<?php
header("content-type: text/html; charset=utf-8");
// admin : galatool = default Zugang
session_start();
include "secret/config.php";
chdir('secret');
include "attributes.php";
include "session_handler.inc.php";
chdir('../');

if (isset($_GET['logout'])) {
	// unset session at session handler
	log_out();

	unset($_SESSION['s_systems']);
	unset($_SESSION['s_lastweek']);
	unset($_SESSION['s_too_old']);
	unset($_SESSION['s_req_user']);
	unset($_SESSION['s_notices']);
	unset($_SESSION['s_players']);
	unset($_SESSION['s_allies']);
	unset($_SESSION['s_reports']);
	unset($_SESSION['s_umods']);
	unset($_SESSION['s_moons']);
	unset($_SESSION['s_raidable']);
	unset($_SESSION['s_empty_systems']);
	unset($_SESSION['s_full_systems']);
	unset($_SESSION['s_minimumresources']);
	unset($_SESSION['s_spioarray']);

	unset($_SESSION['s_username']);
	unset($_SESSION['s_userid']);
	unset($_SESSION['s_ogame_playerid']);
	unset($_SESSION['s_loggedin']);
	unset($_SESSION['s_stylepath']);
	unset($_SESSION['s_timezone_offset']);

	unset($_SESSION['s_isadmin']);
	unset($_SESSION['s_serverurl']);
	unset($_SESSION['s_cansearch']);
	unset($_SESSION['s_caninsert']);
	unset($_SESSION['s_statusview']);
	unset($_SESSION['s_probeview']);
	unset($_SESSION['s_userman']);
	unset($_SESSION['s_allyhistory']);
	unset($_SESSION['s_diplomatic']);

	unset($_SESSION['s_hits']);
	unset($_SESSION['s_statspage']);

	unset($_SESSION['s_bb_coordinates']);
	unset($_SESSION['s_bb_moon']);
	unset($_SESSION['s_bb_debris']);
	unset($_SESSION['s_bb_ally']);
	unset($_SESSION['s_bb_allydetails']);
	unset($_SESSION['s_bb_playername']);
	unset($_SESSION['s_bb_banned']);
	unset($_SESSION['s_bb_vacation']);
	unset($_SESSION['s_bb_noob']);
	unset($_SESSION['s_bb_inactive']);
	unset($_SESSION['s_bb_longinactive']);
	unset($_SESSION['s_additional_links']);
	unset($_SESSION['s_global_links']);
}

if (isset($_GET['language'])) {
	unset($_SESSION['lang']);
	switch ($_GET['language']) {
		case "german"    : $_SESSION['lang']="german"; break;
		case "english"   : $_SESSION['lang']="english"; break;
		case "spanish"   : $_SESSION['lang']="spanish"; break;
		case "dutch"     : $_SESSION['lang']="dutch"; break;
		case "balkan"    : $_SESSION['lang']="balkan"; break;
		case "french"    : $_SESSION['lang']="french"; break;
		case "portugues" : $_SESSION['lang']="portugues"; break;
		case "polish"    : $_SESSION['lang']="polish"; break;
		case "italian"   : $_SESSION['lang']="italian"; break;
		case "turkish"   : $_SESSION['lang']="turkish"; break;
		case "danish"    : $_SESSION['lang']="danish"; break;
		case "brazilian" : $_SESSION['lang']="brazilian"; break;
		case "russian"   : $_SESSION['lang']="russian"; break;
		case "swedish"   : $_SESSION['lang']="swedish"; break;
		case "greek"     : $_SESSION['lang']="greek"; break;
		case "romanian"  : $_SESSION['lang']="romanian"; break;
		case "hungarian" : $_SESSION['lang']="hungarian"; break;
		case "czech"     : $_SESSION['lang']="czech"; break;
		case "korean"    : $_SESSION['lang']="korean"; break;
		case "norwegian" : $_SESSION['lang']="norwegian"; break;
		case "taiwan"    : $_SESSION['lang']="taiwan"; break;
		case "japan"     : $_SESSION['lang']="japan"; break;
		case "chinese"   : $_SESSION['lang']="chinese"; break;
		case "bulgarian" : $_SESSION['lang']="bulgarian"; break;
		case "lithuanian" : $_SESSION['lang']="lithuanian"; break;
		case "latvian"   : $_SESSION['lang']="latvian"; break;
		case "finnish"   : $_SESSION['lang']="finnish"; break;
		default          : $_SESSION['lang']="german"; break;
	}
}

if (!isset($_SESSION['lang'])) {
	$_SESSION['lang'] = $default_language;
}

switch ($_SESSION['lang']) {
	case "german"    : include "languages/german.inc.php"; break;
	case "english"   : include "languages/english.inc.php"; break;
	case "spanish"   : include "languages/spanish.inc.php"; break;
	case "dutch"     : include "languages/dutch.inc.php"; break;
	case "balkan"    : include "languages/balkan.inc.php"; break;
	case "french"    : include "languages/french.inc.php"; break;
	case "portugues" : include "languages/portugues.inc.php"; break;
	case "polish"    : include "languages/polish.inc.php"; break;
	case "italian"   : include "languages/italian.inc.php"; break;
	case "turkish"   : include "languages/turkish.inc.php"; break;
	case "danish"    : include "languages/danish.inc.php"; break;
	case "brazilian" : include "languages/brazilian.inc.php"; break;
	case "russian"   : include "languages/russian.inc.php"; break;
	case "swedish"   : include "languages/swedish.inc.php"; break;
	case "greek"     : include "languages/greek.inc.php"; break;
	case "romanian"  : include "languages/romanian.inc.php"; break;
	case "hungarian" : include "languages/hungarian.inc.php"; break;
	case "czech"     : include "languages/czech.inc.php"; break;
	case "korean"    : include "languages/korean.inc.php"; break;
	case "norwegian" : include "languages/norwegian.inc.php"; break;
	case "taiwan"    : include "languages/taiwan.inc.php"; break;
	case "japan"     : include "languages/japan.inc.php"; break;
	case "chinese"  : include "languages/chinese.inc.php"; break;
	case "bulgarian"  : include "languages/bulgarian.inc.php"; break;
	case "lithuanian" : include "languages/lithuanian.inc.php"; break;
	case "latvian"   : include "languages/latvian.inc.php"; break;
	case "finnish"   : include "languages/finnish.inc.php"; break;
	default          : include "languages/german.inc.php"; break;
}

$path = $_SERVER['PHP_SELF'];
$pos = strrpos($path,"/");
$path = substr($path,0,$pos+1);

if (isset($_POST['username']) && isset($_POST['pass'])) {
	$loginfailure = true;
	mysql_connect($dbhost,$dbusername,$dbpassword) or die(mysql_error());
	mysql_select_db($dbname) or die(mysql_error());
	$username = preg_replace("/[^a-zA-Z0-9äÄöÖüÜß_\s\-\.]/","",$_POST['username']);
	$userpass = preg_replace("/[^a-zA-Z0-9äÄöÖüÜß_\s\-\.]/","",$_POST['pass']);
	$query = "SELECT u.*,p.waffentech, p.schildtech,p.rpz,p.vbt,p.hra,p.impulse FROM $utablename u
		      LEFT JOIN $playertable p ON (u.ingame = p.playername)
	          WHERE username='$username' AND userpass=md5('$userpass') and status='active'";
	$res = mysql_query($query) or die(mysql_error());

	if (mysql_num_rows($res) > 0) {
		$line = mysql_fetch_object($res);
	
		IF (isset($_SESSION['s_serverurl']) && ($_SESSION['s_serverurl'] != $_SERVER['HTTP_HOST'].$path) ) {
			echo "running backup...<br>";
			backup_session();
		}
		// don't forget session_handler.inc.php!

		$_SESSION['s_username']        = $line->username;
		$_SESSION['s_userid']          = $line->id;
		$_SESSION['s_ogame_playerid']  = $line->ogame_playerid;
		$_SESSION['s_loggedin']        = true;
		$_SESSION['s_stylepath']       = $line->stylepath;
		$_SESSION['s_timezone_offset'] = $line->timezone_offset;

		// websim data
		$_SESSION['s_waffentech'] = (empty($line->waffentech)) ? 0 : $line->waffentech;
		$_SESSION['s_schildtech'] = (empty($line->schildtech)) ? 0 : $line->schildtech;
		$_SESSION['s_rpz']        = (empty($line->rpz)) ? 0 : $line->rpz;
		$_SESSION['s_vbt']        = (empty($line->vbt)) ? 0 : $line->vbt;
		$_SESSION['s_hra']        = (empty($line->hra)) ? 0 : $line->hra;
		$_SESSION['s_impulse']    = (empty($line->impulse)) ? 0 : $line->impulse;

		$_SESSION['s_serverurl']   = $_SERVER['HTTP_HOST'].$path;
		$_SESSION['s_isadmin']     = ($line->is_admin =="true") ? true : false;
		$_SESSION['s_cansearch']   = ($line->cansearch =="true") ? true : false;
		$_SESSION['s_caninsert']   = ($line->caninsert =="true") ? true : false;
		$_SESSION['s_statusview']  = ($line->statusview =="true") ? true : false;
		$_SESSION['s_probeview']   = ($line->probeview =="true") ? true : false;
		$_SESSION['s_userman']     = ($line->userman =="true") ? true : false;
		$_SESSION['s_allyhistory'] = ($line->allyhistory =="true") ? true : false;
		$_SESSION['s_diplomatic']  = ($line->diplomatic =="true") ? true : false;

		$_SESSION['s_hits']		  = 20;
		$_SESSION['s_statspage']  = $line->statspage;
		$loginfailure = false;


		// personal links
		$addinonal_links_lines = explode("\n",$line->links);
		$_SESSION['s_additional_links'] = array();
		foreach ($addinonal_links_lines as $link_line) {
			$line_parts = explode(";",$link_line);
			if (count($line_parts) == 2) {
				if (trim($line_parts[1]) == "") {
					array_push($_SESSION['s_additional_links'],array(trim($line_parts[0])));
				} else {
					if (substr($line_parts[1],0,7) != "http://" && substr($line_parts[1],0,8) != "https://") {
						$line_parts[1] = "http://".$line_parts[1];
					}
					array_push($_SESSION['s_additional_links'],array(trim($line_parts[0]),trim($line_parts[1])));
				}
			}
		}

		if (count($_SESSION['s_additional_links']) == 0) {
			array_push($_SESSION['s_additional_links'],array("Ogame","http://www.ogame.de"));
		}
		unset($addinonal_links_lines);
		unset($line_parts);
		unset($link_line);

		// colors
		$_SESSION['s_bb_coordinates']  = $line->bb_coordinates;
		$_SESSION['s_bb_moon']         = $line->bb_moon;
		$_SESSION['s_bb_debris']       = $line->bb_debris;
		$_SESSION['s_bb_ally']         = $line->bb_ally;
		$_SESSION['s_bb_allydetails']  = $line->bb_allydetails;
		$_SESSION['s_bb_playername']   = $line->bb_playername;
		$_SESSION['s_bb_banned']       = $line->bb_banned;
		$_SESSION['s_bb_vacation']     = $line->bb_vacation;
		$_SESSION['s_bb_noob']         = $line->bb_noob;
		$_SESSION['s_bb_inactive']     = $line->bb_inactive;
		$_SESSION['s_bb_longinactive'] = $line->bb_longinactive;


		// global links - from admin account
		if ($_SESSION['s_isadmin'] != true) {
			$query = "SELECT * FROM $utablename WHERE is_admin='true'";
			$res = mysql_query($query) or die(mysql_error());
			if (mysql_num_rows($res) > 0) {
				$line = mysql_fetch_object($res);
				$global_links_lines = explode("\n",$line->links);
				$_SESSION['s_global_links'] = array();
				foreach ($global_links_lines as $link_line) {
					$line_parts = explode(";",$link_line);
					if (count($line_parts) == 2) {
						if (trim($line_parts[1]) == "") {
							array_push($_SESSION['s_global_links'],array(trim($line_parts[0])));
						} else {
							if (substr($line_parts[1],0,7) != "http://" && substr($line_parts[1],0,8) != "https://") {
								$line_parts[1] = "http://".$line_parts[1];
							}
							array_push($_SESSION['s_global_links'],array(trim($line_parts[0]),trim($line_parts[1])));
						}

					}
				}
			} // else - no amin account any more
		}
	}
	if (!$loginfailure) {
		$query = "UPDATE $utablename SET logins=logins+1, lastlogin=NOW() WHERE id='".$_SESSION['s_userid']."'";
		$res = mysql_query($query) or die(mysql_error());
		$query = "INSERT INTO $iptablename (userid,ip,logintime) VALUES ('".$_SESSION['s_userid']."','".$_SERVER['REMOTE_ADDR']."',NOW())";
		$res = mysql_query($query) or die(mysql_error());
		$query = "SELECT id FROM $iptablename WHERE userid='".$_SESSION['s_userid']."' ORDER BY logintime ASC";
		$res = mysql_query($query) or die(mysql_error());
		if (mysql_num_rows($res) > 50) {
			$number = mysql_num_rows($res);
			$where = " id IN (";
			$i = 0;
			while ($line = mysql_fetch_object($res)) {
				if ($i < ($number-50)) $where .= $line->id.",";
				else break;
				$i++;
			}
			$where = substr($where,0,strlen($where)-1).")";
			$query = "DELETE FROM $iptablename WHERE ".$where;
			$res = mysql_query($query) or die(mysql_error());
		}
	}
}


if (!isset($_SESSION['s_loggedin']) || $_SESSION['s_loggedin'] && $_SESSION['s_serverurl'] != $_SERVER['HTTP_HOST'].$path) { // Loginseite
?>
<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title><?php echo PROGRAM_NAME." ".VERSION; ?></title>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="secret/styles.css" />
</head>
<body>
<form action="index.php" method="POST">
<table class="standard" cellpadding="0" cellspacing="0" border="0" style="margin-top:200px; width:250px;" align="center">
<tr class="firstcolor"><td colspan="2" align="center" class="tblhead"><?php echo PROGRAM_NAME." ".VERSION; ?> - Login</td></tr>
<?php
if (isset($loginfailure) && $loginfailure) echo "<tr class=\"firstcolor\"><td colspan=\"2\" class=\"failure\">".L_LOGINFAILURE."</td></tr>\n";
if (isset($_GET['timeout'])) echo "<tr class=\"firstcolor\"><td colspan=\"2\" class=\"failure\">".L_TIMEOUT."</td></tr>\n";

?>
<tr class="firstcolor"><td colspan="2" align="center"><?php echo $owner; ?></td></tr>
<tr class="firstcolor"><td colspan="2" align="center">&nbsp;</td></tr>
<tr class="firstcolor"><td style="padding-top:5px; padding-left:5px;"><?php echo L_USERNAME; ?>:</td><td style="padding-top:5px;"><input class="textfield" type="text" name="username" size="20" maxlength="20" /></td></tr>
<tr class="firstcolor"><td style="padding-top:5px; padding-left:5px;"><?php echo L_PASSWORD; ?>:</td><td style="padding-top:5px;"><input class="textfield" type="password" name="pass" size="20" maxlength="20" /></td></tr>
<tr class="firstcolor"><td colspan="2" align="center" style="padding-top:5px;"><input class="button" type="submit" name="OK" value="OK" /></td></tr>
<tr class="firstcolor"><td colspan="2" align="center"><br><?php echo L_LANGUAGE; ?><br />
<a href="index.php?language=german"><img src="images/ger-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=english"><img src="images/en-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=spanish"><img src="images/es-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=dutch"><img src="images/dutch-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=balkan"><img src="images/balkan-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=french"><img src="images/french-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=portugues"><img src="images/pt-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=polish"><img src="images/pl-icon.gif" border="0"></a><br />
<a href="index.php?language=italian"><img src="images/it-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=turkish"><img src="images/tk-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=danish"><img src="images/dk-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=brazilian"><img src="images/br-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=russian"><img src="images/ru-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=swedish"><img src="images/sw-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=greek"><img src="images/gr-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=romanian"><img src="images/ro-icon.gif" border="0"></a></ br>
<a href="index.php?language=hungarian"><img src="images/hu-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=czech"><img src="images/cz-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=korean"><img src="images/kr-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=norwegian"><img src="images/no-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=taiwan"><img src="images/tw-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=japan"><img src="images/jp-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=chinese"><img src="images/cn-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=bulgarian"><img src="images/bg-icon.gif" border="0"></a><br />
<a href="index.php?language=lithuanian"><img src="images/lt-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=latvian"><img src="images/lv-icon.gif" border="0"></a>&nbsp;
<a href="index.php?language=finnish"><img src="images/fi-icon.gif" border="0"></a>
</td></tr>
<tr class="firstcolor"><td colspan="2">&nbsp;</td></tr>
<tr class="firstcolor"><td align="center"><a class="link" href="register.php"><?php echo L_REGISTER; ?></a></td>
<td align="center"><a class="link" href="lost_password.php"><?php echo L_PWLOST; ?></a></td>
</tr>
</table>
</form>
</body>
</html>
<?php
} else {
?>
   <HTML>
	<HEAD>
		<TITLE>DONE</TITLE>
		<meta http-equiv="content-type" content="text/html; charset=UTF-8">
		<meta http-equiv="refresh" content="0; URL=secret/index.php">
		<link rel=stylesheet type="text/css" href="secret/styles.css">
	</HEAD>
	<BODY>
		<table cellpadding="0" cellspacing="0" border="0" style="width:250px;" align="center" height="100%">
		<tr><td valign="middle">
		<a class="menulink" href="secret/index.php"><?php echo INDEX_PAGEFORWARD; ?></a>
		</td>
		</tr>
		</table>
	</BODY>
  </HTML>
<?php
}

?>