コード例 #1
0
 function MB_Convert_Encoding($str, $to_encoding, $from_encoding = Null)
 {
     if ($from_encoding == 'UTF-8' && $to_encoding == 'HTML-ENTITIES') {
         return HTMLSpecialChars_Decode(UTF8_Decode(HTMLEntities($str, ENT_QUOTES, 'utf-8', False)));
     } else {
         return @IConv($from_encoding, $to_encoding, $str);
     }
 }
function namecolor_form()
{
    $regname = get_player_basename();
    output("Your name currently is this:");
    rawoutput($regname);
    output(", which looks like %s`7`n`n", $regname);
    output("How would you like your name to look?`n");
    rawoutput("<form action='runmodule.php?module=namecolor&op=namepreview' method='POST'><input name='newname' value=\"" . HTMLEntities($regname, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\"> <input type='submit' class='button' value='Preview'></form>");
    addnav("", "runmodule.php?module=namecolor&op=namepreview");
}
function db_query($sql, $die = true)
{
    //debug("SQL Query: ".$sql);
    if (defined("DB_NODB") && !defined("LINK")) {
        return array();
    }
    global $session, $dbinfo, $allqueries, $allqueriesbyfile;
    $dbinfo['queriesthishit']++;
    $fname = DBTYPE . "_query";
    $starttime = getmicrotime();
    $thisquery = array();
    $thisquery['query'] = $sql;
    $r = $fname($sql, LINK);
    if (!$r && $die === true) {
        if (defined("IS_INSTALLER")) {
            return array();
        } else {
            if ($session['user']['superuser'] & SU_DEVELOPER || 1) {
                require_once "lib/show_backtrace.php";
                die("<pre>" . HTMLEntities($sql, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "</pre>" . db_error(LINK) . show_backtrace());
            } else {
                die("A most bogus error has occurred.  I apologise, but the page you were trying to access is broken.  Please use your browser's back button and try again.");
            }
        }
    }
    $endtime = getmicrotime();
    if ($endtime - $starttime >= 1.0 && $session['user']['superuser'] & SU_DEBUG_OUTPUT) {
        $s = trim($sql);
        if (strlen($s) > 800) {
            $s = substr($s, 0, 400) . " ... " . substr($s, strlen($s) - 400);
        }
        debug("Slow Query (" . round($endtime - $starttime, 2) . "s): " . HTMLEntities($s, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "`n");
    }
    $thisquery['time'] = round($endtime - $starttime, 5);
    $trace = debug_backtrace();
    $thisquery['file1'] = $trace[0]['file'];
    $thisquery['line1'] = $trace[0]['line'];
    $thisquery['file2'] = $trace[1]['file'];
    $thisquery['line2'] = $trace[1]['line'];
    $allqueries[] = $thisquery;
    $allqueriesbyfile[$thisquery['file1']]['time'] += $thisquery['time'];
    $allqueriesbyfile[$thisquery['file1']]['hits'] += 1;
    unset($dbinfo['affected_rows']);
    $dbinfo['affected_rows'] = db_affected_rows();
    $dbinfo['querytime'] += $endtime - $starttime;
    return $r;
}
コード例 #4
0
/**
 * Execute a SQLite query.
 * @return void
 */
function db_query(string $sql = '', bool $die = true)
{
    global $session, $dbinfo, $sqlite_resource;
    if (defined("DB_NODB") && !defined("LINK") && !is_object($sqlite_resource)) {
        return [];
    }
    $dbinfo['queriesthishit']++;
    $starttime = getmicrotime();
    //var_dump($sql);
    if (IS_INSTALLER) {
        $r = @$sqlite_resource->query($sql);
    } else {
        $r = $sqlite_resource->query($sql);
    }
    if (!$r && $die === true) {
        if (defined("IS_INSTALLER")) {
            return [];
        } else {
            if ($session['user']['superuser'] & SU_DEVELOPER || 1) {
                require_once "lib/show_backtrace.php";
                die("<pre>" . HTMLEntities($sql, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "</pre>" . db_error(LINK) . show_backtrace());
            } else {
                die("Please use your browser's back button and try again.");
            }
        }
    }
    $endtime = getmicrotime();
    if ($endtime - $starttime >= 1.0 && $session['user']['superuser'] & SU_DEBUG_OUTPUT) {
        $s = trim($sql);
        if (strlen($s) > 800) {
            $s = substr($s, 0, 400) . " ... " . substr($s, strlen($s) - 400);
        }
        debug("Slow Query (" . round($endtime - $starttime, 2) . "s): " . HTMLEntities($s, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "`n");
    }
    unset($dbinfo['affected_rows']);
    $dbinfo['affected_rows'] = db_affected_rows();
    $dbinfo['querytime'] += $endtime - $starttime;
    return $r;
}
コード例 #5
0
function redirect($location, $reason = false)
{
    global $session, $REQUEST_URI;
    // This function is deliberately not localized.  It is meant as error
    // handling.
    if (strpos($location, "badnav.php") === false) {
        //deliberately html in translations so admins can personalize this, also in once scheme
        $session['allowednavs'] = array();
        addnav("", $location);
        $session['output'] = "<a href=\"" . HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">" . translate_inline("Click here.", "badnav") . "</a>";
        $session['output'] .= translate_inline("<br><br>If you cannot leave this page, notify the staff via <a href='petition.php'>petition</a> and tell them where this happened and what you did. Thanks.", "badnav");
    }
    restore_buff_fields();
    $session['debug'] .= "Redirected to {$location} from {$REQUEST_URI}.  {$reason}<br>";
    saveuser();
    @header("Location: {$location}");
    //echo "<html><head><meta http-equiv='refresh' content='0;url=$location'></head></html>";
    //echo "<a href='$location'>$location</a><br><br>";
    //echo $location;
    //echo $session['debug'];
    exit;
}
function redirect($location, $reason = false)
{
    global $session, $REQUEST_URI;
    // This function is deliberately not localized.  It is meant as error
    // handling.
    if (strpos($location, "badnav.php") === false) {
        //deliberately html in translations so admins can personalize this, also in once scheme
        $session['allowednavs'] = array();
        addnav("", $location);
        addnav("", HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
        $session['output'] = "<a href=\"" . HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">" . translate_inline("Click here.", "badnav") . "</a>";
        $session['output'] .= translate_inline("<br><br><b>You've got a BadNav!</b>  <a href=\"http://enquirer.improbableisland.com/dokuwiki/doku.php?id=badnav\">Click here to find out what that is.</a>  If you see this message consistently, please add your tuppence'orth to <a href='http://enquirer.improbableisland.com/forum/viewtopic.php?showtopic=19239'>this forum thread</a>.<br /><br />If you cannot leave this page by clicking the first link above, notify the staff via <a href='petition.php'>petition</a> and tell them what you were doing just before this happened.  Also copy and paste everything that appears below this message.  Thanks!<br><br>BADNAV REPORT<br>Attempted redirect: \"" . $location . "\"<br>Sanitized attempted redirect: \"" . HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\"<br>Redirect reason: \"" . $reason . "\"", "badnav");
    }
    restore_buff_fields();
    $session['debug'] .= "Redirected to {$location} from {$REQUEST_URI}.  {$reason}<br>";
    saveuser();
    @header("Location: {$location}");
    //echo "<html><head><meta http-equiv='refresh' content='0;url=$location'></head></html>";
    //echo "<a href='$location'>$location</a><br><br>";
    //echo $location;
    //echo $session['debug'];
    exit;
}
コード例 #7
0
    if ($row['acctid'] > 0) {
        addnav("Edit User Record", "user.php?op=edit&userid={$row['acctid']}&returnpetition={$_GET['id']}");
    }
    output("`@From: ");
    $row[body] = stripslashes($row[body]);
    if ($row['login'] > "") {
        output("<a href=\"mail.php?op=write&to=" . rawurlencode($row[login]) . "&body=" . URLEncode("\n\n----- Your Petition -----\n" . $row[body]) . "&subject=RE:+Petition\" target=\"_blank\" onClick=\"" . popup("mail.php?op=write&to=" . rawurlencode($row[login]) . "&body=" . URLEncode("\n\n----- Your Petition -----\n" . $row[body]) . "&subject=RE:+Petition") . ";return false;\"><img src='images/newscroll.png' width='16' height='16' alt='Write Mail' border='0'></a>", true);
    }
    output("`^`b{$row['name']}`b`n");
    output("`@Date: `^`b{$row['date']}`b`n");
    output("`@Body:`^`n");
    $body = HTMLEntities($row[body]);
    $body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: Petition&body=" . str_replace("+", " ", URLEncode("\n\n----- Your Petition -----\n" . $row[body])) . "'>\\1</a>", $body);
    $body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
    $output .= "<span style='font-family: fixed-width'>" . nl2br($body) . "</span>";
    output("`n`@Commentary:`n");
    viewcommentary("pet-{$_GET['id']}", "Add", 200);
    if ($_GET['viewpageinfo']) {
        output("`n`n`@Page Info:`&`n");
        $row[pageinfo] = stripslashes($row[pageinfo]);
        $body = HTMLEntities($row[pageinfo]);
        $body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: Petition&body=" . str_replace("+", " ", URLEncode("\n\n----- Your Petition -----\n" . $row[body])) . "'>\\1</a>", $body);
        $body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
        $output .= "<span style='font-family: fixed-width'>" . nl2br($body) . "</span>";
    }
    if ($row[status] == 0) {
        $sql = "UPDATE petitions SET status=1 WHERE petitionid='{$_GET['id']}'";
        $result = db_query($sql);
    }
}
page_footer();
コード例 #8
0
ファイル: cron.php プロジェクト: draknyte1/mcstatus
function HandleNews($Data, $Code)
{
    if ($Code !== 200) {
        return;
    }
    global $PSA, $m;
    $Data = JSON_Decode($Data, true);
    if ($Data === false || empty($Data)) {
        $m->set('mc_status_mojang', '', 300);
        return;
    }
    $PSA = '';
    foreach ($Data as $Message) {
        if ($Message['game'] !== 'Minecraft') {
            continue;
        }
        if (!empty($PSA)) {
            $PSA .= '<hr class="dotted">';
        }
        $PSA .= '<h3 style="margin-top:0">' . HTMLEntities($Message['headline']) . ' <span class="muted" style="font-weight:400">(from <a href="http://help.mojang.com/">help.mojang.com</a>)</span></h3>' . $Message['message'];
    }
    $m->set('mc_status_mojang', $PSA, 300);
}
コード例 #9
0
    addnav("", "taunt.php?op=save&tauntid={$_GET['tauntid']}");
    if ($_GET['tauntid'] != "") {
        $sql = "SELECT * FROM taunts WHERE tauntid=\"{$_GET['tauntid']}\"";
        $result = db_query($sql) or die(db_error(LINK));
        $row = db_fetch_assoc($result);
        $taunt = $row['taunt'];
        $taunt = str_replace("%s", "him", $taunt);
        $taunt = str_replace("%o", "he", $taunt);
        $taunt = str_replace("%p", "his", $taunt);
        $taunt = str_replace("%x", "Pointy Twig", $taunt);
        $taunt = str_replace("%X", "Sharp Teeth", $taunt);
        $taunt = str_replace("%W", "Large Green Rat", $taunt);
        $taunt = str_replace("%w", "JoeBloe", $taunt);
        output("Preview: {$taunt}`0`n`n");
    }
    $output .= "Taunt: <input name='taunt' value=\"" . HTMLEntities($row['taunt']) . "\" size='70'><br>";
    output("The following codes are supported (case matters):`n");
    output("%w = Fight loser name`n");
    output("%x = Fight loser weapon`n");
    output("%s = Fight loser Subjective (him her)`n");
    output("%p = Fight loser possessive (his her)`n");
    output("%o = Fight loser objective (he she)`n");
    output("%W = Fight winner name`n");
    output("%X = Fight winner weapon`n");
    output("<input type='submit' class='button' value='Save'>", true);
    output("</form>", true);
} else {
    if ($_GET['op'] == "del") {
        $sql = "DELETE FROM taunts WHERE tauntid=\"{$_GET['tauntid']}\"";
        db_query($sql) or die(db_error(LINK));
        redirect("taunt.php?c=x");
コード例 #10
0
		output("<input type='hidden' name='to' value='".HTMLEntities($row['login'])."'><input type='hidden' name='amount' value='$amt'><input type='submit' class='button' value='Complete Transfer'></form>",true);
		addnav("","bank.php?op=transfer3");
	}elseif(db_num_rows($result)>100){
		output("The banker looks at you disgustedly and suggests you try narrowing down the field of who you want to send money to just a little bit!`n`n");
		output("<form action='bank.php?op=transfer2' method='POST'>Transfer <u>h</u>ow much: <input name='amount' id='amount' accesskey='h' width='5' value='$amt'>`n",true);
		output("T<u>o</u>: <input name='to' accesskey='o' value='". $_POST['to'] . "'> (partial names are ok, you will be asked to confirm the transaction before it occurs).`n",true);
		output("<input type='submit' class='button' value='Preview Transfer'></form>",true);
		output("<script language='javascript'>document.getElementById('amount').focus();</script>",true);
		addnav("","bank.php?op=transfer2");
	}elseif(db_num_rows($result)>1){
		output("<form action='bank.php?op=transfer3' method='POST'>",true);
		output("`6Transfer `^$amt`6 to <select name='to' class='input'>",true);
		for ($i=0;$i<db_num_rows($result);$i++){
			$row = db_fetch_assoc($result);
			//output($row[name]." ".$row[login]."`n");
			output("<option value=\"".HTMLEntities($row['login'])."\">".preg_replace("'[`].'","",$row['name'])."</option>",true);
		}
		output("</select><input type='hidden' name='amount' value='$amt'><input type='submit' class='button' value='Complete Transfer'></form>",true);
		addnav("","bank.php?op=transfer3");
	}else{
		output("`6No one matching that name could be found!  Please try again.");
	}
}else if($_GET['op']=="transfer3"){
	$amt = abs((int)$_POST['amount']);
	output("`6`bTransfer Completion`b`n");
	if ($session[user][gold]+$session[user][goldinbank]<$amt){
		output("`6How can you transfer `^$amt`6 gold when you only possess ".($session[user][gold]+$session[user][goldinbank])."`6?");
	}else{
		$sql = "SELECT name,acctid,level,transferredtoday FROM accounts WHERE login='******'to']}'";
		$result = db_query($sql);
		if (db_num_rows($result)==1){
$sql = "SELECT name,lastip,uniqueid FROM " . db_prefix("accounts") . " WHERE acctid=\"{$userid}\"";
$result = db_query($sql);
$row = db_fetch_assoc($result);
if ($row['name'] != "") {
    output("Setting up ban information based on `\$%s`0", $row['name']);
}
rawoutput("<form action='user.php?op=saveban' method='POST'>");
output("Set up a new ban by IP or by ID (recommended IP, though if you have several different users behind a NAT, you can try ID which is easily defeated)`n");
rawoutput("<input type='radio' value='ip' id='ipradio' name='type' checked>");
output("IP: ");
rawoutput("<input name='ip' id='ip' value=\"" . HTMLEntities($row['lastip'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">");
output_notl("`n");
rawoutput("<input type='radio' value='id' name='type'>");
output("ID: ");
rawoutput("<input name='id' value=\"" . HTMLEntities($row['uniqueid'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">");
output("`nDuration: ");
rawoutput("<input name='duration' id='duration' size='3' value='14'>");
output("Days (0 for permanent)`n");
$reason = httpget("reason");
if ($reason == "") {
    $reason = translate_inline("Don't mess with me.");
}
output("Reason for the ban: ");
rawoutput("<input name='reason' size=50 value=\"{$reason}\">");
output_notl("`n");
$pban = translate_inline("Post ban");
$conf = translate_inline("Are you sure you wish to issue a permanent ban?");
rawoutput("<input type='submit' class='button' value='{$pban}' onClick='if (document.getElementById(\"duration\").value==0) {return confirm(\"{$conf}\");} else {return true;}'>");
rawoutput("</form>");
output("For an IP ban, enter the beginning part of the IP you wish to ban if you wish to ban a range, or simply a full IP to ban a single IP`n`n");
コード例 #12
0
	$sql = "SELECT count,last,uri FROM referers WHERE site='".addslashes($row['site'])."' ORDER BY {$order}";
	$result1 = db_query($sql);
	$skippedcount=0;
	$skippedtotal=0;
	for ($k=0;$k<db_num_rows($result1);$k++){
		$row1=db_fetch_assoc($result1);
		$diffsecs = strtotime("now")-strtotime($row1['last']);
		if ($diffsecs<=604800){
			output("<tr class='trlight'><td>",true);
			output($row1['count']);
			output("</td><td valign='top'>",true);
			//output((int)($diffsecs/86400)."d".(int)($diffsecs/3600%3600)."h".(int)($diffsecs/60%60)."m".(int)($diffsecs%60)."s");
			output(dhms($diffsecs));
			output("</td><td valign='top'>",true);
			if ($row1['uri']>"")
				output("<a href='".HTMLEntities($row1['uri'])."' target='_blank'>".HTMLEntities(substr($row1['uri'],0,150))."</a>`n",true);
			else
				output("`i`bNone`b`i`n");
			output("</td></tr>",true);
		}else{
			$skippedcount++;
			$skippedtotal+=$row1['count'];
		}
	}
	if ($skippedcount>0){
		output("<tr class='trlight'><td>$skippedtotal</td><td valign='top' colspan='2'>`i$skippedcount records skipped (over a week old)`i</td></tr>",true);
	}
	//output("</td></tr>",true);
}
output("</table>",true);
page_footer();
コード例 #13
0
    output_notl("`^`b%s`b`n", $row['name']);
    output("`@Date: `^`b%s`b (%s)`n", $row['date'], relativedate($row['date']));
    output("`@Status: %s`n", $statuses[$row['status']]);
    if ($row['closedate'] != '0000-00-00 00:00:00') {
        output("`@Last Update: `^%s`@ on `^%s (%s)`n", $row['closer'], $row['closedate'], dhms(strtotime('now') - strtotime($row['closedate']), true));
    }
    output("`@Body:`^`n");
    $body = htmlentities(stripslashes($row['body']), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
    $body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: {$peti}&body=" . str_replace("+", " ", URLEncode("\n\n----- {$yourpeti} -----\n" . $row['body'])) . "'>\\1</a>", $body);
    $body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
    rawoutput("<span style='font-family: fixed-width'>" . nl2br($body) . "</span>");
    commentdisplay("`n`@Commentary:`0`n", "pet-{$id}", "Add information", 200);
    if ($viewpageinfo) {
        output("`n`n`@Page Info:`&`n");
        $row['pageinfo'] = stripslashes($row['pageinfo']);
        $body = HTMLEntities($row['pageinfo'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
        $body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: {$peti}&body=" . str_replace("+", " ", URLEncode("\n\n----- {$yourpeti} -----\n" . $row['body'])) . "'>\\1</a>", $body);
        $body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
        rawoutput("<pre>" . nl2br($body) . "</pre>");
    }
}
if ($id && $op != "") {
    $prevsql = "SELECT p1.petitionid, p1.status FROM " . db_prefix("petitions") . " AS p1, " . db_prefix("petitions") . " AS p2\n            WHERE p1.petitionid<'{$id}' AND p2.petitionid='{$id}' AND p1.status=p2.status ORDER BY p1.petitionid DESC LIMIT 1";
    $prevresult = db_query($prevsql);
    $prevrow = db_fetch_assoc($prevresult);
    if ($prevrow) {
        $previd = $prevrow['petitionid'];
        $s = $prevrow['status'];
        $status = $statuses[$s];
        addnav("Navigation");
        addnav(array("Previous %s", $status), "viewpetition.php?op=view&id={$previd}");
コード例 #14
0
     addnav("Refresh the list", "inn.php?op=bartender&act=listupstairs");
     output("%s`0 lays out a set of keys on the counter top, and tells you which key opens whose room.  The choice is yours, you may sneak in and attack any one of them.", $barkeep);
     pvplist($iname, "pvp.php", "?act=attack&inn=1");
 } else {
     if ($act == "colors") {
         output("%s`0 leans on the bar.  \"`%So you want to know about colors, do you?`0\" he asks.", $barkeep);
         output("You are about to answer when you realize the question was posed in the rhetoric.");
         output("%s`0 continues, \"`%To do colors, here's what you need to do.", $barkeep);
         output(" First, you use a &#0096; mark (found right above the tab key) followed by 1, 2, 3, 4, 5, 6, 7, !, @, #, \$, %, ^, &.", true);
         output("Each of those corresponds with a color to look like this:");
         output_notl("`n`1&#0096;1 `2&#0096;2 `3&#0096;3 `4&#0096;4 `5&#0096;5 `6&#0096;6 `7&#0096;7 ", true);
         output_notl("`n`!&#0096;! `@&#0096;@ `#&#0096;# `\$&#0096;\$ `%&#0096;% `^&#0096;^ `&&#0096;& `n", true);
         output("`% Got it?`0\"  You can practice below:");
         rawoutput("<form action=\"{$REQUEST_URI}\" method='POST'>", true);
         $testtext = httppost('testtext');
         output("You entered %s`n", prevent_colors(HTMLEntities($testtext, ENT_COMPAT, getsetting("charset", "ISO-8859-1"))), true);
         output("It looks like %s`n", $testtext);
         $try = translate_inline("Try");
         rawoutput("<input name='testtext' id='input'>");
         rawoutput("<input type='submit' class='button' value='{$try}'>");
         rawoutput("</form>");
         rawoutput("<script language='javascript'>document.getElementById('input').focus();</script>");
         output("`0`n`nThese colors can be used in your name, and in any conversations you have.");
         addnav("", $REQUEST_URI);
     } else {
         if ($act == "specialty") {
             $specialty = httpget('specialty');
             if ($specialty == "") {
                 output("\"`2I want to change my specialty,`0\" you announce to %s`0.`n`n", $barkeep);
                 output("With out a word, %s`0 grabs you by the shirt, pulls you over the counter, and behind the barrels behind him.", $barkeep);
                 output("There, he rotates the tap on a small keg labeled \"Fine Swill XXX\"`n`n");
        rawoutput("<input name='name' id='name'> <input type='submit' class='button' value='{$submit}'>");
        rawoutput("</form>");
        rawoutput("<script language='JavaScript'>document.getElementById('name').focus()</script>");
    } else {
        output("Which player did you mean?`n`n");
        rawoutput("<table cellpadding='3' cellspacing='0' border='0'>");
        rawoutput("<tr class='trhead'><td>Name</td><td>Level</td></tr>");
        for ($i = 0; $i < db_num_rows($result); $i++) {
            $row = db_fetch_assoc($result);
            rawoutput("<tr class='" . ($i % 2 ? "trlight" : "trdark") . "'><td>");
            rawoutput("<a href='runmodule.php?module=dwellingseditor&op=keys&subop=givekey3&keyid={$keyid}&dwid={$dwid}&keyowner=" . HTMLEntities($row['acctid']) . "'>");
            output_notl($row['name']);
            rawoutput("</a></td><td>");
            output_notl($row['level']);
            rawoutput("</td></tr>");
            addnav("", "runmodule.php?module=dwellingseditor&op=keys&subop=givekey3&keyid={$keyid}&dwid={$dwid}&keyowner=" . HTMLEntities($row['acctid']));
        }
        rawoutput("</table>");
    }
}
if ($subop == "givekey3") {
    $keyowner = httpget('keyowner');
    if ($keyid == "") {
        $sql = "SELECT keyid FROM " . db_prefix("dwellingkeys") . " WHERE keyowner = 0 AND dwid = {$dwid} LIMIT 1";
        $result = db_query($sql);
        $row = db_fetch_assoc($result);
        $keyid = $row['keyid'];
    }
    if ($keyid == "") {
        $sql = "INSERT INTO " . db_prefix("dwellingkeys") . " (dwid,dwidowner,keyowner) VALUES ({$dwid}," . $session['user']['acctid'] . ",{$keyowner})";
    } else {
コード例 #16
0
            //$session[user][hitpoints]=0;
            //$session[user][alive]=0;
            $session['user']['experience'] = round($session['user']['experience'] * 0.9, 0);
            addnews($session['user']['name'] . " was penalized for attempting to defile the gods.");
            output("You've attempted to defile the gods.  You are struck with a wand of forgetfulness.  Some of what you knew, you no longer know.");
            saveuser();
        }
    }
}
if ($_GET['op'] == "add") {
    if ($session['user']['superuser'] >= 3) {
        if ($_POST['subject'] == "" || $_POST['body'] == "") {
            output("<form action='motd.php?op=add' method='POST'>", true);
            addnav("", "motd.php?op=add");
            output("<input type='text' size='50' name='subject' value='" . HTMLEntities(stripslashes($_POST['subject'])) . "'>`n", true);
            output("<textarea class='input' name='body' cols='37' rows='5'>" . HTMLEntities(stripslashes($_POST['body'])) . "</textarea>`n", true);
            output("<input type='submit' class='button' value='Add'></form>", true);
        } else {
            $sql = "INSERT INTO motd (motdtitle,motdbody,motddate) VALUES ('" . $_POST['subject'] . "','" . $_POST['body'] . "',now())";
            db_query($sql);
            header("Location: motd.php");
            exit;
        }
    } else {
        if ($session['user']['loggedin']) {
            //$session[user][hitpoints]=0;
            //$session[user][alive]=0;
            $session['user']['experience'] = round($session['user']['experience'] * 0.9, 0);
            addnews($session['user']['name'] . " was penalized for attempting to defile the gods.");
            output("You've attempted to defile the gods.  You are struck with a wand of forgetfulness.  Some of what you knew, you no longer know.");
            saveuser();
コード例 #17
0
		if (count($skins)==0){
			output("`b`@Aww, your administrator has decided you're not allowed to have any skins.  Complain to them, not me.`n");
		}else{
			output("<b>Skin:</b><br>",true);
			while (list($key,$val)=each($skins)){
				output("<input type='radio' name='template' value='$val'".($_COOKIE['template']==""&&$val=="yarbrough.htm" || $_COOKIE['template']==$val?" checked":"").">".substr($val,0,strpos($val,".htm"))."<br>",true);
			}
		}
	}else{
		output("`c`b`\$ERROR!!!`b`c`&Unable to open the templates folder!  Please notify the administrator!!");
	}
	
	output("
	New Password: <input name='pass1' type='password'> (leave blank if you don't want to change it)`n
	Retype: <input name='pass2' type='password'>`n
	Email address: <input name='email' value=\"".HTMLEntities($session['user']['emailaddress'])."\">`n
	",true);
	$prefs = $session['user']['prefs'];
	$prefs['bio'] = $session['user']['bio'];
	showform($form,$prefs);
	output("
	</form>",true);
	addnav("","prefs.php?op=save");

	// Stop clueless lusers from deleting their character just because a
	// monster killed them.
	if ($session['user']['alive'] && getsetting("selfdelete",0)!=0) {
		output("<form action='prefs.php?op=suicide&userid={$session['user']['acctid']}' method='POST'>",true);
		output("<input type='submit' class='button' value='Delete Character' onClick='return confirm(\"Are you sure you wish to delete your character?\");'>", true);
		output("</form>",true);
		addnav("","prefs.php?op=suicide&userid={$session['user']['acctid']}");
コード例 #18
0
		echo "Ok - added";
	}
}elseif ($_GET[op]=="net"){
	$sql = "SELECT address,description FROM logdnet WHERE lastupdate > '".date("Y-m-d H:i:s",strtotime("-7 days"))."' ORDER BY priority DESC";
	$result=db_query($sql);
	for ($i=0;$i<db_num_rows($result);$i++){
		$row = db_fetch_assoc($result);
		$row = serialize($row);
		echo $row."\n";
	}
}else{
	page_header("LoGD Net");
	//$sql = "SELECT * FROM logdnet ORDER BY priority DESC";
	//$result=db_query($sql);
	addnav("Return to the login page","index.php");
	output("`@Below are a list of other LoGD servers that have registered with the LoGD Net.");
	output("<table>",true);
	$servers=file(getsetting("logdnetserver","http://lotgd.net/")."logdnet.php?op=net");
	while (list($key,$val)=each($servers)){
		$row=unserialize($val);
		if (trim($row[description])=="") $row[description]="Another LoGD Server";
		if (substr($row[address],0,7)!="http://"){
		
		}else{
			output("<tr><td><a href='".HTMLEntities($row[address])."' target='_blank'>".soap(HTMLEntities($row[description]))."`0</a></td></tr>",true);
		}
	}
	output("</table>",true);
	page_footer();
}
?>
コード例 #19
0
function viewcommentary($section, $message = "Interject your own commentary?", $limit = 10, $talkline = "says", $schema = false)
{
    global $session, $REQUEST_URI, $doublepost, $translation_namespace;
    global $emptypost;
    rawoutput("<a name='{$section}'></a>");
    // Let's add a hook for modules to block commentary sections
    $args = modulehook("blockcommentarea", array("section" => $section));
    if (isset($args['block']) && $args['block'] == "yes") {
        return;
    }
    if ($schema === false) {
        $schema = $translation_namespace;
    }
    tlschema("commentary");
    $nobios = array("motd.php" => true);
    if (!array_key_exists(basename($_SERVER['SCRIPT_NAME']), $nobios)) {
        $nobios[basename($_SERVER['SCRIPT_NAME'])] = false;
    }
    if ($nobios[basename($_SERVER['SCRIPT_NAME'])]) {
        $linkbios = false;
    } else {
        $linkbios = true;
    }
    if ($message == "X") {
        $linkbios = true;
    }
    if ($doublepost) {
        output("`\$`bDouble post?`b`0`n");
    }
    if ($emptypost) {
        output("`\$`bWell, they say silence is a virtue.`b`0`n");
    }
    $clanrankcolors = array("`!", "`#", "`^", "`&", "`\$");
    // Needs to be here because scrolling through the commentary pages, entering a bio, then scrolling again forward
    // then re-entering another bio will lead to $com being smaller than 0 and this will lead to an SQL error later on.
    $com = (int) httpget("comscroll");
    if ($com < 0) {
        $com = 0;
    }
    $cc = false;
    if (httpget("comscroll") !== false && (int) $session['lastcom'] == $com + 1) {
        $cid = (int) $session['lastcommentid'];
    } else {
        $cid = 0;
    }
    $session['lastcom'] = $com;
    if ($com > 0 || $cid > 0) {
        // Find newly added comments.
        $sql = "SELECT COUNT(commentid) AS newadded FROM " . db_prefix("commentary") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("commentary") . ".author WHERE section='{$section}' AND " . "(" . db_prefix("accounts") . ".locked=0 or " . db_prefix('accounts') . ".locked is null) AND commentid > '{$cid}'";
        $result = db_query($sql);
        $row = db_fetch_assoc($result);
        $newadded = $row['newadded'];
    } else {
        $newadded = 0;
    }
    $commentbuffer = array();
    if ($cid == 0) {
        $sql = "SELECT " . db_prefix("commentary") . ".*, " . db_prefix("accounts") . ".name, " . db_prefix("accounts") . ".acctid, " . db_prefix("accounts") . ".clanrank, " . db_prefix("clans") . ".clanshort FROM " . db_prefix("commentary") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("commentary") . ".author LEFT JOIN " . db_prefix("clans") . " ON " . db_prefix("clans") . ".clanid=" . db_prefix("accounts") . ".clanid WHERE section = '{$section}' AND " . "( " . db_prefix("accounts") . ".locked=0 OR " . db_prefix("accounts") . ".locked is null ) " . "ORDER BY commentid DESC LIMIT " . $com * $limit . ",{$limit}";
        if ($com == 0 && strstr($_SERVER['REQUEST_URI'], "/moderate.php") !== $_SERVER['REQUEST_URI']) {
            $result = db_query_cached($sql, "comments-{$section}");
        } else {
            $result = db_query($sql);
        }
        while ($row = db_fetch_assoc($result)) {
            $commentbuffer[] = $row;
        }
    } else {
        $sql = "SELECT " . db_prefix("commentary") . ".*, " . db_prefix("accounts") . ".name, " . db_prefix("accounts") . ".acctid, " . db_prefix("accounts") . ".clanrank, " . db_prefix("clans") . ".clanshort FROM " . db_prefix("commentary") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("commentary") . ".author LEFT JOIN " . db_prefix("clans") . " ON " . db_prefix("clans") . ".clanid=" . db_prefix("accounts") . ".clanid WHERE section = '{$section}' AND " . "( " . db_prefix("accounts") . ".locked=0 OR " . db_prefix("accounts") . ".locked is null ) " . "AND commentid > '{$cid}' " . "ORDER BY commentid ASC LIMIT {$limit}";
        $result = db_query($sql);
        while ($row = db_fetch_assoc($result)) {
            $commentbuffer[] = $row;
        }
        $commentbuffer = array_reverse($commentbuffer);
    }
    $rowcount = count($commentbuffer);
    if ($rowcount > 0) {
        $session['lastcommentid'] = $commentbuffer[0]['commentid'];
    }
    $counttoday = 0;
    for ($i = 0; $i < $rowcount; $i++) {
        $row = $commentbuffer[$i];
        $row['comment'] = comment_sanitize($row['comment']);
        $commentids[$i] = $row['commentid'];
        if (date("Y-m-d", strtotime($row['postdate'])) == date("Y-m-d")) {
            if ($row['name'] == $session['user']['name']) {
                $counttoday++;
            }
        }
        $x = 0;
        $ft = "";
        for ($x = 0; strlen($ft) < 5 && $x < strlen($row['comment']); $x++) {
            if (substr($row['comment'], $x, 1) == "`" && strlen($ft) == 0) {
                $x++;
            } else {
                $ft .= substr($row['comment'], $x, 1);
            }
        }
        $link = "bio.php?char=" . $row['acctid'] . "&ret=" . URLEncode($_SERVER['REQUEST_URI']);
        if (substr($ft, 0, 2) == "::") {
            $ft = substr($ft, 0, 2);
        } elseif (substr($ft, 0, 1) == ":") {
            $ft = substr($ft, 0, 1);
        } elseif (substr($ft, 0, 3) == "/me") {
            $ft = substr($ft, 0, 3);
        }
        $row['comment'] = holidayize($row['comment'], 'comment');
        $row['name'] = holidayize($row['name'], 'comment');
        if ($row['clanrank']) {
            $row['name'] = ($row['clanshort'] > "" ? "{$clanrankcolors[ceil($row['clanrank'] / 10)]}&lt;`2{$row['clanshort']}{$clanrankcolors[ceil($row['clanrank'] / 10)]}&gt; `&" : "") . $row['name'];
        }
        if ($ft == "::" || $ft == "/me" || $ft == ":") {
            $x = strpos($row['comment'], $ft);
            if ($x !== false) {
                if ($linkbios) {
                    $op[$i] = str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0<a href='{$link}' style='text-decoration: none'>\n`&{$row['name']}`0</a>\n`& " . str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
                } else {
                    $op[$i] = str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`&{$row['name']}`0`& " . str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
                }
                $rawc[$i] = str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`&{$row['name']}`0`& " . str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
            }
        }
        if ($ft == "/game" && !$row['name']) {
            $x = strpos($row['comment'], $ft);
            if ($x !== false) {
                $op[$i] = str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`&" . str_replace("&amp;", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
            }
        }
        if (!isset($op) || !is_array($op)) {
            $op = array();
        }
        if (!array_key_exists($i, $op) || $op[$i] == "") {
            if ($linkbios) {
                $op[$i] = "`0<a href='{$link}' style='text-decoration: none'>`&{$row['name']}`0</a>`3 says, \"`#" . str_replace("&amp;", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`3\"`0`n";
            } elseif (substr($ft, 0, 5) == '/game' && !$row['name']) {
                $op[$i] = str_replace("&amp;", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
            } else {
                $op[$i] = "`&{$row['name']}`3 says, \"`#" . str_replace("&amp;", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`3\"`0`n";
            }
            $rawc[$i] = "`&{$row['name']}`3 says, \"`#" . str_replace("&amp;", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`3\"`0`n";
        }
        if (!array_key_exists('timestamp', $session['user']['prefs'])) {
            $session['user']['prefs']['timestamp'] = 0;
        }
        $session['user']['prefs']['timeoffset'] = round($session['user']['prefs']['timeoffset'], 1);
        if ($session['user']['prefs']['timestamp'] == 1) {
            if (!isset($session['user']['prefs']['timeformat'])) {
                $session['user']['prefs']['timeformat'] = "[m/d h:ia]";
            }
            $time = strtotime($row['postdate']) + $session['user']['prefs']['timeoffset'] * 60 * 60;
            $s = date("`7" . $session['user']['prefs']['timeformat'] . "`0 ", $time);
            $op[$i] = $s . $op[$i];
        } elseif ($session['user']['prefs']['timestamp'] == 2) {
            $s = reltime(strtotime($row['postdate']));
            $op[$i] = "`7({$s})`0 " . $op[$i];
        }
        if ($message == "X") {
            $op[$i] = "`0({$row['section']}) " . $op[$i];
        }
        if ($row['postdate'] >= $session['user']['recentcomments']) {
            $op[$i] = "<img src='images/new.gif' alt='&gt;' width='3' height='5' align='absmiddle'> " . $op[$i];
        }
        addnav("", $link);
        $auth[$i] = $row['author'];
        if (isset($rawc[$i])) {
            $rawc[$i] = full_sanitize($rawc[$i]);
            $rawc[$i] = htmlentities($rawc[$i], ENT_QUOTES, getsetting("charset", "ISO-8859-1"));
        }
    }
    $i--;
    $outputcomments = array();
    $sect = "x";
    $moderating = false;
    if ($session['user']['superuser'] & SU_EDIT_COMMENTS && $message == "X") {
        $moderating = true;
    }
    $del = translate_inline("Del");
    $scriptname = substr($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], "/") + 1);
    $pos = strpos($_SERVER['REQUEST_URI'], "?");
    $return = $scriptname . ($pos == false ? "" : substr($_SERVER['REQUEST_URI'], $pos));
    $one = strstr($return, "?") == false ? "?" : "&";
    for (; $i >= 0; $i--) {
        $out = "";
        if ($moderating) {
            if ($session['user']['superuser'] & SU_EDIT_USERS) {
                $out .= "`0[ <input type='checkbox' name='comment[{$commentids[$i]}]'> | <a href='user.php?op=setupban&userid=" . $auth[$i] . "&reason=" . rawurlencode($rawc[$i]) . "'>Ban</a> ]&nbsp;";
                addnav("", "user.php?op=setupban&userid={$auth[$i]}&reason=" . rawurlencode($rawc[$i]));
            } else {
                $out .= "`0[ <input type='checkbox' name='comment[{$commentids[$i]}]'> ]&nbsp;";
            }
            $matches = array();
            preg_match("/[(]([^)]*)[)]/", $op[$i], $matches);
            $sect = trim($matches[1]);
            if (substr($sect, 0, 5) != "clan-" || $sect == $section) {
                if (substr($sect, 0, 4) != "pet-") {
                    $out .= $op[$i];
                    if (!isset($outputcomments[$sect]) || !is_array($outputcomments[$sect])) {
                        $outputcomments[$sect] = array();
                    }
                    array_push($outputcomments[$sect], $out);
                }
            }
        } else {
            if ($session['user']['superuser'] & SU_EDIT_COMMENTS) {
                $out .= "`2[<a href='" . $return . $one . "removecomment={$commentids[$i]}&section={$section}&returnpath=" . URLEncode($return) . "'>{$del}</a>`2]`0&nbsp;";
                addnav("", $return . $one . "removecomment={$commentids[$i]}&section={$section}&returnpath=" . URLEncode($return) . "");
            }
            $out .= $op[$i];
            if (!array_key_exists($sect, $outputcomments) || !is_array($outputcomments[$sect])) {
                $outputcomments[$sect] = array();
            }
            array_push($outputcomments[$sect], $out);
        }
    }
    if ($moderating) {
        $scriptname = substr($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], "/") + 1);
        addnav("", "{$scriptname}?op=commentdelete&return=" . URLEncode($_SERVER['REQUEST_URI']));
        $mod_Del1 = htmlentities(translate_inline("Delete Checked Comments"), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
        $mod_Del2 = htmlentities(translate_inline("Delete Checked & Ban (3 days)"), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
        $mod_Del_confirm = addslashes(htmlentities(translate_inline("Are you sure you wish to ban this user and have you specified the exact reason for the ban, i.e. cut/pasted their offensive comments?"), ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
        $mod_reason = translate_inline("Reason:");
        $mod_reason_desc = htmlentities(translate_inline("Banned for comments you posted."), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
        output_notl("<form action='{$scriptname}?op=commentdelete&return=" . URLEncode($_SERVER['REQUEST_URI']) . "' method='POST'>", true);
        output_notl("<input type='submit' class='button' value=\"{$mod_Del1}\">", true);
        output_notl("<input type='submit' class='button' name='delnban' value=\"{$mod_Del2}\" onClick=\"return confirm('{$mod_Del_confirm}');\">", true);
        output_notl("`n{$mod_reason} <input name='reason0' size='40' value=\"{$mod_reason_desc}\" onChange=\"document.getElementById('reason').value=this.value;\">", true);
    }
    //output the comments
    ksort($outputcomments);
    reset($outputcomments);
    $sections = commentarylocs();
    $needclose = 0;
    while (list($sec, $v) = each($outputcomments)) {
        if ($sec != "x") {
            if ($needclose) {
                modulehook("}collapse");
            }
            output_notl("`n<hr><a href='moderate.php?area=%s'>`b`^%s`0`b</a>`n", $sec, isset($sections[$sec]) ? $sections[$sec] : "({$sec})", true);
            addnav("", "moderate.php?area={$sec}");
            modulehook("collapse{", array("name" => "com-" . $sec));
            $needclose = 1;
        } else {
            modulehook("collapse{", array("name" => "com-" . $section));
            $needclose = 1;
        }
        reset($v);
        while (list($key, $val) = each($v)) {
            $args = array('commentline' => $val);
            $args = modulehook("viewcommentary", $args);
            $val = $args['commentline'];
            output_notl($val, true);
        }
    }
    if ($moderating && $needclose) {
        modulehook("}collapse");
        $needclose = 0;
    }
    if ($moderating) {
        output_notl("`n");
        rawoutput("<input type='submit' class='button' value=\"{$mod_Del1}\">");
        rawoutput("<input type='submit' class='button' name='delnban' value=\"{$mod_Del2}\" onClick=\"return confirm('{$mod_Del_confirm}');\">");
        output_notl("`n%s ", $mod_reason);
        rawoutput("<input name='reason' size='40' id='reason' value=\"{$mod_reason_desc}\">");
        rawoutput("</form>");
        output_notl("`n");
    }
    if ($session['user']['loggedin']) {
        $args = modulehook("insertcomment", array("section" => $section));
        if (array_key_exists("mute", $args) && $args['mute'] && !($session['user']['superuser'] & SU_EDIT_COMMENTS)) {
            output_notl("%s", $args['mutemsg']);
        } elseif ($counttoday < $limit / 2 || $session['user']['superuser'] & ~SU_DOESNT_GIVE_GROTTO || !getsetting('postinglimit', 1)) {
            if ($message != "X") {
                $message = "`n`@{$message}`n";
                output($message);
                talkform($section, $talkline, $limit, $schema);
            }
        } else {
            $message = "`n`@{$message}`n";
            output($message);
            output("Sorry, you've exhausted your posts in this section for now.`0`n");
        }
    }
    $jump = false;
    if (!isset($session['user']['prefs']['nojump']) || $session['user']['prefs']['nojump'] == false) {
        $jump = true;
    }
    $firstu = translate_inline("&lt;&lt; First Unseen");
    $prev = translate_inline("&lt; Previous");
    $ref = translate_inline("Refresh");
    $next = translate_inline("Next &gt;");
    $lastu = translate_inline("Last Page &gt;&gt;");
    if ($rowcount >= $limit || $cid > 0) {
        $sql = "SELECT count(commentid) AS c FROM " . db_prefix("commentary") . " WHERE section='{$section}' AND postdate > '{$session['user']['recentcomments']}'";
        $r = db_query($sql);
        $val = db_fetch_assoc($r);
        $val = round($val['c'] / $limit + 0.5, 0) - 1;
        if ($val > 0) {
            $first = comscroll_sanitize($REQUEST_URI) . "&comscroll=" . $val;
            $first = str_replace("?&", "?", $first);
            if (!strpos($first, "?")) {
                $first = str_replace("&", "?", $first);
            }
            $first .= "&refresh=1";
            if ($jump) {
                $first .= "#{$section}";
            }
            output_notl("<a href=\"{$first}\">{$firstu}</a>", true);
            addnav("", $first);
        } else {
            output_notl($firstu, true);
        }
        $req = comscroll_sanitize($REQUEST_URI) . "&comscroll=" . ($com + 1);
        $req = str_replace("?&", "?", $req);
        if (!strpos($req, "?")) {
            $req = str_replace("&", "?", $req);
        }
        $req .= "&refresh=1";
        if ($jump) {
            $req .= "#{$section}";
        }
        output_notl("<a href=\"{$req}\">{$prev}</a>", true);
        addnav("", $req);
    } else {
        output_notl("{$firstu} {$prev}", true);
    }
    $last = appendlink(comscroll_sanitize($REQUEST_URI), "refresh=1");
    // Okay.. we have some smart-ass (or stupidass, you guess) players
    // who think that the auto-reload firefox plugin is a good way to
    // avoid our timeouts.  Won't they be surprised when I take that little
    // hack away.
    $last = appendcount($last);
    $last = str_replace("?&", "?", $last);
    if ($jump) {
        $last .= "#{$section}";
    }
    //if (!strpos($last,"?")) $last = str_replace("&","?",$last);
    //debug($last);
    output_notl("&nbsp;<a href=\"{$last}\">{$ref}</a>&nbsp;", true);
    addnav("", $last);
    if ($com > 0 || $cid > 0 && $newadded > $limit) {
        $req = comscroll_sanitize($REQUEST_URI) . "&comscroll=" . ($com - 1);
        $req = str_replace("?&", "?", $req);
        if (!strpos($req, "?")) {
            $req = str_replace("&", "?", $req);
        }
        $req .= "&refresh=1";
        if ($jump) {
            $req .= "#{$section}";
        }
        output_notl(" <a href=\"{$req}\">{$next}</a>", true);
        addnav("", $req);
        output_notl(" <a href=\"{$last}\">{$lastu}</a>", true);
    } else {
        output_notl("{$next} {$lastu}", true);
    }
    if (!$cc) {
        db_free_result($result);
    }
    tlschema();
    if ($needclose) {
        modulehook("}collapse");
    }
}
function motd_poll_form()
{
    global $session;
    $subject = httppost('subject');
    $body = httppost('body');
    if ($subject == "" || $body == "") {
        output("`\$NOTE:`^ Polls cannot be edited after they are begun in order to ensure fairness and accuracy of results.`0`n`n");
        rawoutput("<form action='motd.php?op=addpoll' method='POST'>");
        addnav("", "motd.php?op=add");
        output("Subject: ");
        rawoutput("<input type='text' size='50' name='subject' value=\"" . HTMLEntities(stripslashes($subject), ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\"><br/>");
        output("Body:`n");
        rawoutput("<textarea class='input' name='body' cols='37' rows='5'>" . HTMLEntities(stripslashes($body), ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "</textarea><br/>");
        $option = translate_inline("Option");
        output("Choices:`n");
        $pollitem = "{$option} <input name='opt[]'><br/>";
        rawoutput($pollitem);
        rawoutput($pollitem);
        rawoutput($pollitem);
        rawoutput($pollitem);
        rawoutput($pollitem);
        rawoutput("<div id='hidepolls'>");
        rawoutput("</div>");
        rawoutput("<script language='JavaScript'>document.getElementById('hidepolls').innerHTML = '';</script>", true);
        $addi = translate_inline("Add Poll Item");
        $add = translate_inline("Add");
        rawoutput("<a href=\"#\" onClick=\"javascript:document.getElementById('hidepolls').innerHTML += '" . addslashes($pollitem) . "'; return false;\">{$addi}</a><br>");
        rawoutput("<input type='submit' class='button' value='{$add}'></form>");
    } else {
        $opt = httppost("opt");
        $body = array("body" => $body, "opt" => $opt);
        $sql = "INSERT INTO " . db_prefix("motd") . " (motdtitle,motdbody,motddate,motdtype,motdauthor) VALUES (\"{$subject}\",\"" . addslashes(serialize($body)) . "\",'" . date("Y-m-d H:i:s") . "',1,'{$session['user']['acctid']}')";
        db_query($sql);
        invalidatedatacache("motd");
        invalidatedatacache("lastmotd");
        invalidatedatacache("motddate");
        header("Location: motd.php");
        exit;
    }
}
コード例 #21
0
	$res = db_query($sql);
	$sql = "DELETE FROM accounts WHERE acctid='$_GET[userid]'";
	db_query($sql);
	output( db_affected_rows()." user deleted.");
	while ($row = db_fetch_assoc($res)) {
		addnews("`#{$row['name']} was unmade by the gods.");
	}
}elseif($_GET[op]=="setupban"){
	$sql = "SELECT name,lastip,uniqueid FROM accounts WHERE acctid=\"$_GET[userid]\"";
	$result = db_query($sql) or die(db_error(LINK));
	$row = db_fetch_assoc($result);
	if ($row[name]!="") output("Setting up ban information based on `\$$row[name]`0");
	output("<form action='user.php?op=saveban' method='POST'>",true);
	output("Set up a new ban by IP or by ID (recommended IP, though if you have several different users behind a NAT, you can try ID which is easily defeated)`n");
	output("<input type='radio' value='ip' name='type' checked> IP: <input name='ip' value=\"".HTMLEntities($row[lastip])."\">`n",true);
	output("<input type='radio' value='id' name='type'> ID: <input name='id' value=\"".HTMLEntities($row[uniqueid])."\">`n",true);
	output("Duration: <input name='duration' id='duration' size='3' value='14'> days (0 for permanent)`n",true);
	output("Reason for the ban: <input name='reason' value=\"Don't mess with me.\">`n",true);
	output("<input type='submit' class='button' value='Post Ban' onClick='if (document.getElementById(\"duration\").value==0) {return confirm(\"Are you sure you wish to issue a permanent ban?\");} else {return true;}'></form>",true);
	output("For an IP ban, enter the beginning part of the IP you wish to ban if you wish to ban a range, or simply a full IP to ban a single IP");
	addnav("","user.php?op=saveban");
}elseif($_GET[op]=="saveban"){
	$sql = "INSERT INTO bans (";
	if ($_POST[type]=="ip"){
		$sql.="ipfilter";
	}else{
		$sql.="uniqueid";
	}
	$sql.=",banexpire,banreason) VALUES (";
	if ($_POST[type]=="ip"){
		$sql.="\"$_POST[ip]\"";
         }
         output_notl("</select>`n", true);
     }
 }
 rawoutput("<script language='JavaScript'>\r\n\tvar superusers = new Array();");
 while (list($key, $val) = each($superusers)) {
     rawoutput("\tsuperusers['" . addslashes($val) . "'] = true;");
 }
 rawoutput("</script>");
 output("`2Subject:");
 rawoutput("<input name='subject' value=\"" . HTMLEntities($subject) . HTMLEntities(stripslashes(httpget('subject'))) . "\"><br>");
 rawoutput("<div id='warning' style='visibility: hidden; display: none;'>");
 output("`2Notice: `^{$superusermessage}`n");
 rawoutput("</div>");
 output("`2Body:`n");
 rawoutput("<textarea name='body' id='textarea' class='input' cols='60' rows='9' onKeyUp='sizeCount(this);'>" . HTMLEntities($body) . HTMLEntities(stripslashes(httpget('body'))) . "</textarea><br>");
 $send = translate_inline("Send");
 rawoutput("<table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td><input type='submit' class='button' value='{$send}'></td><td align='right'><div id='sizemsg'></div></td></tr></table>");
 output_notl("</form>", true);
 $sizemsg = "`3Max message size is `@%s`3, you have `^XX`3 characters left.";
 $sizemsg = translate_inline($sizemsg);
 $sizemsg = sprintf($sizemsg, getsetting("mailsizelimit", 1024));
 $sizemsgover = "`\$Max message size is `@%s`\$, you are over by `^XX`\$ characters!";
 $sizemsgover = translate_inline($sizemsgover);
 $sizemsgover = sprintf($sizemsgover, getsetting("mailsizelimit", 1024));
 $sizemsg = explode("XX", $sizemsg);
 $sizemsgover = explode("XX", $sizemsgover);
 $usize1 = addslashes("<span>" . appoencode($sizemsg[0]) . "</span>");
 $usize2 = addslashes("<span>" . appoencode($sizemsg[1]) . "</span>");
 $osize1 = addslashes("<span>" . appoencode($sizemsgover[0]) . "</span>");
 $osize2 = addslashes("<span>" . appoencode($sizemsgover[1]) . "</span>");
コード例 #23
0
	`n`n
	How does the site know that I referred a person?`n
  Easy!  When you tell your friends about this site, give out the following link:`n`n
  ".getsetting("serverurl","http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['REQUEST_URI']))."referral.php?r=". rawurlencode($session['user']['login'])."`n`n
	and the site will know that you were the one who sent them here.  When they reach level 4 for the first time, you'll get your points!");
	
	$sql = "SELECT name,level,refererawarded FROM accounts WHERE referer={$session['user']['acctid']} ORDER BY dragonkills,level";
  //    output($sql);
	$result = db_query($sql);
  output("`n`nAccounts which you referred:`n<table border='0' cellpadding='3' cellspacing='0'><tr><td>Name</td><td>Level</td><td>Awarded?</td></tr>",true);
	for ($i=0;$i<db_num_rows($result);$i++){
		$row = db_fetch_assoc($result);
		output("<tr class='".($i%2?"trlight":"trdark")."'><td>",true);
		output($row['name']);
		output("</td><td>{$row['level']}</td><td>".($row['refererawarded']?"`@Yes!`0":"`\$No!`0")."</td></tr>",true);
	}
	if (db_num_rows($result)==0){
		output("<tr><td colspan='3' align='center'>`iNone!</td><?tr>",true);
	}
	output("</table>",true);
	page_footer();
}else{
	page_header("Welcome to The Dragon Saga");
	output("`@The Dragon Saga is a remake of the classic BBS Door Game Legend of the Red Dragon.  
	Adventure in to the classic realm that was one of the world's very first multiplayer roleplaying games!
	");
	addnav("Create a character","create.php?r=".HTMLEntities($_GET['r']));
	addnav("Login Page","index.php");
	page_footer();
}?>
function letteropener_run()
{
    global $session;
    page_header("Letter opener");
    require_once "common.php";
    require_once "lib/systemmail.php";
    require_once "lib/sanitize.php";
    require_once "lib/http.php";
    $maildb = "mail";
    if (get_module_setting("outbox")) {
        $maildb = "mailoutbox";
    }
    $op = httpget('op');
    $order = "acctid";
    if ($sort != "") {
        $order = "{$sort}";
    }
    $display = 0;
    $query = httppost('q');
    if ($query === false) {
        $query = httpget('q');
    }
    addnav("Back to the grotto", "superuser.php");
    addnav(array("Show last %s YOMs", get_module_setting("num")), "runmodule.php?module=letteropener&op=lastfew");
    if ($op == "read") {
        $id = httpget('id');
        $sql = "SELECT msgfrom,msgto from " . db_prefix($maildb) . " where messageid=\"" . $id . "\"";
        $result = db_query($sql);
        $row = db_fetch_assoc($result);
        $acctid = $row['msgto'];
        $sqlz = "SELECT login from " . db_prefix("accounts") . " where acctid=\"" . $acctid . "\"";
        $result = db_query($sqlz);
        $rowz = db_fetch_assoc($result);
        $login = $rowz['login'];
        addnav("Read Someone else's mail", "runmodule.php?module=letteropener");
        //addnav("~");
        addnav(array("All YOMs to %s", $login), "runmodule.php?module=letteropener&op=to&to={$login}");
        addnav(array("All YOMs from %s", $login), "runmodule.php?module=letteropener&op=from&from={$login}");
        $sql = "SELECT " . db_prefix($maildb) . ".*," . db_prefix("accounts") . ".name,login FROM " . db_prefix($maildb) . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid=" . db_prefix($maildb) . ".msgfrom WHERE msgto=\"" . $acctid . "\" AND messageid=\"" . $id . "\"";
        $result = db_query($sql);
        if (db_num_rows($result) > 0) {
            $row = db_fetch_assoc($result);
            tlschema("mail");
            if ((int) $row['msgfrom'] == 0) {
                $row['name'] = translate_inline("`i`^System`0`i");
                if (is_array(unserialize($row['subject']))) {
                    $row['subject'] = unserialize($row['subject']);
                    $row['subject'] = call_user_func_array("sprintf_translate", $row['subject']);
                }
                if (is_array(unserialize($row['body']))) {
                    $row['body'] = unserialize($row['body']);
                    $row['body'] = call_user_func_array("sprintf_translate", $row['body']);
                }
            }
            tlschema();
            if (!$row['seen']) {
                output("`b`#NEW`b`n");
            } else {
                output("`n");
            }
            if ((int) $row['msgfrom'] != 0) {
                addnav("Or");
                //$othername=$row['msgfrom'];
                //$sql="select login from ".db_prefix("accounts")." where acctid=$othername";
                //$result = db_query($sql);
                $othername = $row['login'];
                addnav(array("All YOMs to %s", $othername), "runmodule.php?module=letteropener&op=to&to={$othername}");
                addnav(array("All YOMs from %s", $othername), "runmodule.php?module=letteropener&op=from&from={$othername}");
            }
            output("`b`2From:`b `^%s`n", $row['name']);
            output("`b`2Subject:`b `^%s`n", $row['subject']);
            output("`b`2Sent:`b `^%s`n", $row['sent']);
            output_notl("<hr>`n", true);
            output_notl(str_replace("\n", "`n", $row['body']));
            output_notl("`n<hr>`n", true);
            rawoutput("<table width='50%' border='0' cellpadding='0' cellspacing='5'><tr>");
            rawoutput("<td align='right'>&nbsp;</td>");
            rawoutput("</tr><tr>");
            $sql = "SELECT messageid FROM " . db_prefix($maildb) . " WHERE msgto='{$acctid}' AND messageid < '{$id}' ORDER BY messageid DESC LIMIT 1";
            $result = db_query($sql);
            if (db_num_rows($result) > 0) {
                $row = db_fetch_assoc($result);
                $pid = $row['messageid'];
            } else {
                $pid = 0;
            }
            $sql = "SELECT messageid FROM " . db_prefix($maildb) . " WHERE msgto='{$acctid}' AND messageid > '{$id}' ORDER BY messageid  LIMIT 1";
            $result = db_query($sql);
            if (db_num_rows($result) > 0) {
                $row = db_fetch_assoc($result);
                $nid = $row['messageid'];
            } else {
                $nid = 0;
            }
            $prev = translate_inline("< Previous");
            $next = translate_inline("Next >");
            rawoutput("<td nowrap='true'>");
            if ($pid > 0) {
                rawoutput("<a href='runmodule.php?module=letteropener&op=read&id={$pid}' class='motd'>" . htmlentities($prev) . "</a>");
                addnav("", "runmodule.php?module=letteropener&op=read&id={$pid}");
            } else {
                rawoutput(htmlentities($prev));
            }
            rawoutput("</td><td nowrap='true'>");
            if ($nid > 0) {
                rawoutput("<a href='runmodule.php?module=letteropener&op=read&id={$nid}' class='motd'>" . htmlentities($next) . "</a>");
                addnav("", "runmodule.php?module=letteropener&op=read&id={$nid}");
            } else {
                rawoutput(htmlentities($next));
            }
            rawoutput("</td>");
            rawoutput("</tr></table>");
        }
    } elseif ($op == "lastfew") {
        output("Here are the last %s non-system YOMs", get_module_setting("num"));
        $sql = "select * from " . db_prefix($maildb) . " where msgfrom>0 ORDER BY messageid DESC limit " . get_module_setting("num") . "";
        $res = db_query($sql);
        $to = translate_inline("To");
        $from = translate_inline("From");
        require_once "lib/sanitize.php";
        for ($i = 0; $i < db_num_rows($res); $i++) {
            $row = db_fetch_assoc($res);
            $sql2 = "select name from " . db_prefix("accounts") . " where acctid=" . $row['msgto'] . "";
            $res2 = db_query($sql2);
            $row2 = db_fetch_assoc($res2);
            $toname = color_sanitize($row2['name']);
            $sql3 = "select name from " . db_prefix("accounts") . " where acctid=" . $row['msgfrom'] . "";
            $res3 = db_query($sql3);
            $row3 = db_fetch_assoc($res3);
            $fromname = color_sanitize($row3['name']);
            rawoutput("<table border=1 width=100%><tr><td>{$from} :{$fromname} - " . date("M d, h:i a", strtotime($row['sent'])) . " - {$to} : {$toname}</td></tr><tr><td>" . $row['body'] . "</td></tr></table><br>");
        }
    } elseif ($op == "") {
        output("Whose mail would you like to read?`n");
        rawoutput("<form action='runmodule.php?module=letteropener' method='POST'>");
        rawoutput("<input name='q' id='q'>");
        $se = translate_inline("Search");
        rawoutput("<input type='submit' class='button' value='{$se}'>");
        rawoutput("</form>");
        rawoutput("<script language='JavaScript'>document.getElementById('q').focus();</script>");
        addnav("", "runmodule.php?module=letteropener");
        $searchresult = false;
        $where = "";
        $op = "";
        $sql = "SELECT acctid,login,name FROM " . db_prefix("accounts");
        if ($query != "") {
            $where = "WHERE login='******' OR name='{$query}'";
            $searchresult = db_query($sql . " {$where}  ORDER BY '{$order}' LIMIT 2");
        }
        if ($query !== false || $searchresult) {
            if (db_num_rows($searchresult) != 1) {
                $where = "WHERE login LIKE '%{$query}%' OR acctid LIKE '%{$query}%' OR name LIKE '%{$query}%' OR emailaddress LIKE '%{$query}%' OR lastip LIKE '%{$query}%' OR uniqueid LIKE '%{$query}%' OR gentimecount LIKE '%{$query}%' OR level LIKE '%{$query}%'";
                $searchresult = db_query($sql . " {$where}  ORDER BY '{$order}' LIMIT 101");
            }
            if (db_num_rows($searchresult) <= 0) {
                output("`\$No results found`0");
                $where = "";
            } elseif (db_num_rows($searchresult) > 100) {
                output("`\$Too many results found, narrow your search please.`0");
                $op = "";
                $where = "";
            } else {
                $op = "";
                $display = 1;
            }
        }
        if ($display == 1) {
            $q = "";
            if ($query) {
                $q = "&q={$query}";
            }
            $acid = translate_inline("AcctID");
            $login = translate_inline("Login");
            $nm = translate_inline("Name");
            $rn = 0;
            $oorder = "";
            while ($row = db_fetch_assoc($searchresult)) {
                $laston = relativedate($row['laston']);
                $loggedin = date("U") - strtotime($row['laston']) < getsetting("LOGINTIMEOUT", 900) && $row['loggedin'];
                if ($loggedin) {
                    $laston = translate_inline("`#Online`0");
                }
                $row['laston'] = $laston;
                if ($row[$order] != $oorder) {
                    $rn++;
                }
                $oorder = $row[$order];
                rawoutput("<table align=center border=1 width=350>");
                rawoutput("<tr class='trhead'><td>{$acid}: ");
                output_notl("`&%s`0", $row['acctid'], true);
                rawoutput("</td><td>{$login}: ");
                output_notl("`&%s`0", $row['login'], true);
                rawoutput("</td>");
                rawoutput("<td rowspan=2 align=left nowrap>");
                addnav("", "runmodule.php?module=letteropener&op=to&to={$row['login']}");
                addnav("", "runmodule.php?module=letteropener&op=from&from={$row['login']}");
                $to = translate_inline("All messages `#to`& this person");
                $from = translate_inline("All messages `#from`& this person");
                output_notl("<a href='runmodule.php?module=letteropener&op=to&to={$row['login']}'>`&&#149;%s`7</a>", $to, true);
                rawoutput("<br>");
                output_notl("<a href='runmodule.php?module=letteropener&op=from&from={$row['login']}'>`&&#149;%s`7</a>", $from, true);
                rawoutput("</td></tr><tr><td colspan=2>");
                output_notl("`&%s`7", $row['name'], true);
                rawoutput("</td></tr></table><Br>");
            }
        }
    } elseif ($op == "to") {
        $subject = "";
        $body = "";
        $row = "";
        addnav("Read someone else's mail", "runmodule.php?module=letteropener");
        $to = httpget('to');
        $from = httpget('from');
        if ($to != "") {
            $sql = "SELECT acctid,login,name superuser FROM " . db_prefix("accounts") . " WHERE login=\"{$to}\"";
            $result = db_query($sql);
            $row = db_fetch_assoc($result);
            $sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='******'login'] . "'";
            $result = db_query($sql);
            $row2 = db_fetch_assoc($result);
            $acctid = $row2['acctid'];
            rawoutput("<table>");
            $session['message'] = "";
            $sql = "SELECT subject,messageid," . db_prefix("accounts") . ".name,msgfrom,seen,sent FROM " . db_prefix($maildb) . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid=" . db_prefix($maildb) . ".msgfrom WHERE msgto=\"" . $acctid . "\" ORDER BY sent DESC";
            $result = db_query($sql);
            if (db_num_rows($result) > 0) {
                while ($row = db_fetch_assoc($result)) {
                    tlschema("mail");
                    if ((int) $row['msgfrom'] == 0) {
                        $row['name'] = translate_inline("`i`^System`0`i");
                        if (is_array(unserialize($row['subject']))) {
                            $row['subject'] = unserialize($row['subject']);
                            $row['subject'] = call_user_func_array("sprintf_translate", $row['subject']);
                        }
                    }
                    tlschema();
                    $id = $row['messageid'];
                    output_notl("<tr>", true);
                    output_notl("<td nowrap><img src='images/" . ($row['seen'] ? "old" : "new") . "scroll.GIF' width='16' height='16' alt='" . ($row['seen'] ? "Old" : "New") . "'></td>", true);
                    output_notl("<td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$to}'>", true);
                    addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$to}");
                    if (trim($row['subject']) == "") {
                        output("`i(No Subject)`i");
                    } else {
                        output_notl($row['subject']);
                    }
                    output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$to}'>", true);
                    addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$to}");
                    output("- from %s", $row['name']);
                    output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$to}'>" . date("M d, h:i a", strtotime($row['sent'])) . "</a></td>", true);
                    addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$to}");
                    output_notl("</tr>", true);
                }
                //}
            } else {
                output("`iThey have no mail.`i");
            }
        } elseif (db_num_rows($result) == 0) {
            output("`@No one was found who matches \"%s\".  ", stripslashes($to));
            $try = translate_inline("Please try again");
            output_notl("<a href='runmodule.php?module=letteropener'>{$try}</a>.", true);
            popup_footer();
            exit;
        } else {
            output_notl("<select name='to' id='to' onChange='check_su_warning();'>", true);
            $superusers = array();
            for ($i = 0; $i < db_num_rows($result); $i++) {
                $row = db_fetch_assoc($result);
                output_notl("<option value=\"" . HTMLEntities($row['login']) . "\">", true);
                output_notl("%s", full_sanitize($row['name']));
                if ($row['superuser'] & SU_GIVES_YOM_WARNING && !($row['superuser'] & SU_OVERRIDE_YOM_WARNING)) {
                    array_push($superusers, $row['login']);
                }
            }
            output_notl("</select>`n", true);
        }
        output_notl("</table>", true);
    } elseif ($op == "from") {
        $subject = "";
        $body = "";
        $row = "";
        addnav("Read someone else's mail", "runmodule.php?module=letteropener");
        $from = httpget('from');
        if ($from != "") {
            $sql = "SELECT acctid,login,name superuser FROM " . db_prefix("accounts") . " WHERE login=\"{$from}\"";
            $result = db_query($sql);
            $row = db_fetch_assoc($result);
            $sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='******'login'] . "'";
            $result = db_query($sql);
            $row2 = db_fetch_assoc($result);
            $acctid = $row2['acctid'];
            output_notl("<table>", true);
            $session['message'] = "";
            $sql = "SELECT subject,messageid," . db_prefix("accounts") . ".name,msgto,seen,sent FROM " . db_prefix($maildb) . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid=" . db_prefix($maildb) . ".msgto WHERE msgfrom=\"" . $acctid . "\" ORDER BY sent DESC";
            $result = db_query($sql);
            if (db_num_rows($result) > 0) {
                for ($i = 0; $i < db_num_rows($result); $i++) {
                    $row = db_fetch_assoc($result);
                    $sql2 = "Select name from " . db_prefix("accounts") . " where acctid=" . $row['msgto'] . "";
                    $result2 = db_query($sql2);
                    $row2 = db_fetch_assoc($result2);
                    $toname = $row2['name'];
                    $id = $row['messageid'];
                    output_notl("<tr>", true);
                    output_notl("<td nowrap><img src='images/" . ($row['seen'] ? "old" : "new") . "scroll.GIF' width='16' height='16' alt='" . ($row['seen'] ? "Old" : "New") . "'></td>", true);
                    output_notl("<td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$from}'>", true);
                    if (trim($row['subject']) == "") {
                        output("`i(No Subject)`i");
                    } else {
                        output_notl($row['subject']);
                    }
                    output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$from}'>", true);
                    addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$from}");
                    output("- to %s", $toname);
                    output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$from}'>" . date("M d, h:i a", strtotime($row['sent'])) . "</a></td>", true);
                    output_notl("</tr>", true);
                }
                //}
            } else {
                output("`iThey have not sent any mail.`i");
            }
        } elseif (db_num_rows($result) == 0) {
            output("`@No one was found who matches \"%s\".  ", stripslashes($from));
            $try = translate_inline("Please try again");
            output_notl("<a href='runmodule.php?module=letteropener'>{$try}</a>.", true);
            popup_footer();
            exit;
        } else {
            output_notl("<select name='to' id='to' onChange='check_su_warning();'>", true);
            $superusers = array();
            for ($i = 0; $i < db_num_rows($result); $i++) {
                $row = db_fetch_assoc($result);
                output_notl("<option value=\"" . HTMLEntities($row['login']) . "\">", true);
                output_notl("%s", full_sanitize($row['name']));
                if ($row['superuser'] & SU_GIVES_YOM_WARNING && !($row['superuser'] & SU_OVERRIDE_YOM_WARNING)) {
                    array_push($superusers, $row['login']);
                }
            }
            output_notl("</select>`n", true);
        }
        output_notl("</table>", true);
    }
    page_footer();
}
/**
 * Private functions (Undocumented)
 *
 * @param string $text
 * @param string $link
 * @param bool $priv
 * @param bool $pop
 * @param bool $popsize
 * @return mixed
 */
function private_addnav($text, $link = false, $priv = false, $pop = false, $popsize = "500x300")
{
    //don't call this directly please.  I'll break your thumbs if you do.
    global $nav, $session, $accesskeys, $REQUEST_URI, $quickkeys, $navschema, $notranslate;
    if (is_blocked($link)) {
        return false;
    }
    $thisnav = "";
    $unschema = 0;
    $translate = true;
    if (isset($notranslate)) {
        if (in_array(array($text, $link), $notranslate)) {
            $translate = false;
        }
    }
    if (is_array($text)) {
        if ($text[0] && $session['loggedin']) {
            if ($link === false) {
                $schema = "!array!" . serialize($text);
            } else {
                $schema = $text[0];
            }
            if ($translate) {
                tlschema($navschema[$schema]);
                $unschema = 1;
            }
        }
        if ($link != "!!!addraw!!!") {
            if ($translate) {
                $text[0] = translate($text[0]);
            }
            $text = call_user_func_array("sprintf", $text);
        } else {
            $text = call_user_func_array("sprintf", $text);
        }
    } else {
        if ($text && $session['loggedin'] && $translate) {
            tlschema($navschema[$text]);
            $unschema = 1;
        }
        if ($link != "!!!addraw!!!" && $text > "" && $translate) {
            $text = translate($text);
        }
        //leave the hack in here for now, use addnav_notl please
    }
    $extra = "";
    $ignoreuntil = "";
    if ($link === false) {
        //$text = holidayize($text,'nav');
        $thisnav .= tlbutton_pop() . templatereplace("navhead", array("title" => appoencode($text, $priv)));
    } elseif ($link === "") {
        //$text = holidayize($text,'nav');
        $thisnav .= tlbutton_pop() . templatereplace("navhelp", array("text" => appoencode($text, $priv)));
    } elseif ($link == "!!!addraw!!!") {
        $thisnav .= $text;
    } else {
        if ($text != "") {
            $extra = "";
            if (strpos($link, "?")) {
                $extra = "&c={$session['counter']}";
            } else {
                $extra = "?c={$session['counter']}";
            }
            $extra .= "-" . date("His");
            //hotkey for the link.
            $key = "";
            if ($text[1] == "?") {
                // check to see if a key was specified up front.
                $hchar = strtolower($text[0]);
                if ($hchar == ' ' || array_key_exists($hchar, $accesskeys) && $accesskeys[$hchar] == 1) {
                    $text = substr($text, 2);
                    //$text = holidayize($text,'nav');
                    if ($hchar == ' ') {
                        $key = " ";
                    }
                } else {
                    $key = $text[0];
                    $text = substr($text, 2);
                    //$text = holidayize($text,'nav');
                    $found = false;
                    $text_len = strlen($text);
                    for ($i = 0; $i < $text_len; ++$i) {
                        $char = $text[$i];
                        if ($ignoreuntil == $char) {
                            $ignoreuntil = "";
                        } else {
                            if ($ignoreuntil != "") {
                                if ($char == "<") {
                                    $ignoreuntil = ">";
                                }
                                if ($char == "&") {
                                    $ignoreuntil = ";";
                                }
                                if ($char == "`") {
                                    $ignoreuntil = $text[$i + 1];
                                }
                            } else {
                                if ($char == $key) {
                                    $found = true;
                                    break;
                                }
                            }
                        }
                    }
                    if ($found == false) {
                        //the hotkey for this link wasn't actually in the
                        //text, prepend it in parens.
                        if (strpos($text, "__") !== false) {
                            $text = str_replace("__", "(" . $key . ") ", $text);
                        } else {
                            $text = "(" . strtoupper($key) . ") " . $text;
                        }
                        $i = strpos($text, $key);
                    }
                }
            } else {
                //$text = holidayize($text,'nav');
            }
            if ($key == "") {
                //we have no previously defined key.  Look for a new one.
                $tlength = strlen($text);
                for ($i = 0; $i < $tlength; $i++) {
                    $char = substr($text, $i, 1);
                    if ($ignoreuntil == $char) {
                        $ignoreuntil = "";
                    } else {
                        if (isset($accesskeys[strtolower($char)]) && $accesskeys[strtolower($char)] == 1 || strpos("abcdefghijklmnopqrstuvwxyz0123456789", strtolower($char)) === false || $ignoreuntil != "") {
                            if ($char == "<") {
                                $ignoreuntil = ">";
                            }
                            if ($char == "&") {
                                $ignoreuntil = ";";
                            }
                            if ($char == "`") {
                                $ignoreuntil = substr($text, $i + 1, 1);
                            }
                        } else {
                            break;
                        }
                    }
                }
            }
            if (!isset($i)) {
                $i = 0;
            }
            if ($i < strlen($text) && $key != ' ') {
                $key = substr($text, $i, 1);
                $accesskeys[strtolower($key)] = 1;
                $keyrep = " accesskey=\"{$key}\" ";
            } else {
                $key = "";
                $keyrep = "";
            }
            if ($key == "" || $key == " ") {
            } else {
                $pattern1 = "/^" . preg_quote($key, "/") . "/";
                $pattern2 = "/([^`])" . preg_quote($key, "/") . "/";
                $rep1 = "`H{$key}`H";
                $rep2 = "\$1`H{$key}`H";
                $text = preg_replace($pattern1, $rep1, $text, 1);
                if (strpos($text, "`H") === false) {
                    $text = preg_replace($pattern2, $rep2, $text, 1);
                }
                if ($pop) {
                    if ($popsize == "") {
                        $quickkeys[$key] = "window.open('{$link}')";
                    } else {
                        $quickkeys[$key] = popup($link, $popsize);
                    }
                } else {
                    $quickkeys[$key] = "window.location='{$link}{$extra}'";
                }
            }
            $n = templatereplace("navitem", array("text" => appoencode($text, $priv), "link" => HTMLEntities($link . ($pop != true ? $extra : ""), ENT_COMPAT, getsetting("charset", "ISO-8859-1")), "accesskey" => $keyrep, "popup" => $pop == true ? "target='_blank'" . ($popsize > "" ? " onClick=\"" . popup($link, $popsize) . "; return false;\"" : "") : ""));
            $n = str_replace("<a ", tlbutton_pop() . "<a ", $n);
            $thisnav .= $n;
        }
        $session['allowednavs'][$link . $extra] = true;
        $session['allowednavs'][str_replace(" ", "%20", $link) . $extra] = true;
        $session['allowednavs'][str_replace(" ", "+", $link) . $extra] = true;
        if (($pos = strpos($link, "#")) !== false) {
            $sublink = substr($link, 0, $pos);
            $session['allowednavs'][$sublink . $extra] = true;
        }
    }
    if ($unschema) {
        tlschema();
    }
    $nav .= $thisnav;
    return $thisnav;
}
$result = db_query($sql);
if (db_num_rows($result) <= 0) {
    output("Sorry, couldn't find anyone who matched that search.`n`n");
} elseif (db_num_rows($result) > 100) {
    output("Well, that could be anyone!  Wanna try that again?`n`n");
    output("Who would you like to attack?`n`n");
    $search = translate_inline("Search");
    rawoutput("<form action='runmodule.php?module=scrapbots&op=findopponent2' method='POST'>");
    addnav("", "runmodule.php?module=scrapbots&op=findopponent2");
    rawoutput("<input name='name' id='name'>");
    rawoutput("<input type='submit' class='button' value='{$search}'>");
    rawoutput("</form>");
    rawoutput("<script language='JavaScript'>document.getElementById('name').focus()</script>");
} else {
    output("These people matched your search:`n");
    output("TODO: Check if opponent has scrapbots, can be attacked etc`n`n");
    $name = translate_inline("Name");
    $lev = translate_inline("Level");
    rawoutput("<table cellpadding='3' cellspacing='0' border='0'>");
    rawoutput("<tr class='trhead'><td>{$name}</td><td>{$lev}</td></tr>");
    for ($i = 0; $i < db_num_rows($result); $i++) {
        $row = db_fetch_assoc($result);
        rawoutput("<tr class='" . ($i % 2 ? "trlight" : "trdark") . "'><td><a href='runmodule.php?module=scrapbots&op=findopponent3&name=" . HTMLEntities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "'>");
        output_notl("%s", $row['name']);
        rawoutput("</a></td><td>");
        output_notl("%s", $row['level']);
        rawoutput("</td></tr>", true);
        addnav("", "runmodule.php?module=scrapbots&op=findopponent3&name=" . HTMLEntities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
    }
    rawoutput("</table><br />", true);
}
        output("Transfer how much: ");
        rawoutput("<input name='amount' id='amount' width='5' value='{$amt}'><br>");
        output("To: ");
        rawoutput("<input name='to' value='{$to}'>");
        output(" (partial names are ok, you will be asked to confirm the transaction before it occurs).`n");
        rawoutput("<input type='submit' class='button' value='{$msg}'></form>");
        rawoutput("<script language='javascript'>document.getElementById('amount').focus();</script>", true);
        addnav("", "bank.php?op=transfer2");
    } elseif (db_num_rows($result) > 1) {
        rawoutput("<form action='bank.php?op=transfer3' method='POST'>");
        output("`6Transfer `^%s`6 to ", $amt);
        rawoutput("<select name='to' class='input'>");
        $number = db_num_rows($result);
        for ($i = 0; $i < $number; $i++) {
            $row = db_fetch_assoc($result);
            rawoutput("<option value=\"" . HTMLEntities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">" . full_sanitize($row['name']) . "</option>");
        }
        $msg = translate_inline("Complete Transfer");
        rawoutput("</select><input type='hidden' name='amount' value='{$amt}'><input type='submit' class='button' value='{$msg}'></form>", true);
        addnav("", "bank.php?op=transfer3");
    } else {
        output("`@Elessa`6 blinks at you from behind her spectacles, \"`@I'm sorry, but I can find no one matching that name who does business with our bank!  Please try again.`6\"");
    }
} elseif ($op == "transfer3") {
    $amt = abs((int) httppost('amount'));
    $to = httppost('to');
    output("`6`bTransfer Completion`b`n");
    if ($session['user']['gold'] + $session['user']['goldinbank'] < $amt) {
        output("`@Elessa`6 stands up to her full, but still diminutive height and glares at you, \"`@How can you transfer `^%s`@ gold when you only possess `^%s`@?`6\"", $amt, $session['user']['gold'] + $session['user']['goldinbank']);
    } else {
        $sql = "SELECT name,acctid,level,transferredtoday FROM " . db_prefix("accounts") . " WHERE login='******'";
function darkhorse_bartender($from)
{
    global $session;
    $what = httpget('what');
    if ($what == "") {
        output("The grizzled old man behind the bar reminds you very much of a strip of beef jerky.`n`n");
        $dname = translate_inline($session['user']['sex'] ? "lasshie" : "shon");
        output("\"`7Shay, what can I do for you %s?`0\" inquires the toothless fellow.", $dname);
        output("\"`7Don't shee the likesh of your short too offen 'round theshe partsh.`0\"");
        addnav("Learn about my enemies", $from . "op=bartender&what=enemies");
        addnav("Learn about colors", $from . "op=bartender&what=colors");
    } elseif ($what == "colors") {
        output("The old man leans on the bar.");
        output("\"`%Sho you want to know about colorsh, do you?`0\" he asks.`n`n");
        output("You are about to answer when you realize the question was rhetorical.`n`n");
        output("He continues, \"`%To do colorsh, here'sh what you need to do.  Firsht, you ushe a &#0096; mark (found right above the tab key) followed by 1, 2, 3, 4, 5, 6, 7, !, @, #, \$, %, ^, &, ), q or Q.  Each of thoshe correshpondsh with a color to look like this: `n`1&#0096;1 `2&#0096;2 `3&#0096;3 `4&#0096;4 `5&#0096;5 `6&#0096;6 `7&#0096;7 `n`!&#0096;! `@&#0096;@ `#&#0096;# `\$&#0096;\$ `%&#0096;% `^&#0096;^ `&&#0096;& `n `)&#0096;) `q&#0096;q `Q&#0096;Q `n`% got it?`0\"`n  You can practice below:", true);
        rawoutput("<form action=\"" . $from . "op=bartender&what=colors\" method='POST'>");
        $testtext = httppost('testtext');
        $try = translate_inline("Try");
        rawoutput("<input name='testtext' id='testtext'><input type='submit' class='button' value='{$try}'></form>");
        addnav("", $from . "op=bartender&what=colors");
        rawoutput("<script language='JavaScript'>document.getElementById('testtext').focus();</script>");
        if ($testtext) {
            output("`0You entered %s`n", prevent_colors(HTMLEntities($testtext, ENT_COMPAT, getsetting("charset", "ISO-8859-1"))), true);
            output("It looks like %s`n", $testtext);
        }
        output("`0`n`nThese colors can be used in your name, and in any conversations you have.");
    } else {
        if ($what == "enemies") {
            $who = httpget('who');
            if ($who == "") {
                output("\"`7Sho, you want to learn about your enemiesh, do you?  Who do you want to know about?  Well?  Shpeak up!  It only costs `^100`7 gold per person for information.`0\"");
                $subop = httpget('subop');
                if ($subop != "search") {
                    $search = translate_inline("Search");
                    rawoutput("<form action='" . $from . "op=bartender&what=enemies&subop=search' method='POST'><input name='name' id='name'><input type='submit' class='button' value='{$search}'></form>");
                    addnav("", $from . "op=bartender&what=enemies&subop=search");
                    rawoutput("<script language='JavaScript'>document.getElementById('name').focus();</script>");
                } else {
                    addnav("Search Again", $from . "op=bartender&what=enemies");
                    $search = "%";
                    $name = httppost('name');
                    for ($i = 0; $i < strlen($name); $i++) {
                        $search .= substr($name, $i, 1) . "%";
                    }
                    $sql = "SELECT name,alive,location,sex,level,laston,loggedin,login FROM " . db_prefix("accounts") . " WHERE (locked=0 AND name LIKE '{$search}') ORDER BY level DESC";
                    $result = db_query($sql);
                    $max = db_num_rows($result);
                    if ($max > 100) {
                        output("`n`n\"`7Hey, whatsh you think yoush doin'.  That'sh too many namesh to shay.  I'll jusht tell you 'bout shome of them.`0`n");
                        $max = 100;
                    }
                    $n = translate_inline("Name");
                    $lev = translate_inline("Level");
                    rawoutput("<table border=0 cellpadding=0><tr><td>{$n}</td><td>{$lev}</td></tr>");
                    for ($i = 0; $i < $max; $i++) {
                        $row = db_fetch_assoc($result);
                        rawoutput("<tr><td><a href='" . $from . "op=bartender&what=enemies&who=" . rawurlencode($row['login']) . "'>");
                        output_notl("%s", $row['name']);
                        rawoutput("</a></td><td>{$row['level']}</td></tr>");
                        addnav("", $from . "op=bartender&what=enemies&who=" . rawurlencode($row['login']));
                    }
                    rawoutput("</table>");
                }
            } else {
                if ($session['user']['gold'] >= 100) {
                    $sql = "SELECT name,acctid,alive,location,maxhitpoints,gold,sex,level,weapon,armor,attack,race,defense,charm FROM " . db_prefix("accounts") . " WHERE login='******'";
                    $result = db_query($sql);
                    if (db_num_rows($result) > 0) {
                        $row = db_fetch_assoc($result);
                        $row = modulehook("adjuststats", $row);
                        $name = str_replace("s", "sh", $row['name']);
                        $name = str_replace("S", "Sh", $name);
                        output("\"`7Well... letsh shee what I know about %s`7,`0\" he says...`n`n", $name);
                        output("`4`bName:`b`6 %s`n", $row['name']);
                        output("`4`bRace:`b`6 %s`n", translate_inline($row['race'], "race"));
                        output("`4`bLevel:`b`6 %s`n", $row['level']);
                        output("`4`bHitpoints:`b`6 %s`n", $row['maxhitpoints']);
                        output("`4`bGold:`b`6 %s`n", $row['gold']);
                        output("`4`bWeapon:`b`6 %s`n", $row['weapon']);
                        output("`4`bArmor:`b`6 %s`n", $row['armor']);
                        output("`4`bAttack:`b`6 %s`n", $row['attack']);
                        output("`4`bDefense:`b`6 %s`n", $row['defense']);
                        output("`n`^%s7 ish alsho ", $row['name']);
                        $amt = $session['user']['charm'];
                        if ($amt == $row['charm']) {
                            output("ash ugly ash you are.`n");
                        } else {
                            if ($amt - 10 > $row['charm']) {
                                output("`bmuch`b uglier shan you!`n");
                            } else {
                                if ($amt > $row['charm']) {
                                    output("uglier shan you.`n");
                                } else {
                                    if ($amt + 10 < $row['charm']) {
                                        output("`bmuch`b more beautiful shan you!`n");
                                    } else {
                                        output("more beautiful shan you.`n");
                                    }
                                }
                            }
                        }
                        $session['user']['gold'] -= 100;
                        debuglog("spent 100 gold to learn about an enemy");
                    } else {
                        output("\"`7Eh..?  I don't know anyone named that.`0\"");
                    }
                } else {
                    output("\"`7Well... letsh shee what I know about cheapshkates like you,`0\" he says...`n`n");
                    output("`4`bName:`b`6 Get some money`n");
                    output("`4`bLevel:`b`6 You're too broke`n");
                    output("`4`bHitpoints:`b`6 Probably more than you`n");
                    output("`4`bGold:`b`6 Definately richer than you`n");
                    output("`4`bWeapon:`b`6 Something good enough to lay the smackdown on you`n");
                    output("`4`bArmor:`b`6 Probably something more fashionable than you`n");
                    output("`4`bAttack:`b`6 Eleventy billion`n");
                    output("`4`bDefense:`b`6 Super Duper`n");
                }
            }
        }
    }
    addnav("Return to the Main Room", $from . "op=tavern");
}
コード例 #29
0
             output("<tr class='" . ($i % 2 ? "trlight" : "trdark") . "'><td>{$row['name']}</td><td>{$row['level']}</td><td>[ <a href='{$biolink}'>Bio</a> | <a href='pvp.php?act=attack&bg=1&name=" . rawurlencode($row[login]) . "'>Attack</a> ]</td></tr>", true);
             addnav("", "pvp.php?act=attack&bg=1&name=" . rawurlencode($row[login]));
         }
     }
     output("</table>", true);
 } else {
     if ($_GET['act'] == "colors") {
         output("Cedrik leans on the bar.  \"`%So you want to know about colors, do you?`0\" he asks.");
         output("  You are about to answer when you realize the question was posed in the rhetoric.  ");
         output("Cedrik continues, \"`%To do colors, here's what you need to do.  First, you use a &#0096; mark ", true);
         output("(found right above the tab key) followed by 1, 2, 3, 4, 5, 6, 7, !, @, #, \$, %, ^, &.  Each of those corresponds with ");
         output("a color to look like this: `n`1&#0096;1 `2&#0096;2 `3&#0096;3 `4&#0096;4 `5&#0096;5 `6&#0096;6 `7&#0096;7 ", true);
         output("`n`!&#0096;! `@&#0096;@ `#&#0096;# `\$&#0096;\$ `%&#0096;% `^&#0096;^ `&&#0096;& `n", true);
         output("`% got it?`0\"  You can practice below:");
         output("<form action=\"{$REQUEST_URI}\" method='POST'>", true);
         output("You entered " . str_replace("`", "&#0096;", HTMLEntities($_POST[testtext])) . "`n", true);
         output("It looks like " . $_POST[testtext] . " `n");
         output("<input name='testtext' id='input'><input type='submit' class='button' value='Try'></form>", true);
         output("<script type='text/javascript'>document.getElementById('input').focus();</script>", true);
         output("`0`n`nThese colors can be used in your name, and in any conversations you have.");
         addnav("", $REQUEST_URI);
     } else {
         if ($_GET['act'] == "specialty") {
             if ($_GET[specialty] == "") {
                 output("\"`2I want to change my specialty,`0\" you announce to Cedrik.`n`n");
                 output("With out a word, Cedrik grabs you by the shirt, pulls you over the counter, and behind the ");
                 output("barrels behind him.  There, he rotates the tap on a small keg labeled \"Fine Swill XXX\"");
                 output("`n`nYou look around for the secret door that you know must be opening nearby when Cedrik ");
                 output("rotates the tap back, and lifts up a freshly filled foamy mug of what is apparently his fine swill, blue-green ");
                 output("tint and all.");
                 output("`n`n\"`3What?  Were you expecting a secret room?`0\" he asks.  \"`3Now then, you must be more ");
コード例 #30
0
                        output("`4An email was sent to `\$" . $_POST['email'] . "`4 to validate your address.  Click the link in the email to activate your account.`0`n`n");
                    } else {
                        output("<form action='login.php' method='POST'><input name='name' value='" . $shortname . "' type='hidden'><input name='password' value='" . $_POST['pass1'] . "' type='hidden'>\n\t\t\t\t\t\tYour account was created, your login name is `^{$shortname}`0.  `n`n<input type='submit' class='button' value='Click here to log in'></form>`n`n" . ($trash > 0 ? "Characters that have never been logged in to will be deleted after {$trash} day(s) of no activity.`n" : "") . ($new > 0 ? "Characters that have never reached level 2 will be deleted after {$new} days of no activity.`n" : "") . ($old > 0 ? "Characters that have reached level 2 at least once will be deleted after {$old} days of no activity." : "") . "", true);
                    }
                }
            }
        } else {
            /*
            output("`\$Error`^: Your password must be at least 4 characters long, 
            your name must be at least 3 characters long, 
            ".(getsetting("requireemail",0)==1?"you must enter a valid email address, ":"")."
            ".(getsetting("blockdupeemail",0)==1?"you must not have any other accounts by that email address, ":"")."
            and your passwords must match.");
            */
            output("`\$Error`^:`n{$msg}");
            $_GET['op'] = "";
        }
    }
}
if ($_GET['op'] == "") {
    output("`&`c`bCreate a Character`b`c");
    output("`0<form action=\"create.php?op=create" . ($_GET['r'] > "" ? "&r=" . HTMLEntities($_GET['r']) : "") . "\" method='POST'>", true);
    output("How will you be known to this world? <input name='name'>`n", true);
    output("Enter a password: <input type='password' name='pass1'>`n", true);
    output("Re-enter it for confirmation: <input type='password' name='pass2'>`n", true);
    output("Enter your email address: <input name='email'> " . (getsetting("requireemail", 0) == 0 ? "(optional -- however, if you choose not to enter one, there will be no way that you can reset your password if you forget it!)" : "(required" . (getsetting("requirevalidemail", 0) == 0 ? "" : ", an email will be sent to this address to verify it before you can log in") . ")") . "`n", true);
    output("And are you a <input type='radio' name='sex' value='1'>Female or a <input type='radio' name='sex' value='0' checked>Male?`n", true);
    output("<input type='submit' class='button' value='Create your character'>", true);
}
addnav("Login", "index.php");
page_footer();