function OS_UpdateScoresTable($name = "")
{
$db = new db("mysql:host=" . OSDB_SERVER . ";dbname=" . OSDB_DATABASE . "", OSDB_USERNAME, OSDB_PASSWORD);
$name = safeEscape(trim($name));
if (!empty($name)) {
$sth = $db->prepare("SELECT * FROM scores WHERE (name) = ('" . $name . "')");
$result = $sth->execute();
if ($limit = $sth->rowCount() <= 0) {
$sth = $db->prepare("INSERT INTO scores(category, name)VALUES('dota_elo','" . $name . "')");
$result = $sth->execute();
}
//Get updated result
$resultScore = $db->prepare("SELECT player,score FROM " . OSDB_STATS . " WHERE (player) = ('" . $name . "')");
$result = $resultScore->execute();
$rScore = $resultScore->fetch(PDO::FETCH_ASSOC);
//update "scores" table
$UpdateScoreTable = $db->prepare("UPDATE `scores` SET `score` = '" . $rScore["score"] . "' \n\tWHERE (name) = ('" . $rScore["player"] . "') ");
$result = $UpdateScoreTable->execute();
}
}
function OS_CheckCaptcha()
{
if (isset($_POST["post_comment"])) {
if (isset($_GET["post_id"]) and is_numeric($_GET["post_id"])) {
$backTo = OS_HOME . '?post_id=' . safeEscape($_GET["post_id"]) . "&" . generate_hash(12) . "#SubmitComment";
} else {
$backTo = '';
}
$CaptchaError = '<h2>Invalid captcha</h2><div><a href="' . $backTo . '">« Back</a></div>';
if (!isset($_POST["c_code"]) or !isset($_SESSION["c_code"])) {
os_trigger_error($CaptchaError);
}
if ($_POST["c_code"] != $_SESSION["c_code"]) {
os_trigger_error($CaptchaError . " ");
} else {
$code = generate_hash(5);
$code = str_replace(array("o", "0"), array("x", "x"), $code);
$_SESSION["c_code"] = $code;
}
}
}
$errors .= "<div>" . $lang["error_no_player"] . "</div>";
}
if (empty($errors)) {
$row = $sth->fetch(PDO::FETCH_ASSOC);
$PID = $row["id"];
$db->insert(OSDB_APPEALS, array("player_id" => (int) $PID, "player_name" => $player, "user_id" => (int) $_SESSION["user_id"], "reason" => $reason, "game_url" => $game_url, "replay_url" => $replay_url, "added" => (int) time(), "status" => 0, "user_ip" => $_SERVER["REMOTE_ADDR"]));
$_SESSION["last_report"] = time();
require_once 'plugins/index.php';
os_init();
header('location: ' . OS_HOME . '?ban_appeal&success');
die;
}
}
}
if (isset($_SESSION["bnet_username"])) {
$BanAppeal = safeEscape(trim($_SESSION["bnet_username"]));
if (empty($BanAppeal)) {
$BanAppeal = ",./,./";
}
$sth = $db->prepare("SELECT * FROM " . OSDB_BANS . " WHERE name=:player LIMIT 1");
$sth->bindValue(':player', $BanAppeal, PDO::PARAM_STR);
$result = $sth->execute();
if ($sth->rowCount() >= 1) {
$row = $sth->fetch(PDO::FETCH_ASSOC);
$BanAppealName = $row["name"];
$BanAppealDate = $row["date"];
$BanAppealGamename = $row["gamename"];
$BanAppealAdmin = $row["admin"];
$BanAppealReason = $row["reason"];
$BanAppealServer = $row["server"];
}
function OS_CheckFacebookLogin()
{
if (isset($_POST["fb_name"]) and isset($_POST["fb_email"]) and isset($_POST["fb_id"])) {
global $db;
$errors = '';
$FBID = trim($_POST["fb_id"]);
$gender = safeEscape(trim($_POST["fb_gender"]));
$name = strip_tags(trim($_POST["fb_name"]));
$email = safeEscape(trim($_POST["fb_email"]));
$IP = safeEscape($_SERVER["REMOTE_ADDR"]);
$avatar = 'https://graph.facebook.com/' . $FBID . '/picture/?type=large';
$www = 'http://www.facebook.com/profile.php?id=' . $FBID . '';
$pass = generate_hash(5);
$hash = generate_hash(12);
$password_db = generate_password($pass, $hash);
if (empty($FBID) or strlen($FBID) <= 6) {
$errors = '1';
}
if (strlen($name) <= 3) {
$errors = '2';
}
if (strlen($email) <= 6) {
$errors = '3';
}
if (!empty($errors)) {
header('location:' . OS_HOME . '?action=facebook&error=' . $errors);
die;
}
if ($gender == "male") {
$gen = 1;
} else {
if ($gender == "female") {
$gen = 2;
} else {
$gen = 0;
}
}
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_fbid =:FBID AND user_email =:email");
$sth->bindValue(':FBID', $FBID, PDO::PARAM_STR);
$sth->bindValue(':email', $email, PDO::PARAM_STR);
$result = $sth->execute();
//echo $FBID ;
//echo $db->num_rows($result);
//NEW USER
if ($sth->rowCount() <= 0) {
//Check if username already exists
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE LOWER(user_name) =:name ");
$sth->bindValue(':name', strtolower($name), PDO::PARAM_STR);
if ($sth->rowCount() >= 1) {
$name .= " " . rand(100, 1000);
}
$db->insert(OSDB_USERS, array("user_name" => $name, "user_fbid" => $FBID, "user_password" => $password_db, "password_hash" => $hash, "user_email" => $email, "user_joined" => (int) time(), "user_level" => 0, "user_last_login" => (int) time(), "user_ip" => $IP, "user_avatar" => $avatar, "user_website" => $www, "user_gender" => $gen));
$id = $db->lastInsertId();
$_SESSION["user_id"] = $id;
$_SESSION["username"] = $name;
$_SESSION["email"] = $email;
$_SESSION["level"] = 0;
$_SESSION["can_comment"] = 1;
$_SESSION["logged"] = time();
$_SESSION["fb"] = $FBID;
$_SESSION["bnet"] = "";
$_SESSION["bnet_username"] = "";
header("location: " . OS_HOME . "");
die;
} else {
//UPDATE USER DATA
if ($gen >= 1) {
$sql_update = ", user_gender = '" . (int) $gen . "'";
} else {
$sql_update = "";
}
$update = $db->prepare("UPDATE " . OSDB_USERS . " SET user_last_login = '******',user_avatar = '" . strip_tags($avatar) . "', user_website = '" . strip_tags($www) . "' {$sql_update} \n\t\tWHERE user_email = '" . $email . "' AND user_fbid = '" . $FBID . "' LIMIT 1");
$result = $update->execute();
$row = $sth->fetch(PDO::FETCH_ASSOC);
$id = $row["user_id"];
$_SESSION["user_id"] = $id;
$_SESSION["username"] = $row["user_name"];
$_SESSION["email"] = $row["user_email"];
$_SESSION["level"] = $row["user_level"];
$_SESSION["can_comment"] = $row["can_comment"];
$_SESSION["logged"] = time();
$_SESSION["fb"] = $FBID;
$_SESSION["bnet"] = $row["user_bnet"];
$_SESSION["bnet_username"] = $row["bnet_username"];
header("location: " . OS_HOME . "");
die;
}
}
}
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
if (!empty($_GET["common_games"]) and isset($_SESSION["bnet_username"])) {
$HomeTitle = "Common Games";
$HomeDesc = os_strip_quotes($lang["game_archive"]);
$HomeKeywords = strtolower(os_strip_quotes($lang["game_archive"])) . ',' . $HomeKeywords;
$MenuClass["games"] = "active";
$User1 = strip_tags(trim($_SESSION["bnet_username"]));
$User2 = safeEscape(trim($_GET["common_games"]));
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_GAMES . " as g\n\tLEFT JOIN " . OSDB_GP . " as gp ON gp.gameid = g.id AND gp.name=:user1 \n\tLEFT JOIN " . OSDB_GP . " as gp2 ON gp2.gameid = gp.gameid AND gp2.name=:user2\n\tWHERE gp.name =:user1 AND gp2.name =:user2\n\tLIMIT 1");
$sth->bindValue(':user1', $User1, PDO::PARAM_STR);
$sth->bindValue(':user2', $User2, PDO::PARAM_STR);
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
$result_per_page = $GamesPerPage;
$draw_pagination = 0;
include 'inc/pagination.php';
$draw_pagination = 1;
$sth = $db->prepare("SELECT g.gamename, g.id, g.map, g.datetime, g.duration, g.gamestate, dg.winner\n\tFROM " . OSDB_GAMES . " as g\n\tLEFT JOIN " . OSDB_GP . " as gp ON gp.gameid = g.id AND gp.name=:user1 \n\tLEFT JOIN " . OSDB_GP . " as gp2 ON gp2.gameid = gp.gameid AND gp2.name=:user2\n\tLEFT JOIN " . OSDB_DG . " as dg ON dg.gameid = g.id\n\tWHERE gp.name =:user1 AND gp2.name =:user2\n\tORDER BY g.id DESC\n\tLIMIT {$offset}, {$rowsperpage}");
$sth->bindValue(':user1', $User1, PDO::PARAM_STR);
$sth->bindValue(':user2', $User2, PDO::PARAM_STR);
$result = $sth->execute();
$CommonGames = array();
$c = 0;
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$CommonGames[$c]["gamename"] = $row["gamename"];
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$userID = safeEscape((int) $_GET["member"]);
$MenuClass["members"] = "active";
$sth = $db->prepare("SELECT u.*, COUNT(c.user_id) as total_comments \r\n\tFROM " . OSDB_USERS . " as u \r\n\tLEFT JOIN " . OSDB_COMMENTS . " as c ON c.user_id = u.user_id\r\n\tWHERE u.user_id = :userID LIMIT 1");
$sth->bindValue(':userID', $userID, PDO::PARAM_INT);
$result = $sth->execute();
$c = 0;
$MemberData = array();
if (file_exists("inc/geoip/geoip.inc")) {
include "inc/geoip/geoip.inc";
$GeoIPDatabase = geoip_open("inc/geoip/GeoIP.dat", GEOIP_STANDARD);
$GeoIP = 1;
}
if ($sth->rowCount() >= 1) {
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
//USER REGISTERED/CONFIRMED BNET ACCOUNT
if ($row["user_bnet"] >= 1) {
$sth2 = $db->prepare("SELECT * FROM " . OSDB_STATS . " \r\n\t WHERE player = '" . $row["user_name"] . "' \r\n\t ORDER BY id DESC \r\n\t LIMIT 1 ");
$result = $sth2->execute();
$row2 = $sth2->fetch(PDO::FETCH_ASSOC);
$MemberData[$c]["points"] = number_format($row2["points"]);
$MemberData[$c]["games"] = $row2["games"];
$MemberData[$c]["score"] = $row2["score"];
$MemberData[$c]["wins"] = $row2["wins"];
$MemberData[$c]["losses"] = $row2["losses"];
$MemberData[$c]["uid"] = $row2["id"];
}
$draw_pagination = 0;
include 'inc/pagination.php';
$draw_pagination = 1;
$sqlFilter .= "ORDER BY g.datetime DESC";
$sql = getUserGames($id, $MinDuration, $offset, $rowsperpage, $sqlFilter);
} else {
//FILTER
$filter = "";
unset($sth);
if (isset($_GET["m"]) and is_numeric($_GET["m"]) and $_GET["m"] <= 12 and $_GET["m"] >= 1) {
$m = safeEscape((int) $_GET["m"]);
$filter .= "AND MONTH(g.datetime) = '" . (int) $m . "'";
}
if (isset($_GET["y"]) and is_numeric($_GET["y"]) and $_GET["y"] <= date("Y") and $_GET["y"] >= 1998) {
$y = safeEscape((int) $_GET["y"]);
$filter .= "AND YEAR(g.datetime) = '" . (int) $y . "'";
}
if (isset($_GET["game_type"]) and is_numeric($_GET["game_type"])) {
$filter .= " AND g.alias_id = '" . (int) $_GET["game_type"] . "' ";
}
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_GAMES . " as g\n WHERE (g.map) LIKE ('%" . OS_DEFAULT_MAP . "%') AND g.duration>='" . $MinDuration . "' " . $filter . " LIMIT 1");
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
$result_per_page = $GamesPerPage;
$draw_pagination = 0;
include 'inc/pagination.php';
$draw_pagination = 1;
$sql = getAllGames($MinDuration, $offset, $rowsperpage, $filter, "datetime DESC");
}
$PluginDesc = "";
if ($PluginFile != "." and $PluginFile != "index.php" and $PluginFile != ".." and strstr($PluginFile, ".php") == true) {
//enable/disable
if (isset($_GET["disable"]) and file_exists($plugins_dir . safeEscape($_GET["disable"])) and $PluginFile == $_GET["disable"] and OS_IsRoot()) {
$PluginEnabled = 1;
write_value_of('$PluginEnabled', "{$PluginEnabled}", 0, $plugins_dir . safeEscape($_GET["disable"]));
echo $PluginFile . ' - disabled <a href="' . OS_HOME . 'adm/?plugins">« Back</a>';
} else {
if (isset($_GET["enable"]) and file_exists($plugins_dir . safeEscape($_GET["enable"])) and $PluginFile == $_GET["enable"] and OS_IsRoot()) {
$PluginEnabled = 0;
write_value_of('$PluginEnabled', "{$PluginEnabled}", 1, $plugins_dir . safeEscape($_GET["enable"]));
echo $PluginFile . ' - enabled <a href="' . OS_HOME . 'adm/?plugins">« Back</a>';
} else {
if (isset($_GET["delete"]) and file_exists($plugins_dir . safeEscape($_GET["delete"])) and OS_IsRoot()) {
$PluginEnabled = 0;
unlink($plugins_dir . safeEscape($_GET["delete"]));
}
}
}
if (file_exists($plugins_dir . $PluginFile)) {
$PluginName = trim(str_replace("//Plugin:", "", OS_ReadLine($plugins_dir . $PluginFile, 2)));
$PluginAuthor = trim(str_replace("//Author:", "", OS_ReadLine($plugins_dir . $PluginFile, 3)));
$PluginDesc = trim(str_replace("//", "", OS_ReadLine($plugins_dir . $PluginFile, 4)));
if (!empty($PluginName) and !empty($PluginAuthor)) {
include $plugins_dir . $PluginFile;
if (isset($PluginOptions) and $PluginOptions == 1 and $PluginEnabled == 1) {
$PluginEdit = '<a href="' . OS_HOME . 'adm/?plugins&edit=' . $PluginFile . '#' . $PluginFile . '"><img src="' . OS_HOME . 'adm/edit.png" alt="edit" width="16" height="16" /> Edit</a>';
if (isset($_GET["edit"]) and $_GET["edit"] == $PluginFile) {
$PluginEdit = '<a href="' . OS_HOME . 'adm/?plugins#' . $PluginFile . '"><img src="' . OS_HOME . 'adm/edit.png" alt="edit" width="16" height="16" /> « Edit</a>';
}
} else {
echo os_commentForm();
?>
</td>
</tr>
<tr>
<td class="padLeft padTop padBottom">
<input <?php
if (!os_canComment()) {
?>
disabled<?php
}
?>
class="menuButtons" type="submit" value="<?php
echo $lang["add_comment_button"];
?>
" name="add_comment" />
</td>
</tr>
</table>
<input type="hidden" value="<?php
echo (int) safeEscape($_GET["post_id"]);
?>
" name="pid" />
<input type="hidden" value="<?php
echo $code;
?>
" name="code" />
</form>
<?php
}
<a href="javascript:;" class="menuButtons" onclick="SetDateField('tban', 'sl')" >Tban</a>
<a href="javascript:;" class="menuButtons" onclick="SetDateField('ban', 'sl')" >Ban</a>
<a href="javascript:;" class="menuButtons" onclick="SetDateField('kick', 'sl')" >Kick</a>
<a href="javascript:;" class="menuButtons" onclick="SetDateField('rcon', 'sl')" >Rcon</a>
</form>
<?php
$sql = "";
if (isset($_GET["search_logs"]) and strlen($_GET["search_logs"]) >= 2) {
$search_logs = safeEscape($_GET["search_logs"]);
$sql .= " AND LOWER(log_data) LIKE LOWER('%" . $search_logs . "%') ";
} else {
//$sql = "";
$search_logs = "";
}
if (isset($_GET["log_admin"]) and strlen($_GET["log_admin"]) >= 2) {
$search_admin = safeEscape(trim($_GET["log_admin"]));
$sql .= " AND log_admin = '" . $search_admin . "' ";
}
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_ADMIN_LOG . " WHERE id>=1 {$sql} LIMIT 1");
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
$result_per_page = 30;
?>
<div align="center">
<h4>
<a class="menuButtons" href="javascript:;" onclick="if (confirm('Delete all logs?') ) {location.href='<?php
echo OS_HOME;
?>
adm/?admin_logs&purge_admin_logs'} " >Purge logs (<?php
echo $numrows;
<?php
if (file_exists("../inc/geoip/geoip.inc")) {
if (!isset($_GET["city"])) {
include "../inc/geoip/geoip.inc";
}
$GeoIPDatabase = geoip_open("../inc/geoip/GeoIP.dat", GEOIP_STANDARD);
$GeoIP = 1;
}
$p = '';
if (isset($_GET["page"]) and is_numeric($_GET["page"])) {
$p = '&page=' . safeEscape($_GET["page"]);
} else {
$p = '';
}
if (isset($_GET["sort"])) {
$p .= '&sort=' . safeEscape($_GET["sort"]);
}
//LOOP
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
if ($GeoIP == 1) {
$Letter = geoip_country_code_by_addr($GeoIPDatabase, $row["ip"]);
$Country = geoip_country_name_by_addr($GeoIPDatabase, $row["ip"]);
}
if ($GeoIP == 1 and empty($Letter)) {
$Letter = "blank";
$Country = "Reserved";
}
$exp = calculateXP($row["exp"]);
if ($exp["level"] <= 0) {
$exp["level"] = 1;
}
$result = $sth->execute();
$numrows = $sth->rowCount();
$result_per_page = 30;
$draw_pagination = 1;
$sql = "WHERE item_info!='' GROUP BY (shortname)";
}
$SHOW_TOTALS = 1;
include 'pagination.php';
$sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " {$sql} \n ORDER BY (shortname) ASC \n LIMIT {$offset}, {$rowsperpage}");
$result = $sth->execute();
$add = "";
if (isset($_GET["show_all"])) {
$add .= "&show_all";
}
if (isset($_GET["page"])) {
$add .= "&page=" . safeEscape((int) $_GET["page"]);
}
?>
<table>
<tr>
<th width="74" class="padLeft">Item</th>
<th width="220">Item name</th>
<th>Description</th>
</tr>
<?php
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
if (isset($_GET["edit"]) and $_GET["edit"] == $row["itemid"]) {
$border = 'style="border:6px solid #FCC200;"';
} else {
$border = "";
}
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$HomeTitle = $lang["heroes"];
$HomeDesc = $lang["heroes"];
$HomeKeywords = strtolower(os_strip_quotes($lang["heroes"])) . ',' . $HomeKeywords;
$MenuClass["misc"] = "active";
if (isset($_GET["search_heroes"]) and strlen($_GET["search_heroes"]) >= 2) {
$search_heroes = safeEscape(trim($_GET["search_heroes"]));
$sql = "AND (description) LIKE ? ";
} else {
$sql = "";
}
$HeroesData = array();
$HeroesData[0] = "Heroes";
/*
$sth = $db->prepare("SELECT COUNT(*) FROM ".OSDB_HEROES." WHERE summary!= '-' $sql LIMIT 1");
if ( !empty($sql) ) $sth->bindValue(1, "%".strtolower($search_heroes)."%", PDO::PARAM_STR);
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
$result_per_page = $HeroesPerPage;
$result_per_page = $HeroesPerPage;
$draw_pagination = 0;
$total_comments = $numrows;
include('inc/pagination.php');
$draw_pagination = 1;
?>
?vote"><?php
echo $lang["vote_back"];
?>
</a></div>
</div>
<?php
} else {
if (isset($_POST["vote_hero"]) and isset($_SESSION["code"]) and isset($_POST["code"]) and $_POST["code"] == $_SESSION["code"]) {
$code = generate_hash(14);
$_SESSION["code"] = $code;
if (isset($_POST["h1"])) {
$h1 = safeEscape($_POST["h1"]);
$h1check = safeEscape($_POST["hero_1"]);
$h2check = safeEscape($_POST["hero_2"]);
if ($h1check == $h1) {
$votedown = $h2check;
}
if ($h2check == $h1) {
$votedown = $h1check;
}
//echo "<b>$h1</b> ($h1check -- $h2check ) <--> $votedown";
$sth = $db->prepare("UPDATE heroes SET `voteup` = `voteup`+1 WHERE `heroid` = :h1 ");
$sth->bindValue(':h1', $h1, PDO::PARAM_STR);
$result = $sth->execute();
$sth = $db->prepare("UPDATE heroes SET `votedown` = `votedown`+1 WHERE `heroid` = '" . $votedown . "' ");
$sth->bindValue(':votedown', $votedown, PDO::PARAM_STR);
$result = $sth->execute();
//GET VOTE RESULTS
$sth = $db->prepare("SELECT * FROM heroes WHERE summary!= '-' AND `heroid` = :h1check LIMIT 1");
function OS_MostPlayedHero($username)
{
$sql = "SELECT SUM(`left`) AS timeplayed, original, description, \n\tCOUNT(*) AS played \n\tFROM " . OSDB_GP . " as gp \n\tLEFT JOIN " . OSDB_GAMES . " as g ON g.id=gp.gameid \n\tLEFT JOIN " . OSDB_DP . " as dp ON dp.gameid=g.id \n\tAND dp.colour=gp.colour \n\tLEFT JOIN " . OSDB_DG . " as dg ON g.id=dg.gameid \n JOIN " . OSDB_HEROES . " on hero = heroid \n\tWHERE (name)=('" . safeEscape($username) . "')\n\tGROUP BY original \n\tORDER BY played DESC LIMIT 1";
return $sql;
}
if ($db->num_rows($result) <= 0) {
$pass = generate_hash(5);
$hash = generate_hash(12);
$password_db = generate_password($pass, $hash);
$avatar = 'https://graph.facebook.com/' . $user . '/picture?type=large';
$www = 'http://www.facebook.com/profile.php?id=' . $user . '';
if ($gender == "male") {
$gen = 1;
} else {
if ($gender == "female") {
$gen = 2;
} else {
$gen = 0;
}
}
$insert = $db->query("INSERT INTO users(user_name, user_fbid, user_password, password_hash, user_email, user_joined, user_level, user_last_login, user_ip, user_avatar, user_website, user_gender) \n\t VALUES('" . safeEscape($name) . "', '" . $user . "', '" . $password_db . "', '" . $hash . "', '" . safeEscape($email) . "', '" . (int) time() . "', '0', '" . (int) time() . "', '" . safeEscape($_SERVER["REMOTE_ADDR"]) . "', '" . strip_tags($avatar) . "', '" . $www . "', '" . $gen . "')");
$id = $db->get_insert_id();
$_SESSION["user_id"] = $id;
$_SESSION["username"] = $name;
$_SESSION["email"] = $email;
$_SESSION["level"] = 0;
$_SESSION["can_comment"] = 1;
$_SESSION["logged"] = time();
$_SESSION["fb"] = $user;
header("location: " . $website . "");
} else {
$avatar = 'https://graph.facebook.com/' . $user . '/picture';
$www = 'http://www.facebook.com/profile.php?id=' . $user . '';
if ($gender == "male") {
$gen = 1;
} else {
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$HomeTitle = $lang["items"];
$HomeDesc = $lang["items"];
$HomeKeywords = strtolower(os_strip_quotes($lang["items"])) . ',' . $HomeKeywords;
$MenuClass["misc"] = "active";
if (isset($_GET["search_items"]) and strlen($_GET["search_items"]) >= 2) {
$search_items = safeEscape($_GET["search_items"]);
$sql = "AND (name) LIKE ? ";
} else {
$sql = "";
}
if (isset($_GET["search_items"]) and strlen($_GET["search_items"]) >= 2) {
$sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " as Items\n\tWHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' {$sql}\n\tGROUP BY (shortname) \n\tORDER BY (shortname) ASC");
if (!empty($sql)) {
$sth->bindValue(1, "%" . $search_items . "%", PDO::PARAM_STR);
}
$result = $sth->execute();
$numrows = $sth->rowCount();
} else {
$sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " WHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' GROUP BY (shortname)");
$result = $sth->execute();
$numrows = $sth->rowCount();
}
$result_per_page = $ItemsPerPage;
$draw_pagination = 0;
//$total_comments = $numrows;
?>
<br />
[BOT] (<?php
echo date(OS_DATE_FORMAT, time());
?>
) executed command #<?php
echo $InsertID;
?>
, botID: <?php
echo $botID;
?>
</div>
<?php
} else {
if (isset($_POST["rcon"]) and os_is_logged() and $_SESSION["level"] >= 9 and isset($_POST["gameID"])) {
$rcon = safeEscape(trim($_POST["rcon"]));
$com = trim($_POST["com"]);
//$com = str_replace('&', '&',$com);
//$com = convEnt($com);
//$com = str_replace('&quot;', '"',$com);
//$com = OS_StrToUTF8($com);
$gameID = (int) $_POST["gameID"];
$botID = (int) $_POST["botID"];
if ($rcon == 1) {
$command = "!rcon saylobby " . $_SESSION["username"] . " {$gameID} {$com}";
}
if ($rcon == 2) {
$command = "!rcon saygame " . $_SESSION["username"] . " {$gameID} {$com}";
}
if ($rcon == 3) {
$command = "!rcon sayteam " . $_SESSION["username"] . " {$gameID} 1 {$com}";
if (isset($_GET["clear_messages"])) {
$sth = $db->prepare("TRUNCATE TABLE " . OSDB_COMMANDS . "");
$result = $sth->execute();
?>
<div align="center">
<h2>All messages are deleted successfully.</h2>
<a href="<?php
echo OS_HOME;
?>
adm/?remote">Refresh page</a> to continue.
</div>
<?php
OS_AddLog($_SESSION["username"], "[os_rcon] Removed all remote commands ");
}
if (isset($_POST["rc"]) and isset($_POST["botid"]) and is_numeric($_POST["botid"]) and isset($_POST["command"])) {
$botid = safeEscape((int) $_POST["botid"]);
$command = strip_tags(trim($_POST["command"]));
$db->insert(OSDB_COMMANDS, array("botid" => $botid, "command" => $command));
$InsertID = $db->lastInsertId();
?>
<div align="center">
<?php
if ($InsertID >= 1) {
OS_AddLog($_SESSION["username"], "[os_rcon] Sent Remote command ( #{$InsertID} )");
?>
Message #<?php
echo $InsertID;
?>
has been successfully sent.
<div style="font-size:11px;"><?php
echo $command;
}
}
if (file_exists("../inc/geoip/geoip.inc")) {
include "../inc/geoip/geoip.inc";
$GeoIPDatabase = geoip_open("../inc/geoip/GeoIP.dat", GEOIP_STANDARD);
$GeoIP = 1;
}
if (isset($_GET["del"]) and isset($_GET["t"]) and is_numeric($_GET["t"])) {
$del = safeEscape($_GET["del"]);
$t = safeEscape($_GET["t"]);
$sth = $db->prepare("DELETE FROM " . OSDB_APPEALS . " \n\t WHERE LOWER(player_name) = LOWER('" . $del . "') AND added = '" . $t . "' LIMIT 1");
$result = $sth->execute();
}
if (isset($_GET["edit"]) and isset($_GET["t"]) and is_numeric($_GET["t"])) {
$id = safeEscape($_GET["edit"]);
$t = safeEscape($_GET["t"]);
if (isset($_GET["close"])) {
$sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET status = 1 \n\tWHERE (player_name) = LOWER('" . $id . "') AND added = '" . $t . "' LIMIT 1");
$result = $sth->execute();
}
if (isset($_GET["open"])) {
$sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET status = 0 \n\tWHERE (player_name) = LOWER('" . $id . "') AND added = '" . $t . "' LIMIT 1");
$result = $sth->execute();
}
if (isset($_GET["remove_ban"])) {
$date = date("Y-m-d H:i:s", time());
$sth = $db->prepare("DELETE FROM " . OSDB_BANS . " WHERE LOWER(name) = LOWER('" . $id . "') ");
$result = $sth->execute();
$sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET status = 2 \n\tWHERE LOWER(player_name) = LOWER('" . $id . "') AND added = '" . $t . "' LIMIT 1");
$result = $sth->execute();
}
$result = $check->execute();
if ($check->rowCount() >= 1) {
$botID = safeEscape($_POST["botID"]);
$gamelist = $db->prepare("INSERT INTO " . OSDB_GAMELIST . " (botid) VALUES ('" . (int) $botID . "'); ");
$result = $gamelist->execute();
$update = $db->prepare("UPDATE " . OSDB_GAMELIST . " SET gamename = '', ownername = '', creatorname = '', map = '', slotstaken = 0, slotstotal = 0, usernames = '', totalgames = 0, totalplayers = 0; ");
$result = $update->execute();
}
}
//REMOVE BOT ID
if (isset($_GET["gamelist"]) and isset($_GET["remove_botid"]) and is_numeric($_GET["remove_botid"])) {
$check = $db->prepare("SHOW TABLES LIKE '" . OSDB_GAMELIST . "'");
//always check for gamelist table
$result = $check->execute();
if ($check->rowCount() >= 1) {
$botID = safeEscape($_GET["remove_botid"]);
$delete = $db->prepare("DELETE FROM `" . OSDB_GAMELIST . "` WHERE botid = '" . (int) $botID . "' ");
$result = $delete->execute();
}
}
//INSTALL
if (isset($_GET["gamelist"]) and isset($_GET["install"])) {
$check = $db->prepare("SHOW TABLES LIKE '" . OSDB_GAMELIST . "'");
//check again
$result = $check->execute();
if ($check->rowCount() <= 0) {
$gl = 1;
$gamelist = $db->prepare("CREATE TABLE " . OSDB_GAMELIST . " (id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, botid INT, gamename VARCHAR(128), ownername VARCHAR(32), creatorname VARCHAR(32), map VARCHAR(100), slotstaken INT, slotstotal INT, usernames VARCHAR(512), totalgames INT, totalplayers INT) ENGINE = MEMORY; ");
$result = $gamelist->execute();
if ($gl) {
write_value_of('$GameListPatch', "{$GameListPatch}", 1, "../config.php");
$result = $sth->execute();
OS_AddLog($_SESSION["username"], "[os_addpp] REMOVED PP, #" . (int) $_GET["del"] . " ");
}
if (isset($_GET["remove_all"]) and strlen($_GET["remove_all"]) >= 2) {
$player = strip_tags($_GET["remove_all"]);
$sth = $db->prepare("DELETE FROM " . OSDB_GO . " WHERE player_name='" . $_GET["remove_all"] . "'");
$result = $sth->execute();
OS_AddLog($_SESSION["username"], "[os_addpp] REMOVED ALL PP ({$player}) ");
}
if (isset($_GET["search"])) {
$search = safeEscape(trim($_GET["search"]));
$sql .= " AND player_name LIKE ('" . $search . "%') ";
}
if (isset($_POST["add_pp"])) {
$player_name = trim(strip_tags($_POST["player_name"]));
$reason = trim(strip_tags(safeEscape($_POST["reason"])));
$expiredate = trim($_POST["expires"]);
$admin = trim(strip_tags($_POST["admin"]));
$pp = trim((int) $_POST["pp"]);
$date = date("Y-m-d H:i:00", time());
if (strlen($player_name) <= 2) {
$errors .= "<div>Player name does not have enough characters</div>";
}
if ($pp <= 0) {
$errors .= "<div>Penalty points can not be less than 1</div>";
}
if (empty($errors)) {
if (!isset($_GET["edit"])) {
$sqlqr = "INSERT INTO " . OSDB_GO . "(player_name, reason, offence_time, offence_expire, pp, admin) \n\t VALUES('" . $player_name . "', '" . $reason . "', '" . $date . "', '" . $expiredate . "', '" . $pp . "', '" . $admin . "' )";
OS_AddLog($_SESSION["username"], "[os_addpp] Added PP {$player_name} + {$pp}");
} else {
function OS_ComparePlayers($type = 0, $playerID = 0)
{
global $ComparePlayers;
global $ComparePlayersData;
global $lang;
global $MaxPlayersToCompare;
if ($ComparePlayers == 1) {
if ($type == 'link') {
if (isset($_GET["compare"])) {
?>
<div class="clr"></div>
<div class="ct-wrapper">
<div class="outer-wrapper">
<div class="content section">
<div class="widget Blog">
<div class="blog-posts hfeed">
<div class="comparePlayersList">
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?top"><?php
echo $lang["compare_back"];
?>
</a>
<a class="menuButtons" href="javascript:;" onclick="showhide('compare_list')" ><?php
echo $lang["compare_list"];
?>
<?php
if (isset($ComparePlayersData) and !empty($ComparePlayersData)) {
?>
<?php
echo count($ComparePlayersData);
?>
/<?php
echo $MaxPlayersToCompare;
}
?>
</a>
<div id="compare_list">
<?php
if (isset($ComparePlayersData) and !empty($ComparePlayersData)) {
?>
<table><?php
$counter = 0;
foreach ($ComparePlayersData as $Player) {
$counter++;
?>
<tr>
<td width="24"><?php
echo $counter;
?>
</td>
<td width="175"><div><a href="<?php
echo OS_HOME;
?>
?u=<?php
echo $Player["id"];
?>
"><?php
echo $Player["player"];
?>
</a></div></td>
<td><a href="javascript:;" onclick="if( confirm('<?php
echo $lang["compare_remove_player"];
?>
') ) { location.href='<?php
echo OS_HOME;
?>
?top&compare&remove=<?php
echo $Player["id"];
?>
' }">×</a></td>
</tr>
<?php
}
?>
</table>
<?php
if ($counter > 1) {
?>
<div>
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?compare_players"><?php
echo $lang["compare_players"];
?>
</a>
<a class="menuButtons" href="<?php
echo OS_HOME;
?>
?top&compare&clear_list"><?php
echo $lang["compare_clear"];
?>
</a>
</div>
<?php
}
?>
<?php
} else {
echo $lang["compare_list_empty"];
}
?>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<?php
} else {
?>
<?php
if (isset($_GET["sort"])) {
$sort = "&sort=" . safeEscape($_GET["sort"]);
} else {
$sort = "";
}
?>
<span class="comparePlayersList"><a class="menuButtons compareButton" href="<?php
echo OS_HOME;
?>
?top&compare<?php
echo $sort;
?>
"><?php
echo $lang["compare_compare"];
?>
</a></span>
<?php
}
?>
<?php
}
if ($type == 'form_start') {
if (isset($_GET["compare"])) {
?>
<form action="" method="post"><?php
}
}
if ($type == 'checkbox') {
if (isset($_GET["compare"])) {
?>
<input type="checkbox" name="compare[]" value="<?php
echo $playerID;
?>
" /><?php
}
}
if ($type == 'submit') {
if (isset($_GET["compare"])) {
?>
<input type="submit" value="<?php
echo $lang["compare_add"];
?>
" name="compare_list_add" class="menuButtons" />
<input type="submit" value="<?php
echo $lang["compare_clear"];
?>
" name="clear_compare_list" class="menuButtons" />
<?php
if (isset($_SESSION["compare_list"]) and !empty($_SESSION["compare_list"])) {
?>
<input type="submit" value="<?php
echo $lang["compare_players"];
?>
" name="compare_players" class="menuButtons" />
<?php
}
?>
</form><?php
}
}
}
}
?>
<h2>Hero successfully deleted</h2>
<?php
CreateHeroList("../inc/cache/");
OS_AddLog($_SESSION["username"], "[os_heroes] DELETED HERO ( " . safeEscape($_GET["del"]) . " )");
}
}
if (isset($_GET["hid"]) and isset($_GET["type"])) {
$hid = safeEscape($_GET["hid"]);
$type = (int) $_GET["type"];
$update = $db->update(OSDB_HEROES, array("type" => $type), "heroid = '" . $hid . "' ");
CreateHeroList("../inc/cache/");
}
if (isset($_GET["edit"]) or isset($_GET["add"])) {
if (isset($_GET["edit"])) {
$edit = safeEscape($_GET["edit"]);
}
if (isset($_GET["add"])) {
$HeroName = "";
$heroid = "";
$desc = "";
$stats = "";
$skills = "";
$type = 0;
}
if (isset($_POST["edit_hero"])) {
$HeroName = EscapeStr($_POST["hero_name"]);
$heroid = EscapeStr($_POST["heroid"]);
$desc = my_nl2br(trim($_POST["desc"]));
$desc = str_replace(array("Š", "š"), array("Š", "š"), $desc);
$type = (int) $_POST["type"];
}
if ($c >= 1) {
$sql = substr($sql, 0, -3);
//echo $sql;
$delete = $db->query($sql);
if ($delete) {
?>
Deleted <?php
echo $c;
?>
ban(s)<?php
}
}
}
if (isset($_GET["search_bans"]) and strlen($_GET["search_bans"]) >= 2) {
$search_bans = safeEscape($_GET["search_bans"]);
$sql = " AND LOWER(name) LIKE LOWER('%" . $search_bans . "%') ";
} else {
$sql = "";
$search_bans = "";
}
if (!empty($_GET["check_ip_range"])) {
$check_ip_range = strip_tags(trim($_GET["check_ip_range"]));
$sql = " AND ip = ':" . $check_ip_range . "' ";
}
if (!isset($_GET["duplicate"])) {
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_BANS . " WHERE id>=1 {$sql}");
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
} else {
$currentpage = (int) $_GET['page'];
} else {
$currentpage = 1;
}
if ($currentpage > $totalpages) {
$currentpage = $totalpages;
}
if ($currentpage < 1) {
$currentpage = 1;
}
if ($totalpages <= 1) {
$totalpages = 1;
}
$offset = ($currentpage - 1) * $rowsperpage;
if (isset($_GET['page']) and is_numeric($_GET['page'])) {
$current_page = safeEscape($_GET['page']);
}
if (!isset($current_page)) {
$current_page = 1;
}
if (!isset($MaxPaginationLinks)) {
$range = 5;
} else {
$range = $MaxPaginationLinks;
}
if ($range >= $totalpages) {
$range = $totalpages;
}
if ($current_page > $totalpages) {
$current_page = $totalpages;
}
}
header("location: " . OS_HOME . "?top&compare" . $page);
die;
//COMPARING PLAYERS
}
//if ( isset($_SESSION["compare_list"])) echo( $_SESSION["compare_list"]);
if ((isset($_GET["compare"]) or isset($_GET["compare_players"])) and isset($_SESSION["compare_list"]) and !empty($_SESSION["compare_list"])) {
$CompareIDArray = explode(",", $_SESSION["compare_list"]);
$sqlCompare = "SELECT * FROM " . OSDB_STATS . " WHERE id>=1 AND (";
foreach ($CompareIDArray as $PlayerID) {
if (!empty($PlayerID) and is_numeric($PlayerID)) {
$sqlCompare .= "id = " . (int) $PlayerID . " OR ";
}
}
$IDs = substr($_SESSION["compare_list"], 0, strlen($_SESSION["compare_list"]) - 1) . " ";
$ORD = "ORDER BY FIELD(id," . safeEscape($IDs) . ")";
$sqlCompare = substr($sqlCompare, 0, strlen($sqlCompare) - 3) . ") " . $ORD . "";
$sth = $db->prepare($sqlCompare);
$resultCompare = $sth->execute();
$c = 0;
$ComparePlayersData = array();
$temp_ck = 0;
//creeps
$temp_games = 0;
//games
$temp_wins = 0;
//wins %
$temp_stay = 0;
//stay ratio
$temp_apg = 0;
//assists per game
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " \n\t\t WHERE user_email = :SMF_email AND smf_id = :SMF_id ");
$sth->bindValue(':SMF_email', $SMF_email, PDO::PARAM_STR);
$sth->bindValue(':SMF_id', $SMF_id, PDO::PARAM_STR);
$result = $sth->execute();
if ($sth->rowCount() <= 0) {
//CREATE NEW USER (from phpbb database)
$sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE LOWER(user_name) = :SMF_username ");
$sth->bindValue(':SMF_username', strtolower($SMF_username), PDO::PARAM_STR);
$result = $sth->execute();
if ($sth->rowCount() >= 1) {
$SMF_username = $SMF_username . "_" . $SMF_id;
$pass = generate_hash(5);
$hash = generate_hash(12);
$password_db = generate_password($pass, $hash);
$db->insert(OSDB_USERS, array("user_name" => $SMF_username, "user_email" => $SMF_email, "user_password" => $password_db, "password_hash" => $hash, "user_joined" => (int) time(), "user_level" => 0, "user_last_login" => (int) time(), "user_ip" => $_SERVER["REMOTE_ADDR"], "user_avatar" => $SMF_avatar, "smf_id" => $SMF_id, "user_website" => $SMF_website));
$insert = $db->query("INSERT INTO " . OSDB_USERS . "(user_name, user_email, user_password, password_hash, user_joined, user_level, user_last_login, user_ip, user_avatar, smf_id, user_website )\n\t VALUES('" . $SMF_username . "', '" . $SMF_email . "', '" . $password_db . "', '" . $hash . "', '" . (int) time() . "', '0', '" . (int) time() . "', '" . safeEscape($_SERVER["REMOTE_ADDR"]) . "', '" . $SMF_avatar . "', '" . $SMF_id . "', '" . $SMF_website . "' )");
$id = $db->lastInsertId();
$_SESSION["user_id"] = $id;
$_SESSION["username"] = $SMF_username;
$_SESSION["email"] = $SMF_email;
$_SESSION["level"] = 0;
$_SESSION["can_comment"] = 1;
$_SESSION["logged"] = time();
$_SESSION["smf"] = $SMF_id;
//$_SESSION["logout"] = $smf_forum_url."?action=logout;".$SMF_session_var."=".$SMF_sid;
$logout = $scripturl . '?action=logout;' . $SMF_session_var . '=' . $SMF_sid;
//Maybe SMF bug. Session verification not working...set forum link instead logout link.
$logout = $smf_forum_url;
$_SESSION["logout"] = $logout;
}
} else {
//Plugin: Smilies in comments
//Author: Ivan
//This plugin adds smiles in user comments.
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$PluginEnabled = '1';
//Enable edit plugin options
$PluginOptions = '1';
$SmiliesPath = 'img/smilies/';
$ThisPlugin = basename(__FILE__, '');
if ($PluginEnabled == 1) {
//Change options
if (isset($_POST["SmiliesPath"])) {
$PATH = safeEscape($_POST["SmiliesPath"]);
write_value_of('$SmiliesPath', "{$SmiliesPath}", $PATH, $plugins_dir . basename(__FILE__, ''));
$SmiliesPath = $PATH;
}
//If user can edit plugin
if (OS_is_admin() and OS_PluginEdit($ThisPlugin)) {
//Show following options when user click on edit icon for this plugin
//Display all smilies
$Option = '
<form action="" method="post" >
<input size="30" type="text" value="' . $SmiliesPath . '" name="SmiliesPath" />
<input type="submit" value = "Change smilies path" class="menuButtons" />
<a href="' . $website . 'adm/?plugins" class="menuButtons">Cancel</a>
</form>
<div><a href="javascript:;" onclick="showhide(\'smilies\')">Show all</a></div>';
}
}
//REGISTER
if (isset($_GET["login"]) and !is_logged() and isset($_POST["register_"])) {
if ($UserActivation == 2) {
require_once OS_PLUGINS_DIR . 'index.php';
os_init();
header('location: ' . OS_HOME . '');
die;
}
$username = OS_StrToUTF8($_POST["reg_un"]);
$username = EscapeStr(trim($username));
$email = safeEscape(trim($_POST["reg_email"]));
$email = strtolower($email);
$password = safeEscape($_POST["reg_pw"]);
$password2 = safeEscape($_POST["reg_pw2"]);
$registration_errors = "";
$AllowedCharacters = '0123456789QWERTZUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklyxcvbnmљњертзуиопшђасдфгхјклчћжѕџцвбнмšđč枊ĐČĆŽЉЊЕРТЗУИОПШЂАСДФГХЈКЛЧЋЖЅЏЦВБНМ_-';
if (!preg_match('/^[' . $AllowedCharacters . ']+$/', $username)) {
$registration_errors .= "<div>" . $lang["error_username"] . "</div>";
}
//die($registration_errors." - ".$username);
if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) {
$registration_errors .= "<div>" . $lang["error_email"] . "</div>";
}
if (strlen($username) <= 2) {
$registration_errors .= "<div>" . $lang["error_short_un"] . "</div>";
}
if (strlen($password) <= 2) {
$registration_errors .= "<div>" . $lang["error_short_pw"] . "</div>";
}