function account_edit() { global $db; if (isset($_POST['submit'])) { if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $_SESSION['userID']) or $_POST['username'] == '') { $_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $_SESSION['userID']); table(ERROR, ACCOUNT_ALLREADY_EXIST); } if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $_SESSION['userID']) or !check_email($_POST['email'])) { $_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $_SESSION['userID']); if (!check_email($_POST['email'])) { table(ERROR, WRONG_EMAIL); } else { table(ERROR, EMAIL_ALLREADY_EXIST); } } $geburtstag = explode('.', $_POST['birthday']); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET username = \'%s\',email = \'%s\',country = \'%s\', sex = \'%s\',signatur = \'%s\',realname = \'%s\', geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\', msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\', clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\', clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\', ram = \'%s\',gkarte = \'%s\',skarte = \'%s\', monitor = \'%s\',maus = \'%s\',tastatur = \'%s\', mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\', headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\', koord = \'%s\' WHERE ID = ' . $_SESSION['userID'], strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])), strsave(htmlspecialchars(@$_POST['koord']))); $_SESSION['username'] = htmlspecialchars($_POST['username']); $_SESSION['email'] = $_POST['email']; if ($db->query($sql)) { if ($_POST['password1'] != '') { if ($_POST['password1'] != $_POST['password2']) { table(ERROR, DIFFERENT_PW); } elseif (strlen($_POST['password1']) < PW_MIN_LENGTH) { table(ERROR, SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1); } elseif ($db->result(DB_PRE . 'ecp_user', 'passwort', 'ID = ' . $_SESSION['userID']) != sha1($_POST['password'])) { table(ERROR, WRONG_OLD_PW); } else { $db->query('UPDATE ' . DB_PRE . 'ecp_user SET passwort = \'' . strsave(sha1($_POST['password1'])) . '\' WHERE ID = ' . $_SESSION['userID']); table(INFO, PW_SUCCESS_CHANGE); } } table(INFO, ACCOUNT_EDIT_SUCCESS); unset($_POST['submit']); account_edit(); } } else { $tpl = new smarty(); $row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`, `clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`, `internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, koord FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $_SESSION['userID']); if ($row['ondelete']) { table(INFO, str_replace('{zeit}', date('d.m.Y H:i', $row['ondelete']), ACCOUNT_DELETE_ON)); } //$row['birthday'] = date('d.m.Y', strtotime($row['geburtstag'])); $geb = explode('-', $row['geburtstag']); $row['birthday'] = "{$geb['2']}.{$geb['1']}.{$geb['0']}"; foreach ($row as $key => $value) { $tpl->assign($key, $value); } ob_start(); $tpl->assign('countries', form_country($row['country'])); $tpl->display(DESIGN . '/tpl/account/account_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(ACCOUNT_EDIT, $content, '', 1); } }
$result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search); $db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_JOINUS"'); $text = array(); while ($row = $db->fetch_assoc()) { $text[$row['lang']] = $row; } while ($row = mysql_fetch_assoc($result)) { $search = array('{username}', '{from_username}', '{id}'); $replace = array(strsave($row['username']), strsave(htmlspecialchars($_POST['username'])), $id); if (!isset($text[$row['country']])) { $row['country'] = 'de'; } message_send($row['userID'], 0, $text[$row['country']]['content2'], str_replace($search, $replace, $text[$row['country']]['content']), 0, 1); } unset($_SESSION['captcha']); table(INFO, JOINUS_SUCCESS); } } } else { $tpl = new smarty(); ob_start(); $tpl->assign('countries', form_country()); $tpl->assign('teams', get_teams_form_joinus()); $tpl->display(DESIGN . '/tpl/joinus/joinus.html'); $content = ob_get_contents(); ob_end_clean(); main_content(JOINUS, $content, '', 1); } } else { echo table(ACCESS_DENIED, NO_ACCESS_RIGHTS); }
function admin_clanwars_editnext($id) { if (@$_SESSION['rights']['admin']['clanwars']['edit_next'] or @$_SESSION['rights']['superadmin']) { global $db; if (isset($_POST['datum'])) { if (!$_POST['oppID']) { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_opp (`oppname`, `oppshort`, `homepage`, `country`) VALUES (\'%s\', \'%s\',\'%s\',\'%s\')', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country'])); } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET `oppname` = \'%s\', `oppshort` = \'%s\', `homepage` = \'%s\', `country` = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave(check_url($_POST['homepage'])), strsave($_POST['country']), @$_POST['oppID']); } if ($db->query($sql)) { !$_POST['oppID'] ? $oppid = $db->last_id() : ($oppid = (int) $_POST['oppID']); $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $players = array(); foreach ($_POST['players'] as $value) { $value = trim($value); if (strpos($value, 'team_') !== false) { $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_members WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1)); while ($row = $db->fetch_assoc()) { if (!in_array($row['userID'], $players)) { $players[] = $row['userID']; } } } elseif (strpos($value, 'member_') !== false) { $ids = substr($value, strpos($value, '_') + 1); if (!in_array($ids, $players)) { $players[] = $ids; } } } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars SET `tID` = %d, `mID` = %d, `gID` = %d, `datum` = %d, `xonx` = \'%s\', hinweise = \'%s\', `oID` = %d, `matchlink` = \'%s\', `resultbylocations` = %d, `server` = \'%s\', `livestream` = \'%s\', `pw` = \'%s\', `meldefrist` = %d WHERE warID = %d', (int) $_POST['teamID'], (int) $_POST['matchtypeID'], (int) $_POST['gameID'], strtotime($_POST['datum']), (int) $_POST['xonx1'] . 'on' . (int) $_POST['xonx2'], strsave(json_encode($lang)), $oppid, strsave(check_url($_POST['matchlink'])), (int) @$_POST['winbymaps'], strsave($_POST['server']), strsave($_POST['livestream']), strsave($_POST['pw']), strtotime($_POST['meldefrist']), $id); if ($db->query($sql)) { //$db->query('DELETE FROM '.DB_PRE.'ecp_wars_teilnehmer WHERE warID = '.$id); $aktive = array(); $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id); while ($row = $db->fetch_assoc()) { $aktive[$row['userID']] = true; } $db->query('SELECT scoreID FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC'); $ids = array(); while ($row = $db->fetch_assoc()) { $ids[] = $row['scoreID']; } $own = 0; $opp = 0; foreach ($_POST as $key => $value) { if (strpos($key, 'map_') !== false) { @$i++; if ((int) @$_POST['winbymaps']) { if ((int) $_POST['score_' . $i . '_own'] > (int) $_POST['score_' . $i . '_opp']) { $own++; } elseif ((int) $_POST['score_' . $i . '_own'] < (int) $_POST['score_' . $i . '_opp']) { $opp++; } else { $opp++; $own++; } } else { $own += (int) $_POST['score_' . $i . '_own']; $opp += (int) $_POST['score_' . $i . '_opp']; } if (isset($ids[$i - 1])) { $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_scores SET `lID` = %d, `ownscore` = %d, `oppscore` = %d WHERE scoreID = %d', (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'], $ids[$i - 1])); } else { $db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_scores (`wID`, `lID`, `ownscore`, `oppscore`) VALUES (%d, %d, %d, %d)', $id, (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'])); } } } if (count($players)) { $text = $db->fetch_assoc('SELECT `content`, `content2` FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEXT_WAR_MSG" AND lang = "' . DEFAULT_LANG . '"'); if ($_POST['messagemode'] == 1) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1); } else { $aktive[(int) $value] = false; } } } elseif ($_POST['messagemode'] == 2) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1); } else { $aktive[(int) $value] = false; } } } elseif ($_POST['messagemode'] == 3) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1); send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1); } else { $aktive[(int) $value] = false; } } } else { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); } else { $aktive[(int) $value] = false; } } } } foreach ($aktive as $key => $value) { if ($value == true) { $db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $key . ' AND warID = ' . $id); } } header1('?section=admin&site=clanwars'); } } } else { $data = $db->fetch_assoc('SELECT `tID`, `mID`, `gID`, `datum`, `xonx`, `hinweise`, `server`, `pw`, meldefrist, livestream, `oID`, `matchlink`, `resultbylocations`, `oppname`, `oppshort`, `homepage`, `country` FROM ' . DB_PRE . 'ecp_wars LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON (oppID = oID) WHERE warID = ' . $id); $tpl = new smarty(); foreach ($data as $key => $value) { $tpl->assign($key, $value); } $tpl->assign('opps', get_opps($data['oID'])); $tpl->assign('countries', form_country($data['country'])); $tpl->assign('games', get_games_form($data['gID'])); $tpl->assign('teams', get_teams_form($data['tID'])); $tpl->assign('matchtype', get_matchtype_form($data['mID'])); $tpl->assign('lang', get_languages(json_decode($data['hinweise'], true))); $tpl->assign('func', 'editnext&id=' . $id); $tpl->assign('datum', date('Y-m-d H:i:s', $data['datum'])); $tpl->assign('meldefrist', date('Y-m-d H:i:s', $data['meldefrist'])); $xonx = explode('on', $data['xonx']); $tpl->assign('xonx1', $xonx[0]); $tpl->assign('xonx2', $xonx[1]); $result = $db->query('SELECT `scoreID`, `lID`, `ownscore`, `oppscore` FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC'); $maps = array(); while ($row = mysql_fetch_assoc($result)) { $row['i'] = @++$i; $db->query('SELECT locationID, locationname FROM ' . DB_PRE . 'ecp_wars_locations WHERE gID = ' . $data['gID']); while ($subrow = $db->fetch_assoc()) { $subrow['locationID'] == $row['lID'] ? $sub = 'selected="selected"' : ($sub = ''); @($row['maps'] .= '<option ' . $sub . ' value="' . $subrow['locationID'] . '">' . htmlspecialchars($subrow['locationname']) . '</option>'); } $maps[] = $row; } $tpl->assign('maps', $maps); $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id); $players = array(); while ($row = $db->fetch_assoc()) { $players[] = $row['userID']; } $tpl->assign('members', get_cw_members($players)); ob_start(); $tpl->display(DESIGN . '/tpl/admin/clanwars_next.html'); $content = ob_get_contents(); ob_end_clean(); main_content(CLANWARS_EDIT, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
} else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } break; case 'edit_opp': if (@$_SESSION['rights']['admin']['clanwars']['edit_opp'] or @$_SESSION['rights']['superadmin']) { if (isset($_POST['oppname'])) { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET oppname = \'%s\', oppshort = \'%s\', homepage = \'%s\', country = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country']), (int) $_GET['id']))) { echo 'ok'; } } else { $row = $db->fetch_assoc('SELECT * FROM ' . DB_PRE . 'ecp_wars_opp WHERE oppID = ' . (int) $_GET['id']); if (isset($row['oppname'])) { $tpl = new smarty(); $tpl->assign('id', $_GET['id']); $tpl->assign('countries', form_country($row['country'])); foreach ($row as $key => $value) { $tpl->assign($key, $value); } ob_start(); $tpl->display(DESIGN . '/tpl/admin/clanwars_opp_edit.html'); $content = ob_get_contents(); ob_end_clean(); echo html_ajax_convert($content); } else { echo html_ajax_convert(NO_ENTRIES_ID); } } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); }
function admin_user_add() { global $db; if (isset($_POST['submit'])) { if ($_POST['username'] == '') { $error[] = '<li>' . NO_USERNAME; } if (!check_email($_POST['email'])) { $error[] = '<li>' . WRONG_EMAIL; } if ($_POST['password1'] == '') { $error[] = '<li>' . NO_PASSWORD; } if ($_POST['password1'] != $_POST['password2']) { $error[] = '<li>' . DIFFERENT_PW; } if (strlen($_POST['password1']) < PW_MIN_LENGTH) { $error[] = '<li>' . SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1; } if ($_POST['username'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"')) { $error[] = '<li>' . ACCOUNT_ALLREADY_EXIST . ' ' . $_POST['username']; } if ($_POST['email'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_POST['email']) . '"')) { $error[] = '<li>' . EMAIL_ALLREADY_EXIST . ' ' . $_POST['email']; } if (@$_POST['sex'] != 'male' and @$_POST['sex'] != 'female') { $error[] = '<li>' . CHOOSE_SEX; } if (isset($error)) { table(ERROR, '<ul>' . implode('</li>', $error) . '</ul>'); $tpl = new smarty(); $tpl->assign('countries', form_country($_POST['country'])); ob_start(); $tpl->display(DESIGN . '/tpl/admin/user_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(REGISTER, $content, '', 1); } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_user (`username`, `email`, `passwort`, `status`, `registerdate`, country) VALUES (\'%s\', \'%s\', \'%s\', %d, %d, \'%s\');', strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), sha1($_POST['password1']), 1, time(), strsave($_POST['country'])); if ($db->query($sql)) { $userid = $db->last_id(); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_config (userID) VALUES (' . $userid . ')'); $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_stats (userID) VALUES (' . $userid . ')'); update_rank($userid); // Aktivierungscode erstellen $db->query('INSERT INTO ' . DB_PRE . 'ecp_user_groups (userID, gID) VALUES (' . $userid . ', 3)'); // Emailaktivierungstext aus DB holen und Wert einsetzen $row = $db->fetch_assoc('SELECT content, content2, options FROM ' . DB_PRE . 'ecp_texte WHERE lang = "' . LANGUAGE . '" AND name = "USER_ADD"'); $search = array('{username}', '{clanname}', '{pageurl}', '{password}'); $replace = array($_POST['username'], CLAN_NAME, SITE_URL, $_POST['password1']); $row['content'] = str_replace($search, $replace, $row['content']); echo $row['content']; if (send_email($_POST['email'], $row['content2'], $row['content'], $row['options'])) { table(INFO, REGISTER_SUCCESS3); } else { table(INFO, NO_EMAIL_SEND2); } } } } else { $tpl = new smarty(); $tpl->assign('countries', form_country()); ob_start(); $tpl->display(DESIGN . '/tpl/admin/user_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(REGISTER, $content, '', 1); } }