function section_leaveteam() { require_once 'lib/common.php'; $id = addslashes($_GET['id']); $link = $_GET['link']; $answer = $_GET['answer']; $s_playerid = $_SESSION['playerid']; // Dont let admirarch leave a team. SC request // if( $s_playerid == 2074 ) { // errorpage("No can do"); // return; // } $obj = mysql_fetch_object(sqlQuery("select name, leader from l_team where id={$id}")); echo '<BR>'; if ($answer == "") { if ($s_playerid == $obj->leader) { // Prevent leaders from leaving their own team echo "<center>You can't abandon the magnificient {$obj->name} team, because you are its leader.<BR>\n Please go to your <a href=\"index.php?link=teamadmin&id=" . $id . "&" . SID . "\"><b>team page</b></a>\n and assign another leader first!</center>"; } else { echo '<center>You are about to abandon the magnificient <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team, its members will miss you...<br>'; echo "Please, please, stay in the team!<br>"; echo "Are you really sure you want to abandon this team ?<br><br>"; echo '<TABLE border=0><TR><TD>' . htmlURLbutton('ABANDON', $link, "id={$id}&answer=yes") . '</td><TD> </td><TD>' . htmlURLbutton('CANCEL', $link, "id={$id}&answer=no", CLRBUT) . '</td></tr></table>'; } } else { if ($answer == "yes") { // Remove this player from the team mysql_query("update l_player set team=0 where id=" . $s_playerid); // Open the team, because it needs at least one more player, // but only if it is not administratively closed, or if num players<3 $pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id)); if ($pl->num < 3) { mysql_query("update l_team set status='opened' where id=" . $id); } else { mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $id); } echo "<center>That's it, you are no longer a member of the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team.<br>\n A message has just been sent to the team leader</center>"; session_refresh(); // Send a message to the team leader sendBzMail(0, $obj->leader, $_SESSION['callsign'] . ' has left your team!', 'A player just left your team: "' . $_SESSION['callsign'] . '"'); } else { // Say thank you echo '<BR><center>The <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $obj->name . '</a> team members thank you for being so brave, and continuing the fight!</center>'; } } }
function section_contact() { $obj = mysql_fetch_object(mysql_query("select text from bzl_siteconfig where name='contact'")); echo nl2br($obj->text); echo '<p><TABLE cellspacing=0 align=center><TR><TD colspan=3> <HR>Matches can be reported to any of the following:<BR><BR></td></tr>'; $roles = getRolesWithPermission('show'); $res = sqlQuery("SELECT p.id, p.callsign, r.name as level from l_player p, bzl_roles r \n WHERE r.id = p.role_id AND r.id IN (" . join(',', $roles) . ") ORDER BY level"); while ($row = mysql_fetch_object($res)) { if (++$line % 2) { $cl = "rowEven"; } else { $cl = "rowOdd"; } echo "<tr class=\"{$cl}\"><td width=40% align=right>" . htmlLink($row->callsign, 'playerinfo', "id={$row->id}") . '</td><td width=10></td><td align=left>'; if (isAuthenticated()) { echo htmlURLbutton('BZmail', 'sendmessage', "pid={$row->id}"); } echo '</td></tr>'; } echo '</table>'; }
function section_banplayer() { require_once 'lib/common.php'; $playerid = $_GET['playerid']; $teamid = $_GET['teamid']; $f_okban_x = $_GET['f_okban_x']; $f_ok_x = $_GET['f_ok_x']; $callsign = $_GET['callsign']; $name = $_GET['name']; $link = $_GET['link']; $player = mysql_fetch_object(mysql_query("select callsign from l_player where id=" . $playerid)); $team = mysql_fetch_object(mysql_query("select name from l_team where id=" . $teamid)); // FIXME: Ok, for now I ignore that players with teampassword can ban other // players. This is just a quick fix, before there was NO checks WHATSOEVER // if the operation was allowed // Check permission $allowed = 0; $obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $teamid)); $res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid)); $numplayer = $res->num; if (isFuncAllowed('teamadmin::edit_any_team') || $_SESSION['playerid'] == $obj->leader) { // Admin or team leader, allowed $allowed = 1; } else { // FIXME: This wont work, as the link does not contain the teampassword. /* // Check password $cypher = substr (crypt($f_password, substr($obj->password, 0, 2)), 0, 13); if($cypher == $obj->password) { // Good password, allowed $allowed = 1; } */ errorPage("Permission denied."); return; } if ($f_okban_x) { // Ban confirmed // Open team is not administratively closed, or if num players<3 $pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid)); if ($pl->num == 3) { mysql_query("update l_team set status='opened' where id=" . $teamid); } else { mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $teamid); } mysql_query("update l_player set team=0 where id=" . $playerid); echo '<center>Well <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '">' . $_SESSION['callsign'] . '</a>, <a href="index.php?link=playerinfo&id=' . $playerid . '">' . $callsign . '</a> is no longer a member of the team <a href="index.php?link=teaminfo&id=' . $teamid . '">' . $name . '</a>'; //TODO: reload of page sends multiple messages ... ? echo '<br>A message has just been sent to the user.</center>'; sendBzMail(0, $playerid, 'You have been released!', 'Sorry, but ' . $_SESSION['callsign'] . ' released you from the ' . $team->name . ' team<br>'); } else { if (!$f_ok_x) { // Someone is playing with the headers echo "<center>Hey! Please stop playing with your browser!</center>"; } else { echo '<center>Please confirm that you want to ban <a href="index.php?link=playerinfo&id=' . $playerid . '&' . SID . '">' . $player->callsign . '</a> from the team <a href="index.php?link=teaminfo&id=' . $teamid . '&' . SID . '">' . $team->name . '</a>.</center>'; echo '<center><BR><form method=GET>' . SID_FORM . ' <input type=hidden name=link value=' . $link . '> <input type=hidden name=playerid value=' . $playerid . '> <input type=hidden name=teamid value=' . $teamid . '> <input type=hidden name=callsign value="' . $player->callsign . '"> <input type=hidden name=name value="' . $team->name . '">' . '<table border=0><TR><TD>' . htmlFormButton(' BAN ', 'f_okban_x') . ' </td><TD> ' . htmlURLbutton('Cancel', 'teaminfo', "id={$teamid}", CLRBUT) . ' </td></tr></table> </form></center>'; } } }
function section_entermatch_editIt($mid, $teamA, $teamB, $scoreA, $scoreB, $tsActUnix, $del, $mlen) { snCheck('fights'); section_entermatch_orderResults(&$teamA, &$teamB, &$scoreA, &$scoreB); if (!($old = section_entermatch_queryGetMatch($mid))) { echo '<CENTER>That match does not exist<BR>'; return; } $affected_dates = array(); if ($del) { sqlQuery("UPDATE l_team SET matches = matches - 1 WHERE id IN({$old->team1},{$old->team2})"); sqlQuery("delete from " . TBL_MATCH . " where id = {$mid}"); section_entermatch_dispMatch('Deleted :', $teamA, $teamB, $scoreA, $scoreB, $tsActUnix, $mlen); $affected_dates[] = $old->tsactual; } else { $now = gmdate("Y-m-d H:i:s"); $pid = $_SESSION['playerid']; $tsActStr = date("Y-m-d H:i:s", $tsActUnix); if ($old->team1 == $teamA && $old->team2 == $teamB && $old->score1 == $scoreA && $old->score2 == $scoreB && strtotime($old->tsactual) == $tsActUnix && $old->mlength == $mlen) { echo "<CENTER>No changes made!<BR>"; return; } sqlQuery("UPDATE l_team SET matches = matches - 1 WHERE id IN({$old->team1},{$old->team2})"); sqlQuery("UPDATE l_team SET matches = matches + 1 WHERE id IN({$teamA},{$teamB})"); sqlQuery("update " . TBL_MATCH . " \n set team1={$teamA}, team2={$teamB}, score1={$scoreA}, score2={$scoreB},\n idedit={$pid}, tsactual='{$tsActStr}', tsedit='{$now}', mlength='{$mlen}' where id = {$mid}"); section_entermatch_dispMatch('Changed from:', $old->team1, $old->team2, $old->score1, $old->score2, strtotime($old->tsactual), $old->mlength); section_entermatch_dispMatch(' Changed to:', $teamA, $teamB, $scoreA, $scoreB, $tsActUnix, $mlen); if (ENABLE_SEASONS) { $affected_dates[] = date("Y-m-d H:i:s", $tsActUnix); if ($old->tsactual && $old->tsactual != $tsActStr) { $affected_dates[] = $old->tsactual; } } } section_entermatch_recalcAllRatings(&$affected_dates); foreach ($affected_dates as $d) { section_entermatch_recalcSeasonRatingsByDate($d); } echo '<BR>' . htmlURLbutton('back to matches', 'fights'); }
function section_teaminfo() { require_once 'lib/common.php'; $s_teamid = $_SESSION['teamid']; $s_logedin = isAuthenticated(); $s_level = $_SESSION['level']; $s_playerid = $_SESSION['playerid']; $id = addslashes($_GET['id']); $res = mysql_query("SELECT name, comment, leader, logo, status, score, \n unix_timestamp(status_changed) as status_changed, unix_timestamp(created) as ucreated\n FROM l_team WHERE id='{$id}'"); $team = mysql_fetch_object($res); if (!$team) { echo '<BR><CENTER>Specified team does not exist<BR>'; return; } echo '<TABLE align=center><TR><TD>' . htmlURLbutton('Opponent summary', 'oppsumm', "id={$id}") . '</td>'; // Join this team if opened, and if we are logged and not belonging to any team if ($s_logedin && !$s_teamid && $members < 20 && $team->status == "opened") { echo '<TD>' . htmlURLbutton('Join Team', 'jointhisteam', "id={$id}") . '</td>'; } // Send a message to all the team members if ($s_logedin && $team->status != 'deleted') { echo '<TD>' . htmlURLbutton('Send BZmessage', 'sendmessage', "tid={$id}") . '</td>'; } echo '</tr></table>'; if ($team->status == 'deleted') { echo '<div class=feedback>'; if ($team->status_changed) { echo "<br><center>This team was deleted on " . gmdate('Y-m-d', $team->status_changed) . "</center>"; } else { echo "<br><center>This team is deleted.</center>"; } echo '</div>'; } echo '<BR><table align=center border=0 cellspacing=0 cellpadding=1> <tr><td class=teamName align=center>' . $team->name . '<BR></td></tr>'; // Logo if any if ($team->logo != "") { echo '<tr><td align=center> <table><TR><TD bgcolor=white><img src="' . $team->logo . '"></td></tr></table> <hr></td></tr>'; } // Ratings $act45 = teamActivity($id, 45); $act90 = teamActivity($id, 90); echo '<tr><td> <TABLE align=center> <TR><TD width=50% align=right>Created:</td><td width=10></td><td width=50%>' . gmdate('Y-m-d', $team->ucreated) . '</td></tr> <TR><TD align=right>Rating:</td><td></td><td>' . displayRating($id) . '</td></tr> <TR><TD align=right>Activity:</td><TD></td><td>' . sprintf('%1.2f / %1.2f', $act45, $act90) . '</td></tr> <TR><TD colspan=3 align=center> Average number of games played per day<BR> <NOBR>(exponential moving average over last 45 / 90 days)</nobr></td></tr>'; echo '</td></td></table></td></tr>'; // Matches statistics $sta1 = mysql_fetch_object(mysql_query("select ifnull(sum(if(score1>score2,1,0)),0) win,\n ifnull(sum(if(score1=score2,1,0)),0) draw,\n ifnull(sum(if(score1<score2,1,0)),0) loss\n from " . TBL_MATCH . " where team1={$id}")); $sta2 = mysql_fetch_object(mysql_query("select ifnull(sum(if(score2>score1,1,0)),0) win,\n ifnull(sum(if(score2=score1,1,0)),0) draw,\n ifnull(sum(if(score2<score1,1,0)),0) loss\n from " . TBL_MATCH . " where team2={$id}")); $win = $sta1->win + $sta2->win; $draw = $sta1->draw + $sta2->draw; $loss = $sta1->loss + $sta2->loss; echo "<tr><td align=center><hr>\n <table border=0 cellspacing=0 cellpadding=0 align=center><tr>\n <td align=center>Wins</td><td align=center> Draws </td><td align=center>Losses</td></tr><tr>\n <td align=center>{$win}</td><td align=center>{$draw}</td><td align=center>{$loss}</td>\n </tr></table>\n <hr></td></tr>"; // Comment if any if ($team->comment != "") { echo '<tr><td><ul>' . nl2br($team->comment) . '</ul><hr></td></tr>'; } // Players list $i = 0; if (SHOW_PLAYER_ACTIVE > 0) { $activeDays = SHOW_PLAYER_ACTIVE; } else { $activeDays = 0; } $res = mysql_query("select id, callsign, comment, status, C.flagname, \n last_login > subdate(now(), INTERVAL {$activeDays} DAY) as active\n from l_player\n left join bzl_countries C on country = C.numcode\n where team=" . $id . "\n order by active desc,callsign"); $members = 0; echo '<TR><TD><table border=0 cellspacing=0 cellpadding=0 align=center>'; while ($obj = mysql_fetch_object($res)) { $members++; if (++$i & 1) { $cl = "rowEven"; } else { $cl = "rowOdd"; } echo "<tr class='{$cl}' valign=middle>"; echo "<TD align=right><a href='index.php?link=playerinfo&id={$obj->id}'>{$obj->callsign}</a></td><TD>"; if ($obj->id == $team->leader) { echo ' <img TITLE="Team Leader" src="' . THEME_DIR . 'leader.gif">'; } echo '</td><TD>'; if ($obj->active) { echo ' <img TITLE="Active player (has logged into this site recently)" src="' . THEME_DIR . 'active.gif">'; } echo '</td><TD width=10></td>'; echo '<TD>' . smallflag($obj->flagname) . '</td>'; if ($s_logedin && (isFuncAllowed('teamadmin::edit_any_team') || $s_playerid == $team->leader)) { if ($obj->id != $team->leader) { // Link to ban a player from a team echo '<td align=center>' . htmlURLbutSmall('BAN', 'banplayer', "playerid={$obj->id}&teamid={$id}&f_ok_x=2", ADMBUT) . '</form></td></tr>'; } else { echo '<td> </td></tr>'; } } else { echo '<td> </td></tr>'; } echo "\n"; } echo '</td></tr></table>'; // Show last fights $sql = "SELECT t1.id, t1.name, f.score1, t2.id, t2.name, f.score2, f.tsactual, unix_timestamp(f.tsactual) tstamp_ts \n" . "FROM " . TBL_MATCH . " f, l_team t1, l_team t2 " . "WHERE (f.team1 = '{$id}' OR f.team2 = '{$id}') " . " AND f.team1 = t1.id " . " AND f.team2 = t2.id " . "ORDER BY f.tsactual DESC " . "LIMIT 11 "; $res = sqlQuery($sql); $tmp = ''; $count = 0; while ($row = mysql_fetch_array($res)) { $count++; if ($count < 11) { if (isset($_SESSION['last_login']) && $_SESSION['last_login'] < $row[7]) { $new1 = "<font color=\"red\">"; $new2 = "</font>"; } else { $new1 = ''; $new2 = ''; } if ($count % 2) { $cl = "rowEven"; } else { $cl = "rowOdd"; } $tmp .= "<tr class=\"{$cl}\">"; $tmp .= '<td align="right">' . $new1 . $row[6] . $new2 . '</td>'; if ($row[0] != $id) { $oppid = $row[0]; $oppname = stripslashes($row[1]); $oppscore = $row[2]; $teamscore = $row[5]; } else { $oppid = $row[3]; $oppname = stripslashes($row[4]); $oppscore = $row[5]; $teamscore = $row[2]; } $tmp .= "<td>{$new1}"; $oppname = '<a href="index.php?link=teaminfo&id=' . $oppid . '&' . SID . '">' . $new1 . $oppname . $new2 . '</a>'; if ($oppscore < $teamscore) { $tmp .= "<b>Won</b> against {$oppname}"; } elseif ($oppscore > $teamscore) { $tmp .= "<b>Lost</b> against {$oppname}"; } else { $tmp .= "<b>Tie</b> against {$oppname}"; } $tmp .= " ({$row[2]} - {$row[5]})"; $tmp .= "{$new2}</td>"; $tmp .= "</tr>\n"; } } echo '<tr>'; echo '<td align=center> <br><b>'; if ($count == 1) { echo 'Last match'; } else { if ($count == 11) { echo 'Last 10 matches, view them all <a href="index.php?link=fights&id=' . $id . '&' . SID . '">here</a>'; } elseif ($count == 0) { echo "No matches played"; } else { echo "Last {$count} matches"; } } echo '</b><BR><BR></td></tr><TR><TD>'; echo "<table align=center border=0>{$tmp}</table>"; // Or... edit your team if you are a leader or ad admin, or with a password if you are a member // Team members can't change the password, though... // Unless ofcause the team is deleted if ($team->status == 'deleted') { if ($team->status_changed) { echo "<br><center>This team is deleted as of " . gmdate('Y-m-d', $team->status_changed) . "</center>"; } else { echo "<br><center>This team is deleted.</center>"; } } else { if ($s_logedin && (isFuncAllowed('teamadmin::edit_any_team') || $s_teamid == $id)) { if (!isFuncAllowed('teamadmin::edit_any_team') && $s_playerid != $team->leader) { // Team member, need password echo '<form method=post> <input type=hidden name=link value=teamadmin> <input type=hidden name=id value=' . $id . '> <br><center>Enter team password <input type=password size=8 maxlength=8 name=f_password> and ' . htmlFormButton('Edit Team', 'f_edit_x') . ' </center></form>'; } else { $invites = sqlQuery("SELECT *, l_player.callsign FROM bzl_invites, l_player\n WHERE teamid={$id} AND expires > NOW() AND bzl_invites.playerid = l_player.id"); if (mysql_num_rows($invites) > 0) { echo '<BR><HR>Invitations currently active:<BR><TABLE>'; while ($row = mysql_fetch_object($invites)) { echo '<TR><TD width=25></td><TD>' . playerLink($row->playerid, $row->callsign) . "</td><TD width=10></td><TD>(expires: {$row->expires})</td></tr>"; } echo '</table><HR>'; } // Team leader or admin, let's go echo '<center><BR> ' . htmlURLbutton('Edit Team', 'teamadmin', "id={$id}", ADMBUT) . ' <BR> ' . htmlURLbutton('Dismiss Team', 'dismissteam', "id={$id}", ADMBUT); } } } }
function section_teams() { require_once "lib/common.php"; $s_logedin = isAuthenticated(); $s_teamid = $_SESSION['teamid']; $tacts = teamActivity(null, 45); echo '<BR>'; $res = sqlQuery("\n SELECT l_team.id, l_team.name, l_team.logo, l_team.score, \n player2.callsign leader, player2.id leaderid, \n l_team.status, count(distinct l_player.callsign) numplayers,\n l_team.active = 'yes' activeteam, l_team.matches, l_team.matches > 0 sorter\n FROM l_team, l_player player2, l_player\n WHERE player2.id = l_team.leader \n AND l_team.status != 'deleted' \n AND l_player.team = l_team.id\n GROUP BY l_team.name, l_team.leader, l_team.status, l_team.score\n ORDER BY sorter desc, activeteam desc, l_team.score desc, l_team.name"); echo "<table align=center border=0 cellspacing=0 cellpadding=2>\n <tr class=tabhead align=center>\n <td>Name</td><td>Leader</td><td colspan=2>Members</td>\n <td colspan=2>Rating</td><td>Join</td><TD>Activity</td></tr>"; $separated = 0; $rownum = 0; while ($obj = mysql_fetch_object($res)) { ++$rownum; if ($obj->activeteam == 0 && $separated == 0) { $separated = 1; echo '<tr><td align=center colspan=10><hr><b>Inactive Teams</b></td></tr>'; $rownum = 1; } if ($obj->sorter == 0 && $separated == 1) { $separated = 2; echo '<tr><td align=center colspan=10><hr><b>Did not play any match</b></td></tr>'; $rownum = 1; } if ($obj->logo != '') { $logo = '<img src="' . THEME_DIR . 'islogo.gif">'; } else { $logo = ' '; } if ($s_teamid == $obj->id) { $c = 'myteam'; } elseif ($obj->status == 'deleted') { $c = 'deletedteam'; } else { if ($rownum % 2) { $c = 'rowOdd'; } else { $c = 'rowEven'; } } echo "<TR class='{$c}' valign=middle>"; $teamname = substr($obj->name, 0, 35); $act = $tacts[$obj->id]; echo '<td><a href="index.php?link=teaminfo&id=' . $obj->id . '">' . $teamname . '</a></td> <td><a href="index.php?link=playerinfo&id=' . $obj->leaderid . '&' . SID . '">' . $obj->leader . '</a></td> <td align=center>' . $obj->numplayers . '</td><td>' . $logo . '</td> <td align=left>' . displayRating($obj->id) . '</td>'; if ($separated) { echo '<td> </td>'; } else { echo '<td align=center>(' . $obj->matches . ')</td>'; } // Print join or joinnot, not forgetting we may already belong to a team echo '<TD align=left>'; if ($s_logedin) { if (!$s_teamid) { switch ($obj->status) { case 'opened': if ($obj->numplayers < 20) { echo htmlURLbutSmall('JOIN', 'jointeam', "id={$obj->id}") . '</td>'; } else { echo ' [Closed]</td>'; } break; case 'closed': echo ' [Closed]</td>'; break; default: echo 'Deleted.</td>'; break; } } else { if ($s_teamid == $obj->id) { // if( $_SESSION['playerid'] != 2074 ) // Dont allow Admir to leave (SC request) echo htmlURLbutSmall('Abandon', 'leaveteam', "id={$obj->id}&leader={$obj->leaderid}") . '</td>'; } elseif ($obj->status == 'closed') { echo ' [Closed]</td>'; } elseif ($obj->status == 'deleted') { echo 'deleted.</td>'; } else { echo '</td>'; } } } elseif ($obj->status == 'closed') { echo ' [Closed]</td>'; } else { echo '</td>'; } $act = sprintf('%1.2f', $tacts[$obj->id]); echo "<TD align=center>{$act}</td>"; echo "</tr>"; } echo "</table>"; // Create a new team, if logged in and not a team member if ($s_logedin && !$s_teamid) { echo '<br><center> ' . htmlURLbutton('Create New Team', 'createteam', null) . '</center>'; } }
function section_news_presentForm($id) { echo '<BR><div class=feedback>'; if ($id > 0) { $row = mysql_fetch_object(sqlQuery('select * from ' . TBL_NEWS . " where id={$id}")); echo "EDITING NEWS (id #{$id}, by:{$row->authorname})"; } else { echo "ADDING NEWS"; $row->newsdate = gmdate('Y-m-d H:i:s'); } $link = $_GET['link']; echo '</div><BR>'; echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>\n <input type=hidden name=link value={$link}>\n <input type=hidden name=state value=1>\n <tr><td align=right>Date:</td><TD width=8></td>\n <TD><input type=text size=20 maxlength=20 name=date value='{$row->newsdate}'></td></tr>\n <tr><td align=right valign=top>Text:</td><TD width=8></td>\n <TD><textarea cols=70 rows=10 name=text>{$row->text}</textarea></td></tr>\n <tr><td align=center colspan=3><BR>"; htmlMiniTable(array(htmlFormButton('Submit', '', ADMBUT), $id == 0 ? '' : htmlFormButton('DELETE News', 'del', ADMBUT), htmlURLbutton('Cancel', 'newsadmin', null, CLRBUT)), 8); echo '</td></tr></form></table>'; }
function section_bzforums() { require_once 'lib/common.php'; $allowDelete = isFuncAllowed('post_delete'); $allowNew = isFuncAllowed('post_new'); $allowReply = isFuncAllowed('post_reply'); $allowEdit = isFuncAllowed('post_edit'); $allowLock = isFuncAllowed('topic_lock'); $allowSticky = isFuncAllowed('topic_sticky'); $allowTDelete = isFuncAllowed('topic_delete'); $allowViewDeleted = isFuncAllowed('topic_view_deleted'); $showRoles = isFuncAllowed('show_roles'); $POSTSPERPAGE = 10; $link = 'bzforums'; $utcNOW = gmdate("Y-m-d H:i:s"); // Variables: // top = which post is first on the page i think $vars = array('top', 'threadid', 'forumid', 'id', 'action'); foreach ($vars as $var) { ${$var} = $_REQUEST[$var]; } // Get and print the forum title if (isset($forumid)) { $row = mysql_fetch_object(mysql_query("select title, status from l_forum where id={$forumid}")); echo 'Forum: <a href="index.php?link=' . $link . '&' . SID . '"> <font size=+1>BZforums</font></a><font size=+1><i> / </i></font> <a href="index.php?link=' . $link . '&forumid=' . $forumid . '&' . SID . '"> <font size=+1>' . $row->title . '</font></a><hr>'; if ($row->status != 'Open') { print "This forum is not accessible. Sorry"; return; } } // check if we need to change permissions (eg, disallow reply/post for locked topics) if (isset($threadid)) { $threadid = intval($threadid); $row = mysql_fetch_object(mysql_query("select status, is_sticky from l_forumthread where id={$threadid}")); if ($row->status == 'locked' && !isAdmin()) { $allowNew = false; $allowReply = false; } elseif ($row->status == 'deleted' && !$allowViewDeleted) { errorPage('This topic is deleted'); return; } $threadstatus = $row->status; $threadsticky = $row->is_sticky; } // Perform deletion if ($allowDelete && $action == 'delete2' && $id != '') { $id = intval($id); mysql_query("DELETE FROM l_forummsg WHERE msgid = '{$id}' LIMIT 1") or die(mysql_error()); // Check if there is any message left for that thread $threadid = intval($threadid); $res = mysql_query("SELECT count(1) FROM l_forummsg WHERE threadid = '{$threadid}'") or die(mysql_error()); $row = mysql_fetch_row($res); if ($row[0] == 0) { // No messages in thread: deleting thread - jumo to threadlist mysql_query("DELETE FROM l_forumthread WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error()); header("Location: index.php?link=bzforums&forumid={$forumid}"); exit; } $action = ''; } elseif ($action == 'lock') { $threadid = intval($threadid); if (!$allowLock) { errorPage("You are not allowed to lock topics"); return; } mysql_query("UPDATE l_forumthread SET status = 'locked', status_by = {$_SESSION['playerid']}, \n status_at = '{$utcNOW}' WHERE id = '{$threadid}' and status != 'locked' LIMIT 1") or die(mysql_error()); $action = ''; $threadstatus = 'locked'; } elseif ($action == 'revive') { $threadid = intval($threadid); if (!$allowLock && $threadstatus == 'locked') { errorPage("You are not allowed to unlock topics"); return; } if (!$allowTDelete && $threadstatus == 'deleted') { errorPage("You are not allowed to undelete topics"); return; } mysql_query("UPDATE l_forumthread SET status = 'normal', \n status_by = {$_SESSION['playerid']}, status_at = '{$utcNOW}' WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error()); $action = ''; $threadstatus = 'normal'; } elseif ($action == 'deletetopic') { $threadid = intval($threadid); if (!$allowTDelete) { errorPage("You are not allowed to delete topics"); return; } mysql_query("UPDATE l_forumthread SET status = 'deleted', status_by = {$_SESSION['playerid']}, \n status_at = '{$utcNOW}' WHERE id = '{$threadid}' and status != 'deleted' LIMIT 1") or die(mysql_error()); $action = ''; $threadstatus = 'deleted'; } elseif ($action == 'sticky') { $threadid = intval($threadid); if (!$allowSticky) { errorPage("You are not allowed to use sticky"); return; } mysql_query("UPDATE l_forumthread SET is_sticky = 1 WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error()); $action = ''; $threadsticky = 1; } elseif ($action == 'unsticky') { $threadid = intval($threadid); if (!$allowSticky) { errorPage("You are not allowed to use sticky"); return; } mysql_query("UPDATE l_forumthread SET is_sticky = 0 WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error()); $action = ''; $threadsticky = 0; } elseif ($action == 'new' || $action == 'reply' || $action == 'edit') { if ($action == 'new' && !$allowNew) { errorPage("You are not allowed to post new topics"); return; } elseif ($action == 'reply' && !$allowReply) { errorPage("You are not allowed to reply"); return; } elseif ($action == 'edit' && !$allowEdit) { errorPage("You are not allowed to edit"); return; } echo '<form method=post name="post" action="index.php">' . SID_FORM; echo '<input type=hidden name=threadid value=' . $threadid . '>'; echo '<input type=hidden name=link value="' . $link . '">'; echo '<input type=hidden name=forumid value=' . $forumid . '>'; echo '<input type=hidden name=id value=' . $id . '>'; echo '<input type=hidden name=top value=' . $top . '>' . snFormInit(); echo '<table border=0 align=center cellspacing=0 cellpadding=0>'; echo '<tr class=tablehead><td colspan=2 align=center>'; if ($action == 'new') { echo 'New Topic'; } elseif ($action == 'reply') { echo 'New Reply'; } else { echo "Edit message"; } echo '</td></tr>'; echo '<tr><td>Subject: </td><td>'; if ($action == 'new') { print '<input type=text name=subject size=50 maxlength=80>'; } else { $row = mysql_fetch_object(mysql_query("select subject from l_forumthread where id={$threadid}")); echo '<i>' . $row->subject . '</i>'; } print '</td></tr>'; echo '<tr><td valign="top">Message</td><td>'; if ($action == 'edit') { $id = intval($id); $row = mysql_fetch_object(mysql_query("select msg from l_forummsg where msgid={$id}")); print '<textarea cols=50 rows=10 name=forummsg>' . htmlspecialchars($row->msg) . '</textarea>'; } else { print '<textarea cols=50 rows=10 name=forummsg></textarea>'; } print '</td></tr>'; // Form buttons echo '<tr><td colspan=2 align=center>' . htmlFormButton('OK', 'save_' . $action) . ' ' . htmlFormButton('Cancel', 'cancel', CLRBUT) . '</td></tr>'; print '<tr><td>Smiley:</td><td align="middle">'; $res = mysql_query("select image, code from l_smiley GROUP BY image") or die(mysql_error()); while ($row = mysql_fetch_object($res)) { print '<a href="#" onclick="javascript:document.post.forummsg.value += \' ' . $row->code . '\'"><img border=0 src="' . THEME_DIR . 'smilies/' . $row->image . '" border=0/></a> '; } print "</tr>"; echo '</table></form>'; } elseif (isset($_POST['save_new'])) { $forummsg = section_bzforums_stripExtraLF($_POST['forummsg']); $subject = $_POST['subject']; // New topic if ($allowNew) { mysql_query("INSERT INTO l_forumthread (id,forumid,creatorid,subject) VALUES(0, {$forumid}, {$_SESSION['playerid']}, '" . $subject . "')") or die(mysql_error()); $threadid = mysql_insert_id(); mysql_query("insert into l_forummsg(msgid,threadid,fromid,msg,datesent) \n values(0, {$threadid}, {$_SESSION['playerid']}, '" . $forummsg . "', '{$utcNOW}')") or die(mysql_error()); session_refresh_all(); } else { errorPage("You are not allowed to post new topics"); return; } } elseif (isset($_POST['save_reply'])) { $forummsg = section_bzforums_stripExtraLF($_POST['forummsg']); if ($allowReply) { snCheck('bzforums', "forumid={$forumid}&threadid={$threadid}"); mysql_query("insert into l_forummsg(msgid,threadid,fromid,msg,datesent) \n values(0, {$threadid}, {$_SESSION['playerid']}, '" . $forummsg . "', '{$utcNOW}')"); session_refresh_all(); } else { errorPage("You are not allowed to reply"); return; } } elseif (isset($_POST['save_edit'])) { $forummsg = section_bzforums_stripExtraLF($_POST['forummsg']); if ($allowReply) { $id = intval($id); snCheck('bzforums', "forumid={$forumid}&threadid={$threadid}"); // mysql_query("UPDATE l_forummsg SET msg = '$forummsg' WHERE msgid = '$id'"); mysql_query("UPDATE l_forummsg SET msg = '{$forummsg}', status = 'edited', \n status_by = {$_SESSION['playerid']}, status_at = '{$utcNOW}' WHERE msgid = '{$id}'"); session_refresh_all(); } else { errorPage("You are not allowed to edit"); return; } } if (isset($threadid)) { // Display a thread // Control buttons // 06/28/2002: $POSTSPERPAGE posts/page max. if (!isset($top)) { $top = 0; $newtop = 0; } if ($top == "") { $top = 0; $newtop = 0; } if ($action == '') { echo '<TABLE align=right><TR>'; if ($allowReply && $threadstatus != 'deleted') { echo '<td>' . htmlURLbutton('Add Reply', $link, "forumid={$forumid}&threadid={$threadid}&action=reply&top={$top}") . '</td>'; } if ($allowLock && $threadstatus != 'locked') { echo '<td>' . htmlURLbutton('Lock topic', $link, "forumid={$forumid}&threadid={$threadid}&action=lock&top={$top}", ADMBUT) . '</td>'; } if ($allowTDelete && $threadstatus != 'deleted') { echo '<td>' . htmlURLbutton('Delete topic', $link, "forumid={$forumid}&threadid={$threadid}&action=deletetopic&top={$top}", ADMBUT) . '</td>'; } if ($allowLock && $threadstatus == 'locked' || $allowTDelete && $threadstatus == 'deleted') { echo '<td>' . htmlURLbutton('Revive topic', $link, "forumid={$forumid}&threadid={$threadid}&action=revive&top={$top}", ADMBUT) . '</td>'; } if ($allowSticky) { if ($threadsticky) { echo '<td>' . htmlURLbutton('Remove sticky', $link, "forumid={$forumid}&threadid={$threadid}&action=unsticky&top={$top}", ADMBUT) . '</td>'; } else { echo '<td>' . htmlURLbutton('Make sticky', $link, "forumid={$forumid}&threadid={$threadid}&action=sticky&top={$top}", ADMBUT) . '</td>'; } } echo '</tr></table><BR clear=all>'; } $temp = mysql_fetch_object(mysql_query("select count(msgid) num from l_forummsg where threadid={$threadid}")); $numpost = $temp->num; $numpages = floor(($numpost + $POSTSPERPAGE - 1) / $POSTSPERPAGE); $curpage = $top / $POSTSPERPAGE + 1; $res = sqlQuery("select msgid, msg, datesent, l_forummsg.status, status_at, l_player.id pid, \n player2.callsign as editedby, l_player.callsign, r.name as role\n from (l_forummsg, l_player, bzl_roles r)\n LEFT JOIN l_player player2 ON player2.id = status_by\n where threadid={$threadid}\n and fromid = l_player.id\n and l_player.role_id = r.id\n order by datesent\n limit {$top}, {$POSTSPERPAGE}"); // Table header $sub = mysql_fetch_object(mysql_query("select subject, status from l_forumthread where id={$threadid}")); echo '<table align=center border=1 cellspacing=0 cellpadding=1>'; if ($threadsticky) { $status = '<b>Sticky</b> '; } else { $status = ''; } if ($sub->status == 'locked') { $status .= '<b>Locked</b> '; } elseif ($sub->status == 'deleted') { $status .= '<b>Deleted</b> '; } echo '<tr class=tabhead><td colspan=3><font size=+1>' . $status . '<i>' . smileys($sub->subject) . '</i></font>'; // Display pages if multiple pages and not adding a post if ($numpages > 1 && !isset($addpost)) { echo '<div align=right>'; for ($i = 1; $i <= $numpages; $i++) { if ($i == $curpage) { echo $i . ' '; } else { $newtop = ($i - 1) * $POSTSPERPAGE; echo '<a href="index.php?link=' . $link . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $newtop . '&' . SID . '">' . $i . '</a> '; } } echo '</div>'; } echo '</td></tr>'; echo '<tr class=tablehead><td>Author</td><td>Message</td></tr>'; $cf = 1; while ($row = mysql_fetch_object($res)) { echo '<tr class=forum' . $cf . '>'; echo '<td valign=top rowspan="' . ($allowDelete ? 2 : 1) . '"><a href="index.php?link=playerinfo&id=' . $row->pid . '&' . SID . '">' . $row->callsign . '</a>'; if ($showRoles) { print " <small>({$row->role})</small>"; } echo '<br><font size=-2>(' . $row->datesent . ')</font></td>'; $msgbody = smileys(wordwrap(nl2br(htmlspecialchars($row->msg)), 75, " ", true)); // DMP 19oct2007: Added wordwrap to break annoyingly long lines $highlight = false; // Setup available commands // Comamnds: If a ALL key exists, it will be the only one showed, otherwise all elements is shown $commands = array(); if ($allowDelete) { if ($action == 'delete' && $id == $row->msgid) { $highlight = true; $commands['ALL'] = 'Confirmation: ' . htmlLink('Delete', 'bzforums', 'action=delete2&id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top) . ' OR ' . htmlLink('Cancel?', 'bzforums', 'id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top); } else { $commands[] = htmlLink('[delete]', 'bzforums', 'action=delete&id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top); } } if ($allowEdit) { $commands[] = htmlLink('[edit]', 'bzforums', 'action=edit&id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top); } if ($highlight) { echo '<td valign=top><font color=red>' . $msgbody . '</font>'; } else { echo '<td valign=top>' . $msgbody; } if ($row->status == 'edited') { echo "<BR><small>(Message edited by {$row->editedby} at: {$row->status_at})</small>"; } echo '</td></tr>'; // Show commands if any if (count($commands)) { // if action is set dont show i$commands unless it contains 'ALL' if ($action != '' && isset($commands['ALL']) || $action == '') { echo '<tr><td align="right" colspan="2" valign=top><small>' . (isset($commands['ALL']) ? $commands['ALL'] : join(' ', $commands)) . '</small></td></tr>'; } else { echo '<tr></tr>'; } } $cf = 3 - $cf; } echo '</table>'; if ($curpage < $numpages) { echo '<CENTER><BR>' . htmlURLbutSmall("NEXT Page", $link, "forumid={$forumid}&threadid={$threadid}&top=" . $curpage * $POSTSPERPAGE); } } else { if (isset($forumid) && !isset($addpost)) { // Display specific forum // Control buttons if ($allowNew) { echo '<div align=right>' . htmlURLbutton('New Topic', $link, "forumid={$forumid}&action=new&top={$top}") . '</div>'; } if ($allowViewDeleted) { $viewClause = ''; } else { $viewClause = "AND l_forumthread.status != 'deleted' "; } $res = mysql_query("select l_forumthread.id,l_forumthread.subject, l_player.id pid, \n l_player.callsign, max(l_forummsg.datesent) ds, \n unix_timestamp(max(l_forummsg.datesent)) datesent_ts,\n l_forumthread.status, \n l_forumthread.status_at,\n splayer.callsign as status_by, l_forumthread.is_sticky\n from (l_forumthread, l_forummsg, l_player, l_player l_player2)\n left join l_player splayer ON (splayer.id = l_forumthread.status_by)\n where l_forumthread.forumid={$forumid}\n and l_forumthread.creatorid = l_player.id\n {$viewClause}\n and l_forumthread.id = l_forummsg.threadid\n and l_player2.id = l_forummsg.fromid\n group by l_forumthread.id, l_forumthread.subject, l_player.id, l_player.callsign\n order by l_forumthread.is_sticky DESC, ds desc") or die(mysql_error()); // Table header echo '<table align=center border=1 cellspacing=0 cellpadding=1>'; echo '<tr class=tabhead><td width=50%>Topic</td><td align=center>Replies</td><td align=center>Last Comment</td><td align=center>Started by</td></tr>'; while ($row = mysql_fetch_object($res)) { // Get the last author for this topic $la = mysql_fetch_object(mysql_query("select l_player.id pid, l_player.callsign\n from l_player, l_forummsg\n where threadid = {$row->id}\n and fromid = l_player.id\n order by datesent desc\n limit 0, 1")); $nr = mysql_fetch_object(mysql_query("select count(*)-1 num\n from l_forummsg\n where threadid = " . $row->id)); echo '<tr><td>'; if ($row->is_sticky == 1) { print '<b>STICKY</b> '; } if ($row->status == 'locked') { echo '<b>LOCKED</b>; '; } elseif ($row->status == 'deleted') { echo '<b>DELETED</b>; '; } echo '<a href="index.php?link=' . $link . '&forumid=' . $forumid . '&threadid=' . $row->id . '&' . SID . '">'; if (empty($row->subject)) { $row->subject = '(no subject)'; } if (isset($_SESSION['last_login']) && $_SESSION['last_login'] < $row->datesent_ts) { echo '<font color="red"><b>' . smileys($row->subject) . '</b></font></a>'; } else { echo smileys($row->subject) . '</a>'; } $numpages = floor(($nr->num + 1 + $POSTSPERPAGE - 1) / $POSTSPERPAGE); if ($numpages > 1) { echo ' (<img src="' . THEME_DIR . '/multipage.gif"> '; for ($i = 2; $i <= $numpages; $i++) { $t = ($i - 1) * 10; echo '<a href="index.php?link=' . $link . '&top=' . $t . '&forumid=' . $forumid . '&threadid=' . $row->id . '&' . SID . '">' . $i . '</a> '; } echo ')'; } if ($row->status != 'normal') { if (!$row->status_by) { $row->status_by = 'SYSTEM'; } echo "<br /><small>by {$row->status_by} at {$row->status_at}</small>"; } echo '</td> <td align=center>' . $nr->num; echo '</td> <td align=center>' . $row->ds . '<br>by <a href="index.php?link=playerinfo&id=' . $la->pid . '&' . SID . '">' . $la->callsign . '</a></td> <td align=center><a href="index.php?link=playerinfo&id=' . $row->pid . '&' . SID . '">' . $row->callsign . '</a></td> </tr>'; } echo '</table>'; } elseif ($action == '') { // Display forums list $res = mysql_query("select l_forum.id, l_forum.title, ifnull(max(l_forummsg.datesent),'n/a') md, count(l_forummsg.msgid) num,\n unix_timestamp(max(l_forummsg.datesent)) as datesent_ts\n from l_forum \n left join l_forumthread on (l_forum.id = l_forumthread.forumid AND l_forumthread.status != 'deleted')\n left join l_forummsg on l_forumthread.id = l_forummsg.threadid\n where l_forum.status = 'open'\n group by l_forum.id, l_forum.title\n order by title") or die(mysql_error()); echo '<table align=center border=0 cellspacing=0 cellpadding=1> <tr class=tabhead><td>Forums</td><td align=right># Posts</td><td align=center>Last Comment</td></tr>'; while ($row = mysql_fetch_object($res)) { echo '<tr><td><a href="index.php?link=' . $link . '&forumid=' . $row->id . '&' . SID . '">'; if (isset($_SESSION['last_login']) && $_SESSION['last_login'] < $row->datesent_ts) { echo "<font color=\"red\">" . $row->title . "</font>"; } else { echo $row->title; } echo '</a></td><td align=center>' . $row->num . '</td><td align=center>' . $row->md . '</td></tr>'; } echo '</table>'; } } }
function section_playerinfo_displayPlayer(&$se) { $s_level = $_SESSION['level']; $s_logedin = isAuthenticated(); $s_playerid = $_SESSION['playerid']; $s_leader = $_SESSION['leader']; $s_teamid = $_SESSION['teamid']; $editAny = isFuncAllowed('edit_any_players'); echo '<table width=90% align=center border=0 cellspacing=0 cellpadding=1> <tr><td class=playername align=center>' . $se->callsign . '<BR><BR></td></tr>'; // Logo if any if ($se->logo != "") { echo '<tr><td align=center>' . section_playerinfo_dispLogo($se->logo, $se->logobg) . '<hr></td></tr>'; } // Bio if any if ($se->comment != "") { echo "<tr><td class=playerbio>" . nl2br($se->comment) . "<hr></td></tr>"; } // misc info .... echo '</td></tr><TR><TD><table align=center><TR><TD width=100 valign=top align=left>'; if ($se->flagname) { echo '<img src="' . FLAG_DIR . "c-{$se->flagname}.gif\">"; } echo '</td><TD><TABLE>'; // Team if any if ($se->teamname != "") { echo "<tr><td>"; if ($se->leader == $se->id) { $d = '<nobr>Leader (<img src="' . THEME_DIR . 'leader.gif">) of team</nobr>'; } else { $d = "<nobr>Member of team</nobr>"; } section_playerinfo_tab2($d, htmlLink($se->teamname, 'teaminfo', "id={$se->teamid}")); } else { echo "<tr><td align=center colspan=2>Does not belong to any team</td></tr>"; } if ($se->altnik1 || $se->altnik2) { if ($se->altnik1 && $se->altnik2) { $plural = 's'; $niks = $se->altnik1 . ', ' . $se->altnik2; } else { if ($se->altnik1) { $niks = $se->altnik1; } else { $niks = $se->altnik2; } } section_playerinfo_tab2("<nobr>Alternate callsign{$plural}</nobr>", $niks); } if ($se->countryname) { $loc = $se->countryname; if ($se->stateabbr) { $loc .= ' ('; if ($se->city) { $loc .= $se->city . ', '; } $loc .= "{$se->stateabbr})"; } section_playerinfo_tab2('Location', $loc); } if ($se->utczone || $se->zonename) { section_playerinfo_tab2('Time zone', 'GMT ' . section_playerinfo_numPlus($se->utczone) . " ({$se->zonename})"); } section_playerinfo_tab2('Site Member Since', date('Y-m-d', $se->created)); if (isset($se->last_login)) { section_playerinfo_tab2('Last login', date('Y-m-d H:i', $se->last_login)); } echo '<TR><TD colspan=2><HR></td></tr>'; if ($se->emailpub == 'Y') { section_playerinfo_tab2('email', section_playerinfo_obsMail($se->email)); } section_playerinfo_tab2('AIM', $se->aim); section_playerinfo_tab2('IRC', $se->ircnik1); section_playerinfo_tab2('ICQ', $se->icq); section_playerinfo_tab2('YIM', $se->yim); section_playerinfo_tab2('MSM', $se->msm); section_playerinfo_tab2('Jabber', $se->jabber); echo '</table></td><TD width=50></td></tr></table></tr>'; // Frequentation statistics if ($se->status != 'deleted') { echo '<tr><td><BR><BR>'; section_playerinfo_Frequentation($se->id); echo '<BR></td></tr>'; } if ($se->status != 'deleted') { // Send a message to this player (but not to myself!) if ($s_logedin && $s_playerid != $se->id) { echo '<tr><td><hr></td></tr><tr align=center><td><TABLE><TR><TD>' . htmlURLbutton('SEND BZmessage', 'sendmessage', "pid={$se->id}"); // If I am a team leader, and my team is not full, I can invite him if (isAuthenticated() && $_SESSION['leader']) { // Check if my team full $team = mysql_fetch_object(mysql_query("select count(*) as num from l_player where team={$s_teamid}")); if ($team->num < 20) { $mytn = queryGetTeamName($s_teamid); echo '<TD width=5></td><TD>' . htmlURLbutton("INVITE to {$mytn}", 'invite', "id={$se->id}") . '</td>'; } } echo '</tr></table></td></tr>'; } // Administrators and owner can edit a player if ($s_logedin && ($editAny || $s_playerid == $se->id)) { if ($editAny && $s_playerid != $se->id) { $class = ADMBUT; } echo '<tr><td align=center><hr><TABLE><TR><TD>' . htmlURLbutton('Edit Profile', 'playeradmin', "id={$se->id}&edt_st=1", $class); if (isFuncAllowed('visitlog::visit_log')) { echo '</td><TD width=5></td><TD>' . htmlURLbutton('Visits', 'visitlog', "id={$se->id}", ADMBUT); } if (isFuncAllowed('deleteplayer::delete_player') && $se->role_id != ADMIN_PERMISSION) { echo '</td><TD width=5></td><TD>' . htmlURLbutton('DELETE Player', 'deleteplayer', "id={$se->id}", ADMBUT); } echo '</td></tr></table></td></tr>'; } } echo "</table>"; }
function section_teamadmin() { require_once 'lib/common.php'; $TEAMSIZE = 20; $vars = array('id', 'f_password', 'f_ok_x', 'f_comment', 'f_logo', 'f_name', 'f_status', 'f_password1', 'f_password2', 'link', 'f_leader'); foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } // Check permission $allowed = 0; $obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $id)); $res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id)); $numplayer = $res->num; if (isFuncAllowed('edit_any_team') || $_SESSION['playerid'] == $obj->leader) { // Admin or team leader, allowed $allowed = 1; } else { // Check password $cypher = substr(crypt($f_password, substr($obj->password, 0, 2)), 0, 13); if ($cypher == $obj->password) { // Good password, allowed $allowed = 1; } } echo '<BR>'; if ($obj->status == 'deleted') { echo "<center>Sorry, you cannot edit a deleted team.</center>"; } else { if (!$allowed) { echo "<center>Sorry, you don't have the permission to edit the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team, or you entered an incorrect password.</center>"; } else { if ($f_ok_x) { $f_comment = stripslashes($f_comment); $f_logo = stripslashes($f_logo); $f_name = stripslashes($f_name); $f_status = stripslashes($f_status); } else { $f_comment = $obj->comment; $f_logo = $obj->logo; $f_name = $obj->name; $f_status = $obj->status; } $error = 1; if ($f_ok_x) { $error = 0; // Check password if ($f_password1 != $f_password2) { $error = 1; echo "<div class=error>The passwords don't match</div>"; } else { if ($f_password1 != "") { $cypher = ", password='******'$1') . "'"; } else { $cypher = ""; } } // Check duplicate team names $res = mysql_query("select name from l_team where id!={$id} and name=\"" . addslashes($f_name) . "\""); if (mysql_num_rows($res) != 0) { $error = 1; echo "<div class=error>A team with this name: '{$f_name}' already exists</div>"; $f_name = $obj->name; } // Check empty team name if ($f_name == '') { $error = 1; echo "<div class=error>The team name can't be empty</div>"; $f_name = $obj->name; } // Check logo //$msg = checkLogoSize($f_logo); $msg = ''; if ($msg != '') { $error = 1; echo "<div class=error>{$msg}</div>"; } } if ($error) { echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>"; // Hidden fields echo '<input type=hidden name=f_password value="' . $f_password . '">'; echo '<input type=hidden name=link value="' . $link . '">'; if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { // Admins and leaders can change the team name echo '<tr><td>Team name:</td><td><input name=f_name size=40 maxlength=40 value="' . $f_name . '"></td></tr>'; } else { echo "<tr><td align=center colspan=2 class=tablehead><div class=teamname><b>" . $obj->name . "</b></div><input type=hidden name=f_name value=\"{$f_name}\"></td></tr>"; } // Logo if ($obj->logo != "") { echo '<tr><td align=center colspan=2><BR><img src="' . $obj->logo . '"></td></tr>'; } echo '<tr><td>Logo URL (400x300 max!):</td><td><input type=text size=60 maxlength=200 name=f_logo value="' . $f_logo . '"></td></tr>'; echo "<tr><td colspan=2><hr></td></tr>"; // Admin and leaders can change the team password if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { // Password echo '<tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password1 value="' . $f_password1 . '"> (leaving the fields empty will keep the current password)</td></tr> <tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password2 value="' . $f_password2 . '"></td></tr> <tr><td colspan=2><hr></td></tr>'; } // Admin and leaders can change the team status if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { if ($numplayer >= 3 && $numplayer < $TEAMSIZE) { // Can change status IF there are 3 players or more echo "<tr><td>Team status:</td><td><select name=f_status>"; if ($f_status == 'opened') { echo '<option selected value=opened>opened</option> <option value=closed>closed</option>'; } else { echo '<option value=opened>opened</option> <option selected value=closed>closed</option>'; } echo "</select></td></tr>"; } else { if ($numplayer == 1) { $typo = 'player'; } else { $typo = 'players'; } echo '<input type=hidden name=f_status value="' . $obj->status . '">'; echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . ' (forced because you have ' . $numplayer . ' ' . $typo . ')</td></tr>'; } } else { echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . '</td></tr>'; } if (isAdmin() || $_SESSION['playerid'] == $obj->leader) { echo "<tr>"; echo "<td>Leader</td>"; echo "<td><select name=\"f_leader\">"; $sql = "SELECT id, callsign FROM l_player WHERE team = '{$id}' ORDER by callsign"; $res = mysql_query($sql); while ($row = mysql_fetch_row($res)) { if ($row[0] == $obj->leader) { print "<option value=\"\" SELECTED>" . stripslashes($row[1]) . " (current leader)</option>"; } else { print "<option value=\"{$row[0]}\">" . stripslashes($row[1]) . "</option>"; } } echo "</select>"; echo "</td>"; echo "</tr>"; } // Comment echo '<tr><td colspan=2>Comment:<br><textarea name=f_comment cols=50 rows=6>' . $f_comment . '</textarea></td></tr> <tr><td colspan=2><hr></td></tr> <tr><td align=center colspan=2><table><tr><td>' . htmlFormButton(' OK ', 'f_ok_x') . '</td><td width=8></td><td>' . htmlURLbutton('Cancel', 'teaminfo', "id={$id}", CLRBUT) . '</td></tr></table></td></tr></table></form>'; } else { // Update the table if (!empty($f_leader)) { $sql = "SELECT 1 FROM l_player WHERE id = '{$f_leader}' AND team = {$id} "; $res = mysql_query($sql); if (mysql_fetch_row($res)) { $_SESSION['leader'] = $f_leader == $_SESSION['playerid'] ? 1 : 0; $f_leader = 'leader = ' . $f_leader . ', '; } else { $f_leader = ''; } } else { $f_leader = ''; } if ($f_status == '') { $f_status = 'opened'; } if ($f_status != $obj->status) { // Changed the status if ($f_status == 'closed') { $adminclosed = 'yes'; } else { $adminclosed = 'no'; } } else { // Keep current status $adminclosed = $obj->adminclosed; } sqlQuery($sql = 'update l_team set logo="' . addSlashes($f_logo) . '", comment="' . addSlashes($f_comment) . '" ' . $cypher . ', name="' . addSlashes($f_name) . '", adminclosed="' . $adminclosed . '", ' . $f_leader . ' status="' . $f_status . '" where id=' . $id); echo '<BR><center>Thank you, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a>, for updating the <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $f_name . '</a> team.</center>'; // If changed the team name, inform the team members if ($f_name != $obj->name) { echo '<center>You changed the team name, we inform your team members.</center>'; sendBzMail(0, $id, 'Team renamed!', '<center>---ADMINISTRATIVE MESSAGE---</center><br>' . $_SESSION['callsign'] . ' just changed the name of your team from <i>' . $obj->name . '</i> to <i>' . $f_name . '</i>.', true, true); } } } } }
function section_messages() { $vars = array('del', 'delbulk', 'checknum', 'read', 'link', 'read'); foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } echo '<BR>'; if (isAuthenticated()) { $_SESSION['last_msg_read_ts'] = time(); $_SESSION['new_mail'] = 0; if (isset($del)) { mysql_query("delete from l_message\n where msgid={$del}\n and toid={$_SESSION['playerid']}"); } if (isset($delbulk)) { $numdel = 0; for ($i = 0; $i < $checknum; $i++) { $delid = $_POST["del" . $i]; if (isset($delid)) { $numdel++; mysql_query("delete from l_message where msgid={$delid} and toid={$_SESSION['playerid']}"); } } if ($numdel != 1) { $esse = 's'; } else { $esse = ''; } echo "<center>Deleted {$numdel} message{$esse}.</center><BR>"; } if (isset($read)) { // Display one message $res = sqlQuery("select l_player.callsign sender, l_message.status as msgstat, fromid, datesent, subject, msg, htmlok, l_message.team\n from l_message\n left join l_player\n on id = fromid\n where toid={$_SESSION['playerid']}\n and msgid={$read}"); if (mysql_num_rows($res) == 0) { return errorPage('no messages found'); } else { // Display the message $msg = mysql_fetch_object($res); echo '<table width=80% align=center border=0 cellspacing=0 cellpadding=1> <tr class=tabhead><td align=right width=10><nobr>Date sent:</nobr></td><TD width=6></td><TD>' . $msg->datesent . '</td></tr>'; if ($msg->sender == '') { // Administrative message echo '<tr class=tabhead><td align=right>From: </td><TD></td><TD><b>CTF League System</b></td></tr>'; } else { echo '<tr class=tabhead><td align=right>From: </td><TD></td><TD><a href="index.php?link=playerinfo&id=' . $msg->fromid . '&' . SID . '">' . $msg->sender . '</a></td></tr>'; } if ($msg->subject == '') { $subject = 'No subject'; } else { $subject = stripslashes($msg->subject); } echo '<tr class=tabhead><td align=right>Subject:</td><TD></td><TD>' . wordwrap(htmlentities($subject), 40, '<br>') . '</td></tr>'; echo '<tr><td align=right valign=top><BR>Message:</td><TD></td><TD><BR><TABLE width=100% cellpadding=10 style="border: solid 1px"><TR><TD>'; if ($msg->sender == '' || $msg->htmlok > 0) { // if admin message, allow html echo nl2br($msg->msg); } else { echo nl2br(htmlentities($msg->msg)); } echo '</td></tr></table></td></tr></table>'; if ($msg->msgstat == 'new') { --$_SESSION['mail_unread']; // Set message as read mysql_query("update l_message set status='read' where msgid={$read}"); } // Display buttons: delete goback reply echo '<br><TABLE align=center><TR valign=top>'; // Can't reply to administrative messages if ($msg->sender != '') { echo '<TD><form method=post action="index.php">' . SID_FORM; echo '<input type=hidden name=link value=sendmessage>'; echo '<input type=hidden name=pid value=' . $msg->fromid . '>'; echo '<input type=hidden name=toteam value="' . $msg->team . '">'; echo '<input type=hidden name=reply value=1>'; echo '<input type=hidden name=mid value=' . $read . '>'; echo htmlFormButton('Reply', 'reply_direct') . '</td>'; if ($msg->team == 'yes') { echo '<td width=10></td><td>' . htmlFormButton('Reply To Team', 'reply_team') . '</td>'; } echo '</form><TD width=10></td>'; } echo '<TD>' . htmlURLbutton('Delete', 'messages', "del={$read}") . '</td><TD width=10></td><TD>' . htmlURLbutton('Back', 'messages', null, CLRBUT) . '</td></tr></table>'; } } else { // Display all messages $res = mysql_query("select msgid, l_player.callsign sender, fromid, datesent, \n subject, l_message.status, l_message.team\n from l_message left join l_player on id = fromid\n where toid={$_SESSION['playerid']} order by datesent desc"); echo '<div class=checkbox>'; if (mysql_num_rows($res) == 0) { echo "<center>You don't have any message to read.</center>"; } else { echo '<script type="text/javascript"> function checkAll (form, checkallcheckbox) { for (i = 0; i < form.elements.length; i++) if (form.elements[i].type == "checkbox"){ form.elements[i].checked = checkallcheckbox.checked; } } </script>'; echo '<form name="myform" method=post>' . SID_FORM . '<table border=0 align=center cellspacing=0 cellpadding=1> <tr class=tabhead><td><input type="checkbox" name="CheckAll" value="Check All" onClick="checkAll(document.myform, document.myform.CheckAll)"</td><td>Date sent </td> <td>Subject </td><td width=5></td><td>From</td></tr>'; $checknum = 0; $rownum = 0; while ($msg = mysql_fetch_object($res)) { $cl = ++$rownum % 2 ? 'rowOdd' : 'rowEven'; echo "\n<tr class={$cl} valign=top><td>"; // Display checkbox for deleting message echo '<input class=checkbox type=checkbox name=del' . $checknum . ' value=' . $msg->msgid . '> '; $checknum++; // New messages are bold, so we prepare some stuff $bb = ''; $be = ''; switch ($msg->status) { case 'new': echo '<img src="' . THEME_DIR . 'msgnew.gif">'; $bb = '<b>'; $be = '</b>'; break; case 'read': echo '<img src="' . THEME_DIR . 'msgread.gif">'; break; case 'replied': echo '<img src="' . THEME_DIR . 'msgreplied.gif">'; break; } if ($msg->team == 'yes') { echo '<img src="' . THEME_DIR . '/team.gif">'; } echo '</td><td><font size=-2>' . $bb . $msg->datesent . $be . '</font> </td>'; if ($msg->subject == '') { $subject = 'No subject'; } else { $subject = stripslashes($msg->subject); } echo "<TD>{$bb}" . htmlLink(wordwrap($subject, 40, '<br>'), 'messages', "read={$msg->msgid}", $bb ? LINK_NEW : null) . "</a>{$be}</td><TD></td>"; if ($msg->sender == '') { // Administrative message echo '<td> <b>CTF League System</b></td></tr>'; } else { echo '<td> <a href="index.php?link=playerinfo&id=' . $msg->fromid . '&' . SID . '">' . $msg->sender . '</a></td></tr>'; } } echo '</table><br> </div> <center>' . htmlFormButton('Delete Checked', 'delbulk') . '<input type=hidden name=link value="messages"> <input type=hidden name=checknum value=' . $checknum . ' </center></form>'; } } } else { errorPage('You are not allowed to view the messages'); } }
function section_sendmessage() { require_once 'lib/common.php'; $vars = array('pid', 'tid', 'f_ok_x', 'toteam', 'reply', 'f_subject', 'f_msg', 'replying', 'repid', 'mid', 'link', 'dup'); $s_playerid = $_SESSION['playerid']; foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } if (isGuest()) { return errorPage('Not Authorized'); } if ($dup) { echo '<BR><CENTER>Duplicate mail not sent (refresh or back button detected)<BR>'; return; } if (isset($pid)) { if ($toteam == 'yes' && isset($_POST['reply_team'])) { $team = mysql_fetch_object(mysql_query("select l_team.id, name from l_team, l_player where l_player.id={$pid} and l_team.id=team")); $tid = $team->id; } else { $toteam = 'no'; $player = mysql_fetch_object(mysql_query("select callsign from l_player where id={$pid}")); } } if (isset($tid)) { $team = mysql_fetch_object(mysql_query("select name from l_team where id={$tid}")); } $error = 1; if ($f_ok_x) { $error = 0; $f_msg = stripslashes($f_msg); if ($f_msg == '') { $error = 1; echo "<div class=error>You must write something to send a message</div>"; } } if ($error) { if (isset($toteam)) { if ($toteam == 'yes') { $rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>'; } else { $rcpt = '<a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>'; } } else { if (isset($tid)) { $rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>'; } else { $rcpt = 'player <a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>'; } } if (isset($reply)) { $msg = mysql_fetch_object(mysql_query($sql = "select * from l_message where msgid={$mid}")); $message = $msg->msg; $f_subject = $msg->subject; if (substr($f_subject, 0, 3) != 'Re:') { $f_subject = 'Re: ' . $f_subject; } // Strip subject if it's too long if (strlen($f_subject) > 80) { $f_subject = substr($f_subject, 0, 80); } echo "<table border=0 align=center cellspacing=0 cellpadding=1>\n <tr class=tablehead><td>Original message:</td></tr>\n <tr class=msgquote><td>"; echo stripslashes(nl2br($message)) . '</td></tr></table><br>'; // Quote initial message $f_msg = ereg_replace("\n", ">", ereg_replace("^", ">", $message)); $f_msg = $f_msg . "\n>\n"; $action = "Replying to "; } else { $action = "Sending a message to "; } echo '<center><form method=post>' . SID_FORM . $action . $rcpt . '.<br><br> Enter your message below:<br> Subject:<input type=text maxlength=80 size=60 name=f_subject value="' . $f_subject . '"><BR> <textarea cols=50 rows=15 name=f_msg>' . stripslashes($f_msg) . '</textarea> <hr><center> <input type=hidden name=link value=' . $link . '>'; snFormInit(); echo '<TABLE><TR><TD>' . htmlFormButton('SEND', 'f_ok_x') . '</td><TD width=10></td><TD>'; if (isset($pid)) { echo htmlURLbutton('Cancel', 'playerinfo', "id={$pid}", CLRBUT); } else { echo htmlURLbutton('Cancel', 'teaminfo', "id={$tid}", CLRBUT); } echo '</td></tr></table><input type=hidden name=link value=' . $link . '>'; if (isset($reply)) { // Flag that we are replying to a message echo '<input type=hidden name=replying value=1>'; echo '<input type=hidden name=repid value=' . $mid . '>'; } if (isset($tid)) { echo '<input type=hidden name=tid value=' . $tid . '>'; } else { echo '<input type=hidden name=pid value=' . $pid . '>'; } echo '</center></form></center>'; } else { // Do send the message echo "<center>Message sent, thank you!</center>"; snCheck('sendmessage', 'dup=1'); // If replying we mark the original message as replied if (isset($replying)) { mysql_query("update l_message set status='replied' where msgid={$repid}"); } if (isset($pid)) { if ($toteam == 'yes') { // Send to a team sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes'); } else { // Send to one player sendBzMail($s_playerid, $pid, $f_subject, $f_msg); } } else { // Send to a team sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes'); } } }
function section_invite_dispForm($team, $player, $link, $days) { global $invite_durations; echo '<center><form method=post><font size=+1>Sending an invitation to ' . playerLink($player->id, $player->callsign) . ' to join your team, ' . teamLink($team->name, $team->id, false) . '</font><br>'; echo '<BR><TABLE><TR><TD><HR><p>This invitation will allow ' . playerLink($id, $player->callsign) . ' to join your team, even if it is closed.<BR>Please select when this invitation should expire: <select name=days>'; foreach ($invite_durations as $val => $text) { htmlOption($val, $text, $days); } echo '</select><p><hr><p> Enter a few words which will be attached to your invitation (mandatory):<br> <textarea cols=50 rows=6 name=f_invite>' . $f_invite . '</textarea> <center><p><TABLE align=center><TR><TD>' . htmlFormButton("Invite", 'f_ok_x') . '</td><TD width=10></td><TD>' . htmlURLbutton("Cancel", 'playerinfo', "id={$id}", CLRBUT) . '</td></tr></table>'; echo '<input type=hidden name=link value=' . $link . '> <input type=hidden name=id value=' . $player->id . '> </center></form></center> </td></tr></table>'; }
function section_links_presentForm($id) { echo '<BR><div class=feedback>'; if ($id > 0) { echo "EDITING LINK (id #{$id})"; $row = mysql_fetch_object(sqlQuery('select * from ' . TBL_LINKS . " where id={$id}")); } else { echo "ADDING NEW LINK"; $row->url = 'http://'; } $link = $_GET['link']; echo '</div><BR>'; echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>\n <input type=hidden name=link value={$link}>\n <input type=hidden name=state value=1>\n <tr><td align=right>Title:</td><TD><input type=text size=50 maxlength=80 name=title value='{$row->name}'></td></tr>\n <tr><td align=right>URL:</td><TD><input type=text size=50 maxlength=120 name=url value='{$row->url}'></td></tr>\n <tr><td align=right>Comment:</td><TD><textarea cols=70 rows=10 name=comment>{$row->comment}</textarea></td></tr>\n <tr><td align=right>Sort #:</td><TD><input type=text size=5 maxlength=4 name=ord value='{$row->ord}'></td></tr>\n <tr><td align=center colspan=2>"; htmlMiniTable(array(htmlFormButton('Submit', '', ADMBUT), $id == 0 ? '' : htmlFormButton('DELETE Link', 'del', ADMBUT), htmlURLbutton('Cancel', 'linkadmin', null, CLRBUT)), 8); echo '</td></tr></form></table>'; }