Upload files to "website"

website/include.php

@@ -0,0 +1,31 @@
+<?php
+
+# customizable configuration variables
+
+$config_maxchars = 2;
+
+# static global variables
+
+
+# setup SQL connection
+
+$hostname = "localhost";
+require($_SERVER['DOCUMENT_ROOT'].'/../secret.php'); // only viewable to apache/php, not to world
+
+$mysqli = mysqli_connect($hostname,$sqluser,$sqlpass,$database) or die("GAME: SQL connection error.");
+
+# game strings
+
+$gamever = "0.2.00 (2024-07-31)";
+$gameroot = "https://frontier.popelore.net";
+$gameerror = "<P><FONT COLOR=\"RED\">ERROR:</FONT> Database query failed.
+	<P>There has been an error accessing the database. Please
+	notify the administors by sending an email to the discussion
+	list with what you were trying to do, and include the
+	following error code: ";
+$gameseserr = "<P><FONT COLOR=\"RED\">ERROR:</FONT> Not authenticated.
+	<P>Either you did not log in, or your session timed out.
+	<P>Please <A HREF=\"$gameroot/index.html\">log in</A> again.";
+$footer = "<P><HR><P ALIGN=\"CENTER\"><FONT SIZE=\"-1\">Version ".$gamever.". Copyright &copy; 2024 Justin Pope.</FONT>";
+
+?>

website/index.html

@@ -0,0 +1,56 @@
+<HTML>
+<HEAD>
+<TITLE>Frontier II</TITLE>
+</HEAD>
+<BODY BGCOLOR="#000000" TEXT="#f0f0f0">
+
+<DIV ALIGN="CENTER">
+<!-- Image courtesy of Pent from FrontierMUTE -->
+<P><IMG SRC="frontier.jpg" ALT="Frontier II">
+<P><HR><P>
+</DIV>
+
+<P>In a far corner of a distant galaxy, a small band of super-beings guided a group of
+ empires from different planets as they reached for the stars. The Watchers, as this
+ fantastic race was called, maintained peace and provided a medium for trade of goods
+ and knowledge. In return, they simply wanted to observe how the empires evolved and
+ interacted with each other. But some of the Watchers differed as to how far they should
+ involve themselves in the affairs of the other worlds. After a dispute, the faction
+ favoring non-interference left the other Watchers and set out in search of a new home.
+
+<P>Years later, these Watchers have found what they were looking for - another area
+ of space where several empires are struggling to establish themselves as space powers.
+ Here, they will Watch the empires grow, meet each other, and maybe even die out. They are
+ committed to avoid interference when possible, and never reveal themselves as what they
+ really are.
+
+<P>Will the empires live together in peace? Will they find out what the harsh consequenses
+of war are? Who will hold the most true power - the emperors or the commoners? Only YOU,
+the players, will decide what will happen. It's a whole new frontier... It's Frontier II.
+
+<P><BR><HR><P>
+
+<P>Frontier is a web-based online roleplaying game centered around a galactic struggle
+ of diplomacy and conquest. Based loosely on gameplay concepts from the popular game
+ <A HREF="http://battlemaster.org/">BattleMaster</A>, Frontier is designed to be
+ and does not require the average player to spend more than a few minutes each day
+ playing his or her turns.
+
+<P><FONT COLOR="RED">Frontier II is currently a work in progress. Almost everything
+ does NOT work yet!</FONT>
+
+<P><FORM ACTION="login.php" METHOD="POST">
+If you have an existing account, log in here:<BR>
+Username: <INPUT TYPE="textbox" NAME="nick"><BR>
+Password: <INPUT TYPE="password" NAME="pass">
+<INPUT TYPE="SUBMIT" VALUE="Login"></FORM>
+
+<P>If you're new to the game, <A HREF="register.html">click here</A>
+to create a new user.
+
+<P><HR>
+
+<P ALIGN="CENTER"><FONT SIZE="-1">Copyright &copy; 2024 Justin Pope. All rights reserved.</FONT>
+
+</BODY>
+</HTML>

website/login.php

@@ -0,0 +1,68 @@
+<?php
+
+require($_SERVER['DOCUMENT_ROOT'].'/include.php');
+
+$nick = $_POST['nick'];
+$pass = $_POST['pass'];
+$hash = md5($pass);
+
+$sql = "SELECT * FROM player WHERE 
+	nick = '$nick' AND
+	pass = '$hash'";
+
+$result = mysqli_query($mysqli, $sql) or die($gameerror . "L-Q01");
+
+$num = mysqli_num_rows($result);
+
+if ($num == 1) { // username and password match
+
+    $row = mysqli_fetch_assoc($result);
+
+    $id = $row['id'];
+
+    // create session with userid
+    session_start();
+    $_SESSION['id'] = $id;
+    session_write_close();
+
+    // update the last login field, clear failure counter
+    $date = date('Y-m-d H:i');
+    $sql = "UPDATE player SET last_date = '$date',
+	failed_num = '0' WHERE id = '$id'";
+    mysqli_query($mysqli, $sql) or die($gameerror . "L-Q02");
+
+    header("Location: $gameroot/playuser.php");
+
+} else { // either no username or password was bad
+
+    $sql = "SELECT * FROM player WHERE nick = '$nick'";
+    $result = mysqli_query($mysqli, $sql) or die($gameerror . "L-Q03");
+    $num = mysqli_num_rows($result);
+
+    if ($num == 1) { // username good (must have been bad password)
+
+	$row = mysqli_fetch_assoc($result);
+
+	$id = $row['id'];
+
+	// update the failure fields and increment failure counter
+	$date = date('Y-m-d H:i');
+	$ip = $_SERVER['REMOTE_ADDR'];
+	$count = $row['failed_num'] + 1;
+	$sql = "UPDATE player SET failed_num = '$count',
+	    failed_date = '$date', failed_ip = '$ip'
+	    WHERE id = '$id'";
+	mysqli_query($mysqli, $sql) or die($gameerror . "L-Q04");
+
+    }
+
+    // If they messed up the username, we ignore it completely.
+
+    // redirect back to the main page so they can log in again.
+    header("Location: $gameroot/index.html");
+
+}
+
+mysqli_close($mysqli);
+
+?>

website/logout.php

@@ -0,0 +1,13 @@
+<?php
+
+session_start();
+require($_SERVER['DOCUMENT_ROOT'].'/include.php');
+
+$_SESSION = array();
+session_destroy();
+
+mysqli_close($mysqli);
+
+header("Location: $gameroot/index.html");
+
+?>

website/newuser.php

@@ -0,0 +1,75 @@
+<HTML><HEAD><TITLE>Frontier II - Registration</TITLE>
+</HEAD><BODY BGCOLOR="#000000" TEXT="#f0f0f0">
+<H2 ALIGN="CENTER">Frontier II</H2>
+<H3 ALIGN="CENTER">Registration</H3>
+<P>Creating account...
+
+<?php
+
+require($_SERVER['DOCUMENT_ROOT'].'/include.php');
+
+$nick = $_POST['nick'];
+$pass = $_POST['pass'];
+$name = $_POST['name'];
+$safe_email = $_POST['safe_email'];
+$agree = $_POST['agree'];
+
+$date = date('Y-m-d H:i'); 
+
+if (($agree == TRUE) && ($nick != '') && ($pass != '') &&
+    ($name != '') && ($safe_email != ''))
+{ // Form filled out completely
+
+    $sql = "SELECT * FROM player WHERE nick = '$nick'";
+
+    $result = mysqli_query($mysqli, $sql) or die($gameerror . "NU-Q01");
+
+    $num = mysqli_num_rows($result);
+
+    if ($num == 0)
+    { // Username is unique
+
+	$hash = md5($pass);
+
+	$sql = "INSERT INTO player SET
+            nick = '$nick',
+            pass = '$hash',
+            name = '$name',
+            safe_email = '$safe_email',
+            create_date = '$date',
+            last_date = '$date',
+            failed_num = '0',
+            country_id = '1',
+            tz_id = '1'";
+
+	mysqli_query($mysqli, $sql) or die($gameerror . "NU-Q02");
+
+	echo "<P>Done! To get started, please log in from the
+	    <A HREF=\"$gameroot/index.html\">main page</A>.
+	    ";
+
+    } else { // Username is not unique
+
+	echo "<P><FONT COLOR=\"RED\">Error!</FONT> That username
+	    seems to be taken already. Please
+	    <A HREF=\"$gameroot/newuser.html\">try again</A>.
+	    ";
+
+    }
+
+} else { // Form not filled out completely
+
+    echo "<P><FONT COLOR=\"RED\">Error!</FONT> Either you didn't
+	fill something in right, or you left something blank. Please
+	<A HREF=\"$gameroot/newuser.html\">try again</A>.
+	";
+
+}
+
+mysqli_close($mysqli);
+
+echo $footer;
+
+?>
+
+</BODY></HTML>