function edit_motd(&$sqlm) { global $output, $lang_motd, $lang_global, $realm_id, $mmfpm_db, $action_permission; valid_login($action_permission['update']); $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (empty($_GET['id'])) { redirect('motd.php?error=1'); } $id = $sqlm->quote_smart($_GET['id']); if (is_numeric($id)) { } else { redirect('motd.php?error=1'); } $msg = $sqlm->result($sqlm->query('SELECT content FROM mm_motd WHERE id = ' . $id . ''), 0); $output .= ' <center> <form action="motd.php?action=do_edit_motd" method="post" name="form"> <input type="hidden" name="id" value="' . $id . '" /> <table class="top_hidden"> <tr> <td colspan="3">'; unset($id); bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td colspan="3"> <textarea id="msg" name="msg" rows="26" cols="97">' . $msg . '</textarea> </td> </tr> <tr> <td>' . $lang_motd['post_rules'] . '</td> <td>'; unset($msg); makebutton($lang_motd['post_motd'], 'javascript:do_submit()" type="wrn', 230); $output .= ' </td> <td>'; makebutton($lang_global['back'], 'javascript:window.history.back()" type="def', 130); $output .= ' </td> </tr> </table> </form> <br /> </center>'; }
function forum_add_topic(&$sqlm) { global $enablesidecheck, $forum_lang, $forum_skeleton, $maxqueries, $minfloodtime, $user_lvl, $user_id, $output, $mmfpm_db; if ($enablesidecheck) { $side = get_side(); } // Better to use it here instead of call it many time in the loop :) $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if ($minfloodtime > 0) { $userposts = $sqlm->query(' SELECT time FROM mm_forum_posts WHERE authorid = ' . $user_id . ' ORDER BY id DESC LIMIT 1'); if ($sqlm->num_rows($userposts) != 0) { $mintimeb4post = $sqlm->fetch_assoc($userposts); $mintimeb4post = time() - strtotime($mintimeb4post['time']); if ($mintimeb4post < $minfloodtime) { error($forum_lang["please_wait"]); } } } //==========================$_GET and SECURE================================= if (!isset($_GET["id"])) { error($forum_lang['no_such_forum']); } else { $id = $sqlm->quote_smart($_GET['id']); } //==========================$_GET and SECURE end============================= $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category['forums'] as $fid => $forum) { if ($fid == $id) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]['forums'][$id])) { error($forum_lang['no_such_forum']); } $forum = $forum_skeleton[$cat]['forums'][$id]; if ($forum_skeleton[$cat]['level_post_topic'] > $user_lvl || $forum['level_post_topic'] > $user_lvl) { error($forum_lang['no_access']); } if ($user_lvl == 0 && $enablesidecheck) { if ($forum_skeleton[$cat]['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum_skeleton[$cat]['side_access'] != $side) { // Forumside different of the user side continue; } } } if ($forum['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum['side_access'] != $side) { // Forumside different of the user side continue; } } } } $output .= ' <div class="top"> <h1>' . $forum_lang['forums'] . '</h1> </div> <center> <fieldset> <legend> <a href="forum.php">' . $forum_lang['forum_index'] . '</a> -> <a href="forum.php?action=view_forum&id=' . $id . '">' . $forum['name'] . '</a> -> ' . $forum_lang["new_topic"] . ' </legend>'; $output .= ' <form action="forum.php?action=do_add_topic" method="POST" name="form"> <table class="lined"> <tr> <td align="left">' . $forum_lang['topic_name'] . ': <input name="name" SIZE="40"> </td> </tr>'; $output .= ' <tr> <td align="left" colspan="3">'; bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td colspan="3"> <TEXTAREA ID="msg" NAME="msg" ROWS=8 COLS=93></TEXTAREA><br/> <input type="hidden" name="forum" value="' . $id . '"> </td> </tr> <tr> <td align="left">'; makebutton($forum_lang['post'], "javascript:do_submit()", 100); $output .= ' </td> </tr> </table> </form> </fieldset>'; $output .= ' </center> <br/>'; $sqlm->close(); // Queries : 1 }
function edit_user() { global $output, $dbc_db, $corem_db, $logon_db, $characters_db, $corem_db, $realm_id, $invite_only, $timezone_offset, $user_name, $user_id, $expansion_select, $server, $developer_test_mode, $multi_realm_mode, $remember_me_checked, $achievement_point_points, $achievement_point_credits, $credits_fractional, $sql, $core; $refguid = $sql["mgr"]->result($sql["mgr"]->query("SELECT InvitedBy FROM point_system_invites WHERE PlayersAccount='" . $user_id . "'"), 0, 'InvitedBy'); $referred_by = $sql["char"]->result($sql["char"]->query("SELECT name FROM characters WHERE guid='" . $refguid . "'"), 0, 'name'); unset($refguid); if ($core == 1) { $query = "SELECT email, flags, lastip FROM accounts WHERE login='******'"; } else { $query = "SELECT email, expansion AS flags, last_ip AS lastip FROM account WHERE username='******'"; } if ($acc = $sql["logon"]->fetch_assoc($sql["logon"]->query($query))) { // if we have a screen name, we need to use it $screen_name_query = "SELECT *,\n SUBSTRING_INDEX(SUBSTRING_INDEX(Avatar, ' ', 1), ' ', -1) AS avatarsex,\n SUBSTRING_INDEX(SUBSTRING_INDEX(Avatar, ' ', 2), ' ', -1) AS avatarrace,\n SUBSTRING_INDEX(SUBSTRING_INDEX(Avatar, ' ', 3), ' ', -1) AS avatarclass,\n SUBSTRING_INDEX(SUBSTRING_INDEX(Avatar, ' ', 4), ' ', -1) AS avatarlevel\n FROM config_accounts WHERE Login='******'"; $screen_name = $sql["mgr"]->query($screen_name_query); $screen_name = $sql["mgr"]->fetch_assoc($screen_name); if ($screen_name["SecurityLevel"] >= 1073741824) { $screen_name["SecurityLevel"] -= 1073741824; } // ArcEmu: find out if we're using an encrypted password for this account if ($core == 1) { $pass_query = "SELECT * FROM accounts WHERE login='******' AND encrypted_password<>''"; $pass_result = $sql["logon"]->query($pass_query); $arc_encrypted = $sql["logon"]->num_rows($pass_result); } $output .= ' <script type="text/javascript" src="libs/js/sha1.js"></script> <script type="text/javascript"> // <![CDATA[ function do_submit_data () { var myForm = document.getElementById("form")'; if ($core == 1) { if ($arc_encrypted) { $output .= ' myForm.pass.value = hex_sha1("' . strtoupper($user_name) . ':" + myForm.user_pass.value.toUpperCase());'; } else { $output .= ' myForm.pass.value = myForm.user_pass.value;'; } } else { $output .= ' myForm.pass.value = hex_sha1("' . strtoupper($user_name) . ':" + myForm.user_pass.value.toUpperCase());'; } $output .= ' myForm.pass.value = myForm.pass.value.toUpperCase(); do_submit(); } // ]]> </script> <div id="edit_fieldset" class="fieldset_border center"> <span class="legend">' . lang("edit", "edit_acc") . '</span> <form method="post" action="edit.php?action=doedit_user" id="form"> <div> <input type="hidden" name="pass" value="" maxlength="256" /> </div> <table class="flat" id="edit_fieldset_table"> <tr> <td>' . lang("edit", "id") . ':</td> <td colspan="2">' . htmlspecialchars($user_id) . '</td> </tr> <tr> <td>' . lang("edit", "username") . ':</td> <td colspan="2">' . htmlspecialchars($user_name) . '</td> </tr>'; if (!$screen_name["ScreenName"]) { $output .= ' <tr> <td>' . lang("edit", "screenname") . ':</td> <td colspan="2"><input type="text" name="screenname" size="42" maxlength="14" /></td> </tr>'; } else { $output .= ' <tr> <td>' . lang("edit", "screenname") . ':</td> <td colspan="2">' . htmlspecialchars($screen_name["ScreenName"]) . '</td> </tr>'; } $output .= ' <tr> <td>' . lang("edit", "password") . ':</td> <td colspan="2"> <input type="text" name="user_pass" size="39" maxlength="40" value="******" /> <img src="img/information.png" onmousemove="oldtoolTip(\'' . lang("edit", "pass_warning") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> </td> </tr> <tr> <td>' . lang("edit", "mail") . ':</td>'; if ($screen_name["TempEmail"]) { $output .= ' <td colspan="2"> <a href="edit.php?action=cancel_email_change" > <img src="img/aff_warn.gif" onmousemove="oldtoolTip(\'' . lang("edit", "email_changed") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> </a> <input type="text" name="mail" size="39" maxlength="225" value="' . $acc["email"] . '" /> </td>'; } else { $output .= ' <td colspan="2"><input type="text" name="mail" size="42" maxlength="225" value="' . $acc["email"] . '" /></td>'; } $output .= ' </tr> <tr> <td>' . lang("edit", "invited_by") . ':</td> <td colspan="2">'; if ($referred_by == NULL) { $output .= ' <input type="text" name="referredby" size="20" maxlength="12" value="' . $referred_by . '" /> (' . lang("user", "charname") . ')'; } else { $output .= ' ' . htmlspecialchars($referred_by) . ''; } $output .= ' </td> </tr> <tr> <td>' . lang("edit", "gm_level") . ':</td> <td colspan="2">' . id_get_gm_level($screen_name["SecurityLevel"]) . ' ( ' . $screen_name["SecurityLevel"] . ' )</td> </tr> <tr> <td>' . lang("edit", "last_ip") . ':</td> <td colspan="2">' . htmlspecialchars($acc["lastip"]) . '</td> </tr>'; if ($expansion_select) { if ($core == 1) { $output .= ' <tr> <td>' . lang("edit", "client_type") . ':</td> <td colspan="2"> <select name="expansion"> <option value="24" ' . ($acc["flags"] == 24 ? 'selected="selected"' : '') . '>' . lang("edit", "wotlktbc") . '</option> <option value="16" ' . ($acc["flags"] == 16 ? 'selected="selected"' : '') . '>' . lang("edit", "wotlk") . '</option> <option value="8" ' . ($acc["flags"] == 8 ? 'selected="selected"' : '') . '>' . lang("edit", "tbc") . '</option> <option value="0" ' . ($acc["flags"] == 0 ? 'selected="selected"' : '') . '>' . lang("edit", "classic") . '</option> </select> </td> </tr>'; } else { $output .= ' <tr> <td>' . lang("edit", "client_type") . ':</td> <td colspan="2"> <select name="expansion"> <option value="2" ' . ($acc["flags"] == 2 ? 'selected="selected"' : '') . '>' . lang("edit", "wotlktbc") . '</option> <option value="1" ' . ($acc["flags"] == 1 ? 'selected="selected"' : '') . '>' . lang("edit", "tbc") . '</option> <option value="0" ' . ($acc["flags"] == 0 ? 'selected="selected"' : '') . '>' . lang("edit", "classic") . '</option> </select> </td> </tr>'; } } $output .= ' <tr> <td>' . lang("edit", "credits") . ':</td> <td colspan="2">' . ($screen_name["Credits"] < 0 ? lang("edit", "unlimited") : (double) $screen_name["Credits"]) . '</td> </tr>'; foreach ($characters_db as $db) { $sqlt = new SQL(); $sqlt->connect($db["addr"], $db["user"], $db["pass"], $db["name"], $db["encoding"]); if ($core == 1) { $query = "SELECT COUNT(*) FROM characters WHERE acct='" . $user_id . "'"; } else { $query = "SELECT COUNT(*) FROM characters WHERE account='" . $user_id . "'"; } $result = $sqlt->query($query); $fields = $sqlt->fetch_assoc($result); $c_count += $fields["COUNT(*)"]; } $output .= ' <tr> <td>' . lang("edit", "tot_chars") . ':</td> <td colspan="2">' . $c_count . '</td> </tr>'; $total_achieve_points = 0; $realms = $sql["mgr"]->query("SELECT * FROM config_servers"); if (1 < $sql["mgr"]->num_rows($realms) && 1 < count($server) && 1 < count($characters_db)) { while ($realm = $sql["mgr"]->fetch_assoc($realms)) { $sql["char"]->connect($characters_db[$realm["Index"]]["addr"], $characters_db[$realm["Index"]]["user"], $characters_db[$realm["Index"]]["pass"], $characters_db[$realm["Index"]]["name"], $characters_db[$realm["Index"]]["encoding"]); if ($core == 1) { $result = $sql["char"]->query("SELECT guid, name, race, class, level, gender, timestamp,\n IFNULL((SELECT SUM(points) FROM character_achievement LEFT JOIN `" . $dbc_db["name"] . "`.achievement ON `" . $dbc_db["name"] . "`.achievement.id=character_achievement.achievement WHERE character_achievement.guid=characters.guid), 0) AS ach_points\n FROM characters WHERE acct='" . $user_id . "'"); } else { $result = $sql["char"]->query("SELECT guid, name, race, class, level, gender, logout_time AS timestamp,\n IFNULL((SELECT SUM(points) FROM character_achievement LEFT JOIN `" . $dbc_db["name"] . "`.achievement ON `" . $dbc_db["name"] . "`.achievement.id=character_achievement.achievement WHERE character_achievement.guid=characters.guid), 0) AS ach_points\n FROM characters WHERE account='" . $user_id . "'"); } // calculate timezone offset $time_offset = $timezone_offset * 3600; $output .= ' <tr> <td colspan="3"> </td> </tr> <tr> <td colspan="3">' . lang("index", "realm") . ': ' . $realm["Name"] . '</td> </tr> <tr> <td>' . lang("edit", "characters") . ':</td> <td>' . $sql["char"]->num_rows($result) . '</td> </tr>'; while ($char = $sql["char"]->fetch_assoc($result)) { if ($char["timestamp"] != 0) { $lastseen = date("F j, Y @ Hi", $char["timestamp"] + $time_offset); } else { $lastseen = '-'; } // add this character's achievement points to our total $total_achieve_points += $char["ach_points"]; $output .= ' <tr> <td> \'---></td> <td> <a href="char.php?id=' . $char["guid"] . '&realm=' . $realm["Index"] . '">' . $char["name"] . '</a> - <img src="img/c_icons/' . $char["race"] . '-' . $char["gender"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_race_name($char["race"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> <img src="img/c_icons/' . $char["class"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_class_name($char["class"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> - ' . lang("char", "level_short") . char_get_level_color($char["level"]) . ' </td> <td>' . $lastseen . '</td> </tr>'; } } unset($realm); } else { if ($core == 1) { $result = $sql["char"]->query("SELECT guid, name, race, class, level, gender, timestamp,\n IFNULL((SELECT SUM(points) FROM character_achievement LEFT JOIN `" . $dbc_db["name"] . "`.achievement ON `" . $dbc_db["name"] . "`.achievement.id=character_achievement.achievement WHERE character_achievement.guid=characters.guid), 0) AS ach_points\n FROM characters WHERE acct='" . $user_id . "'"); } else { $result = $sql["char"]->query("SELECT guid, name, race, class, level, gender, logout_time AS timestamp,\n IFNULL((SELECT SUM(points) FROM character_achievement LEFT JOIN `" . $dbc_db["name"] . "`.achievement ON `" . $dbc_db["name"] . "`.achievement.id=character_achievement.achievement WHERE character_achievement.guid=characters.guid), 0) AS ach_points\n FROM characters WHERE account='" . $user_id . "'"); } // calculate timezone offset $time_offset = $timezone_offset * 3600; $output .= ' <!-- tr> <td>' . lang("edit", "characters") . ':</td> <td>' . $sql["char"]->num_rows($result) . '</td> </tr -->'; while ($char = $sql["char"]->fetch_assoc($result)) { if ($char["timestamp"] != 0) { $lastseen = date("F j, Y @ Hi", $char["timestamp"] + $time_offset); } else { $lastseen = '-'; } // add this character's achievement points to our total $total_achieve_points += $char["ach_points"]; $output .= ' <tr> <td> \'---></td> <td> <a href="char.php?id=' . $char["guid"] . '">' . $char["name"] . '</a> - <img src="img/c_icons/' . $char["race"] . '-' . $char["gender"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_race_name($char["race"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> <img src="img/c_icons/' . $char["class"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_class_name($char["class"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt=""/> - ' . lang("char", "level_short") . char_get_level_color($char["level"]) . ' </td> <td>' . $lastseen . '</td> </tr>'; } } unset($result); unset($realms); // Achievement Point to Credit conversion if ($achievement_point_credits && $screen_name["Credits"] >= 0) { $output .= ' <tr> <td colspan="3"> <hr /> </td> </tr> <tr> <td colspan="3"> <table> <tr> <td>' . lang("edit", "total_achieve_points") . ':</td> <td colspan="2"> <span>' . $total_achieve_points . '</span> </td> </tr> <tr> <td>' . lang("edit", "total_achieve_spent") . ':</td> <td colspan="2"> <span>' . $screen_name["AchievePointsSpent"] . '</span> </td> </tr> <tr> <td>' . lang("edit", "achieve_points_available") . ':</td> <td colspan="2"> <span>' . ($total_achieve_points - $screen_name["AchievePointsSpent"]) . '</span> <img src="img/information.png" style="position: relative; top: 4px;" onmousemove="oldtoolTip(\'' . lang("edit", "achieve_warning") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> </td> </tr>'; if ($credits_fractional) { $output .= ' <tr> <td>' . lang("edit", "points_to_credits") . ':</td> <td colspan="2"> <span>' . $achievement_point_credits / $achievement_point_points . ' ' . lang("edit", "credits") . '</span> </td> </tr>'; } else { $output .= ' <tr> <td>' . lang("edit", "points_to_credits") . ':</td> <td colspan="2"> <span>' . round($achievement_point_credits / $achievement_point_points) . ' ' . lang("edit", "credits") . '</span> <img src="img/information.png" style="position: relative; top: 4px;" onmousemove="oldtoolTip(\'' . lang("edit", "points_to_credits_round") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> </td> </tr>'; } $output .= ' <tr> <td>' . lang("edit", "points_to_spend") . ':</td> <td colspan="2">'; if ($total_achieve_points - $screen_name["AchievePointsSpent"] > 0) { $output .= ' <input type="text" name="points_to_spend" value="0" />'; } else { $output .= ' <div style="display: none;"> <input type="hidden" name="points_to_spend" value="0" /> </div> <span>' . lang("edit", "insufficient_funds") . '</span>'; } $output .= ' </td> </tr> </table> </td> </tr>'; } $override_remember_me = $_COOKIE["corem_override_remember_me"]; if (!isset($override_remember_me)) { $override_remember_me = 1; } if ($remember_me_checked) { $output .= ' <tr> <td>' . lang("edit", "override") . ':</td> <td><input type="checkbox" name="override" value="1" ' . ($override_remember_me ? 'checked="checked"' : '') . ' /> </tr>'; } $output .= ' <tr> <td>'; makebutton(lang("edit", "update"), 'javascript:do_submit_data()" type="wrn', 130); $output .= ' </td> <td colspan="2">'; makebutton(lang("global", "back"), 'javascript:window.history.back()" type="def', 130); $output .= ' </td> </tr> </table> </form> </div> <br /> <div id="edit_profile_fieldset" class="fieldset_border center"> <span class="legend">' . lang("edit", "profile_options") . '</span> <form action="edit.php" method="get" id="form3"> <div> <input type="hidden" name="action" value="profile_set" /> </div> <table class="hidden" id="edit_profile_table"> <tr> <td align="left" colspan="3">' . lang("edit", "profile_info") . '</td> </tr> <tr> <td align="left" colspan="3"> <textarea name="profileinfo" rows="6" cols="65">' . $screen_name["Info"] . '</textarea> </td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td align="left" colspan="3">' . lang("edit", "signature") . '</td> </tr> <tr> <td align="left" colspan="3">'; bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td align="left" colspan="3"> <textarea id="msg" name="signature" rows="6" cols="65">' . $screen_name["Signature"] . '</textarea> </td> </tr> <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td align="left" colspan="3">' . lang("edit", "prefavatar") . '</td> </tr>'; if ($screen_name["SecurityLevel"] == 0) { if ($screen_name["Avatar"] == '') { if ($core == 1) { $avatar_query = "SELECT acct, name, gender, race, class, level,\n (SELECT gm FROM `" . $logon_db["name"] . "`.accounts WHERE `" . $logon_db["name"] . "`.accounts.acct=`" . $characters_db[$realm_id]['name'] . "`.characters.acct) AS gmlevel,\n (SELECT login FROM `" . $logon_db["name"] . "`.accounts WHERE `" . $logon_db["name"] . "`.accounts.acct=`" . $characters_db[$realm_id]['name'] . "`.characters.acct) AS login\n FROM `" . $characters_db[$realm_id]['name'] . "`.characters\n WHERE level IN (SELECT MAX(level) FROM `" . $characters_db[$realm_id]['name'] . "`.characters WHERE acct='" . $user_id . "')"; } elseif ($core == 2) { $avatar_query = "SELECT account AS acct, name, gender, race, class, level,\n (SELECT gmlevel FROM `" . $logon_db["name"] . "`.account WHERE `" . $logon_db["name"] . "`.account.id=`" . $characters_db[$realm_id]['name'] . "`.characters.account) AS gmlevel,\n (SELECT username FROM `" . $logon_db["name"] . "`.account WHERE `" . $logon_db["name"] . "`.account.id=`" . $characters_db[$realm_id]['name'] . "`.characters.account) AS login\n FROM `" . $characters_db[$realm_id]['name'] . "`.characters\n WHERE level IN (SELECT MAX(level) FROM `" . $characters_db[$realm_id]['name'] . "`.characters WHERE account='" . $user_id . "') AND account='" . $user_id . "'"; } else { $avatar_query = "SELECT account AS acct, name, gender, race, class, level,\n (SELECT gmlevel FROM `" . $logon_db["name"] . "`.account_access WHERE `" . $logon_db["name"] . "`.account_access.id=`" . $characters_db[$realm_id]['name'] . "`.characters.account) AS gmlevel,\n (SELECT username FROM `" . $logon_db["name"] . "`.account WHERE `" . $logon_db["name"] . "`.account.id=`" . $characters_db[$realm_id]['name'] . "`.characters.account) AS login\n FROM `" . $characters_db[$realm_id]['name'] . "`.characters\n WHERE level IN (SELECT MAX(level) FROM `" . $characters_db[$realm_id]['name'] . "`.characters WHERE account='" . $user_id . "') AND account='" . $user_id . "'"; } $avatar_result = $sql["char"]->query($avatar_query); $avatar_fields = $sql["char"]->fetch_assoc($avatar_result); $avatar = gen_avatar_panel($avatar_fields["level"], $avatar_fields["gender"], $avatar_fields["race"], $avatar_fields["class"], 1, 0); $screen_name["avatarlevel"] = $avatar_fields["level"]; $screen_name["avatarrace"] = $avatar_fields["race"]; $screen_name["avatarclass"] = $avatar_fields["class"]; $screen_name["avatarsex"] = $avatar_fields["gender"]; } else { $avatar = gen_avatar_panel($screen_name["avatarlevel"], $screen_name["avatarsex"], $screen_name["avatarrace"], $screen_name["avatarclass"], 1, $screen_name["SecurityLevel"]); } $output .= ' <tr> <td id="forum_topic_avatar" rowspan="6"> <center>' . $avatar . '</center> </td> <tr> <td>' . lang("edit", "usedefault") . ':</td> <td><input type="checkbox" name="use_default" value="1" ' . ($screen_name["Avatar"] == '' ? 'checked="checked"' : '') . ' /> ' . lang("edit", "usedefaultinfo") . '</td> </tr> <td>' . lang("edit", "gender") . ':</td> <td> <select name="avatargender"> <option value="0" ' . ($screen_name["avatarsex"] == 0 ? 'selected="selected"' : '') . ' >' . lang("edit", "male") . '</option> <option value="1" ' . ($screen_name["avatarsex"] == 1 ? 'selected="selected"' : '') . ' >' . lang("edit", "female") . '</option> </select> </td> </tr> <tr> <td>' . lang("edit", "race") . ':</td> <td> <select name="avatarrace">'; $races = array(1 => array(1, lang("id_tab", "human")), 2 => array(2, lang("id_tab", "orc")), 3 => array(3, lang("id_tab", "dwarf")), 4 => array(4, lang("id_tab", "nightelf")), 5 => array(5, lang("id_tab", "undead")), 6 => array(6, lang("id_tab", "tauren")), 7 => array(7, lang("id_tab", "gnome")), 8 => array(8, lang("id_tab", "troll")), 10 => array(10, lang("id_tab", "bloodelf")), 11 => array(11, lang("id_tab", "draenei"))); foreach ($races as $race) { $output .= ' <option value="' . $race[0] . '" ' . ($screen_name["avatarrace"] == $race[0] ? 'selected="selected"' : '') . ' >' . $race[1] . '</option>'; } $output .= ' </select> </td> </tr> <tr> <td>' . lang("edit", "class") . ':</td> <td> <select name="avatarclass">'; $classes = $class_names = array(1 => array(1, lang("id_tab", "warrior")), 2 => array(2, lang("id_tab", "paladin")), 3 => array(3, lang("id_tab", "hunter")), 4 => array(4, lang("id_tab", "rogue")), 5 => array(5, lang("id_tab", "priest")), 6 => array(6, lang("id_tab", "death_knight")), 7 => array(7, lang("id_tab", "shaman")), 8 => array(8, lang("id_tab", "mage")), 9 => array(9, lang("id_tab", "warlock")), 11 => array(11, lang("id_tab", "druid"))); foreach ($classes as $class) { $output .= ' <option value="' . $class[0] . '" ' . ($screen_name["avatarclass"] == $class[0] ? 'selected="selected"' : '') . ' >' . $class[1] . '</option>'; } $output .= ' </select> </td> </tr> <tr> <td>' . lang("edit", "level") . ':</td> <td> <input type="text" name="avatarlevel" value="' . $screen_name["avatarlevel"] . '" /> </td> </tr>'; } else { $output .= ' <tr> <td id="forum_topic_avatar" rowspan="4"> <div>' . gen_avatar_panel($screen_name["avatarlevel"], $screen_name["avatarsex"], $screen_name["avatarrace"], $screen_name["avatarclass"], 0, $screen_name["SecurityLevel"]) . '</div> </td> <td>' . lang("edit", "gender") . ':</td> <td>' . lang("edit", "unavailable") . '</td> </tr> <tr> <td>' . lang("edit", "race") . ':</td> <td>' . lang("edit", "unavailable") . '</td> </tr> <tr> <td>' . lang("edit", "class") . ':</td> <td>' . lang("edit", "unavailable") . '</td> </tr> <tr> <td>' . lang("edit", "level") . ':</td> <td>' . lang("edit", "unavailable") . '</td> </tr>'; } $output .= ' <tr> <td></td> </tr> <tr> <td></td> </tr> <tr> <td align="left" colspan="3">' . lang("edit", "viewmods") . '</td> </tr> <tr> <td>' . lang("char", "char_sheet") . ':</td> <td colspan="2"> <select name="viewmod_sheet"> <option value="0" ' . ($screen_name["View_Mod_Sheet"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Sheet"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Sheet"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "achievements") . ':</td> <td colspan="2"> <select name="viewmod_achieve"> <option value="0" ' . ($screen_name["View_Mod_Achieve"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Achieve"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Achieve"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "friends") . ':</td> <td colspan="2"> <select name="viewmod_friends"> <option value="0" ' . ($screen_name["View_Mod_Friends"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Friends"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Friends"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "inventory") . ':</td> <td colspan="2"> <select name="viewmod_inv"> <option value="0" ' . ($screen_name["View_Mod_Inv"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Inv"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Inv"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "pets") . ':</td> <td colspan="2"> <select name="viewmod_pets"> <option value="0" ' . ($screen_name["View_Mod_Pets"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Pets"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Pets"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "pvp") . ':</td> <td colspan="2"> <select name="viewmod_pvp"> <option value="0" ' . ($screen_name["View_Mod_PvP"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_PvP"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_PvP"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "quests") . ':</td> <td colspan="2"> <select name="viewmod_quests"> <option value="0" ' . ($screen_name["View_Mod_Quest"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Quest"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Quest"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "reputation") . ':</td> <td colspan="2"> <select name="viewmod_rep"> <option value="0" ' . ($screen_name["View_Mod_Rep"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Rep"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Rep"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "skills") . ':</td> <td colspan="2"> <select name="viewmod_skills"> <option value="0" ' . ($screen_name["View_Mod_Skill"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Skill"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Skill"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "talents") . ':</td> <td colspan="2"> <select name="viewmod_talents"> <option value="0" ' . ($screen_name["View_Mod_Talent"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_Talent"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_Talent"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td>' . lang("char", "view") . ':</td> <td colspan="2"> <select name="viewmod_view"> <option value="0" ' . ($screen_name["View_Mod_View"] == 0 ? 'selected="selected" ' : '') . '>' . lang("edit", "onlyme") . '</option> <!-- option value="1" ' . ($screen_name["View_Mod_View"] == 1 ? 'selected="selected" ' : '') . '>' . lang("edit", "friends") . '</option --> <option value="2" ' . ($screen_name["View_Mod_View"] == 2 ? 'selected="selected" ' : '') . '>' . lang("edit", "reg_users") . '</option> </select> </td> </tr> <tr> <td></td> </tr> <tr> <td>'; makebutton(lang("edit", "save"), 'javascript:do_submit(\'form3\', 0)', 130); $output .= ' </td> </tr> </table> </form> </div> <div id="edit_invites_fieldset" class="fieldset_border center"> <span class="legend">' . lang("edit", "invite_options") . '</span> <table class="hidden" id="edit_invites_table"> <tr> <td align="left">' . lang("edit", "invite_email") . ': </td> <td align="right"> <form action="edit.php" method="get" id="form4"> <div> <input type="hidden" name="action" value="send_invite" /> <input type="text" name="invite_email" value="" size="30" /> </div> </form> </td> </tr> <tr> <td colspan="2">'; makebutton(lang("edit", "sendinvite"), 'javascript:do_submit(\'form4\', 0)', 130); $output .= ' </td> </tr> <tr> <td> </td> </tr> <tr> <td align="left" colspan="2">' . lang("edit", "active_invites") . ': </td> </tr> <tr> <td colspan="2"> <table class="lined" id="active_invites_table"> <tr> <th style="width: 15%;">Delete</th> <th>Email</th> <th style="width: 15%">Resend</th> </tr>'; $invites_query = "SELECT * FROM invitations WHERE issuer_acct_id='" . $user_id . "'"; $invites_result = $sql["mgr"]->query($invites_query); while ($row = $sql["mgr"]->fetch_assoc($invites_result)) { $output .= ' <tr> <td> <a href="edit.php?action=delete_invite&key=' . $row["invitation_key"] . '"> <img src="img/aff_cross.png" alt="Delete" /> </a> </td> <td>' . $row["invited_email"] . '</td> <td> <a href="edit.php?action=resend_invite&key=' . $row["invitation_key"] . '"> <img src="img/add.png" alt="Resend" /> </a> </td> </tr>'; } $output .= ' </table> </td> </tr> </table> </div> <br /> <div id="edit_prizebags_fieldset" class="fieldset_border center"> <span class="legend">' . lang("edit", "my_bags") . '</span> <table class="hidden" id="edit_prizebags_table">'; // $bag_query = "SELECT * FROM point_system_prize_bags WHERE owner='" . $user_id . "'"; $bag_result = $sql["mgr"]->query($bag_query); $output_temp = '<tr><td style="display: none;"></td></tr>'; while ($bag = $sql["mgr"]->fetch_assoc($bag_result)) { $output_temp .= ' <tr> <td align="right"> <a href="point_system.php?action=view_bag&bag_id=' . $bag["entry"] . '"> <img src="' . get_item_icon(1725) . '" alt="" /> </a> </td> <td align="left"> <span> ' . $bag["slots"] . ' ' . lang("edit", "bag_slots") . '</span> </td> </tr>'; } $output .= $output_temp; $output .= ' </table> </div> <br /> <div id="edit_theme_fieldset" class="fieldset_border center"> <span class="legend">' . lang("edit", "theme_options") . '</span> <table class="hidden" id="edit_theme_table"> <tr> <td align="left">' . lang("edit", "select_layout_lang") . ': </td> <td align="right"> <form action="edit.php" method="get" id="form1"> <div> <input type="hidden" name="action" value="lang_set" /> <select name="lang"> <optgroup label="' . lang("edit", "language") . '">'; if (is_dir('./lang')) { if ($dh = opendir('./lang')) { while (($file = readdir($dh)) == true) { $lang = explode('.', $file); if (isset($lang[1]) && $lang[1] == 'php') { $output .= ' <option value="' . $lang[0] . '"' . (isset($_COOKIE["corem_lang"]) && $_COOKIE["corem_lang"] == $lang[0] ? ' selected="selected" ' : '') . '>' . lang("edit", $lang[0]) . '</option>'; } } closedir($dh); } } $output .= ' </optgroup> </select> </div> </form> </td> <td>'; makebutton(lang("edit", "save"), 'javascript:do_submit(\'form1\', 0)', 130); $output .= ' </td> </tr> <tr> <td align="left">' . lang("edit", "select_theme") . ': </td> <td align="right"> <form action="edit.php" method="get" id="form2"> <div> <input type="hidden" name="action" value="theme_set" /> <select name="theme"> <optgroup label="' . lang("edit", "theme") . '">'; if (is_dir('./themes')) { if ($dh = opendir('./themes')) { while (($file = readdir($dh)) == true) { if ($file == '.' || $file == '..' || $file == '.htaccess' || $file == 'index.html' || $file == '.svn') { } else { $output .= ' <option value="' . $file . '"' . (isset($_COOKIE["corem_theme"]) && $_COOKIE["corem_theme"] == $file ? ' selected="selected" ' : '') . '>' . $file . '</option>'; } } closedir($dh); } } $output .= ' </optgroup> </select> </div> </form> </td> <td>'; makebutton(lang("edit", "save"), 'javascript:do_submit(\'form2\',0)', 130); $output .= ' </td> </tr> </table> </div> <br />'; } else { error(lang("global", "err_no_records_found")); } }
function edit_motd() { global $output, $action_permission, $sql; valid_login($action_permission["update"]); if (empty($_GET["id"])) { redirect("motd.php?error=1"); } $id = $sql["mgr"]->quote_smart($_GET["id"]); if (!is_numeric($id)) { redirect("motd.php?error=1"); } if (!isset($_GET["msg"])) { $msg = $sql["mgr"]->result($sql["mgr"]->query("SELECT Message FROM motd WHERE ID='" . $id . "'"), 0); } else { $msg = $_GET["msg"]; } $priority = $sql["mgr"]->result($sql["mgr"]->query("SELECT Priority FROM motd WHERE ID='" . $id . "'"), 0); $enabled = $sql["mgr"]->result($sql["mgr"]->query("SELECT Enabled FROM motd WHERE ID='" . $id . "'"), 0); $redirect = isset($_GET["redirect"]) ? $sql["mgr"]->quote_smart($_GET["redirect"]) : NULL; $target = $sql["mgr"]->result($sql["mgr"]->query("SELECT Target FROM motd WHERE ID='" . $id . "'"), 0); if ($target != 0) { if ($core == 1) { $un_query = "SELECT login FROM accounts WHERE acct=" . $motd["Target"]; } else { $un_query = "SELECT username AS login FROM account WHERE id=" . $motd["Target"]; } $un_result = $sql["logon"]->query($un_query); $un = $sql["logon"]->fetch_assoc($un_result); } $target = $un; $min_sec_level = $sql["mgr"]->result($sql["mgr"]->query("SELECT Min_Sec_Level FROM motd WHERE ID='" . $id . "'"), 0); $output .= ' <script> function do_submit_preview() { document.getElementById("form").action.value = "edit_preview"; document.getElementById("form").submit(); } </script> <center> <form action="motd.php" method="get" id="form"> <input type="hidden" name="id" value="' . $id . '" /> <input type="hidden" name="action" value="do_edit_motd" /> <input type="hidden" name="redirect" value="' . $redirect . '" /> <table class="top_hidden"> <tr> <td colspan="3">'; unset($id); bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td colspan="3" align="left"> ' . lang("motd", "enabled") . ': <input type="checkbox" name="enabled" ' . ($enabled ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td>' . lang("motd", "priority") . ': <select name="priority"> <option value="0" ' . ($priority == 0 ? 'selected="selected"' : '') . '>' . lang("motd", "veryhigh") . '</option> <option value="1" ' . ($priority == 1 ? 'selected="selected"' : '') . '>' . lang("motd", "high") . '</option> <option value="2" ' . ($priority == 2 ? 'selected="selected"' : '') . '>' . lang("motd", "med") . '</option> <option value="3" ' . ($priority == 3 ? 'selected="selected"' : '') . '>' . lang("motd", "low") . '</option> <option value="4" ' . ($priority == 4 ? 'selected="selected"' : '') . '>' . lang("motd", "verylow") . '</option> </select> </td> <td> ' . lang("motd", "targetname") . ': <input type="text" name="target" value="' . $target . '" /> </td> <td> ' . lang("motd", "min_sec_level") . ': <select name="min_sec_level">'; $s_query = "SELECT * FROM config_gm_level_names"; $s_result = $sql["mgr"]->query($s_query); while ($level = $sql["mgr"]->fetch_assoc($s_result)) { $output .= ' <option value="' . $level["Security_Level"] . '"' . ($min_sec_level == $level["Security_Level"] ? ' selected="selected"' : '') . '>' . gmlevel_name($level["Security_Level"]) . '</option>'; } $output .= ' </select> </td> </tr> <tr> <td colspan="3"> <textarea id="msg" name="msg" rows="26" cols="97">' . $msg . '</textarea> </td> </tr> <tr> <td>' . lang("motd", "post_rules") . '</td> <td>'; unset($msg); makebutton(lang("motd", "post_motd"), 'javascript:do_submit()" type="wrn', 230); $output .= ' </td> <td>'; makebutton(lang("motd", "preview_motd"), 'javascript:do_submit_preview()" type="wrn', 230); $output .= ' </td> </tr> <tr> <td></td> <td></td> <td>'; makebutton(lang("global", "back"), 'javascript:window.history.back()" type="def', 230); $output .= ' </td> </tr> </table> </form> <br /> </center>'; }
function forum_edit_post(&$sqlm) { global $forum_skeleton, $forum_lang, $maxqueries, $minfloodtime, $user_lvl, $user_id, $output, $mmfpm_db; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //==========================$_GET and SECURE================================= if (!isset($_GET['id'])) { error($forum_lang['no_such_post']); } else { $id = $sqlm->quote_smart($_GET['id']); } //==========================$_GET and SECURE end============================= $post = $sqlm->query(' SELECT id, topic, authorid, forum, name, text FROM mm_forum_posts WHERE id = ' . $id . ''); if ($sqlm->num_rows($post) == 0) { error($forum_lang['no_such_post']); } $post = $sqlm->fetch_assoc($post); if ($user_lvl == 0 && $user_id != $post['authorid']) { error($forum_lang['no_access']); } $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category["forums"] as $fid_ => $forum) { if ($fid_ == $post['forum']) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]['forums'][$post['forum']])) { // No such forum.. error($forum_lang['no_such_forum']); } $forum = $forum_skeleton[$cat]['forums'][$post['forum']]; $output .= ' <div class="top"> <h1>' . $forum_lang['forums'] . '</h1> </div> <form action="forum.php?action=do_edit_post" method="POST" name="form"> <center> <fieldset> <legend> <a href="forum.php">' . $forum_lang['forum_index'] . '</a> -> <a href="forum.php?action=view_forum&id=' . $post['forum'] . '">' . $forum['name'] . '</a> -> <a href="forum.php?action=view_topic&id=' . $post['topic'] . '">' . $post['name'] . '</a> -> ' . $forum_lang['edit'] . ' </legend>'; $output .= ' <table class="lined"> <tr>'; if ($post['id'] = $post['id']) { $output .= ' <td align="left"><input type="hidden" name="topic" value="1"> ' . $forum_lang['topic_name'] . ': <input name="name" SIZE="50" value="' . $post['name'] . '"> </td> </tr>'; } else { $output .= ' </td> <td align="left">' . $post['name'] . '</td> </tr>'; } $post['text'] = str_replace('<br />', chr(10), $post['text']); $output .= ' <tr> <td align="left" colspan="3">'; bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td colspan="3"> <TEXTAREA ID="msg" NAME="msg" ROWS=8 COLS=93>' . $post['text'] . '</TEXTAREA> <input type="hidden" name="forum" value="' . $post['forum'] . '"> <input type="hidden" name="post" value="' . $post['id'] . '"> </td> </tr> <tr> <td align="left">'; makebutton($forum_lang['post'], "javascript:do_submit()", 100); $output .= ' </td> </tr> </table> </fieldset>'; $output .= ' </center> </form> <br/>'; $sqlm->close(); // Queries : 1 }
function forum_view_topic(&$sqlr, &$sqlc, &$sqlm) { global $enablesidecheck, $forum_skeleton, $maxqueries, $forum_lang, $user_lvl, $user_id, $output, $realm_db, $characters_db, $mmfpm_db, $realm_id; if ($enablesidecheck) { $side = get_side(); } // Better to use it here instead of call it many time in the loop :) $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //==========================$_GET and SECURE================================= if (isset($_GET['id'])) { $id = $sqlm->quote_smart($_GET['id']); $post = false; } else { if (isset($_GET['postid'])) { $id = $sqlm->quote_smart($_GET['postid']); $post = true; } else { error($forum_lang['no_such_topic']); } } if (!isset($_GET['page'])) { $page = 0; } else { $page = $sqlm->quote_smart($_GET['page']); } // Fok you mathafoker haxorz //==========================$_GET and SECURE end============================= $start = $maxqueries * $page; if (!$post) { $posts = $sqlm->query(' SELECT id, authorid, authorname, forum, name, text, time, annouced, sticked, closed FROM mm_forum_posts WHERE topic = ' . $id . ' ORDER BY id ASC LIMIT ' . $start . ', ' . $maxqueries . ''); $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); // need to update this query to use ' instead of " $query = "\r\n\t\t\tSELECT account, name, gender, race, class, level,\r\n\t\t\t\t(SELECT gmlevel\r\n\t\t\t\tFROM `{$realm_db['name']}`.account\r\n\t\t\t\tWHERE `{$realm_db['name']}`.account.id = `{$characters_db[$realm_id]['name']}`.characters.account) as gmlevel\r\n\t\t\tFROM `{$characters_db[$realm_id]['name']}`.characters\r\n\t\t\tWHERE totaltime IN \r\n\t\t\t\t(SELECT MAX(totaltime)\r\n\t\t\t\tFROM `{$characters_db[$realm_id]['name']}`.characters\r\n\t\t\t\tWHERE account IN ("; while ($post = $sqlm->fetch_row($posts)) { $query .= "{$post['1']},"; } mysql_data_seek($posts, 0); $query .= "\r\n\t\t\t\t\t0)\r\n\t\t\t\tGROUP BY account);"; $sqlc = new SQL(); $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $results = $sqlc->query($query); while ($avatar = $sqlc->fetch_assoc($results)) { $char_gender = str_pad(dechex($avatar['gender']), 8, 0, STR_PAD_LEFT); $avatars[$avatar['account']]['name'] = $avatar['name']; $avatars[$avatar['account']]['sex'] = $char_gender['race']; $avatars[$avatar['account']]['race'] = $avatar['race']; $avatars[$avatar['account']]['class'] = $avatar['class']; $avatars[$avatar['account']]['level'] = $avatar['level']; $avatars[$avatar['account']]['gm'] = $avatar['gmlevel']; } $replies = $sqlm->num_rows($posts); if ($replies == 0) { error($forum_lang['no_such_topic']); } $post = $sqlm->fetch_assoc($posts); $fid = $post['forum']; $cat = 0; $cid = $sqlm->query(' SELECT category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_categories'); while ($category = $sqlm->fetch_assoc($cid)) { $fid_ = $sqlm->query(' SELECT forum, category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_forums WHERE category = ' . $category['category'] . ''); while ($forum = $sqlm->fetch_assoc($fid_)) { if ($forum['forum'] == $fid) { $cat = $forum['category']; } if (empty($forum['forum'])) { error($forum_lang['no_such_forum']); } if ($category['level_read'] > $user_lvl || $forum['level_read'] > $user_lvl) { error($forum_lang['no_access']); } if ($user_lvl == 0 && $enablesidecheck) { if ($category['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($category['side_access'] != $side) { // Forumside different of the user side continue; } } } if ($forum['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum['side_access'] != $side) { // Forumside different of the user side continue; } } } } } } $post['name'] = htmlspecialchars($post['name']); $post['text'] = htmlspecialchars($post['text']); $post['text'] = bbcode_parse1($post['text']); $output .= ' <div class="top"> <h1>' . $forum_lang['forums'] . '</h1> </div> <center> <fieldset> <legend> <a href="forum.php">' . $forum_lang['forum_index'] . '</a> -> <a href="forum.php?action=view_forum&id=' . $forum['forum'] . '">' . $forum['name'] . '</a> -> <a href="forum.php?action=view_topic&id=' . $id . '">' . $post['name'] . '</a> </legend> <table class="lined"> <tr> <th style="width:15%;">' . $forum_lang['info'] . '</th> <th style="text-align:left;">' . $forum_lang['text'] . '</th>'; if ($user_lvl > 0) { $output .= ' <th style="width:50%;text-align:right;">'; if ($post['sticked'] == "1") { if ($post['annouced'] == "1") { // Annoucement $output .= ' ' . $forum_lang['annoucement'] . ''; } else { // Sticky $output .= ' ' . $forum_lang['sticky'] . ''; } } else { if ($post['annouced'] == "1") { // Annoucement $output .= ' ' . $forum_lang['annoucement'] . ''; } else { // Normal Topic $output .= ' ' . $forum_lang['normal'] . ''; } } if ($post['closed'] == "1") { $output .= ' </th>'; } } if (isset($avatars[$post['authorid']])) { $avatar = gen_avatar_panel($avatars[$post['authorid']]['level'], $avatars[$post['authorid']]['sex'], $avatars[$post['authorid']]['race'], $avatars[$post['authorid']]['class'], 1, $avatars[$post['authorid']]['gm']); } else { $avatar = ""; } $output .= ' <tr> <td colspan="3" align="left"> ' . $post['time'] . ' </td> </tr> </tr>'; $output .= ' <tr> <td style="width:15%;text-align:center;"><center>' . $avatar . '</center>' . $forum_lang['author'] . ' : '; if ($user_lvl > 0) { $output .= ' <a href="user.php?action=edit_user&error=11&id=' . $post['authorid'] . '">'; } if (isset($avatars[$post['authorid']])) { $output .= $avatars[$post['authorid']]['name']; } else { $output .= $post['authorname']; } if ($user_lvl > 0) { $output .= ' </a>'; } $output .= ' </td> <td colspan="2" style="text-align:left">' . $post['text'] . '<br /> <div style="text-align:right\\"> </td> </tr>'; if ($user_lvl > 0) { $output .= ' <tr> <th colspan="3" align="right">'; if ($post['sticked'] == "1") { if ($post['annouced'] == "1") { // Annoucement $output .= ' <a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=0"><img src="img/forums/unannounce.png" border="0" alt="' . $forum_lang['down'] . '" /></a>'; } else { // Sticky $output .= ' <a href="forum.php?action=edit_stick&id=' . $post['id'] . '&state=0"><img src="img/forums/unstick.png" border="0" alt="' . $forum_lang['down'] . '" /></a> <a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=1"><img src="img/forums/announce.png" border="0" alt="' . $forum_lang["up"] . '" /></a>'; } } else { if ($post['annouced'] == "1") { // Annoucement $output .= ' <a href="forum.php?action=edit_announce&id=' . $post['id'] . '&state=0"><img src="img/forums/unannounce.png" border="0" alt="' . $forum_lang['down'] . '" /></a>'; } else { // Normal Topic $output .= ' <a href="forum.php?action=edit_stick&id=' . $post['id'] . '&state=1"><img src="img/forums/stick.png" border="0" alt="' . $forum_lang['up'] . '" /></a>'; } } if ($post['closed'] == "1") { $output .= ' <a href="forum.php?action=edit_close&id=' . $post['id'] . '&state=0"><img src="img/forums/lock.png" border="0" alt=\\"' . $forum_lang['open'] . '" /></a>'; } else { $output .= ' <a href="forum.php?action=edit_close&id=' . $post['id'] . '&state=1"><img src="img/forums/unlock.png" border="0" alt="' . $forum_lang['close'] . '" /></a>'; } $output .= ' <a href="forum.php?action=move_topic&id=' . $post['id'] . '"><img src="img/forums/move.png" border="0" alt="' . $forum_lang['move'] . '" /></a> <a href="forum.php?action=edit_post&id=' . $post['id'] . '"><img src="img/forums/edit.png" border="0" alt="' . $forum_lang["edit"] . '" /></a> <a href="forum.php?action=delete_post&id=' . $post['id'] . '"><img src="img/forums/delete.png" border="0" alt="' . $forum_lang["delete"] . '" /></a> </th> </tr>'; } $closed = $post['closed']; while ($post = $sqlm->fetch_assoc($posts)) { $post['text'] = htmlspecialchars($post['text']); $post['text'] = bbcode_parse1($post['text']); if (isset($avatars[$post['authorid']])) { $avatar = gen_avatar_panel($avatars[$post['authorid']]['level'], $avatars[$post['authorid']]['sex'], $avatars[$post['authorid']]['race'], $avatars[$post['authorid']]['class'], 1, $avatars[$post['authorid']]['gm']); } else { $avatar = ""; } $output .= ' <tr> <td colspan="3" align="left"> ' . $post['time'] . ' </td> </tr> <tr> <td style="width:15%;text-align:center;"> <center>' . $avatar . '</center>' . $forum_lang['author'] . ' : '; if ($user_lvl > 0) { $output .= ' <a href="user.php?action=edit_user&error=11&id=' . $post['authorid'] . '">'; } if (isset($avatars[$post['authorid']])) { $output .= $avatars[$post['authorid']]['name']; } else { $output .= $post['authorname']; } $output .= ' </a>'; $output .= ' </td> <td colspan="2" style="text-align:left;">' . $post['text'] . '<br />'; $output .= ' </td> </tr>'; if ($user_lvl > 0 || $user_id == $post['authorid']) { $output .= ' <tr> <th colspan="3" align="right"> <a href="forum.php?action=edit_post&id=' . $post['id'] . '"><img src="img/forums/edit.png" border="0" alt="' . $forum_lang['edit'] . '"></a> <a href="forum.php?action=delete_post&id=' . $post['id'] . '"><img src="img/forums/delete.png" border="0" alt="' . $forum_lang['delete'] . '"></a> </th> </tr>'; } } $totalposts = $sqlm->query(' SELECT id FROM mm_forum_posts WHERE topic = ' . $id . ''); $totalposts = $sqlm->num_rows($totalposts); $pages = ceil($totalposts / $maxqueries); $output .= ' <tr> <td align="right" colspan="3">' . $forum_lang['pages'] . ' : '; for ($x = 1; $x <= $pages; $x++) { $y = $x - 1; $output .= ' <a href="forum.php?action=view_topic&id=' . $id . '&page=' . $y . '">' . $x . '</a>'; } $output .= ' </td> </tr> </table> </fieldset> <br />'; $category = $sqlm->query(' SELECT category, name, description, side_access, level_post_topic, level_read, level_post FROM mm_forum_categories'); // Quick reply form if (($user_lvl > 0 || !$closed) && ($category['level_post'] <= $user_lvl && $forum['level_post'] <= $user_lvl)) { $output .= ' <form action="forum.php?action=do_add_post" method="POST" name="form"> <fieldset> <legend> ' . $forum_lang['quick_reply'] . ' </legend> <table class="lined"> <tr> <td align="left" colspan="3">'; bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td colspan="3"> <TEXTAREA ID="msg" NAME="msg" ROWS=8 COLS=93></TEXTAREA><br/> <input type="hidden" name="forum" value="' . $fid . '"> <input type="hidden" name="topic" value="' . $id . '"> </td> </tr> <tr> <td align="left">'; makebutton($forum_lang['post'], "javascript:do_submit()", 100); $output .= ' </td> </tr> </table> </fieldset> </form>'; } $output .= ' </center>'; $sqlm->close(); } else { $output .= ' <div class="top"> <h1>Stand by...</h1> </div>'; // Get post id $post = $sqlm->query(' SELECT topic, id FROM mm_forum_posts WHERE id = ' . $id . ''); if ($sqlm->num_rows($post) == 0) { error($forum_lang['no_such_topic']); } $post = $sqlm->fetch_assoc($post); if ($post['id'] == $post['authorid']) { redirect('forum.php?action=view_topic&id=' . $id . ''); } $topic = $post['id']; // Get posts in topic $posts = $sqlm->query(' SELECT id FROM mm_forum_posts WHERE topic = ' . $topic . ''); $replies = $sqlm->num_rows($posts); if ($replies == 0) { error($forum_lang['no_such_topic']); } $row = 0; // Find the row of our post, so we could have his ratio (topic x/total topics) and knew the page to show while ($post = $sqlm->fetch_row($posts)) { $row++; if ($topic == $id) { break; } } $page = 0; while ($page * $maxqueries < $row) { $page++; } $page--; $sqlm->close(); redirect('forum.php?action=view_topic&id=' . $topic . '&page=' . $page . ''); } // Queries : 2 with id || 2 (+2) with postid }
function forum_edit_post() { global $forum_skeleton, $maxqueries, $minfloodtime, $user_lvl, $user_id, $output, $corem_db, $sql; if (!isset($_GET["id"])) { error(lang("forum", "no_such_post")); } else { $id = $sql["mgr"]->quote_smart($_GET["id"]); } $post = $sql["mgr"]->query("SELECT id, topic, authorid, forum, name, text FROM forum_posts WHERE id='" . $id . "';"); if ($sql["mgr"]->num_rows($post) == 0) { error(lang("forum", "no_such_post")); } $post = $sql["mgr"]->fetch_row($post); if ($user_lvl == 0 && $user_id != $post[2]) { error(lang("forum", "no_access")); } $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category["forums"] as $fid_ => $forum) { if ($fid_ == $post[3]) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]["forums"][$post[3]])) { // No such forum.. error(lang("forum", "no_such_forum")); } $forum = $forum_skeleton[$cat]["forums"][$post[3]]; $output .= ' <div class="top"> <h1>' . lang("forum", "forums") . '</h1>' . lang("forum", "you_are_here") . ': <a href="forum.php">' . lang("forum", "forum_index") . '</a> -> <a href="forum.php?action=view_forum&id=' . $post[3] . '">' . $forum["name"] . '</a> -> <a href="forum.php?action=view_topic&id=' . $post[1] . '">' . $post[4] . '</a> -> ' . lang("forum", "edit") . ' </div> <form action="forum.php?action=do_edit_post" method="post" id="form"> <input type="hidden" name="forum" value="' . $post[3] . '" /> <input type="hidden" name="post" value="' . $post[0] . '" /> <center> <table class="lined"> <table class="top_hidden"> <tr>'; if ($post[0] = $post[0]) { $output .= ' </td> <td>' . lang("forum", "topic_name") . ':<input type="hidden" name="topic" value="1" /> <input name="name" size="40" value="' . $post[4] . '"> </td> </tr>'; } else { $output .= ' </td> <td>' . lang("forum", "topic_name") . ': <td>' . $post[4] . '</td> </tr>'; } //$post[5] = str_replace('<br />', chr(10), $post[5]); $output .= ' <tr> <td colspan="2">'; bbcode_add_editor(); $output .= ' </td> </tr> <tr> <td colspan="2"> <textarea id="msg" name="msg" rows=8 cols=93>' . $post[5] . '</textarea> </td> </tr> <tr> <td align="left">'; makebutton("Post", "javascript:do_submit()", 100); $output .= ' </td> </tr> </table> </center> </form> <br/>'; // Queries: 1 }