function admin_cms_edit($id) { global $db; ob_end_clean(); $db->setMode(0); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['cms']['edit'] or @$_SESSION['rights']['superadmin']) { $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $head = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'eadline_')) { $head[substr($key, strpos($key, '_') + 1)] = $value; } } if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_cms SET `headline` = \'%s\', `content` = \'%s\', `access` = \'%s\' WHERE cmsID = %d', strsave(json_encode($head)), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id))) { echo 'ok'; } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_texte() { global $db, $countries; if (isset($_POST['submit'])) { foreach ($_POST as $key => $value) { if (strpos($key, '_h_')) { $lang = substr($key, 0, strpos($key, '_')); $name = substr($key, strpos($key, '_') + 3); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_texte SET content = \'%s\', content2 = \'%s\' WHERE name= \'%s\' AND lang = \'%s\';', strsave($_POST[$lang . '_' . $name]), strsave($value), strsave($name), strsave($lang)); $db->query($sql); } } header('Location: ?section=admin&site=texte'); } else { $tpl = new smarty(); $lang = get_languages(); $db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte ORDER BY lang ASC'); while ($row = $db->fetch_assoc()) { foreach ($lang as $key => $value) { if ($value['lang'] == $row['lang']) { $lang[$key]['data'][$row['name']] = htmlspecialchars($row['content']); $lang[$key]['headline'][$row['name']] = htmlspecialchars($row['content2']); } } } $tpl->assign('lang', $lang); ob_start(); $tpl->display(DESIGN . '/tpl/admin/texte.html'); $content = ob_get_contents(); ob_end_clean(); main_content(TEXTE, $content, '', 1); } }
function shoutbox_add() { global $db; if (isset($_GET['ajax'])) { $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); } $last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="shoutbox" AND (IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\' OR (userID != 0 AND userID = ' . @(int) $_SESSION['userID'] . '))'); if (!@$_SESSION['userID'] and $_POST['shout_username'] == '' and $_POST['shout_captcha'] == '' and $_POST['shoutbox_msgbox'] == '') { if (isset($_GET['ajax'])) { echo html_ajax_convert(NOT_NEED_ALL_INPUTS); } else { table(ERROR, NOT_NEED_ALL_INPUTS); } } elseif (!@$_SESSION['userID'] and strtolower($_POST['shout_captcha']) != strtolower($_SESSION['captcha_mini'])) { if (isset($_GET['ajax'])) { echo html_ajax_convert(CAPTCHA_WRONG); } else { table(ERROR, CAPTCHA_WRONG); } } elseif (@$_SESSION['userID'] and $_POST['shoutbox_msgbox'] == '') { if (isset($_GET['ajax'])) { echo html_ajax_convert(NOT_NEED_ALL_INPUTS); } else { table(ERROR, NOT_NEED_ALL_INPUTS); } } elseif ($last > time() - SPAM_SHOUTBOX or @(int) $_COOKIE['shoutbox'] > time() - SPAM_SHOUTBOX) { $last > time() - SPAM_SHOUTBOX ? $zeit = SPAM_SHOUTBOX + $last - time() : ($zeit = SPAM_SHOUTBOX + $_COOKIE['shoutbox'] - time()); if (isset($_GET['ajax'])) { echo html_ajax_convert(str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG)); } else { table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG)); } } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `userID`, `author`, `beitrag`, `datum`, `IP`) VALUES (\'shoutbox\', %d, \'%s\', \'%s\', %d, \'%s\')', @$_SESSION['userID'], strsave(htmlspecialchars(@$_POST['shout_username'])), strsave(htmlspecialchars(substr($_POST['shoutbox_msgbox'], 0, SHOUTBOX_MAX_CHARS))), time(), strsave($_SERVER['REMOTE_ADDR'])); if ($db->query($sql)) { setcookie('shoutbox', time(), time() + 365 * 86400); if (isset($_GET['ajax'])) { echo 'ok'; } else { if ($_SERVER['HTTP_REFERER'] != '') { header('Location: ' . $_SERVER['HTTP_REFERER'] . '#com_' . $db->last_id()); } else { header1('?section=news#com_' . $db->last_id()); } } } } if (isset($_GET['ajax'])) { die; } }
function admin_settings() { global $db, $countries; if (isset($_POST['submit'])) { unset($_POST['submit']); $_POST['SITE_URL'] = strrpos($_POST['SITE_URL'], '/') !== strlen($_POST['SITE_URL']) - 1 ? check_url($_POST['SITE_URL'] . '/') : check_url($_POST['SITE_URL']); $sql = 'UPDATE ' . DB_PRE . 'ecp_settings SET '; foreach ($_POST as $key => $value) { $sql .= $key . ' = "' . strsave($value) . '", '; } $sql = substr($sql, 0, strlen($sql) - 2); if ($db->query($sql)) { header('Location: ?section=admin&site=settings'); } } else { $dir = scan_dir('templates', true); $designs = ''; foreach ($dir as $value) { if (is_dir('templates/' . $value)) { $designs .= '<option ' . ($value == DESIGN ? 'selected="selected"' : '') . ' value="' . $value . '">' . $value . '</option>'; } } $tpl = new smarty(); $tpl->assign('designs', $designs); $tpl->assign('langs', get_languages()); $dir = scan_dir('module', true); $start = ''; foreach ($dir as $value) { if (is_dir('module/' . $value)) { $start .= '<option ' . ('modul|' . $value == STARTSEITE ? 'selected="selected"' : '') . ' value="modul|' . $value . '">' . $value . '</option>'; } } $start .= '<option value="">-----' . OWN_SITES . '----</option>'; $db->query('SELECT headline, cmsID FROM ' . DB_PRE . 'ecp_cms ORDER BY headline ASC'); while ($row = $db->fetch_assoc()) { $title = json_decode($row['headline'], true); isset($title[LANGUAGE]) ? $title = $title[LANGUAGE] : ($title = $title[DEFAULT_LANG]); $start .= '<option ' . ('cms|' . $row['cmsID'] == STARTSEITE ? 'selected="selected"' : '') . ' value="cms|' . $row['cmsID'] . '">' . $title . '</option>'; } $tpl->assign('startseite', $start); ob_start(); $tpl->display(DESIGN . '/tpl/admin/settings.html'); $content = ob_get_contents(); ob_end_clean(); main_content(SETTINGS, $content, '', 1); } }
function admin_topics_edit($id) { global $db; ob_end_clean(); $db->setMode(0); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['topics']['edit'] or @$_SESSION['rights']['superadmin']) { if ($_POST['topicname'] == '' or !$_POST['topicbild']) { echo NOT_NEED_ALL_INPUTS; } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_topics SET `topicname` = \'%s\', `beschreibung` = \'%s\', `topicbild` = \'%s\' WHERE tID = %d', strsave($_POST['topicname']), strsave($_POST['beschreibung']), strsave($_POST['topicbild']), $id))) { echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_links_edit($id) { ob_end_clean(); global $db; if (!isset($_SESSION['rights']['admin']['links']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if ($_POST['name'] == '' or $_POST['url'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $db->setMode(0); ajax_convert_array($_POST); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_links SET `name` = \'%s\', `url` = \'%s\', `bannerurl` = \'%s\', `beschreibung` = \'%s\', `hits` = %d WHERE linkID = %d', strsave($_POST['name']), strsave(check_url($_POST['url'])), strsave(check_url($_POST['bannerurl'])), strsave($_POST['beschreibung']), (int) $_POST['hits'], $id); if ($db->query($sql)) { echo 'ok'; } } } die; }
function admin_matchtype_edit($id) { global $db; $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['clanwars']['matchtype_edit'] or @$_SESSION['rights']['superadmin']) { if ($_POST['name'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_matchtype SET `matchtypename` = \'%s\', `fightus` = %d WHERE matchtypeID= %d', strsave($_POST['name']), (int) @$_POST['fightus'], $id); if ($db->query($sql)) { echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_server_edit($id) { ob_end_clean(); global $db; ajax_convert_array($_POST); if (!isset($_SESSION['rights']['admin']['server']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if ($_POST['ip'] == '' or $_POST['port'] == '' or $_POST['gametype'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $db->setMode(0); list($_POST['port'], $_POST['queryport'], $_POST['sport']) = lgsl_port_conversion($_POST['gametype'], $_POST['port'], $_POST['queryport'], $_POST['sport']); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_server SET `gamename` = \'%s\', `gametype` = \'%s\', `passwort` = \'%s\', `displaymenu` = %d, `ip` = \'%s\', `port` = %d, `queryport` = %d, `sport` = %d, `stat` = %d WHERE serverID = %d', strsave(@$_POST['gamename']), strsave($_POST['gametype']), strsave(@$_POST['passwort']), (int) @$_POST['displaymenu'], strsave($_POST['ip']), (int) $_POST['port'], (int) $_POST['queryport'] == 0 ? (int) $_POST['port'] : (int) $_POST['queryport'], (int) $_POST['sport'], (int) @$_POST['stat'], $id); if ($db->query($sql)) { echo 'ok'; } } } die; }
function admin_calendar_add() { global $db; ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['calendar']['add'] or @$_SESSION['rights']['superadmin']) { $db->setMode(0); $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_calendar (`eventname`, `inhalt`, `access`, `datum`, `userID`) VALUES (\'%s\', \'%s\', \'%s\', %d, %d)', strsave($_POST['eventname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), strtotime($_POST['datum']), $_SESSION['userID']))) { echo 'ok'; } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_clanwars_editnext($id) { if (@$_SESSION['rights']['admin']['clanwars']['edit_next'] or @$_SESSION['rights']['superadmin']) { global $db; if (isset($_POST['datum'])) { if (!$_POST['oppID']) { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_opp (`oppname`, `oppshort`, `homepage`, `country`) VALUES (\'%s\', \'%s\',\'%s\',\'%s\')', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country'])); } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET `oppname` = \'%s\', `oppshort` = \'%s\', `homepage` = \'%s\', `country` = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave(check_url($_POST['homepage'])), strsave($_POST['country']), @$_POST['oppID']); } if ($db->query($sql)) { !$_POST['oppID'] ? $oppid = $db->last_id() : ($oppid = (int) $_POST['oppID']); $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $players = array(); foreach ($_POST['players'] as $value) { $value = trim($value); if (strpos($value, 'team_') !== false) { $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_members WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1)); while ($row = $db->fetch_assoc()) { if (!in_array($row['userID'], $players)) { $players[] = $row['userID']; } } } elseif (strpos($value, 'member_') !== false) { $ids = substr($value, strpos($value, '_') + 1); if (!in_array($ids, $players)) { $players[] = $ids; } } } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars SET `tID` = %d, `mID` = %d, `gID` = %d, `datum` = %d, `xonx` = \'%s\', hinweise = \'%s\', `oID` = %d, `matchlink` = \'%s\', `resultbylocations` = %d, `server` = \'%s\', `livestream` = \'%s\', `pw` = \'%s\', `meldefrist` = %d WHERE warID = %d', (int) $_POST['teamID'], (int) $_POST['matchtypeID'], (int) $_POST['gameID'], strtotime($_POST['datum']), (int) $_POST['xonx1'] . 'on' . (int) $_POST['xonx2'], strsave(json_encode($lang)), $oppid, strsave(check_url($_POST['matchlink'])), (int) @$_POST['winbymaps'], strsave($_POST['server']), strsave($_POST['livestream']), strsave($_POST['pw']), strtotime($_POST['meldefrist']), $id); if ($db->query($sql)) { //$db->query('DELETE FROM '.DB_PRE.'ecp_wars_teilnehmer WHERE warID = '.$id); $aktive = array(); $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id); while ($row = $db->fetch_assoc()) { $aktive[$row['userID']] = true; } $db->query('SELECT scoreID FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC'); $ids = array(); while ($row = $db->fetch_assoc()) { $ids[] = $row['scoreID']; } $own = 0; $opp = 0; foreach ($_POST as $key => $value) { if (strpos($key, 'map_') !== false) { @$i++; if ((int) @$_POST['winbymaps']) { if ((int) $_POST['score_' . $i . '_own'] > (int) $_POST['score_' . $i . '_opp']) { $own++; } elseif ((int) $_POST['score_' . $i . '_own'] < (int) $_POST['score_' . $i . '_opp']) { $opp++; } else { $opp++; $own++; } } else { $own += (int) $_POST['score_' . $i . '_own']; $opp += (int) $_POST['score_' . $i . '_opp']; } if (isset($ids[$i - 1])) { $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_scores SET `lID` = %d, `ownscore` = %d, `oppscore` = %d WHERE scoreID = %d', (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'], $ids[$i - 1])); } else { $db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_scores (`wID`, `lID`, `ownscore`, `oppscore`) VALUES (%d, %d, %d, %d)', $id, (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'])); } } } if (count($players)) { $text = $db->fetch_assoc('SELECT `content`, `content2` FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEXT_WAR_MSG" AND lang = "' . DEFAULT_LANG . '"'); if ($_POST['messagemode'] == 1) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1); } else { $aktive[(int) $value] = false; } } } elseif ($_POST['messagemode'] == 2) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1); } else { $aktive[(int) $value] = false; } } } elseif ($_POST['messagemode'] == 3) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1); send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1); } else { $aktive[(int) $value] = false; } } } else { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); } else { $aktive[(int) $value] = false; } } } } foreach ($aktive as $key => $value) { if ($value == true) { $db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $key . ' AND warID = ' . $id); } } header1('?section=admin&site=clanwars'); } } } else { $data = $db->fetch_assoc('SELECT `tID`, `mID`, `gID`, `datum`, `xonx`, `hinweise`, `server`, `pw`, meldefrist, livestream, `oID`, `matchlink`, `resultbylocations`, `oppname`, `oppshort`, `homepage`, `country` FROM ' . DB_PRE . 'ecp_wars LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON (oppID = oID) WHERE warID = ' . $id); $tpl = new smarty(); foreach ($data as $key => $value) { $tpl->assign($key, $value); } $tpl->assign('opps', get_opps($data['oID'])); $tpl->assign('countries', form_country($data['country'])); $tpl->assign('games', get_games_form($data['gID'])); $tpl->assign('teams', get_teams_form($data['tID'])); $tpl->assign('matchtype', get_matchtype_form($data['mID'])); $tpl->assign('lang', get_languages(json_decode($data['hinweise'], true))); $tpl->assign('func', 'editnext&id=' . $id); $tpl->assign('datum', date('Y-m-d H:i:s', $data['datum'])); $tpl->assign('meldefrist', date('Y-m-d H:i:s', $data['meldefrist'])); $xonx = explode('on', $data['xonx']); $tpl->assign('xonx1', $xonx[0]); $tpl->assign('xonx2', $xonx[1]); $result = $db->query('SELECT `scoreID`, `lID`, `ownscore`, `oppscore` FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC'); $maps = array(); while ($row = mysql_fetch_assoc($result)) { $row['i'] = @++$i; $db->query('SELECT locationID, locationname FROM ' . DB_PRE . 'ecp_wars_locations WHERE gID = ' . $data['gID']); while ($subrow = $db->fetch_assoc()) { $subrow['locationID'] == $row['lID'] ? $sub = 'selected="selected"' : ($sub = ''); @($row['maps'] .= '<option ' . $sub . ' value="' . $subrow['locationID'] . '">' . htmlspecialchars($subrow['locationname']) . '</option>'); } $maps[] = $row; } $tpl->assign('maps', $maps); $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id); $players = array(); while ($row = $db->fetch_assoc()) { $players[] = $row['userID']; } $tpl->assign('members', get_cw_members($players)); ob_start(); $tpl->display(DESIGN . '/tpl/admin/clanwars_next.html'); $content = ob_get_contents(); ob_end_clean(); main_content(CLANWARS_EDIT, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
function teams_edit_member($id, $uid) { ob_end_clean(); global $db; $db->setMode(0); ajax_convert_array($_POST); if (!isset($_SESSION['rights']['admin']['teams']['edit_member']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_members SET `name` = \'%s\', `aufgabe` = \'%s\', `aktiv` = %d WHERE teamID = %d AND userID = %d', strsave($_POST['username']), strsave($_POST['task']), (int) @$_POST['aktiv'], $id, $uid))) { echo 'ok'; } } die; }
function forum_search($id) { global $db; if ($id) { $sql = 'SELECT `tID`, `bID`, `comID`, com.userID, `postname`, `adatum`, `comment`, u1.username, `edits`, `editdatum`, `edituserID`, com.IP, `attachs`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, `lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`, `anhaenge`, `rating`, `ratingvotes`, a.boardparentID, a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname, u1.sex, u1.signatur, u1.country, comments, money, u1.avatar, u2.username as editfrom, lastklick as online FROM ' . DB_PRE . 'ecp_forum_comments as com LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (com.userID = u1.ID) LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (com.edituserID = u2.ID) LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (com.userID = ' . DB_PRE . 'ecp_user_stats.userID) LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = com.userID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE (a.rightsread = "" OR ' . str_replace('access', 'a.rightsread', $_SESSION['access_search']) . ') AND (a.boardparentID = 0 OR b.rightsread = "" OR ' . str_replace('access', 'b.rightsread', $_SESSION['access_search']) . ') AND com.userID = ' . $id . ' GROUP BY comID'; $db->query($sql); if ($db->num_rows()) { if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_search (`userID`, `IP`, `SID`, `datum`, `stichwort`, `suchart`, `fromusername`, `usersuchart`, `foren`, `alterart`, `altervalue`, `sortart`, `sortorder`, `sqlquery`, viewas) VALUES ( %d, \'%s\', \'%s\', %d, \'%s\', %d, \'%s\', %d, \'%s\', \'%s\', %d, \'%s\', \'%s\', \'%s\', \'%s\' )', @$_SESSION['userID'], strsave($_SERVER['REMOTE_ADDR']), session_id(), time(), '', 1, $db->result(DB_PRE . 'ecp_user', 'username', 'ID =' . $id), 1, '', '=>', 0, 'adatum', 'DESC', strsave($sql), 'comments'))) { header1('?section=forum&action=searchresults&id=' . $db->last_id()); } } else { table(ERROR, FORUM_SEARCH_NO_RESULTS); unset($_POST['submit']); forum_search(0); } } else { if (isset($_POST['submit'])) { $_POST['username'] = str_replace(array('&feld&', '&feld2&'), '', $_POST['username']); $_POST['stichwort'] = str_replace(array('&feld&', '&feld2&'), '', $_POST['stichwort']); if ($_POST['stichwort'] == '' and $_POST['username'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); unset($_POST['submit']); forum_search(0); } else { if (strlen($_POST['stichwort']) < 3 and $_POST['username'] == '') { table(ERROR, FORUM_SEARCH_MIN_3_CHARS); unset($_POST['submit']); forum_search(0); } else { if (count(@$_POST['foren'])) { foreach ($_POST['foren'] as $value) { @($boards .= ' OR a.boardID = ' . (int) $value . ' OR a.boardparentID = ' . (int) $value); } $boardids .= ',' . (int) $value; $boards = '(' . substr($boards, 4) . ') AND '; } @($boards .= '(a.rightsread = "" OR ' . str_replace('access', 'a.rightsread', $_SESSION['access_search']) . ') AND (a.boardparentID = 0 OR b.rightsread = "" OR ' . str_replace('access', 'b.rightsread', $_SESSION['access_search']) . ') AND'); $_POST['alterart'] == '>=' ? '' : ($_POST['alterart'] = '<='); $_POST['sortorder'] == 'DESC' ? '' : ($_POST['sortorder'] = 'ASC'); switch ($_POST['sortart']) { case 'adatum': break; case 'threadname': break; case 'posts': $_POST['sortart'] = 'c.posts'; break; case 'views': break; case 'datum': break; case 'name': break; case 'rating': break; default: $_POST['sortart'] = 'adatum'; } if ($_POST['altervalue'] >= 1 and $_POST['suchart'] == 1) { $addsearch = ' AND adatum ' . $_POST['alterart'] . ' '; $addsearch .= time() - (int) $_POST['altervalue'] * 86400; } else { if ($_POST['altervalue'] >= 1) { $addsearch = ' AND datum ' . $_POST['alterart'] . ' '; $addsearch .= time() - (int) $_POST['altervalue'] * 86400; } } if ($_POST['username'] == '') { if (strpos($_POST['stichwort'], ' AND ')) { foreach (explode(' AND ', $_POST['stichwort']) as $value) { @($suchstring .= ' AND &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\''); } $suchstring = '(' . substr($suchstring, 5) . ')'; } elseif (strpos($_POST['stichwort'], ' OR ')) { foreach (explode(' OR ', $_POST['stichwort']) as $value) { @($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\''); } $suchstring = '(' . substr($suchstring, 4) . ')'; } else { foreach (explode(' ', $_POST['stichwort']) as $value) { if ($value != '') { @($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\''); } } $suchstring = '(' . substr($suchstring, 4) . ')'; } } else { if (strpos($_POST['username'], ' AND ')) { foreach (explode(' AND ', $_POST['stichwort']) as $value) { @($suchstring .= ' AND (&feld& LIKE \'%' . mysql_real_escape_string($value) . '%\' OR &feld2& LIKE \'%' . mysql_real_escape_string($value) . '%\') '); } $suchstring = '(' . substr($suchstring, 5) . ')'; } elseif (strpos($_POST['username'], ' OR ')) { foreach (explode(' OR ', $_POST['stichwort']) as $value) { @($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\' OR &feld2& LIKE \'%' . mysql_real_escape_string($value) . '%\''); } $suchstring = '(' . substr($suchstring, 4) . ')'; } else { foreach (explode(' ', $_POST['username']) as $value) { if ($value != '') { @($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\' OR &feld2& LIKE \'%' . mysql_real_escape_string($value) . '%\''); } } $suchstring = '(' . substr($suchstring, 4) . ')'; } } if ($_POST['suchart'] == 1 and $_POST['username'] == '' and $_POST['viewas'] == 'comments') { $suchstring = str_replace('&feld&', 'comment', $suchstring); $sql = 'SELECT `tID`, `bID`, `comID`, com.userID, `postname`, `adatum`, `comment`, u1.username, `edits`, `editdatum`, `edituserID`, com.IP, `attachs`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, `lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`, `anhaenge`, `rating`, `ratingvotes`, a.boardparentID, a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname, u1.sex, u1.signatur, u1.country, comments, money, u1.avatar, u2.username as editfrom, lastklick as online FROM ' . DB_PRE . 'ecp_forum_comments as com LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (com.userID = u1.ID) LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (com.edituserID = u2.ID) LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (com.userID = ' . DB_PRE . 'ecp_user_stats.userID) LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = com.userID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY comID'; } elseif ($_POST['suchart'] == 1 and $_POST['username'] == '' and $_POST['viewas'] == 'topic') { $suchstring = str_replace('&feld&', 'comment', $suchstring); $sql = 'SELECT `threadID`, `bID`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, u1.username, u2.username as lastuserIDname, `lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`, `anhaenge`, `rating`, `ratingvotes`, a.boardparentID, a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname FROM ' . DB_PRE . 'ecp_forum_comments LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID) LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (vonID = u1.ID) LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (lastuserID = u2.ID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY threadID '; } elseif ($_POST['username'] == '') { $suchstring = str_replace('&feld&', 'threadname', $suchstring); $sql = 'SELECT `threadID`, `bID`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, u1.username, u2.username as lastuserIDname, `lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`, `anhaenge`, `rating`, `ratingvotes`, a.boardparentID, a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname FROM ' . DB_PRE . 'ecp_forum_threads AS c LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (vonID = u1.ID) LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (lastuserID = u2.ID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY threadID'; } if ($_POST['usersuchart'] == 1 and $_POST['username'] != '') { $suchstring = str_replace(array('&feld&', '&feld2&'), array('u1.username', 'postname'), $suchstring); $sql = 'SELECT `tID`, `bID`, `comID`, com.userID, `postname`, `adatum`, `comment`, u1.username, `edits`, `editdatum`, `edituserID`, com.IP, `attachs`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, `lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`, `anhaenge`, `rating`, `ratingvotes`, a.boardparentID, a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname, u1.sex, u1.signatur, u1.country, comments, money, u1.avatar, u2.username as editfrom, lastklick as online FROM ' . DB_PRE . 'ecp_forum_comments as com LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (com.userID = u1.ID) LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (com.edituserID = u2.ID) LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (com.userID = ' . DB_PRE . 'ecp_user_stats.userID) LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = com.userID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY comID'; } elseif ($_POST['username'] != '') { $suchstring = str_replace(array('&feld&', '&feld2&'), array('u1.username', 'vonname'), $suchstring); $sql = 'SELECT `threadID`, `bID`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, u1.username, u2.username as lastuserIDname, `lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`, `anhaenge`, `rating`, `ratingvotes`, a.boardparentID, a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname FROM ' . DB_PRE . 'ecp_forum_threads AS c LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (vonID = u1.ID) LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (lastuserID = u2.ID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY threadID'; } $db->query($sql); if ($db->num_rows()) { if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_search (`userID`, `IP`, `SID`, `datum`, `stichwort`, `suchart`, `fromusername`, `usersuchart`, `foren`, `alterart`, `altervalue`, `sortart`, `sortorder`, `sqlquery`, viewas) VALUES ( %d, \'%s\', \'%s\', %d, \'%s\', %d, \'%s\', %d, \'%s\', \'%s\', %d, \'%s\', \'%s\', \'%s\', \'%s\' )', @$_SESSION['userID'], strsave($_SERVER['REMOTE_ADDR']), session_id(), time(), strsave($_POST['stichwort']), (int) $_POST['suchart'], strsave($_POST['username']), (int) $_POST['usersuchart'], strsave(substr(@$boardids, 1)), strsave($_POST['alterart']), (int) $_POST['altervalue'], strsave($_POST['sortart']), strsave($_POST['sortorder']), strsave($sql), $_POST['viewas'] == 'topic' ? 'topic' : 'comments'))) { header1('?section=forum&action=searchresults&id=' . $db->last_id()); } } else { table(ERROR, FORUM_SEARCH_NO_RESULTS); unset($_POST['submit']); forum_search(0); } } } } else { $tpl = new smarty(); $db->query('SELECT `boardID`, `boardparentID`, `name`, `isforum` FROM ' . DB_PRE . 'ecp_forum_boards WHERE rightsread = "" OR ' . str_replace('access', 'rightsread', $_SESSION['access_search']) . ' ORDER BY boardparentID, posi ASC'); $boards = array(); while ($row = $db->fetch_assoc()) { if ($row['isforum'] == 0 or $row['boardparentID'] == 0) { $boards[$row['boardID']]['name'] = $row['name']; $boards[$row['boardID']]['isforum'] = $row['isforum']; } else { $boards[$row['boardparentID']]['subs'][$row['boardID']]['name'] = $row['name']; } } $links = ''; foreach ($boards as $key => $value) { $links .= '<option ' . (@$_GET['boardID'] == $key ? 'selected="selected"' : '') . 'value="' . $key . ($value['isforum'] == 1 ? '' : '_sub') . '">-' . $value['name'] . '</option>'; if (isset($value['subs'])) { foreach ($value['subs'] as $key1 => $value1) { $links .= '<option ' . (@$_GET['boardID'] == $key1 ? 'selected="selected"' : '') . 'value="' . $key1 . '">|- ' . $value1['name'] . '</option>'; } } } $tpl->assign('foren', $links); $tpl->assign('path', '<a href="?section=forum">' . FORUM . '</a> <img src="templates/' . DESIGN . '/images/pfeil_o.gif" alt="" /> ' . SEARCH); ob_start(); $tpl->display(DESIGN . '/tpl/forum/board_head.html'); $tpl->display(DESIGN . '/tpl/forum/search.html'); echo '</div>'; $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_SEARCH, $content, '', 1); } } }
function admin_database() { global $db; if (@$_SESSION['rights']['admin']['database']['backup'] or @$_SESSION['rights']['superadmin']) { if (isset($_POST['submit'])) { if (isset($_POST['backup_aktiv'])) { if (!check_email($_POST['backup_email'])) { table(ERROR, WRONG_EMAIL); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/database_backup.html'); $content = ob_get_contents(); ob_end_clean(); main_content(DATABASE_BACKUP, $content, '', 1); } else { switch ($_POST['backup_cycle']) { case 'day': $cycle = 'day'; break; case 'week': $cycle = 'week'; break; case 'month': $cycle = 'month'; break; default: $cycle = 'week'; } if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 1, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) { header1('?section=admin&site=database'); } } } else { switch ($_POST['backup_cycle']) { case 'day': $cycle = 'day'; break; case 'week': $cycle = 'week'; break; case 'month': $cycle = 'month'; break; default: $cycle = 'week'; } if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 0, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) { header1('?section=admin&site=database'); } } } else { $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/database_backup.html'); $content = ob_get_contents(); ob_end_clean(); main_content(DATABASE_BACKUP, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
function account_new_msg() { global $db; if (isset($_POST['submit'])) { if ($_POST['message'] == '' or $_POST['username'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/account/message_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(MESSAGE_NEW, $content, '', 1); } else { $id = $db->result(DB_PRE . 'ecp_user', 'ID', 'username = \'' . strsave($_POST['username']) . '\''); $last = @$db->result(DB_PRE . 'ecp_messages', 'datum', 'touser = '******' AND fromuser = '******'userID']); if ($last + SPAM_MESSAGE > time()) { table(SPAM_PROTECTION, str_replace(array('{sek}', '{zeit}'), array(SPAM_MESSAGE, $last + SPAM_MESSAGE - time()), SPAM_PROTECTION_MSG)); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/account/message_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(MESSAGE_NEW, $content, '', 1); } else { if ($id == $_SESSION['userID']) { table(ERROR, MSG_NOT_TO_YOURSELF); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/account/message_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(MESSAGE_NEW, $content, '', 1); } elseif ($id and message_send($id, $_SESSION['userID'], $_POST['title'], $_POST['message'])) { table(INFO, MSG_SUCCESS_SEND); account_msgbox(); } else { table(ERROR, USER_NOT_FOUND); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/account/message_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(MESSAGE_NEW, $content, '', 1); } } } } else { $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/account/message_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(MESSAGE_NEW, $content, '', 1); } }
function admin_survey_edit($id) { ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['awards']['edit'] or @$_SESSION['rights']['superadmin']) { global $db; $db->setMode(0); if ($_POST['frage'] == '' or !strtotime($_POST['start']) or !strtotime($_POST['ende']) or $_POST['sperre'] == '' or (int) $_POST['antworten'] < 1 or !count($_POST['rights']) or count($_POST) < 8) { echo NOT_NEED_ALL_INPUTS; } elseif (strtotime($_POST['ende']) < strtotime($_POST['start'])) { echo SURVEY_START_BIG_END; } else { if (in_array('all', $_POST['rights'])) { $rights = ''; } else { $rights = ','; foreach ($_POST['rights'] as $key) { $rights .= (int) $key . ','; } } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_survey SET `start` = %d, `ende` = %d, `frage` = \'%s\', `antworten` =%d, `sperre` = %d, `access` = \'%s\' WHERE surveyID = %d', strtotime($_POST['start']), strtotime($_POST['ende']), strsave($_POST['frage']), (int) $_POST['antworten'], (int) $_POST['sperre'] * (int) $_POST['multi'], strsave($rights), $id); if ($db->query($sql)) { foreach ($_POST as $key => $value) { if (strpos($key, 'answer_') !== false and $value != '') { if (strpos($key, '_old_')) { $nr = substr($key, 11); $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_survey_answers SET `answer` = \'%s\', votes = %d WHERE sID = %d AND answerID = %d', strsave($value), (int) $_POST['votes_' . $nr], $id, (int) $nr)); } else { $db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_survey_answers (`sID`, `answer`) VALUES (%d, \'%s\')', $id, strsave($value))); } } } echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_newsletter() { global $db; if (isset($_POST['submit'])) { if (count(@$_POST['user']) == 0) { table(ERROR, NEWSLETTER_ONE_USER); $tpl = new smarty(); $tpl->assign('options', get_user_newsletter()); $tpl->assign('titel', $_POST['titel']); $tpl->assign('art', $_POST['art']); ob_start(); $tpl->display(DESIGN . '/tpl/admin/rundmail.html'); $content = ob_get_contents(); ob_end_clean(); main_content(NEWSLETTER, $content, '', 1); } elseif ($_POST['message'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); $tpl->assign('options', get_user_newsletter()); $tpl->assign('titel', $_POST['titel']); $tpl->assign('art', $_POST['art']); ob_start(); $tpl->display(DESIGN . '/tpl/admin/rundmail.html'); $content = ob_get_contents(); ob_end_clean(); main_content(NEWSLETTER, $content, '', 1); } elseif ($_POST['titel'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); $tpl->assign('options', get_user_newsletter()); $tpl->assign('titel', $_POST['titel']); $tpl->assign('art', $_POST['art']); ob_start(); $tpl->display(DESIGN . '/tpl/admin/rundmail.html'); $content = ob_get_contents(); ob_end_clean(); main_content(NEWSLETTER, $content, '', 1); } else { $user = array(); if (in_array('all_users', $_POST['user'])) { $result = $db->query('SELECT username, ID, email FROM ' . DB_PRE . 'ecp_user'); while ($row = mysql_fetch_assoc($result)) { $user[$row['ID']]['username'] = $row['username']; $user[$row['ID']]['email'] = $row['email']; } } else { foreach ($_POST['user'] as $value) { if (strlen((int) $value) == strlen($value)) { $row = $db->fetch_assoc('SELECT username, email FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $value); $user[$value]['username'] = $row['username']; $user[$value]['email'] = $row['email']; } elseif (strpos($value, 'team_') === 0) { $subresult = $db->query('SELECT ' . DB_PRE . 'ecp_members.userID, username, email FROM ' . DB_PRE . 'ecp_members LEFT JOIN ' . DB_PRE . 'ecp_user ON (' . DB_PRE . 'ecp_members.userID = ' . DB_PRE . 'ecp_user.ID) WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1)); while ($row = mysql_fetch_assoc($subresult)) { $user[$row['userID']]['username'] = $row['username']; $user[$row['userID']]['email'] = $row['email']; } } elseif (strpos($value, 'group_') === 0) { $subresult = $db->query('SELECT ' . DB_PRE . 'ecp_user_groups.userID, username, email FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON (' . DB_PRE . 'ecp_user_groups.userID = ' . DB_PRE . 'ecp_user.ID) WHERE gID = ' . (int) substr($value, strpos($value, '_') + 1)); while ($row = mysql_fetch_assoc($subresult)) { $user[$row['userID']]['username'] = $row['username']; $user[$row['userID']]['email'] = $row['email']; } } } } $i = 0; $fehler = ''; $sender = ''; switch ($_POST['art']) { case 'message': foreach ($user as $key => $value) { if (message_send($key, $_SESSION['userID'], $_POST['titel'], strsave(str_replace(array('{username}', "\r\n"), array($value['username'], '<br />'), $_POST['message'])), 0, 1)) { $i++; $sender .= '<a href="?section=user&id=' . $key . '" target="_blank">' . $value['username'] . '</a>, '; } } break; case 'mail': foreach ($user as $key => $value) { if (send_email($value['email'], $_POST['titel'], str_replace('{username}', $value['username'], $_POST['message']), 0)) { $i++; $sender .= '<a href="?section=user&id=' . $key . '" target="_blank">' . $value['username'] . '</a>, '; } else { $fehler .= str_replace('{username}', $value['username'], NEWSLETTER_NOT_SEND); } } break; case 'both': foreach ($user as $key => $value) { if (send_email($value['email'], $_POST['titel'], str_replace('{username}', $value['username'], $_POST['message']))) { if (message_send($key, $_SESSION['userID'], $_POST['titel'], strsave(str_replace(array('{username}', "\r\n"), array($value['username'], '<br />'), $_POST['message'])), 0, 1)) { $i++; $sender .= '<a href="?section=user&id=' . $key . '" target="_blank">' . $value['username'] . '</a>, '; } else { $fehler .= str_replace('{username}', $value['username'], NEWSLETTER_NOT_SEND); } } else { $fehler .= str_replace('{username}', $value['username'], NEWSLETTER_NOT_SEND); } } break; } if (strlen($fehler)) { table(ERROR, $fehler); } else { table(INFO, str_replace('{anzahl}', $i, NEWSLETTER_SUCCESS) . '<br />' . NEWSLETTER_RECEIVER . rtrim($sender, ', ')); } } } else { $tpl = new smarty(); $tpl->assign('options', get_user_newsletter()); ob_start(); $tpl->display(DESIGN . '/tpl/admin/rundmail.html'); $content = ob_get_contents(); ob_end_clean(); main_content(NEWSLETTER, $content, '', 1); } }
function clanwars() { global $db, $countries; ob_start(); $tpl = new smarty(); $tpl->assign('win', 0); $tpl->assign('draw', 0); $tpl->assign('loss', 0); $tpl->assign('games', get_games_form((int) @$_GET['gameID'])); $tpl->assign('teams', get_teams_form((int) @$_GET['teamID'])); $tpl->assign('matchtypes', get_matchtype_form((int) @$_GET['matchtypeID'])); $tpl->assign('xonx', get_xonx_form(@$_GET['xonx'])); if (@$_GET['gameID']) { $where = ' AND gID = ' . (int) $_GET['gameID']; } else { $_GET['gameID'] = 0; } if (@$_GET['teamID']) { @($where .= ' AND ' . DB_PRE . 'ecp_wars.tID = ' . (int) $_GET['teamID']); } else { $_GET['teamID'] = 0; } if (@$_GET['matchtypeID']) { @($where .= ' AND mID = ' . (int) $_GET['matchtypeID']); } else { $_GET['matchtypeID'] = 0; } if (@$_GET['xonx']) { @($where .= ' AND xonx = \'' . strsave($_GET['xonx']) . '\''); } switch (@$_GET['sortby']) { case 'opp': $orderby = ' oppname '; break; case 'matchtype': $orderby = ' matchtypename '; break; case 'team': $orderby = ' tname '; break; default: $orderby = DB_PRE . 'ecp_wars.datum '; } switch (@$_GET['art']) { case 'asc': $orderby .= 'ASC '; break; default: $orderby .= 'DESC '; } $db->query('SELECT COUNT(result) as val, result FROM ' . DB_PRE . 'ecp_wars WHERE status = 1 ' . @$where . ' GROUP BY result'); while ($row = $db->fetch_assoc()) { $tpl->assign($row['result'], $row['val']); @($gesamt += $row['val']); } $tpl->assign('anzahl', (int) @$gesamt); if ((int) @$gesamt) { ob_start(); $limit = get_sql_limit($gesamt, LIMIT_CLANWARS); $db->query('SELECT `warID`, ' . DB_PRE . 'ecp_wars.datum, `result`, `resultscore`, `tname`, `oppname`, `country`, ' . DB_PRE . 'ecp_wars_opp.homepage, `icon`, `gamename`, `matchtypename`, COUNT(comID) as comments FROM ' . DB_PRE . 'ecp_wars LEFT JOIN ' . DB_PRE . 'ecp_teams ON ' . DB_PRE . 'ecp_teams.tID = ' . DB_PRE . 'ecp_wars.tID LEFT JOIN ' . DB_PRE . 'ecp_wars_games ON gID = gameID LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON oID = oppID LEFT JOIN ' . DB_PRE . 'ecp_wars_matchtype ON mID = matchtypeID LEFT JOIN ' . DB_PRE . 'ecp_comments ON (subID = warID AND bereich = "clanwars") WHERE status = 1 ' . @$where . ' GROUP BY warID ORDER BY ' . $orderby . ' LIMIT ' . $limit[1] . ',' . LIMIT_CLANWARS); $clanwars = array(); while ($row = $db->fetch_assoc()) { $row['datum'] = date('d.m.y', $row['datum']); $row['countryname'] = $countries[$row['country']]; $clanwars[] = $row; } $tplcw = new smarty(); if ($limit[0] > 1) { $tplcw->assign('seiten', makepagelink_ajax('?section=clanwars&gameID=' . $_GET['gameID'] . '&teamID=' . $_GET['teamID'] . '&matchtypeID=' . $_GET['matchtypeID'] . '&xonx=' . $_GET['xonx'] . '&sortby=' . $_GET['sortby'] . '&art=' . $_GET['art'] . '', 'return load_wars(' . $_GET['gameID'] . ', ' . $_GET['teamID'] . ', ' . $_GET['matchtypeID'] . ', \'' . $_GET['xonx'] . '\', \'' . $_GET['sortby'] . '\', \'' . $_GET['art'] . '\', {nr});', @$_GET['page'], $limit[0])); } $tplcw->assign('clanwars', $clanwars); $tplcw->display(DESIGN . '/tpl/clanwars/overview.html'); $content = ob_get_contents(); ob_end_clean(); $tpl->assign('clanwars', @$content); } $tpl->display(DESIGN . '/tpl/clanwars/head.html'); $content = ob_get_contents(); ob_end_clean(); main_content(CLANWARS, $content, '', 1); }
function menu_copy($new) { if (@$_SESSION['rights']['admin']['menu']['copy'] or @$_SESSION['rights']['superadmin']) { if (is_dir('templates/' . $new)) { global $db; $result = $db->query('SELECT * FROM ' . DB_PRE . 'ecp_menu WHERE design = \'' . DESIGN . '\''); while ($row = mysql_fetch_assoc($result)) { $db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_menu (`name`, `headline`, `inhalt`, `hposi`, `vposi`, `usetpl`, `design`, `access`, `lang`, `modul`) VALUES (\'%s\', \'%s\', \'%s\', \'%s\', %d, %d, \'%s\', \'%s\', \'%s\', \'%s\')', strsave($row['name']), strsave($row['headline']), strsave($row['inhalt']), strsave($row['hposi']), strsave($row['vposi']), strsave($row['usetpl']), strsave($new), strsave($row['access']), strsave($row['lang']), strsave($row['modul']))); } if (!$db->errorNum()) { table(INFO, MENU_COPY_SUCCESS); } } else { table(ERROR, FILE_NOT_FOUND); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
function admin_news_edit($id) { global $db, $groups, $language_array; if (isset($_POST['submit'])) { if ($_POST['headline'] == '' or (int) $_POST['topic'] == 0 or $_POST['bodytext'] == '') { $tpl = new smarty(); $links = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'ink_')) { $nr = substr($key, strpos($key, '_') + 1); $links[$nr]['link'] = $value; } elseif (strpos($key, 'rl_')) { $nr = substr($key, strpos($key, '_') + 1); $links[$nr]['url'] = check_url($value); } else { $tpl->assign($key, $value); } } $tpl->assign('links', $links); $db->query('SELECT tID, topicname FROM ' . DB_PRE . 'ecp_topics ORDER by topicname ASC'); $topics = ''; while ($row = $db->fetch_assoc()) { $_POST['topic'] == $row['tID'] ? $sub = ' selected="selected"' : ($sub = ''); $topics .= '<option' . $sub . ' value="' . $row['tID'] . '">' . $row['topicname'] . '</option>'; } $tpl->assign('topics', $topics); $db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC'); in_array('all', $_POST['rights']) ? $rights = '<option value="all" selected="selected">' . ALL . '</option>' : ($rights = '<option value="all">' . ALL . '</option>'); while ($row = $db->fetch_assoc()) { in_array($row['groupID'], $_POST['rights']) ? $sub = ' selected="selected"' : ($sub = ''); if (isset($groups[$row['name']])) { $row['name'] = $groups[$row['name']]; } $rights .= '<option' . $sub . ' value="' . $row['groupID'] . '">' . $row['name'] . '</option>'; } $files = scan_dir('inc/language', true); in_array('all', $_POST['rights']) ? $languages = '<option value="all" selected="selected">' . ALL . '</option>' : ($languages = '<option value="all">' . ALL . '</option>'); foreach ($files as $lang) { if (strpos($lang, '.php')) { $lang = substr($lang, 0, strpos($lang, '.')); in_array($lang, $_POST['languages']) ? $sub = ' selected="selected"' : ($sub = ''); @($languages .= '<option' . $sub . ' value="' . $lang . '">' . @$language_array[$lang] . '</option>'); } } $tpl->assign('rights', $rights); $tpl->assign('topics', $topics); $tpl->assign('languages', $languages); ob_start(); $tpl->display(DESIGN . '/tpl/admin/news_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(ADMIN_NEWS_ADD, $content, '', 1); } else { if (in_array('all', $_POST['rights'])) { $rights = ''; } else { $rights = ','; foreach ($_POST['rights'] as $key) { $rights .= (int) $key . ','; } } if (in_array('all', $_POST['languages'])) { $lang = ''; } else { $lang = ',' . implode(',', $_POST['languages']) . ','; } $zeit = strtotime($_POST['datum']); if ($zeit == 0) { $zeit = time(); } $i = 0; while (isset($_POST['link_' . $i])) { if ($_POST['link_' . $i] != '' and $_POST['url_' . $i] != '') { @($links .= '[URL=' . check_url($_POST['url_' . $i] . ']' . $_POST['link_' . $i] . '[/URL]')); } $i++; } $sql = 'UPDATE ' . DB_PRE . 'ecp_news SET `topicID` = ' . (int) $_POST['topic'] . ', `access` = \'' . $rights . '\', `lang` = \'' . strsave($lang) . '\', `datum` = ' . $zeit . ', `headline` = \'' . strsave($_POST['headline']) . '\', `bodytext` = \'' . strsave($_POST['bodytext']) . '\', `extendtext` = \'' . strsave($_POST['extendtext']) . '\', `links` = \'' . strsave(@$links) . '\' WHERE newsID = ' . $id . ';'; if ($db->query($sql)) { header1('?section=admin&site=news'); } } } else { $news = $db->fetch_assoc('SELECT `topicID`, `access`, `lang`, `datum`, `headline`, `bodytext`, `extendtext`, `links` FROM `' . DB_PRE . 'ecp_news` WHERE newsID = ' . $id); if (is_array($news)) { $tpl = new smarty(); $news['datum'] = date('Y-m-d H:i:s', $news['datum']); $db->query('SELECT tID, topicname FROM ' . DB_PRE . 'ecp_topics ORDER by topicname ASC'); $topics = ''; while ($row = $db->fetch_assoc()) { $news['topicID'] == $row['tID'] ? $sub = ' selected="selected"' : ($sub = ''); $topics .= '<option' . $sub . ' value="' . $row['tID'] . '">' . $row['topicname'] . '</option>'; } $tpl->assign('topics', $topics); $db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC'); if ($news['access'] == '') { $rights = '<option value="all" selected="selected">' . ALL . '</option>'; $rechte = array(); } else { $rechte = explode(',', substr($news['access'], 1, strlen($news['access']) - 1)); $rights = '<option value="all">' . ALL . '</option>'; } while ($row = $db->fetch_assoc()) { in_array($row['groupID'], $rechte) ? $sub = ' selected="selected"' : ($sub = ''); if (isset($groups[$row['name']])) { $row['name'] = $groups[$row['name']]; } $rights .= '<option' . $sub . ' value="' . $row['groupID'] . '">' . $row['name'] . '</option>'; } $files = scan_dir('inc/language', true); if ($news['lang'] == '') { $languages = '<option value="all" selected="selected">' . ALL . '</option>'; $lang1 = array(); } else { $lang1 = explode(',', substr($news['lang'], 1, strlen($news['lang']) - 1)); $languages = '<option value="all">' . ALL . '</option>'; } foreach ($files as $lang) { if (strpos($lang, '.php')) { $lang = substr($lang, 0, strpos($lang, '.')); in_array($lang, $lang1) ? $sub = ' selected="selected"' : ($sub = ''); @($languages .= '<option' . $sub . ' value="' . $lang . '">' . @$language_array[$lang] . '</option>'); } } if ($news['links'] == '') { $links = array(0); } else { preg_match_all('#\\[URL=(.*)\\](.*)\\[/URL\\]#Uis', $news['links'], $spe); for ($i = 0; $i < count($spe[1]); $i++) { $links[$i]['url'] = $spe[1][$i]; $links[$i]['link'] = $spe[2][$i]; } } foreach ($news as $key => $value) { $tpl->assign($key, $value); } $tpl->assign('links', $links); $tpl->assign('rights', $rights); $tpl->assign('topics', $topics); $tpl->assign('languages', $languages); ob_start(); $tpl->display(DESIGN . '/tpl/admin/news_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(ADMIN_NEWS_ADD, $content, '', 1); } else { table(ERROR, NO_ENTRIES); } } }
$db->query('SELECT wohnort, country, username, user_pic, koord, ID FROM ' . DB_PRE . 'ecp_user WHERE koord = "' . $row['koord'] . '" ORDER BY ID ASC'); $html = ''; $anzahl = 0; while ($subrow = $db->fetch_assoc()) { $html .= ($anzahl != 0 ? '<hr />' : '') . '<img src="images/flaggen/' . $subrow['country'] . '.gif" /> <strong><a href="?section=user&id=' . $subrow['ID'] . '" target="_blank">' . $subrow['username'] . '</a></strong><br />' . $subrow['wohnort'] . '<br /><img src="' . ($subrow['user_pic'] != '' ? 'images/user/' . $subrow['ID'] . '_' . $subrow['user_pic'] : 'templates/' . DESIGN . '/images/nopic.png') . '" alt="" title="' . strsave($subrow['username']) . '" style="max-width: 150px" />'; $anzahl++; if ($subrow['user_pic'] != '') { $bilder[] = 'images/user/' . $subrow['ID'] . '_' . $subrow['user_pic']; } } $koord = explode(',', $row['koord']); $api->addGeoPoint((double) $koord['0'], (double) $koord['1'], $html, isset($first) ? false : true); $first = false; } else { $koord = explode(',', $row['koord']); $api->addGeoPoint((double) $koord['0'], (double) $koord['1'], '<img src="images/flaggen/' . $row['country'] . '.gif" /> <strong><a href="?section=user&id=' . $row['ID'] . '" target="_blank">' . $row['username'] . '</a></strong><br />' . $row['wohnort'] . '<br /><img src="' . ($row['user_pic'] != '' ? 'images/user/' . $row['ID'] . '_' . $row['user_pic'] : 'templates/' . DESIGN . '/images/nopic.png') . '" alt="" title="' . strsave($row['username']) . '" style="max-width: 150px" />', isset($first) ? false : true); if ($row['user_pic'] != '') { $bilder[] = 'images/user/' . $row['ID'] . '_' . $row['user_pic']; } $first = false; } } ob_start(); echo $api->getHeadCode() . '<script type="text/javascript"> window.addEvents({ "domready" : function() { var info = new Element(\'div\', { \'id\': \'map_info\', \'html\': \'<div class="tip-top"><div class="tip"><div id="map_tip" class="tip-text"></div></div><div class="tip-bottom"></div></div>\', \'styles\': { \'display\': \'none\',
function admin_ranks_edit($id) { ob_end_clean(); global $db; if (!isset($_SESSION['rights']['admin']['ranks']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { $db->setMode(0); ajax_convert_array($_POST); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_ranks SET `rankname` = \'%s\',`abposts` = %d,`fest` = %d, money = %f WHERE rankID = %d', strsave($_POST['rankname']), (int) @$_POST['abposts'], (int) @$_POST['fest'], (double) str_replace(',', '.', @$_POST['money']), $id); if ($db->query($sql)) { echo 'ok'; update_all_ranks(); } } die; }
function admin_forum_edit($id) { global $db; if (@$_SESSION['rights']['admin']['forum']['edit'] or @$_SESSION['rights']['superadmin']) { if (isset($_POST['submit'])) { if ($_POST['name'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `boardparentID` = %d, `name` = \'%s\', `beschreibung` = \'%s\', `closed` = %d, `attachments` = %d, `attachmaxsize` = %d, `rightsread` = \'%s\', `threadopen` = \'%s\', `postcom` = \'%s\', `editcom` = \'%s\', `startsurvey` = \'%s\', `votesurvey` = \'%s\', `attachfiles` = \'%s\', `downloadattch` = \'%s\', `threadclose` = \'%s\', `threaddel` = \'%s\', `threadmove` = \'%s\', `threadpin` = \'%s\', `editmocom` = \'%s\', `delcom` = \'%s\', `commentsperpost` = %d, `moneyperpost` = %f WHERE boardID = %d', $_POST['boardparentID'], strsave($_POST['name']), strsave($_POST['beschreibung']), $_POST['closed'], $_POST['attachments'], $_POST['attachmaxsize'] * $_POST['modifkator'], admin_make_rights($_POST['rightsread']), admin_make_rights($_POST['threadopen']), admin_make_rights($_POST['postcom']), admin_make_rights($_POST['editcom']), admin_make_rights($_POST['startsurvey']), admin_make_rights($_POST['votesurvey']), admin_make_rights($_POST['attachfiles']), admin_make_rights($_POST['downloadattch']), admin_make_rights($_POST['threadclose']), admin_make_rights($_POST['threaddel']), admin_make_rights($_POST['threadmove']), admin_make_rights($_POST['threadpin']), admin_make_rights($_POST['editmocom']), admin_make_rights($_POST['delcom']), $_POST['commentsperpost'], str_replace(',', '.', $_POST['moneyperpost']), $id); if ($db->query($sql)) { header1('?section=admin&site=forum'); } } } else { $tpl = new smarty(); $boardinfos = $db->fetch_assoc('SELECT `boardparentID`, `beschreibung`, `name`, `isforum`, `closed`, `commentsperpost`, `moneyperpost`, `attachments`, `attachmaxsize`, `rightsread`, `threadopen`, `postcom`, `editcom`, `startsurvey`, `votesurvey`, `attachfiles`, `downloadattch`, `threadclose`, `threaddel`, `threadmove`, `threadpin`, `editmocom`, `delcom` FROM ' . DB_PRE . 'ecp_forum_boards WHERE boardID = ' . $id); $tpl->assign('beschreibung', $boardinfos['beschreibung']); $tpl->assign('isforum', $boardinfos['isforum']); $tpl->assign('closed', $boardinfos['closed']); $tpl->assign('commentsperpost', $boardinfos['commentsperpost']); $tpl->assign('moneyperpost', $boardinfos['moneyperpost']); $tpl->assign('attachments', $boardinfos['attachments']); $tpl->assign('attachmaxsize', $boardinfos['attachmaxsize']); $tpl->assign('name', $boardinfos['name']); $db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC'); $gruppen = array(); while ($row = $db->fetch_assoc()) { $gruppen[] = $row; } $db->query('SELECT boardID, name FROM ' . DB_PRE . 'ecp_forum_boards WHERE isforum = 0 ORDER BY name ASC'); $boards = ''; while ($row = $db->fetch_assoc()) { $boards .= '<option ' . ($boardinfos['boardparentID'] == $row['boardID'] ? 'selected="selected" ' : '') . 'value="' . $row['boardID'] . '">' . $row['name'] . '</option>'; } $tpl->assign('boards', $boards); $tpl->assign('rightsread', forum_make_rights($gruppen, explode(',', substr($boardinfos['rightsread'], 1, strlen($boardinfos['rightsread']) - 2)))); $tpl->assign('threadopen', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadopen'], 1, strlen($boardinfos['threadopen']) - 2)))); $tpl->assign('postcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['postcom'], 1, strlen($boardinfos['postcom']) - 2)))); $tpl->assign('editcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editcom'], 1, strlen($boardinfos['editcom']) - 2)))); $tpl->assign('startsurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['startsurvey'], 1, strlen($boardinfos['startsurvey']) - 2)))); $tpl->assign('votesurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['votesurvey'], 1, strlen($boardinfos['votesurvey']) - 2)))); $tpl->assign('attachfiles', forum_make_rights($gruppen, explode(',', substr($boardinfos['attachfiles'], 1, strlen($boardinfos['attachfiles']) - 2)))); $tpl->assign('downloadattch', forum_make_rights($gruppen, explode(',', substr($boardinfos['downloadattch'], 1, strlen($boardinfos['downloadattch']) - 2)))); $tpl->assign('threadclose', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadclose'], 1, strlen($boardinfos['threadclose']) - 2)))); $tpl->assign('threaddel', forum_make_rights($gruppen, explode(',', substr($boardinfos['threaddel'], 1, strlen($boardinfos['threaddel']) - 2)))); $tpl->assign('threadmove', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadmove'], 1, strlen($boardinfos['threadmove']) - 2)))); $tpl->assign('threadpin', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadpin'], 1, strlen($boardinfos['threadpin']) - 2)))); $tpl->assign('editmocom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editmocom'], 1, strlen($boardinfos['editmocom']) - 2)))); $tpl->assign('delcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['delcom'], 1, strlen($boardinfos['delcom']) - 2)))); $tpl->assign('url', 'edit&id=' . $id); ob_start(); $tpl->display(DESIGN . '/tpl/admin/forum_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_ADD, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
function delete_user($id) { global $db; if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID = ' . $id)) { $data = $db->fetch_assoc('SELECT username, avatar, user_pic FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $id); if ($data['avatar'] != '') { @unlink('images/avatar/' . $id . '_' . $data['avatar']); } if ($data['user_pic'] != '') { @unlink('images/avatar/' . $id . '_' . $data['user_pic']); } $username = $data['username']; $newid = $db->result(DB_PRE . 'ecp_user_groups', 'userID', 'gID = 1 AND userID != ' . $id . ' ORDER BY userID ASC'); if (!$newid) { $newid = 1; } $db->query('DELETE FROM ' . DB_PRE . 'ecp_buddy WHERE userID = ' . $id . ' OR buddyID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_clankasse_member WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_comments WHERE userID = ' . $id . ' OR (bereich = "user" AND subID = ' . $id . ')'); $db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_abo WHERE userID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET userID = 0 WHERE userID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET lastpostuser = \'' . strsave($username) . '\', lastpostuserID = 0 WHERE lastpostuserID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET vonname = \'' . strsave($username) . '\', vonID = 0 WHERE vonID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'' . strsave($username) . '\', userID = 0 WHERE userID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET lastusername = \'' . strsave($username) . '\', lastuserID = 0 WHERE lastuserID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_lotto_scheine WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_members WHERE userID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_news SET userID = ' . $newid . ' WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_online WHERE uID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_bans WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_codes WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_config WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_groups WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_lastvisits WHERE userID = ' . $id . ' OR visitID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_stats WHERE userID = ' . $id); $db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $id); if ($db->errorNum()) { return false; } else { return true; } } return true; }
function admin_games_map_edit($id) { global $db; $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['clanwars']['maps_edit'] or @$_SESSION['rights']['superadmin']) { if ($_POST['name'] == '' or !$_POST['gameid']) { echo NOT_NEED_ALL_INPUTS; } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_locations SET locationname = \'%s\', gID = %d WHERE locationID = %d', strsave($_POST['name']), $_POST['gameid'], $id))) { echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_downloads_kate_edit($id) { global $db; ob_end_clean(); ajax_convert_array($_POST); if ($_POST['kname'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_downloads_kate SET `subkID` = %d, `kname` = \'%s\', `beschreibung` = \'%s\', `access` = \'%s\' WHERE kID = %d', (int) $_POST['subID'], strsave($_POST['kname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id); $db->setMode(0); if ($db->query($sql)) { echo 'ok'; } } die; }
break; case 'find_user': if (@$_SESSION['rights']['admin']['user'] or @$_SESSION['rights']['superadmin']) { $tpl = new smarty(); switch ($_POST['suchart']) { case 'username': $result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE username LIKE "%' . strsave($_POST['suche']) . '%" ORDER BY username ASC'); break; case 'email': $result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE email LIKE "%' . strsave($_POST['suche']) . '%" ORDER BY username ASC'); break; case 'ID': $result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE ID = ' . (int) $_POST['suche'] . ' ORDER BY username ASC'); break; default: $result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE username LIKE "%' . strsave($_POST['suche']) . '%" ORDER BY username ASC'); } $user = array(); while ($row = mysql_fetch_assoc($result)) { $row['registerdate'] = date(SHORT_DATE, $row['registerdate']); $row['gruppen'] = array(); $db->query('SELECT gID, name FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_groups ON (gID = groupID) WHERE userID = ' . $row['ID'] . ' ORDER BY name ASC'); while ($sub = $db->fetch_assoc()) { array_key_exists($sub['name'], $groups) ? $sub['name'] = $groups[$sub['name']] : ''; $row['gruppen'][] = $sub; } $user[] = $row; } $tpl->assign('user', @$user); ob_start(); $tpl->display(DESIGN . '/tpl/admin/user_list.html');
header("Content-Encoding: gzip"); return gzencode($OutputHtml); } // This code has to be before any output from your site! // If output exists uncompressed HTML will be delivered! ob_start("obOutputHandler"); // ------------------------------------------------------------------------------------- // Datei einbinden die notwendige Files l�d include 'inc/include.php'; // Datei einbinden die Pr�fungen und Updates durchf�hrt include 'inc/checks.php'; // Index Datei laden und Platzhalter ersetzen $index = file_get_contents('templates/' . DESIGN . '/index.html'); $search = array('{title}', '{leftmenu}', '{rightmenu}', '{content}', '{javascript}', '{footer}', '{DESIGN}', 'style.css', '{langchanger}'); $replace = array(SITE_TITLE, '<?php echo $leftmenu; ?>', '<?php echo $rightmenu; ?>', '<?php show_content(); ?>', '<?php javascripts(); ?>', '<?php footer(); ?>', DESIGN, 'templates/' . DESIGN . '/style.css', '<?php lang_changer(); ?>'); $index = str_replace($search, $replace, $index); eval('?>' . $index); $db->query('UPDATE ' . DB_PRE . 'ecp_online SET SIDDATA = \'' . strsave(serialize($_SESSION)) . '\' WHERE SID = \'' . session_id() . '\' LIMIT 1'); print_r($_SESSION); /* echo '<br /><br />'; print_r($_COOKIE); print_r($_SERVER); /*$contentalt = ob_get_length(); $content = ob_gzhandler(ob_get_contents(), 1); echo goodsize(strlen($content)).' ALT: '.goodsize($contentalt);*/ //print_r($_COOKIE); // ------------------------------------------------------------------------------------- $EnableGZipEncoding = true; // ------------------------------------------------------------------------------------- $db->close();
if ($db->query($sql)) { $id = $db->last_id(); $result = $db->query('SELECT groupID FROM ' . DB_PRE . 'ecp_groups WHERE admin LIKE "%joinus:view%"'); $search = 'gID = 1 '; while ($row = $db->fetch_assoc()) { $search .= 'OR gID = ' . $row['groupID']; } $result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search); $db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_JOINUS"'); $text = array(); while ($row = $db->fetch_assoc()) { $text[$row['lang']] = $row; } while ($row = mysql_fetch_assoc($result)) { $search = array('{username}', '{from_username}', '{id}'); $replace = array(strsave($row['username']), strsave(htmlspecialchars($_POST['username'])), $id); if (!isset($text[$row['country']])) { $row['country'] = 'de'; } message_send($row['userID'], 0, $text[$row['country']]['content2'], str_replace($search, $replace, $text[$row['country']]['content']), 0, 1); } unset($_SESSION['captcha']); table(INFO, JOINUS_SUCCESS); } } } else { $tpl = new smarty(); ob_start(); $tpl->assign('countries', form_country()); $tpl->assign('teams', get_teams_form_joinus()); $tpl->display(DESIGN . '/tpl/joinus/joinus.html');
function admin_smilies_edit($id) { ob_end_clean(); global $db; if (!isset($_SESSION['rights']['admin']['smilies']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { $db->setMode(0); ajax_convert_array($_POST); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_smilies SET `bedeutung` = \'%s\'WHERE ID = %d', strsave($_POST['bedeutung']), $id); if ($db->query($sql)) { echo 'ok'; } } die; }
function admin_user_add() { global $db; if (isset($_POST['submit'])) { if ($_POST['username'] == '') { $error[] = '<li>' . NO_USERNAME; } if (!check_email($_POST['email'])) { $error[] = '<li>' . WRONG_EMAIL; } if ($_POST['password1'] == '') { $error[] = '<li>' . NO_PASSWORD; } if ($_POST['password1'] != $_POST['password2']) { $error[] = '<li>' . DIFFERENT_PW; } if (strlen($_POST['password1']) < PW_MIN_LENGTH) { $error[] = '<li>' . SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1; } if ($_POST['username'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"')) { $error[] = '<li>' . ACCOUNT_ALLREADY_EXIST . ' ' . $_POST['username']; } if ($_POST['email'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_POST['email']) . '"')) { $error[] = '<li>' . EMAIL_ALLREADY_EXIST . ' ' . $_POST['email']; } if (@$_POST['sex'] != 'male' and @$_POST['sex'] != 'female') { $error[] = '<li>' . CHOOSE_SEX; } if (isset($error)) { table(ERROR, '<ul>' . implode('</li>', $error) . '</ul>'); $tpl = new smarty(); $tpl->assign('countries', form_country($_POST['country'])); ob_start(); $tpl->display(DESIGN . '/tpl/admin/user_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(REGISTER, $content, '', 1); } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_user (`username`, `email`, `passwort`, `status`, `registerdate`, country) VALUES (\'%s\', \'%s\', \'%s\', %d, %d, \'%s\');', strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), sha1($_POST['password1']), 1, time(), strsave($_POST['country'])); if ($db->query($sql)) { $userid = $db->last_id(); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_config (userID) VALUES (' . $userid . ')'); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_stats (userID) VALUES (' . $userid . ')'); update_rank($userid); // Aktivierungscode erstellen $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_groups (userID, gID) VALUES (' . $userid . ', 3)'); // Emailaktivierungstext aus DB holen und Wert einsetzen $row = $db->fetch_assoc('SELECT content, content2, options FROM ' . DB_PRE . 'ecp_texte WHERE lang = "' . LANGUAGE . '" AND name = "USER_ADD"'); $search = array('{username}', '{clanname}', '{pageurl}', '{password}'); $replace = array($_POST['username'], CLAN_NAME, SITE_URL, $_POST['password1']); $row['content'] = str_replace($search, $replace, $row['content']); echo $row['content']; if (send_email($_POST['email'], $row['content2'], $row['content'], $row['options'])) { table(INFO, REGISTER_SUCCESS3); } else { table(INFO, NO_EMAIL_SEND2); } } } } else { $tpl = new smarty(); $tpl->assign('countries', form_country()); ob_start(); $tpl->display(DESIGN . '/tpl/admin/user_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(REGISTER, $content, '', 1); } }