function BlockPlayer($check, $sid, $num, $type, $length)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
$sid = (int) $sid;
$length = (int) $length;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to process a playerblock, but doesnt have access.");
return $objResponse;
}
//get the server data
$sdata = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
//test if server is online
if ($test = @fsockopen($sdata['ip'], $sdata['port'], $errno, $errstr, 2)) {
@fclose($test);
require_once INCLUDES_PATH . "/CServerRcon.php";
$r = new CServerRcon($sdata['ip'], $sdata['port'], $sdata['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "' LIMIT 1;");
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'>Wrong RCON Password, please change!</font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
$ret = $r->rconCommand("status");
// show hostname instead of the ip, but leave the ip in the title
require_once "../includes/system-functions.php";
$hostsearch = preg_match_all('/hostname:[ ]*(.+)/', $ret, $hostname, PREG_PATTERN_ORDER);
$hostname = trunc(htmlspecialchars($hostname[1][0]), 25, false);
if (!empty($hostname)) {
$objResponse->addAssign("srvip_{$num}", "innerHTML", "<font size='1'><span title='" . $sdata['ip'] . ":" . $sdata['port'] . "'>" . $hostname . "</span></font>");
}
$gothim = false;
$search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER);
//search for the steamid on the server
foreach ($matches[3] as $match) {
if (substr($match, 8) == substr($check, 8)) {
// gotcha!!! kick him!
$gothim = true;
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_comms` SET sid = '" . $sid . "' WHERE authid = '" . $check . "' AND RemovedBy IS NULL;");
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.blockit.php"));
$kick = $r->sendCommand("sc_fw_block " . $type . " " . $length . " " . $match);
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Player Found & blocked!!!</u></b></font>");
$objResponse->addScript("set_counter('-1');");
return $objResponse;
}
}
if (!$gothim) {
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font size='1'>Player not found.</font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
} else {
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'><i>Can't connect to server.</i></font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
}
function login($data)
{
//global $tpl;
$objResponse = new xajaxResponse();
include 'settings/tables.php';
/* Crypt Password with MD5 Method */
$pw_crypted = MD5(mysql_real_escape_string($data['password']));
//encrypt password with MD5
$email = mysql_real_escape_string($data['email']);
/******************************************/
/* Create Object :: EXIST */
$logon = new CheckExist();
/******************************************/
/* Check :: EXIST */
$logon->tableE = $tbl_users;
$logon->conditionE = " UserEmail = '" . $email . "' && UserPass = '******' && activation_code = '' ";
$CheckData = $logon->exist();
/******************************************/
/* Change Status :: Login successful or failed */
if ($CheckData == 1) {
$logon->email = $email;
$logon->pw = $pw_crypted;
$logon->tbl_users = $tbl_users;
//setcookie
if (isset($data['autologon'])) {
$logon->cookie_duration = 1;
} else {
$logon->cookie_duration = 0;
}
$logon->cookieset('ly');
$objResponse->Script("document.getElementById('submit_login').onclick()");
$objResponse->redirect(ROOT_DIR);
//return true;
} else {
$logon->email = '';
$logon->pw = '';
//$logon->cookieset('l');
$objResponse->assign("p_logon_failure", "style.display", 'block');
$objResponse->assign("p_logon_failure", "innerHTML", "Login information could not be verified.<br> Please try it again.");
//TODO move string to language file
//$tpl->display("logon/login.tpl");
//return false;
}
unset($logon);
/******************************************/
return $objResponse;
}
function reguser($form)
{
global $db, $tablepre, $onlineip;
$obj = new xajaxResponse();
$usernamereg = '/^\\s*$|^c:\\con\\con$|[%,\\*\\"\\s\\t\\<\\>\\&]|\\xA1\\xA1|\\xAC\\xA3|^guest|^\\xD3\\xCE\\xBF\\xCD|\\xB9\\x43\\xAB\\xC8/i';
$emailreg = '/^(([^<>()[\\]\\.,;:\\s@"\']+(\\.[^<>()[\\]\\.,;:\\s@"\']+)*)|("[^"\']+"))@((\\[\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\])|(([a-zA-Z\\d\\-]+\\.)+[a-zA-Z]{2,}))$/';
$username = addslashes(trim($form['username']));
$password = trim($form['password']);
$email = trim($form['email']);
if (empty($username) || preg_match($usernamereg, $username) || strlen($username) < 3 || strlen($username) > 15 || preg_match("~/|\\|\\'|\"~", $password) || strlen($password) < 6 || strlen($password) > 20 || !preg_match($emailreg, $email)) {
return $obj->redirect(WEB_URL);
}
$sql = "SELECT * FROM `{$tablepre}members` where username='******' or (regip='{$onlineip}' AND DATE(regdate)=CURDATE())";
$query = $db->query($sql) or error('Unable to fetch member.', __FILE__, __LINE__, $db->error());
if ($db->num_rows($query)) {
return $obj->script("\$('chk_stat').className = d_err;\$('chk_stat').setHTML('此ID已被注册或者您今天已经注册过会员,请勿多次提交申请。');\$('regbotton').disabled = 'disabled';");
}
$sql = "INSERT INTO `{$tablepre}members` (username,password,email,regdate,regip) VALUES ('{$username}',MD5('{$password}'),'{$email}',now(),'{$onlineip}')";
$db->query($sql) or error('Unable to insert into member.', __FILE__, __LINE__, $db->error());
$uid = $db->insert_id();
$db->query("INSERT INTO `{$tablepre}box` (uid,time) VALUES ('{$uid}',now())") or error('Unable to insert into box.', __FILE__, __LINE__, $db->error());
$db->query("INSERT INTO `{$tablepre}memberdata` (uid,username,lastloginip,lastvisit) VALUES ('{$uid}','{$username}','{$onlineip}',UNIX_TIMESTAMP())");
$obj->script("\$('regbotton').disabled = 'disabled';alert('注册成功!');");
return $obj;
}
/**
* @deprecated #0015627
*/
function AddOpinion($source_uid, $dest_uid, $message, $rating, $counter, $from = 'frl')
{
return false;
$source_uid = get_uid(false);
$objResponse = new xajaxResponse();
$message = trim($message);
if (!in_array($rating, array(-1, 0, 1))) {
$objResponse->assign('rating_error', 'innerHTML', 'Вы не выбрали категорию отзыва');
} elseif (opinions::CheckUserCanPost($source_uid, $dest_uid) != 0) {
// левый пользователь
} elseif ($message == '') {
$objResponse->script("opinionFormError('error_msg');");
} elseif (strlen($message) > opinions::$opinion_max_length) {
$objResponse->script("opinionMaxLengthError('msg', " . opinions::$opinion_max_length . ');');
} else {
$message = str_replace('&', '&', $message);
$message = stripslashes($message);
$message = change_q_x($message, FALSE, TRUE, '', false, false);
$error = opinions::NewMsg($source_uid, $dest_uid, $message, $rating, getRemoteIP(), $new_id);
if (!$error) {
$msg = opinions::GetLastMessage($source_uid, $dest_uid);
if ($msg) {
$user = new users();
$user->GetUserByUID($dest_uid);
$objResponse->remove('form_container');
if (is_emp() && $from == 'frl' || !is_emp() && $from == 'emp') {
$from = $from == 'frl' ? 'emp' : 'frl';
$objResponse->redirect("/users/{$user->login}/opinions/?from={$from}#o_{$new_id}");
return $objResponse;
}
$objResponse->prepend('messages_container', 'innerHTML', opinions::printTheme($msg, $from, $counter, $user));
$objResponse->prepend('messages_container', 'innerHTML', opinions::printAddForm($source_uid, $dest_uid, $from));
$nt = $rating == 1 ? 'plus' : ($rating == -1 ? 'minus' : 'neitral');
$objResponse->call('opinionChConuters', NULL, 'ops-' . $from . $nt);
$objResponse->script("opinionCheckMaxLengthStop('msg');");
$objResponse->assign('no_messages', 'innerHTML', '');
} else {
$objResponse->script("alert('" . serialize($msg) . "')");
}
} else {
$objResponse->script("alert('" . $error . "')");
}
}
return $objResponse;
}
function addV($vF)
{
global $db;
$resp = new xajaxResponse();
$title = $vF['name'];
if (!$title) {
return $resp->alert('标题为空');
}
$query = $db->query("INSERT INTO `vote` SET `title` = '{$title}'") or error('Unable to insert vote data', __FILE__, __LINE__, $db->error());
$insert_id = $db->get_insert_id();
foreach ($vF['add'] as $v) {
$db->query("INSERT INTO `vote` values (null,'{$v}',0,0,{$insert_id})") or error('Unable to insert vote data', __FILE__, __LINE__, $db->error());
}
$resp->alert("添加成功!");
$resp->redirect('vote_manager.php');
//$resp->alert(print_r($vF['add'],true));
return $resp->getXML();
}
public function loginAjax($aData)
{
$oResp = new xajaxResponse();
// walidacja danych
$oValidator = new Module_Validator();
$oValidator->field('type_id', $iTypeId)->rules('required|toint|not[0]');
$oValidator->field('type_name', $sValue)->rules('required|hsc');
if ($oValidator->validate()) {
} else {
}
$oUser = Model_User::tryCreate($aData['login']);
$sPassHash = md5($aData['password'] . 'fibonacci98765434567');
if ($oUser !== null && $this->oAuth->login($oUser, $sPassHash)) {
$oResp->redirect($this->getPageUrl('/'));
} else {
$oResp->assign('error_msg', 'innerHTML', 'Incorrect name or password');
}
return $oResp;
}
function myFunction($post)
{
$usuario = htmlentities($post['login']);
$clave = htmlentities($post['password']);
$db = new MySQL();
$resultado = $db->consulta("Select vUsuClave,TipoUsuario_iTiUsuarioIdTipoUsuario from usuarios where vUsuUsuario='" . $usuario . "'");
$filas = $db->num_rows($resultado);
$respuesta = new xajaxResponse();
if ($filas > 0) {
$row = mysql_fetch_assoc($resultado);
if ($row['vUsuClave'] == hash_hmac('md5', $clave, 'tesis')) {
$resultado2 = $db->consulta("Select vUrl from tipousuario where iTiUsuarioIdTipoUsuario='" . $row['TipoUsuario_iTiUsuarioIdTipoUsuario'] . "' and Estado='A'");
$row2 = mysql_fetch_assoc($resultado2);
$respuesta->redirect($_configuration['root_web'] . $row2['vUrl']);
} else {
$respuesta->assign("mensaje", "innerHTML", "<div id='login_fail'>Contraseña Incorrecta</div>");
}
} else {
$respuesta->assign("mensaje", "innerHTML", "<div id='login_fail'>Usuario Incorrecto</div>");
}
return $respuesta;
}
function SendMessage($sid, $name, $message)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->is_admin()) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Ошибка доступ", $username . " пытался отправить для '" . addslashes(htmlspecialchars($name)) . "' сообщение (\"" . RemoveCode($message) . "\"), не имея на это прав.");
return $objResponse;
}
$sid = (int) $sid;
require INCLUDES_PATH . '/CServerRcon.php';
//get the server data
$data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
if (empty($data['rcon'])) {
$objResponse->addScript("ShowBox('Ошибка', 'Невозможно отправить сообщение для " . addslashes(htmlspecialchars($name)) . ". Не задан РКОН пароль!', 'red', '', true);");
return $objResponse;
}
$r = new CServerRcon($data['ip'], $data['port'], $data['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';");
$objResponse->addScript("ShowBox('Ошибка', 'Невозможно отправить сообщение для " . addslashes(htmlspecialchars($name)) . ". Неверноый РКОН пароль!', 'red', '', true);");
return $objResponse;
}
$ret = $r->sendCommand('sm_psay "' . $name . '" "' . addslashes($message) . '"');
new CSystemLog("m", "Сообщение отправлено", "Следующее сообщение было отправлено " . addslashes(htmlspecialchars($name)) . " на сервер " . $data['ip'] . ":" . $data['port'] . ": " . RemoveCode($message));
$objResponse->addScript("ShowBox('Сообщение отправлено', 'Сообщение для \\'" . addslashes(htmlspecialchars($name)) . "\\' успешно отправлено!', 'green', '', true);\$('dialog-control').setStyle('display', 'block');");
return $objResponse;
}
function closePopup()
{
$objResponse = new xajaxResponse();
$objResponse->remove("popup");
$objResponse->removeCSS('includes/layout/overlay.css');
if ($_SESSION['popup_close_redirect'] == 'yes') {
$project7 = new editsee_App();
$_SESSION['popup_close_redirect'] = '';
$_SESSION['temp_theme'] = '';
$objResponse->redirect($project7->get_config('es_main_url'));
}
return $objResponse;
}
function LiveMessage($a) {
global $db;
$sessionid = $_SESSION['sessionid'];
$name = htmlspecialchars($a['name']);
$email = htmlspecialchars($a['email']);
$country = htmlspecialchars($a['country']);
$phone = htmlspecialchars($a['phone']);
$departmentid = htmlspecialchars($a['departmentid']);
$message = htmlspecialchars($a['message']);
$timestamp = time();
$ip = $_SERVER['REMOTE_ADDR'];
$sql = "INSERT INTO `chat` (`sessionid`,`name`,`email`,`phone`,`departmentid`,`message`,`timestamp`,`ip`,`status`) VALUES('" . $sessionid . "','" . $name . "','" . $email . "','" . $phone . "','" . $departmentid . "','" . $message . "','" . $timestamp . "','" . $ip . "','2')";
$db->query($sql);
$sql = "DELETE FROM `sessions` WHERE `id`='" . $sessionid . "'";
$db->query($sql);
$text = "<?php echo $lang[shout_success]?>\n";
$objResponse = new xajaxResponse('utf-8');
$objResponse->addAssign('content', 'innerHTML', $text);
$objResponse->redirect('../', 5);
return $objResponse;
}
function deleteDirection($id)
{
session_start();
if (!hasPermissions('seo')) {
return false;
}
$objResponse = new xajaxResponse();
$id = intval($id);
if (!$id) {
$objResponse->alert('Идентификатор направления не указан');
return $objResponse;
}
$seo = new seo();
if (!$seo->deleteDirection($id)) {
$objResponse->alert('Ошибка удаления');
return $objResponse;
}
$objResponse->redirect('/catalog/admin/?direction=-1');
return $objResponse;
}
function redirect()
{
$objResponse = new xajaxResponse();
$objResponse->redirect("http://www.xajaxproject.org");
return $objResponse;
}
function rate($site, $id, $rating)
{
global $memcache;
global $duration;
global $_COOKIE;
global $tpl;
include 'settings/tables.php';
$objResponse = new xajaxResponse();
if (!isset($_COOKIE["l"])) {
$objResponse->redirect(ROOT_DIR);
return $objResponse;
}
$l["token"] = substr($_COOKIE["l"], 3, -35);
$mem_key1 = "user_data_" . $l["token"];
$user_data = $memcache->get($mem_key1);
$mem_key2 = "trigger_f_" . $l["token"];
$trigger_f = $memcache->get($mem_key2);
include 'modules/logon/get_userdata.php';
$mem_key3 = "ay_flashes_voted_" . $l["token"];
$mem_key4 = "ay_flashes_rated_" . $l["token"];
$ay_flashes_voted = $memcache->get($mem_key3);
$ay_flashes_rated = $memcache->get($mem_key4);
$ay_flash_cats = $memcache->get('ay_flash_cats');
include 'modules/flash/flashfeed_add.php';
if ($site == 'flash') {
$likes_str = 'p_likes_' . $id;
$dislikes_str = 'p_dislikes_' . $id;
$rate_str = 'p_rate_' . $id;
$upd_data = new ModifyEntry();
$upd_data->table = $tbl_flashes;
$upd_data->condition = " ID = '{$id}' ";
if ($rating == "like") {
$upd_data->changes = " likes = likes+1, rating = rating+1 ";
}
if ($rating == "dislike") {
$upd_data->changes = " dislikes = dislikes+1, rating = rating-1 ";
}
$upd_data->update();
unset($upd_data);
$ins_data = new ModifyEntry();
$ins_data->table = $tbl_flash_ratings;
$ins_data->cols = 'flashID, userID, rating';
$ins_data->values = " '{$id}', '" . $user_data['ID'] . "', '{$rating}' ";
$ins_data->insert();
unset($ins_data);
$flash_result = new SelectEntrys();
$flash_result->cols = 'likes, dislikes';
$flash_result->table = $tbl_flashes;
$flash_result->condition = " ID = '{$id}' ";
$flash_result->multiSelect = 1;
$ay_flash_result = $flash_result->row();
unset($flash_result);
$ay_flashes_rated[] = $id;
sort($ay_flashes_rated);
$mem_key4 = "ay_flashes_rated_" . $l["token"];
$memcache->replace($mem_key4, $ay_flashes_rated, false);
$objResponse->assign($rate_str, "style.display", 'none');
$objResponse->assign($likes_str, "innerHTML", $ay_flash_result[0]['likes']);
$objResponse->assign($dislikes_str, "innerHTML", $ay_flash_result[0]['dislikes']);
}
return $objResponse;
}
function SendMessage($sid, $name, $message)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
if (!$userbank->is_admin()) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried to send ingame message to '" . addslashes(htmlspecialchars($name)) . "' (\"" . RemoveCode($message) . "\"), but doesnt have access.");
return $objResponse;
}
$sid = (int) $sid;
require INCLUDES_PATH . '/CServerRcon.php';
//get the server data
$data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
if (empty($data['rcon'])) {
$objResponse->addScript("ShowBox('Error', 'Can\\'t send message to " . addslashes(htmlspecialchars($name)) . ". No RCON password!', 'red', '', true);");
return $objResponse;
}
$r = new CServerRcon($data['ip'], $data['port'], $data['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "';");
$objResponse->addScript("ShowBox('Error', 'Can\\'t send message to " . addslashes(htmlspecialchars($name)) . ". Wrong RCON password!', 'red', '', true);");
return $objResponse;
}
$ret = $r->sendCommand('sm_psay "' . $name . '" "' . addslashes($message) . '"');
new CSystemLog("m", "Message sent to player", "The following message was sent to " . addslashes(htmlspecialchars($name)) . " on server " . $data['ip'] . ":" . $data['port'] . ": " . RemoveCode($message));
$objResponse->addScript("ShowBox('Message Sent', 'The message has been sent to player \\'" . addslashes(htmlspecialchars($name)) . "\\' successfully!', 'green', '', true);\$('dialog-control').setStyle('display', 'block');");
return $objResponse;
}
/**
* @param string $destDiv
* @param int $msgId
* @return xajaxResponse
*/
function takeGroupMail($destDiv = 'mod-webmail_inbox', $msgId = 1)
{
global $prefs, $user, $webmaillib, $module_params;
include_once 'lib/webmail/webmaillib.php';
$contactlib = TikiLib::lib('contact');
$categlib = TikiLib::lib('categ');
$tikilib = TikiLib::lib('tiki');
$trklib = TikiLib::lib('trk');
if (isset($_SESSION['webmailinbox'][$destDiv]['module_params'])) {
$module_params = $_SESSION['webmailinbox'][$destDiv]['module_params'];
} else {
$module_params = array();
// TODO error?
}
$accountid = isset($module_params["accountid"]) ? $module_params['accountid'] : 0;
$ls = $webmaillib->refresh_mailbox($user, $accountid, false);
$cont = $webmaillib->get_mail_content($user, $accountid, $msgId);
$acc = $webmaillib->get_webmail_account($user, $accountid);
// make tracker item
$m = $ls[$msgId - 1];
$from = $m['from'];
$subject = $m['subject'];
$realmsgid = $m['realmsgid'];
$maildate = $m['date'];
$maildate = strtotime($maildate);
$objResponse = new xajaxResponse();
// check if already taken
$itemid = $trklib->get_item_id($module_params['trackerId'], $module_params['messageFId'], $realmsgid);
if ($itemid > 0) {
$objResponse->script('doRefreshWebmail();alert("Sorry, that mail has been taken by another operator. Refreshing list...");');
} else {
$charset = $prefs['default_mail_charset'];
if (empty($charset)) {
$charset = 'UTF-8';
}
$items['data'][0]['fieldId'] = $module_params['fromFId'];
$items['data'][0]['type'] = 't';
$items['data'][0]['value'] = $from;
$items['data'][1]['fieldId'] = $module_params['operatorFId'];
$items['data'][1]['type'] = 'u';
$items['data'][1]['value'] = $user;
$items['data'][2]['fieldId'] = $module_params['subjectFId'];
$items['data'][2]['type'] = 't';
$items['data'][2]['value'] = $subject;
$items['data'][3]['fieldId'] = $module_params['messageFId'];
$items['data'][3]['type'] = 't';
$items['data'][3]['value'] = $realmsgid;
$items['data'][4]['fieldId'] = $module_params['contentFId'];
$items['data'][4]['type'] = 'a';
$items['data'][4]['value'] = htmlentities($cont['body'], ENT_QUOTES, $charset);
$items['data'][5]['fieldId'] = $module_params['accountFId'];
$items['data'][5]['type'] = 't';
$items['data'][5]['value'] = $acc['account'];
$items['data'][6]['fieldId'] = $module_params['datetimeFId'];
$items['data'][6]['type'] = 'f';
// f?
$items['data'][6]['value'] = $maildate;
$trklib->replace_item($module_params['trackerId'], 0, $items);
}
// make name for wiki page
$pageName = str_replace('@', '_AT_', $m['sender']['email']);
$contId = $contactlib->get_contactId_email($m['sender']['email'], $user);
// add or update (?) contact
$ext = $contactlib->get_ext_by_name($user, tra('Wiki Page'), $contId);
if (!$ext) {
$contactlib->add_ext($user, tra('Wiki Page'), true);
// a public field
$ext = $contactlib->get_ext_by_name($user, tra('Wiki Page'), $contId);
}
$arr = explode(" ", trim(html_entity_decode($m['sender']['name']), '"\' '), 2);
if (count($arr) < 2) {
$arr[] = '';
}
$contactlib->replace_contact($contId, $arr[0], $arr[1], $m['sender']['email'], '', $user, array($module_params['group']), array($ext['fieldId'] => $pageName), true);
if (!$contId) {
$contId = $contactlib->get_contactId_email($m['sender']['email'], $user);
}
// make or update wiki page
$wikilib = TikiLib::lib('wiki');
if (!$wikilib->page_exists($pageName)) {
$comment = 'Generated by GroupMail on ' . date(DATE_RFC822);
$description = "Page {$comment} for " . $m['sender']['email'];
$data = '!GroupMail case with ' . $m['sender']['email'] . "\n";
$data .= "''{$comment}''\n\n";
$data .= "!!Info\n";
$data .= "Contact info: [tiki-contacts.php?contactId={$contId}|" . $m['sender']['name'] . "]\n\n";
$data .= "!!Logs\n";
$data .= '{trackerlist trackerId="' . $module_params['trackerId'] . '" ' . 'fields="' . $module_params['fromFId'] . ':' . $module_params['operatorFId'] . ':' . $module_params['subjectFId'] . ':' . $module_params['datetimeFId'] . '" ' . 'popup="' . $module_params['fromFId'] . ':' . $module_params['contentFId'] . '" stickypopup="n" showlinks="y" shownbitems="n" showinitials="n"' . 'showstatus="n" showcreated="n" showlastmodif="n" filterfield="' . $module_params['fromFId'] . '" filtervalue="' . $m['sender']['email'] . '"}';
$data .= "\n\n";
$tikilib->create_page($pageName, 0, $data, $tikilib->now, $comment, $user, $tikilib->get_ip_address(), $description);
$categlib->update_object_categories(array($categlib->get_category_id('Help Team Pages')), $pageName, 'wiki page');
// TODO remove hard-coded cat name
}
$objResponse->redirect($wikilib->sefurl($pageName));
return $objResponse;
}
function KickPlayer($check, $sid, $num, $type)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
$sid = (int) $sid;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Ошибка доступа", $username . " пытался кого-то кикнуть, не имея на это прав.");
return $objResponse;
}
//get the server data
$sdata = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = '" . $sid . "';");
//test if server is online
if ($test = @fsockopen($sdata['ip'], $sdata['port'], $errno, $errstr, 2)) {
@fclose($test);
require_once INCLUDES_PATH . "/CServerRcon.php";
$r = new CServerRcon($sdata['ip'], $sdata['port'], $sdata['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = '" . $sid . "' LIMIT 1;");
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'>Неверный РКОН!</font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
$ret = $r->rconCommand("status");
// show hostname instead of the ip, but leave the ip in the title
require_once "../includes/system-functions.php";
$hostsearch = preg_match_all('/hostname:[ ]*(.+)/', $ret, $hostname, PREG_PATTERN_ORDER);
$hostname = trunc(htmlspecialchars($hostname[1][0]), 25, false);
if (!empty($hostname)) {
$objResponse->addAssign("srvip_{$num}", "innerHTML", "<font size='1'><span title='" . $sdata['ip'] . ":" . $sdata['port'] . "'>" . $hostname . "</span></font>");
}
$gothim = false;
$search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER);
//search for the steamid on the server
if ((int) $type == 0) {
foreach ($matches[3] as $match) {
if (substr($match, 8) == substr($check, 8)) {
// gotcha!!! kick him!
$gothim = true;
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE authid = '" . $check . "' AND RemovedBy IS NULL;");
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php"));
$kick = $r->sendCommand("kickid " . $match . " \"Вы были забанены, посетите http://" . $_SERVER['HTTP_HOST'] . $requri . " для большей информации.\"");
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Игрок найден и кикнут!!!</u></b></font>");
$objResponse->addScript("set_counter('-1');");
return $objResponse;
}
}
} else {
if ((int) $type == 1) {
// search for the ip on the server
$id = 0;
foreach ($matches[8] as $match) {
$ip = explode(":", $match);
$ip = $ip[0];
if ($ip == $check) {
$userid = $matches[1][$id];
// gotcha!!! kick him!
$gothim = true;
$GLOBALS['db']->Execute("UPDATE `" . DB_PREFIX . "_bans` SET sid = '" . $sid . "' WHERE ip = '" . $check . "' AND RemovedBy IS NULL;");
$requri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "pages/admin.kickit.php"));
$kick = $r->sendCommand("kickid " . $userid . " \"Вы были забанены, посетите http://" . $_SERVER['HTTP_HOST'] . $requri . " для большей информации.\"");
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='green' size='1'><b><u>Игрок найден и кикнут!!!</u></b></font>");
$objResponse->addScript("set_counter('-1');");
return $objResponse;
}
$id++;
}
}
}
if (!$gothim) {
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font size='1'>Игрок не найден.</font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
} else {
$objResponse->addAssign("srv_{$num}", "innerHTML", "<font color='red' size='1'><i>Нет соединения с сервером.</i></font>");
$objResponse->addScript('set_counter(1);');
return $objResponse;
}
}
function resendCode($sbr_id, $stage_id)
{
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/pskb.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/classes/memBuff.php';
$sbr_id = __paramValue('int', $sbr_id);
$stage_id = __paramValue('int', $stage_id);
$objResponse = new xajaxResponse();
$objResponse->script("\$('alert_sms').removeClass('b-layout__txt_color_56bd06').removeClass('b-layout__txt_color_c7271e'); ");
if (!$sbr_id) {
$objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');");
//$objResponse->alert('Запрос не может быть обработан.');
return $objResponse;
}
$m = new memBuff();
$lasttime = $m->get(pskb::SMS_RESEND_KEY . $sbr_id);
if ($lasttime) {
$mins = ceil(($lasttime + 300 - time()) / 60);
$objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Еще раз выслать код можно будет через {$mins} минут" . ending($mins, 'у', 'ы', '') . ".');");
//$objResponse->alert("Повторный запрос можно будет сделать примерно через {$mins} минут" . ending($mins, 'у', 'ы', '') );
return $objResponse;
}
$uid = get_uid(0);
if (!$uid) {
$objResponse->redirect('/');
return $objResponse;
}
$sbr = sbr_meta::getInstance();
if (!$sbr->initFromId($sbr_id)) {
$objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');");
return $objResponse;
}
$stage = $sbr->initFromStage($stage_id, false);
if (!$stage) {
$objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');");
return $objResponse;
}
if ($uid != $sbr->data['frl_id']) {
$objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Запрос не может быть обработан.');");
//$objResponse->alert('Запрос не может быть обработан.');
return $objResponse;
}
$pskb = new pskb($sbr);
if (!$pskb->resendCode($stage)) {
$objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_c7271e'); \n \$('alert_sms').set('html', 'Не удалось выслать код.');");
//$objResponse->alert('Ошибка запроса. Попробуйте еще раз.');
return $objResponse;
}
$m->set(pskb::SMS_RESEND_KEY . $sbr_id, time(), 300);
$objResponse->script("\$('alert_sms').addClass('b-layout__txt_color_56bd06'); \n \$('alert_sms').set('html', 'Код отправлен повторно.');\n \$('send_sms').destroy();\n \$('resend_sms').set('html', 'Еще раз выслать код можно будет через 5 минут.')");
//$objResponse->alert('Код отправлен повторно.');
if (defined('PSKB_TEST_MODE')) {
$objResponse->script('document.location.reload();');
}
return $objResponse;
}
function insertdata($table, $data, $special = 0)
{
//global $tpl;
global $memcache;
global $l;
global $tpl;
global $user_data;
global $getmonth;
$objResponse = new xajaxResponse();
//include('settings/template.php');
include 'settings/tables.php';
if ($user_data == '' || !isset($user_data)) {
require_once 'lib/functions/get_userdata.php';
}
//enter new diary entry
if ($table == $tbl_diary) {
if ($special == 1) {
$html = $tpl->fetch("modules/improve/diary/add_pin.tpl");
// $objResponse->assign("add_pin","style.className",'pin');
$objResponse->assign("add_pin", "innerHTML", $html);
$objResponse->includeScript("js/pinterest.js");
$objResponse->call("m_reload");
} else {
if ($data['image_file'] != '') {
$objResponse->script("document.forms['insert'].submit();");
} else {
$mysqldate = date('Y-m-d H:i:s', time());
$diary_note = mysql_real_escape_string(strip_tags($data['note']));
//insert new entry
$diary = new ModifyEntry();
$diary->table = $table;
$diary->cols = 'userID, entry, date';
$diary->values = " '" . $user_data['ID'] . "', '" . $diary_note . "', '" . $mysqldate . "' ";
$diary->insert();
unset($diary);
//TODO check if first entry and if yes update user array with start_month and start_year
//refresh content
include "lib/functions/fetch_diary.php";
$tpl->assign('ay_diary', $ay_diary);
$tpl->assign('at_least_one_entry', 1);
//else $tpl->assign('at_least_one_entry', 0);
//TODO why is this needed now!?
$tpl->assign('user_data', $user_data);
$html = $tpl->fetch("modules/home/diary_entries.tpl");
$objResponse->assign("diary_entries", "innerHTML", $html);
$objResponse->assign("add_pin", "innerHTML", '');
$objResponse->includeScript("js/pinterest.js");
$objResponse->call("m_reload");
}
}
} elseif ($table == $tbl_goals) {
$mysqldate = date('Y-m-d H:i:s', time());
$note = strip_tags(mysql_real_escape_string($data['note']));
//insert new entry
$goals = new ModifyEntry();
$goals->table = $table;
$goals->cols = 'userID, goal, created';
$goals->values = " '" . $user_data['ID'] . "', '" . $note . "', '" . $mysqldate . "' ";
$goals->insert();
unset($goals);
//refresh content
$html1 = $tpl->fetch("modules/improve/goals/sortfields.tpl");
$objResponse->assign("sortfields", "innerHTML", $html1);
include "lib/functions/fetch_goals.php";
$tpl->assign('ay_goals', $ay_goals);
$html2 = $tpl->fetch("modules/improve/goals/goal_entries.tpl");
$objResponse->assign("goal_entries", "innerHTML", $html2);
$objResponse->call("reset_input");
} elseif ($table == $tbl_distorted_thoughts) {
$mysqldate = date('Y-m-d H:i:s', time());
$thought = strip_tags(mysql_real_escape_string($data['thought']));
$response = strip_tags(mysql_real_escape_string($data['response']));
$c_action = strip_tags(mysql_real_escape_string($data['c_action']));
//insert new entry
$thoughts = new ModifyEntry();
$thoughts->table = $table;
$thoughts->cols = 'userID, thought, response, action, created';
$thoughts->values = " '" . $user_data['ID'] . "', '" . $thought . "', '" . $response . "', '" . $c_action . "', '" . $mysqldate . "' ";
$thoughts->insert();
unset($thoughts);
//refresh content
include "lib/functions/fetch_thoughts.php";
$tpl->assign('ay_thoughts', $ay_thoughts);
$html = $tpl->fetch("modules/improve/distorted_thoughts/thought_entries.tpl");
$objResponse->assign("thought_entries", "innerHTML", $html);
$objResponse->call("reset_input");
} elseif ($table == $tbl_da_scale_results || $table == $tbl_bd_scale_results) {
$i = 0;
$dataValid = 1;
$mysqldate = date('Y-m-d H:i:s', time());
//check if all items have been answered
for ($i = 1; $i <= $data['items_total']; $i++) {
if (!isset($data[$i])) {
$objResponse->alert('Please answer all items');
// TODO put string in language file
$dataValid = 0;
break;
}
}
//TODO store aggregated values in user table
//all items have been answered
if ($dataValid == 1) {
$bd_total_score = 0;
$da_total_score[0] = $da_total_score[1] = $da_total_score[2] = $da_total_score[3] = $da_total_score[4] = $da_total_score[5] = $da_total_score[6] = 0;
//insert new entry
$scale_data = new ModifyEntry();
$scale_data->table = $table;
for ($i = 1; $i <= $data['items_total']; $i++) {
if (isset($data[$i])) {
$scale_data->cols = 'userID, itemID, value, date';
$scale_data->values = " '" . $user_data['ID'] . "', '" . $i . "', '" . $data[$i] . "', '" . $mysqldate . "' ";
$scale_data->insert();
if ($scale_data->errno() > 0) {
break;
}
if ($table == $tbl_da_scale_results) {
switch (true) {
case $i <= 5:
$da_total_score[0] = $da_total_score[0] + $data[$i];
break;
case $i <= 10:
$da_total_score[1] = $da_total_score[1] + $data[$i];
break;
case $i <= 15:
$da_total_score[2] = $da_total_score[2] + $data[$i];
break;
case $i <= 20:
$da_total_score[3] = $da_total_score[3] + $data[$i];
break;
case $i <= 25:
$da_total_score[4] = $da_total_score[4] + $data[$i];
break;
case $i <= 30:
$da_total_score[5] = $da_total_score[5] + $data[$i];
break;
case $i <= 35:
$da_total_score[6] = $da_total_score[6] + $data[$i];
break;
}
}
if ($table == $tbl_bd_scale_results) {
$bd_total_score = $bd_total_score + $data[$i];
}
}
}
unset($scale_data);
$scale_data = new ModifyEntry();
$scale_data->table = $tbl_users;
if ($table == $tbl_da_scale_results) {
ksort($da_total_score);
}
if ($table == $tbl_da_scale_results) {
$scale_data->changes = " da_latest_score = '" . serialize($da_total_score) . "' ";
} else {
$scale_data->changes = " bd_latest_score = '" . $bd_total_score . "' ";
}
$scale_data->condition = " ID = '" . $user_data['ID'] . "' ";
$scale_data->update();
if ($scale_data->errno() > 0) {
break;
}
if ($table == $tbl_da_scale_results) {
$user_data['da_latest_score'] = serialize($da_total_score);
}
if ($table == $tbl_bd_scale_results) {
$user_data['bd_latest_score'] = $bd_total_score;
}
if (mod_memcache == 1) {
$memcache->replace($mem_key1, $user_data, false);
} else {
$_SESSION['$mem_key1'] = $user_data;
}
}
//update cached data in memcache or session
//$l["token"] = substr($_COOKIE["l"], 3, -35);
if ($table == $tbl_da_scale_results) {
$mem_key2 = "da_scale_data_" . $l["token"];
$mem_key2a = "da_scale_sep_strings_" . $l["token"];
$mem_key2b = "da_scale_sep_dates_" . $l["token"];
if (mod_memcache == 1) {
$memcache->delete($mem_key2);
$memcache->delete($mem_key2a);
$memcache->delete($mem_key2b);
} else {
unset($_SESSION['$mem_key2']);
unset($_SESSION['$mem_key2a']);
unset($_SESSION['$mem_key2b']);
}
}
if ($table == $tbl_bd_scale_results) {
$mem_key3 = "bd_scale_data_" . $l["token"];
if (mod_memcache == 1) {
$memcache->delete($mem_key3);
} else {
unset($_SESSION['$mem_key3']);
}
}
//redirect to overview/result page
if ($dataValid == 1 && $scale_data->errno() == 0 && $table == $tbl_da_scale_results) {
$objResponse->redirect(ROOT_DIR . 'analyze/da_scale/index.html');
}
if ($dataValid == 1 && $scale_data->errno() == 0 && $table == $tbl_bd_scale_results) {
$objResponse->redirect(ROOT_DIR . 'analyze/bd_scale/index.html');
}
unset($scale_data);
}
return $objResponse;
}
function _publish_arquivo()
{
global $arquivo;
$objResponse = new xajaxResponse();
if ($arquivo->publish()) {
$objResponse->redirect("el-gallery_view.php?arquivoId={$arquivo->id}");
} else {
$objResponse->alert("Não foi possível publicar o arquivo");
}
return $objResponse;
}
function removeSeat($_draft_id)
{
$objResponse = new xajaxResponse();
#how many are in the draft?
$players = mysql_num_rows(mysql_query("SELECT fk_user_id FROM md_draft2user WHERE fk_draft_id = {$_draft_id}"));
mysql_query("UPDATE md_draft SET max_players = max_players - 1 WHERE max_players > {$players} AND draft_status = 0 AND pk_draft_id = {$_draft_id}");
$draft_info = mysql_fetch_array(mysql_query("SELECT * FROM md_draft\n\t\tWHERE pk_draft_id = {$_draft_id}"));
$drafterlist = drafterList($_draft_id);
$objResponse->assign("drafterlist", "innerHTML", $drafterlist);
if ($players == $draft_info["max_players"]) {
$objResponse->redirect("draft.php?id=" . $_draft_id);
}
return $objResponse;
}
function PasteBlock($sid, $name)
{
$objResponse = new xajaxResponse();
global $userbank, $username;
$sid = (int) $sid;
if (!$userbank->HasAccess(ADMIN_OWNER | ADMIN_ADD_BAN)) {
$objResponse->redirect("index.php?p=login&m=no_access", 0);
$log = new CSystemLog("w", "Hacking Attempt", $username . " tried paste a block, but doesn't have access.");
return $objResponse;
}
require INCLUDES_PATH . '/CServerRcon.php';
//get the server data
$data = $GLOBALS['db']->GetRow("SELECT ip, port, rcon FROM " . DB_PREFIX . "_servers WHERE sid = ?;", array($sid));
if (empty($data['rcon'])) {
$objResponse->addScript("\$('dialog-control').setStyle('display', 'block');");
$objResponse->addScript("ShowBox('Error', 'No RCON password for server " . $data['ip'] . ":" . $data['port'] . "!', 'red', '', true);");
return $objResponse;
}
$r = new CServerRcon($data['ip'], $data['port'], $data['rcon']);
if (!$r->Auth()) {
$GLOBALS['db']->Execute("UPDATE " . DB_PREFIX . "_servers SET rcon = '' WHERE sid = ?;", array($sid));
$objResponse->addScript("\$('dialog-control').setStyle('display', 'block');");
$objResponse->addScript("ShowBox('Error', 'Wrong RCON password for server " . $data['ip'] . ":" . $data['port'] . "!', 'red', '', true);");
return $objResponse;
}
$ret = $r->rconCommand("status");
$search = preg_match_all(STATUS_PARSE, $ret, $matches, PREG_PATTERN_ORDER);
$i = 0;
$found = false;
$index = -1;
foreach ($matches[2] as $match) {
if ($match == $name) {
$found = true;
$index = $i;
break;
}
$i++;
}
if ($found) {
$steam = $matches[3][$index];
$name = $matches[2][$index];
$objResponse->addScript("\$('nickname').value = '" . addslashes($name) . "'");
$objResponse->addScript("\$('steam').value = '" . $steam . "'");
} else {
$objResponse->addScript("ShowBox('Error', 'Can\\'t get player info for " . addslashes(htmlspecialchars($name)) . ". Player is not on the server (" . $data['ip'] . ":" . $data['port'] . ") anymore!', 'red', '', true);");
$objResponse->addScript("\$('dialog-control').setStyle('display', 'block');");
return $objResponse;
}
$objResponse->addScript("SwapPane(0);");
$objResponse->addScript("\$('dialog-control').setStyle('display', 'block');");
$objResponse->addScript("\$('dialog-placement').setStyle('display', 'none');");
return $objResponse;
}
/**
* Logout Funktionalität
*
* @access public
* @author prodigy
* @since 31.12.2008
* @version 0.1a
*/
public function LogOut()
{
$objR = new xajaxResponse();
session_destroy();
$objR->redirect('./');
return $objR;
}
