Esempio n. 1
0
function edit_bag()
{
    global $output, $bag_id, $sql, $core;
    // check chosen slots for injection
    $slots = array();
    $temp = $_GET["chosen_slot"];
    for ($i = 0; $i < count($temp); $i++) {
        if (is_numeric($temp[$i])) {
            $slots[] = $temp[$i];
        } else {
            error(lang("global", "err_invalid_input"));
        }
    }
    // build query list
    $query_list = "(";
    for ($i = 0; $i < count($temp); $i++) {
        $query_list .= $temp[$i] . ($i < count($temp) - 1 ? ", " : ")");
    }
    // get items
    $query = "SELECT * FROM point_system_prize_bag_items WHERE bag='" . $bag_id . "' AND slot IN " . $query_list;
    $result = $sql["mgr"]->query($query);
    $items = array();
    $item_counts = array();
    while ($row = $sql["mgr"]->fetch_assoc($result)) {
        $items[] = $row["item_id"];
        $item_counts[] = $row["item_count"];
    }
    $item_temp = explode("-", $_GET["item_character"]);
    $item_realm_id = $item_temp[0];
    $item_receiver = $item_temp[1];
    $item_to = $item_temp[2];
    $temp = array();
    $temp_counts = array();
    while (count($items) != 0) {
        if (count($temp)) {
            unset($temp);
            unset($temp_counts);
            $temp = array();
            $temp_counts = array();
        }
        $lim = count($items) > 12 ? 12 : count($items);
        for ($i = 0; $i < $lim; $i++) {
            $temp[] = array_pop($items);
            $temp_counts[] = array_pop($item_counts);
        }
        $mails = array();
        // if the money & item characters are the same, we only need to send one mail
        $mail["receiver"] = $item_receiver;
        $mail["subject"] = lang("points", "mail_subject_bag");
        $mail["body"] = lang("points", "mail_body_bag");
        $mail["att_gold"] = 0;
        $mail["att_item"] = $temp;
        $mail["att_stack"] = $temp_counts;
        $mail["receiver_name"] = $item_to;
        array_push($mails, $mail);
        // send
        if ($core == 1) {
            $result = send_ingame_mail_A($item_realm_id, $mails, true);
        } else {
            $result = send_ingame_mail_MT($item_realm_id, $mails, true);
        }
    }
    // remove the items from the bag
    $query = "DELETE FROM point_system_prize_bag_items WHERE bag='" . $bag_id . "' AND slot IN " . $query_list;
    $result = $sql["mgr"]->query($query);
    redirect("point_system.php?action=view_bag&bag_id=" . $bag_id);
}
Esempio n. 2
0
function send_mail()
{
    global $output, $logon_db, $characters_db, $realm_id, $action_permission, $user_name, $from_mail, $mailer_type, $smtp_cfg, $GMailSender, $sql, $core;
    // if we came here from Quest Item Vendor or Ultra Vendor,
    // we need to bypass the normal permissions
    if ($_SESSION["vendor_permission"]) {
        valid_login($action_permission["view"]);
        unset($_SESSION["vendor_permission"]);
    } else {
        valid_login($action_permission["update"]);
    }
    $type = isset($_GET["type"]) ? $_GET["type"] : "ingame_mail";
    if (empty($_GET["body"]) || empty($_GET["subject"]) || empty($_GET["group_sign"]) || empty($_GET["group_send"])) {
        redirect("mail.php?error=1");
    }
    $body = explode("\n", $_GET["body"]);
    $subject = $sql["char"]->quote_smart($_GET["subject"]);
    if (isset($_GET["to"]) && $_GET["to"] != "") {
        $to = $sql["char"]->quote_smart($_GET["to"]);
    } else {
        $to = 0;
        if (!isset($_GET["group_value"]) || $_GET["group_value"] === '') {
            redirect("mail.php?error=1");
        } else {
            $group_value = $sql["char"]->quote_smart($_GET["group_value"]);
            $group_sign = $sql["char"]->quote_smart($_GET["group_sign"]);
            $group_send = $sql["char"]->quote_smart($_GET["group_send"]);
        }
    }
    //$type = addslashes($type);
    $att_gold = $sql["char"]->quote_smart($_GET["money"]);
    for ($i = 0; $i < 12; $i++) {
        $temp_item = $sql["char"]->quote_smart($_GET["att_item" . ($i + 1)]);
        $temp_stack = $sql["char"]->quote_smart($_GET["att_stack" . ($i + 1)]);
        if ($temp_item != 0 && $temp_stack == 0) {
            $temp_stack = 1;
        }
        if ($temp_item != "0") {
            $att_item[] = $temp_item;
            $att_stack[] = $temp_stack;
        }
    }
    switch ($type) {
        case "email":
            require_once "libs/mailer/class.phpmailer.php";
            require_once "libs/mailer/authgMail_lib.php";
            $mail = new PHPMailer();
            $mail->Mailer = $mailer_type;
            if ($mailer_type == "smtp") {
                $mail->Host = $smtp_cfg["host"];
                $mail->Port = $smtp_cfg["port"];
                if ($smtp_cfg["user"] != "") {
                    $mail->SMTPAuth = true;
                    $mail->Username = $smtp_cfg["user"];
                    $mail->Password = $smtp_cfg["pass"];
                }
            }
            $value = NULL;
            for ($i = 0; $i < count($body); $i++) {
                $value .= $body[$i] . "\r\n";
            }
            $body = $value;
            $mail->From = $from_mail;
            $mail->FromName = $user_name;
            $mail->Subject = $subject;
            $mail->IsHTML(true);
            $body = str_replace("\n", "<br />", $body);
            $body = str_replace("\r", " ", $body);
            $body = str_replace(array("\r\n", "\n", "\r"), "<br />", $body);
            $body = preg_replace("/([^\\/=\"\\]])((http|ftp)+(s)?:\\/\\/[^<>\\s]+)/i", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $body);
            $body = preg_replace('/([^\\/=\\"\\]])(www\\.)(\\S+)/', '\\1<a href="http://\\2\\3" target="_blank">\\2\\3</a>', $body);
            $mail->Body = $body;
            $mail->WordWrap = 50;
            if ($to) {
                if (!$GMailSender) {
                    //single Recipient
                    $mail->AddAddress($to);
                    if (!$mail->Send()) {
                        $mail->ClearAddresses();
                        redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
                    } else {
                        $mail->ClearAddresses();
                        redirect("mail.php?error=2");
                    }
                } else {
                    //single Recipient
                    $mail_result = authgMail($from_mail, $user_name, $to, $to, $subject, $body, $smtp_cfg);
                    if ($mail_result["quitcode"] != 221) {
                        redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
                    } else {
                        redirect("mail.php?error=2");
                    }
                }
            } elseif (isset($group_value)) {
                //group send
                $email_array = array();
                switch ($group_send) {
                    case "gm_level":
                        if ($core == 1) {
                            $result = $sql["logon"]->query("SELECT email FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
                        } else {
                            $result = $sql["logon"]->query("SELECT email FROM account\r\n                  LEFT JOIN account_access ON account_access.id=account.id\r\n                WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
                        }
                        while ($user = $sql["logon"]->fetch_row($result)) {
                            if ($user[0] != "") {
                                array_push($email_array, $user[0]);
                            }
                        }
                        break;
                    case "locked":
                        //this_is_junk: I'm going to pretend that locked is muted
                        if ($core == 1) {
                            $result = $sql["logon"]->query("SELECT email FROM accounts WHERE muted" . $group_sign . "'" . $group_value . "'");
                        } else {
                            $result = $sql["logon"]->query("SELECT email FROM accounts WHERE locked" . $group_sign . "'" . $group_value . "'");
                        }
                        while ($user = $sql["logon"]->fetch_row($result)) {
                            if ($user[0] != "") {
                                array_push($email_array, $user[0]);
                            }
                        }
                        break;
                    case "banned":
                        //this_is_junk: sigh...
                        $que = $sql["logon"]->query("SELECT id FROM account_banned");
                        while ($banned = $sql->fetch_row($que)) {
                            $result = $sql["logon"]->query("SELECT email FROM accounts WHERE acct='" . $banned[0] . "'");
                            if ($sqlr->result($result, 0, 'email')) {
                                array_push($email_array, $sql->result($result, 0, "email"));
                            }
                        }
                        break;
                    default:
                        redirect("mail.php?error=5");
                        break;
                }
                if (!$GMailSender) {
                    foreach ($email_array as $mail_addr) {
                        $mail->AddAddress($mail_addr);
                        if (!$mail->Send()) {
                            $mail->ClearAddresses();
                            redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo);
                        } else {
                            $mail->ClearAddresses();
                        }
                    }
                } else {
                    $mail_to = implode(",", $email_array);
                    $mail_result = authgMail($from_mail, $user_name, $mail_to, "", $subject, $body, $smtp_cfg);
                    if ($mail_result["quitcode"] != 221) {
                        redirect("mail.php?error=3&mail_err=" . $mail_result["die"]);
                    } else {
                        redirect("mail.php?error=2");
                    }
                }
                redirect("mail.php?error=2");
            } else {
                redirect("mail.php?error=1");
            }
            break;
        case "ingame_mail":
            $value = NULL;
            for ($i = 0; $i < count($body); $i++) {
                $value .= $body[$i] . " ";
            }
            $body = $value;
            $body = str_replace("\r", " ", $body);
            $body = $sql["char"]->quote_smart($body);
            if ($to) {
                //single Recipient
                $result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $to . "'");
                if ($sql["char"]->num_rows($result) == 1) {
                    $receiver = $sql["char"]->result($result, 0, 'guid');
                    $mails = array();
                    $mail["receiver"] = $receiver;
                    $mail["subject"] = $subject;
                    $mail["body"] = $body;
                    $mail["att_gold"] = $att_gold;
                    $mail["att_item"] = $att_item;
                    $mail["att_stack"] = $att_stack;
                    $mail["receiver_name"] = $to;
                    //array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
                    array_push($mails, $mail);
                    if ($core == 1) {
                        send_ingame_mail_A($realm_id, $mails);
                    } else {
                        send_ingame_mail_MT($realm_id, $mails);
                    }
                } else {
                    redirect("mail.php?error=4");
                }
                redirect("mail.php?error=2");
                break;
            } elseif (isset($group_value)) {
                //group send
                $char_array = array();
                switch ($group_send) {
                    case "gm_level":
                        if ($core == 1) {
                            $result = $sql["logon"]->query("SELECT acct FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'");
                        } else {
                            $result = $sql["logon"]->query("SELECT account.id AS acct FROM account\r\n                  LEFT JOIN account_access ON account_access.id=account.id\r\n                WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'");
                        }
                        while ($acc = $sql["char"]->fetch_row($result)) {
                            if ($core == 1) {
                                $result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE acct='" . $acc[0] . "'");
                            } else {
                                $result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE account='" . $acc[0] . "'");
                            }
                            while ($char = $sql["char"]->fetch_row($result_2)) {
                                array_push($char_array, $char[0]);
                            }
                        }
                        break;
                    case "online":
                        $result = $sql["char"]->query("SELECT name FROM `characters` WHERE online" . $group_sign . "'" . $group_value . "'");
                        while ($user = $sql["char"]->fetch_row($result)) {
                            array_push($char_array, $user[0]);
                        }
                        break;
                    case "char_level":
                        $result = $sql["char"]->query("SELECT name FROM `characters` WHERE level" . $group_sign . "'" . $group_value . "'");
                        while ($user = $sql["char"]->fetch_row($result)) {
                            array_push($char_array, $user[0]);
                        }
                        break;
                    default:
                        redirect("mail.php?error=5");
                }
                $mails = array();
                if ($sql["char"]->num_rows($result)) {
                    foreach ($char_array as $receiver) {
                        $result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $receiver . "'");
                        $char_guid = $sql["char"]->fetch_row($result);
                        $mail = array();
                        $mail["receiver"] = $char_guid[0];
                        $mail["subject"] = $subject;
                        $mail["body"] = $body;
                        $mail["att_gold"] = $att_gold;
                        $mail["att_item"] = $att_item;
                        $mail["att_stack"] = $att_stack;
                        $mail["receiver_name"] = $receiver;
                        //array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack));
                        array_push($mails, $mail);
                    }
                    if ($core == 1) {
                        send_ingame_mail_A($realm_id, $mails);
                    } else {
                        send_ingame_mail_MT($realm_id, $mails);
                    }
                    redirect("mail.php?error=2");
                } else {
                    redirect("mail.php?error=4");
                }
            }
            break;
        default:
            redirect("mail.php?error=1");
    }
}