function systemmail($to,$subject,$body,$from=0,$noemail=false){ $subject = safeescape($subject); $subject=str_replace("\n","",$subject); $subject=str_replace("`n","",$subject); $body = safeescape($body); //echo $subject."<br>".$body; $sql = "SELECT prefs,emailaddress FROM accounts WHERE acctid='$to'"; $result = db_query($sql); $row = db_fetch_assoc($result); db_free_result($result); $prefs = unserialize($row[prefs]); if ($prefs[dirtyemail]){ //output("Not cleaning: $prefs[dirtyemail]"); }else{ //output("Cleaning: $prefs[dirtyemail]"); $subject=soap($subject); $body=soap($body); } $sql = "INSERT INTO mail (msgfrom,msgto,subject,body,sent) VALUES ('".(int)$from."','".(int)$to."','$subject','$body',now())"; db_query($sql); $email=false; if ($prefs[emailonmail] && $from>0){ $email=true; }elseif($prefs[emailonmail] && $from==0 && $prefs[systemmail]){ $email=true; } if (!is_email($row[emailaddress])) $email=false; if ($email && !$noemail){ $sql = "SELECT name FROM accounts WHERE acctid='$from'"; $result = db_query($sql); $row1=db_fetch_assoc($result); db_free_result($result); if ($row1[name]!="") $fromline="From: ".preg_replace("'[`].'","",$row1[name])."\n"; // We've inserted it into the database, so.. strip out any formatting // codes from the actual email we send out... they make things // unreadable $body = preg_replace("'[`]n'", "\n", $body); $body = preg_replace("'[`].'", "", $body); mail($row[emailaddress],"New LoGD Mail","You have received new mail on LoGD at http://".$_SERVER[HTTP_HOST].dirname($_SERVER[SCRIPT_NAME])."\n\n$fromline" ."Subject: ".preg_replace("'[`].'","",stripslashes($subject))."\n" ."Body: ".stripslashes($body)."\n" ."\nYou may turn off these alerts in your preferences page.", "From: ".getsetting("gameadminemail","postmaster@localhost") ); } }
function safeget($array, $key, $default = null, $esc = true) { if ($array === NULL) { return $default; } if (is_array($array) && array_key_exists($key, $array)) { $val = $array[$key]; } else { $val = $default; } //echo "Value:$val\n"; if ($esc == true) { $val = safeescape($val); } return $val; }
function safeescape($obj) { if ($obj === null) { return null; } if (is_array($obj)) { $ret = array(); foreach ($obj as $k => $v) { $ret[$k] = safeescape($v); } return $ret; } else { if (is_string($obj)) { return db()->escape_string($obj); } } return $obj; }
function systemmail($to, $subject, $body, $from = 0, $noemail = false) { global $session; $sql = "SELECT prefs,emailaddress FROM " . db_prefix("accounts") . " WHERE acctid='{$to}'"; $result = db_query($sql); $row = db_fetch_assoc($result); db_free_result($result); $prefs = unserialize($row['prefs']); $serialized = 0; if ($from == 0) { if (is_array($subject)) { $subject = serialize($subject); $serialized = 1; } if (is_array($body)) { $body = serialize($body); $serialized += 2; } $subject = safeescape($subject); $body = safeescape($body); } else { $subject = safeescape($subject); $subject = str_replace("\n", "", $subject); $subject = str_replace("`n", "", $subject); $body = safeescape($body); if (isset($prefs['dirtyemail']) && $prefs['dirtyemail'] || $from == 0) { } else { $subject = soap($subject, false, "mail"); $body = soap($body, false, "mail"); } } $sql = "INSERT INTO " . db_prefix("mail") . " (msgfrom,msgto,subject,body,sent,originator) VALUES ('" . $from . "','" . (int) $to . "','{$subject}','{$body}','" . date("Y-m-d H:i:s") . "', " . $session['user']['acctid'] . ")"; db_query($sql); invalidatedatacache("mail-{$to}"); $email = false; if (isset($prefs['emailonmail']) && $prefs['emailonmail'] && $from > 0) { $email = true; } elseif (isset($prefs['emailonmail']) && $prefs['emailonmail'] && $from == 0 && isset($prefs['systemmail']) && $prefs['systemmail']) { $email = true; } $emailadd = ""; if (isset($row['emailaddress'])) { $emailadd = $row['emailaddress']; } if (!is_email($emailadd)) { $email = false; } if ($email && !$noemail) { if ($serialized & 2) { $body = unserialize(stripslashes($body)); $body = translate_mail($body, $to); } if ($serialized & 1) { $subject = unserialize(stripslashes($subject)); $subject = translate_mail($subject, $to); } $sql = "SELECT name FROM " . db_prefix("accounts") . " WHERE acctid='{$from}'"; $result = db_query($sql); $row1 = db_fetch_assoc($result); db_free_result($result); if ($row1['name'] != "") { $fromline = full_sanitize($row1['name']); } else { $fromline = translate_inline("The Green Dragon", "mail"); } $sql = "SELECT name FROM " . db_prefix("accounts") . " WHERE acctid='{$to}'"; $result = db_query($sql); $row1 = db_fetch_assoc($result); db_free_result($result); $toline = full_sanitize($row1['name']); // We've inserted it into the database, so.. strip out any formatting // codes from the actual email we send out... they make things // unreadable $body = preg_replace("'[`]n'", "\n", $body); $body = full_sanitize($body); $subject = htmlentities($subject, ENT_COMPAT, getsetting("charset", "ISO-8859-1")); $mailsubj = translate_mail(array("New LoGD Mail (%s)", $subject), $to); $mailbody = translate_mail(array("You have received new mail on LoGD at http://%s`n`n" . "-=-=-=-=-=-=-=-=-=-=-=-=-=-`n" . "From: %s`n" . "To: %s`n" . "Subject: %s`n" . "Body: `n%s`n" . "-=-=-=-=-=-=-=-=-=-=-=-=-=-" . "`nDo not respond directly to this email, it was sent from the game email address, and not the email address of the person who sent you the " . "message. If you wish to respond, log into Legend of the Green Dragon at http://%s .`n`n" . "You may turn off these alerts in your preferences page, available from the village square.", $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']), $fromline, $toline, full_sanitize(stripslashes($subject)), stripslashes($body), $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])), $to); mail($row['emailaddress'], $mailsubj, str_replace("`n", "\n", $mailbody), "From: " . getsetting("gameadminemail", "postmaster@localhost")); } invalidatedatacache("mail-{$to}"); }
} } } $remove = httpget('remove'); if ($remove > "") { $sql = "SELECT name,login,clanrank FROM " . db_prefix("accounts") . " WHERE acctid='{$remove}'"; $row = db_fetch_assoc(db_query($sql)); $args = modulehook("clan-setrank", array("setrank" => 0, "login" => $row['login'], "name" => $row['name'], "acctid" => $remove, "clanid" => $session['user']['clanid'], "oldrank" => $row['clanrank'])); $sql = "UPDATE " . db_prefix("accounts") . " SET clanrank=" . CLAN_APPLICANT . ",clanid=0,clanjoindate='0000-00-00 00:00:00' WHERE acctid='{$remove}' AND clanrank<={$session['user']['clanrank']}"; db_query($sql); debuglog("Player {$session['user']['name']} removed player {$row['login']} from {$claninfo['clanname']}.", $remove); //delete unread application emails from this user. //breaks if the applicant has had their name changed via //dragon kill, superuser edit, or lodge color change require_once "lib/safeescape.php"; $subj = safeescape(serialize(array($apply_short, $row['name']))); $sql = "DELETE FROM " . db_prefix("mail") . " WHERE msgfrom=0 AND seen=0 AND subject='{$subj}'"; db_query($sql); } $sql = "SELECT name,login,acctid,clanrank,laston,clanjoindate,dragonkills,level FROM " . db_prefix("accounts") . " WHERE clanid={$claninfo['clanid']} ORDER BY clanrank DESC ,dragonkills DESC,level DESC,clanjoindate"; $result = db_query($sql); rawoutput("<table border='0' cellpadding='2' cellspacing='0'>"); $rank = translate_inline("Rank"); $name = translate_inline("Name"); $lev = translate_inline("Level"); $dk = translate_inline("Dragon Kills"); $jd = translate_inline("Join Date"); $lo = translate_inline("Last On"); $ops = translate_inline("Operations"); $promote = translate_inline("Promote"); $demote = translate_inline("Demote");