Mysidia Adoptables v1.3.1[Security Release]

[Hall of Famer]

Oh wait a sec what is this about? The glitch you have after trying to manipulate the register.php and login.php files?

 

[SilverDragonTears]

No. This is a fresh install without modifying the files.

 

[Hall of Famer]

Oh a fresh install? I believe the problem is not with the script since I've installed/upgraded the script on my dev demo server for many times and never had problem leveling up/clicking adoptables.

Edit:
I visited your site and tested the levelup.php myself on one of your pets. It worked perfectly, as I was able to click it at the first time and then receive an error message when I try to click again:

So yeah, I have no idea why it was being mean to you. XD

 

[SilverDragonTears]

Well no matter who's pets I click on, I've already leveled them up.

 

[Hall of Famer]

I see what you mean, I registered an account on your site and once I click one adoptable, I will not be able to click any others and instead receive the error message saying I've leveled them up. Again this is strange as I never had the issue on my two demo sites, are you sure this is a fresh installation? I just did a fresh installation and did not have this problem. Anyway I will ask other members and see if they have the same problem as well. Thanks for bringing it up.

 

[AlexC]

Thank you so much, I wasnt aware of this css issue since the main theme never had any of them. Seems that other themes do suffer such problems, such as the elements and green themes. I fixed all of them already, and a quick note you forgot to mention that messages.php has the same css flaw as myadopts.php and profile.php. It is present whenever pagination is used.

Looks like the css font size glitch only applies to the main theme, the green theme is unaffected. Weird, but its somewhat interesting to investigate.

I actually only just figured out the messages.php one while I was testing the notification thing. xD But I fixed it there too. It could possibly even work for the profile itself, but that doesn't resolve the ID missing thing.

I see what you mean, I registered an account on your site and once I click one adoptable, I will not be able to click any others and instead receive the error message saying I've leveled them up. Again this is strange as I never had the issue on my two demo sites, are you sure this is a fresh installation? I just did a fresh installation and did not have this problem. Anyway I will ask other members and see if they have the same problem as well. Thanks for bringing it up.

I think I had this issue in 1.3.0 as well - I just tested and I don't have it now, but it sounds familiar.

 

[SilverDragonTears]

I did add in some modifications but not to the levelup script.

 

[Hall of Famer]

Are you sure about that? If so, send me the levelup.php and the modified files on your site so I may see what was the cause of your problem. Also investigate into the table prefix.voters and see if anything appears abnormal there.

 

[SilverDragonTears]

Nothing looks weird there I don't think.....
Only thing I changed here is the is_numeric thing. But I changed that on my other site and it never messed it up.
levelup.php

<?php

include("functions/functions.php");
include("functions/functions_users.php");
include("functions/functions_adopts.php");
include("inc/lang.php");


//***************//
//  START SCRIPT //
//***************//

$id = $_GET["id"];
$id = preg_replace("/[^a-zA-Z0-9s]/", "", $id);
$id = secure($id);

if($id == ""){

// If the ID is blank or non-numeric, then it is invalid...

$article_title = $err_idnoexist;
$article_content = $err_idnoexist_text;

}
else{

// We have what appears to be a valid adoptable ID, so we pull the adoptable's information from the database...
$owned_adoptable = $adopts->select("owned_adoptables", array(), "aid='{$id}'")->fetchObject();	
if($owned_adoptable->aid == $id){

// The adoptable does exist, so now we need to see if we can vote...
// We need to get the date today and the user's IP address (if is guest we use this)

$date = date('Y-m-d');

$ip = $_SERVER['REMOTE_ADDR']; 
$ip = preg_replace("/[^a-zA-Z0-9@._-]/", "", $ip);
$ip = secure($ip);

$where_clause = ($isloggedin == "yes")
                ?"adoptableid='{$id}' and username = '{$loggedinname}' and date = '{$date}'"
				:"adoptableid='{$id}' and ip = '{$ip}' and date = '{$date}'";
$voters = $adopts->select("vote_voters", array(), $where_clause)->fetchObject();	
$userstatus = getuserstatus($loggedinname);


  if($isloggedin == "yes" and $userstatus['canlevel'] == "no") $article_content .= "It appears that you have been banned from leveling up adoptables. Please contact an administrator for assistance.";   
  elseif(!is_object($voters)){

	// The number of results is still zero, so we did not vote on this adoptable yet today...
	
	// Now we see if the adoptable is frozen by its owner.  If it is, we do not level...

	if($owned_adoptable->isfrozen == "yes"){

	$article_title = $lang_isfrozen_title;
	$article_content = $lang_isfrozen_explain;

	}
	else{

	  // Adoptable is NOT frozen, so I think we can actually proceed with the leveling up of this adoptable...
	  $newclicks = $owned_adoptable->totalclicks + 1; // Add 1 click to the current click total of this adoptable...

	  // Actually insert our click information into the database...
      $adopts->update("owned_adoptables", array("totalclicks" => $newclicks), "aid='{$id}'");

	  // Now we need to update our vote_voters table with the user's vote...
	  $adopts->insert("vote_voters", array("void" => NULL, "date" => $date, "username" => $loggedinname, "ip" => $ip, "adoptableid" => $id));

	  // Now we need to see if we actually level this adoptable up, see if another level actually exists...

	  $nextlevelexists = getnextlevelexists($owned_adoptable->type, $owned_adoptable->currentlevel);

	  if($nextlevelexists == "true"){

	    // A higher level does exist, so we see if it is time to level up
	    $nextlevel = $owned_adoptable->currentlevel + 1;
        $level = $adopts->select("levels", array(), "adoptiename='{$owned_adoptable->type}' and thisislevel='{$nextlevel}'")->fetchObject();	
	
	    // Check if the number of clicks we have now is greater than or equal to the required clicks to level up...
	    if($newclicks >= $level->requiredclicks and $level->requiredclicks != 0 and $level->requiredclicks != ""){

	      // We need to level this adoptable up...
	      $adopts->update("owned_adoptables", array("currentlevel" => $nextlevel), "aid='{$id}'");
	
	      // Now we check if we are enabling alternate images...	
	      $parentid = converttypetoparentid($owned_adoptable->type); // Get the ID of the parent type adoptable
	      $altstatus = getaltstatus($parentid, $id, $nextlevel); // Check if we are using alternate images or not...

	      if($altstatus == "yes") $adopts->update("owned_adoptables", array("usealternates" => 'yes'), "aid='{$id}'");
	      // Now we can see if the adoptable's owner gets a reward, the reward function will take care of sending out any reward that exists...
	      $rewardstatus = reward($id, $owned_adoptable->type, $nextlevel, $owned_adoptable->owner);
	    } // End the if statement if we are leveling the adoptable up	
	  }

	  // Show a thank you message along with the adoptable's information to the user...
	  $image = getcurrentimage($id); // Get the current image of the adoptable...
	  $article_title = $lang_gave."{$owned_adoptable->name} one ".$lang_unit;
	  $article_content = "<img src='{$image}'><br>{$lang_gave}{$owned_adoptable->name}	one {$lang_unit}.<br>".$lang_levelup_encourage;	
	} // Adoptable is not frozen, end isfrozen else check
 
    if($owned_adoptable->isfrozen == "no"){ 
	  $reward = clickreward(grabanysetting('rewardmoney'), $GLOBALS['username'], $GLOBALS['money']);
	  $newamount = $GLOBALS['money'] + $reward;
	  $adopts->update("users", array("money" => $newamount), "username = '{$loggedinname}'");
	  $article_content = $article_content . "<div align='center'><br />You have earned {$reward} ".grabanysetting('cost')." for leveling up this adoptable. <br />You now have {$newamount} ".grabanysetting('cost')."</div>";
    }

  }
  else{

	// We already voted on this adoptable today, so show an error...

	if($isloggedin == "yes"){
		$article_title = $lang_alreadyleveled_title;
		$article_content = $lang_member_alreadyleveled;
	}
	else{
		$article_title = $lang_alreadyleveled_title;;
		$article_content = $lang_guest_alreadyleveled;
	}
  }
}
else{

// Adoptable is invalid, show an error...

$article_title = $err_idnoexist;
$article_content = $err_idnoexist_text;

}



} // End the ID is not blank and is numeric else check


//***************//
//  OUTPUT PAGE  //
//***************//

echo showpage($article_title, $article_content, $date);

?>

 

[Hall of Famer]

Yeah, it does not look any different from mine. Id recommend you to debug the codes then, and see if any variables are assigned with incorrect values. Assume you have not clicked a pet, the object $voters should be nonexistent and the property $voters->void should be absent. Now find this line:

$article_content = $lang_member_alreadyleveled;

Replace with:

$article_content = $lang_member_alreadyleveled; 	
$article_content .= "The record is stored as {$voters->void} in the voters table.";

Give a try on your site and see what message you receive.

 

[SilverDragonTears]

Ok clicked one and it let me level: You already leveled this adoptable today. You may only level an adoptable once per day. Please come back tomorrow to level this adoptable again.The record is stored as 547 in the voters table.

Clicked another and got this (that I hadn't leveled)
ou already leveled this adoptable today. You may only level an adoptable once per day. Please come back tomorrow to level this adoptable again.The record is stored as 39 in the voters table.

 

[Hall of Famer]

I see, now it is possible that something is wrong with your table prefix.voters, the very last one from your database. Take a look at the row with void '39' and '547', chances are the record of you clicking on these adoptables were already stored in database. Its weird though, no way it should occur with the way I designed the script...

 

[SilverDragonTears]

Should I empty it?

Derp. It was the adoptid. You know how I have letters? Forgot to change it in that db :/

 

[Hall of Famer]

Ah I see. I did some test myself and it seems to be working too, glad you figured it out on your own. At least, well, I know for sure this is not a glitch with the new script. I was quite worried before. XD

 

[SilverDragonTears]

Darn me and my need for letter codes Everyone is ok with the site re install. The new pound features are really neat and I saved everyone's dragons so it's all good. But now I have to get use to another new way of coding, lol. How do I join tables?

 

[Hall of Famer]

I see, glad it works out nicely, thought your members will be angry at the fact that they have to start over again. I do recommend you to be careful next time, you have an active site running already so the cost of rebuilding your site is immensely high compared to those who do not have much activity going on.

Actually the old code still works, you can write $query = "' and run it with $adopts->query(). Thats the beauty of the database class, it has backward compatibility. The new methods are really easy to use though, if you want to learn. The below code demonstrates such an example:

$row = $adopts->join("users_status", "users_status.uid = users.uid")->join("users_profile", "users_profile.uid = users.uid")
                ->join("users_options", "users_options.uid = users.uid")->join("users_contacts", "users_contacts.uid = users.uid")
                ->select("users", array(), constant("PREFIX")."users.username = '{$user}'")->fetchObject();

So the script means you are joining the table users, users_contacts, users_options, users_profile and users_status with records that share the same user id, the where clause is username = $user. Note the current join() method has a tiny bit of problem, as you have to use ".constant('PREFIX')." in the statement. The idea of this database class is to get rid of having to play with table prefixes though, and we will fix it soon.

 

[SilverDragonTears]

Hmm having some issues with it. I want to join owned_adoptables and adoptables... not sure really how to write it out though. I need currentlevel from owned_adoptables and description, hatchdescript, hatchmdescript and adult descript from adoptables.

 

[Hall of Famer]

The code should look like this:

$pet = $adopts->join("adoptables", "adoptables.type = owned_adoptables.type")->select("owned_adoptables", array(), constant("PREFIX")."owned_adoptables.aid = '{$aid}'")->fetchObject();

The script means that you are joining tables adoptables and owned_adoptables by referencing the field 'type', which is supposed to be the same for each row fetched from database. The new script allows you to chain class methods by fetching object or array directly after a select query is used, so you do not need to write separate lines for mysql select codes. After applying the codes above, all you have to do is to retrieve the properties such as:

$pet->id //The adoptables species id from table prefix.adoptables
$pet->description // The adoptables species description from table prefix.adoptables
$pet->currentlevel // The adoptables currentlevel from table prefix.owned_adoptables
$pet->totalclicks // The adoptables totalclicks from table prefix.owned_adoptables

If you want to join another table, just use the join() method twice in the script and chain them with select() and fetchObject() methods, it will work out nicely too.

And btw the script now wont autoban your user unless they try to adopt pets that have been taken away from pound center one day ago or earlier. In future I may improve this performance by allowing admins to determine how long this 'session' is going to be. Of course if you have a user trying to adopt a pet that has been adopted one day ago, he/she is most likely a cheater/hacker using inspect element(unless he/she takes a day to adopt a pound pet, which is stupid I say?). XD

 

[KaceKuma]

I did everything you said to do to upgrade my sire from 1.3.0 to 1.3.1 and something is wrong :\ Everytime I try to login it just says I have a programing error...help?!

Snapshot: http://www.iaza.com/work/120410C/iaza18671524773200.png

Code of Login Page:

<?php

include("functions/functions.php");
include("functions/functions_users.php");
include("inc/lang.php");

//***************//
// START SCRIPT //
//***************//

if($isloggedin == "yes"){

$article_title = $langislog;
$article_content = $langislogfull;

}
else{

//User is not logged in, so let's attempt to log them in...

$username = $_POST["username"];
$username = secure($username);
$password = $_POST["password"];
$password = secure($password);
$salt = $_POST["salt"];
$salt = secure($salt);

//User is not logged in

$loginform = "<form name='form1' method='post' action='login.php'>
<p>Username:
<input name='username' type='text' id='username'>
</p>
<p>Password:
<input name='password' type='password' id='password'>
</p>
<p>
<input type='submit' name='Submit' value='Submit'>
</p>
<p>Don't have an account?<br>
<a href='register.php'>Register Free</a> </p>
<a href='forgotpass.php'>Forgot your password? Click Here</a>
</form>";



if($loggedinname == "" and $password == ""){
// User is viewing login form
$article_title = "Member Login:";

$article_content = $loginform;
}
else if(($username != "" and $password == "") or ($username == "" and $password != "") ){

//Something was left blank
$article_title = "Login Error:";
$article_content = "Something was left blank. Please try logging in again.<br><br>{$loginform}";

}
else if($username != "" and $password != ""){
// Try to log the user in

$user = $adopts->select("users", array(), "username = '{$username}'")->fetchObject();
$password = passencr($username, $password, $user->salt);

if($username == $user->username and $password == $user->password){
$article_title = "Login Successful!";
$article_content = "Welcome back {$username}. You are now logged in. <a href='account.php'>Click Here to view or edit your account.</a>";

// Set the cookie
$Month = 2592000 + time();
// Convert from username to uid to secure data, no need for password since it is already hashed.
$uid = usernametouid($username);
$session = session_id();
$myssession = md5($uid.$session);
setcookie("mysuid",$uid,$Month);
setcookie("myssession",$myssession,$Month);

// Now update the user login session
$adopts->update("users", array("session" => $myssession), "username = '{$username}'");

// Time for forum-integration check
include("inc/config_forums.php");
if($mybbenabled == 1){
include_once("functions/functions_forums.php");
$forums = new Database($mybbdbname, $mybbhost, $mybbuser, $mybbpass, $mybbprefix) or die("Cannot connect to forum database, please contact an admin immediately.");
$mybbuser = $forums->select("users", array("uid", "loginkey"), "username = '{$username}'")->fetchObject();
$cookiesettings = array();
$cookiesettings['cookiedomain'] = $forums->select("settings", array("value"), "name = 'cookiedomain'")->fetchColumn();
$cookiesettings['cookiepath'] = $forums->select("settings", array("value"), "name = 'cookiepath'")->fetchColumn();
$cookiesettings['cookieprefix'] = $forums->select("settings", array("value"), "name = 'cookieprefix'")->fetchColumn();
mybbsetcookie("mybbuser", $mybbuser->uid."_".$mybbuser->loginkey, NULL, true, $cookiesettings);

$mybbsid = mybb_random_str(32);
mybbsetcookie("sid", $mybbsid, -1, true);
}
}
else{
$article_title = "Login Failed!";
$article_content = "Sorry, we could not log you on with the details specified. You can <a href='login.php'>try again</a> or <a href='forgotpass.php'>request a password reset.</a>";
$fail = 1;
}
}




}


//***************//
// OUTPUT PAGE //
//***************//

echo showpage($article_title, $article_content, $date);

?>

 

[SilverDragonTears]

No, what I'm trying to do is if an adopt is a certain currentlevel, then show a certain description...

if($row->currentlevel == '6') {
$article_content .="<p align='justify'>{$row->adultdescript}";
}else if($row->currentlevel == '5') {
$article_content .="<p align='justify'>{$row->hatchmdescript}";
}else if($row->currentlevel == '4') {
$article_content .="<p align='justify'>{$row->hatchdescript}";
}else if($row->currentlevel <= '3') {
$article_content .="<p align='justify'>{$row->description}";
}