accmngr.php | searchcode

/accmngr.php

https://github.com/nandor/myGreenTown
PHP | 188 lines | 149 code | 39 blank | 0 comment | 32 complexity | f8152689e900e9ebaa556656ff8a9824 MD5 | raw file

<?php
	include 'include/lang.php';
	include 'include/config.php';
	include 'include/lib.php';
	include 'include/usr.class.php';
	include 'include/db.php';
	@session_start ();
	
	if (isset ($_POST['cmd'])) {
	    switch ($_POST['cmd']) {
	        case 'register':
	        {
	            if (!isset ($_POST['name'], $_POST['pass'])) {
	                echo __("Server error"); exit ();
	            }
	            
	            if ($_POST['captcha'] != $_SESSION['captcha']) {
	                echo __("Invalid verification text entered!"); exit ();
	            }
	            
			    $db = mysql_query ("SELECT id FROM user WHERE `name` = '{$_POST['name']}';");
			    if (mysql_num_rows($db) != 0) {
			        echo __("Username is already used!"); exit ();
			    }
			     
			    $name = trim ($_POST['name']); 
		
			    if (!valid_name ($name)) {
			        echo __("Invalid username!"); exit ();
			    }   
		
			    $name = mysql_real_escape_string ($name);
			    $pass = mysql_real_escape_string ($_POST['pass']);
						
	       		$achievDone   = "";
	       		for($i = 0; $i < 32; $i++)
	       			$achievDone   .= "00";
	       			
	       		mysql_query ("ALTER TABLE user AUTO_INCREMENT = 1;");
					       		
			    $townID = addTown ("{$_POST['name']}ville");
			
	       		mysql_query ("INSERT INTO user(`name`, `pass`, `townID`, `achiev`) VALUES ('$name', '$pass', '$townID', 0x$achievDone);");
	       		
		        echo "ok";			    
		        break;
	        }
		    case 'changeName':
		    {
		        if (!isset ($_POST['newName'])) {
		            echo __("Game error!"); exit ();
		        }
		        
		        if (!($usr = initUser ())) {
		            echo __("You cannot access this page!");
		        }
		        
			    $name = $usr->name;
			
			    $newName = trim ($_POST['newName']); 	
						
			    if (!valid_name ($newName)) {
			        echo __("Invalid username!"); exit ();
			    }   
			
			    if (mysql_num_rows(mysql_query ("SELECT * FROM user WHERE name = '$newName';")) > 0) {
			        echo __("Username is already used!"); exit ();
			    }
										
			    mysql_query ("UPDATE user SET `name`= '$newName' WHERE `name` = '$name';");
						
			    $usr->name = $newName;
			    
			    if (isset ($_COOKIE['userName'])) {
			        setCookie ("userName", $usr->name, time() + 3600000);
			    }
			    echo "ok";
			
			    break;
		    }
			case 'changePass':
			{
			    if (!isset ($_POST['newPass'], $_POST['pass'])) {
			        echo __("Game error!"); exit ();
			    }
			    
			    if (!($usr = initUser ())) {
		            echo __("You cannot access this page!");
		        }
		         
				$name = $usr->name;
				$pass = $usr->pass;
				
				$passOld = mysql_real_escape_string ($_POST['pass']);
				$passNew = mysql_real_Escape_string ($_POST['newPass']);
								
				if ($passOld != $pass) {
				    echo __("Invalid password!"); exit ();
				}
				
				mysql_query ("UPDATE user SET `pass`= '$passNew' WHERE `name`= '$name';");
			
				$usr->pass = $passNew;
				
				if (isset ($_COOKIE['userName'])) {
				    setCookie ("userName", $usr->name, time() + 3600000);
				    setCookie ("userPass", $usr->pass, time() + 3600000);
				}
				
				echo "ok";
				break;
			}
			case 'addtown':
			{
				if (!isset ($_POST['name'])) {
				    echo __("Game error!"); exit ();
				}
				
				$newName = mysql_real_escape_string ($_POST['name']);
				
				if (!valid_name ($newName, false)) {
			        echo __("Invalid name!"); exit ();
			    }  
			    
				if (!($usr = initUser ())) {
		            echo __("You cannot access this page!");
		        }
				
				if ($usr->numTown > MAXTOWN) {
				    echo __("You have too many towns!"); exit ();
				}
				
				$newTownID = addTown ($newName);
				
				mysql_query ("UPDATE user SET `townID` = CONCAT(`townID`, ',{$newTownID}') WHERE `id`= '{$usr->id}';");
				echo "ok";
				break;
			}
			case 'deleteTown':
			{
			    if (!isset ($_POST['town'])) {
			        echo __("Game error!"); exit ();
			    }
			    
			    if (!($usr = initUser ())) {
		            echo __("You cannot access this page!");
		        }					
				$id = intval ($_POST['town']);
				
				if (!$usr->hasTown ($id)) {
				    echo __("You don't own that town!"); exit ();
				}
				
				if ($usr->numTown == 1) {
					echo __("You can't delete your last town!"); exit ();
				}
				
				mysql_query("DELETE FROM `town` WHERE `id` = '$id';");
				
				$i = 0;
				$newArray = "";
				foreach($usr->towns as $town) {
					$currentID = $town->id;
					if($currentID != $id) {
						if($i != 0) {
							$newArray .= ',';
						} else {
							$i = 1;
						}
						$newArray .= $currentID;
					}
				}
				mysql_query("UPDATE `user` SET `townID`= '$newArray' WHERE `id`= '{$usr->id}';");
				echo "ok";
				break;
			}
			default:
			{
			    echo __("Invalid command!");
			    break;
			}
        }
	} else {
	    echo __("Server error");
	}	
	
	mysql_close ();
?>