function account_register()
{
global $db;
if (isset($_POST['submit'])) {
if ($_POST['username'] == '') {
$error[] = '<li>' . NO_USERNAME;
}
if (!check_email($_POST['email'])) {
$error[] = '<li>' . WRONG_EMAIL;
}
if ($_POST['password1'] == '') {
$error[] = '<li>' . NO_PASSWORD;
}
if ($_POST['password1'] != $_POST['password2']) {
$error[] = '<li>' . DIFFERENT_PW;
}
if (strlen($_POST['password1']) < PW_MIN_LENGTH) {
$error[] = '<li>' . SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1;
}
if ($_POST['username'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"')) {
$error[] = '<li>' . ACCOUNT_ALLREADY_EXIST . ' ' . $_POST['username'];
}
if ($_POST['email'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_POST['email']) . '"')) {
$error[] = '<li>' . EMAIL_ALLREADY_EXIST . ' ' . $_POST['email'];
}
if (@$_POST['sex'] != 'male' and @$_POST['sex'] != 'female') {
$error[] = '<li>' . CHOOSE_SEX;
}
if (strtolower($_SESSION['captcha']) != strtolower($_POST['captcha'])) {
$error[] = '<li>' . CAPTCHA_WRONG;
}
if (isset($error)) {
table(ERROR, '<ul>' . implode('</li>', $error) . '</ul>');
$tpl = new smarty();
$tpl->assign('countries', form_country($_POST['country']));
ob_start();
$tpl->display(DESIGN . '/tpl/account/account_register.html');
$content = ob_get_contents();
ob_end_clean();
main_content(REGISTER, $content, '', 1);
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_user (`username`, `email`, `passwort`, `status`, `registerdate`, country) VALUES (\'%s\', \'%s\', \'%s\', %d, %d, \'%s\');', strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), sha1($_POST['password1']), SEND_ACCOUNT_CODE ? 0 : 1, time(), strsave($_POST['country']));
if ($db->query($sql)) {
$userid = $db->last_id();
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_config (userID) VALUES (' . $userid . ')');
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_stats (userID) VALUES (' . $userid . ')');
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_groups (userID, gID) VALUES (' . $userid . ', 3)');
update_rank($userid);
if (SEND_ACCOUNT_CODE) {
// Aktivierungscode erstellen
$code = get_random_string(8, 2);
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_codes (userID, code, art) VALUES (' . $userid . ', "' . $code . '", "aktiv")');
// Emailaktivierungstext aus DB holen und Wert einsetzen
$row = $db->fetch_assoc('SELECT content, content2, options FROM ' . DB_PRE . 'ecp_texte WHERE lang = "' . LANGUAGE . '" AND name = "REGISTER_EMAIL"');
$search = array('{username}', '{clanname}', '{pageurl}', '{aktivcode}', '{aktivlink}');
$replace = array($_POST['username'], CLAN_NAME, SITE_URL, $code, SITE_URL . '?section=account&action=open&id=' . $userid . '&key=' . $code);
$row['content'] = str_replace($search, $replace, $row['content']);
if (send_email($_POST['email'], $row['content2'], $row['content'], $row['options'])) {
table(INFO, REGISTER_SUCCESS);
} else {
table(INFO, NO_EMAIL_SEND);
}
} else {
table(INFO, REGISTER_SUCCESS2);
}
}
}
} else {
$tpl = new smarty();
$tpl->assign('countries', form_country());
ob_start();
$tpl->display(DESIGN . '/tpl/account/account_register.html');
$content = ob_get_contents();
ob_end_clean();
main_content(REGISTER, $content, '', 1);
}
}
function update_all_ranks()
{
global $db;
$result = $db->query('SELECT ID FROM ' . DB_PRE . 'ecp_user');
while ($row = mysql_fetch_assoc($result)) {
update_rank($row['ID']);
}
}
break;
case 'user_aktiv':
if (@$_SESSION['rights']['admin']['user']['aktiv'] or @$_SESSION['rights']['superadmin']) {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET status = 1 WHERE ID = ' . (int) $_GET['id'])) {
echo 'ok';
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
break;
case 'change_rank':
if (@$_SESSION['rights']['admin']['user']['change_rang'] or @$_SESSION['rights']['superadmin']) {
if (isset($_POST['newrang'])) {
if ((int) $_POST['newrang'] == 0) {
$db->query('UPDATE ' . DB_PRE . 'ecp_user SET rID = 0 WHERE ID = ' . (int) $_GET['id']);
update_rank((int) $_GET['id']);
if ($db->errorNum() == 0) {
echo 'ok';
}
} else {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET rID = ' . (int) $_POST['newrang'] . ' WHERE ID = ' . (int) $_GET['id'])) {
echo 'ok';
}
}
} else {
$tpl = new smarty();
$tpl->assign('id', (int) $_GET['id']);
$db->query('SELECT rankname, rankID FROM ' . DB_PRE . 'ecp_ranks WHERE fest = 1 ORDER BY rankname ASC');
while ($row = $db->fetch_assoc()) {
@($option .= '<option value="' . $row['rankID'] . '">' . $row['rankname'] . '</option>');
}
function forum_new_replay($bid, $id)
{
global $db;
$thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed,
a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID, a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_threads LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID) WHERE threadID = ' . $id . ' AND bID = ' . $bid);
if (find_access($thread['rightsread']) and find_access($thread['parentRead']) and find_access($thread['postcom'])) {
if ($thread['closed']) {
table(INFO, FORUM_THREAD_CLOSED);
} else {
if (isset($_POST['comment'])) {
if (isset($_SESSION['userID'])) {
$last = (int) @$db->result(DB_PRE . 'ecp_forum_comments', 'adatum', 'userID = ' . $_SESSION['userID'] . ' AND tID = ' . $id . ' ORDER BY adatum DESC LIMIT 1');
} else {
$last = (int) @$db->result(DB_PRE . 'ecp_forum_comments', 'adatum', 'IP = \'' . $_SESSION['userID'] . '\' AND tID = ' . $id . ' ORDER BY adatum DESC LIMIT 1');
if (isset($_COOKIE['lastcomment'])) {
if ($last < $_COOKIE['lastcomment']) {
$last = $_COOKIE['lastcomment'];
}
}
}
if ($_POST['comment'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
ob_start();
foreach ($_POST as $Key => $value) {
$tpl->assign($Key, $value);
}
if ($thread['attachments'] and $thread['attachmaxsize']) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments']);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_REPLAY, $content, '', 1);
} elseif (!isset($_SESSION['userID']) and (strtolower($_SESSION['captcha']) != strtolower($_POST['captcha']) or $_SESSION['captcha'] == '')) {
table(ERROR, CAPTCHA_WRONG);
$tpl = new smarty();
ob_start();
foreach ($_POST as $Key => $value) {
$tpl->assign($Key, $value);
}
if ($thread['attachments'] and $thread['attachmaxsize']) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments']);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_REPLAY, $content, '', 1);
} elseif ($last > time() - SPAM_FORUM_COMMENTS) {
table(SPAM_PROTECTION, str_replace(array('{sek}', '{zeit}'), array(SPAM_FORUM_COMMENTS, $last + SPAM_FORUM_COMMENTS - time()), SPAM_PROTECTION_MSG));
$tpl = new smarty();
ob_start();
foreach ($_POST as $Key => $value) {
$tpl->assign($Key, $value);
}
if ($thread['attachments'] and $thread['attachmaxsize']) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('quote', true);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments']);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
$tpl->assign('quote', true);
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_REPLAY, $content, '', 1);
} else {
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_comments (`tID`, `boardID`, `userID`, `postname`, `adatum`, `comment`, `IP`) VALUES (%d, %d, %d, \'%s\', %d, \'%s\', \'%s\')', $id, $thread['bID'], @(int) $_SESSION['userID'], strsave(htmlspecialchars(@$_POST['username'])), time(), strsave(comment_save($_POST['comment'])), $_SERVER['REMOTE_ADDR']))) {
$comid = $db->last_id();
if (isset($_SESSION['userID'])) {
$db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = comments + ' . $thread['commentsperpost'] . ', money = money + ' . $thread['moneyperpost'] . ' WHERE userID = ' . $_SESSION['userID']);
update_rank($_SESSION['userID']);
}
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET posts = posts +1, lastpost = ' . time() . ', lastthreadID = ' . $id . ', lastpostuserID = ' . (int) @$_SESSION['userID'] . ', lastpostuser = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE boardID = ' . $thread['bID'] . ' OR boardID = ' . $thread['boardparentID']);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET posts = posts +1, lastreplay = ' . time() . ', lastuserID = ' . (int) @$_SESSION['userID'] . ', lastusername = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $id);
if (find_access($thread['attachfiles'])) {
if (UPLOAD_METHOD == 'old') {
$maxattach = $thread['attachments'];
foreach ($_FILES as $key => $value) {
if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) {
continue;
}
$mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']);
if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') {
$sha1 = sha1_file($_FILES[$key]['tmp_name']);
if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $id, $comid))) {
move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1);
umask(0);
chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid);
}
$maxattach--;
}
}
} else {
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid));
if ($db->affekt_rows()) {
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id);
$db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid);
}
}
}
$db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "THREAD_ABO"');
$text = array();
while ($row = $db->fetch_assoc()) {
$text[$row['lang']] = $row;
}
$anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $id . ' AND boardID =' . $bid);
$link = SITE_URL . '?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $id . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $comid;
$result = $db->query('SELECT country, username, email, threadname FROM ' . DB_PRE . 'ecp_forum_abo LEFT JOIN ' . DB_PRE . 'ecp_user ON (userID = ID) LEFT JOIN ' . DB_PRE . 'ecp_forum_threads ON (threadID = thID) WHERE userID != ' . (int) @$_SESSION['userID'] . ' AND thID = ' . $id . ' AND boID = ' . $bid);
while ($row = $db->fetch_assoc()) {
$search = array('{username}', '{link}', '{threadname}');
$replace = array($row['username'], $link, $row['threadname']);
if (!isset($text[$row['country']])) {
$row['country'] = 'de';
}
send_email($row['email'], $text[$row['country']]['content2'], str_replace($search, $replace, $text[$row['country']]['content']), 0);
}
unset($_SESSION['forum']['attach'][$bid]);
setcookie('lastcomment', time(), time() + 365 * 86400);
forum_goto_last($bid, $id);
}
}
} else {
$tpl = new smarty();
ob_start();
if ($thread['attachments'] and $thread['attachmaxsize']) {
$rand = get_random_string(16, 2);
$tpl->assign('attach', find_access($thread['attachfiles']));
$tpl->assign('maxsize', $thread['attachmaxsize']);
$tpl->assign('rand', $rand);
$tpl->assign('sid', session_name() . '=' . session_id());
$tpl->assign('maxuploads', $thread['attachments']);
$tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO));
$_SESSION['forum']['attach'][$bid] = $rand;
}
$tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_POST_REPLAY, $content, '', 1);
forum_thread($bid, $id, 'DESC', true);
}
}
} else {
table(ERROR, ACCESS_DENIED);
}
}
function restore_achievement($id)
{
if (!user_owns_achievement($id)) {
//BAD
return;
}
$achievement = fetch_achievement($id);
if (!$achievement->abandoned && !$achievement->deleted) {
error_log("Line #" . __LINE__ . ":" . __FUNCTION__ . "({$id}) Achievement doesn't need to be undeleted.");
return;
}
if ($achievement->deleted) {
undelete_achievement($id);
}
if ($achievement->abandoned) {
unabandon_achievement($id);
}
update_rank($id, fetch_highest_rank($achievement->parent) + 1);
}
