function do_delete_reward_item(&$sqlm)
{
global $action_permission, $mmfpm_db;
valid_login($action_permission['delete']);
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
if (empty($_GET['item'])) {
redirect('rewards.php?error=1');
}
$items = $sqlm->quote_smart($_GET['item']);
if (is_numeric($items)) {
} else {
redirect('rewards.php?error=1');
}
$sqlm->query('DELETE FROM mm_reward_item WHERE item = ' . $items . '');
unset($items);
if ($sqlm->affected_rows()) {
redirect('rewards.php?action=show_reward_item');
} else {
redirect('rewards.php?error=2');
}
}
function del_arenateam($guid, $realm)
{
global $characters_db, $tab_del_arena;
$sqlc = new SQL();
$sqlc->connect($characters_db[$realm]['addr'], $characters_db[$realm]['user'], $characters_db[$realm]['pass'], $characters_db[$realm]['name']);
foreach ($tab_del_arena as $value) {
$sqlr->query('DELETE
FROM ' . $value[0] . '
WHERE ' . $value[1] . ' = ' . $guid . '');
}
if ($sqlc->affected_rows()) {
return true;
} else {
return false;
}
}
function doedit_user()
{
global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission;
valid_login($action_permission['update']);
if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) {
redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$id = $sqlr->quote_smart($_POST['id']);
$username = $sqlr->quote_smart($_POST['username']);
$banreason = $sqlr->quote_smart($_POST['banreason']);
$pass = $sqlr->quote_smart($_POST['pass']);
$user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : "";
$mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : "";
$failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0;
$gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0;
$expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1;
$banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0;
$locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0;
$referredby = $sqlr->quote_smart(trim($_POST['referredby']));
//make sure username/pass at least 4 chars long and less than max
if (strlen($username) < 4 || strlen($username) > 15) {
redirect("user.php?action=edit_user&id={$id}&error=8");
}
if ($gmlevel >= $user_lvl) {
redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16");
}
require_once "libs/valid_lib.php";
if (!valid_alphabetic($username)) {
redirect("user.php?action=edit_user&error=9&id={$id}");
}
//restricting accsess to lower gmlvl
$result = $sqlr->query("SELECT gmlevel,username FROM account WHERE id = '{$id}'");
if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) {
redirect("user.php?error=14");
}
if (!$banned) {
$sqlr->query("DELETE FROM account_banned WHERE id='{$id}'");
} else {
$result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'");
if (!$sqlr->result($result, 0)) {
$sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)");
}
}
$sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'");
$sqlr->query("UPDATE account SET gmlevel='{$gmlevel}' WHERE id='{$id}'");
if (doupdate_referral($referredby, $id) || $sqlr->affected_rows()) {
redirect("user.php?action=edit_user&error=13&id={$id}");
} else {
redirect("user.php?action=edit_user&error=12&id={$id}");
}
}
function do_add_entry()
{
global $realm_db, $user_name, $output, $action_permission, $user_lvl;
valid_login($action_permission['insert']);
if (empty($_GET['ban_type']) || empty($_GET['entry']) || empty($_GET['bantime'])) {
redirect("banned.php?error=1&action=add_entry");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$ban_type = $sqlr->quote_smart($_GET['ban_type']);
$entry = $sqlr->quote_smart($_GET['entry']);
if ($ban_type == "account_banned") {
$result1 = $sqlr->query("SELECT id FROM account WHERE username ='******'");
if (!$sqlr->num_rows($result1)) {
redirect("banned.php?error=4&action=add_entry");
} else {
$entry = $sqlr->result($result1, 0, 'id');
}
}
$bantime = time() + 3600 * $sqlr->quote_smart($_GET['bantime']);
$banreason = isset($_GET['banreason']) && $_GET['banreason'] != '' ? $sqlr->quote_smart($_GET['banreason']) : "none";
if ($ban_type === "account_banned") {
$result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$entry}'");
if (!$sqlr->result($result, 0)) {
$sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}', 1)");
}
} else {
$sqlr->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}')");
}
if ($sqlr->affected_rows()) {
redirect("banned.php?error=3&ban_type={$ban_type}");
} else {
redirect("banned.php?error=2&ban_type={$ban_type}");
}
}
function do_edit_ticket()
{
global $characters_db, $realm_id, $action_permission;
valid_login($action_permission['update']);
if (empty($_POST['new_text']) || empty($_POST['id'])) {
redirect("ticket.php?error=1");
}
$sqlc = new SQL();
$sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$new_text = $sqlc->quote_smart($_POST['new_text']);
$id = $sqlc->quote_smart($_POST['id']);
if (is_numeric($id)) {
} else {
redirect("ticket.php?error=1");
}
$query = $sqlc->query("UPDATE gm_tickets SET message='{$new_text}' WHERE guid = '{$id}'");
if ($sqlc->affected_rows()) {
redirect("ticket.php?error=5");
} else {
redirect("ticket.php?error=6");
}
}
function do_add_tele()
{
global $world_db, $realm_id, $action_permission;
valid_login($action_permission['insert']);
if (!isset($_GET['name']) || !isset($_GET['map']) || !isset($_GET['x']) || !isset($_GET['y']) || !isset($_GET['z']) || !isset($_GET['orientation'])) {
redirect("tele.php?error=1");
}
$sqlw = new SQL();
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$name = $sqlw->quote_smart($_GET['name']);
$map = $sqlw->quote_smart($_GET['map']);
$x = $sqlw->quote_smart($_GET['x']);
$y = $sqlw->quote_smart($_GET['y']);
$z = $sqlw->quote_smart($_GET['z']);
$orientation = $sqlw->quote_smart($_GET['orientation']);
$sqlw->query("INSERT INTO game_tele VALUES (NULL,'{$x}','{$y}', '{$z}' ,'{$orientation}' ,'{$map}' ,'{$name}')");
if ($sqlw->affected_rows()) {
redirect("tele.php?error=3");
} else {
redirect("tele.php?error=5");
}
}
function doedit_user()
{
global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission;
valid_login($action_permission['update']);
if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) {
redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$id = $sqlr->quote_smart($_POST['id']);
$username = $sqlr->quote_smart($_POST['username']);
$banreason = $sqlr->quote_smart($_POST['banreason']);
$pass = $sqlr->quote_smart($_POST['pass']);
$user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : "";
$mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : "";
$failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0;
$gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0;
$expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1;
$banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0;
$locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0;
$referredby = $sqlr->quote_smart(trim($_POST['referredby']));
//make sure username/pass at least 4 chars long and less than max
if (strlen($username) < 4 || strlen($username) > 15) {
redirect("user.php?action=edit_user&id={$id}&error=8");
}
if ($gmlevel >= $user_lvl) {
redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16");
}
if (!valid_alphabetic($username)) {
redirect("user.php?action=edit_user&error=9&id={$id}");
}
//restricting accsess to lower gmlvl
$result = $sqlr->query("SELECT account.username, IFNULL(account_access.gmlevel,0) as gmlevel FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account.id = '{$id}'");
if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) {
redirect("user.php?error=14");
}
$accgmlevel = $sqlr->result($result, 0, 'gmlevel');
if (!$banned) {
$sqlr->query("DELETE FROM account_banned WHERE id='{$id}'");
} else {
$result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'");
if (!$sqlr->result($result, 0)) {
$sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)");
}
}
$error = false;
$sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'");
if (!$sqlr->affected_rows()) {
$error = true;
}
if ($gmlevel != $accgmlevel) {
if ($gmlevel == 0 && $accgmlevel > 0) {
$sqlr->query("DELETE FROM account_access WHERE id='{$id}'");
} elseif ($gmlevel > 0 && $accgmlevel == 0) {
//0 has no entry in account_access, add one; sometimes there's a bug so there's indeed a gmlevel 0 entry in the table -> replace
$sqlr->query("REPLACE INTO account_access (`id`,`gmlevel`,`RealmID`) VALUES ('{$id}','{$gmlevel}','-1')");
} else {
$sqlr->query("UPDATE account_access SET gmlevel='{$gmlevel}' WHERE id='{$id}'");
}
$sqlr->query("SELECT IFNULL((SELECT gmlevel FROM account_access WHERE id='{$id}'),0)");
if (!$sqlr->affected_rows() || $sqlr->result($result, 0) != $accgmlevel) {
//temporary errorhandling
$error = true;
}
}
if (doupdate_referral($referredby, $id) || $error) {
redirect("user.php?action=edit_user&error=13&id={$id}");
} else {
redirect("user.php?action=edit_user&error=12&id={$id}");
}
}
function del_spell()
{
global $world_db, $realm_id, $action_permission;
valid_login($action_permission['delete']);
if (isset($_GET['check'])) {
} else {
redirect("spelld.php?error=1");
}
$sqlw = new SQL();
$sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']);
$check = $sqlw->quote_smart($_GET['check']);
$n_check = count($check);
for ($i = 0; $i < $n_check; ++$i) {
if ($check[$i] == '') {
} else {
$sqlw->query('DELETE FROM spell_disabled WHERE entry = ' . $check[$i] . '');
}
}
unset($n_check);
unset($check);
if ($sqlw->affected_rows()) {
redirect('spelld.php?error=4');
} else {
redirect('spelld.php?error=5');
}
}
