function MB_Convert_Encoding($str, $to_encoding, $from_encoding = Null)
{
if ($from_encoding == 'UTF-8' && $to_encoding == 'HTML-ENTITIES') {
return HTMLSpecialChars_Decode(UTF8_Decode(HTMLEntities($str, ENT_QUOTES, 'utf-8', False)));
} else {
return @IConv($from_encoding, $to_encoding, $str);
}
}
function namecolor_form()
{
$regname = get_player_basename();
output("Your name currently is this:");
rawoutput($regname);
output(", which looks like %s`7`n`n", $regname);
output("How would you like your name to look?`n");
rawoutput("<form action='runmodule.php?module=namecolor&op=namepreview' method='POST'><input name='newname' value=\"" . HTMLEntities($regname, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\"> <input type='submit' class='button' value='Preview'></form>");
addnav("", "runmodule.php?module=namecolor&op=namepreview");
}
function db_query($sql, $die = true)
{
//debug("SQL Query: ".$sql);
if (defined("DB_NODB") && !defined("LINK")) {
return array();
}
global $session, $dbinfo, $allqueries, $allqueriesbyfile;
$dbinfo['queriesthishit']++;
$fname = DBTYPE . "_query";
$starttime = getmicrotime();
$thisquery = array();
$thisquery['query'] = $sql;
$r = $fname($sql, LINK);
if (!$r && $die === true) {
if (defined("IS_INSTALLER")) {
return array();
} else {
if ($session['user']['superuser'] & SU_DEVELOPER || 1) {
require_once "lib/show_backtrace.php";
die("<pre>" . HTMLEntities($sql, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "</pre>" . db_error(LINK) . show_backtrace());
} else {
die("A most bogus error has occurred. I apologise, but the page you were trying to access is broken. Please use your browser's back button and try again.");
}
}
}
$endtime = getmicrotime();
if ($endtime - $starttime >= 1.0 && $session['user']['superuser'] & SU_DEBUG_OUTPUT) {
$s = trim($sql);
if (strlen($s) > 800) {
$s = substr($s, 0, 400) . " ... " . substr($s, strlen($s) - 400);
}
debug("Slow Query (" . round($endtime - $starttime, 2) . "s): " . HTMLEntities($s, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "`n");
}
$thisquery['time'] = round($endtime - $starttime, 5);
$trace = debug_backtrace();
$thisquery['file1'] = $trace[0]['file'];
$thisquery['line1'] = $trace[0]['line'];
$thisquery['file2'] = $trace[1]['file'];
$thisquery['line2'] = $trace[1]['line'];
$allqueries[] = $thisquery;
$allqueriesbyfile[$thisquery['file1']]['time'] += $thisquery['time'];
$allqueriesbyfile[$thisquery['file1']]['hits'] += 1;
unset($dbinfo['affected_rows']);
$dbinfo['affected_rows'] = db_affected_rows();
$dbinfo['querytime'] += $endtime - $starttime;
return $r;
}
/**
* Execute a SQLite query.
* @return void
*/
function db_query(string $sql = '', bool $die = true)
{
global $session, $dbinfo, $sqlite_resource;
if (defined("DB_NODB") && !defined("LINK") && !is_object($sqlite_resource)) {
return [];
}
$dbinfo['queriesthishit']++;
$starttime = getmicrotime();
//var_dump($sql);
if (IS_INSTALLER) {
$r = @$sqlite_resource->query($sql);
} else {
$r = $sqlite_resource->query($sql);
}
if (!$r && $die === true) {
if (defined("IS_INSTALLER")) {
return [];
} else {
if ($session['user']['superuser'] & SU_DEVELOPER || 1) {
require_once "lib/show_backtrace.php";
die("<pre>" . HTMLEntities($sql, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "</pre>" . db_error(LINK) . show_backtrace());
} else {
die("Please use your browser's back button and try again.");
}
}
}
$endtime = getmicrotime();
if ($endtime - $starttime >= 1.0 && $session['user']['superuser'] & SU_DEBUG_OUTPUT) {
$s = trim($sql);
if (strlen($s) > 800) {
$s = substr($s, 0, 400) . " ... " . substr($s, strlen($s) - 400);
}
debug("Slow Query (" . round($endtime - $starttime, 2) . "s): " . HTMLEntities($s, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "`n");
}
unset($dbinfo['affected_rows']);
$dbinfo['affected_rows'] = db_affected_rows();
$dbinfo['querytime'] += $endtime - $starttime;
return $r;
}
function redirect($location, $reason = false)
{
global $session, $REQUEST_URI;
// This function is deliberately not localized. It is meant as error
// handling.
if (strpos($location, "badnav.php") === false) {
//deliberately html in translations so admins can personalize this, also in once scheme
$session['allowednavs'] = array();
addnav("", $location);
$session['output'] = "<a href=\"" . HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">" . translate_inline("Click here.", "badnav") . "</a>";
$session['output'] .= translate_inline("<br><br>If you cannot leave this page, notify the staff via <a href='petition.php'>petition</a> and tell them where this happened and what you did. Thanks.", "badnav");
}
restore_buff_fields();
$session['debug'] .= "Redirected to {$location} from {$REQUEST_URI}. {$reason}<br>";
saveuser();
@header("Location: {$location}");
//echo "<html><head><meta http-equiv='refresh' content='0;url=$location'></head></html>";
//echo "<a href='$location'>$location</a><br><br>";
//echo $location;
//echo $session['debug'];
exit;
}
function redirect($location, $reason = false)
{
global $session, $REQUEST_URI;
// This function is deliberately not localized. It is meant as error
// handling.
if (strpos($location, "badnav.php") === false) {
//deliberately html in translations so admins can personalize this, also in once scheme
$session['allowednavs'] = array();
addnav("", $location);
addnav("", HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
$session['output'] = "<a href=\"" . HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">" . translate_inline("Click here.", "badnav") . "</a>";
$session['output'] .= translate_inline("<br><br><b>You've got a BadNav!</b> <a href=\"http://enquirer.improbableisland.com/dokuwiki/doku.php?id=badnav\">Click here to find out what that is.</a> If you see this message consistently, please add your tuppence'orth to <a href='http://enquirer.improbableisland.com/forum/viewtopic.php?showtopic=19239'>this forum thread</a>.<br /><br />If you cannot leave this page by clicking the first link above, notify the staff via <a href='petition.php'>petition</a> and tell them what you were doing just before this happened. Also copy and paste everything that appears below this message. Thanks!<br><br>BADNAV REPORT<br>Attempted redirect: \"" . $location . "\"<br>Sanitized attempted redirect: \"" . HTMLEntities($location, ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\"<br>Redirect reason: \"" . $reason . "\"", "badnav");
}
restore_buff_fields();
$session['debug'] .= "Redirected to {$location} from {$REQUEST_URI}. {$reason}<br>";
saveuser();
@header("Location: {$location}");
//echo "<html><head><meta http-equiv='refresh' content='0;url=$location'></head></html>";
//echo "<a href='$location'>$location</a><br><br>";
//echo $location;
//echo $session['debug'];
exit;
}
if ($row['acctid'] > 0) {
addnav("Edit User Record", "user.php?op=edit&userid={$row['acctid']}&returnpetition={$_GET['id']}");
}
output("`@From: ");
$row[body] = stripslashes($row[body]);
if ($row['login'] > "") {
output("<a href=\"mail.php?op=write&to=" . rawurlencode($row[login]) . "&body=" . URLEncode("\n\n----- Your Petition -----\n" . $row[body]) . "&subject=RE:+Petition\" target=\"_blank\" onClick=\"" . popup("mail.php?op=write&to=" . rawurlencode($row[login]) . "&body=" . URLEncode("\n\n----- Your Petition -----\n" . $row[body]) . "&subject=RE:+Petition") . ";return false;\"><img src='images/newscroll.png' width='16' height='16' alt='Write Mail' border='0'></a>", true);
}
output("`^`b{$row['name']}`b`n");
output("`@Date: `^`b{$row['date']}`b`n");
output("`@Body:`^`n");
$body = HTMLEntities($row[body]);
$body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: Petition&body=" . str_replace("+", " ", URLEncode("\n\n----- Your Petition -----\n" . $row[body])) . "'>\\1</a>", $body);
$body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
$output .= "<span style='font-family: fixed-width'>" . nl2br($body) . "</span>";
output("`n`@Commentary:`n");
viewcommentary("pet-{$_GET['id']}", "Add", 200);
if ($_GET['viewpageinfo']) {
output("`n`n`@Page Info:`&`n");
$row[pageinfo] = stripslashes($row[pageinfo]);
$body = HTMLEntities($row[pageinfo]);
$body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: Petition&body=" . str_replace("+", " ", URLEncode("\n\n----- Your Petition -----\n" . $row[body])) . "'>\\1</a>", $body);
$body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
$output .= "<span style='font-family: fixed-width'>" . nl2br($body) . "</span>";
}
if ($row[status] == 0) {
$sql = "UPDATE petitions SET status=1 WHERE petitionid='{$_GET['id']}'";
$result = db_query($sql);
}
}
page_footer();
function HandleNews($Data, $Code)
{
if ($Code !== 200) {
return;
}
global $PSA, $m;
$Data = JSON_Decode($Data, true);
if ($Data === false || empty($Data)) {
$m->set('mc_status_mojang', '', 300);
return;
}
$PSA = '';
foreach ($Data as $Message) {
if ($Message['game'] !== 'Minecraft') {
continue;
}
if (!empty($PSA)) {
$PSA .= '<hr class="dotted">';
}
$PSA .= '<h3 style="margin-top:0">' . HTMLEntities($Message['headline']) . ' <span class="muted" style="font-weight:400">(from <a href="http://help.mojang.com/">help.mojang.com</a>)</span></h3>' . $Message['message'];
}
$m->set('mc_status_mojang', $PSA, 300);
}
addnav("", "taunt.php?op=save&tauntid={$_GET['tauntid']}");
if ($_GET['tauntid'] != "") {
$sql = "SELECT * FROM taunts WHERE tauntid=\"{$_GET['tauntid']}\"";
$result = db_query($sql) or die(db_error(LINK));
$row = db_fetch_assoc($result);
$taunt = $row['taunt'];
$taunt = str_replace("%s", "him", $taunt);
$taunt = str_replace("%o", "he", $taunt);
$taunt = str_replace("%p", "his", $taunt);
$taunt = str_replace("%x", "Pointy Twig", $taunt);
$taunt = str_replace("%X", "Sharp Teeth", $taunt);
$taunt = str_replace("%W", "Large Green Rat", $taunt);
$taunt = str_replace("%w", "JoeBloe", $taunt);
output("Preview: {$taunt}`0`n`n");
}
$output .= "Taunt: <input name='taunt' value=\"" . HTMLEntities($row['taunt']) . "\" size='70'><br>";
output("The following codes are supported (case matters):`n");
output("%w = Fight loser name`n");
output("%x = Fight loser weapon`n");
output("%s = Fight loser Subjective (him her)`n");
output("%p = Fight loser possessive (his her)`n");
output("%o = Fight loser objective (he she)`n");
output("%W = Fight winner name`n");
output("%X = Fight winner weapon`n");
output("<input type='submit' class='button' value='Save'>", true);
output("</form>", true);
} else {
if ($_GET['op'] == "del") {
$sql = "DELETE FROM taunts WHERE tauntid=\"{$_GET['tauntid']}\"";
db_query($sql) or die(db_error(LINK));
redirect("taunt.php?c=x");
output("<input type='hidden' name='to' value='".HTMLEntities($row['login'])."'><input type='hidden' name='amount' value='$amt'><input type='submit' class='button' value='Complete Transfer'></form>",true);
addnav("","bank.php?op=transfer3");
}elseif(db_num_rows($result)>100){
output("The banker looks at you disgustedly and suggests you try narrowing down the field of who you want to send money to just a little bit!`n`n");
output("<form action='bank.php?op=transfer2' method='POST'>Transfer <u>h</u>ow much: <input name='amount' id='amount' accesskey='h' width='5' value='$amt'>`n",true);
output("T<u>o</u>: <input name='to' accesskey='o' value='". $_POST['to'] . "'> (partial names are ok, you will be asked to confirm the transaction before it occurs).`n",true);
output("<input type='submit' class='button' value='Preview Transfer'></form>",true);
output("<script language='javascript'>document.getElementById('amount').focus();</script>",true);
addnav("","bank.php?op=transfer2");
}elseif(db_num_rows($result)>1){
output("<form action='bank.php?op=transfer3' method='POST'>",true);
output("`6Transfer `^$amt`6 to <select name='to' class='input'>",true);
for ($i=0;$i<db_num_rows($result);$i++){
$row = db_fetch_assoc($result);
//output($row[name]." ".$row[login]."`n");
output("<option value=\"".HTMLEntities($row['login'])."\">".preg_replace("'[`].'","",$row['name'])."</option>",true);
}
output("</select><input type='hidden' name='amount' value='$amt'><input type='submit' class='button' value='Complete Transfer'></form>",true);
addnav("","bank.php?op=transfer3");
}else{
output("`6No one matching that name could be found! Please try again.");
}
}else if($_GET['op']=="transfer3"){
$amt = abs((int)$_POST['amount']);
output("`6`bTransfer Completion`b`n");
if ($session[user][gold]+$session[user][goldinbank]<$amt){
output("`6How can you transfer `^$amt`6 gold when you only possess ".($session[user][gold]+$session[user][goldinbank])."`6?");
}else{
$sql = "SELECT name,acctid,level,transferredtoday FROM accounts WHERE login='******'to']}'";
$result = db_query($sql);
if (db_num_rows($result)==1){
$sql = "SELECT name,lastip,uniqueid FROM " . db_prefix("accounts") . " WHERE acctid=\"{$userid}\"";
$result = db_query($sql);
$row = db_fetch_assoc($result);
if ($row['name'] != "") {
output("Setting up ban information based on `\$%s`0", $row['name']);
}
rawoutput("<form action='user.php?op=saveban' method='POST'>");
output("Set up a new ban by IP or by ID (recommended IP, though if you have several different users behind a NAT, you can try ID which is easily defeated)`n");
rawoutput("<input type='radio' value='ip' id='ipradio' name='type' checked>");
output("IP: ");
rawoutput("<input name='ip' id='ip' value=\"" . HTMLEntities($row['lastip'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">");
output_notl("`n");
rawoutput("<input type='radio' value='id' name='type'>");
output("ID: ");
rawoutput("<input name='id' value=\"" . HTMLEntities($row['uniqueid'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">");
output("`nDuration: ");
rawoutput("<input name='duration' id='duration' size='3' value='14'>");
output("Days (0 for permanent)`n");
$reason = httpget("reason");
if ($reason == "") {
$reason = translate_inline("Don't mess with me.");
}
output("Reason for the ban: ");
rawoutput("<input name='reason' size=50 value=\"{$reason}\">");
output_notl("`n");
$pban = translate_inline("Post ban");
$conf = translate_inline("Are you sure you wish to issue a permanent ban?");
rawoutput("<input type='submit' class='button' value='{$pban}' onClick='if (document.getElementById(\"duration\").value==0) {return confirm(\"{$conf}\");} else {return true;}'>");
rawoutput("</form>");
output("For an IP ban, enter the beginning part of the IP you wish to ban if you wish to ban a range, or simply a full IP to ban a single IP`n`n");
$sql = "SELECT count,last,uri FROM referers WHERE site='".addslashes($row['site'])."' ORDER BY {$order}";
$result1 = db_query($sql);
$skippedcount=0;
$skippedtotal=0;
for ($k=0;$k<db_num_rows($result1);$k++){
$row1=db_fetch_assoc($result1);
$diffsecs = strtotime("now")-strtotime($row1['last']);
if ($diffsecs<=604800){
output("<tr class='trlight'><td>",true);
output($row1['count']);
output("</td><td valign='top'>",true);
//output((int)($diffsecs/86400)."d".(int)($diffsecs/3600%3600)."h".(int)($diffsecs/60%60)."m".(int)($diffsecs%60)."s");
output(dhms($diffsecs));
output("</td><td valign='top'>",true);
if ($row1['uri']>"")
output("<a href='".HTMLEntities($row1['uri'])."' target='_blank'>".HTMLEntities(substr($row1['uri'],0,150))."</a>`n",true);
else
output("`i`bNone`b`i`n");
output("</td></tr>",true);
}else{
$skippedcount++;
$skippedtotal+=$row1['count'];
}
}
if ($skippedcount>0){
output("<tr class='trlight'><td>$skippedtotal</td><td valign='top' colspan='2'>`i$skippedcount records skipped (over a week old)`i</td></tr>",true);
}
//output("</td></tr>",true);
}
output("</table>",true);
page_footer();
output_notl("`^`b%s`b`n", $row['name']);
output("`@Date: `^`b%s`b (%s)`n", $row['date'], relativedate($row['date']));
output("`@Status: %s`n", $statuses[$row['status']]);
if ($row['closedate'] != '0000-00-00 00:00:00') {
output("`@Last Update: `^%s`@ on `^%s (%s)`n", $row['closer'], $row['closedate'], dhms(strtotime('now') - strtotime($row['closedate']), true));
}
output("`@Body:`^`n");
$body = htmlentities(stripslashes($row['body']), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
$body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: {$peti}&body=" . str_replace("+", " ", URLEncode("\n\n----- {$yourpeti} -----\n" . $row['body'])) . "'>\\1</a>", $body);
$body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
rawoutput("<span style='font-family: fixed-width'>" . nl2br($body) . "</span>");
commentdisplay("`n`@Commentary:`0`n", "pet-{$id}", "Add information", 200);
if ($viewpageinfo) {
output("`n`n`@Page Info:`&`n");
$row['pageinfo'] = stripslashes($row['pageinfo']);
$body = HTMLEntities($row['pageinfo'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
$body = preg_replace("'([[:alnum:]_.-]+[@][[:alnum:]_.-]{2,}([.][[:alnum:]_.-]{2,})+)'i", "<a href='mailto:\\1?subject=RE: {$peti}&body=" . str_replace("+", " ", URLEncode("\n\n----- {$yourpeti} -----\n" . $row['body'])) . "'>\\1</a>", $body);
$body = preg_replace("'([\\[][[:alnum:]_.-]+[\\]])'i", "<span class='colLtRed'>\\1</span>", $body);
rawoutput("<pre>" . nl2br($body) . "</pre>");
}
}
if ($id && $op != "") {
$prevsql = "SELECT p1.petitionid, p1.status FROM " . db_prefix("petitions") . " AS p1, " . db_prefix("petitions") . " AS p2\n WHERE p1.petitionid<'{$id}' AND p2.petitionid='{$id}' AND p1.status=p2.status ORDER BY p1.petitionid DESC LIMIT 1";
$prevresult = db_query($prevsql);
$prevrow = db_fetch_assoc($prevresult);
if ($prevrow) {
$previd = $prevrow['petitionid'];
$s = $prevrow['status'];
$status = $statuses[$s];
addnav("Navigation");
addnav(array("Previous %s", $status), "viewpetition.php?op=view&id={$previd}");
addnav("Refresh the list", "inn.php?op=bartender&act=listupstairs");
output("%s`0 lays out a set of keys on the counter top, and tells you which key opens whose room. The choice is yours, you may sneak in and attack any one of them.", $barkeep);
pvplist($iname, "pvp.php", "?act=attack&inn=1");
} else {
if ($act == "colors") {
output("%s`0 leans on the bar. \"`%So you want to know about colors, do you?`0\" he asks.", $barkeep);
output("You are about to answer when you realize the question was posed in the rhetoric.");
output("%s`0 continues, \"`%To do colors, here's what you need to do.", $barkeep);
output(" First, you use a ` mark (found right above the tab key) followed by 1, 2, 3, 4, 5, 6, 7, !, @, #, \$, %, ^, &.", true);
output("Each of those corresponds with a color to look like this:");
output_notl("`n`1`1 `2`2 `3`3 `4`4 `5`5 `6`6 `7`7 ", true);
output_notl("`n`!`! `@`@ `#`# `\$`\$ `%`% `^`^ `&`& `n", true);
output("`% Got it?`0\" You can practice below:");
rawoutput("<form action=\"{$REQUEST_URI}\" method='POST'>", true);
$testtext = httppost('testtext');
output("You entered %s`n", prevent_colors(HTMLEntities($testtext, ENT_COMPAT, getsetting("charset", "ISO-8859-1"))), true);
output("It looks like %s`n", $testtext);
$try = translate_inline("Try");
rawoutput("<input name='testtext' id='input'>");
rawoutput("<input type='submit' class='button' value='{$try}'>");
rawoutput("</form>");
rawoutput("<script language='javascript'>document.getElementById('input').focus();</script>");
output("`0`n`nThese colors can be used in your name, and in any conversations you have.");
addnav("", $REQUEST_URI);
} else {
if ($act == "specialty") {
$specialty = httpget('specialty');
if ($specialty == "") {
output("\"`2I want to change my specialty,`0\" you announce to %s`0.`n`n", $barkeep);
output("With out a word, %s`0 grabs you by the shirt, pulls you over the counter, and behind the barrels behind him.", $barkeep);
output("There, he rotates the tap on a small keg labeled \"Fine Swill XXX\"`n`n");
rawoutput("<input name='name' id='name'> <input type='submit' class='button' value='{$submit}'>");
rawoutput("</form>");
rawoutput("<script language='JavaScript'>document.getElementById('name').focus()</script>");
} else {
output("Which player did you mean?`n`n");
rawoutput("<table cellpadding='3' cellspacing='0' border='0'>");
rawoutput("<tr class='trhead'><td>Name</td><td>Level</td></tr>");
for ($i = 0; $i < db_num_rows($result); $i++) {
$row = db_fetch_assoc($result);
rawoutput("<tr class='" . ($i % 2 ? "trlight" : "trdark") . "'><td>");
rawoutput("<a href='runmodule.php?module=dwellingseditor&op=keys&subop=givekey3&keyid={$keyid}&dwid={$dwid}&keyowner=" . HTMLEntities($row['acctid']) . "'>");
output_notl($row['name']);
rawoutput("</a></td><td>");
output_notl($row['level']);
rawoutput("</td></tr>");
addnav("", "runmodule.php?module=dwellingseditor&op=keys&subop=givekey3&keyid={$keyid}&dwid={$dwid}&keyowner=" . HTMLEntities($row['acctid']));
}
rawoutput("</table>");
}
}
if ($subop == "givekey3") {
$keyowner = httpget('keyowner');
if ($keyid == "") {
$sql = "SELECT keyid FROM " . db_prefix("dwellingkeys") . " WHERE keyowner = 0 AND dwid = {$dwid} LIMIT 1";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$keyid = $row['keyid'];
}
if ($keyid == "") {
$sql = "INSERT INTO " . db_prefix("dwellingkeys") . " (dwid,dwidowner,keyowner) VALUES ({$dwid}," . $session['user']['acctid'] . ",{$keyowner})";
} else {
//$session[user][hitpoints]=0;
//$session[user][alive]=0;
$session['user']['experience'] = round($session['user']['experience'] * 0.9, 0);
addnews($session['user']['name'] . " was penalized for attempting to defile the gods.");
output("You've attempted to defile the gods. You are struck with a wand of forgetfulness. Some of what you knew, you no longer know.");
saveuser();
}
}
}
if ($_GET['op'] == "add") {
if ($session['user']['superuser'] >= 3) {
if ($_POST['subject'] == "" || $_POST['body'] == "") {
output("<form action='motd.php?op=add' method='POST'>", true);
addnav("", "motd.php?op=add");
output("<input type='text' size='50' name='subject' value='" . HTMLEntities(stripslashes($_POST['subject'])) . "'>`n", true);
output("<textarea class='input' name='body' cols='37' rows='5'>" . HTMLEntities(stripslashes($_POST['body'])) . "</textarea>`n", true);
output("<input type='submit' class='button' value='Add'></form>", true);
} else {
$sql = "INSERT INTO motd (motdtitle,motdbody,motddate) VALUES ('" . $_POST['subject'] . "','" . $_POST['body'] . "',now())";
db_query($sql);
header("Location: motd.php");
exit;
}
} else {
if ($session['user']['loggedin']) {
//$session[user][hitpoints]=0;
//$session[user][alive]=0;
$session['user']['experience'] = round($session['user']['experience'] * 0.9, 0);
addnews($session['user']['name'] . " was penalized for attempting to defile the gods.");
output("You've attempted to defile the gods. You are struck with a wand of forgetfulness. Some of what you knew, you no longer know.");
saveuser();
if (count($skins)==0){
output("`b`@Aww, your administrator has decided you're not allowed to have any skins. Complain to them, not me.`n");
}else{
output("<b>Skin:</b><br>",true);
while (list($key,$val)=each($skins)){
output("<input type='radio' name='template' value='$val'".($_COOKIE['template']==""&&$val=="yarbrough.htm" || $_COOKIE['template']==$val?" checked":"").">".substr($val,0,strpos($val,".htm"))."<br>",true);
}
}
}else{
output("`c`b`\$ERROR!!!`b`c`&Unable to open the templates folder! Please notify the administrator!!");
}
output("
New Password: <input name='pass1' type='password'> (leave blank if you don't want to change it)`n
Retype: <input name='pass2' type='password'>`n
Email address: <input name='email' value=\"".HTMLEntities($session['user']['emailaddress'])."\">`n
",true);
$prefs = $session['user']['prefs'];
$prefs['bio'] = $session['user']['bio'];
showform($form,$prefs);
output("
</form>",true);
addnav("","prefs.php?op=save");
// Stop clueless lusers from deleting their character just because a
// monster killed them.
if ($session['user']['alive'] && getsetting("selfdelete",0)!=0) {
output("<form action='prefs.php?op=suicide&userid={$session['user']['acctid']}' method='POST'>",true);
output("<input type='submit' class='button' value='Delete Character' onClick='return confirm(\"Are you sure you wish to delete your character?\");'>", true);
output("</form>",true);
addnav("","prefs.php?op=suicide&userid={$session['user']['acctid']}");
echo "Ok - added";
}
}elseif ($_GET[op]=="net"){
$sql = "SELECT address,description FROM logdnet WHERE lastupdate > '".date("Y-m-d H:i:s",strtotime("-7 days"))."' ORDER BY priority DESC";
$result=db_query($sql);
for ($i=0;$i<db_num_rows($result);$i++){
$row = db_fetch_assoc($result);
$row = serialize($row);
echo $row."\n";
}
}else{
page_header("LoGD Net");
//$sql = "SELECT * FROM logdnet ORDER BY priority DESC";
//$result=db_query($sql);
addnav("Return to the login page","index.php");
output("`@Below are a list of other LoGD servers that have registered with the LoGD Net.");
output("<table>",true);
$servers=file(getsetting("logdnetserver","http://lotgd.net/")."logdnet.php?op=net");
while (list($key,$val)=each($servers)){
$row=unserialize($val);
if (trim($row[description])=="") $row[description]="Another LoGD Server";
if (substr($row[address],0,7)!="http://"){
}else{
output("<tr><td><a href='".HTMLEntities($row[address])."' target='_blank'>".soap(HTMLEntities($row[description]))."`0</a></td></tr>",true);
}
}
output("</table>",true);
page_footer();
}
?>
function viewcommentary($section, $message = "Interject your own commentary?", $limit = 10, $talkline = "says", $schema = false)
{
global $session, $REQUEST_URI, $doublepost, $translation_namespace;
global $emptypost;
rawoutput("<a name='{$section}'></a>");
// Let's add a hook for modules to block commentary sections
$args = modulehook("blockcommentarea", array("section" => $section));
if (isset($args['block']) && $args['block'] == "yes") {
return;
}
if ($schema === false) {
$schema = $translation_namespace;
}
tlschema("commentary");
$nobios = array("motd.php" => true);
if (!array_key_exists(basename($_SERVER['SCRIPT_NAME']), $nobios)) {
$nobios[basename($_SERVER['SCRIPT_NAME'])] = false;
}
if ($nobios[basename($_SERVER['SCRIPT_NAME'])]) {
$linkbios = false;
} else {
$linkbios = true;
}
if ($message == "X") {
$linkbios = true;
}
if ($doublepost) {
output("`\$`bDouble post?`b`0`n");
}
if ($emptypost) {
output("`\$`bWell, they say silence is a virtue.`b`0`n");
}
$clanrankcolors = array("`!", "`#", "`^", "`&", "`\$");
// Needs to be here because scrolling through the commentary pages, entering a bio, then scrolling again forward
// then re-entering another bio will lead to $com being smaller than 0 and this will lead to an SQL error later on.
$com = (int) httpget("comscroll");
if ($com < 0) {
$com = 0;
}
$cc = false;
if (httpget("comscroll") !== false && (int) $session['lastcom'] == $com + 1) {
$cid = (int) $session['lastcommentid'];
} else {
$cid = 0;
}
$session['lastcom'] = $com;
if ($com > 0 || $cid > 0) {
// Find newly added comments.
$sql = "SELECT COUNT(commentid) AS newadded FROM " . db_prefix("commentary") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("commentary") . ".author WHERE section='{$section}' AND " . "(" . db_prefix("accounts") . ".locked=0 or " . db_prefix('accounts') . ".locked is null) AND commentid > '{$cid}'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$newadded = $row['newadded'];
} else {
$newadded = 0;
}
$commentbuffer = array();
if ($cid == 0) {
$sql = "SELECT " . db_prefix("commentary") . ".*, " . db_prefix("accounts") . ".name, " . db_prefix("accounts") . ".acctid, " . db_prefix("accounts") . ".clanrank, " . db_prefix("clans") . ".clanshort FROM " . db_prefix("commentary") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("commentary") . ".author LEFT JOIN " . db_prefix("clans") . " ON " . db_prefix("clans") . ".clanid=" . db_prefix("accounts") . ".clanid WHERE section = '{$section}' AND " . "( " . db_prefix("accounts") . ".locked=0 OR " . db_prefix("accounts") . ".locked is null ) " . "ORDER BY commentid DESC LIMIT " . $com * $limit . ",{$limit}";
if ($com == 0 && strstr($_SERVER['REQUEST_URI'], "/moderate.php") !== $_SERVER['REQUEST_URI']) {
$result = db_query_cached($sql, "comments-{$section}");
} else {
$result = db_query($sql);
}
while ($row = db_fetch_assoc($result)) {
$commentbuffer[] = $row;
}
} else {
$sql = "SELECT " . db_prefix("commentary") . ".*, " . db_prefix("accounts") . ".name, " . db_prefix("accounts") . ".acctid, " . db_prefix("accounts") . ".clanrank, " . db_prefix("clans") . ".clanshort FROM " . db_prefix("commentary") . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid = " . db_prefix("commentary") . ".author LEFT JOIN " . db_prefix("clans") . " ON " . db_prefix("clans") . ".clanid=" . db_prefix("accounts") . ".clanid WHERE section = '{$section}' AND " . "( " . db_prefix("accounts") . ".locked=0 OR " . db_prefix("accounts") . ".locked is null ) " . "AND commentid > '{$cid}' " . "ORDER BY commentid ASC LIMIT {$limit}";
$result = db_query($sql);
while ($row = db_fetch_assoc($result)) {
$commentbuffer[] = $row;
}
$commentbuffer = array_reverse($commentbuffer);
}
$rowcount = count($commentbuffer);
if ($rowcount > 0) {
$session['lastcommentid'] = $commentbuffer[0]['commentid'];
}
$counttoday = 0;
for ($i = 0; $i < $rowcount; $i++) {
$row = $commentbuffer[$i];
$row['comment'] = comment_sanitize($row['comment']);
$commentids[$i] = $row['commentid'];
if (date("Y-m-d", strtotime($row['postdate'])) == date("Y-m-d")) {
if ($row['name'] == $session['user']['name']) {
$counttoday++;
}
}
$x = 0;
$ft = "";
for ($x = 0; strlen($ft) < 5 && $x < strlen($row['comment']); $x++) {
if (substr($row['comment'], $x, 1) == "`" && strlen($ft) == 0) {
$x++;
} else {
$ft .= substr($row['comment'], $x, 1);
}
}
$link = "bio.php?char=" . $row['acctid'] . "&ret=" . URLEncode($_SERVER['REQUEST_URI']);
if (substr($ft, 0, 2) == "::") {
$ft = substr($ft, 0, 2);
} elseif (substr($ft, 0, 1) == ":") {
$ft = substr($ft, 0, 1);
} elseif (substr($ft, 0, 3) == "/me") {
$ft = substr($ft, 0, 3);
}
$row['comment'] = holidayize($row['comment'], 'comment');
$row['name'] = holidayize($row['name'], 'comment');
if ($row['clanrank']) {
$row['name'] = ($row['clanshort'] > "" ? "{$clanrankcolors[ceil($row['clanrank'] / 10)]}<`2{$row['clanshort']}{$clanrankcolors[ceil($row['clanrank'] / 10)]}> `&" : "") . $row['name'];
}
if ($ft == "::" || $ft == "/me" || $ft == ":") {
$x = strpos($row['comment'], $ft);
if ($x !== false) {
if ($linkbios) {
$op[$i] = str_replace("&", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0<a href='{$link}' style='text-decoration: none'>\n`&{$row['name']}`0</a>\n`& " . str_replace("&", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
} else {
$op[$i] = str_replace("&", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`&{$row['name']}`0`& " . str_replace("&", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
}
$rawc[$i] = str_replace("&", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`&{$row['name']}`0`& " . str_replace("&", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
}
}
if ($ft == "/game" && !$row['name']) {
$x = strpos($row['comment'], $ft);
if ($x !== false) {
$op[$i] = str_replace("&", "&", HTMLEntities(substr($row['comment'], 0, $x), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`&" . str_replace("&", "&", HTMLEntities(substr($row['comment'], $x + strlen($ft)), ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`0`n";
}
}
if (!isset($op) || !is_array($op)) {
$op = array();
}
if (!array_key_exists($i, $op) || $op[$i] == "") {
if ($linkbios) {
$op[$i] = "`0<a href='{$link}' style='text-decoration: none'>`&{$row['name']}`0</a>`3 says, \"`#" . str_replace("&", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`3\"`0`n";
} elseif (substr($ft, 0, 5) == '/game' && !$row['name']) {
$op[$i] = str_replace("&", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
} else {
$op[$i] = "`&{$row['name']}`3 says, \"`#" . str_replace("&", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`3\"`0`n";
}
$rawc[$i] = "`&{$row['name']}`3 says, \"`#" . str_replace("&", "&", HTMLEntities($row['comment'], ENT_COMPAT, getsetting("charset", "ISO-8859-1"))) . "`3\"`0`n";
}
if (!array_key_exists('timestamp', $session['user']['prefs'])) {
$session['user']['prefs']['timestamp'] = 0;
}
$session['user']['prefs']['timeoffset'] = round($session['user']['prefs']['timeoffset'], 1);
if ($session['user']['prefs']['timestamp'] == 1) {
if (!isset($session['user']['prefs']['timeformat'])) {
$session['user']['prefs']['timeformat'] = "[m/d h:ia]";
}
$time = strtotime($row['postdate']) + $session['user']['prefs']['timeoffset'] * 60 * 60;
$s = date("`7" . $session['user']['prefs']['timeformat'] . "`0 ", $time);
$op[$i] = $s . $op[$i];
} elseif ($session['user']['prefs']['timestamp'] == 2) {
$s = reltime(strtotime($row['postdate']));
$op[$i] = "`7({$s})`0 " . $op[$i];
}
if ($message == "X") {
$op[$i] = "`0({$row['section']}) " . $op[$i];
}
if ($row['postdate'] >= $session['user']['recentcomments']) {
$op[$i] = "<img src='images/new.gif' alt='>' width='3' height='5' align='absmiddle'> " . $op[$i];
}
addnav("", $link);
$auth[$i] = $row['author'];
if (isset($rawc[$i])) {
$rawc[$i] = full_sanitize($rawc[$i]);
$rawc[$i] = htmlentities($rawc[$i], ENT_QUOTES, getsetting("charset", "ISO-8859-1"));
}
}
$i--;
$outputcomments = array();
$sect = "x";
$moderating = false;
if ($session['user']['superuser'] & SU_EDIT_COMMENTS && $message == "X") {
$moderating = true;
}
$del = translate_inline("Del");
$scriptname = substr($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], "/") + 1);
$pos = strpos($_SERVER['REQUEST_URI'], "?");
$return = $scriptname . ($pos == false ? "" : substr($_SERVER['REQUEST_URI'], $pos));
$one = strstr($return, "?") == false ? "?" : "&";
for (; $i >= 0; $i--) {
$out = "";
if ($moderating) {
if ($session['user']['superuser'] & SU_EDIT_USERS) {
$out .= "`0[ <input type='checkbox' name='comment[{$commentids[$i]}]'> | <a href='user.php?op=setupban&userid=" . $auth[$i] . "&reason=" . rawurlencode($rawc[$i]) . "'>Ban</a> ] ";
addnav("", "user.php?op=setupban&userid={$auth[$i]}&reason=" . rawurlencode($rawc[$i]));
} else {
$out .= "`0[ <input type='checkbox' name='comment[{$commentids[$i]}]'> ] ";
}
$matches = array();
preg_match("/[(]([^)]*)[)]/", $op[$i], $matches);
$sect = trim($matches[1]);
if (substr($sect, 0, 5) != "clan-" || $sect == $section) {
if (substr($sect, 0, 4) != "pet-") {
$out .= $op[$i];
if (!isset($outputcomments[$sect]) || !is_array($outputcomments[$sect])) {
$outputcomments[$sect] = array();
}
array_push($outputcomments[$sect], $out);
}
}
} else {
if ($session['user']['superuser'] & SU_EDIT_COMMENTS) {
$out .= "`2[<a href='" . $return . $one . "removecomment={$commentids[$i]}§ion={$section}&returnpath=" . URLEncode($return) . "'>{$del}</a>`2]`0 ";
addnav("", $return . $one . "removecomment={$commentids[$i]}§ion={$section}&returnpath=" . URLEncode($return) . "");
}
$out .= $op[$i];
if (!array_key_exists($sect, $outputcomments) || !is_array($outputcomments[$sect])) {
$outputcomments[$sect] = array();
}
array_push($outputcomments[$sect], $out);
}
}
if ($moderating) {
$scriptname = substr($_SERVER['SCRIPT_NAME'], strrpos($_SERVER['SCRIPT_NAME'], "/") + 1);
addnav("", "{$scriptname}?op=commentdelete&return=" . URLEncode($_SERVER['REQUEST_URI']));
$mod_Del1 = htmlentities(translate_inline("Delete Checked Comments"), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
$mod_Del2 = htmlentities(translate_inline("Delete Checked & Ban (3 days)"), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
$mod_Del_confirm = addslashes(htmlentities(translate_inline("Are you sure you wish to ban this user and have you specified the exact reason for the ban, i.e. cut/pasted their offensive comments?"), ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
$mod_reason = translate_inline("Reason:");
$mod_reason_desc = htmlentities(translate_inline("Banned for comments you posted."), ENT_COMPAT, getsetting("charset", "ISO-8859-1"));
output_notl("<form action='{$scriptname}?op=commentdelete&return=" . URLEncode($_SERVER['REQUEST_URI']) . "' method='POST'>", true);
output_notl("<input type='submit' class='button' value=\"{$mod_Del1}\">", true);
output_notl("<input type='submit' class='button' name='delnban' value=\"{$mod_Del2}\" onClick=\"return confirm('{$mod_Del_confirm}');\">", true);
output_notl("`n{$mod_reason} <input name='reason0' size='40' value=\"{$mod_reason_desc}\" onChange=\"document.getElementById('reason').value=this.value;\">", true);
}
//output the comments
ksort($outputcomments);
reset($outputcomments);
$sections = commentarylocs();
$needclose = 0;
while (list($sec, $v) = each($outputcomments)) {
if ($sec != "x") {
if ($needclose) {
modulehook("}collapse");
}
output_notl("`n<hr><a href='moderate.php?area=%s'>`b`^%s`0`b</a>`n", $sec, isset($sections[$sec]) ? $sections[$sec] : "({$sec})", true);
addnav("", "moderate.php?area={$sec}");
modulehook("collapse{", array("name" => "com-" . $sec));
$needclose = 1;
} else {
modulehook("collapse{", array("name" => "com-" . $section));
$needclose = 1;
}
reset($v);
while (list($key, $val) = each($v)) {
$args = array('commentline' => $val);
$args = modulehook("viewcommentary", $args);
$val = $args['commentline'];
output_notl($val, true);
}
}
if ($moderating && $needclose) {
modulehook("}collapse");
$needclose = 0;
}
if ($moderating) {
output_notl("`n");
rawoutput("<input type='submit' class='button' value=\"{$mod_Del1}\">");
rawoutput("<input type='submit' class='button' name='delnban' value=\"{$mod_Del2}\" onClick=\"return confirm('{$mod_Del_confirm}');\">");
output_notl("`n%s ", $mod_reason);
rawoutput("<input name='reason' size='40' id='reason' value=\"{$mod_reason_desc}\">");
rawoutput("</form>");
output_notl("`n");
}
if ($session['user']['loggedin']) {
$args = modulehook("insertcomment", array("section" => $section));
if (array_key_exists("mute", $args) && $args['mute'] && !($session['user']['superuser'] & SU_EDIT_COMMENTS)) {
output_notl("%s", $args['mutemsg']);
} elseif ($counttoday < $limit / 2 || $session['user']['superuser'] & ~SU_DOESNT_GIVE_GROTTO || !getsetting('postinglimit', 1)) {
if ($message != "X") {
$message = "`n`@{$message}`n";
output($message);
talkform($section, $talkline, $limit, $schema);
}
} else {
$message = "`n`@{$message}`n";
output($message);
output("Sorry, you've exhausted your posts in this section for now.`0`n");
}
}
$jump = false;
if (!isset($session['user']['prefs']['nojump']) || $session['user']['prefs']['nojump'] == false) {
$jump = true;
}
$firstu = translate_inline("<< First Unseen");
$prev = translate_inline("< Previous");
$ref = translate_inline("Refresh");
$next = translate_inline("Next >");
$lastu = translate_inline("Last Page >>");
if ($rowcount >= $limit || $cid > 0) {
$sql = "SELECT count(commentid) AS c FROM " . db_prefix("commentary") . " WHERE section='{$section}' AND postdate > '{$session['user']['recentcomments']}'";
$r = db_query($sql);
$val = db_fetch_assoc($r);
$val = round($val['c'] / $limit + 0.5, 0) - 1;
if ($val > 0) {
$first = comscroll_sanitize($REQUEST_URI) . "&comscroll=" . $val;
$first = str_replace("?&", "?", $first);
if (!strpos($first, "?")) {
$first = str_replace("&", "?", $first);
}
$first .= "&refresh=1";
if ($jump) {
$first .= "#{$section}";
}
output_notl("<a href=\"{$first}\">{$firstu}</a>", true);
addnav("", $first);
} else {
output_notl($firstu, true);
}
$req = comscroll_sanitize($REQUEST_URI) . "&comscroll=" . ($com + 1);
$req = str_replace("?&", "?", $req);
if (!strpos($req, "?")) {
$req = str_replace("&", "?", $req);
}
$req .= "&refresh=1";
if ($jump) {
$req .= "#{$section}";
}
output_notl("<a href=\"{$req}\">{$prev}</a>", true);
addnav("", $req);
} else {
output_notl("{$firstu} {$prev}", true);
}
$last = appendlink(comscroll_sanitize($REQUEST_URI), "refresh=1");
// Okay.. we have some smart-ass (or stupidass, you guess) players
// who think that the auto-reload firefox plugin is a good way to
// avoid our timeouts. Won't they be surprised when I take that little
// hack away.
$last = appendcount($last);
$last = str_replace("?&", "?", $last);
if ($jump) {
$last .= "#{$section}";
}
//if (!strpos($last,"?")) $last = str_replace("&","?",$last);
//debug($last);
output_notl(" <a href=\"{$last}\">{$ref}</a> ", true);
addnav("", $last);
if ($com > 0 || $cid > 0 && $newadded > $limit) {
$req = comscroll_sanitize($REQUEST_URI) . "&comscroll=" . ($com - 1);
$req = str_replace("?&", "?", $req);
if (!strpos($req, "?")) {
$req = str_replace("&", "?", $req);
}
$req .= "&refresh=1";
if ($jump) {
$req .= "#{$section}";
}
output_notl(" <a href=\"{$req}\">{$next}</a>", true);
addnav("", $req);
output_notl(" <a href=\"{$last}\">{$lastu}</a>", true);
} else {
output_notl("{$next} {$lastu}", true);
}
if (!$cc) {
db_free_result($result);
}
tlschema();
if ($needclose) {
modulehook("}collapse");
}
}
function motd_poll_form()
{
global $session;
$subject = httppost('subject');
$body = httppost('body');
if ($subject == "" || $body == "") {
output("`\$NOTE:`^ Polls cannot be edited after they are begun in order to ensure fairness and accuracy of results.`0`n`n");
rawoutput("<form action='motd.php?op=addpoll' method='POST'>");
addnav("", "motd.php?op=add");
output("Subject: ");
rawoutput("<input type='text' size='50' name='subject' value=\"" . HTMLEntities(stripslashes($subject), ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\"><br/>");
output("Body:`n");
rawoutput("<textarea class='input' name='body' cols='37' rows='5'>" . HTMLEntities(stripslashes($body), ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "</textarea><br/>");
$option = translate_inline("Option");
output("Choices:`n");
$pollitem = "{$option} <input name='opt[]'><br/>";
rawoutput($pollitem);
rawoutput($pollitem);
rawoutput($pollitem);
rawoutput($pollitem);
rawoutput($pollitem);
rawoutput("<div id='hidepolls'>");
rawoutput("</div>");
rawoutput("<script language='JavaScript'>document.getElementById('hidepolls').innerHTML = '';</script>", true);
$addi = translate_inline("Add Poll Item");
$add = translate_inline("Add");
rawoutput("<a href=\"#\" onClick=\"javascript:document.getElementById('hidepolls').innerHTML += '" . addslashes($pollitem) . "'; return false;\">{$addi}</a><br>");
rawoutput("<input type='submit' class='button' value='{$add}'></form>");
} else {
$opt = httppost("opt");
$body = array("body" => $body, "opt" => $opt);
$sql = "INSERT INTO " . db_prefix("motd") . " (motdtitle,motdbody,motddate,motdtype,motdauthor) VALUES (\"{$subject}\",\"" . addslashes(serialize($body)) . "\",'" . date("Y-m-d H:i:s") . "',1,'{$session['user']['acctid']}')";
db_query($sql);
invalidatedatacache("motd");
invalidatedatacache("lastmotd");
invalidatedatacache("motddate");
header("Location: motd.php");
exit;
}
}
$res = db_query($sql);
$sql = "DELETE FROM accounts WHERE acctid='$_GET[userid]'";
db_query($sql);
output( db_affected_rows()." user deleted.");
while ($row = db_fetch_assoc($res)) {
addnews("`#{$row['name']} was unmade by the gods.");
}
}elseif($_GET[op]=="setupban"){
$sql = "SELECT name,lastip,uniqueid FROM accounts WHERE acctid=\"$_GET[userid]\"";
$result = db_query($sql) or die(db_error(LINK));
$row = db_fetch_assoc($result);
if ($row[name]!="") output("Setting up ban information based on `\$$row[name]`0");
output("<form action='user.php?op=saveban' method='POST'>",true);
output("Set up a new ban by IP or by ID (recommended IP, though if you have several different users behind a NAT, you can try ID which is easily defeated)`n");
output("<input type='radio' value='ip' name='type' checked> IP: <input name='ip' value=\"".HTMLEntities($row[lastip])."\">`n",true);
output("<input type='radio' value='id' name='type'> ID: <input name='id' value=\"".HTMLEntities($row[uniqueid])."\">`n",true);
output("Duration: <input name='duration' id='duration' size='3' value='14'> days (0 for permanent)`n",true);
output("Reason for the ban: <input name='reason' value=\"Don't mess with me.\">`n",true);
output("<input type='submit' class='button' value='Post Ban' onClick='if (document.getElementById(\"duration\").value==0) {return confirm(\"Are you sure you wish to issue a permanent ban?\");} else {return true;}'></form>",true);
output("For an IP ban, enter the beginning part of the IP you wish to ban if you wish to ban a range, or simply a full IP to ban a single IP");
addnav("","user.php?op=saveban");
}elseif($_GET[op]=="saveban"){
$sql = "INSERT INTO bans (";
if ($_POST[type]=="ip"){
$sql.="ipfilter";
}else{
$sql.="uniqueid";
}
$sql.=",banexpire,banreason) VALUES (";
if ($_POST[type]=="ip"){
$sql.="\"$_POST[ip]\"";
}
output_notl("</select>`n", true);
}
}
rawoutput("<script language='JavaScript'>\r\n\tvar superusers = new Array();");
while (list($key, $val) = each($superusers)) {
rawoutput("\tsuperusers['" . addslashes($val) . "'] = true;");
}
rawoutput("</script>");
output("`2Subject:");
rawoutput("<input name='subject' value=\"" . HTMLEntities($subject) . HTMLEntities(stripslashes(httpget('subject'))) . "\"><br>");
rawoutput("<div id='warning' style='visibility: hidden; display: none;'>");
output("`2Notice: `^{$superusermessage}`n");
rawoutput("</div>");
output("`2Body:`n");
rawoutput("<textarea name='body' id='textarea' class='input' cols='60' rows='9' onKeyUp='sizeCount(this);'>" . HTMLEntities($body) . HTMLEntities(stripslashes(httpget('body'))) . "</textarea><br>");
$send = translate_inline("Send");
rawoutput("<table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td><input type='submit' class='button' value='{$send}'></td><td align='right'><div id='sizemsg'></div></td></tr></table>");
output_notl("</form>", true);
$sizemsg = "`3Max message size is `@%s`3, you have `^XX`3 characters left.";
$sizemsg = translate_inline($sizemsg);
$sizemsg = sprintf($sizemsg, getsetting("mailsizelimit", 1024));
$sizemsgover = "`\$Max message size is `@%s`\$, you are over by `^XX`\$ characters!";
$sizemsgover = translate_inline($sizemsgover);
$sizemsgover = sprintf($sizemsgover, getsetting("mailsizelimit", 1024));
$sizemsg = explode("XX", $sizemsg);
$sizemsgover = explode("XX", $sizemsgover);
$usize1 = addslashes("<span>" . appoencode($sizemsg[0]) . "</span>");
$usize2 = addslashes("<span>" . appoencode($sizemsg[1]) . "</span>");
$osize1 = addslashes("<span>" . appoencode($sizemsgover[0]) . "</span>");
$osize2 = addslashes("<span>" . appoencode($sizemsgover[1]) . "</span>");
`n`n
How does the site know that I referred a person?`n
Easy! When you tell your friends about this site, give out the following link:`n`n
".getsetting("serverurl","http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['REQUEST_URI']))."referral.php?r=". rawurlencode($session['user']['login'])."`n`n
and the site will know that you were the one who sent them here. When they reach level 4 for the first time, you'll get your points!");
$sql = "SELECT name,level,refererawarded FROM accounts WHERE referer={$session['user']['acctid']} ORDER BY dragonkills,level";
// output($sql);
$result = db_query($sql);
output("`n`nAccounts which you referred:`n<table border='0' cellpadding='3' cellspacing='0'><tr><td>Name</td><td>Level</td><td>Awarded?</td></tr>",true);
for ($i=0;$i<db_num_rows($result);$i++){
$row = db_fetch_assoc($result);
output("<tr class='".($i%2?"trlight":"trdark")."'><td>",true);
output($row['name']);
output("</td><td>{$row['level']}</td><td>".($row['refererawarded']?"`@Yes!`0":"`\$No!`0")."</td></tr>",true);
}
if (db_num_rows($result)==0){
output("<tr><td colspan='3' align='center'>`iNone!</td><?tr>",true);
}
output("</table>",true);
page_footer();
}else{
page_header("Welcome to The Dragon Saga");
output("`@The Dragon Saga is a remake of the classic BBS Door Game Legend of the Red Dragon.
Adventure in to the classic realm that was one of the world's very first multiplayer roleplaying games!
");
addnav("Create a character","create.php?r=".HTMLEntities($_GET['r']));
addnav("Login Page","index.php");
page_footer();
}?>
function letteropener_run()
{
global $session;
page_header("Letter opener");
require_once "common.php";
require_once "lib/systemmail.php";
require_once "lib/sanitize.php";
require_once "lib/http.php";
$maildb = "mail";
if (get_module_setting("outbox")) {
$maildb = "mailoutbox";
}
$op = httpget('op');
$order = "acctid";
if ($sort != "") {
$order = "{$sort}";
}
$display = 0;
$query = httppost('q');
if ($query === false) {
$query = httpget('q');
}
addnav("Back to the grotto", "superuser.php");
addnav(array("Show last %s YOMs", get_module_setting("num")), "runmodule.php?module=letteropener&op=lastfew");
if ($op == "read") {
$id = httpget('id');
$sql = "SELECT msgfrom,msgto from " . db_prefix($maildb) . " where messageid=\"" . $id . "\"";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$acctid = $row['msgto'];
$sqlz = "SELECT login from " . db_prefix("accounts") . " where acctid=\"" . $acctid . "\"";
$result = db_query($sqlz);
$rowz = db_fetch_assoc($result);
$login = $rowz['login'];
addnav("Read Someone else's mail", "runmodule.php?module=letteropener");
//addnav("~");
addnav(array("All YOMs to %s", $login), "runmodule.php?module=letteropener&op=to&to={$login}");
addnav(array("All YOMs from %s", $login), "runmodule.php?module=letteropener&op=from&from={$login}");
$sql = "SELECT " . db_prefix($maildb) . ".*," . db_prefix("accounts") . ".name,login FROM " . db_prefix($maildb) . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid=" . db_prefix($maildb) . ".msgfrom WHERE msgto=\"" . $acctid . "\" AND messageid=\"" . $id . "\"";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
$row = db_fetch_assoc($result);
tlschema("mail");
if ((int) $row['msgfrom'] == 0) {
$row['name'] = translate_inline("`i`^System`0`i");
if (is_array(unserialize($row['subject']))) {
$row['subject'] = unserialize($row['subject']);
$row['subject'] = call_user_func_array("sprintf_translate", $row['subject']);
}
if (is_array(unserialize($row['body']))) {
$row['body'] = unserialize($row['body']);
$row['body'] = call_user_func_array("sprintf_translate", $row['body']);
}
}
tlschema();
if (!$row['seen']) {
output("`b`#NEW`b`n");
} else {
output("`n");
}
if ((int) $row['msgfrom'] != 0) {
addnav("Or");
//$othername=$row['msgfrom'];
//$sql="select login from ".db_prefix("accounts")." where acctid=$othername";
//$result = db_query($sql);
$othername = $row['login'];
addnav(array("All YOMs to %s", $othername), "runmodule.php?module=letteropener&op=to&to={$othername}");
addnav(array("All YOMs from %s", $othername), "runmodule.php?module=letteropener&op=from&from={$othername}");
}
output("`b`2From:`b `^%s`n", $row['name']);
output("`b`2Subject:`b `^%s`n", $row['subject']);
output("`b`2Sent:`b `^%s`n", $row['sent']);
output_notl("<hr>`n", true);
output_notl(str_replace("\n", "`n", $row['body']));
output_notl("`n<hr>`n", true);
rawoutput("<table width='50%' border='0' cellpadding='0' cellspacing='5'><tr>");
rawoutput("<td align='right'> </td>");
rawoutput("</tr><tr>");
$sql = "SELECT messageid FROM " . db_prefix($maildb) . " WHERE msgto='{$acctid}' AND messageid < '{$id}' ORDER BY messageid DESC LIMIT 1";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
$row = db_fetch_assoc($result);
$pid = $row['messageid'];
} else {
$pid = 0;
}
$sql = "SELECT messageid FROM " . db_prefix($maildb) . " WHERE msgto='{$acctid}' AND messageid > '{$id}' ORDER BY messageid LIMIT 1";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
$row = db_fetch_assoc($result);
$nid = $row['messageid'];
} else {
$nid = 0;
}
$prev = translate_inline("< Previous");
$next = translate_inline("Next >");
rawoutput("<td nowrap='true'>");
if ($pid > 0) {
rawoutput("<a href='runmodule.php?module=letteropener&op=read&id={$pid}' class='motd'>" . htmlentities($prev) . "</a>");
addnav("", "runmodule.php?module=letteropener&op=read&id={$pid}");
} else {
rawoutput(htmlentities($prev));
}
rawoutput("</td><td nowrap='true'>");
if ($nid > 0) {
rawoutput("<a href='runmodule.php?module=letteropener&op=read&id={$nid}' class='motd'>" . htmlentities($next) . "</a>");
addnav("", "runmodule.php?module=letteropener&op=read&id={$nid}");
} else {
rawoutput(htmlentities($next));
}
rawoutput("</td>");
rawoutput("</tr></table>");
}
} elseif ($op == "lastfew") {
output("Here are the last %s non-system YOMs", get_module_setting("num"));
$sql = "select * from " . db_prefix($maildb) . " where msgfrom>0 ORDER BY messageid DESC limit " . get_module_setting("num") . "";
$res = db_query($sql);
$to = translate_inline("To");
$from = translate_inline("From");
require_once "lib/sanitize.php";
for ($i = 0; $i < db_num_rows($res); $i++) {
$row = db_fetch_assoc($res);
$sql2 = "select name from " . db_prefix("accounts") . " where acctid=" . $row['msgto'] . "";
$res2 = db_query($sql2);
$row2 = db_fetch_assoc($res2);
$toname = color_sanitize($row2['name']);
$sql3 = "select name from " . db_prefix("accounts") . " where acctid=" . $row['msgfrom'] . "";
$res3 = db_query($sql3);
$row3 = db_fetch_assoc($res3);
$fromname = color_sanitize($row3['name']);
rawoutput("<table border=1 width=100%><tr><td>{$from} :{$fromname} - " . date("M d, h:i a", strtotime($row['sent'])) . " - {$to} : {$toname}</td></tr><tr><td>" . $row['body'] . "</td></tr></table><br>");
}
} elseif ($op == "") {
output("Whose mail would you like to read?`n");
rawoutput("<form action='runmodule.php?module=letteropener' method='POST'>");
rawoutput("<input name='q' id='q'>");
$se = translate_inline("Search");
rawoutput("<input type='submit' class='button' value='{$se}'>");
rawoutput("</form>");
rawoutput("<script language='JavaScript'>document.getElementById('q').focus();</script>");
addnav("", "runmodule.php?module=letteropener");
$searchresult = false;
$where = "";
$op = "";
$sql = "SELECT acctid,login,name FROM " . db_prefix("accounts");
if ($query != "") {
$where = "WHERE login='******' OR name='{$query}'";
$searchresult = db_query($sql . " {$where} ORDER BY '{$order}' LIMIT 2");
}
if ($query !== false || $searchresult) {
if (db_num_rows($searchresult) != 1) {
$where = "WHERE login LIKE '%{$query}%' OR acctid LIKE '%{$query}%' OR name LIKE '%{$query}%' OR emailaddress LIKE '%{$query}%' OR lastip LIKE '%{$query}%' OR uniqueid LIKE '%{$query}%' OR gentimecount LIKE '%{$query}%' OR level LIKE '%{$query}%'";
$searchresult = db_query($sql . " {$where} ORDER BY '{$order}' LIMIT 101");
}
if (db_num_rows($searchresult) <= 0) {
output("`\$No results found`0");
$where = "";
} elseif (db_num_rows($searchresult) > 100) {
output("`\$Too many results found, narrow your search please.`0");
$op = "";
$where = "";
} else {
$op = "";
$display = 1;
}
}
if ($display == 1) {
$q = "";
if ($query) {
$q = "&q={$query}";
}
$acid = translate_inline("AcctID");
$login = translate_inline("Login");
$nm = translate_inline("Name");
$rn = 0;
$oorder = "";
while ($row = db_fetch_assoc($searchresult)) {
$laston = relativedate($row['laston']);
$loggedin = date("U") - strtotime($row['laston']) < getsetting("LOGINTIMEOUT", 900) && $row['loggedin'];
if ($loggedin) {
$laston = translate_inline("`#Online`0");
}
$row['laston'] = $laston;
if ($row[$order] != $oorder) {
$rn++;
}
$oorder = $row[$order];
rawoutput("<table align=center border=1 width=350>");
rawoutput("<tr class='trhead'><td>{$acid}: ");
output_notl("`&%s`0", $row['acctid'], true);
rawoutput("</td><td>{$login}: ");
output_notl("`&%s`0", $row['login'], true);
rawoutput("</td>");
rawoutput("<td rowspan=2 align=left nowrap>");
addnav("", "runmodule.php?module=letteropener&op=to&to={$row['login']}");
addnav("", "runmodule.php?module=letteropener&op=from&from={$row['login']}");
$to = translate_inline("All messages `#to`& this person");
$from = translate_inline("All messages `#from`& this person");
output_notl("<a href='runmodule.php?module=letteropener&op=to&to={$row['login']}'>`&•%s`7</a>", $to, true);
rawoutput("<br>");
output_notl("<a href='runmodule.php?module=letteropener&op=from&from={$row['login']}'>`&•%s`7</a>", $from, true);
rawoutput("</td></tr><tr><td colspan=2>");
output_notl("`&%s`7", $row['name'], true);
rawoutput("</td></tr></table><Br>");
}
}
} elseif ($op == "to") {
$subject = "";
$body = "";
$row = "";
addnav("Read someone else's mail", "runmodule.php?module=letteropener");
$to = httpget('to');
$from = httpget('from');
if ($to != "") {
$sql = "SELECT acctid,login,name superuser FROM " . db_prefix("accounts") . " WHERE login=\"{$to}\"";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='******'login'] . "'";
$result = db_query($sql);
$row2 = db_fetch_assoc($result);
$acctid = $row2['acctid'];
rawoutput("<table>");
$session['message'] = "";
$sql = "SELECT subject,messageid," . db_prefix("accounts") . ".name,msgfrom,seen,sent FROM " . db_prefix($maildb) . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid=" . db_prefix($maildb) . ".msgfrom WHERE msgto=\"" . $acctid . "\" ORDER BY sent DESC";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
while ($row = db_fetch_assoc($result)) {
tlschema("mail");
if ((int) $row['msgfrom'] == 0) {
$row['name'] = translate_inline("`i`^System`0`i");
if (is_array(unserialize($row['subject']))) {
$row['subject'] = unserialize($row['subject']);
$row['subject'] = call_user_func_array("sprintf_translate", $row['subject']);
}
}
tlschema();
$id = $row['messageid'];
output_notl("<tr>", true);
output_notl("<td nowrap><img src='images/" . ($row['seen'] ? "old" : "new") . "scroll.GIF' width='16' height='16' alt='" . ($row['seen'] ? "Old" : "New") . "'></td>", true);
output_notl("<td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$to}'>", true);
addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$to}");
if (trim($row['subject']) == "") {
output("`i(No Subject)`i");
} else {
output_notl($row['subject']);
}
output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$to}'>", true);
addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$to}");
output("- from %s", $row['name']);
output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$to}'>" . date("M d, h:i a", strtotime($row['sent'])) . "</a></td>", true);
addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$to}");
output_notl("</tr>", true);
}
//}
} else {
output("`iThey have no mail.`i");
}
} elseif (db_num_rows($result) == 0) {
output("`@No one was found who matches \"%s\". ", stripslashes($to));
$try = translate_inline("Please try again");
output_notl("<a href='runmodule.php?module=letteropener'>{$try}</a>.", true);
popup_footer();
exit;
} else {
output_notl("<select name='to' id='to' onChange='check_su_warning();'>", true);
$superusers = array();
for ($i = 0; $i < db_num_rows($result); $i++) {
$row = db_fetch_assoc($result);
output_notl("<option value=\"" . HTMLEntities($row['login']) . "\">", true);
output_notl("%s", full_sanitize($row['name']));
if ($row['superuser'] & SU_GIVES_YOM_WARNING && !($row['superuser'] & SU_OVERRIDE_YOM_WARNING)) {
array_push($superusers, $row['login']);
}
}
output_notl("</select>`n", true);
}
output_notl("</table>", true);
} elseif ($op == "from") {
$subject = "";
$body = "";
$row = "";
addnav("Read someone else's mail", "runmodule.php?module=letteropener");
$from = httpget('from');
if ($from != "") {
$sql = "SELECT acctid,login,name superuser FROM " . db_prefix("accounts") . " WHERE login=\"{$from}\"";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$sql = "SELECT acctid FROM " . db_prefix("accounts") . " WHERE login='******'login'] . "'";
$result = db_query($sql);
$row2 = db_fetch_assoc($result);
$acctid = $row2['acctid'];
output_notl("<table>", true);
$session['message'] = "";
$sql = "SELECT subject,messageid," . db_prefix("accounts") . ".name,msgto,seen,sent FROM " . db_prefix($maildb) . " LEFT JOIN " . db_prefix("accounts") . " ON " . db_prefix("accounts") . ".acctid=" . db_prefix($maildb) . ".msgto WHERE msgfrom=\"" . $acctid . "\" ORDER BY sent DESC";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
for ($i = 0; $i < db_num_rows($result); $i++) {
$row = db_fetch_assoc($result);
$sql2 = "Select name from " . db_prefix("accounts") . " where acctid=" . $row['msgto'] . "";
$result2 = db_query($sql2);
$row2 = db_fetch_assoc($result2);
$toname = $row2['name'];
$id = $row['messageid'];
output_notl("<tr>", true);
output_notl("<td nowrap><img src='images/" . ($row['seen'] ? "old" : "new") . "scroll.GIF' width='16' height='16' alt='" . ($row['seen'] ? "Old" : "New") . "'></td>", true);
output_notl("<td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$from}'>", true);
if (trim($row['subject']) == "") {
output("`i(No Subject)`i");
} else {
output_notl($row['subject']);
}
output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$from}'>", true);
addnav("", "runmodule.php?module=letteropener&op=read&id={$id}&login={$from}");
output("- to %s", $toname);
output_notl("</a></td><td><a href='runmodule.php?module=letteropener&op=read&id={$id}&login={$from}'>" . date("M d, h:i a", strtotime($row['sent'])) . "</a></td>", true);
output_notl("</tr>", true);
}
//}
} else {
output("`iThey have not sent any mail.`i");
}
} elseif (db_num_rows($result) == 0) {
output("`@No one was found who matches \"%s\". ", stripslashes($from));
$try = translate_inline("Please try again");
output_notl("<a href='runmodule.php?module=letteropener'>{$try}</a>.", true);
popup_footer();
exit;
} else {
output_notl("<select name='to' id='to' onChange='check_su_warning();'>", true);
$superusers = array();
for ($i = 0; $i < db_num_rows($result); $i++) {
$row = db_fetch_assoc($result);
output_notl("<option value=\"" . HTMLEntities($row['login']) . "\">", true);
output_notl("%s", full_sanitize($row['name']));
if ($row['superuser'] & SU_GIVES_YOM_WARNING && !($row['superuser'] & SU_OVERRIDE_YOM_WARNING)) {
array_push($superusers, $row['login']);
}
}
output_notl("</select>`n", true);
}
output_notl("</table>", true);
}
page_footer();
}
/**
* Private functions (Undocumented)
*
* @param string $text
* @param string $link
* @param bool $priv
* @param bool $pop
* @param bool $popsize
* @return mixed
*/
function private_addnav($text, $link = false, $priv = false, $pop = false, $popsize = "500x300")
{
//don't call this directly please. I'll break your thumbs if you do.
global $nav, $session, $accesskeys, $REQUEST_URI, $quickkeys, $navschema, $notranslate;
if (is_blocked($link)) {
return false;
}
$thisnav = "";
$unschema = 0;
$translate = true;
if (isset($notranslate)) {
if (in_array(array($text, $link), $notranslate)) {
$translate = false;
}
}
if (is_array($text)) {
if ($text[0] && $session['loggedin']) {
if ($link === false) {
$schema = "!array!" . serialize($text);
} else {
$schema = $text[0];
}
if ($translate) {
tlschema($navschema[$schema]);
$unschema = 1;
}
}
if ($link != "!!!addraw!!!") {
if ($translate) {
$text[0] = translate($text[0]);
}
$text = call_user_func_array("sprintf", $text);
} else {
$text = call_user_func_array("sprintf", $text);
}
} else {
if ($text && $session['loggedin'] && $translate) {
tlschema($navschema[$text]);
$unschema = 1;
}
if ($link != "!!!addraw!!!" && $text > "" && $translate) {
$text = translate($text);
}
//leave the hack in here for now, use addnav_notl please
}
$extra = "";
$ignoreuntil = "";
if ($link === false) {
//$text = holidayize($text,'nav');
$thisnav .= tlbutton_pop() . templatereplace("navhead", array("title" => appoencode($text, $priv)));
} elseif ($link === "") {
//$text = holidayize($text,'nav');
$thisnav .= tlbutton_pop() . templatereplace("navhelp", array("text" => appoencode($text, $priv)));
} elseif ($link == "!!!addraw!!!") {
$thisnav .= $text;
} else {
if ($text != "") {
$extra = "";
if (strpos($link, "?")) {
$extra = "&c={$session['counter']}";
} else {
$extra = "?c={$session['counter']}";
}
$extra .= "-" . date("His");
//hotkey for the link.
$key = "";
if ($text[1] == "?") {
// check to see if a key was specified up front.
$hchar = strtolower($text[0]);
if ($hchar == ' ' || array_key_exists($hchar, $accesskeys) && $accesskeys[$hchar] == 1) {
$text = substr($text, 2);
//$text = holidayize($text,'nav');
if ($hchar == ' ') {
$key = " ";
}
} else {
$key = $text[0];
$text = substr($text, 2);
//$text = holidayize($text,'nav');
$found = false;
$text_len = strlen($text);
for ($i = 0; $i < $text_len; ++$i) {
$char = $text[$i];
if ($ignoreuntil == $char) {
$ignoreuntil = "";
} else {
if ($ignoreuntil != "") {
if ($char == "<") {
$ignoreuntil = ">";
}
if ($char == "&") {
$ignoreuntil = ";";
}
if ($char == "`") {
$ignoreuntil = $text[$i + 1];
}
} else {
if ($char == $key) {
$found = true;
break;
}
}
}
}
if ($found == false) {
//the hotkey for this link wasn't actually in the
//text, prepend it in parens.
if (strpos($text, "__") !== false) {
$text = str_replace("__", "(" . $key . ") ", $text);
} else {
$text = "(" . strtoupper($key) . ") " . $text;
}
$i = strpos($text, $key);
}
}
} else {
//$text = holidayize($text,'nav');
}
if ($key == "") {
//we have no previously defined key. Look for a new one.
$tlength = strlen($text);
for ($i = 0; $i < $tlength; $i++) {
$char = substr($text, $i, 1);
if ($ignoreuntil == $char) {
$ignoreuntil = "";
} else {
if (isset($accesskeys[strtolower($char)]) && $accesskeys[strtolower($char)] == 1 || strpos("abcdefghijklmnopqrstuvwxyz0123456789", strtolower($char)) === false || $ignoreuntil != "") {
if ($char == "<") {
$ignoreuntil = ">";
}
if ($char == "&") {
$ignoreuntil = ";";
}
if ($char == "`") {
$ignoreuntil = substr($text, $i + 1, 1);
}
} else {
break;
}
}
}
}
if (!isset($i)) {
$i = 0;
}
if ($i < strlen($text) && $key != ' ') {
$key = substr($text, $i, 1);
$accesskeys[strtolower($key)] = 1;
$keyrep = " accesskey=\"{$key}\" ";
} else {
$key = "";
$keyrep = "";
}
if ($key == "" || $key == " ") {
} else {
$pattern1 = "/^" . preg_quote($key, "/") . "/";
$pattern2 = "/([^`])" . preg_quote($key, "/") . "/";
$rep1 = "`H{$key}`H";
$rep2 = "\$1`H{$key}`H";
$text = preg_replace($pattern1, $rep1, $text, 1);
if (strpos($text, "`H") === false) {
$text = preg_replace($pattern2, $rep2, $text, 1);
}
if ($pop) {
if ($popsize == "") {
$quickkeys[$key] = "window.open('{$link}')";
} else {
$quickkeys[$key] = popup($link, $popsize);
}
} else {
$quickkeys[$key] = "window.location='{$link}{$extra}'";
}
}
$n = templatereplace("navitem", array("text" => appoencode($text, $priv), "link" => HTMLEntities($link . ($pop != true ? $extra : ""), ENT_COMPAT, getsetting("charset", "ISO-8859-1")), "accesskey" => $keyrep, "popup" => $pop == true ? "target='_blank'" . ($popsize > "" ? " onClick=\"" . popup($link, $popsize) . "; return false;\"" : "") : ""));
$n = str_replace("<a ", tlbutton_pop() . "<a ", $n);
$thisnav .= $n;
}
$session['allowednavs'][$link . $extra] = true;
$session['allowednavs'][str_replace(" ", "%20", $link) . $extra] = true;
$session['allowednavs'][str_replace(" ", "+", $link) . $extra] = true;
if (($pos = strpos($link, "#")) !== false) {
$sublink = substr($link, 0, $pos);
$session['allowednavs'][$sublink . $extra] = true;
}
}
if ($unschema) {
tlschema();
}
$nav .= $thisnav;
return $thisnav;
}
$result = db_query($sql);
if (db_num_rows($result) <= 0) {
output("Sorry, couldn't find anyone who matched that search.`n`n");
} elseif (db_num_rows($result) > 100) {
output("Well, that could be anyone! Wanna try that again?`n`n");
output("Who would you like to attack?`n`n");
$search = translate_inline("Search");
rawoutput("<form action='runmodule.php?module=scrapbots&op=findopponent2' method='POST'>");
addnav("", "runmodule.php?module=scrapbots&op=findopponent2");
rawoutput("<input name='name' id='name'>");
rawoutput("<input type='submit' class='button' value='{$search}'>");
rawoutput("</form>");
rawoutput("<script language='JavaScript'>document.getElementById('name').focus()</script>");
} else {
output("These people matched your search:`n");
output("TODO: Check if opponent has scrapbots, can be attacked etc`n`n");
$name = translate_inline("Name");
$lev = translate_inline("Level");
rawoutput("<table cellpadding='3' cellspacing='0' border='0'>");
rawoutput("<tr class='trhead'><td>{$name}</td><td>{$lev}</td></tr>");
for ($i = 0; $i < db_num_rows($result); $i++) {
$row = db_fetch_assoc($result);
rawoutput("<tr class='" . ($i % 2 ? "trlight" : "trdark") . "'><td><a href='runmodule.php?module=scrapbots&op=findopponent3&name=" . HTMLEntities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "'>");
output_notl("%s", $row['name']);
rawoutput("</a></td><td>");
output_notl("%s", $row['level']);
rawoutput("</td></tr>", true);
addnav("", "runmodule.php?module=scrapbots&op=findopponent3&name=" . HTMLEntities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")));
}
rawoutput("</table><br />", true);
}
output("Transfer how much: ");
rawoutput("<input name='amount' id='amount' width='5' value='{$amt}'><br>");
output("To: ");
rawoutput("<input name='to' value='{$to}'>");
output(" (partial names are ok, you will be asked to confirm the transaction before it occurs).`n");
rawoutput("<input type='submit' class='button' value='{$msg}'></form>");
rawoutput("<script language='javascript'>document.getElementById('amount').focus();</script>", true);
addnav("", "bank.php?op=transfer2");
} elseif (db_num_rows($result) > 1) {
rawoutput("<form action='bank.php?op=transfer3' method='POST'>");
output("`6Transfer `^%s`6 to ", $amt);
rawoutput("<select name='to' class='input'>");
$number = db_num_rows($result);
for ($i = 0; $i < $number; $i++) {
$row = db_fetch_assoc($result);
rawoutput("<option value=\"" . HTMLEntities($row['login'], ENT_COMPAT, getsetting("charset", "ISO-8859-1")) . "\">" . full_sanitize($row['name']) . "</option>");
}
$msg = translate_inline("Complete Transfer");
rawoutput("</select><input type='hidden' name='amount' value='{$amt}'><input type='submit' class='button' value='{$msg}'></form>", true);
addnav("", "bank.php?op=transfer3");
} else {
output("`@Elessa`6 blinks at you from behind her spectacles, \"`@I'm sorry, but I can find no one matching that name who does business with our bank! Please try again.`6\"");
}
} elseif ($op == "transfer3") {
$amt = abs((int) httppost('amount'));
$to = httppost('to');
output("`6`bTransfer Completion`b`n");
if ($session['user']['gold'] + $session['user']['goldinbank'] < $amt) {
output("`@Elessa`6 stands up to her full, but still diminutive height and glares at you, \"`@How can you transfer `^%s`@ gold when you only possess `^%s`@?`6\"", $amt, $session['user']['gold'] + $session['user']['goldinbank']);
} else {
$sql = "SELECT name,acctid,level,transferredtoday FROM " . db_prefix("accounts") . " WHERE login='******'";
function darkhorse_bartender($from)
{
global $session;
$what = httpget('what');
if ($what == "") {
output("The grizzled old man behind the bar reminds you very much of a strip of beef jerky.`n`n");
$dname = translate_inline($session['user']['sex'] ? "lasshie" : "shon");
output("\"`7Shay, what can I do for you %s?`0\" inquires the toothless fellow.", $dname);
output("\"`7Don't shee the likesh of your short too offen 'round theshe partsh.`0\"");
addnav("Learn about my enemies", $from . "op=bartender&what=enemies");
addnav("Learn about colors", $from . "op=bartender&what=colors");
} elseif ($what == "colors") {
output("The old man leans on the bar.");
output("\"`%Sho you want to know about colorsh, do you?`0\" he asks.`n`n");
output("You are about to answer when you realize the question was rhetorical.`n`n");
output("He continues, \"`%To do colorsh, here'sh what you need to do. Firsht, you ushe a ` mark (found right above the tab key) followed by 1, 2, 3, 4, 5, 6, 7, !, @, #, \$, %, ^, &, ), q or Q. Each of thoshe correshpondsh with a color to look like this: `n`1`1 `2`2 `3`3 `4`4 `5`5 `6`6 `7`7 `n`!`! `@`@ `#`# `\$`\$ `%`% `^`^ `&`& `n `)`) `q`q `Q`Q `n`% got it?`0\"`n You can practice below:", true);
rawoutput("<form action=\"" . $from . "op=bartender&what=colors\" method='POST'>");
$testtext = httppost('testtext');
$try = translate_inline("Try");
rawoutput("<input name='testtext' id='testtext'><input type='submit' class='button' value='{$try}'></form>");
addnav("", $from . "op=bartender&what=colors");
rawoutput("<script language='JavaScript'>document.getElementById('testtext').focus();</script>");
if ($testtext) {
output("`0You entered %s`n", prevent_colors(HTMLEntities($testtext, ENT_COMPAT, getsetting("charset", "ISO-8859-1"))), true);
output("It looks like %s`n", $testtext);
}
output("`0`n`nThese colors can be used in your name, and in any conversations you have.");
} else {
if ($what == "enemies") {
$who = httpget('who');
if ($who == "") {
output("\"`7Sho, you want to learn about your enemiesh, do you? Who do you want to know about? Well? Shpeak up! It only costs `^100`7 gold per person for information.`0\"");
$subop = httpget('subop');
if ($subop != "search") {
$search = translate_inline("Search");
rawoutput("<form action='" . $from . "op=bartender&what=enemies&subop=search' method='POST'><input name='name' id='name'><input type='submit' class='button' value='{$search}'></form>");
addnav("", $from . "op=bartender&what=enemies&subop=search");
rawoutput("<script language='JavaScript'>document.getElementById('name').focus();</script>");
} else {
addnav("Search Again", $from . "op=bartender&what=enemies");
$search = "%";
$name = httppost('name');
for ($i = 0; $i < strlen($name); $i++) {
$search .= substr($name, $i, 1) . "%";
}
$sql = "SELECT name,alive,location,sex,level,laston,loggedin,login FROM " . db_prefix("accounts") . " WHERE (locked=0 AND name LIKE '{$search}') ORDER BY level DESC";
$result = db_query($sql);
$max = db_num_rows($result);
if ($max > 100) {
output("`n`n\"`7Hey, whatsh you think yoush doin'. That'sh too many namesh to shay. I'll jusht tell you 'bout shome of them.`0`n");
$max = 100;
}
$n = translate_inline("Name");
$lev = translate_inline("Level");
rawoutput("<table border=0 cellpadding=0><tr><td>{$n}</td><td>{$lev}</td></tr>");
for ($i = 0; $i < $max; $i++) {
$row = db_fetch_assoc($result);
rawoutput("<tr><td><a href='" . $from . "op=bartender&what=enemies&who=" . rawurlencode($row['login']) . "'>");
output_notl("%s", $row['name']);
rawoutput("</a></td><td>{$row['level']}</td></tr>");
addnav("", $from . "op=bartender&what=enemies&who=" . rawurlencode($row['login']));
}
rawoutput("</table>");
}
} else {
if ($session['user']['gold'] >= 100) {
$sql = "SELECT name,acctid,alive,location,maxhitpoints,gold,sex,level,weapon,armor,attack,race,defense,charm FROM " . db_prefix("accounts") . " WHERE login='******'";
$result = db_query($sql);
if (db_num_rows($result) > 0) {
$row = db_fetch_assoc($result);
$row = modulehook("adjuststats", $row);
$name = str_replace("s", "sh", $row['name']);
$name = str_replace("S", "Sh", $name);
output("\"`7Well... letsh shee what I know about %s`7,`0\" he says...`n`n", $name);
output("`4`bName:`b`6 %s`n", $row['name']);
output("`4`bRace:`b`6 %s`n", translate_inline($row['race'], "race"));
output("`4`bLevel:`b`6 %s`n", $row['level']);
output("`4`bHitpoints:`b`6 %s`n", $row['maxhitpoints']);
output("`4`bGold:`b`6 %s`n", $row['gold']);
output("`4`bWeapon:`b`6 %s`n", $row['weapon']);
output("`4`bArmor:`b`6 %s`n", $row['armor']);
output("`4`bAttack:`b`6 %s`n", $row['attack']);
output("`4`bDefense:`b`6 %s`n", $row['defense']);
output("`n`^%s7 ish alsho ", $row['name']);
$amt = $session['user']['charm'];
if ($amt == $row['charm']) {
output("ash ugly ash you are.`n");
} else {
if ($amt - 10 > $row['charm']) {
output("`bmuch`b uglier shan you!`n");
} else {
if ($amt > $row['charm']) {
output("uglier shan you.`n");
} else {
if ($amt + 10 < $row['charm']) {
output("`bmuch`b more beautiful shan you!`n");
} else {
output("more beautiful shan you.`n");
}
}
}
}
$session['user']['gold'] -= 100;
debuglog("spent 100 gold to learn about an enemy");
} else {
output("\"`7Eh..? I don't know anyone named that.`0\"");
}
} else {
output("\"`7Well... letsh shee what I know about cheapshkates like you,`0\" he says...`n`n");
output("`4`bName:`b`6 Get some money`n");
output("`4`bLevel:`b`6 You're too broke`n");
output("`4`bHitpoints:`b`6 Probably more than you`n");
output("`4`bGold:`b`6 Definately richer than you`n");
output("`4`bWeapon:`b`6 Something good enough to lay the smackdown on you`n");
output("`4`bArmor:`b`6 Probably something more fashionable than you`n");
output("`4`bAttack:`b`6 Eleventy billion`n");
output("`4`bDefense:`b`6 Super Duper`n");
}
}
}
}
addnav("Return to the Main Room", $from . "op=tavern");
}
output("<tr class='" . ($i % 2 ? "trlight" : "trdark") . "'><td>{$row['name']}</td><td>{$row['level']}</td><td>[ <a href='{$biolink}'>Bio</a> | <a href='pvp.php?act=attack&bg=1&name=" . rawurlencode($row[login]) . "'>Attack</a> ]</td></tr>", true);
addnav("", "pvp.php?act=attack&bg=1&name=" . rawurlencode($row[login]));
}
}
output("</table>", true);
} else {
if ($_GET['act'] == "colors") {
output("Cedrik leans on the bar. \"`%So you want to know about colors, do you?`0\" he asks.");
output(" You are about to answer when you realize the question was posed in the rhetoric. ");
output("Cedrik continues, \"`%To do colors, here's what you need to do. First, you use a ` mark ", true);
output("(found right above the tab key) followed by 1, 2, 3, 4, 5, 6, 7, !, @, #, \$, %, ^, &. Each of those corresponds with ");
output("a color to look like this: `n`1`1 `2`2 `3`3 `4`4 `5`5 `6`6 `7`7 ", true);
output("`n`!`! `@`@ `#`# `\$`\$ `%`% `^`^ `&`& `n", true);
output("`% got it?`0\" You can practice below:");
output("<form action=\"{$REQUEST_URI}\" method='POST'>", true);
output("You entered " . str_replace("`", "`", HTMLEntities($_POST[testtext])) . "`n", true);
output("It looks like " . $_POST[testtext] . " `n");
output("<input name='testtext' id='input'><input type='submit' class='button' value='Try'></form>", true);
output("<script type='text/javascript'>document.getElementById('input').focus();</script>", true);
output("`0`n`nThese colors can be used in your name, and in any conversations you have.");
addnav("", $REQUEST_URI);
} else {
if ($_GET['act'] == "specialty") {
if ($_GET[specialty] == "") {
output("\"`2I want to change my specialty,`0\" you announce to Cedrik.`n`n");
output("With out a word, Cedrik grabs you by the shirt, pulls you over the counter, and behind the ");
output("barrels behind him. There, he rotates the tap on a small keg labeled \"Fine Swill XXX\"");
output("`n`nYou look around for the secret door that you know must be opening nearby when Cedrik ");
output("rotates the tap back, and lifts up a freshly filled foamy mug of what is apparently his fine swill, blue-green ");
output("tint and all.");
output("`n`n\"`3What? Were you expecting a secret room?`0\" he asks. \"`3Now then, you must be more ");
output("`4An email was sent to `\$" . $_POST['email'] . "`4 to validate your address. Click the link in the email to activate your account.`0`n`n");
} else {
output("<form action='login.php' method='POST'><input name='name' value='" . $shortname . "' type='hidden'><input name='password' value='" . $_POST['pass1'] . "' type='hidden'>\n\t\t\t\t\t\tYour account was created, your login name is `^{$shortname}`0. `n`n<input type='submit' class='button' value='Click here to log in'></form>`n`n" . ($trash > 0 ? "Characters that have never been logged in to will be deleted after {$trash} day(s) of no activity.`n" : "") . ($new > 0 ? "Characters that have never reached level 2 will be deleted after {$new} days of no activity.`n" : "") . ($old > 0 ? "Characters that have reached level 2 at least once will be deleted after {$old} days of no activity." : "") . "", true);
}
}
}
} else {
/*
output("`\$Error`^: Your password must be at least 4 characters long,
your name must be at least 3 characters long,
".(getsetting("requireemail",0)==1?"you must enter a valid email address, ":"")."
".(getsetting("blockdupeemail",0)==1?"you must not have any other accounts by that email address, ":"")."
and your passwords must match.");
*/
output("`\$Error`^:`n{$msg}");
$_GET['op'] = "";
}
}
}
if ($_GET['op'] == "") {
output("`&`c`bCreate a Character`b`c");
output("`0<form action=\"create.php?op=create" . ($_GET['r'] > "" ? "&r=" . HTMLEntities($_GET['r']) : "") . "\" method='POST'>", true);
output("How will you be known to this world? <input name='name'>`n", true);
output("Enter a password: <input type='password' name='pass1'>`n", true);
output("Re-enter it for confirmation: <input type='password' name='pass2'>`n", true);
output("Enter your email address: <input name='email'> " . (getsetting("requireemail", 0) == 0 ? "(optional -- however, if you choose not to enter one, there will be no way that you can reset your password if you forget it!)" : "(required" . (getsetting("requirevalidemail", 0) == 0 ? "" : ", an email will be sent to this address to verify it before you can log in") . ")") . "`n", true);
output("And are you a <input type='radio' name='sex' value='1'>Female or a <input type='radio' name='sex' value='0' checked>Male?`n", true);
output("<input type='submit' class='button' value='Create your character'>", true);
}
addnav("Login", "index.php");
page_footer();