xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update some shit code

Browse Source 
Update some shit code
This commit is contained in:
Catalin Novgorodschi
2026-04-30 14:24:31 +03:00
parent 1ea6873826
commit 544496c515
3 changed files with 1169 additions and 733 deletions
Download Patch File Download Diff File Expand all files Collapse all files
GameEngine/Account.php
+281 -183
View File
@@ -61,213 +61,311 @@ class Account {
}
private function Signup() {
global $database,$form,$mailer,$generator,$session;
// ==================== VERIFICARE WINNER ====================
$sql = mysqli_query($database->dblink, "SELECT 1 FROM " . TB_PREFIX . "fdata WHERE f99 = '100' AND f99t = '40' LIMIT 1");
$winner = mysqli_fetch_row($sql);
if ($winner) {
global $database, $form, $mailer, $generator, $session;
// ==================== VERIFICARE WINNER ====================
$winnerResult = $database->query("SELECT 1 FROM " . TB_PREFIX . "fdata WHERE f99 = '100' AND f99t = '40' LIMIT 1");
if ($winnerResult && mysqli_num_rows($winnerResult) > 0) {
$form->addError("winner", WINNER_ERROR);
}
if(!isset($_POST['name']) || trim($_POST['name']) == "") {
$form->addError("name",USRNM_EMPTY);
}
else {
if(strlen($_POST['name']) < USRNM_MIN_LENGTH) {
$form->addError("name",USRNM_SHORT);
}
else if(!USRNM_SPECIAL && preg_match('/[^0-9A-Za-z]/',$_POST['name'])) {
$form->addError("name",USRNM_CHAR);
}
else if(USRNM_SPECIAL && preg_match("/[:,\\. \\n\\r\\t\\s\\<\\>]+/", $_POST['name'])) {
$form->addError("name",USRNM_CHAR);
}
else if(strtolower($_POST['name']) == 'natars') {
$form->addError("name",USRNM_TAKEN);
}
else if(User::exists($database,$_POST['name'])) {
$form->addError("name",USRNM_TAKEN);
}
}
if(!isset($_POST['pw']) || trim($_POST['pw']) == "") {
$form->addError("pw",PW_EMPTY);
}
else {
if(strlen($_POST['pw']) < PW_MIN_LENGTH) {
$form->addError("pw",PW_SHORT);
}
else if($_POST['pw'] == $_POST['name']) {
$form->addError("pw",PW_INSECURE);
}
}
if(!isset($_POST['email'])) {
$form->addError("email",EMAIL_EMPTY);
}
else {
if(!$this->validEmail($_POST['email'])) {
$form->addError("email",EMAIL_INVALID);
}
else if(User::exists($database,$_POST['email'])) {
$form->addError("email",EMAIL_TAKEN);
}
}
if(!isset($_POST['vid']) || !in_array($_POST['vid'], [1, 2, 3])) {
$form->addError("tribe",TRIBE_EMPTY);
}
if(!isset($_POST['agb'])) {
$form->addError("agree",AGREE_ERROR);
}
if($form->returnErrors() > 0) {
$form->addError("invt",$_POST['invited']);
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
// ==================== VALIDĂRI ====================
// Username
if (!isset($_POST['name']) || trim($_POST['name']) === '') {
$form->addError("name", USRNM_EMPTY);
} else {
if (strlen($_POST['name']) < USRNM_MIN_LENGTH) {
$form->addError("name", USRNM_SHORT);
} elseif (!USRNM_SPECIAL && preg_match('/[^0-9A-Za-z]/', $_POST['name'])) {
$form->addError("name", USRNM_CHAR);
} elseif (USRNM_SPECIAL && preg_match("/[:,\\. \\n\\r\\t\\s\\<\\>]+/", $_POST['name'])) {
$form->addError("name", USRNM_CHAR);
} elseif (strtolower($_POST['name']) === 'natars') {
$form->addError("name", USRNM_TAKEN);
} elseif (User::exists($database, $_POST['name'])) {
$form->addError("name", USRNM_TAKEN);
}
}
header("Location: anmelden.php");
// Password
if (!isset($_POST['pw']) || trim($_POST['pw']) === '') {
$form->addError("pw", PW_EMPTY);
} else {
if (strlen($_POST['pw']) < PW_MIN_LENGTH) {
$form->addError("pw", PW_SHORT);
} elseif ($_POST['pw'] === $_POST['name']) {
$form->addError("pw", PW_INSECURE);
}
}
// Email
if (!isset($_POST['email']) || trim($_POST['email']) === '') {
$form->addError("email", EMAIL_EMPTY);
} elseif (!$this->validEmail($_POST['email'])) {
$form->addError("email", EMAIL_INVALID);
} elseif (User::exists($database, $_POST['email'])) {
$form->addError("email", EMAIL_TAKEN);
}
// Tribe
if (!isset($_POST['vid']) || !in_array((int)$_POST['vid'], [1, 2, 3], true)) {
$form->addError("tribe", TRIBE_EMPTY);
}
// Agreement
if (!isset($_POST['agb'])) {
$form->addError("agree", AGREE_ERROR);
}
// ==================== VERIFICARE ERORI ====================
if ($form->returnErrors() > 0) {
$form->addError("invt", $_POST['invited'] ?? '');
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: anmelden.php");
exit;
}
// ==================== PROCESARE ÎNREGISTRARE ====================
$hashedPassword = password_hash($_POST['pw'], PASSWORD_BCRYPT, ['cost' => 12]);
if (AUTH_EMAIL) {
$act = $generator->generateRandStr(10);
$act2 = $generator->generateRandStr(5);
$uid = $database->activate(
$_POST['name'],
$hashedPassword,
$_POST['email'],
$_POST['vid'],
$_POST['kid'],
$act,
$act2
);
if ($uid) {
$mailer->sendActivate($_POST['email'], $_POST['name'], $_POST['pw'], $act);
header("Location: activate.php?id=$uid&q=$act2");
exit;
}
else {
if(AUTH_EMAIL){
$act = $generator->generateRandStr(10);
$act2 = $generator->generateRandStr(5);
$uid = $database->activate($_POST['name'],password_hash($_POST['pw'], PASSWORD_BCRYPT,['cost' => 12]),$_POST['email'],$_POST['vid'],$_POST['kid'],$act,$act2);
if($uid) {
} else {
// Ramura fără activare prin email (act era undefined în codul original)
$act = '';
$mailer->sendActivate($_POST['email'],$_POST['name'],$_POST['pw'],$act);
header("Location: activate.php?id=$uid&q=$act2");
exit;
}
}
else {
$uid = $database->register($_POST['name'], password_hash($_POST['pw'], PASSWORD_BCRYPT, ['cost' => 12]), $_POST['email'], $_POST['vid'], $act);
if($uid) {
setcookie("COOKUSR" , $_POST['name'], time() + COOKIE_EXPIRE,COOKIE_PATH);
setcookie("COOKEMAIL" , $_POST['email'], time() + COOKIE_EXPIRE,COOKIE_PATH);
$database->updateUserField(
$uid,
["act", "invited"],
["", $_POST['invited']],
1
);
$this->generateBase($_POST['kid'], $uid, $_POST['name']);
header("Location: login.php");
exit;
}
}
}
}
$uid = $database->register(
$_POST['name'],
$hashedPassword,
$_POST['email'],
$_POST['vid'],
$act
);
if ($uid) {
setcookie("COOKUSR", $_POST['name'], time() + COOKIE_EXPIRE, COOKIE_PATH);
setcookie("COOKEMAIL", $_POST['email'], time() + COOKIE_EXPIRE, COOKIE_PATH);
$database->updateUserField(
$uid,
["act", "invited"],
["", $_POST['invited'] ?? ''],
1
);
$this->generateBase($_POST['kid'], $uid, $_POST['name']);
header("Location: login.php");
exit;
}
}
}
private function Activate() {
global $database;
if(START_DATE < date('d.m.Y') or START_DATE == date('d.m.Y') && START_TIME <= date('H:i'))
{
$q = "SELECT act, username, password, email, tribe, location FROM ".TB_PREFIX."activate where act = '".$database->escape($_POST['id'])."'";
$result = mysqli_query($database->dblink,$q);
$dbarray = mysqli_fetch_array($result);
if($dbarray['act'] == $_POST['id']) {
$uid = $database->register($dbarray['username'], $dbarray['password'], $dbarray['email'], $dbarray['tribe'], "");
if($uid) {
$database->unreg($dbarray['username']);
$this->generateBase($dbarray['location'],$uid,$dbarray['username']);
header("Location: activate.php?e=2");
exit;
}
}
else
{
header("Location: activate.php?e=3");
exit;
}
}
else
{
header("Location: activate.php");
exit;
}
}
global $database;
// ==================== VERIFICARE DATA DE START A SERVERULUI ====================
if (START_DATE < date('d.m.Y') || (START_DATE === date('d.m.Y') && START_TIME <= date('H:i'))) {
// Caută codul de activare în tabela activate
$id = $database->escape($_POST['id'] ?? '');
$q = "SELECT act, username, password, email, tribe, location
FROM " . TB_PREFIX . "activate
WHERE act = '" . $id . "'";
$result = $database->query($q);
$dbarray = mysqli_fetch_array($result);
// Verificăm dacă am găsit exact codul trimis
if ($dbarray && $dbarray['act'] === $_POST['id']) {
$uid = $database->register(
$dbarray['username'],
$dbarray['password'],
$dbarray['email'],
$dbarray['tribe'],
""
);
if ($uid) {
$database->unreg($dbarray['username']);
$this->generateBase($dbarray['location'], $uid, $dbarray['username']);
header("Location: activate.php?e=2");
exit;
}
// dacă register eșuează → comportamentul original (fără redirect)
} else {
// Cod de activare invalid sau inexistent
header("Location: activate.php?e=3");
exit;
}
} else {
// Serverul nu a început încă
header("Location: activate.php");
exit;
}
}
private function Unreg() {
global $database;
$q = "SELECT password, username FROM ".TB_PREFIX."activate where id = ".(int) $_POST['id'];
$result = mysqli_query($database->dblink,$q);
$dbarray = mysqli_fetch_array($result);
if(password_verify($_POST['pw'], $dbarray['password'])) {
$database->unreg($dbarray['username']);
header("Location: anmelden.php");
exit;
}
else {
header("Location: activate.php?e=3");
exit;
}
}
// ==================== VERIFICARE ID & PAROLĂ ====================
$id = (int)($_POST['id'] ?? 0);
$q = "SELECT password, username
FROM " . TB_PREFIX . "activate
WHERE id = " . $id;
$result = $database->query($q);
$dbarray = mysqli_fetch_array($result);
// Verificăm dacă înregistrarea există și parola este corectă
// (protejează împotriva notice-urilor PHP dacă nu există rândul)
if ($dbarray && password_verify($_POST['pw'] ?? '', $dbarray['password'])) {
$database->unreg($dbarray['username']);
header("Location: anmelden.php");
exit;
}
// Parolă greșită sau ID inexistent → comportamentul original
header("Location: activate.php?e=3");
exit;
}
private function Login() {
global $database, $session, $form;
$user = $_POST['user'];
if(!isset($_POST['user']) || empty($_POST['user'])){
$form->addError("user", $user);
}else if(!User::exists($database, $_POST['user'])){
$form->addError("user", USR_NT_FOUND);
}
if(!isset($_POST['pw']) || empty($_POST['pw'])){
$form->addError("pw", LOGIN_PASS_EMPTY);
}else if(!$database->login($_POST['user'], $_POST['pw']) && !$database->sitterLogin($_POST['user'], $_POST['pw'])){
// try activation data if the user was not found
if(!$userData){
$activateData = $database->getActivateField($_POST['user'], 'act', 1);
if(!empty($activateData)) $form->addError("activate", $_POST['user']);
else $form->addError("pw", LOGIN_PW_ERROR);
}
else $form->addError("pw", LOGIN_PW_ERROR);
}
$userData = $database->getUserArray($_POST['user'], 0);
// Vacation mode by Shadow
if($userData["vac_mode"] == 1 && $userData["vac_time"] > time()){
$form->addError("vacation", "Vacation mode is still enabled");
}
// Vacation mode by Shadow
if($form->returnErrors() > 0){
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: login.php");
exit();
}else{
// Vacation mode by Shadow
$database->removevacationmode($userData['id']);
// Vacation mode by Shadow
if($database->login($_POST['user'], $_POST['pw'])){
$database->UpdateOnline("login", $_POST['user'], time(), $userData['id']);
}else if($database->sitterLogin($_POST['user'], $_POST['pw'])){
$database->UpdateOnline("sitter", $_POST['user'], time(), $userData['id']);
}
setcookie("COOKUSR", $_POST['user'], time() + COOKIE_EXPIRE, COOKIE_PATH);
$session->login($_POST['user']);
}
}
// ==================== INITIALIZARE SIGURĂ ====================
$username = $_POST['user'] ?? '';
$password = $_POST['pw'] ?? '';
// $userData este folosit înainte de a fi definit în codul original
// Păstrăm comportamentul exact (null aici)
$userData = null;
// ==================== VALIDĂRI ====================
// Username
if (empty($username)) {
$form->addError("user", $username);
} elseif (!User::exists($database, $username)) {
$form->addError("user", USR_NT_FOUND);
}
// Password
if (empty($password)) {
$form->addError("pw", LOGIN_PASS_EMPTY);
} elseif (!$database->login($username, $password) && !$database->sitterLogin($username, $password)) {
// try activation data if the user was not found
// (păstrăm exact logica originală - $userData e încă null aici)
if (!$userData) {
$activateData = $database->getActivateField($username, 'act', 1);
if (!empty($activateData)) {
$form->addError("activate", $username);
} else {
$form->addError("pw", LOGIN_PW_ERROR);
}
} else {
$form->addError("pw", LOGIN_PW_ERROR);
}
}
// Obținem datele utilizatorului (după validări - exact ca în original)
$userData = $database->getUserArray($username, 0);
// Vacation mode by Shadow
if (!empty($userData) && $userData['vac_mode'] == 1 && $userData['vac_time'] > time()) {
$form->addError("vacation", LOGIN_VACATION);
}
// ==================== VERIFICARE ERORI ====================
if ($form->returnErrors() > 0) {
$_SESSION['errorarray'] = $form->getErrors();
$_SESSION['valuearray'] = $_POST;
header("Location: login.php");
exit();
}
// ==================== LOGIN CU SUCCES ====================
// Vacation mode by Shadow
$database->removevacationmode($userData['id']);
if ($database->login($username, $password)) {
$database->UpdateOnline("login", $username, time(), $userData['id']);
} elseif ($database->sitterLogin($username, $password)) {
$database->UpdateOnline("sitter", $username, time(), $userData['id']);
}
setcookie("COOKUSR", $username, time() + COOKIE_EXPIRE, COOKIE_PATH);
$session->login($username);
}
private function Logout() {
global $session, $database;
unset($_SESSION['wid']);
$database->activeModify(addslashes($session->username),1);
$database->UpdateOnline("logout") or die(mysqli_error($database->dblink));
$session->Logout();
}
unset($_SESSION['wid']);
// actualizează statusul "activ" al utilizatorului
$database->activeModify($database->escape($session->username), 1);
// actualizează ultima activitate online
$database->UpdateOnline("logout");
$session->Logout();
}
private function validEmail($email) {
$regexp="/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
return preg_match($regexp, $email);
}
// Regex exact ca în varianta originală (nu am schimbat logica de validare)
$regexp = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
return (bool) preg_match($regexp, $email);
}
function generateBase($kid, $uid, $username) {
global $database;
$message = new Message();
if($kid == 0) $kid = rand(1,4);
else $kid = $_POST['kid'];
$database->generateVillages([['wid' => 0, 'mode' => 0, 'type' => 3, 'kid' => $kid, 'capital' => 1, 'pop' => 2, 'name' => null, 'natar' => 0]], $uid, $username);
$message->sendWelcome($uid, $username);
}
$message = new Message();
// Logica exactă din original
if ($kid == 0) {
$kid = rand(1, 4);
} else {
$kid = $_POST['kid']; // suprascrie parametrul cu valoarea din POST
}
$database->generateVillages(
[
[
'wid' => 0,
'mode' => 0,
'type' => 3,
'kid' => $kid,
'capital'=> 1,
'pop' => 2,
'name' => null,
'natar' => 0
]
],
$uid,
$username
);
$message->sendWelcome($uid, $username);
}
};
$account = new Account;
?>