} elseif ($row['status'] == 3) { // lastwars $row['memberliste'] = lastwars_get_memberlist($_GET['mehr']); $wlpar = array(1 => 'gewonnen', 2 => 'verloren', 3 => 'unentschieden'); $row['erg'] = $row['owp'] . ' zu ' . $row['opp']; $row['ergliste'] = get_erg_liste($_GET['mehr']); $row['wlp'] = $wlpar[$row['wlp']]; $title = $allgAr['title'] . ' :: Wars :: Lastwars'; $hmenu = '<a href="?wars" class="smalfont">Wars</a><b> » </b>Lastwars'; $design = new design($title, $hmenu); $design->header(); $tpl = new tpl('wars_last'); $row['tag'] = empty($row['tag']) ? $row['gegner'] : $row['tag']; $tpl->set_ar_out($row, 0); // kommentare fuer lastwars if ($allgAr['wars_last_komms'] < 0 and has_right($allgAr['wars_last_komms'])) { // aktion if (isset($_POST['kommentar_fuer_last_wars'])) { $name = $_SESSION['authname']; $text = escape($_POST['text'], 'textarea'); db_query("INSERT INTO prefix_koms (name,cat,text,uid) VALUES ('" . $name . "','WARSLAST', '" . $text . "', " . $_GET['mehr'] . " )"); } if (isset($_GET['kommentar_fuer_last_wars_loeschen']) and is_siteadmin('wars')) { db_query("DELETE FROM prefix_koms WHERE cat = 'WARSLAST' AND uid = " . $_GET['mehr'] . " AND id = " . $_GET['kommentar_fuer_last_wars_loeschen']); } // anzeigen $tpl->out(1); $class = ''; $erg = db_query("SELECT name,text,id FROM prefix_koms WHERE cat = 'WARSLAST' AND uid = " . $_GET['mehr'] . " ORDER BY id DESC"); while ($r = db_fetch_assoc($erg)) { $class = $class == 'Cmite' ? 'Cnorm' : 'Cmite';
$tpl->set('minus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0"), 0)); $tpl->set('plus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0"), 0)); $tpl->set('saldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse"), 0)); $tpl->set('Jminus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0 AND datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0)); $tpl->set('Jplus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0 AND datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0)); $tpl->set('Jsaldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE datum >= '" . $jaka . "' AND datum <= '" . $jake . "'"), 0)); $tpl->set('Mminus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag < 0 AND datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0)); $tpl->set('Mplus', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE betrag > 0 AND datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0)); $tpl->set('Msaldo', db_result(db_query("SELECT ROUND(SUM(betrag),2) FROM prefix_kasse WHERE datum >= '" . $aka . "' AND datum <= '" . $ake . "'"), 0)); $tpl->set('month', $lang[date('F', $akt)]); $tpl->set('pm', $pm); $tpl->set('nm', $nm); $tpl->set('py', $py); $tpl->set('ny', $ny); $tpl->set('jahr', $y); $tpl->out(0); $class = ''; $erg = db_query("SELECT name, verwendung, id, ROUND(betrag,2) as betrag FROM prefix_kasse WHERE datum >= '" . $aka . "' AND datum <= '" . $ake . "' ORDER BY datum DESC"); while ($r = db_fetch_assoc($erg)) { $class = $class == 'Cmite' ? 'Cnorm' : 'Cmite'; $r['class'] = $class; if (has_right(-8, 'kasse')) { $r['verwendung'] .= '<span style="float: right;"> <a href="admin.php?kasse-' . $r['id'] . '"><img src="include/images/icons/edit.gif" border="0" title="' . $lang['change'] . '" alt="' . $lang['change'] . '" /></a> <a href="index.php?kasse-d' . $r['id'] . '"><img src="include/images/icons/del.gif" border="0" title="' . $lang['delete'] . '" alt="' . $lang['delete'] . '" /></a> </span>'; } $tpl->set_ar_out($r, 1); } $tpl->out(2); $design->footer();
} if ($r['mail'] != '') { $r['mail'] = ' <a href="mailto:' . escape_email_to_show($r['mail']) . '"><img src="include/images/icons/mail.gif" border="0" alt="E-Mail ' . $lang['from'] . ' ' . $r['name'] . '"></a>'; } $tpl = new tpl('gbook.htm'); $r['ANTISPAM'] = get_antispam('gbookkom', 0); $r['uname'] = $_SESSION['authname']; $r['text'] = bbcode($r['text']); $tpl->set_ar_out($r, 4); $i = 1; $erg = db_query("SELECT id, name, text FROM prefix_koms WHERE uid = " . $id . " AND cat = 'GBOOK' ORDER BY id DESC"); $anz = db_num_rows($erg) + 1; while ($r1 = db_fetch_assoc($erg)) { $r1['zahl'] = $anz - $i; $r1['text'] = bbcode($r1['text']); if (has_right(-7, 'gbook')) { $r1['text'] .= '<a href="index.php?gbook-show-' . $id . '-d' . $r1['id'] . '"><img src="include/images/icons/del.gif" alt="' . $lang['delete'] . '" border="0" title="' . $lang['delete'] . '" /></a>'; } $tpl->set_ar_out($r1, 5); $i++; } $tpl->out(6); } break; default: $limit = $allgAr['gbook_posts_per_site']; // Limit $page = $menu->getA(1) == 'p' ? escape($menu->getE(1), 'integer') : 1; $MPL = db_make_sites($page, "", $limit, "?gbook", 'gbook'); $anfang = ($page - 1) * $limit; $tpl = new tpl('gbook.htm');
} else { $href = "news_list.php"; } $related_news = $news->related_news ? explode(',', $news->related_news) : array(); $sub_headline = $news->sub_headline ? explode(',', $news->sub_headline) : array(); ?> <div id=icaption> <div id=title>发布新闻</div> <a href="news_list.php" id=btn_back></a> </div> <div id=itable> <form id="news_edit" enctype="multipart/form-data" action="news.post.php" method="post"> <table cellspacing="1" align="center"> <?php if (has_right('schedule_news')) { ?> <tr class=tr4> <td class=td1 width="15%" >定时发布</td> <td width="85%"><input type="text" name="publish_schedule_date" id="publish_schedule" <?php if (!$publish_date) { echo "disabled=true;"; } ?> value="<?php echo $publish_date; ?> "></input><input style="width:20px;" type="checkbox" id="publish_schedule_select" <?php if ($publish_date) { echo "checked='checked'"; }
if (@db_num_rows($erg) != 1) { $title = $allgAr['title'] . ' :: Downloads '; $hmenu = '<a class="smalfont" href="?downloads">Downloads</a>'; $design = new design($title, $hmenu); $design->header(); echo $lang['nopermission']; $design->footer(1); } if (!isset($_SESSION['download'][$fid])) { header('Location: ' . 'http://' . $_SERVER["HTTP_HOST"] . dirname($_SERVER["SCRIPT_NAME"]) . '/index.php?downloads'); break; } $qry = db_query("SELECT d.`url`, IFNULL(c.`recht`,0) AS recht FROM `prefix_downloads` d LEFT JOIN `prefix_downcats` c ON c.`id` = d.`cat` WHERE d.`id` = {$fid}"); $row = db_fetch_assoc($qry); $url = 'http://' . $_SERVER["HTTP_HOST"] . dirname($_SERVER["SCRIPT_NAME"]) . '/index.php?downloads'; if ($qry !== false and has_right($row['recht'])) { db_query("UPDATE prefix_downloads SET downs = downs +1 WHERE id = " . $fid); if (file_exists($row['url'])) { header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($row['url']) . '"'); header('Content-Length: ' . filesize($row['url'])); readfile($row['url']); exit; } else { $url = iurlencode($row['url']); } $error = false; } header('Location: ' . $url); break; case 'upload':
function is_siteadmin($m = null) { if (has_right(-7)) { return true; } if (!is_null($m) and has_right(null, $m)) { return true; } return false; }
private function check_rights() { global $allgAr; $has_right = false; if ($this->type == 'contents') { $paths = array(); foreach ($this->get_string_ar() as $path) { $paths[] = '\'' . $path . '\''; } if ($this->get(0) == 'self') { foreach ($this->get_string_ar(true) as $path) { $paths[] = '\'' . $path . '\''; } } $qry = db_query('SELECT `recht`, `recht_type` FROM `prefix_menu` WHERE `was` IN (7,9) AND `path` IN (' . implode(',', $paths) . ') ORDER BY LENGTH(`path`), `recht_type`, `recht`'); $lastlength = 0; while ($row = db_fetch_assoc($qry)) { $pathlength = strlen($row['path']); if ($has_right or $lastlength != 0 and $lastlength != $pathlength) { break; } else { $lastlength = $pathlength; } switch ($row['recht_type']) { case 0: case 3: default: $has_right = has_right($row['recht'], '', true); break; case 1: $has_right = $row['recht'] == $_SESSION['authright']; break; case 2: $has_right = $row['recht'] <= $_SESSION['authright']; break; } } } elseif ($this->type == 'box') { $qry = db_query('SELECT `recht`, `recht_type` FROM `prefix_menu` WHERE `was` = 1 AND `path` = "' . $this->get(0) . '.php"'); while ($row = db_fetch_assoc($qry)) { $pathlength = strlen($row['path']); if ($has_right) { break; } switch ($row['recht_type']) { case 0: case 3: default: $has_right = has_right($row['recht'], '', true); break; case 1: $has_right = $row['recht'] == $_SESSION['authright']; break; case 2: $has_right = $row['recht'] <= $_SESSION['authright']; break; } } } return $this->type == 'admin' || $has_right || $allgAr['allg_menupoint_access'] == 1; }
function kalender_listoutput() { global $komsOK, $tpl, $eid, $data, $data_id, $gday, $month, $year, $days, $arr_day, $title_liste, $view, $allgAr; //Listbegin $tpl->set_ar_out(array('TITLE' => $eid ? $data_id[$eid]['title'] : $title_liste, 'TITLE_ALIGN' => $eid ? '' : ' align="center"'), "listbegin"); //Detail if ($eid) { $aus['display'] = 'style="display:none"'; $aus['DETAIL_DATE'] = date('d.m.Y', $data_id[$eid]['time']); $aus['DETAIL_TIME'] = date('H:i', $data_id[$eid]['time']); $aus['DETAIL_TEXT'] = BBcode($data_id[$eid]['text']); $aus['ID'] = $eid; $viewl = $allgAr['kalender_standard_list']; if (preg_match('%\\?kalender-v([0|1])%i', $_SERVER['HTTP_REFERER'], $match)) { $viewl = $match[1]; } $aus['BACK_LINK'] = 'index.php?kalender-v' . $viewl . '-m' . date('m', $data_id[$eid]['time']) . '-y' . date('Y', $data_id[$eid]['time']); if (!$komsOK) { $tpl->set_ar_out($aus, 'detail'); } else { if ((loggedin() or chk_antispam('kalender_komms')) and $komsOK and !empty($_POST['name']) and !empty($_POST['text'])) { if (loggedin()) { $name = $_SESSION['authname']; $userid = $_SESSION['authid']; } else { $name = escape($_POST['name'], 'string') . ' (Gast)'; $userid = 0; } $text = escape($_POST['text'], 'string'); db_query("INSERT INTO `prefix_koms` (`name`,`userid`,`text`,`time`,`uid`,`cat`) VALUES ('" . $name . "', " . $userid . ", '" . $text . "','" . time() . "', " . $eid . ", 'KALENDER')"); } if (loggedin()) { $aus['uname'] = $_SESSION['authname']; $aus['readonly'] = 'readonly'; } else { $aus['uname'] = ''; $aus['readonly'] = ''; } $aus['ANTISPAM'] = get_antispam('kalenderkom', 0); $aus['text'] = bbcode($aus['text']); $tpl->set_ar_out($aus, 'detail'); $tpl->set_ar_out($aus, 'commentstart'); $erg = db_query("SELECT `id`, `name`, `userid`, `text`, `time` FROM `prefix_koms` WHERE `uid` = " . $eid . " AND `cat` = 'KALENDER' ORDER BY `id` DESC"); $anz = db_num_rows($erg); if ($anz == 0) { echo 'Keine Kommentare vorhanden'; } else { while ($r1 = db_fetch_assoc($erg)) { if (has_right(-7, 'kalender')) { $del = ' <a href="index.php?kalender-v1-e' . $eid . '-d' . $r1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>'; } $r1['zahl'] = $anz; $r1['avatar'] = get_avatar($r1['userid']); $r1['time'] = post_date($r1['time'], 1) . $del; $r1['text'] = bbcode($r1['text']); $tpl->set_ar_out($r1, 'comments'); $anz--; } } } $tpl->out('commentend'); // Kommentare Ende } elseif ($view == 0) { for ($i = 0; $i < $days; $i++) { $date = mktime(0, 0, 0, $month, $i + 1, $year); $text = ''; if (isset($data[$date])) { foreach ($data[$date] as $eventinfo) { $text .= eventlink($tpl, $view, $eventinfo); // bbcode anwenden $eventinfo["text"] = BBCode($eventinfo["text"]); $tooltips .= $tpl->set_ar_get($eventinfo, "tooltip"); } } $aus['LIST_I'] = $i + 1; $aus['LIST_D'] = $arr_day[date('w', mktime(0, 0, 0, $month, $i + 1, $year))]; $aus['LIST_T'] = $text; $class = $i % 2 ? 'Cnorm' : 'Cmite'; $aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class; $tpl->set_ar_out($aus, 'listitem'); unset($aus); } showTooltips($tpl, $tooltips); } elseif ($view == 1) { // Nur ein Tag if (isset($data) && !empty($gday)) { $date = mktime(0, 0, 0, $month, $gday, $year); $i = 1; $tooltips = ''; if (isset($data[$date])) { foreach ($data[$date] as $eventinfo) { $text = ''; $text .= eventlink($tpl, $view, $eventinfo); $aus['LIST_I'] = $arr_day[date('w', $date)]; $aus['LIST_D'] = date('H:i', $eventinfo['time']); $aus['LIST_T'] = $text; $class = $i % 2 ? 'Cnorm' : 'Cmite'; $aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class; $tpl->set_ar_out($aus, 'listitem'); unset($aus); $i++; // bbcode anwenden $eventinfo["text"] = BBCode($eventinfo["text"]); $tooltips .= $tpl->set_ar_get($eventinfo, "tooltip"); } } showTooltips($tpl, $tooltips); // Ganze Liste } elseif (isset($data)) { $i = 1; foreach ($data as $date => $data1) { $text = ''; foreach ($data1 as $eventinfo) { $text .= eventlink($tpl, $view, $eventinfo); } $aus['LIST_I'] = date('d.m.Y', $date); $aus['LIST_D'] = $arr_day[date('w', $date)]; $aus['LIST_T'] = $text; $class = $i % 2 ? 'Cnorm' : 'Cmite'; $aus['LIST_CLASS'] = $i + 1 == date('j') && $month == date('n') && $year == date('Y') ? 'Cdark' : $class; $tpl->set_ar_out($aus, 'listitem'); unset($aus); $i++; // bbcode anwenden $eventinfo["text"] = BBCode($eventinfo["text"]); $tooltips .= $tpl->set_ar_get($eventinfo, "tooltip"); } showTooltips($tpl, $tooltips); } else { $aus['LIST_I'] = '-'; $aus['LIST_D'] = '-'; $aus['LIST_T'] = '-'; $aus['LIST_CLASS'] = 'Cnorm'; $tpl->set_ar_out($aus, 'listitem'); unset($aus); } } $tpl->out('listend'); }
//Unterkategorien $topcid = $aktForumRow['topcid']; $catsnr = 1; $aktForumRow['kat'] = array(); while ($topcid != 0) { $tmpsql = db_fetch_object(db_query("SELECT id,cid,name FROM `prefix_forumcats` WHERE id = " . $topcid)); $topcid = $tmpsql->cid; $aktForumRow['kat'][$catsnr] = array(); $aktForumRow['kat'][$catsnr]['id'] = $tmpsql->id; $aktForumRow['kat'][$catsnr]['name'] = $tmpsql->name; $catsnr++; } $aktForumRow['kat'][0]['id'] = $aktForumRow['cid']; $aktForumRow['kat'][0]['name'] = $aktForumRow['cat']; //Unterkategorien - Ende $forum_rights = array('start' => has_right($aktForumRow['start']), 'reply' => has_right(array($aktForumRow['reply'], $aktForumRow['start'])), 'view' => has_right(array($aktForumRow['view'], $aktForumRow['reply'], $aktForumRow['start'])), 'mods' => forum_user_is_mod($fid)); if ($forum_rights['view'] == false) { $forum_failure[] = $lang['forumidnotfound']; } } else { $forum_failure[] = $lang['forumidnotfound']; } } switch ($menu->get(1)) { default: $incdatei = 'show_forum.php'; break; case 'showtopics': $incdatei = 'show_topic.php'; break; case 'editforum':
<?php /** * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) * @copyright (C) 2000-2010 ilch.de * @version $Id$ */ defined('main') or die('no direct access'); // -----------------------------------------------------------| // Vote Sperre in Stunden $stunden = 24; $breite = 50; $diftime = time() - 60 * 60 * $stunden; if (has_right(-1)) { $woR = '>= "1"'; } else { $woR = '= "1"'; } $fraErg = db_query('SELECT * FROM `prefix_poll` WHERE `recht` ' . $woR . ' ORDER BY `poll_id` DESC LIMIT 1'); if (db_num_rows($fraErg) > 0) { $fraRow = db_fetch_object($fraErg); if ($fraRow->stat == 1) { $maxRow = db_fetch_object(db_query('SELECT MAX(`res`) as `res` FROM `prefix_poll_res` WHERE `poll_id` = "' . $fraRow->poll_id . '"')); $gesErg = db_query('SELECT SUM(`res`) as `res` FROM `prefix_poll_res` WHERE `poll_id` = "' . $fraRow->poll_id . '"'); $gesRow = db_fetch_object($gesErg); $max = $maxRow->res; $ges = $gesRow->res; $textAr = explode('#', $fraRow->text); if ($fraRow->recht == 2) { $inTextAr = $_SESSION['authid']; } elseif ($fraRow->recht == 1) {
protected function get_boxes($wo, $tpl) { global $lang, $allgAr, $menu; if (is_numeric($wo)) { $datei = 'menunr' . $wo; } elseif ($wo == 'l') { $datei = 'boxleft'; $wo = 1; } elseif ($wo == 'r') { $datei = 'boxright'; $wo = 2; } $retur = ''; $ex_ebene = 0; $ex_was = 1; $firstmep = false; $hovmenup = ''; $abf = "SELECT * FROM `prefix_menu` WHERE wo = " . $wo . " ORDER by pos"; $erg = db_query($abf); $menuar = $menupaths = array(); while ($r = db_fetch_assoc($erg)) { //Nur Menüpunkte für die Rechte bestehen anzeigen if (($r['recht_type'] == 0 or $r['recht_type'] == 3) and !has_right($r['recht'], '', true)) { continue; } elseif ($r['recht_type'] == 1 and $r['recht'] != $_SESSION['authright']) { continue; } elseif ($r['recht_type'] == 2 and $r['recht'] > $_SESSION['authright']) { continue; } $menuar[$r['pos']] = $r; $menupaths[$r['path']] = $r['pos']; } // Aktiven Punkt herausfinden foreach (array_reverse($menu->get_string_ar()) as $path) { $path = str_replace('self-', '', $path); if (isset($menupaths[$path])) { $act_pos = $menupaths[$path]; break; } } // //Punkte löschen, die nicht angezeigt werden sollen // //so dass Untermenüpunkte nur vom aktiven Menüpunkt angezeigt werden // $todel = array(); // //Punkte davor // for($i = $act_pos; $i > -1; $i--){ // if (isset($menuar[$i]) and $menuar[$i]['ebene'] == 0) { // $todel_before = $i; // break; // } // } // $todel_after = count($menuar); // for($i = $act_pos+1; $i < $todel_after; $i++){ // if (isset($menuar[$i]) and $menuar[$i]['ebene'] == 0) { // $todel_after = $i; // break; // } // } foreach ($menuar as $pos => $row) { // if ($row['ebene'] > 0 and ($pos < $todel_before or $pos > $todel_after)) { // continue; // } $subhauptx = $row['was']; $whileMenP = $subhauptx >= 7 ? true : false; if ($row['was'] >= 7 and $ex_was == 1 or $ex_ebene < $row['ebene'] - 1 or $ex_was <= 4 and $row['ebene'] != 0 or $row['was'] >= 7 and !$tpl->list_exists($hovmenup)) { continue; } // nur wenn ein menu in die variable $menuzw geschrieben wurde // wird in diese if abfrage gesprungen if ($whileMenP === false and !empty($menuzw)) { $menuzw .= $this->get_boxes_get_menu_close($ex_ebene, 0, $menuzw, $wmpE, $wmpTE, $wmpTEE); $retur .= $tpl->list_get($datei, array($boxname, $menuzw . $menuzwE)); $menuzw = ''; } if ($row['was'] == 1) { // die box wird direkt in die to return variable geschrieben $buffer = $this->get_boxcontent($row['path']); $retur .= $tpl->list_get($datei, array($row['name'], $buffer)); } elseif ($row['was'] >= 2 and $row['was'] <= 4) { // der name des menues wird gesetzt // und die variable wird gesetzt. $boxname = $row['name']; $menuzw = ''; $menuzwE = ''; $ex_ebene = 0; // ex ebene $hovmenu = ''; if ($row['was'] == 2 and $tpl->list_exists('hmenupoint')) { $hovmenu = 'hmenu'; } elseif ($row['was'] == 3 and $tpl->list_exists('vmenupoint')) { $hovmenu = 'vmenu'; } $firstmep = true; if (!empty($hovmenu)) { $menuzw .= $tpl->list_get($hovmenu . 'begi', array()); $menuzwE .= $tpl->list_get($hovmenu . 'ende', array()); } $hovmenup = $hovmenu . 'point'; } elseif ($whileMenP) { // menupunkt wird generiert $ebene = $row['ebene']; $menuTarget = $subhauptx == 8 ? '_blank' : '_self'; $act_pos = null; list($wmpA, $wmpE, $wmpTE, $wmpTEE) = explode('|', $tpl->list_get($hovmenup, array($menuTarget, ($subhauptx == 8 ? '' : 'index.php?') . $row['path'], $row['name'], $row['pos'] == $act_pos ? 'active' : 'inactive'))); if (!empty($menuzw) and $firstmep === false) { $menuzw .= $this->get_boxes_get_menu_close($ex_ebene, $ebene, $menuzw, $wmpE, $wmpTE, $wmpTEE); } $menuzw .= $wmpA; $firstmep = false; } $ex_was = $row['was']; $ex_ebene = $row['ebene']; } if (!empty($menuzw)) { $menuzw .= $this->get_boxes_get_menu_close($ex_ebene, 0, $menuzw, $wmpE, $wmpTE, $wmpTEE); $retur .= $tpl->list_get($datei, array($boxname, $menuzw . $menuzwE)); } return $retur; }
/** * Erzeugt HTML Code für ein Formularfeld, welches für einen Antibot-Schutz dienen oder vor CSFR Attacken schützen soll * Beschreibung zum NoPictureMode bitte der chk_antispam Funktion entnehmen * * @global array $allgAr * @param string $m Modulname * @param integer $t Type, der angibt wie das Formularfeld formatiert wird (0, 1 oder > 10 als Breite für das label) siehe Code :P * @param boolean $nopictures Erzwing NoPictureMode * @return string */ function get_antispam($m, $t, $nopictures = false) { global $allgAr, $ILCH_BODYEND_ADDITIONS; static $addedJavascript = false; if ($addedJavascript === false) { $ILCH_BODYEND_ADDITIONS .= '<script type="text/javascript" src="include/includes/js/captcha.js"></script>' . "\n"; $addedJavascript = true; } if (!$nopictures && $t < 0 || is_numeric($allgAr['antispam']) && has_right($allgAr['antispam'])) { $nopictures = true; } $id = uniqid($m . '_', true); if ($nopictures) { if (!isset($_SESSION['antispam']) || !is_array($_SESSION['antispam'])) { $_SESSION['antispam'] = array(); } $_SESSION['antispam'][$id] = true; return '<input type="hidden" name="antispam_id" value="' . $id . '" />'; } include 'include/includes/captcha/settings.php'; $helpText = 'Geben Sie diese Zeichen in das direkt daneben stehende Feld ein.'; $seperator = ' '; if ($t == 0) { $seperator = '<br />'; $helpText = 'Geben Sie diese Zeichen in das direkt darunter stehende Feld ein.'; } $img = '<img width="' . $imagewidth . '" height="' . $imageheight . '" src="include/includes/captcha/captchaimg.php?id=' . $id . '&nocache=' . time() . '" alt="captchaimg" title="' . $helpText . '" class="captchaImage">' . $seperator . '<input class="captcha_code" name="captcha_code" type="text" maxlength="5" size="8" title="Geben Sie die Zeichen aus dem Bild ein">' . '<input type="hidden" name="captcha_id" value="' . $id . '" />'; if ($t == 1) { $img = '<tr><td class="Cmite"><b>Antispam</b></td><td class="Cnorm">' . $img . '</td></tr>'; } elseif ($t > 10) { $img = '<label style="float:left; width: ' . $t . 'px; ">Antispam</label>' . $img . '<br/>'; } return $img; }
function get_url($w = 'contents') { global $allgAr; # startwert und pfad zum pruefen raustuefteln. if ($w == 'contents') { $pfad = 'include/contents'; $smod = $allgAr['smodul']; } else { $pfad = 'include/admin'; $smod = 'admin'; } # wennes also leer is wird das startmodul genommen if (empty($this->menu_ar[0])) { $this->set_url(0, $smod); } # diverse sachen geprueft zum zurueck geben, # is halt so dings wegen selfpages usw... if (!file_exists($pfad . '/' . $this->get(0) . '.php') and file_exists($pfad . '/selfbp/selfp/' . $this->get(0) . '.php')) { $this->set_url(1, $this->get(0)); $this->set_url(0, 'self'); } elseif (!file_exists($pfad . '/' . $this->get(0) . '.php')) { if (substr($smod, 0, 5) == 'self-') { $this->set_url(1, substr($smod, 5)); $this->set_url(0, 'self'); } elseif (file_exists($pfad . '/selfbp/selfp/' . $smod . '.php')) { $this->set_url(1, $smod); $this->set_url(0, 'self'); } else { $this->set_url(0, $smod); } } # pruefen ob der client die noetigen rechte hat # das modul zu sehen.. bzw. den menupunkt zu sehen $exit = false; if ($w == 'contents') { $where = "(path = '" . $this->get(0) . "' OR path = '" . $this->get(0) . "-" . $this->get(1) . "')"; if ($this->get(0) == 'self') { $where = "(path = '" . $this->get(0) . "-" . $this->get(1) . "' OR path = '" . $this->get(1) . "')"; } $r = @db_result(@db_query("SELECT recht FROM prefix_menu WHERE " . $where . " ORDER BY LENGTH(path) DESC"), 0); if ($r != '' and !has_right($r) or $r == '' and $allgAr['allg_menupoint_access'] == 0) { $exit = true; } } # das usermodul kann aus eigener sicherheit nicht # gesperrt werden, sonst koennen sich member # usw. nicht mehr einloggen, bzw. es kann # sich sonst keiner registrieren. deshalb is das # user modul immer frei geschaltet $alwaysallowed = array('regist', 'login', '1', '2', 'confirm', 'remind', '13', '3', 'logout'); if ($exit === true and $this->get(0) == 'user' and in_array($this->get(1), $alwaysallowed)) { $exit = false; debug('o'); } if ($exit) { $title = $allgAr['title'] . ' :: Keine Berechtigung'; $hmenu = 'Keine Berechtigung'; $design = new design($title, $hmenu); $design->header(); if (loggedin()) { echo 'Du hast leider nicht die nötigen Rechte... :-S'; } else { $tpl = new tpl('user/login'); $tpl->set_out('WDLINK', 'index.php', 0); } $design->footer(); exit; } return $this->get(0) . '.php'; }
$kategorie = news_find_kat($row->news_kat); $textToShow = bbcode($row->news_text); $textToShow = str_replace('[PREVIEWENDE]', '', $textToShow); if (!empty($such)) { $textToShow = markword($textToShow, $such); } $tpl = new tpl('news.htm'); $ar = array('TEXT' => $textToShow, 'KATE' => $kategorie, 'NID' => $nid, 'uname' => $_SESSION['authname'], 'ANTISPAM' => loggedin() ? '' : get_antispam('newskom', 0), 'NAME' => $row->news_title); $tpl->set_ar_out($ar, 2); if ($komsOK) { $tpl->set_ar_out(array('NAME' => $row->news_title, 'NID' => $nid), 3); } $erg1 = db_query("SELECT text, name, id FROM `prefix_koms` WHERE uid = " . $nid . " AND cat = 'NEWS' ORDER BY id DESC"); $ergAnz1 = db_num_rows($erg1); if ($ergAnz1 == 0) { echo '<b>' . $lang['nocomments'] . '</b>'; } else { $zahl = $ergAnz1; while ($row1 = db_fetch_assoc($erg1)) { $row1['text'] = bbcode(trim($row1['text'])); if (has_right(-7, 'news')) { $row1['text'] .= '<a href="?news-' . $nid . '-d' . $row1['id'] . '"><img src="include/images/icons/del.gif" alt="löschen" border="0" title="löschen" /></a>'; } $tpl->set_ar_out(array('NAME' => $row1['name'], 'TEXT' => $row1['text'], 'ZAHL' => $zahl), 4); $zahl--; } } } $tpl->out(5); } $design->footer();
function get_antispam($m, $t, $nopictures = false) { global $allgAr; if ($nopictures) { $id = uniqid($m, true); $_SESSION['antispam'][$id] = true; return '<input type="hidden" name="antispam_id" value="' . $id . '" />'; } if (is_numeric($allgAr['antispam']) and has_right($allgAr['antispam'])) { return ''; } $rs = '<img class="Custom" src="include/includes/libs/captcha/captchaimg.php" alt="captchaimg" title="::Geben Sie diese Zeichen in das direkt darunter stehende Feld ein."> <input id="number" name="number" type="text" maxlength="5" size="8">'; if ($t == 0) { return '<img class="Custom" src="include/includes/libs/captcha/captchaimg.php" alt="captchaimg" title="::Geben Sie diese Zeichen in das direkt darunter stehende Feld ein."><br/><input name="number" type="text" maxlength="5" size="8">'; } elseif ($t == 1) { return '<tr><td class="Cmite"><b>Antispam</b></td><td class="Cnorm">' . $rs . '</td></tr>'; } elseif ($t > 10) { return '<label style="float:left; width: ' . $t . 'px; ">Antispam</label>' . $rs . '<br/>'; } else { return ''; } }
} else { ?> <span style="cursor:pointer" class="set_up" name="<?php echo $record[$i]->id; ?> " title="置顶"><img src="/images/admin/btn_unup.png" border="0"></span> <?php } } ?> <a title="静态页面" href="<?php echo $static_site . static_news_url($record[$i]); ?> " target="_blank"><img src="/images/admin/btn_static.png" border="0"></a> <?php if (has_right('comment_news')) { ?> <a href="/admin/comment/comment.php?id=<?php echo $record[$i]->id; ?> &type=news" title="评论"><img src="/images/admin/btn_comment.png" border="0"></a> <?php } ?> <input type="hidden" class="priority" name="<?php echo $record[$i]->id; ?> " value="<?php if ('100' != $record[$i]->priority) { echo $record[$i]->priority; }
<?php // Copyright by Manuel // Support www.ilch.de defined('main') or die('no direct access'); if (loggedin()) { $shoutbox_VALUE_name = $_SESSION['authname']; } else { $shoutbox_VALUE_name = 'Nickname'; } if (has_right($allgAr['sb_recht'])) { if (!empty($_POST['shoutbox_submit']) and chk_antispam('shoutbox')) { $shoutbox_nickname = escape($_POST['shoutbox_nickname'], 'string'); $shoutbox_nickname = substr($shoutbox_nickname, 0, 15); $shoutbox_textarea = escape($_POST['shoutbox_textarea'], 'textarea'); $shoutbox_textarea = preg_replace("/\\[.?(url|b|i|u|img|code|quote)[^\\]]*?\\]/i", "", $shoutbox_textarea); $shoutbox_textarea = strip_tags($shoutbox_textarea); if (!empty($shoutbox_nickname) and !empty($shoutbox_textarea)) { db_query('INSERT INTO `prefix_shoutbox` (`nickname`,`textarea`) VALUES ( "' . $shoutbox_nickname . '" , "' . $shoutbox_textarea . '" ) '); header('Location: index.php?' . $menu->get_complete()); } } echo '<form action="index.php?' . $menu->get_complete() . '" method="POST">'; echo '<input type="text" size="15" name="shoutbox_nickname" value="' . $shoutbox_VALUE_name . '" onFocus="if (value == \'' . $shoutbox_VALUE_name . '\') {value = \'\'}" onBlur="if (value == \'\') {value = \'' . $shoutbox_VALUE_name . '\'}" maxlength="15">'; echo '<br /><textarea style="width: 80%" cols="15" rows="2" name="shoutbox_textarea"></textarea><br />'; $antispam = get_antispam('shoutbox', 0); echo $antispam; if (!empty($antispam)) { echo '<br />'; } echo '<input type="submit" value="' . $lang['formsub'] . '" name="shoutbox_submit">';