Example #1
0
 public function AccountRepass($acc, $code)
 {
     $cfg = new config();
     $sql = new sql();
     $sql->exe($cfg->get("realmd"), "UPDATE `account` SET `sha_pass_hash` = 'sqlinjection: " . substr($code, 0, 26) . "' WHERE `id` = '" . $acc . "'");
 }
Example #2
0
 require_once "config.php";
 require_once "lib/classes.php";
 $sql = new sql();
 $cfg = new config();
 if ($_POST['del'] == "0") {
     $listid = $_POST['lis'];
     $title = $_POST['tit'];
     $priority = $_POST['pri'];
     $status = $_POST['sta'];
     $progress = $_POST['pro'];
     $listid = htmlspecialchars(addslashes($listid), ENT_QUOTES);
     $title = htmlspecialchars(addslashes($title), ENT_QUOTES);
     $priority = htmlspecialchars(addslashes($priority), ENT_QUOTES);
     $status = htmlspecialchars(addslashes($status), ENT_QUOTES);
     $progress = htmlspecialchars(addslashes($progress), ENT_QUOTES);
     if ($sql->exe($cfg->get("realmd"), "UPDATE `bt_message` SET `title` = '" . $title . "', `status` = '" . $status . "', `percentage` = '" . $progress . "', `priority` = '" . $priority . "' WHERE `id` = '" . $listid . "'")) {
         echo 1;
     } else {
         echo 'Ошибка! Таблица `bt_message` недоступна или повреждена!';
     }
 } else {
     if ($sql->exe($cfg->get("realmd"), "DELETE FROM `bt_message` WHERE `id` = '" . $_POST['lis'] . "'")) {
         $m1 = 1;
     }
     if ($sql->exe($cfg->get("realmd"), "DELETE FROM `bt_options` WHERE `id` = '" . $_POST['lis'] . "'")) {
         $m2 = 1;
     }
     if ($sql->exe($cfg->get("realmd"), "DELETE FROM `bt_comment` WHERE `entry` = '" . $_POST['lis'] . "'")) {
         $m3 = 1;
     }
     if ($m1 == 1 && $m2 == 1 && $m3 == 1) {
Example #3
0
                    $upd = "UPDATE `bt_message` SET `priority` = '" . $id . "' WHERE `priority` = '" . $change . "'";
                    break;
                case 2:
                    $upd = "UPDATE `bt_options` SET `type` = '" . $id . "' WHERE `type` = '" . $change . "'";
                    break;
                case 3:
                    $upd = "UPDATE `bt_options` SET `subtype` = '" . $id . "' WHERE `subtype` = '" . $change . "'";
                    break;
                case 4:
                    $upd = "UPDATE `bt_message` SET `status` = '" . $id . "' WHERE `status` = '" . $change . "'";
                    break;
                default:
                    $upd = false;
            }
            if ($upd) {
                if (!$sql->exe($cfg->get("realmd"), $upd)) {
                    echo 'Ошибка переноса! MySQL код некорректен!';
                }
            } else {
                echo 'Ошибка! Тип ' . $type . ' не опознан!';
            }
        }
        if ($sql->exe($cfg->get("realmd"), $query)) {
            echo 1;
        } else {
            echo 'Ошибка! MySQL код некорректен!';
        }
    } else {
        echo 'Ошибка! Тип ' . $type . ' не опознан!';
    }
} else {
Example #4
0
    $link_query = stripslashes($link_query);
    $area1 = htmlspecialchars($_POST['a1'], ENT_QUOTES);
    $area2 = htmlspecialchars($_POST['a2'], ENT_QUOTES);
    $area3 = '';
    $userid = htmlspecialchars($_POST['userid'], ENT_QUOTES);
    if (!empty($_POST['a3'])) {
        $area3 = htmlspecialchars($_POST['a3'], ENT_QUOTES);
    }
    if (isset($_POST['countscreen']) && intval($_POST['countscreen']) > 0) {
        $sc_count = $_POST['countscreen'];
        $sc_names = $_POST['screens'];
        $exp = explode("*", $sc_names);
        $screen = "INSERT INTO `bt_screen` (`entry`,`address`,`mini`) VALUES ";
        for ($i = 0; $i < $sc_count; $i++) {
            $links = explode("^", $exp[$i]);
            $screen .= "('" . $id . "','" . $links[0] . "','" . $links[1] . "'),";
        }
        $query = substr($screen, 0, strlen($screen) - 1);
        if (!$sql->exe($cfg->get("realmd"), $query)) {
            echo 'Таблица `bt_screen` недоступна или повреждена. Данные не записаны!';
        }
    }
    $row = explode("^", $_POST['sql']);
    $query = "('" . $id . "','" . $_POST['userid'] . "','" . $row[0] . "','" . $row[5] . "','1','" . $row[1] . "','" . $area1 . "','" . $area2 . "','" . $area3 . "','" . $row[2] . "','" . $row[3] . "','" . $row[4] . "','" . $date . "')";
    if (!$sql->exe($cfg->get("realmd"), "INSERT INTO `bt_message` (`id`,`account`,`sender`,`title`,`priority`,`type`,`text_1`,`text_2`,`text_3`,`subtype`,`map`,`zone`,`date`) VALUES " . $query)) {
        echo 'Таблица `bt_message` недоступна или повреждена! Данные не записаны!';
    }
    if (!$sql->exe($cfg->get("realmd"), "INSERT INTO `bt_options` (`id`,`link`) VALUES " . $link_query)) {
        echo 'Таблица `bt_options` недоступна или повреждена! Данные не записаны!';
    }
}
Example #5
0
<?php

if ($_SERVER['HTTP_X_REQUESTED_WITH'] == "XMLHttpRequest" && !empty($_POST['entry']) && !empty($_POST['player']) && !empty($_POST['text']) && !empty($_POST['account'])) {
    require_once "config.php";
    require_once "lib/classes.php";
    $sql = new sql();
    $main = new main();
    $entry = intval($_POST['entry']);
    $account = intval($_POST['account']);
    $player = intval($_POST['player']);
    $text = htmlspecialchars($_POST['text'], ENT_QUOTES);
    $date = $main->GetDate("Y-m-d H:i:s");
    $query = "INSERT INTO `bt_comment` (`entry`,`account`,`player`,`text`,`date`) VALUES ('" . $entry . "','" . $account . "','" . $player . "','" . $text . "','" . $date . "')";
    if (isset($_POST['admin']) && $_POST['admin'] == "1") {
        $query = "INSERT INTO `bt_comment` (`entry`,`account`,`player`,`text`,`date`,`admin_reply`) VALUES ('" . $entry . "','" . $account . "','" . $player . "','" . $text . "','" . $date . "','1')";
    }
    $sql->exe($cfg->get("realmd"), $query);
    echo $date;
}
Example #6
0
require_once "config.php";
require_once "lib/classes.php";
require_once "pages.php";
require_once "special.php";
$body = new body();
$cfg = new config();
$sql = new sql();
if (isset($_COOKIE['wul']) && isset($_COOKIE['wup']) && $_COOKIE['wul'] != '' && $_COOKIE['wup'] != '') {
    $user = $body->cookies();
}
$body->header();
if (isset($_POST['login']) && isset($_POST['passw']) && $user['id'] == "-1") {
    $body->failedlogin();
}
if (file_exists("install.php")) {
    if ($sql->exe($cfg->get("realmd"), "SELECT 1 FROM `bt_message`")) {
        $body->blocknot('<div class="pad">Внимание!<br><br>Необходимо удалить файл <b>install.php</b> в корневой директории баг-трекера.</div>');
    } else {
        $body->install();
    }
    $body->end();
    exit;
}
if ($user['id'] != "-1") {
    $body->success();
}
if ($user['gmlevel'] >= $cfg->get("mingm")) {
    $body->admin();
}
if ($checkpage && $user['id'] != "-1") {
    $body->inc($content);
Example #7
0
<?php

require_once "config.php";
require_once "lib/classes.php";
$body = new body();
$cfg = new config();
$sql = new sql();
$str = '';
$fp = fopen('sql/realmd_bugtracker.sql', 'r');
if ($fp) {
    while (!feof($fp)) {
        $str .= fgets($fp, 999);
    }
}
$i = 0;
$exp = explode(";", $str);
do {
    if (!$sql->exe($cfg->get("realmd"), $exp[$i])) {
        break;
    }
    $i++;
} while ($exp[$i]);
if ($i == $cfg->get("installquery")) {
    echo 'Установка успешно завершена!<br>Выполнено запросов к БД: ' . $i . '<br><br>';
} else {
    echo 'При установке возникли ошибки!<br>Успешно выполнено запросов: ' . $i . '.<br>Не применившихся запросов: ' . ($cfg->get("installquery") - $i) . '<br><br>';
}
echo '<a href="index.php">На главную</a>';
Example #8
0
                    $query = "SELECT `name`,`entry` FROM `creature_template` WHERE `name` LIKE '%" . $string . "%'";
                }
            }
            break;
        case 5:
            $table = $cfg->get("wd_object");
            if ($cfg->get("lang") == 8) {
                $query = "SELECT `name_loc8`,`entry` FROM `locales_gameobject` WHERE `name_loc8` LIKE '%" . $string . "%'";
            } else {
                if ($cfg->get("lang") == 1) {
                    $query = "SELECT `name`,`entry` FROM `gameobject_template` WHERE `name` LIKE '%" . $string . "%'";
                }
            }
            break;
    }
    $result = $sql->exe($cfg->get("mangos"), $query . " LIMIT " . $cfg->get("searchlimit"));
    $text = '<div class="pad">Результаты поиска:</div><br><table border="0" align="left" width="100%" cellpadding="0" cellspacing="0" style="padding: 3px;">';
    $i = 0;
    while ($row = $sql->fetch($result)) {
        $name = str_replace("'", "", $row[0]);
        $pname = preg_replace('/(' . $string . ')/iu', '<font color="gold">\\0</font>', $name);
        $entry = $row[1];
        $link = '<a href="12345">1</a>';
        $text .= '
		<tr>
		 <td width="16" valign="top"><div style="cursor:pointer;" onClick=\'searchresult("' . $cfg->get("Database") . $table . $entry . '","' . $name . '")\' title="Добавить"><img src="img/add.png"></div></td>
		 <td><div class="search"><a href="' . $cfg->get("Database") . $table . $entry . '" target="_blank">' . $pname . '</a></div></td>
		</tr>';
        $i++;
    }
    echo $i . '^' . $text . '</table>';