Example #1
0
function OS_UpdateScoresTable($name = "")
{
    $db = new db("mysql:host=" . OSDB_SERVER . ";dbname=" . OSDB_DATABASE . "", OSDB_USERNAME, OSDB_PASSWORD);
    $name = safeEscape(trim($name));
    if (!empty($name)) {
        $sth = $db->prepare("SELECT * FROM scores WHERE (name) = ('" . $name . "')");
        $result = $sth->execute();
        if ($limit = $sth->rowCount() <= 0) {
            $sth = $db->prepare("INSERT INTO scores(category, name)VALUES('dota_elo','" . $name . "')");
            $result = $sth->execute();
        }
        //Get updated result
        $resultScore = $db->prepare("SELECT player,score FROM " . OSDB_STATS . " WHERE (player) = ('" . $name . "')");
        $result = $resultScore->execute();
        $rScore = $resultScore->fetch(PDO::FETCH_ASSOC);
        //update "scores" table
        $UpdateScoreTable = $db->prepare("UPDATE `scores` SET `score` = '" . $rScore["score"] . "' \n\tWHERE (name) = ('" . $rScore["player"] . "') ");
        $result = $UpdateScoreTable->execute();
    }
}
Example #2
0
 function OS_CheckCaptcha()
 {
     if (isset($_POST["post_comment"])) {
         if (isset($_GET["post_id"]) and is_numeric($_GET["post_id"])) {
             $backTo = OS_HOME . '?post_id=' . safeEscape($_GET["post_id"]) . "&amp;" . generate_hash(12) . "#SubmitComment";
         } else {
             $backTo = '';
         }
         $CaptchaError = '<h2>Invalid captcha</h2><div><a href="' . $backTo . '">&laquo; Back</a></div>';
         if (!isset($_POST["c_code"]) or !isset($_SESSION["c_code"])) {
             os_trigger_error($CaptchaError);
         }
         if ($_POST["c_code"] != $_SESSION["c_code"]) {
             os_trigger_error($CaptchaError . " ");
         } else {
             $code = generate_hash(5);
             $code = str_replace(array("o", "0"), array("x", "x"), $code);
             $_SESSION["c_code"] = $code;
         }
     }
 }
Example #3
0
            $errors .= "<div>" . $lang["error_no_player"] . "</div>";
        }
        if (empty($errors)) {
            $row = $sth->fetch(PDO::FETCH_ASSOC);
            $PID = $row["id"];
            $db->insert(OSDB_APPEALS, array("player_id" => (int) $PID, "player_name" => $player, "user_id" => (int) $_SESSION["user_id"], "reason" => $reason, "game_url" => $game_url, "replay_url" => $replay_url, "added" => (int) time(), "status" => 0, "user_ip" => $_SERVER["REMOTE_ADDR"]));
            $_SESSION["last_report"] = time();
            require_once 'plugins/index.php';
            os_init();
            header('location: ' . OS_HOME . '?ban_appeal&success');
            die;
        }
    }
}
if (isset($_SESSION["bnet_username"])) {
    $BanAppeal = safeEscape(trim($_SESSION["bnet_username"]));
    if (empty($BanAppeal)) {
        $BanAppeal = ",./,./";
    }
    $sth = $db->prepare("SELECT * FROM " . OSDB_BANS . " WHERE name=:player LIMIT 1");
    $sth->bindValue(':player', $BanAppeal, PDO::PARAM_STR);
    $result = $sth->execute();
    if ($sth->rowCount() >= 1) {
        $row = $sth->fetch(PDO::FETCH_ASSOC);
        $BanAppealName = $row["name"];
        $BanAppealDate = $row["date"];
        $BanAppealGamename = $row["gamename"];
        $BanAppealAdmin = $row["admin"];
        $BanAppealReason = $row["reason"];
        $BanAppealServer = $row["server"];
    }
Example #4
0
 function OS_CheckFacebookLogin()
 {
     if (isset($_POST["fb_name"]) and isset($_POST["fb_email"]) and isset($_POST["fb_id"])) {
         global $db;
         $errors = '';
         $FBID = trim($_POST["fb_id"]);
         $gender = safeEscape(trim($_POST["fb_gender"]));
         $name = strip_tags(trim($_POST["fb_name"]));
         $email = safeEscape(trim($_POST["fb_email"]));
         $IP = safeEscape($_SERVER["REMOTE_ADDR"]);
         $avatar = 'https://graph.facebook.com/' . $FBID . '/picture/?type=large';
         $www = 'http://www.facebook.com/profile.php?id=' . $FBID . '';
         $pass = generate_hash(5);
         $hash = generate_hash(12);
         $password_db = generate_password($pass, $hash);
         if (empty($FBID) or strlen($FBID) <= 6) {
             $errors = '1';
         }
         if (strlen($name) <= 3) {
             $errors = '2';
         }
         if (strlen($email) <= 6) {
             $errors = '3';
         }
         if (!empty($errors)) {
             header('location:' . OS_HOME . '?action=facebook&error=' . $errors);
             die;
         }
         if ($gender == "male") {
             $gen = 1;
         } else {
             if ($gender == "female") {
                 $gen = 2;
             } else {
                 $gen = 0;
             }
         }
         $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_fbid =:FBID AND user_email =:email");
         $sth->bindValue(':FBID', $FBID, PDO::PARAM_STR);
         $sth->bindValue(':email', $email, PDO::PARAM_STR);
         $result = $sth->execute();
         //echo $FBID ;
         //echo $db->num_rows($result);
         //NEW USER
         if ($sth->rowCount() <= 0) {
             //Check if username already exists
             $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE LOWER(user_name) =:name ");
             $sth->bindValue(':name', strtolower($name), PDO::PARAM_STR);
             if ($sth->rowCount() >= 1) {
                 $name .= " " . rand(100, 1000);
             }
             $db->insert(OSDB_USERS, array("user_name" => $name, "user_fbid" => $FBID, "user_password" => $password_db, "password_hash" => $hash, "user_email" => $email, "user_joined" => (int) time(), "user_level" => 0, "user_last_login" => (int) time(), "user_ip" => $IP, "user_avatar" => $avatar, "user_website" => $www, "user_gender" => $gen));
             $id = $db->lastInsertId();
             $_SESSION["user_id"] = $id;
             $_SESSION["username"] = $name;
             $_SESSION["email"] = $email;
             $_SESSION["level"] = 0;
             $_SESSION["can_comment"] = 1;
             $_SESSION["logged"] = time();
             $_SESSION["fb"] = $FBID;
             $_SESSION["bnet"] = "";
             $_SESSION["bnet_username"] = "";
             header("location: " . OS_HOME . "");
             die;
         } else {
             //UPDATE USER DATA
             if ($gen >= 1) {
                 $sql_update = ", user_gender = '" . (int) $gen . "'";
             } else {
                 $sql_update = "";
             }
             $update = $db->prepare("UPDATE " . OSDB_USERS . " SET user_last_login = '******',user_avatar = '" . strip_tags($avatar) . "', user_website = '" . strip_tags($www) . "' {$sql_update} \n\t\tWHERE user_email = '" . $email . "' AND user_fbid = '" . $FBID . "' LIMIT 1");
             $result = $update->execute();
             $row = $sth->fetch(PDO::FETCH_ASSOC);
             $id = $row["user_id"];
             $_SESSION["user_id"] = $id;
             $_SESSION["username"] = $row["user_name"];
             $_SESSION["email"] = $row["user_email"];
             $_SESSION["level"] = $row["user_level"];
             $_SESSION["can_comment"] = $row["can_comment"];
             $_SESSION["logged"] = time();
             $_SESSION["fb"] = $FBID;
             $_SESSION["bnet"] = $row["user_bnet"];
             $_SESSION["bnet_username"] = $row["bnet_username"];
             header("location: " . OS_HOME . "");
             die;
         }
     }
 }
Example #5
0
<?php

if (!isset($website)) {
    header('HTTP/1.1 404 Not Found');
    die;
}
if (!empty($_GET["common_games"]) and isset($_SESSION["bnet_username"])) {
    $HomeTitle = "Common Games";
    $HomeDesc = os_strip_quotes($lang["game_archive"]);
    $HomeKeywords = strtolower(os_strip_quotes($lang["game_archive"])) . ',' . $HomeKeywords;
    $MenuClass["games"] = "active";
    $User1 = strip_tags(trim($_SESSION["bnet_username"]));
    $User2 = safeEscape(trim($_GET["common_games"]));
    $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_GAMES . " as g\n\tLEFT JOIN " . OSDB_GP . " as gp ON gp.gameid = g.id AND gp.name=:user1 \n\tLEFT JOIN " . OSDB_GP . " as gp2 ON gp2.gameid = gp.gameid AND gp2.name=:user2\n\tWHERE gp.name =:user1  AND gp2.name =:user2\n\tLIMIT 1");
    $sth->bindValue(':user1', $User1, PDO::PARAM_STR);
    $sth->bindValue(':user2', $User2, PDO::PARAM_STR);
    $result = $sth->execute();
    $r = $sth->fetch(PDO::FETCH_NUM);
    $numrows = $r[0];
    $result_per_page = $GamesPerPage;
    $draw_pagination = 0;
    include 'inc/pagination.php';
    $draw_pagination = 1;
    $sth = $db->prepare("SELECT g.gamename, g.id, g.map, g.datetime, g.duration, g.gamestate, dg.winner\n\tFROM " . OSDB_GAMES . " as g\n\tLEFT JOIN " . OSDB_GP . " as gp ON gp.gameid = g.id AND gp.name=:user1 \n\tLEFT JOIN " . OSDB_GP . " as gp2 ON gp2.gameid = gp.gameid AND gp2.name=:user2\n\tLEFT JOIN " . OSDB_DG . " as dg ON dg.gameid = g.id\n\tWHERE gp.name =:user1  AND gp2.name =:user2\n\tORDER BY g.id DESC\n\tLIMIT {$offset}, {$rowsperpage}");
    $sth->bindValue(':user1', $User1, PDO::PARAM_STR);
    $sth->bindValue(':user2', $User2, PDO::PARAM_STR);
    $result = $sth->execute();
    $CommonGames = array();
    $c = 0;
    while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
        $CommonGames[$c]["gamename"] = $row["gamename"];
<?php

if (!isset($website)) {
    header('HTTP/1.1 404 Not Found');
    die;
}
$userID = safeEscape((int) $_GET["member"]);
$MenuClass["members"] = "active";
$sth = $db->prepare("SELECT u.*, COUNT(c.user_id) as total_comments \r\n\tFROM " . OSDB_USERS . " as u \r\n\tLEFT JOIN " . OSDB_COMMENTS . " as c ON c.user_id = u.user_id\r\n\tWHERE u.user_id = :userID LIMIT 1");
$sth->bindValue(':userID', $userID, PDO::PARAM_INT);
$result = $sth->execute();
$c = 0;
$MemberData = array();
if (file_exists("inc/geoip/geoip.inc")) {
    include "inc/geoip/geoip.inc";
    $GeoIPDatabase = geoip_open("inc/geoip/GeoIP.dat", GEOIP_STANDARD);
    $GeoIP = 1;
}
if ($sth->rowCount() >= 1) {
    while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
        //USER REGISTERED/CONFIRMED BNET ACCOUNT
        if ($row["user_bnet"] >= 1) {
            $sth2 = $db->prepare("SELECT * FROM " . OSDB_STATS . " \r\n\t WHERE player = '" . $row["user_name"] . "' \r\n\t ORDER BY id DESC \r\n\t LIMIT 1 ");
            $result = $sth2->execute();
            $row2 = $sth2->fetch(PDO::FETCH_ASSOC);
            $MemberData[$c]["points"] = number_format($row2["points"]);
            $MemberData[$c]["games"] = $row2["games"];
            $MemberData[$c]["score"] = $row2["score"];
            $MemberData[$c]["wins"] = $row2["wins"];
            $MemberData[$c]["losses"] = $row2["losses"];
            $MemberData[$c]["uid"] = $row2["id"];
Example #7
0
     }
     $draw_pagination = 0;
     include 'inc/pagination.php';
     $draw_pagination = 1;
     $sqlFilter .= "ORDER BY g.datetime DESC";
     $sql = getUserGames($id, $MinDuration, $offset, $rowsperpage, $sqlFilter);
 } else {
     //FILTER
     $filter = "";
     unset($sth);
     if (isset($_GET["m"]) and is_numeric($_GET["m"]) and $_GET["m"] <= 12 and $_GET["m"] >= 1) {
         $m = safeEscape((int) $_GET["m"]);
         $filter .= "AND MONTH(g.datetime) = '" . (int) $m . "'";
     }
     if (isset($_GET["y"]) and is_numeric($_GET["y"]) and $_GET["y"] <= date("Y") and $_GET["y"] >= 1998) {
         $y = safeEscape((int) $_GET["y"]);
         $filter .= "AND YEAR(g.datetime) = '" . (int) $y . "'";
     }
     if (isset($_GET["game_type"]) and is_numeric($_GET["game_type"])) {
         $filter .= " AND g.alias_id = '" . (int) $_GET["game_type"] . "' ";
     }
     $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_GAMES . " as g\n  WHERE (g.map) LIKE ('%" . OS_DEFAULT_MAP . "%') AND g.duration>='" . $MinDuration . "' " . $filter . " LIMIT 1");
     $result = $sth->execute();
     $r = $sth->fetch(PDO::FETCH_NUM);
     $numrows = $r[0];
     $result_per_page = $GamesPerPage;
     $draw_pagination = 0;
     include 'inc/pagination.php';
     $draw_pagination = 1;
     $sql = getAllGames($MinDuration, $offset, $rowsperpage, $filter, "datetime DESC");
 }
Example #8
0
 $PluginDesc = "";
 if ($PluginFile != "." and $PluginFile != "index.php" and $PluginFile != ".." and strstr($PluginFile, ".php") == true) {
     //enable/disable
     if (isset($_GET["disable"]) and file_exists($plugins_dir . safeEscape($_GET["disable"])) and $PluginFile == $_GET["disable"] and OS_IsRoot()) {
         $PluginEnabled = 1;
         write_value_of('$PluginEnabled', "{$PluginEnabled}", 0, $plugins_dir . safeEscape($_GET["disable"]));
         echo $PluginFile . ' - disabled <a href="' . OS_HOME . 'adm/?plugins">&laquo; Back</a>';
     } else {
         if (isset($_GET["enable"]) and file_exists($plugins_dir . safeEscape($_GET["enable"])) and $PluginFile == $_GET["enable"] and OS_IsRoot()) {
             $PluginEnabled = 0;
             write_value_of('$PluginEnabled', "{$PluginEnabled}", 1, $plugins_dir . safeEscape($_GET["enable"]));
             echo $PluginFile . ' - enabled <a href="' . OS_HOME . 'adm/?plugins">&laquo; Back</a>';
         } else {
             if (isset($_GET["delete"]) and file_exists($plugins_dir . safeEscape($_GET["delete"])) and OS_IsRoot()) {
                 $PluginEnabled = 0;
                 unlink($plugins_dir . safeEscape($_GET["delete"]));
             }
         }
     }
     if (file_exists($plugins_dir . $PluginFile)) {
         $PluginName = trim(str_replace("//Plugin:", "", OS_ReadLine($plugins_dir . $PluginFile, 2)));
         $PluginAuthor = trim(str_replace("//Author:", "", OS_ReadLine($plugins_dir . $PluginFile, 3)));
         $PluginDesc = trim(str_replace("//", "", OS_ReadLine($plugins_dir . $PluginFile, 4)));
         if (!empty($PluginName) and !empty($PluginAuthor)) {
             include $plugins_dir . $PluginFile;
             if (isset($PluginOptions) and $PluginOptions == 1 and $PluginEnabled == 1) {
                 $PluginEdit = '<a href="' . OS_HOME . 'adm/?plugins&amp;edit=' . $PluginFile . '#' . $PluginFile . '"><img src="' . OS_HOME . 'adm/edit.png" alt="edit" width="16" height="16" /> Edit</a>';
                 if (isset($_GET["edit"]) and $_GET["edit"] == $PluginFile) {
                     $PluginEdit = '<a href="' . OS_HOME . 'adm/?plugins#' . $PluginFile . '"><img src="' . OS_HOME . 'adm/edit.png" alt="edit" width="16" height="16" /> &laquo; Edit</a>';
                 }
             } else {
Example #9
0
    echo os_commentForm();
    ?>
	  </td>
	</tr>
	<tr>
	  <td class="padLeft padTop padBottom">
	    <input <?php 
    if (!os_canComment()) {
        ?>
disabled<?php 
    }
    ?>
 class="menuButtons" type="submit" value="<?php 
    echo $lang["add_comment_button"];
    ?>
" name="add_comment" />
	  </td>
	</tr>
	</table>
	
	<input type="hidden" value="<?php 
    echo (int) safeEscape($_GET["post_id"]);
    ?>
" name="pid" />
	<input type="hidden" value="<?php 
    echo $code;
    ?>
" name="code" />
</form>
<?php 
}
Example #10
0
		<a href="javascript:;" class="menuButtons" onclick="SetDateField('tban', 'sl')" >Tban</a>
		<a href="javascript:;" class="menuButtons" onclick="SetDateField('ban', 'sl')" >Ban</a>
		<a href="javascript:;" class="menuButtons" onclick="SetDateField('kick', 'sl')" >Kick</a>
		<a href="javascript:;" class="menuButtons" onclick="SetDateField('rcon', 'sl')" >Rcon</a>
	</form>
  <?php 
$sql = "";
if (isset($_GET["search_logs"]) and strlen($_GET["search_logs"]) >= 2) {
    $search_logs = safeEscape($_GET["search_logs"]);
    $sql .= " AND LOWER(log_data) LIKE LOWER('%" . $search_logs . "%') ";
} else {
    //$sql = "";
    $search_logs = "";
}
if (isset($_GET["log_admin"]) and strlen($_GET["log_admin"]) >= 2) {
    $search_admin = safeEscape(trim($_GET["log_admin"]));
    $sql .= " AND log_admin = '" . $search_admin . "' ";
}
$sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_ADMIN_LOG . " WHERE id>=1 {$sql} LIMIT 1");
$result = $sth->execute();
$r = $sth->fetch(PDO::FETCH_NUM);
$numrows = $r[0];
$result_per_page = 30;
?>
<div align="center">
<h4>
<a class="menuButtons" href="javascript:;" onclick="if (confirm('Delete all logs?') ) {location.href='<?php 
echo OS_HOME;
?>
adm/?admin_logs&amp;purge_admin_logs'} " >Purge logs (<?php 
echo $numrows;
Example #11
0
 <?php 
     if (file_exists("../inc/geoip/geoip.inc")) {
         if (!isset($_GET["city"])) {
             include "../inc/geoip/geoip.inc";
         }
         $GeoIPDatabase = geoip_open("../inc/geoip/GeoIP.dat", GEOIP_STANDARD);
         $GeoIP = 1;
     }
     $p = '';
     if (isset($_GET["page"]) and is_numeric($_GET["page"])) {
         $p = '&amp;page=' . safeEscape($_GET["page"]);
     } else {
         $p = '';
     }
     if (isset($_GET["sort"])) {
         $p .= '&amp;sort=' . safeEscape($_GET["sort"]);
     }
     //LOOP
     while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
         if ($GeoIP == 1) {
             $Letter = geoip_country_code_by_addr($GeoIPDatabase, $row["ip"]);
             $Country = geoip_country_name_by_addr($GeoIPDatabase, $row["ip"]);
         }
         if ($GeoIP == 1 and empty($Letter)) {
             $Letter = "blank";
             $Country = "Reserved";
         }
         $exp = calculateXP($row["exp"]);
         if ($exp["level"] <= 0) {
             $exp["level"] = 1;
         }
Example #12
0
    $result = $sth->execute();
    $numrows = $sth->rowCount();
    $result_per_page = 30;
    $draw_pagination = 1;
    $sql = "WHERE item_info!='' GROUP BY (shortname)";
}
$SHOW_TOTALS = 1;
include 'pagination.php';
$sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " {$sql} \n  ORDER BY (shortname) ASC \n  LIMIT {$offset}, {$rowsperpage}");
$result = $sth->execute();
$add = "";
if (isset($_GET["show_all"])) {
    $add .= "&amp;show_all";
}
if (isset($_GET["page"])) {
    $add .= "&amp;page=" . safeEscape((int) $_GET["page"]);
}
?>
  <table>
    <tr>
	  <th width="74" class="padLeft">Item</th>
	  <th width="220">Item name</th>
	  <th>Description</th>
	</tr>
<?php 
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
    if (isset($_GET["edit"]) and $_GET["edit"] == $row["itemid"]) {
        $border = 'style="border:6px solid #FCC200;"';
    } else {
        $border = "";
    }
Example #13
0
<?php

if (!isset($website)) {
    header('HTTP/1.1 404 Not Found');
    die;
}
$HomeTitle = $lang["heroes"];
$HomeDesc = $lang["heroes"];
$HomeKeywords = strtolower(os_strip_quotes($lang["heroes"])) . ',' . $HomeKeywords;
$MenuClass["misc"] = "active";
if (isset($_GET["search_heroes"]) and strlen($_GET["search_heroes"]) >= 2) {
    $search_heroes = safeEscape(trim($_GET["search_heroes"]));
    $sql = "AND (description) LIKE ? ";
} else {
    $sql = "";
}
$HeroesData = array();
$HeroesData[0] = "Heroes";
/*
     $sth = $db->prepare("SELECT COUNT(*) FROM ".OSDB_HEROES." WHERE summary!= '-' $sql LIMIT 1");
 if ( !empty($sql) ) $sth->bindValue(1, "%".strtolower($search_heroes)."%", PDO::PARAM_STR);
 
 $result = $sth->execute();
   	 $r = $sth->fetch(PDO::FETCH_NUM);
 $numrows = $r[0];
 $result_per_page = $HeroesPerPage;
 $result_per_page = $HeroesPerPage;
 $draw_pagination = 0;
 $total_comments  = $numrows;
 include('inc/pagination.php');
 $draw_pagination = 1;
Example #14
0
        ?>
?vote"><?php 
        echo $lang["vote_back"];
        ?>
</a></div>
	   
	   </div>
	   <?php 
    } else {
        if (isset($_POST["vote_hero"]) and isset($_SESSION["code"]) and isset($_POST["code"]) and $_POST["code"] == $_SESSION["code"]) {
            $code = generate_hash(14);
            $_SESSION["code"] = $code;
            if (isset($_POST["h1"])) {
                $h1 = safeEscape($_POST["h1"]);
                $h1check = safeEscape($_POST["hero_1"]);
                $h2check = safeEscape($_POST["hero_2"]);
                if ($h1check == $h1) {
                    $votedown = $h2check;
                }
                if ($h2check == $h1) {
                    $votedown = $h1check;
                }
                //echo "<b>$h1</b> ($h1check -- $h2check  )  <--> $votedown";
                $sth = $db->prepare("UPDATE heroes SET `voteup`   = `voteup`+1   WHERE `heroid` = :h1 ");
                $sth->bindValue(':h1', $h1, PDO::PARAM_STR);
                $result = $sth->execute();
                $sth = $db->prepare("UPDATE heroes SET `votedown` = `votedown`+1 WHERE `heroid` = '" . $votedown . "' ");
                $sth->bindValue(':votedown', $votedown, PDO::PARAM_STR);
                $result = $sth->execute();
                //GET VOTE RESULTS
                $sth = $db->prepare("SELECT * FROM heroes WHERE summary!= '-' AND `heroid` = :h1check LIMIT 1");
Example #15
0
function OS_MostPlayedHero($username)
{
    $sql = "SELECT SUM(`left`) AS timeplayed, original, description, \n\tCOUNT(*) AS played \n\tFROM " . OSDB_GP . " as gp \n\tLEFT JOIN " . OSDB_GAMES . " as g ON g.id=gp.gameid \n\tLEFT JOIN " . OSDB_DP . " as dp ON dp.gameid=g.id \n\tAND dp.colour=gp.colour  \n\tLEFT JOIN " . OSDB_DG . " as dg ON g.id=dg.gameid \n    JOIN " . OSDB_HEROES . " on hero = heroid \n\tWHERE (name)=('" . safeEscape($username) . "')\n\tGROUP BY original \n\tORDER BY played DESC LIMIT 1";
    return $sql;
}
Example #16
0
 if ($db->num_rows($result) <= 0) {
     $pass = generate_hash(5);
     $hash = generate_hash(12);
     $password_db = generate_password($pass, $hash);
     $avatar = 'https://graph.facebook.com/' . $user . '/picture?type=large';
     $www = 'http://www.facebook.com/profile.php?id=' . $user . '';
     if ($gender == "male") {
         $gen = 1;
     } else {
         if ($gender == "female") {
             $gen = 2;
         } else {
             $gen = 0;
         }
     }
     $insert = $db->query("INSERT INTO users(user_name, user_fbid, user_password, password_hash, user_email, user_joined, user_level, user_last_login, user_ip, user_avatar, user_website, user_gender) \n\t VALUES('" . safeEscape($name) . "', '" . $user . "', '" . $password_db . "', '" . $hash . "', '" . safeEscape($email) . "', '" . (int) time() . "', '0', '" . (int) time() . "', '" . safeEscape($_SERVER["REMOTE_ADDR"]) . "', '" . strip_tags($avatar) . "', '" . $www . "', '" . $gen . "')");
     $id = $db->get_insert_id();
     $_SESSION["user_id"] = $id;
     $_SESSION["username"] = $name;
     $_SESSION["email"] = $email;
     $_SESSION["level"] = 0;
     $_SESSION["can_comment"] = 1;
     $_SESSION["logged"] = time();
     $_SESSION["fb"] = $user;
     header("location: " . $website . "");
 } else {
     $avatar = 'https://graph.facebook.com/' . $user . '/picture';
     $www = 'http://www.facebook.com/profile.php?id=' . $user . '';
     if ($gender == "male") {
         $gen = 1;
     } else {
Example #17
0
<?php

if (!isset($website)) {
    header('HTTP/1.1 404 Not Found');
    die;
}
$HomeTitle = $lang["items"];
$HomeDesc = $lang["items"];
$HomeKeywords = strtolower(os_strip_quotes($lang["items"])) . ',' . $HomeKeywords;
$MenuClass["misc"] = "active";
if (isset($_GET["search_items"]) and strlen($_GET["search_items"]) >= 2) {
    $search_items = safeEscape($_GET["search_items"]);
    $sql = "AND (name) LIKE ? ";
} else {
    $sql = "";
}
if (isset($_GET["search_items"]) and strlen($_GET["search_items"]) >= 2) {
    $sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " as Items\n\tWHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' {$sql}\n\tGROUP BY (shortname) \n\tORDER BY (shortname) ASC");
    if (!empty($sql)) {
        $sth->bindValue(1, "%" . $search_items . "%", PDO::PARAM_STR);
    }
    $result = $sth->execute();
    $numrows = $sth->rowCount();
} else {
    $sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " WHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' GROUP BY (shortname)");
    $result = $sth->execute();
    $numrows = $sth->rowCount();
}
$result_per_page = $ItemsPerPage;
$draw_pagination = 0;
//$total_comments  = $numrows;
Example #18
0
                ?>
<br />
	 [BOT] (<?php 
                echo date(OS_DATE_FORMAT, time());
                ?>
) executed command #<?php 
                echo $InsertID;
                ?>
, botID: <?php 
                echo $botID;
                ?>
	 </div>
	 <?php 
            } else {
                if (isset($_POST["rcon"]) and os_is_logged() and $_SESSION["level"] >= 9 and isset($_POST["gameID"])) {
                    $rcon = safeEscape(trim($_POST["rcon"]));
                    $com = trim($_POST["com"]);
                    //$com = str_replace('&amp;', '&',$com);
                    //$com = convEnt($com);
                    //$com = str_replace('&amp;quot;', '"',$com);
                    //$com = OS_StrToUTF8($com);
                    $gameID = (int) $_POST["gameID"];
                    $botID = (int) $_POST["botID"];
                    if ($rcon == 1) {
                        $command = "!rcon saylobby " . $_SESSION["username"] . " {$gameID} {$com}";
                    }
                    if ($rcon == 2) {
                        $command = "!rcon saygame " . $_SESSION["username"] . " {$gameID} {$com}";
                    }
                    if ($rcon == 3) {
                        $command = "!rcon sayteam " . $_SESSION["username"] . " {$gameID} 1 {$com}";
    if (isset($_GET["clear_messages"])) {
        $sth = $db->prepare("TRUNCATE TABLE " . OSDB_COMMANDS . "");
        $result = $sth->execute();
        ?>
    <div align="center">
	<h2>All messages are deleted successfully.</h2>
	<a href="<?php 
        echo OS_HOME;
        ?>
adm/?remote">Refresh page</a> to continue.
	</div>
	<?php 
        OS_AddLog($_SESSION["username"], "[os_rcon] Removed all remote commands ");
    }
    if (isset($_POST["rc"]) and isset($_POST["botid"]) and is_numeric($_POST["botid"]) and isset($_POST["command"])) {
        $botid = safeEscape((int) $_POST["botid"]);
        $command = strip_tags(trim($_POST["command"]));
        $db->insert(OSDB_COMMANDS, array("botid" => $botid, "command" => $command));
        $InsertID = $db->lastInsertId();
        ?>
	<div align="center">
	<?php 
        if ($InsertID >= 1) {
            OS_AddLog($_SESSION["username"], "[os_rcon] Sent Remote command ( #{$InsertID} )");
            ?>
	  Message #<?php 
            echo $InsertID;
            ?>
 has been successfully sent.
	  <div style="font-size:11px;"><?php 
            echo $command;
Example #20
0
    }
}
if (file_exists("../inc/geoip/geoip.inc")) {
    include "../inc/geoip/geoip.inc";
    $GeoIPDatabase = geoip_open("../inc/geoip/GeoIP.dat", GEOIP_STANDARD);
    $GeoIP = 1;
}
if (isset($_GET["del"]) and isset($_GET["t"]) and is_numeric($_GET["t"])) {
    $del = safeEscape($_GET["del"]);
    $t = safeEscape($_GET["t"]);
    $sth = $db->prepare("DELETE FROM " . OSDB_APPEALS . " \n\t WHERE LOWER(player_name) = LOWER('" . $del . "') AND added = '" . $t . "' LIMIT 1");
    $result = $sth->execute();
}
if (isset($_GET["edit"]) and isset($_GET["t"]) and is_numeric($_GET["t"])) {
    $id = safeEscape($_GET["edit"]);
    $t = safeEscape($_GET["t"]);
    if (isset($_GET["close"])) {
        $sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET status = 1 \n\tWHERE (player_name) = LOWER('" . $id . "') AND added = '" . $t . "' LIMIT 1");
        $result = $sth->execute();
    }
    if (isset($_GET["open"])) {
        $sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET status = 0 \n\tWHERE (player_name) = LOWER('" . $id . "') AND added = '" . $t . "' LIMIT 1");
        $result = $sth->execute();
    }
    if (isset($_GET["remove_ban"])) {
        $date = date("Y-m-d H:i:s", time());
        $sth = $db->prepare("DELETE FROM " . OSDB_BANS . " WHERE LOWER(name) = LOWER('" . $id . "') ");
        $result = $sth->execute();
        $sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET status = 2 \n\tWHERE LOWER(player_name) = LOWER('" . $id . "') AND added = '" . $t . "' LIMIT 1");
        $result = $sth->execute();
    }
    $result = $check->execute();
    if ($check->rowCount() >= 1) {
        $botID = safeEscape($_POST["botID"]);
        $gamelist = $db->prepare("INSERT INTO " . OSDB_GAMELIST . " (botid) VALUES ('" . (int) $botID . "'); ");
        $result = $gamelist->execute();
        $update = $db->prepare("UPDATE " . OSDB_GAMELIST . " SET gamename = '', ownername = '', creatorname =  '', map = '', slotstaken = 0, slotstotal = 0, usernames = '', totalgames = 0, totalplayers = 0; ");
        $result = $update->execute();
    }
}
//REMOVE BOT ID
if (isset($_GET["gamelist"]) and isset($_GET["remove_botid"]) and is_numeric($_GET["remove_botid"])) {
    $check = $db->prepare("SHOW TABLES LIKE '" . OSDB_GAMELIST . "'");
    //always check for gamelist table
    $result = $check->execute();
    if ($check->rowCount() >= 1) {
        $botID = safeEscape($_GET["remove_botid"]);
        $delete = $db->prepare("DELETE FROM `" . OSDB_GAMELIST . "` WHERE botid = '" . (int) $botID . "' ");
        $result = $delete->execute();
    }
}
//INSTALL
if (isset($_GET["gamelist"]) and isset($_GET["install"])) {
    $check = $db->prepare("SHOW TABLES LIKE '" . OSDB_GAMELIST . "'");
    //check again
    $result = $check->execute();
    if ($check->rowCount() <= 0) {
        $gl = 1;
        $gamelist = $db->prepare("CREATE TABLE " . OSDB_GAMELIST . " (id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, botid INT, gamename VARCHAR(128), ownername VARCHAR(32), creatorname VARCHAR(32), map VARCHAR(100), slotstaken INT, slotstotal INT, usernames VARCHAR(512), totalgames INT, totalplayers INT) ENGINE = MEMORY; ");
        $result = $gamelist->execute();
        if ($gl) {
            write_value_of('$GameListPatch', "{$GameListPatch}", 1, "../config.php");
Example #22
0
    $result = $sth->execute();
    OS_AddLog($_SESSION["username"], "[os_addpp] REMOVED PP, #" . (int) $_GET["del"] . " ");
}
if (isset($_GET["remove_all"]) and strlen($_GET["remove_all"]) >= 2) {
    $player = strip_tags($_GET["remove_all"]);
    $sth = $db->prepare("DELETE FROM " . OSDB_GO . " WHERE player_name='" . $_GET["remove_all"] . "'");
    $result = $sth->execute();
    OS_AddLog($_SESSION["username"], "[os_addpp] REMOVED ALL PP ({$player}) ");
}
if (isset($_GET["search"])) {
    $search = safeEscape(trim($_GET["search"]));
    $sql .= " AND player_name LIKE ('" . $search . "%') ";
}
if (isset($_POST["add_pp"])) {
    $player_name = trim(strip_tags($_POST["player_name"]));
    $reason = trim(strip_tags(safeEscape($_POST["reason"])));
    $expiredate = trim($_POST["expires"]);
    $admin = trim(strip_tags($_POST["admin"]));
    $pp = trim((int) $_POST["pp"]);
    $date = date("Y-m-d H:i:00", time());
    if (strlen($player_name) <= 2) {
        $errors .= "<div>Player name does not have enough characters</div>";
    }
    if ($pp <= 0) {
        $errors .= "<div>Penalty points can not be less than 1</div>";
    }
    if (empty($errors)) {
        if (!isset($_GET["edit"])) {
            $sqlqr = "INSERT INTO " . OSDB_GO . "(player_name, reason, offence_time, offence_expire, pp, admin) \n\t     VALUES('" . $player_name . "', '" . $reason . "', '" . $date . "', '" . $expiredate . "', '" . $pp . "', '" . $admin . "' )";
            OS_AddLog($_SESSION["username"], "[os_addpp] Added PP {$player_name}  + {$pp}");
        } else {
Example #23
0
function OS_ComparePlayers($type = 0, $playerID = 0)
{
    global $ComparePlayers;
    global $ComparePlayersData;
    global $lang;
    global $MaxPlayersToCompare;
    if ($ComparePlayers == 1) {
        if ($type == 'link') {
            if (isset($_GET["compare"])) {
                ?>
<div class="clr"></div>
 <div class="ct-wrapper">
  <div class="outer-wrapper">
   <div class="content section">
    <div class="widget Blog">
     <div class="blog-posts hfeed">
	 <div class="comparePlayersList">
	 <a class="menuButtons" href="<?php 
                echo OS_HOME;
                ?>
?top"><?php 
                echo $lang["compare_back"];
                ?>
</a>
	 <a class="menuButtons" href="javascript:;" onclick="showhide('compare_list')" ><?php 
                echo $lang["compare_list"];
                ?>
 <?php 
                if (isset($ComparePlayersData) and !empty($ComparePlayersData)) {
                    ?>
	 <?php 
                    echo count($ComparePlayersData);
                    ?>
/<?php 
                    echo $MaxPlayersToCompare;
                }
                ?>
</a>
	 <div id="compare_list">
	 <?php 
                if (isset($ComparePlayersData) and !empty($ComparePlayersData)) {
                    ?>
<table><?php 
                    $counter = 0;
                    foreach ($ComparePlayersData as $Player) {
                        $counter++;
                        ?>
		<tr>
		  <td width="24"><?php 
                        echo $counter;
                        ?>
</td>
		  <td width="175"><div><a href="<?php 
                        echo OS_HOME;
                        ?>
?u=<?php 
                        echo $Player["id"];
                        ?>
"><?php 
                        echo $Player["player"];
                        ?>
</a></div></td>
		  <td><a href="javascript:;" onclick="if( confirm('<?php 
                        echo $lang["compare_remove_player"];
                        ?>
') ) { location.href='<?php 
                        echo OS_HOME;
                        ?>
?top&amp;compare&amp;remove=<?php 
                        echo $Player["id"];
                        ?>
' }">&times;</a></td>
		</tr>
		<?php 
                    }
                    ?>
</table>
	  <?php 
                    if ($counter > 1) {
                        ?>
	  <div>
	  <a class="menuButtons" href="<?php 
                        echo OS_HOME;
                        ?>
?compare_players"><?php 
                        echo $lang["compare_players"];
                        ?>
</a>
	  <a class="menuButtons" href="<?php 
                        echo OS_HOME;
                        ?>
?top&amp;compare&amp;clear_list"><?php 
                        echo $lang["compare_clear"];
                        ?>
</a>
	  </div>
	  <?php 
                    }
                    ?>
	  <?php 
                } else {
                    echo $lang["compare_list_empty"];
                }
                ?>
	 </div>
	 </div>
     </div>
    </div>
   </div>
  </div>
</div>
	 <?php 
            } else {
                ?>
	 <?php 
                if (isset($_GET["sort"])) {
                    $sort = "&amp;sort=" . safeEscape($_GET["sort"]);
                } else {
                    $sort = "";
                }
                ?>
	 <span class="comparePlayersList"><a class="menuButtons compareButton" href="<?php 
                echo OS_HOME;
                ?>
?top&amp;compare<?php 
                echo $sort;
                ?>
"><?php 
                echo $lang["compare_compare"];
                ?>
</a></span>
	 <?php 
            }
            ?>
     <?php 
        }
        if ($type == 'form_start') {
            if (isset($_GET["compare"])) {
                ?>
<form action="" method="post"><?php 
            }
        }
        if ($type == 'checkbox') {
            if (isset($_GET["compare"])) {
                ?>
<input type="checkbox" name="compare[]" value="<?php 
                echo $playerID;
                ?>
" /><?php 
            }
        }
        if ($type == 'submit') {
            if (isset($_GET["compare"])) {
                ?>
	  <input type="submit" value="<?php 
                echo $lang["compare_add"];
                ?>
" name="compare_list_add" class="menuButtons" />
	  <input type="submit" value="<?php 
                echo $lang["compare_clear"];
                ?>
" name="clear_compare_list" class="menuButtons" />
	  <?php 
                if (isset($_SESSION["compare_list"]) and !empty($_SESSION["compare_list"])) {
                    ?>
	  <input type="submit" value="<?php 
                    echo $lang["compare_players"];
                    ?>
" name="compare_players" class="menuButtons" />
	  <?php 
                }
                ?>
	  </form><?php 
            }
        }
    }
}
Example #24
0
        ?>
   <h2>Hero successfully deleted</h2>
   <?php 
        CreateHeroList("../inc/cache/");
        OS_AddLog($_SESSION["username"], "[os_heroes] DELETED HERO ( " . safeEscape($_GET["del"]) . " )");
    }
}
if (isset($_GET["hid"]) and isset($_GET["type"])) {
    $hid = safeEscape($_GET["hid"]);
    $type = (int) $_GET["type"];
    $update = $db->update(OSDB_HEROES, array("type" => $type), "heroid = '" . $hid . "' ");
    CreateHeroList("../inc/cache/");
}
if (isset($_GET["edit"]) or isset($_GET["add"])) {
    if (isset($_GET["edit"])) {
        $edit = safeEscape($_GET["edit"]);
    }
    if (isset($_GET["add"])) {
        $HeroName = "";
        $heroid = "";
        $desc = "";
        $stats = "";
        $skills = "";
        $type = 0;
    }
    if (isset($_POST["edit_hero"])) {
        $HeroName = EscapeStr($_POST["hero_name"]);
        $heroid = EscapeStr($_POST["heroid"]);
        $desc = my_nl2br(trim($_POST["desc"]));
        $desc = str_replace(array("&Scaron;", "&scaron;"), array("Š", "š"), $desc);
        $type = (int) $_POST["type"];
Example #25
0
            }
            if ($c >= 1) {
                $sql = substr($sql, 0, -3);
                //echo $sql;
                $delete = $db->query($sql);
                if ($delete) {
                    ?>
Deleted <?php 
                    echo $c;
                    ?>
 ban(s)<?php 
                }
            }
        }
        if (isset($_GET["search_bans"]) and strlen($_GET["search_bans"]) >= 2) {
            $search_bans = safeEscape($_GET["search_bans"]);
            $sql = " AND LOWER(name) LIKE LOWER('%" . $search_bans . "%') ";
        } else {
            $sql = "";
            $search_bans = "";
        }
        if (!empty($_GET["check_ip_range"])) {
            $check_ip_range = strip_tags(trim($_GET["check_ip_range"]));
            $sql = " AND ip = ':" . $check_ip_range . "' ";
        }
        if (!isset($_GET["duplicate"])) {
            $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_BANS . " WHERE id>=1 {$sql}");
            $result = $sth->execute();
            $r = $sth->fetch(PDO::FETCH_NUM);
            $numrows = $r[0];
        } else {
Example #26
0
    $currentpage = (int) $_GET['page'];
} else {
    $currentpage = 1;
}
if ($currentpage > $totalpages) {
    $currentpage = $totalpages;
}
if ($currentpage < 1) {
    $currentpage = 1;
}
if ($totalpages <= 1) {
    $totalpages = 1;
}
$offset = ($currentpage - 1) * $rowsperpage;
if (isset($_GET['page']) and is_numeric($_GET['page'])) {
    $current_page = safeEscape($_GET['page']);
}
if (!isset($current_page)) {
    $current_page = 1;
}
if (!isset($MaxPaginationLinks)) {
    $range = 5;
} else {
    $range = $MaxPaginationLinks;
}
if ($range >= $totalpages) {
    $range = $totalpages;
}
if ($current_page > $totalpages) {
    $current_page = $totalpages;
}
Example #27
0
    }
    header("location: " . OS_HOME . "?top&compare" . $page);
    die;
    //COMPARING PLAYERS
}
//if (  isset($_SESSION["compare_list"])) echo( $_SESSION["compare_list"]);
if ((isset($_GET["compare"]) or isset($_GET["compare_players"])) and isset($_SESSION["compare_list"]) and !empty($_SESSION["compare_list"])) {
    $CompareIDArray = explode(",", $_SESSION["compare_list"]);
    $sqlCompare = "SELECT * FROM " . OSDB_STATS . " WHERE id>=1 AND (";
    foreach ($CompareIDArray as $PlayerID) {
        if (!empty($PlayerID) and is_numeric($PlayerID)) {
            $sqlCompare .= "id = " . (int) $PlayerID . " OR ";
        }
    }
    $IDs = substr($_SESSION["compare_list"], 0, strlen($_SESSION["compare_list"]) - 1) . " ";
    $ORD = "ORDER BY FIELD(id," . safeEscape($IDs) . ")";
    $sqlCompare = substr($sqlCompare, 0, strlen($sqlCompare) - 3) . ") " . $ORD . "";
    $sth = $db->prepare($sqlCompare);
    $resultCompare = $sth->execute();
    $c = 0;
    $ComparePlayersData = array();
    $temp_ck = 0;
    //creeps
    $temp_games = 0;
    //games
    $temp_wins = 0;
    //wins %
    $temp_stay = 0;
    //stay ratio
    $temp_apg = 0;
    //assists per game
Example #28
0
 $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " \n\t\t WHERE user_email = :SMF_email AND smf_id = :SMF_id ");
 $sth->bindValue(':SMF_email', $SMF_email, PDO::PARAM_STR);
 $sth->bindValue(':SMF_id', $SMF_id, PDO::PARAM_STR);
 $result = $sth->execute();
 if ($sth->rowCount() <= 0) {
     //CREATE NEW USER (from phpbb database)
     $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE LOWER(user_name) = :SMF_username ");
     $sth->bindValue(':SMF_username', strtolower($SMF_username), PDO::PARAM_STR);
     $result = $sth->execute();
     if ($sth->rowCount() >= 1) {
         $SMF_username = $SMF_username . "_" . $SMF_id;
         $pass = generate_hash(5);
         $hash = generate_hash(12);
         $password_db = generate_password($pass, $hash);
         $db->insert(OSDB_USERS, array("user_name" => $SMF_username, "user_email" => $SMF_email, "user_password" => $password_db, "password_hash" => $hash, "user_joined" => (int) time(), "user_level" => 0, "user_last_login" => (int) time(), "user_ip" => $_SERVER["REMOTE_ADDR"], "user_avatar" => $SMF_avatar, "smf_id" => $SMF_id, "user_website" => $SMF_website));
         $insert = $db->query("INSERT INTO " . OSDB_USERS . "(user_name, user_email, user_password, password_hash, user_joined, user_level, user_last_login, user_ip, user_avatar, smf_id, user_website )\n\t   VALUES('" . $SMF_username . "', '" . $SMF_email . "', '" . $password_db . "', '" . $hash . "', '" . (int) time() . "', '0', '" . (int) time() . "', '" . safeEscape($_SERVER["REMOTE_ADDR"]) . "', '" . $SMF_avatar . "', '" . $SMF_id . "', '" . $SMF_website . "' )");
         $id = $db->lastInsertId();
         $_SESSION["user_id"] = $id;
         $_SESSION["username"] = $SMF_username;
         $_SESSION["email"] = $SMF_email;
         $_SESSION["level"] = 0;
         $_SESSION["can_comment"] = 1;
         $_SESSION["logged"] = time();
         $_SESSION["smf"] = $SMF_id;
         //$_SESSION["logout"]    = $smf_forum_url."?action=logout;".$SMF_session_var."=".$SMF_sid;
         $logout = $scripturl . '?action=logout;' . $SMF_session_var . '=' . $SMF_sid;
         //Maybe SMF bug. Session verification not working...set forum link instead logout link.
         $logout = $smf_forum_url;
         $_SESSION["logout"] = $logout;
     }
 } else {
//Plugin: Smilies in comments
//Author: Ivan
//This plugin adds smiles in user comments.
if (!isset($website)) {
    header('HTTP/1.1 404 Not Found');
    die;
}
$PluginEnabled = '1';
//Enable edit plugin options
$PluginOptions = '1';
$SmiliesPath = 'img/smilies/';
$ThisPlugin = basename(__FILE__, '');
if ($PluginEnabled == 1) {
    //Change options
    if (isset($_POST["SmiliesPath"])) {
        $PATH = safeEscape($_POST["SmiliesPath"]);
        write_value_of('$SmiliesPath', "{$SmiliesPath}", $PATH, $plugins_dir . basename(__FILE__, ''));
        $SmiliesPath = $PATH;
    }
    //If user can edit plugin
    if (OS_is_admin() and OS_PluginEdit($ThisPlugin)) {
        //Show following options when user click on edit icon for this plugin
        //Display all smilies
        $Option = '
<form action="" method="post" >
  <input size="30" type="text" value="' . $SmiliesPath . '" name="SmiliesPath" />
  <input type="submit" value = "Change smilies path" class="menuButtons" />
  <a href="' . $website . 'adm/?plugins" class="menuButtons">Cancel</a>
</form>

<div><a href="javascript:;" onclick="showhide(\'smilies\')">Show all</a></div>';
    }
}
//REGISTER
if (isset($_GET["login"]) and !is_logged() and isset($_POST["register_"])) {
    if ($UserActivation == 2) {
        require_once OS_PLUGINS_DIR . 'index.php';
        os_init();
        header('location: ' . OS_HOME . '');
        die;
    }
    $username = OS_StrToUTF8($_POST["reg_un"]);
    $username = EscapeStr(trim($username));
    $email = safeEscape(trim($_POST["reg_email"]));
    $email = strtolower($email);
    $password = safeEscape($_POST["reg_pw"]);
    $password2 = safeEscape($_POST["reg_pw2"]);
    $registration_errors = "";
    $AllowedCharacters = '0123456789QWERTZUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklyxcvbnmљњертзуиопшђасдфгхјклчћжѕџцвбнмšđč枊ĐČĆŽЉЊЕРТЗУИОПШЂАСДФГХЈКЛЧЋЖЅЏЦВБНМ_-';
    if (!preg_match('/^[' . $AllowedCharacters . ']+$/', $username)) {
        $registration_errors .= "<div>" . $lang["error_username"] . "</div>";
    }
    //die($registration_errors." - ".$username);
    if (!preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6}\$/i", $email)) {
        $registration_errors .= "<div>" . $lang["error_email"] . "</div>";
    }
    if (strlen($username) <= 2) {
        $registration_errors .= "<div>" . $lang["error_short_un"] . "</div>";
    }
    if (strlen($password) <= 2) {
        $registration_errors .= "<div>" . $lang["error_short_pw"] . "</div>";
    }