$bind_pwd = $xerte_toolkits_site->bind_pwd;
$basedn = $xerte_toolkits_site->basedn;
$bind_dn = $xerte_toolkits_site->bind_dn;
$result = authenticate_to_host($host, $port, $bind_pwd, $basedn, $bind_dn, $username, $password, $xerte_toolkits_site);
if ($result) {
receive_message($username, "USER", "SUCCESS", "Logging in succeeded for " . $username, "Logging in succeeded for " . $username);
return $result;
} else {
receive_message($username, "USER", "CRITICAL", "Login failed for " . $username, "Login failed for " . $username);
return $result;
}
}
} else {
while ($host = mysql_fetch_array($ldap_hosts)) {
$result = authenticate_to_host($host['ldap_host'], $host['ldap_port'], $host['ldap_password'], $host['ldap_username'], $host['ldap_basedn'], $host['ldap_filter'], $host['ldap_filter_attr'], $username, $password, $xerte_toolkits_site);
if ($result[0]) {
return true;
}
}
}
return false;
}
require "../config.php";
if (valid_login($_POST['username'], $_POST['password'], $xerte_toolkits_site)) {
echo "Logging in worked";
} else {
echo "Logging in failed";
}
$data = get_user_details($_POST['username'], $_POST['password']);
echo "<p>Getting LDAP record for user - to work with Toolkits - [sn][0] should the surname and [givenname][0] should be the first name<pre>";
print_r($data[1][0]);
function do_delete_reward_item(&$sqlm)
{
global $action_permission, $mmfpm_db;
valid_login($action_permission['delete']);
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
if (empty($_GET['item'])) {
redirect('rewards.php?error=1');
}
$items = $sqlm->quote_smart($_GET['item']);
if (is_numeric($items)) {
} else {
redirect('rewards.php?error=1');
}
$sqlm->query('DELETE FROM mm_reward_item WHERE item = ' . $items . '');
unset($items);
if ($sqlm->affected_rows()) {
redirect('rewards.php?action=show_reward_item');
} else {
redirect('rewards.php?error=2');
}
}
function delete_motd(&$sqlm)
{
global $action_permission, $realm_id, $mmfpm_db;
// minimum permission to view page
valid_login($action_permission['delete']);
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
if (empty($_GET['id'])) {
redirect('index.php');
}
$id = $sqlm->quote_smart($_GET['id']);
if (is_numeric($id)) {
} else {
redirect('motd.php?error=1');
}
$sqlm->query('
DELETE FROM mm_motd
WHERE id =' . $id . '');
unset($id);
redirect('index.php');
}
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "header.php";
require_once "libs/get_uptime_lib.php";
valid_login($action_permission["view"]);
function stats($action)
{
global $output, $realm_id, $logon_db, $server, $theme, $sql, $core;
$race = array(1 => array(1, "human", "", ""), 2 => array(2, "orc", "", ""), 3 => array(3, "dwarf", "", ""), 4 => array(4, "nightelf", "", ""), 5 => array(5, "undead", "", ""), 6 => array(6, "tauren", "", ""), 7 => array(7, "gnome", "", ""), 8 => array(8, "troll", "", ""), 10 => array(10, "bloodelf", "", ""), 11 => array(11, "draenei", "", ""));
$class = array(1 => array(1, "warrior", "", ""), 2 => array(2, "paladin", "", ""), 3 => array(3, "hunter", "", ""), 4 => array(4, "rogue", "", ""), 5 => array(5, "priest", "", ""), 6 => array(6, "death_knight", "", ""), 7 => array(7, "shaman", "", ""), 8 => array(8, "mage", "", ""), 9 => array(9, "warlock", "", ""), 11 => array(11, "druid", "", ""));
$level = array(1 => array(1, 1, 9, "", ""), 2 => array(2, 10, 19, "", ""), 3 => array(3, 20, 29, "", ""), 4 => array(4, 30, 39, "", ""), 5 => array(5, 40, 49, "", ""), 6 => array(6, 50, 59, "", ""), 7 => array(7, 60, 69, "", ""), 8 => array(8, 70, 79, "", ""), 9 => array(9, 80, 80, "", ""));
function format_uptime($seconds)
{
$secs = intval($seconds % 60);
$mins = intval($seconds / 60 % 60);
$hours = intval($seconds / 3600 % 24);
$days = intval($seconds / 86400);
$uptimeString = "";
if ($days) {
$uptimeString .= $days;
}
}
// If the user isn't logged in, force the user to login
if (!isset($_SESSION['is_valid'])) {
$action = 'login';
}
switch ($action) {
case 'login':
if (isset($_POST['login-email']) && isset($_POST['login-password'])) {
$user = $_POST['login-email'];
$password = $_POST['login-password'];
} else {
$user = '';
$password = '';
}
if (valid_login($user, $password)) {
$_SESSION['is_valid'] = $user;
include 'view/dashboard.php';
} else {
include 'view/page_login.php';
}
break;
case 'logout':
$_SESSION = array();
// Clear all session data from memory
session_destroy();
// Clean up the session ID
include 'view/page_login.php';
break;
case 'show_profile':
$_SESSION['view_people'] = $_SESSION['is_valid'];
function saveloc()
{
global $output, $action_permission, $characters_db, $realm_id, $user_id, $hearthstone_credits, $sql, $core;
valid_login($action_permission["view"]);
$guid = $sql["char"]->quote_smart($_GET["guid"]);
if ($core == 1) {
$query = "SELECT * FROM characters WHERE guid='" . $guid . "'";
} elseif ($core == 2) {
$query = "SELECT *,\n characters.map AS mapId, characters.zone AS zoneId,\n character_homebind.map AS bindmapId, character_homebind.zone AS bindzoneId,\n character_homebind.position_x AS bindpositionX, character_homebind.position_y AS bindpositionY,\n character_homebind.position_z AS bindpositionZ\n FROM characters LEFT JOIN character_homebind ON characters.guid=character_homebind.guid WHERE characters.guid='" . $guid . "'";
} else {
$query = "SELECT *,\n characters.map AS mapId, characters.zone AS zoneId,\n character_homebind.mapId AS bindmapId, character_homebind.zoneId AS bindzoneId,\n character_homebind.posX AS bindpositionX, character_homebind.posY AS bindpositionY,\n character_homebind.posZ AS bindpositionZ\n FROM characters LEFT JOIN character_homebind ON characters.guid=character_homebind.guid WHERE characters.guid='" . $guid . "'";
}
$char = $sql["char"]->fetch_assoc($sql["char"]->query($query));
if ($core != 1) {
if (!isset($char["bindmapId"])) {
$query = "SELECT * FROM playercreateinfo WHERE race='" . $char["race"] . "' AND class='" . $char["class"] . "'";
$result = $sql["world"]->query($query);
$fields = $sql["world"]->fetch_assoc($result);
$char["bindmapId"] = $fields["map"];
$char["bindzoneId"] = $fields["zone"];
$char["bindpositionX"] = $fields["position_x"];
$char["bindpositionY"] = $fields["position_y"];
$char["bindpositionZ"] = $fields["position_z"];
}
}
$int_err = 0;
// credits
if ($hearthstone_credits > 0) {
// we need the player's account
if ($core == 1) {
$acct_query = "SELECT login AS username FROM accounts WHERE acct=(SELECT acct FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')";
} else {
$acct_query = "SELECT username FROM account WHERE id=(SELECT account FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')";
}
$acct_result = $sql["logon"]->query($acct_query);
$acct_result = $sql["logon"]->fetch_assoc($acct_result);
$username = $acct_result["username"];
// now we get the user's credit balance
$cr_query = "SELECT Credits FROM config_accounts WHERE Login='******'";
$cr_result = $sql["mgr"]->query($cr_query);
$cr_result = $sql["mgr"]->fetch_assoc($cr_result);
$credits = $cr_result["Credits"];
// since this action is delayed, we have to make sure the account still has sufficient funds
// if the account doesn't have enough, we just ignore the hearthstone request
if ($credits >= 0 && $credits < $hearthstone_credits) {
$int_err = 1;
}
if (!$int_err) {
// we don't charge credits if the account is unlimited
if ($credits >= 0) {
$credits = $credits - $hearthstone_credits;
}
$money_query = "UPDATE config_accounts SET Credits='" . $credits . "' WHERE Login='******'";
$money_result = $sql["mgr"]->query($money_query);
}
}
if (!$int_err) {
if ($core == 1) {
$query = "UPDATE characters SET positionX='" . $char["bindpositionX"] . "', positionY='" . $char["bindpositionY"] . "', positionZ='" . $char["bindpositionZ"] . "', mapId='" . $char["bindmapId"] . "', zoneId='" . $char["bindzoneId"] . "' WHERE guid='" . $guid . "'";
} else {
$query = "UPDATE characters SET position_x='" . $char["bindpositionX"] . "', position_y='" . $char["bindpositionY"] . "', position_z='" . $char["bindpositionZ"] . "', map='" . $char["bindmapId"] . "', zone='" . $char["bindzoneId"] . "' WHERE guid='" . $guid . "'";
}
$result = $sql["char"]->query($query);
redirect("hearthstone.php?error=2");
}
redirect("index.php");
}
function set_def_realm(&$sqlr)
{
global $action_permission;
valid_login($action_permission['read']);
$id = isset($_GET['id']) ? $sqlr->quote_smart($_GET['id']) : 1;
if (is_numeric($id)) {
} else {
$id = 1;
}
if ($sqlr->num_rows($sqlr->query('
SELECT id
FROM realmlist
WHERE id = ' . $id . ''))) {
$_SESSION['realm_id'] = $id;
}
unset($id);
$url = isset($_GET['url']) ? $_GET['url'] : 'index.php';
redirect($url);
}
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
// page header, and any additional required libraries
require_once 'header.php';
// minimum permission to view page
valid_login($action_permission['delete']);
if (test_port($server[$realm_id]['addr_wan'], $server[$realm_id]['term_port'])) {
// we start with a lead of 10 spaces,
// because last line of header is an opening tag with 8 spaces
// keep html indent in sync, so debuging from browser source would be easy to read
$output .= '
<!-- start of ssh.php -->
<center>
<br />
<applet codebase="." archive="libs/js/ssh.jar"
code="de.mud.jta.Applet" width="780" height="350">
<param name="plugins" value="Status,Socket,' . $server[$realm_id]['term_type'] . ',Terminal" />
<param name="Socket.host" value="' . $server[$realm_id]['addr_wan'] . '" />
<param name="Socket.port" value="' . $server[$realm_id]['term_port'] . '" />
</applet>
<br />
function purchase()
{
global $world_db, $characters_db, $realm_id, $user_name, $output, $action_permission, $user_lvl, $from_char, $stationary, $sql, $core;
valid_login($action_permission["view"]);
if (empty($_GET["item"])) {
redirect("ultra_vendor.php?error=1");
}
if (empty($_GET["total"])) {
redirect("ultra_vendor.php?error=1");
}
if (empty($_GET["want"])) {
redirect("ultra_vendor.php?error=1");
}
$mode = $_GET["mode"];
if ($core == 1) {
$iquery = "SELECT * FROM items " . ($locales_search_option != 0 ? "LEFT JOIN items_localized ON (items_localized.entry=items.entry AND language_code='" . $locales_search_option . "') " : " ") . "WHERE items.entry='" . $_GET["item"] . "'";
} else {
$iquery = "SELECT * FROM item_template " . ($locales_search_option != 0 ? "LEFT JOIN locales_item ON locales_item.entry=item_template.entry " : " ") . "WHERE item_template.entry='" . $_GET["item"] . "'";
}
$iresult = $sql["world"]->query($iquery);
$item = $sql["world"]->fetch_assoc($iresult);
// Localization
if ($locales_search_option != 0) {
if ($core == 1) {
$item["name1"] = $item["name"];
} else {
$item["name1"] = $item["name_loc" . $locales_search_option];
}
} else {
$item["name1"] = $item["name1"];
}
$cquery = "SELECT *, money AS gold FROM characters WHERE name='" . $_GET["char"] . "'";
$cresult = $sql["char"]->query($cquery);
$char = $sql["char"]->fetch_assoc($cresult);
if ($mode == "money") {
$char_money = $char["gold"];
$char_money = $char_money - $_GET["total"];
if ($core == 1) {
$money_query = "UPDATE characters SET gold='" . $char_money . "' WHERE guid='" . $char["guid"] . "'";
} else {
$money_query = "UPDATE characters SET money='" . $char_money . "' WHERE guid='" . $char["guid"] . "'";
}
$money_result = $sql["char"]->query($money_query);
} else {
// get our credit balance
$cr_query = "SELECT Credits FROM config_accounts WHERE Login='******'";
$cr_result = $sql["mgr"]->query($cr_query);
$cr_result = $sql["mgr"]->fetch_assoc($cr_result);
$credits = $cr_result["Credits"];
// we don't charge credits if the account is unlimited
if ($credits >= 0) {
$credits = $credits - $_GET["total"];
}
$money_query = "UPDATE config_accounts SET Credits='" . $credits . "' WHERE Login='******'";
$money_result = $sql["mgr"]->query($money_query);
}
if ($core == 1) {
$mail_query = "INSERT INTO mailbox_insert_queue VALUES ('" . $from_char . "', '" . $char["guid"] . "', '" . lang("ultra", "questitems") . "', " . chr(34) . $_GET["want"] . "x " . $item["name1"] . chr(34) . ", '" . $stationary . "', '0', '" . $_GET["item"] . "', '" . $_GET["want"] . "')";
redirect("ultra_vendor.php&moneyresult=" . $money_result);
} else {
// we need to be able to bypass mail.php's normal permissions to send mail
$_SESSION['vendor_permission'] = 1;
redirect("mail.php?action=send_mail&type=ingame_mail&to=" . $char["name"] . "&subject=" . lang("ultra", "questitems") . "&body=" . $_GET["want"] . "x " . $item["name"] . "&group_sign==&group_send=gm_level&money=0&att_item=" . $_GET["item"] . "&att_stack=" . $_GET["want"] . "&redirect=ultra_vendor.php&moneyresult=" . $money_result);
}
}
<?php
require_once "header.php";
valid_login($action_permission['update']);
//###########################################################################
// print mail form
function print_mail_form()
{
global $lang_mail, $output;
$to = isset($_GET['to']) ? $_GET['to'] : NULL;
$type = isset($_GET['type']) ? $_GET['type'] : "email";
$output .= "\n <center>\n <form action=\"mail.php?action=send_mail\" method=\"post\" name=\"form\">\n <fieldset style=\"width: 770px;\">\n <legend>{$lang_mail['mail_type']}</legend>\n <br />\n <table class=\"top_hidden\" style=\"width: 720px;\">\n <tr>\n <td align=\"left\">{$lang_mail['recipient']}: <input type=\"text\" name=\"to\" size=\"32\" value=\"{$to}\" maxlength=\"225\" /></td>\n <td align=\"left\">{$lang_mail['subject']}: <input type=\"text\" name=\"subject\" size=\"32\" maxlength=\"50\" /></td>\n <td width=\"1\" align=\"right\">\n <select name=\"type\">";
if ($type == "email") {
$output .= "\n <option value=\"email\">{$lang_mail['email']}</option>\n <option value=\"ingame_mail\">{$lang_mail['ingame_mail']}</option>";
} else {
$output .= "\n <option value=\"ingame_mail\">{$lang_mail['ingame_mail']}</option>\n <option value=\"email\">{$lang_mail['email']}</option>";
}
$output .= "\n </select>\n </td>\n </tr>\n <tr><td colspan=\"3\"><hr /></td></tr>\n <tr>\n <td colspan=\"3\">\n {$lang_mail['dont_use_both_groupsend_and_to']}\n </td>\n </tr>\n <tr>\n <td colspan=\"3\">{$lang_mail['group_send']}:\n <select name=\"group_send\">\n <optgroup label=\"{$lang_mail['both']}\">\n <option value=\"gm_level\">{$lang_mail['gm_level']}</option>\n </optgroup>\n <optgroup label=\"{$lang_mail['email']}\">\n <option value=\"locked\">{$lang_mail['locked_accouns']}</option>\n <option value=\"banned\">{$lang_mail['banned_accounts']}</option>\n </optgroup>\n <optgroup label=\"{$lang_mail['ingame_mail']}\">\n <option value=\"char_level\">{$lang_mail['char_level']}</option>\n <option value=\"online\">{$lang_mail['online']}</option>\n </optgroup>\n </select>\n <select name=\"group_sign\">\n <option value=\"=\">=</option>\n <option value=\"<\"><</option>\n <option value=\">\">></option>\n <option value=\"!=\">!=</option>\n </select>\n <input type=\"text\" name=\"group_value\" size=\"20\" maxlength=\"40\" />\n </td>\n </tr>\n <tr><td colspan=\"3\"><hr /></td></tr>\n <tr>\n <td colspan=\"3\" align=\"left\">\n {$lang_mail['attachments']}:\n </td>\n </tr>\n <tr>\n <td colspan=\"3\" align=\"right\">\n {$lang_mail['money']} : <input type=\"text\" name=\"money\" value=\"0\" size=\"10\" maxlength=\"10\" />\n {$lang_mail['item']} : <input type=\"text\" name=\"att_item\" value=\"0\" size=\"10\" maxlength=\"10\" />\n {$lang_mail['stack']} : <input type=\"text\" name=\"att_stack\" value=\"0\" size=\"10\" maxlength=\"10\" />\n </td>\n </tr>\n <tr>\n <td colspan=\"3\">\n </td>\n </tr>\n </table>\n </fieldset>\n <fieldset style=\"width: 770px;\">\n <legend>{$lang_mail['mail_body']}</legend>\n <br /><textarea name=\"body\" rows=\"14\" cols=\"92\"></textarea><br />\n <br />\n <table>\n <tr>\n <td>";
makebutton($lang_mail['send'], "javascript:do_submit()", 130);
$output .= "\n </td>\n </tr>\n </table>\n </fieldset>\n <br />\n </form>\n </center>\n";
}
//#############################################################################
// Send the actual mail(s)
function send_mail()
{
global $lang_global, $output, $realm_db, $characters_db, $realm_id, $user_name, $from_mail, $mailer_type, $smtp_cfg;
if (empty($_POST['body']) || empty($_POST['subject']) || empty($_POST['type']) || empty($_POST['group_sign']) || empty($_POST['group_send'])) {
redirect("mail.php?error=1");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
function do_edit_ticket()
{
global $characters_db, $realm_id, $action_permission;
valid_login($action_permission['update']);
if (empty($_POST['new_text']) || empty($_POST['id'])) {
redirect("ticket.php?error=1");
}
$sqlc = new SQL();
$sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$new_text = $sqlc->quote_smart($_POST['new_text']);
$id = $sqlc->quote_smart($_POST['id']);
if (is_numeric($id)) {
} else {
redirect("ticket.php?error=1");
}
$query = $sqlc->query("UPDATE gm_tickets SET message='{$new_text}' WHERE guid = '{$id}'");
if ($sqlc->affected_rows()) {
redirect("ticket.php?error=5");
} else {
redirect("ticket.php?error=6");
}
}
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
// page header, and any additional required libraries
require_once 'header.php';
require_once 'libs/map_zone_lib.php';
// minimum permission to view page
valid_login($action_permission['view']);
//#############################################################################
// INSTANCES
//#############################################################################
function instances()
{
global $output, $lang_instances, $arcm_db, $realm_id, $world_db, $arcn_db, $itemperpage, $sqlw, $sqlm, $sqld;
//-------------------SQL Injection Prevention--------------------------------
// this page has multipage support and field ordering, so we need these
$start = isset($_GET['start']) ? $sqlw->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$order_by = isset($_GET['order_by']) ? $sqlw->quote_smart($_GET['order_by']) : 'minlevel';
if (preg_match('/^[_[:lower:]]{1,11}$/', $order_by)) {
function saveacct_direct()
{
global $output, $action_permission, $corem_db, $characters_db, $realm_id, $user_id, $sql, $core;
valid_login($action_permission["update"]);
$guid = $sql["mgr"]->quote_smart($_GET["guid"]);
$new = $sql["mgr"]->quote_smart($_GET["new"]);
if ($_GET["new1"] != "") {
$new = $sql["mgr"]->quote_smart($_GET["new1"]);
if (!is_numeric($new)) {
if ($core == 1) {
$acct_query = "SELECT acct, accounts.login, IFNULL(`" . $corem_db["name"] . "`.config_accounts.ScreenName, '')\r\n FROM accounts\r\n LEFT JOIN `" . $corem_db["name"] . "`.config_accounts ON config_accounts.Login=accounts.login COLLATE utf8_general_ci\r\n WHERE accounts.login='******' OR config_accounts.Login='******'";
} else {
$acct_query = "SELECT id AS acct, username AS login, IFNULL(`" . $corem_db["name"] . "`.config_accounts.ScreenName, '')\r\n FROM account\r\n LEFT JOIN `" . $corem_db["name"] . "`.config_accounts ON config_accounts.Login=account.username\r\n WHERE account.username='******' OR config_accounts.ScreenName='" . $new . "'";
}
$acct_result = $sql["logon"]->query($acct_query);
$acct_result = $sql["logon"]->fetch_assoc($acct_result);
$new = $acct_result["acct"];
}
}
if ($core == 1) {
$result = $sql["char"]->query("UPDATE characters SET acct='" . $new . "' WHERE guid='" . $guid . "'");
} else {
$result = $sql["char"]->query("UPDATE characters SET account='" . $new . "' WHERE guid='" . $guid . "'");
}
redirect("char_list.php");
}
function do_add_entry()
{
global $logon_db, $characters_db, $realm_id, $user_name, $output, $action_permission, $user_lvl, $sql, $core;
valid_login($action_permission["insert"]);
if (empty($_GET["ban_type"]) || empty($_GET["entry"]) || empty($_GET["bantime"])) {
redirect("banned.php?error=1&action=add_entry");
}
$ban_type = $sql["logon"]->quote_smart($_GET["ban_type"]);
$entry = $sql["logon"]->quote_smart($_GET["entry"]);
switch ($ban_type) {
case "accounts":
if ($core == 1) {
$result1 = $sql["logon"]->query("SELECT acct FROM accounts WHERE login='******'");
} else {
$result1 = $sql["logon"]->query("SELECT id AS acct FROM account WHERE username='******'");
}
if (!$sql["logon"]->num_rows($result1)) {
redirect("banned.php?error=4&action=add_entry");
} else {
$entry = $sql["logon"]->result($result1, 0, 'acct');
}
break;
case "characters":
$result1 = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $entry . "'");
if (!$sql["char"]->num_rows($result1)) {
redirect("banned.php?error=4&action=add_entry");
} else {
$entry = $sql["char"]->result($result1, 0, 'guid');
}
break;
case "ipbans":
break;
}
$bantime = time() + 3600 * $sql["logon"]->quote_smart($_GET["bantime"]);
$banreason = isset($_GET["banreason"]) && $_GET["banreason"] != '' ? $sql["logon"]->quote_smart($_GET["banreason"]) : "none";
switch ($ban_type) {
case "accounts":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT banned FROM accounts WHERE acct='" . $entry . "'");
} else {
$result = $sql["logon"]->query("SELECT active FROM account_banned WHERE id='" . $entry . "' AND active=1");
}
$acct_banned = $sql["logon"]->result($result, 0);
if ($acct_banned == 0) {
if ($core == 1) {
$sql["logon"]->query("UPDATE accounts SET banned='" . $bantime . "' WHERE acct='" . $entry . "'");
} else {
$sql["logon"]->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason) VALUES ('" . $entry . "', UNIX_TIMESTAMP(), '" . $bantime . "', '" . $user_name . "', '" . $banreason . "')");
}
}
if ($sql["logon"]->affected_rows()) {
redirect("banned.php?error=3&ban_type=" . $ban_type);
} else {
redirect("banned.php?error=2&ban_type=" . $ban_type);
}
break;
case "characters":
$result = $sql["char"]->query("SELECT banned FROM characters WHERE guid='" . $entry . "'");
$char_banned = $sql["char"]->result($result, 0);
if ($char_banned == 0) {
$sql["char"]->query("UPDATE characters SET banned='" . $bantime . "', banReason='" . $banreason . "' WHERE guid='" . $entry . "'");
}
if ($sql["char"]->affected_rows()) {
redirect("banned.php?error=3&ban_type=" . $ban_type);
} else {
redirect("banned.php?error=2&ban_type=" . $ban_type);
}
break;
case "ipbans":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT ip FROM ipbans WHERE ip='" . $entry . "'");
} else {
$result = $sql["logon"]->query("SELECT ip FROM ip_banned WHERE ip='" . $entry . "'");
}
if (!$sql["logon"]->num_rows($result)) {
if ($core == 1) {
$sql["logon"]->query("INSERT INTO ipbans (ip, expire) VALUES ('" . $entry . "', '" . $bantime . "')");
} else {
$sql["logon"]->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason) VALUES ('" . $entry . "', UNIX_TIMESTAMP(), '" . $bantime . "', '" . $user_name . "', '" . $banreason . "')");
}
}
if ($sql["logon"]->affected_rows()) {
redirect("banned.php?error=3&ban_type=" . $ban_type);
} else {
redirect("banned.php?error=2&ban_type=" . $ban_type);
}
break;
}
}
function do_delete()
{
global $world_db, $realm_id, $action_permission, $user_lvl;
valid_login($action_permission['delete']);
if (isset($_GET['entry'])) {
$entry = $_GET['entry'];
} else {
redirect("item.php?error=1");
}
$sqlw = new SQL();
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$result = $sqlw->query("DELETE FROM item_template WHERE entry = '{$entry}'");
redirect("item.php");
}
function dodelete_item()
{
global $output, $action_permission, $sql, $core;
valid_login($action_permission["delete"]);
// get our variables
$cid = isset($_GET["id"]) ? $sql["char"]->quote_smart($_GET["id"]) : NULL;
$bag = isset($_GET["bag"]) ? $sql["char"]->quote_smart($_GET["bag"]) : NULL;
$slot = isset($_GET["slot"]) ? $sql["char"]->quote_smart($_GET["slot"]) : NULL;
$item = isset($_GET["item"]) ? $sql["char"]->quote_smart($_GET["item"]) : NULL;
if (!isset($cid) || !isset($bag) || !isset($slot) || !isset($item)) {
redirect("index.php");
}
if ($core == 1) {
$query = "DELETE FROM playeritems WHERE ownerguid='" . $cid . "' AND entry='" . $item . "' AND containerslot='" . $bag . "' AND slot='" . $slot . "'";
} elseif ($core == 2) {
$query = "SELECT item FROM character_inventory WHERE guid='" . $cid . "' AND item_template='" . $item . "' AND bag='" . $bag . "' AND slot='" . $slot . "'";
$result = $sql["char"]->query($query);
$result = $sql["char"]->fetch_assoc($result);
$item_guid = $result["item"];
$query = "DELETE FROM character_inventory WHERE item='" . $item_guid . "'";
$query2 = "DELETE FROM item_instance WHERE guid='" . $item_guid . "';";
} else {
$query = "SELECT item FROM character_inventory\n LEFT JOIN item_instance ON character_inventory.item=item_instance.guid\n WHERE character_inventory.guid='" . $cid . "' AND itemEntry='" . $item . "' AND bag='" . $bag . "' AND slot='" . $slot . "'";
$result = $sql["char"]->query($query);
$result = $sql["char"]->fetch_assoc($result);
$item_guid = $result["item"];
$query = "DELETE FROM character_inventory WHERE item='" . $item_guid . "'";
$query2 = "DELETE FROM item_instance WHERE guid='" . $item_guid . "';";
}
$result = $sql["char"]->query($query);
if (isset($query2)) {
$result = $sql["char"]->query($query2);
}
redirect("char.php?id=" . $cid . "&mode=" . $_GET["mode"]);
}
function do_edit_char(&$sqlr, &$sqlc)
{
global $lang_global, $lang_char, $output, $realm_db, $characters_db, $realm_id, $world_db, $action_permission, $user_lvl;
valid_login($action_permission['delete']);
if (empty($_GET['id']) || empty($_GET['name'])) {
error($lang_global['empty_fields']);
}
$id = $sqlc->quote_smart($_GET['id']);
$result = $sqlc->query("\r\n\t\tSELECT account, online \r\n\t\tFROM characters \r\n\t\tWHERE guid = '{$id}'");
if ($sqlc->num_rows($result)) {
//we cannot edit online chars
if (!$sqlc->result($result, 0, 'online')) {
//resrict by owner's gmlvl
$owner_acc_id = $sqlc->result($result, 0, 'account');
$query = $sqlr->query("\r\n\t\t\t\tSELECT gmlevel \r\n\t\t\t\tFROM account \r\n\t\t\t\tWHERE id ='{$owner_acc_id}'");
$owner_gmlvl = $sqlr->result($query, 0, 'gmlevel');
$new_owner_name = $_GET['owner_name'];
$query = $sqlr->query("\r\n\t\t\t\tSELECT id \r\n\t\t\t\tFROM account \r\n\t\t\t\tWHERE username ='******'");
$new_owner_acc_id = $sqlr->result($query, 0, 'id');
if ($owner_acc_id != $new_owner_acc_id) {
$max_players = $sqlr->query("\r\n\t\t\t\t\tSELECT numchars \r\n\t\t\t\t\tFROM realmcharacters \r\n\t\t\t\t\tWHERE acctid ='{$new_owner_acc_id}'");
$max_players = $max_players[0];
if ($max_players <= 9) {
$result = $sqlr->query("\r\n\t\t\t\t\t\tUPDATE `{$characters_db[$realm_id]['name']}`.`characters` \r\n\t\t\t\t\t\tSET account = {$new_owner_acc_id} WHERE guid = {$id}");
} else {
redirect("char_edit.php?action=edit_char&id={$id}&error=5");
}
}
if ($user_lvl > $owner_gmlvl) {
if (isset($_GET['check'])) {
$check = $sqlc->quote_smart($_GET['check']);
} else {
$check = NULL;
}
$new_name = $sqlc->quote_smart($_GET['name']);
if (isset($_GET['tot_time'])) {
$new_tot_time = $sqlc->quote_smart($_GET['tot_time']);
} else {
$new_tot_time = 0;
}
if (isset($_GET['money'])) {
$new_money = $sqlc->quote_smart($_GET['money']);
} else {
$new_money = 0;
}
if (isset($_GET['arena_points'])) {
$new_arena_points = $sqlc->quote_smart($_GET['arena_points']);
} else {
$new_arena_points = 0;
}
if (isset($_GET['honor_points'])) {
$new_honor_points = $sqlc->quote_smart($_GET['honor_points']);
} else {
$new_honor_points = 0;
}
if (isset($_GET['total_kills'])) {
$new_total_kills = $sqlc->quote_smart($_GET['total_kills']);
} else {
$new_total_kills = 0;
}
if (!is_numeric($new_tot_time) || !is_numeric($new_money) || !is_numeric($new_arena_points) || !is_numeric($new_honor_points)) {
error($lang_char['use_numeric']);
}
$x = isset($_GET['x']) ? $sqlc->quote_smart($_GET['x']) : 0;
$y = isset($_GET['y']) ? $sqlc->quote_smart($_GET['y']) : 0;
$z = isset($_GET['z']) ? $sqlc->quote_smart($_GET['z']) : 0;
$map = isset($_GET['map']) ? $sqlc->quote_smart($_GET['map']) : 0;
$tp_to = isset($_GET['tp_to']) ? $sqlc->quote_smart($_GET['tp_to']) : 0;
$result = $sqlc->query("\r\n\t\t\t\t\tSELECT equipmentCache \r\n\t\t\t\t\tFROM characters \r\n\t\t\t\t\tWHERE guid = '{$id}'");
$char = $sqlc->fetch_row($result);
$eq_data = explode(' ', $char['equipmentCache']);
//some items need to be deleted
if ($check) {
$item_offset = array("a0" => EQ_DATA_OFFSET_EQU_HEAD, "a1" => EQ_DATA_OFFSET_EQU_NECK, "a2" => EQ_DATA_OFFSET_EQU_SHOULDER, "a3" => EQ_DATA_OFFSET_EQU_SHIRT, "a4" => EQ_DATA_OFFSET_EQU_CHEST, "a5" => EQ_DATA_OFFSET_EQU_BELT, "a6" => EQ_DATA_OFFSET_EQU_LEGS, "a7" => EQ_DATA_OFFSET_EQU_FEET, "a8" => EQ_DATA_OFFSET_EQU_WRIST, "a9" => EQ_DATA_OFFSET_EQU_GLOVES, "a10" => EQ_DATA_OFFSET_EQU_FINGER1, "a11" => EQ_DATA_OFFSET_EQU_FINGER2, "a12" => EQ_DATA_OFFSET_EQU_TRINKET1, "a13" => EQ_DATA_OFFSET_EQU_TRINKET2, "a14" => EQ_DATA_OFFSET_EQU_BACK, "a15" => EQ_DATA_OFFSET_EQU_MAIN_HAND, "a16" => EQ_DATA_OFFSET_EQU_OFF_HAND, "a17" => EQ_DATA_OFFSET_EQU_RANGED, "a18" => EQ_DATA_OFFSET_EQU_TABARD);
foreach ($check as $item_num) {
//deleting equiped items
if ($item_num[0] == "a") {
$eq_data[$item_offset[$item_num]] = 0;
sscanf($item_num, "a%d", $item_num);
$result = $sql->query("\r\n\t\t\t\t\t\t\t\tSELECT item \r\n\t\t\t\t\t\t\t\tFROM character_inventory \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0");
$item_inst_id = $sqlc->result($result, 0, 'item');
$sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM character_inventory \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0");
$sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM item_instance \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$item_inst_id}' AND owner_guid = '{$id}'");
} else {
//deleting inv/bank items
$sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM character_inventory \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$id}' AND item = '{$item_num}'");
$sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM item_instance \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$item_num}' AND owner_guid = '{$id}'");
}
}
}
$data = implode(' ', $eq_data);
if ($tp_to) {
$query = $sqlc->query("\r\n\t\t\t\t\t\tSELECT map, position_x, position_y, position_z, orientation \r\n\t\t\t\t\t\tFROM `" . $world_db[$realm_id]['name'] . "`.`game_tele` \r\n\t\t\t\t\t\tWHERE LOWER(name) = '" . strtolower($tp_to) . "'");
$tele = $sqlc->fetch_row($query);
if ($tele) {
$teleport = "map='{$tele['0']}', position_x='{$tele['1']}', position_y='{$tele['2']}', position_z='{$tele['3']}', orientation='{$tele['4']}',";
} else {
error($lang_char['no_tp_location']);
}
} else {
$teleport = "map='{$map}', position_x='{$x}', position_y='{$y}', position_z='{$z}',";
}
$result = $sqlc->query("\r\n\t\t\t\t\tUPDATE characters \r\n\t\t\t\t\tSET equipmentCache = '{$data}', name = '{$new_name}', {$teleport} totaltime = '{$new_tot_time}', money = '{$new_money}', arenaPoints = '{$new_arena_points}', totalHonorPoints = '{$new_honor_points}', totalKills = '{$new_total_kills}' \r\n\t\t\t\t\tWHERE guid = {$id}");
$sqlc->close();
unset($sqlc);
if ($result) {
redirect("char_edit.php?action=edit_char&id={$id}&error=3");
} else {
redirect("char_edit.php?action=edit_char&id={$id}&error=4");
}
} else {
error($lang_char['no_permission']);
}
} else {
redirect("char_edit.php?action=edit_char&id={$id}&error=2");
}
} else {
error($lang_char['no_char_found']);
}
}
function del_spell()
{
global $world_db, $realm_id, $action_permission, $sqlw;
valid_login($action_permission['delete']);
if (isset($_GET['check'])) {
} else {
redirect("spelld.php?error=1");
}
$check = $sqlw->quote_smart($_GET['check']);
$n_check = count($check);
for ($i = 0; $i < $n_check; ++$i) {
if ($check[$i] == '') {
} else {
$sqlw->query('DELETE FROM spell_disable WHERE spellid = ' . $check[$i] . '');
}
}
unset($n_check);
unset($check);
if ($sqlw->affected_rows()) {
redirect('spelld.php?error=4');
} else {
redirect('spelld.php?error=5');
}
}
function char_tools_form()
{
global $output, $characters_db, $realm_id, $action_permission, $site_encoding, $showcountryflag, $sql;
valid_login($action_permission["delete"]);
if (isset($_GET["char"])) {
$id = $_GET["char"];
} else {
error(lang("global", "empty_fields"));
}
if ($core == 1) {
$result = $sql["char"]->query("SELECT guid, name, race, class, level, zoneid, mapid, online, gender\r\n acct, data \r\n FROM characters WHERE guid='" . $id . "'");
} elseif ($core == 2) {
$result = $sql["char"]->query("SELECT guid, name, race, class, level, zone AS zoneid, map AS mapid, \r\n online, gender, totaltime, account AS acct,\r\n arenaPoints, totalHonorPoints, totalKills\r\n FROM characters WHERE guid='" . $id . "'");
} else {
$result = $sql["char"]->query("SELECT guid, name, race, class, level, zone AS zoneid, map AS mapid, \r\n online, gender, totaltime, account AS acct, arenaPoints, totalHonorPoints, totalKills\r\n FROM characters WHERE guid='" . $id . "'");
}
$char = $sql["char"]->fetch_assoc($result);
if ($core == 1) {
$char_data = $char["data"];
if (empty($char_data)) {
$char_data = str_repeat("0;", PLAYER_END);
}
$char_data = explode(";", $char_data);
} else {
$query = "SELECT * FROM characters\r\n LEFT JOIN character_stats ON characters.guid=character_stats.guid\r\n WHERE characters.guid='" . $id . "'";
$char_data_result = $sql["char"]->query($query);
$char_data_fields = $sql["char"]->fetch_assoc($char_data_result);
$char_data[PLAYER_FIELD_HONOR_CURRENCY] = isset($char["totalHonorPoints"]) ? $char["totalHonorPoints"] : ' ';
$char_data[PLAYER_FIELD_ARENA_CURRENCY] = isset($char["arenaPoints"]) ? $char["arenaPoints"] : ' ';
$char_data[PLAYER_FIELD_LIFETIME_HONORBALE_KILLS] = isset($char["totalKills"]) ? $char["totalKills"] : ' ';
}
if ($core == 1) {
$guild_id = $sql["char"]->result($sql["char"]->query("SELECT guildid FROM guild_data WHERE playerid='" . $char["guid"] . "'"), 0);
$guild_rank = $sql["char"]->result($sql["char"]->query("SELECT guildRank FROM guild_data WHERE playerid='" . $char["guid"] . "'"), 0);
$guild_name = $sql["char"]->result($sql["char"]->query("SELECT guildName FROM guilds WHERE guildid='" . $guild_id . "'"));
} else {
$guild_id = $sql["char"]->result($sql["char"]->query("SELECT guildid FROM guild_member WHERE guid='" . $char["guid"] . "'"), 0);
$guild_rank = $sql["char"]->result($sql["char"]->query("SELECT rank AS guildRank FROM guild_member WHERE guid='" . $char["guid"] . "'"), 0);
$guild_name = $sql["char"]->result($sql["char"]->query("SELECT name AS guildName FROM guild WHERE guildid='" . $guild_id . "'"));
}
$online = $char["online"] ? lang("char", "online") : lang("char", "offline");
if ($guild_id) {
$guild_name = '<a href="guild.php?action=view_guild&realm=' . $realmid . '&error=3&id=' . $guild_id . '" >' . $guild_name . '</a>';
$mrank = $guild_rank;
if ($core == 1) {
$guild_rank = $sql["char"]->result($sql["char"]->query('SELECT rankname FROM guild_ranks WHERE guildid=' . $guild_id . ' AND rankId=' . $mrank . ''), 0, 'rankname');
} else {
$guild_rank = $sql["char"]->result($sql["char"]->query('SELECT rname AS rankname FROM guild_rank WHERE guildid=' . $guild_id . ' AND rid=' . $mrank . ''), 0, 'rankname');
}
} else {
$guild_name = lang("global", "none");
$guild_rank = lang("global", "none");
}
$output .= '
<center>
<table class="hidden char_list_char_tools">
<tr>
<td class="char_tools_avatar">
<div>
<img src="' . char_get_avatar_img($char["level"], $char["gender"], $char["race"], $char["class"], 0) . '" alt="avatar" />
</div>
</td>
<td colspan="3">
<font class="bold">
' . htmlentities($char["name"], ENT_COMPAT, $site_encoding) . ' -
<img src="img/c_icons/' . $char["race"] . '-' . $char["gender"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_race_name($char["race"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />
<img src="img/c_icons/' . $char["class"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_class_name($char["class"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />
- ' . lang("char", "level_short") . char_get_level_color($char["level"]) . '
</font>
<br />' . lang("char", "location") . ': ' . get_map_name($char["mapid"]) . ' - ' . get_zone_name($char["zoneid"]) . '
<br />' . lang("char", "honor_points") . ': ' . $char_data[PLAYER_FIELD_HONOR_CURRENCY] . ' | ' . lang("char", "arena_points") . ': ' . $char_data[PLAYER_FIELD_ARENA_CURRENCY] . ' | ' . lang("char", "honor_kills") . ': ' . $char_data[PLAYER_FIELD_LIFETIME_HONORBALE_KILLS] . '
<br />' . lang("char", "guild") . ': ' . $guild_name . ' | ' . lang("char", "rank") . ': ' . htmlentities($guild_rank, ENT_COMPAT, $site_encoding) . '
<br />' . lang("char", "online") . ': ' . ($char["online"] ? '<img src="img/up.gif" onmousemove="oldtoolTip(\'' . lang("char", "online") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="online" />' : '<img src="img/down.gif" onmousemove="oldtoolTip(\'' . lang("char", "offline") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="offline" />');
if ($showcountryflag) {
require_once 'libs/misc_lib.php';
$country = misc_get_country_by_account($char["acct"]);
$output .= ' | ' . lang("global", "country") . ': ' . ($country["code"] ? '<img src="img/flags/' . $country["code"] . '.png" onmousemove="oldtoolTip(\'' . $country["country"] . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />' : '-');
unset($country);
}
$output .= '
</td>
</tr>
</table>
<br />
<table class="hidden char_list_char_tools">
<tr>
<td>';
makebutton(lang("xname", "changename"), "char_tools.php?char=" . $id, 150);
$output .= '
</td>
<td>';
makebutton(lang("xrace", "changerace"), "char_tools.php?char=" . $id, 150);
$output .= '
</td>
<td>';
makebutton(lang("unstuck", "unstuck"), "hearthstone.php?action=approve&char=" . $id, 150);
$output .= '
</td>
</tr>
<tr>
<td>';
makebutton(lang("char_list", "transfer"), "change_char_account.php?action=chooseacct&priority=1&char=" . $id, 150);
$output .= '
</td>
<td>';
makebutton(lang("global", "back"), "char_list.php", 150);
$output .= '
</td>
</tr>
</table>
</center>';
}
function do_add_entry()
{
global $realm_db, $user_name, $output, $action_permission, $user_lvl;
valid_login($action_permission['insert']);
if (empty($_GET['ban_type']) || empty($_GET['entry']) || empty($_GET['bantime'])) {
redirect("banned.php?error=1&action=add_entry");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$ban_type = $sqlr->quote_smart($_GET['ban_type']);
$entry = $sqlr->quote_smart($_GET['entry']);
if ($ban_type == "account_banned") {
$result1 = $sqlr->query("SELECT id FROM account WHERE username ='******'");
if (!$sqlr->num_rows($result1)) {
redirect("banned.php?error=4&action=add_entry");
} else {
$entry = $sqlr->result($result1, 0, 'id');
}
}
$bantime = time() + 3600 * $sqlr->quote_smart($_GET['bantime']);
$banreason = isset($_GET['banreason']) && $_GET['banreason'] != '' ? $sqlr->quote_smart($_GET['banreason']) : "none";
if ($ban_type === "account_banned") {
$result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$entry}'");
if (!$sqlr->result($result, 0)) {
$sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}', 1)");
}
} else {
$sqlr->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}')");
}
if ($sqlr->affected_rows()) {
redirect("banned.php?error=3&ban_type={$ban_type}");
} else {
redirect("banned.php?error=2&ban_type={$ban_type}");
}
}
function doedit_user()
{
global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission;
valid_login($action_permission['update']);
if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) {
redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$id = $sqlr->quote_smart($_POST['id']);
$username = $sqlr->quote_smart($_POST['username']);
$banreason = $sqlr->quote_smart($_POST['banreason']);
$pass = $sqlr->quote_smart($_POST['pass']);
$user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : "";
$mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : "";
$failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0;
$gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0;
$expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1;
$banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0;
$locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0;
$referredby = $sqlr->quote_smart(trim($_POST['referredby']));
//make sure username/pass at least 4 chars long and less than max
if (strlen($username) < 4 || strlen($username) > 15) {
redirect("user.php?action=edit_user&id={$id}&error=8");
}
if ($gmlevel >= $user_lvl) {
redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16");
}
require_once "libs/valid_lib.php";
if (!valid_alphabetic($username)) {
redirect("user.php?action=edit_user&error=9&id={$id}");
}
//restricting accsess to lower gmlvl
$result = $sqlr->query("SELECT gmlevel,username FROM account WHERE id = '{$id}'");
if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) {
redirect("user.php?error=14");
}
if (!$banned) {
$sqlr->query("DELETE FROM account_banned WHERE id='{$id}'");
} else {
$result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'");
if (!$sqlr->result($result, 0)) {
$sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)");
}
}
$sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'");
$sqlr->query("UPDATE account SET gmlevel='{$gmlevel}' WHERE id='{$id}'");
if (doupdate_referral($referredby, $id) || $sqlr->affected_rows()) {
redirect("user.php?action=edit_user&error=13&id={$id}");
} else {
redirect("user.php?action=edit_user&error=12&id={$id}");
}
}
function doupdate_commands()
{
global $output, $realm_id, $world_db, $action_permission;
valid_login($action_permission['update']);
$sqlw = new SQL();
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
if (isset($_GET['change'])) {
$change = $sqlw->quote_smart($_GET['change']);
} else {
redirect('command.php?error=1');
}
$commands = array_keys($change);
$n_commands = count($change);
for ($i = 0; $i < $n_commands; ++$i) {
$query = $sqlw->query('UPDATE command SET security = ' . $change[$commands[$i]] . ' WHERE name= \'' . $commands[$i] . '\'');
}
unset($n_commands);
unset($commands);
unset($change);
redirect('command.php');
}
function do_mark_ticket()
{
global $characters_db, $realm_id, $action_permission, $sql, $core, $user_id;
valid_login($action_permission["update"]);
if (empty($_GET["id"])) {
redirect("ticket.php?error=1");
}
$id = $sql["char"]->quote_smart($_GET["id"]);
if (!is_numeric($id)) {
redirect("ticket.php?error=1");
}
if ($core == 3) {
// get closing account's oldest character
$query = "SELECT guid FROM characters WHERE account='" . $user_id . "' ORDER BY guid LIMIT 1";
$result = $sql["char"]->query($query);
$fields = $sql["char"]->fetch_assoc($result);
$closer = $fields["guid"];
}
if ($core == 1) {
$query = $sql["char"]->query("UPDATE gm_tickets SET deleted=1 WHERE ticketid='" . $id . "'");
} elseif ($core == 2) {
// this_is_junk: MaNGOS doesn't have a way to close a ticket? Just delete it?
$query = $sql["char"]->query("DELETE FROM character_ticket WHERE ticket_id='" . $id . "'");
} else {
$query = $sql["char"]->query("UPDATE gm_tickets SET closedBy=" . $closer . " WHERE guid='" . $id . "'");
}
if ($sql["char"]->affected_rows()) {
redirect("ticket.php?error=5");
} else {
redirect("ticket.php?error=6");
}
}
function dodel_char()
{
global $output, $characters_db, $realm_id, $action_permission, $tab_del_user_characters, $sql;
valid_login($action_permission["delete"]);
if (isset($_GET["check"])) {
$check = $sql["char"]->quote_smart($_GET["check"]);
} else {
redirect("char_list.php?error=1");
}
$deleted_chars = 0;
require_once "libs/del_lib.php";
$n_check = count($check);
for ($i = 0; $i < $n_check; ++$i) {
if (!($check[$i] == "")) {
if (del_char($check[$i], $realm_id)) {
$deleted_chars++;
}
}
}
unset($n_check);
unset($check);
$output .= '
<div class="center">';
if ($deleted_chars) {
$output .= '
<h1><span class="error">' . lang("char_list", "total") . ' <span style="color: blue;">' . $deleted_chars . '</span> ' . lang("char_list", "chars_deleted") . '</span></h1>';
} else {
$output .= '
<h1><span class="error">' . lang("char_list", "no_chars_del") . '</span></h1>';
}
unset($deleted_chars);
$output .= '
<br /><br />';
$output .= '
<table class="hidden">
<tr>
<td>';
makebutton(lang("char_list", "back_browse_chars"), "char_list.php", 220);
$output .= '
</td>
</tr>
</table>
<br />
</div>';
}
<?php
require_once 'header.php';
require_once 'libs/char_lib.php';
valid_login($action_permission['read']);
//#############################################################################
// BROWSE GUILDS
//#############################################################################
function browse_guilds(&$sqlr, &$sqlc)
{
global $output, $lang_guild, $lang_global, $realm_db, $characters_db, $realm_id, $action_permission, $user_lvl, $user_id, $itemperpage;
// this is multi realm support, as of writing still under development
// this page is already implementing it
if (empty($_GET['realm'])) {
$realmid = $realm_id;
} else {
$realmid = $sqlr->quote_smart($_GET['realm']);
if (is_numeric($realmid)) {
$sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']);
} else {
$realmid = $realm_id;
}
}
//==========================$_GET and SECURE=================================
$start = isset($_GET['start']) ? $sqlc->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$order_by = isset($_GET['order_by']) ? $sqlc->quote_smart($_GET['order_by']) : 'gid';
if (preg_match('/^[_[:lower:]]{1,10}$/', $order_by)) {
function do_add_tele()
{
global $world_db, $realm_id, $action_permission, $sqlw;
valid_login($action_permission['insert']);
if (!isset($_GET['name']) || !isset($_GET['map']) || !isset($_GET['x']) || !isset($_GET['y']) || !isset($_GET['z']) || !isset($_GET['orientation'])) {
redirect("tele.php?error=1");
}
$name = $sqlw->quote_smart($_GET['name']);
$map = $sqlw->quote_smart($_GET['map']);
$x = $sqlw->quote_smart($_GET['x']);
$y = $sqlw->quote_smart($_GET['y']);
$z = $sqlw->quote_smart($_GET['z']);
$orientation = $sqlw->quote_smart($_GET['orientation']);
$sqlw->query("INSERT INTO recall (id, positionx, positiony, positionz, orientation, mapid, name) VALUES (NULL,'{$x}','{$y}', '{$z}' ,'{$orientation}' ,'{$map}' ,'{$name}')");
if ($sqlw->affected_rows()) {
redirect("tele.php?error=3");
} else {
redirect("tele.php?error=5");
}
}
<?php
require_once 'header.php';
require_once 'libs/telnet_lib.php';
valid_login($action_permission['insert']);
function main()
{
global $output, $lang_global, $lang_message;
$output .= '
<div class="top"><h1>' . $lang_message['main'] . '</h1></div>
<center>
<form action="message.php?action=send" method="post" name="form">
<table class="top_hidden">
<tr>
<td align="center">
Send :
<select name="type">
<option value="1" selected="selected">' . $lang_message['announcement'] . '</option>
<option value="2">' . $lang_message['notification'] . '</option>
<option value="3">' . $lang_message['both'] . '</option>
</select>
</td>
</tr>
<tr>
<td colspan="2" align="center">
<textarea id="msg" name="msg" rows="26" cols="80"></textarea>
</td>
</tr>
<tr>
<td align="center">
<table align="center" class="hidden">
function set_def_realm()
{
global $action_permission, $sql;
valid_login($action_permission["view"]);
$id = isset($_GET["id"]) ? $sql["mgr"]->quote_smart($_GET["id"]) : 1;
if (!is_numeric($id)) {
$id = 1;
}
if ($sql["mgr"]->num_rows($sql["mgr"]->query("SELECT `Index` AS id FROM config_servers WHERE `Index`='" . $id . "'"))) {
$_SESSION["realm_id"] = $id;
}
unset($id);
$url = isset($_GET["url"]) ? $_GET["url"] : "index.php";
redirect($url);
}
function savename()
{
global $output, $action_permission, $corem_db, $characters_db, $realm_id, $user_id, $name_credits, $sql, $core;
valid_login($action_permission["update"]);
$guid = $sql["mgr"]->quote_smart($_GET["guid"]);
$name = $sql["mgr"]->fetch_assoc($sql["mgr"]->query("SELECT * FROM char_changes WHERE guid='" . $guid . "'"));
$int_err = 0;
// credits
if ($name_credits > 0) {
// we need the player's account
if ($core == 1) {
$acct_query = "SELECT login AS username FROM accounts WHERE acct=(SELECT acct FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')";
} else {
$acct_query = "SELECT username FROM account WHERE id=(SELECT account FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')";
}
$acct_result = $sql["logon"]->query($acct_query);
$acct_result = $sql["logon"]->fetch_assoc($acct_result);
$username = $acct_result["username"];
// now we get the user's credit balance
$cr_query = "SELECT Credits FROM config_accounts WHERE Login='******'";
$cr_result = $sql["mgr"]->query($cr_query);
$cr_result = $sql["mgr"]->fetch_assoc($cr_result);
$credits = $cr_result["Credits"];
// since this action is delayed, we have to make sure the account still has sufficient funds
// if the account doesn't have enough, we just delete the change request
if ($credits >= 0 && $credits < $name_credits) {
$int_err = 1;
}
if (!$int_err) {
// we don't charge credits if the account is unlimited
if ($credits >= 0) {
$credits = $credits - $name_credits;
}
$money_query = "UPDATE config_accounts SET Credits='" . $credits . "' WHERE Login='******'";
$money_result = $sql["mgr"]->query($money_query);
}
}
if (!$int_err) {
$result = $sql["char"]->query("UPDATE characters SET name='" . $name["new_name"] . "' WHERE guid='" . $guid . "'");
}
$result = $sql["mgr"]->query("DELETE FROM char_changes WHERE guid='" . $guid . "'");
redirect("index.php");
}
function send_mail()
{
global $output, $logon_db, $characters_db, $realm_id, $action_permission, $user_name, $from_mail, $mailer_type, $smtp_cfg, $GMailSender, $sql, $core;
// if we came here from Quest Item Vendor or Ultra Vendor,
// we need to bypass the normal permissions
if ($_SESSION["vendor_permission"]) {
valid_login($action_permission["view"]);
unset($_SESSION["vendor_permission"]);
} else {
valid_login($action_permission["update"]);
}
$type = isset($_GET["type"]) ? $_GET["type"] : "ingame_mail";
if (empty($_GET["body"]) || empty($_GET["subject"]) || empty($_GET["group_sign"]) || empty($_GET["group_send"])) {
redirect("mail.php?error=1");
}
$body = explode("\n", $_GET["body"]);
$subject = $sql["char"]->quote_smart($_GET["subject"]);
if (isset($_GET["to"]) && $_GET["to"] != "") {
$to = $sql["char"]->quote_smart($_GET["to"]);
} else {
$to = 0;
if (!isset($_GET["group_value"]) || $_GET["group_value"] === '') {
redirect("mail.php?error=1");
} else {
$group_value = $sql["char"]->quote_smart($_GET["group_value"]);
$group_sign = $sql["char"]->quote_smart($_GET["group_sign"]);
$group_send = $sql["char"]->quote_smart($_GET["group_send"]);
}
}
//$type = addslashes($type);
$att_gold = $sql["char"]->quote_smart($_GET["money"]);
for ($i = 0; $i < 12; $i++) {
$temp_item = $sql["char"]->quote_smart($_GET["att_item" . ($i + 1)]);
$temp_stack = $sql["char"]->quote_smart($_GET["att_stack" . ($i + 1)]);
if ($temp_item != 0 && $temp_stack == 0) {
$temp_stack = 1;
}
if ($temp_item != "0") {
$att_item[] = $temp_item;
$att_stack[] = $temp_stack;
}
}
switch ($type) {
case "email":
require_once "libs/mailer/class.phpmailer.php";
require_once "libs/mailer/authgMail_lib.php";
$mail = new PHPMailer();
$mail->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mail->Host = $smtp_cfg["host"];
$mail->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mail->SMTPAuth = true;
$mail->Username = $smtp_cfg["user"];
$mail->Password = $smtp_cfg["pass"];
}
}
$value = NULL;
for ($i = 0; $i < count($body); $i++) {
$value .= $body[$i] . "\r\n";
}
$body = $value;
$mail->From = $from_mail;
$mail->FromName = $user_name;
$mail->Subject = $subject;
$mail->IsHTML(true);
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
$body = str_replace(array("\r\n", "\n", "\r"), "<br />", $body);
$body = preg_replace("/([^\\/=\"\\]])((http|ftp)+(s)?:\\/\\/[^<>\\s]+)/i", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $body);
$body = preg_replace('/([^\\/=\\"\\]])(www\\.)(\\S+)/', '\\1<a href="http://\\2\\3" target="_blank">\\2\\3</a>', $body);
$mail->Body = $body;
$mail->WordWrap = 50;
if ($to) {
if (!$GMailSender) {
//single Recipient
$mail->AddAddress($to);
if (!$mail->Send()) {
$mail->ClearAddresses();
redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
} else {
$mail->ClearAddresses();
redirect("mail.php?error=2");
}
} else {
//single Recipient
$mail_result = authgMail($from_mail, $user_name, $to, $to, $subject, $body, $smtp_cfg);
if ($mail_result["quitcode"] != 221) {
redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
} else {
redirect("mail.php?error=2");
}
}
} elseif (isset($group_value)) {
//group send
$email_array = array();
switch ($group_send) {
case "gm_level":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT email FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
}
while ($user = $sql["logon"]->fetch_row($result)) {
if ($user[0] != "") {
array_push($email_array, $user[0]);
}
}
break;
case "locked":
//this_is_junk: I'm going to pretend that locked is muted
if ($core == 1) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE muted" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE locked" . $group_sign . "'" . $group_value . "'");
}
while ($user = $sql["logon"]->fetch_row($result)) {
if ($user[0] != "") {
array_push($email_array, $user[0]);
}
}
break;
case "banned":
//this_is_junk: sigh...
$que = $sql["logon"]->query("SELECT id FROM account_banned");
while ($banned = $sql->fetch_row($que)) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE acct='" . $banned[0] . "'");
if ($sqlr->result($result, 0, 'email')) {
array_push($email_array, $sql->result($result, 0, "email"));
}
}
break;
default:
redirect("mail.php?error=5");
break;
}
if (!$GMailSender) {
foreach ($email_array as $mail_addr) {
$mail->AddAddress($mail_addr);
if (!$mail->Send()) {
$mail->ClearAddresses();
redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
} else {
$mail->ClearAddresses();
}
}
} else {
$mail_to = implode(",", $email_array);
$mail_result = authgMail($from_mail, $user_name, $mail_to, "", $subject, $body, $smtp_cfg);
if ($mail_result["quitcode"] != 221) {
redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
} else {
redirect("mail.php?error=2");
}
}
redirect("mail.php?error=2");
} else {
redirect("mail.php?error=1");
}
break;
case "ingame_mail":
$value = NULL;
for ($i = 0; $i < count($body); $i++) {
$value .= $body[$i] . " ";
}
$body = $value;
$body = str_replace("\r", " ", $body);
$body = $sql["char"]->quote_smart($body);
if ($to) {
//single Recipient
$result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $to . "'");
if ($sql["char"]->num_rows($result) == 1) {
$receiver = $sql["char"]->result($result, 0, 'guid');
$mails = array();
$mail["receiver"] = $receiver;
$mail["subject"] = $subject;
$mail["body"] = $body;
$mail["att_gold"] = $att_gold;
$mail["att_item"] = $att_item;
$mail["att_stack"] = $att_stack;
$mail["receiver_name"] = $to;
//array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
array_push($mails, $mail);
if ($core == 1) {
send_ingame_mail_A($realm_id, $mails);
} else {
send_ingame_mail_MT($realm_id, $mails);
}
} else {
redirect("mail.php?error=4");
}
redirect("mail.php?error=2");
break;
} elseif (isset($group_value)) {
//group send
$char_array = array();
switch ($group_send) {
case "gm_level":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT acct FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT account.id AS acct FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
}
while ($acc = $sql["char"]->fetch_row($result)) {
if ($core == 1) {
$result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE acct='" . $acc[0] . "'");
} else {
$result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE account='" . $acc[0] . "'");
}
while ($char = $sql["char"]->fetch_row($result_2)) {
array_push($char_array, $char[0]);
}
}
break;
case "online":
$result = $sql["char"]->query("SELECT name FROM `characters` WHERE online" . $group_sign . "'" . $group_value . "'");
while ($user = $sql["char"]->fetch_row($result)) {
array_push($char_array, $user[0]);
}
break;
case "char_level":
$result = $sql["char"]->query("SELECT name FROM `characters` WHERE level" . $group_sign . "'" . $group_value . "'");
while ($user = $sql["char"]->fetch_row($result)) {
array_push($char_array, $user[0]);
}
break;
default:
redirect("mail.php?error=5");
}
$mails = array();
if ($sql["char"]->num_rows($result)) {
foreach ($char_array as $receiver) {
$result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $receiver . "'");
$char_guid = $sql["char"]->fetch_row($result);
$mail = array();
$mail["receiver"] = $char_guid[0];
$mail["subject"] = $subject;
$mail["body"] = $body;
$mail["att_gold"] = $att_gold;
$mail["att_item"] = $att_item;
$mail["att_stack"] = $att_stack;
$mail["receiver_name"] = $receiver;
//array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
array_push($mails, $mail);
}
if ($core == 1) {
send_ingame_mail_A($realm_id, $mails);
} else {
send_ingame_mail_MT($realm_id, $mails);
}
redirect("mail.php?error=2");
} else {
redirect("mail.php?error=4");
}
}
break;
default:
redirect("mail.php?error=1");
}
}
