$grl = arlistee($allgAr[$row['schl']], $teAr); $input = '<select name="' . $row['schl'] . '">' . $grl . '</select>'; } else { $input = 'Fehler in Datenbank!'; } } $tpl->set_ar_out(array('frage' => $row['frage'], 'input' => $input, 'schl' => $row['schl'], 'help' => is_null($row['helptext']) ? 0 : 1, 'helptext' => $row['helptext']), 4); } // Kategorien-Ende ausgeben, falls nötig if ($katid != 0) { $tpl->out(5); } // Template-Footer ausgeben $tpl->set('antispam', get_antispam('admin_allg', 1, true)); $tpl->out(6); } elseif (chk_antispam('admin_allg', true)) { $abf = 'SELECT * FROM `prefix_config` WHERE hide = 0 ORDER BY `kat` '; $erg = db_query($abf); while ($row = db_fetch_assoc($erg)) { if ($row['typ'] == 'password' and $_POST[$row['schl']] == '***') { continue; } elseif ($row['typ'] == 'password') { require_once 'include/includes/libs/AzDGCrypt.class.inc.php'; $cr64 = new AzDGCrypt(DBDATE . DBUSER . DBPREF); $_POST[$row['schl']] = $cr64->crypt($_POST[$row['schl']]); } db_query('UPDATE `prefix_config` SET wert = "' . escape($_POST[$row['schl']], 'textarea') . '" WHERE schl = "' . $row['schl'] . '"'); } wd('admin.php?allg', 'Erfolgreich geändert', 2); } // -----------------------------------------------------------|
<?php # Copyright by: Manuel # Support: www.ilch.de defined('main') or die('no direct access'); $title = $allgAr['title'] . ' :: Users :: Profil'; $hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Profil' . $extented_forum_menu_sufix; $design = new design($title, $hmenu, 1); if ($_SESSION['authright'] <= -1) { $csrfCheck = chk_antispam('user_profile_edit', true); if (empty($_POST['submit']) || !$csrfCheck) { $design->header(); $abf = 'SELECT email,wohnort,homepage,aim,msn,icq,yahoo,avatar,status,staat,gebdatum,sig,opt_pm_popup,opt_pm,opt_mail,geschlecht,spezrank FROM `prefix_user` WHERE id = "' . $_SESSION['authid'] . '"'; $erg = db_query($abf); if (db_num_rows($erg) > 0) { $row = db_fetch_assoc($erg); $tpl = new tpl('user/profil_edit'); $row['staat'] = '<option></option>' . arliste($row['staat'], get_nationality_array(), $tpl, 'staat'); $row['geschlecht0'] = $row['geschlecht'] < 1 ? 'checked' : ''; $row['geschlecht1'] = $row['geschlecht'] == 1 ? 'checked' : ''; $row['geschlecht2'] = $row['geschlecht'] == 2 ? 'checked' : ''; if ($row['status'] == 1) { $row['status1'] = 'checked'; $row['status0'] = ''; } else { $row['status1'] = ''; $row['status0'] = 'checked'; } if ($row['opt_mail'] == 1) { $row['opt_mail1'] = 'checked'; $row['opt_mail0'] = '';
<?php /** * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) * @copyright (C) 2000-2010 ilch.de * @version $Id$ */ defined('main') or die('no direct access'); defined('admin') or die('only admin access'); $design = new design('Ilch Admin-Control-Panel :: Regeln', '', 2); $design->header(); $um = ''; if (isset($_REQUEST['um'])) { $um = $_REQUEST['um']; } if (!empty($_POST['sub']) and chk_antispam('adminuser_action', true)) { $text = escape($_POST['text'], 'string'); $titel = escape($_POST['titel'], 'string'); $zahl = escape($_POST['zahl'], 'integer'); if (empty($_POST['sid'])) { db_query('INSERT INTO `prefix_rules` (`text`,`titel`,`zahl`) VALUES ( "' . $text . '","' . $titel . '","' . $zahl . '" ) '); } else { $sid = escape($_POST['sid'], 'integer'); db_query('UPDATE `prefix_rules` SET `text` = "' . $text . '", `titel` = "' . $titel . '", `zahl` = "' . $zahl . '" WHERE `id` = "' . $sid . '"'); } } if (!empty($_GET['delete'])) { $delete = escape($_GET['delete'], 'integer'); db_query('DELETE FROM `prefix_rules` WHERE `id` = "' . $delete . '" LIMIT 1'); } if (empty($_GET['sid'])) {
$sek = 4; if (isset($_GET['sek'])) { $sek = $_GET['sek']; } $diashow_html = '<meta http-equiv="refresh" content="' . $sek . '; URL=index.php?gallery-show-' . $cid . '-p' . $next . '=0&diashow=shownext&sek=' . $sek . '">'; $diashow = $page . '=0&diashow=stop'; } # anzeigen $tpl = new tpl('gallery_show'); $arr = array('cid' => $cid, 'last' => $last, 'next' => $next, 'diashow' => $diashow, 'diashow_html' => $diashow_html, 'endung' => $row['endung'], 'id' => $row['id'], 'vote_wertung' => $row['vote_wertung'], 'vote_klicks' => $row['vote_klicks'], 'bildr' => $page, 'besch' => unescape($row['besch']), 'breite' => $breite, 'hoehe' => $hoehe); $tpl->set_ar_out($arr, 0); # kommentare if ($allgAr['gallery_img_koms'] == 1) { # eintragen $insertmsg = ''; if ((loggedin() or isset($_POST['name'])) and !empty($_POST['text']) and $antispam = chk_antispam('gallery')) { if (loggedin()) { $name = $_SESSION['authname']; } else { $name = escape($_POST['name'], 'string'); if (db_count_query('SELECT COUNT(*) FROM prefix_user WHERE name = "' . $name . '"')) { $insertmsg .= 'Der Name ist bereits für einen registrierten User vergeben'; } } if (empty($insertmsg)) { $text = escape($_POST['text'], 'string'); db_query("INSERT INTO prefix_koms (name,text,uid,cat) VALUES ('" . $name . "','" . $text . "'," . $row['id'] . ",'GALLERYIMG')"); } } elseif (isset($_POST['subgalkom']) and !$antispam) { $insertmsg .= 'Falscher Antispam'; }
<?php # Copyright by: Manuel # Support: www.ilch.de defined('main') or die('no direct access'); if ($forum_rights['mods'] == FALSE) { $forum_failure[] = 'Keine Berechtigung dieses Forum zu moderiren'; } check_forum_failure($forum_failure); $title = $allgAr['title'] . ' :: Forum :: ' . aktForumCats($aktForumRow['kat'], 'title') . ' :: ' . $aktForumRow['name']; $hmenu = $extented_forum_menu . '<a class="smalfont" href="index.php?forum">Forum</a><b> » </b>' . aktForumCats($aktForumRow['kat']) . '<b> » </b>' . $aktForumRow['name'] . $extented_forum_menu_sufix; $design = new design($title, $hmenu, 1); $design->header(); $csrfCheck = chk_antispam('forum_edit_forum', true); if ((isset($_POST['del']) or isset($_POST['shift']) or isset($_POST['status'])) and (empty($_POST['in']) or isset($_POST['in']) and (!is_array($_POST['in']) or count($_POST['in']) < 1))) { wd('index.php?forum-editforum-' . $fid, 'Es wurden keine Themen gewählt.', 2); } elseif (isset($_POST['status']) && $csrfCheck) { foreach ($_POST['in'] as $k => $v) { $k = escape($k, 'integer'); $astat = db_result(db_query("SELECT stat FROM prefix_topics WHERE id = " . $k), 0, 0); $nstat = $astat == 1 ? 0 : 1; db_query("UPDATE `prefix_topics` SET stat = '" . $nstat . "' WHERE id = " . $k); } wd('index.php?forum-showtopics-' . $fid, 'Status geändert', 2); } elseif (!$csrfCheck || empty($_POST['del']) && empty($_POST['shift'])) { $limit = $allgAr['Ftanz']; // Limit $page = $menu->getA(3) == 'p' ? $menu->getE(3) : 1; $MPL = db_make_sites($page, "WHERE fid = '{$fid}'", $limit, '?forum-editforum-' . $fid, 'topics'); $anfang = ($page - 1) * $limit; $q = "SELECT a.id, a.name, a.rep, a.erst, a.hit, a.art, a.stat, b.time, b.erst as last, b.id as pid\r\n FROM prefix_topics a\r\n \tLEFT JOIN prefix_posts b ON a.last_post_id = b.id\r\n \tWHERE a.fid = {$fid}\r\n \tORDER BY a.art DESC, b.time DESC\r\n \tLIMIT " . $anfang . "," . $limit;
if (!isset($_SESSION['klicktime'])) { $_SESSION['klicktime'] = 0; } $topic = ''; $txt = ''; $xnn = ''; if (isset($_POST['topic'])) { $topic = trim(escape($_POST['topic'], 'string')); } if (isset($_POST['txt'])) { $txt = trim(escape($_POST['txt'], 'textarea')); } if (isset($_POST['Gname'])) { $xnn = trim(escape_nickname($_POST['Gname'])); } if ($_SESSION['klicktime'] + 15 > $dppk_time or empty($topic) or empty($txt) or !empty($_POST['priview']) or empty($_POST['Gname']) and !loggedin() or !chk_antispam('newtopic')) { $design = new design($title, $hmenu, 1); $design->header($load); $tpl = new tpl('forum/newtopic'); $name = ''; if (!loggedin()) { $name = '<tr><td class="Cmite"0><b>' . $lang['name'] . '</b></td>'; $name .= '<td class="Cnorm"><input type="text" value="' . unescape($xnn) . '" maxlength="15" name="Gname"></td></tr>'; } if (isset($_POST['priview'])) { $tpl->set_out('txt', bbcode(unescape($txt)), 0); } $ar = array('name' => $name, 'txt' => escape_for_fields(unescape($txt)), 'topic' => escape_for_fields(unescape($topic)), 'fid' => $fid, 'SMILIES' => getsmilies(), 'antispam' => get_antispam('newtopic', 1)); $tpl->set_ar_out($ar, 1); } else { // save toipc
} function admin_allg_wars_last_komms($ak) { $ar = array(0 => 'nein', -1 => 'ab User', -3 => 'ab Trial', -4 => 'ab Member'); $l = ''; foreach ($ar as $k => $v) { if ($k == $ak) { $sel = ' selected'; } else { $sel = ''; } $l .= '<option' . $sel . ' value="' . $k . '">' . $v . '</option>'; } return $l; } $csrfCheck = chk_antispam('admin_allg', true); if (empty($_POST['submit']) || !$csrfCheck) { $gfx = admin_allg_gfx($allgAr['gfx']); $smodul = admin_allg_smodul($allgAr['smodul']); $wars_last_komms = admin_allg_wars_last_komms($allgAr['wars_last_komms']); echo '<table cellpadding="0" cellspacing="0" border="0"><tr><td><img src="include/images/icons/admin/konfiguration.png" /></td><td width="30"></td><td valign="bottom"><h1>Konfiguration</h1></td></tr></table>'; echo '<form action="admin.php?allg" method="POST">'; echo '<table cellpadding="3" cellspacing="1" class="border" border="0">'; # echo '<tr class="Chead"><td colspan="2"><b>Konfiguration</b></td></tr>'; $ch = ''; $abf = 'SELECT * FROM `prefix_config` ORDER BY kat,pos,typ ASC'; $erg = db_query($abf); while ($row = db_fetch_assoc($erg)) { if ($ch != $row['kat']) { echo '<tr><td colspan="2" class="Cdark"><b>' . $row['kat'] . '</b></td></tr>'; }
<?php /** * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) * @copyright (C) 2000-2010 ilch.de * @version $Id$ */ defined('main') or die('no direct access'); defined('admin') or die('only admin access'); if (isset($_POST['bbwy']) and isset($_POST['filename']) and isset($_POST['akl']) and chk_antispam('adminuser_action', true)) { // speichern $akl = $_POST['akl']; $text = $_POST['bbwy']; // $text = rteSafe($_POST['text']); $text = set_properties(array('title' => $_POST['title'], 'hmenu' => $_POST['hmenu'], 'view' => $_POST['view'], 'viewoptions' => $_POST['viewoptions'], 'wysiwyg' => $_POST['wysiwyg'])) . $text; $text = edit_text(stripslashes($text), true); $a = substr($akl, 0, 1); // $e = substr ( $akl, 1 ); // if ( $e != 'neu' ) { // unlink ( 'include/contents/selfbp/self'.$a.'/'.$e ); // } if (!empty($_POST['exfilename']) and $_POST['exfilename'] != $_POST['filename']) { $exfilename = escape($_POST['exfilename'], 'string'); @unlink('include/contents/selfbp/self' . $a . '/' . $exfilename); } $filename = get_nametosave($_POST['filename']); $fname = 'include/contents/selfbp/self' . $a . '/' . $filename; save_file_to($fname, $text); if ($_POST['toggle'] == 0) { $design->header(); wd('admin.php?selfbp=0&akl=' . $a . $filename, 'Ihre Änderungen wurden gespeichert...', 3);
// breite und höhe des bildes $dimension = @getimagesize($updir . $bannername); $bildbreite = $dimension['0']; $bildhohe = $dimension['1']; // alles in die Datenbank schreiben $insert_banner = db_query("INSERT INTO `prefix_linkus`\r\n\t\t\t\t\t\t\t(\r\n\t\t\t\t\t\t\t\tname, datei, hoch, breit, link, views, klicks\r\n\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t\t(\r\n\t\t\t\t\t\t\t\t'" . $upload_name . "', '" . $bannername . "', " . $bildbreite . ", " . $bildhohe . ", '" . $upload_link . "', 0, 0\r\n\t\t\t\t\t\t\t)"); if ($insert_banner === false) { echo 'Fehler beim speichern in die Datenbank'; } } else { echo 'unbekannter Fehler beim verschieben der Datei'; } } } // Banner Update if (isset($_POST['seteditbanner']) and chk_antispam('adminuser_action', true)) { // escapes $edit_id = escape($_POST['hiddeneditid'], 'integer'); $edit_name = escape($_POST['editbannername'], 'string'); $edit_link = escape($_POST['editlink'], 'string'); $get_edit_qry = db_query("SELECT id,name,link,datei FROM `prefix_linkus` WHERE id = " . $edit_id . ""); $edit_row = db_fetch_assoc($get_edit_qry); if ($_FILES['editbannerfield']['error'] == 4 and $edit_name == $edit_row['name'] and $edit_link == $edit_row['link']) { wd('admin.php?linkus', 'Keine Änderungen vorgenommen', 3); $design->footer(1); } else { if ($_FILES['editbannerfield']['error'] == 0) { // alten Banner löschen @unlink($updir . $row['datei']); // Dateiname bereits vorhanden ? if (is_readable($updir . $_FILES['editbannerfield']['name'])) {
$tpl->set('BBCode_ScreenMaxHoehe', $_POST['BBCode_ScreenMaxHoehe']); } } $tpl->out(0); break; // > Badwordlist // > Badwordlist case 'badword': // > Design ausgeben! $design = new design('Ilch Admin-Control-Panel :: BBcode-Badwords', '- Badwords', 2); $design->header(); $tpl = new tpl('bbcode/badword', 1); $tpl->set('msgColor', '#0033FF'); $tpl->set('Message', ''); $tpl->set('ANTISPAM', get_antispam('adminuser_action', 0, true)); if (isset($_POST['BB_SubmitBadword']) && $_POST['BBCode_BadPatter'] != "" && $_POST['BBCode_BadReplace'] != "" and chk_antispam('adminuser_action', true)) { $sql = db_query("SELECT\r\n\t\t\t\t\t\t\t\tfcBadPatter,\r\n\t\t\t\t\t\t\t\tfcBadReplace\r\n\t\t\t\t\t\t\t FROM\r\n\t\t\t\t\t\t\t \tprefix_bbcode_badword\r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tfcBadPatter='" . $_POST['BBCode_BadPatter'] . "'"); $if = db_fetch_assoc($sql); if (isset($if['fcBadPatter'])) { $tpl->set('msgColor', '#FF0000'); $tpl->set('Message', 'Badword existiert schon in der Datenbank!'); } else { db_query("INSERT INTO\r\n\t\t\t\t\t\t\tprefix_bbcode_badword\r\n\t\t\t\t\t\t\t\t(fcBadPatter,fcBadReplace)\r\n\t\t\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t\t\t('" . $_POST['BBCode_BadPatter'] . "','" . $_POST['BBCode_BadReplace'] . "');"); $tpl->set('msgColor', '#0033FF'); $tpl->set('Message', 'Badword wurde erfolgreich gespeichert!'); } } // > Badword Löschen! if ($menu->get(2) == "delete") { db_query('DELETE FROM `prefix_bbcode_badword` WHERE `fnBadwordNr` = "' . $menu->get(3) . '"'); }
function kalender_listoutput() { global $komsOK, $tpl, $eid, $data, $data_id, $gday, $month, $year, $days, $arr_day, $title_liste, $view, $allgAr; //Listbegin $tpl->set_ar_out(array('TITLE' => $eid ? $data_id[$eid]['title'] : $title_liste, 'TITLE_ALIGN' => $eid ? '' : ' align="center"'), "listbegin"); //Detail if ($eid) { $aus['display'] = 'style="display:none"'; $aus['DETAIL_DATE'] = date('d.m.Y', $data_id[$eid]['time']); $aus['DETAIL_TIME'] = date('H:i', $data_id[$eid]['time']); $aus['DETAIL_TEXT'] = BBcode($data_id[$eid]['text']); $aus['ID'] = $eid; $viewl = $allgAr['kalender_standard_list']; if (preg_match('%\\?kalender-v([0|1])%i', $_SERVER['HTTP_REFERER'], $match)) { $viewl = $match[1]; } $aus['BACK_LINK'] = 'index.php?kalender-v' . $viewl . '-m' . date('m', $data_id[$eid]['time']) . '-y' . date('Y', $data_id[$eid]['time']); if (!$komsOK) { $tpl->set_ar_out($aus, 'detail'); } else { if ((loggedin() or chk_antispam('kalender_komms')) and $komsOK and !empty($_POST['name']) and !empty($_POST['text'])) { if (loggedin()) { $name = $_SESSION['authname']; $userid = $_SESSION['authid']; } else { $name = escape($_POST['name'], 'string') . ' (Gast)'; $userid = 0; } $text = escape($_POST['text'], 'string'); db_query("INSERT INTO `prefix_koms` (`name`,`userid`,`text`,`time`,`uid`,`cat`) VALUES ('" . $name . "', " . $userid . ", '" . $text . "','" . time() . "', " . $eid . ", 'KALENDER')"); } if (loggedin()) { $aus['uname'] = $_SESSION['authname']; $aus['readonly'] = 'readonly'; } else { $aus['uname'] = ''; $aus['readonly'] = ''; } $aus['ANTISPAM'] = get_antispam('kalenderkom', 0); $aus['text'] = bbcode($aus['text']); $tpl->set_ar_out($aus, 'detail'); $tpl->set_ar_out($aus, 'commentstart'); $erg = db_query("SELECT `id`, `name`, `userid`, `text`, `time` FROM `prefix_koms` WHERE `uid` = " . $eid . " AND `cat` = 'KALENDER' ORDER BY `id` DESC"); $anz = db_num_rows($erg); if ($anz == 0) { echo 'Keine Kommentare vorhanden'; } else { while ($r1 = db_fetch_assoc($erg)) { if (has_right(-7, 'kalender')) { $del = ' <a href="index.php?kalender-v1-e' . $eid . '-d' . $r1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>'; } $r1['zahl'] = $anz; $r1['avatar'] = get_avatar($r1['userid']); $r1['time'] = post_date($r1['time'], 1) . $del; $r1['text'] = bbcode($r1['text']); $tpl->set_ar_out($r1, 'comments'); $anz--; } } } $tpl->out('commentend'); // Kommentare Ende } elseif ($view == 0) { for ($i = 0; $i < $days; $i++) { $date = mktime(0, 0, 0, $month, $i + 1, $year); $text = ''; if (isset($data[$date])) { foreach ($data[$date] as $eventinfo) { $text .= eventlink($tpl, $view, $eventinfo); // bbcode anwenden $eventinfo["text"] = BBCode($eventinfo["text"]); $tooltips .= $tpl->set_ar_get($eventinfo, "tooltip"); } } $aus['LIST_I'] = $i + 1; $aus['LIST_D'] = $arr_day[date('w', mktime(0, 0, 0, $month, $i + 1, $year))]; $aus['LIST_T'] = $text; $class = $i % 2 ? 'Cnorm' : 'Cmite'; $aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class; $tpl->set_ar_out($aus, 'listitem'); unset($aus); } showTooltips($tpl, $tooltips); } elseif ($view == 1) { // Nur ein Tag if (isset($data) && !empty($gday)) { $date = mktime(0, 0, 0, $month, $gday, $year); $i = 1; $tooltips = ''; if (isset($data[$date])) { foreach ($data[$date] as $eventinfo) { $text = ''; $text .= eventlink($tpl, $view, $eventinfo); $aus['LIST_I'] = $arr_day[date('w', $date)]; $aus['LIST_D'] = date('H:i', $eventinfo['time']); $aus['LIST_T'] = $text; $class = $i % 2 ? 'Cnorm' : 'Cmite'; $aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class; $tpl->set_ar_out($aus, 'listitem'); unset($aus); $i++; // bbcode anwenden $eventinfo["text"] = BBCode($eventinfo["text"]); $tooltips .= $tpl->set_ar_get($eventinfo, "tooltip"); } } showTooltips($tpl, $tooltips); // Ganze Liste } elseif (isset($data)) { $i = 1; foreach ($data as $date => $data1) { $text = ''; foreach ($data1 as $eventinfo) { $text .= eventlink($tpl, $view, $eventinfo); } $aus['LIST_I'] = date('d.m.Y', $date); $aus['LIST_D'] = $arr_day[date('w', $date)]; $aus['LIST_T'] = $text; $class = $i % 2 ? 'Cnorm' : 'Cmite'; $aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class; $tpl->set_ar_out($aus, 'listitem'); unset($aus); $i++; // bbcode anwenden $eventinfo["text"] = BBCode($eventinfo["text"]); $tooltips .= $tpl->set_ar_get($eventinfo, "tooltip"); } showTooltips($tpl, $tooltips); } else { $aus['LIST_I'] = '-'; $aus['LIST_D'] = '-'; $aus['LIST_T'] = '-'; $aus['LIST_CLASS'] = 'Cnorm'; $tpl->set_ar_out($aus, 'listitem'); unset($aus); } } $tpl->out('listend'); }
exit; } $far = array('clanname', 'clanpage', 'clantag', 'clancountry', 'mailaddy', 'icqnumber', 'squad', 'meetingplace', 'message', 'xonx', 'game', 'matchtype', 'date', 'stunde', 'minute'); $x = 0; $fightusspam = false; $fehler = ''; foreach ($far as $v) { if (!empty($_POST[$v])) { ${$v} = escape($_POST[$v], 'string'); $x++; } else { ${$v} = ''; } } if (isset($_POST['submit'])) { if (chk_antispam('fightus') != true) { $fehler .= '· ' . $lang['incorrectspam'] . '<br/>'; $fightusspam = false; } else { $fightusspam = true; } } if (count($far) == $x and $fightusspam == true) { $squad = escape($squad, 'integer'); $abf = "SELECT `mod1`,`mod2`, `mod3`,`name` FROM `prefix_groups` WHERE `id` = " . $squad; $erg = db_query($abf); $row = db_fetch_assoc($erg); $txt = $lang['fightusrequest']; $sekunde = '00'; $datum = get_datum($date) . ' - ' . $stunde . ':' . $minute . ':' . $sekunde; $clanpage = get_homepage($clanpage);
if (empty($_POST['wer'])) { $fehler .= '· ' . $lang['emptywer'] . '<br/>'; } if (empty($_POST['name'])) { $fehler .= '· ' . $lang['emptyname'] . '<br/>'; } if (empty($_POST['mail'])) { $fehler .= '· ' . $lang['emptyemail'] . '<br/>'; } if (empty($_POST['subject'])) { $fehler .= '· ' . $lang['emptysubject'] . '<br/>'; } if (empty($_POST['txt'])) { $fehler .= '· ' . $lang['emptymessage'] . '<br/>'; } if (chk_antispam('contact') != true) { $fehler .= '· ' . $lang['incorrectspam'] . '<br/>'; } // if ($fehler == '') { $name = escape_for_email($_POST['name']); $mail = escape_for_email($_POST['mail']); $subject = escape_for_email($_POST['subject'], true); $wer = escape_for_email($_POST['wer']); $text = $_POST['txt']; $wero = false; foreach ($k as $a) { $e = explode('|', $a); if (md5($e[0]) == $wer) { $wero = true; $wer = $e[0];
<?php // Copyright by Manuel // Support www.ilch.de defined('main') or die('no direct access'); if (loggedin()) { $shoutbox_VALUE_name = $_SESSION['authname']; } else { $shoutbox_VALUE_name = 'Nickname'; } if (has_right($allgAr['sb_recht'])) { if (!empty($_POST['shoutbox_submit']) and chk_antispam('shoutbox')) { $shoutbox_nickname = escape($_POST['shoutbox_nickname'], 'string'); $shoutbox_nickname = substr($shoutbox_nickname, 0, 15); $shoutbox_textarea = escape($_POST['shoutbox_textarea'], 'textarea'); $shoutbox_textarea = preg_replace("/\\[.?(url|b|i|u|img|code|quote)[^\\]]*?\\]/i", "", $shoutbox_textarea); $shoutbox_textarea = strip_tags($shoutbox_textarea); if (!empty($shoutbox_nickname) and !empty($shoutbox_textarea)) { db_query('INSERT INTO `prefix_shoutbox` (`nickname`,`textarea`) VALUES ( "' . $shoutbox_nickname . '" , "' . $shoutbox_textarea . '" ) '); header('Location: index.php?' . $menu->get_complete()); } } echo '<form action="index.php?' . $menu->get_complete() . '" method="POST">'; echo '<input type="text" size="15" name="shoutbox_nickname" value="' . $shoutbox_VALUE_name . '" onFocus="if (value == \'' . $shoutbox_VALUE_name . '\') {value = \'\'}" onBlur="if (value == \'\') {value = \'' . $shoutbox_VALUE_name . '\'}" maxlength="15">'; echo '<br /><textarea style="width: 80%" cols="15" rows="2" name="shoutbox_textarea"></textarea><br />'; $antispam = get_antispam('shoutbox', 0); echo $antispam; if (!empty($antispam)) { echo '<br />'; } echo '<input type="submit" value="' . $lang['formsub'] . '" name="shoutbox_submit">';
} $row['ssurl'] = $row['ssurl'] != '' ? '<img src="' . $row['ssurl'] . '" alt="' . $row['name'] . ' ' . $row['version'] . '" title="' . $row['name'] . ' ' . $row['version'] . '" style="float:left; border: none; padding-right:5px;" />' : ''; $row['surl'] = empty($row['surl']) ? '' : ' <a href="' . $row['surl'] . '" target="_blank">Demo/Screenshot</a>'; $row['size'] = get_download_size($row['url']); $row['descl'] = bbcode($row['descl']); $row['version_kl'] = empty($row['version']) ? '' : '(' . $row['version'] . ')'; $title = $allgAr['title'] . ' :: Downloads ' . $cattitle; $hmenu = '<a class="smalfont" href="?downloads">Downloads</a>' . $catname; $design = new design($title, $hmenu); $header = array('jquery/jquery.validate.js', 'forms/downloads.js'); $design->header($header); $tpl->set_ar_out($row, 0); // Kommentare if ($komsOK) { $id = escape($menu->get(2), 'integer'); if (chk_antispam('downloads') and isset($_POST['name']) and isset($_POST['text'])) { if (loggedin()) { $name = $_SESSION['authname']; $userid = $_SESSION['authid']; } else { $name = escape($_POST['name'], 'string') . ' (Gast)'; $userid = 0; } $text = escape($_POST['text'], 'string'); db_query("INSERT INTO `prefix_koms` (`name`,`userid`,`text`,`time`,`uid`,`cat`) VALUES ('" . $name . "', " . $userid . ", '" . $text . "','" . time() . "', " . $id . ", 'DOWNLOAD')"); } if ($menu->getA(3) == 'd' and is_numeric($menu->getE(3)) and has_right(-7, 'downloads')) { $did = escape($menu->getE(3), 'integer'); db_query("DELETE FROM `prefix_koms` WHERE `uid` = " . $id . " AND `cat` = 'DOWNLOAD' AND `id` = " . $did); } $r['ANTISPAM'] = get_antispam('downloads', 0);
case 'edit': if ($getid != 0 and !empty($getid)) { $getpicname = db_result(db_query("SELECT logo FROM `prefix_opponents` WHERE id = " . $getid . "")); $editqry = db_query("SELECT * FROM `prefix_opponents` WHERE id = " . $getid . ""); $outar = db_fetch_assoc($editqry); $outar['nationen'] = ''; $flagsar = get_nationality_array(); foreach ($flagsar as $key => $value) { if ($outar['nation'] == $key) { $outar['nationen'] .= '<option value="' . $key . '" selected="selected">' . $value . '</option>'; } else { $outar['nationen'] .= '<option value="' . $key . '" >' . $value . '</option>'; } } $outar['aktuellesLogo'] = '<img src="include/images/opponents/thumb_' . $outar['logo'] . '"/>'; if (isset($_POST['editsubmit']) and chk_antispam('adminuser_action', true)) { $editclantag = @escape($_POST['editgegnertag'], 'string'); $editclanname = @escape($_POST['editclanname'], 'string'); $editurl = escape($_POST['editwebsite'], 'url'); $editnation = escape($_POST['editnation'], 'string'); $editicq = escape($_POST['editicq'], 'integer'); $editemail = escape_for_email($_POST['editemail']); $updir = 'include/images/opponents/'; $this_id = $getid; $outar['thumbwidth'] = 100; if (!empty($_FILES['editlogo']['tmp_name'])) { $uploadname = $getid . '_' . $_FILES["editlogo"]["name"]; if ($getpicname != '.no-image-opponent.png' and $getpicname != 'thumb_.no-image-opponent.png') { @unlink('include/images/opponents/' . $getpicname . ''); @unlink('include/images/opponents/thumb_' . $getpicname . ''); }
$row = db_fetch_object(db_query("SELECT `t1` FROM `prefix_allg` WHERE `k` = 'kontakt'")); $k = explode('#', $row->t1); $k[$_GET['wo']] = $_POST['mail'] . '|' . $_POST['name']; $nk = implode('#', $k); db_query("UPDATE `prefix_allg` SET `t1` = '" . $nk . "' WHERE `k` = 'kontakt'"); break; } case 2: $row = db_fetch_object(db_query("SELECT `t1` FROM `prefix_allg` WHERE `k` = 'kontakt'")); $k = explode('#', $row->t1); unset($k[$_GET['del']]); $nk = implode('#', $k); db_query("UPDATE `prefix_allg` SET `t1` = '" . $nk . "' WHERE `k` = 'kontakt'"); break; case 3: if (chk_antispam('adminuser_action', true)) { $row = db_fetch_object(db_query("SELECT `t1` FROM `prefix_allg` WHERE `k` = 'kontakt'")); $nk = $row->t1 . '#' . $_POST['mail'] . '|' . $_POST['name']; db_query("UPDATE `prefix_allg` SET `t1` = '" . $nk . "' WHERE `k` = 'kontakt'"); break; } case 5: db_query('UPDATE `prefix_allg` SET ' . $feld . ' = "' . $ak . '" WHERE `k` = "kontakt"'); break; } $tpl = new tpl('contact', 1); $tpl->set('ANTISPAM', get_antispam('adminuser_action', 0, true)); $tpl->out(0); $row = db_fetch_object(db_query("SELECT `t1`,`v2`,`v1` FROM `prefix_allg` WHERE `k` = 'kontakt'")); $k = explode('#', $row->t1); $b = explode('#', $row->v2);
<?php # Copyright by: Manuel # Support: www.ilch.de defined('main') or die('no direct access'); if ($forum_rights['mods'] == FALSE) { $forum_failure[] = 'Keine Berechtigung dieses Forum zu moderiren'; check_forum_failure($forum_failure); } $title = $allgAr['title'] . ' :: Forum :: ' . $aktForumRow['kat'] . ' :: ' . $aktForumRow['name'] . ' :: ' . $aktTopicRow['name'] . ' :: Beitrag löschen'; $hmenu = $extented_forum_menu . '<a class="smalfont" href="index.php?forum">Forum</a><b> » </b><a class="smalfont" href="index.php?forum-showcat-' . $aktForumRow['cid'] . '">' . $aktForumRow['kat'] . '</a><b> » </b><a class="smalfont" href="index.php?forum-showtopics-' . $fid . '">' . $aktForumRow['name'] . '</a><b> » </b>'; $hmenu .= '<a class="smalfont" href="index.php?forum-showposts-' . $tid . '">' . $aktTopicRow['name'] . '</a> <b> » </b>Beitrag löschen' . $extented_forum_menu_sufix; $design = new design($title, $hmenu, 1); $design->header(); $postid = escape($menu->get(3), 'integer'); $csrfCheck = chk_antispam('forum_del_post', true); if (empty($_POST['delete']) || !$csrfCheck) { $tpl = new tpl('forum/del_post'); $tpl->set_ar(array('tid' => $tid, 'get3' => $postid, 'antispam' => get_antispam('forum_del_post', 0, true))); $tpl->out(0); } elseif ($csrfCheck) { $erstid = @db_result(db_query("SELECT erstid FROM `prefix_posts` WHERE id = " . $postid . " LIMIT 1"), 0); if ($erstid > 0) { db_query("UPDATE `prefix_user` SET posts = posts - 1 WHERE id = {$erstid}"); } db_query("DELETE FROM `prefix_posts` WHERE id = " . $postid . " LIMIT 1"); $erg = db_query("SELECT MAX(id) FROM prefix_posts WHERE tid = " . $tid); $max = db_result($erg, 0); db_query("UPDATE `prefix_topics` SET last_post_id = " . $max . ", `rep` = `rep` - 1 WHERE id = " . $tid); db_query("UPDATE `prefix_forums` SET last_post_id = " . $max . ", posts = posts - 1 WHERE id = " . $fid); $tpl = new tpl('forum/del_post');
opt_pm = "' . $opt_pm . '", opt_pm_popup = "' . $opt_pm_popup . '", gebdatum = "' . $gebdatum . '", sig = "' . $sig . '" ' . $avatar_sql_update . ' WHERE id = "' . $uid . '"'); } } wd('admin.php?user-1-' . $uid, 'Das Profil wurde erfolgreich geaendert', 2); $design->footer(); break; // mal kurz nen neuen user anlegen // mal kurz nen neuen user anlegen case 'createNewUser': $msg = ''; if (!empty($_POST['name']) and !empty($_POST['pass']) and !empty($_POST['email']) and chk_antispam('adminuser_create', true)) { $_POST['name'] = escape($_POST['name'], 'string'); $_POST['recht'] = escape($_POST['recht'], 'integer'); $_POST['email'] = escape($_POST['email'], 'string'); $erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $_POST['name'] . "'"); if (db_num_rows($erg) > 0) { $msg = 'Der Name ist leider schon vorhanden!'; } else { $new_pass = $_POST['pass']; $passwordHash = user_pw_crypt($new_pass); db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email)\r\n\t\t VALUES('" . $_POST['name'] . "','" . $passwordHash . "'," . $_POST['recht'] . ",'" . time() . "','" . time() . "','" . $_POST['email'] . "')"); $userid = db_last_id(); db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",2,'1')"); db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",3,'1')"); if (isset($_POST['info'])) { $page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
<?php /** * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) * @copyright (C) 2000-2010 ilch.de * @version $Id$ */ defined('main') or die('no direct access'); if (is_siteadmin()) { //Einträge löschen (ajax) if (isset($_POST['del'])) { if (chk_antispam('shoutboxarchive', true)) { if (isset($_POST['all'])) { //alle $save = escape($_POST['all'], 'i'); $anz = db_result(db_query("SELECT COUNT(*) FROM `prefix_shoutbox`"), 0) - $save; if ($anz > 0) { db_query("DELETE FROM `prefix_shoutbox` ORDER BY `id` LIMIT " . $anz); } echo '"reload"'; } else { //einzeln oder ausgewählte $ids = escape($_POST['chk'], 'i'); if (is_int($ids) and $ids > 0) { $ids = array($ids); } if (!empty($ids)) { db_query('DELETE FROM `prefix_shoutbox` WHERE `id` IN (' . implode(',', $ids) . ')'); echo json_encode($ids); } else { echo '"error"';
$name = escape($_POST['name'], 'string'); $mail = escape($_POST['mail'], 'string'); $page = escape($_POST['page'], 'string'); db_query("INSERT INTO prefix_gbook (`name`,`mail`,`page`,`time`,`ip`,`txt`) VALUES ('" . $name . "', '" . $mail . "', '" . $page . "', '" . time() . "', '" . getip() . "', '" . $txt . "')"); $_SESSION['klicktime_gbook'] = $dppk_time; wd('index.php?gbook', $lang['insertsuccessful']); } else { echo '- ' . $lang['donotpostsofast']; echo '<br />- ' . sprintf($lang['gbooktexttolong'], $allgAr['Gtxtl']); echo '<br />- ' . $lang['plsfilloutallfields']; } break; case 'show': if ($allgAr['gbook_koms_for_inserts'] == 1) { $id = escape($menu->get(2), 'integer'); if (chk_antispam('gbookkom') and isset($_POST['name']) and isset($_POST['text'])) { $name = escape($_POST['name'], 'string'); $text = escape($_POST['text'], 'string'); db_query("INSERT INTO prefix_koms (name,text,uid,cat) VALUES ('" . $name . "', '" . $text . "', " . $id . ", 'GBOOK')"); } if ($menu->getA(3) == 'd' and is_numeric($menu->getE(3)) and has_right(-7, 'gbook')) { $did = escape($menu->getE(3), 'integer'); db_query("DELETE FROM prefix_koms WHERE uid = " . $id . " AND cat = 'GBOOK' AND id = " . $did); } $r = db_fetch_assoc(db_query("SELECT time, name, mail, page, txt as text, id FROM prefix_gbook WHERE id = " . $id)); $r['datum'] = date('d.m.Y', $r['time']); if ($r['page'] != '') { $r['page'] = get_homepage($r['page']); $r['page'] = ' <a href="' . $r['page'] . '" target="_blank"><img src="include/images/icons/page.gif" border="0" alt="Homepage ' . $lang['from'] . ' ' . $r['name'] . '"></a>'; } if ($r['mail'] != '') {
} $x++; } } } } // AJAX Start $xajax = new xajax('http://' . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"] . '?kalender=0'); $xajax->registerFunction("XAJAX_showCalendar"); $xajax->processRequest(); // DESIGN $design = new design('Ilch Admin-Control-Panel :: Kalender', '', 2); $design->header(); // AJAX ausgabe echo $xajax->printJavascript(); if (!empty($_REQUEST['um']) and chk_antispam('adminuser_action', true)) { $sar = explode('-', $_POST['begind']); if (!@checkdate($sar[1], $sar[2], $sar[0])) { echo 'Das eingegebene Datum ist nicht gültig '; echo '<a href="javascript:history.back()">zurück</a>'; $design->footer(1); } if (!empty($_POST['zende'])) { $ear = explode('-', $_POST['zende']); if (!@checkdate($ear[1], $ear[2], $ear[0])) { echo 'Das eingegebene Datum für das Zyklusende ist nicht gültig '; echo '<a href="javascript:history.back()">zurück</a>'; $design->footer(1); } } $z = '';
# Copyright by: Manuel # Support: www.ilch.de defined('main') or die('no direct access'); $title = $allgAr['title'] . ' :: Kontakt'; $hmenu = 'Kontakt'; $design = new design($title, $hmenu); $design->header(); $erg = db_query("SELECT v2,t1,v1 FROM prefix_allg WHERE k = 'kontakt'"); $row = db_fetch_assoc($erg); $k = explode('#', $row['t1']); $name = ''; $mail = ''; $subject = ''; $wer = ''; $text = ''; if (!empty($_POST['wer']) and !empty($_POST['mail']) and !empty($_POST['txt']) and !empty($_POST['name']) and !empty($_POST['subject']) and chk_antispam('contact')) { $name = escape_for_email($_POST['name']); $mail = escape_for_email($_POST['mail']); $subject = escape_for_email($_POST['subject'], true); $wer = escape_for_email($_POST['wer']); $text = $_POST['txt']; $wero = FALSE; foreach ($k as $a) { $e = explode('|', $a); if (md5($e[0]) == $wer) { $wero = TRUE; $wer = $e[0]; break; } } if (strpos($text, 'Content-Type:') === FALSE and strpos($text, 'MIME-Version:') === FALSE and strpos($mail, '@') !== FALSE and $wero === TRUE and strlen($name) <= 30 and strlen($mail) <= 30 and strlen($text) <= 5000 and $mail != $name and $name != $text and $text != $mail) {
if (0 == db_count_query("SELECT COUNT(*) FROM prefix_groups WHERE show_fightus = 1")) { echo $lang['noteamthere']; $design->footer(); exit; } $far = array('clanname', 'clanpage', 'clantag', 'clancountry', 'mailaddy', 'icqnumber', 'squad', 'meetingplace', 'message', 'xonx', 'matchtype', 'game', 'meetingtime'); $x = 0; foreach ($far as $v) { if (!empty($_POST[$v])) { ${$v} = escape($_POST[$v], 'string'); $x++; } else { ${$v} = ''; } } if (count($far) == $x and chk_antispam('fightus')) { $squad = escape($squad, 'integer'); $abf = "SELECT `mod1`,`mod2`, `mod3`,name FROM prefix_groups WHERE id = " . $squad; $erg = db_query($abf); $row = db_fetch_assoc($erg); $txt = $lang['fightusrequest']; list($datum, $zeit) = explode(' - ', $meetingtime); $datum = get_datum($datum); $datum = $datum . " " . $zeit; $clanpage = get_homepage($clanpage); # als upcoming war vormerken (kategorie 1) db_query("INSERT INTO prefix_wars (datime,`status`,gegner,tag,page,mail,icq,wo,tid,`mod`,game,mtyp,land,txt) VALUES ('" . $datum . "','1','" . $clanname . "','" . $clantag . "','" . $clanpage . "','" . $mailaddy . "','" . $icqnumber . "','" . $meetingplace . "','" . $squad . "','" . $xonx . "','" . $game . "','" . $matchtype . "','" . $clancountry . "','" . $message . "')"); # pm an den leader sendpm($_SESSION['authid'], $row['mod1'], 'Fightus Anfrage', $txt, -1); # Wenn Co Leader != Leader if ($row['mod1'] != $row['mod2']) {
$sel = ''; } $liste .= '<option' . $sel . ' value="' . $k . '">' . $v . '</option>'; } return $liste; } $um = $menu->get(1); if ($menu->get(1) == 'del') { db_query('DELETE FROM `prefix_poll` WHERE `poll_id` = "' . $_GET['del'] . '"'); db_query('DELETE FROM `prefix_poll_res` WHERE `poll_id` = "' . $_GET['del'] . '"'); } if ($menu->get(1) == 5) { db_query('UPDATE `prefix_poll` SET `stat` = "' . $_GET['ak'] . '" WHERE `poll_id` = "' . $_GET['id'] . '"'); } // A L L E V O T E S W E R D E N A N G E Z E I G T if (isset($_POST['sub']) and chk_antispam('adminuser_action', true)) { $_POST['frage'] = escape($_POST['frage'], 'string'); $_POST['poll_recht'] = escape($_POST['poll_recht'], 'integer'); $_POST['vid'] = escape($_POST['vid'], 'integer'); if (empty($_POST['vid'])) { db_query('INSERT INTO `prefix_poll` (`frage`,`recht`,`stat`,`text`) VALUES ( "' . $_POST['frage'] . '" , "' . $_POST['poll_recht'] . '" , "1" ,"") '); $poll_id = db_last_id(); $i = 1; foreach ($_POST['antw'] as $v) { if (!empty($v)) { $v = escape($v, 'string'); db_query('INSERT INTO `prefix_poll_res` (`sort`,`poll_id`,`antw`,`res`) VALUES ( "' . $i . '" , "' . $poll_id . '" , "' . $v . '" , "" ) '); $i++; } } } else {
echo 'Dieser Bereich ist nicht fuer dich...'; $design->footer(); exit; } $authMethods = array('no' => 'keine', 'auth' => 'einfache Authentifizierung', 'tls' => 'TLS', 'ssl' => 'SSL'); $keys = array('smtp_host', 'smtp_port', 'smtp_auth', 'smtp_pop3beforesmtp', 'smtp_pop3host', 'smtp_pop3port', 'smtp_login', 'smtp_email', 'smtp_login', 'smtp_pass', 'smtp_changesubject'); //Daten aus Datenbank lesen $qry = db_query('SELECT `t1` FROM `prefix_allg` WHERE `k` = "smtpconf"'); if (db_num_rows($qry) == 0 or ($smtpser = db_result($qry)) == '') { $smtp = array_fill_keys($keys, ''); $smtp['smtp_changesubject'] = 1; } else { $smtp = unserialize($smtpser); } //Formular verabeiten if (isset($_POST['subform']) and chk_antispam('smtpconf', true)) { if (!empty($_POST['smtp_pass'])) { require_once 'include/includes/class/AzDGCrypt.class.inc.php'; $cr64 = new AzDGCrypt(DBDATE . DBUSER . DBPREF); $smtp['smtp_pass'] = $cr64->crypt($_POST['smtp_pass']); } unset($_POST['smtp_pass']); foreach ($keys as $key) { if (isset($_POST[$key])) { $smtp[$key] = $_POST[$key]; } } if (!isset($_POST['smtp_pop3beforesmtp'])) { $smtp['smtp_pop3beforesmtp'] = 0; } $smtpsql = escape(serialize($smtp), 'textarea');
${$v} = escape($_POST[$v], 'string'); $x++; } else { ${$v} = ''; } } $xname = escape_nickname($name); $ch_name = false; $joinusspam = true; if (loggedin()) { $ch_name = true; } elseif (isset($_POST['sub']) and $name == $xname and !empty($name) and 0 == db_result(db_query("SELECT COUNT(*) FROM `prefix_user` WHERE `name_clean` = BINARY '" . get_lower($name) . "'"), 0)) { $ch_name = true; } if (isset($_POST['sub'])) { if (chk_antispam('joinus') != true) { $fehler .= '· ' . $lang['incorrectspam'] . '<br/>'; $joinusspam = false; } } if (count($far) != $x or $ch_name == false or $joinusspam == false) { $tpl = new tpl('joinus.htm'); $skill = '<option></option>'; $skill .= arlistee($skill, $skill_ar); $squad = '<option></option>'; $squad .= dblistee($squad, "SELECT `id`,`name` FROM `prefix_groups` WHERE `show_joinus` = 1 ORDER BY `pos`"); if (loggedin()) { $name = $_SESSION['authname']; } foreach ($far as $v) { if ($x > 0 and empty($_POST[$v])) {
</select> \t\t\t<input type="checkbox" name="andhigher" id="cb_andhigher" value="1" /> \t\t\t<label for="cb_andhigher">und für alle höheren Rechte</label> END; } $objResponse->assign('list', 'innerHTML', $content); $objResponse->setEvent('nl_auswahl', 'onchange', 'checkEmail();'); return $objResponse; } $xajax = new xajax('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?newsletter=0'); $xajax->configureMany(array('characterEncoding' => 'ISO-8859-1', 'decodeUTF8Input' => true)); $xajax->registerFunction('XAJAX_changeList'); $xajax->processRequest(); $design = new design('Admins Area', 'Admins Area', 2); $design->header(); if (isset($_POST['SEND']) and chk_antispam('newsletter', true)) { $mailopm = substr($_POST['auswahl'], 0, 1); $usrogrp = substr($_POST['auswahl'], 1, 1); if ($_POST['auswahl'] == 'Enews') { $q = "SELECT `email` FROM `prefix_newsletter`"; } elseif ($usrogrp == 'u') { $q = "SELECT `email`,`name` as `uname`,`id` as `uid` FROM `prefix_user` WHERE `recht` <= '-1'"; } elseif ($usrogrp == 'g') { $gid = substr($_POST['auswahl'], 2, strlen($_POST['auswahl']) - 1); $q = "SELECT `b`.`email`, `b`.`name` as `uname`, `b`.`id` as `uid` FROM `prefix_groupusers` `a` LEFT JOIN `prefix_user` `b` ON `a`.`uid` = `b`.`id` WHERE `a`.`gid` = '{$gid}'"; } elseif ($usrogrp == 'r') { $q = "SELECT `email`,`id` as `uid` FROM `prefix_user` WHERE `recht` " . (isset($_POST['andhigher']) ? '<' : '') . "= '" . substr($_POST['auswahl'], 2, strlen($_POST['auswahl']) - 1) . "'"; } $erg = db_query($q); $zahler = 0; if (db_num_rows($erg) > 0) {
$nid = escape($menu->get(1), 'integer'); $row = db_fetch_object(db_query("SELECT * FROM `prefix_news` WHERE news_id = '" . $nid . "'")); if (has_right(array($row->news_recht))) { $komsOK = true; if ($allgAr['Ngkoms'] == 0) { if (loggedin()) { $komsOK = true; } else { $komsOK = false; } } if ($allgAr['Nukoms'] == 0) { $komsOK = false; } # kommentar add if ((loggedin() or chk_antispam('newskom')) and $komsOK and !empty($_POST['name']) and !empty($_POST['txt'])) { $_POST['txt'] = escape($_POST['txt'], 'string'); $_POST['name'] = escape($_POST['name'], 'string'); db_query("INSERT INTO `prefix_koms` (`uid`,`cat`,`name`,`text`) VALUES (" . $nid . ",'NEWS','" . $_POST['name'] . "','" . $_POST['txt'] . "')"); } # kommentar add # kommentar loeschen if ($menu->getA(2) == 'd' and is_numeric($menu->getE(2)) and has_right(-7, 'news')) { $kommentar_id = escape($menu->getE(2), 'integer'); db_query("DELETE FROM prefix_koms WHERE uid = " . $nid . " AND cat = 'NEWS' AND id = " . $kommentar_id); } # kommentar loeschen $kategorie = news_find_kat($row->news_kat); $textToShow = bbcode($row->news_text); $textToShow = str_replace('[PREVIEWENDE]', '', $textToShow); if (!empty($such)) {
foreach ($far as $v) { if (!empty($_POST[$v])) { ${$v} = escape($_POST[$v], 'string'); $x++; } else { ${$v} = ''; } } $xname = escape_nickname($name); $ch_name = false; if (loggedin()) { $ch_name = true; } elseif (isset($_POST['sub']) and $name == $xname and !empty($name) and 0 == db_result(db_query("SELECT COUNT(*) FROM prefix_user WHERE name = BINARY '" . $name . "'"), 0)) { $ch_name = true; } if (count($far) != $x or $ch_name == false or !chk_antispam('joinus')) { $tpl = new tpl('joinus.htm'); $skill = arlistee($skill, $skill_ar); $squad = '<option value="0">choose</option>'; $squad .= dblistee($squad, "SELECT id,name FROM prefix_groups WHERE show_joinus = 1 ORDER BY pos"); if (loggedin()) { $name = $_SESSION['authname']; } foreach ($far as $v) { if ($x > 0 and empty($_POST[$v])) { echo 'missing: ' . $lang[$v] . '<br />'; } $tpl->set($v, ${$v}); } if ($x > 0 and $name != $xname) { echo $lang['wrongnickname'] . '<br />';