function do_delete_reward_item(&$sqlm) { global $action_permission, $mmfpm_db; valid_login($action_permission['delete']); $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (empty($_GET['item'])) { redirect('rewards.php?error=1'); } $items = $sqlm->quote_smart($_GET['item']); if (is_numeric($items)) { } else { redirect('rewards.php?error=1'); } $sqlm->query('DELETE FROM mm_reward_item WHERE item = ' . $items . ''); unset($items); if ($sqlm->affected_rows()) { redirect('rewards.php?action=show_reward_item'); } else { redirect('rewards.php?error=2'); } }
function del_arenateam($guid, $realm) { global $characters_db, $tab_del_arena; $sqlc = new SQL(); $sqlc->connect($characters_db[$realm]['addr'], $characters_db[$realm]['user'], $characters_db[$realm]['pass'], $characters_db[$realm]['name']); foreach ($tab_del_arena as $value) { $sqlr->query('DELETE FROM ' . $value[0] . ' WHERE ' . $value[1] . ' = ' . $guid . ''); } if ($sqlc->affected_rows()) { return true; } else { return false; } }
function doedit_user() { global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission; valid_login($action_permission['update']); if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $id = $sqlr->quote_smart($_POST['id']); $username = $sqlr->quote_smart($_POST['username']); $banreason = $sqlr->quote_smart($_POST['banreason']); $pass = $sqlr->quote_smart($_POST['pass']); $user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : ""; $mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : ""; $failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0; $gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0; $expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1; $banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0; $locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0; $referredby = $sqlr->quote_smart(trim($_POST['referredby'])); //make sure username/pass at least 4 chars long and less than max if (strlen($username) < 4 || strlen($username) > 15) { redirect("user.php?action=edit_user&id={$id}&error=8"); } if ($gmlevel >= $user_lvl) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16"); } require_once "libs/valid_lib.php"; if (!valid_alphabetic($username)) { redirect("user.php?action=edit_user&error=9&id={$id}"); } //restricting accsess to lower gmlvl $result = $sqlr->query("SELECT gmlevel,username FROM account WHERE id = '{$id}'"); if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) { redirect("user.php?error=14"); } if (!$banned) { $sqlr->query("DELETE FROM account_banned WHERE id='{$id}'"); } else { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'"); if (!$sqlr->result($result, 0)) { $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)"); } } $sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'"); $sqlr->query("UPDATE account SET gmlevel='{$gmlevel}' WHERE id='{$id}'"); if (doupdate_referral($referredby, $id) || $sqlr->affected_rows()) { redirect("user.php?action=edit_user&error=13&id={$id}"); } else { redirect("user.php?action=edit_user&error=12&id={$id}"); } }
function do_add_entry() { global $realm_db, $user_name, $output, $action_permission, $user_lvl; valid_login($action_permission['insert']); if (empty($_GET['ban_type']) || empty($_GET['entry']) || empty($_GET['bantime'])) { redirect("banned.php?error=1&action=add_entry"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $ban_type = $sqlr->quote_smart($_GET['ban_type']); $entry = $sqlr->quote_smart($_GET['entry']); if ($ban_type == "account_banned") { $result1 = $sqlr->query("SELECT id FROM account WHERE username ='******'"); if (!$sqlr->num_rows($result1)) { redirect("banned.php?error=4&action=add_entry"); } else { $entry = $sqlr->result($result1, 0, 'id'); } } $bantime = time() + 3600 * $sqlr->quote_smart($_GET['bantime']); $banreason = isset($_GET['banreason']) && $_GET['banreason'] != '' ? $sqlr->quote_smart($_GET['banreason']) : "none"; if ($ban_type === "account_banned") { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$entry}'"); if (!$sqlr->result($result, 0)) { $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}', 1)"); } } else { $sqlr->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}')"); } if ($sqlr->affected_rows()) { redirect("banned.php?error=3&ban_type={$ban_type}"); } else { redirect("banned.php?error=2&ban_type={$ban_type}"); } }
function do_edit_ticket() { global $characters_db, $realm_id, $action_permission; valid_login($action_permission['update']); if (empty($_POST['new_text']) || empty($_POST['id'])) { redirect("ticket.php?error=1"); } $sqlc = new SQL(); $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $new_text = $sqlc->quote_smart($_POST['new_text']); $id = $sqlc->quote_smart($_POST['id']); if (is_numeric($id)) { } else { redirect("ticket.php?error=1"); } $query = $sqlc->query("UPDATE gm_tickets SET message='{$new_text}' WHERE guid = '{$id}'"); if ($sqlc->affected_rows()) { redirect("ticket.php?error=5"); } else { redirect("ticket.php?error=6"); } }
function do_add_tele() { global $world_db, $realm_id, $action_permission; valid_login($action_permission['insert']); if (!isset($_GET['name']) || !isset($_GET['map']) || !isset($_GET['x']) || !isset($_GET['y']) || !isset($_GET['z']) || !isset($_GET['orientation'])) { redirect("tele.php?error=1"); } $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $name = $sqlw->quote_smart($_GET['name']); $map = $sqlw->quote_smart($_GET['map']); $x = $sqlw->quote_smart($_GET['x']); $y = $sqlw->quote_smart($_GET['y']); $z = $sqlw->quote_smart($_GET['z']); $orientation = $sqlw->quote_smart($_GET['orientation']); $sqlw->query("INSERT INTO game_tele VALUES (NULL,'{$x}','{$y}', '{$z}' ,'{$orientation}' ,'{$map}' ,'{$name}')"); if ($sqlw->affected_rows()) { redirect("tele.php?error=3"); } else { redirect("tele.php?error=5"); } }
function doedit_user() { global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission; valid_login($action_permission['update']); if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $id = $sqlr->quote_smart($_POST['id']); $username = $sqlr->quote_smart($_POST['username']); $banreason = $sqlr->quote_smart($_POST['banreason']); $pass = $sqlr->quote_smart($_POST['pass']); $user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : ""; $mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : ""; $failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0; $gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0; $expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1; $banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0; $locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0; $referredby = $sqlr->quote_smart(trim($_POST['referredby'])); //make sure username/pass at least 4 chars long and less than max if (strlen($username) < 4 || strlen($username) > 15) { redirect("user.php?action=edit_user&id={$id}&error=8"); } if ($gmlevel >= $user_lvl) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16"); } if (!valid_alphabetic($username)) { redirect("user.php?action=edit_user&error=9&id={$id}"); } //restricting accsess to lower gmlvl $result = $sqlr->query("SELECT account.username, IFNULL(account_access.gmlevel,0) as gmlevel FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account.id = '{$id}'"); if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) { redirect("user.php?error=14"); } $accgmlevel = $sqlr->result($result, 0, 'gmlevel'); if (!$banned) { $sqlr->query("DELETE FROM account_banned WHERE id='{$id}'"); } else { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'"); if (!$sqlr->result($result, 0)) { $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)"); } } $error = false; $sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'"); if (!$sqlr->affected_rows()) { $error = true; } if ($gmlevel != $accgmlevel) { if ($gmlevel == 0 && $accgmlevel > 0) { $sqlr->query("DELETE FROM account_access WHERE id='{$id}'"); } elseif ($gmlevel > 0 && $accgmlevel == 0) { //0 has no entry in account_access, add one; sometimes there's a bug so there's indeed a gmlevel 0 entry in the table -> replace $sqlr->query("REPLACE INTO account_access (`id`,`gmlevel`,`RealmID`) VALUES ('{$id}','{$gmlevel}','-1')"); } else { $sqlr->query("UPDATE account_access SET gmlevel='{$gmlevel}' WHERE id='{$id}'"); } $sqlr->query("SELECT IFNULL((SELECT gmlevel FROM account_access WHERE id='{$id}'),0)"); if (!$sqlr->affected_rows() || $sqlr->result($result, 0) != $accgmlevel) { //temporary errorhandling $error = true; } } if (doupdate_referral($referredby, $id) || $error) { redirect("user.php?action=edit_user&error=13&id={$id}"); } else { redirect("user.php?action=edit_user&error=12&id={$id}"); } }
function del_spell() { global $world_db, $realm_id, $action_permission; valid_login($action_permission['delete']); if (isset($_GET['check'])) { } else { redirect("spelld.php?error=1"); } $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $check = $sqlw->quote_smart($_GET['check']); $n_check = count($check); for ($i = 0; $i < $n_check; ++$i) { if ($check[$i] == '') { } else { $sqlw->query('DELETE FROM spell_disabled WHERE entry = ' . $check[$i] . ''); } } unset($n_check); unset($check); if ($sqlw->affected_rows()) { redirect('spelld.php?error=4'); } else { redirect('spelld.php?error=5'); } }