}
$server->selectDB('worlddb');
$get = mysql_query("SELECT name,displayid,ItemLevel,quality,AllowableRace,AllowableClass,class,subclass,Flags\r\n\tFROM item_template WHERE entry='" . $entry . "'") or die('Error whilst getting item data from the database. Error message: ' . mysql_error());
$row = mysql_fetch_assoc($get);
$server->selectDB('webdb');
if ($row['AllowableRace'] == "-1") {
$faction = 0;
} elseif ($row['AllowableRace'] == 690) {
$faction = 1;
} elseif ($row['AllowableRace'] == 1101) {
$faction = 2;
} else {
$faction = $row['AllowableRace'];
}
mysql_query("INSERT INTO shopitems (entry,name,in_shop,displayid,type,itemlevel,quality,price,class,faction,subtype,flags) VALUES (\r\n\t'" . $entry . "','" . mysql_real_escape_string($row['name']) . "','" . $shop . "','" . $row['displayid'] . "','" . $row['class'] . "','" . $row['ItemLevel'] . "'\r\n\t,'" . $row['quality'] . "','" . $price . "','" . $row['AllowableClass'] . "','" . $faction . "','" . $row['subclass'] . "','" . $row['Flags'] . "'\r\n\t)") or die('Error whilst adding items to the database. Error message: ' . mysql_error());
$server->logThis("Added " . $row['name'] . " to the " . $shop . " shop");
echo 'Successfully added item';
}
###############################
if ($_POST['action'] == 'addmulti') {
$il_from = (int) $_POST['il_from'];
$il_to = (int) $_POST['il_to'];
$price = (int) $_POST['price'];
$quality = mysql_real_escape_string($_POST['quality']);
$shop = mysql_real_escape_string($_POST['shop']);
$type = mysql_real_escape_string($_POST['type']);
if (empty($il_from) || empty($il_to) || empty($price) || empty($shop)) {
die("Please enter all fields.");
}
$advanced = "";
if ($type != "all") {
define('INIT_SITE', TRUE);
include '../../includes/misc/headers.php';
include '../../includes/configuration.php';
include '../functions.php';
$server = new server();
$account = new account();
$server->selectDB('webdb');
###############################
if ($_POST['action'] == "setTemplate") {
mysql_query("UPDATE template SET applied='0' WHERE applied='1'");
mysql_query("UPDATE template SET applied='1' WHERE id='" . (int) $_POST['id'] . "'");
}
###############################
if ($_POST['action'] == "installTemplate") {
mysql_query("INSERT INTO template VALUES('','" . mysql_real_escape_string(trim($_POST['name'])) . "','" . mysql_real_escape_string(trim($_POST['path'])) . "','0')");
$server->logThis("Installed the template " . $_POST['name']);
}
###############################
if ($_POST['action'] == "uninstallTemplate") {
mysql_query("DELETE FROM template WHERE id='" . (int) $_POST['id'] . "'");
mysql_query("UPDATE template SET applied='1' ORDER BY id ASC LIMIT 1");
$server->logThis("Uninstalled a template");
}
###############################
if ($_POST['action'] == "getMenuEditForm") {
$result = mysql_query("SELECT * FROM site_links WHERE position='" . (int) $_POST['id'] . "'");
$rows = mysql_fetch_assoc($result);
?>
Title<br/>
<input type="text" id="editlink_title" value="<?php
echo $rows['title'];
$ticketString = 'guid';
} else {
$ticketString = 'ticketId';
}
############################
if ($_POST['action'] == 'edit') {
$id = (int) $_POST['id'];
$new_id = (int) $_POST['new_id'];
$name = mysql_real_escape_string(trim($_POST['name']));
$host = mysql_real_escape_string(trim($_POST['host']));
$port = (int) $_POST['port'];
$chardb = mysql_real_escape_string(trim($_POST['chardb']));
if (empty($name) || empty($host) || empty($port) || empty($chardb)) {
die("<span class='red_text'>Please enter all fields.</span><br/>");
}
$server->logThis("Updated realm information for " . $name);
mysql_query("UPDATE realms SET id='" . $new_id . "',name='" . $name . "',host='" . $host . "',port='" . $port . "',char_db='" . $chardb . "' WHERE id='" . $id . "'");
return TRUE;
}
###############################
if ($_POST['action'] == 'delete') {
$id = (int) $_POST['id'];
mysql_query("DELETE FROM realms WHERE id='" . $id . "'");
$server->logThis("Deleted a realm");
}
###############################
if ($_POST['action'] == 'edit_console') {
$id = (int) $_POST['id'];
$type = mysql_real_escape_string($_POST['type']);
$user = mysql_real_escape_string(trim($_POST['user']));
$pass = mysql_real_escape_string(trim($_POST['pass']));
$extended .= "Updated Vote Points to " . $vp . "<br/>";
}
$chk3 = mysql_query("SELECT COUNT FROM account_data WHERE dp='" . $dp . "' AND id='" . $od . "'");
if (mysql_query($chk3, 0) > 0) {
$extended .= "Updated Donation Coins to " . $dp . "<br/>";
}
mysql_query("UPDATE account_data SET vp='" . $vp . "', dp ='" . $dp . "' WHERE id='" . $id . "'");
if (!empty($password)) {
$username = strtoupper(trim($account->getAccName($id)));
$password = sha1("" . $username . ":" . $password . "");
$server->selectDB('logondb');
mysql_query("UPDATE account SET sha_pass_hash='" . $password . "' WHERE id='" . $id . "'");
mysql_query("UPDATE account SET v='0',s='0' WHERE id='" . $id . "'");
$extended .= "Changed password<br/>";
}
$server->logThis("Modified account information for " . ucfirst(strtolower($account->getAccName($id))), $extended);
echo "Settings were saved.";
}
###############################
if ($_POST['action'] == 'saveAccA') {
$id = (int) $_POST['id'];
$rank = (int) $_POST['rank'];
$realm = mysql_real_escape_string($_POST['realm']);
mysql_query("UPDATE account_access SET gmlevel='" . $rank . "',RealmID='" . $realm . "' WHERE id='" . $id . "'");
$server->logThis("Modified account access for " . ucfirst(strtolower($account->getAccName($id))));
}
###############################
if ($_POST['action'] == 'removeAccA') {
$id = (int) $_POST['id'];
mysql_query("DELETE FROM account_access WHERE id='" . $id . "'");
$server->logThis("Modified GM account access for " . ucfirst(strtolower($account->getAccName($id))));
anywhere unless you were given permission.
© Nomsoftware 'Nomsoft' 2011-2012. All rights reserved. */
define('INIT_SITE', TRUE);
include '../../includes/misc/headers.php';
include '../../includes/configuration.php';
include '../functions.php';
$server = new server();
$account = new account();
$server->selectDB('webdb');
###############################
if ($_POST['function'] == 'post') {
if (empty($_POST['title']) || empty($_POST['author']) || empty($_POST['content'])) {
die('<span class="red_text">Please enter all fields.</span>');
}
mysql_query("INSERT INTO news (title,body,author,image,date) VALUES\r\n\t('" . mysql_real_escape_string($_POST['title']) . "','" . mysql_real_escape_string(trim(htmlentities($_POST['content']))) . "',\r\n\t'" . mysql_real_escape_string($_POST['author']) . "','" . mysql_real_escape_string($_POST['image']) . "',\r\n\t'" . date("Y-m-d H:i:s") . "')");
$server->logThis("Posted a news post");
echo "Successfully posted news.";
} elseif ($_POST['function'] == 'delete') {
if (empty($_POST['id'])) {
die('No ID specified. Aborting...');
}
mysql_query("DELETE FROM news WHERE id='" . mysql_real_escape_string($_POST['id']) . "'");
mysql_query("DELETE FROM news_comments WHERE id='" . mysql_real_escape_string($_POST['id']) . "'");
$server->logThis("Deleted a news post");
} elseif ($_POST['function'] == 'edit') {
$id = (int) $_POST['id'];
$title = ucfirst(mysql_real_escape_string($_POST['title']));
$author = ucfirst(mysql_real_escape_string($_POST['author']));
$content = mysql_real_escape_string(trim(htmlentities($_POST['content'])));
if (empty($id) || empty($title) || empty($content)) {
die("Please enter both fields.");