<?php require_once '../core/core.class.php'; $cms = new Core(); // Login user $username = @$_POST["username"]; $password = @$_POST["password"]; if ($cms->Login($username, $password)) { @session_start; if (isset($_SESSION["lastpage"])) { $lastpage = $_SESSION["lastpage"]; unset($_SESSION["lastpage"]); if (stripos($lastpage, "login.php") !== FALSE || stripos($lastpage, "newpassword.php") !== FALSE || stripos($lastpage, "register.php") !== FALSE) { $cms->Goto("home.php"); } else { $cms->Goto($lastpage); } } else { $cms->Goto("home.php"); } } else { $cms->Log("Login error. Wrong username (" . $username . ") or password."); } $cms->display('login.tpl');
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 4) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if ($action == "payout") { $names = $core->GetAllUserNames(); $opids = array(); foreach ($_POST as $key => $value) { if (substr($key, 0, 2) == "op" && $value == "on") { $opids[] = substr($key, 2); } } if ($_POST["submit"] == "Reject") { // Reject selected ops $core->SQL("UPDATE operations_submissions SET Status=3, RejectReason='" . $core->SQLEscape($_POST["reject"]) . "' WHERE FIND_IN_SET(id, '" . implode(",", $opids) . "')"); // Send messages to op leaders $result = $core->SQL("SELECT id, OpDate, Leader FROM operations_submissions WHERE FIND_IN_SET(id, '" . implode(",", $opids) . "')"); while ($row = mysql_fetch_assoc($result)) { $id = $row["id"]; $date = date("Y-m-d", strtotime($row["OpDate"])); $leader = $row["Leader"]; $text = "<p>Following operation submitted by you was rejected by " . $core->CurrentUser()->Name . ".</p>"; $text .= "<p><a href='../plugins/payoutview/index.php?view=" . $id . "'>View Rejected Operation</a></p>"; $text .= "<p><b>REASON:</b><br />" . $_POST["reject"] . "</p>"; $core->SendMail($date . " Operation Rejected", $text, $leader); }
$pagecount = ceil($cms->MailBoxCount($isinbox, $folder) / 20); if ($page > $pagecount - 1) { $page = $pagecount - 1; } if ($page < 0) { $page = 0; } $messages = $cms->ReadMailBox($isinbox, $folder, $page * 20, 20, $sort); $cms->assign("messages", $messages); $cms->assign("page", $page); $cms->assign("pagecount", $pagecount); } elseif ($action == "search") { $query = @$_GET["query"]; $mailbox = @$_GET["mailbox"]; if (empty($query)) { $cms->Goto("mail.php?action=" . $mailbox); } $isinbox = $mailbox == "inbox"; $messages = $cms->SearchMailBox($query, $isinbox, $folder); $cms->assign("messages", $messages); $cms->assign("mailbox", $mailbox); $cms->assign("query", $query); } elseif ($action == "compose" || $action == "reply" || $action == "replytoall" || $action == "forward") { $names = $cms->GetAllUserNames(); $lists = array(-1 => "*Everyone*", -2 => "*Corporation Members*", -3 => "*Managers*", -4 => "*Directors and CEO*"); $cms->assign("names", $lists + $names); if ($action == "reply" || $action == "replytoall" || $action == "forward") { $message = $cms->ReadMail($message); $subject = $message->Title; $to = ""; $toid = "";
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control //if($core->CurrentUser()->AccessRight() < 1) $core->Goto('../../php/access.php'); if ($core->CurrentUser()->Name == "Guest") { $core->Goto('../../php/access.php'); } if ($core->CurrentUser()->AccessRight() == 0) { $action = @$_GET["action"]; if (isset($_GET["show"])) { $action = "show"; } if (isset($_GET["delete"])) { $action = "delete"; } if (isset($_GET["deletecomment"])) { $action = "user"; } if (isset($_GET["search"])) { $action = "user"; } if (empty($action)) { $action = "home"; } } else { $action = @$_GET["action"]; if (isset($_GET["show"])) { $action = "show"; }
<?php require_once '../core/core.class.php'; $cms = new Core(); if (!$cms->AccessCheck(User::EVE_Director, array(User::MDYN_CEO, User::MDYN_Administrator))) { $cms->Goto("access.php"); } $action = @$_GET["action"]; if (empty($action)) { $action = "users"; } $result = 0; if (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) { if (!isset($_POST["id"])) { $note = $cms->ReadArticle($_GET["edit"]); $_POST["id"] = $note->ID; $_POST["title"] = $note->Title; $_POST["text"] = $note->Text; } $cms->assign("id", @$_POST["id"]); $cms->assign("title", @$_POST["title"]); $cms->assign("text", @$_POST["text"]); $action = "edit"; } elseif ($action == "editdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["text"])) { $action = "edit"; $result = 1; $cms->assign("id", @$_POST["id"]); $cms->assign("title", @$_POST["title"]); $cms->assign("text", @$_POST["text"]);
<?php require_once '../core/core.class.php'; $cms = new Core(); $ismoderator = $cms->CurrentUser()->HasPortalRole(User::MDYN_CEO) || $cms->CurrentUser()->HasPortalRole(User::MDYN_ForumModerator) || $cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator) || $cms->CurrentUser()->HasEVERole(User::EVE_Director) ? 1 : 0; $cms->assign("ismoderator", $ismoderator); $cms->assign("pagetitle", " | Forums"); if (isset($_GET["category"]) && is_numeric(@$_GET["category"])) { $access = $cms->CanReadCategory($_GET["category"]); if ($access == 0) { $cms->Goto("access.php"); } if ($access == 2) { $cms->Goto("forums.php?getcategorypassword="******"category"]); } $page = 0; if (isset($_GET["page"]) && is_numeric(@$_GET["page"])) { $page = $_GET["page"] - 1; } $pagecount = floor($cms->ReadForumTopicCount($_GET["category"]) / 20) + 1; if ($pagecount < 0) { $pagecount = 0; } if ($page < 0) { $page = 0; } if ($page > $pagecount - 1) { $page = $pagecount - 1; } $cat = $cms->ReadForumCategory($_GET["category"]); $topics = $cms->ReadForumTopics($_GET["category"], $page * 20);
<?php require_once '../core/core.class.php'; $cms = new Core(); if (isset($_GET["delete"]) && is_numeric(@$_GET["delete"]) && $cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator)) { $cms->CoreSQL("DELETE FROM feedback WHERE id=" . $_GET["delete"] . " LIMIT 1"); $cms->Goto("feedback.php"); } elseif ($cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator)) { $feedbacks = array(); $result = $cms->CoreSQL("SELECT * FROM feedback"); while ($row = mysql_fetch_assoc($result)) { $feedbacks[] = array($cms->SQLUnEscape($row["Name"]), $cms->SQLUnEscape($row["EMail"]), $cms->SQLUnEscape($row["APIUserID"]), $cms->SQLUnEscape($row["APIKey"]), $cms->SQLUnEscape($row["Notes"]), $row["id"], $cms->GMTToLocal($row["Date"])); } $cms->assign("feedbacks", $feedbacks); } elseif (@$_GET["result"] == "1") { $cms->assign("result", 1); } elseif (@$_POST["submit"] == "Submit") { $query = "INSERT INTO feedback (Date,Name,Email,APIUserID,APIKey,Notes) VALUES ("; $query .= "'" . $cms->GMTTime() . "',"; $query .= "'" . $cms->SQLEscape($_POST["name"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["email"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["apiuserid"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["apikey"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["notes"]) . "')"; $cms->CoreSQL($query); $cms->Goto("feedback.php?result=1"); } $cms->display('feedback.tpl');
$_POST["text"] = strip_tags($note->Text); } else { $_POST["text"] = $note->Text; } $action = "read"; } elseif ($action == "home") { $titles = $cms->GetNotepadTitles(); $cms->assign("titles", $titles); } elseif ($action == "newdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["text"])) { $action = "new"; $result = 1; } else { $cms->NewNotepad($_POST["title"], $_POST["text"]); $cms->Goto("notepad.php"); } } else { $cms->Goto("notepad.php"); } } elseif ($action == "editdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["text"])) { $action = "read"; $result = 1; } else { if (is_numeric($_POST["id"])) { $cms->EditNotepad($_POST["id"], $_POST["title"], $_POST["text"]); } $cms->Goto("notepad.php"); }
} elseif (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) { $note = $cms->ReadCalendarEntry($_GET["edit"]); $_POST["id"] = $note->ID; $_POST["title"] = $note->Title; $_POST["text"] = $note->Text; $_POST["readaccess"] = $note->ReadAccess; $date = getdate(mktime(6, 0, 0, date("m"), date("d") + 1, date("Y"))); $_POST["cal_Year"] = $date["year"]; $_POST["cal_Month"] = $date["mon"]; $_POST["cal_Day"] = $date["mday"]; $_POST["cal_Hour"] = $date["hours"]; $_POST["cal_Minute"] = $date["minutes"]; $action = "edit"; } elseif (isset($_GET["delete"]) && is_numeric(@$_GET["delete"])) { $cms->DeleteCalendarEntry($_GET["delete"]); $cms->Goto("calendar.php"); } elseif (isset($_GET["signup"]) && is_numeric(@$_GET["signup"])) { $cms->SignUpToCalendarEntry($_GET["signup"]); $cms->Goto("calendar.php"); } elseif ($action == "new") { $_POST["readaccess"] = 2; $date = getdate(mktime(6, 0, 0, date("m"), date("d") + 1, date("Y"))); $_POST["cal_Year"] = $date["year"]; $_POST["cal_Month"] = $date["mon"]; $_POST["cal_Day"] = $date["mday"]; $_POST["cal_Hour"] = $date["hours"]; $_POST["cal_Minute"] = $date["minutes"]; } elseif ($action == "newdone") { if ($_POST["submit"] == "Save") { $date = $_POST["cal_Year"] . "-" . $_POST["cal_Month"] . "-" . $_POST["cal_Day"] . " " . $_POST["cal_Hour"] . ":" . $_POST["cal_Minute"] . ":00"; if (empty($_POST["title"]) || empty($_POST["text"])) {
<?php require_once '../core/core.class.php'; $cms = new Core(); if (!$cms->AccessCheck(User::EVE_Director, array(User::MDYN_CEO, User::MDYN_Administrator, User::MDYN_Developer))) { $cms->Goto("access.php"); } $action = @$_GET["action"]; if (empty($action)) { $action = "plugins"; } $result = 0; if (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) { if (!isset($_POST["id"])) { $plugin = $cms->ReadPlugIn($_GET["edit"]); $_POST["id"] = $plugin->ID; $_POST["title"] = $plugin->Title; $_POST["releasecontrol"] = $plugin->Release; $_POST["accesscontrol"] = $plugin->ReadAccess; $_POST["showigb"] = $plugin->ShowIGB ? "on" : ""; $_POST["showadmin"] = $plugin->ShowAdmin ? "on" : ""; } $cms->assign("id", @$_POST["id"]); $cms->assign("title", @$_POST["title"]); $cms->assign("releasecontrol", @$_POST["releasecontrol"]); $cms->assign("accesscontrol", @$_POST["accesscontrol"]); $cms->assign("showigb", @$_POST["showigb"]); $cms->assign("showadmin", @$_POST["showadmin"]); $action = "edit"; } elseif ($action == "editdone" && is_numeric(@$_POST["id"])) { if ($_POST["submit"] == "Save") {
$_POST["text"] = $note->Text; $_POST["readaccess"] = $note->ReadAccess; $cms->assign("author", $note->AuthorName); $cms->assign("date", $note->Date); $cms->assign("editid", $isadmin == true || $cms->CurrentUser()->AccessRight() >= 4 || $note->Author == $cms->CurrentUser()->ID ? $note->ID : 0); $action = "read"; } elseif (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) { $note = $cms->ReadNewsItem($_GET["edit"]); $_POST["id"] = $note->ID; $_POST["title"] = $note->Title; $_POST["text"] = $note->Text; $_POST["readaccess"] = $note->ReadAccess; $action = "edit"; } elseif (isset($_GET["delete"]) && is_numeric(@$_GET["delete"])) { $cms->DeleteNewsItem($_GET["delete"]); $cms->Goto("news.php"); } elseif ($action == "newdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["text"])) { $action = "new"; $result = 1; } else { $cms->InsertNewsItem($_POST["title"], $_POST["text"], $_POST["readaccess"]); $cms->Goto("news.php"); } } else { $cms->Goto("news.php"); } } elseif ($action == "editdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["text"])) {
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 4) { $core->Goto('../../php/access.php'); } // Variable of Current User & Misc $portalid = $_GET["portalid"]; $templatepost = $_POST["template"]; $template = $_GET["template"]; $return = $_GET["return"]; $action = @$_GET["action"]; // Data Verification Checks and redirects if (empty($action)) { $action = "home"; } if ($portalid == "" || empty($portalid) || $portalid < 0 || $core->CharacterIDExists($portalid) == "FALSE") { $portalid = $core->CurrentUser()->ID; } if ($template == "" || empty($template) || $template < 0) { $template = 0; } if ($templatepost == "" || empty($templatepost) || $templatepost < 0) { $templatepost = 0; } if ($return == "" || empty($return) || $return < 0) { $return = 0; } if ($action == "home") {
<?php require_once '../core/core.class.php'; $cms = new Core(); if (!$cms->AccessCheck(User::EVE_Director, array(User::MDYN_CEO, User::MDYN_Administrator, User::MDYN_Developer))) { $cms->Goto("access.php"); } $action = @$_GET["action"]; if (empty($action)) { $action = "cronjobs"; } $result = 0; $crontypes = array("Hourly at xx:00", "Hourly at xx:30", "Daily at 00:00 GMT", "Daily at 11:00 GMT", "Daily at 12:00 GMT", "Weekly on Mondays at 00:00 GMT", "Weekly on Wednesdays at 00:00 GMT", "Weekly on Fridays at 00:00 GMT", "Weekly on Saturdays at 00:00 GMT", "Weekly on Sundays at 00:00 GMT"); $cms->assign("crontypes", $crontypes); if (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) { if (!isset($_POST["id"])) { $job = $cms->ReadCronJob($_GET["edit"]); $_POST["id"] = $job->ID; $_POST["title"] = $job->Title; $_POST["type"] = $job->ScheduleType; $_POST["source"] = $job->Source; } $cms->assign("id", @$_POST["id"]); $cms->assign("title", @$_POST["title"]); $cms->assign("type", @$_POST["type"]); $cms->assign("source", @$_POST["source"]); $action = "edit"; } elseif ($action == "editdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["source"])) { $action = "edit";
<?php require_once '../core/core.class.php'; $cms = new Core(); $cms->Logout(); $cms->Goto("home.php"); exit;
$cms->assign("isadmin", $note->Author != $cms->CurrentUser()->ID ? 1 : 0); $cms->assign("comments", $note->Comments); $action = "read"; } elseif (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) { $note = $cms->ReadArticle($_GET["edit"]); $_POST["id"] = $note->ID; $_POST["title"] = $note->Title; $_POST["text"] = $note->Text; $_POST["readaccess"] = $note->ReadAccess; $_POST["writeaccess"] = $note->WriteAccess; $action = "edit"; } elseif (isset($_GET["deletecomment"]) && is_numeric(@$_GET["deletecomment"])) { $article = $_GET["article"]; $id = $_GET["deletecomment"]; $cms->DeleteArticleComment($id); $cms->Goto("articles.php?read=" . $article); } elseif (isset($_GET["postcomment"]) && is_numeric(@$_GET["postcomment"])) { $article = $_GET["postcomment"]; $cms->assign("articleid", $article); $action = "postcomment"; } elseif ($action == "home") { $titles = $cms->GetArticleTitles(); $cms->assign("titles", $titles); } elseif ($action == "newdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["text"])) { $action = "new"; $result = 1; } else { $cms->NewArticle($_POST["title"], $_POST["text"], $_POST["readaccess"], $_POST["writeaccess"]); $cms->Goto("articles.php");
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 2) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } $names = $core->GetAllUserNames(); $core->assign("names", $names); if ($action == "times" || @$_POST["submit"] == "Add Player" || substr(@$_POST["submit"], 0, 13) == "Remove Player") { $result = $core->SQL("SELECT Distinct `GroupID` FROM `operations_items` Order By `GroupID`"); while ($row = mysql_fetch_assoc($result)) { $var = "group" . $row['GroupID']; $core->assign($var, @$_POST[$var]); $groupnumber[$row['GroupID']] = @$_POST["group" . $row['GroupID']]; } $core->assign("groupnumber", $groupnumber); $opdate = @$_POST["opdate"]; if (empty($opdate)) { $opdate = gmdate("Y-m-d"); } $core->assign("opdate", $opdate); $count = @$_POST["count"]; $players = array(); if (empty($count)) { $count = 0;
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 1) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } if (isset($_GET["cancel"])) { $action = "cancel"; } if (isset($_GET["resubmit"])) { $action = "resubmit"; } if ($action == "home") { $names = $core->GetAllUserNames(); $names[0] = "-"; if ($core->CurrentUser()->IsAlly) { $result = $core->SQL("SELECT t1.id,t1.Date,t1.Count,t2.AlliancePrice AS Price,t1.Manager,t1.Status,t2.EveGraphicID,t2.GroupName,t2.Race,t2.Name FROM production_orders AS t1 INNER JOIN production_items AS t2 ON t1.Item=t2.id WHERE t1.Owner=" . $core->CurrentUser()->ID . " AND t1.IsDeleted=0 AND t1.Item!=0 AND t2.AlliancePrice!=0 ORDER BY t1.Date DESC LIMIT 50"); } else { $result = $core->SQL("SELECT t1.id,t1.Date,t1.Count,t2.Price,t1.Manager,t1.Status,t2.EveGraphicID,t2.GroupName,t2.Race,t2.Name FROM production_orders AS t1 INNER JOIN production_items AS t2 ON t1.Item=t2.id WHERE t1.Owner=" . $core->CurrentUser()->ID . " AND t1.IsDeleted=0 AND t1.Item!=0 ORDER BY t1.Date DESC LIMIT 50"); } $orders = array(); while ($row = mysql_fetch_assoc($result)) { $orders[] = array("ID" => $row["id"], "Cost" => number_format($row["Count"] * $row["Price"], 0), "Manager" => $names[$row["Manager"]], "Status" => StatusName($row["Status"]), "StatusID" => $row["Status"], "Price" => $row["Price"], "EveGraphicID" => $row["EveGraphicID"], "GroupName" => $core->SQLUnEscape($row["GroupName"]), "Race" => $core->SQLUnEscape($row["Race"]), "Name" => $core->SQLUnEscape($row["Name"]), "Count" => $row["Count"], "Date" => $core->GMTToLocal($row["Date"])); } mysql_free_result($result);