Merge pull request #10 from paintballrefjosh/4.0.5

4.0.5

core/class.config.php

@@ -12,7 +12,7 @@ class Config
 {
 
 	var $data = array();
-	var $configFile = 'config/config.php';	//Default Config File
+	var $configFile = "config/config.php";	//Default Config File
 	var $path_protectedconf = "config/config-protected.php";
 
 	function __construct()

inc/account/account.login.php

@@ -43,7 +43,7 @@
 	{
 		$login = $_POST['login'];
 		$pass = $Account->sha_password($login, $_POST['pass']);
-		$EMAIL = $DB->selectCell("SELECT `email` FROM `account` WHERE `username` LIKE '".$_POST['login']."' LIMIT 1");
+		$account_id = $DB->selectCell("SELECT `id` FROM `account` WHERE `username` LIKE '".$_POST['login']."' LIMIT 1");
 
 		// initiate the login array, and send it in
 		$params = array('username' => $login, 'sha_pass_hash' => $pass);
@@ -52,6 +52,12 @@
 		// If account login was successful
 		if($Login == 1)
 		{	
+			// Make sure account exists in mw_account_extend table, if not then insert one of type "member" aka registered user
+			$mw_account = $DB->selectCell("SELECT account_id FROM mw_account_extend WHERE account_id = '".$account_id."'");
+			if(!$mw_account)
+			{
+				$DB->query("INSERT INTO mw_account_extend (account_id, account_level) VALUES ($account_id, 2)");
+			}
 			// Once finished, redirect to the page we came from
 			redirect($_SERVER['HTTP_REFERER'],1);
 		}

inc/admin/template_files/admin.email.php

@@ -51,7 +51,7 @@
 			staffid : "991234"
 		}
 	});
-	</script>
+</script>
 
 <div class="content">	
 	<div class="content-header">

inc/admin/template_files/admin.news.php

@@ -9,6 +9,49 @@
 /****************************************************************************/
 
 ?>
+<script type="text/javascript">
+	tinyMCE.init({
+		// General options
+		mode : "textareas",
+		theme : "advanced",
+		plugins : "style,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,wordcount,advlist",
+
+		// Theme options
+		theme_advanced_buttons1 : "bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,styleselect,formatselect,fontselect,fontsizeselect",
+		theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,search,replace,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,image,|,insertdate,inserttime,preview,|,forecolor",
+		theme_advanced_buttons3 : "hr,|,charmap,emotions,iespell,|,fullscreen",
+		theme_advanced_toolbar_location : "top",
+		theme_advanced_toolbar_align : "left",
+		theme_advanced_statusbar_location : "bottom",
+		theme_advanced_resizing : true,
+
+		// Example content CSS (should be your site CSS)
+		content_css : "css/content.css",
+
+		// Drop lists for link/image/media/template dialogs
+		template_external_list_url : "lists/template_list.js",
+		external_link_list_url : "lists/link_list.js",
+		external_image_list_url : "lists/image_list.js",
+		media_external_list_url : "lists/media_list.js",
+
+		// Style formats
+		style_formats : [
+			{title : 'Bold text', inline : 'b'},
+			{title : 'Red text', inline : 'span', styles : {color : '#ff0000'}},
+			{title : 'Red header', block : 'h1', styles : {color : '#ff0000'}},
+			{title : 'Example 1', inline : 'span', classes : 'example1'},
+			{title : 'Example 2', inline : 'span', classes : 'example2'},
+			{title : 'Table styles'},
+			{title : 'Table row 1', selector : 'tr', classes : 'tablerow1'}
+		],
+
+		// Replace values for the template plugin
+		template_replace_values : {
+			username : "Some User",
+			staffid : "991234"
+		}
+	});
+</script>
 <!-- Start #main -->
 <div id="main">			
 	<div class="content">	

inc/server/server.statistic.php

@@ -8,38 +8,54 @@
 /*			Original MangosWeb (C) 2007, Sasha, Nafe, TGM, Peec				*/
 /****************************************************************************/
 
-if(INCLUDED!==true)exit;
+if(INCLUDED!==true) {
+	echo "Not Included!"; exit;
+}
 
-$pathway_info[] = array('title'=>$lang['statistic'],'link'=>'');
+$realm = $DB->selectRow("SELECT * FROM realmlist WHERE `id`='".$user['cur_selected_realm']."' LIMIT 1");
+$pathway_info[] = array('title' => 'Server Statistics', 'link' => '?p=server&sub=statistic');
+$pathway_info[] = array('title' => $realm['name'], 'link' => '');
 
 //initialize $num_chars variable
 $num_chars = 0;
-$realm_param = $user['cur_selected_realmd'];
-$rc = $CHDB->selectCol("SELECT race AS ARRAY_KEY, count(race) AS `num` FROM `characters` GROUP BY race");
+//$realm_param = get_realm_byid($_COOKIE['cur_selected_realm']);;
+$rc = $CDB->select("SELECT race, count(race) AS `num` FROM `characters` GROUP BY race");
 
-foreach($rc as $data)
+foreach($rc as $row)
 {
-    $num_chars+=$data;
+    $data[$row['race']] = $row['num'];
 }
+
 // Loop thru classes, add 0 if its not defined in array.
-for($i = 1; $i <= 11; $i++)if (!isset($rc[$i]))$rc[$i] = 0;
+for($i = 1; $i <= 11; $i++)
+{
+    if(!isset($data[$i]))
+    {
+        $data[$i] = 0;
+    }
+
+    $num_chars += $data[$i];
+
+   // echo "data[$i] = ".$data[$i]." - num_chars = $num_chars<br>";
+}
 
 //Check if 0 entries to avoid PHP warnings if 0 chars in database.
-if ($num_chars > 0){
-    $num_ally = $rc[1]+$rc[3]+$rc[4]+$rc[7]+$rc[11];
-    $num_horde = $rc[2]+$rc[5]+$rc[6]+$rc[8]+$rc[10];
+if ($num_chars > 0)
+{
+    $num_ally = $data[1]+$data[3]+$data[4]+$data[7]+$data[11];
+    $num_horde = $data[2]+$data[5]+$data[6]+$data[8]+$data[10];
     $pc_ally =  round($num_ally/$num_chars*100,2);
     $pc_horde =  round($num_horde/$num_chars*100,2);
-    $pc_human = round($rc[1]/$num_chars*100,2);
-    $pc_orc = round($rc[2]/$num_chars*100,2);
-    $pc_dwarf = round($rc[3]/$num_chars*100,2);
-    $pc_ne = round($rc[4]/$num_chars*100,2);
-    $pc_undead = round($rc[5]/$num_chars*100,2);
-    $pc_tauren = round($rc[6]/$num_chars*100,2);
-    $pc_gnome = round($rc[7]/$num_chars*100,2);
-    $pc_troll = round($rc[8]/$num_chars*100,2);
-    $pc_be = round($rc[10]/$num_chars*100,2);
-    $pc_dranei = round($rc[11]/$num_chars*100,2);
+    $pc_human = round($data[1]/$num_chars*100,2);
+    $pc_orc = round($data[2]/$num_chars*100,2);
+    $pc_dwarf = round($data[3]/$num_chars*100,2);
+    $pc_ne = round($data[4]/$num_chars*100,2);
+    $pc_undead = round($data[5]/$num_chars*100,2);
+    $pc_tauren = round($data[6]/$num_chars*100,2);
+    $pc_gnome = round($data[7]/$num_chars*100,2);
+    $pc_troll = round($data[8]/$num_chars*100,2);
+    $pc_be = round($data[10]/$num_chars*100,2);
+    $pc_dranei = round($data[11]/$num_chars*100,2);
 }
 ?>
 

index.php

@@ -121,7 +121,7 @@
 if($CDB->status() != 1)
 {
 	echo "Cannot connect to the Character database. Please make sure you have this realm setup successfully in the Admin Panel. 
-	Delete your cookies to reset realm selection back to default";
+	Delete your cookies to reset realm selection back to default. ";
 	die();
 }
 

install/index.php

@@ -200,17 +200,17 @@ function output_message($type, $text)
 						die();
 					}
 					// Check if provided info is correct
-					@mysql_connect($_POST['db_host'].":".$_POST['db_port'], $_POST['db_username'], $_POST['db_password']) 
+					$link = @mysqli_connect($_POST['db_host'], $_POST['db_username'], $_POST['db_password'], $_POST['db_name'], $_POST['db_port']) 
 						or die('<div class="error">Couldn\'t connect to MySQL Database. Please <a href="javascript: history.go(-1)">Go Back</a> and re-enter MySQL Database Information.<br /><br />MySql error log:<br />
-							'.mysql_error().'</div');
-					mysql_select_db($_POST['db_name']) 
+							'.mysqli_connect_error().'</div');
+					mysqli_select_db($link, $_POST['db_name']) 
 						or die('<div class="error">Counld Not select Realm database! Please go back and re-submit realm DB information.</div>');
 
 					output_message('success', 'Successfully Connected to Realm DB.');
 
 					// Check if "account" table exsists, so we make (almost) sure mangos is actually installed (which is necesarry for this whole thing to work)
-					@mysql_query("SELECT * FROM `account` LIMIT 1") or die('<div class="error">Error!<br /><br />Account table not found! Cannot Continue with the installation without an Account
-						table!<br /><br />MySql error log:<br />'.mysql_error().'</div>');
+					@mysqli_query($link, "SELECT * FROM `account` LIMIT 1") or die('<div class="error">Error!<br /><br />Account table not found! Cannot Continue with the installation without an Account
+						table!<br /><br />MySql error log:<br />'.mysqli_error().'</div>');
 
 					// Everthing should be fine, so first insert info into protected config file
 					$conffile = "../config/config-protected.php";
@@ -239,7 +239,7 @@ function output_message($type, $text)
 					}
 
 					// Preparing for sql injection... (prashing, etc...)
-					$checker = @mysql_query("SELECT * FROM `account_extend` LIMIT 1");
+					$checker = @mysqli_query($link, "SELECT * FROM `account_extend` LIMIT 1");
 					if(!isset($_POST['skip']))
 					{
 						// Dealing with the full install sql file
@@ -285,11 +285,11 @@ function output_message($type, $text)
 						// Sql injection
 						foreach ($queries as $query) 
 						{
-							mysql_query($query);
+							mysqli_query($link, $query);
 						}
 					}
-					$get_name = mysql_query("SELECT `name` FROM `realmlist` WHERE `id`=1 LIMIT 1") or die('<div class="error">'.mysql_error().'</div>');
-					$DB_name = mysql_result($get_name,0);
+					$get_name = mysqli_query($link, "SELECT `name` FROM `realmlist` WHERE `id`=1 LIMIT 1") or die('<div class="error">'.mysqli_error().'</div>');
+					$DB_name = mysqli_fetch_assoc($get_name);
 				?>
 				<!-- STEP 4 -->
 					<form method="POST" action="index.php?step=5" class="form label-inline">
@@ -394,20 +394,20 @@ function output_message($type, $text)
 				}
 				elseif($step == 5)
 				{
-					@mysql_connect($_POST['char_db_host'].":".$_POST['char_db_port'], $_POST['char_db_username'], $_POST['char_db_password']) 
+					$char_link = @mysqli_connect($_POST['char_db_host'], $_POST['char_db_username'], $_POST['char_db_password'], $_POST['char_db_name'], $_POST['char_db_port']) 
 						or die('<div class="error">Couldn\'t connect to the character MySQL Database. Please <a href="javascript: history.go(-1)">Go Back</a> and re-enter MySQL Database Information.</div>');
-					@mysql_select_db($_POST['char_db_name']) or die('<div class="error">Couldn\'t select Characters db, most likely the given name is wrong. Please <a href="javascript: history.go(-1)">Go Back</a> and correct it.</div>');
+					@mysqli_select_db($char_link, $_POST['char_db_name']) or die('<div class="error">Couldn\'t select Characters db, most likely the given name is wrong. Please <a href="javascript: history.go(-1)">Go Back</a> and correct it.</div>');
 
-					@mysql_connect($_POST['w_db_host'].":".$_POST['w_db_port'], $_POST['w_db_username'], $_POST['w_db_password']) 
+					$world_link = @mysqli_connect($_POST['w_db_host'], $_POST['w_db_username'], $_POST['w_db_password'], $_POST['w_db_name'], $_POST['w_db_port']) 
 						or die('<div class="error">Couldn\'t connect to the world MySQL Database. Please <a href="javascript: history.go(-1)">Go Back</a> and re-enter MySQL Database Information.</div>');
-					@mysql_select_db($_POST['w_db_name']) or die('<div class="error">Couldn\'t select World db, most likely the given name is wrong. Please <a href="javascript: history.go(-1)">Go Back</a> and correct it.</div>');
+					@mysqli_select_db($world_link, $_POST['w_db_name']) or die('<div class="error">Couldn\'t select World db, most likely the given name is wrong. Please <a href="javascript: history.go(-1)">Go Back</a> and correct it.</div>');
 
-					@mysql_connect($_POST['db_host'].":".$_POST['db_port'], $_POST['db_username'], $_POST['db_password']);
-					@mysql_select_db($_POST['db_name']) or die('Unable to select Realm Database!');
+					$realm_link = @mysqli_connect($_POST['db_host'], $_POST['db_username'], $_POST['db_password'], $_POST['db_name'], $_POST['db_port']);
+					@mysqli_select_db($realm_link, $_POST['db_name']) or die('Unable to select Realm Database!');
 
 					// Extra sql query with db settings
 					$dbinfo = $_POST['char_db_host'].";".$_POST['char_db_port'].";".$_POST['char_db_username'].";".$_POST['char_db_password'].";".$_POST['char_db_name'].";".$_POST['w_db_host'].";".$_POST['w_db_port'].";".$_POST['w_db_username'].";".$_POST['w_db_password'].";".$_POST['w_db_name'].";";
-					mysql_query("UPDATE `realmlist` SET `dbinfo` = '".$dbinfo."', `site_enabled`=1 WHERE `id` = 1 LIMIT 1") or die('<div class="error">'.mysql_error().'</div>');
+					mysqli_query($realm_link, "UPDATE `realmlist` SET `dbinfo` = '".$dbinfo."', `site_enabled`=1 WHERE `id` = 1 LIMIT 1") or die('<div class="error">'.mysqli_error($realm_link).'</div>');
 
 					output_message('success', 'Successfully Connected to Character and World DB\'s');
 				?>
@@ -464,26 +464,26 @@ function sha_password($user, $pass)
 						$pass = strtoupper($pass);
 						return SHA1($user.':'.$pass);
 					}
-					mysql_connect($_POST['db_host'].":".$_POST['db_port'], $_POST['db_username'], $_POST['db_password']);
-					mysql_select_db($_POST['db_name']);
+					$realm_link = mysqli_connect($_POST['db_host'], $_POST['db_username'], $_POST['db_password'], $_POST['db_name'], $_POST['db_port']);
+					mysqli_select_db($realm_link, $_POST['db_name']);
 
-					$accountid = mysql_query("SELECT `id` FROM `account` WHERE `username` LIKE '".$_POST['account']."'");
-					$checkacc = mysql_num_rows($accountid);
+					$accountid = mysqli_query($realm_link, "SELECT `id` FROM `account` WHERE `username` LIKE '".$_POST['account']."'");
+					$checkacc = mysqli_num_rows($accountid);
 					if ($checkacc == 1) 
 					{
 						// Account exsist
-						$accountid = mysql_fetch_assoc($accountid);
-						mysql_query("UPDATE `mw_account_extend` SET `account_level` = '4' WHERE `account_id` = ".$accountid['id']." LIMIT 1 ;");
+						$accountid = mysqli_fetch_assoc($accountid);
+						mysqli_query($realm_link, "UPDATE `mw_account_extend` SET `account_level` = '4' WHERE `account_id` = ".$accountid['id']." LIMIT 1 ;");
 						$return = 1;
 						}
 					else 
 					{
 						// No such account, creating one, in this case pwd is needed, so checking whether it's provided...
 						$password = sha_password($_POST['account'], $_POST['pass']);
-						mysql_query("INSERT INTO `account` (`username`, `sha_pass_hash`) VALUES ('".$_POST['account']."', '".$password."' );");
-						$accountid = mysql_query("SELECT `id` FROM `account` WHERE `username` LIKE '".$_POST['account']."'");
-						$acct = mysql_fetch_assoc($accountid);
-						mysql_query("INSERT INTO `mw_account_extend` (`account_id`, `account_level`) VALUES ('".$acct['id']."', '4')");
+						mysqli_query($realm_link, "INSERT INTO `account` (`username`, `sha_pass_hash`) VALUES ('".$_POST['account']."', '".$password."' );");
+						$accountid = mysqli_query("SELECT `id` FROM `account` WHERE `username` LIKE '".$_POST['account']."'");
+						$acct = mysqli_fetch_assoc($accountid);
+						mysqli_query($realm_link, "INSERT INTO `mw_account_extend` (`account_id`, `account_level`) VALUES ('".$acct['id']."', '4')");
 						$return = 2;
 					}
 				?>