function section_jointeam_doJoin($id, $invite) { // Try to add player to team $obj = mysql_fetch_object(mysql_query("select l_team.id, l_team.name, l_team.leader, count(callsign) nump\n from l_team left join l_player on l_team.id = l_player.team\n where l_team.id = " . $id . "\n group by l_team.id, l_team.name, l_team.leader")); if ($obj->nump == $TEAMSIZE) { // Team full echo "<center>Sorry, this team is full. Probably someone was joining it at the same time...</center>"; } else { // Okay, let's do the update mysql_query("update l_player set team=" . $id . " where id=" . $_SESSION['playerid']); // Close team if it's full if ($obj->nump == $TEAMSIZE - 1) { mysql_query("update l_team set status='closed' where id=" . $id); } // Close team if it has 3 players and is adminclosed if ($obj->nump == 2) { mysql_query("update l_team set status='closed' where adminclosed='yes' and id=" . $id); } echo '<center>You are now a member of the ' . teamLink($obj->name, $obj->id, false) . ' team.<BR> A message has been sent to the team leader.</center>'; session_refresh(); // Send a message to the team leader $player = playerLink($_SESSION['playerid'], $_SESSION['callsign']); if ($invite) { $msg = "{$player} has accepted your invitation, and has joined your team!<BR>"; sqlQuery("DELETE FROM bzl_invites WHERE teamid={$obj->id} AND \n playerid={$_SESSION['playerid']}"); } else { $msg = "A new player just joined your team: {$player}"; } sendBzMail(0, $obj->leader, $_SESSION['callsign'] . ' joined your team!', $msg); } }
function section_invite_sendInvite($team, $player, $days, $text) { echo "<center>Invitation sent to player, thank you!</center>"; $text = htmlentities($text); $msg = '<b>' . $_SESSION['callsign'] . "</b> is inviting you to join his/her team: <b>{$team->name}</b>.<br>\n <u>Invitation text:</u><br>{$text}<p><br>\n <a href='index.php?link=jointeam&id={$team->id}'><font size=+1>Click here to accept the invitation.</font></a><br>\n Note that the invitation expires {$days} days from when it was sent."; sendBzMail($_SESSION['playerid'], $player->id, 'Invitation from ' . $_SESSION['callsign'], $msg, false, true); sqlQuery("INSERT INTO bzl_invites (teamid, playerid, expires) VALUES ({$team->id}, {$player->id}, \n ADDDATE(NOW(), INTERVAL {$days} DAY))"); }
function section_leaveteam() { require_once 'lib/common.php'; $id = addslashes($_GET['id']); $link = $_GET['link']; $answer = $_GET['answer']; $s_playerid = $_SESSION['playerid']; // Dont let admirarch leave a team. SC request // if( $s_playerid == 2074 ) { // errorpage("No can do"); // return; // } $obj = mysql_fetch_object(sqlQuery("select name, leader from l_team where id={$id}")); echo '<BR>'; if ($answer == "") { if ($s_playerid == $obj->leader) { // Prevent leaders from leaving their own team echo "<center>You can't abandon the magnificient {$obj->name} team, because you are its leader.<BR>\n Please go to your <a href=\"index.php?link=teamadmin&id=" . $id . "&" . SID . "\"><b>team page</b></a>\n and assign another leader first!</center>"; } else { echo '<center>You are about to abandon the magnificient <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team, its members will miss you...<br>'; echo "Please, please, stay in the team!<br>"; echo "Are you really sure you want to abandon this team ?<br><br>"; echo '<TABLE border=0><TR><TD>' . htmlURLbutton('ABANDON', $link, "id={$id}&answer=yes") . '</td><TD> </td><TD>' . htmlURLbutton('CANCEL', $link, "id={$id}&answer=no", CLRBUT) . '</td></tr></table>'; } } else { if ($answer == "yes") { // Remove this player from the team mysql_query("update l_player set team=0 where id=" . $s_playerid); // Open the team, because it needs at least one more player, // but only if it is not administratively closed, or if num players<3 $pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id)); if ($pl->num < 3) { mysql_query("update l_team set status='opened' where id=" . $id); } else { mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $id); } echo "<center>That's it, you are no longer a member of the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team.<br>\n A message has just been sent to the team leader</center>"; session_refresh(); // Send a message to the team leader sendBzMail(0, $obj->leader, $_SESSION['callsign'] . ' has left your team!', 'A player just left your team: "' . $_SESSION['callsign'] . '"'); } else { // Say thank you echo '<BR><center>The <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team members thank you for being so brave, and continuing the fight!</center>'; } } }
function section_register_doSubmit(&$se) { // player's utc timezone offset (aquired from user's client via jscript) $uz = 0 - $_POST['tzoffset'] / 60; $cypher = crypt($f_password1); $call = addSlashes($se->callsign); $pass = md5($se->password); sqlQuery("insert into l_player (callsign, team, status, role_id, md5password, created, last_login,\n utczone, country, email) \n values( '{$call}', 0, 'registered', " . NEW_USER_PERMISSION . ", '{$pass}', now(), now(), \n '{$uz}', '{$se->country}', '{$se->email}')"); // Assign session variables $_SESSION['callsign'] = $se->callsign; $_SESSION['playerid'] = mysql_insert_id(); // Insert an entry into the statistics table $gmnow = gmdate("Y-m-d H:i:s"); sqlQuery('insert into ' . TBL_VISITS . " (ts, pid, ip) \n values ('{$gmnow}', {$_SESSION['playerid']}, '{$_SERVER['REMOTE_ADDR']}')"); $_SESSION['teamid'] = 0; $_SESSION['leader'] = 0; sendBzMail(0, $_SESSION['playerid'], 'WELCOME, ' . $_SESSION['callsign'], "Thank you for registering, and welcome to the league!<BR>\n Please read the FAQ, and edit your profile to make it easier for others to find you (this REALLY helps for organizing matches).<br>\n Now you can join a team, or create a new team and recruit members.\n <BR>See you on the battlefield!"); echo '<center>Welcome onboard, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '">' . $_SESSION['callsign'] . '</a>.<br><br> You are now a registered user on the league system, and are allowed to join a team, or create a new one.<br> Please read the F.A.Q. to know how. <hr> This is your personal information:<br> Login: '******'callsign'] . '<br> Password: '******'<br> <hr> If you lose your password, the only way for you to have a new one is to contact one of the site admins.<br> See <a href="index.php?link=contact">the contact page</a> if you wan' . "'" . 't to do that. </center>'; $res = mysql_query("SELECT name FROM bzl_roles WHERE id = " . NEW_USER_PERMISSION) or die(mysql_error()); if ($row = mysql_fetch_array($res)) { $_SESSION['level'] = $row[0]; } else { $_SESSION['level'] = "player"; } session_refresh(); }
function section_banplayer() { require_once 'lib/common.php'; $playerid = $_GET['playerid']; $teamid = $_GET['teamid']; $f_okban_x = $_GET['f_okban_x']; $f_ok_x = $_GET['f_ok_x']; $callsign = $_GET['callsign']; $name = $_GET['name']; $link = $_GET['link']; $player = mysql_fetch_object(mysql_query("select callsign from l_player where id=" . $playerid)); $team = mysql_fetch_object(mysql_query("select name from l_team where id=" . $teamid)); // FIXME: Ok, for now I ignore that players with teampassword can ban other // players. This is just a quick fix, before there was NO checks WHATSOEVER // if the operation was allowed // Check permission $allowed = 0; $obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $teamid)); $res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid)); $numplayer = $res->num; if (isFuncAllowed('teamadmin::edit_any_team') || $_SESSION['playerid'] == $obj->leader) { // Admin or team leader, allowed $allowed = 1; } else { // FIXME: This wont work, as the link does not contain the teampassword. /* // Check password $cypher = substr (crypt($f_password, substr($obj->password, 0, 2)), 0, 13); if($cypher == $obj->password) { // Good password, allowed $allowed = 1; } */ errorPage("Permission denied."); return; } if ($f_okban_x) { // Ban confirmed // Open team is not administratively closed, or if num players<3 $pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid)); if ($pl->num == 3) { mysql_query("update l_team set status='opened' where id=" . $teamid); } else { mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $teamid); } mysql_query("update l_player set team=0 where id=" . $playerid); echo '<center>Well <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '">' . $_SESSION['callsign'] . '</a>, <a href="index.php?link=playerinfo&id=' . $playerid . '">' . $callsign . '</a> is no longer a member of the team <a href="index.php?link=teaminfo&id=' . $teamid . '">' . $name . '</a>'; //TODO: reload of page sends multiple messages ... ? echo '<br>A message has just been sent to the user.</center>'; sendBzMail(0, $playerid, 'You have been released!', 'Sorry, but ' . $_SESSION['callsign'] . ' released you from the ' . $team->name . ' team<br>'); } else { if (!$f_ok_x) { // Someone is playing with the headers echo "<center>Hey! Please stop playing with your browser!</center>"; } else { echo '<center>Please confirm that you want to ban <a href="index.php?link=playerinfo&id=' . $playerid . '&' . SID . '">' . $player->callsign . '</a> from the team <a href="index.php?link=teaminfo&id=' . $teamid . '&' . SID . '">' . $team->name . '</a>.</center>'; echo '<center><BR><form method=GET>' . SID_FORM . ' <input type=hidden name=link value=' . $link . '> <input type=hidden name=playerid value=' . $playerid . '> <input type=hidden name=teamid value=' . $teamid . '> <input type=hidden name=callsign value="' . $player->callsign . '"> <input type=hidden name=name value="' . $team->name . '">' . '<table border=0><TR><TD>' . htmlFormButton(' BAN ', 'f_okban_x') . ' </td><TD> ' . htmlURLbutton('Cancel', 'teaminfo', "id={$teamid}", CLRBUT) . ' </td></tr></table> </form></center>'; } } }
function section_teamadmin() { require_once 'lib/common.php'; $TEAMSIZE = 20; $vars = array('id', 'f_password', 'f_ok_x', 'f_comment', 'f_logo', 'f_name', 'f_status', 'f_password1', 'f_password2', 'link', 'f_leader'); foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } // Check permission $allowed = 0; $obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $id)); $res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id)); $numplayer = $res->num; if (isFuncAllowed('edit_any_team') || $_SESSION['playerid'] == $obj->leader) { // Admin or team leader, allowed $allowed = 1; } else { // Check password $cypher = substr(crypt($f_password, substr($obj->password, 0, 2)), 0, 13); if ($cypher == $obj->password) { // Good password, allowed $allowed = 1; } } echo '<BR>'; if ($obj->status == 'deleted') { echo "<center>Sorry, you cannot edit a deleted team.</center>"; } else { if (!$allowed) { echo "<center>Sorry, you don't have the permission to edit the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team, or you entered an incorrect password.</center>"; } else { if ($f_ok_x) { $f_comment = stripslashes($f_comment); $f_logo = stripslashes($f_logo); $f_name = stripslashes($f_name); $f_status = stripslashes($f_status); } else { $f_comment = $obj->comment; $f_logo = $obj->logo; $f_name = $obj->name; $f_status = $obj->status; } $error = 1; if ($f_ok_x) { $error = 0; // Check password if ($f_password1 != $f_password2) { $error = 1; echo "<div class=error>The passwords don't match</div>"; } else { if ($f_password1 != "") { $cypher = ", password='******'$1') . "'"; } else { $cypher = ""; } } // Check duplicate team names $res = mysql_query("select name from l_team where id!={$id} and name=\"" . addslashes($f_name) . "\""); if (mysql_num_rows($res) != 0) { $error = 1; echo "<div class=error>A team with this name: '{$f_name}' already exists</div>"; $f_name = $obj->name; } // Check empty team name if ($f_name == '') { $error = 1; echo "<div class=error>The team name can't be empty</div>"; $f_name = $obj->name; } // Check logo //$msg = checkLogoSize($f_logo); $msg = ''; if ($msg != '') { $error = 1; echo "<div class=error>{$msg}</div>"; } } if ($error) { echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>"; // Hidden fields echo '<input type=hidden name=f_password value="' . $f_password . '">'; echo '<input type=hidden name=link value="' . $link . '">'; if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { // Admins and leaders can change the team name echo '<tr><td>Team name:</td><td><input name=f_name size=40 maxlength=40 value="' . $f_name . '"></td></tr>'; } else { echo "<tr><td align=center colspan=2 class=tablehead><div class=teamname><b>" . $obj->name . "</b></div><input type=hidden name=f_name value=\"{$f_name}\"></td></tr>"; } // Logo if ($obj->logo != "") { echo '<tr><td align=center colspan=2><BR><img src="' . $obj->logo . '"></td></tr>'; } echo '<tr><td>Logo URL (400x300 max!):</td><td><input type=text size=60 maxlength=200 name=f_logo value="' . $f_logo . '"></td></tr>'; echo "<tr><td colspan=2><hr></td></tr>"; // Admin and leaders can change the team password if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { // Password echo '<tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password1 value="' . $f_password1 . '"> (leaving the fields empty will keep the current password)</td></tr> <tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password2 value="' . $f_password2 . '"></td></tr> <tr><td colspan=2><hr></td></tr>'; } // Admin and leaders can change the team status if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { if ($numplayer >= 3 && $numplayer < $TEAMSIZE) { // Can change status IF there are 3 players or more echo "<tr><td>Team status:</td><td><select name=f_status>"; if ($f_status == 'opened') { echo '<option selected value=opened>opened</option> <option value=closed>closed</option>'; } else { echo '<option value=opened>opened</option> <option selected value=closed>closed</option>'; } echo "</select></td></tr>"; } else { if ($numplayer == 1) { $typo = 'player'; } else { $typo = 'players'; } echo '<input type=hidden name=f_status value="' . $obj->status . '">'; echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . ' (forced because you have ' . $numplayer . ' ' . $typo . ')</td></tr>'; } } else { echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . '</td></tr>'; } if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { echo "<tr>"; echo "<td>Leader</td>"; echo "<td><select name=\"f_leader\">"; $sql = "SELECT id, callsign FROM l_player WHERE team = '{$id}' ORDER by callsign"; $res = mysql_query($sql); while ($row = mysql_fetch_row($res)) { if ($row[0] == $obj->leader) { print "<option value=\"\" SELECTED>" . stripslashes($row[1]) . " (current leader)</option>"; } else { print "<option value=\"{$row[0]}\">" . stripslashes($row[1]) . "</option>"; } } echo "</select>"; echo "</td>"; echo "</tr>"; } // Comment echo '<tr><td colspan=2>Comment:<br><textarea name=f_comment cols=50 rows=6>' . $f_comment . '</textarea></td></tr> <tr><td colspan=2><hr></td></tr> <tr><td align=center colspan=2><table><tr><td>' . htmlFormButton(' OK ', 'f_ok_x') . '</td><td width=8></td><td>' . htmlURLbutton('Cancel', 'teaminfo', "id={$id}", CLRBUT) . '</td></tr></table></td></tr></table></form>'; } else { // Update the table if (!empty($f_leader)) { $sql = "SELECT 1 FROM l_player WHERE id = '{$f_leader}' AND team = {$id} "; $res = mysql_query($sql); if (mysql_fetch_row($res)) { $_SESSION['leader'] = $f_leader == $_SESSION['playerid'] ? 1 : 0; $f_leader = 'leader = ' . $f_leader . ', '; } else { $f_leader = ''; } } else { $f_leader = ''; } if ($f_status == '') { $f_status = 'opened'; } if ($f_status != $obj->status) { // Changed the status if ($f_status == 'closed') { $adminclosed = 'yes'; } else { $adminclosed = 'no'; } } else { // Keep current status $adminclosed = $obj->adminclosed; } sqlQuery($sql = 'update l_team set logo="' . addSlashes($f_logo) . '", comment="' . addSlashes($f_comment) . '" ' . $cypher . ', name="' . addSlashes($f_name) . '", adminclosed="' . $adminclosed . '", ' . $f_leader . ' status="' . $f_status . '" where id=' . $id); echo '<BR><center>Thank you, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a>, for updating the <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $f_name . '</a> team.</center>'; // If changed the team name, inform the team members if ($f_name != $obj->name) { echo '<center>You changed the team name, we inform your team members.</center>'; sendBzMail(0, $id, 'Team renamed!', '<center>---ADMINISTRATIVE MESSAGE---</center><br>' . $_SESSION['callsign'] . ' just changed the name of your team from <i>' . $obj->name . '</i> to <i>' . $f_name . '</i>.', true, true); } } } } }
function section_sendmessage() { require_once 'lib/common.php'; $vars = array('pid', 'tid', 'f_ok_x', 'toteam', 'reply', 'f_subject', 'f_msg', 'replying', 'repid', 'mid', 'link', 'dup'); $s_playerid = $_SESSION['playerid']; foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } if (isGuest()) { return errorPage('Not Authorized'); } if ($dup) { echo '<BR><CENTER>Duplicate mail not sent (refresh or back button detected)<BR>'; return; } if (isset($pid)) { if ($toteam == 'yes' && isset($_POST['reply_team'])) { $team = mysql_fetch_object(mysql_query("select l_team.id, name from l_team, l_player where l_player.id={$pid} and l_team.id=team")); $tid = $team->id; } else { $toteam = 'no'; $player = mysql_fetch_object(mysql_query("select callsign from l_player where id={$pid}")); } } if (isset($tid)) { $team = mysql_fetch_object(mysql_query("select name from l_team where id={$tid}")); } $error = 1; if ($f_ok_x) { $error = 0; $f_msg = stripslashes($f_msg); if ($f_msg == '') { $error = 1; echo "<div class=error>You must write something to send a message</div>"; } } if ($error) { if (isset($toteam)) { if ($toteam == 'yes') { $rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>'; } else { $rcpt = '<a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>'; } } else { if (isset($tid)) { $rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>'; } else { $rcpt = 'player <a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>'; } } if (isset($reply)) { $msg = mysql_fetch_object(mysql_query($sql = "select * from l_message where msgid={$mid}")); $message = $msg->msg; $f_subject = $msg->subject; if (substr($f_subject, 0, 3) != 'Re:') { $f_subject = 'Re: ' . $f_subject; } // Strip subject if it's too long if (strlen($f_subject) > 80) { $f_subject = substr($f_subject, 0, 80); } echo "<table border=0 align=center cellspacing=0 cellpadding=1>\n <tr class=tablehead><td>Original message:</td></tr>\n <tr class=msgquote><td>"; echo stripslashes(nl2br($message)) . '</td></tr></table><br>'; // Quote initial message $f_msg = ereg_replace("\n", ">", ereg_replace("^", ">", $message)); $f_msg = $f_msg . "\n>\n"; $action = "Replying to "; } else { $action = "Sending a message to "; } echo '<center><form method=post>' . SID_FORM . $action . $rcpt . '.<br><br> Enter your message below:<br> Subject:<input type=text maxlength=80 size=60 name=f_subject value="' . $f_subject . '"><BR> <textarea cols=50 rows=15 name=f_msg>' . stripslashes($f_msg) . '</textarea> <hr><center> <input type=hidden name=link value=' . $link . '>'; snFormInit(); echo '<TABLE><TR><TD>' . htmlFormButton('SEND', 'f_ok_x') . '</td><TD width=10></td><TD>'; if (isset($pid)) { echo htmlURLbutton('Cancel', 'playerinfo', "id={$pid}", CLRBUT); } else { echo htmlURLbutton('Cancel', 'teaminfo', "id={$tid}", CLRBUT); } echo '</td></tr></table><input type=hidden name=link value=' . $link . '>'; if (isset($reply)) { // Flag that we are replying to a message echo '<input type=hidden name=replying value=1>'; echo '<input type=hidden name=repid value=' . $mid . '>'; } if (isset($tid)) { echo '<input type=hidden name=tid value=' . $tid . '>'; } else { echo '<input type=hidden name=pid value=' . $pid . '>'; } echo '</center></form></center>'; } else { // Do send the message echo "<center>Message sent, thank you!</center>"; snCheck('sendmessage', 'dup=1'); // If replying we mark the original message as replied if (isset($replying)) { mysql_query("update l_message set status='replied' where msgid={$repid}"); } if (isset($pid)) { if ($toteam == 'yes') { // Send to a team sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes'); } else { // Send to one player sendBzMail($s_playerid, $pid, $f_subject, $f_msg); } } else { // Send to a team sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes'); } } }