}
// Desactivar comprobaci? de IP
if (isset($_POST["noipcheck"]) && $_POST["noipcheck"] == 'on') {
$noipcheck = "1";
} else {
$noipcheck = "0";
}
// Nombre de usuario
if (isset($_POST["db_character"]) && $_POST["db_character"] != '') {
$username = CheckInputStrings($_POST['db_character']);
} else {
$username = $user['username'];
}
// Adresse e-Mail
if (isset($_POST["db_email"]) && $_POST["db_email"] != '') {
$db_email = CheckInputStrings($_POST['db_email']);
} else {
$db_email = $user['email'];
}
// Cantidad de sondas de espionaje
if (isset($_POST["spio_anz"]) && is_numeric($_POST["spio_anz"])) {
$spio_anz = $_POST["spio_anz"];
} else {
$spio_anz = "1";
}
// Mostrar tooltip durante
if (isset($_POST["settings_tooltiptime"]) && is_numeric($_POST["settings_tooltiptime"])) {
$settings_tooltiptime = $_POST["settings_tooltiptime"];
} else {
$settings_tooltiptime = "1";
}
$QryBanMulti .= "`theme` = 'Multi-Compte entre " . mysql_escape_string($username) . "', ";
$QryBanMulti .= "`time` = '" . $time . "', ";
$QryBanMulti .= "`longer` = '" . $duree . "', ";
$QryBanMulti .= "`author` = '" . $op . "', ";
$QryBanMulti .= "`email`='" . $mail . "';";
doquery($QryBanMulti, 'banned');
doquery("UPDATE {{table}} SET bana=1 WHERE username='******'username']}'", "users");
doquery("UPDATE {{table}} SET banaday='{$duree}' WHERE username='******'username']}'", "users");
}
}
} else {
}
switch ($mode) {
case 'renameplanet':
if ($_POST['action'] == $lang['over_2009']) {
$UserPlanet = addslashes(CheckInputStrings($_POST['newname']));
if (ctype_alnum($UserPlanet)) {
$newname = mysql_escape_string(trim($UserPlanet));
if ($newname != "") {
$planetrow['name'] = $newname;
doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `id` = '" . $user['current_planet'] . "' LIMIT 1;", "planets");
if ($planetrow['planet_type'] == 3) {
doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `galaxy` = '" . $planetrow['galaxy'] . "' AND `system` = '" . $planetrow['system'] . "' AND `lunapos` = '" . $planetrow['planet'] . "' LIMIT 1;", "lunas");
}
}
} else {
message($lang['no_number'], $lang['error'], 'overview.php?mode=renameplanet');
}
} elseif ($_POST['action'] == $lang['over_2008']) {
$parse = $lang;
$parse['dpath'] = $dpath;
if ($_POST['side'] == 'light') {
$ally_id = "1";
$ally_name = "Light";
} else {
$ally_id = "2";
$ally_name = "Dark";
}
$ally_register_time = time();
$ally_rank_id = 1;
if ($errors != 0) {
message($errorlist, $lang['Register']);
} else {
$newpass = $_POST['passwrd'];
$UserName = CheckInputStrings($_POST['character']);
$UserEmail = CheckInputStrings($_POST['email']);
$UserPlanet = CheckInputStrings($_POST['planet']);
if ($refid != '') {
$QryInsertUser = "******";
$QryInsertUser .= "`refers` = `refers` + 1 ";
$QryInsertUser .= "WHERE `id` =" . $refid . " LIMIT 1 ; ";
doquery($QryInsertUser, 'users');
} elseif ($refname != '') {
$QryInsertUser = "******";
$QryInsertUser .= "`refers` = `refers` + 1 ";
$QryInsertUser .= "WHERE `username` =" . $refname . " LIMIT 1 ; ";
doquery($QryInsertUser, 'users');
}
$md5newpass = md5($newpass);
// Creation de l'utilisateur
$QryInsertUser = "******";
$QryInsertUser .= "`username` = '" . mysql_escape_string(strip_tags($UserName)) . "', ";
doquery("UPDATE {{table}} SET \r\n `urlaubs_modus` = '{$urlaubs_modus}',\r\n `urlaubs_until` = '{$time}'\r\n WHERE `id` = '{$iduser}' LIMIT 1", "users");
$query = doquery("SELECT * FROM {{table}} WHERE id_owner = '{$user['id']}'", 'planets');
while ($id = mysql_fetch_array($query)) {
doquery("UPDATE {{table}} SET\r\n metal_perhour = '" . $game_config['metal_basic_income'] . "',\r\n crystal_perhour = '" . $game_config['metal_basic_income'] . "',\r\n deuterium_perhour = '" . $game_config['metal_basic_income'] . "',\r\n energy_used = '0',\r\n energy_max = '0',\r\n metal_mine_porcent = '0',\r\n crystal_mine_porcent = '0',\r\n deuterium_sintetizer_porcent = '0',\r\n solar_plant_porcent = '0',\r\n fusion_plant_porcent = '0',\r\n solar_satelit_porcent = '0'\r\n WHERE id = '{$id['id']}' AND `planet_type` = 1 ", 'planets');
}
} else {
$urlaubs_modus = "0";
}
// Borrar cuenta
if (isset($_POST["db_deaktjava"]) && $_POST["db_deaktjava"] == 'on') {
$db_deaktjava = "1";
} else {
$db_deaktjava = "0";
}
//INICIO FIX AGREGAR SKINS LOCALES
$dpaths = CheckInputStrings($_POST["dpaths"]);
if (isset($_POST["dpaths"]) && $_POST["dpaths"] != '') {
$dpath = $dpaths;
} else {
}
//FIN FIX AGREGAR SKINS LOCALES
$SetSort = $_POST['settings_sort'];
$SetOrder = $_POST['settings_order'];
doquery("UPDATE {{table}} SET\r\n\t`email` = '{$db_email}',\r\n\t`avatar` = '{$avatar}',\r\n\t`dpath` = '{$dpath}',\r\n\t`design` = '{$design}',\r\n\t`noipcheck` = '{$noipcheck}',\r\n\t`planet_sort` = '{$SetSort}',\r\n\t`planet_sort_order` = '{$SetOrder}',\r\n\t`spio_anz` = '{$spio_anz}',\r\n\t`settings_tooltiptime` = '{$settings_tooltiptime}',\r\n\t`settings_fleetactions` = '{$settings_fleetactions}',\r\n\t`settings_allylogo` = '{$settings_allylogo}',\r\n\t`settings_esp` = '{$settings_esp}',\r\n\t`settings_wri` = '{$settings_wri}',\r\n\t`settings_bud` = '{$settings_bud}',\r\n\t`settings_mis` = '{$settings_mis}',\r\n\t`settings_rep` = '{$settings_rep}',\r\n\t`urlaubs_modus` = '{$urlaubs_modus}',\r\n\t`db_deaktjava` = '{$db_deaktjava}',\r\n\t`kolorminus` = '{$kolorminus}',\r\n\t`kolorplus` = '{$kolorplus}',\r\n\t`kolorpoziom` = '{$kolorpoziom}'\r\n\tWHERE `id` = '{$iduser}' LIMIT 1", "users");
if ($game_config['ForumBannerFrame'] == '0') {
$BannerURL = "" . dirname($_SERVER["HTTP_REFERER"]) . "/scripts/createbanner.php?id=" . $user['id'] . "";
$parse['bannerframe'] = "<th colspan=\"4\"><img src=\"scripts/createbanner.php?id=" . $user['id'] . "\"><br>" . $lang['InfoBanner'] . "<br><input name=\"bannerlink\" type=\"text\" id=\"bannerlink\" value=\"[img]" . $BannerURL . "[/img]\" size=\"62\"></th></tr>";
}
if (isset($_POST["db_password"]) && md5($_POST["db_password"]) == $user["password"]) {
//INICIO FIX EVITAR QUE CAMBIE SOLO CONTRASEÑA
if ($_POST["newpass1"] == $_POST["newpass2"] && $_POST["newpass1"] != NULL) {
header('Location: index.php');
die;
}
$lunarow = doquery("SELECT * FROM {{table}} WHERE `id_owner` = '" . $planetrow['id_owner'] . "' AND `galaxy` = '" . $planetrow['galaxy'] . "' AND `system` = '" . $planetrow['system'] . "' AND `lunapos` = '" . $planetrow['planet'] . "';", 'lunas', true);
CheckPlanetUsedFields($lunarow);
$mode = $_GET['mode'];
$pl = mysql_escape_string($_GET['pl']);
$_POST['deleteid'] = intval($_POST['deleteid']);
includeLang('resources');
includeLang('overview');
switch ($mode) {
case 'renameplanet':
// -----------------------------------------------------------------------------------------------
if ($_POST['action'] == $lang['namer']) {
// Reponse au changement de nom de la planete
$UserPlanet = CheckInputStrings($_POST['newname']);
$newname = mysql_escape_string(strip_tags(trim($UserPlanet)));
if (preg_match("/[^A-z0-9 _\\-]/", $newname) == 1) {
message('Fehler! Sie haben ein ungültiges Zeichen eingegeben. ', 'Fehler');
}
$newname = str_replace("'", "", $newname);
if ($newname != "") {
// Deja on met jour la planete qu'on garde en memoire (pour le nom)
$planetrow['name'] = $newname;
// Ensuite, on enregistre dans la base de données
doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `id` = '" . $user['current_planet'] . "' LIMIT 1;", "planets");
// Est ce qu'il sagit d'une lune ??
if ($planetrow['planet_type'] == 3) {
// Oui ... alors y a plus qu'a changer son nom dans la table des lunes aussi !!!
doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `galaxy` = '" . $planetrow['galaxy'] . "' AND `system` = '" . $planetrow['system'] . "' AND `lunapos` = '" . $planetrow['planet'] . "' LIMIT 1;", "lunas");
}
}
// Desactivar comprobaci? de IP
if (isset($_GET["noipcheck"]) && $_GET["noipcheck"] == 'on') {
$noipcheck = "1";
} else {
$noipcheck = "0";
}
// Nombre de usuario
if (isset($_GET["db_character"]) && $_GET["db_character"] != '') {
$username = CheckInputStrings($_GET['db_character']);
} else {
$username = $user['username'];
}
// Adresse e-Mail
if (isset($_GET["db_email"]) && $_GET["db_email"] != '') {
$db_email = CheckInputStrings($_GET['db_email']);
} else {
$db_email = $user['email'];
}
//Avatar
if (isset($_GET["avatar"]) && $_GET["avatar"] != '') {
$avatar = $_GET["avatar"];
} else {
$avatar = "../images/no_av.gif";
}
//Menu Scroll
if (isset($_GET["menutype"]) && $_GET["menutype"] != '') {
$menutype = addslashes($_GET["menutype"]);
} else {
$menutype = $user['menutype'];
}
if ($ExistMail) {
$errorlist .= $lang['error_emailexist'];
$errors++;
}
if ($_POST['sex'] != '' && $_POST['sex'] != 'F' && $_POST['sex'] != 'M') {
$errorlist .= $lang['error_sex'];
$errors++;
}
if ($errors != 0) {
rollback();
message($errorlist, $lang['Register']);
} else {
$newpass = $_POST['passwrd'];
$UserName = CheckInputStrings($_POST['character']);
$UserEmail = CheckInputStrings($_POST['email']);
$UserPlanet = CheckInputStrings(addslashes($_POST['planet']));
$UserLang = $_POST['language'];
$TimeZone = $UserLang == 'ja' ? 'Asia/Tokyo' : 'Asia/Shanghai';
$md5newpass = md5($newpass);
// Creation de l'utilisateur
$QryInsertUser = "******";
$QryInsertUser .= "`username` = '" . mysql_escape_string(strip_tags($UserName)) . "', ";
$QryInsertUser .= "`lang` = '" . $UserLang . "', ";
$QryInsertUser .= "`timezone` = '" . $TimeZone . "', ";
$QryInsertUser .= "`email` = '" . mysql_escape_string($UserEmail) . "', ";
$QryInsertUser .= "`email_2` = '" . mysql_escape_string($UserEmail) . "', ";
$QryInsertUser .= "`sex` = '" . mysql_escape_string($_POST['sex']) . "', ";
$QryInsertUser .= "`ip_at_reg` = '" . $_SERVER["REMOTE_ADDR"] . "', ";
$QryInsertUser .= "`id_planet` = '0', ";
$QryInsertUser .= "`register_time` = '" . time() . "', ";
$QryInsertUser .= "`password`='" . $md5newpass . "';";
$clef = $_GET['clef'];
//select de la table users_valid
$QrySelectvalid = "SELECT * ";
$QrySelectvalid .= "FROM {{table}} ";
$QrySelectvalid .= "WHERE ";
$QrySelectvalid .= "`username` = '" . $pseudo . "'";
$A_Valider = doquery($QrySelectvalid, 'users_valid', true);
//on test le pseudo
// Le meilleur moyen de voir si un nom d'utilisateur est pris c'est d'essayer de l'appeler !!
$ExistPseudo = doquery("SELECT `username` FROM {{table}} WHERE `username` = '" . mysql_escape_string($_GET['pseudo']) . "' LIMIT 1;", 'users', true);
//si tout est ok
if ($A_Valider['clef'] = $_GET['clef'] && ($A_Valider['username'] = $_GET['pseudo'] && $A_Valider['username'] != $ExistPseudo['username'])) {
$UserName = $_GET['pseudo'];
$UserPass = CheckInputStrings($A_Valider['password']);
$UserMail = CheckInputStrings($A_Valider['email']);
$UserSex = CheckInputStrings($A_Valider['sex']);
// Creation de l'utilisateur
$QryInsertUser = "******";
$QryInsertUser .= "`username` = '" . mysql_escape_string($UserName) . "', ";
$QryInsertUser .= "`email` = '" . mysql_escape_string($UserMail) . "', ";
$QryInsertUser .= "`email_2` = '" . mysql_escape_string($UserMail) . "', ";
$QryInsertUser .= "`sex` = '" . mysql_escape_string($UserSex) . "', ";
$QryInsertUser .= "`id_planet` = '0', ";
$QryInsertUser .= "`register_time` = '" . time() . "', ";
$QryInsertUser .= "`password`='" . mysql_escape_string($UserPass) . "';";
doquery($QryInsertUser, 'users');
doquery("DELETE FROM {{table}} WHERE username='******' LIMIT 1;", 'users_valid');
} else {
message($lang['Erreur_inscription']);
}
// On cherche le numero d'enregistrement de l'utilisateur fraichement créé
