function systemmail($to,$subject,$body,$from=0,$noemail=false){
$subject = safeescape($subject);
$subject=str_replace("\n","",$subject);
$subject=str_replace("`n","",$subject);
$body = safeescape($body);
//echo $subject."<br>".$body;
$sql = "SELECT prefs,emailaddress FROM accounts WHERE acctid='$to'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
db_free_result($result);
$prefs = unserialize($row[prefs]);
if ($prefs[dirtyemail]){
//output("Not cleaning: $prefs[dirtyemail]");
}else{
//output("Cleaning: $prefs[dirtyemail]");
$subject=soap($subject);
$body=soap($body);
}
$sql = "INSERT INTO mail (msgfrom,msgto,subject,body,sent) VALUES ('".(int)$from."','".(int)$to."','$subject','$body',now())";
db_query($sql);
$email=false;
if ($prefs[emailonmail] && $from>0){
$email=true;
}elseif($prefs[emailonmail] && $from==0 && $prefs[systemmail]){
$email=true;
}
if (!is_email($row[emailaddress])) $email=false;
if ($email && !$noemail){
$sql = "SELECT name FROM accounts WHERE acctid='$from'";
$result = db_query($sql);
$row1=db_fetch_assoc($result);
db_free_result($result);
if ($row1[name]!="") $fromline="From: ".preg_replace("'[`].'","",$row1[name])."\n";
// We've inserted it into the database, so.. strip out any formatting
// codes from the actual email we send out... they make things
// unreadable
$body = preg_replace("'[`]n'", "\n", $body);
$body = preg_replace("'[`].'", "", $body);
mail($row[emailaddress],"New LoGD Mail","You have received new mail on LoGD at http://".$_SERVER[HTTP_HOST].dirname($_SERVER[SCRIPT_NAME])."\n\n$fromline"
."Subject: ".preg_replace("'[`].'","",stripslashes($subject))."\n"
."Body: ".stripslashes($body)."\n"
."\nYou may turn off these alerts in your preferences page.",
"From: ".getsetting("gameadminemail","postmaster@localhost")
);
}
}
function safeget($array, $key, $default = null, $esc = true)
{
if ($array === NULL) {
return $default;
}
if (is_array($array) && array_key_exists($key, $array)) {
$val = $array[$key];
} else {
$val = $default;
}
//echo "Value:$val\n";
if ($esc == true) {
$val = safeescape($val);
}
return $val;
}
function safeescape($obj)
{
if ($obj === null) {
return null;
}
if (is_array($obj)) {
$ret = array();
foreach ($obj as $k => $v) {
$ret[$k] = safeescape($v);
}
return $ret;
} else {
if (is_string($obj)) {
return db()->escape_string($obj);
}
}
return $obj;
}
function systemmail($to, $subject, $body, $from = 0, $noemail = false)
{
global $session;
$sql = "SELECT prefs,emailaddress FROM " . db_prefix("accounts") . " WHERE acctid='{$to}'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
db_free_result($result);
$prefs = unserialize($row['prefs']);
$serialized = 0;
if ($from == 0) {
if (is_array($subject)) {
$subject = serialize($subject);
$serialized = 1;
}
if (is_array($body)) {
$body = serialize($body);
$serialized += 2;
}
$subject = safeescape($subject);
$body = safeescape($body);
} else {
$subject = safeescape($subject);
$subject = str_replace("\n", "", $subject);
$subject = str_replace("`n", "", $subject);
$body = safeescape($body);
if (isset($prefs['dirtyemail']) && $prefs['dirtyemail'] || $from == 0) {
} else {
$subject = soap($subject, false, "mail");
$body = soap($body, false, "mail");
}
}
$sql = "INSERT INTO " . db_prefix("mail") . " (msgfrom,msgto,subject,body,sent,originator) VALUES ('" . $from . "','" . (int) $to . "','{$subject}','{$body}','" . date("Y-m-d H:i:s") . "', " . $session['user']['acctid'] . ")";
db_query($sql);
invalidatedatacache("mail-{$to}");
$email = false;
if (isset($prefs['emailonmail']) && $prefs['emailonmail'] && $from > 0) {
$email = true;
} elseif (isset($prefs['emailonmail']) && $prefs['emailonmail'] && $from == 0 && isset($prefs['systemmail']) && $prefs['systemmail']) {
$email = true;
}
$emailadd = "";
if (isset($row['emailaddress'])) {
$emailadd = $row['emailaddress'];
}
if (!is_email($emailadd)) {
$email = false;
}
if ($email && !$noemail) {
if ($serialized & 2) {
$body = unserialize(stripslashes($body));
$body = translate_mail($body, $to);
}
if ($serialized & 1) {
$subject = unserialize(stripslashes($subject));
$subject = translate_mail($subject, $to);
}
$sql = "SELECT name FROM " . db_prefix("accounts") . " WHERE acctid='{$from}'";
$result = db_query($sql);
$row1 = db_fetch_assoc($result);
db_free_result($result);
if ($row1['name'] != "") {
$fromline = full_sanitize($row1['name']);
} else {
$fromline = translate_inline("The Green Dragon", "mail");
}
$sql = "SELECT name FROM " . db_prefix("accounts") . " WHERE acctid='{$to}'";
$result = db_query($sql);
$row1 = db_fetch_assoc($result);
db_free_result($result);
$toline = full_sanitize($row1['name']);
// We've inserted it into the database, so.. strip out any formatting
// codes from the actual email we send out... they make things
// unreadable
$body = preg_replace("'[`]n'", "\n", $body);
$body = full_sanitize($body);
$subject = htmlentities($subject, ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
$mailsubj = translate_mail(array("New LoGD Mail (%s)", $subject), $to);
$mailbody = translate_mail(array("You have received new mail on LoGD at http://%s`n`n" . "-=-=-=-=-=-=-=-=-=-=-=-=-=-`n" . "From: %s`n" . "To: %s`n" . "Subject: %s`n" . "Body: `n%s`n" . "-=-=-=-=-=-=-=-=-=-=-=-=-=-" . "`nDo not respond directly to this email, it was sent from the game email address, and not the email address of the person who sent you the " . "message. If you wish to respond, log into Legend of the Green Dragon at http://%s .`n`n" . "You may turn off these alerts in your preferences page, available from the village square.", $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']), $fromline, $toline, full_sanitize(stripslashes($subject)), stripslashes($body), $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])), $to);
mail($row['emailaddress'], $mailsubj, str_replace("`n", "\n", $mailbody), "From: " . getsetting("gameadminemail", "postmaster@localhost"));
}
invalidatedatacache("mail-{$to}");
}
}
}
}
$remove = httpget('remove');
if ($remove > "") {
$sql = "SELECT name,login,clanrank FROM " . db_prefix("accounts") . " WHERE acctid='{$remove}'";
$row = db_fetch_assoc(db_query($sql));
$args = modulehook("clan-setrank", array("setrank" => 0, "login" => $row['login'], "name" => $row['name'], "acctid" => $remove, "clanid" => $session['user']['clanid'], "oldrank" => $row['clanrank']));
$sql = "UPDATE " . db_prefix("accounts") . " SET clanrank=" . CLAN_APPLICANT . ",clanid=0,clanjoindate='0000-00-00 00:00:00' WHERE acctid='{$remove}' AND clanrank<={$session['user']['clanrank']}";
db_query($sql);
debuglog("Player {$session['user']['name']} removed player {$row['login']} from {$claninfo['clanname']}.", $remove);
//delete unread application emails from this user.
//breaks if the applicant has had their name changed via
//dragon kill, superuser edit, or lodge color change
require_once "lib/safeescape.php";
$subj = safeescape(serialize(array($apply_short, $row['name'])));
$sql = "DELETE FROM " . db_prefix("mail") . " WHERE msgfrom=0 AND seen=0 AND subject='{$subj}'";
db_query($sql);
}
$sql = "SELECT name,login,acctid,clanrank,laston,clanjoindate,dragonkills,level FROM " . db_prefix("accounts") . " WHERE clanid={$claninfo['clanid']} ORDER BY clanrank DESC ,dragonkills DESC,level DESC,clanjoindate";
$result = db_query($sql);
rawoutput("<table border='0' cellpadding='2' cellspacing='0'>");
$rank = translate_inline("Rank");
$name = translate_inline("Name");
$lev = translate_inline("Level");
$dk = translate_inline("Dragon Kills");
$jd = translate_inline("Join Date");
$lo = translate_inline("Last On");
$ops = translate_inline("Operations");
$promote = translate_inline("Promote");
$demote = translate_inline("Demote");
