static function mod_pg($pg)
{
$p = plugins::getinst();
$user = $p->d->getrow('SELECT * FROM users WHERE name="' . $pg . '";');
if ($user->account_id == $_SESSION['datiaccount']['id']) {
$t = new template('template/mod_pg.tpl');
$t->assign_var('PG_NAME', $pg);
if ($_POST) {
$query = 'UPDATE users SET description="' . $_POST['desc'] . '",image="' . $_POST['image'] . '" WHERE name="' . $pg . '";';
$upd = $p->d->query($query);
if (!$upd) {
$t->start_block('mod_failed');
$t->end_block('mod_failed');
} else {
$t->start_block('mod_success');
$t->end_block('mod_success');
}
} else {
$t->start_block('mod_failed');
$t->end_block('mod_failed');
}
$p->action('mod_pg');
$t->out();
}
}
static function page_login()
{
$p = plugins::getinst();
$t = new template('template/login.tpl');
$t->assign_var('TITLE', 'Login Page');
//Controllo che siano stati postati nome utente e password
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = mysql_real_escape_string($_POST['username']);
//Controllo che l'utente con la password scelta esista
$dati = $p->d->getrow("SELECT * FROM accounts WHERE username='******' AND password='******'password']) . "';");
if ($dati) {
//Aggiorno le variabili di sessione per l'account
$_SESSION['username'] = $username;
$_SESSION['datiaccount'] = get_object_vars($dati);
$_SESSION['stanza'] = 1;
$_SESSION['password'] = $_POST['password'];
//Controllo i dati di master e admin
if ($dati->admin == 1) {
$_SESSION['admin'] = 1;
}
if ($dati->master == 1) {
$_SESSION['master'] = 1;
}
//Inserisco l'utente nelle sessioni
if ($p->d->query("INSERT INTO sessioni SET session_id='" . session_id() . "',username='******',chat_id=1,chat_name='" . $p->d->getvar('SELECT name FROM stanze WHERE id=1;') . "',last_time='" . (time() + 60 * 10) . "',pg_id=0 ;") > 0) {
//Eseguo l'azione "login_success"
$t->start_block('login_success');
$p->action('login_success');
$t->end_block('login_success');
} else {
//Eseguo l'azione "login_failed"
$t->start_block('login_failed');
$p->action('login_failed');
$t->end_block('login_failed');
}
} else {
//Eseguo l'azione "login_failed"
$t->start_block('login_failed');
$p->action('login_failed');
$t->end_block('login_failed');
}
} else {
//Non sono stati inviati nome utente e password: visualizzo il form per il login
$t->start_block('login_form');
$t->assign_block_var('ACTION', $_SERVER['PHP_SELF']);
//Eseguo l'azione "login_form"
$p->action('login_form');
$t->end_block('login_form');
}
$t->out();
}
/**
* @param template $template
* @param string $query_where
* @param int $query_limit
*/
function nws_render(&$template, $query_where = '', $query_limit = 20)
{
global $config, $user;
$announce_list = doquery("SELECT a.*, UNIX_TIMESTAMP(`tsTimeStamp`) AS unix_time, u.authlevel, s.*\n FROM\n {{announce}} AS a\n LEFT JOIN {{survey}} AS s ON s.survey_announce_id = a.idAnnounce\n LEFT JOIN {{users}} AS u ON u.id = a.user_id\n {$query_where}\n ORDER BY `tsTimeStamp` DESC, idAnnounce" . ($query_limit ? " LIMIT {$query_limit}" : ''));
$template->assign_var('NEWS_COUNT', db_num_rows($announce_list));
$users = array();
while ($announce = db_fetch($announce_list)) {
if ($announce['user_id'] && !isset($users[$announce['user_id']])) {
$users[$announce['user_id']] = db_user_by_id($announce['user_id']);
}
$survey_vote = array('survey_vote_id' => 1);
$survey_complete = strtotime($announce['survey_until']) < SN_TIME_NOW;
if ($announce['survey_id'] && !empty($user['id'])) {
$survey_vote = !$survey_complete ? $survey_vote = doquery("SELECT `survey_vote_id` FROM `{{survey_votes}}` WHERE survey_parent_id = {$announce['survey_id']} AND survey_vote_user_id = {$user['id']} LIMIT 1;", true) : array();
}
$announce_exploded = explode("<br /><br />", cht_message_parse($announce['strAnnounce'], false, intval($announce['authlevel'])));
$template->assign_block_vars('announces', array('ID' => $announce['idAnnounce'], 'TIME' => date(FMT_DATE_TIME, $announce['unix_time'] + SN_CLIENT_TIME_DIFF), 'ANNOUNCE' => cht_message_parse($announce['strAnnounce'], false, intval($announce['authlevel'])), 'DETAIL_URL' => $announce['detail_url'], 'USER_NAME' => isset($users[$announce['user_id']]) && $users[$announce['user_id']] ? player_nick_render_to_html($users[$announce['user_id']], array('color' => true)) : js_safe_string($announce['user_name']), 'NEW' => $announce['unix_time'] + $config->game_news_actual >= SN_TIME_NOW, 'FUTURE' => $announce['unix_time'] > SN_TIME_NOW, 'SURVEY_ID' => $announce['survey_id'], 'SURVEY_TEXT' => $announce['survey_question'], 'SURVEY_CAN_VOTE' => empty($survey_vote) && !$survey_complete, 'SURVEY_COMPLETE' => $survey_complete, 'SURVEY_UNTIL' => $announce['survey_until']));
foreach ($announce_exploded as $announce_paragraph) {
$template->assign_block_vars('announces.paragraph', array('TEXT' => $announce_paragraph));
}
if ($announce['survey_id']) {
$survey_query = doquery("SELECT survey_answer_text AS `TEXT`, count(DISTINCT survey_vote_id) AS `VOTES`\n FROM `{{survey_answers}}` AS sa\n LEFT JOIN `{{survey_votes}}` AS sv ON sv.survey_parent_answer_id = sa.survey_answer_id\n WHERE sa.survey_parent_id = {$announce['survey_id']}\n GROUP BY survey_answer_id\n ORDER BY survey_answer_id;");
$survey_vote_result = array();
$total_votes = 0;
while ($row = db_fetch($survey_query)) {
$survey_vote_result[] = $row;
$total_votes += $row['VOTES'];
}
if (empty($survey_vote) && !$survey_complete) {
// Can vote
$survey_query = doquery("SELECT * FROM {{survey_answers}} WHERE survey_parent_id = {$announce['survey_id']} ORDER BY survey_answer_id;");
while ($row = db_fetch($survey_query)) {
$template->assign_block_vars('announces.survey_answers', array('ID' => $row['survey_answer_id'], 'TEXT' => $row['survey_answer_text']));
}
} else {
// Show result
foreach ($survey_vote_result as &$vote_result) {
$vote_percent = $total_votes ? $vote_result['VOTES'] / $total_votes * 100 : 0;
$vote_result['PERCENT'] = $vote_percent;
$vote_result['PERCENT_TEXT'] = round($vote_percent, 1);
$vote_result['VOTES'] = pretty_number($vote_result['VOTES']);
$template->assign_block_vars('announces.survey_votes', $vote_result);
}
}
// Dirty hack
$template->assign_block_vars('announces.total_votes', array('TOTAL_VOTES' => $total_votes));
}
}
}
function guestbook()
{
global $p, $t, $game_name;
$t = new template('template/guestbook.tpl');
$t->assign_var('NAME', $game_name);
if (!empty($_POST['message'])) {
$username = mysql_real_escape_string(htmlentities($_POST['username']));
$text = mysql_real_escape_string(htmlentities($_POST['message']));
$query = 'INSERT INTO guestbook SET username="******",text="' . $text . '",time=NOW();';
if ($p->d->query($query)) {
$t->to_comp['new_success'][] = array();
}
}
$select = 'SELECT * FROM guestbook ORDER BY time DESC;';
$messaggi = $p->d->getresults($select);
foreach ($messaggi as $m) {
$t->to_comp['message'][] = array('USERNAME' => $m->username, 'MESSAGE' => $m->text);
}
$t->out();
}
static function chat()
{
$p = plugins::getinst();
$stanza = $_SESSION['stanza'];
//prendo l'id della chat
$chat = $p->d->getrow('SELECT name,other FROM stanze WHERE id="' . $stanza . '";');
//la trovo sul db
if ($chat) {
//se c'è
//se ha un contenuto in html, lo visualizzo al posto del frameset della chat usando un altro template
if ($chat->other) {
$t = new template('template/chat_body_other.tpl');
$t->assign_var('TEXT', stripslashes($chat->other));
} else {
$t = new template('template/chat.tpl');
}
$p->action('chat');
@$t->out();
} else {
echo 'Stanza non presente...<br/><a href="' . config::game_dir . '/plugins.php/main" target="_top">torna alla pagina principale</a>';
}
}
{
@include($phpbb_root_path . 'includes/hooks/' . $hook . '.' . $phpEx);
}
}
else
{
$phpbb_hook = false;
}
// Set some standard variables we want to force
$config = array(
'load_tplcompile' => '1'
);
$template->set_custom_template('../adm/style', 'admin');
$template->assign_var('T_TEMPLATE_PATH', '../adm/style');
// the acp template is never stored in the database
$user->theme['template_storedb'] = false;
$install = new module();
$install->create('install', "index.$phpEx", $mode, $sub);
$install->load();
// Generate the page
$install->page_header();
$install->generate_navigation();
$template->set_filenames(array(
'body' => $install->get_tpl_name())
} else {
require $phpbb_root_path . 'includes/acm/acm_file.' . $phpEx;
require $phpbb_root_path . 'includes/auth.' . $phpEx;
require $phpbb_root_path . 'includes/cache.' . $phpEx;
require $phpbb_root_path . 'includes/session.' . $phpEx;
// Create the user.
$user = new user();
$auth = new auth();
$cache = new cache();
}
// We need to set the template here.
$template = new template();
$template->set_custom_template('style', 'qi');
$profiles = $settings->get_profiles();
if (empty($profiles['count'])) {
$template->assign_var('S_NO_PROFILE', true);
$page = $page == 'main' || $page == '' ? 'settings' : $page;
}
$template->assign_var('CONFIG_TEXT', false);
// If there is a language selected in the dropdown menu in settings it's sent as GET, then igonre the hidden POST field.
if (isset($_GET['lang'])) {
$language = request_var('lang', '');
} else {
if (!empty($_POST['sel_lang'])) {
$language = request_var('sel_lang', '');
} else {
$language = '';
}
}
$settings->apply_language($language);
// Updated settings?
static function account_switch($action = '')
{
/* prendo l'istanza della classe plugin dal singleton | Call Singleton Plugin */
$p = plugins::getinst();
/* prendo l'id dell'account | gain account id
* TODO Fix filtraggio input
*/
$account_id = $_SESSION['datiaccount']['id'];
$t = new template('template/account_switch.tpl');
/* se si vuole usare un utente | "Use a User Profile" Action */
if ($action == 'use_user') {
/* vedo se esiste l'utente selezionato e se è dell'account che lo ha selezionato | Check existance and proprietary account on selected one
* TODO Fix filtraggio input
*/
$cond = $p->d->getrow('SELECT COUNT(id) AS count, account_id FROM users WHERE id="' . mysql_real_escape_string($_POST['pg_id']) . '" GROUP BY id;');
/* se supera l'if metto nella sessione i dati del pg separati da quelli dell'account, cambio pg_id nella tabella sessioni e mando l'utente alla pagina main |
* save usre data out of account data, update pg_id in session table, redirect to main page */
if ($cond->count > 0 && $cond->account_id == $_SESSION['datiaccount']['id']) {
$_SESSION['datiuser'] = get_object_vars($p->d->getrow('SELECT * FROM users WHERE id="' . $_POST['pg_id'] . '";'));
$updsess = $p->d->query('UPDATE sessioni SET pg_id="' . $_POST['pg_id'] . '" WHERE session_id="' . session_id() . '";');
header('Location:' . config::game_dir . '/plugins.php/main');
/* command to redirect */
}
}
/* se si vuole cambiare la password | Change Password OF FULL ACCOUNT */
if ($action == 'change_pwd') {
/* cripto in md5 quella nuova | md5 encript
* TODO Fix filtraggio input
*/
$password = md5(mysql_real_escape_string($_POST['password']));
/* faccio l'update della password sul db | update query */
$query = 'UPDATE accounts SET password="******",last_change_pwd=NOW() WHERE id="' . $account_id . '";';
if ($p->d->query($query) > 0) {
$t->block_null('new_password_success');
} else {
$t->block_null('new_password_failed');
}
}
/* se si vuole creare un nuovo utente | New User */
if ($action == 'new_user') {
/* prendo tutti i dati passati in POST e li passo a mysql_real_escape_string e htmlentities per evitare XSS e SQL injections | Input filtering
* TODO Fix filtraggio input
*/
$name = mysql_real_escape_string(htmlentities($_POST['name']));
$surname = mysql_real_escape_string(htmlentities($_POST['surname']));
$sex = mysql_real_escape_string(htmlentities($_POST['sex']));
$race = mysql_real_escape_string(htmlentities($_POST['race']));
/* vedo se sono stati riempiti tutti i campi | no empty fields */
if ($name == NULL || ($surname = NULL || $sex == NULL || $race == NULL)) {
die('Non hai riempito tutti i campi <br/> <a href="javascript:history.back();">torna indietro</a>');
}
/* java function to reload form */
/* controllo che il personaggio non esista già | Check in DB for duplicate entries */
if ($p->d->getvar('SELECT COUNT(id) as count FROM users WHERE name="' . $name . '";') > 0) {
die('Il personaggio che vuoi creare esiste già! <br/> <a href="javascript:history.back();">torna indietro</a>');
}
/* vedo se l'utente ha già raggiunto il massimo di pg consentiti (settati nel config) | check for max number of users in account */
if ($p->d->getvar('SELECT COUNT(*) FROM users WHERE account_id="' . $account_id . '";') < config::max_pg) {
/* creo il pg e lo collego all'account che lo ha creato | add user in db and link it to account */
$query = 'INSERT INTO users SET account_id="' . $account_id . '",name="' . $name . '",surname="' . $surname . '",sex="' . $sex . '",race="' . $race . '";';
$p->d->query($query);
/* faccio un refresh della pagina, per evitare che lo faccia manualmente l'utente creando un'altro utente vuoto | force a refresh so no duplicate entries for hand-made refreshes */
header('Location:' . config::game_dir . '/plugins.php/account_switch');
} else {
echo 'Hai raggiunto il numero massimo di personaggi consentiti... <br/> <a href="javascript:history.back();">torna indietro</a>';
}
/* | if already has all slot full display a warning and rollback */
}
/* assegno l'account id e il path di questa pagina al template | view init: assign account id and path to template */
$t->assign_var('ID', $account_id);
$t->assign_var('ACTION', config::game_dir . '/plugins.php/account_switch');
/* | Check for last changed password
* TODO Fix filtraggio input
*/
$time_password = $p->d->getvar('SELECT COUNT(id) FROM accounts WHERE id="' . $_SESSION['datiaccount']['id'] . '" AND last_change_pwd < (NOW() - INTERVAL 6 MONTH);');
if ($time_password > 0) {
$t->block_null('change_password');
}
/* seleziono i pg dell'utente | extract from db account's pc */
$users = $p->d->getresults('SELECT * FROM users WHERE account_id="' . $account_id . '" LIMIT 0,' . config::max_pg . ';');
/* se ce ne sono li aggiungo al template | if any add it to template */
if (count($users) > 0) {
foreach ($users as $user) {
$t->start_block('user');
$t->assign_block_vars(array('PG_ID' => $user->id, 'PG_NAME' => $user->name, 'PG_SURNAME' => $user->surname, 'PG_IMAGE' => $user->image, 'PG_DESC' => isset($user->description) ? $user->description : 'nessuna descrizione'));
$t->end_block('user');
/* assegnazioni per gli editor in-place per le modifiche dei PG | set editor-in-place for PC mod */
$t->block_assign('javascript_inplace_row_surname', 'ID', $user->id);
$t->block_assign('javascript_inplace_row_desc', 'ID', $user->id);
}
}
/* se il numero di utenti è minore del numero massimo consentito visualizzo il form di creazione pg | If
* number of current pc is less than max allowed per account, show new PC form */
if (count($users) < config::max_pg) {
/* | Use config constant to perform check */
$query = 'SELECT * FROM razze WHERE evolution!=1;';
/* TODO implementare uso delle sottorazze e razze avanzate */
$races = $p->d->getresults($query);
/* ogni razza a cui sia possibile aggiungere il pg è aggiunta nel template | add any pc's allowed race to template */
$t->start_block('new_user_form');
foreach ($races as $race) {
$t->block_assign('race_row', array('RACE_ID' => $race->id, 'RACE_NAME' => $race->name));
}
$t->end_block('new_user_form');
}
// endif
$t->out();
}
static function mp_new_form($user = '')
{
global $t;
$p = plugins::getinst();
$t = new template('template/mp_new_form.tpl');
$t->assign_var('TO', $user);
$p->action('mp_new_form');
@$t->out();
}
static function edit_post($forum_id = 0, $id = 0)
{
$p = plugins::getinst();
if ($id != 0) {
$t = new template('template/forum_message.tpl');
$t->assign_var('FORUM_ID', $forum_id);
//controllo se la bacheca è riservata al master e in caso controllo che l'utente lo sia
if ($p->d->getvar('SELECT master FROM forums WHERE id="' . $forum_id . '";') == 1 && control_access(MASTER_ACCESS) != 1) {
$t->start_block('access_denied');
$t->end_block('access_denied');
} else {
$post = $p->d->getrow('SELECT * FROM posts WHERE id="' . $id . '"');
if (!$_POST) {
$t->start_block('message_form');
if ($post->title != NULL && $post->topic_id == 0) {
$t->block_assign('is_topic', 'TOPIC_TITLE', $post->title);
}
$t->assign_block_var('TEXT', $post->text);
$t->assign_block_var('SUBMIT_TEXT', 'modifica messaggio');
$t->assign_block_var('ACTION', '{ROOT}/plugins.php/edit_post/' . $forum_id . '/' . $id);
$t->end_block('message_form');
} else {
if (isset($_POST['title'])) {
$title = mysql_real_escape_string(htmlentities($_POST['title']));
} else {
$title = $post->title;
}
$text = $p->filter('topic_message_edited', mysql_real_escape_string(htmlentities($_POST['text'])));
$query = 'UPDATE posts SET title="' . $title . '",text="' . $text . '" WHERE id="' . $id . '"';
$res = $p->d->query($query);
if ($res > 0) {
$t->block_assign('success', 'TEXT_SUCCESS', 'Messaggio modificato!');
} else {
$t->block_assign('failed', 'TEXT_FAILED', 'Messaggio NON modificato: ' . mysql_error());
}
}
}
$t->out();
}
}
require $phpbb_root_path . 'includes/utf/utf_tools.' . $phpEx;
// Set PHP error handler to ours
set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');
// Instantiate some basic classes
$user = new user();
$auth = new auth();
$template = new template();
$cache = new cache();
$db = new $sql_db();
// Connect to DB
$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, defined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK : false);
$GLOBALS['db'] = $db;
// We do not need this any longer, unset for safety purposes
unset($dbpasswd);
// Grab global variables, re-cache if necessary
$config = $cache->obtain_config();
// Add own hook handler
require $phpbb_root_path . 'includes/hooks/index.' . $phpEx;
$phpbb_hook = new phpbb_hook(array('exit_handler', 'phpbb_user_session_handler', 'append_sid', array('template', 'display')));
foreach ($cache->obtain_hooks() as $hook) {
@(include $phpbb_root_path . 'includes/hooks/' . $hook . '.' . $phpEx);
}
require_once dirname(__FILE__) . '/../../library/functions.php';
$css = '';
$dir = dirname(__FILE__);
foreach (glob(dirname(__FILE__) . '/styles/pi/theme/*.css') as $val) {
$val = str_replace($dir, '', $val);
$css .= '<link href="' . $val . '" rel="stylesheet" type="text/css"/>';
}
$template->assign_var('CSS', $css);
