function cleantext ($text, $hsc=0) {
$text = my_nl2br(stripslashes($text));
$text = str_replace("§"," ",$text);
$text = trim($text);
if($hsc == 1) $text = htmlspecialchars($text);
return $text;
}
?>
nowrap><font color="<?php
echo $table_body_font_color_1;
?>
"> <?php
echo $lSignature;
?>
: </font></td>
<td <?php
echo bgcolor($table_body_color_1);
?>
><font color="<?php
echo $table_body_font_color_1;
?>
"><?php
echo my_nl2br(htmlspecialchars($rec["signature"]));
?>
</font></td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
<?php
}
$HeroName = "";
$heroid = "";
$desc = "";
$stats = "";
$skills = "";
$type = 0;
}
if (isset($_POST["edit_hero"])) {
$HeroName = EscapeStr($_POST["hero_name"]);
$heroid = EscapeStr($_POST["heroid"]);
$desc = my_nl2br(trim($_POST["desc"]));
$desc = str_replace(array("Š", "š"), array("Š", "š"), $desc);
$type = (int) $_POST["type"];
$stats = my_nl2br(removeDoubleSpaces(trim($_POST["stats"])));
$stats = str_replace(array("Š", "š"), array("Š", "š"), $stats);
$skills = my_nl2br(removeDoubleSpaces(trim($_POST["skills"])));
$skills = str_replace(array("Š", "š"), array("Š", "š"), $skills);
if ($heroid != "" and strlen($HeroName) >= 2) {
if (isset($_GET["edit"])) {
$update = $db->update(OSDB_HEROES, array("description" => $HeroName, "summary" => $desc, "stats" => $stats, "skills" => $skills, "type" => $type), "heroid = '" . $edit . "' ");
OS_AddLog($_SESSION["username"], "[os_heroes] EDITED HERO ( {$edit}, {$HeroName} )");
} else {
$hid = str_replace(".gif", "", $heroid);
$check = $db->prepare("SELECT * FROM " . OSDB_HEROES . " WHERE heroid = '" . $hid . "' ");
$result = $check->execute();
if ($check->rowCount() >= 1) {
?>
<h2>Hero already exists</h2><?php
} else {
//INSERT
$db->insert(OSDB_HEROES, array("heroid" => $hid, "original" => $hid, "description" => $HeroName, "summary" => $desc, "stats" => $stats, "skills" => $skills, "type" => $type));
}
if (strlen($id) == 3) {
$id = "0000" . $id;
}
if (strlen($id) == 4) {
$id = "000" . $id;
}
if (strlen($id) == 5) {
$id = "00" . $id;
}
if (strlen($id) == 6) {
$id = "0" . $id;
}
} else {
$id = 1;
}
$_POST['name'] = cleantext($_POST['name'], 1);
$_POST['email'] = cleantext($_POST['email'], 1);
$_POST['comment'] = cleantext($_POST['comment']);
$datum = time();
$nl = chr(13) . chr(10);
$fp = fopen($cf, "a");
flock($fp, 2);
fwrite($fp, my_nl2br(implode(array($id, $_POST['commentid'], $_POST['comment'], $_POST['name'], $_POST['email'], $datum), "§")) . $nl);
flock($fp, 3);
fclose($fp);
echo '<br /><br /><br /><div align="center">Dein Kommentar wurde erfolgreich eingetragen. Du wirst in 3 Sekunden weitergeleitet.<br /><a href="' . $_POST['backurl'] . '">Wenn Du nicht länger warten willst, klicke hier</a>.</div>';
echo '<meta http-equiv="refresh" content="3; URL=' . $_POST['backurl'] . '">';
}
}
#########################################
$item_info = "";
$price = "";
$type = "";
$icon = "AbyssalBlade.gif";
$itemID = "";
if (isset($_GET["edit"]) or isset($_GET["add"])) {
if (isset($_GET["edit"])) {
$edit = safeEscape($_GET["edit"]);
} else {
$edit = "";
}
if (isset($_POST["edit_item"])) {
$icon = safeEscape($_POST["icon"]);
$name = convEnt2($_POST["name"]);
$shortname = convEnt2($_POST["shortname"]);
$item_info = my_nl2br(convEnt2(trim($_POST["item_info"])));
$item_info = str_replace(array("Š", "š"), array("Š", "š"), $item_info);
$price = EscapeStr($_POST["price"]);
$type = EscapeStr($_POST["type"]);
$icon = EscapeStr($_POST["icon"]);
if (strlen($name) >= 2 and strlen($shortname) >= 2) {
if (isset($_GET["edit"])) {
$upd = 1;
$update = $db->update(OSDB_ITEMS, array("name" => $name, "shortname" => $shortname, "item_info" => $item_info, "price" => $price, "type" => $type, "icon" => $icon), "itemid = '" . $edit . "' ");
if ($upd) {
?>
<h2>Item successfully updated</h2><?php
OS_AddLog($_SESSION["username"], "[os_items] EDITED ITEM ( {$name}, {$edit} )");
}
} else {
if (isset($_GET["add"])) {
<?php
if (!isset($website)) {
header('HTTP/1.1 404 Not Found');
die;
}
$BanAppeal = "";
$MenuClass["bans"] = "active";
if (isset($_POST["submit_appeal"])) {
$player = safeEscape(trim($_SESSION["bnet_username"]));
$subject = safeEscape(trim($_POST["subject"]));
$reason = safeEscape(trim($_POST["message"]));
$reason = my_nl2br(trim($_POST["message"]));
$reason = nl2br($reason);
$reason = EscapeStr($reason);
$game_url = EscapeStr(trim($_POST["game_url"]));
$replay_url = EscapeStr(trim($_POST["replay_url"]));
$errors = "";
if (strlen($player) <= 2) {
$errors .= "<div>" . $lang["error_report_player"] . "</div>";
}
if (strlen($reason) <= 3) {
$errors .= "<div>" . $lang["error_report_reason"] . "</div>";
}
if (!is_logged()) {
$errors = "<div>" . $lang["error_report_login"] . "</div>";
}
if (isset($_SESSION["last_report"]) and $_SESSION["last_report"] + $BanReportTime > time()) {
$TimeLeft = time() - $_SESSION["last_report"];
$errors = "<div>" . $lang["error_report_time2"] . " " . ($BanReportTime - $TimeLeft) . " " . $lang["error_sec"] . " </div>";
}
?>
<div align="center">
<h2>Post successfully deleted. <a href="<?php
echo $website;
?>
adm/?posts">« Back</a></h2>
</div>
<?php
}
//ADD / EDIT POST
if (isset($_GET["add"]) or isset($_GET["edit"]) and is_numeric($_GET["edit"])) {
if (isset($_POST["add_post"])) {
$title = EscapeStr($_POST["post_title"]);
$status = EscapeStr((int) $_POST["status"]);
$allow_comments = EscapeStr((int) $_POST["allow_comments"]);
$text = my_nl2br(convEnt2(trim($_POST["post_text"])));
$text = str_replace(array("Š", "š"), array("Š", "š"), $text);
$errors = "";
$time = time();
$author = EscapeStr((int) $_POST["author"]);
if (strlen($title) <= 3) {
$errors .= "<div>Field Title does not have enough characters</div>";
}
if (strlen($text) <= 5) {
$errors .= "<div>Field Text does not have enough characters</div>";
}
if (empty($errors)) {
if (isset($_GET["add"])) {
$ins = 1;
$insert = $db->prepare("INSERT INTO " . OSDB_NEWS . "(news_title, news_content, news_date, status, allow_comments, author)\n\t\tVALUES('" . $title . "', '" . $text . "', '" . $time . "', '" . $status . "', '" . $allow_comments . "', '" . $author . "') ");
$result = $insert->execute();
// chmod 777!
if ($_FILES['file']['size'] > $maxsize) {
echo 'Die Datei ' . $_FILES['file']['name'] . ' ist zu gross! <br /><br />';
drawfooter($version);
exit;
}
if (move_uploaded_file($_FILES['file']['tmp_name'], $dir . $_FILES['file']['name'])) {
echo $_FILES['file']['name'] . ' wurde hochgeladen!<br />';
$upflname = $_FILES['file']['name'];
} else {
echo 'Fehler! Die Datei konnte nicht hochgeladen werden!<br /><br />';
drawfooter($version);
exit;
}
/* ------------ */
} else {
$upflname = '';
}
$nl = chr(13) . chr(10);
$fp = fopen($catfile, "a");
flock($fp, 2);
fwrite($fp, my_nl2br(implode(array($id, $_POST['name'], $upflname, '', ''), '§')) . $nl);
flock($fp, 3);
fclose($fp);
echo 'Kategorie erfolgreich hinzugefügt!<br /><br />';
}
}
#########################################
/* Seitenende */
echo '<br /><br />';
drawfooter($version);
$id = '0' . $id;
}
} else {
$id = 1;
}
$_POST['user'] = cleantext($_POST['user']);
$_POST['pwd'] = crypt($_POST['pwd'], 'lala');
$nl = chr(13) . chr(10);
$fp = fopen($datafile, "w+");
flock($fp, 2);
fwrite($fp, '<?php' . $nl);
fwrite($fp, '/*' . $nl);
for ($i = 2; $i < $zeilen - 2; $i++) {
fwrite($fp, $zeile[$i]);
}
fwrite($fp, my_nl2br(implode(array($_POST['user'], $_POST['level'], $_POST['pwd'], $id, ''), '§')) . $nl);
fwrite($fp, '*/' . $nl);
fwrite($fp, '?>');
flock($fp, 3);
fclose($fp);
echo '<br />
User erfolgreich hinzugefügt!<br />
Hier nochmal die Daten:<br />
Login-name: <b>' . $_POST['user'] . '</b><br />
Passwort(verschlüsselt): <b>' . $_POST['pwd'] . '</b><br />
Level: <b>' . $_POST['level'] . '</b>';
}
#########################################################
echo '</td>
</tr>
</table>';
