static function mod_pg($pg) { $p = plugins::getinst(); $user = $p->d->getrow('SELECT * FROM users WHERE name="' . $pg . '";'); if ($user->account_id == $_SESSION['datiaccount']['id']) { $t = new template('template/mod_pg.tpl'); $t->assign_var('PG_NAME', $pg); if ($_POST) { $query = 'UPDATE users SET description="' . $_POST['desc'] . '",image="' . $_POST['image'] . '" WHERE name="' . $pg . '";'; $upd = $p->d->query($query); if (!$upd) { $t->start_block('mod_failed'); $t->end_block('mod_failed'); } else { $t->start_block('mod_success'); $t->end_block('mod_success'); } } else { $t->start_block('mod_failed'); $t->end_block('mod_failed'); } $p->action('mod_pg'); $t->out(); } }
static function page_login() { $p = plugins::getinst(); $t = new template('template/login.tpl'); $t->assign_var('TITLE', 'Login Page'); //Controllo che siano stati postati nome utente e password if (isset($_POST['username']) && isset($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); //Controllo che l'utente con la password scelta esista $dati = $p->d->getrow("SELECT * FROM accounts WHERE username='******' AND password='******'password']) . "';"); if ($dati) { //Aggiorno le variabili di sessione per l'account $_SESSION['username'] = $username; $_SESSION['datiaccount'] = get_object_vars($dati); $_SESSION['stanza'] = 1; $_SESSION['password'] = $_POST['password']; //Controllo i dati di master e admin if ($dati->admin == 1) { $_SESSION['admin'] = 1; } if ($dati->master == 1) { $_SESSION['master'] = 1; } //Inserisco l'utente nelle sessioni if ($p->d->query("INSERT INTO sessioni SET session_id='" . session_id() . "',username='******',chat_id=1,chat_name='" . $p->d->getvar('SELECT name FROM stanze WHERE id=1;') . "',last_time='" . (time() + 60 * 10) . "',pg_id=0 ;") > 0) { //Eseguo l'azione "login_success" $t->start_block('login_success'); $p->action('login_success'); $t->end_block('login_success'); } else { //Eseguo l'azione "login_failed" $t->start_block('login_failed'); $p->action('login_failed'); $t->end_block('login_failed'); } } else { //Eseguo l'azione "login_failed" $t->start_block('login_failed'); $p->action('login_failed'); $t->end_block('login_failed'); } } else { //Non sono stati inviati nome utente e password: visualizzo il form per il login $t->start_block('login_form'); $t->assign_block_var('ACTION', $_SERVER['PHP_SELF']); //Eseguo l'azione "login_form" $p->action('login_form'); $t->end_block('login_form'); } $t->out(); }
/** * @param template $template * @param string $query_where * @param int $query_limit */ function nws_render(&$template, $query_where = '', $query_limit = 20) { global $config, $user; $announce_list = doquery("SELECT a.*, UNIX_TIMESTAMP(`tsTimeStamp`) AS unix_time, u.authlevel, s.*\n FROM\n {{announce}} AS a\n LEFT JOIN {{survey}} AS s ON s.survey_announce_id = a.idAnnounce\n LEFT JOIN {{users}} AS u ON u.id = a.user_id\n {$query_where}\n ORDER BY `tsTimeStamp` DESC, idAnnounce" . ($query_limit ? " LIMIT {$query_limit}" : '')); $template->assign_var('NEWS_COUNT', db_num_rows($announce_list)); $users = array(); while ($announce = db_fetch($announce_list)) { if ($announce['user_id'] && !isset($users[$announce['user_id']])) { $users[$announce['user_id']] = db_user_by_id($announce['user_id']); } $survey_vote = array('survey_vote_id' => 1); $survey_complete = strtotime($announce['survey_until']) < SN_TIME_NOW; if ($announce['survey_id'] && !empty($user['id'])) { $survey_vote = !$survey_complete ? $survey_vote = doquery("SELECT `survey_vote_id` FROM `{{survey_votes}}` WHERE survey_parent_id = {$announce['survey_id']} AND survey_vote_user_id = {$user['id']} LIMIT 1;", true) : array(); } $announce_exploded = explode("<br /><br />", cht_message_parse($announce['strAnnounce'], false, intval($announce['authlevel']))); $template->assign_block_vars('announces', array('ID' => $announce['idAnnounce'], 'TIME' => date(FMT_DATE_TIME, $announce['unix_time'] + SN_CLIENT_TIME_DIFF), 'ANNOUNCE' => cht_message_parse($announce['strAnnounce'], false, intval($announce['authlevel'])), 'DETAIL_URL' => $announce['detail_url'], 'USER_NAME' => isset($users[$announce['user_id']]) && $users[$announce['user_id']] ? player_nick_render_to_html($users[$announce['user_id']], array('color' => true)) : js_safe_string($announce['user_name']), 'NEW' => $announce['unix_time'] + $config->game_news_actual >= SN_TIME_NOW, 'FUTURE' => $announce['unix_time'] > SN_TIME_NOW, 'SURVEY_ID' => $announce['survey_id'], 'SURVEY_TEXT' => $announce['survey_question'], 'SURVEY_CAN_VOTE' => empty($survey_vote) && !$survey_complete, 'SURVEY_COMPLETE' => $survey_complete, 'SURVEY_UNTIL' => $announce['survey_until'])); foreach ($announce_exploded as $announce_paragraph) { $template->assign_block_vars('announces.paragraph', array('TEXT' => $announce_paragraph)); } if ($announce['survey_id']) { $survey_query = doquery("SELECT survey_answer_text AS `TEXT`, count(DISTINCT survey_vote_id) AS `VOTES`\n FROM `{{survey_answers}}` AS sa\n LEFT JOIN `{{survey_votes}}` AS sv ON sv.survey_parent_answer_id = sa.survey_answer_id\n WHERE sa.survey_parent_id = {$announce['survey_id']}\n GROUP BY survey_answer_id\n ORDER BY survey_answer_id;"); $survey_vote_result = array(); $total_votes = 0; while ($row = db_fetch($survey_query)) { $survey_vote_result[] = $row; $total_votes += $row['VOTES']; } if (empty($survey_vote) && !$survey_complete) { // Can vote $survey_query = doquery("SELECT * FROM {{survey_answers}} WHERE survey_parent_id = {$announce['survey_id']} ORDER BY survey_answer_id;"); while ($row = db_fetch($survey_query)) { $template->assign_block_vars('announces.survey_answers', array('ID' => $row['survey_answer_id'], 'TEXT' => $row['survey_answer_text'])); } } else { // Show result foreach ($survey_vote_result as &$vote_result) { $vote_percent = $total_votes ? $vote_result['VOTES'] / $total_votes * 100 : 0; $vote_result['PERCENT'] = $vote_percent; $vote_result['PERCENT_TEXT'] = round($vote_percent, 1); $vote_result['VOTES'] = pretty_number($vote_result['VOTES']); $template->assign_block_vars('announces.survey_votes', $vote_result); } } // Dirty hack $template->assign_block_vars('announces.total_votes', array('TOTAL_VOTES' => $total_votes)); } } }
function guestbook() { global $p, $t, $game_name; $t = new template('template/guestbook.tpl'); $t->assign_var('NAME', $game_name); if (!empty($_POST['message'])) { $username = mysql_real_escape_string(htmlentities($_POST['username'])); $text = mysql_real_escape_string(htmlentities($_POST['message'])); $query = 'INSERT INTO guestbook SET username="******",text="' . $text . '",time=NOW();'; if ($p->d->query($query)) { $t->to_comp['new_success'][] = array(); } } $select = 'SELECT * FROM guestbook ORDER BY time DESC;'; $messaggi = $p->d->getresults($select); foreach ($messaggi as $m) { $t->to_comp['message'][] = array('USERNAME' => $m->username, 'MESSAGE' => $m->text); } $t->out(); }
static function chat() { $p = plugins::getinst(); $stanza = $_SESSION['stanza']; //prendo l'id della chat $chat = $p->d->getrow('SELECT name,other FROM stanze WHERE id="' . $stanza . '";'); //la trovo sul db if ($chat) { //se c'è //se ha un contenuto in html, lo visualizzo al posto del frameset della chat usando un altro template if ($chat->other) { $t = new template('template/chat_body_other.tpl'); $t->assign_var('TEXT', stripslashes($chat->other)); } else { $t = new template('template/chat.tpl'); } $p->action('chat'); @$t->out(); } else { echo 'Stanza non presente...<br/><a href="' . config::game_dir . '/plugins.php/main" target="_top">torna alla pagina principale</a>'; } }
{ @include($phpbb_root_path . 'includes/hooks/' . $hook . '.' . $phpEx); } } else { $phpbb_hook = false; } // Set some standard variables we want to force $config = array( 'load_tplcompile' => '1' ); $template->set_custom_template('../adm/style', 'admin'); $template->assign_var('T_TEMPLATE_PATH', '../adm/style'); // the acp template is never stored in the database $user->theme['template_storedb'] = false; $install = new module(); $install->create('install', "index.$phpEx", $mode, $sub); $install->load(); // Generate the page $install->page_header(); $install->generate_navigation(); $template->set_filenames(array( 'body' => $install->get_tpl_name())
} else { require $phpbb_root_path . 'includes/acm/acm_file.' . $phpEx; require $phpbb_root_path . 'includes/auth.' . $phpEx; require $phpbb_root_path . 'includes/cache.' . $phpEx; require $phpbb_root_path . 'includes/session.' . $phpEx; // Create the user. $user = new user(); $auth = new auth(); $cache = new cache(); } // We need to set the template here. $template = new template(); $template->set_custom_template('style', 'qi'); $profiles = $settings->get_profiles(); if (empty($profiles['count'])) { $template->assign_var('S_NO_PROFILE', true); $page = $page == 'main' || $page == '' ? 'settings' : $page; } $template->assign_var('CONFIG_TEXT', false); // If there is a language selected in the dropdown menu in settings it's sent as GET, then igonre the hidden POST field. if (isset($_GET['lang'])) { $language = request_var('lang', ''); } else { if (!empty($_POST['sel_lang'])) { $language = request_var('sel_lang', ''); } else { $language = ''; } } $settings->apply_language($language); // Updated settings?
static function account_switch($action = '') { /* prendo l'istanza della classe plugin dal singleton | Call Singleton Plugin */ $p = plugins::getinst(); /* prendo l'id dell'account | gain account id * TODO Fix filtraggio input */ $account_id = $_SESSION['datiaccount']['id']; $t = new template('template/account_switch.tpl'); /* se si vuole usare un utente | "Use a User Profile" Action */ if ($action == 'use_user') { /* vedo se esiste l'utente selezionato e se è dell'account che lo ha selezionato | Check existance and proprietary account on selected one * TODO Fix filtraggio input */ $cond = $p->d->getrow('SELECT COUNT(id) AS count, account_id FROM users WHERE id="' . mysql_real_escape_string($_POST['pg_id']) . '" GROUP BY id;'); /* se supera l'if metto nella sessione i dati del pg separati da quelli dell'account, cambio pg_id nella tabella sessioni e mando l'utente alla pagina main | * save usre data out of account data, update pg_id in session table, redirect to main page */ if ($cond->count > 0 && $cond->account_id == $_SESSION['datiaccount']['id']) { $_SESSION['datiuser'] = get_object_vars($p->d->getrow('SELECT * FROM users WHERE id="' . $_POST['pg_id'] . '";')); $updsess = $p->d->query('UPDATE sessioni SET pg_id="' . $_POST['pg_id'] . '" WHERE session_id="' . session_id() . '";'); header('Location:' . config::game_dir . '/plugins.php/main'); /* command to redirect */ } } /* se si vuole cambiare la password | Change Password OF FULL ACCOUNT */ if ($action == 'change_pwd') { /* cripto in md5 quella nuova | md5 encript * TODO Fix filtraggio input */ $password = md5(mysql_real_escape_string($_POST['password'])); /* faccio l'update della password sul db | update query */ $query = 'UPDATE accounts SET password="******",last_change_pwd=NOW() WHERE id="' . $account_id . '";'; if ($p->d->query($query) > 0) { $t->block_null('new_password_success'); } else { $t->block_null('new_password_failed'); } } /* se si vuole creare un nuovo utente | New User */ if ($action == 'new_user') { /* prendo tutti i dati passati in POST e li passo a mysql_real_escape_string e htmlentities per evitare XSS e SQL injections | Input filtering * TODO Fix filtraggio input */ $name = mysql_real_escape_string(htmlentities($_POST['name'])); $surname = mysql_real_escape_string(htmlentities($_POST['surname'])); $sex = mysql_real_escape_string(htmlentities($_POST['sex'])); $race = mysql_real_escape_string(htmlentities($_POST['race'])); /* vedo se sono stati riempiti tutti i campi | no empty fields */ if ($name == NULL || ($surname = NULL || $sex == NULL || $race == NULL)) { die('Non hai riempito tutti i campi <br/> <a href="javascript:history.back();">torna indietro</a>'); } /* java function to reload form */ /* controllo che il personaggio non esista già | Check in DB for duplicate entries */ if ($p->d->getvar('SELECT COUNT(id) as count FROM users WHERE name="' . $name . '";') > 0) { die('Il personaggio che vuoi creare esiste già! <br/> <a href="javascript:history.back();">torna indietro</a>'); } /* vedo se l'utente ha già raggiunto il massimo di pg consentiti (settati nel config) | check for max number of users in account */ if ($p->d->getvar('SELECT COUNT(*) FROM users WHERE account_id="' . $account_id . '";') < config::max_pg) { /* creo il pg e lo collego all'account che lo ha creato | add user in db and link it to account */ $query = 'INSERT INTO users SET account_id="' . $account_id . '",name="' . $name . '",surname="' . $surname . '",sex="' . $sex . '",race="' . $race . '";'; $p->d->query($query); /* faccio un refresh della pagina, per evitare che lo faccia manualmente l'utente creando un'altro utente vuoto | force a refresh so no duplicate entries for hand-made refreshes */ header('Location:' . config::game_dir . '/plugins.php/account_switch'); } else { echo 'Hai raggiunto il numero massimo di personaggi consentiti... <br/> <a href="javascript:history.back();">torna indietro</a>'; } /* | if already has all slot full display a warning and rollback */ } /* assegno l'account id e il path di questa pagina al template | view init: assign account id and path to template */ $t->assign_var('ID', $account_id); $t->assign_var('ACTION', config::game_dir . '/plugins.php/account_switch'); /* | Check for last changed password * TODO Fix filtraggio input */ $time_password = $p->d->getvar('SELECT COUNT(id) FROM accounts WHERE id="' . $_SESSION['datiaccount']['id'] . '" AND last_change_pwd < (NOW() - INTERVAL 6 MONTH);'); if ($time_password > 0) { $t->block_null('change_password'); } /* seleziono i pg dell'utente | extract from db account's pc */ $users = $p->d->getresults('SELECT * FROM users WHERE account_id="' . $account_id . '" LIMIT 0,' . config::max_pg . ';'); /* se ce ne sono li aggiungo al template | if any add it to template */ if (count($users) > 0) { foreach ($users as $user) { $t->start_block('user'); $t->assign_block_vars(array('PG_ID' => $user->id, 'PG_NAME' => $user->name, 'PG_SURNAME' => $user->surname, 'PG_IMAGE' => $user->image, 'PG_DESC' => isset($user->description) ? $user->description : 'nessuna descrizione')); $t->end_block('user'); /* assegnazioni per gli editor in-place per le modifiche dei PG | set editor-in-place for PC mod */ $t->block_assign('javascript_inplace_row_surname', 'ID', $user->id); $t->block_assign('javascript_inplace_row_desc', 'ID', $user->id); } } /* se il numero di utenti è minore del numero massimo consentito visualizzo il form di creazione pg | If * number of current pc is less than max allowed per account, show new PC form */ if (count($users) < config::max_pg) { /* | Use config constant to perform check */ $query = 'SELECT * FROM razze WHERE evolution!=1;'; /* TODO implementare uso delle sottorazze e razze avanzate */ $races = $p->d->getresults($query); /* ogni razza a cui sia possibile aggiungere il pg è aggiunta nel template | add any pc's allowed race to template */ $t->start_block('new_user_form'); foreach ($races as $race) { $t->block_assign('race_row', array('RACE_ID' => $race->id, 'RACE_NAME' => $race->name)); } $t->end_block('new_user_form'); } // endif $t->out(); }
static function mp_new_form($user = '') { global $t; $p = plugins::getinst(); $t = new template('template/mp_new_form.tpl'); $t->assign_var('TO', $user); $p->action('mp_new_form'); @$t->out(); }
static function edit_post($forum_id = 0, $id = 0) { $p = plugins::getinst(); if ($id != 0) { $t = new template('template/forum_message.tpl'); $t->assign_var('FORUM_ID', $forum_id); //controllo se la bacheca è riservata al master e in caso controllo che l'utente lo sia if ($p->d->getvar('SELECT master FROM forums WHERE id="' . $forum_id . '";') == 1 && control_access(MASTER_ACCESS) != 1) { $t->start_block('access_denied'); $t->end_block('access_denied'); } else { $post = $p->d->getrow('SELECT * FROM posts WHERE id="' . $id . '"'); if (!$_POST) { $t->start_block('message_form'); if ($post->title != NULL && $post->topic_id == 0) { $t->block_assign('is_topic', 'TOPIC_TITLE', $post->title); } $t->assign_block_var('TEXT', $post->text); $t->assign_block_var('SUBMIT_TEXT', 'modifica messaggio'); $t->assign_block_var('ACTION', '{ROOT}/plugins.php/edit_post/' . $forum_id . '/' . $id); $t->end_block('message_form'); } else { if (isset($_POST['title'])) { $title = mysql_real_escape_string(htmlentities($_POST['title'])); } else { $title = $post->title; } $text = $p->filter('topic_message_edited', mysql_real_escape_string(htmlentities($_POST['text']))); $query = 'UPDATE posts SET title="' . $title . '",text="' . $text . '" WHERE id="' . $id . '"'; $res = $p->d->query($query); if ($res > 0) { $t->block_assign('success', 'TEXT_SUCCESS', 'Messaggio modificato!'); } else { $t->block_assign('failed', 'TEXT_FAILED', 'Messaggio NON modificato: ' . mysql_error()); } } } $t->out(); } }
require $phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx; // Set PHP error handler to ours set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler'); // Instantiate some basic classes $user = new user(); $auth = new auth(); $template = new template(); $cache = new cache(); $db = new $sql_db(); // Connect to DB $db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, defined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK : false); $GLOBALS['db'] = $db; // We do not need this any longer, unset for safety purposes unset($dbpasswd); // Grab global variables, re-cache if necessary $config = $cache->obtain_config(); // Add own hook handler require $phpbb_root_path . 'includes/hooks/index.' . $phpEx; $phpbb_hook = new phpbb_hook(array('exit_handler', 'phpbb_user_session_handler', 'append_sid', array('template', 'display'))); foreach ($cache->obtain_hooks() as $hook) { @(include $phpbb_root_path . 'includes/hooks/' . $hook . '.' . $phpEx); } require_once dirname(__FILE__) . '/../../library/functions.php'; $css = ''; $dir = dirname(__FILE__); foreach (glob(dirname(__FILE__) . '/styles/pi/theme/*.css') as $val) { $val = str_replace($dir, '', $val); $css .= '<link href="' . $val . '" rel="stylesheet" type="text/css"/>'; } $template->assign_var('CSS', $css);