OP
OP
Avarian
Bring Out Your Dead!
Well at least were not off topic or anything 
Afs-cms
- Thread starter Avarian
- Start date
- Status
Not sure if this was reported already but when players create guilds on the site, the following happens:
1. User inputs "Wana Ded's" as the guild name.
2. The guild name shows up correctly on the website.
3. On the game, it shows up as this "Wana Ded\'s"
1. User inputs "Wana Ded's" as the guild name.
2. The guild name shows up correctly on the website.
3. On the game, it shows up as this "Wana Ded\'s"
Oceanic
Php / C++ / MySQL
Ronaldino
Esso Eh
- Joined
- Dec 25, 2007
- Messages
- 745
- Reaction score
- 0
Avarian use this...
Oceanic
Php / C++ / MySQL
OP
OP
Avarian
Bring Out Your Dead!
I'll make it so that names with a ' won't be allowed from now on, thanks for the report.
I think your thinking of magic_quotes but I don't use addslashes()
I do use mysql_real_escape_string()
stripslashes() is to remove the slashes inserted into the database by mysql_real_escape_string(), but it's only used for displaying information on the site, not for actually removing the / from the database.
4220niller
XHTML / CSS Coder
Why would you do that? Just write your own escape function, that dosn't escape the ' character, but then escapes ';, so that way MySQL injections would be avoided.
This function will escape a string using mysql_real_escape_string(), and then turn the \' into ', and then the '; into \';. As far as I know, that should allow the ' character, and still secure the query.
PHP:
function mysql_escape($string){
$string = mysql_real_escape_string($string);
$string = str_replace("\'", "'", $string);
return str_replace("';", "\';", $string);
}Something even safer, would be to remove any MySQL related strings: "select, remove, insert, alter and such...".
Last edited:
what have i done wrong? Its acutally 17 players online but it dosn't want to show that. Everything else works 100% perfect, even online list, and from online list you can see how many players thats online.
its also gone 3 hours, and it shows 0 hours 0 minutes.. i don't think its refreshing itself
- Joined
- Dec 11, 2007
- Messages
- 3,666
- Solutions
- 1
- Reaction score
- 125
- Location
- Warsaw, Poland
- GitHub
- tayandenga
- Twitch
- tayandenga
Its about statusTimeout and IP/host, Znote.
ohh and how can I make the picture of the day to load from etc photobucket instead of my own computer? So it downloads from a link instead of having me uploading the image every time a guy looks at the page?
Last edited:
OP
OP
Avarian
Bring Out Your Dead!
Open index.php and change the img src to your online image link.
In the next release i'll change it to so that you can host the pics from your computer, some other internet source, or just not use it at all.
Oceanic
Php / C++ / MySQL
It is possebile to inject code on it
Avarian msg me as fast as you can, found many heavy holes on your cms were people can enter own code and get admin
Avarian msg me as fast as you can, found many heavy holes on your cms were people can enter own code and get admin
Last edited:
Cosmotonio
New Member
- Joined
- Nov 26, 2007
- Messages
- 142
- Reaction score
- 0
Request - Player need to be offline when create a guild.
ragal
Member
Oceanic
Php / C++ / MySQL
Seriously? damn what we can do now?
its rly possbile ? OMG
It is possebile because you can inject own code. I have sent Avarain a msg so he can fix it.
Mr Evil
New Member
- Joined
- Mar 31, 2008
- Messages
- 279
- Reaction score
- 0
Seriously? damn what we can do now?
its rly possbile ? OMG
use oceanic or wait for avarian to fix it:thumbup:
Oceanic
Php / C++ / MySQL
Fixed code injection
This will redirect you to your server and also send your cookies.
When the server has your cookies they send you back
It is also possebile to inject code in info.php?act=players&char=
What can some one do with your cookies?
If they succes to get the admins cookie they can change there cookies so it look like the admins.
To change cookies you use
The new value is the value that you got from logg.txt
How can i protect my self?
It is possebile to use htmlspecialchars() so the < and > tags dont load as html.
Here is the code
Hope some one use it, i try to find more bugs later.<_<
This will redirect you to your server and also send your cookies.
When the server has your cookies they send you back
It is also possebile to inject code in info.php?act=players&char=
What can some one do with your cookies?
If they succes to get the admins cookie they can change there cookies so it look like the admins.
To change cookies you use
The new value is the value that you got from logg.txt
How can i protect my self?
It is possebile to use htmlspecialchars() so the < and > tags dont load as html.
Here is the code
PHP:
<?PHP
/*
Author: Avarian
Product Name: AFS-CMS
Purpose: A Content Management System specifically made for the forgotten server.
Copyright (C) 2007-2008 [Avarian]
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
session_start();
include ('Includes/config_includes.php');
include ('Includes/function_includes.php');
include ('Includes/header_includes.php');
switch($_GET['act']){
####ONLINE LIST#####
case "online":
echo '<title>'.$worldname.' - Players Online</title>';
echo '<h1>Players Online:</h1>';
$i = 1;
'.$vocations.';
$online_query = mysql_query("SELECT * FROM `players` WHERE `online` = 1 ORDER BY `name` ASC") or die(mysql_error());
if(mysql_num_rows($online_query) != 0){
echo '<table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#000000" width="100%" cellspacing="0">';
echo '<tr><td width="40%" bgcolor="#000000"><b>Players:</b></td><td width="40%" bgcolor="#000000"><b>Vocation:</b></td><td width="20%" bgcolor="#000000"><b>Level:</b></td></tr>';
while($sql_online = mysql_fetch_array($online_query)){
$number++;
if($layout == grayshades) {
echo '<td bgcolor="#444444">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#444444">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#444444">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == blackdraft) {
echo '<td bgcolor="#444444">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#444444">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#444444">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == thegathering) {
echo '<td bgcolor="#110F01">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#110F01">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#110F01">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == dragonflames) {
echo '<td bgcolor="#110F01">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#110F01">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#110F01">'.$sql_online['level'].'</td></tr>'; }
}
}
else
{
echo '<p>There are no players online on '.$worldname.'.</p>';
}
echo '</table>';
break;
#####HIGHSCORES#####
case "highscores":
echo '<title>'.$worldname.' - Highscores</title>';
$cfg['rank'] = 25;
if(isset($_GET['skill'])){
$skill = $_GET['skill'];
} else {
$skill = "Level";
}
if(!isset($_GET['pg'])) {
$pg = 1;
} else {
$pg = $_GET['pg'];
}
if($pg > 11){
$inicio = 11;
}else{
$inicio = $pg - 1;
}
$ini = $inicio * $cfg['rank'];
$prox = $cfg['rank'] * $pg + 1;
$prox_ = $cfg['rank'] * $pg + $cfg['rank'];
if($pg == 2){
$ante = "1-".$cfg['rank'];
}elseif($pg > 2){
$aa = $pg - 1;
$b = $pg - 2;
$a = $cfg['rank'] * $b;
$ante = $a+'1'."-".$cfg['rank']*$aa;
}
if($pg == 1 or $pg == ""){
$asd = " ";
}else{
$asd = " | ";
}
?>
<style type="text/css">
<!--
.style1 {color: #FFFFFF}
-->
</style>
<div align="center"><h1>Highscores - Top 300</h1></div>
<table width="100%" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="87%" valign="top"><table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="#000000">
<tr>
<td width="10%"><div align="center"><span class="style1">Rank</span></div></td>
<td width="50%"><span class="style1">Name</span></td>
<td width="15%"><div align="center"><span class="style1"><?=$skill?></span></div></td>
<? if($skill == "Level"){?><td width="25%"><div align="center"><span class="style1">Experience</span></div></td><? } ?>
</tr>
<? switch($skill){
case "Fist":
$id = 0;
break;
case "Club":
$id = 1;
break;
case "Sword":
$id = 2;
break;
case "Axe":
$id = 3;
break;
case "Distance":
$id = 4;
break;
case "Shield":
$id = 5;
break;
case "Fish":
$id = 6;
break;
}
if($skill == "Level") {
$total = mysql_query("SELECT * FROM players WHERE group_id < '".$hs_group_id."' ORDER BY level");
$tr = mysql_num_rows($total);
$tp = $tr / $cfg['rank'];
$tp = ceil($tp);
$ant = $pg-1;
$pro = $pg+1;
$verifica = mysql_query("SELECT name,level,experience FROM players WHERE group_id < '".$hs_group_id."' ORDER BY experience DESC LIMIT ".$ini.",".$cfg['rank']."");
if($pg == 1 or $pg == 0){
$i = 1;
}elseif($pg > 1){
$i = $ini+1;
}
while($dados = mysql_fetch_array($verifica)) {
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
echo '
<td><center>'.$i.'</center></td>
<td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
<td><center>'.$dados['level'].'</center></td>
<td><center>'.$dados['experience'].'</center></td>
</tr>';
$i++;
}
if($tr > $cfg['rank']){
echo '<tr bgcolor="black">
<td colspan=4><div align="right">';
if($pg > 1){
$anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
}
if($pg != 11){
if($pg < $tp){
$proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
$tt = true;
}
}
echo $anterior;
if($tt == true) echo $asd;
echo $proxima;
echo '</div></td><tr>';
}
}
elseif($skill == "Magic") {
$total = mysql_query("SELECT * FROM players WHERE group_id < '".$hs_group_id."' ORDER BY maglevel");
$tr = mysql_num_rows($total);
$tp = $tr / $cfg['rank'];
$tp = ceil($tp);
$ant = $pg-1;
$pro = $pg+1;
$verifica = mysql_query("SELECT name,maglevel FROM players WHERE group_id < '".$hs_group_id."' ORDER BY maglevel DESC LIMIT ".$ini.",".$cfg['rank']."");
if($pg == 1 or $pg == 0){
$i = 1;
}elseif($pg > 1){
$i = $ini+1;
}
while($dados = mysql_fetch_array($verifica)) {
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '
<td><center>'.$i.'</center></td>
<td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
<td><center>'.$dados['maglevel'].'</center></td>
</tr>';
$i++;
}
if($tr > $cfg['rank']){
echo '<tr bgcolor="black">
<td colspan=3><div align="right">';
if($pg > 1){
$anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
}
if($pg != 11){
if($pg < $tp){
$proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
$tt = true;
}
}
echo $anterior;
if($tt == true) echo $asd;
echo $proxima;
echo '</div></td><tr>';
}
}
else {
$total = mysql_query("SELECT name,value FROM players, player_skills WHERE group_id < '".$hs_group_id."' AND players.id = player_skills.player_id AND player_skills.skillid = ".$id." ORDER BY value DESC");
$tr = mysql_num_rows($total);
$tp = $tr / $cfg['rank'];
$tp = ceil($tp);
$ant = $pg-1;
$pro = $pg+1;
$verifica = mysql_query("SELECT name,value FROM players, player_skills WHERE group_id < '".$hs_group_id."' AND players.id = player_skills.player_id AND player_skills.skillid = ".$id." ORDER BY value DESC LIMIT ".$ini.",".$cfg['rank']."");
if($pg == 1 or $pg == 0){
$i = 1;
}elseif($pg > 1){
$i = $ini+1;
}
while($dados = mysql_fetch_array($verifica)) {
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '
<td><center>'.$i.'</center></td>
<td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
<td><center>'.$dados['value'].'</center></td>
</tr>';
$i++;
}
if($tr > $cfg['rank']){
echo '<tr bgcolor="black">
<td colspan=3><div align="right">';
if($pg > 1){
$anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
}
if($pg != 11){
if($pg < $tp){
$proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
$tt = true;
}
}
echo $anterior;
if($tt == true) echo $asd;
echo $proxima;
echo '</div></td><tr>';
}
}
?>
</table>
<div align="right">
</div>
<?PHP
if($layout == grayshades) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == blackdraft) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == thegathering) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="110F09">'; }
elseif($layout == dragonflames) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="110F09">'; }
echo '</table></td>';
if($layout == thegathering) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="000000">'; }
elseif($layout == dragonflames) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="000000">'; }
elseif($layout == grayshades) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == blackdraft) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Level">Level</a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Magic">Magic Level </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Fist">Fist Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Club">Club Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Sword">Sword Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Axe">Axe Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Distance">Distance Fighting</a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Shield">Shielding</a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Fish">Fishing</a></div></td>';
echo '</tr>';
echo '</table></td>';
echo '</tr>';
echo '</table>';
?>
<?PHP
mysql_close();
break;
#####PLAYER SEARCH#####
case "players":
echo '<title>'.$worldname.' - Players Search</title>';
echo '<h1>Player Search:</h1>';
$char = trim($_REQUEST['char']);
if (!$char) {
echo '<p>You have not requested any player name.</p>';
include ('Includes/footer_includes.php');
die;
}
if (strlen($char) < 2) {
echo '<p>Not enough letters. Please enter atleast two.</p>';
include ('Includes/footer_includes.php');
die;
}
$char = mysql_real_escape_string($char);
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
if(mysql_num_rows($player_query)==0) {
$check_player_query = mysql_query("SELECT * FROM `players` WHERE `name` like '%".$char."%' LIMIT 0, ".$search_result_limit."");
if(mysql_num_rows($check_player_query) != 0)
{
$i = 0;
echo '<table cellspacing=0 cellpadding="5" border="0"><tr><td width="150px">Name</td><td width="50px"><center>Level</center></td><td width="100px">Vocation</td><center><td width="50px">Status:</td><center></tr>';
while($check_player_sql = mysql_fetch_array($check_player_query))
{
'.$vocations.';
$id=$i+1;
if($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
echo '<td><a href="info.php?act=players&char='.$check_player_sql['name'].'">'.$check_player_sql['name'].'</a></td><td><center>'.$check_player_sql['level'].'</center></td><td>'.$vocations[$check_player_sql['vocation']].'</td>';
if($check_player_sql['online'] > 0) {
echo '<td><center><font color="green"><b>Online</b></font></center></td>'; }
else {
echo '<td><center><font color="red"><b>Offline</b></font></center></td>';}
echo '<tr>';
$i++;
}
echo '</table>';
}
else
{
echo '<p>Player '.htmlspecialchars($char).' does not exist.</p>';
}
} else {
$player_sql = mysql_fetch_array($player_query);
$acc_logged_query = mysql_query("SELECT * FROM `accounts` WHERE (`id` = '".$player_sql['account_id']."') ") or die(mysql_error());
$acc_logged_sql = mysql_fetch_array($acc_logged_query);
$account_ban = $player_sql['account_id'];
$ban_query = mysql_query("SELECT * FROM `bans` WHERE (`account` = '$account_ban') ") or die(mysql_error());
$ban_sql = mysql_fetch_array($ban_query);
if ($player_sql['lastlogin'] != 0) $lastlog = date('M d Y, H:i:s',$player_sql['lastlogin']);
else $lastlog = 'never logged in';
if($player_sql['town_id'] == $town[1]['id'])
$town = $town[1]['name'];
elseif($player_sql['town_id'] == $town[2]['id'])
$town = $town[2]['name'];
elseif($player_sql['town_id'] == $town[3]['id'])
$town = $town[3]['name'];
elseif($player_sql['town_id'] == $town[4]['id'])
$town = $town[4]['name'];
elseif($player_sql['town_id'] == $town[5]['id'])
$town = $town[5]['name'];
elseif($player_sql['town_id'] == $town[6]['id'])
$town = $town[6]['name'];
elseif($player_sql['town_id'] == $town[7]['id'])
$town = $town[7]['name'];
elseif($player_sql['town_id'] == $town[8]['id'])
$town = $town[8]['name'];
elseif($player_sql['town_id'] == $town[9]['id'])
$town = $town[9]['name'];
elseif($player_sql['town_id'] == $rook['id'])
$town = $rook['name'];
$rankid = $player_sql['rank_id'];
$query20 = mysql_query("SELECT * FROM `guild_ranks` WHERE (`id` = '$rankid') ") or die(mysql_error());
$query_result20 = mysql_fetch_row($query20);
$guildscheck = $query_result20[1];
$query123 = mysql_query("SELECT * FROM `guilds` WHERE (`id` = '$guildscheck') ") or die(mysql_error());
$query_result123 = mysql_fetch_row($query123);
$space = $query_result123[1];
$comment = stripslashes($player_sql['comment']);
echo '<h2>Character information:</h2>';
echo '<table width=400px><tr><tr><td width=100px>Name: </td><td width=300px>'.$player_sql['name'].'<br /></td></tr>';
$sexs = array("Female", "Male");
echo '<tr><td width=100px>Sex:</td><td width=300px>'.$sexs[$player_sql['sex']].'<br /></td></tr>';
echo '<tr><td width=100px>Level:</td><td width=300px>'.$player_sql['level'].'<br /></td></tr>';
'.$vocations.';
echo '<tr><td width=100px>Vocation:</td><td width=300px>'.$vocations[$player_sql['vocation']].'<br /></td></tr>';
echo '<tr><td width=100px>Residence:</td><td width=300px>'.$town.'<br /></td></tr>';
if (empty($space)) {
echo '<tr><td width=100px>Guild: </td><td width=300px>None';
echo '<br /></td></tr>';
}
else
{
echo '<tr><td width=100px>Guild: </td><td width=300px>'.$query_result20[2].' of the <a href="guilds.php?act=view&guild='.$query_result123[1].'">'.$query_result123[1].'</a>';
echo '<br /></td></tr>';
}
echo '<tr><td width=100px>Lastlogin:</td><td width=300px>'.$lastlog.'<br /></td></tr>';
if($acc_logged_sql['premdays'] > 0 )
echo '<tr><td width=100px>Account Type:</td><td width=300px>Premium Account<br /></td></tr>';
else
echo '<tr><td width=100px>Account Type:</td><td width=300px>Free Account<br /></td></tr>';
if($comment == "") {
echo '<tr><td width=100px>Comment:</td><td width=300px>None<br /></td></tr>';
}
else
{
echo '<tr><td width=100px>Comment:</td><td width=300px>'.htmlspecialchars($comment).'<br /></td></tr>';
}
if($player_sql['online'] > 0 ) {
echo '<tr><td width=100px>Status:</td><td width=300px><font color="green"> Online</font><br /></td></tr>'; }
else {
echo '<tr><td width=100px>Status:</td><td width=300px><font color="red"> Offline</font><br /></td></tr>'; }
echo '</table>';
echo ('<br /><h2>Account information:</h2>');
echo "<table width=400px>";
if($acc_logged_sql['hidemail'] == 0)
echo '<tr><td width=100px>Email:</td><td width=300px> <a href="mailto:'.$acc_logged_sql['email'].'">'.$acc_logged_sql['email'].'</a></td></tr>';
if($acc_logged_sql['hide'] == 0){
echo '<tr><td width=100px>Realname:</td><td width=300px> '.$acc_logged_sql['rlname'].'</td></tr>';
echo '<tr><td width=100px>Location:</td><td width=300px> '.$acc_logged_sql['location'].'</td></tr>';
}
$positionss = array("None", "$group_id1", "$group_id2", "$group_id3", "$group_id4", "$group_id5", "$group_id6", "$group_id7", "$group_id8", "$group_id9");
if($player_sql['group_id'] > 1)
{
echo '<tr><td width=100px>Position:</td><td width=300px><font color="Red">'.$positionss[$player_sql['group_id']].'</font></td></tr>';
} else {
echo '<tr><td width=100px>Position:</td><td width=300px>'.$positionss[$player_sql['group_id']].'</td></tr>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 0 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 1 )
{
echo '<tr><td width=100px><font color="Red">Banished</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 2 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 3 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 4 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 5 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 6 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 7 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 8 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 9 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of offensive statement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 10 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of spamming.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 11 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of advertisement not related to game.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 12 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of real money advertisement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 13 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of non-english public statement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 14 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of off-topic public statement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 15 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of inciting rule violation.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 16 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of bug abuse.</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 17 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of game weakness abuse.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 18 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of macro use.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 19 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of using unofficial sotware to play.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 20 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of hacking.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 21 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of multi-clienting.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 22 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of account trading.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 23 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of account sharing.</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 24 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of threatening gamemaster.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 25 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of pretending to have official position.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 26 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of pretending to have influence on gamemaster.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 27 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of false report to gamemaster.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 28 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of excessive unjustified player killing.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 29 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of destructive behaviour.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 30 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of spoiling action.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 31 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red">Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid payment.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
else
echo '</table>';
$char = trim($_REQUEST['char']);
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
$query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ") or die(mysql_error());
$sql = mysql_fetch_array($query);
$death_query = mysql_query("SELECT * FROM `player_deaths` WHERE (`player_id` = '".$sql['id']."') ORDER BY `time` DESC LIMIT 10") or die(mysql_error());
if(mysql_num_rows($death_query) != 0){
echo '<br /><h2>Character Deaths:</h2>';
echo '<table cellspacing=0 cellpadding="5" border="0">';
while($death_sql = mysql_fetch_array($death_query)){
$number++;
$dead = $death_sql['player_id'];
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
$player_sql_result = mysql_fetch_array($player_query);
$player_id = $player_sql_result['id'];
if(empty($player_sql_result['name'])) {
$killedplayer = "ID: ".$dead." - SQL error";
}
else
{
$killedplayer = "<a href=\"info.php?act=players&char=".$player_sql_result['name']."\">".$player_sql_result['name']."</a>";
}
if($layout == grayshades) {
echo ($number % 2) ? "<tr>" : "<tr>"; }
elseif($layout == blackdraft) {
echo ($number % 2) ? "<tr>" : "<tr>"; }
elseif($layout == thegathering) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
if($death_sql['is_player'] != 1) {
if($death_sql['killed_by'] == -1) {
$death_sql['killed_by'] = "NPC";
}
echo "<td>" .date('M d Y, H:i:s',$death_sql['time']). " Died at level ".$death_sql['level']." by a ".$death_sql['killed_by'].".</td></tr>";
}
else
{
echo "<td>" .date('M d Y, H:i:s',$death_sql['time']). " Died at level ".$death_sql['level']." by <a href=\"info.php?act=players&char=".$death_sql['killed_by']."\"> ".$death_sql['killed_by']."</a>.</td></tr>";
}
}
}
else
{
}
echo '</table>';
if($acc_logged_sql['hidechars'] == 0)
{
echo ' <br /><h2>Characters:</h2>
<table border="0" cellSpacing="0" cellPadding="2" width="220">
<tr>
<td width="200">Name:</td><td width="20"><center>Level:</center></td>
</tr>';
$acc_query = mysql_query("SELECT * FROM `players` WHERE (`account_id` = '".$player_sql['account_id']."') ") or die(mysql_error());
$i=1;
while($acc_sql = mysql_fetch_array($acc_query)){
if($acc_sql['hide'] == 0)
{
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '<td width="200px">'.$i.'. <a href="info.php?act=players&char='.$acc_sql['name'].'">'.$acc_sql['name'].'</a></td>';
echo '<td width="20px"><center>'.$acc_sql['level'].'</center></td>';
echo '</tr>';
$i++;
}
else {
}
}
echo '</table>';
}
else { }
}
break;
case "deaths":
echo '<title>'.$worldname.' - Latest Deaths</title>';
echo '<h1>Latest Deaths:</h1>';
$i = 1;
$death_query = mysql_query("SELECT * FROM `player_deaths` ORDER BY `time` DESC LIMIT $death_limit") or die(mysql_error());
if(mysql_num_rows($death_query) != 0){
echo '<table cellspacing=0 cellpadding="5" border="0">';
echo '<tr><td><b>Player:</b></td><td><b>Death:</b></td></tr>';
while($death_sql = mysql_fetch_array($death_query)){
$number++;
$dead = $death_sql['player_id'];
$player_query = mysql_query("SELECT * FROM players WHERE id = '$dead'") or die(mysql_error());
$player_sql_result = mysql_fetch_array($player_query);
if(empty($player_sql_result['name'])) {
$killedplayer = "ID: ".$dead." - SQL error";
}
else
{
$killedplayer = "<a href=\"info.php?act=players&char=".$player_sql_result['name']."\">".$player_sql_result['name']."</a>";
}
if($layout == thegathering) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($number % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($number % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
if($death_sql['is_player'] != 1) {
if($death_sql['killed_by'] == -1) {
$death_sql['killed_by'] = "NPC";
}
echo "<td>".$number.". ".$killedplayer." </td><td> was killed at level ".$death_sql['level']." by a ".$death_sql['killed_by']." (" .date('M d Y, H:i:s',$death_sql['time']). ").</td></tr>";
}
else
{
echo "<td>".$number.". ".$killedplayer." </td><td> was killed at level ".$death_sql['level']." by <a href=\"info.php?act=players&char=".$death_sql['killed_by']."\"> ".$death_sql['killed_by']."</a> (" .date('M d Y, H:i:s',$death_sql['time']). ").</td></tr>";
}
}
}
else
{
echo '<p>There have been no deaths on '.$worldname.'.</p>';
}
echo '</table>';
break;
case "house":
echo '<title>'.$worldname.' - House List</title>';
echo '<h1>House list:</h1>';
?>
<table width="100%" cellSpacing="0" border="0">
<tr>
<td><b>Name</b></td>
<td><b>Size</b></td>
<td><b>Rent</b></td>
<td><b>Town</b></td>
<td><b>Status</b></td>
</tr>
<?PHP
$file = simplexml_load_string(file_get_contents($house_dir));
$i = 0;
$town1name = $town[1]['name'];
$town2name = $town[2]['name'];
$town3name = $town[3]['name'];
$town4name = $town[4]['name'];
$town5name = $town[5]['name'];
$town6name = $town[6]['name'];
$town7name = $town[7]['name'];
$town8name = $town[8]['name'];
$town9name = $town[9]['name'];
foreach($file->house as $house_dir_file){
if($house_dir_file['townid'] == 1)
$town = $town1name;
elseif($house_dir_file['townid'] == 2)
$town = $town2name;
elseif($house_dir_file['townid'] == 3)
$town = $town3name;
elseif($house_dir_file['townid'] == 4)
$town = $town4name;
elseif($house_dir_file['townid'] == 5)
$town = $town5name;
elseif($house_dir_file['townid'] == 6)
$town = $town6name;
elseif($house_dir_file['townid'] == 7)
$town = $town7name;
elseif($house_dir_file['townid'] == 8)
$town = $town8name;
else
$town = $town9name;
$house_dir_query = mysql_query("SELECT * FROM `houses` WHERE (`id` = '".$house_dir_file['houseid']."') ") or die(mysql_error());
$house_dir_sql = mysql_fetch_array($house_dir_query);
$player_query = mysql_query("SELECT * FROM `players` WHERE (`id` = '".$house_dir_sql['owner']."') ") or die(mysql_error());
$player_sql = mysql_fetch_array($player_query);
if($house_dir_sql['id'] == $house_dir_file['houseid']){
if(!(empty($house_dir_sql['owner']))) {
if($house_dir_sql['owner'] == $player_sql['id']){
$status = 'Rented by <a href="info.php?act=players&char='.$player_sql['name'].'">'.$player_sql['name'].'</a>';
}
}
else{
$status = 'Available';
}
}
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '<td>'.$house_dir_file['name'].'</td><td>'.$house_dir_file['size'].' sqm</td><td>'.$house_dir_file['rent'].' gold</td><td>'.$town.'</td><td>'.$status.'</td></tr>';
$status = "";
++$i;
}
echo "</table>";
break;
case "rules":
echo '<title>'.$worldname.' - Rules</title>';
echo '<h1>Rules:</h1>';
foreach(file("rules.txt") as $line)
{
echo "$line";
echo '<br />';
}
?>
<?PHP
break;
case "rule_enforcers":
echo '<title>'.$worldname.' - Rule Enforcers</title>';
echo '<h1>'.$worldname.' Rule Enforcers:</h1>';
if($show_group2 == YES){
$group2_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 2");
if(mysql_num_rows($group2_query) != 0){
echo '<h2>'.$group_id2.'s on '.$worldname.':</h2><ul>';
while($group2_sql = mysql_fetch_array($group2_query))
{
echo '<li><a href="info.php?act=players&char='.$group2_sql['name'].'">'.$group2_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group3 == YES){
$group3_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 3");
if(mysql_num_rows($group3_query) != 0){
echo '<h2>'.$group_id3.'s on '.$worldname.':</h2><ul>';
while($group3_sql = mysql_fetch_array($group3_query))
{
echo '<li><a href="info.php?act=players&char='.$group3_sql['name'].'">'.$group3_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group4 == YES){
$group4_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 4");
if(mysql_num_rows($group4_query) != 0){
echo '<h2>'.$group_id4.'s on '.$worldname.':</h2><ul>';
while($group4_sql = mysql_fetch_array($group4_query))
{
echo '<li><a href="info.php?act=players&char='.$group4_sql['name'].'">'.$group4_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group5 == YES){
$group5_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 5");
if(mysql_num_rows($group5_query) != 0){
echo '<h2>'.$group_id5.'s on '.$worldname.':</h2><ul>';
while($group5_sql = mysql_fetch_array($group5_query))
{
echo '<li><a href="info.php?act=players&char='.$group5_sql['name'].'">'.$group5_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group6 == YES){
$group6_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 6");
if(mysql_num_rows($group6_query) != 0){
echo '<h2>'.$group_id6.'s on '.$worldname.':</h2><ul>';
while($group6_sql = mysql_fetch_array($group6_query))
{
echo '<li><a href="info.php?act=players&char='.$group6_sql['name'].'">'.$group6_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group7 == YES){
$group7_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 7");
if(mysql_num_rows($group7_query) != 0){
echo '<h2>'.$group_id7.'s on '.$worldname.':</h2><ul>';
while($group7_sql = mysql_fetch_array($group7_query))
{
echo '<li><a href="info.php?act=players&char='.$group7_sql['name'].'">'.$group7_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group8 == YES){
$group8_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 8");
if(mysql_num_rows($group8_query) != 0){
echo '<h2>'.$group_id8.'s on '.$worldname.':</h2><ul>';
while($group8_sql = mysql_fetch_array($group8_query))
{
echo '<li><a href="info.php?act=players&char='.$group8_sql['name'].'">'.$group8_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group9 == YES){
$group9_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 9");
if(mysql_num_rows($group9_query) != 0){
echo '<h2>'.$group_id9.'s on '.$worldname.':</h2><ul>';
while($group9_sql = mysql_fetch_array($group9_query))
{
echo '<li><a href="info.php?act=players&char='.$group9_sql['name'].'">'.$group9_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
?>
<p><font color="red">There are no other rule enforcers than these. <br />
If anyone claims to be one please report it to any of the above.</font></p>
<?PHP
break;
case "tutorial":
echo '<title>'.$worldname.' - Login Tutorial</title>';
echo '<h1>Login Tutorial:</h1>';
foreach(file("login_tutorial.txt") as $line)
{
echo "<li>".$line."</li>";
}
?>
<?PHP
break;
case "commands":
echo '<title>'.$worldname.' - Player Commands</title>';
echo '<h1>Player Commands:</h1>';
foreach(file("player_commands.txt") as $line)
{
echo "<li>".$line."</li>";
}
?>
<?PHP
break;
case "spells":
echo '<title>'.$worldname.' - Spells List</title>';
echo '<h1>Spell Types</h1>';
?>
<ul>
<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP
break;
case "instant_spells":
echo '<title>'.$worldname.' - Spells List - Instant Spells</title>';
?>
<h2>Spell Types</h2>
<ul>
<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP
echo '<h1>Instant Spells</h1>';
if($layout == blackdraft) {
echo '<table width="394" bordercolor="444444" border="1">';}
else {
echo '<table width="500" bordercolor="444444" border="1">'; }
?>
<tr>
<th><b>Spell name:</b></th>
<th><b>Words:</b></th>
<th><b>Mana:</b></th>
<th><b>Level:</b></th>
<th><b>Premium:</b></th>
</tr>
<?
$xml = simplexml_load_file($servpath.'\data\spells\spells.xml');
foreach($xml->instant as $spell) {
echo "<tr>";
echo "<td><center>".$spell['name']."</center></td>";
echo "<td><center>".$spell['words']."</center></td>";
if(isset($spell['mana'])) { echo "<td><center>".$spell['mana']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if(isset($spell['lvl'])) { echo "<td><center>".$spell['lvl']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if($spell['prem']==true) { echo "<td><center>Yes</center></td>"; } else { echo "<td><center>No</center></td>"; }
echo "</tr>";
}
?>
</table>
<?PHP
break;
case "conjure_spells":
echo '<title>'.$worldname.' - Spells List - Conjure/Rune Spells</title>';
?>
<h2>Spell Types</h2>
<ul>
<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP
echo '<h1>Conjure/Rune Spells</h1>';
if($layout == blackdraft) {
echo '<table width="394" bordercolor="444444" border="1">';}
else {
echo '<table width="500" bordercolor="444444" border="1">';}
?>
<tr>
<th><b>Spell name:</b></th>
<th><b>Words:</b></th>
<th><b>Mana:</b></th>
<th><b>Level:</b></th>
<th><b>Premium:</b></th>
</tr>
<?PHP
$xml = simplexml_load_file($servpath.'\data\spells\spells.xml');
foreach($xml->conjure as $spell) {
echo "<tr>";
echo "<td><center>".$spell['name']."</center></td>";
echo "<td><center>".$spell['words']."</center></td>";
if(isset($spell['mana'])) { echo "<td><center>".$spell['mana']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if(isset($spell['lvl'])) { echo "<td><center>".$spell['lvl']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if($spell['prem']==true) { echo "<td><center>Yes</center></td>"; } else { echo "<td><center>No</center></td>"; }
echo "</tr>";
}
?>
</table>
<?PHP
break;
case "monsters":
echo '<title>'.$worldname.' - Monsters List</title>';
echo '<h1>Monster:</h1>';
$folder = opendir($monster_dir);
echo '<table><tr>';
while($filename = readdir($folder))
{
if($layout == blackdraft) {
$i == 0;
if($i == 4) {
echo '</tr><tr>';
$i = 0;
}
}
else {
$i == 0;
if($i == 6) {
echo '</tr><tr>';
$i = 0;
}
}
if($filename == "." || $filename == "..") continue;
$temp = explode(".", $filename);
if($temp[1] == "xml")
{
$name = $temp[0];
if (!in_array($name, $dont_show))
{
$i++;
print('<td><center><img src="' .$monster_imgs. '' .$name. '.gif"><br />');
print('<a href="info.php?act=creature&cnm=' .$name. '">' .$name. '</a></center></td>');
}
}
}
echo '</tr></table>';
break;
case "creature":
echo '<h1>'.$_GET['cnm'].'</h1>';
$monster_name = $_GET['cnm'];
$name = "";
$exp = 0;
$hp = 0;
$looktype = 0;
$manacost = 0;
$file = $monster_dir.$monster_name.".xml";
$f = @fopen($file, "r");
if($f) {
$contents = fread($f, filesize($file));
fclose($f);
$tags = explode("<", $contents);
foreach($tags as $tag) {
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " name=\"");
$temp2 = explode("\"", $temp);
$name = $temp2[1];
}
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " experience=\"");
$temp2 = explode("\"", $temp);
$exp = $temp2[1];
}
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " manacost=\"");
$temp2 = explode("\"", $temp);
$manacost = $temp2[1];
}
if($manacost == 0)
$manacost = 'Not summonable';
if(substr($tag, 0, 6) == "health") {
$temp = stristr($tag, " max=\"");
$temp2 = explode("\"", $temp);
$hp = $temp2[1];
}
if(substr($tag, 0, 4) == "look") {
$temp = stristr($tag, " type=\"");
$temp2 = explode("\"", $temp);
$looktype = $temp2[1];
}
if(substr($tag, 0, 7) == "defense") {
$temp = stristr($tag, " immunity=\"");
$temp2 = explode("\"", $temp);
$immunities[] = $temp2[1];
}
if(substr($tag, 0, 6) == "summon") {
$temp = stristr($tag, " name=\"");
$temp2 = explode("\"", $temp);
$summons[] = $temp2[1];
}
}
$temp = stristr($contents, "<attacks>");
$attacks = explode("</attacks>", $temp);
$attack = explode("<attack", $attacks[0]);
$melee = false;
$distance = false;
$fire_spell = false;
$energy_spell = false;
$poison_spell = false;
$explosion_rune = false;
$sudden_death_rune = false;
$bersek_spell = false;
$self_healing = false;
$summons[] = "";
$immunities[] = "";
foreach($attack as $temp) {
if(stristr($temp, "type=\"melee\"")) {$melee = true; continue;}
if(stristr($temp, "type=\"distance\"")) {$distance = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && ( stristr($temp, "name=\"great fireball\"") || stristr($temp, "name=\"exevo gran mas vis\"") )) {$fire_spell = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && ( stristr($temp, "name=\"exevo gran vis lux\"") )) {$energy_spell = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && ( stristr($temp, "name=\"exura") )) {$self_healing = true; continue;}
if($tmp = stristr($temp, "name=\"")) {
$temp2 = explode("\"", $tmp);
$special_attacks = $special_attacks . $temp2[1] . ", ";
continue;
}
if($tmp = stristr($temp, "type=\"")) {
$temp2 = explode("\"", $tmp);
$special_attacks = $special_attacks . $temp2[1] . ", ";
continue;
}
}
print("<img src=\"$monster_imgs$monster_name.gif\">\n<br />\n<b>Experience:</b> $exp\n<br />\n<b>Health:</b> $hp\n<br />\n<b>Manacost:</b> $manacost\n<br />\n<b>Immunities:</b><br />");
foreach($immunities as $temp) {
if(!$temp) continue;
print("$temp, ");
}
print("<br /><b>Summons:</b><br />");
foreach($summons as $temp) {
if(!$temp) continue;
print("$temp, ");
}
$temp = stristr($contents, "<loot>");
$lootnode = explode("</loot>", $temp);
$loot = explode("<item", $lootnode[0]);
$ids[] = "";
foreach($loot as $item) {
if($idpos = stristr($item, "id=\"")) {
$temp = explode("\"", $idpos);
$id = $temp[1];
$ids[] = $id;
}
}
$f2 = @fopen($fileitems, "r");
if($f2) {
$itemnames[] = "";
$items_contents = fread($f2, filesize($fileitems));
fclose($f2);
$items = explode("<item ", $items_contents);
foreach($ids as $item) {
$found = false;
foreach($items as $item_node) {
if(stristr($item_node, "id=\"$item\"")) {
$temp = stristr($item_node, "name=\"");
$temp2 = explode("\"", $temp);
$itemnames[] = $temp2[1];
$found = true;
break;
}
}
if(!$found) {
$itemnames[] = $item;
}
}
/*print("<br /><b>Loot:</b><ul>");*/
foreach($itemnames as $item) {
if(!$item) continue;
print("<li>$item<br />");
}
print("</ul>");
}
}
break;
}
include ('Includes/footer_includes.php');
?>Hope some one use it, i try to find more bugs later.<_<
Last edited by a moderator:
Would be great if you could make it possible to upload guild image from internett link instead of having me uploading them too
afs-cms surely is more complicated than nicaw
afs-cms surely is more complicated than nicaw
Last edited:
- Status
Similar threads
