/**
* Die Adminnavigation aus der angegeben XML-Datei auslesen
*
* @param $file die zu lesende XML-Datei
*/
function get_ini_menu($file)
{
$menus = simplexml_load_file($file);
$umenu = '';
$tpl = new tpl('adminsubmenu', 1);
if ($menus->attributes()->hide == 'true') {
$tpl->out(4);
return $umenu;
}
foreach ($menus->list as $liste) {
$tpl->set_out('headline', $liste->attributes()->title, 0);
$tpl->out(1);
foreach ($liste->modul as $mod) {
// wenn der nutzer die nötigen rechte hat
if ($mod->right >= $_SESSION['authright'] or !isset($mod->right)) {
$tpl->set_ar_out(array('url' => $mod->url, 'title' => utf8_decode($mod->title)), 2);
}
}
$tpl->out(3);
}
return $umenu;
}
}
if (empty($row['wohnort'])) {
$wohnort = '';
} else {
$wohnort = '<img src="include/images/userprofil/icons/icon_home.png"> aus ' . $row['wohnort'] . '<br />';
}
$geschlecht = array('0' => 'Unbekannt', '1' => 'Männlich', '2' => 'Weiblich');
$geschlecht = '<img src="include/images/userprofil/icons/icon_user.png"> ' . $geschlecht[$row['geschlecht']];
$UGAnzahl = db_count_query('SELECT count(uid) FROM prefix_usergallery WHERE uid = ' . $uid);
$FAnzahl = db_count_query('SELECT count(uid) FROM prefix_friends WHERE uid = ' . $uid);
$GBAnzahl = db_count_query('SELECT count(uid) FROM prefix_usergbook WHERE uid = ' . $uid);
$tpl = new tpl('uprofil/leftbox.htm');
$ar = array('UID' => $row['id'], 'GEBURTSTAG' => $gebdatum, 'WOHNORT' => $wohnort, 'GESCHLECHT' => $geschlecht, 'UGBILDER' => $UGAnzahl, 'JOINED' => '<img src="include/images/userprofil/icons/icon_calendar.png"> ' . date('d. M Y', $row['regist']) . '<br />', 'SITELINK' => $MPL);
$tpl->set_ar_out($ar, 0);
if ($UGAnzahl > 0) {
$tpl->set_out('UGBILDER', ' (' . $UGAnzahl . ')', 1);
while ($rowUG = db_fetch_assoc($ergUG)) {
if (empty($rowUG['txt'])) {
$rowUG['txt'] = $rowUG['name'];
} else {
$rowUG['txt'] = $rowUG['txt'];
}
$rowUG['BILDER'] = '<div class="boxUserFotos"><a href="include/images/usergallery/img_' . $rowUG['id'] . '.' . $rowUG['endung'] . '" target="_blank"><img src="include/images/usergallery/img_thumb_' . $rowUG['id'] . '.' . $rowUG['endung'] . '" title="' . $rowUG['txt'] . '" width="80px" height="80px"></a></div>';
$tpl->set_ar_out($rowUG, 2);
}
$tpl->out(3);
}
if ($FAnzahl > 0) {
$tpl->set_out('ZFRIENDS', ' (' . $FAnzahl . ')', 4);
while ($rowF = db_fetch_assoc($ergF)) {
if (file_exists($rowF['avatar'])) {
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
defined('admin') or die('only admin access');
if ($menu->get(1) == "phpinfo") {
phpinfo();
} else {
$design = new design('Ilch Admin-Control-Panel :: Serverkonfiguration', '', 2);
$design->header();
$tpl = new tpl('checkconf', 1);
$tpl->out(0);
// # Server conf
$tpl->set_out('head', $lang['phpserverconf'], 1);
$tpl->set_ar_out(array('class' => 'Cmite', 'opt' => 'version', 'val' => phpversion()), 3);
$confstrings = array("safe_mode", "display_errors", "max_execution_time", "memory_limit", "register_globals", "file_uploads", "upload_max_filesize", "post_max_size", "disable_functions");
$class = 'Cmite';
foreach ($confstrings as $str) {
if ($class == 'Cmite') {
$class = 'Cnorm';
} else {
$class = 'Cmite';
}
$tpl->set("class", $class);
$tpl->set("opt", $str);
$tpl->set("val", ini_get($str));
$tpl->out(3);
}
// sockets
} else {
$tpl->out(0);
}
unset($tpl);
$show = false;
break;
}
if ($show) {
$tpl = new tpl('forum/forum', 1);
$firstcat = @db_result(db_query("SELECT id FROM `prefix_forumcats` ORDER BY pos LIMIT 1"), 0);
if (isset($showcid)) {
$id = $showcid;
} else {
$id = $menu->getA(1) == 'S' ? $menu->getE(1) : (is_numeric($firstcat) ? $firstcat : 0);
}
$tpl->set_out('cid', $id, 0);
$class = '';
$erg = db_query("SELECT id, cid, name as cname, pos as cpos FROM prefix_forumcats WHERE id = {$id} ORDER BY pos");
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$tpl->set_ar_out($row, 1);
$erg1 = db_query("SELECT\r\n prefix_forums.id as fid,\r\n prefix_forums.name as fname,\r\n prefix_forums.pos as fpos,\r\n case when view <= 0 then vg.name else vt.name end as view,\r\n case when reply <= 0 then rg.name else rt.name end as reply,\r\n case when start <= 0 then sg.name else st.name end as start\r\n FROM prefix_forums\r\n LEFT JOIN prefix_grundrechte as vg ON prefix_forums.view = vg.id\r\n LEFT JOIN prefix_grundrechte as rg ON rg.id = prefix_forums.reply\r\n LEFT JOIN prefix_grundrechte as sg ON sg.id = prefix_forums.start\r\n\r\n\t\t\tLEFT JOIN prefix_groups as vt ON prefix_forums.view = vt.id\r\n LEFT JOIN prefix_groups as rt ON rt.id = prefix_forums.reply\r\n LEFT JOIN prefix_groups as st ON st.id = prefix_forums.start\r\n WHERE prefix_forums.cid = " . $row['id'] . " ORDER BY prefix_forums.pos");
while ($row1 = db_fetch_assoc($erg1)) {
$row1['class'] = $row['class'];
$row1['cid'] = $id;
$tpl->set_ar_out($row1, 2);
}
}
$tpl->out(3);
forum_admin_showcats(0, '');
$tpl->set('readonly', loggedin() ? ' readonly' : '');
$tpl->set('FEHLER', '<div id="formfehler">' . $fehler . '</div>');
$tpl->out(0);
if ($allgAr['joinus_rules'] != 1) {
$tpl->out(1);
} else {
$rules = '<h2>' . $lang['rules'] . '</h2>';
$rerg = db_query('SELECT `zahl`,`titel`,`text` FROM `prefix_rules` ORDER BY `zahl`');
while ($rrow = db_fetch_row($rerg)) {
$rules .= '<table width="100%" border="0" cellpadding="5" cellspacing="1" class="border">';
$rules .= '<tr class="Cmite"><td><b>§' . $rrow[0] . '. ' . $rrow[1] . '</b></td></tr>';
$rules .= '<tr class="Cnorm"><td>' . bbcode($rrow[2]) . '</td></tr>';
$rules .= '</table><br />';
}
$rules .= '<input type="checkbox" name="rules" value="' . $lang['yes'] . '" />' . str_replace(array('<a target="_blank" href="index.php?rules">', '</a>'), '', $lang['rulzreaded']) . '<br />';
$tpl->set_out('RULES', $rules, 2);
}
$tpl->set('ANTISPAM', get_antispam('joinus', 100));
$tpl->out(3);
} else {
// eintragen
$name = $xname;
$userreg = $lang['no'];
if (!loggedin() and $allgAr['forum_regist'] != 0) {
$x = user_regist($name, $mail, genkey(8));
$userreg = $lang['yes'];
}
db_query("INSERT INTO `prefix_usercheck` (`check`,`name`,`datime`,`ak`,`groupid`) VALUES ('" . genkey(8) . "','" . $name . "',NOW(),4," . $squad . ")");
$squad = escape($squad, 'integer');
$abf = "SELECT `mod1`, `mod2`, `mod4`, `name` FROM `prefix_groups` WHERE `id` = " . $squad;
$erg = db_query($abf);
$page = $menu->getA(3) == 'p' ? $menu->getE(3) : 1;
$filtername = escape($menu->get(2), 'string');
} else {
$page = $menu->getA(1) == 'p' ? $menu->getE(1) : 1;
}
$anfang = ($page - 1) * $limit;
$tpl = new tpl('user/memb_list.htm');
if (isset($_GET['filtername']) and !empty($_GET['filtername'])) {
$filtername = escape($_GET['filtername'], 'string');
}
if (!empty($filtername)) {
$sql_search = " WHERE prefix_user.name LIKE '%" . $filtername . "%'";
$MPL = db_make_sites($page, $sql_search, $limit, '?user-filtername-' . $filtername, 'user');
} else {
$sql_search = "";
$MPL = db_make_sites($page, "", $limit, '?user', 'user');
}
$tpl->set_out('SITELINK', $MPL, 0);
$class = '';
$erg = db_query("SELECT\r\n posts,\r\n prefix_user.id,\r\n prefix_grundrechte.name as recht_name,\r\n regist,\r\n prefix_user.name\r\nFROM prefix_user\r\n LEFT JOIN prefix_grundrechte ON prefix_user.recht = prefix_grundrechte.id\r\n {$sql_search}\r\nORDER by recht,prefix_user.posts DESC LIMIT " . $anfang . "," . $limit);
while ($row = db_fetch_object($erg)) {
if ($class == 'Cmite') {
$class = 'Cnorm';
} else {
$class = 'Cmite';
}
$ar = array('NAME' => $row->name, 'RANG' => userrang($row->posts, $row->id), 'CLASS' => $class, 'POSTS' => $row->posts, 'UID' => $row->id, 'DATE' => date('d.m.Y', $row->regist), 'GRUPE' => $row->recht_name);
$tpl->set_ar_out($ar, 1);
}
$tpl->set_out('filtername', $filtername ? $filtername : '', 2);
$design->footer();
$design = new design('Ilch Admin-Control-Panel :: Registrierungen', '', 2);
$design->header();
$tpl = new tpl('puser', 1);
// add pending user
if ($menu->get(1) == "confirm" and isset($_GET['check'])) {
$erg = db_query("SELECT * FROM `prefix_usercheck` WHERE `check` = '" . escape($_GET['check'], 'string') . "'");
if (db_num_rows($erg) == 1) {
$row = db_fetch_assoc($erg);
switch ($row['ak']) {
// confirm regist
case 1:
if (0 == db_count_query("SELECT COUNT(*) FROM `prefix_user` WHERE `name_clean` = BINARY '" . $row['name_clean'] . "'")) {
db_query("INSERT INTO `prefix_user` (`name`,`name_clean`,`pass`,`recht`,`regist`,`llogin`,`email`,`status`,`opt_mail`,`opt_pm`)\n \t\t\t VALUES('" . $row['name'] . "','" . $row['name_clean'] . "','" . $row['pass'] . "',-1,'" . time() . "','" . time() . "','" . $row['email'] . "',1,1,1)");
db_query("DELETE FROM `prefix_usercheck` WHERE `check` = '" . escape($_GET['check'], 'string') . "'");
} else {
$tpl->set_out('error', 'Username existiert bereits', 3);
}
break;
// confirm new pass
// confirm new pass
case 2:
db_query("UPDATE `prefix_user` SET `pass` = '" . $row['pass'] . "' WHERE `name_clean` = BINARY '" . $row['name_clean'] . "'");
db_query("DELETE FROM `prefix_usercheck` WHERE `check` = '" . escape($_GET['check'], 'string') . "'");
break;
// confirm new email
// confirm new email
case 3:
list($id, $check) = explode('||', $row['check']);
db_query("UPDATE `prefix_user` SET `email` = '" . $row['email'] . "' WHERE `id` = " . escape($id, 'integer'));
db_query("DELETE FROM `prefix_usercheck` WHERE `check` = '" . escape($_GET['check'], 'string') . "'");
break;
$astat = db_result(db_query("SELECT stat FROM prefix_topics WHERE id = " . $k), 0, 0);
$nstat = $astat == 1 ? 0 : 1;
db_query("UPDATE `prefix_topics` SET stat = '" . $nstat . "' WHERE id = " . $k);
}
wd('index.php?forum-showtopics-' . $fid, 'Status geändert', 2);
} elseif (!$csrfCheck || empty($_POST['del']) && empty($_POST['shift'])) {
$limit = $allgAr['Ftanz'];
// Limit
$page = $menu->getA(3) == 'p' ? $menu->getE(3) : 1;
$MPL = db_make_sites($page, "WHERE fid = '{$fid}'", $limit, '?forum-editforum-' . $fid, 'topics');
$anfang = ($page - 1) * $limit;
$q = "SELECT a.id, a.name, a.rep, a.erst, a.hit, a.art, a.stat, b.time, b.erst as last, b.id as pid\r\n FROM prefix_topics a\r\n \tLEFT JOIN prefix_posts b ON a.last_post_id = b.id\r\n \tWHERE a.fid = {$fid}\r\n \tORDER BY a.art DESC, b.time DESC\r\n \tLIMIT " . $anfang . "," . $limit;
$tpl = new tpl('forum/editforum.htm');
$tpl->set('id', $fid);
$tpl->set('antispam', get_antispam('forum_edit_forum', 0, true));
$tpl->set_out('MPL', $MPL, 0);
$erg = db_query($q);
while ($row = db_fetch_assoc($erg)) {
$row['date'] = date('d.m.y - H:i', $row['time']);
$tpl->set_ar_out($row, 1);
}
$tpl->out(2);
} elseif (isset($_POST['del']) and isset($_POST['dely']) and $_POST['dely'] == 'yes' and $csrfCheck) {
$pmin = 0;
$tmin = 0;
foreach ($_POST['in'] as $k => $v) {
$k = escape($k, 'integer');
$erg = db_query("SELECT erstid FROM prefix_posts WHERE tid = " . $k . " AND erstid > 0");
while ($row = db_fetch_object($erg)) {
db_query("UPDATE prefix_user SET posts = posts - 1 WHERE id = " . $row->erstid);
$pmin++;
$emails = array('bbc', $allgAr['adminMail']);
while ($row = db_fetch_object($erg)) {
if (!in_array($row->email, $emails) and preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\\@([a-z0-9])' . '(([a-z0-9-])*([a-z0-9]))+' . '(\\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', $row->email) == 1) {
$emails[] = $row->email;
$zahler++;
}
}
icmail($emails, $_POST['bet'], $_POST['txt'], '', isset($_POST['html']));
} elseif ($mailopm == 'P') {
$uids = array();
while ($row = db_fetch_object($erg)) {
$uids[] = $row->uid;
$zahler++;
}
sendpm($_SESSION['authid'], $uids, escape($_POST['bet'], 'string'), escape($_POST['txt'], 'string'), -1);
}
if ($mailopm == 'E') {
$eMailorPmsg = 'eMail(s)';
} elseif ($mailopm == 'P') {
$eMailorPmsg = 'Private Nachrichte(n)';
}
wd('admin.php?newsletter', 'Es wurde(n) ' . $zahler . ' ' . $eMailorPmsg . ' verschickt.', 5);
} else {
wd('admin.php?newsletter', 'Für diese Auswahl konnte nichts gefunden werden.', 5);
}
} else {
echo $xajax->printJavascript();
$tpl = new tpl('newsletter', 1);
$tpl->set_out('antispam', get_antispam('newsletter', 0, true), 0);
}
$design->footer();
$erg = db_query($abf);
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$row['date'] = date('d.m.Y', $row['time']);
$row['time'] = date('H:i', $row['time']);
$row['BET'] = trim($row['titel']) == '' ? ' -- kein Nachrichtentitel -- ' : $row['titel'];
$tpl->set_ar_out($row, 1);
}
$tpl->out(2);
break;
default:
// message übersicht.
$tpl = new tpl('forum/pm/show');
$ad = $menu->getA(2) == 'a' ? 'ASC' : 'DESC';
$tpl->set_out('ad', $ad == 'ASC' ? 'd' : 'a', 0);
$class = 'Cmite';
switch ($menu->getE(2)) {
default:
case '3':
$order = "`a`.`time` " . $ad;
break;
case '2':
$order = "`b`.`name` " . $ad . ", `a`.`time` DESC";
break;
case '1':
$order = "`a`.`titel` " . $ad . ", `a`.`time` DESC";
break;
}
$abf = "SELECT `a`.`titel` as `BET`, `a`.`gelesen` as `NEW`, `b`.`name` as `ABS`, `a`.`id` as `ID`, `a`.`time` FROM `prefix_pm` `a` LEFT JOIN `prefix_user` `b` ON `a`.`sid` = `b`.`id` WHERE `a`.`eid` = " . $_SESSION['authid'] . " AND `a`.`status` <= 0 ORDER BY " . $order;
$erg = db_query($abf);
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
$tpl = new tpl('adminsubmenu', 1);
$tpl->set_out('headline', 'Menü auswählen', 0);
$tpl->out(1);
for ($i = 1; $i <= $allgAr['menu_anz']; $i++) {
$tpl->set_ar_out(array('url' => 'admin.php?menu-' . $i, 'title' => 'Menü ' . $i), 2);
}
$tpl->out(3);
public function get_url($w = '')
{
global $allgAr;
if ($w != '') {
$this->type = $w;
}
// startwert und pfad zum pruefen raustuefteln.
if ($this->type == 'contents') {
$pfad = 'include/contents';
$smod = $allgAr['smodul'];
} elseif ($this->type == 'box') {
$file = 'include/boxes/' . $this->get(0) . '.php';
return (file_exists($file) and $this->check_rights()) ? $file : false;
} else {
$pfad = 'include/admin';
$smod = 'admin';
}
// wennes also leer is wird das startmodul genommen
if (empty($this->menu_ar[0])) {
$this->set_url(0, $smod);
}
// diverse sachen geprueft zum zurueck geben,
// is halt so dings wegen selfpages usw...
if (!file_exists($pfad . '/' . $this->get(0) . '.php') and file_exists($pfad . '/selfbp/selfp/' . $this->get(0) . '.php')) {
$this->set_url(1, $this->get(0));
$this->set_url(0, 'self');
} elseif (!file_exists($pfad . '/' . $this->get(0) . '.php')) {
if (substr($smod, 0, 5) == 'self-') {
$this->set_url(1, substr($smod, 5));
$this->set_url(0, 'self');
} elseif (file_exists($pfad . '/selfbp/selfp/' . $smod . '.php')) {
$this->set_url(1, $smod);
$this->set_url(0, 'self');
} else {
$this->set_url(0, $smod);
}
}
// pruefen ob der client die noetigen rechte hat
// das modul zu sehen.. bzw. den menupunkt zu sehen
$exit = !$this->check_rights();
// das usermodul kann aus eigener sicherheit nicht
// gesperrt werden, sonst koennen sich member
// usw. nicht mehr einloggen, bzw. es kann
// sich sonst keiner registrieren. deshalb is das
// user modul immer frei geschaltet
$alwaysallowed = array('regist', 'login', '1', '2', 'confirm', 'remind', '13', '3', 'logout');
if ($exit === true and $this->get(0) == 'user' and in_array($this->get(1), $alwaysallowed)) {
$exit = false;
debug('o');
}
if ($exit) {
$title = $allgAr['title'] . ' :: Keine Berechtigung';
$hmenu = 'Keine Berechtigung';
$design = new design($title, $hmenu);
if (loggedin()) {
$design->header();
if (is_coadmin()) {
echo 'Entweder diese Seite ist nicht in der Navigation verlinkt und die Option
<strong>Zugriff auf nicht im Menü verlinkte Module für alle?</strong> steht auf <strong>nein</strong> oder aber du hast kein Recht sie zu betrachten, deswegen kommt diese Meldung.<br />
Also entweder die Seite <strong>' . $this->get(0) . '</strong> in der <a href="admin.php?menu">Navigation</a> verlinken, oder die Option umstellen, ersteres wird empfohlen.';
} else {
echo 'Du hast leider nicht die nötigen Rechte, um diese Seite zu betrachten.';
}
} else {
$tpl = new tpl('user/login');
$design->addheader($tpl->get(0));
$design->header();
$tpl->set_out('WDLINK', 'index.php', 1);
}
$design->footer();
exit;
}
return $this->get(0) . '.php';
}
# Support: www.ilch.de
defined('main') or die('no direct access');
if ($forum_rights['mods'] == FALSE) {
$forum_failure[] = 'Keine Berechtigung dieses Forum zu moderiren';
check_forum_failure($forum_failure);
}
$title = $allgAr['title'] . ' :: Forum :: ' . $aktForumRow['kat'] . ' :: ' . $aktForumRow['name'] . ' :: ' . $aktTopicRow['name'] . ' :: Beitrag löschen';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="index.php?forum">Forum</a><b> » </b><a class="smalfont" href="index.php?forum-showcat-' . $aktForumRow['cid'] . '">' . $aktForumRow['kat'] . '</a><b> » </b><a class="smalfont" href="index.php?forum-showtopics-' . $fid . '">' . $aktForumRow['name'] . '</a><b> » </b>';
$hmenu .= '<a class="smalfont" href="index.php?forum-showposts-' . $tid . '">' . $aktTopicRow['name'] . '</a> <b> » </b>Beitrag löschen' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$postid = escape($menu->get(3), 'integer');
$csrfCheck = chk_antispam('forum_del_post', true);
if (empty($_POST['delete']) || !$csrfCheck) {
$tpl = new tpl('forum/del_post');
$tpl->set_ar(array('tid' => $tid, 'get3' => $postid, 'antispam' => get_antispam('forum_del_post', 0, true)));
$tpl->out(0);
} elseif ($csrfCheck) {
$erstid = @db_result(db_query("SELECT erstid FROM `prefix_posts` WHERE id = " . $postid . " LIMIT 1"), 0);
if ($erstid > 0) {
db_query("UPDATE `prefix_user` SET posts = posts - 1 WHERE id = {$erstid}");
}
db_query("DELETE FROM `prefix_posts` WHERE id = " . $postid . " LIMIT 1");
$erg = db_query("SELECT MAX(id) FROM prefix_posts WHERE tid = " . $tid);
$max = db_result($erg, 0);
db_query("UPDATE `prefix_topics` SET last_post_id = " . $max . ", `rep` = `rep` - 1 WHERE id = " . $tid);
db_query("UPDATE `prefix_forums` SET last_post_id = " . $max . ", posts = posts - 1 WHERE id = " . $fid);
$tpl = new tpl('forum/del_post');
$tpl->set_out('tid', $tid, 1);
}
$design->footer();
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
$tpl = new tpl('adminmenu', 1);
if (is_coadmin()) {
$kat = '';
$i = 1;
foreach ($menuAr as $key => $tab) {
if ($kat != $tab['menu']) {
if (!empty($kat)) {
$tpl->out(3);
}
$tpl->set_out('id', $i++, 1);
$kat = $tab['menu'];
}
$tpl->set_ar_out(array('url' => $key, 'title' => $tab['name']), 2);
}
} elseif (count($_SESSION['authmod']) > 0) {
$kat = 'modulerights';
$q = "SELECT DISTINCT `url`, `name`\n\tFROM `prefix_modulerights` `a`\n\tLEFT JOIN `prefix_modules` `b` ON `b`.`id` = `a`.`mid`\n\tWHERE `b`.`gshow` = 1 AND `uid` = " . $_SESSION['authid'];
$tpl->set_out('id', 1, 1);
$erg = db_query($q);
while ($row = db_fetch_assoc($erg)) {
$tpl->set_ar_out(array('url' => $row['url'], 'title' => $row['name']), 2);
}
}
if (!empty($kat)) {
$tpl->out(3);
function get_url($w = 'contents')
{
global $allgAr;
# startwert und pfad zum pruefen raustuefteln.
if ($w == 'contents') {
$pfad = 'include/contents';
$smod = $allgAr['smodul'];
} else {
$pfad = 'include/admin';
$smod = 'admin';
}
# wennes also leer is wird das startmodul genommen
if (empty($this->menu_ar[0])) {
$this->set_url(0, $smod);
}
# diverse sachen geprueft zum zurueck geben,
# is halt so dings wegen selfpages usw...
if (!file_exists($pfad . '/' . $this->get(0) . '.php') and file_exists($pfad . '/selfbp/selfp/' . $this->get(0) . '.php')) {
$this->set_url(1, $this->get(0));
$this->set_url(0, 'self');
} elseif (!file_exists($pfad . '/' . $this->get(0) . '.php')) {
if (substr($smod, 0, 5) == 'self-') {
$this->set_url(1, substr($smod, 5));
$this->set_url(0, 'self');
} elseif (file_exists($pfad . '/selfbp/selfp/' . $smod . '.php')) {
$this->set_url(1, $smod);
$this->set_url(0, 'self');
} else {
$this->set_url(0, $smod);
}
}
# pruefen ob der client die noetigen rechte hat
# das modul zu sehen.. bzw. den menupunkt zu sehen
$exit = false;
if ($w == 'contents') {
$where = "(path = '" . $this->get(0) . "' OR path = '" . $this->get(0) . "-" . $this->get(1) . "')";
if ($this->get(0) == 'self') {
$where = "(path = '" . $this->get(0) . "-" . $this->get(1) . "' OR path = '" . $this->get(1) . "')";
}
$r = @db_result(@db_query("SELECT recht FROM prefix_menu WHERE " . $where . " ORDER BY LENGTH(path) DESC"), 0);
if ($r != '' and !has_right($r) or $r == '' and $allgAr['allg_menupoint_access'] == 0) {
$exit = true;
}
}
# das usermodul kann aus eigener sicherheit nicht
# gesperrt werden, sonst koennen sich member
# usw. nicht mehr einloggen, bzw. es kann
# sich sonst keiner registrieren. deshalb is das
# user modul immer frei geschaltet
$alwaysallowed = array('regist', 'login', '1', '2', 'confirm', 'remind', '13', '3', 'logout');
if ($exit === true and $this->get(0) == 'user' and in_array($this->get(1), $alwaysallowed)) {
$exit = false;
debug('o');
}
if ($exit) {
$title = $allgAr['title'] . ' :: Keine Berechtigung';
$hmenu = 'Keine Berechtigung';
$design = new design($title, $hmenu);
$design->header();
if (loggedin()) {
echo 'Du hast leider nicht die nötigen Rechte... :-S';
} else {
$tpl = new tpl('user/login');
$tpl->set_out('WDLINK', 'index.php', 0);
}
$design->footer();
exit;
}
return $this->get(0) . '.php';
}
$hmenu = $extented_forum_menu . '<a class="smalfont" href="index.php?forum">Forum</a><b> » </b>' . aktForumCats($aktForumRow['kat']) . '<b> » </b>' . $aktForumRow['name'] . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$limit = $allgAr['Ftanz'];
// Limit
$page = $menu->getA(3) == 'p' ? $menu->getE(3) : 1;
$MPL = db_make_sites($page, "WHERE fid = '{$fid}'", $limit, '?forum-showtopics-' . $fid, 'topics');
$anfang = ($page - 1) * $limit;
$tpl = new tpl('forum/showtopic');
if ($forum_rights['start'] == TRUE) {
$tpl->set('NEWTOPIC', '<b>[ <a href="index.php?forum-newtopic-' . $fid . '">' . $lang['newtopic'] . '</a> ]</b>');
} else {
$tpl->set('NEWTOPIC', '');
}
$tpl->set('MPL', $MPL);
$tpl->set_out('FID', $fid, 0);
$q = "SELECT a.id, a.name, a.rep, a.erst, a.hit, a.art, a.stat, b.time, b.erst as last, b.id as pid\r\n\tFROM prefix_topics a\r\n\tLEFT JOIN prefix_posts b ON a.last_post_id = b.id\r\n\tWHERE a.fid = {$fid}\r\n\tORDER BY a.art DESC, b.time DESC\r\n\tLIMIT " . $anfang . "," . $limit;
$erg = db_query($q);
if (db_num_rows($erg) > 0) {
while ($row = db_fetch_assoc($erg)) {
if ($row['stat'] == 0) {
$row['ORD'] = 'cord';
} else {
#$row['ORD'] = get_ordner($row['time']);
$row['ORD'] = forum_get_ordner($row['time'], $row['id'], $fid);
}
$row['date'] = date('d.m.y - H:i', $row['time']);
$row['page'] = ceil(($row['rep'] + 1) / $allgAr['Fpanz']);
$row['VORT'] = $row['art'] == 1 ? 'Fest: ' : '';
$tpl->set_ar_out($row, 1);
}
function user_has_admin_right(&$menu, $sl = true)
{
if ($_SESSION['authright'] <= -8) {
// co leader...
return true;
} else {
$uri_to_check1 = $menu->get(0);
$uri_to_check2 = $menu->get(1);
if (count($_SESSION['authmod']) < 1 or !loggedin()) {
if ($sl === true) {
if (!loggedin()) {
$design = new design('', '', 0);
$menu->set_url(0, 'user');
load_modul_lang();
$tpl = new tpl('user/login.htm');
$design->addheader($tpl->get(0));
$design->header();
$tpl->set_out('WDLINK', 'admin.php', 1);
$design->footer();
} else {
echo '<strong>Keine Berechtigung!</strong> <a href="index.php">Startseite</a>';
}
}
return false;
} elseif (isset($_SESSION['authmod'][$uri_to_check1]) and $_SESSION['authmod'][$uri_to_check1] == true or isset($_SESSION['authmod'][$uri_to_check1 . '-' . $uri_to_check2]) and $_SESSION['authmod'][$uri_to_check1 . '-' . $uri_to_check2] == true) {
return true;
} elseif (count($_SESSION['authmod']) > 0 and loggedin()) {
if ($sl === true) {
foreach ($_SESSION['authmod'] as $k => $v) {
$x = $k;
break;
}
$x = explode('-', $x);
$menu->set_url(0, $x[0]);
if (isset($x[1])) {
$menu->set_url(1, $x[1]);
}
}
return true;
}
}
return false;
}
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: ' . $lang['login'];
$hmenu = $extented_forum_menu . $lang['login'] . $extented_forum_menu_sufix;
$tpl = new tpl('user/login.htm');
if (loggedin()) {
$design = new design($title, $hmenu, 0);
$design->header();
if (isset($_POST['wdlink'])) {
$wd = $_POST['wdlink'];
} else {
$wd = 'index.php?' . $allgAr['smodul'];
}
wd($wd, $lang['yourareloged']);
$design->footer();
} else {
$design = new design($title, $hmenu);
$design->addheader($tpl->get(0));
$design->header();
$tpl = new tpl('user/login.htm');
$tpl->set_out('WDLINK', 'index.php?' . $allgAr['smodul'], 1);
$design->footer();
}
$i = 0;
$class = 'Cmite';
$x = '';
if (loggedin()) {
$x .= '<a href="index.php?user-usergallery-' . $_SESSION['authid'] . '">Meine Gallery</a><br /><br />';
}
$erg = db_query("SELECT `uid`, `prefix_user`.`name` as `uname`, COUNT(*) as `anz` FROM `prefix_usergallery` LEFT JOIN `prefix_user` ON `prefix_usergallery`.`uid` = `prefix_user`.`id` GROUP BY `uid`, `uname` ORDER BY `anz` DESC");
while ($r = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$x .= '<div class="' . $class . '" style="float: left; padding: 5px;"><a href="index.php?user-usergallery-' . $r['uid'] . '">' . $r['uname'] . '</a><br /><span class="smalfont">Anzahl Bilder: ' . $r['anz'] . '</span></a></div>';
if ($i != 0 and $i % 5 == 0) {
$x .= '<br />';
}
}
$tpl = new tpl('user/gallery');
$tpl->set_out('x', $x, 4);
$design->footer();
exit;
}
// user gallery zeigen
$uname = db_result(db_query("SELECT `name` FROM `prefix_user` WHERE `id` = " . $uid), 0, 0);
$title = $allgAr['title'] . ' :: Users :: Gallery';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="index.php?user">Users</a><b> » </b><a class="smalfont" href="?user-usergallery">Gallery</a><b> » </b>von ' . $uname . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$tpl = new tpl('user/gallery');
$tpl->set('uid', $uid);
$tpl->set('uname', $uname);
// bild loeschen...
if ($menu->getA(4) == 'd' and is_numeric($menu->getE(4)) and loggedin() and (is_siteadmin() or $uid == $_SESSION['authid'])) {
$delid = escape($menu->getE(4), 'integer');
$frei = '';
if ($allgAr['archiv_down_userupload'] == 1 and is_writeable('include/downs/downloads/user_upload')) {
$frei = '<tr class="Cmite"><td colspan="5"><a href="?archiv-downloads-Sa">User-Uploads freischalten</a></td></tr>';
}
$tpl->out(0);
$class = 0;
$abf = "SELECT id,`cat`,`version`,`name`,pos FROM prefix_downloads WHERE cat = " . $azk . " ORDER BY pos";
$erg = db_query($abf);
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$tpl->set_ar($row);
$tpl->out(1);
}
// downs
$tpl->set_out('frei', $frei, 2);
// cat
if ($menu->getA(2) == 'E') {
$erg = db_query("SELECT id,cat as Ccat, recht as Crecht, name as Cname,pos as Cpos,`desc` as Cdesc FROM prefix_downcats WHERE id = '" . $menu->getE(2) . "'");
$_Cilch = db_fetch_assoc($erg);
$_Cilch['Cpkey'] = $menu->getE(2);
} else {
$_Cilch = array('Ccat' => '', 'Cpkey' => '', 'Cpos' => '', 'Cname' => '', 'Crecht' => '', 'Cdesc' => '');
}
$_Cilch['Crecht'] = dblistee($_Cilch['Crecht'], "SELECT id,name FROM prefix_grundrechte ORDER BY id DESC");
archiv_downs_admin_selectcats('0', '', $_Cilch['Ccat'], $_Cilch['Ccat']);
$_Cilch['Ccat'] = '<option value="0">Keine</option>' . $_Cilch['Ccat'];
archiv_downs_admin_showcats(0, '');
$tpl->set_ar($_ilch);
$tpl->set_ar($_Cilch);
$tpl->out(3);
$gAnz = @db_result(db_query(str_replace('{WHERE}', $where, str_replace('{SELECT}', ' COUNT(DISTINCT `a`.`id`)', $q))), 0);
$q = str_replace('{WHERE}', $where, str_replace('{SELECT}', $s, $q));
} elseif ($such == 'augt') {
$where = "`c`.`time` >= " . $x . " AND `c`.`time` >= " . $_SESSION['lastlogin'];
$gAnz = @db_result(db_query(str_replace('{WHERE}', $where, str_replace('{SELECT}', ' COUNT(DISTINCT `a`.`id`)', $q))), 0);
$q = str_replace('{WHERE}', $where, str_replace('{SELECT}', $s, $q2));
} elseif ($such == 'aeit') {
$where = "`c`.`time` >= " . $x . " AND `c`.`erstid` = " . $uid;
$gAnz = @db_result(db_query(str_replace('{WHERE}', $where, str_replace('{SELECT}', ' COUNT(DISTINCT `a`.`id`)', $q))), 0);
$q = str_replace('{WHERE}', $where, str_replace('{SELECT}', $s, $q));
}
$MPL = db_make_sites($page, "", $limit, 'index.php?forum-' . $such . ($such == 'aeit' ? '-' . $uid : ''), "", $gAnz);
$tpl = new tpl('forum/search');
$q = db_query($q . " LIMIT " . $anfang . "," . $limit);
$class = '';
$tpl->set_out('gAnz', $gAnz, 0);
while ($r = db_fetch_assoc($q)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$r['class'] = $class;
$r['ctime'] = db_result(db_query("SELECT MAX(`time`) FROM `prefix_posts` WHERE `tid` = " . $r['id']), 0, 0);
$r['ord'] = forum_get_ordner($r['ctime'], $r['id'], $r['fid']);
$r['link'] = 'forum-showposts-' . $r['id'];
if ($menu->get(1) == 'aeit') {
$r['author'] = '';
} elseif ($such == 'aubt') {
$r['author'] = ' ' . $lang['from'] . ' ' . $r['author'];
} else {
$r['author'] = ' ' . $lang['newpost'] . ' ' . $lang['from'] . ' ' . $r['author'];
$r['postsbefore'] = db_count_query('SELECT COUNT(`id`) FROM `prefix_posts` WHERE `tid` = ' . $r['id'] . ' AND `id` < ' . $r['firstnew']);
$r['page'] = ceil(($r['postsbefore'] + 1) / $allgAr['Fpanz']);
$r['link'] .= '-p' . $r['page'] . '#' . $r['firstnew'];
}
} else {
echo 'Datum stimmt nicht, bitte im Format DD.MM.YYYY eingeben also z.B. 29.12.2005<br />';
}
}
if (!isset($IdToDelete)) {
if ($menu->getA(1) == 'e' and is_numeric($menu->getE(1)) and empty($IdToEdit)) {
$IdToEdit = escape($menu->getE(1), 'integer');
$erg = db_query("SELECT id,DATE_FORMAT(date,'%d.%m.%Y') as date,title,txt FROM prefix_history WHERE id = '" . $IdToEdit . "'");
$_ilch = db_fetch_assoc($erg);
$_ilch['pkey'] = $IdToEdit;
} else {
$_ilch = array('pkey' => '', 'date' => date('d.m.Y'), 'title' => '', 'txt' => '');
}
$tpl->set_ar_out($_ilch, 0);
$limit = 20;
$page = $menu->getA(1) == 'p' ? escape($menu->getE(1), 'integer') : 1;
$MPL = db_make_sites($page, 'ORDER BY `date` DESC', $limit, '?history', 'history');
$anfang = ($page - 1) * $limit;
$abf = "SELECT `id`,`date`,`title` FROM prefix_history ORDER BY `date` DESC LIMIT " . $anfang . "," . $limit;
$erg = db_query($abf);
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
list($y, $m, $d) = explode('-', $row['date']);
$row['date'] = $d . '.' . $m . '.' . $y;
$tpl->set_ar_out($row, 1);
}
$tpl->set_out('MPL', $MPL, 2);
}
$design->footer();
db_query("INSERT INTO prefix_usercheck (`check`,email,datime,ak)\r\n VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),3)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$text = $lang['changedthemail'] . sprintf($lang['registconfirmlink'], $page, $id);
icmail($_POST['email'], $lang['mail'] . ' ' . $lang['changed'], $text);
$fmsg = $lang['pleaseconfirmmail'];
}
#
#remove account
if (isset($_POST['removeaccount'])) {
$id = $_SESSION['authid'] . '-remove-' . md5(uniqid(rand()));
db_query("INSERT INTO prefix_usercheck (`check`,email,datime,ak)\r\n VALUES ('" . $id . "','" . escape($_POST['email'], 'string') . "',NOW(),5)");
$page = $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
$text = $lang['removeconfirm'] . sprintf($lang['registconfirmlink'], $page, $id);
icmail($_POST['email'], html_entity_decode($lang['removeaccount'], ILCH_ENTITIES_FLAGS, ILCH_CHARSET), $text);
$fmsg = $lang['pleaseconfirmremove'];
}
#remove account
# statische felder speichern
db_query("UPDATE prefix_user\r\n\t\t\t SET\r\n homepage = '" . get_homepage(escape($_POST['homepage'], 'string')) . "',\r\n wohnort = '" . escape($_POST['wohnort'], 'string') . "',\r\n icq = '" . escape($_POST['icq'], 'string') . "',\r\n msn = '" . escape($_POST['msn'], 'string') . "',\r\n yahoo = '" . escape($_POST['yahoo'], 'string') . "',\r\n " . $avatar_sql_update . "\r\n aim = '" . escape($_POST['aim'], 'string') . "',\r\n staat = '" . escape($_POST['staat'], 'string') . "',\r\n geschlecht = '" . escape($_POST['geschlecht'], 'string') . "',\r\n status = '" . escape($_POST['status'], 'string') . "',\r\n opt_mail = '" . escape($_POST['opt_mail'], 'string') . "',\r\n opt_pm = '" . escape($_POST['opt_pm'], 'string') . "',\r\n opt_pm_popup = '" . escape($_POST['opt_pm_popup'], 'string') . "',\r\n gebdatum = '" . get_datum(escape($_POST['gebdatum'], 'string')) . "',\r\n sig = '" . substr(escape($_POST['sig'], 'string'), 0, $allgAr['forum_max_sig']) . "'\r\n\t\t\t\tWHERE id = " . $_SESSION['authid']);
# change other profil fields
profilefields_change_save($_SESSION['authid']);
$design->header();
# definie and print msg
$fmsg = isset($fmsg) ? $fmsg : $lang['changesuccessful'];
wd('?user-8', $fmsg, 3);
}
} else {
$tpl = new tpl('user/login');
$tpl->set_out('WDLINK', '?user-8', 0);
}
$design->footer();
$emails = array('bbc', $allgAr['adminMail']);
while ($row = db_fetch_object($erg)) {
if (!in_array($row->email, $emails) and preg_match('/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*\\@([a-z0-9])' . '(([a-z0-9-])*([a-z0-9]))+' . '(\\.([a-z0-9])([-a-z0-9_-])?([a-z0-9])+)+$/i', $row->email) == 1) {
$emails[] = $row->email;
$zahler++;
}
}
icmail($emails, $_POST['bet'], $_POST['txt'], '', isset($_POST['html']));
} elseif ($mailopm == 'P') {
$uids = array();
while ($row = db_fetch_object($erg)) {
$uids[] = $row->uid;
$zahler++;
}
sendpm($_SESSION['authid'], $uids, escape($_POST['bet'], 'string'), escape($_POST['txt'], 'string'), -1);
}
if ($mailopm == 'E') {
$eMailorPmsg = 'eMail(s)';
} elseif ($mailopm == 'P') {
$eMailorPmsg = 'Private Nachrichte(n)';
}
wd('admin.php?newsletter', 'Es wurde(n) ' . $zahler . ' ' . $eMailorPmsg . ' verschickt.', 5);
} else {
wd('admin.php?newsletter', 'Für diese Auswahl konnte nichts gefunden werden.', 5);
}
} else {
echo $xajax->printJavascript();
$tpl = new tpl('newsletter', 1);
$tpl->set_out('ANTISPAM', get_antispam('adminuser_action', 0, true), 0);
}
$design->footer();
$erg = db_query("SELECT a.owp,a.opp,a.wlp,a.land,a.mtyp,a.game,a.id,a.gegner,a.page,b.name as team,DATE_FORMAT(datime,'%d.%m.%Y') as time FROM prefix_wars a left join prefix_groups b ON a.tid = b.id " . $sqla . " ORDER BY a.datime DESC, id DESC LIMIT " . $anfang . "," . $limit);
while ($row = db_fetch_assoc($erg)) {
$row['erg'] = $row['opp'] . ':' . $row['owp'];
$row['farbe'] = $farbe1wlpar[$row['wlp']];
$row['farbe2'] = $farbe2wlpar[$row['wlp']];
if ($class == 'Cmite') {
$class = 'Cnorm';
} else {
$class = 'Cmite';
}
$row['page'] = get_homepage($row['page']);
$row['team'] = get_wargameimg($row['game']) . ' ' . $row['team'];
$row['class'] = $class;
$tpl->set_ar_out($row, 5);
}
$tpl->set_out('MPL', $MPL, 6);
}
$design->footer();
} elseif (is_numeric($menu->get(2))) {
$_GET['mehr'] = escape($menu->get(2), 'integer');
$erg = @db_query("SELECT\r\n\tDATE_FORMAT(datime,'%d.%m.%Y') as datum,\r\n\ttid, status, owp, opp, wlp,\r\n\tDATE_FORMAT(datime,'%H:%i:%s') as zeit,\r\n\tgegner, tag, page, mail, icq, wo, prefix_wars.`mod`, mtyp,\r\n\tgame, land, txt, prefix_wars.id,\r\n\tname as team\r\n\tFROM prefix_wars\r\n\tleft join prefix_groups ON prefix_wars.tid = prefix_groups.id\r\n\tWHERE prefix_wars.id = " . $_GET['mehr']);
db_check_erg($erg);
$row = db_fetch_assoc($erg);
$row['page'] = get_homepage($row['page']);
$row['txt'] = bbcode($row['txt']);
if ($row['status'] == 2) {
// nextwars
$title = $allgAr['title'] . ' :: Wars :: Nextwars';
$hmenu = '<a href="?wars" class="smalfont">Wars</a><b> » </b>Nextwars';
$design = new design($title, $hmenu);
$design->header();
$txt = trim(escape($_POST['txt'], 'textarea'));
}
if (isset($_POST['Gname'])) {
$xnn = trim(escape_nickname($_POST['Gname']));
}
if ($_SESSION['klicktime'] + 15 > $dppk_time or empty($topic) or empty($txt) or !empty($_POST['priview']) or empty($_POST['Gname']) and !loggedin() or !chk_antispam('newtopic')) {
$design = new design($title, $hmenu, 1);
$design->header($load);
$tpl = new tpl('forum/newtopic');
$name = '';
if (!loggedin()) {
$name = '<tr><td class="Cmite"0><b>' . $lang['name'] . '</b></td>';
$name .= '<td class="Cnorm"><input type="text" value="' . unescape($xnn) . '" maxlength="15" name="Gname"></td></tr>';
}
if (isset($_POST['priview'])) {
$tpl->set_out('txt', bbcode(unescape($txt)), 0);
}
$ar = array('name' => $name, 'txt' => escape_for_fields(unescape($txt)), 'topic' => escape_for_fields(unescape($topic)), 'fid' => $fid, 'SMILIES' => getsmilies(), 'antispam' => get_antispam('newtopic', 1));
$tpl->set_ar_out($ar, 1);
} else {
// save toipc
$_SESSION['klicktime'] = $dppk_time;
$design = new design($title, $hmenu, 0);
$design->header($load);
if (loggedin()) {
$uid = $_SESSION['authid'];
$erst = escape($_SESSION['authname'], 'string');
db_query("UPDATE `prefix_user` SET `posts` = `posts`+1 WHERE `id` = " . $uid);
} else {
$erst = $xnn;
$uid = 0;
while ($row = db_fetch_assoc($erg)) {
$k0m = db_query("SELECT COUNT(ID) FROM `prefix_koms` WHERE uid = " . $row['id'] . " AND cat = 'NEWS'");
$row['kom'] = db_result($k0m, 0);
$row['kate'] = news_find_kat($row['kate']);
$row['datum'] = $lang[$row['dayofweek']] . ' ' . $row['datum'];
if (strpos($row['text'], '[PREVIEWENDE]') !== FALSE) {
$a = explode('[PREVIEWENDE]', $row['text']);
$row['text'] = $a[0];
$row['readwholenews'] = '» <a href="index.php?news-' . $row['id'] . '">' . $lang['readwholenews'] . '</a> «';
} else {
$row['readwholenews'] = '';
}
$row['text'] = bbcode($row['text']);
$tpl->set_ar_out($row, 0);
}
$tpl->set_out('SITELINK', $MPL, 1);
unset($tpl);
}
} else {
$design->header();
$nid = escape($menu->get(1), 'integer');
$row = db_fetch_object(db_query("SELECT * FROM `prefix_news` WHERE news_id = '" . $nid . "'"));
if (has_right(array($row->news_recht))) {
$komsOK = true;
if ($allgAr['Ngkoms'] == 0) {
if (loggedin()) {
$komsOK = true;
} else {
$komsOK = false;
}
}
$tpl = new tpl('links');
$erg = db_query("SELECT `id`,`name`,`desc` FROM `prefix_linkcats` WHERE `cat` = " . $cid . " ORDER BY `pos`");
if (db_num_rows($erg) > 0) {
$tpl->out(1);
$class = 'Cnorm';
while ($row = db_fetch_assoc($erg)) {
$row['links'] = count_files($row['id']);
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$tpl->set_ar_out($row, 2);
}
$tpl->out(3);
}
$erg = db_query("SELECT `id`,`name`,`link`,`banner`,`desc`,`hits` FROM `prefix_links` WHERE `cat` = " . $cid . " ORDER BY `pos`");
if (db_num_rows($erg) > 0) {
$tpl->set_out('catname', $catname2, 4);
$class = 'Cnorm';
while ($row = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$row['class'] = $class;
$row['desc'] = !empty($row['desc']) ? '<br /><span class="smalfont">» ' . $row['desc'] . '</span>' : '';
if (!empty($row['banner'])) {
$row['name'] = '<img src="' . $row['banner'] . '" border="0" alt="' . $row['name'] . '" title="' . $row['name'] . '">';
}
$tpl->set_ar_out($row, 5);
}
$tpl->out(6);
}
$design->footer();
break;
case 's':
} elseif ($ch_name == false) {
$fehler = $lang['namealreadyinuse'];
} elseif ($email != $xemail) {
$fehler = $lang['wrongemail'];
} elseif ($ch_email == false) {
$fehler = $lang['emailalreadyinuse'];
}
$tpl = new tpl('user/regist');
$tpl->set('name', $name);
$tpl->set('email', $email);
$tpl->set_out('FEHLER', $fehler, 1);
if ($allgAr['forum_regist_user_pass'] == 1) {
$tpl->out(2);
}
$tpl->out(3);
} else {
$pass = genkey(8);
if (!empty($_POST['pass'])) {
$pass = escape($_POST['pass'], 'string');
}
user_regist($name, $email, $pass);
$tpl = new tpl('user/regist');
$title = $allgAr['title'] . ' :: Users :: Registrieren :: Step 3 von 3';
$hmenu = $extented_forum_menu . '<a class="smalfont" href="?user">User</a><b> » </b><a class="smalfont" href="?user-regist">Registrieren</a><b> » </b>Step 3 von 3' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 1);
$design->header();
$tpl->set_out('NAME', $name, 4);
}
$design->footer();
break;
}
$design->footer(1);
}
$um = $menu->get(1);
switch ($um) {
default:
$design = new design('Admins Area', 'Admins Area', 2);
$design->header();
$q = '';
if (isset($_REQUEST['q'])) {
$q = escape($_REQUEST['q'], 'string');
}
$tpl = new tpl('user/user', 1);
$tpl->set('modlall', user_get_all_mod_list());
$tpl->set('anzmods', db_result(db_query("SELECT COUNT(*) FROM prefix_modules WHERE fright = 1"), 0));
$tpl->set('action_antispam', get_antispam('adminuser_action', 0, true));
$tpl->set_out('q', unescape($q), 0);
$q = str_replace('*', '%', $q);
if (strpos($q, '%') === false) {
$q = $q . '%';
}
$limit = 15;
// Limit
$page = $menu->getA(1) == 'p' ? $menu->getE(1) : 1;
$MPL = db_make_sites($page, "WHERE name LIKE '" . $q . "'", $limit, '?user', 'user');
$anfang = ($page - 1) * $limit;
$class = '';
$q = "SELECT name,recht,id FROM `prefix_user` WHERE name LIKE '" . $q . "' ORDER by recht,posts DESC LIMIT " . $anfang . "," . $limit;
$erg = db_query($q);
while ($row = db_fetch_object($erg)) {
if ($class == 'Cmite') {
$class = 'Cnorm';
