function account_register() { global $db; if (isset($_POST['submit'])) { if ($_POST['username'] == '') { $error[] = '<li>' . NO_USERNAME; } if (!check_email($_POST['email'])) { $error[] = '<li>' . WRONG_EMAIL; } if ($_POST['password1'] == '') { $error[] = '<li>' . NO_PASSWORD; } if ($_POST['password1'] != $_POST['password2']) { $error[] = '<li>' . DIFFERENT_PW; } if (strlen($_POST['password1']) < PW_MIN_LENGTH) { $error[] = '<li>' . SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1; } if ($_POST['username'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"')) { $error[] = '<li>' . ACCOUNT_ALLREADY_EXIST . ' ' . $_POST['username']; } if ($_POST['email'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_POST['email']) . '"')) { $error[] = '<li>' . EMAIL_ALLREADY_EXIST . ' ' . $_POST['email']; } if (@$_POST['sex'] != 'male' and @$_POST['sex'] != 'female') { $error[] = '<li>' . CHOOSE_SEX; } if (strtolower($_SESSION['captcha']) != strtolower($_POST['captcha'])) { $error[] = '<li>' . CAPTCHA_WRONG; } if (isset($error)) { table(ERROR, '<ul>' . implode('</li>', $error) . '</ul>'); $tpl = new smarty(); $tpl->assign('countries', form_country($_POST['country'])); ob_start(); $tpl->display(DESIGN . '/tpl/account/account_register.html'); $content = ob_get_contents(); ob_end_clean(); main_content(REGISTER, $content, '', 1); } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_user (`username`, `email`, `passwort`, `status`, `registerdate`, country) VALUES (\'%s\', \'%s\', \'%s\', %d, %d, \'%s\');', strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), sha1($_POST['password1']), SEND_ACCOUNT_CODE ? 0 : 1, time(), strsave($_POST['country'])); if ($db->query($sql)) { $userid = $db->last_id(); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_config (userID) VALUES (' . $userid . ')'); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_stats (userID) VALUES (' . $userid . ')'); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_groups (userID, gID) VALUES (' . $userid . ', 3)'); update_rank($userid); if (SEND_ACCOUNT_CODE) { // Aktivierungscode erstellen $code = get_random_string(8, 2); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_codes (userID, code, art) VALUES (' . $userid . ', "' . $code . '", "aktiv")'); // Emailaktivierungstext aus DB holen und Wert einsetzen $row = $db->fetch_assoc('SELECT content, content2, options FROM ' . DB_PRE . 'ecp_texte WHERE lang = "' . LANGUAGE . '" AND name = "REGISTER_EMAIL"'); $search = array('{username}', '{clanname}', '{pageurl}', '{aktivcode}', '{aktivlink}'); $replace = array($_POST['username'], CLAN_NAME, SITE_URL, $code, SITE_URL . '?section=account&action=open&id=' . $userid . '&key=' . $code); $row['content'] = str_replace($search, $replace, $row['content']); if (send_email($_POST['email'], $row['content2'], $row['content'], $row['options'])) { table(INFO, REGISTER_SUCCESS); } else { table(INFO, NO_EMAIL_SEND); } } else { table(INFO, REGISTER_SUCCESS2); } } } } else { $tpl = new smarty(); $tpl->assign('countries', form_country()); ob_start(); $tpl->display(DESIGN . '/tpl/account/account_register.html'); $content = ob_get_contents(); ob_end_clean(); main_content(REGISTER, $content, '', 1); } }
function update_all_ranks() { global $db; $result = $db->query('SELECT ID FROM ' . DB_PRE . 'ecp_user'); while ($row = mysql_fetch_assoc($result)) { update_rank($row['ID']); } }
break; case 'user_aktiv': if (@$_SESSION['rights']['admin']['user']['aktiv'] or @$_SESSION['rights']['superadmin']) { if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET status = 1 WHERE ID = ' . (int) $_GET['id'])) { echo 'ok'; } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } break; case 'change_rank': if (@$_SESSION['rights']['admin']['user']['change_rang'] or @$_SESSION['rights']['superadmin']) { if (isset($_POST['newrang'])) { if ((int) $_POST['newrang'] == 0) { $db->query('UPDATE ' . DB_PRE . 'ecp_user SET rID = 0 WHERE ID = ' . (int) $_GET['id']); update_rank((int) $_GET['id']); if ($db->errorNum() == 0) { echo 'ok'; } } else { if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET rID = ' . (int) $_POST['newrang'] . ' WHERE ID = ' . (int) $_GET['id'])) { echo 'ok'; } } } else { $tpl = new smarty(); $tpl->assign('id', (int) $_GET['id']); $db->query('SELECT rankname, rankID FROM ' . DB_PRE . 'ecp_ranks WHERE fest = 1 ORDER BY rankname ASC'); while ($row = $db->fetch_assoc()) { @($option .= '<option value="' . $row['rankID'] . '">' . $row['rankname'] . '</option>'); }
function forum_new_replay($bid, $id) { global $db; $thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed, a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID, a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_threads LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID) WHERE threadID = ' . $id . ' AND bID = ' . $bid); if (find_access($thread['rightsread']) and find_access($thread['parentRead']) and find_access($thread['postcom'])) { if ($thread['closed']) { table(INFO, FORUM_THREAD_CLOSED); } else { if (isset($_POST['comment'])) { if (isset($_SESSION['userID'])) { $last = (int) @$db->result(DB_PRE . 'ecp_forum_comments', 'adatum', 'userID = ' . $_SESSION['userID'] . ' AND tID = ' . $id . ' ORDER BY adatum DESC LIMIT 1'); } else { $last = (int) @$db->result(DB_PRE . 'ecp_forum_comments', 'adatum', 'IP = \'' . $_SESSION['userID'] . '\' AND tID = ' . $id . ' ORDER BY adatum DESC LIMIT 1'); if (isset($_COOKIE['lastcomment'])) { if ($last < $_COOKIE['lastcomment']) { $last = $_COOKIE['lastcomment']; } } } if ($_POST['comment'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); ob_start(); foreach ($_POST as $Key => $value) { $tpl->assign($Key, $value); } if ($thread['attachments'] and $thread['attachmaxsize']) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments']); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } $tpl->assign('quote', true); $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_REPLAY, $content, '', 1); } elseif (!isset($_SESSION['userID']) and (strtolower($_SESSION['captcha']) != strtolower($_POST['captcha']) or $_SESSION['captcha'] == '')) { table(ERROR, CAPTCHA_WRONG); $tpl = new smarty(); ob_start(); foreach ($_POST as $Key => $value) { $tpl->assign($Key, $value); } if ($thread['attachments'] and $thread['attachmaxsize']) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments']); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } $tpl->assign('quote', true); $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_REPLAY, $content, '', 1); } elseif ($last > time() - SPAM_FORUM_COMMENTS) { table(SPAM_PROTECTION, str_replace(array('{sek}', '{zeit}'), array(SPAM_FORUM_COMMENTS, $last + SPAM_FORUM_COMMENTS - time()), SPAM_PROTECTION_MSG)); $tpl = new smarty(); ob_start(); foreach ($_POST as $Key => $value) { $tpl->assign($Key, $value); } if ($thread['attachments'] and $thread['attachmaxsize']) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('quote', true); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments']); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } $tpl->assign('quote', true); $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_REPLAY, $content, '', 1); } else { if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_comments (`tID`, `boardID`, `userID`, `postname`, `adatum`, `comment`, `IP`) VALUES (%d, %d, %d, \'%s\', %d, \'%s\', \'%s\')', $id, $thread['bID'], @(int) $_SESSION['userID'], strsave(htmlspecialchars(@$_POST['username'])), time(), strsave(comment_save($_POST['comment'])), $_SERVER['REMOTE_ADDR']))) { $comid = $db->last_id(); if (isset($_SESSION['userID'])) { $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = comments + ' . $thread['commentsperpost'] . ', money = money + ' . $thread['moneyperpost'] . ' WHERE userID = ' . $_SESSION['userID']); update_rank($_SESSION['userID']); } $db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET posts = posts +1, lastpost = ' . time() . ', lastthreadID = ' . $id . ', lastpostuserID = ' . (int) @$_SESSION['userID'] . ', lastpostuser = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE boardID = ' . $thread['bID'] . ' OR boardID = ' . $thread['boardparentID']); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET posts = posts +1, lastreplay = ' . time() . ', lastuserID = ' . (int) @$_SESSION['userID'] . ', lastusername = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $id); if (find_access($thread['attachfiles'])) { if (UPLOAD_METHOD == 'old') { $maxattach = $thread['attachments']; foreach ($_FILES as $key => $value) { if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) { continue; } $mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']); if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') { $sha1 = sha1_file($_FILES[$key]['tmp_name']); if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $id, $comid))) { move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1); umask(0); chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid); } $maxattach--; } } } else { $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid)); if ($db->affekt_rows()) { $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid); } } } $db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "THREAD_ABO"'); $text = array(); while ($row = $db->fetch_assoc()) { $text[$row['lang']] = $row; } $anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $id . ' AND boardID =' . $bid); $link = SITE_URL . '?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $id . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $comid; $result = $db->query('SELECT country, username, email, threadname FROM ' . DB_PRE . 'ecp_forum_abo LEFT JOIN ' . DB_PRE . 'ecp_user ON (userID = ID) LEFT JOIN ' . DB_PRE . 'ecp_forum_threads ON (threadID = thID) WHERE userID != ' . (int) @$_SESSION['userID'] . ' AND thID = ' . $id . ' AND boID = ' . $bid); while ($row = $db->fetch_assoc()) { $search = array('{username}', '{link}', '{threadname}'); $replace = array($row['username'], $link, $row['threadname']); if (!isset($text[$row['country']])) { $row['country'] = 'de'; } send_email($row['email'], $text[$row['country']]['content2'], str_replace($search, $replace, $text[$row['country']]['content']), 0); } unset($_SESSION['forum']['attach'][$bid]); setcookie('lastcomment', time(), time() + 365 * 86400); forum_goto_last($bid, $id); } } } else { $tpl = new smarty(); ob_start(); if ($thread['attachments'] and $thread['attachmaxsize']) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments']); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'], goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_REPLAY, $content, '', 1); forum_thread($bid, $id, 'DESC', true); } } } else { table(ERROR, ACCESS_DENIED); } }
function restore_achievement($id) { if (!user_owns_achievement($id)) { //BAD return; } $achievement = fetch_achievement($id); if (!$achievement->abandoned && !$achievement->deleted) { error_log("Line #" . __LINE__ . ":" . __FUNCTION__ . "({$id}) Achievement doesn't need to be undeleted."); return; } if ($achievement->deleted) { undelete_achievement($id); } if ($achievement->abandoned) { unabandon_achievement($id); } update_rank($id, fetch_highest_rank($achievement->parent) + 1); }