$ausgaben["inaccessible"] = ""; } // +++ // unzugaengliche #(marken) sichtbar machen // wohin schicken # header("Location: ".$cfg["menued"]["basis"]."/?.html"); // +++ // page basics #$fixed_entry = str_replace(" ", "", $HTTP_POST_VARS["entry"]); $fixed_entry = preg_replace("/[^A-Za-z_\\-\\.0-9]+/", "", $HTTP_POST_VARS["entry"]); // PREG:^[a-z_.-0-9]+$ if ($environment["parameter"][3] == "verify" && ($HTTP_POST_VARS["send"] != "" || $HTTP_POST_VARS["add"] != "" || $HTTP_POST_VARS["delete"] != "")) { // form eigaben prüfen form_errors($form_options, $HTTP_POST_VARS); // black-list-test black_list($environment["parameter"][2], $_POST["entry"]); // lang tabellen aenderungen if ($ausgaben["form_error"] == "") { $header_link = $cfg["menued"]["basis"] . "/edit," . $environment["parameter"][1] . ".html"; #?referer=".$ausgaben["form_referer"]); if ($HTTP_POST_VARS["add"] && $HTTP_POST_VARS["new_lang"] != "") { $sql = "SELECT label\n FROM " . $cfg["menued"]["db"]["lang"]["entries"] . "\n WHERE mid = " . $environment["parameter"][1] . "\n AND lang = '" . $HTTP_POST_VARS["new_lang"] . "'"; if ($debugging["sql_enable"]) { $debugging["ausgabe"] .= "sql: " . $sql . $debugging["char"]; } $result = $db->query($sql); if (!$result) { $ausgaben["form_error"] .= $db->error("#(error_result)<br />"); } $num_rows = $db->num_rows($result); if ($num_rows >= 1) {
} // +++ // unzugaengliche #(marken) sichtbar machen // wohin schicken # header("Location: ".$cfg["menued"]["basis"]."/?.html"); // +++ // page basics #$fixed_entry = str_replace(" ", "", $_POST["entry"]); $fixed_entry = preg_replace("/[^A-Za-z_\\-\\.0-9]+/", "", $_POST["entry"]); // PREG:^[a-z_.-0-9]+$ if ($environment["parameter"][3] == "verify" && ($_POST["send"] != "" || $_POST["image"] || $_POST["add"])) { // form eigaben prüfen form_errors($form_options, $_POST); $error = $ausgaben["form_error"]; // black-list-test black_list($_POST["refid"], $_POST["entry"]); if ($ausgaben["form_error"] == "") { // gibt es einen solchen entry bereits? if ($fixed_entry != "") { $sql = "SELECT entry\n FROM " . $cfg["menued"]["db"]["menu"]["entries"] . "\n WHERE refid = '" . $_POST["refid"] . "'\n AND entry = '" . $fixed_entry . "'"; $result = $db->query($sql); $test = $db->fetch_array($result, 1); if ($test["entry"] == $fixed_entry) { $ausgaben["form_error"] .= "#(error_dupe)"; } $error = "dupe"; } // entry hinzufuegen $kick = array("PHPSESSID", "send", "cancel", "image", "image_x", "image_y", "add_x", "add_y", "add", "form_referer", "lang", "label", "extend", "exturl", "new_lang", "entry", "wizard"); foreach ($_POST as $name => $value) { if (!in_array($name, $kick)) {
if ($ir['donatordays'] == 0) { die("This feature is for donators only."); } print "<h3>Black List</h3>"; switch ($_GET['action']) { case "add": add_enemy(); break; case "remove": remove_enemy(); break; case "ccomment": change_comment(); break; default: black_list(); break; } function black_list() { global $ir, $c, $userid; print "<a href='blacklist.php?action=add'>> Add an Enemy</a><br />\nThese are the people on your black list. "; $q_y = mysql_query("SELECT * FROM blacklist WHERE bl_ADDED={$userid}", $c); print mysql_num_rows($q_y) . " people have added you to their list.<br />Most hated: ["; $q2r = mysql_query("SELECT u.username,count( * ) as cnt,bl.bl_ADDED FROM blacklist bl LEFT JOIN users u on bl.bl_ADDED=u.userid GROUP BY bl.bl_ADDED ORDER BY cnt DESC LIMIT 5", $c) or die(mysql_error()); $r = 0; while ($r2r = mysql_fetch_array($q2r)) { $r++; if ($r > 1) { print " | "; }