-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjoin.php
More file actions
63 lines (50 loc) · 2.64 KB
/
join.php
File metadata and controls
63 lines (50 loc) · 2.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
//die("&e=19");
// Flash sends r=RoomId&id=TmpId&s=Attributes of Player String&k=Users Key
// PHP returns
// &l=Character in file we are on&p=playersInfo in this room seperated by newline
// Get all the variables and common functions
define('PROGRAM_OPEN', true); // This is to protect Included files, if they try to load it directly they may be able to by-pass some security checks, ensure they are going through the right channels
include('setup.inc.php'); // Load the Variables and Code Snippets
$k = $_POST['k'];
$id = $_POST['id'];
$s = $_POST['s'];
$r = $_POST['r'];
// Check data to make sure clean
if (!IsANumber($r)) {Dienice('&e=17','Room Number Must be a Number');}
if (!IsANumber($id)) {Dienice('&e=18','Player Number Must be a Number');}
$Attributes = CleanInput($s); // Make sure no slashes, but some configuration would already have them added
$k = CleanForDB(CleanInput($k));
ConnectDB();
// Get this Users Information and save in $User
$sql = "SELECT * FROM $Database[TablePrefix]ChatLiveUsers WHERE TmpId = '$id' AND Pass='$k'";
$result = mysql_query ($sql) or Dienice('&e=19', $sql);
$User = mysql_fetch_array($result);
mysql_free_result($result);
// Announce their entrance to this room
$filename2 = "$DataDirectory/Room$r." . date("Ymd") . ".txt";
$fp2 = @fopen ($filename2, "a"); // Open the file for writting file pointer at the end, if it does not exist, create it
if (!$fp2) {$fp2 = @fopen ($filename2, "a");} // Try again
if (!flock($fp2, 2)) {Dienice("&e=13","Text File could not be locked check permissions");}
fwrite($fp2, "$id|$Attributes|$User[Name]\n"); // Save this new command
fseek($fp2,0,SEEK_END);
$Line = ftell($fp2); // Since we just added a line, figure out what line we are on, everything after that does not matter
fclose($fp2);
// Update their information
//$Attributes = CleanForDB($Attributes);
$sql = "UPDATE $Database[TablePrefix]ChatLiveUsers SET RoomId='$r',LastCheckIn='$now',Attributes='$Attributes' WHERE TmpId = '$id' AND Pass='$k'";
$result = mysql_query ($sql) or Dienice('&e=19', $sql);
include('drop.inc.php'); // Go through the database
// Drop them out of the room they are in (if they haven't entered one then it skips over this)
if ($User[RoomId] != $r) {AnnounceDrop($User[RoomId],$id,'1');}
// Send them a list of all the players in this room
printf("&e=0&l=$Line&p=0|1|1|J|K|Bot" . "\r\n");
$sql = "SELECT * FROM $Database[TablePrefix]ChatLiveUsers WHERE RoomId = '$r'";
$result = mysql_query ($sql) or Dienice("Error in SQL statement", $sql);
if (mysql_numrows($result) > 0)
{while ($Item = mysql_fetch_array($result))
{printf("$Item[TmpId]|$Item[Attributes]|$Item[Name]\n");
}
}
mysql_close();
?>