<!-- ISADMIN --> <!-- TEMPLATE --> <div class="contentBox"> <?php $tempid = toSaferValue(@$_GET["id"]); $temppoints = 0; $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "itemnotes WHERE itemid = " . $tempid); while ($row = @mysql_fetch_assoc($result)) { $tempnote = $row["itemnote"]; } @mysql_free_result($result); ?> <div class="outerMargin"> <form name="edititemnote_form" action="?page=scripts/edititemnote" method="post" enctype="multipart/form-data"> <table class="myTable" width="600px"> <colgroup> <col width="200px"> <col width="400px"> </colgroup> <tr> <th colspan="2">Bitte füllen Sie die erforderlichen Daten aus:</th> </tr> <tr> <td>Item-ID:</td> <td><input class="myInput" type="text" name="edititemnote_id" value="<?php echo $tempid; ?> "></td> </tr> <tr class="myTableAlt"> <td>Notiz:</td>
} else { $sortorder = SORT_ASC; } } // TABELLE HEADER $tb_header = new MyTableHeader(); $tb_header->setTitle(array("Itemname", "Sichtbar", "ADMIN")); $tb_header->setCenter(array(false, true, true)); $tb_header->setWidth(array(400, 100, 100)); $tb_header->setSortindex($sortindex); $tb_header->setSortorder($sortorder); $tb_header->setExtrasort(true, 0); // TABELLE DATA $tb_table = new MyTable(); $tb_table->setHeader($tb_header); $tb_table->setTemppage(toSaferValue(@$_GET["page"])); $tb_table->setExtrasort(true, 0); // HIDDEN ITEMS $result = mysql_query("SELECT *FROM " . $databasename . "." . $tableprefix . "hiddenitems"); $counter = 0; $hiddenitems = array(); while ($row = @mysql_fetch_assoc($result)) { $hiddenitems[$counter] = $row["itemid"]; $counter = $counter + 1; } // INVENTAR $result = mysql_query("SELECT *, " . $databasename . "." . $tableprefix . "guildbank.itemid AS use_itemid FROM " . $databasename . "." . $tableprefix . "guildbank LEFT JOIN " . $databasename . "." . $tableprefix . "itempoints ON " . $databasename . "." . $tableprefix . "guildbank.itemid = " . $databasename . "." . $tableprefix . "itempoints.itemid UNION SELECT *, " . $databasename . "." . $tableprefix . "itempoints.itemid AS use_itemid FROM " . $databasename . "." . $tableprefix . "guildbank RIGHT JOIN " . $databasename . "." . $tableprefix . "itempoints ON " . $databasename . "." . $tableprefix . "guildbank.itemid = " . $databasename . "." . $tableprefix . "itempoints.itemid WHERE " . $databasename . "." . $tableprefix . "guildbank.itemid IS NULL"); $counter = 0; $inventar = array(); while ($row = @mysql_fetch_assoc($result)) { $foundinv = false;
<!-- ISADMIN --> <!-- TEMPLATE --> <div class="contentBox"> <?php if (toSaferValue(@$_GET["applied"]) != "yes") { echo "<h1>Sind sie sich wirklich sicher?</h1><br>Hierdurch werden vergangene Gildenbank-Einträge gelöscht und die Punkte zusammengefasst.<br>Dies spart Speicherplatz und hilft dabei, die Datenbank schnell zu halten."; echo "<br><br><a href=\"?page=scripts/cleanupdb&applied=yes\">JA, ICH BIN MIR SICHER!</a>"; } else { mysql_query("TRUNCATE " . $databasename . "." . $tableprefix . "parsinghistory"); mysql_query("INSERT INTO " . $databasename . "." . $tableprefix . "parsinghistory (timestamp) VALUES (NOW())"); mysql_query("TRUNCATE " . $databasename . "." . $tableprefix . "gbphistory"); $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "member ORDER BY gbp DESC"); while ($row = @mysql_fetch_assoc($result)) { if ($row["gbp"] != 0) { if ($row["gbp"] > 0) { mysql_query("INSERT INTO " . $databasename . "." . $tableprefix . "gbphistory (type, name, points, info, timestamp) VALUES (1, '" . $row["name"] . "', " . $row["gbp"] . ", 'Datenbank-Bereinigung', NOW())"); } else { mysql_query("INSERT INTO " . $databasename . "." . $tableprefix . "gbphistory (type, name, points, info, timestamp) VALUES (-1, '" . $row["name"] . "', " . -$row["gbp"] . ", 'Datenbank-Bereinigung', NOW())"); } } } @mysql_free_result($result); echo "Bereinigung ausgeführt!"; } ?> </div>
$sortorder = SORT_DESC; } else { $sortorder = SORT_ASC; } } // TABELLE HEADER $tb_header = new MyTableHeader(); $tb_header->setTitle(array("Zeit", "Name", "Typ", "Punkte", "Bemerkung", "ADMIN")); $tb_header->setCenter(array(false, false, false, true, false)); $tb_header->setWidth(array(150, 150, 100, 100, 300, 100)); $tb_header->setSortindex($sortindex); $tb_header->setSortorder($sortorder); // TABELLE DATA $tb_table = new MyTable(); $tb_table->setHeader($tb_header); $tb_table->setTemppage(toSaferValue(@$_GET["page"]) . "&name=" . toSaferValue(@$_GET["name"])); // HISTORY if ($name == "") { $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "gbphistory ORDER BY timestamp DESC LIMIT 50"); } else { $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "gbphistory WHERE name = '" . $name . "' ORDER BY timestamp DESC"); } $types = array(); $types[1] = "<img src=\"./images/list_add.png\" alt=\"Einlagern\" title=\"Einlagern\"> Einlagern"; $types[-1] = "<img src=\"./images/list_remove.png\" alt=\"Auslagern\" title=\"Auslagern\"> Auslagern"; while ($row = @mysql_fetch_assoc($result)) { $tb_table->addRow(array($row["timestamp"], $row["name"], $row["type"], $row["points"], $row["info"], "[link]")); $tb_table->addHtmlrow(array(mysqlDate($row["timestamp"]), "<a href=\"?page=gbphistoryadmin&name=" . $row["name"] . "\">" . $row["name"] . "</a>", $types[$row["type"]], $row["points"], $row["info"], "<a href=\"index.php?page=editgbpentry&id=" . $row["historyid"] . "\">ändern</a>")); } @mysql_free_result($result); // TABELLE SORT AND PRINT
<!-- ISADMIN --> <!-- TEMPLATE --> <div class="contentBox"> <?php $found = false; $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "itemnotes"); while ($row = @mysql_fetch_assoc($result)) { if (toSaferValue(@$_POST["additemnote_id"]) == $row["itemid"]) { $found = true; break; } } @mysql_free_result($result); if ($found) { mysql_query("UPDATE " . $databasename . "." . $tableprefix . "itemnotes SET itemnote = '" . toSaferValue(@$_POST["additemnote_note"]) . "' WHERE itemid = " . toSaferValue(@$_POST["additemnote_id"])); postErrOK(1, 600, "Der Eintrag wurde erfolgreich gespeichert!"); } else { mysql_query("INSERT INTO " . $databasename . "." . $tableprefix . "itemnotes (itemid, itemnote) VALUES (" . toSaferValue(@$_POST["additemnote_id"]) . ", '" . toSaferValue(@$_POST["additemnote_note"]) . "')"); postErrOK(1, 600, "Der Eintrag wurde erfolgreich gespeichert!"); } postRedirect(3, "index.php?page=itemnotes&filter=&sortindex=0&sortorder=asc"); ?> </div>
<!-- ISADMIN --> <!-- TEMPLATE --> <div class="contentBox"> <?php $found = false; $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "itempoints"); while ($row = @mysql_fetch_assoc($result)) { if (toSaferValue(@$_POST["additempoints_id"]) == $row["itemid"]) { $found = true; break; } } @mysql_free_result($result); if ($found) { mysql_query("UPDATE " . $databasename . "." . $tableprefix . "itempoints SET points = " . toSaferValue(@$_POST["additempoints_points"]) . " WHERE itemid = " . toSaferValue(@$_POST["additempoints_id"])); postErrOK(1, 600, "Der Eintrag wurde erfolgreich gespeichert!"); } else { mysql_query("INSERT INTO " . $databasename . "." . $tableprefix . "itempoints (itemid, points) VALUES (" . toSaferValue(@$_POST["additempoints_id"]) . ", " . toSaferValue(@$_POST["additempoints_points"]) . ")"); postErrOK(1, 600, "Der Eintrag wurde erfolgreich gespeichert!"); } postRedirect(3, "index.php?page=itempoints&filter=&sortindex=0&sortorder=asc"); ?> </div>
<!-- ISADMIN --> <!-- TEMPLATE --> <div class="contentBox"> <?php $found = false; $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "hiddenitems"); while ($row = @mysql_fetch_assoc($result)) { if (toSaferValue(@$_GET["id"]) == $row["itemid"]) { $found = true; break; } } @mysql_free_result($result); if ($found) { mysql_query("DELETE FROM " . $databasename . "." . $tableprefix . "hiddenitems WHERE itemid = " . toSaferValue(@$_GET["id"])); postErrOK(1, 600, "Der Eintrag wurde erfolgreich gespeichert!"); } else { mysql_query("INSERT INTO " . $databasename . "." . $tableprefix . "hiddenitems (itemid) VALUES (" . toSaferValue(@$_GET["id"]) . ")"); postErrOK(1, 600, "Der Eintrag wurde erfolgreich gespeichert!"); } postRedirect(3, "index.php?page=itemvisibility&filter=&sortindex=0&sortorder=asc"); ?> </div>
** Primaerer Skript-Ablauf wird hier geregelt. Es sollten keine Aenderungen mehr ** ** vorgenommen werden. Nachtraegliche Skripte koennen jedoch noch eingebunden ** ** werden. ** ** ** ***************************************************************************************/ // Lade Konfigurationen, Datenbank-Funktionen und allgemeine Funktionen include "./config.php"; include "./sql.php"; include "./classes.php"; include "./functions.php"; // Starten der PHP-Session, falls nicht bereits geschehen @session_start(); // Stelle Verbindung zur Datenbank her connect_DB(); // Informationen zum angeforderten Template global $page; $page = toSaferValue(@$_GET["page"]); $page = str_replace("..", "", $page); if (!file_exists("./temp/" . $page . ".php")) { $page = "home"; } // Ueberpruefe auf erfolgreiche Installation $page = checkDatabase($page); // Ueberpruefen der Templates auf Berechtigungen $page = checkPermission($page); // Einbinden von Header, Content und Footer include "./temp/head.php"; include "./temp/" . $page . ".php"; include "./temp/footer.php"; // Schliesse Verbindung zur Datenbank close_DB();
<!-- TEMPLATE --> <div class="contentBox"> <?php $type = 1; if (toSaferValue(@$_POST["addgbpentry_type"]) == "Auslagern") { $type = -1; } $found = false; $result = mysql_query("SELECT * FROM " . $databasename . "." . $tableprefix . "member"); while ($row = @mysql_fetch_assoc($result)) { if (toSaferValue(@$_POST["addgbpentry_name"]) == $row["name"]) { $found = true; break; } } @mysql_free_result($result); if ($found) { mysql_query("INSERT INTO " . $databasename . "." . $tableprefix . "gbphistory (type, name, points, info, timestamp) VALUES (" . $type . ", '" . toSaferValue(@$_POST["addgbpentry_name"]) . "', " . toSaferValue(@$_POST["addgbpentry_points"]) . ", '" . toSaferValue(@$_POST["addgbpentry_info"]) . "', NOW())"); if ($type == 1) { mysql_query("UPDATE " . $databasename . "." . $tableprefix . "member SET gbp = gbp + " . toSaferValue(@$_POST["addgbpentry_points"]) . " WHERE name = '" . toSaferValue(@$_POST["addgbpentry_name"]) . "'"); } else { mysql_query("UPDATE " . $databasename . "." . $tableprefix . "member SET gbp = gbp - " . toSaferValue(@$_POST["addgbpentry_points"]) . " WHERE name = '" . toSaferValue(@$_POST["addgbpentry_name"]) . "'"); } postErrOK(1, 600, "Der Eintrag wurde erfolgreich gespeichert!"); } else { postErrOK(0, 600, "Dieses Mitglied ist nicht in der Datenbank eingetragen!"); } postRedirect(3, "index.php?page=addgbpentry"); ?> </div>
<!-- ISADMIN --> <!-- TEMPLATE --> <div class="contentBox"> <?php if (!file_exists("./" . toSaferValue(@$_POST["parselua_file"]))) { postErrOK(0, 600, "Es trat ein Fehler auf!"); postRedirect(3, "index.php?page=parselua"); } else { mysql_query("TRUNCATE TABLE " . $databasename . "." . $tableprefix . "member"); echo "<div class=\"simpleBoxOutline\" style=\"width: 600px; text-align: left\">\n"; echo "<b>Beginne Parsing...</b>\n"; $parsefile = fopen("./" . toSaferValue(@$_POST["parselua_file"]), "r"); $hereweare = 0; $bankcount = 0; $tobank = ""; $matches = NULL; while (!feof($parsefile)) { $line = fgets($parsefile); $line = trim($line); if (substr($line, 0, 16) == "gbm_guildmembers") { $hereweare = 1; } if (substr($line, 0, 11) == "gbm_excepts") { $hereweare = 2; } if (substr($line, 0, 8) == "gbm_bank") { $hereweare = 3; } $newbank = false; if (preg_match("@\\[\"[A-Za-zÄÖÜäöüß]*\"\\]@", $line, $matches) == 1) { $hereweare = 3;
function userLogin() { global $inventory_passwd; if (toSaferValue(@$_POST["userlogin_passwd"]) != $inventory_passwd) { postErrOK(0, 600, "Es trat ein Fehler auf!"); postRedirect(3, "index.php?page=home"); } else { $_SESSION["gbm_invpasswd"] = $inventory_passwd; postErrOK(1, 600, "Sie haben sich erfolgreich angemeldet!"); postRedirect(3, "index.php?page=guildbank&filter=&sortindex=1&sortorder=asc"); } }