Beispiel #1
0
/**
* Print debuginformation from the framework.
*/
function get_debug()
{
    // Only if debug is wanted.
    $Origo = Origin::Instance();
    if (empty($Origo->config['debug'])) {
        return;
    }
    // Get the debug output
    $html = null;
    if (isset($Origo->config['debug']['db-num-queries']) && $Origo->config['debug']['db-num-queries'] && isset($Origo->db)) {
        $flash = $Origo->session->GetFlash('database_numQueries');
        $flash = $flash ? "{$flash} + " : null;
        $html .= "<p>Database made {$flash}" . $Origo->db->GetNumQueries() . " queries.</p>";
    }
    if (isset($Origo->config['debug']['db-queries']) && $Origo->config['debug']['db-queries'] && isset($Origo->db)) {
        $flash = $Origo->session->GetFlash('database_queries');
        $queries = $Origo->db->GetQueries();
        if ($flash) {
            $queries = array_merge($flash, $queries);
        }
        $html .= "<p>Database made the following queries.</p><p>" . implode('<br/><br/>', $queries) . "</p>";
    }
    if (isset($Origo->config['debug']['timer']) && $Origo->config['debug']['timer']) {
        $html .= "<p>Page was loaded in " . round(microtime(true) - $Origo->timer['first'], 5) * 1000 . " msecs.</p>";
    }
    if (isset($Origo->config['debug']['trial']) && $Origo->config['debug']['trial']) {
        $html .= "<hr><h3>Debuginformation</h3><p>The content of trial:</p><pre>" . htmlent(print_r($Origo, true)) . "</pre>";
    }
    if (isset($Origo->config['debug']['session']) && $Origo->config['debug']['session']) {
        $html .= "<hr><h3>SESSION</h3><p>The content of Origin->session:</p><pre>" . htmlent(print_r($Origo->session, true)) . "</pre>";
        $html .= "<p>The content of \$_SESSION:</p><pre>" . htmlent(print_r($_SESSION, true)) . "</pre>";
    }
    return $html;
}
Beispiel #2
0
 protected function showForm()
 {
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamReactivate_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
     // display teams that can be reactivated
     $teamids = \team::getDeletedTeamIds();
     $teamData = array();
     foreach ($teamids as $teamid) {
         $teamData[] = array('id' => $teamid, 'name' => (new team($teamid))->getName());
     }
     $tmpl->assign('teams', $teamData);
     // a team must always have a leader
     // display user choice to admin
     // get all teamless users
     $users = \user::getTeamlessUsers();
     $userData = array();
     foreach ($users as $user) {
         // a team should only be reactivated so it can play...no point of inactive, disabled or banned user
         if ($user->getStatus() === 'active') {
             $userData[] = array('id' => $user->getID(), 'name' => $user->getName());
         }
     }
     $tmpl->assign('users', $userData);
 }
Beispiel #3
0
    /**
     * Display all items of the CObject.
     */
    public function DisplayObject()
    {
        $this->Menu();
        $this->data['main'] .= <<<EOD
\t<h2>Dumping content of CDeveloper</h2>
\t<p>Here is the content of the controller, including properties from CObject which holds access to common resources in Origin.</p>
EOD;
        $this->data['main'] .= '<pre>' . htmlent(print_r($this, true)) . '</pre>';
    }
Beispiel #4
0
 public function addToVisitsLog($id)
 {
     // insert login of user to visits log
     $ip_address = getenv('REMOTE_ADDR');
     $host = gethostbyaddr($ip_address);
     $query = 'INSERT INTO `visits` (`userid`,`ip-address`,`host`,`forwarded_for`,`timestamp`) VALUES' . ' (?, ?, ?, ?, ?)';
     $query = $this->prepare($query);
     $args = array($id, htmlent($ip_address), htmlent($host), htmlent(getenv('HTTP_X_FORWARDED_FOR')), date('Y-m-d H:i:s'));
     $this->execute($query, $args);
 }
/**
 * Print debuginformation from the framework.
 */
function get_debug()
{
    $bbb = CBehovsboboxen::Instance();
    // Only if debug is wanted.
    if (empty($bbb->config['debug'])) {
        return;
    }
    // Get the debug output
    $html = null;
    if (isset($bbb->config['debug']['db-num-queries']) && $bbb->config['debug']['db-num-queries'] && isset($bbb->db)) {
        $flash = $bbb->session->GetFlash('database_numQueries');
        $flash = $flash ? "{$flash} + " : null;
        $html .= "<p>Database made {$flash}" . $bbb->db->GetNumQueries() . " queries.</p>";
    }
    if (isset($bbb->config['debug']['db-queries']) && $bbb->config['debug']['db-queries'] && isset($bbb->db)) {
        $flash = $bbb->session->GetFlash('database_queries');
        $queries = $bbb->db->GetQueries();
        if ($flash) {
            $queries = array_merge($flash, $queries);
        }
        $html .= "<p>Database made the following queries.</p><pre>" . implode('<br/><br/>', $queries) . "</pre>";
    }
    if (isset($bbb->config['debug']['timer']) && $bbb->config['debug']['timer']) {
        $now = microtime(true);
        //echo 'now: ' . $now . '<br />';
        $flash = $bbb->session->GetFlash('timer');
        //echo 'flash: ' . $flash . '<br />';
        if ($flash) {
            $redirect = $flash ? round($flash['redirect'] - $flash['first'], 3) . ' secs + x + ' : null;
            echo 'redirect: ' . $redirect . '<br />';
            $total = $flash ? round($now - $flash['first'], 3) . ' secs. Per page: ' : null;
            echo 'total: ' . $total . '<br />';
            $html .= "<p>Page was loaded in {$total}{$redirect}" . round($now - $bbb->timer['first'], 3) . " secs.</p>";
        }
    }
    if (isset($bbb->config['debug']['memory']) && $bbb->config['debug']['memory']) {
        $flash = $bbb->session->GetFlash('memory');
        $flash = $flash ? round($flash / 1024 / 1024, 2) . ' Mbytes + ' : null;
        $html .= "<p>Peek memory consumption was {$flash}" . round(memory_get_peak_usage(true) / 1024 / 1024, 2) . " Mbytes.</p>";
    }
    if (isset($bbb->config['debug']['behovsboboxen']) && $bbb->config['debug']['behovsboboxen']) {
        $html .= "<hr><h3>Debuginformation</h3><p>The content of CBehovsboboxen:</p><pre>" . htmlent(print_r($bbb, true)) . "</pre>";
    }
    if (isset($bbb->config['debug']['session']) && $bbb->config['debug']['session']) {
        $html .= "<hr><h3>SESSION</h3><p>The content of CBehovsboboxen->session:</p><pre>" . htmlent(print_r($bbb->session, true)) . "</pre>";
        $html .= "<p>The content of \$_SESSION:</p><pre>" . htmlent(print_r($_SESSION, true)) . "</pre>";
    }
    if (isset($bbb->config['debug']['timestamp']) && $bbb->config['debug']['timestamp']) {
        $html .= $bbb->log->TimestampAsTable();
        $html .= $bbb->log->PageLoadTime();
        $html .= $bbb->log->MemoryPeak();
    }
    return "<div class='debug'>{$html}</div>";
}
Beispiel #6
0
 protected function showForm()
 {
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamJoin_' . $this->team->getID() . '_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
 }
Beispiel #7
0
 function preview($folder, $id)
 {
     global $site;
     global $tmpl;
     parent::showMail($folder, $id);
     $tmpl->setTemplate('PMDelete');
     $tmpl->assign('showPreview', true);
     $tmpl->assign('title', 'Delete ' . $tmpl->getTemplateVars('title'));
     // protected against cross site injection attempts
     $randomKeyName = 'pmDelete_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
 }
 function Parse($string)
 {
     global $config;
     require_once dirname(__FILE__) . '/nbbc/nbbc.php';
     $setup = new BBCode();
     if (!isset($config)) {
         // old compatibility mode
         $setup->SetSmileyURL(baseaddress() . 'smileys');
     } else {
         $setup->SetSmileyURL($config->getValue('baseaddress') . 'smileys');
     }
     // $setup->SetEnableSmileys(false);
     $setup->SetAllowAmpersand(true);
     // escape (x)html entities
     return $setup->Parse(htmlent($string));
 }
Beispiel #9
0
 function insertEditText($readonly = false)
 {
     global $tmpl;
     global $config;
     global $db;
     if ($readonly || isset($_POST['confirmationStep'])) {
         // data passed to form -> use it
         $query = $db->prepare('SELECT `name` FROM `users` WHERE `id`=? LIMIT 1');
         $db->execute($query, user::getCurrentUserId());
         $author = $db->fetchRow($query);
         if ($author === false) {
             $author = 'error: no author could be determined';
         }
         $db->free($query);
     }
     // do not drop original message id that a reply would be refering to
     // but drop reply mode (users and teams are already added to recipients at this point)
     $formArgs = '';
     if (isset($_GET['id'])) {
         $formArgs .= '&amp;id=' . $_GET['id'];
     }
     $tmpl->assign('formArgs', $formArgs);
     $tmpl->assign('subject', $this->pm->getSubject());
     $tmpl->assign('time', $this->pm->getTimestamp());
     $tmpl->assign('playerRecipients', $this->pm->getUserNames());
     $tmpl->assign('teamRecipients', $this->pm->getTeamNames());
     $tmpl->assign('rawContent', htmlent($this->pm->getContent()));
     switch ($readonly) {
         case true:
             $tmpl->assign('authorName', htmlent($author['name']));
             if ($config->getValue('bbcodeLibAvailable')) {
                 $tmpl->assign('content', $tmpl->encodeBBCode($this->pm->getContent()));
             } else {
                 $tmpl->assign('content', htmlent($this->pm->getContent()));
             }
             $tmpl->assign('showPreview', true);
             // overwrite editor's default text ('Write changes')
             $tmpl->assign('submitText', 'Send PM');
             break;
         default:
             $tmpl->assign('showSendForm', true);
             // display the formatting buttons addded by addFormatButtons
             $this->editor->showFormatButtons();
             break;
     }
 }
Beispiel #10
0
 function insertEditText($readonly = false)
 {
     global $tmpl;
     global $author;
     global $last_modified;
     global $config;
     if ($readonly || isset($_POST['confirmationStep'])) {
         $content = $_POST['staticContent'];
     } elseif (isset($_GET['edit'])) {
         $content = $this->readContent($this->path, $author, $last_modified, true);
     } else {
         $content = 'Replace this text with the page content.';
     }
     switch ($readonly) {
         case true:
             $tmpl->assign('rawContent', htmlent($content));
             if ($config->getValue('bbcodeLibAvailable')) {
                 $tmpl->assign('contentPreview', $tmpl->encodeBBCode($content));
             } else {
                 // TODO: only fall back to using raw data if config says so
                 $tmpl->assign('contentPreview', $content);
             }
             break;
         default:
             $tmpl->assign('rawContent', htmlent($content));
             // display the formatting buttons addded by addFormatButtons
             $this->editor->showFormatButtons();
             break;
     }
 }
Beispiel #11
0
 protected function showForm()
 {
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamCreate_' . \user::getCurrentUser()->getID() . '_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
     // bbcode editor
     include_once dirname(dirname(dirname(__FILE__))) . '/bbcode_buttons.php';
     $bbcode = new bbcode_buttons();
     // set up name of field to edit so javascript knows which element to manipulate
     $tmpl->assign('buttonsToFormat', $bbcode->showBBCodeButtons('team_description'));
     unset($bbcode);
 }
Beispiel #12
0
<?php

if (!isset($account_needs_to_be_converted) || !$account_needs_to_be_converted) {
    if (isset($_SESSION['user_logged_in']) && $_SESSION['user_logged_in']) {
        $this->helper->done('already logged in');
    }
}
$account_old_website = htmlent($config->getValue('oldWebsiteName'));
if (!isset($msg)) {
    $msg = '';
}
if (!(isset($_POST['local_login_wanted']) && $_POST['local_login_wanted'])) {
    $msg .= '<form action="' . $config->getValue('baseaddress') . 'Login/' . '" method="post">' . "\n";
    $msg .= '<p class="first_p">' . "\n";
    if ($config->getValue('login.modules.forceExternalLoginOnly')) {
        $msg .= $this->helper->return_self_closing_tag('input type="submit" name="local_login_wanted" value="Update old account from ' . $account_old_website . '"');
    } else {
        $msg .= $this->helper->return_self_closing_tag('input type="submit" name="local_login_wanted" value="Local login"');
    }
    $msg .= '</p>' . "\n";
    $msg .= '</form>' . "\n";
}
if (isset($_POST['local_login_wanted']) && $_POST['local_login_wanted']) {
    /* 		$msg .= '<div class="static_page_box">' . "\n"; */
    $msg .= '<p class="first_p">';
    if ($config->getValue('login.modules.local.convertUsersToExternalLogin')) {
        require_once dirname(dirname(__FILE__)) . '/login_module_list.php';
        if (isset($module['bzbb']) && $module['bzbb']) {
            $msg .= '<strong><span class="unread_messages">Before you continue make absolutely sure your account here and the my.bzflag.org/bb/ (forum) account have exactly the same username or you will give someone else access to your account and that access can never be revoked.</span></strong></p>';
        }
    }
Beispiel #13
0
 function bbcode($string)
 {
     if (strcmp(bbcode_lib_path(), '') === 0) {
         // no bbcode library specified
         return $this->linebreaks(htmlent($string));
     }
     // load the library
     require_once bbcode_lib_path();
     if (strcmp(bbcode_command(), '') === 0) {
         // no command that starts the parser
         return $this->linebreaks(htmlent($string));
     } else {
         $parse_command = bbcode_command();
     }
     if (!(strcmp(bbcode_class(), '') === 0)) {
         // no class specified
         // this is no error, it only means the library stuff isn't started by a command in a class
         $bbcode_class = bbcode_class();
         $bbcode_instance = new $bbcode_class();
     }
     // execute the bbcode algorithm
     if (isset($bbcode_class)) {
         if (bbcode_sets_linebreaks()) {
             return $bbcode_instance->{$parse_command}($string);
         } else {
             return $this->linebreaks($bbcode_instance->{$parse_command}($string));
         }
     } else {
         if (bbcode_sets_linebreaks()) {
             return $parse_command($string);
         } else {
             return $this->linebreaks($parse_command($string));
         }
     }
 }
function jquerycommentary_run()
{
    global $_SERVER, $output, $session;
    require_once 'lib/commentary.php';
    $section = httpget('section');
    $commentary = db_prefix('commentary');
    $accounts = db_prefix('accounts');
    if (($commid = httpget('rmvcmmnt')) != "") {
        $prefix = db_prefix('commentary');
        check_su_access(SU_EDIT_COMMENTS);
        if ($session['user']['superuser'] & SU_EDIT_COMMENTS) {
            db_query("DELETE FROM {$prefix} WHERE commentid = '{$commid}'");
        }
        db_query("INSERT INTO {$commentary} (section, author, comment, postdate) VALUES ('blackhole', '{$session['user']['acctid']}', 'I f****d up', '" . date('Y-m-d H:i:s') . "')");
        invalidatedatacache("comments-{$section}");
        invalidatedatacache("comments-blackhole");
    }
    if (httpget('section') == get_module_pref('current_section') && httpget('section') != '') {
        //echo 'x';
        //var_dump(get_all_module_settings());
        $output = "";
        $_SERVER['REQUEST_URI'] = httpget('r');
        $session['counter'] = httpget('c');
        viewcommentary(get_module_pref('current_section'), get_module_setting('message'), get_module_setting('limit'), get_module_setting('talkline'));
        $output = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $output);
        $output = substr($output, 0, strpos($output, "<jquerycommentaryend>"));
        db_query("UPDATE accounts SET laston = '" . date('Y-m-d H:i:s') . "' WHERE acctid = '{$session['user']['acctid']}'");
        echo trim("{$output}");
        invalidatedatacache("comments-{$section}");
        /*$sql = db_query(
              "SELECT a.name, a.acctid
              FROM accounts AS a
              LEFT JOIN module_userprefs AS m
              ON m.userid = a.acctid
              LEFT JOIN module_userprefs AS u
              ON u.userid = m.userid
              WHERE m.modulename = 'jquerycommentary'
              AND m.setting = 'is_typing'
              AND m.value = '1'
              AND u.modulename = 'jquerycommentary'
              AND u.setting = 'current_section'
              and u.value = '" . get_module_pref('current_section') ."'"
          );
          $typing = [];
          while ($row = db_fetch_assoc($sql)) {
              array_push($typing, [$row['acctid'], $row['name']]);
          }
          $isTyping = appoencode('`@');
          $i = 0;
          echo appoencode('`@Who\'s typing: `n');
          if (count($typing) != 0) {
              foreach ($typing as $key => $val) {
                  $i++;
                  if ($i == 1) {
                      $isTyping .= appoencode($val[1]);
                  }
                  else if ($i > 1 && count($typing) > $i) {
                      $isTyping .= appoencode("`@, {$val[1]}");
                  }
                  else if ($i == count($typing)) {
                      $isTyping .= appoencode("`@ and {$val[1]}");
                  }
              }
              echo $isTyping;
          }
          else {
              echo appoencode('`@No one');
          }*/
    }
    switch (httpget('op')) {
        case 'get_json':
            $sql = db_query("SELECT commentid, author, comment FROM commentary WHERE section = '{$session['current_commentary_area']}' AND deleted = '0' ORDER BY commentid+0 DESC LIMIT 0, 25");
            $json = [];
            while ($row = db_fetch_assoc($sql)) {
                array_push($json, $row);
            }
            echo "<pre>";
            echo json_encode($json, JSON_PRETTY_PRINT);
            echo "</pre>";
            break;
        case 'post':
            $post = httpallpost();
            $post = modulehook('jquery-post-commentary', $post);
            $commentary = db_prefix('commentary');
            if ($post['method'] == 'insertcommentary') {
                require_once 'lib/commentary.php';
                injectcommentary(get_module_pref('current_section'), get_module_setting('talkline'), $post['comment']);
            } else {
                $commentid = explode('_', $post['method']);
                require_once 'lib/systemmail.php';
                require_once 'lib/sanitize.php';
                $post['comment'] = htmlent($post['comment']);
                db_query("UPDATE {$commentary} SET comment = '{$post['comment']}' WHERE commentid = '{$commentid[1]}'");
                db_query("INSERT INTO {$commentary} (section, author, comment, postdate) VALUES ('blackhole', '{$session['user']['acctid']}', 'I f****d up', '" . date('Y-m-d H:i:s') . "')");
                invalidatedatacache("comments-{$session['current_commentary_section']}");
                invalidatedatacache("comments-blackhole");
            }
            break;
        case 'last_comment':
            require_once 'lib/sanitize.php';
            db_query("UPDATE accounts SET laston = '" . date('Y-m-d H:i:s') . "' WHERE acctid = '{$session['user']['acctid']}'");
            //$sql = db_query("SELECT comment, commentid FROM ".db_prefix('commentary')." WHERE author = '{$session['user']['acctid']}' AND section = '{$session['current_commentary_area']}' ORDER BY commentid DESC LIMIT 0,1");
            $sql = db_query("SELECT comment, commentid FROM {$commentary}\n                WHERE author = '{$session['user']['acctid']}'\n                AND (section = 'globalooc'\n                    OR section = '{$session['current_commentary_area']}')\n                ORDER BY commentid DESC\n                LIMIT 0,1");
            $row = db_fetch_assoc($sql);
            $data = $row;
            $sql = db_query("SELECT commentid, section, comment FROM {$commentary}\n                WHERE (section = 'globalooc'\n                OR section = '{$session['current_commentary_area']}'\n                OR section = 'blackhole'\n                )\n                ORDER BY commentid+0 DESC\n                LIMIT 0,1");
            $row = db_fetch_assoc($sql);
            $data['last_section'] = $row['section'];
            $data['last_comment'] = $row['commentid'];
            $data['last_message'] = $row['comment'];
            echo json_encode($data);
            break;
        case 'is_typing':
            $post = httpallpost();
            if ($post['typing'] == 'yes') {
                set_module_pref('is_typing', 1);
            } else {
                set_module_pref('is_typing', 0);
            }
            $sql = db_query("SELECT a.name, a.acctid\n                FROM accounts AS a\n                LEFT JOIN module_userprefs AS m\n                ON m.userid = a.acctid\n                LEFT JOIN module_userprefs AS u\n                ON u.userid = m.userid\n                WHERE m.modulename = 'jquerycommentary'\n                AND m.setting = 'is_typing'\n                AND m.value = '1'\n                AND u.modulename = 'jquerycommentary'\n                AND u.setting = 'current_section'\n                and u.value = '" . get_module_pref('current_section') . "'");
            $typing = [];
            while ($row = db_fetch_assoc($sql)) {
                array_push($typing, [$row['acctid'], $row['name']]);
            }
            $isTyping = appoencode('`@');
            $i = 0;
            if (count($typing) != 0) {
                foreach ($typing as $key => $val) {
                    $i++;
                    if ($i == 1) {
                        $isTyping .= appoencode($val[1]);
                    } else {
                        if ($i > 1 && count($typing) > $i) {
                            $isTyping .= appoencode("`@, {$val[1]}");
                        } else {
                            if ($i == count($typing)) {
                                $isTyping .= appoencode("`@ and {$val[1]}");
                            }
                        }
                    }
                    if ($i == count($typing)) {
                        $isTyping .= appoencode("`@...");
                    }
                }
                echo "✏ {$isTyping}";
            } else {
                echo "<br />";
            }
            break;
        case 'api':
            header('Content-Type: application/json');
            /*$sql = db_query(
                  "SELECT c.*, a.name FROM $commentary AS c
                  LEFT JOIN $accounts AS a
                  ON a.acctid = c.author
                  WHERE (section = '{$session['current_commentary_area']}'
                  OR section = 'global-ooc')
                  AND deleted = 0
                  ORDER BY commentid+0 DESC
                  GROUP BY section
                  LIMIT 0, 25"
              );*/
            $sql = db_query("SELECT comm.*, acc.name FROM\n                (\n                    (SELECT * FROM\n                        (SELECT * FROM commentary\n                        WHERE section = 'globalooc'\n                        AND deleted = '0'\n                        ORDER BY commentid+0 DESC\n                        LIMIT 0, 10)\n                    AS c\n                    ORDER BY c.commentid+0 ASC\n                    LIMIT 0, 10)\n                    UNION (\n                        SELECT * FROM\n                        (SELECT * FROM commentary\n                        WHERE section = 'superuser'\n                        AND deleted = '0'\n                        ORDER BY commentid+0 DESC\n                        LIMIT 0, 25)\n                        AS c\n                        ORDER BY c.commentid+0 ASC\n                        LIMIT 0, 25\n                    )\n                ) AS comm\n                LEFT JOIN accounts AS acc\n                ON acc.acctid = comm.author");
            $json = [];
            while ($row = db_fetch_assoc($sql)) {
                $row['name'] = appoencode($row['name']);
                $row['comment'] = appoencode($row['comment']);
                array_push($json, $row);
            }
            echo json_encode($json, JSON_PRETTY_PRINT);
            break;
    }
}
Beispiel #15
0

<?php 
echo $form->GetHTML();
?>

<div class="page-header">
  <h2>Current messages</h2>
</div>

<?php 
foreach ($entries as $val) {
    ?>
<div class = well>
  <p>
  <strong><?php 
    echo htmlent($val['name']);
    ?>
</strong>
  <br /><small><?php 
    echo $val['created'];
    ?>
</small>
  </p>
  <p><?php 
    echo htmlent($val['entry']);
    ?>
</p>
</div>
<?php 
}
Beispiel #16
0
 public function showTeam($teamid)
 {
     global $tmpl;
     global $db;
     $team = new team($teamid);
     if (!$team->exists()) {
         $tmpl->setTemplate('NoPerm');
         return;
     }
     if (!$tmpl->setTemplate('teamSystemProfile')) {
         $tmpl->noTemplateFound();
         die;
     }
     // FIXME: implement something to avoid hardcoded paths
     $tmpl->assign('pmLink', '../PM/?add&teamid=' . $teamid);
     $tmpl->assign('status', $team->getStatus());
     $tmpl->assign('title', 'Team ' . htmlent($team->getName()));
     // the team's leader
     $teamLeader = $team->getLeaderId();
     $teamData = array();
     $teamData['profileLink'] = './?profile=' . $team->getID();
     $teamData['name'] = $team->getName();
     $teamData['score'] = $team->getScore();
     $teamData['scoreClass'] = $this->rankScore($teamData['score']);
     $teamData['matchSearchLink'] = '../Matches/?search_string=' . $teamData['name'] . '&amp;search_type=team+name' . '&amp;search_result_amount=200' . '&amp;search=Search';
     $teamData['matchCount'] = $team->getMatchCount();
     $teamData['memberCount'] = $team->getMemberCount();
     $teamData['leaderLink'] = '../Players/?profile=' . $team->getLeaderId();
     $teamData['leaderName'] = (new \user($team->getLeaderId()))->getName();
     $teamData['activityNew'] = $team->getActivityNew();
     $teamData['activityOld'] = $team->getActivityOld();
     $teamData['created'] = $team->getCreationTimestampStr();
     $teamData['wins'] = $team->getMatchCount('won');
     $teamData['draws'] = $team->getMatchCount('draw');
     $teamData['losses'] = $team->getMatchCount('lost');
     $teamData['logo'] = $team->getAvatarURI();
     $tmpl->assign('teamDescription', $team->getDescription());
     $tmpl->assign('team', $teamData);
     $tmpl->assign('teamid', $teamid);
     $tmpl->assign('canPMTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() > 0 ? true : false);
     // tell template if user can edit this team
     $tmpl->assign('canEditTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_edit_any_team_profile'));
     // tell template if user can delete this team
     // either user has deletion permission for team
     // or user is leader of team and there are one or less members in team
     $tmpl->assign('canDeleteTeam', $team->getStatus() !== 'deleted' && (\user::getCurrentUser()->getPermission('team.allowDelete ' . $team->getID()) || \user::getCurrentUser()->getPermission('allow_delete_any_team') || \user::getCurrentUserId() === $team->getLeaderId()));
     $showMemberActionOptions = false;
     if (\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members')) {
         $showMemberActionOptions = true;
     }
     $members = array();
     $memberids = $team->getUserIds();
     foreach ($memberids as $memberid) {
         $user = new \user($memberid);
         $member = array();
         // rename db result fields and assemble some additional informations
         // use a temporary array for better readable (but slower) code
         if (!$showMemberActionOptions && \user::getCurrentUserId() === $memberid) {
             $showMemberActionOptions = true;
         }
         $member['profileLink'] = '../Players/?profile=' . $user->getID();
         $member['userName'] = $user->getName();
         $member['permissions'] = $teamLeader === $memberid ? 'Leader' : 'Standard';
         if ($country = $user->getCountry()) {
             $member['countryName'] = $country->getName();
             if (strlen($country->getFlag()) > 0) {
                 $member['countryFlag'] = $country->getFlag();
             }
         }
         $member['joined'] = $user->getJoinTimestampStr();
         $member['last_login'] = $user->getLastLoginTimestampStr();
         // show leave/kick links if permission is given
         // a team leader can neither leave or be kicked
         // a leader must first give someone else leadership to leave
         if ((\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members') || \user::getCurrentUserId() === $user->getID()) && $user->getID() !== $teamLeader) {
             $member['removeLink'] = './?remove=' . $user->getID() . '&amp;team=' . $teamid;
             if (\user::getCurrentUserId() === $user->getID()) {
                 $member['removeDescription'] = 'Leave team';
             } else {
                 $member['removeDescription'] = 'Kick member from team';
             }
         }
         // append current member data
         $members[] = $member;
         unset($user);
     }
     $tmpl->assign('members', $members);
     $tmpl->assign('showMemberActionOptions', $showMemberActionOptions);
     // show last entered matches
     $matches = array();
     // show available options if any available
     $allowEdit = \user::getCurrentUser()->getPermission('allow_edit_match');
     $allowDelete = \user::getCurrentUser()->getPermission('allow_delete_match');
     $tmpl->assign('showMatchActionOptions', $allowEdit || $allowDelete);
     $tmpl->assign('allowEdit', $allowEdit);
     $tmpl->assign('allowDelete', $allowDelete);
     // get match data
     // sort the data by id to find out if abusers entered a match at a long time in the past
     $query = $db->prepare('SELECT `timestamp`,`team1_id`,`team2_id`,' . '(SELECT `name` FROM `teams` WHERE `id`=`team1_id`) AS `team1_name`' . ',(SELECT `name` FROM `teams` WHERE `id`=`team2_id`) AS `team2_name`' . ',`team1_points`,`team2_points`,`userid`' . ',(SELECT `users`.`name` FROM `users`' . ' WHERE `users`.`id`=`matches`.`userid`)' . ' AS `username`' . ',`matches`.`id`' . ' FROM `matches` WHERE `matches`.`team1_id`=?' . ' OR `matches`.`team2_id`=?' . ' ORDER BY `id` DESC LIMIT 0,10');
     $db->execute($query, array($teamid, $teamid));
     while ($row = $db->fetchRow($query)) {
         // rename db result fields and assemble some additional informations
         // use a temporary array for better readable (but slower) code
         $prepared = array();
         $prepared['time'] = $row['timestamp'];
         $prepared['team1Link'] = '../Teams/?profile=' . $row['team1_id'];
         $prepared['team2Link'] = '../Teams/?profile=' . $row['team2_id'];
         $prepared['team1Name'] = $row['team1_name'];
         $prepared['team2Name'] = $row['team2_name'];
         $prepared['score1'] = $row['team1_points'];
         $prepared['score2'] = $row['team2_points'];
         $prepared['lastModById'] = $row['userid'];
         $prepared['lastModByName'] = $row['username'];
         $prepared['lastModByLink'] = '../Players/?profile=' . $prepared['lastModById'];
         if ($allowEdit) {
             $prepared['editLink'] = '../Matches/?edit=' . $row['id'];
         }
         if ($allowDelete) {
             $prepared['deleteLink'] = '../Matches/?delete=' . $row['id'];
         }
         $matches[] = $prepared;
     }
     $tmpl->assign('matches', $matches);
     // invitation data visible
     // for team members
     // for users who can issue any invitation
     if (\user::getCurrentUser()->getMemberOfTeam($teamid) || \user::getCurrentUser()->getPermission('allow_invite_in_any_team')) {
         $invitationData = array();
         $invitations = invitation::getInvitationsForTeam($teamid);
         foreach ($invitations as $invitation) {
             $invitationUser = $invitation->getUsers()[0];
             $invitationData[] = array('userName' => $invitationUser->getName(), 'profileLink' => '../Players/?profile=' . $invitationUser->getID(), 'expiration' => $invitation->getExpiration());
         }
         $tmpl->assign('invitations', $invitationData);
     }
 }
Beispiel #17
0
 // timezone
 echo '<p><label class="player_edit" for="edit_player_location">Change timezone:</label> ';
 echo '<select id="edit_player_timezone" name="timezone">';
 for ($i = -12; $i <= 12; $i++) {
     echo '<option value="';
     echo htmlspecialchars($i);
     if ($timezone === $i) {
         echo '" selected="selected';
     }
     echo '">';
     if ($i >= 0) {
         $time_format = '+' . strval($i);
     } else {
         $time_format = strval($i);
     }
     echo htmlent('UTC ' . $time_format);
     echo '</option>' . "\n";
 }
 unset($time_format);
 echo '</select>';
 echo '</p>' . "\n\n";
 // user comment
 if ($site->bbcode_lib_available()) {
     echo "\n" . '<div class="player_edit">';
     echo '<div class="invisi" style="display: inline;">';
     echo '	<label class="player_edit">bbcode:</label><span>';
     echo '</div>';
     include dirname(dirname(__FILE__)) . '/CMS/bbcode_buttons.php';
     $bbcode = new bbcode_buttons();
     $bbcode->showBBCodeButtons('user_comment');
     unset($bbcode);
Beispiel #18
0
 private function generateKey()
 {
     global $site;
     global $tmpl;
     $randomKeyName = 'addon.pageSystem.' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
 }
Beispiel #19
0
        } elseif (isset($_GET['profile'])) {
            echo '&amp;profile=' . htmlent($_GET['profile']);
        }
        echo '">Previous visits</a>' . "\n";
    }
    if ($show_next_visits_button) {
        echo '	<a href="./?i=';
        echo (int) $view_range + $num_results;
        if (isset($_GET['search'])) {
            echo '&amp;search';
            if (isset($_GET['search_string'])) {
                echo '&amp;search_string=' . htmlspecialchars($_GET['search_string']);
            }
            if (isset($_GET['search_type'])) {
                echo '&amp;search_type=' . htmlspecialchars($_GET['search_type']);
            }
            if (isset($num_results)) {
                echo '&amp;search_result_amount=' . strval($num_results);
            }
        } elseif (isset($_GET['profile'])) {
            echo '&amp;profile=' . htmlent($_GET['profile']);
        }
        echo '">Next visits</a>' . "\n";
    }
    echo '</p>' . "\n";
}
?>
</div>
</body>
</html>
Beispiel #20
0
 public function getName()
 {
     return htmlent($this->info['username']);
 }
Beispiel #21
0
function similarMatchEntered($newerMatches = true)
{
    global $site;
    global $connection;
    // equal case should never happen
    $comparisonOperator = '>';
    if (!$newerMatches) {
        $comparisonOperator = '<=';
    }
    // similar match entered already?
    // strategy: ask for one match before the entered one and one after the one to be entered and do not let the database engine do the comparison
    $query = 'SELECT `id`,`timestamp`,`team1_id`,`team2_id`,`team1_points`,`team2_points`, `duration` FROM `matches`';
    $query .= ' WHERE (`timestamp`' . sqlSafeString($comparisonOperator) . sqlSafeStringQuotes($_POST['match_day'] . $_POST['match_time']);
    // sorting needed
    $query .= ') ORDER BY `timestamp` DESC';
    // only comparing nearest match in time
    $query .= ' LIMIT 0,1';
    if (!($result = @$site->execute_query('matches', $query, $connection))) {
        $site->dieAndEndPage('Unfortunately there seems to be a database problem and thus comparing timestamps (using operator ' . sqlSafeString($comparisonOperator) . ') of matches failed.');
    }
    // initialise values
    // casting the values to 0 is important
    // (a post variable having no value means it has to be set to 0 to successfully compare values here)
    $timestamp = '';
    $duration = (int) $_POST['duration'];
    $team_id1 = (int) $_POST['team_id1'];
    $team_id2 = (int) $_POST['team_id2'];
    $team_id1_matches = false;
    $team_id2_matches = false;
    $team1_points = (int) $_POST['team1_points'];
    $team2_points = (int) $_POST['team2_points'];
    $team1_points_matches = false;
    $team2_points_matches = false;
    while ($row = mysql_fetch_array($result)) {
        // we can save comparisons using a helper variable
        $team_ids_swapped = false;
        $timestamp = $row['timestamp'];
        $duration_matches = intval($row['duration']) === $duration;
        $team_id1_matches = intval($row['team1_id']) === $team_id1;
        if (!$team_id1_matches) {
            $team_ids_swapped = true;
            $team_id1_matches = intval($row['team1_id']) === $team_id2;
        }
        if ($team_ids_swapped) {
            $team_id2_matches = intval($row['team2_id']) === $team_id1;
        } else {
            $team_id2_matches = intval($row['team2_id']) === $team_id2;
        }
        // use helper variable to save some comparisons of points
        if ($team_ids_swapped) {
            $team1_points_matches = intval($row['team1_points']) === $team2_points;
            $team2_points_matches = intval($row['team2_points']) === $team1_points;
        } else {
            $team1_points_matches = intval($row['team1_points']) === $team1_points;
            $team2_points_matches = intval($row['team2_points']) === $team2_points;
        }
    }
    mysql_free_result($result);
    // if similar match was found warn the user
    if ($team_id1_matches && $team_id2_matches && $team1_points_matches && $team2_points_matches && $duration_matches) {
        echo '<p>The nearest ';
        if ($newerMatches) {
            echo 'newer ';
        } else {
            echo 'older ';
        }
        echo ' match in the database is quite similar:</p>';
        // use the post data as much as possible instead of looking up the same data in the database
        echo '<p><strong>' . $timestamp . ' [' . $duration . ']  </strong> ';
        $query = 'SELECT `name` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id1) . ' LIMIT 1';
        if (!($result = @$site->execute_query('teams', $query, $connection))) {
            $site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id1) . '.');
        }
        while ($row = mysql_fetch_array($result)) {
            team_name_from_id($team_id1, htmlent($row['name']));
        }
        mysql_free_result($result);
        echo ' - ';
        $query = 'SELECT `name` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id2) . ' LIMIT 1';
        if (!($result = @$site->execute_query('teams', $query, $connection))) {
            $site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id2) . '.');
        }
        while ($row = mysql_fetch_array($result)) {
            team_name_from_id($team_id2, htmlent($row['name']));
        }
        mysql_free_result($result);
        echo ' with result <strong>' . $team1_points . ' - ' . $team2_points . '</strong>.</p>';
        echo "\n";
        return true;
    }
    return false;
}
Beispiel #22
0
 public static function convertAccount($userid, $loginname, &$output)
 {
     global $config;
     global $db;
     // user is not new, update his callsign with new external userid supplied from login
     // external_id was empty, set it to the external value obtained by bzidtools
     // create a new cURL resource
     $ch = curl_init();
     // set URL and other appropriate options
     $url = 'http://my.bzflag.org/bzidtools2.php?action=id&value=' . urlencode(strtolower($loginname));
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_HEADER, 0);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     // grab URL and pass it to the browser
     $output = curl_exec($ch);
     // close cURL resource, and free up system resources
     curl_close($ch);
     // update the entry with the result from the bzidtools2.php script
     if (strlen($output) > 9 && strcmp(substr($output, 0, 9), 'SUCCESS: ') === 0) {
         // the external id received from API
         $externalID = substr($output, 9);
         // check if external id is already used in our db
         $query = $db->prepare('SELECT `id` FROM `users` WHERE `external_id`=? LIMIT 1');
         $db->execute($query, $externalID);
         // error if id already used
         if ($db->fetchRow($query)) {
             $output = 'This bzbb id (' . $externalID . ')is already tied to another account. ' . 'If you think this error message is not justified ' . 'please contact one of the admins';
             return false;
         }
         // update bzbb id of user in our db
         $query = $db->prepare('UPDATE `users` SET `external_id`=?' . ' WHERE `id`=? LIMIT 1');
         if (!$db->execute($query, array(htmlent(substr($output, 9)), $userid))) {
             $output = 'Unfortunately there seems to be a database problem' . ' which prevents the system from setting your external userid (id=' . htmlent($userid) . '). Please report this to an admin.';
             return false;
         }
         $output = 'Congratulations, you enabled the <a href="' . htmlspecialchars('http://my.bzflag.org/weblogin.php?action=weblogin&url=') . urlencode($config->getValue('baseaddress') . 'Login/?module=bzbb&action=login&auth=%TOKEN%,%USERNAME%') . '">my.bzflag.org/bb/ (global) login</a> for this account.' . "\n";
     } else {
         $output = 'Unfortunately the bzidtools2.php script failed' . ' which prevents the system from setting your external userid (id=' . htmlent($userid) . '). The bzidtool2.php call was ' . htmlent($url) . '. Please report this to an admin.';
         // log the problem
         $db->logError($output);
         return false;
     }
     // converting account to use bzbb login was successful :)
     return true;
 }
Beispiel #23
0
 public function showMail($folder, $id)
 {
     global $config;
     global $tmpl;
     global $db;
     // set the template
     $tmpl->setTemplate('PMView');
     $tmpl->assign('title', 'Mail #' . $id);
     $id = 0;
     if (isset($_GET['view'])) {
         $id = intval($_GET['view']);
     } elseif (isset($_GET['delete'])) {
         $id = intval($_GET['delete']);
     } else {
         $tmpl->assign('errorMsg', 'You did not specify a message id to view');
         $tmpl->display('NoPerm');
         exit;
     }
     // show currently selected mail folder
     $this->folderNav($folder);
     // collect the necessary data
     $query = $db->prepare('SELECT `id`,`author_id`,`subject`,`timestamp`,`message`,`msg_status`,' . ' IF(`pmsystem_msg_storage`.`author_id`<>0,' . ' (SELECT `name` FROM `users` WHERE `id`=`author_id`),?) AS `author`' . ' FROM `pmsystem_msg_storage`, `pmsystem_msg_users`' . ' WHERE `pmsystem_msg_users`.`userid`=?' . ' AND `pmsystem_msg_storage`.`id`=`pmsystem_msg_users`.`msgid`' . ' AND `folder`=?' . ' AND `pmsystem_msg_storage`.`id`=?' . ' ORDER BY `pmsystem_msg_storage`.`id` DESC' . ' LIMIT 1');
     $db->execute($query, array($config->getValue('displayedSystemUsername'), user::getCurrentUserId(), $folder, $id));
     $rows = $db->fetchAll($query);
     $db->free($query);
     // create PM navigation
     $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `userid`=? AND `msgid`<?' . ' AND `folder`=?' . ' ORDER BY `msgid` DESC LIMIT 1');
     $db->execute($query, array(user::getCurrentUserId(), $id, $folder));
     $prevMSG = $db->fetchAll($query);
     $db->free($query);
     if (count($prevMSG) > 0) {
         $tmpl->assign('prevMsg', $prevMSG[0]['msgid']);
     }
     unset($prevMSG);
     $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `userid`=? AND `msgid`>?' . ' AND `folder`=?' . ' ORDER BY `msgid` LIMIT 1');
     $db->execute($query, array(user::getCurrentUserId(), $id, $folder));
     $nextMSG = $db->fetchAll($query);
     $db->free($query);
     if (count($nextMSG) > 0) {
         $tmpl->assign('nextMsg', $nextMSG[0]['msgid']);
     }
     unset($nextMSG);
     if (count($rows) < 1) {
         // keep the error message generic to avoid
         $tmpl->assign('errorMsg', 'This message either does not exist or you do not have permission to view the message.');
         $tmpl->display('NoPerm');
         exit;
     }
     // create PM view
     $tmpl->assign('subject', $rows[0]['subject']);
     if (intval($rows[0]['author_id']) > 0) {
         $tmpl->assign('authorLink', '../Players/?profile=' . intval($rows[0]['author_id']));
     }
     $tmpl->assign('authorName', $rows[0]['author']);
     // prepare recipients queries
     $usersQuery = $db->prepare('SELECT `userid`,`name`' . ' FROM `pmsystem_msg_recipients_users` LEFT JOIN `users`' . ' ON `pmsystem_msg_recipients_users`.`userid`=`users`.`id`' . ' WHERE `msgid`=?');
     $teamsQuery = $db->prepare('SELECT `teamid`,`name`' . ' FROM `pmsystem_msg_recipients_teams` LEFT JOIN `teams`' . ' ON `pmsystem_msg_recipients_teams`.`teamid`=`teams`.`id`' . ' WHERE `msgid`=?');
     // find out users in recipient list
     $db->execute($usersQuery, $rows[0]['id']);
     $userRecipients = array();
     while ($row = $db->fetchRow($usersQuery)) {
         $userRecipients[] = array('link' => '../Players/?profile=' . intval($row['userid']), 'name' => $row['name']);
     }
     $db->free($usersQuery);
     if (isset($userRecipients[0])) {
         $tmpl->assign('userRecipients', $userRecipients);
     }
     // find out teams in recipient list
     $db->execute($teamsQuery, $rows[0]['id']);
     $teamRecipients = array();
     while ($row = $db->fetchRow($teamsQuery)) {
         $teamRecipients[] = array('link' => '../Teams/?profile=' . intval($row['teamid']), 'name' => $row['name']);
     }
     $db->free($teamsQuery);
     if (isset($teamRecipients[0])) {
         $tmpl->assign('teamRecipients', $teamRecipients);
     }
     // compute if a 'reply to all' button should be shown (more than 1 recipient)
     $tmpl->assign('showReplyToAll', count($userRecipients) > 1 || count($teamRecipients) > 0);
     unset($userRecipients);
     unset($teamRecipients);
     $tmpl->assign('time', $rows[0]['timestamp']);
     if ($config->getValue('bbcodeLibAvailable')) {
         $tmpl->assign('content', $tmpl->encodeBBCode($rows[0]['message']));
     } else {
         $tmpl->assign('content', htmlent($rows[0]['message']));
     }
     $tmpl->assign('msgID', $id);
     // mark the message as read for the current user
     $query = $db->prepare('UPDATE LOW_PRIORITY `pmsystem_msg_users`' . 'SET `msg_status`=?' . ' WHERE `msgid`=?' . ' AND `folder`=?' . ' AND `userid`=?' . ' LIMIT 1');
     $db->execute($query, array('read', $id, $folder, user::getCurrentUserId()));
 }
Beispiel #24
0
 public function SQL($query, $file = false, $errorUserMSG = '')
 {
     global $tmpl;
     /*
     			if ($this->getDebugSQL() && isset($tmpl))
     			{
     				$tmpl->assign('MSG', 'executing query: '. $query . $tmpl->return_self_closing_tag('br'));
     			}
     */
     $result = $this->pdo->query($query);
     if (!$result) {
         // print out the raw error in debug mode
         if ($this->getDebugSQL()) {
             echo '<p>Query ' . htmlent($query) . ' is probably not valid SQL.</p>' . "\n";
         }
         // log the error
         if ($file !== false) {
             $this->logError($file, $query);
         } else {
             $this->logError($query);
         }
         if (strlen($errorUserMSG) > 0) {
             $tmpl->assign('errorMsg', $errorUserMSG);
             $tmpl->display('NoPerm');
         }
         $tmpl->assign('errorMsg', 'Error: Could not process query.');
         $tmpl->display('NoPerm');
         // $result was a weak typed false
         // set return value to a strong typed false
         // in any case, it would not be of type PDOStatement
         // which is required for database_result's construct function
         return false;
     }
     return new database_result($result, $query);
 }
Beispiel #25
0
 protected function showForm()
 {
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamEdit_' . $this->team->getID() . '_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
     // indicate if team is currently opened or closed
     $tmpl->assign('teamOpen', $this->team->getOpen());
     // bbcode editor
     include_once dirname(dirname(dirname(__FILE__))) . '/bbcode_buttons.php';
     $bbcode = new bbcode_buttons();
     // set up name of field to edit so javascript knows which element to manipulate
     $tmpl->assign('buttonsToFormat', $bbcode->showBBCodeButtons('team_description'));
     unset($bbcode);
     $tmpl->assign('teamDescription', $this->team->getRawDescription());
     $tmpl->assign('avatarURI', $this->team->getAvatarURI());
 }
Beispiel #26
0
 public function send($author_id = 0, $ReplyToMSGID = 0)
 {
     global $config;
     global $db;
     // remove duplicates
     if ($this->removeDuplicates($this->users) || $this->removeDuplicates($this->teams)) {
         // back to overview to let them check
         return '<p>Some double entries were removed. Please check your recipients.<p>';
     }
     if (strlen($this->content) === 0) {
         $return = '<p>You must specify a message text in order to send a message.</p>';
     }
     $recipients = array();
     foreach ($this->users as $player) {
         $recipients[] = $player['id'];
     }
     // add the players belonging to the specified teams to the recipients array
     foreach ($this->teams as $teamid) {
         if (($tmp_players = \user::getMemberIdsOfTeam((int) $teamid['id'])) === false) {
             return '<p>Could not find out member ids of teams</p>';
         }
         foreach ($tmp_players as $userid) {
             $recipients[] = $userid;
         }
     }
     // put message into database
     $query = $db->prepare('INSERT INTO `pmsystem_msg_storage`' . ' (`author_id`, `subject`, `timestamp`, `message`)' . ' VALUES (?, ?, ?, ?)');
     // lock tables for critical section
     $db->SQL('LOCK TABLES `pmsystem_msg_storage` WRITE');
     $db->SQL('SET AUTOCOMMIT = 0');
     // do the insert
     $db->execute($query, array($author_id, htmlent($this->subject), $this->timestamp, $this->content));
     $db->free($query);
     $db->SQL('COMMIT');
     // find out generated id
     $queryLastID = $db->SQL('SELECT `id` FROM `pmsystem_msg_storage` ORDER BY `id` DESC LIMIT 1');
     $rowId = $db->fetchRow($queryLastID);
     $rowId = intval($rowId['id']);
     $db->free($queryLastID);
     $db->SQL('COMMIT');
     // unlock tables as critical section passed
     $db->SQL('UNLOCK TABLES');
     $db->SQL('SET AUTOCOMMIT = 1');
     // add teams as visible recipients
     $query = $db->prepare('INSERT INTO `pmsystem_msg_recipients_teams`' . '(`msgid`, `teamid`)' . 'VALUES (?, ?)');
     foreach ($this->teams as $team) {
         $db->execute($query, array($rowId, $team['id']));
         $db->free($query);
     }
     unset($team);
     // add users as visible recipients
     // be careful to not overwrite global variable $user
     $query = $db->prepare('INSERT INTO `pmsystem_msg_recipients_users`' . '(`msgid`, `userid`)' . 'VALUES (?, ?)');
     $userIDs = $this->getUserIDs();
     foreach ($userIDs as $userID) {
         $db->execute($query, array($rowId, $userID));
         $db->free($query);
     }
     unset($userID);
     foreach (array_unique($recipients, SORT_NUMERIC) as $recipient) {
         // put message in people's inbox
         if ($ReplyToMSGID > 0) {
             // this is a reply
             $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`, `msg_replied_to_msgid`)' . ' VALUES (?, ?, ?, ?)');
             $db->execute($query, array($rowId, $recipient, 'inbox', $ReplyToMSGID));
         } else {
             // this is a new message
             $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`)' . ' VALUES (?, ?, ?)');
             $db->execute($query, array($rowId, $recipient, 'inbox'));
         }
         $db->free($query);
     }
     // put message in sender's outbox if sent by a human
     if ($author_id > 0) {
         $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`, `msg_status`)' . ' VALUES (?, ?, ?, ?)');
         $db->execute($query, array($rowId, $author_id, 'outbox', 'read'));
     }
     return true;
 }
Beispiel #27
0
function import_players()
{
    global $site;
    global $connection;
    global $deleted_players;
    global $db_to_be_imported;
    $site->selectDB($db_to_be_imported, $connection);
    $query = 'SELECT `id`,`callsign`,`created` FROM `l_player` ORDER BY `id`';
    if (!($result = @$site->execute_query('l_player', $query, $connection))) {
        $site->selectDB($site->db_used_name(), $connection);
        $site->dieAndEndPage('');
    }
    $site->selectDB($site->db_used_name(), $connection);
    // 0 means active player
    $suspended_status = 'active';
    $index_num = 1;
    $players = array();
    while ($row = mysql_fetch_array($result)) {
        $current_name = '(no name)';
        // skip deleted users as they can be several times in the db
        // player got deleted, keep track of him
        if (!(strcmp(substr($row['callsign'], -10), ' (DELETED)') === 0)) {
            $current_name = htmlent($row['callsign']);
        } else {
            $current_name = htmlent(substr($row['callsign'], 0, -10));
        }
        // no empty usernames allowed
        if (!(strcmp($current_name, '') === 0)) {
            // is user already added to db?
            // callsigns are case treated insensitive
            if (!isset($players[strtolower($current_name)])) {
                $site->selectDB($db_to_be_imported, $connection);
                $query = 'SELECT `team`,`last_login`,`comment`,`logo`,`md5password`,`utczone`' . ' FROM `l_player` WHERE `l_player`.`callsign`=' . sqlSafeStringQuotes($current_name) . ' LIMIT 1';
                if (!($tmp_result = @$site->execute_query('l_team', $query, $connection))) {
                    $site->selectDB($site->db_used_name(), $connection);
                    $site->dieAndEndPage();
                }
                $site->selectDB($site->db_used_name(), $connection);
                $last_login = '';
                $team = (int) 0;
                $comment = '';
                $logo = '';
                $timezone = (int) 0;
                while ($tmp_row = mysql_fetch_array($tmp_result)) {
                    $last_login = $tmp_row['last_login'];
                    $team = $tmp_row['team'];
                    $comment = $site->linebreaks($tmp_row['comment']);
                    $logo = $tmp_row['logo'];
                    $timezone = $tmp_row['utczone'];
                    $md5password = $tmp_row['md5password'];
                }
                mysql_free_result($tmp_result);
                // take care of deleted players
                $site->selectDB($db_to_be_imported, $connection);
                $query = 'SELECT `last_login`, (SELECT COUNT(*) FROM `l_player` WHERE `callsign`=' . sqlSafeStringQuotes($current_name) . ' LIMIT 1) AS `num_not_deleted`' . ' FROM `l_player` WHERE `l_player`.`callsign`=' . sqlSafeStringQuotes($current_name . ' (DELETED)') . ' ORDER BY `last_login` DESC LIMIT 1';
                if (!($tmp_result = @$site->execute_query('l_team', $query, $connection))) {
                    $site->selectDB($site->db_used_name(), $connection);
                    $site->dieAndEndPage();
                }
                $site->selectDB($site->db_used_name(), $connection);
                while ($tmp_row = mysql_fetch_array($tmp_result)) {
                    if (strcmp($last_login, '') === 0) {
                        $last_login = $tmp_row['last_login'];
                    }
                    if ((int) $tmp_row['num_not_deleted'] === 0) {
                        // set password to empty..you can not expect them to know the old password
                        $md5password = '';
                    }
                }
                $query = 'INSERT INTO `players` (`id`,`teamid`,`name`,`status`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($team) . ',' . sqlSafeStringQuotes($current_name) . ',' . sqlSafeStringQuotes($suspended_status) . ')';
                // execute query, ignore result
                $site->execute_query('players', $query, $connection);
                $query = 'INSERT INTO `players_profile` (`playerid`,`UTC`,`user_comment`,`raw_user_comment`,`joined`,`last_login`,`logo_url`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($timezone) . ',' . sqlSafeStringQuotes(utf8_encode($comment)) . ',' . sqlSafeStringQuotes(utf8_encode($comment)) . ',' . sqlSafeStringQuotes($row['created']) . ',' . sqlSafeStringQuotes($last_login) . ',' . sqlSafeStringQuotes($logo) . ')';
                // execute query, ignore result
                @$site->execute_query('players_profile', $query, $connection);
                if (isset($md5password) && strlen($md5password) > 0) {
                    $query = 'INSERT INTO `players_passwords` (`playerid`,`password`,`password_encoding`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($md5password) . ',' . sqlSafeStringQuotes('md5') . ')';
                    // execute query, ignore result
                    @$site->execute_query('players_passwords', $query, $connection);
                }
                // mark the user has been added to db
                // callsigns are case treated insensitive
                $players[strtolower($current_name)] = true;
            }
            $deleted_players[$row['id']]['callsign'] = $current_name;
            $index_num++;
        }
    }
    unset($players);
    mysql_free_result($result);
    // build a lookup table to avoid millions of select id from players where name=bla
    foreach ($deleted_players as &$deleted_player) {
        $query = 'SELECT `id` FROM `players` WHERE `name`=' . sqlSafeStringQuotes($deleted_player['callsign']);
        if (!($result = @$site->execute_query('l_player', $query, $connection))) {
            // query was bad, error message was already given in $site->execute_query(...)
            $site->dieAndEndPage('');
        }
        while ($row = mysql_fetch_array($result)) {
            $deleted_player['id'] = (int) $row['id'];
        }
        mysql_free_result($result);
    }
    unset($deleted_player);
}
}
rawoutput("<script type='text/javascript'>var superusers = new Array();");
foreach ($superusers as $val) {
    rawoutput(" superusers['" . addslashes($val) . "'] = true;");
}
rawoutput("</script>");
output("`@`bSubject:`b`0");
if ($replyTo == '') {
    output("<input name='subject' value='%s' autofocus><br>", htmlent($subject), true);
} else {
    output("<input name='subject' value='%s'><br>", htmlent($subject), true);
}
rawoutput("<div id='warning' style='visibility: hidden; display: none;'>");
output("`@`bNotice:`b `^{$superusermessage}`0`n");
rawoutput("</div>");
output("`@`bBody:`b`0`n");
require_once 'lib/forms.php';
previewfield('body', '`^', false, false, ['type' => 'textarea', 'class' => 'input', 'cols' => 60, 'rows' => 9, 'onKeyDown' => 'sizeCount(this);'], htmlent($body) . htmlent(stripslashes(httpget('body'))));
$send = translate_inline('Send');
rawoutput("<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n        <tr>\n            <td>\n                <input type='submit' class='button' value='{$send}'>\n            </td>\n            <td align='right'>\n                <div id='sizemsg'></div>\n            </td>\n        </tr>\n    </table>");
rawoutput("</form>");
$sizeLimit = getsetting('mailsizelimit', 1024);
$sizeMsg = sprintf_translate(["`#Max message size is `@%s`#, you have `^XX`# characters left.", $sizeLimit]);
$sizeMsgOver = sprintf_translate(["`\$Max message size is `@%s`\$, you are over by `^XX`\$ characters!", $sizeLimit]);
$sizeMsg = explode('XX', $sizeMsg);
$sizeMsgOver = explode('XX', $sizeMsgOver);
$uSize1 = addslashes("<span>" . appoencode($sizeMsg[0]) . "</span>");
$uSize2 = addslashes("<span>" . appoencode($sizeMsg[1]) . "</span>");
$oSize1 = addslashes("<span>" . appoencode($sizeMsgOver[0]) . "</span>");
$oSize2 = addslashes("<span>" . appoencode($sizeMsgOver[1]) . "</span>");
rawoutput("<script type='text/javascript'>\n        var maxlen = {$sizeLimit};\n        function sizeCount(box)\n        {\n            if (box == null) {\n                return;\n            }\n            var len = box.value.length;\n            var msg = '';\n            if (len <= maxlen) {\n                msg = '{$usize1}' + (maxlen - len) + '{$usize2}';\n            }\n            else {\n                msg = '{$osize1}' + (len - maxlen) + '{$osize2}';\n            }\n            document.getElementById('sizemsg').innerHTML = msg;\n        }\n        sizeCount(document.getElementById('inputbody'));\n        function check_su_warning()\n        {\n            var to = document.getElementById('to');\n            var warning = document.getElementById('warning');\n            if (superusers[to.value]) {\n                warning.style.visibility = 'visible';\n                warning.style.display = 'inline';\n            }\n            else {\n                warning.style.visibility = 'hidden';\n                warning.style.display = 'none';\n            }\n        }\n        check_su_warning();\n    </script>");
Beispiel #29
0
function formatbzfquery_last($server, $connection)
{
    global $site;
    global $connection;
    global $use_internal_db;
    if ($use_internal_db) {
        @(!mysql_select_db($site->db_used_name(), $connection));
    } else {
        if (@(!mysql_select_db("playerlist", $connection))) {
            @mysql_close($connection);
            unset($connection);
        }
    }
    if (isset($_GET['server'])) {
        echo '<p>' . $server . '</p>' . "\n";
    } else {
        echo '<p><a href="?server=' . urlencode($server) . '">' . $server . '</a></p>' . "\n";
    }
    // Query the server
    if (!function_exists('pcntl_fork')) {
        ob_start();
    }
    $data = bzfquery($server);
    $ausgabe = '';
    if (!function_exists('pcntl_fork')) {
        $ausgabe .= ob_get_contents();
        ob_end_clean();
    }
    if (!isset($data['player'])) {
        if (!isset($data['protocol'])) {
            echo '<p>' . KEINEVERBINDUNG . ' ';
            if (!strcmp($ausgabe, '') == 0) {
                echo GEMELDETERFEHLER . $ausgabe . '.';
            }
            echo '</p>' . "\n";
        } else {
            echo '<p>' . KEINESPIELER . '</p>' . "\n";
        }
    } else {
        $zaehler = $data['maxTime'] - $data['timeElapsed'];
        if ($zaehler > 0) {
            echo '<p class="zaehler">' . ZAEHLER . '<span class="zaehler">' . round($zaehler / 60, 2) . VON . round($data['maxTime'] / 60, 2) . '</span>' . RESTZEIT . '</p>' . "\n";
        }
        // Display the server info
        $teamName = array(0 => "schurke", 1 => "rot", 2 => "gruen", 3 => "blau", 4 => "violett", 5 => "zuschauer", 6 => "hase");
        $teamColour = array(0 => "yellow", 1 => "red", 2 => "green", 3 => "blue", 4 => "purple", 5 => "gray", 6 => "orange");
        usort($data['player'], "cmp");
        //		echo 'count punkte:!' . print_r($data['player']['0']['team']);
        if (isset($data['player']['0']['team']) && !(strcmp($data['player']['0']['team'], '5') === 0)) {
            echo '<table class="punkte">' . "\n";
            echo '  <tbody>' . "\n";
            while (list($key, $val) = each($data['team'])) {
                if ($data['team'][$key]['size'] > 0) {
                    echo '    ';
                    // Mannschaftsfarbe
                    marke('tr', $teamName[$key]);
                    // Punktzahl
                    echo '<td>';
                    echo $data['team'][$key]['won'] - $data['team'][$key]['lost'];
                    echo '</td>';
                    // Gewonnen
                    echo '<td>';
                    echo '(' . $data['team'][$key]['won'] . ' - ';
                    // Verloren
                    echo $data['team'][$key]['lost'] . ')';
                    echo '</td>';
                    // #Spieler
                    echo '<td>';
                    echo $data['team'][$key]['size'];
                    echo '</td>';
                    // Ende Mannschaftsfarbe
                    echo '</tr>' . "\n";
                }
            }
            echo '  </tbody>' . "\n" . '</table>' . "\n";
        }
        reset($data);
        echo "\n\n" . '<table class="spieler" border="0">' . "\n";
        echo '  <tbody>';
        while (list($key, $val) = each($data['player'])) {
            echo "\n" . '<tr>' . "\n";
            // Zuschauer spielen nicht -> keine Punktzahl
            if (!strcmp($teamName[$data['player'][$key]['team']], 'zuschauer') == 0) {
                echo '<td>';
                echo $data['player'][$key]['won'] - $data['player'][$key]['lost'];
                echo '</td>' . "\n";
                echo '<td>(' . $data['player'][$key]['won'] . '-' . $data['player'][$key]['lost'] . ')</td><td>[' . $data['player'][$key]['tks'] . ']</td>';
            } else {
                echo '<td></td>' . "\n" . '<td></td>' . "\n" . '<td></td>' . "\n";
            }
            // Mannschaftsfarbe
            marke('td', $teamName[$data['player'][$key]['team']]);
            $playername = $data['player'][$key]['sign'];
            // Spielernamen eventuell kuerzen
            if ($site->mobile_version()) {
                // Name ziemlich lang
                if (strlen($playername) > 13) {
                    $playername = str_split($playername, 10);
                    echo htmlent($playername[0]) . "...";
                } else {
                    echo htmlent($playername);
                }
            } else {
                echo htmlentities($playername);
            }
            echo '</td>' . "\n";
            // Mehl
            marke('td', 'mehl');
            if (!strcmp($data['player'][$key]['motto'], '') == 0) {
                $motto = $data['player'][$key]['motto'];
                // motto ziemlich lang
                if (strlen($motto) > 17) {
                    $motto = str_split($motto, 14);
                    $motto = htmlent($motto[0]) . '...';
                }
                echo '(' . htmlent($motto) . ')';
            }
            echo '</td>' . "\n";
            // Existiert Datenbankverbindung?
            if ($connection) {
                // team herausfinden
                marke('td', 'team');
                $callsign = $data['player'][$key]['sign'];
                $query = 'SELECT `teamid` from users WHERE `name`=' . sqlSafeStringQuotes($callsign) . ' LIMIT 1';
                $result = mysql_query($query, $connection);
                if (!$result) {
                    print mysql_error();
                    die("<br>\nQuery {$query} ist ung&uuml;ltiges SQL.");
                }
                $resultarray = mysql_fetch_array($result);
                $teamid = $resultarray['teamid'];
                if ($teamid > 0) {
                    if ($use_internal_db) {
                        $query = 'SELECT `name` from teams WHERE `id`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1';
                    } else {
                        $query = 'SELECT `name` from teams WHERE `teamid`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1';
                    }
                    $result = mysql_query($query, $connection);
                    if (!$result) {
                        print mysql_error();
                        die("<br>\nQuery {$query} ist ung&uuml;ltiges SQL.");
                    }
                    $resultarray = mysql_fetch_array($result);
                    mysql_free_result($result);
                    echo $resultarray['name'];
                }
                echo '</td>' . "\n";
            }
            echo '</tr>' . "\n";
        }
        echo '  </tbody>' . "\n" . '</table>' . "\n";
    }
}
Beispiel #30
0
 function edit()
 {
     global $entry_edit_permission;
     global $config;
     global $site;
     global $tmpl;
     global $user;
     // initialise variables
     $confirmed = 0;
     $content = '';
     // set their values in case the POST variables are set
     if (isset($_POST['confirmationStep'])) {
         $confirmed = intval($_POST['confirmationStep']);
     }
     if (isset($_POST['editPageAgain']) && strlen($_POST['editPageAgain']) > 0) {
         // user looked at preview but chose to edit the message again
         $confirmed = 0;
     }
     if (isset($_POST['staticContent'])) {
         $content = htmlent_decode($_POST['staticContent']);
     }
     // sanity check variabless
     $test = $this->caller->sanityCheck($confirmed);
     switch ($test) {
         case true && $confirmed === 1:
             $tmpl->assign('submitText', 'Write changes');
             // user may decide not to submit after seeing preview
             $tmpl->assign('editAgainText', 'Edit again');
             $this->caller->insertEditText(true);
             break;
             // use this as guard to prevent selection of noperm or nokeymatch cases
         // use this as guard to prevent selection of noperm or nokeymatch cases
         case strlen($test) < 2:
             $this->caller->insertEditText(false);
             break;
         case 'noperm':
             $tmpl->assign('MSG', 'You need write permission to edit the content.');
             break;
         case 'nokeymatch':
             $this->caller->insertEditText(false);
             $tmpl->assign('MSG', 'The magic key does not match, it looks like you came from somewhere else or your session expired.');
             break;
             unset($test);
     }
     // there is no step lower than 0
     if ($confirmed < 0) {
         $confirmed = 0;
     }
     // increase confirmation step by one so we get to the next level
     if ($confirmed > 1) {
         $tmpl->assign('confirmationStep', 1);
     } else {
         $tmpl->assign('confirmationStep', $confirmed + 1);
     }
     switch ($confirmed) {
         case 1:
             break;
         case 2:
             $status = $this->caller->writeContent($content);
             if ($status === true) {
                 if ($tmpl->getTemplateVars('MSG') === null) {
                     $tmpl->assign('MSG', 'Changes written successfully.' . $tmpl->linebreaks("\n\n"));
                 }
             } else {
                 $tmpl->assign('MSG', 'Failed writing changes. The underlying error message was: ' . $status . $tmpl->linebreaks("\n\n"));
             }
             $tmpl->assign('submitText', 'Add another entry');
             break;
         default:
             $tmpl->assign('USER_NOTE');
             if ($config->getValue('bbcodeLibAvailable')) {
                 $tmpl->assign('notes', 'Keep in mind to use BBCode instead of HTML or XHTML.');
             } else {
                 if ($config->getValue('useXhtml')) {
                     $tmpl->assign('notes', 'Keep in mind the home page currently uses XHTML, not HTML or BBCode.');
                 } else {
                     $tmpl->assign('notes', 'Keep in mind the home page currently uses HTML, not XHTML or BBCode.');
                 }
             }
             $tmpl->assign('submitText', 'Preview');
     }
     $randomKeyName = $this->caller->randomKeyName . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
 }