function char_spell(&$sqlr, &$sqlc)
{
global $output, $lang_global, $lang_char, $realm_id, $characters_db, $mmfpm_db, $action_permission, $user_lvl, $user_name, $spell_datasite, $itemperpage;
wowhead_tt();
require_once 'core/char/char_security.php';
$start = isset($_GET['start']) ? $sqlc->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$result = $sqlc->query('SELECT account, name, race, class, level, gender
FROM characters WHERE guid = ' . $id . ' LIMIT 1');
if ($sqlc->num_rows($result)) {
$char = $sqlc->fetch_assoc($result);
$owner_acc_id = $sqlc->result($result, 0, 'account');
$result = $sqlr->query('SELECT `username`, `gmlevel` FROM `account` LEFT JOIN `account_access` ON `account`.`id`=`account_access`.`id` WHERE `account`.`id` = ' . $owner_acc_id . ' ORDER BY `gmlevel` DESC LIMIT 1');
$owner_name = $sqlr->result($result, 0, 'username');
$owner_gmlvl = $sqlr->result($result, 0, 'gmlevel');
if (empty($owner_gmlvl)) {
$owner_gmlvl = 0;
}
if ($user_lvl > $owner_gmlvl || $owner_name === $user_name) {
$all_record = $sqlc->result($sqlc->query('SELECT count(spell) FROM character_spell WHERE guid = ' . $id . ' and active = 1'), 0);
$result = $sqlc->query('SELECT spell FROM character_spell WHERE guid = ' . $id . ' and active = 1 order by spell ASC LIMIT ' . $start . ', ' . $itemperpage . '');
$output .= '
<center>
<div id="tab_content">
<h1>' . $lang_char['spells'] . '</h1>
<br />';
require_once 'core/char/char_header.php';
$output .= '
<br /><br />';
if ($sqlc->num_rows($result)) {
$output .= '
<table class="lined" style="width: 550px;">
<tr align="right">
<td colspan="4">';
$output .= generate_pagination('char_spell.php?id=' . $id . '&realm=' . $realmid . '&start=' . $start . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
<tr>
<th>' . $lang_char['icon'] . '</th>
<th>' . $lang_char['name'] . '</th>
<th>' . $lang_char['icon'] . '</th>
<th>' . $lang_char['name'] . '</th>
</tr>';
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
while ($spell = $sqlc->fetch_assoc($result)) {
$output .= '
<tr>
<td><a href="' . $spell_datasite . $spell['spell'] . '"><img src="' . spell_get_icon($spell['spell'], $sqlm) . '" class="icon_border_0" /></a></td>
<td align="left"><a href="' . $spell_datasite . $spell['spell'] . '">' . spell_get_name($spell['spell'], $sqlm) . '</a></td>';
if ($spell = $sqlc->fetch_assoc($result)) {
$output .= '
<td><a href="' . $spell_datasite . $spell['spell'] . '"><img src="' . spell_get_icon($spell['spell'], $sqlm) . '" class="icon_border_0" /></a></td>
<td align="left"><a href="' . $spell_datasite . $spell['spell'] . '">' . spell_get_name($spell['spell'], $sqlm) . '</a></td>
</tr>';
} else {
$output .= '
<td></td>
<td></td>
</tr>';
}
}
$output .= '
<tr align="right">
<td colspan="4">';
$output .= generate_pagination('char_spell.php?id=' . $id . '&realm=' . $realmid . '&start=' . $start . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
</table>';
}
//---------------Page Specific Data Ends here----------------------------
//---------------Character Tabs Footer-----------------------------------
$output .= '
</div>
</div>
<br />';
require_once 'core/char/char_footer.php';
$output .= '
<br />
</center>
<!-- end of char_spell.php -->';
} else {
error($lang_char['no_permission']);
}
} else {
error($lang_char['no_char_found']);
}
}
function char_spell(&$sqlr, &$sqlc)
{
global $output, $lang_global, $lang_char, $realm_id, $characters_db, $mmfpm_db, $action_permission, $user_lvl, $user_name, $spell_datasite, $itemperpage;
wowhead_tt();
if (empty($_GET['id'])) {
error($lang_global['empty_fields']);
}
if (empty($_GET['realm'])) {
$realmid = $realm_id;
} else {
$realmid = $sqlr->quote_smart($_GET['realm']);
if (is_numeric($realmid)) {
$sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']);
} else {
$realmid = $realm_id;
}
}
$id = $sqlc->quote_smart($_GET['id']);
if (is_numeric($id)) {
} else {
$id = 0;
}
$start = isset($_GET['start']) ? $sqlc->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$result = $sqlc->query('SELECT account, name, race, class, level, gender
FROM characters WHERE guid = ' . $id . ' LIMIT 1');
if ($sqlc->num_rows($result)) {
$char = $sqlc->fetch_assoc($result);
$owner_acc_id = $sqlc->result($result, 0, 'account');
$result = $sqlr->query('SELECT gmlevel, username FROM account WHERE id = ' . $char['account'] . '');
$owner_gmlvl = $sqlr->result($result, 0, 'gmlevel');
$owner_name = $sqlr->result($result, 0, 'username');
if ($user_lvl > $owner_gmlvl || $owner_name === $user_name) {
$all_record = $sqlc->result($sqlc->query('SELECT count(spell) FROM character_spell WHERE guid = ' . $id . ' and active = 1'), 0);
$result = $sqlc->query('SELECT spell FROM character_spell WHERE guid = ' . $id . ' and active = 1 order by spell ASC LIMIT ' . $start . ', ' . $itemperpage . '');
$output .= '
<center>
<div id="tab_content">
<div id="tab">
<ul>
<li><a href="char.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['char_sheet'] . '</a></li>
<li><a href="char_inv.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['inventory'] . '</a></li>
<li><a href="char_extra.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['extra'] . '</a></li>
' . ($char['level'] < 10 ? '' : '<li><a href="char_talent.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['talents'] . '</a></li>') . '
<li><a href="char_achieve.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['achievements'] . '</a></li>
<li><a href="char_rep.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['reputation'] . '</a></li>
<li><a href="char_skill.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['skills'] . '</a></li>
<li><a href="char_quest.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['quests'] . '</a></li>';
if (char_get_class_name($char['class']) === 'Hunter') {
$output .= '
<li><a href="char_pets.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['pets'] . '</a></li>';
}
$output .= '
<li><a href="char_friends.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['friends'] . '</a></li>
<li><a href="char_mail.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['mail'] . '</a></li>
</ul>
<ul>';
// selected char tab at last
$output .= '
<li id="selected"><a href="char_spell.php?id=' . $id . '&realm=' . $realmid . '">' . $lang_char['spells'] . '</a></li>';
$output .= '
</ul>
</div>
<div id="tab_content2">
<font class="bold">
' . htmlentities($char['name']) . ' -
<img src="img/c_icons/' . $char['race'] . '-' . $char['gender'] . '.gif"
onmousemove="toolTip(\'' . char_get_race_name($char['race']) . '\', \'item_tooltip\')" onmouseout="toolTip()" alt="" />
<img src="img/c_icons/' . $char['class'] . '.gif"
onmousemove="toolTip(\'' . char_get_class_name($char['class']) . '\',\'item_tooltip\')" onmouseout="toolTip()" alt="" /> - lvl ' . char_get_level_color($char['level']) . '
</font>
<br /><br />';
if ($sqlc->num_rows($result)) {
$output .= '
<table class="lined" style="width: 550px;">
<tr align="right">
<td colspan="4">';
$output .= generate_pagination('char_spell.php?id=' . $id . '&realm=' . $realmid . '&start=' . $start . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
<tr>
<th>' . $lang_char['icon'] . '</th>
<th>' . $lang_char['name'] . '</th>
<th>' . $lang_char['icon'] . '</th>
<th>' . $lang_char['name'] . '</th>
</tr>';
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
while ($spell = $sqlc->fetch_assoc($result)) {
$output .= '
<tr>
<td><a href="' . $spell_datasite . $spell['spell'] . '"><img src="' . spell_get_icon($spell['spell'], $sqlm) . '" class="icon_border_0" /></a></td>
<td align="left"><a href="' . $spell_datasite . $spell['spell'] . '">' . spell_get_name($spell['spell'], $sqlm) . '</a></td>';
if ($spell = $sqlc->fetch_assoc($result)) {
$output .= '
<td><a href="' . $spell_datasite . $spell['spell'] . '"><img src="' . spell_get_icon($spell['spell'], $sqlm) . '" class="icon_border_0" /></a></td>
<td align="left"><a href="' . $spell_datasite . $spell['spell'] . '">' . spell_get_name($spell['spell'], $sqlm) . '</a></td>
</tr>';
} else {
$output .= '
<td></td>
<td></td>
</tr>';
}
}
$output .= '
<tr align="right">
<td colspan="4">';
$output .= generate_pagination('char_spell.php?id=' . $id . '&realm=' . $realmid . '&start=' . $start . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
</table>';
}
//---------------Page Specific Data Ends here----------------------------
//---------------Character Tabs Footer-----------------------------------
$output .= '
</div>
</div>
<br />
<table class="hidden">
<tr>
<td>';
// button to user account page, user account page has own security
makebutton($lang_char['chars_acc'], 'user.php?action=edit_user&id=' . $owner_acc_id . '', 130);
$output .= '
</td>
<td>';
// only higher level GM with delete access can edit character
// character edit allows removal of character items, so delete permission is needed
if ($user_lvl > $owner_gmlvl && $user_lvl >= $action_permission['delete']) {
makebutton($lang_char['edit_button'], 'char_edit.php?id=' . $id . '&realm=' . $realmid . '', 130);
$output .= '
</td>
<td>';
}
// only higher level GM with delete access, or character owner can delete character
if ($user_lvl > $owner_gmlvl && $user_lvl >= $action_permission['delete'] || $owner_name === $user_name) {
makebutton($lang_char['del_char'], 'char_list.php?action=del_char_form&check%5B%5D=' . $id . '" type="wrn', 130);
$output .= '
</td>
<td>';
}
// only GM with update permission can send mail, mail can send items, so update permission is needed
if ($user_lvl >= $action_permission['update']) {
makebutton($lang_char['send_mail'], 'mail.php?type=ingame_mail&to=' . $char['name'] . '', 130);
$output .= '
</td>
<td>';
}
makebutton($lang_global['back'], 'javascript:window.history.back()" type="def', 130);
$output .= '
</td>
</tr>
</table>
<br />
</center>
<!-- end of char_spell.php -->';
} else {
error($lang_char['no_permission']);
}
} else {
error($lang_char['no_char_found']);
}
}
function char_spell(&$sqlr, &$sqlc)
{
global $output, $lang_global, $lang_char, $realm_id, $characters_db, $mmfpm_db, $action_permission, $user_lvl, $user_name, $spell_datasite, $itemperpage;
// this page uses wowhead tooltops
wowhead_tt();
//==========================$_GET and SECURE=================================
// id and multi realm security to prevent sql injection
require_once './include/char/include/char_multi_realm_security.php';
$start = isset($_GET['start']) ? $sqlr->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$order_by = isset($_GET['order_by']) ? $sqlr->quote_smart($_GET['order_by']) : 'guid';
if (preg_match('/^[_[:lower:]]{1,12}$/', $order_by)) {
} else {
$order_by = 'guid';
}
$dir = isset($_GET['dir']) ? $sqlr->quote_smart($_GET['dir']) : 1;
if (preg_match('/^[01]{1}$/', $dir)) {
} else {
$dir = 1;
}
$order_dir = $dir ? 'ASC' : 'DESC';
$dir = $dir ? 0 : 1;
//==========================$_GET and SECURE end=============================
// getting character data from database
$result = $sqlc->query('
SELECT account, name, race, class, gender, level
FROM characters
WHERE guid = ' . $id . '
LIMIT 1');
// no point going further if character does not exist
if ($sqlc->num_rows($result)) {
$char = $sqlc->fetch_assoc($result);
// we get user permissions first
$owner_acc_id = $sqlc->result($result, 0, 'account');
$result = $sqlr->query('
SELECT gmlevel, username
FROM account
WHERE id = ' . $char['account'] . '');
$owner_gmlvl = $sqlr->result($result, 0, 'gmlevel');
$owner_name = $sqlr->result($result, 0, 'username');
// check user permission
if ($user_lvl > $owner_gmlvl || $owner_name === $user_name) {
// character sub header
$output .= '
<center>
<div id="tab_content">
<h1>' . $lang_char['spells'] . '</h1>
<br />';
// character menu tab
require_once './include/char/include/char_header.php';
// character info
require_once './include/char/include/char_info.php';
//---------------Page Specific Data Starts Here--------------------------
$output .= '
<h1>' . $lang_char['spells'] . '</h1>
<br />';
// character extra menu tab
require_once './include/char/include/char_spell_header.php';
$all_record = $sqlc->result($sqlc->query('
SELECT count(spell)
FROM character_spell
WHERE guid = ' . $id . ' and active = 1'), 0);
$result = $sqlc->query('
SELECT spell
FROM character_spell
WHERE guid = ' . $id . ' and active = 1
ORDER BY spell ASC
LIMIT ' . $start . ', ' . $itemperpage . '');
$output .= '
<div id="tab_content2">
<table class="lined" style="width: 550px;">
<tr align="right">
<td colspan="4">';
$output .= generate_pagination('char_spell.php?id=' . $id . '&realm=' . $realmid . '&start=' . $start . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
<tr>
<th>' . $lang_char['icon'] . '</th>
<th>' . $lang_char['name'] . '</th>
<th>' . $lang_char['icon'] . '</th>
<th>' . $lang_char['name'] . '</th>
</tr>';
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
while ($spell = $sqlc->fetch_assoc($result)) {
$output .= '
<tr>
<td><a href="' . $spell_datasite . $spell['spell'] . '"><img src="' . spell_get_icon($spell['spell'], $sqlm) . '" class="icon_border_0" /></a></td>
<td align="left"><a href="' . $spell_datasite . $spell['spell'] . '">' . spell_get_name($spell['spell'], $sqlm) . '</a></td>';
if ($spell = $sqlc->fetch_assoc($result)) {
$output .= '
<td><a href="' . $spell_datasite . $spell['spell'] . '"><img src="' . spell_get_icon($spell['spell'], $sqlm) . '" class="icon_border_0" /></a></td>
<td align="left"><a href="' . $spell_datasite . $spell['spell'] . '">' . spell_get_name($spell['spell'], $sqlm) . '</a></td>
</tr>';
} else {
$output .= '
<td></td>
<td></td>
</tr>';
}
}
$output .= '
<tr align="right">
<td colspan="4">';
$output .= generate_pagination('char_spell.php?id=' . $id . '&realm=' . $realmid . '&start=' . $start . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
</table>
</div>
</div>
<br />';
//---------------Page Specific Data Ends here----------------------------
// character sub footer
require_once './include/char/include/char_ footer.php';
$output .= '
<br />
</center>';
} else {
error($lang_char['no_permission']);
}
} else {
error($lang_char['no_char_found']);
}
}
function char_mounts(&$sqlr, &$sqlc, &$sqlm)
{
global $output, $lang_global, $lang_char, $realm_id, $characters_db, $mmfpm_db, $action_permission, $user_lvl, $user_name, $spell_datasite;
// this page uses wowhead tooltops
wowhead_tt();
//==========================$_GET and SECURE=================================
// id and multi realm security to prevent sql injection
require_once './include/char/include/char_multi_realm_security.php';
//==========================$_GET and SECURE end=============================
// getting character data from database
$result = $sqlc->query('
SELECT account, name, race, class, gender, level
FROM characters
WHERE guid = ' . $id . '
LIMIT 1');
// no point going further if character does not exist
if ($sqlc->num_rows($result)) {
$char = $sqlc->fetch_assoc($result);
// we get user permissions first
$owner_acc_id = $sqlc->result($result, 0, 'account');
$result = $sqlr->query('
SELECT gmlevel, username
FROM account
WHERE id = ' . $char['account'] . '');
$owner_gmlvl = $sqlr->result($result, 0, 'gmlevel');
$owner_name = $sqlr->result($result, 0, 'username');
// check user permission
if ($user_lvl > $owner_gmlvl || $owner_name === $user_name) {
// character sub header
$output .= '
<center>
<div id="tab_content">
<h1>' . $lang_char['spells'] . '</h1>
<br />';
// character menu tab
require_once './include/char/include/char_header.php';
// character info
require_once './include/char/include/char_info.php';
//---------------Page Specific Data Starts Here--------------------------
$output .= '
<h1>' . $lang_char['mounts'] . '</h1>
<br />';
// character extra menu tab
require_once './include/char/include/char_spell_header.php';
$output .= '
<div id="tab_content2">
<table class="lined" style="width: 450px;">
<tr>
<th width="15%">' . $lang_char['icon'] . '</th>
<th width="85%">' . $lang_char['name'] . '</th>
</tr>';
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
// SkillLine 777 = mount
$skilllineability = $sqlm->query('
SELECT field_2
FROM dbc_skilllineability
WHERE field_1 = 777');
while ($spells = $sqlm->fetch_assoc($skilllineability)) {
// to get from char spells just spell that we want
$spell = $sqlc->query('
SELECT spell
FROM character_spell
WHERE guid = ' . $id . ' AND spell = ' . $spells['field_2'] . ' ');
while ($character = $sqlc->fetch_assoc($spell)) {
$output .= '
<tr valign="center">
<td >
<a style="padding:2px;" href="' . $spell_datasite . $character['spell'] . '" target="_blank">
<img src="' . spell_get_icon($character['spell'], $sqlm) . '" alt="' . $character['spell'] . '" class="icon_border_0" />
</a>
</td>
<td width="90%" align="center">
' . spell_get_name($character['spell'], $sqlm) . '
</td>
</tr>';
}
}
$output .= '
</table>
</div>
</div>
<br />';
unset($skilllineability);
unset($spell);
unset($spells);
unset($character);
//---------------Page Specific Data Ends Here--------------------------
// character sub footer
require_once './include/char/include/char_ footer.php';
$output .= '
<br />
</center>';
} else {
error($lang_char['no_permission']);
}
} else {
error($lang_char['no_char_found']);
}
}
