function BlockPlayer($check, $sid, $num, $type, $length) { $objResponse = new xajaxResponse(); global $userbank, $username; $sid = (int) $sid; $length = (int) $length; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to process a playerblock, but doesnt have access."); return $objResponse; } //get the server data $sdata = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); //test if server is online if ($test = @fsockopen($sdata['ip'], $sdata['port'], $errno, $errstr, 2)) { @fclose($test); require_once INCLUDES_PATH . "/CServerRcon.php"; $r = new CServerRcon($sdata['ip'], $sdata['port'], $sdata['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "' LIMIT 1;"); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'>Wrong RCON Password, please change!</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } $ret = $r->rconCommand("status"); // show hostname instead of the ip, but leave the ip in the title require_once "../includes/system-functions.php"; $hostsearch = preg_match_all('/hostname:[ ]*(.+)/', $ret, $hostname, PREG_PATTERN_ORDER); $hostname = trunc(htmlspecialchars($hostname[1][0]), 25, false); if (!empty($hostname)) { $objResponse->addAssign("srvip_{$num}", "innerHTML", "<font size='1'><span title='" . $sdata['ip'] . ":" . $sdata['port'] . "'>" . $hostname . "</span></font>"); } $gothim = false; $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); //search for the steamid on the server foreach ($matches[3] as $match) { if (substr($match, 8) == substr($check, 8)) { // gotcha!!! kick him! $gothim = true; $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_comms` SET sid = '" . $sid . "' WHERE authid = '" . $check . "' AND RemovedBy IS NULL;"); $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.blockit.php")); $kick = $r->sendCommand("sc_fw_block " . $type . " " . $length . " " . $match); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Player Found & blocked!!!</u></b></font>"); $objResponse->addScript("set_counter('-1');"); return $objResponse; } } if (!$gothim) { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font size='1'>Player not found.</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } } else { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'><i>Can't connect to server.</i></font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } }
function login($data) { //global $tpl; $objResponse = new xajaxResponse(); include 'settings/tables.php'; /* Crypt Password with MD5 Method */ $pw_crypted = MD5(mysql_real_escape_string($data['password'])); //encrypt password with MD5 $email = mysql_real_escape_string($data['email']); /******************************************/ /* Create Object :: EXIST */ $logon = new CheckExist(); /******************************************/ /* Check :: EXIST */ $logon->tableE = $tbl_users; $logon->conditionE = " UserEmail = '" . $email . "' && UserPass = '******' && activation_code = '' "; $CheckData = $logon->exist(); /******************************************/ /* Change Status :: Login successful or failed */ if ($CheckData == 1) { $logon->email = $email; $logon->pw = $pw_crypted; $logon->tbl_users = $tbl_users; //setcookie if (isset($data['autologon'])) { $logon->cookie_duration = 1; } else { $logon->cookie_duration = 0; } $logon->cookieset('ly'); $objResponse->Script("document.getElementById('submit_login').onclick()"); $objResponse->redirect(ROOT_DIR); //return true; } else { $logon->email = ''; $logon->pw = ''; //$logon->cookieset('l'); $objResponse->assign("p_logon_failure", "style.display", 'block'); $objResponse->assign("p_logon_failure", "innerHTML", "Login information could not be verified.<br> Please try it again."); //TODO move string to language file //$tpl->display("logon/login.tpl"); //return false; } unset($logon); /******************************************/ return $objResponse; }
function reguser($form) { global $db, $tablepre, $onlineip; $obj = new xajaxResponse(); $usernamereg = '/^\\s*$|^c:\\con\\con$|[%,\\*\\"\\s\\t\\<\\>\\&]|\\xA1\\xA1|\\xAC\\xA3|^guest|^\\xD3\\xCE\\xBF\\xCD|\\xB9\\x43\\xAB\\xC8/i'; $emailreg = '/^(([^<>()[\\]\\.,;:\\s@"\']+(\\.[^<>()[\\]\\.,;:\\s@"\']+)*)|("[^"\']+"))@((\\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\])|(([a-zA-Z\\d\\-]+\\.)+[a-zA-Z]{2,}))$/'; $username = addslashes(trim($form['username'])); $password = trim($form['password']); $email = trim($form['email']); if (empty($username) || preg_match($usernamereg, $username) || strlen($username) < 3 || strlen($username) > 15 || preg_match("~/|\\|\\'|\"~", $password) || strlen($password) < 6 || strlen($password) > 20 || !preg_match($emailreg, $email)) { return $obj->redirect(WEB_URL); } $sql = "SELECT * FROM `{$tablepre}members` where username='******' or (regip='{$onlineip}' AND DATE(regdate)=CURDATE())"; $query = $db->query($sql) or error('Unable to fetch member.', __FILE__, __LINE__, $db->error()); if ($db->num_rows($query)) { return $obj->script("\$('chk_stat').className = d_err;\$('chk_stat').setHTML('此ID已被注册或者您今天已经注册过会员,请勿多次提交申请。');\$('regbotton').disabled = 'disabled';"); } $sql = "INSERT INTO `{$tablepre}members` (username,password,email,regdate,regip) VALUES ('{$username}',MD5('{$password}'),'{$email}',now(),'{$onlineip}')"; $db->query($sql) or error('Unable to insert into member.', __FILE__, __LINE__, $db->error()); $uid = $db->insert_id(); $db->query("INSERT INTO `{$tablepre}box` (uid,time) VALUES ('{$uid}',now())") or error('Unable to insert into box.', __FILE__, __LINE__, $db->error()); $db->query("INSERT INTO `{$tablepre}memberdata` (uid,username,lastloginip,lastvisit) VALUES ('{$uid}','{$username}','{$onlineip}',UNIX_TIMESTAMP())"); $obj->script("\$('regbotton').disabled = 'disabled';alert('注册成功!');"); return $obj; }
/** * @deprecated #0015627 */ function AddOpinion($source_uid, $dest_uid, $message, $rating, $counter, $from = 'frl') { return false; $source_uid = get_uid(false); $objResponse = new xajaxResponse(); $message = trim($message); if (!in_array($rating, array(-1, 0, 1))) { $objResponse->assign('rating_error', 'innerHTML', 'Вы не выбрали категорию отзыва'); } elseif (opinions::CheckUserCanPost($source_uid, $dest_uid) != 0) { // левый пользователь } elseif ($message == '') { $objResponse->script("opinionFormError('error_msg');"); } elseif (strlen($message) > opinions::$opinion_max_length) { $objResponse->script("opinionMaxLengthError('msg', " . opinions::$opinion_max_length . ');'); } else { $message = str_replace('&', '&', $message); $message = stripslashes($message); $message = change_q_x($message, FALSE, TRUE, '', false, false); $error = opinions::NewMsg($source_uid, $dest_uid, $message, $rating, getRemoteIP(), $new_id); if (!$error) { $msg = opinions::GetLastMessage($source_uid, $dest_uid); if ($msg) { $user = new users(); $user->GetUserByUID($dest_uid); $objResponse->remove('form_container'); if (is_emp() && $from == 'frl' || !is_emp() && $from == 'emp') { $from = $from == 'frl' ? 'emp' : 'frl'; $objResponse->redirect("/users/{$user->login}/opinions/?from={$from}#o_{$new_id}"); return $objResponse; } $objResponse->prepend('messages_container', 'innerHTML', opinions::printTheme($msg, $from, $counter, $user)); $objResponse->prepend('messages_container', 'innerHTML', opinions::printAddForm($source_uid, $dest_uid, $from)); $nt = $rating == 1 ? 'plus' : ($rating == -1 ? 'minus' : 'neitral'); $objResponse->call('opinionChConuters', NULL, 'ops-' . $from . $nt); $objResponse->script("opinionCheckMaxLengthStop('msg');"); $objResponse->assign('no_messages', 'innerHTML', ''); } else { $objResponse->script("alert('" . serialize($msg) . "')"); } } else { $objResponse->script("alert('" . $error . "')"); } } return $objResponse; }
function addV($vF) { global $db; $resp = new xajaxResponse(); $title = $vF['name']; if (!$title) { return $resp->alert('标题为空'); } $query = $db->query("INSERT INTO `vote` SET `title` = '{$title}'") or error('Unable to insert vote data', __FILE__, __LINE__, $db->error()); $insert_id = $db->get_insert_id(); foreach ($vF['add'] as $v) { $db->query("INSERT INTO `vote` values (null,'{$v}',0,0,{$insert_id})") or error('Unable to insert vote data', __FILE__, __LINE__, $db->error()); } $resp->alert("添加成功!"); $resp->redirect('vote_manager.php'); //$resp->alert(print_r($vF['add'],true)); return $resp->getXML(); }
public function loginAjax($aData) { $oResp = new xajaxResponse(); // walidacja danych $oValidator = new Module_Validator(); $oValidator->field('type_id', $iTypeId)->rules('required|toint|not[0]'); $oValidator->field('type_name', $sValue)->rules('required|hsc'); if ($oValidator->validate()) { } else { } $oUser = Model_User::tryCreate($aData['login']); $sPassHash = md5($aData['password'] . 'fibonacci98765434567'); if ($oUser !== null && $this->oAuth->login($oUser, $sPassHash)) { $oResp->redirect($this->getPageUrl('/')); } else { $oResp->assign('error_msg', 'innerHTML', 'Incorrect name or password'); } return $oResp; }
function myFunction($post) { $usuario = htmlentities($post['login']); $clave = htmlentities($post['password']); $db = new MySQL(); $resultado = $db->consulta("Select vUsuClave,TipoUsuario_iTiUsuarioIdTipoUsuario from usuarios where vUsuUsuario='" . $usuario . "'"); $filas = $db->num_rows($resultado); $respuesta = new xajaxResponse(); if ($filas > 0) { $row = mysql_fetch_assoc($resultado); if ($row['vUsuClave'] == hash_hmac('md5', $clave, 'tesis')) { $resultado2 = $db->consulta("Select vUrl from tipousuario where iTiUsuarioIdTipoUsuario='" . $row['TipoUsuario_iTiUsuarioIdTipoUsuario'] . "' and Estado='A'"); $row2 = mysql_fetch_assoc($resultado2); $respuesta->redirect($_configuration['root_web'] . $row2['vUrl']); } else { $respuesta->assign("mensaje", "innerHTML", "<div id='login_fail'>Contraseña Incorrecta</div>"); } } else { $respuesta->assign("mensaje", "innerHTML", "<div id='login_fail'>Usuario Incorrecto</div>"); } return $respuesta; }
function SendMessage($sid, $name, $message) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->is_admin()) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Ошибка доступ", $username . " пытался отправить для '" . addslashes(htmlspecialchars($name)) . "' сообщение (\"" . RemoveCode($message) . "\"), не имея на это прав."); return $objResponse; } $sid = (int) $sid; require INCLUDES_PATH . '/CServerRcon.php'; //get the server data $data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); if (empty($data['rcon'])) { $objResponse->addScript("ShowBox('Ошибка', 'Невозможно отправить сообщение для " . addslashes(htmlspecialchars($name)) . ". Не задан РКОН пароль!', 'red', '', true);"); return $objResponse; } $r = new CServerRcon($data['ip'], $data['port'], $data['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';"); $objResponse->addScript("ShowBox('Ошибка', 'Невозможно отправить сообщение для " . addslashes(htmlspecialchars($name)) . ". Неверноый РКОН пароль!', 'red', '', true);"); return $objResponse; } $ret = $r->sendCommand('sm_psay "' . $name . '" "' . addslashes($message) . '"'); new CSystemLog("m", "Сообщение отправлено", "Следующее сообщение было отправлено " . addslashes(htmlspecialchars($name)) . " на сервер " . $data['ip'] . ":" . $data['port'] . ": " . RemoveCode($message)); $objResponse->addScript("ShowBox('Сообщение отправлено', 'Сообщение для \\'" . addslashes(htmlspecialchars($name)) . "\\' успешно отправлено!', 'green', '', true);\$('dialog-control').setStyle('display', 'block');"); return $objResponse; }
function closePopup() { $objResponse = new xajaxResponse(); $objResponse->remove("popup"); $objResponse->removeCSS('includes/layout/overlay.css'); if ($_SESSION['popup_close_redirect'] == 'yes') { $project7 = new editsee_App(); $_SESSION['popup_close_redirect'] = ''; $_SESSION['temp_theme'] = ''; $objResponse->redirect($project7->get_config('es_main_url')); } return $objResponse; }
function LiveMessage($a) { global $db; $sessionid = $_SESSION['sessionid']; $name = htmlspecialchars($a['name']); $email = htmlspecialchars($a['email']); $country = htmlspecialchars($a['country']); $phone = htmlspecialchars($a['phone']); $departmentid = htmlspecialchars($a['departmentid']); $message = htmlspecialchars($a['message']); $timestamp = time(); $ip = $_SERVER['REMOTE_ADDR']; $sql = "INSERT INTO `chat` (`sessionid`,`name`,`email`,`phone`,`departmentid`,`message`,`timestamp`,`ip`,`status`) VALUES('" . $sessionid . "','" . $name . "','" . $email . "','" . $phone . "','" . $departmentid . "','" . $message . "','" . $timestamp . "','" . $ip . "','2')"; $db->query($sql); $sql = "DELETE FROM `sessions` WHERE `id`='" . $sessionid . "'"; $db->query($sql); $text = "<?php echo $lang[shout_success]?>\n"; $objResponse = new xajaxResponse('utf-8'); $objResponse->addAssign('content', 'innerHTML', $text); $objResponse->redirect('../', 5); return $objResponse; }
function deleteDirection($id) { session_start(); if (!hasPermissions('seo')) { return false; } $objResponse = new xajaxResponse(); $id = intval($id); if (!$id) { $objResponse->alert('Идентификатор направления не указан'); return $objResponse; } $seo = new seo(); if (!$seo->deleteDirection($id)) { $objResponse->alert('Ошибка удаления'); return $objResponse; } $objResponse->redirect('/catalog/admin/?direction=-1'); return $objResponse; }
function redirect() { $objResponse = new xajaxResponse(); $objResponse->redirect("http://www.xajaxproject.org"); return $objResponse; }
function rate($site, $id, $rating) { global $memcache; global $duration; global $_COOKIE; global $tpl; include 'settings/tables.php'; $objResponse = new xajaxResponse(); if (!isset($_COOKIE["l"])) { $objResponse->redirect(ROOT_DIR); return $objResponse; } $l["token"] = substr($_COOKIE["l"], 3, -35); $mem_key1 = "user_data_" . $l["token"]; $user_data = $memcache->get($mem_key1); $mem_key2 = "trigger_f_" . $l["token"]; $trigger_f = $memcache->get($mem_key2); include 'modules/logon/get_userdata.php'; $mem_key3 = "ay_flashes_voted_" . $l["token"]; $mem_key4 = "ay_flashes_rated_" . $l["token"]; $ay_flashes_voted = $memcache->get($mem_key3); $ay_flashes_rated = $memcache->get($mem_key4); $ay_flash_cats = $memcache->get('ay_flash_cats'); include 'modules/flash/flashfeed_add.php'; if ($site == 'flash') { $likes_str = 'p_likes_' . $id; $dislikes_str = 'p_dislikes_' . $id; $rate_str = 'p_rate_' . $id; $upd_data = new ModifyEntry(); $upd_data->table = $tbl_flashes; $upd_data->condition = " ID = '{$id}' "; if ($rating == "like") { $upd_data->changes = " likes = likes+1, rating = rating+1 "; } if ($rating == "dislike") { $upd_data->changes = " dislikes = dislikes+1, rating = rating-1 "; } $upd_data->update(); unset($upd_data); $ins_data = new ModifyEntry(); $ins_data->table = $tbl_flash_ratings; $ins_data->cols = 'flashID, userID, rating'; $ins_data->values = " '{$id}', '" . $user_data['ID'] . "', '{$rating}' "; $ins_data->insert(); unset($ins_data); $flash_result = new SelectEntrys(); $flash_result->cols = 'likes, dislikes'; $flash_result->table = $tbl_flashes; $flash_result->condition = " ID = '{$id}' "; $flash_result->multiSelect = 1; $ay_flash_result = $flash_result->row(); unset($flash_result); $ay_flashes_rated[] = $id; sort($ay_flashes_rated); $mem_key4 = "ay_flashes_rated_" . $l["token"]; $memcache->replace($mem_key4, $ay_flashes_rated, false); $objResponse->assign($rate_str, "style.display", 'none'); $objResponse->assign($likes_str, "innerHTML", $ay_flash_result[0]['likes']); $objResponse->assign($dislikes_str, "innerHTML", $ay_flash_result[0]['dislikes']); } return $objResponse; }
function SendMessage($sid, $name, $message) { $objResponse = new xajaxResponse(); global $userbank, $username; if (!$userbank->is_admin()) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried to send ingame message to '" . addslashes(htmlspecialchars($name)) . "' (\"" . RemoveCode($message) . "\"), but doesnt have access."); return $objResponse; } $sid = (int) $sid; require INCLUDES_PATH . '/CServerRcon.php'; //get the server data $data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); if (empty($data['rcon'])) { $objResponse->addScript("ShowBox('Error', 'Can\\'t send message to " . addslashes(htmlspecialchars($name)) . ". No RCON password!', 'red', '', true);"); return $objResponse; } $r = new CServerRcon($data['ip'], $data['port'], $data['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';"); $objResponse->addScript("ShowBox('Error', 'Can\\'t send message to " . addslashes(htmlspecialchars($name)) . ". Wrong RCON password!', 'red', '', true);"); return $objResponse; } $ret = $r->sendCommand('sm_psay "' . $name . '" "' . addslashes($message) . '"'); new CSystemLog("m", "Message sent to player", "The following message was sent to " . addslashes(htmlspecialchars($name)) . " on server " . $data['ip'] . ":" . $data['port'] . ": " . RemoveCode($message)); $objResponse->addScript("ShowBox('Message Sent', 'The message has been sent to player \\'" . addslashes(htmlspecialchars($name)) . "\\' successfully!', 'green', '', true);\$('dialog-control').setStyle('display', 'block');"); return $objResponse; }
/** * @param string $destDiv * @param int $msgId * @return xajaxResponse */ function takeGroupMail($destDiv = 'mod-webmail_inbox', $msgId = 1) { global $prefs, $user, $webmaillib, $module_params; include_once 'lib/webmail/webmaillib.php'; $contactlib = TikiLib::lib('contact'); $categlib = TikiLib::lib('categ'); $tikilib = TikiLib::lib('tiki'); $trklib = TikiLib::lib('trk'); if (isset($_SESSION['webmailinbox'][$destDiv]['module_params'])) { $module_params = $_SESSION['webmailinbox'][$destDiv]['module_params']; } else { $module_params = array(); // TODO error? } $accountid = isset($module_params["accountid"]) ? $module_params['accountid'] : 0; $ls = $webmaillib->refresh_mailbox($user, $accountid, false); $cont = $webmaillib->get_mail_content($user, $accountid, $msgId); $acc = $webmaillib->get_webmail_account($user, $accountid); // make tracker item $m = $ls[$msgId - 1]; $from = $m['from']; $subject = $m['subject']; $realmsgid = $m['realmsgid']; $maildate = $m['date']; $maildate = strtotime($maildate); $objResponse = new xajaxResponse(); // check if already taken $itemid = $trklib->get_item_id($module_params['trackerId'], $module_params['messageFId'], $realmsgid); if ($itemid > 0) { $objResponse->script('doRefreshWebmail();alert("Sorry, that mail has been taken by another operator. Refreshing list...");'); } else { $charset = $prefs['default_mail_charset']; if (empty($charset)) { $charset = 'UTF-8'; } $items['data'][0]['fieldId'] = $module_params['fromFId']; $items['data'][0]['type'] = 't'; $items['data'][0]['value'] = $from; $items['data'][1]['fieldId'] = $module_params['operatorFId']; $items['data'][1]['type'] = 'u'; $items['data'][1]['value'] = $user; $items['data'][2]['fieldId'] = $module_params['subjectFId']; $items['data'][2]['type'] = 't'; $items['data'][2]['value'] = $subject; $items['data'][3]['fieldId'] = $module_params['messageFId']; $items['data'][3]['type'] = 't'; $items['data'][3]['value'] = $realmsgid; $items['data'][4]['fieldId'] = $module_params['contentFId']; $items['data'][4]['type'] = 'a'; $items['data'][4]['value'] = htmlentities($cont['body'], ENT_QUOTES, $charset); $items['data'][5]['fieldId'] = $module_params['accountFId']; $items['data'][5]['type'] = 't'; $items['data'][5]['value'] = $acc['account']; $items['data'][6]['fieldId'] = $module_params['datetimeFId']; $items['data'][6]['type'] = 'f'; // f? $items['data'][6]['value'] = $maildate; $trklib->replace_item($module_params['trackerId'], 0, $items); } // make name for wiki page $pageName = str_replace('@', '_AT_', $m['sender']['email']); $contId = $contactlib->get_contactId_email($m['sender']['email'], $user); // add or update (?) contact $ext = $contactlib->get_ext_by_name($user, tra('Wiki Page'), $contId); if (!$ext) { $contactlib->add_ext($user, tra('Wiki Page'), true); // a public field $ext = $contactlib->get_ext_by_name($user, tra('Wiki Page'), $contId); } $arr = explode(" ", trim(html_entity_decode($m['sender']['name']), '"\' '), 2); if (count($arr) < 2) { $arr[] = ''; } $contactlib->replace_contact($contId, $arr[0], $arr[1], $m['sender']['email'], '', $user, array($module_params['group']), array($ext['fieldId'] => $pageName), true); if (!$contId) { $contId = $contactlib->get_contactId_email($m['sender']['email'], $user); } // make or update wiki page $wikilib = TikiLib::lib('wiki'); if (!$wikilib->page_exists($pageName)) { $comment = 'Generated by GroupMail on ' . date(DATE_RFC822); $description = "Page {$comment} for " . $m['sender']['email']; $data = '!GroupMail case with ' . $m['sender']['email'] . "\n"; $data .= "''{$comment}''\n\n"; $data .= "!!Info\n"; $data .= "Contact info: [tiki-contacts.php?contactId={$contId}|" . $m['sender']['name'] . "]\n\n"; $data .= "!!Logs\n"; $data .= '{trackerlist trackerId="' . $module_params['trackerId'] . '" ' . 'fields="' . $module_params['fromFId'] . ':' . $module_params['operatorFId'] . ':' . $module_params['subjectFId'] . ':' . $module_params['datetimeFId'] . '" ' . 'popup="' . $module_params['fromFId'] . ':' . $module_params['contentFId'] . '" stickypopup="n" showlinks="y" shownbitems="n" showinitials="n"' . 'showstatus="n" showcreated="n" showlastmodif="n" filterfield="' . $module_params['fromFId'] . '" filtervalue="' . $m['sender']['email'] . '"}'; $data .= "\n\n"; $tikilib->create_page($pageName, 0, $data, $tikilib->now, $comment, $user, $tikilib->get_ip_address(), $description); $categlib->update_object_categories(array($categlib->get_category_id('Help Team Pages')), $pageName, 'wiki page'); // TODO remove hard-coded cat name } $objResponse->redirect($wikilib->sefurl($pageName)); return $objResponse; }
function KickPlayer($check, $sid, $num, $type) { $objResponse = new xajaxResponse(); global $userbank, $username; $sid = (int) $sid; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Ошибка доступа", $username . " пытался кого-то кикнуть, не имея на это прав."); return $objResponse; } //get the server data $sdata = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';"); //test if server is online if ($test = @fsockopen($sdata['ip'], $sdata['port'], $errno, $errstr, 2)) { @fclose($test); require_once INCLUDES_PATH . "/CServerRcon.php"; $r = new CServerRcon($sdata['ip'], $sdata['port'], $sdata['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "' LIMIT 1;"); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'>Неверный РКОН!</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } $ret = $r->rconCommand("status"); // show hostname instead of the ip, but leave the ip in the title require_once "../includes/system-functions.php"; $hostsearch = preg_match_all('/hostname:[ ]*(.+)/', $ret, $hostname, PREG_PATTERN_ORDER); $hostname = trunc(htmlspecialchars($hostname[1][0]), 25, false); if (!empty($hostname)) { $objResponse->addAssign("srvip_{$num}", "innerHTML", "<font size='1'><span title='" . $sdata['ip'] . ":" . $sdata['port'] . "'>" . $hostname . "</span></font>"); } $gothim = false; $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); //search for the steamid on the server if ((int) $type == 0) { foreach ($matches[3] as $match) { if (substr($match, 8) == substr($check, 8)) { // gotcha!!! kick him! $gothim = true; $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE authid = '" . $check . "' AND RemovedBy IS NULL;"); $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php")); $kick = $r->sendCommand("kickid " . $match . " \"Вы были забанены, посетите http://" . $_SERVER['HTTP_HOST'] . $requri . " для большей информации.\""); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Игрок найден и кикнут!!!</u></b></font>"); $objResponse->addScript("set_counter('-1');"); return $objResponse; } } } else { if ((int) $type == 1) { // search for the ip on the server $id = 0; foreach ($matches[8] as $match) { $ip = explode(":", $match); $ip = $ip[0]; if ($ip == $check) { $userid = $matches[1][$id]; // gotcha!!! kick him! $gothim = true; $GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE ip = '" . $check . "' AND RemovedBy IS NULL;"); $requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php")); $kick = $r->sendCommand("kickid " . $userid . " \"Вы были забанены, посетите http://" . $_SERVER['HTTP_HOST'] . $requri . " для большей информации.\""); $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Игрок найден и кикнут!!!</u></b></font>"); $objResponse->addScript("set_counter('-1');"); return $objResponse; } $id++; } } } if (!$gothim) { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font size='1'>Игрок не найден.</font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } } else { $objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'><i>Нет соединения с сервером.</i></font>"); $objResponse->addScript('set_counter(1);'); return $objResponse; } }
function resendCode($sbr_id, $stage_id) { require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/pskb.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/memBuff.php'; $sbr_id = __paramValue('int', $sbr_id); $stage_id = __paramValue('int', $stage_id); $objResponse = new xajaxResponse(); $objResponse->script("\$('alert_sms').removeClass('b-layout__txt_color_56bd06').removeClass('b-layout__txt_color_c7271e'); "); if (!$sbr_id) { $objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');"); //$objResponse->alert('Запрос не может быть обработан.'); return $objResponse; } $m = new memBuff(); $lasttime = $m->get(pskb::SMS_RESEND_KEY . $sbr_id); if ($lasttime) { $mins = ceil(($lasttime + 300 - time()) / 60); $objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Еще раз выслать код можно будет через {$mins} минут" . ending($mins, 'у', 'ы', '') . ".');"); //$objResponse->alert("Повторный запрос можно будет сделать примерно через {$mins} минут" . ending($mins, 'у', 'ы', '') ); return $objResponse; } $uid = get_uid(0); if (!$uid) { $objResponse->redirect('/'); return $objResponse; } $sbr = sbr_meta::getInstance(); if (!$sbr->initFromId($sbr_id)) { $objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');"); return $objResponse; } $stage = $sbr->initFromStage($stage_id, false); if (!$stage) { $objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');"); return $objResponse; } if ($uid != $sbr->data['frl_id']) { $objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');"); //$objResponse->alert('Запрос не может быть обработан.'); return $objResponse; } $pskb = new pskb($sbr); if (!$pskb->resendCode($stage)) { $objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Не удалось выслать код.');"); //$objResponse->alert('Ошибка запроса. Попробуйте еще раз.'); return $objResponse; } $m->set(pskb::SMS_RESEND_KEY . $sbr_id, time(), 300); $objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_56bd06'); \n \$('alert_sms').set('html', 'Код отправлен повторно.');\n \$('send_sms').destroy();\n \$('resend_sms').set('html', 'Еще раз выслать код можно будет через 5 минут.')"); //$objResponse->alert('Код отправлен повторно.'); if (defined('PSKB_TEST_MODE')) { $objResponse->script('document.location.reload();'); } return $objResponse; }
function insertdata($table, $data, $special = 0) { //global $tpl; global $memcache; global $l; global $tpl; global $user_data; global $getmonth; $objResponse = new xajaxResponse(); //include('settings/template.php'); include 'settings/tables.php'; if ($user_data == '' || !isset($user_data)) { require_once 'lib/functions/get_userdata.php'; } //enter new diary entry if ($table == $tbl_diary) { if ($special == 1) { $html = $tpl->fetch("modules/improve/diary/add_pin.tpl"); // $objResponse->assign("add_pin","style.className",'pin'); $objResponse->assign("add_pin", "innerHTML", $html); $objResponse->includeScript("js/pinterest.js"); $objResponse->call("m_reload"); } else { if ($data['image_file'] != '') { $objResponse->script("document.forms['insert'].submit();"); } else { $mysqldate = date('Y-m-d H:i:s', time()); $diary_note = mysql_real_escape_string(strip_tags($data['note'])); //insert new entry $diary = new ModifyEntry(); $diary->table = $table; $diary->cols = 'userID, entry, date'; $diary->values = " '" . $user_data['ID'] . "', '" . $diary_note . "', '" . $mysqldate . "' "; $diary->insert(); unset($diary); //TODO check if first entry and if yes update user array with start_month and start_year //refresh content include "lib/functions/fetch_diary.php"; $tpl->assign('ay_diary', $ay_diary); $tpl->assign('at_least_one_entry', 1); //else $tpl->assign('at_least_one_entry', 0); //TODO why is this needed now!? $tpl->assign('user_data', $user_data); $html = $tpl->fetch("modules/home/diary_entries.tpl"); $objResponse->assign("diary_entries", "innerHTML", $html); $objResponse->assign("add_pin", "innerHTML", ''); $objResponse->includeScript("js/pinterest.js"); $objResponse->call("m_reload"); } } } elseif ($table == $tbl_goals) { $mysqldate = date('Y-m-d H:i:s', time()); $note = strip_tags(mysql_real_escape_string($data['note'])); //insert new entry $goals = new ModifyEntry(); $goals->table = $table; $goals->cols = 'userID, goal, created'; $goals->values = " '" . $user_data['ID'] . "', '" . $note . "', '" . $mysqldate . "' "; $goals->insert(); unset($goals); //refresh content $html1 = $tpl->fetch("modules/improve/goals/sortfields.tpl"); $objResponse->assign("sortfields", "innerHTML", $html1); include "lib/functions/fetch_goals.php"; $tpl->assign('ay_goals', $ay_goals); $html2 = $tpl->fetch("modules/improve/goals/goal_entries.tpl"); $objResponse->assign("goal_entries", "innerHTML", $html2); $objResponse->call("reset_input"); } elseif ($table == $tbl_distorted_thoughts) { $mysqldate = date('Y-m-d H:i:s', time()); $thought = strip_tags(mysql_real_escape_string($data['thought'])); $response = strip_tags(mysql_real_escape_string($data['response'])); $c_action = strip_tags(mysql_real_escape_string($data['c_action'])); //insert new entry $thoughts = new ModifyEntry(); $thoughts->table = $table; $thoughts->cols = 'userID, thought, response, action, created'; $thoughts->values = " '" . $user_data['ID'] . "', '" . $thought . "', '" . $response . "', '" . $c_action . "', '" . $mysqldate . "' "; $thoughts->insert(); unset($thoughts); //refresh content include "lib/functions/fetch_thoughts.php"; $tpl->assign('ay_thoughts', $ay_thoughts); $html = $tpl->fetch("modules/improve/distorted_thoughts/thought_entries.tpl"); $objResponse->assign("thought_entries", "innerHTML", $html); $objResponse->call("reset_input"); } elseif ($table == $tbl_da_scale_results || $table == $tbl_bd_scale_results) { $i = 0; $dataValid = 1; $mysqldate = date('Y-m-d H:i:s', time()); //check if all items have been answered for ($i = 1; $i <= $data['items_total']; $i++) { if (!isset($data[$i])) { $objResponse->alert('Please answer all items'); // TODO put string in language file $dataValid = 0; break; } } //TODO store aggregated values in user table //all items have been answered if ($dataValid == 1) { $bd_total_score = 0; $da_total_score[0] = $da_total_score[1] = $da_total_score[2] = $da_total_score[3] = $da_total_score[4] = $da_total_score[5] = $da_total_score[6] = 0; //insert new entry $scale_data = new ModifyEntry(); $scale_data->table = $table; for ($i = 1; $i <= $data['items_total']; $i++) { if (isset($data[$i])) { $scale_data->cols = 'userID, itemID, value, date'; $scale_data->values = " '" . $user_data['ID'] . "', '" . $i . "', '" . $data[$i] . "', '" . $mysqldate . "' "; $scale_data->insert(); if ($scale_data->errno() > 0) { break; } if ($table == $tbl_da_scale_results) { switch (true) { case $i <= 5: $da_total_score[0] = $da_total_score[0] + $data[$i]; break; case $i <= 10: $da_total_score[1] = $da_total_score[1] + $data[$i]; break; case $i <= 15: $da_total_score[2] = $da_total_score[2] + $data[$i]; break; case $i <= 20: $da_total_score[3] = $da_total_score[3] + $data[$i]; break; case $i <= 25: $da_total_score[4] = $da_total_score[4] + $data[$i]; break; case $i <= 30: $da_total_score[5] = $da_total_score[5] + $data[$i]; break; case $i <= 35: $da_total_score[6] = $da_total_score[6] + $data[$i]; break; } } if ($table == $tbl_bd_scale_results) { $bd_total_score = $bd_total_score + $data[$i]; } } } unset($scale_data); $scale_data = new ModifyEntry(); $scale_data->table = $tbl_users; if ($table == $tbl_da_scale_results) { ksort($da_total_score); } if ($table == $tbl_da_scale_results) { $scale_data->changes = " da_latest_score = '" . serialize($da_total_score) . "' "; } else { $scale_data->changes = " bd_latest_score = '" . $bd_total_score . "' "; } $scale_data->condition = " ID = '" . $user_data['ID'] . "' "; $scale_data->update(); if ($scale_data->errno() > 0) { break; } if ($table == $tbl_da_scale_results) { $user_data['da_latest_score'] = serialize($da_total_score); } if ($table == $tbl_bd_scale_results) { $user_data['bd_latest_score'] = $bd_total_score; } if (mod_memcache == 1) { $memcache->replace($mem_key1, $user_data, false); } else { $_SESSION['$mem_key1'] = $user_data; } } //update cached data in memcache or session //$l["token"] = substr($_COOKIE["l"], 3, -35); if ($table == $tbl_da_scale_results) { $mem_key2 = "da_scale_data_" . $l["token"]; $mem_key2a = "da_scale_sep_strings_" . $l["token"]; $mem_key2b = "da_scale_sep_dates_" . $l["token"]; if (mod_memcache == 1) { $memcache->delete($mem_key2); $memcache->delete($mem_key2a); $memcache->delete($mem_key2b); } else { unset($_SESSION['$mem_key2']); unset($_SESSION['$mem_key2a']); unset($_SESSION['$mem_key2b']); } } if ($table == $tbl_bd_scale_results) { $mem_key3 = "bd_scale_data_" . $l["token"]; if (mod_memcache == 1) { $memcache->delete($mem_key3); } else { unset($_SESSION['$mem_key3']); } } //redirect to overview/result page if ($dataValid == 1 && $scale_data->errno() == 0 && $table == $tbl_da_scale_results) { $objResponse->redirect(ROOT_DIR . 'analyze/da_scale/index.html'); } if ($dataValid == 1 && $scale_data->errno() == 0 && $table == $tbl_bd_scale_results) { $objResponse->redirect(ROOT_DIR . 'analyze/bd_scale/index.html'); } unset($scale_data); } return $objResponse; }
function _publish_arquivo() { global $arquivo; $objResponse = new xajaxResponse(); if ($arquivo->publish()) { $objResponse->redirect("el-gallery_view.php?arquivoId={$arquivo->id}"); } else { $objResponse->alert("Não foi possível publicar o arquivo"); } return $objResponse; }
function removeSeat($_draft_id) { $objResponse = new xajaxResponse(); #how many are in the draft? $players = mysql_num_rows(mysql_query("SELECT fk_user_id FROM md_draft2user WHERE fk_draft_id = {$_draft_id}")); mysql_query("UPDATE md_draft SET max_players = max_players - 1 WHERE max_players > {$players} AND draft_status = 0 AND pk_draft_id = {$_draft_id}"); $draft_info = mysql_fetch_array(mysql_query("SELECT * FROM md_draft\n\t\tWHERE pk_draft_id = {$_draft_id}")); $drafterlist = drafterList($_draft_id); $objResponse->assign("drafterlist", "innerHTML", $drafterlist); if ($players == $draft_info["max_players"]) { $objResponse->redirect("draft.php?id=" . $_draft_id); } return $objResponse; }
function PasteBlock($sid, $name) { $objResponse = new xajaxResponse(); global $userbank, $username; $sid = (int) $sid; if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) { $objResponse->redirect("index.php?p=login&m=no_access", 0); $log = new CSystemLog("w", "Hacking Attempt", $username . " tried paste a block, but doesn't have access."); return $objResponse; } require INCLUDES_PATH . '/CServerRcon.php'; //get the server data $data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = ?;", array($sid)); if (empty($data['rcon'])) { $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $objResponse->addScript("ShowBox('Error', 'No RCON password for server " . $data['ip'] . ":" . $data['port'] . "!', 'red', '', true);"); return $objResponse; } $r = new CServerRcon($data['ip'], $data['port'], $data['rcon']); if (!$r->Auth()) { $GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = ?;", array($sid)); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $objResponse->addScript("ShowBox('Error', 'Wrong RCON password for server " . $data['ip'] . ":" . $data['port'] . "!', 'red', '', true);"); return $objResponse; } $ret = $r->rconCommand("status"); $search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER); $i = 0; $found = false; $index = -1; foreach ($matches[2] as $match) { if ($match == $name) { $found = true; $index = $i; break; } $i++; } if ($found) { $steam = $matches[3][$index]; $name = $matches[2][$index]; $objResponse->addScript("\$('nickname').value = '" . addslashes($name) . "'"); $objResponse->addScript("\$('steam').value = '" . $steam . "'"); } else { $objResponse->addScript("ShowBox('Error', 'Can\\'t get player info for " . addslashes(htmlspecialchars($name)) . ". Player is not on the server (" . $data['ip'] . ":" . $data['port'] . ") anymore!', 'red', '', true);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); return $objResponse; } $objResponse->addScript("SwapPane(0);"); $objResponse->addScript("\$('dialog-control').setStyle('display', 'block');"); $objResponse->addScript("\$('dialog-placement').setStyle('display', 'none');"); return $objResponse; }
/** * Logout Funktionalität * * @access public * @author prodigy * @since 31.12.2008 * @version 0.1a */ public function LogOut() { $objR = new xajaxResponse(); session_destroy(); $objR->redirect('./'); return $objR; }