Upload files to "website"

2024-09-19 03:01:23 +00:00 · 2024-09-19 03:01:23 +00:00 · 3bc1943a3f
parent 160f456ae1
commit 3bc1943a3f
5 changed files with 305 additions and 0 deletions
--- a/website/password.php
+++ b/website/password.php
@ -0,0 +1,73 @@
+<?php
+
+session_start();
+require($_SERVER['DOCUMENT_ROOT'].'/include.php');
+
+if ($_SESSION['id'] != '')
+{ // Logged in
+
+    $id = $_SESSION['id'];
+
+    $pass = $_POST['oldpass'];
+    $hash = md5($pass);
+
+    $new1 = $_POST['newpass1'];
+    $new2 = $_POST['newpass2'];
+    $newhash = md5($new1);
+
+    if (($new1 != '') && ($new1 == $new2))
+    { // New password given and confirmed
+
+	$sql = "SELECT * FROM player WHERE id = '$id' AND pass = '$hash'";
+
+	$result = mysqli_query($mysqli, $sql) or die($gameerror . "P-Q01");
+
+	$num = mysqli_num_rows($result);
+
+	if ($num == 1)
+	{ // Old password matched
+
+	    $sql = "UPDATE player SET pass = '$newhash' WHERE id = '$id'";
+
+	    mysqli_query($mysqli, $sql) or die($gameerror . "P-Q02");
+
+	    header("Location: $gameroot/playuser.php");
+
+	} else { // Old password didn't match
+
+	    echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
+		</HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
+		<H2 ALIGN=\"CENTER\">Frontier II</H2>
+		<P><FONT COLOR=\"RED\">Oops!</FONT> Your old password was not valid. Please
+		go to the <A HREF=\"$gameroot/playuser.php\">player page</A> and try again.
+		</BODY></HTML>";
+
+	}
+
+    } else { // New passwords blank or didn't match
+
+	echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
+	    </HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
+	    <H2 ALIGN=\"CENTER\">Frontier II</H2>
+	    <P><FONT COLOR=\"RED\">Oops!</FONT> Your new passwords didn't match, or you left
+	    them blank. Please go to the <A HREF=\"$gameroot/playuser.php\">player page</A>
+	    and try again.
+	    </BODY></HTML>";
+
+    }
+
+} else { // Not logged in
+
+    echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
+	</HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
+	<H2 ALIGN=\"CENTER\">Frontier II</H2>
+	<P><B><FONT COLOR=\"RED\">ERROR:</FONT> Not authenticated.</B>
+	<P>Either you did not log in, or your session timed out.
+	<P>Please <A HREF=\"$gameroot/index.html\">log in</A> again.
+	</BODY></HTML>";
+
+}
+
+mysqli_close($mysqli);
+
+?>
--- a/website/playchar.php
+++ b/website/playchar.php
@ -0,0 +1,49 @@
+<?php
+
+session_start();
+require($_SERVER['DOCUMENT_ROOT'].'/include.php');
+
+$pid = $_SESSION['id'];
+$cid = $_POST['CHARID'];
+
+$sql = "SELECT * FROM `character` WHERE `id` = '$cid' AND
+	`player_id` = '$pid'";
+
+$result = mysqli_query($mysqli, $sql) or die($gameerror . "PC-Q01");
+
+$num = mysqli_num_rows($result);
+
+if ($num == 1) { // PlayerID on session and character match
+
+    $_SESSION['cid'] = $cid;
+    session_write_close();
+
+    // update the last played field
+    $date = date('Y-m-d H:i');
+    $sql = "UPDATE `character` SET `last_date` = '$date'
+	WHERE id = '$cid'";
+
+    // NEED: should this reset any failure flags? how is failure handled?
+
+    mysqli_query($mysqli, $sql) or die($gameerror . "PC-Q02");
+
+    header("Location: $gameroot/game/frame.html");
+
+} else { // PlayerID on character does not match session - bad news!
+
+    // NEED: should log this to a security failure DB, with caution to avoid password leaks.
+
+    echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
+	</HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
+	<H2 ALIGN=\"CENTER\">Frontier II</H2>
+	<P><FONT COLOR=\"RED\">Error!</FONT> You appear to be trying
+	to play a character that isn't yours! Please go to the
+	<A HREF=\"$gameroot/playuser.php\">player page</A>
+	and try again.
+	</BODY></HTML>";
+
+}
+
+mysqli_close($mysqli);
+
+?>
--- a/website/playuser.php
+++ b/website/playuser.php
@ -0,0 +1,81 @@
+<HTML><HEAD>
+<TITLE>Frontier II</TITLE>
+</HEAD><BODY BGCOLOR="#000000" TEXT="#f0f0f0">
+<H2 ALIGN="CENTER">Frontier II</H2>
+<H3 ALIGN="CENTER">Player Page</H3>
+
+<?php
+
+session_start();
+require($_SERVER['DOCUMENT_ROOT'].'/include.php');
+
+if ($_SESSION['id'] != '')
+{ // Logged in
+
+    $player_id = $_SESSION['id'];
+
+    // Pull player userinfo and display it
+    $sql = "SELECT * FROM `player` WHERE `id` = '$player_id'";
+    $result = mysqli_query($mysqli, $sql) or die($gameerror . "PU-Q01");
+
+    $row = mysqli_fetch_assoc($result);
+
+    $player_id = $row['id'];
+    $player_nick = $row['nick'];
+    $player_name = $row['name'];
+
+    echo "<P>Username: $player_nick (#$player_id)
+	<BR>Real Name: $player_name
+	<BR>[<A HREF=\"$gameroot/edituser.php\">Edit Settings</A>]
+	- [<A HREF=\"$gameroot/logout.php\">Log Out</A>]
+	";
+
+    // Look up character list
+    $sql = "SELECT * FROM `character` WHERE `player_id` = '$player_id'";
+    $result = mysqli_query($mysqli, $sql) or die($gameerror . "PU-Q02");
+    $num = mysqli_num_rows($result);
+
+    if ($num > 0) { // Display character list
+
+	echo "<P><TABLE ALIGN=\"CENTER\" CELLPADDING=\"6\" BORDER=\"0\">
+	    <TH>Character</TH><TH>Hours</TH><TH>Status</TH><TH></TH>
+	    ";
+
+	$i = 0;
+	while ($i < $num) {
+
+            $row = mysqli_fetch_assoc($result);
+            $char_id = $row['id'];
+            $char_name = $row['name'];
+            $char_time = $row['time'];
+
+	    echo "<TR><TD>$char_name</TD><TD>$char_time</TD><TD>n/a</TD><TD>
+		<FORM ACTION=\"playchar.php\" METHOD=\"POST\">
+		<INPUT TYPE=\"HIDDEN\" NAME=\"CHARID\" VALUE=\"$char_id\">
+		<INPUT TYPE=\"SUBMIT\" VALUE=\"Play\">
+		</FORM></TD></TR>
+		";
+
+	    $i++;
+
+	}
+
+	echo "</TABLE>";
+    }
+
+    if ($num < $config_maxchars) { // Provide new character option
+
+	echo "<P>[<A HREF=\"$gameroot/chargen.php\">Create New
+	    Character</A>]
+	    ";
+    }
+
+} else { echo $gameseserr; } // Not logged in
+
+mysqli_close($mysqli);
+
+echo $footer;
+
+?>
+
+</BODY></HTML>
--- a/website/register.html
+++ b/website/register.html
@ -0,0 +1,45 @@
+<HTML>
+<HEAD>
+<TITLE>Frontier II - Registration</TITLE>
+</HEAD>
+<BODY BGCOLOR="#000000" TEXT="#f0f0f0">
+
+<H2 ALIGN="CENTER">Frontier II</H2>
+<H3 ALIGN="CENTER">Registration</H3>
+
+<P>If you have not read the <A HREF="rules.html">Social Contract</A>,
+please do so first. You are expected to follow these rules of conduct
+while playing Frontier.
+
+<P>When you are ready, the following information is required to create
+a new Frontier account. Please be honest! Knowing the other players
+in the game helps build a strong community and makes the game more fun
+for everyone.
+
+<FORM ACTION="newuser.php" METHOD="POST">
+<P>Real Name: <INPUT TYPE="TEXTBOX" NAME="name"><BR>
+Your name will be visible to other registered players. Please use your
+full, real name.
+
+<P>Username: <INPUT TYPE="TEXTBOX" NAME="nick"><BR>
+Your username is only used for logging into the game, and is not a
+public part of your account.
+
+<P>Password: <INPUT TYPE="TEXTBOX" NAME="pass"><BR>
+There are no password requirements (except that you must have one).
+But don't blame me if you choose one that's easily guessed.
+
+<P>Email: <INPUT TYPE="TEXTBOX" NAME="safe_email"><BR>
+Your email address will only be visible to game administrators. You
+will have an opportunity to enter a "public" email address for other
+players to see by editing your account settings after you register.
+
+<P><INPUT TYPE="CHECKBOX" NAME="agree"> I have read and agree to
+the terms of the Social Contract. (see above)
+
+<P><INPUT TYPE="SUBMIT" VALUE="Create Account"></FORM>
+
+<P><HR>
+
+<P ALIGN="CENTER"><FONT SIZE="-1">Copyright &copy; 2024 Justin Pope. All rights reserved.</FONT>
+</BODY></HTML>
--- a/website/rules.html
+++ b/website/rules.html
@ -0,0 +1,57 @@
+<HTML>
+<HEAD>
+<TITLE>Frontier II - Social Contract</TITLE>
+</HEAD>
+<BODY BGCOLOR="#000000" TEXT="#f0f0f0">
+
+<H2 ALIGN="CENTER">Frontier II</H2>
+<H3 ALIGN="CENTER">Social Contract (aka Rules of Conduct)</H3>
+
+<P>Version 1.0: Effective February 5, 2005.
+
+<P>By creating a game account, you agree to follow these rules of
+conduct. Violators of this contract may be subject to penalties ranging
+from warnings to account deletion, based on severity and frequency.
+
+<P>1. PURPOSE. These rules are designed to facilitate fair, honest,
+and respectful interactions between players. In any society, there must
+be a framework of limitations that guide behaviors, and for the
+diverse community of Frontier players, this is the universal
+framework that we can all draw upon for guidance.
+
+<P>2. INTEGRITY. You are expected to play this game without cheating.
+ Cheating is defined as any action which gives one player an unfair
+ advatage over other players, and it is not tolerated in any form.
+
+<P>3. RESPECT. As you develop your characters over time, you may have
+ the chance to taunt the enemy or develop feuds with other players.
+ Remember that there are real people behind every character in this
+ game, all of different ages and backgrounds. Keep your language
+ clean, avoid explicit topics, and be mindful of how your words may
+ affect other players.
+
+<P>4. ROLEPLAY. Narratives of your characters' lives from day to day
+ are fun for some people, but certainly not required. This isn't what
+ we mean by roleplay. We do expect you to create unique, individual
+ identities for each character you play ("ROLE"), and portray this
+ identity consistently through your character's actions, behaviors,
+ and messages ("PLAY").
+
+<P>5. FUN. The reason people play games is to have fun. Rulers
+ are entrusted with the principle means of creating and ending wars,
+ and fighting wars is the main focus of the game. Therefore, these few
+ people have the responsibility to consider the enjoyment of all
+ players in addition to personal and imperial motives of their
+ characters.
+
+<P>6. PRIVACY. Your name, and optionally, your email address, will be
+ shared with other players of the game for the purpose of enhancing
+ the entire game community. This is still considered private
+ information and may not be shared with any third parties who do not
+ have an active game account.
+
+<P><HR>
+
+<P ALIGN="CENTER"><FONT SIZE="-1">Copyright &copy; 2024 Justin Pope. All rights reserved.</FONT>
+
+</BODY></HTML>