function cleantext ($text, $hsc=0) { $text = my_nl2br(stripslashes($text)); $text = str_replace("§"," ",$text); $text = trim($text); if($hsc == 1) $text = htmlspecialchars($text); return $text; }
?> nowrap><font color="<?php echo $table_body_font_color_1; ?> "> <?php echo $lSignature; ?> : </font></td> <td <?php echo bgcolor($table_body_color_1); ?> ><font color="<?php echo $table_body_font_color_1; ?> "><?php echo my_nl2br(htmlspecialchars($rec["signature"])); ?> </font></td> </tr> <?php } ?> </table> </td> </tr> </table> </td> </tr> </table> <?php }
$HeroName = ""; $heroid = ""; $desc = ""; $stats = ""; $skills = ""; $type = 0; } if (isset($_POST["edit_hero"])) { $HeroName = EscapeStr($_POST["hero_name"]); $heroid = EscapeStr($_POST["heroid"]); $desc = my_nl2br(trim($_POST["desc"])); $desc = str_replace(array("Š", "š"), array("Š", "š"), $desc); $type = (int) $_POST["type"]; $stats = my_nl2br(removeDoubleSpaces(trim($_POST["stats"]))); $stats = str_replace(array("Š", "š"), array("Š", "š"), $stats); $skills = my_nl2br(removeDoubleSpaces(trim($_POST["skills"]))); $skills = str_replace(array("Š", "š"), array("Š", "š"), $skills); if ($heroid != "" and strlen($HeroName) >= 2) { if (isset($_GET["edit"])) { $update = $db->update(OSDB_HEROES, array("description" => $HeroName, "summary" => $desc, "stats" => $stats, "skills" => $skills, "type" => $type), "heroid = '" . $edit . "' "); OS_AddLog($_SESSION["username"], "[os_heroes] EDITED HERO ( {$edit}, {$HeroName} )"); } else { $hid = str_replace(".gif", "", $heroid); $check = $db->prepare("SELECT * FROM " . OSDB_HEROES . " WHERE heroid = '" . $hid . "' "); $result = $check->execute(); if ($check->rowCount() >= 1) { ?> <h2>Hero already exists</h2><?php } else { //INSERT $db->insert(OSDB_HEROES, array("heroid" => $hid, "original" => $hid, "description" => $HeroName, "summary" => $desc, "stats" => $stats, "skills" => $skills, "type" => $type));
} if (strlen($id) == 3) { $id = "0000" . $id; } if (strlen($id) == 4) { $id = "000" . $id; } if (strlen($id) == 5) { $id = "00" . $id; } if (strlen($id) == 6) { $id = "0" . $id; } } else { $id = 1; } $_POST['name'] = cleantext($_POST['name'], 1); $_POST['email'] = cleantext($_POST['email'], 1); $_POST['comment'] = cleantext($_POST['comment']); $datum = time(); $nl = chr(13) . chr(10); $fp = fopen($cf, "a"); flock($fp, 2); fwrite($fp, my_nl2br(implode(array($id, $_POST['commentid'], $_POST['comment'], $_POST['name'], $_POST['email'], $datum), "§")) . $nl); flock($fp, 3); fclose($fp); echo '<br /><br /><br /><div align="center">Dein Kommentar wurde erfolgreich eingetragen. Du wirst in 3 Sekunden weitergeleitet.<br /><a href="' . $_POST['backurl'] . '">Wenn Du nicht länger warten willst, klicke hier</a>.</div>'; echo '<meta http-equiv="refresh" content="3; URL=' . $_POST['backurl'] . '">'; } } #########################################
$item_info = ""; $price = ""; $type = ""; $icon = "AbyssalBlade.gif"; $itemID = ""; if (isset($_GET["edit"]) or isset($_GET["add"])) { if (isset($_GET["edit"])) { $edit = safeEscape($_GET["edit"]); } else { $edit = ""; } if (isset($_POST["edit_item"])) { $icon = safeEscape($_POST["icon"]); $name = convEnt2($_POST["name"]); $shortname = convEnt2($_POST["shortname"]); $item_info = my_nl2br(convEnt2(trim($_POST["item_info"]))); $item_info = str_replace(array("Š", "š"), array("Š", "š"), $item_info); $price = EscapeStr($_POST["price"]); $type = EscapeStr($_POST["type"]); $icon = EscapeStr($_POST["icon"]); if (strlen($name) >= 2 and strlen($shortname) >= 2) { if (isset($_GET["edit"])) { $upd = 1; $update = $db->update(OSDB_ITEMS, array("name" => $name, "shortname" => $shortname, "item_info" => $item_info, "price" => $price, "type" => $type, "icon" => $icon), "itemid = '" . $edit . "' "); if ($upd) { ?> <h2>Item successfully updated</h2><?php OS_AddLog($_SESSION["username"], "[os_items] EDITED ITEM ( {$name}, {$edit} )"); } } else { if (isset($_GET["add"])) {
<?php if (!isset($website)) { header('HTTP/1.1 404 Not Found'); die; } $BanAppeal = ""; $MenuClass["bans"] = "active"; if (isset($_POST["submit_appeal"])) { $player = safeEscape(trim($_SESSION["bnet_username"])); $subject = safeEscape(trim($_POST["subject"])); $reason = safeEscape(trim($_POST["message"])); $reason = my_nl2br(trim($_POST["message"])); $reason = nl2br($reason); $reason = EscapeStr($reason); $game_url = EscapeStr(trim($_POST["game_url"])); $replay_url = EscapeStr(trim($_POST["replay_url"])); $errors = ""; if (strlen($player) <= 2) { $errors .= "<div>" . $lang["error_report_player"] . "</div>"; } if (strlen($reason) <= 3) { $errors .= "<div>" . $lang["error_report_reason"] . "</div>"; } if (!is_logged()) { $errors = "<div>" . $lang["error_report_login"] . "</div>"; } if (isset($_SESSION["last_report"]) and $_SESSION["last_report"] + $BanReportTime > time()) { $TimeLeft = time() - $_SESSION["last_report"]; $errors = "<div>" . $lang["error_report_time2"] . " " . ($BanReportTime - $TimeLeft) . " " . $lang["error_sec"] . " </div>"; }
?> <div align="center"> <h2>Post successfully deleted. <a href="<?php echo $website; ?> adm/?posts">« Back</a></h2> </div> <?php } //ADD / EDIT POST if (isset($_GET["add"]) or isset($_GET["edit"]) and is_numeric($_GET["edit"])) { if (isset($_POST["add_post"])) { $title = EscapeStr($_POST["post_title"]); $status = EscapeStr((int) $_POST["status"]); $allow_comments = EscapeStr((int) $_POST["allow_comments"]); $text = my_nl2br(convEnt2(trim($_POST["post_text"]))); $text = str_replace(array("Š", "š"), array("Š", "š"), $text); $errors = ""; $time = time(); $author = EscapeStr((int) $_POST["author"]); if (strlen($title) <= 3) { $errors .= "<div>Field Title does not have enough characters</div>"; } if (strlen($text) <= 5) { $errors .= "<div>Field Text does not have enough characters</div>"; } if (empty($errors)) { if (isset($_GET["add"])) { $ins = 1; $insert = $db->prepare("INSERT INTO " . OSDB_NEWS . "(news_title, news_content, news_date, status, allow_comments, author)\n\t\tVALUES('" . $title . "', '" . $text . "', '" . $time . "', '" . $status . "', '" . $allow_comments . "', '" . $author . "') "); $result = $insert->execute();
// chmod 777! if ($_FILES['file']['size'] > $maxsize) { echo 'Die Datei ' . $_FILES['file']['name'] . ' ist zu gross! <br /><br />'; drawfooter($version); exit; } if (move_uploaded_file($_FILES['file']['tmp_name'], $dir . $_FILES['file']['name'])) { echo $_FILES['file']['name'] . ' wurde hochgeladen!<br />'; $upflname = $_FILES['file']['name']; } else { echo 'Fehler! Die Datei konnte nicht hochgeladen werden!<br /><br />'; drawfooter($version); exit; } /* ------------ */ } else { $upflname = ''; } $nl = chr(13) . chr(10); $fp = fopen($catfile, "a"); flock($fp, 2); fwrite($fp, my_nl2br(implode(array($id, $_POST['name'], $upflname, '', ''), '§')) . $nl); flock($fp, 3); fclose($fp); echo 'Kategorie erfolgreich hinzugefügt!<br /><br />'; } } ######################################### /* Seitenende */ echo '<br /><br />'; drawfooter($version);
$id = '0' . $id; } } else { $id = 1; } $_POST['user'] = cleantext($_POST['user']); $_POST['pwd'] = crypt($_POST['pwd'], 'lala'); $nl = chr(13) . chr(10); $fp = fopen($datafile, "w+"); flock($fp, 2); fwrite($fp, '<?php' . $nl); fwrite($fp, '/*' . $nl); for ($i = 2; $i < $zeilen - 2; $i++) { fwrite($fp, $zeile[$i]); } fwrite($fp, my_nl2br(implode(array($_POST['user'], $_POST['level'], $_POST['pwd'], $id, ''), '§')) . $nl); fwrite($fp, '*/' . $nl); fwrite($fp, '?>'); flock($fp, 3); fclose($fp); echo '<br /> User erfolgreich hinzugefügt!<br /> Hier nochmal die Daten:<br /> Login-name: <b>' . $_POST['user'] . '</b><br /> Passwort(verschlüsselt): <b>' . $_POST['pwd'] . '</b><br /> Level: <b>' . $_POST['level'] . '</b>'; } ######################################################### echo '</td> </tr> </table>';