<?php
require_once '../core/core.class.php';
$cms = new Core();
// Login user
$username = @$_POST["username"];
$password = @$_POST["password"];
if ($cms->Login($username, $password)) {
@session_start;
if (isset($_SESSION["lastpage"])) {
$lastpage = $_SESSION["lastpage"];
unset($_SESSION["lastpage"]);
if (stripos($lastpage, "login.php") !== FALSE || stripos($lastpage, "newpassword.php") !== FALSE || stripos($lastpage, "register.php") !== FALSE) {
$cms->Goto("home.php");
} else {
$cms->Goto($lastpage);
}
} else {
$cms->Goto("home.php");
}
} else {
$cms->Log("Login error. Wrong username (" . $username . ") or password.");
}
$cms->display('login.tpl');
<?php
require_once '../../core/core.class.php';
$core = new Core();
//Access control
if ($core->CurrentUser()->AccessRight() < 4) {
$core->Goto('../../php/access.php');
}
$action = @$_GET["action"];
if ($action == "payout") {
$names = $core->GetAllUserNames();
$opids = array();
foreach ($_POST as $key => $value) {
if (substr($key, 0, 2) == "op" && $value == "on") {
$opids[] = substr($key, 2);
}
}
if ($_POST["submit"] == "Reject") {
// Reject selected ops
$core->SQL("UPDATE operations_submissions SET Status=3, RejectReason='" . $core->SQLEscape($_POST["reject"]) . "' WHERE FIND_IN_SET(id, '" . implode(",", $opids) . "')");
// Send messages to op leaders
$result = $core->SQL("SELECT id, OpDate, Leader FROM operations_submissions WHERE FIND_IN_SET(id, '" . implode(",", $opids) . "')");
while ($row = mysql_fetch_assoc($result)) {
$id = $row["id"];
$date = date("Y-m-d", strtotime($row["OpDate"]));
$leader = $row["Leader"];
$text = "<p>Following operation submitted by you was rejected by " . $core->CurrentUser()->Name . ".</p>";
$text .= "<p><a href='../plugins/payoutview/index.php?view=" . $id . "'>View Rejected Operation</a></p>";
$text .= "<p><b>REASON:</b><br />" . $_POST["reject"] . "</p>";
$core->SendMail($date . " Operation Rejected", $text, $leader);
}
$pagecount = ceil($cms->MailBoxCount($isinbox, $folder) / 20);
if ($page > $pagecount - 1) {
$page = $pagecount - 1;
}
if ($page < 0) {
$page = 0;
}
$messages = $cms->ReadMailBox($isinbox, $folder, $page * 20, 20, $sort);
$cms->assign("messages", $messages);
$cms->assign("page", $page);
$cms->assign("pagecount", $pagecount);
} elseif ($action == "search") {
$query = @$_GET["query"];
$mailbox = @$_GET["mailbox"];
if (empty($query)) {
$cms->Goto("mail.php?action=" . $mailbox);
}
$isinbox = $mailbox == "inbox";
$messages = $cms->SearchMailBox($query, $isinbox, $folder);
$cms->assign("messages", $messages);
$cms->assign("mailbox", $mailbox);
$cms->assign("query", $query);
} elseif ($action == "compose" || $action == "reply" || $action == "replytoall" || $action == "forward") {
$names = $cms->GetAllUserNames();
$lists = array(-1 => "*Everyone*", -2 => "*Corporation Members*", -3 => "*Managers*", -4 => "*Directors and CEO*");
$cms->assign("names", $lists + $names);
if ($action == "reply" || $action == "replytoall" || $action == "forward") {
$message = $cms->ReadMail($message);
$subject = $message->Title;
$to = "";
$toid = "";
<?php
require_once '../../core/core.class.php';
$core = new Core();
//Access control
//if($core->CurrentUser()->AccessRight() < 1) $core->Goto('../../php/access.php');
if ($core->CurrentUser()->Name == "Guest") {
$core->Goto('../../php/access.php');
}
if ($core->CurrentUser()->AccessRight() == 0) {
$action = @$_GET["action"];
if (isset($_GET["show"])) {
$action = "show";
}
if (isset($_GET["delete"])) {
$action = "delete";
}
if (isset($_GET["deletecomment"])) {
$action = "user";
}
if (isset($_GET["search"])) {
$action = "user";
}
if (empty($action)) {
$action = "home";
}
} else {
$action = @$_GET["action"];
if (isset($_GET["show"])) {
$action = "show";
}
<?php
require_once '../core/core.class.php';
$cms = new Core();
if (!$cms->AccessCheck(User::EVE_Director, array(User::MDYN_CEO, User::MDYN_Administrator))) {
$cms->Goto("access.php");
}
$action = @$_GET["action"];
if (empty($action)) {
$action = "users";
}
$result = 0;
if (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) {
if (!isset($_POST["id"])) {
$note = $cms->ReadArticle($_GET["edit"]);
$_POST["id"] = $note->ID;
$_POST["title"] = $note->Title;
$_POST["text"] = $note->Text;
}
$cms->assign("id", @$_POST["id"]);
$cms->assign("title", @$_POST["title"]);
$cms->assign("text", @$_POST["text"]);
$action = "edit";
} elseif ($action == "editdone") {
if ($_POST["submit"] == "Save") {
if (empty($_POST["title"]) || empty($_POST["text"])) {
$action = "edit";
$result = 1;
$cms->assign("id", @$_POST["id"]);
$cms->assign("title", @$_POST["title"]);
$cms->assign("text", @$_POST["text"]);
<?php
require_once '../core/core.class.php';
$cms = new Core();
$ismoderator = $cms->CurrentUser()->HasPortalRole(User::MDYN_CEO) || $cms->CurrentUser()->HasPortalRole(User::MDYN_ForumModerator) || $cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator) || $cms->CurrentUser()->HasEVERole(User::EVE_Director) ? 1 : 0;
$cms->assign("ismoderator", $ismoderator);
$cms->assign("pagetitle", " | Forums");
if (isset($_GET["category"]) && is_numeric(@$_GET["category"])) {
$access = $cms->CanReadCategory($_GET["category"]);
if ($access == 0) {
$cms->Goto("access.php");
}
if ($access == 2) {
$cms->Goto("forums.php?getcategorypassword="******"category"]);
}
$page = 0;
if (isset($_GET["page"]) && is_numeric(@$_GET["page"])) {
$page = $_GET["page"] - 1;
}
$pagecount = floor($cms->ReadForumTopicCount($_GET["category"]) / 20) + 1;
if ($pagecount < 0) {
$pagecount = 0;
}
if ($page < 0) {
$page = 0;
}
if ($page > $pagecount - 1) {
$page = $pagecount - 1;
}
$cat = $cms->ReadForumCategory($_GET["category"]);
$topics = $cms->ReadForumTopics($_GET["category"], $page * 20);
<?php
require_once '../core/core.class.php';
$cms = new Core();
if (isset($_GET["delete"]) && is_numeric(@$_GET["delete"]) && $cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator)) {
$cms->CoreSQL("DELETE FROM feedback WHERE id=" . $_GET["delete"] . " LIMIT 1");
$cms->Goto("feedback.php");
} elseif ($cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator)) {
$feedbacks = array();
$result = $cms->CoreSQL("SELECT * FROM feedback");
while ($row = mysql_fetch_assoc($result)) {
$feedbacks[] = array($cms->SQLUnEscape($row["Name"]), $cms->SQLUnEscape($row["EMail"]), $cms->SQLUnEscape($row["APIUserID"]), $cms->SQLUnEscape($row["APIKey"]), $cms->SQLUnEscape($row["Notes"]), $row["id"], $cms->GMTToLocal($row["Date"]));
}
$cms->assign("feedbacks", $feedbacks);
} elseif (@$_GET["result"] == "1") {
$cms->assign("result", 1);
} elseif (@$_POST["submit"] == "Submit") {
$query = "INSERT INTO feedback (Date,Name,Email,APIUserID,APIKey,Notes) VALUES (";
$query .= "'" . $cms->GMTTime() . "',";
$query .= "'" . $cms->SQLEscape($_POST["name"]) . "',";
$query .= "'" . $cms->SQLEscape($_POST["email"]) . "',";
$query .= "'" . $cms->SQLEscape($_POST["apiuserid"]) . "',";
$query .= "'" . $cms->SQLEscape($_POST["apikey"]) . "',";
$query .= "'" . $cms->SQLEscape($_POST["notes"]) . "')";
$cms->CoreSQL($query);
$cms->Goto("feedback.php?result=1");
}
$cms->display('feedback.tpl');
$_POST["text"] = strip_tags($note->Text);
} else {
$_POST["text"] = $note->Text;
}
$action = "read";
} elseif ($action == "home") {
$titles = $cms->GetNotepadTitles();
$cms->assign("titles", $titles);
} elseif ($action == "newdone") {
if ($_POST["submit"] == "Save") {
if (empty($_POST["title"]) || empty($_POST["text"])) {
$action = "new";
$result = 1;
} else {
$cms->NewNotepad($_POST["title"], $_POST["text"]);
$cms->Goto("notepad.php");
}
} else {
$cms->Goto("notepad.php");
}
} elseif ($action == "editdone") {
if ($_POST["submit"] == "Save") {
if (empty($_POST["title"]) || empty($_POST["text"])) {
$action = "read";
$result = 1;
} else {
if (is_numeric($_POST["id"])) {
$cms->EditNotepad($_POST["id"], $_POST["title"], $_POST["text"]);
}
$cms->Goto("notepad.php");
}
} elseif (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) {
$note = $cms->ReadCalendarEntry($_GET["edit"]);
$_POST["id"] = $note->ID;
$_POST["title"] = $note->Title;
$_POST["text"] = $note->Text;
$_POST["readaccess"] = $note->ReadAccess;
$date = getdate(mktime(6, 0, 0, date("m"), date("d") + 1, date("Y")));
$_POST["cal_Year"] = $date["year"];
$_POST["cal_Month"] = $date["mon"];
$_POST["cal_Day"] = $date["mday"];
$_POST["cal_Hour"] = $date["hours"];
$_POST["cal_Minute"] = $date["minutes"];
$action = "edit";
} elseif (isset($_GET["delete"]) && is_numeric(@$_GET["delete"])) {
$cms->DeleteCalendarEntry($_GET["delete"]);
$cms->Goto("calendar.php");
} elseif (isset($_GET["signup"]) && is_numeric(@$_GET["signup"])) {
$cms->SignUpToCalendarEntry($_GET["signup"]);
$cms->Goto("calendar.php");
} elseif ($action == "new") {
$_POST["readaccess"] = 2;
$date = getdate(mktime(6, 0, 0, date("m"), date("d") + 1, date("Y")));
$_POST["cal_Year"] = $date["year"];
$_POST["cal_Month"] = $date["mon"];
$_POST["cal_Day"] = $date["mday"];
$_POST["cal_Hour"] = $date["hours"];
$_POST["cal_Minute"] = $date["minutes"];
} elseif ($action == "newdone") {
if ($_POST["submit"] == "Save") {
$date = $_POST["cal_Year"] . "-" . $_POST["cal_Month"] . "-" . $_POST["cal_Day"] . " " . $_POST["cal_Hour"] . ":" . $_POST["cal_Minute"] . ":00";
if (empty($_POST["title"]) || empty($_POST["text"])) {
<?php
require_once '../core/core.class.php';
$cms = new Core();
if (!$cms->AccessCheck(User::EVE_Director, array(User::MDYN_CEO, User::MDYN_Administrator, User::MDYN_Developer))) {
$cms->Goto("access.php");
}
$action = @$_GET["action"];
if (empty($action)) {
$action = "plugins";
}
$result = 0;
if (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) {
if (!isset($_POST["id"])) {
$plugin = $cms->ReadPlugIn($_GET["edit"]);
$_POST["id"] = $plugin->ID;
$_POST["title"] = $plugin->Title;
$_POST["releasecontrol"] = $plugin->Release;
$_POST["accesscontrol"] = $plugin->ReadAccess;
$_POST["showigb"] = $plugin->ShowIGB ? "on" : "";
$_POST["showadmin"] = $plugin->ShowAdmin ? "on" : "";
}
$cms->assign("id", @$_POST["id"]);
$cms->assign("title", @$_POST["title"]);
$cms->assign("releasecontrol", @$_POST["releasecontrol"]);
$cms->assign("accesscontrol", @$_POST["accesscontrol"]);
$cms->assign("showigb", @$_POST["showigb"]);
$cms->assign("showadmin", @$_POST["showadmin"]);
$action = "edit";
} elseif ($action == "editdone" && is_numeric(@$_POST["id"])) {
if ($_POST["submit"] == "Save") {
$_POST["text"] = $note->Text;
$_POST["readaccess"] = $note->ReadAccess;
$cms->assign("author", $note->AuthorName);
$cms->assign("date", $note->Date);
$cms->assign("editid", $isadmin == true || $cms->CurrentUser()->AccessRight() >= 4 || $note->Author == $cms->CurrentUser()->ID ? $note->ID : 0);
$action = "read";
} elseif (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) {
$note = $cms->ReadNewsItem($_GET["edit"]);
$_POST["id"] = $note->ID;
$_POST["title"] = $note->Title;
$_POST["text"] = $note->Text;
$_POST["readaccess"] = $note->ReadAccess;
$action = "edit";
} elseif (isset($_GET["delete"]) && is_numeric(@$_GET["delete"])) {
$cms->DeleteNewsItem($_GET["delete"]);
$cms->Goto("news.php");
} elseif ($action == "newdone") {
if ($_POST["submit"] == "Save") {
if (empty($_POST["title"]) || empty($_POST["text"])) {
$action = "new";
$result = 1;
} else {
$cms->InsertNewsItem($_POST["title"], $_POST["text"], $_POST["readaccess"]);
$cms->Goto("news.php");
}
} else {
$cms->Goto("news.php");
}
} elseif ($action == "editdone") {
if ($_POST["submit"] == "Save") {
if (empty($_POST["title"]) || empty($_POST["text"])) {
<?php
require_once '../../core/core.class.php';
$core = new Core();
//Access control
if ($core->CurrentUser()->AccessRight() < 4) {
$core->Goto('../../php/access.php');
}
// Variable of Current User & Misc
$portalid = $_GET["portalid"];
$templatepost = $_POST["template"];
$template = $_GET["template"];
$return = $_GET["return"];
$action = @$_GET["action"];
// Data Verification Checks and redirects
if (empty($action)) {
$action = "home";
}
if ($portalid == "" || empty($portalid) || $portalid < 0 || $core->CharacterIDExists($portalid) == "FALSE") {
$portalid = $core->CurrentUser()->ID;
}
if ($template == "" || empty($template) || $template < 0) {
$template = 0;
}
if ($templatepost == "" || empty($templatepost) || $templatepost < 0) {
$templatepost = 0;
}
if ($return == "" || empty($return) || $return < 0) {
$return = 0;
}
if ($action == "home") {
<?php
require_once '../core/core.class.php';
$cms = new Core();
if (!$cms->AccessCheck(User::EVE_Director, array(User::MDYN_CEO, User::MDYN_Administrator, User::MDYN_Developer))) {
$cms->Goto("access.php");
}
$action = @$_GET["action"];
if (empty($action)) {
$action = "cronjobs";
}
$result = 0;
$crontypes = array("Hourly at xx:00", "Hourly at xx:30", "Daily at 00:00 GMT", "Daily at 11:00 GMT", "Daily at 12:00 GMT", "Weekly on Mondays at 00:00 GMT", "Weekly on Wednesdays at 00:00 GMT", "Weekly on Fridays at 00:00 GMT", "Weekly on Saturdays at 00:00 GMT", "Weekly on Sundays at 00:00 GMT");
$cms->assign("crontypes", $crontypes);
if (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) {
if (!isset($_POST["id"])) {
$job = $cms->ReadCronJob($_GET["edit"]);
$_POST["id"] = $job->ID;
$_POST["title"] = $job->Title;
$_POST["type"] = $job->ScheduleType;
$_POST["source"] = $job->Source;
}
$cms->assign("id", @$_POST["id"]);
$cms->assign("title", @$_POST["title"]);
$cms->assign("type", @$_POST["type"]);
$cms->assign("source", @$_POST["source"]);
$action = "edit";
} elseif ($action == "editdone") {
if ($_POST["submit"] == "Save") {
if (empty($_POST["title"]) || empty($_POST["source"])) {
$action = "edit";
<?php
require_once '../core/core.class.php';
$cms = new Core();
$cms->Logout();
$cms->Goto("home.php");
exit;
$cms->assign("isadmin", $note->Author != $cms->CurrentUser()->ID ? 1 : 0);
$cms->assign("comments", $note->Comments);
$action = "read";
} elseif (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) {
$note = $cms->ReadArticle($_GET["edit"]);
$_POST["id"] = $note->ID;
$_POST["title"] = $note->Title;
$_POST["text"] = $note->Text;
$_POST["readaccess"] = $note->ReadAccess;
$_POST["writeaccess"] = $note->WriteAccess;
$action = "edit";
} elseif (isset($_GET["deletecomment"]) && is_numeric(@$_GET["deletecomment"])) {
$article = $_GET["article"];
$id = $_GET["deletecomment"];
$cms->DeleteArticleComment($id);
$cms->Goto("articles.php?read=" . $article);
} elseif (isset($_GET["postcomment"]) && is_numeric(@$_GET["postcomment"])) {
$article = $_GET["postcomment"];
$cms->assign("articleid", $article);
$action = "postcomment";
} elseif ($action == "home") {
$titles = $cms->GetArticleTitles();
$cms->assign("titles", $titles);
} elseif ($action == "newdone") {
if ($_POST["submit"] == "Save") {
if (empty($_POST["title"]) || empty($_POST["text"])) {
$action = "new";
$result = 1;
} else {
$cms->NewArticle($_POST["title"], $_POST["text"], $_POST["readaccess"], $_POST["writeaccess"]);
$cms->Goto("articles.php");
<?php
require_once '../../core/core.class.php';
$core = new Core();
//Access control
if ($core->CurrentUser()->AccessRight() < 2) {
$core->Goto('../../php/access.php');
}
$action = @$_GET["action"];
if (empty($action)) {
$action = "home";
}
$names = $core->GetAllUserNames();
$core->assign("names", $names);
if ($action == "times" || @$_POST["submit"] == "Add Player" || substr(@$_POST["submit"], 0, 13) == "Remove Player") {
$result = $core->SQL("SELECT Distinct `GroupID` FROM `operations_items` Order By `GroupID`");
while ($row = mysql_fetch_assoc($result)) {
$var = "group" . $row['GroupID'];
$core->assign($var, @$_POST[$var]);
$groupnumber[$row['GroupID']] = @$_POST["group" . $row['GroupID']];
}
$core->assign("groupnumber", $groupnumber);
$opdate = @$_POST["opdate"];
if (empty($opdate)) {
$opdate = gmdate("Y-m-d");
}
$core->assign("opdate", $opdate);
$count = @$_POST["count"];
$players = array();
if (empty($count)) {
$count = 0;
<?php
require_once '../../core/core.class.php';
$core = new Core();
//Access control
if ($core->CurrentUser()->AccessRight() < 1) {
$core->Goto('../../php/access.php');
}
$action = @$_GET["action"];
if (empty($action)) {
$action = "home";
}
if (isset($_GET["cancel"])) {
$action = "cancel";
}
if (isset($_GET["resubmit"])) {
$action = "resubmit";
}
if ($action == "home") {
$names = $core->GetAllUserNames();
$names[0] = "-";
if ($core->CurrentUser()->IsAlly) {
$result = $core->SQL("SELECT t1.id,t1.Date,t1.Count,t2.AlliancePrice AS Price,t1.Manager,t1.Status,t2.EveGraphicID,t2.GroupName,t2.Race,t2.Name FROM production_orders AS t1 INNER JOIN production_items AS t2 ON t1.Item=t2.id WHERE t1.Owner=" . $core->CurrentUser()->ID . " AND t1.IsDeleted=0 AND t1.Item!=0 AND t2.AlliancePrice!=0 ORDER BY t1.Date DESC LIMIT 50");
} else {
$result = $core->SQL("SELECT t1.id,t1.Date,t1.Count,t2.Price,t1.Manager,t1.Status,t2.EveGraphicID,t2.GroupName,t2.Race,t2.Name FROM production_orders AS t1 INNER JOIN production_items AS t2 ON t1.Item=t2.id WHERE t1.Owner=" . $core->CurrentUser()->ID . " AND t1.IsDeleted=0 AND t1.Item!=0 ORDER BY t1.Date DESC LIMIT 50");
}
$orders = array();
while ($row = mysql_fetch_assoc($result)) {
$orders[] = array("ID" => $row["id"], "Cost" => number_format($row["Count"] * $row["Price"], 0), "Manager" => $names[$row["Manager"]], "Status" => StatusName($row["Status"]), "StatusID" => $row["Status"], "Price" => $row["Price"], "EveGraphicID" => $row["EveGraphicID"], "GroupName" => $core->SQLUnEscape($row["GroupName"]), "Race" => $core->SQLUnEscape($row["Race"]), "Name" => $core->SQLUnEscape($row["Name"]), "Count" => $row["Count"], "Date" => $core->GMTToLocal($row["Date"]));
}
mysql_free_result($result);
