function sql($sql)
{
$sql = str_replace('%%username%%', mysql_real_escape_string(gpc_esc($_POST['username'])), $sql);
$sql = str_replace('%%password%%', mysql_real_escape_string(gpc_esc($_POST['password'])), $sql);
$empire = gpc_esc($_POST['empire']);
$sql = str_replace('%%empirename%%', mysql_real_escape_string($empire), $sql);
$sql = str_replace('%%empirenamelen%%', p_strlen($empire), $sql);
$board = gpc_esc($_POST['board']);
$sql = str_replace('%%boardname%%', mysql_real_escape_string($board), $sql);
$sql = str_replace('%%boardnamelen%%', p_strlen($board), $sql);
$sql = str_replace('SQL_PREFIX_', SQL_PREFIX_, $sql);
FB::log($sql);
if (!DEBUG_PLAIN) {
$result = mysql_query($sql) or sqlerror($sql);
}
}
$_SESSION['ccdistance24'] = gpc_esc($_POST['dist24']);
$_SESSION['ccdistance34'] = gpc_esc($_POST['dist34']);
$coordvalid = true;
//Faire des calculs que s'il y a une entrée
$Pla4 = $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance14'] != "" && $_SESSION['ccdistance24'] != "" || $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst3'] != "" && $_SESSION['ccdistance14'] != "" && $_SESSION['ccdistance34'] != "" || $_SESSION['coord_syst3'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance34'] != "" && $_SESSION['ccdistance24'] != "";
$dist14 = $_SESSION['ccdistance14'];
$dist24 = $_SESSION['ccdistance24'];
$dist34 = $_SESSION['ccdistance34'];
}
if (isset($_POST['sys1']) && isset($_POST['sys2']) && isset($_POST['dist15']) && isset($_POST['dist25']) || isset($_POST['sys1']) && isset($_POST['sys3']) && isset($_POST['dist15']) && isset($_POST['dist35']) || isset($_POST['sys3']) && isset($_POST['sys2']) && isset($_POST['dist35']) && isset($_POST['dist25'])) {
$_SESSION['coord_syst1'] = gpc_esc($_POST['sys1']);
$_SESSION['coord_syst2'] = gpc_esc($_POST['sys2']);
$_SESSION['coord_syst3'] = gpc_esc($_POST['sys3']);
$_SESSION['ccdistance15'] = gpc_esc($_POST['dist15']);
$_SESSION['ccdistance25'] = gpc_esc($_POST['dist25']);
$_SESSION['ccdistance35'] = gpc_esc($_POST['dist35']);
$coordvalid = true;
//Faire des calculs que s'il y a une entrée
$Pla5 = $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance15'] != "" && $_SESSION['ccdistance25'] != "" || $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst3'] != "" && $_SESSION['ccdistance15'] != "" && $_SESSION['ccdistance35'] != "" || $_SESSION['coord_syst3'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance35'] != "" && $_SESSION['ccdistance25'] != "";
$dist15 = $_SESSION['ccdistance15'];
$dist25 = $_SESSION['ccdistance25'];
$dist35 = $_SESSION['ccdistance35'];
}
$syst1 = $_SESSION['coord_syst1'];
$syst2 = $_SESSION['coord_syst2'];
$syst3 = $_SESSION['coord_syst3'];
require_once TEMPLATE_PATH . 'sample.tpl.php';
$tpl = tpl_sample::getinstance();
$tpl->page_title = 'EU2: Addons triangulation';
$out = <<<form
<br />
$carto->boink(ROOT_URL . basename(__FILE__));
}
if (isset($_COOKIE['Recherche'])) {
foreach ($_COOKIE['Recherche'] as $key => $value) {
$Recherche[$key] = stripslashes($value);
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !isset($_POST['Recherche']['Moi'])) {
$_POST['Recherche']['Moi'] = '';
}
if (isset($_POST['Recherche']['Troop'])) {
$_POST['Recherche']['Troop'] = DataEngine::strip_number($_POST['Recherche']['Troop']);
}
if (isset($_POST['Recherche'])) {
foreach ($_POST['Recherche'] as $key => $value) {
$value = gpc_esc($value);
if ($value != '') {
SetCookie('Recherche[' . $key . ']', $value, time() + 3600 * 24, ROOT_URL);
$Recherche[$key] = $value;
} else {
SetCookie('Recherche[' . $key . ']', '', time() - 10, ROOT_URL);
unset($Recherche[$key]);
}
}
}
if ($Recherche['Troop'] > 0) {
$Recherche['Type'] = '0,3,5';
}
$fieldtable = array();
// $fieldtable['Status'] = '`Inactif`=%d ';
$fieldtable['Type'] = 'c.`TYPE` IN (%s) ';
/**
* @author Alex10336
* Dernière modification: $Id$
* @license GNU Public License 3.0 ( http://www.gnu.org/licenses/gpl-3.0.txt )
* @license Creative Commons 3.0 BY-SA ( http://creativecommons.org/licenses/by-sa/3.0/deed.fr )
*
**/
require_once './init.php';
require_once INCLUDE_PATH . 'Script.php';
Members::CheckPermsOrDie('PERSO_TROOPS_BATTLE');
require_once TEMPLATE_PATH . 'troops.tpl.php';
$tpl = tpl_troops::getinstance();
$lng = language::getinstance()->GetLngBlock('pillage');
$_GET['player'] = str_replace('%', '', $_GET['player']);
if ($_GET['player'] != '') {
$player = gpc_esc($_GET['player']);
} else {
$player = $_SESSION['_login'];
}
$sql = sqlesc($player);
$sql = <<<sql
SELECT ta.`ID`, ta.`type`, ta.`players_attack`, ta.`players_defender`, ta.`players_pertes`, ta.`when`, ta.`coords_ss`, ta.`coords_3p`, tp.`mid`, tp.`Player`, tp.`ress0`, tp.`ress1`, tp.`ress2`, tp.`ress3`, tp.`ress4`, tp.`ress5`, tp.`ress6`, tp.`ress7`, tp.`ress8`, tp.`ress9`, tp.`date` FROM `SQL_PREFIX_troops_attack` ta
LEFT JOIN `SQL_PREFIX_troops_pillage` tp on (tp.`mid`=ta.`id`)
WHERE `players_attack` LIKE '%"{$sql}"%' OR `players_defender` LIKE '%"{$sql}"%'
ORDER BY `when` DESC LIMIT 0,30
sql;
$result = DataEngine::sql($sql);
$tpl->Setheader();
$tpl->AddToRow($player, 'player');
$tpl->PushRow();
$xml = <<<xml
<sql>
<msg><![CDATA[%msg%]]></msg>
<haserror>%haserror%</haserror>
<done>%done%</done>
</sql>
xml;
if (INSTALLED) {
require_once INCLUDE_PATH . 'Script.php';
if (!Members::CheckPerms(AXX_ROOTADMIN)) {
error('No perms');
}
} else {
error('Install me first =)');
}
$file = gpc_esc($_POST['file']);
$sqlfile = ROOT_PATH . 'upgrade' . DIRECTORY_SEPARATOR . $file . '.sql';
$lockfile = ROOT_PATH . 'upgrade' . DIRECTORY_SEPARATOR . $file . '.lock';
if (preg_match('/[^a-zA-Z_0-9]+/', $file) > 0) {
error('Tentative d\'injection détecté.');
}
if (!file_exists($sqlfile)) {
error('Mise à jour corrompue !');
}
if (file_exists($lockfile)) {
$cur = (int) file_get_contents($lockfile);
} else {
$cur = 0;
}
if (DEBUG_PLAIN) {
FB::log($cur, '$cur');
$info[$k] = sqlesc($v);
}
$query = <<<q
UPDATE `SQL_PREFIX_Membres` SET `POINTS`=%d,
`Economie`=%d, `Commerce`=%d, `Recherche`=%d, `Combat`=%d,
`Construction`='%s', `Navigation`=%d, `Race`='%s',
`Titre`='%s', `GameGrade`='%s', `pts_architecte`=%d, `pts_mineur`=%d,
`pts_science`=%d, `pts_commercant`=%d, `pts_amiral`=%d,
`pts_guerrier`=%d WHERE `Joueur`='%s'
q;
DataEngine::sql(sprintf($query, $info['POINTS'], $info['Economie'], $info['Commerce'], $info['Recherche'], $info['Combat'], $info['Construction'], $info['Navigation'], $info['Race'], $info['Titre'], $info['GameGrade'], $info['pts_architecte'], $info['pts_mineur'], $info['pts_science'], $info['pts_commercant'], $info['pts_amiral'], $info['pts_guerrier'], $_SESSION['_login']));
}
}
if (isset($_POST['JOUEUR'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = gpc_esc($v);
}
$_POST['Commerce'] = intval($_POST['Commerce']);
$_POST['Recherche'] = intval($_POST['Recherche']);
$_POST['Combat'] = intval($_POST['Combat']);
$_POST['Construction'] = intval($_POST['Construction']);
$_POST['Economie'] = intval($_POST['Economie']);
$_POST['Navigation'] = intval($_POST['Navigation']);
$_POST['Points'] = DataEngine::strip_number($_POST['Points']);
$_POST['pts_architecte'] = DataEngine::strip_number($_POST['pts_architecte']);
$_POST['pts_mineur'] = DataEngine::strip_number($_POST['pts_mineur']);
$_POST['pts_science'] = DataEngine::strip_number($_POST['pts_science']);
$_POST['pts_commercant'] = DataEngine::strip_number($_POST['pts_commercant']);
$_POST['pts_amiral'] = DataEngine::strip_number($_POST['pts_amiral']);
$_POST['pts_guerrier'] = DataEngine::strip_number($_POST['pts_guerrier']);
foreach ($_POST as $k => $v) {
$info = $warn = '';
if (isset($_GET['reset']) && $_GET['reset'] == $_SESSION['_permkey']) {
DataEngine::sql('DELETE FROM `SQL_PREFIX_ownuniverse` WHERE `UTILISATEUR` = \'' . $_SESSION['_login'] . '\' LIMIT 1');
output::Boink('%ROOT_URL%ownuniverse.php');
}
if ($_GET['showuser'] != '' && Members::CheckPerms('PERSO_OWNUNIVERSE_READONLY')) {
$player = gpc_esc($_GET['showuser']);
$include_form = false;
} else {
$player = false;
$include_form = true;
}
if (isset($_POST['importation'])) {
$cleandata = $ownuniverse->get_universe(false);
// initialise les infos (planet)
$data = gpc_esc($_POST['importation']);
// Partie centre de controle
if ($data != "" and strpos($data, $lng['control_center_ident']) !== false) {
$cleandata = $ownuniverse->parse_ownuniverse($data);
if ($cleandata === false) {
$cleandata = $ownuniverse->get_universe(false);
} else {
list($info, $warn) = $ownuniverse->add_ownuniverse($cleandata);
}
// Partie affichage planète
} elseif ($data != '' and strpos($data, $lng['planet_ident']) !== false) {
// $cleandata = $ownuniverse->get_universe(false);
if ($cleandata && is_array($cleandata[0])) {
$result = $ownuniverse->parse_planet($data);
$warn = $lng['planet_error'];
foreach ($cleandata as $k => $planet) {
$img->SetColorHexa($textcolor);
if ($key == 'eude') {
$img->Text($text, 0, 8, $fontsize);
} else {
$img->CenteredText($text, $fontsize);
}
//-- Fin partie personalisable. ------------------------------------------------
$img->SaveAs($key . '.png')->Render();
}
include_once '../../../../init.php';
include_once INCLUDE_PATH . 'Script.php';
Members::CheckPermsOrDie(AXX_ROOTADMIN);
addons::getinstance()->ButtonRegen($listing, $defaultsetting);
if (isset($_GET['ident'])) {
include CLASS_PATH . 'img.class.php';
do_btn(gpc_esc($_GET['ident']));
} else {
include TEMPLATE_PATH . 'sample.tpl.php';
$tpl = tpl_sample::getinstance();
$files = scandir('./');
foreach ($files as $file) {
if (p_substr($file, -4) == '.png') {
unlink($file);
}
}
foreach ($listing as $key => $dummy) {
$tpl->PushOutput('<span class="color_header"> %BTN_URL%' . $key . '.png </span><img src="./gen.php?ident=' . $key . '&' . time() . '"/><br/>');
}
$tpl->PushOutput(<<<x
<script>
window.onload = function() {
unset($wars[$_GET['emp_war_rm']]);
DataEngine::conf_update('EmpireEnnemy', $wars);
}
}
if (isset($_POST['emp_allys_add']) && $_POST['emp_allys_add'] != '') {
$emp = sqlesc($_POST['emp'], false);
if ($emp != '') {
$allys = DataEngine::config('EmpireAllys');
if (!in_array(gpc_esc($_POST['emp']), $allys)) {
$sql = <<<sql
UPDATE `SQL_PREFIX_Coordonnee`
LEFT JOIN `SQL_PREFIX_Coordonnee_Joueurs` on id=jid
SET `TYPE`=3 WHERE `TYPE` in (0,3,5) AND `EMPIRE` LIKE '{$emp}'
sql;
$mysql_result = DataEngine::sql($sql);
$allys[] = gpc_esc($_POST['emp']);
DataEngine::conf_update('EmpireAllys', $allys);
}
}
}
if (isset($_GET['emp_allys_rm']) && $_GET['emp_allys_rm'] != '') {
$allys = DataEngine::config('EmpireAllys');
$emp = sqlesc($allys[$_GET['emp_allys_rm']], false);
if ($emp != '') {
$sql = <<<sql
UPDATE `SQL_PREFIX_Coordonnee`
LEFT JOIN `SQL_PREFIX_Coordonnee_Joueurs` on id=jid
SET `TYPE`=0 WHERE `TYPE` in (0,3,5) AND `EMPIRE` LIKE '{$emp}'
sql;
$mysql_result = DataEngine::sql($sql);
unset($allys[$_GET['emp_allys_rm']]);
require_once '../../init.php';
require_once INCLUDE_PATH . 'Script.php';
require_once CLASS_PATH . 'map.class.php';
// requis par ownuniverse
require_once CLASS_PATH . 'parser.class.php';
// requis par ownuniverse
require_once CLASS_PATH . 'ownuniverse.class.php';
// Check si activé
if (!addons::getinstance()->Get_Addons('scanner')->CheckPerms()) {
DataEngine::NoPermsAndDie();
}
//if (!isset ($_SESSION['scanner_email']) || $_SESSION['scanner_email'] == '')
// $_SESSION['scanner_email'] = '*****@*****.**';
if (isset($_POST['email']) && isset($_POST['session'])) {
$_SESSION['scanner_email'] = gpc_esc($_POST['email']);
$_SESSION['scanner_session'] = gpc_esc($_POST['session']);
}
$ScannerEnabled = isset($_SESSION['scanner_email']) && isset($_SESSION['scanner_session']) && $_SESSION['scanner_email'] != '' && $_SESSION['scanner_session'] != '';
require_once TEMPLATE_PATH . 'sample.tpl.php';
$tpl = tpl_sample::getinstance();
$tpl->css_file = false;
$tpl->page_title = 'EU2: Addons scanner';
$out = <<<form
<form name="settings" action="index.php" method="POST">
Votre email: <input type="text" name="email" value="{$_SESSION['scanner_email']}" size="36" /><br/>
Votre id session: <input type="text" name="session" value="{$_SESSION['scanner_session']}" size="32" /><br/>
<br/>
L'id de session ce trouve dans le panneau des préférences: <br/>
- "<b>Vie Privée</b>"<br/>
- Règles de conservation: "<b>utiliser les paramètres personnalisés pour l'historique</b>"<br/>
- Le bouton "<b>Afficher les cookies...</b>" apparait.<br/>
* @license Creative Commons 3.0 BY-SA ( http://creativecommons.org/licenses/by-sa/3.0/deed.fr )
*
* */
define('CHECK_LOGIN', false);
require_once './init.php';
require_once INCLUDE_PATH . 'Script.php';
if (DataEngine::config_key('config', 'closed')) {
output::Boink();
}
if (!DataEngine::config_key('config', 'CanRegister')) {
Members::NoPermsAndDie();
}
$lng = language::getinstance()->GetLngBlock('login');
$erreur = '';
if (isset($_POST['login']) && $_POST['login'] != '' && $_POST['mdp'] != '') {
$login = gpc_esc($_POST['login']);
$qlogin = sqlesc($_POST['login']);
$pass = md5($_POST['mdp']);
$query = 'SELECT LOWER(`Login`) as `Login` from `SQL_PREFIX_Users` WHERE LOWER(`Login`)=LOWER(\'' . $qlogin . '\')';
$mysql_result = DataEngine::sql($query);
$ligne = mysql_fetch_array($mysql_result);
if ($ligne['Login'] == $login) {
// joueur existe déjà...
$erreur = $lng['user_exists'];
} else {
if (DE_DEMO) {
$axx = AXX_MEMBER;
$_SESSION['_login'] = $login;
$_SESSION['_pass'] = $pass;
$_SESSION['_Perm'] = $axx;
$_SESSION['_IP'] = Get_IP();
if (!$carto->FormatId(trim($_POST['COORIN']), $uni, $sys, '')) {
$xml['log'] = sprintf($lng['player_err_coords'], $_POST['COORIN']);
$carto->AddWarn($xml['log']);
} else {
$carto->Edit_Entry($_POST['COORIN'], array('water' => $water, 'batiments' => $batiments), $lng['player_edit_msg']);
$xml['log'] = sprintf($lng['player_edit_log'], $sys);
}
break;
case 'empire':
// --------------------------------------------------------
if (!Members::CheckPerms('EMPIRE_GREASE')) {
$carto->AddErreur('Permissions manquante');
break;
}
$empire_name = gpc_esc(html_entity_decode($_POST['empire']));
$membres = unserialize(gpc_esc($_POST['data']));
$query = 'UPDATE `SQL_PREFIX_Coordonnee_Joueurs` SET
`EMPIRE` = \'\'
WHERE `EMPIRE` LIKE \'' . sqlesc($empire_name) . '\'';
DataEngine::sql($query);
// $carto->AddInfo($query);
array_walk($membres, 'array_fullsqlesc');
$listemembres = implode(',', $membres);
$query = 'UPDATE `SQL_PREFIX_Coordonnee_Joueurs` SET
`EMPIRE` = \'' . sqlesc($empire_name) . '\'
WHERE `USER` in (' . $listemembres . ')';
DataEngine::sql($query);
// $carto->AddInfo($query);
$carto->AddInfo('L\'empire ' . $empire_name . ' a été mis à jour');
$xml['log'] = 'L\'empire ' . $empire_name . ' a été mis à jour';
break;
