function _leiphp_request_method_router()
{
// 如果已调用APP::end(),则不再执行此函数,因为在die后仍然会执行register_shutdown_function注册的函数
if (APP::$is_exit) {
return;
}
// 执行相应的请求方法
$method = strtolower($_SERVER['REQUEST_METHOD']);
$funcname = "method_{$method}";
define('APP_TIMESTAMP_ROUTE', microtime(true));
if (function_exists($funcname)) {
$funcname();
} elseif (function_exists('method_all')) {
$funcname = 'method_all';
method_all();
} else {
$funcname = 'method_undefine';
}
// 关闭数据库连接
@SQL::close();
// 显示调试信息
$accept_type = strtolower(trim($_SERVER['HTTP_ACCEPT']));
if (APP::$is_debug && substr($accept_type, 0, 9) == 'text/html') {
$spent2 = round((microtime(true) - APP_TIMESTAMP_ROUTE) * 1000, 3);
$spent = round((microtime(true) - APP_TIMESTAMP_START) * 1000, 3);
$debug = DEBUG::clear();
echo "<div style='\n font-size: 14px;\n line-height: 1.6em;\n text-align: left;\n color: #000;\n padding: 12px 8px;\n border: 1px solid #DDD;\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n background-color: #EEE;\n margin-top: 50px;\n'>Debug<br>Function {$funcname} spent: {$spent2}ms<br>Total spent: {$spent}ms<br>\n<hr><pre style='\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n'>{$debug}</pre>\n</div>";
}
}
/**
* calculate creature health, mana and armor
*
* kinda crappy way, but works
*
* if $type is used:
* 1 -> returns health
* 2 -> returns mana
* 3 -> returns armor
* 0 -> returns array(health,mana,armor)
*/
function get_additional_data($entryid, $type = 0)
{
global $world_db, $realm_id;
if (!is_numeric($entryid)) {
return array(0, 0, 0);
}
$sqlw = new SQL();
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$q = $sqlw->query("\n\t\tSELECT \n\t\t\t(SELECT unit_class \n\t\t\tFROM creature_template \n\t\t\tWHERE entry = " . $entryid . ") AS class, \n\t\t\t\t(SELECT FLOOR(minlevel + (RAND() * (maxlevel - minlevel + 1))) \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ") AS level, \n\t\t\t\t(SELECT exp \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ") AS exp;");
$data = $sqlw->fetch_assoc($q);
if ($sqlw->num_rows($q) == 0) {
return array(0, 0, 0);
}
$q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Health_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basehp" . $data['exp'] . " \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5), \n\t\t\t\t((SELECT Mana_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basemana \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5),\n\t\t\t\t((SELECT Armor_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t*(SELECT basearmor \n\t\t\t\tFROM creature_classlevelstats \n\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);";
if ($type == 1) {
$q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Health_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basehp" . $data['exp'] . " \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);";
}
if ($type == 2) {
$q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Mana_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basemana \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);";
}
if ($type == 3) {
$q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Armor_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basearmor \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);";
}
$query = $sqlw->query($q);
$result = $sqlw->fetch_row($query);
$sqlw->close();
unset($sql);
if ($type == 2 && $result[0] == 0.5) {
return 0;
}
if ($type == 0 && $result[1] == 0.5) {
return array($result[0], 0, $result[2]);
}
return $type > 0 ? $result[0] : $result;
}
function html_header()
{
if (!defined('SITE_ROOT')) {
define('SITE_ROOT', './');
}
require SITE_ROOT . 'portal_config.php';
require_once SITE_ROOT . 'include/database.class.php';
$currentUserID = $_SESSION['current_userID'];
$db = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false);
$db->query("SELECT * FROM forum_users WHERE id='{$currentUserID}'");
if ($row = $db->fetch_array()) {
$username = $row['username'];
$realname = $row['realname'];
}
$db->close();
if ($realname !== null) {
$displayname = $realname;
} else {
$displayname = $username;
}
echo '
<div id="wrap">
<div class="navbar navbar-top"><div class="navbar-inner"><div class="container">
<a class="brand" href="#index.php"><div class="logo-ip"></div></a>
<div class="btn-group pull-left">
<a href="../forum" class="btn btn-inverse"><i class="icon-rss"></i> Forum Ishare</a>
</div>
<div class="btn-group">
<button class="btn dropdown-toggle" data-toggle="dropdown"><i class="icon-list muted"></i> KampusLinks <span class="caret"></span></button>
<ul class="dropdown-menu">
<li><a href="http://mpp.eng.usm.my/">MPPUSMKKj Official Blog</a></li>
<li><a href="http://hepp.eng.usm.my/">BHEPP USMKKj</a></li>
<li><a href="http://infodesk.eng.usm.my/">Infodesk PPKT USMKKj</a></li>
<li><a href="http://www.eng.usm.my/php/blockedIP/">Blocked Port List</a></li>
<li><a href="http://elearning.usm.my/">e-Learning Portal</a></li>
<li><a href="http://campusonline.usm.my/">CampusOnline Portal</a></li>
<li><a href="http://www.tcom.usm.my/">Sistem Direktori Telefon USM</a></li>
<li><a href="http://www.facebook.com/ppkt.eng.usm">Facebook PPKT USMKKj</a></li>
<li class="divider"></li>
<li><a href="http://hik3.net/refcode"><i class="icon-bookmark"></i> RefCode (Snippets)</a></li>
</ul>
</div>
<div class="btn-group pull-right">
<a href="index.php" class="btn btn-primary"><i class="icon-home icon-white"></i> Home</a>
<a href="profile.php?id=' . $currentUserID . '" class="btn btn-inverse"><i class="icon-user"></i> ' . $displayname . '</a>
<button class="btn btn-danger dropdown-toggle" data-toggle="dropdown"><span class="caret"></span></button>
<ul class="dropdown-menu">
<li><a href="edit_profile.php"><i class="icon-edit muted"></i> Edit Profile</a></li>
<li><a href="edit_sharerlink.php"><i class="icon-hdd muted"></i> Edit Sharerlink</a></li>
<li class="divider"></li>
<li><a href="../forum/login.php?action=out&id=' . $currentUserID . '"><i class="icon-off muted"></i> Logout</a></li>
</ul>
</div>
</div></div></div>
';
}
function _slimphp_request_method_router()
{
// 如果已调用APP::end(),则不再执行此函数,因为在die后仍然会执行register_shutdown_function注册的函数
if (APP::$is_exit) {
return;
}
// 执行相应的请求方法
// strtolower(string)
// 参数 描述
// string 必需。规定要转换的字符串。
// 技术细节
// 返回值: 返回转换为小写的字符串。
// $_SERVER['REQUEST_METHOD'] #访问页面时的请求方法。例如:“GET”、“HEAD”,“POST”,“PUT”。
$method = strtolower($_SERVER['REQUEST_METHOD']);
//得到是get或者post然后下面拼接method_get或者method_post
$funcname = "method_{$method}";
//microtime() 函数返回当前 Unix 时间戳和微秒数。
define('APP_TIMESTAMP_ROUTE', microtime(true));
if (function_exists($funcname)) {
$funcname();
} elseif (function_exists('method_all')) {
$funcname = 'method_all';
method_all();
} else {
$funcname = 'method_undefine';
}
// 关闭数据库连接
@SQL::close();
// 显示调试信息
// $_SERVER['HTTP_ACCEPT'] #当前请求的 Accept: 头部的内容。
$accept_type = strtolower(trim($_SERVER['HTTP_ACCEPT']));
//substr(string,start,length)
//参数 描述
//string 必需。规定要返回其中一部分的字符串。
//start
//必需。规定在字符串的何处开始。
//正数 - 在字符串的指定位置开始
//负数 - 在从字符串结尾开始的指定位置开始
//0 - 在字符串中的第一个字符处开始
//length
//可选。规定被返回字符串的长度。默认是直到字符串的结尾。
//正数 - 从 start 参数所在的位置返回的长度
//负数 - 从字符串末端返回的长度
if (APP::$is_debug && substr($accept_type, 0, 9) == 'text/html') {
//APP_TIMESTAMP_ROUTE 25行
$spent2 = round((microtime(true) - APP_TIMESTAMP_ROUTE) * 1000, 3);
$spent = round((microtime(true) - APP_TIMESTAMP_START) * 1000, 3);
$debug = DEBUG::clear();
echo "<div style='\n font-size: 14px;\n line-height: 1.6em;\n text-align: left;\n color: #000;\n padding: 12px 8px;\n border: 1px solid #DDD;\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n background-color: #EEE;\n margin-top: 50px;\n'>Debug<br>Function {$funcname} spent: {$spent2}ms<br>Total spent: {$spent}ms<br>\n<hr><pre style='\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n'>{$debug}</pre>\n</div>";
}
}
function populate_requestbox()
{
$db = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false);
$db->query("SELECT COUNT(id) FROM ip_requests");
$total_request = implode($db->fetch_assoc());
$db->query("SELECT COUNT(id) FROM ip_reply");
$total_reply = implode($db->fetch_assoc());
$db->close();
echo '<div class="alert alert-info">This is <strong>User\'s Request</strong> section (currently contained <strong>' . $total_request . '</strong> request shouts and <strong>' . $total_reply . '</strong> replies). Just use <code>!request</code> code in your shout to make them appear here. Please note that not all your requests will be replied. Lucky if you have!</div>';
echo '<div id="containerx">';
echo '<div class="data"></div>';
echo '<div class="pagination"></div>';
echo '</div>';
echo '
<script>
var replyID;
$(document).ready(function () { // START DOCUMENT.READY
$(".tip-top").tooltip();
function loadData(page){
$("#containerx").html("<div class=\\"loader\\" style=\\"margin-top:10px\\"></div>").fadeIn("fast");
$.ajax({
type: "GET",
url: "subfiles/requestbox_more.php?page="+page,
success: function(msg){
$("#containerx").html(msg);
}
});
}
loadData(1); // For first time page load default results
$("#containerx .pagination li.enx").live("click",function(e){
e.preventDefault();
var page = $(this).attr("p");
loadData(page);
});
}); // END DCOUMENT.READY
</script>
';
}
/**
* execute query and return all data in a reader
*
* @return SQLDataReader
*/
public function execute_reader()
{
$this->parse_query();
if (empty($this->queryParsed)) {
return new SQLDataReader();
}
$close = $this->conn->status() == 'closed';
$this->conn->open();
$res = $this->conn->query($this->queryParsed);
$data = array();
while ($row = $this->conn->fetch_array($res)) {
$data[] = $row;
}
// SQLite causes 'unknown error' after successful fetch of all data.
// Don't have a clue why...
$ret = empty($this->conn->error()) || $this->conn->error() == 'unknown error';
if ($close) {
$this->conn->close();
}
return $ret ? new SQLDataReader($data) : new SQLDataReader();
}
function forum_view_topic(&$sqlr, &$sqlc, &$sqlm)
{
global $enablesidecheck, $forum_skeleton, $maxqueries, $forum_lang, $user_lvl, $user_id, $output, $realm_db, $characters_db, $mmfpm_db, $realm_id;
if ($enablesidecheck) {
$side = get_side();
}
// Better to use it here instead of call it many time in the loop :)
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
//==========================$_GET and SECURE=================================
if (isset($_GET['id'])) {
$id = $sqlm->quote_smart($_GET['id']);
$post = false;
} else {
if (isset($_GET['postid'])) {
$id = $sqlm->quote_smart($_GET['postid']);
$post = true;
} else {
error($forum_lang['no_such_topic']);
}
}
if (!isset($_GET['page'])) {
$page = 0;
} else {
$page = $sqlm->quote_smart($_GET['page']);
}
// Fok you mathafoker haxorz
//==========================$_GET and SECURE end=============================
$start = $maxqueries * $page;
if (!$post) {
$posts = $sqlm->query('
SELECT id, authorid, authorname, forum, name, text, time, annouced, sticked, closed
FROM mm_forum_posts
WHERE topic = ' . $id . '
ORDER BY id ASC
LIMIT ' . $start . ', ' . $maxqueries . '');
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
// need to update this query to use ' instead of "
$query = "\r\n\t\t\tSELECT account, name, gender, race, class, level,\r\n\t\t\t\t(SELECT gmlevel\r\n\t\t\t\tFROM `{$realm_db['name']}`.account\r\n\t\t\t\tWHERE `{$realm_db['name']}`.account.id = `{$characters_db[$realm_id]['name']}`.characters.account) as gmlevel\r\n\t\t\tFROM `{$characters_db[$realm_id]['name']}`.characters\r\n\t\t\tWHERE totaltime IN \r\n\t\t\t\t(SELECT MAX(totaltime)\r\n\t\t\t\tFROM `{$characters_db[$realm_id]['name']}`.characters\r\n\t\t\t\tWHERE account IN (";
while ($post = $sqlm->fetch_row($posts)) {
$query .= "{$post['1']},";
}
mysql_data_seek($posts, 0);
$query .= "\r\n\t\t\t\t\t0)\r\n\t\t\t\tGROUP BY account);";
$sqlc = new SQL();
$sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$results = $sqlc->query($query);
while ($avatar = $sqlc->fetch_assoc($results)) {
$char_gender = str_pad(dechex($avatar['gender']), 8, 0, STR_PAD_LEFT);
$avatars[$avatar['account']]['name'] = $avatar['name'];
$avatars[$avatar['account']]['sex'] = $char_gender['race'];
$avatars[$avatar['account']]['race'] = $avatar['race'];
$avatars[$avatar['account']]['class'] = $avatar['class'];
$avatars[$avatar['account']]['level'] = $avatar['level'];
$avatars[$avatar['account']]['gm'] = $avatar['gmlevel'];
}
$replies = $sqlm->num_rows($posts);
if ($replies == 0) {
error($forum_lang['no_such_topic']);
}
$post = $sqlm->fetch_assoc($posts);
$fid = $post['forum'];
$cat = 0;
$cid = $sqlm->query('
SELECT category, name, description, side_access, level_post_topic, level_read, level_post
FROM mm_forum_categories');
while ($category = $sqlm->fetch_assoc($cid)) {
$fid_ = $sqlm->query('
SELECT forum, category, name, description, side_access, level_post_topic, level_read, level_post
FROM mm_forum_forums
WHERE category = ' . $category['category'] . '');
while ($forum = $sqlm->fetch_assoc($fid_)) {
if ($forum['forum'] == $fid) {
$cat = $forum['category'];
}
if (empty($forum['forum'])) {
error($forum_lang['no_such_forum']);
}
if ($category['level_read'] > $user_lvl || $forum['level_read'] > $user_lvl) {
error($forum_lang['no_access']);
}
if ($user_lvl == 0 && $enablesidecheck) {
if ($category['side_access'] != 'ALL') {
// Not an all side forum
if ($side == 'NO') {
// No char
continue;
} else {
if ($category['side_access'] != $side) {
// Forumside different of the user side
continue;
}
}
}
if ($forum['side_access'] != 'ALL') {
// Not an all side forum
if ($side == 'NO') {
// No char
continue;
} else {
if ($forum['side_access'] != $side) {
// Forumside different of the user side
continue;
}
}
}
}
}
}
$post['name'] = htmlspecialchars($post['name']);
$post['text'] = htmlspecialchars($post['text']);
$post['text'] = bbcode_parse1($post['text']);
$output .= '
<div class="top">
<h1>' . $forum_lang['forums'] . '</h1>
</div>
<center>
<fieldset>
<legend>
<a href="forum.php">' . $forum_lang['forum_index'] . '</a> ->
<a href="forum.php?action=view_forum&id=' . $forum['forum'] . '">' . $forum['name'] . '</a> ->
<a href="forum.php?action=view_topic&id=' . $id . '">' . $post['name'] . '</a>
</legend>
<table class="lined">
<tr>
<th style="width:15%;">' . $forum_lang['info'] . '</th>
<th style="text-align:left;">' . $forum_lang['text'] . '</th>';
if ($user_lvl > 0) {
$output .= '
<th style="width:50%;text-align:right;">';
if ($post['sticked'] == "1") {
if ($post['annouced'] == "1") {
// Annoucement
$output .= '
' . $forum_lang['annoucement'] . '';
} else {
// Sticky
$output .= '
' . $forum_lang['sticky'] . '';
}
} else {
if ($post['annouced'] == "1") {
// Annoucement
$output .= '
' . $forum_lang['annoucement'] . '';
} else {
// Normal Topic
$output .= '
' . $forum_lang['normal'] . '';
}
}
if ($post['closed'] == "1") {
$output .= '
</th>';
}
}
if (isset($avatars[$post['authorid']])) {
$avatar = gen_avatar_panel($avatars[$post['authorid']]['level'], $avatars[$post['authorid']]['sex'], $avatars[$post['authorid']]['race'], $avatars[$post['authorid']]['class'], 1, $avatars[$post['authorid']]['gm']);
} else {
$avatar = "";
}
$output .= '
<tr>
<td colspan="3" align="left">
' . $post['time'] . '
</td>
</tr>
</tr>';
$output .= '
<tr>
<td style="width:15%;text-align:center;"><center>' . $avatar . '</center>' . $forum_lang['author'] . ' : ';
if ($user_lvl > 0) {
$output .= '
<a href="user.php?action=edit_user&error=11&id=' . $post['authorid'] . '">';
}
if (isset($avatars[$post['authorid']])) {
$output .= $avatars[$post['authorid']]['name'];
} else {
$output .= $post['authorname'];
}
if ($user_lvl > 0) {
$output .= '
</a>';
}
$output .= '
</td>
<td colspan="2" style="text-align:left">' . $post['text'] . '<br />
<div style="text-align:right\\">
</td>
</tr>';
if ($user_lvl > 0) {
$output .= '
<tr>
<th colspan="3" align="right">';
if ($post['sticked'] == "1") {
if ($post['annouced'] == "1") {
// Annoucement
$output .= '
<a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=0"><img src="img/forums/unannounce.png" border="0" alt="' . $forum_lang['down'] . '" /></a>';
} else {
// Sticky
$output .= '
<a href="forum.php?action=edit_stick&id=' . $post['id'] . '&state=0"><img src="img/forums/unstick.png" border="0" alt="' . $forum_lang['down'] . '" /></a>
<a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=1"><img src="img/forums/announce.png" border="0" alt="' . $forum_lang["up"] . '" /></a>';
}
} else {
if ($post['annouced'] == "1") {
// Annoucement
$output .= '
<a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=0"><img src="img/forums/unannounce.png" border="0" alt="' . $forum_lang['down'] . '" /></a>';
} else {
// Normal Topic
$output .= '
<a href="forum.php?action=edit_stick&id=' . $post['id'] . '&state=1"><img src="img/forums/stick.png" border="0" alt="' . $forum_lang['up'] . '" /></a>';
}
}
if ($post['closed'] == "1") {
$output .= '
<a href="forum.php?action=edit_close&id=' . $post['id'] . '&state=0"><img src="img/forums/lock.png" border="0" alt=\\"' . $forum_lang['open'] . '" /></a>';
} else {
$output .= '
<a href="forum.php?action=edit_close&id=' . $post['id'] . '&state=1"><img src="img/forums/unlock.png" border="0" alt="' . $forum_lang['close'] . '" /></a>';
}
$output .= '
<a href="forum.php?action=move_topic&id=' . $post['id'] . '"><img src="img/forums/move.png" border="0" alt="' . $forum_lang['move'] . '" /></a>
<a href="forum.php?action=edit_post&id=' . $post['id'] . '"><img src="img/forums/edit.png" border="0" alt="' . $forum_lang["edit"] . '" /></a>
<a href="forum.php?action=delete_post&id=' . $post['id'] . '"><img src="img/forums/delete.png" border="0" alt="' . $forum_lang["delete"] . '" /></a>
</th>
</tr>';
}
$closed = $post['closed'];
while ($post = $sqlm->fetch_assoc($posts)) {
$post['text'] = htmlspecialchars($post['text']);
$post['text'] = bbcode_parse1($post['text']);
if (isset($avatars[$post['authorid']])) {
$avatar = gen_avatar_panel($avatars[$post['authorid']]['level'], $avatars[$post['authorid']]['sex'], $avatars[$post['authorid']]['race'], $avatars[$post['authorid']]['class'], 1, $avatars[$post['authorid']]['gm']);
} else {
$avatar = "";
}
$output .= '
<tr>
<td colspan="3" align="left">
' . $post['time'] . '
</td>
</tr>
<tr>
<td style="width:15%;text-align:center;">
<center>' . $avatar . '</center>' . $forum_lang['author'] . ' : ';
if ($user_lvl > 0) {
$output .= '
<a href="user.php?action=edit_user&error=11&id=' . $post['authorid'] . '">';
}
if (isset($avatars[$post['authorid']])) {
$output .= $avatars[$post['authorid']]['name'];
} else {
$output .= $post['authorname'];
}
$output .= '
</a>';
$output .= '
</td>
<td colspan="2" style="text-align:left;">' . $post['text'] . '<br />';
$output .= '
</td>
</tr>';
if ($user_lvl > 0 || $user_id == $post['authorid']) {
$output .= '
<tr>
<th colspan="3" align="right">
<a href="forum.php?action=edit_post&id=' . $post['id'] . '"><img src="img/forums/edit.png" border="0" alt="' . $forum_lang['edit'] . '"></a>
<a href="forum.php?action=delete_post&id=' . $post['id'] . '"><img src="img/forums/delete.png" border="0" alt="' . $forum_lang['delete'] . '"></a>
</th>
</tr>';
}
}
$totalposts = $sqlm->query('
SELECT id
FROM mm_forum_posts
WHERE topic = ' . $id . '');
$totalposts = $sqlm->num_rows($totalposts);
$pages = ceil($totalposts / $maxqueries);
$output .= '
<tr>
<td align="right" colspan="3">' . $forum_lang['pages'] . ' : ';
for ($x = 1; $x <= $pages; $x++) {
$y = $x - 1;
$output .= '
<a href="forum.php?action=view_topic&id=' . $id . '&page=' . $y . '">' . $x . '</a>';
}
$output .= '
</td>
</tr>
</table>
</fieldset>
<br />';
$category = $sqlm->query('
SELECT category, name, description, side_access, level_post_topic, level_read, level_post
FROM mm_forum_categories');
// Quick reply form
if (($user_lvl > 0 || !$closed) && ($category['level_post'] <= $user_lvl && $forum['level_post'] <= $user_lvl)) {
$output .= '
<form action="forum.php?action=do_add_post" method="POST" name="form">
<fieldset>
<legend>
' . $forum_lang['quick_reply'] . '
</legend>
<table class="lined">
<tr>
<td align="left" colspan="3">';
bbcode_add_editor();
$output .= '
</td>
</tr>
<tr>
<td colspan="3">
<TEXTAREA ID="msg" NAME="msg" ROWS=8 COLS=93></TEXTAREA><br/>
<input type="hidden" name="forum" value="' . $fid . '">
<input type="hidden" name="topic" value="' . $id . '">
</td>
</tr>
<tr>
<td align="left">';
makebutton($forum_lang['post'], "javascript:do_submit()", 100);
$output .= '
</td>
</tr>
</table>
</fieldset>
</form>';
}
$output .= '
</center>';
$sqlm->close();
} else {
$output .= '
<div class="top">
<h1>Stand by...</h1>
</div>';
// Get post id
$post = $sqlm->query('
SELECT topic, id
FROM mm_forum_posts
WHERE id = ' . $id . '');
if ($sqlm->num_rows($post) == 0) {
error($forum_lang['no_such_topic']);
}
$post = $sqlm->fetch_assoc($post);
if ($post['id'] == $post['authorid']) {
redirect('forum.php?action=view_topic&id=' . $id . '');
}
$topic = $post['id'];
// Get posts in topic
$posts = $sqlm->query('
SELECT id
FROM mm_forum_posts
WHERE topic = ' . $topic . '');
$replies = $sqlm->num_rows($posts);
if ($replies == 0) {
error($forum_lang['no_such_topic']);
}
$row = 0;
// Find the row of our post, so we could have his ratio (topic x/total topics) and knew the page to show
while ($post = $sqlm->fetch_row($posts)) {
$row++;
if ($topic == $id) {
break;
}
}
$page = 0;
while ($page * $maxqueries < $row) {
$page++;
}
$page--;
$sqlm->close();
redirect('forum.php?action=view_topic&id=' . $topic . '&page=' . $page . '');
}
// Queries : 2 with id || 2 (+2) with postid
}
function doregister()
{
global $lang_global, $characters_db, $realm_db, $mmfpm_db, $realm_id, $disable_acc_creation, $limit_acc_per_ip, $valid_ip_mask, $send_mail_on_creation, $create_acc_locked, $from_mail, $defaultoption, $require_account_verify, $mailer_type, $smtp_cfg, $title;
if ($_POST['security_code'] != $_SESSION['security_code']) {
redirect("register.php?err=13");
}
if (empty($_POST['pass']) || empty($_POST['email']) || empty($_POST['username'])) {
redirect("register.php?err=1");
}
if ($disable_acc_creation) {
redirect("register.php?err=4");
}
$last_ip = getenv('HTTP_X_FORWARDED_FOR') ? getenv('HTTP_X_FORWARDED_FOR') : getenv('REMOTE_ADDR');
if (sizeof($valid_ip_mask)) {
$qFlag = 0;
$user_ip_mask = explode('.', $last_ip);
foreach ($valid_ip_mask as $mask) {
$vmask = explode('.', $mask);
$v_count = 4;
$i = 0;
foreach ($vmask as $range) {
$vmask_h = explode('-', $range);
if (isset($vmask_h[1])) {
if ($vmask_h[0] >= $user_ip_mask[$i] && $vmask_h[1] <= $user_ip_mask[$i]) {
$v_count--;
}
} else {
if ($vmask_h[0] == $user_ip_mask[$i]) {
$v_count--;
}
}
$i++;
}
if (!$v_count) {
$qFlag++;
break;
}
}
if (!$qFlag) {
redirect("register.php?err=9&usr={$last_ip}");
}
}
$sql = new SQL();
$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$user_name = $sql->quote_smart(trim($_POST['username']));
$pass = $sql->quote_smart($_POST['pass']);
$pass1 = $sql->quote_smart($_POST['pass1']);
//make sure username/pass at least 4 chars long and less than max
if (strlen($user_name) < 4 || strlen($user_name) > 15) {
$sql->close();
redirect("register.php?err=5");
}
require_once "libs/valid_lib.php";
//make sure it doesnt contain non english chars.
if (!valid_alphabetic($user_name)) {
$sql->close();
redirect("register.php?err=6");
}
//make sure the mail is valid mail format
$mail = $sql->quote_smart(trim($_POST['email']));
if (!valid_email($mail) || strlen($mail) > 224) {
$sql->close();
redirect("register.php?err=7");
}
$per_ip = $limit_acc_per_ip ? "OR last_ip='{$last_ip}'" : "";
$result = $sql->query("SELECT ip FROM ip_banned WHERE ip = '{$last_ip}'");
//IP is in ban list
if ($sql->num_rows($result)) {
$sql->close();
redirect("register.php?err=8&usr={$last_ip}");
}
//Email check
$result = $sql->query("SELECT email FROM account WHERE email='{$mail}' {$per_ip}");
if ($sql->num_rows($result)) {
$sql->close();
redirect("register.php?err=14");
}
//Username check
$result = $sql->query("SELECT username FROM account WHERE username='******' {$per_ip}");
if ($sql->num_rows($result)) {
$sql->close();
redirect("register.php?err=3");
}
//there is already someone with same account name
if ($sql->num_rows($result)) {
$sql->close();
redirect("register.php?err=3&usr={$user_name}");
} else {
if ($expansion_select) {
$expansion = isset($_POST['expansion']) ? $sql->quote_smart($_POST['expansion']) : 0;
} else {
$expansion = $defaultoption;
}
if ($require_account_verify) {
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
$result2 = $sqlm->query("SELECT * FROM mm_account_verification WHERE username = '******' OR email = '{$mail}'");
if ($sqlm->num_rows($result2) > 0) {
redirect("register.php?err=15");
} else {
$client_ip = $_SERVER['REMOTE_ADDR'];
$authkey = sha1($client_ip . time());
$result = $sqlm->query("INSERT INTO mm_account_verification (username,sha_pass_hash,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion,authkey) VALUES (UPPER('{$user_name}'),'{$pass}',0,'{$mail}',now(),'{$last_ip}',0,{$create_acc_locked},NULL,0,{$expansion},{$authkey})");
do_verify_email();
redirect("login.php?error=7");
}
$sqlm->close();
} else {
$result = $sql->query("INSERT INTO account (username,sha_pass_hash,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion) VALUES (UPPER('{$user_name}'),'{$pass}',0,'{$mail}',now(),'{$last_ip}',0,{$create_acc_locked},NULL,0,{$expansion})");
}
$sql->close();
setcookie("terms", "", time() - 3600);
if ($send_mail_on_creation) {
require_once "libs/mailer/class.phpmailer.php";
$mailer = new PHPMailer();
$mailer->Mailer = $mailer_type;
if ($mailer_type == "smtp") {
$mailer->Host = $smtp_cfg['host'];
$mailer->Port = $smtp_cfg['port'];
if ($smtp_cfg['user'] != '') {
$mailer->SMTPAuth = true;
$mailer->Username = $smtp_cfg['user'];
$mailer->Password = $smtp_cfg['pass'];
}
}
$file_name = "mail_templates/mail_welcome.tpl";
$fh = fopen($file_name, 'r');
$subject = fgets($fh, 4096);
$body = fread($fh, filesize($file_name));
fclose($fh);
$subject = str_replace("<title>", $title, $subject);
$body = str_replace("\n", "<br />", $body);
$body = str_replace("\r", " ", $body);
$body = str_replace("<username>", $user_name, $body);
$body = str_replace("<password>", $pass1, $body);
$body = str_replace("<base_url>", $_SERVER['SERVER_NAME'], $body);
$mailer->WordWrap = 50;
$mailer->From = $from_mail;
$mailer->FromName = "{$title} Admin";
$mailer->Subject = $subject;
$mailer->IsHTML(true);
$mailer->Body = $body;
$mailer->AddAddress($mail);
$mailer->Send();
$mailer->ClearAddresses();
}
if ($result) {
redirect("login.php?error=6");
}
}
}
function dobackup()
{
global $lang_backup, $backup_dir, $tables_backup_realmd, $tables_backup_characters, $output, $realm_db, $characters_db, $realm_id, $tab_backup_user_realmd, $tab_backup_user_characters;
if (empty($_GET['backup_action']) || empty($_GET['backup_from_to'])) {
redirect("backup.php?error=1");
} else {
$backup_action = addslashes($_GET['backup_action']);
$backup_from_to = addslashes($_GET['backup_from_to']);
}
if ("load" == $backup_action && "file" == $backup_from_to) {
if (!eregi("(\\.(sql|qbquery))\$", $_FILES["uploaded_file"]["name"])) {
error($lang_backup['upload_sql_file_only']);
}
$uploaded_filename = str_replace(" ", "_", $_FILES["uploaded_file"]["name"]);
$uploaded_filename = preg_replace("/[^_A-Za-z0-9-\\.]/i", '', $uploaded_filename);
$file_name_new = $uploaded_filename . "_" . date("m.d.y_H.i.s") . ".sql";
move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], "{$backup_dir}/{$file_name_new}") or die(error("{$lang_backup['upload_err_write_permission']} {$backup_dir}"));
if (file_exists("{$backup_dir}/{$file_name_new}")) {
require_once "libs/db_lib/sql_lib.php";
$use_db = addslashes($_POST['use_db']);
if ($use_db == $realm_db['name']) {
$queries = run_sql_script($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], "{$backup_dir}/{$file_name_new}", true);
} else {
foreach ($characters_db as $db) {
if ($use_db == $db['name']) {
$queries = run_sql_script($db['addr'], $db['user'], $db['pass'], $db['name'], "{$backup_dir}/{$file_name_new}", true);
}
}
}
redirect("backup.php?error=4&tot={$queries}");
} else {
error($lang_backup['file_not_found']);
}
} elseif ("load" == $backup_action && "web" == $backup_from_to) {
if (empty($_POST['selected_file_name'])) {
redirect("backup.php?error=1");
} else {
$file_name = addslashes($_POST['selected_file_name']);
}
if (file_exists("{$backup_dir}/{$file_name}")) {
require_once "libs/db_lib/sql_lib.php";
$use_db = addslashes($_POST['use_db']);
if ($use_db == $realm_db['name']) {
$queries = run_sql_script($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], "{$backup_dir}/{$file_name}", false);
} else {
foreach ($characters_db as $db) {
if ($use_db == $db['name']) {
$queries = run_sql_script($db['addr'], $db['user'], $db['pass'], $db['name'], "{$backup_dir}/{$file_name}", false);
}
}
}
redirect("backup.php?error=4&tot={$queries}");
} else {
error($lang_backup['file_not_found']);
}
} elseif ("save" == $backup_action && "file" == $backup_from_to) {
//save and send to user
$struc_backup = addslashes($_GET['struc_backup']);
$save_all_realms = addslashes($_GET['save_all_realms']);
if ($save_all_realms) {
$temp_id = "all_realms";
} else {
$temp_id = "realmid_" . $realm_id;
}
$file_name_new = $temp_id . "_backup_" . date("m.d.y_H.i.s") . ".sql";
$fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err']));
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$realm_db['name']};\n\n") or die(error($lang_backup['file_write_err']));
fclose($fp);
require_once "libs/db_lib/sql_lib.php";
foreach ($tables_backup_realmd as $value) {
sql_table_dump($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}");
}
if ($save_all_realms) {
foreach ($characters_db as $db) {
$fp = fopen("{$backup_dir}/{$file_name_new}", 'r+') or die(error($lang_backup['file_write_err']));
fseek($fp, 0, SEEK_END);
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$db['name']};\n\n") or die(error($lang_backup['file_write_err']));
fclose($fp);
foreach ($tables_backup_characters as $value) {
sql_table_dump($db['addr'], $db['user'], $db['pass'], $db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}");
}
}
} else {
$fp = fopen("{$backup_dir}/{$file_name_new}", 'r+') or die(error($lang_backup['file_write_err']));
fseek($fp, 0, SEEK_END);
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$characters_db[$realm_id]['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$characters_db[$realm_id]['name']};\n\n") or die(error($lang_backup['file_write_err']));
fclose($fp);
foreach ($tables_backup_characters as $value) {
sql_table_dump($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}");
}
}
Header("Content-type: application/octet-stream");
Header("Content-Disposition: attachment; filename={$file_name_new}");
$fp = fopen("{$backup_dir}/{$file_name_new}", 'r') or die(error($lang_backup['file_write_err']));
while (!feof($fp)) {
$output_file = fread($fp, 1024);
echo $output_file;
}
fclose($fp);
unlink("{$backup_dir}/{$file_name_new}");
exit;
} elseif ("save" == $backup_action && "web" == $backup_from_to) {
//save backup to web/backup folder
$struc_backup = addslashes($_GET['struc_backup']);
$save_all_realms = addslashes($_GET['save_all_realms']);
$file_name_new = $realm_db['name'] . "_backup_" . date("m.d.y_H.i.s") . ".sql";
$fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err']));
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$realm_db['name']};\n\n") or die(error($lang_backup['file_write_err']));
fclose($fp);
require_once "libs/db_lib/sql_lib.php";
foreach ($tables_backup_realmd as $value) {
sql_table_dump($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}");
}
fclose($fp);
if ($save_all_realms) {
foreach ($characters_db as $db) {
$file_name_new = $db['name'] . "_backup_" . date("m.d.y_H.i.s") . ".sql";
$fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err']));
fseek($fp, 0, SEEK_END);
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$db['name']};\n\n") or die(error($lang_backup['file_write_err']));
fclose($fp);
foreach ($tables_backup_characters as $value) {
sql_table_dump($db['addr'], $db['user'], $db['pass'], $db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}");
}
fclose($fp);
}
} else {
$file_name_new = $characters_db[$realm_id]['name'] . "_backup_" . date("m.d.y_H.i.s") . ".sql";
$fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err']));
fseek($fp, 0, SEEK_END);
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$characters_db[$realm_id]['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$characters_db[$realm_id]['name']};\n\n") or die(error($lang_backup['file_write_err']));
fclose($fp);
foreach ($tables_backup_characters as $value) {
sql_table_dump($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}");
}
fclose($fp);
}
redirect("backup.php?error=2");
exit;
} elseif ("save" == $backup_action && "acc_on_file" == $backup_from_to) {
//save evry account in different file
$struc_backup = addslashes($_GET['struc_backup']);
$save_all_realms = addslashes($_GET['save_all_realms']);
$sql = new SQL();
$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$query = $sql->query("SELECT id FROM account");
$subdir = "{$backup_dir}/accounts/" . date("m_d_y_H_i_s");
mkdir($subdir, 0750);
while ($acc = $sql->fetch_array($query)) {
$file_name_new = $acc[0] . "_{$realm_db['name']}.sql";
$fp = fopen("{$subdir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err']));
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$realm_db['name']};\n\n") or die(error($lang_backup['file_write_err']));
$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
foreach ($tab_backup_user_realmd as $value) {
$acc_query = $sql->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$acc['0']}");
$num_fields = $sql->num_fields($acc_query);
$numrow = $sql->num_rows($acc_query);
$result = "-- Dumping data for {$value['0']} " . date("m.d.y_H.i.s") . "\n";
$result .= "LOCK TABLES {$value['0']} WRITE;\n";
$result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$acc['0']};\n";
if ($numrow) {
$result .= "INSERT INTO {$value['0']} (";
for ($count = 0; $count < $num_fields; $count++) {
$result .= "`" . $sql->field_name($acc_query, $count) . "`";
if ($count < $num_fields - 1) {
$result .= ",";
}
}
$result .= ") VALUES \n";
for ($i = 0; $i < $numrow; $i++) {
$result .= "\t(";
$row = $sql->fetch_row($acc_query);
for ($j = 0; $j < $num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
$row[$j] = ereg_replace("\n", "\\n", $row[$j]);
if (isset($row[$j])) {
if ($sql->field_type($acc_query, $j) == "int") {
$result .= "{$row[$j]}";
} else {
$result .= "'{$row[$j]}'";
}
} else {
$result .= "''";
}
if ($j < $num_fields - 1) {
$result .= ",";
}
}
if ($i < $numrow - 1) {
$result .= "),\n";
}
}
$result .= ");\n";
}
$result .= "UNLOCK TABLES;\n";
$result .= "\n";
fwrite($fp, $result) or die(error($lang_backup['file_write_err']));
}
fclose($fp);
foreach ($characters_db as $db) {
$file_name_new = $acc[0] . "_{$db['name']}.sql";
$fp = fopen("{$subdir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err']));
fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n") or die(error($lang_backup['file_write_err']));
fwrite($fp, "USE {$db['name']};\n\n") or die(error($lang_backup['file_write_err']));
$sql->connect($db['addr'], $db['user'], $db['pass'], $db['name']);
$all_char_query = $sql->query("SELECT guid,name FROM `characters` WHERE account = {$acc['0']}");
while ($char = $sql->fetch_array($all_char_query)) {
fwrite($fp, "-- Dumping data for character {$char['1']}\n") or die(error($lang_backup['file_write_err']));
foreach ($tab_backup_user_characters as $value) {
$char_query = $sql->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$char['0']}");
$num_fields = $sql->num_fields($char_query);
$numrow = $sql->num_rows($char_query);
$result = "LOCK TABLES {$value['0']} WRITE;\n";
$result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$char['0']};\n";
if ($numrow) {
$result .= "INSERT INTO {$value['0']} (";
for ($count = 0; $count < $num_fields; $count++) {
$result .= "`" . $sql->field_name($char_query, $count) . "`";
if ($count < $num_fields - 1) {
$result .= ",";
}
}
$result .= ") VALUES \n";
for ($i = 0; $i < $numrow; $i++) {
$result .= "\t(";
$row = $sql->fetch_row($char_query);
for ($j = 0; $j < $num_fields; $j++) {
$row[$j] = addslashes($row[$j]);
$row[$j] = ereg_replace("\n", "\\n", $row[$j]);
if (isset($row[$j])) {
if ($sql->field_type($char_query, $j) == "int") {
$result .= "{$row[$j]}";
} else {
$result .= "'{$row[$j]}'";
}
} else {
$result .= "''";
}
if ($j < $num_fields - 1) {
$result .= ",";
}
}
if ($i < $numrow - 1) {
$result .= "),\n";
}
}
$result .= ");\n";
}
$result .= "UNLOCK TABLES;\n";
$result .= "\n";
fwrite($fp, $result) or die(error($lang_backup['file_write_err']));
}
}
fclose($fp);
}
}
$sql->close();
unset($sql);
redirect("backup.php?error=2");
} elseif ("load" == $backup_action && "acc_on_file" == $backup_from_to) {
//load saved account
if (empty($_POST['selected_file_name']) || empty($_POST['file_dir'])) {
redirect("backup.php?error=1");
} else {
$file_name = addslashes($_POST['selected_file_name']);
$file_dir = addslashes($_POST['file_dir']);
$use_db = addslashes($_POST['use_db']);
}
$file_tmp = "{$backup_dir}/accounts/{$file_dir}/" . $file_name . "_{$use_db}.sql";
if (file_exists($file_tmp)) {
require_once "libs/db_lib/sql_lib.php";
if ($use_db == $realm_db['name']) {
$queries = run_sql_script($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], "{$backup_dir}/accounts/{$file_dir}/{$file_name}.sql", true);
} else {
foreach ($characters_db as $db) {
if ($use_db == $db['name']) {
$queries = run_sql_script($db['addr'], $db['user'], $db['pass'], $db['name'], "{$backup_dir}/accounts/{$file_dir}/{$file_name}.sql", true);
}
}
}
redirect("backup.php?error=4&tot={$queries}");
} else {
error($lang_backup['file_not_found']);
}
} else {
//non of the options = error
redirect("backup.php?error=1");
}
}
require_once 'libs/db_lib.php';
// Try to globally fix security vulnerabilities (very dirty way..)
require_once 'libs/valid_lib.php';
$sqlm = new SQL();
//mysql_real_escape_string needs a sql connection
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
foreach ($_POST as $key => $value) {
$_POST[$key] = cleanSQL($value);
}
foreach ($_GET as $key => $value) {
$_GET[$key] = cleanSQL($value);
}
foreach ($_COOKIE as $key => $value) {
$_COOKIE[$key] = cleanSQL($value);
}
$sqlm->close();
unset($sqlm);
// End
//---------------------Loading User Theme and Language Settings----------------
if (isset($_COOKIE['theme'])) {
if (is_dir('themes/' . $_COOKIE['theme'])) {
if (is_file('themes/' . $_COOKIE['theme'] . '/' . $_COOKIE['theme'] . '_1024.css')) {
$theme = $_COOKIE['theme'];
}
}
}
if (isset($_COOKIE['lang'])) {
$lang = $_COOKIE['lang'];
if (file_exists('lang/' . $lang . '.php')) {
} else {
$lang = $language;
function do_edit_char()
{
global $lang_global, $lang_char, $output, $realm_db, $characters_db, $realm_id, $action_permission, $user_lvl, $world_db;
valid_login($action_permission['delete']);
if (empty($_GET['id']) || empty($_GET['name'])) {
error($lang_global['empty_fields']);
}
$sql = new SQL();
$sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$id = $sql->quote_smart($_GET['id']);
$result = $sql->query("SELECT account, online FROM characters WHERE guid = '{$id}'");
if ($sql->num_rows($result)) {
//we cannot edit online chars
if (!$sql->result($result, 0, 'online')) {
//resrict by owner's gmlvl
$owner_acc_id = $sql->result($result, 0, 'account');
$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$query = $sql->query("SELECT gmlevel FROM account_access WHERE id ='{$owner_acc_id}' and (`RealmID` = {$realm_id} or `RealmID` = -1)");
$owner_gmlvl = $sql->result($query, 0, 'gmlevel');
$new_owner_name = $_GET['owner_name'];
$query = $sql->query("SELECT id FROM account WHERE username ='******'");
$new_owner_acc_id = $sql->result($query, 0, 'id');
if ($owner_acc_id != $new_owner_acc_id) {
$max_players = $sql->query("SELECT numchars FROM realmcharacters WHERE acctid ='{$new_owner_acc_id}'");
$max_players = $max_players[0];
if ($max_players <= 9) {
$result = $sql->query("UPDATE `{$characters_db[$realm_id]['name']}`.`characters` SET account = {$new_owner_acc_id} WHERE guid = {$id}");
} else {
redirect("char_edit.php?action=edit_char&id={$id}&error=5");
}
}
if ($user_lvl > $owner_gmlvl) {
if (isset($_GET['check'])) {
$check = $sql->quote_smart($_GET['check']);
} else {
$check = NULL;
}
$new_name = $sql->quote_smart($_GET['name']);
if (isset($_GET['tot_time'])) {
$new_tot_time = $sql->quote_smart($_GET['tot_time']);
} else {
$new_tot_time = 0;
}
if (isset($_GET['money'])) {
$new_money = $sql->quote_smart($_GET['money']);
} else {
$new_money = 0;
}
if (isset($_GET['arena_points'])) {
$new_arena_points = $sql->quote_smart($_GET['arena_points']);
} else {
$new_arena_points = 0;
}
if (isset($_GET['honor_points'])) {
$new_honor_points = $sql->quote_smart($_GET['honor_points']);
} else {
$new_honor_points = 0;
}
if (isset($_GET['total_kills'])) {
$new_total_kills = $sql->quote_smart($_GET['total_kills']);
} else {
$new_total_kills = 0;
}
if (!is_numeric($new_tot_time) || !is_numeric($new_money) || !is_numeric($new_arena_points) || !is_numeric($new_honor_points)) {
error($lang_char['use_numeric']);
}
$x = isset($_GET['x']) ? $sql->quote_smart($_GET['x']) : 0;
$y = isset($_GET['y']) ? $sql->quote_smart($_GET['y']) : 0;
$z = isset($_GET['z']) ? $sql->quote_smart($_GET['z']) : 0;
$map = isset($_GET['map']) ? $sql->quote_smart($_GET['map']) : 0;
$tp_to = isset($_GET['tp_to']) ? $sql->quote_smart($_GET['tp_to']) : 0;
$sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$result = $sql->query("SELECT equipmentCache FROM characters WHERE guid = '{$id}'");
$char = $sql->fetch_row($result);
$eq_data = explode(' ', $char[0]);
//some items need to be deleted
if ($check) {
$item_offset = array("a0" => EQ_DATA_OFFSET_EQU_HEAD, "a1" => EQ_DATA_OFFSET_EQU_NECK, "a2" => EQ_DATA_OFFSET_EQU_SHOULDER, "a3" => EQ_DATA_OFFSET_EQU_SHIRT, "a4" => EQ_DATA_OFFSET_EQU_CHEST, "a5" => EQ_DATA_OFFSET_EQU_BELT, "a6" => EQ_DATA_OFFSET_EQU_LEGS, "a7" => EQ_DATA_OFFSET_EQU_FEET, "a8" => EQ_DATA_OFFSET_EQU_WRIST, "a9" => EQ_DATA_OFFSET_EQU_GLOVES, "a10" => EQ_DATA_OFFSET_EQU_FINGER1, "a11" => EQ_DATA_OFFSET_EQU_FINGER2, "a12" => EQ_DATA_OFFSET_EQU_TRINKET1, "a13" => EQ_DATA_OFFSET_EQU_TRINKET2, "a14" => EQ_DATA_OFFSET_EQU_BACK, "a15" => EQ_DATA_OFFSET_EQU_MAIN_HAND, "a16" => EQ_DATA_OFFSET_EQU_OFF_HAND, "a17" => EQ_DATA_OFFSET_EQU_RANGED, "a18" => EQ_DATA_OFFSET_EQU_TABARD);
foreach ($check as $item_num) {
//deleting equiped items
if ($item_num[0] == "a") {
$eq_data[$item_offset[$item_num]] = 0;
sscanf($item_num, "a%d", $item_num);
$result = $sql->query("SELECT item FROM character_inventory WHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0");
$item_inst_id = $sql->result($result, 0, 'item');
$sql->query("DELETE FROM character_inventory WHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0");
$sql->query("DELETE FROM item_instance WHERE guid = '{$item_inst_id}' AND owner_guid = '{$id}'");
} else {
//deleting inv/bank items
$sql->query("DELETE FROM character_inventory WHERE guid = '{$id}' AND item = '{$item_num}'");
$sql->query("DELETE FROM item_instance WHERE guid = '{$item_num}' AND owner_guid = '{$id}'");
}
}
}
$data = implode(' ', $eq_data);
if ($tp_to) {
$query = $sql->query("SELECT map, position_x, position_y, position_z, orientation FROM `" . $world_db[$realm_id]['name'] . "`.`game_tele` WHERE LOWER(name) = '" . strtolower($tp_to) . "'");
$tele = $sql->fetch_row($query);
if ($tele) {
$teleport = "map='{$tele['0']}', position_x='{$tele['1']}', position_y='{$tele['2']}', position_z='{$tele['3']}', orientation='{$tele['4']}',";
} else {
error($lang_char['no_tp_location']);
}
} else {
$teleport = "map='{$map}', position_x='{$x}', position_y='{$y}', position_z='{$z}',";
}
$result = $sql->query("UPDATE characters SET equipmentCache = '{$data}', name = '{$new_name}', {$teleport} totaltime = '{$new_tot_time}', money = '{$new_money}', arenaPoints = '{$new_arena_points}', totalHonorPoints = '{$new_honor_points}', totalKills = '{$new_total_kills}' WHERE guid = {$id}");
$sql->close();
unset($sql);
if ($result) {
redirect("char_edit.php?action=edit_char&id={$id}&error=3");
} else {
redirect("char_edit.php?action=edit_char&id={$id}&error=4");
}
} else {
$sql->close();
unset($sql);
error($lang_char['no_permission']);
}
} else {
$sql->close();
unset($sql);
redirect("char_edit.php?action=edit_char&id={$id}&error=2");
}
} else {
error($lang_char['no_char_found']);
}
$sql->close();
unset($sql);
}
function do_update()
{
global $world_db, $realm_id, $action_permission, $user_lvl;
valid_login($action_permission['update']);
if (!isset($_POST['type']) || $_POST['type'] === '') {
redirect("item.php?error=1");
}
if (!isset($_POST['entry']) || $_POST['entry'] === '') {
redirect("item.php?error=1");
}
$sql = new SQL();
$sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$entry = $sql->quote_smart($_POST['entry']);
if (isset($_POST['class']) && $_POST['class'] != '') {
$class = $sql->quote_smart($_POST['class']);
} else {
$class = 0;
}
if (isset($_POST['subclass']) && $_POST['subclass'] != '') {
$subclass = $sql->quote_smart($_POST['subclass']);
} else {
$subclass = 0;
}
if (isset($_POST['name']) && $_POST['name'] != '') {
$name = $sql->quote_smart($_POST['name']);
} else {
$name = 0;
}
if (isset($_POST['displayid']) && $_POST['displayid'] != '') {
$displayid = $sql->quote_smart($_POST['displayid']);
} else {
$displayid = 0;
}
if (isset($_POST['Quality']) && $_POST['Quality'] != '') {
$Quality = $sql->quote_smart($_POST['Quality']);
} else {
$Quality = 0;
}
if (isset($_POST['Flags']) && $_POST['Flags'] != '') {
$Flags = $sql->quote_smart($_POST['Flags']);
} else {
$Flags = 0;
}
if (isset($_POST['BuyCount']) && $_POST['BuyCount'] != '') {
$BuyCount = $sql->quote_smart($_POST['BuyCount']);
} else {
$BuyCount = 0;
}
if (isset($_POST['BuyPrice']) && $_POST['BuyPrice'] != '') {
$BuyPrice = $sql->quote_smart($_POST['BuyPrice']);
} else {
$BuyPrice = 0;
}
if (isset($_POST['SellPrice']) && $_POST['SellPrice'] != '') {
$SellPrice = $sql->quote_smart($_POST['SellPrice']);
} else {
$SellPrice = 0;
}
if (isset($_POST['InventoryType']) && $_POST['InventoryType'] != '') {
$InventoryType = $sql->quote_smart($_POST['InventoryType']);
} else {
$AllowableClass = 0;
}
if (isset($_POST['AllowableClass'])) {
$AllowableClass = $sql->quote_smart($_POST['AllowableClass']);
} else {
$AllowableClass = -1;
}
if (isset($_POST['AllowableRace'])) {
$AllowableRace = $sql->quote_smart($_POST['AllowableRace']);
} else {
$AllowableRace = -1;
}
if (isset($_POST['ItemLevel']) && $_POST['ItemLevel'] != '') {
$ItemLevel = $sql->quote_smart($_POST['ItemLevel']);
} else {
$ItemLevel = 1;
}
if (isset($_POST['RequiredLevel']) && $_POST['RequiredLevel'] != '') {
$RequiredLevel = $sql->quote_smart($_POST['RequiredLevel']);
} else {
$RequiredLevel = 0;
}
if (isset($_POST['RequiredSkill']) && $_POST['RequiredSkill'] != '') {
$RequiredSkill = $sql->quote_smart($_POST['RequiredSkill']);
} else {
$RequiredSkill = 0;
}
if (isset($_POST['RequiredSkillRank']) && $_POST['RequiredSkillRank'] != '') {
$RequiredSkillRank = $sql->quote_smart($_POST['RequiredSkillRank']);
} else {
$RequiredSkillRank = 0;
}
if (isset($_POST['requiredspell']) && $_POST['requiredspell'] != '') {
$requiredspell = $sql->quote_smart($_POST['requiredspell']);
} else {
$requiredspell = 0;
}
if (isset($_POST['requiredhonorrank']) && $_POST['requiredhonorrank'] != '') {
$requiredhonorrank = $sql->quote_smart($_POST['requiredhonorrank']);
} else {
$requiredhonorrank = 0;
}
if (isset($_POST['RequiredCityRank']) && $_POST['RequiredCityRank'] != '') {
$RequiredCityRank = $sql->quote_smart($_POST['RequiredCityRank']);
} else {
$RequiredCityRank = 0;
}
if (isset($_POST['RequiredReputationFaction']) && $_POST['RequiredReputationFaction'] != '') {
$RequiredReputationFaction = $sql->quote_smart($_POST['RequiredReputationFaction']);
} else {
$RequiredReputationFaction = 0;
}
if (isset($_POST['RequiredReputationRank']) && $_POST['RequiredReputationRank'] != '') {
$RequiredReputationRank = $sql->quote_smart($_POST['RequiredReputationRank']);
} else {
$RequiredReputationRank = 0;
}
if (isset($_POST['maxcount']) && $_POST['maxcount'] != '') {
$maxcount = $sql->quote_smart($_POST['maxcount']);
} else {
$maxcount = 0;
}
if (isset($_POST['stackable']) && $_POST['stackable'] != '') {
$stackable = $sql->quote_smart($_POST['stackable']);
} else {
$description = 0;
}
if (isset($_POST['ContainerSlots']) && $_POST['ContainerSlots'] != '') {
$ContainerSlots = $sql->quote_smart($_POST['ContainerSlots']);
} else {
$ContainerSlots = 0;
}
if (isset($_POST['stat_type1']) && $_POST['stat_type1'] != '') {
$stat_type1 = $sql->quote_smart($_POST['stat_type1']);
} else {
$stat_type1 = 0;
}
if (isset($_POST['stat_value1']) && $_POST['stat_value1'] != '') {
$stat_value1 = $sql->quote_smart($_POST['stat_value1']);
} else {
$stat_value1 = 0;
}
if (isset($_POST['stat_type2']) && $_POST['stat_type2'] != '') {
$stat_type2 = $sql->quote_smart($_POST['stat_type2']);
} else {
$stat_type2 = 0;
}
if (isset($_POST['stat_value2']) && $_POST['stat_value2'] != '') {
$stat_value2 = $sql->quote_smart($_POST['stat_value2']);
} else {
$stat_value2 = 0;
}
if (isset($_POST['stat_type3']) && $_POST['stat_type3'] != '') {
$stat_type3 = $sql->quote_smart($_POST['stat_type3']);
} else {
$stat_type3 = 0;
}
if (isset($_POST['stat_value3']) && $_POST['stat_value3'] != '') {
$stat_value3 = $sql->quote_smart($_POST['stat_value3']);
} else {
$stat_value3 = 0;
}
if (isset($_POST['stat_type4']) && $_POST['stat_type4'] != '') {
$stat_type4 = $sql->quote_smart($_POST['stat_type4']);
} else {
$stat_type4 = 0;
}
if (isset($_POST['stat_value4']) && $_POST['stat_value4'] != '') {
$stat_value4 = $sql->quote_smart($_POST['stat_value4']);
} else {
$stat_value4 = 0;
}
if (isset($_POST['stat_type5']) && $_POST['stat_type5'] != '') {
$stat_type5 = $sql->quote_smart($_POST['stat_type5']);
} else {
$stat_type5 = 0;
}
if (isset($_POST['stat_value5']) && $_POST['stat_value5'] != '') {
$stat_value5 = $sql->quote_smart($_POST['stat_value5']);
} else {
$stat_value5 = 0;
}
if (isset($_POST['stat_type6']) && $_POST['stat_type6'] != '') {
$stat_type6 = $sql->quote_smart($_POST['stat_type6']);
} else {
$stat_type6 = 0;
}
if (isset($_POST['stat_value6']) && $_POST['stat_value6'] != '') {
$stat_value6 = $sql->quote_smart($_POST['stat_value6']);
} else {
$stat_value6 = 0;
}
if (isset($_POST['stat_type7']) && $_POST['stat_type7'] != '') {
$stat_type7 = $sql->quote_smart($_POST['stat_type7']);
} else {
$stat_type7 = 0;
}
if (isset($_POST['stat_value7']) && $_POST['stat_value7'] != '') {
$stat_value7 = $sql->quote_smart($_POST['stat_value7']);
} else {
$stat_value7 = 0;
}
if (isset($_POST['stat_type8']) && $_POST['stat_type8'] != '') {
$stat_type8 = $sql->quote_smart($_POST['stat_type8']);
} else {
$stat_type8 = 0;
}
if (isset($_POST['stat_value8']) && $_POST['stat_value8'] != '') {
$stat_value8 = $sql->quote_smart($_POST['stat_value8']);
} else {
$stat_value8 = 0;
}
if (isset($_POST['stat_type9']) && $_POST['stat_type9'] != '') {
$stat_type9 = $sql->quote_smart($_POST['stat_type9']);
} else {
$stat_type9 = 0;
}
if (isset($_POST['stat_value9']) && $_POST['stat_value9'] != '') {
$stat_value9 = $sql->quote_smart($_POST['stat_value9']);
} else {
$stat_value9 = 0;
}
if (isset($_POST['stat_type10']) && $_POST['stat_type10'] != '') {
$stat_type10 = $sql->quote_smart($_POST['stat_type10']);
} else {
$stat_type10 = 0;
}
if (isset($_POST['stat_value10']) && $_POST['stat_value10'] != '') {
$stat_value10 = $sql->quote_smart($_POST['stat_value10']);
} else {
$stat_value10 = 0;
}
if (isset($_POST['dmg_min1']) && $_POST['dmg_min1'] != '') {
$dmg_min1 = $sql->quote_smart($_POST['dmg_min1']);
} else {
$dmg_min1 = 0;
}
if (isset($_POST['dmg_max1']) && $_POST['dmg_max1'] != '') {
$dmg_max1 = $sql->quote_smart($_POST['dmg_max1']);
} else {
$dmg_max1 = 0;
}
if (isset($_POST['dmg_type1']) && $_POST['dmg_type1'] != '') {
$dmg_type1 = $sql->quote_smart($_POST['dmg_type1']);
} else {
$dmg_type1 = 0;
}
if (isset($_POST['dmg_min2']) && $_POST['dmg_min2'] != '') {
$dmg_min2 = $sql->quote_smart($_POST['dmg_min2']);
} else {
$dmg_min2 = 0;
}
if (isset($_POST['dmg_max2']) && $_POST['dmg_max2'] != '') {
$dmg_max2 = $sql->quote_smart($_POST['dmg_max2']);
} else {
$dmg_max2 = 0;
}
if (isset($_POST['dmg_type2']) && $_POST['dmg_type2'] != '') {
$dmg_type2 = $sql->quote_smart($_POST['dmg_type2']);
} else {
$dmg_type2 = 0;
}
if (isset($_POST['armor']) && $_POST['armor'] != '') {
$armor = $sql->quote_smart($_POST['armor']);
} else {
$armor = 0;
}
if (isset($_POST['holy_res']) && $_POST['holy_res'] != '') {
$holy_res = $sql->quote_smart($_POST['holy_res']);
} else {
$holy_res = 0;
}
if (isset($_POST['fire_res']) && $_POST['fire_res'] != '') {
$fire_res = $sql->quote_smart($_POST['fire_res']);
} else {
$fire_res = 0;
}
if (isset($_POST['nature_res']) && $_POST['nature_res'] != '') {
$nature_res = $sql->quote_smart($_POST['nature_res']);
} else {
$nature_res = 0;
}
if (isset($_POST['frost_res']) && $_POST['frost_res'] != '') {
$frost_res = $sql->quote_smart($_POST['frost_res']);
} else {
$frost_res = 0;
}
if (isset($_POST['shadow_res']) && $_POST['shadow_res'] != '') {
$shadow_res = $sql->quote_smart($_POST['shadow_res']);
} else {
$shadow_res = 0;
}
if (isset($_POST['arcane_res']) && $_POST['arcane_res'] != '') {
$arcane_res = $sql->quote_smart($_POST['arcane_res']);
} else {
$arcane_res = 0;
}
if (isset($_POST['delay']) && $_POST['delay'] != '') {
$delay = $sql->quote_smart($_POST['delay']);
} else {
$delay = 0;
}
if (isset($_POST['ammo_type']) && $_POST['ammo_type'] != '') {
$ammo_type = $sql->quote_smart($_POST['ammo_type']);
} else {
$ammo_type = 0;
}
if (isset($_POST['RangedModRange']) && $_POST['RangedModRange'] != '') {
$RangedModRange = $sql->quote_smart($_POST['RangedModRange']);
} else {
$RangedModRange = 0;
}
if (isset($_POST['spellid_1']) && $_POST['spellid_1'] != '') {
$spellid_1 = $sql->quote_smart($_POST['spellid_1']);
} else {
$spellid_1 = 0;
}
if (isset($_POST['spelltrigger_1']) && $_POST['spelltrigger_1'] != '') {
$spelltrigger_1 = $sql->quote_smart($_POST['spelltrigger_1']);
} else {
$spelltrigger_1 = 0;
}
if (isset($_POST['spellcharges_1']) && $_POST['spellcharges_1'] != '') {
$spellcharges_1 = $sql->quote_smart($_POST['spellcharges_1']);
} else {
$spellcharges_1 = 0;
}
if (isset($_POST['spellcooldown_1']) && $_POST['spellcooldown_1'] != '') {
$spellcooldown_1 = $sql->quote_smart($_POST['spellcooldown_1']);
} else {
$spellcooldown_1 = -1;
}
if (isset($_POST['spellcategory_1']) && $_POST['spellcategory_1'] != '') {
$spellcategory_1 = $sql->quote_smart($_POST['spellcategory_1']);
} else {
$spellcategory_1 = 0;
}
if (isset($_POST['spellcategorycooldown_1']) && $_POST['spellcategorycooldown_1'] != '') {
$spellcategorycooldown_1 = $sql->quote_smart($_POST['spellcategorycooldown_1']);
} else {
$spellcategorycooldown_1 = -1;
}
if (isset($_POST['spellppmRate_1']) && $_POST['spellppmRate_1'] != '') {
$spellppmRate_1 = $sql->quote_smart($_POST['spellppmRate_1']);
} else {
$spellppmRate_1 = 0;
}
if (isset($_POST['spellid_2']) && $_POST['spellid_2'] != '') {
$spellid_2 = $sql->quote_smart($_POST['spellid_2']);
} else {
$spellid_2 = 0;
}
if (isset($_POST['spelltrigger_2']) && $_POST['spelltrigger_2'] != '') {
$spelltrigger_2 = $sql->quote_smart($_POST['spelltrigger_2']);
} else {
$spelltrigger_2 = 0;
}
if (isset($_POST['spellcharges_2']) && $_POST['spellcharges_2'] != '') {
$spellcharges_2 = $sql->quote_smart($_POST['spellcharges_2']);
} else {
$spellcharges_2 = 0;
}
if (isset($_POST['spellcooldown_2']) && $_POST['spellcooldown_2'] != '') {
$spellcooldown_2 = $sql->quote_smart($_POST['spellcooldown_2']);
} else {
$spellcooldown_2 = -1;
}
if (isset($_POST['spellcategory_2']) && $_POST['spellcategory_2'] != '') {
$spellcategory_2 = $sql->quote_smart($_POST['spellcategory_2']);
} else {
$spellcategory_2 = 0;
}
if (isset($_POST['spellcategorycooldown_2']) && $_POST['spellcategorycooldown_2'] != '') {
$spellcategorycooldown_2 = $sql->quote_smart($_POST['spellcategorycooldown_2']);
} else {
$spellcategorycooldown_2 = -1;
}
if (isset($_POST['spellppmRate_2']) && $_POST['spellppmRate_2'] != '') {
$spellppmRate_2 = $sql->quote_smart($_POST['spellppmRate_2']);
} else {
$spellppmRate_2 = 0;
}
if (isset($_POST['spellid_3']) && $_POST['spellid_3'] != '') {
$spellid_3 = $sql->quote_smart($_POST['spellid_3']);
} else {
$spellid_3 = 0;
}
if (isset($_POST['spelltrigger_3']) && $_POST['spelltrigger_3'] != '') {
$spelltrigger_3 = $sql->quote_smart($_POST['spelltrigger_3']);
} else {
$spelltrigger_3 = 0;
}
if (isset($_POST['spellcharges_3']) && $_POST['spellcharges_3'] != '') {
$spellcharges_3 = $sql->quote_smart($_POST['spellcharges_3']);
} else {
$spellcharges_3 = 0;
}
if (isset($_POST['spellcooldown_3']) && $_POST['spellcooldown_3'] != '') {
$spellcooldown_3 = $sql->quote_smart($_POST['spellcooldown_3']);
} else {
$spellcooldown_3 = -1;
}
if (isset($_POST['spellcategory_3']) && $_POST['spellcategory_3'] != '') {
$spellcategory_3 = $sql->quote_smart($_POST['spellcategory_3']);
} else {
$description = 0;
}
if (isset($_POST['spellcategorycooldown_3']) && $_POST['spellcategorycooldown_3'] != '') {
$spellcategorycooldown_3 = $sql->quote_smart($_POST['spellcategorycooldown_3']);
} else {
$spellcategorycooldown_3 = -1;
}
if (isset($_POST['spellppmRate_3']) && $_POST['spellppmRate_3'] != '') {
$spellppmRate_3 = $sql->quote_smart($_POST['spellppmRate_3']);
} else {
$spellppmRate_3 = 0;
}
if (isset($_POST['spellid_4']) && $_POST['spellid_4'] != '') {
$spellid_4 = $sql->quote_smart($_POST['spellid_4']);
} else {
$spellid_4 = 0;
}
if (isset($_POST['spelltrigger_4']) && $_POST['spelltrigger_4'] != '') {
$spelltrigger_4 = $sql->quote_smart($_POST['spelltrigger_4']);
} else {
$spelltrigger_4 = 0;
}
if (isset($_POST['spellcharges_4']) && $_POST['spellcharges_4'] != '') {
$spellcharges_4 = $sql->quote_smart($_POST['spellcharges_4']);
} else {
$spellcharges_4 = 0;
}
if (isset($_POST['spellcooldown_4']) && $_POST['spellcooldown_4'] != '') {
$spellcooldown_4 = $sql->quote_smart($_POST['spellcooldown_4']);
} else {
$spellcooldown_4 = -1;
}
if (isset($_POST['spellcategory_4']) && $_POST['spellcategory_4'] != '') {
$spellcategory_4 = $sql->quote_smart($_POST['spellcategory_4']);
} else {
$spellcategory_4 = 0;
}
if (isset($_POST['spellcategorycooldown_4']) && $_POST['spellcategorycooldown_4'] != '') {
$spellcategorycooldown_4 = $sql->quote_smart($_POST['spellcategorycooldown_4']);
} else {
$spellcategorycooldown_4 = -1;
}
if (isset($_POST['spellppmRate_4']) && $_POST['spellppmRate_4'] != '') {
$spellppmRate_4 = $sql->quote_smart($_POST['spellppmRate_4']);
} else {
$spellppmRate_4 = 0;
}
if (isset($_POST['spellid_5']) && $_POST['spellid_5'] != '') {
$spellid_5 = $sql->quote_smart($_POST['spellid_5']);
} else {
$spellid_5 = 0;
}
if (isset($_POST['spelltrigger_5']) && $_POST['spelltrigger_5'] != '') {
$spelltrigger_5 = $sql->quote_smart($_POST['spelltrigger_5']);
} else {
$spelltrigger_5 = 0;
}
if (isset($_POST['spellcharges_5']) && $_POST['spellcharges_5'] != '') {
$spellcharges_5 = $sql->quote_smart($_POST['spellcharges_5']);
} else {
$spellcharges_5 = 0;
}
if (isset($_POST['spellcooldown_5']) && $_POST['spellcooldown_5'] != '') {
$spellcooldown_5 = $sql->quote_smart($_POST['spellcooldown_5']);
} else {
$spellcooldown_5 = -1;
}
if (isset($_POST['spellcategory_5']) && $_POST['spellcategory_5'] != '') {
$spellcategory_5 = $sql->quote_smart($_POST['spellcategory_5']);
} else {
$spellcategory_5 = 0;
}
if (isset($_POST['spellcategorycooldown_5']) && $_POST['spellcategorycooldown_5'] != '') {
$spellcategorycooldown_5 = $sql->quote_smart($_POST['spellcategorycooldown_5']);
} else {
$spellcategorycooldown_5 = -1;
}
if (isset($_POST['spellppmRate_5']) && $_POST['spellppmRate_5'] != '') {
$spellppmRate_5 = $sql->quote_smart($_POST['spellppmRate_5']);
} else {
$spellppmRate_5 = 0;
}
if (isset($_POST['bonding']) && $_POST['bonding'] != '') {
$bonding = $sql->quote_smart($_POST['bonding']);
} else {
$bonding = 0;
}
if (isset($_POST['description']) && $_POST['description'] != '') {
$description = $sql->quote_smart($_POST['description']);
} else {
$description = "";
}
if (isset($_POST['PageText']) && $_POST['PageText'] != '') {
$PageText = $sql->quote_smart($_POST['PageText']);
} else {
$PageText = 0;
}
if (isset($_POST['LanguageID']) && $_POST['LanguageID'] != '') {
$LanguageID = $sql->quote_smart($_POST['LanguageID']);
} else {
$LanguageID = 0;
}
if (isset($_POST['PageMaterial']) && $_POST['PageMaterial'] != '') {
$PageMaterial = $sql->quote_smart($_POST['PageMaterial']);
} else {
$PageMaterial = 0;
}
if (isset($_POST['startquest']) && $_POST['startquest'] != '') {
$startquest = $sql->quote_smart($_POST['startquest']);
} else {
$startquest = 0;
}
if (isset($_POST['lockid']) && $_POST['lockid'] != '') {
$lockid = $sql->quote_smart($_POST['lockid']);
} else {
$lockid = 0;
}
if (isset($_POST['Material']) && $_POST['Material'] != '') {
$Material = $sql->quote_smart($_POST['Material']);
} else {
$Material = 0;
}
if (isset($_POST['sheath']) && $_POST['sheath'] != '') {
$sheath = $sql->quote_smart($_POST['sheath']);
} else {
$sheath = 0;
}
if (isset($_POST['RandomProperty']) && $_POST['RandomProperty'] != '') {
$RandomProperty = $sql->quote_smart($_POST['RandomProperty']);
} else {
$RandomProperty = 0;
}
if (isset($_POST['block ']) && $_POST['block '] != '') {
$block = $sql->quote_smart($_POST['block']);
} else {
$block = 0;
}
if (isset($_POST['itemset']) && $_POST['itemset'] != '') {
$itemset = $sql->quote_smart($_POST['itemset']);
} else {
$itemset = 0;
}
if (isset($_POST['MaxDurability']) && $_POST['MaxDurability'] != '') {
$MaxDurability = $sql->quote_smart($_POST['MaxDurability']);
} else {
$MaxDurability = 0;
}
if (isset($_POST['area']) && $_POST['area'] != '') {
$area = $sql->quote_smart($_POST['area']);
} else {
$area = 0;
}
if (isset($_POST['BagFamily']) && $_POST['BagFamily'] != '') {
$BagFamily = $sql->quote_smart($_POST['BagFamily']);
} else {
$BagFamily = 0;
}
if (isset($_POST['Map']) && $_POST['Map'] != '') {
$Map = $sql->quote_smart($_POST['Map']);
} else {
$Map = 0;
}
if (isset($_POST['ScriptName']) && $_POST['ScriptName'] != '') {
$ScriptName = $sql->quote_smart($_POST['ScriptName']);
} else {
$ScriptName = 0;
}
if (isset($_POST['DisenchantID']) && $_POST['DisenchantID'] != '') {
$DisenchantID = $sql->quote_smart($_POST['DisenchantID']);
} else {
$DisenchantID = 0;
}
if (isset($_POST['RequiredDisenchantSkill']) && $_POST['RequiredDisenchantSkill'] != '') {
$RequiredDisenchantSkill = $sql->quote_smart($_POST['RequiredDisenchantSkill']);
} else {
$RequiredDisenchantSkill = -1;
}
if (isset($_POST['unk0']) && $_POST['unk0'] != '') {
$unk0 = $sql->quote_smart($_POST['unk0']);
} else {
$unk0 = -1;
}
if (isset($_POST['RandomSuffix']) && $_POST['RandomSuffix'] != '') {
$RandomSuffix = $sql->quote_smart($_POST['RandomSuffix']);
} else {
$RandomSuffix = 0;
}
if (isset($_POST['TotemCategory']) && $_POST['TotemCategory'] != '') {
$TotemCategory = $sql->quote_smart($_POST['TotemCategory']);
} else {
$TotemCategory = 0;
}
if (isset($_POST['socketColor_1']) && $_POST['socketColor_1'] != '') {
$socketColor_1 = $sql->quote_smart($_POST['socketColor_1']);
} else {
$socketColor_1 = 0;
}
if (isset($_POST['socketContent_1']) && $_POST['socketContent_1'] != '') {
$socketContent_1 = $sql->quote_smart($_POST['socketContent_1']);
} else {
$socketContent_1 = 0;
}
if (isset($_POST['socketColor_2']) && $_POST['socketColor_2'] != '') {
$socketColor_2 = $sql->quote_smart($_POST['socketColor_2']);
} else {
$socketColor_2 = 0;
}
if (isset($_POST['socketContent_2']) && $_POST['socketContent_2'] != '') {
$socketContent_2 = $sql->quote_smart($_POST['socketContent_2']);
} else {
$socketContent_2 = 0;
}
if (isset($_POST['socketColor_3']) && $_POST['socketColor_3'] != '') {
$socketColor_3 = $sql->quote_smart($_POST['socketColor_3']);
} else {
$socketColor_3 = 0;
}
if (isset($_POST['socketContent_3']) && $_POST['socketContent_3'] != '') {
$socketContent_3 = $sql->quote_smart($_POST['socketContent_3']);
} else {
$socketContent_3 = 0;
}
if (isset($_POST['socketBonus']) && $_POST['socketBonus'] != '') {
$socketBonus = $sql->quote_smart($_POST['socketBonus']);
} else {
$socketBonus = 0;
}
if (isset($_POST['GemProperties']) && $_POST['GemProperties'] != '') {
$GemProperties = $sql->quote_smart($_POST['GemProperties']);
} else {
$GemProperties = 0;
}
if (isset($_POST['ArmorDamageModifier']) && $_POST['ArmorDamageModifier'] != '') {
$ArmorDamageModifier = $sql->quote_smart($_POST['ArmorDamageModifier']);
} else {
$ArmorDamageModifier = 0;
}
if (isset($_POST['de_ChanceOrQuestChance']) && $_POST['de_ChanceOrQuestChance'] != '') {
$de_ChanceOrQuestChance = $sql->quote_smart($_POST['de_ChanceOrQuestChance']);
} else {
$de_ChanceOrQuestChance = 0;
}
if (isset($_POST['de_groupid']) && $_POST['de_groupid'] != '') {
$de_groupid = $sql->quote_smart($_POST['de_groupid']);
} else {
$de_groupid = 0;
}
if (isset($_POST['de_mincountOrRef']) && $_POST['de_mincountOrRef'] != '') {
$de_mincountOrRef = $sql->quote_smart($_POST['de_mincountOrRef']);
} else {
$de_mincountOrRef = 0;
}
if (isset($_POST['de_maxcount']) && $_POST['de_maxcount'] != '') {
$de_maxcount = $sql->quote_smart($_POST['de_maxcount']);
} else {
$de_maxcount = 0;
}
if (isset($_POST['de_lootcondition']) && $_POST['de_lootcondition'] != '') {
$de_lootcondition = $sql->quote_smart($_POST['de_lootcondition']);
} else {
$de_lootcondition = 0;
}
if (isset($_POST['de_condition_value1']) && $_POST['de_condition_value1'] != '') {
$de_condition_value1 = $sql->quote_smart($_POST['de_condition_value1']);
} else {
$de_condition_value1 = 0;
}
if (isset($_POST['de_condition_value2']) && $_POST['de_condition_value2'] != '') {
$de_condition_value2 = $sql->quote_smart($_POST['de_condition_value2']);
} else {
$de_condition_value2 = 0;
}
if (isset($_POST['de_item']) && $_POST['de_item'] != '') {
$de_item = $sql->quote_smart($_POST['de_item']);
} else {
$de_item = 0;
}
if (isset($_POST['del_de_items']) && $_POST['del_de_items'] != '') {
$del_de_items = $sql->quote_smart($_POST['del_de_items']);
} else {
$del_de_items = NULL;
}
$tmp = 0;
if ($AllowableClass[0] != -1) {
for ($t = 0; $t < count($AllowableClass); $t++) {
if ($AllowableClass[$t] & 1) {
$tmp = $tmp + 1;
}
if ($AllowableClass[$t] & 2) {
$tmp = $tmp + 2;
}
if ($AllowableClass[$t] & 4) {
$tmp = $tmp + 4;
}
if ($AllowableClass[$t] & 8) {
$tmp = $tmp + 8;
}
if ($AllowableClass[$t] & 16) {
$tmp = $tmp + 16;
}
if ($AllowableClass[$t] & 32) {
$tmp = $tmp + 32;
}
if ($AllowableClass[$t] & 64) {
$tmp = $tmp + 64;
}
if ($AllowableClass[$t] & 128) {
$tmp = $tmp + 128;
}
if ($AllowableClass[$t] & 256) {
$tmp = $tmp + 256;
}
if ($AllowableClass[$t] & 512) {
$tmp = $tmp + 512;
}
if ($AllowableClass[$t] & 1024) {
$tmp = $tmp + 1024;
}
}
}
if ($tmp) {
$AllowableClass = $tmp;
} else {
$AllowableClass = -1;
}
$tmp = 0;
if ($AllowableRace[0] != -1) {
for ($t = 0; $t < count($AllowableRace); $t++) {
if ($AllowableRace[$t] & 1) {
$tmp = $tmp + 1;
}
if ($AllowableRace[$t] & 2) {
$tmp = $tmp + 2;
}
if ($AllowableRace[$t] & 4) {
$tmp = $tmp + 4;
}
if ($AllowableRace[$t] & 8) {
$tmp = $tmp + 8;
}
if ($AllowableRace[$t] & 16) {
$tmp = $tmp + 16;
}
if ($AllowableRace[$t] & 32) {
$tmp = $tmp + 32;
}
if ($AllowableRace[$t] & 64) {
$tmp = $tmp + 64;
}
if ($AllowableRace[$t] & 128) {
$tmp = $tmp + 128;
}
if ($AllowableRace[$t] & 256) {
$tmp = $tmp + 256;
}
if ($AllowableRace[$t] & 512) {
$tmp = $tmp + 512;
}
}
}
if ($tmp) {
$AllowableRace = $tmp;
} else {
$AllowableRace = -1;
}
if ($_POST['type'] == "add_new") {
$sql_query = "INSERT INTO item_template (entry, class, subclass, name,displayid, Quality, Flags, BuyCount, BuyPrice, SellPrice, InventoryType, AllowableClass, AllowableRace, ItemLevel,\n RequiredLevel, RequiredSkill, RequiredSkillRank, requiredspell, requiredhonorrank, RequiredCityRank, RequiredReputationFaction, RequiredReputationRank, maxcount, stackable, ContainerSlots, stat_type1,\n stat_value1, stat_type2, stat_value2, stat_type3, stat_value3, stat_type4, stat_value4, stat_type5, stat_value5, stat_type6, stat_value6, stat_type7, stat_value7, stat_type8, stat_value8, stat_type9,\n stat_value9, stat_type10, stat_value10, dmg_min1, dmg_max1, dmg_type1, dmg_min2, dmg_max2, dmg_type2, armor, holy_res, fire_res, nature_res, frost_res, shadow_res, arcane_res, delay, ammo_type,\n RangedModRange, spellid_1, spelltrigger_1, spellcharges_1, spellppmRate_1, spellcooldown_1, spellcategory_1, spellcategorycooldown_1,\n spellid_2, spelltrigger_2, spellcharges_2, spellppmRate_2, spellcooldown_2, spellcategory_2, spellcategorycooldown_2, spellid_3, spelltrigger_3, spellcharges_3, spellppmRate_3, spellcooldown_3, spellcategory_3, spellcategorycooldown_3,\n spellid_4, spelltrigger_4, spellcharges_4, spellppmRate_4, spellcooldown_4, spellcategory_4, spellcategorycooldown_4, spellid_5, spelltrigger_5, spellcharges_5, spellppmRate_5, spellcooldown_5, spellcategory_5, spellcategorycooldown_5,\n bonding, description, PageText, LanguageID, PageMaterial, startquest, lockid, Material, sheath, RandomProperty, block, itemset, MaxDurability, area, BagFamily, Map, ScriptName, DisenchantID,RequiredDisenchantSkill,\n ArmorDamageModifier,unk0,RandomSuffix,TotemCategory, socketColor_1, socketContent_1, socketColor_2, socketContent_2, socketColor_3, socketContent_3, socketBonus, GemProperties)\n VALUES ('{$entry}', '{$class}', '{$subclass}', '{$name}','{$displayid}', '{$Quality}', '{$Flags}', '{$BuyCount}', '{$BuyPrice}', '{$SellPrice}', '{$InventoryType}', '{$AllowableClass}', '{$AllowableRace}', '{$ItemLevel}', '{$RequiredLevel}',\n '{$RequiredSkill}', '{$RequiredSkillRank}', '{$requiredspell}', '{$requiredhonorrank}', '{$RequiredCityRank}', '{$RequiredReputationFaction}', '{$RequiredReputationRank}', '{$maxcount}', '{$stackable}', '{$ContainerSlots}', '{$stat_type1}',\n '{$stat_value1}', '{$stat_type2}', '{$stat_value2}', '{$stat_type3}', '{$stat_value3}', '{$stat_type4}', '{$stat_value4}', '{$stat_type5}', '{$stat_value5}', '{$stat_type6}', '{$stat_value6}', '{$stat_type7}', '{$stat_value7}', '{$stat_type8}', '{$stat_value8}',\n '{$stat_type9}', '{$stat_value9}', '{$stat_type10}', '{$stat_value10}', '{$dmg_min1}', '{$dmg_max1}', '{$dmg_type1}', '{$dmg_min2}', '{$dmg_max2}', '{$dmg_type2}', '{$armor}', '{$holy_res}', '{$fire_res}', '{$nature_res}', '{$frost_res}', '{$shadow_res}', '{$arcane_res}', '{$delay}', '{$ammo_type}', '{$RangedModRange}', '{$spellid_1}', '{$spelltrigger_1}', '{$spellcharges_1}', '{$spellppmRate_1}', '{$spellcooldown_1}',\n '{$spellcategory_1}', '{$spellcategorycooldown_1}', '{$spellid_2}', '{$spelltrigger_2}', '{$spellcharges_2}', '{$spellppmRate_2}', '{$spellcooldown_2}', '{$spellcategory_2}', '{$spellcategorycooldown_2}', '{$spellid_3}', '{$spelltrigger_3}', '{$spellcharges_3}', '{$spellppmRate_3}',\n '{$spellcooldown_3}', '{$spellcategory_3}', '{$spellcategorycooldown_3}', '{$spellid_4}', '{$spelltrigger_4}', '{$spellcharges_4}', '{$spellppmRate_4}', '{$spellcooldown_4}', '{$spellcategory_4}', '{$spellcategorycooldown_4}', '{$spellid_5}', '{$spelltrigger_5}',\n '{$spellcharges_5}', '{$spellppmRate_5}', '{$spellcooldown_5}', '{$spellcategory_5}', '{$spellcategorycooldown_5}', '{$bonding}', '{$description}', '{$PageText}', '{$LanguageID}', '{$PageMaterial}', '{$startquest}', '{$lockid}', '{$Material}', '{$sheath}', '{$RandomProperty}', '{$block}',\n '{$itemset}', '{$MaxDurability}', '{$area}', '{$BagFamily}', '{$Map}', '{$ScriptName}', '{$DisenchantID}', '{$RequiredDisenchantSkill}','{$ArmorDamageModifier}','{$unk0}','{$RandomSuffix}', '{$TotemCategory}', '{$socketColor_1}', '{$socketContent_1}', '{$socketColor_2}',\n '{$socketContent_2}', '{$socketColor_3}', '{$socketContent_3}', '{$socketBonus}', '{$GemProperties}')";
} elseif ($_POST['type'] == "edit") {
$sql_query = "UPDATE item_template SET ";
$result = $sql->query("SELECT `item_template`.`entry`,`class`,`subclass`,`unk0`,IFNULL(" . ($deplang != 0 ? "name_loc{$deplang}" : "NULL") . ",`name`) as name,`displayid`,`Quality`,`Flags`,`BuyCount`,`BuyPrice`,`SellPrice`,`InventoryType`,`AllowableClass`,`AllowableRace`,`ItemLevel`,`RequiredLevel`,`RequiredSkill`,`RequiredSkillRank`,`requiredspell`,`requiredhonorrank`,`RequiredCityRank`,`RequiredReputationFaction`,`RequiredReputationRank`,`maxcount`,`stackable`,`ContainerSlots`,`stat_type1`,`stat_value1`,`stat_type2`,`stat_value2`,`stat_type3`,`stat_value3`,`stat_type4`,`stat_value4`,`stat_type5`,`stat_value5`,`stat_type6`,`stat_value6`,`stat_type7`,`stat_value7`,`stat_type8`,`stat_value8`,`stat_type9`,`stat_value9`,`stat_type10`,`stat_value10`,`dmg_min1`,`dmg_max1`,`dmg_type1`,`dmg_min2`,`dmg_max2`,`dmg_type2`,`armor`,`holy_res`,`fire_res`,`nature_res`,`frost_res`,`shadow_res`,`arcane_res`,`delay`,`ammo_type`,`RangedModRange`,`spellid_1`,`spelltrigger_1`,`spellcharges_1`,`spellppmRate_1`,`spellcooldown_1`,`spellcategory_1`,`spellcategorycooldown_1`,`spellid_2`,`spelltrigger_2`,`spellcharges_2`,`spellppmRate_2`,`spellcooldown_2`,`spellcategory_2`,`spellcategorycooldown_2`,`spellid_3`,`spelltrigger_3`,`spellcharges_3`,`spellppmRate_3`,`spellcooldown_3`,`spellcategory_3`,`spellcategorycooldown_3`,`spellid_4`,`spelltrigger_4`,`spellcharges_4`,`spellppmRate_4`,`spellcooldown_4`,`spellcategory_4`,`spellcategorycooldown_4`,`spellid_5`,`spelltrigger_5`,`spellcharges_5`,`spellppmRate_5`,`spellcooldown_5`,`spellcategory_5`,`spellcategorycooldown_5`,`bonding`,`description`,`PageText`,`LanguageID`,`PageMaterial`,`startquest`,`lockid`,`Material`,`sheath`,`RandomProperty`,`RandomSuffix`,`block`,`itemset`,`MaxDurability`,`area`,`Map`,`BagFamily`,`TotemCategory`,`socketColor_1`,`socketContent_1`,`socketColor_2`,`socketContent_2`,`socketColor_3`,`socketContent_3`,`socketBonus`,`GemProperties`,`RequiredDisenchantSkill`,`ArmorDamageModifier`,`ScriptName`,`DisenchantID`,`FoodType`,`minMoneyLoot`,`maxMoneyLoot` FROM item_template LEFT JOIN locales_item ON item_template.entry = locales_item.entry WHERE item_template.entry = '{$entry}'");
if ($item_templ = $sql->fetch_assoc($result)) {
if ($item_templ['class'] != $class) {
$sql_query .= "class='{$class}',";
}
if ($item_templ['subclass'] != $subclass) {
$sql_query .= "subclass='{$subclass}',";
}
if ($item_templ['name'] != $name) {
$sql_query .= "name='{$name}',";
}
if ($item_templ['displayid'] != $displayid) {
$sql_query .= "displayid='{$displayid}',";
}
if ($item_templ['Quality'] != $Quality) {
$sql_query .= "Quality='{$Quality}',";
}
if ($item_templ['Flags'] != $Flags) {
$sql_query .= "Flags='{$Flags}',";
}
if ($item_templ['BuyCount'] != $BuyCount) {
$sql_query .= "BuyCount='{$BuyCount}',";
}
if ($item_templ['BuyPrice'] != $BuyPrice) {
$sql_query .= "BuyPrice='{$BuyPrice}',";
}
if ($item_templ['SellPrice'] != $SellPrice) {
$sql_query .= "SellPrice='{$SellPrice}',";
}
if ($item_templ['InventoryType'] != $InventoryType) {
$sql_query .= "InventoryType='{$InventoryType}',";
}
if ($item_templ['AllowableClass'] != $AllowableClass) {
$sql_query .= "AllowableClass='{$AllowableClass}',";
}
if ($item_templ['AllowableRace'] != $AllowableRace) {
$sql_query .= "AllowableRace='{$AllowableRace}',";
}
if ($item_templ['ItemLevel'] != $ItemLevel) {
$sql_query .= "ItemLevel='{$ItemLevel}',";
}
if ($item_templ['RequiredLevel'] != $RequiredLevel) {
$sql_query .= "RequiredLevel='{$RequiredLevel}',";
}
if ($item_templ['RequiredSkill'] != $RequiredSkill) {
$sql_query .= "RequiredSkill='{$RequiredSkill}',";
}
if ($item_templ['RequiredSkillRank'] != $RequiredSkillRank) {
$sql_query .= "RequiredSkillRank='{$RequiredSkillRank}',";
}
if ($item_templ['requiredspell'] != $requiredspell) {
$sql_query .= "requiredspell='{$requiredspell}',";
}
if ($item_templ['requiredhonorrank'] != $requiredhonorrank) {
$sql_query .= "requiredhonorrank='{$requiredhonorrank}',";
}
if ($item_templ['RequiredCityRank'] != $RequiredCityRank) {
$sql_query .= "RequiredCityRank='{$RequiredCityRank}',";
}
if ($item_templ['RequiredReputationFaction'] != $RequiredReputationFaction) {
$sql_query .= "RequiredReputationFaction='{$RequiredReputationFaction}',";
}
if ($item_templ['RequiredReputationRank'] != $RequiredReputationRank) {
$sql_query .= "RequiredReputationRank='{$RequiredReputationRank}',";
}
if ($item_templ['maxcount'] != $maxcount) {
$sql_query .= "maxcount='{$maxcount}',";
}
if ($item_templ['stackable'] != $stackable) {
$sql_query .= "stackable='{$stackable}',";
}
if ($item_templ['ContainerSlots'] != $ContainerSlots) {
$sql_query .= "ContainerSlots='{$ContainerSlots}',";
}
if ($item_templ['stat_type1'] != $stat_type1) {
$sql_query .= "stat_type1='{$stat_type1}',";
}
if ($item_templ['stat_value1'] != $stat_value1) {
$sql_query .= "stat_value1='{$stat_value1}',";
}
if ($item_templ['stat_type2'] != $stat_type2) {
$sql_query .= "stat_type2='{$stat_type2}',";
}
if ($item_templ['stat_value2'] != $stat_value2) {
$sql_query .= "stat_value2='{$stat_value2}',";
}
if ($item_templ['stat_type3'] != $stat_type3) {
$sql_query .= "stat_type3='{$stat_type3}',";
}
if ($item_templ['stat_value3'] != $stat_value3) {
$sql_query .= "stat_value3='{$stat_value3}',";
}
if ($item_templ['stat_type4'] != $stat_type4) {
$sql_query .= "stat_type4='{$stat_type4}',";
}
if ($item_templ['stat_value4'] != $stat_value4) {
$sql_query .= "stat_value4='{$stat_value4}',";
}
if ($item_templ['stat_type5'] != $stat_type5) {
$sql_query .= "stat_type5='{$stat_type5}',";
}
if ($item_templ['stat_value5'] != $stat_value5) {
$sql_query .= "stat_value5='{$stat_value5}',";
}
if ($item_templ['stat_type6'] != $stat_type6) {
$sql_query .= "stat_type6='{$stat_type6}',";
}
if ($item_templ['stat_value6'] != $stat_value6) {
$sql_query .= "stat_value6='{$stat_value6}',";
}
if ($item_templ['stat_type7'] != $stat_type7) {
$sql_query .= "stat_type7='{$stat_type7}',";
}
if ($item_templ['stat_value7'] != $stat_value7) {
$sql_query .= "stat_value7='{$stat_value7}',";
}
if ($item_templ['stat_type8'] != $stat_type8) {
$sql_query .= "stat_type8='{$stat_type8}',";
}
if ($item_templ['stat_value8'] != $stat_value8) {
$sql_query .= "stat_value8='{$stat_value8}',";
}
if ($item_templ['stat_type9'] != $stat_type9) {
$sql_query .= "stat_type9='{$stat_type9}',";
}
if ($item_templ['stat_value9'] != $stat_value9) {
$sql_query .= "stat_value9='{$stat_value9}',";
}
if ($item_templ['stat_type10'] != $stat_type10) {
$sql_query .= "stat_type10='{$stat_type10}',";
}
if ($item_templ['stat_value10'] != $stat_value10) {
$sql_query .= "stat_value10='{$stat_value10}',";
}
if ($item_templ['dmg_min1'] != $dmg_min1) {
$sql_query .= "dmg_min1='{$dmg_min1}',";
}
if ($item_templ['dmg_max1'] != $dmg_max1) {
$sql_query .= "dmg_max1='{$dmg_max1}',";
}
if ($item_templ['dmg_type1'] != $dmg_type1) {
$sql_query .= "dmg_type1='{$dmg_type1}',";
}
if ($item_templ['dmg_min2'] != $dmg_min2) {
$sql_query .= "dmg_min2='{$dmg_min2}',";
}
if ($item_templ['dmg_max2'] != $dmg_max2) {
$sql_query .= "dmg_max2='{$dmg_max2}',";
}
if ($item_templ['dmg_type2'] != $dmg_type2) {
$sql_query .= "dmg_type2='{$dmg_type2}',";
}
if ($item_templ['armor'] != $armor) {
$sql_query .= "armor='{$armor}',";
}
if ($item_templ['holy_res'] != $holy_res) {
$sql_query .= "holy_res='{$holy_res}',";
}
if ($item_templ['fire_res'] != $fire_res) {
$sql_query .= "fire_res='{$fire_res}',";
}
if ($item_templ['nature_res'] != $nature_res) {
$sql_query .= "nature_res='{$nature_res}',";
}
if ($item_templ['frost_res'] != $frost_res) {
$sql_query .= "frost_res='{$frost_res}',";
}
if ($item_templ['shadow_res'] != $shadow_res) {
$sql_query .= "shadow_res='{$shadow_res}',";
}
if ($item_templ['arcane_res'] != $arcane_res) {
$sql_query .= "arcane_res='{$arcane_res}',";
}
if ($item_templ['delay'] != $delay) {
$sql_query .= "delay='{$delay}',";
}
if ($item_templ['ammo_type'] != $ammo_type) {
$sql_query .= "ammo_type='{$ammo_type}',";
}
if ($item_templ['RangedModRange'] != $RangedModRange) {
$sql_query .= "RangedModRange='{$RangedModRange}',";
}
if ($item_templ['spellid_1'] != $spellid_1) {
$sql_query .= "spellid_1='{$spellid_1}',";
}
if ($item_templ['spelltrigger_1'] != $spelltrigger_1) {
$sql_query .= "spelltrigger_1='{$spelltrigger_1}',";
}
if ($item_templ['spellcharges_1'] != $spellcharges_1) {
$sql_query .= "spellcharges_1='{$spellcharges_1}',";
}
if ($item_templ['spellppmRate_1'] != $spellppmRate_1) {
$sql_query .= "spellppmRate_1='{$spellppmRate_1}',";
}
if ($item_templ['spellcooldown_1'] != $spellcooldown_1) {
$sql_query .= "spellcooldown_1='{$spellcooldown_1}',";
}
if ($item_templ['spellcategory_1'] != $spellcategory_1) {
$sql_query .= "spellcategory_1='{$spellcategory_1}',";
}
if ($item_templ['spellcategorycooldown_1'] != $spellcategorycooldown_1) {
$sql_query .= "spellcategorycooldown_1='{$spellcategorycooldown_1}',";
}
if ($item_templ['spellid_2'] != $spellid_2) {
$sql_query .= "spellid_2='{$spellid_2}',";
}
if ($item_templ['spelltrigger_2'] != $spelltrigger_2) {
$sql_query .= "spelltrigger_2='{$spelltrigger_2}',";
}
if ($item_templ['spellcharges_2'] != $spellcharges_2) {
$sql_query .= "spellcharges_2='{$spellcharges_2}',";
}
if ($item_templ['spellppmRate_2'] != $spellppmRate_2) {
$sql_query .= "spellppmRate_2='{$spellppmRate_2}',";
}
if ($item_templ['spellcooldown_2'] != $spellcooldown_2) {
$sql_query .= "spellcooldown_2='{$spellcooldown_2}',";
}
if ($item_templ['spellcategory_2'] != $spellcategory_2) {
$sql_query .= "spellcategory_2='{$spellcategory_2}',";
}
if ($item_templ['spellcategorycooldown_2'] != $spellcategorycooldown_2) {
$sql_query .= "spellcategorycooldown_2='{$spellcategorycooldown_2}',";
}
if ($item_templ['spellid_3'] != $spellid_3) {
$sql_query .= "spellid_3='{$spellid_3}',";
}
if ($item_templ['spelltrigger_3'] != $spelltrigger_3) {
$sql_query .= "spelltrigger_3='{$spelltrigger_3}',";
}
if ($item_templ['spellcharges_3'] != $spellcharges_3) {
$sql_query .= "spellcharges_3='{$spellcharges_3}',";
}
if ($item_templ['spellppmRate_3'] != $spellppmRate_3) {
$sql_query .= "spellppmRate_3='{$spellppmRate_3}',";
}
if ($item_templ['spellcooldown_3'] != $spellcooldown_3) {
$sql_query .= "spellcooldown_3='{$spellcooldown_3}',";
}
if ($item_templ['spellcategory_3'] != $spellcategory_3) {
$sql_query .= "spellcategory_3='{$spellcategory_3}',";
}
if ($item_templ['spellcategorycooldown_3'] != $spellcategorycooldown_3) {
$sql_query .= "spellcategorycooldown_3='{$spellcategorycooldown_3}',";
}
if ($item_templ['spellid_4'] != $spellid_4) {
$sql_query .= "spellid_4='{$spellid_4}',";
}
if ($item_templ['spelltrigger_4'] != $spelltrigger_4) {
$sql_query .= "spelltrigger_4='{$spelltrigger_4}',";
}
if ($item_templ['spellcharges_4'] != $spellcharges_4) {
$sql_query .= "spellcharges_4='{$spellcharges_4}',";
}
if ($item_templ['spellppmRate_4'] != $spellppmRate_4) {
$sql_query .= "spellppmRate_4='{$spellppmRate_4}',";
}
if ($item_templ['spellcooldown_4'] != $spellcooldown_4) {
$sql_query .= "spellcooldown_4='{$spellcooldown_4}',";
}
if ($item_templ['spellcategory_4'] != $spellcategory_4) {
$sql_query .= "spellcategory_4='{$spellcategory_4}',";
}
if ($item_templ['spellcategorycooldown_4'] != $spellcategorycooldown_4) {
$sql_query .= "spellcategorycooldown_4='{$spellcategorycooldown_4}', ";
}
if ($item_templ['spellid_5'] != $spellid_5) {
$sql_query .= "spellid_5='{$spellid_5}',";
}
if ($item_templ['spelltrigger_5'] != $spelltrigger_5) {
$sql_query .= "spelltrigger_5='{$spelltrigger_5}',";
}
if ($item_templ['spellcharges_5'] != $spellcharges_5) {
$sql_query .= "spellcharges_5='{$spellcharges_5}',";
}
if ($item_templ['spellppmRate_5'] != $spellppmRate_5) {
$sql_query .= "spellppmRate_5='{$spellppmRate_5}',";
}
if ($item_templ['spellcooldown_5'] != $spellcooldown_5) {
$sql_query .= "spellcooldown_5='{$spellcooldown_5}',";
}
if ($item_templ['spellcategory_5'] != $spellcategory_5) {
$sql_query .= "spellcategory_5='{$spellcategory_5}',";
}
if ($item_templ['spellcategorycooldown_5'] != $spellcategorycooldown_5) {
$sql_query .= "spellcategorycooldown_5='{$spellcategorycooldown_5}',";
}
if ($item_templ['bonding'] != $bonding) {
$sql_query .= "bonding='{$bonding}',";
}
if ($item_templ['description'] != $description) {
$sql_query .= "description='{$description}',";
}
if ($item_templ['PageText'] != $PageText) {
$sql_query .= "PageText='{$PageText}',";
}
if ($item_templ['LanguageID'] != $LanguageID) {
$sql_query .= "LanguageID='{$LanguageID}',";
}
if ($item_templ['PageMaterial'] != $PageMaterial) {
$sql_query .= "PageMaterial='{$PageMaterial}',";
}
if ($item_templ['startquest'] != $startquest) {
$sql_query .= "startquest='{$startquest}',";
}
if ($item_templ['lockid'] != $lockid) {
$sql_query .= "lockid='{$lockid}',";
}
if ($item_templ['Material'] != $Material) {
$sql_query .= "Material='{$Material}',";
}
if ($item_templ['sheath'] != $sheath) {
$sql_query .= "sheath='{$sheath}',";
}
if ($item_templ['RandomProperty'] != $RandomProperty) {
$sql_query .= "RandomProperty='{$RandomProperty}',";
}
if ($item_templ['block'] != $block) {
$sql_query .= "block='{$block}',";
}
if ($item_templ['itemset'] != $itemset) {
$sql_query .= "itemset='{$itemset}',";
}
if ($item_templ['MaxDurability'] != $MaxDurability) {
$sql_query .= "MaxDurability='{$MaxDurability}',";
}
if ($item_templ['area'] != $area) {
$sql_query .= "area='{$area}',";
}
if ($item_templ['BagFamily'] != $BagFamily) {
$sql_query .= "BagFamily='{$BagFamily}',";
}
if ($item_templ['Map'] != $Map) {
$sql_query .= "Map='{$Map}',";
}
if ($item_templ['ScriptName'] != $ScriptName) {
$sql_query .= "ScriptName='{$ScriptName}',";
}
if ($item_templ['DisenchantID'] != $DisenchantID) {
$sql_query .= "DisenchantID='{$DisenchantID}',";
}
if ($item_templ['RequiredDisenchantSkill'] != $RequiredDisenchantSkill) {
$sql_query .= "RequiredDisenchantSkill='{$RequiredDisenchantSkill}',";
}
if ($item_templ['ArmorDamageModifier'] != $ArmorDamageModifier) {
$sql_query .= "ArmorDamageModifier='{$ArmorDamageModifier}',";
}
if ($item_templ['unk0'] != $unk0) {
$sql_query .= "unk0='{$unk0}',";
}
if ($item_templ['RandomSuffix'] != $RandomSuffix) {
$sql_query .= "RandomSuffix='{$RandomSuffix}',";
}
if ($item_templ['TotemCategory'] != $TotemCategory) {
$sql_query .= "TotemCategory='{$TotemCategory}',";
}
if ($item_templ['socketColor_1'] != $socketColor_1) {
$sql_query .= "socketColor_1='{$socketColor_1}',";
}
if ($item_templ['socketContent_1'] != $socketContent_1) {
$sql_query .= "socketContent_1='{$socketContent_1}',";
}
if ($item_templ['socketColor_2'] != $socketColor_2) {
$sql_query .= "socketColor_2='{$socketColor_2}',";
}
if ($item_templ['socketContent_2'] != $socketContent_2) {
$sql_query .= "socketContent_2='{$socketContent_2}',";
}
if ($item_templ['socketColor_3'] != $socketColor_3) {
$sql_query .= "socketColor_3='{$socketColor_3}',";
}
if ($item_templ['socketContent_3'] != $socketContent_3) {
$sql_query .= "socketContent_3='{$socketContent_3}',";
}
if ($item_templ['socketBonus'] != $socketBonus) {
$sql_query .= "socketBonus='{$socketBonus}',";
}
if ($item_templ['GemProperties'] != $GemProperties) {
$sql_query .= "GemProperties='{$GemProperties}',";
}
$sql->free_result($result);
unset($item_templ);
if ($sql_query == "UPDATE item_template SET " && !$de_item && !$del_de_items) {
$sql->close();
redirect("item.php?action=edit&entry={$entry}&error=6");
} else {
if ($sql_query != "UPDATE item_template SET ") {
$sql_query[strlen($sql_query) - 1] = " ";
$sql_query .= " WHERE entry = '{$entry}';\n";
} else {
$sql_query = "";
}
}
if ($de_item) {
$sql_query .= "INSERT INTO disenchant_loot_template (entry, item, ChanceOrQuestChance, `groupid`, mincountOrRef, maxcount, lootcondition, condition_value1, condition_value2)\n VALUES ({$DisenchantID},{$de_item},'{$de_ChanceOrQuestChance}', '{$de_groupid}' ,{$de_mincountOrRef} ,{$de_maxcount} ,{$de_lootcondition} ,{$de_condition_value1} ,{$de_condition_value2});\n";
}
if ($del_de_items) {
foreach ($del_de_items as $item_id) {
$sql_query .= "DELETE FROM disenchant_loot_template WHERE entry = {$DisenchantID} AND item = {$item_id};\n";
}
}
} else {
$sql->close();
redirect("item.php?error=5");
}
} else {
$sql->close();
redirect("item.php?error=5");
}
if (isset($_POST['backup_op']) && $_POST['backup_op'] == 1) {
$sql->close();
Header("Content-type: application/octet-stream");
Header("Content-Disposition: attachment; filename=itemid_{$entry}.sql");
echo $sql_query;
exit;
} else {
$sql_query = explode(';', $sql_query);
foreach ($sql_query as $tmp_query) {
if ($tmp_query && $tmp_query != "\n") {
$result = $sql->query($tmp_query);
}
}
$sql->close();
}
if ($result) {
redirect("item.php?action=edit&entry={$entry}&error=4");
} else {
redirect("item.php");
}
}
function run_sql_script($dbhost, $dbuser, $dbpass, $dbname, $path, $unlink)
{
global $lang_global;
$fp = fopen($path, 'r') or die(error("Couldn't Open File!"));
$sql_1 = new SQL();
$sql_1->connect($dbhost, $dbuser, $dbpass, $dbname);
$query = "";
$queries = 0;
$linenumber = 0;
$inparents = false;
while (!feof($fp)) {
$dumpline = "";
while (!feof($fp) && substr($dumpline, -1) != "\n") {
$dumpline .= fgets($fp, 16384);
}
$dumpline = ereg_replace("\r\n\$", "\n", $dumpline);
$dumpline = ereg_replace("\r\$", "\n", $dumpline);
if (!$inparents) {
$skipline = false;
if (!$inparents && (trim($dumpline) == "" || strpos($dumpline, '#') === 0 || strpos($dumpline, '-- ') === 0)) {
$skipline = true;
}
if ($skipline) {
$linenumber++;
continue;
}
}
$dumpline_deslashed = str_replace("\\\\", "", $dumpline);
$parents = substr_count($dumpline_deslashed, "'") - substr_count($dumpline_deslashed, "\\'");
if ($parents % 2 != 0) {
$inparents = !$inparents;
}
$query .= $dumpline;
if (ereg(";\$", trim($dumpline)) && !$inparents) {
if (!$sql_1->query(trim($query))) {
fclose($fp);
if ($unlink) {
unlink($path);
}
$err = ereg_replace("\n", "", $sql_1->error());
$err = ereg_replace("\r\n\$", "", $err);
$err = ereg_replace("\r\$", "", $err);
error("SQL Error at the line: {$linenumber} in {$path} <br /> {$err}");
break;
}
$queries++;
$query = "";
}
$linenumber++;
}
$sql_1->close();
fclose($fp);
return $queries;
}
function forum_move_topic(&$sqlm)
{
global $forum_skeleton, $forum_lang, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db;
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
if (!isset($_GET['id'])) {
error($forum_lang['no_such_topic']);
} else {
$id = $sqlm->quote_smart($_GET['id']);
}
$topic = $sqlm->query('
SELECT id, topic, authorid, forum, name
FROM mm_forum_posts
WHERE id = ' . $id . '');
if ($sqlm->num_rows($topic) == 0) {
error($forum_lang['no_such_topic']);
}
$topic = $sqlm->fetch_assoc($topic);
if ($user_lvl == 0) {
error($forum_lang['no_access']);
}
$fid = $topic['forum'];
$cat = 0;
foreach ($forum_skeleton as $cid => $category) {
foreach ($category['forums'] as $fid_ => $forum) {
if ($fid_ == $fid) {
$cat = $cid;
}
}
}
if (empty($forum_skeleton[$cat]['forums'][$fid])) {
// No such forum..
error($forum_lang['no_such_forum']);
}
$forum = $forum_skeleton[$cat]["forums"][$fid];
$output .= '
<div class="top">
<h1>' . $forum_lang['forums'] . '</h1>
</div>
<center>
<table class="flat">
<tr>
<td align="left">
<a href="forum.php">' . $forum_lang['forum_index'] . '</a> ->
<a href="forum.php?action=view_forum&id=' . $fid . '">' . $forum['name'] . '</a> ->
<a href="forum.php?action=view_topic&id=' . $topic['topic'] . '">' . $topic['name'] . '</a> ->
' . $forum_lang["move"] . '!
</td>
</tr>
</table>
<table class="lined">
<tr>
<td>' . $forum_lang['where'] . ' :
<form action="forum.php?action=do_move_topic" method="POST" name="form">
<select name="forum">';
foreach ($forum_skeleton as $category) {
foreach ($category['forums'] as $fid_ => $forum) {
if ($fid_ != $fid) {
$output .= '
<option value=' . $fid_ . '>' . $forum['name'] . '</option>';
} else {
$output .= '
<option value=' . $fid_ . ' selected>' . $forum['name'] . '</option>';
}
}
}
$output .= '
</select>
<input type="hidden" name="id" value="' . $id . '">
</form>
</td>
</tr>
</table>
<table class="hidden">
<tr>
<td>';
makebutton($forum_lang['back'], "javascript:window.history.back()", 120);
makebutton($forum_lang['confirm'], "javascript:do_submit()", 120);
$output .= '
</td>
</tr>
</table>
</center>';
$sqlm->close();
// Queries : 1
}
function forum_index(&$sqlr, &$sqlm)
{
global $enablesidecheck, $forum_skeleton, $forum_lang, $user_lvl, $output, $realm_db, $mmfpm_db;
if ($enablesidecheck) {
$side = get_side();
}
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
$result = $sqlm->query('
SELECT authorname, id, name, time, forum
FROM mm_forum_posts
WHERE id IN
(SELECT MAX(id)
FROM mm_forum_posts
GROUP BY forum)
ORDER BY forum;');
$lasts = array();
if ($sqlm->num_rows($result) > 0) {
while ($row = $sqlm->fetch_assoc($result)) {
$lasts[$row['forum']] = $row;
}
}
$output .= '
<div class="top">
<h1>' . $forum_lang['forums'] . '</h1>
</div>
<center>
<fieldset>
<legend><a href="forum.php">' . $forum_lang['forum_index'] . '</a></legend>
<table class="lined">';
$cid = $sqlm->query('
SELECT category, name, description, side_access, level_post_topic, level_read, level_post
FROM mm_forum_categories');
while ($category = $sqlm->fetch_assoc($cid)) {
if ($category['level_read'] > $user_lvl) {
continue;
}
if ($user_lvl == 0 && $enablesidecheck) {
if ($category['side_access'] != 'ALL') {
// Not an all side forum
if ($side == 'NO') {
// No char
continue;
} else {
if ($category['side_access'] != $side) {
// Forumside different of the user side
continue;
}
}
}
}
$output .= '
<tr>
<th class="head" align="left">' . $category['name'] . '<br />' . $category['description'] . '</th>
<th class="head">' . $forum_lang['topics'] . '</th>
<th class="head">' . $forum_lang['replies'] . '</th>
<th class="head" align="right">' . $forum_lang['last_post'] . '</th>
</tr>';
$fid = $sqlm->query('
SELECT forum, category, name, description, side_access, level_post_topic, level_read, level_post
FROM mm_forum_forums
WHERE category = ' . $category['category'] . '');
while ($forum = $sqlm->fetch_assoc($fid)) {
if ($forum['level_read'] > $user_lvl) {
continue;
}
if ($user_lvl == 0 && $enablesidecheck) {
if ($forum['side_access'] != 'ALL') {
// Not an all side forum
if ($side == 'NO') {
// No char
continue;
} else {
if ($forum['side_access'] != $side) {
// Forumside different of the user side
continue;
}
}
}
}
$totaltopics = $sqlm->query('
SELECT id
FROM mm_forum_posts
WHERE forum = ' . $forum['forum'] . ' AND id = topic');
$numtopics = $sqlm->num_rows($totaltopics);
$totalreplies = $sqlm->query('
SELECT id
FROM mm_forum_posts
WHERE forum = ' . $forum['forum'] . '');
$numreplies = $sqlm->num_rows($totalreplies);
$output .= '
<tr>
<td align="left"><a href="forum.php?action=view_forum&id=' . $forum['forum'] . '">' . $forum['name'] . '</a><br />' . $forum['description'] . '</td>
<td>' . $numtopics . '</td>
<td>' . $numreplies . '</td>';
if (isset($lasts[$forum['forum']])) {
$lasts[$forum['forum']]['name'] = htmlspecialchars($lasts[$forum['forum']]['name']);
$output .= '
<td align="right">
<a href="forum.php?action=view_topic&postid=' . $lasts[$forum['forum']]['id'] . '">' . $lasts[$forum['forum']]['name'] . '</a>
<br />by ' . $lasts[$forum['forum']]['authorname'] . '
<br /> ' . $lasts[$forum['forum']]['time'] . '
</td>
</tr>';
} else {
$output .= '
<td align="right">' . $forum_lang['no_topics'] . '</td>
</tr>';
}
}
}
$output .= '
<tr>
<td align="right" class="hidden"></td>
</tr>
</table>
</fieldset>
</center>
<br/>';
$sqlm->close();
// Queries : 1
}
function docleanup()
{
global $lang_cleanup, $lang_global, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $tab_del_user_characters, $tab_del_user_characters_trinity, $tab_del_user_realmd;
if ($server_type) {
$tab_del_user_characters = $tab_del_user_characters_trinity;
}
if (!isset($_POST['type']) || $_POST['type'] === '') {
redirect("cleanup.php?error=1");
}
$sql = new SQL();
$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$type = $sql->quote_smart($_POST['type']);
if (isset($_POST['check']) && $_POST['check'] != '') {
$check = $sql->quote_smart($_POST['check']);
$check = explode('-', $check);
} else {
redirect("cleanup.php?error=1");
}
$deleted_acc = 0;
$deleted_chars = 0;
$deleted_gulds = 0;
require_once "./libs/del_lib.php";
switch ($type) {
//we deleting account array
case "acc":
for ($i = 1; $i < count($check); $i++) {
if ($check[$i] != "") {
list($flag, $del_char) = del_acc($check[$i]);
if ($flag) {
$deleted_acc++;
$deleted_chars += $del_char;
}
}
}
break;
//we deleting character array
//we deleting character array
case "char":
for ($i = 1; $i < count($check); $i++) {
if ($check[$i] != "") {
if (del_char($check[$i], $realm_id)) {
$deleted_chars++;
}
}
}
break;
//cleaning guilds
//cleaning guilds
case "guild":
for ($i = 1; $i < count($check); $i++) {
if ($check[$i] != "") {
if (del_guild($check[$i], $realm_id)) {
$deleted_gulds++;
}
}
}
break;
//cleaning arena teams
//cleaning arena teams
case "arenateam":
for ($i = 1; $i < count($check); $i++) {
if ($check[$i] != "") {
if (del_arenateam($check[$i], $realm_id)) {
$deleted_arenateams++;
}
}
}
break;
default:
redirect("cleanup.php?error=1");
}
$sql->close();
unset($sql);
$output .= "<center>";
if ($type == "guild") {
if (!$deleted_gulds) {
$output .= "<h1><font class=\"error\">{$lang_cleanup['no_guilds_del']}</font></h1>";
} else {
$output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_gulds}</font> {$lang_cleanup['guilds_deleted']}</font></h1>";
}
} else {
if ($type == "arenateam") {
if (!$deleted_arenateams) {
$output .= "<h1><font class=\"error\">{$lang_cleanup['no_arenateams_del']}</font></h1>";
} else {
$output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_arenateams}</font> {$lang_cleanup['arenateams_deleted']}</font></h1>";
}
} else {
if ($deleted_acc + $deleted_chars == 0) {
$output .= "<h1><font class=\"error\">{$lang_cleanup['no_acc_chars_deleted']}</font></h1>";
} else {
$output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_acc}</font> {$lang_cleanup['accs_deleted']}</font></h1><br />";
$output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_chars}</font> {$lang_cleanup['chars_deleted']}</font></h1>";
}
}
}
$output .= "<br /><br />";
$output .= "<table class=\"hidden\">\r\n <tr><td>";
makebutton($lang_cleanup['back_cleaning'], "cleanup.php", 200);
$output .= "</td></tr>\r\n </table><br /></center>";
}
function forum_do_edit_post(&$sqlm)
{
global $forum_lang, $user_lvl, $user_name, $user_id, $mmfpm_db;
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
//==========================$_POST and SECURE=================================
if (!isset($_POST['forum'])) {
error($forum_lang["no_such_forum"]);
} else {
$forum = $sqlm->quote_smart($_POST['forum']);
}
if (!isset($_POST['post'])) {
error($forum_lang["no_such_post"]);
} else {
$post = $sqlm->quote_smart($_POST['post']);
}
if (!isset($_POST['name'])) {
$topic = 0;
} else {
$topic = 1;
// htmlspecialchars($_POST['name']);
$name = $sqlm->quote_smart($_POST['name']);
if (strlen($name) > 49) {
$sqlm->close();
error($forum_lang["name_too_long"]);
}
if (strlen($name) < 5) {
$sqlm->close();
error($forum_lang["name_too_short"]);
}
}
// $_POST['msg'] = htmlspecialchars($_POST['msg']);
$msg = trim($sqlm->quote_smart($_POST['msg']), " ");
if (strlen($msg) < 5) {
$sqlm->close();
error($forum_lang["msg_too_short"]);
}
//==========================$_POST and SECURE end==============================
$msg = str_replace('\\n', '<br />', $msg);
// $msg = str_replace('\r', '<br />', $msg);
$result = $sqlm->query('
SELECT topic
FROM mm_forum_posts
WHERE id = ' . $post . '');
$topicid = $sqlm->fetch_assoc($result);
$sqlm->query('
UPDATE mm_forum_posts
SET text = \'' . $msg . '\'
WHERE id = ' . $post . '');
if ($topic == 1) {
$sqlm->query('
UPDATE mm_forum_posts
SET name = \'' . $name . '\'
WHERE topic = ' . $topicid['topic'] . '');
}
$result = $sqlm->query('
SELECT topic
FROM mm_forum_posts
WHERE id = ' . $post . '');
$topicid = $sqlm->fetch_assoc($result);
$sqlm->close();
redirect('forum.php?action=view_topic&id=' . $topicid['topic'] . '');
// Queries : 3 (+1 if topic)
}
function forum_move_topic()
{
global $forum_skeleton, $forum_lang, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db;
$mysql = new SQL();
$link = $mysql->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
if (!isset($_GET["id"])) {
error($forum_lang["no_such_topic"]);
} else {
$id = $mysql->quote_smart($_GET["id"]);
}
$topic = $mysql->query("SELECT id,topic,authorid,forum, name FROM mm_forum_posts WHERE id = '{$id}';");
// 0 1 2 3 4
if ($mysql->num_rows($topic) == 0) {
error($forum_lang["no_such_topic"]);
}
$topic = $mysql->fetch_row($topic);
if ($user_lvl == 0) {
error($forum_lang["no_access"]);
}
$fid = $topic[3];
$cat = 0;
foreach ($forum_skeleton as $cid => $category) {
foreach ($category["forums"] as $fid_ => $forum) {
if ($fid_ == $fid) {
$cat = $cid;
}
}
}
if (empty($forum_skeleton[$cat]["forums"][$fid])) {
// No such forum..
error($forum_lang["no_such_forum"]);
}
$forum = $forum_skeleton[$cat]["forums"][$fid];
$output .= "<div class=\"top\"><h1>{$forum_lang["forums"]}</h1>{$forum_lang["you_are_here"]} : <a href=\"forum.php\">{$forum_lang["forum_index"]}</a> -> <a href=\"forum.php?action=view_forum&id={$fid}\">{$forum["name"]}</a> -> <a href=\"forum.php?action=view_topic&id={$topic[1]}\">{$topic[4]}</a> -> {$forum_lang["move"]}!</div><center><table class=\"lined\">\r\n <tr><td>{$forum_lang["where"]} : <form action=\"forum.php?action=do_move_topic\" method=\"POST\" name=\"form\"><select name=\"forum\">";
foreach ($forum_skeleton as $category) {
foreach ($category["forums"] as $fid_ => $forum) {
if ($fid_ != $fid) {
$output .= "<option value='{$fid_}'>{$forum["name"]}</option>";
} else {
$output .= "<option value='{$fid_}' selected>{$forum["name"]}</option>";
}
}
}
$output .= "</select><input type=\"hidden\" name=\"id\" value=\"{$id}\" /></form></td></tr></table><table class=\"hidden\"><tr><td>";
makebutton($forum_lang["back"], "javascript:window.history.back()", 120);
makebutton($forum_lang["confirm"], "javascript:do_submit()", 120);
$output .= "</td></tr></table></center>";
$mysql->close();
// Queries : 1
}
if (!$order == "ASC") {
$order = "DESC";
}
$result = $sql->readStatement("SELECT * FROM `{$do}` ORDER BY `{$sort}` {$order} LIMIT " . $page * 5 . ", 5");
if ($result != null) {
$i = 1;
while ($row = mysqli_fetch_assoc($result)) {
$resultName = $sql->readStatement("SELECT `username` FROM `players` WHERE `uuid`='" . $row["uuid"] . "' LIMIT 1");
$rowName = mysqli_fetch_assoc($resultName);
echo "\n <div class='column column-{$i}'>\n <span class='title'>\n <img src='https://minotar.net/helm/" . $rowName["username"] . "/32.png' alt='" . $rowName["username"] . "'>\n <b>" . $rowName["username"] . "</b>\n </span><br>";
echo "<span>" . splitArray($row, "</span><hr><span>", true) . "</span>";
echo "\n </div>";
$i++;
}
}
$sql->close();
?>
</div>
<br>
<form name="nav">
<select name="pageDrop" onChange="document.location.href='top.php?do=<?php
echo $do;
?>
&page='+document.nav.pageDrop.selectedIndex">
<?php
for ($i = 0; $i < 10; $i++) {
$selected = null;
if ($page == $i) {
$selected = " selected";
}
echo "\n <option{$selected}>Page " . ($i + 1) . "</option>";
<?php
if (!array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$_SERVER['HTTP_ORIGIN'] = $_SERVER['SERVER_NAME'];
}
try {
require_once dirname(__FILE__) . "/classes/SQL.class.php";
require_once dirname(__FILE__) . "/api/v" . $_GET["v"] . "/API.php";
SQL::connect();
$API = new API($_REQUEST['request'], $_SERVER['HTTP_ORIGIN']);
echo $API->processAPI();
SQL::close();
} catch (Exception $e) {
echo json_encode(array('error' => $e->getMessage()));
}
$twitter_url = '<a href="' . $get_twitter . '">' . $get_twitter . '</a>';
} else {
$twitter_url = '<a href="http://twitter.com/' . $get_twitter . '">http://twitter.com/' . $get_twitter . '</a>';
}
}
if ($get_url == null) {
$website = '';
} else {
if (strpos($get_url, "http://") === 0 || strpos($get_url, "https://") === 0) {
$website = '<a href="' . $get_url . '">' . $get_url . '</a>';
} else {
$website = '<a href="http://' . $get_url . '">http://' . $get_url . '</a>';
}
}
}
$dbf->close();
if ($_SESSION['current_userID'] == $get_userID) {
if ($count_shout_more == 20) {
echo '<li id="lastShout" class="right">';
} else {
echo '<li class="right">';
}
} else {
if ($count_shout_more == 20) {
echo '<li id="lastShout" class="left">';
} else {
echo '<li class="left">';
}
}
echo '<a href="profile.php?id=' . $get_userID . '"><img class="avatar" alt="' . $get_username . '" src="' . get_avatar($avatar_type, $get_userID) . '"></a>';
echo '<span class="message"><span class="arrow"></span>';
function get_side()
{
global $user_id, $characters_db, $realm_id;
$mysql2 = new SQL();
$mysql2->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$result = $mysql2->query("SELECT race FROM `characters` WHERE account = '{$user_id}';");
if (!$mysql2->num_rows($result)) {
return "NO";
}
$a = 0;
$h = 0;
while ($race = $mysql2->fetch_row($result)) {
if ($race[0] == 1 || $race[0] == 3 || $race[0] == 4 || $race[0] == 7 || $race[0] == 11) {
$a++;
} else {
if ($race[0] == 2 || $race[0] == 5 || $race[0] == 6 || $race[0] == 8 || $race[0] == 10) {
$h++;
} else {
continue;
}
}
}
$mysql2->close();
if ($a != 0 && $h == 0) {
return "A";
} else {
if ($a == 0 && $h != 0) {
return "H";
} else {
return "NO";
}
}
$mysql2->close();
}
function delete_spwn()
{
global $world_db, $realm_id, $user_lvl, $action_permission;
if ($user_lvl < $action_permission['delete']) {
redirect("creature.php?error=9");
}
if (isset($_GET['entry'])) {
$entry = $_GET['entry'];
} else {
redirect("creature.php?error=1");
}
$sql = new SQL();
$sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$result = $sql->query("SELECT guid FROM creature WHERE id = '{$entry}'");
while ($guid = $sql->fetch_row($result)) {
$sql->query("DELETE FROM creature_movement WHERE id = '{$guid}'");
}
$sql->query("DELETE FROM creature WHERE id = '{$entry}'");
$sql->close();
redirect("creature.php?action=edit&entry={$entry}&error=4");
}
function edit_user()
{
global $lang_edit, $lang_global, $output, $realm_db, $characters_db, $realm_id, $mmfpm_db, $user_name, $user_id, $lang_id_tab, $gm_level_arr, $ren_char, $total_points;
mysql_connect($realm_db['addr'], $realm_db['user'], $realm_db['pass']);
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
$referred_by = mysql_fetch_row(mysql_query("SELECT `InvitedBy` FROM point_system_invites WHERE `PlayersAccount` = '{$user_name}';"));
$referred_by = $referred_by[0];
$total_points = mysql_fetch_row(mysql_query("SELECT `points` FROM point_system WHERE `accountid` = '{$user_id}';"));
$total_points = $total_points[0];
if ($total_points <= 0) {
$total_points = (int) 0;
}
$datetime = date("Y-m-d H:i:s");
//################################################################################
##############################
// INVITE SYSTEM
//################################################################################
##############################
$invite_points = 2;
$write_invited = 1;
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
$rewarded = mysql_fetch_row(mysql_query("SELECT `Rewarded` FROM point_system_invites WHERE `PlayersAccount` = '{$user_name}';"));
$rewarded = $rewarded[0];
if ($rewarded != NULL) {
if ($rewarded == 0) {
if ($referred_by != NULL) {
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
$total_points = mysql_fetch_row(mysql_query("SELECT `points` FROM point_system WHERE `accountid` = '{$user_id}';"));
$total_points = $total_points[0];
if ($total_points == NULL) {
$total_points = -1;
}
if ($total_points >= 0) {
mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$user_id}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;"));
if ($RightLevel[0] != NULL) {
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
mysql_query("UPDATE point_system SET `points` = ({$total_points} + {$write_invited}) WHERE `accountid` = '{$user_id}';");
mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Got {$write_invited} Points', '{$datetime}', 'For Writing a Reffer', 'Yes');");
mysql_query("UPDATE point_system_invites SET `Rewarded` = '1' WHERE `PlayersAccount` = '{$user_name}';");
$output .= "You Received {$write_invited} Points for Writing who invited you!<br>";
}
}
if ($total_points == -1) {
mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$user_id}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;"));
if ($RightLevel[0] != NULL) {
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
mysql_query("INSERT INTO point_system (`accountid`, `points`) VALUES ('{$user_id}', '{$write_invited}');");
mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Created {$write_invited} Points', '{$datetime}', 'For Writing a Reffer', 'Yes');");
mysql_query("UPDATE point_system_invites SET `Rewarded` = '1' WHERE `PlayersAccount` = '{$user_name}';");
$output .= "You Received {$write_invited} Points for Writing who invited you! (NEW)<br>";
}
}
}
}
}
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
$HasPoints = mysql_fetch_row(mysql_query("SELECT `PlayersAccount`,`Treated` FROM point_system_invites WHERE `InviterAccount` = '{$user_name}' AND `Treated` = 0 LIMIT 1;"));
if ($HasPoints != NULL) {
$HasPoint = $HasPoints[1];
$PlayersAccount = $HasPoints[0];
mysql_select_db($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$iIP = mysql_fetch_row(mysql_query("SELECT `last_ip` FROM account WHERE `username` = '{$PlayersAccount}';"));
$pIP = mysql_fetch_row(mysql_query("SELECT `last_ip` FROM account WHERE `username` = '{$user_name}';"));
if ($HasPoint != 1) {
if ($iIP[0] != $pIP[0]) {
mysql_select_db($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$PlayersAccountID = mysql_fetch_row(mysql_query("SELECT `id` FROM account WHERE `username` = '{$PlayersAccount}';"));
$PlayersAccountID = $PlayersAccountID[0];
mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$PlayersAccountID}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;"));
if ($user_id < $PlayersAccountID) {
if ($RightLevel[0] != NULL) {
$output .= "You received points for account {$PlayersAccount} who has a player level {$RightLevel['0']}<br>";
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
$total_points = mysql_fetch_row(mysql_query("SELECT `points` FROM point_system WHERE `accountid` = '{$user_id}';"));
$total_points = $total_points[0];
if ($total_points == NULL) {
$total_points = -1;
}
if ($total_points >= 0) {
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
mysql_query("UPDATE point_system SET `points` = ({$total_points} + {$invite_points}) WHERE `accountid` = '{$user_id}';");
mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Added {$invite_points} Points', '{$datetime}', 'Invited {$PlayersAccount}', 'Yes');");
mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';");
$output .= "You Received {$invite_points} Points for Inviting a Friend, Good JOB!";
}
if ($total_points == -1) {
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
mysql_query("INSERT INTO point_system (`accountid`, `points`) VALUES ('{$user_id}', '{$invite_points}');");
mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Created {$invite_points} Points', '{$datetime}', 'Invited {$PlayersAccount}', 'Yes');");
mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';");
$output .= "You Received {$invite_points} Points for Inviting a Friend, Good JOB! (NEW)";
}
} else {
mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$PlayersAccountID}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;"));
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';");
$output .= "Players you invited did not reach correct level for points";
if ($RightLevel != NULL) {
mysql_query("UPDATE point_system_invites SET `Treated` = '0' WHERE `PlayersAccount` = '{$PlayersAccount}';");
}
}
} else {
$output .= "Inviter is older than you";
mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']);
mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';");
}
} else {
$output .= "Same comp Same IP";
}
} else {
$output .= "All invite points has been treated";
}
} else {
$output .= "No New Points to add";
}
//################################################################################
##############################
// PRINT
//################################################################################
##############################
$sql = new SQL();
$sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$result = $sql->query("SELECT email,gmlevel,joindate,expansion FROM account WHERE username ='******'");
if ($acc = $sql->fetch_row($result)) {
require_once "scripts/id_tab.php";
$output .= "<center>\r\n <script type=\"text/javascript\" src=\"js/sha1.js\"></script>\r\n <script type=\"text/javascript\">\r\n function do_submit_data () {\r\n document.form.pass.value = hex_sha1('" . strtoupper($user_name) . ":'+document.form.user_pass.value.toUpperCase());\r\n document.form.user_pass.value = '0';\r\n do_submit();\r\n }\r\n\r\n\r\n\r\n</script>\r\n <fieldset style=\"width: 600px;\">\r\n <legend>Credit Panel</legend>\r\n <form method=\"post\" action=\"credit.php?action=getitem\" name=\"form\">\r\n <input type=\"hidden\" name=\"pass\" value=\"\" maxlength=\"256\" />\r\n <table class=\"flat\">\r\n <tr>\r\n <td>Your Credits:</td>\r\n <td>{$total_points}</td>\r\n <tr>\r\n <td>VIP Level</td>\r\n <td>" . get_gm_level($acc[1]) . " ( {$acc['1']} )</td>";
if ($acc[1] == 0) {
$output .= "<td><a href=\"credit.php?action=getvip\">Upgrade(20)</td>";
}
if ($acc[1] != 0) {
if ($acc[1] >= 3) {
$output .= "<td><a href=\"credit.php?action=extvip\">Extend VIP(20)</td>";
} else {
$output .= "<td><a href=\"credit.php?action=getvip\">Upgrade</td><td><a href=\"credit.php?action=extvip\">Extend VIP(20)</td>";
}
}
$output .= "</tr>\r\n <td>Request Item:</td></tr><tr>\r\n <td>\r\n <select name=\"items\"> \r\n <option value=\"error\">Please select an item</option>\r\n <option value=\"Phoenix\">Phoenix(20)</option>\r\n <option value=\"Bag\">36 Slot Bag(20)</option>\r\n <option value=\"Raven\">Raven Lord(15)</option>\r\n <option value=\"PrimalNether\">Primal Nether(5)</option>\r\n <option value=\"NetherVortex\">Nether Vortex(8)</option>\r\n <option value=\"MercilessD\">Merciless Nether Drake(25)</option>\r\n <option value=\"Murloc\">Murloc Costume(5)</option>\r\n <option value=\"Tiger60\">Swift Spectral Tiger For lvl 60(20)</option>\r\n <option value=\"Tiger30\">Swift Spectral Tiger For lvl 30(15)</option>\r\n <option value=\"Ogre\">Carved Ogre Idol(5)</option>\r\n <option value=\"FlyingBroom\">Swift Flying Broom(20)</option>\r\n <option value=\"BattleBear\">Big Battle Bear(15)</option>\r\n <option value=\"XRocket\">X-51 Nether-Rocket X-TREME(25)</option>\r\n </select>\r\n </td>\r\n <td><input name=\"character\" type=\"text\" value=\"Character Name\"></input></td>\r\n <td>\r\n <input type=\"submit\" value=\"Send item\">\r\n </td></tr>\r\n <tr><td>Your chars</td>\r\n </tr>";
$result = $sql->query("SELECT SUM(numchars) FROM realmcharacters WHERE acctid = '{$user_id}'");
$sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$result = $sql->query("SELECT guid,name,race,class,SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) FROM `characters` WHERE account = {$user_id}");
while ($char = $sql->fetch_array($result)) {
$ren_char = $char[1];
$output .= "<tr>\r\n <td>{$char['1']} - " . get_player_race($char[2]) . " " . get_player_class($char[3]) . " | lvl {$char['4']}</td>\r\n </tr>\r\n<tr><td><a href=\"credit.php?action=rename&ren_char={$ren_char}\">Rename(6)</a></td><td><a href=\"credit.php?action=gen_char&gend_char={$ren_char}\">Change Gender(6)</a></td><td><a href=\"credit.php?action=movechar&char={$ren_char}\">Move Account(7)</a></td>";
}
$output .= "</form> <tr>\r\n <form method=\"post\" action=\"credit.php?action=movepoints\" name=\"form\">\r\n <input type=\"hidden\" name=\"pass\" value=\"\" maxlength=\"256\" />\r\n <td>Transfer points to other players:</td></tr><tr>\r\n <td><input name=\"tcharacter\" type=\"text\" value=\"Character Name\"></input></td><td><input name=\"tpoints\" type=\"text\" value=\"Points\"></input></td>\r\n <td>\r\n <input type=\"submit\" value=\"Transfer\">\r\n </td></tr></form>\r\n <form method=\"post\" action=\"credit.php?action=tplayer\" name=\"form\">\r\n <tr><td>Teleport Player</td></tr><tr>\r\n <td><input name=\"tchar\" type=\"text\" value=\"Character Name\"></input></td>\r\n <td>\r\n <select name=\"tplace\"> \r\n <option value=\"error\">Please select a place</option>\r\n <option value=\"Shattrath\">Shattrath(1)</option>\r\n <option value=\"Stormwind\">Stormwind(1)</option>\r\n <option value=\"Orgrimmar\">Orgrimmar(1)</option>\r\n </select>\r\n </td>\r\n <td><input type=\"submit\" value=\"Teleport\"></td></tr>";
$output .= "</table>\r\n </fieldset>\r\n <br />\r\n\r\n <br /></center>";
} else {
error($lang_global['err_no_records_found']);
}
$sql->close();
}
function search()
{
global $lang_global, $lang_mail, $output, $itemperpage, $item_datasite, $mangos_db, $characters_db, $realm_id, $sql_search_limit;
wowhead_tt();
if (!isset($_GET['search_value']) || !isset($_GET['search_by'])) {
redirect("mail_on.php?error=2");
}
$sql = new SQL();
$sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$search_value = $sql->quote_smart($_GET['search_value']);
$search_by = $sql->quote_smart($_GET['search_by']);
$search_menu = array('sender', 'receiver');
// if (!array_key_exists($search_by, $search_menu)) $search_by = 'sender';
$start = isset($_GET['start']) ? $sql->quote_smart($_GET['start']) : 0;
$order_by = isset($_GET['order_by']) ? $sql->quote_smart($_GET['order_by']) : "id";
$dir = isset($_GET['dir']) ? $sql->quote_smart($_GET['dir']) : 1;
$order_dir = $dir ? "ASC" : "DESC";
$dir = $dir ? 0 : 1;
if ($search_value == '') {
$search_by .= ' != 0';
} else {
$temp = $sql->query("SELECT guid FROM `characters` WHERE name like '%{$search_value}%'");
$search_value = $sql->result($temp, 0, 'guid');
$search_by .= ' =' . $search_value;
}
$query_1 = $sql->query("SELECT count(*) FROM `mail`");
$query = $sql->query("SELECT a.id, a.messageType, a.sender, a.receiver, a.subject, a.body, a.has_items, a.money, a.cod, a.checked, b.item_template\r\n FROM mail a\r\n LEFT JOIN mail_items b ON a.id = b.mail_id\r\n WHERE {$search_by}\r\n ORDER BY {$order_by} {$order_dir} LIMIT {$start}, {$itemperpage}");
$this_page = $sql->num_rows($query);
$all_record = $sql->result($query_1, 0);
$total_found = $sql->num_rows($query);
//==========================top page navigation starts here========================
$output .= "<center><table class=\"top_hidden\">\r\n <tr><td>\r\n <table class=\"hidden\">\r\n <tr><td>\r\n <form action=\"mail_on.php\" method=\"get\" name=\"form\">\r\n <input type=\"hidden\" name=\"action\" value=\"search\" />\r\n <input type=\"hidden\" name=\"error\" value=\"4\" />\r\n <input type=\"text\" size=\"45\" name=\"search_value\" />\r\n <select name=\"search_by\">\r\n <option value=\"a.sender\">Sender</option>\r\n <option value=\"a.receiver\">Receiver</option>\r\n </select></form></td><td>";
makebutton($lang_global['search'], "javascript:do_submit()", 80);
$output .= "</td></tr></table>\r\n <td align=\"right\">";
$output .= generate_pagination("mail_on.php?action=search&order_by={$order_by}&dir=" . !$dir, $all_record, $itemperpage, $start);
$output .= "</td></tr></table>";
//==========================top page navigation ENDS here ========================
$output .= "<table class=\"lined\">\r\n <tr>\r\n <th width=\"5%\">" . $lang_mail['id'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['mail_type'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['sender'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['receiver'] . "</th>\r\n <th width=\"15%\">" . $lang_mail['subject'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['has_items'] . "</th>\r\n <th width=\"25%\">" . $lang_mail['text'] . "</th>\r\n <th width=\"20%\">" . $lang_mail['money'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['checked'] . "</th>\r\n </tr>";
while ($mail = $sql->fetch_array($query)) {
$g = floor($mail[7] / 10000);
$mail[7] -= $g * 10000;
$s = floor($mail[7] / 100);
$mail[7] -= $s * 100;
$c = $mail[7];
$money = "";
if ($mail[7] > 0) {
$money = $g . "<img src=\"./img/gold.gif\" /> " . $s . "<img src=\"./img/silver.gif\" /> " . $c . "<img src=\"./img/copper.gif\" /> ";
}
$output .= "<tr valign=top>\r\n <td>{$mail['0']}</td>\r\n <td>" . get_mail_source($mail[1]) . "</td>\r\n <td><a href=\"char.php?id={$mail['2']}\">" . get_char_name($mail[2]) . "</a></td>\r\n <td><a href=\"char.php?id={$mail['3']}\">" . get_char_name($mail[3]) . "</a></td>\r\n <td>{$mail['4']}</td>\r\n ";
$output .= "<td>";
if ($mail[6]) {
$output .= "\r\n <a style=\"padding:2px;\" href=\"{$item_datasite}{$mail[10]}\" target=\"_blank\">\r\n <img class=\"bag_icon\" src=\"" . get_item_icon($mail[10]) . "\" alt=\"\" />\r\n </a>";
}
//maketooltip("<img src=\"./img/up.gif\" alt=\"\">", $item_datasite{$mail[10]}, $mail[10], "item_tooltip", "target=\"_blank\"");
$output .= "</td>";
$output .= "<td>" . get_mail_text($mail[0]) . "</td>\r\n <td>{$money}</td>\r\n <td>" . get_check_state($mail[9]) . "</td>\r\n </tr>";
}
/*--------------------------------------------------*/
$output .= "<tr><td colspan=\"6\" class=\"hidden\" align=\"right\">All Mails: {$all_record}</td></tr>\r\n </table></center>";
$sql->close();
}
function delete_spwn()
{
global $world_db, $realm_id;
if (isset($_GET['entry'])) {
$entry = $_GET['entry'];
} else {
redirect("game_object.php?error=1");
}
$sql = new SQL();
$sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$sql->query("DELETE FROM gameobject WHERE id = '{$entry}'");
$sql->close();
redirect("game_object.php?action=edit&entry={$entry}&error=4");
}
$url = $sls['sharerurl'];
$removehttp = str_replace('http://', '', $url);
$removeslash = rtrim($removehttp, '/');
if (strpos($removeslash, ':') !== false) {
list($ip, $port) = explode(":", $removeslash);
} else {
$ip = $removeslash;
$port = 80;
}
}
if (fsockopen($ip, $port, $errno, $errstr, 5) !== false) {
echo '1';
$dbsls->query("UPDATE ip_sharerlinks SET status='1' WHERE id='{$sharerLinkID}'");
} else {
echo '0';
$dbsls->query("UPDATE ip_sharerlinks SET status='0' WHERE id='{$sharerLinkID}'");
}
$dbsls->close();
} else {
if (isset($_GET['state'])) {
$dbcs = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false);
$dbcs->query("SELECT * FROM ip_sharerlinks ORDER BY status");
while ($getr = $dbcs->fetch_assoc()) {
$state = $getr['status'];
echo $state;
}
$dbcs->close();
} else {
echo '404';
}
}
if (isset($_GET['retweet']) && !empty($_GET['retweet'])) {
if (!defined('SITE_ROOT')) {
define('SITE_ROOT', '../');
}
require_once SITE_ROOT . 'portal_config.php';
require_once SITE_ROOT . 'include/database.class.php';
$db = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false);
$retweetID = $db->prot(htmlspecialchars($_GET['retweet']));
$db->query("SELECT shout_msg FROM ip_shouts WHERE id='{$retweetID}'");
if ($row = $db->fetch_array()) {
$shoutMsg = stripslashes(rtrim(htmlspecialchars_decode($row['shout_msg'])));
$shoutMsg = str_ireplace("[rt]", "", $shoutMsg);
$shoutMsg = str_ireplace("[/rt]", "", $shoutMsg);
$shoutMsg = str_ireplace("<code>", "", $shoutMsg);
$shoutMsg = str_ireplace("</code>", "", $shoutMsg);
if (preg_match("/!update/i", $shoutMsg)) {
$replaceShout = str_ireplace("!update", "", $shoutMsg);
echo '[rt]' . $replaceShout . '[/rt]';
} else {
if (preg_match("/!request/i", $shoutMsg)) {
$replaceShout = str_ireplace("!request", "", $shoutMsg);
echo '[rt]' . $replaceShout . '[/rt]';
} else {
echo '[rt]' . $shoutMsg . '[/rt]';
}
}
} else {
echo 'KO';
}
$db->close();
}
function forum_do_add_topic(&$sqlm)
{
global $enablesidecheck, $forum_skeleton, $forum_lang, $user_lvl, $user_name, $user_id, $mmfpm_db, $minfloodtime;
if ($enablesidecheck) {
$side = get_side();
}
// Better to use it here instead of call it many time in the loop :)
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
$userposts = $sqlm->query('
SELECT time
FROM mm_forum_posts
WHERE authorid = ' . $user_id . '
ORDER BY id DESC
LIMIT 1');
if ($sqlm->num_rows($userposts) != 0) {
$mintimeb4post = $sqlm->fetch_assoc($userposts);
$mintimeb4post = time() - strtotime($mintimeb4post['time']);
if ($mintimeb4post < $minfloodtime) {
error($forum_lang['please_wait']);
}
}
//==========================$_POST and SECURE=================================
if (!isset($_POST['forum'])) {
error($forum_lang['no_such_forum']);
} else {
$forum = $sqlm->quote_smart($_POST['forum']);
}
//==========================$_POST and SECURE end=============================
$cat = 0;
foreach ($forum_skeleton as $cid => $category) {
foreach ($category['forums'] as $fid => $forum_) {
if ($fid == $forum) {
$cat = $cid;
}
}
}
if (empty($forum_skeleton[$cat]['forums'][$forum])) {
error($forum_lang['no_such_forum']);
}
$forum_ = $forum_skeleton[$cat]['forums'][$forum];
if ($forum_skeleton[$cat]['level_post_topic'] > $user_lvl || $forum_['level_post_topic'] > $user_lvl) {
error($forum_lang['no_access']);
}
if ($user_lvl == 0 && $enablesidecheck) {
if ($forum_skeleton[$cat]['side_access'] != 'ALL') {
// Not an all side forum
if ($side == 'NO') {
// No char
continue;
} else {
if ($forum_skeleton[$cat]['side_access'] != $side) {
// Forumside different of the user side
continue;
}
}
}
if ($forum_['side_access'] != 'ALL') {
// Not an all side forum
if ($side == 'NO') {
// No char
continue;
} else {
if ($forum_['side_access'] != $side) {
// Forumside different of the user side
continue;
}
}
}
}
//==========================$_POST and SECURE=================================
// $_POST['msg'] = htmlspecialchars($_POST['msg']);
$msg = trim($sqlm->quote_smart($_POST['msg']), " ");
// $_POST['name'] = htmlspecialchars($_POST['name']);
$name = trim($sqlm->quote_smart($_POST['name']), " ");
//==========================$_POST and SECURE end=============================
if (strlen($name) > 49) {
$sqlm->close();
error($forum_lang['name_too_long']);
}
if (strlen($name) < 5) {
$sqlm->close();
error($forum_lang['name_too_short']);
}
if (strlen($msg) < 5) {
$sqlm->close();
error($forum_lang['msg_too_short']);
}
$msg = str_replace('\\n', '<br />', $msg);
// $msg = str_replace('\r', '<br />', $msg);
$time = date("m/d/y H:i:s");
$sqlm->query('
INSERT INTO mm_forum_posts
(authorid, authorname, forum, name, text, time)
VALUES
(\'' . $user_id . '\', \'' . $user_name . '\', \'' . $forum . '\', \'' . $name . '\', \'' . $msg . '\', \'' . $time . '\')');
$id = $sqlm->insert_id();
$sqlm->query('
UPDATE mm_forum_posts
SET topic = ' . $id . ', lastpost = ' . $id . '
WHERE id = ' . $id . '');
$sqlm->close();
redirect('forum.php?action=view_topic&id=' . $id . '');
// Queries : 3
}
function forum_delete_post(&$sqlm)
{
global $enablesidecheck, $forum_skeleton, $forum_lang, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db;
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
//==========================$_GET and SECURE=================================
if (!isset($_GET['id'])) {
error($forum_lang['no_such_post']);
} else {
$id = $sqlm->quote_smart($_GET['id']);
}
//==========================$_GET and SECURE end=============================
$topic = $sqlm->query('
SELECT id, topic, authorid, forum
FROM mm_forum_posts
WHERE id = ' . $id . '');
if ($sqlm->num_rows($topic) == 0) {
error($forum_lang['no_such_post']);
}
$topic = $sqlm->fetch_assoc($topic);
if ($user_lvl == 0 && $topic['authorid'] != $user_id) {
error($forum_lang["no_access"]);
}
$fid = $topic['forum'];
$topic2 = $sqlm->query('
SELECT name
FROM mm_forum_posts
WHERE id = ' . $topic['topic'] . '');
$name = $sqlm->fetch_assoc($topic2);
$cat = 0;
foreach ($forum_skeleton as $cid => $category) {
foreach ($category['forums'] as $fid_ => $forum) {
if ($fid_ == $fid) {
$cat = $cid;
}
}
}
if (empty($forum_skeleton[$cat]['forums'][$fid])) {
// No such forum..
error($forum_lang['no_such_forum']);
}
$forum = $forum_skeleton[$cat]['forums'][$fid];
$output .= '
<div class="top">
<h1>' . $forum_lang['forums'] . '</h1>
</div>
<center>
<table class="lined">';
if ($topic['id'] == $topic['topic']) {
$output .= '
<tr>
<td>' . $forum_lang['delete_topic'] . '</td>
</tr>
</table>
<table class="flat">
<tr>
<td align="left">
<a href="forum.php">' . $forum_lang['forum_index'] . '</a> ->
<a href="forum.php?action=view_forum&id=' . $fid . '">' . $forum['name'] . '</a> ->
<a href="forum.php?action=view_topic&id=' . $topic['topic'] . '">' . $name['name'] . '</a> ->
' . $forum_lang['delete'] . '!
</td>
</tr>
</table>
<table class="hidden">
<tr>
<td>';
} else {
$output .= '
<tr>
<td>' . $forum_lang['delete_post'] . '</td>
</tr>
</table>
<table width="300" class="hidden" align="center">
<tr>
<td>';
}
makebutton($forum_lang['back'], "javascript:window.history.back()\" type=\"def", 120);
makebutton($forum_lang['confirm'], 'forum.php?action=do_delete_post&id=' . $topic['id'] . '" type="wrn', 120);
$output .= '
</td>
</tr>
</table>
</center>';
$sqlm->close();
// Queries : 1
}
