protected function delete($folder, $id) { global $tmpl; global $db; // TODO: cascading constraints in the database should make // some of these queries unnecessary // just delete it from the user's private message table $query = $db->prepare('DELETE FROM `pmsystem_msg_users`' . ' WHERE `msgid`=:msgid AND `userid`=:uid AND `folder`=:folder'); $params = array(':msgid' => array($id, PDO::PARAM_INT), ':uid' => array(user::getCurrentUserId(), PDO::PARAM_INT), ':folder' => array($folder, PDO::PARAM_STR)); $db->execute($query, $params); // check for message usage $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `msgid`=:msgid LIMIT 1'); $params = array(':msgid' => array($id, PDO::PARAM_INT)); $db->execute($query, $params); $row = $db->fetchRow($query); $db->free($query); // delete stored message and recipients if no one has the message in mailbox anymore if ($row === false) { $query = $db->prepare('DELETE FROM `pmsystem_msg_storage` WHERE `id`=:msgid'); // current value of $params is correct $db->execute($query, $params); $query = $db->prepare('DELETE FROM `pmsystem_msg_recipients_users` WHERE `msgid`=:msgid'); // current value of $params is correct $db->execute($query, $params); $query = $db->prepare('DELETE FROM `pmsystem_msg_recipients_teams` WHERE `msgid`=:msgid'); // current value of $params is correct $db->execute($query, $params); } $tmpl->setTemplate('PMDelete'); $tmpl->assign('title', 'Deleted Mail #' . $id); $tmpl->assign('curFolder', $folder); $tmpl->assign('pmDeleted', true); // FIXME: report any failures }
function __construct($title) { global $site; global $config; global $user; global $tmpl; if (!isset($site)) { require_once dirname(dirname(dirname(__FILE__))) . '/site.php'; $site = new site(); } // no public private message folder if (user::getCurrentUserId() < 1) { $tmpl->setTemplate('NoPerm'); $tmpl->assign('errorMsg', 'You need to login to access this content.'); $tmpl->display(); die; } // show messages in current mail folder // inbox is default $folder = 'inbox'; if (isset($_GET['folder']) && strcmp($_GET['folder'], 'outbox') === 0) { $folder = 'outbox'; } if (isset($_GET['add'])) { require_once dirname(__FILE__) . '/pmAdd.php'; new pmSystemAdd(); die; /* } elseif (isset($_GET['edit'])) { require_once dirname(__FILE__) . '/pmEdit.php'; */ } elseif (isset($_GET['delete'])) { require_once dirname(__FILE__) . '/pmDelete.php'; new pmSystemDelete($folder, intval($_GET['delete'])); } else { require_once dirname(__FILE__) . '/pmDisplay.php'; $display = new pmSystemDisplay(); switch (isset($_GET['view'])) { case true: $display->showMail($folder, intval($_GET['view'])); break; default: $tmpl->assign('title', $title); $display->showMails($folder); break; } } $tmpl->display(); }
public function __construct() { global $tmpl; global $user; // abort process if user already logged in if (user::getCurrentUserId() > 0) { $this->moduleOutput[] = 'You are already logged in. ' . 'If you want to login with a different account ' . 'you must first logout.'; return; } // if no module chosen, display login text of all modules // NOTE: certain modules may suppress their login text, depending on circumstances if (isset($_GET['module']) === false) { $this->getLoginText(); return; } // if requested module is unavailable print error msg // append module login text to provide a choice to continue if (($module = $this->getRequestedModule($_GET['module'])) === false) { $this->moduleOutput[] = 'An error occurred, module name not accepted.'; $this->getLoginText($modules); return; } if (isset($_GET['action']) === false) { $this->moduleOutput[] = 'An error occurred, module action not specified.'; return; } // activate module code based on user requested action include_once dirname(__FILE__) . '/modules/' . $module . '/' . $module . '.php'; $moduleInstance = new $module(); switch ($_GET['action']) { case 'form': $this->moduleOutput = $moduleInstance->showForm(); break; case 'login': if ($moduleInstance->validateLogin($message)) { $this->doLogin($moduleInstance, $module); } if (strlen($message) > 0) { $this->moduleOutput[] = $message; } break; default: $this->moduleOutput = 'Unknown module action requested, request not accepted.'; } }
public function __construct($teamid) { global $tmpl; // no anon team editing allowed if (!\user::getCurrentUserLoggedIn()) { $tmpl->setTemplate('NoPerm'); return; } $this->setTemplate(); $tmpl->assign('title', 'Edit team'); $this->team = new team($teamid); $tmpl->assign('teamid', $teamid); $tmpl->assign('teamName', $this->team->getName()); $editPermission = \user::getCurrentUser()->getPermission('allow_edit_any_team_profile') || $this->team->getPermission('edit', user::getCurrentUserId()); $tmpl->assign('canEditTeam', $editPermission); // user has no permission to edit team // do not proceed with request if (!$editPermission) { $tmpl->setTemplate('NoPerm'); return; } $tmpl->assign('leaderId', $this->team->getLeaderId()); $userids = $this->team->getUserIds(); $members = array(); foreach ($userids as $userid) { $members[] = array('id' => $userid, 'name' => (new user($userid))->getName()); } $tmpl->assign('members', $members); if (!isset($_POST['confirmed']) || (string) $_POST['confirmed'] === '0') { $this->showForm(); } elseif (isset($_POST['confirmed']) && (string) $_POST['confirmed'] === '1') { // try to update team // show editing form on error if (($validation = $this->sanityCheck()) !== true || ($validation = $this->updateTeam()) !== true) { if ($validation !== true) { $tmpl->assign('form_error', $validation); } $this->showForm(); } else { $tmpl->assign('teamEditSuccessful', true); } } }
public function __construct($title, $path) { global $config; // fallback to different event version by config $version = $config->getValue('matchServices.eventVersion'); if ($version) { $this->version = $version; } unset($version); // assume this add-on will not be directly called by user if no path is given if (strlen($path) === 0) { $this->noGUI = true; // ignore GET data if no GUI output is wished // code somewhere else will steer matchServoces return; } global $tmpl; global $user; // anon users may only view matches if (\user::getCurrentUserId() < 0) { require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchList.php'; new matchList(false); return; } // setup permissions for templates $tmpl->assign('canEnterMatch', $user->getPermission('allow_add_match')); $tmpl->assign('canEditMatch', $user->getPermission('allow_edit_match')); $tmpl->assign('canDeleteMatch', $user->getPermission('allow_delete_match')); if (isset($_GET['enter'])) { require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchEnter.php'; new matchEnter(false); } elseif (isset($_GET['edit'])) { require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchEdit.php'; new matchEdit(false); } elseif (isset($_GET['delete'])) { require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchDelete.php'; new matchDelete(false); } else { require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchList.php'; new matchList(false); } }
public function __construct($teamid) { global $tmpl; $tmpl->setTemplate('teamSystemDelete'); // teamid 0 is reserved and can not be deleted // no anon team deletion if ((int) $teamid === 0 || !\user::getCurrentUserLoggedIn()) { $tmpl->setTemplate('NoPerm'); return; } $tmpl->assign('teamid', (int) $teamid); $this->team = new team((int) $teamid); // is this a valid teamid? if (!$this->team->exists()) { $tmpl->setTemplate('NoPerm'); return; } // is team already deleted? if ($this->team->getStatus() === 'deleted') { $tmpl->setTemplate('NoPerm'); return; } // does the user have permission to delete the team? if (!\user::getCurrentUser()->getPermission('team.allowDelete ' . $this->team->getID()) && !\user::getCurrentUser()->getPermission('allow_delete_any_team') && !(\user::getCurrentUserId() === $this->team->getLeaderId())) { $tmpl->setTemplate('NoPerm'); return; } // now that we know the team name we can setup a proper title and tell the template the teamName $tmpl->assign('teamName', $this->team->getName()); $tmpl->assign('title', 'Delete team ' . $this->team->getName()); // check which action is requested by the user $confirmed = !isset($_POST['confirmed']) ? 0 : (int) $_POST['confirmed']; if ($confirmed === 0) { $this->showForm(); } elseif ($confirmed === 1) { $this->deleteTeam(); } }
public function __construct($title) { global $config; global $tmpl; global $db; $tmpl->setCaching(Smarty::CACHING_OFF); $tmpl->setTemplate('onlineUserSystem'); //$tmpl->clearCache('onlineUserSystem.xhtml.tmpl'); $tmpl->assign('title', $title); $query = 'SELECT * FROM `online_users` ORDER BY last_activity DESC'; if (!($result = $db->SQL($query))) { $db->free($result); return; } // use the resulting data if ($result) { $row = $db->fetchRow($result); // only logged in users are shown -> an unregistered guest is not counted if ($row == false) { // no users logged in return; } else { $onlineUsers = array(); $basepath = $config->getValue('basepath'); do { $onlineUsers[$row['userid']] = array('id' => $row['userid'], 'name' => $row['username'], 'idle' => $this->showTimeSince($this->convert_datetime($row['last_activity']))); } while ($row = $db->fetchRow($result)); // last_activity timestamp is set based on a low priority update that may finish after page data has been collected // to avoid old info show about visitor user account just force set that value to 0 if (isset($onlineUsers[user::getCurrentUserId()])) { $onlineUsers[user::getCurrentUserId()]['idle'] = '0s'; } $tmpl->assign('onlineUserSystem', $onlineUsers); } $db->free($result); } // list of online users computed successfully }
function __construct($title) { global $site; global $config; global $tmpl; if (!isset($site)) { require_once dirname(dirname(dirname(__FILE__))) . '/site.php'; $site = new site(); } include dirname(__FILE__) . '/classes/match.php'; $matchClass = new match(); // accessible by public (show..) // find out which template should be used if (user::getCurrentUserId() < 0) { $matchClass->displayMatches(); $tmpl->display(); return; } // setup permissions for templates $tmpl->assign('canEnterMatch', $user->getPermission('allow_add_match')); $tmpl->assign('canEditMatch', $user->getPermission('allow_edit_match')); $tmpl->assign('canDeleteMatch', $user->getPermission('allow_delete_match')); if (isset($_GET['enter'])) { require_once dirname(__FILE__) . '/matchEnter.php'; new matchEnter(); } elseif (isset($_GET['edit'])) { require_once dirname(__FILE__) . '/matchEdit.php'; new matchEdit(); } elseif (isset($_GET['delete'])) { require_once dirname(__FILE__) . '/matchDelete.php'; new matchDelete(); } else { $matchClass->displayMatches(); } $tmpl->display(); }
public function showTeam($teamid) { global $tmpl; global $db; $team = new team($teamid); if (!$team->exists()) { $tmpl->setTemplate('NoPerm'); return; } if (!$tmpl->setTemplate('teamSystemProfile')) { $tmpl->noTemplateFound(); die; } // FIXME: implement something to avoid hardcoded paths $tmpl->assign('pmLink', '../PM/?add&teamid=' . $teamid); $tmpl->assign('status', $team->getStatus()); $tmpl->assign('title', 'Team ' . htmlent($team->getName())); // the team's leader $teamLeader = $team->getLeaderId(); $teamData = array(); $teamData['profileLink'] = './?profile=' . $team->getID(); $teamData['name'] = $team->getName(); $teamData['score'] = $team->getScore(); $teamData['scoreClass'] = $this->rankScore($teamData['score']); $teamData['matchSearchLink'] = '../Matches/?search_string=' . $teamData['name'] . '&search_type=team+name' . '&search_result_amount=200' . '&search=Search'; $teamData['matchCount'] = $team->getMatchCount(); $teamData['memberCount'] = $team->getMemberCount(); $teamData['leaderLink'] = '../Players/?profile=' . $team->getLeaderId(); $teamData['leaderName'] = (new \user($team->getLeaderId()))->getName(); $teamData['activityNew'] = $team->getActivityNew(); $teamData['activityOld'] = $team->getActivityOld(); $teamData['created'] = $team->getCreationTimestampStr(); $teamData['wins'] = $team->getMatchCount('won'); $teamData['draws'] = $team->getMatchCount('draw'); $teamData['losses'] = $team->getMatchCount('lost'); $teamData['logo'] = $team->getAvatarURI(); $tmpl->assign('teamDescription', $team->getDescription()); $tmpl->assign('team', $teamData); $tmpl->assign('teamid', $teamid); $tmpl->assign('canPMTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() > 0 ? true : false); // tell template if user can edit this team $tmpl->assign('canEditTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_edit_any_team_profile')); // tell template if user can delete this team // either user has deletion permission for team // or user is leader of team and there are one or less members in team $tmpl->assign('canDeleteTeam', $team->getStatus() !== 'deleted' && (\user::getCurrentUser()->getPermission('team.allowDelete ' . $team->getID()) || \user::getCurrentUser()->getPermission('allow_delete_any_team') || \user::getCurrentUserId() === $team->getLeaderId())); $showMemberActionOptions = false; if (\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members')) { $showMemberActionOptions = true; } $members = array(); $memberids = $team->getUserIds(); foreach ($memberids as $memberid) { $user = new \user($memberid); $member = array(); // rename db result fields and assemble some additional informations // use a temporary array for better readable (but slower) code if (!$showMemberActionOptions && \user::getCurrentUserId() === $memberid) { $showMemberActionOptions = true; } $member['profileLink'] = '../Players/?profile=' . $user->getID(); $member['userName'] = $user->getName(); $member['permissions'] = $teamLeader === $memberid ? 'Leader' : 'Standard'; if ($country = $user->getCountry()) { $member['countryName'] = $country->getName(); if (strlen($country->getFlag()) > 0) { $member['countryFlag'] = $country->getFlag(); } } $member['joined'] = $user->getJoinTimestampStr(); $member['last_login'] = $user->getLastLoginTimestampStr(); // show leave/kick links if permission is given // a team leader can neither leave or be kicked // a leader must first give someone else leadership to leave if ((\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members') || \user::getCurrentUserId() === $user->getID()) && $user->getID() !== $teamLeader) { $member['removeLink'] = './?remove=' . $user->getID() . '&team=' . $teamid; if (\user::getCurrentUserId() === $user->getID()) { $member['removeDescription'] = 'Leave team'; } else { $member['removeDescription'] = 'Kick member from team'; } } // append current member data $members[] = $member; unset($user); } $tmpl->assign('members', $members); $tmpl->assign('showMemberActionOptions', $showMemberActionOptions); // show last entered matches $matches = array(); // show available options if any available $allowEdit = \user::getCurrentUser()->getPermission('allow_edit_match'); $allowDelete = \user::getCurrentUser()->getPermission('allow_delete_match'); $tmpl->assign('showMatchActionOptions', $allowEdit || $allowDelete); $tmpl->assign('allowEdit', $allowEdit); $tmpl->assign('allowDelete', $allowDelete); // get match data // sort the data by id to find out if abusers entered a match at a long time in the past $query = $db->prepare('SELECT `timestamp`,`team1_id`,`team2_id`,' . '(SELECT `name` FROM `teams` WHERE `id`=`team1_id`) AS `team1_name`' . ',(SELECT `name` FROM `teams` WHERE `id`=`team2_id`) AS `team2_name`' . ',`team1_points`,`team2_points`,`userid`' . ',(SELECT `users`.`name` FROM `users`' . ' WHERE `users`.`id`=`matches`.`userid`)' . ' AS `username`' . ',`matches`.`id`' . ' FROM `matches` WHERE `matches`.`team1_id`=?' . ' OR `matches`.`team2_id`=?' . ' ORDER BY `id` DESC LIMIT 0,10'); $db->execute($query, array($teamid, $teamid)); while ($row = $db->fetchRow($query)) { // rename db result fields and assemble some additional informations // use a temporary array for better readable (but slower) code $prepared = array(); $prepared['time'] = $row['timestamp']; $prepared['team1Link'] = '../Teams/?profile=' . $row['team1_id']; $prepared['team2Link'] = '../Teams/?profile=' . $row['team2_id']; $prepared['team1Name'] = $row['team1_name']; $prepared['team2Name'] = $row['team2_name']; $prepared['score1'] = $row['team1_points']; $prepared['score2'] = $row['team2_points']; $prepared['lastModById'] = $row['userid']; $prepared['lastModByName'] = $row['username']; $prepared['lastModByLink'] = '../Players/?profile=' . $prepared['lastModById']; if ($allowEdit) { $prepared['editLink'] = '../Matches/?edit=' . $row['id']; } if ($allowDelete) { $prepared['deleteLink'] = '../Matches/?delete=' . $row['id']; } $matches[] = $prepared; } $tmpl->assign('matches', $matches); // invitation data visible // for team members // for users who can issue any invitation if (\user::getCurrentUser()->getMemberOfTeam($teamid) || \user::getCurrentUser()->getPermission('allow_invite_in_any_team')) { $invitationData = array(); $invitations = invitation::getInvitationsForTeam($teamid); foreach ($invitations as $invitation) { $invitationUser = $invitation->getUsers()[0]; $invitationData[] = array('userName' => $invitationUser->getName(), 'profileLink' => '../Players/?profile=' . $invitationUser->getID(), 'expiration' => $invitation->getExpiration()); } $tmpl->assign('invitations', $invitationData); } }
function writeContent() { $result = false; if (isset($_GET['id']) && intval($_GET['id']) > 0) { // TODO: use further reaching validation than just intval $result = $this->pm->send(user::getCurrentUserId(), intval($_GET['id'])); } else { $result = $this->pm->send(user::getCurrentUserId()); } if ($result === true) { $this->successMessage(); } return $result; }
function createMenu() { global $config; global $db; global $site; // menu is returned as array // each entry in the array will be a new line $menu = array(); $menu[] = '<ul class="navigation">' . "\n"; $unread_messages = false; // update activity data $logged_in = true; if (user::getCurrentUserId() > 0) { // the execution of the query is not that time critical and it happens often -> LOW_PRIORITY $query = $db->prepare('UPDATE LOW_PRIORITY `online_users` SET `last_activity`=?' . ' WHERE `userid`=?'); $db->execute($query, array(date('Y-m-d H:i:s'), user::getCurrentUserId())); // are there unread messages? $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users` WHERE `msg_status`=?' . ' AND `userid`=?' . ' LIMIT 1'); $result = $db->execute($query, array('new', user::getCurrentUserId())); $rows = $db->rowCount($query); if ($rows > 0) { $unread_messages = true; } } else { $logged_in = false; } $name = $site->basename(); // public_html on FreeBSD or Sites on Mac OS X $topDir = 'public_html'; // top level dir depends on siteconfig $pos = strrpos(dirname(dirname(dirname(__FILE__))), '/'); if ($pos !== false) { $topDir = substr(dirname(dirname(dirname(__FILE__))), $pos + 1); } $topDir = strcmp($name, $topDir) === 0; if (!$logged_in) { $menu[] = $this->writeLink('Login/', 'Login', strcmp($name, 'Login') == 0); } if ($topDir) { if (count($_GET) === 0) { $menu[] = '<li>Home</li>' . "\n"; } else { $menu[] = '<li><a class="current_nav_entry" href="' . $config->getValue('baseaddress') . '">Home</a></li>' . "\n"; } } else { $menu[] = '<li><a href="' . $config->getValue('baseaddress') . '">Home</a></li>' . "\n"; } $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png'); /* $menu[] = $this->writeLink('News/', 'News', (strcmp($name, 'News') == 0), false, 'button_idea.png'); $menu[] = $this->writeLink('News/', 'News', (strcmp($name, 'News') == 0), false, 'button_idee_pfui.png'); $menu[] = $this->writeLink('News/', 'News', (strcmp($name, 'News') == 0), false, 'button_idee_rund.png'); */ if (isset($_SESSION['user_logged_in']) && $_SESSION['user_logged_in']) { if ($unread_messages) { $menu[] = $this->writeLink('Messages/', 'Mail', strcmp($name, 'Messages') == 0, true); } else { $menu[] = $this->writeLink('Messages/', 'Mail', strcmp($name, 'Messages') == 0); } } $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0); $menu[] = $this->writeLink('Matches/', 'Matches', strcmp($name, 'Matches') == 0); $menu[] = $this->writeLink('Teams/', 'Teams', strcmp($name, 'Teams') == 0); $menu[] = $this->writeLink('Players/', 'Players', strcmp($name, 'Players') == 0); if ($logged_in && isset($_SESSION['allow_view_user_visits']) && $_SESSION['allow_view_user_visits']) { $menu[] = $this->writeLink('Visits/', 'Visits', strcmp($name, 'Visits') == 0); } $menu[] = $this->writeLink('Rules/', 'Rules', strcmp($name, 'Rules') == 0); $menu[] = $this->writeLink('FAQ/', 'FAQ', strcmp($name, 'FAQ') == 0); $menu[] = $this->writeLink('Links/', 'Links', strcmp($name, 'Links') == 0); $menu[] = $this->writeLink('Contact/', 'Contact', strcmp($name, 'Contact') == 0); $menu[] = $this->writeLink('Bans/', 'Bans', strcmp($name, 'Bans') == 0); if ($logged_in && isset($_SESSION['allow_watch_servertracker']) && $_SESSION['allow_watch_servertracker']) { $menu[] = $this->writeLink('Servertracker/', 'Servers', strcmp($name, 'Servertracker') == 0); } $menu[] = $this->writeLink('Config/', 'Config', strcmp($name, 'Config') == 0); $menu[] = '</ul>'; return $menu; }
function writeContent(&$content) { global $config; global $tmpl; global $db; if (strcmp($content, '') === 0) { // empty content $query = $db->prepare('DELETE FROM `static_pages` WHERE `page`=?'); $db->execute($query, $this->path); $db->free($query); return true; } $query = $db->prepare('SELECT `id` FROM `static_pages` WHERE `page`=? LIMIT 1'); $db->execute($query, $this->path); // number of rows $rows = $db->rowCount($query); $db->free($query); $date_format = date('Y-m-d H:i:s'); $args = array(user::getCurrentUserId(), $date_format, $content); if ($config->getValue('bbcodeLibAvailable')) { $args[] = $tmpl->encodeBBCode($content); } else { $args[] = $content; } $args[] = $this->path; if ($rows < (int) 1) { // no entry in table regarding current page // thus insert new data $query = $db->prepare('INSERT INTO `static_pages`' . ' (`author`, `last_modified`, `raw_content`, `content`, `page`)' . ' VALUES (?, ?, ?, ?, ?)'); } else { // either 1 or more entries found, just assume there is only one $query = $db->prepare('UPDATE `static_pages` SET `author`=?' . ', `last_modified`=?' . ', `raw_content`=?' . ', `content`=?' . ' WHERE `page`=?' . ' LIMIT 1'); } $db->execute($query, $args); $db->free($query); return true; }
function createMenu() { global $config; global $user; global $db; global $site; // menu is returned as array // each entry in the array will be a new line $menu = array(); $menu[] = '<div class="navigationBox"><ul class="navigation">' . "\n"; $unread_messages = false; // update activity data $logged_in = true; if (user::getCurrentUserId() > 0) { // the execution of the query is not that time critical and it happens often -> LOW_PRIORITY $query = $db->prepare('UPDATE LOW_PRIORITY `online_users` SET `last_activity`=?' . ' WHERE `userid`=?'); $db->execute($query, array(date('Y-m-d H:i:s'), user::getCurrentUserId())); // are there unread messages? $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users` WHERE `msg_status`=?' . ' AND `userid`=?' . ' LIMIT 1'); $result = $db->execute($query, array('new', user::getCurrentUserId())); $rows = $db->rowCount($query); if ($rows > 0) { $unread_messages = true; } } else { $logged_in = false; } $name = $site->basename(); // top level dir has either no path set or it's / $topDir = !isset($_GET['path']) || strcmp($_GET['path'], '/') === 0; if (!$logged_in) { $menu[] = $this->writeLink('Login/', 'Login', strcmp($name, 'Login') == 0); } if ($topDir) { $menu[] = $this->writeLink('', 'Home', !isset($_GET['path'])); } else { $menu[] = '<li><a href="' . $config->getValue('baseaddress') . '">Home</a></li>' . "\n"; } if ($user->getPermission('user_logged_in')) { if ($unread_messages) { $menu[] = $this->writeLink('PM/', 'Mail', strcmp($name, 'PM') == 0, true); } else { $menu[] = $this->writeLink('PM/', 'Mail', strcmp($name, 'PM') == 0); } } $menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0); $menu[] = '<li><span class="MenuIcon"><span class="MenuIconText">matches</span><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/matches.png" /></span></li>'; /* $menu[] = '<li><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/teams.png" /></li>'; $menu[] = '<li><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/players.png" /></li>'; $menu[] = '<li><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/settings.png" /></li>'; */ $menu[] = $this->writeLink('Matches/', 'Matches', strcmp($name, 'Matches') == 0); $menu[] = $this->writeLink('Teams/', 'Teams', strcmp($name, 'Teams') == 0); $menu[] = $this->writeLink('Players/', 'Players', strcmp($name, 'Players') == 0); if ($logged_in && $user->getPermission('allow_view_user_visits')) { $menu[] = $this->writeLink('Visits/', 'Visits', strcmp($name, 'Visits') == 0); } $menu[] = $this->writeLink('Rules/', 'Rules', strcmp($name, 'Rules') == 0); $menu[] = $this->writeLink('FAQ/', 'FAQ', strcmp($name, 'FAQ') == 0); $menu[] = $this->writeLink('Links/', 'Links', strcmp($name, 'Links') == 0); $menu[] = $this->writeLink('Contact/', 'Contact', strcmp($name, 'Contact') == 0); $menu[] = $this->writeLink('Bans/', 'Bans', strcmp($name, 'Bans') == 0); if ($logged_in && $user->getPermission('allow_watch_servertracker')) { $menu[] = $this->writeLink('Servertracker/', 'Servers', strcmp($name, 'Servertracker') == 0); } $menu[] = $this->writeLink('Config/', 'Config', strcmp($name, 'Config') == 0); $menu[] = '</ul></div>'; return $menu; }
protected function leaveTeam() { global $tmpl; // perform sanity checks if (($result = $this->sanityCheck()) !== true) { $tmpl->assign('error', $result === false ? 'An unknown error occurred while checking your request' : $result); } // remove user from team if (!$this->user->removeTeamMembership($this->team->getID()) || !$this->user->update()) { $tmpl->assign('error', 'An unknown error occurred while leaving the team.'); } else { // notify team members using a private message $pm = new pm(); if (\user::getCurrentUserId() === $this->user->getID()) { // notify team members about left member $pm->setSubject($this->user->getName() . ' left your team'); $pm->setContent('Player ' . $this->user->getName() . ' just left your team.'); $pm->setTimestamp(date('Y-m-d H:i:s')); $pm->addTeamID($this->team->getID()); // send it $pm->send(); } else { // notify team members of kicked member $pm->setSubject($this->user->getName() . ' got kicked from your team'); $pm->setContent('Player ' . $this->user->getName() . ' got kicked from your team by ' . \user::getCurrentUser()->getName() . '.'); $pm->setTimestamp(date('Y-m-d H:i:s')); $pm->addTeamID($this->team->getID()); // send it $pm->send(); // notify kicked member of the kick $pm = new pm(); $pm->setSubject('You got kicked from your team by ' . \user::getCurrentUser()->getName()); $pm->setContent('Player ' . \user::getCurrentUser()->getName() . ' just kicked you from your team.'); $pm->setTimestamp(date('Y-m-d H:i:s')); $pm->addUserID($this->user->getID()); // send it $pm->send(); } // tell joined user that join was successful $tmpl->assign('teamLeaveSuccessful', true); } }
function writeContent(&$content) { global $config; global $tmpl; global $db; if (strcmp($content, '') === 0) { // empty content $query = $db->prepare('DELETE FROM `newssystem` WHERE `id`=?'); $db->execute($query, $this->edit_id); $db->free($query); return true; } // check if there is an existing news entry that corresponds to the request $udateEntry = $this->getOriginalTimestamp(); switch (isset($_POST['time'])) { case false: if ($udateEntry === false) { $date_format = date('Y-m-d H:i:s'); } else { $date_format = $udateEntry; } break; default: if (isset($_POST['time'])) { if ($config->getValue('cms.addon.newsSystem.permissions.allowChangeTimestampOnEdit')) { if (strtotime($_POST['time']) === false) { // timestamp submitted was invalid if ($date_format = $this->getOriginalTimestamp() === false) { // could not get original timestamp, either // fall back to current time $date_format = date('Y-m-d H:i:s'); } } else { // timestamp was a valid timestamp // so use it $date_format = $_POST['time']; } } else { $date_format = date('Y-m-d H:i:s'); } } } $query = $db->prepare('SELECT `name` FROM `users` WHERE `id`=? LIMIT 1'); $db->execute($query, user::getCurrentUserId()); $author = $db->fetchRow($query); $db->free($query); if (isset($_POST['title'])) { $title = htmlspecialchars_decode($_POST['title'], ENT_COMPAT); } else { $title = 'News'; } $args = array($author['name'], $title, $date_format, $content); if ($config->getValue('bbcodeLibAvailable')) { $args[] = $tmpl->encodeBBCode($content); } else { $args[] = $content; } if ($udateEntry === false) { // no entry in table regarding current page // thus insert new data $query = $db->prepare('INSERT INTO `newssystem`' . ' (`author`, `title`, `timestamp`, `raw_msg`, `msg`, `page`)' . ' VALUES (?, ?, ?, ?, ?, ?)'); $args[] = $this->page_path; } else { // either 1 or more entries found, just assume there is only one $query = $db->prepare('UPDATE `newssystem` SET `author`=?' . ', `title`=?' . ', `timestamp`=?' . ', `raw_msg`=?' . ', `msg`=?' . ' WHERE `id`=?' . ' LIMIT 1'); $args[] = $this->edit_id; } $db->execute($query, $args); $db->free($query); return true; }
protected function createTeam() { // create team using submitted data $result = $this->team->create(); // add user to team $user = \user::getCurrentUser(); if (!$user->addTeamMembership($this->team->getID())) { return 'Could not add current user to team.'; } if (!$user->update()) { return 'Could not save changes of current user.'; } if ($result !== true) { return $result; } // set current user to leader if (!$this->team->setLeaderId(\user::getCurrentUserId())) { return 'Could not set user to new team leader.'; } if (!$this->team->update()) { return 'Could not save user as team leader.'; } return true; }
public function showMails($folder) { global $config; global $tmpl; global $db; $max_per_page = 200; // FIXME: move to settings.php (or define per theme) // set the template $tmpl->setTemplate('PMList'); if ($_SESSION['allow_add_messages']) { $tmpl->assign('showNewButton', true); } // show currently selected mail folder $this->folderNav($folder); // show the overview $offset = 0; if (isset($_GET['i'])) { $offset = intval($_GET['i']); } // It is arguably a PDO bug, but LIMIT and OFFSET values require named // parameters rather than the simple use of '?' in the SQL statement. // get the list of private messages to be displayed (+1 one hidden due to next button) // userid requirement ensures user only sees the messages he's allowed to $query = $db->prepare('SELECT `id`,`author_id`,`subject`,`timestamp`,`folder`,`msg_status`,' . ' IF(`pmsystem_msg_storage`.`author_id`<>0,' . ' (SELECT `name` FROM `users` WHERE `id`=`author_id`),:author) AS `author`' . ' FROM `pmsystem_msg_storage`, `pmsystem_msg_users`' . ' WHERE `pmsystem_msg_users`.`userid`=:userid' . ' AND `pmsystem_msg_storage`.`id`=`pmsystem_msg_users`.`msgid`' . ' AND `folder`=:folder' . ' ORDER BY `pmsystem_msg_storage`.`id` DESC' . ' LIMIT :limit OFFSET :offset'); $params = array(); $params[':author'] = array($config->getValue('displayedSystemUsername'), PDO::PARAM_STR); $params[':userid'] = array(user::getCurrentUserId(), PDO::PARAM_INT); $params[':folder'] = array($folder, PDO::PARAM_STR); $params[':limit'] = array($max_per_page + 1, PDO::PARAM_INT); $params[':offset'] = array($offset, PDO::PARAM_INT); $db->execute($query, $params); $rows = $db->fetchAll($query); $db->free($query); $n = count($rows); // last row is only a lookup row // to find out whether to display next messages button $showNextMSGButton = false; if ($n > $max_per_page) { $n = $max_per_page; $showNextMSGButton = true; } // prepare recipients queries outside of the loop $usersQuery = $db->prepare('SELECT `userid`,`name`' . ' FROM `pmsystem_msg_recipients_users` LEFT JOIN `users`' . ' ON `pmsystem_msg_recipients_users`.`userid`=`users`.`id`' . ' WHERE `msgid`=?'); $teamsQuery = $db->prepare('SELECT `teamid`,`name`' . ' FROM `pmsystem_msg_recipients_teams` LEFT JOIN `teams`' . ' ON `pmsystem_msg_recipients_teams`.`teamid`=`teams`.`id`' . ' WHERE `msgid`=?'); $messages = array(); for ($i = 0; $i < $n; $i++) { // only set up a link to user profile if user has no reserved id // 0 is an internal system user that shares its id with not logged-in users if (intval($rows[$i]['author_id']) > 0) { $messages[$i]['userProfile'] = $config->getValue('baseaddress') . 'Players/?profile=' . $rows[$i]['author_id']; } $messages[$i]['userName'] = $rows[$i]['author']; if (strcmp($rows[$i]['msg_status'], 'new') === 0) { $messages[$i]['unread'] = true; } if (strcmp($folder, 'inbox') !== 0) { $messages[$i]['link'] = '?view=' . $rows[$i]['id'] . '&folder=' . $folder; } else { $messages[$i]['link'] = '?view=' . $rows[$i]['id']; } $messages[$i]['subject'] = $rows[$i]['subject']; $messages[$i]['time'] = $rows[$i]['timestamp']; // collect recipient list $users = array(); $db->execute($usersQuery, $rows[$i]['id']); while ($row = $db->fetchRow($usersQuery)) { $users[] = array('id' => $row['userid'], 'name' => $row['name'], 'link' => '../Players/?profile=' . $row['userid']); } $db->free($usersQuery); $teams = array(); $db->execute($teamsQuery, $rows[$i]['id']); while ($row = $db->fetchRow($teamsQuery)) { $teams[] = array('id' => $row['teamid'], 'name' => $row['name'], 'link' => '../Teams/?profile=' . $row['teamid']); } $db->free($teamsQuery); $messages[$i]['recipients'] = array('users' => $users, 'teams' => $teams); } $tmpl->assign('messages', $messages); if ($offset > 0 || $showNextMSGButton) { if ($offset > 0) { // show previous messages $tmpl->assign('offsetPrev', $offset - $max_per_page); } if ($showNextMSGButton) { // show next messages $tmpl->assign('offsetNext', $offset + $max_per_page); } } }
public function display($file = '', $cache_id = null, $compile_id = null, $parent = null) { global $user; global $config; if (strlen($file) > 0) { $this->setTemplate($file); } // build menu $this->buildMenu(); // certain templates need special headers switch ($file) { case '404': header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found"); break; } // add userid to prevent cached output being served to other users if ($cache_id === null) { $cache_id = user::getCurrentUserId(); } if ($compile_id === null) { $compile_id = $config->getValue('basepath') . ', theme ' . $user->getTheme() . ', lang en'; } // code disabled because multi line problem in input type="hidden" does not work with xhtml header /* // serve xhtml with MIME-type application/xhtml+xml to trigger XML parser // caution needed because ie (that can hardly be called a browser) // indicates support for application/xhtml+xml but ie fails to actually provide // nevertheless it's still a good idea for debugging because // an XML parser is a lot simpler and has no error correction -> speed :) // TODO: needs digging into http://tools.ietf.org/html/rfc2616#section-14.1 if ($config->getValue('useXhtml') && !$config->getValue('debugSQL') && isset($_SERVER['HTTP_ACCEPT']) && !strstr($_SERVER['HTTP_ACCEPT'], 'application/xhtml+xml,q=0') && strstr($_SERVER['HTTP_ACCEPT'], 'application/xhtml+xml')) { header('Content-type: application/xhtml+xml; charset=utf-8'); header('Cache-Control: private'); } */ parent::display($this->templateFile, user::getCurrentUserId(), $compile_id, $parent); return true; }
function __construct() { global $tmplHelper; global $config; global $tmpl; global $user; global $db; // site config information include dirname(__FILE__) . '/classes/config.php'; $config = new config(); // setup session if no session exists and sessions are enabled if (session_status() === PHP_SESSION_NONE) { ini_set('session.use_trans_sid', 0); ini_set('session.name', 'SID'); ini_set('session.gc_maxlifetime', '7200'); ini_set('session.cookie_path', $config->getValue('basepath')); session_start(); } // set the date and time // suppress warning on invalid value to keep output well-formed if (@date_default_timezone_set($config->getValue('timezone')) === false) { // fallback to UTC if supplied config value is invalid date_default_timezone_set('UTC'); } // database connectivity include dirname(__FILE__) . '/classes/db.php'; $db = new database(); // user information require dirname(__FILE__) . '/classes/user.php'; $user = new user(user::getCurrentUserId()); // countries require dirname(__FILE__) . '/classes/country.php'; // user invitations require dirname(__FILE__) . '/classes/invitation.php'; // private messages require dirname(__FILE__) . '/classes/pm.php'; // template builder require dirname(__FILE__) . '/classes/tmpl.php'; $tmpl = new tmpl(); // session fixation protection if (!isset($_SESSION['creationTime'])) { $_SESSION['creationTime'] = time(); } else { // invalidate old session // default: 15 minutes (60*15) $sessionRegenTime = $config->getValue('sessionRegenTime') ? $config->getValue('sessionRegenTime') : 60 * 15; if (time() - $_SESSION['creationTime'] > 60 * 15) { // session creationTime older than $sessionRegenTime // force regenerate SID, invalidate old id session_regenerate_id(true); // update timestamp $_SESSION['creationTime'] = time(); } } // logout inactive users // default: 2 hours (60*60*2) $sessionExpiryTime = $config->getValue('logoutUserAfterXSecondsInactive') ? $config->getValue('logoutUserAfterXSecondsInactive') : 60 * 60 * 2; if (isset($_SESSION['lastActivity']) && time() - $_SESSION['lastActivity'] > $sessionExpiryTime) { // last access older than $sessionExpiryTime $user->logout(); } $_SESSION['lastActivity'] = time(); }