function toggleLogin() { global $DB; global $MySelf; global $IS_DEMO; if ($IS_DEMO) { makeNotice("The user would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Password change confirmed"); } // Are we allowed to Manage Users? if (!$MySelf->canManageUser()) { makeNotice("You are not allowed to edit Users!", "error", "forbidden"); } if ($MySelf->getID() == $_GET[id]) { makeNotice("You are not allowed to block yourself!", "error", "forbidden"); } // Wash ID. numericCheck($_GET[id]); $ID = sanitize($_GET[id]); // update login capability. $DB->query("UPDATE users SET canLogin=1 XOR canLogin WHERE id='" . $ID . "' LIMIT 1"); $username = idToUsername("{$ID}"); $p = substr($username, 0, 1); // Return. header("Location: index.php?action=editusers&l={$p}"); }
function doPayout() { // Um, yes. global $DB; global $TIMEMARK; global $MySelf; // Are we allowed to do this? if (!$MySelf->isAccountant()) { makeNotice("You are not an accountant to your corporation. Access denied.", "error", "Access denied"); } // Get unpaid IDs. $IDS = $DB->query("SELECT DISTINCT request, amount, applicant FROM payoutRequests WHERE payoutTime IS NULL"); // loop through all unpaid IDs. while ($ID = $IDS->fetchRow()) { // Check if we marked the id as "paid" if ($_POST[$ID[request]]) { // We did. Can user afford payment? //if (getCredits($ID[applicant]) >= $ID[amount]) { // Yes, he can! $transaction = new transaction($ID[applicant], 1, $ID[amount]); $transaction->setReason("payout request fulfilled"); if ($transaction->commit()) { $DB->query("UPDATE payoutRequests SET payoutTime = '{$TIMEMARK}', banker='" . $MySelf->getID() . "' WHERE request='{$ID['request']}' LIMIT 1"); } //} } } header("Location: index.php?action=payout"); }
function changeShipValue() { // Import global Variables and the Database. global $DB; global $SHIPTYPES; global $DBSHIP; global $TIMEMARK; global $MySelf; // Are we allowed to change this? if (!$MySelf->canChangeOre()) { makeNotice("You are not allowed to fiddle around in there!", "error", "forbidden"); } // Lets set the userID(!) $userID = $MySelf->getID(); // Insert the new ship values into the database. $DB->query("insert into shipvalues (modifier, time) values (?,?)", array("{$userID}", "{$TIMEMARK}")); // Now loop through all possible oretypes. foreach ($DBSHIP as $SHIP) { // But check that the submited information is kosher. if (isset($_POST[$SHIP]) && is_numeric($_POST[$SHIP])) { // Write the new, updated values. $DB->query("UPDATE shipvalues SET " . $SHIP . "Value= '" . number_format($_POST[$SHIP] / 100, 4) . "' WHERE time = '{$TIMEMARK}'"); // Enable or disable the shiptype. if ($_POST[$SHIP . Enabled]) { $DB->query("UPDATE shipconfig SET value = '1' where name='" . $SHIP . "Enabled' "); } else { $DB->query("UPDATE shipconfig SET value = '0' where name='" . $SHIP . "Enabled' "); } } } // Let the user know. makeNotice("The payout values for ships have been changed.", "notice", "New data accepted.", "index.php?action=showshipvalue", "[OK]"); }
function lotto_checkRatio($drawing) { // We need some globals. global $DB; global $MySelf; $LOTTO_MAX_PERCENT = getConfig("lottoPercent"); if (!getConfig("lotto")) { makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline"); } // Drawing ID valid? numericCheck($drawing); // Get current occupied tickets in the playa's name. $totalPlayerOwned = $DB->getCol("SELECT COUNT(id) FROM lotteryTickets WHERE owner='" . $MySelf->getID() . "' AND drawing='" . $drawing . "'"); $totalPlayerOwned = $totalPlayerOwned[0]; // Get total number of tickets. $totalTickets = $DB->getCol("SELECT COUNT(id) FROM lotteryTickets WHERE drawing='" . $drawing . "'"); $totalTickets = $totalTickets[0]; // Is there actually a limit requested? if (!$LOTTO_MAX_PERCENT) { // The sky is the limit! $allowedTickets = $totalTickets; } else { // Calculate max allowed tickets per person, ceil it. $allowedTickets = ceil($totalTickets * $LOTTO_MAX_PERCENT / 100); } // return allowed tickets. return $allowedTickets - $totalPlayerOwned; }
function usernameToID($username, $caller) { global $DB; global $MySelf; $username = sanitize($username); // Just return the self-id. if ($username == $MySelf->getUsername()) { return $MySelf->GetID(); } // Ask the oracle. $results = $DB->query("select id from users where username='******' limit 1"); // Valid user? if ($results->numRows() == 0) { // Special case: User got wiped from the database while logged in. if ("{$caller}" == "authKeyIsValid") { return "-1"; } if ("{$caller}" == "Failed_Login") { return "-1"; } makeNotice("Internal Error: Invalid User at usernameToID<br>(called by {$caller})", "error"); } // return the username. while ($row = $results->fetchRow()) { return "{$row['id']}"; } }
function joinEvent() { // Lets import some globals, why not. global $MySelf; global $DB; $ID = $MySelf->getID(); // Are we allowed to be here? if (!$MySelf->canSeeEvents()) { makeNotice("You are not allowed to do this!", "error", "Forbidden"); } // Is the ID safe? if (!is_numeric($_GET[id]) || $_GET[id] < 0) { makeNotice("Invalid ID given!", "error", "Invalid Data"); } // Get the current list of members. $JOINS = $DB->getCol("SELECT signups FROM events WHERE id='{$_GET['id']}'"); $JOINS = unserialize($JOINS[0]); // Add this ones ship. $JOINS[$ID] = sanitize($_GET[type]); // And store it back into the db. $p = $DB->query("UPDATE events SET signups = '" . serialize($JOINS) . "' WHERE ID='{$_GET['id']}' LIMIT 1"); // Inform the user. if ($_GET[type] != "quit") { makeNotice("You have joined Event #{$_GET['id']}. Have fun, and dont be late!", "notice", "Joinup complete.", "index.php?action=showevent&id={$_GET['id']}", "[OK]"); } else { makeNotice("You have left Event #{$_GET['id']}.", "notice", "Left Event", "index.php?action=showevent&id={$_GET['id']}", "[OK]"); } }
function toggleCharity() { // Some globals required. global $DB; global $MySelf; // Sanitize! $ID = sanitize($_GET[id]); // Mining run still open? if (!miningRunOpen($ID)) { makeNotice("You can not set the charity flag on closed operations!", "warning", "Failed", "index.php?action=show&id={$ID}", "[Cancel]"); } // update the flags $DB->query("UPDATE joinups SET charity=1 XOR charity WHERE userid='" . $MySelf->getID() . "' AND parted IS NULL AND run='" . $_GET[id] . "' LIMIT 1"); // Check is we were successful. if ($DB->affectedRows() == 1) { // Load the new charity status. $newMode = $DB->getCol("SELECT charity FROM joinups WHERE userid='" . $MySelf->getID() . "' AND parted IS NULL AND run='" . $_GET[id] . "' LIMIT 1"); if ($newMode[0]) { // He is now a volunteer. makeNotice("You have volunteered to waive your payout, and dontate it to your corporation. Thank you!", "notice", "Charity accepted", "index.php?action=show&id=" . $_GET[id]); header("Location: index.php?action=show&id=" . $_GET[id]); } else { // He is no longer a volunteer. makeNotice("You have revoked your waiver, you will recieve ISK for this run again.", "notice", "Charity revokation accepted", "index.php?action=show&id=" . $_GET[id]); header("Location: index.php?action=show&id=" . $_GET[id]); } } else { // Something went wrong with the database! makeNotice("Unable to set the charity flag!", "error", "Internal Error", "index.php?action=show&id=" . $_GET[id]); } }
function makeAddUserForm() { // Are we allowed to? global $MySelf; if (!$MySelf->canAddUser()) { makeNotice("You are not authorized to do that!", "error", "Forbidden"); } // Suggest a user password. $suggestedPassword = crypt(base64_encode(rand(11111, 99999)), "8ewf7tg2k,leduj"); $table = new table(2, true); $table->addHeader(">> Add a new user"); $table->addRow("#060622"); $table->addCol("You can manually add a new user with this form. But use this only " . "as a last resort, for example, if your server can not send eMails. " . "Always let the user request an account. This form was supposed to be " . "removed, but complains from the users kept it alive.", array("colspan" => 2)); $table->addRow(); $table->addCol("Username:"******"<input type=\"text\" name=\"username\" maxlength=\"20\">"); $table->addRow(); $table->addCol("eMail:"); $table->addCol("<input type=\"text\" name=\"email\">"); $table->addRow(); $table->addCol("Password:"******"<input type=\"password\" name=\"pass1\" value=\"{$suggestedPassword}\"> (Suggested: {$suggestedPassword})"); $table->addRow(); $table->addCol("Verify Password:"******"<input type=\"password\" name=\"pass2\" value=\"{$suggestedPassword}\">"); $table->addHeaderCentered("<input type=\"submit\" name=\"create\" value=\"Add user to database\">"); $page = "<h2>Add a new User</h2>"; $page .= "<form action=\"index.php\" method=\"post\">"; $page .= $table->flush(); $page .= "<input type=\"hidden\" name=\"action\" value=\"newuser\">"; $page .= "<input type=\"hidden\" name=\"check\" value=\"check\">"; $page .= "</form>"; return $page; }
function lotto_createDrawing() { // The usual susglobals. ;) global $DB; global $MySelf; global $TIMEMARK; $count = $_POST[count]; // is Lotto enabled at all? if (!getConfig("lotto")) { makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline"); } // Deny access to non-lotto-officials. if (!$MySelf->isLottoOfficial()) { makeNotice("You are not allowed to do this!", "error", "Permission denied"); } // We only allow boards greater 1 ticket. if (!is_numeric($count) && $count < 1) { makeNotice("Invalid count for the new drawing!", "error", "Invaid Count", "index.php?action=editLotto", "[Cancel]"); } // Is there already a drawing opened? if (lotto_getOpenDrawing()) { makeNotice("You can only have one drawing open at the same time!", "error", "Close other drawing", "index.php?action=editLotto", "[Cancel]"); } $DB->query("INSERT INTO lotto (opened,isOpen) VALUES (?,?)", array($TIMEMARK, "1")); if ($DB->affectedRows() != 1) { makeNotice("Error creating new drawing in database! Inform admin!", "error", "Internal Error", "index.php?action=editLotto", "[Cancel]"); } // Which ID are we now? $drawing = lotto_getOpenDrawing(); // insert tickets! for ($i = 1; $i <= $_POST[count]; $i++) { $DB->query("INSERT INTO lotteryTickets (ticket, drawing) VALUES ('{$i}', '{$drawing}')"); } makeNotice("Drawing created, have fun!", "notice", "Here you go.", "index.php?action=lotto", "lotto! LOTTO!"); }
function leaveRun() { // Access the globals. global $DB; global $TIMEMARK; global $MySelf; $runid = $_GET[id]; $userid = $MySelf->getID(); // Are we actually still in this run? if (userInRun($userid, $runid) == "none") { makeNotice("You can not leave a run you are currently not a part of.", "warning", "Not you run.", "index.php?action=show&id={$runid}", "[cancel]"); } // Is $runid truly an integer? numericCheck($runid); // Oh yeah? if (runIsLocked($runid)) { confirm("Do you really want to leave mining operation #{$runid} ?<br><br>Careful: This operation has been locked by " . runSupervisor($runid, true) . ". You can not rejoin the operation unless its unlocked again."); } else { confirm("Do you really want to leave mining operation #{$runid} ?"); } // Did the run start yet? If not, delete the request. $runStart = $DB->getCol("SELECT starttime FROM runs WHERE id='{$runid}' LIMIT 1"); if ($TIMEMARK < $runStart[0]) { // Event not started yet. Delete. $DB->query("DELETE FROM joinups WHERE run='{$runid}' AND userid='{$userid}'"); } else { // Event started, just mark inactive. $DB->query("update joinups set parted = '{$TIMEMARK}' where run = '{$runid}' and userid = '{$userid}' and parted IS NULL"); } makeNotice("You have left the run.", "notice", "You left the Op.", "index.php?action=show&id={$runid}", "[OK]"); }
function idToUsername($id, $authID = false) { // Need to access some globals. global $DB; // $id must be numeric. numericCheck("{$id}"); // Is it -1 ? (Self-added) if ("{$id}" == "-1") { return "-self-"; } // Ask the oracle. if (!$authID) { $results = $DB->query("select username from users where id='{$id}' limit 1"); } else { $results = $DB->query("select username from users where authID='{$id}' order by authPrimary desc, id desc limit 1"); } // Valid user? if ($results->numRows() == 0) { return "no one"; makeNotice("Internal Error: Invalid User at idToUsername", "error"); } // return the username. while ($row = $results->fetchRow()) { return $row['username']; } }
function editRanks() { // Doh, globals! global $MySelf; global $DB; // Are we allowed to do this? if (!$MySelf->canEditRank()) { makeNotice("You do not have sufficient rights to access this page.", "warning", "Access denied"); } // Get all unique rank IDS. $ranks = $DB->query("SELECT DISTINCT rankid FROM ranks"); // Edit each one at a time. while ($rankID = $ranks->fetchRow()) { $ID = $rankID[rankid]; if (isset($_POST["title_" . $ID . "_name"])) { // Cleanup $name = sanitize($_POST["title_" . $ID . "_name"]); numericCheck($_POST["order_" . $ID], 0); $order = $_POST["order_" . $ID]; // Update the Database. $DB->query("UPDATE ranks SET name='" . $name . "', rankOrder='" . $order . "' WHERE rankid='" . $ID . "' LIMIT 1"); } } header("Location: index.php?action=showranks"); }
function deleteRun() { // We need some globals. global $DB; global $MySelf; global $READONLY; // Are we allowed to delete runs? if (!$MySelf->canDeleteRun() || $READONLY) { makeNotice("You are not allowed to delete runs!", "error", "forbidden"); } // Set the ID. $ID = sanitize("{$_GET['id']}"); if (!is_numeric($ID) || $ID < 0) { makeNotice("Invalid ID passed to deleteRun!", "error"); } // Are we sure? confirm("Do you really want to delete run #{$ID} ?"); // Get the run in question. $run = $DB->getRow("SELECT * FROM runs WHERE id = '{$ID}' LIMIT 1"); // is it closed? if ("{$run['endtime']}" < "0") { makeNotice("You can only delete closed runs!", "error", "Deletion canceled", "index.php?action=list", "[cancel]"); } // delete it. $DB->query("DELETE FROM runs WHERE id ='{$ID}'"); // Also delete all hauls. $DB->query("DELETE FROM hauled WHERE miningrun='{$ID}'"); // And joinups. $DB->query("DELETE FROM joinups WHERE runid='{$ID}'"); makeNotice("The Miningrun Nr. #{$ID} has been deleted from the database and all associated hauls as well.", "notice", "Mining Operation deleted", "index.php?action=list", "[OK]"); }
function numericCheckBool($num, $min = false, $max = false) { // Is the number numeric? if (!is_numeric($num)) { $BT = nl2br(print_r(debug_backtrace(), true)); makeNotice("Security related abortion.<br>\"{$num}\" is not an integer, but rather of type " . gettype($num) . ".<br><br><b>Backtrace:<br>{$BT}", "error"); } // Do we want to check against specific minimal and maximal values? if (is_numeric($min) && is_numeric($max)) { // We do! Compare. if ($num >= $min && $num <= $max) { return true; } else { return false; } } // Compare only to a min value if (is_numeric($min) && !is_numeric($max)) { if ($num >= $min) { return true; } else { return false; } } // only check for numeric. But we did that earlier, sooo.... return true; }
function deleteEvent() { // is the events module active? if (!getConfig("events")) { makeNotice("The admin has deactivated the events module.", "warning", "Module not active"); } // Import the globals, as usual. global $DB; global $MySelf; // Are we allowed to be here? if (!$MySelf->canDeleteEvents()) { makeNotice("You are not allowed to do this!", "error", "Forbidden"); } // Is the ID safe? if (!is_numeric($_GET[id]) || $_GET[id] < 0) { makeNotice("Invalid ID given!", "error", "Invalid Data"); } // Does the user really want this? confirm("Are you sure you want to delete this event?"); // Ok, then delete it. $DB->query("DELETE FROM events WHERE id = '{$_GET['id']}' LIMIT 1"); if ($DB->affectedRows() == 1) { // Inform the people! // mailUser(); makeNotice("The event has been deleted", "notice", "Event deleted", "index.php?action=showevents", "[OK]"); } else { makeNotice("Could not delete the event from the database.", "error", "DB Error", "index.php?action=showevents", "[Cancel]"); } }
function changeEmail() { global $SALT; global $DB; global $MySelf; // Are we allowed to change our email? if (!$MySelf->canChangeEmail()) { makeNotice("You are not allowed to change your email. Ask your CEO to re-enable this feature for your account.", "error", "Forbidden"); } /* * At this point we know that the user who submited the * email change form is both legit and the form was not tampered * with. Proceed with the email-change. */ // its easier on the eyes. $email = sanitize($_POST[email]); $username = $MySelf->getUsername(); // Update the Database. global $IS_DEMO; if (!$IS_DEMO) { $DB->query("update users set email = '{$email}', emailvalid = '0' where username = '******'"); makeNotice("Your email information has been updated. Thank you for keeping your records straight!", "notice", "Information updated"); } else { makeNotice("Your email would have been changed. (Operation canceled due to demo site restrictions.)", "notice", "Email change confirmed"); } }
function lotto_editLottery() { // We need some globals global $MySelf; global $DB; $formDisable = ""; if (lotto_getOpenDrawing()) { $formDisable = "disabled"; } // is Lotto enabled at all? if (!getConfig("lotto")) { makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline"); } // Deny access to non-lotto-officials. if (!$MySelf->isLottoOfficial()) { makeNotice("You are not allowed to do this!", "error", "Permission denied"); } $table = new table(2, true); $table->addHeader(">> Open new drawing"); $table->addRow(); $table->addCol("Number of tickets in draw:"); $table->addCol("<input type=\"text\" name=\"count\" " . $formDisable . " value=\"30\">"); // $newLotto = new table (2); $table->addHeaderCentered("<input type=\"submit\" name=\"submit\" " . $formDisable . " value=\"open new drawing\">", array("bold" => true, "colspan" => 2)); $html = "<h2>Lotto Administration</h2>"; $html .= "<form action=\"index.php\" method=\"POST\">"; $html .= "<input type=\"hidden\" name=\"check\" value=\"true\">"; $html .= "<input type=\"hidden\" name=\"action\" value=\"createDrawing\">"; $html .= $table->flush(); $html .= "</form>"; if (lotto_getOpenDrawing()) { $html .= "[<a href=\"index.php?action=drawLotto\">Draw Winner</a>]"; } return $html; }
function mailUser($mail, $subject, $group = null) { // We need the Database to gather all the eMails. global $DB; global $MB_EMAIL; // We need something to mail around! if (empty($mail) || empty($subject)) { makeNotice("Nothing to send in mailUser()!", "error", "Internal Error"); } // Get the eMail addresses. Only use emails that are opt-in and valid. global $IS_DEMO; if (!$IS_DEMO) { if ($group != null && $group != "") { $group = "AND `{$group}`='1'"; } $EMAIL_DS = $DB->query("SELECT username, email FROM users WHERE optIn='1' AND emailValid='1' AND deleted='0' {$group}"); // Do this for everyone that opt-ed in. while ($recipient = $EMAIL_DS->fetchRow()) { $copy = str_replace("{{USER}}", "{$recipient['username']}", $mail); $to = $recipient[email]; $headers = "From:" . $MB_EMAIL; mail($to, $subject, $copy, $headers); } } }
function lotto_claimTicket() { global $DB; global $MySelf; $LOTTO_MAX_PERCENT = getConfig("lottoPercent"); if (!getConfig("lotto")) { makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline"); } // Only people with parents consent may play! if (!$MySelf->canPlayLotto()) { makeNotice("Im sorry, but you are not allowed to play Lotto. " . "Ask your CEO or a friendly Director to enable this for you.", "warning", "Unable to play :("); } // Ticket ID sane? numericCheck($_GET[ticket], 0); $ticket = $_GET[ticket]; // Get the drawing ID. $drawing = lotto_getOpenDrawing(); // Get my credits $MyStuff = $DB->getRow("SELECT lottoCredit, lottoCreditsSpent FROM users WHERE id='" . $MySelf->getID() . "'"); $Credits = $MyStuff[lottoCredit]; $CreditsSpent = $MyStuff[lottoCreditsSpent]; // Are we broke? if ($Credits < 1) { makeNotice("You can not afford the ticket, go get more credits!", "warning", "You're broke!'", "index.php?action=lotto", "[ashamed]"); } // Now check if we bust it. $myTickets = lotto_checkRatio($drawing); if ($myTickets <= 0) { makeNotice("You are already owning the maximum allowed tickets!", "warning", "Exceeded ticket ratio!", "index.php?action=lotto", "[Cancel]"); } // Deduct credit from account. $newcount = $Credits - 1; $DB->query("UPDATE users SET lottoCredit='{$newcount}' WHERE id='" . $MySelf->getID() . "' LIMIT 1"); if ($DB->affectedRows() != 1) { makeNotice("Internal Error: Problem with your bank account... :(", "error", "Internal Error", "index.php?action=lotto", "[Cancel]"); } // Add to "Spent". $spent = $CreditsSpent + 1; $DB->query("UPDATE users SET lottoCreditsSpent='{$spent}' WHERE id='" . $MySelf->getID() . "' LIMIT 1"); if ($DB->affectedRows() != 1) { makeNotice("Internal Error: Problem with your bank account... :(", "error", "Internal Error", "index.php?action=lotto", "[Cancel]"); } // Lets check that the ticket is still unclaimed. $Ticket = $DB->getCol("SELECT owner FROM lotteryTickets WHERE ticket='{$ticket}' AND drawing='{$drawing}'"); if ($Ticket[0] >= 0) { makeNotice("Im sorry, but someone else was faster that you and already claimed that ticket.", "warning", "Its gone, Jim!", "index.php?action=lotto", "[Damn!]"); } // Give him the ticket. $DB->query("UPDATE lotteryTickets SET owner='" . $MySelf->getID() . "' WHERE ticket='{$ticket}' AND drawing='{$drawing}' LIMIT 1"); if ($DB->affectedRows() == 1) { Header("Location: index.php?action=lotto"); } else { makeNotice("Internal Error: Could not grant you the ticket :(", "error", "Internal Error", "index.php?action=lotto", "[Cancel]"); } }
function deleteAPIKey() { global $MySelf; global $DB; if ($MySelf->canManageUser()) { numericCheck($_GET[id]); $api = new api($_GET[id]); $api->deleteApiKey(); makeNotice("Api key for user " . ucfirst(idToUsername($_GET[id])) . " has been deleted from the database", "notice", "API deleted.", "index.php?action=edituser&id=" . $_GET[id], "[OK]"); } makeNotice("You do not have permission to modify users.", "warning", "Access denied."); }
function editTemplate() { global $DB; global $MySelf; // Are we allowed to? if (!$MySelf->isAdmin()) { makeNotice("Only an Administator can edit the sites templates.", "warning", "Access denied"); } // No Identifier, no service if ($_POST[check]) { // We got the returning form, edit it. numericCheck($_POST[id], 0); $ID = $_POST[id]; // Fetch the current template, see that its there. $test = $DB->query("SELECT identifier FROM templates WHERE id='{$ID}' LIMIT 1"); if ($test->numRows() == 1) { // We got the template $template = sanitize($_POST[template]); $DB->query("UPDATE templates SET template='" . $template . "' WHERE id='{$ID}' LIMIT 1"); // Check for success if ($DB->affectedRows() == 1) { // Success! header("Location: index.php?action=edittemplate&id={$ID}"); } else { // Fail! makeNotice("There was a problem updating the template in the database!", "error", "Internal Error", "index.php?action=edittemplate&id={$ID}", "Cancel"); } } else { // There is no such template makeNotice("There is no such template in the database!", "error", "Invalid Template!", "index.php?action=edittemplate&id={$ID}", "Cancel"); } } elseif (empty($_GET[id])) { // No returning form, no identifier. header("Location: index.php?action=configuration"); } else { $ID = $_GET[id]; } // numericheck! numericCheck($ID, 0); $temp = $DB->getCol("SELECT template FROM templates WHERE id='{$ID}' LIMIT 1"); $table = new table(1, true); $table->addHeader(">> Edit template"); $table->addRow(); $table->addCol("<center><textarea name=\"template\" rows=\"30\" cols=\"60\">" . $temp[0] . "</textarea></center>"); $table->addHeaderCentered("<input type=\"submit\" name=\"submit\" value=\"Edit Template\">"); $form1 = "<form action=\"index.php\" method=\"POST\">"; $form2 = "<input type=\"hidden\" name=\"check\" value=\"true\">"; $form2 .= "<input type=\"hidden\" name=\"action\" value=\"editTemplate\">"; $form2 .= "<input type=\"hidden\" name=\"id\" value=\"" . $ID . "\">"; $form2 .= "</form>"; $backlink = "<br><a href=\"index.php?action=configuration\">Back to configuration</a>"; return "<h2>Edit the template</h2>" . $form1 . $table->flush() . $form2 . $backlink; }
public function setPref($pref, $value) { /* * setPref will set the value ($value) of $pref, * and call storePrefs. */ if (empty($pref)) { makeNotice("No preference name given for setting, error in preference_class", "error", "Nyah! Nyah!"); } // Set the preference. $this->preferences[$pref] = "{$value}"; $this->storePrefs(); }
function lotto_getOpenDrawing() { /* * This returns the lotto-drawing-id of the currently opened drawing. * Ubah sized code, I know. But I use it on several locations. */ if (!getConfig("lotto")) { makeNotice("Your CEO disabled the Lotto module, request denied.", "warning", "Lotto Module Offline"); } global $DB; $OD = $DB->getCol("SELECT drawing FROM lotto WHERE isOpen='1' ORDER BY drawing DESC LIMIT 1"); return $OD[0]; }
function createTransaction() { // We need globals. global $DB; global $MySelf; global $TIMEMARK; // Are we allowed to poke in here? if (!$MySelf->isAccountant()) { makeNotice("Umm, you are not allowed to do this. Really. You are not.", "warning", "You are not supposed to be here"); } // Check the ints. numericCheck($_POST[wod], 0, 1); numericCheck($_POST[amount], 0); numericCheck($_POST[id], 0); // Its easier on the eyes. $type = $_POST[wod]; $amount = $_POST[amount]; $id = $_POST[id]; $username = idToUsername($id); // invert the amount if we have a withdrawal. if ($_POST[wod] == 1) { $dir = "withdrawed"; $dir2 = "from"; $hisMoney = getCredits($id); if ($hisMoney < $amount) { $ayee = $hisMoney - $amount; confirm("WARNING:<br>{$username} can NOT afford this withdrawal. If you choose to " . "authorize this transaction anyway his account will be at " . number_format($ayee, 2) . " ISK."); } } else { $amount = $_POST[amount]; $dir = "deposited"; $dir2 = "into"; } // We use custom reason, if set. if ($_POST[reason2] != "") { $reason = sanitize($_POST[reason2]); } else { $reason = sanitize($_POST[reason1]); } // Create transaction. $transaction = new transaction($id, $type, $amount); $transaction->setReason($reason); // Success? if (!$transaction->commit()) { // Nope :( makeNotice("Unable to create transaction. Danger, Will Robinson, DANGER!", "error", "Internal Error", "index.php?action=edituser&id={$id}", "[Back]"); } else { // Success ! makeNotice("You successfully {$dir} {$amount} ISK {$dir2} " . $username . "'s account.", "notice", "Transaction complete", "index.php?action=edituser&id={$id}", "[Ok]"); } }
function sirchange() { if ($_POST[sir] == "true") { $state = 1; } else { $state = 0; } global $PREFS; $PREFS->setPref("sirstate", $state); if (!$state) { makeNotice("Value changed. Inofficial mining operations will no longer show up.", "notice", "Preferences stored", "index.php?action=preferences", "[ok]"); } else { makeNotice("Value changed. Inofficial mining operations will now be listed again.", "notice", "Preferences stored", "index.php?action=preferences", "[ok]"); } }
function quickConfirm() { global $DB; global $MySelf; if ($MySelf->canManageUser() == false) { makeNotice("You are not allowed to do this!", "error", "Forbidden"); } $ID = sanitize($_GET[id]); numericCheck($ID); $DB->query("UPDATE users SET confirmed='1' WHERE id='" . $ID . "'"); $userDS = $DB->query("SELECT * FROM users WHERE id='{$ID}' LIMIT 1"); $user = $userDS->fetchRow(); lostPassword($user[username]); header("Location: index.php?action=editusers&newusers=true"); die; }
function popCan() { // We need the globals, as always, global $DB; global $MySelf; $UserID = $MySelf->getID(); // Is the ID sane? if ($_GET[id] != "all") { if (empty($_GET[id]) || !is_numeric($_GET[id]) || $_GET[id] < 1) { makeNotice("Invalid container selected for popping!", "error"); } else { $LIMIT = " AND id='{$_GET['id']}' LIMIT 1"; } } else { confirm("Are you sure you want to pop all your cans?"); } // Delete the can from the list. $DB->query("DELETE FROM cans WHERE pilot='{$UserID}' {$LIMIT}"); // And tell the user what happened. $canspopped = $DB->affectedRows(); // Do we want to go back to the run or the canpage? if (isset($_GET[runid])) { $bl = "index.php?action=show&id=" . $_GET[runid]; } else { $bl = "index.php?action=cans"; } if ($canspopped == 1) { // ONE can has been popped. makeNotice("The can has been popped.", "notice", "POP!", $bl, "That was fun!"); } elseif ($canspopped > 1) { // TWO OR MORE cans have been popped. makeNotice("{$canspopped} cans have been popped.", "notice", "POP!", $bl, "That was fun!"); } else { // ZERO OR LESS cans have been popped. $col = $DB->getRow("SELECT id, pilot FROM cans WHERE id='{$_GET['id']}'"); if (userInRun($MySelf->getID(), $col[id])) { $DB->query("DELETE FROM cans WHERE id='{$col['id']}' LIMIT 1"); if ($DB->affectedRows() == 1) { makeNotice("You just popped a can belonging to " . idToUsername($col[pilot]) . ".", "notice", "POP!", $bl, "That was fun!"); } else { makeNotice("The can could not be popped!", "error", "Internal Error", $bl, "[cancel]"); } } else { makeNotice("The can could not be popped!", "error", "Internal Error", $bl, "[cancel]"); } } }
function getTemplate($identifier, $type) { global $DB; // Check that we have all the requirements if (!$identifier || !$type) { makeNotice("Invalid Identifier or Type in getTemplate!", "error", "Internal error"); } // Load the Template from the database $template = $DB->query("SELECT template FROM templates WHERE identifier ='{$identifier}' AND type='{$type}' LIMIT 1"); // Do we have it? if ($template->numRows() == 1) { // Yes! $temp = $template->fetchRow(); return $temp['template']; } else { // We dont have it :( return false; } }
function setConfig($var, $val) { // Globals! Yay! global $DB; // Check that we have a descriptor. if ($var == "") { makeNotice("Invalid descriptor in setConfig!", "error", "internal Error!"); } // Sanitize it. $var = sanitize($var); $val = sanitize($val); // Do we have a valid config entry? $setting = $DB->query("DELETE FROM config WHERE name='" . $var . "' LIMIT 1"); // Cache it. $setting = $DB->query("INSERT INTO config (name, value) VALUES (?,?)", array("{$var}", "{$val}")); if ($DB->affectedRows() != 1) { makeNotice("Could not update the database registry (setConfig)!", "error", "Internal error!"); } }
function transferMoney() { // Globals global $MySelf; global $DB; global $TIMEMARK; $MyCredits = getCredits($MySelf->getID()); // Can we afford even the most basic transactions? if (!numericCheckBool($MyCredits, 0)) { makeNotice("You can not afford any transaction.", "warning", "Out of money", "index.php?action=manageWallet", "[cancel]"); } // Did we supply an isk amount at all? if ($_POST[amount] == "") { makeNotice("You did not specify an ISK amount. Please go back, and try again.", "warning", "How much?", "index.php?action=manageWallet", "[cancel]"); } if (!is_numeric($_POST[amount])) { makeNotice("The frog looks at you and your cheque with the amount of \"" . $_POST[amount] . "\". The frog is unsure how much ISK that is and instead decides to lick your face in a friendly manner, then it closes the teller and goes for lunch.", "warning", "Huh?"); } // Check for sanity. if (!numericCheckBool($_POST[to], 0)) { makeNotice("The supplied reciver is not valid.", "warning", "Invalid ID", "index.php?action=manageWallet", "[cancel]"); } if (!numericCheckBool($_POST[amount], 0)) { makeNotice("You need to specify a positive ISK value.", "error", "Invalid amount", "index.php?action=manageWallet", "[cancel]"); } if (!numericCheckBool($_POST[amount], 0, $MyCredits)) { makeNotice("You can not afford this transaction.", "warning", "Out of money", "index.php?action=manageWallet", "[cancel]"); } // Ok so now we know: The reciver is valid, the sender has enough money. $from = "<br><br>From: " . ucfirst($MySelf->getUsername()); $to = "<br>To: " . ucfirst(idToUsername($_POST[to])); $amount = "<br>Amount: " . number_format($_POST[amount], 2) . " ISK"; $reason = "<br>Reason: " . $_POST[reason]; confirm("Please authorize this transaction:" . $from . $to . $amount . $reason); // Lets do it. $transaction = new transaction($_POST[to], 0, $_POST[amount]); $transaction->setReason("Cash transfer from " . ucfirst($MySelf->getUsername()) . " to " . ucfirst(idToUsername($_POST[to])) . ": " . $_POST[reason]); $transaction->isTransfer(true); $transaction->commit(); // Send'em back. makeNotice($amount . " has been transfered from your into " . ucfirst(idToUsername($_POST[to])) . " account.", "notice", "Cash transfered", "index.php?action=manageWallet", "[OK]"); }