* global */ global $config, $s_joueur, $s_theme, $db, $dbprefix, $db, $dbprefix, $strAjouter; /******************************************************** * Ajout d'un commentaire */ if ($op == "addshout") { /*** verification securite ***/ if ($s_joueur == "" || $s_joueur == NULL) { js_goto('?page=login'); } if (!$contenu) { js_goto("?page=index"); } $date = time(); $contenu = remove_XSS($contenu); $pseudo = nom_joueur($s_joueur); $sqladd = "INSERT INTO {$dbprefix}shoutbox(id,pseudo,date,contenu) Values('','{$pseudo}','{$date}','{$contenu}')"; $reqadd = mysql_query($sqladd) or die('Erreur SQL !<br>' . $sqladd . '<br>' . mysql_error()); if ($a == "o") { js_goto("?page=shoutbox&op=archive"); } else { js_goto("?page=index"); } } /******************************************************** * Del d'un commentaire */ if ($op == "del") { /*** verification securite ***/ if ($grade['a'] != 'a' && $grade['b'] != 'b' && $grade['m'] != 'm') {
js_goto($PHP_SELF); } $str = ''; $erreur = 0; if (!$nom) { $erreur = 1; $str .= "- {$strElementsNomInvalide}<br>"; } if (!is_numeric($nbplaces) || $nbplaces <= 0) { $erreur = 1; $str .= "- {$strErreurNbPlaces}<br>"; } if ($erreur == 1) { show_erreur_saisie($str); } else { $nom = remove_XSS($nom); $db->insert("{$dbprefix}tournois (nom,type,jeux,poules,winner,looser,elimination,modeequipe,modescore,modematchscore,modeinscription,status,places)"); $db->values("'{$nom}','{$type}',{$jeux},0,0,0,'S','{$modeequipe}','A','{$modematchscore}','A','I',{$nbplaces}"); $db->exec(); $id = $db->insert_id(); /*** redirection ***/ js_goto("?page=tournois&op=modify&id={$id}"); } } elseif ($op == "do_modify") { /*** verification securite ***/ verif_admin_tournois($s_joueur, $s_tournois, $grade['a'], $grade['b'], $grade['t']); if (is_numeric($id)) { if ($stats == 'http://') { $stats = ''; } $db->update("{$dbprefix}tournois");
$mail->AddAddress($to); $mail->Subject = $subject; $mail->Body = $body; if (!$mail->Send()) { show_erreur("{$strErreurMessageEnvoi}<br><br>{$mail->ErrorInfo}"); } } } else { if ($choix1 == "agree") { // le joueur est d'accord $rapport_end = ' ' . $rapport . '<hr>Log date: ' . strftime(DATESTRING1, $date) . ' ' . $strJoueur . ' : ' . $name . ' ' . $strLAD_is_agree . ' <hr>'; if ($message != "") { $message = remove_XSS($message); $rapport_end .= $name . ':<br />' . $message . '<hr>'; } $date_up = time(); $db->update("{$dbprefix}ladder_match"); $db->set("rapport='{$rapport_end}',valide='B',date_up='{$date_up}'"); $db->where("id = {$m_id} AND ladder_id = {$lad_id} "); $db->exec(); $db->insert("{$dbprefix}messages (emetteur,destinataire,titre,message,date)"); $db->values("'{$sender}','{$adv}','Ladder : {$strLAD_incom2} ','{$rapport_end}','{$date}'"); $db->exec(); $db->select("mail"); $db->from("{$dbprefix}ladder_data"); $db->where("id = '{$lad_id}'"); $db->exec(); $lad_while = $db->fetch();
$steamid = strtoupper(remove_XSS($steamid)); $icq = remove_XSS($icq); $aim = remove_XSS($aim); $msn = remove_XSS($msn); $yim = remove_XSS($yim); $db->update("{$dbprefix}joueurs"); $db->set("pseudo='{$pseudo}', nom='{$nom}', prenom='{$prenom}', email='{$email}', carton='{$carton}', sanction='{$sanction}', age='{$age}', ville='{$ville}',origine='{$origine}'"); $db->set("icq='{$icq}', aim='{$aim}', msn='{$msn}', yim='{$yim}'"); $db->set("admin='{$admin}', newseur='{$newseur}', modo='{$modo}', etat='{$etat}', langue='{$langue}'"); $db->set("steam='{$steamid}',forum_userrank='{$forum_userrank}',remarque='{$remarque}',jointeam='{$jointeam}',allowmp='{$allowmp}'"); if ($etat == 'P' || $etat == 'I') { $db->set("dateinscription = '{$date}'"); } foreach ($_POST as $key => $value) { if (preg_match("/^ext_([0-9a-zA-Z]+)\$/", $key, $keylist)) { $value = remove_XSS($value); $db->set("{$keylist['0']}='{$value}'"); } } $db->where("id = {$id}"); $db->exec(); /*** redirection ***/ js_goto("?page=joueurs&op=admin&id={$id}"); } } elseif ($op == "change_passwd") { /*** test de la session ***/ if (empty($s_joueur)) { js_goto("?page=index"); } echo "<p class=title>.:: {$strModifPass} ::.</p>\n"; echo "<form method=post action=?page=joueurs&op=do_change_passwd>";
$i_search = $start; $navig = '0'; while ($rech = $db->fetch($res)) { if ($i_search < $nb_max - 1) { if ($rech->topic != '' || $rech->topic != NULL) { if ($rech_ps == 'NO') { echo '<br><table border=1 cellpadding="4" cellspacing="2" class="bordure1" width="90%">'; echo '<tr> <td class="textforum"></td><td class="headerfiche"><div align=left><b>' . $strTopic . '</b></div></td> <td class="headerfiche" width=1%><div align=right><font size=-4><b>' . $strFLast . '</b></font></div></td> </tr>'; } $rech_ps = 'OK'; $topid = $rech->topid; $tit = $rech->topic; $titre = remove_XSS(base64_decode($tit)); $cat = $rech->cattopic; $auteur = show_joueur($rech->auteur); // requete interne $db->select("reserved"); $db->from("{$dbprefix}forum WHERE (cattopic='{$cat}' AND cattitle != '')"); $resr2 = $db->exec(); while ($datar2 = $db->fetch($resr2)) { $reserved = $datar2->reserved; } //en requete interne $date = strftime("%c", $rech->topic_date); if ($rech->topic != '' || $rech->topic != NULL) { if ($grade['a'] == 'a' || $grade['b'] == 'b') { $is_able_to_see = 'yes'; }
$str .= "- " . $strElementsTitreInvalide . "<br>"; } if (!$contenu) { $erreur = 1; $str .= "- " . $strElementsContenuInvalide . "<br>"; } if (!$destinataire) { $erreur = 1; $str .= "- " . $strElementsDestinataireInvalide . "<br>"; } if ($erreur == 1) { show_erreur_saisie($str); } else { $date = time(); $titre = remove_XSS($titre); $contenu = remove_XSS(addslashes($contenu)); $db->insert("{$dbprefix}messages (emetteur,destinataire,titre,message,date)"); $db->values("'{$s_joueur}','{$destinataire}','{$titre}','{$contenu}','{$date}'"); $db->exec(); js_goto("?page=messagerie&ok=1"); } } elseif ($op == "lire") { echo "<p class=title>.:: {$strMessagerie} ::.</p>"; $db->select("*"); $db->from("{$dbprefix}messages"); $db->where("id = '{$id}'"); $db->where("destinataire = {$s_joueur}"); $res = $db->exec(); $message = $db->fetch($res); $db->update("{$dbprefix}messages"); $db->set("lu = '1'");
$topic = $_GET['topic']; if ($topic == '' || $_GET['toplast'] == '1') { $db->select("topic"); $db->from("{$dbprefix}forum_message"); $db->where("topid = '{$topid}'"); $db->where("topic != ''"); $db->order_by("topic"); $resre = $db->exec(); while ($datare = $db->fetch($resre)) { $topic = base64_encode($datare->topic); } } $topiced = remove_XSS(base64_decode($topic)); $cat = $_GET['cattopic']; $titre = $_GET['titre']; $titred = remove_XSS(base64_decode($titre)); $header_ttestX = 'O'; setcookie($topid, "", time() - 9999999); $new_count_sook = $_COOKIE['' . $cat . 'nb']; $new_count_sook = $new_count_sook--; if ($new_count_sook == 1 || $new_count_sook == '1') { setcookie("" . $cat . "nb", "", time() - 9999999); setcookie("" . $cat . "", "", time() - 9999999); } else { setcookie("" . $cat . "nb", $new_count_sook, time() + 3600); } $db->select("reserved"); $db->from("{$dbprefix}forum WHERE (cattopic='{$cat}' AND cattitle != '')"); $resrX = $db->exec(); while ($datarX = $db->fetch($resrX)) { $reserved = $datarX->reserved;