function login($login)
{
require "config.php";
if (isset($_SESSION['auth']) && isset($_SESSION['username']) && isset($_SESSION['id'])) {
$username = Securite::bdd($_SESSION['username']);
$membre_id = Securite::bdd($_SESSION['id']);
} else {
$_SESSION['username'] = "******";
$_SESSION['auth'] = "no";
$_SESSION['gmlevel'] = "-1";
$_SESSION['id'] = "0";
$_SESSION['lang'] = $language;
$username = "******";
$auth = "no";
$membre_id = "0";
}
}
} else {
$days2 = '';
}
$hours2 = floor(($max_uptime - $day2 * 86400) / 3600);
if ($hours2 < 10) {
$hours2 = '0' . $hours2;
}
$min2 = floor(($max_uptime - ($hours2 * 3600 + $day2 * 86400)) / 60);
if ($min2 < 10) {
$min2 = "0" . $min2;
}
$sec2 = $max_uptime - $day2 * 86400 - $hours2 * 3600 - $min2 * 60;
if ($sec2 < 10) {
$sec2 = "0" . $sec2;
}
echo "<p class=\"title\">{$lang_stat['welcome_admin']} " . Securite::bdd($_SESSION['username']) . "</p><br />";
echo "<p class=\"title\">{$lang_stat['chiffre']} :</p><br />";
setlocale(LC_TIME, "fr");
echo "{$lang_stat['server_time']} : <b>" . strftime('%H:%M:%S %d-%B-%Y') . '</b><br />';
echo "{$lang_stat['server_online']} : <b>" . $days . $hours . ' h ' . $min . ' m</b><br />';
echo "{$lang_stat['max_uptime']} : <b>" . $days2 . $hours2 . ' h ' . $min2 . ' m</b><br />';
echo "{$lang_stat['max_player_online']} : <b>{$maxplayers}</b><br />";
echo "<br />";
echo $lang_stat['total_player_online'];
echo "{$lang_stat['nombre_royaume']} : <b>{$royaume}</b><br /><br />";
while ($donnees8 = mysql_fetch_array($reponse8, MYSQL_ASSOC)) {
mysql_connect($characters[$donnees8['id']]['host'], $characters[$donnees8['id']]['user'], $characters[$donnees8['id']]['password']) or die(mysql_error());
mysql_select_db($characters[$donnees8['id']]['db']) or die(mysql_error());
$reponse11 = mysql_query("SELECT COUNT(*) AS nombre FROM characters WHERE online= 1") or die(mysql_error());
$donnees11 = mysql_fetch_array($reponse11);
$online = $donnees11['nombre'];
echo "<p>Vous avez déjà signaler ce bug !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
} else {
echo "<p>Erreur de lien !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
} else {
echo "<p>Vous devez étre membre du site pour accèder à cette partie !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
break;
case "compteur_v":
verify_xsrf_token();
$id = Securite::bdd($_POST['id']);
$membre_id = Securite::bdd($_POST['membre']);
if (!empty($id)) {
mysql_query("UPDATE bugreport SET nb_signaler = nb_signaler + 1 WHERE id_bug = {$id}") or die(mysql_error());
mysql_query("INSERT INTO bug_signalant (id_bug, membre_id) VALUES ('{$id}','{$membre_id}')") or die("Erreur");
echo "ok";
} else {
echo "<p>Erreur de lien !</p>";
echo "<a href='index.php'>Retour</a>";
}
break;
default:
$sql = "SELECT * FROM bugreport ORDER BY id_bug DESC";
$resultat = mysql_query($sql) or die(mysql_error());
echo "\n\t\t\t<p class=\"title\">Liste de bugs connus</p>\t\n\t\t\t<br />";
echo "\n\t\t\t<form action=\"index.php?module=bugs&action=resultat\" method=\"POST\">Rechercher \n\t\t\t\t<select name=\"by\">\n\t\t\t\t\t<option value=\"id\">par ID</option>\n\t\t\t\t\t<option selected value=\"type_bug\">par Type</option>\n\t\t\t\t\t<option value=\"auteur_bug\">par Auteur</option>\n\t\t\t\t\t<option value=\"date_bug\">par date du bug</option>\n\t\t\t\t\t<option value=\"description_bug\">par description</option>\n\t\t\t\t\t<option value=\"reponse_bug\">par réponse</option>\n\t\t\t\t\t<option value=\"statut_bug\">par statut</option>\n\t\t\t\t\t<option value=\"mg_bug\">par MJ</option>\n\t\t\t\t</select>\n\t\t\t\t<input type=\"text\" name=\"perso\"><input type=\"submit\" value=\"Rechercher\">\n\t\t\t</form><br />";
echo "\n\t\t\t\t<table class=\"lined\" width=\"99%\" style='border-collapse: collapse'; align='center' width='90%' border='1' cellspacing='1' cellpadding='1'>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<th width=\"30\">id</th>\n\t\t\t\t\t\t<th width=\"80\">type</th>\n\t\t\t\t\t\t<th width=\"80\">Auteur</th>\n\t\t\t\t\t\t<th>Description</th>\n\t\t\t\t\t\t<th width=\"50\">Réponse</th>\n\t\t\t\t\t\t<th width=\"100\">Statut</th>\n\t\t\t\t\t\t<th width=\"80\">MJ</th>\n\t\t\t\t\t\t<th width=\"80\">Date du bug</th>\n\t\t\t\t\t\t<th width=\"80\">Déjà signaler</th>\n\t\t\t\t\t</tr>";
<?php
if (isset($_POST['titreC'])) {
$emprunt_media = isset($_POST['empruntC']) ? true : false;
try {
$img = $_FILES["img"];
move_uploaded_file($img['tmp_name'], 'Ressources/images/tmp' . $img['name']);
require 'Classes/Img.php';
IMG::creerMin('Ressources/images/tmp' . $img['name'], "Ressources/images/miniatures", $img['name'], 260, 180);
IMG::creerMin('Ressources/images/tmp' . $img['name'], "Ressources/images", $img['name'], 800, 600);
unlink('Ressources/images/tmp' . $img['name']);
if (substr($img['name'], -3) == 'png') {
$img['name'] = str_replace('png', 'jpg', $img['name']);
}
echo substr($img['name'], 0, -3);
$reqUpdateMediaPure = $bdd->prepare('UPDATE medias SET titre_media=:titre_media, isbn_media=:isbn_media, resume_media=:resume_media, nom_image=:nom_image, empruntable_media=:empruntable_media WHERE id_media = :ID_media;');
$reqUpdateMediaPure->execute(array('titre_media' => Securite::bdd($_POST['titreC']), 'isbn_media' => Securite::bdd($_POST['isbnC']), 'resume_media' => Securite::bdd($_POST['resumeMediaC']), 'nom_image' => $img['name'], 'empruntable_media' => Securite::bdd($emprunt_media), 'ID_media' => Securite::bdd($_POST['IDC'])));
header("Location: ?admin=media&message=1");
} catch (exception $e) {
$page['erreur'] = 'Problème !';
}
}
if (isset($_POST['titre'])) {
$titre_media = $_POST["titre"];
$reqRecupIDMedia = $bdd->prepare('SELECT id_media FROM medias WHERE titre_media= :media');
$reqRecupIDMedia->execute(array('media' => $titre_media));
$donnees = $reqRecupIDMedia->fetch(PDO::FETCH_ASSOC);
$IDMedia = $donnees['id_media'];
// Contient l'ID
if ($IDMedia != '') {
$reqRecupDelMedia = $bdd->prepare('SELECT * FROM medias WHERE titre_media= :media');
$reqRecupDelMedia->execute(array('media' => $titre_media)) or die(print_r($reqRecupDelMedia->errorInfo()));
$requete1 = mysql_query('SELECT account_name, pseudo, membre_avatar,
membre_email, membre_msn, membre_signature, membre_siteweb, membre_post,
membre_inscrit, membre_localisation, cacher_email
FROM membres WHERE id=' . $membre . '');
if ($data1 = mysql_fetch_assoc($requete1)) {
//On affiche les infos sur le membre
echo '<p class="title">Mon Profil</p><br />';
echo '<p><img src="images/avatars/' . $data1['membre_avatar'] . '" alt="Aucun avatar" /></p>';
echo "<table>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Adresse E-Mail: </strong></td>\n\t\t\t\t\t\t\t<td>";
if ($data1['cacher_email'] == 1) {
echo "Email masqué";
} else {
echo "<a href=\"mailto:" . Securite::bdd($data1['membre_email']) . "\">" . Securite::bdd($data1['membre_email']) . "</a></td>";
}
echo "</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Windows Live Messenger: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::bdd($data1['membre_msn']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Site Web: </strong></td>\n\t\t\t\t\t\t\t<td><a href=\"" . Securite::bdd($data1['membre_siteweb']) . "\">" . Securite::bdd($data1['membre_siteweb']) . "</a></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Inscrit depuis le: </strong></td>\n\t\t\t\t\t\t\t<td>" . date('d/m/Y', $data1['membre_inscrit']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Messages postés: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::bdd($data1['membre_post']) . " messages</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Localisation: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::bdd($data1['membre_localisation']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td><strong>Signature: </strong></td>\n\t\t\t\t\t\t\t<td>" . Securite::html($data1['membre_signature']) . "</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t\t<br />";
if ($membre == $test) {
echo "<a href=\"index.php?module=profil&action=modifier&id=" . Securite::bdd($_SESSION['id']) . "\">Modifier mon profil</a>";
} else {
echo "";
}
} else {
echo "<p>Ce membre n'exister pas !</p>";
}
}
break;
}
} else {
echo "<p>Page réservée aux membres !<br />";
echo "connectez-vous ou inscrivez-vous !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
********* PROJET CDI **********
******TRAITEMENT ADD MEDIAS*****
Description : Ce fichier va traiter les données du formulaire 'Ajout de médias'
C'est lui qui se chargera d'associer les élèments de l'IHM aux différents ID's
De plus, il effectue les différentes requêtes
@Author : Despendo
Copyright 2012 pour eXia.Cesi Strasbourg
*/
if (isset($_POST["titre"], $_POST["isbn"], $_POST["resumeMedia"], $_POST["Categorie"], $_POST["Type"], $_POST["auteurs"]) && !empty($_POST["titre"])) {
// On commence par stocker les variables qui serront envoyé dirrectement dans la BDD
$titre_media = Securite::bdd($_POST["titre"]);
$isbn_media = Securite::bdd($_POST["isbn"]);
$resume_media = Securite::bdd($_POST["resumeMedia"]);
$img = $_FILES["img"];
if (!empty($img['name'])) {
move_uploaded_file($img['tmp_name'], 'Ressources/images/tmp' . $img['name']);
require 'Classes/Img.php';
IMG::creerMin('Ressources/images/tmp' . $img['name'], "Ressources/images/miniatures", $img['name'], 260, 180);
IMG::creerMin('Ressources/images/tmp' . $img['name'], "Ressources/images", $img['name'], 800, 600);
unlink('Ressources/images/tmp' . $img['name']);
if (substr($img['name'], -3) == 'png') {
$img['name'] = str_replace('png', 'jpg', $img['name']);
}
$nom_image = $img['name'];
} else {
$nom_image = 'no_image.jpg';
}
// Ce premier switch va regarder le choix de l'user et définiera la variable categorie_media en fonction du choix textuel envoyé par le formulaire
$_SESSION['id'] = $id_account;
$_SESSION['lang'] = "french";
echo "<script type=\"text/javascript\">window.location='index.php';</script>Si vous voyez ce message cliqué <a href=\"index.php\">ici</a> pour continuer.";
}
break;
// Mot de passe perdu
// Mot de passe perdu
case "perdu":
generate_xsrf_token();
$token = Securite::bdd($_SESSION['token_xsrf']);
echo "<p class=\"title\">Récupérer son mot de passe</p>\n\t\t\t\t<p></p>\n\t\t\t\t<form action=\"login.php?action=perdu_v\" method=\"post\">\n\t\t\t\t\t<table border=\"0\">\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>Nom du compte</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"account\" size=\"20\" maxsize=\"20\" /></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>Adresse EMail</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"mail\" size=\"20\" maxsize=\"20\" /></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t\t<br />\n\t\t\t\t\t<input type=\"hidden\" name=\"token_xsrf\" value=\"" . $token . "\" />\n\t\t\t\t\t<input type=\"submit\" name=\"login\" value=\"Valider\" />\n\t\t\t\t</form>\n\t\t\t\t<br />\n\t\t\t\t<a href=\"index.php\">Retour</a>";
break;
case "perdu_v":
verify_xsrf_token();
$account = Securite::bdd($_POST['account']);
$email = Securite::bdd($_POST['mail']);
if (empty($account) or !isset($account) or empty($email) or !isset($email)) {
echo "Erreur : Un des champs est vide !";
} else {
if (!eregi("^[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-_.]?[0-9a-z])*\\.[a-z]{2,4}\$", $email)) {
echo "L'adresse e-mail n'est pas correcte !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
} else {
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$reponse = mysql_query("SELECT * FROM account WHERE username='******' AND email='" . $email . "'") or die(mysql_error());
if (mysql_num_rows($reponse) > 0) {
// OK
require_once "kernel/mailer/class.phpmailer.php";
require_once "kernel/mailer/class.smtp.php";
$chaine = cryptme(8);
<?php
include 'header.php';
?>
<div class="container">
<img src="img/comptaCrab-essayez-nous.png" class="img-responsive" alt="Responsive image Essayez nous">
</div>
<?php
if (!empty($_POST)) {
$email = Securite::bdd($_POST['identification_nom']);
$password = sha1(Securite::bdd($_POST['identification_password']));
$q = array('email' => $email, 'password' => $password);
$sql = 'SELECT email, pass FROM users WHERE email = :email AND pass = :password';
try {
$req = $cnx->prepare($sql);
} catch (Exception $e) {
echo 'Erreur : ' . $e->getMessage() . '<br />';
echo 'N° : ' . $e->getCode();
}
$req->execute($q);
$count = $req->rowCount($sql);
if ($count == 1) {
/*
* Verifie si le compte user est actif
*/
$sql = 'SELECT email, pass FROM users WHERE email = :email AND pass = :password AND activer = 1';
$req = $cnx->prepare($sql);
$req->execute($q);
$actif = $req->rowCount($sql);
if ($actif == 1) {
$_SESSION['Auth'] = array('email' => $email, 'password' => $password);
$reponse = mysql_query("SELECT * FROM account WHERE id='{$id}'");
$donnees = mysql_fetch_array($reponse);
$test = Securite::bdd($donnees['online']);
if ($test == 1) {
echo "<p class=\"title\">Vous êtes actuelement connecté au jeu !</p>\n\t\t\t\t<h4>Merci de vous déconnecter.</h4></p>\n\t\t\t\t<a href=\"index.php?module=migration\">Retour</a>";
} else {
mysql_query("UPDATE account SET expansion='2' WHERE id='{$id}'");
echo "<p class=\"title\">Votre compte a bien été migrer !</p>\n\t\t\t\t<p><a href=\"index.php\">Retour</a></p>";
}
break;
default:
generate_xsrf_token();
$token = Securite::bdd($_SESSION['token_xsrf']);
$id = Securite::bdd($_SESSION['id']);
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$reponse = mysql_query("SELECT * FROM account WHERE id='{$id}'");
$donnees = mysql_fetch_array($reponse);
$test = Securite::bdd($donnees['expansion']);
if ($test == 2) {
echo "<p class=\"title\">Votre compte est déjà migrer !</p>\n\t\t\t\t<p><a href=\"index.php\">Retour</a></p>";
} else {
echo "<p class=\"title\">Migrer mon compte vers Woltk</p>\n\t\t\t\t<p>Etes-vous sur de vouloir migrer votre compte ?</p>\n\t\t\t\t\n\t\t\t\t<form method=\"post\" action=\"index.php?module=migration&action=validation\">\n\t\t\t\t<input type=\"hidden\" name=\"token_xsrf\" value=\"" . $token . "\" />\n\t\t\t\t<input type=\"hidden\" name=\"id\" value=\"" . $id . "\" />\n\t\t\t\t<input type=\"submit\" value=\"Oui je suis sûr !\" />\n\t\t\t\t</form>";
}
break;
}
} else {
echo "<p>Vous devez etre connecter pour migrer vote compte !<br />";
echo "connectez-vous ou inscrivez-vous !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
<?php
/*
********* PROJET CDI **********
******TRAITEMENT DEL MEDIAS*****
Description : Ce fichier va traiter les données du formulaire 'Del médias'
C'est lui qui se chargera d'associer les élèments de l'IHM aux différents ID's
De plus, il effectue les différentes requêtes
@Author : Despendo
Copyright 2012 pour eXia.Cesi Strasbourg
*/
if (isset($_POST["titre"])) {
$titre_media = Securite::bdd($_POST["titre"]);
$reqRecupDelMedia = $bdd->prepare('SELECT id_media FROM medias WHERE titre_media= :media');
$reqRecupDelMedia->execute(array('media' => $titre_media));
$donnees = $reqRecupDelMedia->fetch(PDO::FETCH_ASSOC);
$IDMedia = $donnees['id_media'];
// Contient l'ID
print_r($IDMedia);
if ($IDMedia != '') {
$reqDelMediaAuteur = $bdd->prepare('DELETE FROM ecrire WHERE id_media = :IDM ;');
$reqDelMediaAuteur->execute(array('IDM' => $IDMedia));
$reqDelMediaEditeur = $bdd->prepare('DELETE FROM publier WHERE id_media = :IDM ;');
$reqDelMediaEditeur->execute(array('IDM' => $IDMedia));
$reqDelExem = $bdd->prepare('DELETE FROM exemplaires WHERE id_media = :IDM ;');
$reqDelExem->execute(array('IDM' => $IDMedia));
$reqDelMedia = $bdd->prepare('DELETE FROM medias WHERE id_media = :IDM ;');
$reqDelMedia->execute(array('IDM' => $IDMedia));
header("Location: ?admin=media&message=2");
mysql_select_db($coolwow['db']) or die(mysql_error());
$query = mysql_query("SELECT * FROM membres WHERE nb_point_vote >= 1 AND membre_gmlevel = 0 ORDER BY nb_point_vote DESC") or die(mysql_error());
echo "<p class=\"title\">Le top des votants</p>";
?>
<table class="lined" width="99%" border="1" cellpadding="2" cellspacing="0" align="center" class="sortable">
<tr>
<th nowrap="nowrap">Place</th>
<th nowrap="nowrap">Pseudo</th>
<th nowrap="nowrap">Nombre de points</th>
</tr>
<?php
if (mysql_num_rows($query) < 1) {
echo "<tr><td colspan=\"3\">Il n y a aucun votant !</td></tr>";
} else {
$ligne = 1;
while ($donnees = mysql_fetch_array($query)) {
echo "<tr><td align=\"center\">";
echo $ligne++;
echo "</td><td align=\"center\">";
echo "" . Securite::bdd($donnees['account_name']) . "";
echo "</td><td align=\"center\">";
echo "" . Securite::bdd($donnees['nb_point_vote']) . "";
echo "</td></tr>";
}
}
echo "</TABLE><br>";
} else {
echo "<p>Page réservé au membres !<br />";
echo "connectez-vous ou inscrivez-vous !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
<?php
mysql_connect($coolwow['host'], $coolwow['user'], $coolwow['password']) or die(mysql_error());
mysql_select_db($coolwow['db']) or die(mysql_error());
$ip = Securite::bdd($_SERVER['REMOTE_ADDR']);
$account = Securite::bdd($_SESSION['username']);
$time = time();
if (!empty($account)) {
$retour4 = mysql_query("SELECT COUNT(*) AS nbre_entrees FROM membres WHERE account_name='{$account}'");
$donnees4 = mysql_fetch_array($retour4);
if ($donnees4['nbre_entrees'] == 1) {
$retour5 = mysql_query("SELECT visible FROM membres WHERE account_name='{$account}'");
$donnees5 = mysql_fetch_array($retour5);
$visible = $donnees5['visible'];
} else {
$visible = 1;
}
} else {
$visible = 1;
}
$retour = mysql_query("SELECT COUNT(*) AS nbre_entrees FROM connectes WHERE ip='{$ip}'");
$donnees = mysql_fetch_array($retour);
if ($donnees['nbre_entrees'] == 0) {
mysql_query("INSERT INTO connectes VALUES('{$ip}','{$time}','{$account}','{$visible}')");
} else {
mysql_query("UPDATE connectes SET timestamp='{$time}',account='{$account}',visible='{$visible}' WHERE ip='{$ip}'");
}
// -------
// ETAPE 2 : on supprime toutes les entrées dont le timestamp est plus vieux que 5 minutes
// On stocke dans une variable le timestamp qu'il était il y a 5 minutes :
$timestamp_5min = time() - 60 * 5;
// 60 * 5 = nombre de secondes écoulées en 5 minutes
case "voter_v":
$id = Securite::bdd($_POST['id']);
$vote_temp = Securite::bdd($_POST['vote']);
if (!empty($id) or !empty($vote_temp)) {
$vote = "nb_vote" . $vote_temp . "";
echo "<p class=\"title\">Sondage</p>";
mysql_query("UPDATE sondages SET " . $vote . " = " . $vote . " + 1, total_vote = total_vote + 1 WHERE id_sondage = " . $id . "") or die(mysql_error());
mysql_query("INSERT INTO sondages_votant (id_sondage, membre_id) VALUES ('" . $id . "','" . $_SESSION['id'] . "') ") or die(mysql_error());
echo '<p>Merci pour votre vote<br /><a href="index.php">Accueil</a>';
} else {
echo "<p>Erreur de lien !</p>";
echo "<a href=\"index.php\">Retour</a>";
}
break;
case "resultat":
$id = Securite::bdd($_GET['id']);
if (!empty($id) or !empty($id)) {
$retour = mysql_query("SELECT * FROM sondages WHERE id_sondage = {$id}");
if (mysql_num_rows($retour) <= 0) {
echo "\n\t\t\t\t\t\t<p>Il n'y a aucun Sondage qui a cet ID !!!</p>\n\t\t\t\t\t\t<p><a href=\"index.php?module=sondages\">Retour</a></p>";
} else {
$donnees = mysql_fetch_assoc($retour);
echo "<p class=\"title\">Résultats du sondage en cours</p><br />";
echo "" . $donnees['question_sondage'] . "<br /><br />";
mysql_data_seek($retour, 0);
while ($donnees2 = mysql_fetch_array($retour)) {
for ($i = 1; $i < 10; $i++) {
if ($donnees2['option' . $i . ''] == "n/a") {
echo "";
} else {
$total = $donnees2['total_vote'];
?>
<?php
require_once 'connexion.php';
/*
* Définit la variable globale user_id
*/
if (Auth::islog()) {
$email = Securite::bdd($_SESSION['Auth']['email']);
$q = array('email' => $email);
$sql = 'SELECT user_id FROM users WHERE email = :email';
$req = $cnx->prepare($sql);
$req->execute($q);
// preparation de la variable user_id
while ($row = $req->fetch(PDO::FETCH_ASSOC)) {
$user_id = Securite::bdd($row['user_id']);
}
global $user_id;
$req->closeCursor();
}
/*
* Classe de vérification de connexion
*/
class Auth
{
static function islog()
{
global $cnx;
if (isset($_SESSION['Auth']) && isset($_SESSION['Auth']['email']) && isset($_SESSION['Auth']['password'])) {
$q = array('email' => $_SESSION['Auth']['email'], 'password' => $_SESSION['Auth']['password']);
$sql = 'SELECT email, pass, activer FROM users WHERE email = :email AND pass = :password AND activer = 1';
<?php
/*
********* PROJET CDI **********
TRAITEMENT MODIFY EXE...
Description : Ce fichier reçois les informations des
différents formulaire auquel il est rattaché et
envoie des nouvelles données dans la BDD
@Author : Despendo
Copyright 2012 pour eXia.Cesi Strasbourg
*/
if (isset($_POST['prix'], $_POST['refE'], $_POST['etat'], $_POST['dacqui'])) {
$refE = Securite::bdd($_POST['refE']);
$prix = Securite::bdd($_POST['prix']);
$etat = Securite::bdd($_POST['etat']);
$date = Securite::bdd($_POST['dacqui']);
$dispo = isset($_POST['dispo']);
try {
$reqUpdateExePure = $bdd->prepare('UPDATE exemplaires SET dacquisition_exemplaire=:date, prix_exemplaire=:prix,rmq_exemplaire=:etat, dispo_exemplaire=:dispo WHERE num_exemplaire=:refE ');
$reqUpdateExePure->execute(array('date' => $date, 'prix' => $prix, 'etat' => $etat, 'dispo' => $dispo, 'refE' => $refE)) or die(print_r($reqUpdateExePure->errorInfo()));
header('Location: ?admin=media&message=1');
} catch (exception $e) {
$page['erreur'] = ' Problème';
}
}
$passe = $_SESSION['passe'];
$cas = 2;
}
}
}
if ($cas == 0 && isset($_COOKIE['pseudo'], $_COOKIE['passe'])) {
$cas = 3;
$pseudo = $_COOKIE['pseudo'];
$passe = $_COOKIE['passe'];
}
// La situation est identifiée. Le terrain est préparé, connexion --
if ($cas > 0) {
// Initialisation et sécurisation --
$erreur = 0;
$pseudo = Securite::bdd($pseudo);
$passe = Securite::bdd($passe);
// Récup. des infos sur ces variables --
$requete = $bdd->prepare('SELECT id_admin AS id, login_admin AS pseudo, mdp_admin AS passe, nom_admin AS nom FROM administrateurs ' . 'WHERE login_admin = :pseudo');
$requete->bindParam(':pseudo', $pseudo, PDO::PARAM_STR);
$requete->execute();
$tmembre = $requete->fetch(PDO::FETCH_ASSOC);
// Vérification de la correspondance variable/bdd --
if (empty($tmembre) || $tmembre['pseudo'] != $pseudo) {
$erreur = 1;
/* Pseudo inconnu */
} else {
if (sha1($passe) != $tmembre['passe']) {
$erreur = 2;
/* Mot de passe incorrect ! */
} else {
// Création des données de session --
<?php
if (empty($securite) or !isset($securite) or $securite != "ok") {
header("location: erreur.php?err=access_denied");
}
$adresse = "index.php?module=gamers";
mysql_connect($characters[1]['host'], $characters[1]['user'], $characters[1]['password']) or die(mysql_error());
mysql_select_db($characters[1]['db']) or die(mysql_error());
$page_get = Securite::get($_GET['page']);
$truc = $page_get;
switch ($_GET['action']) {
case "resultat":
$perso = Securite::bdd($_POST['perso']);
$by = Securite::bdd($_POST['by']);
$requete = mysql_query("SELECT * FROM characters WHERE {$by} LIKE'%{$perso}%'");
echo "<p class=\"title\">Resultat de la recherche</p><br />";
?>
<table class="lined" border="1" cellpadding="3" cellspacing="0" align="center" class="sortable">
<tr>
<th nowrap="nowrap" width="150"><?php
echo $lang_player['name'];
?>
</th>
<th nowrap="nowrap" width="50"><?php
echo $lang_player['level'];
?>
</th>
<th nowrap="nowrap" width="40"><?php
echo $lang_player['race'];
?>
</th>
$bloc_left = 0;
$bloc_right = 0;
$largeur = "80%";
} else {
if ($bloc_left == 0 and $bloc_right == 0) {
$largeur = "70%";
} else {
$largeur = "90%";
}
}
mysql_connect($coolwow['host'], $coolwow['user'], $coolwow['password']) or die(mysql_error());
mysql_select_db($coolwow['db']) or die(mysql_error());
$adressip = Securite::bdd($_SERVER['REMOTE_ADDR']);
$retour = mysql_query("SELECT COUNT(*) AS nbre_entrees FROM bansite WHERE ip_ban = '{$adressip}'") or die(mysql_error());
$donnees = mysql_fetch_array($retour);
$nb = Securite::bdd($donnees['nbre_entrees']);
if ($nb == 1) {
echo "Vous avez été banni de ce site !!!";
} else {
require "header.php";
require "themes/header_theme.php";
switch ($_GET['module']) {
case 'armurerie':
include "armurerie.php";
break;
case 'vente':
include "vente.php";
break;
case 'gamers':
include "gamers.php";
break;
public static function inscription($infos, $bdd)
{
// Initialisation : Réponse et BDD --
$retour = array('valeur' => false, 'message' => '');
// -- Vérification 1 : Oublis --
if (!isset($_POST['pseudo']) && !isset($_POST['passe'])) {
$retour['message'] = "Le pseudo et le mot de passe n'ont pas été renseignés correctement.";
} else {
// -- Sécurisation --
$pseudo = Securite::bdd($infos['pseudo']);
$passe = Securite::bdd($infos['passe']);
// Récupération des infos membres --
$requete = $bdd->prepare('SELECT * FROM membre WHERE login = :pseudo');
$requete->bindParam(':pseudo', $pseudo, PDO::PARAM_STR);
$requete->execute();
$membre_bdd = $requete->fetch(PDO::FETCH_ASSOC);
// Existance du compte --
if (isset($membre_bdd['id_membre'])) {
$retour['message'] = "Ce pseudo est déjà pris";
} else {
// -- Enregistrement --
$requete = $bdd->prepare("INSERT INTO membre(login, mdp) VALUES(:pseudo, :passe)");
$requete->bindParam(':pseudo', $pseudo, PDO::PARAM_STR);
$requete->bindParam(':passe', $passe, PDO::PARAM_STR);
$requete->execute();
// -- Tout est bon --
$retour['valeur'] = true;
$retour['pseudo'] = $pseudo;
$retour['passe'] = $passe;
}
}
return $retour;
}
<?php
include "config.php";
include "fonctions.php";
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$pseudo = Securite::bdd($_GET["pseudo"]);
$result = mysql_query("SELECT username FROM account WHERE username='******'");
mysql_close();
if (mysql_num_rows($result) >= 1) {
echo "1";
} else {
echo "2";
}
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$retour_total = mysql_query('SELECT COUNT(*) AS total FROM account_banned');
//Nous récupérons le contenu de la requête dans $retour_total
$donnees_total = mysql_fetch_assoc($retour_total);
//On range retour sous la forme d'un tableau.
$total = Securite::bdd($donnees_total['total']);
//On récupère le total pour le placer dans la variable $total.
$retour_messages = mysql_query('SELECT * FROM account_banned ORDER BY id ASC');
echo "<p class=\"title\">Liste des comptes bannis</p>";
echo "<table class=\"lined\" width=\"99%\" style='border-collapse: collapse'; align='center' width='90%' border='1' cellspacing='1' cellpadding='1'>\n\t\t\t\t\t<tr>\n\t\t\t\t\t<th>id du compte</th>\n\t\t\t\t\t<th>Date du Ban</th>\n\t\t\t\t\t<th>Fin du Ban</th>\n\t\t\t\t\t<th>Bannis par</th>\n\t\t\t\t\t<th>Raison</th>\n\t\t\t\t\t</tr>";
if ($total == 0) {
echo "<tr><td colspan=\"9\">Aucuns comptes bannis !!!</td></tr>";
} else {
while ($donnees = mysql_fetch_assoc($retour_messages)) {
$id = Securite::bdd($donnees['id']);
echo "<tr><td align=\"center\">";
echo $donnees['id'];
echo "</td><td align=\"center\">";
echo "" . date('d/m/Y G:i', $donnees['bandate']) . "";
echo "</td><td align=\"center\">";
if ($donnees['bandate'] == $donnees['unbandate']) {
echo "Jamais";
} else {
echo "" . date('d/m/Y G:i', $donnees['unbandate']) . "";
}
echo "</td><td align=\"center\">";
echo $donnees['bannedby'];
echo "</td><td align=\"center\">";
if (empty($donnees['banreason'])) {
echo "Aucune raison";
}
$royaume = royaume(Securite::get($_GET['royaume']));
switch ($_GET['action']) {
default:
echo "<p class=\"title\">" . $titre_armurerie . "</p>\n\t\t<p class=\"center\">A quelles armurerie voulez-vous accèder ?<br /><br />\n\t\t<form method=\"POST\" action=\"index.php?module=armurerie&action=recherche\">\n\t\t<select name=\"royaume\">";
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$SQL = "SELECT * FROM realmlist ORDER BY id ASC";
$result = mysql_query($SQL) or die("Erreur SQL");
while ($val = mysql_fetch_array($result)) {
echo "<OPTION VALUE='" . Securite::bdd($val['id']) . "'>" . Securite::bdd($val['name']) . "</option>";
}
echo "</select>\n\t\t<input type=\"submit\" value=\"Entrer\" />\n\t\t</form></p>";
break;
case "recherche":
$royaume = Securite::bdd($_POST['royaume']);
mysql_connect($realmd['host'], $realmd['user'], $realmd['password']) or die(mysql_error());
mysql_select_db($realmd['db']) or die(mysql_error());
$reponse = mysql_query("SELECT * FROM realmlist WHERE id = '" . $royaume . "'");
$donnees = mysql_fetch_array($reponse, MYSQL_ASSOC);
echo "<p class=\"title\">" . $titre_armurerie . "</p>\n\t\t<p class=\"center\">Royaume : " . $donnees['name'] . "</p>\n\t\t<form class=\"recherche\" method=\"{$_POST}\" action=\"armurerie-select.php\">\n\t\t<p><b>" . $lang_armurerie['character_name'] . "</b></p>\n\t\t<input type=\"text\" name=\"perso\" value=\"" . $lang_armurerie['perso_name'] . "\" size=\"30\" onFocus=\"javascript:this.value=''\" />\n\t\t<input type=\"hidden\" name=\"royaume\" value=\"" . $royaume . "\" />\n\t\t<input type=\"submit\" value=\"" . $lang_site['search'] . "\" /><br />\n\t\t</form>\n\t\t<br />\n\t\t<form class=\"recherche\" method=\"{$_POST}\" action=\"armurerie-select.php\">\n\t\t<SELECT NAME=\"perso\">";
mysql_connect($characters[$royaume]['host'], $characters[$royaume]['user'], $characters[$royaume]['password']) or die(mysql_error());
mysql_select_db($characters[$royaume]['db']) or die(mysql_error());
$SQL = "SELECT * FROM `characters` ORDER BY name ASC";
$result = mysql_query($SQL) or die("Erreur SQL");
while ($val = mysql_fetch_array($result)) {
echo "<OPTION VALUE='" . Securite::bdd($val[guid]) . "'>" . Securite::bdd($val[name]) . "</option>";
}
echo "</SELECT>\n\t\t<input type=\"hidden\" name=\"royaume\" value=\"" . $royaume . "\" />\n\t\t<input type=\"submit\" value=\"" . $lang_site['search'] . "\" /><br />\n\t\t</form>";
break;
}
echo "<p>Le personnage a été déplacé !</p>";
echo "<a href='index.php'>Retour</a>";
}
} else {
echo "erreur2";
}
} else {
echo "erreur";
}
break;
default:
generate_xsrf_token();
$token = Securite::bdd($_SESSION['token_xsrf']);
echo "<p class=\"title\">Déplacer un personnage</p><br />";
echo "<form action=\"index.php?module=perso_move&action=deplacer\" method=\"POST\">\n\t\t\t\t\t<table>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>ID du personnage à déplacer :</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"id_perso\"></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t<td>ID du compte de déstination :</td>\n\t\t\t\t\t\t\t<td><input type=\"text\" name=\"id_account\"></td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t</table>\n\t\t\t\t\t<input type=\"hidden\" name=\"token_xsrf\" value=\"" . $token . "\" />\n\t\t\t\t\t<input type=\"submit\" name=\"valide\" value=\"Déplacer\">\n\t\t\t\t</form>";
break;
}
} else {
echo "<p>Ce module est désactivé, merci de voir avec l'administrateur !</p>";
echo "<a href=\"../index.php\">Retour</a>";
}
} elseif (Securite::bdd($_SESSION['auth']) != "yes") {
header("location: ../index.php");
exit;
} elseif (Securite::bdd($_SESSION['gmlevel']) <= $rep['config_value2']) {
echo "<p>" . Securite::bdd($_SESSION['username']) . " vous n'êtes pas autorisé à accéder à cette partie !</p>";
echo "<a href=\"../index.php\">Retour</a>";
} else {
echo "<p>Erreur</p>";
echo "<a href=\"../index.php\">Retour</a>";
}
$exception = 1;
}
// -- Action --
// Suppression --
if ($page['keyAction'] == 'supprimer') {
$model->supprimer($page['id_ext']);
}
// Liaisons --
if ($page['keyAction'] == 'lier' || $page['keyAction'] == 'delier') {
$model->{$page}['keyAction']($page['id_ext'], $page['id']);
}
// Ajout/Edition --
if ($page['keyAction'] == 'editer' || $page['keyAction'] == 'ajouter') {
$fini = false;
if (isset($_POST['nom'])) {
$nom = Securite::bdd($_POST['nom']);
if (strlen($nom) < $page['length']) {
if ($page['exception'] == 'type') {
$duree = isset($_POST['duree']) ? intval($_POST['duree']) : 0;
if (isset($page['id_ext']) && $page['keyAction'] == 'editer') {
$model->editer($nom, $page['id_ext'], $duree);
} else {
if (isset($page['id']) && $page['keyAction'] == 'ajouter') {
$model->ajouter($nom, $page['id'], $duree);
} else {
$model->ajouter($nom, -1, $duree);
}
}
} else {
if (isset($page['id_ext']) && $page['keyAction'] == 'editer') {
$model->editer($nom, $page['id_ext']);
<?php
if (empty($securite) or !isset($securite) or $securite != "ok") {
header("location: erreur.php?err=access_denied");
}
echo "<link rel=\"stylesheet\" href=\"themes/shoutbox.css\" type=\"text/css\" />\n";
switch ($_GET['action']) {
case 'envoyer':
$auteur = Securite::bdd($_SESSION['username']);
$gmlevel = Securite::bdd($_SESSION['gmlevel']);
$adressip = Securite::bdd($_SERVER['REMOTE_ADDR']);
$date = date("Y-m-d H:i:s");
$msg = Securite::bdd($_POST['msg']);
if (empty($msg)) {
echo "<p>Merci d'entrer un message !!!</p>";
echo "<p><a href=\"index.php?module=chatbox\">Retour</a></p>";
} else {
mysql_connect($coolwow['host'], $coolwow['user'], $coolwow['password']) or die(mysql_error());
mysql_select_db($coolwow['db']) or die(mysql_error());
mysql_query("INSERT INTO chatbox (msg, auteur_msg,ip_msg,date_msg,gmlevel) VALUES ('{$msg}','{$auteur}','{$adressip}','{$date}','{$gmlevel}')") or die(mysql_error());
mysql_close();
echo "\n\t\t\t<script language=\"Javascript\">\n\t\t\t\tdocument.location.replace(\"index.php?module=chatbox\");\n\t\t\t</script>";
}
break;
case 'historique':
$gmlevel = Securite::html($_SESSION['gmlevel']);
echo "\n\t\t<p class=\"title\">" . $titre_chatbox . " " . Securite::html($_SESSION['username']) . " !</p><br />\n\t\t<div id=\"shoutbox\">\n\t\t\t<div id=\"shoutbox_content\">";
mysql_connect($coolwow['host'], $coolwow['user'], $coolwow['password']) or die(mysql_error());
mysql_select_db($coolwow['db']) or die(mysql_error());
$retour_total = mysql_query('SELECT COUNT(*) AS total FROM chatbox');
//Nous récupérons le contenu de la requête dans $retour_total
$donnees_total = mysql_fetch_assoc($retour_total);
if (mysql_num_rows($sql) <= 0) {
echo "<tr><td colspan=\"7\">Il n'y a aucun membre sur le site !!!</td></tr>";
} else {
while ($data1 = mysql_fetch_array($sql, MYSQL_ASSOC)) {
echo "<tr>";
echo "\n\t\t\t\t\t\t\t<td align=\"center\"><a href=\"index.php?module=profil&id=" . Securite::bdd($data1['id']) . "\">" . Securite::bdd($data1['pseudo']) . "</a></td>\n\t\t\t\t\t\t\t<td align=\"center\">" . date('d/m/y G:i', Securite::bdd($data1['membre_inscrit'])) . "</td>\n\t\t\t\t\t\t\t<td align=\"center\">" . Securite::bdd($data1['membre_post']) . "</td>\n\t\t\t\t\t\t\t<td align=\"center\">" . Securite::bdd($data1['membre_rank']) . "</td>\n\t\t\t\t\t\t\t<td align=\"center\"><a href=\"index.php?module=messagerie&action=ecrire&for=" . Securite::bdd($data1['pseudo']) . "\"><img src=\"themes/" . $theme . "/images/forums/pm.gif\" /></a></td>\n\t\t\t\t\t\t\t<td align=\"center\">";
if ($data1['cacher_email'] == 1) {
echo "</td>";
} else {
echo "<a href=\"mailto:" . Securite::bdd($data1['membre_email']) . "\"><img src=\"themes/" . $theme . "/images/forums/email.gif\" /></a></td>";
}
echo "<td align=\"center\">";
if (empty($data1['membre_siteweb'])) {
echo "</td>";
} else {
echo "<a href=\"" . Securite::bdd($data1['membre_siteweb']) . "\"><img src=\"themes/" . $theme . "/images/forums/www.gif\" /></a></td>";
}
echo "</tr>";
}
}
echo "</table>";
break;
}
} else {
echo "<p>Ce module est désactivé, merci de voir avec l'administrateur !</p>";
echo "<a href=\"../index.php\">Retour</a>";
}
} else {
echo "<p>Page réservée aux membres !<br />";
echo "connectez-vous ou inscrivez-vous !</p>";
echo "<a href=\"../index.php\">Retour</a>";
<?php
/*
********* PROJET CDI **********
**********TRAITEMENT C **********
Description : Cette page cloture une réservation.
Elle passe l'état à 3, terminer_reservation à true
& remet tous les exemplaires de la reservations disponible
@Author : Despendo
Copyright 2012 pour eXia.Cesi Strasbourg
*/
if (isset($_POST['IDR'])) {
$ValidResaC = $bdd->prepare('UPDATE reservations SET id_etat= 3, terminer_reservation=true WHERE id_reservation= :IDR');
$ValidResaC->execute(array("IDR" => Securite::bdd($_POST['IDR'])));
$reqDispoC = $bdd->prepare('UPDATE exemplaires SET dispo_exemplaire=true WHERE num_exemplaire = :IDE');
for ($i = 1; $i < 4; $i++) {
if (isset($_POST['Ex' . $i . ''])) {
$reqDispoC->execute(array("IDE" => Securite::bdd($_POST['Ex' . $i . ''])));
}
}
header('Location: ?admin=media&message=5');
}
echo "Votre message a bien été envoyé au webmastre du site. Nous vous remercions.<br />";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
} else {
echo "Erreur: votre message n'a pu être envoyé.";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
} elseif ($type_envoi != "mail" or $type_envoi != "smtp") {
echo "Erreur, merci de verifier la configuration du fichier config.php !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
}
}
}
}
}
}
} else {
echo "Le code de sécuritée n'est pas bon !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
} else {
echo "Vous devez remplir le champ du code de sécuritée !";
echo "<br /><a href='javascript:history.go(-1)'>Retour</a>";
}
break;
default:
generate_xsrf_token();
$token = Securite::bdd($_SESSION['token_xsrf']);
echo "\n\t\t<p class=\"title\">Forumulaire de contact</p>\n\t\t<p>Tous commentaires et suggestions sur ce site sont les bienvenus et très important pour nous. Merci!</p>\n\t\t<form action=\"index.php?module=contact&action=envoi\" method=\"POST\">\n\t\t<input type=\"hidden\" name=\"token_xsrf\" value=\"" . $token . "\" />\n\t\t\t<table border=\"0\" cellspacing=\"0\" cellpadding=\"2\">\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\">Votre Nom :</td>\n\t\t\t\t\t<td width=\"80%\" align=\"left\">\n\t\t\t\t\t<input type=\"text\" name=\"nom\" size=\"50\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\">Votre e-mail :</td>\n\t\t\t\t\t<td width=\"80%\" align=\"left\">\n\t\t\t\t\t<input type=\"text\" name=\"email\" size=\"50\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\">Sujet :</td>\n\t\t\t\t\t<td width=\"80%\" align=\"left\">\n\t\t\t\t\t<input type=\"text\" name=\"sujet\" size=\"50\" />\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\" valign=\"top\">Message :</td>\n\t\t\t\t\t<td width=\"80%\">\n\t\t\t\t\t\t<textarea name=\"message\" alt=\"Message\" rows=\"10\" cols=\"50\" wrap=\"virtual\"></textarea>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td width=\"25%\">Code de sécuritée :</td>\n\t\t\t\t\t<td width=\"80%\"><img src=\"captcha/CaptchaSecurityImages.php\" alt=\"Code de vérification\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td width=\"25%\">Recopier le code</td>\n\t\t\t\t\t<td width=\"80%\"><input id=\"security_code\" name=\"security_code\" type=\"text\" /></td>\n\t\t\t\t</tr>\n\t\t\t\t<tr> \n\t\t\t\t\t<td width=\"25%\"> </td>\n\t\t\t\t\t<td width=\"80%\"><center><input type=\"submit\" name=\"Submit\" value=\"Envoyer\" alt=\"Envoi\" /></td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t</form>";
break;
}
<th width="60"nowrap="nowrap">Niveau</th>
<th width="80" nowrap="nowrap">Points</th>
<th width="40" nowrap="nowrap">Rang</th>
<th nowrap="nowrap">Guilde</th>
</tr>
<?php
$ligne = 1;
if (mysql_num_rows($reponse2) < 1) {
echo "<tr><td colspan=\"8\">Il n'y a aucun Hordeux !</td></tr>";
} else {
while ($donnees2 = mysql_fetch_array($reponse2, MYSQL_ASSOC)) {
$race = Securite::bdd($donnees2['race']);
$gender = Securite::bdd($donnees2['gender']);
$class = Securite::bdd($donnees2['class']);
$name = Securite::bdd($donnees2['name']);
$guildid = Securite::bdd($donnees2['GNAME']);
$guild_name = mysql_query("SELECT name FROM guild WHERE guildid='{$guildid}'") or die(mysql_error());
$guild = mysql_fetch_array($guild_name, MYSQL_ASSOC);
$guildname = $guild['name'];
echo "<tr><td align=\"center\">";
echo $ligne++;
echo "</td><td align=\"center\">";
echo "<a href=\"armurerie-select.php?perso={$name}\">{$name}</a>";
echo "</td><td align=\"center\">";
echo "<img src='images/races/{$race}-{$gender}.gif' />";
echo "</td><td align=\"center\">";
echo "<img src='images/classes/{$class}.gif' />";
echo "</td><td align=\"center\">";
echo $donnees2['level'];
echo "</td><td align=\"center\">";
echo $donnees2['totalHonorPoints'];
<?php
session_start();
include 'header.php';
?>
<?php
if (Auth::islog()) {
if (!empty($_POST)) {
$description = Securite::bdd($_POST['choix_code']);
$q = array('description' => $description, 'user_id' => $user_id);
$sql = 'DELETE FROM codes_analytiques WHERE user_id = :user_id AND description = :description';
$req = $cnx->prepare($sql);
try {
$req->execute($q);
echo "\t<div class=\"alert span12 alert-success\">\n \t\t\t\t<strong><i class=\"glyphicon glyphicon-ok\"></i> La suppression s'est déroulé correctement.</strong>\n\t\t\t\t\t</div>";
} catch (Exception $e) {
echo "\n\t\t\t\t\t<div class=\"alert span12 alert-error\">\n\t\t\t\t\t<strong><i class=\"icon-ban-circle icon-white\"></i> Un problème est survenu pendant la suppresion. " . Securite::html($e->getMessage()) . "</strong>\n\t\t\t\t\t</div>";
}
} else {
echo "\n\t\t\t\t\t<div class=\"alert span12 alert-error\">\n\t\t\t\t\t<strong><i class=\"icon-ban-circle icon-white\"></i> Erreur, aucun formulaire de suppression de code analytique n'a été reçu...</strong>\n\t\t\t\t\t</div>";
}
} else {
echo "\n\t\t\t\t\t<div class=\"container\">\n\t\t\t\t\t\t<div class=\"alert span9 alert-error\">\n \t\t\t\t\t\t<strong><i class=\"icon-ban-circle icon-white\"></i> Vous devez vous connecter pour afficher cette page.</strong>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t</div>";
}
?>
<?php
include 'footer.php';
