function sql($sql) { $sql = str_replace('%%username%%', mysql_real_escape_string(gpc_esc($_POST['username'])), $sql); $sql = str_replace('%%password%%', mysql_real_escape_string(gpc_esc($_POST['password'])), $sql); $empire = gpc_esc($_POST['empire']); $sql = str_replace('%%empirename%%', mysql_real_escape_string($empire), $sql); $sql = str_replace('%%empirenamelen%%', p_strlen($empire), $sql); $board = gpc_esc($_POST['board']); $sql = str_replace('%%boardname%%', mysql_real_escape_string($board), $sql); $sql = str_replace('%%boardnamelen%%', p_strlen($board), $sql); $sql = str_replace('SQL_PREFIX_', SQL_PREFIX_, $sql); FB::log($sql); if (!DEBUG_PLAIN) { $result = mysql_query($sql) or sqlerror($sql); } }
$_SESSION['ccdistance24'] = gpc_esc($_POST['dist24']); $_SESSION['ccdistance34'] = gpc_esc($_POST['dist34']); $coordvalid = true; //Faire des calculs que s'il y a une entrée $Pla4 = $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance14'] != "" && $_SESSION['ccdistance24'] != "" || $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst3'] != "" && $_SESSION['ccdistance14'] != "" && $_SESSION['ccdistance34'] != "" || $_SESSION['coord_syst3'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance34'] != "" && $_SESSION['ccdistance24'] != ""; $dist14 = $_SESSION['ccdistance14']; $dist24 = $_SESSION['ccdistance24']; $dist34 = $_SESSION['ccdistance34']; } if (isset($_POST['sys1']) && isset($_POST['sys2']) && isset($_POST['dist15']) && isset($_POST['dist25']) || isset($_POST['sys1']) && isset($_POST['sys3']) && isset($_POST['dist15']) && isset($_POST['dist35']) || isset($_POST['sys3']) && isset($_POST['sys2']) && isset($_POST['dist35']) && isset($_POST['dist25'])) { $_SESSION['coord_syst1'] = gpc_esc($_POST['sys1']); $_SESSION['coord_syst2'] = gpc_esc($_POST['sys2']); $_SESSION['coord_syst3'] = gpc_esc($_POST['sys3']); $_SESSION['ccdistance15'] = gpc_esc($_POST['dist15']); $_SESSION['ccdistance25'] = gpc_esc($_POST['dist25']); $_SESSION['ccdistance35'] = gpc_esc($_POST['dist35']); $coordvalid = true; //Faire des calculs que s'il y a une entrée $Pla5 = $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance15'] != "" && $_SESSION['ccdistance25'] != "" || $_SESSION['coord_syst1'] != "" && $_SESSION['coord_syst3'] != "" && $_SESSION['ccdistance15'] != "" && $_SESSION['ccdistance35'] != "" || $_SESSION['coord_syst3'] != "" && $_SESSION['coord_syst2'] != "" && $_SESSION['ccdistance35'] != "" && $_SESSION['ccdistance25'] != ""; $dist15 = $_SESSION['ccdistance15']; $dist25 = $_SESSION['ccdistance25']; $dist35 = $_SESSION['ccdistance35']; } $syst1 = $_SESSION['coord_syst1']; $syst2 = $_SESSION['coord_syst2']; $syst3 = $_SESSION['coord_syst3']; require_once TEMPLATE_PATH . 'sample.tpl.php'; $tpl = tpl_sample::getinstance(); $tpl->page_title = 'EU2: Addons triangulation'; $out = <<<form <br />
$carto->boink(ROOT_URL . basename(__FILE__)); } if (isset($_COOKIE['Recherche'])) { foreach ($_COOKIE['Recherche'] as $key => $value) { $Recherche[$key] = stripslashes($value); } } if ($_SERVER['REQUEST_METHOD'] == 'POST' && !isset($_POST['Recherche']['Moi'])) { $_POST['Recherche']['Moi'] = ''; } if (isset($_POST['Recherche']['Troop'])) { $_POST['Recherche']['Troop'] = DataEngine::strip_number($_POST['Recherche']['Troop']); } if (isset($_POST['Recherche'])) { foreach ($_POST['Recherche'] as $key => $value) { $value = gpc_esc($value); if ($value != '') { SetCookie('Recherche[' . $key . ']', $value, time() + 3600 * 24, ROOT_URL); $Recherche[$key] = $value; } else { SetCookie('Recherche[' . $key . ']', '', time() - 10, ROOT_URL); unset($Recherche[$key]); } } } if ($Recherche['Troop'] > 0) { $Recherche['Type'] = '0,3,5'; } $fieldtable = array(); // $fieldtable['Status'] = '`Inactif`=%d '; $fieldtable['Type'] = 'c.`TYPE` IN (%s) ';
/** * @author Alex10336 * Dernière modification: $Id$ * @license GNU Public License 3.0 ( http://www.gnu.org/licenses/gpl-3.0.txt ) * @license Creative Commons 3.0 BY-SA ( http://creativecommons.org/licenses/by-sa/3.0/deed.fr ) * **/ require_once './init.php'; require_once INCLUDE_PATH . 'Script.php'; Members::CheckPermsOrDie('PERSO_TROOPS_BATTLE'); require_once TEMPLATE_PATH . 'troops.tpl.php'; $tpl = tpl_troops::getinstance(); $lng = language::getinstance()->GetLngBlock('pillage'); $_GET['player'] = str_replace('%', '', $_GET['player']); if ($_GET['player'] != '') { $player = gpc_esc($_GET['player']); } else { $player = $_SESSION['_login']; } $sql = sqlesc($player); $sql = <<<sql SELECT ta.`ID`, ta.`type`, ta.`players_attack`, ta.`players_defender`, ta.`players_pertes`, ta.`when`, ta.`coords_ss`, ta.`coords_3p`, tp.`mid`, tp.`Player`, tp.`ress0`, tp.`ress1`, tp.`ress2`, tp.`ress3`, tp.`ress4`, tp.`ress5`, tp.`ress6`, tp.`ress7`, tp.`ress8`, tp.`ress9`, tp.`date` FROM `SQL_PREFIX_troops_attack` ta LEFT JOIN `SQL_PREFIX_troops_pillage` tp on (tp.`mid`=ta.`id`) WHERE `players_attack` LIKE '%"{$sql}"%' OR `players_defender` LIKE '%"{$sql}"%' ORDER BY `when` DESC LIMIT 0,30 sql; $result = DataEngine::sql($sql); $tpl->Setheader(); $tpl->AddToRow($player, 'player'); $tpl->PushRow();
$xml = <<<xml <sql> <msg><![CDATA[%msg%]]></msg> <haserror>%haserror%</haserror> <done>%done%</done> </sql> xml; if (INSTALLED) { require_once INCLUDE_PATH . 'Script.php'; if (!Members::CheckPerms(AXX_ROOTADMIN)) { error('No perms'); } } else { error('Install me first =)'); } $file = gpc_esc($_POST['file']); $sqlfile = ROOT_PATH . 'upgrade' . DIRECTORY_SEPARATOR . $file . '.sql'; $lockfile = ROOT_PATH . 'upgrade' . DIRECTORY_SEPARATOR . $file . '.lock'; if (preg_match('/[^a-zA-Z_0-9]+/', $file) > 0) { error('Tentative d\'injection détecté.'); } if (!file_exists($sqlfile)) { error('Mise à jour corrompue !'); } if (file_exists($lockfile)) { $cur = (int) file_get_contents($lockfile); } else { $cur = 0; } if (DEBUG_PLAIN) { FB::log($cur, '$cur');
$info[$k] = sqlesc($v); } $query = <<<q UPDATE `SQL_PREFIX_Membres` SET `POINTS`=%d, `Economie`=%d, `Commerce`=%d, `Recherche`=%d, `Combat`=%d, `Construction`='%s', `Navigation`=%d, `Race`='%s', `Titre`='%s', `GameGrade`='%s', `pts_architecte`=%d, `pts_mineur`=%d, `pts_science`=%d, `pts_commercant`=%d, `pts_amiral`=%d, `pts_guerrier`=%d WHERE `Joueur`='%s' q; DataEngine::sql(sprintf($query, $info['POINTS'], $info['Economie'], $info['Commerce'], $info['Recherche'], $info['Combat'], $info['Construction'], $info['Navigation'], $info['Race'], $info['Titre'], $info['GameGrade'], $info['pts_architecte'], $info['pts_mineur'], $info['pts_science'], $info['pts_commercant'], $info['pts_amiral'], $info['pts_guerrier'], $_SESSION['_login'])); } } if (isset($_POST['JOUEUR'])) { foreach ($_POST as $k => $v) { $_POST[$k] = gpc_esc($v); } $_POST['Commerce'] = intval($_POST['Commerce']); $_POST['Recherche'] = intval($_POST['Recherche']); $_POST['Combat'] = intval($_POST['Combat']); $_POST['Construction'] = intval($_POST['Construction']); $_POST['Economie'] = intval($_POST['Economie']); $_POST['Navigation'] = intval($_POST['Navigation']); $_POST['Points'] = DataEngine::strip_number($_POST['Points']); $_POST['pts_architecte'] = DataEngine::strip_number($_POST['pts_architecte']); $_POST['pts_mineur'] = DataEngine::strip_number($_POST['pts_mineur']); $_POST['pts_science'] = DataEngine::strip_number($_POST['pts_science']); $_POST['pts_commercant'] = DataEngine::strip_number($_POST['pts_commercant']); $_POST['pts_amiral'] = DataEngine::strip_number($_POST['pts_amiral']); $_POST['pts_guerrier'] = DataEngine::strip_number($_POST['pts_guerrier']); foreach ($_POST as $k => $v) {
$info = $warn = ''; if (isset($_GET['reset']) && $_GET['reset'] == $_SESSION['_permkey']) { DataEngine::sql('DELETE FROM `SQL_PREFIX_ownuniverse` WHERE `UTILISATEUR` = \'' . $_SESSION['_login'] . '\' LIMIT 1'); output::Boink('%ROOT_URL%ownuniverse.php'); } if ($_GET['showuser'] != '' && Members::CheckPerms('PERSO_OWNUNIVERSE_READONLY')) { $player = gpc_esc($_GET['showuser']); $include_form = false; } else { $player = false; $include_form = true; } if (isset($_POST['importation'])) { $cleandata = $ownuniverse->get_universe(false); // initialise les infos (planet) $data = gpc_esc($_POST['importation']); // Partie centre de controle if ($data != "" and strpos($data, $lng['control_center_ident']) !== false) { $cleandata = $ownuniverse->parse_ownuniverse($data); if ($cleandata === false) { $cleandata = $ownuniverse->get_universe(false); } else { list($info, $warn) = $ownuniverse->add_ownuniverse($cleandata); } // Partie affichage planète } elseif ($data != '' and strpos($data, $lng['planet_ident']) !== false) { // $cleandata = $ownuniverse->get_universe(false); if ($cleandata && is_array($cleandata[0])) { $result = $ownuniverse->parse_planet($data); $warn = $lng['planet_error']; foreach ($cleandata as $k => $planet) {
$img->SetColorHexa($textcolor); if ($key == 'eude') { $img->Text($text, 0, 8, $fontsize); } else { $img->CenteredText($text, $fontsize); } //-- Fin partie personalisable. ------------------------------------------------ $img->SaveAs($key . '.png')->Render(); } include_once '../../../../init.php'; include_once INCLUDE_PATH . 'Script.php'; Members::CheckPermsOrDie(AXX_ROOTADMIN); addons::getinstance()->ButtonRegen($listing, $defaultsetting); if (isset($_GET['ident'])) { include CLASS_PATH . 'img.class.php'; do_btn(gpc_esc($_GET['ident'])); } else { include TEMPLATE_PATH . 'sample.tpl.php'; $tpl = tpl_sample::getinstance(); $files = scandir('./'); foreach ($files as $file) { if (p_substr($file, -4) == '.png') { unlink($file); } } foreach ($listing as $key => $dummy) { $tpl->PushOutput('<span class="color_header"> %BTN_URL%' . $key . '.png </span><img src="./gen.php?ident=' . $key . '&' . time() . '"/><br/>'); } $tpl->PushOutput(<<<x <script> window.onload = function() {
unset($wars[$_GET['emp_war_rm']]); DataEngine::conf_update('EmpireEnnemy', $wars); } } if (isset($_POST['emp_allys_add']) && $_POST['emp_allys_add'] != '') { $emp = sqlesc($_POST['emp'], false); if ($emp != '') { $allys = DataEngine::config('EmpireAllys'); if (!in_array(gpc_esc($_POST['emp']), $allys)) { $sql = <<<sql UPDATE `SQL_PREFIX_Coordonnee` LEFT JOIN `SQL_PREFIX_Coordonnee_Joueurs` on id=jid SET `TYPE`=3 WHERE `TYPE` in (0,3,5) AND `EMPIRE` LIKE '{$emp}' sql; $mysql_result = DataEngine::sql($sql); $allys[] = gpc_esc($_POST['emp']); DataEngine::conf_update('EmpireAllys', $allys); } } } if (isset($_GET['emp_allys_rm']) && $_GET['emp_allys_rm'] != '') { $allys = DataEngine::config('EmpireAllys'); $emp = sqlesc($allys[$_GET['emp_allys_rm']], false); if ($emp != '') { $sql = <<<sql UPDATE `SQL_PREFIX_Coordonnee` LEFT JOIN `SQL_PREFIX_Coordonnee_Joueurs` on id=jid SET `TYPE`=0 WHERE `TYPE` in (0,3,5) AND `EMPIRE` LIKE '{$emp}' sql; $mysql_result = DataEngine::sql($sql); unset($allys[$_GET['emp_allys_rm']]);
require_once '../../init.php'; require_once INCLUDE_PATH . 'Script.php'; require_once CLASS_PATH . 'map.class.php'; // requis par ownuniverse require_once CLASS_PATH . 'parser.class.php'; // requis par ownuniverse require_once CLASS_PATH . 'ownuniverse.class.php'; // Check si activé if (!addons::getinstance()->Get_Addons('scanner')->CheckPerms()) { DataEngine::NoPermsAndDie(); } //if (!isset ($_SESSION['scanner_email']) || $_SESSION['scanner_email'] == '') // $_SESSION['scanner_email'] = '*****@*****.**'; if (isset($_POST['email']) && isset($_POST['session'])) { $_SESSION['scanner_email'] = gpc_esc($_POST['email']); $_SESSION['scanner_session'] = gpc_esc($_POST['session']); } $ScannerEnabled = isset($_SESSION['scanner_email']) && isset($_SESSION['scanner_session']) && $_SESSION['scanner_email'] != '' && $_SESSION['scanner_session'] != ''; require_once TEMPLATE_PATH . 'sample.tpl.php'; $tpl = tpl_sample::getinstance(); $tpl->css_file = false; $tpl->page_title = 'EU2: Addons scanner'; $out = <<<form <form name="settings" action="index.php" method="POST"> Votre email: <input type="text" name="email" value="{$_SESSION['scanner_email']}" size="36" /><br/> Votre id session: <input type="text" name="session" value="{$_SESSION['scanner_session']}" size="32" /><br/> <br/> L'id de session ce trouve dans le panneau des préférences: <br/> - "<b>Vie Privée</b>"<br/> - Règles de conservation: "<b>utiliser les paramètres personnalisés pour l'historique</b>"<br/> - Le bouton "<b>Afficher les cookies...</b>" apparait.<br/>
* @license Creative Commons 3.0 BY-SA ( http://creativecommons.org/licenses/by-sa/3.0/deed.fr ) * * */ define('CHECK_LOGIN', false); require_once './init.php'; require_once INCLUDE_PATH . 'Script.php'; if (DataEngine::config_key('config', 'closed')) { output::Boink(); } if (!DataEngine::config_key('config', 'CanRegister')) { Members::NoPermsAndDie(); } $lng = language::getinstance()->GetLngBlock('login'); $erreur = ''; if (isset($_POST['login']) && $_POST['login'] != '' && $_POST['mdp'] != '') { $login = gpc_esc($_POST['login']); $qlogin = sqlesc($_POST['login']); $pass = md5($_POST['mdp']); $query = 'SELECT LOWER(`Login`) as `Login` from `SQL_PREFIX_Users` WHERE LOWER(`Login`)=LOWER(\'' . $qlogin . '\')'; $mysql_result = DataEngine::sql($query); $ligne = mysql_fetch_array($mysql_result); if ($ligne['Login'] == $login) { // joueur existe déjà... $erreur = $lng['user_exists']; } else { if (DE_DEMO) { $axx = AXX_MEMBER; $_SESSION['_login'] = $login; $_SESSION['_pass'] = $pass; $_SESSION['_Perm'] = $axx; $_SESSION['_IP'] = Get_IP();
if (!$carto->FormatId(trim($_POST['COORIN']), $uni, $sys, '')) { $xml['log'] = sprintf($lng['player_err_coords'], $_POST['COORIN']); $carto->AddWarn($xml['log']); } else { $carto->Edit_Entry($_POST['COORIN'], array('water' => $water, 'batiments' => $batiments), $lng['player_edit_msg']); $xml['log'] = sprintf($lng['player_edit_log'], $sys); } break; case 'empire': // -------------------------------------------------------- if (!Members::CheckPerms('EMPIRE_GREASE')) { $carto->AddErreur('Permissions manquante'); break; } $empire_name = gpc_esc(html_entity_decode($_POST['empire'])); $membres = unserialize(gpc_esc($_POST['data'])); $query = 'UPDATE `SQL_PREFIX_Coordonnee_Joueurs` SET `EMPIRE` = \'\' WHERE `EMPIRE` LIKE \'' . sqlesc($empire_name) . '\''; DataEngine::sql($query); // $carto->AddInfo($query); array_walk($membres, 'array_fullsqlesc'); $listemembres = implode(',', $membres); $query = 'UPDATE `SQL_PREFIX_Coordonnee_Joueurs` SET `EMPIRE` = \'' . sqlesc($empire_name) . '\' WHERE `USER` in (' . $listemembres . ')'; DataEngine::sql($query); // $carto->AddInfo($query); $carto->AddInfo('L\'empire ' . $empire_name . ' a été mis à jour'); $xml['log'] = 'L\'empire ' . $empire_name . ' a été mis à jour'; break;