function getContact($idContact)
{
//Realiza el query en la base de datos
$mysqli = makeSqlConnection();
$sql = "SELECT * FROM contacts a LEFT JOIN contacts_cstm ac ON a.id = ac.id_c WHERE id = '{$idContact}'";
$res = $mysqli->query($sql);
$rows = array();
while ($r = mysqli_fetch_assoc($res)) {
$obj = (object) $r;
$obj->email_address = getEmail($idContact);
$obj->idAccount = getAccountId($idContact);
$obj->nameAccount = getAccountName($obj->idAccount);
$obj->reports_to_name = getContactName($obj->reports_to_id);
$obj->created_by_name = getUserName($obj->created_by);
$obj->modified_user_name = getUserName($obj->modified_user_id);
$obj->assigned_user_name = getUserName($obj->user_id_c);
$obj->nameCampaign = getCampaignName($obj->campaign_id);
$a = (array) $obj;
$rows[] = $a;
}
if (empty($rows)) {
return '{"results" :[]}';
} else {
//Convierte el arreglo en json y lo retorna
$temp = json_encode(utf8ize($rows));
return '{"results" :' . $temp . '}';
}
}
function autoSubscribe($email, $uname)
{
global $uname;
$account_id = getAccountId($_SESSION['uname']);
if ($account_id == '') {
$account_id = getAccountId($uname);
}
$result = mysql_query("select subscriber_id from subscriber where account_id='{$account_id}' AND subscriber_email = '{$email}' ") or die("mysql error@ finding account funder id @ line # 204");
$row = mysql_fetch_row($result);
$subscriber_id = $row[0];
if (!$subscriber_id) {
$query = "INSERT INTO subscriber (subscriber_id, account_id, project_id, subscriber_email, subscriber_status, subscriber_datetime) \n VALUES ('','{$account_id}','{$account_id}','{$email}','1', NOW())";
mysql_query($query) or die("failed");
return "subscribed";
} else {
return "already-subscribed";
}
}
function ViewCommunityProfile($sid, $name)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->is_admin()) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to view profile of '" . htmlspecialchars($name) . "', but doesnt have access.");
return $objResponse;
}
$sid = (int) $sid;
require INCLUDES_PATH . '/CServerRcon.php';
//get the server data
$data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
if (empty($data['rcon'])) {
$objResponse->addScript("ShowBox('Error', 'Can\\'t get playerinfo for " . addslashes(htmlspecialchars($name)) . ". No RCON password!', 'red', '', true);");
return $objResponse;
}
$r = new CServerRcon($data['ip'], $data['port'], $data['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';");
$objResponse->addScript("ShowBox('Error', 'Can\\'t get playerinfo for " . addslashes(htmlspecialchars($name)) . ". Wrong RCON password!', 'red', '', true);");
return $objResponse;
}
// search for the playername
$ret = $r->rconCommand("status");
$search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER);
$i = 0;
$found = false;
$index = -1;
foreach ($matches[2] as $match) {
if ($match == $name) {
$found = true;
$index = $i;
break;
}
$i++;
}
if ($found) {
$steam = $matches[3][$index];
// Hack to support steam3 [U:1:X] representation.
if (strpos($steam, "[U:") === 0) {
$steam = renderSteam2(getAccountId($steam), 0);
}
$objResponse->addScript("\$('dialog-control').setStyle('display', 'block');\$('dialog-content-text').innerHTML = 'Generating Community Profile link for " . addslashes(htmlspecialchars($name)) . ", please wait...<br /><font color=\"green\">Done.</font><br /><br /><b>Watch the profile <a href=\"http://www.steamcommunity.com/profiles/" . SteamIDToFriendID($steam) . "/\" title=\"" . addslashes(htmlspecialchars($name)) . "\\'s Profile\" target=\"_blank\">here</a>.</b>';");
$objResponse->addScript("window.open('http://www.steamcommunity.com/profiles/" . SteamIDToFriendID($steam) . "/', 'Community_" . $steam . "');");
} else {
$objResponse->addScript("ShowBox('Error', 'Can\\'t get playerinfo for " . addslashes(htmlspecialchars($name)) . ". Player not on the server anymore!', 'red', '', true);");
}
return $objResponse;
}
function KickPlayer($check, $sid, $num, $type)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
$sid = (int) $sid;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to process a playerkick, but doesnt have access.");
return $objResponse;
}
//get the server data
$sdata = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
//test if server is online
if ($test = @fsockopen($sdata['ip'], $sdata['port'], $errno, $errstr, 2)) {
@fclose($test);
require_once INCLUDES_PATH . "/CServerRcon.php";
$r = new CServerRcon($sdata['ip'], $sdata['port'], $sdata['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "' LIMIT 1;");
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'>Wrong RCON Password, please change!</font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
$ret = $r->rconCommand("status");
// show hostname instead of the ip, but leave the ip in the title
require_once "../includes/system-functions.php";
$hostsearch = preg_match_all('/hostname:[ ]*(.+)/', $ret, $hostname, PREG_PATTERN_ORDER);
$hostname = trunc(htmlspecialchars($hostname[1][0]), 25, false);
if (!empty($hostname)) {
$objResponse->addAssign("srvip_{$num}", "innerHTML", "<font size='1'><span title='" . $sdata['ip'] . ":" . $sdata['port'] . "'>" . $hostname . "</span></font>");
}
$gothim = false;
$search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER);
//search for the steamid on the server
if ((int) $type == 0) {
foreach ($matches[3] as $match) {
if (getAccountId($match) == getAccountId($check)) {
// gotcha!!! kick him!
$gothim = true;
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE authid = '" . $check . "' AND RemovedBy IS NULL;");
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php"));
$kick = $r->sendCommand("kickid " . $match . " \"You have been banned by this server, check http://" . $_SERVER['HTTP_HOST'] . $requri . " for more info.\"");
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Player Found & Kicked!!!</u></b></font>");
$objResponse->addScript("set_counter('-1');");
return $objResponse;
}
}
} else {
if ((int) $type == 1) {
// search for the ip on the server
$id = 0;
foreach ($matches[8] as $match) {
$ip = explode(":", $match);
$ip = $ip[0];
if ($ip == $check) {
$userid = $matches[1][$id];
// gotcha!!! kick him!
$gothim = true;
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE ip = '" . $check . "' AND RemovedBy IS NULL;");
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php"));
$kick = $r->sendCommand("kickid " . $userid . " \"You have been banned by this server, check http://" . $_SERVER['HTTP_HOST'] . $requri . " for more info.\"");
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Player Found & Kicked!!!</u></b></font>");
$objResponse->addScript("set_counter('-1');");
return $objResponse;
}
$id++;
}
}
}
if (!$gothim) {
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font size='1'>Player not found.</font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
} else {
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'><i>Can't connect to server.</i></font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
}
<?php
include_once '../mysql.php';
include_once '../json.php';
include_once '../utils.php';
// To generate the JSON answer.
$success = FALSE;
$errorMessage = '';
if (isset($_POST['name']) && isset($_POST['oldName']) && isset($_POST['type']) && isset($_POST['privateId'])) {
$name = strip_tags($_POST['name']);
$oldName = strip_tags($_POST['oldName']);
$type = strip_tags($_POST['type']);
$privateId = strip_tags($_POST['privateId']);
$accountId = getAccountId('', $privateId);
if ($accountId !== FALSE) {
$pdos = $GLOBALS['pdo']->prepare('
UPDATE
`Category`
SET
`Name` = :name
WHERE
`Name` = :oldName
AND
`Type` = :type
AND
`Account` = :account
');
$pdos->bindValue(':name', $name);
$pdos->bindValue('type', $type);
$pdos->bindValue(':oldName', $oldName);
$pdos->bindValue(':account', $accountId);
function checkMultiplePlayers($sid, $steamids)
{
require_once INCLUDES_PATH . '/CServerRcon.php';
$serv = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
if (empty($serv['rcon'])) {
return false;
}
$test = @fsockopen($serv['ip'], $serv['port'], $errno, $errstr, 2);
if (!$test) {
return false;
}
$r = new CServerRcon($serv['ip'], $serv['port'], $serv['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . (int) $sid . "';");
return false;
}
$ret = $r->rconCommand("status");
$search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER);
$i = 0;
$found = array();
foreach ($matches[3] as $match) {
foreach ($steamids as $steam) {
if (getAccountId($match) == getAccountId($steam)) {
$steam = $matches[3][$i];
$name = $matches[2][$i];
$time = $matches[4][$i];
$ping = $matches[5][$i];
$ip = explode(":", $matches[8][$i]);
$ip = $ip[0];
$found[$steam] = array('name' => $name, 'steam' => $steam, 'ip' => $ip, 'time' => $time, 'ping' => $ping);
break;
}
}
$i++;
}
return $found;
}
$result[$ds['Category']] = array('boy' => $ds['Boy'], 'girl' => $ds['Girl'], 'unisex' => $ds['Unisex']);
}
return $result;
}
// To generate the JSON answer.
$success = FALSE;
$errorMessage = '';
$students = array();
$studentCategories = array();
$teachers = array();
$teacherCategories = array();
$studentCouple1 = 0;
$studentCouple2 = 0;
if (isset($_POST['publicId']) && isset($_POST['voteCode'])) {
$publicId = strip_tags($_POST['publicId']);
$accountId = getAccountId($publicId, '');
$voteCode = strip_tags($_POST['voteCode']);
if ($accountId !== FALSE) {
$voteCodeId = checkVoteCode($voteCode, $accountId);
if ($voteCodeId) {
$votes = getVotes($voteCodeId);
$students = getNames('student', $accountId);
$studentCategories = getCategories('student', $accountId, $votes);
$teachers = getNames('teacher', $accountId);
$teacherCategories = getCategories('teacher', $accountId, $votes);
$pdos = $GLOBALS['pdo']->prepare('
SELECT
`Couple1`, `Couple2`
FROM
`CoupleVote`
WHERE
function autoSubscribe($email)
{
$account_id = getAccountId($_SESSION['uname']);
$result = mysql_query("select subscriber_id from subscriber where account_id='{$account_id}' AND subscriber_email = '{$email}' ") or die("mysql error@ finding account funder id @ line # 204");
$row = mysql_fetch_row($result);
$subscriber_id = $row[0];
if (!$subscriber_id) {
$query = "INSERT INTO subscriber (subscriber_id, account_id, project_id, subscriber_email, subscriber_status, subscriber_datetime) \n VALUES ('','{$account_id}','{$account_id}','{$email}','1', NOW())";
mysql_query($query) or die("mysql error@ inserting funding info @autoSubscribe");
}
}
$bannedcfg = file($_FILES["importFile"]["tmp_name"]);
$bancnt = 0;
foreach ($bannedcfg as $ban) {
$line = explode(" ", trim($ban));
if ($line[1] == "0") {
if (validate_ip($line[2])) {
$check = $GLOBALS['db']->Execute("SELECT ip FROM `" . DB_PREFIX . "_bans` WHERE ip = ? AND RemoveType IS NULL", array($line[2]));
if ($check->RecordCount() == 0) {
$bancnt++;
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,authid,ip,name,ends,length,reason,aid,adminIp,type) VALUES\r\n\t\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?,?)");
$GLOBALS['db']->Execute($pre, array("", $line[2], "Imported Ban", 0, 0, "banned_ip.cfg import", $_COOKIE['aid'], $_SERVER['REMOTE_ADDR'], 1));
}
} else {
// if its an banned_user.cfg
if (!validate_steam($line[2])) {
if (($accountId = getAccountId($line[2])) !== -1) {
$steam = renderSteam2($accountId, 0);
} else {
continue;
}
} else {
$steam = $line[2];
}
$check = $GLOBALS['db']->Execute("SELECT authid FROM `" . DB_PREFIX . "_bans` WHERE authid = ? AND RemoveType IS NULL", array($steam));
if ($check->RecordCount() == 0) {
if (!isset($_POST['friendsname']) || $_POST['friendsname'] != "on" || ($pname = GetCommunityName($steam)) == "") {
$pname = "Imported Ban";
}
$bancnt++;
$pre = $GLOBALS['db']->Prepare("INSERT INTO " . DB_PREFIX . "_bans(created,authid,ip,name,ends,length,reason,aid,adminIp,type) VALUES\r\n\t\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP(),?,?,?,(UNIX_TIMESTAMP() + ?),?,?,?,?,?)");
$GLOBALS['db']->Execute($pre, array($steam, "", $pname, 0, 0, "banned_user.cfg import", $_COOKIE['aid'], $_SERVER['REMOTE_ADDR'], 0));