• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Afs-cms

Status
Not open for further replies.
Ya, everyone stick to the topic from now on. Take your private fights in PMs instead.
 
Not sure if this was reported already but when players create guilds on the site, the following happens:

1. User inputs "Wana Ded's" as the guild name.
2. The guild name shows up correctly on the website.
3. On the game, it shows up as this "Wana Ded\'s"
 
Not sure if this was reported already but when players create guilds on the site, the following happens:

1. User inputs "Wana Ded's" as the guild name.
2. The guild name shows up correctly on the website.
3. On the game, it shows up as this "Wana Ded\'s"

I think xampp add a \ in fornt of ' and " to protect the server, but im not 100% sure. Or he use the command addslashes()
 
Not sure if this was reported already but when players create guilds on the site, the following happens:

1. User inputs "Wana Ded's" as the guild name.
2. The guild name shows up correctly on the website.
3. On the game, it shows up as this "Wana Ded\'s"

I'll make it so that names with a ' won't be allowed from now on, thanks for the report.

I think xampp add a \ in fornt of ' and " to protect the server, but im not 100% sure. Or he use the command addslashes()

I think your thinking of magic_quotes but I don't use addslashes()

Avarian use this...

He use addslashes() ?
It is possebile to use mysql_real_escape_string() instead

I do use mysql_real_escape_string() :p

He use something like that:

stripslashes() is to remove the slashes inserted into the database by mysql_real_escape_string(), but it's only used for displaying information on the site, not for actually removing the / from the database.
 
I'll make it so that names with a ' won't be allowed from now on, thanks for the report.

Why would you do that? Just write your own escape function, that dosn't escape the ' character, but then escapes ';, so that way MySQL injections would be avoided.

This function will escape a string using mysql_real_escape_string(), and then turn the \' into ', and then the '; into \';. As far as I know, that should allow the ' character, and still secure the query.
PHP:
function mysql_escape($string){
	$string = mysql_real_escape_string($string);
	$string = str_replace("\'", "'", $string);
	return str_replace("';", "\';", $string);
}

Something even safer, would be to remove any MySQL related strings: "select, remove, insert, alter and such...".
 
Last edited:


what have i done wrong? Its acutally 17 players online but it dosn't want to show that. Everything else works 100% perfect, even online list, and from online list you can see how many players thats online.

its also gone 3 hours, and it shows 0 hours 0 minutes.. i don't think its refreshing itself
 
ohh and how can I make the picture of the day to load from etc photobucket instead of my own computer? So it downloads from a link instead of having me uploading the image every time a guy looks at the page?
 
Last edited:
ohh and how can I make the picture of the day to load from etc photobucket instead of my own computer? So it downloads from a link instead of having me uploading the image every time a guy looks at the page?

Open index.php and change the img src to your online image link.
In the next release i'll change it to so that you can host the pics from your computer, some other internet source, or just not use it at all.
 
It is possebile to inject code on it
Avarian msg me as fast as you can, found many heavy holes on your cms were people can enter own code and get admin
 
Last edited:
Fixed code injection

This will redirect you to your server and also send your cookies.
When the server has your cookies they send you back


It is also possebile to inject code in info.php?act=players&char=


What can some one do with your cookies?
If they succes to get the admins cookie they can change there cookies so it look like the admins.

To change cookies you use
The new value is the value that you got from logg.txt


How can i protect my self?


It is possebile to use htmlspecialchars() so the < and > tags dont load as html.

Here is the code

PHP:
<?PHP

/*    
    Author: Avarian
    Product Name: AFS-CMS
    Purpose: A Content Management System specifically made for the forgotten server.
    Copyright (C) 2007-2008  [Avarian]

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

session_start();
include ('Includes/config_includes.php');
include ('Includes/function_includes.php');
include ('Includes/header_includes.php');

switch($_GET['act']){

 ####ONLINE LIST#####
case "online":

echo '<title>'.$worldname.' - Players Online</title>';
echo '<h1>Players Online:</h1>';
    $i = 1;

'.$vocations.';
$online_query = mysql_query("SELECT * FROM `players` WHERE `online` = 1 ORDER BY `name` ASC") or die(mysql_error());
if(mysql_num_rows($online_query) != 0){
echo '<table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#000000" width="100%" cellspacing="0">';
echo '<tr><td width="40%" bgcolor="#000000"><b>Players:</b></td><td width="40%" bgcolor="#000000"><b>Vocation:</b></td><td width="20%" bgcolor="#000000"><b>Level:</b></td></tr>';
while($sql_online = mysql_fetch_array($online_query)){
$number++;
if($layout == grayshades) {
echo '<td bgcolor="#444444">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#444444">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#444444">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == blackdraft) {
echo '<td bgcolor="#444444">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#444444">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#444444">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == thegathering) {
echo '<td bgcolor="#110F01">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#110F01">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#110F01">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == dragonflames) {
echo '<td bgcolor="#110F01">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#110F01">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#110F01">'.$sql_online['level'].'</td></tr>'; }
}
}
else
{
echo '<p>There are no players online on '.$worldname.'.</p>';
}
echo '</table>';
break; 
	
	#####HIGHSCORES#####
	case "highscores":
echo '<title>'.$worldname.' - Highscores</title>';

$cfg['rank'] = 25;
if(isset($_GET['skill'])){
 $skill = $_GET['skill'];
} else {
 $skill = "Level";
}
if(!isset($_GET['pg'])) {
 $pg = 1;
} else {
 $pg = $_GET['pg'];
}
if($pg > 11){
 $inicio = 11;
}else{
 $inicio = $pg - 1;
}
$ini = $inicio * $cfg['rank'];
$prox = $cfg['rank'] * $pg + 1;
$prox_ = $cfg['rank'] * $pg + $cfg['rank'];
if($pg == 2){
 $ante = "1-".$cfg['rank'];
}elseif($pg > 2){
 $aa = $pg - 1;
 $b = $pg - 2;
 $a = $cfg['rank'] * $b;
 $ante = $a+'1'."-".$cfg['rank']*$aa;
}
if($pg == 1 or $pg == ""){
 $asd = " ";
}else{
 $asd = " | ";
}
?>
<style type="text/css">
<!--
.style1 {color: #FFFFFF}
-->
</style>
<div align="center"><h1>Highscores - Top 300</h1></div>
<table width="100%" border="0" cellspacing="1" cellpadding="2">
  <tr>
    <td width="87%" valign="top"><table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="#000000">
      <tr>
        <td width="10%"><div align="center"><span class="style1">Rank</span></div></td>
        <td width="50%"><span class="style1">Name</span></td>
        <td width="15%"><div align="center"><span class="style1"><?=$skill?></span></div></td>
        <? if($skill == "Level"){?><td width="25%"><div align="center"><span class="style1">Experience</span></div></td><? } ?>
      </tr>
<?  switch($skill){
  case "Fist":
   $id = 0;
   break;
  case "Club":
   $id = 1;
   break;
  case "Sword":
   $id = 2;
   break;
  case "Axe":
   $id = 3;
   break;
  case "Distance":
   $id = 4;
   break;
  case "Shield":
   $id = 5;
   break;
  case "Fish":
   $id = 6;
   break;
 }
 if($skill == "Level") {
  $total = mysql_query("SELECT * FROM players WHERE group_id < '".$hs_group_id."' ORDER BY level");
  $tr = mysql_num_rows($total);
  $tp = $tr / $cfg['rank'];
  $tp = ceil($tp);
  $ant = $pg-1;
  $pro = $pg+1;
  $verifica = mysql_query("SELECT name,level,experience FROM players WHERE group_id < '".$hs_group_id."' ORDER BY experience DESC LIMIT ".$ini.",".$cfg['rank']."");
  if($pg == 1 or $pg == 0){
   $i = 1;
  }elseif($pg > 1){
   $i = $ini+1;
  }
  while($dados = mysql_fetch_array($verifica)) {
  	
			$id=$i+1;
			if($layout == thegathering) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == grayshades) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == blackdraft) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == dragonflames) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }

   echo ' 
           <td><center>'.$i.'</center></td>
           <td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
           <td><center>'.$dados['level'].'</center></td>
    			 <td><center>'.$dados['experience'].'</center></td>
          </tr>';
    $i++;
  }
  if($tr > $cfg['rank']){
   echo '<tr bgcolor="black">
        <td colspan=4><div align="right">';
   if($pg > 1){
    $anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
   }
   if($pg != 11){
    if($pg < $tp){
     $proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
     $tt = true;
    }
   }
   echo $anterior;
   if($tt == true) echo $asd;
   echo $proxima;
   echo '</div></td><tr>';
  }    
 }
 elseif($skill == "Magic") {
  $total = mysql_query("SELECT * FROM players WHERE group_id < '".$hs_group_id."' ORDER BY maglevel");
  $tr = mysql_num_rows($total);
  $tp = $tr / $cfg['rank'];
  $tp = ceil($tp);
  $ant = $pg-1;
  $pro = $pg+1;
  $verifica = mysql_query("SELECT name,maglevel FROM players WHERE group_id < '".$hs_group_id."' ORDER BY maglevel DESC LIMIT ".$ini.",".$cfg['rank']."");
  if($pg == 1 or $pg == 0){
   $i = 1;
  }elseif($pg > 1){
   $i = $ini+1;
  }
  while($dados = mysql_fetch_array($verifica)) {
			$id=$i+1;
			if($layout == thegathering) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == dragonflames) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == grayshades) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == blackdraft) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
   echo ' 
           <td><center>'.$i.'</center></td>
           <td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
           <td><center>'.$dados['maglevel'].'</center></td>
          </tr>';
    $i++;
  }
  if($tr > $cfg['rank']){
   echo '<tr bgcolor="black">
        <td colspan=3><div align="right">';
   if($pg > 1){
    $anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
   }
   if($pg != 11){
    if($pg < $tp){
     $proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
     $tt = true;
    }
   }
   echo $anterior;
   if($tt == true) echo $asd;
   echo $proxima;
   echo '</div></td><tr>';
  } 
 }
 else {
  $total = mysql_query("SELECT name,value FROM players, player_skills WHERE group_id < '".$hs_group_id."' AND players.id = player_skills.player_id AND player_skills.skillid = ".$id." ORDER BY value DESC");
  $tr = mysql_num_rows($total);
  $tp = $tr / $cfg['rank'];
  $tp = ceil($tp);
  $ant = $pg-1;
  $pro = $pg+1;
  $verifica = mysql_query("SELECT name,value FROM players, player_skills WHERE group_id < '".$hs_group_id."' AND players.id = player_skills.player_id AND player_skills.skillid = ".$id." ORDER BY value DESC LIMIT ".$ini.",".$cfg['rank']."");
  if($pg == 1 or $pg == 0){
   $i = 1;
  }elseif($pg > 1){
   $i = $ini+1;
  }
  while($dados = mysql_fetch_array($verifica))  {
			$id=$i+1;
			if($layout == thegathering) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == dragonflames) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == grayshades) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == blackdraft) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
    echo '
           <td><center>'.$i.'</center></td>
           <td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
           <td><center>'.$dados['value'].'</center></td>
          </tr>';
    $i++;
  }
  if($tr > $cfg['rank']){
   echo '<tr bgcolor="black">
        <td colspan=3><div align="right">';
   if($pg > 1){
    $anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
   }
   if($pg != 11){
    if($pg < $tp){
     $proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
     $tt = true;
    }
   }
   echo $anterior;
   if($tt == true) echo $asd;
   echo $proxima;
   echo '</div></td><tr>';
  } 
 } 
 
?>
    </table>
<div align="right">
</div>
<?PHP
if($layout == grayshades) {
      echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == blackdraft) {
      echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == thegathering) {
      echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="110F09">'; }
elseif($layout == dragonflames) {
      echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="110F09">'; }
      echo '</table></td>';

if($layout == thegathering) {
      echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="000000">'; }
elseif($layout == dragonflames) {
      echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="000000">'; }
elseif($layout == grayshades) {
      echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == blackdraft) {
      echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
      echo '<tr>';

        echo '<div align="center"><a href="?act=highscores&skill=Level">Level</a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Magic">Magic Level </a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Fist">Fist Fighting </a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Club">Club Fighting </a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Sword">Sword Fighting </a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Axe">Axe Fighting </a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Distance">Distance Fighting</a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Shield">Shielding</a></div></td>';
      echo '</tr>';
      echo '<tr>';
        echo '<div align="center"><a href="?act=highscores&skill=Fish">Fishing</a></div></td>';
      echo '</tr>';
    echo '</table></td>';
  echo '</tr>';
echo '</table>';
?>

<?PHP
mysql_close();
	
	break;
	#####PLAYER SEARCH#####
	case "players":
echo '<title>'.$worldname.' - Players Search</title>';
	
	echo '<h1>Player Search:</h1>'; 

$char = trim($_REQUEST['char']);
if (!$char) {
	echo '<p>You have not requested any player name.</p>';
include ('Includes/footer_includes.php');
	die;
}
if (strlen($char) < 2) {
echo '<p>Not enough letters. Please enter atleast two.</p>';
include ('Includes/footer_includes.php');
die;
}

	$char = mysql_real_escape_string($char);

$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");

if(mysql_num_rows($player_query)==0) {
	$check_player_query = mysql_query("SELECT * FROM `players` WHERE `name` like '%".$char."%' LIMIT 0, ".$search_result_limit."");
	if(mysql_num_rows($check_player_query) != 0)
	{
		
		$i = 0;
		echo '<table cellspacing=0 cellpadding="5" border="0"><tr><td width="150px">Name</td><td width="50px"><center>Level</center></td><td width="100px">Vocation</td><center><td width="50px">Status:</td><center></tr>';
						while($check_player_sql = mysql_fetch_array($check_player_query))
						{
						
		'.$vocations.';
			$id=$i+1;
			if($layout == grayshades) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == blackdraft) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == thegathering) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == dragonflames) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
						echo '<td><a href="info.php?act=players&char='.$check_player_sql['name'].'">'.$check_player_sql['name'].'</a></td><td><center>'.$check_player_sql['level'].'</center></td><td>'.$vocations[$check_player_sql['vocation']].'</td>';
			
		if($check_player_sql['online'] > 0) {
		echo '<td><center><font color="green"><b>Online</b></font></center></td>'; }
		else {
		echo '<td><center><font color="red"><b>Offline</b></font></center></td>';}
						echo '<tr>';
						$i++;
							
						}
		echo '</table>';
	}
	else
	{
	echo '<p>Player '.htmlspecialchars($char).' does not exist.</p>';
	}
	} else {

		$player_sql = mysql_fetch_array($player_query);
		$acc_logged_query = mysql_query("SELECT * FROM `accounts` WHERE (`id` = '".$player_sql['account_id']."') ") or die(mysql_error());
		$acc_logged_sql = mysql_fetch_array($acc_logged_query);

		$account_ban = $player_sql['account_id'];
		$ban_query = mysql_query("SELECT * FROM `bans` WHERE (`account` = '$account_ban') ") or die(mysql_error());
		$ban_sql = mysql_fetch_array($ban_query); 

		if ($player_sql['lastlogin'] != 0) $lastlog = date('M d Y, H:i:s',$player_sql['lastlogin']);
		else $lastlog = 'never logged in';

		if($player_sql['town_id'] == $town[1]['id'])
		$town = $town[1]['name'];
		elseif($player_sql['town_id'] == $town[2]['id'])
		$town = $town[2]['name'];
		elseif($player_sql['town_id'] == $town[3]['id'])
		$town = $town[3]['name'];
		elseif($player_sql['town_id'] == $town[4]['id'])
		$town = $town[4]['name'];
		elseif($player_sql['town_id'] == $town[5]['id'])
		$town = $town[5]['name'];
		elseif($player_sql['town_id'] == $town[6]['id'])
		$town = $town[6]['name'];
		elseif($player_sql['town_id'] == $town[7]['id'])
		$town = $town[7]['name'];
		elseif($player_sql['town_id'] == $town[8]['id'])
		$town = $town[8]['name'];
		elseif($player_sql['town_id'] == $town[9]['id'])
		$town = $town[9]['name'];
		elseif($player_sql['town_id'] == $rook['id'])
		$town = $rook['name'];
		

		$rankid = $player_sql['rank_id'];
		$query20 = mysql_query("SELECT * FROM `guild_ranks` WHERE (`id` = '$rankid') ") or die(mysql_error());
		$query_result20 = mysql_fetch_row($query20);
		$guildscheck = $query_result20[1];
		$query123 = mysql_query("SELECT * FROM `guilds` WHERE (`id` = '$guildscheck') ") or die(mysql_error());
		$query_result123 = mysql_fetch_row($query123);

		$space = $query_result123[1];

		$comment = stripslashes($player_sql['comment']);

		echo '<h2>Character information:</h2>';
		echo '<table width=400px><tr><tr><td width=100px>Name: </td><td width=300px>'.$player_sql['name'].'<br /></td></tr>';
		$sexs = array("Female", "Male");
		echo '<tr><td width=100px>Sex:</td><td width=300px>'.$sexs[$player_sql['sex']].'<br /></td></tr>';
		echo '<tr><td width=100px>Level:</td><td width=300px>'.$player_sql['level'].'<br /></td></tr>';
		'.$vocations.';
		echo '<tr><td width=100px>Vocation:</td><td width=300px>'.$vocations[$player_sql['vocation']].'<br /></td></tr>';
		echo '<tr><td width=100px>Residence:</td><td width=300px>'.$town.'<br /></td></tr>';

		if (empty($space)) {
		echo '<tr><td width=100px>Guild: </td><td width=300px>None';
		echo '<br /></td></tr>';
		}
		else
		{
		echo '<tr><td width=100px>Guild: </td><td width=300px>'.$query_result20[2].' of the <a href="guilds.php?act=view&guild='.$query_result123[1].'">'.$query_result123[1].'</a>';
		echo '<br /></td></tr>';
		}
		echo '<tr><td width=100px>Lastlogin:</td><td width=300px>'.$lastlog.'<br /></td></tr>';

		if($acc_logged_sql['premdays'] > 0 ) 
		echo '<tr><td width=100px>Account Type:</td><td width=300px>Premium Account<br /></td></tr>';
		else
		echo '<tr><td width=100px>Account Type:</td><td width=300px>Free Account<br /></td></tr>';
		
		if($comment == "") {
		echo '<tr><td width=100px>Comment:</td><td width=300px>None<br /></td></tr>';
		}
		else
		{
		echo '<tr><td width=100px>Comment:</td><td width=300px>'.htmlspecialchars($comment).'<br /></td></tr>';
		}

		if($player_sql['online'] > 0 ) {
		echo '<tr><td width=100px>Status:</td><td width=300px><font color="green"> Online</font><br /></td></tr>'; }
		else {
		echo '<tr><td width=100px>Status:</td><td width=300px><font color="red"> Offline</font><br /></td></tr>'; }
		
		echo '</table>';
		echo ('<br /><h2>Account information:</h2>');
		echo "<table width=400px>";
		if($acc_logged_sql['hidemail'] == 0)
		echo '<tr><td width=100px>Email:</td><td width=300px> <a href="mailto:'.$acc_logged_sql['email'].'">'.$acc_logged_sql['email'].'</a></td></tr>';
		if($acc_logged_sql['hide'] == 0){
			echo '<tr><td width=100px>Realname:</td><td width=300px> '.$acc_logged_sql['rlname'].'</td></tr>';
			echo '<tr><td width=100px>Location:</td><td width=300px> '.$acc_logged_sql['location'].'</td></tr>';
		}

$positionss = array("None", "$group_id1", "$group_id2", "$group_id3", "$group_id4", "$group_id5", "$group_id6", "$group_id7", "$group_id8", "$group_id9");
if($player_sql['group_id'] > 1)
{
echo '<tr><td width=100px>Position:</td><td width=300px><font color="Red">'.$positionss[$player_sql['group_id']].'</font></td></tr>';
} else {
echo '<tr><td width=100px>Position:</td><td width=300px>'.$positionss[$player_sql['group_id']].'</td></tr>';
}
 if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 0 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 1 )
{
        echo '<tr><td width=100px><font color="Red">Banished</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 2 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 3 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 4 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 5 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 6 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 7 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 8 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 9 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of offensive statement.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 10 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of spamming.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 11 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of advertisement not related to game.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 12 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of real money advertisement.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 13 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of non-english public statement.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 14 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of off-topic public statement.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 15 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of inciting rule violation.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 16 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of bug abuse.</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 17 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of game weakness abuse.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 
        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 18 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of macro use.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 19 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of using unofficial sotware to play.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 20 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of hacking.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 21 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of multi-clienting.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 22 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of account trading.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 23 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of account sharing.</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 24 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of threatening gamemaster.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 25 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of pretending to have official position.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 26 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of pretending to have influence on gamemaster.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 27 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of false report to gamemaster.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 28 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of excessive unjustified player killing.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 29 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of destructive behaviour.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 30 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of spoiling action.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';
} 

        if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 31 )
{
        echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red">Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid payment.</font></td></tr>';
	echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
        echo '</table>';        
} 
        else
        echo '</table>'; 

$char = trim($_REQUEST['char']);
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
$query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ") or die(mysql_error());      
$sql = mysql_fetch_array($query);

   $death_query = mysql_query("SELECT * FROM `player_deaths` WHERE (`player_id` = '".$sql['id']."') ORDER BY `time` DESC LIMIT 10") or die(mysql_error());

if(mysql_num_rows($death_query) != 0){
                                	
echo '<br /><h2>Character Deaths:</h2>';

              
echo '<table cellspacing=0 cellpadding="5" border="0">';
while($death_sql = mysql_fetch_array($death_query)){
$number++;
$dead = $death_sql['player_id'];
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
$player_sql_result = mysql_fetch_array($player_query);
$player_id = $player_sql_result['id'];
if(empty($player_sql_result['name'])) {
$killedplayer = "ID: ".$dead." - SQL error";
}
else
{
$killedplayer = "<a href=\"info.php?act=players&char=".$player_sql_result['name']."\">".$player_sql_result['name']."</a>";
}
if($layout == grayshades) {
echo ($number % 2) ? "<tr>" : "<tr>"; }
elseif($layout == blackdraft) {
echo ($number % 2) ? "<tr>" : "<tr>"; }
elseif($layout == thegathering) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
if($death_sql['is_player'] != 1) {
if($death_sql['killed_by'] == -1) {
$death_sql['killed_by'] = "NPC";
}
echo "<td>" .date('M d Y, H:i:s',$death_sql['time']). " Died at level ".$death_sql['level']." by a  ".$death_sql['killed_by'].".</td></tr>";
}
else
{
echo "<td>" .date('M d Y, H:i:s',$death_sql['time']). " Died at level ".$death_sql['level']." by <a href=\"info.php?act=players&char=".$death_sql['killed_by']."\"> ".$death_sql['killed_by']."</a>.</td></tr>";
}
}
}
else
{
}

echo '</table>';  




if($acc_logged_sql['hidechars'] == 0)
{
	echo ' <br /><h2>Characters:</h2>
		<table border="0" cellSpacing="0" cellPadding="2" width="220">

        <tr>
            <td width="200">Name:</td><td width="20"><center>Level:</center></td>
        </tr>';

	$acc_query = mysql_query("SELECT * FROM `players` WHERE (`account_id` = '".$player_sql['account_id']."') ") or die(mysql_error());
		$i=1;
	while($acc_sql = mysql_fetch_array($acc_query)){
		if($acc_sql['hide'] == 0)
		{
			$id=$i+1;
			if($layout == thegathering) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == dragonflames) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == grayshades) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == blackdraft) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
		echo '<td width="200px">'.$i.'. <a href="info.php?act=players&char='.$acc_sql['name'].'">'.$acc_sql['name'].'</a></td>';
		echo '<td width="20px"><center>'.$acc_sql['level'].'</center></td>';
      echo '</tr>';
      $i++;
    }
    else {
    }
    }
echo '</table>';
	}	
	else { }

}
	break;

	case "deaths":
	
echo '<title>'.$worldname.' - Latest Deaths</title>';

echo '<h1>Latest Deaths:</h1>'; 
	$i = 1;
			
$death_query = mysql_query("SELECT * FROM `player_deaths` ORDER BY `time` DESC LIMIT $death_limit") or die(mysql_error());
if(mysql_num_rows($death_query) != 0){
echo '<table cellspacing=0 cellpadding="5" border="0">';
echo '<tr><td><b>Player:</b></td><td><b>Death:</b></td></tr>';
while($death_sql = mysql_fetch_array($death_query)){
$number++;
$dead = $death_sql['player_id'];
$player_query = mysql_query("SELECT * FROM players WHERE id = '$dead'") or die(mysql_error());
$player_sql_result = mysql_fetch_array($player_query);
if(empty($player_sql_result['name'])) {
$killedplayer = "ID: ".$dead." - SQL error";
}
else
{
$killedplayer = "<a href=\"info.php?act=players&char=".$player_sql_result['name']."\">".$player_sql_result['name']."</a>";
}

if($layout == thegathering) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($number % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($number % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }

if($death_sql['is_player'] != 1) {
if($death_sql['killed_by'] == -1) {
$death_sql['killed_by'] = "NPC";
}
echo "<td>".$number.". ".$killedplayer." </td><td> was killed at level ".$death_sql['level']." by a ".$death_sql['killed_by']." (" .date('M d Y, H:i:s',$death_sql['time']). ").</td></tr>";
}
else
{
echo "<td>".$number.". ".$killedplayer." </td><td> was killed at level ".$death_sql['level']." by  <a href=\"info.php?act=players&char=".$death_sql['killed_by']."\"> ".$death_sql['killed_by']."</a> (" .date('M d Y, H:i:s',$death_sql['time']). ").</td></tr>";
}
}
}
else
{
echo '<p>There have been no deaths on '.$worldname.'.</p>';
}
echo '</table>';

break;

case "house":
echo '<title>'.$worldname.' - House List</title>';

	echo '<h1>House list:</h1>'; 
?>

<table width="100%" cellSpacing="0" border="0">
	<tr>
		<td><b>Name</b></td>
		<td><b>Size</b></td>
		<td><b>Rent</b></td>
		<td><b>Town</b></td>
		<td><b>Status</b></td>
	</tr>
	<?PHP
	

	$file = simplexml_load_string(file_get_contents($house_dir));
	$i = 0;
	$town1name = $town[1]['name'];
	$town2name = $town[2]['name'];
	$town3name = $town[3]['name'];
	$town4name = $town[4]['name'];
	$town5name = $town[5]['name'];
	$town6name = $town[6]['name'];
	$town7name = $town[7]['name'];
	$town8name = $town[8]['name'];
	$town9name = $town[9]['name'];

	foreach($file->house as $house_dir_file){
		if($house_dir_file['townid'] == 1) 
		$town = $town1name; 
		elseif($house_dir_file['townid'] == 2) 
		$town = $town2name; 
		elseif($house_dir_file['townid'] == 3) 
		$town = $town3name; 
		elseif($house_dir_file['townid'] == 4) 
		$town = $town4name; 
		elseif($house_dir_file['townid'] == 5) 
		$town = $town5name; 
		elseif($house_dir_file['townid'] == 6) 
		$town = $town6name;  
		elseif($house_dir_file['townid'] == 7) 
		$town = $town7name;  
		elseif($house_dir_file['townid'] == 8) 
		$town = $town8name;  
		else 
		$town = $town9name; 

		$house_dir_query = mysql_query("SELECT * FROM `houses` WHERE (`id` = '".$house_dir_file['houseid']."') ") or die(mysql_error());
		$house_dir_sql = mysql_fetch_array($house_dir_query);

		$player_query = mysql_query("SELECT * FROM `players` WHERE (`id` = '".$house_dir_sql['owner']."') ") or die(mysql_error());
		$player_sql = mysql_fetch_array($player_query);

		if($house_dir_sql['id'] == $house_dir_file['houseid']){
			if(!(empty($house_dir_sql['owner']))) {
				if($house_dir_sql['owner'] == $player_sql['id']){
					$status = 'Rented by <a href="info.php?act=players&char='.$player_sql['name'].'">'.$player_sql['name'].'</a>';
				}
			}
			else{
				$status = 'Available';
			}
		}

			$id=$i+1;
			if($layout == thegathering) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == dragonflames) {
			echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
			elseif($layout == grayshades) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
			elseif($layout == blackdraft) {
			echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
		echo '<td>'.$house_dir_file['name'].'</td><td>'.$house_dir_file['size'].' sqm</td><td>'.$house_dir_file['rent'].' gold</td><td>'.$town.'</td><td>'.$status.'</td></tr>';
			$status = "";
			++$i;
		
	}
	echo "</table>";
	break;
	case "rules":

echo '<title>'.$worldname.' - Rules</title>';

echo '<h1>Rules:</h1>';

foreach(file("rules.txt") as $line)
{
echo "$line";
echo '<br />';
}
?>

<?PHP
break;
	case "rule_enforcers":
echo '<title>'.$worldname.' - Rule Enforcers</title>';
	
echo '<h1>'.$worldname.' Rule Enforcers:</h1>'; 

if($show_group2 == YES){
$group2_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 2");
if(mysql_num_rows($group2_query) != 0){
echo '<h2>'.$group_id2.'s on '.$worldname.':</h2><ul>';
while($group2_sql = mysql_fetch_array($group2_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group2_sql['name'].'">'.$group2_sql['name'].'</a></li>';
}
echo '</ul>';
}
}

if($show_group3 == YES){
$group3_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 3");
if(mysql_num_rows($group3_query) != 0){
echo '<h2>'.$group_id3.'s on '.$worldname.':</h2><ul>';
while($group3_sql = mysql_fetch_array($group3_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group3_sql['name'].'">'.$group3_sql['name'].'</a></li>';
}
echo '</ul>';
}
}

if($show_group4 == YES){
$group4_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 4");
if(mysql_num_rows($group4_query) != 0){
echo '<h2>'.$group_id4.'s on '.$worldname.':</h2><ul>';
while($group4_sql = mysql_fetch_array($group4_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group4_sql['name'].'">'.$group4_sql['name'].'</a></li>';
}
echo '</ul>';
}
}

if($show_group5 == YES){
$group5_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 5");
if(mysql_num_rows($group5_query) != 0){
echo '<h2>'.$group_id5.'s on '.$worldname.':</h2><ul>';
while($group5_sql = mysql_fetch_array($group5_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group5_sql['name'].'">'.$group5_sql['name'].'</a></li>';
}
echo '</ul>';
}
}

if($show_group6 == YES){
$group6_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 6");
if(mysql_num_rows($group6_query) != 0){
echo '<h2>'.$group_id6.'s on '.$worldname.':</h2><ul>';
while($group6_sql = mysql_fetch_array($group6_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group6_sql['name'].'">'.$group6_sql['name'].'</a></li>';
}
echo '</ul>';
}
}

if($show_group7 == YES){
$group7_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 7");
if(mysql_num_rows($group7_query) != 0){
echo '<h2>'.$group_id7.'s on '.$worldname.':</h2><ul>';
while($group7_sql = mysql_fetch_array($group7_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group7_sql['name'].'">'.$group7_sql['name'].'</a></li>';
}
echo '</ul>';
}
}

if($show_group8 == YES){
$group8_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 8");
if(mysql_num_rows($group8_query) != 0){
echo '<h2>'.$group_id8.'s on '.$worldname.':</h2><ul>';
while($group8_sql = mysql_fetch_array($group8_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group8_sql['name'].'">'.$group8_sql['name'].'</a></li>';
}
echo '</ul>';
}
}

if($show_group9 == YES){
$group9_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 9");
if(mysql_num_rows($group9_query) != 0){
echo '<h2>'.$group_id9.'s on '.$worldname.':</h2><ul>';
while($group9_sql = mysql_fetch_array($group9_query))
{ 
echo '<li><a href="info.php?act=players&char='.$group9_sql['name'].'">'.$group9_sql['name'].'</a></li>';
}
echo '</ul>';
}
}


?>

  <p><font color="red">There are no other rule enforcers than these. <br />
  	If anyone claims to be one please report it to any of the above.</font></p>
<?PHP

break;
case "tutorial":
echo '<title>'.$worldname.' - Login Tutorial</title>';

echo '<h1>Login Tutorial:</h1>'; 
	
foreach(file("login_tutorial.txt") as $line)
{
echo "<li>".$line."</li>";
}
?>
<?PHP
break;
case "commands":
echo '<title>'.$worldname.' - Player Commands</title>';

echo '<h1>Player Commands:</h1>'; 
	
foreach(file("player_commands.txt") as $line)
{
echo "<li>".$line."</li>";
}
?>

<?PHP
break;
case "spells":
echo '<title>'.$worldname.' - Spells List</title>';

echo '<h1>Spell Types</h1>'; 
?>
<ul>
	<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
	<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>

<?PHP
break;
case "instant_spells":
echo '<title>'.$worldname.' - Spells List - Instant Spells</title>';
?>
<h2>Spell Types</h2>
<ul>
	<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
	<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP

echo '<h1>Instant Spells</h1>'; 

if($layout == blackdraft) {
echo '<table width="394" bordercolor="444444" border="1">';}
else {
echo '<table width="500" bordercolor="444444" border="1">'; }
?>
  <tr> 
    <th><b>Spell name:</b></th> 
    <th><b>Words:</b></th> 
    <th><b>Mana:</b></th> 
    <th><b>Level:</b></th>  
    <th><b>Premium:</b></th>
  </tr> 
<?
$xml = simplexml_load_file($servpath.'\data\spells\spells.xml');
foreach($xml->instant as $spell) {
echo "<tr>";
echo "<td><center>".$spell['name']."</center></td>";
echo "<td><center>".$spell['words']."</center></td>";
if(isset($spell['mana'])) { echo "<td><center>".$spell['mana']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if(isset($spell['lvl'])) { echo "<td><center>".$spell['lvl']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if($spell['prem']==true) { echo "<td><center>Yes</center></td>"; } else { echo "<td><center>No</center></td>"; }
echo "</tr>";
}
?>
</table>

<?PHP
break;
case "conjure_spells":
echo '<title>'.$worldname.' - Spells List - Conjure/Rune Spells</title>';
?>
<h2>Spell Types</h2>
<ul>
	<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
	<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP

echo '<h1>Conjure/Rune Spells</h1>'; 

if($layout == blackdraft) {
echo '<table width="394" bordercolor="444444" border="1">';}
else {
echo '<table width="500" bordercolor="444444" border="1">';}
?>
  <tr> 
    <th><b>Spell name:</b></th> 
    <th><b>Words:</b></th> 
    <th><b>Mana:</b></th> 
    <th><b>Level:</b></th>  
    <th><b>Premium:</b></th>
  </tr> 
<?PHP
$xml = simplexml_load_file($servpath.'\data\spells\spells.xml');
foreach($xml->conjure as $spell) {
echo "<tr>";
echo "<td><center>".$spell['name']."</center></td>";
echo "<td><center>".$spell['words']."</center></td>";
if(isset($spell['mana'])) { echo "<td><center>".$spell['mana']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if(isset($spell['lvl'])) { echo "<td><center>".$spell['lvl']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if($spell['prem']==true) { echo "<td><center>Yes</center></td>"; } else { echo "<td><center>No</center></td>"; }
echo "</tr>";
}
?>
</table>

<?PHP
break;
case "monsters":
echo '<title>'.$worldname.' - Monsters List</title>';

echo '<h1>Monster:</h1>';

$folder = opendir($monster_dir);
echo '<table><tr>';

while($filename = readdir($folder))
{
if($layout == blackdraft) {
	$i == 0;
    	if($i == 4) {
	echo '</tr><tr>';
	$i = 0;
	}
	}
else {
    	$i == 0;
    	if($i == 6) {
    	echo '</tr><tr>';
    	$i = 0;
 	}
  	}

    if($filename == "." || $filename == "..") continue;
    $temp = explode(".", $filename);

    if($temp[1] == "xml")
    {
        $name = $temp[0];
        
        if (!in_array($name, $dont_show))
        {
        	$i++;
        		print('<td><center><img src="' .$monster_imgs. '' .$name. '.gif"><br />');
            print('<a href="info.php?act=creature&cnm=' .$name. '">' .$name. '</a></center></td>');
            
        }
    }
}
echo '</tr></table>';
break;

case "creature":

echo '<h1>'.$_GET['cnm'].'</h1>'; 

$monster_name = $_GET['cnm'];
$name = "";
$exp = 0;
$hp = 0;
$looktype = 0;
$manacost = 0;

$file = $monster_dir.$monster_name.".xml";
$f = @fopen($file, "r");
if($f) {
$contents = fread($f, filesize($file));
fclose($f);
$tags = explode("<", $contents);
foreach($tags as $tag) {
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " name=\"");
$temp2 = explode("\"", $temp);
$name = $temp2[1];
}
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " experience=\"");
$temp2 = explode("\"", $temp);
$exp = $temp2[1];
}
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " manacost=\"");
$temp2 = explode("\"", $temp);
$manacost = $temp2[1];
}
  if($manacost == 0)
		$manacost = 'Not summonable';
		
if(substr($tag, 0, 6) == "health") {
$temp = stristr($tag, " max=\"");
$temp2 = explode("\"", $temp);
$hp = $temp2[1];
}
if(substr($tag, 0, 4) == "look") {
$temp = stristr($tag, " type=\"");
$temp2 = explode("\"", $temp);
$looktype = $temp2[1];
}
if(substr($tag, 0, 7) == "defense") {
$temp = stristr($tag, " immunity=\"");
$temp2 = explode("\"", $temp);
$immunities[] = $temp2[1];
}
if(substr($tag, 0, 6) == "summon") {
$temp = stristr($tag, " name=\"");
$temp2 = explode("\"", $temp);
$summons[] = $temp2[1];
}
 

}

$temp = stristr($contents, "<attacks>");
$attacks = explode("</attacks>", $temp);
$attack = explode("<attack", $attacks[0]);
$melee = false;
$distance = false;
$fire_spell = false;
$energy_spell = false;
$poison_spell = false;
$explosion_rune = false;
$sudden_death_rune = false;
$bersek_spell = false;
$self_healing = false;
$summons[] = "";
$immunities[] = "";
foreach($attack as $temp) {
if(stristr($temp, "type=\"melee\"")) {$melee = true; continue;}
if(stristr($temp, "type=\"distance\"")) {$distance = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && (   stristr($temp, "name=\"great fireball\"") || stristr($temp, "name=\"exevo gran mas vis\"")  )) {$fire_spell = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && (   stristr($temp, "name=\"exevo gran vis lux\"")  )) {$energy_spell = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && (   stristr($temp, "name=\"exura")  )) {$self_healing = true; continue;}
if($tmp = stristr($temp, "name=\"")) {
   $temp2 = explode("\"", $tmp);
   $special_attacks = $special_attacks . $temp2[1] . ", ";
   continue;
}
if($tmp = stristr($temp, "type=\"")) {
   $temp2 = explode("\"", $tmp);
   $special_attacks = $special_attacks . $temp2[1] . ", ";
   continue;
}

}

print("<img src=\"$monster_imgs$monster_name.gif\">\n<br />\n<b>Experience:</b> $exp\n<br />\n<b>Health:</b> $hp\n<br />\n<b>Manacost:</b> $manacost\n<br />\n<b>Immunities:</b><br />");
foreach($immunities as $temp) {
if(!$temp) continue;
print("$temp, ");
}
print("<br /><b>Summons:</b><br />");
foreach($summons as $temp) {
if(!$temp) continue;
print("$temp, ");
}
  
$temp = stristr($contents, "<loot>");
$lootnode = explode("</loot>", $temp);
$loot = explode("<item", $lootnode[0]);
$ids[] = "";

foreach($loot as $item) {
if($idpos = stristr($item, "id=\"")) {
  $temp = explode("\"", $idpos);
  $id = $temp[1];
  $ids[] = $id;
}
}

$f2 = @fopen($fileitems, "r");
if($f2) {
$itemnames[] = "";
$items_contents = fread($f2, filesize($fileitems));
fclose($f2);
$items = explode("<item ", $items_contents);
foreach($ids as $item) {
$found = false;
foreach($items as $item_node) {
if(stristr($item_node, "id=\"$item\"")) {
$temp = stristr($item_node, "name=\"");
$temp2 = explode("\"", $temp);
$itemnames[] = $temp2[1];
$found = true;
break;
}
}
if(!$found) {
$itemnames[] = $item;
}
}
/*print("<br /><b>Loot:</b><ul>");*/
foreach($itemnames as $item) {
if(!$item) continue;
print("<li>$item<br />");
}
print("</ul>");
}
}
break;
}
include ('Includes/footer_includes.php');
?>

Hope some one use it, i try to find more bugs later.<_<
 
Last edited by a moderator:
Would be great if you could make it possible to upload guild image from internett link instead of having me uploading them too :p

afs-cms surely is more complicated than nicaw :p
 
Last edited:
Status
Not open for further replies.
Back
Top