Esempio n. 1
* Print debuginformation from the framework.
function get_debug()
    // Only if debug is wanted.
    $Origo = Origin::Instance();
    if (empty($Origo->config['debug'])) {
    // Get the debug output
    $html = null;
    if (isset($Origo->config['debug']['db-num-queries']) && $Origo->config['debug']['db-num-queries'] && isset($Origo->db)) {
        $flash = $Origo->session->GetFlash('database_numQueries');
        $flash = $flash ? "{$flash} + " : null;
        $html .= "<p>Database made {$flash}" . $Origo->db->GetNumQueries() . " queries.</p>";
    if (isset($Origo->config['debug']['db-queries']) && $Origo->config['debug']['db-queries'] && isset($Origo->db)) {
        $flash = $Origo->session->GetFlash('database_queries');
        $queries = $Origo->db->GetQueries();
        if ($flash) {
            $queries = array_merge($flash, $queries);
        $html .= "<p>Database made the following queries.</p><p>" . implode('<br/><br/>', $queries) . "</p>";
    if (isset($Origo->config['debug']['timer']) && $Origo->config['debug']['timer']) {
        $html .= "<p>Page was loaded in " . round(microtime(true) - $Origo->timer['first'], 5) * 1000 . " msecs.</p>";
    if (isset($Origo->config['debug']['trial']) && $Origo->config['debug']['trial']) {
        $html .= "<hr><h3>Debuginformation</h3><p>The content of trial:</p><pre>" . htmlent(print_r($Origo, true)) . "</pre>";
    if (isset($Origo->config['debug']['session']) && $Origo->config['debug']['session']) {
        $html .= "<hr><h3>SESSION</h3><p>The content of Origin->session:</p><pre>" . htmlent(print_r($Origo->session, true)) . "</pre>";
        $html .= "<p>The content of \$_SESSION:</p><pre>" . htmlent(print_r($_SESSION, true)) . "</pre>";
    return $html;
Esempio n. 2
 protected function showForm()
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamReactivate_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
     // display teams that can be reactivated
     $teamids = \team::getDeletedTeamIds();
     $teamData = array();
     foreach ($teamids as $teamid) {
         $teamData[] = array('id' => $teamid, 'name' => (new team($teamid))->getName());
     $tmpl->assign('teams', $teamData);
     // a team must always have a leader
     // display user choice to admin
     // get all teamless users
     $users = \user::getTeamlessUsers();
     $userData = array();
     foreach ($users as $user) {
         // a team should only be reactivated so it can point of inactive, disabled or banned user
         if ($user->getStatus() === 'active') {
             $userData[] = array('id' => $user->getID(), 'name' => $user->getName());
     $tmpl->assign('users', $userData);
Esempio n. 3
     * Display all items of the CObject.
    public function DisplayObject()
        $this->data['main'] .= <<<EOD
\t<h2>Dumping content of CDeveloper</h2>
\t<p>Here is the content of the controller, including properties from CObject which holds access to common resources in Origin.</p>
        $this->data['main'] .= '<pre>' . htmlent(print_r($this, true)) . '</pre>';
Esempio n. 4
 public function addToVisitsLog($id)
     // insert login of user to visits log
     $ip_address = getenv('REMOTE_ADDR');
     $host = gethostbyaddr($ip_address);
     $query = 'INSERT INTO `visits` (`userid`,`ip-address`,`host`,`forwarded_for`,`timestamp`) VALUES' . ' (?, ?, ?, ?, ?)';
     $query = $this->prepare($query);
     $args = array($id, htmlent($ip_address), htmlent($host), htmlent(getenv('HTTP_X_FORWARDED_FOR')), date('Y-m-d H:i:s'));
     $this->execute($query, $args);
Esempio n. 5
 * Print debuginformation from the framework.
function get_debug()
    $bbb = CBehovsboboxen::Instance();
    // Only if debug is wanted.
    if (empty($bbb->config['debug'])) {
    // Get the debug output
    $html = null;
    if (isset($bbb->config['debug']['db-num-queries']) && $bbb->config['debug']['db-num-queries'] && isset($bbb->db)) {
        $flash = $bbb->session->GetFlash('database_numQueries');
        $flash = $flash ? "{$flash} + " : null;
        $html .= "<p>Database made {$flash}" . $bbb->db->GetNumQueries() . " queries.</p>";
    if (isset($bbb->config['debug']['db-queries']) && $bbb->config['debug']['db-queries'] && isset($bbb->db)) {
        $flash = $bbb->session->GetFlash('database_queries');
        $queries = $bbb->db->GetQueries();
        if ($flash) {
            $queries = array_merge($flash, $queries);
        $html .= "<p>Database made the following queries.</p><pre>" . implode('<br/><br/>', $queries) . "</pre>";
    if (isset($bbb->config['debug']['timer']) && $bbb->config['debug']['timer']) {
        $now = microtime(true);
        //echo 'now: ' . $now . '<br />';
        $flash = $bbb->session->GetFlash('timer');
        //echo 'flash: ' . $flash . '<br />';
        if ($flash) {
            $redirect = $flash ? round($flash['redirect'] - $flash['first'], 3) . ' secs + x + ' : null;
            echo 'redirect: ' . $redirect . '<br />';
            $total = $flash ? round($now - $flash['first'], 3) . ' secs. Per page: ' : null;
            echo 'total: ' . $total . '<br />';
            $html .= "<p>Page was loaded in {$total}{$redirect}" . round($now - $bbb->timer['first'], 3) . " secs.</p>";
    if (isset($bbb->config['debug']['memory']) && $bbb->config['debug']['memory']) {
        $flash = $bbb->session->GetFlash('memory');
        $flash = $flash ? round($flash / 1024 / 1024, 2) . ' Mbytes + ' : null;
        $html .= "<p>Peek memory consumption was {$flash}" . round(memory_get_peak_usage(true) / 1024 / 1024, 2) . " Mbytes.</p>";
    if (isset($bbb->config['debug']['behovsboboxen']) && $bbb->config['debug']['behovsboboxen']) {
        $html .= "<hr><h3>Debuginformation</h3><p>The content of CBehovsboboxen:</p><pre>" . htmlent(print_r($bbb, true)) . "</pre>";
    if (isset($bbb->config['debug']['session']) && $bbb->config['debug']['session']) {
        $html .= "<hr><h3>SESSION</h3><p>The content of CBehovsboboxen->session:</p><pre>" . htmlent(print_r($bbb->session, true)) . "</pre>";
        $html .= "<p>The content of \$_SESSION:</p><pre>" . htmlent(print_r($_SESSION, true)) . "</pre>";
    if (isset($bbb->config['debug']['timestamp']) && $bbb->config['debug']['timestamp']) {
        $html .= $bbb->log->TimestampAsTable();
        $html .= $bbb->log->PageLoadTime();
        $html .= $bbb->log->MemoryPeak();
    return "<div class='debug'>{$html}</div>";
Esempio n. 6
 protected function showForm()
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamJoin_' . $this->team->getID() . '_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
Esempio n. 7
 function preview($folder, $id)
     global $site;
     global $tmpl;
     parent::showMail($folder, $id);
     $tmpl->assign('showPreview', true);
     $tmpl->assign('title', 'Delete ' . $tmpl->getTemplateVars('title'));
     // protected against cross site injection attempts
     $randomKeyName = 'pmDelete_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
Esempio n. 8
 function Parse($string)
     global $config;
     require_once dirname(__FILE__) . '/nbbc/nbbc.php';
     $setup = new BBCode();
     if (!isset($config)) {
         // old compatibility mode
         $setup->SetSmileyURL(baseaddress() . 'smileys');
     } else {
         $setup->SetSmileyURL($config->getValue('baseaddress') . 'smileys');
     // $setup->SetEnableSmileys(false);
     // escape (x)html entities
     return $setup->Parse(htmlent($string));
Esempio n. 9
 function insertEditText($readonly = false)
     global $tmpl;
     global $config;
     global $db;
     if ($readonly || isset($_POST['confirmationStep'])) {
         // data passed to form -> use it
         $query = $db->prepare('SELECT `name` FROM `users` WHERE `id`=? LIMIT 1');
         $db->execute($query, user::getCurrentUserId());
         $author = $db->fetchRow($query);
         if ($author === false) {
             $author = 'error: no author could be determined';
     // do not drop original message id that a reply would be refering to
     // but drop reply mode (users and teams are already added to recipients at this point)
     $formArgs = '';
     if (isset($_GET['id'])) {
         $formArgs .= '&amp;id=' . $_GET['id'];
     $tmpl->assign('formArgs', $formArgs);
     $tmpl->assign('subject', $this->pm->getSubject());
     $tmpl->assign('time', $this->pm->getTimestamp());
     $tmpl->assign('playerRecipients', $this->pm->getUserNames());
     $tmpl->assign('teamRecipients', $this->pm->getTeamNames());
     $tmpl->assign('rawContent', htmlent($this->pm->getContent()));
     switch ($readonly) {
         case true:
             $tmpl->assign('authorName', htmlent($author['name']));
             if ($config->getValue('bbcodeLibAvailable')) {
                 $tmpl->assign('content', $tmpl->encodeBBCode($this->pm->getContent()));
             } else {
                 $tmpl->assign('content', htmlent($this->pm->getContent()));
             $tmpl->assign('showPreview', true);
             // overwrite editor's default text ('Write changes')
             $tmpl->assign('submitText', 'Send PM');
             $tmpl->assign('showSendForm', true);
             // display the formatting buttons addded by addFormatButtons
Esempio n. 10
 function insertEditText($readonly = false)
     global $tmpl;
     global $author;
     global $last_modified;
     global $config;
     if ($readonly || isset($_POST['confirmationStep'])) {
         $content = $_POST['staticContent'];
     } elseif (isset($_GET['edit'])) {
         $content = $this->readContent($this->path, $author, $last_modified, true);
     } else {
         $content = 'Replace this text with the page content.';
     switch ($readonly) {
         case true:
             $tmpl->assign('rawContent', htmlent($content));
             if ($config->getValue('bbcodeLibAvailable')) {
                 $tmpl->assign('contentPreview', $tmpl->encodeBBCode($content));
             } else {
                 // TODO: only fall back to using raw data if config says so
                 $tmpl->assign('contentPreview', $content);
             $tmpl->assign('rawContent', htmlent($content));
             // display the formatting buttons addded by addFormatButtons
Esempio n. 11
 protected function showForm()
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamCreate_' . \user::getCurrentUser()->getID() . '_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
     // bbcode editor
     include_once dirname(dirname(dirname(__FILE__))) . '/bbcode_buttons.php';
     $bbcode = new bbcode_buttons();
     // set up name of field to edit so javascript knows which element to manipulate
     $tmpl->assign('buttonsToFormat', $bbcode->showBBCodeButtons('team_description'));
Esempio n. 12

if (!isset($account_needs_to_be_converted) || !$account_needs_to_be_converted) {
    if (isset($_SESSION['user_logged_in']) && $_SESSION['user_logged_in']) {
        $this->helper->done('already logged in');
$account_old_website = htmlent($config->getValue('oldWebsiteName'));
if (!isset($msg)) {
    $msg = '';
if (!(isset($_POST['local_login_wanted']) && $_POST['local_login_wanted'])) {
    $msg .= '<form action="' . $config->getValue('baseaddress') . 'Login/' . '" method="post">' . "\n";
    $msg .= '<p class="first_p">' . "\n";
    if ($config->getValue('login.modules.forceExternalLoginOnly')) {
        $msg .= $this->helper->return_self_closing_tag('input type="submit" name="local_login_wanted" value="Update old account from ' . $account_old_website . '"');
    } else {
        $msg .= $this->helper->return_self_closing_tag('input type="submit" name="local_login_wanted" value="Local login"');
    $msg .= '</p>' . "\n";
    $msg .= '</form>' . "\n";
if (isset($_POST['local_login_wanted']) && $_POST['local_login_wanted']) {
    /* 		$msg .= '<div class="static_page_box">' . "\n"; */
    $msg .= '<p class="first_p">';
    if ($config->getValue('login.modules.local.convertUsersToExternalLogin')) {
        require_once dirname(dirname(__FILE__)) . '/login_module_list.php';
        if (isset($module['bzbb']) && $module['bzbb']) {
            $msg .= '<strong><span class="unread_messages">Before you continue make absolutely sure your account here and the (forum) account have exactly the same username or you will give someone else access to your account and that access can never be revoked.</span></strong></p>';
Esempio n. 13
 function bbcode($string)
     if (strcmp(bbcode_lib_path(), '') === 0) {
         // no bbcode library specified
         return $this->linebreaks(htmlent($string));
     // load the library
     require_once bbcode_lib_path();
     if (strcmp(bbcode_command(), '') === 0) {
         // no command that starts the parser
         return $this->linebreaks(htmlent($string));
     } else {
         $parse_command = bbcode_command();
     if (!(strcmp(bbcode_class(), '') === 0)) {
         // no class specified
         // this is no error, it only means the library stuff isn't started by a command in a class
         $bbcode_class = bbcode_class();
         $bbcode_instance = new $bbcode_class();
     // execute the bbcode algorithm
     if (isset($bbcode_class)) {
         if (bbcode_sets_linebreaks()) {
             return $bbcode_instance->{$parse_command}($string);
         } else {
             return $this->linebreaks($bbcode_instance->{$parse_command}($string));
     } else {
         if (bbcode_sets_linebreaks()) {
             return $parse_command($string);
         } else {
             return $this->linebreaks($parse_command($string));
function jquerycommentary_run()
    global $_SERVER, $output, $session;
    require_once 'lib/commentary.php';
    $section = httpget('section');
    $commentary = db_prefix('commentary');
    $accounts = db_prefix('accounts');
    if (($commid = httpget('rmvcmmnt')) != "") {
        $prefix = db_prefix('commentary');
        if ($session['user']['superuser'] & SU_EDIT_COMMENTS) {
            db_query("DELETE FROM {$prefix} WHERE commentid = '{$commid}'");
        db_query("INSERT INTO {$commentary} (section, author, comment, postdate) VALUES ('blackhole', '{$session['user']['acctid']}', 'I f****d up', '" . date('Y-m-d H:i:s') . "')");
    if (httpget('section') == get_module_pref('current_section') && httpget('section') != '') {
        //echo 'x';
        $output = "";
        $_SERVER['REQUEST_URI'] = httpget('r');
        $session['counter'] = httpget('c');
        viewcommentary(get_module_pref('current_section'), get_module_setting('message'), get_module_setting('limit'), get_module_setting('talkline'));
        $output = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $output);
        $output = substr($output, 0, strpos($output, "<jquerycommentaryend>"));
        db_query("UPDATE accounts SET laston = '" . date('Y-m-d H:i:s') . "' WHERE acctid = '{$session['user']['acctid']}'");
        echo trim("{$output}");
        /*$sql = db_query(
              "SELECT, a.acctid
              FROM accounts AS a
              LEFT JOIN module_userprefs AS m
              ON m.userid = a.acctid
              LEFT JOIN module_userprefs AS u
              ON u.userid = m.userid
              WHERE m.modulename = 'jquerycommentary'
              AND m.setting = 'is_typing'
              AND m.value = '1'
              AND u.modulename = 'jquerycommentary'
              AND u.setting = 'current_section'
              and u.value = '" . get_module_pref('current_section') ."'"
          $typing = [];
          while ($row = db_fetch_assoc($sql)) {
              array_push($typing, [$row['acctid'], $row['name']]);
          $isTyping = appoencode('`@');
          $i = 0;
          echo appoencode('`@Who\'s typing: `n');
          if (count($typing) != 0) {
              foreach ($typing as $key => $val) {
                  if ($i == 1) {
                      $isTyping .= appoencode($val[1]);
                  else if ($i > 1 && count($typing) > $i) {
                      $isTyping .= appoencode("`@, {$val[1]}");
                  else if ($i == count($typing)) {
                      $isTyping .= appoencode("`@ and {$val[1]}");
              echo $isTyping;
          else {
              echo appoencode('`@No one');
    switch (httpget('op')) {
        case 'get_json':
            $sql = db_query("SELECT commentid, author, comment FROM commentary WHERE section = '{$session['current_commentary_area']}' AND deleted = '0' ORDER BY commentid+0 DESC LIMIT 0, 25");
            $json = [];
            while ($row = db_fetch_assoc($sql)) {
                array_push($json, $row);
            echo "<pre>";
            echo json_encode($json, JSON_PRETTY_PRINT);
            echo "</pre>";
        case 'post':
            $post = httpallpost();
            $post = modulehook('jquery-post-commentary', $post);
            $commentary = db_prefix('commentary');
            if ($post['method'] == 'insertcommentary') {
                require_once 'lib/commentary.php';
                injectcommentary(get_module_pref('current_section'), get_module_setting('talkline'), $post['comment']);
            } else {
                $commentid = explode('_', $post['method']);
                require_once 'lib/systemmail.php';
                require_once 'lib/sanitize.php';
                $post['comment'] = htmlent($post['comment']);
                db_query("UPDATE {$commentary} SET comment = '{$post['comment']}' WHERE commentid = '{$commentid[1]}'");
                db_query("INSERT INTO {$commentary} (section, author, comment, postdate) VALUES ('blackhole', '{$session['user']['acctid']}', 'I f****d up', '" . date('Y-m-d H:i:s') . "')");
        case 'last_comment':
            require_once 'lib/sanitize.php';
            db_query("UPDATE accounts SET laston = '" . date('Y-m-d H:i:s') . "' WHERE acctid = '{$session['user']['acctid']}'");
            //$sql = db_query("SELECT comment, commentid FROM ".db_prefix('commentary')." WHERE author = '{$session['user']['acctid']}' AND section = '{$session['current_commentary_area']}' ORDER BY commentid DESC LIMIT 0,1");
            $sql = db_query("SELECT comment, commentid FROM {$commentary}\n                WHERE author = '{$session['user']['acctid']}'\n                AND (section = 'globalooc'\n                    OR section = '{$session['current_commentary_area']}')\n                ORDER BY commentid DESC\n                LIMIT 0,1");
            $row = db_fetch_assoc($sql);
            $data = $row;
            $sql = db_query("SELECT commentid, section, comment FROM {$commentary}\n                WHERE (section = 'globalooc'\n                OR section = '{$session['current_commentary_area']}'\n                OR section = 'blackhole'\n                )\n                ORDER BY commentid+0 DESC\n                LIMIT 0,1");
            $row = db_fetch_assoc($sql);
            $data['last_section'] = $row['section'];
            $data['last_comment'] = $row['commentid'];
            $data['last_message'] = $row['comment'];
            echo json_encode($data);
        case 'is_typing':
            $post = httpallpost();
            if ($post['typing'] == 'yes') {
                set_module_pref('is_typing', 1);
            } else {
                set_module_pref('is_typing', 0);
            $sql = db_query("SELECT, a.acctid\n                FROM accounts AS a\n                LEFT JOIN module_userprefs AS m\n                ON m.userid = a.acctid\n                LEFT JOIN module_userprefs AS u\n                ON u.userid = m.userid\n                WHERE m.modulename = 'jquerycommentary'\n                AND m.setting = 'is_typing'\n                AND m.value = '1'\n                AND u.modulename = 'jquerycommentary'\n                AND u.setting = 'current_section'\n                and u.value = '" . get_module_pref('current_section') . "'");
            $typing = [];
            while ($row = db_fetch_assoc($sql)) {
                array_push($typing, [$row['acctid'], $row['name']]);
            $isTyping = appoencode('`@');
            $i = 0;
            if (count($typing) != 0) {
                foreach ($typing as $key => $val) {
                    if ($i == 1) {
                        $isTyping .= appoencode($val[1]);
                    } else {
                        if ($i > 1 && count($typing) > $i) {
                            $isTyping .= appoencode("`@, {$val[1]}");
                        } else {
                            if ($i == count($typing)) {
                                $isTyping .= appoencode("`@ and {$val[1]}");
                    if ($i == count($typing)) {
                        $isTyping .= appoencode("`@...");
                echo "✏ {$isTyping}";
            } else {
                echo "<br />";
        case 'api':
            header('Content-Type: application/json');
            /*$sql = db_query(
                  "SELECT c.*, FROM $commentary AS c
                  LEFT JOIN $accounts AS a
                  ON a.acctid =
                  WHERE (section = '{$session['current_commentary_area']}'
                  OR section = 'global-ooc')
                  AND deleted = 0
                  ORDER BY commentid+0 DESC
                  GROUP BY section
                  LIMIT 0, 25"
            $sql = db_query("SELECT comm.*, FROM\n                (\n                    (SELECT * FROM\n                        (SELECT * FROM commentary\n                        WHERE section = 'globalooc'\n                        AND deleted = '0'\n                        ORDER BY commentid+0 DESC\n                        LIMIT 0, 10)\n                    AS c\n                    ORDER BY c.commentid+0 ASC\n                    LIMIT 0, 10)\n                    UNION (\n                        SELECT * FROM\n                        (SELECT * FROM commentary\n                        WHERE section = 'superuser'\n                        AND deleted = '0'\n                        ORDER BY commentid+0 DESC\n                        LIMIT 0, 25)\n                        AS c\n                        ORDER BY c.commentid+0 ASC\n                        LIMIT 0, 25\n                    )\n                ) AS comm\n                LEFT JOIN accounts AS acc\n                ON acc.acctid =");
            $json = [];
            while ($row = db_fetch_assoc($sql)) {
                $row['name'] = appoencode($row['name']);
                $row['comment'] = appoencode($row['comment']);
                array_push($json, $row);
            echo json_encode($json, JSON_PRETTY_PRINT);
Esempio n. 15

echo $form->GetHTML();

<div class="page-header">
  <h2>Current messages</h2>

foreach ($entries as $val) {
<div class = well>
    echo htmlent($val['name']);
  <br /><small><?php 
    echo $val['created'];
    echo htmlent($val['entry']);
Esempio n. 16
 public function showTeam($teamid)
     global $tmpl;
     global $db;
     $team = new team($teamid);
     if (!$team->exists()) {
     if (!$tmpl->setTemplate('teamSystemProfile')) {
     // FIXME: implement something to avoid hardcoded paths
     $tmpl->assign('pmLink', '../PM/?add&teamid=' . $teamid);
     $tmpl->assign('status', $team->getStatus());
     $tmpl->assign('title', 'Team ' . htmlent($team->getName()));
     // the team's leader
     $teamLeader = $team->getLeaderId();
     $teamData = array();
     $teamData['profileLink'] = './?profile=' . $team->getID();
     $teamData['name'] = $team->getName();
     $teamData['score'] = $team->getScore();
     $teamData['scoreClass'] = $this->rankScore($teamData['score']);
     $teamData['matchSearchLink'] = '../Matches/?search_string=' . $teamData['name'] . '&amp;search_type=team+name' . '&amp;search_result_amount=200' . '&amp;search=Search';
     $teamData['matchCount'] = $team->getMatchCount();
     $teamData['memberCount'] = $team->getMemberCount();
     $teamData['leaderLink'] = '../Players/?profile=' . $team->getLeaderId();
     $teamData['leaderName'] = (new \user($team->getLeaderId()))->getName();
     $teamData['activityNew'] = $team->getActivityNew();
     $teamData['activityOld'] = $team->getActivityOld();
     $teamData['created'] = $team->getCreationTimestampStr();
     $teamData['wins'] = $team->getMatchCount('won');
     $teamData['draws'] = $team->getMatchCount('draw');
     $teamData['losses'] = $team->getMatchCount('lost');
     $teamData['logo'] = $team->getAvatarURI();
     $tmpl->assign('teamDescription', $team->getDescription());
     $tmpl->assign('team', $teamData);
     $tmpl->assign('teamid', $teamid);
     $tmpl->assign('canPMTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() > 0 ? true : false);
     // tell template if user can edit this team
     $tmpl->assign('canEditTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_edit_any_team_profile'));
     // tell template if user can delete this team
     // either user has deletion permission for team
     // or user is leader of team and there are one or less members in team
     $tmpl->assign('canDeleteTeam', $team->getStatus() !== 'deleted' && (\user::getCurrentUser()->getPermission('team.allowDelete ' . $team->getID()) || \user::getCurrentUser()->getPermission('allow_delete_any_team') || \user::getCurrentUserId() === $team->getLeaderId()));
     $showMemberActionOptions = false;
     if (\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members')) {
         $showMemberActionOptions = true;
     $members = array();
     $memberids = $team->getUserIds();
     foreach ($memberids as $memberid) {
         $user = new \user($memberid);
         $member = array();
         // rename db result fields and assemble some additional informations
         // use a temporary array for better readable (but slower) code
         if (!$showMemberActionOptions && \user::getCurrentUserId() === $memberid) {
             $showMemberActionOptions = true;
         $member['profileLink'] = '../Players/?profile=' . $user->getID();
         $member['userName'] = $user->getName();
         $member['permissions'] = $teamLeader === $memberid ? 'Leader' : 'Standard';
         if ($country = $user->getCountry()) {
             $member['countryName'] = $country->getName();
             if (strlen($country->getFlag()) > 0) {
                 $member['countryFlag'] = $country->getFlag();
         $member['joined'] = $user->getJoinTimestampStr();
         $member['last_login'] = $user->getLastLoginTimestampStr();
         // show leave/kick links if permission is given
         // a team leader can neither leave or be kicked
         // a leader must first give someone else leadership to leave
         if ((\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members') || \user::getCurrentUserId() === $user->getID()) && $user->getID() !== $teamLeader) {
             $member['removeLink'] = './?remove=' . $user->getID() . '&amp;team=' . $teamid;
             if (\user::getCurrentUserId() === $user->getID()) {
                 $member['removeDescription'] = 'Leave team';
             } else {
                 $member['removeDescription'] = 'Kick member from team';
         // append current member data
         $members[] = $member;
     $tmpl->assign('members', $members);
     $tmpl->assign('showMemberActionOptions', $showMemberActionOptions);
     // show last entered matches
     $matches = array();
     // show available options if any available
     $allowEdit = \user::getCurrentUser()->getPermission('allow_edit_match');
     $allowDelete = \user::getCurrentUser()->getPermission('allow_delete_match');
     $tmpl->assign('showMatchActionOptions', $allowEdit || $allowDelete);
     $tmpl->assign('allowEdit', $allowEdit);
     $tmpl->assign('allowDelete', $allowDelete);
     // get match data
     // sort the data by id to find out if abusers entered a match at a long time in the past
     $query = $db->prepare('SELECT `timestamp`,`team1_id`,`team2_id`,' . '(SELECT `name` FROM `teams` WHERE `id`=`team1_id`) AS `team1_name`' . ',(SELECT `name` FROM `teams` WHERE `id`=`team2_id`) AS `team2_name`' . ',`team1_points`,`team2_points`,`userid`' . ',(SELECT `users`.`name` FROM `users`' . ' WHERE `users`.`id`=`matches`.`userid`)' . ' AS `username`' . ',`matches`.`id`' . ' FROM `matches` WHERE `matches`.`team1_id`=?' . ' OR `matches`.`team2_id`=?' . ' ORDER BY `id` DESC LIMIT 0,10');
     $db->execute($query, array($teamid, $teamid));
     while ($row = $db->fetchRow($query)) {
         // rename db result fields and assemble some additional informations
         // use a temporary array for better readable (but slower) code
         $prepared = array();
         $prepared['time'] = $row['timestamp'];
         $prepared['team1Link'] = '../Teams/?profile=' . $row['team1_id'];
         $prepared['team2Link'] = '../Teams/?profile=' . $row['team2_id'];
         $prepared['team1Name'] = $row['team1_name'];
         $prepared['team2Name'] = $row['team2_name'];
         $prepared['score1'] = $row['team1_points'];
         $prepared['score2'] = $row['team2_points'];
         $prepared['lastModById'] = $row['userid'];
         $prepared['lastModByName'] = $row['username'];
         $prepared['lastModByLink'] = '../Players/?profile=' . $prepared['lastModById'];
         if ($allowEdit) {
             $prepared['editLink'] = '../Matches/?edit=' . $row['id'];
         if ($allowDelete) {
             $prepared['deleteLink'] = '../Matches/?delete=' . $row['id'];
         $matches[] = $prepared;
     $tmpl->assign('matches', $matches);
     // invitation data visible
     // for team members
     // for users who can issue any invitation
     if (\user::getCurrentUser()->getMemberOfTeam($teamid) || \user::getCurrentUser()->getPermission('allow_invite_in_any_team')) {
         $invitationData = array();
         $invitations = invitation::getInvitationsForTeam($teamid);
         foreach ($invitations as $invitation) {
             $invitationUser = $invitation->getUsers()[0];
             $invitationData[] = array('userName' => $invitationUser->getName(), 'profileLink' => '../Players/?profile=' . $invitationUser->getID(), 'expiration' => $invitation->getExpiration());
         $tmpl->assign('invitations', $invitationData);
Esempio n. 17
 // timezone
 echo '<p><label class="player_edit" for="edit_player_location">Change timezone:</label> ';
 echo '<select id="edit_player_timezone" name="timezone">';
 for ($i = -12; $i <= 12; $i++) {
     echo '<option value="';
     echo htmlspecialchars($i);
     if ($timezone === $i) {
         echo '" selected="selected';
     echo '">';
     if ($i >= 0) {
         $time_format = '+' . strval($i);
     } else {
         $time_format = strval($i);
     echo htmlent('UTC ' . $time_format);
     echo '</option>' . "\n";
 echo '</select>';
 echo '</p>' . "\n\n";
 // user comment
 if ($site->bbcode_lib_available()) {
     echo "\n" . '<div class="player_edit">';
     echo '<div class="invisi" style="display: inline;">';
     echo '	<label class="player_edit">bbcode:</label><span>';
     echo '</div>';
     include dirname(dirname(__FILE__)) . '/CMS/bbcode_buttons.php';
     $bbcode = new bbcode_buttons();
Esempio n. 18
 private function generateKey()
     global $site;
     global $tmpl;
     $randomKeyName = 'addon.pageSystem.' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
Esempio n. 19
        } elseif (isset($_GET['profile'])) {
            echo '&amp;profile=' . htmlent($_GET['profile']);
        echo '">Previous visits</a>' . "\n";
    if ($show_next_visits_button) {
        echo '	<a href="./?i=';
        echo (int) $view_range + $num_results;
        if (isset($_GET['search'])) {
            echo '&amp;search';
            if (isset($_GET['search_string'])) {
                echo '&amp;search_string=' . htmlspecialchars($_GET['search_string']);
            if (isset($_GET['search_type'])) {
                echo '&amp;search_type=' . htmlspecialchars($_GET['search_type']);
            if (isset($num_results)) {
                echo '&amp;search_result_amount=' . strval($num_results);
        } elseif (isset($_GET['profile'])) {
            echo '&amp;profile=' . htmlent($_GET['profile']);
        echo '">Next visits</a>' . "\n";
    echo '</p>' . "\n";
Esempio n. 20
 public function getName()
     return htmlent($this->info['username']);
Esempio n. 21
function similarMatchEntered($newerMatches = true)
    global $site;
    global $connection;
    // equal case should never happen
    $comparisonOperator = '>';
    if (!$newerMatches) {
        $comparisonOperator = '<=';
    // similar match entered already?
    // strategy: ask for one match before the entered one and one after the one to be entered and do not let the database engine do the comparison
    $query = 'SELECT `id`,`timestamp`,`team1_id`,`team2_id`,`team1_points`,`team2_points`, `duration` FROM `matches`';
    $query .= ' WHERE (`timestamp`' . sqlSafeString($comparisonOperator) . sqlSafeStringQuotes($_POST['match_day'] . $_POST['match_time']);
    // sorting needed
    $query .= ') ORDER BY `timestamp` DESC';
    // only comparing nearest match in time
    $query .= ' LIMIT 0,1';
    if (!($result = @$site->execute_query('matches', $query, $connection))) {
        $site->dieAndEndPage('Unfortunately there seems to be a database problem and thus comparing timestamps (using operator ' . sqlSafeString($comparisonOperator) . ') of matches failed.');
    // initialise values
    // casting the values to 0 is important
    // (a post variable having no value means it has to be set to 0 to successfully compare values here)
    $timestamp = '';
    $duration = (int) $_POST['duration'];
    $team_id1 = (int) $_POST['team_id1'];
    $team_id2 = (int) $_POST['team_id2'];
    $team_id1_matches = false;
    $team_id2_matches = false;
    $team1_points = (int) $_POST['team1_points'];
    $team2_points = (int) $_POST['team2_points'];
    $team1_points_matches = false;
    $team2_points_matches = false;
    while ($row = mysql_fetch_array($result)) {
        // we can save comparisons using a helper variable
        $team_ids_swapped = false;
        $timestamp = $row['timestamp'];
        $duration_matches = intval($row['duration']) === $duration;
        $team_id1_matches = intval($row['team1_id']) === $team_id1;
        if (!$team_id1_matches) {
            $team_ids_swapped = true;
            $team_id1_matches = intval($row['team1_id']) === $team_id2;
        if ($team_ids_swapped) {
            $team_id2_matches = intval($row['team2_id']) === $team_id1;
        } else {
            $team_id2_matches = intval($row['team2_id']) === $team_id2;
        // use helper variable to save some comparisons of points
        if ($team_ids_swapped) {
            $team1_points_matches = intval($row['team1_points']) === $team2_points;
            $team2_points_matches = intval($row['team2_points']) === $team1_points;
        } else {
            $team1_points_matches = intval($row['team1_points']) === $team1_points;
            $team2_points_matches = intval($row['team2_points']) === $team2_points;
    // if similar match was found warn the user
    if ($team_id1_matches && $team_id2_matches && $team1_points_matches && $team2_points_matches && $duration_matches) {
        echo '<p>The nearest ';
        if ($newerMatches) {
            echo 'newer ';
        } else {
            echo 'older ';
        echo ' match in the database is quite similar:</p>';
        // use the post data as much as possible instead of looking up the same data in the database
        echo '<p><strong>' . $timestamp . ' [' . $duration . ']  </strong> ';
        $query = 'SELECT `name` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id1) . ' LIMIT 1';
        if (!($result = @$site->execute_query('teams', $query, $connection))) {
            $site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id1) . '.');
        while ($row = mysql_fetch_array($result)) {
            team_name_from_id($team_id1, htmlent($row['name']));
        echo ' - ';
        $query = 'SELECT `name` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id2) . ' LIMIT 1';
        if (!($result = @$site->execute_query('teams', $query, $connection))) {
            $site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id2) . '.');
        while ($row = mysql_fetch_array($result)) {
            team_name_from_id($team_id2, htmlent($row['name']));
        echo ' with result <strong>' . $team1_points . ' - ' . $team2_points . '</strong>.</p>';
        echo "\n";
        return true;
    return false;
Esempio n. 22
 public static function convertAccount($userid, $loginname, &$output)
     global $config;
     global $db;
     // user is not new, update his callsign with new external userid supplied from login
     // external_id was empty, set it to the external value obtained by bzidtools
     // create a new cURL resource
     $ch = curl_init();
     // set URL and other appropriate options
     $url = '' . urlencode(strtolower($loginname));
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_HEADER, 0);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     // grab URL and pass it to the browser
     $output = curl_exec($ch);
     // close cURL resource, and free up system resources
     // update the entry with the result from the bzidtools2.php script
     if (strlen($output) > 9 && strcmp(substr($output, 0, 9), 'SUCCESS: ') === 0) {
         // the external id received from API
         $externalID = substr($output, 9);
         // check if external id is already used in our db
         $query = $db->prepare('SELECT `id` FROM `users` WHERE `external_id`=? LIMIT 1');
         $db->execute($query, $externalID);
         // error if id already used
         if ($db->fetchRow($query)) {
             $output = 'This bzbb id (' . $externalID . ')is already tied to another account. ' . 'If you think this error message is not justified ' . 'please contact one of the admins';
             return false;
         // update bzbb id of user in our db
         $query = $db->prepare('UPDATE `users` SET `external_id`=?' . ' WHERE `id`=? LIMIT 1');
         if (!$db->execute($query, array(htmlent(substr($output, 9)), $userid))) {
             $output = 'Unfortunately there seems to be a database problem' . ' which prevents the system from setting your external userid (id=' . htmlent($userid) . '). Please report this to an admin.';
             return false;
         $output = 'Congratulations, you enabled the <a href="' . htmlspecialchars('') . urlencode($config->getValue('baseaddress') . 'Login/?module=bzbb&action=login&auth=%TOKEN%,%USERNAME%') . '"> (global) login</a> for this account.' . "\n";
     } else {
         $output = 'Unfortunately the bzidtools2.php script failed' . ' which prevents the system from setting your external userid (id=' . htmlent($userid) . '). The bzidtool2.php call was ' . htmlent($url) . '. Please report this to an admin.';
         // log the problem
         return false;
     // converting account to use bzbb login was successful :)
     return true;
Esempio n. 23
 public function showMail($folder, $id)
     global $config;
     global $tmpl;
     global $db;
     // set the template
     $tmpl->assign('title', 'Mail #' . $id);
     $id = 0;
     if (isset($_GET['view'])) {
         $id = intval($_GET['view']);
     } elseif (isset($_GET['delete'])) {
         $id = intval($_GET['delete']);
     } else {
         $tmpl->assign('errorMsg', 'You did not specify a message id to view');
     // show currently selected mail folder
     // collect the necessary data
     $query = $db->prepare('SELECT `id`,`author_id`,`subject`,`timestamp`,`message`,`msg_status`,' . ' IF(`pmsystem_msg_storage`.`author_id`<>0,' . ' (SELECT `name` FROM `users` WHERE `id`=`author_id`),?) AS `author`' . ' FROM `pmsystem_msg_storage`, `pmsystem_msg_users`' . ' WHERE `pmsystem_msg_users`.`userid`=?' . ' AND `pmsystem_msg_storage`.`id`=`pmsystem_msg_users`.`msgid`' . ' AND `folder`=?' . ' AND `pmsystem_msg_storage`.`id`=?' . ' ORDER BY `pmsystem_msg_storage`.`id` DESC' . ' LIMIT 1');
     $db->execute($query, array($config->getValue('displayedSystemUsername'), user::getCurrentUserId(), $folder, $id));
     $rows = $db->fetchAll($query);
     // create PM navigation
     $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `userid`=? AND `msgid`<?' . ' AND `folder`=?' . ' ORDER BY `msgid` DESC LIMIT 1');
     $db->execute($query, array(user::getCurrentUserId(), $id, $folder));
     $prevMSG = $db->fetchAll($query);
     if (count($prevMSG) > 0) {
         $tmpl->assign('prevMsg', $prevMSG[0]['msgid']);
     $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `userid`=? AND `msgid`>?' . ' AND `folder`=?' . ' ORDER BY `msgid` LIMIT 1');
     $db->execute($query, array(user::getCurrentUserId(), $id, $folder));
     $nextMSG = $db->fetchAll($query);
     if (count($nextMSG) > 0) {
         $tmpl->assign('nextMsg', $nextMSG[0]['msgid']);
     if (count($rows) < 1) {
         // keep the error message generic to avoid
         $tmpl->assign('errorMsg', 'This message either does not exist or you do not have permission to view the message.');
     // create PM view
     $tmpl->assign('subject', $rows[0]['subject']);
     if (intval($rows[0]['author_id']) > 0) {
         $tmpl->assign('authorLink', '../Players/?profile=' . intval($rows[0]['author_id']));
     $tmpl->assign('authorName', $rows[0]['author']);
     // prepare recipients queries
     $usersQuery = $db->prepare('SELECT `userid`,`name`' . ' FROM `pmsystem_msg_recipients_users` LEFT JOIN `users`' . ' ON `pmsystem_msg_recipients_users`.`userid`=`users`.`id`' . ' WHERE `msgid`=?');
     $teamsQuery = $db->prepare('SELECT `teamid`,`name`' . ' FROM `pmsystem_msg_recipients_teams` LEFT JOIN `teams`' . ' ON `pmsystem_msg_recipients_teams`.`teamid`=`teams`.`id`' . ' WHERE `msgid`=?');
     // find out users in recipient list
     $db->execute($usersQuery, $rows[0]['id']);
     $userRecipients = array();
     while ($row = $db->fetchRow($usersQuery)) {
         $userRecipients[] = array('link' => '../Players/?profile=' . intval($row['userid']), 'name' => $row['name']);
     if (isset($userRecipients[0])) {
         $tmpl->assign('userRecipients', $userRecipients);
     // find out teams in recipient list
     $db->execute($teamsQuery, $rows[0]['id']);
     $teamRecipients = array();
     while ($row = $db->fetchRow($teamsQuery)) {
         $teamRecipients[] = array('link' => '../Teams/?profile=' . intval($row['teamid']), 'name' => $row['name']);
     if (isset($teamRecipients[0])) {
         $tmpl->assign('teamRecipients', $teamRecipients);
     // compute if a 'reply to all' button should be shown (more than 1 recipient)
     $tmpl->assign('showReplyToAll', count($userRecipients) > 1 || count($teamRecipients) > 0);
     $tmpl->assign('time', $rows[0]['timestamp']);
     if ($config->getValue('bbcodeLibAvailable')) {
         $tmpl->assign('content', $tmpl->encodeBBCode($rows[0]['message']));
     } else {
         $tmpl->assign('content', htmlent($rows[0]['message']));
     $tmpl->assign('msgID', $id);
     // mark the message as read for the current user
     $query = $db->prepare('UPDATE LOW_PRIORITY `pmsystem_msg_users`' . 'SET `msg_status`=?' . ' WHERE `msgid`=?' . ' AND `folder`=?' . ' AND `userid`=?' . ' LIMIT 1');
     $db->execute($query, array('read', $id, $folder, user::getCurrentUserId()));
Esempio n. 24
 public function SQL($query, $file = false, $errorUserMSG = '')
     global $tmpl;
     			if ($this->getDebugSQL() && isset($tmpl))
     				$tmpl->assign('MSG', 'executing query: '. $query . $tmpl->return_self_closing_tag('br'));
     $result = $this->pdo->query($query);
     if (!$result) {
         // print out the raw error in debug mode
         if ($this->getDebugSQL()) {
             echo '<p>Query ' . htmlent($query) . ' is probably not valid SQL.</p>' . "\n";
         // log the error
         if ($file !== false) {
             $this->logError($file, $query);
         } else {
         if (strlen($errorUserMSG) > 0) {
             $tmpl->assign('errorMsg', $errorUserMSG);
         $tmpl->assign('errorMsg', 'Error: Could not process query.');
         // $result was a weak typed false
         // set return value to a strong typed false
         // in any case, it would not be of type PDOStatement
         // which is required for database_result's construct function
         return false;
     return new database_result($result, $query);
Esempio n. 25
 protected function showForm()
     global $site;
     global $tmpl;
     // protected against cross site injection attempts
     $randomKeyName = 'teamEdit_' . $this->team->getID() . '_' . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));
     // indicate if team is currently opened or closed
     $tmpl->assign('teamOpen', $this->team->getOpen());
     // bbcode editor
     include_once dirname(dirname(dirname(__FILE__))) . '/bbcode_buttons.php';
     $bbcode = new bbcode_buttons();
     // set up name of field to edit so javascript knows which element to manipulate
     $tmpl->assign('buttonsToFormat', $bbcode->showBBCodeButtons('team_description'));
     $tmpl->assign('teamDescription', $this->team->getRawDescription());
     $tmpl->assign('avatarURI', $this->team->getAvatarURI());
Esempio n. 26
 public function send($author_id = 0, $ReplyToMSGID = 0)
     global $config;
     global $db;
     // remove duplicates
     if ($this->removeDuplicates($this->users) || $this->removeDuplicates($this->teams)) {
         // back to overview to let them check
         return '<p>Some double entries were removed. Please check your recipients.<p>';
     if (strlen($this->content) === 0) {
         $return = '<p>You must specify a message text in order to send a message.</p>';
     $recipients = array();
     foreach ($this->users as $player) {
         $recipients[] = $player['id'];
     // add the players belonging to the specified teams to the recipients array
     foreach ($this->teams as $teamid) {
         if (($tmp_players = \user::getMemberIdsOfTeam((int) $teamid['id'])) === false) {
             return '<p>Could not find out member ids of teams</p>';
         foreach ($tmp_players as $userid) {
             $recipients[] = $userid;
     // put message into database
     $query = $db->prepare('INSERT INTO `pmsystem_msg_storage`' . ' (`author_id`, `subject`, `timestamp`, `message`)' . ' VALUES (?, ?, ?, ?)');
     // lock tables for critical section
     $db->SQL('LOCK TABLES `pmsystem_msg_storage` WRITE');
     $db->SQL('SET AUTOCOMMIT = 0');
     // do the insert
     $db->execute($query, array($author_id, htmlent($this->subject), $this->timestamp, $this->content));
     // find out generated id
     $queryLastID = $db->SQL('SELECT `id` FROM `pmsystem_msg_storage` ORDER BY `id` DESC LIMIT 1');
     $rowId = $db->fetchRow($queryLastID);
     $rowId = intval($rowId['id']);
     // unlock tables as critical section passed
     $db->SQL('UNLOCK TABLES');
     $db->SQL('SET AUTOCOMMIT = 1');
     // add teams as visible recipients
     $query = $db->prepare('INSERT INTO `pmsystem_msg_recipients_teams`' . '(`msgid`, `teamid`)' . 'VALUES (?, ?)');
     foreach ($this->teams as $team) {
         $db->execute($query, array($rowId, $team['id']));
     // add users as visible recipients
     // be careful to not overwrite global variable $user
     $query = $db->prepare('INSERT INTO `pmsystem_msg_recipients_users`' . '(`msgid`, `userid`)' . 'VALUES (?, ?)');
     $userIDs = $this->getUserIDs();
     foreach ($userIDs as $userID) {
         $db->execute($query, array($rowId, $userID));
     foreach (array_unique($recipients, SORT_NUMERIC) as $recipient) {
         // put message in people's inbox
         if ($ReplyToMSGID > 0) {
             // this is a reply
             $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`, `msg_replied_to_msgid`)' . ' VALUES (?, ?, ?, ?)');
             $db->execute($query, array($rowId, $recipient, 'inbox', $ReplyToMSGID));
         } else {
             // this is a new message
             $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`)' . ' VALUES (?, ?, ?)');
             $db->execute($query, array($rowId, $recipient, 'inbox'));
     // put message in sender's outbox if sent by a human
     if ($author_id > 0) {
         $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`, `msg_status`)' . ' VALUES (?, ?, ?, ?)');
         $db->execute($query, array($rowId, $author_id, 'outbox', 'read'));
     return true;
Esempio n. 27
function import_players()
    global $site;
    global $connection;
    global $deleted_players;
    global $db_to_be_imported;
    $site->selectDB($db_to_be_imported, $connection);
    $query = 'SELECT `id`,`callsign`,`created` FROM `l_player` ORDER BY `id`';
    if (!($result = @$site->execute_query('l_player', $query, $connection))) {
        $site->selectDB($site->db_used_name(), $connection);
    $site->selectDB($site->db_used_name(), $connection);
    // 0 means active player
    $suspended_status = 'active';
    $index_num = 1;
    $players = array();
    while ($row = mysql_fetch_array($result)) {
        $current_name = '(no name)';
        // skip deleted users as they can be several times in the db
        // player got deleted, keep track of him
        if (!(strcmp(substr($row['callsign'], -10), ' (DELETED)') === 0)) {
            $current_name = htmlent($row['callsign']);
        } else {
            $current_name = htmlent(substr($row['callsign'], 0, -10));
        // no empty usernames allowed
        if (!(strcmp($current_name, '') === 0)) {
            // is user already added to db?
            // callsigns are case treated insensitive
            if (!isset($players[strtolower($current_name)])) {
                $site->selectDB($db_to_be_imported, $connection);
                $query = 'SELECT `team`,`last_login`,`comment`,`logo`,`md5password`,`utczone`' . ' FROM `l_player` WHERE `l_player`.`callsign`=' . sqlSafeStringQuotes($current_name) . ' LIMIT 1';
                if (!($tmp_result = @$site->execute_query('l_team', $query, $connection))) {
                    $site->selectDB($site->db_used_name(), $connection);
                $site->selectDB($site->db_used_name(), $connection);
                $last_login = '';
                $team = (int) 0;
                $comment = '';
                $logo = '';
                $timezone = (int) 0;
                while ($tmp_row = mysql_fetch_array($tmp_result)) {
                    $last_login = $tmp_row['last_login'];
                    $team = $tmp_row['team'];
                    $comment = $site->linebreaks($tmp_row['comment']);
                    $logo = $tmp_row['logo'];
                    $timezone = $tmp_row['utczone'];
                    $md5password = $tmp_row['md5password'];
                // take care of deleted players
                $site->selectDB($db_to_be_imported, $connection);
                $query = 'SELECT `last_login`, (SELECT COUNT(*) FROM `l_player` WHERE `callsign`=' . sqlSafeStringQuotes($current_name) . ' LIMIT 1) AS `num_not_deleted`' . ' FROM `l_player` WHERE `l_player`.`callsign`=' . sqlSafeStringQuotes($current_name . ' (DELETED)') . ' ORDER BY `last_login` DESC LIMIT 1';
                if (!($tmp_result = @$site->execute_query('l_team', $query, $connection))) {
                    $site->selectDB($site->db_used_name(), $connection);
                $site->selectDB($site->db_used_name(), $connection);
                while ($tmp_row = mysql_fetch_array($tmp_result)) {
                    if (strcmp($last_login, '') === 0) {
                        $last_login = $tmp_row['last_login'];
                    if ((int) $tmp_row['num_not_deleted'] === 0) {
                        // set password to can not expect them to know the old password
                        $md5password = '';
                $query = 'INSERT INTO `players` (`id`,`teamid`,`name`,`status`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($team) . ',' . sqlSafeStringQuotes($current_name) . ',' . sqlSafeStringQuotes($suspended_status) . ')';
                // execute query, ignore result
                $site->execute_query('players', $query, $connection);
                $query = 'INSERT INTO `players_profile` (`playerid`,`UTC`,`user_comment`,`raw_user_comment`,`joined`,`last_login`,`logo_url`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($timezone) . ',' . sqlSafeStringQuotes(utf8_encode($comment)) . ',' . sqlSafeStringQuotes(utf8_encode($comment)) . ',' . sqlSafeStringQuotes($row['created']) . ',' . sqlSafeStringQuotes($last_login) . ',' . sqlSafeStringQuotes($logo) . ')';
                // execute query, ignore result
                @$site->execute_query('players_profile', $query, $connection);
                if (isset($md5password) && strlen($md5password) > 0) {
                    $query = 'INSERT INTO `players_passwords` (`playerid`,`password`,`password_encoding`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($md5password) . ',' . sqlSafeStringQuotes('md5') . ')';
                    // execute query, ignore result
                    @$site->execute_query('players_passwords', $query, $connection);
                // mark the user has been added to db
                // callsigns are case treated insensitive
                $players[strtolower($current_name)] = true;
            $deleted_players[$row['id']]['callsign'] = $current_name;
    // build a lookup table to avoid millions of select id from players where name=bla
    foreach ($deleted_players as &$deleted_player) {
        $query = 'SELECT `id` FROM `players` WHERE `name`=' . sqlSafeStringQuotes($deleted_player['callsign']);
        if (!($result = @$site->execute_query('l_player', $query, $connection))) {
            // query was bad, error message was already given in $site->execute_query(...)
        while ($row = mysql_fetch_array($result)) {
            $deleted_player['id'] = (int) $row['id'];
rawoutput("<script type='text/javascript'>var superusers = new Array();");
foreach ($superusers as $val) {
    rawoutput(" superusers['" . addslashes($val) . "'] = true;");
if ($replyTo == '') {
    output("<input name='subject' value='%s' autofocus><br>", htmlent($subject), true);
} else {
    output("<input name='subject' value='%s'><br>", htmlent($subject), true);
rawoutput("<div id='warning' style='visibility: hidden; display: none;'>");
output("`@`bNotice:`b `^{$superusermessage}`0`n");
require_once 'lib/forms.php';
previewfield('body', '`^', false, false, ['type' => 'textarea', 'class' => 'input', 'cols' => 60, 'rows' => 9, 'onKeyDown' => 'sizeCount(this);'], htmlent($body) . htmlent(stripslashes(httpget('body'))));
$send = translate_inline('Send');
rawoutput("<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n        <tr>\n            <td>\n                <input type='submit' class='button' value='{$send}'>\n            </td>\n            <td align='right'>\n                <div id='sizemsg'></div>\n            </td>\n        </tr>\n    </table>");
$sizeLimit = getsetting('mailsizelimit', 1024);
$sizeMsg = sprintf_translate(["`#Max message size is `@%s`#, you have `^XX`# characters left.", $sizeLimit]);
$sizeMsgOver = sprintf_translate(["`\$Max message size is `@%s`\$, you are over by `^XX`\$ characters!", $sizeLimit]);
$sizeMsg = explode('XX', $sizeMsg);
$sizeMsgOver = explode('XX', $sizeMsgOver);
$uSize1 = addslashes("<span>" . appoencode($sizeMsg[0]) . "</span>");
$uSize2 = addslashes("<span>" . appoencode($sizeMsg[1]) . "</span>");
$oSize1 = addslashes("<span>" . appoencode($sizeMsgOver[0]) . "</span>");
$oSize2 = addslashes("<span>" . appoencode($sizeMsgOver[1]) . "</span>");
rawoutput("<script type='text/javascript'>\n        var maxlen = {$sizeLimit};\n        function sizeCount(box)\n        {\n            if (box == null) {\n                return;\n            }\n            var len = box.value.length;\n            var msg = '';\n            if (len <= maxlen) {\n                msg = '{$usize1}' + (maxlen - len) + '{$usize2}';\n            }\n            else {\n                msg = '{$osize1}' + (len - maxlen) + '{$osize2}';\n            }\n            document.getElementById('sizemsg').innerHTML = msg;\n        }\n        sizeCount(document.getElementById('inputbody'));\n        function check_su_warning()\n        {\n            var to = document.getElementById('to');\n            var warning = document.getElementById('warning');\n            if (superusers[to.value]) {\n       = 'visible';\n       = 'inline';\n            }\n            else {\n       = 'hidden';\n       = 'none';\n            }\n        }\n        check_su_warning();\n    </script>");
Esempio n. 29
function formatbzfquery_last($server, $connection)
    global $site;
    global $connection;
    global $use_internal_db;
    if ($use_internal_db) {
        @(!mysql_select_db($site->db_used_name(), $connection));
    } else {
        if (@(!mysql_select_db("playerlist", $connection))) {
    if (isset($_GET['server'])) {
        echo '<p>' . $server . '</p>' . "\n";
    } else {
        echo '<p><a href="?server=' . urlencode($server) . '">' . $server . '</a></p>' . "\n";
    // Query the server
    if (!function_exists('pcntl_fork')) {
    $data = bzfquery($server);
    $ausgabe = '';
    if (!function_exists('pcntl_fork')) {
        $ausgabe .= ob_get_contents();
    if (!isset($data['player'])) {
        if (!isset($data['protocol'])) {
            echo '<p>' . KEINEVERBINDUNG . ' ';
            if (!strcmp($ausgabe, '') == 0) {
                echo GEMELDETERFEHLER . $ausgabe . '.';
            echo '</p>' . "\n";
        } else {
            echo '<p>' . KEINESPIELER . '</p>' . "\n";
    } else {
        $zaehler = $data['maxTime'] - $data['timeElapsed'];
        if ($zaehler > 0) {
            echo '<p class="zaehler">' . ZAEHLER . '<span class="zaehler">' . round($zaehler / 60, 2) . VON . round($data['maxTime'] / 60, 2) . '</span>' . RESTZEIT . '</p>' . "\n";
        // Display the server info
        $teamName = array(0 => "schurke", 1 => "rot", 2 => "gruen", 3 => "blau", 4 => "violett", 5 => "zuschauer", 6 => "hase");
        $teamColour = array(0 => "yellow", 1 => "red", 2 => "green", 3 => "blue", 4 => "purple", 5 => "gray", 6 => "orange");
        usort($data['player'], "cmp");
        //		echo 'count punkte:!' . print_r($data['player']['0']['team']);
        if (isset($data['player']['0']['team']) && !(strcmp($data['player']['0']['team'], '5') === 0)) {
            echo '<table class="punkte">' . "\n";
            echo '  <tbody>' . "\n";
            while (list($key, $val) = each($data['team'])) {
                if ($data['team'][$key]['size'] > 0) {
                    echo '    ';
                    // Mannschaftsfarbe
                    marke('tr', $teamName[$key]);
                    // Punktzahl
                    echo '<td>';
                    echo $data['team'][$key]['won'] - $data['team'][$key]['lost'];
                    echo '</td>';
                    // Gewonnen
                    echo '<td>';
                    echo '(' . $data['team'][$key]['won'] . ' - ';
                    // Verloren
                    echo $data['team'][$key]['lost'] . ')';
                    echo '</td>';
                    // #Spieler
                    echo '<td>';
                    echo $data['team'][$key]['size'];
                    echo '</td>';
                    // Ende Mannschaftsfarbe
                    echo '</tr>' . "\n";
            echo '  </tbody>' . "\n" . '</table>' . "\n";
        echo "\n\n" . '<table class="spieler" border="0">' . "\n";
        echo '  <tbody>';
        while (list($key, $val) = each($data['player'])) {
            echo "\n" . '<tr>' . "\n";
            // Zuschauer spielen nicht -> keine Punktzahl
            if (!strcmp($teamName[$data['player'][$key]['team']], 'zuschauer') == 0) {
                echo '<td>';
                echo $data['player'][$key]['won'] - $data['player'][$key]['lost'];
                echo '</td>' . "\n";
                echo '<td>(' . $data['player'][$key]['won'] . '-' . $data['player'][$key]['lost'] . ')</td><td>[' . $data['player'][$key]['tks'] . ']</td>';
            } else {
                echo '<td></td>' . "\n" . '<td></td>' . "\n" . '<td></td>' . "\n";
            // Mannschaftsfarbe
            marke('td', $teamName[$data['player'][$key]['team']]);
            $playername = $data['player'][$key]['sign'];
            // Spielernamen eventuell kuerzen
            if ($site->mobile_version()) {
                // Name ziemlich lang
                if (strlen($playername) > 13) {
                    $playername = str_split($playername, 10);
                    echo htmlent($playername[0]) . "...";
                } else {
                    echo htmlent($playername);
            } else {
                echo htmlentities($playername);
            echo '</td>' . "\n";
            // Mehl
            marke('td', 'mehl');
            if (!strcmp($data['player'][$key]['motto'], '') == 0) {
                $motto = $data['player'][$key]['motto'];
                // motto ziemlich lang
                if (strlen($motto) > 17) {
                    $motto = str_split($motto, 14);
                    $motto = htmlent($motto[0]) . '...';
                echo '(' . htmlent($motto) . ')';
            echo '</td>' . "\n";
            // Existiert Datenbankverbindung?
            if ($connection) {
                // team herausfinden
                marke('td', 'team');
                $callsign = $data['player'][$key]['sign'];
                $query = 'SELECT `teamid` from users WHERE `name`=' . sqlSafeStringQuotes($callsign) . ' LIMIT 1';
                $result = mysql_query($query, $connection);
                if (!$result) {
                    print mysql_error();
                    die("<br>\nQuery {$query} ist ung&uuml;ltiges SQL.");
                $resultarray = mysql_fetch_array($result);
                $teamid = $resultarray['teamid'];
                if ($teamid > 0) {
                    if ($use_internal_db) {
                        $query = 'SELECT `name` from teams WHERE `id`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1';
                    } else {
                        $query = 'SELECT `name` from teams WHERE `teamid`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1';
                    $result = mysql_query($query, $connection);
                    if (!$result) {
                        print mysql_error();
                        die("<br>\nQuery {$query} ist ung&uuml;ltiges SQL.");
                    $resultarray = mysql_fetch_array($result);
                    echo $resultarray['name'];
                echo '</td>' . "\n";
            echo '</tr>' . "\n";
        echo '  </tbody>' . "\n" . '</table>' . "\n";
Esempio n. 30
 function edit()
     global $entry_edit_permission;
     global $config;
     global $site;
     global $tmpl;
     global $user;
     // initialise variables
     $confirmed = 0;
     $content = '';
     // set their values in case the POST variables are set
     if (isset($_POST['confirmationStep'])) {
         $confirmed = intval($_POST['confirmationStep']);
     if (isset($_POST['editPageAgain']) && strlen($_POST['editPageAgain']) > 0) {
         // user looked at preview but chose to edit the message again
         $confirmed = 0;
     if (isset($_POST['staticContent'])) {
         $content = htmlent_decode($_POST['staticContent']);
     // sanity check variabless
     $test = $this->caller->sanityCheck($confirmed);
     switch ($test) {
         case true && $confirmed === 1:
             $tmpl->assign('submitText', 'Write changes');
             // user may decide not to submit after seeing preview
             $tmpl->assign('editAgainText', 'Edit again');
             // use this as guard to prevent selection of noperm or nokeymatch cases
         // use this as guard to prevent selection of noperm or nokeymatch cases
         case strlen($test) < 2:
         case 'noperm':
             $tmpl->assign('MSG', 'You need write permission to edit the content.');
         case 'nokeymatch':
             $tmpl->assign('MSG', 'The magic key does not match, it looks like you came from somewhere else or your session expired.');
     // there is no step lower than 0
     if ($confirmed < 0) {
         $confirmed = 0;
     // increase confirmation step by one so we get to the next level
     if ($confirmed > 1) {
         $tmpl->assign('confirmationStep', 1);
     } else {
         $tmpl->assign('confirmationStep', $confirmed + 1);
     switch ($confirmed) {
         case 1:
         case 2:
             $status = $this->caller->writeContent($content);
             if ($status === true) {
                 if ($tmpl->getTemplateVars('MSG') === null) {
                     $tmpl->assign('MSG', 'Changes written successfully.' . $tmpl->linebreaks("\n\n"));
             } else {
                 $tmpl->assign('MSG', 'Failed writing changes. The underlying error message was: ' . $status . $tmpl->linebreaks("\n\n"));
             $tmpl->assign('submitText', 'Add another entry');
             if ($config->getValue('bbcodeLibAvailable')) {
                 $tmpl->assign('notes', 'Keep in mind to use BBCode instead of HTML or XHTML.');
             } else {
                 if ($config->getValue('useXhtml')) {
                     $tmpl->assign('notes', 'Keep in mind the home page currently uses XHTML, not HTML or BBCode.');
                 } else {
                     $tmpl->assign('notes', 'Keep in mind the home page currently uses HTML, not XHTML or BBCode.');
             $tmpl->assign('submitText', 'Preview');
     $randomKeyName = $this->caller->randomKeyName . microtime();
     // convert some special chars to underscores
     $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_'));
     $randomkeyValue = $site->setKey($randomKeyName);
     $tmpl->assign('keyName', $randomKeyName);
     $tmpl->assign('keyValue', htmlent($randomkeyValue));