function account_edit()
{
global $db;
if (isset($_POST['submit'])) {
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $_SESSION['userID']) or $_POST['username'] == '') {
$_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $_SESSION['userID']);
table(ERROR, ACCOUNT_ALLREADY_EXIST);
}
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $_SESSION['userID']) or !check_email($_POST['email'])) {
$_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $_SESSION['userID']);
if (!check_email($_POST['email'])) {
table(ERROR, WRONG_EMAIL);
} else {
table(ERROR, EMAIL_ALLREADY_EXIST);
}
}
$geburtstag = explode('.', $_POST['birthday']);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET
username = \'%s\',email = \'%s\',country = \'%s\',
sex = \'%s\',signatur = \'%s\',realname = \'%s\',
geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\',
msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\',
clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\',
clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\',
ram = \'%s\',gkarte = \'%s\',skarte = \'%s\',
monitor = \'%s\',maus = \'%s\',tastatur = \'%s\',
mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\',
headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\', koord = \'%s\'
WHERE ID = ' . $_SESSION['userID'], strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])), strsave(htmlspecialchars(@$_POST['koord'])));
$_SESSION['username'] = htmlspecialchars($_POST['username']);
$_SESSION['email'] = $_POST['email'];
if ($db->query($sql)) {
if ($_POST['password1'] != '') {
if ($_POST['password1'] != $_POST['password2']) {
table(ERROR, DIFFERENT_PW);
} elseif (strlen($_POST['password1']) < PW_MIN_LENGTH) {
table(ERROR, SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1);
} elseif ($db->result(DB_PRE . 'ecp_user', 'passwort', 'ID = ' . $_SESSION['userID']) != sha1($_POST['password'])) {
table(ERROR, WRONG_OLD_PW);
} else {
$db->query('UPDATE ' . DB_PRE . 'ecp_user SET passwort = \'' . strsave(sha1($_POST['password1'])) . '\' WHERE ID = ' . $_SESSION['userID']);
table(INFO, PW_SUCCESS_CHANGE);
}
}
table(INFO, ACCOUNT_EDIT_SUCCESS);
unset($_POST['submit']);
account_edit();
}
} else {
$tpl = new smarty();
$row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`,
`clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`,
`internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, koord FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $_SESSION['userID']);
if ($row['ondelete']) {
table(INFO, str_replace('{zeit}', date('d.m.Y H:i', $row['ondelete']), ACCOUNT_DELETE_ON));
}
//$row['birthday'] = date('d.m.Y', strtotime($row['geburtstag']));
$geb = explode('-', $row['geburtstag']);
$row['birthday'] = "{$geb['2']}.{$geb['1']}.{$geb['0']}";
foreach ($row as $key => $value) {
$tpl->assign($key, $value);
}
ob_start();
$tpl->assign('countries', form_country($row['country']));
$tpl->display(DESIGN . '/tpl/account/account_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(ACCOUNT_EDIT, $content, '', 1);
}
}
$result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search);
$db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_JOINUS"');
$text = array();
while ($row = $db->fetch_assoc()) {
$text[$row['lang']] = $row;
}
while ($row = mysql_fetch_assoc($result)) {
$search = array('{username}', '{from_username}', '{id}');
$replace = array(strsave($row['username']), strsave(htmlspecialchars($_POST['username'])), $id);
if (!isset($text[$row['country']])) {
$row['country'] = 'de';
}
message_send($row['userID'], 0, $text[$row['country']]['content2'], str_replace($search, $replace, $text[$row['country']]['content']), 0, 1);
}
unset($_SESSION['captcha']);
table(INFO, JOINUS_SUCCESS);
}
}
} else {
$tpl = new smarty();
ob_start();
$tpl->assign('countries', form_country());
$tpl->assign('teams', get_teams_form_joinus());
$tpl->display(DESIGN . '/tpl/joinus/joinus.html');
$content = ob_get_contents();
ob_end_clean();
main_content(JOINUS, $content, '', 1);
}
} else {
echo table(ACCESS_DENIED, NO_ACCESS_RIGHTS);
}
function admin_clanwars_editnext($id)
{
if (@$_SESSION['rights']['admin']['clanwars']['edit_next'] or @$_SESSION['rights']['superadmin']) {
global $db;
if (isset($_POST['datum'])) {
if (!$_POST['oppID']) {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_opp (`oppname`, `oppshort`, `homepage`, `country`) VALUES (\'%s\', \'%s\',\'%s\',\'%s\')', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country']));
} else {
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET `oppname` = \'%s\', `oppshort` = \'%s\', `homepage` = \'%s\', `country` = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave(check_url($_POST['homepage'])), strsave($_POST['country']), @$_POST['oppID']);
}
if ($db->query($sql)) {
!$_POST['oppID'] ? $oppid = $db->last_id() : ($oppid = (int) $_POST['oppID']);
$lang = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'cription_')) {
$lang[substr($key, strpos($key, '_') + 1)] = $value;
}
}
$players = array();
foreach ($_POST['players'] as $value) {
$value = trim($value);
if (strpos($value, 'team_') !== false) {
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_members WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1));
while ($row = $db->fetch_assoc()) {
if (!in_array($row['userID'], $players)) {
$players[] = $row['userID'];
}
}
} elseif (strpos($value, 'member_') !== false) {
$ids = substr($value, strpos($value, '_') + 1);
if (!in_array($ids, $players)) {
$players[] = $ids;
}
}
}
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars SET
`tID` = %d,
`mID` = %d,
`gID` = %d,
`datum` = %d,
`xonx` = \'%s\',
hinweise = \'%s\',
`oID` = %d,
`matchlink` = \'%s\',
`resultbylocations` = %d,
`server` = \'%s\',
`livestream` = \'%s\',
`pw` = \'%s\',
`meldefrist` = %d
WHERE warID = %d', (int) $_POST['teamID'], (int) $_POST['matchtypeID'], (int) $_POST['gameID'], strtotime($_POST['datum']), (int) $_POST['xonx1'] . 'on' . (int) $_POST['xonx2'], strsave(json_encode($lang)), $oppid, strsave(check_url($_POST['matchlink'])), (int) @$_POST['winbymaps'], strsave($_POST['server']), strsave($_POST['livestream']), strsave($_POST['pw']), strtotime($_POST['meldefrist']), $id);
if ($db->query($sql)) {
//$db->query('DELETE FROM '.DB_PRE.'ecp_wars_teilnehmer WHERE warID = '.$id);
$aktive = array();
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id);
while ($row = $db->fetch_assoc()) {
$aktive[$row['userID']] = true;
}
$db->query('SELECT scoreID FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC');
$ids = array();
while ($row = $db->fetch_assoc()) {
$ids[] = $row['scoreID'];
}
$own = 0;
$opp = 0;
foreach ($_POST as $key => $value) {
if (strpos($key, 'map_') !== false) {
@$i++;
if ((int) @$_POST['winbymaps']) {
if ((int) $_POST['score_' . $i . '_own'] > (int) $_POST['score_' . $i . '_opp']) {
$own++;
} elseif ((int) $_POST['score_' . $i . '_own'] < (int) $_POST['score_' . $i . '_opp']) {
$opp++;
} else {
$opp++;
$own++;
}
} else {
$own += (int) $_POST['score_' . $i . '_own'];
$opp += (int) $_POST['score_' . $i . '_opp'];
}
if (isset($ids[$i - 1])) {
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_scores SET `lID` = %d, `ownscore` = %d, `oppscore` = %d WHERE scoreID = %d', (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'], $ids[$i - 1]));
} else {
$db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_scores (`wID`, `lID`, `ownscore`, `oppscore`) VALUES (%d, %d, %d, %d)', $id, (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp']));
}
}
}
if (count($players)) {
$text = $db->fetch_assoc('SELECT `content`, `content2` FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEXT_WAR_MSG" AND lang = "' . DEFAULT_LANG . '"');
if ($_POST['messagemode'] == 1) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1);
} else {
$aktive[(int) $value] = false;
}
}
} elseif ($_POST['messagemode'] == 2) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1);
} else {
$aktive[(int) $value] = false;
}
}
} elseif ($_POST['messagemode'] == 3) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1);
send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1);
} else {
$aktive[(int) $value] = false;
}
}
} else {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
} else {
$aktive[(int) $value] = false;
}
}
}
}
foreach ($aktive as $key => $value) {
if ($value == true) {
$db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $key . ' AND warID = ' . $id);
}
}
header1('?section=admin&site=clanwars');
}
}
} else {
$data = $db->fetch_assoc('SELECT `tID`, `mID`, `gID`, `datum`, `xonx`, `hinweise`, `server`, `pw`, meldefrist, livestream, `oID`, `matchlink`, `resultbylocations`, `oppname`, `oppshort`, `homepage`, `country` FROM ' . DB_PRE . 'ecp_wars LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON (oppID = oID) WHERE warID = ' . $id);
$tpl = new smarty();
foreach ($data as $key => $value) {
$tpl->assign($key, $value);
}
$tpl->assign('opps', get_opps($data['oID']));
$tpl->assign('countries', form_country($data['country']));
$tpl->assign('games', get_games_form($data['gID']));
$tpl->assign('teams', get_teams_form($data['tID']));
$tpl->assign('matchtype', get_matchtype_form($data['mID']));
$tpl->assign('lang', get_languages(json_decode($data['hinweise'], true)));
$tpl->assign('func', 'editnext&id=' . $id);
$tpl->assign('datum', date('Y-m-d H:i:s', $data['datum']));
$tpl->assign('meldefrist', date('Y-m-d H:i:s', $data['meldefrist']));
$xonx = explode('on', $data['xonx']);
$tpl->assign('xonx1', $xonx[0]);
$tpl->assign('xonx2', $xonx[1]);
$result = $db->query('SELECT `scoreID`, `lID`, `ownscore`, `oppscore` FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC');
$maps = array();
while ($row = mysql_fetch_assoc($result)) {
$row['i'] = @++$i;
$db->query('SELECT locationID, locationname FROM ' . DB_PRE . 'ecp_wars_locations WHERE gID = ' . $data['gID']);
while ($subrow = $db->fetch_assoc()) {
$subrow['locationID'] == $row['lID'] ? $sub = 'selected="selected"' : ($sub = '');
@($row['maps'] .= '<option ' . $sub . ' value="' . $subrow['locationID'] . '">' . htmlspecialchars($subrow['locationname']) . '</option>');
}
$maps[] = $row;
}
$tpl->assign('maps', $maps);
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id);
$players = array();
while ($row = $db->fetch_assoc()) {
$players[] = $row['userID'];
}
$tpl->assign('members', get_cw_members($players));
ob_start();
$tpl->display(DESIGN . '/tpl/admin/clanwars_next.html');
$content = ob_get_contents();
ob_end_clean();
main_content(CLANWARS_EDIT, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
break;
case 'edit_opp':
if (@$_SESSION['rights']['admin']['clanwars']['edit_opp'] or @$_SESSION['rights']['superadmin']) {
if (isset($_POST['oppname'])) {
if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET oppname = \'%s\', oppshort = \'%s\', homepage = \'%s\', country = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country']), (int) $_GET['id']))) {
echo 'ok';
}
} else {
$row = $db->fetch_assoc('SELECT * FROM ' . DB_PRE . 'ecp_wars_opp WHERE oppID = ' . (int) $_GET['id']);
if (isset($row['oppname'])) {
$tpl = new smarty();
$tpl->assign('id', $_GET['id']);
$tpl->assign('countries', form_country($row['country']));
foreach ($row as $key => $value) {
$tpl->assign($key, $value);
}
ob_start();
$tpl->display(DESIGN . '/tpl/admin/clanwars_opp_edit.html');
$content = ob_get_contents();
ob_end_clean();
echo html_ajax_convert($content);
} else {
echo html_ajax_convert(NO_ENTRIES_ID);
}
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
function admin_user_add()
{
global $db;
if (isset($_POST['submit'])) {
if ($_POST['username'] == '') {
$error[] = '<li>' . NO_USERNAME;
}
if (!check_email($_POST['email'])) {
$error[] = '<li>' . WRONG_EMAIL;
}
if ($_POST['password1'] == '') {
$error[] = '<li>' . NO_PASSWORD;
}
if ($_POST['password1'] != $_POST['password2']) {
$error[] = '<li>' . DIFFERENT_PW;
}
if (strlen($_POST['password1']) < PW_MIN_LENGTH) {
$error[] = '<li>' . SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1;
}
if ($_POST['username'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = "******"')) {
$error[] = '<li>' . ACCOUNT_ALLREADY_EXIST . ' ' . $_POST['username'];
}
if ($_POST['email'] != '' and $db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = "' . strsave($_POST['email']) . '"')) {
$error[] = '<li>' . EMAIL_ALLREADY_EXIST . ' ' . $_POST['email'];
}
if (@$_POST['sex'] != 'male' and @$_POST['sex'] != 'female') {
$error[] = '<li>' . CHOOSE_SEX;
}
if (isset($error)) {
table(ERROR, '<ul>' . implode('</li>', $error) . '</ul>');
$tpl = new smarty();
$tpl->assign('countries', form_country($_POST['country']));
ob_start();
$tpl->display(DESIGN . '/tpl/admin/user_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(REGISTER, $content, '', 1);
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_user (`username`, `email`, `passwort`, `status`, `registerdate`, country) VALUES (\'%s\', \'%s\', \'%s\', %d, %d, \'%s\');', strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), sha1($_POST['password1']), 1, time(), strsave($_POST['country']));
if ($db->query($sql)) {
$userid = $db->last_id();
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_config (userID) VALUES (' . $userid . ')');
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_stats (userID) VALUES (' . $userid . ')');
update_rank($userid);
// Aktivierungscode erstellen
$db->query('INSERT INTO ' . DB_PRE . 'ecp_user_groups (userID, gID) VALUES (' . $userid . ', 3)');
// Emailaktivierungstext aus DB holen und Wert einsetzen
$row = $db->fetch_assoc('SELECT content, content2, options FROM ' . DB_PRE . 'ecp_texte WHERE lang = "' . LANGUAGE . '" AND name = "USER_ADD"');
$search = array('{username}', '{clanname}', '{pageurl}', '{password}');
$replace = array($_POST['username'], CLAN_NAME, SITE_URL, $_POST['password1']);
$row['content'] = str_replace($search, $replace, $row['content']);
echo $row['content'];
if (send_email($_POST['email'], $row['content2'], $row['content'], $row['options'])) {
table(INFO, REGISTER_SUCCESS3);
} else {
table(INFO, NO_EMAIL_SEND2);
}
}
}
} else {
$tpl = new smarty();
$tpl->assign('countries', form_country());
ob_start();
$tpl->display(DESIGN . '/tpl/admin/user_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(REGISTER, $content, '', 1);
}
}
