function admin_cms_edit($id) { global $db; ob_end_clean(); $db->setMode(0); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['cms']['edit'] or @$_SESSION['rights']['superadmin']) { $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $head = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'eadline_')) { $head[substr($key, strpos($key, '_') + 1)] = $value; } } if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_cms SET `headline` = \'%s\', `content` = \'%s\', `access` = \'%s\' WHERE cmsID = %d', strsave(json_encode($head)), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id))) { echo 'ok'; } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function shoutbox_add() { global $db; if (isset($_GET['ajax'])) { $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); } $last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="shoutbox" AND (IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\' OR (userID != 0 AND userID = ' . @(int) $_SESSION['userID'] . '))'); if (!@$_SESSION['userID'] and $_POST['shout_username'] == '' and $_POST['shout_captcha'] == '' and $_POST['shoutbox_msgbox'] == '') { if (isset($_GET['ajax'])) { echo html_ajax_convert(NOT_NEED_ALL_INPUTS); } else { table(ERROR, NOT_NEED_ALL_INPUTS); } } elseif (!@$_SESSION['userID'] and strtolower($_POST['shout_captcha']) != strtolower($_SESSION['captcha_mini'])) { if (isset($_GET['ajax'])) { echo html_ajax_convert(CAPTCHA_WRONG); } else { table(ERROR, CAPTCHA_WRONG); } } elseif (@$_SESSION['userID'] and $_POST['shoutbox_msgbox'] == '') { if (isset($_GET['ajax'])) { echo html_ajax_convert(NOT_NEED_ALL_INPUTS); } else { table(ERROR, NOT_NEED_ALL_INPUTS); } } elseif ($last > time() - SPAM_SHOUTBOX or @(int) $_COOKIE['shoutbox'] > time() - SPAM_SHOUTBOX) { $last > time() - SPAM_SHOUTBOX ? $zeit = SPAM_SHOUTBOX + $last - time() : ($zeit = SPAM_SHOUTBOX + $_COOKIE['shoutbox'] - time()); if (isset($_GET['ajax'])) { echo html_ajax_convert(str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG)); } else { table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG)); } } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `userID`, `author`, `beitrag`, `datum`, `IP`) VALUES (\'shoutbox\', %d, \'%s\', \'%s\', %d, \'%s\')', @$_SESSION['userID'], strsave(htmlspecialchars(@$_POST['shout_username'])), strsave(htmlspecialchars(substr($_POST['shoutbox_msgbox'], 0, SHOUTBOX_MAX_CHARS))), time(), strsave($_SERVER['REMOTE_ADDR'])); if ($db->query($sql)) { setcookie('shoutbox', time(), time() + 365 * 86400); if (isset($_GET['ajax'])) { echo 'ok'; } else { if ($_SERVER['HTTP_REFERER'] != '') { header('Location: ' . $_SERVER['HTTP_REFERER'] . '#com_' . $db->last_id()); } else { header1('?section=news#com_' . $db->last_id()); } } } } if (isset($_GET['ajax'])) { die; } }
function admin_topics_edit($id) { global $db; ob_end_clean(); $db->setMode(0); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['topics']['edit'] or @$_SESSION['rights']['superadmin']) { if ($_POST['topicname'] == '' or !$_POST['topicbild']) { echo NOT_NEED_ALL_INPUTS; } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_topics SET `topicname` = \'%s\', `beschreibung` = \'%s\', `topicbild` = \'%s\' WHERE tID = %d', strsave($_POST['topicname']), strsave($_POST['beschreibung']), strsave($_POST['topicbild']), $id))) { echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_links_edit($id) { ob_end_clean(); global $db; if (!isset($_SESSION['rights']['admin']['links']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if ($_POST['name'] == '' or $_POST['url'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $db->setMode(0); ajax_convert_array($_POST); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_links SET `name` = \'%s\', `url` = \'%s\', `bannerurl` = \'%s\', `beschreibung` = \'%s\', `hits` = %d WHERE linkID = %d', strsave($_POST['name']), strsave(check_url($_POST['url'])), strsave(check_url($_POST['bannerurl'])), strsave($_POST['beschreibung']), (int) $_POST['hits'], $id); if ($db->query($sql)) { echo 'ok'; } } } die; }
function admin_matchtype_edit($id) { global $db; $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['clanwars']['matchtype_edit'] or @$_SESSION['rights']['superadmin']) { if ($_POST['name'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_matchtype SET `matchtypename` = \'%s\', `fightus` = %d WHERE matchtypeID= %d', strsave($_POST['name']), (int) @$_POST['fightus'], $id); if ($db->query($sql)) { echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_server_edit($id) { ob_end_clean(); global $db; ajax_convert_array($_POST); if (!isset($_SESSION['rights']['admin']['server']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if ($_POST['ip'] == '' or $_POST['port'] == '' or $_POST['gametype'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $db->setMode(0); list($_POST['port'], $_POST['queryport'], $_POST['sport']) = lgsl_port_conversion($_POST['gametype'], $_POST['port'], $_POST['queryport'], $_POST['sport']); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_server SET `gamename` = \'%s\', `gametype` = \'%s\', `passwort` = \'%s\', `displaymenu` = %d, `ip` = \'%s\', `port` = %d, `queryport` = %d, `sport` = %d, `stat` = %d WHERE serverID = %d', strsave(@$_POST['gamename']), strsave($_POST['gametype']), strsave(@$_POST['passwort']), (int) @$_POST['displaymenu'], strsave($_POST['ip']), (int) $_POST['port'], (int) $_POST['queryport'] == 0 ? (int) $_POST['port'] : (int) $_POST['queryport'], (int) $_POST['sport'], (int) @$_POST['stat'], $id); if ($db->query($sql)) { echo 'ok'; } } } die; }
function admin_survey_edit($id) { ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['awards']['edit'] or @$_SESSION['rights']['superadmin']) { global $db; $db->setMode(0); if ($_POST['frage'] == '' or !strtotime($_POST['start']) or !strtotime($_POST['ende']) or $_POST['sperre'] == '' or (int) $_POST['antworten'] < 1 or !count($_POST['rights']) or count($_POST) < 8) { echo NOT_NEED_ALL_INPUTS; } elseif (strtotime($_POST['ende']) < strtotime($_POST['start'])) { echo SURVEY_START_BIG_END; } else { if (in_array('all', $_POST['rights'])) { $rights = ''; } else { $rights = ','; foreach ($_POST['rights'] as $key) { $rights .= (int) $key . ','; } } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_survey SET `start` = %d, `ende` = %d, `frage` = \'%s\', `antworten` =%d, `sperre` = %d, `access` = \'%s\' WHERE surveyID = %d', strtotime($_POST['start']), strtotime($_POST['ende']), strsave($_POST['frage']), (int) $_POST['antworten'], (int) $_POST['sperre'] * (int) $_POST['multi'], strsave($rights), $id); if ($db->query($sql)) { foreach ($_POST as $key => $value) { if (strpos($key, 'answer_') !== false and $value != '') { if (strpos($key, '_old_')) { $nr = substr($key, 11); $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_survey_answers SET `answer` = \'%s\', votes = %d WHERE sID = %d AND answerID = %d', strsave($value), (int) $_POST['votes_' . $nr], $id, (int) $nr)); } else { $db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_survey_answers (`sID`, `answer`) VALUES (%d, \'%s\')', $id, strsave($value))); } } } echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_calendar_add() { global $db; ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['calendar']['add'] or @$_SESSION['rights']['superadmin']) { $db->setMode(0); $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_calendar (`eventname`, `inhalt`, `access`, `datum`, `userID`) VALUES (\'%s\', \'%s\', \'%s\', %d, %d)', strsave($_POST['eventname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), strtotime($_POST['datum']), $_SESSION['userID']))) { echo 'ok'; } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_awards_edit($id) { global $db; ob_end_clean(); $db->setMode(0); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['awards']['edit'] or @$_SESSION['rights']['superadmin']) { if ($_POST['eventname'] == '' or !strtotime($_POST['eventdatum']) or !$_POST['platz'] or !$_POST['teamID'] or !$_POST['gID'] or !$_POST['spieler']) { echo NOT_NEED_ALL_INPUTS; } else { $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $players = ','; $play = explode(',', $_POST['spieler']); foreach ($play as $value) { $value = trim($value); if ($value) { $userid = @$db->result(DB_PRE . 'ecp_user', 'ID', 'username = \'' . strsave($value) . '\''); if ($userid) { $players .= $userid . ','; } } } if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_awards SET `eventname` = \'%s\', `eventdatum` = %d, `url` = \'%s\', `platz` = \'%s\', `teamID` = %d, `gID` = %d, `preis` = \'%s\', `bericht` = \'%s\', `spieler` = \'%s\' WHERE awardID = %d', strsave($_POST['eventname']), strtotime($_POST['eventdatum']), strsave(check_url($_POST['url'])), (int) $_POST['platz'], (int) $_POST['teamID'], (int) $_POST['gID'], strsave($_POST['preis']), strsave(json_encode($lang)), @$players, $id))) { echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
function admin_smilies_edit($id) { ob_end_clean(); global $db; if (!isset($_SESSION['rights']['admin']['smilies']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { $db->setMode(0); ajax_convert_array($_POST); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_smilies SET `bedeutung` = \'%s\'WHERE ID = %d', strsave($_POST['bedeutung']), $id); if ($db->query($sql)) { echo 'ok'; } } die; }
function admin_downloads_kate_edit($id) { global $db; ob_end_clean(); ajax_convert_array($_POST); if ($_POST['kname'] == '') { echo NOT_NEED_ALL_INPUTS; } else { $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_downloads_kate SET `subkID` = %d, `kname` = \'%s\', `beschreibung` = \'%s\', `access` = \'%s\' WHERE kID = %d', (int) $_POST['subID'], strsave($_POST['kname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id); $db->setMode(0); if ($db->query($sql)) { echo 'ok'; } } die; }
function admin_gallery_edit($id) { global $db; $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); if (!isset($_SESSION['rights']['admin']['gallery']['edit']) and !isset($_SESSION['rights']['superadmin'])) { table(ERROR, NO_ADMIN_RIGHTS); } else { if ($_POST['name'] == '' or !$_POST['folder'] or !$_POST['cID']) { echo NOT_NEED_ALL_INPUTS; } else { $old = $db->result(DB_PRE . 'ecp_gallery', 'cID', 'galleryID = ' . $id); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_gallery SET `name` = \'%s\', `folder` = \'%s\', `cID` = %d, `access` = \'%s\' WHERE galleryID = %d', strsave($_POST['name']), strsave($_POST['folder']), (int) $_POST['cID'], strsave(admin_make_rights($_POST['access'])), $id); if ($db->query($sql)) { echo 'ok'; if ($_POST['cID'] != $old) { $db->query('UPDATE ' . DB_PRE . 'ecp_gallery_kate SET galleries = galleries +1 WHERE kateID =' . (int) $_POST['cID']); $db->query('UPDATE ' . DB_PRE . 'ecp_gallery_kate SET galleries = galleries -1 WHERE kateID =' . $old); } } } } die; }
function ajax_convert_array(&$var) { if (is_string($var)) { $var = ajax_html_convert($var); } else { if (is_array($var)) { foreach ($var as $key => $value) { ajax_convert_array($var[$key]); } } } }
function admin_ranks_edit($id) { ob_end_clean(); global $db; if (!isset($_SESSION['rights']['admin']['ranks']['edit']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { $db->setMode(0); ajax_convert_array($_POST); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_ranks SET `rankname` = \'%s\',`abposts` = %d,`fest` = %d, money = %f WHERE rankID = %d', strsave($_POST['rankname']), (int) @$_POST['abposts'], (int) @$_POST['fest'], (double) str_replace(',', '.', @$_POST['money']), $id); if ($db->query($sql)) { echo 'ok'; update_all_ranks(); } } die; }
function teams_edit_member($id, $uid) { ob_end_clean(); global $db; $db->setMode(0); ajax_convert_array($_POST); if (!isset($_SESSION['rights']['admin']['teams']['edit_member']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_members SET `name` = \'%s\', `aufgabe` = \'%s\', `aktiv` = %d WHERE teamID = %d AND userID = %d', strsave($_POST['username']), strsave($_POST['task']), (int) @$_POST['aktiv'], $id, $uid))) { echo 'ok'; } } die; }
function admin_games_map_edit($id) { global $db; $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); if (@$_SESSION['rights']['admin']['clanwars']['maps_edit'] or @$_SESSION['rights']['superadmin']) { if ($_POST['name'] == '' or !$_POST['gameid']) { echo NOT_NEED_ALL_INPUTS; } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_locations SET locationname = \'%s\', gID = %d WHERE locationID = %d', strsave($_POST['name']), $_POST['gameid'], $id))) { echo 'ok'; } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } die; }
session_start(); //ob_start(); require 'inc/smarty/Smarty.class.php'; require 'inc/db.daten.php'; require 'inc/classes.php'; require 'inc/constant.php'; $db->setMode(0); if (count($_SESSION) == 0) { $_SESSION = unserialize($db->result(DB_PRE . 'ecp_online', 'SIDDATA', 'SID = \'' . session_id() . '\' AND uID != 0')); } require 'inc/functions.php'; require 'inc/language/' . LANGUAGE . '.php'; require 'inc/checks.php'; require 'templates/' . DESIGN . '/design.php'; ajax_convert_array($_POST); ajax_convert_array($_FILES); switch (@$_GET['func']) { case 'check_username': if (isset($_GET['mode'])) { echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID != ' . (int) $_SESSION['userID'] . ' AND username = "******"'); } else { echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"'); } break; case 'check_email': if (isset($_GET['mode'])) { echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID != ' . (int) $_SESSION['userID'] . ' AND email = "' . strsave($_GET['email']) . '"'); } else { echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_GET['email']) . '"'); } break;