function _leiphp_request_method_router() { // 如果已调用APP::end(),则不再执行此函数,因为在die后仍然会执行register_shutdown_function注册的函数 if (APP::$is_exit) { return; } // 执行相应的请求方法 $method = strtolower($_SERVER['REQUEST_METHOD']); $funcname = "method_{$method}"; define('APP_TIMESTAMP_ROUTE', microtime(true)); if (function_exists($funcname)) { $funcname(); } elseif (function_exists('method_all')) { $funcname = 'method_all'; method_all(); } else { $funcname = 'method_undefine'; } // 关闭数据库连接 @SQL::close(); // 显示调试信息 $accept_type = strtolower(trim($_SERVER['HTTP_ACCEPT'])); if (APP::$is_debug && substr($accept_type, 0, 9) == 'text/html') { $spent2 = round((microtime(true) - APP_TIMESTAMP_ROUTE) * 1000, 3); $spent = round((microtime(true) - APP_TIMESTAMP_START) * 1000, 3); $debug = DEBUG::clear(); echo "<div style='\n font-size: 14px;\n line-height: 1.6em;\n text-align: left;\n color: #000;\n padding: 12px 8px;\n border: 1px solid #DDD;\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n background-color: #EEE;\n margin-top: 50px;\n'>Debug<br>Function {$funcname} spent: {$spent2}ms<br>Total spent: {$spent}ms<br>\n<hr><pre style='\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n'>{$debug}</pre>\n</div>"; } }
/** * calculate creature health, mana and armor * * kinda crappy way, but works * * if $type is used: * 1 -> returns health * 2 -> returns mana * 3 -> returns armor * 0 -> returns array(health,mana,armor) */ function get_additional_data($entryid, $type = 0) { global $world_db, $realm_id; if (!is_numeric($entryid)) { return array(0, 0, 0); } $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $q = $sqlw->query("\n\t\tSELECT \n\t\t\t(SELECT unit_class \n\t\t\tFROM creature_template \n\t\t\tWHERE entry = " . $entryid . ") AS class, \n\t\t\t\t(SELECT FLOOR(minlevel + (RAND() * (maxlevel - minlevel + 1))) \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ") AS level, \n\t\t\t\t(SELECT exp \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ") AS exp;"); $data = $sqlw->fetch_assoc($q); if ($sqlw->num_rows($q) == 0) { return array(0, 0, 0); } $q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Health_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basehp" . $data['exp'] . " \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5), \n\t\t\t\t((SELECT Mana_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basemana \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5),\n\t\t\t\t((SELECT Armor_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t*(SELECT basearmor \n\t\t\t\tFROM creature_classlevelstats \n\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);"; if ($type == 1) { $q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Health_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basehp" . $data['exp'] . " \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);"; } if ($type == 2) { $q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Mana_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basemana \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);"; } if ($type == 3) { $q = "\n\t\t\tSELECT \n\t\t\t\t((SELECT Armor_Mod \n\t\t\t\tFROM creature_template \n\t\t\t\tWHERE entry = " . $entryid . ")\n\t\t\t\t\t*(SELECT basearmor \n\t\t\t\t\tFROM creature_classlevelstats \n\t\t\t\t\tWHERE level = " . $data['level'] . " AND class = " . $data['class'] . ")+0.5);"; } $query = $sqlw->query($q); $result = $sqlw->fetch_row($query); $sqlw->close(); unset($sql); if ($type == 2 && $result[0] == 0.5) { return 0; } if ($type == 0 && $result[1] == 0.5) { return array($result[0], 0, $result[2]); } return $type > 0 ? $result[0] : $result; }
function html_header() { if (!defined('SITE_ROOT')) { define('SITE_ROOT', './'); } require SITE_ROOT . 'portal_config.php'; require_once SITE_ROOT . 'include/database.class.php'; $currentUserID = $_SESSION['current_userID']; $db = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false); $db->query("SELECT * FROM forum_users WHERE id='{$currentUserID}'"); if ($row = $db->fetch_array()) { $username = $row['username']; $realname = $row['realname']; } $db->close(); if ($realname !== null) { $displayname = $realname; } else { $displayname = $username; } echo ' <div id="wrap"> <div class="navbar navbar-top"><div class="navbar-inner"><div class="container"> <a class="brand" href="#index.php"><div class="logo-ip"></div></a> <div class="btn-group pull-left"> <a href="../forum" class="btn btn-inverse"><i class="icon-rss"></i> Forum Ishare</a> </div> <div class="btn-group"> <button class="btn dropdown-toggle" data-toggle="dropdown"><i class="icon-list muted"></i> KampusLinks <span class="caret"></span></button> <ul class="dropdown-menu"> <li><a href="http://mpp.eng.usm.my/">MPPUSMKKj Official Blog</a></li> <li><a href="http://hepp.eng.usm.my/">BHEPP USMKKj</a></li> <li><a href="http://infodesk.eng.usm.my/">Infodesk PPKT USMKKj</a></li> <li><a href="http://www.eng.usm.my/php/blockedIP/">Blocked Port List</a></li> <li><a href="http://elearning.usm.my/">e-Learning Portal</a></li> <li><a href="http://campusonline.usm.my/">CampusOnline Portal</a></li> <li><a href="http://www.tcom.usm.my/">Sistem Direktori Telefon USM</a></li> <li><a href="http://www.facebook.com/ppkt.eng.usm">Facebook PPKT USMKKj</a></li> <li class="divider"></li> <li><a href="http://hik3.net/refcode"><i class="icon-bookmark"></i> RefCode (Snippets)</a></li> </ul> </div> <div class="btn-group pull-right"> <a href="index.php" class="btn btn-primary"><i class="icon-home icon-white"></i> Home</a> <a href="profile.php?id=' . $currentUserID . '" class="btn btn-inverse"><i class="icon-user"></i> ' . $displayname . '</a> <button class="btn btn-danger dropdown-toggle" data-toggle="dropdown"><span class="caret"></span></button> <ul class="dropdown-menu"> <li><a href="edit_profile.php"><i class="icon-edit muted"></i> Edit Profile</a></li> <li><a href="edit_sharerlink.php"><i class="icon-hdd muted"></i> Edit Sharerlink</a></li> <li class="divider"></li> <li><a href="../forum/login.php?action=out&id=' . $currentUserID . '"><i class="icon-off muted"></i> Logout</a></li> </ul> </div> </div></div></div> '; }
function _slimphp_request_method_router() { // 如果已调用APP::end(),则不再执行此函数,因为在die后仍然会执行register_shutdown_function注册的函数 if (APP::$is_exit) { return; } // 执行相应的请求方法 // strtolower(string) // 参数 描述 // string 必需。规定要转换的字符串。 // 技术细节 // 返回值: 返回转换为小写的字符串。 // $_SERVER['REQUEST_METHOD'] #访问页面时的请求方法。例如:“GET”、“HEAD”,“POST”,“PUT”。 $method = strtolower($_SERVER['REQUEST_METHOD']); //得到是get或者post然后下面拼接method_get或者method_post $funcname = "method_{$method}"; //microtime() 函数返回当前 Unix 时间戳和微秒数。 define('APP_TIMESTAMP_ROUTE', microtime(true)); if (function_exists($funcname)) { $funcname(); } elseif (function_exists('method_all')) { $funcname = 'method_all'; method_all(); } else { $funcname = 'method_undefine'; } // 关闭数据库连接 @SQL::close(); // 显示调试信息 // $_SERVER['HTTP_ACCEPT'] #当前请求的 Accept: 头部的内容。 $accept_type = strtolower(trim($_SERVER['HTTP_ACCEPT'])); //substr(string,start,length) //参数 描述 //string 必需。规定要返回其中一部分的字符串。 //start //必需。规定在字符串的何处开始。 //正数 - 在字符串的指定位置开始 //负数 - 在从字符串结尾开始的指定位置开始 //0 - 在字符串中的第一个字符处开始 //length //可选。规定被返回字符串的长度。默认是直到字符串的结尾。 //正数 - 从 start 参数所在的位置返回的长度 //负数 - 从字符串末端返回的长度 if (APP::$is_debug && substr($accept_type, 0, 9) == 'text/html') { //APP_TIMESTAMP_ROUTE 25行 $spent2 = round((microtime(true) - APP_TIMESTAMP_ROUTE) * 1000, 3); $spent = round((microtime(true) - APP_TIMESTAMP_START) * 1000, 3); $debug = DEBUG::clear(); echo "<div style='\n font-size: 14px;\n line-height: 1.6em;\n text-align: left;\n color: #000;\n padding: 12px 8px;\n border: 1px solid #DDD;\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n background-color: #EEE;\n margin-top: 50px;\n'>Debug<br>Function {$funcname} spent: {$spent2}ms<br>Total spent: {$spent}ms<br>\n<hr><pre style='\n font-family: \"Microsoft yahei\", \"Helvetica Neue\", \"Lucida Grande\", \"Lucida Sans Unicode\", Helvetica, Arial, sans-serif !important;\n'>{$debug}</pre>\n</div>"; } }
function populate_requestbox() { $db = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false); $db->query("SELECT COUNT(id) FROM ip_requests"); $total_request = implode($db->fetch_assoc()); $db->query("SELECT COUNT(id) FROM ip_reply"); $total_reply = implode($db->fetch_assoc()); $db->close(); echo '<div class="alert alert-info">This is <strong>User\'s Request</strong> section (currently contained <strong>' . $total_request . '</strong> request shouts and <strong>' . $total_reply . '</strong> replies). Just use <code>!request</code> code in your shout to make them appear here. Please note that not all your requests will be replied. Lucky if you have!</div>'; echo '<div id="containerx">'; echo '<div class="data"></div>'; echo '<div class="pagination"></div>'; echo '</div>'; echo ' <script> var replyID; $(document).ready(function () { // START DOCUMENT.READY $(".tip-top").tooltip(); function loadData(page){ $("#containerx").html("<div class=\\"loader\\" style=\\"margin-top:10px\\"></div>").fadeIn("fast"); $.ajax({ type: "GET", url: "subfiles/requestbox_more.php?page="+page, success: function(msg){ $("#containerx").html(msg); } }); } loadData(1); // For first time page load default results $("#containerx .pagination li.enx").live("click",function(e){ e.preventDefault(); var page = $(this).attr("p"); loadData(page); }); }); // END DCOUMENT.READY </script> '; }
/** * execute query and return all data in a reader * * @return SQLDataReader */ public function execute_reader() { $this->parse_query(); if (empty($this->queryParsed)) { return new SQLDataReader(); } $close = $this->conn->status() == 'closed'; $this->conn->open(); $res = $this->conn->query($this->queryParsed); $data = array(); while ($row = $this->conn->fetch_array($res)) { $data[] = $row; } // SQLite causes 'unknown error' after successful fetch of all data. // Don't have a clue why... $ret = empty($this->conn->error()) || $this->conn->error() == 'unknown error'; if ($close) { $this->conn->close(); } return $ret ? new SQLDataReader($data) : new SQLDataReader(); }
function forum_view_topic(&$sqlr, &$sqlc, &$sqlm) { global $enablesidecheck, $forum_skeleton, $maxqueries, $forum_lang, $user_lvl, $user_id, $output, $realm_db, $characters_db, $mmfpm_db, $realm_id; if ($enablesidecheck) { $side = get_side(); } // Better to use it here instead of call it many time in the loop :) $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //==========================$_GET and SECURE================================= if (isset($_GET['id'])) { $id = $sqlm->quote_smart($_GET['id']); $post = false; } else { if (isset($_GET['postid'])) { $id = $sqlm->quote_smart($_GET['postid']); $post = true; } else { error($forum_lang['no_such_topic']); } } if (!isset($_GET['page'])) { $page = 0; } else { $page = $sqlm->quote_smart($_GET['page']); } // Fok you mathafoker haxorz //==========================$_GET and SECURE end============================= $start = $maxqueries * $page; if (!$post) { $posts = $sqlm->query(' SELECT id, authorid, authorname, forum, name, text, time, annouced, sticked, closed FROM mm_forum_posts WHERE topic = ' . $id . ' ORDER BY id ASC LIMIT ' . $start . ', ' . $maxqueries . ''); $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); // need to update this query to use ' instead of " $query = "\r\n\t\t\tSELECT account, name, gender, race, class, level,\r\n\t\t\t\t(SELECT gmlevel\r\n\t\t\t\tFROM `{$realm_db['name']}`.account\r\n\t\t\t\tWHERE `{$realm_db['name']}`.account.id = `{$characters_db[$realm_id]['name']}`.characters.account) as gmlevel\r\n\t\t\tFROM `{$characters_db[$realm_id]['name']}`.characters\r\n\t\t\tWHERE totaltime IN \r\n\t\t\t\t(SELECT MAX(totaltime)\r\n\t\t\t\tFROM `{$characters_db[$realm_id]['name']}`.characters\r\n\t\t\t\tWHERE account IN ("; while ($post = $sqlm->fetch_row($posts)) { $query .= "{$post['1']},"; } mysql_data_seek($posts, 0); $query .= "\r\n\t\t\t\t\t0)\r\n\t\t\t\tGROUP BY account);"; $sqlc = new SQL(); $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $results = $sqlc->query($query); while ($avatar = $sqlc->fetch_assoc($results)) { $char_gender = str_pad(dechex($avatar['gender']), 8, 0, STR_PAD_LEFT); $avatars[$avatar['account']]['name'] = $avatar['name']; $avatars[$avatar['account']]['sex'] = $char_gender['race']; $avatars[$avatar['account']]['race'] = $avatar['race']; $avatars[$avatar['account']]['class'] = $avatar['class']; $avatars[$avatar['account']]['level'] = $avatar['level']; $avatars[$avatar['account']]['gm'] = $avatar['gmlevel']; } $replies = $sqlm->num_rows($posts); if ($replies == 0) { error($forum_lang['no_such_topic']); } $post = $sqlm->fetch_assoc($posts); $fid = $post['forum']; $cat = 0; $cid = $sqlm->query(' SELECT category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_categories'); while ($category = $sqlm->fetch_assoc($cid)) { $fid_ = $sqlm->query(' SELECT forum, category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_forums WHERE category = ' . $category['category'] . ''); while ($forum = $sqlm->fetch_assoc($fid_)) { if ($forum['forum'] == $fid) { $cat = $forum['category']; } if (empty($forum['forum'])) { error($forum_lang['no_such_forum']); } if ($category['level_read'] > $user_lvl || $forum['level_read'] > $user_lvl) { error($forum_lang['no_access']); } if ($user_lvl == 0 && $enablesidecheck) { if ($category['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($category['side_access'] != $side) { // Forumside different of the user side continue; } } } if ($forum['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum['side_access'] != $side) { // Forumside different of the user side continue; } } } } } } $post['name'] = htmlspecialchars($post['name']); $post['text'] = htmlspecialchars($post['text']); $post['text'] = bbcode_parse1($post['text']); $output .= ' <div class="top"> <h1>' . $forum_lang['forums'] . '</h1> </div> <center> <fieldset> <legend> <a href="forum.php">' . $forum_lang['forum_index'] . '</a> -> <a href="forum.php?action=view_forum&id=' . $forum['forum'] . '">' . $forum['name'] . '</a> -> <a href="forum.php?action=view_topic&id=' . $id . '">' . $post['name'] . '</a> </legend> <table class="lined"> <tr> <th style="width:15%;">' . $forum_lang['info'] . '</th> <th style="text-align:left;">' . $forum_lang['text'] . '</th>'; if ($user_lvl > 0) { $output .= ' <th style="width:50%;text-align:right;">'; if ($post['sticked'] == "1") { if ($post['annouced'] == "1") { // Annoucement $output .= ' ' . $forum_lang['annoucement'] . ''; } else { // Sticky $output .= ' ' . $forum_lang['sticky'] . ''; } } else { if ($post['annouced'] == "1") { // Annoucement $output .= ' ' . $forum_lang['annoucement'] . ''; } else { // Normal Topic $output .= ' ' . $forum_lang['normal'] . ''; } } if ($post['closed'] == "1") { $output .= ' </th>'; } } if (isset($avatars[$post['authorid']])) { $avatar = gen_avatar_panel($avatars[$post['authorid']]['level'], $avatars[$post['authorid']]['sex'], $avatars[$post['authorid']]['race'], $avatars[$post['authorid']]['class'], 1, $avatars[$post['authorid']]['gm']); } else { $avatar = ""; } $output .= ' <tr> <td colspan="3" align="left"> ' . $post['time'] . ' </td> </tr> </tr>'; $output .= ' <tr> <td style="width:15%;text-align:center;"><center>' . $avatar . '</center>' . $forum_lang['author'] . ' : '; if ($user_lvl > 0) { $output .= ' <a href="user.php?action=edit_user&error=11&id=' . $post['authorid'] . '">'; } if (isset($avatars[$post['authorid']])) { $output .= $avatars[$post['authorid']]['name']; } else { $output .= $post['authorname']; } if ($user_lvl > 0) { $output .= ' </a>'; } $output .= ' </td> <td colspan="2" style="text-align:left">' . $post['text'] . '<br /> <div style="text-align:right\\"> </td> </tr>'; if ($user_lvl > 0) { $output .= ' <tr> <th colspan="3" align="right">'; if ($post['sticked'] == "1") { if ($post['annouced'] == "1") { // Annoucement $output .= ' <a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=0"><img src="img/forums/unannounce.png" border="0" alt="' . $forum_lang['down'] . '" /></a>'; } else { // Sticky $output .= ' <a href="forum.php?action=edit_stick&id=' . $post['id'] . '&state=0"><img src="img/forums/unstick.png" border="0" alt="' . $forum_lang['down'] . '" /></a> <a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=1"><img src="img/forums/announce.png" border="0" alt="' . $forum_lang["up"] . '" /></a>'; } } else { if ($post['annouced'] == "1") { // Annoucement $output .= ' <a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=0"><img src="img/forums/unannounce.png" border="0" alt="' . $forum_lang['down'] . '" /></a>'; } else { // Normal Topic $output .= ' <a href="forum.php?action=edit_stick&id=' . $post['id'] . '&state=1"><img src="img/forums/stick.png" border="0" alt="' . $forum_lang['up'] . '" /></a>'; } } if ($post['closed'] == "1") { $output .= ' <a href="forum.php?action=edit_close&id=' . $post['id'] . '&state=0"><img src="img/forums/lock.png" border="0" alt=\\"' . $forum_lang['open'] . '" /></a>'; } else { $output .= ' <a href="forum.php?action=edit_close&id=' . $post['id'] . '&state=1"><img src="img/forums/unlock.png" border="0" alt="' . $forum_lang['close'] . '" /></a>'; } $output .= ' <a href="forum.php?action=move_topic&id=' . $post['id'] . '"><img src="img/forums/move.png" border="0" alt="' . $forum_lang['move'] . '" /></a> <a href="forum.php?action=edit_post&id=' . $post['id'] . '"><img src="img/forums/edit.png" border="0" alt="' . $forum_lang["edit"] . '" /></a> <a href="forum.php?action=delete_post&id=' . $post['id'] . '"><img src="img/forums/delete.png" border="0" alt="' . $forum_lang["delete"] . '" /></a> </th> </tr>'; } $closed = $post['closed']; while ($post = $sqlm->fetch_assoc($posts)) { $post['text'] = htmlspecialchars($post['text']); $post['text'] = bbcode_parse1($post['text']); if (isset($avatars[$post['authorid']])) { $avatar = gen_avatar_panel($avatars[$post['authorid']]['level'], $avatars[$post['authorid']]['sex'], $avatars[$post['authorid']]['race'], $avatars[$post['authorid']]['class'], 1, $avatars[$post['authorid']]['gm']); } else { $avatar = ""; } $output .= ' <tr> <td colspan="3" align="left"> ' . $post['time'] . ' </td> </tr> <tr> <td style="width:15%;text-align:center;"> <center>' . $avatar . '</center>' . $forum_lang['author'] . ' : '; if ($user_lvl > 0) { $output .= ' <a href="user.php?action=edit_user&error=11&id=' . $post['authorid'] . '">'; } if (isset($avatars[$post['authorid']])) { $output .= $avatars[$post['authorid']]['name']; } else { $output .= $post['authorname']; } $output .= ' </a>'; $output .= ' </td> <td colspan="2" style="text-align:left;">' . $post['text'] . '<br />'; $output .= ' </td> </tr>'; if ($user_lvl > 0 || $user_id == $post['authorid']) { $output .= ' <tr> <th colspan="3" align="right"> <a href="forum.php?action=edit_post&id=' . $post['id'] . '"><img src="img/forums/edit.png" border="0" alt="' . $forum_lang['edit'] . '"></a> <a href="forum.php?action=delete_post&id=' . $post['id'] . '"><img src="img/forums/delete.png" border="0" alt="' . $forum_lang['delete'] . '"></a> </th> </tr>'; } } $totalposts = $sqlm->query(' SELECT id FROM mm_forum_posts WHERE topic = ' . $id . ''); $totalposts = $sqlm->num_rows($totalposts); $pages = ceil($totalposts / $maxqueries); $output .= ' <tr> <td align="right" colspan="3">' . $forum_lang['pages'] . ' : '; for ($x = 1; $x <= $pages; $x++) { $y = $x - 1; $output .= ' <a href="forum.php?action=view_topic&id=' . $id . '&page=' . $y . '">' . $x . '</a>'; } $output .= ' </td> </tr> </table> </fieldset> <br />'; $category = $sqlm->query(' SELECT category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_categories'); // Quick reply form if (($user_lvl > 0 || !$closed) && ($category['level_post'] <= $user_lvl && $forum['level_post'] <= $user_lvl)) { $output .= ' <form action="forum.php?action=do_add_post" method="POST" name="form"> <fieldset> <legend> ' . $forum_lang['quick_reply'] . ' </legend> <table class="lined"> <tr> <td align="left" colspan="3">'; bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td colspan="3"> <TEXTAREA ID="msg" NAME="msg" ROWS=8 COLS=93></TEXTAREA><br/> <input type="hidden" name="forum" value="' . $fid . '"> <input type="hidden" name="topic" value="' . $id . '"> </td> </tr> <tr> <td align="left">'; makebutton($forum_lang['post'], "javascript:do_submit()", 100); $output .= ' </td> </tr> </table> </fieldset> </form>'; } $output .= ' </center>'; $sqlm->close(); } else { $output .= ' <div class="top"> <h1>Stand by...</h1> </div>'; // Get post id $post = $sqlm->query(' SELECT topic, id FROM mm_forum_posts WHERE id = ' . $id . ''); if ($sqlm->num_rows($post) == 0) { error($forum_lang['no_such_topic']); } $post = $sqlm->fetch_assoc($post); if ($post['id'] == $post['authorid']) { redirect('forum.php?action=view_topic&id=' . $id . ''); } $topic = $post['id']; // Get posts in topic $posts = $sqlm->query(' SELECT id FROM mm_forum_posts WHERE topic = ' . $topic . ''); $replies = $sqlm->num_rows($posts); if ($replies == 0) { error($forum_lang['no_such_topic']); } $row = 0; // Find the row of our post, so we could have his ratio (topic x/total topics) and knew the page to show while ($post = $sqlm->fetch_row($posts)) { $row++; if ($topic == $id) { break; } } $page = 0; while ($page * $maxqueries < $row) { $page++; } $page--; $sqlm->close(); redirect('forum.php?action=view_topic&id=' . $topic . '&page=' . $page . ''); } // Queries : 2 with id || 2 (+2) with postid }
function doregister() { global $lang_global, $characters_db, $realm_db, $mmfpm_db, $realm_id, $disable_acc_creation, $limit_acc_per_ip, $valid_ip_mask, $send_mail_on_creation, $create_acc_locked, $from_mail, $defaultoption, $require_account_verify, $mailer_type, $smtp_cfg, $title; if ($_POST['security_code'] != $_SESSION['security_code']) { redirect("register.php?err=13"); } if (empty($_POST['pass']) || empty($_POST['email']) || empty($_POST['username'])) { redirect("register.php?err=1"); } if ($disable_acc_creation) { redirect("register.php?err=4"); } $last_ip = getenv('HTTP_X_FORWARDED_FOR') ? getenv('HTTP_X_FORWARDED_FOR') : getenv('REMOTE_ADDR'); if (sizeof($valid_ip_mask)) { $qFlag = 0; $user_ip_mask = explode('.', $last_ip); foreach ($valid_ip_mask as $mask) { $vmask = explode('.', $mask); $v_count = 4; $i = 0; foreach ($vmask as $range) { $vmask_h = explode('-', $range); if (isset($vmask_h[1])) { if ($vmask_h[0] >= $user_ip_mask[$i] && $vmask_h[1] <= $user_ip_mask[$i]) { $v_count--; } } else { if ($vmask_h[0] == $user_ip_mask[$i]) { $v_count--; } } $i++; } if (!$v_count) { $qFlag++; break; } } if (!$qFlag) { redirect("register.php?err=9&usr={$last_ip}"); } } $sql = new SQL(); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $user_name = $sql->quote_smart(trim($_POST['username'])); $pass = $sql->quote_smart($_POST['pass']); $pass1 = $sql->quote_smart($_POST['pass1']); //make sure username/pass at least 4 chars long and less than max if (strlen($user_name) < 4 || strlen($user_name) > 15) { $sql->close(); redirect("register.php?err=5"); } require_once "libs/valid_lib.php"; //make sure it doesnt contain non english chars. if (!valid_alphabetic($user_name)) { $sql->close(); redirect("register.php?err=6"); } //make sure the mail is valid mail format $mail = $sql->quote_smart(trim($_POST['email'])); if (!valid_email($mail) || strlen($mail) > 224) { $sql->close(); redirect("register.php?err=7"); } $per_ip = $limit_acc_per_ip ? "OR last_ip='{$last_ip}'" : ""; $result = $sql->query("SELECT ip FROM ip_banned WHERE ip = '{$last_ip}'"); //IP is in ban list if ($sql->num_rows($result)) { $sql->close(); redirect("register.php?err=8&usr={$last_ip}"); } //Email check $result = $sql->query("SELECT email FROM account WHERE email='{$mail}' {$per_ip}"); if ($sql->num_rows($result)) { $sql->close(); redirect("register.php?err=14"); } //Username check $result = $sql->query("SELECT username FROM account WHERE username='******' {$per_ip}"); if ($sql->num_rows($result)) { $sql->close(); redirect("register.php?err=3"); } //there is already someone with same account name if ($sql->num_rows($result)) { $sql->close(); redirect("register.php?err=3&usr={$user_name}"); } else { if ($expansion_select) { $expansion = isset($_POST['expansion']) ? $sql->quote_smart($_POST['expansion']) : 0; } else { $expansion = $defaultoption; } if ($require_account_verify) { $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $result2 = $sqlm->query("SELECT * FROM mm_account_verification WHERE username = '******' OR email = '{$mail}'"); if ($sqlm->num_rows($result2) > 0) { redirect("register.php?err=15"); } else { $client_ip = $_SERVER['REMOTE_ADDR']; $authkey = sha1($client_ip . time()); $result = $sqlm->query("INSERT INTO mm_account_verification (username,sha_pass_hash,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion,authkey) VALUES (UPPER('{$user_name}'),'{$pass}',0,'{$mail}',now(),'{$last_ip}',0,{$create_acc_locked},NULL,0,{$expansion},{$authkey})"); do_verify_email(); redirect("login.php?error=7"); } $sqlm->close(); } else { $result = $sql->query("INSERT INTO account (username,sha_pass_hash,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion) VALUES (UPPER('{$user_name}'),'{$pass}',0,'{$mail}',now(),'{$last_ip}',0,{$create_acc_locked},NULL,0,{$expansion})"); } $sql->close(); setcookie("terms", "", time() - 3600); if ($send_mail_on_creation) { require_once "libs/mailer/class.phpmailer.php"; $mailer = new PHPMailer(); $mailer->Mailer = $mailer_type; if ($mailer_type == "smtp") { $mailer->Host = $smtp_cfg['host']; $mailer->Port = $smtp_cfg['port']; if ($smtp_cfg['user'] != '') { $mailer->SMTPAuth = true; $mailer->Username = $smtp_cfg['user']; $mailer->Password = $smtp_cfg['pass']; } } $file_name = "mail_templates/mail_welcome.tpl"; $fh = fopen($file_name, 'r'); $subject = fgets($fh, 4096); $body = fread($fh, filesize($file_name)); fclose($fh); $subject = str_replace("<title>", $title, $subject); $body = str_replace("\n", "<br />", $body); $body = str_replace("\r", " ", $body); $body = str_replace("<username>", $user_name, $body); $body = str_replace("<password>", $pass1, $body); $body = str_replace("<base_url>", $_SERVER['SERVER_NAME'], $body); $mailer->WordWrap = 50; $mailer->From = $from_mail; $mailer->FromName = "{$title} Admin"; $mailer->Subject = $subject; $mailer->IsHTML(true); $mailer->Body = $body; $mailer->AddAddress($mail); $mailer->Send(); $mailer->ClearAddresses(); } if ($result) { redirect("login.php?error=6"); } } }
function dobackup() { global $lang_backup, $backup_dir, $tables_backup_realmd, $tables_backup_characters, $output, $realm_db, $characters_db, $realm_id, $tab_backup_user_realmd, $tab_backup_user_characters; if (empty($_GET['backup_action']) || empty($_GET['backup_from_to'])) { redirect("backup.php?error=1"); } else { $backup_action = addslashes($_GET['backup_action']); $backup_from_to = addslashes($_GET['backup_from_to']); } if ("load" == $backup_action && "file" == $backup_from_to) { if (!eregi("(\\.(sql|qbquery))\$", $_FILES["uploaded_file"]["name"])) { error($lang_backup['upload_sql_file_only']); } $uploaded_filename = str_replace(" ", "_", $_FILES["uploaded_file"]["name"]); $uploaded_filename = preg_replace("/[^_A-Za-z0-9-\\.]/i", '', $uploaded_filename); $file_name_new = $uploaded_filename . "_" . date("m.d.y_H.i.s") . ".sql"; move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], "{$backup_dir}/{$file_name_new}") or die(error("{$lang_backup['upload_err_write_permission']} {$backup_dir}")); if (file_exists("{$backup_dir}/{$file_name_new}")) { require_once "libs/db_lib/sql_lib.php"; $use_db = addslashes($_POST['use_db']); if ($use_db == $realm_db['name']) { $queries = run_sql_script($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], "{$backup_dir}/{$file_name_new}", true); } else { foreach ($characters_db as $db) { if ($use_db == $db['name']) { $queries = run_sql_script($db['addr'], $db['user'], $db['pass'], $db['name'], "{$backup_dir}/{$file_name_new}", true); } } } redirect("backup.php?error=4&tot={$queries}"); } else { error($lang_backup['file_not_found']); } } elseif ("load" == $backup_action && "web" == $backup_from_to) { if (empty($_POST['selected_file_name'])) { redirect("backup.php?error=1"); } else { $file_name = addslashes($_POST['selected_file_name']); } if (file_exists("{$backup_dir}/{$file_name}")) { require_once "libs/db_lib/sql_lib.php"; $use_db = addslashes($_POST['use_db']); if ($use_db == $realm_db['name']) { $queries = run_sql_script($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], "{$backup_dir}/{$file_name}", false); } else { foreach ($characters_db as $db) { if ($use_db == $db['name']) { $queries = run_sql_script($db['addr'], $db['user'], $db['pass'], $db['name'], "{$backup_dir}/{$file_name}", false); } } } redirect("backup.php?error=4&tot={$queries}"); } else { error($lang_backup['file_not_found']); } } elseif ("save" == $backup_action && "file" == $backup_from_to) { //save and send to user $struc_backup = addslashes($_GET['struc_backup']); $save_all_realms = addslashes($_GET['save_all_realms']); if ($save_all_realms) { $temp_id = "all_realms"; } else { $temp_id = "realmid_" . $realm_id; } $file_name_new = $temp_id . "_backup_" . date("m.d.y_H.i.s") . ".sql"; $fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err'])); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$realm_db['name']};\n\n") or die(error($lang_backup['file_write_err'])); fclose($fp); require_once "libs/db_lib/sql_lib.php"; foreach ($tables_backup_realmd as $value) { sql_table_dump($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}"); } if ($save_all_realms) { foreach ($characters_db as $db) { $fp = fopen("{$backup_dir}/{$file_name_new}", 'r+') or die(error($lang_backup['file_write_err'])); fseek($fp, 0, SEEK_END); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$db['name']};\n\n") or die(error($lang_backup['file_write_err'])); fclose($fp); foreach ($tables_backup_characters as $value) { sql_table_dump($db['addr'], $db['user'], $db['pass'], $db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}"); } } } else { $fp = fopen("{$backup_dir}/{$file_name_new}", 'r+') or die(error($lang_backup['file_write_err'])); fseek($fp, 0, SEEK_END); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$characters_db[$realm_id]['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$characters_db[$realm_id]['name']};\n\n") or die(error($lang_backup['file_write_err'])); fclose($fp); foreach ($tables_backup_characters as $value) { sql_table_dump($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}"); } } Header("Content-type: application/octet-stream"); Header("Content-Disposition: attachment; filename={$file_name_new}"); $fp = fopen("{$backup_dir}/{$file_name_new}", 'r') or die(error($lang_backup['file_write_err'])); while (!feof($fp)) { $output_file = fread($fp, 1024); echo $output_file; } fclose($fp); unlink("{$backup_dir}/{$file_name_new}"); exit; } elseif ("save" == $backup_action && "web" == $backup_from_to) { //save backup to web/backup folder $struc_backup = addslashes($_GET['struc_backup']); $save_all_realms = addslashes($_GET['save_all_realms']); $file_name_new = $realm_db['name'] . "_backup_" . date("m.d.y_H.i.s") . ".sql"; $fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err'])); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$realm_db['name']};\n\n") or die(error($lang_backup['file_write_err'])); fclose($fp); require_once "libs/db_lib/sql_lib.php"; foreach ($tables_backup_realmd as $value) { sql_table_dump($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}"); } fclose($fp); if ($save_all_realms) { foreach ($characters_db as $db) { $file_name_new = $db['name'] . "_backup_" . date("m.d.y_H.i.s") . ".sql"; $fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err'])); fseek($fp, 0, SEEK_END); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$db['name']};\n\n") or die(error($lang_backup['file_write_err'])); fclose($fp); foreach ($tables_backup_characters as $value) { sql_table_dump($db['addr'], $db['user'], $db['pass'], $db['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}"); } fclose($fp); } } else { $file_name_new = $characters_db[$realm_id]['name'] . "_backup_" . date("m.d.y_H.i.s") . ".sql"; $fp = fopen("{$backup_dir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err'])); fseek($fp, 0, SEEK_END); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$characters_db[$realm_id]['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$characters_db[$realm_id]['name']};\n\n") or die(error($lang_backup['file_write_err'])); fclose($fp); foreach ($tables_backup_characters as $value) { sql_table_dump($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name'], $value, $struc_backup, "{$backup_dir}/{$file_name_new}"); } fclose($fp); } redirect("backup.php?error=2"); exit; } elseif ("save" == $backup_action && "acc_on_file" == $backup_from_to) { //save evry account in different file $struc_backup = addslashes($_GET['struc_backup']); $save_all_realms = addslashes($_GET['save_all_realms']); $sql = new SQL(); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $query = $sql->query("SELECT id FROM account"); $subdir = "{$backup_dir}/accounts/" . date("m_d_y_H_i_s"); mkdir($subdir, 0750); while ($acc = $sql->fetch_array($query)) { $file_name_new = $acc[0] . "_{$realm_db['name']}.sql"; $fp = fopen("{$subdir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err'])); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$realm_db['name']};\n\n") or die(error($lang_backup['file_write_err'])); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); foreach ($tab_backup_user_realmd as $value) { $acc_query = $sql->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$acc['0']}"); $num_fields = $sql->num_fields($acc_query); $numrow = $sql->num_rows($acc_query); $result = "-- Dumping data for {$value['0']} " . date("m.d.y_H.i.s") . "\n"; $result .= "LOCK TABLES {$value['0']} WRITE;\n"; $result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$acc['0']};\n"; if ($numrow) { $result .= "INSERT INTO {$value['0']} ("; for ($count = 0; $count < $num_fields; $count++) { $result .= "`" . $sql->field_name($acc_query, $count) . "`"; if ($count < $num_fields - 1) { $result .= ","; } } $result .= ") VALUES \n"; for ($i = 0; $i < $numrow; $i++) { $result .= "\t("; $row = $sql->fetch_row($acc_query); for ($j = 0; $j < $num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace("\n", "\\n", $row[$j]); if (isset($row[$j])) { if ($sql->field_type($acc_query, $j) == "int") { $result .= "{$row[$j]}"; } else { $result .= "'{$row[$j]}'"; } } else { $result .= "''"; } if ($j < $num_fields - 1) { $result .= ","; } } if ($i < $numrow - 1) { $result .= "),\n"; } } $result .= ");\n"; } $result .= "UNLOCK TABLES;\n"; $result .= "\n"; fwrite($fp, $result) or die(error($lang_backup['file_write_err'])); } fclose($fp); foreach ($characters_db as $db) { $file_name_new = $acc[0] . "_{$db['name']}.sql"; $fp = fopen("{$subdir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err'])); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$db['name']};\n\n") or die(error($lang_backup['file_write_err'])); $sql->connect($db['addr'], $db['user'], $db['pass'], $db['name']); $all_char_query = $sql->query("SELECT guid,name FROM `characters` WHERE account = {$acc['0']}"); while ($char = $sql->fetch_array($all_char_query)) { fwrite($fp, "-- Dumping data for character {$char['1']}\n") or die(error($lang_backup['file_write_err'])); foreach ($tab_backup_user_characters as $value) { $char_query = $sql->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$char['0']}"); $num_fields = $sql->num_fields($char_query); $numrow = $sql->num_rows($char_query); $result = "LOCK TABLES {$value['0']} WRITE;\n"; $result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$char['0']};\n"; if ($numrow) { $result .= "INSERT INTO {$value['0']} ("; for ($count = 0; $count < $num_fields; $count++) { $result .= "`" . $sql->field_name($char_query, $count) . "`"; if ($count < $num_fields - 1) { $result .= ","; } } $result .= ") VALUES \n"; for ($i = 0; $i < $numrow; $i++) { $result .= "\t("; $row = $sql->fetch_row($char_query); for ($j = 0; $j < $num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace("\n", "\\n", $row[$j]); if (isset($row[$j])) { if ($sql->field_type($char_query, $j) == "int") { $result .= "{$row[$j]}"; } else { $result .= "'{$row[$j]}'"; } } else { $result .= "''"; } if ($j < $num_fields - 1) { $result .= ","; } } if ($i < $numrow - 1) { $result .= "),\n"; } } $result .= ");\n"; } $result .= "UNLOCK TABLES;\n"; $result .= "\n"; fwrite($fp, $result) or die(error($lang_backup['file_write_err'])); } } fclose($fp); } } $sql->close(); unset($sql); redirect("backup.php?error=2"); } elseif ("load" == $backup_action && "acc_on_file" == $backup_from_to) { //load saved account if (empty($_POST['selected_file_name']) || empty($_POST['file_dir'])) { redirect("backup.php?error=1"); } else { $file_name = addslashes($_POST['selected_file_name']); $file_dir = addslashes($_POST['file_dir']); $use_db = addslashes($_POST['use_db']); } $file_tmp = "{$backup_dir}/accounts/{$file_dir}/" . $file_name . "_{$use_db}.sql"; if (file_exists($file_tmp)) { require_once "libs/db_lib/sql_lib.php"; if ($use_db == $realm_db['name']) { $queries = run_sql_script($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name'], "{$backup_dir}/accounts/{$file_dir}/{$file_name}.sql", true); } else { foreach ($characters_db as $db) { if ($use_db == $db['name']) { $queries = run_sql_script($db['addr'], $db['user'], $db['pass'], $db['name'], "{$backup_dir}/accounts/{$file_dir}/{$file_name}.sql", true); } } } redirect("backup.php?error=4&tot={$queries}"); } else { error($lang_backup['file_not_found']); } } else { //non of the options = error redirect("backup.php?error=1"); } }
require_once 'libs/db_lib.php'; // Try to globally fix security vulnerabilities (very dirty way..) require_once 'libs/valid_lib.php'; $sqlm = new SQL(); //mysql_real_escape_string needs a sql connection $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); foreach ($_POST as $key => $value) { $_POST[$key] = cleanSQL($value); } foreach ($_GET as $key => $value) { $_GET[$key] = cleanSQL($value); } foreach ($_COOKIE as $key => $value) { $_COOKIE[$key] = cleanSQL($value); } $sqlm->close(); unset($sqlm); // End //---------------------Loading User Theme and Language Settings---------------- if (isset($_COOKIE['theme'])) { if (is_dir('themes/' . $_COOKIE['theme'])) { if (is_file('themes/' . $_COOKIE['theme'] . '/' . $_COOKIE['theme'] . '_1024.css')) { $theme = $_COOKIE['theme']; } } } if (isset($_COOKIE['lang'])) { $lang = $_COOKIE['lang']; if (file_exists('lang/' . $lang . '.php')) { } else { $lang = $language;
function do_edit_char() { global $lang_global, $lang_char, $output, $realm_db, $characters_db, $realm_id, $action_permission, $user_lvl, $world_db; valid_login($action_permission['delete']); if (empty($_GET['id']) || empty($_GET['name'])) { error($lang_global['empty_fields']); } $sql = new SQL(); $sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $id = $sql->quote_smart($_GET['id']); $result = $sql->query("SELECT account, online FROM characters WHERE guid = '{$id}'"); if ($sql->num_rows($result)) { //we cannot edit online chars if (!$sql->result($result, 0, 'online')) { //resrict by owner's gmlvl $owner_acc_id = $sql->result($result, 0, 'account'); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $query = $sql->query("SELECT gmlevel FROM account_access WHERE id ='{$owner_acc_id}' and (`RealmID` = {$realm_id} or `RealmID` = -1)"); $owner_gmlvl = $sql->result($query, 0, 'gmlevel'); $new_owner_name = $_GET['owner_name']; $query = $sql->query("SELECT id FROM account WHERE username ='******'"); $new_owner_acc_id = $sql->result($query, 0, 'id'); if ($owner_acc_id != $new_owner_acc_id) { $max_players = $sql->query("SELECT numchars FROM realmcharacters WHERE acctid ='{$new_owner_acc_id}'"); $max_players = $max_players[0]; if ($max_players <= 9) { $result = $sql->query("UPDATE `{$characters_db[$realm_id]['name']}`.`characters` SET account = {$new_owner_acc_id} WHERE guid = {$id}"); } else { redirect("char_edit.php?action=edit_char&id={$id}&error=5"); } } if ($user_lvl > $owner_gmlvl) { if (isset($_GET['check'])) { $check = $sql->quote_smart($_GET['check']); } else { $check = NULL; } $new_name = $sql->quote_smart($_GET['name']); if (isset($_GET['tot_time'])) { $new_tot_time = $sql->quote_smart($_GET['tot_time']); } else { $new_tot_time = 0; } if (isset($_GET['money'])) { $new_money = $sql->quote_smart($_GET['money']); } else { $new_money = 0; } if (isset($_GET['arena_points'])) { $new_arena_points = $sql->quote_smart($_GET['arena_points']); } else { $new_arena_points = 0; } if (isset($_GET['honor_points'])) { $new_honor_points = $sql->quote_smart($_GET['honor_points']); } else { $new_honor_points = 0; } if (isset($_GET['total_kills'])) { $new_total_kills = $sql->quote_smart($_GET['total_kills']); } else { $new_total_kills = 0; } if (!is_numeric($new_tot_time) || !is_numeric($new_money) || !is_numeric($new_arena_points) || !is_numeric($new_honor_points)) { error($lang_char['use_numeric']); } $x = isset($_GET['x']) ? $sql->quote_smart($_GET['x']) : 0; $y = isset($_GET['y']) ? $sql->quote_smart($_GET['y']) : 0; $z = isset($_GET['z']) ? $sql->quote_smart($_GET['z']) : 0; $map = isset($_GET['map']) ? $sql->quote_smart($_GET['map']) : 0; $tp_to = isset($_GET['tp_to']) ? $sql->quote_smart($_GET['tp_to']) : 0; $sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $result = $sql->query("SELECT equipmentCache FROM characters WHERE guid = '{$id}'"); $char = $sql->fetch_row($result); $eq_data = explode(' ', $char[0]); //some items need to be deleted if ($check) { $item_offset = array("a0" => EQ_DATA_OFFSET_EQU_HEAD, "a1" => EQ_DATA_OFFSET_EQU_NECK, "a2" => EQ_DATA_OFFSET_EQU_SHOULDER, "a3" => EQ_DATA_OFFSET_EQU_SHIRT, "a4" => EQ_DATA_OFFSET_EQU_CHEST, "a5" => EQ_DATA_OFFSET_EQU_BELT, "a6" => EQ_DATA_OFFSET_EQU_LEGS, "a7" => EQ_DATA_OFFSET_EQU_FEET, "a8" => EQ_DATA_OFFSET_EQU_WRIST, "a9" => EQ_DATA_OFFSET_EQU_GLOVES, "a10" => EQ_DATA_OFFSET_EQU_FINGER1, "a11" => EQ_DATA_OFFSET_EQU_FINGER2, "a12" => EQ_DATA_OFFSET_EQU_TRINKET1, "a13" => EQ_DATA_OFFSET_EQU_TRINKET2, "a14" => EQ_DATA_OFFSET_EQU_BACK, "a15" => EQ_DATA_OFFSET_EQU_MAIN_HAND, "a16" => EQ_DATA_OFFSET_EQU_OFF_HAND, "a17" => EQ_DATA_OFFSET_EQU_RANGED, "a18" => EQ_DATA_OFFSET_EQU_TABARD); foreach ($check as $item_num) { //deleting equiped items if ($item_num[0] == "a") { $eq_data[$item_offset[$item_num]] = 0; sscanf($item_num, "a%d", $item_num); $result = $sql->query("SELECT item FROM character_inventory WHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0"); $item_inst_id = $sql->result($result, 0, 'item'); $sql->query("DELETE FROM character_inventory WHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0"); $sql->query("DELETE FROM item_instance WHERE guid = '{$item_inst_id}' AND owner_guid = '{$id}'"); } else { //deleting inv/bank items $sql->query("DELETE FROM character_inventory WHERE guid = '{$id}' AND item = '{$item_num}'"); $sql->query("DELETE FROM item_instance WHERE guid = '{$item_num}' AND owner_guid = '{$id}'"); } } } $data = implode(' ', $eq_data); if ($tp_to) { $query = $sql->query("SELECT map, position_x, position_y, position_z, orientation FROM `" . $world_db[$realm_id]['name'] . "`.`game_tele` WHERE LOWER(name) = '" . strtolower($tp_to) . "'"); $tele = $sql->fetch_row($query); if ($tele) { $teleport = "map='{$tele['0']}', position_x='{$tele['1']}', position_y='{$tele['2']}', position_z='{$tele['3']}', orientation='{$tele['4']}',"; } else { error($lang_char['no_tp_location']); } } else { $teleport = "map='{$map}', position_x='{$x}', position_y='{$y}', position_z='{$z}',"; } $result = $sql->query("UPDATE characters SET equipmentCache = '{$data}', name = '{$new_name}', {$teleport} totaltime = '{$new_tot_time}', money = '{$new_money}', arenaPoints = '{$new_arena_points}', totalHonorPoints = '{$new_honor_points}', totalKills = '{$new_total_kills}' WHERE guid = {$id}"); $sql->close(); unset($sql); if ($result) { redirect("char_edit.php?action=edit_char&id={$id}&error=3"); } else { redirect("char_edit.php?action=edit_char&id={$id}&error=4"); } } else { $sql->close(); unset($sql); error($lang_char['no_permission']); } } else { $sql->close(); unset($sql); redirect("char_edit.php?action=edit_char&id={$id}&error=2"); } } else { error($lang_char['no_char_found']); } $sql->close(); unset($sql); }
function do_update() { global $world_db, $realm_id, $action_permission, $user_lvl; valid_login($action_permission['update']); if (!isset($_POST['type']) || $_POST['type'] === '') { redirect("item.php?error=1"); } if (!isset($_POST['entry']) || $_POST['entry'] === '') { redirect("item.php?error=1"); } $sql = new SQL(); $sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $entry = $sql->quote_smart($_POST['entry']); if (isset($_POST['class']) && $_POST['class'] != '') { $class = $sql->quote_smart($_POST['class']); } else { $class = 0; } if (isset($_POST['subclass']) && $_POST['subclass'] != '') { $subclass = $sql->quote_smart($_POST['subclass']); } else { $subclass = 0; } if (isset($_POST['name']) && $_POST['name'] != '') { $name = $sql->quote_smart($_POST['name']); } else { $name = 0; } if (isset($_POST['displayid']) && $_POST['displayid'] != '') { $displayid = $sql->quote_smart($_POST['displayid']); } else { $displayid = 0; } if (isset($_POST['Quality']) && $_POST['Quality'] != '') { $Quality = $sql->quote_smart($_POST['Quality']); } else { $Quality = 0; } if (isset($_POST['Flags']) && $_POST['Flags'] != '') { $Flags = $sql->quote_smart($_POST['Flags']); } else { $Flags = 0; } if (isset($_POST['BuyCount']) && $_POST['BuyCount'] != '') { $BuyCount = $sql->quote_smart($_POST['BuyCount']); } else { $BuyCount = 0; } if (isset($_POST['BuyPrice']) && $_POST['BuyPrice'] != '') { $BuyPrice = $sql->quote_smart($_POST['BuyPrice']); } else { $BuyPrice = 0; } if (isset($_POST['SellPrice']) && $_POST['SellPrice'] != '') { $SellPrice = $sql->quote_smart($_POST['SellPrice']); } else { $SellPrice = 0; } if (isset($_POST['InventoryType']) && $_POST['InventoryType'] != '') { $InventoryType = $sql->quote_smart($_POST['InventoryType']); } else { $AllowableClass = 0; } if (isset($_POST['AllowableClass'])) { $AllowableClass = $sql->quote_smart($_POST['AllowableClass']); } else { $AllowableClass = -1; } if (isset($_POST['AllowableRace'])) { $AllowableRace = $sql->quote_smart($_POST['AllowableRace']); } else { $AllowableRace = -1; } if (isset($_POST['ItemLevel']) && $_POST['ItemLevel'] != '') { $ItemLevel = $sql->quote_smart($_POST['ItemLevel']); } else { $ItemLevel = 1; } if (isset($_POST['RequiredLevel']) && $_POST['RequiredLevel'] != '') { $RequiredLevel = $sql->quote_smart($_POST['RequiredLevel']); } else { $RequiredLevel = 0; } if (isset($_POST['RequiredSkill']) && $_POST['RequiredSkill'] != '') { $RequiredSkill = $sql->quote_smart($_POST['RequiredSkill']); } else { $RequiredSkill = 0; } if (isset($_POST['RequiredSkillRank']) && $_POST['RequiredSkillRank'] != '') { $RequiredSkillRank = $sql->quote_smart($_POST['RequiredSkillRank']); } else { $RequiredSkillRank = 0; } if (isset($_POST['requiredspell']) && $_POST['requiredspell'] != '') { $requiredspell = $sql->quote_smart($_POST['requiredspell']); } else { $requiredspell = 0; } if (isset($_POST['requiredhonorrank']) && $_POST['requiredhonorrank'] != '') { $requiredhonorrank = $sql->quote_smart($_POST['requiredhonorrank']); } else { $requiredhonorrank = 0; } if (isset($_POST['RequiredCityRank']) && $_POST['RequiredCityRank'] != '') { $RequiredCityRank = $sql->quote_smart($_POST['RequiredCityRank']); } else { $RequiredCityRank = 0; } if (isset($_POST['RequiredReputationFaction']) && $_POST['RequiredReputationFaction'] != '') { $RequiredReputationFaction = $sql->quote_smart($_POST['RequiredReputationFaction']); } else { $RequiredReputationFaction = 0; } if (isset($_POST['RequiredReputationRank']) && $_POST['RequiredReputationRank'] != '') { $RequiredReputationRank = $sql->quote_smart($_POST['RequiredReputationRank']); } else { $RequiredReputationRank = 0; } if (isset($_POST['maxcount']) && $_POST['maxcount'] != '') { $maxcount = $sql->quote_smart($_POST['maxcount']); } else { $maxcount = 0; } if (isset($_POST['stackable']) && $_POST['stackable'] != '') { $stackable = $sql->quote_smart($_POST['stackable']); } else { $description = 0; } if (isset($_POST['ContainerSlots']) && $_POST['ContainerSlots'] != '') { $ContainerSlots = $sql->quote_smart($_POST['ContainerSlots']); } else { $ContainerSlots = 0; } if (isset($_POST['stat_type1']) && $_POST['stat_type1'] != '') { $stat_type1 = $sql->quote_smart($_POST['stat_type1']); } else { $stat_type1 = 0; } if (isset($_POST['stat_value1']) && $_POST['stat_value1'] != '') { $stat_value1 = $sql->quote_smart($_POST['stat_value1']); } else { $stat_value1 = 0; } if (isset($_POST['stat_type2']) && $_POST['stat_type2'] != '') { $stat_type2 = $sql->quote_smart($_POST['stat_type2']); } else { $stat_type2 = 0; } if (isset($_POST['stat_value2']) && $_POST['stat_value2'] != '') { $stat_value2 = $sql->quote_smart($_POST['stat_value2']); } else { $stat_value2 = 0; } if (isset($_POST['stat_type3']) && $_POST['stat_type3'] != '') { $stat_type3 = $sql->quote_smart($_POST['stat_type3']); } else { $stat_type3 = 0; } if (isset($_POST['stat_value3']) && $_POST['stat_value3'] != '') { $stat_value3 = $sql->quote_smart($_POST['stat_value3']); } else { $stat_value3 = 0; } if (isset($_POST['stat_type4']) && $_POST['stat_type4'] != '') { $stat_type4 = $sql->quote_smart($_POST['stat_type4']); } else { $stat_type4 = 0; } if (isset($_POST['stat_value4']) && $_POST['stat_value4'] != '') { $stat_value4 = $sql->quote_smart($_POST['stat_value4']); } else { $stat_value4 = 0; } if (isset($_POST['stat_type5']) && $_POST['stat_type5'] != '') { $stat_type5 = $sql->quote_smart($_POST['stat_type5']); } else { $stat_type5 = 0; } if (isset($_POST['stat_value5']) && $_POST['stat_value5'] != '') { $stat_value5 = $sql->quote_smart($_POST['stat_value5']); } else { $stat_value5 = 0; } if (isset($_POST['stat_type6']) && $_POST['stat_type6'] != '') { $stat_type6 = $sql->quote_smart($_POST['stat_type6']); } else { $stat_type6 = 0; } if (isset($_POST['stat_value6']) && $_POST['stat_value6'] != '') { $stat_value6 = $sql->quote_smart($_POST['stat_value6']); } else { $stat_value6 = 0; } if (isset($_POST['stat_type7']) && $_POST['stat_type7'] != '') { $stat_type7 = $sql->quote_smart($_POST['stat_type7']); } else { $stat_type7 = 0; } if (isset($_POST['stat_value7']) && $_POST['stat_value7'] != '') { $stat_value7 = $sql->quote_smart($_POST['stat_value7']); } else { $stat_value7 = 0; } if (isset($_POST['stat_type8']) && $_POST['stat_type8'] != '') { $stat_type8 = $sql->quote_smart($_POST['stat_type8']); } else { $stat_type8 = 0; } if (isset($_POST['stat_value8']) && $_POST['stat_value8'] != '') { $stat_value8 = $sql->quote_smart($_POST['stat_value8']); } else { $stat_value8 = 0; } if (isset($_POST['stat_type9']) && $_POST['stat_type9'] != '') { $stat_type9 = $sql->quote_smart($_POST['stat_type9']); } else { $stat_type9 = 0; } if (isset($_POST['stat_value9']) && $_POST['stat_value9'] != '') { $stat_value9 = $sql->quote_smart($_POST['stat_value9']); } else { $stat_value9 = 0; } if (isset($_POST['stat_type10']) && $_POST['stat_type10'] != '') { $stat_type10 = $sql->quote_smart($_POST['stat_type10']); } else { $stat_type10 = 0; } if (isset($_POST['stat_value10']) && $_POST['stat_value10'] != '') { $stat_value10 = $sql->quote_smart($_POST['stat_value10']); } else { $stat_value10 = 0; } if (isset($_POST['dmg_min1']) && $_POST['dmg_min1'] != '') { $dmg_min1 = $sql->quote_smart($_POST['dmg_min1']); } else { $dmg_min1 = 0; } if (isset($_POST['dmg_max1']) && $_POST['dmg_max1'] != '') { $dmg_max1 = $sql->quote_smart($_POST['dmg_max1']); } else { $dmg_max1 = 0; } if (isset($_POST['dmg_type1']) && $_POST['dmg_type1'] != '') { $dmg_type1 = $sql->quote_smart($_POST['dmg_type1']); } else { $dmg_type1 = 0; } if (isset($_POST['dmg_min2']) && $_POST['dmg_min2'] != '') { $dmg_min2 = $sql->quote_smart($_POST['dmg_min2']); } else { $dmg_min2 = 0; } if (isset($_POST['dmg_max2']) && $_POST['dmg_max2'] != '') { $dmg_max2 = $sql->quote_smart($_POST['dmg_max2']); } else { $dmg_max2 = 0; } if (isset($_POST['dmg_type2']) && $_POST['dmg_type2'] != '') { $dmg_type2 = $sql->quote_smart($_POST['dmg_type2']); } else { $dmg_type2 = 0; } if (isset($_POST['armor']) && $_POST['armor'] != '') { $armor = $sql->quote_smart($_POST['armor']); } else { $armor = 0; } if (isset($_POST['holy_res']) && $_POST['holy_res'] != '') { $holy_res = $sql->quote_smart($_POST['holy_res']); } else { $holy_res = 0; } if (isset($_POST['fire_res']) && $_POST['fire_res'] != '') { $fire_res = $sql->quote_smart($_POST['fire_res']); } else { $fire_res = 0; } if (isset($_POST['nature_res']) && $_POST['nature_res'] != '') { $nature_res = $sql->quote_smart($_POST['nature_res']); } else { $nature_res = 0; } if (isset($_POST['frost_res']) && $_POST['frost_res'] != '') { $frost_res = $sql->quote_smart($_POST['frost_res']); } else { $frost_res = 0; } if (isset($_POST['shadow_res']) && $_POST['shadow_res'] != '') { $shadow_res = $sql->quote_smart($_POST['shadow_res']); } else { $shadow_res = 0; } if (isset($_POST['arcane_res']) && $_POST['arcane_res'] != '') { $arcane_res = $sql->quote_smart($_POST['arcane_res']); } else { $arcane_res = 0; } if (isset($_POST['delay']) && $_POST['delay'] != '') { $delay = $sql->quote_smart($_POST['delay']); } else { $delay = 0; } if (isset($_POST['ammo_type']) && $_POST['ammo_type'] != '') { $ammo_type = $sql->quote_smart($_POST['ammo_type']); } else { $ammo_type = 0; } if (isset($_POST['RangedModRange']) && $_POST['RangedModRange'] != '') { $RangedModRange = $sql->quote_smart($_POST['RangedModRange']); } else { $RangedModRange = 0; } if (isset($_POST['spellid_1']) && $_POST['spellid_1'] != '') { $spellid_1 = $sql->quote_smart($_POST['spellid_1']); } else { $spellid_1 = 0; } if (isset($_POST['spelltrigger_1']) && $_POST['spelltrigger_1'] != '') { $spelltrigger_1 = $sql->quote_smart($_POST['spelltrigger_1']); } else { $spelltrigger_1 = 0; } if (isset($_POST['spellcharges_1']) && $_POST['spellcharges_1'] != '') { $spellcharges_1 = $sql->quote_smart($_POST['spellcharges_1']); } else { $spellcharges_1 = 0; } if (isset($_POST['spellcooldown_1']) && $_POST['spellcooldown_1'] != '') { $spellcooldown_1 = $sql->quote_smart($_POST['spellcooldown_1']); } else { $spellcooldown_1 = -1; } if (isset($_POST['spellcategory_1']) && $_POST['spellcategory_1'] != '') { $spellcategory_1 = $sql->quote_smart($_POST['spellcategory_1']); } else { $spellcategory_1 = 0; } if (isset($_POST['spellcategorycooldown_1']) && $_POST['spellcategorycooldown_1'] != '') { $spellcategorycooldown_1 = $sql->quote_smart($_POST['spellcategorycooldown_1']); } else { $spellcategorycooldown_1 = -1; } if (isset($_POST['spellppmRate_1']) && $_POST['spellppmRate_1'] != '') { $spellppmRate_1 = $sql->quote_smart($_POST['spellppmRate_1']); } else { $spellppmRate_1 = 0; } if (isset($_POST['spellid_2']) && $_POST['spellid_2'] != '') { $spellid_2 = $sql->quote_smart($_POST['spellid_2']); } else { $spellid_2 = 0; } if (isset($_POST['spelltrigger_2']) && $_POST['spelltrigger_2'] != '') { $spelltrigger_2 = $sql->quote_smart($_POST['spelltrigger_2']); } else { $spelltrigger_2 = 0; } if (isset($_POST['spellcharges_2']) && $_POST['spellcharges_2'] != '') { $spellcharges_2 = $sql->quote_smart($_POST['spellcharges_2']); } else { $spellcharges_2 = 0; } if (isset($_POST['spellcooldown_2']) && $_POST['spellcooldown_2'] != '') { $spellcooldown_2 = $sql->quote_smart($_POST['spellcooldown_2']); } else { $spellcooldown_2 = -1; } if (isset($_POST['spellcategory_2']) && $_POST['spellcategory_2'] != '') { $spellcategory_2 = $sql->quote_smart($_POST['spellcategory_2']); } else { $spellcategory_2 = 0; } if (isset($_POST['spellcategorycooldown_2']) && $_POST['spellcategorycooldown_2'] != '') { $spellcategorycooldown_2 = $sql->quote_smart($_POST['spellcategorycooldown_2']); } else { $spellcategorycooldown_2 = -1; } if (isset($_POST['spellppmRate_2']) && $_POST['spellppmRate_2'] != '') { $spellppmRate_2 = $sql->quote_smart($_POST['spellppmRate_2']); } else { $spellppmRate_2 = 0; } if (isset($_POST['spellid_3']) && $_POST['spellid_3'] != '') { $spellid_3 = $sql->quote_smart($_POST['spellid_3']); } else { $spellid_3 = 0; } if (isset($_POST['spelltrigger_3']) && $_POST['spelltrigger_3'] != '') { $spelltrigger_3 = $sql->quote_smart($_POST['spelltrigger_3']); } else { $spelltrigger_3 = 0; } if (isset($_POST['spellcharges_3']) && $_POST['spellcharges_3'] != '') { $spellcharges_3 = $sql->quote_smart($_POST['spellcharges_3']); } else { $spellcharges_3 = 0; } if (isset($_POST['spellcooldown_3']) && $_POST['spellcooldown_3'] != '') { $spellcooldown_3 = $sql->quote_smart($_POST['spellcooldown_3']); } else { $spellcooldown_3 = -1; } if (isset($_POST['spellcategory_3']) && $_POST['spellcategory_3'] != '') { $spellcategory_3 = $sql->quote_smart($_POST['spellcategory_3']); } else { $description = 0; } if (isset($_POST['spellcategorycooldown_3']) && $_POST['spellcategorycooldown_3'] != '') { $spellcategorycooldown_3 = $sql->quote_smart($_POST['spellcategorycooldown_3']); } else { $spellcategorycooldown_3 = -1; } if (isset($_POST['spellppmRate_3']) && $_POST['spellppmRate_3'] != '') { $spellppmRate_3 = $sql->quote_smart($_POST['spellppmRate_3']); } else { $spellppmRate_3 = 0; } if (isset($_POST['spellid_4']) && $_POST['spellid_4'] != '') { $spellid_4 = $sql->quote_smart($_POST['spellid_4']); } else { $spellid_4 = 0; } if (isset($_POST['spelltrigger_4']) && $_POST['spelltrigger_4'] != '') { $spelltrigger_4 = $sql->quote_smart($_POST['spelltrigger_4']); } else { $spelltrigger_4 = 0; } if (isset($_POST['spellcharges_4']) && $_POST['spellcharges_4'] != '') { $spellcharges_4 = $sql->quote_smart($_POST['spellcharges_4']); } else { $spellcharges_4 = 0; } if (isset($_POST['spellcooldown_4']) && $_POST['spellcooldown_4'] != '') { $spellcooldown_4 = $sql->quote_smart($_POST['spellcooldown_4']); } else { $spellcooldown_4 = -1; } if (isset($_POST['spellcategory_4']) && $_POST['spellcategory_4'] != '') { $spellcategory_4 = $sql->quote_smart($_POST['spellcategory_4']); } else { $spellcategory_4 = 0; } if (isset($_POST['spellcategorycooldown_4']) && $_POST['spellcategorycooldown_4'] != '') { $spellcategorycooldown_4 = $sql->quote_smart($_POST['spellcategorycooldown_4']); } else { $spellcategorycooldown_4 = -1; } if (isset($_POST['spellppmRate_4']) && $_POST['spellppmRate_4'] != '') { $spellppmRate_4 = $sql->quote_smart($_POST['spellppmRate_4']); } else { $spellppmRate_4 = 0; } if (isset($_POST['spellid_5']) && $_POST['spellid_5'] != '') { $spellid_5 = $sql->quote_smart($_POST['spellid_5']); } else { $spellid_5 = 0; } if (isset($_POST['spelltrigger_5']) && $_POST['spelltrigger_5'] != '') { $spelltrigger_5 = $sql->quote_smart($_POST['spelltrigger_5']); } else { $spelltrigger_5 = 0; } if (isset($_POST['spellcharges_5']) && $_POST['spellcharges_5'] != '') { $spellcharges_5 = $sql->quote_smart($_POST['spellcharges_5']); } else { $spellcharges_5 = 0; } if (isset($_POST['spellcooldown_5']) && $_POST['spellcooldown_5'] != '') { $spellcooldown_5 = $sql->quote_smart($_POST['spellcooldown_5']); } else { $spellcooldown_5 = -1; } if (isset($_POST['spellcategory_5']) && $_POST['spellcategory_5'] != '') { $spellcategory_5 = $sql->quote_smart($_POST['spellcategory_5']); } else { $spellcategory_5 = 0; } if (isset($_POST['spellcategorycooldown_5']) && $_POST['spellcategorycooldown_5'] != '') { $spellcategorycooldown_5 = $sql->quote_smart($_POST['spellcategorycooldown_5']); } else { $spellcategorycooldown_5 = -1; } if (isset($_POST['spellppmRate_5']) && $_POST['spellppmRate_5'] != '') { $spellppmRate_5 = $sql->quote_smart($_POST['spellppmRate_5']); } else { $spellppmRate_5 = 0; } if (isset($_POST['bonding']) && $_POST['bonding'] != '') { $bonding = $sql->quote_smart($_POST['bonding']); } else { $bonding = 0; } if (isset($_POST['description']) && $_POST['description'] != '') { $description = $sql->quote_smart($_POST['description']); } else { $description = ""; } if (isset($_POST['PageText']) && $_POST['PageText'] != '') { $PageText = $sql->quote_smart($_POST['PageText']); } else { $PageText = 0; } if (isset($_POST['LanguageID']) && $_POST['LanguageID'] != '') { $LanguageID = $sql->quote_smart($_POST['LanguageID']); } else { $LanguageID = 0; } if (isset($_POST['PageMaterial']) && $_POST['PageMaterial'] != '') { $PageMaterial = $sql->quote_smart($_POST['PageMaterial']); } else { $PageMaterial = 0; } if (isset($_POST['startquest']) && $_POST['startquest'] != '') { $startquest = $sql->quote_smart($_POST['startquest']); } else { $startquest = 0; } if (isset($_POST['lockid']) && $_POST['lockid'] != '') { $lockid = $sql->quote_smart($_POST['lockid']); } else { $lockid = 0; } if (isset($_POST['Material']) && $_POST['Material'] != '') { $Material = $sql->quote_smart($_POST['Material']); } else { $Material = 0; } if (isset($_POST['sheath']) && $_POST['sheath'] != '') { $sheath = $sql->quote_smart($_POST['sheath']); } else { $sheath = 0; } if (isset($_POST['RandomProperty']) && $_POST['RandomProperty'] != '') { $RandomProperty = $sql->quote_smart($_POST['RandomProperty']); } else { $RandomProperty = 0; } if (isset($_POST['block ']) && $_POST['block '] != '') { $block = $sql->quote_smart($_POST['block']); } else { $block = 0; } if (isset($_POST['itemset']) && $_POST['itemset'] != '') { $itemset = $sql->quote_smart($_POST['itemset']); } else { $itemset = 0; } if (isset($_POST['MaxDurability']) && $_POST['MaxDurability'] != '') { $MaxDurability = $sql->quote_smart($_POST['MaxDurability']); } else { $MaxDurability = 0; } if (isset($_POST['area']) && $_POST['area'] != '') { $area = $sql->quote_smart($_POST['area']); } else { $area = 0; } if (isset($_POST['BagFamily']) && $_POST['BagFamily'] != '') { $BagFamily = $sql->quote_smart($_POST['BagFamily']); } else { $BagFamily = 0; } if (isset($_POST['Map']) && $_POST['Map'] != '') { $Map = $sql->quote_smart($_POST['Map']); } else { $Map = 0; } if (isset($_POST['ScriptName']) && $_POST['ScriptName'] != '') { $ScriptName = $sql->quote_smart($_POST['ScriptName']); } else { $ScriptName = 0; } if (isset($_POST['DisenchantID']) && $_POST['DisenchantID'] != '') { $DisenchantID = $sql->quote_smart($_POST['DisenchantID']); } else { $DisenchantID = 0; } if (isset($_POST['RequiredDisenchantSkill']) && $_POST['RequiredDisenchantSkill'] != '') { $RequiredDisenchantSkill = $sql->quote_smart($_POST['RequiredDisenchantSkill']); } else { $RequiredDisenchantSkill = -1; } if (isset($_POST['unk0']) && $_POST['unk0'] != '') { $unk0 = $sql->quote_smart($_POST['unk0']); } else { $unk0 = -1; } if (isset($_POST['RandomSuffix']) && $_POST['RandomSuffix'] != '') { $RandomSuffix = $sql->quote_smart($_POST['RandomSuffix']); } else { $RandomSuffix = 0; } if (isset($_POST['TotemCategory']) && $_POST['TotemCategory'] != '') { $TotemCategory = $sql->quote_smart($_POST['TotemCategory']); } else { $TotemCategory = 0; } if (isset($_POST['socketColor_1']) && $_POST['socketColor_1'] != '') { $socketColor_1 = $sql->quote_smart($_POST['socketColor_1']); } else { $socketColor_1 = 0; } if (isset($_POST['socketContent_1']) && $_POST['socketContent_1'] != '') { $socketContent_1 = $sql->quote_smart($_POST['socketContent_1']); } else { $socketContent_1 = 0; } if (isset($_POST['socketColor_2']) && $_POST['socketColor_2'] != '') { $socketColor_2 = $sql->quote_smart($_POST['socketColor_2']); } else { $socketColor_2 = 0; } if (isset($_POST['socketContent_2']) && $_POST['socketContent_2'] != '') { $socketContent_2 = $sql->quote_smart($_POST['socketContent_2']); } else { $socketContent_2 = 0; } if (isset($_POST['socketColor_3']) && $_POST['socketColor_3'] != '') { $socketColor_3 = $sql->quote_smart($_POST['socketColor_3']); } else { $socketColor_3 = 0; } if (isset($_POST['socketContent_3']) && $_POST['socketContent_3'] != '') { $socketContent_3 = $sql->quote_smart($_POST['socketContent_3']); } else { $socketContent_3 = 0; } if (isset($_POST['socketBonus']) && $_POST['socketBonus'] != '') { $socketBonus = $sql->quote_smart($_POST['socketBonus']); } else { $socketBonus = 0; } if (isset($_POST['GemProperties']) && $_POST['GemProperties'] != '') { $GemProperties = $sql->quote_smart($_POST['GemProperties']); } else { $GemProperties = 0; } if (isset($_POST['ArmorDamageModifier']) && $_POST['ArmorDamageModifier'] != '') { $ArmorDamageModifier = $sql->quote_smart($_POST['ArmorDamageModifier']); } else { $ArmorDamageModifier = 0; } if (isset($_POST['de_ChanceOrQuestChance']) && $_POST['de_ChanceOrQuestChance'] != '') { $de_ChanceOrQuestChance = $sql->quote_smart($_POST['de_ChanceOrQuestChance']); } else { $de_ChanceOrQuestChance = 0; } if (isset($_POST['de_groupid']) && $_POST['de_groupid'] != '') { $de_groupid = $sql->quote_smart($_POST['de_groupid']); } else { $de_groupid = 0; } if (isset($_POST['de_mincountOrRef']) && $_POST['de_mincountOrRef'] != '') { $de_mincountOrRef = $sql->quote_smart($_POST['de_mincountOrRef']); } else { $de_mincountOrRef = 0; } if (isset($_POST['de_maxcount']) && $_POST['de_maxcount'] != '') { $de_maxcount = $sql->quote_smart($_POST['de_maxcount']); } else { $de_maxcount = 0; } if (isset($_POST['de_lootcondition']) && $_POST['de_lootcondition'] != '') { $de_lootcondition = $sql->quote_smart($_POST['de_lootcondition']); } else { $de_lootcondition = 0; } if (isset($_POST['de_condition_value1']) && $_POST['de_condition_value1'] != '') { $de_condition_value1 = $sql->quote_smart($_POST['de_condition_value1']); } else { $de_condition_value1 = 0; } if (isset($_POST['de_condition_value2']) && $_POST['de_condition_value2'] != '') { $de_condition_value2 = $sql->quote_smart($_POST['de_condition_value2']); } else { $de_condition_value2 = 0; } if (isset($_POST['de_item']) && $_POST['de_item'] != '') { $de_item = $sql->quote_smart($_POST['de_item']); } else { $de_item = 0; } if (isset($_POST['del_de_items']) && $_POST['del_de_items'] != '') { $del_de_items = $sql->quote_smart($_POST['del_de_items']); } else { $del_de_items = NULL; } $tmp = 0; if ($AllowableClass[0] != -1) { for ($t = 0; $t < count($AllowableClass); $t++) { if ($AllowableClass[$t] & 1) { $tmp = $tmp + 1; } if ($AllowableClass[$t] & 2) { $tmp = $tmp + 2; } if ($AllowableClass[$t] & 4) { $tmp = $tmp + 4; } if ($AllowableClass[$t] & 8) { $tmp = $tmp + 8; } if ($AllowableClass[$t] & 16) { $tmp = $tmp + 16; } if ($AllowableClass[$t] & 32) { $tmp = $tmp + 32; } if ($AllowableClass[$t] & 64) { $tmp = $tmp + 64; } if ($AllowableClass[$t] & 128) { $tmp = $tmp + 128; } if ($AllowableClass[$t] & 256) { $tmp = $tmp + 256; } if ($AllowableClass[$t] & 512) { $tmp = $tmp + 512; } if ($AllowableClass[$t] & 1024) { $tmp = $tmp + 1024; } } } if ($tmp) { $AllowableClass = $tmp; } else { $AllowableClass = -1; } $tmp = 0; if ($AllowableRace[0] != -1) { for ($t = 0; $t < count($AllowableRace); $t++) { if ($AllowableRace[$t] & 1) { $tmp = $tmp + 1; } if ($AllowableRace[$t] & 2) { $tmp = $tmp + 2; } if ($AllowableRace[$t] & 4) { $tmp = $tmp + 4; } if ($AllowableRace[$t] & 8) { $tmp = $tmp + 8; } if ($AllowableRace[$t] & 16) { $tmp = $tmp + 16; } if ($AllowableRace[$t] & 32) { $tmp = $tmp + 32; } if ($AllowableRace[$t] & 64) { $tmp = $tmp + 64; } if ($AllowableRace[$t] & 128) { $tmp = $tmp + 128; } if ($AllowableRace[$t] & 256) { $tmp = $tmp + 256; } if ($AllowableRace[$t] & 512) { $tmp = $tmp + 512; } } } if ($tmp) { $AllowableRace = $tmp; } else { $AllowableRace = -1; } if ($_POST['type'] == "add_new") { $sql_query = "INSERT INTO item_template (entry, class, subclass, name,displayid, Quality, Flags, BuyCount, BuyPrice, SellPrice, InventoryType, AllowableClass, AllowableRace, ItemLevel,\n RequiredLevel, RequiredSkill, RequiredSkillRank, requiredspell, requiredhonorrank, RequiredCityRank, RequiredReputationFaction, RequiredReputationRank, maxcount, stackable, ContainerSlots, stat_type1,\n stat_value1, stat_type2, stat_value2, stat_type3, stat_value3, stat_type4, stat_value4, stat_type5, stat_value5, stat_type6, stat_value6, stat_type7, stat_value7, stat_type8, stat_value8, stat_type9,\n stat_value9, stat_type10, stat_value10, dmg_min1, dmg_max1, dmg_type1, dmg_min2, dmg_max2, dmg_type2, armor, holy_res, fire_res, nature_res, frost_res, shadow_res, arcane_res, delay, ammo_type,\n RangedModRange, spellid_1, spelltrigger_1, spellcharges_1, spellppmRate_1, spellcooldown_1, spellcategory_1, spellcategorycooldown_1,\n spellid_2, spelltrigger_2, spellcharges_2, spellppmRate_2, spellcooldown_2, spellcategory_2, spellcategorycooldown_2, spellid_3, spelltrigger_3, spellcharges_3, spellppmRate_3, spellcooldown_3, spellcategory_3, spellcategorycooldown_3,\n spellid_4, spelltrigger_4, spellcharges_4, spellppmRate_4, spellcooldown_4, spellcategory_4, spellcategorycooldown_4, spellid_5, spelltrigger_5, spellcharges_5, spellppmRate_5, spellcooldown_5, spellcategory_5, spellcategorycooldown_5,\n bonding, description, PageText, LanguageID, PageMaterial, startquest, lockid, Material, sheath, RandomProperty, block, itemset, MaxDurability, area, BagFamily, Map, ScriptName, DisenchantID,RequiredDisenchantSkill,\n ArmorDamageModifier,unk0,RandomSuffix,TotemCategory, socketColor_1, socketContent_1, socketColor_2, socketContent_2, socketColor_3, socketContent_3, socketBonus, GemProperties)\n VALUES ('{$entry}', '{$class}', '{$subclass}', '{$name}','{$displayid}', '{$Quality}', '{$Flags}', '{$BuyCount}', '{$BuyPrice}', '{$SellPrice}', '{$InventoryType}', '{$AllowableClass}', '{$AllowableRace}', '{$ItemLevel}', '{$RequiredLevel}',\n '{$RequiredSkill}', '{$RequiredSkillRank}', '{$requiredspell}', '{$requiredhonorrank}', '{$RequiredCityRank}', '{$RequiredReputationFaction}', '{$RequiredReputationRank}', '{$maxcount}', '{$stackable}', '{$ContainerSlots}', '{$stat_type1}',\n '{$stat_value1}', '{$stat_type2}', '{$stat_value2}', '{$stat_type3}', '{$stat_value3}', '{$stat_type4}', '{$stat_value4}', '{$stat_type5}', '{$stat_value5}', '{$stat_type6}', '{$stat_value6}', '{$stat_type7}', '{$stat_value7}', '{$stat_type8}', '{$stat_value8}',\n '{$stat_type9}', '{$stat_value9}', '{$stat_type10}', '{$stat_value10}', '{$dmg_min1}', '{$dmg_max1}', '{$dmg_type1}', '{$dmg_min2}', '{$dmg_max2}', '{$dmg_type2}', '{$armor}', '{$holy_res}', '{$fire_res}', '{$nature_res}', '{$frost_res}', '{$shadow_res}', '{$arcane_res}', '{$delay}', '{$ammo_type}', '{$RangedModRange}', '{$spellid_1}', '{$spelltrigger_1}', '{$spellcharges_1}', '{$spellppmRate_1}', '{$spellcooldown_1}',\n '{$spellcategory_1}', '{$spellcategorycooldown_1}', '{$spellid_2}', '{$spelltrigger_2}', '{$spellcharges_2}', '{$spellppmRate_2}', '{$spellcooldown_2}', '{$spellcategory_2}', '{$spellcategorycooldown_2}', '{$spellid_3}', '{$spelltrigger_3}', '{$spellcharges_3}', '{$spellppmRate_3}',\n '{$spellcooldown_3}', '{$spellcategory_3}', '{$spellcategorycooldown_3}', '{$spellid_4}', '{$spelltrigger_4}', '{$spellcharges_4}', '{$spellppmRate_4}', '{$spellcooldown_4}', '{$spellcategory_4}', '{$spellcategorycooldown_4}', '{$spellid_5}', '{$spelltrigger_5}',\n '{$spellcharges_5}', '{$spellppmRate_5}', '{$spellcooldown_5}', '{$spellcategory_5}', '{$spellcategorycooldown_5}', '{$bonding}', '{$description}', '{$PageText}', '{$LanguageID}', '{$PageMaterial}', '{$startquest}', '{$lockid}', '{$Material}', '{$sheath}', '{$RandomProperty}', '{$block}',\n '{$itemset}', '{$MaxDurability}', '{$area}', '{$BagFamily}', '{$Map}', '{$ScriptName}', '{$DisenchantID}', '{$RequiredDisenchantSkill}','{$ArmorDamageModifier}','{$unk0}','{$RandomSuffix}', '{$TotemCategory}', '{$socketColor_1}', '{$socketContent_1}', '{$socketColor_2}',\n '{$socketContent_2}', '{$socketColor_3}', '{$socketContent_3}', '{$socketBonus}', '{$GemProperties}')"; } elseif ($_POST['type'] == "edit") { $sql_query = "UPDATE item_template SET "; $result = $sql->query("SELECT `item_template`.`entry`,`class`,`subclass`,`unk0`,IFNULL(" . ($deplang != 0 ? "name_loc{$deplang}" : "NULL") . ",`name`) as name,`displayid`,`Quality`,`Flags`,`BuyCount`,`BuyPrice`,`SellPrice`,`InventoryType`,`AllowableClass`,`AllowableRace`,`ItemLevel`,`RequiredLevel`,`RequiredSkill`,`RequiredSkillRank`,`requiredspell`,`requiredhonorrank`,`RequiredCityRank`,`RequiredReputationFaction`,`RequiredReputationRank`,`maxcount`,`stackable`,`ContainerSlots`,`stat_type1`,`stat_value1`,`stat_type2`,`stat_value2`,`stat_type3`,`stat_value3`,`stat_type4`,`stat_value4`,`stat_type5`,`stat_value5`,`stat_type6`,`stat_value6`,`stat_type7`,`stat_value7`,`stat_type8`,`stat_value8`,`stat_type9`,`stat_value9`,`stat_type10`,`stat_value10`,`dmg_min1`,`dmg_max1`,`dmg_type1`,`dmg_min2`,`dmg_max2`,`dmg_type2`,`armor`,`holy_res`,`fire_res`,`nature_res`,`frost_res`,`shadow_res`,`arcane_res`,`delay`,`ammo_type`,`RangedModRange`,`spellid_1`,`spelltrigger_1`,`spellcharges_1`,`spellppmRate_1`,`spellcooldown_1`,`spellcategory_1`,`spellcategorycooldown_1`,`spellid_2`,`spelltrigger_2`,`spellcharges_2`,`spellppmRate_2`,`spellcooldown_2`,`spellcategory_2`,`spellcategorycooldown_2`,`spellid_3`,`spelltrigger_3`,`spellcharges_3`,`spellppmRate_3`,`spellcooldown_3`,`spellcategory_3`,`spellcategorycooldown_3`,`spellid_4`,`spelltrigger_4`,`spellcharges_4`,`spellppmRate_4`,`spellcooldown_4`,`spellcategory_4`,`spellcategorycooldown_4`,`spellid_5`,`spelltrigger_5`,`spellcharges_5`,`spellppmRate_5`,`spellcooldown_5`,`spellcategory_5`,`spellcategorycooldown_5`,`bonding`,`description`,`PageText`,`LanguageID`,`PageMaterial`,`startquest`,`lockid`,`Material`,`sheath`,`RandomProperty`,`RandomSuffix`,`block`,`itemset`,`MaxDurability`,`area`,`Map`,`BagFamily`,`TotemCategory`,`socketColor_1`,`socketContent_1`,`socketColor_2`,`socketContent_2`,`socketColor_3`,`socketContent_3`,`socketBonus`,`GemProperties`,`RequiredDisenchantSkill`,`ArmorDamageModifier`,`ScriptName`,`DisenchantID`,`FoodType`,`minMoneyLoot`,`maxMoneyLoot` FROM item_template LEFT JOIN locales_item ON item_template.entry = locales_item.entry WHERE item_template.entry = '{$entry}'"); if ($item_templ = $sql->fetch_assoc($result)) { if ($item_templ['class'] != $class) { $sql_query .= "class='{$class}',"; } if ($item_templ['subclass'] != $subclass) { $sql_query .= "subclass='{$subclass}',"; } if ($item_templ['name'] != $name) { $sql_query .= "name='{$name}',"; } if ($item_templ['displayid'] != $displayid) { $sql_query .= "displayid='{$displayid}',"; } if ($item_templ['Quality'] != $Quality) { $sql_query .= "Quality='{$Quality}',"; } if ($item_templ['Flags'] != $Flags) { $sql_query .= "Flags='{$Flags}',"; } if ($item_templ['BuyCount'] != $BuyCount) { $sql_query .= "BuyCount='{$BuyCount}',"; } if ($item_templ['BuyPrice'] != $BuyPrice) { $sql_query .= "BuyPrice='{$BuyPrice}',"; } if ($item_templ['SellPrice'] != $SellPrice) { $sql_query .= "SellPrice='{$SellPrice}',"; } if ($item_templ['InventoryType'] != $InventoryType) { $sql_query .= "InventoryType='{$InventoryType}',"; } if ($item_templ['AllowableClass'] != $AllowableClass) { $sql_query .= "AllowableClass='{$AllowableClass}',"; } if ($item_templ['AllowableRace'] != $AllowableRace) { $sql_query .= "AllowableRace='{$AllowableRace}',"; } if ($item_templ['ItemLevel'] != $ItemLevel) { $sql_query .= "ItemLevel='{$ItemLevel}',"; } if ($item_templ['RequiredLevel'] != $RequiredLevel) { $sql_query .= "RequiredLevel='{$RequiredLevel}',"; } if ($item_templ['RequiredSkill'] != $RequiredSkill) { $sql_query .= "RequiredSkill='{$RequiredSkill}',"; } if ($item_templ['RequiredSkillRank'] != $RequiredSkillRank) { $sql_query .= "RequiredSkillRank='{$RequiredSkillRank}',"; } if ($item_templ['requiredspell'] != $requiredspell) { $sql_query .= "requiredspell='{$requiredspell}',"; } if ($item_templ['requiredhonorrank'] != $requiredhonorrank) { $sql_query .= "requiredhonorrank='{$requiredhonorrank}',"; } if ($item_templ['RequiredCityRank'] != $RequiredCityRank) { $sql_query .= "RequiredCityRank='{$RequiredCityRank}',"; } if ($item_templ['RequiredReputationFaction'] != $RequiredReputationFaction) { $sql_query .= "RequiredReputationFaction='{$RequiredReputationFaction}',"; } if ($item_templ['RequiredReputationRank'] != $RequiredReputationRank) { $sql_query .= "RequiredReputationRank='{$RequiredReputationRank}',"; } if ($item_templ['maxcount'] != $maxcount) { $sql_query .= "maxcount='{$maxcount}',"; } if ($item_templ['stackable'] != $stackable) { $sql_query .= "stackable='{$stackable}',"; } if ($item_templ['ContainerSlots'] != $ContainerSlots) { $sql_query .= "ContainerSlots='{$ContainerSlots}',"; } if ($item_templ['stat_type1'] != $stat_type1) { $sql_query .= "stat_type1='{$stat_type1}',"; } if ($item_templ['stat_value1'] != $stat_value1) { $sql_query .= "stat_value1='{$stat_value1}',"; } if ($item_templ['stat_type2'] != $stat_type2) { $sql_query .= "stat_type2='{$stat_type2}',"; } if ($item_templ['stat_value2'] != $stat_value2) { $sql_query .= "stat_value2='{$stat_value2}',"; } if ($item_templ['stat_type3'] != $stat_type3) { $sql_query .= "stat_type3='{$stat_type3}',"; } if ($item_templ['stat_value3'] != $stat_value3) { $sql_query .= "stat_value3='{$stat_value3}',"; } if ($item_templ['stat_type4'] != $stat_type4) { $sql_query .= "stat_type4='{$stat_type4}',"; } if ($item_templ['stat_value4'] != $stat_value4) { $sql_query .= "stat_value4='{$stat_value4}',"; } if ($item_templ['stat_type5'] != $stat_type5) { $sql_query .= "stat_type5='{$stat_type5}',"; } if ($item_templ['stat_value5'] != $stat_value5) { $sql_query .= "stat_value5='{$stat_value5}',"; } if ($item_templ['stat_type6'] != $stat_type6) { $sql_query .= "stat_type6='{$stat_type6}',"; } if ($item_templ['stat_value6'] != $stat_value6) { $sql_query .= "stat_value6='{$stat_value6}',"; } if ($item_templ['stat_type7'] != $stat_type7) { $sql_query .= "stat_type7='{$stat_type7}',"; } if ($item_templ['stat_value7'] != $stat_value7) { $sql_query .= "stat_value7='{$stat_value7}',"; } if ($item_templ['stat_type8'] != $stat_type8) { $sql_query .= "stat_type8='{$stat_type8}',"; } if ($item_templ['stat_value8'] != $stat_value8) { $sql_query .= "stat_value8='{$stat_value8}',"; } if ($item_templ['stat_type9'] != $stat_type9) { $sql_query .= "stat_type9='{$stat_type9}',"; } if ($item_templ['stat_value9'] != $stat_value9) { $sql_query .= "stat_value9='{$stat_value9}',"; } if ($item_templ['stat_type10'] != $stat_type10) { $sql_query .= "stat_type10='{$stat_type10}',"; } if ($item_templ['stat_value10'] != $stat_value10) { $sql_query .= "stat_value10='{$stat_value10}',"; } if ($item_templ['dmg_min1'] != $dmg_min1) { $sql_query .= "dmg_min1='{$dmg_min1}',"; } if ($item_templ['dmg_max1'] != $dmg_max1) { $sql_query .= "dmg_max1='{$dmg_max1}',"; } if ($item_templ['dmg_type1'] != $dmg_type1) { $sql_query .= "dmg_type1='{$dmg_type1}',"; } if ($item_templ['dmg_min2'] != $dmg_min2) { $sql_query .= "dmg_min2='{$dmg_min2}',"; } if ($item_templ['dmg_max2'] != $dmg_max2) { $sql_query .= "dmg_max2='{$dmg_max2}',"; } if ($item_templ['dmg_type2'] != $dmg_type2) { $sql_query .= "dmg_type2='{$dmg_type2}',"; } if ($item_templ['armor'] != $armor) { $sql_query .= "armor='{$armor}',"; } if ($item_templ['holy_res'] != $holy_res) { $sql_query .= "holy_res='{$holy_res}',"; } if ($item_templ['fire_res'] != $fire_res) { $sql_query .= "fire_res='{$fire_res}',"; } if ($item_templ['nature_res'] != $nature_res) { $sql_query .= "nature_res='{$nature_res}',"; } if ($item_templ['frost_res'] != $frost_res) { $sql_query .= "frost_res='{$frost_res}',"; } if ($item_templ['shadow_res'] != $shadow_res) { $sql_query .= "shadow_res='{$shadow_res}',"; } if ($item_templ['arcane_res'] != $arcane_res) { $sql_query .= "arcane_res='{$arcane_res}',"; } if ($item_templ['delay'] != $delay) { $sql_query .= "delay='{$delay}',"; } if ($item_templ['ammo_type'] != $ammo_type) { $sql_query .= "ammo_type='{$ammo_type}',"; } if ($item_templ['RangedModRange'] != $RangedModRange) { $sql_query .= "RangedModRange='{$RangedModRange}',"; } if ($item_templ['spellid_1'] != $spellid_1) { $sql_query .= "spellid_1='{$spellid_1}',"; } if ($item_templ['spelltrigger_1'] != $spelltrigger_1) { $sql_query .= "spelltrigger_1='{$spelltrigger_1}',"; } if ($item_templ['spellcharges_1'] != $spellcharges_1) { $sql_query .= "spellcharges_1='{$spellcharges_1}',"; } if ($item_templ['spellppmRate_1'] != $spellppmRate_1) { $sql_query .= "spellppmRate_1='{$spellppmRate_1}',"; } if ($item_templ['spellcooldown_1'] != $spellcooldown_1) { $sql_query .= "spellcooldown_1='{$spellcooldown_1}',"; } if ($item_templ['spellcategory_1'] != $spellcategory_1) { $sql_query .= "spellcategory_1='{$spellcategory_1}',"; } if ($item_templ['spellcategorycooldown_1'] != $spellcategorycooldown_1) { $sql_query .= "spellcategorycooldown_1='{$spellcategorycooldown_1}',"; } if ($item_templ['spellid_2'] != $spellid_2) { $sql_query .= "spellid_2='{$spellid_2}',"; } if ($item_templ['spelltrigger_2'] != $spelltrigger_2) { $sql_query .= "spelltrigger_2='{$spelltrigger_2}',"; } if ($item_templ['spellcharges_2'] != $spellcharges_2) { $sql_query .= "spellcharges_2='{$spellcharges_2}',"; } if ($item_templ['spellppmRate_2'] != $spellppmRate_2) { $sql_query .= "spellppmRate_2='{$spellppmRate_2}',"; } if ($item_templ['spellcooldown_2'] != $spellcooldown_2) { $sql_query .= "spellcooldown_2='{$spellcooldown_2}',"; } if ($item_templ['spellcategory_2'] != $spellcategory_2) { $sql_query .= "spellcategory_2='{$spellcategory_2}',"; } if ($item_templ['spellcategorycooldown_2'] != $spellcategorycooldown_2) { $sql_query .= "spellcategorycooldown_2='{$spellcategorycooldown_2}',"; } if ($item_templ['spellid_3'] != $spellid_3) { $sql_query .= "spellid_3='{$spellid_3}',"; } if ($item_templ['spelltrigger_3'] != $spelltrigger_3) { $sql_query .= "spelltrigger_3='{$spelltrigger_3}',"; } if ($item_templ['spellcharges_3'] != $spellcharges_3) { $sql_query .= "spellcharges_3='{$spellcharges_3}',"; } if ($item_templ['spellppmRate_3'] != $spellppmRate_3) { $sql_query .= "spellppmRate_3='{$spellppmRate_3}',"; } if ($item_templ['spellcooldown_3'] != $spellcooldown_3) { $sql_query .= "spellcooldown_3='{$spellcooldown_3}',"; } if ($item_templ['spellcategory_3'] != $spellcategory_3) { $sql_query .= "spellcategory_3='{$spellcategory_3}',"; } if ($item_templ['spellcategorycooldown_3'] != $spellcategorycooldown_3) { $sql_query .= "spellcategorycooldown_3='{$spellcategorycooldown_3}',"; } if ($item_templ['spellid_4'] != $spellid_4) { $sql_query .= "spellid_4='{$spellid_4}',"; } if ($item_templ['spelltrigger_4'] != $spelltrigger_4) { $sql_query .= "spelltrigger_4='{$spelltrigger_4}',"; } if ($item_templ['spellcharges_4'] != $spellcharges_4) { $sql_query .= "spellcharges_4='{$spellcharges_4}',"; } if ($item_templ['spellppmRate_4'] != $spellppmRate_4) { $sql_query .= "spellppmRate_4='{$spellppmRate_4}',"; } if ($item_templ['spellcooldown_4'] != $spellcooldown_4) { $sql_query .= "spellcooldown_4='{$spellcooldown_4}',"; } if ($item_templ['spellcategory_4'] != $spellcategory_4) { $sql_query .= "spellcategory_4='{$spellcategory_4}',"; } if ($item_templ['spellcategorycooldown_4'] != $spellcategorycooldown_4) { $sql_query .= "spellcategorycooldown_4='{$spellcategorycooldown_4}', "; } if ($item_templ['spellid_5'] != $spellid_5) { $sql_query .= "spellid_5='{$spellid_5}',"; } if ($item_templ['spelltrigger_5'] != $spelltrigger_5) { $sql_query .= "spelltrigger_5='{$spelltrigger_5}',"; } if ($item_templ['spellcharges_5'] != $spellcharges_5) { $sql_query .= "spellcharges_5='{$spellcharges_5}',"; } if ($item_templ['spellppmRate_5'] != $spellppmRate_5) { $sql_query .= "spellppmRate_5='{$spellppmRate_5}',"; } if ($item_templ['spellcooldown_5'] != $spellcooldown_5) { $sql_query .= "spellcooldown_5='{$spellcooldown_5}',"; } if ($item_templ['spellcategory_5'] != $spellcategory_5) { $sql_query .= "spellcategory_5='{$spellcategory_5}',"; } if ($item_templ['spellcategorycooldown_5'] != $spellcategorycooldown_5) { $sql_query .= "spellcategorycooldown_5='{$spellcategorycooldown_5}',"; } if ($item_templ['bonding'] != $bonding) { $sql_query .= "bonding='{$bonding}',"; } if ($item_templ['description'] != $description) { $sql_query .= "description='{$description}',"; } if ($item_templ['PageText'] != $PageText) { $sql_query .= "PageText='{$PageText}',"; } if ($item_templ['LanguageID'] != $LanguageID) { $sql_query .= "LanguageID='{$LanguageID}',"; } if ($item_templ['PageMaterial'] != $PageMaterial) { $sql_query .= "PageMaterial='{$PageMaterial}',"; } if ($item_templ['startquest'] != $startquest) { $sql_query .= "startquest='{$startquest}',"; } if ($item_templ['lockid'] != $lockid) { $sql_query .= "lockid='{$lockid}',"; } if ($item_templ['Material'] != $Material) { $sql_query .= "Material='{$Material}',"; } if ($item_templ['sheath'] != $sheath) { $sql_query .= "sheath='{$sheath}',"; } if ($item_templ['RandomProperty'] != $RandomProperty) { $sql_query .= "RandomProperty='{$RandomProperty}',"; } if ($item_templ['block'] != $block) { $sql_query .= "block='{$block}',"; } if ($item_templ['itemset'] != $itemset) { $sql_query .= "itemset='{$itemset}',"; } if ($item_templ['MaxDurability'] != $MaxDurability) { $sql_query .= "MaxDurability='{$MaxDurability}',"; } if ($item_templ['area'] != $area) { $sql_query .= "area='{$area}',"; } if ($item_templ['BagFamily'] != $BagFamily) { $sql_query .= "BagFamily='{$BagFamily}',"; } if ($item_templ['Map'] != $Map) { $sql_query .= "Map='{$Map}',"; } if ($item_templ['ScriptName'] != $ScriptName) { $sql_query .= "ScriptName='{$ScriptName}',"; } if ($item_templ['DisenchantID'] != $DisenchantID) { $sql_query .= "DisenchantID='{$DisenchantID}',"; } if ($item_templ['RequiredDisenchantSkill'] != $RequiredDisenchantSkill) { $sql_query .= "RequiredDisenchantSkill='{$RequiredDisenchantSkill}',"; } if ($item_templ['ArmorDamageModifier'] != $ArmorDamageModifier) { $sql_query .= "ArmorDamageModifier='{$ArmorDamageModifier}',"; } if ($item_templ['unk0'] != $unk0) { $sql_query .= "unk0='{$unk0}',"; } if ($item_templ['RandomSuffix'] != $RandomSuffix) { $sql_query .= "RandomSuffix='{$RandomSuffix}',"; } if ($item_templ['TotemCategory'] != $TotemCategory) { $sql_query .= "TotemCategory='{$TotemCategory}',"; } if ($item_templ['socketColor_1'] != $socketColor_1) { $sql_query .= "socketColor_1='{$socketColor_1}',"; } if ($item_templ['socketContent_1'] != $socketContent_1) { $sql_query .= "socketContent_1='{$socketContent_1}',"; } if ($item_templ['socketColor_2'] != $socketColor_2) { $sql_query .= "socketColor_2='{$socketColor_2}',"; } if ($item_templ['socketContent_2'] != $socketContent_2) { $sql_query .= "socketContent_2='{$socketContent_2}',"; } if ($item_templ['socketColor_3'] != $socketColor_3) { $sql_query .= "socketColor_3='{$socketColor_3}',"; } if ($item_templ['socketContent_3'] != $socketContent_3) { $sql_query .= "socketContent_3='{$socketContent_3}',"; } if ($item_templ['socketBonus'] != $socketBonus) { $sql_query .= "socketBonus='{$socketBonus}',"; } if ($item_templ['GemProperties'] != $GemProperties) { $sql_query .= "GemProperties='{$GemProperties}',"; } $sql->free_result($result); unset($item_templ); if ($sql_query == "UPDATE item_template SET " && !$de_item && !$del_de_items) { $sql->close(); redirect("item.php?action=edit&entry={$entry}&error=6"); } else { if ($sql_query != "UPDATE item_template SET ") { $sql_query[strlen($sql_query) - 1] = " "; $sql_query .= " WHERE entry = '{$entry}';\n"; } else { $sql_query = ""; } } if ($de_item) { $sql_query .= "INSERT INTO disenchant_loot_template (entry, item, ChanceOrQuestChance, `groupid`, mincountOrRef, maxcount, lootcondition, condition_value1, condition_value2)\n VALUES ({$DisenchantID},{$de_item},'{$de_ChanceOrQuestChance}', '{$de_groupid}' ,{$de_mincountOrRef} ,{$de_maxcount} ,{$de_lootcondition} ,{$de_condition_value1} ,{$de_condition_value2});\n"; } if ($del_de_items) { foreach ($del_de_items as $item_id) { $sql_query .= "DELETE FROM disenchant_loot_template WHERE entry = {$DisenchantID} AND item = {$item_id};\n"; } } } else { $sql->close(); redirect("item.php?error=5"); } } else { $sql->close(); redirect("item.php?error=5"); } if (isset($_POST['backup_op']) && $_POST['backup_op'] == 1) { $sql->close(); Header("Content-type: application/octet-stream"); Header("Content-Disposition: attachment; filename=itemid_{$entry}.sql"); echo $sql_query; exit; } else { $sql_query = explode(';', $sql_query); foreach ($sql_query as $tmp_query) { if ($tmp_query && $tmp_query != "\n") { $result = $sql->query($tmp_query); } } $sql->close(); } if ($result) { redirect("item.php?action=edit&entry={$entry}&error=4"); } else { redirect("item.php"); } }
function run_sql_script($dbhost, $dbuser, $dbpass, $dbname, $path, $unlink) { global $lang_global; $fp = fopen($path, 'r') or die(error("Couldn't Open File!")); $sql_1 = new SQL(); $sql_1->connect($dbhost, $dbuser, $dbpass, $dbname); $query = ""; $queries = 0; $linenumber = 0; $inparents = false; while (!feof($fp)) { $dumpline = ""; while (!feof($fp) && substr($dumpline, -1) != "\n") { $dumpline .= fgets($fp, 16384); } $dumpline = ereg_replace("\r\n\$", "\n", $dumpline); $dumpline = ereg_replace("\r\$", "\n", $dumpline); if (!$inparents) { $skipline = false; if (!$inparents && (trim($dumpline) == "" || strpos($dumpline, '#') === 0 || strpos($dumpline, '-- ') === 0)) { $skipline = true; } if ($skipline) { $linenumber++; continue; } } $dumpline_deslashed = str_replace("\\\\", "", $dumpline); $parents = substr_count($dumpline_deslashed, "'") - substr_count($dumpline_deslashed, "\\'"); if ($parents % 2 != 0) { $inparents = !$inparents; } $query .= $dumpline; if (ereg(";\$", trim($dumpline)) && !$inparents) { if (!$sql_1->query(trim($query))) { fclose($fp); if ($unlink) { unlink($path); } $err = ereg_replace("\n", "", $sql_1->error()); $err = ereg_replace("\r\n\$", "", $err); $err = ereg_replace("\r\$", "", $err); error("SQL Error at the line: {$linenumber} in {$path} <br /> {$err}"); break; } $queries++; $query = ""; } $linenumber++; } $sql_1->close(); fclose($fp); return $queries; }
function forum_move_topic(&$sqlm) { global $forum_skeleton, $forum_lang, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (!isset($_GET['id'])) { error($forum_lang['no_such_topic']); } else { $id = $sqlm->quote_smart($_GET['id']); } $topic = $sqlm->query(' SELECT id, topic, authorid, forum, name FROM mm_forum_posts WHERE id = ' . $id . ''); if ($sqlm->num_rows($topic) == 0) { error($forum_lang['no_such_topic']); } $topic = $sqlm->fetch_assoc($topic); if ($user_lvl == 0) { error($forum_lang['no_access']); } $fid = $topic['forum']; $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category['forums'] as $fid_ => $forum) { if ($fid_ == $fid) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]['forums'][$fid])) { // No such forum.. error($forum_lang['no_such_forum']); } $forum = $forum_skeleton[$cat]["forums"][$fid]; $output .= ' <div class="top"> <h1>' . $forum_lang['forums'] . '</h1> </div> <center> <table class="flat"> <tr> <td align="left"> <a href="forum.php">' . $forum_lang['forum_index'] . '</a> -> <a href="forum.php?action=view_forum&id=' . $fid . '">' . $forum['name'] . '</a> -> <a href="forum.php?action=view_topic&id=' . $topic['topic'] . '">' . $topic['name'] . '</a> -> ' . $forum_lang["move"] . '! </td> </tr> </table> <table class="lined"> <tr> <td>' . $forum_lang['where'] . ' : <form action="forum.php?action=do_move_topic" method="POST" name="form"> <select name="forum">'; foreach ($forum_skeleton as $category) { foreach ($category['forums'] as $fid_ => $forum) { if ($fid_ != $fid) { $output .= ' <option value=' . $fid_ . '>' . $forum['name'] . '</option>'; } else { $output .= ' <option value=' . $fid_ . ' selected>' . $forum['name'] . '</option>'; } } } $output .= ' </select> <input type="hidden" name="id" value="' . $id . '"> </form> </td> </tr> </table> <table class="hidden"> <tr> <td>'; makebutton($forum_lang['back'], "javascript:window.history.back()", 120); makebutton($forum_lang['confirm'], "javascript:do_submit()", 120); $output .= ' </td> </tr> </table> </center>'; $sqlm->close(); // Queries : 1 }
function forum_index(&$sqlr, &$sqlm) { global $enablesidecheck, $forum_skeleton, $forum_lang, $user_lvl, $output, $realm_db, $mmfpm_db; if ($enablesidecheck) { $side = get_side(); } $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $result = $sqlm->query(' SELECT authorname, id, name, time, forum FROM mm_forum_posts WHERE id IN (SELECT MAX(id) FROM mm_forum_posts GROUP BY forum) ORDER BY forum;'); $lasts = array(); if ($sqlm->num_rows($result) > 0) { while ($row = $sqlm->fetch_assoc($result)) { $lasts[$row['forum']] = $row; } } $output .= ' <div class="top"> <h1>' . $forum_lang['forums'] . '</h1> </div> <center> <fieldset> <legend><a href="forum.php">' . $forum_lang['forum_index'] . '</a></legend> <table class="lined">'; $cid = $sqlm->query(' SELECT category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_categories'); while ($category = $sqlm->fetch_assoc($cid)) { if ($category['level_read'] > $user_lvl) { continue; } if ($user_lvl == 0 && $enablesidecheck) { if ($category['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($category['side_access'] != $side) { // Forumside different of the user side continue; } } } } $output .= ' <tr> <th class="head" align="left">' . $category['name'] . '<br />' . $category['description'] . '</th> <th class="head">' . $forum_lang['topics'] . '</th> <th class="head">' . $forum_lang['replies'] . '</th> <th class="head" align="right">' . $forum_lang['last_post'] . '</th> </tr>'; $fid = $sqlm->query(' SELECT forum, category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_forums WHERE category = ' . $category['category'] . ''); while ($forum = $sqlm->fetch_assoc($fid)) { if ($forum['level_read'] > $user_lvl) { continue; } if ($user_lvl == 0 && $enablesidecheck) { if ($forum['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum['side_access'] != $side) { // Forumside different of the user side continue; } } } } $totaltopics = $sqlm->query(' SELECT id FROM mm_forum_posts WHERE forum = ' . $forum['forum'] . ' AND id = topic'); $numtopics = $sqlm->num_rows($totaltopics); $totalreplies = $sqlm->query(' SELECT id FROM mm_forum_posts WHERE forum = ' . $forum['forum'] . ''); $numreplies = $sqlm->num_rows($totalreplies); $output .= ' <tr> <td align="left"><a href="forum.php?action=view_forum&id=' . $forum['forum'] . '">' . $forum['name'] . '</a><br />' . $forum['description'] . '</td> <td>' . $numtopics . '</td> <td>' . $numreplies . '</td>'; if (isset($lasts[$forum['forum']])) { $lasts[$forum['forum']]['name'] = htmlspecialchars($lasts[$forum['forum']]['name']); $output .= ' <td align="right"> <a href="forum.php?action=view_topic&postid=' . $lasts[$forum['forum']]['id'] . '">' . $lasts[$forum['forum']]['name'] . '</a> <br />by ' . $lasts[$forum['forum']]['authorname'] . ' <br /> ' . $lasts[$forum['forum']]['time'] . ' </td> </tr>'; } else { $output .= ' <td align="right">' . $forum_lang['no_topics'] . '</td> </tr>'; } } } $output .= ' <tr> <td align="right" class="hidden"></td> </tr> </table> </fieldset> </center> <br/>'; $sqlm->close(); // Queries : 1 }
function docleanup() { global $lang_cleanup, $lang_global, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $tab_del_user_characters, $tab_del_user_characters_trinity, $tab_del_user_realmd; if ($server_type) { $tab_del_user_characters = $tab_del_user_characters_trinity; } if (!isset($_POST['type']) || $_POST['type'] === '') { redirect("cleanup.php?error=1"); } $sql = new SQL(); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $type = $sql->quote_smart($_POST['type']); if (isset($_POST['check']) && $_POST['check'] != '') { $check = $sql->quote_smart($_POST['check']); $check = explode('-', $check); } else { redirect("cleanup.php?error=1"); } $deleted_acc = 0; $deleted_chars = 0; $deleted_gulds = 0; require_once "./libs/del_lib.php"; switch ($type) { //we deleting account array case "acc": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { list($flag, $del_char) = del_acc($check[$i]); if ($flag) { $deleted_acc++; $deleted_chars += $del_char; } } } break; //we deleting character array //we deleting character array case "char": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { if (del_char($check[$i], $realm_id)) { $deleted_chars++; } } } break; //cleaning guilds //cleaning guilds case "guild": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { if (del_guild($check[$i], $realm_id)) { $deleted_gulds++; } } } break; //cleaning arena teams //cleaning arena teams case "arenateam": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { if (del_arenateam($check[$i], $realm_id)) { $deleted_arenateams++; } } } break; default: redirect("cleanup.php?error=1"); } $sql->close(); unset($sql); $output .= "<center>"; if ($type == "guild") { if (!$deleted_gulds) { $output .= "<h1><font class=\"error\">{$lang_cleanup['no_guilds_del']}</font></h1>"; } else { $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_gulds}</font> {$lang_cleanup['guilds_deleted']}</font></h1>"; } } else { if ($type == "arenateam") { if (!$deleted_arenateams) { $output .= "<h1><font class=\"error\">{$lang_cleanup['no_arenateams_del']}</font></h1>"; } else { $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_arenateams}</font> {$lang_cleanup['arenateams_deleted']}</font></h1>"; } } else { if ($deleted_acc + $deleted_chars == 0) { $output .= "<h1><font class=\"error\">{$lang_cleanup['no_acc_chars_deleted']}</font></h1>"; } else { $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_acc}</font> {$lang_cleanup['accs_deleted']}</font></h1><br />"; $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_chars}</font> {$lang_cleanup['chars_deleted']}</font></h1>"; } } } $output .= "<br /><br />"; $output .= "<table class=\"hidden\">\r\n <tr><td>"; makebutton($lang_cleanup['back_cleaning'], "cleanup.php", 200); $output .= "</td></tr>\r\n </table><br /></center>"; }
function forum_do_edit_post(&$sqlm) { global $forum_lang, $user_lvl, $user_name, $user_id, $mmfpm_db; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //==========================$_POST and SECURE================================= if (!isset($_POST['forum'])) { error($forum_lang["no_such_forum"]); } else { $forum = $sqlm->quote_smart($_POST['forum']); } if (!isset($_POST['post'])) { error($forum_lang["no_such_post"]); } else { $post = $sqlm->quote_smart($_POST['post']); } if (!isset($_POST['name'])) { $topic = 0; } else { $topic = 1; // htmlspecialchars($_POST['name']); $name = $sqlm->quote_smart($_POST['name']); if (strlen($name) > 49) { $sqlm->close(); error($forum_lang["name_too_long"]); } if (strlen($name) < 5) { $sqlm->close(); error($forum_lang["name_too_short"]); } } // $_POST['msg'] = htmlspecialchars($_POST['msg']); $msg = trim($sqlm->quote_smart($_POST['msg']), " "); if (strlen($msg) < 5) { $sqlm->close(); error($forum_lang["msg_too_short"]); } //==========================$_POST and SECURE end============================== $msg = str_replace('\\n', '<br />', $msg); // $msg = str_replace('\r', '<br />', $msg); $result = $sqlm->query(' SELECT topic FROM mm_forum_posts WHERE id = ' . $post . ''); $topicid = $sqlm->fetch_assoc($result); $sqlm->query(' UPDATE mm_forum_posts SET text = \'' . $msg . '\' WHERE id = ' . $post . ''); if ($topic == 1) { $sqlm->query(' UPDATE mm_forum_posts SET name = \'' . $name . '\' WHERE topic = ' . $topicid['topic'] . ''); } $result = $sqlm->query(' SELECT topic FROM mm_forum_posts WHERE id = ' . $post . ''); $topicid = $sqlm->fetch_assoc($result); $sqlm->close(); redirect('forum.php?action=view_topic&id=' . $topicid['topic'] . ''); // Queries : 3 (+1 if topic) }
function forum_move_topic() { global $forum_skeleton, $forum_lang, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db; $mysql = new SQL(); $link = $mysql->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (!isset($_GET["id"])) { error($forum_lang["no_such_topic"]); } else { $id = $mysql->quote_smart($_GET["id"]); } $topic = $mysql->query("SELECT id,topic,authorid,forum, name FROM mm_forum_posts WHERE id = '{$id}';"); // 0 1 2 3 4 if ($mysql->num_rows($topic) == 0) { error($forum_lang["no_such_topic"]); } $topic = $mysql->fetch_row($topic); if ($user_lvl == 0) { error($forum_lang["no_access"]); } $fid = $topic[3]; $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category["forums"] as $fid_ => $forum) { if ($fid_ == $fid) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]["forums"][$fid])) { // No such forum.. error($forum_lang["no_such_forum"]); } $forum = $forum_skeleton[$cat]["forums"][$fid]; $output .= "<div class=\"top\"><h1>{$forum_lang["forums"]}</h1>{$forum_lang["you_are_here"]} : <a href=\"forum.php\">{$forum_lang["forum_index"]}</a> -> <a href=\"forum.php?action=view_forum&id={$fid}\">{$forum["name"]}</a> -> <a href=\"forum.php?action=view_topic&id={$topic[1]}\">{$topic[4]}</a> -> {$forum_lang["move"]}!</div><center><table class=\"lined\">\r\n <tr><td>{$forum_lang["where"]} : <form action=\"forum.php?action=do_move_topic\" method=\"POST\" name=\"form\"><select name=\"forum\">"; foreach ($forum_skeleton as $category) { foreach ($category["forums"] as $fid_ => $forum) { if ($fid_ != $fid) { $output .= "<option value='{$fid_}'>{$forum["name"]}</option>"; } else { $output .= "<option value='{$fid_}' selected>{$forum["name"]}</option>"; } } } $output .= "</select><input type=\"hidden\" name=\"id\" value=\"{$id}\" /></form></td></tr></table><table class=\"hidden\"><tr><td>"; makebutton($forum_lang["back"], "javascript:window.history.back()", 120); makebutton($forum_lang["confirm"], "javascript:do_submit()", 120); $output .= "</td></tr></table></center>"; $mysql->close(); // Queries : 1 }
if (!$order == "ASC") { $order = "DESC"; } $result = $sql->readStatement("SELECT * FROM `{$do}` ORDER BY `{$sort}` {$order} LIMIT " . $page * 5 . ", 5"); if ($result != null) { $i = 1; while ($row = mysqli_fetch_assoc($result)) { $resultName = $sql->readStatement("SELECT `username` FROM `players` WHERE `uuid`='" . $row["uuid"] . "' LIMIT 1"); $rowName = mysqli_fetch_assoc($resultName); echo "\n <div class='column column-{$i}'>\n <span class='title'>\n <img src='https://minotar.net/helm/" . $rowName["username"] . "/32.png' alt='" . $rowName["username"] . "'>\n <b>" . $rowName["username"] . "</b>\n </span><br>"; echo "<span>" . splitArray($row, "</span><hr><span>", true) . "</span>"; echo "\n </div>"; $i++; } } $sql->close(); ?> </div> <br> <form name="nav"> <select name="pageDrop" onChange="document.location.href='top.php?do=<?php echo $do; ?> &page='+document.nav.pageDrop.selectedIndex"> <?php for ($i = 0; $i < 10; $i++) { $selected = null; if ($page == $i) { $selected = " selected"; } echo "\n <option{$selected}>Page " . ($i + 1) . "</option>";
<?php if (!array_key_exists('HTTP_ORIGIN', $_SERVER)) { $_SERVER['HTTP_ORIGIN'] = $_SERVER['SERVER_NAME']; } try { require_once dirname(__FILE__) . "/classes/SQL.class.php"; require_once dirname(__FILE__) . "/api/v" . $_GET["v"] . "/API.php"; SQL::connect(); $API = new API($_REQUEST['request'], $_SERVER['HTTP_ORIGIN']); echo $API->processAPI(); SQL::close(); } catch (Exception $e) { echo json_encode(array('error' => $e->getMessage())); }
$twitter_url = '<a href="' . $get_twitter . '">' . $get_twitter . '</a>'; } else { $twitter_url = '<a href="http://twitter.com/' . $get_twitter . '">http://twitter.com/' . $get_twitter . '</a>'; } } if ($get_url == null) { $website = ''; } else { if (strpos($get_url, "http://") === 0 || strpos($get_url, "https://") === 0) { $website = '<a href="' . $get_url . '">' . $get_url . '</a>'; } else { $website = '<a href="http://' . $get_url . '">http://' . $get_url . '</a>'; } } } $dbf->close(); if ($_SESSION['current_userID'] == $get_userID) { if ($count_shout_more == 20) { echo '<li id="lastShout" class="right">'; } else { echo '<li class="right">'; } } else { if ($count_shout_more == 20) { echo '<li id="lastShout" class="left">'; } else { echo '<li class="left">'; } } echo '<a href="profile.php?id=' . $get_userID . '"><img class="avatar" alt="' . $get_username . '" src="' . get_avatar($avatar_type, $get_userID) . '"></a>'; echo '<span class="message"><span class="arrow"></span>';
function get_side() { global $user_id, $characters_db, $realm_id; $mysql2 = new SQL(); $mysql2->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $result = $mysql2->query("SELECT race FROM `characters` WHERE account = '{$user_id}';"); if (!$mysql2->num_rows($result)) { return "NO"; } $a = 0; $h = 0; while ($race = $mysql2->fetch_row($result)) { if ($race[0] == 1 || $race[0] == 3 || $race[0] == 4 || $race[0] == 7 || $race[0] == 11) { $a++; } else { if ($race[0] == 2 || $race[0] == 5 || $race[0] == 6 || $race[0] == 8 || $race[0] == 10) { $h++; } else { continue; } } } $mysql2->close(); if ($a != 0 && $h == 0) { return "A"; } else { if ($a == 0 && $h != 0) { return "H"; } else { return "NO"; } } $mysql2->close(); }
function delete_spwn() { global $world_db, $realm_id, $user_lvl, $action_permission; if ($user_lvl < $action_permission['delete']) { redirect("creature.php?error=9"); } if (isset($_GET['entry'])) { $entry = $_GET['entry']; } else { redirect("creature.php?error=1"); } $sql = new SQL(); $sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $result = $sql->query("SELECT guid FROM creature WHERE id = '{$entry}'"); while ($guid = $sql->fetch_row($result)) { $sql->query("DELETE FROM creature_movement WHERE id = '{$guid}'"); } $sql->query("DELETE FROM creature WHERE id = '{$entry}'"); $sql->close(); redirect("creature.php?action=edit&entry={$entry}&error=4"); }
function edit_user() { global $lang_edit, $lang_global, $output, $realm_db, $characters_db, $realm_id, $mmfpm_db, $user_name, $user_id, $lang_id_tab, $gm_level_arr, $ren_char, $total_points; mysql_connect($realm_db['addr'], $realm_db['user'], $realm_db['pass']); mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); $referred_by = mysql_fetch_row(mysql_query("SELECT `InvitedBy` FROM point_system_invites WHERE `PlayersAccount` = '{$user_name}';")); $referred_by = $referred_by[0]; $total_points = mysql_fetch_row(mysql_query("SELECT `points` FROM point_system WHERE `accountid` = '{$user_id}';")); $total_points = $total_points[0]; if ($total_points <= 0) { $total_points = (int) 0; } $datetime = date("Y-m-d H:i:s"); //################################################################################ ############################## // INVITE SYSTEM //################################################################################ ############################## $invite_points = 2; $write_invited = 1; mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); $rewarded = mysql_fetch_row(mysql_query("SELECT `Rewarded` FROM point_system_invites WHERE `PlayersAccount` = '{$user_name}';")); $rewarded = $rewarded[0]; if ($rewarded != NULL) { if ($rewarded == 0) { if ($referred_by != NULL) { mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); $total_points = mysql_fetch_row(mysql_query("SELECT `points` FROM point_system WHERE `accountid` = '{$user_id}';")); $total_points = $total_points[0]; if ($total_points == NULL) { $total_points = -1; } if ($total_points >= 0) { mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$user_id}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;")); if ($RightLevel[0] != NULL) { mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); mysql_query("UPDATE point_system SET `points` = ({$total_points} + {$write_invited}) WHERE `accountid` = '{$user_id}';"); mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Got {$write_invited} Points', '{$datetime}', 'For Writing a Reffer', 'Yes');"); mysql_query("UPDATE point_system_invites SET `Rewarded` = '1' WHERE `PlayersAccount` = '{$user_name}';"); $output .= "You Received {$write_invited} Points for Writing who invited you!<br>"; } } if ($total_points == -1) { mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$user_id}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;")); if ($RightLevel[0] != NULL) { mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); mysql_query("INSERT INTO point_system (`accountid`, `points`) VALUES ('{$user_id}', '{$write_invited}');"); mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Created {$write_invited} Points', '{$datetime}', 'For Writing a Reffer', 'Yes');"); mysql_query("UPDATE point_system_invites SET `Rewarded` = '1' WHERE `PlayersAccount` = '{$user_name}';"); $output .= "You Received {$write_invited} Points for Writing who invited you! (NEW)<br>"; } } } } } mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); $HasPoints = mysql_fetch_row(mysql_query("SELECT `PlayersAccount`,`Treated` FROM point_system_invites WHERE `InviterAccount` = '{$user_name}' AND `Treated` = 0 LIMIT 1;")); if ($HasPoints != NULL) { $HasPoint = $HasPoints[1]; $PlayersAccount = $HasPoints[0]; mysql_select_db($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $iIP = mysql_fetch_row(mysql_query("SELECT `last_ip` FROM account WHERE `username` = '{$PlayersAccount}';")); $pIP = mysql_fetch_row(mysql_query("SELECT `last_ip` FROM account WHERE `username` = '{$user_name}';")); if ($HasPoint != 1) { if ($iIP[0] != $pIP[0]) { mysql_select_db($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $PlayersAccountID = mysql_fetch_row(mysql_query("SELECT `id` FROM account WHERE `username` = '{$PlayersAccount}';")); $PlayersAccountID = $PlayersAccountID[0]; mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$PlayersAccountID}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;")); if ($user_id < $PlayersAccountID) { if ($RightLevel[0] != NULL) { $output .= "You received points for account {$PlayersAccount} who has a player level {$RightLevel['0']}<br>"; mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); $total_points = mysql_fetch_row(mysql_query("SELECT `points` FROM point_system WHERE `accountid` = '{$user_id}';")); $total_points = $total_points[0]; if ($total_points == NULL) { $total_points = -1; } if ($total_points >= 0) { mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); mysql_query("UPDATE point_system SET `points` = ({$total_points} + {$invite_points}) WHERE `accountid` = '{$user_id}';"); mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Added {$invite_points} Points', '{$datetime}', 'Invited {$PlayersAccount}', 'Yes');"); mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';"); $output .= "You Received {$invite_points} Points for Inviting a Friend, Good JOB!"; } if ($total_points == -1) { mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); mysql_query("INSERT INTO point_system (`accountid`, `points`) VALUES ('{$user_id}', '{$invite_points}');"); mysql_query("INSERT INTO point_system_requests (`username`, `request`, `date`, `code`, `treated`) VALUES ('{$user_name}', 'Created {$invite_points} Points', '{$datetime}', 'Invited {$PlayersAccount}', 'Yes');"); mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';"); $output .= "You Received {$invite_points} Points for Inviting a Friend, Good JOB! (NEW)"; } } else { mysql_select_db($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $RightLevel = mysql_fetch_row(mysql_query("SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED) AS `lvl` FROM `characters` WHERE account='{$PlayersAccountID}' AND (SELECT CAST(SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) AS UNSIGNED)) >= '45' ORDER BY `lvl` DESC LIMIT 1;")); mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';"); $output .= "Players you invited did not reach correct level for points"; if ($RightLevel != NULL) { mysql_query("UPDATE point_system_invites SET `Treated` = '0' WHERE `PlayersAccount` = '{$PlayersAccount}';"); } } } else { $output .= "Inviter is older than you"; mysql_select_db($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass']); mysql_query("UPDATE point_system_invites SET `Treated` = '1' WHERE `PlayersAccount` = '{$PlayersAccount}';"); } } else { $output .= "Same comp Same IP"; } } else { $output .= "All invite points has been treated"; } } else { $output .= "No New Points to add"; } //################################################################################ ############################## // PRINT //################################################################################ ############################## $sql = new SQL(); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $result = $sql->query("SELECT email,gmlevel,joindate,expansion FROM account WHERE username ='******'"); if ($acc = $sql->fetch_row($result)) { require_once "scripts/id_tab.php"; $output .= "<center>\r\n <script type=\"text/javascript\" src=\"js/sha1.js\"></script>\r\n <script type=\"text/javascript\">\r\n function do_submit_data () {\r\n document.form.pass.value = hex_sha1('" . strtoupper($user_name) . ":'+document.form.user_pass.value.toUpperCase());\r\n document.form.user_pass.value = '0';\r\n do_submit();\r\n }\r\n\r\n\r\n\r\n</script>\r\n <fieldset style=\"width: 600px;\">\r\n <legend>Credit Panel</legend>\r\n <form method=\"post\" action=\"credit.php?action=getitem\" name=\"form\">\r\n <input type=\"hidden\" name=\"pass\" value=\"\" maxlength=\"256\" />\r\n <table class=\"flat\">\r\n <tr>\r\n <td>Your Credits:</td>\r\n <td>{$total_points}</td>\r\n <tr>\r\n <td>VIP Level</td>\r\n <td>" . get_gm_level($acc[1]) . " ( {$acc['1']} )</td>"; if ($acc[1] == 0) { $output .= "<td><a href=\"credit.php?action=getvip\">Upgrade(20)</td>"; } if ($acc[1] != 0) { if ($acc[1] >= 3) { $output .= "<td><a href=\"credit.php?action=extvip\">Extend VIP(20)</td>"; } else { $output .= "<td><a href=\"credit.php?action=getvip\">Upgrade</td><td><a href=\"credit.php?action=extvip\">Extend VIP(20)</td>"; } } $output .= "</tr>\r\n <td>Request Item:</td></tr><tr>\r\n <td>\r\n <select name=\"items\"> \r\n <option value=\"error\">Please select an item</option>\r\n <option value=\"Phoenix\">Phoenix(20)</option>\r\n <option value=\"Bag\">36 Slot Bag(20)</option>\r\n <option value=\"Raven\">Raven Lord(15)</option>\r\n <option value=\"PrimalNether\">Primal Nether(5)</option>\r\n <option value=\"NetherVortex\">Nether Vortex(8)</option>\r\n <option value=\"MercilessD\">Merciless Nether Drake(25)</option>\r\n <option value=\"Murloc\">Murloc Costume(5)</option>\r\n <option value=\"Tiger60\">Swift Spectral Tiger For lvl 60(20)</option>\r\n <option value=\"Tiger30\">Swift Spectral Tiger For lvl 30(15)</option>\r\n <option value=\"Ogre\">Carved Ogre Idol(5)</option>\r\n <option value=\"FlyingBroom\">Swift Flying Broom(20)</option>\r\n <option value=\"BattleBear\">Big Battle Bear(15)</option>\r\n <option value=\"XRocket\">X-51 Nether-Rocket X-TREME(25)</option>\r\n </select>\r\n </td>\r\n <td><input name=\"character\" type=\"text\" value=\"Character Name\"></input></td>\r\n <td>\r\n <input type=\"submit\" value=\"Send item\">\r\n </td></tr>\r\n <tr><td>Your chars</td>\r\n </tr>"; $result = $sql->query("SELECT SUM(numchars) FROM realmcharacters WHERE acctid = '{$user_id}'"); $sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $result = $sql->query("SELECT guid,name,race,class,SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) FROM `characters` WHERE account = {$user_id}"); while ($char = $sql->fetch_array($result)) { $ren_char = $char[1]; $output .= "<tr>\r\n <td>{$char['1']} - " . get_player_race($char[2]) . " " . get_player_class($char[3]) . " | lvl {$char['4']}</td>\r\n </tr>\r\n<tr><td><a href=\"credit.php?action=rename&ren_char={$ren_char}\">Rename(6)</a></td><td><a href=\"credit.php?action=gen_char&gend_char={$ren_char}\">Change Gender(6)</a></td><td><a href=\"credit.php?action=movechar&char={$ren_char}\">Move Account(7)</a></td>"; } $output .= "</form> <tr>\r\n <form method=\"post\" action=\"credit.php?action=movepoints\" name=\"form\">\r\n <input type=\"hidden\" name=\"pass\" value=\"\" maxlength=\"256\" />\r\n <td>Transfer points to other players:</td></tr><tr>\r\n <td><input name=\"tcharacter\" type=\"text\" value=\"Character Name\"></input></td><td><input name=\"tpoints\" type=\"text\" value=\"Points\"></input></td>\r\n <td>\r\n <input type=\"submit\" value=\"Transfer\">\r\n </td></tr></form>\r\n <form method=\"post\" action=\"credit.php?action=tplayer\" name=\"form\">\r\n <tr><td>Teleport Player</td></tr><tr>\r\n <td><input name=\"tchar\" type=\"text\" value=\"Character Name\"></input></td>\r\n <td>\r\n <select name=\"tplace\"> \r\n <option value=\"error\">Please select a place</option>\r\n <option value=\"Shattrath\">Shattrath(1)</option>\r\n <option value=\"Stormwind\">Stormwind(1)</option>\r\n <option value=\"Orgrimmar\">Orgrimmar(1)</option>\r\n </select>\r\n </td>\r\n <td><input type=\"submit\" value=\"Teleport\"></td></tr>"; $output .= "</table>\r\n </fieldset>\r\n <br />\r\n\r\n <br /></center>"; } else { error($lang_global['err_no_records_found']); } $sql->close(); }
function search() { global $lang_global, $lang_mail, $output, $itemperpage, $item_datasite, $mangos_db, $characters_db, $realm_id, $sql_search_limit; wowhead_tt(); if (!isset($_GET['search_value']) || !isset($_GET['search_by'])) { redirect("mail_on.php?error=2"); } $sql = new SQL(); $sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $search_value = $sql->quote_smart($_GET['search_value']); $search_by = $sql->quote_smart($_GET['search_by']); $search_menu = array('sender', 'receiver'); // if (!array_key_exists($search_by, $search_menu)) $search_by = 'sender'; $start = isset($_GET['start']) ? $sql->quote_smart($_GET['start']) : 0; $order_by = isset($_GET['order_by']) ? $sql->quote_smart($_GET['order_by']) : "id"; $dir = isset($_GET['dir']) ? $sql->quote_smart($_GET['dir']) : 1; $order_dir = $dir ? "ASC" : "DESC"; $dir = $dir ? 0 : 1; if ($search_value == '') { $search_by .= ' != 0'; } else { $temp = $sql->query("SELECT guid FROM `characters` WHERE name like '%{$search_value}%'"); $search_value = $sql->result($temp, 0, 'guid'); $search_by .= ' =' . $search_value; } $query_1 = $sql->query("SELECT count(*) FROM `mail`"); $query = $sql->query("SELECT a.id, a.messageType, a.sender, a.receiver, a.subject, a.body, a.has_items, a.money, a.cod, a.checked, b.item_template\r\n FROM mail a\r\n LEFT JOIN mail_items b ON a.id = b.mail_id\r\n WHERE {$search_by}\r\n ORDER BY {$order_by} {$order_dir} LIMIT {$start}, {$itemperpage}"); $this_page = $sql->num_rows($query); $all_record = $sql->result($query_1, 0); $total_found = $sql->num_rows($query); //==========================top page navigation starts here======================== $output .= "<center><table class=\"top_hidden\">\r\n <tr><td>\r\n <table class=\"hidden\">\r\n <tr><td>\r\n <form action=\"mail_on.php\" method=\"get\" name=\"form\">\r\n <input type=\"hidden\" name=\"action\" value=\"search\" />\r\n <input type=\"hidden\" name=\"error\" value=\"4\" />\r\n <input type=\"text\" size=\"45\" name=\"search_value\" />\r\n <select name=\"search_by\">\r\n <option value=\"a.sender\">Sender</option>\r\n <option value=\"a.receiver\">Receiver</option>\r\n </select></form></td><td>"; makebutton($lang_global['search'], "javascript:do_submit()", 80); $output .= "</td></tr></table>\r\n <td align=\"right\">"; $output .= generate_pagination("mail_on.php?action=search&order_by={$order_by}&dir=" . !$dir, $all_record, $itemperpage, $start); $output .= "</td></tr></table>"; //==========================top page navigation ENDS here ======================== $output .= "<table class=\"lined\">\r\n <tr>\r\n <th width=\"5%\">" . $lang_mail['id'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['mail_type'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['sender'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['receiver'] . "</th>\r\n <th width=\"15%\">" . $lang_mail['subject'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['has_items'] . "</th>\r\n <th width=\"25%\">" . $lang_mail['text'] . "</th>\r\n <th width=\"20%\">" . $lang_mail['money'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['checked'] . "</th>\r\n </tr>"; while ($mail = $sql->fetch_array($query)) { $g = floor($mail[7] / 10000); $mail[7] -= $g * 10000; $s = floor($mail[7] / 100); $mail[7] -= $s * 100; $c = $mail[7]; $money = ""; if ($mail[7] > 0) { $money = $g . "<img src=\"./img/gold.gif\" /> " . $s . "<img src=\"./img/silver.gif\" /> " . $c . "<img src=\"./img/copper.gif\" /> "; } $output .= "<tr valign=top>\r\n <td>{$mail['0']}</td>\r\n <td>" . get_mail_source($mail[1]) . "</td>\r\n <td><a href=\"char.php?id={$mail['2']}\">" . get_char_name($mail[2]) . "</a></td>\r\n <td><a href=\"char.php?id={$mail['3']}\">" . get_char_name($mail[3]) . "</a></td>\r\n <td>{$mail['4']}</td>\r\n "; $output .= "<td>"; if ($mail[6]) { $output .= "\r\n <a style=\"padding:2px;\" href=\"{$item_datasite}{$mail[10]}\" target=\"_blank\">\r\n <img class=\"bag_icon\" src=\"" . get_item_icon($mail[10]) . "\" alt=\"\" />\r\n </a>"; } //maketooltip("<img src=\"./img/up.gif\" alt=\"\">", $item_datasite{$mail[10]}, $mail[10], "item_tooltip", "target=\"_blank\""); $output .= "</td>"; $output .= "<td>" . get_mail_text($mail[0]) . "</td>\r\n <td>{$money}</td>\r\n <td>" . get_check_state($mail[9]) . "</td>\r\n </tr>"; } /*--------------------------------------------------*/ $output .= "<tr><td colspan=\"6\" class=\"hidden\" align=\"right\">All Mails: {$all_record}</td></tr>\r\n </table></center>"; $sql->close(); }
function delete_spwn() { global $world_db, $realm_id; if (isset($_GET['entry'])) { $entry = $_GET['entry']; } else { redirect("game_object.php?error=1"); } $sql = new SQL(); $sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $sql->query("DELETE FROM gameobject WHERE id = '{$entry}'"); $sql->close(); redirect("game_object.php?action=edit&entry={$entry}&error=4"); }
$url = $sls['sharerurl']; $removehttp = str_replace('http://', '', $url); $removeslash = rtrim($removehttp, '/'); if (strpos($removeslash, ':') !== false) { list($ip, $port) = explode(":", $removeslash); } else { $ip = $removeslash; $port = 80; } } if (fsockopen($ip, $port, $errno, $errstr, 5) !== false) { echo '1'; $dbsls->query("UPDATE ip_sharerlinks SET status='1' WHERE id='{$sharerLinkID}'"); } else { echo '0'; $dbsls->query("UPDATE ip_sharerlinks SET status='0' WHERE id='{$sharerLinkID}'"); } $dbsls->close(); } else { if (isset($_GET['state'])) { $dbcs = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false); $dbcs->query("SELECT * FROM ip_sharerlinks ORDER BY status"); while ($getr = $dbcs->fetch_assoc()) { $state = $getr['status']; echo $state; } $dbcs->close(); } else { echo '404'; } }
if (isset($_GET['retweet']) && !empty($_GET['retweet'])) { if (!defined('SITE_ROOT')) { define('SITE_ROOT', '../'); } require_once SITE_ROOT . 'portal_config.php'; require_once SITE_ROOT . 'include/database.class.php'; $db = new SQL(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME, false); $retweetID = $db->prot(htmlspecialchars($_GET['retweet'])); $db->query("SELECT shout_msg FROM ip_shouts WHERE id='{$retweetID}'"); if ($row = $db->fetch_array()) { $shoutMsg = stripslashes(rtrim(htmlspecialchars_decode($row['shout_msg']))); $shoutMsg = str_ireplace("[rt]", "", $shoutMsg); $shoutMsg = str_ireplace("[/rt]", "", $shoutMsg); $shoutMsg = str_ireplace("<code>", "", $shoutMsg); $shoutMsg = str_ireplace("</code>", "", $shoutMsg); if (preg_match("/!update/i", $shoutMsg)) { $replaceShout = str_ireplace("!update", "", $shoutMsg); echo '[rt]' . $replaceShout . '[/rt]'; } else { if (preg_match("/!request/i", $shoutMsg)) { $replaceShout = str_ireplace("!request", "", $shoutMsg); echo '[rt]' . $replaceShout . '[/rt]'; } else { echo '[rt]' . $shoutMsg . '[/rt]'; } } } else { echo 'KO'; } $db->close(); }
function forum_do_add_topic(&$sqlm) { global $enablesidecheck, $forum_skeleton, $forum_lang, $user_lvl, $user_name, $user_id, $mmfpm_db, $minfloodtime; if ($enablesidecheck) { $side = get_side(); } // Better to use it here instead of call it many time in the loop :) $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $userposts = $sqlm->query(' SELECT time FROM mm_forum_posts WHERE authorid = ' . $user_id . ' ORDER BY id DESC LIMIT 1'); if ($sqlm->num_rows($userposts) != 0) { $mintimeb4post = $sqlm->fetch_assoc($userposts); $mintimeb4post = time() - strtotime($mintimeb4post['time']); if ($mintimeb4post < $minfloodtime) { error($forum_lang['please_wait']); } } //==========================$_POST and SECURE================================= if (!isset($_POST['forum'])) { error($forum_lang['no_such_forum']); } else { $forum = $sqlm->quote_smart($_POST['forum']); } //==========================$_POST and SECURE end============================= $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category['forums'] as $fid => $forum_) { if ($fid == $forum) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]['forums'][$forum])) { error($forum_lang['no_such_forum']); } $forum_ = $forum_skeleton[$cat]['forums'][$forum]; if ($forum_skeleton[$cat]['level_post_topic'] > $user_lvl || $forum_['level_post_topic'] > $user_lvl) { error($forum_lang['no_access']); } if ($user_lvl == 0 && $enablesidecheck) { if ($forum_skeleton[$cat]['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum_skeleton[$cat]['side_access'] != $side) { // Forumside different of the user side continue; } } } if ($forum_['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum_['side_access'] != $side) { // Forumside different of the user side continue; } } } } //==========================$_POST and SECURE================================= // $_POST['msg'] = htmlspecialchars($_POST['msg']); $msg = trim($sqlm->quote_smart($_POST['msg']), " "); // $_POST['name'] = htmlspecialchars($_POST['name']); $name = trim($sqlm->quote_smart($_POST['name']), " "); //==========================$_POST and SECURE end============================= if (strlen($name) > 49) { $sqlm->close(); error($forum_lang['name_too_long']); } if (strlen($name) < 5) { $sqlm->close(); error($forum_lang['name_too_short']); } if (strlen($msg) < 5) { $sqlm->close(); error($forum_lang['msg_too_short']); } $msg = str_replace('\\n', '<br />', $msg); // $msg = str_replace('\r', '<br />', $msg); $time = date("m/d/y H:i:s"); $sqlm->query(' INSERT INTO mm_forum_posts (authorid, authorname, forum, name, text, time) VALUES (\'' . $user_id . '\', \'' . $user_name . '\', \'' . $forum . '\', \'' . $name . '\', \'' . $msg . '\', \'' . $time . '\')'); $id = $sqlm->insert_id(); $sqlm->query(' UPDATE mm_forum_posts SET topic = ' . $id . ', lastpost = ' . $id . ' WHERE id = ' . $id . ''); $sqlm->close(); redirect('forum.php?action=view_topic&id=' . $id . ''); // Queries : 3 }
function forum_delete_post(&$sqlm) { global $enablesidecheck, $forum_skeleton, $forum_lang, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //==========================$_GET and SECURE================================= if (!isset($_GET['id'])) { error($forum_lang['no_such_post']); } else { $id = $sqlm->quote_smart($_GET['id']); } //==========================$_GET and SECURE end============================= $topic = $sqlm->query(' SELECT id, topic, authorid, forum FROM mm_forum_posts WHERE id = ' . $id . ''); if ($sqlm->num_rows($topic) == 0) { error($forum_lang['no_such_post']); } $topic = $sqlm->fetch_assoc($topic); if ($user_lvl == 0 && $topic['authorid'] != $user_id) { error($forum_lang["no_access"]); } $fid = $topic['forum']; $topic2 = $sqlm->query(' SELECT name FROM mm_forum_posts WHERE id = ' . $topic['topic'] . ''); $name = $sqlm->fetch_assoc($topic2); $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category['forums'] as $fid_ => $forum) { if ($fid_ == $fid) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]['forums'][$fid])) { // No such forum.. error($forum_lang['no_such_forum']); } $forum = $forum_skeleton[$cat]['forums'][$fid]; $output .= ' <div class="top"> <h1>' . $forum_lang['forums'] . '</h1> </div> <center> <table class="lined">'; if ($topic['id'] == $topic['topic']) { $output .= ' <tr> <td>' . $forum_lang['delete_topic'] . '</td> </tr> </table> <table class="flat"> <tr> <td align="left"> <a href="forum.php">' . $forum_lang['forum_index'] . '</a> -> <a href="forum.php?action=view_forum&id=' . $fid . '">' . $forum['name'] . '</a> -> <a href="forum.php?action=view_topic&id=' . $topic['topic'] . '">' . $name['name'] . '</a> -> ' . $forum_lang['delete'] . '! </td> </tr> </table> <table class="hidden"> <tr> <td>'; } else { $output .= ' <tr> <td>' . $forum_lang['delete_post'] . '</td> </tr> </table> <table width="300" class="hidden" align="center"> <tr> <td>'; } makebutton($forum_lang['back'], "javascript:window.history.back()\" type=\"def", 120); makebutton($forum_lang['confirm'], 'forum.php?action=do_delete_post&id=' . $topic['id'] . '" type="wrn', 120); $output .= ' </td> </tr> </table> </center>'; $sqlm->close(); // Queries : 1 }