function edit_bag()
{
global $output, $bag_id, $sql, $core;
// check chosen slots for injection
$slots = array();
$temp = $_GET["chosen_slot"];
for ($i = 0; $i < count($temp); $i++) {
if (is_numeric($temp[$i])) {
$slots[] = $temp[$i];
} else {
error(lang("global", "err_invalid_input"));
}
}
// build query list
$query_list = "(";
for ($i = 0; $i < count($temp); $i++) {
$query_list .= $temp[$i] . ($i < count($temp) - 1 ? ", " : ")");
}
// get items
$query = "SELECT * FROM point_system_prize_bag_items WHERE bag='" . $bag_id . "' AND slot IN " . $query_list;
$result = $sql["mgr"]->query($query);
$items = array();
$item_counts = array();
while ($row = $sql["mgr"]->fetch_assoc($result)) {
$items[] = $row["item_id"];
$item_counts[] = $row["item_count"];
}
$item_temp = explode("-", $_GET["item_character"]);
$item_realm_id = $item_temp[0];
$item_receiver = $item_temp[1];
$item_to = $item_temp[2];
$temp = array();
$temp_counts = array();
while (count($items) != 0) {
if (count($temp)) {
unset($temp);
unset($temp_counts);
$temp = array();
$temp_counts = array();
}
$lim = count($items) > 12 ? 12 : count($items);
for ($i = 0; $i < $lim; $i++) {
$temp[] = array_pop($items);
$temp_counts[] = array_pop($item_counts);
}
$mails = array();
// if the money & item characters are the same, we only need to send one mail
$mail["receiver"] = $item_receiver;
$mail["subject"] = lang("points", "mail_subject_bag");
$mail["body"] = lang("points", "mail_body_bag");
$mail["att_gold"] = 0;
$mail["att_item"] = $temp;
$mail["att_stack"] = $temp_counts;
$mail["receiver_name"] = $item_to;
array_push($mails, $mail);
// send
if ($core == 1) {
$result = send_ingame_mail_A($item_realm_id, $mails, true);
} else {
$result = send_ingame_mail_MT($item_realm_id, $mails, true);
}
}
// remove the items from the bag
$query = "DELETE FROM point_system_prize_bag_items WHERE bag='" . $bag_id . "' AND slot IN " . $query_list;
$result = $sql["mgr"]->query($query);
redirect("point_system.php?action=view_bag&bag_id=" . $bag_id);
}
function send_mail()
{
global $output, $logon_db, $characters_db, $realm_id, $action_permission, $user_name, $from_mail, $mailer_type, $smtp_cfg, $GMailSender, $sql, $core;
// if we came here from Quest Item Vendor or Ultra Vendor,
// we need to bypass the normal permissions
if ($_SESSION["vendor_permission"]) {
valid_login($action_permission["view"]);
unset($_SESSION["vendor_permission"]);
} else {
valid_login($action_permission["update"]);
}
$type = isset($_GET["type"]) ? $_GET["type"] : "ingame_mail";
if (empty($_GET["body"]) || empty($_GET["subject"]) || empty($_GET["group_sign"]) || empty($_GET["group_send"])) {
redirect("mail.php?error=1");
}
$body = explode("\n", $_GET["body"]);
$subject = $sql["char"]->quote_smart($_GET["subject"]);
if (isset($_GET["to"]) && $_GET["to"] != "") {
$to = $sql["char"]->quote_smart($_GET["to"]);
} else {
$to = 0;
if (!isset($_GET["group_value"]) || $_GET["group_value"] === '') {
redirect("mail.php?error=1");
} else {
$group_value = $sql["char"]->quote_smart($_GET["group_value"]);
$group_sign = $sql["char"]->quote_smart($_GET["group_sign"]);
$group_send = $sql["char"]->quote_smart($_GET["group_send"]);
}
}
//$type = addslashes($type);
$att_gold = $sql["char"]->quote_smart($_GET["money"]);
for ($i = 0; $i < 12; $i++) {
$temp_item = $sql["char"]->quote_smart($_GET["att_item" . ($i + 1)]);
$temp_stack = $sql["char"]->quote_smart($_GET["att_stack" . ($i + 1)]);
if ($temp_item != 0 && $temp_stack == 0) {
$temp_stack = 1;
}
if ($temp_item != "0") {
$att_item[] = $temp_item;
$att_stack[] = $temp_stack;
}
}
switch ($type) {
case "email":
require_once "libs/mailer/class.phpmailer.php";
require_once "libs/mailer/authgMail_lib.php";
$mail = new PHPMailer();
$mail->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mail->Host = $smtp_cfg["host"];
$mail->Port = $smtp_cfg["port"];
if ($smtp_cfg["user"] != "") {
$mail->SMTPAuth = true;
$mail->Username = $smtp_cfg["user"];
$mail->Password = $smtp_cfg["pass"];
}
}
$value = NULL;
for ($i = 0; $i < count($body); $i++) {
$value .= $body[$i] . "\r\n";
}
$body = $value;
$mail->From = $from_mail;
$mail->FromName = $user_name;
$mail->Subject = $subject;
$mail->IsHTML(true);
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
$body = str_replace(array("\r\n", "\n", "\r"), "<br />", $body);
$body = preg_replace("/([^\\/=\"\\]])((http|ftp)+(s)?:\\/\\/[^<>\\s]+)/i", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $body);
$body = preg_replace('/([^\\/=\\"\\]])(www\\.)(\\S+)/', '\\1<a href="http://\\2\\3" target="_blank">\\2\\3</a>', $body);
$mail->Body = $body;
$mail->WordWrap = 50;
if ($to) {
if (!$GMailSender) {
//single Recipient
$mail->AddAddress($to);
if (!$mail->Send()) {
$mail->ClearAddresses();
redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
} else {
$mail->ClearAddresses();
redirect("mail.php?error=2");
}
} else {
//single Recipient
$mail_result = authgMail($from_mail, $user_name, $to, $to, $subject, $body, $smtp_cfg);
if ($mail_result["quitcode"] != 221) {
redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
} else {
redirect("mail.php?error=2");
}
}
} elseif (isset($group_value)) {
//group send
$email_array = array();
switch ($group_send) {
case "gm_level":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT email FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
}
while ($user = $sql["logon"]->fetch_row($result)) {
if ($user[0] != "") {
array_push($email_array, $user[0]);
}
}
break;
case "locked":
//this_is_junk: I'm going to pretend that locked is muted
if ($core == 1) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE muted" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE locked" . $group_sign . "'" . $group_value . "'");
}
while ($user = $sql["logon"]->fetch_row($result)) {
if ($user[0] != "") {
array_push($email_array, $user[0]);
}
}
break;
case "banned":
//this_is_junk: sigh...
$que = $sql["logon"]->query("SELECT id FROM account_banned");
while ($banned = $sql->fetch_row($que)) {
$result = $sql["logon"]->query("SELECT email FROM accounts WHERE acct='" . $banned[0] . "'");
if ($sqlr->result($result, 0, 'email')) {
array_push($email_array, $sql->result($result, 0, "email"));
}
}
break;
default:
redirect("mail.php?error=5");
break;
}
if (!$GMailSender) {
foreach ($email_array as $mail_addr) {
$mail->AddAddress($mail_addr);
if (!$mail->Send()) {
$mail->ClearAddresses();
redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
} else {
$mail->ClearAddresses();
}
}
} else {
$mail_to = implode(",", $email_array);
$mail_result = authgMail($from_mail, $user_name, $mail_to, "", $subject, $body, $smtp_cfg);
if ($mail_result["quitcode"] != 221) {
redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
} else {
redirect("mail.php?error=2");
}
}
redirect("mail.php?error=2");
} else {
redirect("mail.php?error=1");
}
break;
case "ingame_mail":
$value = NULL;
for ($i = 0; $i < count($body); $i++) {
$value .= $body[$i] . " ";
}
$body = $value;
$body = str_replace("\r", " ", $body);
$body = $sql["char"]->quote_smart($body);
if ($to) {
//single Recipient
$result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $to . "'");
if ($sql["char"]->num_rows($result) == 1) {
$receiver = $sql["char"]->result($result, 0, 'guid');
$mails = array();
$mail["receiver"] = $receiver;
$mail["subject"] = $subject;
$mail["body"] = $body;
$mail["att_gold"] = $att_gold;
$mail["att_item"] = $att_item;
$mail["att_stack"] = $att_stack;
$mail["receiver_name"] = $to;
//array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
array_push($mails, $mail);
if ($core == 1) {
send_ingame_mail_A($realm_id, $mails);
} else {
send_ingame_mail_MT($realm_id, $mails);
}
} else {
redirect("mail.php?error=4");
}
redirect("mail.php?error=2");
break;
} elseif (isset($group_value)) {
//group send
$char_array = array();
switch ($group_send) {
case "gm_level":
if ($core == 1) {
$result = $sql["logon"]->query("SELECT acct FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
} else {
$result = $sql["logon"]->query("SELECT account.id AS acct FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
}
while ($acc = $sql["char"]->fetch_row($result)) {
if ($core == 1) {
$result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE acct='" . $acc[0] . "'");
} else {
$result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE account='" . $acc[0] . "'");
}
while ($char = $sql["char"]->fetch_row($result_2)) {
array_push($char_array, $char[0]);
}
}
break;
case "online":
$result = $sql["char"]->query("SELECT name FROM `characters` WHERE online" . $group_sign . "'" . $group_value . "'");
while ($user = $sql["char"]->fetch_row($result)) {
array_push($char_array, $user[0]);
}
break;
case "char_level":
$result = $sql["char"]->query("SELECT name FROM `characters` WHERE level" . $group_sign . "'" . $group_value . "'");
while ($user = $sql["char"]->fetch_row($result)) {
array_push($char_array, $user[0]);
}
break;
default:
redirect("mail.php?error=5");
}
$mails = array();
if ($sql["char"]->num_rows($result)) {
foreach ($char_array as $receiver) {
$result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $receiver . "'");
$char_guid = $sql["char"]->fetch_row($result);
$mail = array();
$mail["receiver"] = $char_guid[0];
$mail["subject"] = $subject;
$mail["body"] = $body;
$mail["att_gold"] = $att_gold;
$mail["att_item"] = $att_item;
$mail["att_stack"] = $att_stack;
$mail["receiver_name"] = $receiver;
//array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
array_push($mails, $mail);
}
if ($core == 1) {
send_ingame_mail_A($realm_id, $mails);
} else {
send_ingame_mail_MT($realm_id, $mails);
}
redirect("mail.php?error=2");
} else {
redirect("mail.php?error=4");
}
}
break;
default:
redirect("mail.php?error=1");
}
}
