Upload files to "website"

2024-09-19 03:01:23 +00:00 · 2024-09-19 03:01:23 +00:00 · 3bc1943a3f
commit 3bc1943a3f
parent 160f456ae1
5 changed files with 305 additions and 0 deletions
--- a/website/playchar.php
+++ b/website/playchar.php
@ -0,0 +1,49 @@
+<?php
+
+session_start();
+require($_SERVER['DOCUMENT_ROOT'].'/include.php');
+
+$pid = $_SESSION['id'];
+$cid = $_POST['CHARID'];
+
+$sql = "SELECT * FROM `character` WHERE `id` = '$cid' AND
+	`player_id` = '$pid'";
+
+$result = mysqli_query($mysqli, $sql) or die($gameerror . "PC-Q01");
+
+$num = mysqli_num_rows($result);
+
+if ($num == 1) { // PlayerID on session and character match
+
+    $_SESSION['cid'] = $cid;
+    session_write_close();
+
+    // update the last played field
+    $date = date('Y-m-d H:i');
+    $sql = "UPDATE `character` SET `last_date` = '$date'
+	WHERE id = '$cid'";
+
+    // NEED: should this reset any failure flags? how is failure handled?
+
+    mysqli_query($mysqli, $sql) or die($gameerror . "PC-Q02");
+
+    header("Location: $gameroot/game/frame.html");
+
+} else { // PlayerID on character does not match session - bad news!
+
+    // NEED: should log this to a security failure DB, with caution to avoid password leaks.
+
+    echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
+	</HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
+	<H2 ALIGN=\"CENTER\">Frontier II</H2>
+	<P><FONT COLOR=\"RED\">Error!</FONT> You appear to be trying
+	to play a character that isn't yours! Please go to the
+	<A HREF=\"$gameroot/playuser.php\">player page</A>
+	and try again.
+	</BODY></HTML>";
+
+}
+
+mysqli_close($mysqli);
+
+?>