More web stuff

2025-04-07 13:45:42 +12:00 · 2021-05-19 12:17:16 +12:00 · 2021-05-19 12:17:16 +12:00 · b2ce6be543
commit b2ce6be543
parent c12399dc0e
12 changed files with 323 additions and 118 deletions
--- a/WebInterface/game-site/config.php
+++ b/WebInterface/game-site/config.php
@ -11,7 +11,7 @@ $dbhost = '127.0.0.1';
 # Should be set to the same value on all game sites and the master site.
 # NOTE: if someone knows this secret they can create accounts with ADMIN privledges!
 $hmac_secret = "!!NOTSET!!"; 
-
+$master_site = "http://server.islehorse.com";
 # Password for /web/admin
 $admin_portal_password = "!!NOTSET!!";
 ?>
--- a/WebInterface/game-site/setupaccount.php
+++ b/WebInterface/game-site/setupaccount.php
@ -1,40 +0,0 @@
-<?php
-include('config.php');
-
-if($hmac_secret === "!!NOTSET!!") # Defaults bad.
-{
-	header("HTTP/1.1 403 Forbidden");
-	echo("Please set HMAC_SECRET in CONFIG.PHP! for security reasons joining the server is refused.<br>Change it from the default and then try again!");
-	exit();
-}
-
-if(isset($_POST["ID"], $_POST["USERNAME"], $_POST["USERNAME"], $_POST["PASSHASH"], $_POST["PASSSALT"], $_POST["SEX"], $_POST["MODERATOR"], $_POST["ADMIN"], $_POST["CODE"]))
-{
-	$id = $_POST["ID"];
-	$username = $_POST["USERNAME"];
-	$passhash = $_POST["PASSHASH"];
-	$passsalt = $_POST["PASSSALT"];
-	$sex = $_POST["SEX"];
-	$moderator = $_POST["MODERATOR"];
-	$admin = $_POST["ADMIN"];
-	$code = $_POST["CODE"];
-	
-	#Verify Input
-	$hmac = hash_hmac('sha256', (string)$id.$username.$passhash.$passsalt.$sex.$moderator.$admin, $hmac_secret."HOIL4321"));
-	
-	if (hash_equals($code, $hmac)) 
-	{
-		# Create Account.
-		$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); 
-		$stmt->bind_param("issssss", $id, $username, $passhash, $passsalt, $sex, $admin, $moderator);
-		$stmt->execute();
-		echo("OK");
-	}
-	else
-	{
-		header("HTTP/1.1 403 Forbidden");
-		echo("Invalid HMAC! Please ensure that all game-site's have the same HMAC as the master-site!
-	}
-}	
-
-?>
--- a/WebInterface/game-site/web/admin/administrate.php
+++ b/WebInterface/game-site/web/admin/administrate.php
@ -9,9 +9,9 @@ include("../header.php");
 <CENTER>
 <FONT FACE=Verdana,arial SIZE=-1>
 <?php
-	if($_SESSION["logged_in"] == false) 
+	if($_SESSION["A_LOGGED_IN"] !== "YES") 
 	{
-		header("Location: /admin"); # Fuck off.
+		header("Location: /web/admin"); # Fuck off.
 		exit();
 	}
 	
@ -69,7 +69,7 @@ include("../header.php");
 				$stmt->execute();
 			}
 			echo("<BR><B>Permissions updated successfully.</B></BR>");
-			echo("<A HREF=administrate.php>Go back</A>");
+			echo("<A HREF=/web/admin/administrate.php>Go back</A>");
 			include("../footer.php");
 			exit();
 		}
@ -77,7 +77,7 @@ include("../header.php");
 ?>
 <BR><B>HISP - Admin Portal</B><BR>
 <BR>Player Operations</BR>
-<BR> <FORM METHOD=POST ACTION=/admin/administrate.php>
+<BR> <FORM METHOD=POST ACTION=/web/admin/administrate.php>
 	Username:
 	<INPUT TYPE=HIDDEN NAME=TYPE VALUE=CHANGEPERMS>
 	<INPUT TYPE=TEXT SIZE=30 NAME=USERNAME></INPUT><BR>
@ -93,7 +93,7 @@ include("../header.php");
 	</FORM>
 </BR>
 <BR>
-		<A HREF=/ADMIN>Logout from admin portal</A><BR>
+		<A HREF=/web/admin>Logout from admin portal</A><BR>
 </BR>


--- a/WebInterface/game-site/web/admin/index.php
+++ b/WebInterface/game-site/web/admin/index.php
@ -2,7 +2,7 @@
 include("../../config.php");

 session_start(['cookie_lifetime' => 86400]);
-$_SESSION["logged_in"] = false;
+$_SESSION["A_LOGGED_IN"] = "NO";
 include("../header.php");
 ?>

@ -11,7 +11,7 @@ include("../header.php");
 <FONT FACE=Verdana,arial SIZE=-1>
 <BR><B>HISP - Super Admin Login</B><BR>
 <BR> This page requires a password, please enter it below:</BR>
-<BR> <FORM METHOD=POST ACTION=/admin/login.php>
+<BR> <FORM METHOD=POST ACTION=/web/admin/login.php>
 	<INPUT TYPE=PASSWORD SIZE=30 NAME=PASS></INPUT>
 	<INPUT TYPE=SUBMIT VALUE=LOGIN>
 	</FORM>
--- a/WebInterface/game-site/web/admin/login.php
+++ b/WebInterface/game-site/web/admin/login.php
@ -20,19 +20,19 @@ include("../header.php");
 				exit;
 			}

-			$_SESSION["logged_in"] = true;
-			header("Location: administrate.php");
+			$_SESSION["A_LOGGED_IN"] = "YES";
+			header("Location: /web/admin/administrate.php");
 		}
 		else
 		{
 			echo("<BR> The password you entered was NOT correct. </BR>");
-			echo("<A HREF=\"/admin\">Try Again...</A>");
+			echo("<A HREF=\"/web/admin\">Try Again...</A>");
 		}
 	}
 	else
 	{
 		echo("<BR> You didnt enter a password. </BR>");
-		echo("<A HREF=\"/admin\">Try Again...</A>");
+		echo("<A HREF=\"/web/admin\">Try Again...</A>");
 	}
 ?>

--- a/WebInterface/master-site/account.php
+++ b/WebInterface/master-site/account.php
@ -1,7 +1,9 @@
 <?php
+session_start();
 include("servers.php");
 include("common.php");
-session_start();
+include("crosserver.php");
+

 if(isset($_POST["USER"], $_POST["PASS"]))
 {
@ -15,6 +17,11 @@ if(isset($_POST["USER"], $_POST["PASS"]))
 		$_SESSION['LOGGED_IN'] = "YES";
 		$_SESSION['PLAYER_ID'] = $id;
 		$_SESSION['USERNAME'] = $username;
+		$_SESSION['SEX'] = get_sex($id);
+		$_SESSION['ADMIN'] = get_admin($id);
+		$_SESSION['MOD'] = get_mod($id);
+		$_SESSION['PASSWORD_HASH'] = get_password_hash($id);
+		$_SESSION['SALT'] = get_salt($id);
 	}
 	else
 	{ 
@ -26,44 +33,59 @@ auth_failed:
 	}
 }

-if(isset($_SESSION["LOGGED_IN"]))
+if(!is_logged_in())
 {
-	if($_SESSION["LOGGED_IN"] !== "YES")
-	{
-		goto error;
-	}
-	else
-	{
-		goto pass;
-	}
-	
-	error: 
-		include("web/header.php");
-		echo("
-<B>Username or Password is not valid or your account has timed out. Please Log in again.</B><BR><BR></TD></TR></TABLE>");
-		$_SESSION['LOGGED_IN'] = "NO";
-		include("web/footer.php");
-		exit();
-	pass:
+	include("web/header.php");
+	echo("
+	<B>Username or Password is not valid or your account has timed out. Please Log in again.</B><BR><BR></TD></TR></TABLE>");
+	$_SESSION['LOGGED_IN'] = "NO";
+	include("web/footer.php");
+	exit();
 }
-else
+
+if(isset($_GET['CONNECT']))
 {
-	goto error;
+	$server = getServerById($_GET['CONNECT']);
+	
+	if($server !== null)
+	{
+		$playerId = $_SESSION['PLAYER_ID'];
+		
+		$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin");
+		$redirectUrl = $server['site'];
+		
+		if(!endsWith($redirectUrl, '/'))
+			$redirectUrl .= '/';
+		
+		$redirectUrl .= 'account.php?SLID='.(string)$playerId.'&C='.base64_encode(hex2bin($hmac));
+		
+		header("Location: ".$redirectUrl);
+		exit();
+	}
 }
 include("web/header.php");
 ?>
 <?php #<TR><TD><IMG SRC=/web/servericons/pinto.gif></TD><TD><B><FONT COLOR=GREEN>You were on this server last time:</FONT><BR>SERVER: PINTO.HORSEISLE.COM</B><BR><BR></TD><TD><B>Not Subscribed</B><BR>Quest Points: 75pts<BR>Times Online: 3<BR>Last On: 0.84 days ago<BR></TD><TD><B>17<BR>players<BR>online<BR>now</B></TD><TD><B><A HREF=?CONNECT=pinto>[LOG IN]</A></B></TD></TR><TR><TD COLSPAN=5><HR>?>
 <?php #<TABLE WIDTH=80% BGCOLOR=FFAABB BORDER=0 CELLPADDING=4 CELLSPACING=0><TR><TD class=newslist><B>[June 23, 2020 Latest Horse Isle News] Horse Isle 1 Compromise:</B><BR>Unfortunately, some troublemakers made a mess of HI1.<BR>We have reverted to a backup from 4am PST and taken some precautions. So, anything you "did" this morning was reverted.<br>We have also given all subs +12hrs to cover the down time.<br><br>Because passwords for accounts were likely compromised, we setup a system to verify and unlock for players' protection. When you try to login you will be prompted to reset your password.  We can automatically unlock most players' accounts, but some will require manual support via email.  Just follow the directions and please be patient with us.<br><br>Sorry about the trouble.  HI1 was never designed to survive so long into this new mean digital world. ;)<br><br>P.S.  The XSS alert was a simple javascript alert, just meaningless and harmless.<br><br>Thanks!<BR></TD></TR></TABLE> ?><BR><B>We have a <A HREF=//master.horseisle.com/beginnerguide/>Beginner Guide</A> online to help new players learn how to play.</B><BR><BR><B><FONT SIZE=+1>Horse Isle Server List</FONT></B><BR>Each server is completely independent and has identical game content. Money/horses/subscriptions are all tied to a particular server. 
 Normally you will only play on one server.  <B>Playing on any server uses up playtime on all servers</B>, so you do not gain any free time. Reasons for playing on more than one include joining a friend, or in case your normal server is down. 
-Multiple servers are required since there is a max capacity of around 150 players online per server.<BR><B>Please note, a profile on any individual server will be permanently deleted after 183 days (6 months) of not logging into the game on that specific server or your subscription expiring, whichever is later.</b><TABLE CELLPADDING=5 CELLSPACING=0 BORDER=0 BGCOLOR=FFFFFF><TR><TD COLSPAN=5></TD></TR><TR><TD COLSPAN=2><B>GAME SERVERS</B> (all identical please only join 1 or 2)</TD><TD><B>PROFILE</B> (not current)</TD><TD><B>ONLINE</B></TD><TD><B>LOGIN</B></TD></TR></TD></TR><TR><TD COLSPAN=5><HR></TD></TR><?php
+Multiple servers are required since there is a max capacity of around 150 players online per server.<BR><B>Please note, a profile on any individual server will be permanently deleted after 183 days (6 months) of not logging into the game on that specific server or your subscription expiring, whichever is later.</b><TABLE CELLPADDING=5 CELLSPACING=0 BORDER=0 BGCOLOR=FFFFFF><TR><TD COLSPAN=5></TD></TR><TR><TD COLSPAN=2><B>GAME SERVERS</B> (all identical please only join 1 or 2)</TD><TD><B>PROFILE</B> (not current)</TD><TD><B>ONLINE</B></TD><TD><B>LOGIN</B></TD></TR></TD></TR><TR><TD COLSPAN=5><HR></TD></TR>
+<?php
 for($i = 0; $i < count($server_list); $i++)
 {
 	$server = $server_list[$i];
 	$icon = $server['icon'];
 	$url = $server['site'];
 	$desc = $server['desc'];
+	$id = $server['id'];
 	
-	echo('<TR><TD><IMG SRC=/web/servericons/'.$icon.'></TD><TD><B>SERVER: '.strtoupper($url).'</B><BR>'.$desc.'</BR></TD><TD>no existing profile</TD><TD><B>0<BR>players<BR>online<BR>now</B></TD><TD><B><A HREF=joinserver.php?SERVER='.$url.'>[JOIN]</A></B></TD></TR><TR><TD COLSPAN=5><HR></TD></TR>');
+	$domain = parse_url($url, PHP_URL_HOST);
+	$join = '';
+	if(!userid_exists($server['database'], $_SESSION['PLAYER_ID']))
+		$join = '<A HREF=joinserver.php?SERVER='.$id.'>[JOIN]</A>';
+	else
+		$join = '<A HREF=?CONNECT='.$id.'>[LOG IN]</A>';
+	
+	echo('<TR><TD><IMG SRC=/web/servericons/'.$icon.'></TD><TD><B>SERVER: '.strtoupper($domain).'</B><BR>'.$desc.'</BR></TD><TD>no existing profile</TD><TD><B>0<BR>players<BR>online<BR>now</B></TD><TD><B>'.$join.'</B></TD></TR><TR><TD COLSPAN=5><HR></TD></TR>');
 }

 ?>
--- a/WebInterface/master-site/common.php
+++ b/WebInterface/master-site/common.php
@ -13,12 +13,23 @@ function hash_salt(string $input, string $salt)
 	return hash('sha512',$xor_hash,false);
 }

+function is_logged_in()
+{
+	if(session_status() !== PHP_SESSION_ACTIVE)
+		return false;
+	
+	if(isset($_SESSION["LOGGED_IN"]))
+		if($_SESSION["LOGGED_IN"] === "YES")
+			return true;
+	return false;
+}
+
 function user_exists(string $username)
 {
 	include('dbconfig.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
-	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Username=?"); 
-	$stmt->bind_param("s", $username);
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", strtoupper($username));
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$count = intval($result->fetch_row()[0]);
@ -30,31 +41,80 @@ function get_userid(string $username)
 	include('dbconfig.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	
-	$stmt = $connect->prepare("SELECT Id FROM Users WHERE Username=?"); 
-	$stmt->bind_param("s", $username);
+	$stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", strtoupper($username));
 	$stmt->execute();
 	$result = $stmt->get_result();
 	$id = intval($result->fetch_row()[0]);
 	return $id;
 }

-function check_password(int $userId, string $password)
+function get_sex(int $userid)
 {
 	include('dbconfig.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	
-	$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); 
-	$stmt->bind_param("i", $userId);
+	$stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
 	$stmt->execute();
 	$result = $stmt->get_result();
-	$passhash = $result->fetch_row()[0];
+	return $result->fetch_row()[0];

-	$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); 
-	$stmt->bind_param("i", $userId);
+}
+
+function get_admin(int $userid)
+{
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
 	$stmt->execute();
 	$result = $stmt->get_result();
-	$passsalt = $result->fetch_row()[0];
-	$passsalt = hex2bin($passsalt);
+	return $result->fetch_row()[0];
+
+}
+
+function get_mod(int $userid)
+{
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_password_hash(int $userid)
+{
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+	
+}
+
+function get_salt(int $userid)
+{
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");	
+	$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+}
+
+function check_password(int $userId, string $password)
+{
+	$passhash = get_password_hash($userId);
+	$passsalt = hex2bin(get_salt($userId));
 	$acturalhash = hash_salt($password, $passsalt);
 	
 	if($acturalhash === $passhash)
@ -65,11 +125,24 @@ function check_password(int $userId, string $password)

 function populate_db()
 {
-	
 	include('dbconfig.php');
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");
-	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS OnlineUsers(playerId INT, Admin TEXT(3), Moderator TEXT(3), Subscribed TEXT(3))");

 }
+
+function startsWith( $haystack, $needle ) {
+     $length = strlen( $needle );
+     return substr( $haystack, 0, $length ) === $needle;
+}
+
+function endsWith( $haystack, $needle ) {
+    $length = strlen( $needle );
+    if( !$length ) {
+        return true;
+    }
+    return substr( $haystack, -$length ) === $needle;
+}
+
+
 ?>
--- a/WebInterface/master-site/crosserver.php
+++ b/WebInterface/master-site/crosserver.php
@ -0,0 +1,113 @@
+<?php
+
+function  getNoPlayersOnlineInServer($database)
+{
+	include('dbconfig.php');
+	$dbname = $database;
+	
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
+	return $onlineUsers->fetch_row()[0];
+}
+
+function  getNoSubbedPlayersOnlineInServer($database)
+{
+	include('dbconfig.php');
+	$dbname = $database;
+	
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
+	return $onlineSubscribers->fetch_row()[0];
+}
+
+function  getNoModPlayersOnlineInServer($database)
+{
+	include('dbconfig.php');
+	$dbname = $database;
+	
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
+	return $onlineModerators->fetch_row()[0];
+}
+
+function getServerById(string $id)
+{
+	include('servers.php');
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		if($server_list[$i]['id'] == $id)
+			return $server_list[$i];
+	}
+	return null;
+}
+
+
+function userid_exists(string $database, string $userid)
+{
+	include('dbconfig.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function createAccountOnServer(string $database)
+{
+	include('dbconfig.php');
+	$dbname = $database;
+
+	$id = intval($_SESSION['PLAYER_ID']);
+	$username = $_SESSION['USERNAME'];
+	$sex = $_SESSION['SEX'];
+	$admin = $_SESSION['ADMIN'];
+	$mod = $_SESSION['MOD'];
+	$passhash = $_SESSION['PASSWORD_HASH'];
+	$salt = $_SESSION['SALT'];
+
+
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); 
+	$stmt->bind_param("issssss", $id, $username, $passhash, $salt, $sex, $admin, $mod);
+	$stmt->execute();
+}
+
+# Global Functions
+function getNoPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function getNoSubbedPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoSubbedPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function getNoModPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoModPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+
+?>
--- a/WebInterface/master-site/index.php
+++ b/WebInterface/master-site/index.php
@ -1,12 +1,14 @@
 <?php
-include('dbconfig.php');
 include('common.php');
+include('crosserver.php');
+include('dbconfig.php');
 populate_db();

+
+$onlineUsers = getNoPlayersOnlineGlobal();
+$onlineSubscribers = getNoSubbedPlayersOnlineGlobal();
+$onlineModerators = getNoModPlayersOnlineGlobal();
 $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
-$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
-$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
-$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES'");
 $activeAccounts = mysqli_query($connect, "SELECT COUNT(1) FROM Users");
 $hasIntl = function_exists('numfmt_create');

@ -50,26 +52,23 @@ HREF=/web/parents.php>Parent's Guide</A> <BR>
 <B>CURRENTLY:</B><BR>
 <FONT COLOR=550000><B>
 <?php 
-$onlineUsersCount = $onlineUsers->fetch_row()[0];
 if($hasIntl)
-echo numfmt_format($fmt, $onlineUsersCount);
+echo numfmt_format($fmt, $onlineUsers);
 else
-echo $onlineUserCount;
+echo $onlineUser;
 ?></B></FONT> Players Online Now<BR>
 <FONT COLOR=550000><B><?php 
-$onlineSubscribersCount = $onlineSubscribers->fetch_row()[0];
 if($hasIntl)					
-echo numfmt_format($fmt, $onlineSubscribersCount);
+echo numfmt_format($fmt, $onlineSubscribers);
 else
-echo $onlineSubscribersCount;
+echo $onlineSubscribers;
 ?></B></FONT> Subscribers Online Now<BR>
 <FONT COLOR=550000><B>
 <?php 
-$onlineModeratorsCount = $onlineModerators->fetch_row()[0];
 if($hasIntl)					
-echo numfmt_format($fmt, $onlineModeratorsCount );
+echo numfmt_format($fmt, $onlineModerators);
 else
-echo $onlineModeratorsCount;
+echo $onlineModerators;
 ?></B></FONT> Moderators Online Now<BR>
 <FONT COLOR=550000><B>
 <?php 
--- a/WebInterface/master-site/joinserver.php
+++ b/WebInterface/master-site/joinserver.php
@ -0,0 +1,47 @@
+<?php
+session_start();
+include('dbconfig.php');
+include('crosserver.php');
+include('common.php');
+
+if(isset($_GET['SERVER']))
+{
+	$server_id = $_GET['SERVER'];
+	$server = getServerById($server_id);
+	
+	if($server !== null)
+	{
+		if(is_logged_in())
+		{
+			$playerId = $_SESSION['PLAYER_ID'];
+			if(!userid_exists($server['database'], $playerId))
+			{				
+				createAccountOnServer($server['database']);
+				
+				$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin");
+				$redirectUrl = $server['site'];
+				
+				if(!endsWith($redirectUrl, '/'))
+					$redirectUrl .= '/';
+				
+				$redirectUrl .= 'account.php?SLID='.(string)$playerId.'&C='.base64_encode(hex2bin($hmac));
+				
+				header("Location: ".$redirectUrl);
+				exit();
+			}
+			else
+			{
+				echo('[Account]Joining the Server Failed.  Please try a different server,  or Try re-logging into the website.  If you continue to have troubles, you may need to enable Cookies in your browser.  Another possibility ONLY if you already have an account is logging directly into the server via: '.$server['site'].'<BR>ERROR: Account is already setup on this server. / <HR><B>If you already have an account on server, try logging in direct: <A HREF=\''.$server['site'].'\'>'.$server['site'].'</A></B>');
+			}
+		}
+		else
+		{
+			echo('[Account]Joining the Server Failed.  Please try a different server,  or Try re-logging into the website.  If you continue to have troubles, you may need to enable Cookies in your browser.  Another possibility ONLY if you already have an account is logging directly into the server via: '.$server['site'].'/<BR>ERROR: Account Setup Failed.  Please be sure you are logged in. / <HR><B>If you already have an account on server, try logging in direct: <A HREF=\''.$server['site'].'/\'>'.$server['site'].'</A></B>');
+		}
+	}
+	else
+	{
+		echo('[]Joining the Server Failed.  Please try a different server,  or Try re-logging into the website.  If you continue to have troubles, you may need to enable Cookies in your browser.  Another possibility ONLY if you already have an account is logging directly into the server via: <BR>ERROR:  / The requested URL returned error: 404 Not Found<HR><B>If you already have an account on server, try logging in direct: </B>');
+	}
+}
+?>
--- a/WebInterface/master-site/servers.php
+++ b/WebInterface/master-site/servers.php
@ -1,8 +1,7 @@
 <?php

 $server_list = [
-	['icon' => 'beta.gif', 'database' => 'beta', 'site' => 'beta.islehorse.com', 'desc' => ' '],
-	['icon' => 'black.gif', 'database' => 'example', 'site' => 'example.islehorse.com', 'desc' => 'Example HISP Server!'],
+	['id' => 'game', 'icon' => 'beta.gif', 'database' => 'beta', 'site' => 'http://game.islehorse.com', 'desc' => ' '],
 ];

 // black: 1/3 interest rate,  final new server as of July 2012 for those who want to start classic horseisle anew!
--- a/WebInterface/master-site/web/header.php
+++ b/WebInterface/master-site/web/header.php
@ -1,6 +1,9 @@
 <?php
 if(session_status() !== PHP_SESSION_ACTIVE)
 	session_start();
+
+if(!function_exists('is_logged_in'))
+	include('common.php');
 ?>
 <HEAD>
 <TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
@ -101,24 +104,13 @@ color: #440000;
 <B>

 <?php
-	if(isset($_SESSION["LOGGED_IN"]))
+	if(is_logged_in())
 	{
-		if($_SESSION['LOGGED_IN'] === "YES")
-		{
-			$username = "invalid";
-			if(isset($_SESSION['USERNAME']))
-				$username = $_SESSION['USERNAME'];
-			
-			echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B>Logged in as: '.$username.'</B><BR><BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
-		}
-		else
-		{
-			goto not_loggedin;
-		}
+		$username = $_SESSION['USERNAME'];		
+		echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B>Logged in as: '.$username.'</B><BR><BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
 	}
 	else
 	{
-not_loggedin:
 		echo('<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
 <TR><TD><B>USER:</B></TD><TD><INPUT TYPE=TEXT SIZE=14 NAME=USER></TD></TR>
 <TR><TD><B>PASS:</B></TD><TD><INPUT TYPE=PASSWORD SIZE=14 NAME=PASS></TD></TR>