Update web

2025-07-22 23:02:49 +12:00 · 2021-06-27 13:18:43 +12:00 · 2021-06-27 13:18:43 +12:00 · 6e32fc9aca
commit 6e32fc9aca
parent 852b5f33ec
18 changed files with 480 additions and 158 deletions
--- a/WebInterface/game-site/web/common.php
+++ b/WebInterface/game-site/web/common.php
@ -12,4 +12,151 @@ function hash_salt(string $input, string $salt)
 	
 	return hash('sha512',$xor_hash,false);
 }
+
+function is_logged_in()
+{
+	if(session_status() !== PHP_SESSION_ACTIVE)
+		return false;
+	
+	if(isset($_SESSION["LOGGED_IN"]))
+		if($_SESSION["LOGGED_IN"] === "YES")
+			return true;
+	return false;
+}
+
+function user_exists(string $username)
+{
+	include('config.php');
+	$usernameUppercase = strtoupper($username);
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", $usernameUppercase);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function get_username(string $id)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT Username FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$usetname = intval($result->fetch_row()[0]);
+	return $usetname;
+}
+
+
+function get_userid(string $username)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$usernameUppercase = strtoupper($username);
+	$stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", $usernameUppercase);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$id = intval($result->fetch_row()[0]);
+	return $id;
+}
+
+function get_sex(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_admin(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_mod(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_password_hash(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+	
+}
+
+function get_salt(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");	
+	$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+}
+
+function check_password(int $userId, string $password)
+{
+	$passhash = get_password_hash($userId);
+	$passsalt = hex2bin(get_salt($userId));
+	$acturalhash = hash_salt($password, $passsalt);
+	
+	if($acturalhash === $passhash)
+		return true;
+	else
+		return false;
+}
+
+function populate_db()
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");
+
+}
+
+function startsWith( $haystack, $needle ) {
+     $length = strlen( $needle );
+     return substr( $haystack, 0, $length ) === $needle;
+}
+
+function endsWith( $haystack, $needle ) {
+    $length = strlen( $needle );
+    if( !$length ) {
+        return true;
+    }
+    return substr( $haystack, -$length ) === $needle;
+}
+
+
 ?>
--- a/WebInterface/game-site/web/config.php
+++ b/WebInterface/game-site/web/config.php
@ -0,0 +1,3 @@
+<?php
+include("../config.php");
+?>
--- a/WebInterface/game-site/web/crosserver.php
+++ b/WebInterface/game-site/web/crosserver.php
@ -0,0 +1,121 @@
+<?php
+
+function GenHmacMessage(string $data, string $channel)
+{
+	include('config.php');
+	if($hmac_secret === "!!NOTSET!!"){
+		echo("<script>alert('Please set HMAC_SECRET !')</script>");
+		echo("<h1>Set \$hmac_secret in config.php!</h1>");
+		exit();
+	}
+	return $hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mhdY'));
+}
+
+function  getNoPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
+	return $onlineUsers->fetch_row()[0];
+}
+
+function  getNoSubbedPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
+	return $onlineSubscribers->fetch_row()[0];
+}
+
+function  getNoModPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
+	return $onlineModerators->fetch_row()[0];
+}
+
+function getServerById(string $id)
+{
+	include('servers.php');
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		if($server_list[$i]['id'] == $id)
+			return $server_list[$i];
+	}
+	return null;
+}
+
+
+function userid_exists(string $database, string $userid)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Id=?");
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function createAccountOnServer(string $database)
+{
+	include('config.php');
+	$dbname = $database;
+
+	$id = intval($_SESSION['PLAYER_ID']);
+	$username = $_SESSION['USERNAME'];
+	$sex = $_SESSION['SEX'];
+	$admin = $_SESSION['ADMIN'];
+	$mod = $_SESSION['MOD'];
+	$passhash = $_SESSION['PASSWORD_HASH'];
+	$salt = $_SESSION['SALT'];
+
+
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); 
+	$stmt->bind_param("issssss", $id, $username, $passhash, $salt, $sex, $admin, $mod);
+	$stmt->execute();
+}
+
+# Global Functions
+function getNoPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function getNoSubbedPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoSubbedPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function getNoModPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoModPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+
+?>
--- a/WebInterface/game-site/web/footer.php
+++ b/WebInterface/game-site/web/footer.php
@ -1,3 +1,7 @@
+<?php
+	if(!isset($master_site))
+		include("config.php");
+?>
 <TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
 <TR>
 <TD><IMG SRC=/web/hoilgui10.gif></TD>
@ -5,13 +9,13 @@
 <TD><IMG SRC=/web/hoilgui12.gif></TD>
 </TR></TABLE>
 <CENTER><B>
-[ <A HREF=http://hi1.horseisle.com/web/rules.php>Rules</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/termsandconditions.php>Terms and Conditions</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
-[ <A HREF=http://hi1.horseisle.com/web/expectedbehavior.php>Expected Behavior</A> ]
-[ <A HREF=http://hi1.horseisle.com/web/contactus.php>Contact Us</A> ] 
-[ <A HREF=http://hi1.horseisle.com/web/credits.php>Credits</A> ]<BR>
-<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2020 Horse Isle</FONT>
+[ <A HREF=http:<?php echo($master_site); ?>/web/rules.php>Rules</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/termsandconditions.php>Terms and Conditions</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
+[ <A HREF=http:<?php echo($master_site); ?>/web/expectedbehavior.php>Expected Behavior</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/contactus.php>Contact Us</A> ] 
+[ <A HREF=http:<?php echo($master_site); ?>/web/credits.php>Credits</A> ]<BR>
+<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; <?php echo(date("Y")); ?> Horse Isle</FONT>

 <!-- Google Analytics -->
 <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
--- a/WebInterface/game-site/web/header.php
+++ b/WebInterface/game-site/web/header.php
@ -1,11 +1,25 @@
+<?php
+if(!isset($master_site))
+	include('config.php');
+
+if(session_status() !== PHP_SESSION_ACTIVE)
+	session_start();
+
+if(!function_exists('is_logged_in'))
+	include('common.php');
+
+$info = parse_url($_SERVER['HTTP_HOST']);
+$host = $info['host'];
+
+?>
 <HEAD>
 <TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
 <META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
 <META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
 <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
 <link rel="icon" href="/favicon.ico" type="image/x-icon">
-<link rel="meta" href="//horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
-<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "//horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "//hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
+<link rel="meta" href="<?php echo("//".$host); ?>/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
+<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "<?php echo("//".$host); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "<?php echo($master_site); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
 <style type="text/css">
 hr {
 height: 1;
@ -90,9 +104,23 @@ color: #440000;
 <TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
 <B>

+<?php if(isset($login_error)){echo($login_error);} ?>

-
-<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B><A HREF=/account.php>PINTO.HORSEISLE.COM</A><BR>Logged in as: SilicaAndPina<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=//hi1.horseisle.com/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=//hi1.horseisle.com/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=//hi1.horseisle.com/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>
+<?php
+	if(is_logged_in())
+	{
+		$username = $_SESSION['USERNAME'];		
+		echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><A HREF=/account.php>'.$_SERVER['HTTP_HOST'].'</A><BR>Logged in as: '.$username.'<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF='.$master_site.'/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF='.$master_site.'/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF='.$master_site.'/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF='.$master_site.'/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF='.$master_site.'/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
+	}
+	else
+	{
+		echo('<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
+<TR><TD><B>USER:</B></TD><TD><INPUT TYPE=TEXT SIZE=14 NAME=USER></TD></TR>
+<TR><TD><B>PASS:</B></TD><TD><INPUT TYPE=PASSWORD SIZE=14 NAME=PASS></TD></TR>
+<TR><TD></TD><TD><INPUT TYPE=SUBMIT VALUE=LOGIN> (<A HREF='.$master_site.'/web/forgotpass.php>Forgot?</A>)</TD></TR></FORM></TABLE>');
+	}
+	
+?>

 </TD>
 <TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>