function OS_GetFirstImage($text) { $c = 0; $_imgs = array(); $dom = new DOMDocument(); @$dom->loadHTML(convEnt($text)); $xpath = new DOMXPath($dom); $entries = $xpath->query('//img'); $default = OS_HOME . "themes/" . OS_THEMES_DIR . "/images/dota_banner.png"; foreach ($entries as $e) { $_imgs[$c] = $e->getAttribute("src"); $c++; break; } if (!empty($_imgs[0])) { return $_imgs[0]; } else { return $default; } }
} else { ?> <div align="center"><?php echo $errors; ?> </div> <?php } } if (isset($_GET["edit"]) and is_numeric($_GET["edit"])) { $sth = $db->prepare("SELECT * FROM " . OSDB_BANS . " WHERE id = '" . $id . "' "); $result = $sth->execute(); $row = $sth->fetch(PDO::FETCH_ASSOC); $name = $row["name"]; $server = $row["server"]; $reason = convEnt($row["reason"]); $ip = $row["ip"]; $ip_part = $row["ip_part"]; $admin = $row["admin"]; $gn = $row["gamename"]; $date = $row["date"]; $expire = $row["expiredate"]; $warn = $row["warn"]; $country = $row["country"]; $button = "Edit Ban"; if (isset($_GET["findip"])) { $sth2 = $db->prepare("SELECT * FROM " . OSDB_GP . " \n\t\tWHERE name = '" . $name . "' AND ip!='' AND ip!='0.0.0.0' ORDER BY id DESC LIMIT 1"); $result = $sth2->execute(); $row2 = $sth2->fetch(PDO::FETCH_ASSOC); $foundIP = $row2["ip"]; }
$MemberData[$c]["country"] = geoip_country_name_by_addr($GeoIPDatabase, $row["user_ip"]); if ($GeoIP == 1 and empty($MemberData[$c]["letter"])) { $MemberData[$c]["letter"] = "blank"; $MemberData[$c]["country"] = "Reserved"; } $c++; } if (isset($GeoIP) and $GeoIP == 1) { geoip_close($GeoIPDatabase); } //GET USER COMMENTS $sth = $db->prepare("SELECT c.user_id, c.post_id, c.text, c.`date`, n.news_title\r\n FROM " . OSDB_COMMENTS . " as c \r\n\t LEFT JOIN " . OSDB_NEWS . " as n ON n.news_id = c.post_id\r\n\t WHERE c.user_id = :userID AND n.status >= 1\r\n\t ORDER BY c.`date` DESC\r\n\t LIMIT 50"); $sth->bindValue(':userID', $userID, PDO::PARAM_INT); $result = $sth->execute(); $c = 0; $MemberComments = array(); while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $ShortText = limit_words(convEnt($row["text"]), 30); $ShortText = str_replace(array("'", '"'), array(" ", " "), $ShortText); $MemberComments[$c]["short_text"] = $ShortText; $MemberComments[$c]["text"] = $row["text"]; $MemberComments[$c]["news_title"] = $row["news_title"]; $MemberComments[$c]["post_id"] = $row["post_id"]; $MemberComments[$c]["date"] = date(OS_DATE_FORMAT, $row["date"]); $MemberComments[$c]["date_int"] = $row["date"]; $c++; } } else { header('location:' . OS_HOME . '?404'); die; }
$info = '<span style="float:right;">[read]</span>'; } if ($status == 0) { $info = '<span style="float:right;"><b>[unread]</b></span>'; } $sth2 = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = '{$fromID}' "); $result = $sth2->execute(); $row2 = $sth2->fetch(PDO::FETCH_ASSOC); $from = $row2["user_name"]; $MFrom = '<span style="font-size:11px;">from: <a href="' . OS_HOME . '?member=' . $row2["user_id"] . '"><i>' . $from . '</i></a></span>'; if (isset($_GET["pm"]) and !empty($_GET["pm"]) and $_GET["pm"] == $row["field_name"]) { $text = AutoLinkShort(convEnt($row["field_value"])) . ' <div></div> <a href="' . OS_HOME . 'adm/?bnet_pm&pm' . $page . '">« back</a>'; $style = 'style="border: 4px solid #ccc; padding: 5px;"'; } else { $style = "style='padding: 5px;'"; $text = '<a href="' . OS_HOME . 'adm/?bnet_pm&pm=' . $row["field_name"] . $page . '#' . $row["field_name"] . '">' . limit_words(convEnt($row["field_value"]), 15) . '</a>'; } ?> <tr class="row"> <td width="200"><a class="anchor" name="<?php echo $row["field_name"]; ?> "></a><b>to:</b> <a href="<?php echo OS_HOME; ?> ?member=<?php echo $sendID; ?> "><b><?php echo $sendTo; ?>
if (!empty($sql)) { $sth->bindValue(1, "%" . $search_items . "%", PDO::PARAM_STR); } $result = $sth->execute(); $numrows = $sth->rowCount(); } else { $sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " WHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' GROUP BY (shortname)"); $result = $sth->execute(); $numrows = $sth->rowCount(); } $result_per_page = $ItemsPerPage; $draw_pagination = 0; //$total_comments = $numrows; include 'inc/pagination.php'; $draw_pagination = 1; $sth = $db->prepare("SELECT * FROM " . OSDB_ITEMS . " as Items\n\tWHERE item_info !='' AND name != 'Aegis Check' \n\tAND name != 'Arcane Ring' AND name NOT LIKE 'Disabled%' {$sql}\n\tGROUP BY (shortname) \n\tORDER BY (shortname) ASC \n\tLIMIT {$offset}, {$rowsperpage}"); if (!empty($sql)) { $sth->bindValue(1, "%" . $search_items . "%", PDO::PARAM_STR); } $result = $sth->execute(); //if ($db->num_rows() ) $c = 0; $ItemsData = array(); while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $ItemsData[$c]["itemid"] = $row["itemid"]; $ItemsData[$c]["name"] = $row["name"]; $ItemsData[$c]["shortname"] = $row["shortname"]; $ItemsData[$c]["item_info"] = convEnt($row["item_info"]); $ItemsData[$c]["icon"] = $row["icon"]; $c++; }
} ?> </td> <td><a class="padLeft" href="<?php echo OS_HOME; ?> adm/?users&edit=<?php echo $row["user_id"]; ?> "><?php echo $row["user_name"]; ?> </a></td> <td> <?php echo limit_words(convEnt($row["reason"]), 12); ?> <?php if (!empty($row["resolved_text"])) { ?> <div><b><?php echo $row["resolved"]; ?> :</b> <?php echo $row["resolved_text"]; ?> </div> <?php } ?> </td>
" alt="*" /></a></td> <td width="220"><a href="<?php echo $website; ?> adm/?items&edit=<?php echo $row["itemid"] . $add; ?> "><b><?php echo $row["shortname"]; ?> </b></a> <div class="font12"><?php echo $row["type"]; ?> , Price: <?php echo $row["price"]; ?> </div></td> <td><?php echo limit_words(convEnt($row["item_info"]), 14); ?> </td> </tr> <?php } ?> </table> <?php include 'pagination.php'; ?> </div>
if (isset($preModerationType) and $preModerationType > 0) { $emailusers = 0; } if ($genEmailDisable != 1 and ($emailusers > 0 or isset($emailadmposts) and $emailadmposts == 1)) { if (!isset($reply_to_email)) { $reply_to_email = $admin_email; } if ($fn = db_simpleSelect(0, $Tf, 'forum_name', 'forum_id', '=', $forum)) { $forum_title_em = convEnt($fn[0]); $forum_title = $fn[0]; } else { $forum_title = ''; } $setTpls = array(); $pTxtSm = convEnt($postText); $user_usr_em = convEnt($user_usr); $postTextSmall = substr($pTxtSm, 0, 200); if (strlen($postTextSmall) < strlen($pTxtSm)) { $postTextSmall .= '...'; } $setTpls[$langOrig] = ParseTpl(makeUp('email_reply_notify_' . $langOrig)); //$msg=$setTpls[$langOrig]; $sub0 = explode('SUBJECT>>', $setTpls[$langOrig]); $sub0 = explode('<<', $sub0[1]); $msgg = explode('[USER_ID]', trim($sub0[1])); $msg[$langOrig][0] = $msgg[0]; $msg[$langOrig][1] = $msgg[1]; $sub[$langOrig] = $sub0[0]; } //Email all users about this reply if allowed if ($genEmailDisable != 1 and $emailusers > 0) {
include 'inc/PlayDotaHeroParser.php'; } } else { //get hero data from database $sth = $db->prepare("SELECT * FROM " . OSDB_HEROES . " WHERE heroid = :heroid LIMIT 1"); $sth->bindValue(':heroid', $heroid, PDO::PARAM_STR); $result = $sth->execute(); $c = 0; $HeroData = array(); $row = $sth->fetch(PDO::FETCH_ASSOC); $HeroData[$c]["id"] = (int) $row["heroid"]; $HeroData[$c]["original"] = $row["original"]; $HeroData[$c]["description"] = $row["description"]; $HeroData[$c]["summary"] = convEnt($row["summary"]); $HeroData[$c]["stats"] = convEnt($row["stats"]); $HeroData[$c]["skills"] = convEnt($row["skills"]); $HomeTitle = $row["description"]; $HomeDesc = os_strip_quotes($row["summary"]); $HomeKeywords = strtolower(os_strip_quotes($row["description"])) . ',' . $HomeKeywords; } if ($GuidesPage == 1) { $sth = $db->prepare("SELECT * FROM " . OSDB_GUIDES . " WHERE hid = :heroid "); $sth->bindValue(':heroid', $heroid, PDO::PARAM_STR); $result = $sth->execute(); $c = 0; $HeroDataGuides = array(); while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $HeroDataGuides[$c]["id"] = $row["id"]; $HeroDataGuides[$c]["title"] = $row["title"]; $HeroDataGuides[$c]["link"] = $row["link"]; $c++;
$Hero["stats"] = convEnt($Hero["stats"]); $Hero["summary"] = convEnt($Hero["summary"]); $Hero["skills"] = convEnt($Hero["skills"]); OS_DisplayHeroesData($Hero["original"], $Hero["description"], $Hero["stats"], $Hero["summary"], $Hero["skills"]); } ?> <div><b>Intelligence</b></div> <?php foreach ($HeroListInt as $Hero) { ?> <?php $Hero["description"] = convEnt($Hero["description"]); $Hero["stats"] = convEnt($Hero["stats"]); $Hero["summary"] = convEnt($Hero["summary"]); $Hero["skills"] = convEnt($Hero["skills"]); OS_DisplayHeroesData($Hero["original"], $Hero["description"], $Hero["stats"], $Hero["summary"], $Hero["skills"]); } ?> </div> <div class="HeroInfoMainRight"> <div id="HeroInfo"></div> </div> </div> <script type="text/javascript"> function OS_HeroInfo(hid){ info = document.getElementById("hero"+hid+"description").innerHTML;
} //Banned players on the same IP range $sth = $db->prepare("SELECT * FROM " . OSDB_BANS . " WHERE ip_part LIKE '" . $ip_part . "' {$sql} LIMIT 50"); $result = $sth->execute(); $UserIPRange = array(); $c = 0; while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $UserIPRange[$c]["id"] = $row["id"]; $UserIPRange[$c]["name"] = $row["name"]; $UserIPRange[$c]["ip"] = $row["ip"]; $UserIPRange[$c]["ip_part"] = $row["ip_part"]; $UserIPRange[$c]["country"] = $row["country"]; $UserIPRange[$c]["date"] = date(OS_DATE_FORMAT, strtotime($row["date"])); $UserIPRange[$c]["admin"] = $row["admin"]; $UserIPRange[$c]["gamename"] = $row["gamename"]; $UserIPRange[$c]["reason"] = convEnt($row["reason"]); $UserIPRange[$c]["expiredate"] = date(OS_DATE_FORMAT, strtotime($row["expiredate"])); if (empty($row["expiredate"]) or $row["expiredate"] == "0000-00-00 00:00:00") { $UserIPRange[$c]["expiredate"] = '<span class="perm_ban">Permanent</span>'; } $c++; } $sth = $db->prepare("SELECT gp.id, gp.ip, gp.name, g.gamename, g.datetime, gp.gameid \n\t\t\t FROM " . OSDB_GP . " as gp\n\t\t\t LEFT JOIN " . OSDB_GAMES . " as g on g.id = gp.gameid\n\t\t\t WHERE name!= '" . $PlayerName . "' AND ip LIKE '" . $ip_part . ".%'\n\t\t\t GROUP BY gp.name ORDER BY gp.id DESC LIMIT 50"); $result = $sth->execute(); $OtherIPAddr = array(); $c = 0; while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $OtherIPAddr[$c]["id"] = $row["id"]; $OtherIPAddr[$c]["ip"] = $row["ip"]; $OtherIPAddr[$c]["name"] = $row["name"]; $OtherIPAddr[$c]["gameid"] = $row["gameid"];
function OS_PMSystem() { if (OS_GetAction("pm")) { global $db; $sth = $db->prepare("SET NAMES 'utf8'"); $result = $sth->execute(); global $lang; global $DateFormat; $errors = ""; ?> <div class="clr"></div> <div class="ct-wrapper" id="content" class="s-c-x"> <div class="outer-wrapper wrapper"> <div class="content section" id="main-column"> <div class="widget Blog padding"> <div class="blog-posts hfeed padLeft padTop padBottom inner"> <h2>Private Messages</h2> <div> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&inbox">INBOX</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&sent_items">SENT ITEMS</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&new_message">NEW MESSAGE</a> </div> <?php //NEW MESSAGE if (isset($_GET["new_message"])) { $PMName = ""; $PMText = ""; if (isset($_POST["pm_message"]) and isset($_POST["pm_name"]) and isset($_SESSION["code"]) and isset($_POST["code"])) { $PMText = $_POST['pm_message']; $PMText = strip_tags($PMText); $PMName = safeEscape(trim($_POST["pm_name"])); if ($_SESSION["code"] != $_POST["code"]) { $errors .= "<h4>Form is not valid. Try again.</h4>"; } if (strlen($PMText) <= 2) { $errors .= "<h4>There are not enough characters in the message</h4>"; } if (strlen($PMName) <= 2) { $errors .= "<h4>Please, write a valid username</h4>"; } if (strtolower($PMName) == $_SESSION["username"]) { $errors .= "<h4>You can not send messages to yourself</h4>"; } if (empty($errors)) { $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " \n\t\t\tWHERE LOWER(user_name) = ? LIMIT 1"); $sth->bindValue(1, strtolower($PMName), PDO::PARAM_STR); $result = $sth->execute(); if ($sth->rowCount() <= 0) { $errors .= "<h4>User not found</h4>"; } else { $row = $sth->fetch(PDO::FETCH_ASSOC); $userID = $row["user_id"]; } } if (!empty($errors)) { echo $errors; } else { if (isset($userID) and is_numeric($userID) and $userID != OS_GetUserID()) { OS_add_custom_field($userID, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText); $MailText = $PMText; $PMName = ""; $PMText = ""; ?> <h4>Message was sent successfully</h4><?php //SEND EMAIL NOTIFICATION if (!isset($_SESSION["mail_sent"])) { //$row = $sth->fetch(PDO::FETCH_ASSOC); $_SESSION["mail_sent"] = 1; global $lang; global $mail; global $DefaultHomeTitle; $message = "You have just received a private message from " . $_SESSION["username"] . "<br />"; $message .= "Click on the following link to read the message<br />"; $message .= "" . OS_HOME . "?action=pm&inbox"; $message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />"; $message .= convEnt($MailText); $message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />{$DefaultHomeTitle}"; require "inc/class.phpmailer.php"; $mail = new PHPMailer(); $mail->CharSet = 'UTF-8'; $mail->SetFrom($lang["email_from"], $lang["email_from_full"]); $mail->AddReplyTo($lang["email_from"], $lang["email_from_full"]); $mail->AddAddress($row["user_email"], ""); $mail->Subject = "New Private Message"; $mail->MsgHTML($message); $mail->AltBody = "This is the body in plain text for non-HTML mail clients"; $mail->Send(); } } else { ?> <h4>The message could not be sent</h4><?php } } } $code = generate_hash(8); $_SESSION["code"] = $code; ?> <form action="" method="post" accept-charset="UTF-8"> <table> <tr class="row"> <td width="70" class="padLeft"><b>To:</b></td> <td><input type="text" value="<?php echo $PMName; ?> " size="65" name="pm_name" /></td> </tr> <tr class="row"> <td width="70" class="padLeft"><b>Message:</b></td> <td><textarea name="pm_message" rows="9" cols="80" ><?php echo $PMText; ?> </textarea></td> </tr> <tr class="row"> <td width="70" class="padLeft"></td> <td><input type="submit" value="Send PM" class="menuButtons" /></td> </tr> </table> <input type="hidden" name="code" value="<?php echo $code; ?> " /> </form> <?php } //SEND MESSAGE (USER ID) if (isset($_GET["send"]) and is_numeric($_GET["send"])) { $uid = safeEscape((int) $_GET["send"]); if (OS_GetUserID() == $uid) { ?> <h4>You can not send messages to yourself</h4> <?php } else { if (isset($_POST["pm_message"]) and isset($_SESSION["code"]) and isset($_POST["code"])) { if ($_SESSION["code"] != $_POST["code"]) { $errors .= "<div>Form is not valid. Try again.</div>"; } $PMText = strip_tags($_POST['pm_message']); if (strlen($PMText) <= 2) { $errors .= "<div>There are not enough characters in the message</div>"; } if (!empty($errors)) { ?> <h4><?php echo $errors; ?> </h4><?php } else { //ADD MESSAGE //ARG: TO - user ID, FROM - time_UserID, message $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1"); $sth->bindValue(1, $uid, PDO::PARAM_INT); $result = $sth->execute(); if ($sth->rowCount() >= 1) { OS_add_custom_field($uid, time() . "|" . OS_GetUserID() . "||p.m.0", $PMText); } ?> <h4>Message was sent successfully</h4><?php } } $code = generate_hash(8); $_SESSION["code"] = $code; $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE user_id = ? LIMIT 1"); $sth->bindValue(1, $uid, PDO::PARAM_INT); $result = $sth->execute(); if ($sth->rowCount() >= 1) { $row = $sth->fetch(PDO::FETCH_ASSOC); $sendTo = $row["user_name"]; ?> <form action="" method="post" accept-charset="UTF-8"> <table> <tr class="row"> <td width="120" class="padLeft"><b>Send to:</b></td> <td><?php echo $sendTo; ?> </td> </tr> <tr class="row"> <td width="120" class="padLeft"><b>Message:</b></td> <td><textarea name="pm_message" rows="9" cols="80" ></textarea></td> </tr> <tr class="row"> <td width="120" class="padLeft"></td> <td><input type="submit" value="Send PM" class="menuButtons" /></td> </tr> </table> <input type="hidden" name="code" value="<?php echo $code; ?> " /> </form> <?php if (isset($_GET["m"])) { $sth = $db->prepare("SELECT * FROM " . OSDB_CUSTOM_FIELDS . " WHERE field_name = ? "); $sth->bindValue(1, safeEscape($_GET["m"]), PDO::PARAM_STR); $result = $sth->execute(); $row = $sth->fetch(PDO::FETCH_ASSOC); $dateFor = explode("|", $row["field_name"]); $date = (int) $dateFor[0]; //print_r($dateFor); ?> <div class="padTop"></div> <table> <tr class="row"> <td class="padLeft"><b><?php echo $sendTo; ?> </b>, <?php echo date($DateFormat, $date); ?> </td> </tr> <tr> <td><?php echo convEnt($row["field_value"]); ?> </td> </tr> </table> <?php } } else { ?> <h4>User not found</h4><?php } } } //SENT ITEMS if (isset($_GET["sent_items"]) and is_logged()) { ?> <h4>Sent items</h4><?php //GET ALL MESSAGES if (!empty($_GET["sent_items"]) and is_numeric($_GET["sent_items"]) and isset($_GET["m"])) { $id = safeEscape((int) $_GET["sent_items"]); $field = safeEscape($_GET["m"]); $sql = "AND c.field_name = ? "; } else { $sql = ""; } $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_name LIKE ? {$sql}"); $sth->bindValue(1, "%|" . (int) $_SESSION["user_id"] . "||p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(2, $field, PDO::PARAM_STR); } $result = $sth->execute(); $r = $sth->fetch(PDO::FETCH_NUM); $numrows = $r[0]; $result_per_page = 10; $offset = os_offset($numrows, $result_per_page); $sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_name LIKE ? {$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}"); $sth->bindValue(1, "%|" . OS_GetUserID() . "||p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(2, $field, PDO::PARAM_STR); } $result = $sth->execute(); ?> <table> <?php while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $dateFor = explode("|", $row["field_name"]); $date = $dateFor[0]; if (!isset($_GET["m"])) { $text = limit_words(convEnt($row["field_value"]), 40); } else { $text = AutoLinkShort(convEnt($row["field_value"])); } ?> <tr class="row"> <td width="140"><a href="<?php echo OS_HOME; ?> ?action=pm&sent_items=<?php echo $row["field_id"]; ?> &m=<?php echo $row["field_name"]; ?> "><b><?php echo $row["user_name"]; ?> </b>, <?php echo date($DateFormat, $date); ?> </a></td> <td><?php echo $text; ?> <?php if (isset($_GET["m"])) { ?> <div class="padTop"> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&send=<?php echo $row["field_id"]; ?> &m=<?php echo $_GET["m"]; ?> ">[SEND MESSAGE]</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&sent_items">« Back</a> </div> <?php } else { ?> <a href="<?php echo OS_HOME; ?> ?action=pm&sent_items=<?php echo $row["field_id"]; ?> &m=<?php echo $row["field_name"]; ?> ">more » </a> <?php } ?> </td> </tr> <?php } if ($sth->rowCount() <= 0) { ?> <tr><td>No new messages</td></tr><?php } ?> </table> <?php os_pagination($numrows, $result_per_page, 5, 1, '&sent_items'); } //INBOX MESSAGES if (isset($_GET["inbox"]) and is_logged()) { ?> <h4>Inbox</h4><?php if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) { $id = safeEscape((int) $_GET["inbox"]); $field = safeEscape($_GET["m"]); $sql = "AND c.field_name = :field_name "; $field_name = substr($field, 0, -1) . "1"; } else { $sql = ""; } $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "' {$sql}"); //$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR); //$sth->bindValue(1, "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(':field_name', $field, PDO::PARAM_STR); } //$sth->bindValue(2, $field, PDO::PARAM_STR); $result = $sth->execute(); $r = $sth->fetch(PDO::FETCH_NUM); $numrows = $r[0]; $result_per_page = 10; $offset = os_offset($numrows, $result_per_page); $sth = $db->prepare("SELECT c.field_id, c.field_name, c.field_value, u.user_name, u.user_avatar\n\t\tFROM " . OSDB_CUSTOM_FIELDS . " as c\n\t\tLEFT JOIN " . OSDB_USERS . " as u ON u.user_id = c.field_id\n\t\tWHERE c.field_id = '" . OS_GetUserID() . "'\n\t\tAND field_name LIKE('%||p.m.%')\n\t\t{$sql}\n\t\tORDER BY c.field_name DESC\n\t\tLIMIT {$offset}, {$result_per_page}"); //$sth->bindValue(':field_id', "%_".OS_GetUserID()."__p.m.%", PDO::PARAM_STR); if (!empty($sql)) { $sth->bindValue(':field_name', $field, PDO::PARAM_STR); } $result = $sth->execute(); //UPDATE "read" message if (!empty($_GET["inbox"]) and is_numeric($_GET["inbox"]) and isset($_GET["m"])) { $field = safeEscape($_GET["m"]); $field_name = substr($field, 0, -1) . "1"; $result = $db->update(OSDB_CUSTOM_FIELDS, array("field_name" => $field_name), "field_name = '" . $field . "'"); } ?> <table> <?php while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $dateFor = explode("|", $row["field_name"]); $date = $dateFor[0]; $FromID = $dateFor[1]; $read = substr($row["field_name"], strlen($row["field_name"]) - 1, 1); if ($read == 1) { $col = '686A6B'; $readTxt = 'read'; } else { $col = 'A41600'; $readTxt = '<b>new</b>'; } if (!isset($_GET["m"])) { $text = limit_words(convEnt($row["field_value"]), 12); if ($read == 0) { $text = '<span style="color: #000;"><b>' . convEnt($text) . '<b/></span>'; } if ($read == 1) { $text = '<span style="color: #686A6B;">' . convEnt($text) . '</span>'; } } else { $text = AutoLinkShort(convEnt($row["field_value"])); } ?> <?php if (!isset($_GET["m"])) { ?> <tr class="row"> <td width="120" class="padLeft"> <a href="<?php echo OS_HOME; ?> ?action=pm&inbox=<?php echo $FromID; ?> &m=<?php echo $row["field_name"]; ?> "><span style="color: #<?php echo $col; ?> "><b><?php echo OS_GetUsernameByUserID($FromID); ?> </b></span></a> </td> <td width="600"><a href="<?php echo OS_HOME; ?> ?action=pm&inbox=<?php echo $FromID; ?> &m=<?php echo $row["field_name"]; ?> "><?php echo $text; ?> </a></td> <td><?php echo date($DateFormat, $date); ?> </td> </tr> <?php } else { ?> <tr class="row"> <td class="padLeft"><span style="color: #<?php echo $col; ?> "><b><?php echo OS_GetUsernameByUserID($FromID); ?> </b>, <?php echo date($DateFormat, $date); ?> </span></td> </tr> <tr> <td><?php echo $text; ?> </td> </tr> <tr> <td><div class="padTop padBottom"> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&send=<?php echo $FromID; ?> &m=<?php echo $_GET["m"]; ?> ">[SEND MESSAGE]</a> <a class="menuButtons" href="<?php echo OS_HOME; ?> ?action=pm&inbox">« Back</a> </div></td> </tr> <?php } ?> <?php } if ($sth->rowCount() <= 0) { ?> <tr><td>No new messages</td></tr><?php } ?> </table> <?php os_pagination($numrows, $result_per_page, 5, 1, '&inbox'); } ?> <div class="padTop" style="margin-top:124px;"></div> </div> </div> </div> </div> </div> <?php } }
?> </div> </td> <td width="450" class="font12" style="width:450px !important; word-wrap:break-word;"> <div style="text-align:left; font-size:12px; word-wrap:break-word;"><a href="<?php echo $website; ?> adm/?comments&edit=<?php echo $row["id"]; ?> "><?php echo $row["news_title"]; ?> </a></div> <?php echo limit_words(convEnt($row["text"]), 16); ?> </td> <td width="64" class="font12"> <a href="<?php echo $website; ?> adm/?comments&edit=<?php echo $row["id"]; ?> "><img src="<?php echo $website; ?> adm/edit.png" alt="img" /></a> <a href="javascript:;" onclick="if (confirm('Delete Comment?') ) { location.href='<?php echo $website;
$CommentsAllowed = $row["allow_comments"]; if (!isset($updateViews)) { $updateViews = $db->query("UPDATE " . OSDB_NEWS . " SET views = views+1 WHERE news_id = '" . $row["news_id"] . "' LIMIT 1"); } } $NewsData[$c]["id"] = (int) $row["news_id"]; $id = (int) $row["news_id"]; $NewsData[$c]["title"] = $row["news_title"]; if (!isset($_GET["post_id"]) and isset($NewsWordLimit) and $NewsWordLimit >= 2) { $NewsData[$c]["text"] = limit_words(convEnt($row["news_content"]), $NewsWordLimit); $NewsData[$c]["read_more"] = '<a class="read_more" href="' . $website . '?post_id=' . $id . '">' . $lang["read_more"] . '</a>'; } else { $NewsData[$c]["text"] = convEnt($row["news_content"]); $NewsData[$c]["read_more"] = ''; } $NewsData[$c]["full_text"] = convEnt($row["news_content"]); //$NewsData[$c]["text"] = str_replace("\n","<br />", $NewsData[$c]["text"]); $NewsData[$c]["date"] = date($DateFormat, $row["news_date"]); $NewsData[$c]["date_int"] = $row["news_date"]; $NewsData[$c]["comments"] = $row["comments"]; $NewsData[$c]["allow_comments"] = $row["allow_comments"]; $c++; } //$db->free($result); //GAMELIST PATCH if (isset($GameListPatch) and $GameListPatch == 1 and !$_GET) { $sth = $db->prepare("SELECT * FROM " . OSDB_GAMELIST . " "); $result = $sth->execute(); $c = 0; $LiveGamesData = array(); $CurrentPlayers = array();