function admin_cms_edit($id)
{
global $db;
ob_end_clean();
$db->setMode(0);
ajax_convert_array($_POST);
if (@$_SESSION['rights']['admin']['cms']['edit'] or @$_SESSION['rights']['superadmin']) {
$lang = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'cription_')) {
$lang[substr($key, strpos($key, '_') + 1)] = $value;
}
}
$head = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'eadline_')) {
$head[substr($key, strpos($key, '_') + 1)] = $value;
}
}
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_cms SET `headline` = \'%s\', `content` = \'%s\', `access` = \'%s\' WHERE cmsID = %d', strsave(json_encode($head)), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id))) {
echo 'ok';
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
die;
}
function admin_texte()
{
global $db, $countries;
if (isset($_POST['submit'])) {
foreach ($_POST as $key => $value) {
if (strpos($key, '_h_')) {
$lang = substr($key, 0, strpos($key, '_'));
$name = substr($key, strpos($key, '_') + 3);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_texte SET content = \'%s\', content2 = \'%s\' WHERE name= \'%s\' AND lang = \'%s\';', strsave($_POST[$lang . '_' . $name]), strsave($value), strsave($name), strsave($lang));
$db->query($sql);
}
}
header('Location: ?section=admin&site=texte');
} else {
$tpl = new smarty();
$lang = get_languages();
$db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte ORDER BY lang ASC');
while ($row = $db->fetch_assoc()) {
foreach ($lang as $key => $value) {
if ($value['lang'] == $row['lang']) {
$lang[$key]['data'][$row['name']] = htmlspecialchars($row['content']);
$lang[$key]['headline'][$row['name']] = htmlspecialchars($row['content2']);
}
}
}
$tpl->assign('lang', $lang);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/texte.html');
$content = ob_get_contents();
ob_end_clean();
main_content(TEXTE, $content, '', 1);
}
}
function shoutbox_add()
{
global $db;
if (isset($_GET['ajax'])) {
$db->setMode(0);
ob_end_clean();
ajax_convert_array($_POST);
}
$last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="shoutbox" AND (IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\' OR (userID != 0 AND userID = ' . @(int) $_SESSION['userID'] . '))');
if (!@$_SESSION['userID'] and $_POST['shout_username'] == '' and $_POST['shout_captcha'] == '' and $_POST['shoutbox_msgbox'] == '') {
if (isset($_GET['ajax'])) {
echo html_ajax_convert(NOT_NEED_ALL_INPUTS);
} else {
table(ERROR, NOT_NEED_ALL_INPUTS);
}
} elseif (!@$_SESSION['userID'] and strtolower($_POST['shout_captcha']) != strtolower($_SESSION['captcha_mini'])) {
if (isset($_GET['ajax'])) {
echo html_ajax_convert(CAPTCHA_WRONG);
} else {
table(ERROR, CAPTCHA_WRONG);
}
} elseif (@$_SESSION['userID'] and $_POST['shoutbox_msgbox'] == '') {
if (isset($_GET['ajax'])) {
echo html_ajax_convert(NOT_NEED_ALL_INPUTS);
} else {
table(ERROR, NOT_NEED_ALL_INPUTS);
}
} elseif ($last > time() - SPAM_SHOUTBOX or @(int) $_COOKIE['shoutbox'] > time() - SPAM_SHOUTBOX) {
$last > time() - SPAM_SHOUTBOX ? $zeit = SPAM_SHOUTBOX + $last - time() : ($zeit = SPAM_SHOUTBOX + $_COOKIE['shoutbox'] - time());
if (isset($_GET['ajax'])) {
echo html_ajax_convert(str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG));
} else {
table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG));
}
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `userID`, `author`, `beitrag`, `datum`, `IP`) VALUES (\'shoutbox\', %d, \'%s\', \'%s\', %d, \'%s\')', @$_SESSION['userID'], strsave(htmlspecialchars(@$_POST['shout_username'])), strsave(htmlspecialchars(substr($_POST['shoutbox_msgbox'], 0, SHOUTBOX_MAX_CHARS))), time(), strsave($_SERVER['REMOTE_ADDR']));
if ($db->query($sql)) {
setcookie('shoutbox', time(), time() + 365 * 86400);
if (isset($_GET['ajax'])) {
echo 'ok';
} else {
if ($_SERVER['HTTP_REFERER'] != '') {
header('Location: ' . $_SERVER['HTTP_REFERER'] . '#com_' . $db->last_id());
} else {
header1('?section=news#com_' . $db->last_id());
}
}
}
}
if (isset($_GET['ajax'])) {
die;
}
}
function admin_settings()
{
global $db, $countries;
if (isset($_POST['submit'])) {
unset($_POST['submit']);
$_POST['SITE_URL'] = strrpos($_POST['SITE_URL'], '/') !== strlen($_POST['SITE_URL']) - 1 ? check_url($_POST['SITE_URL'] . '/') : check_url($_POST['SITE_URL']);
$sql = 'UPDATE ' . DB_PRE . 'ecp_settings SET ';
foreach ($_POST as $key => $value) {
$sql .= $key . ' = "' . strsave($value) . '", ';
}
$sql = substr($sql, 0, strlen($sql) - 2);
if ($db->query($sql)) {
header('Location: ?section=admin&site=settings');
}
} else {
$dir = scan_dir('templates', true);
$designs = '';
foreach ($dir as $value) {
if (is_dir('templates/' . $value)) {
$designs .= '<option ' . ($value == DESIGN ? 'selected="selected"' : '') . ' value="' . $value . '">' . $value . '</option>';
}
}
$tpl = new smarty();
$tpl->assign('designs', $designs);
$tpl->assign('langs', get_languages());
$dir = scan_dir('module', true);
$start = '';
foreach ($dir as $value) {
if (is_dir('module/' . $value)) {
$start .= '<option ' . ('modul|' . $value == STARTSEITE ? 'selected="selected"' : '') . ' value="modul|' . $value . '">' . $value . '</option>';
}
}
$start .= '<option value="">-----' . OWN_SITES . '----</option>';
$db->query('SELECT headline, cmsID FROM ' . DB_PRE . 'ecp_cms ORDER BY headline ASC');
while ($row = $db->fetch_assoc()) {
$title = json_decode($row['headline'], true);
isset($title[LANGUAGE]) ? $title = $title[LANGUAGE] : ($title = $title[DEFAULT_LANG]);
$start .= '<option ' . ('cms|' . $row['cmsID'] == STARTSEITE ? 'selected="selected"' : '') . ' value="cms|' . $row['cmsID'] . '">' . $title . '</option>';
}
$tpl->assign('startseite', $start);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/settings.html');
$content = ob_get_contents();
ob_end_clean();
main_content(SETTINGS, $content, '', 1);
}
}
function admin_topics_edit($id)
{
global $db;
ob_end_clean();
$db->setMode(0);
ajax_convert_array($_POST);
if (@$_SESSION['rights']['admin']['topics']['edit'] or @$_SESSION['rights']['superadmin']) {
if ($_POST['topicname'] == '' or !$_POST['topicbild']) {
echo NOT_NEED_ALL_INPUTS;
} else {
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_topics SET `topicname` = \'%s\', `beschreibung` = \'%s\', `topicbild` = \'%s\' WHERE tID = %d', strsave($_POST['topicname']), strsave($_POST['beschreibung']), strsave($_POST['topicbild']), $id))) {
echo 'ok';
}
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
die;
}
function admin_links_edit($id)
{
ob_end_clean();
global $db;
if (!isset($_SESSION['rights']['admin']['links']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
if ($_POST['name'] == '' or $_POST['url'] == '') {
echo NOT_NEED_ALL_INPUTS;
} else {
$db->setMode(0);
ajax_convert_array($_POST);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_links SET `name` = \'%s\', `url` = \'%s\', `bannerurl` = \'%s\', `beschreibung` = \'%s\', `hits` = %d WHERE linkID = %d', strsave($_POST['name']), strsave(check_url($_POST['url'])), strsave(check_url($_POST['bannerurl'])), strsave($_POST['beschreibung']), (int) $_POST['hits'], $id);
if ($db->query($sql)) {
echo 'ok';
}
}
}
die;
}
function admin_matchtype_edit($id)
{
global $db;
$db->setMode(0);
ob_end_clean();
ajax_convert_array($_POST);
if (@$_SESSION['rights']['admin']['clanwars']['matchtype_edit'] or @$_SESSION['rights']['superadmin']) {
if ($_POST['name'] == '') {
echo NOT_NEED_ALL_INPUTS;
} else {
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_matchtype SET `matchtypename` = \'%s\', `fightus` = %d WHERE matchtypeID= %d', strsave($_POST['name']), (int) @$_POST['fightus'], $id);
if ($db->query($sql)) {
echo 'ok';
}
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
die;
}
function admin_server_edit($id)
{
ob_end_clean();
global $db;
ajax_convert_array($_POST);
if (!isset($_SESSION['rights']['admin']['server']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
if ($_POST['ip'] == '' or $_POST['port'] == '' or $_POST['gametype'] == '') {
echo NOT_NEED_ALL_INPUTS;
} else {
$db->setMode(0);
list($_POST['port'], $_POST['queryport'], $_POST['sport']) = lgsl_port_conversion($_POST['gametype'], $_POST['port'], $_POST['queryport'], $_POST['sport']);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_server SET `gamename` = \'%s\', `gametype` = \'%s\', `passwort` = \'%s\', `displaymenu` = %d, `ip` = \'%s\', `port` = %d, `queryport` = %d, `sport` = %d, `stat` = %d WHERE serverID = %d', strsave(@$_POST['gamename']), strsave($_POST['gametype']), strsave(@$_POST['passwort']), (int) @$_POST['displaymenu'], strsave($_POST['ip']), (int) $_POST['port'], (int) $_POST['queryport'] == 0 ? (int) $_POST['port'] : (int) $_POST['queryport'], (int) $_POST['sport'], (int) @$_POST['stat'], $id);
if ($db->query($sql)) {
echo 'ok';
}
}
}
die;
}
function admin_calendar_add()
{
global $db;
ob_end_clean();
ajax_convert_array($_POST);
if (@$_SESSION['rights']['admin']['calendar']['add'] or @$_SESSION['rights']['superadmin']) {
$db->setMode(0);
$lang = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'cription_')) {
$lang[substr($key, strpos($key, '_') + 1)] = $value;
}
}
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_calendar (`eventname`, `inhalt`, `access`, `datum`, `userID`)
VALUES (\'%s\', \'%s\', \'%s\', %d, %d)', strsave($_POST['eventname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), strtotime($_POST['datum']), $_SESSION['userID']))) {
echo 'ok';
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
die;
}
function admin_clanwars_editnext($id)
{
if (@$_SESSION['rights']['admin']['clanwars']['edit_next'] or @$_SESSION['rights']['superadmin']) {
global $db;
if (isset($_POST['datum'])) {
if (!$_POST['oppID']) {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_opp (`oppname`, `oppshort`, `homepage`, `country`) VALUES (\'%s\', \'%s\',\'%s\',\'%s\')', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country']));
} else {
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET `oppname` = \'%s\', `oppshort` = \'%s\', `homepage` = \'%s\', `country` = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave(check_url($_POST['homepage'])), strsave($_POST['country']), @$_POST['oppID']);
}
if ($db->query($sql)) {
!$_POST['oppID'] ? $oppid = $db->last_id() : ($oppid = (int) $_POST['oppID']);
$lang = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'cription_')) {
$lang[substr($key, strpos($key, '_') + 1)] = $value;
}
}
$players = array();
foreach ($_POST['players'] as $value) {
$value = trim($value);
if (strpos($value, 'team_') !== false) {
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_members WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1));
while ($row = $db->fetch_assoc()) {
if (!in_array($row['userID'], $players)) {
$players[] = $row['userID'];
}
}
} elseif (strpos($value, 'member_') !== false) {
$ids = substr($value, strpos($value, '_') + 1);
if (!in_array($ids, $players)) {
$players[] = $ids;
}
}
}
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars SET
`tID` = %d,
`mID` = %d,
`gID` = %d,
`datum` = %d,
`xonx` = \'%s\',
hinweise = \'%s\',
`oID` = %d,
`matchlink` = \'%s\',
`resultbylocations` = %d,
`server` = \'%s\',
`livestream` = \'%s\',
`pw` = \'%s\',
`meldefrist` = %d
WHERE warID = %d', (int) $_POST['teamID'], (int) $_POST['matchtypeID'], (int) $_POST['gameID'], strtotime($_POST['datum']), (int) $_POST['xonx1'] . 'on' . (int) $_POST['xonx2'], strsave(json_encode($lang)), $oppid, strsave(check_url($_POST['matchlink'])), (int) @$_POST['winbymaps'], strsave($_POST['server']), strsave($_POST['livestream']), strsave($_POST['pw']), strtotime($_POST['meldefrist']), $id);
if ($db->query($sql)) {
//$db->query('DELETE FROM '.DB_PRE.'ecp_wars_teilnehmer WHERE warID = '.$id);
$aktive = array();
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id);
while ($row = $db->fetch_assoc()) {
$aktive[$row['userID']] = true;
}
$db->query('SELECT scoreID FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC');
$ids = array();
while ($row = $db->fetch_assoc()) {
$ids[] = $row['scoreID'];
}
$own = 0;
$opp = 0;
foreach ($_POST as $key => $value) {
if (strpos($key, 'map_') !== false) {
@$i++;
if ((int) @$_POST['winbymaps']) {
if ((int) $_POST['score_' . $i . '_own'] > (int) $_POST['score_' . $i . '_opp']) {
$own++;
} elseif ((int) $_POST['score_' . $i . '_own'] < (int) $_POST['score_' . $i . '_opp']) {
$opp++;
} else {
$opp++;
$own++;
}
} else {
$own += (int) $_POST['score_' . $i . '_own'];
$opp += (int) $_POST['score_' . $i . '_opp'];
}
if (isset($ids[$i - 1])) {
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_scores SET `lID` = %d, `ownscore` = %d, `oppscore` = %d WHERE scoreID = %d', (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'], $ids[$i - 1]));
} else {
$db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_scores (`wID`, `lID`, `ownscore`, `oppscore`) VALUES (%d, %d, %d, %d)', $id, (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp']));
}
}
}
if (count($players)) {
$text = $db->fetch_assoc('SELECT `content`, `content2` FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEXT_WAR_MSG" AND lang = "' . DEFAULT_LANG . '"');
if ($_POST['messagemode'] == 1) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1);
} else {
$aktive[(int) $value] = false;
}
}
} elseif ($_POST['messagemode'] == 2) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1);
} else {
$aktive[(int) $value] = false;
}
}
} elseif ($_POST['messagemode'] == 3) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1);
send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1);
} else {
$aktive[(int) $value] = false;
}
}
} else {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
} else {
$aktive[(int) $value] = false;
}
}
}
}
foreach ($aktive as $key => $value) {
if ($value == true) {
$db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $key . ' AND warID = ' . $id);
}
}
header1('?section=admin&site=clanwars');
}
}
} else {
$data = $db->fetch_assoc('SELECT `tID`, `mID`, `gID`, `datum`, `xonx`, `hinweise`, `server`, `pw`, meldefrist, livestream, `oID`, `matchlink`, `resultbylocations`, `oppname`, `oppshort`, `homepage`, `country` FROM ' . DB_PRE . 'ecp_wars LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON (oppID = oID) WHERE warID = ' . $id);
$tpl = new smarty();
foreach ($data as $key => $value) {
$tpl->assign($key, $value);
}
$tpl->assign('opps', get_opps($data['oID']));
$tpl->assign('countries', form_country($data['country']));
$tpl->assign('games', get_games_form($data['gID']));
$tpl->assign('teams', get_teams_form($data['tID']));
$tpl->assign('matchtype', get_matchtype_form($data['mID']));
$tpl->assign('lang', get_languages(json_decode($data['hinweise'], true)));
$tpl->assign('func', 'editnext&id=' . $id);
$tpl->assign('datum', date('Y-m-d H:i:s', $data['datum']));
$tpl->assign('meldefrist', date('Y-m-d H:i:s', $data['meldefrist']));
$xonx = explode('on', $data['xonx']);
$tpl->assign('xonx1', $xonx[0]);
$tpl->assign('xonx2', $xonx[1]);
$result = $db->query('SELECT `scoreID`, `lID`, `ownscore`, `oppscore` FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC');
$maps = array();
while ($row = mysql_fetch_assoc($result)) {
$row['i'] = @++$i;
$db->query('SELECT locationID, locationname FROM ' . DB_PRE . 'ecp_wars_locations WHERE gID = ' . $data['gID']);
while ($subrow = $db->fetch_assoc()) {
$subrow['locationID'] == $row['lID'] ? $sub = 'selected="selected"' : ($sub = '');
@($row['maps'] .= '<option ' . $sub . ' value="' . $subrow['locationID'] . '">' . htmlspecialchars($subrow['locationname']) . '</option>');
}
$maps[] = $row;
}
$tpl->assign('maps', $maps);
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id);
$players = array();
while ($row = $db->fetch_assoc()) {
$players[] = $row['userID'];
}
$tpl->assign('members', get_cw_members($players));
ob_start();
$tpl->display(DESIGN . '/tpl/admin/clanwars_next.html');
$content = ob_get_contents();
ob_end_clean();
main_content(CLANWARS_EDIT, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
function teams_edit_member($id, $uid)
{
ob_end_clean();
global $db;
$db->setMode(0);
ajax_convert_array($_POST);
if (!isset($_SESSION['rights']['admin']['teams']['edit_member']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_members SET `name` = \'%s\', `aufgabe` = \'%s\', `aktiv` = %d WHERE teamID = %d AND userID = %d', strsave($_POST['username']), strsave($_POST['task']), (int) @$_POST['aktiv'], $id, $uid))) {
echo 'ok';
}
}
die;
}
function forum_search($id)
{
global $db;
if ($id) {
$sql = 'SELECT `tID`, `bID`, `comID`, com.userID, `postname`, `adatum`, `comment`, u1.username,
`edits`, `editdatum`, `edituserID`, com.IP, `attachs`, `datum`,
`threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`,
`lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`,
`anhaenge`, `rating`, `ratingvotes`, a.boardparentID,
a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname,
u1.sex, u1.signatur, u1.country, comments, money, u1.avatar, u2.username as editfrom, lastklick as online
FROM ' . DB_PRE . 'ecp_forum_comments as com
LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (com.userID = u1.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (com.edituserID = u2.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (com.userID = ' . DB_PRE . 'ecp_user_stats.userID)
LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = com.userID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ')
LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID)
WHERE (a.rightsread = "" OR ' . str_replace('access', 'a.rightsread', $_SESSION['access_search']) . ') AND (a.boardparentID = 0 OR b.rightsread = "" OR ' . str_replace('access', 'b.rightsread', $_SESSION['access_search']) . ')
AND com.userID = ' . $id . ' GROUP BY comID';
$db->query($sql);
if ($db->num_rows()) {
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_search
(`userID`, `IP`, `SID`, `datum`, `stichwort`, `suchart`, `fromusername`,
`usersuchart`, `foren`, `alterart`, `altervalue`, `sortart`, `sortorder`, `sqlquery`, viewas) VALUES (
%d, \'%s\', \'%s\', %d, \'%s\', %d, \'%s\', %d, \'%s\', \'%s\', %d, \'%s\', \'%s\', \'%s\', \'%s\' )', @$_SESSION['userID'], strsave($_SERVER['REMOTE_ADDR']), session_id(), time(), '', 1, $db->result(DB_PRE . 'ecp_user', 'username', 'ID =' . $id), 1, '', '=>', 0, 'adatum', 'DESC', strsave($sql), 'comments'))) {
header1('?section=forum&action=searchresults&id=' . $db->last_id());
}
} else {
table(ERROR, FORUM_SEARCH_NO_RESULTS);
unset($_POST['submit']);
forum_search(0);
}
} else {
if (isset($_POST['submit'])) {
$_POST['username'] = str_replace(array('&feld&', '&feld2&'), '', $_POST['username']);
$_POST['stichwort'] = str_replace(array('&feld&', '&feld2&'), '', $_POST['stichwort']);
if ($_POST['stichwort'] == '' and $_POST['username'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
unset($_POST['submit']);
forum_search(0);
} else {
if (strlen($_POST['stichwort']) < 3 and $_POST['username'] == '') {
table(ERROR, FORUM_SEARCH_MIN_3_CHARS);
unset($_POST['submit']);
forum_search(0);
} else {
if (count(@$_POST['foren'])) {
foreach ($_POST['foren'] as $value) {
@($boards .= ' OR a.boardID = ' . (int) $value . ' OR a.boardparentID = ' . (int) $value);
}
$boardids .= ',' . (int) $value;
$boards = '(' . substr($boards, 4) . ') AND ';
}
@($boards .= '(a.rightsread = "" OR ' . str_replace('access', 'a.rightsread', $_SESSION['access_search']) . ') AND (a.boardparentID = 0 OR b.rightsread = "" OR ' . str_replace('access', 'b.rightsread', $_SESSION['access_search']) . ') AND');
$_POST['alterart'] == '>=' ? '' : ($_POST['alterart'] = '<=');
$_POST['sortorder'] == 'DESC' ? '' : ($_POST['sortorder'] = 'ASC');
switch ($_POST['sortart']) {
case 'adatum':
break;
case 'threadname':
break;
case 'posts':
$_POST['sortart'] = 'c.posts';
break;
case 'views':
break;
case 'datum':
break;
case 'name':
break;
case 'rating':
break;
default:
$_POST['sortart'] = 'adatum';
}
if ($_POST['altervalue'] >= 1 and $_POST['suchart'] == 1) {
$addsearch = ' AND adatum ' . $_POST['alterart'] . ' ';
$addsearch .= time() - (int) $_POST['altervalue'] * 86400;
} else {
if ($_POST['altervalue'] >= 1) {
$addsearch = ' AND datum ' . $_POST['alterart'] . ' ';
$addsearch .= time() - (int) $_POST['altervalue'] * 86400;
}
}
if ($_POST['username'] == '') {
if (strpos($_POST['stichwort'], ' AND ')) {
foreach (explode(' AND ', $_POST['stichwort']) as $value) {
@($suchstring .= ' AND &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\'');
}
$suchstring = '(' . substr($suchstring, 5) . ')';
} elseif (strpos($_POST['stichwort'], ' OR ')) {
foreach (explode(' OR ', $_POST['stichwort']) as $value) {
@($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\'');
}
$suchstring = '(' . substr($suchstring, 4) . ')';
} else {
foreach (explode(' ', $_POST['stichwort']) as $value) {
if ($value != '') {
@($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\'');
}
}
$suchstring = '(' . substr($suchstring, 4) . ')';
}
} else {
if (strpos($_POST['username'], ' AND ')) {
foreach (explode(' AND ', $_POST['stichwort']) as $value) {
@($suchstring .= ' AND (&feld& LIKE \'%' . mysql_real_escape_string($value) . '%\' OR &feld2& LIKE \'%' . mysql_real_escape_string($value) . '%\') ');
}
$suchstring = '(' . substr($suchstring, 5) . ')';
} elseif (strpos($_POST['username'], ' OR ')) {
foreach (explode(' OR ', $_POST['stichwort']) as $value) {
@($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\' OR &feld2& LIKE \'%' . mysql_real_escape_string($value) . '%\'');
}
$suchstring = '(' . substr($suchstring, 4) . ')';
} else {
foreach (explode(' ', $_POST['username']) as $value) {
if ($value != '') {
@($suchstring .= ' OR &feld& LIKE \'%' . mysql_real_escape_string($value) . '%\' OR &feld2& LIKE \'%' . mysql_real_escape_string($value) . '%\'');
}
}
$suchstring = '(' . substr($suchstring, 4) . ')';
}
}
if ($_POST['suchart'] == 1 and $_POST['username'] == '' and $_POST['viewas'] == 'comments') {
$suchstring = str_replace('&feld&', 'comment', $suchstring);
$sql = 'SELECT `tID`, `bID`, `comID`, com.userID, `postname`, `adatum`, `comment`, u1.username,
`edits`, `editdatum`, `edituserID`, com.IP, `attachs`, `datum`,
`threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`,
`lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`,
`anhaenge`, `rating`, `ratingvotes`, a.boardparentID,
a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname,
u1.sex, u1.signatur, u1.country, comments, money, u1.avatar, u2.username as editfrom, lastklick as online
FROM ' . DB_PRE . 'ecp_forum_comments as com
LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (com.userID = u1.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (com.edituserID = u2.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (com.userID = ' . DB_PRE . 'ecp_user_stats.userID)
LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = com.userID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ')
LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID)
WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY comID';
} elseif ($_POST['suchart'] == 1 and $_POST['username'] == '' and $_POST['viewas'] == 'topic') {
$suchstring = str_replace('&feld&', 'comment', $suchstring);
$sql = 'SELECT `threadID`, `bID`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, u1.username, u2.username as lastuserIDname,
`lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`,
`anhaenge`, `rating`, `ratingvotes`, a.boardparentID,
a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname
FROM ' . DB_PRE . 'ecp_forum_comments
LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID)
LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (vonID = u1.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (lastuserID = u2.ID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID)
WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY threadID ';
} elseif ($_POST['username'] == '') {
$suchstring = str_replace('&feld&', 'threadname', $suchstring);
$sql = 'SELECT `threadID`, `bID`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, u1.username, u2.username as lastuserIDname,
`lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`,
`anhaenge`, `rating`, `ratingvotes`, a.boardparentID,
a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname
FROM ' . DB_PRE . 'ecp_forum_threads AS c
LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (vonID = u1.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (lastuserID = u2.ID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID)
WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY threadID';
}
if ($_POST['usersuchart'] == 1 and $_POST['username'] != '') {
$suchstring = str_replace(array('&feld&', '&feld2&'), array('u1.username', 'postname'), $suchstring);
$sql = 'SELECT `tID`, `bID`, `comID`, com.userID, `postname`, `adatum`, `comment`, u1.username,
`edits`, `editdatum`, `edituserID`, com.IP, `attachs`, `datum`,
`threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`,
`lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`,
`anhaenge`, `rating`, `ratingvotes`, a.boardparentID,
a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname,
u1.sex, u1.signatur, u1.country, comments, money, u1.avatar, u2.username as editfrom, lastklick as online
FROM ' . DB_PRE . 'ecp_forum_comments as com
LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (com.userID = u1.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (com.edituserID = u2.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (com.userID = ' . DB_PRE . 'ecp_user_stats.userID)
LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = com.userID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ')
LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (tID = threadID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID)
WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY comID';
} elseif ($_POST['username'] != '') {
$suchstring = str_replace(array('&feld&', '&feld2&'), array('u1.username', 'vonname'), $suchstring);
$sql = 'SELECT `threadID`, `bID`, `datum`, `threadname`, `vonID`, `vonname`, `views`, c.posts, `lastuserID`, u1.username, u2.username as lastuserIDname,
`lastusername`, `lastreplay`, `sticky`, c.closed, `fsurveyID`,
`anhaenge`, `rating`, `ratingvotes`, a.boardparentID,
a.name, a.rightsread, b.rightsread as parentRead, b.name as boardparentname
FROM ' . DB_PRE . 'ecp_forum_threads AS c
LEFT JOIN ' . DB_PRE . 'ecp_user as u1 ON (vonID = u1.ID)
LEFT JOIN ' . DB_PRE . 'ecp_user as u2 ON (lastuserID = u2.ID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (a.boardID = bID)
LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID)
WHERE ' . @$boards . $suchstring . @$addsearch . ' GROUP BY threadID';
}
$db->query($sql);
if ($db->num_rows()) {
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_search
(`userID`, `IP`, `SID`, `datum`, `stichwort`, `suchart`, `fromusername`,
`usersuchart`, `foren`, `alterart`, `altervalue`, `sortart`, `sortorder`, `sqlquery`, viewas) VALUES (
%d, \'%s\', \'%s\', %d, \'%s\', %d, \'%s\', %d, \'%s\', \'%s\', %d, \'%s\', \'%s\', \'%s\', \'%s\' )', @$_SESSION['userID'], strsave($_SERVER['REMOTE_ADDR']), session_id(), time(), strsave($_POST['stichwort']), (int) $_POST['suchart'], strsave($_POST['username']), (int) $_POST['usersuchart'], strsave(substr(@$boardids, 1)), strsave($_POST['alterart']), (int) $_POST['altervalue'], strsave($_POST['sortart']), strsave($_POST['sortorder']), strsave($sql), $_POST['viewas'] == 'topic' ? 'topic' : 'comments'))) {
header1('?section=forum&action=searchresults&id=' . $db->last_id());
}
} else {
table(ERROR, FORUM_SEARCH_NO_RESULTS);
unset($_POST['submit']);
forum_search(0);
}
}
}
} else {
$tpl = new smarty();
$db->query('SELECT `boardID`, `boardparentID`, `name`, `isforum`
FROM ' . DB_PRE . 'ecp_forum_boards
WHERE rightsread = "" OR ' . str_replace('access', 'rightsread', $_SESSION['access_search']) . '
ORDER BY boardparentID, posi ASC');
$boards = array();
while ($row = $db->fetch_assoc()) {
if ($row['isforum'] == 0 or $row['boardparentID'] == 0) {
$boards[$row['boardID']]['name'] = $row['name'];
$boards[$row['boardID']]['isforum'] = $row['isforum'];
} else {
$boards[$row['boardparentID']]['subs'][$row['boardID']]['name'] = $row['name'];
}
}
$links = '';
foreach ($boards as $key => $value) {
$links .= '<option ' . (@$_GET['boardID'] == $key ? 'selected="selected"' : '') . 'value="' . $key . ($value['isforum'] == 1 ? '' : '_sub') . '">-' . $value['name'] . '</option>';
if (isset($value['subs'])) {
foreach ($value['subs'] as $key1 => $value1) {
$links .= '<option ' . (@$_GET['boardID'] == $key1 ? 'selected="selected"' : '') . 'value="' . $key1 . '">|- ' . $value1['name'] . '</option>';
}
}
}
$tpl->assign('foren', $links);
$tpl->assign('path', '<a href="?section=forum">' . FORUM . '</a> <img src="templates/' . DESIGN . '/images/pfeil_o.gif" alt="" /> ' . SEARCH);
ob_start();
$tpl->display(DESIGN . '/tpl/forum/board_head.html');
$tpl->display(DESIGN . '/tpl/forum/search.html');
echo '</div>';
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_SEARCH, $content, '', 1);
}
}
}
function admin_database()
{
global $db;
if (@$_SESSION['rights']['admin']['database']['backup'] or @$_SESSION['rights']['superadmin']) {
if (isset($_POST['submit'])) {
if (isset($_POST['backup_aktiv'])) {
if (!check_email($_POST['backup_email'])) {
table(ERROR, WRONG_EMAIL);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/database_backup.html');
$content = ob_get_contents();
ob_end_clean();
main_content(DATABASE_BACKUP, $content, '', 1);
} else {
switch ($_POST['backup_cycle']) {
case 'day':
$cycle = 'day';
break;
case 'week':
$cycle = 'week';
break;
case 'month':
$cycle = 'month';
break;
default:
$cycle = 'week';
}
if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 1, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) {
header1('?section=admin&site=database');
}
}
} else {
switch ($_POST['backup_cycle']) {
case 'day':
$cycle = 'day';
break;
case 'week':
$cycle = 'week';
break;
case 'month':
$cycle = 'month';
break;
default:
$cycle = 'week';
}
if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 0, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) {
header1('?section=admin&site=database');
}
}
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/database_backup.html');
$content = ob_get_contents();
ob_end_clean();
main_content(DATABASE_BACKUP, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
function account_new_msg()
{
global $db;
if (isset($_POST['submit'])) {
if ($_POST['message'] == '' or $_POST['username'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/account/message_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(MESSAGE_NEW, $content, '', 1);
} else {
$id = $db->result(DB_PRE . 'ecp_user', 'ID', 'username = \'' . strsave($_POST['username']) . '\'');
$last = @$db->result(DB_PRE . 'ecp_messages', 'datum', 'touser = '******' AND fromuser = '******'userID']);
if ($last + SPAM_MESSAGE > time()) {
table(SPAM_PROTECTION, str_replace(array('{sek}', '{zeit}'), array(SPAM_MESSAGE, $last + SPAM_MESSAGE - time()), SPAM_PROTECTION_MSG));
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/account/message_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(MESSAGE_NEW, $content, '', 1);
} else {
if ($id == $_SESSION['userID']) {
table(ERROR, MSG_NOT_TO_YOURSELF);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/account/message_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(MESSAGE_NEW, $content, '', 1);
} elseif ($id and message_send($id, $_SESSION['userID'], $_POST['title'], $_POST['message'])) {
table(INFO, MSG_SUCCESS_SEND);
account_msgbox();
} else {
table(ERROR, USER_NOT_FOUND);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/account/message_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(MESSAGE_NEW, $content, '', 1);
}
}
}
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/account/message_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(MESSAGE_NEW, $content, '', 1);
}
}
function admin_survey_edit($id)
{
ob_end_clean();
ajax_convert_array($_POST);
if (@$_SESSION['rights']['admin']['awards']['edit'] or @$_SESSION['rights']['superadmin']) {
global $db;
$db->setMode(0);
if ($_POST['frage'] == '' or !strtotime($_POST['start']) or !strtotime($_POST['ende']) or $_POST['sperre'] == '' or (int) $_POST['antworten'] < 1 or !count($_POST['rights']) or count($_POST) < 8) {
echo NOT_NEED_ALL_INPUTS;
} elseif (strtotime($_POST['ende']) < strtotime($_POST['start'])) {
echo SURVEY_START_BIG_END;
} else {
if (in_array('all', $_POST['rights'])) {
$rights = '';
} else {
$rights = ',';
foreach ($_POST['rights'] as $key) {
$rights .= (int) $key . ',';
}
}
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_survey SET `start` = %d, `ende` = %d, `frage` = \'%s\', `antworten` =%d, `sperre` = %d, `access` = \'%s\' WHERE surveyID = %d', strtotime($_POST['start']), strtotime($_POST['ende']), strsave($_POST['frage']), (int) $_POST['antworten'], (int) $_POST['sperre'] * (int) $_POST['multi'], strsave($rights), $id);
if ($db->query($sql)) {
foreach ($_POST as $key => $value) {
if (strpos($key, 'answer_') !== false and $value != '') {
if (strpos($key, '_old_')) {
$nr = substr($key, 11);
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_survey_answers SET `answer` = \'%s\', votes = %d WHERE sID = %d AND answerID = %d', strsave($value), (int) $_POST['votes_' . $nr], $id, (int) $nr));
} else {
$db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_survey_answers (`sID`, `answer`) VALUES (%d, \'%s\')', $id, strsave($value)));
}
}
}
echo 'ok';
}
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
die;
}
function admin_newsletter()
{
global $db;
if (isset($_POST['submit'])) {
if (count(@$_POST['user']) == 0) {
table(ERROR, NEWSLETTER_ONE_USER);
$tpl = new smarty();
$tpl->assign('options', get_user_newsletter());
$tpl->assign('titel', $_POST['titel']);
$tpl->assign('art', $_POST['art']);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/rundmail.html');
$content = ob_get_contents();
ob_end_clean();
main_content(NEWSLETTER, $content, '', 1);
} elseif ($_POST['message'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
$tpl->assign('options', get_user_newsletter());
$tpl->assign('titel', $_POST['titel']);
$tpl->assign('art', $_POST['art']);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/rundmail.html');
$content = ob_get_contents();
ob_end_clean();
main_content(NEWSLETTER, $content, '', 1);
} elseif ($_POST['titel'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
$tpl->assign('options', get_user_newsletter());
$tpl->assign('titel', $_POST['titel']);
$tpl->assign('art', $_POST['art']);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/rundmail.html');
$content = ob_get_contents();
ob_end_clean();
main_content(NEWSLETTER, $content, '', 1);
} else {
$user = array();
if (in_array('all_users', $_POST['user'])) {
$result = $db->query('SELECT username, ID, email FROM ' . DB_PRE . 'ecp_user');
while ($row = mysql_fetch_assoc($result)) {
$user[$row['ID']]['username'] = $row['username'];
$user[$row['ID']]['email'] = $row['email'];
}
} else {
foreach ($_POST['user'] as $value) {
if (strlen((int) $value) == strlen($value)) {
$row = $db->fetch_assoc('SELECT username, email FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $value);
$user[$value]['username'] = $row['username'];
$user[$value]['email'] = $row['email'];
} elseif (strpos($value, 'team_') === 0) {
$subresult = $db->query('SELECT ' . DB_PRE . 'ecp_members.userID, username, email FROM ' . DB_PRE . 'ecp_members LEFT JOIN ' . DB_PRE . 'ecp_user ON (' . DB_PRE . 'ecp_members.userID = ' . DB_PRE . 'ecp_user.ID) WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1));
while ($row = mysql_fetch_assoc($subresult)) {
$user[$row['userID']]['username'] = $row['username'];
$user[$row['userID']]['email'] = $row['email'];
}
} elseif (strpos($value, 'group_') === 0) {
$subresult = $db->query('SELECT ' . DB_PRE . 'ecp_user_groups.userID, username, email FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON (' . DB_PRE . 'ecp_user_groups.userID = ' . DB_PRE . 'ecp_user.ID) WHERE gID = ' . (int) substr($value, strpos($value, '_') + 1));
while ($row = mysql_fetch_assoc($subresult)) {
$user[$row['userID']]['username'] = $row['username'];
$user[$row['userID']]['email'] = $row['email'];
}
}
}
}
$i = 0;
$fehler = '';
$sender = '';
switch ($_POST['art']) {
case 'message':
foreach ($user as $key => $value) {
if (message_send($key, $_SESSION['userID'], $_POST['titel'], strsave(str_replace(array('{username}', "\r\n"), array($value['username'], '<br />'), $_POST['message'])), 0, 1)) {
$i++;
$sender .= '<a href="?section=user&id=' . $key . '" target="_blank">' . $value['username'] . '</a>, ';
}
}
break;
case 'mail':
foreach ($user as $key => $value) {
if (send_email($value['email'], $_POST['titel'], str_replace('{username}', $value['username'], $_POST['message']), 0)) {
$i++;
$sender .= '<a href="?section=user&id=' . $key . '" target="_blank">' . $value['username'] . '</a>, ';
} else {
$fehler .= str_replace('{username}', $value['username'], NEWSLETTER_NOT_SEND);
}
}
break;
case 'both':
foreach ($user as $key => $value) {
if (send_email($value['email'], $_POST['titel'], str_replace('{username}', $value['username'], $_POST['message']))) {
if (message_send($key, $_SESSION['userID'], $_POST['titel'], strsave(str_replace(array('{username}', "\r\n"), array($value['username'], '<br />'), $_POST['message'])), 0, 1)) {
$i++;
$sender .= '<a href="?section=user&id=' . $key . '" target="_blank">' . $value['username'] . '</a>, ';
} else {
$fehler .= str_replace('{username}', $value['username'], NEWSLETTER_NOT_SEND);
}
} else {
$fehler .= str_replace('{username}', $value['username'], NEWSLETTER_NOT_SEND);
}
}
break;
}
if (strlen($fehler)) {
table(ERROR, $fehler);
} else {
table(INFO, str_replace('{anzahl}', $i, NEWSLETTER_SUCCESS) . '<br />' . NEWSLETTER_RECEIVER . rtrim($sender, ', '));
}
}
} else {
$tpl = new smarty();
$tpl->assign('options', get_user_newsletter());
ob_start();
$tpl->display(DESIGN . '/tpl/admin/rundmail.html');
$content = ob_get_contents();
ob_end_clean();
main_content(NEWSLETTER, $content, '', 1);
}
}
function clanwars()
{
global $db, $countries;
ob_start();
$tpl = new smarty();
$tpl->assign('win', 0);
$tpl->assign('draw', 0);
$tpl->assign('loss', 0);
$tpl->assign('games', get_games_form((int) @$_GET['gameID']));
$tpl->assign('teams', get_teams_form((int) @$_GET['teamID']));
$tpl->assign('matchtypes', get_matchtype_form((int) @$_GET['matchtypeID']));
$tpl->assign('xonx', get_xonx_form(@$_GET['xonx']));
if (@$_GET['gameID']) {
$where = ' AND gID = ' . (int) $_GET['gameID'];
} else {
$_GET['gameID'] = 0;
}
if (@$_GET['teamID']) {
@($where .= ' AND ' . DB_PRE . 'ecp_wars.tID = ' . (int) $_GET['teamID']);
} else {
$_GET['teamID'] = 0;
}
if (@$_GET['matchtypeID']) {
@($where .= ' AND mID = ' . (int) $_GET['matchtypeID']);
} else {
$_GET['matchtypeID'] = 0;
}
if (@$_GET['xonx']) {
@($where .= ' AND xonx = \'' . strsave($_GET['xonx']) . '\'');
}
switch (@$_GET['sortby']) {
case 'opp':
$orderby = ' oppname ';
break;
case 'matchtype':
$orderby = ' matchtypename ';
break;
case 'team':
$orderby = ' tname ';
break;
default:
$orderby = DB_PRE . 'ecp_wars.datum ';
}
switch (@$_GET['art']) {
case 'asc':
$orderby .= 'ASC ';
break;
default:
$orderby .= 'DESC ';
}
$db->query('SELECT COUNT(result) as val, result FROM ' . DB_PRE . 'ecp_wars WHERE status = 1 ' . @$where . ' GROUP BY result');
while ($row = $db->fetch_assoc()) {
$tpl->assign($row['result'], $row['val']);
@($gesamt += $row['val']);
}
$tpl->assign('anzahl', (int) @$gesamt);
if ((int) @$gesamt) {
ob_start();
$limit = get_sql_limit($gesamt, LIMIT_CLANWARS);
$db->query('SELECT `warID`, ' . DB_PRE . 'ecp_wars.datum, `result`, `resultscore`, `tname`, `oppname`, `country`, ' . DB_PRE . 'ecp_wars_opp.homepage, `icon`, `gamename`, `matchtypename`, COUNT(comID) as comments
FROM ' . DB_PRE . 'ecp_wars
LEFT JOIN ' . DB_PRE . 'ecp_teams ON ' . DB_PRE . 'ecp_teams.tID = ' . DB_PRE . 'ecp_wars.tID
LEFT JOIN ' . DB_PRE . 'ecp_wars_games ON gID = gameID
LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON oID = oppID
LEFT JOIN ' . DB_PRE . 'ecp_wars_matchtype ON mID = matchtypeID
LEFT JOIN ' . DB_PRE . 'ecp_comments ON (subID = warID AND bereich = "clanwars")
WHERE status = 1 ' . @$where . '
GROUP BY warID
ORDER BY ' . $orderby . '
LIMIT ' . $limit[1] . ',' . LIMIT_CLANWARS);
$clanwars = array();
while ($row = $db->fetch_assoc()) {
$row['datum'] = date('d.m.y', $row['datum']);
$row['countryname'] = $countries[$row['country']];
$clanwars[] = $row;
}
$tplcw = new smarty();
if ($limit[0] > 1) {
$tplcw->assign('seiten', makepagelink_ajax('?section=clanwars&gameID=' . $_GET['gameID'] . '&teamID=' . $_GET['teamID'] . '&matchtypeID=' . $_GET['matchtypeID'] . '&xonx=' . $_GET['xonx'] . '&sortby=' . $_GET['sortby'] . '&art=' . $_GET['art'] . '', 'return load_wars(' . $_GET['gameID'] . ', ' . $_GET['teamID'] . ', ' . $_GET['matchtypeID'] . ', \'' . $_GET['xonx'] . '\', \'' . $_GET['sortby'] . '\', \'' . $_GET['art'] . '\', {nr});', @$_GET['page'], $limit[0]));
}
$tplcw->assign('clanwars', $clanwars);
$tplcw->display(DESIGN . '/tpl/clanwars/overview.html');
$content = ob_get_contents();
ob_end_clean();
$tpl->assign('clanwars', @$content);
}
$tpl->display(DESIGN . '/tpl/clanwars/head.html');
$content = ob_get_contents();
ob_end_clean();
main_content(CLANWARS, $content, '', 1);
}
function menu_copy($new)
{
if (@$_SESSION['rights']['admin']['menu']['copy'] or @$_SESSION['rights']['superadmin']) {
if (is_dir('templates/' . $new)) {
global $db;
$result = $db->query('SELECT * FROM ' . DB_PRE . 'ecp_menu WHERE design = \'' . DESIGN . '\'');
while ($row = mysql_fetch_assoc($result)) {
$db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_menu (`name`, `headline`, `inhalt`, `hposi`, `vposi`, `usetpl`, `design`, `access`, `lang`, `modul`)
VALUES (\'%s\', \'%s\', \'%s\', \'%s\', %d, %d, \'%s\', \'%s\', \'%s\', \'%s\')', strsave($row['name']), strsave($row['headline']), strsave($row['inhalt']), strsave($row['hposi']), strsave($row['vposi']), strsave($row['usetpl']), strsave($new), strsave($row['access']), strsave($row['lang']), strsave($row['modul'])));
}
if (!$db->errorNum()) {
table(INFO, MENU_COPY_SUCCESS);
}
} else {
table(ERROR, FILE_NOT_FOUND);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
function admin_news_edit($id)
{
global $db, $groups, $language_array;
if (isset($_POST['submit'])) {
if ($_POST['headline'] == '' or (int) $_POST['topic'] == 0 or $_POST['bodytext'] == '') {
$tpl = new smarty();
$links = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'ink_')) {
$nr = substr($key, strpos($key, '_') + 1);
$links[$nr]['link'] = $value;
} elseif (strpos($key, 'rl_')) {
$nr = substr($key, strpos($key, '_') + 1);
$links[$nr]['url'] = check_url($value);
} else {
$tpl->assign($key, $value);
}
}
$tpl->assign('links', $links);
$db->query('SELECT tID, topicname FROM ' . DB_PRE . 'ecp_topics ORDER by topicname ASC');
$topics = '';
while ($row = $db->fetch_assoc()) {
$_POST['topic'] == $row['tID'] ? $sub = ' selected="selected"' : ($sub = '');
$topics .= '<option' . $sub . ' value="' . $row['tID'] . '">' . $row['topicname'] . '</option>';
}
$tpl->assign('topics', $topics);
$db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC');
in_array('all', $_POST['rights']) ? $rights = '<option value="all" selected="selected">' . ALL . '</option>' : ($rights = '<option value="all">' . ALL . '</option>');
while ($row = $db->fetch_assoc()) {
in_array($row['groupID'], $_POST['rights']) ? $sub = ' selected="selected"' : ($sub = '');
if (isset($groups[$row['name']])) {
$row['name'] = $groups[$row['name']];
}
$rights .= '<option' . $sub . ' value="' . $row['groupID'] . '">' . $row['name'] . '</option>';
}
$files = scan_dir('inc/language', true);
in_array('all', $_POST['rights']) ? $languages = '<option value="all" selected="selected">' . ALL . '</option>' : ($languages = '<option value="all">' . ALL . '</option>');
foreach ($files as $lang) {
if (strpos($lang, '.php')) {
$lang = substr($lang, 0, strpos($lang, '.'));
in_array($lang, $_POST['languages']) ? $sub = ' selected="selected"' : ($sub = '');
@($languages .= '<option' . $sub . ' value="' . $lang . '">' . @$language_array[$lang] . '</option>');
}
}
$tpl->assign('rights', $rights);
$tpl->assign('topics', $topics);
$tpl->assign('languages', $languages);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/news_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(ADMIN_NEWS_ADD, $content, '', 1);
} else {
if (in_array('all', $_POST['rights'])) {
$rights = '';
} else {
$rights = ',';
foreach ($_POST['rights'] as $key) {
$rights .= (int) $key . ',';
}
}
if (in_array('all', $_POST['languages'])) {
$lang = '';
} else {
$lang = ',' . implode(',', $_POST['languages']) . ',';
}
$zeit = strtotime($_POST['datum']);
if ($zeit == 0) {
$zeit = time();
}
$i = 0;
while (isset($_POST['link_' . $i])) {
if ($_POST['link_' . $i] != '' and $_POST['url_' . $i] != '') {
@($links .= '[URL=' . check_url($_POST['url_' . $i] . ']' . $_POST['link_' . $i] . '[/URL]'));
}
$i++;
}
$sql = 'UPDATE ' . DB_PRE . 'ecp_news SET `topicID` = ' . (int) $_POST['topic'] . ',
`access` = \'' . $rights . '\',
`lang` = \'' . strsave($lang) . '\',
`datum` = ' . $zeit . ',
`headline` = \'' . strsave($_POST['headline']) . '\',
`bodytext` = \'' . strsave($_POST['bodytext']) . '\',
`extendtext` = \'' . strsave($_POST['extendtext']) . '\',
`links` = \'' . strsave(@$links) . '\'
WHERE newsID = ' . $id . ';';
if ($db->query($sql)) {
header1('?section=admin&site=news');
}
}
} else {
$news = $db->fetch_assoc('SELECT `topicID`, `access`, `lang`, `datum`, `headline`, `bodytext`, `extendtext`, `links` FROM `' . DB_PRE . 'ecp_news` WHERE newsID = ' . $id);
if (is_array($news)) {
$tpl = new smarty();
$news['datum'] = date('Y-m-d H:i:s', $news['datum']);
$db->query('SELECT tID, topicname FROM ' . DB_PRE . 'ecp_topics ORDER by topicname ASC');
$topics = '';
while ($row = $db->fetch_assoc()) {
$news['topicID'] == $row['tID'] ? $sub = ' selected="selected"' : ($sub = '');
$topics .= '<option' . $sub . ' value="' . $row['tID'] . '">' . $row['topicname'] . '</option>';
}
$tpl->assign('topics', $topics);
$db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC');
if ($news['access'] == '') {
$rights = '<option value="all" selected="selected">' . ALL . '</option>';
$rechte = array();
} else {
$rechte = explode(',', substr($news['access'], 1, strlen($news['access']) - 1));
$rights = '<option value="all">' . ALL . '</option>';
}
while ($row = $db->fetch_assoc()) {
in_array($row['groupID'], $rechte) ? $sub = ' selected="selected"' : ($sub = '');
if (isset($groups[$row['name']])) {
$row['name'] = $groups[$row['name']];
}
$rights .= '<option' . $sub . ' value="' . $row['groupID'] . '">' . $row['name'] . '</option>';
}
$files = scan_dir('inc/language', true);
if ($news['lang'] == '') {
$languages = '<option value="all" selected="selected">' . ALL . '</option>';
$lang1 = array();
} else {
$lang1 = explode(',', substr($news['lang'], 1, strlen($news['lang']) - 1));
$languages = '<option value="all">' . ALL . '</option>';
}
foreach ($files as $lang) {
if (strpos($lang, '.php')) {
$lang = substr($lang, 0, strpos($lang, '.'));
in_array($lang, $lang1) ? $sub = ' selected="selected"' : ($sub = '');
@($languages .= '<option' . $sub . ' value="' . $lang . '">' . @$language_array[$lang] . '</option>');
}
}
if ($news['links'] == '') {
$links = array(0);
} else {
preg_match_all('#\\[URL=(.*)\\](.*)\\[/URL\\]#Uis', $news['links'], $spe);
for ($i = 0; $i < count($spe[1]); $i++) {
$links[$i]['url'] = $spe[1][$i];
$links[$i]['link'] = $spe[2][$i];
}
}
foreach ($news as $key => $value) {
$tpl->assign($key, $value);
}
$tpl->assign('links', $links);
$tpl->assign('rights', $rights);
$tpl->assign('topics', $topics);
$tpl->assign('languages', $languages);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/news_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(ADMIN_NEWS_ADD, $content, '', 1);
} else {
table(ERROR, NO_ENTRIES);
}
}
}
$db->query('SELECT wohnort, country, username, user_pic, koord, ID FROM ' . DB_PRE . 'ecp_user WHERE koord = "' . $row['koord'] . '" ORDER BY ID ASC');
$html = '';
$anzahl = 0;
while ($subrow = $db->fetch_assoc()) {
$html .= ($anzahl != 0 ? '<hr />' : '') . '<img src="images/flaggen/' . $subrow['country'] . '.gif" /> <strong><a href="?section=user&id=' . $subrow['ID'] . '" target="_blank">' . $subrow['username'] . '</a></strong><br />' . $subrow['wohnort'] . '<br /><img src="' . ($subrow['user_pic'] != '' ? 'images/user/' . $subrow['ID'] . '_' . $subrow['user_pic'] : 'templates/' . DESIGN . '/images/nopic.png') . '" alt="" title="' . strsave($subrow['username']) . '" style="max-width: 150px" />';
$anzahl++;
if ($subrow['user_pic'] != '') {
$bilder[] = 'images/user/' . $subrow['ID'] . '_' . $subrow['user_pic'];
}
}
$koord = explode(',', $row['koord']);
$api->addGeoPoint((double) $koord['0'], (double) $koord['1'], $html, isset($first) ? false : true);
$first = false;
} else {
$koord = explode(',', $row['koord']);
$api->addGeoPoint((double) $koord['0'], (double) $koord['1'], '<img src="images/flaggen/' . $row['country'] . '.gif" /> <strong><a href="?section=user&id=' . $row['ID'] . '" target="_blank">' . $row['username'] . '</a></strong><br />' . $row['wohnort'] . '<br /><img src="' . ($row['user_pic'] != '' ? 'images/user/' . $row['ID'] . '_' . $row['user_pic'] : 'templates/' . DESIGN . '/images/nopic.png') . '" alt="" title="' . strsave($row['username']) . '" style="max-width: 150px" />', isset($first) ? false : true);
if ($row['user_pic'] != '') {
$bilder[] = 'images/user/' . $row['ID'] . '_' . $row['user_pic'];
}
$first = false;
}
}
ob_start();
echo $api->getHeadCode() . '<script type="text/javascript">
window.addEvents({
"domready" : function() {
var info = new Element(\'div\', {
\'id\': \'map_info\',
\'html\': \'<div class="tip-top"><div class="tip"><div id="map_tip" class="tip-text"></div></div><div class="tip-bottom"></div></div>\',
\'styles\': {
\'display\': \'none\',
function admin_ranks_edit($id)
{
ob_end_clean();
global $db;
if (!isset($_SESSION['rights']['admin']['ranks']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
$db->setMode(0);
ajax_convert_array($_POST);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_ranks SET `rankname` = \'%s\',`abposts` = %d,`fest` = %d, money = %f WHERE rankID = %d', strsave($_POST['rankname']), (int) @$_POST['abposts'], (int) @$_POST['fest'], (double) str_replace(',', '.', @$_POST['money']), $id);
if ($db->query($sql)) {
echo 'ok';
update_all_ranks();
}
}
die;
}
function admin_forum_edit($id)
{
global $db;
if (@$_SESSION['rights']['admin']['forum']['edit'] or @$_SESSION['rights']['superadmin']) {
if (isset($_POST['submit'])) {
if ($_POST['name'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
} else {
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_forum_boards SET
`boardparentID` = %d,
`name` = \'%s\',
`beschreibung` = \'%s\',
`closed` = %d,
`attachments` = %d,
`attachmaxsize` = %d,
`rightsread` = \'%s\',
`threadopen` = \'%s\',
`postcom` = \'%s\',
`editcom` = \'%s\',
`startsurvey` = \'%s\',
`votesurvey` = \'%s\',
`attachfiles` = \'%s\',
`downloadattch` = \'%s\',
`threadclose` = \'%s\',
`threaddel` = \'%s\',
`threadmove` = \'%s\',
`threadpin` = \'%s\',
`editmocom` = \'%s\',
`delcom` = \'%s\',
`commentsperpost` = %d,
`moneyperpost` = %f
WHERE boardID = %d', $_POST['boardparentID'], strsave($_POST['name']), strsave($_POST['beschreibung']), $_POST['closed'], $_POST['attachments'], $_POST['attachmaxsize'] * $_POST['modifkator'], admin_make_rights($_POST['rightsread']), admin_make_rights($_POST['threadopen']), admin_make_rights($_POST['postcom']), admin_make_rights($_POST['editcom']), admin_make_rights($_POST['startsurvey']), admin_make_rights($_POST['votesurvey']), admin_make_rights($_POST['attachfiles']), admin_make_rights($_POST['downloadattch']), admin_make_rights($_POST['threadclose']), admin_make_rights($_POST['threaddel']), admin_make_rights($_POST['threadmove']), admin_make_rights($_POST['threadpin']), admin_make_rights($_POST['editmocom']), admin_make_rights($_POST['delcom']), $_POST['commentsperpost'], str_replace(',', '.', $_POST['moneyperpost']), $id);
if ($db->query($sql)) {
header1('?section=admin&site=forum');
}
}
} else {
$tpl = new smarty();
$boardinfos = $db->fetch_assoc('SELECT `boardparentID`, `beschreibung`, `name`, `isforum`, `closed`, `commentsperpost`, `moneyperpost`, `attachments`, `attachmaxsize`, `rightsread`, `threadopen`, `postcom`, `editcom`, `startsurvey`, `votesurvey`, `attachfiles`, `downloadattch`, `threadclose`, `threaddel`, `threadmove`, `threadpin`, `editmocom`, `delcom` FROM ' . DB_PRE . 'ecp_forum_boards WHERE boardID = ' . $id);
$tpl->assign('beschreibung', $boardinfos['beschreibung']);
$tpl->assign('isforum', $boardinfos['isforum']);
$tpl->assign('closed', $boardinfos['closed']);
$tpl->assign('commentsperpost', $boardinfos['commentsperpost']);
$tpl->assign('moneyperpost', $boardinfos['moneyperpost']);
$tpl->assign('attachments', $boardinfos['attachments']);
$tpl->assign('attachmaxsize', $boardinfos['attachmaxsize']);
$tpl->assign('name', $boardinfos['name']);
$db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC');
$gruppen = array();
while ($row = $db->fetch_assoc()) {
$gruppen[] = $row;
}
$db->query('SELECT boardID, name FROM ' . DB_PRE . 'ecp_forum_boards WHERE isforum = 0 ORDER BY name ASC');
$boards = '';
while ($row = $db->fetch_assoc()) {
$boards .= '<option ' . ($boardinfos['boardparentID'] == $row['boardID'] ? 'selected="selected" ' : '') . 'value="' . $row['boardID'] . '">' . $row['name'] . '</option>';
}
$tpl->assign('boards', $boards);
$tpl->assign('rightsread', forum_make_rights($gruppen, explode(',', substr($boardinfos['rightsread'], 1, strlen($boardinfos['rightsread']) - 2))));
$tpl->assign('threadopen', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadopen'], 1, strlen($boardinfos['threadopen']) - 2))));
$tpl->assign('postcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['postcom'], 1, strlen($boardinfos['postcom']) - 2))));
$tpl->assign('editcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editcom'], 1, strlen($boardinfos['editcom']) - 2))));
$tpl->assign('startsurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['startsurvey'], 1, strlen($boardinfos['startsurvey']) - 2))));
$tpl->assign('votesurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['votesurvey'], 1, strlen($boardinfos['votesurvey']) - 2))));
$tpl->assign('attachfiles', forum_make_rights($gruppen, explode(',', substr($boardinfos['attachfiles'], 1, strlen($boardinfos['attachfiles']) - 2))));
$tpl->assign('downloadattch', forum_make_rights($gruppen, explode(',', substr($boardinfos['downloadattch'], 1, strlen($boardinfos['downloadattch']) - 2))));
$tpl->assign('threadclose', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadclose'], 1, strlen($boardinfos['threadclose']) - 2))));
$tpl->assign('threaddel', forum_make_rights($gruppen, explode(',', substr($boardinfos['threaddel'], 1, strlen($boardinfos['threaddel']) - 2))));
$tpl->assign('threadmove', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadmove'], 1, strlen($boardinfos['threadmove']) - 2))));
$tpl->assign('threadpin', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadpin'], 1, strlen($boardinfos['threadpin']) - 2))));
$tpl->assign('editmocom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editmocom'], 1, strlen($boardinfos['editmocom']) - 2))));
$tpl->assign('delcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['delcom'], 1, strlen($boardinfos['delcom']) - 2))));
$tpl->assign('url', 'edit&id=' . $id);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/forum_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_ADD, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
function delete_user($id)
{
global $db;
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID = ' . $id)) {
$data = $db->fetch_assoc('SELECT username, avatar, user_pic FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $id);
if ($data['avatar'] != '') {
@unlink('images/avatar/' . $id . '_' . $data['avatar']);
}
if ($data['user_pic'] != '') {
@unlink('images/avatar/' . $id . '_' . $data['user_pic']);
}
$username = $data['username'];
$newid = $db->result(DB_PRE . 'ecp_user_groups', 'userID', 'gID = 1 AND userID != ' . $id . ' ORDER BY userID ASC');
if (!$newid) {
$newid = 1;
}
$db->query('DELETE FROM ' . DB_PRE . 'ecp_buddy WHERE userID = ' . $id . ' OR buddyID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_clankasse_member WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_comments WHERE userID = ' . $id . ' OR (bereich = "user" AND subID = ' . $id . ')');
$db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_abo WHERE userID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET userID = 0 WHERE userID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET lastpostuser = \'' . strsave($username) . '\', lastpostuserID = 0 WHERE lastpostuserID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET vonname = \'' . strsave($username) . '\', vonID = 0 WHERE vonID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'' . strsave($username) . '\', userID = 0 WHERE userID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET lastusername = \'' . strsave($username) . '\', lastuserID = 0 WHERE lastuserID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_lotto_scheine WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_members WHERE userID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_news SET userID = ' . $newid . ' WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_online WHERE uID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_bans WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_codes WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_config WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_groups WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_lastvisits WHERE userID = ' . $id . ' OR visitID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_user_stats WHERE userID = ' . $id);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $id);
if ($db->errorNum()) {
return false;
} else {
return true;
}
}
return true;
}
function admin_games_map_edit($id)
{
global $db;
$db->setMode(0);
ob_end_clean();
ajax_convert_array($_POST);
if (@$_SESSION['rights']['admin']['clanwars']['maps_edit'] or @$_SESSION['rights']['superadmin']) {
if ($_POST['name'] == '' or !$_POST['gameid']) {
echo NOT_NEED_ALL_INPUTS;
} else {
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_locations SET locationname = \'%s\', gID = %d WHERE locationID = %d', strsave($_POST['name']), $_POST['gameid'], $id))) {
echo 'ok';
}
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
die;
}
function admin_downloads_kate_edit($id)
{
global $db;
ob_end_clean();
ajax_convert_array($_POST);
if ($_POST['kname'] == '') {
echo NOT_NEED_ALL_INPUTS;
} else {
$lang = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'cription_')) {
$lang[substr($key, strpos($key, '_') + 1)] = $value;
}
}
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_downloads_kate SET
`subkID` = %d,
`kname` = \'%s\',
`beschreibung` = \'%s\',
`access` = \'%s\'
WHERE kID = %d', (int) $_POST['subID'], strsave($_POST['kname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id);
$db->setMode(0);
if ($db->query($sql)) {
echo 'ok';
}
}
die;
}
break;
case 'find_user':
if (@$_SESSION['rights']['admin']['user'] or @$_SESSION['rights']['superadmin']) {
$tpl = new smarty();
switch ($_POST['suchart']) {
case 'username':
$result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE username LIKE "%' . strsave($_POST['suche']) . '%" ORDER BY username ASC');
break;
case 'email':
$result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE email LIKE "%' . strsave($_POST['suche']) . '%" ORDER BY username ASC');
break;
case 'ID':
$result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE ID = ' . (int) $_POST['suche'] . ' ORDER BY username ASC');
break;
default:
$result = $db->query('SELECT username, ID, registerdate, email, country, uID as online FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_online ON (uID = ID AND lastklick > ' . (time() - SHOW_USER_ONLINE) . ') WHERE username LIKE "%' . strsave($_POST['suche']) . '%" ORDER BY username ASC');
}
$user = array();
while ($row = mysql_fetch_assoc($result)) {
$row['registerdate'] = date(SHORT_DATE, $row['registerdate']);
$row['gruppen'] = array();
$db->query('SELECT gID, name FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_groups ON (gID = groupID) WHERE userID = ' . $row['ID'] . ' ORDER BY name ASC');
while ($sub = $db->fetch_assoc()) {
array_key_exists($sub['name'], $groups) ? $sub['name'] = $groups[$sub['name']] : '';
$row['gruppen'][] = $sub;
}
$user[] = $row;
}
$tpl->assign('user', @$user);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/user_list.html');
header("Content-Encoding: gzip");
return gzencode($OutputHtml);
}
// This code has to be before any output from your site!
// If output exists uncompressed HTML will be delivered!
ob_start("obOutputHandler");
// -------------------------------------------------------------------------------------
// Datei einbinden die notwendige Files l�d
include 'inc/include.php';
// Datei einbinden die Pr�fungen und Updates durchf�hrt
include 'inc/checks.php';
// Index Datei laden und Platzhalter ersetzen
$index = file_get_contents('templates/' . DESIGN . '/index.html');
$search = array('{title}', '{leftmenu}', '{rightmenu}', '{content}', '{javascript}', '{footer}', '{DESIGN}', 'style.css', '{langchanger}');
$replace = array(SITE_TITLE, '<?php echo $leftmenu; ?>', '<?php echo $rightmenu; ?>', '<?php show_content(); ?>', '<?php javascripts(); ?>', '<?php footer(); ?>', DESIGN, 'templates/' . DESIGN . '/style.css', '<?php lang_changer(); ?>');
$index = str_replace($search, $replace, $index);
eval('?>' . $index);
$db->query('UPDATE ' . DB_PRE . 'ecp_online SET SIDDATA = \'' . strsave(serialize($_SESSION)) . '\' WHERE SID = \'' . session_id() . '\' LIMIT 1');
print_r($_SESSION);
/*
echo '<br /><br />';
print_r($_COOKIE);
print_r($_SERVER);
/*$contentalt = ob_get_length();
$content = ob_gzhandler(ob_get_contents(), 1);
echo goodsize(strlen($content)).' ALT: '.goodsize($contentalt);*/
//print_r($_COOKIE);
// -------------------------------------------------------------------------------------
$EnableGZipEncoding = true;
// -------------------------------------------------------------------------------------
$db->close();
if ($db->query($sql)) {
$id = $db->last_id();
$result = $db->query('SELECT groupID FROM ' . DB_PRE . 'ecp_groups WHERE admin LIKE "%joinus:view%"');
$search = 'gID = 1 ';
while ($row = $db->fetch_assoc()) {
$search .= 'OR gID = ' . $row['groupID'];
}
$result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search);
$db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_JOINUS"');
$text = array();
while ($row = $db->fetch_assoc()) {
$text[$row['lang']] = $row;
}
while ($row = mysql_fetch_assoc($result)) {
$search = array('{username}', '{from_username}', '{id}');
$replace = array(strsave($row['username']), strsave(htmlspecialchars($_POST['username'])), $id);
if (!isset($text[$row['country']])) {
$row['country'] = 'de';
}
message_send($row['userID'], 0, $text[$row['country']]['content2'], str_replace($search, $replace, $text[$row['country']]['content']), 0, 1);
}
unset($_SESSION['captcha']);
table(INFO, JOINUS_SUCCESS);
}
}
} else {
$tpl = new smarty();
ob_start();
$tpl->assign('countries', form_country());
$tpl->assign('teams', get_teams_form_joinus());
$tpl->display(DESIGN . '/tpl/joinus/joinus.html');
function admin_smilies_edit($id)
{
ob_end_clean();
global $db;
if (!isset($_SESSION['rights']['admin']['smilies']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
$db->setMode(0);
ajax_convert_array($_POST);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_smilies SET `bedeutung` = \'%s\'WHERE ID = %d', strsave($_POST['bedeutung']), $id);
if ($db->query($sql)) {
echo 'ok';
}
}
die;
}
function admin_user_add()
{
global $db;
if (isset($_POST['submit'])) {
if ($_POST['username'] == '') {
$error[] = '<li>' . NO_USERNAME;
}
if (!check_email($_POST['email'])) {
$error[] = '<li>' . WRONG_EMAIL;
}
if ($_POST['password1'] == '') {
$error[] = '<li>' . NO_PASSWORD;
}
if ($_POST['password1'] != $_POST['password2']) {
$error[] = '<li>' . DIFFERENT_PW;
}
if (strlen($_POST['password1']) < PW_MIN_LENGTH) {
$error[] = '<li>' . SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1;
}
if ($_POST['username'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"')) {
$error[] = '<li>' . ACCOUNT_ALLREADY_EXIST . ' ' . $_POST['username'];
}
if ($_POST['email'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_POST['email']) . '"')) {
$error[] = '<li>' . EMAIL_ALLREADY_EXIST . ' ' . $_POST['email'];
}
if (@$_POST['sex'] != 'male' and @$_POST['sex'] != 'female') {
$error[] = '<li>' . CHOOSE_SEX;
}
if (isset($error)) {
table(ERROR, '<ul>' . implode('</li>', $error) . '</ul>');
$tpl = new smarty();
$tpl->assign('countries', form_country($_POST['country']));
ob_start();
$tpl->display(DESIGN . '/tpl/admin/user_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(REGISTER, $content, '', 1);
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_user (`username`, `email`, `passwort`, `status`, `registerdate`, country) VALUES (\'%s\', \'%s\', \'%s\', %d, %d, \'%s\');', strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), sha1($_POST['password1']), 1, time(), strsave($_POST['country']));
if ($db->query($sql)) {
$userid = $db->last_id();
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_config (userID) VALUES (' . $userid . ')');
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_stats (userID) VALUES (' . $userid . ')');
update_rank($userid);
// Aktivierungscode erstellen
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_groups (userID, gID) VALUES (' . $userid . ', 3)');
// Emailaktivierungstext aus DB holen und Wert einsetzen
$row = $db->fetch_assoc('SELECT content, content2, options FROM ' . DB_PRE . 'ecp_texte WHERE lang = "' . LANGUAGE . '" AND name = "USER_ADD"');
$search = array('{username}', '{clanname}', '{pageurl}', '{password}');
$replace = array($_POST['username'], CLAN_NAME, SITE_URL, $_POST['password1']);
$row['content'] = str_replace($search, $replace, $row['content']);
echo $row['content'];
if (send_email($_POST['email'], $row['content2'], $row['content'], $row['options'])) {
table(INFO, REGISTER_SUCCESS3);
} else {
table(INFO, NO_EMAIL_SEND2);
}
}
}
} else {
$tpl = new smarty();
$tpl->assign('countries', form_country());
ob_start();
$tpl->display(DESIGN . '/tpl/admin/user_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(REGISTER, $content, '', 1);
}
}
