Computer Science Canada :: View topic

<?php
// Enter your language (see the avaliables in the /lang directory):
$lang = "en"; // default to "en" for English -- but later select lang from users table
if(@$_COOKIE['lang']) {
$lang= $_COOKIE['lang'];
}

//removing 1st class security risk
if(file_exists('azure.cfg')){
unlink('azure.cfg');
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);

//////DATABASE CONFIG
$db[type] = 'mysql';
$db[host] = 'not important'; //DATABASE HOST
$db[user] = 'not important'; //DATABASE USERNAME
$db[pass] = 'not importantt'; //DATABASE PASSWORD
$db[name] = 'not important'; //DATABASE NAME
////////////////////////////////////////
////// DONOT EDIT BELOW /////////
///////////////////////////////////////

$connection = mysql_connect("$db[host]","$db[user]","$db[pass]") or die ("Unable to connect to MySQL server.");
$dtabse = mysql_select_db("$db[name]") or die ("Unable to select requested database.");

////// PRETTY SIMPLE, MAKE SURE URL LOCATIONS END WITH "/"
$SITE[LOCATION] = 'http://www.jcentertainment.ca/AzureGale/'; //SITE LOCATION
$SITE[IMAGE] = 'http://www.jcentertainment.ca/AzureGale/Images/'; //SITE IMAGES
$SITE[TITLE] = "AzureGale - Created by: Jeremy Poisson"; //SITE TITLE

$RACE = "Default";

if ($RACE == "Human"){
$CSS[ACTIVE] = "Stylesheet/Human.css";
} elseif ($RACE == "Orc"){
$CSS[ACTIVE] = "Stylesheet/Orc.css";
} elseif ($RACE == "Elven"){
$CSS[ACTIVE] = "Stylesheet/Elven.css";
} elseif ($RACE == "Vampire"){
$CSS[ACTIVE] = "Stylesheet/Vampire.css";
} elseif ($RACE == "Lycan"){
$CSS[ACTIVE] = "Stylesheet/Lycan.css";
} elseif ($RACE == "Fae"){
$CSS[ACTIVE] = "Stylesheet/Fae.css";
} elseif ($RACE == "Dakhan"){
$CSS[ACTIVE] = "Stylesheet/Dakhan.css";
} elseif ($RACE == "Ithon"){
$CSS[ACTIVE] = "Stylesheet/Ithon.css";
} elseif ($RACE == "Tarn"){
$CSS[ACTIVE] = "Stylesheet/Tarn.css";
} elseif ($RACE == "Dwarven"){
$CSS[ACTIVE] = "Stylesheet/Dwarven.css";
}
else {
$CSS[ACTIVE] = "Stylesheet/Default.css";
}

/////// SANITY CHECK
$query = "SELECT 1 FROM azure_characters LIMIT 1";
$result = mysql_query($query);
if (!mysql_fetch_array($result)) {
die('Missing tables in the database - please import the structure and the data.');
}

////// INITIAL SETUP
define('DEBUG',intval(@$_COOKIE['_debug']));
if(DEBUG){
error_reporting(E_ALL);
} else {
error_reporting(E_ERROR | E_PARSE);
}
//Commented out untill trials
//$PHP_AZURE_USER = @$_COOKIE["PHP_AZURE_USER"];
//$PHP_AZURE_PW = @$_COOKIE["PHP_AZURE_PW"];// for compatibility with old accounts
//$PHP_AZURE_MD5PW = @$_COOKIE["PHP_AZURE_MD5PW"];

$PHP_ADMIN_USER = @$_COOKIE["PHP_ADMIN_USER"];
$PHP_ADMIN_PW = @$_COOKIE["PHP_ADMIN_PW"];// for compatibility with old accounts
$PHP_ADMIN_MD5PW = @$_COOKIE["PHP_ADMIN_MD5PW"];

// FIXME: security hole
foreach($_GET as $key=>$value) {
$$key = get_magic_quotes_gpc() ? $value : addslashes($value);
}
foreach($_POST as $key=>$value) {
$$key = get_magic_quotes_gpc() ? $value : addslashes($value);
}

// Additional Security Check
unset($PHP_AZURE_CHARID);
unset($PHP_AZURE_CHAR);

$auth = false;
if(@$PHP_AZURE_USER && ((@$PHP_AZURE_MD5PW)||(@$PHP_AZURE_PW)) ) {
if(@$PHP_AZURE_MD5PW){
$query = "SELECT * FROM azure_users WHERE username = '$PHP_AZURE_USER' AND password = '$PHP_AZURE_MD5PW'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
}

if(!@$row){
$PHP_AZURE_MD5PW= md5(@$PHP_AZURE_PW);
$query = "SELECT * FROM azure_users WHERE username = '$PHP_AZURE_USER' AND password = '$PHP_AZURE_MD5PW'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
}

if ($row) {
$auth = true;
$lang = $row['lang'];
$result = mysql_query("SELECT * FROM azure_characters WHERE username = '$PHP_AZURE_USER'");
if ($row = mysql_fetch_array($result)) {
$PHP_AZURE_CHARID = $row['id'];
$PHP_AZURE_CHAR = $row['name'];
} else {
$PHP_AZURE_CHARID=0;
}

if(defined('AUTH')){
setcookie("PHP_AZURE_USER",$PHP_AZURE_USER,time()+17280000); // ( REMEMBERS USER NAME FOR 200 DAYS )
setcookie("PHP_AZURE_MD5PW",$PHP_AZURE_MD5PW,time()+172800); // ( REMEMBERS USER PASSWORD FOR 2 DAYS )
setcookie('lang',$lang,time()+17280000); // ( REMEMBERS LANGUAGE FOR 200 DAYS )
setcookie("PHP_AZURE_PW",0,time()-3600); // remove cookie used in version 0.88
if($_GET[play_music] == "YES") {
 $play_music = $_GET[play_music];
 setcookie("play_music",$play_music,time()+17280000);
} elseif($_GET[play_music] == "NO") {
 $play_music = $_GET[play_music];
 setcookie("play_music",$play_music,time()+17280000);
} elseif($_GET[play_music] == "") {
 $play_music = $_COOKIE[play_music];
 setcookie("play_music",$play_music,time()+17280000);
}
}
} else {
please_register(true);
}
} else {
please_register();
}

function please_register($badpass=false){
if($badpass){
?><center><?
?><hr width="10%">Bad User Name or Password<hr width="10%"><?php
?>If you do not already have a character, please Register first! <?php
?></center><?php
}

if(!defined('AUTH')){
//unset these values just in case someone decides to remove the 'exit'
unset($_COOKIE["PHP_AZURE_USER"]);
unset($GLOBALS['PHP_AZURE_USER']);
unset($GLOBALS['PHP_AZURE_CHAR']);
unset($GLOBALS['PHP_AZURE_CHARID']);
// Commented out because admin login wasn't working....needs to be fixed
// exit;
}
}
?>