<?php
if (basename($_SERVER["PHP_SELF"]) == "banner.php") {
die("403 - Access Forbidden");
}
if ($_SESSION['admin']) {
if (!isset($_POST['url'])) {
echo "<h2 class=\"text-left\">Site Banner</h2><hr/>\n\t\t<p>Many sites have a banner at the top of the page to make the website more personalized. There is not a default image size, but you may want to play around with some sizes to see what you like.</p>\n\t\t<p>To upload an image, please go to <a href=\"http://www.imgur.com\">imgur.com</a>, and then enter in the image url below. The URL will look like this: i.imgur.com/abcdefghi.jpg. Of course, you may use any other website to host your image.</p><hr/>\n\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Banner URL</label>\n\t\t\t\t<input type=\"text\" class=\"form-control\" name=\"url\" id=\"inputURL\" placeholder=\"Enter image URL\" value=\"" . $banner . "\">\n\t\t\t</div>\n\t\t\t<hr/>\n\t\t\t<button type=\"submit\" class=\"btn btn-primary\" required>Submit »</button>\n\t\t</form>\n\t\t";
} else {
$url = mysql_escape($_POST["url"]);
$mysqli->query("UPDATE " . $prefix . "properties SET banner='{$url}'");
echo "<div class=\"alert alert-success\">Successfully updated banner.</div>";
redirect_wait5("?base=admin");
}
} else {
redirect("?base");
}
<?php
if (basename($_SERVER["PHP_SELF"]) == "character.php") {
die("403 - Access Forbidden");
}
if (isset($_GET['n'])) {
$getchar = $mysqli->real_escape_string($_GET['n']);
$getchar = preg_replace("/[^A-Za-z0-9_]/", '', $getchar);
# Escape and Strip
$checkchar = $mysqli->query("SELECT * from characters WHERE name = '" . $getchar . "'");
$countchar = $checkchar->num_rows;
if ($countchar == 1) {
$c = $checkchar->fetch_assoc();
echo "<h2 class=\"text-left\">Character Info</h2><hr/>";
echo "\n\t\t<div class=\"row\">\n\t\t<div class=\"col-md-6 col-md-offset-3\">\n\t\t\t<div class=\"well\">\n\t\t\t\t<h3 class=\"text-center\"> " . $c['name'] . "</h3>\n\t\t\t\t<hr/>\n\t\t\t\t<img src=\"" . $siteurl . "assets/img/GD/create.php?name=" . $c['name'] . "\" alt=\"" . $c['name'] . "\" class=\"avatar img-responsive\" style=\"margin: 0 auto;\">\n\t\t\t\t<hr/>\n\t\t\t\t<b>Job:</b> " . $c['job'] . "<br/>";
if ($servertype == 1) {
echo "<b>Rebirths:</b> " . $c['reborns'] . "<br/>";
}
echo "\t<b>Level:</b> " . $c['level'] . "<br/>\n\t\t\t\t<b>EXP:</b> " . $c['exp'] . "<br/>\n\t\t\t</div>\n\t\t</div>\n\t\t</div>";
} else {
echo "<div class=\"alert alert-danger\">This character doesn't exist!</div>";
redirect_wait5("?base=main");
}
} else {
echo "<div class=\"alert alert-danger\">This character doesn't exist!</div>";
redirect_wait5("?base=main");
}
if (!isset($_POST['url'])) {
if ($bgfixed == 1) {
$bgfixedcheck = "checked";
} else {
$bgfixedcheck = "";
}
if ($bgcenter == "center") {
$bgcentercheck = "checked";
} else {
$bgcentercheck = "";
}
if ($bgcover == 1) {
$bgcovercheck = "checked";
} else {
$bgcovercheck = "";
}
echo "<h2 class=\"text-left\">Site Background</h2><hr/>\n\t\t<p>Many sites have a background to make the website more personalized. There is not a default image size, but you may want to play around with some sizes to see what you like.</p>\n\t\t<p>To upload an image, please go to <a href=\"http://www.imgur.com\">imgur.com</a>, and then enter in the image url below. The URL will look like this: i.imgur.com/abcdefghi.jpg. Of course, you may use any other website to host your image.</p><hr/>\n\t\t<form method=\"post\">\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Background URL</label>\n\t\t\t\t<input type=\"text\" class=\"form-control\" name=\"url\" id=\"inputURL\" placeholder=\"Enter image URL\" value=\"" . $background . "\">\n\t\t\t</div>\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"inputURL\">Background Color (Hex)</label>\n\t\t\t\t<input type=\"text\" class=\"form-control color\" name=\"bgcolor\" id=\"inputURL\" placeholder=\"Enter Background Color\" value=\"" . $bgcolor . "\">\n\t\t\t\t<span class=\"help-block\">Your background color must look like this: 000000<br/>To look up hex colors, click the input box above.</span>\n\t\t\t</div>\n\t\t\t<div class=\"form-group\">\n\t\t\t\t<label for=\"repeatStyle\">Background Repeat</label>\n\t\t\t\t<select class=\"form-control\" name=\"bgrepeat\" id=\"repeatStyle\">\n\t\t\t\t\t<option value=\"no-repeat\">No Repeat</option>\n\t\t\t\t\t<option value=\"repeat\">Repeat Both Directions</option>\n\t\t\t\t\t<option value=\"repeat-x\">Repeat Horizontally</option>\n\t\t\t\t\t<option value=\"repeat-y\">Repeat Vertically</option>\n\t\t\t\t</select>\n\t\t\t\t<span class=\"help-block\">Background images can repeat horizontally, vertically, both, or none.</span>\n\t\t\t</div>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgcenter\" value=\"1\" {$bgcentercheck}>Center Background (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\n\t\t\t<span class=\"help-block\">Background images can be centered.</span>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgfixed\" value=\"1\" {$bgfixedcheck}>Fixed Background (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\t\t\t\t\n\t\t\t<span class=\"help-block\">Background images can be fixed (won't scroll).</span>\n\t\t\t<div class=\"checkbox\">\n\t\t\t\t<label>\n\t\t\t\t\t<input type=\"checkbox\" name=\"bgcover\" value=\"1\" {$bgcovercheck}>Fit Background to Screen (Yes)\n\t\t\t\t</label>\n\t\t\t</div>\t\t\t\t\n\t\t\t<span class=\"help-block\">Background images can be resized to fit the browser window.</span>\n\t\t\t<hr/>\n\t\t\t<button type=\"submit\" class=\"btn btn-primary\" required>Submit »</button>\n\t\t</form>\n\t\t";
} else {
$url = mysql_escape($_POST["url"]);
$bgcolor = mysql_escape($_POST["bgcolor"]);
$bgrepeat = mysql_escape($_POST["bgrepeat"]);
$bgcenter = mysql_escape(isset($_POST["bgcenter"]));
$bgfixed = mysql_escape(isset($_POST["bgfixed"]));
$bgcover = mysql_escape(isset($_POST["bgcover"]));
$mysqli->query("UPDATE " . $prefix . "properties SET background = '{$url}', bgcolor = '{$bgcolor}', bgrepeat = '{$bgrepeat}', bgcenter = '{$bgcenter}', bgfixed = '{$bgfixed}', bgcover = '{$bgcover}'");
echo "<div class=\"alert alert-success\">Successfully updated background.</div>";
redirect_wait5("?base=admin&page=background");
}
} else {
redirect("?base");
}
}
if (isset($_POST['mute'])) {
$muted = 1;
} else {
$muted = 0;
}
if (isset($err)) {
echo "<hr/><button onclick=\"goBack()\" class=\"btn btn-primary\">« Go Back</button>";
}
if ($_POST['password'] == "" && !isset($err)) {
$mysqli->query("UPDATE accounts SET email = '" . $email . "', " . $colnx . " = '" . $nx . "', " . $colvp . " = '" . $vp . "', gm = '" . $gm . "', webadmin = '" . $webadmin . "', mute = '" . $muted . "' WHERE name = '" . $user . "'");
echo "<div class=\"alert alert-success\">" . $user . " successfully edited</div>";
redirect_wait5("?base=admin&page=manageaccounts&action=view&user="******"");
} elseif (!isset($err)) {
$mysqli->query("UPDATE accounts SET password = '******', email = '" . $email . "', " . $colnx . " = '" . $nx . "', " . $colvp . " = '" . $vp . "', gm = '" . $gm . "', webadmin = '" . $webadmin . "', mute = '" . $muted . "' WHERE name = '" . $user . "'");
echo "<div class=\"alert alert-success\">" . $user . " successfully edited</div>";
redirect_wait5("?base=admin&page=manageaccounts&action=view&user="******"");
}
}
} else {
echo "\n\t\t\t\t\t<h2 class=\"text-left\">Error</h2><hr/>\n\t\t\t\t\t<div class=\"alert alert-danger\">This user doesn't exist!</div>";
redirect_wait5("?base=admin&page=manageaccounts");
}
}
} else {
redirect("?base=admin");
}
}
} else {
redirect("?base=main");
}
echo "Please provide more information.";
} else {
$insertComment = $mysqli->query("INSERT INTO " . $prefix . "tcomments (ticketid, user, content, date_com)\n\t\t\t\t\t\t\tVALUES " . "('" . $_GET['a'] . "', '" . $_SESSION['pname'] . "', '" . $postComment . "', '" . date('F d - g:i A') . "')") or die(mysql_error());
$insertComment = $mysqli->query("UPDATE " . $prefix . "tickets SET date = '" . date('F d - g:i A') . "' WHERE ticketid = '" . sql_sanitize($_GET['a']) . "'") or die(mysql_error());
if ($insertComment) {
echo "<meta http-equiv=\"refresh\" content=\"0; url=\"/>";
} else {
echo "There was an error processing your update. Please notify the admin.";
}
}
}
if (isset($_POST['close'])) {
$closeTicket = $mysqli->query("UPDATE " . $prefix . "tickets SET status = 0 WHERE ticketid = '" . sql_sanitize($_GET['a']) . "'");
if ($closeTicket) {
echo "<br/><div class=\"alert alert-success\">This ticket was successfully closed! You will be redirected in five seconds.</div>";
redirect_wait5("?base=admin&page=ticket");
}
}
}
} else {
redirect("?base");
}
?>
<script>
<?php
if (isset($_SESSION['id'])) {
?>
CKEDITOR.replace( 'ticketDetails', {
allowedContent: 'b i u li ol ul blockquote anchor hr small'
});
$(function() {
if (empty($spcap)) {
echo '<div class="alert alert-danger">Enter a player cap.</div>';
$stop = "true";
redirect_wait5("?base=admin&page=properties");
}
}
if ($stop == "false") {
if (empty($sgmlevel)) {
echo '<div class="alert alert-danger">Enter a level for GMs.</div>';
$stop = "true";
redirect_wait5("?base=admin&page=properties");
}
}
if ($stop == "false") {
$mquery = "UPDATE " . $prefix . "properties SET name='{$sservername}', type = '{$sservertype}', client='{$sclient}', server = '{$sserver}', forumurl='{$sforumurl}', siteurl = '{$ssiteurl}', exprate='{$sexp}', mesorate='{$smeso}', droprate='{$sdrop}', version='{$sversion}', flood='{$floodp}', floodint='{$floodi}', pcap='{$spcap}', gmlevel='{$sgmlevel}'";
$exec = $mysqli->query($mquery);
echo "<h2 class=\"text-left\">Success</h2><hr/><div class=\"alert alert-success\">Configuration Updated</div>";
redirect_wait5("?base=admin&page=properties");
}
} elseif ($do == "") {
include 'assets/config/properties.php';
$flooddefault = "\n\t\t\t<option value=\"0\">Off</option>\n\t\t\t<option value=\"1\" selected>On</option>";
if ($baseflood == 0) {
$flooddefault = "\n\t\t\t<option value=\"0\" selected>Off</option>\n\t\t\t<option value=\"1\">On</option>";
}
$sadefault = "\n\t\t\t<option value=\"0\" selected>Yes</option>\n\t\t\t<option value=\"1\">No</option>";
echo "\n\t\t<script>\n\$('#myTab a').click(function (e) {\n e.preventDefault();\n \$(this).tab('show');\n})\n</script>\n<h2 class=\"text-left\">Site Configuration</h2><hr/>\n<ul id=\"myTab\" class=\"nav nav-tabs\">\n\t<li class=\"active\"><a href=\"#mainconfig\" data-toggle=\"tab\">Site</a></li>\n\t<li><a href=\"#links\" data-toggle=\"tab\">Links</a></li>\n\t<li><a href=\"#info\" data-toggle=\"tab\">Game Info</a></li>\n\t<li><a href=\"#comment\" data-toggle=\"tab\">Comments</a></li>\n</ul>\n<form method='post' action='?base=admin&page=properties&do=submit'>\n<div id=\"myTabContent\" class=\"tab-content\">\n<div class=\"tab-pane fade in active\" id=\"mainconfig\">\n<br/>\n\t<div class=\"form-group\">\n\t\t<label for=\"serverName\">Server Name</label>\n\t\t<input name=\"servername\" type=\"text\" maxlength=\"100\" class='form-control' id=\"serverName\" value=\"" . $servername . "\" required/>\n\t</div>\n\t<div class=\"form-group\">\n\t\t<label for=\"gmLevel\">GM Level for Panel Access</label>\n\t\t<input name=\"gmlevel\" type=\"text\" maxlength=\"100\" class='form-control' id=\"gmLevel\" value=\"" . $gmlevel . "\" required/>\n\t</div>\n\t<div class=\"form-group\">\n\t\t<label for=\"siteURL\">Site Path <span class=\"label label-danger\">IMPORTANT. NEEDS TRAILING SLASH</span></label>\n\t\t<input name=\"siteurl\" type=\"text\" maxlength=\"100\" class='form-control' id=\"siteURL\" value=\"" . $siteurl . "\" required/>\n\t\t<span class=\"help-block\">/ indicates the root directory. /base/ indicates that base has been installed in a folder called base. You <b>must</b> use a trailing slash</span>\t\t\t\n\t</div>\t\n</div>\n\n<div class=\"tab-pane fade\" id=\"links\">\n\t<br/>\n\t<div class=\"form-group\">\n\t\t<label for=\"forumURL\">Forum URL</label>\n\t\t<input name=\"forumurl\" type=\"text\" maxlength=\"100\" class='form-control' id=\"forumURL\" value=\"" . $forumurl . "\" required/>\n\t</div>\t\n\t<div class=\"form-group\">\n\t\t<label for=\"clientLink\">Client Link</label>\n\t\t<input name=\"client\" type=\"text\" maxlength=\"100\" class='form-control' id=\"clientLink\" value=\"" . $client . "\" required/>\n\t</div>\n\t<div class=\"form-group\">\n\t\t<label for=\"setupLink\">Setup Link</label>\n\t\t<input name=\"server\" type=\"text\" maxlength=\"100\" class='form-control' id=\"setupLink\" value=\"" . $server . "\" required/>\n\t</div>\n</div>\n\n<div class=\"tab-pane fade\" id=\"info\">\n\t<br/>\n\t<div class=\"form-group\">\n\t<label for=\"serverVersion\">Server Version</label>\n\t\t<input name=\"version\" type=\"text\" maxlength=\"6\" class='form-control' id=\"serverVersion\" value=\"" . $version . "\" required/>\n\t</div>\n\t<div class=\"form-group\">\n\t\t<label for=\"serverType\">Server Type</label>\n\t\t\t<select name=\"servertype\" class=\"form-control\">\n\t\t\t\t<option value=\"1\" " . $rebirths . ">Rebirth</option>\n\t\t\t\t<option value=\"0\" " . $levels . ">Level</option>\n\t\t\t</select>\n\t</div>\n\t<div class=\"form-group\">\n\t\t<label for=\"expRate\">Experience Rate</label>\n\t\t<input name=\"exprate\" type=\"text\" maxlength=\"10\" class='form-control' id=\"expRate\" value=\"" . $exprate . "\" required/>\n\t</div>\t\n\t<div class=\"form-group\">\n\t\t<label for=\"mesoRate\">Meso Rate</label>\n\t\t<input name=\"mesorate\" type=\"text\" maxlength=\"10\" class='form-control' id=\"mesoRate\" value=\"" . $mesorate . "\" required/>\n\t</div>\t\n\t<div class=\"form-group\">\n\t\t<label for=\"dropRate\">Drop Rate</label>\n\t\t<input name=\"droprate\" type=\"text\" maxlength=\"10\" class='form-control' id=\"dropRate\" value=\"" . $droprate . "\" required/>\n\t</div>\n\t<div class=\"form-group\">\n\t\t<label for=\"playerCap\">Player Cap</label>\n\t\t<input name=\"pcap\" type=\"text\" maxlength=\"20\" class='form-control' id=\"playerCap\" value=\"" . $pcap . "\" required/>\n\t</div>\n</div>\n<div class=\"tab-pane fade\" id=\"comment\">\n\t<br/>\n\t<div class=\"form-group\">\n\t<label for=\"floodPrevention\">Comment Flood Prevention</label> <small>Forces users to wait an interval inbetween comments.</small>\n\t\t<select name=\"floodp\" class=\"form-control\" id=\"floodPrevention\">\n\t\t\t\t" . $flooddefault . "\n\t\t</select>\n\t</div>\n\t<div class=\"form-group\">\n\t\t<label for=\"postingInterval\">Posting Interval</label> <small>Amount of time in <b>minutes</b> between comments</small>\n\t\t<input name=\"floodi\" type=\"text\" maxlength=\"10\" class='form-control' id=\"postingInterval\" value=\"" . $basefloodint . "\" required/>\n\t</div>\n</div>\n</div>\n<input type='submit' name='submit' value='Update »' class=\"btn btn-primary btn-large\"/>\n</form>";
}
} else {
redirect("?base");
}