AdminMessage($lang['adm_err_denied']); } $template = gettemplate('admin/planet_compensate', true); $galaxy_src = sys_get_param_int('galaxy_src'); $system_src = sys_get_param_int('system_src'); $planet_src = sys_get_param_int('planet_src'); $galaxy_dst = sys_get_param_int('galaxy_dst'); $system_dst = sys_get_param_int('system_dst'); $planet_dst = sys_get_param_int('planet_dst'); $bonus = sys_get_param_float('bonus', 1); $username_unsafe = sys_get_param_str_unsafe('username'); $username = sys_get_param_escaped('username'); if ($galaxy_src) { sn_db_transaction_start(); $errors = array(); $owner = db_user_by_username($username_unsafe, false, '*', true, true); $planet = sys_o_get_updated($owner, array('galaxy' => $galaxy_src, 'system' => $system_src, 'planet' => $planet_src, 'planet_type' => 1), SN_TIME_NOW); $que = $planet['que']; $planet = $planet['planet']; if (!$planet) { $errors[] = $lang['adm_pl_comp_err_0']; } if ($planet['destruyed']) { $errors[] = $lang['adm_pl_comp_err_1']; } if ($planet['id_owner'] != $owner['id'] || !$username) { $errors[] = $lang['adm_pl_comp_err_4']; } $destination = sys_o_get_updated($owner, array('galaxy' => $galaxy_dst, 'system' => $system_dst, 'planet' => $planet_dst, 'planet_type' => 1), SN_TIME_NOW); $destination = $destination['planet']; if (!$destination) {
* @version 1.1 - (c) Copyright by Gorlum for http://supernova.ws * @version 1.0 - copyright 2008 by Chlorel for XNova * */ define('INSIDE', true); define('INSTALL', false); define('IN_ADMIN', true); require '../common.' . substr(strrchr(__FILE__, '.'), 1); if ($user['authlevel'] < 1) { AdminMessage($lang['adm_err_denied']); } $mode = sys_get_param_str('mode', 'banit'); $name_unsafe = sys_get_param_str_unsafe('name'); $name_output = sys_safe_output($name_unsafe); $action = sys_get_param_str('action'); $player_banned_row = db_user_by_username($name_unsafe); if ($mode == 'banit' && $action) { if ($player_banned_row) { $reas = $_POST['why']; $days = $_POST['days']; $hour = $_POST['hour']; $mins = $_POST['mins']; $secs = $_POST['secs']; // $isVacation = $_POST['isVacation']; $BanTime = $days * 86400; $BanTime += $hour * 3600; $BanTime += $mins * 60; $BanTime += $secs; // $BannedUntil = SN_TIME_NOW + $BanTime; sys_admin_player_ban($user, $player_banned_row, $BanTime, $is_vacation = sys_get_param_int('isVacation'), sys_get_param_str('why')); $DoneMessage = "{$lang['adm_bn_thpl']} {$name_output} {$lang['adm_bn_isbn']}";
$parse['adm_sub_form3'] .= "<tr><td colspan=\"4\" class=\"c\">".$lang['adm_technos']."</td></tr>"; foreach(sn_get_groups('tech') as $Item) { $parse['adm_sub_form3'] .= "<tr><th>".$lang['tech'][$Item]."</th>"; $parse['adm_sub_form3'] .= "<th>".$SelUser[get_unit_param($Item, P_NAME)]."</th></tr>"; } $parse['adm_sub_form3'] .= "</tbody></table>"; */ break; case 'usr_level': # only for admins if ($user['authlevel'] < 3 || $NewLevel >= $user['authlevel']) { message($lang['sys_noalloaw'], $lang['sys_noaccess']); die; } $selected_user = db_user_by_username($Pattern, false, 'id'); $QryUpdate = db_user_set_by_id($selected_user['id'], "`authlevel` = '{$NewLvl}'"); $Message = $lang['adm_mess_lvl1'] . " " . $Pattern . " " . $lang['adm_mess_lvl2']; $Message .= "<font color=\"red\">" . $lang['adm_usr_level'][$NewLvl] . "</font>!"; AdminMessage($Message, $lang['adm_mod_level']); break; case 'ip_search': $bloc = $lang; $bloc['adm_this_ip'] = $ip; $SelUser = db_user_list("`user_lastip` = '{$ip}'"); //while ( $Usr = db_fetch($SelUser) ) { foreach ($SelUser as $Usr) { $UsrMain = db_planet_by_id($Usr['id_planet'], false, 'name'); $bloc['adm_plyer_lst'] .= "<tr><th>" . $Usr['username'] . "</th><th>[" . $Usr['galaxy'] . ":" . $Usr['system'] . ":" . $Usr['planet'] . "] " . $UsrMain['name'] . "</th></tr>"; } $SubPanelTPL = gettemplate('admin/admin_panel_asw2');
throw new exception('buddy_err_delete_own', ERR_NONE); } elseif ($buddy_row['BUDDY_STATUS'] == BUDDY_REQUEST_WAITING) { msg_send_simple_message($buddy_row['BUDDY_SENDER_ID'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_deny_title'], sprintf($lang['buddy_msg_deny_text'], $user['username'])); doquery("UPDATE {{buddy}} SET `BUDDY_STATUS` = " . BUDDY_REQUEST_DENIED . " WHERE `BUDDY_ID` = {$buddy_id} LIMIT 1;"); sn_db_transaction_commit(); throw new exception('buddy_err_deny_none', ERR_NONE); } break; } } // New request? // Checking for user ID - in case if it was request from outside buddy system if ($new_friend_id = sys_get_param_id('request_user_id')) { $new_friend_row = db_user_by_id($new_friend_id, true, '`id`, `username`'); } elseif ($new_friend_name = sys_get_param_str_unsafe('request_user_name')) { $new_friend_row = db_user_by_username($new_friend_name, true, '`id`, `username`'); $new_friend_name = db_escape($new_friend_name); } if ($new_friend_row['id'] == $user['id']) { unset($new_friend_row); throw new exception('buddy_err_adding_self', ERR_ERROR); } // Checking for user name & request text - in case if it was request to adding new request if (isset($new_friend_row['id']) && ($new_request_text = sys_get_param_str('request_text'))) { $check_relation = doquery("SELECT `BUDDY_ID` FROM {{buddy}} WHERE\n (`BUDDY_SENDER_ID` = {$user['id']} AND `BUDDY_OWNER_ID` = {$new_friend_row['id']})\n OR\n (`BUDDY_SENDER_ID` = {$new_friend_row['id']} AND `BUDDY_OWNER_ID` = {$user['id']})\n LIMIT 1 FOR UPDATE;", true); if (isset($check_relation['BUDDY_ID'])) { throw new exception('buddy_err_adding_exists', ERR_WARNING); } msg_send_simple_message($new_friend_row['id'], $user['id'], SN_TIME_NOW, MSG_TYPE_PLAYER, $user['username'], $lang['buddy_msg_adding_title'], sprintf($lang['buddy_msg_adding_text'], $user['username'])); doquery($q = "INSERT INTO {{buddy}} SET `BUDDY_SENDER_ID` = {$user['id']}, `BUDDY_OWNER_ID` = {$new_friend_row['id']}, `BUDDY_REQUEST` = '{$new_request_text}';"); sn_db_transaction_commit();
*/ include 'common.' . substr(strrchr(__FILE__, '.'), 1); lng_include('messages'); $mode = sys_get_param_str('msg_delete') ? 'delete' : sys_get_param_str('mode'); $current_class = sys_get_param_int('message_class'); if (!isset($sn_message_class_list[$current_class])) { $current_class = 0; $mode = ''; } switch ($mode) { case 'write': $error_list = array(); $template = gettemplate('msg_message_compose', true); $recipient_name = sys_get_param_str_unsafe('recipient_name'); if ($recipient_name) { $recipient_row = db_user_by_username($recipient_name); } if (!$recipient_row) { $recipient_id = sys_get_param_id('id'); $recipient_row = db_user_by_id($recipient_id); if (!$recipient_row) { $recipient_id = 0; } } if ($recipient_row) { $recipient_id = $recipient_row['id']; $recipient_name = $recipient_row['username']; } if ($recipient_id == $user['id']) { $error_list[] = array('MESSAGE' => $lang['msg_err_self_send'], 'STATUS' => ERR_ERROR); }
require '../common.' . substr(strrchr(__FILE__, '.'), 1); if (!sn_module_get_active_count('payment')) { sys_redirect(SN_ROOT_VIRTUAL . 'admin/overview.php'); } if ($user['authlevel'] < 3) { AdminMessage($lang['adm_err_denied']); } $template = gettemplate("admin/adm_metamatter", true); $message = ''; $message_status = ERR_ERROR; if ($points = sys_get_param_float('points')) { // If points not empty... if ($username = sys_get_param_str_unsafe('id_user')) { $row = db_user_by_id($username, false, 'id, username', true, true); if (!isset($row['id'])) { $row = db_user_by_username($username, false, 'id, username', true, true); } if (is_array($row) && isset($row['id'])) { // Does anything post to DB? if (mm_points_change($row['id'], RPG_ADMIN, $points, sprintf($lang['adm_matter_change_log_record'], $row['id'], db_escape($row['username']), $user['id'], db_escape($user['username']), db_escape(sys_get_param_str('reason'))))) { $message = sprintf($lang['adm_mm_user_added'], $row['username'], $row['id'], $points); $isNoError = true; $message_status = ERR_NONE; } else { // No? We will say it to user... $message = $lang['adm_mm_add_err']; } } } else { // Points not empty but destination is not set - this means error $message = $lang['adm_mm_no_dest'];
function sn_db_user_by_username_security($username_unsafe, &$result) { return $result = db_user_by_username($username_unsafe); }