Rewrite alot of how game & master site are handled (note in current state its impossible to make an account.)

2025-04-20 03:39:16 +12:00 · 2021-05-19 00:43:27 +12:00 · 2021-05-19 00:43:27 +12:00 · c12399dc0e
commit c12399dc0e
parent 1ad0783f8f
23 changed files with 548 additions and 888 deletions
--- a/WebInterface/master-site/account.php
+++ b/WebInterface/master-site/account.php
@ -1,134 +1,73 @@
-<HEAD>
-<TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
-<META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
-<META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
-<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
-<link rel="icon" href="/favicon.ico" type="image/x-icon">
-<link rel="meta" href="http://horseisle.com/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
-<meta http-equiv="pics-Label" content='(pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l gen true for "http://horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "http://hi1.horseisle.com" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
-<style type="text/css">
-hr {
-height: 1;
-color: #000000;
-background-color: #000000;
-border: 0;
-}
-a {
-font: bold 14px arial;
-color: #6E3278;
-}
-TH {
-background-color: #EDE5B4;
-padding: 1px 6px;
-border: 2px dotted #6E3278;
-font: small-caps 900 14px arial;
-color: #000000;
-}
-TR.a0 {
-background-color: #EDE5B4;
-}
-TR.a1 {
-background-color: #D4CCA1;
-}
-TD {
-font: 14px arial;
-color: #000000;
-}
-TD.forum {
-font: 12px arial;
-color: #000000;
-}
-TD.forumlist {
-padding: 1px 6px;
-border: 2px dotted #6E3278;
-background-color: #EDE5B4;
-text-align: center;
-font: bold 14px arial;
-color: #000000;
-}
-TD.forumpost {
-padding: 5px 10px;
-border: 2px dotted #6E3278;
-background-color: #EDE5B4;
-text-align: left;
-}
-TD.adminforumpost {
-padding: 5px 20px;
-border: 2px dotted #6E3278;
-background-color: #BFE9C9;
-text-align: left;
-}
-TD.newslist {
-padding: 4px 4px;
-border: 2px dotted #6E3278;
-background-color: #FFDDEE;
-text-align: left;
-font: 14px arial;
-color: #000000;
-}
-FORUMSUBJECT {
-font: bold 14px arial;
-color: #004400;
-}
-FORUMUSER {
-font: 12px arial;
-color: #000044;
-}
-FORUMDATE {
-font: 12px arial;
-color: #444444;
-}
-FORUMTEXT {
-font: 14px arial;
-color: #440000;
+<?php
+include("servers.php");
+include("common.php");
+session_start();
+
+if(isset($_POST["USER"], $_POST["PASS"]))
+{
+	$username = $_POST["USER"];
+	$password = $_POST["PASS"];
+	if(!user_exists($username))
+		goto auth_failed;
+	$id = get_userid($username);
+	if(check_password($id, $password))
+	{
+		$_SESSION['LOGGED_IN'] = "YES";
+		$_SESSION['PLAYER_ID'] = $id;
+		$_SESSION['USERNAME'] = $username;
+	}
+	else
+	{ 
+auth_failed:
+		include("web/header.php");
+		echo('<TABLE CELLPADDING=10 WIDTH=100%><TR><TD><HR><B>Username or Password is not valid. Please try again. <BR>Note: Upon too many attempts the account will be temporarily blocked from your IP.</B><BR><BR>If you have not logged on yet,  make sure you have clicked the activation link in the email that was sent to you.<BR><BR>click <A HREF=/web/forgotpass.php>HERE</A> to Have your password emailed to you.<HR></TD></TR></TABLE>');
+		include('web/footer.php');
+		exit();
+	}
 }

-</style>
-</HEAD>
-<BODY BGCOLOR=E0D8AA>
-<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
-<TR WIDTH=100%>
-<TD WIDTH=512 ROWSPAN=3><A HREF=/><IMG SRC=/web/hoilgui1.gif ALT="Welcome to Horse Isle" BORDER=0></A></TD>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui2.gif>&nbsp;</TD>
-<TD WIDTH=29><IMG SRC=/web/hoilgui3.gif></TD>
-</TR>
-<TR>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
-<B>
+if(isset($_SESSION["LOGGED_IN"]))
+{
+	if($_SESSION["LOGGED_IN"] !== "YES")
+	{
+		goto error;
+	}
+	else
+	{
+		goto pass;
+	}
+	
+	error: 
+		include("web/header.php");
+		echo("
+<B>Username or Password is not valid or your account has timed out. Please Log in again.</B><BR><BR></TD></TR></TABLE>");
+		$_SESSION['LOGGED_IN'] = "NO";
+		include("web/footer.php");
+		exit();
+	pass:
+}
+else
+{
+	goto error;
+}
+include("web/header.php");
+?>
+<?php #<TR><TD><IMG SRC=/web/servericons/pinto.gif></TD><TD><B><FONT COLOR=GREEN>You were on this server last time:</FONT><BR>SERVER: PINTO.HORSEISLE.COM</B><BR><BR></TD><TD><B>Not Subscribed</B><BR>Quest Points: 75pts<BR>Times Online: 3<BR>Last On: 0.84 days ago<BR></TD><TD><B>17<BR>players<BR>online<BR>now</B></TD><TD><B><A HREF=?CONNECT=pinto>[LOG IN]</A></B></TD></TR><TR><TD COLSPAN=5><HR>?>
+<?php #<TABLE WIDTH=80% BGCOLOR=FFAABB BORDER=0 CELLPADDING=4 CELLSPACING=0><TR><TD class=newslist><B>[June 23, 2020 Latest Horse Isle News] Horse Isle 1 Compromise:</B><BR>Unfortunately, some troublemakers made a mess of HI1.<BR>We have reverted to a backup from 4am PST and taken some precautions. So, anything you "did" this morning was reverted.<br>We have also given all subs +12hrs to cover the down time.<br><br>Because passwords for accounts were likely compromised, we setup a system to verify and unlock for players' protection. When you try to login you will be prompted to reset your password.  We can automatically unlock most players' accounts, but some will require manual support via email.  Just follow the directions and please be patient with us.<br><br>Sorry about the trouble.  HI1 was never designed to survive so long into this new mean digital world. ;)<br><br>P.S.  The XSS alert was a simple javascript alert, just meaningless and harmless.<br><br>Thanks!<BR></TD></TR></TABLE> ?><BR><B>We have a <A HREF=//master.horseisle.com/beginnerguide/>Beginner Guide</A> online to help new players learn how to play.</B><BR><BR><B><FONT SIZE=+1>Horse Isle Server List</FONT></B><BR>Each server is completely independent and has identical game content. Money/horses/subscriptions are all tied to a particular server. 
+Normally you will only play on one server.  <B>Playing on any server uses up playtime on all servers</B>, so you do not gain any free time. Reasons for playing on more than one include joining a friend, or in case your normal server is down. 
+Multiple servers are required since there is a max capacity of around 150 players online per server.<BR><B>Please note, a profile on any individual server will be permanently deleted after 183 days (6 months) of not logging into the game on that specific server or your subscription expiring, whichever is later.</b><TABLE CELLPADDING=5 CELLSPACING=0 BORDER=0 BGCOLOR=FFFFFF><TR><TD COLSPAN=5></TD></TR><TR><TD COLSPAN=2><B>GAME SERVERS</B> (all identical please only join 1 or 2)</TD><TD><B>PROFILE</B> (not current)</TD><TD><B>ONLINE</B></TD><TD><B>LOGIN</B></TD></TR></TD></TR><TR><TD COLSPAN=5><HR></TD></TR><?php
+for($i = 0; $i < count($server_list); $i++)
+{
+	$server = $server_list[$i];
+	$icon = $server['icon'];
+	$url = $server['site'];
+	$desc = $server['desc'];
+	
+	echo('<TR><TD><IMG SRC=/web/servericons/'.$icon.'></TD><TD><B>SERVER: '.strtoupper($url).'</B><BR>'.$desc.'</BR></TD><TD>no existing profile</TD><TD><B>0<BR>players<BR>online<BR>now</B></TD><TD><B><A HREF=joinserver.php?SERVER='.$url.'>[JOIN]</A></B></TD></TR><TR><TD COLSPAN=5><HR></TD></TR>');
+}

-<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
-<TR><TD><B>USER:</B></TD><TD><INPUT TYPE=TEXT SIZE=14 NAME=USER></TD></TR>
-<TR><TD><B>PASS:</B></TD><TD><INPUT TYPE=PASSWORD SIZE=14 NAME=PASS></TD></TR>
-<TR><TD></TD><TD><INPUT TYPE=SUBMIT VALUE=LOGIN> (<A HREF=/web/forgotpass.php>Forgot?</A>)</TD></TR></FORM></TABLE>
-
-</TD>
-<TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>
-<TR>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui6.gif>&nbsp;</TD>
-<TD WIDTH=29><IMG SRC=/web/hoilgui7.gif></TD></TR>
-</TABLE>
-<CENTER>
-
- <B>Username or Password is not valid or your account has timed out. Please Log in again.</B><BR><BR></TD></TR></TABLE><TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
-<TR>
-<TD><IMG SRC=/web/hoilgui10.gif></TD>
-<TD WIDTH=100% BACKGROUND=/web/hoilgui11.gif></TD>
-<TD><IMG SRC=/web/hoilgui12.gif></TD>
-</TR></TABLE>
-<CENTER><B>
-[ <A HREF=//master.horseisle.com/beginnerguide/>New Player Guide</A> ]<BR>
-[ <A HREF=/web/rules.php>Rules</A> ]
-[ <A HREF=/web/termsandconditions.php>Terms and Conditions</A> ]
-[ <A HREF=/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
-[ <A HREF=/web/expectedbehavior.php>Expected Behavior</A> ]
-[ <A HREF=/web/contactus.php>Contact Us</A> ] 
-[ <A HREF=/web/credits.php>Credits</A> ]<BR>
-<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; 2020 Horse Isle</FONT>
-
-<!-- Google Analytics -->
-<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
-</script>
-<script type="text/javascript">
-_uacct = "UA-1805076-1";
-urchinTracker();
-</script>
+?>
+</TABLE><BR>Account Settings: <A HREF=/web/accountchange.php>CHANGE MY PASSWORD</A><BR>Refer other players and earn Game Credit!: <A HREF=/web/referral.php>REFERRAL PROGRAM</A><BR>
+<?php
+include("web/footer.php");
+?>
--- a/WebInterface/master-site/common.php
+++ b/WebInterface/master-site/common.php
@ -12,4 +12,64 @@ function hash_salt(string $input, string $salt)
 	
 	return hash('sha512',$xor_hash,false);
 }
+
+function user_exists(string $username)
+{
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Username=?"); 
+	$stmt->bind_param("s", $username);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function get_userid(string $username)
+{
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Id FROM Users WHERE Username=?"); 
+	$stmt->bind_param("s", $username);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$id = intval($result->fetch_row()[0]);
+	return $id;
+}
+
+function check_password(int $userId, string $password)
+{
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userId);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$passhash = $result->fetch_row()[0];
+
+	$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userId);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$passsalt = $result->fetch_row()[0];
+	$passsalt = hex2bin($passsalt);
+	$acturalhash = hash_salt($password, $passsalt);
+	
+	if($acturalhash === $passhash)
+		return true;
+	else
+		return false;
+}
+
+function populate_db()
+{
+	
+	include('dbconfig.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");
+	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS OnlineUsers(playerId INT, Admin TEXT(3), Moderator TEXT(3), Subscribed TEXT(3))");
+
+}
 ?>
--- a/WebInterface/master-site/crosserver.php
+++ b/WebInterface/master-site/crosserver.php
--- a/WebInterface/master-site/dbconfig.php
+++ b/WebInterface/master-site/dbconfig.php
@ -1,8 +1,9 @@
 <?php
-$dbname = 'beta';
+$dbname = 'master';
 $dbuser = 'root';
 $dbpass = 'test123';
 $dbhost = '127.0.0.1';

-
+#should be same as all game-site's
+$hmac_secret = '!!NOTSET!!';
 ?>
--- a/WebInterface/master-site/index.php
+++ b/WebInterface/master-site/index.php
@ -1,5 +1,7 @@
 <?php
 include('dbconfig.php');
+include('common.php');
+populate_db();

 $connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 $onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
--- a/WebInterface/master-site/servers.php
+++ b/WebInterface/master-site/servers.php
@ -0,0 +1,10 @@
+<?php
+
+$server_list = [
+	['icon' => 'beta.gif', 'database' => 'beta', 'site' => 'beta.islehorse.com', 'desc' => ' '],
+	['icon' => 'black.gif', 'database' => 'example', 'site' => 'example.islehorse.com', 'desc' => 'Example HISP Server!'],
+];
+
+// black: 1/3 interest rate,  final new server as of July 2012 for those who want to start classic horseisle anew!
+// white: Subscriber only server.<br>You must subscribe to this server to play.<BR>If subscription runs out, you will no longer be able to play on it.
+?>
--- a/WebInterface/master-site/web/header.php
+++ b/WebInterface/master-site/web/header.php
@ -1,3 +1,7 @@
+<?php
+if(session_status() !== PHP_SESSION_ACTIVE)
+	session_start();
+?>
 <HEAD>
 <TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
 <META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
@ -96,10 +100,32 @@ color: #440000;
 <TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
 <B>

-<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
+<?php
+	if(isset($_SESSION["LOGGED_IN"]))
+	{
+		if($_SESSION['LOGGED_IN'] === "YES")
+		{
+			$username = "invalid";
+			if(isset($_SESSION['USERNAME']))
+				$username = $_SESSION['USERNAME'];
+			
+			echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B>Logged in as: '.$username.'</B><BR><BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF=/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF=/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF=/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF=/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF=/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
+		}
+		else
+		{
+			goto not_loggedin;
+		}
+	}
+	else
+	{
+not_loggedin:
+		echo('<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
 <TR><TD><B>USER:</B></TD><TD><INPUT TYPE=TEXT SIZE=14 NAME=USER></TD></TR>
 <TR><TD><B>PASS:</B></TD><TD><INPUT TYPE=PASSWORD SIZE=14 NAME=PASS></TD></TR>
-<TR><TD></TD><TD><INPUT TYPE=SUBMIT VALUE=LOGIN> (<A HREF=/web/forgotpass.php>Forgot?</A>)</TD></TR></FORM></TABLE>
+<TR><TD></TD><TD><INPUT TYPE=SUBMIT VALUE=LOGIN> (<A HREF=/web/forgotpass.php>Forgot?</A>)</TD></TR></FORM></TABLE>');
+	}
+	
+?>

 </TD>
 <TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>
--- a/WebInterface/master-site/web/newuser.php
+++ b/WebInterface/master-site/web/newuser.php
@ -108,6 +108,7 @@ if(isset( $_POST['user'],$_POST['pass1'],$_POST['pass2'],$_POST['sex'],$_POST['e
 		array_push($problems, "Email does not appear valid, you will not be able sign in without getting the login mail.");
 	
 	
+	populate_db();
 	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
 	$result = mysqli_query($connect, "SELECT MAX(Id) FROM Users");

@ -120,12 +121,8 @@ if(isset( $_POST['user'],$_POST['pass1'],$_POST['pass2'],$_POST['sex'],$_POST['e
 	$password_hash = hash_salt($password,$salt);
 	$hex_salt = bin2hex($salt);

-	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Username=?"); 
-	$stmt->bind_param("s", $username);
-	$stmt->execute();
-	$result = $stmt->get_result();
-	$count = intval($result->fetch_row()[0]);
-	if($count !== 0)
+
+	if(user_exists($username))
 		array_push($problems, "Username taken. Please try a different account name.");