public static final function jeton()
{
// Sauvegarde du jeton en session au moment de la génération
$_SESSION['dateJeton'] = $_SERVER['REQUEST_TIME'];
$_SESSION['nomJeton'] = Securite::genererChaineAleatoire();
$_SESSION['valeurJeton'] = Securite::genererChaineAleatoire();
return self::hidden($_SESSION['nomJeton'], $_SESSION['valeurJeton']);
}
public final function ecrire($idSession, $donneesSession)
{
if ($donneesSession === NULL) {
return TRUE;
} else {
if (!$this->charger($idSession)) {
$this->record = ORM::forTable(self::NOM_TABLE)->create();
}
$this->record->id_session = $idSession;
$this->record->valeur_session = Securite::crypter($donneesSession);
$this->record->ip_utilisateur = Outil::getAdresseIP();
$this->record->setExpr('date_activite', 'NOW()');
return (bool) $this->record->save();
}
}
function login($login)
{
require "config.php";
if (isset($_SESSION['auth']) && isset($_SESSION['username']) && isset($_SESSION['id'])) {
$username = Securite::bdd($_SESSION['username']);
$membre_id = Securite::bdd($_SESSION['id']);
} else {
$_SESSION['username'] = "******";
$_SESSION['auth'] = "no";
$_SESSION['gmlevel'] = "-1";
$_SESSION['id'] = "0";
$_SESSION['lang'] = $language;
$username = "******";
$auth = "no";
$membre_id = "0";
}
}
</div>
';
include 'identification.php';
include 'footer.php';
}
} else {
/*
* Si utilisateur est inconnu
*/
$error_unknown = ' Combinaison utilisateur/mot de passe incorrect. Veuillez rééssayer.';
echo '
<div class="container">
<div class="row">
<div class="alert alert-warning alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<strong>' . Securite::html($error_unknown) . '</strong></p>
</div>
</div>
</div>
';
include 'identification.php';
include 'footer.php';
}
} else {
if (!Auth::islog()) {
include 'identification.php';
include 'footer.php';
} else {
include 'footer.php';
}
}
public static function inscription($infos, $bdd)
{
// Initialisation : Réponse et BDD --
$retour = array('valeur' => false, 'message' => '');
// -- Vérification 1 : Oublis --
if (!isset($_POST['pseudo']) && !isset($_POST['passe'])) {
$retour['message'] = "Le pseudo et le mot de passe n'ont pas été renseignés correctement.";
} else {
// -- Sécurisation --
$pseudo = Securite::bdd($infos['pseudo']);
$passe = Securite::bdd($infos['passe']);
// Récupération des infos membres --
$requete = $bdd->prepare('SELECT * FROM membre WHERE login = :pseudo');
$requete->bindParam(':pseudo', $pseudo, PDO::PARAM_STR);
$requete->execute();
$membre_bdd = $requete->fetch(PDO::FETCH_ASSOC);
// Existance du compte --
if (isset($membre_bdd['id_membre'])) {
$retour['message'] = "Ce pseudo est déjà pris";
} else {
// -- Enregistrement --
$requete = $bdd->prepare("INSERT INTO membre(login, mdp) VALUES(:pseudo, :passe)");
$requete->bindParam(':pseudo', $pseudo, PDO::PARAM_STR);
$requete->bindParam(':passe', $passe, PDO::PARAM_STR);
$requete->execute();
// -- Tout est bon --
$retour['valeur'] = true;
$retour['pseudo'] = $pseudo;
$retour['passe'] = $passe;
}
}
return $retour;
}
<?php
/*
********* PROJET CDI **********
**********TRAITEMENT C **********
Description : Cette page cloture une réservation.
Elle passe l'état à 3, terminer_reservation à true
& remet tous les exemplaires de la reservations disponible
@Author : Despendo
Copyright 2012 pour eXia.Cesi Strasbourg
*/
if (isset($_POST['IDR'])) {
$ValidResaC = $bdd->prepare('UPDATE reservations SET id_etat= 3, terminer_reservation=true WHERE id_reservation= :IDR');
$ValidResaC->execute(array("IDR" => Securite::bdd($_POST['IDR'])));
$reqDispoC = $bdd->prepare('UPDATE exemplaires SET dispo_exemplaire=true WHERE num_exemplaire = :IDE');
for ($i = 1; $i < 4; $i++) {
if (isset($_POST['Ex' . $i . ''])) {
$reqDispoC->execute(array("IDE" => Securite::bdd($_POST['Ex' . $i . ''])));
}
}
header('Location: ?admin=media&message=5');
}
} catch (Exception $e) {
echo "\n\t\t\t\t<h3>Un problème est survenu pendant la suppresion. " . Securite::html($e->getMessage()) . "</h3>";
}
} elseif (isset($_POST['majInfosAdresse'])) {
$adresse_postale = $_POST['adresse'];
$code_postal = $_POST['codepostal'];
$commune = $_POST['commune'];
$q = array('adresse_postale' => $adresse_postale, 'code_postal' => $code_postal, 'commune' => $commune, 'user_id' => $user_id);
$sql = 'UPDATE infos SET adresse_postale = :adresse_postale, code_postal = :code_postal, commune = :commune WHERE id_user = :user_id';
$req = $cnx->prepare($sql);
try {
$req->execute($q);
echo "\n\t\t\t\t<div class=\"alert alert-success\">\n\t\t\t\t\t<h4><span class=\"glyphicon glyphicon-ok\"</span> La mise à jour de votre adresse s'est déroulée avec succés.</h4>\n\t\t\t\t</div>\n\t\t\t";
} catch (Exception $e) {
echo "\n\t\t\t\t<h3>Un problème est survenu pendant la suppresion. " . Securite::html($e->getMessage()) . "</h3>";
}
} elseif (isset($_POST['majInfosAdmin'])) {
$num_siret = $_POST['num_siret'];
$num_registre = $_POST['num_registre'];
$interet_gen = $_POST['interet_gen'];
$num_ape = $_POST['num_ape'];
$q = array('num_siret' => $num_siret, 'num_registre' => $num_registre, 'interet_gen' => $interet_gen, 'num_ape' => $num_ape, 'user_id' => $user_id);
$sql = 'UPDATE infos SET ape = :num_ape, registre = :num_registre, siret = :num_siret, interet_gen = :interet_gen WHERE id_user = :user_id';
$req = $cnx->prepare($sql);
try {
$req->execute($q);
echo "\n\t\t\t\t<div class=\"alert alert-success\">\n\t\t\t\t\t<h4><span class=\"glyphicon glyphicon-ok\"</span> La mise à jour de vos renseignements administratifs s'est déroulée avec succés.</h4>\n\t\t\t\t</div>\n\t\t\t";
} catch (Exception $e) {
echo "\n\t\t\t\t<h3>Un problème est survenu pendant la suppresion. " . Securite::html($e->getMessage()) . "</h3>";
}
}
echo "<p>Le personnage a été déplacé !</p>";
echo "<a href='index.php'>Retour</a>";
}
} else {
echo "erreur2";
}
} else {
echo "erreur";
}
break;
default:
generate_xsrf_token();
$token = Securite::bdd($_SESSION['token_xsrf']);
echo "<p class=\"title\">Déplacer un personnage</p><br />";
echo "<form action=\"index.php?module=perso_move&action=deplacer\" method=\"POST\">\n\t\t\t\t\t<table>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>ID du personnage à déplacer :</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"id_perso\"></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>ID du compte de déstination :</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"id_account\"></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t\t<input type=\"hidden\" name=\"token_xsrf\" value=\"" . $token . "\" />\n\t\t\t\t\t<input type=\"submit\" name=\"valide\" value=\"Déplacer\">\n\t\t\t\t</form>";
break;
}
} else {
echo "<p>Ce module est désactivé, merci de voir avec l'administrateur !</p>";
echo "<a href=\"../index.php\">Retour</a>";
}
} elseif (Securite::bdd($_SESSION['auth']) != "yes") {
header("location: ../index.php");
exit;
} elseif (Securite::bdd($_SESSION['gmlevel']) <= $rep['config_value2']) {
echo "<p>" . Securite::bdd($_SESSION['username']) . " vous n'êtes pas autorisé à accéder à cette partie !</p>";
echo "<a href=\"../index.php\">Retour</a>";
} else {
echo "<p>Erreur</p>";
echo "<a href=\"../index.php\">Retour</a>";
}
} elseif (Securite::html($donnees['gmlevel']) == 4) {
echo "<span style=\"color:red;\"><b>A " . $date . ", " . Securite::html($donnees['auteur_msg']) . " - MJ :</b> " . Securite::html($donnees['msg']) . "</span><br />";
} else {
echo "<span style=\"color:red;\"><b>A " . $date . ", " . Securite::html($donnees['auteur_msg']) . " - ADMIN :</b> " . Securite::html($donnees['msg']) . "</span><br />";
}
}
}
echo "</div>\n\t\t</div>\n\t\t<div class=\"center\">Message limité à 500 caractères.<br /><br />\n\t\t<a href=\"index.php?module=chatbox&action=historique\">Voir l'historique</a></div>\n\t\t<br />\n\t\t<div class=\"center\">";
if ($_SESSION['auth'] == "yes") {
echo "<div class=\"center\">\n\t\t\t\t\t\t\t<form name=\"poste\" action=\"index.php?module=chatbox&action=envoyer\" method=\"POST\">\n\t\t\t\t\t\t\tMessage: <input type=\"text\" name=\"msg\" size=\"100\" maxsize=\"500\" /><input type=\"submit\" value=\"Envoyer\" />\n\t\t\t\t\t\t\t</form>\n\t\t\t\t\t\t</div>";
} else {
echo "Merci de vous connectez pour écrire un message.";
}
echo "<div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t<td class=\"md\" width=\"21px\"></td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td width=\"21px\"><img src=\"themes/{$theme}/bg.png\" width=\"21px\" height=\"21px\" alt=\"bg\"></td>\n\t\t\t\t\t\t\t\t<td class=\"bm\" width=\"100%\"></td>\n\t\t\t\t\t\t\t\t<td width=\"21px\"><img src=\"themes/{$theme}/bd.png\" width=\"21px\" height=\"21px\" alt=\"bd\"></td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</table>\n\t\t\t\t\t\t<br />\n\t\t\t\t\t\t<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td width=\"21px\"><img src=\"themes/{$theme}/hg.png\" width=\"21px\" height=\"21px\" alt=\"hg\" /></td>\n\t\t\t\t\t\t\t\t<td class=\"hm\" width=\"100%\"></td>\n\t\t\t\t\t\t\t\t<td width=\"21px\"><img src=\"themes/{$theme}/hd.png\" width=\"21px\" height=\"21px\" alt=\"hd\" /></td>\n\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t<td class=\"mg\" width=\"21px\"></td>\n\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"10\">\n\t\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t\t<td class=\"fond\" align=\"center\" height=\"100%\" width=\"100%\">\n\t\t";
echo "<p class=\"title\">Les 5 Derniers messages du forum</p><br />";
echo "\n\t\t<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n\t\t\t<tr>\n\t\t\t\t<td> \n\t\t\t\t\t<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n\t\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t\t<td>\n\t\t\t\t\t\t\t\t\t\t\t<table width=\"100%\" border=\"1\" cellpadding=\"0\" cellspacing=\"0\" >\n\t\t\t\t\t\t\t\t\t\t\t\t<tr height=\"32\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<th height=\"31\" colspan=\"2\" align=\"center\" background=\"themes/" . $theme . "/forums/cellpic1.gif\" nowrap><font color=\"#FFFFFF\"><strong>Forum</strong></font></th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<th width=\"100\" align=\"center\" background=\"themes/" . $theme . "/forums/images/cellpic1.gif\" nowrap><font color=\"#FFFFFF\"><strong>Réponse</strong></font></th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<th width=\"120\" align=\"center\" background=\"themes/" . $theme . "/forums/images/cellpic1.gif\" nowrap><font color=\"#FFFFF\"><strong>Auteur</strong></font></th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<th width=\"50\" align=\"center\" background=\"themes/" . $theme . "/forums/images/cellpic1.gif\" nowrap><font color=\"#FFFFFF\"><strong>Vus</strong></font></th>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<th align=\"center\" background=\"themes/" . $theme . "/forums/images/cellpic1.gif\" nowrap><font color=\"#FFFFFF\"><strong>Derniers Messages</strong></font></th>\n\t\t\t\t\t\t\t\t\t\t\t\t</tr>";
mysql_connect($coolwow['host'], $coolwow['user'], $coolwow['password']) or die(mysql_error());
mysql_select_db($coolwow['db']) or die(mysql_error());
$reponse2 = mysql_query('SELECT forum_forum.forum_name, forum_topic.topic_id, topic_titre, topic_createur, topic_vu, topic_post, topic_time, topic_last_post, Mb.pseudo AS membre_pseudo_createur, post_createur, post_time, Ma.pseudo AS membre_pseudo_last_posteur FROM forum_topic
LEFT JOIN membres Mb ON Mb.id = forum_topic.topic_createur
LEFT JOIN forum_post ON forum_topic.topic_last_post = forum_post.post_id
LEFT JOIN membres Ma ON Ma.id = forum_post.post_createur
LEFT JOIN forum_forum ON forum_forum.forum_id = forum_post.post_forum_id
WHERE forum_forum.forum_cat_id != 8
ORDER BY forum_post.post_time DESC LIMIT 0,5') or die(mysql_error());
while ($data = mysql_fetch_assoc($reponse2)) {
echo "<tr> \n\t\t\t\t\t\t\t\t\t\t\t\t\t <td height=\"54\" nowrap bgcolor=\"#202020\" class=\"row1\"><img src=\"themes/" . $theme . "/images/forums/message.gif\" border=\"0\" /></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t <td width=\"100%\" bgcolor=\"#202020\" class=\"row1\"> " . Securite::html($data['forum_name']) . "<a href=\"\" class=\"forum\"><b></b></a><br> <a href=\"index.php?module=forums&action=voirtopic&t=" . $data['topic_id'] . "\" class=\"forum\">" . $data['topic_titre'] . "</a></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t <td align=\"center\" bgcolor=\"#353535\"><font color=\"#FFFFFF\">" . Securite::html($data['topic_post']) . "</font></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t <td align=\"center\" bgcolor=\"#353535\" class=\"row3\"><a href=\"index.php?module=profil&id=" . Securite::html($data['topic_createur']) . "\" class=\"forum\">" . Securite::html($data['membre_pseudo_createur']) . "</a></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t <td align=\"center\" bgcolor=\"#353535\"><font color=\"#FFFFFF\">" . Securite::html($data['topic_vu']) . "</font></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t <td align=\"center\" nowrap bgcolor=\"#353535\"><font size=\"-2\" color=\"#FFFFFF\"> " . date('d-m-y à H\\hi', $data['post_time']) . "</font><br>\n\t\t\t\t\t\t\t\t\t\t\t\t\t <a href=\"index.php?module=profil&id=" . Securite::html($data['post_createur']) . "\" class=\"forum\">" . Securite::html($data['membre_pseudo_last_posteur']) . "</a> <a href=\"index.php?module=forums&action=voirtopic&t=" . Securite::html($data['topic_id']) . "\" class=\"forum\"><img src=\"themes/" . $theme . "/images/forums/go.gif\" alt=\"Last Post\" border=\"0\"></a></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t</tr>";
}
echo "</table>\n\t\t\t\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t</table>";
break;
}
<?php
session_start();
include 'header.php';
?>
<?php
if (Auth::islog()) {
if (!empty($_POST)) {
$description = Securite::bdd($_POST['choix_code']);
$q = array('description' => $description, 'user_id' => $user_id);
$sql = 'DELETE FROM codes_analytiques WHERE user_id = :user_id AND description = :description';
$req = $cnx->prepare($sql);
try {
$req->execute($q);
echo "\t<div class=\"alert span12 alert-success\">\n \t\t\t\t<strong><i class=\"glyphicon glyphicon-ok\"></i> La suppression s'est déroulé correctement.</strong>\n\t\t\t\t\t</div>";
} catch (Exception $e) {
echo "\n\t\t\t\t\t<div class=\"alert span12 alert-error\">\n\t\t\t\t\t<strong><i class=\"icon-ban-circle icon-white\"></i> Un problème est survenu pendant la suppresion. " . Securite::html($e->getMessage()) . "</strong>\n\t\t\t\t\t</div>";
}
} else {
echo "\n\t\t\t\t\t<div class=\"alert span12 alert-error\">\n\t\t\t\t\t<strong><i class=\"icon-ban-circle icon-white\"></i> Erreur, aucun formulaire de suppression de code analytique n'a été reçu...</strong>\n\t\t\t\t\t</div>";
}
} else {
echo "\n\t\t\t\t\t<div class=\"container\">\n\t\t\t\t\t\t<div class=\"alert span9 alert-error\">\n \t\t\t\t\t\t<strong><i class=\"icon-ban-circle icon-white\"></i> Vous devez vous connecter pour afficher cette page.</strong>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t</div>";
}
?>
<?php
include 'footer.php';
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$retour_total = mysql_query('SELECT COUNT(*) AS total FROM account_banned');
//Nous récupérons le contenu de la requête dans $retour_total
$donnees_total = mysql_fetch_assoc($retour_total);
//On range retour sous la forme d'un tableau.
$total = Securite::bdd($donnees_total['total']);
//On récupère le total pour le placer dans la variable $total.
$retour_messages = mysql_query('SELECT * FROM account_banned ORDER BY id ASC');
echo "<p class=\"title\">Liste des comptes bannis</p>";
echo "<table class=\"lined\" width=\"99%\" style='border-collapse: collapse'; align='center' width='90%' border='1' cellspacing='1' cellpadding='1'>\n\t\t\t\t\t<tr>\n\t\t\t\t\t<th>id du compte</th>\n\t\t\t\t\t<th>Date du Ban</th>\n\t\t\t\t\t<th>Fin du Ban</th>\n\t\t\t\t\t<th>Bannis par</th>\n\t\t\t\t\t<th>Raison</th>\n\t\t\t\t\t</tr>";
if ($total == 0) {
echo "<tr><td colspan=\"9\">Aucuns comptes bannis !!!</td></tr>";
} else {
while ($donnees = mysql_fetch_assoc($retour_messages)) {
$id = Securite::bdd($donnees['id']);
echo "<tr><td align=\"center\">";
echo $donnees['id'];
echo "</td><td align=\"center\">";
echo "" . date('d/m/Y G:i', $donnees['bandate']) . "";
echo "</td><td align=\"center\">";
if ($donnees['bandate'] == $donnees['unbandate']) {
echo "Jamais";
} else {
echo "" . date('d/m/Y G:i', $donnees['unbandate']) . "";
}
echo "</td><td align=\"center\">";
echo $donnees['bannedby'];
echo "</td><td align=\"center\">";
if (empty($donnees['banreason'])) {
echo "Aucune raison";
echo "<tr><td align=\"center\">";
echo "<a href=\"http://fr.wowhead.com/?item=" . $guid . "\"><img src=\"" . get_icon($guid) . "\" /></a>";
echo "<br><a href=\"" . $item_datasite . "" . $guid . "\" target=\"_blank\">";
echo "" . Securite::html($donnees[2]) . " (" . Securite::html($donnees[8]) . ")";
echo "</a>";
echo "</td><td align=\"center\">";
prix(Securite::html($donnees[7]));
echo "</td><td align=\"center\">";
prix(Securite::html($donnees[3]));
echo "</td><td align=\"center\">";
echo "<a href=\"armurerie-select.php?perso={$uname}\">{$uname}</a>";
echo "</td><td align=\"center\">";
prix(Securite::html($donnees[6]));
echo "</td><td align=\"center\">";
if (Securite::html($donnees[5]) != NULL) {
echo "<a href=\"armurerie-select.php?perso=" . Securite::html($donnees[5]) . "\">" . Securite::html($donnees[5]) . "</a>";
} else {
echo "Aucun";
}
echo "</td><td align=\"center\">";
echo $guid;
echo "</td></tr>";
}
}
echo "</TABLE>\n\t\t\t<p class=\"center\">" . $lang_hotel_vente['there_is'] . " " . $donnees_total['total'] . " " . $lang_hotel_vente['item_sale'] . "</p>";
pagination($ParPage, $total, $truc, $adresse);
} else {
echo "<p>" . $lang_erreur['page_notexist'] . "</p>";
echo "<a href=\"index.php?module=guildes\">" . $lang_site['return'] . "</a>";
}
break;
echo "Votre message a bien été envoyé au webmastre du site. Nous vous remercions.<br />";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
} else {
echo "Erreur: votre message n'a pu être envoyé.";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
} elseif ($type_envoi != "mail" or $type_envoi != "smtp") {
echo "Erreur, merci de verifier la configuration du fichier config.php !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
}
}
}
}
}
}
} else {
echo "Le code de sécuritée n'est pas bon !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
} else {
echo "Vous devez remplir le champ du code de sécuritée !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
break;
default:
generate_xsrf_token();
$token = Securite::bdd($_SESSION['token_xsrf']);
echo "\n\t\t<p class=\"title\">Forumulaire de contact</p>\n\t\t<p>Tous commentaires et suggestions sur ce site sont les bienvenus et très important pour nous. Merci!</p>\n\t\t<form action=\"index.php?module=contact&action=envoi\" method=\"POST\">\n\t\t<input type=\"hidden\" name=\"token_xsrf\" value=\"" . $token . "\" />\n\t\t\t<table border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\">Votre Nom :</td>\n\t\t\t\t\t<td width=\"80%\" align=\"left\">\n\t\t\t\t\t<input type=\"text\" name=\"nom\" size=\"50\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\">Votre e-mail :</td>\n\t\t\t\t\t<td width=\"80%\" align=\"left\">\n\t\t\t\t\t<input type=\"text\" name=\"email\" size=\"50\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\">Sujet :</td>\n\t\t\t\t\t<td width=\"80%\" align=\"left\">\n\t\t\t\t\t<input type=\"text\" name=\"sujet\" size=\"50\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\" valign=\"top\">Message :</td>\n\t\t\t\t\t<td width=\"80%\">\n\t\t\t\t\t\t<textarea name=\"message\" alt=\"Message\" rows=\"10\" cols=\"50\" wrap=\"virtual\"></textarea>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td width=\"25%\">Code de sécuritée :</td>\n\t\t\t\t\t<td width=\"80%\"><img src=\"captcha/CaptchaSecurityImages.php\" alt=\"Code de vérification\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td width=\"25%\">Recopier le code</td>\n\t\t\t\t\t<td width=\"80%\"><input id=\"security_code\" name=\"security_code\" type=\"text\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\"> </td>\n\t\t\t\t\t<td width=\"80%\"><center><input type=\"submit\" name=\"Submit\" value=\"Envoyer\" alt=\"Envoi\" /></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</form>";
break;
}
if (mysql_num_rows($sql) <= 0) {
echo "<tr><td colspan=\"7\">Il n'y a aucun membre sur le site !!!</td></tr>";
} else {
while ($data1 = mysql_fetch_array($sql, MYSQL_ASSOC)) {
echo "<tr>";
echo "\n\t\t\t\t\t\t\t<td align=\"center\"><a href=\"index.php?module=profil&id=" . Securite::bdd($data1['id']) . "\">" . Securite::bdd($data1['pseudo']) . "</a></td>\n\t\t\t\t\t\t\t<td align=\"center\">" . date('d/m/y G:i', Securite::bdd($data1['membre_inscrit'])) . "</td>\n\t\t\t\t\t\t\t<td align=\"center\">" . Securite::bdd($data1['membre_post']) . "</td>\n\t\t\t\t\t\t\t<td align=\"center\">" . Securite::bdd($data1['membre_rank']) . "</td>\n\t\t\t\t\t\t\t<td align=\"center\"><a href=\"index.php?module=messagerie&action=ecrire&for=" . Securite::bdd($data1['pseudo']) . "\"><img src=\"themes/" . $theme . "/images/forums/pm.gif\" /></a></td>\n\t\t\t\t\t\t\t<td align=\"center\">";
if ($data1['cacher_email'] == 1) {
echo "</td>";
} else {
echo "<a href=\"mailto:" . Securite::bdd($data1['membre_email']) . "\"><img src=\"themes/" . $theme . "/images/forums/email.gif\" /></a></td>";
}
echo "<td align=\"center\">";
if (empty($data1['membre_siteweb'])) {
echo "</td>";
} else {
echo "<a href=\"" . Securite::bdd($data1['membre_siteweb']) . "\"><img src=\"themes/" . $theme . "/images/forums/www.gif\" /></a></td>";
}
echo "</tr>";
}
}
echo "</table>";
break;
}
} else {
echo "<p>Ce module est désactivé, merci de voir avec l'administrateur !</p>";
echo "<a href=\"../index.php\">Retour</a>";
}
} else {
echo "<p>Page réservée aux membres !<br />";
echo "connectez-vous ou inscrivez-vous !</p>";
echo "<a href=\"../index.php\">Retour</a>";
$model->ajouter($nom);
}
}
}
$fini = true;
$page['formInput'] = false;
$page['formInfo'] = "Element enregistré";
} else {
$page['formErreur'] = "Le nom est trop long.";
}
}
if ($page['formInput'] && $page['keyAction'] == 'editer') {
$element = $model->getById($page['id_ext'], $exception);
$page['formElement'] = array("id" => Securite::html($element['id']), "nom" => Securite::html($element['nom']));
if ($exception != -1) {
$page['formElement']['duree'] = Securite::html($element['duree']);
}
} else {
if ($page['formInput']) {
$page['formElement'] = array("nom" => '');
}
}
}
// -- Liste --
if (!isset($_GET['nolist'])) {
if (isset($page['id'])) {
$page['liste'] = $model->getAll($page['id']);
$page['nbElement'] = $model->countAll($page['id']);
$page['cible'] = true;
$page['colonnes'] += 2;
} else {
*/
$imagine->open('' . $urlLogo . '')->thumbnail($size, 'inset')->save('img/assos/users/' . $user_id . '_100x100.png');
/*
* Chemin vers l'image redimensionnée
*/
$urlLogoThumb = "img/assos/users/" . $user_id . "_100x100.png";
echo "\r\n\t\t\t\t\t\t\t\t\t\t\t<img src=\"" . $urlLogoThumb . "\"\r\n\t\t\t\t\t\t\t\t\t\t\talt=\"Logo User Thumb\" class=\"img-responsive img-circle\"/>";
}
?>
</div>
<div class="col-lg-7">
<span>
<?php
if (Auth::islog()) {
$val = $_SESSION['Auth']['email'];
echo "" . Securite::html($val) . "";
} else {
echo "Non connecté.";
}
?>
</span>
<p class="text-muted small">
© <a href="http://dsu-crab.fr/" target="_blank">dsu-crab.fr</a> - <a href="infos.txt" target="_blank">À propos (Version Bêta 2)</a>
</p>
<div class="divider">
</div>
<?php
if (Auth::islog()) {
echo "<a href=\"#\" class=\"btn btn-default btn-sm\" disabled=\"disabled\"><span class=\"glyphicon glyphicon-cog\"></span> Paramètres</a><small>Prochainement</small><br />";
}
?>
$_SESSION['id'] = $id_account;
$_SESSION['lang'] = "french";
echo "<script type=\"text/javascript\">window.location='index.php';</script>Si vous voyez ce message cliqué <a href=\"index.php\">ici</a> pour continuer.";
}
break;
// Mot de passe perdu
// Mot de passe perdu
case "perdu":
generate_xsrf_token();
$token = Securite::bdd($_SESSION['token_xsrf']);
echo "<p class=\"title\">Récupérer son mot de passe</p>\n\t\t\t\t<p></p>\n\t\t\t\t<form action=\"login.php?action=perdu_v\" method=\"post\">\n\t\t\t\t\t<table border=\"0\">\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>Nom du compte</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"account\" size=\"20\" maxsize=\"20\" /></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>Adresse EMail</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"mail\" size=\"20\" maxsize=\"20\" /></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t\t<br />\n\t\t\t\t\t<input type=\"hidden\" name=\"token_xsrf\" value=\"" . $token . "\" />\n\t\t\t\t\t<input type=\"submit\" name=\"login\" value=\"Valider\" />\n\t\t\t\t</form>\n\t\t\t\t<br />\n\t\t\t\t<a href=\"index.php\">Retour</a>";
break;
case "perdu_v":
verify_xsrf_token();
$account = Securite::bdd($_POST['account']);
$email = Securite::bdd($_POST['mail']);
if (empty($account) or !isset($account) or empty($email) or !isset($email)) {
echo "Erreur : Un des champs est vide !";
} else {
if (!eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-_.]?[0-9a-z])*\\.[a-z]{2,4}\$", $email)) {
echo "L'adresse e-mail n'est pas correcte !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
} else {
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$reponse = mysql_query("SELECT * FROM account WHERE username='******' AND email='" . $email . "'") or die(mysql_error());
if (mysql_num_rows($reponse) > 0) {
// OK
require_once "kernel/mailer/class.phpmailer.php";
require_once "kernel/mailer/class.smtp.php";
$chaine = cryptme(8);
if ($erreur != 0 && $cas == 1) {
header('Location: ?login&connexion=' . $erreur);
} else {
if ($erreur != 0 and ($cas == 2 or $cas == 3)) {
setcookie('pseudo', '0', time());
setcookie('passe', '0', time());
session_destroy();
header('Location: ?login&connexion=' . $erreur);
} else {
//!\\ Très important : c'est cette instruction qui rend les infos sur le visiteur accessible !
// Autrement, il n'est pas vraiment connecté...
$protection = array('nom_admin');
foreach ($tmembre as $cle => $element) {
$visiteur[$cle] = $element;
}
$visiteur['nom'] = Securite::html($visiteur['nom']);
$data['session'] = true;
}
}
}
}
// Gestion des messages info/erreur du système de connexion --
if (isset($_GET['connexion']) && !is_int($_GET['connexion'])) {
switch ($_GET['connexion']) {
case 0:
$data['info'] = "Vous êtes bien connecté. Bonne visite !";
break;
case 1:
$data['erreur'] = "Pseudo inconnu";
break;
case 2:
<?php
if (empty($securite) or !isset($securite) or $securite != "ok") {
header("location: erreur.php?err=access_denied");
}
if ($_SESSION['auth'] == "yes") {
switch ($_GET['action']) {
case "voir_equipe":
mysql_connect($characters[1]['host'], $characters[1]['user'], $characters[1]['password']) or die(mysql_error());
mysql_select_db($characters[1]['db']) or die(mysql_error());
$arenateam_id = Securite::get($_GET['id']);
function count_days($a, $b)
{
$gd_a = getdate($a);
$gd_b = getdate($b);
$a_new = mktime(12, 0, 0, $gd_a['mon'], $gd_a['mday'], $gd_a['year']);
$b_new = mktime(12, 0, 0, $gd_b['mon'], $gd_b['mday'], $gd_b['year']);
return round(abs($a_new - $b_new) / 86400);
}
$query = mysql_query("SELECT arenateamid, name FROM arena_team WHERE arenateamid = '{$arenateam_id}'");
if (mysql_num_rows($query) <= 0) {
echo "Cette équipe n'existe pas !";
} else {
$arenateam_data = mysql_fetch_row($query);
$query = mysql_query("SELECT arenateamid, rating, games, wins, played, wins2, rank FROM arena_team_stats WHERE arenateamid = '{$arenateam_id}'");
$arenateamstats_data = mysql_fetch_row($query);
$members = mysql_query("\n\t\t\t\tSELECT DISTINCT arena_team_member.guid,characters.name,\n\t\t\t\tcharacters.name, SUBSTRING_INDEX(SUBSTRING_INDEX(characters.data, ' ', " . (CHAR_DATA_OFFSET_LEVEL + 1) . "), ' ', -1) AS level,\n\t\t\t\tarena_team_member.played_week, arena_team_member.wons_week, arena_team_member.played_season, arena_team_member.wons_season\n\t\t\t\tFROM arena_team_member,characters\n\t\t\t\tLEFT JOIN arena_team_member k1 ON k1.guid = characters.guid\n\t\t\t\tWHERE arena_team_member.arenateamid = '{$arenateam_id}' AND arena_team_member.guid = characters.guid");
@($total_members = mysql_num_rows($members));
@($losses_week = $arenateamstats_data[4] - $arenateamstats_data[3]);
@($winperc_week = $arenateamstats_data[4] / $arenateamstats_data[3] * 100);
@($losses_season = $arenateamstats_data[6] - $arenateamstats_data[5]);
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="alert alert-warning alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<p>La suppression de l\'écriture s\'est déroulé correctement. <span class="glyphicon glyphicon-ok"></span></p>
</div>
</div>
</div>
';
} catch (Exception $e) {
echo '
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="alert alert-warning alert-dismissable">
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button>
<p>Un problème est survenu pendant la suppresion. ' . Securite::html($e->getMessage()) . ' <span class="glyphicon glyphicon-remove"></span></p>
</div>
</div>
</div>
';
}
}
$q = array('user_id' => $user_id);
$sql = 'SELECT id, intitule, date_creation, journal_id, compte_id, mode, code_analt_id, credit, debit, c.description AS descriptionCompte, j.description AS descriptionJournal, ca.description AS descriptionCodeAnalt
FROM ecritures e
INNER JOIN comptes c ON c.id_compte = e.compte_id
INNER JOIN journaux j ON j.id_journal = e.journal_id
INNER JOIN codes_analytiques ca ON ca.id_code_analt = e.code_analt_id
WHERE e.user_id = :user_id';
$req = $cnx->prepare($sql);
$req->execute($q);
********* PROJET CDI **********
******TRAITEMENT ADD MEDIAS*****
Description : Ce fichier va traiter les données du formulaire 'Ajout de médias'
C'est lui qui se chargera d'associer les élèments de l'IHM aux différents ID's
De plus, il effectue les différentes requêtes
@Author : Despendo
Copyright 2012 pour eXia.Cesi Strasbourg
*/
if (isset($_POST["titre"], $_POST["isbn"], $_POST["resumeMedia"], $_POST["Categorie"], $_POST["Type"], $_POST["auteurs"]) && !empty($_POST["titre"])) {
// On commence par stocker les variables qui serront envoyé dirrectement dans la BDD
$titre_media = Securite::bdd($_POST["titre"]);
$isbn_media = Securite::bdd($_POST["isbn"]);
$resume_media = Securite::bdd($_POST["resumeMedia"]);
$img = $_FILES["img"];
if (!empty($img['name'])) {
move_uploaded_file($img['tmp_name'], 'Ressources/images/tmp' . $img['name']);
require 'Classes/Img.php';
IMG::creerMin('Ressources/images/tmp' . $img['name'], "Ressources/images/miniatures", $img['name'], 260, 180);
IMG::creerMin('Ressources/images/tmp' . $img['name'], "Ressources/images", $img['name'], 800, 600);
unlink('Ressources/images/tmp' . $img['name']);
if (substr($img['name'], -3) == 'png') {
$img['name'] = str_replace('png', 'jpg', $img['name']);
}
$nom_image = $img['name'];
} else {
$nom_image = 'no_image.jpg';
}
// Ce premier switch va regarder le choix de l'user et définiera la variable categorie_media en fonction du choix textuel envoyé par le formulaire
FROM forum_categorie
LEFT JOIN forum_forum ON forum_categorie.cat_id = forum_forum.forum_cat_id
LEFT JOIN forum_post ON forum_post.post_id = forum_forum.forum_last_post_id
LEFT JOIN forum_topic ON forum_topic.topic_id = forum_post.topic_id
LEFT JOIN membres ON membres.id = forum_post.post_createur
ORDER BY cat_ordre, forum_ordre DESC');
//mysql_result($requete2,0);
while ($data2 = mysql_fetch_assoc($requete2)) {
if ($data2['cat_id'] == $data['cat_id']) {
if ($categorie != $data2['cat_id']) {
$categorie = $data2['cat_id'];
?>
<tr>
<th class='rankingHeader'></th>
<th class='rankingHeader' class="titre2"><strong><?php
echo Securite::html($data2['cat_nom']);
?>
</strong></th>
<th class='rankingHeader' class="nombremessages"><strong>Sujets</strong></th>
<th class='rankingHeader' class="nombresujets"><strong>Messages</strong></th>
<th class='rankingHeader' class="derniermessage"><strong>Dernier message</strong></th>
</tr>
<?php
}
echo '<tr><td><center><img src="themes/' . $theme . '/images/forums/message.gif" alt="message" /></center></td>
<td class="titre2"><strong><a href="index.php?module=forums&action=voirforum&f=' . $data2['forum_id'] . '">
' . $data2['forum_name'] . '</a></strong>
<br />' . $data2['forum_desc'] . '</td>
<td class="nombresujets">' . $data2['forum_topic'] . '</td>
<td class="nombremessages">' . $data2['forum_post'] . '</td>';
if (!empty($data2['forum_post'])) {
$requete1 = mysql_query('SELECT account_name, pseudo, membre_avatar,
membre_email, membre_msn, membre_signature, membre_siteweb, membre_post,
membre_inscrit, membre_localisation, cacher_email
FROM membres WHERE id=' . $membre . '');
if ($data1 = mysql_fetch_assoc($requete1)) {
//On affiche les infos sur le membre
echo '<p class="title">Mon Profil</p><br />';
echo '<p><img src="images/avatars/' . $data1['membre_avatar'] . '" alt="Aucun avatar" /></p>';
echo "<table>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Adresse E-Mail: </strong></td>\n\t\t\t\t\t\t\t<td>";
if ($data1['cacher_email'] == 1) {
echo "Email masqué";
} else {
echo "<a href=\"mailto:" . Securite::bdd($data1['membre_email']) . "\">" . Securite::bdd($data1['membre_email']) . "</a></td>";
}
echo "</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Windows Live Messenger: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::bdd($data1['membre_msn']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Site Web: </strong></td>\n\t\t\t\t\t\t\t<td><a href=\"" . Securite::bdd($data1['membre_siteweb']) . "\">" . Securite::bdd($data1['membre_siteweb']) . "</a></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Inscrit depuis le: </strong></td>\n\t\t\t\t\t\t\t<td>" . date('d/m/Y', $data1['membre_inscrit']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Messages postés: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::bdd($data1['membre_post']) . " messages</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Localisation: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::bdd($data1['membre_localisation']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Signature: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::html($data1['membre_signature']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t\t<br />";
if ($membre == $test) {
echo "<a href=\"index.php?module=profil&action=modifier&id=" . Securite::bdd($_SESSION['id']) . "\">Modifier mon profil</a>";
} else {
echo "";
}
} else {
echo "<p>Ce membre n'exister pas !</p>";
}
}
break;
}
} else {
echo "<p>Page réservée aux membres !<br />";
echo "connectez-vous ou inscrivez-vous !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
<th width="60"nowrap="nowrap">Niveau</th>
<th width="80" nowrap="nowrap">Points</th>
<th width="40" nowrap="nowrap">Rang</th>
<th nowrap="nowrap">Guilde</th>
</tr>
<?php
$ligne = 1;
if (mysql_num_rows($reponse2) < 1) {
echo "<tr><td colspan=\"8\">Il n'y a aucun Hordeux !</td></tr>";
} else {
while ($donnees2 = mysql_fetch_array($reponse2, MYSQL_ASSOC)) {
$race = Securite::bdd($donnees2['race']);
$gender = Securite::bdd($donnees2['gender']);
$class = Securite::bdd($donnees2['class']);
$name = Securite::bdd($donnees2['name']);
$guildid = Securite::bdd($donnees2['GNAME']);
$guild_name = mysql_query("SELECT name FROM guild WHERE guildid='{$guildid}'") or die(mysql_error());
$guild = mysql_fetch_array($guild_name, MYSQL_ASSOC);
$guildname = $guild['name'];
echo "<tr><td align=\"center\">";
echo $ligne++;
echo "</td><td align=\"center\">";
echo "<a href=\"armurerie-select.php?perso={$name}\">{$name}</a>";
echo "</td><td align=\"center\">";
echo "<img src='images/races/{$race}-{$gender}.gif' />";
echo "</td><td align=\"center\">";
echo "<img src='images/classes/{$class}.gif' />";
echo "</td><td align=\"center\">";
echo $donnees2['level'];
echo "</td><td align=\"center\">";
echo $donnees2['totalHonorPoints'];
$page['erreur'] = 'Problème !';
}
}
if (isset($_POST['titre'])) {
$titre_media = $_POST["titre"];
$reqRecupIDMedia = $bdd->prepare('SELECT id_media FROM medias WHERE titre_media= :media');
$reqRecupIDMedia->execute(array('media' => $titre_media));
$donnees = $reqRecupIDMedia->fetch(PDO::FETCH_ASSOC);
$IDMedia = $donnees['id_media'];
// Contient l'ID
if ($IDMedia != '') {
$reqRecupDelMedia = $bdd->prepare('SELECT * FROM medias WHERE titre_media= :media');
$reqRecupDelMedia->execute(array('media' => $titre_media)) or die(print_r($reqRecupDelMedia->errorInfo()));
$page['medias'] = array();
while ($donnees = $reqRecupDelMedia->fetch()) {
$nouveau = array();
$nouveau['titre'] = Securite::html($donnees['titre_media']);
$nouveau['isbn'] = Securite::html($donnees['isbn_media']);
$nouveau['resume'] = Securite::html($donnees['resume_media']);
$nouveau['emprunt'] = Securite::html($donnees['empruntable_media']);
$nouveau['image'] = Securite::html($donnees['nom_image']);
$nouveau['id_type'] = Securite::html($donnees['id_type']);
$nouveau['id_categorie'] = Securite::html($donnees['id_categorie']);
$nouveau['id_admin'] = Securite::html($donnees['id_admin']);
$nouveau['id'] = Securite::html($donnees['id_media']);
array_push($page['medias'], $nouveau);
}
} else {
$page['erreur'] = "Ce media n'existe pas !";
}
}
<?php
include "config.php";
include "fonctions.php";
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$pseudo = Securite::bdd($_GET["pseudo"]);
$result = mysql_query("SELECT username FROM account WHERE username='******'");
mysql_close();
if (mysql_num_rows($result) >= 1) {
echo "1";
} else {
echo "2";
}
echo "<p>Vous avez déjà signaler ce bug !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
} else {
echo "<p>Erreur de lien !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
} else {
echo "<p>Vous devez étre membre du site pour accèder à cette partie !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
break;
case "compteur_v":
verify_xsrf_token();
$id = Securite::bdd($_POST['id']);
$membre_id = Securite::bdd($_POST['membre']);
if (!empty($id)) {
mysql_query("UPDATE bugreport SET nb_signaler = nb_signaler + 1 WHERE id_bug = {$id}") or die(mysql_error());
mysql_query("INSERT INTO bug_signalant (id_bug, membre_id) VALUES ('{$id}','{$membre_id}')") or die("Erreur");
echo "ok";
} else {
echo "<p>Erreur de lien !</p>";
echo "<a href='index.php'>Retour</a>";
}
break;
default:
$sql = "SELECT * FROM bugreport ORDER BY id_bug DESC";
$resultat = mysql_query($sql) or die(mysql_error());
echo "\n\t\t\t<p class=\"title\">Liste de bugs connus</p>\t\n\t\t\t<br />";
echo "\n\t\t\t<form action=\"index.php?module=bugs&action=resultat\" method=\"POST\">Rechercher \n\t\t\t\t<select name=\"by\">\n\t\t\t\t\t<option value=\"id\">par ID</option>\n\t\t\t\t\t<option selected value=\"type_bug\">par Type</option>\n\t\t\t\t\t<option value=\"auteur_bug\">par Auteur</option>\n\t\t\t\t\t<option value=\"date_bug\">par date du bug</option>\n\t\t\t\t\t<option value=\"description_bug\">par description</option>\n\t\t\t\t\t<option value=\"reponse_bug\">par réponse</option>\n\t\t\t\t\t<option value=\"statut_bug\">par statut</option>\n\t\t\t\t\t<option value=\"mg_bug\">par MJ</option>\n\t\t\t\t</select>\n\t\t\t\t<input type=\"text\" name=\"perso\"><input type=\"submit\" value=\"Rechercher\">\n\t\t\t</form><br />";
echo "\n\t\t\t\t<table class=\"lined\" width=\"99%\" style='border-collapse: collapse'; align='center' width='90%' border='1' cellspacing='1' cellpadding='1'>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<th width=\"30\">id</th>\n\t\t\t\t\t\t<th width=\"80\">type</th>\n\t\t\t\t\t\t<th width=\"80\">Auteur</th>\n\t\t\t\t\t\t<th>Description</th>\n\t\t\t\t\t\t<th width=\"50\">Réponse</th>\n\t\t\t\t\t\t<th width=\"100\">Statut</th>\n\t\t\t\t\t\t<th width=\"80\">MJ</th>\n\t\t\t\t\t\t<th width=\"80\">Date du bug</th>\n\t\t\t\t\t\t<th width=\"80\">Déjà signaler</th>\n\t\t\t\t\t</tr>";
}
$royaume = royaume(Securite::get($_GET['royaume']));
switch ($_GET['action']) {
default:
echo "<p class=\"title\">" . $titre_armurerie . "</p>\n\t\t<p class=\"center\">A quelles armurerie voulez-vous accèder ?<br /><br />\n\t\t<form method=\"POST\" action=\"index.php?module=armurerie&action=recherche\">\n\t\t<select name=\"royaume\">";
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$SQL = "SELECT * FROM realmlist ORDER BY id ASC";
$result = mysql_query($SQL) or die("Erreur SQL");
while ($val = mysql_fetch_array($result)) {
echo "<OPTION VALUE='" . Securite::bdd($val['id']) . "'>" . Securite::bdd($val['name']) . "</option>";
}
echo "</select>\n\t\t<input type=\"submit\" value=\"Entrer\" />\n\t\t</form></p>";
break;
case "recherche":
$royaume = Securite::bdd($_POST['royaume']);
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$reponse = mysql_query("SELECT * FROM realmlist WHERE id = '" . $royaume . "'");
$donnees = mysql_fetch_array($reponse, MYSQL_ASSOC);
echo "<p class=\"title\">" . $titre_armurerie . "</p>\n\t\t<p class=\"center\">Royaume : " . $donnees['name'] . "</p>\n\t\t<form class=\"recherche\" method=\"{$_POST}\" action=\"armurerie-select.php\">\n\t\t<p><b>" . $lang_armurerie['character_name'] . "</b></p>\n\t\t<input type=\"text\" name=\"perso\" value=\"" . $lang_armurerie['perso_name'] . "\" size=\"30\" onFocus=\"javascript:this.value=''\" />\n\t\t<input type=\"hidden\" name=\"royaume\" value=\"" . $royaume . "\" />\n\t\t<input type=\"submit\" value=\"" . $lang_site['search'] . "\" /><br />\n\t\t</form>\n\t\t<br />\n\t\t<form class=\"recherche\" method=\"{$_POST}\" action=\"armurerie-select.php\">\n\t\t<SELECT NAME=\"perso\">";
mysql_connect($characters[$royaume]['host'], $characters[$royaume]['user'], $characters[$royaume]['password']) or die(mysql_error());
mysql_select_db($characters[$royaume]['db']) or die(mysql_error());
$SQL = "SELECT * FROM `characters` ORDER BY name ASC";
$result = mysql_query($SQL) or die("Erreur SQL");
while ($val = mysql_fetch_array($result)) {
echo "<OPTION VALUE='" . Securite::bdd($val[guid]) . "'>" . Securite::bdd($val[name]) . "</option>";
}
echo "</SELECT>\n\t\t<input type=\"hidden\" name=\"royaume\" value=\"" . $royaume . "\" />\n\t\t<input type=\"submit\" value=\"" . $lang_site['search'] . "\" /><br />\n\t\t</form>";
break;
}
<?php
if (empty($securite) or !isset($securite) or $securite != "ok") {
header("location: erreur.php?err=access_denied");
}
$royaume = royaume(Securite::get($_GET['royaume']));
include "kernel/id_tab.php";
echo "<p class=\"title\">{$titre_connecter}</p>";
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$reponse = mysql_query("SELECT * FROM `realmlist`") or die(mysql_error());
mysql_close();
while ($donnees = mysql_fetch_array($reponse, MYSQL_ASSOC)) {
mysql_connect($characters[$donnees['id']]['host'], $characters[$donnees['id']]['user'], $characters[$donnees['id']]['password']) or die(mysql_error());
mysql_select_db($characters[$donnees['id']]['db']) or die(mysql_error());
$reponse2 = mysql_query("SELECT COUNT(*) AS nombre FROM characters WHERE online= 1") or die(mysql_error());
$donnees2 = mysql_fetch_array($reponse2);
$online = $donnees2['nombre'];
mysql_close();
echo "<b><a href=\"index.php?module=connectes&royaume=" . $donnees['id'] . "\">Il y a {$online} joueurs connectés sur : " . $donnees['name'] . "</a></b><br>";
}
echo "<br />";
mysql_connect($characters[$royaume]['host'], $characters[$royaume]['user'], $characters[$royaume]['password']) or die(mysql_error());
mysql_select_db($characters[$royaume]['db']) or die(mysql_error());
if ($gm_visible_list == 1) {
$reponse2 = mysql_query("SELECT c.guid,c.name,c.race,c.class,c.zone,c.map,c.gender,c.level,r.gmlevel,\n\t\tCAST( SUBSTRING_INDEX(SUBSTRING_INDEX(c.data, ' ', " . (CHAR_DATA_OFFSET_ARENA_POINTS + 1) . "), ' ', -1) AS UNSIGNED) AS highest_rank,\n\t\tCAST( SUBSTRING_INDEX(SUBSTRING_INDEX(c.data, ' ', " . (CHAR_DATA_OFFSET_GUILD_ID + 1) . "), ' ', -1) AS UNSIGNED) as GNAME\n\t\tFROM " . $characters[$royaume]['db'] . ".characters c LEFT OUTER JOIN " . $realmd['db'] . ".account r ON r.id=c.account\n\t\tWHERE c.online = 1");
} else {
$reponse2 = mysql_query("SELECT c.guid,c.name,c.race,c.class,c.zone,c.map,c.gender,c.level,r.gmlevel,\n\t\tCAST( SUBSTRING_INDEX(SUBSTRING_INDEX(c.data, ' ', " . (CHAR_DATA_OFFSET_ARENA_POINTS + 1) . "), ' ', -1) AS UNSIGNED) AS highest_rank,\n\t\tCAST( SUBSTRING_INDEX(SUBSTRING_INDEX(c.data, ' ', " . (CHAR_DATA_OFFSET_GUILD_ID + 1) . "), ' ', -1) AS UNSIGNED) as GNAME\n\t\tFROM " . $characters[$royaume]['db'] . ".characters c LEFT OUTER JOIN " . $realmd['db'] . ".account r ON r.id=c.account\n\t\tWHERE c.online = 1 AND r.gmlevel = 0");
}
echo "\n\t<table class=\"lined\" style=\"border-collapse: collapse\"; width=\"99%\" border=\"1\" cellpadding=\"3\" cellspacing=\"0\" align=\"center\" class=\"sortable\">\n\t<tr>\n\t<th width=\"120\">" . $lang_player['name'] . "</th>\n\t<th width=\"30\">" . $lang_player['race'] . "</th>\n\t<th width=\"30\">" . $lang_player['class'] . "</th>\n\t<th width=\"30\">" . $lang_player['level'] . "</th>\n <th width=\"30\">" . $lang_player['rank'] . "</th>\n\t<th width=\"30\">" . $lang_player['faction'] . "</th>\n\t<th width=\"200\">" . $lang_player['guilde'] . "</th>\n\t<th width=\"80\">" . $lang_player['map'] . "</th>\n\t<th width=\"250\">" . $lang_player['zone'] . "</th>\n\t</tr>";
$reponse5 = mysql_query("SELECT COUNT(*) AS nombre FROM characters WHERE online= 1") or die(mysql_error());
while ($donnees = mysql_fetch_array($reponse, MYSQL_ASSOC)) {
$level = explode(' ', Securite::html($donnees['data']));
$niveau = $level[53];
$name = Securite::html($donnees['name']);
$sex = explode(' ', Securite::html($donnees['data']));
$sex = dechex($sex[36]);
$sex = str_pad($sex, 8, 0, STR_PAD_LEFT);
$sex = $sex[3];
echo "<tr><td align=\"center\">";
echo "<a href=\"armurerie-select.php?perso=" . $name . "\">" . $name . "</a>";
echo "</td><td align=\"center\">";
echo $niveau;
echo "</td><td align=\"center\">";
imgrace(Securite::html($donnees['race']));
echo "</td><td align=\"center\">";
imgclass(Securite::html($donnees['class']));
echo "</td><td align=\"center\">";
sex($sex);
echo "</td><td align=\"center\">";
side(Securite::html($donnees['race']));
echo "</td></tr>";
}
}
echo "</TABLE>";
pagination($ParPage, $total, $truc, $adresse);
} else {
echo "<p>Cette page n'existe pas !</p>";
echo "<a href=\"index.php?module=guildes\">Retour</a>";
}
break;
}
