Avarian
Bring Out Your Dead!
Well at least were not off topic or anything
Not sure if this was reported already but when players create guilds on the site, the following happens:
1. User inputs "Wana Ded's" as the guild name.
2. The guild name shows up correctly on the website.
3. On the game, it shows up as this "Wana Ded\'s"
I think xampp add a \ in fornt of ' and " to protect the server, but im not 100% sure. Or he use the command addslashes()
Avarian use this...
$guild_name = stripslashes($guild['name']);
Not sure if this was reported already but when players create guilds on the site, the following happens:
1. User inputs "Wana Ded's" as the guild name.
2. The guild name shows up correctly on the website.
3. On the game, it shows up as this "Wana Ded\'s"
I think xampp add a \ in fornt of ' and " to protect the server, but im not 100% sure. Or he use the command addslashes()
Avarian use this...
He use addslashes() ?
It is possebile to use mysql_real_escape_string() instead
He use something like that:
I'll make it so that names with a ' won't be allowed from now on, thanks for the report.
function mysql_escape($string){
$string = mysql_real_escape_string($string);
$string = str_replace("\'", "'", $string);
return str_replace("';", "\';", $string);
}
ohh and how can I make the picture of the day to load from etc photobucket instead of my own computer? So it downloads from a link instead of having me uploading the image every time a guy looks at the page?
Seriously? damn what we can do now?It is possebile to inject code on it
Avarian msg me as fast as you can, found many heavy holes on your cms were people can enter own code and get admin
Seriously? damn what we can do now?
its rly possbile ? OMG
Seriously? damn what we can do now?
its rly possbile ? OMG
<?PHP
/*
Author: Avarian
Product Name: AFS-CMS
Purpose: A Content Management System specifically made for the forgotten server.
Copyright (C) 2007-2008 [Avarian]
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
session_start();
include ('Includes/config_includes.php');
include ('Includes/function_includes.php');
include ('Includes/header_includes.php');
switch($_GET['act']){
####ONLINE LIST#####
case "online":
echo '<title>'.$worldname.' - Players Online</title>';
echo '<h1>Players Online:</h1>';
$i = 1;
'.$vocations.';
$online_query = mysql_query("SELECT * FROM `players` WHERE `online` = 1 ORDER BY `name` ASC") or die(mysql_error());
if(mysql_num_rows($online_query) != 0){
echo '<table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#000000" width="100%" cellspacing="0">';
echo '<tr><td width="40%" bgcolor="#000000"><b>Players:</b></td><td width="40%" bgcolor="#000000"><b>Vocation:</b></td><td width="20%" bgcolor="#000000"><b>Level:</b></td></tr>';
while($sql_online = mysql_fetch_array($online_query)){
$number++;
if($layout == grayshades) {
echo '<td bgcolor="#444444">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#444444">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#444444">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == blackdraft) {
echo '<td bgcolor="#444444">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#444444">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#444444">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == thegathering) {
echo '<td bgcolor="#110F01">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#110F01">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#110F01">'.$sql_online['level'].'</td></tr>'; }
elseif($layout == dragonflames) {
echo '<td bgcolor="#110F01">'.$number.' - <a href="info.php?act=players&char='.$sql_online['name'].'">'.$sql_online['name'].'</a></td><td bgcolor="#110F01">'.$vocations[$sql_online['vocation']].'</td><td bgcolor="#110F01">'.$sql_online['level'].'</td></tr>'; }
}
}
else
{
echo '<p>There are no players online on '.$worldname.'.</p>';
}
echo '</table>';
break;
#####HIGHSCORES#####
case "highscores":
echo '<title>'.$worldname.' - Highscores</title>';
$cfg['rank'] = 25;
if(isset($_GET['skill'])){
$skill = $_GET['skill'];
} else {
$skill = "Level";
}
if(!isset($_GET['pg'])) {
$pg = 1;
} else {
$pg = $_GET['pg'];
}
if($pg > 11){
$inicio = 11;
}else{
$inicio = $pg - 1;
}
$ini = $inicio * $cfg['rank'];
$prox = $cfg['rank'] * $pg + 1;
$prox_ = $cfg['rank'] * $pg + $cfg['rank'];
if($pg == 2){
$ante = "1-".$cfg['rank'];
}elseif($pg > 2){
$aa = $pg - 1;
$b = $pg - 2;
$a = $cfg['rank'] * $b;
$ante = $a+'1'."-".$cfg['rank']*$aa;
}
if($pg == 1 or $pg == ""){
$asd = " ";
}else{
$asd = " | ";
}
?>
<style type="text/css">
<!--
.style1 {color: #FFFFFF}
-->
</style>
<div align="center"><h1>Highscores - Top 300</h1></div>
<table width="100%" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="87%" valign="top"><table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="#000000">
<tr>
<td width="10%"><div align="center"><span class="style1">Rank</span></div></td>
<td width="50%"><span class="style1">Name</span></td>
<td width="15%"><div align="center"><span class="style1"><?=$skill?></span></div></td>
<? if($skill == "Level"){?><td width="25%"><div align="center"><span class="style1">Experience</span></div></td><? } ?>
</tr>
<? switch($skill){
case "Fist":
$id = 0;
break;
case "Club":
$id = 1;
break;
case "Sword":
$id = 2;
break;
case "Axe":
$id = 3;
break;
case "Distance":
$id = 4;
break;
case "Shield":
$id = 5;
break;
case "Fish":
$id = 6;
break;
}
if($skill == "Level") {
$total = mysql_query("SELECT * FROM players WHERE group_id < '".$hs_group_id."' ORDER BY level");
$tr = mysql_num_rows($total);
$tp = $tr / $cfg['rank'];
$tp = ceil($tp);
$ant = $pg-1;
$pro = $pg+1;
$verifica = mysql_query("SELECT name,level,experience FROM players WHERE group_id < '".$hs_group_id."' ORDER BY experience DESC LIMIT ".$ini.",".$cfg['rank']."");
if($pg == 1 or $pg == 0){
$i = 1;
}elseif($pg > 1){
$i = $ini+1;
}
while($dados = mysql_fetch_array($verifica)) {
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
echo '
<td><center>'.$i.'</center></td>
<td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
<td><center>'.$dados['level'].'</center></td>
<td><center>'.$dados['experience'].'</center></td>
</tr>';
$i++;
}
if($tr > $cfg['rank']){
echo '<tr bgcolor="black">
<td colspan=4><div align="right">';
if($pg > 1){
$anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
}
if($pg != 11){
if($pg < $tp){
$proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
$tt = true;
}
}
echo $anterior;
if($tt == true) echo $asd;
echo $proxima;
echo '</div></td><tr>';
}
}
elseif($skill == "Magic") {
$total = mysql_query("SELECT * FROM players WHERE group_id < '".$hs_group_id."' ORDER BY maglevel");
$tr = mysql_num_rows($total);
$tp = $tr / $cfg['rank'];
$tp = ceil($tp);
$ant = $pg-1;
$pro = $pg+1;
$verifica = mysql_query("SELECT name,maglevel FROM players WHERE group_id < '".$hs_group_id."' ORDER BY maglevel DESC LIMIT ".$ini.",".$cfg['rank']."");
if($pg == 1 or $pg == 0){
$i = 1;
}elseif($pg > 1){
$i = $ini+1;
}
while($dados = mysql_fetch_array($verifica)) {
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '
<td><center>'.$i.'</center></td>
<td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
<td><center>'.$dados['maglevel'].'</center></td>
</tr>';
$i++;
}
if($tr > $cfg['rank']){
echo '<tr bgcolor="black">
<td colspan=3><div align="right">';
if($pg > 1){
$anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
}
if($pg != 11){
if($pg < $tp){
$proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
$tt = true;
}
}
echo $anterior;
if($tt == true) echo $asd;
echo $proxima;
echo '</div></td><tr>';
}
}
else {
$total = mysql_query("SELECT name,value FROM players, player_skills WHERE group_id < '".$hs_group_id."' AND players.id = player_skills.player_id AND player_skills.skillid = ".$id." ORDER BY value DESC");
$tr = mysql_num_rows($total);
$tp = $tr / $cfg['rank'];
$tp = ceil($tp);
$ant = $pg-1;
$pro = $pg+1;
$verifica = mysql_query("SELECT name,value FROM players, player_skills WHERE group_id < '".$hs_group_id."' AND players.id = player_skills.player_id AND player_skills.skillid = ".$id." ORDER BY value DESC LIMIT ".$ini.",".$cfg['rank']."");
if($pg == 1 or $pg == 0){
$i = 1;
}elseif($pg > 1){
$i = $ini+1;
}
while($dados = mysql_fetch_array($verifica)) {
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '
<td><center>'.$i.'</center></td>
<td><a href="info.php?act=players&char='.$dados['name'].'">'.$dados['name'].'</a></td>
<td><center>'.$dados['value'].'</center></td>
</tr>';
$i++;
}
if($tr > $cfg['rank']){
echo '<tr bgcolor="black">
<td colspan=3><div align="right">';
if($pg > 1){
$anterior = '<a href="?act=highscores&skill='.$skill.'&pg='.$ant.'">Rank '.$ante.'</a>';
}
if($pg != 11){
if($pg < $tp){
$proxima = '<a href="?act=highscores&skill='.$skill.'&pg='.$pro.'">Rank '.$prox.'-'.$prox_.'</a>';
$tt = true;
}
}
echo $anterior;
if($tt == true) echo $asd;
echo $proxima;
echo '</div></td><tr>';
}
}
?>
</table>
<div align="right">
</div>
<?PHP
if($layout == grayshades) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == blackdraft) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == thegathering) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="110F09">'; }
elseif($layout == dragonflames) {
echo '<table width="100%" border="0" cellpadding="2" cellspacing="1" bgcolor="110F09">'; }
echo '</table></td>';
if($layout == thegathering) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="000000">'; }
elseif($layout == dragonflames) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="000000">'; }
elseif($layout == grayshades) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
elseif($layout == blackdraft) {
echo '<td width="13%" valign="top"><table width="130" border="0" align="right" cellpadding="2" cellspacing="1" bgcolor="303030">'; }
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Level">Level</a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Magic">Magic Level </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Fist">Fist Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Club">Club Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Sword">Sword Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Axe">Axe Fighting </a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Distance">Distance Fighting</a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Shield">Shielding</a></div></td>';
echo '</tr>';
echo '<tr>';
echo '<div align="center"><a href="?act=highscores&skill=Fish">Fishing</a></div></td>';
echo '</tr>';
echo '</table></td>';
echo '</tr>';
echo '</table>';
?>
<?PHP
mysql_close();
break;
#####PLAYER SEARCH#####
case "players":
echo '<title>'.$worldname.' - Players Search</title>';
echo '<h1>Player Search:</h1>';
$char = trim($_REQUEST['char']);
if (!$char) {
echo '<p>You have not requested any player name.</p>';
include ('Includes/footer_includes.php');
die;
}
if (strlen($char) < 2) {
echo '<p>Not enough letters. Please enter atleast two.</p>';
include ('Includes/footer_includes.php');
die;
}
$char = mysql_real_escape_string($char);
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
if(mysql_num_rows($player_query)==0) {
$check_player_query = mysql_query("SELECT * FROM `players` WHERE `name` like '%".$char."%' LIMIT 0, ".$search_result_limit."");
if(mysql_num_rows($check_player_query) != 0)
{
$i = 0;
echo '<table cellspacing=0 cellpadding="5" border="0"><tr><td width="150px">Name</td><td width="50px"><center>Level</center></td><td width="100px">Vocation</td><center><td width="50px">Status:</td><center></tr>';
while($check_player_sql = mysql_fetch_array($check_player_query))
{
'.$vocations.';
$id=$i+1;
if($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
echo '<td><a href="info.php?act=players&char='.$check_player_sql['name'].'">'.$check_player_sql['name'].'</a></td><td><center>'.$check_player_sql['level'].'</center></td><td>'.$vocations[$check_player_sql['vocation']].'</td>';
if($check_player_sql['online'] > 0) {
echo '<td><center><font color="green"><b>Online</b></font></center></td>'; }
else {
echo '<td><center><font color="red"><b>Offline</b></font></center></td>';}
echo '<tr>';
$i++;
}
echo '</table>';
}
else
{
echo '<p>Player '.htmlspecialchars($char).' does not exist.</p>';
}
} else {
$player_sql = mysql_fetch_array($player_query);
$acc_logged_query = mysql_query("SELECT * FROM `accounts` WHERE (`id` = '".$player_sql['account_id']."') ") or die(mysql_error());
$acc_logged_sql = mysql_fetch_array($acc_logged_query);
$account_ban = $player_sql['account_id'];
$ban_query = mysql_query("SELECT * FROM `bans` WHERE (`account` = '$account_ban') ") or die(mysql_error());
$ban_sql = mysql_fetch_array($ban_query);
if ($player_sql['lastlogin'] != 0) $lastlog = date('M d Y, H:i:s',$player_sql['lastlogin']);
else $lastlog = 'never logged in';
if($player_sql['town_id'] == $town[1]['id'])
$town = $town[1]['name'];
elseif($player_sql['town_id'] == $town[2]['id'])
$town = $town[2]['name'];
elseif($player_sql['town_id'] == $town[3]['id'])
$town = $town[3]['name'];
elseif($player_sql['town_id'] == $town[4]['id'])
$town = $town[4]['name'];
elseif($player_sql['town_id'] == $town[5]['id'])
$town = $town[5]['name'];
elseif($player_sql['town_id'] == $town[6]['id'])
$town = $town[6]['name'];
elseif($player_sql['town_id'] == $town[7]['id'])
$town = $town[7]['name'];
elseif($player_sql['town_id'] == $town[8]['id'])
$town = $town[8]['name'];
elseif($player_sql['town_id'] == $town[9]['id'])
$town = $town[9]['name'];
elseif($player_sql['town_id'] == $rook['id'])
$town = $rook['name'];
$rankid = $player_sql['rank_id'];
$query20 = mysql_query("SELECT * FROM `guild_ranks` WHERE (`id` = '$rankid') ") or die(mysql_error());
$query_result20 = mysql_fetch_row($query20);
$guildscheck = $query_result20[1];
$query123 = mysql_query("SELECT * FROM `guilds` WHERE (`id` = '$guildscheck') ") or die(mysql_error());
$query_result123 = mysql_fetch_row($query123);
$space = $query_result123[1];
$comment = stripslashes($player_sql['comment']);
echo '<h2>Character information:</h2>';
echo '<table width=400px><tr><tr><td width=100px>Name: </td><td width=300px>'.$player_sql['name'].'<br /></td></tr>';
$sexs = array("Female", "Male");
echo '<tr><td width=100px>Sex:</td><td width=300px>'.$sexs[$player_sql['sex']].'<br /></td></tr>';
echo '<tr><td width=100px>Level:</td><td width=300px>'.$player_sql['level'].'<br /></td></tr>';
'.$vocations.';
echo '<tr><td width=100px>Vocation:</td><td width=300px>'.$vocations[$player_sql['vocation']].'<br /></td></tr>';
echo '<tr><td width=100px>Residence:</td><td width=300px>'.$town.'<br /></td></tr>';
if (empty($space)) {
echo '<tr><td width=100px>Guild: </td><td width=300px>None';
echo '<br /></td></tr>';
}
else
{
echo '<tr><td width=100px>Guild: </td><td width=300px>'.$query_result20[2].' of the <a href="guilds.php?act=view&guild='.$query_result123[1].'">'.$query_result123[1].'</a>';
echo '<br /></td></tr>';
}
echo '<tr><td width=100px>Lastlogin:</td><td width=300px>'.$lastlog.'<br /></td></tr>';
if($acc_logged_sql['premdays'] > 0 )
echo '<tr><td width=100px>Account Type:</td><td width=300px>Premium Account<br /></td></tr>';
else
echo '<tr><td width=100px>Account Type:</td><td width=300px>Free Account<br /></td></tr>';
if($comment == "") {
echo '<tr><td width=100px>Comment:</td><td width=300px>None<br /></td></tr>';
}
else
{
echo '<tr><td width=100px>Comment:</td><td width=300px>'.htmlspecialchars($comment).'<br /></td></tr>';
}
if($player_sql['online'] > 0 ) {
echo '<tr><td width=100px>Status:</td><td width=300px><font color="green"> Online</font><br /></td></tr>'; }
else {
echo '<tr><td width=100px>Status:</td><td width=300px><font color="red"> Offline</font><br /></td></tr>'; }
echo '</table>';
echo ('<br /><h2>Account information:</h2>');
echo "<table width=400px>";
if($acc_logged_sql['hidemail'] == 0)
echo '<tr><td width=100px>Email:</td><td width=300px> <a href="mailto:'.$acc_logged_sql['email'].'">'.$acc_logged_sql['email'].'</a></td></tr>';
if($acc_logged_sql['hide'] == 0){
echo '<tr><td width=100px>Realname:</td><td width=300px> '.$acc_logged_sql['rlname'].'</td></tr>';
echo '<tr><td width=100px>Location:</td><td width=300px> '.$acc_logged_sql['location'].'</td></tr>';
}
$positionss = array("None", "$group_id1", "$group_id2", "$group_id3", "$group_id4", "$group_id5", "$group_id6", "$group_id7", "$group_id8", "$group_id9");
if($player_sql['group_id'] > 1)
{
echo '<tr><td width=100px>Position:</td><td width=300px><font color="Red">'.$positionss[$player_sql['group_id']].'</font></td></tr>';
} else {
echo '<tr><td width=100px>Position:</td><td width=300px>'.$positionss[$player_sql['group_id']].'</td></tr>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 0 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 1 )
{
echo '<tr><td width=100px><font color="Red">Banished</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 2 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 3 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 4 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 5 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 6 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 7 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 8 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid name.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 9 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of offensive statement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 10 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of spamming.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 11 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of advertisement not related to game.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 12 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of real money advertisement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 13 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of non-english public statement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 14 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of off-topic public statement.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 15 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of inciting rule violation.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 16 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of bug abuse.</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 17 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of game weakness abuse.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 18 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of macro use.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 19 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of using unofficial sotware to play.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 20 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of hacking.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 21 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of multi-clienting.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 22 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of account trading.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 23 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of account sharing.</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 24 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of threatening gamemaster.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 25 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of pretending to have official position.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 26 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of pretending to have influence on gamemaster.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 27 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of false report to gamemaster.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 28 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of excessive unjustified player killing.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 29 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of destructive behaviour.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 30 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red"> Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of spoiling action.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
if(mysql_num_rows($ban_query) != 0 and $ban_sql[reason_id] == 31 )
{
echo '<tr><td width=100px><font color="Red">Banished:</font></td><td width=300px><font color="Red">Until '.$bantime = date('M d Y, H:i:s',$ban_sql['time']).' because of invalid payment.</font></td></tr>';
echo '<tr><td width=100px><font color="Red">Comment:</font></td><td width=300px><font color="Red"> '.$ban_sql[comment].'</font></td></tr>';
echo '</table>';
}
else
echo '</table>';
$char = trim($_REQUEST['char']);
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
$query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ") or die(mysql_error());
$sql = mysql_fetch_array($query);
$death_query = mysql_query("SELECT * FROM `player_deaths` WHERE (`player_id` = '".$sql['id']."') ORDER BY `time` DESC LIMIT 10") or die(mysql_error());
if(mysql_num_rows($death_query) != 0){
echo '<br /><h2>Character Deaths:</h2>';
echo '<table cellspacing=0 cellpadding="5" border="0">';
while($death_sql = mysql_fetch_array($death_query)){
$number++;
$dead = $death_sql['player_id'];
$player_query = mysql_query("SELECT * FROM `players` WHERE (`name` = '".$char."') ");
$player_sql_result = mysql_fetch_array($player_query);
$player_id = $player_sql_result['id'];
if(empty($player_sql_result['name'])) {
$killedplayer = "ID: ".$dead." - SQL error";
}
else
{
$killedplayer = "<a href=\"info.php?act=players&char=".$player_sql_result['name']."\">".$player_sql_result['name']."</a>";
}
if($layout == grayshades) {
echo ($number % 2) ? "<tr>" : "<tr>"; }
elseif($layout == blackdraft) {
echo ($number % 2) ? "<tr>" : "<tr>"; }
elseif($layout == thegathering) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
if($death_sql['is_player'] != 1) {
if($death_sql['killed_by'] == -1) {
$death_sql['killed_by'] = "NPC";
}
echo "<td>" .date('M d Y, H:i:s',$death_sql['time']). " Died at level ".$death_sql['level']." by a ".$death_sql['killed_by'].".</td></tr>";
}
else
{
echo "<td>" .date('M d Y, H:i:s',$death_sql['time']). " Died at level ".$death_sql['level']." by <a href=\"info.php?act=players&char=".$death_sql['killed_by']."\"> ".$death_sql['killed_by']."</a>.</td></tr>";
}
}
}
else
{
}
echo '</table>';
if($acc_logged_sql['hidechars'] == 0)
{
echo ' <br /><h2>Characters:</h2>
<table border="0" cellSpacing="0" cellPadding="2" width="220">
<tr>
<td width="200">Name:</td><td width="20"><center>Level:</center></td>
</tr>';
$acc_query = mysql_query("SELECT * FROM `players` WHERE (`account_id` = '".$player_sql['account_id']."') ") or die(mysql_error());
$i=1;
while($acc_sql = mysql_fetch_array($acc_query)){
if($acc_sql['hide'] == 0)
{
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '<td width="200px">'.$i.'. <a href="info.php?act=players&char='.$acc_sql['name'].'">'.$acc_sql['name'].'</a></td>';
echo '<td width="20px"><center>'.$acc_sql['level'].'</center></td>';
echo '</tr>';
$i++;
}
else {
}
}
echo '</table>';
}
else { }
}
break;
case "deaths":
echo '<title>'.$worldname.' - Latest Deaths</title>';
echo '<h1>Latest Deaths:</h1>';
$i = 1;
$death_query = mysql_query("SELECT * FROM `player_deaths` ORDER BY `time` DESC LIMIT $death_limit") or die(mysql_error());
if(mysql_num_rows($death_query) != 0){
echo '<table cellspacing=0 cellpadding="5" border="0">';
echo '<tr><td><b>Player:</b></td><td><b>Death:</b></td></tr>';
while($death_sql = mysql_fetch_array($death_query)){
$number++;
$dead = $death_sql['player_id'];
$player_query = mysql_query("SELECT * FROM players WHERE id = '$dead'") or die(mysql_error());
$player_sql_result = mysql_fetch_array($player_query);
if(empty($player_sql_result['name'])) {
$killedplayer = "ID: ".$dead." - SQL error";
}
else
{
$killedplayer = "<a href=\"info.php?act=players&char=".$player_sql_result['name']."\">".$player_sql_result['name']."</a>";
}
if($layout == thegathering) {
echo ($number % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($number % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($number % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
if($death_sql['is_player'] != 1) {
if($death_sql['killed_by'] == -1) {
$death_sql['killed_by'] = "NPC";
}
echo "<td>".$number.". ".$killedplayer." </td><td> was killed at level ".$death_sql['level']." by a ".$death_sql['killed_by']." (" .date('M d Y, H:i:s',$death_sql['time']). ").</td></tr>";
}
else
{
echo "<td>".$number.". ".$killedplayer." </td><td> was killed at level ".$death_sql['level']." by <a href=\"info.php?act=players&char=".$death_sql['killed_by']."\"> ".$death_sql['killed_by']."</a> (" .date('M d Y, H:i:s',$death_sql['time']). ").</td></tr>";
}
}
}
else
{
echo '<p>There have been no deaths on '.$worldname.'.</p>';
}
echo '</table>';
break;
case "house":
echo '<title>'.$worldname.' - House List</title>';
echo '<h1>House list:</h1>';
?>
<table width="100%" cellSpacing="0" border="0">
<tr>
<td><b>Name</b></td>
<td><b>Size</b></td>
<td><b>Rent</b></td>
<td><b>Town</b></td>
<td><b>Status</b></td>
</tr>
<?PHP
$file = simplexml_load_string(file_get_contents($house_dir));
$i = 0;
$town1name = $town[1]['name'];
$town2name = $town[2]['name'];
$town3name = $town[3]['name'];
$town4name = $town[4]['name'];
$town5name = $town[5]['name'];
$town6name = $town[6]['name'];
$town7name = $town[7]['name'];
$town8name = $town[8]['name'];
$town9name = $town[9]['name'];
foreach($file->house as $house_dir_file){
if($house_dir_file['townid'] == 1)
$town = $town1name;
elseif($house_dir_file['townid'] == 2)
$town = $town2name;
elseif($house_dir_file['townid'] == 3)
$town = $town3name;
elseif($house_dir_file['townid'] == 4)
$town = $town4name;
elseif($house_dir_file['townid'] == 5)
$town = $town5name;
elseif($house_dir_file['townid'] == 6)
$town = $town6name;
elseif($house_dir_file['townid'] == 7)
$town = $town7name;
elseif($house_dir_file['townid'] == 8)
$town = $town8name;
else
$town = $town9name;
$house_dir_query = mysql_query("SELECT * FROM `houses` WHERE (`id` = '".$house_dir_file['houseid']."') ") or die(mysql_error());
$house_dir_sql = mysql_fetch_array($house_dir_query);
$player_query = mysql_query("SELECT * FROM `players` WHERE (`id` = '".$house_dir_sql['owner']."') ") or die(mysql_error());
$player_sql = mysql_fetch_array($player_query);
if($house_dir_sql['id'] == $house_dir_file['houseid']){
if(!(empty($house_dir_sql['owner']))) {
if($house_dir_sql['owner'] == $player_sql['id']){
$status = 'Rented by <a href="info.php?act=players&char='.$player_sql['name'].'">'.$player_sql['name'].'</a>';
}
}
else{
$status = 'Available';
}
}
$id=$i+1;
if($layout == thegathering) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == dragonflames) {
echo ($i % 2) ? "<tr bgcolor=\"#110F01\">" : "<tr bgcolor=\"110F09\">"; }
elseif($layout == grayshades) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
elseif($layout == blackdraft) {
echo ($i % 2) ? "<tr bgcolor=\"#444444\">" : "<tr bgcolor=\"#4C4B4B\">"; }
echo '<td>'.$house_dir_file['name'].'</td><td>'.$house_dir_file['size'].' sqm</td><td>'.$house_dir_file['rent'].' gold</td><td>'.$town.'</td><td>'.$status.'</td></tr>';
$status = "";
++$i;
}
echo "</table>";
break;
case "rules":
echo '<title>'.$worldname.' - Rules</title>';
echo '<h1>Rules:</h1>';
foreach(file("rules.txt") as $line)
{
echo "$line";
echo '<br />';
}
?>
<?PHP
break;
case "rule_enforcers":
echo '<title>'.$worldname.' - Rule Enforcers</title>';
echo '<h1>'.$worldname.' Rule Enforcers:</h1>';
if($show_group2 == YES){
$group2_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 2");
if(mysql_num_rows($group2_query) != 0){
echo '<h2>'.$group_id2.'s on '.$worldname.':</h2><ul>';
while($group2_sql = mysql_fetch_array($group2_query))
{
echo '<li><a href="info.php?act=players&char='.$group2_sql['name'].'">'.$group2_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group3 == YES){
$group3_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 3");
if(mysql_num_rows($group3_query) != 0){
echo '<h2>'.$group_id3.'s on '.$worldname.':</h2><ul>';
while($group3_sql = mysql_fetch_array($group3_query))
{
echo '<li><a href="info.php?act=players&char='.$group3_sql['name'].'">'.$group3_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group4 == YES){
$group4_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 4");
if(mysql_num_rows($group4_query) != 0){
echo '<h2>'.$group_id4.'s on '.$worldname.':</h2><ul>';
while($group4_sql = mysql_fetch_array($group4_query))
{
echo '<li><a href="info.php?act=players&char='.$group4_sql['name'].'">'.$group4_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group5 == YES){
$group5_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 5");
if(mysql_num_rows($group5_query) != 0){
echo '<h2>'.$group_id5.'s on '.$worldname.':</h2><ul>';
while($group5_sql = mysql_fetch_array($group5_query))
{
echo '<li><a href="info.php?act=players&char='.$group5_sql['name'].'">'.$group5_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group6 == YES){
$group6_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 6");
if(mysql_num_rows($group6_query) != 0){
echo '<h2>'.$group_id6.'s on '.$worldname.':</h2><ul>';
while($group6_sql = mysql_fetch_array($group6_query))
{
echo '<li><a href="info.php?act=players&char='.$group6_sql['name'].'">'.$group6_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group7 == YES){
$group7_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 7");
if(mysql_num_rows($group7_query) != 0){
echo '<h2>'.$group_id7.'s on '.$worldname.':</h2><ul>';
while($group7_sql = mysql_fetch_array($group7_query))
{
echo '<li><a href="info.php?act=players&char='.$group7_sql['name'].'">'.$group7_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group8 == YES){
$group8_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 8");
if(mysql_num_rows($group8_query) != 0){
echo '<h2>'.$group_id8.'s on '.$worldname.':</h2><ul>';
while($group8_sql = mysql_fetch_array($group8_query))
{
echo '<li><a href="info.php?act=players&char='.$group8_sql['name'].'">'.$group8_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
if($show_group9 == YES){
$group9_query = mysql_query("SELECT * FROM `players` WHERE `group_id` = 9");
if(mysql_num_rows($group9_query) != 0){
echo '<h2>'.$group_id9.'s on '.$worldname.':</h2><ul>';
while($group9_sql = mysql_fetch_array($group9_query))
{
echo '<li><a href="info.php?act=players&char='.$group9_sql['name'].'">'.$group9_sql['name'].'</a></li>';
}
echo '</ul>';
}
}
?>
<p><font color="red">There are no other rule enforcers than these. <br />
If anyone claims to be one please report it to any of the above.</font></p>
<?PHP
break;
case "tutorial":
echo '<title>'.$worldname.' - Login Tutorial</title>';
echo '<h1>Login Tutorial:</h1>';
foreach(file("login_tutorial.txt") as $line)
{
echo "<li>".$line."</li>";
}
?>
<?PHP
break;
case "commands":
echo '<title>'.$worldname.' - Player Commands</title>';
echo '<h1>Player Commands:</h1>';
foreach(file("player_commands.txt") as $line)
{
echo "<li>".$line."</li>";
}
?>
<?PHP
break;
case "spells":
echo '<title>'.$worldname.' - Spells List</title>';
echo '<h1>Spell Types</h1>';
?>
<ul>
<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP
break;
case "instant_spells":
echo '<title>'.$worldname.' - Spells List - Instant Spells</title>';
?>
<h2>Spell Types</h2>
<ul>
<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP
echo '<h1>Instant Spells</h1>';
if($layout == blackdraft) {
echo '<table width="394" bordercolor="444444" border="1">';}
else {
echo '<table width="500" bordercolor="444444" border="1">'; }
?>
<tr>
<th><b>Spell name:</b></th>
<th><b>Words:</b></th>
<th><b>Mana:</b></th>
<th><b>Level:</b></th>
<th><b>Premium:</b></th>
</tr>
<?
$xml = simplexml_load_file($servpath.'\data\spells\spells.xml');
foreach($xml->instant as $spell) {
echo "<tr>";
echo "<td><center>".$spell['name']."</center></td>";
echo "<td><center>".$spell['words']."</center></td>";
if(isset($spell['mana'])) { echo "<td><center>".$spell['mana']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if(isset($spell['lvl'])) { echo "<td><center>".$spell['lvl']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if($spell['prem']==true) { echo "<td><center>Yes</center></td>"; } else { echo "<td><center>No</center></td>"; }
echo "</tr>";
}
?>
</table>
<?PHP
break;
case "conjure_spells":
echo '<title>'.$worldname.' - Spells List - Conjure/Rune Spells</title>';
?>
<h2>Spell Types</h2>
<ul>
<li><a href="info.php?act=instant_spells">Instant Spells</a></li>
<li><a href="info.php?act=conjure_spells">Conjure/Rune Spells</a></li>
</ul>
<?PHP
echo '<h1>Conjure/Rune Spells</h1>';
if($layout == blackdraft) {
echo '<table width="394" bordercolor="444444" border="1">';}
else {
echo '<table width="500" bordercolor="444444" border="1">';}
?>
<tr>
<th><b>Spell name:</b></th>
<th><b>Words:</b></th>
<th><b>Mana:</b></th>
<th><b>Level:</b></th>
<th><b>Premium:</b></th>
</tr>
<?PHP
$xml = simplexml_load_file($servpath.'\data\spells\spells.xml');
foreach($xml->conjure as $spell) {
echo "<tr>";
echo "<td><center>".$spell['name']."</center></td>";
echo "<td><center>".$spell['words']."</center></td>";
if(isset($spell['mana'])) { echo "<td><center>".$spell['mana']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if(isset($spell['lvl'])) { echo "<td><center>".$spell['lvl']."</center></td>"; } else { echo "<td><center>N/A</center></td>"; }
if($spell['prem']==true) { echo "<td><center>Yes</center></td>"; } else { echo "<td><center>No</center></td>"; }
echo "</tr>";
}
?>
</table>
<?PHP
break;
case "monsters":
echo '<title>'.$worldname.' - Monsters List</title>';
echo '<h1>Monster:</h1>';
$folder = opendir($monster_dir);
echo '<table><tr>';
while($filename = readdir($folder))
{
if($layout == blackdraft) {
$i == 0;
if($i == 4) {
echo '</tr><tr>';
$i = 0;
}
}
else {
$i == 0;
if($i == 6) {
echo '</tr><tr>';
$i = 0;
}
}
if($filename == "." || $filename == "..") continue;
$temp = explode(".", $filename);
if($temp[1] == "xml")
{
$name = $temp[0];
if (!in_array($name, $dont_show))
{
$i++;
print('<td><center><img src="' .$monster_imgs. '' .$name. '.gif"><br />');
print('<a href="info.php?act=creature&cnm=' .$name. '">' .$name. '</a></center></td>');
}
}
}
echo '</tr></table>';
break;
case "creature":
echo '<h1>'.$_GET['cnm'].'</h1>';
$monster_name = $_GET['cnm'];
$name = "";
$exp = 0;
$hp = 0;
$looktype = 0;
$manacost = 0;
$file = $monster_dir.$monster_name.".xml";
$f = @fopen($file, "r");
if($f) {
$contents = fread($f, filesize($file));
fclose($f);
$tags = explode("<", $contents);
foreach($tags as $tag) {
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " name=\"");
$temp2 = explode("\"", $temp);
$name = $temp2[1];
}
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " experience=\"");
$temp2 = explode("\"", $temp);
$exp = $temp2[1];
}
if(substr($tag, 0, 7) == "monster") {
$temp = stristr($tag, " manacost=\"");
$temp2 = explode("\"", $temp);
$manacost = $temp2[1];
}
if($manacost == 0)
$manacost = 'Not summonable';
if(substr($tag, 0, 6) == "health") {
$temp = stristr($tag, " max=\"");
$temp2 = explode("\"", $temp);
$hp = $temp2[1];
}
if(substr($tag, 0, 4) == "look") {
$temp = stristr($tag, " type=\"");
$temp2 = explode("\"", $temp);
$looktype = $temp2[1];
}
if(substr($tag, 0, 7) == "defense") {
$temp = stristr($tag, " immunity=\"");
$temp2 = explode("\"", $temp);
$immunities[] = $temp2[1];
}
if(substr($tag, 0, 6) == "summon") {
$temp = stristr($tag, " name=\"");
$temp2 = explode("\"", $temp);
$summons[] = $temp2[1];
}
}
$temp = stristr($contents, "<attacks>");
$attacks = explode("</attacks>", $temp);
$attack = explode("<attack", $attacks[0]);
$melee = false;
$distance = false;
$fire_spell = false;
$energy_spell = false;
$poison_spell = false;
$explosion_rune = false;
$sudden_death_rune = false;
$bersek_spell = false;
$self_healing = false;
$summons[] = "";
$immunities[] = "";
foreach($attack as $temp) {
if(stristr($temp, "type=\"melee\"")) {$melee = true; continue;}
if(stristr($temp, "type=\"distance\"")) {$distance = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && ( stristr($temp, "name=\"great fireball\"") || stristr($temp, "name=\"exevo gran mas vis\"") )) {$fire_spell = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && ( stristr($temp, "name=\"exevo gran vis lux\"") )) {$energy_spell = true; continue;}
if((stristr($temp, "type=\"instant\"") || stristr($temp, "type=\"rune\"")) && ( stristr($temp, "name=\"exura") )) {$self_healing = true; continue;}
if($tmp = stristr($temp, "name=\"")) {
$temp2 = explode("\"", $tmp);
$special_attacks = $special_attacks . $temp2[1] . ", ";
continue;
}
if($tmp = stristr($temp, "type=\"")) {
$temp2 = explode("\"", $tmp);
$special_attacks = $special_attacks . $temp2[1] . ", ";
continue;
}
}
print("<img src=\"$monster_imgs$monster_name.gif\">\n<br />\n<b>Experience:</b> $exp\n<br />\n<b>Health:</b> $hp\n<br />\n<b>Manacost:</b> $manacost\n<br />\n<b>Immunities:</b><br />");
foreach($immunities as $temp) {
if(!$temp) continue;
print("$temp, ");
}
print("<br /><b>Summons:</b><br />");
foreach($summons as $temp) {
if(!$temp) continue;
print("$temp, ");
}
$temp = stristr($contents, "<loot>");
$lootnode = explode("</loot>", $temp);
$loot = explode("<item", $lootnode[0]);
$ids[] = "";
foreach($loot as $item) {
if($idpos = stristr($item, "id=\"")) {
$temp = explode("\"", $idpos);
$id = $temp[1];
$ids[] = $id;
}
}
$f2 = @fopen($fileitems, "r");
if($f2) {
$itemnames[] = "";
$items_contents = fread($f2, filesize($fileitems));
fclose($f2);
$items = explode("<item ", $items_contents);
foreach($ids as $item) {
$found = false;
foreach($items as $item_node) {
if(stristr($item_node, "id=\"$item\"")) {
$temp = stristr($item_node, "name=\"");
$temp2 = explode("\"", $temp);
$itemnames[] = $temp2[1];
$found = true;
break;
}
}
if(!$found) {
$itemnames[] = $item;
}
}
/*print("<br /><b>Loot:</b><ul>");*/
foreach($itemnames as $item) {
if(!$item) continue;
print("<li>$item<br />");
}
print("</ul>");
}
}
break;
}
include ('Includes/footer_includes.php');
?>