Upload site files

game-site/web/checks.php

@@ -0,0 +1,47 @@
+<?php
+session_start();
+include("config.php");
+include("crosserver.php");
+include("header.php");
+?>
+<TABLE WIDTH=100% CELLPADDING=10><TR><TD>
+<FONT COLOR=880000 SIZE=+1><B>Alternative Payment Methods</B></FONT><BR>
+If you cannot use PayPal(recommended) you may send a payment via snail mail to our U.S. Post Office Box.<BR>
+Currency MUST be in U.S. Dollars.  [ USA Check / Money Order / USD Cash Accepted ]<BR>
+(One exception, Canadian personal checks made out for slightly more than the current exchange rate in canadian funds can be accepted. No other countries personal checks can be accepted.)<BR>
+Checks <B>must be written out to 'Horse Isle'</B>.<BR>
+If your check "bounces" we will block the account until our fees have been reimbursed by you.<BR>
+Cash is not recommended, but if you need to send it,  be sure to wrap it in another piece of paper so that it cannot be seen through the envelope!<BR>
+<B>(Do not send Cash without Parental Permission!)</B><BR>
+<BR>
+<B>Horse Isle Postal Mailing Address:</B><BR>
+<UL><FONT COLOR=440044 SIZE=+0>
+Horse Isle<BR>
+PO Box 3619<BR>
+Duluth, MN 55803-2633<BR>
+USA<BR>
+</UL></FONT>
+<B>Identify Your Payment:</B><BR>
+Be sure to include a CLEAR note of what account this is for. Include your email address in case there are problems identifying the account.<BR>
+<UL><FONT COLOR=440044 SIZE=+0>
+Your USERNAME = <?php echo(htmlspecialchars($_SESSION['USERNAME'])); ?><B></B><BR>
+Your ACCOUNT ID = <?php echo(htmlspecialchars($_SESSION['PLAYER_ID'])); ?><B></B><BR>
+Your SERVER = <B><?php echo($server_id); ?></B> (make sure this is the one you play on)<BR>
+
+</UL></FONT>
+<B>Finally, let us know what it is for:</B><BR>
+<UL><FONT COLOR=440044 SIZE=+0>
+One Month Horse Isle Membership - $5 (or 2 for $10, etc.)<BR>
+One Year Horse Isle Membership - $40 (or 2 for $80, etc.)<BR>
+Horse Isle Game Money - $10,000 per $1 ($15 = $150,000 Horse Isle Money)<BR>
+Pawneer Order - $8 (or 2 for $16, etc.)<BR>
+Pawneer Order Pack(5) - $30 (or 2 for $60, etc.)<BR>
+</UL></FONT>
+Payments will be credited when received. Mail is handled at least twice per week, so between mail transit and pickup times, expect up to a week for the account to be credited.  Payments lost in the mail are not our responsibility.  Checks which cannot be identified to an account will not be cashed.<BR>
+Remember PayPal Payments are instant and more secure! <BR>
+Thanks!<BR>
+<CENTER>[ <A HREF=/account.php>Return to Account Page</A> ]
+</TD></TR></TABLE>
+<?php
+include("footer.php");
+?>

game-site/web/common.php

@@ -0,0 +1,170 @@
+<?php
+
+function hash_salt(string $input, string $salt)
+{
+	$output = hash('sha512',$input,true);
+	$len=strlen(bin2hex($output))/2;
+	$xor_hash = "";
+	for($i = 0; $i < $len; $i++)
+	{
+		$xor_hash .= $output[$i] ^ $salt[$i];
+	}
+	
+	return hash('sha512',$xor_hash,false);
+}
+
+function base64_url_encode($input) {
+ return strtr(base64_encode($input), '+/=', '._-');
+}
+
+function base64_url_decode($input) {
+ return base64_decode(strtr($input, '._-', '+/='));
+}
+
+function is_logged_in()
+{
+	if(session_status() !== PHP_SESSION_ACTIVE)
+		return false;
+	
+	if(isset($_SESSION["LOGGED_IN"]))
+		if($_SESSION["LOGGED_IN"] === "YES")
+			return true;
+	return false;
+}
+
+function user_exists(string $username)
+{
+	include('config.php');
+	$usernameUppercase = strtoupper($username);
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", $usernameUppercase);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function get_username(string $id)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT Username FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$usetname = $result->fetch_row()[0];
+	return $usetname;
+}
+
+
+function get_userid(string $username)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$usernameUppercase = strtoupper($username);
+	$stmt = $connect->prepare("SELECT Id FROM Users WHERE UPPER(Username)=?"); 
+	$stmt->bind_param("s", $usernameUppercase);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$id = intval($result->fetch_row()[0]);
+	return $id;
+}
+
+function get_sex(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Gender FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_admin(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Admin FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_mod(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	
+	$stmt = $connect->prepare("SELECT Moderator FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+
+}
+
+function get_password_hash(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT PassHash FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+	
+}
+
+function get_salt(int $userid)
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");	
+	$stmt = $connect->prepare("SELECT Salt FROM Users WHERE Id=?"); 
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+}
+
+function check_password(int $userId, string $password)
+{
+	$passhash = get_password_hash($userId);
+	$passsalt = hex2bin(get_salt($userId));
+	$acturalhash = hash_salt($password, $passsalt);
+	
+	if($acturalhash === $passhash)
+		return true;
+	else
+		return false;
+}
+
+function populate_db()
+{
+	include('config.php');
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	mysqli_query($connect, "CREATE TABLE IF NOT EXISTS Users(Id INT, Username TEXT(16),Email TEXT(128),Country TEXT(128),SecurityQuestion Text(128),SecurityAnswerHash TEXT(128),Age INT,PassHash TEXT(128), Salt TEXT(128),Gender TEXT(16), Admin TEXT(3), Moderator TEXT(3))");
+
+}
+
+function startsWith( $haystack, $needle ) {
+     $length = strlen( $needle );
+     return substr( $haystack, 0, $length ) === $needle;
+}
+
+function endsWith( $haystack, $needle ) {
+    $length = strlen( $needle );
+    if( !$length ) {
+        return true;
+    }
+    return substr( $haystack, -$length ) === $needle;
+}
+
+
+?>

game-site/web/config.php

@@ -0,0 +1,3 @@
+<?php
+include("../config.php");
+?>

game-site/web/crosserver.php

@@ -0,0 +1,357 @@
+<?php
+
+function GenHmacMessage(string $data, string $channel)
+{
+	include('config.php');
+	if($hmac_secret === "!!NOTSET!!"){
+		echo("<script>alert('Please set HMAC_SECRET !')</script>");
+		echo("<h1>Set \$hmac_secret in config.php!</h1>");
+		exit();
+	}
+	$hmac = hash_hmac('sha256', $data, $hmac_secret.$channel.$_SERVER['REMOTE_ADDR'].date('mdy'));
+	return $hmac;
+}
+
+
+function getPlayerList($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineUsers = mysqli_query($connect, "SELECT * FROM OnlineUsers");
+	
+	$users_on = [];
+		
+
+	while ($row = $onlineUsers->fetch_row()) {
+		$arr = [ ['id' => $row[0], 'admin' => ($row[1] == 'YES'), 'mod' => ($row[2] == 'YES'), 'subbed' => ($row[3] == 'YES'), 'new' => ($row[4] == 'YES')] ];
+		$users_on = array_merge($users_on, $arr);
+	}
+	
+	return $users_on;
+}
+
+function checkUserBuddy($database, $yourId, $friendsId)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM BuddyList WHERE (Id=? AND IdFriend=?) OR (Id=? AND IdFriend=?)");
+	$stmt->bind_param("iiii", $yourId, $friendsId, $friendsId, $yourId);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	return $result->fetch_row()[0];
+}
+
+
+function getNoPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineUsers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers");
+	return $onlineUsers->fetch_row()[0];
+}
+
+function getNoSubbedPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineSubscribers = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Subscribed = 'YES'");
+	return $onlineSubscribers->fetch_row()[0];
+}
+
+function getUserMoney($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT Money FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]);
+	
+}
+
+function setUserMoney($database, $id, $money)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("UPDATE UserExt SET Money=? WHERE Id=?");
+	$stmt->bind_param("ii", $money, $id);
+	$stmt->execute();
+}
+
+function setUserSubbed($database, $id, $subbed)
+{
+	$subedV = "";
+	if($subbed)
+		$subedV = "YES";
+	else
+		$subbedV = "NO";
+	
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("UPDATE UserExt SET Subscriber=? WHERE Id=?");
+	$stmt->bind_param("si", $subedV, $id);
+	$stmt->execute();
+}
+
+function setUserSubbedUntil($database, $id, $subbedUntil)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("UPDATE UserExt SET SubscribedUntil=? WHERE Id=?");
+	$stmt->bind_param("ii", $subbedUntil, $id);
+	$stmt->execute();
+}
+
+function getUserBankMoney($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT BankBalance FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]);
+	
+}
+
+function getUserLoginDate($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT LastLogin FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]);
+	
+}
+
+function getUserQuestPoints($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT QuestPoints FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]);
+	
+}
+
+function getUserExistInExt($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(*) FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]) >= 1;
+	
+}
+
+function getUserTotalLogins($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT TotalLogins FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]);
+	
+}
+
+function getUserPlaytime($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT FreeMinutes FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]);
+	
+}
+
+
+function getUserSubTimeRemaining($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT SubscribedUntil FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return intval($result->fetch_row()[0]);
+	
+}
+
+
+function addItemToPuchaseQueue($database, $playerId, $itemId, $itemCount)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("INSERT INTO ItemPurchaseQueue VALUES(?,?,?)");
+	$stmt->bind_param("iii", $playerId, $itemId, $itemCount);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+}
+
+function getUserSubbed($database, $id)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT Subscriber FROM UserExt WHERE Id=?");
+	$stmt->bind_param("i", $id);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	
+	return $result->fetch_row()[0] == "YES";
+	
+}
+
+function isUserOnline($database, $id)
+{
+	include('config.php');
+	
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM OnlineUsers WHERE playerId=?");
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;	
+}
+
+function getNoModPlayersOnlineInServer($database)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$onlineModerators = mysqli_query($connect, "SELECT COUNT(1) FROM OnlineUsers WHERE Moderator = 'YES' OR Admin='YES'");
+	return $onlineModerators->fetch_row()[0];
+}
+
+function getServerById(string $id)
+{
+	include('servers.php');
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		if($server_list[$i]['id'] == $id)
+			return $server_list[$i];
+	}
+	return null;
+}
+
+
+function userid_exists(string $database, string $userid)
+{
+	include('config.php');
+	$dbname = $database;
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("SELECT COUNT(1) FROM Users WHERE Id=?");
+	$stmt->bind_param("i", $userid);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$count = intval($result->fetch_row()[0]);
+	return $count>0;
+}
+
+function createAccountOnServer(string $database)
+{
+	include('config.php');
+	$dbname = $database;
+
+	$id = intval($_SESSION['PLAYER_ID']);
+	$username = $_SESSION['USERNAME'];
+	$sex = $_SESSION['SEX'];
+	$admin = $_SESSION['ADMIN'];
+	$mod = $_SESSION['MOD'];
+	$passhash = $_SESSION['PASSWORD_HASH'];
+	$salt = $_SESSION['SALT'];
+
+
+	$connect = mysqli_connect($dbhost, $dbuser, $dbpass,$dbname) or die("Unable to connect to '$dbhost'");
+	$stmt = $connect->prepare("INSERT INTO Users VALUES(?,?,?,?,?,?,?)"); 
+	$stmt->bind_param("issssss", $id, $username, $passhash, $salt, $sex, $admin, $mod);
+	$stmt->execute();
+}
+
+# Global Functions
+function getNoPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function userExistAny($playerId)
+{
+	include('servers.php');
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		if(userid_exists($server_list[$i]['database'], $playerId)){
+			return true;
+		}
+	}
+	return false;
+}
+
+
+function getNoSubbedPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoSubbedPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+function getNoModPlayersOnlineGlobal()
+{
+	include('servers.php');
+	$playersOn = 0;
+	for($i = 0; $i < count($server_list); $i++)
+	{
+		$playersOn += getNoModPlayersOnlineInServer($server_list[$i]['database']);
+	}
+	return $playersOn;
+}
+
+
+?>

game-site/web/footer.php

@@ -0,0 +1,27 @@
+<?php
+	if(!isset($master_site))
+		include("config.php");
+?>
+<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
+<TR>
+<TD><IMG SRC=/web/hoilgui10.gif></TD>
+<TD WIDTH=100% BACKGROUND=/web/hoilgui11.gif></TD>
+<TD><IMG SRC=/web/hoilgui12.gif></TD>
+</TR></TABLE>
+<CENTER><B>
+[ <A HREF=http:<?php echo($master_site); ?>/web/rules.php>Rules</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/termsandconditions.php>Terms and Conditions</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/privacypolicy.php>Privacy Policy</A> ]</B><BR>
+[ <A HREF=http:<?php echo($master_site); ?>/web/expectedbehavior.php>Expected Behavior</A> ]
+[ <A HREF=http:<?php echo($master_site); ?>/web/contactus.php>Contact Us</A> ] 
+[ <A HREF=http:<?php echo($master_site); ?>/web/credits.php>Credits</A> ]<BR>
+<FONT FACE=Verdana,Arial SIZE=-2>Copyright &copy; <?php echo(date("Y")); ?> Horse Isle</FONT>
+
+<!-- Google Analytics -->
+<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
+</script>
+<script type="text/javascript">
+_uacct = "UA-1805076-1";
+urchinTracker();
+</script>
+

game-site/web/header.php

@@ -0,0 +1,130 @@
+<?php
+if(!isset($master_site))
+	include('config.php');
+
+if(session_status() !== PHP_SESSION_ACTIVE)
+	session_start();
+
+if(!function_exists('is_logged_in'))
+	include('common.php');
+
+$host = $_SERVER['HTTP_HOST'];
+
+?>
+<HEAD>
+<TITLE>HORSE ISLE - Online Multiplayer Horse Game</TITLE>
+<META NAME="keywords" CONTENT="Horse Game Online MMORPG Multiplayer Horses RPG Girls Girly Isle World Island Virtual Horseisle Sim Virtual">
+<META NAME="description" CONTENT="A multiplayer online horse world where players can capture, train, care for and compete their horses against other players. A very unique virtual sim horse game.">
+<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
+<link rel="icon" href="/favicon.ico" type="image/x-icon">
+<link rel="meta" href="<?php echo("//".$host); ?>/labels.rdf" type="application/rdf+xml" title="ICRA labels" />
+<meta http-equiv="pics-Label" content='(pics-1.1 "//www.icra.org/pics/vocabularyv03/" l gen true for "<?php echo("//".$host); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1)  gen true for "<?php echo($master_site); ?>" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 1))' />
+<style type="text/css">
+hr {
+height: 1;
+color: #000000;
+background-color: #000000;
+border: 0;
+}
+a {
+font: bold 14px arial;
+color: #6E3278;
+}
+TH {
+background-color: #EDE5B4;
+padding: 1px 6px;
+border: 2px dotted #6E3278;
+font: small-caps 900 14px arial;
+color: #000000;
+}
+TR.a0 {
+background-color: #EDE5B4;
+}
+TR.a1 {
+background-color: #D4CCA1;
+}
+TD {
+font: 14px arial;
+color: #000000;
+}
+TD.forum {
+font: 12px arial;
+color: #000000;
+}
+TD.forumlist {
+padding: 1px 6px;
+border: 2px dotted #6E3278;
+background-color: #EDE5B4;
+text-align: center;
+font: bold 14px arial;
+color: #000000;
+}
+TD.forumpost {
+padding: 5px 10px;
+border: 2px dotted #6E3278;
+background-color: #EDE5B4;
+text-align: left;
+}
+TD.newslist {
+padding: 4px 4px;
+border: 2px dotted #6E3278;
+background-color: #FFDDEE;
+text-align: left;
+font: 14px arial;
+color: #000000;
+}
+FORUMSUBJECT {
+font: bold 14px arial;
+color: #004400;
+}
+FORUMUSER {
+font: 12px arial;
+color: #000044;
+}
+FORUMDATE {
+font: 12px arial;
+color: #444444;
+}
+FORUMTEXT {
+font: 14px arial;
+color: #440000;
+}
+
+</style>
+</HEAD>
+<BODY BGCOLOR=E0D8AA>
+<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=100%>
+<TR WIDTH=100%>
+<TD WIDTH=512 ROWSPAN=3><A HREF=/><IMG SRC=/web/hoilgui1.gif ALT="Welcome to Horse Isle" BORDER=0></A></TD>
+<TD WIDTH=100% BACKGROUND=/web/hoilgui2.gif>&nbsp;</TD>
+<TD WIDTH=29><IMG SRC=/web/hoilgui3.gif></TD>
+</TR>
+<TR>
+<TD WIDTH=100% BACKGROUND=/web/hoilgui4.gif align=right>
+<B>
+
+<?php if(isset($login_error)){echo($login_error);} ?>
+
+<?php
+	if(is_logged_in())
+	{
+		$username = $_SESSION['USERNAME'];		
+		echo('<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=10><TR><TD><B><A HREF=/account.php>'.strtoupper($_SERVER['HTTP_HOST']).'</A><BR>Logged in as: '.htmlspecialchars($username).'<BR><A HREF=/?LOGOUT=1><img src=/web/but-logout.gif border=0></A><BR><A HREF='.$master_site.'/><img src=/web/but-mainpage.gif border=0></A></TD><TD><BR><A HREF='.$master_site.'/account.php><img src=/web/but-serverlist.gif border=0></A><BR><A HREF='.$master_site.'/web/news.php><img src=/web/but-news.gif border=0></A><BR><A HREF='.$master_site.'/web/forums.php><img src=/web/but-forums.gif border=0></A><BR><A HREF='.$master_site.'/web/helpcenter.php><img src=/web/but-helpcenter.gif border=0></A></TD></TR></TABLE>');
+	}
+	else
+	{
+		echo('<TABLE CELLPADDING=0 CELLSPACING=2 BORDER=0><FORM METHOD=POST ACTION=/account.php>
+<TR><TD><B>USER:</B></TD><TD><INPUT TYPE=TEXT SIZE=14 NAME=USER></TD></TR>
+<TR><TD><B>PASS:</B></TD><TD><INPUT TYPE=PASSWORD SIZE=14 NAME=PASS></TD></TR>
+<TR><TD></TD><TD><INPUT TYPE=SUBMIT VALUE=LOGIN> (<A HREF='.$master_site.'/web/forgotpass.php>Forgot?</A>)</TD></TR></FORM></TABLE>');
+	}
+	
+?>
+
+</TD>
+<TD WIDTH=29><IMG SRC=/web/hoilgui5.gif></TD></TR>
+<TR>
+<TD WIDTH=100% BACKGROUND=/web/hoilgui6.gif>&nbsp;</TD>
+<TD WIDTH=29><IMG SRC=/web/hoilgui7.gif></TD></TR>
+</TABLE>
+<CENTER>

game-site/web/paypalgateway.php

@@ -0,0 +1 @@
+PAYPAL [Jun26 21:22:15pm]: ----------------------------------------<BR>PAYPAL [Jun26 21:22:15pm]: PayPal Gateway Running<BR>PAYPAL [Jun26 21:22:15pm]: Did not receive proper data from PayPal!!<BR>

game-site/web/paypalpayment.php

@@ -0,0 +1,21 @@
+<?php 
+include("header.php"); 
+?>
+<BR>
+<CENTER><TABLE CELLPADDING=5><TR><TD></CENTER>
+<FONT FACE=arial>
+<B>Thank you for your Horse Isle PayPal Payment!</B><BR>
+<BR>
+Your transaction has been completed, and a receipt for your purchase has been emailed to you from PayPal.<BR>
+You may log into your account at <A HREF="http://www.paypal.com/us">http://www.paypal.com/us</A> to view details of this transaction.<BR>
+<BR>
+If you bought a membership or game money,  it will be credited to your account usually within one minute.
+Click back to your <A HREF="/account.php">ACCOUNT</A> page to see any credited subscription time or game money. (click refresh on the page if it has not yet showed)<BR>
+(<FONT COLOR=RED>NOTE: If you paid via paypal e-check it takes paypal 3-4 days to clear the check and notify us.</FONT>)<BR>
+<BR>
+<B>PARENTS:</B> please email support@horseisle.com from the paypal email or signup email to
+block chat, or limit time online for this account if you want to.<BR>
+</TD></TR></TABLE>
+<?php 
+include("footer.php"); 
+?>

game-site/web/playersonline.php

@@ -0,0 +1,32 @@
+<?php
+include("config.php");
+include("crosserver.php");
+include("common.php");
+$id = -1;
+if(isset($_GET['id'])){
+	$id = intval($_GET['id']);
+}
+$on = getPlayerList($dbname);
+$numbOn = count($on);
+$budsOn = 0;
+?>
+<B><?php echo($numbOn)?> players<BR>online now:</B><?php
+
+for($i = 0; $i < $numbOn; $i++){
+	$name = get_username($on[$i]['id']);
+	$admin = $on[$i]['admin'];
+	$mod = $on[$i]['mod'];
+	$subbed = $on[$i]['subbed'];
+	$new = $on[$i]['new'];
+	$bud = checkUserBuddy($dbname, $id ,$on[$i]['id']);
+	
+	echo("<BR>");
+	if($bud) { echo('<B><FONT COLOR=BLUE>'); echo(htmlspecialchars($name)); echo('</FONT></B>'); $budsOn++; }
+	else if($admin) { echo('<B><FONT COLOR=RED>'); echo(htmlspecialchars($name)); echo('</FONT></B>'); }
+	else if($mod) { echo('<B><FONT COLOR=GREEN>'); echo(htmlspecialchars($name)); echo('</FONT></B>'); }	
+	else { echo(htmlspecialchars($name)); }
+	
+	if($new) { echo(' <FONT SIZE=-2 COLOR=660000>[new]</FONT>'); };
+	
+}
+?><BR><I><FONT COLOR=BLUE>(<?php echo($budsOn); ?> buddies)</FONT></I><BR><FONT COLOR=222222 SIZE=-1><I>This list refreshes every 30 seconds.</I></FONT>

game-site/web/ppemu.php

@@ -0,0 +1,244 @@
+<?php
+
+session_start();
+include("../config.php");
+include("crosserver.php");
+include("common.php");
+
+if(!is_logged_in()){
+	include("header.php");
+	echo("Login First.");
+	include("footer.php");
+	exit();
+}
+
+$money = getUserMoney($dbname, $_SESSION['PLAYER_ID']);
+
+if(isset($_GET["go"], $_GET["qnt"], $_GET["itm"], $_GET['to'], $_GET["ret"], $_GET['sign']))
+{
+	
+	$targetUser = $_GET['to'];
+	$subbed = getUserSubbed($dbname, $targetUser);
+	$subbedUntil = getUserSubTimeRemaining($dbname, $targetUser);
+	$moneyTarget = getUserMoney($dbname, $targetUser);
+
+	if(!$subbed)
+		$subbedUntil = time();
+
+
+	if($_GET["go"] == 1)
+	{
+		$msg = $_GET['itm'].$_GET["qnt"].$_GET["to"].$_GET["ret"].$_SESSION['USERNAME'].$_SESSION['PLAYER_ID'];
+		$expectedSignature = GenHmacMessage($msg, "PPEMU");
+		$gotHmacSignature = $_GET['sign'];
+		
+		if(!hash_equals($gotHmacSignature,$expectedSignature)){
+			include("header.php");
+			echo("Invalid Signature. Are you trying to scam people?");
+			include("footer.php");
+			exit();
+		}
+		
+		$itm = $_GET["itm"];		
+		if(strpos($itm, "One Month Horse Isle Membership") === 0){
+			$amount = 5; // NO CHEATING!
+			$cost = $amount*$EXHANGE_RATE;
+			if($money >= $cost)
+			{
+				setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
+				setUserSubbed($dbname,$targetUser, true);
+				setUserSubbedUntil($dbname, $targetUser, $subbedUntil + 2678400);
+				
+				header("Location: ".$_GET["ret"]);
+			}
+			else
+			{
+				include("header.php");
+				echo("Not enough money.");
+				include("footer.php");
+				exit();
+			}
+
+		}
+		else if(strpos($itm, "Full Year Horse Isle Membership") === 0){
+			$amount = 40; // NO CHEATING!
+			$cost = $amount*$EXHANGE_RATE;
+			if($money >= $cost)
+			{
+				setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
+				setUserSubbed($dbname, $targetUser, true);
+				setUserSubbedUntil($dbname, $targetUser, $subbedUntil + 31622400);
+				
+				header("Location: ".$_GET["ret"]);
+				
+			}
+			else
+			{
+				include("header.php");
+				echo("Not enough money.");
+				include("footer.php");
+				exit();
+			}
+
+		
+		}
+		else if(strpos($itm, "100k Horse Isle Money") === 0){ // Why thou?
+			$amount = 1; // NO CHEATING!
+			$quantity = intval($_GET["qnt"]);
+			$cost = ($amount*$EXHANGE_RATE)*$quantity;
+			if($money >= $cost)
+			{
+				$amountGained = (100000 * $quantity);
+				if($quantity == 5)
+					$amountGained = 550000;
+				if($quantity == 10)
+					$amountGained = 1100000;
+				if($quantity == 10)
+					$amountGained = 1100000;
+				if($quantity == 20)
+					$amountGained = 2300000;
+				if($quantity == 50)
+					$amountGained = 5750000;
+				if($quantity == 100)
+					$amountGained = 12000000;
+				if($quantity == 250)
+					$amountGained = 31250000;
+
+				setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
+				$money-=$cost;
+				setUserMoney($dbname, $targetUser, $moneyTarget+=$amountGained);					
+				header("Location: ".$_GET["ret"]);
+				
+			}
+			else
+			{
+				include("header.php");
+				echo("Not enough money.");
+				include("footer.php");
+				exit();
+			}
+
+		
+		}
+		else if(strpos($itm, "Pawneer Order") === 0){
+			$amount = 8; // NO CHEATING!
+			$cost = $amount*$EXHANGE_RATE;
+			if($money >= $cost)
+			{
+				setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
+				addItemToPuchaseQueue($dbname, $targetUser, 559, 1);
+				
+				header("Location: ".$_GET["ret"]);
+				
+			}
+			else
+			{
+				include("header.php");
+				echo("Not enough money.");
+				include("footer.php");
+				exit();
+			}
+
+		
+		}
+		else if(strpos($itm, "Five Pawneer Order") === 0){
+			$amount = 30; // NO CHEATING!
+			$cost = $amount*$EXHANGE_RATE;
+			if($money >= $cost)
+			{
+				setUserMoney($dbname, $_SESSION['PLAYER_ID'], $money-$cost);
+				addItemToPuchaseQueue($dbname, $targetUser, 559, 5);
+				
+				header("Location: ".$_GET["ret"]);
+				
+			}
+			else
+			{
+				include("header.php");
+				echo("Not enough money.");
+				include("footer.php");
+				exit();
+			}
+
+		
+		}
+
+		exit();
+	}
+}
+
+$quantity = 1;
+if(!isset($_POST['item_name'], $_POST['amount'],  $_POST['item_number'], $_POST['custom'], $_POST['return']))
+{
+	
+	include("header.php");
+	echo("Some data was invalid");
+	include("footer.php");
+	exit();
+}
+
+if(isset($_POST['quantity']))
+	$quantity = intval($_POST['quantity']);
+
+
+$hasIntl = function_exists('numfmt_create');
+
+if($hasIntl)
+	$fmt = numfmt_create( 'en_US', NumberFormatter::DECIMAL );
+
+$toUser = $_POST['custom'];
+$toUsername = "";
+if(!getUserExistInExt($dbname, $toUser))
+{
+	include("header.php");
+	echo("Cannot buy for a user who does not exist on this server.");
+	include("footer.php");
+	exit();
+}
+else{
+	$toUsername = get_username($toUser);
+}
+
+include("header.php");
+?>
+<h1>HISP - PayPal Emulator</h1>
+<b>Purchase Information:</b>
+<table>
+  <tr>
+    <th>Item</th>
+    <th>Quantity</th>
+    <th>Item number</th>
+    <th>Price (USD)</th>
+    <th>Price (HorseIsle)</th>
+  </tr>
+  <tr>
+    <td><?php echo(htmlspecialchars($_POST['item_name'])) ?></td>
+    <td><?php echo(htmlspecialchars((string)$quantity)); ?></td>
+    <td><?php echo(htmlspecialchars($_POST['item_number'])) ?></td>
+	<td><?php
+			if($hasIntl)					
+				$cost = numfmt_format($fmt, intval(htmlspecialchars($_POST['amount']*$quantity)));
+			else
+				$cost = $_POST['amount']*$quantity;
+
+
+			echo('$'.$cost);
+		?></td>
+	<td><?php 
+			if($hasIntl)					
+				$cost = numfmt_format($fmt, intval(htmlspecialchars((($_POST['amount']) * $EXHANGE_RATE)*$quantity)));
+			else
+				$cost = (($_POST['amount']) * $EXHANGE_RATE)*$quantity;
+
+
+			echo('$'.$cost);
+		?></td>
+  </tr>
+</table>
+<h3><b>NOTE: $1USD = $<?php echo($EXHANGE_RATE)?> HorseIsle Money! (you have $<?php echo($money) ?>)</b></h3><br><b>This purchase is for User: <?php echo(htmlspecialchars($toUser)." (".$toUsername.")"); ?></b></br>Do you want to purchase?</br><br><a href="?go=1&itm=<?php echo(urlencode(htmlspecialchars($_POST['item_name']))); ?>&qnt=<?php echo(urlencode(htmlspecialchars($quantity)));?>&to=<?php echo(urlencode(htmlspecialchars($_POST['custom']))); ?>&ret=<?php echo(urlencode(htmlspecialchars($_POST['return']))); ?>&sign=<?php 
+	$msg = htmlspecialchars($_POST['item_name']).htmlspecialchars($quantity).htmlspecialchars($_POST['custom']).htmlspecialchars($_POST['return']).$_SESSION['USERNAME'].$_SESSION['PLAYER_ID'];
+	echo(urlencode(GenHmacMessage($msg, "PPEMU"))); 
+?>">Yes</a> | <a href="/account.php">No</a> 
+<?php
+include("footer.php");
+?>

game-site/web/reasonstosubscribe.php

@@ -0,0 +1,75 @@
+<?php
+session_start();
+include("config.php");
+include("header.php");
+?>
+<BR>
+<CENTER><TABLE CELLPADDING=5><TR><TD>
+
+<div style="TEXT-ALIGN:center">
+  <font size="4"><span style="COLOR:#990000; FONT-WEIGHT:bold"> Subscription Benefits</span></font><br/>
+</div>
+<br/>
+
+<font size="2" style="FONT-WEIGHT:bold"><span style="FONT-WEIGHT:bold; COLOR:#990000"> #1:</span>
+Support:</font><br/>
+Support continued Horse Isle development employing many talented artists.<br/>
+<br/>
+<span style="FONT-WEIGHT:bold; COLOR:#990000">
+#2:</span><span style="FONT-WEIGHT:bold"> Access:</span><br/>
+Unlimited play time.&nbsp; Also, priority access to the server if it is nearing
+capacity.<br/>
+<br/>
+<span style="FONT-WEIGHT:bold; COLOR:#990000">
+#3:</span><span style="FONT-WEIGHT:bold"> Ranch ownership:</span><br/>
+Once you can afford a ranch, it grants many optional benefits:<br/>
+<ul>
+  <li>
+    &nbsp; Carry more items with sheds (up to 80 total)
+  </li>
+  <li>
+    &nbsp; Own more horses several for each barn on your ranch
+  </li>
+  <li>
+    &nbsp; Being able to sell horses while offline
+  </li>
+  <li>
+    &nbsp; Easier feeding/watering/training of horses with silo,well,training
+    pen
+  </li>
+  <li>
+    &nbsp; Free wagon transport with a wagon&nbsp;
+  </li>
+  <li>
+    &nbsp; Earn money while on/offline with windmills
+  </li>
+</ul>
+<br style="FONT-WEIGHT:bold; COLOR:#990000"/>
+<span style="FONT-WEIGHT:bold; COLOR:#990000">
+#4:</span><span style="FONT-WEIGHT:bold"> Game Identification:</span><br/>
+A Horse Isle Subscriber is identified in-game with a Star next to the player's name
+in the player lists. A fancier star identifies longer term subscribers.<br/>
+<br/>
+<span style="FONT-WEIGHT:bold; COLOR:#990000">
+#5:</span><span style="FONT-WEIGHT:bold"> Train Horses Twice as often:</span><br/>
+A Horse Isle Subscriber can train horses again in 1/2 the time.<br/>
+<br/>
+<span style="FONT-WEIGHT:bold; COLOR:#990000">#6:</span><span style="FONT-WEIGHT:bold">
+Parental Controls:</span><br/>
+The ability to set the number of hours a child can play per day, or even
+disabling the ability to send and receive chat.<br/>
+<br/>
+<span style="FONT-WEIGHT:bold; COLOR:#990000">#7:</span><span style="FONT-WEIGHT:bold">
+Double Global Chats:</span><br/>
+Subscribers earn one global chat per minute rather than every other minute.<br/>
+<BR>
+<span style="FONT-WEIGHT:bold; COLOR:#990000">#8:</span><span style="FONT-WEIGHT:bold">
+Art Room Access:</span><br/>
+Subscribers are allowed to draw in the group art rooms.<br/>
+
+<BR>
+<CENTER>[ <A HREF=/account.php>Return to Account Information</A> ]
+</TD></TR></TABLE>
+<?php
+include("footer.php");
+?>

game-site/web/spendhorsebucks.php

@@ -0,0 +1,12 @@
+<?php
+session_start();
+include("config.php");
+include("header.php");
+if(!is_logged_in()){
+	echo('Account information not found.  please login again.');
+	exit();
+}
+?>
+<B><FONT SIZE=+1>Horse Isle Horse Bucks Redemption</FONT></B><BR>You Currently have 0 Horse Bucks from Referrals/Prizes.<BR>You do not have at least 5 Horse Bucks to make an exchange.<BR><A HREF=/account.php>ACCOUNT PAGE</A><?php
+include("footer.php");
+?>

game-site/web/whylimited.php

@@ -0,0 +1,21 @@
+<?php
+session_start();
+include("config.php");
+include("header.php");
+?>
+<BR>
+<CENTER><TABLE CELLPADDING=5><TR><TD>
+
+<font size="4" style="COLOR:#990000"><span style="FONT-WEIGHT:bold">Why is play time limited?</span></font><br/>
+<br/>
+The servers have to work very hard for each player logged in.   We have high-end dedicated servers, 
+but they can only run 150-200 players online at once.  Dedicated servers are expensive.
+  For these reasons, free players have a limited amount of playtime per day, and are even
+ denied access when the server is nearing capacity.  Subscribers have unlimited access, as they are sharing the costs of running the server.
+
+<BR>
+<BR><CENTER> <B><A HREF=/account.php>RETURN TO ACCOUNT</A>
+</TD></TR></TABLE>
+<?php
+include("footer.php");
+?>