Update web

WebInterface/master-site/account.php

@@ -51,7 +51,7 @@ if(isset($_GET['CONNECT']))
 	{
 		$playerId = $_SESSION['PLAYER_ID'];
 		
-		$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin".$_SERVER['REMOTE_ADDR'].date('m/d/Y'));
+		$hmac = GenHmacMessage((string)$playerId, "CrossSiteLogin");
 		$redirectUrl = $server['site'];
 		
 		if(!endsWith($redirectUrl, '/'))

WebInterface/master-site/common.php

@@ -26,23 +26,37 @@ function is_logged_in()
 
 function user_exists(string $username)
 {
-	include('dbconfig.php');
+	include('config.php');
+	$usernameUppercase = strtoupper($username);
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?"); 
-	$stmt->bind_param("s", strtoupper($username));
+	$stmt->bind_param("s", $usernameUppercase);
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$count = intval($result->fetch_row()[0]);
 	return $count>0;
 }
 
+function get_username(string $id)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT Username FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$usetname = intval($result->fetch_row()[0]);
+	return $usetname;
+}
+
+
 function get_userid(string $username)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
-	
+	$usernameUppercase = strtoupper($username);
 	$stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?"); 
-	$stmt->bind_param("s", strtoupper($username));
+	$stmt->bind_param("s", $usernameUppercase);
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$id = intval($result->fetch_row()[0]);
@@ -51,7 +65,7 @@ function get_userid(string $username)
 
 function get_sex(int $userid)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	
 	$stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?"); 
@@ -64,7 +78,7 @@ function get_sex(int $userid)
 
 function get_admin(int $userid)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	
 	$stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?"); 
@@ -77,7 +91,7 @@ function get_admin(int $userid)
 
 function get_mod(int $userid)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	
 	$stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?"); 
@@ -90,7 +104,7 @@ function get_mod(int $userid)
 
 function get_password_hash(int $userid)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); 
 	$stmt->bind_param("i", $userid);
@@ -102,7 +116,7 @@ function get_password_hash(int $userid)
 
 function get_salt(int $userid)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");	
 	$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); 
 	$stmt->bind_param("i", $userid);
@@ -125,7 +139,7 @@ function check_password(int $userId, string $password)
 
 function populate_db()
 {
-	include('dbconfig.php');
+	include('config.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");
 

WebInterface/master-site/crosserver.php

@@ -1,8 +1,17 @@
 <?php
 
+function GenHmacMessage(string $data, string $channel)
+{
+	if($hmac_secret === "!!NOTSET!!"){
+		die("Please set HMAC_SECRET !");
+		exit();
+	}
+	return $hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mhdY'));
+}
+
 function  getNoPlayersOnlineInServer($database)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$dbname = $database;
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
@@ -11,7 +20,7 @@ function  getNoPlayersOnlineInServer($database)
 
 function  getNoSubbedPlayersOnlineInServer($database)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$dbname = $database;
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
@@ -20,7 +29,7 @@ function  getNoSubbedPlayersOnlineInServer($database)
 
 function  getNoModPlayersOnlineInServer($database)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$dbname = $database;
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
@@ -41,7 +50,7 @@ function getServerById(string $id)
 
 function userid_exists(string $database, string $userid)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$dbname = $database;
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Id=?");
@@ -54,7 +63,7 @@ function userid_exists(string $database, string $userid)
 
 function createAccountOnServer(string $database)
 {
-	include('dbconfig.php');
+	include('config.php');
 	$dbname = $database;
 
 	$id = intval($_SESSION['PLAYER_ID']);

WebInterface/master-site/index.php

@@ -1,9 +1,17 @@
 <?php
 include('common.php');
 include('crosserver.php');
-include('dbconfig.php');
+include('config.php');
 populate_db();
 
+// Handle logout
+if(isset($_GET["LOGOUT"]))
+{
+	if($_GET["LOGOUT"] == 1)
+	{
+		session_destroy();
+	}
+}
 
 $onlineUsers = getNoPlayersOnlineGlobal();
 $onlineSubscribers = getNoSubbedPlayersOnlineGlobal();
@@ -55,7 +63,7 @@ HREF=/web/parents.php>Parent's Guide</A> <BR>
 if($hasIntl)
 echo numfmt_format($fmt, $onlineUsers);
 else
-echo $onlineUser;
+echo $onlineUsers;
 ?></B></FONT> Players Online Now<BR>
 <FONT COLOR=550000><B><?php 
 if($hasIntl)					

WebInterface/master-site/joinserver.php

@@ -1,6 +1,6 @@
 <?php
 session_start();
-include('dbconfig.php');
+include('config.php');
 include('crosserver.php');
 include('common.php');
 

WebInterface/master-site/web/footer.php

@@ -5,14 +5,14 @@
 <TD><IMG SRC=/web/hoilgui12.gif></TD>
 </TR></TABLE>
 <CENTER><B>
-[ <A HREF=//master.horseisle.com/beginnerguide/>New Player Guide</A> ]<BR>
+[ <A HREF=//<?php echo($_SERVER['HTTP_HOST']); ?>/beginnerguide/>New Player Guide</A> ]<BR>
 [ <A HREF=/web/rules.php>Rules</A> ]
 [ <A HREF=/web/termsandconditions.php>Terms and Conditions</A> ]
 [ <A HREF=/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
 [ <A HREF=/web/expectedbehavior.php>Expected Behavior</A> ]
 [ <A HREF=/web/contactus.php>Contact Us</A> ] 
 [ <A HREF=/web/credits.php>Credits</A> ]<BR>
-<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2021 Horse Isle</FONT>
+<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; <?php echo(date("Y")); ?> Horse Isle</FONT>
 
 <!-- Google Analytics -->
 <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">

WebInterface/master-site/web/header.php

@@ -4,6 +4,10 @@ if(session_status() !== PHP_SESSION_ACTIVE)
 
 if(!function_exists('is_logged_in'))
 	include('../common.php');
+
+$info = parse_url($_SERVER['HTTP_HOST']);
+$host = $info['host'];
+
 ?>
 <HEAD>
 <TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
@@ -11,8 +15,8 @@ if(!function_exists('is_logged_in'))
 <META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
 <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
 <link rel="icon" href="/favicon.ico" type="image/x-icon">
-<link rel="meta" href="http://horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
-<meta http-equiv="pics-Label" content='(pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l gen true for "http://horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "http://hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
+<link rel="meta" href="http://<?php echo($host); ?>/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
+<meta http-equiv="pics-Label" content='(pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l gen true for "http://<?php echo($host); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "http://<?php echo($_SERVER['HTTP_HOST']); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
 <style type="text/css">
 hr {
 height: 1;

WebInterface/master-site/web/newuser.php

@@ -1,5 +1,5 @@
 <?php
-include('../dbconfig.php');
+include('../config.php');
 include('../common.php');
 include("header.php");
 $atype = 2;