/**
* Zeigt das Formular an, in dem User ihre Einträge machen können
*
* @param $text Vorbelegung für den text
* @param $mail Vorbelegung für die Emailadresse
* @param $page Vorbelegung für die Homepage
*/
function showForm($text = "", $mail = "", $page = "", $fehler = "")
{
global $allgAr;
$tpl = new tpl('gbook.htm');
$ar = array('uname' => $_SESSION['authname'], 'SMILIES' => getsmilies(), 'ANTISPAM' => get_antispam('gbook', 1), 'TXTL' => $allgAr['Gtxtl'], 'TEXT' => $text, 'PAGE' => $page, 'MAIL' => $mail, 'FEHLER' => $fehler);
$tpl->set_ar_out($ar, "formular_eintrag");
if (!isset($_SESSION['klicktime_gbook'])) {
$_SESSION['klicktime_gbook'] = 0;
}
}
function show_sitemap($q, $lv, $table, $menu, $where, $was)
{
$limit = 200;
$page = $menu->getA(2) == 'p' ? $menu->getE(2) : 1;
$MPL = db_make_sites($page, $where, $limit, '?sitemap-' . $menu->get(1), $table);
$anfang = ($page - 1) * $limit;
$q = db_query($q . " LIMIT " . $anfang . "," . $limit);
$tpl = new tpl('sitemap');
$l = '';
while ($r = db_fetch_row($q)) {
$l .= $tpl->list_get('links', array(str_replace('{id}', $r[0], $lv), $r[1]));
}
$tpl->set_ar_out(array('MPL' => $MPL, 'site' => $was, 'links' => $l), 1);
}
function sharchiv()
{
$tpl = new tpl('shbox4', 0);
echo '<div>
<h4 align="center" class="Chead">' . $this->version . ' Archiv</h4>
</div>';
$erg = db_query('SELECT * FROM `prefix_shbox4` ORDER BY `id` DESC');
while ($row = db_fetch_assoc($erg)) {
$text = $row['txt'];
$text = $this->shtext($text);
$ar = array('AUSGABE' => '<p class="Cdark" style="margin:0;">' . $this->shdate($row['time'], $row['uid']) . '</p>
<p class="Cnorm" style="margin:0;">' . $this->colortext($this->sh_usercheck($row['uid']), $text) . '</p>
<br />');
$tpl->set_ar_out($ar, 2);
}
$tpl->set_ar(array('VERS' => $this->version()));
$tpl->out(3);
}
function wd($wdLINK, $wdTEXT, $wdZEIT = 3)
{
global $lang;
if (!is_array($wdLINK)) {
$urls = '<a href="' . $wdLINK . '">' . $lang['forward2'] . '</a>';
$wdURL = $wdLINK;
} else {
$urls = '';
$i = 0;
foreach ($wdLINK as $k => $v) {
if ($i == 0) {
$wdURL = $v;
}
$urls .= '<a href="' . $v . '">' . $k . '</a><br />';
$i++;
}
}
$tpl = new tpl('weiterleitung.htm');
$ar = array('LINK' => $urls, 'URL' => $wdURL, 'ZEIT' => $wdZEIT, 'TEXT' => $wdTEXT);
$tpl->set_ar_out($ar, 0);
unset($tpl);
}
/**
* Die Adminnavigation aus der angegeben XML-Datei auslesen
*
* @param $file die zu lesende XML-Datei
*/
function get_ini_menu($file)
{
$menus = simplexml_load_file($file);
$umenu = '';
$tpl = new tpl('adminsubmenu', 1);
if ($menus->attributes()->hide == 'true') {
$tpl->out(4);
return $umenu;
}
foreach ($menus->list as $liste) {
$tpl->set_out('headline', $liste->attributes()->title, 0);
$tpl->out(1);
foreach ($liste->modul as $mod) {
// wenn der nutzer die nötigen rechte hat
if ($mod->right >= $_SESSION['authright'] or !isset($mod->right)) {
$tpl->set_ar_out(array('url' => $mod->url, 'title' => utf8_decode($mod->title)), 2);
}
}
$tpl->out(3);
}
return $umenu;
}
}
$tpl->out(4);
} elseif ($row['status'] == 3) {
// lastwars
$row['memberliste'] = lastwars_get_memberlist($_GET['mehr']);
$wlpar = array(1 => 'gewonnen', 2 => 'verloren', 3 => 'unentschieden');
$row['erg'] = $row['owp'] . ' zu ' . $row['opp'];
$row['ergliste'] = get_erg_liste($_GET['mehr']);
$row['wlp'] = $wlpar[$row['wlp']];
$title = $allgAr['title'] . ' :: Wars :: Lastwars';
$hmenu = '<a href="?wars" class="smalfont">Wars</a><b> » </b>Lastwars';
$design = new design($title, $hmenu);
$design->header();
$tpl = new tpl('wars_last');
$row['tag'] = empty($row['tag']) ? $row['gegner'] : $row['tag'];
$tpl->set_ar_out($row, 0);
// kommentare fuer lastwars
if ($allgAr['wars_last_komms'] < 0 and has_right($allgAr['wars_last_komms'])) {
// aktion
if (isset($_POST['kommentar_fuer_last_wars'])) {
$name = $_SESSION['authname'];
$text = escape($_POST['text'], 'textarea');
db_query("INSERT INTO prefix_koms (name,cat,text,uid) VALUES ('" . $name . "','WARSLAST', '" . $text . "', " . $_GET['mehr'] . " )");
}
if (isset($_GET['kommentar_fuer_last_wars_loeschen']) and is_siteadmin('wars')) {
db_query("DELETE FROM prefix_koms WHERE cat = 'WARSLAST' AND uid = " . $_GET['mehr'] . " AND id = " . $_GET['kommentar_fuer_last_wars_loeschen']);
}
// anzeigen
$tpl->out(1);
$class = '';
$erg = db_query("SELECT name,text,id FROM prefix_koms WHERE cat = 'WARSLAST' AND uid = " . $_GET['mehr'] . " ORDER BY id DESC");
$tpl->set('minus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0"), 0));
$tpl->set('plus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0"), 0));
$tpl->set('saldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse"), 0));
$tpl->set('Jminus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0 AND datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0));
$tpl->set('Jplus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0 AND datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0));
$tpl->set('Jsaldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0));
$tpl->set('Mminus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0 AND datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0));
$tpl->set('Mplus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0 AND datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0));
$tpl->set('Msaldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0));
$tpl->set('month', $lang[date('F', $akt)]);
$tpl->set('pm', $pm);
$tpl->set('nm', $nm);
$tpl->set('py', $py);
$tpl->set('ny', $ny);
$tpl->set('jahr', $y);
$tpl->out(0);
$class = '';
$erg = db_query("SELECT name, verwendung, id, ROUND(betrag,2) as betrag FROM prefix_kasse WHERE datum >= '" . $aka . "' AND datum <= '" . $ake . "' ORDER BY datum DESC");
while ($r = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$r['class'] = $class;
if (has_right(-8, 'kasse')) {
$r['verwendung'] .= '<span style="float: right;">
<a href="admin.php?kasse-' . $r['id'] . '"><img src="include/images/icons/edit.gif" border="0" title="' . $lang['change'] . '" alt="' . $lang['change'] . '" /></a>
<a href="index.php?kasse-d' . $r['id'] . '"><img src="include/images/icons/del.gif" border="0" title="' . $lang['delete'] . '" alt="' . $lang['delete'] . '" /></a>
</span>';
}
$tpl->set_ar_out($r, 1);
}
$tpl->out(2);
$design->footer();
$page = $menu->getA(3) == 'p' ? $menu->getE(3) : 1;
$filtername = escape($menu->get(2), 'string');
} else {
$page = $menu->getA(1) == 'p' ? $menu->getE(1) : 1;
}
$anfang = ($page - 1) * $limit;
$tpl = new tpl('user/memb_list.htm');
if (isset($_GET['filtername']) and !empty($_GET['filtername'])) {
$filtername = escape($_GET['filtername'], 'string');
}
if (!empty($filtername)) {
$sql_search = " WHERE prefix_user.name LIKE '%" . $filtername . "%'";
$MPL = db_make_sites($page, $sql_search, $limit, '?user-filtername-' . $filtername, 'user');
} else {
$sql_search = "";
$MPL = db_make_sites($page, "", $limit, '?user', 'user');
}
$tpl->set_out('SITELINK', $MPL, 0);
$class = '';
$erg = db_query("SELECT\r\n posts,\r\n prefix_user.id,\r\n prefix_grundrechte.name as recht_name,\r\n regist,\r\n prefix_user.name\r\nFROM prefix_user\r\n LEFT JOIN prefix_grundrechte ON prefix_user.recht = prefix_grundrechte.id\r\n {$sql_search}\r\nORDER by recht,prefix_user.posts DESC LIMIT " . $anfang . "," . $limit);
while ($row = db_fetch_object($erg)) {
if ($class == 'Cmite') {
$class = 'Cnorm';
} else {
$class = 'Cmite';
}
$ar = array('NAME' => $row->name, 'RANG' => userrang($row->posts, $row->id), 'CLASS' => $class, 'POSTS' => $row->posts, 'UID' => $row->id, 'DATE' => date('d.m.Y', $row->regist), 'GRUPE' => $row->recht_name);
$tpl->set_ar_out($ar, 1);
}
$tpl->set_out('filtername', $filtername ? $filtername : '', 2);
$design->footer();
db_query('UPDATE `prefix_rules` SET `text` = "' . $text . '", `titel` = "' . $titel . '", `zahl` = "' . $zahl . '" WHERE `id` = "' . $sid . '"');
}
}
if (!empty($_GET['delete'])) {
$delete = escape($_GET['delete'], 'integer');
db_query('DELETE FROM `prefix_rules` WHERE `id` = "' . $delete . '" LIMIT 1');
}
if (empty($_GET['sid'])) {
$row = array();
$row['sub'] = 'Eintragen';
$row['zahl'] = '';
$row['titel'] = '';
$row['text'] = $row['sid'] = '';
} else {
$abf = 'SELECT `text`,`zahl`,`titel`,`id` as `sid` FROM `prefix_rules` WHERE `id` = "' . escape($_GET['sid'], 'integer') . '"';
$erg = db_query($abf);
$row = db_fetch_assoc($erg);
$row['sub'] = 'Ändern';
}
$clas = '';
$tpl = new tpl('rules', 1);
$row['ANTISPAM'] = get_antispam('adminuser_action', 0, true);
$tpl->set_ar_out($row, 0);
$erg = db_query('SELECT * FROM `prefix_rules` ORDER BY `zahl`');
while ($row = db_fetch_assoc($erg)) {
$clas = $clas == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $clas;
$tpl->set_ar_out($row, 1);
}
$tpl->out(2);
$design->footer();
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
defined('admin') or die('only admin access');
if ($menu->get(1) == "phpinfo") {
phpinfo();
} else {
$design = new design('Ilch Admin-Control-Panel :: Serverkonfiguration', '', 2);
$design->header();
$tpl = new tpl('checkconf', 1);
$tpl->out(0);
// # Server conf
$tpl->set_out('head', $lang['phpserverconf'], 1);
$tpl->set_ar_out(array('class' => 'Cmite', 'opt' => 'version', 'val' => phpversion()), 3);
$confstrings = array("safe_mode", "display_errors", "max_execution_time", "memory_limit", "register_globals", "file_uploads", "upload_max_filesize", "post_max_size", "disable_functions");
$class = 'Cmite';
foreach ($confstrings as $str) {
if ($class == 'Cmite') {
$class = 'Cnorm';
} else {
$class = 'Cmite';
}
$tpl->set("class", $class);
$tpl->set("opt", $str);
$tpl->set("val", ini_get($str));
$tpl->out(3);
}
// sockets
if ($class == 'Cmite') {
db_query("UPDATE prefix_history SET date = '" . $date . "',title = '" . $title . "',txt = '" . $txt . "' WHERE id = '" . $IdToEdit . "'");
}
} else {
echo 'Datum stimmt nicht, bitte im Format DD.MM.YYYY eingeben also z.B. 29.12.2005<br />';
}
}
if (!isset($IdToDelete)) {
if ($menu->getA(1) == 'e' and is_numeric($menu->getE(1)) and empty($IdToEdit)) {
$IdToEdit = escape($menu->getE(1), 'integer');
$erg = db_query("SELECT id,DATE_FORMAT(date,'%d.%m.%Y') as date,title,txt FROM prefix_history WHERE id = '" . $IdToEdit . "'");
$_ilch = db_fetch_assoc($erg);
$_ilch['pkey'] = $IdToEdit;
} else {
$_ilch = array('pkey' => '', 'date' => date('d.m.Y'), 'title' => '', 'txt' => '');
}
$tpl->set_ar_out($_ilch, 0);
$limit = 20;
$page = $menu->getA(1) == 'p' ? escape($menu->getE(1), 'integer') : 1;
$MPL = db_make_sites($page, 'ORDER BY `date` DESC', $limit, '?history', 'history');
$anfang = ($page - 1) * $limit;
$abf = "SELECT `id`,`date`,`title` FROM prefix_history ORDER BY `date` DESC LIMIT " . $anfang . "," . $limit;
$erg = db_query($abf);
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
list($y, $m, $d) = explode('-', $row['date']);
$row['date'] = $d . '.' . $m . '.' . $y;
$tpl->set_ar_out($row, 1);
}
$tpl->set_out('MPL', $MPL, 2);
}
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Awards';
$hmenu = 'Awards';
$design = new design($title, $hmenu);
$design->header();
$tpl = new tpl('awards.htm');
$tpl->out(0);
$class = 'Cnorm';
$erg = db_query("SELECT `platz`, `text`, `wofur`, `team`, `bild`, DATE_FORMAT(time, '%d.%m.%Y') as `time` FROM `prefix_awards` ORDER BY `time` DESC");
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
if ($row['bild'] != '' and trim($row['bild']) != 'http://') {
$row['bildutime'] = '<span style="float: left; margin-right: 10px;"><img src="' . $row['bild'] . '" alt="' . $row['wofur'] . '" title="' . $row['wofur'] . '"/><br /><font class="smalfont">' . $row['time'] . '</font></span><br />';
} else {
$row['bildutime'] = $lang['date'] . ': ' . $row['time'] . '<br />';
}
$row['class'] = $class;
$tpl->set_ar_out($row, "tabelle");
}
$tpl->out("ende");
$design->footer();
$design->footer(1);
}
}
#anzeigen
$design->header();
$tpl = new tpl('selfbp', 1);
$akl = '';
if (isset($_REQUEST['akl'])) {
$akl = $_REQUEST['akl'];
}
#löschen
if (isset($_REQUEST['del'])) {
$del = $_REQUEST['del'];
$a = substr($del, 0, 1);
$e = substr($del, 1);
if ($e != 'neu') {
unlink('include/contents/selfbp/self' . $a . '/' . $e);
}
}
$text = get_text($akl);
$properties = get_properties($text);
if (!isset($properties['wysiwyg'])) {
$properties['wysiwyg'] = 1;
}
$text = edit_text($text, false);
#$text = rteSafe($text);
$filename = get_filename($akl);
$akl = get_akl($akl);
$view = get_view($properties['view']);
$tpl->set_ar_out(array('akl' => $akl, 'text' => $text, 'filename' => $filename, 'exfilename' => $filename, 'wysiwyg' => $properties['wysiwyg'], 'title' => $properties['title'], 'hmenu' => $properties['hmenu'], 'view' => $view, 'viewoptions' => $properties['viewoptions'], 'wysiwyg_editor' => $properties['wysiwyg'] == 1 ? '<script type="text/javascript">buttonPath = "include/images/icons/editor/"; imageBrowse = "admin.php?selfbp-imagebrowser"; makeWhizzyWig("bbwy", "all");</script>' : ''), 0);
$design->footer();
}
}
// Class
$class = 'Cmite';
// Template laden
$tpl = new tpl('modules/loader', 1);
// Template-Header
$tpl->out(0);
// Module abfragen und Ausgeben
$erg = db_query("SELECT `id`, `pos`, `task`, `file`, `description` FROM `prefix_loader` ORDER BY `pos` ASC");
if (db_num_rows($erg) > 0) {
$tpl->out(3);
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$tpl->set_ar_out($row, 4);
}
}
// Tabellenuebergang
$tpl->out(1);
// Aendern oder Einfuegen
if ($aid == 'edit') {
$lid = $menu->get(3);
$erg = db_query('SELECT `task`, `file`, `description` FROM `prefix_loader` WHERE `id` = ' . $lid);
$row = db_fetch_assoc($erg);
$task = getTasks($row['task']);
$tpl->set_ar_out(array('aname' => 'Eintrag bearbeiten', 'task' => $task, 'file' => $row['file'], 'description' => $row['description'], 'ANTISPAM' => get_antispam('adminuser_action', 0, true)), 5);
} else {
$task = getTasks('');
$tpl->set_ar_out(array('aname' => 'Eintrag hinzufügen', 'task' => $task, 'file' => '', 'description' => '', 'ANTISPAM' => get_antispam('adminuser_action', 0, true)), 5);
}
$catname = '';
}
$title = $allgAr['title'] . ' :: Gallery ' . $cattitle;
$hmenu = '<a class="smalfont" href="?gallery">Gallery</a>' . $catname;
$design = new design($title, $hmenu);
$design->header();
$tpl = new tpl('gallery');
$erg = db_query("SELECT id,name,`besch` FROM prefix_gallery_cats WHERE recht >= {$_SESSION['authright']} AND cat = " . $cid . " ORDER BY pos");
if (db_num_rows($erg) > 0) {
$tpl->out(1);
$class = 'Cnorm';
while ($row = db_fetch_assoc($erg)) {
$row['gallery'] = count_files($row['id']);
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$tpl->set_ar_out($row, 2);
}
$tpl->out(3);
}
$limit = $img_per_site;
$page = $menu->getA(2) == 'p' ? escape($menu->getE(2), 'integer') : 1;
$MPL = db_make_sites($page, '', $limit, '?gallery-' . $cid, "gallery_imgs LEFT JOIN prefix_gallery_cats ON prefix_gallery_imgs.cat = prefix_gallery_cats.id WHERE prefix_gallery_imgs.cat = " . $cid . " AND (recht >= " . $_SESSION['authright'] . " OR recht IS NULL)");
$anfang = ($page - 1) * $limit;
$erg = db_query("SELECT prefix_gallery_imgs.id,prefix_gallery_imgs.cat,datei_name,endung,prefix_gallery_imgs.`besch`,klicks,vote_wertung,vote_klicks FROM prefix_gallery_imgs LEFT JOIN prefix_gallery_cats ON prefix_gallery_imgs.cat = prefix_gallery_cats.id WHERE prefix_gallery_imgs.cat = " . $cid . " AND (recht >= " . $_SESSION['authright'] . " OR recht IS NULL) ORDER BY id ASC LIMIT " . $anfang . "," . $limit);
if (db_num_rows($erg) > 0) {
$tpl->set('imgperline', $allgAr['gallery_imgs_per_line']);
$tpl->set('cname', $cname);
$tpl->set('breite', $allgAr['gallery_normal_width'] + 30);
$tpl->set('MPL', $MPL);
$tpl->out(4);
$class = 'Cnorm';
$Fsub = 'Ändern';
$Fbez = $row->bez;
$Fmin = $row->min;
if ($row->spez == 1) {
$Fjch = 'checked';
$Fnch = '';
} else {
$Fnch = 'checked';
$Fjch = '';
}
$Frid = $row->id;
$Fakt = 'change';
}
$tpl = new tpl('range', 1);
$ar = array('SUB' => $Fsub, 'BEZ' => $Fbez, 'MIN' => $Fmin, 'JCH' => $Fjch, 'NCH' => $Fnch, 'RID' => $Frid, 'AKT' => $Fakt);
$tpl->set_ar_out($ar, 3);
} else {
$_POST['bez'] = escape($_POST['bez'], 'string');
$_POST['min'] = escape($_POST['min'], 'integer');
$_POST['spez'] = escape($_POST['spez'], 'integer');
$_POST['rid'] = escape($_POST['rid'], 'integer');
if (empty($_POST['rid'])) {
if ($_POST['spez'] == 1) {
$_POST['min'] = '0';
}
db_query('INSERT INTO `prefix_ranks` (`bez`,`min`,`spez`) VALUES ( "' . $_POST['bez'] . '","' . $_POST['min'] . '","' . $_POST['spez'] . '" ) ');
wd('admin.php?range', 'Erfolgreich eingetragen', 1);
} else {
if ($_POST['spez'] == 1) {
$_POST['min'] = '0';
}
case 'gruppen':
$uid = $menu->get(2);
if (isset($_POST['usergroups'])) {
$erg = db_query("SELECT id FROM prefix_groups");
while ($row = db_fetch_assoc($erg)) {
$ck = db_count_query("SELECT COUNT(uid) FROM prefix_groupusers WHERE uid = " . $uid . " AND gid = " . $row['id']);
if ($ck == 0 and isset($_POST['grprhave'][$row['id']][$uid])) {
db_query("INSERT INTO prefix_groupusers (uid,gid,fid) VALUES ( " . $uid . ", " . $row['id'] . ", 3 )");
} elseif ($ck == 1 and !isset($_POST['grprhave'][$row['id']][$uid])) {
db_query("DELETE FROM prefix_groupusers WHERE uid = " . $uid . " AND gid = " . $row['id']);
}
}
}
$user_name = db_result(db_query("SELECT name FROM prefix_user WHERE id = " . $uid), 0);
$tpl = new tpl('user/gruppen', 1);
$tpl->set_ar_out(array('username' => $user_name, 'userid' => $uid), 0);
$class = 'Cnorm';
$erg = db_query("SELECT name,id FROM prefix_groups");
while ($row = db_fetch_assoc($erg)) {
$ck = db_count_query("SELECT COUNT(uid) FROM prefix_groupusers WHERE uid = " . $uid . " AND gid = " . $row['id']);
$row['ck'] = $ck == 0 ? '' : 'checked';
$class = $class == 'Cnorm' ? 'Cmite' : 'Cnorm';
$row['class'] = $class;
$tpl->set_ar_out($row, 1);
}
$tpl->out(2);
break;
// details eines users anzeigen
// details eines users anzeigen
case 1:
$design = new design('Admins Area', 'Admins Area', 2);
$kategorie = news_find_kat($row->news_kat);
$textToShow = bbcode($row->news_text);
$textToShow = str_replace('[PREVIEWENDE]', '', $textToShow);
if (!empty($such)) {
$textToShow = markword($textToShow, $such);
}
$tpl = new tpl('news.htm');
if (loggedin()) {
$uname = $_SESSION['authname'];
$readonly = 'readonly';
} else {
$uname = '';
$readonly = '';
}
$ar = array('TEXT' => $textToShow, 'KATE' => $kategorie, 'NID' => $nid, 'uname' => $uname, 'readonly' => $readonly, 'ANTISPAM' => get_antispam('newskom', 0), 'NAME' => $row->news_title);
$tpl->set_ar_out($ar, 2);
if ($komsOK) {
$tpl->set_ar_out(array('NAME' => $row->news_title, 'NID' => $nid), "koms_on");
$erg1 = db_query("SELECT `text`, `name`, `userid`, `id`, `time` FROM `prefix_koms` WHERE `uid` = " . $nid . " AND `cat` = 'NEWS' ORDER BY `id` DESC");
$anz = db_num_rows($erg1);
if ($anz == 0) {
echo $lang['nocomments'];
} else {
while ($row1 = db_fetch_assoc($erg1)) {
$row1['text'] = bbcode(trim($row1['text']));
if (has_right(-7, 'news')) {
$del = ' <a href="?news-' . $nid . '-d' . $row1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>';
}
$tpl->set_ar_out(array('TEXT' => $row1['text'], 'AVATAR' => get_avatar($row1['userid']), 'NAME' => $row1['name'], 'TIME' => post_date($row1['time'], 1) . $del, 'ZAHL' => $anz), "koms_self");
$anz--;
}
}
if ($show) {
$tpl = new tpl('forum/forum', 1);
$firstcat = @db_result(db_query("SELECT id FROM `prefix_forumcats` ORDER BY pos LIMIT 1"), 0);
if (isset($showcid)) {
$id = $showcid;
} else {
$id = $menu->getA(1) == 'S' ? $menu->getE(1) : (is_numeric($firstcat) ? $firstcat : 0);
}
$tpl->set_out('cid', $id, 0);
$class = '';
$erg = db_query("SELECT id, cid, name as cname, pos as cpos FROM prefix_forumcats WHERE id = {$id} ORDER BY pos");
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$tpl->set_ar_out($row, 1);
$erg1 = db_query("SELECT\r\n prefix_forums.id as fid,\r\n prefix_forums.name as fname,\r\n prefix_forums.pos as fpos,\r\n case when view <= 0 then vg.name else vt.name end as view,\r\n case when reply <= 0 then rg.name else rt.name end as reply,\r\n case when start <= 0 then sg.name else st.name end as start\r\n FROM prefix_forums\r\n LEFT JOIN prefix_grundrechte as vg ON prefix_forums.view = vg.id\r\n LEFT JOIN prefix_grundrechte as rg ON rg.id = prefix_forums.reply\r\n LEFT JOIN prefix_grundrechte as sg ON sg.id = prefix_forums.start\r\n\r\n\t\t\tLEFT JOIN prefix_groups as vt ON prefix_forums.view = vt.id\r\n LEFT JOIN prefix_groups as rt ON rt.id = prefix_forums.reply\r\n LEFT JOIN prefix_groups as st ON st.id = prefix_forums.start\r\n WHERE prefix_forums.cid = " . $row['id'] . " ORDER BY prefix_forums.pos");
while ($row1 = db_fetch_assoc($erg1)) {
$row1['class'] = $row['class'];
$row1['cid'] = $id;
$tpl->set_ar_out($row1, 2);
}
}
$tpl->out(3);
forum_admin_showcats(0, '');
$topcid = is_numeric($r->topcid) ? $r->topcid : 0;
$Cout = array();
$Cout['cid'] = $cid;
$Cout['ak'] = $um == 'changeCategorie' ? 'change' : 'new';
$Cout['sub'] = $um == 'changeCategorie' ? 'ändern' : 'erstellen';
$Cout['name'] = $um == 'changeCategorie' ? $r->name : '';
}
}
$tpl->out(1);
$class = '';
$statusar = array(2 => $lang['reported'], 1 => $lang['rejected'], 3 => $lang['allowed']);
$erg = db_query("SELECT `pruef`, DATE_FORMAT(von,'%d.%m.%Y') as `von`, DATE_FORMAT(bis,'%d.%m.%Y') as `bis`, `betreff`, `prefix_user`.`name`, `uid`, `prefix_awaycal`.`id` FROM `prefix_awaycal` LEFT JOIN `prefix_user` ON `prefix_user`.`id` = `prefix_awaycal`.`uid` ORDER BY `id` DESC");
while ($r = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$r['class'] = $class;
$r['status'] = $statusar[$r['pruef']];
if ($r['uid'] == $_SESSION['authid'] or is_siteadmin('awaycal')) {
$r['betreff'] .= '<br /><span style="float: right;"><a href="index.php?awaycal-d' . $r['id'] . '"><img src="include/images/icons/del.gif" alt="' . $lang['delete'] . '" title="' . $lang['delete'] . '" border="0" /></a> - <a href="index.php?awaycal-e' . $r['id'] . '"><img src="include/images/icons/edit.gif" alt="' . $lang['change'] . '" title="' . $lang['change'] . '" border="0" /></a>';
if (is_siteadmin('awaycal')) {
$r['betreff'] .= ' - <a href="index.php?awaycal-c' . $r['id'] . '-1"><img src="include/images/icons/nop.gif" alt="' . $lang['reject'] . '" title="' . $lang['reject'] . '" border="0" /></a> - <a href="index.php?awaycal-c' . $r['id'] . '-3"><img src="include/images/icons/jep.gif" alt="' . $lang['allow'] . '" title="' . $lang['allow'] . '" border="0" /></a>';
}
$r['betreff'] .= '</span>';
}
$tpl->set_ar_out($r, 2);
}
$tpl->out(3);
$e = false;
if ($menu->getA(1) == 'e' and is_numeric($menu->getE(1))) {
$id = escape($menu->getE(1), 'intger');
$ar = db_fetch_assoc(db_query("SELECT `uid`, `id`, `von`, `bis`, `betreff` FROM `prefix_awaycal` WHERE `id` = " . $id));
$e |= (is_siteadmin('awaycal') or $ar['uid'] == $_SESSION['authid']);
}
if ($e == false) {
$ar = array('id' => '', 'von' => date('d.m.Y'), 'bis' => date('d.m.Y'), 'betreff' => '');
}
$tpl->set_ar_out($ar, 0);
$design->footer();
# kommentar add
# kommentar loeschen
if ($menu->getA(2) == 'd' and is_numeric($menu->getE(2)) and has_right(-7, 'news')) {
$kommentar_id = escape($menu->getE(2), 'integer');
db_query("DELETE FROM prefix_koms WHERE uid = " . $nid . " AND cat = 'NEWS' AND id = " . $kommentar_id);
}
# kommentar loeschen
$kategorie = news_find_kat($row->news_kat);
$textToShow = bbcode($row->news_text);
$textToShow = str_replace('[PREVIEWENDE]', '', $textToShow);
if (!empty($such)) {
$textToShow = markword($textToShow, $such);
}
$tpl = new tpl('news.htm');
$ar = array('TEXT' => $textToShow, 'KATE' => $kategorie, 'NID' => $nid, 'uname' => $_SESSION['authname'], 'ANTISPAM' => loggedin() ? '' : get_antispam('newskom', 0), 'NAME' => $row->news_title);
$tpl->set_ar_out($ar, 2);
if ($komsOK) {
$tpl->set_ar_out(array('NAME' => $row->news_title, 'NID' => $nid), 3);
}
$erg1 = db_query("SELECT text, name, id FROM `prefix_koms` WHERE uid = " . $nid . " AND cat = 'NEWS' ORDER BY id DESC");
$ergAnz1 = db_num_rows($erg1);
if ($ergAnz1 == 0) {
echo '<b>' . $lang['nocomments'] . '</b>';
} else {
$zahl = $ergAnz1;
while ($row1 = db_fetch_assoc($erg1)) {
$row1['text'] = bbcode(trim($row1['text']));
if (has_right(-7, 'news')) {
$row1['text'] .= '<a href="?news-' . $nid . '-d' . $row1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>';
}
$tpl->set_ar_out(array('NAME' => $row1['name'], 'TEXT' => $row1['text'], 'ZAHL' => $zahl), 4);
$mail = escape($_POST['mail'], 'string');
$page = escape($_POST['page'], 'string');
$text = escape($_POST['text'], 'string');
if (empty($_POST['gid'])) {
db_query("INSERT INTO prefix_gbook (name, mail, page, txt, time) VALUES ('" . $name . "','" . $mail . "','" . $page . "','" . $text . "', '" . time() . "')");
} else {
$gid = escape($_POST['gid'], 'integer');
db_query("UPDATE prefix_gbook SET name = '" . $name . "', mail = '" . $mail . "', page = '" . $page . "', txt = '" . $text . "' WHERE id = " . $gid);
}
}
$r = array('name' => '', 'mail' => '', 'page' => '', 'text' => '', 'id' => '');
if (isset($_GET['edit'])) {
$id = escape($_GET['edit'], 'integer');
$r = db_fetch_assoc(db_query("SELECT id, name, mail, page, txt as text FROM prefix_gbook WHERE id = " . $id));
}
$tpl = new tpl('gbook', 1);
$tpl->set_ar_out($r, 0);
$class = '';
$erg = db_query('SELECT name, mail, txt, id FROM `prefix_gbook` ORDER BY time DESC');
while ($r = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$text = substr(preg_replace("/\r\n|\r|\n/", " ", htmlentities(strip_tags(stripslashes($r['txt'])), ILCH_ENTITIES_FLAGS, ILCH_CHARSET)), 0, 75);
echo '<tr class="' . $class . '">';
echo '<td><a href="admin.php?gbook=0&edit=' . $r['id'] . '"><img src="include/images/icons/edit.gif" /></a></td>';
echo '<td><a href="javascript:delcheck(' . $r['id'] . ')"><img src="include/images/icons/del.gif"></a></td>';
echo '<td><b><a href="mailto:' . $r['mail'] . '">' . $r['name'] . '</a></b> <span class="smalfont">';
echo $text . '</span></td>';
echo '</tr>';
}
$tpl->out(1);
$design->footer();
<?php
defined('main') or die('no direct access');
defined('admin') or die('only admin access');
$design = new design('Admins Area', 'Admins Area', 2);
$design->header();
$tpl = new tpl('trains', 1);
if (!empty($_POST['send'])) {
$mon = str_replace('#', '', escape($_POST['mon'], 'textarea'));
$die = str_replace('#', '', escape($_POST['die'], 'textarea'));
$mit = str_replace('#', '', escape($_POST['mit'], 'textarea'));
$don = str_replace('#', '', escape($_POST['don'], 'textarea'));
$fre = str_replace('#', '', escape($_POST['fre'], 'textarea'));
$sam = str_replace('#', '', escape($_POST['sam'], 'textarea'));
$son = str_replace('#', '', escape($_POST['son'], 'textarea'));
$new = $mon . '#' . $die . '#' . $mit . '#' . $don . '#' . $fre . '#' . $sam . '#' . $son;
db_query("UPDATE `prefix_allg` SET t1 = '" . $new . "' WHERE k = 'trainzeiten'");
wd('?trains', 'Daten erfolgreich geändert', 2);
} else {
$row = db_fetch_object(db_query("SELECT t1 FROM `prefix_allg` WHERE k = 'trainzeiten'"));
$dbe = explode('#', $row->t1);
$ar = array('MON' => $dbe[0], 'DIE' => $dbe[1], 'MIT' => $dbe[2], 'DON' => $dbe[3], 'FRE' => $dbe[4], 'SAM' => $dbe[5], 'SON' => $dbe[6]);
$tpl->set_ar_out($ar, 0);
}
$design->footer();
if ($_SESSION['authright'] <= $drecht) {
$row['downlink'] = '<a href="index.php?downloads-down-' . $row['id'] . '">' . $lang['download'] . '</a>';
} else {
$row['downlink'] = '<a href="index.php?downloads-error">' . $lang['download'] . '</a>';
}
$row['ssurl'] = $row['ssurl'] != '' ? '<img src="' . $row['ssurl'] . '" alt="' . $row['name'] . ' ' . $row['version'] . '" title="' . $row['name'] . ' ' . $row['version'] . '" style="float:left; border: none; padding-right:5px;" />' : '';
$row['surl'] = empty($row['surl']) ? '' : ' <a href="' . $row['surl'] . '" target="_blank">Demo/Screenshot</a>';
$row['size'] = get_download_size($row['url']);
$row['descl'] = bbcode($row['descl']);
$row['version_kl'] = empty($row['version']) ? '' : '(' . $row['version'] . ')';
$title = $allgAr['title'] . ' :: Downloads ' . $cattitle;
$hmenu = '<a class="smalfont" href="?downloads">Downloads</a>' . $catname;
$design = new design($title, $hmenu);
$header = array('jquery/jquery.validate.js', 'forms/downloads.js');
$design->header($header);
$tpl->set_ar_out($row, 0);
// Kommentare
if ($komsOK) {
$id = escape($menu->get(2), 'integer');
if (chk_antispam('downloads') and isset($_POST['name']) and isset($_POST['text'])) {
if (loggedin()) {
$name = $_SESSION['authname'];
$userid = $_SESSION['authid'];
} else {
$name = escape($_POST['name'], 'string') . ' (Gast)';
$userid = 0;
}
$text = escape($_POST['text'], 'string');
db_query("INSERT INTO `prefix_koms` (`name`,`userid`,`text`,`time`,`uid`,`cat`) VALUES ('" . $name . "', " . $userid . ", '" . $text . "','" . time() . "', " . $id . ", 'DOWNLOAD')");
}
if ($menu->getA(3) == 'd' and is_numeric($menu->getE(3)) and has_right(-7, 'downloads')) {
if ($nps < $anz and $nps >= 0) {
db_query("UPDATE `prefix_modules` SET `pos` = " . $pos . " WHERE `pos` = " . $nps . " AND `menu` = '" . $cat . "'");
db_query("UPDATE `prefix_modules` SET `pos` = " . $nps . " WHERE `id` = " . $id);
}
}
// Template laden
$tpl = new tpl('modules/adminmenu', 1);
// Template-Header
$tpl->out(0);
// Module abfragen und Ausgeben
$erg = db_query("SELECT * FROM `prefix_modules` WHERE `menu` != '' ORDER BY `menu`, `pos` ASC");
$katname = '';
while ($row = db_fetch_assoc($erg)) {
if ($katname != $row['menu']) {
$class = 'Cmite';
$tpl->set_ar_out(array('kat' => $row['menu'], 'url' => $row['url']), 3);
$katname = $row['menu'];
}
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$tpl->set_ar_out(array('class' => $class, 'id' => $row['id'], 'name' => $row['name'], 'url' => $row['url'], 'pos' => $row['pos']), 4);
}
// Tabellenuebergang
$tpl->out(1);
// Aendern oder Einfuegen
if ($aid == 'edit') {
$mid = $menu->get(3);
$erg = db_query('SELECT `pos`, `menu` FROM `prefix_modules` WHERE `id` = ' . $mid);
$row = db_fetch_assoc($erg);
$kat = getKats($row['menu']);
$modul = dblistee($mid, 'SELECT `id`, `name` FROM `prefix_modules` WHERE (`menu` = "" AND (`gshow` = 1 OR `ashow` = 1)) OR `id` = ' . $mid . ' ORDER BY `name` ASC');
$tpl->set_ar_out(array('aname' => 'Eintrag bearbeiten', 'modul' => $modul, 'kat' => $kat, 'pos' => $row['pos'], 'ANTISPAM' => get_antispam('adminuser_action', 0, true)), 5);
if (loggedin()) {
if (user_has_admin_right($menu, false)) {
$tpl->set('ADMIN', '<a class="box" href="admin.php?admin">' . $lang['adminarea'] . '</a>');
} else {
$tpl->set('ADMIN', '');
}
if ($allgAr['Fpmf'] == 1) {
$erg = db_query("SELECT COUNT(id) FROM `prefix_pm` WHERE gelesen = 0 AND status < 1 AND eid = " . $_SESSION['authid']);
$check_pm = db_result($erg, 0);
$nachrichten_link = '<a class="box" href="index.php?forum-privmsg">' . $lang['messages'] . '</a> (' . $check_pm . ')<br>';
} else {
$nachrichten_link = '';
}
$tpl->set('SID', session_id());
$tpl->set('NACHRICHTEN', $nachrichten_link);
$tpl->set('NAME', $_SESSION['authname']);
$tpl->out(0);
} else {
if (empty($_POST['login_name'])) {
$_POST['login_name'] = 'Nickname';
}
if (empty($_POST['login_pw'])) {
$_POST['login_pw'] = 'הההההההה';
}
$regist = '';
if ($allgAr['forum_regist'] == 1) {
$regist = ' <a href="index.php?user-regist">Regist</a>';
}
$tpl->set_ar_out(array('regist' => $regist, 'wdlink' => '?' . $allgAr['smodul'], 'PASS' => $_POST['login_pw'], 'NAME' => $_POST['login_name']), 1);
}
unset($tpl);
$abfF = 'SELECT u.*, f.* FROM prefix_friendscheck f LEFT JOIN prefix_user u ON u.id = f.uid WHERE f.fid = ' . $uid . ' ORDER BY f.id ASC';
$ergF = db_query($abfF);
$abfBlock = 'SELECT u.*, f.* FROM prefix_userblock f LEFT JOIN prefix_user u ON u.id = f.bid WHERE f.uid = ' . $uid . ' ORDER BY f.id ASC';
$ergBlock = db_query($abfBlock);
$tpl->out(0);
if ($FAnzahl > 0) {
while ($rowF = db_fetch_assoc($ergF)) {
$rowF['FNAME'] = '<a href="?user-details-' . $rowF['uid'] . '">' . $rowF['name'] . '</a>';
if (file_exists($rowF['avatar'])) {
$rowF['AVATAR'] = '<img src="' . $rowF['avatar'] . '" width="80" height="80" border="0">';
} else {
$rowF['AVATAR'] = '<img src="include/images/userprofil/avatar/nouser.png" width="75" height="75" border="0">';
}
$rowF['OTHER'] = '<br /><br /><div class="friendButton friendAccept" onclick="location.href = \'?user-fcheck-accept-' . $rowF['uid'] . '\';">Annehmen</div>';
$rowF['OTHER'] .= '<div class="friendButton friendRefuse" onclick="location.href = \'?user-fcheck-refuse-' . $rowF['uid'] . '\';">Ablehnen</div>';
$tpl->set_ar_out($rowF, 1);
}
} else {
echo '<br /><div id="contenText" align="center">Keine Freundschaftsanfragen vorhanden.</div>';
}
$tpl->out(2);
} else {
wd('index.php', 'Es ist ein Fehler aufgetreten.');
}
$design->footer();
break;
case 'add':
$title = $allgAr['title'] . ' :: Users :: Freund hinzufügen';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">Users</a><b> » </b> Freund hinzufügen';
$design = new design($title, $hmenu, 1);
$design->header();
$mail = '';
$subject = '';
$wer = '';
$text = '';
} else {
echo $lang['emailcouldnotsend'];
}
}
$tpl = new tpl('contact.htm');
$tpl->out(0);
$i = 1;
foreach ($k as $a) {
$e = explode('|', $a);
if ($e[0] == '' or $e[1] == '') {
continue;
}
if ($i == 1) {
$c = 'checked';
} else {
$c = '';
}
$tpl->set_ar_out(array('KEY' => md5($e[0]), 'VAL' => $e[1], 'c' => $c), 1);
$i++;
}
$tpl->set('name', $name);
$tpl->set('mail', $mail);
$tpl->set('subject', $subject);
$tpl->set('text', $text);
$tpl->set('ANTISPAM', get_antispam('contact', 100));
$tpl->out(2);
$design->footer();
$menu->set_url(1, '');
} else {
db_query("INSERT INTO `prefix_awards` (time, platz, team, wofur, bild, text) VALUES\r\n ('" . $datum . "', '" . $platz . "', '" . $team . "', '" . $wofur . "', '" . $bild . "', '" . $text . "')");
}
}
#Ändern/Ausgabearray füllen
if ($menu->getA(1) == 'e' and is_numeric($menu->getE(1))) {
$r = db_fetch_assoc(db_query("SELECT * FROM `prefix_awards` WHERE id = " . $menu->getE(1)));
$r['id'] = '-e' . $r['id'];
$t = explode('-', $r['time']);
$r['datum'] = $t[2] . '.' . $t[1] . '.' . $t[0];
} else {
$r = array('id' => '', 'datum' => date('d.m.Y'), 'platz' => '', 'wofur' => '', 'bild' => '', 'text' => '', 'teams' => getTeams());
}
#Ausgabe
$tpl = new tpl('awards', 1);
$tpl->set_ar_out($r, 0);
if (empty($r['team'])) {
$tpl->set_ar_out($r, 1);
} else {
$tpl->set_ar_out($r, 2);
}
$tpl->set_ar_out($r, 3);
$erg = db_query('SELECT * FROM `prefix_awards` ORDER BY time DESC');
while ($row = db_fetch_assoc($erg)) {
$t = explode('-', $row['time']);
$row['datum'] = $t[2] . '.' . $t[1] . '.' . $t[0];
$tpl->set_ar_out($row, 4);
}
$tpl->out(5);
$design->footer();
// Topic Hits werden eins hochgesetzt.
db_query('UPDATE `prefix_topics` SET `hit` = `hit` + 1 WHERE `id` = "' . $tid . '"');
// mehrere seiten fals gefordert
$limit = $allgAr['Fpanz'];
// Limit
$page = $menu->getA(3) == 'p' ? $menu->getE(3) : 1;
$MPL = db_make_sites($page, "WHERE tid = " . $tid, $limit, 'index.php?forum-showposts-' . $tid, 'posts');
$anfang = ($page - 1) * $limit;
$antworten = '';
if ($aktTopicRow['stat'] == 1 and $forum_rights['reply'] == true or ($_SESSION['authright'] <= '-7' or $forum_rights['mods'] == true)) {
$antworten = '<b>[ <a href="index.php?forum-newpost-' . $tid . '">' . $lang['answer'] . '</a> ]</b>';
}
$class = 'Cmite';
$tpl = new tpl('forum/showpost');
$ar = array('SITELINK' => $MPL, 'tid' => $tid, 'ANTWORTEN' => $antworten, 'TOPICNAME' => $aktTopicRow['name']);
$tpl->set_ar_out($ar, 0);
$i = $anfang + 1;
$ges_ar = array('wurstegal', 'maennlich', 'weiblich');
$erg = db_query("SELECT `geschlecht`, `prefix_posts`.`id`,`txt`,`time`,`erstid`,`erst`,`sig`,`avatar`,`posts`,`prefix_user`.`sperre` FROM `prefix_posts` LEFT JOIN `prefix_user` ON `prefix_posts`.`erstid` = `prefix_user`.`id` WHERE `tid` = " . $tid . " ORDER BY `time` LIMIT " . $anfang . "," . $limit);
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cnorm' ? 'Cmite' : 'Cnorm';
// define some vars.
$row['sig'] = empty($row['sig']) ? '' : '<br /><hr style="width: 50%;" align="left">' . bbcode($row['sig']);
$row['TID'] = $tid;
$row['class'] = $class;
//$row[ 'date' ] = date('d.m.Y - H:i:s', $row[ 'time' ]);
$row['date'] = post_date($row['time'], 1);
$row['delete'] = '';
$row['change'] = '';
if ($row['sperre'] == 1) {
$row['sperre'] = '<br /><strong>gesperrt</strong>';
