} elseif ($action == "forward") { if (strcasecmp(substr($subject, 0, 3), "FW:") != 0) { $subject = "FW: " . $subject; } } $text = "<p> </p><hr size='0' /><p><b>" . $message->FromName . "</b> to " . $message->ToName . "</p>" . $message->Text; if ($action == "reply") { $to = $names[$message->From]; $toid = $message->From; } elseif ($action == "replytoall") { $to = array(); $toid = array(); $cc = array(); $ccid = array(); foreach ($message->To as $val) { if ($val != $cms->CurrentUser()->ID) { $to[] = $names[$val]; $toid[] = $val; } } foreach ($message->CC as $val) { if ($val != $cms->CurrentUser()->ID) { $cc[] = $names[$val]; $ccid[] = $val; } } $to = implode(",", $to); $toid = implode(",", $toid); $cc = implode(",", $cc); $ccid = implode(",", $ccid); }
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control //if($core->CurrentUser()->AccessRight() < 1) $core->Goto('../../php/access.php'); if ($core->CurrentUser()->Name == "Guest") { $core->Goto('../../php/access.php'); } if ($core->CurrentUser()->AccessRight() == 0) { $action = @$_GET["action"]; if (isset($_GET["show"])) { $action = "show"; } if (isset($_GET["delete"])) { $action = "delete"; } if (isset($_GET["deletecomment"])) { $action = "user"; } if (isset($_GET["search"])) { $action = "user"; } if (empty($action)) { $action = "home"; } } else { $action = @$_GET["action"]; if (isset($_GET["show"])) { $action = "show"; }
<?php require_once '../../core/core.class.php'; $core = new Core(); $path = dirname(__FILE__) . DIRECTORY_SEPARATOR . "images"; if (!file_exists($path)) { mkdir($path); } $baseurl = "http://" . $_SERVER["SERVER_NAME"] . "/plugins/gallery/images/"; $names = $core->GetAllUserNames(); $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } if ($action == "home") { $result = $core->SQL("SELECT * FROM gallery WHERE \n" . $core->CurrentUser()->AccessRight() . ">=AccessRight AND AccessRight!=-1 \nAND AccessRight!=1 ORDER BY Date DESC"); } else { $result = $core->SQL("SELECT * FROM gallery WHERE Owner=" . $core->CurrentUser()->ID . " ORDER BY Date DESC"); } $gallery = array(); while ($row = mysql_fetch_assoc($result)) { $name = $row["Owner"] . "_" . $row["id"] . "." . $row["Extension"]; // Create thumbnail $thumb = $row["Owner"] . "_" . $row["id"] . "_thumb.jpg"; if (file_exists($path . DIRECTORY_SEPARATOR . $name)) { if (!file_exists($path . DIRECTORY_SEPARATOR . $thumb)) { if ($row["Extension"] == "gif") { $im = @imagecreatefromgif($path . DIRECTORY_SEPARATOR . $name); } elseif ($row["Extension"] == "jpg") { $im = @imagecreatefromjpeg($path . DIRECTORY_SEPARATOR . $name); } elseif ($row["Extension"] == "png") {
<?php require_once '../core/core.class.php'; $cms = new Core(); $ismoderator = $cms->CurrentUser()->HasPortalRole(User::MDYN_CEO) || $cms->CurrentUser()->HasPortalRole(User::MDYN_ForumModerator) || $cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator) || $cms->CurrentUser()->HasEVERole(User::EVE_Director) ? 1 : 0; $cms->assign("ismoderator", $ismoderator); $cms->assign("pagetitle", " | Forums"); if (isset($_GET["category"]) && is_numeric(@$_GET["category"])) { $access = $cms->CanReadCategory($_GET["category"]); if ($access == 0) { $cms->Goto("access.php"); } if ($access == 2) { $cms->Goto("forums.php?getcategorypassword="******"category"]); } $page = 0; if (isset($_GET["page"]) && is_numeric(@$_GET["page"])) { $page = $_GET["page"] - 1; } $pagecount = floor($cms->ReadForumTopicCount($_GET["category"]) / 20) + 1; if ($pagecount < 0) { $pagecount = 0; } if ($page < 0) { $page = 0; } if ($page > $pagecount - 1) { $page = $pagecount - 1; } $cat = $cms->ReadForumCategory($_GET["category"]); $topics = $cms->ReadForumTopics($_GET["category"], $page * 20);
<?php require_once '../core/core.class.php'; $cms = new Core(); if ($cms->CurrentUser()->Name == "Guest") { header("Location: access.php"); exit; } $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } $result = 0; if (isset($_GET["read"]) && is_numeric(@$_GET["read"])) { $note = $cms->ReadNotepad($_GET["read"]); $_POST["id"] = $note->ID; $_POST["title"] = $note->Title; if ($cms->IsIGB()) { $_POST["text"] = strip_tags($note->Text); } else { $_POST["text"] = $note->Text; } $action = "read"; } elseif ($action == "home") { $titles = $cms->GetNotepadTitles(); $cms->assign("titles", $titles); } elseif ($action == "newdone") { if ($_POST["submit"] == "Save") { if (empty($_POST["title"]) || empty($_POST["text"])) { $action = "new"; $result = 1;
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 3) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; $core->assign('result', 0); if (empty($action)) { $action = "home"; } if ($action == "summary") { $action = "summary"; } if (isset($_GET["delete"])) { $action = "delete"; } if (isset($_GET["result"])) { $core->assign('result', $_GET["result"]); } if ($action == "home") { $names = $core->GetAllUserNames(); $names[0] = "-"; $result = $core->SQL("SELECT t1.id,t1.Notes,t1.Owner,t1.Date,t1.Priority,t1.Count,t1.IsAlly,t2.Price,t2.AlliancePrice,t1.Manager,t1.Status,t2.EveGraphicID,t2.GroupName,t2.Race,t2.Name FROM production_orders AS t1 INNER JOIN production_items AS t2 ON t1.Item=t2.id WHERE t1.IsDeleted=0 ORDER BY t1.Priority DESC, t1.Date ASC"); $orders = array(); $total = 0; while ($row = mysql_fetch_assoc($result)) { $price = $row["IsAlly"] ? $row["AlliancePrice"] : $row["Price"]; $orders[] = array("ID" => $row["id"], "Priority" => PriorityName($row["Priority"]), "Notes" => $core->SQLUnEscape($row["Notes"]), "Owner" => $names[$row["Owner"]], "IsAlly" => $row["IsAlly"], "Manager" => $names[$row["Manager"]], "Status" => StatusName($row["Status"]), "EveGraphicID" => $row["EveGraphicID"], "GroupName" => $core->SQLUnEscape($row["GroupName"]), "Race" => $core->SQLUnEscape($row["Race"]), "Name" => $core->SQLUnEscape($row["Name"]), "Count" => $row["Count"], "Price" => number_format($price, 0), "Cost" => number_format($row["Count"] * $price, 0), "Date" => $core->GMTToLocal($row["Date"]));
$cms = new Core(); if ($cms->IsIGB()) { // Calendar $calendar = $cms->ReadCalendar(); $cms->assign("calendar", $calendar); // Corp news $news = $cms->ReadNews(); $cms->assign("news", $news); } else { // Save shout if (isset($_GET["shout"])) { $cms->SaveShout($_GET["shout"]); $cms->Goto("home.php"); } // Current user $user = $cms->CurrentUser(); // Welcome message $article = $cms->ReadArticle(1); $cms->assign("welcome", $article); // Calendar $calendar = $cms->ReadCalendar(); $cms->assign("calendar", $calendar); // Corp news $news = $cms->ReadNews(); $cms->assign("news", $news); $shortnews = ""; for ($i = 0; $i < min(count($news), 5); $i++) { $feed = $news[$i]; $shortnews .= "<p><a href=\"news.php#item" . $feed->ID . "\">" . $feed->Title . "</a><br />" . substr(strip_tags($feed->Text), 0, 140) . "...</p>"; } $cms->assign("shortnews", $shortnews);
<?php // Create the core object require_once '../../core/core.class.php'; $core = new Core(); // Parses user agent string require_once 'browser.php'; //Access control // $core->CurrentUser() returns the currently logged in user as a "User" object // AccessRight() is a method of the User object that returns: 0 for guests, 1 for registered guests, 2 for corp members, 3 for managers and 4 for directors // Here we check to see if the current user is a registered guest (A registered guest is a registered user but not a corp member) // If we fail the check, the user will be redirected to an error page. // Goto($url) is a method of the core object which is a shorthand for { header("Location: $url); exit; } if ($core->CurrentUser()->AccessRight() < 1) { $core->Goto('../../php/access.php'); } // User name $username = $core->CurrentUser()->Name; // Browser string $browser = @$_SERVER["HTTP_USER_AGENT"]; if (empty($browser)) { $browser = "Unknown"; } // Save username and browser string in our database // SQL($query) is a method of the Core object that runs a SQL query on the plugin database // SQLEscape($string) is also a Core method that is a shorthand for mysql_real_escape_string($string) $core->SQL("INSERT INTO `browserstats` (`User`, `Browser`) VALUES ('" . $core->SQLEscape($username) . "', '" . $core->SQLEscape($browser) . "') ON DUPLICATE KEY UPDATE `Browser`='" . $core->SQLEscape($browser) . "'"); // Read the database $result = $core->SQL("SELECT * FROM `browserstats`"); $browserstats = array(); while ($row = mysql_fetch_assoc($result)) {
<?php require_once '../../core/core.class.php'; $cms = new Core(); // Headers header('Content-Type: text/xml'); echo "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>"; // We don't like guests here if ($cms->CurrentUser()->IsGuest) { echo "<response>"; echo "<error>Could not connect to the API server.</error>"; echo "<training>0</training>"; echo "<secondsleft></secondsleft>"; echo "<skillname></skillname>"; echo "<tolevel></tolevel>"; echo "<endtime></endtime>"; echo "<cacheduntil></cacheduntil>"; echo "</response>"; exit; } echo "<response>"; $result = GetSkillInTraining(); if ($result[0] == -1) { echo "<error>Could not connect to the API server.</error>"; echo "<training>0</training>"; echo "<secondsleft></secondsleft>"; echo "<skillname></skillname>"; echo "<tolevel></tolevel>"; echo "<endtime></endtime>"; echo "<cacheduntil></cacheduntil>"; } elseif ($result[0] == -2) {
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 3) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } if (isset($_GET["delete"])) { $action = "delete"; } if (isset($_GET["edit"])) { $action = "edit"; } if ($action == "home" || $action == "homeships" || $action == "homerigs") { $itemids = array(); // Read ship prices if ($action == "homeships" || $action == "home") { $result = $core->SQL("SELECT * FROM production_items WHERE Type=0 ORDER BY GroupName ASC, Race ASC, `Name` ASC"); $dbprices = array(); while ($row = mysql_fetch_assoc($result)) { $dbprices[] = array("ID" => $row["id"], "EveTypeID" => $row["EveTypeID"], "EveGraphicID" => $row["EveGraphicID"], "GroupName" => $core->SQLUnEscape($row["GroupName"]), "Race" => $core->SQLUnEscape($row["Race"]), "Name" => $core->SQLUnEscape($row["Name"]), "Price" => number_format($row["Price"], 0), "AlliancePrice" => number_format($row["AlliancePrice"], 0)); $itemids[] = $row["EveTypeID"]; } mysql_free_result($result); $core->assign("shipprices", $dbprices); }
<?php require_once '../core/core.class.php'; $cms = new Core(); $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } $result = 0; $isadmin = $cms->CurrentUser()->HasPortalRole(User::MDYN_CEO) || $cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator) || $cms->CurrentUser()->HasEVERole(User::EVE_Director) ? 1 : 0; $cms->assign("isadmin", $isadmin); if ($cms->CurrentUser()->HasPortalRole(User::MDYN_CanSubmitCalendar) || $cms->CurrentUser()->AccessRight() >= 3) { $cms->assign("canpost", true); } // All corp members can post if ($cms->CurrentUser()->AccessRight() >= 2) { $cms->assign("canpost", true); } if (isset($_GET["view"])) { // List all calendar entries $allcalendar = $cms->ReadCalendarAll(); $calendar = array(); foreach ($allcalendar as $item) { if (date("Ymd", strtotime($item->Date)) == $_GET["view"]) { $calendar[] = $item; } } $cms->assign("view", date("Y-m-d", strtotime($_GET["view"]))); $cms->assign("calendar", $calendar); $action = "view"; } elseif (isset($_GET["read"]) && is_numeric(@$_GET["read"])) {
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 4) { $core->Goto('../../php/access.php'); } // Variable of Current User & Misc $portalid = $_GET["portalid"]; $templatepost = $_POST["template"]; $template = $_GET["template"]; $return = $_GET["return"]; $action = @$_GET["action"]; // Data Verification Checks and redirects if (empty($action)) { $action = "home"; } if ($portalid == "" || empty($portalid) || $portalid < 0 || $core->CharacterIDExists($portalid) == "FALSE") { $portalid = $core->CurrentUser()->ID; } if ($template == "" || empty($template) || $template < 0) { $template = 0; } if ($templatepost == "" || empty($templatepost) || $templatepost < 0) { $templatepost = 0; } if ($return == "" || empty($return) || $return < 0) { $return = 0; } if ($action == "home") {
<?php require_once '../core/core.class.php'; $cms = new Core(); if ($cms->CurrentUser()->Name == "Guest") { header("Location: access.php"); exit; } $action = @$_GET["action"]; $result = 0; if (isset($_GET["user"]) && is_numeric(@$_GET["user"])) { $cms->assign('showuser', $cms->GetUserFromID($_GET["user"])); $cms->assign('posts', $cms->ForumRepliesByAuthor($_GET["user"])); $_GET["action"] = "user"; } elseif ($action == "editdone") { if ($_POST["submit"] == "Save") { $cms->EditUserInfo($_POST["timezone"], $_POST["email"], $_POST["im"], $_POST["dob_Year"] . "-" . $_POST["dob_Month"] . "-" . $_POST["dob_Day"], $_POST["location"]); if (!empty($_POST["apiuserid"]) && !empty($_POST["apikey"])) { $cms->EditUserAPIInfo($_POST["apiuserid"], $_POST["apikey"]); } $settings = 0; if (@$_POST["showgamenews"] == "on") { $settings = $settings | User::ShowGameNews; } if (@$_POST["showdevblogs"] == "on") { $settings = $settings | User::ShowDevBlogs; } if (@$_POST["showrpnews"] == "on") { $settings = $settings | User::ShowRPNews; } if (@$_POST["showtqstatus"] == "on") {
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 2) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if (isset($_GET["edit"]) || isset($_GET["view"])) { if (isset($_GET["edit"])) { $id = $_GET["edit"]; $action = "edit"; } else { $id = $_GET["view"]; $action = "view"; } $result = $core->SQL("SELECT * FROM operations_submissions WHERE id=" . $id . " LIMIT 1"); $row = mysql_fetch_assoc($result); $canedit = $row["Leader"] == $core->CurrentUser()->ID || in_array($core->CurrentUser()->ID, explode(",", $row["Players"])); // Op Status // 0 - New // 1 - Resubmitted // 2 - Canceled // 3 - Rejected // 4 - Paid if ($row["Status"] == 4) { $canedit = false; } if ($core->IsIGB()) { $canedit = false;
<?php require_once '../core/core.class.php'; $cms = new Core(); if (isset($_GET["delete"]) && is_numeric(@$_GET["delete"]) && $cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator)) { $cms->CoreSQL("DELETE FROM feedback WHERE id=" . $_GET["delete"] . " LIMIT 1"); $cms->Goto("feedback.php"); } elseif ($cms->CurrentUser()->HasPortalRole(User::MDYN_Administrator)) { $feedbacks = array(); $result = $cms->CoreSQL("SELECT * FROM feedback"); while ($row = mysql_fetch_assoc($result)) { $feedbacks[] = array($cms->SQLUnEscape($row["Name"]), $cms->SQLUnEscape($row["EMail"]), $cms->SQLUnEscape($row["APIUserID"]), $cms->SQLUnEscape($row["APIKey"]), $cms->SQLUnEscape($row["Notes"]), $row["id"], $cms->GMTToLocal($row["Date"])); } $cms->assign("feedbacks", $feedbacks); } elseif (@$_GET["result"] == "1") { $cms->assign("result", 1); } elseif (@$_POST["submit"] == "Submit") { $query = "INSERT INTO feedback (Date,Name,Email,APIUserID,APIKey,Notes) VALUES ("; $query .= "'" . $cms->GMTTime() . "',"; $query .= "'" . $cms->SQLEscape($_POST["name"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["email"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["apiuserid"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["apikey"]) . "',"; $query .= "'" . $cms->SQLEscape($_POST["notes"]) . "')"; $cms->CoreSQL($query); $cms->Goto("feedback.php?result=1"); } $cms->display('feedback.tpl');
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 4) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if ($action == "payout") { $names = $core->GetAllUserNames(); $opids = array(); foreach ($_POST as $key => $value) { if (substr($key, 0, 2) == "op" && $value == "on") { $opids[] = substr($key, 2); } } if ($_POST["submit"] == "Reject") { // Reject selected ops $core->SQL("UPDATE operations_submissions SET Status=3, RejectReason='" . $core->SQLEscape($_POST["reject"]) . "' WHERE FIND_IN_SET(id, '" . implode(",", $opids) . "')"); // Send messages to op leaders $result = $core->SQL("SELECT id, OpDate, Leader FROM operations_submissions WHERE FIND_IN_SET(id, '" . implode(",", $opids) . "')"); while ($row = mysql_fetch_assoc($result)) { $id = $row["id"]; $date = date("Y-m-d", strtotime($row["OpDate"])); $leader = $row["Leader"]; $text = "<p>Following operation submitted by you was rejected by " . $core->CurrentUser()->Name . ".</p>"; $text .= "<p><a href='../plugins/payoutview/index.php?view=" . $id . "'>View Rejected Operation</a></p>"; $text .= "<p><b>REASON:</b><br />" . $_POST["reject"] . "</p>"; $core->SendMail($date . " Operation Rejected", $text, $leader); }
$action = "home"; } $result = 0; if (isset($_GET["read"]) && is_numeric(@$_GET["read"])) { $note = $cms->ReadArticle($_GET["read"]); $_POST["id"] = $note->ID; $_POST["title"] = $note->Title; $_POST["text"] = $note->Text; $_POST["readaccess"] = $note->ReadAccess; $_POST["writeaccess"] = $note->WriteAccess; $cms->assign("articleid", $note->ID); $cms->assign("authorid", $note->Author); $cms->assign("author", $note->AuthorName); $cms->assign("signature", $note->AuthorSignature); $cms->assign("date", $note->Date); $cms->assign("editid", $note->WriteAccess <= $cms->CurrentUser()->AccessRight() || $note->Author == $cms->CurrentUser()->ID ? $note->ID : 0); $cms->assign("isadmin", $note->Author != $cms->CurrentUser()->ID ? 1 : 0); $cms->assign("comments", $note->Comments); $action = "read"; } elseif (isset($_GET["edit"]) && is_numeric(@$_GET["edit"])) { $note = $cms->ReadArticle($_GET["edit"]); $_POST["id"] = $note->ID; $_POST["title"] = $note->Title; $_POST["text"] = $note->Text; $_POST["readaccess"] = $note->ReadAccess; $_POST["writeaccess"] = $note->WriteAccess; $action = "edit"; } elseif (isset($_GET["deletecomment"]) && is_numeric(@$_GET["deletecomment"])) { $article = $_GET["article"]; $id = $_GET["deletecomment"]; $cms->DeleteArticleComment($id);
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 2) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } $names = $core->GetAllUserNames(); $core->assign("names", $names); if ($action == "times" || @$_POST["submit"] == "Add Player" || substr(@$_POST["submit"], 0, 13) == "Remove Player") { $result = $core->SQL("SELECT Distinct `GroupID` FROM `operations_items` Order By `GroupID`"); while ($row = mysql_fetch_assoc($result)) { $var = "group" . $row['GroupID']; $core->assign($var, @$_POST[$var]); $groupnumber[$row['GroupID']] = @$_POST["group" . $row['GroupID']]; } $core->assign("groupnumber", $groupnumber); $opdate = @$_POST["opdate"]; if (empty($opdate)) { $opdate = gmdate("Y-m-d"); } $core->assign("opdate", $opdate); $count = @$_POST["count"]; $players = array(); if (empty($count)) { $count = 0;
<?php require_once '../../core/core.class.php'; $core = new Core(); //Access control if ($core->CurrentUser()->AccessRight() < 1) { $core->Goto('../../php/access.php'); } $action = @$_GET["action"]; if (empty($action)) { $action = "home"; } if (isset($_GET["cancel"])) { $action = "cancel"; } if (isset($_GET["resubmit"])) { $action = "resubmit"; } if ($action == "home") { $names = $core->GetAllUserNames(); $names[0] = "-"; if ($core->CurrentUser()->IsAlly) { $result = $core->SQL("SELECT t1.id,t1.Date,t1.Count,t2.AlliancePrice AS Price,t1.Manager,t1.Status,t2.EveGraphicID,t2.GroupName,t2.Race,t2.Name FROM production_orders AS t1 INNER JOIN production_items AS t2 ON t1.Item=t2.id WHERE t1.Owner=" . $core->CurrentUser()->ID . " AND t1.IsDeleted=0 AND t1.Item!=0 AND t2.AlliancePrice!=0 ORDER BY t1.Date DESC LIMIT 50"); } else { $result = $core->SQL("SELECT t1.id,t1.Date,t1.Count,t2.Price,t1.Manager,t1.Status,t2.EveGraphicID,t2.GroupName,t2.Race,t2.Name FROM production_orders AS t1 INNER JOIN production_items AS t2 ON t1.Item=t2.id WHERE t1.Owner=" . $core->CurrentUser()->ID . " AND t1.IsDeleted=0 AND t1.Item!=0 ORDER BY t1.Date DESC LIMIT 50"); } $orders = array(); while ($row = mysql_fetch_assoc($result)) { $orders[] = array("ID" => $row["id"], "Cost" => number_format($row["Count"] * $row["Price"], 0), "Manager" => $names[$row["Manager"]], "Status" => StatusName($row["Status"]), "StatusID" => $row["Status"], "Price" => $row["Price"], "EveGraphicID" => $row["EveGraphicID"], "GroupName" => $core->SQLUnEscape($row["GroupName"]), "Race" => $core->SQLUnEscape($row["Race"]), "Name" => $core->SQLUnEscape($row["Name"]), "Count" => $row["Count"], "Date" => $core->GMTToLocal($row["Date"])); } mysql_free_result($result);