|
1
|
|
|
<?php declare(strict_types=1); |
|
2
|
|
|
|
|
3
|
|
|
function checkShipLogo(string $filename) : void { |
|
4
|
|
|
// check if we have an image |
|
5
|
|
|
if ($_FILES['photo']['error'] != UPLOAD_ERR_OK) { |
|
6
|
|
|
create_error('Error while uploading'); |
|
7
|
|
|
} |
|
8
|
|
|
|
|
9
|
|
|
// get dimensions |
|
10
|
|
|
$size = getimagesize($_FILES['photo']['tmp_name']); |
|
11
|
|
|
if (!isset($size)) { |
|
12
|
|
|
create_error('Uploaded file must be an image!'); |
|
13
|
|
|
} |
|
14
|
|
|
|
|
15
|
|
|
// check if we really have a jpg |
|
16
|
|
|
$allowed_types = [IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG]; |
|
17
|
|
|
if (!in_array($size[2], $allowed_types)) { |
|
18
|
|
|
create_error('Only gif, jpg or png-image allowed! s = ' . $size[2]); |
|
19
|
|
|
} |
|
20
|
|
|
|
|
21
|
|
|
// check if width > MAX_IMAGE_WIDTH |
|
22
|
|
|
if ($size[0] > MAX_IMAGE_WIDTH) { |
|
23
|
|
|
create_error('Image is wider than ' . MAX_IMAGE_WIDTH . ' pixels!'); |
|
24
|
|
|
} |
|
25
|
|
|
|
|
26
|
|
|
// check if height > MAX_IMAGE_HEIGHT |
|
27
|
|
|
if ($size[1] > MAX_IMAGE_HEIGHT) { |
|
28
|
|
|
create_error('Image is taller than ' . MAX_IMAGE_HEIGHT . ' pixels!'); |
|
29
|
|
|
} |
|
30
|
|
|
if (filesize($_FILES['photo']['tmp_name']) > MAX_IMAGE_SIZE * 1024) { |
|
31
|
|
|
create_error('Image is bigger than ' . MAX_IMAGE_SIZE . 'k.'); |
|
32
|
|
|
} |
|
33
|
|
|
|
|
34
|
|
|
if (!move_uploaded_file($_FILES['photo']['tmp_name'], UPLOAD . $filename)) { |
|
35
|
|
|
create_error('Failed to upload file'); |
|
36
|
|
|
} |
|
37
|
|
|
} |
|
38
|
|
|
|
|
39
|
|
|
function checkTextShipName(string $name, int $max_len) : void { |
|
40
|
|
|
if (empty($name)) { |
|
41
|
|
|
create_error('Please enter a ship name!'); |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
// disallow certain ascii chars |
|
45
|
|
|
for ($i = 0; $i < strlen($name); $i++) { |
|
46
|
|
|
if (ord($name[$i]) < 32 || ord($name[$i]) > 127 || in_array(ord($name[$i]), array(37, 39, 59, 92, 63, 42))) { |
|
47
|
|
|
create_error('The ship name contains invalid characters! ' . chr(ord($name[$i]))); |
|
48
|
|
|
} |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
if (strlen($name) > $max_len) { |
|
52
|
|
|
create_error('That won\'t fit on your ship!'); |
|
53
|
|
|
} |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
function checkHtmlShipName(string $name) : void { |
|
57
|
|
|
//check for some bad html |
|
58
|
|
|
if (preg_match('/(\<span[^\>]*id\s*=)|(class\s*=\s*"[^"]*ajax)/i', $name) > 0) { |
|
59
|
|
|
create_error('You have used html that is not allowed.'); |
|
60
|
|
|
} |
|
61
|
|
|
$bad = array('<form', '<applet', '<a ', '<bgsound', '<body', '<meta', '<dd', '<dir', '<dl', '<!doctype', '<dt', '<embed', '<frame', '<head', '<hr', '<iframe', '<ilayer', '<img', '<input', '<isindex', '<layer', '<li', '<link', '<map', '<menu', '<nobr', '<no', '<object', '<ol', '<opt', '<p', '<script', '<select', '<sound', '<td', '<text', '<t', '<ul', '<h', '<br', '<marquee', 'size', 'width', 'height', '<div', 'width='); |
|
62
|
|
|
foreach ($bad as $check) { |
|
63
|
|
|
if (stristr($name, $check)) { |
|
64
|
|
|
$check .= '*>'; |
|
65
|
|
|
if ($check != '<h*>') { |
|
66
|
|
|
create_error(htmlentities($check, ENT_NOQUOTES, 'utf-8') . ' tag is not allowed in ship names.<br /><small>If you believe the name is appropriate please contact an admin.</small>'); |
|
67
|
|
|
} else { |
|
68
|
|
|
create_error('Either you used the ' . htmlentities($check, ENT_NOQUOTES, 'utf-8') . ' tag which is not allowed or the ' . htmlentities('<html>', ENT_NOQUOTES, 'utf-8') . ' tag which is not needed.'); |
|
69
|
|
|
} |
|
70
|
|
|
} |
|
71
|
|
|
} |
|
72
|
|
|
|
|
73
|
|
|
// Check for valid HTML by parsing the name with DOMDocument |
|
74
|
|
|
$doc = new DOMDocument(); |
|
75
|
|
|
$use_errors = libxml_use_internal_errors(true); |
|
76
|
|
|
$doc->loadHTML('<html>' . $name . '</html>'); |
|
77
|
|
|
libxml_use_internal_errors($use_errors); |
|
78
|
|
|
$error = libxml_get_last_error(); |
|
79
|
|
|
if (!empty($error)) { |
|
80
|
|
|
create_error('Your ship name must not contain invalid HTML!<br /><small>If you think you received this message in error, please contact an admin.</small>'); |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
// Make sure all tags are closed (since DOMDocument allows some tags, |
|
84
|
|
|
// e.g. <span>, to be unclosed). |
|
85
|
|
|
$opening_matches = null; |
|
86
|
|
|
preg_match_all('|<([^/>]+)>|', $name, $opening_matches); |
|
87
|
|
|
$closing_matches = null; |
|
88
|
|
|
preg_match_all('|</([^>]+)>|', $name, $closing_matches); |
|
89
|
|
|
sort($opening_matches[1]); |
|
90
|
|
|
sort($closing_matches[1]); |
|
91
|
|
|
if ($opening_matches[1] != $closing_matches[1]) { |
|
92
|
|
|
create_error('You must close all HTML tags. (i.e a <font color="red"> tag must have a </font> tag somewhere after it).<br /><small>If you think you received this message in error please contact an admin.</small>'); |
|
93
|
|
|
} |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
//----------------------------------------------------- |
|
97
|
|
|
|
|
98
|
|
|
$action = Request::get('action'); |
|
99
|
|
|
|
|
100
|
|
|
$actionHtmlShipName = 'Include HTML (' . CREDITS_PER_HTML_SHIP_NAME . ' SMR Credits)'; |
|
101
|
|
|
$actionTextShipName = 'Get It Painted! (' . CREDITS_PER_TEXT_SHIP_NAME . ' SMR Credit)'; |
|
102
|
|
|
$actionShipLogo = 'Paint a logo (' . CREDITS_PER_SHIP_LOGO . ' SMR Credits)'; |
|
103
|
|
|
|
|
104
|
|
|
if ($action == $actionHtmlShipName) { |
|
105
|
|
|
$cred_cost = CREDITS_PER_HTML_SHIP_NAME; |
|
106
|
|
|
} elseif ($action == $actionShipLogo) { |
|
107
|
|
|
$cred_cost = CREDITS_PER_SHIP_LOGO; |
|
108
|
|
|
} elseif ($action == $actionTextShipName) { |
|
109
|
|
|
$cred_cost = CREDITS_PER_TEXT_SHIP_NAME; |
|
110
|
|
|
} else { |
|
111
|
|
|
throw new Exception('Did not match an expected ship name type.'); |
|
112
|
|
|
} |
|
113
|
|
|
|
|
114
|
|
|
if ($account->getTotalSmrCredits() < $cred_cost) { |
|
115
|
|
|
create_error('You don\'t have enough SMR Credits. Donate to SMR to gain SMR Credits!'); |
|
116
|
|
|
} |
|
117
|
|
|
|
|
118
|
|
|
if ($action == $actionShipLogo) { |
|
119
|
|
|
$filename = $player->getAccountID() . 'logo' . $player->getGameID(); |
|
120
|
|
|
checkShipLogo($filename); |
|
121
|
|
|
$name = '<img style="padding:3px;" src="upload/' . $filename . '">'; |
|
122
|
|
|
} else { |
|
123
|
|
|
// Player submitted a text or HTML ship name |
|
124
|
|
|
$name = Request::get('ship_name'); |
|
125
|
|
|
if ($action == $actionTextShipName) { |
|
126
|
|
|
checkTextShipName($name, 48); |
|
127
|
|
|
$name = htmlentities($name, ENT_NOQUOTES, 'utf-8'); |
|
128
|
|
|
} else { |
|
129
|
|
|
checkTextShipName($name, 128); |
|
130
|
|
|
checkHtmlShipName($name); |
|
131
|
|
|
$container = create_container('skeleton.php', 'buy_ship_name_preview.php'); |
|
132
|
|
|
$container['ShipName'] = $name; |
|
133
|
|
|
forward($container); |
|
134
|
|
|
} |
|
135
|
|
|
} |
|
136
|
|
|
|
|
137
|
|
|
$player->setCustomShipName($name); |
|
138
|
|
|
$account->decreaseTotalSmrCredits($cred_cost); |
|
139
|
|
|
|
|
140
|
|
|
$container = create_container('skeleton.php', 'current_sector.php'); |
|
141
|
|
|
$container['msg'] = 'Thanks for your purchase! Your ship is ready!'; |
|
142
|
|
|
forward($container); |
|
143
|
|
|
|
smrealms /
smr
