protected function delete($folder, $id)
{
global $tmpl;
global $db;
// TODO: cascading constraints in the database should make
// some of these queries unnecessary
// just delete it from the user's private message table
$query = $db->prepare('DELETE FROM `pmsystem_msg_users`' . ' WHERE `msgid`=:msgid AND `userid`=:uid AND `folder`=:folder');
$params = array(':msgid' => array($id, PDO::PARAM_INT), ':uid' => array(user::getCurrentUserId(), PDO::PARAM_INT), ':folder' => array($folder, PDO::PARAM_STR));
$db->execute($query, $params);
// check for message usage
$query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `msgid`=:msgid LIMIT 1');
$params = array(':msgid' => array($id, PDO::PARAM_INT));
$db->execute($query, $params);
$row = $db->fetchRow($query);
$db->free($query);
// delete stored message and recipients if no one has the message in mailbox anymore
if ($row === false) {
$query = $db->prepare('DELETE FROM `pmsystem_msg_storage` WHERE `id`=:msgid');
// current value of $params is correct
$db->execute($query, $params);
$query = $db->prepare('DELETE FROM `pmsystem_msg_recipients_users` WHERE `msgid`=:msgid');
// current value of $params is correct
$db->execute($query, $params);
$query = $db->prepare('DELETE FROM `pmsystem_msg_recipients_teams` WHERE `msgid`=:msgid');
// current value of $params is correct
$db->execute($query, $params);
}
$tmpl->setTemplate('PMDelete');
$tmpl->assign('title', 'Deleted Mail #' . $id);
$tmpl->assign('curFolder', $folder);
$tmpl->assign('pmDeleted', true);
// FIXME: report any failures
}
function __construct($title)
{
global $site;
global $config;
global $user;
global $tmpl;
if (!isset($site)) {
require_once dirname(dirname(dirname(__FILE__))) . '/site.php';
$site = new site();
}
// no public private message folder
if (user::getCurrentUserId() < 1) {
$tmpl->setTemplate('NoPerm');
$tmpl->assign('errorMsg', 'You need to login to access this content.');
$tmpl->display();
die;
}
// show messages in current mail folder
// inbox is default
$folder = 'inbox';
if (isset($_GET['folder']) && strcmp($_GET['folder'], 'outbox') === 0) {
$folder = 'outbox';
}
if (isset($_GET['add'])) {
require_once dirname(__FILE__) . '/pmAdd.php';
new pmSystemAdd();
die;
/*
} elseif (isset($_GET['edit']))
{
require_once dirname(__FILE__) . '/pmEdit.php';
*/
} elseif (isset($_GET['delete'])) {
require_once dirname(__FILE__) . '/pmDelete.php';
new pmSystemDelete($folder, intval($_GET['delete']));
} else {
require_once dirname(__FILE__) . '/pmDisplay.php';
$display = new pmSystemDisplay();
switch (isset($_GET['view'])) {
case true:
$display->showMail($folder, intval($_GET['view']));
break;
default:
$tmpl->assign('title', $title);
$display->showMails($folder);
break;
}
}
$tmpl->display();
}
public function __construct()
{
global $tmpl;
global $user;
// abort process if user already logged in
if (user::getCurrentUserId() > 0) {
$this->moduleOutput[] = 'You are already logged in. ' . 'If you want to login with a different account ' . 'you must first logout.';
return;
}
// if no module chosen, display login text of all modules
// NOTE: certain modules may suppress their login text, depending on circumstances
if (isset($_GET['module']) === false) {
$this->getLoginText();
return;
}
// if requested module is unavailable print error msg
// append module login text to provide a choice to continue
if (($module = $this->getRequestedModule($_GET['module'])) === false) {
$this->moduleOutput[] = 'An error occurred, module name not accepted.';
$this->getLoginText($modules);
return;
}
if (isset($_GET['action']) === false) {
$this->moduleOutput[] = 'An error occurred, module action not specified.';
return;
}
// activate module code based on user requested action
include_once dirname(__FILE__) . '/modules/' . $module . '/' . $module . '.php';
$moduleInstance = new $module();
switch ($_GET['action']) {
case 'form':
$this->moduleOutput = $moduleInstance->showForm();
break;
case 'login':
if ($moduleInstance->validateLogin($message)) {
$this->doLogin($moduleInstance, $module);
}
if (strlen($message) > 0) {
$this->moduleOutput[] = $message;
}
break;
default:
$this->moduleOutput = 'Unknown module action requested, request not accepted.';
}
}
public function __construct($teamid)
{
global $tmpl;
// no anon team editing allowed
if (!\user::getCurrentUserLoggedIn()) {
$tmpl->setTemplate('NoPerm');
return;
}
$this->setTemplate();
$tmpl->assign('title', 'Edit team');
$this->team = new team($teamid);
$tmpl->assign('teamid', $teamid);
$tmpl->assign('teamName', $this->team->getName());
$editPermission = \user::getCurrentUser()->getPermission('allow_edit_any_team_profile') || $this->team->getPermission('edit', user::getCurrentUserId());
$tmpl->assign('canEditTeam', $editPermission);
// user has no permission to edit team
// do not proceed with request
if (!$editPermission) {
$tmpl->setTemplate('NoPerm');
return;
}
$tmpl->assign('leaderId', $this->team->getLeaderId());
$userids = $this->team->getUserIds();
$members = array();
foreach ($userids as $userid) {
$members[] = array('id' => $userid, 'name' => (new user($userid))->getName());
}
$tmpl->assign('members', $members);
if (!isset($_POST['confirmed']) || (string) $_POST['confirmed'] === '0') {
$this->showForm();
} elseif (isset($_POST['confirmed']) && (string) $_POST['confirmed'] === '1') {
// try to update team
// show editing form on error
if (($validation = $this->sanityCheck()) !== true || ($validation = $this->updateTeam()) !== true) {
if ($validation !== true) {
$tmpl->assign('form_error', $validation);
}
$this->showForm();
} else {
$tmpl->assign('teamEditSuccessful', true);
}
}
}
public function __construct($title, $path)
{
global $config;
// fallback to different event version by config
$version = $config->getValue('matchServices.eventVersion');
if ($version) {
$this->version = $version;
}
unset($version);
// assume this add-on will not be directly called by user if no path is given
if (strlen($path) === 0) {
$this->noGUI = true;
// ignore GET data if no GUI output is wished
// code somewhere else will steer matchServoces
return;
}
global $tmpl;
global $user;
// anon users may only view matches
if (\user::getCurrentUserId() < 0) {
require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchList.php';
new matchList(false);
return;
}
// setup permissions for templates
$tmpl->assign('canEnterMatch', $user->getPermission('allow_add_match'));
$tmpl->assign('canEditMatch', $user->getPermission('allow_edit_match'));
$tmpl->assign('canDeleteMatch', $user->getPermission('allow_delete_match'));
if (isset($_GET['enter'])) {
require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchEnter.php';
new matchEnter(false);
} elseif (isset($_GET['edit'])) {
require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchEdit.php';
new matchEdit(false);
} elseif (isset($_GET['delete'])) {
require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchDelete.php';
new matchDelete(false);
} else {
require_once dirname(__FILE__) . '/versions/' . $this->version . '/matchList.php';
new matchList(false);
}
}
public function __construct($teamid)
{
global $tmpl;
$tmpl->setTemplate('teamSystemDelete');
// teamid 0 is reserved and can not be deleted
// no anon team deletion
if ((int) $teamid === 0 || !\user::getCurrentUserLoggedIn()) {
$tmpl->setTemplate('NoPerm');
return;
}
$tmpl->assign('teamid', (int) $teamid);
$this->team = new team((int) $teamid);
// is this a valid teamid?
if (!$this->team->exists()) {
$tmpl->setTemplate('NoPerm');
return;
}
// is team already deleted?
if ($this->team->getStatus() === 'deleted') {
$tmpl->setTemplate('NoPerm');
return;
}
// does the user have permission to delete the team?
if (!\user::getCurrentUser()->getPermission('team.allowDelete ' . $this->team->getID()) && !\user::getCurrentUser()->getPermission('allow_delete_any_team') && !(\user::getCurrentUserId() === $this->team->getLeaderId())) {
$tmpl->setTemplate('NoPerm');
return;
}
// now that we know the team name we can setup a proper title and tell the template the teamName
$tmpl->assign('teamName', $this->team->getName());
$tmpl->assign('title', 'Delete team ' . $this->team->getName());
// check which action is requested by the user
$confirmed = !isset($_POST['confirmed']) ? 0 : (int) $_POST['confirmed'];
if ($confirmed === 0) {
$this->showForm();
} elseif ($confirmed === 1) {
$this->deleteTeam();
}
}
public function __construct($title)
{
global $config;
global $tmpl;
global $db;
$tmpl->setCaching(Smarty::CACHING_OFF);
$tmpl->setTemplate('onlineUserSystem');
//$tmpl->clearCache('onlineUserSystem.xhtml.tmpl');
$tmpl->assign('title', $title);
$query = 'SELECT * FROM `online_users` ORDER BY last_activity DESC';
if (!($result = $db->SQL($query))) {
$db->free($result);
return;
}
// use the resulting data
if ($result) {
$row = $db->fetchRow($result);
// only logged in users are shown -> an unregistered guest is not counted
if ($row == false) {
// no users logged in
return;
} else {
$onlineUsers = array();
$basepath = $config->getValue('basepath');
do {
$onlineUsers[$row['userid']] = array('id' => $row['userid'], 'name' => $row['username'], 'idle' => $this->showTimeSince($this->convert_datetime($row['last_activity'])));
} while ($row = $db->fetchRow($result));
// last_activity timestamp is set based on a low priority update that may finish after page data has been collected
// to avoid old info show about visitor user account just force set that value to 0
if (isset($onlineUsers[user::getCurrentUserId()])) {
$onlineUsers[user::getCurrentUserId()]['idle'] = '0s';
}
$tmpl->assign('onlineUserSystem', $onlineUsers);
}
$db->free($result);
}
// list of online users computed successfully
}
function __construct($title)
{
global $site;
global $config;
global $tmpl;
if (!isset($site)) {
require_once dirname(dirname(dirname(__FILE__))) . '/site.php';
$site = new site();
}
include dirname(__FILE__) . '/classes/match.php';
$matchClass = new match();
// accessible by public (show..)
// find out which template should be used
if (user::getCurrentUserId() < 0) {
$matchClass->displayMatches();
$tmpl->display();
return;
}
// setup permissions for templates
$tmpl->assign('canEnterMatch', $user->getPermission('allow_add_match'));
$tmpl->assign('canEditMatch', $user->getPermission('allow_edit_match'));
$tmpl->assign('canDeleteMatch', $user->getPermission('allow_delete_match'));
if (isset($_GET['enter'])) {
require_once dirname(__FILE__) . '/matchEnter.php';
new matchEnter();
} elseif (isset($_GET['edit'])) {
require_once dirname(__FILE__) . '/matchEdit.php';
new matchEdit();
} elseif (isset($_GET['delete'])) {
require_once dirname(__FILE__) . '/matchDelete.php';
new matchDelete();
} else {
$matchClass->displayMatches();
}
$tmpl->display();
}
public function showTeam($teamid)
{
global $tmpl;
global $db;
$team = new team($teamid);
if (!$team->exists()) {
$tmpl->setTemplate('NoPerm');
return;
}
if (!$tmpl->setTemplate('teamSystemProfile')) {
$tmpl->noTemplateFound();
die;
}
// FIXME: implement something to avoid hardcoded paths
$tmpl->assign('pmLink', '../PM/?add&teamid=' . $teamid);
$tmpl->assign('status', $team->getStatus());
$tmpl->assign('title', 'Team ' . htmlent($team->getName()));
// the team's leader
$teamLeader = $team->getLeaderId();
$teamData = array();
$teamData['profileLink'] = './?profile=' . $team->getID();
$teamData['name'] = $team->getName();
$teamData['score'] = $team->getScore();
$teamData['scoreClass'] = $this->rankScore($teamData['score']);
$teamData['matchSearchLink'] = '../Matches/?search_string=' . $teamData['name'] . '&search_type=team+name' . '&search_result_amount=200' . '&search=Search';
$teamData['matchCount'] = $team->getMatchCount();
$teamData['memberCount'] = $team->getMemberCount();
$teamData['leaderLink'] = '../Players/?profile=' . $team->getLeaderId();
$teamData['leaderName'] = (new \user($team->getLeaderId()))->getName();
$teamData['activityNew'] = $team->getActivityNew();
$teamData['activityOld'] = $team->getActivityOld();
$teamData['created'] = $team->getCreationTimestampStr();
$teamData['wins'] = $team->getMatchCount('won');
$teamData['draws'] = $team->getMatchCount('draw');
$teamData['losses'] = $team->getMatchCount('lost');
$teamData['logo'] = $team->getAvatarURI();
$tmpl->assign('teamDescription', $team->getDescription());
$tmpl->assign('team', $teamData);
$tmpl->assign('teamid', $teamid);
$tmpl->assign('canPMTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() > 0 ? true : false);
// tell template if user can edit this team
$tmpl->assign('canEditTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_edit_any_team_profile'));
// tell template if user can delete this team
// either user has deletion permission for team
// or user is leader of team and there are one or less members in team
$tmpl->assign('canDeleteTeam', $team->getStatus() !== 'deleted' && (\user::getCurrentUser()->getPermission('team.allowDelete ' . $team->getID()) || \user::getCurrentUser()->getPermission('allow_delete_any_team') || \user::getCurrentUserId() === $team->getLeaderId()));
$showMemberActionOptions = false;
if (\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members')) {
$showMemberActionOptions = true;
}
$members = array();
$memberids = $team->getUserIds();
foreach ($memberids as $memberid) {
$user = new \user($memberid);
$member = array();
// rename db result fields and assemble some additional informations
// use a temporary array for better readable (but slower) code
if (!$showMemberActionOptions && \user::getCurrentUserId() === $memberid) {
$showMemberActionOptions = true;
}
$member['profileLink'] = '../Players/?profile=' . $user->getID();
$member['userName'] = $user->getName();
$member['permissions'] = $teamLeader === $memberid ? 'Leader' : 'Standard';
if ($country = $user->getCountry()) {
$member['countryName'] = $country->getName();
if (strlen($country->getFlag()) > 0) {
$member['countryFlag'] = $country->getFlag();
}
}
$member['joined'] = $user->getJoinTimestampStr();
$member['last_login'] = $user->getLastLoginTimestampStr();
// show leave/kick links if permission is given
// a team leader can neither leave or be kicked
// a leader must first give someone else leadership to leave
if ((\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members') || \user::getCurrentUserId() === $user->getID()) && $user->getID() !== $teamLeader) {
$member['removeLink'] = './?remove=' . $user->getID() . '&team=' . $teamid;
if (\user::getCurrentUserId() === $user->getID()) {
$member['removeDescription'] = 'Leave team';
} else {
$member['removeDescription'] = 'Kick member from team';
}
}
// append current member data
$members[] = $member;
unset($user);
}
$tmpl->assign('members', $members);
$tmpl->assign('showMemberActionOptions', $showMemberActionOptions);
// show last entered matches
$matches = array();
// show available options if any available
$allowEdit = \user::getCurrentUser()->getPermission('allow_edit_match');
$allowDelete = \user::getCurrentUser()->getPermission('allow_delete_match');
$tmpl->assign('showMatchActionOptions', $allowEdit || $allowDelete);
$tmpl->assign('allowEdit', $allowEdit);
$tmpl->assign('allowDelete', $allowDelete);
// get match data
// sort the data by id to find out if abusers entered a match at a long time in the past
$query = $db->prepare('SELECT `timestamp`,`team1_id`,`team2_id`,' . '(SELECT `name` FROM `teams` WHERE `id`=`team1_id`) AS `team1_name`' . ',(SELECT `name` FROM `teams` WHERE `id`=`team2_id`) AS `team2_name`' . ',`team1_points`,`team2_points`,`userid`' . ',(SELECT `users`.`name` FROM `users`' . ' WHERE `users`.`id`=`matches`.`userid`)' . ' AS `username`' . ',`matches`.`id`' . ' FROM `matches` WHERE `matches`.`team1_id`=?' . ' OR `matches`.`team2_id`=?' . ' ORDER BY `id` DESC LIMIT 0,10');
$db->execute($query, array($teamid, $teamid));
while ($row = $db->fetchRow($query)) {
// rename db result fields and assemble some additional informations
// use a temporary array for better readable (but slower) code
$prepared = array();
$prepared['time'] = $row['timestamp'];
$prepared['team1Link'] = '../Teams/?profile=' . $row['team1_id'];
$prepared['team2Link'] = '../Teams/?profile=' . $row['team2_id'];
$prepared['team1Name'] = $row['team1_name'];
$prepared['team2Name'] = $row['team2_name'];
$prepared['score1'] = $row['team1_points'];
$prepared['score2'] = $row['team2_points'];
$prepared['lastModById'] = $row['userid'];
$prepared['lastModByName'] = $row['username'];
$prepared['lastModByLink'] = '../Players/?profile=' . $prepared['lastModById'];
if ($allowEdit) {
$prepared['editLink'] = '../Matches/?edit=' . $row['id'];
}
if ($allowDelete) {
$prepared['deleteLink'] = '../Matches/?delete=' . $row['id'];
}
$matches[] = $prepared;
}
$tmpl->assign('matches', $matches);
// invitation data visible
// for team members
// for users who can issue any invitation
if (\user::getCurrentUser()->getMemberOfTeam($teamid) || \user::getCurrentUser()->getPermission('allow_invite_in_any_team')) {
$invitationData = array();
$invitations = invitation::getInvitationsForTeam($teamid);
foreach ($invitations as $invitation) {
$invitationUser = $invitation->getUsers()[0];
$invitationData[] = array('userName' => $invitationUser->getName(), 'profileLink' => '../Players/?profile=' . $invitationUser->getID(), 'expiration' => $invitation->getExpiration());
}
$tmpl->assign('invitations', $invitationData);
}
}
function writeContent()
{
$result = false;
if (isset($_GET['id']) && intval($_GET['id']) > 0) {
// TODO: use further reaching validation than just intval
$result = $this->pm->send(user::getCurrentUserId(), intval($_GET['id']));
} else {
$result = $this->pm->send(user::getCurrentUserId());
}
if ($result === true) {
$this->successMessage();
}
return $result;
}
function createMenu()
{
global $config;
global $db;
global $site;
// menu is returned as array
// each entry in the array will be a new line
$menu = array();
$menu[] = '<ul class="navigation">' . "\n";
$unread_messages = false;
// update activity data
$logged_in = true;
if (user::getCurrentUserId() > 0) {
// the execution of the query is not that time critical and it happens often -> LOW_PRIORITY
$query = $db->prepare('UPDATE LOW_PRIORITY `online_users` SET `last_activity`=?' . ' WHERE `userid`=?');
$db->execute($query, array(date('Y-m-d H:i:s'), user::getCurrentUserId()));
// are there unread messages?
$query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users` WHERE `msg_status`=?' . ' AND `userid`=?' . ' LIMIT 1');
$result = $db->execute($query, array('new', user::getCurrentUserId()));
$rows = $db->rowCount($query);
if ($rows > 0) {
$unread_messages = true;
}
} else {
$logged_in = false;
}
$name = $site->basename();
// public_html on FreeBSD or Sites on Mac OS X
$topDir = 'public_html';
// top level dir depends on siteconfig
$pos = strrpos(dirname(dirname(dirname(__FILE__))), '/');
if ($pos !== false) {
$topDir = substr(dirname(dirname(dirname(__FILE__))), $pos + 1);
}
$topDir = strcmp($name, $topDir) === 0;
if (!$logged_in) {
$menu[] = $this->writeLink('Login/', 'Login', strcmp($name, 'Login') == 0);
}
if ($topDir) {
if (count($_GET) === 0) {
$menu[] = '<li>Home</li>' . "\n";
} else {
$menu[] = '<li><a class="current_nav_entry" href="' . $config->getValue('baseaddress') . '">Home</a></li>' . "\n";
}
} else {
$menu[] = '<li><a href="' . $config->getValue('baseaddress') . '">Home</a></li>' . "\n";
}
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0, false, 'button_idea_3D.png');
/*
$menu[] = $this->writeLink('News/', 'News', (strcmp($name, 'News') == 0), false, 'button_idea.png');
$menu[] = $this->writeLink('News/', 'News', (strcmp($name, 'News') == 0), false, 'button_idee_pfui.png');
$menu[] = $this->writeLink('News/', 'News', (strcmp($name, 'News') == 0), false, 'button_idee_rund.png');
*/
if (isset($_SESSION['user_logged_in']) && $_SESSION['user_logged_in']) {
if ($unread_messages) {
$menu[] = $this->writeLink('Messages/', 'Mail', strcmp($name, 'Messages') == 0, true);
} else {
$menu[] = $this->writeLink('Messages/', 'Mail', strcmp($name, 'Messages') == 0);
}
}
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0);
$menu[] = $this->writeLink('Matches/', 'Matches', strcmp($name, 'Matches') == 0);
$menu[] = $this->writeLink('Teams/', 'Teams', strcmp($name, 'Teams') == 0);
$menu[] = $this->writeLink('Players/', 'Players', strcmp($name, 'Players') == 0);
if ($logged_in && isset($_SESSION['allow_view_user_visits']) && $_SESSION['allow_view_user_visits']) {
$menu[] = $this->writeLink('Visits/', 'Visits', strcmp($name, 'Visits') == 0);
}
$menu[] = $this->writeLink('Rules/', 'Rules', strcmp($name, 'Rules') == 0);
$menu[] = $this->writeLink('FAQ/', 'FAQ', strcmp($name, 'FAQ') == 0);
$menu[] = $this->writeLink('Links/', 'Links', strcmp($name, 'Links') == 0);
$menu[] = $this->writeLink('Contact/', 'Contact', strcmp($name, 'Contact') == 0);
$menu[] = $this->writeLink('Bans/', 'Bans', strcmp($name, 'Bans') == 0);
if ($logged_in && isset($_SESSION['allow_watch_servertracker']) && $_SESSION['allow_watch_servertracker']) {
$menu[] = $this->writeLink('Servertracker/', 'Servers', strcmp($name, 'Servertracker') == 0);
}
$menu[] = $this->writeLink('Config/', 'Config', strcmp($name, 'Config') == 0);
$menu[] = '</ul>';
return $menu;
}
function writeContent(&$content)
{
global $config;
global $tmpl;
global $db;
if (strcmp($content, '') === 0) {
// empty content
$query = $db->prepare('DELETE FROM `static_pages` WHERE `page`=?');
$db->execute($query, $this->path);
$db->free($query);
return true;
}
$query = $db->prepare('SELECT `id` FROM `static_pages` WHERE `page`=? LIMIT 1');
$db->execute($query, $this->path);
// number of rows
$rows = $db->rowCount($query);
$db->free($query);
$date_format = date('Y-m-d H:i:s');
$args = array(user::getCurrentUserId(), $date_format, $content);
if ($config->getValue('bbcodeLibAvailable')) {
$args[] = $tmpl->encodeBBCode($content);
} else {
$args[] = $content;
}
$args[] = $this->path;
if ($rows < (int) 1) {
// no entry in table regarding current page
// thus insert new data
$query = $db->prepare('INSERT INTO `static_pages`' . ' (`author`, `last_modified`, `raw_content`, `content`, `page`)' . ' VALUES (?, ?, ?, ?, ?)');
} else {
// either 1 or more entries found, just assume there is only one
$query = $db->prepare('UPDATE `static_pages` SET `author`=?' . ', `last_modified`=?' . ', `raw_content`=?' . ', `content`=?' . ' WHERE `page`=?' . ' LIMIT 1');
}
$db->execute($query, $args);
$db->free($query);
return true;
}
function createMenu()
{
global $config;
global $user;
global $db;
global $site;
// menu is returned as array
// each entry in the array will be a new line
$menu = array();
$menu[] = '<div class="navigationBox"><ul class="navigation">' . "\n";
$unread_messages = false;
// update activity data
$logged_in = true;
if (user::getCurrentUserId() > 0) {
// the execution of the query is not that time critical and it happens often -> LOW_PRIORITY
$query = $db->prepare('UPDATE LOW_PRIORITY `online_users` SET `last_activity`=?' . ' WHERE `userid`=?');
$db->execute($query, array(date('Y-m-d H:i:s'), user::getCurrentUserId()));
// are there unread messages?
$query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users` WHERE `msg_status`=?' . ' AND `userid`=?' . ' LIMIT 1');
$result = $db->execute($query, array('new', user::getCurrentUserId()));
$rows = $db->rowCount($query);
if ($rows > 0) {
$unread_messages = true;
}
} else {
$logged_in = false;
}
$name = $site->basename();
// top level dir has either no path set or it's /
$topDir = !isset($_GET['path']) || strcmp($_GET['path'], '/') === 0;
if (!$logged_in) {
$menu[] = $this->writeLink('Login/', 'Login', strcmp($name, 'Login') == 0);
}
if ($topDir) {
$menu[] = $this->writeLink('', 'Home', !isset($_GET['path']));
} else {
$menu[] = '<li><a href="' . $config->getValue('baseaddress') . '">Home</a></li>' . "\n";
}
if ($user->getPermission('user_logged_in')) {
if ($unread_messages) {
$menu[] = $this->writeLink('PM/', 'Mail', strcmp($name, 'PM') == 0, true);
} else {
$menu[] = $this->writeLink('PM/', 'Mail', strcmp($name, 'PM') == 0);
}
}
$menu[] = $this->writeLink('News/', 'News', strcmp($name, 'News') == 0);
$menu[] = '<li><span class="MenuIcon"><span class="MenuIconText">matches</span><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/matches.png" /></span></li>';
/*
$menu[] = '<li><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/teams.png" /></li>';
$menu[] = '<li><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/players.png" /></li>';
$menu[] = '<li><img src="' . $config->getValue('baseaddress') . 'themes/Simple%20orange/img/settings.png" /></li>';
*/
$menu[] = $this->writeLink('Matches/', 'Matches', strcmp($name, 'Matches') == 0);
$menu[] = $this->writeLink('Teams/', 'Teams', strcmp($name, 'Teams') == 0);
$menu[] = $this->writeLink('Players/', 'Players', strcmp($name, 'Players') == 0);
if ($logged_in && $user->getPermission('allow_view_user_visits')) {
$menu[] = $this->writeLink('Visits/', 'Visits', strcmp($name, 'Visits') == 0);
}
$menu[] = $this->writeLink('Rules/', 'Rules', strcmp($name, 'Rules') == 0);
$menu[] = $this->writeLink('FAQ/', 'FAQ', strcmp($name, 'FAQ') == 0);
$menu[] = $this->writeLink('Links/', 'Links', strcmp($name, 'Links') == 0);
$menu[] = $this->writeLink('Contact/', 'Contact', strcmp($name, 'Contact') == 0);
$menu[] = $this->writeLink('Bans/', 'Bans', strcmp($name, 'Bans') == 0);
if ($logged_in && $user->getPermission('allow_watch_servertracker')) {
$menu[] = $this->writeLink('Servertracker/', 'Servers', strcmp($name, 'Servertracker') == 0);
}
$menu[] = $this->writeLink('Config/', 'Config', strcmp($name, 'Config') == 0);
$menu[] = '</ul></div>';
return $menu;
}
protected function leaveTeam()
{
global $tmpl;
// perform sanity checks
if (($result = $this->sanityCheck()) !== true) {
$tmpl->assign('error', $result === false ? 'An unknown error occurred while checking your request' : $result);
}
// remove user from team
if (!$this->user->removeTeamMembership($this->team->getID()) || !$this->user->update()) {
$tmpl->assign('error', 'An unknown error occurred while leaving the team.');
} else {
// notify team members using a private message
$pm = new pm();
if (\user::getCurrentUserId() === $this->user->getID()) {
// notify team members about left member
$pm->setSubject($this->user->getName() . ' left your team');
$pm->setContent('Player ' . $this->user->getName() . ' just left your team.');
$pm->setTimestamp(date('Y-m-d H:i:s'));
$pm->addTeamID($this->team->getID());
// send it
$pm->send();
} else {
// notify team members of kicked member
$pm->setSubject($this->user->getName() . ' got kicked from your team');
$pm->setContent('Player ' . $this->user->getName() . ' got kicked from your team by ' . \user::getCurrentUser()->getName() . '.');
$pm->setTimestamp(date('Y-m-d H:i:s'));
$pm->addTeamID($this->team->getID());
// send it
$pm->send();
// notify kicked member of the kick
$pm = new pm();
$pm->setSubject('You got kicked from your team by ' . \user::getCurrentUser()->getName());
$pm->setContent('Player ' . \user::getCurrentUser()->getName() . ' just kicked you from your team.');
$pm->setTimestamp(date('Y-m-d H:i:s'));
$pm->addUserID($this->user->getID());
// send it
$pm->send();
}
// tell joined user that join was successful
$tmpl->assign('teamLeaveSuccessful', true);
}
}
function writeContent(&$content)
{
global $config;
global $tmpl;
global $db;
if (strcmp($content, '') === 0) {
// empty content
$query = $db->prepare('DELETE FROM `newssystem` WHERE `id`=?');
$db->execute($query, $this->edit_id);
$db->free($query);
return true;
}
// check if there is an existing news entry that corresponds to the request
$udateEntry = $this->getOriginalTimestamp();
switch (isset($_POST['time'])) {
case false:
if ($udateEntry === false) {
$date_format = date('Y-m-d H:i:s');
} else {
$date_format = $udateEntry;
}
break;
default:
if (isset($_POST['time'])) {
if ($config->getValue('cms.addon.newsSystem.permissions.allowChangeTimestampOnEdit')) {
if (strtotime($_POST['time']) === false) {
// timestamp submitted was invalid
if ($date_format = $this->getOriginalTimestamp() === false) {
// could not get original timestamp, either
// fall back to current time
$date_format = date('Y-m-d H:i:s');
}
} else {
// timestamp was a valid timestamp
// so use it
$date_format = $_POST['time'];
}
} else {
$date_format = date('Y-m-d H:i:s');
}
}
}
$query = $db->prepare('SELECT `name` FROM `users` WHERE `id`=? LIMIT 1');
$db->execute($query, user::getCurrentUserId());
$author = $db->fetchRow($query);
$db->free($query);
if (isset($_POST['title'])) {
$title = htmlspecialchars_decode($_POST['title'], ENT_COMPAT);
} else {
$title = 'News';
}
$args = array($author['name'], $title, $date_format, $content);
if ($config->getValue('bbcodeLibAvailable')) {
$args[] = $tmpl->encodeBBCode($content);
} else {
$args[] = $content;
}
if ($udateEntry === false) {
// no entry in table regarding current page
// thus insert new data
$query = $db->prepare('INSERT INTO `newssystem`' . ' (`author`, `title`, `timestamp`, `raw_msg`, `msg`, `page`)' . ' VALUES (?, ?, ?, ?, ?, ?)');
$args[] = $this->page_path;
} else {
// either 1 or more entries found, just assume there is only one
$query = $db->prepare('UPDATE `newssystem` SET `author`=?' . ', `title`=?' . ', `timestamp`=?' . ', `raw_msg`=?' . ', `msg`=?' . ' WHERE `id`=?' . ' LIMIT 1');
$args[] = $this->edit_id;
}
$db->execute($query, $args);
$db->free($query);
return true;
}
protected function createTeam()
{
// create team using submitted data
$result = $this->team->create();
// add user to team
$user = \user::getCurrentUser();
if (!$user->addTeamMembership($this->team->getID())) {
return 'Could not add current user to team.';
}
if (!$user->update()) {
return 'Could not save changes of current user.';
}
if ($result !== true) {
return $result;
}
// set current user to leader
if (!$this->team->setLeaderId(\user::getCurrentUserId())) {
return 'Could not set user to new team leader.';
}
if (!$this->team->update()) {
return 'Could not save user as team leader.';
}
return true;
}
public function showMails($folder)
{
global $config;
global $tmpl;
global $db;
$max_per_page = 200;
// FIXME: move to settings.php (or define per theme)
// set the template
$tmpl->setTemplate('PMList');
if ($_SESSION['allow_add_messages']) {
$tmpl->assign('showNewButton', true);
}
// show currently selected mail folder
$this->folderNav($folder);
// show the overview
$offset = 0;
if (isset($_GET['i'])) {
$offset = intval($_GET['i']);
}
// It is arguably a PDO bug, but LIMIT and OFFSET values require named
// parameters rather than the simple use of '?' in the SQL statement.
// get the list of private messages to be displayed (+1 one hidden due to next button)
// userid requirement ensures user only sees the messages he's allowed to
$query = $db->prepare('SELECT `id`,`author_id`,`subject`,`timestamp`,`folder`,`msg_status`,' . ' IF(`pmsystem_msg_storage`.`author_id`<>0,' . ' (SELECT `name` FROM `users` WHERE `id`=`author_id`),:author) AS `author`' . ' FROM `pmsystem_msg_storage`, `pmsystem_msg_users`' . ' WHERE `pmsystem_msg_users`.`userid`=:userid' . ' AND `pmsystem_msg_storage`.`id`=`pmsystem_msg_users`.`msgid`' . ' AND `folder`=:folder' . ' ORDER BY `pmsystem_msg_storage`.`id` DESC' . ' LIMIT :limit OFFSET :offset');
$params = array();
$params[':author'] = array($config->getValue('displayedSystemUsername'), PDO::PARAM_STR);
$params[':userid'] = array(user::getCurrentUserId(), PDO::PARAM_INT);
$params[':folder'] = array($folder, PDO::PARAM_STR);
$params[':limit'] = array($max_per_page + 1, PDO::PARAM_INT);
$params[':offset'] = array($offset, PDO::PARAM_INT);
$db->execute($query, $params);
$rows = $db->fetchAll($query);
$db->free($query);
$n = count($rows);
// last row is only a lookup row
// to find out whether to display next messages button
$showNextMSGButton = false;
if ($n > $max_per_page) {
$n = $max_per_page;
$showNextMSGButton = true;
}
// prepare recipients queries outside of the loop
$usersQuery = $db->prepare('SELECT `userid`,`name`' . ' FROM `pmsystem_msg_recipients_users` LEFT JOIN `users`' . ' ON `pmsystem_msg_recipients_users`.`userid`=`users`.`id`' . ' WHERE `msgid`=?');
$teamsQuery = $db->prepare('SELECT `teamid`,`name`' . ' FROM `pmsystem_msg_recipients_teams` LEFT JOIN `teams`' . ' ON `pmsystem_msg_recipients_teams`.`teamid`=`teams`.`id`' . ' WHERE `msgid`=?');
$messages = array();
for ($i = 0; $i < $n; $i++) {
// only set up a link to user profile if user has no reserved id
// 0 is an internal system user that shares its id with not logged-in users
if (intval($rows[$i]['author_id']) > 0) {
$messages[$i]['userProfile'] = $config->getValue('baseaddress') . 'Players/?profile=' . $rows[$i]['author_id'];
}
$messages[$i]['userName'] = $rows[$i]['author'];
if (strcmp($rows[$i]['msg_status'], 'new') === 0) {
$messages[$i]['unread'] = true;
}
if (strcmp($folder, 'inbox') !== 0) {
$messages[$i]['link'] = '?view=' . $rows[$i]['id'] . '&folder=' . $folder;
} else {
$messages[$i]['link'] = '?view=' . $rows[$i]['id'];
}
$messages[$i]['subject'] = $rows[$i]['subject'];
$messages[$i]['time'] = $rows[$i]['timestamp'];
// collect recipient list
$users = array();
$db->execute($usersQuery, $rows[$i]['id']);
while ($row = $db->fetchRow($usersQuery)) {
$users[] = array('id' => $row['userid'], 'name' => $row['name'], 'link' => '../Players/?profile=' . $row['userid']);
}
$db->free($usersQuery);
$teams = array();
$db->execute($teamsQuery, $rows[$i]['id']);
while ($row = $db->fetchRow($teamsQuery)) {
$teams[] = array('id' => $row['teamid'], 'name' => $row['name'], 'link' => '../Teams/?profile=' . $row['teamid']);
}
$db->free($teamsQuery);
$messages[$i]['recipients'] = array('users' => $users, 'teams' => $teams);
}
$tmpl->assign('messages', $messages);
if ($offset > 0 || $showNextMSGButton) {
if ($offset > 0) {
// show previous messages
$tmpl->assign('offsetPrev', $offset - $max_per_page);
}
if ($showNextMSGButton) {
// show next messages
$tmpl->assign('offsetNext', $offset + $max_per_page);
}
}
}
public function display($file = '', $cache_id = null, $compile_id = null, $parent = null)
{
global $user;
global $config;
if (strlen($file) > 0) {
$this->setTemplate($file);
}
// build menu
$this->buildMenu();
// certain templates need special headers
switch ($file) {
case '404':
header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
break;
}
// add userid to prevent cached output being served to other users
if ($cache_id === null) {
$cache_id = user::getCurrentUserId();
}
if ($compile_id === null) {
$compile_id = $config->getValue('basepath') . ', theme ' . $user->getTheme() . ', lang en';
}
// code disabled because multi line problem in input type="hidden" does not work with xhtml header
/*
// serve xhtml with MIME-type application/xhtml+xml to trigger XML parser
// caution needed because ie (that can hardly be called a browser)
// indicates support for application/xhtml+xml but ie fails to actually provide
// nevertheless it's still a good idea for debugging because
// an XML parser is a lot simpler and has no error correction -> speed :)
// TODO: needs digging into http://tools.ietf.org/html/rfc2616#section-14.1
if ($config->getValue('useXhtml') && !$config->getValue('debugSQL')
&& isset($_SERVER['HTTP_ACCEPT'])
&& !strstr($_SERVER['HTTP_ACCEPT'], 'application/xhtml+xml,q=0')
&& strstr($_SERVER['HTTP_ACCEPT'], 'application/xhtml+xml'))
{
header('Content-type: application/xhtml+xml; charset=utf-8');
header('Cache-Control: private');
}
*/
parent::display($this->templateFile, user::getCurrentUserId(), $compile_id, $parent);
return true;
}
function __construct()
{
global $tmplHelper;
global $config;
global $tmpl;
global $user;
global $db;
// site config information
include dirname(__FILE__) . '/classes/config.php';
$config = new config();
// setup session if no session exists and sessions are enabled
if (session_status() === PHP_SESSION_NONE) {
ini_set('session.use_trans_sid', 0);
ini_set('session.name', 'SID');
ini_set('session.gc_maxlifetime', '7200');
ini_set('session.cookie_path', $config->getValue('basepath'));
session_start();
}
// set the date and time
// suppress warning on invalid value to keep output well-formed
if (@date_default_timezone_set($config->getValue('timezone')) === false) {
// fallback to UTC if supplied config value is invalid
date_default_timezone_set('UTC');
}
// database connectivity
include dirname(__FILE__) . '/classes/db.php';
$db = new database();
// user information
require dirname(__FILE__) . '/classes/user.php';
$user = new user(user::getCurrentUserId());
// countries
require dirname(__FILE__) . '/classes/country.php';
// user invitations
require dirname(__FILE__) . '/classes/invitation.php';
// private messages
require dirname(__FILE__) . '/classes/pm.php';
// template builder
require dirname(__FILE__) . '/classes/tmpl.php';
$tmpl = new tmpl();
// session fixation protection
if (!isset($_SESSION['creationTime'])) {
$_SESSION['creationTime'] = time();
} else {
// invalidate old session
// default: 15 minutes (60*15)
$sessionRegenTime = $config->getValue('sessionRegenTime') ? $config->getValue('sessionRegenTime') : 60 * 15;
if (time() - $_SESSION['creationTime'] > 60 * 15) {
// session creationTime older than $sessionRegenTime
// force regenerate SID, invalidate old id
session_regenerate_id(true);
// update timestamp
$_SESSION['creationTime'] = time();
}
}
// logout inactive users
// default: 2 hours (60*60*2)
$sessionExpiryTime = $config->getValue('logoutUserAfterXSecondsInactive') ? $config->getValue('logoutUserAfterXSecondsInactive') : 60 * 60 * 2;
if (isset($_SESSION['lastActivity']) && time() - $_SESSION['lastActivity'] > $sessionExpiryTime) {
// last access older than $sessionExpiryTime
$user->logout();
}
$_SESSION['lastActivity'] = time();
}