Update web

2025-06-03 20:37:07 +12:00 · 2021-06-27 13:18:43 +12:00 · 2021-06-27 13:18:43 +12:00 · 6e32fc9aca
commit 6e32fc9aca
parent 852b5f33ec
18 changed files with 480 additions and 158 deletions
--- a/WebInterface/game-site/account.php
+++ b/WebInterface/game-site/account.php
@ -1,106 +1,73 @@
-<HEAD>
-<TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
-<META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
-<META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
-<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
-<link rel="icon" href="/favicon.ico" type="image/x-icon">
-<link rel="meta" href="//horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
-<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "//horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "//hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
-<style type="text/css">
-hr {
-height: 1;
-color: #000000;
-background-color: #000000;
-border: 0;
-}
-a {
-font: bold 14px arial;
-color: #6E3278;
-}
-TH {
-background-color: #EDE5B4;
-padding: 1px 6px;
-border: 2px dotted #6E3278;
-font: small-caps 900 14px arial;
-color: #000000;
-}
-TR.a0 {
-background-color: #EDE5B4;
-}
-TR.a1 {
-background-color: #D4CCA1;
-}
-TD {
-font: 14px arial;
-color: #000000;
-}
-TD.forum {
-font: 12px arial;
-color: #000000;
-}
-TD.forumlist {
-padding: 1px 6px;
-border: 2px dotted #6E3278;
-background-color: #EDE5B4;
-text-align: center;
-font: bold 14px arial;
-color: #000000;
-}
-TD.forumpost {
-padding: 5px 10px;
-border: 2px dotted #6E3278;
-background-color: #EDE5B4;
-text-align: left;
-}
-TD.newslist {
-padding: 4px 4px;
-border: 2px dotted #6E3278;
-background-color: #FFDDEE;
-text-align: left;
-font: 14px arial;
-color: #000000;
-}
-FORUMSUBJECT {
-font: bold 14px arial;
-color: #004400;
-}
-FORUMUSER {
-font: 12px arial;
-color: #000044;
-}
-FORUMDATE {
-font: 12px arial;
-color: #444444;
-}
-FORUMTEXT {
-font: 14px arial;
-color: #440000;
+<?php
+include("web/common.php");
+include("web/crosserver.php");
+include("config.php");
+
+if(isset($_POST["USER"], $_POST["PASS"]))
+{
+	$username = $_POST["USER"];
+	$password = $_POST["PASS"];
+	if(!user_exists($username))
+		goto auth_failed;
+	$id = get_userid($username);
+	if(check_password($id, $password))
+	{
+		$_SESSION['LOGGED_IN'] = "YES";
+		$_SESSION['PLAYER_ID'] = $id;
+		$_SESSION['USERNAME'] = $username;
+		$_SESSION['SEX'] = get_sex($id);
+		$_SESSION['ADMIN'] = get_admin($id);
+		$_SESSION['MOD'] = get_mod($id);
+		$_SESSION['PASSWORD_HASH'] = get_password_hash($id);
+		$_SESSION['SALT'] = get_salt($id);
+	}
+	else
+	{ 
+auth_failed:
+		include("web/header.php");
+		echo('<TABLE CELLPADDING=10 WIDTH=100%><TR><TD><HR><B>Username or Password is not valid. Please try again. <BR>Note: Upon too many attempts the account will be temporarily blocked from your IP.</B><BR><BR>If you have not logged on yet,  make sure you have clicked the activation link in the email that was sent to you.<BR><BR>click <A HREF=/web/forgotpass.php>HERE</A> to Have your password emailed to you.<HR></TD></TR></TABLE>');
+		include('web/footer.php');
+		exit();
+	}
 }

-</style>
-</HEAD>
-<BODY BGCOLOR=E0D8AA>
-<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
-<TR WIDTH=100%>
-<TD WIDTH=512 ROWSPAN=3><A HREF=/><IMG SRC=/web/hoilgui1.gif ALT="Welcome to Horse Isle" BORDER=0></A></TD>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui2.gif>&nbsp;</TD>
-<TD WIDTH=29><IMG SRC=/web/hoilgui3.gif></TD>
-</TR>
-<TR>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
-<B>

+if(isset($_GET["SLID"], $_GET["C"]))
+{
+	$id = $_GET['SLID'];
+	$code = $_GET['C'];
+	
+	$hmac = GenHmacMessage((string)$playerId, "CrossSiteLogin");
+	$hmacSent = base64_decode(bin2hex($hmac));
+	if(hash_equals($hmacSent,$hmac))
+	{
+		$_SESSION['LOGGED_IN'] = "YES";
+		$_SESSION['PLAYER_ID'] = $id;
+		$_SESSION['USERNAME'] = get_username($id);
+		$_SESSION['SEX'] = get_sex($id);
+		$_SESSION['ADMIN'] = get_admin($id);
+		$_SESSION['MOD'] = get_mod($id);
+		$_SESSION['PASSWORD_HASH'] = get_password_hash($id);
+		$_SESSION['SALT'] = get_salt($id);
+	}
+	else
+	{
+		$login_error = "Error in Automatic Login Authentication!";
+	}
+}

+if(!is_logged_in())
+{
+	include("web/header.php");
+	echo("
+	<B>Username or Password is not valid or your account has timed out. Please Log in again.</B><BR><BR></TD></TR></TABLE>");
+	$_SESSION['LOGGED_IN'] = "NO";
+	include("web/footer.php");
+	exit();
+}

-<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B><A HREF=/account.php>PINTO.HORSEISLE.COM</A><BR>Logged in as: SilicaAndPina<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=//hi1.horseisle.com/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=//hi1.horseisle.com/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>
-
-</TD>
-<TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>
-<TR>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui6.gif>&nbsp;</TD>
-<TD WIDTH=29><IMG SRC=/web/hoilgui7.gif></TD></TR>
-</TABLE>
-<CENTER>
+include("web/header.php");
+?>



@ -363,26 +330,5 @@ Select: <SELECT NAME=quantity>

 <HR>

-</TD><TD VALIGN=top><DIV ID="PLAYERS"><BR></DIV></TD></TR></TABLE><TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
-<TR>
-<TD><IMG SRC=/web/hoilgui10.gif></TD>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui11.gif></TD>
-<TD><IMG SRC=/web/hoilgui12.gif></TD>
-</TR></TABLE>
-<CENTER><B>
-[ <A HREF=http://hi1.horseisle.com/web/rules.php>Rules</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/termsandconditions.php>Terms and Conditions</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
-[ <A HREF=http://hi1.horseisle.com/web/expectedbehavior.php>Expected Behavior</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/contactus.php>Contact Us</A> ] 
-[ <A HREF=http://hi1.horseisle.com/web/credits.php>Credits</A> ]<BR>
-<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2020 Horse Isle</FONT>
-
-<!-- Google Analytics -->
-<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
-</script>
-<script type="text/javascript">
-_uacct = "UA-1805076-1";
-urchinTracker();
-</script>
+</TD><TD VALIGN=top><DIV ID="PLAYERS"><BR></DIV></TD></TR></TABLE><?php include("web/footer.php"); ?>

--- a/WebInterface/game-site/config.php
+++ b/WebInterface/game-site/config.php
@ -13,7 +13,7 @@ $dbhost = '127.0.0.1';
 # NOTE: if someone knows this secret they can login to ANYONES account
 # Ideally, this would be a random string of numbers, letters and symbols like 20 characters long T-T
 $hmac_secret = "!!NOTSET!!";
-$master_site = "http://server.islehorse.com";
+$master_site = "//server.islehorse.com";
 # Password for /web/admin
 $admin_portal_password = "!!NOTSET!!";
 ?>
--- a/WebInterface/game-site/web/common.php
+++ b/WebInterface/game-site/web/common.php
@ -12,4 +12,151 @@ function hash_salt(string $input, string $salt)
 	
 	return hash('sha512',$xor_hash,false);
 }
+
+function is_logged_in()
+{
+	if(session_status() !== PHP_SESSION_ACTIVE)
+		return false;
+	
+	if(isset($_SESSION["LOGGED_IN"]))
+		if($_SESSION["LOGGED_IN"] === "YES")
+			return true;
+	return false;
+}
+
+function user_exists(string $username)
+{
+	include('config.php');
+	$usernameUppercase = strtoupper($username);
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", $usernameUppercase);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function get_username(string $id)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT Username FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$usetname = intval($result->fetch_row()[0]);
+	return $usetname;
+}
+
+
+function get_userid(string $username)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$usernameUppercase = strtoupper($username);
+	$stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", $usernameUppercase);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$id = intval($result->fetch_row()[0]);
+	return $id;
+}
+
+function get_sex(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_admin(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_mod(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_password_hash(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+	
+}
+
+function get_salt(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");	
+	$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+}
+
+function check_password(int $userId, string $password)
+{
+	$passhash = get_password_hash($userId);
+	$passsalt = hex2bin(get_salt($userId));
+	$acturalhash = hash_salt($password, $passsalt);
+	
+	if($acturalhash === $passhash)
+		return true;
+	else
+		return false;
+}
+
+function populate_db()
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");
+
+}
+
+function startsWith( $haystack, $needle ) {
+     $length = strlen( $needle );
+     return substr( $haystack, 0, $length ) === $needle;
+}
+
+function endsWith( $haystack, $needle ) {
+    $length = strlen( $needle );
+    if( !$length ) {
+        return true;
+    }
+    return substr( $haystack, -$length ) === $needle;
+}
+
+
 ?>
--- a/WebInterface/game-site/web/config.php
+++ b/WebInterface/game-site/web/config.php
@ -0,0 +1,3 @@
+<?php
+include("../config.php");
+?>
--- a/WebInterface/game-site/web/crosserver.php
+++ b/WebInterface/game-site/web/crosserver.php
@ -0,0 +1,121 @@
+<?php
+
+function GenHmacMessage(string $data, string $channel)
+{
+	include('config.php');
+	if($hmac_secret === "!!NOTSET!!"){
+		echo("<script>alert('Please set HMAC_SECRET !')</script>");
+		echo("<h1>Set \$hmac_secret in config.php!</h1>");
+		exit();
+	}
+	return $hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mhdY'));
+}
+
+function  getNoPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
+	return $onlineUsers->fetch_row()[0];
+}
+
+function  getNoSubbedPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
+	return $onlineSubscribers->fetch_row()[0];
+}
+
+function  getNoModPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
+	return $onlineModerators->fetch_row()[0];
+}
+
+function getServerById(string $id)
+{
+	include('servers.php');
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		if($server_list[$i]['id'] == $id)
+			return $server_list[$i];
+	}
+	return null;
+}
+
+
+function userid_exists(string $database, string $userid)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Id=?");
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function createAccountOnServer(string $database)
+{
+	include('config.php');
+	$dbname = $database;
+
+	$id = intval($_SESSION['PLAYER_ID']);
+	$username = $_SESSION['USERNAME'];
+	$sex = $_SESSION['SEX'];
+	$admin = $_SESSION['ADMIN'];
+	$mod = $_SESSION['MOD'];
+	$passhash = $_SESSION['PASSWORD_HASH'];
+	$salt = $_SESSION['SALT'];
+
+
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); 
+	$stmt->bind_param("issssss", $id, $username, $passhash, $salt, $sex, $admin, $mod);
+	$stmt->execute();
+}
+
+# Global Functions
+function getNoPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function getNoSubbedPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoSubbedPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function getNoModPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoModPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+
+?>
--- a/WebInterface/game-site/web/footer.php
+++ b/WebInterface/game-site/web/footer.php
@ -1,3 +1,7 @@
+<?php
+	if(!isset($master_site))
+		include("config.php");
+?>
 <TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
 <TR>
 <TD><IMG SRC=/web/hoilgui10.gif></TD>
@ -5,13 +9,13 @@
 <TD><IMG SRC=/web/hoilgui12.gif></TD>
 </TR></TABLE>
 <CENTER><B>
-[ <A HREF=http://hi1.horseisle.com/web/rules.php>Rules</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/termsandconditions.php>Terms and Conditions</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
-[ <A HREF=http://hi1.horseisle.com/web/expectedbehavior.php>Expected Behavior</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/contactus.php>Contact Us</A> ] 
-[ <A HREF=http://hi1.horseisle.com/web/credits.php>Credits</A> ]<BR>
-<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2020 Horse Isle</FONT>
+[ <A HREF=http:<?php echo($master_site); ?>/web/rules.php>Rules</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/termsandconditions.php>Terms and Conditions</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
+[ <A HREF=http:<?php echo($master_site); ?>/web/expectedbehavior.php>Expected Behavior</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/contactus.php>Contact Us</A> ] 
+[ <A HREF=http:<?php echo($master_site); ?>/web/credits.php>Credits</A> ]<BR>
+<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; <?php echo(date("Y")); ?> Horse Isle</FONT>

 <!-- Google Analytics -->
 <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
--- a/WebInterface/game-site/web/header.php
+++ b/WebInterface/game-site/web/header.php
@ -1,11 +1,25 @@
+<?php
+if(!isset($master_site))
+	include('config.php');
+
+if(session_status() !== PHP_SESSION_ACTIVE)
+	session_start();
+
+if(!function_exists('is_logged_in'))
+	include('common.php');
+
+$info = parse_url($_SERVER['HTTP_HOST']);
+$host = $info['host'];
+
+?>
 <HEAD>
 <TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
 <META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
 <META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
 <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
 <link rel="icon" href="/favicon.ico" type="image/x-icon">
-<link rel="meta" href="//horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
-<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "//horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "//hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
+<link rel="meta" href="<?php echo("//".$host); ?>/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
+<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "<?php echo("//".$host); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "<?php echo($master_site); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
 <style type="text/css">
 hr {
 height: 1;
@ -90,9 +104,23 @@ color: #440000;
 <TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
 <B>

+<?php if(isset($login_error)){echo($login_error);} ?>

-
-<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B><A HREF=/account.php>PINTO.HORSEISLE.COM</A><BR>Logged in as: SilicaAndPina<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=//hi1.horseisle.com/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=//hi1.horseisle.com/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>
+<?php
+	if(is_logged_in())
+	{
+		$username = $_SESSION['USERNAME'];		
+		echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><A HREF=/account.php>'.$_SERVER['HTTP_HOST'].'</A><BR>Logged in as: '.$username.'<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF='.$master_site.'/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF='.$master_site.'/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF='.$master_site.'/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF='.$master_site.'/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF='.$master_site.'/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
+	}
+	else
+	{
+		echo('<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
+<TR><TD><B>USER:</B></TD><TD><INPUT TYPE=TEXT SIZE=14 NAME=USER></TD></TR>
+<TR><TD><B>PASS:</B></TD><TD><INPUT TYPE=PASSWORD SIZE=14 NAME=PASS></TD></TR>
+<TR><TD></TD><TD><INPUT TYPE=SUBMIT VALUE=LOGIN> (<A HREF='.$master_site.'/web/forgotpass.php>Forgot?</A>)</TD></TR></FORM></TABLE>');
+	}
+	
+?>

 </TD>
 <TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>