function shoutbox_add()
{
global $db;
if (isset($_GET['ajax'])) {
$db->setMode(0);
ob_end_clean();
ajax_convert_array($_POST);
}
$last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="shoutbox" AND (IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\' OR (userID != 0 AND userID = ' . @(int) $_SESSION['userID'] . '))');
if (!@$_SESSION['userID'] and $_POST['shout_username'] == '' and $_POST['shout_captcha'] == '' and $_POST['shoutbox_msgbox'] == '') {
if (isset($_GET['ajax'])) {
echo html_ajax_convert(NOT_NEED_ALL_INPUTS);
} else {
table(ERROR, NOT_NEED_ALL_INPUTS);
}
} elseif (!@$_SESSION['userID'] and strtolower($_POST['shout_captcha']) != strtolower($_SESSION['captcha_mini'])) {
if (isset($_GET['ajax'])) {
echo html_ajax_convert(CAPTCHA_WRONG);
} else {
table(ERROR, CAPTCHA_WRONG);
}
} elseif (@$_SESSION['userID'] and $_POST['shoutbox_msgbox'] == '') {
if (isset($_GET['ajax'])) {
echo html_ajax_convert(NOT_NEED_ALL_INPUTS);
} else {
table(ERROR, NOT_NEED_ALL_INPUTS);
}
} elseif ($last > time() - SPAM_SHOUTBOX or @(int) $_COOKIE['shoutbox'] > time() - SPAM_SHOUTBOX) {
$last > time() - SPAM_SHOUTBOX ? $zeit = SPAM_SHOUTBOX + $last - time() : ($zeit = SPAM_SHOUTBOX + $_COOKIE['shoutbox'] - time());
if (isset($_GET['ajax'])) {
echo html_ajax_convert(str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG));
} else {
table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_SHOUTBOX, $zeit), SPAM_PROTECTION_MSG));
}
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `userID`, `author`, `beitrag`, `datum`, `IP`) VALUES (\'shoutbox\', %d, \'%s\', \'%s\', %d, \'%s\')', @$_SESSION['userID'], strsave(htmlspecialchars(@$_POST['shout_username'])), strsave(htmlspecialchars(substr($_POST['shoutbox_msgbox'], 0, SHOUTBOX_MAX_CHARS))), time(), strsave($_SERVER['REMOTE_ADDR']));
if ($db->query($sql)) {
setcookie('shoutbox', time(), time() + 365 * 86400);
if (isset($_GET['ajax'])) {
echo 'ok';
} else {
if ($_SERVER['HTTP_REFERER'] != '') {
header('Location: ' . $_SERVER['HTTP_REFERER'] . '#com_' . $db->last_id());
} else {
header1('?section=news#com_' . $db->last_id());
}
}
}
}
if (isset($_GET['ajax'])) {
die;
}
}
function admin_user_edit($id)
{
global $db;
if (isset($_POST['submit'])) {
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $id) or $_POST['username'] == '') {
$_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $id);
table(ERROR, ACCOUNT_ALLREADY_EXIST);
}
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $id) or !check_email($_POST['email'])) {
$_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $id);
if (!check_email($_POST['email'])) {
table(ERROR, WRONG_EMAIL);
} else {
table(ERROR, EMAIL_ALLREADY_EXIST);
}
}
$geburtstag = explode('.', $_POST['birthday']);
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET
username = \'%s\',email = \'%s\',country = \'%s\',
sex = \'%s\',signatur = \'%s\',realname = \'%s\',
geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\',
msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\',
clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\',
clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\',
ram = \'%s\',gkarte = \'%s\',skarte = \'%s\',
monitor = \'%s\',maus = \'%s\',tastatur = \'%s\',
mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\',
headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\'
WHERE ID = ' . $id, strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])));
if ($db->query($sql) and $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = ' . (int) $_POST['comments'] . ', money = ' . (double) $_POST['money'] . ' WHERE userID = ' . $id)) {
header1('?section=admin&site=user');
}
} else {
$tpl = new smarty();
$row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`,
`clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`,
`internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, money, comments FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (userID = ID) WHERE ID = ' . $id);
$row['birthday'] = date('d.m.Y', strtotime($row['geburtstag']));
foreach ($row as $key => $value) {
$tpl->assign($key, $value);
}
ob_start();
$tpl->assign('countries', form_country($row['country']));
$tpl->display(DESIGN . '/tpl/admin/user_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(ACCOUNT_EDIT, $content, '', 1);
}
}
function admin_smilies_add()
{
global $db;
if (!isset($_SESSION['rights']['admin']['smilies']['add']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
if (@$_FILES['smilie']['tmp_name'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/smilies.html');
$content = ob_get_contents();
ob_end_clean();
main_content(SMILIES, $content, '', 1);
get_smilies();
} elseif ($_FILES['smilie']['type'] != 'image/jpg' and $_FILES['smilie']['type'] != 'image/gif' and $_FILES['smilie']['type'] != 'image/png' and $_FILES['smilie']['type'] != 'image/jpeg') {
table(ERROR, WRONG_FILE_TYPE);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/smilies.html');
$content = ob_get_contents();
ob_end_clean();
main_content(SMILIES, $content, '', 1);
get_smilies();
} else {
ajax_convert_array($_POST);
ajax_convert_array($_FILES);
if (move_uploaded_file($_FILES['smilie']['tmp_name'], 'images/smilies/' . str_replace(' ', '_', $_FILES['smilie']['name']))) {
umask(0);
chmod('images/smilies/' . str_replace(' ', '_', $_FILES['smilie']['name']), CHMOD);
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_smilies (`bedeutung`, `filename`)
VALUES (\'%s\', \'%s\')', strsave($_POST['bedeutung']), strsave(str_replace(' ', '_', $_FILES['smilie']['name'])));
if ($db->query($sql)) {
header1('?section=admin&site=smilies');
}
}
}
}
}
function admin_ranks_add()
{
global $db;
if (!isset($_SESSION['rights']['admin']['ranks']['add']) and !isset($_SESSION['rights']['superadmin'])) {
echo NO_ADMIN_RIGHTS;
} else {
if (@$_FILES['rank']['tmp_name'] == '' or $_POST['rankname'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/ranks.html');
$content = ob_get_contents();
ob_end_clean();
main_content(RANGS, $content, '', 1);
get_ranks();
} elseif ($_FILES['rank']['type'] != 'image/jpg' and $_FILES['rank']['type'] != 'image/gif' and $_FILES['rank']['type'] != 'image/png' and $_FILES['rank']['type'] != 'image/jpeg') {
table(ERROR, WRONG_FILE_TYPE);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/ranks.html');
$content = ob_get_contents();
ob_end_clean();
main_content(RANGS, $content, '', 1);
get_ranks();
} else {
if (move_uploaded_file($_FILES['rank']['tmp_name'], 'images/ranks/' . str_replace(' ', '_', $_FILES['rank']['name']))) {
umask(0);
chmod('images/ranks/' . str_replace(' ', '_', $_FILES['rank']['name']), CHMOD);
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_ranks (`rankname`, `iconname`, abposts, fest, money)
VALUES (\'%s\', \'%s\', %d, %d, %f)', strsave($_POST['rankname']), strsave(str_replace(' ', '_', $_FILES['rank']['name'])), (int) @$_POST['abposts'], (int) @$_POST['fest'], (double) str_replace(',', '.', @$_POST['money']));
if ($db->query($sql)) {
header1('?section=admin&site=ranks');
}
}
}
}
}
function clanwars_next_part($id, $mode)
{
global $db;
if ($db->result(DB_PRE . 'ecp_wars_teilnehmer', 'COUNT(userID)', 'userID = ' . $_SESSION['userID'] . ' AND warID = ' . $id)) {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_wars_teilnehmer SET status = ' . $mode . ', meldedatum = ' . time() . ' WHERE warID = ' . $id . ' AND userID = ' . $_SESSION['userID'])) {
header1('?section=clanwars&action=nextwar&id=' . $id);
}
} else {
table(ERROR, NO_ACCESS_RIGHTS);
}
}
$error = 'Es wurde keine Datei hochgeladen.';
}
} else {
$error = NO_ADMIN_RIGHTS;
}
if (UPLOAD_METHOD == 'Flash') {
if (isset($error)) {
echo html_ajax_convert(json_encode(array('result' => 'failed', 'error' => $error)));
} else {
echo html_ajax_convert(json_encode(array('result' => 'success', 'size' => str_replace('{datei}', $_FILES['Filedata']['name'], UPLOAD_SUCCESS))));
}
} else {
if (isset($error)) {
echo $error . '<br /><a href="index.php?section=admin&site=gallery&func=viewgallery&id=' . (int) $_GET['id'] . '">Back to Page</a>';
} else {
header1('index.php?section=admin&site=gallery&func=viewgallery&id=' . (int) $_GET['id']);
}
}
break;
case 'gallery_set_text':
if (@$_SESSION['rights']['admin']['gallery']['edit'] or @$_SESSION['rights']['superadmin']) {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_gallery_images SET beschreibung = \'' . strsave($_POST['msg']) . '\' WHERE imageID = ' . (int) $_GET['pid'])) {
echo 'ok';
}
} else {
echo html_ajax_convert(NO_ADMIN_RIGHTS);
}
break;
case 'del_gallery_pic':
if (@$_SESSION['rights']['admin']['gallery']['edit'] or @$_SESSION['rights']['superadmin']) {
$data = $db->fetch_assoc('SELECT imageID, filename, gID, folder FROM ' . DB_PRE . 'ecp_gallery_images LEFT JOIN ' . DB_PRE . 'ecp_gallery ON gID= galleryID WHERE imageID= ' . (int) $_GET['id']);
<?php
$config = readconfig();
header1();
foreach ($config as $code => $data) {
area($code, $data["x"], $data["y"], $data["dx"], $data["dy"]);
}
header2();
foreach ($config as $code => $data) {
showlink($code, $data["name"], $data["location"], $data["url"]);
}
header3();
function header1()
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New South Wales Trails Map</title>
<style type="text/css">
body {
padding: 0;
margin: 0;
}
#map ul {
padding: 0;
margin: 0;
}
#map {
margin:0;
$row = $db->fetch_assoc('SELECT installed, ende, status FROM ' . DB_PRE . 'ecp_stats LEFT JOIN ' . DB_PRE . 'ecp_lotto_runden as a ON (zahl1 = 0) LEFT JOIN ' . DB_PRE . 'ecp_user ON (ID = ' . (int) @$_SESSION['userID'] . ') ORDER BY a.ende DESC LIMIT 1');
if (isset($_SESSION['userID']) and $row['status'] == 2) {
setcookie('userID', '', time() - 60000, '/');
setcookie('passwort', '', time() - 60000, '/');
session_destroy();
$ban = $db->fetch_assoc('SELECT username, vonID, grund, bantime, endbantime FROM ' . DB_PRE . 'ecp_user_bans LEFT JOIN ' . DB_PRE . 'ecp_user ON (ID = vonID) WHERE userID = ' . $_SESSION['userID']);
$search = array('{bantime}', '{banuser}', '{endbantime}');
$repalce = array(date(LONG_DATE, $ban['bantime']), '<a href="?section=user&id=' . $ban['vonID'] . '">' . $ban['username'] . '</a>', date(LONG_DATE, $ban['endbantime']));
$bantxt = str_replace($search, $repalce, BANNED);
echo $bantxt . $ban['grund'];
die;
} elseif (isset($_SESSION['userID']) and $row['status'] == null) {
setcookie('userID', '', time() - 60000, '/');
setcookie('passwort', '', time() - 60000, '/');
session_destroy();
header1('');
}
$installed = $row['installed'];
if ($row['ende'] != null and $row['ende'] < time()) {
lotto_runde_ende();
lotto_runde_start();
}
//
//------------------------------ User Online updaten START ---------------------------------------------//
$db->query('DELETE FROM ' . DB_PRE . 'ecp_online WHERE betretten < ' . (time() - ONLINE_RELOAD));
//Alte Einträge löschen
if (isset($_SESSION['userID'])) {
if ($db->result(DB_PRE . 'ecp_online', 'COUNT(uID)', 'uID = \'' . $_SESSION['userID'] . '\' OR SID = \'' . session_id() . '\'')) {
$db->query('UPDATE ' . DB_PRE . 'ecp_online SET lastklick = ' . time() . ', forum = ' . (@$_GET['section'] == 'forum' ? 1 : 0) . ', fboardID = ' . @(int) $_GET['boardID'] . ', fthreadID = ' . @(int) $_GET['threadID'] . ', SIDDATA = \'' . strsave(serialize($_SESSION)) . '\' WHERE uID =' . $_SESSION['userID'] . ' OR SID = \'' . session_id() . '\' LIMIT 1');
$eingetragen = true;
} else {
function admin_clanwars_editnext($id)
{
if (@$_SESSION['rights']['admin']['clanwars']['edit_next'] or @$_SESSION['rights']['superadmin']) {
global $db;
if (isset($_POST['datum'])) {
if (!$_POST['oppID']) {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_opp (`oppname`, `oppshort`, `homepage`, `country`) VALUES (\'%s\', \'%s\',\'%s\',\'%s\')', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave($_POST['homepage']), strsave($_POST['country']));
} else {
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars_opp SET `oppname` = \'%s\', `oppshort` = \'%s\', `homepage` = \'%s\', `country` = \'%s\' WHERE oppID = %d', strsave($_POST['oppname']), strsave($_POST['oppshort']), strsave(check_url($_POST['homepage'])), strsave($_POST['country']), @$_POST['oppID']);
}
if ($db->query($sql)) {
!$_POST['oppID'] ? $oppid = $db->last_id() : ($oppid = (int) $_POST['oppID']);
$lang = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'cription_')) {
$lang[substr($key, strpos($key, '_') + 1)] = $value;
}
}
$players = array();
foreach ($_POST['players'] as $value) {
$value = trim($value);
if (strpos($value, 'team_') !== false) {
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_members WHERE teamID = ' . (int) substr($value, strpos($value, '_') + 1));
while ($row = $db->fetch_assoc()) {
if (!in_array($row['userID'], $players)) {
$players[] = $row['userID'];
}
}
} elseif (strpos($value, 'member_') !== false) {
$ids = substr($value, strpos($value, '_') + 1);
if (!in_array($ids, $players)) {
$players[] = $ids;
}
}
}
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_wars SET
`tID` = %d,
`mID` = %d,
`gID` = %d,
`datum` = %d,
`xonx` = \'%s\',
hinweise = \'%s\',
`oID` = %d,
`matchlink` = \'%s\',
`resultbylocations` = %d,
`server` = \'%s\',
`livestream` = \'%s\',
`pw` = \'%s\',
`meldefrist` = %d
WHERE warID = %d', (int) $_POST['teamID'], (int) $_POST['matchtypeID'], (int) $_POST['gameID'], strtotime($_POST['datum']), (int) $_POST['xonx1'] . 'on' . (int) $_POST['xonx2'], strsave(json_encode($lang)), $oppid, strsave(check_url($_POST['matchlink'])), (int) @$_POST['winbymaps'], strsave($_POST['server']), strsave($_POST['livestream']), strsave($_POST['pw']), strtotime($_POST['meldefrist']), $id);
if ($db->query($sql)) {
//$db->query('DELETE FROM '.DB_PRE.'ecp_wars_teilnehmer WHERE warID = '.$id);
$aktive = array();
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id);
while ($row = $db->fetch_assoc()) {
$aktive[$row['userID']] = true;
}
$db->query('SELECT scoreID FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC');
$ids = array();
while ($row = $db->fetch_assoc()) {
$ids[] = $row['scoreID'];
}
$own = 0;
$opp = 0;
foreach ($_POST as $key => $value) {
if (strpos($key, 'map_') !== false) {
@$i++;
if ((int) @$_POST['winbymaps']) {
if ((int) $_POST['score_' . $i . '_own'] > (int) $_POST['score_' . $i . '_opp']) {
$own++;
} elseif ((int) $_POST['score_' . $i . '_own'] < (int) $_POST['score_' . $i . '_opp']) {
$opp++;
} else {
$opp++;
$own++;
}
} else {
$own += (int) $_POST['score_' . $i . '_own'];
$opp += (int) $_POST['score_' . $i . '_opp'];
}
if (isset($ids[$i - 1])) {
$db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_wars_scores SET `lID` = %d, `ownscore` = %d, `oppscore` = %d WHERE scoreID = %d', (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp'], $ids[$i - 1]));
} else {
$db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_wars_scores (`wID`, `lID`, `ownscore`, `oppscore`) VALUES (%d, %d, %d, %d)', $id, (int) $value, (int) $_POST['score_' . $i . '_own'], (int) $_POST['score_' . $i . '_opp']));
}
}
}
if (count($players)) {
$text = $db->fetch_assoc('SELECT `content`, `content2` FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEXT_WAR_MSG" AND lang = "' . DEFAULT_LANG . '"');
if ($_POST['messagemode'] == 1) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1);
} else {
$aktive[(int) $value] = false;
}
}
} elseif ($_POST['messagemode'] == 2) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1);
} else {
$aktive[(int) $value] = false;
}
}
} elseif ($_POST['messagemode'] == 3) {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
message_send($value, 0, $text['content2'], str_replace('{link}', '<a href="' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '">' . SITE_URL . '?section=clanwars&action=nextwar&id=' . $id . '</a>', $text['content']), 0, 1);
send_email($db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . (int) $value), $text['content2'], str_replace('{link}', SITE_URL . '?section=clanwars&action=nextwar&id=' . $id, $text['content']), 1);
} else {
$aktive[(int) $value] = false;
}
}
} else {
foreach ($players as $value) {
if (!isset($aktive[(int) $value])) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_wars_teilnehmer (warID, userID) VALUES (' . $id . ', ' . (int) $value . ')');
} else {
$aktive[(int) $value] = false;
}
}
}
}
foreach ($aktive as $key => $value) {
if ($value == true) {
$db->query('DELETE FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE userID = ' . $key . ' AND warID = ' . $id);
}
}
header1('?section=admin&site=clanwars');
}
}
} else {
$data = $db->fetch_assoc('SELECT `tID`, `mID`, `gID`, `datum`, `xonx`, `hinweise`, `server`, `pw`, meldefrist, livestream, `oID`, `matchlink`, `resultbylocations`, `oppname`, `oppshort`, `homepage`, `country` FROM ' . DB_PRE . 'ecp_wars LEFT JOIN ' . DB_PRE . 'ecp_wars_opp ON (oppID = oID) WHERE warID = ' . $id);
$tpl = new smarty();
foreach ($data as $key => $value) {
$tpl->assign($key, $value);
}
$tpl->assign('opps', get_opps($data['oID']));
$tpl->assign('countries', form_country($data['country']));
$tpl->assign('games', get_games_form($data['gID']));
$tpl->assign('teams', get_teams_form($data['tID']));
$tpl->assign('matchtype', get_matchtype_form($data['mID']));
$tpl->assign('lang', get_languages(json_decode($data['hinweise'], true)));
$tpl->assign('func', 'editnext&id=' . $id);
$tpl->assign('datum', date('Y-m-d H:i:s', $data['datum']));
$tpl->assign('meldefrist', date('Y-m-d H:i:s', $data['meldefrist']));
$xonx = explode('on', $data['xonx']);
$tpl->assign('xonx1', $xonx[0]);
$tpl->assign('xonx2', $xonx[1]);
$result = $db->query('SELECT `scoreID`, `lID`, `ownscore`, `oppscore` FROM ' . DB_PRE . 'ecp_wars_scores WHERE wID = ' . $id . ' ORDER BY scoreID ASC');
$maps = array();
while ($row = mysql_fetch_assoc($result)) {
$row['i'] = @++$i;
$db->query('SELECT locationID, locationname FROM ' . DB_PRE . 'ecp_wars_locations WHERE gID = ' . $data['gID']);
while ($subrow = $db->fetch_assoc()) {
$subrow['locationID'] == $row['lID'] ? $sub = 'selected="selected"' : ($sub = '');
@($row['maps'] .= '<option ' . $sub . ' value="' . $subrow['locationID'] . '">' . htmlspecialchars($subrow['locationname']) . '</option>');
}
$maps[] = $row;
}
$tpl->assign('maps', $maps);
$db->query('SELECT userID FROM ' . DB_PRE . 'ecp_wars_teilnehmer WHERE warID = ' . $id);
$players = array();
while ($row = $db->fetch_assoc()) {
$players[] = $row['userID'];
}
$tpl->assign('members', get_cw_members($players));
ob_start();
$tpl->display(DESIGN . '/tpl/admin/clanwars_next.html');
$content = ob_get_contents();
ob_end_clean();
main_content(CLANWARS_EDIT, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
ob_start();
@(include "../includes/dbConf.php");
@(require_once '../phpmailer/class.phpmailer.php');
@conn();
$year = $_GET['yrAnn'];
$patna = $_GET['id'];
$from = $_GET['from'];
$to = $_GET['to'];
$duration = $_GET['category'];
$biAnn = $_GET['biAnn'];
$quarter = $_GET['quarter'];
$dev = $_GET['dev'];
$month = $_GET['month'];
generateGraph($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to);
$html = header1($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to) . headings($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to) . pdfContent($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to) . '
</table>
<table width="100%" border="1">
<tr>
<td>
<center>Graphical Summary</center>
</td>
</tr>
<tr>
<td><img style="vertical-align: top;" src="mpdf.png"/></td>
</tr>
</table>
';
function generateGraph($year, $month, $quarter, $biAnn, $dev, $patna, $duration, $from, $to)
{
function account_last_visit()
{
global $db;
if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET laststart = ' . time() . ' WHERE ID = ' . $_SESSION['userID'])) {
header1('?section=account');
}
}
function forum_mark_all()
{
global $db;
$_SESSION['lastforum']['time'] = time();
if (isset($_SESSION['userID'])) {
$db->query('UPDATE ' . DB_PRE . 'ecp_user SET lastforum = ' . time() . ' WHERE ID = ' . $_SESSION['userID']);
}
if (isset($_SERVER['HTTP_REFERER'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
} else {
header1('?section=forum');
}
}
foreach ($_POST as $key => $value) {
if (strpos($key, 'ziehung_') !== false) {
$minute = (int) $_POST['minute_' . $nr];
if ($minute < 10 and strlen($minute) == 1) {
$minute = '0' . $minute;
}
$db->query('INSERT INTO ' . DB_PRE . 'ecp_lotto_zeiten VALUES (' . (int) $value . ', \'' . (int) $_POST['stunde_' . $nr] . ':' . $minute . '\')');
$nr++;
}
}
if ($config['lottoon'] == 1 and $_POST['lottoon'] == 0) {
lotto_runde_ende();
} elseif ($config['lottoon'] == 0 and $_POST['lottoon'] == 1) {
lotto_runde_start();
}
header1('?section=admin&site=lotto&success=1');
}
}
} else {
$tpl = new smarty();
foreach ($config as $key => $value) {
$tpl->assign($key, $value);
}
$tage = array();
$db->query('SELECT wochentag, uhrzeit FROM ' . DB_PRE . 'ecp_lotto_zeiten');
$ziehungen = $db->num_rows();
if ($ziehungen) {
while ($row = $db->fetch_assoc()) {
$row['uhrzeit'] = explode(':', $row['uhrzeit']);
$tage[] = $row;
}
function admin_database()
{
global $db;
if (@$_SESSION['rights']['admin']['database']['backup'] or @$_SESSION['rights']['superadmin']) {
if (isset($_POST['submit'])) {
if (isset($_POST['backup_aktiv'])) {
if (!check_email($_POST['backup_email'])) {
table(ERROR, WRONG_EMAIL);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/database_backup.html');
$content = ob_get_contents();
ob_end_clean();
main_content(DATABASE_BACKUP, $content, '', 1);
} else {
switch ($_POST['backup_cycle']) {
case 'day':
$cycle = 'day';
break;
case 'week':
$cycle = 'week';
break;
case 'month':
$cycle = 'month';
break;
default:
$cycle = 'week';
}
if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 1, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) {
header1('?section=admin&site=database');
}
}
} else {
switch ($_POST['backup_cycle']) {
case 'day':
$cycle = 'day';
break;
case 'week':
$cycle = 'week';
break;
case 'month':
$cycle = 'month';
break;
default:
$cycle = 'week';
}
if ($db->query('UPDATE ' . DB_PRE . 'ecp_settings SET BACKUP_AKTIV = 0, BACKUP_EMAIL = \'' . strsave($_POST['backup_email']) . '\', BACKUP_CYCLE = \'' . $cycle . '\'')) {
header1('?section=admin&site=database');
}
}
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/database_backup.html');
$content = ob_get_contents();
ob_end_clean();
main_content(DATABASE_BACKUP, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
function ordner_einlesen($id)
{
global $db;
$verzeichnis = $db->result(DB_PRE . 'ecp_gallery', 'folder', 'galleryID = ' . $id);
$files = scan_dir('images/gallery/' . $verzeichnis, true);
$result = $db->query('SELECT imageID, filename FROM ' . DB_PRE . 'ecp_gallery_images WHERE gID = ' . $id);
$bilder = array();
while ($row = $db->fetch_assoc()) {
$bilder[$row['imageID'] . '_' . $row['filename']] = 0;
}
print_r($files);
print_r($bilder);
if (!file_exists('images/gallery/' . $verzeichnis . '/thumbs')) {
umask(0);
mkdir('images/gallery/' . $verzeichnis . '/thumbs', 0777);
}
foreach ($files as $name) {
if (strpos($name, '.')) {
if (array_key_exists($name, $bilder)) {
$bilder[$name] = 1;
} else {
$size = getimagesize('images/gallery/' . $verzeichnis . '/' . $name);
$db->query('INSERT INTO ' . DB_PRE . 'ecp_gallery_images (`gID`, `filename`, `uploaded`, `userID`) VALUES (' . $id . ', \'' . strsave($name) . '\', ' . time() . ', ' . (int) $_SESSION['userID'] . ')');
$pid = $db->last_id();
$db->query('UPDATE ' . DB_PRE . 'ecp_gallery SET images = images + 1 WHERE galleryID= ' . $id);
if ($size[0] > GALLERY_THUMB_SIZE) {
resize_picture('images/gallery/' . $verzeichnis . '/' . $name, GALLERY_THUMB_SIZE, 'images/gallery/' . $verzeichnis . '/thumbs/' . $pid . '_' . $name, 100);
} else {
copy('images/gallery/' . $verzeichnis . '/' . $name, 'images/gallery/' . $verzeichnis . '/thumbs/' . $pid . '_' . $name);
umask(0);
chmod('images/gallery/' . $verzeichnis . '/thumbs/' . $pid . '_' . $name, CHMOD);
}
if ($size[0] > GALLERY_PIC_SIZE) {
resize_picture('images/gallery/' . $verzeichnis . '/' . $name, GALLERY_PIC_SIZE, 'images/gallery/' . $verzeichnis . '/' . $pid . '_' . $name, 100);
unlink('images/gallery/' . $verzeichnis . '/' . $name);
} else {
rename('images/gallery/' . $verzeichnis . '/' . $name, 'images/gallery/' . $verzeichnis . '/' . $pid . '_' . $name);
}
$bilder[$name] = 1;
}
}
}
foreach ($bilder as $key => $value) {
if ($value == 0) {
if (file_exists('images/gallery/' . $verzeichnis . '/thumbs/' . $key)) {
unlink('images/gallery/' . $verzeichnis . '/thumbs/' . $key);
}
$key = substr($key, strpos($key, '_') + 1);
$pid = $db->result(DB_PRE . 'ecp_gallery_images', 'imageID', 'gID = ' . $id . ' AND filename = \'' . strsave($key) . '\'');
$db->query('DELETE FROM ' . DB_PRE . 'ecp_gallery_images WHERE imageID=' . $pid);
$db->query('DELETE FROM ' . DB_PRE . 'ecp_comments WHERE bereich = "gallery" AND subID = ' . $pid);
$db->query('UPDATE ' . DB_PRE . 'ecp_gallery SET images = images - 1 WHERE galleryID=' . $id);
}
}
header1('?section=admin&site=gallery&func=viewgallery&id=' . $id);
}
function admin_groups_edit($id)
{
global $db, $groups;
if (isset($_SESSION['rights']['admin']['groups']['edit']) or isset($_SESSION['rights']['superadmin'])) {
if (isset($_POST['submit'])) {
if ($_POST['name'] == '' and $id > 4) {
table(ERROR, GROUP_NAME_REQUIRED);
$tpl = new smarty();
$tpl->assign('art', 'edit');
$files = scan_dir('templates/' . DESIGN . '/tpl/admin/group_forms/', true);
$admin = '';
$public = '';
foreach ($_POST as $key => $value) {
$tpl->assign($key, $value);
}
foreach ($files as $value) {
$tpltemp = new smarty();
ob_start();
$tpltemp->display(DESIGN . '/tpl/admin/group_forms/' . $value);
$content = ob_get_contents();
ob_end_clean();
if (strpos($value, 'admin') === false) {
$public .= $content;
} else {
$admin .= $content;
}
}
$tpl->assign('admin', $admin);
$tpl->assign('public', $public);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/groups_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GROUP_EDIT, $content, '', 1);
} else {
$admin = array();
$public = array();
foreach ($_POST as $key => $value) {
if (strpos($key, 'admin') === 0) {
$key = substr($key, strpos($key, '_') + 1);
@($admin[substr($key, 0, strpos($key, '_', 1))][substr($key, strpos($key, '_', 1) + 1)] = $value);
} elseif (strpos($key, 'public') === 0) {
$key = substr($key, strpos($key, '_') + 1);
@($public[substr($key, 0, strpos($key, '_', 1))][substr($key, strpos($key, '_', 1) + 1)] = $value);
}
}
foreach ($admin as $key => $value) {
@($admins .= ']' . $key . ':');
foreach ($value as $key2 => $value2) {
$admins .= $key2 . '=' . $value2 . ',';
}
$admins = substr($admins, 0, strlen($admins) - 1);
}
$admins = substr($admins, 1);
foreach ($public as $key => $value) {
@($publics .= ']' . $key . ':');
foreach ($value as $key2 => $value2) {
$publics .= $key2 . '=' . $value2 . ',';
}
$publics = substr($publics, 0, strlen($publics) - 1);
}
$publics = substr($publics, 1);
if ($id > 4) {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_groups SET name = \'' . strsave($_POST['name']) . '\', admin = \'' . strsave($admins) . '\', public = \'' . strsave($publics) . '\' WHERE groupID = ' . $id)) {
$db->query('UPDATE ' . DB_PRE . 'ecp_user SET update_rights = 1');
header1('?section=admin&site=groups');
}
} else {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_groups SET admin = \'' . strsave($admins) . '\', public = \'' . strsave($publics) . '\' WHERE groupID = ' . $id)) {
$db->query('UPDATE ' . DB_PRE . 'ecp_user SET update_rights = 1');
header1('?section=admin&site=groups');
}
}
}
} else {
$tpl = new smarty();
$files = scan_dir('templates/' . DESIGN . '/tpl/admin/group_forms/', true);
$admin = '';
$public = '';
$tpl->assign('art', 'edit');
$row = $db->fetch_assoc('SELECT * FROM ' . DB_PRE . 'ecp_groups WHERE groupID = ' . $id);
$tpl->assign('id', $id);
if ($id > 4) {
$tpl->assign('name', $row['name']);
} else {
$tpl->assign('name', $groups[$row['name']]);
}
if ($row['admin'] != '') {
$array = explode(']', $row['admin']);
foreach ($array as $value) {
$data = explode(':', $value);
$name = 'admin_' . $data[0];
$data = explode(',', $data[1]);
foreach ($data as $key => $value2) {
$rights[$name][substr($value2, 0, strpos($value2, '='))] = (int) substr($value2, strpos($value2, '=') + 1);
}
}
}
if ($row['public'] != '') {
$array = explode(']', $row['public']);
foreach ($array as $value) {
$data = explode(':', $value);
$name = 'public_' . $data[0];
$data = explode(',', $data[1]);
foreach ($data as $key => $value2) {
$rights[$name][substr($value2, 0, strpos($value2, '='))] = (int) substr($value2, strpos($value2, '=') + 1);
}
}
}
foreach ($files as $value) {
$tpltemp = new smarty();
$name = substr($value, 0, strpos($value, '.'));
if (isset($rights[$name])) {
foreach ($rights[$name] as $key2 => $value2) {
$tpltemp->assign($name . '_' . $key2, $value2);
}
}
ob_start();
$tpltemp->display(DESIGN . '/tpl/admin/group_forms/' . $value);
$content = ob_get_contents();
ob_end_clean();
if (strpos($value, 'admin') === false) {
$public .= $content;
} else {
$admin .= $content;
}
}
$tpl->assign('admin', $admin);
$tpl->assign('public', $public);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/groups_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GROUP_EDIT, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
function guestbook_add()
{
global $db;
if (isset($_POST['submit'])) {
$last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="guestbook" AND IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\'');
if ($_POST['author'] == '' or $_POST['commentstext'] == '' or $_POST['captcha'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif (!check_email($_POST['email']) and $_POST['email'] != '') {
table(ERROR, WRONG_EMAIL);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif (strtolower($_POST['captcha']) != strtolower($_SESSION['captcha'])) {
table(ERROR, CAPTCHA_WRONG);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} elseif ($last > time() - SPAM_GUESTBOOK or @(int) $_COOKIE['guestbook'] > time() - SPAM_GUESTBOOK) {
$last > time() - SPAM_GUESTBOOK ? $zeit = SPAM_GUESTBOOK + $last - time() : ($zeit = SPAM_GUESTBOOK + $_COOKIE['guestbook'] - time());
table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_GUESTBOOK, $zeit), SPAM_PROTECTION_MSG));
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
} else {
$sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `author`, `beitrag`, `email`, `homepage`, `datum`, `IP`) VALUES ("guestbook", \'%s\', \'%s\', \'%s\', \'%s\', %d, \'%s\')', strsave(htmlspecialchars($_POST['author'])), strsave(comment_save($_POST['commentstext'])), strsave(htmlspecialchars($_POST['email'])), strsave(htmlspecialchars(check_url($_POST['homepage']))), time(), strsave($_SERVER['REMOTE_ADDR']));
if ($db->query($sql)) {
setcookie('guestbook', time(), time() + 365 * 86400);
header1('?section=guestbook');
}
}
unset($_SESSION['captcha']);
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html');
$content = ob_get_contents();
ob_end_clean();
main_content(GUESTBOOK_ADD, $content, '', 1);
}
}
<?php
include 'lang/' . LANGUAGE . '.php';
global $db;
if (isset($_SESSION['userID']) and (isset($_SESSION['rights']['admin']) or isset($_SESSION['rights']['superadmin']))) {
if (!isset($_SESSION['admin_verify'])) {
if (isset($_POST['passwort'])) {
if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'ID = ' . $_SESSION['userID'] . ' AND passwort = \'' . sha1($_POST['passwort']) . '\'')) {
$_SESSION['admin_verify'] = 1;
header1('?section=admin');
} else {
table(ERROR, WRONG_PW);
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/verify.html');
$content = ob_get_contents();
ob_end_clean();
main_content(SECURITY, $content, '', 1);
}
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/verify.html');
$content = ob_get_contents();
ob_end_clean();
main_content(SECURITY, $content, '', 1);
}
} else {
$tpl = new smarty();
ob_start();
$tpl->display(DESIGN . '/tpl/admin/navi.html');
<?php
include "includes/header.inc.php";
echo header1("Book Details");
include "includes/nav.inc.php";
$catid = "";
include "config.php";
$book_id = $_GET['id'];
//getting the book to display the result for the current chosen book
if (!isset($_GET['id'])) {
echo "<h1>You shouldn't have got to this page, please go back to the search form and search for a book. </h1>";
exit;
}
$query = "SELECT * FROM book\n INNER JOIN categorybook ON book.isbn = categorybook.isbn\n INNER JOIN authorbook ON book.isbn = authorbook.isbn\n INNER JOIN author ON authorbook.author_id = author.author_id WHERE book.isbn=:id";
$stmt = $conn->prepare($query);
$stmt->bindValue(':id', $book_id);
$stmt->execute();
echo "<div class='container'>";
if ($book = $stmt->fetch(PDO::FETCH_OBJ)) {
echo "<p class='title'>{$book->title}</p>\n\t<p>by {$book->f_name} {$book->l_name} </p>";
echo "<div class='detatilsleft'> <img class='bookimg'src=images/books/{$book->isbn}.jpg> </div>";
echo "<div class='description'>\n\t<h3><span> Description </span></h3>\n\t\t\t<br/><span> {$book->description}</span>\n\t\t</div>";
echo "<div class='detatilsright'>\n\t<h3><span>Book details</span></h3>\n\t<p><b>ISBN:</b>{$book->isbn} </p>\n\t<p class='title'>{$book->title}</p>\n\t<p class='price'><b>Price : </b>£{$book->price}</p>\n\t\t<p> <b>Author : </b>{$book->f_name} {$book->l_name}</p>\n\t\t\t<p> <b>No of Pages :</b> {$book->pages}</p>\n\t\t\t<p> <b>Publisher : </b>{$book->publisher}</p></div>";
$catid = $book->cat_id;
$currenrbook = $book->title;
}
$otherResult = array();
// array to store the related book
// select other books related to the same category as the current book
$query = "SELECT * FROM categorybook\n\t INNER JOIN book ON categorybook.isbn = book.isbn \n\t WHERE categorybook.cat_id=:id";
$stmt = $conn->prepare($query);
function admin_forum_edit($id)
{
global $db;
if (@$_SESSION['rights']['admin']['forum']['edit'] or @$_SESSION['rights']['superadmin']) {
if (isset($_POST['submit'])) {
if ($_POST['name'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
} else {
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_forum_boards SET
`boardparentID` = %d,
`name` = \'%s\',
`beschreibung` = \'%s\',
`closed` = %d,
`attachments` = %d,
`attachmaxsize` = %d,
`rightsread` = \'%s\',
`threadopen` = \'%s\',
`postcom` = \'%s\',
`editcom` = \'%s\',
`startsurvey` = \'%s\',
`votesurvey` = \'%s\',
`attachfiles` = \'%s\',
`downloadattch` = \'%s\',
`threadclose` = \'%s\',
`threaddel` = \'%s\',
`threadmove` = \'%s\',
`threadpin` = \'%s\',
`editmocom` = \'%s\',
`delcom` = \'%s\',
`commentsperpost` = %d,
`moneyperpost` = %f
WHERE boardID = %d', $_POST['boardparentID'], strsave($_POST['name']), strsave($_POST['beschreibung']), $_POST['closed'], $_POST['attachments'], $_POST['attachmaxsize'] * $_POST['modifkator'], admin_make_rights($_POST['rightsread']), admin_make_rights($_POST['threadopen']), admin_make_rights($_POST['postcom']), admin_make_rights($_POST['editcom']), admin_make_rights($_POST['startsurvey']), admin_make_rights($_POST['votesurvey']), admin_make_rights($_POST['attachfiles']), admin_make_rights($_POST['downloadattch']), admin_make_rights($_POST['threadclose']), admin_make_rights($_POST['threaddel']), admin_make_rights($_POST['threadmove']), admin_make_rights($_POST['threadpin']), admin_make_rights($_POST['editmocom']), admin_make_rights($_POST['delcom']), $_POST['commentsperpost'], str_replace(',', '.', $_POST['moneyperpost']), $id);
if ($db->query($sql)) {
header1('?section=admin&site=forum');
}
}
} else {
$tpl = new smarty();
$boardinfos = $db->fetch_assoc('SELECT `boardparentID`, `beschreibung`, `name`, `isforum`, `closed`, `commentsperpost`, `moneyperpost`, `attachments`, `attachmaxsize`, `rightsread`, `threadopen`, `postcom`, `editcom`, `startsurvey`, `votesurvey`, `attachfiles`, `downloadattch`, `threadclose`, `threaddel`, `threadmove`, `threadpin`, `editmocom`, `delcom` FROM ' . DB_PRE . 'ecp_forum_boards WHERE boardID = ' . $id);
$tpl->assign('beschreibung', $boardinfos['beschreibung']);
$tpl->assign('isforum', $boardinfos['isforum']);
$tpl->assign('closed', $boardinfos['closed']);
$tpl->assign('commentsperpost', $boardinfos['commentsperpost']);
$tpl->assign('moneyperpost', $boardinfos['moneyperpost']);
$tpl->assign('attachments', $boardinfos['attachments']);
$tpl->assign('attachmaxsize', $boardinfos['attachmaxsize']);
$tpl->assign('name', $boardinfos['name']);
$db->query('SELECT groupID, name FROM ' . DB_PRE . 'ecp_groups ORDER by name ASC');
$gruppen = array();
while ($row = $db->fetch_assoc()) {
$gruppen[] = $row;
}
$db->query('SELECT boardID, name FROM ' . DB_PRE . 'ecp_forum_boards WHERE isforum = 0 ORDER BY name ASC');
$boards = '';
while ($row = $db->fetch_assoc()) {
$boards .= '<option ' . ($boardinfos['boardparentID'] == $row['boardID'] ? 'selected="selected" ' : '') . 'value="' . $row['boardID'] . '">' . $row['name'] . '</option>';
}
$tpl->assign('boards', $boards);
$tpl->assign('rightsread', forum_make_rights($gruppen, explode(',', substr($boardinfos['rightsread'], 1, strlen($boardinfos['rightsread']) - 2))));
$tpl->assign('threadopen', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadopen'], 1, strlen($boardinfos['threadopen']) - 2))));
$tpl->assign('postcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['postcom'], 1, strlen($boardinfos['postcom']) - 2))));
$tpl->assign('editcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editcom'], 1, strlen($boardinfos['editcom']) - 2))));
$tpl->assign('startsurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['startsurvey'], 1, strlen($boardinfos['startsurvey']) - 2))));
$tpl->assign('votesurvey', forum_make_rights($gruppen, explode(',', substr($boardinfos['votesurvey'], 1, strlen($boardinfos['votesurvey']) - 2))));
$tpl->assign('attachfiles', forum_make_rights($gruppen, explode(',', substr($boardinfos['attachfiles'], 1, strlen($boardinfos['attachfiles']) - 2))));
$tpl->assign('downloadattch', forum_make_rights($gruppen, explode(',', substr($boardinfos['downloadattch'], 1, strlen($boardinfos['downloadattch']) - 2))));
$tpl->assign('threadclose', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadclose'], 1, strlen($boardinfos['threadclose']) - 2))));
$tpl->assign('threaddel', forum_make_rights($gruppen, explode(',', substr($boardinfos['threaddel'], 1, strlen($boardinfos['threaddel']) - 2))));
$tpl->assign('threadmove', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadmove'], 1, strlen($boardinfos['threadmove']) - 2))));
$tpl->assign('threadpin', forum_make_rights($gruppen, explode(',', substr($boardinfos['threadpin'], 1, strlen($boardinfos['threadpin']) - 2))));
$tpl->assign('editmocom', forum_make_rights($gruppen, explode(',', substr($boardinfos['editmocom'], 1, strlen($boardinfos['editmocom']) - 2))));
$tpl->assign('delcom', forum_make_rights($gruppen, explode(',', substr($boardinfos['delcom'], 1, strlen($boardinfos['delcom']) - 2))));
$tpl->assign('url', 'edit&id=' . $id);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/forum_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(FORUM_ADD, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
function survey_vote($id)
{
global $db;
if (isset($_GET['ajax'])) {
ob_end_clean();
$db->setMode(0);
}
$umfrage = $db->fetch_assoc('SELECT `start`, `ende`, `antworten`, `sperre` FROM ' . DB_PRE . 'ecp_survey WHERE (access = "" OR ' . $_SESSION['access_search'] . ') AND surveyID = ' . $id);
if (isset($umfrage['antworten'])) {
$sperre = false;
if (isset($_COOKIE['surveys'][$id]) and $_COOKIE['surveys'][$id]) {
if ($_COOKIE['surveys'][$id] + $umfrage['sperre'] > time()) {
$zeit = $_COOKIE['surveys'][$id];
$sperre = true;
}
} elseif (isset($_SESSION['userID'])) {
$zeit = @$db->result(DB_PRE . 'ecp_survey_votes', 'votedatum', 'userID = ' . $_SESSION['userID'] . ' AND surID = ' . $id . ' ORDER BY votedatum DESC LIMIT 1');
if ((int) $zeit + $umfrage['sperre'] > time()) {
$sperre = true;
}
} else {
$zeit = $db->result(DB_PRE . 'ecp_survey_votes', 'votedatum', 'IP = \'' . $_SERVER['REMOTE_ADDR'] . '\' AND surID = ' . $id . ' ORDER BY votedatum DESC LIMIT 1');
if ((int) $zeit + $umfrage['sperre'] > time()) {
$sperre = true;
}
}
if ($umfrage['start'] > time() or $umfrage['ende'] < time()) {
if (isset($_GET['ajax'])) {
echo SURVEY_NOT_AKTIV;
} else {
table(ERROR, SURVEY_NOT_AKTIV);
survey();
}
} elseif ($sperre) {
if (isset($_GET['ajax'])) {
echo str_replace('{zeit}', ($zeit + $umfrage['sperre'] - time()) / 60, SURVEY_RELOAD_LOCK);
} else {
table(ERROR, str_replace('{zeit}', ($zeit + $umfrage['sperre'] - time()) / 60, SURVEY_RELOAD_LOCK));
survey();
}
} else {
if ($umfrage['antworten'] == 1) {
$aid = (int) @$_POST['answer'];
if ($aid) {
if ($db->result(DB_PRE . 'ecp_survey_answers', 'COUNT(answerID)', 'sID = ' . $id . ' AND answerID = ' . $aid)) {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_survey_answers SET votes = votes+1 WHERE sID = ' . $id . ' AND answerID = ' . $aid)) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_survey_votes (`surID`, `userID`, `IP`, `votedatum`) VALUES (' . $id . ', ' . (int) @$_SESSION['userID'] . ', \'' . $_SERVER['REMOTE_ADDR'] . '\', ' . time() . ')');
setcookie("survey[{$id}]", time(), time() + 365 * 86400);
if (isset($_GET['ajax'])) {
echo 'ok';
} else {
header1('?section=survey');
}
}
} else {
if (isset($_GET['ajax'])) {
echo SURVEY_CHOOSE_EQAL_ID;
} else {
table(ERROR, SURVEY_CHOOSE_EQAL_ID);
survey();
}
}
} else {
if (isset($_GET['ajax'])) {
echo SURVEY_MAKE_A_CHOOSE;
} else {
table(ERROR, SURVEY_MAKE_A_CHOOSE);
survey();
}
}
} else {
$db->query('SELECT answerID FROM ' . DB_PRE . 'ecp_survey_answers WHERE sID = ' . $id);
$answers = array();
while ($row = $db->fetch_assoc()) {
$answers[] = $row['answerID'];
}
$antworten = '';
foreach ($_POST as $key => $value) {
if (strpos($key, 'answer_') !== false) {
$key = (int) substr($key, strpos($key, '_') + 1);
if (in_array($key, $answers)) {
@($antworten .= ' OR answerID = ' . $key);
@$gesamt++;
}
}
}
if ($gesamt > $umfrage['antworten']) {
if (isset($_GET['ajax'])) {
echo str_replace('{anzahl}', $umfrage['antworten'], SURVEY_TOO_MANY);
} else {
table(ERROR, str_replace('{anzahl}', $umfrage['antworten'], SURVEY_TOO_MANY));
survey();
}
} elseif (strlen($antworten)) {
if ($db->query('UPDATE ' . DB_PRE . 'ecp_survey_answers SET votes = votes+1 WHERE sID = ' . $id . ' AND (' . substr($antworten, 4) . ')')) {
$db->query('INSERT INTO ' . DB_PRE . 'ecp_survey_votes (`surID`, `userID`, `IP`, `votedatum`) VALUES (' . $id . ', ' . (int) @$_SESSION['userID'] . ', \'' . $_SERVER['REMOTE_ADDR'] . '\', ' . time() . ')');
setcookie("survey[{$id}]", time(), time() + 365 * 86400);
if (isset($_GET['ajax'])) {
echo 'ok';
} else {
header1('?section=survey');
}
}
} else {
if (isset($_GET['ajax'])) {
echo SURVEY_MAKE_A_CHOOSE;
} else {
table(ERROR, SURVEY_MAKE_A_CHOOSE);
survey();
}
}
}
}
} else {
if (isset($_GET['ajax'])) {
echo NO_ENTRIES_ID;
} else {
table(ERROR, NO_ENTRIES_ID);
survey();
}
}
if (isset($_GET['ajax'])) {
die;
}
}
function admin_news_del($id)
{
global $db;
if (isset($_GET['agree'])) {
$id = (int) $_GET['id'];
if ($db->result(DB_PRE . 'ecp_news', 'COUNT(newsID)', 'newsID = ' . $id)) {
if ($db->query('DELETE FROM ' . DB_PRE . 'ecp_comments WHERE subID = ' . $id . ' AND bereich = "news"')) {
if ($db->query('DELETE FROM ' . DB_PRE . 'ecp_news WHERE newsID = ' . $id)) {
header1('?section=admin&site=news');
}
}
} else {
echo NO_ENTRIES_ID;
}
} else {
table(DELETE, '<center>' . DEL_NEWS . '<br /><a href="?section=admin&site=news&func=del&id=' . $id . '&agree=1"><span class="error">' . YES . '</span></a> <a href="?section=admin&site=news">' . NO . '</a></center>');
}
}
function comments_edit($bereich, $subid, $id, $conditions, $session = '', $admin = '')
{
global $db;
$com = $db->fetch_assoc('SELECT `subID`, `bereich`, `userID`, `author`, `beitrag`, `email`, `homepage`, `datum`, `editdatum`, `editby`, `edits`, `IP` FROM ' . DB_PRE . 'ecp_comments WHERE subID = ' . $subid . ' AND bereich = "' . strsave($bereich) . '" AND comID = ' . $id);
if (isset($com['subID'])) {
if (isset($_SESSION['userID']) and (@$_SESSION['rights']['public'][$session ? $session : $bereich]['com_edit'] and $_SESSION['userID'] == $com['userID'] and $com['userID'] != 0 or @$_SESSION['rights']['admin'][$bereich][$admin ? $admin : 'com_edit'] or @$_SESSION['rights']['superadmin'])) {
if (isset($_POST['submit'])) {
if ($_POST['commentstext'] == '') {
table(ERROR, NO_INPUT);
$tplc = new smarty();
$tplc->assign('section', $conditions['section'] ? $conditions['section'] : $bereich);
$tplc->assign('action', $conditions['action']);
$tplc->assign('id', $id);
$tplc->assign('edit', 1);
$tplc->assign('userID', $com['userID']);
$tplc->assign('sub', '&subid=' . $subid);
foreach ($_POST as $key => $value) {
$tplc->assign($key, $value);
}
ob_start();
$tplc->display(DESIGN . '/tpl/comment_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(EDIT_COMMENT, $content, '', 1);
} else {
if ($com['userID'] == 0) {
if ($_POST['author'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tplc = new smarty();
$tplc->assign('section', $conditions['section'] ? $conditions['section'] : $bereich);
$tplc->assign('action', $conditions['action']);
$tplc->assign('id', $id);
$tplc->assign('edit', 1);
$tplc->assign('userID', $com['userID']);
$tplc->assign('sub', '&subid=' . $subid);
foreach ($_POST as $key => $value) {
$tplc->assign($key, $value);
}
ob_start();
$tplc->display(DESIGN . '/tpl/comment_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(EDIT_COMMENT, $content, '', 1);
} else {
$sql = sprintf('UPDATE
' . DB_PRE . 'ecp_comments SET
`author` = \'%s\', `beitrag` = \'%s\', `email` = \'%s\', `homepage` = \'%s\', `editdatum` = %d, `editby` = %d, `edits` = edits + 1
WHERE comID = %d', strsave(htmlspecialchars($_POST['author'])), strsave(comment_save($_POST['commentstext'])), strsave(htmlspecialchars($_POST['email'])), strsave(htmlspecialchars(check_url($_POST['homepage']))), time(), $_SESSION['userID'], $id);
if ($db->query($sql)) {
$anzahl = $db->result(DB_PRE . 'ecp_comments', 'COUNT(comID)', 'subID = ' . $subid . ' AND bereich = "' . $bereich . '" AND comID ' . ($conditions['ORDER'] == "ASC" ? '<' : '>') . ' ' . $id);
$seiten = ceil($anzahl / $conditions['LIMIT']);
header1($conditions['link'] . '&page=' . $seiten . '#com_' . $id);
}
}
} else {
$sql = sprintf('UPDATE
' . DB_PRE . 'ecp_comments SET
`beitrag` = \'%s\', `editdatum` = %d, `editby` = %d, `edits` = edits + 1
WHERE comID = %d', strsave(comment_save($_POST['commentstext'])), time(), $_SESSION['userID'], $id);
if ($db->query($sql)) {
$anzahl = $db->result(DB_PRE . 'ecp_comments', 'COUNT(comID)', 'subID = ' . $subid . ' AND bereich = "' . $bereich . '" AND comID ' . ($conditions['ORDER'] == "ASC" ? '<=' : '>=') . ' ' . $id);
$seiten = ceil($anzahl / $conditions['LIMIT']);
header1($conditions['link'] . '&page=' . $seiten . '#com_' . $id);
}
}
}
} else {
$tplc = new Smarty();
$tplc->assign('section', $conditions['section'] ? $conditions['section'] : $bereich);
$tplc->assign('action', $conditions['action']);
$tplc->assign('id', $id);
$tplc->assign('edit', 1);
$tplc->assign('sub', '&subid=' . $subid);
$tplc->assign('commentstext', htmlentities($com['beitrag']));
$tplc->assign('userID', $com['userID']);
$tplc->assign('author', $com['author']);
$tplc->assign('homepage', $com['homepage']);
$tplc->assign('email', $com['email']);
ob_start();
$tplc->display(DESIGN . '/tpl/comment_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(EDIT_COMMENT, $content, '', 1);
}
} else {
table(ACCESS_DENIED, NO_ACCESS_RIGHTS);
}
} else {
table(ERROR, NO_ENTRIES_ID);
}
}
function admin_menu_edit($id)
{
global $db;
if (@$_SESSION['rights']['admin']['menu']['edit'] or @$_SESSION['rights']['superadmin']) {
if (isset($_POST['submit'])) {
if ($_POST['name'] == '' or $_POST['design'] == '') {
table(ERROR, NOT_NEED_ALL_INPUTS);
$tpl = new smarty();
foreach ($_POST as $key => $value) {
$tpl->assign($key, $value);
}
$tpl->assign('module', get_module($_POST['modul']));
$tpl->assign('designs', get_designs($_POST['design']));
$tpl->assign('access', get_form_rights($_POST['access']));
$tpl->assign('func', 'add');
$lang = get_languages();
in_array('all', $_POST['language']) ? $options = '<option value="all" selected="selected">' . ALL . '</option>' : ($options = '<option value="all">' . ALL . '</option>');
foreach ($lang as $value) {
$options .= '<option ' . (in_array($value['lang'], $_POST['language']) ? ' selected="selected"' : '') . 'value="' . $value['lang'] . '">' . $value['name'] . '</option>';
}
$tpl->assign('languages', $options);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/menu_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(MENU_ADD, $content, '', 1);
} else {
if (in_array('all', $_POST['language'])) {
$lang = '';
} else {
$lang = ',' . implode(',', $_POST['language']) . ',';
}
$sql = sprintf('UPDATE ' . DB_PRE . 'ecp_menu SET `name` = \'%s\', `headline` = \'%s\', `inhalt` = \'%s\', `hposi` = \'%s\', `usetpl` =%d, `design` = \'%s\', `access` = \'%s\', `lang` = \'%s\', `modul` = \'%s\' WHERE menuID = %d', strsave($_POST['name']), strsave($_POST['headline']), strsave($_POST['inhalt']), strsave($_POST['postion']), (int) @$_POST['usetpl'], strsave($_POST['design']), strsave(admin_make_rights($_POST['access'])), strsave($lang), strsave($_POST['modul']), $id);
if ($db->query($sql)) {
header1('?section=admin&site=menu');
}
}
} else {
$menu = $db->fetch_assoc('SELECT * FROM ' . DB_PRE . 'ecp_menu WHERE menuID = ' . $id);
$tpl = new smarty();
$menu['headline'] = htmlentities($menu['headline']);
foreach ($menu as $key => $value) {
$tpl->assign($key, $value);
}
$tpl->assign('func', 'edit&id=' . $id);
$tpl->assign('module', get_module($menu['modul']));
$tpl->assign('designs', get_designs($menu['design']));
$tpl->assign('access', get_form_rights(explode(',', $menu['access'])));
$lang = get_languages();
$langs = explode(',', $menu['lang']);
$options = '<option value="all" ' . (count($langs) < 3 ? 'selected="selected"' : '') . '>' . ALL . '</option>';
foreach ($lang as $value) {
$options .= '<option ' . (in_array($value['lang'], $langs) ? ' selected="selected"' : '') . 'value="' . $value['lang'] . '">' . $value['name'] . '</option>';
}
$tpl->assign('languages', $options);
ob_start();
$tpl->display(DESIGN . '/tpl/admin/menu_add_edit.html');
$content = ob_get_contents();
ob_end_clean();
main_content(MENU_EDIT, $content, '', 1);
}
} else {
table(ERROR, NO_ADMIN_RIGHTS);
}
}
<?php
include "includes/header.inc.php";
echo header1("Welcome to my design Page");
include "includes/nav.inc.php";
include "config.php";
?>
<div class="container">
<div>
<h1> scenario for PHP book search </h1>
<p> PHP Book Search Engine is a advanced search engine for books, you can search by Book Name, Author or ISBN. </p>
<p> Books have many author - authors have many books. </p>
<p> category have many books - books have many category. </p>
</div>
<div>
<h1> Class Diagram </h1>
<img class="dsgimage" src="images/classdg.jpg"/>
</div>
<div>
<h1> Physical Diagram </h1>
<img class="dsgimage" src="images/physicaldg.jpg"/>
</div>
<div>
<h1> Sql Designer view </h1>
<img class="dsgimage" src="images/sqlrelation.jpg"/>
</div>
<?php
include "includes/header.inc.php";
echo header1("Home Page");
include "includes/nav.inc.php";
//connection to the database
include "config.php";
$conn = ConnectionFactory::connect();
$dosearch = false;
$results = array();
$search_term = "";
if (isset($_GET['search_for'])) {
$search_term = $_GET['search_for'];
// getting the value from the user
}
?>
<div class="container">
<div id="search">
<form action="" method="GET">
<h2> Search by Book Name - ISBN or Author </h2>
<label for="search-field">Search</label>
<input type="search" name="search_for" placeholder="Enter your search term..." results="5" value="<?php
echo $search_term;
?>
">
<p class="error">
<?php
if (isset($_GET['search_for'])) {
$search_term = $_GET['search_for'];
// getting the value from the user
