function section_jointeam_doJoin($id, $invite)
{
// Try to add player to team
$obj = mysql_fetch_object(mysql_query("select l_team.id, l_team.name, l_team.leader, count(callsign) nump\n from l_team left join l_player on l_team.id = l_player.team\n where l_team.id = " . $id . "\n group by l_team.id, l_team.name, l_team.leader"));
if ($obj->nump == $TEAMSIZE) {
// Team full
echo "<center>Sorry, this team is full. Probably someone was joining it at the same time...</center>";
} else {
// Okay, let's do the update
mysql_query("update l_player set team=" . $id . " where id=" . $_SESSION['playerid']);
// Close team if it's full
if ($obj->nump == $TEAMSIZE - 1) {
mysql_query("update l_team set status='closed' where id=" . $id);
}
// Close team if it has 3 players and is adminclosed
if ($obj->nump == 2) {
mysql_query("update l_team set status='closed' where adminclosed='yes' and id=" . $id);
}
echo '<center>You are now a member of the ' . teamLink($obj->name, $obj->id, false) . ' team.<BR>
A message has been sent to the team leader.</center>';
session_refresh();
// Send a message to the team leader
$player = playerLink($_SESSION['playerid'], $_SESSION['callsign']);
if ($invite) {
$msg = "{$player} has accepted your invitation, and has joined your team!<BR>";
sqlQuery("DELETE FROM bzl_invites WHERE teamid={$obj->id} AND \n playerid={$_SESSION['playerid']}");
} else {
$msg = "A new player just joined your team: {$player}";
}
sendBzMail(0, $obj->leader, $_SESSION['callsign'] . ' joined your team!', $msg);
}
}
function section_invite_sendInvite($team, $player, $days, $text)
{
echo "<center>Invitation sent to player, thank you!</center>";
$text = htmlentities($text);
$msg = '<b>' . $_SESSION['callsign'] . "</b> is inviting you to join his/her team: <b>{$team->name}</b>.<br>\n <u>Invitation text:</u><br>{$text}<p><br>\n <a href='index.php?link=jointeam&id={$team->id}'><font size=+1>Click here to accept the invitation.</font></a><br>\n Note that the invitation expires {$days} days from when it was sent.";
sendBzMail($_SESSION['playerid'], $player->id, 'Invitation from ' . $_SESSION['callsign'], $msg, false, true);
sqlQuery("INSERT INTO bzl_invites (teamid, playerid, expires) VALUES ({$team->id}, {$player->id}, \n ADDDATE(NOW(), INTERVAL {$days} DAY))");
}
function section_leaveteam()
{
require_once 'lib/common.php';
$id = addslashes($_GET['id']);
$link = $_GET['link'];
$answer = $_GET['answer'];
$s_playerid = $_SESSION['playerid'];
// Dont let admirarch leave a team. SC request
// if( $s_playerid == 2074 ) {
// errorpage("No can do");
// return;
// }
$obj = mysql_fetch_object(sqlQuery("select name, leader from l_team where id={$id}"));
echo '<BR>';
if ($answer == "") {
if ($s_playerid == $obj->leader) {
// Prevent leaders from leaving their own team
echo "<center>You can't abandon the magnificient {$obj->name} team, because you are its leader.<BR>\n Please go to your <a href=\"index.php?link=teamadmin&id=" . $id . "&" . SID . "\"><b>team page</b></a>\n and assign another leader first!</center>";
} else {
echo '<center>You are about to abandon the magnificient <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team, its members will miss you...<br>';
echo "Please, please, stay in the team!<br>";
echo "Are you really sure you want to abandon this team ?<br><br>";
echo '<TABLE border=0><TR><TD>' . htmlURLbutton('ABANDON', $link, "id={$id}&answer=yes") . '</td><TD> </td><TD>' . htmlURLbutton('CANCEL', $link, "id={$id}&answer=no", CLRBUT) . '</td></tr></table>';
}
} else {
if ($answer == "yes") {
// Remove this player from the team
mysql_query("update l_player set team=0 where id=" . $s_playerid);
// Open the team, because it needs at least one more player,
// but only if it is not administratively closed, or if num players<3
$pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id));
if ($pl->num < 3) {
mysql_query("update l_team set status='opened' where id=" . $id);
} else {
mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $id);
}
echo "<center>That's it, you are no longer a member of the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team.<br>\n A message has just been sent to the team leader</center>";
session_refresh();
// Send a message to the team leader
sendBzMail(0, $obj->leader, $_SESSION['callsign'] . ' has left your team!', 'A player just left your team: "' . $_SESSION['callsign'] . '"');
} else {
// Say thank you
echo '<BR><center>The <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team members thank you for being so brave, and continuing the fight!</center>';
}
}
}
function section_register_doSubmit(&$se)
{
// player's utc timezone offset (aquired from user's client via jscript)
$uz = 0 - $_POST['tzoffset'] / 60;
$cypher = crypt($f_password1);
$call = addSlashes($se->callsign);
$pass = md5($se->password);
sqlQuery("insert into l_player (callsign, team, status, role_id, md5password, created, last_login,\n utczone, country, email) \n values( '{$call}', 0, 'registered', " . NEW_USER_PERMISSION . ", '{$pass}', now(), now(), \n '{$uz}', '{$se->country}', '{$se->email}')");
// Assign session variables
$_SESSION['callsign'] = $se->callsign;
$_SESSION['playerid'] = mysql_insert_id();
// Insert an entry into the statistics table
$gmnow = gmdate("Y-m-d H:i:s");
sqlQuery('insert into ' . TBL_VISITS . " (ts, pid, ip) \n values ('{$gmnow}', {$_SESSION['playerid']}, '{$_SERVER['REMOTE_ADDR']}')");
$_SESSION['teamid'] = 0;
$_SESSION['leader'] = 0;
sendBzMail(0, $_SESSION['playerid'], 'WELCOME, ' . $_SESSION['callsign'], "Thank you for registering, and welcome to the league!<BR>\n Please read the FAQ, and edit your profile to make it easier for others to find you (this REALLY helps for organizing matches).<br>\n Now you can join a team, or create a new team and recruit members.\n <BR>See you on the battlefield!");
echo '<center>Welcome onboard, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '">' . $_SESSION['callsign'] . '</a>.<br><br>
You are now a registered user on the league system, and are allowed to join a team, or create a new one.<br>
Please read the F.A.Q. to know how.
<hr>
This is your personal information:<br>
Login: '******'callsign'] . '<br>
Password: '******'<br>
<hr>
If you lose your password, the only way for you to have a new one is to contact one of the site admins.<br>
See <a href="index.php?link=contact">the contact page</a> if you wan' . "'" . 't to do that.
</center>';
$res = mysql_query("SELECT name FROM bzl_roles WHERE id = " . NEW_USER_PERMISSION) or die(mysql_error());
if ($row = mysql_fetch_array($res)) {
$_SESSION['level'] = $row[0];
} else {
$_SESSION['level'] = "player";
}
session_refresh();
}
function section_banplayer()
{
require_once 'lib/common.php';
$playerid = $_GET['playerid'];
$teamid = $_GET['teamid'];
$f_okban_x = $_GET['f_okban_x'];
$f_ok_x = $_GET['f_ok_x'];
$callsign = $_GET['callsign'];
$name = $_GET['name'];
$link = $_GET['link'];
$player = mysql_fetch_object(mysql_query("select callsign from l_player where id=" . $playerid));
$team = mysql_fetch_object(mysql_query("select name from l_team where id=" . $teamid));
// FIXME: Ok, for now I ignore that players with teampassword can ban other
// players. This is just a quick fix, before there was NO checks WHATSOEVER
// if the operation was allowed
// Check permission
$allowed = 0;
$obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $teamid));
$res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid));
$numplayer = $res->num;
if (isFuncAllowed('teamadmin::edit_any_team') || $_SESSION['playerid'] == $obj->leader) {
// Admin or team leader, allowed
$allowed = 1;
} else {
// FIXME: This wont work, as the link does not contain the teampassword.
/*
// Check password
$cypher = substr (crypt($f_password, substr($obj->password, 0, 2)), 0, 13);
if($cypher == $obj->password) {
// Good password, allowed
$allowed = 1;
}
*/
errorPage("Permission denied.");
return;
}
if ($f_okban_x) {
// Ban confirmed
// Open team is not administratively closed, or if num players<3
$pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid));
if ($pl->num == 3) {
mysql_query("update l_team set status='opened' where id=" . $teamid);
} else {
mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $teamid);
}
mysql_query("update l_player set team=0 where id=" . $playerid);
echo '<center>Well <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '">' . $_SESSION['callsign'] . '</a>,
<a href="index.php?link=playerinfo&id=' . $playerid . '">' . $callsign . '</a>
is no longer a member of the team
<a href="index.php?link=teaminfo&id=' . $teamid . '">' . $name . '</a>';
//TODO: reload of page sends multiple messages ... ?
echo '<br>A message has just been sent to the user.</center>';
sendBzMail(0, $playerid, 'You have been released!', 'Sorry, but ' . $_SESSION['callsign'] . ' released you from the ' . $team->name . ' team<br>');
} else {
if (!$f_ok_x) {
// Someone is playing with the headers
echo "<center>Hey! Please stop playing with your browser!</center>";
} else {
echo '<center>Please confirm that you want to ban <a href="index.php?link=playerinfo&id=' . $playerid . '&' . SID . '">' . $player->callsign . '</a>
from the team <a href="index.php?link=teaminfo&id=' . $teamid . '&' . SID . '">' . $team->name . '</a>.</center>';
echo '<center><BR><form method=GET>' . SID_FORM . '
<input type=hidden name=link value=' . $link . '>
<input type=hidden name=playerid value=' . $playerid . '>
<input type=hidden name=teamid value=' . $teamid . '>
<input type=hidden name=callsign value="' . $player->callsign . '">
<input type=hidden name=name value="' . $team->name . '">' . '<table border=0><TR><TD>' . htmlFormButton(' BAN ', 'f_okban_x') . ' </td><TD> ' . htmlURLbutton('Cancel', 'teaminfo', "id={$teamid}", CLRBUT) . '
</td></tr></table>
</form></center>';
}
}
}
function section_teamadmin()
{
require_once 'lib/common.php';
$TEAMSIZE = 20;
$vars = array('id', 'f_password', 'f_ok_x', 'f_comment', 'f_logo', 'f_name', 'f_status', 'f_password1', 'f_password2', 'link', 'f_leader');
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
}
// Check permission
$allowed = 0;
$obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $id));
$res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id));
$numplayer = $res->num;
if (isFuncAllowed('edit_any_team') || $_SESSION['playerid'] == $obj->leader) {
// Admin or team leader, allowed
$allowed = 1;
} else {
// Check password
$cypher = substr(crypt($f_password, substr($obj->password, 0, 2)), 0, 13);
if ($cypher == $obj->password) {
// Good password, allowed
$allowed = 1;
}
}
echo '<BR>';
if ($obj->status == 'deleted') {
echo "<center>Sorry, you cannot edit a deleted team.</center>";
} else {
if (!$allowed) {
echo "<center>Sorry, you don't have the permission to edit the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team, or you entered an incorrect password.</center>";
} else {
if ($f_ok_x) {
$f_comment = stripslashes($f_comment);
$f_logo = stripslashes($f_logo);
$f_name = stripslashes($f_name);
$f_status = stripslashes($f_status);
} else {
$f_comment = $obj->comment;
$f_logo = $obj->logo;
$f_name = $obj->name;
$f_status = $obj->status;
}
$error = 1;
if ($f_ok_x) {
$error = 0;
// Check password
if ($f_password1 != $f_password2) {
$error = 1;
echo "<div class=error>The passwords don't match</div>";
} else {
if ($f_password1 != "") {
$cypher = ", password='******'$1') . "'";
} else {
$cypher = "";
}
}
// Check duplicate team names
$res = mysql_query("select name from l_team where id!={$id} and name=\"" . addslashes($f_name) . "\"");
if (mysql_num_rows($res) != 0) {
$error = 1;
echo "<div class=error>A team with this name: '{$f_name}' already exists</div>";
$f_name = $obj->name;
}
// Check empty team name
if ($f_name == '') {
$error = 1;
echo "<div class=error>The team name can't be empty</div>";
$f_name = $obj->name;
}
// Check logo
//$msg = checkLogoSize($f_logo);
$msg = '';
if ($msg != '') {
$error = 1;
echo "<div class=error>{$msg}</div>";
}
}
if ($error) {
echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>";
// Hidden fields
echo '<input type=hidden name=f_password value="' . $f_password . '">';
echo '<input type=hidden name=link value="' . $link . '">';
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
// Admins and leaders can change the team name
echo '<tr><td>Team name:</td><td><input name=f_name size=40 maxlength=40 value="' . $f_name . '"></td></tr>';
} else {
echo "<tr><td align=center colspan=2 class=tablehead><div class=teamname><b>" . $obj->name . "</b></div><input type=hidden name=f_name value=\"{$f_name}\"></td></tr>";
}
// Logo
if ($obj->logo != "") {
echo '<tr><td align=center colspan=2><BR><img src="' . $obj->logo . '"></td></tr>';
}
echo '<tr><td>Logo URL (400x300 max!):</td><td><input type=text size=60 maxlength=200 name=f_logo value="' . $f_logo . '"></td></tr>';
echo "<tr><td colspan=2><hr></td></tr>";
// Admin and leaders can change the team password
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
// Password
echo '<tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password1 value="' . $f_password1 . '"> (leaving the fields empty will keep the current password)</td></tr>
<tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password2 value="' . $f_password2 . '"></td></tr>
<tr><td colspan=2><hr></td></tr>';
}
// Admin and leaders can change the team status
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
if ($numplayer >= 3 && $numplayer < $TEAMSIZE) {
// Can change status IF there are 3 players or more
echo "<tr><td>Team status:</td><td><select name=f_status>";
if ($f_status == 'opened') {
echo '<option selected value=opened>opened</option>
<option value=closed>closed</option>';
} else {
echo '<option value=opened>opened</option>
<option selected value=closed>closed</option>';
}
echo "</select></td></tr>";
} else {
if ($numplayer == 1) {
$typo = 'player';
} else {
$typo = 'players';
}
echo '<input type=hidden name=f_status value="' . $obj->status . '">';
echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . ' (forced because you have ' . $numplayer . ' ' . $typo . ')</td></tr>';
}
} else {
echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . '</td></tr>';
}
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
echo "<tr>";
echo "<td>Leader</td>";
echo "<td><select name=\"f_leader\">";
$sql = "SELECT id, callsign FROM l_player WHERE team = '{$id}' ORDER by callsign";
$res = mysql_query($sql);
while ($row = mysql_fetch_row($res)) {
if ($row[0] == $obj->leader) {
print "<option value=\"\" SELECTED>" . stripslashes($row[1]) . " (current leader)</option>";
} else {
print "<option value=\"{$row[0]}\">" . stripslashes($row[1]) . "</option>";
}
}
echo "</select>";
echo "</td>";
echo "</tr>";
}
// Comment
echo '<tr><td colspan=2>Comment:<br><textarea name=f_comment cols=50 rows=6>' . $f_comment . '</textarea></td></tr>
<tr><td colspan=2><hr></td></tr>
<tr><td align=center colspan=2><table><tr><td>' . htmlFormButton(' OK ', 'f_ok_x') . '</td><td width=8></td><td>' . htmlURLbutton('Cancel', 'teaminfo', "id={$id}", CLRBUT) . '</td></tr></table></td></tr></table></form>';
} else {
// Update the table
if (!empty($f_leader)) {
$sql = "SELECT 1 FROM l_player WHERE id = '{$f_leader}' AND team = {$id} ";
$res = mysql_query($sql);
if (mysql_fetch_row($res)) {
$_SESSION['leader'] = $f_leader == $_SESSION['playerid'] ? 1 : 0;
$f_leader = 'leader = ' . $f_leader . ', ';
} else {
$f_leader = '';
}
} else {
$f_leader = '';
}
if ($f_status == '') {
$f_status = 'opened';
}
if ($f_status != $obj->status) {
// Changed the status
if ($f_status == 'closed') {
$adminclosed = 'yes';
} else {
$adminclosed = 'no';
}
} else {
// Keep current status
$adminclosed = $obj->adminclosed;
}
sqlQuery($sql = 'update l_team
set logo="' . addSlashes($f_logo) . '",
comment="' . addSlashes($f_comment) . '" ' . $cypher . ',
name="' . addSlashes($f_name) . '",
adminclosed="' . $adminclosed . '", ' . $f_leader . '
status="' . $f_status . '"
where id=' . $id);
echo '<BR><center>Thank you, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a>, for updating the <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $f_name . '</a> team.</center>';
// If changed the team name, inform the team members
if ($f_name != $obj->name) {
echo '<center>You changed the team name, we inform your team members.</center>';
sendBzMail(0, $id, 'Team renamed!', '<center>---ADMINISTRATIVE MESSAGE---</center><br>' . $_SESSION['callsign'] . ' just changed the name of your team from <i>' . $obj->name . '</i> to <i>' . $f_name . '</i>.', true, true);
}
}
}
}
}
function section_sendmessage()
{
require_once 'lib/common.php';
$vars = array('pid', 'tid', 'f_ok_x', 'toteam', 'reply', 'f_subject', 'f_msg', 'replying', 'repid', 'mid', 'link', 'dup');
$s_playerid = $_SESSION['playerid'];
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
}
if (isGuest()) {
return errorPage('Not Authorized');
}
if ($dup) {
echo '<BR><CENTER>Duplicate mail not sent (refresh or back button detected)<BR>';
return;
}
if (isset($pid)) {
if ($toteam == 'yes' && isset($_POST['reply_team'])) {
$team = mysql_fetch_object(mysql_query("select l_team.id, name from l_team, l_player where l_player.id={$pid} and l_team.id=team"));
$tid = $team->id;
} else {
$toteam = 'no';
$player = mysql_fetch_object(mysql_query("select callsign from l_player where id={$pid}"));
}
}
if (isset($tid)) {
$team = mysql_fetch_object(mysql_query("select name from l_team where id={$tid}"));
}
$error = 1;
if ($f_ok_x) {
$error = 0;
$f_msg = stripslashes($f_msg);
if ($f_msg == '') {
$error = 1;
echo "<div class=error>You must write something to send a message</div>";
}
}
if ($error) {
if (isset($toteam)) {
if ($toteam == 'yes') {
$rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>';
} else {
$rcpt = '<a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>';
}
} else {
if (isset($tid)) {
$rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>';
} else {
$rcpt = 'player <a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>';
}
}
if (isset($reply)) {
$msg = mysql_fetch_object(mysql_query($sql = "select * from l_message where msgid={$mid}"));
$message = $msg->msg;
$f_subject = $msg->subject;
if (substr($f_subject, 0, 3) != 'Re:') {
$f_subject = 'Re: ' . $f_subject;
}
// Strip subject if it's too long
if (strlen($f_subject) > 80) {
$f_subject = substr($f_subject, 0, 80);
}
echo "<table border=0 align=center cellspacing=0 cellpadding=1>\n <tr class=tablehead><td>Original message:</td></tr>\n <tr class=msgquote><td>";
echo stripslashes(nl2br($message)) . '</td></tr></table><br>';
// Quote initial message
$f_msg = ereg_replace("\n", ">", ereg_replace("^", ">", $message));
$f_msg = $f_msg . "\n>\n";
$action = "Replying to ";
} else {
$action = "Sending a message to ";
}
echo '<center><form method=post>' . SID_FORM . $action . $rcpt . '.<br><br>
Enter your message below:<br>
Subject:<input type=text maxlength=80 size=60 name=f_subject value="' . $f_subject . '"><BR>
<textarea cols=50 rows=15 name=f_msg>' . stripslashes($f_msg) . '</textarea>
<hr><center>
<input type=hidden name=link value=' . $link . '>';
snFormInit();
echo '<TABLE><TR><TD>' . htmlFormButton('SEND', 'f_ok_x') . '</td><TD width=10></td><TD>';
if (isset($pid)) {
echo htmlURLbutton('Cancel', 'playerinfo', "id={$pid}", CLRBUT);
} else {
echo htmlURLbutton('Cancel', 'teaminfo', "id={$tid}", CLRBUT);
}
echo '</td></tr></table><input type=hidden name=link value=' . $link . '>';
if (isset($reply)) {
// Flag that we are replying to a message
echo '<input type=hidden name=replying value=1>';
echo '<input type=hidden name=repid value=' . $mid . '>';
}
if (isset($tid)) {
echo '<input type=hidden name=tid value=' . $tid . '>';
} else {
echo '<input type=hidden name=pid value=' . $pid . '>';
}
echo '</center></form></center>';
} else {
// Do send the message
echo "<center>Message sent, thank you!</center>";
snCheck('sendmessage', 'dup=1');
// If replying we mark the original message as replied
if (isset($replying)) {
mysql_query("update l_message set status='replied' where msgid={$repid}");
}
if (isset($pid)) {
if ($toteam == 'yes') {
// Send to a team
sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes');
} else {
// Send to one player
sendBzMail($s_playerid, $pid, $f_subject, $f_msg);
}
} else {
// Send to a team
sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes');
}
}
}
