<?php $username=""; $dbpassword=""; $database=""; $server=""; mysql_connect($server,$username,$dbpassword); @mysql_select_db($database) or die( "The database is currently down."); $password = ''; $pid = ''; $password=isset($_GET['p'])?$_GET['p']:$_COOKIE['p']; $pid=isset($_COOKIE['u'])?$_COOKIE['u']:''; setcookie("u", $pid, time()+(4 * 60 * 60)); setcookie("p", $password, time()+(4 * 60 * 60)); function sql2json($query) { $data_sql = mysql_query($query) or die("'';//" . mysql_error()); $json_str = ""; if(!$total = mysql_num_rows($data_sql)) return ''; $json_str .= "[\n"; $row_count = 0; while($data = mysql_fetch_assoc($data_sql)) { if(count($data) > 1) $json_str .= "{\n"; $count = 0; foreach($data as $key => $value) { $key = json_encode($key); $value = json_encode($value); if(count($data) > 1) $json_str .= "$key:$value"; else $json_str .= "$value"; $count++; if($count < count($data)) $json_str .= ",\n"; } $row_count++; if(count($data) > 1) $json_str .= "}\n"; if($row_count < $total) $json_str .= ",\n"; } $json_str .= "]\n"; $json_str = str_replace("\n","", $json_str); return $json_str; } function line2set($line) { $set = ''; foreach ($line as $key => $value) $set .= "`$key` = '".addslashes($value)."', "; return substr($set, 0, -2); } function process_input($data, $table) { session_cache_limiter('nocache'); header('Expires: ' . gmdate('r', 0)); header('Content-type: application/json'); if (isset($data[0]['Lifespan'])) $table = 'ZoneData'; else if (isset($data[0]['Arg1'])) mysql_query("DELETE FROM " . $table . " WHERE ZNUM = '" . (int)$data[0]['ZNUM'] . "'"); else if (isset($data[0]['MNUM'])) { $zone = (int) substr($data[0]['MNUM'], 0, -2); mysql_query("DELETE FROM " . $table . " WHERE MNUM >= " . ($zone*100) . " AND MNUM < " . (($zone+1)*100)); } else if (isset($data[0]['SNUM'])) { $zone = (int) substr($data[0]['SNUM'], 0, -2); mysql_query("DELETE FROM " . $table . " WHERE SNUM >= " . ($zone*100) . " AND SNUM < " . (($zone+1)*100)); } else { $zone = (int) substr($data[0]['VNUM'], 0, -2); mysql_query("DELETE FROM " . $table . " WHERE VNUM >= " . ($zone*100) . " AND VNUM < " . (($zone+1)*100)); } if (!$table) exit; foreach ($data as $line) { $result = ''; $line = line2set($line); $line = "REPLACE INTO " . $table . " SET ". $line; $result = mysql_query($line); if (!$result) { $arr = array('response'=>'Database Error: Save failed. Query was:'. $line); echo json_encode($arr); exit; } } $arr = array('response'=>'Success'); echo json_encode($arr); } $task = isset($_GET['task'])?$_GET['task']:''; if (!$pid && !$password) { if ($task == 'put') { $arr = array('response'=>'Database Error: Session expired. Please log in again'); echo json_encode($arr); } else echo "Authentication Error: Session expired. Please log in again."; exit; } $query = "SELECT PID, Level FROM PlayerData WHERE PID='".$pid."' and Password='".$password."'"; $result = mysql_query($query); if (!$row = mysql_fetch_row($result)) { echo "Authentication Error: Access denied. Log in with a valid Bedlam character and password."; exit; } $level = (int)$row[1]; if (!$task) { echo "Controller Error: Nothing to do."; exit; } switch ($task) { case 'getareas': if ($level == 67) $result = sql2json("SELECT z.*, '1' as CanAccess, '1' as CanEdit, (select count(*) from BEDLAM_PROD.ZoneData where VNUM = z.VNUM) as Published FROM ZoneData z ORDER BY Name"); else $result = sql2json("SELECT z.*, (select count(*) from BuilderCanAccess where PID = '".$pid."' and ZID=z.VNUM) as CanAccess, (select count(*) from BuilderCanEdit where PID = '".$pid."' and ZID=z.VNUM) as CanEdit FROM ZoneData z ORDER BY Name"); if ($result) echo $result; else echo("Database Error: This character does not have access to any areas."); break; case 'getroom': $result = sql2json("SELECT * FROM Room" . $_GET['t'] . " WHERE VNUM >= '".((int)$_GET['id'] * 100)."' AND VNUM < '".(((int)$_GET['id']+1) * 100)."'"); if ($result) echo $result; else echo("Database Alert: No room data found."); break; case 'getmob': if ($_GET['t'] == 'Objects') $result = sql2json("SELECT * FROM Mob" . $_GET['t'] . " WHERE MNUM >= '".((int)$_GET['id'] * 100)."' AND MNUM < '".(((int)$_GET['id']+1) * 100)."'"); else $result = sql2json("SELECT * FROM Mob" . $_GET['t'] . " WHERE VNUM >= '".((int)$_GET['id'] * 100)."' AND VNUM < '".(((int)$_GET['id']+1) * 100)."'"); if ($result) echo $result; else echo("Database Alert: No mob data found."); break; case 'getobj': $result = sql2json("SELECT * FROM Object" . $_GET['t'] . " WHERE VNUM >= '".((int)$_GET['id'] * 100)."' AND VNUM < '".(((int)$_GET['id']+1) * 100)."'"); if ($result) echo $result; else echo("Database Alert: No obj data found."); break; case 'getzone': $result = sql2json("SELECT * FROM Zone" . $_GET['t'] . " WHERE ZNUM = '". $_GET['id']. "'"); if ($result) echo $result; else echo("Database Alert: No zone reset data found."); break; case 'getshop': $result = sql2json("SELECT * FROM Shop" . $_GET['t'] . " WHERE SNUM >= '".((int)$_GET['id'] * 100)."' AND SNUM < '".(((int)$_GET['id']+1) * 100)."'"); if ($result) echo $result; else echo("Database Alert: No shop data found."); break; case 'put': $handle = fopen('php://input','r'); $data = fgets($handle); process_input(json_decode($data, true), $_GET['t']); break; case 'getsettings': if (!$f) $f = file_get_contents('iconmap.txt'); if ($f) echo $f; else echo("Database Error: Failed to retrieve icon map."); break; case 'getspells': $result = sql2json("SELECT NUM, Name FROM SpellData WHERE NUM < 117 ORDER BY NUM"); if ($result) echo $result; else echo("Database Error: Could not read spell data."); break; case 'getobjects': $result = sql2json("SELECT VNUM as 'v', ShortDesc as 'd' FROM ObjectData"); if ($result) echo $result; else echo("Database Error: Could not read object data."); break; case 'publish': if ($level < 67) exit; $result = mysql_query("call ZoneToProd('".(int)$_GET['id']."')"); echo $result; break; case 'sync': if ($level < 67) exit; $result = mysql_query("call ZoneFromProd('".(int)$_GET['id']."')"); echo $result; break; default: echo "Database Error: Nothing to do."; break; } ?>