
<TD><IMG SRC=/web/hoilgui12.gif></TD>
</TR></TABLE>
<CENTER><B>
[ <A HREF=//master.horseisle.com/beginnerguide/>New Player Guide</A> ]<BR>
[ <A HREF=//<?php echo($_SERVER['HTTP_HOST']); ?>/beginnerguide/>New Player Guide</A> ]<BR>
[ <A HREF=/web/rules.php>Rules</A> ]
[ <A HREF=/web/termsandconditions.php>Terms and Conditions</A> ]
[ <A HREF=/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
[ <A HREF=/web/expectedbehavior.php>Expected Behavior</A> ]
[ <A HREF=/web/contactus.php>Contact Us</A> ]
[ <A HREF=/web/credits.php>Credits</A> ]<BR>
<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2021 Horse Isle</FONT>
<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; <?php echo(date("Y")); ?> Horse Isle</FONT>
<!-- Google Analytics -->
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

8
WebInterface/master-site/web/header.php
View file

@ -4,6 +4,10 @@ if(session_status() !== PHP_SESSION_ACTIVE)
if(!function_exists('is_logged_in'))
include('../common.php');
$info = parse_url($_SERVER['HTTP_HOST']);
$host = $info['host'];
?>
<HEAD>
<TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
@ -11,8 +15,8 @@ if(!function_exists('is_logged_in'))
<META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
<link rel="icon" href="/favicon.ico" type="image/x-icon">
<link rel="meta" href="http://horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
<meta http-equiv="pics-Label" content='(pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l gen true for "http://horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1) gen true for "http://hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
<link rel="meta" href="http://<?php echo($host); ?>/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
<meta http-equiv="pics-Label" content='(pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l gen true for "http://<?php echo($host); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1) gen true for "http://<?php echo($_SERVER['HTTP_HOST']); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
<style type="text/css">
hr {
height: 1;

2
WebInterface/master-site/web/newuser.php
View file

@ -1,5 +1,5 @@
<?php
include('../dbconfig.php');
include('../config.php');
include('../common.php');
include("header.php");
$atype = 2;