$grl = arlistee($allgAr[$row['schl']], $teAr);
$input = '<select name="' . $row['schl'] . '">' . $grl . '</select>';
} else {
$input = 'Fehler in Datenbank!';
}
}
$tpl->set_ar_out(array('frage' => $row['frage'], 'input' => $input, 'schl' => $row['schl'], 'help' => is_null($row['helptext']) ? 0 : 1, 'helptext' => $row['helptext']), 4);
}
// Kategorien-Ende ausgeben, falls nötig
if ($katid != 0) {
$tpl->out(5);
}
// Template-Footer ausgeben
$tpl->set('antispam', get_antispam('admin_allg', 1, true));
$tpl->out(6);
} elseif (chk_antispam('admin_allg', true)) {
$abf = 'SELECT * FROM `prefix_config` WHERE hide = 0 ORDER BY `kat` ';
$erg = db_query($abf);
while ($row = db_fetch_assoc($erg)) {
if ($row['typ'] == 'password' and $_POST[$row['schl']] == '***') {
continue;
} elseif ($row['typ'] == 'password') {
require_once 'include/includes/libs/AzDGCrypt.class.inc.php';
$cr64 = new AzDGCrypt(DBDATE . DBUSER . DBPREF);
$_POST[$row['schl']] = $cr64->crypt($_POST[$row['schl']]);
}
db_query('UPDATE `prefix_config` SET wert = "' . escape($_POST[$row['schl']], 'textarea') . '" WHERE schl = "' . $row['schl'] . '"');
}
wd('admin.php?allg', 'Erfolgreich geändert', 2);
}
// -----------------------------------------------------------|
<?php
# Copyright by: Manuel
# Support: www.ilch.de
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Users :: Profil';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Profil' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
if ($_SESSION['authright'] <= -1) {
$csrfCheck = chk_antispam('user_profile_edit', true);
if (empty($_POST['submit']) || !$csrfCheck) {
$design->header();
$abf = 'SELECT email,wohnort,homepage,aim,msn,icq,yahoo,avatar,status,staat,gebdatum,sig,opt_pm_popup,opt_pm,opt_mail,geschlecht,spezrank FROM `prefix_user` WHERE id = "' . $_SESSION['authid'] . '"';
$erg = db_query($abf);
if (db_num_rows($erg) > 0) {
$row = db_fetch_assoc($erg);
$tpl = new tpl('user/profil_edit');
$row['staat'] = '<option></option>' . arliste($row['staat'], get_nationality_array(), $tpl, 'staat');
$row['geschlecht0'] = $row['geschlecht'] < 1 ? 'checked' : '';
$row['geschlecht1'] = $row['geschlecht'] == 1 ? 'checked' : '';
$row['geschlecht2'] = $row['geschlecht'] == 2 ? 'checked' : '';
if ($row['status'] == 1) {
$row['status1'] = 'checked';
$row['status0'] = '';
} else {
$row['status1'] = '';
$row['status0'] = 'checked';
}
if ($row['opt_mail'] == 1) {
$row['opt_mail1'] = 'checked';
$row['opt_mail0'] = '';
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
defined('admin') or die('only admin access');
$design = new design('Ilch Admin-Control-Panel :: Regeln', '', 2);
$design->header();
$um = '';
if (isset($_REQUEST['um'])) {
$um = $_REQUEST['um'];
}
if (!empty($_POST['sub']) and chk_antispam('adminuser_action', true)) {
$text = escape($_POST['text'], 'string');
$titel = escape($_POST['titel'], 'string');
$zahl = escape($_POST['zahl'], 'integer');
if (empty($_POST['sid'])) {
db_query('INSERT INTO `prefix_rules` (`text`,`titel`,`zahl`) VALUES ( "' . $text . '","' . $titel . '","' . $zahl . '" ) ');
} else {
$sid = escape($_POST['sid'], 'integer');
db_query('UPDATE `prefix_rules` SET `text` = "' . $text . '", `titel` = "' . $titel . '", `zahl` = "' . $zahl . '" WHERE `id` = "' . $sid . '"');
}
}
if (!empty($_GET['delete'])) {
$delete = escape($_GET['delete'], 'integer');
db_query('DELETE FROM `prefix_rules` WHERE `id` = "' . $delete . '" LIMIT 1');
}
if (empty($_GET['sid'])) {
$sek = 4;
if (isset($_GET['sek'])) {
$sek = $_GET['sek'];
}
$diashow_html = '<meta http-equiv="refresh" content="' . $sek . '; URL=index.php?gallery-show-' . $cid . '-p' . $next . '=0&diashow=shownext&sek=' . $sek . '">';
$diashow = $page . '=0&diashow=stop';
}
# anzeigen
$tpl = new tpl('gallery_show');
$arr = array('cid' => $cid, 'last' => $last, 'next' => $next, 'diashow' => $diashow, 'diashow_html' => $diashow_html, 'endung' => $row['endung'], 'id' => $row['id'], 'vote_wertung' => $row['vote_wertung'], 'vote_klicks' => $row['vote_klicks'], 'bildr' => $page, 'besch' => unescape($row['besch']), 'breite' => $breite, 'hoehe' => $hoehe);
$tpl->set_ar_out($arr, 0);
# kommentare
if ($allgAr['gallery_img_koms'] == 1) {
# eintragen
$insertmsg = '';
if ((loggedin() or isset($_POST['name'])) and !empty($_POST['text']) and $antispam = chk_antispam('gallery')) {
if (loggedin()) {
$name = $_SESSION['authname'];
} else {
$name = escape($_POST['name'], 'string');
if (db_count_query('SELECT COUNT(*) FROM prefix_user WHERE name = "' . $name . '"')) {
$insertmsg .= 'Der Name ist bereits für einen registrierten User vergeben';
}
}
if (empty($insertmsg)) {
$text = escape($_POST['text'], 'string');
db_query("INSERT INTO prefix_koms (name,text,uid,cat) VALUES ('" . $name . "','" . $text . "'," . $row['id'] . ",'GALLERYIMG')");
}
} elseif (isset($_POST['subgalkom']) and !$antispam) {
$insertmsg .= 'Falscher Antispam';
}
<?php
# Copyright by: Manuel
# Support: www.ilch.de
defined('main') or die('no direct access');
if ($forum_rights['mods'] == FALSE) {
$forum_failure[] = 'Keine Berechtigung dieses Forum zu moderiren';
}
check_forum_failure($forum_failure);
$title = $allgAr['title'] . ' :: Forum :: ' . aktForumCats($aktForumRow['kat'], 'title') . ' :: ' . $aktForumRow['name'];
$hmenu = $extented_forum_menu . '<a class="smalfont" href="index.php?forum">Forum</a><b> » </b>' . aktForumCats($aktForumRow['kat']) . '<b> » </b>' . $aktForumRow['name'] . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$csrfCheck = chk_antispam('forum_edit_forum', true);
if ((isset($_POST['del']) or isset($_POST['shift']) or isset($_POST['status'])) and (empty($_POST['in']) or isset($_POST['in']) and (!is_array($_POST['in']) or count($_POST['in']) < 1))) {
wd('index.php?forum-editforum-' . $fid, 'Es wurden keine Themen gewählt.', 2);
} elseif (isset($_POST['status']) && $csrfCheck) {
foreach ($_POST['in'] as $k => $v) {
$k = escape($k, 'integer');
$astat = db_result(db_query("SELECT stat FROM prefix_topics WHERE id = " . $k), 0, 0);
$nstat = $astat == 1 ? 0 : 1;
db_query("UPDATE `prefix_topics` SET stat = '" . $nstat . "' WHERE id = " . $k);
}
wd('index.php?forum-showtopics-' . $fid, 'Status geändert', 2);
} elseif (!$csrfCheck || empty($_POST['del']) && empty($_POST['shift'])) {
$limit = $allgAr['Ftanz'];
// Limit
$page = $menu->getA(3) == 'p' ? $menu->getE(3) : 1;
$MPL = db_make_sites($page, "WHERE fid = '{$fid}'", $limit, '?forum-editforum-' . $fid, 'topics');
$anfang = ($page - 1) * $limit;
$q = "SELECT a.id, a.name, a.rep, a.erst, a.hit, a.art, a.stat, b.time, b.erst as last, b.id as pid\r\n FROM prefix_topics a\r\n \tLEFT JOIN prefix_posts b ON a.last_post_id = b.id\r\n \tWHERE a.fid = {$fid}\r\n \tORDER BY a.art DESC, b.time DESC\r\n \tLIMIT " . $anfang . "," . $limit;
if (!isset($_SESSION['klicktime'])) {
$_SESSION['klicktime'] = 0;
}
$topic = '';
$txt = '';
$xnn = '';
if (isset($_POST['topic'])) {
$topic = trim(escape($_POST['topic'], 'string'));
}
if (isset($_POST['txt'])) {
$txt = trim(escape($_POST['txt'], 'textarea'));
}
if (isset($_POST['Gname'])) {
$xnn = trim(escape_nickname($_POST['Gname']));
}
if ($_SESSION['klicktime'] + 15 > $dppk_time or empty($topic) or empty($txt) or !empty($_POST['priview']) or empty($_POST['Gname']) and !loggedin() or !chk_antispam('newtopic')) {
$design = new design($title, $hmenu, 1);
$design->header($load);
$tpl = new tpl('forum/newtopic');
$name = '';
if (!loggedin()) {
$name = '<tr><td class="Cmite"0><b>' . $lang['name'] . '</b></td>';
$name .= '<td class="Cnorm"><input type="text" value="' . unescape($xnn) . '" maxlength="15" name="Gname"></td></tr>';
}
if (isset($_POST['priview'])) {
$tpl->set_out('txt', bbcode(unescape($txt)), 0);
}
$ar = array('name' => $name, 'txt' => escape_for_fields(unescape($txt)), 'topic' => escape_for_fields(unescape($topic)), 'fid' => $fid, 'SMILIES' => getsmilies(), 'antispam' => get_antispam('newtopic', 1));
$tpl->set_ar_out($ar, 1);
} else {
// save toipc
}
function admin_allg_wars_last_komms($ak)
{
$ar = array(0 => 'nein', -1 => 'ab User', -3 => 'ab Trial', -4 => 'ab Member');
$l = '';
foreach ($ar as $k => $v) {
if ($k == $ak) {
$sel = ' selected';
} else {
$sel = '';
}
$l .= '<option' . $sel . ' value="' . $k . '">' . $v . '</option>';
}
return $l;
}
$csrfCheck = chk_antispam('admin_allg', true);
if (empty($_POST['submit']) || !$csrfCheck) {
$gfx = admin_allg_gfx($allgAr['gfx']);
$smodul = admin_allg_smodul($allgAr['smodul']);
$wars_last_komms = admin_allg_wars_last_komms($allgAr['wars_last_komms']);
echo '<table cellpadding="0" cellspacing="0" border="0"><tr><td><img src="include/images/icons/admin/konfiguration.png" /></td><td width="30"></td><td valign="bottom"><h1>Konfiguration</h1></td></tr></table>';
echo '<form action="admin.php?allg" method="POST">';
echo '<table cellpadding="3" cellspacing="1" class="border" border="0">';
# echo '<tr class="Chead"><td colspan="2"><b>Konfiguration</b></td></tr>';
$ch = '';
$abf = 'SELECT * FROM `prefix_config` ORDER BY kat,pos,typ ASC';
$erg = db_query($abf);
while ($row = db_fetch_assoc($erg)) {
if ($ch != $row['kat']) {
echo '<tr><td colspan="2" class="Cdark"><b>' . $row['kat'] . '</b></td></tr>';
}
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
defined('admin') or die('only admin access');
if (isset($_POST['bbwy']) and isset($_POST['filename']) and isset($_POST['akl']) and chk_antispam('adminuser_action', true)) {
// speichern
$akl = $_POST['akl'];
$text = $_POST['bbwy'];
// $text = rteSafe($_POST['text']);
$text = set_properties(array('title' => $_POST['title'], 'hmenu' => $_POST['hmenu'], 'view' => $_POST['view'], 'viewoptions' => $_POST['viewoptions'], 'wysiwyg' => $_POST['wysiwyg'])) . $text;
$text = edit_text(stripslashes($text), true);
$a = substr($akl, 0, 1);
// $e = substr ( $akl, 1 );
// if ( $e != 'neu' ) {
// unlink ( 'include/contents/selfbp/self'.$a.'/'.$e );
// }
if (!empty($_POST['exfilename']) and $_POST['exfilename'] != $_POST['filename']) {
$exfilename = escape($_POST['exfilename'], 'string');
@unlink('include/contents/selfbp/self' . $a . '/' . $exfilename);
}
$filename = get_nametosave($_POST['filename']);
$fname = 'include/contents/selfbp/self' . $a . '/' . $filename;
save_file_to($fname, $text);
if ($_POST['toggle'] == 0) {
$design->header();
wd('admin.php?selfbp=0&akl=' . $a . $filename, 'Ihre Änderungen wurden gespeichert...', 3);
// breite und höhe des bildes
$dimension = @getimagesize($updir . $bannername);
$bildbreite = $dimension['0'];
$bildhohe = $dimension['1'];
// alles in die Datenbank schreiben
$insert_banner = db_query("INSERT INTO `prefix_linkus`\r\n\t\t\t\t\t\t\t(\r\n\t\t\t\t\t\t\t\tname, datei, hoch, breit, link, views, klicks\r\n\t\t\t\t\t\t\t)\r\n\t\t\t\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t\t(\r\n\t\t\t\t\t\t\t\t'" . $upload_name . "', '" . $bannername . "', " . $bildbreite . ", " . $bildhohe . ", '" . $upload_link . "', 0, 0\r\n\t\t\t\t\t\t\t)");
if ($insert_banner === false) {
echo 'Fehler beim speichern in die Datenbank';
}
} else {
echo 'unbekannter Fehler beim verschieben der Datei';
}
}
}
// Banner Update
if (isset($_POST['seteditbanner']) and chk_antispam('adminuser_action', true)) {
// escapes
$edit_id = escape($_POST['hiddeneditid'], 'integer');
$edit_name = escape($_POST['editbannername'], 'string');
$edit_link = escape($_POST['editlink'], 'string');
$get_edit_qry = db_query("SELECT id,name,link,datei FROM `prefix_linkus` WHERE id = " . $edit_id . "");
$edit_row = db_fetch_assoc($get_edit_qry);
if ($_FILES['editbannerfield']['error'] == 4 and $edit_name == $edit_row['name'] and $edit_link == $edit_row['link']) {
wd('admin.php?linkus', 'Keine Änderungen vorgenommen', 3);
$design->footer(1);
} else {
if ($_FILES['editbannerfield']['error'] == 0) {
// alten Banner löschen
@unlink($updir . $row['datei']);
// Dateiname bereits vorhanden ?
if (is_readable($updir . $_FILES['editbannerfield']['name'])) {
$tpl->set('BBCode_ScreenMaxHoehe', $_POST['BBCode_ScreenMaxHoehe']);
}
}
$tpl->out(0);
break;
// > Badwordlist
// > Badwordlist
case 'badword':
// > Design ausgeben!
$design = new design('Ilch Admin-Control-Panel :: BBcode-Badwords', '- Badwords', 2);
$design->header();
$tpl = new tpl('bbcode/badword', 1);
$tpl->set('msgColor', '#0033FF');
$tpl->set('Message', '');
$tpl->set('ANTISPAM', get_antispam('adminuser_action', 0, true));
if (isset($_POST['BB_SubmitBadword']) && $_POST['BBCode_BadPatter'] != "" && $_POST['BBCode_BadReplace'] != "" and chk_antispam('adminuser_action', true)) {
$sql = db_query("SELECT\r\n\t\t\t\t\t\t\t\tfcBadPatter,\r\n\t\t\t\t\t\t\t\tfcBadReplace\r\n\t\t\t\t\t\t\t FROM\r\n\t\t\t\t\t\t\t \tprefix_bbcode_badword\r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tfcBadPatter='" . $_POST['BBCode_BadPatter'] . "'");
$if = db_fetch_assoc($sql);
if (isset($if['fcBadPatter'])) {
$tpl->set('msgColor', '#FF0000');
$tpl->set('Message', 'Badword existiert schon in der Datenbank!');
} else {
db_query("INSERT INTO\r\n\t\t\t\t\t\t\tprefix_bbcode_badword\r\n\t\t\t\t\t\t\t\t(fcBadPatter,fcBadReplace)\r\n\t\t\t\t\t\t\tVALUES\r\n\t\t\t\t\t\t\t\t('" . $_POST['BBCode_BadPatter'] . "','" . $_POST['BBCode_BadReplace'] . "');");
$tpl->set('msgColor', '#0033FF');
$tpl->set('Message', 'Badword wurde erfolgreich gespeichert!');
}
}
// > Badword Löschen!
if ($menu->get(2) == "delete") {
db_query('DELETE FROM `prefix_bbcode_badword` WHERE `fnBadwordNr` = "' . $menu->get(3) . '"');
}
function kalender_listoutput()
{
global $komsOK, $tpl, $eid, $data, $data_id, $gday, $month, $year, $days, $arr_day, $title_liste, $view, $allgAr;
//Listbegin
$tpl->set_ar_out(array('TITLE' => $eid ? $data_id[$eid]['title'] : $title_liste, 'TITLE_ALIGN' => $eid ? '' : ' align="center"'), "listbegin");
//Detail
if ($eid) {
$aus['display'] = 'style="display:none"';
$aus['DETAIL_DATE'] = date('d.m.Y', $data_id[$eid]['time']);
$aus['DETAIL_TIME'] = date('H:i', $data_id[$eid]['time']);
$aus['DETAIL_TEXT'] = BBcode($data_id[$eid]['text']);
$aus['ID'] = $eid;
$viewl = $allgAr['kalender_standard_list'];
if (preg_match('%\\?kalender-v([0|1])%i', $_SERVER['HTTP_REFERER'], $match)) {
$viewl = $match[1];
}
$aus['BACK_LINK'] = 'index.php?kalender-v' . $viewl . '-m' . date('m', $data_id[$eid]['time']) . '-y' . date('Y', $data_id[$eid]['time']);
if (!$komsOK) {
$tpl->set_ar_out($aus, 'detail');
} else {
if ((loggedin() or chk_antispam('kalender_komms')) and $komsOK and !empty($_POST['name']) and !empty($_POST['text'])) {
if (loggedin()) {
$name = $_SESSION['authname'];
$userid = $_SESSION['authid'];
} else {
$name = escape($_POST['name'], 'string') . ' (Gast)';
$userid = 0;
}
$text = escape($_POST['text'], 'string');
db_query("INSERT INTO `prefix_koms` (`name`,`userid`,`text`,`time`,`uid`,`cat`) VALUES ('" . $name . "', " . $userid . ", '" . $text . "','" . time() . "', " . $eid . ", 'KALENDER')");
}
if (loggedin()) {
$aus['uname'] = $_SESSION['authname'];
$aus['readonly'] = 'readonly';
} else {
$aus['uname'] = '';
$aus['readonly'] = '';
}
$aus['ANTISPAM'] = get_antispam('kalenderkom', 0);
$aus['text'] = bbcode($aus['text']);
$tpl->set_ar_out($aus, 'detail');
$tpl->set_ar_out($aus, 'commentstart');
$erg = db_query("SELECT `id`, `name`, `userid`, `text`, `time` FROM `prefix_koms` WHERE `uid` = " . $eid . " AND `cat` = 'KALENDER' ORDER BY `id` DESC");
$anz = db_num_rows($erg);
if ($anz == 0) {
echo 'Keine Kommentare vorhanden';
} else {
while ($r1 = db_fetch_assoc($erg)) {
if (has_right(-7, 'kalender')) {
$del = ' <a href="index.php?kalender-v1-e' . $eid . '-d' . $r1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>';
}
$r1['zahl'] = $anz;
$r1['avatar'] = get_avatar($r1['userid']);
$r1['time'] = post_date($r1['time'], 1) . $del;
$r1['text'] = bbcode($r1['text']);
$tpl->set_ar_out($r1, 'comments');
$anz--;
}
}
}
$tpl->out('commentend');
// Kommentare Ende
} elseif ($view == 0) {
for ($i = 0; $i < $days; $i++) {
$date = mktime(0, 0, 0, $month, $i + 1, $year);
$text = '';
if (isset($data[$date])) {
foreach ($data[$date] as $eventinfo) {
$text .= eventlink($tpl, $view, $eventinfo);
// bbcode anwenden
$eventinfo["text"] = BBCode($eventinfo["text"]);
$tooltips .= $tpl->set_ar_get($eventinfo, "tooltip");
}
}
$aus['LIST_I'] = $i + 1;
$aus['LIST_D'] = $arr_day[date('w', mktime(0, 0, 0, $month, $i + 1, $year))];
$aus['LIST_T'] = $text;
$class = $i % 2 ? 'Cnorm' : 'Cmite';
$aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class;
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
}
showTooltips($tpl, $tooltips);
} elseif ($view == 1) {
// Nur ein Tag
if (isset($data) && !empty($gday)) {
$date = mktime(0, 0, 0, $month, $gday, $year);
$i = 1;
$tooltips = '';
if (isset($data[$date])) {
foreach ($data[$date] as $eventinfo) {
$text = '';
$text .= eventlink($tpl, $view, $eventinfo);
$aus['LIST_I'] = $arr_day[date('w', $date)];
$aus['LIST_D'] = date('H:i', $eventinfo['time']);
$aus['LIST_T'] = $text;
$class = $i % 2 ? 'Cnorm' : 'Cmite';
$aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class;
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
$i++;
// bbcode anwenden
$eventinfo["text"] = BBCode($eventinfo["text"]);
$tooltips .= $tpl->set_ar_get($eventinfo, "tooltip");
}
}
showTooltips($tpl, $tooltips);
// Ganze Liste
} elseif (isset($data)) {
$i = 1;
foreach ($data as $date => $data1) {
$text = '';
foreach ($data1 as $eventinfo) {
$text .= eventlink($tpl, $view, $eventinfo);
}
$aus['LIST_I'] = date('d.m.Y', $date);
$aus['LIST_D'] = $arr_day[date('w', $date)];
$aus['LIST_T'] = $text;
$class = $i % 2 ? 'Cnorm' : 'Cmite';
$aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class;
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
$i++;
// bbcode anwenden
$eventinfo["text"] = BBCode($eventinfo["text"]);
$tooltips .= $tpl->set_ar_get($eventinfo, "tooltip");
}
showTooltips($tpl, $tooltips);
} else {
$aus['LIST_I'] = '-';
$aus['LIST_D'] = '-';
$aus['LIST_T'] = '-';
$aus['LIST_CLASS'] = 'Cnorm';
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
}
}
$tpl->out('listend');
}
exit;
}
$far = array('clanname', 'clanpage', 'clantag', 'clancountry', 'mailaddy', 'icqnumber', 'squad', 'meetingplace', 'message', 'xonx', 'game', 'matchtype', 'date', 'stunde', 'minute');
$x = 0;
$fightusspam = false;
$fehler = '';
foreach ($far as $v) {
if (!empty($_POST[$v])) {
${$v} = escape($_POST[$v], 'string');
$x++;
} else {
${$v} = '';
}
}
if (isset($_POST['submit'])) {
if (chk_antispam('fightus') != true) {
$fehler .= '· ' . $lang['incorrectspam'] . '<br/>';
$fightusspam = false;
} else {
$fightusspam = true;
}
}
if (count($far) == $x and $fightusspam == true) {
$squad = escape($squad, 'integer');
$abf = "SELECT `mod1`,`mod2`, `mod3`,`name` FROM `prefix_groups` WHERE `id` = " . $squad;
$erg = db_query($abf);
$row = db_fetch_assoc($erg);
$txt = $lang['fightusrequest'];
$sekunde = '00';
$datum = get_datum($date) . ' - ' . $stunde . ':' . $minute . ':' . $sekunde;
$clanpage = get_homepage($clanpage);
if (empty($_POST['wer'])) {
$fehler .= '· ' . $lang['emptywer'] . '<br/>';
}
if (empty($_POST['name'])) {
$fehler .= '· ' . $lang['emptyname'] . '<br/>';
}
if (empty($_POST['mail'])) {
$fehler .= '· ' . $lang['emptyemail'] . '<br/>';
}
if (empty($_POST['subject'])) {
$fehler .= '· ' . $lang['emptysubject'] . '<br/>';
}
if (empty($_POST['txt'])) {
$fehler .= '· ' . $lang['emptymessage'] . '<br/>';
}
if (chk_antispam('contact') != true) {
$fehler .= '· ' . $lang['incorrectspam'] . '<br/>';
}
//
if ($fehler == '') {
$name = escape_for_email($_POST['name']);
$mail = escape_for_email($_POST['mail']);
$subject = escape_for_email($_POST['subject'], true);
$wer = escape_for_email($_POST['wer']);
$text = $_POST['txt'];
$wero = false;
foreach ($k as $a) {
$e = explode('|', $a);
if (md5($e[0]) == $wer) {
$wero = true;
$wer = $e[0];
<?php
// Copyright by Manuel
// Support www.ilch.de
defined('main') or die('no direct access');
if (loggedin()) {
$shoutbox_VALUE_name = $_SESSION['authname'];
} else {
$shoutbox_VALUE_name = 'Nickname';
}
if (has_right($allgAr['sb_recht'])) {
if (!empty($_POST['shoutbox_submit']) and chk_antispam('shoutbox')) {
$shoutbox_nickname = escape($_POST['shoutbox_nickname'], 'string');
$shoutbox_nickname = substr($shoutbox_nickname, 0, 15);
$shoutbox_textarea = escape($_POST['shoutbox_textarea'], 'textarea');
$shoutbox_textarea = preg_replace("/\\[.?(url|b|i|u|img|code|quote)[^\\]]*?\\]/i", "", $shoutbox_textarea);
$shoutbox_textarea = strip_tags($shoutbox_textarea);
if (!empty($shoutbox_nickname) and !empty($shoutbox_textarea)) {
db_query('INSERT INTO `prefix_shoutbox` (`nickname`,`textarea`) VALUES ( "' . $shoutbox_nickname . '" , "' . $shoutbox_textarea . '" ) ');
header('Location: index.php?' . $menu->get_complete());
}
}
echo '<form action="index.php?' . $menu->get_complete() . '" method="POST">';
echo '<input type="text" size="15" name="shoutbox_nickname" value="' . $shoutbox_VALUE_name . '" onFocus="if (value == \'' . $shoutbox_VALUE_name . '\') {value = \'\'}" onBlur="if (value == \'\') {value = \'' . $shoutbox_VALUE_name . '\'}" maxlength="15">';
echo '<br /><textarea style="width: 80%" cols="15" rows="2" name="shoutbox_textarea"></textarea><br />';
$antispam = get_antispam('shoutbox', 0);
echo $antispam;
if (!empty($antispam)) {
echo '<br />';
}
echo '<input type="submit" value="' . $lang['formsub'] . '" name="shoutbox_submit">';
}
$row['ssurl'] = $row['ssurl'] != '' ? '<img src="' . $row['ssurl'] . '" alt="' . $row['name'] . ' ' . $row['version'] . '" title="' . $row['name'] . ' ' . $row['version'] . '" style="float:left; border: none; padding-right:5px;" />' : '';
$row['surl'] = empty($row['surl']) ? '' : ' <a href="' . $row['surl'] . '" target="_blank">Demo/Screenshot</a>';
$row['size'] = get_download_size($row['url']);
$row['descl'] = bbcode($row['descl']);
$row['version_kl'] = empty($row['version']) ? '' : '(' . $row['version'] . ')';
$title = $allgAr['title'] . ' :: Downloads ' . $cattitle;
$hmenu = '<a class="smalfont" href="?downloads">Downloads</a>' . $catname;
$design = new design($title, $hmenu);
$header = array('jquery/jquery.validate.js', 'forms/downloads.js');
$design->header($header);
$tpl->set_ar_out($row, 0);
// Kommentare
if ($komsOK) {
$id = escape($menu->get(2), 'integer');
if (chk_antispam('downloads') and isset($_POST['name']) and isset($_POST['text'])) {
if (loggedin()) {
$name = $_SESSION['authname'];
$userid = $_SESSION['authid'];
} else {
$name = escape($_POST['name'], 'string') . ' (Gast)';
$userid = 0;
}
$text = escape($_POST['text'], 'string');
db_query("INSERT INTO `prefix_koms` (`name`,`userid`,`text`,`time`,`uid`,`cat`) VALUES ('" . $name . "', " . $userid . ", '" . $text . "','" . time() . "', " . $id . ", 'DOWNLOAD')");
}
if ($menu->getA(3) == 'd' and is_numeric($menu->getE(3)) and has_right(-7, 'downloads')) {
$did = escape($menu->getE(3), 'integer');
db_query("DELETE FROM `prefix_koms` WHERE `uid` = " . $id . " AND `cat` = 'DOWNLOAD' AND `id` = " . $did);
}
$r['ANTISPAM'] = get_antispam('downloads', 0);
case 'edit':
if ($getid != 0 and !empty($getid)) {
$getpicname = db_result(db_query("SELECT logo FROM `prefix_opponents` WHERE id = " . $getid . ""));
$editqry = db_query("SELECT * FROM `prefix_opponents` WHERE id = " . $getid . "");
$outar = db_fetch_assoc($editqry);
$outar['nationen'] = '';
$flagsar = get_nationality_array();
foreach ($flagsar as $key => $value) {
if ($outar['nation'] == $key) {
$outar['nationen'] .= '<option value="' . $key . '" selected="selected">' . $value . '</option>';
} else {
$outar['nationen'] .= '<option value="' . $key . '" >' . $value . '</option>';
}
}
$outar['aktuellesLogo'] = '<img src="include/images/opponents/thumb_' . $outar['logo'] . '"/>';
if (isset($_POST['editsubmit']) and chk_antispam('adminuser_action', true)) {
$editclantag = @escape($_POST['editgegnertag'], 'string');
$editclanname = @escape($_POST['editclanname'], 'string');
$editurl = escape($_POST['editwebsite'], 'url');
$editnation = escape($_POST['editnation'], 'string');
$editicq = escape($_POST['editicq'], 'integer');
$editemail = escape_for_email($_POST['editemail']);
$updir = 'include/images/opponents/';
$this_id = $getid;
$outar['thumbwidth'] = 100;
if (!empty($_FILES['editlogo']['tmp_name'])) {
$uploadname = $getid . '_' . $_FILES["editlogo"]["name"];
if ($getpicname != '.no-image-opponent.png' and $getpicname != 'thumb_.no-image-opponent.png') {
@unlink('include/images/opponents/' . $getpicname . '');
@unlink('include/images/opponents/thumb_' . $getpicname . '');
}
$row = db_fetch_object(db_query("SELECT `t1` FROM `prefix_allg` WHERE `k` = 'kontakt'"));
$k = explode('#', $row->t1);
$k[$_GET['wo']] = $_POST['mail'] . '|' . $_POST['name'];
$nk = implode('#', $k);
db_query("UPDATE `prefix_allg` SET `t1` = '" . $nk . "' WHERE `k` = 'kontakt'");
break;
}
case 2:
$row = db_fetch_object(db_query("SELECT `t1` FROM `prefix_allg` WHERE `k` = 'kontakt'"));
$k = explode('#', $row->t1);
unset($k[$_GET['del']]);
$nk = implode('#', $k);
db_query("UPDATE `prefix_allg` SET `t1` = '" . $nk . "' WHERE `k` = 'kontakt'");
break;
case 3:
if (chk_antispam('adminuser_action', true)) {
$row = db_fetch_object(db_query("SELECT `t1` FROM `prefix_allg` WHERE `k` = 'kontakt'"));
$nk = $row->t1 . '#' . $_POST['mail'] . '|' . $_POST['name'];
db_query("UPDATE `prefix_allg` SET `t1` = '" . $nk . "' WHERE `k` = 'kontakt'");
break;
}
case 5:
db_query('UPDATE `prefix_allg` SET ' . $feld . ' = "' . $ak . '" WHERE `k` = "kontakt"');
break;
}
$tpl = new tpl('contact', 1);
$tpl->set('ANTISPAM', get_antispam('adminuser_action', 0, true));
$tpl->out(0);
$row = db_fetch_object(db_query("SELECT `t1`,`v2`,`v1` FROM `prefix_allg` WHERE `k` = 'kontakt'"));
$k = explode('#', $row->t1);
$b = explode('#', $row->v2);
<?php
# Copyright by: Manuel
# Support: www.ilch.de
defined('main') or die('no direct access');
if ($forum_rights['mods'] == FALSE) {
$forum_failure[] = 'Keine Berechtigung dieses Forum zu moderiren';
check_forum_failure($forum_failure);
}
$title = $allgAr['title'] . ' :: Forum :: ' . $aktForumRow['kat'] . ' :: ' . $aktForumRow['name'] . ' :: ' . $aktTopicRow['name'] . ' :: Beitrag löschen';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="index.php?forum">Forum</a><b> » </b><a class="smalfont" href="index.php?forum-showcat-' . $aktForumRow['cid'] . '">' . $aktForumRow['kat'] . '</a><b> » </b><a class="smalfont" href="index.php?forum-showtopics-' . $fid . '">' . $aktForumRow['name'] . '</a><b> » </b>';
$hmenu .= '<a class="smalfont" href="index.php?forum-showposts-' . $tid . '">' . $aktTopicRow['name'] . '</a> <b> » </b>Beitrag löschen' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$postid = escape($menu->get(3), 'integer');
$csrfCheck = chk_antispam('forum_del_post', true);
if (empty($_POST['delete']) || !$csrfCheck) {
$tpl = new tpl('forum/del_post');
$tpl->set_ar(array('tid' => $tid, 'get3' => $postid, 'antispam' => get_antispam('forum_del_post', 0, true)));
$tpl->out(0);
} elseif ($csrfCheck) {
$erstid = @db_result(db_query("SELECT erstid FROM `prefix_posts` WHERE id = " . $postid . " LIMIT 1"), 0);
if ($erstid > 0) {
db_query("UPDATE `prefix_user` SET posts = posts - 1 WHERE id = {$erstid}");
}
db_query("DELETE FROM `prefix_posts` WHERE id = " . $postid . " LIMIT 1");
$erg = db_query("SELECT MAX(id) FROM prefix_posts WHERE tid = " . $tid);
$max = db_result($erg, 0);
db_query("UPDATE `prefix_topics` SET last_post_id = " . $max . ", `rep` = `rep` - 1 WHERE id = " . $tid);
db_query("UPDATE `prefix_forums` SET last_post_id = " . $max . ", posts = posts - 1 WHERE id = " . $fid);
$tpl = new tpl('forum/del_post');
opt_pm = "' . $opt_pm . '",
opt_pm_popup = "' . $opt_pm_popup . '",
gebdatum = "' . $gebdatum . '",
sig = "' . $sig . '"
' . $avatar_sql_update . '
WHERE id = "' . $uid . '"');
}
}
wd('admin.php?user-1-' . $uid, 'Das Profil wurde erfolgreich geaendert', 2);
$design->footer();
break;
// mal kurz nen neuen user anlegen
// mal kurz nen neuen user anlegen
case 'createNewUser':
$msg = '';
if (!empty($_POST['name']) and !empty($_POST['pass']) and !empty($_POST['email']) and chk_antispam('adminuser_create', true)) {
$_POST['name'] = escape($_POST['name'], 'string');
$_POST['recht'] = escape($_POST['recht'], 'integer');
$_POST['email'] = escape($_POST['email'], 'string');
$erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '" . $_POST['name'] . "'");
if (db_num_rows($erg) > 0) {
$msg = 'Der Name ist leider schon vorhanden!';
} else {
$new_pass = $_POST['pass'];
$passwordHash = user_pw_crypt($new_pass);
db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email)\r\n\t\t VALUES('" . $_POST['name'] . "','" . $passwordHash . "'," . $_POST['recht'] . ",'" . time() . "','" . time() . "','" . $_POST['email'] . "')");
$userid = db_last_id();
db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",2,'1')");
db_query("INSERT INTO prefix_userfields (uid,fid,val) VALUES (" . $userid . ",3,'1')");
if (isset($_POST['info'])) {
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
if (is_siteadmin()) {
//Einträge löschen (ajax)
if (isset($_POST['del'])) {
if (chk_antispam('shoutboxarchive', true)) {
if (isset($_POST['all'])) {
//alle
$save = escape($_POST['all'], 'i');
$anz = db_result(db_query("SELECT COUNT(*) FROM `prefix_shoutbox`"), 0) - $save;
if ($anz > 0) {
db_query("DELETE FROM `prefix_shoutbox` ORDER BY `id` LIMIT " . $anz);
}
echo '"reload"';
} else {
//einzeln oder ausgewählte
$ids = escape($_POST['chk'], 'i');
if (is_int($ids) and $ids > 0) {
$ids = array($ids);
}
if (!empty($ids)) {
db_query('DELETE FROM `prefix_shoutbox` WHERE `id` IN (' . implode(',', $ids) . ')');
echo json_encode($ids);
} else {
echo '"error"';
$name = escape($_POST['name'], 'string');
$mail = escape($_POST['mail'], 'string');
$page = escape($_POST['page'], 'string');
db_query("INSERT INTO prefix_gbook (`name`,`mail`,`page`,`time`,`ip`,`txt`) VALUES ('" . $name . "', '" . $mail . "', '" . $page . "', '" . time() . "', '" . getip() . "', '" . $txt . "')");
$_SESSION['klicktime_gbook'] = $dppk_time;
wd('index.php?gbook', $lang['insertsuccessful']);
} else {
echo '- ' . $lang['donotpostsofast'];
echo '<br />- ' . sprintf($lang['gbooktexttolong'], $allgAr['Gtxtl']);
echo '<br />- ' . $lang['plsfilloutallfields'];
}
break;
case 'show':
if ($allgAr['gbook_koms_for_inserts'] == 1) {
$id = escape($menu->get(2), 'integer');
if (chk_antispam('gbookkom') and isset($_POST['name']) and isset($_POST['text'])) {
$name = escape($_POST['name'], 'string');
$text = escape($_POST['text'], 'string');
db_query("INSERT INTO prefix_koms (name,text,uid,cat) VALUES ('" . $name . "', '" . $text . "', " . $id . ", 'GBOOK')");
}
if ($menu->getA(3) == 'd' and is_numeric($menu->getE(3)) and has_right(-7, 'gbook')) {
$did = escape($menu->getE(3), 'integer');
db_query("DELETE FROM prefix_koms WHERE uid = " . $id . " AND cat = 'GBOOK' AND id = " . $did);
}
$r = db_fetch_assoc(db_query("SELECT time, name, mail, page, txt as text, id FROM prefix_gbook WHERE id = " . $id));
$r['datum'] = date('d.m.Y', $r['time']);
if ($r['page'] != '') {
$r['page'] = get_homepage($r['page']);
$r['page'] = ' <a href="' . $r['page'] . '" target="_blank"><img src="include/images/icons/page.gif" border="0" alt="Homepage ' . $lang['from'] . ' ' . $r['name'] . '"></a>';
}
if ($r['mail'] != '') {
}
$x++;
}
}
}
}
// AJAX Start
$xajax = new xajax('http://' . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"] . '?kalender=0');
$xajax->registerFunction("XAJAX_showCalendar");
$xajax->processRequest();
// DESIGN
$design = new design('Ilch Admin-Control-Panel :: Kalender', '', 2);
$design->header();
// AJAX ausgabe
echo $xajax->printJavascript();
if (!empty($_REQUEST['um']) and chk_antispam('adminuser_action', true)) {
$sar = explode('-', $_POST['begind']);
if (!@checkdate($sar[1], $sar[2], $sar[0])) {
echo 'Das eingegebene Datum ist nicht gültig ';
echo '<a href="javascript:history.back()">zurück</a>';
$design->footer(1);
}
if (!empty($_POST['zende'])) {
$ear = explode('-', $_POST['zende']);
if (!@checkdate($ear[1], $ear[2], $ear[0])) {
echo 'Das eingegebene Datum für das Zyklusende ist nicht gültig ';
echo '<a href="javascript:history.back()">zurück</a>';
$design->footer(1);
}
}
$z = '';
# Copyright by: Manuel
# Support: www.ilch.de
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Kontakt';
$hmenu = 'Kontakt';
$design = new design($title, $hmenu);
$design->header();
$erg = db_query("SELECT v2,t1,v1 FROM prefix_allg WHERE k = 'kontakt'");
$row = db_fetch_assoc($erg);
$k = explode('#', $row['t1']);
$name = '';
$mail = '';
$subject = '';
$wer = '';
$text = '';
if (!empty($_POST['wer']) and !empty($_POST['mail']) and !empty($_POST['txt']) and !empty($_POST['name']) and !empty($_POST['subject']) and chk_antispam('contact')) {
$name = escape_for_email($_POST['name']);
$mail = escape_for_email($_POST['mail']);
$subject = escape_for_email($_POST['subject'], true);
$wer = escape_for_email($_POST['wer']);
$text = $_POST['txt'];
$wero = FALSE;
foreach ($k as $a) {
$e = explode('|', $a);
if (md5($e[0]) == $wer) {
$wero = TRUE;
$wer = $e[0];
break;
}
}
if (strpos($text, 'Content-Type:') === FALSE and strpos($text, 'MIME-Version:') === FALSE and strpos($mail, '@') !== FALSE and $wero === TRUE and strlen($name) <= 30 and strlen($mail) <= 30 and strlen($text) <= 5000 and $mail != $name and $name != $text and $text != $mail) {
if (0 == db_count_query("SELECT COUNT(*) FROM prefix_groups WHERE show_fightus = 1")) {
echo $lang['noteamthere'];
$design->footer();
exit;
}
$far = array('clanname', 'clanpage', 'clantag', 'clancountry', 'mailaddy', 'icqnumber', 'squad', 'meetingplace', 'message', 'xonx', 'matchtype', 'game', 'meetingtime');
$x = 0;
foreach ($far as $v) {
if (!empty($_POST[$v])) {
${$v} = escape($_POST[$v], 'string');
$x++;
} else {
${$v} = '';
}
}
if (count($far) == $x and chk_antispam('fightus')) {
$squad = escape($squad, 'integer');
$abf = "SELECT `mod1`,`mod2`, `mod3`,name FROM prefix_groups WHERE id = " . $squad;
$erg = db_query($abf);
$row = db_fetch_assoc($erg);
$txt = $lang['fightusrequest'];
list($datum, $zeit) = explode(' - ', $meetingtime);
$datum = get_datum($datum);
$datum = $datum . " " . $zeit;
$clanpage = get_homepage($clanpage);
# als upcoming war vormerken (kategorie 1)
db_query("INSERT INTO prefix_wars (datime,`status`,gegner,tag,page,mail,icq,wo,tid,`mod`,game,mtyp,land,txt) VALUES ('" . $datum . "','1','" . $clanname . "','" . $clantag . "','" . $clanpage . "','" . $mailaddy . "','" . $icqnumber . "','" . $meetingplace . "','" . $squad . "','" . $xonx . "','" . $game . "','" . $matchtype . "','" . $clancountry . "','" . $message . "')");
# pm an den leader
sendpm($_SESSION['authid'], $row['mod1'], 'Fightus Anfrage', $txt, -1);
# Wenn Co Leader != Leader
if ($row['mod1'] != $row['mod2']) {
$sel = '';
}
$liste .= '<option' . $sel . ' value="' . $k . '">' . $v . '</option>';
}
return $liste;
}
$um = $menu->get(1);
if ($menu->get(1) == 'del') {
db_query('DELETE FROM `prefix_poll` WHERE `poll_id` = "' . $_GET['del'] . '"');
db_query('DELETE FROM `prefix_poll_res` WHERE `poll_id` = "' . $_GET['del'] . '"');
}
if ($menu->get(1) == 5) {
db_query('UPDATE `prefix_poll` SET `stat` = "' . $_GET['ak'] . '" WHERE `poll_id` = "' . $_GET['id'] . '"');
}
// A L L E V O T E S W E R D E N A N G E Z E I G T
if (isset($_POST['sub']) and chk_antispam('adminuser_action', true)) {
$_POST['frage'] = escape($_POST['frage'], 'string');
$_POST['poll_recht'] = escape($_POST['poll_recht'], 'integer');
$_POST['vid'] = escape($_POST['vid'], 'integer');
if (empty($_POST['vid'])) {
db_query('INSERT INTO `prefix_poll` (`frage`,`recht`,`stat`,`text`) VALUES ( "' . $_POST['frage'] . '" , "' . $_POST['poll_recht'] . '" , "1" ,"") ');
$poll_id = db_last_id();
$i = 1;
foreach ($_POST['antw'] as $v) {
if (!empty($v)) {
$v = escape($v, 'string');
db_query('INSERT INTO `prefix_poll_res` (`sort`,`poll_id`,`antw`,`res`) VALUES ( "' . $i . '" , "' . $poll_id . '" , "' . $v . '" , "" ) ');
$i++;
}
}
} else {
echo 'Dieser Bereich ist nicht fuer dich...';
$design->footer();
exit;
}
$authMethods = array('no' => 'keine', 'auth' => 'einfache Authentifizierung', 'tls' => 'TLS', 'ssl' => 'SSL');
$keys = array('smtp_host', 'smtp_port', 'smtp_auth', 'smtp_pop3beforesmtp', 'smtp_pop3host', 'smtp_pop3port', 'smtp_login', 'smtp_email', 'smtp_login', 'smtp_pass', 'smtp_changesubject');
//Daten aus Datenbank lesen
$qry = db_query('SELECT `t1` FROM `prefix_allg` WHERE `k` = "smtpconf"');
if (db_num_rows($qry) == 0 or ($smtpser = db_result($qry)) == '') {
$smtp = array_fill_keys($keys, '');
$smtp['smtp_changesubject'] = 1;
} else {
$smtp = unserialize($smtpser);
}
//Formular verabeiten
if (isset($_POST['subform']) and chk_antispam('smtpconf', true)) {
if (!empty($_POST['smtp_pass'])) {
require_once 'include/includes/class/AzDGCrypt.class.inc.php';
$cr64 = new AzDGCrypt(DBDATE . DBUSER . DBPREF);
$smtp['smtp_pass'] = $cr64->crypt($_POST['smtp_pass']);
}
unset($_POST['smtp_pass']);
foreach ($keys as $key) {
if (isset($_POST[$key])) {
$smtp[$key] = $_POST[$key];
}
}
if (!isset($_POST['smtp_pop3beforesmtp'])) {
$smtp['smtp_pop3beforesmtp'] = 0;
}
$smtpsql = escape(serialize($smtp), 'textarea');
${$v} = escape($_POST[$v], 'string');
$x++;
} else {
${$v} = '';
}
}
$xname = escape_nickname($name);
$ch_name = false;
$joinusspam = true;
if (loggedin()) {
$ch_name = true;
} elseif (isset($_POST['sub']) and $name == $xname and !empty($name) and 0 == db_result(db_query("SELECT COUNT(*) FROM `prefix_user` WHERE `name_clean` = BINARY '" . get_lower($name) . "'"), 0)) {
$ch_name = true;
}
if (isset($_POST['sub'])) {
if (chk_antispam('joinus') != true) {
$fehler .= '· ' . $lang['incorrectspam'] . '<br/>';
$joinusspam = false;
}
}
if (count($far) != $x or $ch_name == false or $joinusspam == false) {
$tpl = new tpl('joinus.htm');
$skill = '<option></option>';
$skill .= arlistee($skill, $skill_ar);
$squad = '<option></option>';
$squad .= dblistee($squad, "SELECT `id`,`name` FROM `prefix_groups` WHERE `show_joinus` = 1 ORDER BY `pos`");
if (loggedin()) {
$name = $_SESSION['authname'];
}
foreach ($far as $v) {
if ($x > 0 and empty($_POST[$v])) {
</select>
\t\t\t<input type="checkbox" name="andhigher" id="cb_andhigher" value="1" />
\t\t\t<label for="cb_andhigher">und für alle höheren Rechte</label>
END;
}
$objResponse->assign('list', 'innerHTML', $content);
$objResponse->setEvent('nl_auswahl', 'onchange', 'checkEmail();');
return $objResponse;
}
$xajax = new xajax('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'] . '?newsletter=0');
$xajax->configureMany(array('characterEncoding' => 'ISO-8859-1', 'decodeUTF8Input' => true));
$xajax->registerFunction('XAJAX_changeList');
$xajax->processRequest();
$design = new design('Admins Area', 'Admins Area', 2);
$design->header();
if (isset($_POST['SEND']) and chk_antispam('newsletter', true)) {
$mailopm = substr($_POST['auswahl'], 0, 1);
$usrogrp = substr($_POST['auswahl'], 1, 1);
if ($_POST['auswahl'] == 'Enews') {
$q = "SELECT `email` FROM `prefix_newsletter`";
} elseif ($usrogrp == 'u') {
$q = "SELECT `email`,`name` as `uname`,`id` as `uid` FROM `prefix_user` WHERE `recht` <= '-1'";
} elseif ($usrogrp == 'g') {
$gid = substr($_POST['auswahl'], 2, strlen($_POST['auswahl']) - 1);
$q = "SELECT `b`.`email`, `b`.`name` as `uname`, `b`.`id` as `uid` FROM `prefix_groupusers` `a` LEFT JOIN `prefix_user` `b` ON `a`.`uid` = `b`.`id` WHERE `a`.`gid` = '{$gid}'";
} elseif ($usrogrp == 'r') {
$q = "SELECT `email`,`id` as `uid` FROM `prefix_user` WHERE `recht` " . (isset($_POST['andhigher']) ? '<' : '') . "= '" . substr($_POST['auswahl'], 2, strlen($_POST['auswahl']) - 1) . "'";
}
$erg = db_query($q);
$zahler = 0;
if (db_num_rows($erg) > 0) {
$nid = escape($menu->get(1), 'integer');
$row = db_fetch_object(db_query("SELECT * FROM `prefix_news` WHERE news_id = '" . $nid . "'"));
if (has_right(array($row->news_recht))) {
$komsOK = true;
if ($allgAr['Ngkoms'] == 0) {
if (loggedin()) {
$komsOK = true;
} else {
$komsOK = false;
}
}
if ($allgAr['Nukoms'] == 0) {
$komsOK = false;
}
# kommentar add
if ((loggedin() or chk_antispam('newskom')) and $komsOK and !empty($_POST['name']) and !empty($_POST['txt'])) {
$_POST['txt'] = escape($_POST['txt'], 'string');
$_POST['name'] = escape($_POST['name'], 'string');
db_query("INSERT INTO `prefix_koms` (`uid`,`cat`,`name`,`text`) VALUES (" . $nid . ",'NEWS','" . $_POST['name'] . "','" . $_POST['txt'] . "')");
}
# kommentar add
# kommentar loeschen
if ($menu->getA(2) == 'd' and is_numeric($menu->getE(2)) and has_right(-7, 'news')) {
$kommentar_id = escape($menu->getE(2), 'integer');
db_query("DELETE FROM prefix_koms WHERE uid = " . $nid . " AND cat = 'NEWS' AND id = " . $kommentar_id);
}
# kommentar loeschen
$kategorie = news_find_kat($row->news_kat);
$textToShow = bbcode($row->news_text);
$textToShow = str_replace('[PREVIEWENDE]', '', $textToShow);
if (!empty($such)) {
foreach ($far as $v) {
if (!empty($_POST[$v])) {
${$v} = escape($_POST[$v], 'string');
$x++;
} else {
${$v} = '';
}
}
$xname = escape_nickname($name);
$ch_name = false;
if (loggedin()) {
$ch_name = true;
} elseif (isset($_POST['sub']) and $name == $xname and !empty($name) and 0 == db_result(db_query("SELECT COUNT(*) FROM prefix_user WHERE name = BINARY '" . $name . "'"), 0)) {
$ch_name = true;
}
if (count($far) != $x or $ch_name == false or !chk_antispam('joinus')) {
$tpl = new tpl('joinus.htm');
$skill = arlistee($skill, $skill_ar);
$squad = '<option value="0">choose</option>';
$squad .= dblistee($squad, "SELECT id,name FROM prefix_groups WHERE show_joinus = 1 ORDER BY pos");
if (loggedin()) {
$name = $_SESSION['authname'];
}
foreach ($far as $v) {
if ($x > 0 and empty($_POST[$v])) {
echo 'missing: ' . $lang[$v] . '<br />';
}
$tpl->set($v, ${$v});
}
if ($x > 0 and $name != $xname) {
echo $lang['wrongnickname'] . '<br />';
