Merge pull request #44 from paintballrefjosh/bug-fixes

Bug fixes

Author: Josh

core/SDL/class.account.php

@@ -83,7 +83,7 @@ function check()
             }
 
 			// Make sure the activation code is NULL in the DB
-            if($res['activation_code'] != NULL)
+            if($res['locked'] == 1)
 			{
                 $this->setgroup();
                 return false;
@@ -169,8 +169,8 @@ function login($params)
 			return 4;
         }
 
-		// If the activation code is not NULL, the account is not activated, return 5
-        if($res2['activation_code'] != NULL)
+		// If the account is locked or "inactive" then return 5, do not allow login
+        if($res['locked'] == 1)
 		{
             $success = 0;
 			return 5;

core/SDL/class.rasocket.php

@@ -209,16 +209,16 @@ private function writeDebugLog()
       Returns 2 if it's not authenticated
       @param $command the command to enter on console
     */
-    public function executeCommand($type, $shost, $remote, $command)
+    public function executeCommand($type, $host, $port, $user, $pass, $command)
     {
 		if($type == 0)
 		{
-			if(!$this->connect($shost, $remote[1]))
+			if(!$this->connect($host, $port))
 			{
 				return 0;
 			}
 
-			if(!$this->auth($remote[2], $remote[3]))
+			if(!$this->auth($user, $pass))
 			{
 				return 2;
 			}
@@ -272,7 +272,7 @@ public function executeCommand($type, $shost, $remote, $command)
 		}
 		else # type is SOAP
 		{
-			$client = $this->soapHandle($shost, $remote);
+			$client = $this->soapHandle($host, $port, $user, $pass);
 			// If multiple commands
 			if(is_array($command))
 			{
@@ -338,29 +338,29 @@ public function executeCommand($type, $shost, $remote, $command)
 
 //	************************************************************
 // Setups the Soap Handle	
-	private function soapHandle($shost, $remote)
+	private function soapHandle($host, $port, $user, $pass)
 	{
 		global $mwe_config;
 		if($mwe_config['emulator'] == 'mangos')
 		{
 			$client = new SoapClient(NULL,
 			array(
-			"location" => "http://".$shost.":".$remote[1]."/",
+			"location" => "http://".$host.":".$port."/",
 			"uri" => "urn:MaNGOS",
 			"style" => SOAP_RPC,
-			"login" => $remote[2],
-			"password" => $remote[3]
+			"login" => $user,
+			"password" => $pass
 			));
 		}
 		else
 		{
 			$client = new SoapClient(NULL,
 			array(
-			"location" => "http://".$shost.":".$remote[1]."/",
+			"location" => "http://".$host.":".$port."/",
 			"uri" => "urn:TC",
 			"style" => SOAP_RPC,
-			"login" => $remote[2],
-			"password" => $remote[3]
+			"login" => $user,
+			"password" => $pass
 			));
 		}
 		return $client;
@@ -378,17 +378,15 @@ private function soapHandle($shost, $remote)
 	*/
 	function send($command, $realm)
 	{
-		global $RDB;
+		global $RDB, $DB;
 
 		// Get the remote access information from the realm database
-		$get_remote = $RDB->selectRow("SELECT * FROM `realmlist` WHERE id='".$realm."'");
-		$remote = explode(';', $get_remote['ra_info']);
-		$shost = $get_remote['address'];
-		
+		$remote = $DB->selectRow("SELECT ra_type, ra_port, ra_user, ra_pass FROM `mw_realm` WHERE `realm_id`='".$realm."'");
+		$host = $RDB->selectCell("SELECT `address` FROM `realmlist` WHERE `id` = '$realm'");
 		// Make sure the remote access type is either 1 or 0
-		if($remote[0] == 0 || $remote[0] == 1)
+		if((int)$remote['ra_type'] == 0 || (int)$remote['ra_type'] == 1)
 		{
-			$result = $this->executeCommand($remote[0], $shost, $remote, $command);
+			$result = $this->executeCommand($remote['ra_type'], $host, $remote['ra_port'], $remote['ra_user'], $remote['ra_pass'], $command);
 			if($result != 1)
 			{
 				if($result == 0)

core/class.database.php

@@ -140,7 +140,7 @@ public function count($query)
     {
         $sql = mysqli_query($this->mysql, $query) or die("Couldnt Run Query: ".$query."<br />Error: ".mysqli_error($this->mysql)."");
 		$this->_statistics['count']++;
-		return (int)mysqli_fetch_assoc($sql);
+		return mysqli_num_rows($sql);
     }
 
 //	************************************************************	

core/core.php

@@ -10,8 +10,8 @@
 
 class Core
 {
-	public $version = '4.1.1';
-	public $version_date = '2017-03-29, 13:17';
+	public $version = '4.1.2';
+	public $version_date = '2017-04-02, 15:41';
 	public $db_version = '4.1.0';
 	private $conf;
 

inc/admin/script_files/admin.news.php

@@ -26,7 +26,7 @@ function addNews($subj,$message,$un)
 	else
 	{
 		$post_time = time();
-		$sql =  "INSERT INTO mw_news(title, message, posted_by, post_time) VALUES('".$subj."','".$message."','".$un."','".$post_time."')";
+		$sql =  "INSERT INTO mw_news(title, message, posted_by, post_time) VALUES('".$DB->real_escape_string($subj)."','".$DB->real_escape_string($message)."','".$un."','".$post_time."')";
         $tabs = $DB->query($sql);
 
 		output_message('success', $lang['news_add_success']);
@@ -41,7 +41,7 @@ function editNews($idz,$mess)
 	}
 	else
 	{
-		$DB->query("UPDATE `mw_news` SET `message`='$mess' WHERE `id`='$idz'");
+		$DB->query("UPDATE `mw_news` SET `message`='".$DB->real_escape_string($mess)."' WHERE `id`='$idz'");
 
 		output_message('success', $lang['news_edit_success']);
 	}

inc/admin/script_files/admin.realms.php

@@ -40,6 +40,9 @@ function updateRealm()
 	if(empty($_POST['db_char_port']))
 		$_POST['db_char_port'] = 0;
 
+	if(empty($_POST['ra_port']))
+		$_POST['ra_port'] = 0;
+	
 	if($realm > 0)
 	{
 		$DB->query("UPDATE `mw_realm` SET 
@@ -53,6 +56,10 @@ function updateRealm()
 			`db_char_port` = '".$_POST['db_char_port']."',
 			`db_char_user` = '".$_POST['db_char_user']."',
 			`db_char_pass` = '".$_POST['db_char_pass']."',
+			`ra_type` = '".$_POST['ra_type']."',
+			`ra_port` = '".$_POST['ra_port']."',
+			`ra_user` = '".$_POST['ra_user']."',
+			`ra_pass` = '".$_POST['ra_pass']."',
 			`site_enabled` = '".$_POST['site_enabled']."'
 		WHERE `realm_id` = ".$_GET['id']."
 		");
@@ -70,6 +77,10 @@ function updateRealm()
 			`db_char_port` = '".$_POST['db_char_port']."',
 			`db_char_user` = '".$_POST['db_char_user']."',
 			`db_char_pass` = '".$_POST['db_char_pass']."',
+			`ra_type` = '".$_POST['ra_type']."',
+			`ra_port` = '".$_POST['ra_port']."',
+			`ra_user` = '".$_POST['ra_user']."',
+			`ra_pass` = '".$_POST['ra_pass']."',
 			`site_enabled` = '".$_POST['site_enabled']."',
 			`realm_id` = ".$_GET['id'].";
 		");

inc/admin/template_files/admin.realms.php

@@ -17,16 +17,14 @@
 if(isset($_GET['id'])) 
 {
 	$rlm = $RDB->selectRow("SELECT * FROM `realmlist` WHERE `id`='".$_GET['id']."'");
-	$rlm_ext = $DB->selectRow("SELECT * FROM mw_realm WHERE realm_id = '".$_GET['id']."'");
+	$rlm_ext = $DB->selectRow("SELECT * FROM `mw_realm` WHERE `realm_id` = '".$_GET['id']."'");
 
-	$db_info = explode( ';', $rlm['dbinfo'] ) ;
-	$ra_info = explode( ';', $rlm['ra_info'] ) ;
 ?>
 
 <!-- EDITING A REALM -->
 <div class="content">	
 	<div class="content-header">
-		<h4><a href="?p=admin">Main Menu</a> / <a href="?p=admin&sub=realms">Manage Realms</a> / Edit</h4>
+		<h4><a href="?p=admin">Main Menu</a> / <a href="?p=admin&amp;sub=realms">Manage Realms</a> / Edit</h4>
 	</div> <!-- .content-header -->	
 	<div class="main-content">
 
@@ -253,7 +251,7 @@
 		<!-- Ra Password -->
 		<div class="field">
 			<label for="dbh"><?php echo $lang['remote_access_pass']; ?>: </label>
-			<input id="dbh" name="ra_pass" size="20" type="text" class="medium" value="<?php echo $rlm_ext['ra_pass']; ?>" />
+			<input id="dbh" name="ra_pass" size="20" type="password" class="medium" value="<?php echo $rlm_ext['ra_pass']; ?>" />
 			<p class="field_help"><?php echo $lang['remote_access_pass_desc']; ?>.</p>
 		</div>
 

inc/frontpage/frontpage.index.php

@@ -89,7 +89,12 @@
 		}
 		unset($CHDB_EXTRA, $data); // Free up memory.
 
-		$server['moreinfo'] = $mwe_config['fp_server_more_info'];
+		if($mwe_config['fp_server_more_info'])
+		{
+			$server['moreinfo'] = $mwe_config['fp_server_more_info'];
+			$server['moreinfourl'] = mw_url('server', 'statistic', $changerealmtoparam);
+		}
+
 		$servers[] = $server;
 	}
 }

inc/server/server.commands.php

@@ -35,12 +35,19 @@
 	{
 		$userlevel = 0;
 	}
-	
-	$permissions = $RDB->select("SELECT `rbac_linked_permissions`.`linkedId` FROM `rbac_linked_permissions` 
-		LEFT JOIN `rbac_default_permissions` ON (`rbac_linked_permissions`.`id` = `rbac_default_permissions`.`permissionId`)
-		WHERE `rbac_default_permissions`.`secId` =  <= $userlevel"
-	);
-	$permissions = join(",", $permissions);
-	$alltopics  = $WDB->select("SELECT * FROM `command` WHERE `permission` IN ($permissions) ORDER BY `name` ASC");
+	$sql = "SELECT `rbac_linked_permissions`.`linkedId` FROM `rbac_linked_permissions` 
+		LEFT JOIN `rbac_default_permissions` ON (`rbac_linked_permissions`.`id` BETWEEN `rbac_default_permissions`.`permissionId` + 4 AND 199)
+		WHERE `rbac_default_permissions`.`secId` <= $userlevel";
+	$permissions = $RDB->select($sql);
+
+	$permission_id = "";
+	foreach($permissions as $row)
+	{
+		$permission_id .= $row['linkedId'].",";
+	}
+	$permission_id = substr($permission_id, 0, -1);
+
+	$sql = "SELECT * FROM `command` WHERE `permission` IN ($permission_id) ORDER BY `name` ASC";
+	$alltopics  = $WDB->select($sql);
 }
 ?>

inc/server/server.statistic.php

@@ -12,6 +12,14 @@
 	echo "Not Included!"; exit;
 }
 
+// Check to see if the changerealm_to variable is set in the URI.  If so we need to set the selected 
+// realm cookie and reload the page in order to pull the players online from the correct realm
+if(isset($_GET['changerealm_to']))
+{
+	setcookie("cur_selected_realm", $_GET['changerealm_to'], time() + (3600 * 24 * 365));
+	redirect("?p=server&sub=statistic",1);
+}
+
 // build top of page navigation breadcrumbs
 $realm = $RDB->selectRow("SELECT * FROM realmlist WHERE `id`='".$user['cur_selected_realm']."' LIMIT 1");
 $pathway_info[] = array('title' => 'Server Statistics', 'link' => '?p=server&sub=statistic');

templates/blizzlike/body_right.php

@@ -269,7 +269,7 @@
 					?>
 							<li>
 								<div>
-									<a href="<?php echo mw_url('server', 'info'); ?>"><?php echo $lang['more_info']; ?></a>
+									<a href="<?php echo $server['moreinfourl']; ?>"><?php echo $lang['more_info']; ?></a>
 								</div>
 							</li>
 

templates/blizzlike/server/server.commands.php

@@ -14,6 +14,7 @@
 {
     $postnum++;
     if($hl=='alt')$hl=''; else $hl='alt';
+	$topic_permission = $RDB->selectCell("SELECT `name` FROM `rbac_permissions` WHERE id IN (SELECT `id` FROM `rbac_linked_permissions` WHERE linkedId = ".$topic['permission'].")");
 ?>
     <script type="text/javascript">
         var postId<?php echo $postnum;?>="<?php echo $postnum;?>";
@@ -50,7 +51,7 @@
 							<li>
 								<div class="letter-box0"></div>
 								<div class="blog-post">
-									<playerlevel><?php echo "Level : ".$topic['security']."<br/>";?></playerlevel>
+									<playerlevel><?= $topic_permission; ?><br/></playerlevel>
 									<description><?php echo str_replace("\r",'<br/>',$topic['help']);?></description>
 								</div>
 							</li>

update/index.php

@@ -35,32 +35,52 @@
 }
 
 $Update->check_for_updates();
+
+$sql_file = "https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".sql";
+$php_file = "https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".php";
+$sql_headers = @get_headers($sql_file);
+$php_headers = @get_headers($php_file);
+
 //die($db_act_ver . "---".$Core->db_version."---".$Update->next_db_version);
 if(file_exists("scripts/update_" . $Update->next_db_version . ".php"))
 {
 	// check to see if there is a local PHP script to handle the SQL update
 	include("scripts/update_" . $Update->next_db_version . ".php");
 }
-elseif(file_exists("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".php"))
+/*elseif(stripos($php_headers[0], "200 OK") >= 0) // disabling this feature due to default php settings not allowing remote files to be included
 {
 	// check for online copy if no local copy exists of the PHP script
-	include("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".php");
-}
+	include($php_file);
+}*/
 else
 {
 	// no script required for this DB update, proceed
 	if(file_exists("scripts/update_" . $Update->next_db_version . ".sql"))
 	{
 		// check to see if there is a local SQL script and run
 		$DB->runSQL("scripts/update_" . $Update->next_db_version . ".sql");
+?>
+
+		Database successfully updated using file: "scripts/update_<?= $Update->next_db_version; ?>.sql !!<br /><br />
+		<a href="index.php">Go back</a> to check for additional updates.<br />
+	
+<?php
+
 	}
-	elseif(file_exists("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".sql"))
+/*	elseif(stripos($sql_headers[0], "200 OK") >= 0)
 	{
 		// check for online copy if no local copy exists of the SQL script
-		$DB->runSQL("https://raw.githubusercontent.com/paintballrefjosh/MaNGOSWebV4/master/update/scripts/update_" . $Update->next_db_version . ".sql");
-	}
+		$DB->runSQL($sql_file);
+?>
+
+		Database successfully updated using file: <?= $sql_file; ?> !!<br /><br />
+		<a href="index.php">Go back</a> to check for additional updates.<br />
+	
+<?php
+
+	}*/
 	else
 	{
-		die("SQL update file not found!");
+		die("SQL update file not found!<br /><br />Current DB Version: $db_act_ver <br />Expected DB Version: $Core->db_version <br />Next DB Version: $Update->next_db_version");
 	}
 }