function run_user_insert_query($query)
{
$conn = user_mysqli_connect();
if ($conn) {
if ($_GET['debug'] != '' || $_POST['debug'] != '' || $_SESSION['debug'] != '') {
log_to_db($query);
}
$result = $conn->query($query);
if (!$result) {
$trace_data = debug_backtrace();
drupal_set_message(t("Unable to execute query: {$query}\n" . $conn->error), 'error');
} else {
return $conn->insert_id;
}
}
}
}
if (!$user_msg) {
$name = mysql_real_escape_string($_POST["username"]);
//add new amxxadmin to db
$query = mysql_query("INSERT INTO `" . $config->db_prefix . "_amxadmins` \n\t\t\t\t\t\t\t(`username`,`password`,`access`,`flags`,`steamid`,`nickname`,`ashow`,`created`,`expired`,`days`) \n\t\t\t\t\t\t\tVALUES (\n\t\t\t\t\t\t\t'" . $username . "',\n\t\t\t\t\t\t\t'" . $password . "',\n\t\t\t\t\t\t\t'" . $access . "',\n\t\t\t\t\t\t\t'" . $flags . "',\n\t\t\t\t\t\t\t'" . $steamid . "',\n\t\t\t\t\t\t\t'" . $nickname . "',\n\t\t\t\t\t\t\t" . (int) $_POST["ashow"] . ",\n\t\t\t\t\t\t\tUNIX_TIMESTAMP(),\n\t\t\t\t\t\t\t" . $exp . "\n\t\t\t\t\t\t\t" . $days . "\n\t\t\t\t\t\t\t)") or die(mysql_error());
//add as admin to selected servers
$adminid = mysql_insert_id();
$addtoserver = $_POST["addtoserver"];
$sban = mysql_real_escape_string($_POST["staticbantime"]);
if (is_array($addtoserver)) {
foreach ($addtoserver as $k => $v) {
$query = mysql_query("INSERT INTO `" . $config->db_prefix . "_admins_servers` \n\t\t\t\t\t\t\t(`admin_id`,`server_id`,`custom_flags`,`use_static_bantime`) \n\t\t\t\t\t\t\tVALUES \n\t\t\t\t\t\t\t('" . $adminid . "','" . $v . "','','" . $sban . "')\n\t\t\t\t\t\t\t") or die(mysql_error());
}
}
$user_msg[] = '_AMXADMINADDED';
log_to_db("AMXXAdmin config", "Added admin: " . $name);
} else {
$input = array("username" => html_safe($username), "password" => $password, "access" => $access, "flags" => $flags, "steamid" => $steamid, "nickname" => html_safe($nickname), "ashow" => (int) $_POST["ashow"], "days" => $_POST["days"], "moredays" => (int) $_POST["moredays"], "noend" => isset($_POST["noend"]) ? 1 : 0);
$smarty->assign("input", $input);
}
}
//amxadmins holen
$admins = sql_get_amxadmins();
//server holen
$servers = sql_get_server();
if (is_array($servers)) {
foreach ($servers as $k => $v) {
$svalues[] = $v["sid"];
$soutput[] = $v["hostname"];
}
}
$smsg = "";
}
}
}
//save server settings
if (isset($_POST["save"])) {
$query = mysql_query("UPDATE `" . $config->db_prefix . "_serverinfo` SET \n\t\t\t\t\t`rcon`='" . sql_safe($_POST["rcon"]) . "',\n\t\t\t\t\t`amxban_motd`='" . sql_safe($_POST["amxban_motd"]) . "',\n\t\t\t\t\t`motd_delay`='" . (int) $_POST["motd_delay"] . "',\n\t\t\t\t\t`amxban_menu`='" . (int) $_POST["amxban_menu"] . "',\n\t\t\t\t\t`reasons`='" . (int) $_POST["reasons"] . "',\n\t\t\t\t\t`timezone_fixx`='" . (int) $_POST["timezone_fixx"] . "'\n\t\t\t\t\tWHERE `id`=" . $sid . " LIMIT 1") or die(mysql_error());
$user_msg = '_SERVERSAVED';
log_to_db("Server config", "Edited server: " . html_safe($_POST["sidname"]));
}
//delete server from db
if (isset($_POST["del"])) {
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_serverinfo` WHERE `id`=" . $sid . " LIMIT 1") or die(mysql_error());
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_admins_servers` WHERE `server_id`=" . $sid) or die(mysql_error());
$user_msg = '_SERVERDELETED';
log_to_db("Server config", "Deleted server: " . html_safe($_POST["sidname"]));
}
//get servers
$servers = sql_get_server();
//get reason sets
$query = mysql_query("SELECT * FROM `" . $config->db_prefix . "_reasons_set` ORDER BY `setname` ASC") or die(mysql_error());
$reasons_values = array("");
$reasons_choose = array("");
while ($result = mysql_fetch_object($query)) {
$reasons_values[] = $result->id;
$reasons_choose[] = $result->setname;
}
$timezone_values = array(-12, -11, -10, -9, -8, -7, -6, -5, -4, -3, -2, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12);
$timezone_output = array("-12", "-11", "-10", "-9", "-8", "-7", "-6", "-5", "-4", "-3", "-2", "-1", "0", "+1", "+2", "+3", "+4", "+5", "+6", "+7", "+8", "+9", "+10", "+11", "+12");
$delay_choose = array(2, 3, 4, 5, 7, 10);
$menu_choose = array(0, 1);
/*
AMXBans v6.0
Copyright 2009, 2010 by SeToY & |PJ|ShOrTy
This file is part of AMXBans.
AMXBans is free software, but it's licensed under the
Creative Commons - Attribution-NonCommercial-ShareAlike 2.0
AMXBans is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
You should have received a copy of the cc-nC-SA along with AMXBans.
If not, see <http://creativecommons.org/licenses/by-nc-sa/2.0/>.
*/
session_start();
if (!$_SESSION["loggedin"]) {
header("Location:index.php");
}
$admin_site = "mo";
$title2 = "_TITLEMODULE";
$mid = (int) $_POST["mid"];
//save module
if (isset($_POST["save"])) {
$query = mysql_query("UPDATE `" . $config->db_prefix . "_modulconfig` SET \n\t\t\t\t\t`activ`=" . (isset($_POST["activ"]) ? 1 : 0) . ",\n\t\t\t\t\t`menuname`='" . mysql_real_escape_string($_POST["menuname"]) . "',\n\t\t\t\t\t`name`='" . mysql_real_escape_string($_POST["name"]) . "',\n\t\t\t\t\t`index`='" . mysql_real_escape_string($_POST["index"]) . "'\n\t\t\t\t\tWHERE `id`=" . $mid . " LIMIT 1") or die(mysql_error());
$user_msg = '_MODULSAVED';
log_to_db("Modules config", "Edited module: ID " . $mid);
}
//get all modules
$modules2 = sql_get_modules(0, $tmp);
$smarty->assign("modules_menu_count", $modules_menu_count);
$smarty->assign("modules2", $modules2);
$update_query .= ",`banner_url`='" . mysql_real_escape_string(trim($_POST["banner_url"])) . "'";
$update_query .= ",`default_lang`='" . mysql_real_escape_string($_POST["language"]) . "'";
$update_query .= ",`start_page`='" . mysql_real_escape_string($_POST["start_page"]) . "'";
$update_query .= ",`show_comment_count`=" . (int) $_POST["show_comment_count"];
$update_query .= ",`show_demo_count`=" . (int) $_POST["show_demo_count"];
$update_query .= ",`show_kick_count`=" . (int) $_POST["show_kick_count"];
$update_query .= ",`use_demo`=" . (int) $_POST["use_demo"];
$update_query .= ",`use_comment`=" . (int) $_POST["use_comment"];
$update_query .= ",`demo_all`=" . (int) $_POST["demo_all"];
$update_query .= ",`comment_all`=" . (int) $_POST["comment_all"];
$update_query .= ",`use_capture`=" . (int) $_POST["use_capture"];
$update_query .= ",`auto_prune`=" . (int) $_POST["auto_prune"];
$update_query .= ",`max_offences`=" . (is_numeric($_POST["max_offences"]) && $_POST["max_offences"] > 1 ? (int) $_POST["max_offences"] : 10);
$update_query .= ",`max_offences_reason`='" . (mysql_real_escape_string($_POST["max_offences_reason"]) == "" ? "max offences reached" : mysql_real_escape_string($_POST["max_offences_reason"])) . "'";
$update_query .= ",`max_file_size`=" . (int) $_POST["max_file_size"];
$update_query .= ",`file_type`='" . mysql_real_escape_string($_POST["file_type"]) . "'";
//save it to db
$query = mysql_query("UPDATE `" . $config->db_prefix . "_webconfig` SET " . $update_query . " WHERE `id`=1 LIMIT 1") or die(mysql_error());
$user_msg = "_CONFIGSAVED";
log_to_db("Websetting config", "Changed");
//set language
$_SESSION["lang"] = mysql_real_escape_string($_POST["language"]);
}
//get and set websettings
$vars = sql_set_websettings();
$smarty->assign("yesno_select", array("_YES", "_NO"));
$smarty->assign("yesno_values", array(1, 0));
$smarty->assign("vars", $vars);
$smarty->assign("designs", $designs);
$smarty->assign("banners", $banners);
$smarty->assign("start_pages", $start_pages);
$_SESSION['prune_db'] = $result->prune_db;
$_SESSION['servers_edit'] = $result->servers_edit;
$_SESSION['ip_view'] = $result->ip_view;
}
$query = mysql_query("UPDATE `" . $config->db_prefix . "_webadmins` SET `logcode`='" . session_id() . "',`last_action`=UNIX_TIMESTAMP(),`try`=0 WHERE `id`=" . $_SESSION["uid"]);
#$msg="_LOGINOK";
__stats();
header("Location:index.php");
exit;
} else {
$_SESSION["loginfailed"]++;
//login wrong, add a wrong login try to the user
require_once "include/logfunc.inc.php";
$try++;
$_SESSION["uname"] = $uname;
log_to_db("Login failed", $try == $max_trys ? "login blocked (" . $max_trys_block . " minutes)" : "login failed (try: " . $try . "/" . $max_trys . ")");
$msg = "_LOGINFAILEDPW";
$loginfailed = true;
if ($try < $max_trys) {
$query = @mysql_query("UPDATE `" . $config->db_prefix . "_webadmins` SET `try`=" . $try . ",`logcode`=NULL WHERE username='******' LIMIT 1");
} else {
$query = @mysql_query("UPDATE `" . $config->db_prefix . "_webadmins` SET `try`=" . $try . ",`logcode`=NULL,`last_action`=UNIX_TIMESTAMP() WHERE username='******' LIMIT 1");
$msg = "_LOGINBLOCKED";
$block_left = $max_trys_block * 60;
$loginblocked = true;
}
}
}
} else {
$_SESSION["loginfailed"]++;
$msg = "_LOGINFAILED";
//del reason
if (isset($_POST["reasondel"])) {
$reason = html_safe($_POST["reason"]);
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_reasons` WHERE `id`=" . $rid . " LIMIT 1") or die(mysql_error());
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_reasons_to_set` WHERE `reasonid`=" . $rid) or die(mysql_error());
$user_msg = '_REASONDELETED';
log_to_db("Reasons config", "Deleted reason: " . sql_safe($reason));
}
//save reason
if (isset($_POST["reasonsave"])) {
$reason = sql_safe($_POST["reason"]);
if (!validate_value($reason, "name", $error, 1, 99, "REASON")) {
$user_msg = $error;
}
if (!$user_msg) {
$time = (int) $_POST["static_bantime"];
$query = mysql_query("UPDATE `" . $config->db_prefix . "_reasons` SET `reason`='" . $reason . "',`static_bantime`=" . $time . " WHERE `id`=" . $rid . " LIMIT 1") or die(mysql_error());
$user_msg = '_REASONSAVED';
log_to_db("Reasons config", "Edited reason: " . sql_safe($reason) . " (" . $time . " min)");
}
}
//reason sets holen
$reasons_set = sql_get_reasons_set();
$smarty->assign("reasons_set", $reasons_set);
//reason holen
$reasons = sql_get_reasons();
$check_values = array("1", "0");
$check_output = array("Ja", "Nein");
$smarty->assign("check_values", $check_values);
$smarty->assign("check_output", $check_output);
$smarty->assign("reasons", $reasons);
<?php
require_once "mylib.php";
// test with: logtriple.php?s=testuser&p=drank&v=water&k=testkey
$db = open_db();
log_to_db($db);
function log_to_db($db)
{
$ERROR_MSG = "usage logger.php?s=subject&p=predicate&v=value&k=key";
// #1 - grab values from query string
$subject = array_key_exists('s', $_GET) ? sanitize_string($_GET['s']) : die($ERROR_MSG);
$predicate = array_key_exists('p', $_GET) ? sanitize_string($_GET['p']) : die($ERROR_MSG);
$value = array_key_exists('v', $_GET) ? sanitize_string($_GET['v']) : die($ERROR_MSG);
$key = array_key_exists('k', $_GET) ? sanitize_string($_GET['k']) : die($ERROR_MSG);
$timestamp = time();
// #2 - Check to see if user is authorized
// if they are, we should get one match from the table
$queryString = "SELECT * FROM AuthKey WHERE username = '******' AND key='{$key}'";
// log the query string for debugging purposes
echo "\$queryString={$queryString}<br>";
$result = $db->query($queryString);
$numRows = count($result->fetchAll());
// #3 - no match? Exit program!
if ($numRows == 0) {
die("Bad username or key!");
}
// #4 - INSERT values into Triple table
$queryString = "INSERT INTO Triple (id, subject, predicate, value, timestamp) VALUES (NULL, '{$subject}', '{$predicate}', '{$value}', '{$timestamp}')";
// log the query string for debugging purposes
echo "\$queryString={$queryString}<br>";
$result = $db->query($queryString);
$custom_flags = $_POST["custom_flags"];
$use_static_bantime = $_POST["use_static_bantime"];
//delete all admins for this server
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_admins_servers` WHERE `server_id`=" . $sid) or die(mysql_error());
//search for the new settings
if (is_array($aktiv)) {
foreach ($aktiv as $k => $aid) {
$cflags = sql_safe(trim($custom_flags[$k]));
$sban = sql_safe(trim($use_static_bantime[$k]));
//safe the admin to the db
$query = mysql_query("INSERT INTO `" . $config->db_prefix . "_admins_servers` \n\t\t\t\t\t\t\t(`admin_id`,`server_id`,`custom_flags`,`use_static_bantime`) \n\t\t\t\t\t\t\tVALUES \n\t\t\t\t\t\t\t('" . (int) $aid . "','" . $sid . "','" . trim($cflags) . "','" . $sban . "')\n\t\t\t\t\t\t\t") or die(mysql_error());
}
}
$user_msg = '_SADMINSAVED';
$smarty->assign("msg", $user_msg);
log_to_db("Server Admin config", "Edited admins on server: " . sql_safe($_POST["sidname"]));
}
if (isset($_POST["admins_edit"])) {
$editadmins = array("sidname" => html_safe($_POST["sidname"]), "sid" => $sid);
$smarty->assign("editadmins", $editadmins);
$admins = sql_get_amxadmins_server($sid);
$smarty->assign("admins", $admins);
}
//Servers holen
$servers = sql_get_server();
$delay_choose = array(1, 2, 5, 10);
$yesno_choose = array("yes", "no");
$yesno_output = array("_YES", "_NO");
$smarty->assign("delay_choose", $delay_choose);
$smarty->assign("yesno_choose", $yesno_choose);
$smarty->assign("yesno_output", $yesno_output);
}
//$server_msg=substr($response,1); //for debug, shows the response from server
$server->Disconnect();
}
}
}
}
//kick a player
if (isset($_POST["kick"]) && $servers_array[$sid]["address"] != "") {
$server_address = explode(":", trim($servers_array[$sid]["address"]));
$server = new Rcon();
if ($server->Connect($server_address[0], $server_address[1], $servers_array[$sid]["rcon"])) {
$response = $server->RconCommand("kick #" . $pl_uid . " " . $pl_reason);
if (substr($response, 1) != "") {
$user_msg = "_PLAYERKICKED";
log_to_db("Kick online", "nick: " . $pl_name . " <" . $pl_steamid . "><" . $pl_ip . "> kicked");
}
$server_msg = $servers_array[$sid]["address"] . "<br>" . substr($response, 1);
//for debug, shows the response from server
$server->Disconnect();
}
}
if ($servers_array[$sid]["mod"]) {
//get player list sent by plugin
$server_address = explode(":", trim($servers_array[$sid]["address"]));
$server = new Rcon();
if ($server->Connect($server_address[0], $server_address[1], $servers_array[$sid]["rcon"])) {
$response = $server->ServerPlayers();
//explode packet and get infos
$re = explode("\n", $response);
//there is a response from amxmodx plugin
function _get($id = '')
{
$conn = db_mysqli_connect();
if (is_array($id)) {
$ids = implode(',', $id);
$query = "select SQL_CALC_FOUND_ROWS\r\n \t errorlog_id, \r\n \t errorlog_timestamp, \r\n \t errorlog_type, \r\n \t errorlog_string, \r\n \t errorlog_status, \r\n \t errorlog_environment,\r\n \t from errorlog\r\n \t where errorlog_id = in ( {$ids} ) \r\n \t order by errorlog_id DESC";
} else {
if ($id != 'last_id') {
$query = "select SQL_CALC_FOUND_ROWS\r\n \t errorlog_id, \r\n \t errorlog_timestamp, \r\n \t errorlog_type, \r\n \t errorlog_string, \r\n \t errorlog_status, \r\n \t errorlog_environment\r\n \t from errorlog";
if ($id != 'all' && $id != '' && $id != '0') {
$query .= " where errorlog_id = '{$id}'";
}
$query .= " order by errorlog_id DESC";
} else {
$query = "select SQL_CALC_FOUND_ROWS\r\n \t errorlog_id, \r\n \t errorlog_timestamp, \r\n \t errorlog_type, \r\n \t errorlog_string, \r\n \t errorlog_status, \r\n \t errorlog_environment\r\n \t from errorlog\r\n \t where errorlog_id = ( select max(errorlog_id) from errorlog )";
}
}
if ($this->page_control_number == 0) {
$this->page_control_number = 50;
}
if ($this->num == '') {
$this->num = $this->page_control_number;
}
if ($this->start == '') {
$this->start = 0;
}
$query_sorted = $query;
if ($this->num != -1) {
$query_paged = $query_sorted . " limit {$this->start},{$this->num}";
} else {
$query_paged = $query_sorted;
}
if ($conn) {
if ($this->paged == TRUE) {
if ($_GET['debug'] != '') {
log_to_db($query_paged);
}
$result = $conn->query($query_paged);
} else {
if ($_GET['debug'] != '') {
log_to_db($query_sorted);
}
$result = $conn->query($query_sorted);
$this->num_rows = $result->num_rows;
}
if (!$result) {
if ($this->paged == TRUE) {
$query = $query_paged;
} else {
$query = $query_sorted;
}
log_error("<br>Unable to query errorlogs:{$query}", LOG_TO_ALL, "Unable to query errorlogs.", 'class.Errorlog');
} else {
while ($row = mysqli_fetch_array($result)) {
$result_rows[] = $row;
}
if (is_array($id) || $id == 'all' || $id == '' || $id == '0') {
$fr_result = $conn->query("SELECT FOUND_ROWS()");
$found_rows = mysqli_fetch_row($fr_result);
$this->found_rows = $found_rows[0];
return $result_rows;
} else {
return $result_rows[0];
}
}
}
}
}
if (!$steamid && $ban_type == "S") {
$user_msg = "_NOBANSTEAMID";
}
if (!$ip && $ban_type == "SI") {
$user_msg = "_NOIP";
}
//check if a activ ban exists
if (!$user_msg) {
$query = mysql_query("SELECT * FROM `" . $config->db_prefix . "_bans` WHERE " . ($steamid ? "`player_id`='" . $steamid . "'" : "") . ($steamid && $ip ? " AND " : "") . ($ip ? "`player_ip`='" . $ip . "'" : "") . " AND `expired`=0");
if (mysql_num_rows($query)) {
$user_msg = "_ACTIVBANEXISTS";
}
}
//add the ban
if (!$user_msg) {
$query = mysql_query("INSERT INTO `" . $config->db_prefix . "_bans` \n\t\t\t\t\t(`player_ip`,`player_id`,`player_nick`,`admin_nick`,`admin_id`,`ban_type`,`ban_reason`,`ban_created`,`ban_length`,`server_name`) \n\t\t\t\t\tVALUES \n\t\t\t\t\t('" . $ip . "','" . $steamid . "','" . $name . "','" . $_SESSION["uname"] . "','" . $_SESSION["uname"] . "','" . $ban_type . "','" . $reason . "',UNIX_TIMESTAMP(),'" . $ban_length . "','website')\n\t\t\t\t\t") or die(mysql_error());
$user_msg = '_BANADDSUCCESS';
log_to_db("Add ban", "playernick: " . $name . " / time: " . $ban_length);
} else {
$inputs = array("name" => $name, "steamid" => $steamid, "ip" => $ip, "reason" => $reason, "reason_custom" => $reason_custom, "length" => $ban_length, "type" => $ban_type);
$smarty->assign("inputs", $inputs);
}
}
//get reasons
$reasons = sql_get_reasons_list();
$smarty->assign("reasons", $reasons);
$banby_output = array("Steamid", "Steamid & IP");
$banby_values = array("S", "SI");
$smarty->assign("banby_output", $banby_output);
$smarty->assign("banby_values", $banby_values);
//Webadmin add
if (isset($_POST["new"])) {
$pw = $_POST["pw"];
if (!validate_value($pw, "name", $error, 4, 31, "PASSWORD")) {
$user_msg[] = $error;
}
$pw2 = sql_safe($_POST["pw2"]);
$level = (int) $_POST["level"];
$input = array("name" => $name, "level" => $level, "email" => $email);
$smarty->assign("input", $input);
//Are passwords the same?
if ($pw !== $pw2) {
$user_msg[] = "_PASSWORDNOTMATCH";
}
if (checkAdmin($name, $email)) {
$user_msg[] = "_WADMINADDEDFAILED";
}
if (!$user_msg) {
//save webadmin to db
$query = mysql_query("INSERT INTO `" . $config->db_prefix . "_webadmins` \n\t\t\t\t\t\t(`username`,`password`,`level`,`email`) \n\t\t\t\t\t\tVALUES \n\t\t\t\t\t\t('" . $name . "','" . md5($pw) . "','" . $level . "','" . $email . "')\n\t\t\t\t\t\t") or $user_msg[] = '_WADMINADDEDFAILED';
#die (mysql_error());
if (!$user_msg) {
$user_msg[] = '_WADMINADDED';
log_to_db("User Level config", "Added user: "******"name"]) . " (level " . $level . ")");
}
}
}
//Webadmins holen
$users = sql_get_webadmins();
$smarty->assign("users", $users);
$smarty->assign("levels", $levels);
if (!$_SESSION["loggedin"]) {
header("Location:index.php");
}
$admin_site = "lg";
$title2 = "_TITLELOGS";
//delete logs
if (isset($_POST["delall"])) {
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_logs`") or die(mysql_error());
$user_msg = "_LOGDELETED";
log_to_db("Logs del", "deleted all logs");
}
if (isset($_POST["delolder"])) {
$days = (int) $_POST["days"];
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_logs` WHERE UNIX_TIMESTAMP(now()) - timestamp > " . $days * 84600) or die(mysql_error());
$user_msg = "_LOGDELETED";
log_to_db("Logs del", "deleted logs older than " . $days . " days");
}
//get all logs
if (isset($_POST["username"]) && $_POST["username"] != "---") {
$username = mysql_real_escape_string($_POST["username"]);
$filter = "`username`='" . $username . "'";
$smarty->assign("username_checked", $username);
}
if (isset($_POST["action"]) && $_POST["action"] != "---") {
$action = mysql_real_escape_string($_POST["action"]);
$filter .= $filter ? " AND " : "";
$filter .= "`action`='" . $action . "'";
$smarty->assign("action_checked", $action);
}
$logs = sql_get_logs($filter);
$smarty->assign("logs", $logs);
if (isset($_POST["pos_up_x"]) || isset($_POST["pos_dn_x"])) {
$pos = (int) $_POST["pos"];
$pos_new = $pos;
if (isset($_POST["pos_up_x"])) {
$pos_new--;
}
if (isset($_POST["pos_dn_x"])) {
$pos_new++;
}
menu_change_pos($mid, $pos, $pos_new);
$user_msg = '_USERMENUPOSSAVED';
}
//save menu
if (isset($_POST["save"])) {
//if position changed, save
//if((int)$_POST["pos"]!==(int)$_POST["pos_new"]) {
if (!isset($_POST["mid"])) {
menu_change_pos($mid, (int) $_POST["pos"], (int) $_POST["pos_new"]);
}
$query = mysql_query("UPDATE `" . $config->db_prefix . "_usermenu` SET \n\t\t\t\t\t`activ`=" . (isset($_POST["activ"]) ? 1 : 0) . ",\n\t\t\t\t\t`url`='" . mysql_real_escape_string($_POST["url"]) . "',\n\t\t\t\t\t`lang_key`='" . mysql_real_escape_string($_POST["lang_key"]) . "',\n\t\t\t\t\t`url2`='" . mysql_real_escape_string($_POST["url2"]) . "',\n\t\t\t\t\t`lang_key2`='" . mysql_real_escape_string($_POST["lang_key2"]) . "'\n\t\t\t\t\tWHERE `id`=" . $mid . " LIMIT 1") or die(mysql_error());
$user_msg = '_USERMENUSAVED';
log_to_db("Usermenu config", "Edited menu: ID " . $mid);
}
//get complete menu
$menu2 = sql_get_usermenu($count);
//activate changes
include "include/menu.inc.php";
$activ_choose = array("no", "yes");
$smarty->assign("activ_choose", $activ_choose);
$smarty->assign("menu_count", $count);
$smarty->assign("menu2", $menu2);
function save_parsed_text($roi_pid, $nothing, $workflow_id)
{
global $user;
$returnjs = "";
if (Workflow_Users::doesWorkflowHaveUserName($workflow_id, $user->name) && Workflow_Permission::doesWorkflowHavePermission($workflow_id, "canTranscribe")) {
$query_string = $_SERVER['QUERY_STRING'];
log_to_db($_SERVER['QUERY_STRING'], 'save_parsed_text QUERY_STRING');
log_to_db($_REQUEST['specimenMetadata'], 'save_parsed_text specimenMetadata');
$specimenMetadata = $_REQUEST['specimenMetadata'];
$file_path = drupal_get_path('module', 'apiary_project') . "/workflow/assets/xml/metadata_template.xml";
$doc = new DOMDocument();
$doc->load($file_path);
$pairs = explode('&', $specimenMetadata);
foreach ($pairs as $pair) {
if (!empty($pair)) {
list($name, $value) = explode("=", $pair, 2);
if ($name != "q") {
$element = $doc->getElementsByTagName($name)->item(0);
$element->nodeValue = urldecode($value);
}
}
}
$roi_obj = new roiHandler($roi_pid);
log_to_db($doc->saveXML(), 'save_parsed_text doc_saveXML');
$success = $roi_obj->setDatastream("specimenMetadata", "Label-Information", "text/xml", $doc->saveXML(), FEDORA_DATABASE_USERNAME . ":" . FEDORA_DATABASE_PASSWORD);
log_to_db($_REQUEST['text'], 'save_parsed_text text');
$success = $roi_obj->setDatastream("Text", "Parsed", "text/plain", $_POST['text'], FEDORA_DATABASE_USERNAME . ":" . FEDORA_DATABASE_PASSWORD);
if ($success) {
$solr_search = new search();
$solr_search->index($roi_pid);
$returnjs .= "\$.jGrowl('Parsed text for ROI [{$roi_pid}] saved successfully.');";
} else {
$returnjs .= "\$.jGrowl('Parsed text for ROI [{$roi_pid}] failed to save.');";
}
} else {
$returnjs .= "\$.jGrowl('Sorry! You do not have permission for this operation');";
}
echo $returnjs;
}
function run_insert($query)
{
$conn = db_mysqli_connect();
if ($conn) {
if ($_GET['debug'] != '' || $_POST['debug'] != '' || $_SESSION['debug'] != '') {
log_to_db($query);
}
$result = $conn->query($query);
if (!$result) {
$trace_data = debug_backtrace();
log_error("Unable to execute query: {$query}\n" . $conn->error, LOG_TO_ALL, "Unable to execute query.", $trace_data['file'] . ':' . $trace_data['function'] . ':' . $trace_data['line']);
} else {
return true;
}
}
}
if (file_exists("include/files/" . $result->demo_file . "_thumb")) {
unlink("include/files/" . $result->demo_file . "_thumb");
}
if (unlink("include/files/" . $result->demo_file)) {
//if file deleted, remove db entry
$query2 = mysql_query("DELETE FROM `" . $config->db_prefix . "_files` WHERE `id`=" . $result->id . " LIMIT 1") or die(mysql_error());
}
}
}
//delete all comments for the ban
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_comments` WHERE `bid`=" . $bid) or die(mysql_error());
//get ban details
$ban_row = sql_get_ban_details($bid);
//delete the ban
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_bans` WHERE `bid`=" . $bid . " LIMIT 1") or die(mysql_error());
log_to_db("Ban edit", "Deleted ban: ID " . $bid . " (<" . sql_safe($ban_row["player_nick"]) . "> <" . sql_safe($ban_row["player_id"]) . ">)");
//redirect to start page
if ($query) {
header("Location:index.php");
exit;
}
}
$smarty->assign("meta", "");
$smarty->assign("title", $title);
$smarty->assign("title2", $title2);
$smarty->assign("version_web", $config->v_web);
// amxbans.css included in the design? if not use it from default
if (file_exists("templates/" . $config->design . "/amxbans.css")) {
$smarty->assign("design", $config->design);
}
$smarty->assign("dir", $config->document_root);
log_to_db("User Level config", "Deleted: level " . $lid);
}
}
//Level save
if (isset($_POST["save"])) {
$query = mysql_query("UPDATE `" . $config->db_prefix . "_levels` SET \n\t\t\t\t`bans_add`='" . mysql_real_escape_string($_POST["bans_add"]) . "',\n\t\t\t\t`bans_edit`='" . mysql_real_escape_string($_POST["bans_edit"]) . "',\n\t\t\t\t`bans_delete`='" . mysql_real_escape_string($_POST["bans_delete"]) . "',\n\t\t\t\t`bans_unban`='" . mysql_real_escape_string($_POST["bans_unban"]) . "',\n\t\t\t\t`bans_import`='" . mysql_real_escape_string($_POST["bans_import"]) . "',\n\t\t\t\t`bans_export`='" . mysql_real_escape_string($_POST["bans_export"]) . "',\n\t\t\t\t`amxadmins_view`='" . mysql_real_escape_string($_POST["amxadmins_view"]) . "',\n\t\t\t\t`amxadmins_edit`='" . mysql_real_escape_string($_POST["amxadmins_edit"]) . "',\n\t\t\t\t`webadmins_view`='" . mysql_real_escape_string($_POST["webadmins_view"]) . "',\n\t\t\t\t`webadmins_edit`='" . mysql_real_escape_string($_POST["webadmins_edit"]) . "',\n\t\t\t\t`websettings_view`='" . mysql_real_escape_string($_POST["websettings_view"]) . "',\n\t\t\t\t`websettings_edit`='" . mysql_real_escape_string($_POST["websettings_edit"]) . "',\n\t\t\t\t`permissions_edit`='" . mysql_real_escape_string($_POST["permissions_edit"]) . "',\n\t\t\t\t`prune_db`='" . mysql_real_escape_string($_POST["prune_db"]) . "',\n\t\t\t\t`servers_edit`='" . mysql_real_escape_string($_POST["servers_edit"]) . "',\n\t\t\t\t`ip_view`='" . mysql_real_escape_string($_POST["ip_view"]) . "' \n\t\t\t\tWHERE `level`=" . $lid . " LIMIT 1") or die(mysql_error());
$user_msg = "_LEVELSAVED";
//logout all users with this level
$query = mysql_query("UPDATE `" . $config->db_prefix . "_webadmins` SET `logcode`='' WHERE `level`=" . $lid) or die(mysql_error());
//same level from current user, logout
if ($_SESSION["level"] == $lid) {
session_destroy();
header("Location: logout.php");
exit;
}
log_to_db("User Level config", "Edited: level " . $lid);
}
//Levels holen
$query = mysql_query("SELECT * FROM `" . $config->db_prefix . "_levels` ORDER BY `level`") or die(mysql_error());
$levels = array();
$level_max = 0;
$choose1 = array("yes", "no");
$output1 = array("_YES", "_NO");
$choose2 = array("yes", "no", "own");
$output2 = array("_YES", "_NO", "_OWN");
while ($result = mysql_fetch_object($query)) {
$level = array("level" => $result->level, "bans_add" => $result->bans_add, "bans_edit" => $result->bans_edit, "bans_delete" => $result->bans_delete, "bans_unban" => $result->bans_unban, "bans_import" => $result->bans_import, "bans_export" => $result->bans_export, "amxadmins_view" => $result->amxadmins_view, "amxadmins_edit" => $result->amxadmins_edit, "webadmins_view" => $result->webadmins_view, "webadmins_edit" => $result->webadmins_edit, "websettings_view" => $result->websettings_view, "websettings_edit" => $result->websettings_edit, "permissions_edit" => $result->permissions_edit, "prune_db" => $result->prune_db, "servers_edit" => $result->servers_edit, "ip_view" => $result->ip_view);
$levels[] = $level;
$level_max++;
}
$smarty->assign("levels", $levels);