} elseif ($row['status'] == 3) {
// lastwars
$row['memberliste'] = lastwars_get_memberlist($_GET['mehr']);
$wlpar = array(1 => 'gewonnen', 2 => 'verloren', 3 => 'unentschieden');
$row['erg'] = $row['owp'] . ' zu ' . $row['opp'];
$row['ergliste'] = get_erg_liste($_GET['mehr']);
$row['wlp'] = $wlpar[$row['wlp']];
$title = $allgAr['title'] . ' :: Wars :: Lastwars';
$hmenu = '<a href="?wars" class="smalfont">Wars</a><b> » </b>Lastwars';
$design = new design($title, $hmenu);
$design->header();
$tpl = new tpl('wars_last');
$row['tag'] = empty($row['tag']) ? $row['gegner'] : $row['tag'];
$tpl->set_ar_out($row, 0);
// kommentare fuer lastwars
if ($allgAr['wars_last_komms'] < 0 and has_right($allgAr['wars_last_komms'])) {
// aktion
if (isset($_POST['kommentar_fuer_last_wars'])) {
$name = $_SESSION['authname'];
$text = escape($_POST['text'], 'textarea');
db_query("INSERT INTO prefix_koms (name,cat,text,uid) VALUES ('" . $name . "','WARSLAST', '" . $text . "', " . $_GET['mehr'] . " )");
}
if (isset($_GET['kommentar_fuer_last_wars_loeschen']) and is_siteadmin('wars')) {
db_query("DELETE FROM prefix_koms WHERE cat = 'WARSLAST' AND uid = " . $_GET['mehr'] . " AND id = " . $_GET['kommentar_fuer_last_wars_loeschen']);
}
// anzeigen
$tpl->out(1);
$class = '';
$erg = db_query("SELECT name,text,id FROM prefix_koms WHERE cat = 'WARSLAST' AND uid = " . $_GET['mehr'] . " ORDER BY id DESC");
while ($r = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$tpl->set('minus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0"), 0));
$tpl->set('plus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0"), 0));
$tpl->set('saldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse"), 0));
$tpl->set('Jminus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0 AND datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0));
$tpl->set('Jplus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0 AND datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0));
$tpl->set('Jsaldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0));
$tpl->set('Mminus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0 AND datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0));
$tpl->set('Mplus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0 AND datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0));
$tpl->set('Msaldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0));
$tpl->set('month', $lang[date('F', $akt)]);
$tpl->set('pm', $pm);
$tpl->set('nm', $nm);
$tpl->set('py', $py);
$tpl->set('ny', $ny);
$tpl->set('jahr', $y);
$tpl->out(0);
$class = '';
$erg = db_query("SELECT name, verwendung, id, ROUND(betrag,2) as betrag FROM prefix_kasse WHERE datum >= '" . $aka . "' AND datum <= '" . $ake . "' ORDER BY datum DESC");
while ($r = db_fetch_assoc($erg)) {
$class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$r['class'] = $class;
if (has_right(-8, 'kasse')) {
$r['verwendung'] .= '<span style="float: right;">
<a href="admin.php?kasse-' . $r['id'] . '"><img src="include/images/icons/edit.gif" border="0" title="' . $lang['change'] . '" alt="' . $lang['change'] . '" /></a>
<a href="index.php?kasse-d' . $r['id'] . '"><img src="include/images/icons/del.gif" border="0" title="' . $lang['delete'] . '" alt="' . $lang['delete'] . '" /></a>
</span>';
}
$tpl->set_ar_out($r, 1);
}
$tpl->out(2);
$design->footer();
}
if ($r['mail'] != '') {
$r['mail'] = ' <a href="mailto:' . escape_email_to_show($r['mail']) . '"><img src="include/images/icons/mail.gif" border="0" alt="E-Mail ' . $lang['from'] . ' ' . $r['name'] . '"></a>';
}
$tpl = new tpl('gbook.htm');
$r['ANTISPAM'] = get_antispam('gbookkom', 0);
$r['uname'] = $_SESSION['authname'];
$r['text'] = bbcode($r['text']);
$tpl->set_ar_out($r, 4);
$i = 1;
$erg = db_query("SELECT id, name, text FROM prefix_koms WHERE uid = " . $id . " AND cat = 'GBOOK' ORDER BY id DESC");
$anz = db_num_rows($erg) + 1;
while ($r1 = db_fetch_assoc($erg)) {
$r1['zahl'] = $anz - $i;
$r1['text'] = bbcode($r1['text']);
if (has_right(-7, 'gbook')) {
$r1['text'] .= '<a href="index.php?gbook-show-' . $id . '-d' . $r1['id'] . '"><img src="include/images/icons/del.gif" alt="' . $lang['delete'] . '" border="0" title="' . $lang['delete'] . '" /></a>';
}
$tpl->set_ar_out($r1, 5);
$i++;
}
$tpl->out(6);
}
break;
default:
$limit = $allgAr['gbook_posts_per_site'];
// Limit
$page = $menu->getA(1) == 'p' ? escape($menu->getE(1), 'integer') : 1;
$MPL = db_make_sites($page, "", $limit, "?gbook", 'gbook');
$anfang = ($page - 1) * $limit;
$tpl = new tpl('gbook.htm');
} else {
$href = "news_list.php";
}
$related_news = $news->related_news ? explode(',', $news->related_news) : array();
$sub_headline = $news->sub_headline ? explode(',', $news->sub_headline) : array();
?>
<div id=icaption>
<div id=title>发布新闻</div>
<a href="news_list.php" id=btn_back></a>
</div>
<div id=itable>
<form id="news_edit" enctype="multipart/form-data" action="news.post.php" method="post">
<table cellspacing="1" align="center">
<?php
if (has_right('schedule_news')) {
?>
<tr class=tr4>
<td class=td1 width="15%" >定时发布</td>
<td width="85%"><input type="text" name="publish_schedule_date" id="publish_schedule" <?php
if (!$publish_date) {
echo "disabled=true;";
}
?>
value="<?php
echo $publish_date;
?>
"></input><input style="width:20px;" type="checkbox" id="publish_schedule_select" <?php
if ($publish_date) {
echo "checked='checked'";
}
if (@db_num_rows($erg) != 1) {
$title = $allgAr['title'] . ' :: Downloads ';
$hmenu = '<a class="smalfont" href="?downloads">Downloads</a>';
$design = new design($title, $hmenu);
$design->header();
echo $lang['nopermission'];
$design->footer(1);
}
if (!isset($_SESSION['download'][$fid])) {
header('Location: ' . 'http://' . $_SERVER["HTTP_HOST"] . dirname($_SERVER["SCRIPT_NAME"]) . '/index.php?downloads');
break;
}
$qry = db_query("SELECT d.`url`, IFNULL(c.`recht`,0) AS recht FROM `prefix_downloads` d LEFT JOIN `prefix_downcats` c ON c.`id` = d.`cat` WHERE d.`id` = {$fid}");
$row = db_fetch_assoc($qry);
$url = 'http://' . $_SERVER["HTTP_HOST"] . dirname($_SERVER["SCRIPT_NAME"]) . '/index.php?downloads';
if ($qry !== false and has_right($row['recht'])) {
db_query("UPDATE prefix_downloads SET downs = downs +1 WHERE id = " . $fid);
if (file_exists($row['url'])) {
header('Content-type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($row['url']) . '"');
header('Content-Length: ' . filesize($row['url']));
readfile($row['url']);
exit;
} else {
$url = iurlencode($row['url']);
}
$error = false;
}
header('Location: ' . $url);
break;
case 'upload':
function is_siteadmin($m = null)
{
if (has_right(-7)) {
return true;
}
if (!is_null($m) and has_right(null, $m)) {
return true;
}
return false;
}
private function check_rights()
{
global $allgAr;
$has_right = false;
if ($this->type == 'contents') {
$paths = array();
foreach ($this->get_string_ar() as $path) {
$paths[] = '\'' . $path . '\'';
}
if ($this->get(0) == 'self') {
foreach ($this->get_string_ar(true) as $path) {
$paths[] = '\'' . $path . '\'';
}
}
$qry = db_query('SELECT `recht`, `recht_type` FROM `prefix_menu` WHERE `was` IN (7,9) AND `path` IN (' . implode(',', $paths) . ') ORDER BY LENGTH(`path`), `recht_type`, `recht`');
$lastlength = 0;
while ($row = db_fetch_assoc($qry)) {
$pathlength = strlen($row['path']);
if ($has_right or $lastlength != 0 and $lastlength != $pathlength) {
break;
} else {
$lastlength = $pathlength;
}
switch ($row['recht_type']) {
case 0:
case 3:
default:
$has_right = has_right($row['recht'], '', true);
break;
case 1:
$has_right = $row['recht'] == $_SESSION['authright'];
break;
case 2:
$has_right = $row['recht'] <= $_SESSION['authright'];
break;
}
}
} elseif ($this->type == 'box') {
$qry = db_query('SELECT `recht`, `recht_type` FROM `prefix_menu` WHERE `was` = 1 AND `path` = "' . $this->get(0) . '.php"');
while ($row = db_fetch_assoc($qry)) {
$pathlength = strlen($row['path']);
if ($has_right) {
break;
}
switch ($row['recht_type']) {
case 0:
case 3:
default:
$has_right = has_right($row['recht'], '', true);
break;
case 1:
$has_right = $row['recht'] == $_SESSION['authright'];
break;
case 2:
$has_right = $row['recht'] <= $_SESSION['authright'];
break;
}
}
}
return $this->type == 'admin' || $has_right || $allgAr['allg_menupoint_access'] == 1;
}
function kalender_listoutput()
{
global $komsOK, $tpl, $eid, $data, $data_id, $gday, $month, $year, $days, $arr_day, $title_liste, $view, $allgAr;
//Listbegin
$tpl->set_ar_out(array('TITLE' => $eid ? $data_id[$eid]['title'] : $title_liste, 'TITLE_ALIGN' => $eid ? '' : ' align="center"'), "listbegin");
//Detail
if ($eid) {
$aus['display'] = 'style="display:none"';
$aus['DETAIL_DATE'] = date('d.m.Y', $data_id[$eid]['time']);
$aus['DETAIL_TIME'] = date('H:i', $data_id[$eid]['time']);
$aus['DETAIL_TEXT'] = BBcode($data_id[$eid]['text']);
$aus['ID'] = $eid;
$viewl = $allgAr['kalender_standard_list'];
if (preg_match('%\\?kalender-v([0|1])%i', $_SERVER['HTTP_REFERER'], $match)) {
$viewl = $match[1];
}
$aus['BACK_LINK'] = 'index.php?kalender-v' . $viewl . '-m' . date('m', $data_id[$eid]['time']) . '-y' . date('Y', $data_id[$eid]['time']);
if (!$komsOK) {
$tpl->set_ar_out($aus, 'detail');
} else {
if ((loggedin() or chk_antispam('kalender_komms')) and $komsOK and !empty($_POST['name']) and !empty($_POST['text'])) {
if (loggedin()) {
$name = $_SESSION['authname'];
$userid = $_SESSION['authid'];
} else {
$name = escape($_POST['name'], 'string') . ' (Gast)';
$userid = 0;
}
$text = escape($_POST['text'], 'string');
db_query("INSERT INTO `prefix_koms` (`name`,`userid`,`text`,`time`,`uid`,`cat`) VALUES ('" . $name . "', " . $userid . ", '" . $text . "','" . time() . "', " . $eid . ", 'KALENDER')");
}
if (loggedin()) {
$aus['uname'] = $_SESSION['authname'];
$aus['readonly'] = 'readonly';
} else {
$aus['uname'] = '';
$aus['readonly'] = '';
}
$aus['ANTISPAM'] = get_antispam('kalenderkom', 0);
$aus['text'] = bbcode($aus['text']);
$tpl->set_ar_out($aus, 'detail');
$tpl->set_ar_out($aus, 'commentstart');
$erg = db_query("SELECT `id`, `name`, `userid`, `text`, `time` FROM `prefix_koms` WHERE `uid` = " . $eid . " AND `cat` = 'KALENDER' ORDER BY `id` DESC");
$anz = db_num_rows($erg);
if ($anz == 0) {
echo 'Keine Kommentare vorhanden';
} else {
while ($r1 = db_fetch_assoc($erg)) {
if (has_right(-7, 'kalender')) {
$del = ' <a href="index.php?kalender-v1-e' . $eid . '-d' . $r1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>';
}
$r1['zahl'] = $anz;
$r1['avatar'] = get_avatar($r1['userid']);
$r1['time'] = post_date($r1['time'], 1) . $del;
$r1['text'] = bbcode($r1['text']);
$tpl->set_ar_out($r1, 'comments');
$anz--;
}
}
}
$tpl->out('commentend');
// Kommentare Ende
} elseif ($view == 0) {
for ($i = 0; $i < $days; $i++) {
$date = mktime(0, 0, 0, $month, $i + 1, $year);
$text = '';
if (isset($data[$date])) {
foreach ($data[$date] as $eventinfo) {
$text .= eventlink($tpl, $view, $eventinfo);
// bbcode anwenden
$eventinfo["text"] = BBCode($eventinfo["text"]);
$tooltips .= $tpl->set_ar_get($eventinfo, "tooltip");
}
}
$aus['LIST_I'] = $i + 1;
$aus['LIST_D'] = $arr_day[date('w', mktime(0, 0, 0, $month, $i + 1, $year))];
$aus['LIST_T'] = $text;
$class = $i % 2 ? 'Cnorm' : 'Cmite';
$aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class;
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
}
showTooltips($tpl, $tooltips);
} elseif ($view == 1) {
// Nur ein Tag
if (isset($data) && !empty($gday)) {
$date = mktime(0, 0, 0, $month, $gday, $year);
$i = 1;
$tooltips = '';
if (isset($data[$date])) {
foreach ($data[$date] as $eventinfo) {
$text = '';
$text .= eventlink($tpl, $view, $eventinfo);
$aus['LIST_I'] = $arr_day[date('w', $date)];
$aus['LIST_D'] = date('H:i', $eventinfo['time']);
$aus['LIST_T'] = $text;
$class = $i % 2 ? 'Cnorm' : 'Cmite';
$aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class;
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
$i++;
// bbcode anwenden
$eventinfo["text"] = BBCode($eventinfo["text"]);
$tooltips .= $tpl->set_ar_get($eventinfo, "tooltip");
}
}
showTooltips($tpl, $tooltips);
// Ganze Liste
} elseif (isset($data)) {
$i = 1;
foreach ($data as $date => $data1) {
$text = '';
foreach ($data1 as $eventinfo) {
$text .= eventlink($tpl, $view, $eventinfo);
}
$aus['LIST_I'] = date('d.m.Y', $date);
$aus['LIST_D'] = $arr_day[date('w', $date)];
$aus['LIST_T'] = $text;
$class = $i % 2 ? 'Cnorm' : 'Cmite';
$aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class;
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
$i++;
// bbcode anwenden
$eventinfo["text"] = BBCode($eventinfo["text"]);
$tooltips .= $tpl->set_ar_get($eventinfo, "tooltip");
}
showTooltips($tpl, $tooltips);
} else {
$aus['LIST_I'] = '-';
$aus['LIST_D'] = '-';
$aus['LIST_T'] = '-';
$aus['LIST_CLASS'] = 'Cnorm';
$tpl->set_ar_out($aus, 'listitem');
unset($aus);
}
}
$tpl->out('listend');
}
//Unterkategorien
$topcid = $aktForumRow['topcid'];
$catsnr = 1;
$aktForumRow['kat'] = array();
while ($topcid != 0) {
$tmpsql = db_fetch_object(db_query("SELECT id,cid,name FROM `prefix_forumcats` WHERE id = " . $topcid));
$topcid = $tmpsql->cid;
$aktForumRow['kat'][$catsnr] = array();
$aktForumRow['kat'][$catsnr]['id'] = $tmpsql->id;
$aktForumRow['kat'][$catsnr]['name'] = $tmpsql->name;
$catsnr++;
}
$aktForumRow['kat'][0]['id'] = $aktForumRow['cid'];
$aktForumRow['kat'][0]['name'] = $aktForumRow['cat'];
//Unterkategorien - Ende
$forum_rights = array('start' => has_right($aktForumRow['start']), 'reply' => has_right(array($aktForumRow['reply'], $aktForumRow['start'])), 'view' => has_right(array($aktForumRow['view'], $aktForumRow['reply'], $aktForumRow['start'])), 'mods' => forum_user_is_mod($fid));
if ($forum_rights['view'] == false) {
$forum_failure[] = $lang['forumidnotfound'];
}
} else {
$forum_failure[] = $lang['forumidnotfound'];
}
}
switch ($menu->get(1)) {
default:
$incdatei = 'show_forum.php';
break;
case 'showtopics':
$incdatei = 'show_topic.php';
break;
case 'editforum':
<?php
/**
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL)
* @copyright (C) 2000-2010 ilch.de
* @version $Id$
*/
defined('main') or die('no direct access');
// -----------------------------------------------------------|
// Vote Sperre in Stunden
$stunden = 24;
$breite = 50;
$diftime = time() - 60 * 60 * $stunden;
if (has_right(-1)) {
$woR = '>= "1"';
} else {
$woR = '= "1"';
}
$fraErg = db_query('SELECT * FROM `prefix_poll` WHERE `recht` ' . $woR . ' ORDER BY `poll_id` DESC LIMIT 1');
if (db_num_rows($fraErg) > 0) {
$fraRow = db_fetch_object($fraErg);
if ($fraRow->stat == 1) {
$maxRow = db_fetch_object(db_query('SELECT MAX(`res`) as `res` FROM `prefix_poll_res` WHERE `poll_id` = "' . $fraRow->poll_id . '"'));
$gesErg = db_query('SELECT SUM(`res`) as `res` FROM `prefix_poll_res` WHERE `poll_id` = "' . $fraRow->poll_id . '"');
$gesRow = db_fetch_object($gesErg);
$max = $maxRow->res;
$ges = $gesRow->res;
$textAr = explode('#', $fraRow->text);
if ($fraRow->recht == 2) {
$inTextAr = $_SESSION['authid'];
} elseif ($fraRow->recht == 1) {
protected function get_boxes($wo, $tpl)
{
global $lang, $allgAr, $menu;
if (is_numeric($wo)) {
$datei = 'menunr' . $wo;
} elseif ($wo == 'l') {
$datei = 'boxleft';
$wo = 1;
} elseif ($wo == 'r') {
$datei = 'boxright';
$wo = 2;
}
$retur = '';
$ex_ebene = 0;
$ex_was = 1;
$firstmep = false;
$hovmenup = '';
$abf = "SELECT * FROM `prefix_menu` WHERE wo = " . $wo . " ORDER by pos";
$erg = db_query($abf);
$menuar = $menupaths = array();
while ($r = db_fetch_assoc($erg)) {
//Nur Menüpunkte für die Rechte bestehen anzeigen
if (($r['recht_type'] == 0 or $r['recht_type'] == 3) and !has_right($r['recht'], '', true)) {
continue;
} elseif ($r['recht_type'] == 1 and $r['recht'] != $_SESSION['authright']) {
continue;
} elseif ($r['recht_type'] == 2 and $r['recht'] > $_SESSION['authright']) {
continue;
}
$menuar[$r['pos']] = $r;
$menupaths[$r['path']] = $r['pos'];
}
// Aktiven Punkt herausfinden
foreach (array_reverse($menu->get_string_ar()) as $path) {
$path = str_replace('self-', '', $path);
if (isset($menupaths[$path])) {
$act_pos = $menupaths[$path];
break;
}
}
// //Punkte löschen, die nicht angezeigt werden sollen
// //so dass Untermenüpunkte nur vom aktiven Menüpunkt angezeigt werden
// $todel = array();
// //Punkte davor
// for($i = $act_pos; $i > -1; $i--){
// if (isset($menuar[$i]) and $menuar[$i]['ebene'] == 0) {
// $todel_before = $i;
// break;
// }
// }
// $todel_after = count($menuar);
// for($i = $act_pos+1; $i < $todel_after; $i++){
// if (isset($menuar[$i]) and $menuar[$i]['ebene'] == 0) {
// $todel_after = $i;
// break;
// }
// }
foreach ($menuar as $pos => $row) {
// if ($row['ebene'] > 0 and ($pos < $todel_before or $pos > $todel_after)) {
// continue;
// }
$subhauptx = $row['was'];
$whileMenP = $subhauptx >= 7 ? true : false;
if ($row['was'] >= 7 and $ex_was == 1 or $ex_ebene < $row['ebene'] - 1 or $ex_was <= 4 and $row['ebene'] != 0 or $row['was'] >= 7 and !$tpl->list_exists($hovmenup)) {
continue;
}
// nur wenn ein menu in die variable $menuzw geschrieben wurde
// wird in diese if abfrage gesprungen
if ($whileMenP === false and !empty($menuzw)) {
$menuzw .= $this->get_boxes_get_menu_close($ex_ebene, 0, $menuzw, $wmpE, $wmpTE, $wmpTEE);
$retur .= $tpl->list_get($datei, array($boxname, $menuzw . $menuzwE));
$menuzw = '';
}
if ($row['was'] == 1) {
// die box wird direkt in die to return variable geschrieben
$buffer = $this->get_boxcontent($row['path']);
$retur .= $tpl->list_get($datei, array($row['name'], $buffer));
} elseif ($row['was'] >= 2 and $row['was'] <= 4) {
// der name des menues wird gesetzt
// und die variable wird gesetzt.
$boxname = $row['name'];
$menuzw = '';
$menuzwE = '';
$ex_ebene = 0;
// ex ebene
$hovmenu = '';
if ($row['was'] == 2 and $tpl->list_exists('hmenupoint')) {
$hovmenu = 'hmenu';
} elseif ($row['was'] == 3 and $tpl->list_exists('vmenupoint')) {
$hovmenu = 'vmenu';
}
$firstmep = true;
if (!empty($hovmenu)) {
$menuzw .= $tpl->list_get($hovmenu . 'begi', array());
$menuzwE .= $tpl->list_get($hovmenu . 'ende', array());
}
$hovmenup = $hovmenu . 'point';
} elseif ($whileMenP) {
// menupunkt wird generiert
$ebene = $row['ebene'];
$menuTarget = $subhauptx == 8 ? '_blank' : '_self';
$act_pos = null;
list($wmpA, $wmpE, $wmpTE, $wmpTEE) = explode('|', $tpl->list_get($hovmenup, array($menuTarget, ($subhauptx == 8 ? '' : 'index.php?') . $row['path'], $row['name'], $row['pos'] == $act_pos ? 'active' : 'inactive')));
if (!empty($menuzw) and $firstmep === false) {
$menuzw .= $this->get_boxes_get_menu_close($ex_ebene, $ebene, $menuzw, $wmpE, $wmpTE, $wmpTEE);
}
$menuzw .= $wmpA;
$firstmep = false;
}
$ex_was = $row['was'];
$ex_ebene = $row['ebene'];
}
if (!empty($menuzw)) {
$menuzw .= $this->get_boxes_get_menu_close($ex_ebene, 0, $menuzw, $wmpE, $wmpTE, $wmpTEE);
$retur .= $tpl->list_get($datei, array($boxname, $menuzw . $menuzwE));
}
return $retur;
}
/**
* Erzeugt HTML Code für ein Formularfeld, welches für einen Antibot-Schutz dienen oder vor CSFR Attacken schützen soll
* Beschreibung zum NoPictureMode bitte der chk_antispam Funktion entnehmen
*
* @global array $allgAr
* @param string $m Modulname
* @param integer $t Type, der angibt wie das Formularfeld formatiert wird (0, 1 oder > 10 als Breite für das label) siehe Code :P
* @param boolean $nopictures Erzwing NoPictureMode
* @return string
*/
function get_antispam($m, $t, $nopictures = false)
{
global $allgAr, $ILCH_BODYEND_ADDITIONS;
static $addedJavascript = false;
if ($addedJavascript === false) {
$ILCH_BODYEND_ADDITIONS .= '<script type="text/javascript" src="include/includes/js/captcha.js"></script>' . "\n";
$addedJavascript = true;
}
if (!$nopictures && $t < 0 || is_numeric($allgAr['antispam']) && has_right($allgAr['antispam'])) {
$nopictures = true;
}
$id = uniqid($m . '_', true);
if ($nopictures) {
if (!isset($_SESSION['antispam']) || !is_array($_SESSION['antispam'])) {
$_SESSION['antispam'] = array();
}
$_SESSION['antispam'][$id] = true;
return '<input type="hidden" name="antispam_id" value="' . $id . '" />';
}
include 'include/includes/captcha/settings.php';
$helpText = 'Geben Sie diese Zeichen in das direkt daneben stehende Feld ein.';
$seperator = ' ';
if ($t == 0) {
$seperator = '<br />';
$helpText = 'Geben Sie diese Zeichen in das direkt darunter stehende Feld ein.';
}
$img = '<img width="' . $imagewidth . '" height="' . $imageheight . '" src="include/includes/captcha/captchaimg.php?id=' . $id . '&nocache=' . time() . '" alt="captchaimg" title="' . $helpText . '" class="captchaImage">' . $seperator . '<input class="captcha_code" name="captcha_code" type="text" maxlength="5" size="8" title="Geben Sie die Zeichen aus dem Bild ein">' . '<input type="hidden" name="captcha_id" value="' . $id . '" />';
if ($t == 1) {
$img = '<tr><td class="Cmite"><b>Antispam</b></td><td class="Cnorm">' . $img . '</td></tr>';
} elseif ($t > 10) {
$img = '<label style="float:left; width: ' . $t . 'px; ">Antispam</label>' . $img . '<br/>';
}
return $img;
}
function get_url($w = 'contents')
{
global $allgAr;
# startwert und pfad zum pruefen raustuefteln.
if ($w == 'contents') {
$pfad = 'include/contents';
$smod = $allgAr['smodul'];
} else {
$pfad = 'include/admin';
$smod = 'admin';
}
# wennes also leer is wird das startmodul genommen
if (empty($this->menu_ar[0])) {
$this->set_url(0, $smod);
}
# diverse sachen geprueft zum zurueck geben,
# is halt so dings wegen selfpages usw...
if (!file_exists($pfad . '/' . $this->get(0) . '.php') and file_exists($pfad . '/selfbp/selfp/' . $this->get(0) . '.php')) {
$this->set_url(1, $this->get(0));
$this->set_url(0, 'self');
} elseif (!file_exists($pfad . '/' . $this->get(0) . '.php')) {
if (substr($smod, 0, 5) == 'self-') {
$this->set_url(1, substr($smod, 5));
$this->set_url(0, 'self');
} elseif (file_exists($pfad . '/selfbp/selfp/' . $smod . '.php')) {
$this->set_url(1, $smod);
$this->set_url(0, 'self');
} else {
$this->set_url(0, $smod);
}
}
# pruefen ob der client die noetigen rechte hat
# das modul zu sehen.. bzw. den menupunkt zu sehen
$exit = false;
if ($w == 'contents') {
$where = "(path = '" . $this->get(0) . "' OR path = '" . $this->get(0) . "-" . $this->get(1) . "')";
if ($this->get(0) == 'self') {
$where = "(path = '" . $this->get(0) . "-" . $this->get(1) . "' OR path = '" . $this->get(1) . "')";
}
$r = @db_result(@db_query("SELECT recht FROM prefix_menu WHERE " . $where . " ORDER BY LENGTH(path) DESC"), 0);
if ($r != '' and !has_right($r) or $r == '' and $allgAr['allg_menupoint_access'] == 0) {
$exit = true;
}
}
# das usermodul kann aus eigener sicherheit nicht
# gesperrt werden, sonst koennen sich member
# usw. nicht mehr einloggen, bzw. es kann
# sich sonst keiner registrieren. deshalb is das
# user modul immer frei geschaltet
$alwaysallowed = array('regist', 'login', '1', '2', 'confirm', 'remind', '13', '3', 'logout');
if ($exit === true and $this->get(0) == 'user' and in_array($this->get(1), $alwaysallowed)) {
$exit = false;
debug('o');
}
if ($exit) {
$title = $allgAr['title'] . ' :: Keine Berechtigung';
$hmenu = 'Keine Berechtigung';
$design = new design($title, $hmenu);
$design->header();
if (loggedin()) {
echo 'Du hast leider nicht die nötigen Rechte... :-S';
} else {
$tpl = new tpl('user/login');
$tpl->set_out('WDLINK', 'index.php', 0);
}
$design->footer();
exit;
}
return $this->get(0) . '.php';
}
$kategorie = news_find_kat($row->news_kat);
$textToShow = bbcode($row->news_text);
$textToShow = str_replace('[PREVIEWENDE]', '', $textToShow);
if (!empty($such)) {
$textToShow = markword($textToShow, $such);
}
$tpl = new tpl('news.htm');
$ar = array('TEXT' => $textToShow, 'KATE' => $kategorie, 'NID' => $nid, 'uname' => $_SESSION['authname'], 'ANTISPAM' => loggedin() ? '' : get_antispam('newskom', 0), 'NAME' => $row->news_title);
$tpl->set_ar_out($ar, 2);
if ($komsOK) {
$tpl->set_ar_out(array('NAME' => $row->news_title, 'NID' => $nid), 3);
}
$erg1 = db_query("SELECT text, name, id FROM `prefix_koms` WHERE uid = " . $nid . " AND cat = 'NEWS' ORDER BY id DESC");
$ergAnz1 = db_num_rows($erg1);
if ($ergAnz1 == 0) {
echo '<b>' . $lang['nocomments'] . '</b>';
} else {
$zahl = $ergAnz1;
while ($row1 = db_fetch_assoc($erg1)) {
$row1['text'] = bbcode(trim($row1['text']));
if (has_right(-7, 'news')) {
$row1['text'] .= '<a href="?news-' . $nid . '-d' . $row1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>';
}
$tpl->set_ar_out(array('NAME' => $row1['name'], 'TEXT' => $row1['text'], 'ZAHL' => $zahl), 4);
$zahl--;
}
}
}
$tpl->out(5);
}
$design->footer();
function get_antispam($m, $t, $nopictures = false)
{
global $allgAr;
if ($nopictures) {
$id = uniqid($m, true);
$_SESSION['antispam'][$id] = true;
return '<input type="hidden" name="antispam_id" value="' . $id . '" />';
}
if (is_numeric($allgAr['antispam']) and has_right($allgAr['antispam'])) {
return '';
}
$rs = '<img class="Custom" src="include/includes/libs/captcha/captchaimg.php" alt="captchaimg" title="::Geben Sie diese Zeichen in das direkt darunter stehende Feld ein."> <input id="number" name="number" type="text" maxlength="5" size="8">';
if ($t == 0) {
return '<img class="Custom" src="include/includes/libs/captcha/captchaimg.php" alt="captchaimg" title="::Geben Sie diese Zeichen in das direkt darunter stehende Feld ein."><br/><input name="number" type="text" maxlength="5" size="8">';
} elseif ($t == 1) {
return '<tr><td class="Cmite"><b>Antispam</b></td><td class="Cnorm">' . $rs . '</td></tr>';
} elseif ($t > 10) {
return '<label style="float:left; width: ' . $t . 'px; ">Antispam</label>' . $rs . '<br/>';
} else {
return '';
}
}
} else {
?>
<span style="cursor:pointer" class="set_up" name="<?php
echo $record[$i]->id;
?>
" title="置顶"><img src="/images/admin/btn_unup.png" border="0"></span>
<?php
}
}
?>
<a title="静态页面" href="<?php
echo $static_site . static_news_url($record[$i]);
?>
" target="_blank"><img src="/images/admin/btn_static.png" border="0"></a>
<?php
if (has_right('comment_news')) {
?>
<a href="/admin/comment/comment.php?id=<?php
echo $record[$i]->id;
?>
&type=news" title="评论"><img src="/images/admin/btn_comment.png" border="0"></a>
<?php
}
?>
<input type="hidden" class="priority" name="<?php
echo $record[$i]->id;
?>
" value="<?php
if ('100' != $record[$i]->priority) {
echo $record[$i]->priority;
}
<?php
// Copyright by Manuel
// Support www.ilch.de
defined('main') or die('no direct access');
if (loggedin()) {
$shoutbox_VALUE_name = $_SESSION['authname'];
} else {
$shoutbox_VALUE_name = 'Nickname';
}
if (has_right($allgAr['sb_recht'])) {
if (!empty($_POST['shoutbox_submit']) and chk_antispam('shoutbox')) {
$shoutbox_nickname = escape($_POST['shoutbox_nickname'], 'string');
$shoutbox_nickname = substr($shoutbox_nickname, 0, 15);
$shoutbox_textarea = escape($_POST['shoutbox_textarea'], 'textarea');
$shoutbox_textarea = preg_replace("/\\[.?(url|b|i|u|img|code|quote)[^\\]]*?\\]/i", "", $shoutbox_textarea);
$shoutbox_textarea = strip_tags($shoutbox_textarea);
if (!empty($shoutbox_nickname) and !empty($shoutbox_textarea)) {
db_query('INSERT INTO `prefix_shoutbox` (`nickname`,`textarea`) VALUES ( "' . $shoutbox_nickname . '" , "' . $shoutbox_textarea . '" ) ');
header('Location: index.php?' . $menu->get_complete());
}
}
echo '<form action="index.php?' . $menu->get_complete() . '" method="POST">';
echo '<input type="text" size="15" name="shoutbox_nickname" value="' . $shoutbox_VALUE_name . '" onFocus="if (value == \'' . $shoutbox_VALUE_name . '\') {value = \'\'}" onBlur="if (value == \'\') {value = \'' . $shoutbox_VALUE_name . '\'}" maxlength="15">';
echo '<br /><textarea style="width: 80%" cols="15" rows="2" name="shoutbox_textarea"></textarea><br />';
$antispam = get_antispam('shoutbox', 0);
echo $antispam;
if (!empty($antispam)) {
echo '<br />';
}
echo '<input type="submit" value="' . $lang['formsub'] . '" name="shoutbox_submit">';
