<?php require '../config/classes.php'; $class = new user_panel(); $admin_name = mysqli_real_escape_string($class->conexion(), $_POST['admin_name']); $topic = mysqli_real_escape_string($class->conexion(), $_POST['topic']); $type = mysqli_real_escape_string($class->conexion(), $_POST['type']); $msghtml = $_POST['msghtml']; $patch = '../messages/msg_' . substr(sha1(rand(1, 999)), 0, -30) . '.txt'; $date = date("Y-m-d H:i:s"); $sql = mysqli_query($class->conexion(), "INSERT INTO account.messages (text_src,type,admin_name,topic,datef) VALUES ('" . $patch . "','" . $type . "','" . $admin_name . "','" . $topic . "','" . $date . "')"); if ($sql) { $file = fopen($patch, "w"); fwrite($file, $msghtml); fclose($file); return true; } else { return false; }
<?php session_start(); require "../config/classes.php"; $class = new user_panel(); $msg_id = mysqli_real_escape_string($class->conexion(), $_GET['id']); $sql = mysqli_query($class->conexion(), "SELECT * FROM account.messages WHERE id='" . $msg_id . "'"); $rows = mysqli_fetch_array($sql, MYSQLI_ASSOC); ?> <br> <div class="well" style="width:90%; margin-left:5%;"> <?php $class->update_msg($_SESSION['id']); $file = fopen("" . $rows['text_src'] . "", "r"); while (!feof($file)) { echo fgets($file); } fclose($file); ?> </div>
<?php session_start(); require '../config/classes.php'; $class = new user_panel(); $vnum = mysqli_real_escape_string($class->conexion(), $_GET['id']); /// CAPTURAR IP DEL USUARIO $ip = $_SERVER['REMOTE_ADDR']; ///////////////////////////// /// CHECKEAR QUE EL ITEM ESTE DENTRO DE LA TABLA DE ITEMS EN VENTA $check = mysqli_query($class->conexion(), "SELECT classid,prices,count,rebate from player.item_proto_shop WHERE vnum='" . $vnum . "'"); $rows = mysqli_fetch_array($check, MYSQLI_ASSOC); if ($rows['classid']) { $arr_pos = array(45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45, 45); $exec = mysqli_query($class->conexion(), "SELECT pos,vnum from player.item WHERE owner_id='" . $_SESSION['id'] . "' and window='MALL' order by pos asc"); if ($exec) { while ($rs = mysqli_fetch_array($exec, MYSQLI_ASSOC)) { $fg = mysqli_query($class->conexion(), "SELECT size from player.item_proto where vnum='" . $rs['vnum'] . "'"); $size = mysqli_fetch_array($fg, MYSQLI_ASSOC); for ($k = $size['size']; $k > 0; $k--) { $x = $rs["pos"] + ($size['size'] - $k) * 5; $arr_pos[$x] = $x; } } $arr_i = 0; $guj = mysqli_query($class->conexion(), "SELECT count(id) as count FROM player.item WHERE owner_id='" . $_SESSION['id'] . "'"); $rf = mysqli_fetch_array($guj, MYSQLI_ASSOC); if ($rf['count']) { $pos = 45; } else { $pos = 0;
<?php require "../config/classes.php"; $class = new user_panel(); $idcat = mysqli_real_escape_string($class->conexion(), $_GET['idcat']); ?> <style type="text/css"> table .titulo { padding: 5px; margin: 0px; color:#6E6E6E; text-decoration: underline; font-size:12px; } table .description { padding: 5px; font-size:11px; } </style> <div class="table-responsive" style="width:100%;"> <table width="100%" class="table table-condensed"> <tbody> <?php $class->get_items($idcat); ?> </tbody> </table> </div>
<?php session_start(); require "../config/classes.php"; $class = new user_panel(); $email = mysqli_real_escape_string($class->conexion(), $_POST['email']); if ($_SESSION['login']) { $class->newpass($_SESSION['email']); }
<?php session_start(); require "../config/classes.php"; $mysql = new user_panel(); $oldpass = mysqli_real_escape_string($mysql->conexion(), $_POST['oldpass']); $newpass = mysqli_real_escape_string($mysql->conexion(), $_POST['newpass']); $token = mysqli_real_escape_string($mysql->conexion(), $_POST['token']); $mysql->updatepass($oldpass, $newpass, $token);
<?php session_start(); require "../config/classes.php"; $move = new user_panel(); $pid = mysqli_real_escape_string($move->conexion(), $_POST['pid']); if ($_SESSION['login']) { $move->desbloq($pid); }