Exemplo n.º 1
0
function admin_cms_edit($id)
{
    global $db;
    ob_end_clean();
    $db->setMode(0);
    ajax_convert_array($_POST);
    if (@$_SESSION['rights']['admin']['cms']['edit'] or @$_SESSION['rights']['superadmin']) {
        $lang = array();
        foreach ($_POST as $key => $value) {
            if (strpos($key, 'cription_')) {
                $lang[substr($key, strpos($key, '_') + 1)] = $value;
            }
        }
        $head = array();
        foreach ($_POST as $key => $value) {
            if (strpos($key, 'eadline_')) {
                $head[substr($key, strpos($key, '_') + 1)] = $value;
            }
        }
        if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_cms SET `headline` = \'%s\', `content` = \'%s\', `access` = \'%s\' WHERE cmsID = %d', strsave(json_encode($head)), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id))) {
            echo 'ok';
        }
    } else {
        echo html_ajax_convert(NO_ADMIN_RIGHTS);
    }
    die;
}
Exemplo n.º 2
0
function shoutbox_add()
{
    global $db;
    if (isset($_GET['ajax'])) {
        $db->setMode(0);
        ob_end_clean();
        ajax_convert_array($_POST);
    }
    $last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="shoutbox" AND (IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\' OR (userID != 0 AND userID = ' . @(int) $_SESSION['userID'] . '))');
    if (!@$_SESSION['userID'] and $_POST['shout_username'] == '' and $_POST['shout_captcha'] == '' and $_POST['shoutbox_msgbox'] == '') {
        if (isset($_GET['ajax'])) {
            echo html_ajax_convert(NOT_NEED_ALL_INPUTS);
        } else {
            table(ERROR, NOT_NEED_ALL_INPUTS);
        }
    } elseif (!@$_SESSION['userID'] and strtolower($_POST['shout_captcha']) != strtolower($_SESSION['captcha_mini'])) {
        if (isset($_GET['ajax'])) {
            echo html_ajax_convert(CAPTCHA_WRONG);
        } else {
            table(ERROR, CAPTCHA_WRONG);
        }
    } elseif (@$_SESSION['userID'] and $_POST['shoutbox_msgbox'] == '') {
        if (isset($_GET['ajax'])) {
            echo html_ajax_convert(NOT_NEED_ALL_INPUTS);
        } else {
            table(ERROR, NOT_NEED_ALL_INPUTS);
        }
    } elseif ($last > time() - SPAM_SHOUTBOX or @(int) $_COOKIE['shoutbox'] > time() - SPAM_SHOUTBOX) {
        $last > time() - SPAM_SHOUTBOX ? $zeit = SPAM_SHOUTBOX + $last - time() : ($zeit = SPAM_SHOUTBOX + $_COOKIE['shoutbox'] - time());
        if (isset($_GET['ajax'])) {
            echo html_ajax_convert(str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG));
        } else {
            table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG));
        }
    } else {
        $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `userID`, `author`, `beitrag`, `datum`, `IP`) VALUES (\'shoutbox\', %d, \'%s\', \'%s\', %d, \'%s\')', @$_SESSION['userID'], strsave(htmlspecialchars(@$_POST['shout_username'])), strsave(htmlspecialchars(substr($_POST['shoutbox_msgbox'], 0, SHOUTBOX_MAX_CHARS))), time(), strsave($_SERVER['REMOTE_ADDR']));
        if ($db->query($sql)) {
            setcookie('shoutbox', time(), time() + 365 * 86400);
            if (isset($_GET['ajax'])) {
                echo 'ok';
            } else {
                if ($_SERVER['HTTP_REFERER'] != '') {
                    header('Location: ' . $_SERVER['HTTP_REFERER'] . '#com_' . $db->last_id());
                } else {
                    header1('?section=news#com_' . $db->last_id());
                }
            }
        }
    }
    if (isset($_GET['ajax'])) {
        die;
    }
}
Exemplo n.º 3
0
function admin_topics_edit($id)
{
    global $db;
    ob_end_clean();
    $db->setMode(0);
    ajax_convert_array($_POST);
    if (@$_SESSION['rights']['admin']['topics']['edit'] or @$_SESSION['rights']['superadmin']) {
        if ($_POST['topicname'] == '' or !$_POST['topicbild']) {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_topics SET `topicname` = \'%s\', `beschreibung` = \'%s\', `topicbild` = \'%s\' WHERE tID = %d', strsave($_POST['topicname']), strsave($_POST['beschreibung']), strsave($_POST['topicbild']), $id))) {
                echo 'ok';
            }
        }
    } else {
        echo html_ajax_convert(NO_ADMIN_RIGHTS);
    }
    die;
}
Exemplo n.º 4
0
function admin_links_edit($id)
{
    ob_end_clean();
    global $db;
    if (!isset($_SESSION['rights']['admin']['links']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
        echo NO_ADMIN_RIGHTS;
    } else {
        if ($_POST['name'] == '' or $_POST['url'] == '') {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            $db->setMode(0);
            ajax_convert_array($_POST);
            $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_links SET `name` = \'%s\', `url` = \'%s\', `bannerurl` = \'%s\', `beschreibung` = \'%s\', `hits` = %d WHERE linkID = %d', strsave($_POST['name']), strsave(check_url($_POST['url'])), strsave(check_url($_POST['bannerurl'])), strsave($_POST['beschreibung']), (int) $_POST['hits'], $id);
            if ($db->query($sql)) {
                echo 'ok';
            }
        }
    }
    die;
}
Exemplo n.º 5
0
function admin_matchtype_edit($id)
{
    global $db;
    $db->setMode(0);
    ob_end_clean();
    ajax_convert_array($_POST);
    if (@$_SESSION['rights']['admin']['clanwars']['matchtype_edit'] or @$_SESSION['rights']['superadmin']) {
        if ($_POST['name'] == '') {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_matchtype SET `matchtypename` = \'%s\', `fightus` = %d WHERE matchtypeID= %d', strsave($_POST['name']), (int) @$_POST['fightus'], $id);
            if ($db->query($sql)) {
                echo 'ok';
            }
        }
    } else {
        echo html_ajax_convert(NO_ADMIN_RIGHTS);
    }
    die;
}
Exemplo n.º 6
0
function admin_server_edit($id)
{
    ob_end_clean();
    global $db;
    ajax_convert_array($_POST);
    if (!isset($_SESSION['rights']['admin']['server']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
        echo NO_ADMIN_RIGHTS;
    } else {
        if ($_POST['ip'] == '' or $_POST['port'] == '' or $_POST['gametype'] == '') {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            $db->setMode(0);
            list($_POST['port'], $_POST['queryport'], $_POST['sport']) = lgsl_port_conversion($_POST['gametype'], $_POST['port'], $_POST['queryport'], $_POST['sport']);
            $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_server SET `gamename` = \'%s\', `gametype` = \'%s\', `passwort` = \'%s\', `displaymenu` = %d, `ip` = \'%s\', `port` = %d, `queryport` = %d, `sport` = %d, `stat` = %d WHERE serverID = %d', strsave(@$_POST['gamename']), strsave($_POST['gametype']), strsave(@$_POST['passwort']), (int) @$_POST['displaymenu'], strsave($_POST['ip']), (int) $_POST['port'], (int) $_POST['queryport'] == 0 ? (int) $_POST['port'] : (int) $_POST['queryport'], (int) $_POST['sport'], (int) @$_POST['stat'], $id);
            if ($db->query($sql)) {
                echo 'ok';
            }
        }
    }
    die;
}
Exemplo n.º 7
0
function admin_survey_edit($id)
{
    ob_end_clean();
    ajax_convert_array($_POST);
    if (@$_SESSION['rights']['admin']['awards']['edit'] or @$_SESSION['rights']['superadmin']) {
        global $db;
        $db->setMode(0);
        if ($_POST['frage'] == '' or !strtotime($_POST['start']) or !strtotime($_POST['ende']) or $_POST['sperre'] == '' or (int) $_POST['antworten'] < 1 or !count($_POST['rights']) or count($_POST) < 8) {
            echo NOT_NEED_ALL_INPUTS;
        } elseif (strtotime($_POST['ende']) < strtotime($_POST['start'])) {
            echo SURVEY_START_BIG_END;
        } else {
            if (in_array('all', $_POST['rights'])) {
                $rights = '';
            } else {
                $rights = ',';
                foreach ($_POST['rights'] as $key) {
                    $rights .= (int) $key . ',';
                }
            }
            $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_survey SET `start` = %d, `ende` = %d, `frage` = \'%s\', `antworten` =%d, `sperre` = %d, `access` = \'%s\' WHERE surveyID = %d', strtotime($_POST['start']), strtotime($_POST['ende']), strsave($_POST['frage']), (int) $_POST['antworten'], (int) $_POST['sperre'] * (int) $_POST['multi'], strsave($rights), $id);
            if ($db->query($sql)) {
                foreach ($_POST as $key => $value) {
                    if (strpos($key, 'answer_') !== false and $value != '') {
                        if (strpos($key, '_old_')) {
                            $nr = substr($key, 11);
                            $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_survey_answers SET `answer` = \'%s\', votes = %d WHERE sID = %d AND answerID = %d', strsave($value), (int) $_POST['votes_' . $nr], $id, (int) $nr));
                        } else {
                            $db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_survey_answers (`sID`, `answer`) VALUES (%d, \'%s\')', $id, strsave($value)));
                        }
                    }
                }
                echo 'ok';
            }
        }
    } else {
        echo html_ajax_convert(NO_ADMIN_RIGHTS);
    }
    die;
}
Exemplo n.º 8
0
function admin_calendar_add()
{
    global $db;
    ob_end_clean();
    ajax_convert_array($_POST);
    if (@$_SESSION['rights']['admin']['calendar']['add'] or @$_SESSION['rights']['superadmin']) {
        $db->setMode(0);
        $lang = array();
        foreach ($_POST as $key => $value) {
            if (strpos($key, 'cription_')) {
                $lang[substr($key, strpos($key, '_') + 1)] = $value;
            }
        }
        if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_calendar (`eventname`, `inhalt`, `access`, `datum`, `userID`) 
								VALUES (\'%s\', \'%s\', \'%s\', %d, %d)', strsave($_POST['eventname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), strtotime($_POST['datum']), $_SESSION['userID']))) {
            echo 'ok';
        }
    } else {
        echo html_ajax_convert(NO_ADMIN_RIGHTS);
    }
    die;
}
Exemplo n.º 9
0
function admin_awards_edit($id)
{
    global $db;
    ob_end_clean();
    $db->setMode(0);
    ajax_convert_array($_POST);
    if (@$_SESSION['rights']['admin']['awards']['edit'] or @$_SESSION['rights']['superadmin']) {
        if ($_POST['eventname'] == '' or !strtotime($_POST['eventdatum']) or !$_POST['platz'] or !$_POST['teamID'] or !$_POST['gID'] or !$_POST['spieler']) {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            $lang = array();
            foreach ($_POST as $key => $value) {
                if (strpos($key, 'cription_')) {
                    $lang[substr($key, strpos($key, '_') + 1)] = $value;
                }
            }
            $players = ',';
            $play = explode(',', $_POST['spieler']);
            foreach ($play as $value) {
                $value = trim($value);
                if ($value) {
                    $userid = @$db->result(DB_PRE . 'ecp_user', 'ID', 'username = \'' . strsave($value) . '\'');
                    if ($userid) {
                        $players .= $userid . ',';
                    }
                }
            }
            if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_awards SET `eventname` = \'%s\', `eventdatum` = %d, `url` = \'%s\', `platz` = \'%s\', `teamID` = %d, `gID` = %d, `preis` = \'%s\', `bericht` = \'%s\', `spieler` = \'%s\' WHERE awardID = %d', strsave($_POST['eventname']), strtotime($_POST['eventdatum']), strsave(check_url($_POST['url'])), (int) $_POST['platz'], (int) $_POST['teamID'], (int) $_POST['gID'], strsave($_POST['preis']), strsave(json_encode($lang)), @$players, $id))) {
                echo 'ok';
            }
        }
    } else {
        echo html_ajax_convert(NO_ADMIN_RIGHTS);
    }
    die;
}
Exemplo n.º 10
0
function admin_smilies_edit($id)
{
    ob_end_clean();
    global $db;
    if (!isset($_SESSION['rights']['admin']['smilies']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
        echo NO_ADMIN_RIGHTS;
    } else {
        $db->setMode(0);
        ajax_convert_array($_POST);
        $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_smilies SET `bedeutung` = \'%s\'WHERE ID = %d', strsave($_POST['bedeutung']), $id);
        if ($db->query($sql)) {
            echo 'ok';
        }
    }
    die;
}
Exemplo n.º 11
0
function admin_downloads_kate_edit($id)
{
    global $db;
    ob_end_clean();
    ajax_convert_array($_POST);
    if ($_POST['kname'] == '') {
        echo NOT_NEED_ALL_INPUTS;
    } else {
        $lang = array();
        foreach ($_POST as $key => $value) {
            if (strpos($key, 'cription_')) {
                $lang[substr($key, strpos($key, '_') + 1)] = $value;
            }
        }
        $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_downloads_kate SET 
						`subkID` = %d, 
						`kname` = \'%s\', 
						`beschreibung` = \'%s\', 
						`access` = \'%s\'
				 WHERE kID = %d', (int) $_POST['subID'], strsave($_POST['kname']), strsave(json_encode($lang)), strsave(admin_make_rights($_POST['rights'])), $id);
        $db->setMode(0);
        if ($db->query($sql)) {
            echo 'ok';
        }
    }
    die;
}
Exemplo n.º 12
0
function admin_gallery_edit($id)
{
    global $db;
    $db->setMode(0);
    ob_end_clean();
    ajax_convert_array($_POST);
    if (!isset($_SESSION['rights']['admin']['gallery']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
        table(ERROR, NO_ADMIN_RIGHTS);
    } else {
        if ($_POST['name'] == '' or !$_POST['folder'] or !$_POST['cID']) {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            $old = $db->result(DB_PRE . 'ecp_gallery', 'cID', 'galleryID = ' . $id);
            $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_gallery SET `name` = \'%s\', `folder` = \'%s\', `cID` = %d, `access` = \'%s\' WHERE galleryID = %d', strsave($_POST['name']), strsave($_POST['folder']), (int) $_POST['cID'], strsave(admin_make_rights($_POST['access'])), $id);
            if ($db->query($sql)) {
                echo 'ok';
                if ($_POST['cID'] != $old) {
                    $db->query('UPDATE ' . DB_PRE . 'ecp_gallery_kate SET galleries = galleries +1 WHERE kateID =' . (int) $_POST['cID']);
                    $db->query('UPDATE ' . DB_PRE . 'ecp_gallery_kate SET galleries = galleries -1 WHERE kateID =' . $old);
                }
            }
        }
    }
    die;
}
Exemplo n.º 13
0
function ajax_convert_array(&$var)
{
    if (is_string($var)) {
        $var = ajax_html_convert($var);
    } else {
        if (is_array($var)) {
            foreach ($var as $key => $value) {
                ajax_convert_array($var[$key]);
            }
        }
    }
}
Exemplo n.º 14
0
function admin_ranks_edit($id)
{
    ob_end_clean();
    global $db;
    if (!isset($_SESSION['rights']['admin']['ranks']['edit']) and !isset($_SESSION['rights']['superadmin'])) {
        echo NO_ADMIN_RIGHTS;
    } else {
        $db->setMode(0);
        ajax_convert_array($_POST);
        $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_ranks SET `rankname` = \'%s\',`abposts` = %d,`fest` = %d, money = %f WHERE rankID = %d', strsave($_POST['rankname']), (int) @$_POST['abposts'], (int) @$_POST['fest'], (double) str_replace(',', '.', @$_POST['money']), $id);
        if ($db->query($sql)) {
            echo 'ok';
            update_all_ranks();
        }
    }
    die;
}
Exemplo n.º 15
0
function teams_edit_member($id, $uid)
{
    ob_end_clean();
    global $db;
    $db->setMode(0);
    ajax_convert_array($_POST);
    if (!isset($_SESSION['rights']['admin']['teams']['edit_member']) and !isset($_SESSION['rights']['superadmin'])) {
        echo NO_ADMIN_RIGHTS;
    } else {
        if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_members SET `name` = \'%s\', `aufgabe` = \'%s\', `aktiv` =  %d WHERE teamID = %d AND userID = %d', strsave($_POST['username']), strsave($_POST['task']), (int) @$_POST['aktiv'], $id, $uid))) {
            echo 'ok';
        }
    }
    die;
}
Exemplo n.º 16
0
function admin_games_map_edit($id)
{
    global $db;
    $db->setMode(0);
    ob_end_clean();
    ajax_convert_array($_POST);
    if (@$_SESSION['rights']['admin']['clanwars']['maps_edit'] or @$_SESSION['rights']['superadmin']) {
        if ($_POST['name'] == '' or !$_POST['gameid']) {
            echo NOT_NEED_ALL_INPUTS;
        } else {
            if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_locations SET locationname = \'%s\', gID =  %d WHERE locationID = %d', strsave($_POST['name']), $_POST['gameid'], $id))) {
                echo 'ok';
            }
        }
    } else {
        echo html_ajax_convert(NO_ADMIN_RIGHTS);
    }
    die;
}
Exemplo n.º 17
0
session_start();
//ob_start();
require 'inc/smarty/Smarty.class.php';
require 'inc/db.daten.php';
require 'inc/classes.php';
require 'inc/constant.php';
$db->setMode(0);
if (count($_SESSION) == 0) {
    $_SESSION = unserialize($db->result(DB_PRE . 'ecp_online', 'SIDDATA', 'SID = \'' . session_id() . '\' AND uID != 0'));
}
require 'inc/functions.php';
require 'inc/language/' . LANGUAGE . '.php';
require 'inc/checks.php';
require 'templates/' . DESIGN . '/design.php';
ajax_convert_array($_POST);
ajax_convert_array($_FILES);
switch (@$_GET['func']) {
    case 'check_username':
        if (isset($_GET['mode'])) {
            echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID != ' . (int) $_SESSION['userID'] . ' AND username = "******"');
        } else {
            echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"');
        }
        break;
    case 'check_email':
        if (isset($_GET['mode'])) {
            echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID != ' . (int) $_SESSION['userID'] . ' AND email = "' . strsave($_GET['email']) . '"');
        } else {
            echo $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_GET['email']) . '"');
        }
        break;