} // Desactivar comprobaci? de IP if (isset($_POST["noipcheck"]) && $_POST["noipcheck"] == 'on') { $noipcheck = "1"; } else { $noipcheck = "0"; } // Nombre de usuario if (isset($_POST["db_character"]) && $_POST["db_character"] != '') { $username = CheckInputStrings($_POST['db_character']); } else { $username = $user['username']; } // Adresse e-Mail if (isset($_POST["db_email"]) && $_POST["db_email"] != '') { $db_email = CheckInputStrings($_POST['db_email']); } else { $db_email = $user['email']; } // Cantidad de sondas de espionaje if (isset($_POST["spio_anz"]) && is_numeric($_POST["spio_anz"])) { $spio_anz = $_POST["spio_anz"]; } else { $spio_anz = "1"; } // Mostrar tooltip durante if (isset($_POST["settings_tooltiptime"]) && is_numeric($_POST["settings_tooltiptime"])) { $settings_tooltiptime = $_POST["settings_tooltiptime"]; } else { $settings_tooltiptime = "1"; }
$QryBanMulti .= "`theme` = 'Multi-Compte entre " . mysql_escape_string($username) . "', "; $QryBanMulti .= "`time` = '" . $time . "', "; $QryBanMulti .= "`longer` = '" . $duree . "', "; $QryBanMulti .= "`author` = '" . $op . "', "; $QryBanMulti .= "`email`='" . $mail . "';"; doquery($QryBanMulti, 'banned'); doquery("UPDATE {{table}} SET bana=1 WHERE username='******'username']}'", "users"); doquery("UPDATE {{table}} SET banaday='{$duree}' WHERE username='******'username']}'", "users"); } } } else { } switch ($mode) { case 'renameplanet': if ($_POST['action'] == $lang['over_2009']) { $UserPlanet = addslashes(CheckInputStrings($_POST['newname'])); if (ctype_alnum($UserPlanet)) { $newname = mysql_escape_string(trim($UserPlanet)); if ($newname != "") { $planetrow['name'] = $newname; doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `id` = '" . $user['current_planet'] . "' LIMIT 1;", "planets"); if ($planetrow['planet_type'] == 3) { doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `galaxy` = '" . $planetrow['galaxy'] . "' AND `system` = '" . $planetrow['system'] . "' AND `lunapos` = '" . $planetrow['planet'] . "' LIMIT 1;", "lunas"); } } } else { message($lang['no_number'], $lang['error'], 'overview.php?mode=renameplanet'); } } elseif ($_POST['action'] == $lang['over_2008']) { $parse = $lang; $parse['dpath'] = $dpath;
if ($_POST['side'] == 'light') { $ally_id = "1"; $ally_name = "Light"; } else { $ally_id = "2"; $ally_name = "Dark"; } $ally_register_time = time(); $ally_rank_id = 1; if ($errors != 0) { message($errorlist, $lang['Register']); } else { $newpass = $_POST['passwrd']; $UserName = CheckInputStrings($_POST['character']); $UserEmail = CheckInputStrings($_POST['email']); $UserPlanet = CheckInputStrings($_POST['planet']); if ($refid != '') { $QryInsertUser = "******"; $QryInsertUser .= "`refers` = `refers` + 1 "; $QryInsertUser .= "WHERE `id` =" . $refid . " LIMIT 1 ; "; doquery($QryInsertUser, 'users'); } elseif ($refname != '') { $QryInsertUser = "******"; $QryInsertUser .= "`refers` = `refers` + 1 "; $QryInsertUser .= "WHERE `username` =" . $refname . " LIMIT 1 ; "; doquery($QryInsertUser, 'users'); } $md5newpass = md5($newpass); // Creation de l'utilisateur $QryInsertUser = "******"; $QryInsertUser .= "`username` = '" . mysql_escape_string(strip_tags($UserName)) . "', ";
doquery("UPDATE {{table}} SET \r\n `urlaubs_modus` = '{$urlaubs_modus}',\r\n `urlaubs_until` = '{$time}'\r\n WHERE `id` = '{$iduser}' LIMIT 1", "users"); $query = doquery("SELECT * FROM {{table}} WHERE id_owner = '{$user['id']}'", 'planets'); while ($id = mysql_fetch_array($query)) { doquery("UPDATE {{table}} SET\r\n metal_perhour = '" . $game_config['metal_basic_income'] . "',\r\n crystal_perhour = '" . $game_config['metal_basic_income'] . "',\r\n deuterium_perhour = '" . $game_config['metal_basic_income'] . "',\r\n energy_used = '0',\r\n energy_max = '0',\r\n metal_mine_porcent = '0',\r\n crystal_mine_porcent = '0',\r\n deuterium_sintetizer_porcent = '0',\r\n solar_plant_porcent = '0',\r\n fusion_plant_porcent = '0',\r\n solar_satelit_porcent = '0'\r\n WHERE id = '{$id['id']}' AND `planet_type` = 1 ", 'planets'); } } else { $urlaubs_modus = "0"; } // Borrar cuenta if (isset($_POST["db_deaktjava"]) && $_POST["db_deaktjava"] == 'on') { $db_deaktjava = "1"; } else { $db_deaktjava = "0"; } //INICIO FIX AGREGAR SKINS LOCALES $dpaths = CheckInputStrings($_POST["dpaths"]); if (isset($_POST["dpaths"]) && $_POST["dpaths"] != '') { $dpath = $dpaths; } else { } //FIN FIX AGREGAR SKINS LOCALES $SetSort = $_POST['settings_sort']; $SetOrder = $_POST['settings_order']; doquery("UPDATE {{table}} SET\r\n\t`email` = '{$db_email}',\r\n\t`avatar` = '{$avatar}',\r\n\t`dpath` = '{$dpath}',\r\n\t`design` = '{$design}',\r\n\t`noipcheck` = '{$noipcheck}',\r\n\t`planet_sort` = '{$SetSort}',\r\n\t`planet_sort_order` = '{$SetOrder}',\r\n\t`spio_anz` = '{$spio_anz}',\r\n\t`settings_tooltiptime` = '{$settings_tooltiptime}',\r\n\t`settings_fleetactions` = '{$settings_fleetactions}',\r\n\t`settings_allylogo` = '{$settings_allylogo}',\r\n\t`settings_esp` = '{$settings_esp}',\r\n\t`settings_wri` = '{$settings_wri}',\r\n\t`settings_bud` = '{$settings_bud}',\r\n\t`settings_mis` = '{$settings_mis}',\r\n\t`settings_rep` = '{$settings_rep}',\r\n\t`urlaubs_modus` = '{$urlaubs_modus}',\r\n\t`db_deaktjava` = '{$db_deaktjava}',\r\n\t`kolorminus` = '{$kolorminus}',\r\n\t`kolorplus` = '{$kolorplus}',\r\n\t`kolorpoziom` = '{$kolorpoziom}'\r\n\tWHERE `id` = '{$iduser}' LIMIT 1", "users"); if ($game_config['ForumBannerFrame'] == '0') { $BannerURL = "" . dirname($_SERVER["HTTP_REFERER"]) . "/scripts/createbanner.php?id=" . $user['id'] . ""; $parse['bannerframe'] = "<th colspan=\"4\"><img src=\"scripts/createbanner.php?id=" . $user['id'] . "\"><br>" . $lang['InfoBanner'] . "<br><input name=\"bannerlink\" type=\"text\" id=\"bannerlink\" value=\"[img]" . $BannerURL . "[/img]\" size=\"62\"></th></tr>"; } if (isset($_POST["db_password"]) && md5($_POST["db_password"]) == $user["password"]) { //INICIO FIX EVITAR QUE CAMBIE SOLO CONTRASEÑA if ($_POST["newpass1"] == $_POST["newpass2"] && $_POST["newpass1"] != NULL) {
header('Location: index.php'); die; } $lunarow = doquery("SELECT * FROM {{table}} WHERE `id_owner` = '" . $planetrow['id_owner'] . "' AND `galaxy` = '" . $planetrow['galaxy'] . "' AND `system` = '" . $planetrow['system'] . "' AND `lunapos` = '" . $planetrow['planet'] . "';", 'lunas', true); CheckPlanetUsedFields($lunarow); $mode = $_GET['mode']; $pl = mysql_escape_string($_GET['pl']); $_POST['deleteid'] = intval($_POST['deleteid']); includeLang('resources'); includeLang('overview'); switch ($mode) { case 'renameplanet': // ----------------------------------------------------------------------------------------------- if ($_POST['action'] == $lang['namer']) { // Reponse au changement de nom de la planete $UserPlanet = CheckInputStrings($_POST['newname']); $newname = mysql_escape_string(strip_tags(trim($UserPlanet))); if (preg_match("/[^A-z0-9 _\\-]/", $newname) == 1) { message('Fehler! Sie haben ein ungültiges Zeichen eingegeben. ', 'Fehler'); } $newname = str_replace("'", "", $newname); if ($newname != "") { // Deja on met jour la planete qu'on garde en memoire (pour le nom) $planetrow['name'] = $newname; // Ensuite, on enregistre dans la base de données doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `id` = '" . $user['current_planet'] . "' LIMIT 1;", "planets"); // Est ce qu'il sagit d'une lune ?? if ($planetrow['planet_type'] == 3) { // Oui ... alors y a plus qu'a changer son nom dans la table des lunes aussi !!! doquery("UPDATE {{table}} SET `name` = '" . $newname . "' WHERE `galaxy` = '" . $planetrow['galaxy'] . "' AND `system` = '" . $planetrow['system'] . "' AND `lunapos` = '" . $planetrow['planet'] . "' LIMIT 1;", "lunas"); }
} // Desactivar comprobaci? de IP if (isset($_GET["noipcheck"]) && $_GET["noipcheck"] == 'on') { $noipcheck = "1"; } else { $noipcheck = "0"; } // Nombre de usuario if (isset($_GET["db_character"]) && $_GET["db_character"] != '') { $username = CheckInputStrings($_GET['db_character']); } else { $username = $user['username']; } // Adresse e-Mail if (isset($_GET["db_email"]) && $_GET["db_email"] != '') { $db_email = CheckInputStrings($_GET['db_email']); } else { $db_email = $user['email']; } //Avatar if (isset($_GET["avatar"]) && $_GET["avatar"] != '') { $avatar = $_GET["avatar"]; } else { $avatar = "../images/no_av.gif"; } //Menu Scroll if (isset($_GET["menutype"]) && $_GET["menutype"] != '') { $menutype = addslashes($_GET["menutype"]); } else { $menutype = $user['menutype']; }
if ($ExistMail) { $errorlist .= $lang['error_emailexist']; $errors++; } if ($_POST['sex'] != '' && $_POST['sex'] != 'F' && $_POST['sex'] != 'M') { $errorlist .= $lang['error_sex']; $errors++; } if ($errors != 0) { rollback(); message($errorlist, $lang['Register']); } else { $newpass = $_POST['passwrd']; $UserName = CheckInputStrings($_POST['character']); $UserEmail = CheckInputStrings($_POST['email']); $UserPlanet = CheckInputStrings(addslashes($_POST['planet'])); $UserLang = $_POST['language']; $TimeZone = $UserLang == 'ja' ? 'Asia/Tokyo' : 'Asia/Shanghai'; $md5newpass = md5($newpass); // Creation de l'utilisateur $QryInsertUser = "******"; $QryInsertUser .= "`username` = '" . mysql_escape_string(strip_tags($UserName)) . "', "; $QryInsertUser .= "`lang` = '" . $UserLang . "', "; $QryInsertUser .= "`timezone` = '" . $TimeZone . "', "; $QryInsertUser .= "`email` = '" . mysql_escape_string($UserEmail) . "', "; $QryInsertUser .= "`email_2` = '" . mysql_escape_string($UserEmail) . "', "; $QryInsertUser .= "`sex` = '" . mysql_escape_string($_POST['sex']) . "', "; $QryInsertUser .= "`ip_at_reg` = '" . $_SERVER["REMOTE_ADDR"] . "', "; $QryInsertUser .= "`id_planet` = '0', "; $QryInsertUser .= "`register_time` = '" . time() . "', "; $QryInsertUser .= "`password`='" . $md5newpass . "';";
$clef = $_GET['clef']; //select de la table users_valid $QrySelectvalid = "SELECT * "; $QrySelectvalid .= "FROM {{table}} "; $QrySelectvalid .= "WHERE "; $QrySelectvalid .= "`username` = '" . $pseudo . "'"; $A_Valider = doquery($QrySelectvalid, 'users_valid', true); //on test le pseudo // Le meilleur moyen de voir si un nom d'utilisateur est pris c'est d'essayer de l'appeler !! $ExistPseudo = doquery("SELECT `username` FROM {{table}} WHERE `username` = '" . mysql_escape_string($_GET['pseudo']) . "' LIMIT 1;", 'users', true); //si tout est ok if ($A_Valider['clef'] = $_GET['clef'] && ($A_Valider['username'] = $_GET['pseudo'] && $A_Valider['username'] != $ExistPseudo['username'])) { $UserName = $_GET['pseudo']; $UserPass = CheckInputStrings($A_Valider['password']); $UserMail = CheckInputStrings($A_Valider['email']); $UserSex = CheckInputStrings($A_Valider['sex']); // Creation de l'utilisateur $QryInsertUser = "******"; $QryInsertUser .= "`username` = '" . mysql_escape_string($UserName) . "', "; $QryInsertUser .= "`email` = '" . mysql_escape_string($UserMail) . "', "; $QryInsertUser .= "`email_2` = '" . mysql_escape_string($UserMail) . "', "; $QryInsertUser .= "`sex` = '" . mysql_escape_string($UserSex) . "', "; $QryInsertUser .= "`id_planet` = '0', "; $QryInsertUser .= "`register_time` = '" . time() . "', "; $QryInsertUser .= "`password`='" . mysql_escape_string($UserPass) . "';"; doquery($QryInsertUser, 'users'); doquery("DELETE FROM {{table}} WHERE username='******' LIMIT 1;", 'users_valid'); } else { message($lang['Erreur_inscription']); } // On cherche le numero d'enregistrement de l'utilisateur fraichement créé