function section_dismissteam()
{
require_once 'lib/common.php';
$id = addslashes($_GET['id']);
$f_ok_x = $_GET['f_ok_x'];
$f_no_x = $_GET['f_no_x'];
$link = $_GET['link'];
// Check permission
$allowed = 0;
$obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed \n from l_team where id={$id}"));
if (!$obj || $obj->status == 'deleted') {
echo '<BR><CENTER>Team already deleted!<BR>';
return;
}
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
// Admin or team leader, allowed
$allowed = 1;
} else {
// Check password
$cypher = crypt($f_password, substr($obj->password, 0, 2));
if ($cypher == $obj->password) {
// Good password, allowed
$allowed = 1;
}
}
if (!$allowed) {
echo "<center>Sorry, you don't have the permission to dismiss the <a href=\"index.php?link=teaminfo&id=" . $id . "\">" . $obj->name . "</a> team.</center>";
} else {
if ($f_ok_x) {
deleteTeam($id);
echo "Team dismissed";
} else {
if ($f_no_x) {
echo "<center>Phew, the <a href=\"index.php?link=teaminfo&id=" . $id . "\">" . $obj->name . "</a> team is still alive!</center>";
} else {
echo "<center>Do you really want to dismiss the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team?";
echo "<form method=get>\n <input type=hidden name=link value='{$link}'>\n <input type=hidden name=id value={$id}><br>\n " . htmlFormButton('Yes', 'f_ok_x') . "\n \n " . htmlFormButton('No', 'f_no_x', CLRBUT) . "\n </form>";
}
}
}
}
function section_createteam()
{
$vars = array('f_ok_x', 'f_name', 'f_logo', 'f_password', 'f_password2');
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
${$var} = stripslashes(${$var});
}
$error = 1;
if ($f_ok_x) {
$error = 0;
// Check fields
// Check team name
if ($f_name == "") {
$error = 1;
echo "<div class=error>Team name must not be empty</div>";
} else {
// Check unicity
$row = mysql_fetch_object(mysql_query("select id, status from l_team where name='" . addslashes($f_name) . "'"));
if ($row) {
$error = 1;
if ($row->status == 'deleted') {
echo "<div class=error><BR><CENTER>This team previously existed, but was deleted. \n If you need to revive this team name, contact a site administrator.";
} else {
echo "<div class=error><BR><CENTER>This team name already exists</div>.";
}
}
}
// Check logo
//$msg = checkLogoSize($f_logo); - empty function
$msg = '';
if ($msg != '') {
$error = 1;
echo "<div class=error>{$msg}</div>";
}
// Check admin password
if ($f_password != $f_password2) {
$error = 1;
echo "<div class=error>The passwords don't match</div>";
} else {
if ($f_password == "") {
$error = 1;
echo "<div class=error>The admin password must not be empty</div>";
} else {
$cypher = crypt($f_password);
}
}
}
if ($error) {
echo '<form method=post>' . SID_FORM . '<table align=center border=0 cellspacing=0 cellpadding=1>
<tr><td>Team name:</td><td><input type=text size=32 maxlength=32 name=f_name value="' . $f_name . '"></td></tr>
<tr><td colspan=2><hr></td></tr>
<tr><td>Admin password:</td><td><input type=password size=8 maxlength=8 name=f_password value="' . $f_password . '"></td></tr>
<tr><td>Verify:</td><td><input type=password size=8 maxlength=8 name=f_password2 value="' . $f_password2 . '"></td></tr>
<tr><td colspan=2><hr></td></tr>
<tr><td>Optional team logo URL (400x300 max!):</td><td><input type=text size=40 maxlength=200 name=f_logo value="' . $f_logo . '"></td></tr>
<tr><td colspan=2><hr></td></tr>
<tr><td colspan=2>Optional (but recommended) description:<br><textarea cols=50 rows=6 name=f_comment>' . $f_comment . '</textarea></td></tr>
<tr><td colspan=2><hr></td></tr>
<tr><td colspan=2 align=center>
<TABLE><TR><TD>' . htmlFormButton('Submit', 'f_ok_x') . '</td><TD width=10></td><TD> ' . htmlURLButton('Cancel', 'teams', null, CLRBUT) . '</td></tr></table>
</td></tr></table></form>';
} else {
// Insert data into table
mysql_query("insert into l_team (id, name, comment, leader, logo, status, score, password, adminclosed, created) \n values(0, '" . addSlashes($f_name) . "', '" . addSlashes($f_comment) . "', " . $_SESSION['playerid'] . ", \n '" . addSlashes($f_logo) . "', 'opened', 1200, '" . $cypher . "', 'no', NOW())");
// Update me so I belong to my team
mysql_query("update l_player set team=" . mysql_insert_id() . " where id=" . $_SESSION['playerid']);
session_refresh();
mysql_query("update l_team set status='opened' where id=" . $_SESSION['teamid']);
echo '<center>Thank you, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a>, for creating the brand new <a href="index.php?link=teaminfo&id=' . $_SESSION['teamid'] . '&' . SID . '">' . $f_name . '</a> team.<br>
<br>We hope that your team will show courage on the battlefield ;-)</center>';
}
}
function section_banplayer()
{
require_once 'lib/common.php';
$playerid = $_GET['playerid'];
$teamid = $_GET['teamid'];
$f_okban_x = $_GET['f_okban_x'];
$f_ok_x = $_GET['f_ok_x'];
$callsign = $_GET['callsign'];
$name = $_GET['name'];
$link = $_GET['link'];
$player = mysql_fetch_object(mysql_query("select callsign from l_player where id=" . $playerid));
$team = mysql_fetch_object(mysql_query("select name from l_team where id=" . $teamid));
// FIXME: Ok, for now I ignore that players with teampassword can ban other
// players. This is just a quick fix, before there was NO checks WHATSOEVER
// if the operation was allowed
// Check permission
$allowed = 0;
$obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $teamid));
$res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid));
$numplayer = $res->num;
if (isFuncAllowed('teamadmin::edit_any_team') || $_SESSION['playerid'] == $obj->leader) {
// Admin or team leader, allowed
$allowed = 1;
} else {
// FIXME: This wont work, as the link does not contain the teampassword.
/*
// Check password
$cypher = substr (crypt($f_password, substr($obj->password, 0, 2)), 0, 13);
if($cypher == $obj->password) {
// Good password, allowed
$allowed = 1;
}
*/
errorPage("Permission denied.");
return;
}
if ($f_okban_x) {
// Ban confirmed
// Open team is not administratively closed, or if num players<3
$pl = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $teamid));
if ($pl->num == 3) {
mysql_query("update l_team set status='opened' where id=" . $teamid);
} else {
mysql_query("update l_team set status='opened' where adminclosed='no' and id=" . $teamid);
}
mysql_query("update l_player set team=0 where id=" . $playerid);
echo '<center>Well <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '">' . $_SESSION['callsign'] . '</a>,
<a href="index.php?link=playerinfo&id=' . $playerid . '">' . $callsign . '</a>
is no longer a member of the team
<a href="index.php?link=teaminfo&id=' . $teamid . '">' . $name . '</a>';
//TODO: reload of page sends multiple messages ... ?
echo '<br>A message has just been sent to the user.</center>';
sendBzMail(0, $playerid, 'You have been released!', 'Sorry, but ' . $_SESSION['callsign'] . ' released you from the ' . $team->name . ' team<br>');
} else {
if (!$f_ok_x) {
// Someone is playing with the headers
echo "<center>Hey! Please stop playing with your browser!</center>";
} else {
echo '<center>Please confirm that you want to ban <a href="index.php?link=playerinfo&id=' . $playerid . '&' . SID . '">' . $player->callsign . '</a>
from the team <a href="index.php?link=teaminfo&id=' . $teamid . '&' . SID . '">' . $team->name . '</a>.</center>';
echo '<center><BR><form method=GET>' . SID_FORM . '
<input type=hidden name=link value=' . $link . '>
<input type=hidden name=playerid value=' . $playerid . '>
<input type=hidden name=teamid value=' . $teamid . '>
<input type=hidden name=callsign value="' . $player->callsign . '">
<input type=hidden name=name value="' . $team->name . '">' . '<table border=0><TR><TD>' . htmlFormButton(' BAN ', 'f_okban_x') . ' </td><TD> ' . htmlURLbutton('Cancel', 'teaminfo', "id={$teamid}", CLRBUT) . '
</td></tr></table>
</form></center>';
}
}
}
function section_entermatch_editForm($mid, $teama, $teamb, $scorea, $scoreb, $dte, $tme, $mlen)
{
// enter form follows ....
echo "<center><TABLE width=200><TR><TD align=center>\n <TABLE cellpadding=5><TR><TD align=center>TEAM</td><TD>Score</td></tr>\n <form method=post action=\"index.php\"><TR><TD>\n <input type=hidden name=link value=editmatch>\n <input type=hidden name=state value=1>\n <input type=hidden name=mid value={$mid}>";
echo snFormInit();
section_entermatch_htmlTeamSelect('teama', $teama);
echo "</td><TD><input size=3 maxlength=3 value=\"{$scorea}\" name=scorea></td></tr><TR><TD>";
section_entermatch_htmlTeamSelect("teamb", $teamb);
echo "</td><TD><input size=3 maxlength=3 value=\"{$scoreb}\" name=scoreb></td></tr></table>";
if ($dte == '') {
$dte = gmdate('Y-m-d');
}
if ($tme == '') {
$tme = gmdate('H:i:s');
}
echo "<BR><HR>\n <TABLE><TR><TD align=right>\n <nobr>DATE: <input type=text name=dte size=10 maxlength=10 value=\"{$dte}\"></nobr>\n <p>\n <nobr>TIME: <input type=text name=tme size=10 maxlength=8 value=\"{$tme}\"></nobr>\n </td><TD> </td><TD valign=top><nobr>Actual date/time of match (GMT).</nobr><BR>Chronological ";
$mlens = section_entermatch_durations();
if (count($mlens) == 1) {
print "<input type=hidden name=mlen value=" . $mlens[0] . ">";
} else {
print "<p> <nobr>LENGTH: ";
print "<select name=\"mlen\">";
foreach ($mlens as $duration) {
htmlOption($duration, "{$duration} mins", $mlen);
}
print "</select>";
}
echo "</td><TD> </td><TD valign=top><nobr>Actual date/time of match (GMT).</nobr><BR>Chronological \n order of matches can affect team rankings!";
echo '</td></tr></table><TR><TD align=center><HR><TABLE align=center><TR><TD>';
if ($mid) {
echo htmlFormButton(' EDIT ', '') . '</td>';
if (isFuncAllowed('delete_match')) {
echo '<TD width=8></td><TD>' . htmlFormButton('DELETE', 'del') . '</td>';
}
} else {
echo htmlFormButton('Enter', '') . '</td>';
}
echo '<TD width=8></td><TD>' . htmlFormReset('Reset') . '
</td></tr></table></form>
</td></tr></table><p><p>';
}
function section_teaminfo()
{
require_once 'lib/common.php';
$s_teamid = $_SESSION['teamid'];
$s_logedin = isAuthenticated();
$s_level = $_SESSION['level'];
$s_playerid = $_SESSION['playerid'];
$id = addslashes($_GET['id']);
$res = mysql_query("SELECT name, comment, leader, logo, status, score, \n unix_timestamp(status_changed) as status_changed, unix_timestamp(created) as ucreated\n FROM l_team WHERE id='{$id}'");
$team = mysql_fetch_object($res);
if (!$team) {
echo '<BR><CENTER>Specified team does not exist<BR>';
return;
}
echo '<TABLE align=center><TR><TD>' . htmlURLbutton('Opponent summary', 'oppsumm', "id={$id}") . '</td>';
// Join this team if opened, and if we are logged and not belonging to any team
if ($s_logedin && !$s_teamid && $members < 20 && $team->status == "opened") {
echo '<TD>' . htmlURLbutton('Join Team', 'jointhisteam', "id={$id}") . '</td>';
}
// Send a message to all the team members
if ($s_logedin && $team->status != 'deleted') {
echo '<TD>' . htmlURLbutton('Send BZmessage', 'sendmessage', "tid={$id}") . '</td>';
}
echo '</tr></table>';
if ($team->status == 'deleted') {
echo '<div class=feedback>';
if ($team->status_changed) {
echo "<br><center>This team was deleted on " . gmdate('Y-m-d', $team->status_changed) . "</center>";
} else {
echo "<br><center>This team is deleted.</center>";
}
echo '</div>';
}
echo '<BR><table align=center border=0 cellspacing=0 cellpadding=1>
<tr><td class=teamName align=center>' . $team->name . '<BR></td></tr>';
// Logo if any
if ($team->logo != "") {
echo '<tr><td align=center>
<table><TR><TD bgcolor=white><img src="' . $team->logo . '"></td></tr></table>
<hr></td></tr>';
}
// Ratings
$act45 = teamActivity($id, 45);
$act90 = teamActivity($id, 90);
echo '<tr><td> <TABLE align=center>
<TR><TD width=50% align=right>Created:</td><td width=10></td><td width=50%>' . gmdate('Y-m-d', $team->ucreated) . '</td></tr>
<TR><TD align=right>Rating:</td><td></td><td>' . displayRating($id) . '</td></tr>
<TR><TD align=right>Activity:</td><TD></td><td>' . sprintf('%1.2f / %1.2f', $act45, $act90) . '</td></tr>
<TR><TD colspan=3 align=center> Average number of games played per day<BR>
<NOBR>(exponential moving average over last 45 / 90 days)</nobr></td></tr>';
echo '</td></td></table></td></tr>';
// Matches statistics
$sta1 = mysql_fetch_object(mysql_query("select ifnull(sum(if(score1>score2,1,0)),0) win,\n ifnull(sum(if(score1=score2,1,0)),0) draw,\n ifnull(sum(if(score1<score2,1,0)),0) loss\n from " . TBL_MATCH . " where team1={$id}"));
$sta2 = mysql_fetch_object(mysql_query("select ifnull(sum(if(score2>score1,1,0)),0) win,\n ifnull(sum(if(score2=score1,1,0)),0) draw,\n ifnull(sum(if(score2<score1,1,0)),0) loss\n from " . TBL_MATCH . " where team2={$id}"));
$win = $sta1->win + $sta2->win;
$draw = $sta1->draw + $sta2->draw;
$loss = $sta1->loss + $sta2->loss;
echo "<tr><td align=center><hr>\n <table border=0 cellspacing=0 cellpadding=0 align=center><tr>\n <td align=center>Wins</td><td align=center> Draws </td><td align=center>Losses</td></tr><tr>\n <td align=center>{$win}</td><td align=center>{$draw}</td><td align=center>{$loss}</td>\n </tr></table>\n <hr></td></tr>";
// Comment if any
if ($team->comment != "") {
echo '<tr><td><ul>' . nl2br($team->comment) . '</ul><hr></td></tr>';
}
// Players list
$i = 0;
if (SHOW_PLAYER_ACTIVE > 0) {
$activeDays = SHOW_PLAYER_ACTIVE;
} else {
$activeDays = 0;
}
$res = mysql_query("select id, callsign, comment, status, C.flagname, \n last_login > subdate(now(), INTERVAL {$activeDays} DAY) as active\n from l_player\n left join bzl_countries C on country = C.numcode\n where team=" . $id . "\n order by active desc,callsign");
$members = 0;
echo '<TR><TD><table border=0 cellspacing=0 cellpadding=0 align=center>';
while ($obj = mysql_fetch_object($res)) {
$members++;
if (++$i & 1) {
$cl = "rowEven";
} else {
$cl = "rowOdd";
}
echo "<tr class='{$cl}' valign=middle>";
echo "<TD align=right><a href='index.php?link=playerinfo&id={$obj->id}'>{$obj->callsign}</a></td><TD>";
if ($obj->id == $team->leader) {
echo ' <img TITLE="Team Leader" src="' . THEME_DIR . 'leader.gif">';
}
echo '</td><TD>';
if ($obj->active) {
echo ' <img TITLE="Active player (has logged into this site recently)" src="' . THEME_DIR . 'active.gif">';
}
echo '</td><TD width=10></td>';
echo '<TD>' . smallflag($obj->flagname) . '</td>';
if ($s_logedin && (isFuncAllowed('teamadmin::edit_any_team') || $s_playerid == $team->leader)) {
if ($obj->id != $team->leader) {
// Link to ban a player from a team
echo '<td align=center>' . htmlURLbutSmall('BAN', 'banplayer', "playerid={$obj->id}&teamid={$id}&f_ok_x=2", ADMBUT) . '</form></td></tr>';
} else {
echo '<td> </td></tr>';
}
} else {
echo '<td> </td></tr>';
}
echo "\n";
}
echo '</td></tr></table>';
// Show last fights
$sql = "SELECT t1.id, t1.name, f.score1, t2.id, t2.name, f.score2, f.tsactual, unix_timestamp(f.tsactual) tstamp_ts \n" . "FROM " . TBL_MATCH . " f, l_team t1, l_team t2 " . "WHERE (f.team1 = '{$id}' OR f.team2 = '{$id}') " . " AND f.team1 = t1.id " . " AND f.team2 = t2.id " . "ORDER BY f.tsactual DESC " . "LIMIT 11 ";
$res = sqlQuery($sql);
$tmp = '';
$count = 0;
while ($row = mysql_fetch_array($res)) {
$count++;
if ($count < 11) {
if (isset($_SESSION['last_login']) && $_SESSION['last_login'] < $row[7]) {
$new1 = "<font color=\"red\">";
$new2 = "</font>";
} else {
$new1 = '';
$new2 = '';
}
if ($count % 2) {
$cl = "rowEven";
} else {
$cl = "rowOdd";
}
$tmp .= "<tr class=\"{$cl}\">";
$tmp .= '<td align="right">' . $new1 . $row[6] . $new2 . '</td>';
if ($row[0] != $id) {
$oppid = $row[0];
$oppname = stripslashes($row[1]);
$oppscore = $row[2];
$teamscore = $row[5];
} else {
$oppid = $row[3];
$oppname = stripslashes($row[4]);
$oppscore = $row[5];
$teamscore = $row[2];
}
$tmp .= "<td>{$new1}";
$oppname = '<a href="index.php?link=teaminfo&id=' . $oppid . '&' . SID . '">' . $new1 . $oppname . $new2 . '</a>';
if ($oppscore < $teamscore) {
$tmp .= "<b>Won</b> against {$oppname}";
} elseif ($oppscore > $teamscore) {
$tmp .= "<b>Lost</b> against {$oppname}";
} else {
$tmp .= "<b>Tie</b> against {$oppname}";
}
$tmp .= " ({$row[2]} - {$row[5]})";
$tmp .= "{$new2}</td>";
$tmp .= "</tr>\n";
}
}
echo '<tr>';
echo '<td align=center> <br><b>';
if ($count == 1) {
echo 'Last match';
} else {
if ($count == 11) {
echo 'Last 10 matches, view them all <a href="index.php?link=fights&id=' . $id . '&' . SID . '">here</a>';
} elseif ($count == 0) {
echo "No matches played";
} else {
echo "Last {$count} matches";
}
}
echo '</b><BR><BR></td></tr><TR><TD>';
echo "<table align=center border=0>{$tmp}</table>";
// Or... edit your team if you are a leader or ad admin, or with a password if you are a member
// Team members can't change the password, though...
// Unless ofcause the team is deleted
if ($team->status == 'deleted') {
if ($team->status_changed) {
echo "<br><center>This team is deleted as of " . gmdate('Y-m-d', $team->status_changed) . "</center>";
} else {
echo "<br><center>This team is deleted.</center>";
}
} else {
if ($s_logedin && (isFuncAllowed('teamadmin::edit_any_team') || $s_teamid == $id)) {
if (!isFuncAllowed('teamadmin::edit_any_team') && $s_playerid != $team->leader) {
// Team member, need password
echo '<form method=post>
<input type=hidden name=link value=teamadmin>
<input type=hidden name=id value=' . $id . '>
<br><center>Enter team password <input type=password size=8 maxlength=8 name=f_password> and
' . htmlFormButton('Edit Team', 'f_edit_x') . '
</center></form>';
} else {
$invites = sqlQuery("SELECT *, l_player.callsign FROM bzl_invites, l_player\n WHERE teamid={$id} AND expires > NOW() AND bzl_invites.playerid = l_player.id");
if (mysql_num_rows($invites) > 0) {
echo '<BR><HR>Invitations currently active:<BR><TABLE>';
while ($row = mysql_fetch_object($invites)) {
echo '<TR><TD width=25></td><TD>' . playerLink($row->playerid, $row->callsign) . "</td><TD width=10></td><TD>(expires: {$row->expires})</td></tr>";
}
echo '</table><HR>';
}
// Team leader or admin, let's go
echo '<center><BR>
' . htmlURLbutton('Edit Team', 'teamadmin', "id={$id}", ADMBUT) . '
<BR>
' . htmlURLbutton('Dismiss Team', 'dismissteam', "id={$id}", ADMBUT);
}
}
}
}
function section_register_presentEditForm(&$se)
{
// New user
echo '<BR><center><font size=+1>Welcome to the <a href="http://BZFlag.org/" target="_blank">BZFlag</a>
Capture The Flag League registration page!<br><br>
If you haven' . "'" . 't read the F.A.Q. yet, please <a href="index.php?link=faq"><b>do it now</b></a>
.<p></font> When you are ready, please fill in the following information<BR>
to setup a new account in the league system:<HR>';
echo '<script type="text/javascript">
now = new Date();
document.write ("<input type=hidden name=tzoffset value=" + now.getTimezoneOffset() +">");
</script>';
echo '<CENTER>';
echo '<BR>';
$se->formStart(array(link, id), 'ppedit');
$se->formDescript('Enter your BZflag callsign here. Your callsign is also
your user name for logging in to this site.', ST_FORMDESC);
$se->formText('callsign', 'Callsign', 20, 40, ST_FORMREQ);
$se->formRow('<HR>');
$se->formDescript('Enter your desired password here.', ST_FORMDESC);
$se->formPassword('password', 'Password', 8, 8);
$se->formPassword('password2', 'Verify', 8, 8);
$se->formRow('<HR>');
$se->formDescript('Please enter your location.', ST_FORMDESC);
$se->formSelector('country', 'Country', 'select name, numcode from bzl_countries order by name', array('-- PLEASE SELECT --' => null), null, ST_FORMREQ);
$se->formRow('<HR>');
$se->formDescript('Enter your email here. This will NOT be shown to anyone else
(unless you choose to do so in the profile edit), but will be used to reset your
password in case you forget it.', ST_FORMDESC);
$se->formText('email', 'E-mail', 38, 40, ST_FORMREQ);
$se->formRow('<HR>');
echo '<tr><td align=center colspan=2>' . htmlFormButton('Submit', 'SUB') . ' ' . htmlFormButton('Cancel', 'CAN', CLRBUT) . '</td></tr>';
$se->formEnd();
}
function section_news_presentForm($id)
{
echo '<BR><div class=feedback>';
if ($id > 0) {
$row = mysql_fetch_object(sqlQuery('select * from ' . TBL_NEWS . " where id={$id}"));
echo "EDITING NEWS (id #{$id}, by:{$row->authorname})";
} else {
echo "ADDING NEWS";
$row->newsdate = gmdate('Y-m-d H:i:s');
}
$link = $_GET['link'];
echo '</div><BR>';
echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>\n <input type=hidden name=link value={$link}>\n <input type=hidden name=state value=1>\n <tr><td align=right>Date:</td><TD width=8></td>\n <TD><input type=text size=20 maxlength=20 name=date value='{$row->newsdate}'></td></tr>\n <tr><td align=right valign=top>Text:</td><TD width=8></td>\n <TD><textarea cols=70 rows=10 name=text>{$row->text}</textarea></td></tr>\n <tr><td align=center colspan=3><BR>";
htmlMiniTable(array(htmlFormButton('Submit', '', ADMBUT), $id == 0 ? '' : htmlFormButton('DELETE News', 'del', ADMBUT), htmlURLbutton('Cancel', 'newsadmin', null, CLRBUT)), 8);
echo '</td></tr></form></table>';
}
function section_bzforums()
{
require_once 'lib/common.php';
$allowDelete = isFuncAllowed('post_delete');
$allowNew = isFuncAllowed('post_new');
$allowReply = isFuncAllowed('post_reply');
$allowEdit = isFuncAllowed('post_edit');
$allowLock = isFuncAllowed('topic_lock');
$allowSticky = isFuncAllowed('topic_sticky');
$allowTDelete = isFuncAllowed('topic_delete');
$allowViewDeleted = isFuncAllowed('topic_view_deleted');
$showRoles = isFuncAllowed('show_roles');
$POSTSPERPAGE = 10;
$link = 'bzforums';
$utcNOW = gmdate("Y-m-d H:i:s");
// Variables:
// top = which post is first on the page i think
$vars = array('top', 'threadid', 'forumid', 'id', 'action');
foreach ($vars as $var) {
${$var} = $_REQUEST[$var];
}
// Get and print the forum title
if (isset($forumid)) {
$row = mysql_fetch_object(mysql_query("select title, status from l_forum where id={$forumid}"));
echo 'Forum: <a href="index.php?link=' . $link . '&' . SID . '">
<font size=+1>BZforums</font></a><font size=+1><i> / </i></font>
<a href="index.php?link=' . $link . '&forumid=' . $forumid . '&' . SID . '">
<font size=+1>' . $row->title . '</font></a><hr>';
if ($row->status != 'Open') {
print "This forum is not accessible. Sorry";
return;
}
}
// check if we need to change permissions (eg, disallow reply/post for locked topics)
if (isset($threadid)) {
$threadid = intval($threadid);
$row = mysql_fetch_object(mysql_query("select status, is_sticky from l_forumthread where id={$threadid}"));
if ($row->status == 'locked' && !isAdmin()) {
$allowNew = false;
$allowReply = false;
} elseif ($row->status == 'deleted' && !$allowViewDeleted) {
errorPage('This topic is deleted');
return;
}
$threadstatus = $row->status;
$threadsticky = $row->is_sticky;
}
// Perform deletion
if ($allowDelete && $action == 'delete2' && $id != '') {
$id = intval($id);
mysql_query("DELETE FROM l_forummsg WHERE msgid = '{$id}' LIMIT 1") or die(mysql_error());
// Check if there is any message left for that thread
$threadid = intval($threadid);
$res = mysql_query("SELECT count(1) FROM l_forummsg WHERE threadid = '{$threadid}'") or die(mysql_error());
$row = mysql_fetch_row($res);
if ($row[0] == 0) {
// No messages in thread: deleting thread - jumo to threadlist
mysql_query("DELETE FROM l_forumthread WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error());
header("Location: index.php?link=bzforums&forumid={$forumid}");
exit;
}
$action = '';
} elseif ($action == 'lock') {
$threadid = intval($threadid);
if (!$allowLock) {
errorPage("You are not allowed to lock topics");
return;
}
mysql_query("UPDATE l_forumthread SET status = 'locked', status_by = {$_SESSION['playerid']}, \n status_at = '{$utcNOW}' WHERE id = '{$threadid}' and status != 'locked' LIMIT 1") or die(mysql_error());
$action = '';
$threadstatus = 'locked';
} elseif ($action == 'revive') {
$threadid = intval($threadid);
if (!$allowLock && $threadstatus == 'locked') {
errorPage("You are not allowed to unlock topics");
return;
}
if (!$allowTDelete && $threadstatus == 'deleted') {
errorPage("You are not allowed to undelete topics");
return;
}
mysql_query("UPDATE l_forumthread SET status = 'normal', \n status_by = {$_SESSION['playerid']}, status_at = '{$utcNOW}' WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error());
$action = '';
$threadstatus = 'normal';
} elseif ($action == 'deletetopic') {
$threadid = intval($threadid);
if (!$allowTDelete) {
errorPage("You are not allowed to delete topics");
return;
}
mysql_query("UPDATE l_forumthread SET status = 'deleted', status_by = {$_SESSION['playerid']}, \n status_at = '{$utcNOW}' WHERE id = '{$threadid}' and status != 'deleted' LIMIT 1") or die(mysql_error());
$action = '';
$threadstatus = 'deleted';
} elseif ($action == 'sticky') {
$threadid = intval($threadid);
if (!$allowSticky) {
errorPage("You are not allowed to use sticky");
return;
}
mysql_query("UPDATE l_forumthread SET is_sticky = 1 WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error());
$action = '';
$threadsticky = 1;
} elseif ($action == 'unsticky') {
$threadid = intval($threadid);
if (!$allowSticky) {
errorPage("You are not allowed to use sticky");
return;
}
mysql_query("UPDATE l_forumthread SET is_sticky = 0 WHERE id = '{$threadid}' LIMIT 1") or die(mysql_error());
$action = '';
$threadsticky = 0;
} elseif ($action == 'new' || $action == 'reply' || $action == 'edit') {
if ($action == 'new' && !$allowNew) {
errorPage("You are not allowed to post new topics");
return;
} elseif ($action == 'reply' && !$allowReply) {
errorPage("You are not allowed to reply");
return;
} elseif ($action == 'edit' && !$allowEdit) {
errorPage("You are not allowed to edit");
return;
}
echo '<form method=post name="post" action="index.php">' . SID_FORM;
echo '<input type=hidden name=threadid value=' . $threadid . '>';
echo '<input type=hidden name=link value="' . $link . '">';
echo '<input type=hidden name=forumid value=' . $forumid . '>';
echo '<input type=hidden name=id value=' . $id . '>';
echo '<input type=hidden name=top value=' . $top . '>' . snFormInit();
echo '<table border=0 align=center cellspacing=0 cellpadding=0>';
echo '<tr class=tablehead><td colspan=2 align=center>';
if ($action == 'new') {
echo 'New Topic';
} elseif ($action == 'reply') {
echo 'New Reply';
} else {
echo "Edit message";
}
echo '</td></tr>';
echo '<tr><td>Subject: </td><td>';
if ($action == 'new') {
print '<input type=text name=subject size=50 maxlength=80>';
} else {
$row = mysql_fetch_object(mysql_query("select subject from l_forumthread where id={$threadid}"));
echo '<i>' . $row->subject . '</i>';
}
print '</td></tr>';
echo '<tr><td valign="top">Message</td><td>';
if ($action == 'edit') {
$id = intval($id);
$row = mysql_fetch_object(mysql_query("select msg from l_forummsg where msgid={$id}"));
print '<textarea cols=50 rows=10 name=forummsg>' . htmlspecialchars($row->msg) . '</textarea>';
} else {
print '<textarea cols=50 rows=10 name=forummsg></textarea>';
}
print '</td></tr>';
// Form buttons
echo '<tr><td colspan=2 align=center>' . htmlFormButton('OK', 'save_' . $action) . ' ' . htmlFormButton('Cancel', 'cancel', CLRBUT) . '</td></tr>';
print '<tr><td>Smiley:</td><td align="middle">';
$res = mysql_query("select image, code from l_smiley GROUP BY image") or die(mysql_error());
while ($row = mysql_fetch_object($res)) {
print '<a href="#" onclick="javascript:document.post.forummsg.value += \' ' . $row->code . '\'"><img border=0 src="' . THEME_DIR . 'smilies/' . $row->image . '" border=0/></a> ';
}
print "</tr>";
echo '</table></form>';
} elseif (isset($_POST['save_new'])) {
$forummsg = section_bzforums_stripExtraLF($_POST['forummsg']);
$subject = $_POST['subject'];
// New topic
if ($allowNew) {
mysql_query("INSERT INTO l_forumthread (id,forumid,creatorid,subject) VALUES(0, {$forumid}, {$_SESSION['playerid']}, '" . $subject . "')") or die(mysql_error());
$threadid = mysql_insert_id();
mysql_query("insert into l_forummsg(msgid,threadid,fromid,msg,datesent) \n values(0, {$threadid}, {$_SESSION['playerid']}, '" . $forummsg . "', '{$utcNOW}')") or die(mysql_error());
session_refresh_all();
} else {
errorPage("You are not allowed to post new topics");
return;
}
} elseif (isset($_POST['save_reply'])) {
$forummsg = section_bzforums_stripExtraLF($_POST['forummsg']);
if ($allowReply) {
snCheck('bzforums', "forumid={$forumid}&threadid={$threadid}");
mysql_query("insert into l_forummsg(msgid,threadid,fromid,msg,datesent) \n values(0, {$threadid}, {$_SESSION['playerid']}, '" . $forummsg . "', '{$utcNOW}')");
session_refresh_all();
} else {
errorPage("You are not allowed to reply");
return;
}
} elseif (isset($_POST['save_edit'])) {
$forummsg = section_bzforums_stripExtraLF($_POST['forummsg']);
if ($allowReply) {
$id = intval($id);
snCheck('bzforums', "forumid={$forumid}&threadid={$threadid}");
// mysql_query("UPDATE l_forummsg SET msg = '$forummsg' WHERE msgid = '$id'");
mysql_query("UPDATE l_forummsg SET msg = '{$forummsg}', status = 'edited', \n status_by = {$_SESSION['playerid']}, status_at = '{$utcNOW}' WHERE msgid = '{$id}'");
session_refresh_all();
} else {
errorPage("You are not allowed to edit");
return;
}
}
if (isset($threadid)) {
// Display a thread
// Control buttons
// 06/28/2002: $POSTSPERPAGE posts/page max.
if (!isset($top)) {
$top = 0;
$newtop = 0;
}
if ($top == "") {
$top = 0;
$newtop = 0;
}
if ($action == '') {
echo '<TABLE align=right><TR>';
if ($allowReply && $threadstatus != 'deleted') {
echo '<td>' . htmlURLbutton('Add Reply', $link, "forumid={$forumid}&threadid={$threadid}&action=reply&top={$top}") . '</td>';
}
if ($allowLock && $threadstatus != 'locked') {
echo '<td>' . htmlURLbutton('Lock topic', $link, "forumid={$forumid}&threadid={$threadid}&action=lock&top={$top}", ADMBUT) . '</td>';
}
if ($allowTDelete && $threadstatus != 'deleted') {
echo '<td>' . htmlURLbutton('Delete topic', $link, "forumid={$forumid}&threadid={$threadid}&action=deletetopic&top={$top}", ADMBUT) . '</td>';
}
if ($allowLock && $threadstatus == 'locked' || $allowTDelete && $threadstatus == 'deleted') {
echo '<td>' . htmlURLbutton('Revive topic', $link, "forumid={$forumid}&threadid={$threadid}&action=revive&top={$top}", ADMBUT) . '</td>';
}
if ($allowSticky) {
if ($threadsticky) {
echo '<td>' . htmlURLbutton('Remove sticky', $link, "forumid={$forumid}&threadid={$threadid}&action=unsticky&top={$top}", ADMBUT) . '</td>';
} else {
echo '<td>' . htmlURLbutton('Make sticky', $link, "forumid={$forumid}&threadid={$threadid}&action=sticky&top={$top}", ADMBUT) . '</td>';
}
}
echo '</tr></table><BR clear=all>';
}
$temp = mysql_fetch_object(mysql_query("select count(msgid) num from l_forummsg where threadid={$threadid}"));
$numpost = $temp->num;
$numpages = floor(($numpost + $POSTSPERPAGE - 1) / $POSTSPERPAGE);
$curpage = $top / $POSTSPERPAGE + 1;
$res = sqlQuery("select msgid, msg, datesent, l_forummsg.status, status_at, l_player.id pid, \n player2.callsign as editedby, l_player.callsign, r.name as role\n from (l_forummsg, l_player, bzl_roles r)\n LEFT JOIN l_player player2 ON player2.id = status_by\n where threadid={$threadid}\n and fromid = l_player.id\n and l_player.role_id = r.id\n order by datesent\n limit {$top}, {$POSTSPERPAGE}");
// Table header
$sub = mysql_fetch_object(mysql_query("select subject, status from l_forumthread where id={$threadid}"));
echo '<table align=center border=1 cellspacing=0 cellpadding=1>';
if ($threadsticky) {
$status = '<b>Sticky</b> ';
} else {
$status = '';
}
if ($sub->status == 'locked') {
$status .= '<b>Locked</b> ';
} elseif ($sub->status == 'deleted') {
$status .= '<b>Deleted</b> ';
}
echo '<tr class=tabhead><td colspan=3><font size=+1>' . $status . '<i>' . smileys($sub->subject) . '</i></font>';
// Display pages if multiple pages and not adding a post
if ($numpages > 1 && !isset($addpost)) {
echo '<div align=right>';
for ($i = 1; $i <= $numpages; $i++) {
if ($i == $curpage) {
echo $i . ' ';
} else {
$newtop = ($i - 1) * $POSTSPERPAGE;
echo '<a href="index.php?link=' . $link . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $newtop . '&' . SID . '">' . $i . '</a> ';
}
}
echo '</div>';
}
echo '</td></tr>';
echo '<tr class=tablehead><td>Author</td><td>Message</td></tr>';
$cf = 1;
while ($row = mysql_fetch_object($res)) {
echo '<tr class=forum' . $cf . '>';
echo '<td valign=top rowspan="' . ($allowDelete ? 2 : 1) . '"><a href="index.php?link=playerinfo&id=' . $row->pid . '&' . SID . '">' . $row->callsign . '</a>';
if ($showRoles) {
print " <small>({$row->role})</small>";
}
echo '<br><font size=-2>(' . $row->datesent . ')</font></td>';
$msgbody = smileys(wordwrap(nl2br(htmlspecialchars($row->msg)), 75, " ", true));
// DMP 19oct2007: Added wordwrap to break annoyingly long lines
$highlight = false;
// Setup available commands
// Comamnds: If a ALL key exists, it will be the only one showed, otherwise all elements is shown
$commands = array();
if ($allowDelete) {
if ($action == 'delete' && $id == $row->msgid) {
$highlight = true;
$commands['ALL'] = 'Confirmation: ' . htmlLink('Delete', 'bzforums', 'action=delete2&id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top) . ' OR ' . htmlLink('Cancel?', 'bzforums', 'id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top);
} else {
$commands[] = htmlLink('[delete]', 'bzforums', 'action=delete&id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top);
}
}
if ($allowEdit) {
$commands[] = htmlLink('[edit]', 'bzforums', 'action=edit&id=' . $row->msgid . '&forumid=' . $forumid . '&threadid=' . $threadid . '&top=' . $top);
}
if ($highlight) {
echo '<td valign=top><font color=red>' . $msgbody . '</font>';
} else {
echo '<td valign=top>' . $msgbody;
}
if ($row->status == 'edited') {
echo "<BR><small>(Message edited by {$row->editedby} at: {$row->status_at})</small>";
}
echo '</td></tr>';
// Show commands if any
if (count($commands)) {
// if action is set dont show i$commands unless it contains 'ALL'
if ($action != '' && isset($commands['ALL']) || $action == '') {
echo '<tr><td align="right" colspan="2" valign=top><small>' . (isset($commands['ALL']) ? $commands['ALL'] : join(' ', $commands)) . '</small></td></tr>';
} else {
echo '<tr></tr>';
}
}
$cf = 3 - $cf;
}
echo '</table>';
if ($curpage < $numpages) {
echo '<CENTER><BR>' . htmlURLbutSmall("NEXT Page", $link, "forumid={$forumid}&threadid={$threadid}&top=" . $curpage * $POSTSPERPAGE);
}
} else {
if (isset($forumid) && !isset($addpost)) {
// Display specific forum
// Control buttons
if ($allowNew) {
echo '<div align=right>' . htmlURLbutton('New Topic', $link, "forumid={$forumid}&action=new&top={$top}") . '</div>';
}
if ($allowViewDeleted) {
$viewClause = '';
} else {
$viewClause = "AND l_forumthread.status != 'deleted' ";
}
$res = mysql_query("select l_forumthread.id,l_forumthread.subject, l_player.id pid, \n l_player.callsign, max(l_forummsg.datesent) ds, \n unix_timestamp(max(l_forummsg.datesent)) datesent_ts,\n l_forumthread.status, \n l_forumthread.status_at,\n splayer.callsign as status_by, l_forumthread.is_sticky\n from (l_forumthread, l_forummsg, l_player, l_player l_player2)\n left join l_player splayer ON (splayer.id = l_forumthread.status_by)\n where l_forumthread.forumid={$forumid}\n and l_forumthread.creatorid = l_player.id\n {$viewClause}\n and l_forumthread.id = l_forummsg.threadid\n and l_player2.id = l_forummsg.fromid\n group by l_forumthread.id, l_forumthread.subject, l_player.id, l_player.callsign\n order by l_forumthread.is_sticky DESC, ds desc") or die(mysql_error());
// Table header
echo '<table align=center border=1 cellspacing=0 cellpadding=1>';
echo '<tr class=tabhead><td width=50%>Topic</td><td align=center>Replies</td><td
align=center>Last Comment</td><td align=center>Started by</td></tr>';
while ($row = mysql_fetch_object($res)) {
// Get the last author for this topic
$la = mysql_fetch_object(mysql_query("select l_player.id pid, l_player.callsign\n from l_player, l_forummsg\n where threadid = {$row->id}\n and fromid = l_player.id\n order by datesent desc\n limit 0, 1"));
$nr = mysql_fetch_object(mysql_query("select count(*)-1 num\n from l_forummsg\n where threadid = " . $row->id));
echo '<tr><td>';
if ($row->is_sticky == 1) {
print '<b>STICKY</b> ';
}
if ($row->status == 'locked') {
echo '<b>LOCKED</b>; ';
} elseif ($row->status == 'deleted') {
echo '<b>DELETED</b>; ';
}
echo '<a href="index.php?link=' . $link . '&forumid=' . $forumid . '&threadid=' . $row->id . '&' . SID . '">';
if (empty($row->subject)) {
$row->subject = '(no subject)';
}
if (isset($_SESSION['last_login']) && $_SESSION['last_login'] < $row->datesent_ts) {
echo '<font color="red"><b>' . smileys($row->subject) . '</b></font></a>';
} else {
echo smileys($row->subject) . '</a>';
}
$numpages = floor(($nr->num + 1 + $POSTSPERPAGE - 1) / $POSTSPERPAGE);
if ($numpages > 1) {
echo ' (<img src="' . THEME_DIR . '/multipage.gif"> ';
for ($i = 2; $i <= $numpages; $i++) {
$t = ($i - 1) * 10;
echo '<a href="index.php?link=' . $link . '&top=' . $t . '&forumid=' . $forumid . '&threadid=' . $row->id . '&' . SID . '">' . $i . '</a> ';
}
echo ')';
}
if ($row->status != 'normal') {
if (!$row->status_by) {
$row->status_by = 'SYSTEM';
}
echo "<br /><small>by {$row->status_by} at {$row->status_at}</small>";
}
echo '</td>
<td align=center>' . $nr->num;
echo '</td>
<td align=center>' . $row->ds . '<br>by <a href="index.php?link=playerinfo&id=' . $la->pid . '&' . SID . '">' . $la->callsign . '</a></td>
<td align=center><a href="index.php?link=playerinfo&id=' . $row->pid . '&' . SID . '">' . $row->callsign . '</a></td>
</tr>';
}
echo '</table>';
} elseif ($action == '') {
// Display forums list
$res = mysql_query("select l_forum.id, l_forum.title, ifnull(max(l_forummsg.datesent),'n/a') md, count(l_forummsg.msgid) num,\n unix_timestamp(max(l_forummsg.datesent)) as datesent_ts\n from l_forum \n left join l_forumthread on (l_forum.id = l_forumthread.forumid AND l_forumthread.status != 'deleted')\n left join l_forummsg on l_forumthread.id = l_forummsg.threadid\n where l_forum.status = 'open'\n group by l_forum.id, l_forum.title\n order by title") or die(mysql_error());
echo '<table align=center border=0 cellspacing=0 cellpadding=1>
<tr class=tabhead><td>Forums</td><td align=right># Posts</td><td align=center>Last Comment</td></tr>';
while ($row = mysql_fetch_object($res)) {
echo '<tr><td><a href="index.php?link=' . $link . '&forumid=' . $row->id . '&' . SID . '">';
if (isset($_SESSION['last_login']) && $_SESSION['last_login'] < $row->datesent_ts) {
echo "<font color=\"red\">" . $row->title . "</font>";
} else {
echo $row->title;
}
echo '</a></td><td align=center>' . $row->num . '</td><td align=center>' . $row->md . '</td></tr>';
}
echo '</table>';
}
}
}
function section_playerinfo_presentEditForm(&$se)
{
echo '<CENTER>';
echo '<BR>';
$se->formStart(array(link, id), 'ppedit');
$se->formDescript('You can change your callsign here. Remember that it is also
your user name for logging in to this site. If you have other callsigns that you use while
playing BzFlag, you may enter them in the "alternate" fields.', ST_FORMDESC);
$se->formText('callsign', 'Callsign', 20, 40, ST_FORMREQ);
$se->formText('altnik1', 'Alternate', 20, 30);
$se->formText('altnik2', 'Alternate', 20, 30);
$se->formRow('<HR>');
$se->formDescript('To keep your current password, leave the following two fields blank.', ST_FORMDESC);
$se->formPassword('password', 'Password', 8, 8);
$se->formPassword('password2', 'Verify', 8, 8);
$se->formRow('<HR>');
$se->formDescript('Please enter your location below. Note that <b>the country is required</b>.
Other information is not required, but if you live in the United States or Canada, please
select your state or province.', ST_FORMDESC);
$se->formSelector('country', 'Country', 'select name, numcode from bzl_countries order by name', array('-- PLEASE SELECT --' => -1), null, ST_FORMREQ);
$se->formSelector('state', 'State/Prov', 'select name, id from bzl_states order by name', array('' => -1), '(If USA or Canada)');
$se->formText('city', 'City', 20, 20);
$se->formSelector('utczone', 'Time zone', null, section_playerinfo_makeZoneArray(), '');
$se->formText('zonename', 'Zone name', 8, 8);
$se->formRow('<HR>');
$se->formDescript('Enter some contact information. The <b>Email field is required</b>,
but will <b>NOT</b> be shown to anyone else unless you check the "show email" box below.
All other fields are optional, but please fill in as many as are appropriate, as
this <i>really</i> helps with arranging matches, team meetings, etc.', ST_FORMDESC);
$se->formText('email', 'E-mail', 40, 40, ST_FORMREQ);
$se->formText('aim', 'AIM', 20, 20);
$se->formText('yim', 'YIM', 20, 20);
$se->formText('msm', 'MSM', 20, 30);
$se->formText('icq', 'ICQ', 10, 12);
$se->formText('jabber', 'Jabber', 20, 30);
$se->formText('ircnik1', 'iRc nick', 20, 20);
$se->formCheckbox('emailpub', 'Show email', 'Y', 'N', 'Check this ONLY if you want your email shown to others. If so, it will be anti-spam encoded.');
$se->formRow('<HR>');
$se->formDescript('If you would like a logo (image) to show with your profile, enter a
URL to the image below. The url should start with "http://". The maximum image
size allowed is 400x300, or 60KB.', ST_FORMDESC);
$se->formText('logo', 'Logo URL', 40, 200);
$se->formSelector('logobg', 'Background', null, array('none' => '', 'white' => 'ffffff', 'light gray' => 'cccccc', 'dark gray' => '555555', 'black' => '000000'), 'Choose a background color for displaying your logo');
if ($se->logo != "") {
$se->formRow('<BR>CURRENT IMAGE:<BR>' . section_playerinfo_dispLogo($se->logo, $se->logobg));
}
$se->formRow('<HR>');
$se->formDescript('Enter any additional information that you would like displayed with
your profile here. HTML is not allowed, and will be disabled.', ST_FORMDESC);
$se->formTextArea('comment', 'Comment', 50, 6);
$se->formRow('<HR>');
// Admins can change users level
if (isAdmin()) {
$res = mysql_query("SELECT id, name FROM bzl_roles ORDER BY name") or die(mysql_error());
while ($row = mysql_fetch_assoc($res)) {
$options[$row['name']] = $row['id'];
}
$se->formSelector('role_id', 'User level', null, $options, 'Only Admins can set this.');
$se->formRow('<HR>');
}
echo '<tr><td align=center colspan=2>' . htmlFormButton('Submit', 'f_ok_x') . ' ' . htmlFormButton('Cancel', 'f_cancel_x', CLRBUT) . '</td></tr>';
$se->formEnd();
}
function section_teamadmin()
{
require_once 'lib/common.php';
$TEAMSIZE = 20;
$vars = array('id', 'f_password', 'f_ok_x', 'f_comment', 'f_logo', 'f_name', 'f_status', 'f_password1', 'f_password2', 'link', 'f_leader');
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
}
// Check permission
$allowed = 0;
$obj = mysql_fetch_object(mysql_query("select name, comment, leader, logo, password, status, adminclosed from l_team where id=" . $id));
$res = mysql_fetch_object(mysql_query("select count(*) num from l_player where team=" . $id));
$numplayer = $res->num;
if (isFuncAllowed('edit_any_team') || $_SESSION['playerid'] == $obj->leader) {
// Admin or team leader, allowed
$allowed = 1;
} else {
// Check password
$cypher = substr(crypt($f_password, substr($obj->password, 0, 2)), 0, 13);
if ($cypher == $obj->password) {
// Good password, allowed
$allowed = 1;
}
}
echo '<BR>';
if ($obj->status == 'deleted') {
echo "<center>Sorry, you cannot edit a deleted team.</center>";
} else {
if (!$allowed) {
echo "<center>Sorry, you don't have the permission to edit the <a href=\"index.php?link=teaminfo&id=" . $id . "&" . SID . "\">" . $obj->name . "</a> team, or you entered an incorrect password.</center>";
} else {
if ($f_ok_x) {
$f_comment = stripslashes($f_comment);
$f_logo = stripslashes($f_logo);
$f_name = stripslashes($f_name);
$f_status = stripslashes($f_status);
} else {
$f_comment = $obj->comment;
$f_logo = $obj->logo;
$f_name = $obj->name;
$f_status = $obj->status;
}
$error = 1;
if ($f_ok_x) {
$error = 0;
// Check password
if ($f_password1 != $f_password2) {
$error = 1;
echo "<div class=error>The passwords don't match</div>";
} else {
if ($f_password1 != "") {
$cypher = ", password='******'$1') . "'";
} else {
$cypher = "";
}
}
// Check duplicate team names
$res = mysql_query("select name from l_team where id!={$id} and name=\"" . addslashes($f_name) . "\"");
if (mysql_num_rows($res) != 0) {
$error = 1;
echo "<div class=error>A team with this name: '{$f_name}' already exists</div>";
$f_name = $obj->name;
}
// Check empty team name
if ($f_name == '') {
$error = 1;
echo "<div class=error>The team name can't be empty</div>";
$f_name = $obj->name;
}
// Check logo
//$msg = checkLogoSize($f_logo);
$msg = '';
if ($msg != '') {
$error = 1;
echo "<div class=error>{$msg}</div>";
}
}
if ($error) {
echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>";
// Hidden fields
echo '<input type=hidden name=f_password value="' . $f_password . '">';
echo '<input type=hidden name=link value="' . $link . '">';
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
// Admins and leaders can change the team name
echo '<tr><td>Team name:</td><td><input name=f_name size=40 maxlength=40 value="' . $f_name . '"></td></tr>';
} else {
echo "<tr><td align=center colspan=2 class=tablehead><div class=teamname><b>" . $obj->name . "</b></div><input type=hidden name=f_name value=\"{$f_name}\"></td></tr>";
}
// Logo
if ($obj->logo != "") {
echo '<tr><td align=center colspan=2><BR><img src="' . $obj->logo . '"></td></tr>';
}
echo '<tr><td>Logo URL (400x300 max!):</td><td><input type=text size=60 maxlength=200 name=f_logo value="' . $f_logo . '"></td></tr>';
echo "<tr><td colspan=2><hr></td></tr>";
// Admin and leaders can change the team password
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
// Password
echo '<tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password1 value="' . $f_password1 . '"> (leaving the fields empty will keep the current password)</td></tr>
<tr><td>Password:</td><td><input type=password size=8 maxlength=8 name=f_password2 value="' . $f_password2 . '"></td></tr>
<tr><td colspan=2><hr></td></tr>';
}
// Admin and leaders can change the team status
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
if ($numplayer >= 3 && $numplayer < $TEAMSIZE) {
// Can change status IF there are 3 players or more
echo "<tr><td>Team status:</td><td><select name=f_status>";
if ($f_status == 'opened') {
echo '<option selected value=opened>opened</option>
<option value=closed>closed</option>';
} else {
echo '<option value=opened>opened</option>
<option selected value=closed>closed</option>';
}
echo "</select></td></tr>";
} else {
if ($numplayer == 1) {
$typo = 'player';
} else {
$typo = 'players';
}
echo '<input type=hidden name=f_status value="' . $obj->status . '">';
echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . ' (forced because you have ' . $numplayer . ' ' . $typo . ')</td></tr>';
}
} else {
echo '<tr><td align=center colspan=2>The team is currently ' . $obj->status . '</td></tr>';
}
if (isAdmin() || $_SESSION['playerid'] == $obj->leader) {
echo "<tr>";
echo "<td>Leader</td>";
echo "<td><select name=\"f_leader\">";
$sql = "SELECT id, callsign FROM l_player WHERE team = '{$id}' ORDER by callsign";
$res = mysql_query($sql);
while ($row = mysql_fetch_row($res)) {
if ($row[0] == $obj->leader) {
print "<option value=\"\" SELECTED>" . stripslashes($row[1]) . " (current leader)</option>";
} else {
print "<option value=\"{$row[0]}\">" . stripslashes($row[1]) . "</option>";
}
}
echo "</select>";
echo "</td>";
echo "</tr>";
}
// Comment
echo '<tr><td colspan=2>Comment:<br><textarea name=f_comment cols=50 rows=6>' . $f_comment . '</textarea></td></tr>
<tr><td colspan=2><hr></td></tr>
<tr><td align=center colspan=2><table><tr><td>' . htmlFormButton(' OK ', 'f_ok_x') . '</td><td width=8></td><td>' . htmlURLbutton('Cancel', 'teaminfo', "id={$id}", CLRBUT) . '</td></tr></table></td></tr></table></form>';
} else {
// Update the table
if (!empty($f_leader)) {
$sql = "SELECT 1 FROM l_player WHERE id = '{$f_leader}' AND team = {$id} ";
$res = mysql_query($sql);
if (mysql_fetch_row($res)) {
$_SESSION['leader'] = $f_leader == $_SESSION['playerid'] ? 1 : 0;
$f_leader = 'leader = ' . $f_leader . ', ';
} else {
$f_leader = '';
}
} else {
$f_leader = '';
}
if ($f_status == '') {
$f_status = 'opened';
}
if ($f_status != $obj->status) {
// Changed the status
if ($f_status == 'closed') {
$adminclosed = 'yes';
} else {
$adminclosed = 'no';
}
} else {
// Keep current status
$adminclosed = $obj->adminclosed;
}
sqlQuery($sql = 'update l_team
set logo="' . addSlashes($f_logo) . '",
comment="' . addSlashes($f_comment) . '" ' . $cypher . ',
name="' . addSlashes($f_name) . '",
adminclosed="' . $adminclosed . '", ' . $f_leader . '
status="' . $f_status . '"
where id=' . $id);
echo '<BR><center>Thank you, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a>, for updating the <a href="index.php?link=teaminfo&id=' . $id . '&' . SID . '">' . $f_name . '</a> team.</center>';
// If changed the team name, inform the team members
if ($f_name != $obj->name) {
echo '<center>You changed the team name, we inform your team members.</center>';
sendBzMail(0, $id, 'Team renamed!', '<center>---ADMINISTRATIVE MESSAGE---</center><br>' . $_SESSION['callsign'] . ' just changed the name of your team from <i>' . $obj->name . '</i> to <i>' . $f_name . '</i>.', true, true);
}
}
}
}
}
function section_messages()
{
$vars = array('del', 'delbulk', 'checknum', 'read', 'link', 'read');
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
}
echo '<BR>';
if (isAuthenticated()) {
$_SESSION['last_msg_read_ts'] = time();
$_SESSION['new_mail'] = 0;
if (isset($del)) {
mysql_query("delete from l_message\n where msgid={$del}\n and toid={$_SESSION['playerid']}");
}
if (isset($delbulk)) {
$numdel = 0;
for ($i = 0; $i < $checknum; $i++) {
$delid = $_POST["del" . $i];
if (isset($delid)) {
$numdel++;
mysql_query("delete from l_message where msgid={$delid} and toid={$_SESSION['playerid']}");
}
}
if ($numdel != 1) {
$esse = 's';
} else {
$esse = '';
}
echo "<center>Deleted {$numdel} message{$esse}.</center><BR>";
}
if (isset($read)) {
// Display one message
$res = sqlQuery("select l_player.callsign sender, l_message.status as msgstat, fromid, datesent, subject, msg, htmlok, l_message.team\n from l_message\n left join l_player\n on id = fromid\n where toid={$_SESSION['playerid']}\n and msgid={$read}");
if (mysql_num_rows($res) == 0) {
return errorPage('no messages found');
} else {
// Display the message
$msg = mysql_fetch_object($res);
echo '<table width=80% align=center border=0 cellspacing=0 cellpadding=1>
<tr class=tabhead><td align=right width=10><nobr>Date sent:</nobr></td><TD width=6></td><TD>' . $msg->datesent . '</td></tr>';
if ($msg->sender == '') {
// Administrative message
echo '<tr class=tabhead><td align=right>From: </td><TD></td><TD><b>CTF League System</b></td></tr>';
} else {
echo '<tr class=tabhead><td align=right>From: </td><TD></td><TD><a href="index.php?link=playerinfo&id=' . $msg->fromid . '&' . SID . '">' . $msg->sender . '</a></td></tr>';
}
if ($msg->subject == '') {
$subject = 'No subject';
} else {
$subject = stripslashes($msg->subject);
}
echo '<tr class=tabhead><td align=right>Subject:</td><TD></td><TD>' . wordwrap(htmlentities($subject), 40, '<br>') . '</td></tr>';
echo '<tr><td align=right valign=top><BR>Message:</td><TD></td><TD><BR><TABLE width=100% cellpadding=10 style="border: solid 1px"><TR><TD>';
if ($msg->sender == '' || $msg->htmlok > 0) {
// if admin message, allow html
echo nl2br($msg->msg);
} else {
echo nl2br(htmlentities($msg->msg));
}
echo '</td></tr></table></td></tr></table>';
if ($msg->msgstat == 'new') {
--$_SESSION['mail_unread'];
// Set message as read
mysql_query("update l_message set status='read' where msgid={$read}");
}
// Display buttons: delete goback reply
echo '<br><TABLE align=center><TR valign=top>';
// Can't reply to administrative messages
if ($msg->sender != '') {
echo '<TD><form method=post action="index.php">' . SID_FORM;
echo '<input type=hidden name=link value=sendmessage>';
echo '<input type=hidden name=pid value=' . $msg->fromid . '>';
echo '<input type=hidden name=toteam value="' . $msg->team . '">';
echo '<input type=hidden name=reply value=1>';
echo '<input type=hidden name=mid value=' . $read . '>';
echo htmlFormButton('Reply', 'reply_direct') . '</td>';
if ($msg->team == 'yes') {
echo '<td width=10></td><td>' . htmlFormButton('Reply To Team', 'reply_team') . '</td>';
}
echo '</form><TD width=10></td>';
}
echo '<TD>' . htmlURLbutton('Delete', 'messages', "del={$read}") . '</td><TD width=10></td><TD>' . htmlURLbutton('Back', 'messages', null, CLRBUT) . '</td></tr></table>';
}
} else {
// Display all messages
$res = mysql_query("select msgid, l_player.callsign sender, fromid, datesent, \n subject, l_message.status, l_message.team\n from l_message left join l_player on id = fromid\n where toid={$_SESSION['playerid']} order by datesent desc");
echo '<div class=checkbox>';
if (mysql_num_rows($res) == 0) {
echo "<center>You don't have any message to read.</center>";
} else {
echo '<script type="text/javascript">
function checkAll (form, checkallcheckbox)
{
for (i = 0; i < form.elements.length; i++)
if (form.elements[i].type == "checkbox"){
form.elements[i].checked = checkallcheckbox.checked;
}
}
</script>';
echo '<form name="myform" method=post>' . SID_FORM . '<table border=0 align=center cellspacing=0 cellpadding=1>
<tr class=tabhead><td><input type="checkbox" name="CheckAll" value="Check All"
onClick="checkAll(document.myform, document.myform.CheckAll)"</td><td>Date sent </td>
<td>Subject </td><td width=5></td><td>From</td></tr>';
$checknum = 0;
$rownum = 0;
while ($msg = mysql_fetch_object($res)) {
$cl = ++$rownum % 2 ? 'rowOdd' : 'rowEven';
echo "\n<tr class={$cl} valign=top><td>";
// Display checkbox for deleting message
echo '<input class=checkbox type=checkbox name=del' . $checknum . ' value=' . $msg->msgid . '> ';
$checknum++;
// New messages are bold, so we prepare some stuff
$bb = '';
$be = '';
switch ($msg->status) {
case 'new':
echo '<img src="' . THEME_DIR . 'msgnew.gif">';
$bb = '<b>';
$be = '</b>';
break;
case 'read':
echo '<img src="' . THEME_DIR . 'msgread.gif">';
break;
case 'replied':
echo '<img src="' . THEME_DIR . 'msgreplied.gif">';
break;
}
if ($msg->team == 'yes') {
echo '<img src="' . THEME_DIR . '/team.gif">';
}
echo '</td><td><font size=-2>' . $bb . $msg->datesent . $be . '</font> </td>';
if ($msg->subject == '') {
$subject = 'No subject';
} else {
$subject = stripslashes($msg->subject);
}
echo "<TD>{$bb}" . htmlLink(wordwrap($subject, 40, '<br>'), 'messages', "read={$msg->msgid}", $bb ? LINK_NEW : null) . "</a>{$be}</td><TD></td>";
if ($msg->sender == '') {
// Administrative message
echo '<td> <b>CTF League System</b></td></tr>';
} else {
echo '<td> <a href="index.php?link=playerinfo&id=' . $msg->fromid . '&' . SID . '">' . $msg->sender . '</a></td></tr>';
}
}
echo '</table><br> </div> <center>' . htmlFormButton('Delete Checked', 'delbulk') . '<input type=hidden name=link value="messages">
<input type=hidden name=checknum value=' . $checknum . '
</center></form>';
}
}
} else {
errorPage('You are not allowed to view the messages');
}
}
function section_sendmessage()
{
require_once 'lib/common.php';
$vars = array('pid', 'tid', 'f_ok_x', 'toteam', 'reply', 'f_subject', 'f_msg', 'replying', 'repid', 'mid', 'link', 'dup');
$s_playerid = $_SESSION['playerid'];
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
}
if (isGuest()) {
return errorPage('Not Authorized');
}
if ($dup) {
echo '<BR><CENTER>Duplicate mail not sent (refresh or back button detected)<BR>';
return;
}
if (isset($pid)) {
if ($toteam == 'yes' && isset($_POST['reply_team'])) {
$team = mysql_fetch_object(mysql_query("select l_team.id, name from l_team, l_player where l_player.id={$pid} and l_team.id=team"));
$tid = $team->id;
} else {
$toteam = 'no';
$player = mysql_fetch_object(mysql_query("select callsign from l_player where id={$pid}"));
}
}
if (isset($tid)) {
$team = mysql_fetch_object(mysql_query("select name from l_team where id={$tid}"));
}
$error = 1;
if ($f_ok_x) {
$error = 0;
$f_msg = stripslashes($f_msg);
if ($f_msg == '') {
$error = 1;
echo "<div class=error>You must write something to send a message</div>";
}
}
if ($error) {
if (isset($toteam)) {
if ($toteam == 'yes') {
$rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>';
} else {
$rcpt = '<a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>';
}
} else {
if (isset($tid)) {
$rcpt = 'team <a href="index.php?link=teaminfo&id=' . $tid . '&' . SID . '">' . $team->name . '</a>';
} else {
$rcpt = 'player <a href="index.php?link=playerinfo&id=' . $pid . '&' . SID . '">' . $player->callsign . '</a>';
}
}
if (isset($reply)) {
$msg = mysql_fetch_object(mysql_query($sql = "select * from l_message where msgid={$mid}"));
$message = $msg->msg;
$f_subject = $msg->subject;
if (substr($f_subject, 0, 3) != 'Re:') {
$f_subject = 'Re: ' . $f_subject;
}
// Strip subject if it's too long
if (strlen($f_subject) > 80) {
$f_subject = substr($f_subject, 0, 80);
}
echo "<table border=0 align=center cellspacing=0 cellpadding=1>\n <tr class=tablehead><td>Original message:</td></tr>\n <tr class=msgquote><td>";
echo stripslashes(nl2br($message)) . '</td></tr></table><br>';
// Quote initial message
$f_msg = ereg_replace("\n", ">", ereg_replace("^", ">", $message));
$f_msg = $f_msg . "\n>\n";
$action = "Replying to ";
} else {
$action = "Sending a message to ";
}
echo '<center><form method=post>' . SID_FORM . $action . $rcpt . '.<br><br>
Enter your message below:<br>
Subject:<input type=text maxlength=80 size=60 name=f_subject value="' . $f_subject . '"><BR>
<textarea cols=50 rows=15 name=f_msg>' . stripslashes($f_msg) . '</textarea>
<hr><center>
<input type=hidden name=link value=' . $link . '>';
snFormInit();
echo '<TABLE><TR><TD>' . htmlFormButton('SEND', 'f_ok_x') . '</td><TD width=10></td><TD>';
if (isset($pid)) {
echo htmlURLbutton('Cancel', 'playerinfo', "id={$pid}", CLRBUT);
} else {
echo htmlURLbutton('Cancel', 'teaminfo', "id={$tid}", CLRBUT);
}
echo '</td></tr></table><input type=hidden name=link value=' . $link . '>';
if (isset($reply)) {
// Flag that we are replying to a message
echo '<input type=hidden name=replying value=1>';
echo '<input type=hidden name=repid value=' . $mid . '>';
}
if (isset($tid)) {
echo '<input type=hidden name=tid value=' . $tid . '>';
} else {
echo '<input type=hidden name=pid value=' . $pid . '>';
}
echo '</center></form></center>';
} else {
// Do send the message
echo "<center>Message sent, thank you!</center>";
snCheck('sendmessage', 'dup=1');
// If replying we mark the original message as replied
if (isset($replying)) {
mysql_query("update l_message set status='replied' where msgid={$repid}");
}
if (isset($pid)) {
if ($toteam == 'yes') {
// Send to a team
sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes');
} else {
// Send to one player
sendBzMail($s_playerid, $pid, $f_subject, $f_msg);
}
} else {
// Send to a team
sendBzMail($s_playerid, $tid, $f_subject, $f_msg, 'yes');
}
}
}
function section_invite_dispForm($team, $player, $link, $days)
{
global $invite_durations;
echo '<center><form method=post><font size=+1>Sending an invitation to ' . playerLink($player->id, $player->callsign) . ' to join your team, ' . teamLink($team->name, $team->id, false) . '</font><br>';
echo '<BR><TABLE><TR><TD><HR><p>This invitation will allow ' . playerLink($id, $player->callsign) . ' to join your team, even if it is closed.<BR>Please select when this invitation should expire:
<select name=days>';
foreach ($invite_durations as $val => $text) {
htmlOption($val, $text, $days);
}
echo '</select><p><hr><p>
Enter a few words which will be attached to your invitation (mandatory):<br>
<textarea cols=50 rows=6 name=f_invite>' . $f_invite . '</textarea>
<center><p><TABLE align=center><TR><TD>' . htmlFormButton("Invite", 'f_ok_x') . '</td><TD width=10></td><TD>' . htmlURLbutton("Cancel", 'playerinfo', "id={$id}", CLRBUT) . '</td></tr></table>';
echo '<input type=hidden name=link value=' . $link . '>
<input type=hidden name=id value=' . $player->id . '>
</center></form></center> </td></tr></table>';
}
function section_links_presentForm($id)
{
echo '<BR><div class=feedback>';
if ($id > 0) {
echo "EDITING LINK (id #{$id})";
$row = mysql_fetch_object(sqlQuery('select * from ' . TBL_LINKS . " where id={$id}"));
} else {
echo "ADDING NEW LINK";
$row->url = 'http://';
}
$link = $_GET['link'];
echo '</div><BR>';
echo "<form method=post><table align=center border=0 cellspacing=0 cellpadding=1>\n <input type=hidden name=link value={$link}>\n <input type=hidden name=state value=1>\n <tr><td align=right>Title:</td><TD><input type=text size=50 maxlength=80 name=title value='{$row->name}'></td></tr>\n <tr><td align=right>URL:</td><TD><input type=text size=50 maxlength=120 name=url value='{$row->url}'></td></tr>\n <tr><td align=right>Comment:</td><TD><textarea cols=70 rows=10 name=comment>{$row->comment}</textarea></td></tr>\n <tr><td align=right>Sort #:</td><TD><input type=text size=5 maxlength=4 name=ord value='{$row->ord}'></td></tr>\n <tr><td align=center colspan=2>";
htmlMiniTable(array(htmlFormButton('Submit', '', ADMBUT), $id == 0 ? '' : htmlFormButton('DELETE Link', 'del', ADMBUT), htmlURLbutton('Cancel', 'linkadmin', null, CLRBUT)), 8);
echo '</td></tr></form></table>';
}
function section_login()
{
$vars = array('f_ok', 'f_call', 'f_pass', 'link');
foreach ($vars as $var) {
${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
}
echo '<BR>';
if ($f_ok) {
// Check the password
$res = mysql_query("select p.id, p.callsign, p.password, p.md5password, \n unix_timestamp(p.last_login) as last_login, p.utczone, p.country\n from l_player p,bzl_roles r where p.role_id = r.id AND p.callsign='" . addSlashes($f_call) . "'");
if (mysql_num_rows($res) != 0) {
$obj = mysql_fetch_object($res);
// Check MD5 password, or password, and do the conversion
$cyphermd5 = md5($f_pass);
// Do check the password
if ($obj->md5password == '') {
$cypher = crypt($f_pass, substr($obj->password, 0, 2));
if ($cypher == $obj->password) {
$idsuccess = 1;
// Update MD5 password in database
mysql_query("update l_player set md5password='******' where id=" . $obj->id);
} else {
$idsuccess = 0;
}
} else {
if ($cyphermd5 == $obj->md5password) {
$idsuccess = 1;
} else {
$idsuccess = 0;
}
}
if ($idsuccess == 1) {
// Logged in!
// Insert an entry into the statistics table
if (!$obj->country || $obj->country <= 0) {
$_SESSION['required'] = true;
}
$gmnow = gmdate("Y-m-d H:i:s");
sqlQuery('insert into ' . TBL_VISITS . " (ts, pid, ip) \n values ('{$gmnow}', {$obj->id}, '{$_SERVER['REMOTE_ADDR']}')");
if (!isset($obj->utczone)) {
$uz = 0 - $_POST['tzoffset'] / 60;
sqlQuery("update l_player set utczone={$uz} where id={$obj->id}");
}
$now = gmdate("Y-m-d H:i:s");
mysql_query("UPDATE l_player SET last_login='******' WHERE id=" . $obj->id);
$_SESSION['playerid'] = $obj->id;
$_SESSION['callsign'] = $obj->callsign;
$_SESSION['last_login'] = $obj->last_login;
$_SESSION['seqnum'] = 1;
session_refresh();
// refresh cookie for 60 days ...
setcookie('themename', THEME_NAME, time() + 60 * 60 * 24 * 60, '/');
}
}
}
if ($f_ok and $idsuccess == 0) {
// Unknown callsign
echo "<div class=error><CENTER>Wrong callsign or password</div>";
$gmnow = gmdate("Y-m-d H:i:s");
sqlQuery("INSERT INTO l_badpass (gmtime, ip, name) VALUES ('{$gmnow}', '{$_SERVER['REMOTE_ADDR']}', '{$f_call}')");
sleep(2);
// deter script-kiddies
}
if (isAuthenticated()) {
echo '<center>Welcome back, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a><br><br>';
if ($_SESSION['teamid'] == 0) {
echo "You don't belong to any team. What are you waiting for? ;-)";
} else {
// Get team name
$obj = mysql_fetch_object(mysql_query("select name from l_team where id=" . $_SESSION['teamid']));
echo 'You are a member of the magnificent <a href="index.php?link=teaminfo&id=' . $_SESSION['teamid'] . '&' . SID . '">' . $obj->name . '</a> team.';
}
echo '<br><br><form method=post>' . SID_FORM . htmlFormButton("Log Out", 'logout_x') . '
</form></center>';
} else {
echo '<form name="login" method=post>' . SID_FORM . '
<table align=center border=0 cellspacing=0 cellpadding=1>
<input type=hidden name=link value=' . $link . '>';
echo '<tr><td>Callsign:</td><td><input type=text name=f_call value="' . $f_call . '" size=40 maxlength=40></td></tr>
<tr><td>Password:</td><td><input type=password name=f_pass size=8 maxlength=8></td></tr>
<tr><td colspan=2 align=center><BR>
' . htmlFormButton("Login", 'f_ok') . '
</td></tr>
</table></form>';
echo '<script type="text/javascript">
if(document.login.f_call.value.length == 0)
document.login.f_call.focus();
else
document.login.f_pass.focus();
now = new Date();
document.write ("<input type=hidden name=tzoffset value=" + now.getTimezoneOffset() +">");
</script>';
}
}
