$qry = db("INSERT INTO " . $db['downloads'] . "\n SET `download` = '" . up($_POST['download']) . "',\n `url` = '" . $dl . "',\n `date` = '" . (int) time() . "',\n `beschreibung` = '" . up($_POST['beschreibung'], 1) . "',\n `kat` = '" . (int) $_POST['kat'] . "'");
$show = info(_downloads_added, "?admin=dladmin");
}
} elseif ($_GET['do'] == "edit") {
$qry = db("SELECT * FROM " . $db['downloads'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$get = _fetch($qry);
$qryk = db("SELECT * FROM " . $db['dl_kat'] . "\n ORDER BY name");
while ($getk = _fetch($qryk)) {
if ($getk['id'] == $get['kat']) {
$sel = "selected=\"selected\"";
} else {
$sel = "";
}
$kats .= show(_select_field, array("value" => $getk['id'], "what" => re($getk['name']), "sel" => $sel));
}
$show = show($dir . "/form_dl", array("admin_head" => _downloads_admin_head_edit, "ddownload" => re($get['download']), "durl" => re($get['url']), "file" => $dl, "lokal" => _downloads_lokal, "exist" => _downloads_exist, "nothing" => _nothing, "nofile" => _downloads_nofile, "oder" => _or, "dbeschreibung" => re_bbcode($get['beschreibung']), "kat" => _downloads_kat, "what" => _button_value_edit, "do" => "editdl&id=" . $_GET['id'] . "", "kats" => $kats, "url" => _downloads_url, "beschreibung" => _beschreibung, "download" => _downloads_name));
} elseif ($_GET['do'] == "editdl") {
if (empty($_POST['download']) || empty($_POST['url'])) {
if (empty($_POST['download'])) {
$show = error(_downloads_empty_download, 1);
} elseif (empty($_POST['url'])) {
$show = error(_downloads_empty_url, 1);
}
} else {
if (preg_match("#^www#i", $_POST['url'])) {
$dl = links($_POST['url']);
} else {
$dl = up($_POST['url']);
}
$qry = db("UPDATE " . $db['downloads'] . "\n SET `download` = '" . up($_POST['download']) . "',\n `url` = '" . $dl . "',\n `beschreibung` = '" . up($_POST['beschreibung'], 1) . "',\n `date` = '" . (int) time() . "',\n `kat` = '" . (int) $_POST['kat'] . "'\n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(_downloads_edited, "?admin=dladmin");
$datemax = mktime(23, 59, 59, $_POST['m'], $_POST['t'], $_POST['j']);
$kontrolle = mysql_num_rows(db("SELECT * FROM " . $sql_prefix . "jokes WHERE date >= " . $date . " AND date <= " . $datemax . " AND status != 0"));
}
if ($kontrolle != 0) {
//kon
$dropdown_date = show(_dropdown_date, array("day" => dropdown("day", $_POST['t']), "month" => dropdown("month", $_POST['m']), "year" => dropdown("year", $_POST['j'])));
$do = show(_jokes_edit_link, array("id" => $_GET['id']));
$options = '<table width="200"><tr>
<td><label><input type="radio" name="status" value="0" id="status_1" ' . $checked1 . '/>' . _jokes_inaktiv . '</label></td>
</tr><tr>
<td><label><input type="radio" name="status" value="1" id="status_2" ' . $checked2 . '/>' . _jokes_nextdate . '</label></td>
</tr><tr>
<td><label><input type="radio" name="status" value="2" id="status_3" checked="checked"/>' . _jokes_thisdate . '</label></td>
</tr></table>';
$error = show("errors/errortable", array("error" => _jokes_date_forgiven));
$index = show($dir . "/form", array("head" => _joke_edit, "nautor" => _autor, "dropdown_date" => $dropdown_date, "autor" => autor($userid), "status" => _status, "options" => $options, "ntitel" => _titel, "titel" => re($_POST['titel']), "joketext" => re_bbcode($_POST['jokes']), "error" => $error, "lang" => $language, "button" => _button_value_add, "linkname" => _linkname));
//konende
} else {
$qry = db("INSERT INTO " . $sql_prefix . "jokes \n SET `uid` = '" . (int) $userid . "',\n `title` = '" . up($_POST['titel']) . "',\n `content` = '" . up($_POST['jokes'], 1) . "',\n\t\t\t\t\t\t `date` = '" . $date . "',\n `status` = '0'");
$text = show(_jokes_msg, array("title" => up($_POST['titel']), "id" => mysql_insert_id(), "content" => up($_POST['jokes'], 1), "nick" => autor($userid)));
$qry = db("SELECT s1.id FROM " . $db['users'] . " AS s1\n LEFT JOIN " . $db['permissions'] . " AS s2\n ON s1.id = s2.user\n WHERE s2.jokes = '1' OR s1.`level` LIKE '4' GROUP BY s1.`id`");
while ($get = _fetch($qry)) {
$qrys = db("INSERT INTO " . $db['msg'] . "\n SET `datum` = '" . (int) time() . "',\n `von` = '0',\n `an` = '" . (int) $get['id'] . "',\n `titel` = '" . _jokes_msg_title . "',\n `nachricht` = '" . up($text, 1) . "'");
}
$index = info(_joke_added, "?action=danke");
}
}
break;
//#####################################################################################################
//#####################################################################################################
case 'archiv':
$selected = "selected=\"selected\"";
} else {
$selected = "";
}
$users .= show(_to_users, array("id" => $get['id'], "nick" => data($get['id'], "nick"), "selected" => $selected));
}
$qry = db("SELECT id,user,buddy FROM " . $db['buddys'] . "\n\t\t\t\t\t\t\t WHERE user = "******"selected=\"selected\"";
} else {
$selected = "";
}
$buddys .= show(_to_buddys, array("id" => $get['buddy'], "nick" => data($get['buddy'], "nick"), "selected" => $selected));
}
$index = show($dir . "/new", array("von" => $userid, "an" => _to, "or" => _or, "posttitel" => re($_POST['titel']), "posteintrag" => re_bbcode($_POST['eintrag']), "postto" => $_POST['buddys'] . "" . $_POST['users'], "buddys" => $buddys, "value" => _button_value_msg, "lang" => $language, "users" => $users, "titelhead" => _titel, "titel" => _msg_titel, "nickhead" => _nick, "bbcodehead" => _bbcode, "error" => $error, "eintraghead" => _eintrag));
} else {
if ($_POST['buddys'] == "-") {
$to = $_POST['users'];
} else {
$to = $_POST['buddys'];
}
$qry = db("INSERT INTO " . $db['msg'] . "\n\t\t\t\t SET `datum` = '" . (int) time() . "',\n `von` = '" . (int) $userid . "',\n `an` = '" . (int) $to . "',\n `titel` = '" . up($_POST['titel']) . "',\n `nachricht` = '" . up($_POST['eintrag'], 1) . "',\n `see` = '1'");
$qry = db("UPDATE " . $db['userstats'] . "\n\t\t\t\t \t\t\t SET `writtenmsg` = writtenmsg+1\n\t\t\t\t\t\t \t WHERE user = "******"?action=msg");
}
} else {
$qry = db("SELECT * FROM " . $db['msg'] . "\n\t \t\t\t\t\t\t WHERE an = " . $userid . "\n AND see_u = '0'\n\t\t\t \t\t\t\t ORDER BY datum DESC");
while ($get = _fetch($qry)) {
if (_rows($qry)) {
if ($get['von'] == 0) {
$show = info(_artikel_added, "?admin=artikel");
}
} elseif ($_GET['do'] == "edit") {
$qry = db("SELECT * FROM " . $db['artikel'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$get = _fetch($qry);
$qryk = db("SELECT * FROM " . $db['newskat'] . "");
while ($getk = _fetch($qryk)) {
if ($get['kat'] == $getk['id']) {
$sel = "selected=\"selected\"";
} else {
$sel = "";
}
$kat .= show(_select_field, array("value" => $getk['id'], "sel" => $sel, "what" => re($getk['kategorie'])));
}
$do = show(_artikel_edit_link, array("id" => $_GET['id']));
$show = show($dir . "/artikel_form", array("head" => _artikel_edit, "nautor" => _autor, "autor" => autor($userid), "nkat" => _news_admin_kat, "preview" => _preview, "kat" => $kat, "do" => $do, "ntitel" => _titel, "titel" => re($get['titel']), "artikeltext" => re_bbcode($get['text']), "link1" => re($get['link1']), "link2" => re($get['link2']), "link3" => re($get['link3']), "url1" => $get['url1'], "url2" => $get['url2'], "url3" => $get['url3'], "ntext" => _eintrag, "error" => "", "lang" => $language, "button" => _button_value_edit, "linkname" => _linkname, "nurl" => _url));
} elseif ($_GET['do'] == "editartikel") {
if ($_POST) {
$qry = db("UPDATE " . $db['artikel'] . "\n SET `kat` = '" . (int) $_POST['kat'] . "',\n `titel` = '" . up($_POST['titel']) . "',\n `text` = '" . up($_POST['artikel'], 1) . "',\n `link1` = '" . up($_POST['link1']) . "',\n `link2` = '" . up($_POST['link2']) . "',\n `link3` = '" . up($_POST['link3']) . "',\n `url1` = '" . links($_POST['url1']) . "',\n `url2` = '" . links($_POST['url2']) . "',\n `url3` = '" . links($_POST['url3']) . "'\n WHERE id = '" . intval($_GET['id']) . "'");
}
$show = info(_artikel_edited, "?admin=artikel");
} elseif ($_GET['do'] == "delete") {
$qry = db("DELETE FROM " . $db['artikel'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(_artikel_deleted, "?admin=artikel");
} elseif ($_GET['do'] == 'public') {
if ($_GET['what'] == 'set') {
$upd = db("UPDATE " . $db['artikel'] . "\n SET `public` = '1',\n \t\t\t\t\t `datum` = '" . time() . "'\n WHERE id = '" . intval($_GET['id']) . "'");
} elseif ($_GET['what'] == 'unset') {
$upd = db("UPDATE " . $db['artikel'] . "\n SET `public` = '0'\n WHERE id = '" . intval($_GET['id']) . "'");
}
header("Location: ?admin=artikel");
} elseif ($_GET['do'] == "edit") {
$qry = db("SELECT * FROM " . $db['cw'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$get = _fetch($qry);
list($xonx1, $xonx2) = explode('on', $get['xonx']);
$qrym = db("SELECT * FROM " . $db['squads'] . "\n WHERE status = '1'\n ORDER BY game");
while ($gets = _fetch($qrym)) {
if ($get['squad_id'] == $gets['id']) {
$sel = "selected=\"selected\"";
} else {
$sel = "";
}
$squads .= show(_cw_edit_select_field_squads, array("id" => $gets['id'], "name" => re($gets['name']), "game" => re($gets['game']), "sel" => $sel, "icon" => $gets['icon']));
}
$dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", $get['datum'])), "month" => dropdown("month", date("m", $get['datum'])), "year" => dropdown("year", date("Y", $get['datum']))));
$dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", $get['datum'])), "minute" => dropdown("minute", date("i", $get['datum'])), "uhr" => _uhr));
$show = show($dir . "/form_cw", array("head" => _cw_admin_head_edit, "datum" => _datum, "gegner" => _cw_head_gegner, "xonx" => _cw_head_xonx, "preview" => _preview, "nothing" => _cw_nothing, "screenshot1" => _cw_new . " " . _cw_screenshot . " 1", "screenshot2" => _cw_new . " " . _cw_screenshot . " 2", "screenshot3" => _cw_new . " " . _cw_screenshot . " 3", "screenshot4" => _cw_new . " " . _cw_screenshot . " 4", "screens" => _cw_screens, "liga" => _cw_head_liga, "screen_info" => _cw_screens_info, "gametype" => _cw_head_gametype, "url" => _url, "clantag" => _cw_admin_clantag, "bericht" => _cw_bericht, "result" => _cw_head_result, "info" => _cw_admin_info, "gegnerstuff" => _cw_admin_gegnerstuff, "warstuff" => _cw_admin_warstuff, "maps" => _cw_admin_maps, "match_admins" => _cw_head_admin, "lineup" => _cw_head_lineup, "glineup" => _cw_head_glineup, "serverip" => _cw_admin_serverip, "lineup_info" => _cw_admin_lineup_info, "servername" => _server_name, "serverpwd" => _server_password, "do" => "editcw&id=" . $_GET['id'] . "", "what" => _button_value_edit, "cw_clantag" => re($get['clantag']), "cw_gegner" => re($get['gegner']), "cw_url" => $get['url'], "cw_xonx1" => $xonx1, "logo" => _cw_logo, "cw_xonx2" => $xonx2, "cw_maps" => re($get['maps']), "cw_matchadmins" => re($get['matchadmins']), "cw_lineup" => re($get['lineup']), "cw_glineup" => re($get['glineup']), "cw_servername" => re($get['servername']), "cw_serverip" => $get['serverip'], "cw_serverpwd" => re($get['serverpwd']), "cw_punkte" => $get['punkte'], "cw_gpunkte" => $get['gpunkte'], "cw_bericht" => re_bbcode($get['bericht']), "day" => date("d", $get['datum']), "dropdown_date" => $dropdown_date, "dropdown_time" => $dropdown_time, "month" => date("m", $get['datum']), "year" => date("Y", $get['datum']), "hour" => date("H", $get['datum']), "minute" => date("i", $get['datum']), "name" => _member_admin_squad, "countrys" => show_countrys($get['gcountry']), "squad_info" => _cw_admin_head_squads, "game" => _member_admin_game, "squads" => $squads, "cw_liga" => re($get['liga']), "country" => _cw_admin_head_country, "cw_gametype" => re($get['gametype'])));
} elseif ($_GET['do'] == "add") {
if (empty($_POST['gegner']) || empty($_POST['clantag']) || empty($_POST['t'])) {
if (empty($_POST['gegner'])) {
$show = error(_cw_admin_empty_gegner, 1);
} elseif (empty($_POST['clantag'])) {
$show = error(_cw_admin_empty_clantag, 1);
} elseif (empty($_POST['t'])) {
$show = error(_empty_datum, 1);
}
} else {
if (empty($_POST['xonx1']) && empty($_POST['xonx2'])) {
$xonx = "";
} else {
$xonx = "`xonx` = '" . $_POST['xonx1'] . "on" . $_POST['xonx2'] . "',";
}
$dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", $get['sticky'])), "month" => dropdown("month", date("m", $get['sticky'])), "year" => dropdown("year", date("Y", $get['sticky']))));
$dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", $get['sticky'])), "minute" => dropdown("minute", date("i", $get['sticky'])), "uhr" => _uhr));
} else {
$dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", time())), "month" => dropdown("month", date("m", time())), "year" => dropdown("year", date("Y", time()))));
$dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", time())), "minute" => dropdown("minute", date("i", time())), "uhr" => _uhr));
}
if ($get['timeshift'] != 0) {
$timeshift = 'checked="checked"';
$timeshift_date = show(_dropdown_date_ts, array("nr" => "ts", "day" => dropdown("day", date("d", $get['datum'])), "month" => dropdown("month", date("m", $get['datum'])), "year" => dropdown("year", date("Y", $get['datum']))));
$timeshift_time = show(_dropdown_time_ts, array("nr" => "ts", "hour" => dropdown("hour", date("H", $get['datum'])), "minute" => dropdown("minute", date("i", $get['datum'])), "uhr" => _uhr));
} else {
$timeshift = '';
$timeshift_date = show(_dropdown_date_ts, array("nr" => "ts", "day" => dropdown("day", date("d", time())), "month" => dropdown("month", date("m", time())), "year" => dropdown("year", date("Y", time()))));
$timeshift_time = show(_dropdown_time_ts, array("nr" => "ts", "hour" => dropdown("hour", date("H", time())), "minute" => dropdown("minute", date("i", time())), "uhr" => _uhr));
}
$show = show($dir . "/news_form", array("head" => _admin_news_edit_head, "nautor" => _autor, "autor" => autor($get['autor']), "nkat" => _news_admin_kat, "kat" => $kat, "do" => $do, "preview" => _preview, "ntitel" => _titel, "titel" => re($get['titel']), "newstext" => re_bbcode($get['text']), "morenews" => re_bbcode($get['klapptext']), "link1" => re($get['link1']), "link2" => re($get['link2']), "link3" => re($get['link3']), "url1" => $get['url1'], "url2" => $get['url2'], "url3" => $get['url3'], "klapplink" => re($get['klapplink']), "dropdown_date" => $dropdown_date, "dropdown_time" => $dropdown_time, "timeshift_date" => $timeshift_date, "timeshift_time" => $timeshift_time, "timeshift" => $timeshift, "ntext" => _eintrag, "error" => "", "button" => _button_value_edit, "lang" => $language, "nklapptitel" => _news_admin_klapptitel, "nmore" => _news_admin_more, "linkname" => _linkname, "intern" => $int, "sticky" => $sticky, "getsticky" => _news_get_sticky, "till" => _news_sticky_till, "gettimeshift" => _news_get_timeshift, "from" => _news_timeshift_from, "day" => $day, "month" => $month, "year" => $year, "hour" => $hour, "minute" => $minute, "interna" => _news_admin_intern, "nurl" => _url));
} elseif ($_GET['do'] == "editnews") {
if ($_POST) {
if ($_POST['sticky']) {
$stickytime = mktime($_POST['h'], $_POST['min'], 0, $_POST['m'], $_POST['t'], $_POST['j']);
}
if ($_POST['timeshift']) {
$timeshifttime = mktime($_POST['h_ts'], $_POST['min_ts'], 0, $_POST['m_ts'], $_POST['t_ts'], $_POST['j_ts']);
$timeshift = "`timeshift` = '1',";
$public = "`public` = '1',";
$datum = "`datum` = '" . (int) $timeshifttime . "',";
} else {
$timeshift = "";
$public = '';
$datum = '';
}
$checked = "checked=\"checked\"";
}
$qry = db("SELECT s2.*, s1.name AS katname, s1.placeholder FROM " . $db['navi_kats'] . " AS s1 LEFT JOIN " . $db['navi'] . " AS s2 ON s1.`placeholder` = s2.`kat`\n ORDER BY s1.name, s2.pos");
$thiskat = '';
while ($get = _fetch($qry)) {
if ($thiskat != $get['kat']) {
$position .= '
<option class="dropdownKat" value="lazy">' . re($get['katname']) . '</option>
<option value="' . re($get['placeholder']) . '-1">-> ' . _admin_first . '</option>
';
}
$thiskat = $get['kat'];
$sel = $get['editor'] == $_GET['id'] ? 'selected="selected"' : '';
$position .= empty($get['name']) ? '' : '<option value="' . re($get['placeholder']) . '-' . ($get['pos'] + 1) . '" ' . $sel . '>' . _nach . ' -> ' . navi_name(re($get['name'])) . '</option>';
}
$show = show($dir . "/form_editor", array("head" => _editor_edit_head, "what" => _button_value_edit, "lang" => $language, "bbcode" => _bbcode, "preview" => _preview, "error" => $error, "checked" => $checked, "pos" => _position, "ja" => _yes, "nein" => _no, "name" => _editor_linkname, "position" => $position, "n_name" => re($_POST['name']), "wichtig" => _navi_wichtig, "titel" => _titel, "e_titel" => re($_POST['titel']), "e_inhalt" => re_bbcode($_POST['inhalt']), "allow_html" => _editor_allow_html, "inhalt" => _inhalt, "do" => "editsite&id=" . $_GET['id'] . ""));
} else {
$qry = db("UPDATE " . $db['sites'] . "\n SET `titel` = '" . up($_POST['titel']) . "',\n `text` = '" . up($_POST['inhalt'], 1) . "',\n `html` = '" . (int) $_POST['html'] . "'\n WHERE id = '" . intval($_GET['id']) . "'");
if ($_POST['pos'] == "1" || "2") {
$sign = ">= ";
} else {
$sign = "> ";
}
$kat = preg_replace('/-(\\d+)/', '', $_POST['pos']);
$pos = preg_replace("=nav_(.*?)-=", "", $_POST['pos']);
$url = "../sites/?show=" . $_GET['id'] . "";
$posi = db("UPDATE " . $db['navi'] . "\n SET `pos` = pos+1\n WHERE pos " . $sign . " '" . intval($pos) . "'");
$posi = db("UPDATE " . $db['navi'] . "\n SET `pos` = '" . (int) $pos . "',\n `kat` = '" . up($kat) . "',\n `name` = '" . up($_POST['name']) . "',\n `url` = '" . up($url) . "'\n WHERE editor = '" . intval($_GET['id']) . "'");
$show = info(_site_edited, "?admin=editor");
}
} elseif ($_GET['do'] == "delete") {
if (empty($_POST['title'])) {
$show = error(_kalender_error_no_title, 1);
} elseif (empty($_POST['event'])) {
$show = error(_kalender_error_no_event, 1);
}
} else {
$time = mktime($_POST['h'], $_POST['min'], 0, $_POST['m'], $_POST['t'], $_POST['j']);
$insert = db("INSERT INTO " . $db['events'] . "\n SET `datum` = '" . (int) $time . "',\n `title` = '" . up($_POST['title']) . "',\n `event` = '" . up($_POST['event'], 1) . "'");
$show = info(_kalender_successful_added, "?admin=kalender");
}
} elseif ($_GET['do'] == "edit") {
$qry = db("SELECT * FROM " . $db['events'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$get = _fetch($qry);
$dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", $get['datum'])), "month" => dropdown("month", date("m", $get['datum'])), "year" => dropdown("year", date("Y", $get['datum']))));
$dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", $get['datum'])), "minute" => dropdown("minute", date("i", $get['datum'])), "uhr" => _uhr));
$show = show($dir . "/form_kalender", array("datum" => _datum, "event" => _kalender_event, "dropdown_time" => $dropdown_time, "dropdown_date" => $dropdown_date, "beschreibung" => _beschreibung, "what" => _button_value_edit, "do" => "editevent&id=" . $_GET['id'], "k_event" => re($get['title']), "k_beschreibung" => re_bbcode($get['event']), "head" => _kalender_admin_head_edit));
} elseif ($_GET['do'] == "editevent") {
if (empty($_POST['title']) || empty($_POST['event'])) {
if (empty($_POST['title'])) {
$show = error(_kalender_error_no_title, 1);
} elseif (empty($_POST['event'])) {
$show = error(_kalender_error_no_event, 1);
}
} else {
$time = mktime($_POST['h'], $_POST['min'], 0, $_POST['m'], $_POST['t'], $_POST['j']);
$update = db("UPDATE " . $db['events'] . "\n SET `datum` = '" . (int) $time . "',\n `title` = '" . up($_POST['title']) . "',\n `event` = '" . up($_POST['event'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(_kalender_successful_edited, "?admin=kalender");
}
} elseif ($_GET['do'] == "delete") {
$del = db("DELETE FROM " . $db['events'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(_kalender_deleted, "?admin=kalender");
$dropdown_time_ende = show(_dropdown_time_ts, array("nr" => '2', "hour" => dropdown("hour", date("H", $get['ende'])), "minute" => dropdown("minute", date("i", $get['ende'])), "uhr" => _uhr));
$qryk = db("SELECT * FROM " . $sql_prefix . "events_kat");
while ($getk = _fetch($qryk)) {
if ($get['kat'] == $getk['id']) {
$sel = "selected=\"selected\"";
} else {
$sel = "";
}
$kat .= show(_select_field, array("value" => $getk['id'], "sel" => $sel, "what" => re($getk['name'])));
}
if ($get['gmaps'] == '1') {
$checked = "checked=\"checked\"";
} else {
$checked = "";
}
$show = show($dir . "/form_event", array("datum_start" => _ev_l_start, "datum_ende" => _ev_l_ende, "event" => _kalender_event, "dropdown_time_start" => $dropdown_time_start, "dropdown_date_start" => $dropdown_date_start, "dropdown_time_ende" => $dropdown_time_ende, "dropdown_date_ende" => $dropdown_date_ende, "beschreibung" => _beschreibung, "what" => _button_value_edit, "do" => "editevent&id=" . $_GET['id'], "k_event" => re($get['name']), "k_beschreibung" => re_bbcode($get['beschreibung']), "veranstalter" => _ev_veranstalter, "k_veranstalter" => re($get['veranstalter']), "ort" => _ev_l_ort, "k_ort" => re($get['ort']), "kat" => _ev_l_kat, "k_kat" => $kat, "gmaps" => _ev_gmaps, "gmaps_info" => _ev_gmaps_info, "checked" => $checked, "autor" => _autor, "bild" => _ev_bild, "k_autor" => autor($get['autor_id']), "head" => _kalender_admin_head_edit));
} elseif ($_GET['do'] == "editevent") {
$start_time = mktime($_POST['h_1'], $_POST['min_1'], 0, $_POST['m_1'], $_POST['t_1'], $_POST['j_1']);
$ende_time = mktime($_POST['h_2'], $_POST['min_2'], 0, $_POST['m_2'], $_POST['t_2'], $_POST['j_2']);
if (empty($_POST['event'])) {
if (empty($_POST['event'])) {
$show = error(_kalender_error_no_title, 1);
}
} elseif ($start_time >= $ende_time) {
$show = error(_kalender_error_start_ende, 1);
} else {
if ($start_time != $ende_time) {
$show = error(_kalender_error_start_ende, 1);
}
$update = db("UPDATE " . $sql_prefix . "events_info\n SET `start` = '" . (int) $start_time . "',\n\t\t\t\t\t \t `ende` = '" . (int) $ende_time . "',\n\t\t\t\t\t\t `kat` = '" . (int) $_POST['kat'] . "',\n\t\t\t\t\t\t `gmaps` = '" . (int) $_POST['gmaps'] . "',\n `name` = '" . up($_POST['event']) . "',\n\t\t\t\t\t\t `ort` = '" . up($_POST['ort']) . "',\n\t\t\t\t\t\t `veranstalter` = '" . up($_POST['veranstalter']) . "',\n `beschreibung` = '" . up($_POST['beschreibung'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'");
$tmp1 = $_FILES['bild']['tmp_name'];
<?php
/////////// ADMINNAVI \\\\\\\\\
// Typ: settingsmenu
// Rechte: $chkMe == 4
///////////////////////////////
if (_adminMenu != 'true') {
exit;
}
$where = $where . ': ' . _config_impressum_head;
if ($chkMe != 4) {
$show = error(_error_wrong_permissions, 1);
} else {
$wysiwyg = '_word';
$qry = db("SELECT i_domain,i_autor FROM " . $db['settings'] . "");
$get = _fetch($qry);
$show_ = show($dir . "/form_impressum", array("idomain" => _config_impressum_domains, "domain" => re($get['i_domain']), "bbcode" => bbcode("seitenautor"), "lang" => $language, "iautor" => _config_impressum_autor, "postautor" => re_bbcode($get['i_autor'])));
$show = show($dir . "/imp", array("head" => _config_impressum_head, "what" => "impressum", "value" => _button_value_edit, "show" => $show_));
if ($_GET['do'] == "update") {
$qry = db("UPDATE " . $db['settings'] . "\n SET `i_autor` = '" . up($_POST['seitenautor'], 1) . "',\n `i_domain` = '" . up($_POST['domain']) . "'\n WHERE id = 1");
$show = info(_config_set, "?admin=impressum");
}
}
$editedby = show(_edited_by, array("autor" => autor($userid), "time" => date("d.m.Y H:i", time()) . _uhr));
$qry = db("UPDATE " . $sql_prefix . "events_comments\n SET `nick` = '" . up($_POST['nick']) . "',\n `email` = '" . up($_POST['email']) . "',\n `hp` = '" . links($_POST['hp']) . "',\n `comment` = '" . up($_POST['comment'], 1) . "',\n `editby` = '" . addslashes($editedby) . "'\n WHERE id = '" . intval($_GET['cid']) . "'");
$index = info(_comment_edited, "?action=show&w=k&id=" . $_GET['id'] . "");
} else {
$index = error(_error_edit_post, 1);
}
} elseif ($_GET['do'] == "edit") {
$qryc = db("SELECT * FROM " . $sql_prefix . "events_comments\n WHERE id = '" . intval($_GET['cid']) . "'");
$getc = _fetch($qryc);
if ($getc['reg'] == $userid || permission('editkalendar')) {
if ($getc['reg'] != 0) {
$form = show("page/editor_regged", array("nick" => autor($getc['reg']), "von" => _autor));
} else {
$form = show("page/editor_notregged", array("nickhead" => _nick, "emailhead" => _email, "hphead" => _hp, "postemail" => $getc['email'], "posthp" => links($getc['hp']), "postnick" => re($getc['nick'])));
}
$index = show("page/comments_add", array("titel" => _comments_edit, "nickhead" => _nick, "bbcodehead" => _bbcode, "emailhead" => _email, "sec" => $dir, "security" => _register_confirm, "hphead" => _hp, "b1" => $u_b1, "b2" => $u_b2, "form" => $form, "preview" => _preview, "prevurl" => '../artikel/?action=compreview&id=' . $_GET['id'], "action" => '?action=show&w=k&do=editcom&id=' . $_GET['id'] . '&cid=' . $_GET['cid'], "ip" => _iplog_info, "lang" => $language, "id" => $_GET['id'], "what" => _button_value_edit, "show" => "", "posteintrag" => re_bbcode($getc['comment']), "error" => "", "eintraghead" => _eintrag));
} else {
$index = error(_error_edit_post, 1);
}
}
//ende
//$inhalt = "Kommentar-Baustelle".$entrys."";
//#############################################################################
//############################################################################'
// # # # # # # #
} else {
$inhalt = bbcode($get['beschreibung']);
}
// # # # # # # #
$teilnehmer = db("SELECT uid FROM " . $sql_prefix . "events_user WHERE eid = '" . $get['id'] . "'");
$teilnehmer = _rows($teilnehmer);
while ($get = _fetch($qry)) {
if ($_POST['to'] == $get['id']) {
$selsq = "selected=\"selected\"";
} else {
$selsq = "";
}
$squads .= show(_to_squads, array("id" => $get['id'], "sel" => $selsq, "name" => re($get['name'])));
}
if ($_POST['to'] == "reg") {
$selr = "selected=\"selected\"";
} elseif ($_POST['to'] == "member") {
$selm = "selected=\"selected\"";
} elseif ($_POST['to'] == "leader") {
$sell = "selected=\"selected\"";
}
$show = show($dir . "/nletter", array("von" => $userid, "an" => _to, "who" => _msg_global_who, "reg" => _msg_global_reg, "selr" => $selr, "selm" => $selm, "sell" => $sell, "value" => _button_value_nletter, "lang" => $language, "preview" => _preview, "allmembers" => _msg_global_all, "all_leader" => _msg_all_leader, "leader" => _msg_leader, "squad" => _msg_global_squad, "squads" => $squads, "posteintrag" => re_bbcode($_POST['eintrag']), "titel" => _nletter_head, "nickhead" => _nick, "bbcodehead" => _bbcode, "error" => $error, "eintraghead" => _eintrag));
} else {
if ($_POST['to'] == "reg") {
$message = show(settings('eml_nletter'), array("text" => bbcode_nletter($_POST['eintrag'])));
$subject = settings('eml_nletter_subj');
$qry = db("SELECT email FROM " . $db['users'] . "\n WHERE nletter = 1");
while ($get = _fetch($qry)) {
sendMail($get['email'], $subject, $message);
}
$qry = db("UPDATE " . $db['userstats'] . "\n\t\t\t\t\t\t SET `writtenmsg` = writtenmsg+1\n\t\t\t\t\t\t WHERE user = "******"?admin=nletter");
} elseif ($_POST['to'] == "member") {
$message = show(settings('eml_nletter'), array("text" => bbcode_nletter($_POST['eintrag'])));
$subject = settings('eml_nletter_subj');
$qry = db("SELECT email FROM " . $db['users'] . "\n WHERE level >= 2");
while ($get = _fetch($qry)) {
function zitat($nick, $zitat)
{
$zitat = str_replace(chr(145), chr(39), $zitat);
$zitat = str_replace(chr(146), chr(39), $zitat);
$zitat = str_replace("'", "'", $zitat);
$zitat = str_replace(chr(147), chr(34), $zitat);
$zitat = str_replace(chr(148), chr(34), $zitat);
$zitat = str_replace(chr(10), " ", $zitat);
$zitat = str_replace(chr(13), " ", $zitat);
$zitat = preg_replace("#[\n\r]+#", "<br />", $zitat);
$zitat = '<div class="quote"><b>' . $nick . ' ' . _wrote . ':</b><br />' . re_bbcode($zitat) . '</div><br /><br /><br />';
return $zitat;
}
if (empty($_POST['link']) || empty($_POST['beschreibung']) || preg_match("#[[:punct:]]]#is", $_POST['link'])) {
if (empty($_POST['link'])) {
$show = error(_admin_error_glossar_word);
} elseif ($_POST['beschreibung']) {
$show = error(_admin_error_glossar_desc);
} elseif (preg_match("#[[:punct:]]#is", $_POST['link'])) {
$show = error(_glossar_specialchar);
}
} else {
$ins = db("INSERT INTO " . $db['glossar'] . "\n SET `word` = '" . up($_POST['link']) . "',\n `glossar` = '" . up($_POST['beschreibung'], 1) . "'");
$show = info(_admin_glossar_added, '?admin=glossar');
}
} elseif ($_GET['do'] == 'edit') {
$qry = db("SELECT * FROM " . $db['glossar'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$get = _fetch($qry);
$show = show($dir . "/form_glossar", array("head" => _admin_glossar_add, "link" => _glossar_bez, "beschreibung" => _glossar_erkl, "llink" => re($get['word']), "lbeschreibung" => re_bbcode($get['glossar']), "do" => "update&id=" . $_GET['id'], "value" => _button_value_edit));
} elseif ($_GET['do'] == 'update') {
if (empty($_POST['link']) || empty($_POST['beschreibung']) || preg_match("#[[:punct:]]]#is", $_POST['link'])) {
if (empty($_POST['link'])) {
$show = error(_admin_error_glossar_word);
} elseif ($_POST['beschreibung']) {
$show = error(_admin_error_glossar_desc);
} elseif (preg_match("#[[:punct:]]#is", $_POST['link'])) {
$show = error(_glossar_specialchar);
}
} else {
$ins = db("UPDATE " . $db['glossar'] . "\n SET `word` = '" . up($_POST['link']) . "',\n `glossar` = '" . up($_POST['beschreibung'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(_admin_glossar_edited, '?admin=glossar');
}
} elseif ($_GET['do'] == 'delete') {
$del = db("DELETE FROM " . $db['glossar'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
if ($get['reg'] == $userid && $chkMe != "unlogged" or permission('gb')) {
db("DELETE FROM " . $db['gb'] . " WHERE id = '" . intval($_GET['id']) . "'");
$index = info(_gb_delete_successful, "../gb/");
} else {
$index = error(_error_edit_post, 1);
}
} elseif ($_GET['what'] == "edit") {
$qry = db("SELECT * FROM " . $db['gb'] . " WHERE id = '" . intval($_GET['id']) . "'");
$get = _fetch($qry);
if ($get['reg'] == $userid && $chkMe != "unlogged" or permission('gb')) {
if ($get['reg'] != 0) {
$form = show("page/editor_regged", array("nick" => autor($get['reg']), "von" => _autor));
} else {
$form = show("page/editor_notregged", array("nickhead" => _nick, "emailhead" => _email, "hphead" => _hp, "postemail" => re($get['email']), "posthp" => re($get['hp']), "postnick" => re($get['nick'])));
}
$index = show($dir . "/add", array("titel" => _eintragen_titel, "nickhead" => _nick, "bbcodehead" => _bbcode, "add_head" => _gb_edit_head, "emailhead" => _email, "what" => _button_value_edit, "security" => _register_confirm, "lang" => $language, "reg" => $get['reg'], "whaturl" => "editgb&id=" . $get['id'], "hphead" => _hp, "ed" => "&edit=" . $get['id'], "preview" => _preview, "b1" => "<!--", "b2" => "-->", "id" => $get['id'], "form" => $form, "posteintrag" => re_bbcode($get['nachricht']), "ip" => _iplog_info, "error" => "", "eintraghead" => _eintrag));
} else {
$index = error(_error_edit_post, 1);
}
} elseif ($_GET['what'] == 'editgb') {
if ($_POST['reg'] == $userid || permission('gb')) {
if ($_POST['reg'] == 0) {
$addme = "`nick` = '" . up($_POST['nick']) . "',\n `email` = '" . up($_POST['email']) . "',\n `hp` = '" . links($_POST['hp']) . "',";
}
$editedby = show(_edited_by, array("autor" => autor($userid), "time" => date("d.m.Y H:i", time()) . _uhr));
$upd = db("UPDATE " . $db['gb'] . "\n SET " . $addme . "\n `nachricht` = '" . up($_POST['eintrag'], 1) . "',\n `reg` = '" . (int) $_POST['reg'] . "',\n `editby` = '" . addslashes($editedby) . "'\n WHERE id = '" . intval($_GET['id']) . "'");
$index = info(_gb_edited, "../gb/");
} else {
$index = error(_error_edit_post, 1);
}
}
$qry = db("INSERT INTO " . $sql_prefix . "quickinfo \n SET `title` = '" . up($_POST['titel']) . "',\n\t\t\t\t\t \t`more` = '" . up($_POST['more']) . "',\n `content` = '" . up($_POST['inhalt'], 1) . "'");
$show = info(_quickinfo_added, "?admin=quickinfo");
}
} elseif ($_GET['do'] == "edit") {
$qrys = db("SELECT * FROM " . $sql_prefix . "quickinfo \n WHERE id = '" . intval($_GET['id']) . "'");
$gets = _fetch($qrys);
$show = show($dir . "/form_quickinfo", array("head" => _quickinfo_edit_head, "what" => _button_value_edit, "lang" => $language, "bbcode" => _bbcode, "titel" => _titel, "e_titel" => re($gets['title']), "more" => _quickinfo_more_link, "e_more" => re($gets['more']), "e_inhalt" => re_bbcode($gets['content']), "ja" => _yes, "nein" => _no, "error" => "", "inhalt" => _inhalt, "do" => "editsite&id=" . $_GET['id'] . ""));
} elseif ($_GET['do'] == "editsite") {
if (empty($_POST['titel']) || empty($_POST['inhalt'])) {
if (empty($_POST['titel'])) {
$error = _empty_titel;
} elseif (empty($_POST['inhalt'])) {
$error = _empty_editor_inhalt;
}
$error = show("errors/errortable", array("error" => $error));
$show = show($dir . "/form_quickinfo", array("head" => _quickinfo_edit_head, "what" => _button_value_edit, "lang" => $language, "bbcode" => _bbcode, "error" => $error, "ja" => _yes, "nein" => _no, "titel" => _titel, "e_titel" => re($_POST['titel']), "more" => _quickinfo_more_link, "e_more" => re($gets['more']), "e_inhalt" => re_bbcode($_POST['inhalt']), "inhalt" => _inhalt, "do" => "editsite&id=" . $_GET['id'] . ""));
} else {
$qry = db("UPDATE " . $sql_prefix . "quickinfo \n SET `title` = '" . up($_POST['titel']) . "',\n\t\t\t\t\t `more` = '" . up($_POST['more']) . "',\n `content` = '" . up($_POST['inhalt'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(_quickinfo_edited, "?admin=quickinfo");
}
} elseif ($_GET['do'] == "delete") {
$qry = db("DELETE FROM " . $sql_prefix . "quickinfo \n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(_quickinfo_deleted, "?admin=quickinfo");
} elseif ($_GET['do'] == "status") {
$qry = db("UPDATE " . $sql_prefix . "quickinfo \n SET `status` = '" . intval($_GET['set']) . "'\n WHERE id = '" . intval($_GET['id']) . "'");
$show = info(empty($_GET['set']) ? _quickinfo_admin_status_unsetted : _quickinfo_admin_status_setted, "?admin=quickinfo");
} else {
$qry = db("SELECT * FROM " . $sql_prefix . "quickinfo ");
while ($get = _fetch($qry)) {
$class = $color % 2 ? "contentMainSecond" : "contentMainFirst";
$color++;
$gameicons .= show(_select_field, array("value" => $files[$i], "sel" => $sel, "what" => strtoupper(preg_replace("#\\.(.*?)\$#", "", $files[$i]))));
}
}
foreach ($picformat as $end) {
if (file_exists(basePath . '/inc/images/squads/' . intval($_GET['id']) . '.' . $end)) {
$image = '<img src="../inc/images/squads/' . intval($_GET['id']) . '.' . $end . '" width="200" alt="" onmouseover="DZCP.showInfo(\'<tr><td><img src=../inc/images/squads/' . intval($_GET['id']) . '.' . $end . ' alt= /></tr></td>\')" onmouseout="DZCP.hideInfo()" /><br />';
break;
}
}
foreach ($picformat as $end) {
if (file_exists(basePath . '/inc/images/squads/' . intval($_GET['id']) . '_logo.' . $end)) {
$logoimage = '<img src="../inc/images/squads/' . intval($_GET['id']) . '_logo.' . $end . '" height="60" alt="" onmouseover="DZCP.showInfo(\'<tr><td><img src=../inc/images/squads/' . intval($_GET['id']) . '_logo.' . $end . ' alt= /></tr></td>\')" onmouseout="DZCP.hideInfo()" /><br />';
break;
}
}
$show = show($dir . "/squads_edit", array("memberadminaddheader" => _member_admin_edit_header, "squad" => _member_admin_squad, "id" => intval($_GET['id']), "pos" => _position, "icon" => _member_admin_icon, "gameicons" => $gameicons, "logo" => _team_logo, "value" => _button_value_edit, "status" => _status, "aktiv" => _sq_aktiv, "inaktiv" => _sq_inaktiv, "sstatus" => _sq_sstatus, "banner" => _sq_banner, "image" => $image, "logoimage" => $logoimage, "desc" => _dl_besch, "beschreibung" => re_bbcode($get['beschreibung']), "cstatus" => $status, "first" => _admin_first, "info" => _admin_squad_show_info, "navi" => _admin_squads_nav, "upload" => _member_admin_icon_upload, "sshown" => $sshown, "nothing" => _nothing, "selr" => $roster, "selt" => $team_show, "navigation" => $navigation, "roster" => _admin_sqauds_roster, "navigation" => $navigation, "nav_info" => _admin_squads_nav_info, "no_navi" => _admin_squads_no_navi, "teams" => _admin_squads_teams, "show" => _show, "dontshow" => _dont_show, "ssquad" => re($get['name']), "sgame" => re($get['game']), "positions" => $positions, "check_show" => _button_value_show, "game" => _member_admin_game));
} elseif ($_GET['do'] == "editsquad") {
if (empty($_POST['squad'])) {
$show = error(_admin_squad_no_squad, 1);
} elseif (empty($_POST['game'])) {
$show = error(_admin_squad_no_game, 1);
} else {
$ask = db("SELECT pos FROM " . $db['squads'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
$get = _fetch($ask);
if ($_POST['position'] != $get['pos']) {
if ($_POST['position'] == 1 || $_POST['position'] == 2) {
$sign = ">= ";
} else {
$sign = "> ";
}
$posi = db("UPDATE " . $db['squads'] . "\n SET `pos` = pos+1\n WHERE pos " . $sign . " '" . intval($_POST['position']) . "'");
$email = show(_emailicon_forum, array("email" => eMailAddr($gett['t_email'])));
if (empty($gett['t_hp'])) {
$hp = "";
} else {
$hp = show(_hpicon_forum, array("hp" => $gett['t_hp']));
}
}
$nick = autor($gett['t_reg'], '', $gett['t_nick'], $gett['t_email']);
if (!empty($_GET['hl']) && $_SESSION['search_type'] == 'autor') {
if (preg_match("#" . $_GET['hl'] . "#i", $nick)) {
$ftxt['class'] = 'class="highlightSearchTarget"';
}
}
$lastpost = show($dir . "/forum_posts_show", array("nick" => $nick, "postnr" => "", "text" => $text, "status" => getrank($gett['t_reg']), "avatar" => useravatar($gett['t_reg']), "ip" => $posted_ip, "pn" => $pn, "class" => $ftxt['class'], "icq" => $icq, "hp" => $hp, "email" => $email, "edit" => "", "p" => $i + ($page - 1) * $maxfposts, "delete" => "", "edited" => $gett['edited'], "posts" => $userposts, "date" => _posted_by . date("d.m.y H:i", $gett['t_date']) . _uhr, "signatur" => $sig, "zitat" => "", "onoff" => $onoff, "top" => "", "lp" => cnt($db['f_posts'], " WHERE sid = '" . intval($_GET['id']) . "'") + 1));
}
$index = show($dir . "/post", array("titel" => _forum_new_post_head, "nickhead" => _nick, "bbcodehead" => _bbcode, "emailhead" => _email, "zitat" => $zitat, "what" => _button_value_add, "preview" => _preview, "form" => $form, "br1" => "", "br2" => "", "b1" => $u_b1, "b2" => $u_b2, "security" => _register_confirm, "lang" => $language, "lastpost" => $lastpost, "last_post" => _forum_lp_head, "dowhat" => $dowhat, "id" => $_GET['id'], "ip" => _iplog_info, "kid" => $_GET['kid'], "postemail" => $_POST['email'], "posthp" => $_POST['hp'], "postnick" => re($_POST['nick']), "posteintrag" => re_bbcode($_POST['eintrag']), "error" => $error, "eintraghead" => _eintrag));
} else {
$spam = 0;
$qrydp = db("SELECT * FROM " . $db['f_posts'] . "\n\t\t\t\t\t\t\t\t\t\t WHERE kid = '" . intval($_GET['kid']) . "'\n\t\t\t\t\t\t\t\t\t\t AND sid = '" . intval($_GET['id']) . "'\n\t\t\t\t\t\t\t\t\t\t ORDER BY date DESC\n\t\t\t\t\t\t\t\t\t\t LIMIT 1");
if (_rows($qrydp)) {
$getdp = _fetch($qrydp);
if (isset($userid)) {
if ($userid == $getdp['reg'] && $double_post == 1) {
$spam = 1;
} else {
$spam = 0;
}
} else {
if ($_POST['nick'] == $getdp['nick'] && $double_post == 1) {
$spam = 1;
} else {
