$bind_pwd = $xerte_toolkits_site->bind_pwd; $basedn = $xerte_toolkits_site->basedn; $bind_dn = $xerte_toolkits_site->bind_dn; $result = authenticate_to_host($host, $port, $bind_pwd, $basedn, $bind_dn, $username, $password, $xerte_toolkits_site); if ($result) { receive_message($username, "USER", "SUCCESS", "Logging in succeeded for " . $username, "Logging in succeeded for " . $username); return $result; } else { receive_message($username, "USER", "CRITICAL", "Login failed for " . $username, "Login failed for " . $username); return $result; } } } else { while ($host = mysql_fetch_array($ldap_hosts)) { $result = authenticate_to_host($host['ldap_host'], $host['ldap_port'], $host['ldap_password'], $host['ldap_username'], $host['ldap_basedn'], $host['ldap_filter'], $host['ldap_filter_attr'], $username, $password, $xerte_toolkits_site); if ($result[0]) { return true; } } } return false; } require "../config.php"; if (valid_login($_POST['username'], $_POST['password'], $xerte_toolkits_site)) { echo "Logging in worked"; } else { echo "Logging in failed"; } $data = get_user_details($_POST['username'], $_POST['password']); echo "<p>Getting LDAP record for user - to work with Toolkits - [sn][0] should the surname and [givenname][0] should be the first name<pre>"; print_r($data[1][0]);
function do_delete_reward_item(&$sqlm) { global $action_permission, $mmfpm_db; valid_login($action_permission['delete']); $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (empty($_GET['item'])) { redirect('rewards.php?error=1'); } $items = $sqlm->quote_smart($_GET['item']); if (is_numeric($items)) { } else { redirect('rewards.php?error=1'); } $sqlm->query('DELETE FROM mm_reward_item WHERE item = ' . $items . ''); unset($items); if ($sqlm->affected_rows()) { redirect('rewards.php?action=show_reward_item'); } else { redirect('rewards.php?error=2'); } }
function delete_motd(&$sqlm) { global $action_permission, $realm_id, $mmfpm_db; // minimum permission to view page valid_login($action_permission['delete']); $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); if (empty($_GET['id'])) { redirect('index.php'); } $id = $sqlm->quote_smart($_GET['id']); if (is_numeric($id)) { } else { redirect('motd.php?error=1'); } $sqlm->query(' DELETE FROM mm_motd WHERE id =' . $id . ''); unset($id); redirect('index.php'); }
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ require_once "header.php"; require_once "libs/get_uptime_lib.php"; valid_login($action_permission["view"]); function stats($action) { global $output, $realm_id, $logon_db, $server, $theme, $sql, $core; $race = array(1 => array(1, "human", "", ""), 2 => array(2, "orc", "", ""), 3 => array(3, "dwarf", "", ""), 4 => array(4, "nightelf", "", ""), 5 => array(5, "undead", "", ""), 6 => array(6, "tauren", "", ""), 7 => array(7, "gnome", "", ""), 8 => array(8, "troll", "", ""), 10 => array(10, "bloodelf", "", ""), 11 => array(11, "draenei", "", "")); $class = array(1 => array(1, "warrior", "", ""), 2 => array(2, "paladin", "", ""), 3 => array(3, "hunter", "", ""), 4 => array(4, "rogue", "", ""), 5 => array(5, "priest", "", ""), 6 => array(6, "death_knight", "", ""), 7 => array(7, "shaman", "", ""), 8 => array(8, "mage", "", ""), 9 => array(9, "warlock", "", ""), 11 => array(11, "druid", "", "")); $level = array(1 => array(1, 1, 9, "", ""), 2 => array(2, 10, 19, "", ""), 3 => array(3, 20, 29, "", ""), 4 => array(4, 30, 39, "", ""), 5 => array(5, 40, 49, "", ""), 6 => array(6, 50, 59, "", ""), 7 => array(7, 60, 69, "", ""), 8 => array(8, 70, 79, "", ""), 9 => array(9, 80, 80, "", "")); function format_uptime($seconds) { $secs = intval($seconds % 60); $mins = intval($seconds / 60 % 60); $hours = intval($seconds / 3600 % 24); $days = intval($seconds / 86400); $uptimeString = ""; if ($days) { $uptimeString .= $days;
} } // If the user isn't logged in, force the user to login if (!isset($_SESSION['is_valid'])) { $action = 'login'; } switch ($action) { case 'login': if (isset($_POST['login-email']) && isset($_POST['login-password'])) { $user = $_POST['login-email']; $password = $_POST['login-password']; } else { $user = ''; $password = ''; } if (valid_login($user, $password)) { $_SESSION['is_valid'] = $user; include 'view/dashboard.php'; } else { include 'view/page_login.php'; } break; case 'logout': $_SESSION = array(); // Clear all session data from memory session_destroy(); // Clean up the session ID include 'view/page_login.php'; break; case 'show_profile': $_SESSION['view_people'] = $_SESSION['is_valid'];
function saveloc() { global $output, $action_permission, $characters_db, $realm_id, $user_id, $hearthstone_credits, $sql, $core; valid_login($action_permission["view"]); $guid = $sql["char"]->quote_smart($_GET["guid"]); if ($core == 1) { $query = "SELECT * FROM characters WHERE guid='" . $guid . "'"; } elseif ($core == 2) { $query = "SELECT *,\n characters.map AS mapId, characters.zone AS zoneId,\n character_homebind.map AS bindmapId, character_homebind.zone AS bindzoneId,\n character_homebind.position_x AS bindpositionX, character_homebind.position_y AS bindpositionY,\n character_homebind.position_z AS bindpositionZ\n FROM characters LEFT JOIN character_homebind ON characters.guid=character_homebind.guid WHERE characters.guid='" . $guid . "'"; } else { $query = "SELECT *,\n characters.map AS mapId, characters.zone AS zoneId,\n character_homebind.mapId AS bindmapId, character_homebind.zoneId AS bindzoneId,\n character_homebind.posX AS bindpositionX, character_homebind.posY AS bindpositionY,\n character_homebind.posZ AS bindpositionZ\n FROM characters LEFT JOIN character_homebind ON characters.guid=character_homebind.guid WHERE characters.guid='" . $guid . "'"; } $char = $sql["char"]->fetch_assoc($sql["char"]->query($query)); if ($core != 1) { if (!isset($char["bindmapId"])) { $query = "SELECT * FROM playercreateinfo WHERE race='" . $char["race"] . "' AND class='" . $char["class"] . "'"; $result = $sql["world"]->query($query); $fields = $sql["world"]->fetch_assoc($result); $char["bindmapId"] = $fields["map"]; $char["bindzoneId"] = $fields["zone"]; $char["bindpositionX"] = $fields["position_x"]; $char["bindpositionY"] = $fields["position_y"]; $char["bindpositionZ"] = $fields["position_z"]; } } $int_err = 0; // credits if ($hearthstone_credits > 0) { // we need the player's account if ($core == 1) { $acct_query = "SELECT login AS username FROM accounts WHERE acct=(SELECT acct FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')"; } else { $acct_query = "SELECT username FROM account WHERE id=(SELECT account FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')"; } $acct_result = $sql["logon"]->query($acct_query); $acct_result = $sql["logon"]->fetch_assoc($acct_result); $username = $acct_result["username"]; // now we get the user's credit balance $cr_query = "SELECT Credits FROM config_accounts WHERE Login='******'"; $cr_result = $sql["mgr"]->query($cr_query); $cr_result = $sql["mgr"]->fetch_assoc($cr_result); $credits = $cr_result["Credits"]; // since this action is delayed, we have to make sure the account still has sufficient funds // if the account doesn't have enough, we just ignore the hearthstone request if ($credits >= 0 && $credits < $hearthstone_credits) { $int_err = 1; } if (!$int_err) { // we don't charge credits if the account is unlimited if ($credits >= 0) { $credits = $credits - $hearthstone_credits; } $money_query = "UPDATE config_accounts SET Credits='" . $credits . "' WHERE Login='******'"; $money_result = $sql["mgr"]->query($money_query); } } if (!$int_err) { if ($core == 1) { $query = "UPDATE characters SET positionX='" . $char["bindpositionX"] . "', positionY='" . $char["bindpositionY"] . "', positionZ='" . $char["bindpositionZ"] . "', mapId='" . $char["bindmapId"] . "', zoneId='" . $char["bindzoneId"] . "' WHERE guid='" . $guid . "'"; } else { $query = "UPDATE characters SET position_x='" . $char["bindpositionX"] . "', position_y='" . $char["bindpositionY"] . "', position_z='" . $char["bindpositionZ"] . "', map='" . $char["bindmapId"] . "', zone='" . $char["bindzoneId"] . "' WHERE guid='" . $guid . "'"; } $result = $sql["char"]->query($query); redirect("hearthstone.php?error=2"); } redirect("index.php"); }
function set_def_realm(&$sqlr) { global $action_permission; valid_login($action_permission['read']); $id = isset($_GET['id']) ? $sqlr->quote_smart($_GET['id']) : 1; if (is_numeric($id)) { } else { $id = 1; } if ($sqlr->num_rows($sqlr->query(' SELECT id FROM realmlist WHERE id = ' . $id . ''))) { $_SESSION['realm_id'] = $id; } unset($id); $url = isset($_GET['url']) ? $_GET['url'] : 'index.php'; redirect($url); }
it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // page header, and any additional required libraries require_once 'header.php'; // minimum permission to view page valid_login($action_permission['delete']); if (test_port($server[$realm_id]['addr_wan'], $server[$realm_id]['term_port'])) { // we start with a lead of 10 spaces, // because last line of header is an opening tag with 8 spaces // keep html indent in sync, so debuging from browser source would be easy to read $output .= ' <!-- start of ssh.php --> <center> <br /> <applet codebase="." archive="libs/js/ssh.jar" code="de.mud.jta.Applet" width="780" height="350"> <param name="plugins" value="Status,Socket,' . $server[$realm_id]['term_type'] . ',Terminal" /> <param name="Socket.host" value="' . $server[$realm_id]['addr_wan'] . '" /> <param name="Socket.port" value="' . $server[$realm_id]['term_port'] . '" /> </applet> <br />
function purchase() { global $world_db, $characters_db, $realm_id, $user_name, $output, $action_permission, $user_lvl, $from_char, $stationary, $sql, $core; valid_login($action_permission["view"]); if (empty($_GET["item"])) { redirect("ultra_vendor.php?error=1"); } if (empty($_GET["total"])) { redirect("ultra_vendor.php?error=1"); } if (empty($_GET["want"])) { redirect("ultra_vendor.php?error=1"); } $mode = $_GET["mode"]; if ($core == 1) { $iquery = "SELECT * FROM items " . ($locales_search_option != 0 ? "LEFT JOIN items_localized ON (items_localized.entry=items.entry AND language_code='" . $locales_search_option . "') " : " ") . "WHERE items.entry='" . $_GET["item"] . "'"; } else { $iquery = "SELECT * FROM item_template " . ($locales_search_option != 0 ? "LEFT JOIN locales_item ON locales_item.entry=item_template.entry " : " ") . "WHERE item_template.entry='" . $_GET["item"] . "'"; } $iresult = $sql["world"]->query($iquery); $item = $sql["world"]->fetch_assoc($iresult); // Localization if ($locales_search_option != 0) { if ($core == 1) { $item["name1"] = $item["name"]; } else { $item["name1"] = $item["name_loc" . $locales_search_option]; } } else { $item["name1"] = $item["name1"]; } $cquery = "SELECT *, money AS gold FROM characters WHERE name='" . $_GET["char"] . "'"; $cresult = $sql["char"]->query($cquery); $char = $sql["char"]->fetch_assoc($cresult); if ($mode == "money") { $char_money = $char["gold"]; $char_money = $char_money - $_GET["total"]; if ($core == 1) { $money_query = "UPDATE characters SET gold='" . $char_money . "' WHERE guid='" . $char["guid"] . "'"; } else { $money_query = "UPDATE characters SET money='" . $char_money . "' WHERE guid='" . $char["guid"] . "'"; } $money_result = $sql["char"]->query($money_query); } else { // get our credit balance $cr_query = "SELECT Credits FROM config_accounts WHERE Login='******'"; $cr_result = $sql["mgr"]->query($cr_query); $cr_result = $sql["mgr"]->fetch_assoc($cr_result); $credits = $cr_result["Credits"]; // we don't charge credits if the account is unlimited if ($credits >= 0) { $credits = $credits - $_GET["total"]; } $money_query = "UPDATE config_accounts SET Credits='" . $credits . "' WHERE Login='******'"; $money_result = $sql["mgr"]->query($money_query); } if ($core == 1) { $mail_query = "INSERT INTO mailbox_insert_queue VALUES ('" . $from_char . "', '" . $char["guid"] . "', '" . lang("ultra", "questitems") . "', " . chr(34) . $_GET["want"] . "x " . $item["name1"] . chr(34) . ", '" . $stationary . "', '0', '" . $_GET["item"] . "', '" . $_GET["want"] . "')"; redirect("ultra_vendor.php&moneyresult=" . $money_result); } else { // we need to be able to bypass mail.php's normal permissions to send mail $_SESSION['vendor_permission'] = 1; redirect("mail.php?action=send_mail&type=ingame_mail&to=" . $char["name"] . "&subject=" . lang("ultra", "questitems") . "&body=" . $_GET["want"] . "x " . $item["name"] . "&group_sign==&group_send=gm_level&money=0&att_item=" . $_GET["item"] . "&att_stack=" . $_GET["want"] . "&redirect=ultra_vendor.php&moneyresult=" . $money_result); } }
<?php require_once "header.php"; valid_login($action_permission['update']); //########################################################################### // print mail form function print_mail_form() { global $lang_mail, $output; $to = isset($_GET['to']) ? $_GET['to'] : NULL; $type = isset($_GET['type']) ? $_GET['type'] : "email"; $output .= "\n <center>\n <form action=\"mail.php?action=send_mail\" method=\"post\" name=\"form\">\n <fieldset style=\"width: 770px;\">\n <legend>{$lang_mail['mail_type']}</legend>\n <br />\n <table class=\"top_hidden\" style=\"width: 720px;\">\n <tr>\n <td align=\"left\">{$lang_mail['recipient']}: <input type=\"text\" name=\"to\" size=\"32\" value=\"{$to}\" maxlength=\"225\" /></td>\n <td align=\"left\">{$lang_mail['subject']}: <input type=\"text\" name=\"subject\" size=\"32\" maxlength=\"50\" /></td>\n <td width=\"1\" align=\"right\">\n <select name=\"type\">"; if ($type == "email") { $output .= "\n <option value=\"email\">{$lang_mail['email']}</option>\n <option value=\"ingame_mail\">{$lang_mail['ingame_mail']}</option>"; } else { $output .= "\n <option value=\"ingame_mail\">{$lang_mail['ingame_mail']}</option>\n <option value=\"email\">{$lang_mail['email']}</option>"; } $output .= "\n </select>\n </td>\n </tr>\n <tr><td colspan=\"3\"><hr /></td></tr>\n <tr>\n <td colspan=\"3\">\n {$lang_mail['dont_use_both_groupsend_and_to']}\n </td>\n </tr>\n <tr>\n <td colspan=\"3\">{$lang_mail['group_send']}:\n <select name=\"group_send\">\n <optgroup label=\"{$lang_mail['both']}\">\n <option value=\"gm_level\">{$lang_mail['gm_level']}</option>\n </optgroup>\n <optgroup label=\"{$lang_mail['email']}\">\n <option value=\"locked\">{$lang_mail['locked_accouns']}</option>\n <option value=\"banned\">{$lang_mail['banned_accounts']}</option>\n </optgroup>\n <optgroup label=\"{$lang_mail['ingame_mail']}\">\n <option value=\"char_level\">{$lang_mail['char_level']}</option>\n <option value=\"online\">{$lang_mail['online']}</option>\n </optgroup>\n </select>\n <select name=\"group_sign\">\n <option value=\"=\">=</option>\n <option value=\"<\"><</option>\n <option value=\">\">></option>\n <option value=\"!=\">!=</option>\n </select>\n <input type=\"text\" name=\"group_value\" size=\"20\" maxlength=\"40\" />\n </td>\n </tr>\n <tr><td colspan=\"3\"><hr /></td></tr>\n <tr>\n <td colspan=\"3\" align=\"left\">\n {$lang_mail['attachments']}:\n </td>\n </tr>\n <tr>\n <td colspan=\"3\" align=\"right\">\n {$lang_mail['money']} : <input type=\"text\" name=\"money\" value=\"0\" size=\"10\" maxlength=\"10\" />\n {$lang_mail['item']} : <input type=\"text\" name=\"att_item\" value=\"0\" size=\"10\" maxlength=\"10\" />\n {$lang_mail['stack']} : <input type=\"text\" name=\"att_stack\" value=\"0\" size=\"10\" maxlength=\"10\" />\n </td>\n </tr>\n <tr>\n <td colspan=\"3\">\n </td>\n </tr>\n </table>\n </fieldset>\n <fieldset style=\"width: 770px;\">\n <legend>{$lang_mail['mail_body']}</legend>\n <br /><textarea name=\"body\" rows=\"14\" cols=\"92\"></textarea><br />\n <br />\n <table>\n <tr>\n <td>"; makebutton($lang_mail['send'], "javascript:do_submit()", 130); $output .= "\n </td>\n </tr>\n </table>\n </fieldset>\n <br />\n </form>\n </center>\n"; } //############################################################################# // Send the actual mail(s) function send_mail() { global $lang_global, $output, $realm_db, $characters_db, $realm_id, $user_name, $from_mail, $mailer_type, $smtp_cfg; if (empty($_POST['body']) || empty($_POST['subject']) || empty($_POST['type']) || empty($_POST['group_sign']) || empty($_POST['group_send'])) { redirect("mail.php?error=1"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
function do_edit_ticket() { global $characters_db, $realm_id, $action_permission; valid_login($action_permission['update']); if (empty($_POST['new_text']) || empty($_POST['id'])) { redirect("ticket.php?error=1"); } $sqlc = new SQL(); $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $new_text = $sqlc->quote_smart($_POST['new_text']); $id = $sqlc->quote_smart($_POST['id']); if (is_numeric($id)) { } else { redirect("ticket.php?error=1"); } $query = $sqlc->query("UPDATE gm_tickets SET message='{$new_text}' WHERE guid = '{$id}'"); if ($sqlc->affected_rows()) { redirect("ticket.php?error=5"); } else { redirect("ticket.php?error=6"); } }
the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ // page header, and any additional required libraries require_once 'header.php'; require_once 'libs/map_zone_lib.php'; // minimum permission to view page valid_login($action_permission['view']); //############################################################################# // INSTANCES //############################################################################# function instances() { global $output, $lang_instances, $arcm_db, $realm_id, $world_db, $arcn_db, $itemperpage, $sqlw, $sqlm, $sqld; //-------------------SQL Injection Prevention-------------------------------- // this page has multipage support and field ordering, so we need these $start = isset($_GET['start']) ? $sqlw->quote_smart($_GET['start']) : 0; if (is_numeric($start)) { } else { $start = 0; } $order_by = isset($_GET['order_by']) ? $sqlw->quote_smart($_GET['order_by']) : 'minlevel'; if (preg_match('/^[_[:lower:]]{1,11}$/', $order_by)) {
function saveacct_direct() { global $output, $action_permission, $corem_db, $characters_db, $realm_id, $user_id, $sql, $core; valid_login($action_permission["update"]); $guid = $sql["mgr"]->quote_smart($_GET["guid"]); $new = $sql["mgr"]->quote_smart($_GET["new"]); if ($_GET["new1"] != "") { $new = $sql["mgr"]->quote_smart($_GET["new1"]); if (!is_numeric($new)) { if ($core == 1) { $acct_query = "SELECT acct, accounts.login, IFNULL(`" . $corem_db["name"] . "`.config_accounts.ScreenName, '')\r\n FROM accounts\r\n LEFT JOIN `" . $corem_db["name"] . "`.config_accounts ON config_accounts.Login=accounts.login COLLATE utf8_general_ci\r\n WHERE accounts.login='******' OR config_accounts.Login='******'"; } else { $acct_query = "SELECT id AS acct, username AS login, IFNULL(`" . $corem_db["name"] . "`.config_accounts.ScreenName, '')\r\n FROM account\r\n LEFT JOIN `" . $corem_db["name"] . "`.config_accounts ON config_accounts.Login=account.username\r\n WHERE account.username='******' OR config_accounts.ScreenName='" . $new . "'"; } $acct_result = $sql["logon"]->query($acct_query); $acct_result = $sql["logon"]->fetch_assoc($acct_result); $new = $acct_result["acct"]; } } if ($core == 1) { $result = $sql["char"]->query("UPDATE characters SET acct='" . $new . "' WHERE guid='" . $guid . "'"); } else { $result = $sql["char"]->query("UPDATE characters SET account='" . $new . "' WHERE guid='" . $guid . "'"); } redirect("char_list.php"); }
function do_add_entry() { global $logon_db, $characters_db, $realm_id, $user_name, $output, $action_permission, $user_lvl, $sql, $core; valid_login($action_permission["insert"]); if (empty($_GET["ban_type"]) || empty($_GET["entry"]) || empty($_GET["bantime"])) { redirect("banned.php?error=1&action=add_entry"); } $ban_type = $sql["logon"]->quote_smart($_GET["ban_type"]); $entry = $sql["logon"]->quote_smart($_GET["entry"]); switch ($ban_type) { case "accounts": if ($core == 1) { $result1 = $sql["logon"]->query("SELECT acct FROM accounts WHERE login='******'"); } else { $result1 = $sql["logon"]->query("SELECT id AS acct FROM account WHERE username='******'"); } if (!$sql["logon"]->num_rows($result1)) { redirect("banned.php?error=4&action=add_entry"); } else { $entry = $sql["logon"]->result($result1, 0, 'acct'); } break; case "characters": $result1 = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $entry . "'"); if (!$sql["char"]->num_rows($result1)) { redirect("banned.php?error=4&action=add_entry"); } else { $entry = $sql["char"]->result($result1, 0, 'guid'); } break; case "ipbans": break; } $bantime = time() + 3600 * $sql["logon"]->quote_smart($_GET["bantime"]); $banreason = isset($_GET["banreason"]) && $_GET["banreason"] != '' ? $sql["logon"]->quote_smart($_GET["banreason"]) : "none"; switch ($ban_type) { case "accounts": if ($core == 1) { $result = $sql["logon"]->query("SELECT banned FROM accounts WHERE acct='" . $entry . "'"); } else { $result = $sql["logon"]->query("SELECT active FROM account_banned WHERE id='" . $entry . "' AND active=1"); } $acct_banned = $sql["logon"]->result($result, 0); if ($acct_banned == 0) { if ($core == 1) { $sql["logon"]->query("UPDATE accounts SET banned='" . $bantime . "' WHERE acct='" . $entry . "'"); } else { $sql["logon"]->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason) VALUES ('" . $entry . "', UNIX_TIMESTAMP(), '" . $bantime . "', '" . $user_name . "', '" . $banreason . "')"); } } if ($sql["logon"]->affected_rows()) { redirect("banned.php?error=3&ban_type=" . $ban_type); } else { redirect("banned.php?error=2&ban_type=" . $ban_type); } break; case "characters": $result = $sql["char"]->query("SELECT banned FROM characters WHERE guid='" . $entry . "'"); $char_banned = $sql["char"]->result($result, 0); if ($char_banned == 0) { $sql["char"]->query("UPDATE characters SET banned='" . $bantime . "', banReason='" . $banreason . "' WHERE guid='" . $entry . "'"); } if ($sql["char"]->affected_rows()) { redirect("banned.php?error=3&ban_type=" . $ban_type); } else { redirect("banned.php?error=2&ban_type=" . $ban_type); } break; case "ipbans": if ($core == 1) { $result = $sql["logon"]->query("SELECT ip FROM ipbans WHERE ip='" . $entry . "'"); } else { $result = $sql["logon"]->query("SELECT ip FROM ip_banned WHERE ip='" . $entry . "'"); } if (!$sql["logon"]->num_rows($result)) { if ($core == 1) { $sql["logon"]->query("INSERT INTO ipbans (ip, expire) VALUES ('" . $entry . "', '" . $bantime . "')"); } else { $sql["logon"]->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason) VALUES ('" . $entry . "', UNIX_TIMESTAMP(), '" . $bantime . "', '" . $user_name . "', '" . $banreason . "')"); } } if ($sql["logon"]->affected_rows()) { redirect("banned.php?error=3&ban_type=" . $ban_type); } else { redirect("banned.php?error=2&ban_type=" . $ban_type); } break; } }
function do_delete() { global $world_db, $realm_id, $action_permission, $user_lvl; valid_login($action_permission['delete']); if (isset($_GET['entry'])) { $entry = $_GET['entry']; } else { redirect("item.php?error=1"); } $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $result = $sqlw->query("DELETE FROM item_template WHERE entry = '{$entry}'"); redirect("item.php"); }
function dodelete_item() { global $output, $action_permission, $sql, $core; valid_login($action_permission["delete"]); // get our variables $cid = isset($_GET["id"]) ? $sql["char"]->quote_smart($_GET["id"]) : NULL; $bag = isset($_GET["bag"]) ? $sql["char"]->quote_smart($_GET["bag"]) : NULL; $slot = isset($_GET["slot"]) ? $sql["char"]->quote_smart($_GET["slot"]) : NULL; $item = isset($_GET["item"]) ? $sql["char"]->quote_smart($_GET["item"]) : NULL; if (!isset($cid) || !isset($bag) || !isset($slot) || !isset($item)) { redirect("index.php"); } if ($core == 1) { $query = "DELETE FROM playeritems WHERE ownerguid='" . $cid . "' AND entry='" . $item . "' AND containerslot='" . $bag . "' AND slot='" . $slot . "'"; } elseif ($core == 2) { $query = "SELECT item FROM character_inventory WHERE guid='" . $cid . "' AND item_template='" . $item . "' AND bag='" . $bag . "' AND slot='" . $slot . "'"; $result = $sql["char"]->query($query); $result = $sql["char"]->fetch_assoc($result); $item_guid = $result["item"]; $query = "DELETE FROM character_inventory WHERE item='" . $item_guid . "'"; $query2 = "DELETE FROM item_instance WHERE guid='" . $item_guid . "';"; } else { $query = "SELECT item FROM character_inventory\n LEFT JOIN item_instance ON character_inventory.item=item_instance.guid\n WHERE character_inventory.guid='" . $cid . "' AND itemEntry='" . $item . "' AND bag='" . $bag . "' AND slot='" . $slot . "'"; $result = $sql["char"]->query($query); $result = $sql["char"]->fetch_assoc($result); $item_guid = $result["item"]; $query = "DELETE FROM character_inventory WHERE item='" . $item_guid . "'"; $query2 = "DELETE FROM item_instance WHERE guid='" . $item_guid . "';"; } $result = $sql["char"]->query($query); if (isset($query2)) { $result = $sql["char"]->query($query2); } redirect("char.php?id=" . $cid . "&mode=" . $_GET["mode"]); }
function do_edit_char(&$sqlr, &$sqlc) { global $lang_global, $lang_char, $output, $realm_db, $characters_db, $realm_id, $world_db, $action_permission, $user_lvl; valid_login($action_permission['delete']); if (empty($_GET['id']) || empty($_GET['name'])) { error($lang_global['empty_fields']); } $id = $sqlc->quote_smart($_GET['id']); $result = $sqlc->query("\r\n\t\tSELECT account, online \r\n\t\tFROM characters \r\n\t\tWHERE guid = '{$id}'"); if ($sqlc->num_rows($result)) { //we cannot edit online chars if (!$sqlc->result($result, 0, 'online')) { //resrict by owner's gmlvl $owner_acc_id = $sqlc->result($result, 0, 'account'); $query = $sqlr->query("\r\n\t\t\t\tSELECT gmlevel \r\n\t\t\t\tFROM account \r\n\t\t\t\tWHERE id ='{$owner_acc_id}'"); $owner_gmlvl = $sqlr->result($query, 0, 'gmlevel'); $new_owner_name = $_GET['owner_name']; $query = $sqlr->query("\r\n\t\t\t\tSELECT id \r\n\t\t\t\tFROM account \r\n\t\t\t\tWHERE username ='******'"); $new_owner_acc_id = $sqlr->result($query, 0, 'id'); if ($owner_acc_id != $new_owner_acc_id) { $max_players = $sqlr->query("\r\n\t\t\t\t\tSELECT numchars \r\n\t\t\t\t\tFROM realmcharacters \r\n\t\t\t\t\tWHERE acctid ='{$new_owner_acc_id}'"); $max_players = $max_players[0]; if ($max_players <= 9) { $result = $sqlr->query("\r\n\t\t\t\t\t\tUPDATE `{$characters_db[$realm_id]['name']}`.`characters` \r\n\t\t\t\t\t\tSET account = {$new_owner_acc_id} WHERE guid = {$id}"); } else { redirect("char_edit.php?action=edit_char&id={$id}&error=5"); } } if ($user_lvl > $owner_gmlvl) { if (isset($_GET['check'])) { $check = $sqlc->quote_smart($_GET['check']); } else { $check = NULL; } $new_name = $sqlc->quote_smart($_GET['name']); if (isset($_GET['tot_time'])) { $new_tot_time = $sqlc->quote_smart($_GET['tot_time']); } else { $new_tot_time = 0; } if (isset($_GET['money'])) { $new_money = $sqlc->quote_smart($_GET['money']); } else { $new_money = 0; } if (isset($_GET['arena_points'])) { $new_arena_points = $sqlc->quote_smart($_GET['arena_points']); } else { $new_arena_points = 0; } if (isset($_GET['honor_points'])) { $new_honor_points = $sqlc->quote_smart($_GET['honor_points']); } else { $new_honor_points = 0; } if (isset($_GET['total_kills'])) { $new_total_kills = $sqlc->quote_smart($_GET['total_kills']); } else { $new_total_kills = 0; } if (!is_numeric($new_tot_time) || !is_numeric($new_money) || !is_numeric($new_arena_points) || !is_numeric($new_honor_points)) { error($lang_char['use_numeric']); } $x = isset($_GET['x']) ? $sqlc->quote_smart($_GET['x']) : 0; $y = isset($_GET['y']) ? $sqlc->quote_smart($_GET['y']) : 0; $z = isset($_GET['z']) ? $sqlc->quote_smart($_GET['z']) : 0; $map = isset($_GET['map']) ? $sqlc->quote_smart($_GET['map']) : 0; $tp_to = isset($_GET['tp_to']) ? $sqlc->quote_smart($_GET['tp_to']) : 0; $result = $sqlc->query("\r\n\t\t\t\t\tSELECT equipmentCache \r\n\t\t\t\t\tFROM characters \r\n\t\t\t\t\tWHERE guid = '{$id}'"); $char = $sqlc->fetch_row($result); $eq_data = explode(' ', $char['equipmentCache']); //some items need to be deleted if ($check) { $item_offset = array("a0" => EQ_DATA_OFFSET_EQU_HEAD, "a1" => EQ_DATA_OFFSET_EQU_NECK, "a2" => EQ_DATA_OFFSET_EQU_SHOULDER, "a3" => EQ_DATA_OFFSET_EQU_SHIRT, "a4" => EQ_DATA_OFFSET_EQU_CHEST, "a5" => EQ_DATA_OFFSET_EQU_BELT, "a6" => EQ_DATA_OFFSET_EQU_LEGS, "a7" => EQ_DATA_OFFSET_EQU_FEET, "a8" => EQ_DATA_OFFSET_EQU_WRIST, "a9" => EQ_DATA_OFFSET_EQU_GLOVES, "a10" => EQ_DATA_OFFSET_EQU_FINGER1, "a11" => EQ_DATA_OFFSET_EQU_FINGER2, "a12" => EQ_DATA_OFFSET_EQU_TRINKET1, "a13" => EQ_DATA_OFFSET_EQU_TRINKET2, "a14" => EQ_DATA_OFFSET_EQU_BACK, "a15" => EQ_DATA_OFFSET_EQU_MAIN_HAND, "a16" => EQ_DATA_OFFSET_EQU_OFF_HAND, "a17" => EQ_DATA_OFFSET_EQU_RANGED, "a18" => EQ_DATA_OFFSET_EQU_TABARD); foreach ($check as $item_num) { //deleting equiped items if ($item_num[0] == "a") { $eq_data[$item_offset[$item_num]] = 0; sscanf($item_num, "a%d", $item_num); $result = $sql->query("\r\n\t\t\t\t\t\t\t\tSELECT item \r\n\t\t\t\t\t\t\t\tFROM character_inventory \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0"); $item_inst_id = $sqlc->result($result, 0, 'item'); $sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM character_inventory \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$id}' AND slot = {$item_num} AND bag = 0"); $sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM item_instance \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$item_inst_id}' AND owner_guid = '{$id}'"); } else { //deleting inv/bank items $sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM character_inventory \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$id}' AND item = '{$item_num}'"); $sqlc->query("\r\n\t\t\t\t\t\t\t\tDELETE FROM item_instance \r\n\t\t\t\t\t\t\t\tWHERE guid = '{$item_num}' AND owner_guid = '{$id}'"); } } } $data = implode(' ', $eq_data); if ($tp_to) { $query = $sqlc->query("\r\n\t\t\t\t\t\tSELECT map, position_x, position_y, position_z, orientation \r\n\t\t\t\t\t\tFROM `" . $world_db[$realm_id]['name'] . "`.`game_tele` \r\n\t\t\t\t\t\tWHERE LOWER(name) = '" . strtolower($tp_to) . "'"); $tele = $sqlc->fetch_row($query); if ($tele) { $teleport = "map='{$tele['0']}', position_x='{$tele['1']}', position_y='{$tele['2']}', position_z='{$tele['3']}', orientation='{$tele['4']}',"; } else { error($lang_char['no_tp_location']); } } else { $teleport = "map='{$map}', position_x='{$x}', position_y='{$y}', position_z='{$z}',"; } $result = $sqlc->query("\r\n\t\t\t\t\tUPDATE characters \r\n\t\t\t\t\tSET equipmentCache = '{$data}', name = '{$new_name}', {$teleport} totaltime = '{$new_tot_time}', money = '{$new_money}', arenaPoints = '{$new_arena_points}', totalHonorPoints = '{$new_honor_points}', totalKills = '{$new_total_kills}' \r\n\t\t\t\t\tWHERE guid = {$id}"); $sqlc->close(); unset($sqlc); if ($result) { redirect("char_edit.php?action=edit_char&id={$id}&error=3"); } else { redirect("char_edit.php?action=edit_char&id={$id}&error=4"); } } else { error($lang_char['no_permission']); } } else { redirect("char_edit.php?action=edit_char&id={$id}&error=2"); } } else { error($lang_char['no_char_found']); } }
function del_spell() { global $world_db, $realm_id, $action_permission, $sqlw; valid_login($action_permission['delete']); if (isset($_GET['check'])) { } else { redirect("spelld.php?error=1"); } $check = $sqlw->quote_smart($_GET['check']); $n_check = count($check); for ($i = 0; $i < $n_check; ++$i) { if ($check[$i] == '') { } else { $sqlw->query('DELETE FROM spell_disable WHERE spellid = ' . $check[$i] . ''); } } unset($n_check); unset($check); if ($sqlw->affected_rows()) { redirect('spelld.php?error=4'); } else { redirect('spelld.php?error=5'); } }
function char_tools_form() { global $output, $characters_db, $realm_id, $action_permission, $site_encoding, $showcountryflag, $sql; valid_login($action_permission["delete"]); if (isset($_GET["char"])) { $id = $_GET["char"]; } else { error(lang("global", "empty_fields")); } if ($core == 1) { $result = $sql["char"]->query("SELECT guid, name, race, class, level, zoneid, mapid, online, gender\r\n acct, data \r\n FROM characters WHERE guid='" . $id . "'"); } elseif ($core == 2) { $result = $sql["char"]->query("SELECT guid, name, race, class, level, zone AS zoneid, map AS mapid, \r\n online, gender, totaltime, account AS acct,\r\n arenaPoints, totalHonorPoints, totalKills\r\n FROM characters WHERE guid='" . $id . "'"); } else { $result = $sql["char"]->query("SELECT guid, name, race, class, level, zone AS zoneid, map AS mapid, \r\n online, gender, totaltime, account AS acct, arenaPoints, totalHonorPoints, totalKills\r\n FROM characters WHERE guid='" . $id . "'"); } $char = $sql["char"]->fetch_assoc($result); if ($core == 1) { $char_data = $char["data"]; if (empty($char_data)) { $char_data = str_repeat("0;", PLAYER_END); } $char_data = explode(";", $char_data); } else { $query = "SELECT * FROM characters\r\n LEFT JOIN character_stats ON characters.guid=character_stats.guid\r\n WHERE characters.guid='" . $id . "'"; $char_data_result = $sql["char"]->query($query); $char_data_fields = $sql["char"]->fetch_assoc($char_data_result); $char_data[PLAYER_FIELD_HONOR_CURRENCY] = isset($char["totalHonorPoints"]) ? $char["totalHonorPoints"] : ' '; $char_data[PLAYER_FIELD_ARENA_CURRENCY] = isset($char["arenaPoints"]) ? $char["arenaPoints"] : ' '; $char_data[PLAYER_FIELD_LIFETIME_HONORBALE_KILLS] = isset($char["totalKills"]) ? $char["totalKills"] : ' '; } if ($core == 1) { $guild_id = $sql["char"]->result($sql["char"]->query("SELECT guildid FROM guild_data WHERE playerid='" . $char["guid"] . "'"), 0); $guild_rank = $sql["char"]->result($sql["char"]->query("SELECT guildRank FROM guild_data WHERE playerid='" . $char["guid"] . "'"), 0); $guild_name = $sql["char"]->result($sql["char"]->query("SELECT guildName FROM guilds WHERE guildid='" . $guild_id . "'")); } else { $guild_id = $sql["char"]->result($sql["char"]->query("SELECT guildid FROM guild_member WHERE guid='" . $char["guid"] . "'"), 0); $guild_rank = $sql["char"]->result($sql["char"]->query("SELECT rank AS guildRank FROM guild_member WHERE guid='" . $char["guid"] . "'"), 0); $guild_name = $sql["char"]->result($sql["char"]->query("SELECT name AS guildName FROM guild WHERE guildid='" . $guild_id . "'")); } $online = $char["online"] ? lang("char", "online") : lang("char", "offline"); if ($guild_id) { $guild_name = '<a href="guild.php?action=view_guild&realm=' . $realmid . '&error=3&id=' . $guild_id . '" >' . $guild_name . '</a>'; $mrank = $guild_rank; if ($core == 1) { $guild_rank = $sql["char"]->result($sql["char"]->query('SELECT rankname FROM guild_ranks WHERE guildid=' . $guild_id . ' AND rankId=' . $mrank . ''), 0, 'rankname'); } else { $guild_rank = $sql["char"]->result($sql["char"]->query('SELECT rname AS rankname FROM guild_rank WHERE guildid=' . $guild_id . ' AND rid=' . $mrank . ''), 0, 'rankname'); } } else { $guild_name = lang("global", "none"); $guild_rank = lang("global", "none"); } $output .= ' <center> <table class="hidden char_list_char_tools"> <tr> <td class="char_tools_avatar"> <div> <img src="' . char_get_avatar_img($char["level"], $char["gender"], $char["race"], $char["class"], 0) . '" alt="avatar" /> </div> </td> <td colspan="3"> <font class="bold"> ' . htmlentities($char["name"], ENT_COMPAT, $site_encoding) . ' - <img src="img/c_icons/' . $char["race"] . '-' . $char["gender"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_race_name($char["race"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> <img src="img/c_icons/' . $char["class"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_class_name($char["class"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> - ' . lang("char", "level_short") . char_get_level_color($char["level"]) . ' </font> <br />' . lang("char", "location") . ': ' . get_map_name($char["mapid"]) . ' - ' . get_zone_name($char["zoneid"]) . ' <br />' . lang("char", "honor_points") . ': ' . $char_data[PLAYER_FIELD_HONOR_CURRENCY] . ' | ' . lang("char", "arena_points") . ': ' . $char_data[PLAYER_FIELD_ARENA_CURRENCY] . ' | ' . lang("char", "honor_kills") . ': ' . $char_data[PLAYER_FIELD_LIFETIME_HONORBALE_KILLS] . ' <br />' . lang("char", "guild") . ': ' . $guild_name . ' | ' . lang("char", "rank") . ': ' . htmlentities($guild_rank, ENT_COMPAT, $site_encoding) . ' <br />' . lang("char", "online") . ': ' . ($char["online"] ? '<img src="img/up.gif" onmousemove="oldtoolTip(\'' . lang("char", "online") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="online" />' : '<img src="img/down.gif" onmousemove="oldtoolTip(\'' . lang("char", "offline") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="offline" />'); if ($showcountryflag) { require_once 'libs/misc_lib.php'; $country = misc_get_country_by_account($char["acct"]); $output .= ' | ' . lang("global", "country") . ': ' . ($country["code"] ? '<img src="img/flags/' . $country["code"] . '.png" onmousemove="oldtoolTip(\'' . $country["country"] . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />' : '-'); unset($country); } $output .= ' </td> </tr> </table> <br /> <table class="hidden char_list_char_tools"> <tr> <td>'; makebutton(lang("xname", "changename"), "char_tools.php?char=" . $id, 150); $output .= ' </td> <td>'; makebutton(lang("xrace", "changerace"), "char_tools.php?char=" . $id, 150); $output .= ' </td> <td>'; makebutton(lang("unstuck", "unstuck"), "hearthstone.php?action=approve&char=" . $id, 150); $output .= ' </td> </tr> <tr> <td>'; makebutton(lang("char_list", "transfer"), "change_char_account.php?action=chooseacct&priority=1&char=" . $id, 150); $output .= ' </td> <td>'; makebutton(lang("global", "back"), "char_list.php", 150); $output .= ' </td> </tr> </table> </center>'; }
function do_add_entry() { global $realm_db, $user_name, $output, $action_permission, $user_lvl; valid_login($action_permission['insert']); if (empty($_GET['ban_type']) || empty($_GET['entry']) || empty($_GET['bantime'])) { redirect("banned.php?error=1&action=add_entry"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $ban_type = $sqlr->quote_smart($_GET['ban_type']); $entry = $sqlr->quote_smart($_GET['entry']); if ($ban_type == "account_banned") { $result1 = $sqlr->query("SELECT id FROM account WHERE username ='******'"); if (!$sqlr->num_rows($result1)) { redirect("banned.php?error=4&action=add_entry"); } else { $entry = $sqlr->result($result1, 0, 'id'); } } $bantime = time() + 3600 * $sqlr->quote_smart($_GET['bantime']); $banreason = isset($_GET['banreason']) && $_GET['banreason'] != '' ? $sqlr->quote_smart($_GET['banreason']) : "none"; if ($ban_type === "account_banned") { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$entry}'"); if (!$sqlr->result($result, 0)) { $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}', 1)"); } } else { $sqlr->query("INSERT INTO ip_banned (ip, bandate, unbandate, bannedby, banreason)\r\n VALUES ('{$entry}'," . time() . ",{$bantime},'{$user_name}','{$banreason}')"); } if ($sqlr->affected_rows()) { redirect("banned.php?error=3&ban_type={$ban_type}"); } else { redirect("banned.php?error=2&ban_type={$ban_type}"); } }
function doedit_user() { global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission; valid_login($action_permission['update']); if ((!isset($_POST['pass']) || $_POST['pass'] === '') && (!isset($_POST['mail']) || $_POST['mail'] === '') && (!isset($_POST['expansion']) || $_POST['expansion'] === '') && (!isset($_POST['referredby']) || $_POST['referredby'] === '')) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1"); } $sqlr = new SQL(); $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $id = $sqlr->quote_smart($_POST['id']); $username = $sqlr->quote_smart($_POST['username']); $banreason = $sqlr->quote_smart($_POST['banreason']); $pass = $sqlr->quote_smart($_POST['pass']); $user_pass_change = $pass != sha1(strtoupper($username) . ":******") ? "username='******',sha_pass_hash='{$pass}'," : ""; $mail = isset($_POST['mail']) && $_POST['mail'] != '' ? $sqlr->quote_smart($_POST['mail']) : ""; $failed = isset($_POST['failed']) ? $sqlr->quote_smart($_POST['failed']) : 0; $gmlevel = isset($_POST['gmlevel']) ? $sqlr->quote_smart($_POST['gmlevel']) : 0; $expansion = isset($_POST['expansion']) ? $sqlr->quote_smart($_POST['expansion']) : 1; $banned = isset($_POST['banned']) ? $sqlr->quote_smart($_POST['banned']) : 0; $locked = isset($_POST['locked']) ? $sqlr->quote_smart($_POST['locked']) : 0; $referredby = $sqlr->quote_smart(trim($_POST['referredby'])); //make sure username/pass at least 4 chars long and less than max if (strlen($username) < 4 || strlen($username) > 15) { redirect("user.php?action=edit_user&id={$id}&error=8"); } if ($gmlevel >= $user_lvl) { redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16"); } require_once "libs/valid_lib.php"; if (!valid_alphabetic($username)) { redirect("user.php?action=edit_user&error=9&id={$id}"); } //restricting accsess to lower gmlvl $result = $sqlr->query("SELECT gmlevel,username FROM account WHERE id = '{$id}'"); if ($user_lvl <= $sqlr->result($result, 0, 'gmlevel') && $user_name != $sqlr->result($result, 0, 'username')) { redirect("user.php?error=14"); } if (!$banned) { $sqlr->query("DELETE FROM account_banned WHERE id='{$id}'"); } else { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '{$id}'"); if (!$sqlr->result($result, 0)) { $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)\r\n VALUES ({$id}, " . time() . "," . (time() + 365 * 24 * 3600) . ",'{$user_name}','{$banreason}', 1)"); } } $sqlr->query("UPDATE account SET email='{$mail}', {$user_pass_change} v=0,s=0,failed_logins='{$failed}',locked='{$locked}',expansion='{$expansion}' WHERE id='{$id}'"); $sqlr->query("UPDATE account SET gmlevel='{$gmlevel}' WHERE id='{$id}'"); if (doupdate_referral($referredby, $id) || $sqlr->affected_rows()) { redirect("user.php?action=edit_user&error=13&id={$id}"); } else { redirect("user.php?action=edit_user&error=12&id={$id}"); } }
function doupdate_commands() { global $output, $realm_id, $world_db, $action_permission; valid_login($action_permission['update']); $sqlw = new SQL(); $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); if (isset($_GET['change'])) { $change = $sqlw->quote_smart($_GET['change']); } else { redirect('command.php?error=1'); } $commands = array_keys($change); $n_commands = count($change); for ($i = 0; $i < $n_commands; ++$i) { $query = $sqlw->query('UPDATE command SET security = ' . $change[$commands[$i]] . ' WHERE name= \'' . $commands[$i] . '\''); } unset($n_commands); unset($commands); unset($change); redirect('command.php'); }
function do_mark_ticket() { global $characters_db, $realm_id, $action_permission, $sql, $core, $user_id; valid_login($action_permission["update"]); if (empty($_GET["id"])) { redirect("ticket.php?error=1"); } $id = $sql["char"]->quote_smart($_GET["id"]); if (!is_numeric($id)) { redirect("ticket.php?error=1"); } if ($core == 3) { // get closing account's oldest character $query = "SELECT guid FROM characters WHERE account='" . $user_id . "' ORDER BY guid LIMIT 1"; $result = $sql["char"]->query($query); $fields = $sql["char"]->fetch_assoc($result); $closer = $fields["guid"]; } if ($core == 1) { $query = $sql["char"]->query("UPDATE gm_tickets SET deleted=1 WHERE ticketid='" . $id . "'"); } elseif ($core == 2) { // this_is_junk: MaNGOS doesn't have a way to close a ticket? Just delete it? $query = $sql["char"]->query("DELETE FROM character_ticket WHERE ticket_id='" . $id . "'"); } else { $query = $sql["char"]->query("UPDATE gm_tickets SET closedBy=" . $closer . " WHERE guid='" . $id . "'"); } if ($sql["char"]->affected_rows()) { redirect("ticket.php?error=5"); } else { redirect("ticket.php?error=6"); } }
function dodel_char() { global $output, $characters_db, $realm_id, $action_permission, $tab_del_user_characters, $sql; valid_login($action_permission["delete"]); if (isset($_GET["check"])) { $check = $sql["char"]->quote_smart($_GET["check"]); } else { redirect("char_list.php?error=1"); } $deleted_chars = 0; require_once "libs/del_lib.php"; $n_check = count($check); for ($i = 0; $i < $n_check; ++$i) { if (!($check[$i] == "")) { if (del_char($check[$i], $realm_id)) { $deleted_chars++; } } } unset($n_check); unset($check); $output .= ' <div class="center">'; if ($deleted_chars) { $output .= ' <h1><span class="error">' . lang("char_list", "total") . ' <span style="color: blue;">' . $deleted_chars . '</span> ' . lang("char_list", "chars_deleted") . '</span></h1>'; } else { $output .= ' <h1><span class="error">' . lang("char_list", "no_chars_del") . '</span></h1>'; } unset($deleted_chars); $output .= ' <br /><br />'; $output .= ' <table class="hidden"> <tr> <td>'; makebutton(lang("char_list", "back_browse_chars"), "char_list.php", 220); $output .= ' </td> </tr> </table> <br /> </div>'; }
<?php require_once 'header.php'; require_once 'libs/char_lib.php'; valid_login($action_permission['read']); //############################################################################# // BROWSE GUILDS //############################################################################# function browse_guilds(&$sqlr, &$sqlc) { global $output, $lang_guild, $lang_global, $realm_db, $characters_db, $realm_id, $action_permission, $user_lvl, $user_id, $itemperpage; // this is multi realm support, as of writing still under development // this page is already implementing it if (empty($_GET['realm'])) { $realmid = $realm_id; } else { $realmid = $sqlr->quote_smart($_GET['realm']); if (is_numeric($realmid)) { $sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']); } else { $realmid = $realm_id; } } //==========================$_GET and SECURE================================= $start = isset($_GET['start']) ? $sqlc->quote_smart($_GET['start']) : 0; if (is_numeric($start)) { } else { $start = 0; } $order_by = isset($_GET['order_by']) ? $sqlc->quote_smart($_GET['order_by']) : 'gid'; if (preg_match('/^[_[:lower:]]{1,10}$/', $order_by)) {
function do_add_tele() { global $world_db, $realm_id, $action_permission, $sqlw; valid_login($action_permission['insert']); if (!isset($_GET['name']) || !isset($_GET['map']) || !isset($_GET['x']) || !isset($_GET['y']) || !isset($_GET['z']) || !isset($_GET['orientation'])) { redirect("tele.php?error=1"); } $name = $sqlw->quote_smart($_GET['name']); $map = $sqlw->quote_smart($_GET['map']); $x = $sqlw->quote_smart($_GET['x']); $y = $sqlw->quote_smart($_GET['y']); $z = $sqlw->quote_smart($_GET['z']); $orientation = $sqlw->quote_smart($_GET['orientation']); $sqlw->query("INSERT INTO recall (id, positionx, positiony, positionz, orientation, mapid, name) VALUES (NULL,'{$x}','{$y}', '{$z}' ,'{$orientation}' ,'{$map}' ,'{$name}')"); if ($sqlw->affected_rows()) { redirect("tele.php?error=3"); } else { redirect("tele.php?error=5"); } }
<?php require_once 'header.php'; require_once 'libs/telnet_lib.php'; valid_login($action_permission['insert']); function main() { global $output, $lang_global, $lang_message; $output .= ' <div class="top"><h1>' . $lang_message['main'] . '</h1></div> <center> <form action="message.php?action=send" method="post" name="form"> <table class="top_hidden"> <tr> <td align="center"> Send : <select name="type"> <option value="1" selected="selected">' . $lang_message['announcement'] . '</option> <option value="2">' . $lang_message['notification'] . '</option> <option value="3">' . $lang_message['both'] . '</option> </select> </td> </tr> <tr> <td colspan="2" align="center"> <textarea id="msg" name="msg" rows="26" cols="80"></textarea> </td> </tr> <tr> <td align="center"> <table align="center" class="hidden">
function set_def_realm() { global $action_permission, $sql; valid_login($action_permission["view"]); $id = isset($_GET["id"]) ? $sql["mgr"]->quote_smart($_GET["id"]) : 1; if (!is_numeric($id)) { $id = 1; } if ($sql["mgr"]->num_rows($sql["mgr"]->query("SELECT `Index` AS id FROM config_servers WHERE `Index`='" . $id . "'"))) { $_SESSION["realm_id"] = $id; } unset($id); $url = isset($_GET["url"]) ? $_GET["url"] : "index.php"; redirect($url); }
function savename() { global $output, $action_permission, $corem_db, $characters_db, $realm_id, $user_id, $name_credits, $sql, $core; valid_login($action_permission["update"]); $guid = $sql["mgr"]->quote_smart($_GET["guid"]); $name = $sql["mgr"]->fetch_assoc($sql["mgr"]->query("SELECT * FROM char_changes WHERE guid='" . $guid . "'")); $int_err = 0; // credits if ($name_credits > 0) { // we need the player's account if ($core == 1) { $acct_query = "SELECT login AS username FROM accounts WHERE acct=(SELECT acct FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')"; } else { $acct_query = "SELECT username FROM account WHERE id=(SELECT account FROM " . $characters_db[$realm_id]["name"] . ".characters WHERE guid='" . $guid . "')"; } $acct_result = $sql["logon"]->query($acct_query); $acct_result = $sql["logon"]->fetch_assoc($acct_result); $username = $acct_result["username"]; // now we get the user's credit balance $cr_query = "SELECT Credits FROM config_accounts WHERE Login='******'"; $cr_result = $sql["mgr"]->query($cr_query); $cr_result = $sql["mgr"]->fetch_assoc($cr_result); $credits = $cr_result["Credits"]; // since this action is delayed, we have to make sure the account still has sufficient funds // if the account doesn't have enough, we just delete the change request if ($credits >= 0 && $credits < $name_credits) { $int_err = 1; } if (!$int_err) { // we don't charge credits if the account is unlimited if ($credits >= 0) { $credits = $credits - $name_credits; } $money_query = "UPDATE config_accounts SET Credits='" . $credits . "' WHERE Login='******'"; $money_result = $sql["mgr"]->query($money_query); } } if (!$int_err) { $result = $sql["char"]->query("UPDATE characters SET name='" . $name["new_name"] . "' WHERE guid='" . $guid . "'"); } $result = $sql["mgr"]->query("DELETE FROM char_changes WHERE guid='" . $guid . "'"); redirect("index.php"); }
function send_mail() { global $output, $logon_db, $characters_db, $realm_id, $action_permission, $user_name, $from_mail, $mailer_type, $smtp_cfg, $GMailSender, $sql, $core; // if we came here from Quest Item Vendor or Ultra Vendor, // we need to bypass the normal permissions if ($_SESSION["vendor_permission"]) { valid_login($action_permission["view"]); unset($_SESSION["vendor_permission"]); } else { valid_login($action_permission["update"]); } $type = isset($_GET["type"]) ? $_GET["type"] : "ingame_mail"; if (empty($_GET["body"]) || empty($_GET["subject"]) || empty($_GET["group_sign"]) || empty($_GET["group_send"])) { redirect("mail.php?error=1"); } $body = explode("\n", $_GET["body"]); $subject = $sql["char"]->quote_smart($_GET["subject"]); if (isset($_GET["to"]) && $_GET["to"] != "") { $to = $sql["char"]->quote_smart($_GET["to"]); } else { $to = 0; if (!isset($_GET["group_value"]) || $_GET["group_value"] === '') { redirect("mail.php?error=1"); } else { $group_value = $sql["char"]->quote_smart($_GET["group_value"]); $group_sign = $sql["char"]->quote_smart($_GET["group_sign"]); $group_send = $sql["char"]->quote_smart($_GET["group_send"]); } } //$type = addslashes($type); $att_gold = $sql["char"]->quote_smart($_GET["money"]); for ($i = 0; $i < 12; $i++) { $temp_item = $sql["char"]->quote_smart($_GET["att_item" . ($i + 1)]); $temp_stack = $sql["char"]->quote_smart($_GET["att_stack" . ($i + 1)]); if ($temp_item != 0 && $temp_stack == 0) { $temp_stack = 1; } if ($temp_item != "0") { $att_item[] = $temp_item; $att_stack[] = $temp_stack; } } switch ($type) { case "email": require_once "libs/mailer/class.phpmailer.php"; require_once "libs/mailer/authgMail_lib.php"; $mail = new PHPMailer(); $mail->Mailer = $mailer_type; if ($mailer_type == "smtp") { $mail->Host = $smtp_cfg["host"]; $mail->Port = $smtp_cfg["port"]; if ($smtp_cfg["user"] != "") { $mail->SMTPAuth = true; $mail->Username = $smtp_cfg["user"]; $mail->Password = $smtp_cfg["pass"]; } } $value = NULL; for ($i = 0; $i < count($body); $i++) { $value .= $body[$i] . "\r\n"; } $body = $value; $mail->From = $from_mail; $mail->FromName = $user_name; $mail->Subject = $subject; $mail->IsHTML(true); $body = str_replace("\n", "<br />", $body); $body = str_replace("\r", " ", $body); $body = str_replace(array("\r\n", "\n", "\r"), "<br />", $body); $body = preg_replace("/([^\\/=\"\\]])((http|ftp)+(s)?:\\/\\/[^<>\\s]+)/i", "\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $body); $body = preg_replace('/([^\\/=\\"\\]])(www\\.)(\\S+)/', '\\1<a href="http://\\2\\3" target="_blank">\\2\\3</a>', $body); $mail->Body = $body; $mail->WordWrap = 50; if ($to) { if (!$GMailSender) { //single Recipient $mail->AddAddress($to); if (!$mail->Send()) { $mail->ClearAddresses(); redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo); } else { $mail->ClearAddresses(); redirect("mail.php?error=2"); } } else { //single Recipient $mail_result = authgMail($from_mail, $user_name, $to, $to, $subject, $body, $smtp_cfg); if ($mail_result["quitcode"] != 221) { redirect("mail.php?error=3&mail_err=" . $mail_result["die"]); } else { redirect("mail.php?error=2"); } } } elseif (isset($group_value)) { //group send $email_array = array(); switch ($group_send) { case "gm_level": if ($core == 1) { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'"); } else { $result = $sql["logon"]->query("SELECT email FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'"); } while ($user = $sql["logon"]->fetch_row($result)) { if ($user[0] != "") { array_push($email_array, $user[0]); } } break; case "locked": //this_is_junk: I'm going to pretend that locked is muted if ($core == 1) { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE muted" . $group_sign . "'" . $group_value . "'"); } else { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE locked" . $group_sign . "'" . $group_value . "'"); } while ($user = $sql["logon"]->fetch_row($result)) { if ($user[0] != "") { array_push($email_array, $user[0]); } } break; case "banned": //this_is_junk: sigh... $que = $sql["logon"]->query("SELECT id FROM account_banned"); while ($banned = $sql->fetch_row($que)) { $result = $sql["logon"]->query("SELECT email FROM accounts WHERE acct='" . $banned[0] . "'"); if ($sqlr->result($result, 0, 'email')) { array_push($email_array, $sql->result($result, 0, "email")); } } break; default: redirect("mail.php?error=5"); break; } if (!$GMailSender) { foreach ($email_array as $mail_addr) { $mail->AddAddress($mail_addr); if (!$mail->Send()) { $mail->ClearAddresses(); redirect("mail.php?error=3&mail_err=" . $mail->ErrorInfo); } else { $mail->ClearAddresses(); } } } else { $mail_to = implode(",", $email_array); $mail_result = authgMail($from_mail, $user_name, $mail_to, "", $subject, $body, $smtp_cfg); if ($mail_result["quitcode"] != 221) { redirect("mail.php?error=3&mail_err=" . $mail_result["die"]); } else { redirect("mail.php?error=2"); } } redirect("mail.php?error=2"); } else { redirect("mail.php?error=1"); } break; case "ingame_mail": $value = NULL; for ($i = 0; $i < count($body); $i++) { $value .= $body[$i] . " "; } $body = $value; $body = str_replace("\r", " ", $body); $body = $sql["char"]->quote_smart($body); if ($to) { //single Recipient $result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $to . "'"); if ($sql["char"]->num_rows($result) == 1) { $receiver = $sql["char"]->result($result, 0, 'guid'); $mails = array(); $mail["receiver"] = $receiver; $mail["subject"] = $subject; $mail["body"] = $body; $mail["att_gold"] = $att_gold; $mail["att_item"] = $att_item; $mail["att_stack"] = $att_stack; $mail["receiver_name"] = $to; //array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack)); array_push($mails, $mail); if ($core == 1) { send_ingame_mail_A($realm_id, $mails); } else { send_ingame_mail_MT($realm_id, $mails); } } else { redirect("mail.php?error=4"); } redirect("mail.php?error=2"); break; } elseif (isset($group_value)) { //group send $char_array = array(); switch ($group_send) { case "gm_level": if ($core == 1) { $result = $sql["logon"]->query("SELECT acct FROM accounts WHERE gm" . $group_sign . "'" . $group_value . "'"); } else { $result = $sql["logon"]->query("SELECT account.id AS acct FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(gmlevel, 0)" . $group_sign . "'" . $group_value . "'"); } while ($acc = $sql["char"]->fetch_row($result)) { if ($core == 1) { $result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE acct='" . $acc[0] . "'"); } else { $result_2 = $sql["char"]->query("SELECT name FROM `characters` WHERE account='" . $acc[0] . "'"); } while ($char = $sql["char"]->fetch_row($result_2)) { array_push($char_array, $char[0]); } } break; case "online": $result = $sql["char"]->query("SELECT name FROM `characters` WHERE online" . $group_sign . "'" . $group_value . "'"); while ($user = $sql["char"]->fetch_row($result)) { array_push($char_array, $user[0]); } break; case "char_level": $result = $sql["char"]->query("SELECT name FROM `characters` WHERE level" . $group_sign . "'" . $group_value . "'"); while ($user = $sql["char"]->fetch_row($result)) { array_push($char_array, $user[0]); } break; default: redirect("mail.php?error=5"); } $mails = array(); if ($sql["char"]->num_rows($result)) { foreach ($char_array as $receiver) { $result = $sql["char"]->query("SELECT guid FROM characters WHERE name='" . $receiver . "'"); $char_guid = $sql["char"]->fetch_row($result); $mail = array(); $mail["receiver"] = $char_guid[0]; $mail["subject"] = $subject; $mail["body"] = $body; $mail["att_gold"] = $att_gold; $mail["att_item"] = $att_item; $mail["att_stack"] = $att_stack; $mail["receiver_name"] = $receiver; //array_push($mails, array($receiver, $subject, $body, $att_gold, $att_item, $att_stack)); array_push($mails, $mail); } if ($core == 1) { send_ingame_mail_A($realm_id, $mails); } else { send_ingame_mail_MT($realm_id, $mails); } redirect("mail.php?error=2"); } else { redirect("mail.php?error=4"); } } break; default: redirect("mail.php?error=1"); } }