function shoutbox_add() { global $db; if (isset($_GET['ajax'])) { $db->setMode(0); ob_end_clean(); ajax_convert_array($_POST); } $last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="shoutbox" AND (IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\' OR (userID != 0 AND userID = ' . @(int) $_SESSION['userID'] . '))'); if (!@$_SESSION['userID'] and $_POST['shout_username'] == '' and $_POST['shout_captcha'] == '' and $_POST['shoutbox_msgbox'] == '') { if (isset($_GET['ajax'])) { echo html_ajax_convert(NOT_NEED_ALL_INPUTS); } else { table(ERROR, NOT_NEED_ALL_INPUTS); } } elseif (!@$_SESSION['userID'] and strtolower($_POST['shout_captcha']) != strtolower($_SESSION['captcha_mini'])) { if (isset($_GET['ajax'])) { echo html_ajax_convert(CAPTCHA_WRONG); } else { table(ERROR, CAPTCHA_WRONG); } } elseif (@$_SESSION['userID'] and $_POST['shoutbox_msgbox'] == '') { if (isset($_GET['ajax'])) { echo html_ajax_convert(NOT_NEED_ALL_INPUTS); } else { table(ERROR, NOT_NEED_ALL_INPUTS); } } elseif ($last > time() - SPAM_SHOUTBOX or @(int) $_COOKIE['shoutbox'] > time() - SPAM_SHOUTBOX) { $last > time() - SPAM_SHOUTBOX ? $zeit = SPAM_SHOUTBOX + $last - time() : ($zeit = SPAM_SHOUTBOX + $_COOKIE['shoutbox'] - time()); if (isset($_GET['ajax'])) { echo html_ajax_convert(str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG)); } else { table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG)); } } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `userID`, `author`, `beitrag`, `datum`, `IP`) VALUES (\'shoutbox\', %d, \'%s\', \'%s\', %d, \'%s\')', @$_SESSION['userID'], strsave(htmlspecialchars(@$_POST['shout_username'])), strsave(htmlspecialchars(substr($_POST['shoutbox_msgbox'], 0, SHOUTBOX_MAX_CHARS))), time(), strsave($_SERVER['REMOTE_ADDR'])); if ($db->query($sql)) { setcookie('shoutbox', time(), time() + 365 * 86400); if (isset($_GET['ajax'])) { echo 'ok'; } else { if ($_SERVER['HTTP_REFERER'] != '') { header('Location: ' . $_SERVER['HTTP_REFERER'] . '#com_' . $db->last_id()); } else { header1('?section=news#com_' . $db->last_id()); } } } } if (isset($_GET['ajax'])) { die; } }
function admin_user_edit($id) { global $db; if (isset($_POST['submit'])) { if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $id) or $_POST['username'] == '') { $_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $id); table(ERROR, ACCOUNT_ALLREADY_EXIST); } if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $id) or !check_email($_POST['email'])) { $_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $id); if (!check_email($_POST['email'])) { table(ERROR, WRONG_EMAIL); } else { table(ERROR, EMAIL_ALLREADY_EXIST); } } $geburtstag = explode('.', $_POST['birthday']); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET username = \'%s\',email = \'%s\',country = \'%s\', sex = \'%s\',signatur = \'%s\',realname = \'%s\', geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\', msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\', clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\', clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\', ram = \'%s\',gkarte = \'%s\',skarte = \'%s\', monitor = \'%s\',maus = \'%s\',tastatur = \'%s\', mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\', headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\' WHERE ID = ' . $id, strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim']))); if ($db->query($sql) and $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = ' . (int) $_POST['comments'] . ', money = ' . (double) $_POST['money'] . ' WHERE userID = ' . $id)) { header1('?section=admin&site=user'); } } else { $tpl = new smarty(); $row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`, `clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`, `internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, money, comments FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (userID = ID) WHERE ID = ' . $id); $row['birthday'] = date('d.m.Y', strtotime($row['geburtstag'])); foreach ($row as $key => $value) { $tpl->assign($key, $value); } ob_start(); $tpl->assign('countries', form_country($row['country'])); $tpl->display(DESIGN . '/tpl/admin/user_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(ACCOUNT_EDIT, $content, '', 1); } }
function admin_smilies_add() { global $db; if (!isset($_SESSION['rights']['admin']['smilies']['add']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if (@$_FILES['smilie']['tmp_name'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/smilies.html'); $content = ob_get_contents(); ob_end_clean(); main_content(SMILIES, $content, '', 1); get_smilies(); } elseif ($_FILES['smilie']['type'] != 'image/jpg' and $_FILES['smilie']['type'] != 'image/gif' and $_FILES['smilie']['type'] != 'image/png' and $_FILES['smilie']['type'] != 'image/jpeg') { table(ERROR, WRONG_FILE_TYPE); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/smilies.html'); $content = ob_get_contents(); ob_end_clean(); main_content(SMILIES, $content, '', 1); get_smilies(); } else { ajax_convert_array($_POST); ajax_convert_array($_FILES); if (move_uploaded_file($_FILES['smilie']['tmp_name'], 'images/smilies/' . str_replace(' ', '_', $_FILES['smilie']['name']))) { umask(0); chmod('images/smilies/' . str_replace(' ', '_', $_FILES['smilie']['name']), CHMOD); $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_smilies (`bedeutung`, `filename`) VALUES (\'%s\', \'%s\')', strsave($_POST['bedeutung']), strsave(str_replace(' ', '_', $_FILES['smilie']['name']))); if ($db->query($sql)) { header1('?section=admin&site=smilies'); } } } } }
function admin_ranks_add() { global $db; if (!isset($_SESSION['rights']['admin']['ranks']['add']) and !isset($_SESSION['rights']['superadmin'])) { echo NO_ADMIN_RIGHTS; } else { if (@$_FILES['rank']['tmp_name'] == '' or $_POST['rankname'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/ranks.html'); $content = ob_get_contents(); ob_end_clean(); main_content(RANGS, $content, '', 1); get_ranks(); } elseif ($_FILES['rank']['type'] != 'image/jpg' and $_FILES['rank']['type'] != 'image/gif' and $_FILES['rank']['type'] != 'image/png' and $_FILES['rank']['type'] != 'image/jpeg') { table(ERROR, WRONG_FILE_TYPE); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/ranks.html'); $content = ob_get_contents(); ob_end_clean(); main_content(RANGS, $content, '', 1); get_ranks(); } else { if (move_uploaded_file($_FILES['rank']['tmp_name'], 'images/ranks/' . str_replace(' ', '_', $_FILES['rank']['name']))) { umask(0); chmod('images/ranks/' . str_replace(' ', '_', $_FILES['rank']['name']), CHMOD); $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_ranks (`rankname`, `iconname`, abposts, fest, money) VALUES (\'%s\', \'%s\', %d, %d, %f)', strsave($_POST['rankname']), strsave(str_replace(' ', '_', $_FILES['rank']['name'])), (int) @$_POST['abposts'], (int) @$_POST['fest'], (double) str_replace(',', '.', @$_POST['money'])); if ($db->query($sql)) { header1('?section=admin&site=ranks'); } } } } }
function clanwars_next_part($id, $mode) { global $db; if ($db->result(DB_PRE . 'ecp_wars_teilnehmer', 'COUNT(userID)', 'userID = ' . $_SESSION['userID'] . ' AND warID = ' . $id)) { if ($db->query('UPDATE ' . DB_PRE . 'ecp_wars_teilnehmer SET status = ' . $mode . ', meldedatum = ' . time() . ' WHERE warID = ' . $id . ' AND userID = ' . $_SESSION['userID'])) { header1('?section=clanwars&action=nextwar&id=' . $id); } } else { table(ERROR, NO_ACCESS_RIGHTS); } }
$error = 'Es wurde keine Datei hochgeladen.'; } } else { $error = NO_ADMIN_RIGHTS; } if (UPLOAD_METHOD == 'Flash') { if (isset($error)) { echo html_ajax_convert(json_encode(array('result' => 'failed', 'error' => $error))); } else { echo html_ajax_convert(json_encode(array('result' => 'success', 'size' => str_replace('{datei}', $_FILES['Filedata']['name'], UPLOAD_SUCCESS)))); } } else { if (isset($error)) { echo $error . '<br /><a href="index.php?section=admin&site=gallery&func=viewgallery&id=' . (int) $_GET['id'] . '">Back to Page</a>'; } else { header1('index.php?section=admin&site=gallery&func=viewgallery&id=' . (int) $_GET['id']); } } break; case 'gallery_set_text': if (@$_SESSION['rights']['admin']['gallery']['edit'] or @$_SESSION['rights']['superadmin']) { if ($db->query('UPDATE ' . DB_PRE . 'ecp_gallery_images SET beschreibung = \'' . strsave($_POST['msg']) . '\' WHERE imageID = ' . (int) $_GET['pid'])) { echo 'ok'; } } else { echo html_ajax_convert(NO_ADMIN_RIGHTS); } break; case 'del_gallery_pic': if (@$_SESSION['rights']['admin']['gallery']['edit'] or @$_SESSION['rights']['superadmin']) { $data = $db->fetch_assoc('SELECT imageID, filename, gID, folder FROM ' . DB_PRE . 'ecp_gallery_images LEFT JOIN ' . DB_PRE . 'ecp_gallery ON gID= galleryID WHERE imageID= ' . (int) $_GET['id']);
<?php $config = readconfig(); header1(); foreach ($config as $code => $data) { area($code, $data["x"], $data["y"], $data["dx"], $data["dy"]); } header2(); foreach ($config as $code => $data) { showlink($code, $data["name"], $data["location"], $data["url"]); } header3(); function header1() { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>New South Wales Trails Map</title> <style type="text/css"> body { padding: 0; margin: 0; } #map ul { padding: 0; margin: 0; } #map { margin:0;
$row = $db->fetch_assoc('SELECT installed, ende, status FROM ' . DB_PRE . 'ecp_stats LEFT JOIN ' . DB_PRE . 'ecp_lotto_runden as a ON (zahl1 = 0) LEFT JOIN ' . DB_PRE . 'ecp_user ON (ID = ' . (int) @$_SESSION['userID'] . ') ORDER BY a.ende DESC LIMIT 1'); if (isset($_SESSION['userID']) and $row['status'] == 2) { setcookie('userID', '', time() - 60000, '/'); setcookie('passwort', '', time() - 60000, '/'); session_destroy(); $ban = $db->fetch_assoc('SELECT username, vonID, grund, bantime, endbantime FROM ' . DB_PRE . 'ecp_user_bans LEFT JOIN ' . DB_PRE . 'ecp_user ON (ID = vonID) WHERE userID = ' . $_SESSION['userID']); $search = array('{bantime}', '{banuser}', '{endbantime}'); $repalce = array(date(LONG_DATE, $ban['bantime']), '<a href="?section=user&id=' . $ban['vonID'] . '">' . $ban['username'] . '</a>', date(LONG_DATE, $ban['endbantime'])); $bantxt = str_replace($search, $repalce, BANNED); echo $bantxt . $ban['grund']; die; } elseif (isset($_SESSION['userID']) and $row['status'] == null) { setcookie('userID', '', time() - 60000, '/'); setcookie('passwort', '', time() - 60000, '/'); session_destroy(); header1(''); } $installed = $row['installed']; if ($row['ende'] != null and $row['ende'] < time()) { lotto_runde_ende(); lotto_runde_start(); } // //------------------------------ User Online updaten START ---------------------------------------------// $db->query('DELETE FROM ' . DB_PRE . 'ecp_online WHERE betretten < ' . (time() - ONLINE_RELOAD)); //Alte Einträge löschen if (isset($_SESSION['userID'])) { if ($db->result(DB_PRE . 'ecp_online', 'COUNT(uID)', 'uID = \'' . $_SESSION['userID'] . '\' OR SID = \'' . session_id() . '\'')) { $db->query('UPDATE ' . DB_PRE . 'ecp_online SET lastklick = ' . time() . ', forum = ' . (@$_GET['section'] == 'forum' ? 1 : 0) . ', fboardID = ' . @(int) $_GET['boardID'] . ', fthreadID = ' . @(int) $_GET['threadID'] . ', SIDDATA = \'' . strsave(serialize($_SESSION)) . '\' WHERE uID =' . $_SESSION['userID'] . ' OR SID = \'' . session_id() . '\' LIMIT 1'); $eingetragen = true; } else {
function admin_clanwars_editnext($id) { if (@$_SESSION['rights']['admin']['clanwars']['edit_next'] or @$_SESSION['rights']['superadmin']) { global $db; if (isset($_POST['datum'])) { if (!$_POST['oppID']) { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_opp (`oppname`, `oppshort`, `homepage`, `country`) VALUES (\'%s\', \'%s\',\'%s\',\'%s\')', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country'])); } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET `oppname` = \'%s\', `oppshort` = \'%s\', `homepage` = \'%s\', `country` = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave(check_url($_POST['homepage'])), strsave($_POST['country']), @$_POST['oppID']); } if ($db->query($sql)) { !$_POST['oppID'] ? $oppid = $db->last_id() : ($oppid = (int) $_POST['oppID']); $lang = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'cription_')) { $lang[substr($key, strpos($key, '_') + 1)] = $value; } } $players = array(); foreach ($_POST['players'] as $value) { $value = trim($value); if (strpos($value, 'team_') !== false) { $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_members WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1)); while ($row = $db->fetch_assoc()) { if (!in_array($row['userID'], $players)) { $players[] = $row['userID']; } } } elseif (strpos($value, 'member_') !== false) { $ids = substr($value, strpos($value, '_') + 1); if (!in_array($ids, $players)) { $players[] = $ids; } } } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars SET `tID` = %d, `mID` = %d, `gID` = %d, `datum` = %d, `xonx` = \'%s\', hinweise = \'%s\', `oID` = %d, `matchlink` = \'%s\', `resultbylocations` = %d, `server` = \'%s\', `livestream` = \'%s\', `pw` = \'%s\', `meldefrist` = %d WHERE warID = %d', (int) $_POST['teamID'], (int) $_POST['matchtypeID'], (int) $_POST['gameID'], strtotime($_POST['datum']), (int) $_POST['xonx1'] . 'on' . (int) $_POST['xonx2'], strsave(json_encode($lang)), $oppid, strsave(check_url($_POST['matchlink'])), (int) @$_POST['winbymaps'], strsave($_POST['server']), strsave($_POST['livestream']), strsave($_POST['pw']), strtotime($_POST['meldefrist']), $id); if ($db->query($sql)) { //$db->query('DELETE FROM '.DB_PRE.'ecp_wars_teilnehmer WHERE warID = '.$id); $aktive = array(); $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id); while ($row = $db->fetch_assoc()) { $aktive[$row['userID']] = true; } $db->query('SELECT scoreID FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC'); $ids = array(); while ($row = $db->fetch_assoc()) { $ids[] = $row['scoreID']; } $own = 0; $opp = 0; foreach ($_POST as $key => $value) { if (strpos($key, 'map_') !== false) { @$i++; if ((int) @$_POST['winbymaps']) { if ((int) $_POST['score_' . $i . '_own'] > (int) $_POST['score_' . $i . '_opp']) { $own++; } elseif ((int) $_POST['score_' . $i . '_own'] < (int) $_POST['score_' . $i . '_opp']) { $opp++; } else { $opp++; $own++; } } else { $own += (int) $_POST['score_' . $i . '_own']; $opp += (int) $_POST['score_' . $i . '_opp']; } if (isset($ids[$i - 1])) { $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_scores SET `lID` = %d, `ownscore` = %d, `oppscore` = %d WHERE scoreID = %d', (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'], $ids[$i - 1])); } else { $db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_scores (`wID`, `lID`, `ownscore`, `oppscore`) VALUES (%d, %d, %d, %d)', $id, (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'])); } } } if (count($players)) { $text = $db->fetch_assoc('SELECT `content`, `content2` FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEXT_WAR_MSG" AND lang = "' . DEFAULT_LANG . '"'); if ($_POST['messagemode'] == 1) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1); } else { $aktive[(int) $value] = false; } } } elseif ($_POST['messagemode'] == 2) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1); } else { $aktive[(int) $value] = false; } } } elseif ($_POST['messagemode'] == 3) { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1); send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1); } else { $aktive[(int) $value] = false; } } } else { foreach ($players as $value) { if (!isset($aktive[(int) $value])) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')'); } else { $aktive[(int) $value] = false; } } } } foreach ($aktive as $key => $value) { if ($value == true) { $db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $key . ' AND warID = ' . $id); } } header1('?section=admin&site=clanwars'); } } } else { $data = $db->fetch_assoc('SELECT `tID`, `mID`, `gID`, `datum`, `xonx`, `hinweise`, `server`, `pw`, meldefrist, livestream, `oID`, `matchlink`, `resultbylocations`, `oppname`, `oppshort`, `homepage`, `country` FROM ' . DB_PRE . 'ecp_wars LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON (oppID = oID) WHERE warID = ' . $id); $tpl = new smarty(); foreach ($data as $key => $value) { $tpl->assign($key, $value); } $tpl->assign('opps', get_opps($data['oID'])); $tpl->assign('countries', form_country($data['country'])); $tpl->assign('games', get_games_form($data['gID'])); $tpl->assign('teams', get_teams_form($data['tID'])); $tpl->assign('matchtype', get_matchtype_form($data['mID'])); $tpl->assign('lang', get_languages(json_decode($data['hinweise'], true))); $tpl->assign('func', 'editnext&id=' . $id); $tpl->assign('datum', date('Y-m-d H:i:s', $data['datum'])); $tpl->assign('meldefrist', date('Y-m-d H:i:s', $data['meldefrist'])); $xonx = explode('on', $data['xonx']); $tpl->assign('xonx1', $xonx[0]); $tpl->assign('xonx2', $xonx[1]); $result = $db->query('SELECT `scoreID`, `lID`, `ownscore`, `oppscore` FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC'); $maps = array(); while ($row = mysql_fetch_assoc($result)) { $row['i'] = @++$i; $db->query('SELECT locationID, locationname FROM ' . DB_PRE . 'ecp_wars_locations WHERE gID = ' . $data['gID']); while ($subrow = $db->fetch_assoc()) { $subrow['locationID'] == $row['lID'] ? $sub = 'selected="selected"' : ($sub = ''); @($row['maps'] .= '<option ' . $sub . ' value="' . $subrow['locationID'] . '">' . htmlspecialchars($subrow['locationname']) . '</option>'); } $maps[] = $row; } $tpl->assign('maps', $maps); $db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id); $players = array(); while ($row = $db->fetch_assoc()) { $players[] = $row['userID']; } $tpl->assign('members', get_cw_members($players)); ob_start(); $tpl->display(DESIGN . '/tpl/admin/clanwars_next.html'); $content = ob_get_contents(); ob_end_clean(); main_content(CLANWARS_EDIT, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
ob_start(); @(include "../includes/dbConf.php"); @(require_once '../phpmailer/class.phpmailer.php'); @conn(); $year = $_GET['yrAnn']; $patna = $_GET['id']; $from = $_GET['from']; $to = $_GET['to']; $duration = $_GET['category']; $biAnn = $_GET['biAnn']; $quarter = $_GET['quarter']; $dev = $_GET['dev']; $month = $_GET['month']; generateGraph($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to); $html = header1($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to) . headings($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to) . pdfContent($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to) . ' </table> <table width="100%" border="1"> <tr> <td> <center>Graphical Summary</center> </td> </tr> <tr> <td><img style="vertical-align: top;" src="mpdf.png"/></td> </tr> </table> '; function generateGraph($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to) {
function account_last_visit() { global $db; if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET laststart = ' . time() . ' WHERE ID = ' . $_SESSION['userID'])) { header1('?section=account'); } }
function forum_mark_all() { global $db; $_SESSION['lastforum']['time'] = time(); if (isset($_SESSION['userID'])) { $db->query('UPDATE ' . DB_PRE . 'ecp_user SET lastforum = ' . time() . ' WHERE ID = ' . $_SESSION['userID']); } if (isset($_SERVER['HTTP_REFERER'])) { header('Location: ' . $_SERVER['HTTP_REFERER']); } else { header1('?section=forum'); } }
foreach ($_POST as $key => $value) { if (strpos($key, 'ziehung_') !== false) { $minute = (int) $_POST['minute_' . $nr]; if ($minute < 10 and strlen($minute) == 1) { $minute = '0' . $minute; } $db->query('INSERT INTO ' . DB_PRE . 'ecp_lotto_zeiten VALUES (' . (int) $value . ', \'' . (int) $_POST['stunde_' . $nr] . ':' . $minute . '\')'); $nr++; } } if ($config['lottoon'] == 1 and $_POST['lottoon'] == 0) { lotto_runde_ende(); } elseif ($config['lottoon'] == 0 and $_POST['lottoon'] == 1) { lotto_runde_start(); } header1('?section=admin&site=lotto&success=1'); } } } else { $tpl = new smarty(); foreach ($config as $key => $value) { $tpl->assign($key, $value); } $tage = array(); $db->query('SELECT wochentag, uhrzeit FROM ' . DB_PRE . 'ecp_lotto_zeiten'); $ziehungen = $db->num_rows(); if ($ziehungen) { while ($row = $db->fetch_assoc()) { $row['uhrzeit'] = explode(':', $row['uhrzeit']); $tage[] = $row; }
function admin_database() { global $db; if (@$_SESSION['rights']['admin']['database']['backup'] or @$_SESSION['rights']['superadmin']) { if (isset($_POST['submit'])) { if (isset($_POST['backup_aktiv'])) { if (!check_email($_POST['backup_email'])) { table(ERROR, WRONG_EMAIL); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/database_backup.html'); $content = ob_get_contents(); ob_end_clean(); main_content(DATABASE_BACKUP, $content, '', 1); } else { switch ($_POST['backup_cycle']) { case 'day': $cycle = 'day'; break; case 'week': $cycle = 'week'; break; case 'month': $cycle = 'month'; break; default: $cycle = 'week'; } if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 1, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) { header1('?section=admin&site=database'); } } } else { switch ($_POST['backup_cycle']) { case 'day': $cycle = 'day'; break; case 'week': $cycle = 'week'; break; case 'month': $cycle = 'month'; break; default: $cycle = 'week'; } if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 0, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) { header1('?section=admin&site=database'); } } } else { $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/database_backup.html'); $content = ob_get_contents(); ob_end_clean(); main_content(DATABASE_BACKUP, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
function ordner_einlesen($id) { global $db; $verzeichnis = $db->result(DB_PRE . 'ecp_gallery', 'folder', 'galleryID = ' . $id); $files = scan_dir('images/gallery/' . $verzeichnis, true); $result = $db->query('SELECT imageID, filename FROM ' . DB_PRE . 'ecp_gallery_images WHERE gID = ' . $id); $bilder = array(); while ($row = $db->fetch_assoc()) { $bilder[$row['imageID'] . '_' . $row['filename']] = 0; } print_r($files); print_r($bilder); if (!file_exists('images/gallery/' . $verzeichnis . '/thumbs')) { umask(0); mkdir('images/gallery/' . $verzeichnis . '/thumbs', 0777); } foreach ($files as $name) { if (strpos($name, '.')) { if (array_key_exists($name, $bilder)) { $bilder[$name] = 1; } else { $size = getimagesize('images/gallery/' . $verzeichnis . '/' . $name); $db->query('INSERT INTO ' . DB_PRE . 'ecp_gallery_images (`gID`, `filename`, `uploaded`, `userID`) VALUES (' . $id . ', \'' . strsave($name) . '\', ' . time() . ', ' . (int) $_SESSION['userID'] . ')'); $pid = $db->last_id(); $db->query('UPDATE ' . DB_PRE . 'ecp_gallery SET images = images + 1 WHERE galleryID= ' . $id); if ($size[0] > GALLERY_THUMB_SIZE) { resize_picture('images/gallery/' . $verzeichnis . '/' . $name, GALLERY_THUMB_SIZE, 'images/gallery/' . $verzeichnis . '/thumbs/' . $pid . '_' . $name, 100); } else { copy('images/gallery/' . $verzeichnis . '/' . $name, 'images/gallery/' . $verzeichnis . '/thumbs/' . $pid . '_' . $name); umask(0); chmod('images/gallery/' . $verzeichnis . '/thumbs/' . $pid . '_' . $name, CHMOD); } if ($size[0] > GALLERY_PIC_SIZE) { resize_picture('images/gallery/' . $verzeichnis . '/' . $name, GALLERY_PIC_SIZE, 'images/gallery/' . $verzeichnis . '/' . $pid . '_' . $name, 100); unlink('images/gallery/' . $verzeichnis . '/' . $name); } else { rename('images/gallery/' . $verzeichnis . '/' . $name, 'images/gallery/' . $verzeichnis . '/' . $pid . '_' . $name); } $bilder[$name] = 1; } } } foreach ($bilder as $key => $value) { if ($value == 0) { if (file_exists('images/gallery/' . $verzeichnis . '/thumbs/' . $key)) { unlink('images/gallery/' . $verzeichnis . '/thumbs/' . $key); } $key = substr($key, strpos($key, '_') + 1); $pid = $db->result(DB_PRE . 'ecp_gallery_images', 'imageID', 'gID = ' . $id . ' AND filename = \'' . strsave($key) . '\''); $db->query('DELETE FROM ' . DB_PRE . 'ecp_gallery_images WHERE imageID=' . $pid); $db->query('DELETE FROM ' . DB_PRE . 'ecp_comments WHERE bereich = "gallery" AND subID = ' . $pid); $db->query('UPDATE ' . DB_PRE . 'ecp_gallery SET images = images - 1 WHERE galleryID=' . $id); } } header1('?section=admin&site=gallery&func=viewgallery&id=' . $id); }
function admin_groups_edit($id) { global $db, $groups; if (isset($_SESSION['rights']['admin']['groups']['edit']) or isset($_SESSION['rights']['superadmin'])) { if (isset($_POST['submit'])) { if ($_POST['name'] == '' and $id > 4) { table(ERROR, GROUP_NAME_REQUIRED); $tpl = new smarty(); $tpl->assign('art', 'edit'); $files = scan_dir('templates/' . DESIGN . '/tpl/admin/group_forms/', true); $admin = ''; $public = ''; foreach ($_POST as $key => $value) { $tpl->assign($key, $value); } foreach ($files as $value) { $tpltemp = new smarty(); ob_start(); $tpltemp->display(DESIGN . '/tpl/admin/group_forms/' . $value); $content = ob_get_contents(); ob_end_clean(); if (strpos($value, 'admin') === false) { $public .= $content; } else { $admin .= $content; } } $tpl->assign('admin', $admin); $tpl->assign('public', $public); ob_start(); $tpl->display(DESIGN . '/tpl/admin/groups_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GROUP_EDIT, $content, '', 1); } else { $admin = array(); $public = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'admin') === 0) { $key = substr($key, strpos($key, '_') + 1); @($admin[substr($key, 0, strpos($key, '_', 1))][substr($key, strpos($key, '_', 1) + 1)] = $value); } elseif (strpos($key, 'public') === 0) { $key = substr($key, strpos($key, '_') + 1); @($public[substr($key, 0, strpos($key, '_', 1))][substr($key, strpos($key, '_', 1) + 1)] = $value); } } foreach ($admin as $key => $value) { @($admins .= ']' . $key . ':'); foreach ($value as $key2 => $value2) { $admins .= $key2 . '=' . $value2 . ','; } $admins = substr($admins, 0, strlen($admins) - 1); } $admins = substr($admins, 1); foreach ($public as $key => $value) { @($publics .= ']' . $key . ':'); foreach ($value as $key2 => $value2) { $publics .= $key2 . '=' . $value2 . ','; } $publics = substr($publics, 0, strlen($publics) - 1); } $publics = substr($publics, 1); if ($id > 4) { if ($db->query('UPDATE ' . DB_PRE . 'ecp_groups SET name = \'' . strsave($_POST['name']) . '\', admin = \'' . strsave($admins) . '\', public = \'' . strsave($publics) . '\' WHERE groupID = ' . $id)) { $db->query('UPDATE ' . DB_PRE . 'ecp_user SET update_rights = 1'); header1('?section=admin&site=groups'); } } else { if ($db->query('UPDATE ' . DB_PRE . 'ecp_groups SET admin = \'' . strsave($admins) . '\', public = \'' . strsave($publics) . '\' WHERE groupID = ' . $id)) { $db->query('UPDATE ' . DB_PRE . 'ecp_user SET update_rights = 1'); header1('?section=admin&site=groups'); } } } } else { $tpl = new smarty(); $files = scan_dir('templates/' . DESIGN . '/tpl/admin/group_forms/', true); $admin = ''; $public = ''; $tpl->assign('art', 'edit'); $row = $db->fetch_assoc('SELECT * FROM ' . DB_PRE . 'ecp_groups WHERE groupID = ' . $id); $tpl->assign('id', $id); if ($id > 4) { $tpl->assign('name', $row['name']); } else { $tpl->assign('name', $groups[$row['name']]); } if ($row['admin'] != '') { $array = explode(']', $row['admin']); foreach ($array as $value) { $data = explode(':', $value); $name = 'admin_' . $data[0]; $data = explode(',', $data[1]); foreach ($data as $key => $value2) { $rights[$name][substr($value2, 0, strpos($value2, '='))] = (int) substr($value2, strpos($value2, '=') + 1); } } } if ($row['public'] != '') { $array = explode(']', $row['public']); foreach ($array as $value) { $data = explode(':', $value); $name = 'public_' . $data[0]; $data = explode(',', $data[1]); foreach ($data as $key => $value2) { $rights[$name][substr($value2, 0, strpos($value2, '='))] = (int) substr($value2, strpos($value2, '=') + 1); } } } foreach ($files as $value) { $tpltemp = new smarty(); $name = substr($value, 0, strpos($value, '.')); if (isset($rights[$name])) { foreach ($rights[$name] as $key2 => $value2) { $tpltemp->assign($name . '_' . $key2, $value2); } } ob_start(); $tpltemp->display(DESIGN . '/tpl/admin/group_forms/' . $value); $content = ob_get_contents(); ob_end_clean(); if (strpos($value, 'admin') === false) { $public .= $content; } else { $admin .= $content; } } $tpl->assign('admin', $admin); $tpl->assign('public', $public); ob_start(); $tpl->display(DESIGN . '/tpl/admin/groups_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GROUP_EDIT, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
function guestbook_add() { global $db; if (isset($_POST['submit'])) { $last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="guestbook" AND IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\''); if ($_POST['author'] == '' or $_POST['commentstext'] == '' or $_POST['captcha'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } elseif (!check_email($_POST['email']) and $_POST['email'] != '') { table(ERROR, WRONG_EMAIL); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } elseif (strtolower($_POST['captcha']) != strtolower($_SESSION['captcha'])) { table(ERROR, CAPTCHA_WRONG); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } elseif ($last > time() - SPAM_GUESTBOOK or @(int) $_COOKIE['guestbook'] > time() - SPAM_GUESTBOOK) { $last > time() - SPAM_GUESTBOOK ? $zeit = SPAM_GUESTBOOK + $last - time() : ($zeit = SPAM_GUESTBOOK + $_COOKIE['guestbook'] - time()); table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_GUESTBOOK, $zeit), SPAM_PROTECTION_MSG)); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `author`, `beitrag`, `email`, `homepage`, `datum`, `IP`) VALUES ("guestbook", \'%s\', \'%s\', \'%s\', \'%s\', %d, \'%s\')', strsave(htmlspecialchars($_POST['author'])), strsave(comment_save($_POST['commentstext'])), strsave(htmlspecialchars($_POST['email'])), strsave(htmlspecialchars(check_url($_POST['homepage']))), time(), strsave($_SERVER['REMOTE_ADDR'])); if ($db->query($sql)) { setcookie('guestbook', time(), time() + 365 * 86400); header1('?section=guestbook'); } } unset($_SESSION['captcha']); } else { $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } }
<?php include 'lang/' . LANGUAGE . '.php'; global $db; if (isset($_SESSION['userID']) and (isset($_SESSION['rights']['admin']) or isset($_SESSION['rights']['superadmin']))) { if (!isset($_SESSION['admin_verify'])) { if (isset($_POST['passwort'])) { if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID = ' . $_SESSION['userID'] . ' AND passwort = \'' . sha1($_POST['passwort']) . '\'')) { $_SESSION['admin_verify'] = 1; header1('?section=admin'); } else { table(ERROR, WRONG_PW); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/verify.html'); $content = ob_get_contents(); ob_end_clean(); main_content(SECURITY, $content, '', 1); } } else { $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/verify.html'); $content = ob_get_contents(); ob_end_clean(); main_content(SECURITY, $content, '', 1); } } else { $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/admin/navi.html');
<?php include "includes/header.inc.php"; echo header1("Book Details"); include "includes/nav.inc.php"; $catid = ""; include "config.php"; $book_id = $_GET['id']; //getting the book to display the result for the current chosen book if (!isset($_GET['id'])) { echo "<h1>You shouldn't have got to this page, please go back to the search form and search for a book. </h1>"; exit; } $query = "SELECT * FROM book\n INNER JOIN categorybook ON book.isbn = categorybook.isbn\n INNER JOIN authorbook ON book.isbn = authorbook.isbn\n INNER JOIN author ON authorbook.author_id = author.author_id WHERE book.isbn=:id"; $stmt = $conn->prepare($query); $stmt->bindValue(':id', $book_id); $stmt->execute(); echo "<div class='container'>"; if ($book = $stmt->fetch(PDO::FETCH_OBJ)) { echo "<p class='title'>{$book->title}</p>\n\t<p>by {$book->f_name} {$book->l_name} </p>"; echo "<div class='detatilsleft'> <img class='bookimg'src=images/books/{$book->isbn}.jpg> </div>"; echo "<div class='description'>\n\t<h3><span> Description </span></h3>\n\t\t\t<br/><span> {$book->description}</span>\n\t\t</div>"; echo "<div class='detatilsright'>\n\t<h3><span>Book details</span></h3>\n\t<p><b>ISBN:</b>{$book->isbn} </p>\n\t<p class='title'>{$book->title}</p>\n\t<p class='price'><b>Price : </b>£{$book->price}</p>\n\t\t<p> <b>Author : </b>{$book->f_name} {$book->l_name}</p>\n\t\t\t<p> <b>No of Pages :</b> {$book->pages}</p>\n\t\t\t<p> <b>Publisher : </b>{$book->publisher}</p></div>"; $catid = $book->cat_id; $currenrbook = $book->title; } $otherResult = array(); // array to store the related book // select other books related to the same category as the current book $query = "SELECT * FROM categorybook\n\t INNER JOIN book ON categorybook.isbn = book.isbn \n\t WHERE categorybook.cat_id=:id"; $stmt = $conn->prepare($query);
function admin_forum_edit($id) { global $db; if (@$_SESSION['rights']['admin']['forum']['edit'] or @$_SESSION['rights']['superadmin']) { if (isset($_POST['submit'])) { if ($_POST['name'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `boardparentID` = %d, `name` = \'%s\', `beschreibung` = \'%s\', `closed` = %d, `attachments` = %d, `attachmaxsize` = %d, `rightsread` = \'%s\', `threadopen` = \'%s\', `postcom` = \'%s\', `editcom` = \'%s\', `startsurvey` = \'%s\', `votesurvey` = \'%s\', `attachfiles` = \'%s\', `downloadattch` = \'%s\', `threadclose` = \'%s\', `threaddel` = \'%s\', `threadmove` = \'%s\', `threadpin` = \'%s\', `editmocom` = \'%s\', `delcom` = \'%s\', `commentsperpost` = %d, `moneyperpost` = %f WHERE boardID = %d', $_POST['boardparentID'], strsave($_POST['name']), strsave($_POST['beschreibung']), $_POST['closed'], $_POST['attachments'], $_POST['attachmaxsize'] * $_POST['modifkator'], admin_make_rights($_POST['rightsread']), admin_make_rights($_POST['threadopen']), admin_make_rights($_POST['postcom']), admin_make_rights($_POST['editcom']), admin_make_rights($_POST['startsurvey']), admin_make_rights($_POST['votesurvey']), admin_make_rights($_POST['attachfiles']), admin_make_rights($_POST['downloadattch']), admin_make_rights($_POST['threadclose']), admin_make_rights($_POST['threaddel']), admin_make_rights($_POST['threadmove']), admin_make_rights($_POST['threadpin']), admin_make_rights($_POST['editmocom']), admin_make_rights($_POST['delcom']), $_POST['commentsperpost'], str_replace(',', '.', $_POST['moneyperpost']), $id); if ($db->query($sql)) { header1('?section=admin&site=forum'); } } } else { $tpl = new smarty(); $boardinfos = $db->fetch_assoc('SELECT `boardparentID`, `beschreibung`, `name`, `isforum`, `closed`, `commentsperpost`, `moneyperpost`, `attachments`, `attachmaxsize`, `rightsread`, `threadopen`, `postcom`, `editcom`, `startsurvey`, `votesurvey`, `attachfiles`, `downloadattch`, `threadclose`, `threaddel`, `threadmove`, `threadpin`, `editmocom`, `delcom` FROM ' . DB_PRE . 'ecp_forum_boards WHERE boardID = ' . $id); $tpl->assign('beschreibung', $boardinfos['beschreibung']); $tpl->assign('isforum', $boardinfos['isforum']); $tpl->assign('closed', $boardinfos['closed']); $tpl->assign('commentsperpost', $boardinfos['commentsperpost']); $tpl->assign('moneyperpost', $boardinfos['moneyperpost']); $tpl->assign('attachments', $boardinfos['attachments']); $tpl->assign('attachmaxsize', $boardinfos['attachmaxsize']); $tpl->assign('name', $boardinfos['name']); $db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC'); $gruppen = array(); while ($row = $db->fetch_assoc()) { $gruppen[] = $row; } $db->query('SELECT boardID, name FROM ' . DB_PRE . 'ecp_forum_boards WHERE isforum = 0 ORDER BY name ASC'); $boards = ''; while ($row = $db->fetch_assoc()) { $boards .= '<option ' . ($boardinfos['boardparentID'] == $row['boardID'] ? 'selected="selected" ' : '') . 'value="' . $row['boardID'] . '">' . $row['name'] . '</option>'; } $tpl->assign('boards', $boards); $tpl->assign('rightsread', forum_make_rights($gruppen, explode(',', substr($boardinfos['rightsread'], 1, strlen($boardinfos['rightsread']) - 2)))); $tpl->assign('threadopen', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadopen'], 1, strlen($boardinfos['threadopen']) - 2)))); $tpl->assign('postcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['postcom'], 1, strlen($boardinfos['postcom']) - 2)))); $tpl->assign('editcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editcom'], 1, strlen($boardinfos['editcom']) - 2)))); $tpl->assign('startsurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['startsurvey'], 1, strlen($boardinfos['startsurvey']) - 2)))); $tpl->assign('votesurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['votesurvey'], 1, strlen($boardinfos['votesurvey']) - 2)))); $tpl->assign('attachfiles', forum_make_rights($gruppen, explode(',', substr($boardinfos['attachfiles'], 1, strlen($boardinfos['attachfiles']) - 2)))); $tpl->assign('downloadattch', forum_make_rights($gruppen, explode(',', substr($boardinfos['downloadattch'], 1, strlen($boardinfos['downloadattch']) - 2)))); $tpl->assign('threadclose', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadclose'], 1, strlen($boardinfos['threadclose']) - 2)))); $tpl->assign('threaddel', forum_make_rights($gruppen, explode(',', substr($boardinfos['threaddel'], 1, strlen($boardinfos['threaddel']) - 2)))); $tpl->assign('threadmove', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadmove'], 1, strlen($boardinfos['threadmove']) - 2)))); $tpl->assign('threadpin', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadpin'], 1, strlen($boardinfos['threadpin']) - 2)))); $tpl->assign('editmocom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editmocom'], 1, strlen($boardinfos['editmocom']) - 2)))); $tpl->assign('delcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['delcom'], 1, strlen($boardinfos['delcom']) - 2)))); $tpl->assign('url', 'edit&id=' . $id); ob_start(); $tpl->display(DESIGN . '/tpl/admin/forum_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_ADD, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
function survey_vote($id) { global $db; if (isset($_GET['ajax'])) { ob_end_clean(); $db->setMode(0); } $umfrage = $db->fetch_assoc('SELECT `start`, `ende`, `antworten`, `sperre` FROM ' . DB_PRE . 'ecp_survey WHERE (access = "" OR ' . $_SESSION['access_search'] . ') AND surveyID = ' . $id); if (isset($umfrage['antworten'])) { $sperre = false; if (isset($_COOKIE['surveys'][$id]) and $_COOKIE['surveys'][$id]) { if ($_COOKIE['surveys'][$id] + $umfrage['sperre'] > time()) { $zeit = $_COOKIE['surveys'][$id]; $sperre = true; } } elseif (isset($_SESSION['userID'])) { $zeit = @$db->result(DB_PRE . 'ecp_survey_votes', 'votedatum', 'userID = ' . $_SESSION['userID'] . ' AND surID = ' . $id . ' ORDER BY votedatum DESC LIMIT 1'); if ((int) $zeit + $umfrage['sperre'] > time()) { $sperre = true; } } else { $zeit = $db->result(DB_PRE . 'ecp_survey_votes', 'votedatum', 'IP = \'' . $_SERVER['REMOTE_ADDR'] . '\' AND surID = ' . $id . ' ORDER BY votedatum DESC LIMIT 1'); if ((int) $zeit + $umfrage['sperre'] > time()) { $sperre = true; } } if ($umfrage['start'] > time() or $umfrage['ende'] < time()) { if (isset($_GET['ajax'])) { echo SURVEY_NOT_AKTIV; } else { table(ERROR, SURVEY_NOT_AKTIV); survey(); } } elseif ($sperre) { if (isset($_GET['ajax'])) { echo str_replace('{zeit}', ($zeit + $umfrage['sperre'] - time()) / 60, SURVEY_RELOAD_LOCK); } else { table(ERROR, str_replace('{zeit}', ($zeit + $umfrage['sperre'] - time()) / 60, SURVEY_RELOAD_LOCK)); survey(); } } else { if ($umfrage['antworten'] == 1) { $aid = (int) @$_POST['answer']; if ($aid) { if ($db->result(DB_PRE . 'ecp_survey_answers', 'COUNT(answerID)', 'sID = ' . $id . ' AND answerID = ' . $aid)) { if ($db->query('UPDATE ' . DB_PRE . 'ecp_survey_answers SET votes = votes+1 WHERE sID = ' . $id . ' AND answerID = ' . $aid)) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_survey_votes (`surID`, `userID`, `IP`, `votedatum`) VALUES (' . $id . ', ' . (int) @$_SESSION['userID'] . ', \'' . $_SERVER['REMOTE_ADDR'] . '\', ' . time() . ')'); setcookie("survey[{$id}]", time(), time() + 365 * 86400); if (isset($_GET['ajax'])) { echo 'ok'; } else { header1('?section=survey'); } } } else { if (isset($_GET['ajax'])) { echo SURVEY_CHOOSE_EQAL_ID; } else { table(ERROR, SURVEY_CHOOSE_EQAL_ID); survey(); } } } else { if (isset($_GET['ajax'])) { echo SURVEY_MAKE_A_CHOOSE; } else { table(ERROR, SURVEY_MAKE_A_CHOOSE); survey(); } } } else { $db->query('SELECT answerID FROM ' . DB_PRE . 'ecp_survey_answers WHERE sID = ' . $id); $answers = array(); while ($row = $db->fetch_assoc()) { $answers[] = $row['answerID']; } $antworten = ''; foreach ($_POST as $key => $value) { if (strpos($key, 'answer_') !== false) { $key = (int) substr($key, strpos($key, '_') + 1); if (in_array($key, $answers)) { @($antworten .= ' OR answerID = ' . $key); @$gesamt++; } } } if ($gesamt > $umfrage['antworten']) { if (isset($_GET['ajax'])) { echo str_replace('{anzahl}', $umfrage['antworten'], SURVEY_TOO_MANY); } else { table(ERROR, str_replace('{anzahl}', $umfrage['antworten'], SURVEY_TOO_MANY)); survey(); } } elseif (strlen($antworten)) { if ($db->query('UPDATE ' . DB_PRE . 'ecp_survey_answers SET votes = votes+1 WHERE sID = ' . $id . ' AND (' . substr($antworten, 4) . ')')) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_survey_votes (`surID`, `userID`, `IP`, `votedatum`) VALUES (' . $id . ', ' . (int) @$_SESSION['userID'] . ', \'' . $_SERVER['REMOTE_ADDR'] . '\', ' . time() . ')'); setcookie("survey[{$id}]", time(), time() + 365 * 86400); if (isset($_GET['ajax'])) { echo 'ok'; } else { header1('?section=survey'); } } } else { if (isset($_GET['ajax'])) { echo SURVEY_MAKE_A_CHOOSE; } else { table(ERROR, SURVEY_MAKE_A_CHOOSE); survey(); } } } } } else { if (isset($_GET['ajax'])) { echo NO_ENTRIES_ID; } else { table(ERROR, NO_ENTRIES_ID); survey(); } } if (isset($_GET['ajax'])) { die; } }
function admin_news_del($id) { global $db; if (isset($_GET['agree'])) { $id = (int) $_GET['id']; if ($db->result(DB_PRE . 'ecp_news', 'COUNT(newsID)', 'newsID = ' . $id)) { if ($db->query('DELETE FROM ' . DB_PRE . 'ecp_comments WHERE subID = ' . $id . ' AND bereich = "news"')) { if ($db->query('DELETE FROM ' . DB_PRE . 'ecp_news WHERE newsID = ' . $id)) { header1('?section=admin&site=news'); } } } else { echo NO_ENTRIES_ID; } } else { table(DELETE, '<center>' . DEL_NEWS . '<br /><a href="?section=admin&site=news&func=del&id=' . $id . '&agree=1"><span class="error">' . YES . '</span></a> <a href="?section=admin&site=news">' . NO . '</a></center>'); } }
function comments_edit($bereich, $subid, $id, $conditions, $session = '', $admin = '') { global $db; $com = $db->fetch_assoc('SELECT `subID`, `bereich`, `userID`, `author`, `beitrag`, `email`, `homepage`, `datum`, `editdatum`, `editby`, `edits`, `IP` FROM ' . DB_PRE . 'ecp_comments WHERE subID = ' . $subid . ' AND bereich = "' . strsave($bereich) . '" AND comID = ' . $id); if (isset($com['subID'])) { if (isset($_SESSION['userID']) and (@$_SESSION['rights']['public'][$session ? $session : $bereich]['com_edit'] and $_SESSION['userID'] == $com['userID'] and $com['userID'] != 0 or @$_SESSION['rights']['admin'][$bereich][$admin ? $admin : 'com_edit'] or @$_SESSION['rights']['superadmin'])) { if (isset($_POST['submit'])) { if ($_POST['commentstext'] == '') { table(ERROR, NO_INPUT); $tplc = new smarty(); $tplc->assign('section', $conditions['section'] ? $conditions['section'] : $bereich); $tplc->assign('action', $conditions['action']); $tplc->assign('id', $id); $tplc->assign('edit', 1); $tplc->assign('userID', $com['userID']); $tplc->assign('sub', '&subid=' . $subid); foreach ($_POST as $key => $value) { $tplc->assign($key, $value); } ob_start(); $tplc->display(DESIGN . '/tpl/comment_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(EDIT_COMMENT, $content, '', 1); } else { if ($com['userID'] == 0) { if ($_POST['author'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tplc = new smarty(); $tplc->assign('section', $conditions['section'] ? $conditions['section'] : $bereich); $tplc->assign('action', $conditions['action']); $tplc->assign('id', $id); $tplc->assign('edit', 1); $tplc->assign('userID', $com['userID']); $tplc->assign('sub', '&subid=' . $subid); foreach ($_POST as $key => $value) { $tplc->assign($key, $value); } ob_start(); $tplc->display(DESIGN . '/tpl/comment_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(EDIT_COMMENT, $content, '', 1); } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_comments SET `author` = \'%s\', `beitrag` = \'%s\', `email` = \'%s\', `homepage` = \'%s\', `editdatum` = %d, `editby` = %d, `edits` = edits + 1 WHERE comID = %d', strsave(htmlspecialchars($_POST['author'])), strsave(comment_save($_POST['commentstext'])), strsave(htmlspecialchars($_POST['email'])), strsave(htmlspecialchars(check_url($_POST['homepage']))), time(), $_SESSION['userID'], $id); if ($db->query($sql)) { $anzahl = $db->result(DB_PRE . 'ecp_comments', 'COUNT(comID)', 'subID = ' . $subid . ' AND bereich = "' . $bereich . '" AND comID ' . ($conditions['ORDER'] == "ASC" ? '<' : '>') . ' ' . $id); $seiten = ceil($anzahl / $conditions['LIMIT']); header1($conditions['link'] . '&page=' . $seiten . '#com_' . $id); } } } else { $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_comments SET `beitrag` = \'%s\', `editdatum` = %d, `editby` = %d, `edits` = edits + 1 WHERE comID = %d', strsave(comment_save($_POST['commentstext'])), time(), $_SESSION['userID'], $id); if ($db->query($sql)) { $anzahl = $db->result(DB_PRE . 'ecp_comments', 'COUNT(comID)', 'subID = ' . $subid . ' AND bereich = "' . $bereich . '" AND comID ' . ($conditions['ORDER'] == "ASC" ? '<=' : '>=') . ' ' . $id); $seiten = ceil($anzahl / $conditions['LIMIT']); header1($conditions['link'] . '&page=' . $seiten . '#com_' . $id); } } } } else { $tplc = new Smarty(); $tplc->assign('section', $conditions['section'] ? $conditions['section'] : $bereich); $tplc->assign('action', $conditions['action']); $tplc->assign('id', $id); $tplc->assign('edit', 1); $tplc->assign('sub', '&subid=' . $subid); $tplc->assign('commentstext', htmlentities($com['beitrag'])); $tplc->assign('userID', $com['userID']); $tplc->assign('author', $com['author']); $tplc->assign('homepage', $com['homepage']); $tplc->assign('email', $com['email']); ob_start(); $tplc->display(DESIGN . '/tpl/comment_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(EDIT_COMMENT, $content, '', 1); } } else { table(ACCESS_DENIED, NO_ACCESS_RIGHTS); } } else { table(ERROR, NO_ENTRIES_ID); } }
function admin_menu_edit($id) { global $db; if (@$_SESSION['rights']['admin']['menu']['edit'] or @$_SESSION['rights']['superadmin']) { if (isset($_POST['submit'])) { if ($_POST['name'] == '' or $_POST['design'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); foreach ($_POST as $key => $value) { $tpl->assign($key, $value); } $tpl->assign('module', get_module($_POST['modul'])); $tpl->assign('designs', get_designs($_POST['design'])); $tpl->assign('access', get_form_rights($_POST['access'])); $tpl->assign('func', 'add'); $lang = get_languages(); in_array('all', $_POST['language']) ? $options = '<option value="all" selected="selected">' . ALL . '</option>' : ($options = '<option value="all">' . ALL . '</option>'); foreach ($lang as $value) { $options .= '<option ' . (in_array($value['lang'], $_POST['language']) ? ' selected="selected"' : '') . 'value="' . $value['lang'] . '">' . $value['name'] . '</option>'; } $tpl->assign('languages', $options); ob_start(); $tpl->display(DESIGN . '/tpl/admin/menu_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(MENU_ADD, $content, '', 1); } else { if (in_array('all', $_POST['language'])) { $lang = ''; } else { $lang = ',' . implode(',', $_POST['language']) . ','; } $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_menu SET `name` = \'%s\', `headline` = \'%s\', `inhalt` = \'%s\', `hposi` = \'%s\', `usetpl` =%d, `design` = \'%s\', `access` = \'%s\', `lang` = \'%s\', `modul` = \'%s\' WHERE menuID = %d', strsave($_POST['name']), strsave($_POST['headline']), strsave($_POST['inhalt']), strsave($_POST['postion']), (int) @$_POST['usetpl'], strsave($_POST['design']), strsave(admin_make_rights($_POST['access'])), strsave($lang), strsave($_POST['modul']), $id); if ($db->query($sql)) { header1('?section=admin&site=menu'); } } } else { $menu = $db->fetch_assoc('SELECT * FROM ' . DB_PRE . 'ecp_menu WHERE menuID = ' . $id); $tpl = new smarty(); $menu['headline'] = htmlentities($menu['headline']); foreach ($menu as $key => $value) { $tpl->assign($key, $value); } $tpl->assign('func', 'edit&id=' . $id); $tpl->assign('module', get_module($menu['modul'])); $tpl->assign('designs', get_designs($menu['design'])); $tpl->assign('access', get_form_rights(explode(',', $menu['access']))); $lang = get_languages(); $langs = explode(',', $menu['lang']); $options = '<option value="all" ' . (count($langs) < 3 ? 'selected="selected"' : '') . '>' . ALL . '</option>'; foreach ($lang as $value) { $options .= '<option ' . (in_array($value['lang'], $langs) ? ' selected="selected"' : '') . 'value="' . $value['lang'] . '">' . $value['name'] . '</option>'; } $tpl->assign('languages', $options); ob_start(); $tpl->display(DESIGN . '/tpl/admin/menu_add_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(MENU_EDIT, $content, '', 1); } } else { table(ERROR, NO_ADMIN_RIGHTS); } }
<?php include "includes/header.inc.php"; echo header1("Welcome to my design Page"); include "includes/nav.inc.php"; include "config.php"; ?> <div class="container"> <div> <h1> scenario for PHP book search </h1> <p> PHP Book Search Engine is a advanced search engine for books, you can search by Book Name, Author or ISBN. </p> <p> Books have many author - authors have many books. </p> <p> category have many books - books have many category. </p> </div> <div> <h1> Class Diagram </h1> <img class="dsgimage" src="images/classdg.jpg"/> </div> <div> <h1> Physical Diagram </h1> <img class="dsgimage" src="images/physicaldg.jpg"/> </div> <div> <h1> Sql Designer view </h1> <img class="dsgimage" src="images/sqlrelation.jpg"/> </div>
<?php include "includes/header.inc.php"; echo header1("Home Page"); include "includes/nav.inc.php"; //connection to the database include "config.php"; $conn = ConnectionFactory::connect(); $dosearch = false; $results = array(); $search_term = ""; if (isset($_GET['search_for'])) { $search_term = $_GET['search_for']; // getting the value from the user } ?> <div class="container"> <div id="search"> <form action="" method="GET"> <h2> Search by Book Name - ISBN or Author </h2> <label for="search-field">Search</label> <input type="search" name="search_for" placeholder="Enter your search term..." results="5" value="<?php echo $search_term; ?> "> <p class="error"> <?php if (isset($_GET['search_for'])) { $search_term = $_GET['search_for']; // getting the value from the user