function cs_sql_version($cs_file)
{
global $cs_db;
$subtype = empty($cs_db['subtype']) ? 'myisam' : strtolower($cs_db['subtype']);
$sql_infos = array('data_free' => 0, 'data_size' => 0, 'index_size' => 0, 'tables' => 0, 'names' => array());
$sql_query = "SHOW TABLE STATUS LIKE '" . cs_sql_escape($cs_db['prefix'] . '_') . "%'";
if ($sql_data = $cs_db['con']->query($sql_query)) {
$new_result = $sql_data->fetchAll(PDO::FETCH_ASSOC);
$sql_data = NULL;
foreach ($new_result as $row) {
$sql_infos['data_size'] += $row['Data_length'];
$sql_infos['index_size'] += $row['Index_length'];
$sql_infos['data_free'] += $subtype == 'innodb' ? 0 : $row['Data_free'];
$sql_infos['tables']++;
$sql_infos['names'][] .= $row['Name'];
}
} else {
$error = $cs_db['con']->errorInfo();
cs_error_sql($cs_file, 'cs_sql_version', $error[2]);
}
cs_log_sql($cs_file, $sql_query);
$sql_infos['type'] = 'MySQL (pdo_mysql)';
$sql_infos['subtype'] = empty($cs_db['subtype']) ? 'myisam' : $cs_db['subtype'];
$sql_infos['host'] = $cs_db['con']->getAttribute(PDO::ATTR_CONNECTION_STATUS);
$sql_infos['encoding'] = 'PDO encoding';
$sql_infos['client'] = $cs_db['con']->getAttribute(PDO::ATTR_CLIENT_VERSION);
$sql_infos['server'] = $cs_db['con']->getAttribute(PDO::ATTR_SERVER_VERSION);
return $sql_infos;
}
function cs_trashmail($email)
{
$parts = explode('@', $email, 2);
if (empty($parts[1])) {
return false;
} else {
$where = "trashmail_entry = '" . strtolower(cs_sql_escape($parts[1])) . "'";
$check = cs_sql_count(__FILE__, 'trashmail', $where);
return empty($check) ? false : true;
}
}
function cs_captchacheck($input, $mini = 0)
{
if (!extension_loaded('gd')) {
return true;
}
$ip = cs_getip();
$timeout = cs_time() - 900;
$string = empty($mini) ? cs_sql_escape($input) : 'mini_' . cs_sql_escape($input);
$cond = 'captcha_ip = \'' . cs_sql_escape($ip) . '\' AND ';
$cond .= 'captcha_time > \'' . $timeout . '\' AND ';
$cond .= 'captcha_string = \'' . $string . '\'';
$hash_db = cs_sql_select(__FILE__, 'captcha', 'captcha_id', $cond);
if (empty($hash_db)) {
return false;
}
cs_sql_delete(__FILE__, 'captcha', $hash_db['captcha_id']);
return true;
}
function cs_categories_create($mod, $categories_name)
{
$return = 0;
if (empty($categories_name)) {
return 0;
}
$get = "categories_mod='" . $mod . "' AND categories_name = '" . cs_sql_escape($categories_name) . "'";
$get_data = cs_sql_select(__FILE__, 'categories', 'categories_id', $get, 'categories_name');
if (empty($get_data['categories_id'])) {
$columns = array('categories_mod', 'categories_name');
$values = array($mod, $categories_name);
cs_sql_insert(__FILE__, 'categories', $columns, $values);
$find = "categories_mod='" . $mod . "' AND categories_name = '" . cs_sql_escape($categories_name) . "'";
$find_data = cs_sql_select(__FILE__, 'categories', 'categories_id', $find, 'categories_name');
$return = $find_data['categories_id'];
} else {
$return = $get_data['categories_id'];
}
return $return;
}
$data['banners']['or_img_url'] = $cs_banners['banners_picture'];
$data['banners']['alt'] = $cs_banners['banners_alt'];
$data['banners']['order'] = $cs_banners['banners_order'];
$matches[1] = $cs_lang['pic_infos'];
$return_types = '';
foreach ($img_filetypes as $add) {
$return_types .= empty($return_types) ? $add : ', ' . $add;
}
$matches[2] = $cs_lang['max_width'] . $op_banners['max_width'] . ' px' . cs_html_br(1);
$matches[2] .= $cs_lang['max_height'] . $op_banners['max_height'] . ' px' . cs_html_br(1);
$matches[2] .= $cs_lang['max_size'] . cs_filesize($op_banners['max_size']) . cs_html_br(1);
$matches[2] .= $cs_lang['filetypes'] . $return_types;
$data['banners']['clip'] = cs_abcode_clip($matches);
echo cs_subtemplate(__FILE__, $data, 'banners', 'create');
} else {
settype($cs_banners['banners_order'], 'integer');
$banners_cells = array_keys($cs_banners);
$banners_save = array_values($cs_banners);
cs_sql_insert(__FILE__, 'banners', $banners_cells, $banners_save);
if (!empty($files['picture']['tmp_name'])) {
$where = "banners_name = '" . cs_sql_escape($cs_banners['banners_name']) . "'";
$getid = cs_sql_select(__FILE__, 'banners', 'banners_id', $where);
$filename = 'picture-' . $getid['banners_id'] . '.' . $extension;
cs_upload('banners', $filename, $files['picture']['tmp_name']);
$cs_banners2['banners_picture'] = 'uploads/banners/' . $filename;
$banners2_cells = array_keys($cs_banners2);
$banners2_save = array_values($cs_banners2);
cs_sql_update(__FILE__, 'banners', $banners2_cells, $banners2_save, $getid['banners_id']);
}
cs_redirect($cs_lang['create_done'], 'banners');
}
$votes_error++;
}
if (!empty($_REQUEST['votes_id'])) {
$votes_id = $_REQUEST['votes_id'];
} else {
$votes_error++;
}
if (isset($_POST['submit_votes'])) {
if (empty($votes_error)) {
$votes_form = 0;
if (isset($_POST['votes_several'])) {
$temp = explode("\n", $cs_votes['votes_election']);
$count_election = count($temp);
$count_voted = count($_POST['voted_answer']);
$error_several = 0;
$where = "voted_fid = '" . $votes_id . "' AND voted_mod = '" . $mod . "' AND voted_ip = '" . cs_sql_escape($users_ip) . "'";
$where .= " AND users_id = '" . $users_id . "' AND (";
$voting = array();
for ($run = 0; $run < $count_voted; $run++) {
settype($voted_answer[$run], 'integer');
if ($voted_answer[$run] < 1 || $voted_answer[$run] >= $count_election || in_array($voted_answer[$run], $voting)) {
$error_several = 1;
break;
}
$voting[] = $voted_answer[$run];
$where .= 'voted_answer = "' . $voted_answer[$run] . '" OR ';
}
$where = substr($where, 0, -4) . ')';
$error_several += cs_sql_count(__FILE__, 'voted', $where);
if (!empty($error_several)) {
die('Multivote triggered an error with answers -> Execution halted.');
// Lang file
$langinfocontent = '<?php' . "\r\n";
$langinfocontent .= '// ClanSphere 2010 - www.clansphere.net' . "\r\n";
$langinfocontent .= '// File created by mod modules' . "\r\n\r\n";
$langinfocontent .= '$cs_lang[\'mod\'] = \'' . $_POST['modname'] . "';\r\n";
$langinfocontent .= '$cs_lang[\'mod_info\'] = \'' . $_POST['description'] . "';\r\n\r\n";
$langinfocontent .= '?>';
if (!($langinfofile = fopen($cs_main['def_path'] . '/lang/' . $account['users_lang'] . '/' . $_POST['moddir'] . '.php', 'w'))) {
$error .= cs_html_br(1) . $cs_lang['modinfolang_create_failed'];
} elseif (!fwrite($langinfofile, $langinfocontent)) {
$error .= cs_html_br(1) . $cs_lang['modinfolang_write_failed'];
} else {
fclose($langinfofile);
}
// SQL
$query = 'ALTER TABLE {pre}_access ADD access_' . cs_sql_escape($_POST['moddir']) . ' int(2) NOT NULL default \'0\';';
$query = cs_sql_replace($query);
if (!cs_sql_query(__FILE__, $query)) {
$error .= cs_html_br(1) . $cs_lang['sqlaccess_failed'];
}
}
}
if (empty($_POST['submit']) || !empty($error)) {
$data['message']['lang'] = empty($error) ? nl2br($cs_lang['need_chmod']) : $cs_lang['error_occured'] . $error;
// SQL Tables
$_POST['tablescount'] = empty($_POST['tablescount']) ? 1 : (int) $_POST['tablescount'];
$tablescount = empty($_POST['addtable']) ? $_POST['tablescount'] : $_POST['tablescount'] + 1;
for ($run = 0; $run < $tablescount; $run++) {
$data['tables'][$run]['run'] = $run;
$data['tables'][$run]['value'] = empty($_POST['table_' . $run]) ? '' : $_POST['table_' . $run];
}
// ClanSphere 2010 - www.clansphere.net
// $Id$
$cs_lang = cs_translate('users');
$start = empty($_GET['start']) ? 0 : (int) $_GET['start'];
$cs_sort[1] = 'users_nick DESC';
$cs_sort[2] = 'users_nick ASC';
$cs_sort[3] = 'users_place DESC';
$cs_sort[4] = 'users_place ASC';
$cs_sort[5] = 'users_laston DESC';
$cs_sort[6] = 'users_laston ASC';
$sort = empty($_GET['sort']) ? 2 : (int) $_GET['sort'];
$order = $cs_sort[$sort];
//$where = empty($_REQUEST['where']) ? 0 : $_REQUEST['where'];
//$mof = empty($where) ? '' : " AND users_sex = '" . cs_sql_escape($where) . "'";
$where = empty($_GET['where']) ? 0 : $_GET['where'];
$mof = empty($where) ? '' : " AND users_nick LIKE '" . cs_sql_escape($where) . "%'";
$condition = 'users_delete = 0 AND users_active = 1' . $mof;
$users_count = cs_sql_count(__FILE__, 'users', $condition);
$data['head']['mod'] = $cs_lang['mod_name'];
$data['head']['action'] = $cs_lang['list'];
$data['head']['total'] = $users_count;
$data['head']['pages'] = cs_pages('users', 'list', $users_count, $start, $where, $sort);
$sel_female = $where === 'female' ? 'selected' : '';
$data['head']['sel_female'] = $sel_female;
$sel_male = $where === 'male' ? 'selected' : '';
$data['head']['sel_male'] = $sel_male;
$data['sort']['nick'] = cs_sort('users', 'list', $start, $where, 1, $sort);
$data['sort']['place'] = cs_sort('users', 'list', $start, $where, 3, $sort);
$data['sort']['laston'] = cs_sort('users', 'list', $start, $where, 5, $sort);
$select = 'users_id, users_nick, users_place, users_laston, users_country, users_hidden, users_active, users_invisible';
$cs_users = cs_sql_select(__FILE__, 'users', $select, $condition, $order, $start, $account['users_limit']);
$where = $_REQUEST['usersthumb'];
$from = 'usersgallery';
$select = 'usersgallery_name, usersgallery_time, usersgallery_count, usersgallery_count_downloads';
$where = "usersgallery_id = '" . cs_sql_escape($where) . "'";
$cs_gallery = cs_sql_select(__FILE__, $from, $select, $where);
$gallery_loop = count($cs_gallery);
$name = $cs_gallery['usersgallery_name'];
$gallery_time = $cs_gallery['usersgallery_time'];
$gallery_count = $cs_gallery['usersgallery_count'];
$gallery_count_downloads = $cs_gallery['usersgallery_count_downloads'];
}
if (!empty($_REQUEST['userspic'])) {
$where = $_REQUEST['userspic'];
$from = 'usersgallery';
$select = 'usersgallery_name, usersgallery_time, usersgallery_count, usersgallery_count_downloads';
$where = "usersgallery_id = '" . cs_sql_escape($where) . "'";
$cs_gallery = cs_sql_select(__FILE__, $from, $select, $where);
$gallery_loop = count($cs_gallery);
$name = $cs_gallery['usersgallery_name'];
$gallery_time = $cs_gallery['usersgallery_time'];
$gallery_count = $cs_gallery['usersgallery_count'];
$gallery_count_downloads = $cs_gallery['usersgallery_count_downloads'];
$gallery_count = $gallery_count + 1;
$gallery_cells = array('usersgallery_count');
$gallery_save = array($gallery_count);
cs_sql_update(__FILE__, 'usersgallery', $gallery_cells, $gallery_save, $_REQUEST['userspic']);
}
class PictureEngine
{
var $image;
var $width;
if (!empty($_POST['users_nick'])) {
$users_nick = cs_sql_escape($_POST['users_nick']);
$users_id = cs_sql_select(__FILE__, 'users', 'users_id', "users_nick = '{$users_nick}'", 0, 0, 1);
if ($users_id > 0) {
$insertion = array('medals_id' => $medals_id, 'users_id' => $users_id['users_id'], 'medalsuser_date' => cs_time());
cs_sql_insert(__FILE__, 'medalsuser', array_keys($insertion), array_values($insertion));
cs_redirect($cs_lang['create_done'], 'medals', 'user', 'where=' . $medals_id);
} else {
cs_redirect($cs_lang['user_not_found'], 'medals', 'user', 'where=' . $medals_id);
}
}
} else {
$medals_id = $_GET['where'];
}
if (isset($_GET['delete'])) {
$medalsuser_id = cs_sql_escape($_GET['delete']);
cs_sql_delete(__FILE__, 'medalsuser', $medalsuser_id);
cs_redirect($cs_lang['del_true'], 'medals', 'user', 'where=' . $medals_id);
}
$start = empty($_GET['start']) ? 0 : $_GET['start'];
$cs_sort[1] = 'md.medalsuser_date DESC';
$cs_sort[2] = 'md.medalsuser_date ASC';
$cs_sort[3] = 'usr.users_nick DESC';
$cs_sort[4] = 'usr.users_nick ASC';
$sort = empty($_GET['sort']) ? 1 : $_GET['sort'];
$order = $cs_sort[$sort];
$tables = 'medalsuser md LEFT JOIN {pre}_users usr ON usr.users_id = md.users_id';
$cells = 'usr.users_nick AS users_nick, md.users_id AS users_id, usr.users_active AS users_active, usr.users_delete AS users_delete, ';
$cells .= 'md.medals_id AS medals_id, md.medalsuser_date AS medalsuser_date, md.medalsuser_id AS medalsuser_id';
$where = 'medals_id = ' . $medals_id . '';
$data['medals_user'] = array();
}
$cs_clans['clans_picture'] = $filename;
} else {
$errormsg .= $cs_lang['up_error'];
$error++;
}
}
if (empty($cs_clans['clans_name'])) {
$error++;
$errormsg .= $cs_lang['no_name'] . cs_html_br(1);
}
if (empty($cs_clans['clans_short'])) {
$error++;
$errormsg .= $cs_lang['no_short'] . cs_html_br(1);
}
$where = "clans_name = '" . cs_sql_escape($cs_clans['clans_name']) . "'";
$where .= " AND clans_id != " . (int) $clans_id;
$search = cs_sql_count(__FILE__, 'clans', $where);
if (!empty($search)) {
$error++;
$errormsg .= $cs_lang['name_exists'] . cs_html_br(1);
}
} else {
$cells = 'clans_name, clans_short, clans_tag, clans_tagpos, clans_country, clans_url, clans_since, clans_pwd, clans_picture, users_id';
$cs_clans = cs_sql_select(__FILE__, 'clans', $cells, "clans_id = " . (int) $clans_id);
$cs_users = cs_sql_select(__FILE__, 'users', 'users_nick', 'users_id = ' . (int) $cs_clans['users_id']);
$users_nick = $cs_users['users_nick'];
}
if (!isset($_POST['submit'])) {
$data['lang']['body'] = $cs_lang['errors_here'];
}
$levels++;
}
$data['cat']['abcode_smileys'] = cs_abcode_smileys('categories_text');
$data['cat']['abcode_features'] = cs_abcode_features('categories_text');
$matches[1] = $cs_lang['pic_infos'];
$return_types = '';
foreach ($img_filetypes as $add) {
$return_types .= empty($return_types) ? $add : ', ' . $add;
}
$matches[2] = $cs_lang['max_width'] . $op_categories['max_width'] . ' px' . cs_html_br(1);
$matches[2] .= $cs_lang['max_height'] . $op_categories['max_height'] . ' px' . cs_html_br(1);
$matches[2] .= $cs_lang['max_size'] . cs_filesize($op_categories['max_size']) . cs_html_br(1);
$matches[2] .= $cs_lang['filetypes'] . $return_types;
$data['cat']['picup_clip'] = cs_abcode_clip($matches);
echo cs_subtemplate(__FILE__, $data, 'categories', 'create');
} else {
$categories_cells = array_keys($cs_categories);
$categories_save = array_values($cs_categories);
cs_sql_insert(__FILE__, 'categories', $categories_cells, $categories_save);
if (!empty($files_gl['picture']['tmp_name'])) {
$where = "categories_name = '" . cs_sql_escape($cs_categories['categories_name']) . "'";
$getid = cs_sql_select(__FILE__, 'categories', 'categories_id', $where);
$filename = 'picture-' . $getid['categories_id'] . '.' . $extension;
cs_upload('categories', $filename, $files_gl['picture']['tmp_name']);
$cs_categories2['categories_picture'] = $filename;
$categories2_cells = array_keys($cs_categories2);
$categories2_save = array_values($cs_categories2);
cs_sql_update(__FILE__, 'categories', $categories2_cells, $categories2_save, $getid['categories_id']);
}
cs_redirect($cs_lang['create_done'], 'categories', 'manage', 'where=' . $cs_categories['categories_mod']);
}
<?php
// ClanSphere 2010 - www.clansphere.net
// $Id$
$cs_lang = cs_translate('articles');
$categories_id = empty($_REQUEST['where']) ? 0 : $_REQUEST['where'];
$start = empty($_REQUEST['start']) ? 0 : $_REQUEST['start'];
if (!empty($_POST['categories_id'])) {
$categories_id = $_POST['categories_id'];
}
empty($categories_id) ? $where = 0 : ($where = "categories_id = '" . cs_sql_escape($categories_id) . "'");
$cs_sort[1] = 'articles_headline DESC';
$cs_sort[2] = 'articles_headline ASC';
$cs_sort[3] = 'articles_time DESC';
$cs_sort[4] = 'articles_time ASC';
$sort = empty($_REQUEST['sort']) ? 3 : $_REQUEST['sort'];
$order = $cs_sort[$sort];
$articles_count = cs_sql_count(__FILE__, 'articles');
$data['head']['articles_count'] = $articles_count;
$data['head']['pages'] = cs_pages('articles', 'manage', $articles_count, $start, $categories_id, $sort);
$catmod = "categories_mod = 'articles'";
$cells = 'categories_name, categories_id';
$categories_data = cs_sql_select(__FILE__, 'categories', $cells, $catmod, 'categories_name', 0, 0);
$data['head']['dropdown'] = cs_dropdown('categories_id', 'categories_name', $categories_data, $categories_id);
$data['head']['message'] = cs_getmsg();
$cat_where = empty($categories_id) ? 0 : 'categories_id = ' . (int) $categories_id;
$cells = 'articles_headline, articles_id, articles_time, users_id';
$cs_articles = cs_sql_select(__FILE__, 'articles', $cells, $cat_where, $order, $start, $account['users_limit']);
$articles_loop = count($cs_articles);
$data['sort']['headline'] = cs_sort('articles', 'manage', $start, $categories_id, 1, $sort);
$data['sort']['date'] = cs_sort('articles', 'manage', $start, $categories_id, 3, $sort);
if (!empty($search_nick)) {
$error++;
$errormsg .= $cs_lang['nick_exists'] . cs_html_br(1);
}
$search_nick = strpos($register['nick'], '♥');
if (!empty($search_nick)) {
$error++;
$errormsg .= $cs_lang['chars_in_nick'] . cs_html_br(1);
}
$pwd2 = str_replace(' ', '', $register['password']);
$pwdchars = strlen($pwd2);
if ($pwdchars < 4) {
$error++;
$errormsg .= $cs_lang['short_pwd'] . cs_html_br(1);
}
$search_email = cs_sql_count(__FILE__, 'users', "users_email = '" . cs_sql_escape($register['email']) . "'");
if (!empty($search_email)) {
$error++;
$errormsg .= $cs_lang['email_exists'] . cs_html_br(1);
}
$pattern = "=^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@([0-9a-z](-?[0-9a-z])*\\.)+[a-z]{2}([zmuvtg]|fo|me)?\$=i";
if (!preg_match($pattern, $register['email'])) {
$error++;
$errormsg .= $cs_lang['email_false'] . cs_html_br(1);
}
include_once 'mods/contact/trashmail.php';
if (cs_trashmail($register['email'])) {
$error++;
$errormsg .= $cs_lang['email_false'] . cs_html_br(1);
}
$flood = cs_sql_select(__FILE__, 'users', 'users_register', 0, 'users_register DESC');
if (!empty($cs_post['start'])) {
$start = $cs_post['start'];
}
$sort = empty($cs_get['sort']) ? 2 : $cs_get['sort'];
if (!empty($cs_post['sort'])) {
$sort = $cs_post['sort'];
}
include_once 'mods/categories/functions.php';
$op_cat = cs_sql_option(__FILE__, 'categories');
$cs_sort[1] = 'categories_name DESC';
$cs_sort[2] = 'categories_name ASC';
$cs_sort[3] = 'categories_url DESC';
$cs_sort[4] = 'categories_url ASC';
$order = 'categories_subid, ' . $cs_sort[$sort];
$where = empty($_REQUEST['where']) ? $op_cat['def_mod'] : $_REQUEST['where'];
$mdp = "categories_mod = '" . cs_sql_escape($where) . "'";
$categories_count = cs_sql_count(__FILE__, 'categories', $mdp);
$data['where']['mod'] = $where;
$data['head']['count'] = $categories_count;
$data['head']['pages'] = cs_pages('categories', 'manage', $categories_count, $start, $where, $sort);
$run = 0;
$modules = cs_checkdirs('mods');
foreach ($modules as $mods) {
$check_axx = empty($account['access_' . $mods['dir'] . '']) ? 0 : $account['access_' . $mods['dir'] . ''];
if (!empty($mods['categories']) and $check_axx > 2) {
$mods['dir'] == $where ? $sel = 1 : ($sel = 0);
$data['mod'][$run]['sel'] = cs_html_option($mods['name'], $mods['dir'], $sel);
$run++;
}
}
$data['head']['getmsg'] = cs_getmsg();
$cs_ranks['ranks_name'] = $_POST['ranks_name'];
$cs_ranks['squads_id'] = $_POST['squads_id'];
$cs_ranks['ranks_url'] = $_POST['ranks_url'];
$cs_ranks['ranks_img'] = $_POST['ranks_img'];
$cs_ranks['ranks_code'] = $_POST['ranks_code'];
$error = '';
if (empty($cs_ranks['ranks_name'])) {
$error .= $cs_lang['no_name'] . cs_html_br(1);
}
if (empty($cs_ranks['ranks_url']) and empty($cs_ranks['ranks_code'])) {
$error .= $cs_lang['no_url'] . cs_html_br(1);
}
if (empty($cs_ranks['ranks_img']) and empty($cs_ranks['ranks_code'])) {
$error .= $cs_lang['no_img'] . cs_html_br(1);
}
$where = "ranks_name = '" . cs_sql_escape($cs_ranks['ranks_name']) . "'";
$where .= " AND ranks_id != '" . $ranks_id . "'";
$search = cs_sql_count(__FILE__, 'ranks', $where);
if (!empty($search)) {
$error .= $cs_lang['rank_exists'] . cs_html_br(1);
}
}
if (!isset($_POST['submit'])) {
$data['head']['body'] = $cs_lang['body_edit'];
} elseif (!empty($error)) {
$data['head']['body'] = $error;
}
if (!empty($error) or !isset($_POST['submit'])) {
$data['ranks'] = $cs_ranks;
$data['ranks']['id'] = $ranks_id;
$data_squads = cs_sql_select(__FILE__, 'squads', 'squads_name,squads_id', 0, 'squads_name', 0, 0);
$error = '';
$time = cs_time();
$buddys_id = 0;
$buddys_notice = '';
$users_id = $account['users_id'];
if (!empty($users_add_id)) {
$users_data = cs_sql_select(__FILE__, 'users', 'users_id, users_nick', "users_id = '" . $users_add_id . "'");
$buddys_nick = $users_data['users_nick'];
} else {
$buddys_nick = '';
}
if (isset($_POST['submit'])) {
if (!empty($_POST['buddys_nick'])) {
$buddys_nick = $_POST['buddys_nick'];
$buddys_notice = $_POST['buddys_notice'];
$users_data = cs_sql_select(__FILE__, 'users', 'users_id, users_nick', "users_nick = '" . cs_sql_escape($buddys_nick) . "'");
if (!empty($users_data)) {
$buddys_id = $users_data['users_id'];
if ($buddys_id == $account['users_id']) {
$error .= $cs_lang['error_user_self'];
}
$where = "users_id = '" . $users_id . "' AND buddys_user = '******'";
$buddys_check = cs_sql_count(__FILE__, 'buddys', $where);
if (!empty($buddys_check)) {
$error = $cs_lang['error_available'];
}
} else {
$error = $cs_lang['error_user_noavailable'];
}
} else {
$error = $cs_lang['error_id'];
$data['if']['preview'] = FALSE;
$data['if']['guest'] = FALSE;
if (isset($_POST['submit']) or isset($_POST['preview'])) {
$cs_com['comments_text'] = $_POST['comments_text'];
$error = '';
if (empty($cs_com['users_id'])) {
$guestnick = $_POST['comments_guestnick'];
if (empty($guestnick) and empty($cs_com['users_id'])) {
$error .= $cs_lang['no_guestnick'] . cs_html_br(1);
} else {
$nick2 = str_replace(' ', '', $guestnick);
$nickchars = strlen($nick2);
if ($nickchars < $op_users['min_letters']) {
$error .= sprintf($cs_lang['short_nick'], $op_users['min_letters']) . cs_html_br(1);
}
$search_nick = cs_sql_count(__FILE__, 'users', "users_nick = '" . cs_sql_escape($guestnick) . "'");
if (!empty($search_nick)) {
$error .= $cs_lang['nick_exists'] . cs_html_br(1);
}
}
}
if (empty($cs_com['comments_text'])) {
$error .= $cs_lang['no_text'] . cs_html_br(1);
}
}
if (!isset($_POST['submit']) and !isset($_POST['preview'])) {
$data['head']['body'] = $cs_lang['body_com_edit'];
} elseif (!empty($error)) {
$data['head']['body'] = $error;
} elseif (isset($_POST['preview'])) {
$data['head']['body'] = $cs_lang['preview'];
$error = '';
if ($cs_squads['squads_picture'] != $filename and !empty($cs_squads['squads_picture'])) {
cs_unlink('squads', $cs_squads['squads_picture']);
}
$cs_squads['squads_picture'] = $filename;
} else {
$error .= $cs_lang['up_error'];
}
}
if (empty($cs_squads['clans_id'])) {
$error .= $cs_lang['no_clan'] . cs_html_br(1);
}
if (empty($cs_squads['squads_name'])) {
$error .= $cs_lang['no_name'] . cs_html_br(1);
}
$where = "squads_name = '" . cs_sql_escape($cs_squads['squads_name']) . "'";
$where .= " AND squads_id != '" . $squads_id . "'";
$search = cs_sql_count(__FILE__, 'squads', $where);
if (!empty($search)) {
$error .= $cs_lang['squad_exists'] . cs_html_br(1);
}
}
if (!isset($_POST['submit'])) {
$data['head']['body'] = $cs_lang['errors_here'];
} elseif (!empty($error)) {
$data['head']['body'] = $error;
}
if (!empty($error) or !isset($_POST['submit'])) {
foreach ($cs_squads as $key => $value) {
$data['squads'][$key] = cs_secure($value);
}
<?php
// ClanSphere 2010 - www.clansphere.net
// $Id$
# Overwrite global settings by using the following array
$cs_main = array('init_sql' => true, 'init_tpl' => false, 'init_mod' => true);
chdir('../../');
require_once 'system/core/functions.php';
cs_init($cs_main);
$term = empty($_GET['term']) ? '' : $_GET['term'];
# Mods like messages support multiple users and that must be considered
$term_array = explode(';', $term);
$current = is_array($term_array) ? end($term_array) : $term;
# Strip current search term from search_users content
$old = substr($term, 0, strlen($term) - strlen($current));
if (!empty($current)) {
$data = array();
$data['data']['old'] = htmlspecialchars($old);
$data['data']['target'] = empty($_GET['target']) ? 'users_nick' : $_GET['target'];
$where = "users_nick LIKE '%" . cs_sql_escape(trim($current)) . "%' AND users_active = 1 AND users_delete = 0";
$data['result'] = cs_sql_select(__FILE__, 'users', 'users_nick', $where, 0, 0, 7);
if (!empty($data['result'])) {
$loop = count($data['result']);
for ($run = 0; $run < $loop; $run++) {
$data['result'][$run]['users_nick'] = cs_secure($data['result'][$run]['users_nick']);
}
echo cs_subtemplate(__FILE__, $data, 'ajax', 'search_users');
}
}
$cs_lang = cs_translate('board');
if (!empty($_GET['delall'])) {
cs_sql_update(__FILE__, 'board', array('board_order'), array(0), 0, 'board_order != 0');
cs_sql_update(__FILE__, 'categories', array('categories_order'), array(0), 0, "categories_mod = 'board'");
cs_redirect(NULL, 'board', 'sort');
}
if (!empty($_GET['board'])) {
$board_cells = array('board_order');
$board_save = empty($_GET['order']) ? array(0) : array(cs_sql_escape($_GET['order']));
cs_sql_update(__FILE__, 'board', $board_cells, $board_save, cs_sql_escape($_GET['board']));
cs_redirect(NULL, 'board', 'sort');
}
if (!empty($_GET['cat'])) {
$board_cells = array('categories_order');
$board_save = empty($_GET['order']) ? array(0) : array(cs_sql_escape($_GET['order']));
cs_sql_update(__FILE__, 'categories', $board_cells, $board_save, cs_sql_escape($_GET['cat']));
cs_redirect(NULL, 'board', 'sort');
}
$data['link']['back'] = cs_url('board', 'manage');
$data['link']['delall'] = cs_url('board', 'sort', 'delall=1');
$where = "categories_mod = 'board'";
$select = 'categories_name, categories_id, categories_order';
$cs_categories = cs_sql_select(__FILE__, 'categories', $select, $where, 'categories_order ASC, categories_name ASC', 0, 0);
$loop_categories = count($cs_categories);
if (!empty($cs_categories)) {
for ($run = 0; $run < $loop_categories; $run++) {
$data['cat'][$run]['categories_name'] = cs_secure($cs_categories[$run]['categories_name']);
$data['cat'][$run]['categories_order'] = cs_secure($cs_categories[$run]['categories_order']);
if ($run > 0 and $cs_categories[$run]['categories_order'] - 1 >= $cs_categories[$run - 1]['categories_order']) {
$data['cat'][$run]['categories_up'] = cs_html_img('symbols/clansphere/up_arrow_active.png') . ' ' . cs_link($cs_lang['up'], 'board', 'sort', 'cat=' . $cs_categories[$run]['categories_id'] . '&order=' . $cs_categories[$run - 1]['categories_order']);
} else {
}
$sort = empty($cs_get['sort']) ? 1 : $cs_get['sort'];
if (!empty($cs_post['sort'])) {
$sort = $cs_post['sort'];
}
$cs_sort[1] = 'gbk.gbook_time DESC';
$cs_sort[2] = 'gbk.gbook_time ASC';
$cs_sort[3] = 'usr.users_email DESC';
$cs_sort[4] = 'usr.users_email ASC';
$order = $cs_sort[$sort];
$user_gb = empty($_POST['user_gb']) ? 0 : $_POST['user_gb'];
if (empty($user_gb)) {
$user_gb = empty($_GET['user_gb']) ? 0 : $_GET['user_gb'];
}
if (!empty($user_gb)) {
$where = "users_nick = '" . cs_sql_escape($user_gb) . "'";
$cs_user = cs_sql_select(__FILE__, 'users', 'users_id', $where);
$id = $cs_user['users_id'];
}
$where = "gbook_users_id ='" . $id . "'";
$gbook_count = cs_sql_count(__FILE__, 'gbook', $where);
$data['head']['count'] = $gbook_count;
$data['head']['pages'] = cs_pages('gbook', 'manage', $gbook_count, $start, $id, $sort);
$data['head']['user_gb'] = empty($user_gb) ? '' : $user_gb;
$data['head']['getmsg'] = cs_getmsg();
$data['sort']['email'] = cs_sort('gbook', 'manage', $start, $id, 3, $sort);
$data['sort']['time'] = cs_sort('gbook', 'manage', $start, $id, 1, $sort);
$from = 'gbook gbk LEFT JOIN {pre}_users usr ON gbk.users_id = usr.users_id';
$select = 'gbk.gbook_id AS gbook_id, gbk.users_id AS users_id, gbk.gbook_time AS gbook_time, gbk.gbook_nick AS gbook_nick, ';
$select .= 'gbk.gbook_email AS gbook_email, gbk.gbook_lock AS gbook_lock, gbk.gbook_ip AS gbook_ip, ';
$select .= 'usr.users_nick AS users_nick, usr.users_email AS users_email';
}
if (!empty($_POST['games_creator'])) {
$games_creator = $_POST['games_creator'];
}
if (!empty($_POST['games_url'])) {
$games_url = $_POST['games_url'];
}
if (!empty($_POST['games_version'])) {
$games_version = $_POST['games_version'];
}
$data['lang']['body'] = !isset($_POST['submit']) ? $cs_lang['body_create'] : $errormsg;
if (isset($_POST['submit']) && empty($games_error) && empty($symbol_error)) {
$games_cells = array('games_name', 'games_version', 'games_released', 'games_creator', 'categories_id', 'games_url', 'games_usk');
$games_save = array($games_name, $games_version, $games_release, $games_creator, $categories_id, $games_url, $games_usk);
cs_sql_insert(__FILE__, 'games', $games_cells, $games_save);
$where = "games_name = '" . cs_sql_escape($games_name) . "'";
$getid = cs_sql_select(__FILE__, 'games', 'games_id', $where);
if (!empty($files['symbol']['tmp_name']) and $symbol_error == 0) {
$filename = $getid['games_id'] . '.' . $extension;
cs_upload('games', $filename, $files['symbol']['tmp_name']);
} else {
copy('uploads/games/0.gif', 'uploads/games/' . (int) $getid['games_id'] . '.gif');
}
cs_redirect($cs_lang['create_done'], 'games');
}
$data['url']['form'] = cs_url('games', 'create');
$data['games']['name'] = $games_name;
$data['games']['version'] = $games_version;
$data['games']['genre'] = cs_categories_dropdown('games', $categories_id);
$data['games']['release'] = cs_dateselect('datum', 'date', $games_release);
$data['games']['creator'] = $games_creator;
$errormsg .= $cs_lang['user_event_exists'] . cs_html_br(1);
}
} elseif (!empty($data['eventguests']['eventguests_name']) or !empty($data['eventguests']['eventguests_surname'])) {
if (!empty($events_options['req_fullname']) and (empty($data['eventguests']['eventguests_name']) or empty($data['eventguests']['eventguests_surname']))) {
$errormsg .= $cs_lang['err_name'] . cs_html_br(1);
}
if (!empty($events_options['req_fulladress']) and empty($data['eventguests']['eventguests_residence'])) {
$errormsg .= $cs_lang['err_adress'] . cs_html_br(1);
}
if (!empty($events_options['req_phone']) and strlen(trim($data['eventguests']['eventguests_phone'])) < 5) {
$errormsg .= $cs_lang['err_phone'] . cs_html_br(1);
}
if (!empty($events_options['req_mobile']) and strlen(trim($data['eventguests']['eventguests_mobile'])) < 8) {
$errormsg .= $cs_lang['err_mobile'] . cs_html_br(1);
}
$where = "events_id = '" . $data['eventguests']['events_id'] . "' AND eventguests_name = '" . cs_sql_escape($data['eventguests']['eventguests_name']) . "' AND eventguests_surname = '" . cs_sql_escape($data['eventguests']['eventguests_surname']) . "'";
$search_collision = cs_sql_count(__FILE__, 'eventguests', $where);
if (!empty($search_collision)) {
$errormsg .= $cs_lang['name_event_exists'] . cs_html_br(1);
}
} else {
$errormsg = $cs_lang['new_guest_info'];
}
}
if (!empty($errormsg)) {
$data['head']['info'] = $errormsg;
}
if (!empty($errormsg) or !isset($_POST['submit'])) {
$data['url']['form'] = cs_url('events', 'guestsnew');
$data['events']['time'] = cs_date('unix', $data['events']['events_time'], 1);
$data['users']['nick'] = cs_secure($users_nick);
$cs_lap = cs_html_img('symbols/gallery/nowatermark.gif', '100', '100');
$more = 'id=' . $id . '&cat_id=' . $z[$run]['folders_id'];
$more .= '&move=' . $z[$run]['move'];
$vote[$run]['link'] = cs_link($cs_lap, 'usersgallery', 'com_view', $more);
}
$data['vote'] = !empty($vote) ? $vote : '';
}
}
$vote_1['0']['vote'] = empty($data['vote']) ? '' : '1';
$data['vote_1'] = !empty($vote_1['0']['vote']) ? $vote_1 : '';
} else {
$from = 'usersgallery';
$select = 'usersgallery_time, usersgallery_name, usersgallery_titel, usersgallery_download, ';
$select .= 'usersgallery_description, usersgallery_id, usersgallery_vote, usersgallery_count, folders_id';
$where = "usersgallery_status = 1 AND usersgallery_access <= '" . $access_id . "'";
$where .= " AND folders_id = '" . cs_sql_escape($cat_id) . "'";
switch ($options['list_sort']) {
case 0:
$order = 'usersgallery_id DESC';
break;
case 1:
$order = 'usersgallery_id ASC';
break;
}
$cs_gallery = cs_sql_select(__FILE__, $from, $select, $where, $order, $start, $account['users_limit']);
$gallery_loop = count($cs_gallery);
$gallery_count = cs_sql_count(__FILE__, 'usersgallery', $where);
$from = 'folders';
$select = 'folders_id, sub_id, folders_name, folders_picture, folders_text';
$where = "folders_mod = 'usersgallery' AND folders_id = '" . $cat_id . "'";
$folders_current = cs_sql_select(__FILE__, $from, $select, $where);
$cs_gbook['gbook_jabber'] = $_POST['gbook_jabber'];
$cs_gbook['gbook_skype'] = $_POST['gbook_skype'];
$cs_gbook['gbook_town'] = $_POST['gbook_town'];
$cs_gbook['gbook_url'] = $_POST['gbook_url'];
//check nick if exists or empty
if (!empty($cs_gbook['gbook_nick'])) {
$exists_user = cs_sql_select(__FILE__, 'users', 'users_nick', "users_nick = '" . cs_sql_escape($cs_gbook['gbook_nick']) . "'");
if (!empty($exists_user)) {
$error .= $cs_lang['error_exist_nick'] . cs_html_br(1);
}
} else {
$error .= $cs_lang['error_nick'] . cs_html_br(1);
}
//check email if exists, chars or empty
if (!empty($cs_gbook['gbook_email'])) {
$exists_user = cs_sql_select(__FILE__, 'users', 'users_email', "users_email = '" . cs_sql_escape($_POST['gbook_email']) . "'");
if (!empty($exists_user)) {
$error .= $cs_lang['error_exist_email'] . cs_html_br(1);
}
$pattern = "/^[0-9a-zA-Z._\\-]+@[0-9a-zA-Z._\\-]{2,}\\.[a-zA-Z]{2,4}\$/";
if (!preg_match($pattern, $cs_gbook['gbook_email'])) {
$error .= $cs_lang['error_email'] . cs_html_br(1);
}
} else {
$error .= $cs_lang['error_email'] . cs_html_br(1);
}
//check jabber
if (!empty($cs_gbook['gbook_jabber'])) {
$pattern = "/^[0-9a-zA-Z._\\-]+@[0-9a-zA-Z._\\-]{2,}\\.[a-zA-Z]{2,4}\$/";
if (!preg_match($pattern, $cs_gbook['gbook_jabber'])) {
$error .= $cs_lang['error_jabber'] . cs_html_br(1);
}
}
if (isset($_POST['submit_1'])) {
$post_count = count($_POST);
$post_count = $post_count - '1';
$cs_gallery_pic['folders_id'] = empty($_POST['folders_name']) ? $_POST['folders_id'] : make_folders_create('gallery', $_POST['folders_name']);
$cs_gallery_option = cs_sql_option(__FILE__, 'gallery');
$img_max['thumbs'] = $cs_gallery_option['thumbs'];
for ($run = 0; $run < $post_count; $run++) {
if (!empty($_POST['status_' . $run])) {
$name = $_POST['name_' . $run];
if (!extension_loaded('gd')) {
die(cs_error_internal(0, 'GD extension not installed.'));
}
if (cs_resample('uploads/gallery/pics/' . $name, 'uploads/gallery/thumbs/' . 'Thumb_' . $name, $img_max['thumbs'], $img_max['thumbs'])) {
$where = "gallery_name = '" . cs_sql_escape($name) . "'";
$search = cs_sql_count(__FILE__, 'gallery', $where);
if (empty($search)) {
$cs_gallery_pic['users_id'] = $account['users_id'];
$cs_gallery_pic['gallery_name'] = $name;
$cs_gallery_pic['gallery_status'] = isset($_POST['gallery_status']) ? $_POST['gallery_status'] : 0;
$cs_gallery_pic['gallery_access'] = isset($_POST['gallery_access']) ? $_POST['gallery_access'] : 0;
$cs_gallery_pic['gallery_watermark'] = $_POST['gallery_watermark'];
if (!empty($_POST['gallery_watermark'])) {
$watermark_pos = $_POST['watermark_pos'];
$watermark_trans = $_POST['gallery_watermark_trans'];
$cs_gallery_pic['gallery_watermark_pos'] = $watermark_pos . '|--@--|' . $watermark_trans;
}
$extension = strlen(strrchr($name, "."));
$file = strlen($name);
$filename = substr($name, 0, $file - $extension);
} elseif (!empty($error)) {
$data['head']['body'] = $error;
}
if (!empty($error) or !isset($_POST['submit'])) {
$data['linkus'] = $cs_linkus;
$matches[1] = $cs_lang['pic_infos'];
$return_types = '';
foreach ($img_filetypes as $add => $value) {
$return_types .= empty($return_types) ? $add : ', ' . $add;
}
$matches[2] = $cs_lang['max_width'] . $img_max['width'] . ' px' . cs_html_br(1);
$matches[2] .= $cs_lang['max_height'] . $img_max['height'] . ' px' . cs_html_br(1);
$matches[2] .= $cs_lang['max_size'] . cs_filesize($img_max['size']) . cs_html_br(1);
$matches[2] .= $cs_lang['filetypes'] . $return_types;
$data['linkus']['picup_clip'] = cs_abcode_clip($matches);
echo cs_subtemplate(__FILE__, $data, 'linkus', 'create');
} else {
$linkus_cells = array_keys($cs_linkus);
$linkus_save = array_values($cs_linkus);
cs_sql_insert(__FILE__, 'linkus', $linkus_cells, $linkus_save);
if (!empty($files_gl['symbol']['tmp_name'])) {
$where = "linkus_name = '" . cs_sql_escape($cs_linkus['linkus_name']) . "'";
$getid = cs_sql_select(__FILE__, 'linkus', 'linkus_id', $where);
$filename = $getid['linkus_id'] . '.' . $extension;
cs_upload('linkus', $filename, $files_gl['symbol']['tmp_name']);
}
$linkus_cells = array('linkus_banner');
$linkus_save = array($filename);
cs_sql_update(__FILE__, 'linkus', $linkus_cells, $linkus_save, $getid['linkus_id']);
cs_redirect($cs_lang['create_done'], 'linkus');
}
}
$error = 0;
$errormsg = '';
$nick2 = str_replace(' ', '', $cs_user['users_nick']);
$nickchars = strlen($nick2);
if ($nickchars < $op_users['min_letters']) {
$error++;
$errormsg .= sprintf($cs_lang['short_nick'], $op_users['min_letters']) . cs_html_br(1);
}
$where = "users_nick = '" . cs_sql_escape($cs_user['users_nick']) . "' AND users_id != ";
$search_nick = cs_sql_count(__FILE__, 'users', $where . $account['users_id']);
if (!empty($search_nick)) {
$error++;
$errormsg .= $cs_lang['nick_exists'] . cs_html_br(1);
}
$where = "users_email = '" . cs_sql_escape($cs_user['users_email']) . "' AND users_id != ";
$search_email = cs_sql_count(__FILE__, 'users', $where . $account['users_id']);
if (!empty($search_email)) {
$error++;
$errormsg .= $cs_lang['email_exists'] . cs_html_br(1);
}
$pattern = "=^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@([0-9a-z](-?[0-9a-z])*\\.)+[a-z]{2}([zmuvtg]|fo|me)?\$=i";
if (!preg_match($pattern, $cs_user['users_email'])) {
$error++;
$errormsg .= $cs_lang['email_false'] . cs_html_br(1);
}
include_once 'mods/contact/trashmail.php';
if (cs_trashmail($cs_user['users_email'])) {
$error++;
$errormsg .= $cs_lang['email_false'] . cs_html_br(1);
}
if (!empty($where)) {
$where = $where . ' OR ';
}
$z = cs_substr($temp[$run], 6);
$where .= "squ.squads_name = '" . cs_sql_escape(str_replace('Squad:', '', $temp[$run])) . "'";
} elseif ($b == 'Clan:') {
if (!empty($where)) {
$where = $where . ' OR ';
}
$z = cs_substr($temp[$run], 5);
$where .= "cla.clans_name = '" . cs_sql_escape(str_replace('Clan:', '', $temp[$run])) . "'";
} else {
if (!empty($where)) {
$where .= ' OR ';
}
$where .= "usr.users_nick = '" . cs_sql_escape($temp[$run]) . "'";
$z = $temp[$run];
}
}
$from = 'users usr LEFT JOIN {pre}_members mem ON usr.users_id = mem.users_id ';
$from .= 'LEFT JOIN {pre}_squads squ ON mem.squads_id = squ.squads_id ';
$from .= 'LEFT JOIN {pre}_clans cla ON squ.clans_id = cla.clans_id';
$select = 'usr.users_id AS users_id, usr.users_nick AS users_nick, usr.users_email AS users_email';
$order = '';
$cs_messages = cs_sql_select(__FILE__, $from, $select, $where, 0, 0, 0);
$cs_messages_loop = count($cs_messages);
if (empty($cs_messages_loop) or empty($where)) {
$messages_error++;
$errormsg .= $cs_lang['error_to'] . cs_html_br(1);
$error_to = '1';
} else {