public function transform(BeatmapDiscussionPost $post)
 {
     if (!priv_check('BeatmapDiscussionPostShow', $post)->can()) {
         return [];
     }
     return ['id' => $post->id, 'beatmap_discussion_id' => $post->beatmap_discussion_id, 'user_id' => $post->user_id, 'last_editor_id' => presence($post->last_editor_id, $post->user_id), 'deleted_by_id' => $post->deleted_by_id, 'system' => $post->system, 'message' => $post->message, 'created_at' => json_time($post->created_at), 'updated_at' => json_time($post->updated_at), 'deleted_at' => json_time($post->deleted_at)];
 }
Exemple #2
0
 public function updatePage()
 {
     $user = Auth::user();
     priv_check('UserPageEdit', $user)->ensureCan();
     $user = $user->updatePage(Request::input('body'));
     return ['html' => $user->userPage->bodyHTML];
 }
 public function update($id)
 {
     $post = BeatmapDiscussionPost::findOrFail($id);
     priv_check('BeatmapDiscussionPostEdit', $post)->ensureCan();
     $post->update($this->postParams($post->beatmapDiscussion, false));
     return ['beatmapset_discussion' => $post->beatmapsetDiscussion->defaultJson()];
 }
 public function destroy($id)
 {
     $user = Auth::user();
     $entry = UserContestEntry::where(['user_id' => $user->user_id])->findOrFail($id);
     $contest = Contest::findOrFail($entry->contest_id);
     priv_check('ContestEntryDestroy', $entry)->ensureCan();
     $entry->deleteWithFile();
     return $contest->userEntries($user);
 }
 public function show($id)
 {
     $forum = Forum::with('subForums')->findOrFail($id);
     $sort = explode('_', Request::input('sort'));
     $withReplies = Request::input('with_replies', '');
     priv_check('ForumView', $forum)->ensureCan();
     $cover = json_item($forum->cover()->firstOrNew([]), new ForumCoverTransformer());
     $pinnedTopics = $forum->topics()->pinned()->orderBy('topic_type', 'desc')->recent()->get();
     $topics = $forum->topics()->normal()->recent(compact('sort', 'withReplies'))->paginate(15);
     $topicReadStatus = TopicTrack::readStatus(Auth::user(), $pinnedTopics, $topics);
     return view('forum.forums.show', compact('forum', 'topics', 'pinnedTopics', 'topicReadStatus', 'cover'));
 }
 public function vote($id)
 {
     $discussion = BeatmapDiscussion::findOrFail($id);
     priv_check('BeatmapDiscussionVote', $discussion)->ensureCan();
     $params = get_params(Request::all(), 'beatmap_discussion_vote', ['score:int']);
     $params['user_id'] = Auth::user()->user_id;
     if ($discussion->vote($params)) {
         return $discussion->beatmapsetDiscussion->defaultJson(Auth::user());
     } else {
         return error_popup(trans('beatmaps.discussion-votes.update.error'));
     }
 }
Exemple #7
0
 public function show($id)
 {
     $user = User::lookup($id, null, true);
     if ($user === null || !priv_check('UserShow', $user)->can()) {
         abort(404);
     }
     if ((string) $user->user_id !== $id) {
         return ujs_redirect(route('users.show', $user));
     }
     $achievements = json_collection(Achievement::achievable()->orderBy('grouping')->orderBy('ordering')->orderBy('progression')->get(), new AchievementTransformer());
     $userArray = json_item($user, new UserTransformer(), ['userAchievements', 'allRankHistories', 'allScores', 'allScoresBest', 'allScoresFirst', 'allStatistics', 'beatmapPlaycounts', 'page', 'recentActivities', 'recentlyReceivedKudosu', 'rankedAndApprovedBeatmapsets.beatmaps', 'favouriteBeatmapsets.beatmaps']);
     return view('users.show', compact('user', 'userArray', 'achievements'));
 }
 public function update($id)
 {
     $cover = TopicCover::findOrFail($id);
     priv_check('ForumTopicCoverEdit', $cover)->ensureCan();
     if (Request::hasFile('cover_file') === true) {
         try {
             $cover = $cover->updateFile(Request::file('cover_file')->getRealPath(), Auth::user());
         } catch (ImageProcessorException $e) {
             return error_popup($e->getMessage());
         }
     }
     return json_item($cover, new TopicCoverTransformer());
 }
 public function postMessage()
 {
     switch (Request::input('target_type')) {
         case 'channel':
             $target = Channel::findOrFail(Request::input('channel_id'));
             break;
         case 'user':
             $target = User::findOrFail(Request::input('user_id'));
             break;
         default:
             abort(422);
     }
     priv_check('ChatMessageSend', $target)->ensureCan();
     $target->sendMessage(Auth::user(), Request::input('message'));
     return json_encode('ok');
 }
 public function includeUsers(BeatmapsetDiscussion $discussion)
 {
     $userIds = [$discussion->beatmapset->user_id];
     foreach ($discussion->beatmapDiscussions as $beatmapDiscussion) {
         if (!priv_check('BeatmapDiscussionShow', $beatmapDiscussion)->can()) {
             continue;
         }
         $userIds[] = $beatmapDiscussion->user_id;
         foreach ($beatmapDiscussion->beatmapDiscussionPosts as $post) {
             if (!priv_check('BeatmapDiscussionPostShow', $post)->can()) {
                 continue;
             }
             $userIds[] = $post->user_id;
             $userIds[] = $post->last_editor_id;
             $userIds[] = $post->deleted_by;
         }
     }
     $userIds = array_unique($userIds);
     $users = User::whereIn('user_id', $userIds)->get();
     return $this->collection($users, new UserCompactTransformer());
 }
 public function includeCurrentUserAttributes(BeatmapDiscussion $discussion)
 {
     if (!priv_check('BeatmapDiscussionShow', $discussion)->can()) {
         return;
     }
     $currentUser = Auth::user();
     if ($currentUser === null) {
         return;
     }
     $score = 0;
     // This assumes beatmapDiscussionVotes are already preloaded and
     // thus will save one query.
     foreach ($discussion->beatmapDiscussionVotes as $vote) {
         if ($vote->user_id === $currentUser->user_id) {
             $score = $vote->score;
             break;
         }
     }
     return $this->item($discussion, function ($discussion) use($score) {
         return ['vote_score' => $score];
     });
 }
     if ($HTTP_GET_VARS["error"] == 1) {
         $ausgaben["form_error"] = "#(error1)";
     }
 } else {
     $ausgaben["form_error"] = "";
 }
 // navigation erstellen
 $ausgaben["renumber"] = "<a href=\"" . $cfg["menued"]["basis"] . "/sort,all,nop,0.html\">#(renumber)</a>";
 $check_parameter = $environment["parameter"][1];
 if (!$environment["parameter"][1]) {
     $check_parameter = 0;
 }
 if (priv_check(make_ebene($check_parameter), $cfg["menued"]["modify"]["add"][2], $specialvars["dyndb"])) {
     $ausgaben["new"] .= "<a href=\"" . $cfg["menued"]["basis"] . "/add," . $environment["parameter"][1] . "," . $array["refid"] . ".html\">g(new)</a>";
     $ausgaben["root"] = "";
     if ($specialvars["security"]["new"] == -1 && priv_check("/", $cfg["menued"]["modify"]["rights"][2], $specialvars["dyndb"]) && ($environment["parameter"][1] == "" || $environment["parameter"][1] == "0")) {
         $ausgaben["root"] = "<ul class=\"menued\"><li><a style=\"float:right\" href=\"" . $pathvars["virtual"] . "/" . $cfg["menued"]["subdir"] . "/righted/edit,0.html\"><img style=\"float:right\" src=\"/images/default/rights.png\" alt=\"righted\" title=\"RIGHTED\" width=\"24\" height=\"18\"></img></a><span>/</span></li></ul>";
     }
 } else {
     $ausgaben["new"] = "";
     $ausgaben["root"] = "";
 }
 // was anzeigen
 $mapping["main"] = eCRC($environment["ebene"]) . ".list";
 $mapping["navi"] = "leer";
 // unzugaengliche #(marken) sichtbar machen
 if (isset($HTTP_GET_VARS["edit"])) {
     $ausgaben["inaccessible"] = "inaccessible values:<br />";
     $ausgaben["inaccessible"] .= "# (error1) #(error1)<br />";
     $ausgaben["inaccessible"] .= "# (disabled) #(disabled)<br />";
     $ausgaben["inaccessible"] .= "# (enabled) #(enabled)<br />";
 public function promote()
 {
     priv_check('LivestreamPromote')->ensureCan();
     LivestreamCollection::promote(Request::input('id'));
     return js_view('layout.ujs-reload');
 }
 public function watch($id)
 {
     $topic = Topic::findOrFail($id);
     $state = get_bool(Request::input('watch'));
     $privName = 'ForumTopicWatch' . ($state ? 'Add' : 'Remove');
     $type = 'watch';
     priv_check($privName, $topic)->ensureCan();
     TopicWatch::toggle($topic, Auth::user(), $state);
     switch (Request::input('page')) {
         case 'manage':
             $topics = Topic::watchedByUser(Auth::user())->get();
             $topicReadStatus = TopicTrack::readStatus(Auth::user(), $topics);
             // there's currently only destroy action from watch index
             return js_view('forum.topic_watches.destroy', compact('topic', 'topics', 'topicReadStatus'));
         default:
             return js_view('forum.topics.replace_button', compact('topic', 'type', 'state'));
     }
 }
    59 Temple Place, Suite 330
    Boston, MA 02111-1307
    USA

    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 Königsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($cfg["leveled"]["right"] == "" || priv_check('', $cfg["leveled"]["right"])) {
    // funktions bereich fuer erweiterungen
    // ***
    // ausgaben variablen bauen
    $sql = "SELECT * FROM " . $cfg["leveled"]["db"]["level"]["entries"] . " WHERE lid='" . $environment["parameter"][1] . "'";
    $result = $db->query($sql);
    $field = $db->fetch_array($result, $nop);
    foreach ($field as $name => $value) {
        $ausgaben[$name] = $value;
    }
    //z.B. evtl. auf verknuepften datensatz pruefen
    $sql = "SELECT " . $cfg["leveled"]["db"]["user"]["order"] . "\n                 FROM " . $cfg["leveled"]["db"]["right"]["entries"] . "\n                 INNER JOIN " . $cfg["leveled"]["db"]["user"]["entries"] . "\n                 ON ( auth_right.uid=auth_user.uid )\n                WHERE " . $cfg["leveled"]["db"]["right"]["level"] . "='" . $environment["parameter"][1] . "'";
    $result = $db->query($sql);
    while ($members = $db->fetch_array($result, 1)) {
        $ausgaben["members"] == "" ? $trenner = "" : ($trenner = ", ");
        $ausgaben["members"] .= $trenner . $members["username"];
// spezial-check fuer artikel
$tname2path = tname2path($environment["parameter"][2]);
$erlaubnis = "";
if (is_array($cfg["bloged"]["blogs"][substr($tname2path, 0, strrpos($tname2path, "/"))]) && $cfg["bloged"]["blogs"][substr($tname2path, 0, strrpos($tname2path, "/"))]["category"] != "") {
    $kate = $cfg["bloged"]["blogs"][substr($tname2path, 0, strrpos($tname2path, "/"))]["category"];
    $laenge = strlen($kate) + 2;
    $art_version = "1";
    if ($environment["parameter"][6] != "") {
        $art_version = $environment["parameter"][6];
    }
    $sql = "SELECT SUBSTR(content,POSITION('[" . $kate . "]' IN content)+" . $laenge . ",POSITION('[/" . $kate . "]' IN content)-" . $laenge . "-POSITION('[" . $kate . "]' IN content) )as check_url from site_text where version=" . $art_version . " AND tname = '" . $environment["parameter"][2] . "'";
    $result = $db->query($sql);
    $data = $db->fetch_array($result, 1);
    $erlaubnis = priv_check($data["check_url"], $cfg["contented"]["right"]);
}
if (($cfg["contented"]["right"] == "" || priv_check($tname2path, $cfg["contented"]["right"], $specialvars["dyndb"]) || $erlaubnis == 1) && $tname2path != "") {
    // page basics
    // ***
    $environment["parameter"][6] != "" ? $version = " AND version=" . $environment["parameter"][6] : ($version = "");
    if (count($_POST) == 0) {
        #$sql = "SELECT *
        #          FROM ".$cfg["contented"]["db"]["leer"]["entries"]."
        #         WHERE ".$cfg["contented"]["db"]["leer"]["key"]."='".$environment["parameter"][1]."'";
        if ($specialvars["content_release"] == -1 && $version == "") {
            $content_release = "AND status>0";
        } else {
            $content_release = "";
        }
        $sql = "SELECT *\n                      FROM " . SITETEXT . "\n                     WHERE lang = '" . $environment["language"] . "'\n                       AND label ='" . $environment["parameter"][3] . "'\n                       AND tname ='" . $environment["parameter"][2] . "'\n                       " . $content_release . $version . "\n                     ORDER BY version DESC\n                     LIMIT 0,1";
        if ($debugging["sql_enable"]) {
            $debugging["ausgabe"] .= "sql: " . $sql . $debugging["char"];
    59 Temple Place, Suite 330
    Boston, MA 02111-1307
    USA

    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 Königsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($cfg["grouped"]["right"] == "" || priv_check('', $cfg["grouped"]["right"])) {
    $hidedata["edit"]["enable"] = "on";
    if ($_POST["ajaxsuche"] == "on") {
        echo "<li><b>Treffer</b></li>";
        $sql = "SELECT * FROM auth_user WHERE username like '%" . $_POST["text"] . "%' OR vorname like '%" . $_POST["text"] . "%' OR nachname like '%" . $_POST["text"] . "%' ORDER BY " . $cfg["grouped"]["db"]["user"]["order"];
        $result = $db->query($sql);
        while ($data = $db->fetch_array($result, 1)) {
            if (is_array($_SESSION["chosen_user"])) {
                if (in_array($data["uid"], $_SESSION["chosen_user"])) {
                    continue;
                }
            }
            echo "<li id=\"doc_" . $data["uid"] . "\" class=\"sel_item\">" . $data["vorname"] . " " . $data["nachname"] . " (" . $data["username"] . ")</li>";
        }
        exit;
    }
 // * * *
 $bereich = "content";
 $buffer = find_marked_content("/", $cfg, "inhalt", array(-2, -1), array(), FALSE, array("/blog"));
 $dataloop[$bereich . "_edit"] = $buffer[-1];
 $dataloop[$bereich . "_release_queue"] = $buffer[-2];
 $dataloop[$bereich . "_release_wait"] = $buffer[-2];
 $toggle_fields = array("edit" => array("all", "edit;publish"), "release_queue" => array("all", "publish"), "release_wait" => array("own", "edit"), "release_recent" => array("own", "edit;publish"));
 foreach ($toggle_fields as $tog_key => $tog_value) {
     if (is_array($dataloop[$bereich . "_" . $tog_key])) {
         foreach ($dataloop[$bereich . "_" . $tog_key] as $key => $value) {
             get_chefred($value["path"]);
             if ($tog_value[0] == "own" && $value["author"] != $_SESSION["forename"] . " " . $_SESSION["surname"]) {
                 unset($dataloop[$bereich . "_" . $tog_key][$key]);
                 continue;
             }
             if (priv_check($value["path"], $tog_value[1])) {
                 // tabellen farben wechseln
                 if ($color[$bereich . "_" . $tog_key] == $cfg["wizard"]["color"]["a"]) {
                     $color[$bereich . "_" . $tog_key] = $cfg["wizard"]["color"]["b"];
                 } else {
                     $color[$bereich . "_" . $tog_key] = $cfg["wizard"]["color"]["a"];
                 }
                 $dataloop[$bereich . "_" . $tog_key][$key]["color"] = $color[$bereich . "_" . $tog_key];
                 $dataloop[$bereich . "_" . $tog_key][$key]["red"] = implode(", ", $member_edit);
                 $dataloop[$bereich . "_" . $tog_key][$key]["chefred"] = implode(", ", $member_publish);
             } else {
                 unset($dataloop[$bereich . "_" . $tog_key][$key]);
             }
         }
         if (count($dataloop[$bereich . "_" . $tog_key]) > 0) {
             $hidedata[$bereich . "_" . $tog_key][0] = array();
    59 Temple Place, Suite 330
    Boston, MA 02111-1307
    USA

    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 Koenigsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if (priv_check($environment["ebene"] . "/" . $environment["kategorie"], $cfg["keyworded"]["right"]["keywords"])) {
    // page basics
    // ***
    // fehlermeldungen
    $ausgaben["form_error"] = "";
    // form options holen
    $form_options = form_options(eCRC($environment["ebene"]) . "." . $environment["kategorie"]);
    // +++
    // page basics
    // funktions bereich fuer erweiterungen
    // ***
    // schlagwoerter-dropdown
    $sql = "SELECT DISTINCT " . $cfg["keyworded"]["db"]["keyword"]["keyword"] . "\n                           FROM " . $cfg["keyworded"]["db"]["keyword"]["entries"] . "\n                       ORDER BY " . $cfg["keyworded"]["db"]["keyword"]["order"];
    $result = $db->query($sql);
    while ($data = $db->fetch_array($result, 1)) {
        $sel = "";
        }
    }
    // ed links
    $hidedata["authTools"]["links"] = "on";
    foreach ($cfg["auth"]["menu"] as $funktion => $werte) {
        if ($cfg["auth"]["boxed"] == True) {
            $label = strtoupper($funktion[0]);
            $end = " ";
            $hidedata["authBox"]["nop"] = "";
        } else {
            $label = "#(" . $funktion . ")";
            $end = "<br />";
        }
        if ($werte[2] == -1) {
            $tmp_base = $specialvars["dyndb"];
        } else {
            $tmp_base = "";
        }
        if (priv_check("/admin/" . $funktion . "/" . $werte[0], $werte[1]) || priv_check("/admin/" . $funktion . "/" . $werte[0], $werte[1], $tmp_base)) {
            $dataloop["authTools"][$funktion]["url"] = $pathvars["virtual"] . "/admin/" . $funktion . "/" . $werte[0] . ".html";
            $dataloop["authTools"][$funktion]["label"] = $label;
            $dataloop["authTools"][$funktion]["title"] = "#(" . $funktion . ")";
            $dataloop["authTools"][$funktion]["end"] = $end;
        }
    }
}
$specialvars["editlock"] = 0;
if ($debugging["html_enable"]) {
    $debugging["ausgabe"] .= "[ ++ {$script_name} ++ ]" . $debugging["char"];
}
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    59 Temple Place, Suite 330
    Boston, MA 02111-1307
    USA

    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 Koenigsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($cfg["fileed"]["right"] == "" || priv_check('', $cfg["fileed"]["right"]) || $cfg["auth"]["menu"]["fileed"][2] == -1 && priv_check('', $cfg["fileed"]["right"], $specialvars["dyndb"])) {
    // funktions bereich fuer erweiterungen
    // ***
    if (strstr($_SERVER["HTTP_REFERER"], $pathvars["virtual"] . "/wizard")) {
        $_SESSION["wizard_last_edit"] = $_SERVER["HTTP_REFERER"];
    }
    // markierte Dateien werden nacheinander abgearbeitet
    if ($environment["parameter"][1] == "") {
        if (count($_SESSION["file_memo"]) > 0) {
            $environment["parameter"][1] = current($_SESSION["file_memo"]);
            $environment["allparameter"] = implode(",", $environment["parameter"]);
        } else {
            $header = $_SESSION["adv_referer"][$environment["ebene"] . "/" . $environment["kategorie"]];
            if (trim($header) == "") {
                $header = $cfg["fileed"]["basis"] . "/list.html";
            }
    59 Temple Place, Suite 330
    Boston, MA 02111-1307
    USA

    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 K�nigsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if (priv_check($cfg["bannered"]["basis"], $cfg["bannered"]["right"])) {
    // page basics
    // ***
    //        if ( count($_POST) == 0 ) {
    //            $sql = "SELECT *
    //                      FROM ".$cfg["bannered"]["db"]["banner"]["entries"]."
    //                     WHERE ".$cfg["bannered"]["db"]["banner"]["key"]."='".$environment["parameter"][1]."'";
    //            if ( $debugging["sql_enable"] ) $debugging["ausgabe"] .= "sql: ".$sql.$debugging["char"];
    //            $result = $db -> query($sql);
    //            $form_values = $db -> fetch_array($result,1);
    //        } else {
    $form_values = $_POST;
    //        }
    // form options holen
    $form_options = form_options(eCRC($environment["ebene"]) . "." . $environment["kategorie"]);
    $form_options = form_options("bannered-edit");
    59 Temple Place, Suite 330
    Boston, MA 02111-1307
    USA

    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 Königsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($cfg["menued"]["modify"]["add"][2] == "" || priv_check(make_ebene($environment["parameter"][1]), $cfg["menued"]["modify"]["add"][2]) || $cfg["auth"]["menu"]["menued"][2] == -1 && priv_check('', $cfg["menued"]["modify"]["add"][2], $specialvars["dyndb"])) {
    // page basics
    // ***
    #if ( count($_POST) == 0 ) {
    #    $sql = "SELECT * FROM ".$cfg["menued"]["db"]["menu"]["entries"]." WHERE ".$cfg["menued"]["db"]["menu"]["key"]."='".$environment["parameter"][2]."'";            $result = $db -> query($sql);
    #    $form_values = $db -> fetch_array($result,1);
    #} else {
    $form_values = $_POST;
    #}
    // form options holen
    $form_options = form_options(eCRC($environment["ebene"]) . "." . $environment["kategorie"]);
    // form elememte bauen
    $element = form_elements($cfg["menued"]["db"]["menu"]["entries"], $form_values);
    // form elemente erweitern
    $element = array_merge($element, form_elements($cfg["menued"]["db"]["lang"]["entries"], $form_values));
    if ($_POST["refid"] == "") {
Exemple #24
0
 public function show($id)
 {
     $post = Post::findOrFail($id);
     priv_check('ForumView', $post->forum)->ensureCan();
     return ujs_redirect(post_url($post->topic_id, $post->post_id));
 }
function show_blog($url, $tags, $right = "", $limit = "", $kategorie = "", $future = "")
{
    global $db, $pathvars, $ausgaben, $mapping, $hidedata, $environment, $cfg, $specialvars;
    // parameter-erklaerung
    // 1: vorgesehen fuer inhalt_selector
    // 2: aufruf eines einzigen contents
    // 3: anzeige als faq
    // unzugaengliche #(marken) sichtbar machen
    if (isset($HTTP_GET_VARS["edit"])) {
        $ausgaben["inaccessible"] = "inaccessible values:<br />";
        $ausgaben["inaccessible"] .= "# (error1) #(error1)<br />";
    } else {
        $ausgaben["inaccessible"] = "";
    }
    // label bearbeitung aktivieren
    if (isset($_GET["edit"])) {
        $specialvars["editlock"] = 0;
    } else {
        $specialvars["editlock"] = -1;
    }
    // aus der url eine id machen
    $id = make_id($url);
    $new = $id["mid"];
    $where = "";
    // manipulation verhindern
    if ($environment["parameter"][2] != "" && !preg_match("/^[0-9]*\$/", $environment["parameter"][2])) {
        header('Location: /index.html');
        exit;
    }
    $sort_len = strlen($cfg["bloged"]["blogs"][$url]["sort"][0]) + 2;
    // hier erfolgt der rechte-check
    $check_url = $url;
    if ($kategorie != "") {
        $check_url = $kategorie;
    }
    $status = "status=1";
    $order = "";
    $wizard_right = "";
    // falls der der content bei dem der blog eingebunden ist, zur Freigabe angefordert ist, darf hier nichts mehr passieren
    if ($kategorie == tname2path($environment["parameter"][2]) && !priv_check($check_url, "publish")) {
        $sql = "SELECT status from site_text WHERE tname='" . $environment["parameter"][2] . "' AND label='" . $environment["parameter"][3] . "' ORDER by version DESC";
        $result = $db->query($sql);
        $data = $db->fetch_array($result, 1);
        if ($data["status"] == -2) {
            $wizard_right = "NO";
        }
    }
    if ($right == "" || priv_check($check_url, $right) && $wizard_right == "") {
        $hidedata["new"]["link"] = $url;
        $hidedata["new"]["kategorie"] = $kategorie;
        if ($environment["ebene"] == "/wizard") {
            $status = "(status=1 OR status = -1)";
            $order = " DESC ,changed";
        }
    }
    // erster test einer suchanfrage per kalender
    //
    if ($environment["parameter"][4] && $environment["kategorie"] != "delete") {
        $parameter = ",,," . $environment["parameter"][4] . "," . $environment["parameter"][5] . "," . $environment["parameter"][6];
        if ($cfg["bloged"]["blogs"][$url]["sort"][1] != -1) {
            $heute = getdate(mktime(0, 0, 0, $environment["parameter"][5] + 1, 0, $environment["parameter"][4]));
            if ($environment["parameter"][5] == "") {
                $month2 = "1";
                $month1 = "12";
            } else {
                $month1 = $environment["parameter"][5];
                $month2 = $environment["parameter"][5];
            }
            if (!$environment["parameter"][6]) {
                $day1 = $heute["mday"];
                $day2 = "1";
            } else {
                $day1 = $environment["parameter"][6];
                $day2 = $environment["parameter"][6];
            }
            // parameter - check
            $preg_error = "";
            if (!preg_match("/^[0-9]{4}\$/", $environment["parameter"][4])) {
                $preg_error = -1;
            }
            if ($environment["parameter"][5] != "" && !preg_match("/^[0-9]{1,2}\$/", $environment["parameter"][5])) {
                $preg_error = -1;
            }
            if ($environment["parameter"][6] != "" && !preg_match("/^[0-9]{1,2}\$/", $environment["parameter"][6])) {
                $preg_error = -1;
            }
            if ($preg_error == -1) {
                header('Location: /index.html');
                exit;
            }
            $environment["parameter"][4] = min($environment["parameter"][4], '2035');
            $environment["parameter"][4] = max($environment["parameter"][4], '1970');
            if ($cfg["bloged"]["blogs"][$url]["ext_sort"] == "") {
                $where .= " AND Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)+" . $sort_len . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-" . $sort_len . ") as DATETIME) < '" . $environment["parameter"][4] . "-" . $month1 . "-" . $day1 . " 23:59:59' AND Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)+" . $sort_len . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-" . $sort_len . ") as DATETIME) > '" . $environment["parameter"][4] . "-" . $month2 . "-" . $day2 . " 00:00:00'";
            } else {
                $where .= " AND (( Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)+" . $sort_len . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-" . $sort_len . ") as DATETIME) < '" . $environment["parameter"][4] . "-" . $month1 . "-" . $day1 . " 23:59:59' AND Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)+" . $sort_len . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-" . $sort_len . ") as DATETIME) >= '" . $environment["parameter"][4] . "-" . $month2 . "-" . $day2 . " 00:00:00')";
                $sort_len2 = strlen($cfg["bloged"]["blogs"][$url]["ext_sort"]) + 2;
                $where .= " OR ( Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)+" . $sort_len . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-" . $sort_len . ") as DATETIME) <= '" . $environment["parameter"][4] . "-" . $month1 . "-" . $day2 . " 00:00:00' AND  Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["ext_sort"] . "]' IN content)+" . $sort_len2 . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["ext_sort"] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["ext_sort"] . "]' IN content)-" . $sort_len2 . ") as DATETIME) >= '" . $environment["parameter"][4] . "-" . $month2 . "-" . $day2 . " 00:00:00'))";
            }
        }
    }
    //
    // erster test einer suchanfrage per kalender
    // falls kategorie , werden nur diese angezeigt
    if ($kategorie != "") {
        $cat_len = strlen($cfg["bloged"]["blogs"][$url]["category"]) + 2;
        $where .= "  AND SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["category"] . "]' IN content),POSITION('[/" . $cfg["bloged"]["blogs"][$url]["category"] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["category"] . "]' IN content)) ='[" . $cfg["bloged"]["blogs"][$url]["category"] . "]" . $kategorie . "'";
    }
    if ($future == -1) {
        $where .= " AND Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)+" . $sort_len . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-" . $sort_len . ") as DATETIME) < '" . date('Y-m-d') . " 23:59:59'";
    }
    $tname = eCRC($url) . ".%";
    // falls parameter 2 gesetzt, wird nur dieser content geholt
    if ($environment["parameter"][2] != "" && $environment["ebene"] != "/wizard") {
        $tname = eCRC($url) . "." . $environment["parameter"][2];
    }
    // falls sort auf -1 wird anstatt ein datum ein integer als sortiermerkmal gesetzt um ein manuelles sortieren zu ermoeglichen
    if ($cfg["bloged"]["blogs"][$url]["sort"][1] == "-1") {
        $art = "SIGNED";
    } else {
        $art = "DATETIME";
    }
    // hier der endgueltige sql !!
    $sql = "SELECT Cast(SUBSTRING(content,POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)+" . $sort_len . ",POSITION('[/" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-POSITION('[" . $cfg["bloged"]["blogs"][$url]["sort"][0] . "]' IN content)-" . $sort_len . ") AS " . $art . ") AS date,status,content,tname from site_text WHERE " . $status . " AND tname like '" . $tname . "'" . $where . " order by date" . $order . " DESC";
    // damit kann man beliebig viele blogs manuell holen
    $ausgaben["inhalt_selector"] = "";
    if (strpos($limit, ",")) {
        $sql = $sql . " LIMIT " . $limit;
    } else {
        if ($limit != "") {
            $hidedata["inhalt_selector"]["on"] = "on";
            $p = $environment["parameter"][1] + 0;
            // seiten umschalter
            $inhalt_selector = inhalt_selector($sql, $p, $limit, $parameter, 1, 10, $getvalues);
            $ausgaben["inhalt_selector"] = $inhalt_selector[0] . "<br />";
            $sql = $inhalt_selector[1];
            $ausgaben["anzahl"] = $inhalt_selector[2];
            $ausgaben["sel_hit"] = $inhalt_selector[3];
        }
    }
    $counter = 0;
    $result = $db->query($sql);
    $preg1 = "\\.([0-9]*)\$";
    // evtl wizard einbinden
    if ($cfg["bloged"]["blogs"][$url]["wizard"] != "") {
        $editlink = "/wizard/show,";
    } else {
        $editlink = "/admin/contented/edit,";
    }
    while ($data = $db->fetch_array($result, 1)) {
        $tag_parameter = "";
        $counter++;
        // im wizard wird der content aus der SESSION-Variablen genommen
        if ($_SESSION["wizard_content"][DATABASE . "," . $data["tname"] . ",inhalt"] && $environment["ebene"] == "/wizard") {
            $test = preg_replace("|\r\n|", "\\r\\n", $_SESSION["wizard_content"][DATABASE . "," . $data["tname"] . ",inhalt"]);
        } else {
            $test = preg_replace("|\r\n|", "\\r\\n", $data["content"]);
        }
        foreach ($tags as $key => $value) {
            // finden der parameter sowie begin und endtag
            $invisible = "";
            if (is_array($value)) {
                $tag_parameter = $value["parameter"];
                $invisible = $value["invisible"];
                $show = $value["show"];
                $value = $value["tag"];
            }
            if (strpos($value, "=")) {
                $endtag = substr($value, 0, strpos($value, "="));
                if ($value == "IMG=") {
                    $value .= ".*";
                } else {
                    $value = $value . $tag_parameter;
                }
            } else {
                $endtag = $value;
            }
            // preg nach den tags in der config
            $preg = "(\\[" . addcslashes($value, "/") . "\\])(.*)\\[\\/" . $endtag . "\\]";
            if (preg_match("/{$preg}/Us", $test, $regs)) {
                $rep_tag = str_replace('\\r\\n', "<br />", $regs[0]);
                $org_tag = str_replace('\\r\\n', "<br />", $regs[2]);
            } else {
                $rep_tag = "";
                $org_tag = "";
            }
            // gefundene werte in array schreiben
            if ($invisible != -1) {
                $array[$counter][$key . "_wizard_edit_link"] = $pathvars["virtual"] . "/wizard/editor," . DATABASE . "," . $data["tname"] . ",inhalt," . $value . ":0,,,.html";
                $array[$counter][$key . "_org"] = str_replace("\"", "'", $org_tag);
                $array[$counter][$key . "_org_tag"] = $value;
                $array[$counter][$key] = tagreplace($rep_tag);
                if ($org_tag == "") {
                    $array[$counter][$key] = "";
                }
                if (preg_match("/^\\[IMG/", $rep_tag, $regs_img)) {
                    $image_para = explode("/", $rep_tag);
                    $array[$counter][$key . "_img_art"] = $image_para[2];
                    $array[$counter][$key . "_img_id"] = $image_para[3];
                    $array[$counter][$key . "_img_size"] = $image_para[4];
                    $sql_img = "SELECT * FROM site_file WHERE fid='" . $image_para[3] . "'";
                    $result_img = $db->query($sql_img);
                    $data_img = $db->fetch_array($result_img, 1);
                    $array[$counter][$key . "_img_desc"] = $data_img["fdesc"];
                    $array[$counter][$key . "_img_under"] = $data_img["funder"];
                    $array[$counter][$key . "_img_fname"] = $data_img["ffname"];
                    if ($show != "") {
                        $rep_tag = str_replace("/" . $image_para[4] . "/", "/" . $show . "/", $rep_tag);
                    }
                }
            } else {
                if (preg_match("/^\\[IMG/", $rep_tag, $reg_img)) {
                    $image_para = explode("/", $rep_tag);
                    $invisible_array[$counter][$key . "_img_art"] = $image_para[2];
                    $invisible_array[$counter][$key . "_img_id"] = $image_para[3];
                    $invisible_array[$counter][$key . "_img_size"] = $image_para[4];
                    if ($show != "") {
                        $rep_tag = str_replace("/" . $image_para[4] . "/", "/" . $show . "/", $rep_tag);
                    }
                }
                $invisible_array[$counter][$key . "_org"] = str_replace("\"", "'", $org_tag);
                $invisible_array[$counter][$key] = tagreplace($rep_tag);
                $array[$counter][$key . "_org"] = "";
                $array[$counter][$key] = "";
            }
        }
        preg_match("/{$preg1}/", $data["tname"], $regs);
        if ($environment["parameter"][2] != "" && $environment["ebene"] != "/wizard") {
            $array[$counter]["all"] = tagreplace($data["content"]);
            $array[$counter]["id"] = $regs[1];
        } else {
            $array[$counter]["datum"] = substr($data["date"], 8, 2) . "." . substr($data["date"], 5, 2) . "." . substr($data["date"], 0, 4);
            $array[$counter]["detaillink"] = $pathvars["virtual"] . $url . "/" . $regs[1] . ".html";
            if ($environment["ebene"] == "") {
                $faq_url = "/" . $environment["kategorie"];
            } else {
                $faq_url = $environment["ebene"] . "/" . $environment["kategorie"];
            }
            $array[$counter]["faqlink"] = $pathvars["virtual"] . $faq_url . ",,," . $regs[1] . ".html#faq_" . $regs[1];
            $array[$counter]["faqanker"] = "faq_" . $regs[1];
            $array[$counter]["allink"] = $pathvars["virtual"] . $faq_url . ",," . $regs[1] . ".html";
            $array[$counter]["id"] = $regs[1];
            $array[$counter]["status"] = $data["status"];
            // Sortierung ausgeben
            // ausgabe der aktions-buttons
            if ($right == "" || priv_check($check_url, $right) && $wizard_right == "") {
                if ($cfg["bloged"]["blogs"][$url]["sort"][1] == "-1") {
                    $sort_kat = "";
                    if ($kategorie != "") {
                        $id = make_id($kategorie);
                        $sort_kat = $id["mid"];
                    }
                    $array[$counter]["sort_up"] = $pathvars["virtual"] . "/admin/bloged/sort,up," . $regs[1] . "," . $sort_kat . "," . $new . ".html";
                    $array[$counter]["sort_down"] = $pathvars["virtual"] . "/admin/bloged/sort,down," . $regs[1] . "," . $sort_kat . "," . $new . ".html";
                } else {
                    $array[$counter]["sort_up"] = "";
                    $array[$counter]["sort_down"] = "";
                }
                $array[$counter]["wizard_delete_link"] = $pathvars["virtual"] . "/wizard/delete," . DATABASE . "," . $data["tname"] . ",inhalt.html\"";
                $array[$counter]["deletelink"] = "<a href=\"" . $pathvars["virtual"] . "/admin/bloged/delete,," . $regs[1] . "," . $sort_kat . "," . $new . ".html\">g(blog_delete)</a>";
                $array[$counter]["editlink"] = "<a href=\"" . $pathvars["virtual"] . $editlink . DATABASE . "," . $data["tname"] . ",inhalt.html\">g(blog_edit)</a>";
                $array[$counter]["tname"] = eCrc($url);
            } else {
                $array[$counter]["editlink"] = "";
                $array[$counter]["deletelink"] = "";
                $array[$counter]["sort"] = "";
            }
        }
        if ($environment["parameter"][3] == $regs[1]) {
            if (is_array($invisible_array)) {
                foreach ($invisible_array[$counter] as $key => $value) {
                    $array[$counter][$key] = $value;
                }
            }
        }
    }
    // was anzeigen
    if ($environment["ebene"] == "") {
        $templ = $environment["kategorie"];
    } else {
        $templ = eCRC($environment["ebene"]) . "." . $environment["kategorie"];
    }
    if (file_exists($pathvars["templates"] . $templ . ".tem.html")) {
        $mapping["main"] = $templ;
    } elseif ($cfg["bloged"]["blogs"][$url]["own_list_template"] != "") {
        $mapping["main"] = "-2051315182." . $cfg["bloged"]["blogs"][$url]["own_list_template"];
    } elseif ($cfg["bloged"]["blogs"][$url]["sort"][1] != "") {
        $mapping["main"] = "-2051315182.faq";
    } else {
        $mapping["main"] = "-2051315182.list";
    }
    return $array;
}
    86343 K�nigsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
$kategorie2check = substr(make_ebene($environment["parameter"][2]), 0, strpos(make_ebene($environment["parameter"][2]), "/"));
$ebene2check = substr(make_ebene($environment["parameter"][2]), strpos(make_ebene($environment["parameter"][2]), "/"));
if ($environment["parameter"][1] != "all") {
    // um bei den menupunkten die Reihenfolge veraendern zu koennen muss man das recht fuer den uebergeordneten Punkt besitzen
    $sql = "SELECT refid FROM " . $cfg["menued"]["db"]["menu"]["entries"] . " WHERE mid='" . $environment["parameter"][2] . "'";
    $result = $db->query($sql);
    $refid = $db->fetch_array($result, 1);
    $kategorie2check_2 = substr(make_ebene($refid["refid"]), 0, strpos(make_ebene($refid["refid"]), "/"));
    $ebene2check_2 = substr(make_ebene($refid["refid"]), strpos(make_ebene($refid["refid"]), "/"));
    if ($cfg["menued"]["modify"]["sort"][2] == "" || priv_check('', $cfg["menued"]["modify"]["sort"][2]) || $cfg["auth"]["menu"]["menued"][2] == -1 && priv_check('', $cfg["menued"]["modify"]["sort"][2], $specialvars["dyndb"])) {
        if ($environment["parameter"][1] == "up") {
            $sql = "UPDATE " . $cfg["menued"]["db"]["menu"]["entries"] . "\n                           SET sort=sort-11\n                         WHERE mid='" . $environment["parameter"][2] . "'";
            if ($debugging["sql_enable"]) {
                $debugging["ausgabe"] .= "sql: " . $sql . $debugging["char"];
            }
            $db->query($sql);
        } elseif ($environment["parameter"][1] == "down") {
            $sql = "UPDATE " . $cfg["menued"]["db"]["menu"]["entries"] . "\n                           SET sort=sort+11\n                         WHERE mid='" . $environment["parameter"][2] . "'";
            if ($debugging["sql_enable"]) {
                $debugging["ausgabe"] .= "sql: " . $sql . $debugging["char"];
            }
            $db->query($sql);
        }
    }
}
    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 Königsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($debugging["html_enable"]) {
    $debugging["ausgabe"] .= "[ ** " . $script["name"] . " ** ]" . $debugging["char"];
}
if ($cfg["autoform"]["right"] == "" || priv_check($environment["ebene"] . "/" . $environment["kategorie"], $cfg["autoform"]["right"])) {
    ////////////////////////////////////////////////////////////////////
    // achtung: bei globalen funktionen, variablen nicht zuruecksetzen!
    // z.B. $ausgaben["form_error"],$ausgaben["inaccessible"]
    ////////////////////////////////////////////////////////////////////
    // page basics
    // ***
    if ($_GET["eintragen"]) {
        $preg = "^(-)?([0-9])*\$";
        if (preg_match("/{$preg}/", $_GET["eintragen"], $regs)) {
            $sql = "SELECT * FROM " . $cfg["autoform"]["location"][$environment["ebene"]]["db"] . " WHERE crc='" . $regs[0] . "' AND confirm !='-1'";
            $result = $db->query($sql);
            if ($db->num_rows($result) > 0) {
                $sql = "UPDATE " . $cfg["autoform"]["location"][$environment["ebene"]]["db"] . " SET confirm='-1' WHERE crc='" . $regs[0] . "' AND confirm !='-1'";
                $result = $db->query($sql);
                $hidedata["confirm_yes"]["enable"] = -1;
     $debugging["ausgabe"] .= "level3res: " . $level3result . $debugging["char"];
 }
 #if ( $db -> num_rows($level1result) == 0 ){
 #    if ( $debugging["html_enable"] ) $debugging["ausgabe"] .= "Language: \"".$environment["language"]."\" for submenu not found using default: \"".$specialvars["default_language"]."\"".$debugging["char"];
 #    $sql = "SELECT ".$cfg["menu"]["db"]["entries"].".mid, ".$cfg["menu"]["db"]["entries"].".entry, ".$cfg["menu"]["db"]["entries"].".refid, ".$cfg["menu"]["db"]["entries"].".level, ".$cfg["menu"]["db"]["language"].".lang, ".$cfg["menu"]["db"]["language"].".label, ".$cfg["menu"]["db"]["language"].".exturl FROM ".$cfg["menu"]["db"]["entries"]." INNER JOIN ".$cfg["menu"]["db"]["language"]." ON ".$cfg["menu"]["db"]["entries"].".mid = ".$cfg["menu"]["db"]["language"].".mid WHERE (((".$cfg["menu"]["db"]["entries"].".refid)=".$level2array["mid"].") AND ((".$cfg["menu"]["db"]["language"].".lang)='".$specialvars["default_language"]."')) order by sort;";
 #    $submenuresult  = $db -> query($sql);
 #}
 if ($level3rows > 0) {
     $ausgaben["punkte"] .= $cfg["menu"]["level3"]["on"];
 }
 while ($level3array = $db->fetch_array($level3result, $nop)) {
     if ($cfg["menu"]["level3"]["enable"] == -1) {
         if ($level3array["level"] == "") {
             $right = -1;
         } else {
             if (priv_check(make_ebene($level3array["mid"]), $level3array["level"])) {
                 $right = -1;
             } else {
                 $right = 0;
             }
         }
         if ($right == -1) {
             // die boese schneide ab funktion
             if (strlen($level3array["label"]) > $cfg["menu"]["level3"]["length"]) {
                 $level3array["label"] = substr($level3array["label"], 0, $cfg["menu"]["level3"]["length"] - 4) . " ...";
             }
             // wo geht der href hin?
             if ($level3array["exturl"] == "") {
                 $href = $cfg["menu"]["base"] . "/" . $level1array["entry"] . "/" . $level2array["entry"] . "/" . $level3array["entry"] . ".html";
                 $target = "";
                 $aktiv = "";
    59 Temple Place, Suite 330
    Boston, MA 02111-1307
    USA

    You may contact the author/development team at:

    Chaos Networks
    c/o Werner Ammon
    Lerchenstr. 11c

    86343 Königsbrunn

    URL: http://www.chaos.de
*/
////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if ($cfg["usered"]["right"] == "" || priv_check('', $cfg["usered"]["right"])) {
    // funktions bereich
    // ***
    // get-verarbeitung: schnellsuche verarbeiten
    $ausgaben["search"] = "";
    $where = "";
    if (isset($_GET["search"])) {
        $ausgaben["search"] = $_GET["search"];
        $where = " WHERE " . $cfg["usered"]["db"]["user"]["login"] . " like '%" . $_GET["search"] . "%' OR " . $cfg["usered"]["db"]["user"]["forename"] . " like '%" . $_GET["search"] . "%' OR " . $cfg["usered"]["db"]["user"]["surname"] . " like '%" . $_GET["search"] . "%' ";
        $getvalues = "search=" . $_GET["search"];
    }
    $sql = "SELECT *\n                  FROM " . $cfg["usered"]["db"]["user"]["entries"] . $where . "\n              ORDER BY " . $cfg["usered"]["db"]["user"]["order"];
    if ($debugging["sql_enable"]) {
        $debugging["ausgabe"] .= "sql: " . $sql . $debugging["char"];
    }
    // seiten umschalter
function menu_generate($refid = 0, $level = 1, $arrEbene = "", $url = "")
{
    global $db, $cfg, $debugging, $environment, $pathvars, $rechte, $dataloop, $hidedata, $ausgaben;
    if ($cfg["menu"]["level" . $level]["enable"] == "-1") {
        $mandatory = " AND ((" . $cfg["menu"]["db"]["entries"] . ".mandatory)='-1')";
        if ($cfg["menu"]["level" . $level]["full"] == "-1") {
            $mandatory = "";
        }
        if ($cfg["menu"]["level" . $level]["extend"] == "-1") {
            $extenddesc = $cfg["menu"]["db"]["entries"] . "_lang.extend,";
        }
        if ($arrEbene == "") {
            $ebene = $environment["ebene"] . "/" . $environment["kategorie"];
            $arrEbene = explode("/", $ebene);
            $url = $pathvars["virtual"];
        }
        $sql = "SELECT " . $cfg["menu"]["db"]["entries"] . ".mid," . $cfg["menu"]["db"]["entries"] . ".refid," . $cfg["menu"]["db"]["entries"] . ".entry," . $cfg["menu"]["db"]["entries"] . ".picture," . $cfg["menu"]["db"]["entries"] . ".level," . $cfg["menu"]["db"]["entries"] . "_lang.lang," . $cfg["menu"]["db"]["entries"] . "_lang.label," . $extenddesc . " " . $cfg["menu"]["db"]["entries"] . "_lang.exturl" . " FROM " . $cfg["menu"]["db"]["entries"] . " INNER JOIN " . $cfg["menu"]["db"]["entries"] . "_lang" . " ON " . $cfg["menu"]["db"]["entries"] . ".mid = " . $cfg["menu"]["db"]["entries"] . "_lang.mid" . " WHERE (" . "(" . $cfg["menu"]["db"]["entries"] . ".refid=" . $refid . ")" . " AND (" . $cfg["menu"]["db"]["entries"] . ".hide <> '-1' OR " . $cfg["menu"]["db"]["entries"] . ".hide IS NULL)" . " AND (" . $cfg["menu"]["db"]["entries"] . "_lang.lang='" . $environment["language"] . "')" . $mandatory . ")" . " ORDER BY sort, label;";
        if ($cfg["menu"]["db"]["debug"]) {
            $debugging["ausgabe"] .= "level" . $level . "sql: " . $sql . $debugging["char"];
        }
        $result = $db->query($sql);
        $buffer = "";
        $menu2 = "";
        while ($data = $db->fetch_array($result, 1)) {
            // berechtigung abfragen
            if ($data["level"] != "") {
                if (!priv_check(make_ebene($data["mid"]), $data["level"])) {
                    continue;
                }
            }
            // link und ziel
            $aktiv = "";
            if ($data["exturl"] == "") {
                $link = $url . "/" . $data["entry"] . ".html";
                $target = "";
                // eintrag aktiv?
                if ($data["entry"] == $arrEbene[1]) {
                    $aktiv = "aktiv";
                } else {
                    $aktiv = "";
                }
            } else {
                $link = $data["exturl"];
                $target = $cfg["menu"]["level" . $level]["target"];
            }
            // label,die boese schneide ab funktion
            $label = $data["label"];
            if (strlen($data["label"]) > $cfg["menu"]["level" . $level]["length"]) {
                $label = substr($data["label"], 0, $cfg["menu"]["level" . $level]["length"] - 3) . "...";
            }
            $titel = $data["label"];
            if ($data["extend"] != "") {
                $titel = $data["extend"];
            }
            // was wird wodurch ersetzt
            $marken = array("##target##", "##link##", "##title##", "##label##", "##picture##", "##extend##", "##aktiv##");
            $ersatz = array($target, $link, $titel, $label, $data["picture"], $data["extend"], $aktiv);
            // version mit template
            if ($cfg["menu"]["generate"] == false) {
                if ($level != 1) {
                    $ausgaben["punkte"] .= str_replace($marken, $ersatz, $cfg["menu"]["level" . $level]["link"]);
                } else {
                    if ($data["entry"] == $arrEbene[1]) {
                        // open folder
                        $ausgaben["ordner"] = str_replace($marken, $ersatz, $cfg["menu"]["level1"]["icona"]);
                    } else {
                        // closed folder
                        $ausgaben["ordner"] = str_replace($marken, $ersatz, $cfg["menu"]["level1"]["iconb"]);
                    }
                }
            }
            // css-klasse und naechste ebene
            $class = "Level" . $level;
            $next_level = "";
            if ($data["entry"] == $arrEbene[1]) {
                // css-klasse erzeugen
                $class = "Level" . $level . "Active";
                // ebenen-array veraendern
                unset($arrEbene[1]);
                $arrEbene = array_values($arrEbene);
                $ausgaben["pagetitle"] = $data["label"];
                if ($cfg["menu"]["level" . $level]["extend"] == "-1") {
                    $ausgaben["extenddesc"] = $data["extend"];
                }
                // naechste ebene abarbeiten
                $next_level = menu_generate($data["mid"], $level + 1, $arrEbene, $url . "/" . $data["entry"]);
            }
            $marken[] = "##class##";
            $ersatz[] = $class;
            $marken[] = "##next_level##";
            $ersatz[] = $next_level;
            // version mit template
            if ($cfg["menu"]["generate"] == false) {
                if ($level == 1) {
                    $ausgaben["ueberschrift"] = str_replace($marken, $ersatz, $cfg["menu"]["level1"]["link"]);
                    $menu2 .= parser($cfg["menu"]["name"], "", $parse_find, $parse_put);
                    $ausgaben["punkte"] = "";
                }
            }
            // dataloop und hideloop fuer die entsprechende Ebene wird gebaut
            $dataloop["level" . $level][] = array("link" => $link, "title" => $data["label"], "item" => $label, "class" => $class);
            $hidedata["level" . $level][0] = "enable";
            // welcher link aufbau
            if ($cfg["menu"]["level1"]["link2"] == "") {
                $link_build = "link";
            } else {
                if ($aktiv == "") {
                    $link_build = "link1";
                } else {
                    $link_build = "link2";
                }
            }
            // komplett
            $buffer .= str_replace($marken, $ersatz, $cfg["menu"]["level" . $level][$link_build]);
        }
        if ($cfg["menu"]["generate"] == true) {
            if ($buffer != "") {
                $menu2 = $cfg["menu"]["level" . $level]["on"] . $buffer . $cfg["menu"]["level" . $level]["off"];
            }
        }
        return $menu2;
    }
}