50 lines
1.3 KiB
PHP
50 lines
1.3 KiB
PHP
<?php
|
|
|
|
session_start();
|
|
require($_SERVER['DOCUMENT_ROOT'].'/include.php');
|
|
|
|
$pid = $_SESSION['id'];
|
|
$cid = $_POST['CHARID'];
|
|
|
|
$sql = "SELECT * FROM `character` WHERE `id` = '$cid' AND
|
|
`player_id` = '$pid'";
|
|
|
|
$result = mysqli_query($mysqli, $sql) or die($gameerror . "PC-Q01");
|
|
|
|
$num = mysqli_num_rows($result);
|
|
|
|
if ($num == 1) { // PlayerID on session and character match
|
|
|
|
$_SESSION['cid'] = $cid;
|
|
session_write_close();
|
|
|
|
// update the last played field
|
|
$date = date('Y-m-d H:i');
|
|
$sql = "UPDATE `character` SET `last_date` = '$date'
|
|
WHERE id = '$cid'";
|
|
|
|
// NEED: should this reset any failure flags? how is failure handled?
|
|
|
|
mysqli_query($mysqli, $sql) or die($gameerror . "PC-Q02");
|
|
|
|
header("Location: $gameroot/game/frame.html");
|
|
|
|
} else { // PlayerID on character does not match session - bad news!
|
|
|
|
// NEED: should log this to a security failure DB, with caution to avoid password leaks.
|
|
|
|
echo "<HTML><HEAD><TITLE>Frontier II</TITLE>
|
|
</HEAD><BODY BGCOLOR=\"#000000\" TEXT=\"#f0f0f0\">
|
|
<H2 ALIGN=\"CENTER\">Frontier II</H2>
|
|
<P><FONT COLOR=\"RED\">Error!</FONT> You appear to be trying
|
|
to play a character that isn't yours! Please go to the
|
|
<A HREF=\"$gameroot/playuser.php\">player page</A>
|
|
and try again.
|
|
</BODY></HTML>";
|
|
|
|
}
|
|
|
|
mysqli_close($mysqli);
|
|
|
|
?>
|