function toggleLogin()
{
global $DB;
global $MySelf;
global $IS_DEMO;
if ($IS_DEMO) {
makeNotice("The user would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Password change confirmed");
}
// Are we allowed to Manage Users?
if (!$MySelf->canManageUser()) {
makeNotice("You are not allowed to edit Users!", "error", "forbidden");
}
if ($MySelf->getID() == $_GET[id]) {
makeNotice("You are not allowed to block yourself!", "error", "forbidden");
}
// Wash ID.
numericCheck($_GET[id]);
$ID = sanitize($_GET[id]);
// update login capability.
$DB->query("UPDATE users SET canLogin=1 XOR canLogin WHERE id='" . $ID . "' LIMIT 1");
$username = idToUsername("{$ID}");
$p = substr($username, 0, 1);
// Return.
header("Location: index.php?action=editusers&l={$p}");
}
function doPayout()
{
// Um, yes.
global $DB;
global $TIMEMARK;
global $MySelf;
// Are we allowed to do this?
if (!$MySelf->isAccountant()) {
makeNotice("You are not an accountant to your corporation. Access denied.", "error", "Access denied");
}
// Get unpaid IDs.
$IDS = $DB->query("SELECT DISTINCT request, amount, applicant FROM payoutRequests WHERE payoutTime IS NULL");
// loop through all unpaid IDs.
while ($ID = $IDS->fetchRow()) {
// Check if we marked the id as "paid"
if ($_POST[$ID[request]]) {
// We did. Can user afford payment?
//if (getCredits($ID[applicant]) >= $ID[amount]) {
// Yes, he can!
$transaction = new transaction($ID[applicant], 1, $ID[amount]);
$transaction->setReason("payout request fulfilled");
if ($transaction->commit()) {
$DB->query("UPDATE payoutRequests SET payoutTime = '{$TIMEMARK}', banker='" . $MySelf->getID() . "' WHERE request='{$ID['request']}' LIMIT 1");
}
//}
}
}
header("Location: index.php?action=payout");
}
function changeShipValue()
{
// Import global Variables and the Database.
global $DB;
global $SHIPTYPES;
global $DBSHIP;
global $TIMEMARK;
global $MySelf;
// Are we allowed to change this?
if (!$MySelf->canChangeOre()) {
makeNotice("You are not allowed to fiddle around in there!", "error", "forbidden");
}
// Lets set the userID(!)
$userID = $MySelf->getID();
// Insert the new ship values into the database.
$DB->query("insert into shipvalues (modifier, time) values (?,?)", array("{$userID}", "{$TIMEMARK}"));
// Now loop through all possible oretypes.
foreach ($DBSHIP as $SHIP) {
// But check that the submited information is kosher.
if (isset($_POST[$SHIP]) && is_numeric($_POST[$SHIP])) {
// Write the new, updated values.
$DB->query("UPDATE shipvalues SET " . $SHIP . "Value= '" . number_format($_POST[$SHIP] / 100, 4) . "' WHERE time = '{$TIMEMARK}'");
// Enable or disable the shiptype.
if ($_POST[$SHIP . Enabled]) {
$DB->query("UPDATE shipconfig SET value = '1' where name='" . $SHIP . "Enabled' ");
} else {
$DB->query("UPDATE shipconfig SET value = '0' where name='" . $SHIP . "Enabled' ");
}
}
}
// Let the user know.
makeNotice("The payout values for ships have been changed.", "notice", "New data accepted.", "index.php?action=showshipvalue", "[OK]");
}
function lotto_checkRatio($drawing)
{
// We need some globals.
global $DB;
global $MySelf;
$LOTTO_MAX_PERCENT = getConfig("lottoPercent");
if (!getConfig("lotto")) {
makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline");
}
// Drawing ID valid?
numericCheck($drawing);
// Get current occupied tickets in the playa's name.
$totalPlayerOwned = $DB->getCol("SELECT COUNT(id) FROM lotteryTickets WHERE owner='" . $MySelf->getID() . "' AND drawing='" . $drawing . "'");
$totalPlayerOwned = $totalPlayerOwned[0];
// Get total number of tickets.
$totalTickets = $DB->getCol("SELECT COUNT(id) FROM lotteryTickets WHERE drawing='" . $drawing . "'");
$totalTickets = $totalTickets[0];
// Is there actually a limit requested?
if (!$LOTTO_MAX_PERCENT) {
// The sky is the limit!
$allowedTickets = $totalTickets;
} else {
// Calculate max allowed tickets per person, ceil it.
$allowedTickets = ceil($totalTickets * $LOTTO_MAX_PERCENT / 100);
}
// return allowed tickets.
return $allowedTickets - $totalPlayerOwned;
}
function usernameToID($username, $caller)
{
global $DB;
global $MySelf;
$username = sanitize($username);
// Just return the self-id.
if ($username == $MySelf->getUsername()) {
return $MySelf->GetID();
}
// Ask the oracle.
$results = $DB->query("select id from users where username='******' limit 1");
// Valid user?
if ($results->numRows() == 0) {
// Special case: User got wiped from the database while logged in.
if ("{$caller}" == "authKeyIsValid") {
return "-1";
}
if ("{$caller}" == "Failed_Login") {
return "-1";
}
makeNotice("Internal Error: Invalid User at usernameToID<br>(called by {$caller})", "error");
}
// return the username.
while ($row = $results->fetchRow()) {
return "{$row['id']}";
}
}
function joinEvent()
{
// Lets import some globals, why not.
global $MySelf;
global $DB;
$ID = $MySelf->getID();
// Are we allowed to be here?
if (!$MySelf->canSeeEvents()) {
makeNotice("You are not allowed to do this!", "error", "Forbidden");
}
// Is the ID safe?
if (!is_numeric($_GET[id]) || $_GET[id] < 0) {
makeNotice("Invalid ID given!", "error", "Invalid Data");
}
// Get the current list of members.
$JOINS = $DB->getCol("SELECT signups FROM events WHERE id='{$_GET['id']}'");
$JOINS = unserialize($JOINS[0]);
// Add this ones ship.
$JOINS[$ID] = sanitize($_GET[type]);
// And store it back into the db.
$p = $DB->query("UPDATE events SET signups = '" . serialize($JOINS) . "' WHERE ID='{$_GET['id']}' LIMIT 1");
// Inform the user.
if ($_GET[type] != "quit") {
makeNotice("You have joined Event #{$_GET['id']}. Have fun, and dont be late!", "notice", "Joinup complete.", "index.php?action=showevent&id={$_GET['id']}", "[OK]");
} else {
makeNotice("You have left Event #{$_GET['id']}.", "notice", "Left Event", "index.php?action=showevent&id={$_GET['id']}", "[OK]");
}
}
function toggleCharity()
{
// Some globals required.
global $DB;
global $MySelf;
// Sanitize!
$ID = sanitize($_GET[id]);
// Mining run still open?
if (!miningRunOpen($ID)) {
makeNotice("You can not set the charity flag on closed operations!", "warning", "Failed", "index.php?action=show&id={$ID}", "[Cancel]");
}
// update the flags
$DB->query("UPDATE joinups SET charity=1 XOR charity WHERE userid='" . $MySelf->getID() . "' AND parted IS NULL AND run='" . $_GET[id] . "' LIMIT 1");
// Check is we were successful.
if ($DB->affectedRows() == 1) {
// Load the new charity status.
$newMode = $DB->getCol("SELECT charity FROM joinups WHERE userid='" . $MySelf->getID() . "' AND parted IS NULL AND run='" . $_GET[id] . "' LIMIT 1");
if ($newMode[0]) {
// He is now a volunteer.
makeNotice("You have volunteered to waive your payout, and dontate it to your corporation. Thank you!", "notice", "Charity accepted", "index.php?action=show&id=" . $_GET[id]);
header("Location: index.php?action=show&id=" . $_GET[id]);
} else {
// He is no longer a volunteer.
makeNotice("You have revoked your waiver, you will recieve ISK for this run again.", "notice", "Charity revokation accepted", "index.php?action=show&id=" . $_GET[id]);
header("Location: index.php?action=show&id=" . $_GET[id]);
}
} else {
// Something went wrong with the database!
makeNotice("Unable to set the charity flag!", "error", "Internal Error", "index.php?action=show&id=" . $_GET[id]);
}
}
function makeAddUserForm()
{
// Are we allowed to?
global $MySelf;
if (!$MySelf->canAddUser()) {
makeNotice("You are not authorized to do that!", "error", "Forbidden");
}
// Suggest a user password.
$suggestedPassword = crypt(base64_encode(rand(11111, 99999)), "8ewf7tg2k,leduj");
$table = new table(2, true);
$table->addHeader(">> Add a new user");
$table->addRow("#060622");
$table->addCol("You can manually add a new user with this form. But use this only " . "as a last resort, for example, if your server can not send eMails. " . "Always let the user request an account. This form was supposed to be " . "removed, but complains from the users kept it alive.", array("colspan" => 2));
$table->addRow();
$table->addCol("Username:"******"<input type=\"text\" name=\"username\" maxlength=\"20\">");
$table->addRow();
$table->addCol("eMail:");
$table->addCol("<input type=\"text\" name=\"email\">");
$table->addRow();
$table->addCol("Password:"******"<input type=\"password\" name=\"pass1\" value=\"{$suggestedPassword}\"> (Suggested: {$suggestedPassword})");
$table->addRow();
$table->addCol("Verify Password:"******"<input type=\"password\" name=\"pass2\" value=\"{$suggestedPassword}\">");
$table->addHeaderCentered("<input type=\"submit\" name=\"create\" value=\"Add user to database\">");
$page = "<h2>Add a new User</h2>";
$page .= "<form action=\"index.php\" method=\"post\">";
$page .= $table->flush();
$page .= "<input type=\"hidden\" name=\"action\" value=\"newuser\">";
$page .= "<input type=\"hidden\" name=\"check\" value=\"check\">";
$page .= "</form>";
return $page;
}
function lotto_createDrawing()
{
// The usual susglobals. ;)
global $DB;
global $MySelf;
global $TIMEMARK;
$count = $_POST[count];
// is Lotto enabled at all?
if (!getConfig("lotto")) {
makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline");
}
// Deny access to non-lotto-officials.
if (!$MySelf->isLottoOfficial()) {
makeNotice("You are not allowed to do this!", "error", "Permission denied");
}
// We only allow boards greater 1 ticket.
if (!is_numeric($count) && $count < 1) {
makeNotice("Invalid count for the new drawing!", "error", "Invaid Count", "index.php?action=editLotto", "[Cancel]");
}
// Is there already a drawing opened?
if (lotto_getOpenDrawing()) {
makeNotice("You can only have one drawing open at the same time!", "error", "Close other drawing", "index.php?action=editLotto", "[Cancel]");
}
$DB->query("INSERT INTO lotto (opened,isOpen) VALUES (?,?)", array($TIMEMARK, "1"));
if ($DB->affectedRows() != 1) {
makeNotice("Error creating new drawing in database! Inform admin!", "error", "Internal Error", "index.php?action=editLotto", "[Cancel]");
}
// Which ID are we now?
$drawing = lotto_getOpenDrawing();
// insert tickets!
for ($i = 1; $i <= $_POST[count]; $i++) {
$DB->query("INSERT INTO lotteryTickets (ticket, drawing) VALUES ('{$i}', '{$drawing}')");
}
makeNotice("Drawing created, have fun!", "notice", "Here you go.", "index.php?action=lotto", "lotto! LOTTO!");
}
function leaveRun()
{
// Access the globals.
global $DB;
global $TIMEMARK;
global $MySelf;
$runid = $_GET[id];
$userid = $MySelf->getID();
// Are we actually still in this run?
if (userInRun($userid, $runid) == "none") {
makeNotice("You can not leave a run you are currently not a part of.", "warning", "Not you run.", "index.php?action=show&id={$runid}", "[cancel]");
}
// Is $runid truly an integer?
numericCheck($runid);
// Oh yeah?
if (runIsLocked($runid)) {
confirm("Do you really want to leave mining operation #{$runid} ?<br><br>Careful: This operation has been locked by " . runSupervisor($runid, true) . ". You can not rejoin the operation unless its unlocked again.");
} else {
confirm("Do you really want to leave mining operation #{$runid} ?");
}
// Did the run start yet? If not, delete the request.
$runStart = $DB->getCol("SELECT starttime FROM runs WHERE id='{$runid}' LIMIT 1");
if ($TIMEMARK < $runStart[0]) {
// Event not started yet. Delete.
$DB->query("DELETE FROM joinups WHERE run='{$runid}' AND userid='{$userid}'");
} else {
// Event started, just mark inactive.
$DB->query("update joinups set parted = '{$TIMEMARK}' where run = '{$runid}' and userid = '{$userid}' and parted IS NULL");
}
makeNotice("You have left the run.", "notice", "You left the Op.", "index.php?action=show&id={$runid}", "[OK]");
}
function idToUsername($id, $authID = false)
{
// Need to access some globals.
global $DB;
// $id must be numeric.
numericCheck("{$id}");
// Is it -1 ? (Self-added)
if ("{$id}" == "-1") {
return "-self-";
}
// Ask the oracle.
if (!$authID) {
$results = $DB->query("select username from users where id='{$id}' limit 1");
} else {
$results = $DB->query("select username from users where authID='{$id}' order by authPrimary desc, id desc limit 1");
}
// Valid user?
if ($results->numRows() == 0) {
return "no one";
makeNotice("Internal Error: Invalid User at idToUsername", "error");
}
// return the username.
while ($row = $results->fetchRow()) {
return $row['username'];
}
}
function editRanks()
{
// Doh, globals!
global $MySelf;
global $DB;
// Are we allowed to do this?
if (!$MySelf->canEditRank()) {
makeNotice("You do not have sufficient rights to access this page.", "warning", "Access denied");
}
// Get all unique rank IDS.
$ranks = $DB->query("SELECT DISTINCT rankid FROM ranks");
// Edit each one at a time.
while ($rankID = $ranks->fetchRow()) {
$ID = $rankID[rankid];
if (isset($_POST["title_" . $ID . "_name"])) {
// Cleanup
$name = sanitize($_POST["title_" . $ID . "_name"]);
numericCheck($_POST["order_" . $ID], 0);
$order = $_POST["order_" . $ID];
// Update the Database.
$DB->query("UPDATE ranks SET name='" . $name . "', rankOrder='" . $order . "' WHERE rankid='" . $ID . "' LIMIT 1");
}
}
header("Location: index.php?action=showranks");
}
function deleteRun()
{
// We need some globals.
global $DB;
global $MySelf;
global $READONLY;
// Are we allowed to delete runs?
if (!$MySelf->canDeleteRun() || $READONLY) {
makeNotice("You are not allowed to delete runs!", "error", "forbidden");
}
// Set the ID.
$ID = sanitize("{$_GET['id']}");
if (!is_numeric($ID) || $ID < 0) {
makeNotice("Invalid ID passed to deleteRun!", "error");
}
// Are we sure?
confirm("Do you really want to delete run #{$ID} ?");
// Get the run in question.
$run = $DB->getRow("SELECT * FROM runs WHERE id = '{$ID}' LIMIT 1");
// is it closed?
if ("{$run['endtime']}" < "0") {
makeNotice("You can only delete closed runs!", "error", "Deletion canceled", "index.php?action=list", "[cancel]");
}
// delete it.
$DB->query("DELETE FROM runs WHERE id ='{$ID}'");
// Also delete all hauls.
$DB->query("DELETE FROM hauled WHERE miningrun='{$ID}'");
// And joinups.
$DB->query("DELETE FROM joinups WHERE runid='{$ID}'");
makeNotice("The Miningrun Nr. #{$ID} has been deleted from the database and all associated hauls as well.", "notice", "Mining Operation deleted", "index.php?action=list", "[OK]");
}
function numericCheckBool($num, $min = false, $max = false)
{
// Is the number numeric?
if (!is_numeric($num)) {
$BT = nl2br(print_r(debug_backtrace(), true));
makeNotice("Security related abortion.<br>\"{$num}\" is not an integer, but rather of type " . gettype($num) . ".<br><br><b>Backtrace:<br>{$BT}", "error");
}
// Do we want to check against specific minimal and maximal values?
if (is_numeric($min) && is_numeric($max)) {
// We do! Compare.
if ($num >= $min && $num <= $max) {
return true;
} else {
return false;
}
}
// Compare only to a min value
if (is_numeric($min) && !is_numeric($max)) {
if ($num >= $min) {
return true;
} else {
return false;
}
}
// only check for numeric. But we did that earlier, sooo....
return true;
}
function deleteEvent()
{
// is the events module active?
if (!getConfig("events")) {
makeNotice("The admin has deactivated the events module.", "warning", "Module not active");
}
// Import the globals, as usual.
global $DB;
global $MySelf;
// Are we allowed to be here?
if (!$MySelf->canDeleteEvents()) {
makeNotice("You are not allowed to do this!", "error", "Forbidden");
}
// Is the ID safe?
if (!is_numeric($_GET[id]) || $_GET[id] < 0) {
makeNotice("Invalid ID given!", "error", "Invalid Data");
}
// Does the user really want this?
confirm("Are you sure you want to delete this event?");
// Ok, then delete it.
$DB->query("DELETE FROM events WHERE id = '{$_GET['id']}' LIMIT 1");
if ($DB->affectedRows() == 1) {
// Inform the people!
// mailUser();
makeNotice("The event has been deleted", "notice", "Event deleted", "index.php?action=showevents", "[OK]");
} else {
makeNotice("Could not delete the event from the database.", "error", "DB Error", "index.php?action=showevents", "[Cancel]");
}
}
function changeEmail()
{
global $SALT;
global $DB;
global $MySelf;
// Are we allowed to change our email?
if (!$MySelf->canChangeEmail()) {
makeNotice("You are not allowed to change your email. Ask your CEO to re-enable this feature for your account.", "error", "Forbidden");
}
/*
* At this point we know that the user who submited the
* email change form is both legit and the form was not tampered
* with. Proceed with the email-change.
*/
// its easier on the eyes.
$email = sanitize($_POST[email]);
$username = $MySelf->getUsername();
// Update the Database.
global $IS_DEMO;
if (!$IS_DEMO) {
$DB->query("update users set email = '{$email}', emailvalid = '0' where username = '******'");
makeNotice("Your email information has been updated. Thank you for keeping your records straight!", "notice", "Information updated");
} else {
makeNotice("Your email would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Email change confirmed");
}
}
function lotto_editLottery()
{
// We need some globals
global $MySelf;
global $DB;
$formDisable = "";
if (lotto_getOpenDrawing()) {
$formDisable = "disabled";
}
// is Lotto enabled at all?
if (!getConfig("lotto")) {
makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline");
}
// Deny access to non-lotto-officials.
if (!$MySelf->isLottoOfficial()) {
makeNotice("You are not allowed to do this!", "error", "Permission denied");
}
$table = new table(2, true);
$table->addHeader(">> Open new drawing");
$table->addRow();
$table->addCol("Number of tickets in draw:");
$table->addCol("<input type=\"text\" name=\"count\" " . $formDisable . " value=\"30\">");
// $newLotto = new table (2);
$table->addHeaderCentered("<input type=\"submit\" name=\"submit\" " . $formDisable . " value=\"open new drawing\">", array("bold" => true, "colspan" => 2));
$html = "<h2>Lotto Administration</h2>";
$html .= "<form action=\"index.php\" method=\"POST\">";
$html .= "<input type=\"hidden\" name=\"check\" value=\"true\">";
$html .= "<input type=\"hidden\" name=\"action\" value=\"createDrawing\">";
$html .= $table->flush();
$html .= "</form>";
if (lotto_getOpenDrawing()) {
$html .= "[<a href=\"index.php?action=drawLotto\">Draw Winner</a>]";
}
return $html;
}
function mailUser($mail, $subject, $group = null)
{
// We need the Database to gather all the eMails.
global $DB;
global $MB_EMAIL;
// We need something to mail around!
if (empty($mail) || empty($subject)) {
makeNotice("Nothing to send in mailUser()!", "error", "Internal Error");
}
// Get the eMail addresses. Only use emails that are opt-in and valid.
global $IS_DEMO;
if (!$IS_DEMO) {
if ($group != null && $group != "") {
$group = "AND `{$group}`='1'";
}
$EMAIL_DS = $DB->query("SELECT username, email FROM users WHERE optIn='1' AND emailValid='1' AND deleted='0' {$group}");
// Do this for everyone that opt-ed in.
while ($recipient = $EMAIL_DS->fetchRow()) {
$copy = str_replace("{{USER}}", "{$recipient['username']}", $mail);
$to = $recipient[email];
$headers = "From:" . $MB_EMAIL;
mail($to, $subject, $copy, $headers);
}
}
}
function lotto_claimTicket()
{
global $DB;
global $MySelf;
$LOTTO_MAX_PERCENT = getConfig("lottoPercent");
if (!getConfig("lotto")) {
makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline");
}
// Only people with parents consent may play!
if (!$MySelf->canPlayLotto()) {
makeNotice("Im sorry, but you are not allowed to play Lotto. " . "Ask your CEO or a friendly Director to enable this for you.", "warning", "Unable to play :(");
}
// Ticket ID sane?
numericCheck($_GET[ticket], 0);
$ticket = $_GET[ticket];
// Get the drawing ID.
$drawing = lotto_getOpenDrawing();
// Get my credits
$MyStuff = $DB->getRow("SELECT lottoCredit, lottoCreditsSpent FROM users WHERE id='" . $MySelf->getID() . "'");
$Credits = $MyStuff[lottoCredit];
$CreditsSpent = $MyStuff[lottoCreditsSpent];
// Are we broke?
if ($Credits < 1) {
makeNotice("You can not afford the ticket, go get more credits!", "warning", "You're broke!'", "index.php?action=lotto", "[ashamed]");
}
// Now check if we bust it.
$myTickets = lotto_checkRatio($drawing);
if ($myTickets <= 0) {
makeNotice("You are already owning the maximum allowed tickets!", "warning", "Exceeded ticket ratio!", "index.php?action=lotto", "[Cancel]");
}
// Deduct credit from account.
$newcount = $Credits - 1;
$DB->query("UPDATE users SET lottoCredit='{$newcount}' WHERE id='" . $MySelf->getID() . "' LIMIT 1");
if ($DB->affectedRows() != 1) {
makeNotice("Internal Error: Problem with your bank account... :(", "error", "Internal Error", "index.php?action=lotto", "[Cancel]");
}
// Add to "Spent".
$spent = $CreditsSpent + 1;
$DB->query("UPDATE users SET lottoCreditsSpent='{$spent}' WHERE id='" . $MySelf->getID() . "' LIMIT 1");
if ($DB->affectedRows() != 1) {
makeNotice("Internal Error: Problem with your bank account... :(", "error", "Internal Error", "index.php?action=lotto", "[Cancel]");
}
// Lets check that the ticket is still unclaimed.
$Ticket = $DB->getCol("SELECT owner FROM lotteryTickets WHERE ticket='{$ticket}' AND drawing='{$drawing}'");
if ($Ticket[0] >= 0) {
makeNotice("Im sorry, but someone else was faster that you and already claimed that ticket.", "warning", "Its gone, Jim!", "index.php?action=lotto", "[Damn!]");
}
// Give him the ticket.
$DB->query("UPDATE lotteryTickets SET owner='" . $MySelf->getID() . "' WHERE ticket='{$ticket}' AND drawing='{$drawing}' LIMIT 1");
if ($DB->affectedRows() == 1) {
Header("Location: index.php?action=lotto");
} else {
makeNotice("Internal Error: Could not grant you the ticket :(", "error", "Internal Error", "index.php?action=lotto", "[Cancel]");
}
}
function deleteAPIKey()
{
global $MySelf;
global $DB;
if ($MySelf->canManageUser()) {
numericCheck($_GET[id]);
$api = new api($_GET[id]);
$api->deleteApiKey();
makeNotice("Api key for user " . ucfirst(idToUsername($_GET[id])) . " has been deleted from the database", "notice", "API deleted.", "index.php?action=edituser&id=" . $_GET[id], "[OK]");
}
makeNotice("You do not have permission to modify users.", "warning", "Access denied.");
}
function editTemplate()
{
global $DB;
global $MySelf;
// Are we allowed to?
if (!$MySelf->isAdmin()) {
makeNotice("Only an Administator can edit the sites templates.", "warning", "Access denied");
}
// No Identifier, no service
if ($_POST[check]) {
// We got the returning form, edit it.
numericCheck($_POST[id], 0);
$ID = $_POST[id];
// Fetch the current template, see that its there.
$test = $DB->query("SELECT identifier FROM templates WHERE id='{$ID}' LIMIT 1");
if ($test->numRows() == 1) {
// We got the template
$template = sanitize($_POST[template]);
$DB->query("UPDATE templates SET template='" . $template . "' WHERE id='{$ID}' LIMIT 1");
// Check for success
if ($DB->affectedRows() == 1) {
// Success!
header("Location: index.php?action=edittemplate&id={$ID}");
} else {
// Fail!
makeNotice("There was a problem updating the template in the database!", "error", "Internal Error", "index.php?action=edittemplate&id={$ID}", "Cancel");
}
} else {
// There is no such template
makeNotice("There is no such template in the database!", "error", "Invalid Template!", "index.php?action=edittemplate&id={$ID}", "Cancel");
}
} elseif (empty($_GET[id])) {
// No returning form, no identifier.
header("Location: index.php?action=configuration");
} else {
$ID = $_GET[id];
}
// numericheck!
numericCheck($ID, 0);
$temp = $DB->getCol("SELECT template FROM templates WHERE id='{$ID}' LIMIT 1");
$table = new table(1, true);
$table->addHeader(">> Edit template");
$table->addRow();
$table->addCol("<center><textarea name=\"template\" rows=\"30\" cols=\"60\">" . $temp[0] . "</textarea></center>");
$table->addHeaderCentered("<input type=\"submit\" name=\"submit\" value=\"Edit Template\">");
$form1 = "<form action=\"index.php\" method=\"POST\">";
$form2 = "<input type=\"hidden\" name=\"check\" value=\"true\">";
$form2 .= "<input type=\"hidden\" name=\"action\" value=\"editTemplate\">";
$form2 .= "<input type=\"hidden\" name=\"id\" value=\"" . $ID . "\">";
$form2 .= "</form>";
$backlink = "<br><a href=\"index.php?action=configuration\">Back to configuration</a>";
return "<h2>Edit the template</h2>" . $form1 . $table->flush() . $form2 . $backlink;
}
public function setPref($pref, $value)
{
/*
* setPref will set the value ($value) of $pref,
* and call storePrefs.
*/
if (empty($pref)) {
makeNotice("No preference name given for setting, error in preference_class", "error", "Nyah! Nyah!");
}
// Set the preference.
$this->preferences[$pref] = "{$value}";
$this->storePrefs();
}
function lotto_getOpenDrawing()
{
/*
* This returns the lotto-drawing-id of the currently opened drawing.
* Ubah sized code, I know. But I use it on several locations.
*/
if (!getConfig("lotto")) {
makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline");
}
global $DB;
$OD = $DB->getCol("SELECT drawing FROM lotto WHERE isOpen='1' ORDER BY drawing DESC LIMIT 1");
return $OD[0];
}
function createTransaction()
{
// We need globals.
global $DB;
global $MySelf;
global $TIMEMARK;
// Are we allowed to poke in here?
if (!$MySelf->isAccountant()) {
makeNotice("Umm, you are not allowed to do this. Really. You are not.", "warning", "You are not supposed to be here");
}
// Check the ints.
numericCheck($_POST[wod], 0, 1);
numericCheck($_POST[amount], 0);
numericCheck($_POST[id], 0);
// Its easier on the eyes.
$type = $_POST[wod];
$amount = $_POST[amount];
$id = $_POST[id];
$username = idToUsername($id);
// invert the amount if we have a withdrawal.
if ($_POST[wod] == 1) {
$dir = "withdrawed";
$dir2 = "from";
$hisMoney = getCredits($id);
if ($hisMoney < $amount) {
$ayee = $hisMoney - $amount;
confirm("WARNING:<br>{$username} can NOT afford this withdrawal. If you choose to " . "authorize this transaction anyway his account will be at " . number_format($ayee, 2) . " ISK.");
}
} else {
$amount = $_POST[amount];
$dir = "deposited";
$dir2 = "into";
}
// We use custom reason, if set.
if ($_POST[reason2] != "") {
$reason = sanitize($_POST[reason2]);
} else {
$reason = sanitize($_POST[reason1]);
}
// Create transaction.
$transaction = new transaction($id, $type, $amount);
$transaction->setReason($reason);
// Success?
if (!$transaction->commit()) {
// Nope :(
makeNotice("Unable to create transaction. Danger, Will Robinson, DANGER!", "error", "Internal Error", "index.php?action=edituser&id={$id}", "[Back]");
} else {
// Success !
makeNotice("You successfully {$dir} {$amount} ISK {$dir2} " . $username . "'s account.", "notice", "Transaction complete", "index.php?action=edituser&id={$id}", "[Ok]");
}
}
function sirchange()
{
if ($_POST[sir] == "true") {
$state = 1;
} else {
$state = 0;
}
global $PREFS;
$PREFS->setPref("sirstate", $state);
if (!$state) {
makeNotice("Value changed. Inofficial mining operations will no longer show up.", "notice", "Preferences stored", "index.php?action=preferences", "[ok]");
} else {
makeNotice("Value changed. Inofficial mining operations will now be listed again.", "notice", "Preferences stored", "index.php?action=preferences", "[ok]");
}
}
function quickConfirm()
{
global $DB;
global $MySelf;
if ($MySelf->canManageUser() == false) {
makeNotice("You are not allowed to do this!", "error", "Forbidden");
}
$ID = sanitize($_GET[id]);
numericCheck($ID);
$DB->query("UPDATE users SET confirmed='1' WHERE id='" . $ID . "'");
$userDS = $DB->query("SELECT * FROM users WHERE id='{$ID}' LIMIT 1");
$user = $userDS->fetchRow();
lostPassword($user[username]);
header("Location: index.php?action=editusers&newusers=true");
die;
}
function popCan()
{
// We need the globals, as always,
global $DB;
global $MySelf;
$UserID = $MySelf->getID();
// Is the ID sane?
if ($_GET[id] != "all") {
if (empty($_GET[id]) || !is_numeric($_GET[id]) || $_GET[id] < 1) {
makeNotice("Invalid container selected for popping!", "error");
} else {
$LIMIT = " AND id='{$_GET['id']}' LIMIT 1";
}
} else {
confirm("Are you sure you want to pop all your cans?");
}
// Delete the can from the list.
$DB->query("DELETE FROM cans WHERE pilot='{$UserID}' {$LIMIT}");
// And tell the user what happened.
$canspopped = $DB->affectedRows();
// Do we want to go back to the run or the canpage?
if (isset($_GET[runid])) {
$bl = "index.php?action=show&id=" . $_GET[runid];
} else {
$bl = "index.php?action=cans";
}
if ($canspopped == 1) {
// ONE can has been popped.
makeNotice("The can has been popped.", "notice", "POP!", $bl, "That was fun!");
} elseif ($canspopped > 1) {
// TWO OR MORE cans have been popped.
makeNotice("{$canspopped} cans have been popped.", "notice", "POP!", $bl, "That was fun!");
} else {
// ZERO OR LESS cans have been popped.
$col = $DB->getRow("SELECT id, pilot FROM cans WHERE id='{$_GET['id']}'");
if (userInRun($MySelf->getID(), $col[id])) {
$DB->query("DELETE FROM cans WHERE id='{$col['id']}' LIMIT 1");
if ($DB->affectedRows() == 1) {
makeNotice("You just popped a can belonging to " . idToUsername($col[pilot]) . ".", "notice", "POP!", $bl, "That was fun!");
} else {
makeNotice("The can could not be popped!", "error", "Internal Error", $bl, "[cancel]");
}
} else {
makeNotice("The can could not be popped!", "error", "Internal Error", $bl, "[cancel]");
}
}
}
function getTemplate($identifier, $type)
{
global $DB;
// Check that we have all the requirements
if (!$identifier || !$type) {
makeNotice("Invalid Identifier or Type in getTemplate!", "error", "Internal error");
}
// Load the Template from the database
$template = $DB->query("SELECT template FROM templates WHERE identifier ='{$identifier}' AND type='{$type}' LIMIT 1");
// Do we have it?
if ($template->numRows() == 1) {
// Yes!
$temp = $template->fetchRow();
return $temp['template'];
} else {
// We dont have it :(
return false;
}
}
function setConfig($var, $val)
{
// Globals! Yay!
global $DB;
// Check that we have a descriptor.
if ($var == "") {
makeNotice("Invalid descriptor in setConfig!", "error", "internal Error!");
}
// Sanitize it.
$var = sanitize($var);
$val = sanitize($val);
// Do we have a valid config entry?
$setting = $DB->query("DELETE FROM config WHERE name='" . $var . "' LIMIT 1");
// Cache it.
$setting = $DB->query("INSERT INTO config (name, value) VALUES (?,?)", array("{$var}", "{$val}"));
if ($DB->affectedRows() != 1) {
makeNotice("Could not update the database registry (setConfig)!", "error", "Internal error!");
}
}
function transferMoney()
{
// Globals
global $MySelf;
global $DB;
global $TIMEMARK;
$MyCredits = getCredits($MySelf->getID());
// Can we afford even the most basic transactions?
if (!numericCheckBool($MyCredits, 0)) {
makeNotice("You can not afford any transaction.", "warning", "Out of money", "index.php?action=manageWallet", "[cancel]");
}
// Did we supply an isk amount at all?
if ($_POST[amount] == "") {
makeNotice("You did not specify an ISK amount. Please go back, and try again.", "warning", "How much?", "index.php?action=manageWallet", "[cancel]");
}
if (!is_numeric($_POST[amount])) {
makeNotice("The frog looks at you and your cheque with the amount of \"" . $_POST[amount] . "\". The frog is unsure how much ISK that is and instead decides to lick your face in a friendly manner, then it closes the teller and goes for lunch.", "warning", "Huh?");
}
// Check for sanity.
if (!numericCheckBool($_POST[to], 0)) {
makeNotice("The supplied reciver is not valid.", "warning", "Invalid ID", "index.php?action=manageWallet", "[cancel]");
}
if (!numericCheckBool($_POST[amount], 0)) {
makeNotice("You need to specify a positive ISK value.", "error", "Invalid amount", "index.php?action=manageWallet", "[cancel]");
}
if (!numericCheckBool($_POST[amount], 0, $MyCredits)) {
makeNotice("You can not afford this transaction.", "warning", "Out of money", "index.php?action=manageWallet", "[cancel]");
}
// Ok so now we know: The reciver is valid, the sender has enough money.
$from = "<br><br>From: " . ucfirst($MySelf->getUsername());
$to = "<br>To: " . ucfirst(idToUsername($_POST[to]));
$amount = "<br>Amount: " . number_format($_POST[amount], 2) . " ISK";
$reason = "<br>Reason: " . $_POST[reason];
confirm("Please authorize this transaction:" . $from . $to . $amount . $reason);
// Lets do it.
$transaction = new transaction($_POST[to], 0, $_POST[amount]);
$transaction->setReason("Cash transfer from " . ucfirst($MySelf->getUsername()) . " to " . ucfirst(idToUsername($_POST[to])) . ": " . $_POST[reason]);
$transaction->isTransfer(true);
$transaction->commit();
// Send'em back.
makeNotice($amount . " has been transfered from your into " . ucfirst(idToUsername($_POST[to])) . " account.", "notice", "Cash transfered", "index.php?action=manageWallet", "[OK]");
}
