Ejemplo n.º 1
0
 static function mod_pg($pg)
 {
     $p = plugins::getinst();
     $user = $p->d->getrow('SELECT * FROM users WHERE name="' . $pg . '";');
     if ($user->account_id == $_SESSION['datiaccount']['id']) {
         $t = new template('template/mod_pg.tpl');
         $t->assign_var('PG_NAME', $pg);
         if ($_POST) {
             $query = 'UPDATE users SET description="' . $_POST['desc'] . '",image="' . $_POST['image'] . '" WHERE name="' . $pg . '";';
             $upd = $p->d->query($query);
             if (!$upd) {
                 $t->start_block('mod_failed');
                 $t->end_block('mod_failed');
             } else {
                 $t->start_block('mod_success');
                 $t->end_block('mod_success');
             }
         } else {
             $t->start_block('mod_failed');
             $t->end_block('mod_failed');
         }
         $p->action('mod_pg');
         $t->out();
     }
 }
Ejemplo n.º 2
0
 static function page_login()
 {
     $p = plugins::getinst();
     $t = new template('template/login.tpl');
     $t->assign_var('TITLE', 'Login Page');
     //Controllo che siano stati postati nome utente e password
     if (isset($_POST['username']) && isset($_POST['password'])) {
         $username = mysql_real_escape_string($_POST['username']);
         //Controllo che l'utente con la password scelta esista
         $dati = $p->d->getrow("SELECT * FROM accounts WHERE username='******' AND password='******'password']) . "';");
         if ($dati) {
             //Aggiorno le variabili di sessione per l'account
             $_SESSION['username'] = $username;
             $_SESSION['datiaccount'] = get_object_vars($dati);
             $_SESSION['stanza'] = 1;
             $_SESSION['password'] = $_POST['password'];
             //Controllo i dati di master e admin
             if ($dati->admin == 1) {
                 $_SESSION['admin'] = 1;
             }
             if ($dati->master == 1) {
                 $_SESSION['master'] = 1;
             }
             //Inserisco l'utente nelle sessioni
             if ($p->d->query("INSERT INTO sessioni SET session_id='" . session_id() . "',username='******',chat_id=1,chat_name='" . $p->d->getvar('SELECT name FROM stanze WHERE id=1;') . "',last_time='" . (time() + 60 * 10) . "',pg_id=0 ;") > 0) {
                 //Eseguo l'azione "login_success"
                 $t->start_block('login_success');
                 $p->action('login_success');
                 $t->end_block('login_success');
             } else {
                 //Eseguo l'azione "login_failed"
                 $t->start_block('login_failed');
                 $p->action('login_failed');
                 $t->end_block('login_failed');
             }
         } else {
             //Eseguo l'azione "login_failed"
             $t->start_block('login_failed');
             $p->action('login_failed');
             $t->end_block('login_failed');
         }
     } else {
         //Non sono stati inviati nome utente e password: visualizzo il form per il login
         $t->start_block('login_form');
         $t->assign_block_var('ACTION', $_SERVER['PHP_SELF']);
         //Eseguo l'azione "login_form"
         $p->action('login_form');
         $t->end_block('login_form');
     }
     $t->out();
 }
Ejemplo n.º 3
0
/**
 * @param template $template
 * @param string $query_where
 * @param int    $query_limit
 */
function nws_render(&$template, $query_where = '', $query_limit = 20)
{
    global $config, $user;
    $announce_list = doquery("SELECT a.*, UNIX_TIMESTAMP(`tsTimeStamp`) AS unix_time, u.authlevel, s.*\n    FROM\n      {{announce}} AS a\n      LEFT JOIN {{survey}} AS s ON s.survey_announce_id = a.idAnnounce\n      LEFT JOIN {{users}} AS u ON u.id = a.user_id\n    {$query_where}\n    ORDER BY `tsTimeStamp` DESC, idAnnounce" . ($query_limit ? " LIMIT {$query_limit}" : ''));
    $template->assign_var('NEWS_COUNT', db_num_rows($announce_list));
    $users = array();
    while ($announce = db_fetch($announce_list)) {
        if ($announce['user_id'] && !isset($users[$announce['user_id']])) {
            $users[$announce['user_id']] = db_user_by_id($announce['user_id']);
        }
        $survey_vote = array('survey_vote_id' => 1);
        $survey_complete = strtotime($announce['survey_until']) < SN_TIME_NOW;
        if ($announce['survey_id'] && !empty($user['id'])) {
            $survey_vote = !$survey_complete ? $survey_vote = doquery("SELECT `survey_vote_id` FROM `{{survey_votes}}` WHERE survey_parent_id = {$announce['survey_id']} AND survey_vote_user_id = {$user['id']} LIMIT 1;", true) : array();
        }
        $announce_exploded = explode("<br /><br />", cht_message_parse($announce['strAnnounce'], false, intval($announce['authlevel'])));
        $template->assign_block_vars('announces', array('ID' => $announce['idAnnounce'], 'TIME' => date(FMT_DATE_TIME, $announce['unix_time'] + SN_CLIENT_TIME_DIFF), 'ANNOUNCE' => cht_message_parse($announce['strAnnounce'], false, intval($announce['authlevel'])), 'DETAIL_URL' => $announce['detail_url'], 'USER_NAME' => isset($users[$announce['user_id']]) && $users[$announce['user_id']] ? player_nick_render_to_html($users[$announce['user_id']], array('color' => true)) : js_safe_string($announce['user_name']), 'NEW' => $announce['unix_time'] + $config->game_news_actual >= SN_TIME_NOW, 'FUTURE' => $announce['unix_time'] > SN_TIME_NOW, 'SURVEY_ID' => $announce['survey_id'], 'SURVEY_TEXT' => $announce['survey_question'], 'SURVEY_CAN_VOTE' => empty($survey_vote) && !$survey_complete, 'SURVEY_COMPLETE' => $survey_complete, 'SURVEY_UNTIL' => $announce['survey_until']));
        foreach ($announce_exploded as $announce_paragraph) {
            $template->assign_block_vars('announces.paragraph', array('TEXT' => $announce_paragraph));
        }
        if ($announce['survey_id']) {
            $survey_query = doquery("SELECT survey_answer_text AS `TEXT`, count(DISTINCT survey_vote_id) AS `VOTES`\n          FROM `{{survey_answers}}` AS sa\n            LEFT JOIN `{{survey_votes}}` AS sv ON sv.survey_parent_answer_id = sa.survey_answer_id\n          WHERE sa.survey_parent_id = {$announce['survey_id']}\n          GROUP BY survey_answer_id\n          ORDER BY survey_answer_id;");
            $survey_vote_result = array();
            $total_votes = 0;
            while ($row = db_fetch($survey_query)) {
                $survey_vote_result[] = $row;
                $total_votes += $row['VOTES'];
            }
            if (empty($survey_vote) && !$survey_complete) {
                // Can vote
                $survey_query = doquery("SELECT * FROM {{survey_answers}} WHERE survey_parent_id  = {$announce['survey_id']} ORDER BY survey_answer_id;");
                while ($row = db_fetch($survey_query)) {
                    $template->assign_block_vars('announces.survey_answers', array('ID' => $row['survey_answer_id'], 'TEXT' => $row['survey_answer_text']));
                }
            } else {
                // Show result
                foreach ($survey_vote_result as &$vote_result) {
                    $vote_percent = $total_votes ? $vote_result['VOTES'] / $total_votes * 100 : 0;
                    $vote_result['PERCENT'] = $vote_percent;
                    $vote_result['PERCENT_TEXT'] = round($vote_percent, 1);
                    $vote_result['VOTES'] = pretty_number($vote_result['VOTES']);
                    $template->assign_block_vars('announces.survey_votes', $vote_result);
                }
            }
            // Dirty hack
            $template->assign_block_vars('announces.total_votes', array('TOTAL_VOTES' => $total_votes));
        }
    }
}
Ejemplo n.º 4
0
function guestbook()
{
    global $p, $t, $game_name;
    $t = new template('template/guestbook.tpl');
    $t->assign_var('NAME', $game_name);
    if (!empty($_POST['message'])) {
        $username = mysql_real_escape_string(htmlentities($_POST['username']));
        $text = mysql_real_escape_string(htmlentities($_POST['message']));
        $query = 'INSERT INTO guestbook SET username="******",text="' . $text . '",time=NOW();';
        if ($p->d->query($query)) {
            $t->to_comp['new_success'][] = array();
        }
    }
    $select = 'SELECT * FROM guestbook ORDER BY time DESC;';
    $messaggi = $p->d->getresults($select);
    foreach ($messaggi as $m) {
        $t->to_comp['message'][] = array('USERNAME' => $m->username, 'MESSAGE' => $m->text);
    }
    $t->out();
}
Ejemplo n.º 5
0
 static function chat()
 {
     $p = plugins::getinst();
     $stanza = $_SESSION['stanza'];
     //prendo l'id della chat
     $chat = $p->d->getrow('SELECT name,other FROM stanze WHERE id="' . $stanza . '";');
     //la trovo sul db
     if ($chat) {
         //se c'è
         //se ha un contenuto in html, lo visualizzo al posto del frameset della chat usando un altro template
         if ($chat->other) {
             $t = new template('template/chat_body_other.tpl');
             $t->assign_var('TEXT', stripslashes($chat->other));
         } else {
             $t = new template('template/chat.tpl');
         }
         $p->action('chat');
         @$t->out();
     } else {
         echo 'Stanza non presente...<br/><a href="' . config::game_dir . '/plugins.php/main" target="_top">torna alla pagina principale</a>';
     }
 }
Ejemplo n.º 6
0
	{
		@include($phpbb_root_path . 'includes/hooks/' . $hook . '.' . $phpEx);
	}
}
else
{
	$phpbb_hook = false;
}

// Set some standard variables we want to force
$config = array(
	'load_tplcompile'	=> '1'
);

$template->set_custom_template('../adm/style', 'admin');
$template->assign_var('T_TEMPLATE_PATH', '../adm/style');

// the acp template is never stored in the database
$user->theme['template_storedb'] = false;

$install = new module();

$install->create('install', "index.$phpEx", $mode, $sub);
$install->load();

// Generate the page
$install->page_header();
$install->generate_navigation();

$template->set_filenames(array(
	'body' => $install->get_tpl_name())
Ejemplo n.º 7
0
} else {
    require $phpbb_root_path . 'includes/acm/acm_file.' . $phpEx;
    require $phpbb_root_path . 'includes/auth.' . $phpEx;
    require $phpbb_root_path . 'includes/cache.' . $phpEx;
    require $phpbb_root_path . 'includes/session.' . $phpEx;
    // Create the user.
    $user = new user();
    $auth = new auth();
    $cache = new cache();
}
// We need to set the template here.
$template = new template();
$template->set_custom_template('style', 'qi');
$profiles = $settings->get_profiles();
if (empty($profiles['count'])) {
    $template->assign_var('S_NO_PROFILE', true);
    $page = $page == 'main' || $page == '' ? 'settings' : $page;
}
$template->assign_var('CONFIG_TEXT', false);
// If there is a language selected in the dropdown menu in settings it's sent as GET, then igonre the hidden POST field.
if (isset($_GET['lang'])) {
    $language = request_var('lang', '');
} else {
    if (!empty($_POST['sel_lang'])) {
        $language = request_var('sel_lang', '');
    } else {
        $language = '';
    }
}
$settings->apply_language($language);
// Updated settings?
Ejemplo n.º 8
0
 static function account_switch($action = '')
 {
     /* prendo l'istanza della classe plugin dal singleton | Call Singleton Plugin */
     $p = plugins::getinst();
     /* prendo l'id dell'account | gain account id
      * TODO Fix filtraggio input
      */
     $account_id = $_SESSION['datiaccount']['id'];
     $t = new template('template/account_switch.tpl');
     /* se si vuole usare un utente | "Use a User Profile" Action */
     if ($action == 'use_user') {
         /* vedo se esiste l'utente selezionato e se è dell'account che lo ha selezionato | Check existance and proprietary account on selected one
          * TODO Fix filtraggio input
          */
         $cond = $p->d->getrow('SELECT COUNT(id) AS count, account_id FROM users WHERE id="' . mysql_real_escape_string($_POST['pg_id']) . '" GROUP BY id;');
         /* se supera l'if metto nella sessione i dati del pg separati da quelli dell'account, cambio pg_id nella tabella sessioni e mando l'utente alla pagina main |
          * save usre data out of account data, update pg_id in session table, redirect to main page */
         if ($cond->count > 0 && $cond->account_id == $_SESSION['datiaccount']['id']) {
             $_SESSION['datiuser'] = get_object_vars($p->d->getrow('SELECT * FROM users WHERE id="' . $_POST['pg_id'] . '";'));
             $updsess = $p->d->query('UPDATE sessioni SET pg_id="' . $_POST['pg_id'] . '" WHERE session_id="' . session_id() . '";');
             header('Location:' . config::game_dir . '/plugins.php/main');
             /* command to redirect */
         }
     }
     /* se si vuole cambiare la password | Change Password OF FULL ACCOUNT */
     if ($action == 'change_pwd') {
         /* cripto in md5 quella nuova | md5 encript
          * TODO Fix filtraggio input
          */
         $password = md5(mysql_real_escape_string($_POST['password']));
         /* faccio l'update della password sul db | update query */
         $query = 'UPDATE accounts SET password="******",last_change_pwd=NOW() WHERE id="' . $account_id . '";';
         if ($p->d->query($query) > 0) {
             $t->block_null('new_password_success');
         } else {
             $t->block_null('new_password_failed');
         }
     }
     /* se si vuole creare un nuovo utente | New User */
     if ($action == 'new_user') {
         /* prendo tutti i dati passati in POST e li passo a mysql_real_escape_string e htmlentities per evitare XSS e SQL injections | Input filtering
          * TODO Fix filtraggio input
          */
         $name = mysql_real_escape_string(htmlentities($_POST['name']));
         $surname = mysql_real_escape_string(htmlentities($_POST['surname']));
         $sex = mysql_real_escape_string(htmlentities($_POST['sex']));
         $race = mysql_real_escape_string(htmlentities($_POST['race']));
         /* vedo se sono stati riempiti tutti i campi | no empty fields */
         if ($name == NULL || ($surname = NULL || $sex == NULL || $race == NULL)) {
             die('Non hai riempito tutti i campi <br/> <a href="javascript:history.back();">torna indietro</a>');
         }
         /* java function to reload form */
         /* controllo che il personaggio non esista già | Check in DB for duplicate entries */
         if ($p->d->getvar('SELECT COUNT(id) as count FROM users WHERE name="' . $name . '";') > 0) {
             die('Il personaggio che vuoi creare esiste gi&agrave;! <br/> <a href="javascript:history.back();">torna indietro</a>');
         }
         /* vedo se l'utente ha già raggiunto il massimo di pg consentiti (settati nel config) | check for max number of users in account */
         if ($p->d->getvar('SELECT COUNT(*) FROM users WHERE account_id="' . $account_id . '";') < config::max_pg) {
             /* creo il pg e lo collego all'account che lo ha creato | add user in db and link it to account */
             $query = 'INSERT INTO users SET account_id="' . $account_id . '",name="' . $name . '",surname="' . $surname . '",sex="' . $sex . '",race="' . $race . '";';
             $p->d->query($query);
             /* faccio un refresh della pagina, per evitare che lo faccia manualmente l'utente creando un'altro utente vuoto | force a refresh so no duplicate entries for hand-made refreshes */
             header('Location:' . config::game_dir . '/plugins.php/account_switch');
         } else {
             echo 'Hai raggiunto il numero massimo di personaggi consentiti... <br/> <a href="javascript:history.back();">torna indietro</a>';
         }
         /* | if already has all slot full display a warning and rollback */
     }
     /* assegno l'account id e il path di questa pagina al template | view init: assign account id and path to template */
     $t->assign_var('ID', $account_id);
     $t->assign_var('ACTION', config::game_dir . '/plugins.php/account_switch');
     /* | Check for last changed password
      * TODO Fix filtraggio input
      */
     $time_password = $p->d->getvar('SELECT COUNT(id) FROM accounts WHERE id="' . $_SESSION['datiaccount']['id'] . '" AND last_change_pwd < (NOW() - INTERVAL 6 MONTH);');
     if ($time_password > 0) {
         $t->block_null('change_password');
     }
     /* seleziono i pg dell'utente | extract from db account's pc */
     $users = $p->d->getresults('SELECT * FROM users WHERE account_id="' . $account_id . '" LIMIT 0,' . config::max_pg . ';');
     /* se ce ne sono li aggiungo al template | if any add it to template */
     if (count($users) > 0) {
         foreach ($users as $user) {
             $t->start_block('user');
             $t->assign_block_vars(array('PG_ID' => $user->id, 'PG_NAME' => $user->name, 'PG_SURNAME' => $user->surname, 'PG_IMAGE' => $user->image, 'PG_DESC' => isset($user->description) ? $user->description : 'nessuna descrizione'));
             $t->end_block('user');
             /* assegnazioni per gli editor in-place per le modifiche dei PG | set editor-in-place for PC mod */
             $t->block_assign('javascript_inplace_row_surname', 'ID', $user->id);
             $t->block_assign('javascript_inplace_row_desc', 'ID', $user->id);
         }
     }
     /* se il numero di utenti è minore del numero massimo consentito visualizzo il form di creazione pg | If 
      * number of current pc is less than max allowed per account, show new PC form */
     if (count($users) < config::max_pg) {
         /* | Use config constant to perform check */
         $query = 'SELECT * FROM razze WHERE evolution!=1;';
         /* TODO implementare uso delle sottorazze e razze avanzate */
         $races = $p->d->getresults($query);
         /* ogni razza a cui sia possibile aggiungere il pg è aggiunta nel template | add any pc's allowed race to template */
         $t->start_block('new_user_form');
         foreach ($races as $race) {
             $t->block_assign('race_row', array('RACE_ID' => $race->id, 'RACE_NAME' => $race->name));
         }
         $t->end_block('new_user_form');
     }
     // endif
     $t->out();
 }
Ejemplo n.º 9
0
 static function mp_new_form($user = '')
 {
     global $t;
     $p = plugins::getinst();
     $t = new template('template/mp_new_form.tpl');
     $t->assign_var('TO', $user);
     $p->action('mp_new_form');
     @$t->out();
 }
Ejemplo n.º 10
0
 static function edit_post($forum_id = 0, $id = 0)
 {
     $p = plugins::getinst();
     if ($id != 0) {
         $t = new template('template/forum_message.tpl');
         $t->assign_var('FORUM_ID', $forum_id);
         //controllo se la bacheca è riservata al master e in caso controllo che l'utente lo sia
         if ($p->d->getvar('SELECT master FROM forums WHERE id="' . $forum_id . '";') == 1 && control_access(MASTER_ACCESS) != 1) {
             $t->start_block('access_denied');
             $t->end_block('access_denied');
         } else {
             $post = $p->d->getrow('SELECT * FROM posts WHERE id="' . $id . '"');
             if (!$_POST) {
                 $t->start_block('message_form');
                 if ($post->title != NULL && $post->topic_id == 0) {
                     $t->block_assign('is_topic', 'TOPIC_TITLE', $post->title);
                 }
                 $t->assign_block_var('TEXT', $post->text);
                 $t->assign_block_var('SUBMIT_TEXT', 'modifica messaggio');
                 $t->assign_block_var('ACTION', '{ROOT}/plugins.php/edit_post/' . $forum_id . '/' . $id);
                 $t->end_block('message_form');
             } else {
                 if (isset($_POST['title'])) {
                     $title = mysql_real_escape_string(htmlentities($_POST['title']));
                 } else {
                     $title = $post->title;
                 }
                 $text = $p->filter('topic_message_edited', mysql_real_escape_string(htmlentities($_POST['text'])));
                 $query = 'UPDATE posts SET title="' . $title . '",text="' . $text . '" WHERE id="' . $id . '"';
                 $res = $p->d->query($query);
                 if ($res > 0) {
                     $t->block_assign('success', 'TEXT_SUCCESS', 'Messaggio modificato!');
                 } else {
                     $t->block_assign('failed', 'TEXT_FAILED', 'Messaggio NON modificato: ' . mysql_error());
                 }
             }
         }
         $t->out();
     }
 }
Ejemplo n.º 11
0
Archivo: common.php Proyecto: html/PI
require $phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx;
// Set PHP error handler to ours
set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');
// Instantiate some basic classes
$user = new user();
$auth = new auth();
$template = new template();
$cache = new cache();
$db = new $sql_db();
// Connect to DB
$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, defined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK : false);
$GLOBALS['db'] = $db;
// We do not need this any longer, unset for safety purposes
unset($dbpasswd);
// Grab global variables, re-cache if necessary
$config = $cache->obtain_config();
// Add own hook handler
require $phpbb_root_path . 'includes/hooks/index.' . $phpEx;
$phpbb_hook = new phpbb_hook(array('exit_handler', 'phpbb_user_session_handler', 'append_sid', array('template', 'display')));
foreach ($cache->obtain_hooks() as $hook) {
    @(include $phpbb_root_path . 'includes/hooks/' . $hook . '.' . $phpEx);
}
require_once dirname(__FILE__) . '/../../library/functions.php';
$css = '';
$dir = dirname(__FILE__);
foreach (glob(dirname(__FILE__) . '/styles/pi/theme/*.css') as $val) {
    $val = str_replace($dir, '', $val);
    $css .= '<link href="' . $val . '" rel="stylesheet" type="text/css"/>';
}
$template->assign_var('CSS', $css);