function section_jointeam_doJoin($id, $invite) { // Try to add player to team $obj = mysql_fetch_object(mysql_query("select l_team.id, l_team.name, l_team.leader, count(callsign) nump\n from l_team left join l_player on l_team.id = l_player.team\n where l_team.id = " . $id . "\n group by l_team.id, l_team.name, l_team.leader")); if ($obj->nump == $TEAMSIZE) { // Team full echo "<center>Sorry, this team is full. Probably someone was joining it at the same time...</center>"; } else { // Okay, let's do the update mysql_query("update l_player set team=" . $id . " where id=" . $_SESSION['playerid']); // Close team if it's full if ($obj->nump == $TEAMSIZE - 1) { mysql_query("update l_team set status='closed' where id=" . $id); } // Close team if it has 3 players and is adminclosed if ($obj->nump == 2) { mysql_query("update l_team set status='closed' where adminclosed='yes' and id=" . $id); } echo '<center>You are now a member of the ' . teamLink($obj->name, $obj->id, false) . ' team.<BR> A message has been sent to the team leader.</center>'; session_refresh(); // Send a message to the team leader $player = playerLink($_SESSION['playerid'], $_SESSION['callsign']); if ($invite) { $msg = "{$player} has accepted your invitation, and has joined your team!<BR>"; sqlQuery("DELETE FROM bzl_invites WHERE teamid={$obj->id} AND \n playerid={$_SESSION['playerid']}"); } else { $msg = "A new player just joined your team: {$player}"; } sendBzMail(0, $obj->leader, $_SESSION['callsign'] . ' joined your team!', $msg); } }
function section_leaveteam() { require_once 'lib/common.php'; $id = addslashes($_GET['id']); $link = $_GET['link']; $answer = $_GET['answer']; $s_playerid = $_SESSION['playerid']; // Dont let admirarch leave a team. SC request // if( $s_playerid == 2074 ) { // errorpage("No can do"); // return; // } $obj = mysql_fetch_object(sqlQuery("select name, leader from l_team where id={$id}")); echo '<BR>'; if ($answer == "") { if ($s_playerid == $obj->leader) { // Prevent leaders from leaving their own team echo "<center>You can't abandon the magnificient {$obj->name} team, because you are its leader.<BR>\n Please go to your <a href=\"index.php?link=teamadmin&id=" . $id . "&" . SID . "\"><b>team page</b></a>\n and assign another leader first!</center>"; } else { echo '<center>You are about to abandon the magnificient <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team, its members will miss you...<br>'; echo "Please, please, stay in the team!<br>"; echo "Are you really sure you want to abandon this team ?<br><br>"; echo '<TABLE border=0><TR><TD>' . htmlURLbutton('ABANDON', $link, "id={$id}&answer=yes") . '</td><TD> </td><TD>' . htmlURLbutton('CANCEL', $link, "id={$id}&answer=no", CLRBUT) . '</td></tr></table>'; } } else { if ($answer == "yes") { // Remove this player from the team mysql_query("update l_player set team=0 where id=" . $s_playerid); // Open the team, because it needs at least one more player, // but only if it is not administratively closed, or if num players<3 $pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id)); if ($pl->num < 3) { mysql_query("update l_team set status='opened' where id=" . $id); } else { mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $id); } echo "<center>That's it, you are no longer a member of the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team.<br>\n A message has just been sent to the team leader</center>"; session_refresh(); // Send a message to the team leader sendBzMail(0, $obj->leader, $_SESSION['callsign'] . ' has left your team!', 'A player just left your team: "' . $_SESSION['callsign'] . '"'); } else { // Say thank you echo '<BR><center>The <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team members thank you for being so brave, and continuing the fight!</center>'; } } }
function section_createteam() { $vars = array('f_ok_x', 'f_name', 'f_logo', 'f_password', 'f_password2'); foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; ${$var} = stripslashes(${$var}); } $error = 1; if ($f_ok_x) { $error = 0; // Check fields // Check team name if ($f_name == "") { $error = 1; echo "<div class=error>Team name must not be empty</div>"; } else { // Check unicity $row = mysql_fetch_object(mysql_query("select id, status from l_team where name='" . addslashes($f_name) . "'")); if ($row) { $error = 1; if ($row->status == 'deleted') { echo "<div class=error><BR><CENTER>This team previously existed, but was deleted. \n If you need to revive this team name, contact a site administrator."; } else { echo "<div class=error><BR><CENTER>This team name already exists</div>."; } } } // Check logo //$msg = checkLogoSize($f_logo); - empty function $msg = ''; if ($msg != '') { $error = 1; echo "<div class=error>{$msg}</div>"; } // Check admin password if ($f_password != $f_password2) { $error = 1; echo "<div class=error>The passwords don't match</div>"; } else { if ($f_password == "") { $error = 1; echo "<div class=error>The admin password must not be empty</div>"; } else { $cypher = crypt($f_password); } } } if ($error) { echo '<form method=post>' . SID_FORM . '<table align=center border=0 cellspacing=0 cellpadding=1> <tr><td>Team name:</td><td><input type=text size=32 maxlength=32 name=f_name value="' . $f_name . '"></td></tr> <tr><td colspan=2><hr></td></tr> <tr><td>Admin password:</td><td><input type=password size=8 maxlength=8 name=f_password value="' . $f_password . '"></td></tr> <tr><td>Verify:</td><td><input type=password size=8 maxlength=8 name=f_password2 value="' . $f_password2 . '"></td></tr> <tr><td colspan=2><hr></td></tr> <tr><td>Optional team logo URL (400x300 max!):</td><td><input type=text size=40 maxlength=200 name=f_logo value="' . $f_logo . '"></td></tr> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2>Optional (but recommended) description:<br><textarea cols=50 rows=6 name=f_comment>' . $f_comment . '</textarea></td></tr> <tr><td colspan=2><hr></td></tr> <tr><td colspan=2 align=center> <TABLE><TR><TD>' . htmlFormButton('Submit', 'f_ok_x') . '</td><TD width=10></td><TD> ' . htmlURLButton('Cancel', 'teams', null, CLRBUT) . '</td></tr></table> </td></tr></table></form>'; } else { // Insert data into table mysql_query("insert into l_team (id, name, comment, leader, logo, status, score, password, adminclosed, created) \n values(0, '" . addSlashes($f_name) . "', '" . addSlashes($f_comment) . "', " . $_SESSION['playerid'] . ", \n '" . addSlashes($f_logo) . "', 'opened', 1200, '" . $cypher . "', 'no', NOW())"); // Update me so I belong to my team mysql_query("update l_player set team=" . mysql_insert_id() . " where id=" . $_SESSION['playerid']); session_refresh(); mysql_query("update l_team set status='opened' where id=" . $_SESSION['teamid']); echo '<center>Thank you, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a>, for creating the brand new <a href="index.php?link=teaminfo&id=' . $_SESSION['teamid'] . '&' . SID . '">' . $f_name . '</a> team.<br> <br>We hope that your team will show courage on the battlefield ;-)</center>'; } }
$deletedPercent = $_SESSION['delId'][$delId]['Deleted'] * 100 / $_SESSION['delId'][$delId]['Total']; if ($_SESSION['delId'][$delId]['Deleted'] - $_SESSION['delId'][$delId]['Total'] == 0) { $deleteSensorResult = deleteSensor($_SESSION['delFilter']['src_sensor']); $result = array('Total' => $_SESSION['delId'][$delId]['Total'], 'Current' => $_SESSION['delId'][$delId]['Deleted'], 'Percent' => $deletedPercent, 'SensorDelete' => $deleteSensorResult); unset($_SESSION['delFilter']); unset($_SESSION['delId']); } else { $result = array('Total' => $_SESSION['delId'][$delId]['Total'], 'Current' => $_SESSION['delId'][$delId]['Deleted'], 'Percent' => $deletedPercent, 'SensorDelete' => $deleteSensorResult); } } else { $deleteSensorResult = deleteSensor($_SESSION['delFilter']['src_sensor']); unset($_SESSION['delFilter']); unset($_SESSION['delId']); $result = array('Total' => 0, 'Current' => 0, 'Percent' => 100, 'SensorDelete' => $deleteSensorResult); } sleep(2); print json_encode($result); } elseif (isset($_GET['getWebHostsPartial'])) { // Query web hostnames partially, using autocomplete from filter interface. if (strlen($_GET['getWebHostsPartial']) > 2) { $webHostsList = getWebHostsPartial($_GET['getWebHostsPartial']); } else { $webHostsList = "{}"; } print json_encode($webHostsList); } else { print "Error\n"; } // update last activity timestamp, on page processing finish session_refresh();
function section_register_doSubmit(&$se) { // player's utc timezone offset (aquired from user's client via jscript) $uz = 0 - $_POST['tzoffset'] / 60; $cypher = crypt($f_password1); $call = addSlashes($se->callsign); $pass = md5($se->password); sqlQuery("insert into l_player (callsign, team, status, role_id, md5password, created, last_login,\n utczone, country, email) \n values( '{$call}', 0, 'registered', " . NEW_USER_PERMISSION . ", '{$pass}', now(), now(), \n '{$uz}', '{$se->country}', '{$se->email}')"); // Assign session variables $_SESSION['callsign'] = $se->callsign; $_SESSION['playerid'] = mysql_insert_id(); // Insert an entry into the statistics table $gmnow = gmdate("Y-m-d H:i:s"); sqlQuery('insert into ' . TBL_VISITS . " (ts, pid, ip) \n values ('{$gmnow}', {$_SESSION['playerid']}, '{$_SERVER['REMOTE_ADDR']}')"); $_SESSION['teamid'] = 0; $_SESSION['leader'] = 0; sendBzMail(0, $_SESSION['playerid'], 'WELCOME, ' . $_SESSION['callsign'], "Thank you for registering, and welcome to the league!<BR>\n Please read the FAQ, and edit your profile to make it easier for others to find you (this REALLY helps for organizing matches).<br>\n Now you can join a team, or create a new team and recruit members.\n <BR>See you on the battlefield!"); echo '<center>Welcome onboard, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '">' . $_SESSION['callsign'] . '</a>.<br><br> You are now a registered user on the league system, and are allowed to join a team, or create a new one.<br> Please read the F.A.Q. to know how. <hr> This is your personal information:<br> Login: '******'callsign'] . '<br> Password: '******'<br> <hr> If you lose your password, the only way for you to have a new one is to contact one of the site admins.<br> See <a href="index.php?link=contact">the contact page</a> if you wan' . "'" . 't to do that. </center>'; $res = mysql_query("SELECT name FROM bzl_roles WHERE id = " . NEW_USER_PERMISSION) or die(mysql_error()); if ($row = mysql_fetch_array($res)) { $_SESSION['level'] = $row[0]; } else { $_SESSION['level'] = "player"; } session_refresh(); }
function session_refresh_all() { if ($_SESSION['player_id']) { sqlQuery("UPDATE l_session SET refresh='Y' WHERE playerid!='{$_SESSION['playerid']}'"); session_refresh(); } else { sqlQuery("UPDATE l_session SET refresh='Y'"); } }
function section_playerinfo_doSubmit(&$se) { $fc = $se->fieldsChanged('logo, logobg, callsign, country, state, email, aim, yim, msm, jabber, altnik1, altnik2, ircnik1, emailpub, utczone, zonename, city, icq, comment, role_id'); if ($se->isChanged('password')) { $cypher = "md5password=md5('{$se->password}')"; } if (($sets = section_playerinfo_commaCat($fc, $cypher)) == null) { echo $se->feedback('NO changes made'); } else { echo $se->feedback('Changes submitted, thank you.'); // Update the table sqlQuery("update l_player set {$sets} where id=" . $se->id, false); $se->link = "playerinfo"; // Check if I changed my privileges ;-) //if($se->isChanged('level') && $_SESSION['playerid']==$se->id) { // $_SESSION['level'] = $se->level; //} // Update callsign if I changed mine if ($se->id == $_SESSION['playerid']) { $_SESSION['callsign'] = $se->callsign; } session_refresh(); } return true; }
function section_login() { $vars = array('f_ok', 'f_call', 'f_pass', 'link'); foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } echo '<BR>'; if ($f_ok) { // Check the password $res = mysql_query("select p.id, p.callsign, p.password, p.md5password, \n unix_timestamp(p.last_login) as last_login, p.utczone, p.country\n from l_player p,bzl_roles r where p.role_id = r.id AND p.callsign='" . addSlashes($f_call) . "'"); if (mysql_num_rows($res) != 0) { $obj = mysql_fetch_object($res); // Check MD5 password, or password, and do the conversion $cyphermd5 = md5($f_pass); // Do check the password if ($obj->md5password == '') { $cypher = crypt($f_pass, substr($obj->password, 0, 2)); if ($cypher == $obj->password) { $idsuccess = 1; // Update MD5 password in database mysql_query("update l_player set md5password='******' where id=" . $obj->id); } else { $idsuccess = 0; } } else { if ($cyphermd5 == $obj->md5password) { $idsuccess = 1; } else { $idsuccess = 0; } } if ($idsuccess == 1) { // Logged in! // Insert an entry into the statistics table if (!$obj->country || $obj->country <= 0) { $_SESSION['required'] = true; } $gmnow = gmdate("Y-m-d H:i:s"); sqlQuery('insert into ' . TBL_VISITS . " (ts, pid, ip) \n values ('{$gmnow}', {$obj->id}, '{$_SERVER['REMOTE_ADDR']}')"); if (!isset($obj->utczone)) { $uz = 0 - $_POST['tzoffset'] / 60; sqlQuery("update l_player set utczone={$uz} where id={$obj->id}"); } $now = gmdate("Y-m-d H:i:s"); mysql_query("UPDATE l_player SET last_login='******' WHERE id=" . $obj->id); $_SESSION['playerid'] = $obj->id; $_SESSION['callsign'] = $obj->callsign; $_SESSION['last_login'] = $obj->last_login; $_SESSION['seqnum'] = 1; session_refresh(); // refresh cookie for 60 days ... setcookie('themename', THEME_NAME, time() + 60 * 60 * 24 * 60, '/'); } } } if ($f_ok and $idsuccess == 0) { // Unknown callsign echo "<div class=error><CENTER>Wrong callsign or password</div>"; $gmnow = gmdate("Y-m-d H:i:s"); sqlQuery("INSERT INTO l_badpass (gmtime, ip, name) VALUES ('{$gmnow}', '{$_SERVER['REMOTE_ADDR']}', '{$f_call}')"); sleep(2); // deter script-kiddies } if (isAuthenticated()) { echo '<center>Welcome back, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a><br><br>'; if ($_SESSION['teamid'] == 0) { echo "You don't belong to any team. What are you waiting for? ;-)"; } else { // Get team name $obj = mysql_fetch_object(mysql_query("select name from l_team where id=" . $_SESSION['teamid'])); echo 'You are a member of the magnificent <a href="index.php?link=teaminfo&id=' . $_SESSION['teamid'] . '&' . SID . '">' . $obj->name . '</a> team.'; } echo '<br><br><form method=post>' . SID_FORM . htmlFormButton("Log Out", 'logout_x') . ' </form></center>'; } else { echo '<form name="login" method=post>' . SID_FORM . ' <table align=center border=0 cellspacing=0 cellpadding=1> <input type=hidden name=link value=' . $link . '>'; echo '<tr><td>Callsign:</td><td><input type=text name=f_call value="' . $f_call . '" size=40 maxlength=40></td></tr> <tr><td>Password:</td><td><input type=password name=f_pass size=8 maxlength=8></td></tr> <tr><td colspan=2 align=center><BR> ' . htmlFormButton("Login", 'f_ok') . ' </td></tr> </table></form>'; echo '<script type="text/javascript"> if(document.login.f_call.value.length == 0) document.login.f_call.focus(); else document.login.f_pass.focus(); now = new Date(); document.write ("<input type=hidden name=tzoffset value=" + now.getTimezoneOffset() +">"); </script>'; } }