function forum_do_edit_stick(&$sqlm) { global $forum_lang, $user_lvl, $mmfpm_db; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if ($user_lvl == 0) { error($forum_lang['no_access']); } if (!isset($_GET['id'])) { error($forum_lang['no_such_topic']); } else { $id = $sqlm->quote_smart($_GET['id']); } if (!isset($_GET['state'])) { error('Bad request, please mail admin and describe what you did to get this error.'); } else { $state = $sqlm->quote_smart($_GET['state']); } $sqlm->query(' UPDATE mm_forum_posts SET sticked = ' . $state . ' WHERE id = ' . $id . ''); $sqlm->close(); redirect('forum.php?action=view_topic&id=' . $id . ''); // Queries : 1 }
function search() { global $lang_global, $lang_mail, $output, $itemperpage, $item_datasite, $mangos_db, $characters_db, $realm_id, $sql_search_limit; wowhead_tt(); if (!isset($_GET['search_value']) || !isset($_GET['search_by'])) { redirect("mail_on.php?error=2"); } $sql = new SQL(); $sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $search_value = $sql->quote_smart($_GET['search_value']); $search_by = $sql->quote_smart($_GET['search_by']); $search_menu = array('sender', 'receiver'); // if (!array_key_exists($search_by, $search_menu)) $search_by = 'sender'; $start = isset($_GET['start']) ? $sql->quote_smart($_GET['start']) : 0; $order_by = isset($_GET['order_by']) ? $sql->quote_smart($_GET['order_by']) : "id"; $dir = isset($_GET['dir']) ? $sql->quote_smart($_GET['dir']) : 1; $order_dir = $dir ? "ASC" : "DESC"; $dir = $dir ? 0 : 1; $temp = $sql->query("SELECT guid FROM `characters` WHERE name like '%{$search_value}%'"); $search_value = $sql->result($temp, 0, 'guid'); $query_1 = $sql->query("SELECT count(*) FROM `mail`"); $query = $sql->query("SELECT a.id, a.messageType, a.sender, a.receiver, a.subject, a.itemTextId, a.has_items, a.money, a.cod, a.checked, b.item_template\r\n FROM mail a\r\n INNER JOIN mail_items b ON a.id = b.mail_id\r\n WHERE {$search_by} = {$search_value}\r\n ORDER BY {$order_by} {$order_dir} LIMIT {$start}, {$itemperpage}"); $this_page = $sql->num_rows($query); $all_record = $sql->result($query_1, 0); $total_found = $sql->num_rows($query); //==========================top page navigation starts here======================== $output .= "<center><table class=\"top_hidden\">\r\n <tr><td>\r\n <table class=\"hidden\">\r\n <tr><td>\r\n <form action=\"mail_on.php\" method=\"get\" name=\"form\">\r\n <input type=\"hidden\" name=\"action\" value=\"search\" />\r\n <input type=\"hidden\" name=\"error\" value=\"4\" />\r\n <input type=\"text\" size=\"45\" name=\"search_value\" />\r\n <select name=\"search_by\">\r\n <option value=\"sender\">Sender</option>\r\n <option value=\"receiver\">Receiver</option>\r\n </select></form></td><td>"; makebutton($lang_global['search'], "javascript:do_submit()", 80); $output .= "</td></tr></table>\r\n <td align=\"right\">"; $output .= generate_pagination("mail_on.php?action=search&order_by={$order_by}&dir=" . !$dir, $all_record, $itemperpage, $start); $output .= "</td></tr></table>"; //==========================top page navigation ENDS here ======================== $output .= "<table class=\"lined\">\r\n <tr>\r\n <th width=\"5%\">" . $lang_mail['id'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['mail_type'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['sender'] . "</th>\r\n <th width=\"10%\">" . $lang_mail['receiver'] . "</th>\r\n <th width=\"15%\">" . $lang_mail['subject'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['has_items'] . "</th>\r\n <th width=\"25%\">" . $lang_mail['text'] . "</th>\r\n <th width=\"20%\">" . $lang_mail['money'] . "</th>\r\n <th width=\"5%\">" . $lang_mail['checked'] . "</th>\r\n </tr>"; while ($mail = $sql->fetch_array($query)) { $g = floor($mail[7] / 10000); $mail[7] -= $g * 10000; $s = floor($mail[7] / 100); $mail[7] -= $s * 100; $c = $mail[7]; $money = ""; if ($mail[7] > 0) { $money = $g . "<img src=\"./img/gold.gif\" /> " . $s . "<img src=\"./img/silver.gif\" /> " . $c . "<img src=\"./img/copper.gif\" /> "; } $output .= "<tr valign=top>\r\n <td>{$mail['0']}</td>\r\n <td>" . get_mail_source($mail[1]) . "</td>\r\n <td><a href=\"char.php?id={$mail['2']}\">" . get_char_name($mail[2]) . "</a></td>\r\n <td><a href=\"char.php?id={$mail['3']}\">" . get_char_name($mail[3]) . "</a></td>\r\n <td>{$mail['4']}</td>\r\n "; $output .= "<td>"; $output .= "\r\n <a style=\"padding:2px;\" href=\"{$item_datasite}{$mail[10]}\" target=\"_blank\">\r\n <img class=\"bag_icon\" src=\"" . get_item_icon($mail[10]) . "\" alt=\"\" />\r\n </a>"; //maketooltip("<img src=\"./img/up.gif\" alt=\"\">", $item_datasite{$mail[10]}, $mail[10], "item_tooltip", "target=\"_blank\""); $output .= "</td>"; $output .= "<td>" . get_mail_text($mail[5]) . "</td>\r\n <td>{$money}</td>\r\n <td>" . get_check_state($mail[9]) . "</td>\r\n </tr>"; } /*--------------------------------------------------*/ $output .= "<tr><td colspan=\"6\" class=\"hidden\" align=\"right\">All Mails: {$all_record}</td></tr>\r\n </table></center>"; $sql->close(); }
function do_add_entry() { global $realm_db, $user_name, $output, $action_permission, $user_lvl; valid_login($action_permission['insert']); if (empty($_GET['ban_type']) || empty($_GET['entry']) || empty($_GET['bantime'])) { redirect("banned.php?error=1&action=add_entry"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $ban_type = $sqlr->quote_smart($_GET['ban_type']); $entry = $sqlr->quote_smart($_GET['entry']); if ($ban_type == "account_banned") { $result1 = $sqlr->query("SELECT id FROM account WHERE username ='******'"); if (!$sqlr->num_rows($result1)) { redirect("banned.php?error=4&action=add_entry"); } else { $entry = $sqlr->result($result1, 0, 'id'); } } $bantime = time() + 3600 * $sqlr->quote_smart($_GET['bantime']); $banreason = isset($_GET['banreason']) && $_GET['banreason'] != '' ? $sqlr->quote_smart($_GET['banreason']) : "none"; if ($ban_type === "account_banned") { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$entry}'"); if (!$sqlr->result($result, 0)) { $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}', 1)"); } } else { $sqlr->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}')"); } if ($sqlr->affected_rows()) { redirect("banned.php?error=3&ban_type={$ban_type}"); } else { redirect("banned.php?error=2&ban_type={$ban_type}"); } }
function backup_user(&$sqlr, &$sqlc) { global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $backup_dir, $action_permission; valid_login($action_permission['insert']); $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); if (isset($_GET['check'])) { $check = $sqlr->quote_smart($_GET['check']); } else { redirect("accounts.php?error=1"); } require_once "libs/tab_lib.php"; $subdir = "{$backup_dir}/accounts/" . date("m_d_y_H_i_s") . "_partial"; mkdir($subdir, 0777); for ($t = 0; $t < count($check); $t++) { if ($check[$t] != "") { $query = $sqlr->query("SELECT id FROM account WHERE id = {$check[$t]}"); $acc = $sqlr->fetch_array($query); $file_name_new = $acc[0] . "_{$realm_db['name']}.sql"; $fp = fopen("{$subdir}/{$file_name_new}", 'w') or die($lang_backup['file_write_err']); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$realm_db['name']};\n\n") or die($lang_backup['file_write_err']); foreach ($tab_backup_user_realmd as $value) { $acc_query = $sqlr->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$acc['0']}"); $num_fields = $sqlr->num_fields($acc_query); $numrow = $sqlr->num_rows($acc_query); $result = "-- Dumping data for {$value['0']} " . date("m.d.y_H.i.s") . "\n"; $result .= "LOCK TABLES {$value['0']} WRITE;\n"; $result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$acc['0']};\n"; if ($numrow) { $result .= "INSERT INTO {$value['0']} ("; for ($count = 0; $count < $num_fields; $count++) { $result .= "`" . $sqlr->field_name($acc_query, $count) . "`"; if ($count < $num_fields - 1) { $result .= ","; } } $result .= ") VALUES \n"; for ($i = 0; $i < $numrow; $i++) { $result .= "\t("; $row = $sqlr->fetch_row($acc_query); for ($j = 0; $j < $num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace("\n", "\\n", $row[$j]); if (isset($row[$j])) { if ($sqlr->field_type($acc_query, $j) == "int") { $result .= "{$row[$j]}"; } else { $result .= "'{$row[$j]}'"; } } else { $result .= "''"; } if ($j < $num_fields - 1) { $result .= ","; } } if ($i < $numrow - 1) { $result .= "),\n"; } } $result .= ");\n"; } $result .= "UNLOCK TABLES;\n"; $result .= "\n"; fwrite($fp, $result) or die(error($lang_backup['file_write_err'])); } fclose($fp); foreach ($characters_db as $db) { $file_name_new = $acc[0] . "_{$db[$realm_id]['name']}.sql"; $fp = fopen("{$subdir}/{$file_name_new}", 'w') or die(error($lang_backup['file_write_err'])); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db[$realm_id]['name']};\n") or die(error($lang_backup['file_write_err'])); fwrite($fp, "USE {$db[$realm_id]['name']};\n\n") or die(error($lang_backup['file_write_err'])); $all_char_query = $sqlc->query("SELECT guid,name FROM `characters` WHERE account = {$acc['0']}"); while ($char = $sqlc->fetch_array($all_char_query)) { fwrite($fp, "-- Dumping data for character {$char['1']}\n") or die(error($lang_backup['file_write_err'])); foreach ($tab_backup_user_characters as $value) { $char_query = $sqlc->query("SELECT * FROM {$value['0']} WHERE {$value['1']} = {$char['0']}"); $num_fields = $sqlc->num_fields($char_query); $numrow = $sqlc->num_rows($char_query); $result = "LOCK TABLES {$value['0']} WRITE;\n"; $result .= "DELETE FROM {$value['0']} WHERE {$value['1']} = {$char['0']};\n"; if ($numrow) { $result .= "INSERT INTO {$value['0']} ("; for ($count = 0; $count < $num_fields; $count++) { $result .= "`" . $sqlc->field_name($char_query, $count) . "`"; if ($count < $num_fields - 1) { $result .= ","; } } $result .= ") VALUES \n"; for ($i = 0; $i < $numrow; $i++) { $result .= "\t("; $row = $sqlc->fetch_row($char_query); for ($j = 0; $j < $num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace("\n", "\\n", $row[$j]); if (isset($row[$j])) { if ($sqlc->field_type($char_query, $j) == "int") { $result .= "{$row[$j]}"; } else { $result .= "'{$row[$j]}'"; } } else { $result .= "''"; } if ($j < $num_fields - 1) { $result .= ","; } } if ($i < $numrow - 1) { $result .= "),\n"; } } $result .= ");\n"; } $result .= "UNLOCK TABLES;\n"; $result .= "\n"; fwrite($fp, $result) or die(error($lang_backup['file_write_err'])); } } fclose($fp); } } } redirect("accounts.php?error=15"); }
function instances() { global $output, $lang_instances, $realm_id, $world_db, $mmfpm_db, $itemperpage; $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); //-------------------SQL Injection Prevention-------------------------------- // this page has multipage support and field ordering, so we need these $start = isset($_GET['start']) ? $sqlw->quote_smart($_GET['start']) : 0; if (is_numeric($start)) { } else { $start = 0; } $order_by = isset($_GET['order_by']) ? $sqlw->quote_smart($_GET['order_by']) : 'levelMin'; if (preg_match('/^[_[:lower:]]{1,11}$/', $order_by)) { } else { $order_by = 'levelMin'; } $dir = isset($_GET['dir']) ? $sqlw->quote_smart($_GET['dir']) : 1; if (preg_match('/^[01]{1}$/', $dir)) { } else { $dir = 1; } $order_dir = $dir ? 'ASC' : 'DESC'; $dir = $dir ? 0 : 1; //-------------------SQL Injection Prevention-------------------------------- // for multipage support $all_record = $sqlw->result($sqlw->query('SELECT count(*) FROM instance_template'), 0); // main data that we need for this page, instances $result = $sqlw->query(' SELECT map, levelMin, levelMax FROM instance_template ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ';'); //---------------Page Specific Data Starts Here-------------------------- $output .= ' <center> <table class="top_hidden"> <tr> <td width="25%" align="right">'; // multi page links $output .= $lang_instances['total'] . ' : ' . $all_record . '<br /><br />' . generate_pagination('instances.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1), $all_record, $itemperpage, $start); // column headers, with links for sorting $output .= ' </td> </tr> </table> <table class="lined"> <tr> <th width="20%"><a href="instances.php?order_by=map&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'map' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_instances['map'] . '</a></th> <th width="5%"><a href="instances.php?order_by=levelMin&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'levelMin' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_instances['level_min'] . '</a></th> <th width="5%"><a href="instances.php?order_by=levelMax&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'levelMax' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_instances['level_max'] . '</a></th> <th width="20%">' . $lang_instances['area'] . '</th> <th width="10%">' . $lang_instances['type'] . '</th> <th width="5%">' . $lang_instances['expansion'] . '</th> <th width="5%">' . $lang_instances['ppl'] . '</th> </tr>'; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); while ($instances = $sqlw->fetch_assoc($result)) { $output .= ' <tr valign="top"> <td>' . get_map_name($instances['map'], $sqlm) . '</td> <td>' . char_get_level_color($instances['levelMin']) . '</td> <td>' . char_get_level_color($instances['levelMax']) . '</td> <td>' . get_map_zone($instances['map'], $sqlm) . '</td> <td>' . get_map_type($instances['map'], $sqlm) . '</td> <td>' . get_map_exp($instances['map'], $sqlm) . '</td> <td>' . get_map_ppl($instances['map'], $sqlm) . '</td> </tr>'; } unset($reset); unset($hours); unset($days); unset($instances); unset($result); $output .= ' </table> <table class="top_hidden"> <tr> <td width="25%" align="right">'; // multi page links $output .= $lang_instances['total'] . ' : ' . $all_record . '<br /><br />' . generate_pagination('instances.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1), $all_record, $itemperpage, $start); unset($start); $output .= ' </td> </tr> </table> </center>'; }
function del_guild() { global $lang_guild, $lang_global, $output, $characters_db, $realm_id, $realm_db, $action_permission, $user_lvl, $user_id; $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); if (empty($_GET['realm'])) { $realmid = $realm_id; } else { $realmid = $sqlr->quote_smart($_GET['realm']); if (!is_numeric($realmid)) { $realmid = $realm_id; } } if (isset($_GET['id'])) { $id = $_GET['id']; } else { redirect("guild.php?error=1&realm={$realmid}"); } if (is_numeric($id)) { } else { redirect("guild.php?error=5&realm={$realmid}"); } $sqlc = new SQL(); $sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']); $q_amIguildleader = $sqlc->query("select 1 from guild where guildid = '{$id}' and leaderguid in (select guid from characters where account = '{$user_id}')"); $amIguildleader = $sqlc->result($q_amIguildleader, 0, '1'); if ($user_lvl < $action_permission['delete'] && !$amIguildleader) { redirect("guild.php?error=6&realm={$realmid}"); } $output .= "\r\n <center>\r\n <h1><font class=\"error\">{$lang_global['are_you_sure']}</font></h1>\r\n <br />\r\n <font class=\"bold\">{$lang_guild['guild_id']}: {$id} {$lang_global['will_be_erased']}</font>\r\n <br /><br />\r\n <form action=\"cleanup.php?action=docleanup\" method=\"post\" name=\"form\">\r\n <input type=\"hidden\" name=\"type\" value=\"guild\" />\r\n <input type=\"hidden\" name=\"check\" value=\"-{$id}\" />\r\n <input type=\"hidden\" name=\"override\" value=\"1\" />\r\n <table class=\"hidden\">\r\n <tr>\r\n <td>"; makebutton($lang_global['yes'], "javascript:do_submit()\" type=\"wrn", 130); $output .= "\r\n </td>\r\n <td>"; makebutton($lang_global['no'], "guild.php?action=view_guild&realm={$realmid}&id={$id}\" type=\"def", 130); $output .= ' </td> </tr> </table> </form> </center> <br />'; }
function saveserver() { global $corem_db; $sqlm = new SQL(); $sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]); $server_id = $sqlm->quote_smart($_GET["index"]); $new_server_id = $sqlm->quote_smart($_GET["new_index"]); $server_name = $sqlm->quote_smart($_GET["server_name"]); $server_hosti = $sqlm->quote_smart($_GET["server_hosti"]); $server_hostp = $sqlm->quote_smart($_GET["server_hostp"]); $server_port = $sqlm->quote_smart($_GET["server_port"]); $server_telnet_port = isset($_GET["server_telnet_port"]) ? $sqlm->quote_smart($_GET["server_telnet_port"]) : NULL; $server_telnet_user = isset($_GET["server_telnet_user"]) ? strtoupper($sqlm->quote_smart($_GET["server_telnet_user"])) : NULL; $server_telnet_pass = isset($_GET["server_telnet_pass"]) ? $sqlm->quote_smart($_GET["server_telnet_pass"]) : NULL; $server_type = $sqlm->quote_smart($_GET["server_type"]); $server_color = $sqlm->quote_smart($_GET["server_color"]); $server_timezone = $sqlm->quote_smart($_GET["server_timezone"]); $server_factions = isset($_GET["server_both"]) ? 1 : 0; $server_stats = isset($_GET["server_stats"]) ? $sqlm->quote_smart($_GET["server_stats"]) : NULL; $result = $sqlm->query("UPDATE config_servers SET `Index`='" . $new_server_id . "', Address='" . $server_hosti . "', Port='" . $server_port . "', Telnet_Port='" . $server_telnet_port . "', Telnet_User='******', Telnet_Pass='******', Both_Factions='" . $server_factions . "', Stats_XML='" . $server_stats . "', Name='" . $server_name . "', External_Address='" . $server_hostp . "', Port='" . $server_port . "', Icon='" . $server_type . "', Color='" . $server_color . "', Timezone='" . $server_timezone . "' WHERE `Index`='" . $server_id . "'"); redirect("admin.php?section=servers"); }
function do_update() { global $world_db, $realm_id, $action_permission, $user_lvl, $locales_search_option; // on update, use replace.. and else insert if ($_POST['insert'] == "1") { if ($user_lvl < $action_permission['insert']) { redirect("creature.php?error=9"); } $db_action_creature = "INSERT"; } else { if ($user_lvl < $action_permission['update']) { redirect("creature.php?error=9"); } $db_action_creature = "REPLACE"; } //($del_trainer_spell || $del_loot_items || $del_skin_items || $del_pp_items || $del_questrelation || $del_involvedrelation || $del_vendor_item ) && if ($user_lvl < $action_permission['delete']) { redirect("creature.php?error=9"); } $deplang = get_lang_id(); if (!isset($_POST['entry']) || $_POST['entry'] === '') { redirect("creature.php?error=1"); } $sql = new SQL(); $sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $entry = $sql->quote_smart($_POST['entry']); if (isset($_POST['difficulty_entry_1']) && $_POST['difficulty_entry_1'] != '') { $difficulty_entry_1 = $sql->quote_smart($_POST['difficulty_entry_1']); } else { $difficulty_entry_1 = 0; } if (isset($_POST['modelid1']) && $_POST['modelid2'] != '') { $modelid1 = $sql->quote_smart($_POST['modelid1']); } else { $modelid1 = 0; } if (isset($_POST['modelid3']) && $_POST['modelid3'] != '') { $modelid3 = $sql->quote_smart($_POST['modelid3']); } else { $modelid3 = 0; } if (isset($_POST['name']) && $_POST['name'] != '') { $name = $sql->quote_smart($_POST['name']); } else { $name = ""; } if (isset($_POST['subname']) && $_POST['subname'] != '') { $subname = $sql->quote_smart($_POST['subname']); } else { $subname = ""; } if (isset($_POST['minlevel']) && $_POST['minlevel'] != '') { $minlevel = $sql->quote_smart($_POST['minlevel']); } else { $minlevel = 0; } if (isset($_POST['maxlevel']) && $_POST['maxlevel'] != '') { $maxlevel = $sql->quote_smart($_POST['maxlevel']); } else { $maxlevel = 0; } if (isset($_POST['faction_A']) && $_POST['faction_A'] != '') { $faction_A = $sql->quote_smart($_POST['faction_A']); } else { $faction_A = 0; } if (isset($_POST['faction_H']) && $_POST['faction_H'] != '') { $faction_H = $sql->quote_smart($_POST['faction_H']); } else { $faction_H = 0; } if (isset($_POST['npcflag'])) { $npcflag = $sql->quote_smart($_POST['npcflag']); } else { $npcflag = 0; } if (isset($_POST['speed_walk']) && $_POST['speed_walk'] != '') { $speed_walk = $sql->quote_smart($_POST['speed_walk']); } else { $speed_walk = 0; } if (isset($_POST['rank']) && $_POST['rank'] != '') { $rank = $sql->quote_smart($_POST['rank']); } else { $rank = 0; } if (isset($_POST['mindmg']) && $_POST['mindmg'] != '') { $mindmg = $sql->quote_smart($_POST['mindmg']); } else { $mindmg = 0; } if (isset($_POST['maxdmg']) && $_POST['maxdmg'] != '') { $maxdmg = $sql->quote_smart($_POST['maxdmg']); } else { $maxdmg = 0; } if (isset($_POST['dmgschool']) && $_POST['dmgschool'] != '') { $dmgschool = $sql->quote_smart($_POST['dmgschool']); } else { $dmgschool = 0; } if (isset($_POST['attackpower']) && $_POST['attackpower'] != '') { $attackpower = $sql->quote_smart($_POST['attackpower']); } else { $attackpower = 0; } if (isset($_POST['baseattacktime']) && $_POST['baseattacktime'] != '') { $baseattacktime = $sql->quote_smart($_POST['baseattacktime']); } else { $baseattacktime = 0; } if (isset($_POST['rangeattacktime']) && $_POST['rangeattacktime'] != '') { $rangeattacktime = $sql->quote_smart($_POST['rangeattacktime']); } else { $rangeattacktime = 0; } if (isset($_POST['unit_flags']) && $_POST['unit_flags'] != '') { $unit_flags = $sql->quote_smart($_POST['unit_flags']); } else { $unit_flags = 0; } if (isset($_POST['dynamicflags']) && $_POST['dynamicflags'] != '') { $dynamicflags = $sql->quote_smart($_POST['dynamicflags']); } else { $dynamicflags = 0; } if (isset($_POST['family']) && $_POST['family'] != '') { $family = $sql->quote_smart($_POST['family']); } else { $family = 0; } if (isset($_POST['trainer_type']) && $_POST['trainer_type'] != '') { $trainer_type = $sql->quote_smart($_POST['trainer_type']); } else { $trainer_type = 0; } if (isset($_POST['trainer_spell']) && $_POST['trainer_spell'] != '') { $trainer_spell = $sql->quote_smart($_POST['trainer_spell']); } else { $trainer_spell = 0; } if (isset($_POST['trainer_class']) && $_POST['trainer_class'] != '') { $trainer_class = $sql->quote_smart($_POST['trainer_class']); } else { $trainer_class = 0; } if (isset($_POST['trainer_race']) && $_POST['trainer_race'] != '') { $trainer_race = $sql->quote_smart($_POST['trainer_race']); } else { $trainer_race = 0; } if (isset($_POST['minrangedmg']) && $_POST['minrangedmg'] != '') { $minrangedmg = $sql->quote_smart($_POST['minrangedmg']); } else { $minrangedmg = 0; } if (isset($_POST['maxrangedmg']) && $_POST['maxrangedmg'] != '') { $maxrangedmg = $sql->quote_smart($_POST['maxrangedmg']); } else { $maxrangedmg = 0; } if (isset($_POST['rangedattackpower']) && $_POST['rangedattackpower'] != '') { $rangedattackpower = $sql->quote_smart($_POST['rangedattackpower']); } else { $rangedattackpower = 0; } if (isset($_POST['combat_reach']) && $_POST['combat_reach'] != '') { $combat_reach = $sql->quote_smart($_POST['combat_reach']); } else { $combat_reach = 0; } if (isset($_POST['type']) && $_POST['type'] != '') { $type = $sql->quote_smart($_POST['type']); } else { $type = 0; } if (isset($_POST['flags_extra']) && $_POST['flags_extra'] != '') { $flags_extra = $sql->quote_smart($_POST['flags_extra']); } else { $flags_extra = 0; } if (isset($_POST['type_flags']) && $_POST['type_flags'] != '') { $type_flags = $sql->quote_smart($_POST['type_flags']); } else { $type_flags = 0; } if (isset($_POST['lootid']) && $_POST['lootid'] != '') { $lootid = $sql->quote_smart($_POST['lootid']); } else { $lootid = 0; } if (isset($_POST['pickpocketloot']) && $_POST['pickpocketloot'] != '') { $pickpocketloot = $sql->quote_smart($_POST['pickpocketloot']); } else { $pickpocketloot = 0; } if (isset($_POST['skinloot']) && $_POST['skinloot'] != '') { $skinloot = $sql->quote_smart($_POST['skinloot']); } else { $skinloot = 0; } if (isset($_POST['resistance1']) && $_POST['resistance1'] != '') { $resistance1 = $sql->quote_smart($_POST['resistance1']); } else { $resistance1 = 0; } if (isset($_POST['resistance2']) && $_POST['resistance2'] != '') { $resistance2 = $sql->quote_smart($_POST['resistance2']); } else { $resistance2 = 0; } if (isset($_POST['resistance3']) && $_POST['resistance3'] != '') { $resistance3 = $sql->quote_smart($_POST['resistance3']); } else { $resistance3 = 0; } if (isset($_POST['resistance4']) && $_POST['resistance4'] != '') { $resistance4 = $sql->quote_smart($_POST['resistance4']); } else { $resistance4 = 0; } if (isset($_POST['resistance5']) && $_POST['resistance5'] != '') { $resistance5 = $sql->quote_smart($_POST['resistance5']); } else { $resistance5 = 0; } if (isset($_POST['resistance6']) && $_POST['resistance6'] != '') { $resistance6 = $sql->quote_smart($_POST['resistance6']); } else { $resistance6 = 0; } if (isset($_POST['spell1']) && $_POST['spell1'] != '') { $spell1 = $sql->quote_smart($_POST['spell1']); } else { $spell1 = 0; } if (isset($_POST['spell2']) && $_POST['spell2'] != '') { $spell2 = $sql->quote_smart($_POST['spell2']); } else { $spell2 = 0; } if (isset($_POST['spell3']) && $_POST['spell3'] != '') { $spell3 = $sql->quote_smart($_POST['spell3']); } else { $spell3 = 0; } if (isset($_POST['spell4']) && $_POST['spell4'] != '') { $spell4 = $sql->quote_smart($_POST['spell4']); } else { $spell4 = 0; } if (isset($_POST['mingold']) && $_POST['mingold'] != '') { $mingold = $sql->quote_smart($_POST['mingold']); } else { $mingold = 0; } if (isset($_POST['maxgold']) && $_POST['maxgold'] != '') { $maxgold = $sql->quote_smart($_POST['maxgold']); } else { $maxgold = 0; } if (isset($_POST['AIName']) && $_POST['AIName'] != '') { $AIName = $sql->quote_smart($_POST['AIName']); } else { $AIName = ""; } if (isset($_POST['MovementType']) && $_POST['MovementType'] != '') { $MovementType = $sql->quote_smart($_POST['MovementType']); } else { $MovementType = 0; } if (isset($_POST['InhabitType']) && $_POST['InhabitType'] != '') { $InhabitType = $sql->quote_smart($_POST['InhabitType']); } else { $InhabitType = 0; } if (isset($_POST['ScriptName']) && $_POST['ScriptName'] != '') { $ScriptName = $sql->quote_smart($_POST['ScriptName']); } else { $ScriptName = ""; } if (isset($_POST['RacialLeader']) && $_POST['RacialLeader'] != '') { $RacialLeader = $sql->quote_smart($_POST['RacialLeader']); } else { $RacialLeader = 0; } if (isset($_POST['ChanceOrQuestChance']) && $_POST['ChanceOrQuestChance'] != '') { $ChanceOrQuestChance = $sql->quote_smart($_POST['ChanceOrQuestChance']); } else { $ChanceOrQuestChance = 0; } if (isset($_POST['groupid']) && $_POST['groupid'] != '') { $groupid = $sql->quote_smart($_POST['groupid']); } else { $groupid = 0; } if (isset($_POST['mincountOrRef']) && $_POST['mincountOrRef'] != '') { $mincountOrRef = $sql->quote_smart($_POST['mincountOrRef']); } else { $mincountOrRef = 0; } if (isset($_POST['maxcount']) && $_POST['maxcount'] != '') { $maxcount = $sql->quote_smart($_POST['maxcount']); } else { $maxcount = 0; } if (isset($_POST['lootcondition']) && $_POST['lootcondition'] != '') { $lootcondition = $sql->quote_smart($_POST['lootcondition']); } else { $lootcondition = 0; } if (isset($_POST['condition_value1']) && $_POST['condition_value1'] != '') { $condition_value1 = $sql->quote_smart($_POST['condition_value1']); } else { $condition_value1 = 0; } if (isset($_POST['condition_value2']) && $_POST['condition_value2'] != '') { $condition_value2 = $sql->quote_smart($_POST['condition_value2']); } else { $condition_value2 = 0; } if (isset($_POST['item']) && $_POST['item'] != '') { $item = $sql->quote_smart($_POST['item']); } else { $item = 0; } if (isset($_POST['del_loot_items']) && $_POST['del_loot_items'] != '') { $del_loot_items = $sql->quote_smart($_POST['del_loot_items']); } else { $del_loot_items = NULL; } if (isset($_POST['involvedrelation']) && $_POST['involvedrelation'] != '') { $involvedrelation = $sql->quote_smart($_POST['involvedrelation']); } else { $involvedrelation = 0; } if (isset($_POST['del_involvedrelation']) && $_POST['del_involvedrelation'] != '') { $del_involvedrelation = $sql->quote_smart($_POST['del_involvedrelation']); } else { $del_involvedrelation = NULL; } if (isset($_POST['questrelation']) && $_POST['questrelation'] != '') { $questrelation = $sql->quote_smart($_POST['questrelation']); } else { $questrelation = 0; } if (isset($_POST['del_questrelation']) && $_POST['del_questrelation'] != '') { $del_questrelation = $sql->quote_smart($_POST['del_questrelation']); } else { $del_questrelation = NULL; } if (isset($_POST['del_vendor_item']) && $_POST['del_vendor_item'] != '') { $del_vendor_item = $sql->quote_smart($_POST['del_vendor_item']); } else { $del_vendor_item = NULL; } if (isset($_POST['vendor_item']) && $_POST['vendor_item'] != '') { $vendor_item = $sql->quote_smart($_POST['vendor_item']); } else { $vendor_item = 0; } if (isset($_POST['vendor_maxcount']) && $_POST['vendor_maxcount'] != '') { $vendor_maxcount = $sql->quote_smart($_POST['vendor_maxcount']); } else { $vendor_maxcount = 0; } if (isset($_POST['vendor_incrtime']) && $_POST['vendor_incrtime'] != '') { $vendor_incrtime = $sql->quote_smart($_POST['vendor_incrtime']); } else { $vendor_incrtime = 0; } if (isset($_POST['vendor_extended_cost']) && $_POST['vendor_extended_cost'] != '') { $vendor_extended_cost = $sql->quote_smart($_POST['vendor_extended_cost']); } else { $vendor_extended_cost = 0; } if (isset($_POST['skin_ChanceOrQuestChance']) && $_POST['skin_ChanceOrQuestChance'] != '') { $skin_ChanceOrQuestChance = $sql->quote_smart($_POST['skin_ChanceOrQuestChance']); } else { $skin_ChanceOrQuestChance = 0; } if (isset($_POST['skin_groupid']) && $_POST['skin_groupid'] != '') { $skin_groupid = $sql->quote_smart($_POST['skin_groupid']); } else { $skin_groupid = 0; } if (isset($_POST['skin_mincountOrRef']) && $_POST['skin_mincountOrRef'] != '') { $skin_mincountOrRef = $sql->quote_smart($_POST['skin_mincountOrRef']); } else { $skin_mincountOrRef = 0; } if (isset($_POST['skin_maxcount']) && $_POST['skin_maxcount'] != '') { $skin_maxcount = $sql->quote_smart($_POST['skin_maxcount']); } else { $skin_maxcount = 0; } if (isset($_POST['skin_lootcondition']) && $_POST['skin_lootcondition'] != '') { $skin_lootcondition = $sql->quote_smart($_POST['skin_lootcondition']); } else { $skin_lootcondition = 0; } if (isset($_POST['skin_condition_value1']) && $_POST['skin_condition_value1'] != '') { $skin_condition_value1 = $sql->quote_smart($_POST['skin_condition_value1']); } else { $skin_condition_value1 = 0; } if (isset($_POST['skin_condition_value2']) && $_POST['skin_condition_value2'] != '') { $skin_condition_value2 = $sql->quote_smart($_POST['skin_condition_value2']); } else { $skin_condition_value2 = 0; } if (isset($_POST['skin_item']) && $_POST['skin_item'] != '') { $skin_item = $sql->quote_smart($_POST['skin_item']); } else { $skin_item = 0; } if (isset($_POST['del_skin_items']) && $_POST['del_skin_items'] != '') { $del_skin_items = $sql->quote_smart($_POST['del_skin_items']); } else { $del_skin_items = NULL; } if (isset($_POST['pp_ChanceOrQuestChance']) && $_POST['pp_ChanceOrQuestChance'] != '') { $pp_ChanceOrQuestChance = $sql->quote_smart($_POST['pp_ChanceOrQuestChance']); } else { $pp_ChanceOrQuestChance = 0; } if (isset($_POST['pp_groupid']) && $_POST['pp_groupid'] != '') { $pp_groupid = $sql->quote_smart($_POST['pp_groupid']); } else { $pp_groupid = 0; } if (isset($_POST['pp_mincountOrRef']) && $_POST['pp_mincountOrRef'] != '') { $pp_mincountOrRef = $sql->quote_smart($_POST['pp_mincountOrRef']); } else { $pp_mincountOrRef = 0; } if (isset($_POST['pp_maxcount']) && $_POST['pp_maxcount'] != '') { $pp_maxcount = $sql->quote_smart($_POST['pp_maxcount']); } else { $pp_maxcount = 0; } if (isset($_POST['pp_lootcondition']) && $_POST['pp_lootcondition'] != '') { $pp_lootcondition = $sql->quote_smart($_POST['pp_lootcondition']); } else { $pp_lootcondition = 0; } if (isset($_POST['pp_condition_value1']) && $_POST['pp_condition_value1'] != '') { $pp_condition_value1 = $sql->quote_smart($_POST['pp_condition_value1']); } else { $pp_condition_value1 = 0; } if (isset($_POST['pp_condition_value2']) && $_POST['pp_condition_value2'] != '') { $pp_condition_value2 = $sql->quote_smart($_POST['pp_condition_value2']); } else { $pp_condition_value2 = 0; } if (isset($_POST['pp_item']) && $_POST['pp_item'] != '') { $pp_item = $sql->quote_smart($_POST['pp_item']); } else { $pp_item = 0; } if (isset($_POST['del_pp_items']) && $_POST['del_pp_items'] != '') { $del_pp_items = $sql->quote_smart($_POST['del_pp_items']); } else { $del_pp_items = NULL; } if (isset($_POST['trainer_spell']) && $_POST['trainer_spell'] != '') { $trainer_spell = $sql->quote_smart($_POST['trainer_spell']); } else { $trainer_spell = 0; } if (isset($_POST['spellcost']) && $_POST['spellcost'] != '') { $spellcost = $sql->quote_smart($_POST['spellcost']); } else { $spellcost = 0; } if (isset($_POST['reqskill']) && $_POST['reqskill'] != '') { $reqskill = $sql->quote_smart($_POST['reqskill']); } else { $reqskill = 0; } if (isset($_POST['reqskillvalue']) && $_POST['reqskillvalue'] != '') { $reqskillvalue = $sql->quote_smart($_POST['reqskillvalue']); } else { $reqskillvalue = 0; } if (isset($_POST['reqlevel']) && $_POST['reqlevel'] != '') { $reqlevel = $sql->quote_smart($_POST['reqlevel']); } else { $reqlevel = 0; } if (isset($_POST['del_trainer_spell']) && $_POST['del_trainer_spell'] != '') { $del_trainer_spell = $sql->quote_smart($_POST['del_trainer_spell']); } else { $del_trainer_spell = NULL; } if ($locales_search_option != 0) { // locales for ($lc = 1; $lc < 9; $lc++) { if (isset($_POST['name_loc' . $lc]) && $_POST['name_loc' . $lc] != '' && !preg_match('/^[\\t\\v\\b\\f\\a\\n\\r\\\\"\\? <>[](){}_=+-|!@#$%^&*~`.,\\0]{1,30}$/', $_POST['name_loc' . $lc])) { $name_loc[$lc] = $sql->quote_smart($_POST['name_loc' . $lc]); } else { $name_loc[$lc] = ''; } if (isset($_POST['subname_loc' . $lc]) && $_POST['subname_loc' . $lc] != '' && !preg_match('/^[\\t\\v\\b\\f\\a\\n\\r\\\\"\\? <>[](){}_=+-|!@#$%^&*~`.,\\0]{1,30}$/', $_POST['subname_loc' . $lc])) { $subname_loc[$lc] = $sql->quote_smart($_POST['subname_loc' . $lc]); } else { $subname_loc[$lc] = ''; } } } $tmp = 0; for ($t = 0; $t < count($npcflag); $t++) { if ($npcflag[$t] & 1) { $tmp = $tmp + 1; } if ($npcflag[$t] & 2) { $tmp = $tmp + 2; } if ($npcflag[$t] & 16) { $tmp = $tmp + 16; } if ($npcflag[$t] & 128) { $tmp = $tmp + 128; } if ($npcflag[$t] & 4096) { $tmp = $tmp + 4096; } if ($npcflag[$t] & 8192) { $tmp = $tmp + 8192; } if ($npcflag[$t] & 16384) { $tmp = $tmp + 16384; } if ($npcflag[$t] & 65536) { $tmp = $tmp + 65536; } if ($npcflag[$t] & 131072) { $tmp = $tmp + 131072; } if ($npcflag[$t] & 262144) { $tmp = $tmp + 262144; } if ($npcflag[$t] & 524288) { $tmp = $tmp + 524288; } if ($npcflag[$t] & 1048576) { $tmp = $tmp + 1048576; } if ($npcflag[$t] & 2097152) { $tmp = $tmp + 2097152; } if ($npcflag[$t] & 4194304) { $tmp = $tmp + 4194304; } if ($npcflag[$t] & 268435456) { $tmp = $tmp + 268435456; } } $npcflag = $tmp ? $tmp : 0; // insert or update creature $sql_query = "{$db_action_creature} INTO creature_template ( entry, difficulty_entry_1, modelid1, modelid3, name, subname, minlevel, maxlevel, faction_A, faction_H, npcflag, speed_walk, rank, mindmg, maxdmg, dmgschool, attackpower, baseattacktime, rangeattacktime, unit_flags, dynamicflags, family, trainer_type, trainer_spell, trainer_class, trainer_race, minrangedmg, maxrangedmg, rangedattackpower, type, flags_extra, type_flags, lootid, pickpocketloot, skinloot, resistance1, resistance2, resistance3, resistance4, resistance5, resistance6, spell1, spell2, spell3, spell4, mingold, maxgold, AIName, MovementType, InhabitType, RacialLeader, ScriptName) VALUES ( '{$entry}', '{$difficulty_entry_1}', '{$modelid1}', '{$modelid3}', '{$name}', '{$subname}', '{$minlevel}', '{$maxlevel}', '{$faction_A}', '{$faction_A}', '{$npcflag}', '{$speed_walk}', '{$rank}', '{$mindmg}', '{$maxdmg}', '{$dmgschool}', '{$attackpower}', '{$baseattacktime}', '{$rangeattacktime}', '{$unit_flags}', '{$dynamicflags}', '{$family}', '{$trainer_type}', '{$trainer_spell}', '{$trainer_class}', '{$trainer_race}', '{$minrangedmg}', '{$maxrangedmg}', '{$rangedattackpower}', '{$type}', '{$flags_extra}', '{$type_flags}', '{$lootid}', '{$pickpocketloot}', '{$skinloot}', '{$resistance1}', '{$resistance2}', '{$resistance3}', '{$resistance4}', '{$resistance5}', '{$resistance6}', '{$spell1}', '{$spell2}', '{$spell3}', '{$spell4}', '{$mingold}', '{$maxgold}', '{$AIName}', '{$MovementType}', '{$InhabitType}', '{$RacialLeader}', '{$ScriptName}' );\n"; if ($trainer_spell) { $sql_query .= "{$db_action_creature} INTO npc_trainer (entry, spell, spellcost, reqskill, reqskillvalue, reqlevel) VALUES ({$entry},{$trainer_spell},{$spellcost},{$reqskill} ,{$reqskillvalue} ,{$reqlevel});\n"; } if ($del_trainer_spell) { foreach ($del_trainer_spell as $spell_id) { $sql_query .= "DELETE FROM npc_trainer WHERE entry = {$entry} AND spell = {$spell_id};\n"; } } if ($item) { $sql_query .= "{$db_action_creature} INTO creature_loot_template (entry, item, ChanceOrQuestChance, `groupid`, mincountOrRef, maxcount, lootcondition, condition_value1, condition_value2) VALUES ({$lootid},{$item},'{$ChanceOrQuestChance}', '{$groupid}' ,{$mincountOrRef} ,{$maxcount} ,{$lootcondition} ,{$condition_value1} ,{$condition_value2});\n"; } if ($del_loot_items) { foreach ($del_loot_items as $item_id) { $sql_query .= "DELETE FROM creature_loot_template WHERE entry = {$lootid} AND item = {$item_id};\n"; } } if ($skin_item) { $sql_query .= "{$db_action_creature} INTO skinning_loot_template (entry, item, ChanceOrQuestChance, `groupid`, mincountOrRef, maxcount, lootcondition, condition_value1, condition_value2) VALUES ({$skinloot},{$skin_item},'{$skin_ChanceOrQuestChance}', '{$skin_groupid}' ,{$skin_mincountOrRef} ,{$skin_maxcount} ,{$skin_lootcondition} ,{$skin_condition_value1} ,{$skin_condition_value2});\n"; } if ($del_skin_items) { foreach ($del_skin_items as $item_id) { $sql_query .= "DELETE FROM skinning_loot_template WHERE entry = {$skinloot} AND item = {$item_id};\n"; } } if ($pp_item) { $sql_query .= "{$db_action_creature} INTO pickpocketing_loot_template (entry, item, ChanceOrQuestChance, `groupid`, mincountOrRef, maxcount, lootcondition, condition_value1, condition_value2) VALUES ({$pickpocketloot},{$pp_item},'{$pp_ChanceOrQuestChance}', '{$pp_groupid}' ,{$pp_mincountOrRef} ,{$pp_maxcount} ,{$pp_lootcondition} ,{$pp_condition_value1} ,{$pp_condition_value2});\n"; } if ($del_pp_items) { foreach ($del_pp_items as $item_id) { $sql_query .= "DELETE FROM pickpocketing_loot_template WHERE entry = {$pickpocketloot} AND item = {$item_id};\n"; } } if ($questrelation) { $sql_query .= "{$db_action_creature} INTO creature_questrelation (id, quest) VALUES ({$entry},{$questrelation});\n"; } if ($involvedrelation) { $sql_query .= "{$db_action_creature} INTO creature_involvedrelation (id, quest) VALUES ({$entry},{$involvedrelation});\n"; } if ($del_questrelation) { foreach ($del_questrelation as $quest_id) { $sql_query .= "DELETE FROM creature_questrelation WHERE id = {$entry} AND quest = {$quest_id};\n"; } } if ($del_involvedrelation) { foreach ($del_involvedrelation as $quest_id) { $sql_query .= "DELETE FROM creature_involvedrelation WHERE id = {$entry} AND quest = {$quest_id};\n"; } } if ($del_vendor_item) { foreach ($del_vendor_item as $item_id) { $sql_query .= "DELETE FROM npc_vendor WHERE entry = {$entry} AND item = {$item_id};\n"; } } if ($vendor_item) { $sql_query .= "{$db_action_creature} INTO npc_vendor (entry, item, maxcount, incrtime, ExtendedCost) VALUES ({$entry},{$vendor_item},{$vendor_maxcount},{$vendor_incrtime},{$vendor_extended_cost});\n"; } if ($locales_search_option != 0) { if ($name_loc) { $sql_query .= "{$db_action_creature} INTO locales_creature (`entry`, `name_loc1`, `name_loc2`, `name_loc3`, `name_loc4`, `name_loc5`, `name_loc6`, `name_loc7`, `name_loc8`, `subname_loc1`, `subname_loc2`, `subname_loc3`, `subname_loc4`, `subname_loc5`, `subname_loc6`, `subname_loc7`, `subname_loc8`) VALUES ('{$entry}', '{$name_loc['1']}', '{$name_loc['2']}', '{$name_loc['3']}', '{$name_loc['4']}', '{$name_loc['5']}', '{$name_loc['6']}', '{$name_loc['7']}', '{$name_loc['8']}', '{$subname_loc['1']}', '{$subname_loc['2']}', '{$subname_loc['3']}', '{$subname_loc['4']}', '{$subname_loc['5']}', '{$subname_loc['6']}', '{$subname_loc['7']}', '{$subname_loc['8']}');\n"; } } if (isset($_POST['backup_op']) && $_POST['backup_op'] == 1) { $sql->close(); Header("Content-type: application/octet-stream"); Header("Content-Disposition: attachment; filename=creatureid_{$entry}.sql"); echo $sql_query; exit; redirect("creature.php?action=edit&entry={$entry}&error=4"); } else { $sql_query = explode(';', $sql_query); foreach ($sql_query as $tmp_query) { if ($tmp_query && $tmp_query != "\n") { $result = $sql->query($tmp_query); } } $sql->close(); } if ($result) { redirect("creature.php?action=edit&entry={$entry}&error=4"); } else { redirect("creature.php"); } }
function do_update() { global $world_db, $realm_id, $action_permission, $user_lvl; valid_login($action_permission['update']); if (!isset($_POST['type']) || $_POST['type'] === '') { redirect("item.php?error=1"); } if (!isset($_POST['entry']) || $_POST['entry'] === '') { redirect("item.php?error=1"); } $sql = new SQL(); $sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $entry = $sql->quote_smart($_POST['entry']); if (isset($_POST['class']) && $_POST['class'] != '') { $class = $sql->quote_smart($_POST['class']); } else { $class = 0; } if (isset($_POST['subclass']) && $_POST['subclass'] != '') { $subclass = $sql->quote_smart($_POST['subclass']); } else { $subclass = 0; } if (isset($_POST['name']) && $_POST['name'] != '') { $name = $sql->quote_smart($_POST['name']); } else { $name = 0; } if (isset($_POST['displayid']) && $_POST['displayid'] != '') { $displayid = $sql->quote_smart($_POST['displayid']); } else { $displayid = 0; } if (isset($_POST['Quality']) && $_POST['Quality'] != '') { $Quality = $sql->quote_smart($_POST['Quality']); } else { $Quality = 0; } if (isset($_POST['Flags']) && $_POST['Flags'] != '') { $Flags = $sql->quote_smart($_POST['Flags']); } else { $Flags = 0; } if (isset($_POST['BuyCount']) && $_POST['BuyCount'] != '') { $BuyCount = $sql->quote_smart($_POST['BuyCount']); } else { $BuyCount = 0; } if (isset($_POST['BuyPrice']) && $_POST['BuyPrice'] != '') { $BuyPrice = $sql->quote_smart($_POST['BuyPrice']); } else { $BuyPrice = 0; } if (isset($_POST['SellPrice']) && $_POST['SellPrice'] != '') { $SellPrice = $sql->quote_smart($_POST['SellPrice']); } else { $SellPrice = 0; } if (isset($_POST['InventoryType']) && $_POST['InventoryType'] != '') { $InventoryType = $sql->quote_smart($_POST['InventoryType']); } else { $AllowableClass = 0; } if (isset($_POST['AllowableClass'])) { $AllowableClass = $sql->quote_smart($_POST['AllowableClass']); } else { $AllowableClass = -1; } if (isset($_POST['AllowableRace'])) { $AllowableRace = $sql->quote_smart($_POST['AllowableRace']); } else { $AllowableRace = -1; } if (isset($_POST['ItemLevel']) && $_POST['ItemLevel'] != '') { $ItemLevel = $sql->quote_smart($_POST['ItemLevel']); } else { $ItemLevel = 1; } if (isset($_POST['RequiredLevel']) && $_POST['RequiredLevel'] != '') { $RequiredLevel = $sql->quote_smart($_POST['RequiredLevel']); } else { $RequiredLevel = 0; } if (isset($_POST['RequiredSkill']) && $_POST['RequiredSkill'] != '') { $RequiredSkill = $sql->quote_smart($_POST['RequiredSkill']); } else { $RequiredSkill = 0; } if (isset($_POST['RequiredSkillRank']) && $_POST['RequiredSkillRank'] != '') { $RequiredSkillRank = $sql->quote_smart($_POST['RequiredSkillRank']); } else { $RequiredSkillRank = 0; } if (isset($_POST['requiredspell']) && $_POST['requiredspell'] != '') { $requiredspell = $sql->quote_smart($_POST['requiredspell']); } else { $requiredspell = 0; } if (isset($_POST['requiredhonorrank']) && $_POST['requiredhonorrank'] != '') { $requiredhonorrank = $sql->quote_smart($_POST['requiredhonorrank']); } else { $requiredhonorrank = 0; } if (isset($_POST['RequiredCityRank']) && $_POST['RequiredCityRank'] != '') { $RequiredCityRank = $sql->quote_smart($_POST['RequiredCityRank']); } else { $RequiredCityRank = 0; } if (isset($_POST['RequiredReputationFaction']) && $_POST['RequiredReputationFaction'] != '') { $RequiredReputationFaction = $sql->quote_smart($_POST['RequiredReputationFaction']); } else { $RequiredReputationFaction = 0; } if (isset($_POST['RequiredReputationRank']) && $_POST['RequiredReputationRank'] != '') { $RequiredReputationRank = $sql->quote_smart($_POST['RequiredReputationRank']); } else { $RequiredReputationRank = 0; } if (isset($_POST['maxcount']) && $_POST['maxcount'] != '') { $maxcount = $sql->quote_smart($_POST['maxcount']); } else { $maxcount = 0; } if (isset($_POST['stackable']) && $_POST['stackable'] != '') { $stackable = $sql->quote_smart($_POST['stackable']); } else { $description = 0; } if (isset($_POST['ContainerSlots']) && $_POST['ContainerSlots'] != '') { $ContainerSlots = $sql->quote_smart($_POST['ContainerSlots']); } else { $ContainerSlots = 0; } if (isset($_POST['stat_type1']) && $_POST['stat_type1'] != '') { $stat_type1 = $sql->quote_smart($_POST['stat_type1']); } else { $stat_type1 = 0; } if (isset($_POST['stat_value1']) && $_POST['stat_value1'] != '') { $stat_value1 = $sql->quote_smart($_POST['stat_value1']); } else { $stat_value1 = 0; } if (isset($_POST['stat_type2']) && $_POST['stat_type2'] != '') { $stat_type2 = $sql->quote_smart($_POST['stat_type2']); } else { $stat_type2 = 0; } if (isset($_POST['stat_value2']) && $_POST['stat_value2'] != '') { $stat_value2 = $sql->quote_smart($_POST['stat_value2']); } else { $stat_value2 = 0; } if (isset($_POST['stat_type3']) && $_POST['stat_type3'] != '') { $stat_type3 = $sql->quote_smart($_POST['stat_type3']); } else { $stat_type3 = 0; } if (isset($_POST['stat_value3']) && $_POST['stat_value3'] != '') { $stat_value3 = $sql->quote_smart($_POST['stat_value3']); } else { $stat_value3 = 0; } if (isset($_POST['stat_type4']) && $_POST['stat_type4'] != '') { $stat_type4 = $sql->quote_smart($_POST['stat_type4']); } else { $stat_type4 = 0; } if (isset($_POST['stat_value4']) && $_POST['stat_value4'] != '') { $stat_value4 = $sql->quote_smart($_POST['stat_value4']); } else { $stat_value4 = 0; } if (isset($_POST['stat_type5']) && $_POST['stat_type5'] != '') { $stat_type5 = $sql->quote_smart($_POST['stat_type5']); } else { $stat_type5 = 0; } if (isset($_POST['stat_value5']) && $_POST['stat_value5'] != '') { $stat_value5 = $sql->quote_smart($_POST['stat_value5']); } else { $stat_value5 = 0; } if (isset($_POST['stat_type6']) && $_POST['stat_type6'] != '') { $stat_type6 = $sql->quote_smart($_POST['stat_type6']); } else { $stat_type6 = 0; } if (isset($_POST['stat_value6']) && $_POST['stat_value6'] != '') { $stat_value6 = $sql->quote_smart($_POST['stat_value6']); } else { $stat_value6 = 0; } if (isset($_POST['stat_type7']) && $_POST['stat_type7'] != '') { $stat_type7 = $sql->quote_smart($_POST['stat_type7']); } else { $stat_type7 = 0; } if (isset($_POST['stat_value7']) && $_POST['stat_value7'] != '') { $stat_value7 = $sql->quote_smart($_POST['stat_value7']); } else { $stat_value7 = 0; } if (isset($_POST['stat_type8']) && $_POST['stat_type8'] != '') { $stat_type8 = $sql->quote_smart($_POST['stat_type8']); } else { $stat_type8 = 0; } if (isset($_POST['stat_value8']) && $_POST['stat_value8'] != '') { $stat_value8 = $sql->quote_smart($_POST['stat_value8']); } else { $stat_value8 = 0; } if (isset($_POST['stat_type9']) && $_POST['stat_type9'] != '') { $stat_type9 = $sql->quote_smart($_POST['stat_type9']); } else { $stat_type9 = 0; } if (isset($_POST['stat_value9']) && $_POST['stat_value9'] != '') { $stat_value9 = $sql->quote_smart($_POST['stat_value9']); } else { $stat_value9 = 0; } if (isset($_POST['stat_type10']) && $_POST['stat_type10'] != '') { $stat_type10 = $sql->quote_smart($_POST['stat_type10']); } else { $stat_type10 = 0; } if (isset($_POST['stat_value10']) && $_POST['stat_value10'] != '') { $stat_value10 = $sql->quote_smart($_POST['stat_value10']); } else { $stat_value10 = 0; } if (isset($_POST['dmg_min1']) && $_POST['dmg_min1'] != '') { $dmg_min1 = $sql->quote_smart($_POST['dmg_min1']); } else { $dmg_min1 = 0; } if (isset($_POST['dmg_max1']) && $_POST['dmg_max1'] != '') { $dmg_max1 = $sql->quote_smart($_POST['dmg_max1']); } else { $dmg_max1 = 0; } if (isset($_POST['dmg_type1']) && $_POST['dmg_type1'] != '') { $dmg_type1 = $sql->quote_smart($_POST['dmg_type1']); } else { $dmg_type1 = 0; } if (isset($_POST['dmg_min2']) && $_POST['dmg_min2'] != '') { $dmg_min2 = $sql->quote_smart($_POST['dmg_min2']); } else { $dmg_min2 = 0; } if (isset($_POST['dmg_max2']) && $_POST['dmg_max2'] != '') { $dmg_max2 = $sql->quote_smart($_POST['dmg_max2']); } else { $dmg_max2 = 0; } if (isset($_POST['dmg_type2']) && $_POST['dmg_type2'] != '') { $dmg_type2 = $sql->quote_smart($_POST['dmg_type2']); } else { $dmg_type2 = 0; } if (isset($_POST['armor']) && $_POST['armor'] != '') { $armor = $sql->quote_smart($_POST['armor']); } else { $armor = 0; } if (isset($_POST['holy_res']) && $_POST['holy_res'] != '') { $holy_res = $sql->quote_smart($_POST['holy_res']); } else { $holy_res = 0; } if (isset($_POST['fire_res']) && $_POST['fire_res'] != '') { $fire_res = $sql->quote_smart($_POST['fire_res']); } else { $fire_res = 0; } if (isset($_POST['nature_res']) && $_POST['nature_res'] != '') { $nature_res = $sql->quote_smart($_POST['nature_res']); } else { $nature_res = 0; } if (isset($_POST['frost_res']) && $_POST['frost_res'] != '') { $frost_res = $sql->quote_smart($_POST['frost_res']); } else { $frost_res = 0; } if (isset($_POST['shadow_res']) && $_POST['shadow_res'] != '') { $shadow_res = $sql->quote_smart($_POST['shadow_res']); } else { $shadow_res = 0; } if (isset($_POST['arcane_res']) && $_POST['arcane_res'] != '') { $arcane_res = $sql->quote_smart($_POST['arcane_res']); } else { $arcane_res = 0; } if (isset($_POST['delay']) && $_POST['delay'] != '') { $delay = $sql->quote_smart($_POST['delay']); } else { $delay = 0; } if (isset($_POST['ammo_type']) && $_POST['ammo_type'] != '') { $ammo_type = $sql->quote_smart($_POST['ammo_type']); } else { $ammo_type = 0; } if (isset($_POST['RangedModRange']) && $_POST['RangedModRange'] != '') { $RangedModRange = $sql->quote_smart($_POST['RangedModRange']); } else { $RangedModRange = 0; } if (isset($_POST['spellid_1']) && $_POST['spellid_1'] != '') { $spellid_1 = $sql->quote_smart($_POST['spellid_1']); } else { $spellid_1 = 0; } if (isset($_POST['spelltrigger_1']) && $_POST['spelltrigger_1'] != '') { $spelltrigger_1 = $sql->quote_smart($_POST['spelltrigger_1']); } else { $spelltrigger_1 = 0; } if (isset($_POST['spellcharges_1']) && $_POST['spellcharges_1'] != '') { $spellcharges_1 = $sql->quote_smart($_POST['spellcharges_1']); } else { $spellcharges_1 = 0; } if (isset($_POST['spellcooldown_1']) && $_POST['spellcooldown_1'] != '') { $spellcooldown_1 = $sql->quote_smart($_POST['spellcooldown_1']); } else { $spellcooldown_1 = -1; } if (isset($_POST['spellcategory_1']) && $_POST['spellcategory_1'] != '') { $spellcategory_1 = $sql->quote_smart($_POST['spellcategory_1']); } else { $spellcategory_1 = 0; } if (isset($_POST['spellcategorycooldown_1']) && $_POST['spellcategorycooldown_1'] != '') { $spellcategorycooldown_1 = $sql->quote_smart($_POST['spellcategorycooldown_1']); } else { $spellcategorycooldown_1 = -1; } if (isset($_POST['spellppmRate_1']) && $_POST['spellppmRate_1'] != '') { $spellppmRate_1 = $sql->quote_smart($_POST['spellppmRate_1']); } else { $spellppmRate_1 = 0; } if (isset($_POST['spellid_2']) && $_POST['spellid_2'] != '') { $spellid_2 = $sql->quote_smart($_POST['spellid_2']); } else { $spellid_2 = 0; } if (isset($_POST['spelltrigger_2']) && $_POST['spelltrigger_2'] != '') { $spelltrigger_2 = $sql->quote_smart($_POST['spelltrigger_2']); } else { $spelltrigger_2 = 0; } if (isset($_POST['spellcharges_2']) && $_POST['spellcharges_2'] != '') { $spellcharges_2 = $sql->quote_smart($_POST['spellcharges_2']); } else { $spellcharges_2 = 0; } if (isset($_POST['spellcooldown_2']) && $_POST['spellcooldown_2'] != '') { $spellcooldown_2 = $sql->quote_smart($_POST['spellcooldown_2']); } else { $spellcooldown_2 = -1; } if (isset($_POST['spellcategory_2']) && $_POST['spellcategory_2'] != '') { $spellcategory_2 = $sql->quote_smart($_POST['spellcategory_2']); } else { $spellcategory_2 = 0; } if (isset($_POST['spellcategorycooldown_2']) && $_POST['spellcategorycooldown_2'] != '') { $spellcategorycooldown_2 = $sql->quote_smart($_POST['spellcategorycooldown_2']); } else { $spellcategorycooldown_2 = -1; } if (isset($_POST['spellppmRate_2']) && $_POST['spellppmRate_2'] != '') { $spellppmRate_2 = $sql->quote_smart($_POST['spellppmRate_2']); } else { $spellppmRate_2 = 0; } if (isset($_POST['spellid_3']) && $_POST['spellid_3'] != '') { $spellid_3 = $sql->quote_smart($_POST['spellid_3']); } else { $spellid_3 = 0; } if (isset($_POST['spelltrigger_3']) && $_POST['spelltrigger_3'] != '') { $spelltrigger_3 = $sql->quote_smart($_POST['spelltrigger_3']); } else { $spelltrigger_3 = 0; } if (isset($_POST['spellcharges_3']) && $_POST['spellcharges_3'] != '') { $spellcharges_3 = $sql->quote_smart($_POST['spellcharges_3']); } else { $spellcharges_3 = 0; } if (isset($_POST['spellcooldown_3']) && $_POST['spellcooldown_3'] != '') { $spellcooldown_3 = $sql->quote_smart($_POST['spellcooldown_3']); } else { $spellcooldown_3 = -1; } if (isset($_POST['spellcategory_3']) && $_POST['spellcategory_3'] != '') { $spellcategory_3 = $sql->quote_smart($_POST['spellcategory_3']); } else { $description = 0; } if (isset($_POST['spellcategorycooldown_3']) && $_POST['spellcategorycooldown_3'] != '') { $spellcategorycooldown_3 = $sql->quote_smart($_POST['spellcategorycooldown_3']); } else { $spellcategorycooldown_3 = -1; } if (isset($_POST['spellppmRate_3']) && $_POST['spellppmRate_3'] != '') { $spellppmRate_3 = $sql->quote_smart($_POST['spellppmRate_3']); } else { $spellppmRate_3 = 0; } if (isset($_POST['spellid_4']) && $_POST['spellid_4'] != '') { $spellid_4 = $sql->quote_smart($_POST['spellid_4']); } else { $spellid_4 = 0; } if (isset($_POST['spelltrigger_4']) && $_POST['spelltrigger_4'] != '') { $spelltrigger_4 = $sql->quote_smart($_POST['spelltrigger_4']); } else { $spelltrigger_4 = 0; } if (isset($_POST['spellcharges_4']) && $_POST['spellcharges_4'] != '') { $spellcharges_4 = $sql->quote_smart($_POST['spellcharges_4']); } else { $spellcharges_4 = 0; } if (isset($_POST['spellcooldown_4']) && $_POST['spellcooldown_4'] != '') { $spellcooldown_4 = $sql->quote_smart($_POST['spellcooldown_4']); } else { $spellcooldown_4 = -1; } if (isset($_POST['spellcategory_4']) && $_POST['spellcategory_4'] != '') { $spellcategory_4 = $sql->quote_smart($_POST['spellcategory_4']); } else { $spellcategory_4 = 0; } if (isset($_POST['spellcategorycooldown_4']) && $_POST['spellcategorycooldown_4'] != '') { $spellcategorycooldown_4 = $sql->quote_smart($_POST['spellcategorycooldown_4']); } else { $spellcategorycooldown_4 = -1; } if (isset($_POST['spellppmRate_4']) && $_POST['spellppmRate_4'] != '') { $spellppmRate_4 = $sql->quote_smart($_POST['spellppmRate_4']); } else { $spellppmRate_4 = 0; } if (isset($_POST['spellid_5']) && $_POST['spellid_5'] != '') { $spellid_5 = $sql->quote_smart($_POST['spellid_5']); } else { $spellid_5 = 0; } if (isset($_POST['spelltrigger_5']) && $_POST['spelltrigger_5'] != '') { $spelltrigger_5 = $sql->quote_smart($_POST['spelltrigger_5']); } else { $spelltrigger_5 = 0; } if (isset($_POST['spellcharges_5']) && $_POST['spellcharges_5'] != '') { $spellcharges_5 = $sql->quote_smart($_POST['spellcharges_5']); } else { $spellcharges_5 = 0; } if (isset($_POST['spellcooldown_5']) && $_POST['spellcooldown_5'] != '') { $spellcooldown_5 = $sql->quote_smart($_POST['spellcooldown_5']); } else { $spellcooldown_5 = -1; } if (isset($_POST['spellcategory_5']) && $_POST['spellcategory_5'] != '') { $spellcategory_5 = $sql->quote_smart($_POST['spellcategory_5']); } else { $spellcategory_5 = 0; } if (isset($_POST['spellcategorycooldown_5']) && $_POST['spellcategorycooldown_5'] != '') { $spellcategorycooldown_5 = $sql->quote_smart($_POST['spellcategorycooldown_5']); } else { $spellcategorycooldown_5 = -1; } if (isset($_POST['spellppmRate_5']) && $_POST['spellppmRate_5'] != '') { $spellppmRate_5 = $sql->quote_smart($_POST['spellppmRate_5']); } else { $spellppmRate_5 = 0; } if (isset($_POST['bonding']) && $_POST['bonding'] != '') { $bonding = $sql->quote_smart($_POST['bonding']); } else { $bonding = 0; } if (isset($_POST['description']) && $_POST['description'] != '') { $description = $sql->quote_smart($_POST['description']); } else { $description = ""; } if (isset($_POST['PageText']) && $_POST['PageText'] != '') { $PageText = $sql->quote_smart($_POST['PageText']); } else { $PageText = 0; } if (isset($_POST['LanguageID']) && $_POST['LanguageID'] != '') { $LanguageID = $sql->quote_smart($_POST['LanguageID']); } else { $LanguageID = 0; } if (isset($_POST['PageMaterial']) && $_POST['PageMaterial'] != '') { $PageMaterial = $sql->quote_smart($_POST['PageMaterial']); } else { $PageMaterial = 0; } if (isset($_POST['startquest']) && $_POST['startquest'] != '') { $startquest = $sql->quote_smart($_POST['startquest']); } else { $startquest = 0; } if (isset($_POST['lockid']) && $_POST['lockid'] != '') { $lockid = $sql->quote_smart($_POST['lockid']); } else { $lockid = 0; } if (isset($_POST['Material']) && $_POST['Material'] != '') { $Material = $sql->quote_smart($_POST['Material']); } else { $Material = 0; } if (isset($_POST['sheath']) && $_POST['sheath'] != '') { $sheath = $sql->quote_smart($_POST['sheath']); } else { $sheath = 0; } if (isset($_POST['RandomProperty']) && $_POST['RandomProperty'] != '') { $RandomProperty = $sql->quote_smart($_POST['RandomProperty']); } else { $RandomProperty = 0; } if (isset($_POST['block ']) && $_POST['block '] != '') { $block = $sql->quote_smart($_POST['block']); } else { $block = 0; } if (isset($_POST['itemset']) && $_POST['itemset'] != '') { $itemset = $sql->quote_smart($_POST['itemset']); } else { $itemset = 0; } if (isset($_POST['MaxDurability']) && $_POST['MaxDurability'] != '') { $MaxDurability = $sql->quote_smart($_POST['MaxDurability']); } else { $MaxDurability = 0; } if (isset($_POST['area']) && $_POST['area'] != '') { $area = $sql->quote_smart($_POST['area']); } else { $area = 0; } if (isset($_POST['BagFamily']) && $_POST['BagFamily'] != '') { $BagFamily = $sql->quote_smart($_POST['BagFamily']); } else { $BagFamily = 0; } if (isset($_POST['Map']) && $_POST['Map'] != '') { $Map = $sql->quote_smart($_POST['Map']); } else { $Map = 0; } if (isset($_POST['ScriptName']) && $_POST['ScriptName'] != '') { $ScriptName = $sql->quote_smart($_POST['ScriptName']); } else { $ScriptName = 0; } if (isset($_POST['DisenchantID']) && $_POST['DisenchantID'] != '') { $DisenchantID = $sql->quote_smart($_POST['DisenchantID']); } else { $DisenchantID = 0; } if (isset($_POST['RequiredDisenchantSkill']) && $_POST['RequiredDisenchantSkill'] != '') { $RequiredDisenchantSkill = $sql->quote_smart($_POST['RequiredDisenchantSkill']); } else { $RequiredDisenchantSkill = -1; } if (isset($_POST['unk0']) && $_POST['unk0'] != '') { $unk0 = $sql->quote_smart($_POST['unk0']); } else { $unk0 = -1; } if (isset($_POST['RandomSuffix']) && $_POST['RandomSuffix'] != '') { $RandomSuffix = $sql->quote_smart($_POST['RandomSuffix']); } else { $RandomSuffix = 0; } if (isset($_POST['TotemCategory']) && $_POST['TotemCategory'] != '') { $TotemCategory = $sql->quote_smart($_POST['TotemCategory']); } else { $TotemCategory = 0; } if (isset($_POST['socketColor_1']) && $_POST['socketColor_1'] != '') { $socketColor_1 = $sql->quote_smart($_POST['socketColor_1']); } else { $socketColor_1 = 0; } if (isset($_POST['socketContent_1']) && $_POST['socketContent_1'] != '') { $socketContent_1 = $sql->quote_smart($_POST['socketContent_1']); } else { $socketContent_1 = 0; } if (isset($_POST['socketColor_2']) && $_POST['socketColor_2'] != '') { $socketColor_2 = $sql->quote_smart($_POST['socketColor_2']); } else { $socketColor_2 = 0; } if (isset($_POST['socketContent_2']) && $_POST['socketContent_2'] != '') { $socketContent_2 = $sql->quote_smart($_POST['socketContent_2']); } else { $socketContent_2 = 0; } if (isset($_POST['socketColor_3']) && $_POST['socketColor_3'] != '') { $socketColor_3 = $sql->quote_smart($_POST['socketColor_3']); } else { $socketColor_3 = 0; } if (isset($_POST['socketContent_3']) && $_POST['socketContent_3'] != '') { $socketContent_3 = $sql->quote_smart($_POST['socketContent_3']); } else { $socketContent_3 = 0; } if (isset($_POST['socketBonus']) && $_POST['socketBonus'] != '') { $socketBonus = $sql->quote_smart($_POST['socketBonus']); } else { $socketBonus = 0; } if (isset($_POST['GemProperties']) && $_POST['GemProperties'] != '') { $GemProperties = $sql->quote_smart($_POST['GemProperties']); } else { $GemProperties = 0; } if (isset($_POST['ArmorDamageModifier']) && $_POST['ArmorDamageModifier'] != '') { $ArmorDamageModifier = $sql->quote_smart($_POST['ArmorDamageModifier']); } else { $ArmorDamageModifier = 0; } if (isset($_POST['de_ChanceOrQuestChance']) && $_POST['de_ChanceOrQuestChance'] != '') { $de_ChanceOrQuestChance = $sql->quote_smart($_POST['de_ChanceOrQuestChance']); } else { $de_ChanceOrQuestChance = 0; } if (isset($_POST['de_groupid']) && $_POST['de_groupid'] != '') { $de_groupid = $sql->quote_smart($_POST['de_groupid']); } else { $de_groupid = 0; } if (isset($_POST['de_mincountOrRef']) && $_POST['de_mincountOrRef'] != '') { $de_mincountOrRef = $sql->quote_smart($_POST['de_mincountOrRef']); } else { $de_mincountOrRef = 0; } if (isset($_POST['de_maxcount']) && $_POST['de_maxcount'] != '') { $de_maxcount = $sql->quote_smart($_POST['de_maxcount']); } else { $de_maxcount = 0; } if (isset($_POST['de_lootcondition']) && $_POST['de_lootcondition'] != '') { $de_lootcondition = $sql->quote_smart($_POST['de_lootcondition']); } else { $de_lootcondition = 0; } if (isset($_POST['de_condition_value1']) && $_POST['de_condition_value1'] != '') { $de_condition_value1 = $sql->quote_smart($_POST['de_condition_value1']); } else { $de_condition_value1 = 0; } if (isset($_POST['de_condition_value2']) && $_POST['de_condition_value2'] != '') { $de_condition_value2 = $sql->quote_smart($_POST['de_condition_value2']); } else { $de_condition_value2 = 0; } if (isset($_POST['de_item']) && $_POST['de_item'] != '') { $de_item = $sql->quote_smart($_POST['de_item']); } else { $de_item = 0; } if (isset($_POST['del_de_items']) && $_POST['del_de_items'] != '') { $del_de_items = $sql->quote_smart($_POST['del_de_items']); } else { $del_de_items = NULL; } $tmp = 0; if ($AllowableClass[0] != -1) { for ($t = 0; $t < count($AllowableClass); $t++) { if ($AllowableClass[$t] & 1) { $tmp = $tmp + 1; } if ($AllowableClass[$t] & 2) { $tmp = $tmp + 2; } if ($AllowableClass[$t] & 4) { $tmp = $tmp + 4; } if ($AllowableClass[$t] & 8) { $tmp = $tmp + 8; } if ($AllowableClass[$t] & 16) { $tmp = $tmp + 16; } if ($AllowableClass[$t] & 32) { $tmp = $tmp + 32; } if ($AllowableClass[$t] & 64) { $tmp = $tmp + 64; } if ($AllowableClass[$t] & 128) { $tmp = $tmp + 128; } if ($AllowableClass[$t] & 256) { $tmp = $tmp + 256; } if ($AllowableClass[$t] & 512) { $tmp = $tmp + 512; } if ($AllowableClass[$t] & 1024) { $tmp = $tmp + 1024; } } } if ($tmp) { $AllowableClass = $tmp; } else { $AllowableClass = -1; } $tmp = 0; if ($AllowableRace[0] != -1) { for ($t = 0; $t < count($AllowableRace); $t++) { if ($AllowableRace[$t] & 1) { $tmp = $tmp + 1; } if ($AllowableRace[$t] & 2) { $tmp = $tmp + 2; } if ($AllowableRace[$t] & 4) { $tmp = $tmp + 4; } if ($AllowableRace[$t] & 8) { $tmp = $tmp + 8; } if ($AllowableRace[$t] & 16) { $tmp = $tmp + 16; } if ($AllowableRace[$t] & 32) { $tmp = $tmp + 32; } if ($AllowableRace[$t] & 64) { $tmp = $tmp + 64; } if ($AllowableRace[$t] & 128) { $tmp = $tmp + 128; } if ($AllowableRace[$t] & 256) { $tmp = $tmp + 256; } if ($AllowableRace[$t] & 512) { $tmp = $tmp + 512; } } } if ($tmp) { $AllowableRace = $tmp; } else { $AllowableRace = -1; } if ($_POST['type'] == "add_new") { $sql_query = "INSERT INTO item_template (entry, class, subclass, name,displayid, Quality, Flags, BuyCount, BuyPrice, SellPrice, InventoryType, AllowableClass, AllowableRace, ItemLevel,\n RequiredLevel, RequiredSkill, RequiredSkillRank, requiredspell, requiredhonorrank, RequiredCityRank, RequiredReputationFaction, RequiredReputationRank, maxcount, stackable, ContainerSlots, stat_type1,\n stat_value1, stat_type2, stat_value2, stat_type3, stat_value3, stat_type4, stat_value4, stat_type5, stat_value5, stat_type6, stat_value6, stat_type7, stat_value7, stat_type8, stat_value8, stat_type9,\n stat_value9, stat_type10, stat_value10, dmg_min1, dmg_max1, dmg_type1, dmg_min2, dmg_max2, dmg_type2, armor, holy_res, fire_res, nature_res, frost_res, shadow_res, arcane_res, delay, ammo_type,\n RangedModRange, spellid_1, spelltrigger_1, spellcharges_1, spellppmRate_1, spellcooldown_1, spellcategory_1, spellcategorycooldown_1,\n spellid_2, spelltrigger_2, spellcharges_2, spellppmRate_2, spellcooldown_2, spellcategory_2, spellcategorycooldown_2, spellid_3, spelltrigger_3, spellcharges_3, spellppmRate_3, spellcooldown_3, spellcategory_3, spellcategorycooldown_3,\n spellid_4, spelltrigger_4, spellcharges_4, spellppmRate_4, spellcooldown_4, spellcategory_4, spellcategorycooldown_4, spellid_5, spelltrigger_5, spellcharges_5, spellppmRate_5, spellcooldown_5, spellcategory_5, spellcategorycooldown_5,\n bonding, description, PageText, LanguageID, PageMaterial, startquest, lockid, Material, sheath, RandomProperty, block, itemset, MaxDurability, area, BagFamily, Map, ScriptName, DisenchantID,RequiredDisenchantSkill,\n ArmorDamageModifier,unk0,RandomSuffix,TotemCategory, socketColor_1, socketContent_1, socketColor_2, socketContent_2, socketColor_3, socketContent_3, socketBonus, GemProperties)\n VALUES ('{$entry}', '{$class}', '{$subclass}', '{$name}','{$displayid}', '{$Quality}', '{$Flags}', '{$BuyCount}', '{$BuyPrice}', '{$SellPrice}', '{$InventoryType}', '{$AllowableClass}', '{$AllowableRace}', '{$ItemLevel}', '{$RequiredLevel}',\n '{$RequiredSkill}', '{$RequiredSkillRank}', '{$requiredspell}', '{$requiredhonorrank}', '{$RequiredCityRank}', '{$RequiredReputationFaction}', '{$RequiredReputationRank}', '{$maxcount}', '{$stackable}', '{$ContainerSlots}', '{$stat_type1}',\n '{$stat_value1}', '{$stat_type2}', '{$stat_value2}', '{$stat_type3}', '{$stat_value3}', '{$stat_type4}', '{$stat_value4}', '{$stat_type5}', '{$stat_value5}', '{$stat_type6}', '{$stat_value6}', '{$stat_type7}', '{$stat_value7}', '{$stat_type8}', '{$stat_value8}',\n '{$stat_type9}', '{$stat_value9}', '{$stat_type10}', '{$stat_value10}', '{$dmg_min1}', '{$dmg_max1}', '{$dmg_type1}', '{$dmg_min2}', '{$dmg_max2}', '{$dmg_type2}', '{$armor}', '{$holy_res}', '{$fire_res}', '{$nature_res}', '{$frost_res}', '{$shadow_res}', '{$arcane_res}', '{$delay}', '{$ammo_type}', '{$RangedModRange}', '{$spellid_1}', '{$spelltrigger_1}', '{$spellcharges_1}', '{$spellppmRate_1}', '{$spellcooldown_1}',\n '{$spellcategory_1}', '{$spellcategorycooldown_1}', '{$spellid_2}', '{$spelltrigger_2}', '{$spellcharges_2}', '{$spellppmRate_2}', '{$spellcooldown_2}', '{$spellcategory_2}', '{$spellcategorycooldown_2}', '{$spellid_3}', '{$spelltrigger_3}', '{$spellcharges_3}', '{$spellppmRate_3}',\n '{$spellcooldown_3}', '{$spellcategory_3}', '{$spellcategorycooldown_3}', '{$spellid_4}', '{$spelltrigger_4}', '{$spellcharges_4}', '{$spellppmRate_4}', '{$spellcooldown_4}', '{$spellcategory_4}', '{$spellcategorycooldown_4}', '{$spellid_5}', '{$spelltrigger_5}',\n '{$spellcharges_5}', '{$spellppmRate_5}', '{$spellcooldown_5}', '{$spellcategory_5}', '{$spellcategorycooldown_5}', '{$bonding}', '{$description}', '{$PageText}', '{$LanguageID}', '{$PageMaterial}', '{$startquest}', '{$lockid}', '{$Material}', '{$sheath}', '{$RandomProperty}', '{$block}',\n '{$itemset}', '{$MaxDurability}', '{$area}', '{$BagFamily}', '{$Map}', '{$ScriptName}', '{$DisenchantID}', '{$RequiredDisenchantSkill}','{$ArmorDamageModifier}','{$unk0}','{$RandomSuffix}', '{$TotemCategory}', '{$socketColor_1}', '{$socketContent_1}', '{$socketColor_2}',\n '{$socketContent_2}', '{$socketColor_3}', '{$socketContent_3}', '{$socketBonus}', '{$GemProperties}')"; } elseif ($_POST['type'] == "edit") { $sql_query = "UPDATE item_template SET "; $result = $sql->query("SELECT `item_template`.`entry`,`class`,`subclass`,`unk0`,IFNULL(" . ($deplang != 0 ? "name_loc{$deplang}" : "NULL") . ",`name`) as name,`displayid`,`Quality`,`Flags`,`BuyCount`,`BuyPrice`,`SellPrice`,`InventoryType`,`AllowableClass`,`AllowableRace`,`ItemLevel`,`RequiredLevel`,`RequiredSkill`,`RequiredSkillRank`,`requiredspell`,`requiredhonorrank`,`RequiredCityRank`,`RequiredReputationFaction`,`RequiredReputationRank`,`maxcount`,`stackable`,`ContainerSlots`,`stat_type1`,`stat_value1`,`stat_type2`,`stat_value2`,`stat_type3`,`stat_value3`,`stat_type4`,`stat_value4`,`stat_type5`,`stat_value5`,`stat_type6`,`stat_value6`,`stat_type7`,`stat_value7`,`stat_type8`,`stat_value8`,`stat_type9`,`stat_value9`,`stat_type10`,`stat_value10`,`dmg_min1`,`dmg_max1`,`dmg_type1`,`dmg_min2`,`dmg_max2`,`dmg_type2`,`armor`,`holy_res`,`fire_res`,`nature_res`,`frost_res`,`shadow_res`,`arcane_res`,`delay`,`ammo_type`,`RangedModRange`,`spellid_1`,`spelltrigger_1`,`spellcharges_1`,`spellppmRate_1`,`spellcooldown_1`,`spellcategory_1`,`spellcategorycooldown_1`,`spellid_2`,`spelltrigger_2`,`spellcharges_2`,`spellppmRate_2`,`spellcooldown_2`,`spellcategory_2`,`spellcategorycooldown_2`,`spellid_3`,`spelltrigger_3`,`spellcharges_3`,`spellppmRate_3`,`spellcooldown_3`,`spellcategory_3`,`spellcategorycooldown_3`,`spellid_4`,`spelltrigger_4`,`spellcharges_4`,`spellppmRate_4`,`spellcooldown_4`,`spellcategory_4`,`spellcategorycooldown_4`,`spellid_5`,`spelltrigger_5`,`spellcharges_5`,`spellppmRate_5`,`spellcooldown_5`,`spellcategory_5`,`spellcategorycooldown_5`,`bonding`,`description`,`PageText`,`LanguageID`,`PageMaterial`,`startquest`,`lockid`,`Material`,`sheath`,`RandomProperty`,`RandomSuffix`,`block`,`itemset`,`MaxDurability`,`area`,`Map`,`BagFamily`,`TotemCategory`,`socketColor_1`,`socketContent_1`,`socketColor_2`,`socketContent_2`,`socketColor_3`,`socketContent_3`,`socketBonus`,`GemProperties`,`RequiredDisenchantSkill`,`ArmorDamageModifier`,`ScriptName`,`DisenchantID`,`FoodType`,`minMoneyLoot`,`maxMoneyLoot` FROM item_template LEFT JOIN locales_item ON item_template.entry = locales_item.entry WHERE item_template.entry = '{$entry}'"); if ($item_templ = $sql->fetch_assoc($result)) { if ($item_templ['class'] != $class) { $sql_query .= "class='{$class}',"; } if ($item_templ['subclass'] != $subclass) { $sql_query .= "subclass='{$subclass}',"; } if ($item_templ['name'] != $name) { $sql_query .= "name='{$name}',"; } if ($item_templ['displayid'] != $displayid) { $sql_query .= "displayid='{$displayid}',"; } if ($item_templ['Quality'] != $Quality) { $sql_query .= "Quality='{$Quality}',"; } if ($item_templ['Flags'] != $Flags) { $sql_query .= "Flags='{$Flags}',"; } if ($item_templ['BuyCount'] != $BuyCount) { $sql_query .= "BuyCount='{$BuyCount}',"; } if ($item_templ['BuyPrice'] != $BuyPrice) { $sql_query .= "BuyPrice='{$BuyPrice}',"; } if ($item_templ['SellPrice'] != $SellPrice) { $sql_query .= "SellPrice='{$SellPrice}',"; } if ($item_templ['InventoryType'] != $InventoryType) { $sql_query .= "InventoryType='{$InventoryType}',"; } if ($item_templ['AllowableClass'] != $AllowableClass) { $sql_query .= "AllowableClass='{$AllowableClass}',"; } if ($item_templ['AllowableRace'] != $AllowableRace) { $sql_query .= "AllowableRace='{$AllowableRace}',"; } if ($item_templ['ItemLevel'] != $ItemLevel) { $sql_query .= "ItemLevel='{$ItemLevel}',"; } if ($item_templ['RequiredLevel'] != $RequiredLevel) { $sql_query .= "RequiredLevel='{$RequiredLevel}',"; } if ($item_templ['RequiredSkill'] != $RequiredSkill) { $sql_query .= "RequiredSkill='{$RequiredSkill}',"; } if ($item_templ['RequiredSkillRank'] != $RequiredSkillRank) { $sql_query .= "RequiredSkillRank='{$RequiredSkillRank}',"; } if ($item_templ['requiredspell'] != $requiredspell) { $sql_query .= "requiredspell='{$requiredspell}',"; } if ($item_templ['requiredhonorrank'] != $requiredhonorrank) { $sql_query .= "requiredhonorrank='{$requiredhonorrank}',"; } if ($item_templ['RequiredCityRank'] != $RequiredCityRank) { $sql_query .= "RequiredCityRank='{$RequiredCityRank}',"; } if ($item_templ['RequiredReputationFaction'] != $RequiredReputationFaction) { $sql_query .= "RequiredReputationFaction='{$RequiredReputationFaction}',"; } if ($item_templ['RequiredReputationRank'] != $RequiredReputationRank) { $sql_query .= "RequiredReputationRank='{$RequiredReputationRank}',"; } if ($item_templ['maxcount'] != $maxcount) { $sql_query .= "maxcount='{$maxcount}',"; } if ($item_templ['stackable'] != $stackable) { $sql_query .= "stackable='{$stackable}',"; } if ($item_templ['ContainerSlots'] != $ContainerSlots) { $sql_query .= "ContainerSlots='{$ContainerSlots}',"; } if ($item_templ['stat_type1'] != $stat_type1) { $sql_query .= "stat_type1='{$stat_type1}',"; } if ($item_templ['stat_value1'] != $stat_value1) { $sql_query .= "stat_value1='{$stat_value1}',"; } if ($item_templ['stat_type2'] != $stat_type2) { $sql_query .= "stat_type2='{$stat_type2}',"; } if ($item_templ['stat_value2'] != $stat_value2) { $sql_query .= "stat_value2='{$stat_value2}',"; } if ($item_templ['stat_type3'] != $stat_type3) { $sql_query .= "stat_type3='{$stat_type3}',"; } if ($item_templ['stat_value3'] != $stat_value3) { $sql_query .= "stat_value3='{$stat_value3}',"; } if ($item_templ['stat_type4'] != $stat_type4) { $sql_query .= "stat_type4='{$stat_type4}',"; } if ($item_templ['stat_value4'] != $stat_value4) { $sql_query .= "stat_value4='{$stat_value4}',"; } if ($item_templ['stat_type5'] != $stat_type5) { $sql_query .= "stat_type5='{$stat_type5}',"; } if ($item_templ['stat_value5'] != $stat_value5) { $sql_query .= "stat_value5='{$stat_value5}',"; } if ($item_templ['stat_type6'] != $stat_type6) { $sql_query .= "stat_type6='{$stat_type6}',"; } if ($item_templ['stat_value6'] != $stat_value6) { $sql_query .= "stat_value6='{$stat_value6}',"; } if ($item_templ['stat_type7'] != $stat_type7) { $sql_query .= "stat_type7='{$stat_type7}',"; } if ($item_templ['stat_value7'] != $stat_value7) { $sql_query .= "stat_value7='{$stat_value7}',"; } if ($item_templ['stat_type8'] != $stat_type8) { $sql_query .= "stat_type8='{$stat_type8}',"; } if ($item_templ['stat_value8'] != $stat_value8) { $sql_query .= "stat_value8='{$stat_value8}',"; } if ($item_templ['stat_type9'] != $stat_type9) { $sql_query .= "stat_type9='{$stat_type9}',"; } if ($item_templ['stat_value9'] != $stat_value9) { $sql_query .= "stat_value9='{$stat_value9}',"; } if ($item_templ['stat_type10'] != $stat_type10) { $sql_query .= "stat_type10='{$stat_type10}',"; } if ($item_templ['stat_value10'] != $stat_value10) { $sql_query .= "stat_value10='{$stat_value10}',"; } if ($item_templ['dmg_min1'] != $dmg_min1) { $sql_query .= "dmg_min1='{$dmg_min1}',"; } if ($item_templ['dmg_max1'] != $dmg_max1) { $sql_query .= "dmg_max1='{$dmg_max1}',"; } if ($item_templ['dmg_type1'] != $dmg_type1) { $sql_query .= "dmg_type1='{$dmg_type1}',"; } if ($item_templ['dmg_min2'] != $dmg_min2) { $sql_query .= "dmg_min2='{$dmg_min2}',"; } if ($item_templ['dmg_max2'] != $dmg_max2) { $sql_query .= "dmg_max2='{$dmg_max2}',"; } if ($item_templ['dmg_type2'] != $dmg_type2) { $sql_query .= "dmg_type2='{$dmg_type2}',"; } if ($item_templ['armor'] != $armor) { $sql_query .= "armor='{$armor}',"; } if ($item_templ['holy_res'] != $holy_res) { $sql_query .= "holy_res='{$holy_res}',"; } if ($item_templ['fire_res'] != $fire_res) { $sql_query .= "fire_res='{$fire_res}',"; } if ($item_templ['nature_res'] != $nature_res) { $sql_query .= "nature_res='{$nature_res}',"; } if ($item_templ['frost_res'] != $frost_res) { $sql_query .= "frost_res='{$frost_res}',"; } if ($item_templ['shadow_res'] != $shadow_res) { $sql_query .= "shadow_res='{$shadow_res}',"; } if ($item_templ['arcane_res'] != $arcane_res) { $sql_query .= "arcane_res='{$arcane_res}',"; } if ($item_templ['delay'] != $delay) { $sql_query .= "delay='{$delay}',"; } if ($item_templ['ammo_type'] != $ammo_type) { $sql_query .= "ammo_type='{$ammo_type}',"; } if ($item_templ['RangedModRange'] != $RangedModRange) { $sql_query .= "RangedModRange='{$RangedModRange}',"; } if ($item_templ['spellid_1'] != $spellid_1) { $sql_query .= "spellid_1='{$spellid_1}',"; } if ($item_templ['spelltrigger_1'] != $spelltrigger_1) { $sql_query .= "spelltrigger_1='{$spelltrigger_1}',"; } if ($item_templ['spellcharges_1'] != $spellcharges_1) { $sql_query .= "spellcharges_1='{$spellcharges_1}',"; } if ($item_templ['spellppmRate_1'] != $spellppmRate_1) { $sql_query .= "spellppmRate_1='{$spellppmRate_1}',"; } if ($item_templ['spellcooldown_1'] != $spellcooldown_1) { $sql_query .= "spellcooldown_1='{$spellcooldown_1}',"; } if ($item_templ['spellcategory_1'] != $spellcategory_1) { $sql_query .= "spellcategory_1='{$spellcategory_1}',"; } if ($item_templ['spellcategorycooldown_1'] != $spellcategorycooldown_1) { $sql_query .= "spellcategorycooldown_1='{$spellcategorycooldown_1}',"; } if ($item_templ['spellid_2'] != $spellid_2) { $sql_query .= "spellid_2='{$spellid_2}',"; } if ($item_templ['spelltrigger_2'] != $spelltrigger_2) { $sql_query .= "spelltrigger_2='{$spelltrigger_2}',"; } if ($item_templ['spellcharges_2'] != $spellcharges_2) { $sql_query .= "spellcharges_2='{$spellcharges_2}',"; } if ($item_templ['spellppmRate_2'] != $spellppmRate_2) { $sql_query .= "spellppmRate_2='{$spellppmRate_2}',"; } if ($item_templ['spellcooldown_2'] != $spellcooldown_2) { $sql_query .= "spellcooldown_2='{$spellcooldown_2}',"; } if ($item_templ['spellcategory_2'] != $spellcategory_2) { $sql_query .= "spellcategory_2='{$spellcategory_2}',"; } if ($item_templ['spellcategorycooldown_2'] != $spellcategorycooldown_2) { $sql_query .= "spellcategorycooldown_2='{$spellcategorycooldown_2}',"; } if ($item_templ['spellid_3'] != $spellid_3) { $sql_query .= "spellid_3='{$spellid_3}',"; } if ($item_templ['spelltrigger_3'] != $spelltrigger_3) { $sql_query .= "spelltrigger_3='{$spelltrigger_3}',"; } if ($item_templ['spellcharges_3'] != $spellcharges_3) { $sql_query .= "spellcharges_3='{$spellcharges_3}',"; } if ($item_templ['spellppmRate_3'] != $spellppmRate_3) { $sql_query .= "spellppmRate_3='{$spellppmRate_3}',"; } if ($item_templ['spellcooldown_3'] != $spellcooldown_3) { $sql_query .= "spellcooldown_3='{$spellcooldown_3}',"; } if ($item_templ['spellcategory_3'] != $spellcategory_3) { $sql_query .= "spellcategory_3='{$spellcategory_3}',"; } if ($item_templ['spellcategorycooldown_3'] != $spellcategorycooldown_3) { $sql_query .= "spellcategorycooldown_3='{$spellcategorycooldown_3}',"; } if ($item_templ['spellid_4'] != $spellid_4) { $sql_query .= "spellid_4='{$spellid_4}',"; } if ($item_templ['spelltrigger_4'] != $spelltrigger_4) { $sql_query .= "spelltrigger_4='{$spelltrigger_4}',"; } if ($item_templ['spellcharges_4'] != $spellcharges_4) { $sql_query .= "spellcharges_4='{$spellcharges_4}',"; } if ($item_templ['spellppmRate_4'] != $spellppmRate_4) { $sql_query .= "spellppmRate_4='{$spellppmRate_4}',"; } if ($item_templ['spellcooldown_4'] != $spellcooldown_4) { $sql_query .= "spellcooldown_4='{$spellcooldown_4}',"; } if ($item_templ['spellcategory_4'] != $spellcategory_4) { $sql_query .= "spellcategory_4='{$spellcategory_4}',"; } if ($item_templ['spellcategorycooldown_4'] != $spellcategorycooldown_4) { $sql_query .= "spellcategorycooldown_4='{$spellcategorycooldown_4}', "; } if ($item_templ['spellid_5'] != $spellid_5) { $sql_query .= "spellid_5='{$spellid_5}',"; } if ($item_templ['spelltrigger_5'] != $spelltrigger_5) { $sql_query .= "spelltrigger_5='{$spelltrigger_5}',"; } if ($item_templ['spellcharges_5'] != $spellcharges_5) { $sql_query .= "spellcharges_5='{$spellcharges_5}',"; } if ($item_templ['spellppmRate_5'] != $spellppmRate_5) { $sql_query .= "spellppmRate_5='{$spellppmRate_5}',"; } if ($item_templ['spellcooldown_5'] != $spellcooldown_5) { $sql_query .= "spellcooldown_5='{$spellcooldown_5}',"; } if ($item_templ['spellcategory_5'] != $spellcategory_5) { $sql_query .= "spellcategory_5='{$spellcategory_5}',"; } if ($item_templ['spellcategorycooldown_5'] != $spellcategorycooldown_5) { $sql_query .= "spellcategorycooldown_5='{$spellcategorycooldown_5}',"; } if ($item_templ['bonding'] != $bonding) { $sql_query .= "bonding='{$bonding}',"; } if ($item_templ['description'] != $description) { $sql_query .= "description='{$description}',"; } if ($item_templ['PageText'] != $PageText) { $sql_query .= "PageText='{$PageText}',"; } if ($item_templ['LanguageID'] != $LanguageID) { $sql_query .= "LanguageID='{$LanguageID}',"; } if ($item_templ['PageMaterial'] != $PageMaterial) { $sql_query .= "PageMaterial='{$PageMaterial}',"; } if ($item_templ['startquest'] != $startquest) { $sql_query .= "startquest='{$startquest}',"; } if ($item_templ['lockid'] != $lockid) { $sql_query .= "lockid='{$lockid}',"; } if ($item_templ['Material'] != $Material) { $sql_query .= "Material='{$Material}',"; } if ($item_templ['sheath'] != $sheath) { $sql_query .= "sheath='{$sheath}',"; } if ($item_templ['RandomProperty'] != $RandomProperty) { $sql_query .= "RandomProperty='{$RandomProperty}',"; } if ($item_templ['block'] != $block) { $sql_query .= "block='{$block}',"; } if ($item_templ['itemset'] != $itemset) { $sql_query .= "itemset='{$itemset}',"; } if ($item_templ['MaxDurability'] != $MaxDurability) { $sql_query .= "MaxDurability='{$MaxDurability}',"; } if ($item_templ['area'] != $area) { $sql_query .= "area='{$area}',"; } if ($item_templ['BagFamily'] != $BagFamily) { $sql_query .= "BagFamily='{$BagFamily}',"; } if ($item_templ['Map'] != $Map) { $sql_query .= "Map='{$Map}',"; } if ($item_templ['ScriptName'] != $ScriptName) { $sql_query .= "ScriptName='{$ScriptName}',"; } if ($item_templ['DisenchantID'] != $DisenchantID) { $sql_query .= "DisenchantID='{$DisenchantID}',"; } if ($item_templ['RequiredDisenchantSkill'] != $RequiredDisenchantSkill) { $sql_query .= "RequiredDisenchantSkill='{$RequiredDisenchantSkill}',"; } if ($item_templ['ArmorDamageModifier'] != $ArmorDamageModifier) { $sql_query .= "ArmorDamageModifier='{$ArmorDamageModifier}',"; } if ($item_templ['unk0'] != $unk0) { $sql_query .= "unk0='{$unk0}',"; } if ($item_templ['RandomSuffix'] != $RandomSuffix) { $sql_query .= "RandomSuffix='{$RandomSuffix}',"; } if ($item_templ['TotemCategory'] != $TotemCategory) { $sql_query .= "TotemCategory='{$TotemCategory}',"; } if ($item_templ['socketColor_1'] != $socketColor_1) { $sql_query .= "socketColor_1='{$socketColor_1}',"; } if ($item_templ['socketContent_1'] != $socketContent_1) { $sql_query .= "socketContent_1='{$socketContent_1}',"; } if ($item_templ['socketColor_2'] != $socketColor_2) { $sql_query .= "socketColor_2='{$socketColor_2}',"; } if ($item_templ['socketContent_2'] != $socketContent_2) { $sql_query .= "socketContent_2='{$socketContent_2}',"; } if ($item_templ['socketColor_3'] != $socketColor_3) { $sql_query .= "socketColor_3='{$socketColor_3}',"; } if ($item_templ['socketContent_3'] != $socketContent_3) { $sql_query .= "socketContent_3='{$socketContent_3}',"; } if ($item_templ['socketBonus'] != $socketBonus) { $sql_query .= "socketBonus='{$socketBonus}',"; } if ($item_templ['GemProperties'] != $GemProperties) { $sql_query .= "GemProperties='{$GemProperties}',"; } $sql->free_result($result); unset($item_templ); if ($sql_query == "UPDATE item_template SET " && !$de_item && !$del_de_items) { $sql->close(); redirect("item.php?action=edit&entry={$entry}&error=6"); } else { if ($sql_query != "UPDATE item_template SET ") { $sql_query[strlen($sql_query) - 1] = " "; $sql_query .= " WHERE entry = '{$entry}';\n"; } else { $sql_query = ""; } } if ($de_item) { $sql_query .= "INSERT INTO disenchant_loot_template (entry, item, ChanceOrQuestChance, `groupid`, mincountOrRef, maxcount, lootcondition, condition_value1, condition_value2)\n VALUES ({$DisenchantID},{$de_item},'{$de_ChanceOrQuestChance}', '{$de_groupid}' ,{$de_mincountOrRef} ,{$de_maxcount} ,{$de_lootcondition} ,{$de_condition_value1} ,{$de_condition_value2});\n"; } if ($del_de_items) { foreach ($del_de_items as $item_id) { $sql_query .= "DELETE FROM disenchant_loot_template WHERE entry = {$DisenchantID} AND item = {$item_id};\n"; } } } else { $sql->close(); redirect("item.php?error=5"); } } else { $sql->close(); redirect("item.php?error=5"); } if (isset($_POST['backup_op']) && $_POST['backup_op'] == 1) { $sql->close(); Header("Content-type: application/octet-stream"); Header("Content-Disposition: attachment; filename=itemid_{$entry}.sql"); echo $sql_query; exit; } else { $sql_query = explode(';', $sql_query); foreach ($sql_query as $tmp_query) { if ($tmp_query && $tmp_query != "\n") { $result = $sql->query($tmp_query); } } $sql->close(); } if ($result) { redirect("item.php?action=edit&entry={$entry}&error=4"); } else { redirect("item.php"); } }
function doupdate_commands() { global $output, $realm_id, $world_db, $action_permission; valid_login($action_permission['update']); $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); if (isset($_GET['change'])) { $change = $sqlw->quote_smart($_GET['change']); } else { redirect('command.php?error=1'); } $commands = array_keys($change); $n_commands = count($change); for ($i = 0; $i < $n_commands; ++$i) { $query = $sqlw->query('UPDATE command SET security = ' . $change[$commands[$i]] . ' WHERE name= \'' . $commands[$i] . '\''); } unset($n_commands); unset($commands); unset($change); redirect('command.php'); }
function do_pass_activate() { global $lang_global, $realm_db; if (empty($_GET['h']) || empty($_GET['p'])) { redirect("register.php?action=pass_recovery&err=1"); } $sql = new SQL(); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $pass = $sql->quote_smart(trim($_GET['p'])); $hash = $sql->quote_smart($_GET['h']); $result = $sql->query("SELECT id,username FROM account WHERE sha_pass_hash = '{$hash}'"); if ($sql->num_rows($result) == 1) { $username = $sql->result($result, 0, 'username'); $id = $sql->result($result, 0, 'id'); if (substr(sha1(strtoupper($sql->result($result, 0, 'username'))), 0, 7) == $pass) { $sql->query("UPDATE account SET sha_pass_hash=SHA1(CONCAT(UPPER('{$username}'),':',UPPER('{$pass}'))), v=0, s=0 WHERE id = '{$id}'"); redirect("login.php"); } } else { redirect("register.php?action=pass_recovery&err=1"); } redirect("register.php?action=pass_recovery&err=1"); }
<?php require_once "header.php"; require_once "libs/char_lib.php"; valid_login($action_permission['read']); //global $lang_honor, $lang_global, $output, $characters_db, $realm_id, $itemperpage, $realm_db; $sql = new SQL(); $sql->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $start = isset($_GET['start']) ? $sql->quote_smart($_GET['start']) : 0; $order_by = isset($_GET['order_by']) ? $sql->quote_smart($_GET['order_by']) : "honor"; $query = $sql->query("SELECT C.guid, C.name, C.race, C.class, C.totalHonorPoints AS honor , C.totalKills AS kills, C.level, C.arenaPoints AS arena, COALESCE(guild_member.guildid,0) as GNAME, C.gender FROM characters C LEFT JOIN guild_member ON C.guid = guild_member.guid WHERE race in (1,3,4,7,11) ORDER BY {$order_by} DESC LIMIT 25;"); $this_page = $sql->num_rows($query); $output .= "\r\n <script type=\"text/javascript\">\r\n answerbox.btn_ok='{$lang_global['yes_low']}';\r\n answerbox.btn_cancel='{$lang_global['no']}';\r\n </script>\r\n <center>\r\n <fieldset style=\"width: 776px;\">\r\n <legend><img src='img/alliance.gif' /></legend>\r\n <table class=\"lined\" style=\"width: 705px;\">\r\n <tr class=\"bold\">\r\n <td colspan=\"11\">{$lang_honor['allied']} {$lang_honor['browse_honor']}</td>\r\n </tr>\r\n <tr>\r\n <th width=\"30%\">{$lang_honor['guid']}</th>\r\n <th width=\"7%\">{$lang_honor['race']}</th>\r\n <th width=\"7%\">{$lang_honor['class']}</th>\r\n <th width=\"7%\">{$lang_honor['level']}</th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor points']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=kills\"" . ($order_by == 'kills' ? " class=DESC" : "") . ">Kills</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=arena\"" . ($order_by == 'arena' ? " class=DESC" : "") . ">AP</a></th>\r\n <th width=\"30%\">{$lang_honor['guild']}</th>\r\n </tr>"; while ($char = $sql->fetch_row($query)) { $guild_name = $sql->fetch_row($sql->query("SELECT `name` FROM `guild` WHERE `guildid`=" . $char[8] . ";")); $output .= "\r\n <tr>\r\n <td><a href=\"char.php?id={$char['0']}\">" . htmlentities($char[1]) . "</a></td>\r\n <td><img src='img/c_icons/{$char[2]}-{$char[9]}.gif' onmousemove='toolTip(\"" . char_get_race_name($char[2]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td><img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"" . char_get_class_name($char[3]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td>" . char_get_level_color($char[6]) . "</td>\r\n <td><span onmouseover='toolTip(\"" . char_get_pvp_rank_name($char[4], char_get_side_id($char[2])) . "\",\"item_tooltip\")' onmouseout='toolTip()' style='color: white;'><img src='img/ranks/rank" . char_get_pvp_rank_id($char[4], char_get_side_id($char[2])) . ".gif'></span></td>\r\n <td>{$char['4']}</td>\r\n <td>{$char['5']}</td>\r\n <td>{$char['7']}</td>\r\n <td><a href=\"guild.php?action=view_guild&error=3&id={$char['8']}\">" . htmlentities($guild_name[0]) . "</a></td>\r\n </tr>"; } $output .= "\r\n </table>\r\n <br />\r\n </fieldset>"; $query = $sql->query("SELECT C.guid, C.name, C.race, C.class, C.todayHonorPoints AS honor , C.totalKills AS kills, C.level, C.arenaPoints AS arena, COALESCE(guild_member.guildid,0) as GNAME, C.gender FROM characters C LEFT JOIN guild_member ON C.guid = guild_member.guid WHERE race not in (1,3,4,7,11) ORDER BY {$order_by} DESC LIMIT 25;"); $this_page = $sql->num_rows($query); $output .= "\r\n <script type=\"text/javascript\">\r\n answerbox.btn_ok='{$lang_global['yes_low']}';\r\n answerbox.btn_cancel='{$lang_global['no']}';\r\n </script>\r\n <center>\r\n <fieldset style=\"width: 776px;\">\r\n <legend><img src='img/horde.gif' /></legend>\r\n <table class=\"lined\" style=\"width: 705px;\">\r\n <tr class=\"bold\">\r\n <td colspan=\"11\">{$lang_honor['horde']} {$lang_honor['browse_honor']}</td>\r\n </tr>\r\n <tr>\r\n <th width=\"30%\">{$lang_honor['guid']}</th>\r\n <th width=\"7%\">{$lang_honor['race']}</th>\r\n <th width=\"7%\">{$lang_honor['class']}</th>\r\n <th width=\"7%\">{$lang_honor['level']}</th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=honor\"" . ($order_by == 'honor' ? " class=DESC" : "") . ">{$lang_honor['honor points']}</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=kills\"" . ($order_by == 'kills' ? " class=DESC" : "") . ">Kills</a></th>\r\n <th width=\"5%\"><a href=\"honor.php?order_by=arena\"" . ($order_by == 'arena' ? " class=DESC" : "") . ">AP</a></th>\r\n <th width=\"30%\">{$lang_honor['guild']}</th>\r\n </tr>"; while ($char = $sql->fetch_row($query)) { $guild_name = $sql->fetch_row($sql->query("SELECT `name` FROM `guild` WHERE `guildid`=" . $char[8] . ";")); $output .= "\r\n <tr>\r\n <td><a href=\"char.php?id={$char['0']}\">" . htmlentities($char[1]) . "</a></td>\r\n <td><img src='img/c_icons/{$char[2]}-{$char[9]}.gif' onmousemove='toolTip(\"" . char_get_race_name($char[2]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td><img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"" . char_get_class_name($char[3]) . "\",\"item_tooltip\")' onmouseout='toolTip()'></td>\r\n <td>" . char_get_level_color($char[6]) . "</td>\r\n <td><span onmouseover='toolTip(\"" . char_get_pvp_rank_name($char[4], char_get_side_id($char[2])) . "\",\"item_tooltip\")' onmouseout='toolTip()' style='color: white;'><img src='img/ranks/rank" . char_get_pvp_rank_id($char[4], char_get_side_id($char[2])) . ".gif'></span></td>\r\n <td>{$char['4']}</td>\r\n <td>{$char['5']}</td>\r\n <td>{$char['7']}</td>\r\n <td><a href=\"guild.php?action=view_guild&error=3&id={$char['8']}\">" . htmlentities($guild_name[0]) . "</a></td>\r\n </tr>"; } $output .= "\r\n </table>\r\n <br />\r\n </fieldset>"; require_once "footer.php";
function saveforum() { global $corem_db; $sqlm = new SQL(); $sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]); $forum_item = $sqlm->quote_smart($_GET["forum_item"]); $forum = $sqlm->quote_smart($_GET["category"]); $name = $sqlm->quote_smart($_GET["name"]); $desc = $sqlm->quote_smart($_GET["desc"]); $sideaccess = $sqlm->quote_smart($_GET["sideaccess"]); $min_security_level_read = $sqlm->quote_smart($_GET["min_security_level_read"]); $min_security_level_post = $sqlm->quote_smart($_GET["min_security_level_post"]); $min_security_level_create_topic = $sqlm->quote_smart($_GET["min_security_level_create_topic"]); $result = $sqlm->query("SELECT * FROM config_forums WHERE `Index`='" . $forum_item . "'"); if ($sqlm->num_rows($result)) { $result = $sqlm->query("UPDATE config_forums SET Category='" . $forum . "', Name='" . $name . "', `Desc`='" . $desc . "', Side_Access='" . $sideaccess . "', Min_Security_Level_Read='" . $min_security_level_read . "', Min_Security_Level_Post='" . $min_security_level_post . "', Min_Security_Level_Create_Topic='" . $min_security_level_create_topic . "' WHERE `Index`='" . $forum_item . "'"); } else { $result = $sqlm->query("INSERT INTO config_forums (Category, Name, Desc, Side_Access, Min_Security_Level_Read, Min_Security_Level_Post, Min_Security_Level_Create_Topic) VALUES ('" . $forum . "', '" . $name . "', '" . $desc . "', '" . $sideaccess . "', '" . $min_security_level_read . "', '" . $min_security_level_post . "', '" . $min_security_level_create_topic . "')"); } redirect("admin.php?section=forum"); }
function forum_do_move_topic(&$sqlm) { global $forum_lang, $forum_skeleton, $maxqueries, $user_lvl, $user_id, $output, $mmfpm_db; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //==========================$_POST and SECURE================================= if (!isset($_POST['forum'])) { error($forum_lang['no_such_forum']); } else { $forum = $sqlm->quote_smart($_POST['forum']); } if (!isset($_POST['id'])) { error($forum_lang["no_such_topic"]); } else { $id = $sqlm->quote_smart($_POST['id']); } //==========================$_POST and SECURE end============================= $sqlm->query(' UPDATE mm_forum_posts SET forum = ' . $forum . ' WHERE topic = ' . $id . ''); // update topic' s last post id redirect('forum.php?action=view_topic&id=' . $id . ''); // Queries : 1 }
function forum_do_edit_post(&$sqlm) { global $forum_lang, $user_lvl, $user_name, $user_id, $mmfpm_db; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //==========================$_POST and SECURE================================= if (!isset($_POST['forum'])) { error($forum_lang["no_such_forum"]); } else { $forum = $sqlm->quote_smart($_POST['forum']); } if (!isset($_POST['post'])) { error($forum_lang["no_such_post"]); } else { $post = $sqlm->quote_smart($_POST['post']); } if (!isset($_POST['name'])) { $topic = 0; } else { $topic = 1; // htmlspecialchars($_POST['name']); $name = $sqlm->quote_smart($_POST['name']); if (strlen($name) > 49) { $sqlm->close(); error($forum_lang["name_too_long"]); } if (strlen($name) < 5) { $sqlm->close(); error($forum_lang["name_too_short"]); } } // $_POST['msg'] = htmlspecialchars($_POST['msg']); $msg = trim($sqlm->quote_smart($_POST['msg']), " "); if (strlen($msg) < 5) { $sqlm->close(); error($forum_lang["msg_too_short"]); } //==========================$_POST and SECURE end============================== $msg = str_replace('\\n', '<br />', $msg); // $msg = str_replace('\r', '<br />', $msg); $result = $sqlm->query(' SELECT topic FROM mm_forum_posts WHERE id = ' . $post . ''); $topicid = $sqlm->fetch_assoc($result); $sqlm->query(' UPDATE mm_forum_posts SET text = \'' . $msg . '\' WHERE id = ' . $post . ''); if ($topic == 1) { $sqlm->query(' UPDATE mm_forum_posts SET name = \'' . $name . '\' WHERE topic = ' . $topicid['topic'] . ''); } $result = $sqlm->query(' SELECT topic FROM mm_forum_posts WHERE id = ' . $post . ''); $topicid = $sqlm->fetch_assoc($result); $sqlm->close(); redirect('forum.php?action=view_topic&id=' . $topicid['topic'] . ''); // Queries : 3 (+1 if topic) }
function savedbs() { global $output, $corem_db; $sqlm = new SQL(); $sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]); if (isset($_GET["addchar"])) { // Add new Character Database // get highest index $i_query = "SELECT IFNULL(MAX(`Index`), 0) AS MaxID FROM config_character_databases"; $i_result = $sqlm->query($i_query); $i_result = $sqlm->fetch_assoc($i_result); $max_index = $i_result["MaxID"]; $result_addchar = $sqlm->query("INSERT INTO config_character_databases (`Index`, Encoding) VALUES ('" . ($max_index + 1) . "', 'utf8')"); } if (isset($_GET["addworld"])) { // Add new World Database // get highest index $i_query = "SELECT IFNULL(MAX(`Index`), 0) AS MaxID FROM config_world_databases"; $i_result = $sqlm->query($i_query); $i_result = $sqlm->fetch_assoc($i_result); $max_index = $i_result["MaxID"]; $result_addworld = $sqlm->query("INSERT INTO config_world_databases (`Index`, Encoding) VALUES ('" . ($max_index + 1) . "', 'utf8')"); } if (isset($_GET["dbc_name"])) { $dbc_host = $sqlm->quote_smart($_GET["host"]); $dbc_port = $sqlm->quote_smart($_GET["port"]); $dbc_user = $sqlm->quote_smart($_GET["user"]); $dbc_pass = $sqlm->quote_smart($_GET["pass"]); $dbc_name = $sqlm->quote_smart($_GET["dbc_name"]); $dbc_encoding = $sqlm->quote_smart($_GET["dbc_encoding"]); $dbc_count = $sqlm->fetch_assoc($sqlm->query("SELECT COUNT(*) FROM config_dbc_database")); if ($dbc_count["COUNT(*)"] == 1) { $dbc_upper = $sqlm->fetch_assoc($sqlm->query("SELECT MAX(`Index`) FROM config_dbc_database")); $result = $sqlm->query("UPDATE config_dbc_database SET Address='" . $dbc_host . "', Port='" . $dbc_port . "', Name='" . $dbc_name . "', User='******', Password='******', Encoding='" . $dbc_encoding . "' WHERE `Index`='" . $dbc_upper["MAX(`Index`)"] . "'"); } elseif ($dbc_count["COUNT(*)"] > 1) { $result = $sqlm->query("TRUNCATE TABLE config_dbc_database"); $result = $sqlm->query("INSERT INTO config_dbc_database (Address, Port, User, Name, Password, Encoding) VALUES ('" . $dbc_host . "', '" . $dbc_port . "', '" . $dbc_user . "', '" . $dbc_name . "', '" . $dbc_pass . "', '" . $dbc_encoding . "')"); } else { $result = $sqlm->query("INSERT INTO config_dbc_database (Address, Port, User, Name, Password, Encoding) VALUES ('" . $dbc_host . "', '" . $dbc_port . "', '" . $dbc_user . "', '" . $dbc_name . "', '" . $dbc_pass . "', '" . $dbc_encoding . "')"); } } if (isset($_GET["logon_name"])) { $logon_host = $sqlm->quote_smart($_GET["host"]); $logon_port = $sqlm->quote_smart($_GET["port"]); $logon_user = $sqlm->quote_smart($_GET["user"]); $logon_pass = $sqlm->quote_smart($_GET["pass"]); $logon_name = $sqlm->quote_smart($_GET["logon_name"]); $logon_encoding = $sqlm->quote_smart($_GET["logon_encoding"]); $result_logon = $sqlm->query("UPDATE config_logon_database SET Address='" . $logon_host . "', Port='" . $logon_port . "', User='******', Password='******', Name='" . $logon_name . "', Encoding='" . $logon_encoding . "' WHERE `Index`=1"); } if (isset($_GET["char_realm"])) { $char_realms = isset($_GET["char_realm"]) ? $sqlm->quote_smart($_GET["char_realm"]) : NULL; $char_new_realms = isset($_GET["char_new_realm"]) ? $sqlm->quote_smart($_GET["char_new_realm"]) : NULL; $char_hosts = isset($_GET["host"]) ? $sqlm->quote_smart($_GET["host"]) : NULL; $char_ports = isset($_GET["port"]) ? $sqlm->quote_smart($_GET["port"]) : NULL; $char_users = isset($_GET["user"]) ? $sqlm->quote_smart($_GET["user"]) : NULL; $char_passes = isset($_GET["pass"]) ? $sqlm->quote_smart($_GET["pass"]) : NULL; $char_names = isset($_GET["char_name"]) ? $sqlm->quote_smart($_GET["char_name"]) : NULL; $char_encodings = isset($_GET["char_encoding"]) ? $sqlm->quote_smart($_GET["char_encoding"]) : NULL; for ($i = 0; $i < count($char_names); $i++) { $result_char = $sqlm->query("UPDATE config_character_databases SET `Index`='" . $char_new_realms[$i] . "', Address='" . $char_hosts . "', Port='" . $char_ports . "', User='******', Password='******', Name='" . $char_names[$i] . "', Encoding='" . $char_encodings[$i] . "' WHERE `Index`='" . $char_realms[$i] . "'"); } } if (isset($_GET["remove_char"])) { $remove_chars = isset($_GET["remove_char"]) ? $sqlm->quote_smart($_GET["remove_char"]) : NULL; for ($i = 0; $i <= count($remove_chars); $i++) { $result_char = $sqlm->query("DELETE FROM config_character_databases WHERE `Index`='" . $remove_chars[$i] . "'"); } } if (isset($_GET["world_realm"])) { $world_realms = isset($_GET["world_realm"]) ? $sqlm->quote_smart($_GET["world_realm"]) : NULL; $world_new_realms = isset($_GET["world_new_realm"]) ? $sqlm->quote_smart($_GET["world_new_realm"]) : NULL; $world_hosts = isset($_GET["host"]) ? $sqlm->quote_smart($_GET["host"]) : NULL; $world_ports = isset($_GET["port"]) ? $sqlm->quote_smart($_GET["port"]) : NULL; $world_users = isset($_GET["user"]) ? $sqlm->quote_smart($_GET["user"]) : NULL; $world_passes = isset($_GET["pass"]) ? $sqlm->quote_smart($_GET["pass"]) : NULL; $world_names = isset($_GET["world_name"]) ? $sqlm->quote_smart($_GET["world_name"]) : NULL; $world_encodings = isset($_GET["world_encoding"]) ? $sqlm->quote_smart($_GET["world_encoding"]) : NULL; for ($i = 0; $i < count($world_names); $i++) { $result_world = $sqlm->query("UPDATE config_world_databases SET `Index`='" . $world_new_realms[$i] . "', Address='" . $world_hosts . "', Port='" . $world_ports . "', User='******', Password='******', Name='" . $world_names[$i] . "', Encoding='" . $world_encodings[$i] . "' WHERE `Index`='" . $world_realms[$i] . "'"); } } if (isset($_GET["remove_world"])) { $remove_worlds = isset($_GET["remove_world"]) ? $sqlm->quote_smart($_GET["remove_world"]) : NULL; for ($i = 0; $i <= count($remove_worlds); $i++) { $remove_query = "DELETE FROM config_world_databases WHERE `Index`='" . $remove_worlds[$i] . "'"; $result_world = $sqlm->query($remove_query); } } redirect("admin.php?section=databases"); }
function docleanup() { global $lang_cleanup, $lang_global, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $tab_del_user_characters, $tab_del_user_characters_trinity, $tab_del_user_realmd; if ($server_type) { $tab_del_user_characters = $tab_del_user_characters_trinity; } if (!isset($_POST['type']) || $_POST['type'] === '') { redirect("cleanup.php?error=1"); } $sql = new SQL(); $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $type = $sql->quote_smart($_POST['type']); if (isset($_POST['check']) && $_POST['check'] != '') { $check = $sql->quote_smart($_POST['check']); $check = explode('-', $check); } else { redirect("cleanup.php?error=1"); } $deleted_acc = 0; $deleted_chars = 0; $deleted_gulds = 0; require_once "./libs/del_lib.php"; switch ($type) { //we deleting account array case "acc": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { list($flag, $del_char) = del_acc($check[$i]); if ($flag) { $deleted_acc++; $deleted_chars += $del_char; } } } break; //we deleting character array //we deleting character array case "char": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { if (del_char($check[$i], $realm_id)) { $deleted_chars++; } } } break; //cleaning guilds //cleaning guilds case "guild": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { if (del_guild($check[$i], $realm_id)) { $deleted_gulds++; } } } break; //cleaning arena teams //cleaning arena teams case "arenateam": for ($i = 1; $i < count($check); $i++) { if ($check[$i] != "") { if (del_arenateam($check[$i], $realm_id)) { $deleted_arenateams++; } } } break; default: redirect("cleanup.php?error=1"); } $sql->close(); unset($sql); $output .= "<center>"; if ($type == "guild") { if (!$deleted_gulds) { $output .= "<h1><font class=\"error\">{$lang_cleanup['no_guilds_del']}</font></h1>"; } else { $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_gulds}</font> {$lang_cleanup['guilds_deleted']}</font></h1>"; } } else { if ($type == "arenateam") { if (!$deleted_arenateams) { $output .= "<h1><font class=\"error\">{$lang_cleanup['no_arenateams_del']}</font></h1>"; } else { $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_arenateams}</font> {$lang_cleanup['arenateams_deleted']}</font></h1>"; } } else { if ($deleted_acc + $deleted_chars == 0) { $output .= "<h1><font class=\"error\">{$lang_cleanup['no_acc_chars_deleted']}</font></h1>"; } else { $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_acc}</font> {$lang_cleanup['accs_deleted']}</font></h1><br />"; $output .= "<h1><font class=\"error\">{$lang_cleanup['total']} <font color=blue>{$deleted_chars}</font> {$lang_cleanup['chars_deleted']}</font></h1>"; } } } $output .= "<br /><br />"; $output .= "<table class=\"hidden\">\r\n <tr><td>"; makebutton($lang_cleanup['back_cleaning'], "cleanup.php", 200); $output .= "</td></tr>\r\n </table><br /></center>"; }
function do_add_tele() { global $world_db, $realm_id, $action_permission; valid_login($action_permission['insert']); if (!isset($_GET['name']) || !isset($_GET['map']) || !isset($_GET['x']) || !isset($_GET['y']) || !isset($_GET['z']) || !isset($_GET['orientation'])) { redirect("tele.php?error=1"); } $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $name = $sqlw->quote_smart($_GET['name']); $map = $sqlw->quote_smart($_GET['map']); $x = $sqlw->quote_smart($_GET['x']); $y = $sqlw->quote_smart($_GET['y']); $z = $sqlw->quote_smart($_GET['z']); $orientation = $sqlw->quote_smart($_GET['orientation']); $sqlw->query("INSERT INTO game_tele VALUES (NULL,'{$x}','{$y}', '{$z}' ,'{$orientation}' ,'{$map}' ,'{$name}')"); if ($sqlw->affected_rows()) { redirect("tele.php?error=3"); } else { redirect("tele.php?error=5"); } }
function savemenu() { global $corem_db; $sqlm = new SQL(); $sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]); $menu_item = $sqlm->quote_smart($_GET["menu_item"]); $menu = $sqlm->quote_smart($_GET["menu"]); $order = $sqlm->quote_smart($_GET["order"]); $name = $sqlm->quote_smart($_GET["name"]); $action = $sqlm->quote_smart($_GET["menu_action"]); $view = $sqlm->quote_smart($_GET["view"]); $insert = $sqlm->quote_smart($_GET["insert"]); $update = $sqlm->quote_smart($_GET["update"]); $delete = $sqlm->quote_smart($_GET["delete"]); $enabled = isset($_GET["enabled"]) ? 1 : 0; if (empty($order) || !isset($order)) { redirect("admin.php?section=menus&error=1"); } $result = $sqlm->query("SELECT * FROM config_menus WHERE `Index`='" . $menu_item . "'"); if ($sqlm->num_rows($result)) { $result = $sqlm->query("UPDATE config_menus SET Menu='" . $menu . "', `Order`='" . $order . "', Name='" . $name . "', Action='" . $action . "', View='" . $view . "', `Insert`='" . $insert . "', `Update`='" . $update . "', `Delete`='" . $delete . "', Enabled='" . $enabled . "' WHERE `Index`='" . $menu_item . "'"); } else { $result = $sqlm->query("INSERT INTO config_menus (Menu, `Order`, Name, Action, View, Insert, Update, Delete, Enabled) VALUES ('" . $menu . "', '" . $order . "', '" . $name . "', '" . $action . "', '" . $view . "', '" . $insert . "', '" . $update . "', '" . $delete . "', '" . $enabled . "')"); } redirect("admin.php?section=menus"); }
function events() { global $output, $lang_events, $realm_id, $world_db, $itemperpage; $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); //-------------------SQL Injection Prevention-------------------------------- // this page has multipage support and field ordering, so we need these $start = isset($_GET['start']) ? $sqlw->quote_smart($_GET['start']) : 0; if (is_numeric($start)) { } else { $start = 0; } $order_by = isset($_GET['order_by']) ? $sqlw->quote_smart($_GET['order_by']) : 'description'; if (preg_match('/^[_[:lower:]]{1,11}$/', $order_by)) { } else { $order_by = 'description'; } $dir = isset($_GET['dir']) ? $sqlw->quote_smart($_GET['dir']) : 1; if (preg_match('/^[01]{1}$/', $dir)) { } else { $dir = 1; } $order_dir = $dir ? 'ASC' : 'DESC'; $dir = $dir ? 0 : 1; // for multipage support $all_record = $sqlw->result($sqlw->query('SELECT count(*) FROM game_event WHERE start_time <> end_time'), 0); // main data that we need for this page, game events $result = $sqlw->query('SELECT description, start_time, occurence, length FROM game_event WHERE start_time <> end_time ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ''); //---------------Page Specific Data Starts Here-------------------------- // we start with a lead of 10 spaces, // because last line of header is an opening tag with 8 spaces // keep html indent in sync, so debuging from browser source would be easy to read $output .= ' <!-- start of events.php --> <center> <table class="top_hidden"> <tr> <td width="25%" align="right">'; // multi page links $output .= $lang_events['total'] . ' : ' . $all_record . '<br /><br />' . generate_pagination('events.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1), $all_record, $itemperpage, $start); // column headers, with links for sorting $output .= ' </td> </tr> </table> <table class="lined"> <tr> <th width="35%"><a href="events.php?order_by=description&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'description' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_events['descr'] . '</a></th> <th width="25%"><a href="events.php?order_by=start_time&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'start_time' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_events['start'] . '</a></th> <th width="20%"><a href="events.php?order_by=occurence&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'occurence' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_events['occur'] . '</a></th> <th width="20%"><a href="events.php?order_by=length&start=' . $start . '&dir=' . $dir . '"' . ($order_by === 'length' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_events['length'] . '</a></th> </tr>'; while ($events = $sqlw->fetch_assoc($result)) { $days = floor(round($events['occurence'] / 60) / 24); $hours = round($events['occurence'] / 60) - $days * 24; $event_occurance = ''; if ($days) { $event_occurance .= $days . ' days '; } if ($hours) { $event_occurance .= $hours . ' hours'; } $days = floor(round($events['length'] / 60) / 24); $hours = round($events['length'] / 60) - $days * 24; $event_duration = ''; if ($days) { $event_duration .= $days . ' days '; } if ($hours) { $event_duration .= $hours . ' hours'; } $output .= ' <tr valign="top"> <td align="left">' . $events['description'] . '</td> <td>' . $events['start_time'] . '</td> <td>' . $event_occurance . '</td> <td>' . $event_duration . '</td> </tr>'; } unset($event_duration); unset($event_occurance); unset($hours); unset($days); unset($events); unset($result); $output .= ' <tr> <td colspan="4" class="hidden" align="right" width="25%">'; // multi page links $output .= generate_pagination('events.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1), $all_record, $itemperpage, $start); unset($start); $output .= ' </td> </tr> <tr> <td colspan="4" class="hidden" align="right">' . $lang_events['total'] . ' : ' . $all_record . '</td> </tr> </table> </center> <!-- end of events.php -->'; }
function saveacct() { global $corem_db; $sqlm = new SQL(); $sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]); $acct = $sqlm->quote_smart($_GET["login"]); $sn = $sqlm->quote_smart($_GET["sn"]); $sec = isset($_GET["sec"]) ? $sqlm->quote_smart($_GET["sec"]) : 0; $acp = isset($_GET["acp"]) ? 1 : 0; if ($acp) { $sec += 1073741824; } $result = $sqlm->query("SELECT * FROM config_accounts WHERE Login='******'"); if ($sqlm->num_rows($result)) { $result = $sqlm->query("UPDATE config_accounts SET ScreenName='" . $sn . "', SecurityLevel='" . $sec . "' WHERE Login='******'"); } else { $result = $sqlm->query("INSERT INTO config_accounts (Login, ScreenName, SecurityLevel) VALUES ('" . $acct . "', '" . $sn . "', '" . $sec . "')"); } redirect("admin.php?section=accounts"); }
function send_mail() { global $lang_global, $output, $realm_db, $characters_db, $realm_id, $user_name, $from_mail, $mailer_type, $smtp_cfg; if (empty($_POST['body']) || empty($_POST['subject']) || empty($_POST['type']) || empty($_POST['group_sign']) || empty($_POST['group_send'])) { redirect("mail.php?error=1"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $sqlc = new SQL(); $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $body = explode("\n", $_POST['body']); $subject = $sqlc->quote_smart($_POST['subject']); if (isset($_POST['to']) && $_POST['to'] != '') { $to = $sqlc->quote_smart($_POST['to']); } else { $to = 0; if (!isset($_POST['group_value']) || $_POST['group_value'] === '') { redirect("mail.php?error=1"); } else { $group_value = $sqlc->quote_smart($_POST['group_value']); $group_sign = $sqlc->quote_smart($_POST['group_sign']); $group_send = $sqlc->quote_smart($_POST['group_send']); } } $type = addslashes($_POST['type']); $att_gold = $sqlc->quote_smart($_POST['money']); $att_item = $sqlc->quote_smart($_POST['att_item']); $att_stack = $sqlc->quote_smart($_POST['att_stack']); switch ($type) { case "email": require_once "libs/mailer/class.phpmailer.php"; $mail = new PHPMailer(); $mail->Mailer = $mailer_type; if ($mailer_type == "smtp") { $mail->Host = $smtp_cfg['host']; $mail->Port = $smtp_cfg['port']; if ($smtp_cfg['user'] != '') { $mail->SMTPAuth = true; $mail->Username = $smtp_cfg['user']; $mail->Password = $smtp_cfg['pass']; } } $value = NULL; for ($i = 0; $i < count($body); $i++) { $value .= $body[$i] . "\r\n"; } $body = $value; $mail->From = $from_mail; $mail->FromName = $user_name; $mail->Subject = $subject; $mail->IsHTML(true); $body = str_replace("\n", "<br />", $body); $body = str_replace("\r", " ", $body); $body = str_replace(array("\r\n", "\n", "\r"), '<br />', $body); $body = preg_replace("/([^\\/=\"\\]])((http|ftp)+(s)?:\\/\\/[^<>\\s]+)/i", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $body); $body = preg_replace('/([^\\/=\\"\\]])(www\\.)(\\S+)/', '\\1<a href="http://\\2\\3" target="_blank">\\2\\3</a>', $body); $mail->Body = $body; $mail->WordWrap = 50; if ($to) { //single Recipient $mail->AddAddress($to); if (!$mail->Send()) { $mail->ClearAddresses(); redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo); } else { $mail->ClearAddresses(); redirect("mail.php?error=2"); } } elseif (isset($group_value)) { //group send $email_array = array(); switch ($group_send) { case "gm_level": $result = $sqlr->query("SELECT email FROM account WHERE gmlevel {$group_sign} '{$group_value}'"); while ($user = $sqlr->fetch_row($result)) { if ($user[0] != "") { array_push($email_array, $user[0]); } } break; case "locked": $result = $sqlr->query("SELECT email FROM account WHERE locked {$group_sign} '{$group_value}'"); while ($user = $sqlr->fetch_row($result)) { if ($user[0] != "") { array_push($email_array, $user[0]); } } break; case "banned": $que = $sqlr->query("SELECT id FROM account_banned"); while ($banned = $sql->fetch_row($que)) { $result = $sqlr->query("SELECT email FROM account WHERE id = '{$banned['0']}'"); if ($sqlr->result($result, 0, 'email')) { array_push($email_array, $sql->result($result, 0, 'email')); } } break; default: redirect("mail.php?error=5"); break; } foreach ($email_array as $mail_addr) { $mail->AddAddress($mail_addr); if (!$mail->Send()) { $mail->ClearAddresses(); redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo); } else { $mail->ClearAddresses(); } } redirect("mail.php?error=2"); } else { redirect("mail.php?error=1"); } break; case "ingame_mail": $value = NULL; for ($i = 0; $i < count($body); $i++) { $value .= $body[$i] . " "; } $body = $value; $body = str_replace("\r", " ", $body); if ($to) { //single Recipient $result = $sqlc->query("SELECT name FROM characters WHERE name = '{$to}'"); if ($sqlc->num_rows($result) == 1) { $receiver = $sqlc->result($result, 0, 'name'); $mails = array(); array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack)); send_ingame_mail($realm_id, $mails); } else { redirect("mail.php?error=4"); } redirect("mail.php?error=2"); break; } elseif (isset($group_value)) { //group send $char_array = array(); switch ($group_send) { case "gm_level": $result = $sqlr->query("SELECT id FROM account WHERE gmlevel {$group_sign} '{$group_value}'"); while ($acc = $sqlc->fetch_row($result)) { $result_2 = $sqlc->query("SELECT name FROM `characters` WHERE account = '{$acc['0']}'"); while ($char = $sqlc->fetch_row($result_2)) { array_push($char_array, $char[0]); } } break; case "online": $result = $sqlc->query("SELECT name FROM `characters` WHERE online {$group_sign} '{$group_value}'"); while ($user = $sqlc->fetch_row($result)) { array_push($char_array, $user[0]); } break; case "char_level": $result = $sqlc->query("SELECT name FROM `characters` WHERE SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) {$group_sign} '{$group_value}'"); while ($user = $sqlc->fetch_row($result)) { array_push($char_array, $user[0]); } break; default: redirect("mail.php?error=5"); } $mails = array(); foreach ($char_array as $receiver) { array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack)); } send_ingame_mail($realm_id, $mails); redirect("mail.php?error=2"); } break; default: redirect("mail.php?error=1"); } }
function save() { global $corem_db; $sqlm = new SQL(); $sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]); // then we get the config data // General Database Settings if ($_GET["host"] != "") { $host = $sqlm->quote_smart($_GET["host"]); } else { redirect("setup.php?error=1"); } if ($_GET["port"] != "") { $port = $sqlm->quote_smart($_GET["port"]); } else { redirect("setup.php?error=1"); } if ($_GET["user"] != "") { $user = $sqlm->quote_smart($_GET["user"]); } else { redirect("setup.php?error=1"); } if ($_GET["pass"] != "") { $pass = $sqlm->quote_smart($_GET["pass"]); } else { redirect("setup.php?error=1"); } // Authentication DB Name if ($_GET["name"] != "") { $name = $sqlm->quote_smart($_GET["name"]); } else { redirect("setup.php?error=1"); } // DBC DB Name if ($_GET["dbcname"] != "") { $dbcname = $sqlm->quote_smart($_GET["dbcname"]); } else { redirect("setup.php?error=1"); } if ($_GET["acctname"] != "") { $acctname = $sqlm->quote_smart($_GET["acctname"]); } else { redirect("setup.php?error=1"); } if ($_GET["screenname"] != "") { $screenname = $sqlm->quote_smart($_GET["screenname"]); } else { redirect("setup.php?error=1"); } // first, we import databases import_db($host, $port, $user, $pass, $dbcname); // save logon database configs $logon_count = $sqlm->fetch_assoc($sqlm->query("SELECT COUNT(*) FROM config_logon_database")); if ($logon_count["COUNT(*)"] == 1) { $logon_upper = $sqlm->fetch_assoc($sqlm->query("SELECT MAX(`Index`) FROM config_logon_database")); $result = $sqlm->query("UPDATE config_logon_database SET Address='" . $host . "', Port='" . $port . "', Name='" . $name . "', User='******', Password='******', Encoding='utf8' WHERE `Index`='" . $logon_upper["MAX(`Index`)"] . "'"); } elseif ($logon_count["COUNT(*)"] > 1) { $result = $sqlm->query("TRUNCATE TABLE config_logon_database"); $result = $sqlm->query("INSERT INTO config_logon_database (Address, Port, User, Name, Password, Encoding) VALUES ('" . $host . "', '" . $port . "', '" . $user . "', '" . $name . "', '" . $pass . "', 'utf8')"); } else { $result = $sqlm->query("INSERT INTO config_logon_database (Address, Port, User, Name, Password, Encoding) VALUES ('" . $host . "', '" . $port . "', '" . $user . "', '" . $name . "', '" . $pass . "', 'utf8')"); } // save dbc database configs $dbc_count = $sqlm->fetch_assoc($sqlm->query("SELECT COUNT(*) FROM config_dbc_database")); if ($dbc_count["COUNT(*)"] == 1) { $dbc_upper = $sqlm->fetch_assoc($sqlm->query("SELECT MAX(`Index`) FROM config_dbc_database")); $result = $sqlm->query("UPDATE config_dbc_database SET Address='" . $host . "', Port='" . $port . "', Name='" . $dbcname . "', User='******', Password='******', Encoding='utf8' WHERE `Index`='" . $dbc_upper["MAX(`Index`)"] . "'"); } elseif ($dbc_count["COUNT(*)"] > 1) { $result = $sqlm->query("TRUNCATE TABLE config_dbc_database"); $result = $sqlm->query("INSERT INTO config_dbc_database (Address, Port, User, Name, Password, Encoding) VALUES ('" . $host . "', '" . $port . "', '" . $user . "', '" . $dbcname . "', '" . $pass . "', 'utf8')"); } else { $result = $sqlm->query("INSERT INTO config_dbc_database (Address, Port, User, Name, Password, Encoding) VALUES ('" . $host . "', '" . $port . "', '" . $user . "', '" . $dbcname . "', '" . $pass . "', 'utf8')"); } // set up web admin account $account = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_accounts WHERE Login='******'")); if ($account["Login"] != '') { $result = $sqlm->query("UPDATE config_accounts SET ScreenName='" . $screenname . "', SecurityLevel=(4+1073741824) WHERE Login='******'"); } else { $result = $sqlm->query("INSERT INTO config_accounts (Login, ScreenName, SecurityLevel) VALUES (UPPER('" . $acctname . "'), '" . $screenname . "', (4+1073741824))"); } $result = $sqlm->query("UPDATE config_misc SET Value='1' WHERE `Key`='Installed'"); redirect("admin.php"); }
function forum_do_add_topic(&$sqlm) { global $enablesidecheck, $forum_skeleton, $forum_lang, $user_lvl, $user_name, $user_id, $mmfpm_db, $minfloodtime; if ($enablesidecheck) { $side = get_side(); } // Better to use it here instead of call it many time in the loop :) $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $userposts = $sqlm->query(' SELECT time FROM mm_forum_posts WHERE authorid = ' . $user_id . ' ORDER BY id DESC LIMIT 1'); if ($sqlm->num_rows($userposts) != 0) { $mintimeb4post = $sqlm->fetch_assoc($userposts); $mintimeb4post = time() - strtotime($mintimeb4post['time']); if ($mintimeb4post < $minfloodtime) { error($forum_lang['please_wait']); } } //==========================$_POST and SECURE================================= if (!isset($_POST['forum'])) { error($forum_lang['no_such_forum']); } else { $forum = $sqlm->quote_smart($_POST['forum']); } //==========================$_POST and SECURE end============================= $cat = 0; foreach ($forum_skeleton as $cid => $category) { foreach ($category['forums'] as $fid => $forum_) { if ($fid == $forum) { $cat = $cid; } } } if (empty($forum_skeleton[$cat]['forums'][$forum])) { error($forum_lang['no_such_forum']); } $forum_ = $forum_skeleton[$cat]['forums'][$forum]; if ($forum_skeleton[$cat]['level_post_topic'] > $user_lvl || $forum_['level_post_topic'] > $user_lvl) { error($forum_lang['no_access']); } if ($user_lvl == 0 && $enablesidecheck) { if ($forum_skeleton[$cat]['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum_skeleton[$cat]['side_access'] != $side) { // Forumside different of the user side continue; } } } if ($forum_['side_access'] != 'ALL') { // Not an all side forum if ($side == 'NO') { // No char continue; } else { if ($forum_['side_access'] != $side) { // Forumside different of the user side continue; } } } } //==========================$_POST and SECURE================================= // $_POST['msg'] = htmlspecialchars($_POST['msg']); $msg = trim($sqlm->quote_smart($_POST['msg']), " "); // $_POST['name'] = htmlspecialchars($_POST['name']); $name = trim($sqlm->quote_smart($_POST['name']), " "); //==========================$_POST and SECURE end============================= if (strlen($name) > 49) { $sqlm->close(); error($forum_lang['name_too_long']); } if (strlen($name) < 5) { $sqlm->close(); error($forum_lang['name_too_short']); } if (strlen($msg) < 5) { $sqlm->close(); error($forum_lang['msg_too_short']); } $msg = str_replace('\\n', '<br />', $msg); // $msg = str_replace('\r', '<br />', $msg); $time = date("m/d/y H:i:s"); $sqlm->query(' INSERT INTO mm_forum_posts (authorid, authorname, forum, name, text, time) VALUES (\'' . $user_id . '\', \'' . $user_name . '\', \'' . $forum . '\', \'' . $name . '\', \'' . $msg . '\', \'' . $time . '\')'); $id = $sqlm->insert_id(); $sqlm->query(' UPDATE mm_forum_posts SET topic = ' . $id . ', lastpost = ' . $id . ' WHERE id = ' . $id . ''); $sqlm->close(); redirect('forum.php?action=view_topic&id=' . $id . ''); // Queries : 3 }
function doedit_user() { global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission; valid_login($action_permission['update']); if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $id = $sqlr->quote_smart($_POST['id']); $username = $sqlr->quote_smart($_POST['username']); $banreason = $sqlr->quote_smart($_POST['banreason']); $pass = $sqlr->quote_smart($_POST['pass']); $user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : ""; $mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : ""; $failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0; $gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0; $expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1; $banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0; $locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0; $referredby = $sqlr->quote_smart(trim($_POST['referredby'])); //make sure username/pass at least 4 chars long and less than max if (strlen($username) < 4 || strlen($username) > 15) { redirect("user.php?action=edit_user&id={$id}&error=8"); } if ($gmlevel >= $user_lvl) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16"); } require_once "libs/valid_lib.php"; if (!valid_alphabetic($username)) { redirect("user.php?action=edit_user&error=9&id={$id}"); } //restricting accsess to lower gmlvl $result = $sqlr->query("SELECT gmlevel,username FROM account WHERE id = '{$id}'"); if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) { redirect("user.php?error=14"); } if (!$banned) { $sqlr->query("DELETE FROM account_banned WHERE id='{$id}'"); } else { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'"); if (!$sqlr->result($result, 0)) { $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)"); } } $sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'"); $sqlr->query("UPDATE account SET gmlevel='{$gmlevel}' WHERE id='{$id}'"); if (doupdate_referral($referredby, $id) || $sqlr->affected_rows()) { redirect("user.php?action=edit_user&error=13&id={$id}"); } else { redirect("user.php?action=edit_user&error=12&id={$id}"); } }
function do_edit_ticket() { global $characters_db, $realm_id, $action_permission; valid_login($action_permission['update']); if (empty($_POST['new_text']) || empty($_POST['id'])) { redirect("ticket.php?error=1"); } $sqlc = new SQL(); $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $new_text = $sqlc->quote_smart($_POST['new_text']); $id = $sqlc->quote_smart($_POST['id']); if (is_numeric($id)) { } else { redirect("ticket.php?error=1"); } $query = $sqlc->query("UPDATE gm_tickets SET message='{$new_text}' WHERE guid = '{$id}'"); if ($sqlc->affected_rows()) { redirect("ticket.php?error=5"); } else { redirect("ticket.php?error=6"); } }
function do_delete_reward_item(&$sqlm) { global $action_permission, $mmfpm_db; valid_login($action_permission['delete']); $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (empty($_GET['item'])) { redirect('rewards.php?error=1'); } $items = $sqlm->quote_smart($_GET['item']); if (is_numeric($items)) { } else { redirect('rewards.php?error=1'); } $sqlm->query('DELETE FROM mm_reward_item WHERE item = ' . $items . ''); unset($items); if ($sqlm->affected_rows()) { redirect('rewards.php?action=show_reward_item'); } else { redirect('rewards.php?error=2'); } }
function general() { global $output, $corem_db, $world_db, $core; // we need $core to be set if ($core == 0) { $core = detectcore(); } $sqlm = new SQL(); $sqlm->connect($corem_db["addr"], $corem_db["user"], $corem_db["pass"], $corem_db["name"], $corem_db["encoding"]); $sqlw = new SQL(); $sqlw->connect($world_db[1]["addr"], $world_db[1]["user"], $world_db[1]["pass"], $world_db[1]["name"], $world_db[1]["encoding"]); $subsection = isset($_GET["subsection"]) ? $sqlm->quote_smart($_GET["subsection"]) : 1; $output .= ' <table id="sidebar"> <tr> <td ' . ($subsection == "more" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=more">' . lang("admin", "more") . '</a> </td> </tr> <tr> <td ' . ($subsection == "version" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=version">' . lang("admin", "version") . '</a> </td> </tr> <tr> <td ' . ($subsection == "mail" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=mail">' . lang("admin", "mail") . '</a> </td> </tr> <tr> <td ' . ($subsection == "irc" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=irc">' . lang("admin", "irc") . '</a> </td> </tr> <tr> <td ' . ($subsection == "proxy" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=proxy">' . lang("admin", "proxy") . '</a> </td> </tr> <tr> <td ' . ($subsection == "datasite" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=datasite">' . lang("admin", "datasite") . '</a> </td> </tr> <tr> <td ' . ($subsection == "acctcreation" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=acctcreation">' . lang("admin", "acct_creation") . '</a> </td> </tr> <tr> <td ' . ($subsection == "guests" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=guests">' . lang("admin", "guests") . '</a> </td> </tr> <tr> <td ' . ($subsection == "extratools" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=extratools">' . lang("admin", "extra_tools") . '</a> </td> </tr> <tr> <td ' . ($subsection == "internalmap" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=internalmap">' . lang("admin", "internal_map") . '</a> </td> </tr> <tr> <td ' . ($subsection == "validip" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=validip">' . lang("admin", "validip") . '</a> </td> </tr> <tr> <td ' . ($subsection == "ads" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=ads">' . lang("admin", "ads") . '</a> </td> </tr> <tr> <td ' . ($subsection == "gmlevels" ? 'class="current"' : '') . '> <a href="admin.php?section=general&subsection=gmlevels">' . lang("admin", "gm_levels") . '</a> </td> </tr> </table>'; if (isset($_GET["error"])) { $output .= ' <div id="misc_error">'; } else { $output .= ' <div id="misc">'; } $sub_action = isset($_GET["subaction"]) ? $_GET["subaction"] : ''; switch ($subsection) { case "version": if (!$sub_action) { $show_version_show = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Version_Show'")); $show_version_version = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Version_Version'")); $show_version_version_lvl = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Version_Version_Lvl'")); $show_version_revision = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Version_SVNRev'")); $show_version_revision_lvl = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Version_SVNRev_Lvl'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveversion" /> <input type="hidden" name="subsection" value="version" /> </div> <table class="simple"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "show_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "show") . '</a>: </td> <td> <select name="showversion" id="admin_showversion_field"> <option value="0" ' . ($show_version_show["Value"] == 0 ? 'selected="selected"' : '') . '>' . lang("admin", "dontshow") . '</option> <option value="1" ' . ($show_version_show["Value"] == 1 ? 'selected="selected"' : '') . 'disabled="disabled">' . lang("admin", "version") . '</option> <option value="2"' . ($show_version_show["Value"] == 2 ? 'selected="selected"' : '') . '>' . lang("admin", "verrev") . '</option> </select> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "version_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "version") . '</a>: </td> <td> <input type="text" name="version" value="' . $show_version_version["Value"] . '" readonly="readonly" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "versionlvl_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "versionlvl") . '</a>: </td> <td> <input type="text" name="versionlvl" value="' . $show_version_version_lvl["Value"] . '" readonly="readonly" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "revision_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "revision") . '</a>: </td> <td> <input type="text" name="revision" value="' . $show_version_revision["Value"] . '" readonly="readonly" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "revisionlvl_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "revisionlvl") . '</a>: </td> <td> <input type="text" name="revisionlvl" value="' . $show_version_revision_lvl["Value"] . '" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $show_version = $sqlm->quote_smart($_GET["showversion"]); $version = $sqlm->quote_smart($_GET["version"]); $version_lvl = $sqlm->quote_smart($_GET["versionlvl"]); $revision = $sqlm->quote_smart($_GET["revision"]); $revision_lvl = $sqlm->quote_smart($_GET["revisionlvl"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $show_version . "' WHERE `Key`='Show_Version_Show'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $version . "' WHERE `Key`='Show_Version_Version'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $version_lvl . "' WHERE `Key`='Show_Version_Version_Lvl'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $revision . "' WHERE `Key`='Show_Version_SVNRev'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $revision_lvl . "' WHERE `Key`='Show_Version_SVNRev_Lvl'"); redirect("admin.php?section=general&subsection=version"); } break; case "mail": if (!$sub_action) { $mail_admin_email = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Mail_Admin_Email'")); $mail_mailer_type = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Mail_Mailer_Type'")); $mail_from_email = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Mail_From_Email'")); $mail_gmailsender = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Mail_GMailSender'")); $format_mail_html = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Format_Mail_HTML'")); $smtp_host = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='SMTP_Host'")); $smtp_port = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='SMTP_Port'")); $smtp_user = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='SMTP_User'")); $smtp_pass = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='SMTP_Pass'")); $pm_from_char = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='PM_From_Char'")); $pm_stationary = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='PM_Stationary'")); $url_path = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='URL_Path'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="savemail" /> <input type="hidden" name="subsection" value="mail" /> </div> <table class="simple"> <tr> <td colspan="2"><b>' . lang("admin", "email") . '</b></td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "adminemail_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "adminemail") . '</a>: </td> <td> <input type="text" name="adminemail" value="' . $mail_admin_email["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "mailertype_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "mailertype") . '</a>: </td> <td> <select name="mailertype" id="admin_mailertype_field"> <option value="mail" ' . ($mail_mailer_type["Value"] == "mail" ? 'selected="selected" ' : '') . '>' . lang("admin", "mail") . '</option> <option value="sendmail" ' . ($mail_mailer_type["Value"] == "sendmail" ? 'selected="selected" ' : '') . '>' . lang("admin", "sendmail") . '</option> <option value="smtp"' . ($mail_mailer_type["Value"] == "smtp" ? 'selected="selected" ' : '') . '>' . lang("admin", "smtp") . '</option> <option value="gmailsmtp"' . ($mail_gmailsender["Value"] == 1 ? 'selected="selected" ' : '') . '>' . lang("admin", "gmailsmtp") . '</option> </select> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "fromemail_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "fromemail") . '</a>: </td> <td> <input type="text" name="fromemail" value="' . $mail_from_email["Value"] . '" /> </td> </tr> <!-- tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "usegmail_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "usegmail") . '</a>: </td> <td> <input type="checkbox" name="gmail" ' . ($mail_gmailsender["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr --> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "formathtml_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "formathtml") . '</a>: </td> <td> <input type="checkbox" name="usehtml" ' . ($format_mail_html["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "urlpath_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "urlpath") . '</a>: </td> <td> <input type="text" name="urlpath" value="' . $url_path["Value"] . '" /> </td> </tr> <tr> <td colspan="2"> <b>' . lang("admin", "smtp") . '</b> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "smtphost_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "smtphost") . '</a>: </td> <td> <input type="text" name="smtphost" value="' . $smtp_host["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "smtpport_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "smtpport") . '</a>: </td> <td> <input type="text" name="smtpport" value="' . $smtp_port["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "smtpuser_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "smtpuser") . '</a>: </td> <td> <input type="text" name="smtpuser" value="' . $smtp_user["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "smtppass_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "smtppass") . '</a>: </td> <td> <input type="text" name="smtppass" value="' . $smtp_pass["Value"] . '" /> </td> </tr>'; if ($core == 1) { $output .= ' <tr> <td colspan="2"> <b>' . lang("admin", "pm") . '</b> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "pmfrom_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "pmfrom") . '</a>: </td> <td> <input type="text" name="fromchar" value="' . $pm_from_char["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "pmstation_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "pmstation") . '</a>: </td> <td> <input type="text" name="stationary" value="' . $pm_stationary["Value"] . '" /> </td> </tr>'; } $output .= ' </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $mail_admin_email = $sqlm->quote_smart($_GET["adminemail"]); $mail_mailer_type = $sqlm->quote_smart($_GET["mailertype"]); $mail_from_email = $sqlm->quote_smart($_GET["fromemail"]); if ($mail_mailer_type == "gmailsmtp") { $mail_gmailsender = 1; } else { $mail_gmailsender = 0; } $format_mail_html = isset($_GET["usehtml"]) ? 1 : 0; $smtp_host = $sqlm->quote_smart($_GET["smtphost"]); $smtp_port = $sqlm->quote_smart($_GET["smtpport"]); $smtp_user = $sqlm->quote_smart($_GET["smtpuser"]); $smtp_pass = $sqlm->quote_smart($_GET["smtppass"]); $pm_from_char = isset($_GET["fromchar"]) ? $sqlm->quote_smart($_GET["fromchar"]) : 1; $pm_stationary = isset($_GET["stationary"]) ? $sqlm->quote_smart($_GET["stationary"]) : 41; $url_path = $sqlm->quote_smart($_GET["urlpath"]); // clean up $url_path in case user can't read if ($url_path != "" && $url_path[0] != "/") { $url_path = "/" . $url_path; } if ($url_path == "/") { $url_path = ""; } $result = $sqlm->query("UPDATE config_misc SET Value='" . $mail_admin_email . "' WHERE `Key`='Mail_Admin_Email'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $mail_mailer_type . "' WHERE `Key`='Mail_Mailer_Type'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $mail_from_email . "' WHERE `Key`='Mail_From_Email'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $mail_gmailsender . "' WHERE `Key`='Mail_GMailSender'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $format_mail_html . "' WHERE `Key`='Format_Mail_HTML'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $smtp_host . "' WHERE `Key`='SMTP_Host'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $smtp_port . "' WHERE `Key`='SMTP_Port'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $smtp_user . "' WHERE `Key`='SMTP_User'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $smtp_pass . "' WHERE `Key`='SMTP_Pass'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $pm_from_char . "' WHERE `Key`='PM_From_Char'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $pm_stationary . "' WHERE `Key`='PM_Stationary'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $url_path . "' WHERE `Key`='URL_Path'"); redirect("admin.php?section=general&subsection=mail"); } break; case "irc": if (!$sub_action) { $irc_host = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='IRC_Server'")); $irc_port = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='IRC_Port'")); $irc_channel = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='IRC_Channel'")); $irc_helppage = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='IRC_HelpPage'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveirc" /> <input type="hidden" name="subsection" value="irc" /> </div> <table class="simple"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "irchost_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "irchost") . '</a>: </td> <td> <input type="text" name="irchost" value="' . $irc_host["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ircport_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ircport") . '</a>: </td> <td> <input type="text" name="ircport" value="' . $irc_port["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ircchannel_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ircchannel") . '</a>: </td> <td> <input type="text" name="ircchannel" value="' . $irc_channel["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "irchelppage_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "irchelppage") . '</a>: </td> <td> <input type="text" name="irchelppage" value="' . $irc_helppage["Value"] . '" readonly="readonly" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $irc_host = $sqlm->quote_smart($_GET["irchost"]); $irc_port = $sqlm->quote_smart($_GET["ircport"]); $irc_channel = $sqlm->quote_smart($_GET["ircchannel"]); $irc_helppage = $sqlm->quote_smart($_GET["irchelppage"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $irc_host . "' WHERE `Key`='IRC_Server'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $irc_port . "' WHERE `Key`='IRC_Port'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $irc_channel . "' WHERE `Key`='IRC_Channel'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $irc_helppage . "' WHERE `Key`='IRC_HelpPage'"); redirect("admin.php?section=general&subsection=irc"); } break; case "proxy": if (!$sub_action) { $proxy_host = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Proxy_Addr'")); $proxy_port = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Proxy_Port'")); $proxy_user = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Proxy_User'")); $proxy_pass = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Proxy_Pass'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveproxy" /> <input type="hidden" name="subsection" value="proxy" /> </div> <table class="simple"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "proxyhost_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "proxyhost") . '</a>: </td> <td> <input type="text" name="proxyhost" value="' . $proxy_host["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "proxyport_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "proxyport") . '</a>: </td> <td> <input type="text" name="proxyport" value="' . $proxy_port["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "proxyuser_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "proxyuser") . '</a>: </td> <td> <input type="text" name="proxyuser" value="' . $proxy_user["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "proxypass_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "proxypass") . '</a>: </td> <td> <input type="text" name="proxypass" value="' . $proxy_pass["Value"] . '" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $proxy_host = $sqlm->quote_smart($_GET["proxyhost"]); $proxy_port = $sqlm->quote_smart($_GET["proxyport"]); $proxy_user = $sqlm->quote_smart($_GET["proxyuser"]); $proxy_pass = $sqlm->quote_smart($_GET["proxypass"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $proxy_host . "' WHERE `Key`='Proxy_Addr'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $proxy_port . "' WHERE `Key`='Proxy_Port'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $proxy_user . "' WHERE `Key`='Proxy_User'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $proxy_pass . "' WHERE `Key`='Proxy_Pass'"); redirect("admin.php?section=general&subsection=proxy"); } break; case "datasite": if (!$sub_action) { $datasite_tooltip_script_src = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Tooltip_Script_Src'")); $datasite_base = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Base'")); $datasite_name = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Name'")); $datasite_item = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Item'")); $datasite_quest = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Quest'")); $datasite_creature = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Creature'")); $datasite_spell = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Spell'")); $datasite_skill = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Skill'")); $datasite_go = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_GO'")); $datasite_achieve = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Datasite_Achievement'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="savedatasite" /> <input type="hidden" name="subsection" value="datasite" /> </div> <table class="simple" id="admin_datasite"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasitetooltipscriptsrc_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasitetooltipscriptsrc") . '</a>: </td> <td> <input type="text" name="datasitetooltipscriptsrc" value="' . $datasite_tooltip_script_src["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasitebase_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasitebase") . '</a>: </td> <td> <input type="text" name="datasitebase" value="' . $datasite_base["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasitename_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasitename") . '</a>: </td> <td> <input type="text" name="datasitename" value="' . $datasite_name["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasiteitem_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasiteitem") . '</a>: </td> <td> <input type="text" name="datasiteitem" value="' . $datasite_item["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasitequest_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasitequest") . '</a>: </td> <td> <input type="text" name="datasitequest" value="' . $datasite_quest["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasitecreature_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasitecreature") . '</a>: </td> <td> <input type="text" name="datasitecreature" value="' . $datasite_creature["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasitespell_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasitespell") . '</a>: </td> <td> <input type="text" name="datasitespell" value="' . $datasite_spell["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasiteskill_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasiteskill") . '</a>: </td> <td> <input type="text" name="datasiteskill" value="' . $datasite_skill["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasitego_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasitego") . '</a>: </td> <td> <input type="text" name="datasitego" value="' . $datasite_go["Value"] . '" size="50" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "datasiteachieve_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "datasiteachieve") . '</a>: </td> <td> <input type="text" name="datasiteachieve" value="' . $datasite_achieve["Value"] . '" size="50" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $datasite_tooltip_script_src = $sqlm->quote_smart($_GET["datasitetooltipscriptsrc"]); $datasite_base = $sqlm->quote_smart($_GET["datasitebase"]); $datasite_name = $sqlm->quote_smart($_GET["datasitename"]); $datasite_item = $sqlm->quote_smart($_GET["datasiteitem"]); $datasite_quest = $sqlm->quote_smart($_GET["datasitequest"]); $datasite_creature = $sqlm->quote_smart($_GET["datasitecreature"]); $datasite_spell = $sqlm->quote_smart($_GET["datasitespell"]); $datasite_skill = $sqlm->quote_smart($_GET["datasiteskill"]); $datasite_go = $sqlm->quote_smart($_GET["datasitego"]); $datasite_achieve = $sqlm->quote_smart($_GET["datasiteachieve"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_tooltip_script_src . "' WHERE `Key`='Tooltip_Script_Src'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_base . "' WHERE `Key`='Datasite_Base'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_name . "' WHERE `Key`='Datasite_Name'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_item . "' WHERE `Key`='Datasite_Item'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_quest . "' WHERE `Key`='Datasite_Quest'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_creature . "' WHERE `Key`='Datasite_Creature'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_spell . "' WHERE `Key`='Datasite_Spell'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_skill . "' WHERE `Key`='Datasite_Skill'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_go . "' WHERE `Key`='Datasite_GO'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $datasite_achieve . "' WHERE `Key`='Datasite_Achievement'"); redirect("admin.php?section=general&subsection=datasite"); } break; case "acctcreation": if (!$sub_action) { $disable_acc_creation = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Disable_Acc_Creation'")); $invite_only = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Invitation_Only'")); $disable_reg_invite = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Disable_Invitation'")); $expansion_select = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Expansion_Select'")); $default_expansion = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Default_Expansion'")); $enabled_captcha = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Enabled_Captcha'")); $using_recaptcha = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Use_Recaptcha'")); $publickey = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Recaptcha_Public_Key'")); $privatekey = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Recaptcha_Private_Key'")); $send_mail_on_creation = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Send_Mail_On_Creation'")); $send_confirmation_mail_on_creation = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Send_Confirmation_Mail_On_Creation'")); $validate_mail_host = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Validate_Mail_Host'")); $limit_acc_per_ip = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Limit_Acc_Per_IP'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveacctcreation" /> <input type="hidden" name="subsection" value="acctcreation" /> </div> <table class="simple" id="admin_acct_creation"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "disableacccreation_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "disableacccreation") . '</a>: </td> <td> <input type="checkbox" name="disableacccreation" ' . ($disable_acc_creation["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "inviteonly_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "inviteonly") . '</a>: </td> <td> <input type="checkbox" name="inviteonly" ' . ($invite_only["Value"] == 1 ? 'checked="checked"' : '') . ' ' . ($disable_acc_creation["Value"] == 1 ? '' : 'disabled="disabled"') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "disablereginvite_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "disablereginvite") . '</a>: </td> <td> <input type="checkbox" name="disablereginvite" ' . ($disable_reg_invite["Value"] == 1 ? 'checked="checked"' : '') . ' ' . ($invite_only["Value"] == 0 ? '' : 'disabled="disabled"') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "expansionselect_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "expansionselect") . '</a>: </td> <td> <input type="checkbox" name="expansionselect" ' . ($expansion_select["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "defaultexpansion_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "defaultexpansion") . '</a>: </td> <td> <select name="defaultexpansion">'; if ($core == 1) { $output .= ' <option value="0" ' . ($default_expansion["Value"] == 0 ? 'selected="selected"' : '') . '>Classic</option> <option value="8" ' . ($default_expansion["Value"] == 8 ? 'selected="selected"' : '') . '>BC</option> <option value="16" ' . ($default_expansion["Value"] == 16 ? 'selected="selected"' : '') . '>WotLK</option> <option value="24" ' . ($default_expansion["Value"] == 24 ? 'selected="selected"' : '') . '>WotLK+BC</option>'; } else { $output .= ' <option value="0" ' . ($default_expansion["Value"] == 0 ? 'selected="selected"' : '') . '>Classic</option> <option value="1" ' . ($default_expansion["Value"] == 1 ? 'selected="selected"' : '') . '>BC</option> <option value="2" ' . ($default_expansion["Value"] == 2 ? 'selected="selected"' : '') . '>WotLK+BC</option>'; } $output .= ' </select> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "enabledcaptcha_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "enabledcaptcha") . '</a>: </td> <td> <input type="checkbox" name="enabledcaptcha" ' . ($enabled_captcha["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "userecaptcha_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "userecaptcha") . '</a>: </td> <td> <input type="checkbox" name="userecaptcha" ' . ($using_recaptcha["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "publickey_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "publickey") . '</a>: </td> <td> <input type="text" name="publickey" value="' . $publickey["Value"] . '" size="52" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "privatekey_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "privatekey") . '</a>: </td> <td> <input type="text" name="privatekey" value="' . $privatekey["Value"] . '" size="52" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "sendmailoncreation_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "sendmailoncreation") . '</a>: </td> <td> <input type="checkbox" name="sendmailoncreation" ' . ($send_mail_on_creation["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "sendconfirmmailoncreation_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "sendconfirmmailoncreation") . '</a>: </td> <td> <input type="checkbox" name="sendconfirmmailoncreation" ' . ($send_confirmation_mail_on_creation["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "validatemailhost_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "validatemailhost") . '</a>: </td> <td> <input type="checkbox" name="validatemailhost" ' . ($validate_mail_host["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "limitaccperip_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "limitaccperip") . '</a>: </td> <td> <input type="checkbox" name="limitaccperip" ' . ($limit_acc_per_ip["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $disable_acc_creation = isset($_GET["disableacccreation"]) ? 1 : 0; $invite_only = isset($_GET["inviteonly"]) ? 1 : 0; $disable_reg_invite = isset($_GET["disablereginvite"]) ? 1 : 0; $expansion_select = isset($_GET["expansionselect"]) ? 1 : 0; $default_expansion = $sqlm->quote_smart($_GET["defaultexpansion"]); $enabled_captcha = isset($_GET["enabledcaptcha"]) ? 1 : 0; $using_recaptcha = isset($_GET["userecaptcha"]) ? 1 : 0; $publickey = $sqlm->quote_smart($_GET["publickey"]); $privatekey = $sqlm->quote_smart($_GET["privatekey"]); $send_mail_on_creation = isset($_GET["sendmailoncreation"]) ? 1 : 0; $send_confirmation_mail_on_creation = isset($_GET["sendconfirmmailoncreation"]) ? 1 : 0; $validate_mail_host = isset($_GET["validatemailhost"]) ? 1 : 0; $limit_acc_per_ip = isset($_GET["limitaccperip"]) ? 1 : 0; $result = $sqlm->query("UPDATE config_misc SET Value='" . $disable_acc_creation . "' WHERE `Key`='Disable_Acc_Creation'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $invite_only . "' WHERE `Key`='Invitation_Only'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $disable_reg_invite . "' WHERE `Key`='Disable_Invitation'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $expansion_select . "' WHERE `Key`='Expansion_Select'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $default_expansion . "' WHERE `Key`='Default_Expansion'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $enabled_captcha . "' WHERE `Key`='Enabled_Captcha'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $using_recaptcha . "' WHERE `Key`='Use_Recaptcha'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $publickey . "' WHERE `Key`='Recaptcha_Public_Key'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $privatekey . "' WHERE `Key`='Recaptcha_Private_Key'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $send_mail_on_creation . "' WHERE `Key`='Send_Mail_On_Creation'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $send_confirmation_mail_on_creation . "' WHERE `Key`='Send_Confirmation_Mail_On_Creation'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $validate_mail_host . "' WHERE `Key`='Validate_Mail_Host'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $limit_acc_per_ip . "' WHERE `Key`='Limit_Acc_Per_IP'"); redirect("admin.php?section=general&subsection=acctcreation"); } break; case "guests": if (!$sub_action) { $acp_allow_anony = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Allow_Anony'")); $acp_anony_name = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Anony_Name'")); $acp_anony_realm_id = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Anony_Realm_ID'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveguests" /> <input type="hidden" name="subsection" value="guests" /> </div> <table class="simple"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "allowanony_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "allowanony") . '</a>: </td> <td> <input type="checkbox" name="allowanony" ' . ($acp_allow_anony["Value"] == 1 ? 'checked="checked"' : '') . ' disabled="disabled" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "anonyname_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "anonyname") . '</a>: </td> <td> <input type="text" name="anonyname" value="' . $acp_anony_name["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "anonyrealmid_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "anonyrealmid") . '</a>: </td> <td> <input type="text" name="anonyrealmid" value="' . $acp_anony_realm_id["Value"] . '" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { // Allow Anonymous is disabled but must stay checked $acp_allow_anony = 1; $acp_anony_name = $sqlm->quote_smart($_GET["anonyname"]); $acp_anony_realm_id = $sqlm->quote_smart($_GET["anonyrealmid"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $acp_allow_anony . "' WHERE `Key`='Allow_Anony'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $acp_anony_name . "' WHERE `Key`='Anony_Name'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $acp_anony_realm_id . "' WHERE `Key`='Anony_Realm_ID'"); redirect("admin.php?section=general&subsection=guests"); } break; case "extratools": if (!$sub_action) { if (isset($_GET["newdisable"])) { $query = "INSERT IGNORE INTO ultravendor_disables VALUE ('" . $_GET["newdisable"] . "')"; $result = $sqlm->query($query); } if (isset($_GET["delete"])) { $query = "DELETE FROM ultravendor_disables WHERE itemid='" . $_GET["delete"] . "'"; $result = $sqlm->query($query); } $quest_item_vendor_level_mul = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Quest_Item_Vendor_Level_Mul'")); $quest_item_vendor_rew_mul = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Quest_Item_Vendor_Rew_Mul'")); $ultra_vendor_mult_0 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_0'")); $ultra_vendor_mult_1 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_1'")); $ultra_vendor_mult_2 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_2'")); $ultra_vendor_mult_3 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_3'")); $ultra_vendor_mult_4 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_4'")); $ultra_vendor_mult_5 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_5'")); $ultra_vendor_mult_6 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_6'")); $ultra_vendor_mult_7 = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Mult_7'")); $ultra_vendor_base = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Base'")); $ultra_vendor_max_item_level = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Max_Item_Level'")); $ultra_vendor_max_item_req_level = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Ultra_Vendor_Max_Item_Req_Level'")); $dis_query = "SELECT * FROM ultravendor_disables"; $dis_result = $sqlm->query($dis_query); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveextratools" /> <input type="hidden" name="subsection" value="extratools" /> </div> <table class="simple"> <tr> <td colspan="2"> <b>' . lang("admin", "questitemvendor") . '</b> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "questitemvendorlevelmul_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "questitemvendorlevelmul") . '</a>: </td> <td> <input type="text" name="questitemvendorlevelmul" value="' . $quest_item_vendor_level_mul["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "questitemvendorrewmul_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "questitemvendorrewmul") . '</a>: </td> <td> <input type="text" name="questitemvendorrewmul" value="' . $quest_item_vendor_rew_mul["Value"] . '" /> </td> </tr> <tr> <td colspan="2"> <b>' . lang("admin", "ultravendor") . '</b> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult0_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult0") . '</a>: </td> <td> <input type="text" name="ultravendormult0" value="' . $ultra_vendor_mult_0["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult1_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult1") . '</a>: </td> <td> <input type="text" name="ultravendormult1" value="' . $ultra_vendor_mult_1["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult2_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult2") . '</a>: </td> <td> <input type="text" name="ultravendormult2" value="' . $ultra_vendor_mult_2["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult3_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult3") . '</a>: </td> <td> <input type="text" name="ultravendormult3" value="' . $ultra_vendor_mult_3["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult4_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult4") . '</a>: </td> <td> <input type="text" name="ultravendormult4" value="' . $ultra_vendor_mult_4["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult5_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult5") . '</a>: </td> <td> <input type="text" name="ultravendormult5" value="' . $ultra_vendor_mult_5["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult6_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult6") . '</a>: </td> <td> <input type="text" name="ultravendormult6" value="' . $ultra_vendor_mult_6["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormult7_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormult7") . '</a>: </td> <td> <input type="text" name="ultravendormult7" value="' . $ultra_vendor_mult_7["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendorbase_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendorbase") . '</a>: </td> <td> <input type="text" name="ultravendorbase" value="' . $ultra_vendor_base["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormaxitemlevel_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormaxitemlevel") . '</a>: </td> <td> <input type="text" name="ultravendormaxitemlevel" value="' . $ultra_vendor_max_item_level["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "ultravendormaxitemreqlevel_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "ultravendormaxitemreqlevel") . '</a>: </td> <td> <input type="text" name="ultravendormaxitemreqlevel" value="' . $ultra_vendor_max_item_req_level["Value"] . '" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form> <br /> <div> <span>' . lang("admin", "disabledinfo") . ':</span> <table class="simple"> <tr> <th class="disabled_remove_item_th"> </th> <th class="disabled_item_th">' . lang("admin", "disableditem") . '</th> <th> </th> </tr>'; while ($row = $sqlm->fetch_assoc($dis_result)) { if ($core == 1) { $item_query = "SELECT name1, name FROM items\r\n LEFT JOIN itemnames ON itemnames.entry=items.entry\r\n WHERE entry='" . $row["itemid"] . "'"; } else { $item_query = "SELECT 0 AS name1, name FROM item_template\r\n WHERE entry='" . $row["itemid"] . "'"; } $item_result = $sqlw->query($item_query); $item_result = $sqlw->fetch_assoc($item_result); // Trinity and MaNGOS will always follow the else // (at least until we add locales_item support here) if ($item_result["name1"] != 0) { $item_name = $item_result["name1"]; } else { $item_name = $item_result["name"]; } $output .= ' <tr> <td class="disabled_item_id_td"> <a href="admin.php?section=general&subsection=extratools&delete=' . $row["itemid"] . '"> <img src="img/aff_cross.png" alt="" /> </a> </td> <td class="disabled_item_id_td">' . $row["itemid"] . '</td> <td>' . $item_name . '</td> </tr>'; } $output .= ' <tr> <td colspan="2"> <a id="link" href="#" onclick="admin_extratools_disable()"> <img src="img/add.png" alt="" /> <span>' . lang("admin", "disabledadd") . ':</span> </a> </td> <td> <input type="text" id="new_dis" /> </td> </tr> </table> </div>'; } else { $quest_item_vendor_level_mul = $sqlm->quote_smart($_GET["questitemvendorlevelmul"]); $quest_item_vendor_rew_mul = $sqlm->quote_smart($_GET["questitemvendorrewmul"]); $ultra_vendor_mult_0 = $sqlm->quote_smart($_GET["ultravendormult0"]); $ultra_vendor_mult_1 = $sqlm->quote_smart($_GET["ultravendormult1"]); $ultra_vendor_mult_2 = $sqlm->quote_smart($_GET["ultravendormult2"]); $ultra_vendor_mult_3 = $sqlm->quote_smart($_GET["ultravendormult3"]); $ultra_vendor_mult_4 = $sqlm->quote_smart($_GET["ultravendormult4"]); $ultra_vendor_mult_5 = $sqlm->quote_smart($_GET["ultravendormult5"]); $ultra_vendor_mult_6 = $sqlm->quote_smart($_GET["ultravendormult6"]); $ultra_vendor_mult_7 = $sqlm->quote_smart($_GET["ultravendormult7"]); $ultra_vendor_base = $sqlm->quote_smart($_GET["ultravendorbase"]); $ultra_vendor_max_item_level = $sqlm->quote_smart($_GET["ultravendormaxitemlevel"]); $ultra_vendor_max_item_req_level = $sqlm->quote_smart($_GET["ultravendormaxitemreqlevel"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $quest_item_vendor_level_mul . "' WHERE `Key`='Quest_Item_Vendor_Level_Mul'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $quest_item_vendor_rew_mul . "' WHERE `Key`='Quest_Item_Vendor_Rew_Mul'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_0 . "' WHERE `Key`='Ultra_Vendor_Mult_0'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_1 . "' WHERE `Key`='Ultra_Vendor_Mult_1'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_2 . "' WHERE `Key`='Ultra_Vendor_Mult_2'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_3 . "' WHERE `Key`='Ultra_Vendor_Mult_3'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_4 . "' WHERE `Key`='Ultra_Vendor_Mult_4'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_5 . "' WHERE `Key`='Ultra_Vendor_Mult_5'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_6 . "' WHERE `Key`='Ultra_Vendor_Mult_6'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_mult_7 . "' WHERE `Key`='Ultra_Vendor_Mult_7'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_base . "' WHERE `Key`='Ultra_Vendor_Base'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_max_item_level . "' WHERE `Key`='Ultra_Vendor_Max_Item_Level'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $ultra_vendor_max_item_req_level . "' WHERE `Key`='Ultra_Vendor_Max_Item_Req_Level'"); redirect("admin.php?section=general&subsection=extratools"); } break; case "internalmap": if (!$sub_action) { $map_gm_show_online_only_gmoff = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_GM_Show_Online_Only_GMOff'")); $map_gm_show_online_only_gmvisible = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_GM_Show_Online_Only_GMVisible'")); $map_gm_add_suffix = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_GM_Add_Suffix'")); $map_status_gm_include_all = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Status_GM_Include_All'")); $map_show_status = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Show_Status'")); $map_show_timer = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Show_Timer'")); $map_timer = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Timer'")); $map_show_online = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Show_Online'")); $map_time_to_show_uptime = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Time_To_Show_Uptime'")); $map_time_to_show_maxonline = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Time_To_Show_MaxOnline'")); $map_time_to_show_gmonline = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Map_Time_To_Show_GMOnline'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveinternalmap" /> <input type="hidden" name="subsection" value="internalmap" /> </div> <table class="simple"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "statusgmincludeall_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "statusgmincludeall") . '</a>: </td> <td> <input type="checkbox" name="statusgmincludeall" ' . ($map_status_gm_include_all["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <!-- tr> <td class="help"><a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "gmshowonlineonlygmoff_tip") . '\',\'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "gmshowonlineonlygmoff") . '</a>: </td> <td><input type="checkbox" name="gmshowonlineonlygmoff" ' . ($map_gm_show_online_only_gmoff["Value"] == 1 ? 'checked="checked"' : '') . ' /></td> </tr> <tr> <td class="help"><a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "gmshowonlineonlygmvisible_tip") . '\',\'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "gmshowonlineonlygmvisible") . '</a>: </td> <td><input type="checkbox" name="gmshowonlineonlygmvisible" ' . ($map_gm_show_online_only_gmvisible["Value"] == 1 ? 'checked="checked"' : '') . ' disabled="disabled" /></td> </tr --> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "gmaddsuffix_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "gmaddsuffix") . '</a>: </td> <td> <input type="checkbox" name="gmaddsuffix" ' . ($map_gm_add_suffix["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $map_gm_show_online_only_gmoff = isset($_GET["gmshowonlineonlygmoff"]) ? 1 : 0; $map_gm_show_online_only_gmvisible = isset($_GET["gmshowonlineonlygmvisible"]) ? 1 : 0; $map_gm_add_suffix = isset($_GET["gmaddsuffix"]) ? 1 : 0; $map_status_gm_include_all = isset($_GET["statusgmincludeall"]) ? 1 : 0; $map_show_status = isset($_GET["showstatus"]) ? 1 : 0; $map_show_timer = isset($_GET["showtimer"]) ? 1 : 0; $map_timer = $sqlm->quote_smart($_GET["timer"]); $map_show_online = isset($_GET["showonline"]) ? 1 : 0; $map_time_to_show_uptime = $sqlm->quote_smart($_GET["timetoshowuptime"]); $map_time_to_show_maxonline = $sqlm->quote_smart($_GET["timetoshowmaxonline"]); $map_time_to_show_gmonline = $sqlm->quote_smart($_GET["timetoshowgmonline"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_gm_show_online_only_gmoff . "' WHERE `Key`='Map_GM_Show_Online_Only_GMOff'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_gm_show_online_only_gmvisible . "' WHERE `Key`='Map_GM_Show_Online_Only_GMVisible'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_gm_add_suffix . "' WHERE `Key`='Map_GM_Add_Suffix'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_status_gm_include_all . "' WHERE `Key`='Map_Status_GM_Include_All'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_show_status . "' WHERE `Key`='Map_Show_Status'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_gm_add_suffix . "' WHERE `Key`='Map_Show_Timer'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_timer . "' WHERE `Key`='Map_Timer'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_show_online . "' WHERE `Key`='Map_Show_Online'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_time_to_show_uptime . "' WHERE `Key`='Map_Time_To_Show_Uptime'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_time_to_show_maxonline . "' WHERE `Key`='Map_Time_To_Show_MaxOnline'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $map_time_to_show_gmonline . "' WHERE `Key`='Map_Time_To_Show_GMOnline'"); redirect("admin.php?section=general&subsection=internalmap"); } break; case "validip": if (!$sub_action) { $masks_query = $sqlm->query("SELECT * FROM config_valid_ip_mask"); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="editvalidip" /> <input type="hidden" name="subsection" value="validip" /> </div> <table class="simple"> <tr> <th style="width: 10%;"> </th> <th style="width: 20%;"> <span style="text-align: center;">' . lang("admin", "index") . '</span> </th> <th>' . lang("admin", "validipmask") . '</th> </tr>'; while ($mask = $sqlm->fetch_assoc($masks_query)) { $output .= ' <tr> <td> <input type="radio" name="index" value="' . $mask["Index"] . '" /> </td> <td> <center>' . $mask["Index"] . '</center> </td> <td>' . $mask["ValidIPMask"] . '</td> </tr>'; } $output .= ' </table> <div> <input type="submit" name="edit" value="' . lang("admin", "editipmask") . '" /> <input type="submit" name="add" value="' . lang("admin", "addipmask") . '" /> <input type="submit" name="delete" value="' . lang("admin", "deleteipmask") . '" /> </div> </form>'; } elseif ($sub_action == "editvalidip") { if (isset($_GET["add"])) { $lim = $sqlm->fetch_assoc($sqlm->query("SELECT MAX(`Index`) FROM config_valid_ip_mask")); $lim = $lim["MAX(`Index`)"] + 1; $sqlm->query("INSERT INTO config_valid_ip_mask SET `Index`='" . $lim . "', ValidIPMask=''"); redirect("admin.php?section=general&subsection=validip"); } elseif (isset($_GET["delete"])) { $index = $sqlm->quote_smart($_GET["index"]); if (!is_numeric($index)) { redirect("admin.php?section=general&subsection=validip&error=1"); } $result = $sqlm->query("DELETE FROM config_valid_ip_mask WHERE `Index`='" . $index . "'"); redirect("admin.php?section=general&subsection=validip"); } else { $index = $sqlm->quote_smart($_GET["index"]); if (!is_numeric($index)) { redirect("admin.php?section=general&subsection=validip&error=1"); } $mask = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_valid_ip_mask WHERE `Index`='" . $index . "'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="savevalidip" /> <input type="hidden" name="subsection" value="validip" /> <input type="hidden" name="index" value="' . $mask["Index"] . '" /> </div> <table class="simple"> <tr> <th width="20%"> <center>' . lang("admin", "index") . '</center> </th> <th class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "validipmask_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "validipmask") . '</a> </th> </tr> <tr> <td> <center>' . $mask["Index"] . '</center> </td> <td> <input type="text" name="mask" value="' . $mask["ValidIPMask"] . '" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } } else { $index = $sqlm->quote_smart($_GET["index"]); $mask = $sqlm->quote_smart($_GET["mask"]); $result = $sqlm->query("UPDATE config_valid_ip_mask SET ValidIPMask='" . $mask . "' WHERE `Index`='" . $index . "'"); redirect("admin.php?section=general&subsection=validip"); } break; case "ads": if (!$sub_action) { $enable_bottom_ad = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Enable_Page_Bottom_Ad'")); $bottom_ad_content = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Page_Bottom_Ad_Content'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="saveads" /> <input type="hidden" name="subsection" value="ads" /> </div> <table class="simple" id="admin_more"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "enablebottomad_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "enablebottomad") . '</a>: </td> <td> <input type="checkbox" name="enablebottomad" ' . ($enable_bottom_ad["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "bottomadcontent_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "bottomadcontent") . '</a>: </td> <td> <textarea name="bottomadcontent" rows="5" cols="40">' . $bottom_ad_content["Value"] . '</textarea> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $page_bottom_ad = isset($_GET["enablebottomad"]) ? 1 : 0; $page_bottom_ad_content = $sqlm->quote_smart($_GET["bottomadcontent"]); $result = $sqlm->query("UPDATE config_misc SET Value='" . $page_bottom_ad . "' WHERE `Key`='Enable_Page_Bottom_Ad'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $page_bottom_ad_content . "' WHERE `Key`='Page_Bottom_Ad_Content'"); redirect("admin.php?section=general&subsection=ads"); } break; case "more": if (!$sub_action) { $sql_search_limit = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='SQL_Search_Limit'")); $item_icons = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Item_Icons'")); $remember_me_checked = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Remember_Me_Checked'")); $site_title = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Site_Title'")); $item_per_page = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Item_Per_Page'")); $show_country_flags = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Country_Flags'")); $default_theme = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Default_Theme'")); $default_language = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Default_Language'")); $timezone = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Timezone'")); $timezone_offset = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Timezone_Offset'")); $player_online = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Player_Online'")); $gm_online = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='GM_Online'")); $gm_online_count = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='GM_Online_Count'")); $hide_uptime = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Hide_Uptime'")); $hide_max_players = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Hide_Max_Players'")); $hide_avg_latency = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Hide_Avg_Latency'")); $hide_server_mem = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Hide_Server_Mem'")); $hide_plr_latency = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Hide_Plr_Latency'")); $hide_coupons = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Hide_Coupons_Main_Page'")); $backup_dir = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Backup_Dir'")); $debug = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Debug'")); $test_mode = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Test_Mode'")); $multi_realm = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Multi_Realm'")); $show_emblem = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Guild_Emblem'")); $language_locales_search_option = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Language_Locales_Search_Option'")); $language_site_encoding = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Language_Site_Encoding'")); $show_newest_user = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Show_Newest_User'")); $send_on_email = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Send_Mail_On_Email_Change'")); $use_custom_logo = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Use_Custom_Logo'")); $custom_logo = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Custom_Logo'")); $allow_caching = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Allow_Logo_Caching'")); $index_show_realms = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_misc WHERE `Key`='Index_Show_Realms'")); $custom_logos_result = $sqlm->query("SELECT * FROM custom_logos"); $custom_logo_count = $sqlm->num_rows($custom_logos_result); $custom_logos = array(); while ($row = $sqlm->fetch_assoc($custom_logos_result)) { $custom_logos[] = $row; } $output .= ' <form action="admin.php" method="get" enctype="multipart/form-data" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subaction" value="savemore" /> <input type="hidden" name="subsection" value="more" /> </div> <table class="simple" id="admin_more"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "sqlsearchlimit_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "sqlsearchlimit") . '</a>: </td> <td> <input type="text" name="sqlsearchlimit" value="' . $sql_search_limit["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "itemicons_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "itemicons") . '</a>: </td> <td> <input type="text" name="itemicons" value="' . $item_icons["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "remembermechecked_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "remembermechecked") . '</a>: </td> <td> <input type="checkbox" name="remembermechecked" ' . ($remember_me_checked["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "sitetitle_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "sitetitle") . '</a>: </td> <td> <input type="text" name="sitetitle" value="' . $site_title["Value"] . '" size="50"/> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "itemperpage_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "itemperpage") . '</a>: </td> <td> <input type="text" name="itemperpage" value="' . $item_per_page["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "showcountryflags_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "showcountryflags") . '</a>: </td> <td> <input type="checkbox" name="showcountryflags" ' . ($show_country_flags["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "defaulttheme_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "defaulttheme") . '</a>: </td> <td> <input type="text" name="defaulttheme" value="' . $default_theme["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "defaultlanguage_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "defaultlanguage") . '</a>: </td> <td> <select name="defaultlanguage">'; if (is_dir("./lang")) { if ($dh = opendir("./lang")) { while (($file = readdir($dh)) == true) { $lang_temp = explode(".", $file); if (isset($lang_temp[1]) && $lang_temp[1] == "php") { $output .= ' <option value="' . $lang_temp[0] . '"' . ($default_language["Value"] == $lang_temp[0] ? ' selected="selected" ' : '') . '>' . lang("edit", $lang_temp[0]) . '</option>'; } } closedir($dh); } } $output .= ' </select> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "timezone_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "timezone") . '</a>: </td> <td> <select name="timezone"> <option value="-12.0" ' . ($timezone["Value"] == "-12.0" ? 'selected="selected"' : '') . '>(UTC -12:00) Eniwetok, Kwajalein</option> <option value="-11.0" ' . ($timezone["Value"] == "-11.0" ? 'selected="selected"' : '') . '>(UTC -11:00) Midway Island, Samoa</option> <option value="-10.0" ' . ($timezone["Value"] == "-10.0" ? 'selected="selected"' : '') . '>(UTC -10:00) Hawaii</option> <option value="-9.0" ' . ($timezone["Value"] == "-9.0" ? 'selected="selected"' : '') . '>(UTC -9:00) Alaska</option> <option value="-8.0" ' . ($timezone["Value"] == "-8.0" ? 'selected="selected"' : '') . '>(UTC -8:00) Pacific Time (US & Canada)</option> <option value="-7.0" ' . ($timezone["Value"] == "-7.0" ? 'selected="selected"' : '') . '>(UTC -7:00) Mountain Time (US & Canada)</option> <option value="-6.0" ' . ($timezone["Value"] == "-6.0" ? 'selected="selected"' : '') . '>(UTC -6:00) Central Time (US & Canada), Mexico City</option> <option value="-5.0" ' . ($timezone["Value"] == "-5.0" ? 'selected="selected"' : '') . '>(UTC -5:00) Eastern Time (US & Canada), Bogota, Lima</option> <option value="-4.5" ' . ($timezone["Value"] == "-4.5" ? 'selected="selected"' : '') . '>(UTC -4:30) Caracas</option> <option value="-4.0" ' . ($timezone["Value"] == "-4.0" ? 'selected="selected"' : '') . '>(UTC -4:00) Atlantic Time (Canada), La Paz</option> <option value="-3.5" ' . ($timezone["Value"] == "-3.5" ? 'selected="selected"' : '') . '>(UTC -3:30) Newfoundland</option> <option value="-3.0" ' . ($timezone["Value"] == "-3.0" ? 'selected="selected"' : '') . '>(UTC -3:00) Brazil, Buenos Aires, Georgetown</option> <option value="-2.0" ' . ($timezone["Value"] == "-2.0" ? 'selected="selected"' : '') . '>(UTC -2:00) Mid-Atlantic</option> <option value="-1.0" ' . ($timezone["Value"] == "-1.0" ? 'selected="selected"' : '') . '>(UTC -1:00) Azores, Cape Verde Islands</option> <option value="0.0" ' . ($timezone["Value"] == "0.0" ? 'selected="selected"' : '') . '>(UTC) Western Europe Time, London, Lisbon, Casablanca</option> <option value="1.0" ' . ($timezone["Value"] == "1.0" ? 'selected="selected"' : '') . '>(UTC +1:00) Brussels, Copenhagen, Madrid, Paris</option> <option value="2.0" ' . ($timezone["Value"] == "2.0" ? 'selected="selected"' : '') . '>(UTC +2:00) Kaliningrad, South Africa</option> <option value="3.0" ' . ($timezone["Value"] == "3.0" ? 'selected="selected"' : '') . '>(UTC +3:00) Baghdad, Riyadh, Moscow, St. Petersburg</option> <option value="3.5" ' . ($timezone["Value"] == "3.5" ? 'selected="selected"' : '') . '>(UTC +3:30) Tehran</option> <option value="4.0" ' . ($timezone["Value"] == "4.0" ? 'selected="selected"' : '') . '>(UTC +4:00) Abu Dhabi, Muscat, Baku, Tbilisi</option> <option value="4.5" ' . ($timezone["Value"] == "4.5" ? 'selected="selected"' : '') . '>(UTC +4:30) Kabul</option> <option value="5.0" ' . ($timezone["Value"] == "5.0" ? 'selected="selected"' : '') . '>(UTC +5:00) Ekaterinburg, Islamabad, Karachi, Tashkent</option> <option value="5.5" ' . ($timezone["Value"] == "5.5" ? 'selected="selected"' : '') . '>(UTC +5:30) Bombay, Calcutta, Madras, New Delhi</option> <option value="5.75" ' . ($timezone["Value"] == "5.75" ? 'selected="selected"' : '') . '>(UTC +5:45) Kathmandu</option> <option value="6.0" ' . ($timezone["Value"] == "6.0" ? 'selected="selected"' : '') . '>(UTC +6:00) Almaty, Dhaka, Colombo</option> <option value="7.0" ' . ($timezone["Value"] == "7.0" ? 'selected="selected"' : '') . '>(UTC +7:00) Bangkok, Hanoi, Jakarta</option> <option value="8.0" ' . ($timezone["Value"] == "8.0" ? 'selected="selected"' : '') . '>(UTC +8:00) Beijing, Perth, Singapore, Hong Kong</option> <option value="9.0" ' . ($timezone["Value"] == "9.0" ? 'selected="selected"' : '') . '>(UTC +9:00) Tokyo, Seoul, Osaka, Sapporo, Yakutsk</option> <option value="9.5" ' . ($timezone["Value"] == "9.5" ? 'selected="selected"' : '') . '>(UTC +9:30) Adelaide, Darwin</option> <option value="10.0" ' . ($timezone["Value"] == "10.0" ? 'selected="selected"' : '') . '>(UTC +10:00) Eastern Australia, Guam, Vladivostok</option> <option value="11.0" ' . ($timezone["Value"] == "11.0" ? 'selected="selected"' : '') . '>(UTC +11:00) Magadan, Solomon Islands, New Caledonia</option> <option value="12.0" ' . ($timezone["Value"] == "12.0" ? 'selected="selected"' : '') . '>(UTC +12:00) Auckland, Wellington, Fiji, Kamchatka</option> </select> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "timezone_offset_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "timezone_offset") . '</a>: </td> <td> <input type="text" name="timezone_offset" value="' . $timezone_offset["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "playeronline_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "playeronline") . '</a>: </td> <td> <select name="playeronline">'; $sl_query = "SELECT * FROM config_gm_level_names"; $sl_result = $sqlm->query($sl_query); while ($row = $sqlm->fetch_assoc($sl_result)) { $output .= ' <option value="' . $row["Security_Level"] . '" ' . ($player_online["Value"] == $row["Security_Level"] ? 'selected="selected"' : '') . '>' . $row["Full_Name"] . ' (' . $row["Security_Level"] . ')</option>'; } $output .= ' </select> <!-- input type="checkbox" name="playeronline" ' . ($player_online["Value"] == 1 ? 'checked="checked"' : '') . ' / --> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "gmonline_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "gmonline") . '</a>: </td> <td> <input type="checkbox" name="gmonline" ' . ($gm_online["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "gmonlinecount_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "gmonlinecount") . '</a>: </td> <td> <input type="checkbox" name="gmonlinecount" ' . ($gm_online_count["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "hideuptime_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "hideuptime") . '</a>: </td> <td> <input type="checkbox" name="hideuptime" ' . ($hide_uptime["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "hidemaxplayers_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "hidemaxplayers") . '</a>: </td> <td> <input type="checkbox" name="hidemaxplayers" ' . ($hide_max_players["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "hideavglatency_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "hideavglatency") . '</a>: </td> <td> <input type="checkbox" name="hideavglatency" ' . ($hide_avg_latency["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr>'; if ($core == 1) { $output .= ' <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "hideservermem_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "hideservermem") . '</a>: </td> <td> <select name="hideservermem"> <option value="0" ' . ($hide_server_mem["Value"] == 0 ? 'selected="selected"' : '') . '>' . lang("admin", "hide") . '</option> <option value="1" ' . ($hide_server_mem["Value"] == 1 ? 'selected="selected"' : '') . '>' . lang("admin", "showtogmsonly") . '</option> <option value="2" ' . ($hide_server_mem["Value"] == 2 ? 'selected="selected"' : '') . '>' . lang("admin", "showall") . '</option> </select> </td> </tr>'; } $output .= ' <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "hideplrlatency_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "hideplrlatency") . '</a>: </td> <td> <input type="checkbox" name="hideplrlatency" ' . ($hide_plr_latency["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "hidecoupons_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "hidecoupons") . '</a>: </td> <td> <input type="checkbox" name="hidecoupons" ' . ($hide_coupons["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "backupdir_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "backupdir") . '</a>: </td> <td> <input type="text" name="backupdir" value="' . $backup_dir["Value"] . '" readonly="readonly" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "debug_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "debug") . '</a>: </td> <td> <input type="text" name="debug" value="' . $debug["Value"] . '" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "testmode_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "testmode") . '</a>: </td> <td> <input type="text" name="testmode" value="' . $test_mode["Value"] . '" readonly="readonly" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "multirealm_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "multirealm") . '</a>: </td> <td> <input type="text" name="multirealm" value="' . $multi_realm["Value"] . '" readonly="readonly" /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "showemblem_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "showemblem") . '</a>: </td> <td> <input type="checkbox" name="showemblem" ' . ($show_emblem["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "shownewuser_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "shownewuser") . '</a>: </td> <td> <input type="checkbox" name="shownewuser" ' . ($show_newest_user["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "sendonemail_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "sendonemail") . '</a>: </td> <td> <input type="checkbox" name="sendonemail" ' . ($send_on_email["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "indexshowrealms_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "indexshowrealms") . '</a>: </td> <td> <input type="checkbox" name="indexshowrealms" ' . ($index_show_realms["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td colspan="2"> <b>' . lang("admin", "customlogos") . '</b> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "usecustomlogo_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "usecustomlogo") . '</a>: </td> <td> <input type="checkbox" name="usecustomlogo" ' . ($use_custom_logo["Value"] == 1 ? 'checked="checked"' : '') . ' ' . ($custom_logo_count > 0 ? '' : 'disabled="disabled"') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "customlogo_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "customlogo") . '</a>: </td> <td> <select name="customlogo" ' . ($custom_logo_count > 0 ? '' : 'disabled="disabled"') . '>'; foreach ($custom_logos as $row) { $output .= ' <option value="' . $row["id"] . '" ' . ($row["id"] == $custom_logo["Value"] ? 'selected="selected"' : '') . '>' . $row["filename"] . '</option>'; } $output .= ' </select> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "deleteselectedlogo_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "deleteselectedlogo") . '</a>: </td> <td> <input type="checkbox" name="deleteselectedlogo" ' . ($custom_logo_count > 0 ? '' : 'disabled="disabled"') . ' /> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "uploadlogo_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "uploadlogo") . '</a>: </td> <td> <a href="admin.php?section=general&subsection=upload_logo">' . lang("admin", "upload") . '</a> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "allowcaching_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "allowcaching") . '</a>: </td> <td> <input type="checkbox" name="allowcaching" ' . ($allow_caching["Value"] == 1 ? 'checked="checked"' : '') . ' /> </td> </tr> <tr> <td colspan="2"> <b>' . lang("admin", "language") . '</b> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "languagelocalessearchoption_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "languagelocalessearchoption") . '</a>: </td> <td> <select name="languagelocalessearchoption"> <option value="0" ' . ($language_locales_search_option["Value"] == 0 ? 'selected="selected" ' : '') . '>' . lang("global", "language_0") . '</option> <option value="1" ' . ($language_locales_search_option["Value"] == 1 ? 'selected="selected" ' : '') . '>' . lang("global", "language_1") . '</option> <option value="2" ' . ($language_locales_search_option["Value"] == 2 ? 'selected="selected" ' : '') . '>' . lang("global", "language_2") . '</option> <option value="3" ' . ($language_locales_search_option["Value"] == 3 ? 'selected="selected" ' : '') . '>' . lang("global", "language_3") . '</option> <option value="4" ' . ($language_locales_search_option["Value"] == 4 ? 'selected="selected" ' : '') . '>' . lang("global", "language_4") . '</option> <option value="5" ' . ($language_locales_search_option["Value"] == 5 ? 'selected="selected" ' : '') . '>' . lang("global", "language_5") . '</option> <option value="6" ' . ($language_locales_search_option["Value"] == 6 ? 'selected="selected" ' : '') . '>' . lang("global", "language_6") . '</option> <option value="7" ' . ($language_locales_search_option["Value"] == 7 ? 'selected="selected" ' : '') . '>' . lang("global", "language_7") . '</option> <option value="8" ' . ($language_locales_search_option["Value"] == 8 ? 'selected="selected" ' : '') . '>' . lang("global", "language_8") . '</option> </select> </td> </tr> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "languagesiteencoding_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "languagesiteencoding") . '</a>: </td> <td> <input type="text" name="languagesiteencoding" value="' . $language_site_encoding["Value"] . '" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } else { $sql_search_limit = $sqlm->quote_smart($_GET["sqlsearchlimit"]); $item_icons = $sqlm->quote_smart($_GET["itemicons"]); $remember_me_checked = isset($_GET["remembermechecked"]) ? 1 : 0; $site_title = $sqlm->quote_smart($_GET["sitetitle"]); $item_per_page = $sqlm->quote_smart($_GET["itemperpage"]); $show_country_flags = isset($_GET["showcountryflags"]) ? 1 : 0; $default_theme = $sqlm->quote_smart($_GET["defaulttheme"]); $default_language = $sqlm->quote_smart($_GET["defaultlanguage"]); $timezone = $sqlm->quote_smart($_GET["timezone"]); $timezone_offset = $sqlm->quote_smart($_GET["timezone_offset"]); $player_online = $sqlm->quote_smart($_GET["playeronline"]); $gm_online = isset($_GET["gmonline"]) ? 1 : 0; $gm_online_count = isset($_GET["gmonlinecount"]) ? 1 : 0; $hide_uptime = isset($_GET["hideuptime"]) ? 1 : 0; $hide_max_players = isset($_GET["hidemaxplayers"]) ? 1 : 0; $hide_avg_latency = isset($_GET["hideavglatency"]) ? 1 : 0; $hide_plr_latency = isset($_GET["hideplrlatency"]) ? 1 : 0; $hide_coupons = isset($_GET["hidecoupons"]) ? 1 : 0; $backup_dir = $sqlm->quote_smart($_GET["backupdir"]); $debug = $sqlm->quote_smart($_GET["debug"]); $test_mode = $sqlm->quote_smart($_GET["testmode"]); $multi_realm = $sqlm->quote_smart($_GET["multirealm"]); $show_emblem = isset($_GET["showemblem"]) ? 1 : 0; $language_locales_search_option = $sqlm->quote_smart($_GET["languagelocalessearchoption"]); $language_site_encoding = $sqlm->quote_smart($_GET["languagesiteencoding"]); $hide_server_mem = $sqlm->quote_smart($_GET["hideservermem"]); $show_newest_user = isset($_GET["shownewuser"]) ? 1 : 0; $send_on_email = isset($_GET["sendonemail"]) ? 1 : 0; $index_show_realms = isset($_GET["indexshowrealms"]) ? 1 : 0; $use_custom_logo = isset($_GET["usecustomlogo"]) ? 1 : 0; $custom_logo = isset($_GET["customlogo"]) ? $sqlm->quote_smart($_GET["customlogo"]) : NULL; $delete_selected = isset($_GET["deleteselectedlogo"]) ? 1 : 0; $allow_caching = isset($_GET["allowcaching"]) ? 1 : 0; $result = $sqlm->query("UPDATE config_misc SET Value='" . $sql_search_limit . "' WHERE `Key`='SQL_Search_Limit'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $item_icons . "' WHERE `Key`='Item_Icons'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $remember_me_checked . "' WHERE `Key`='Remember_Me_Checked'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $site_title . "' WHERE `Key`='Site_Title'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $item_per_page . "' WHERE `Key`='Item_Per_Page'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $show_country_flags . "' WHERE `Key`='Show_Country_Flags'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $default_theme . "' WHERE `Key`='Default_Theme'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $default_language . "' WHERE `Key`='Default_Language'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $timezone . "' WHERE `Key`='Timezone'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $timezone_offset . "' WHERE `Key`='Timezone_Offset'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $player_online . "' WHERE `Key`='Player_Online'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $gm_online . "' WHERE `Key`='GM_Online'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $gm_online_count . "' WHERE `Key`='GM_Online_Count'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $hide_uptime . "' WHERE `Key`='Hide_Uptime'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $hide_max_players . "' WHERE `Key`='Hide_Max_Players'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $hide_avg_latency . "' WHERE `Key`='Hide_Avg_Latency'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $hide_server_mem . "' WHERE `Key`='Hide_Server_Mem'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $hide_plr_latency . "' WHERE `Key`='Hide_Plr_Latency'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $hide_coupons . "' WHERE `Key`='Hide_Coupons_Main_Page'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $backup_dir . "' WHERE `Key`='Backup_Dir'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $debug . "' WHERE `Key`='Debug'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $test_mode . "' WHERE `Key`='Test_Mode'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $multi_realm . "' WHERE `Key`='Multi_Realm'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $show_emblem . "' WHERE `Key`='Show_Guild_Emblem'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $language_locales_search_option . "' WHERE `Key`='Language_Locales_Search_Option'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $language_site_encoding . "' WHERE `Key`='Language_Site_Encoding'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $show_newest_user . "' WHERE `Key`='Show_Newest_User'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $send_on_email . "' WHERE `Key`='Send_Mail_On_Email_Change'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $index_show_realms . "' WHERE `Key`='Index_Show_Realms'"); if ($delete_selected) { $result = $sqlm->query("DELETE FROM custom_logos WHERE id='" . $custom_logo . "'"); // if we have no more logos, then we don't want Use Custom Logos checked. $result = $sqlm->query("SELECT * FROM custom_logos"); $logo_count = $sqlm->num_rows($result); if ($logo_count == 0) { $use_custom_logo = 0; } else { // we don't want the Custom_Logo field set to the one we just deleted // so we'll set it to the first one on the list $temp = $sqlm->fetch_assoc($result); $custom_logo = $temp["id"]; } } $result = $sqlm->query("UPDATE config_misc SET Value='" . $use_custom_logo . "' WHERE `Key`='Use_Custom_Logo'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $custom_logo . "' WHERE `Key`='Custom_Logo'"); $result = $sqlm->query("UPDATE config_misc SET Value='" . $allow_caching . "' WHERE `Key`='Allow_Logo_Caching'"); redirect("admin.php?section=general&subsection=more"); } break; case "upload_logo": if (!$sub_action) { $upload_err = isset($_GET["up_err"]) ? $_GET["up_err"] : NULL; $output .= ' <form action="admin.php?section=general&subsection=upload_logo&subaction=upload" method="post" enctype="multipart/form-data" id="form"> <table class="simple" id="admin_more">'; if (isset($upload_err)) { $msg = lang("admin", "uploaderror" . abs($upload_err)); $output .= ' <td colspan="2"> <span class="error" style="display: block; width: 100%; text-align: center;">' . $msg . '</span> </td>'; } $output .= ' <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "uploadlogo_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "uploadlogo") . '</a>: </td> <td> <input type="file" name="image" /> </td> </tr> </table> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> <input type="button" name="cancel" value="' . lang("admin", "cancel") . '" onclick="window.location=\'admin.php?section=general&subsection=more\'"/> </div> </form>'; } else { if (!array_key_exists("image", $_FILES)) { redirect("admin.php?section=general&subsection=upload_logo&error=1"); } $image = $_FILES["image"]; $err = checkValidUpload($image["error"]); if ($err < 0) { redirect("admin.php?section=general&subsection=upload_logo&up_err=" . $err); } else { if (!is_uploaded_file($image["tmp_name"])) { redirect("admin.php?section=general&subsection=upload_logo&up_err=-8"); } $info = getImageSize($image["tmp_name"]); if (!$info) { redirect("admin.php?section=general&subsection=upload_logo&up_err=-9"); } $name = $sqlm->quote_smart($image["name"]); $mime = $sqlm->quote_smart($info["mime"]); $data = $sqlm->quote_smart(file_get_contents($image["tmp_name"])); $upload_query = "INSERT INTO custom_logos (filename, mime_type, file_size, file_data) VALUES ('" . $name . "', '" . $mime . "', '" . $image['size'] . "', '" . $data . "')"; $sqlm->query($upload_query); redirect("admin.php?section=general&subsection=more"); } } break; case "gmlevels": if (!$sub_action) { $gm_lvls = $sqlm->query("SELECT * FROM config_gm_level_names"); if (!isset($_GET["edit_btn"])) { $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subsection" value="gmlevels" /> <input type="hidden" name="edit_btn" value="edit" /> </div> <table class="simple"> <tr> <th>' . lang("admin", "edit") . '</th> <th>' . lang("admin", "remove") . '</th> <th>' . lang("admin", "seclvl") . '</th> <th>' . lang("admin", "fullname") . '</th> <th>' . lang("admin", "shortname") . '</th> </tr>'; $color = "#EEEEEE"; while ($gm_lvl = $sqlm->fetch_assoc($gm_lvls)) { $output .= ' <tr> <td style="background-color:' . $color . '; text-align: center;"> <a href="admin.php?section=general&subsection=gmlevels&edit=' . $gm_lvl["Index"] . '&edit_btn=Edit"> <img src="img/edit.png" alt="" /> </a> </td> <td style="background-color:' . $color . '; text-align: center;"> <a href="admin.php?section=general&subsection=gmlevels&delrow=deleterow&edit=' . $gm_lvl["Index"] . '&edit_btn=Edit"> <img src="img/aff_cross.png" alt="" /> </a> </td> <td style="background-color:' . $color . '">' . $gm_lvl["Security_Level"] . '</td> <td style="background-color:' . $color . '">' . $gm_lvl["Full_Name"] . '</td> <td style="background-color:' . $color . '">' . $gm_lvl["Short_Name"] . '</td> </tr>'; if ($color == "#EEEEEE") { $color = "#FFFFFF"; } else { $color = "#EEEEEE"; } } $output .= ' <tr> <td style="background-color:' . $color . '; text-align: center;"> <a href="admin.php?section=general&subsection=gmlevels&edit_btn=Edit&addrow=addrow"> <img src="img/add.png" alt="" /> </a> </td> <td style="background-color:' . $color . ';" colspan="4"> <a href="admin.php?section=general&subsection=gmlevels&edit_btn=Edit&addrow=addrow">' . lang("admin", "addrow") . '</a> </td> </tr>'; $output .= ' </table> </form>'; } else { if (!isset($_GET["edit"])) { if (!isset($_GET["addrow"])) { redirect("admin.php?section=general&subsection=gmlevels"); } } $del_row = isset($_GET["delrow"]) ? $_GET["delrow"] : ""; $add_row = isset($_GET["addrow"]) ? $_GET["addrow"] : ""; $edit_row = $sqlm->quote_smart($_GET["edit"]); if ($add_row) { $add_result = $sqlm->query("INSERT INTO config_gm_level_names (Security_Level) VALUES ('-1')"); redirect("admin.php?section=general&subsection=gmlevels"); } if ($del_row) { $del_result = $sqlm->query("DELETE FROM config_gm_level_names WHERE `Index`='" . $edit_row . "'"); redirect("admin.php?section=general&subsection=gmlevels"); } $gm_level = $sqlm->fetch_assoc($sqlm->query("SELECT * FROM config_gm_level_names WHERE `Index`='" . $edit_row . "'")); $output .= ' <form action="admin.php" method="get" id="form"> <div> <input type="hidden" name="section" value="general" /> <input type="hidden" name="subsection" value="gmlevels" /> <input type="hidden" name="subaction" value="savegms" /> <input type="hidden" name="index" value="' . $gm_level["Index"] . '" /> </div> <fieldset id="admin_gm_level"> <table class="center"> <tr> <td class="help"> <a href="#" onmouseover="oldtoolTip(\'' . lang("admin", "seclvl_tip") . '\', \'info_tooltip\')" onmouseout="oldtoolTip()">' . lang("admin", "seclvl") . '</a>: </td> <td> <input type="text" name="seclvl" value="' . $gm_level["Security_Level"] . '" /> </td> </tr> <tr> <td>' . lang("admin", "fullname") . ': </td> <td> <input type="text" name="fullname" value="' . $gm_level["Full_Name"] . '" /> </td> </tr> <tr> <td>' . lang("admin", "shortname") . ': </td> <td> <input type="text" name="shortname" value="' . $gm_level["Short_Name"] . '" /> </td> </tr> </table> </fieldset> <div> <input type="submit" name="save" value="' . lang("admin", "save") . '" /> </div> </form>'; } } else { $index = $sqlm->quote_smart($_GET["index"]); $sec_lvl = $sqlm->quote_smart($_GET["seclvl"]); $full_name = $sqlm->quote_smart($_GET["fullname"]); $short_name = $sqlm->quote_smart($_GET["shortname"]); $result = $sqlm->query("UPDATE config_gm_level_names SET Security_Level='" . $sec_lvl . "', Full_Name='" . $full_name . "', Short_Name='" . $short_name . "' WHERE `Index`='" . $index . "'"); redirect("admin.php?section=general&subsection=gmlevels"); } break; } $output .= ' </div>'; }
function delete_motd(&$sqlm) { global $action_permission, $realm_id, $mmfpm_db; // minimum permission to view page valid_login($action_permission['delete']); $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (empty($_GET['id'])) { redirect('index.php'); } $id = $sqlm->quote_smart($_GET['id']); if (is_numeric($id)) { } else { redirect('motd.php?error=1'); } $sqlm->query(' DELETE FROM mm_motd WHERE id =' . $id . ''); unset($id); redirect('index.php'); }
function do_update() { global $world_db, $realm_id; if (!isset($_POST['opp_type']) || $_POST['opp_type'] === '') { redirect("game_object.php?error=1"); } if (!isset($_POST['entry']) || $_POST['entry'] === '') { redirect("game_object.php?error=1"); } $sql = new SQL(); $sql->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $entry = $sql->quote_smart($_POST['entry']); if (isset($_POST['type']) && $_POST['type'] != '') { $type = $sql->quote_smart($_POST['type']); } else { $type = 0; } if (isset($_POST['displayId']) && $_POST['displayId'] != '') { $displayId = $sql->quote_smart($_POST['displayId']); } else { $displayId = 0; } if (isset($_POST['name']) && $_POST['name'] != '') { $name = $sql->quote_smart($_POST['name']); } else { $name = ""; } if (isset($_POST['faction']) && $_POST['faction'] != '') { $faction = $sql->quote_smart($_POST['faction']); } else { $faction = 0; } if (isset($_POST['flags']) && $_POST['flags'] != '') { $flags = $sql->quote_smart($_POST['flags']); } else { $flags = 0; } if (isset($_POST['size']) && $_POST['size'] != '') { $size = $sql->quote_smart($_POST['size']); } else { $size = 0; } if (isset($_POST['ScriptName']) && $_POST['ScriptName'] != '') { $ScriptName = $sql->quote_smart($_POST['ScriptName']); } else { $ScriptName = ""; } if (isset($_POST['data0']) && $_POST['data0'] != '') { $data0 = $sql->quote_smart($_POST['data0']); } else { $data0 = 0; } if (isset($_POST['data1']) && $_POST['data1'] != '') { $data1 = $sql->quote_smart($_POST['data1']); } else { $data1 = 0; } if (isset($_POST['data2']) && $_POST['data2'] != '') { $data2 = $sql->quote_smart($_POST['data2']); } else { $data2 = 0; } if (isset($_POST['data3']) && $_POST['data3'] != '') { $data3 = $sql->quote_smart($_POST['data3']); } else { $data3 = 0; } if (isset($_POST['data4']) && $_POST['data4'] != '') { $data4 = $sql->quote_smart($_POST['data4']); } else { $data4 = 0; } if (isset($_POST['data5']) && $_POST['data5'] != '') { $data5 = $sql->quote_smart($_POST['data5']); } else { $data5 = 0; } if (isset($_POST['data6']) && $_POST['data6'] != '') { $data6 = $sql->quote_smart($_POST['data6']); } else { $data6 = 0; } if (isset($_POST['data7']) && $_POST['data7'] != '') { $data7 = $sql->quote_smart($_POST['data7']); } else { $data7 = 0; } if (isset($_POST['data8']) && $_POST['data8'] != '') { $data8 = $sql->quote_smart($_POST['data8']); } else { $data8 = 0; } if (isset($_POST['data9']) && $_POST['data9'] != '') { $data9 = $sql->quote_smart($_POST['data9']); } else { $data9 = 0; } if (isset($_POST['data10']) && $_POST['data10'] != '') { $data10 = $sql->quote_smart($_POST['data10']); } else { $data10 = 0; } if (isset($_POST['data11']) && $_POST['data11'] != '') { $data11 = $sql->quote_smart($_POST['data11']); } else { $data11 = 0; } if (isset($_POST['data12']) && $_POST['data12'] != '') { $data12 = $sql->quote_smart($_POST['data12']); } else { $data12 = 0; } if (isset($_POST['data13']) && $_POST['data13'] != '') { $data13 = $sql->quote_smart($_POST['data13']); } else { $data13 = 0; } if (isset($_POST['data14']) && $_POST['data14'] != '') { $data14 = $sql->quote_smart($_POST['data14']); } else { $data14 = 0; } if (isset($_POST['data15']) && $_POST['data15'] != '') { $data15 = $sql->quote_smart($_POST['data15']); } else { $data15 = 0; } if (isset($_POST['data16']) && $_POST['data16'] != '') { $data16 = $sql->quote_smart($_POST['data16']); } else { $data16 = 0; } if (isset($_POST['data17']) && $_POST['data17'] != '') { $data17 = $sql->quote_smart($_POST['data17']); } else { $data17 = 0; } if (isset($_POST['data18']) && $_POST['data18'] != '') { $data18 = $sql->quote_smart($_POST['data18']); } else { $data18 = 0; } if (isset($_POST['data19']) && $_POST['data19'] != '') { $data19 = $sql->quote_smart($_POST['data19']); } else { $data19 = 0; } if (isset($_POST['data20']) && $_POST['data20'] != '') { $data20 = $sql->quote_smart($_POST['data20']); } else { $data20 = 0; } if (isset($_POST['data21']) && $_POST['data21'] != '') { $data21 = $sql->quote_smart($_POST['data21']); } else { $data21 = 0; } if (isset($_POST['data22']) && $_POST['data22'] != '') { $data22 = $sql->quote_smart($_POST['data22']); } else { $data22 = 0; } if (isset($_POST['data23']) && $_POST['data23'] != '') { $data23 = $sql->quote_smart($_POST['data23']); } else { $data23 = 0; } if (isset($_POST['ChanceOrQuestChance']) && $_POST['ChanceOrQuestChance'] != '') { $ChanceOrQuestChance = $sql->quote_smart($_POST['ChanceOrQuestChance']); } else { $ChanceOrQuestChance = 0; } if (isset($_POST['groupid']) && $_POST['groupid'] != '') { $groupid = $sql->quote_smart($_POST['groupid']); } else { $groupid = 0; } if (isset($_POST['mincountOrRef']) && $_POST['mincountOrRef'] != '') { $mincountOrRef = $sql->quote_smart($_POST['mincountOrRef']); } else { $mincountOrRef = 0; } if (isset($_POST['maxcount']) && $_POST['maxcount'] != '') { $maxcount = $sql->quote_smart($_POST['maxcount']); } else { $maxcount = 0; } if (isset($_POST['lootcondition']) && $_POST['lootcondition'] != '') { $lootcondition = $sql->quote_smart($_POST['lootcondition']); } else { $lootcondition = 0; } if (isset($_POST['condition_value1']) && $_POST['condition_value1'] != '') { $condition_value1 = $sql->quote_smart($_POST['condition_value1']); } else { $condition_value1 = 0; } if (isset($_POST['condition_value2']) && $_POST['condition_value2'] != '') { $condition_value2 = $sql->quote_smart($_POST['condition_value2']); } else { $condition_value2 = 0; } if (isset($_POST['item']) && $_POST['item'] != '') { $item = $sql->quote_smart($_POST['item']); } else { $item = 0; } if (isset($_POST['del_loot_items']) && $_POST['del_loot_items'] != '') { $del_loot_items = $sql->quote_smart($_POST['del_loot_items']); } else { $del_loot_items = NULL; } if (isset($_POST['involvedrelation']) && $_POST['involvedrelation'] != '') { $involvedrelation = $sql->quote_smart($_POST['involvedrelation']); } else { $involvedrelation = 0; } if (isset($_POST['del_involvedrelation']) && $_POST['del_involvedrelation'] != '') { $del_involvedrelation = $sql->quote_smart($_POST['del_involvedrelation']); } else { $del_involvedrelation = NULL; } if (isset($_POST['questrelation']) && $_POST['questrelation'] != '') { $questrelation = $sql->quote_smart($_POST['questrelation']); } else { $questrelation = 0; } if (isset($_POST['del_questrelation']) && $_POST['del_questrelation'] != '') { $del_questrelation = $sql->quote_smart($_POST['del_questrelation']); } else { $del_questrelation = NULL; } if ($_POST['opp_type'] == "add_new") { $sql_query = "INSERT INTO gameobject_template ( entry, type, displayId, name, faction, flags, size, data0, data1,\r\n data2, data3, data4, data5, data6, data7, data8, data9, data10, data11, data12, data13,\r\n data14, data15, data16, data17, data18, data19, data20, data21, data22, data23, ScriptName )\r\n VALUES ( '{$entry}', '{$type}', '{$displayId}', '{$name}', '{$faction}', '{$flags}', '{$size}', '{$data0}', '{$data1}',\r\n '{$data2}', '{$data3}', '{$data4}', '{$data5}', '{$data6}', '{$data7}', '{$data8}', '{$data9}', '{$data10}', '{$data11}',\r\n '{$data12}', '{$data13}', '{$data14}', '{$data15}', '{$data16}', '{$data17}', '{$data18}', '{$data19}', '{$data20}',\r\n '{$data21}', '{$data22}', '{$data23}', '{$ScriptName}' )"; } elseif ($_POST['opp_type'] == "edit") { $sql_query = "UPDATE gameobject_template SET "; $result = $sql->query("SELECT gameobject_template.`entry`,`type`,`displayId`,IFNULL(" . ($deplang != 0 ? "name_loc{$deplang}" : "NULL") . ",`name`) as name,`faction`,`flags`,`size`,`data0`,`data1`,`data2`,`data3`,`data4`,`data5`,`data6`,`data7`,`data8`,`data9`,`data10`,`data11`,`data12`,`data13`,`data14`,`data15`,`data16`,`data17`,`data18`,`data19`,`data20`,`data21`,`data22`,`data23`,`ScriptName` FROM gameobject_template LEFT JOIN locales_gameobject ON gameobject_template.entry = locales_gameobject.entry WHERE gameobject_template.entry = '{$entry}'"); if ($go_templ = $sql->fetch_assoc($result)) { if ($go_templ['type'] != $type) { $sql_query .= "type='{$type}',"; } if ($go_templ['displayId'] != $displayId) { $sql_query .= "displayId='{$displayId}',"; } if ($go_templ['name'] != $name) { $sql_query .= "name='{$name}',"; } if ($go_templ['faction'] != $faction) { $sql_query .= "faction='{$faction}',"; } if ($go_templ['flags'] != $flags) { $sql_query .= "flags='{$flags}',"; } if ($go_templ['size'] != $size) { $sql_query .= "size='{$size}',"; } if ($go_templ['data0'] != $data0) { $sql_query .= "data0='{$data0}',"; } if ($go_templ['data1'] != $data1) { $sql_query .= "data1='{$data1}',"; } if ($go_templ['data2'] != $data2) { $sql_query .= "data2='{$data2}',"; } if ($go_templ['data3'] != $data3) { $sql_query .= "data3='{$data3}',"; } if ($go_templ['data4'] != $data4) { $sql_query .= "data4='{$data4}',"; } if ($go_templ['data5'] != $data5) { $sql_query .= "data5='{$data5}',"; } if ($go_templ['data6'] != $data6) { $sql_query .= "data6='{$data6}',"; } if ($go_templ['data7'] != $data7) { $sql_query .= "data7='{$data7}',"; } if ($go_templ['data8'] != $data8) { $sql_query .= "data8='{$data8}',"; } if ($go_templ['data9'] != $data9) { $sql_query .= "data9='{$data9}',"; } if ($go_templ['data10'] != $data10) { $sql_query .= "data10='{$data10}',"; } if ($go_templ['data11'] != $data11) { $sql_query .= "data11='{$data11}',"; } if ($go_templ['data12'] != $data12) { $sql_query .= "data12='{$data12}',"; } if ($go_templ['data13'] != $data13) { $sql_query .= "data13='{$data13}',"; } if ($go_templ['data14'] != $data14) { $sql_query .= "data14='{$data14}',"; } if ($go_templ['data15'] != $data15) { $sql_query .= "data15='{$data15}',"; } if ($go_templ['data16'] != $data16) { $sql_query .= "data16='{$data16}',"; } if ($go_templ['data17'] != $data17) { $sql_query .= "data17='{$data17}',"; } if ($go_templ['data18'] != $data18) { $sql_query .= "data18='{$data18}',"; } if ($go_templ['data19'] != $data19) { $sql_query .= "data19='{$data19}',"; } if ($go_templ['data20'] != $data20) { $sql_query .= "data20='{$data20}',"; } if ($go_templ['data21'] != $data21) { $sql_query .= "data21='{$data21}',"; } if ($go_templ['data22'] != $data22) { $sql_query .= "data22='{$data22}',"; } if ($go_templ['data23'] != $data23) { $sql_query .= "data23='{$data23}',"; } if ($go_templ['ScriptName'] != $ScriptName) { $sql_query .= "ScriptName='{$ScriptName}',"; } $sql->free_result($result); unset($go_templ); if ($sql_query == "UPDATE gameobject_template SET " && !$item && !$del_loot_items && !$del_questrelation && !$questrelation && !$del_involvedrelation && !$involvedrelation) { $sql->close(); redirect("game_object.php?action=edit&entry={$entry}&error=6"); } else { if ($sql_query != "UPDATE gameobject_template SET ") { $sql_query[strlen($sql_query) - 1] = " "; $sql_query .= " WHERE entry = '{$entry}';\n"; } else { $sql_query = ""; } } if ($item) { $sql_query .= "INSERT INTO gameobject_loot_template (entry, item, ChanceOrQuestChance, `groupid`, mincountOrRef, maxcount, lootcondition, condition_value1, condition_value2)\r\n VALUES ({$data1},{$item},'{$ChanceOrQuestChance}', '{$groupid}' ,{$mincountOrRef} ,{$maxcount} ,{$lootcondition} ,{$condition_value1} ,{$condition_value2});\n"; } if ($del_loot_items) { foreach ($del_loot_items as $item_id) { $sql_query .= "DELETE FROM gameobject_loot_template WHERE entry = {$data1} AND item = {$item_id};\n"; } } if ($questrelation) { $sql_query .= "INSERT INTO gameobject_questrelation (id, quest) VALUES ({$entry},{$questrelation});\n"; } if ($involvedrelation) { $sql_query .= "INSERT INTO gameobject_involvedrelation (id, quest) VALUES ({$entry},{$involvedrelation});\n"; } if ($del_questrelation) { foreach ($del_questrelation as $quest_id) { $sql_query .= "DELETE FROM gameobject_questrelation WHERE id = {$entry} AND quest = {$quest_id};\n"; } } if ($del_involvedrelation) { foreach ($del_involvedrelation as $quest_id) { $sql_query .= "DELETE FROM gameobject_involvedrelation WHERE id = {$entry} AND quest = {$quest_id};\n"; } } } else { $sql->close(); redirect("game_object.php?error=5"); } } else { $sql->close(); redirect("game_object.php?error=5"); } if (isset($_POST['backup_op']) && $_POST['backup_op'] == 1) { $sql->close(); Header("Content-type: application/octet-stream"); Header("Content-Disposition: attachment; filename=goid_{$entry}.sql"); echo $sql_query; exit; redirect("game_object.php?action=edit&entry={$entry}&error=4"); } else { $sql_query = explode(';', $sql_query); foreach ($sql_query as $tmp_query) { if ($tmp_query && $tmp_query != "\n") { $result = $sql->query($tmp_query); } } $sql->close(); } if ($result) { redirect("game_object.php?action=edit&entry={$entry}&error=4"); } else { redirect("game_object.php"); } }