/** * Print debuginformation from the framework. */ function get_debug() { // Only if debug is wanted. $Origo = Origin::Instance(); if (empty($Origo->config['debug'])) { return; } // Get the debug output $html = null; if (isset($Origo->config['debug']['db-num-queries']) && $Origo->config['debug']['db-num-queries'] && isset($Origo->db)) { $flash = $Origo->session->GetFlash('database_numQueries'); $flash = $flash ? "{$flash} + " : null; $html .= "<p>Database made {$flash}" . $Origo->db->GetNumQueries() . " queries.</p>"; } if (isset($Origo->config['debug']['db-queries']) && $Origo->config['debug']['db-queries'] && isset($Origo->db)) { $flash = $Origo->session->GetFlash('database_queries'); $queries = $Origo->db->GetQueries(); if ($flash) { $queries = array_merge($flash, $queries); } $html .= "<p>Database made the following queries.</p><p>" . implode('<br/><br/>', $queries) . "</p>"; } if (isset($Origo->config['debug']['timer']) && $Origo->config['debug']['timer']) { $html .= "<p>Page was loaded in " . round(microtime(true) - $Origo->timer['first'], 5) * 1000 . " msecs.</p>"; } if (isset($Origo->config['debug']['trial']) && $Origo->config['debug']['trial']) { $html .= "<hr><h3>Debuginformation</h3><p>The content of trial:</p><pre>" . htmlent(print_r($Origo, true)) . "</pre>"; } if (isset($Origo->config['debug']['session']) && $Origo->config['debug']['session']) { $html .= "<hr><h3>SESSION</h3><p>The content of Origin->session:</p><pre>" . htmlent(print_r($Origo->session, true)) . "</pre>"; $html .= "<p>The content of \$_SESSION:</p><pre>" . htmlent(print_r($_SESSION, true)) . "</pre>"; } return $html; }
protected function showForm() { global $site; global $tmpl; // protected against cross site injection attempts $randomKeyName = 'teamReactivate_' . microtime(); // convert some special chars to underscores $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_')); $randomkeyValue = $site->setKey($randomKeyName); $tmpl->assign('keyName', $randomKeyName); $tmpl->assign('keyValue', htmlent($randomkeyValue)); // display teams that can be reactivated $teamids = \team::getDeletedTeamIds(); $teamData = array(); foreach ($teamids as $teamid) { $teamData[] = array('id' => $teamid, 'name' => (new team($teamid))->getName()); } $tmpl->assign('teams', $teamData); // a team must always have a leader // display user choice to admin // get all teamless users $users = \user::getTeamlessUsers(); $userData = array(); foreach ($users as $user) { // a team should only be reactivated so it can play...no point of inactive, disabled or banned user if ($user->getStatus() === 'active') { $userData[] = array('id' => $user->getID(), 'name' => $user->getName()); } } $tmpl->assign('users', $userData); }
/** * Display all items of the CObject. */ public function DisplayObject() { $this->Menu(); $this->data['main'] .= <<<EOD \t<h2>Dumping content of CDeveloper</h2> \t<p>Here is the content of the controller, including properties from CObject which holds access to common resources in Origin.</p> EOD; $this->data['main'] .= '<pre>' . htmlent(print_r($this, true)) . '</pre>'; }
public function addToVisitsLog($id) { // insert login of user to visits log $ip_address = getenv('REMOTE_ADDR'); $host = gethostbyaddr($ip_address); $query = 'INSERT INTO `visits` (`userid`,`ip-address`,`host`,`forwarded_for`,`timestamp`) VALUES' . ' (?, ?, ?, ?, ?)'; $query = $this->prepare($query); $args = array($id, htmlent($ip_address), htmlent($host), htmlent(getenv('HTTP_X_FORWARDED_FOR')), date('Y-m-d H:i:s')); $this->execute($query, $args); }
/** * Print debuginformation from the framework. */ function get_debug() { $bbb = CBehovsboboxen::Instance(); // Only if debug is wanted. if (empty($bbb->config['debug'])) { return; } // Get the debug output $html = null; if (isset($bbb->config['debug']['db-num-queries']) && $bbb->config['debug']['db-num-queries'] && isset($bbb->db)) { $flash = $bbb->session->GetFlash('database_numQueries'); $flash = $flash ? "{$flash} + " : null; $html .= "<p>Database made {$flash}" . $bbb->db->GetNumQueries() . " queries.</p>"; } if (isset($bbb->config['debug']['db-queries']) && $bbb->config['debug']['db-queries'] && isset($bbb->db)) { $flash = $bbb->session->GetFlash('database_queries'); $queries = $bbb->db->GetQueries(); if ($flash) { $queries = array_merge($flash, $queries); } $html .= "<p>Database made the following queries.</p><pre>" . implode('<br/><br/>', $queries) . "</pre>"; } if (isset($bbb->config['debug']['timer']) && $bbb->config['debug']['timer']) { $now = microtime(true); //echo 'now: ' . $now . '<br />'; $flash = $bbb->session->GetFlash('timer'); //echo 'flash: ' . $flash . '<br />'; if ($flash) { $redirect = $flash ? round($flash['redirect'] - $flash['first'], 3) . ' secs + x + ' : null; echo 'redirect: ' . $redirect . '<br />'; $total = $flash ? round($now - $flash['first'], 3) . ' secs. Per page: ' : null; echo 'total: ' . $total . '<br />'; $html .= "<p>Page was loaded in {$total}{$redirect}" . round($now - $bbb->timer['first'], 3) . " secs.</p>"; } } if (isset($bbb->config['debug']['memory']) && $bbb->config['debug']['memory']) { $flash = $bbb->session->GetFlash('memory'); $flash = $flash ? round($flash / 1024 / 1024, 2) . ' Mbytes + ' : null; $html .= "<p>Peek memory consumption was {$flash}" . round(memory_get_peak_usage(true) / 1024 / 1024, 2) . " Mbytes.</p>"; } if (isset($bbb->config['debug']['behovsboboxen']) && $bbb->config['debug']['behovsboboxen']) { $html .= "<hr><h3>Debuginformation</h3><p>The content of CBehovsboboxen:</p><pre>" . htmlent(print_r($bbb, true)) . "</pre>"; } if (isset($bbb->config['debug']['session']) && $bbb->config['debug']['session']) { $html .= "<hr><h3>SESSION</h3><p>The content of CBehovsboboxen->session:</p><pre>" . htmlent(print_r($bbb->session, true)) . "</pre>"; $html .= "<p>The content of \$_SESSION:</p><pre>" . htmlent(print_r($_SESSION, true)) . "</pre>"; } if (isset($bbb->config['debug']['timestamp']) && $bbb->config['debug']['timestamp']) { $html .= $bbb->log->TimestampAsTable(); $html .= $bbb->log->PageLoadTime(); $html .= $bbb->log->MemoryPeak(); } return "<div class='debug'>{$html}</div>"; }
protected function showForm() { global $site; global $tmpl; // protected against cross site injection attempts $randomKeyName = 'teamJoin_' . $this->team->getID() . '_' . microtime(); // convert some special chars to underscores $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_')); $randomkeyValue = $site->setKey($randomKeyName); $tmpl->assign('keyName', $randomKeyName); $tmpl->assign('keyValue', htmlent($randomkeyValue)); }
function preview($folder, $id) { global $site; global $tmpl; parent::showMail($folder, $id); $tmpl->setTemplate('PMDelete'); $tmpl->assign('showPreview', true); $tmpl->assign('title', 'Delete ' . $tmpl->getTemplateVars('title')); // protected against cross site injection attempts $randomKeyName = 'pmDelete_' . microtime(); // convert some special chars to underscores $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_')); $randomkeyValue = $site->setKey($randomKeyName); $tmpl->assign('keyName', $randomKeyName); $tmpl->assign('keyValue', htmlent($randomkeyValue)); }
function Parse($string) { global $config; require_once dirname(__FILE__) . '/nbbc/nbbc.php'; $setup = new BBCode(); if (!isset($config)) { // old compatibility mode $setup->SetSmileyURL(baseaddress() . 'smileys'); } else { $setup->SetSmileyURL($config->getValue('baseaddress') . 'smileys'); } // $setup->SetEnableSmileys(false); $setup->SetAllowAmpersand(true); // escape (x)html entities return $setup->Parse(htmlent($string)); }
function insertEditText($readonly = false) { global $tmpl; global $config; global $db; if ($readonly || isset($_POST['confirmationStep'])) { // data passed to form -> use it $query = $db->prepare('SELECT `name` FROM `users` WHERE `id`=? LIMIT 1'); $db->execute($query, user::getCurrentUserId()); $author = $db->fetchRow($query); if ($author === false) { $author = 'error: no author could be determined'; } $db->free($query); } // do not drop original message id that a reply would be refering to // but drop reply mode (users and teams are already added to recipients at this point) $formArgs = ''; if (isset($_GET['id'])) { $formArgs .= '&id=' . $_GET['id']; } $tmpl->assign('formArgs', $formArgs); $tmpl->assign('subject', $this->pm->getSubject()); $tmpl->assign('time', $this->pm->getTimestamp()); $tmpl->assign('playerRecipients', $this->pm->getUserNames()); $tmpl->assign('teamRecipients', $this->pm->getTeamNames()); $tmpl->assign('rawContent', htmlent($this->pm->getContent())); switch ($readonly) { case true: $tmpl->assign('authorName', htmlent($author['name'])); if ($config->getValue('bbcodeLibAvailable')) { $tmpl->assign('content', $tmpl->encodeBBCode($this->pm->getContent())); } else { $tmpl->assign('content', htmlent($this->pm->getContent())); } $tmpl->assign('showPreview', true); // overwrite editor's default text ('Write changes') $tmpl->assign('submitText', 'Send PM'); break; default: $tmpl->assign('showSendForm', true); // display the formatting buttons addded by addFormatButtons $this->editor->showFormatButtons(); break; } }
function insertEditText($readonly = false) { global $tmpl; global $author; global $last_modified; global $config; if ($readonly || isset($_POST['confirmationStep'])) { $content = $_POST['staticContent']; } elseif (isset($_GET['edit'])) { $content = $this->readContent($this->path, $author, $last_modified, true); } else { $content = 'Replace this text with the page content.'; } switch ($readonly) { case true: $tmpl->assign('rawContent', htmlent($content)); if ($config->getValue('bbcodeLibAvailable')) { $tmpl->assign('contentPreview', $tmpl->encodeBBCode($content)); } else { // TODO: only fall back to using raw data if config says so $tmpl->assign('contentPreview', $content); } break; default: $tmpl->assign('rawContent', htmlent($content)); // display the formatting buttons addded by addFormatButtons $this->editor->showFormatButtons(); break; } }
protected function showForm() { global $site; global $tmpl; // protected against cross site injection attempts $randomKeyName = 'teamCreate_' . \user::getCurrentUser()->getID() . '_' . microtime(); // convert some special chars to underscores $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_')); $randomkeyValue = $site->setKey($randomKeyName); $tmpl->assign('keyName', $randomKeyName); $tmpl->assign('keyValue', htmlent($randomkeyValue)); // bbcode editor include_once dirname(dirname(dirname(__FILE__))) . '/bbcode_buttons.php'; $bbcode = new bbcode_buttons(); // set up name of field to edit so javascript knows which element to manipulate $tmpl->assign('buttonsToFormat', $bbcode->showBBCodeButtons('team_description')); unset($bbcode); }
<?php if (!isset($account_needs_to_be_converted) || !$account_needs_to_be_converted) { if (isset($_SESSION['user_logged_in']) && $_SESSION['user_logged_in']) { $this->helper->done('already logged in'); } } $account_old_website = htmlent($config->getValue('oldWebsiteName')); if (!isset($msg)) { $msg = ''; } if (!(isset($_POST['local_login_wanted']) && $_POST['local_login_wanted'])) { $msg .= '<form action="' . $config->getValue('baseaddress') . 'Login/' . '" method="post">' . "\n"; $msg .= '<p class="first_p">' . "\n"; if ($config->getValue('login.modules.forceExternalLoginOnly')) { $msg .= $this->helper->return_self_closing_tag('input type="submit" name="local_login_wanted" value="Update old account from ' . $account_old_website . '"'); } else { $msg .= $this->helper->return_self_closing_tag('input type="submit" name="local_login_wanted" value="Local login"'); } $msg .= '</p>' . "\n"; $msg .= '</form>' . "\n"; } if (isset($_POST['local_login_wanted']) && $_POST['local_login_wanted']) { /* $msg .= '<div class="static_page_box">' . "\n"; */ $msg .= '<p class="first_p">'; if ($config->getValue('login.modules.local.convertUsersToExternalLogin')) { require_once dirname(dirname(__FILE__)) . '/login_module_list.php'; if (isset($module['bzbb']) && $module['bzbb']) { $msg .= '<strong><span class="unread_messages">Before you continue make absolutely sure your account here and the my.bzflag.org/bb/ (forum) account have exactly the same username or you will give someone else access to your account and that access can never be revoked.</span></strong></p>'; } }
function bbcode($string) { if (strcmp(bbcode_lib_path(), '') === 0) { // no bbcode library specified return $this->linebreaks(htmlent($string)); } // load the library require_once bbcode_lib_path(); if (strcmp(bbcode_command(), '') === 0) { // no command that starts the parser return $this->linebreaks(htmlent($string)); } else { $parse_command = bbcode_command(); } if (!(strcmp(bbcode_class(), '') === 0)) { // no class specified // this is no error, it only means the library stuff isn't started by a command in a class $bbcode_class = bbcode_class(); $bbcode_instance = new $bbcode_class(); } // execute the bbcode algorithm if (isset($bbcode_class)) { if (bbcode_sets_linebreaks()) { return $bbcode_instance->{$parse_command}($string); } else { return $this->linebreaks($bbcode_instance->{$parse_command}($string)); } } else { if (bbcode_sets_linebreaks()) { return $parse_command($string); } else { return $this->linebreaks($parse_command($string)); } } }
function jquerycommentary_run() { global $_SERVER, $output, $session; require_once 'lib/commentary.php'; $section = httpget('section'); $commentary = db_prefix('commentary'); $accounts = db_prefix('accounts'); if (($commid = httpget('rmvcmmnt')) != "") { $prefix = db_prefix('commentary'); check_su_access(SU_EDIT_COMMENTS); if ($session['user']['superuser'] & SU_EDIT_COMMENTS) { db_query("DELETE FROM {$prefix} WHERE commentid = '{$commid}'"); } db_query("INSERT INTO {$commentary} (section, author, comment, postdate) VALUES ('blackhole', '{$session['user']['acctid']}', 'I f****d up', '" . date('Y-m-d H:i:s') . "')"); invalidatedatacache("comments-{$section}"); invalidatedatacache("comments-blackhole"); } if (httpget('section') == get_module_pref('current_section') && httpget('section') != '') { //echo 'x'; //var_dump(get_all_module_settings()); $output = ""; $_SERVER['REQUEST_URI'] = httpget('r'); $session['counter'] = httpget('c'); viewcommentary(get_module_pref('current_section'), get_module_setting('message'), get_module_setting('limit'), get_module_setting('talkline')); $output = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $output); $output = substr($output, 0, strpos($output, "<jquerycommentaryend>")); db_query("UPDATE accounts SET laston = '" . date('Y-m-d H:i:s') . "' WHERE acctid = '{$session['user']['acctid']}'"); echo trim("{$output}"); invalidatedatacache("comments-{$section}"); /*$sql = db_query( "SELECT a.name, a.acctid FROM accounts AS a LEFT JOIN module_userprefs AS m ON m.userid = a.acctid LEFT JOIN module_userprefs AS u ON u.userid = m.userid WHERE m.modulename = 'jquerycommentary' AND m.setting = 'is_typing' AND m.value = '1' AND u.modulename = 'jquerycommentary' AND u.setting = 'current_section' and u.value = '" . get_module_pref('current_section') ."'" ); $typing = []; while ($row = db_fetch_assoc($sql)) { array_push($typing, [$row['acctid'], $row['name']]); } $isTyping = appoencode('`@'); $i = 0; echo appoencode('`@Who\'s typing: `n'); if (count($typing) != 0) { foreach ($typing as $key => $val) { $i++; if ($i == 1) { $isTyping .= appoencode($val[1]); } else if ($i > 1 && count($typing) > $i) { $isTyping .= appoencode("`@, {$val[1]}"); } else if ($i == count($typing)) { $isTyping .= appoencode("`@ and {$val[1]}"); } } echo $isTyping; } else { echo appoencode('`@No one'); }*/ } switch (httpget('op')) { case 'get_json': $sql = db_query("SELECT commentid, author, comment FROM commentary WHERE section = '{$session['current_commentary_area']}' AND deleted = '0' ORDER BY commentid+0 DESC LIMIT 0, 25"); $json = []; while ($row = db_fetch_assoc($sql)) { array_push($json, $row); } echo "<pre>"; echo json_encode($json, JSON_PRETTY_PRINT); echo "</pre>"; break; case 'post': $post = httpallpost(); $post = modulehook('jquery-post-commentary', $post); $commentary = db_prefix('commentary'); if ($post['method'] == 'insertcommentary') { require_once 'lib/commentary.php'; injectcommentary(get_module_pref('current_section'), get_module_setting('talkline'), $post['comment']); } else { $commentid = explode('_', $post['method']); require_once 'lib/systemmail.php'; require_once 'lib/sanitize.php'; $post['comment'] = htmlent($post['comment']); db_query("UPDATE {$commentary} SET comment = '{$post['comment']}' WHERE commentid = '{$commentid[1]}'"); db_query("INSERT INTO {$commentary} (section, author, comment, postdate) VALUES ('blackhole', '{$session['user']['acctid']}', 'I f****d up', '" . date('Y-m-d H:i:s') . "')"); invalidatedatacache("comments-{$session['current_commentary_section']}"); invalidatedatacache("comments-blackhole"); } break; case 'last_comment': require_once 'lib/sanitize.php'; db_query("UPDATE accounts SET laston = '" . date('Y-m-d H:i:s') . "' WHERE acctid = '{$session['user']['acctid']}'"); //$sql = db_query("SELECT comment, commentid FROM ".db_prefix('commentary')." WHERE author = '{$session['user']['acctid']}' AND section = '{$session['current_commentary_area']}' ORDER BY commentid DESC LIMIT 0,1"); $sql = db_query("SELECT comment, commentid FROM {$commentary}\n WHERE author = '{$session['user']['acctid']}'\n AND (section = 'globalooc'\n OR section = '{$session['current_commentary_area']}')\n ORDER BY commentid DESC\n LIMIT 0,1"); $row = db_fetch_assoc($sql); $data = $row; $sql = db_query("SELECT commentid, section, comment FROM {$commentary}\n WHERE (section = 'globalooc'\n OR section = '{$session['current_commentary_area']}'\n OR section = 'blackhole'\n )\n ORDER BY commentid+0 DESC\n LIMIT 0,1"); $row = db_fetch_assoc($sql); $data['last_section'] = $row['section']; $data['last_comment'] = $row['commentid']; $data['last_message'] = $row['comment']; echo json_encode($data); break; case 'is_typing': $post = httpallpost(); if ($post['typing'] == 'yes') { set_module_pref('is_typing', 1); } else { set_module_pref('is_typing', 0); } $sql = db_query("SELECT a.name, a.acctid\n FROM accounts AS a\n LEFT JOIN module_userprefs AS m\n ON m.userid = a.acctid\n LEFT JOIN module_userprefs AS u\n ON u.userid = m.userid\n WHERE m.modulename = 'jquerycommentary'\n AND m.setting = 'is_typing'\n AND m.value = '1'\n AND u.modulename = 'jquerycommentary'\n AND u.setting = 'current_section'\n and u.value = '" . get_module_pref('current_section') . "'"); $typing = []; while ($row = db_fetch_assoc($sql)) { array_push($typing, [$row['acctid'], $row['name']]); } $isTyping = appoencode('`@'); $i = 0; if (count($typing) != 0) { foreach ($typing as $key => $val) { $i++; if ($i == 1) { $isTyping .= appoencode($val[1]); } else { if ($i > 1 && count($typing) > $i) { $isTyping .= appoencode("`@, {$val[1]}"); } else { if ($i == count($typing)) { $isTyping .= appoencode("`@ and {$val[1]}"); } } } if ($i == count($typing)) { $isTyping .= appoencode("`@..."); } } echo "✏ {$isTyping}"; } else { echo "<br />"; } break; case 'api': header('Content-Type: application/json'); /*$sql = db_query( "SELECT c.*, a.name FROM $commentary AS c LEFT JOIN $accounts AS a ON a.acctid = c.author WHERE (section = '{$session['current_commentary_area']}' OR section = 'global-ooc') AND deleted = 0 ORDER BY commentid+0 DESC GROUP BY section LIMIT 0, 25" );*/ $sql = db_query("SELECT comm.*, acc.name FROM\n (\n (SELECT * FROM\n (SELECT * FROM commentary\n WHERE section = 'globalooc'\n AND deleted = '0'\n ORDER BY commentid+0 DESC\n LIMIT 0, 10)\n AS c\n ORDER BY c.commentid+0 ASC\n LIMIT 0, 10)\n UNION (\n SELECT * FROM\n (SELECT * FROM commentary\n WHERE section = 'superuser'\n AND deleted = '0'\n ORDER BY commentid+0 DESC\n LIMIT 0, 25)\n AS c\n ORDER BY c.commentid+0 ASC\n LIMIT 0, 25\n )\n ) AS comm\n LEFT JOIN accounts AS acc\n ON acc.acctid = comm.author"); $json = []; while ($row = db_fetch_assoc($sql)) { $row['name'] = appoencode($row['name']); $row['comment'] = appoencode($row['comment']); array_push($json, $row); } echo json_encode($json, JSON_PRETTY_PRINT); break; } }
<?php echo $form->GetHTML(); ?> <div class="page-header"> <h2>Current messages</h2> </div> <?php foreach ($entries as $val) { ?> <div class = well> <p> <strong><?php echo htmlent($val['name']); ?> </strong> <br /><small><?php echo $val['created']; ?> </small> </p> <p><?php echo htmlent($val['entry']); ?> </p> </div> <?php }
public function showTeam($teamid) { global $tmpl; global $db; $team = new team($teamid); if (!$team->exists()) { $tmpl->setTemplate('NoPerm'); return; } if (!$tmpl->setTemplate('teamSystemProfile')) { $tmpl->noTemplateFound(); die; } // FIXME: implement something to avoid hardcoded paths $tmpl->assign('pmLink', '../PM/?add&teamid=' . $teamid); $tmpl->assign('status', $team->getStatus()); $tmpl->assign('title', 'Team ' . htmlent($team->getName())); // the team's leader $teamLeader = $team->getLeaderId(); $teamData = array(); $teamData['profileLink'] = './?profile=' . $team->getID(); $teamData['name'] = $team->getName(); $teamData['score'] = $team->getScore(); $teamData['scoreClass'] = $this->rankScore($teamData['score']); $teamData['matchSearchLink'] = '../Matches/?search_string=' . $teamData['name'] . '&search_type=team+name' . '&search_result_amount=200' . '&search=Search'; $teamData['matchCount'] = $team->getMatchCount(); $teamData['memberCount'] = $team->getMemberCount(); $teamData['leaderLink'] = '../Players/?profile=' . $team->getLeaderId(); $teamData['leaderName'] = (new \user($team->getLeaderId()))->getName(); $teamData['activityNew'] = $team->getActivityNew(); $teamData['activityOld'] = $team->getActivityOld(); $teamData['created'] = $team->getCreationTimestampStr(); $teamData['wins'] = $team->getMatchCount('won'); $teamData['draws'] = $team->getMatchCount('draw'); $teamData['losses'] = $team->getMatchCount('lost'); $teamData['logo'] = $team->getAvatarURI(); $tmpl->assign('teamDescription', $team->getDescription()); $tmpl->assign('team', $teamData); $tmpl->assign('teamid', $teamid); $tmpl->assign('canPMTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() > 0 ? true : false); // tell template if user can edit this team $tmpl->assign('canEditTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_edit_any_team_profile')); // tell template if user can delete this team // either user has deletion permission for team // or user is leader of team and there are one or less members in team $tmpl->assign('canDeleteTeam', $team->getStatus() !== 'deleted' && (\user::getCurrentUser()->getPermission('team.allowDelete ' . $team->getID()) || \user::getCurrentUser()->getPermission('allow_delete_any_team') || \user::getCurrentUserId() === $team->getLeaderId())); $showMemberActionOptions = false; if (\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members')) { $showMemberActionOptions = true; } $members = array(); $memberids = $team->getUserIds(); foreach ($memberids as $memberid) { $user = new \user($memberid); $member = array(); // rename db result fields and assemble some additional informations // use a temporary array for better readable (but slower) code if (!$showMemberActionOptions && \user::getCurrentUserId() === $memberid) { $showMemberActionOptions = true; } $member['profileLink'] = '../Players/?profile=' . $user->getID(); $member['userName'] = $user->getName(); $member['permissions'] = $teamLeader === $memberid ? 'Leader' : 'Standard'; if ($country = $user->getCountry()) { $member['countryName'] = $country->getName(); if (strlen($country->getFlag()) > 0) { $member['countryFlag'] = $country->getFlag(); } } $member['joined'] = $user->getJoinTimestampStr(); $member['last_login'] = $user->getLastLoginTimestampStr(); // show leave/kick links if permission is given // a team leader can neither leave or be kicked // a leader must first give someone else leadership to leave if ((\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members') || \user::getCurrentUserId() === $user->getID()) && $user->getID() !== $teamLeader) { $member['removeLink'] = './?remove=' . $user->getID() . '&team=' . $teamid; if (\user::getCurrentUserId() === $user->getID()) { $member['removeDescription'] = 'Leave team'; } else { $member['removeDescription'] = 'Kick member from team'; } } // append current member data $members[] = $member; unset($user); } $tmpl->assign('members', $members); $tmpl->assign('showMemberActionOptions', $showMemberActionOptions); // show last entered matches $matches = array(); // show available options if any available $allowEdit = \user::getCurrentUser()->getPermission('allow_edit_match'); $allowDelete = \user::getCurrentUser()->getPermission('allow_delete_match'); $tmpl->assign('showMatchActionOptions', $allowEdit || $allowDelete); $tmpl->assign('allowEdit', $allowEdit); $tmpl->assign('allowDelete', $allowDelete); // get match data // sort the data by id to find out if abusers entered a match at a long time in the past $query = $db->prepare('SELECT `timestamp`,`team1_id`,`team2_id`,' . '(SELECT `name` FROM `teams` WHERE `id`=`team1_id`) AS `team1_name`' . ',(SELECT `name` FROM `teams` WHERE `id`=`team2_id`) AS `team2_name`' . ',`team1_points`,`team2_points`,`userid`' . ',(SELECT `users`.`name` FROM `users`' . ' WHERE `users`.`id`=`matches`.`userid`)' . ' AS `username`' . ',`matches`.`id`' . ' FROM `matches` WHERE `matches`.`team1_id`=?' . ' OR `matches`.`team2_id`=?' . ' ORDER BY `id` DESC LIMIT 0,10'); $db->execute($query, array($teamid, $teamid)); while ($row = $db->fetchRow($query)) { // rename db result fields and assemble some additional informations // use a temporary array for better readable (but slower) code $prepared = array(); $prepared['time'] = $row['timestamp']; $prepared['team1Link'] = '../Teams/?profile=' . $row['team1_id']; $prepared['team2Link'] = '../Teams/?profile=' . $row['team2_id']; $prepared['team1Name'] = $row['team1_name']; $prepared['team2Name'] = $row['team2_name']; $prepared['score1'] = $row['team1_points']; $prepared['score2'] = $row['team2_points']; $prepared['lastModById'] = $row['userid']; $prepared['lastModByName'] = $row['username']; $prepared['lastModByLink'] = '../Players/?profile=' . $prepared['lastModById']; if ($allowEdit) { $prepared['editLink'] = '../Matches/?edit=' . $row['id']; } if ($allowDelete) { $prepared['deleteLink'] = '../Matches/?delete=' . $row['id']; } $matches[] = $prepared; } $tmpl->assign('matches', $matches); // invitation data visible // for team members // for users who can issue any invitation if (\user::getCurrentUser()->getMemberOfTeam($teamid) || \user::getCurrentUser()->getPermission('allow_invite_in_any_team')) { $invitationData = array(); $invitations = invitation::getInvitationsForTeam($teamid); foreach ($invitations as $invitation) { $invitationUser = $invitation->getUsers()[0]; $invitationData[] = array('userName' => $invitationUser->getName(), 'profileLink' => '../Players/?profile=' . $invitationUser->getID(), 'expiration' => $invitation->getExpiration()); } $tmpl->assign('invitations', $invitationData); } }
// timezone echo '<p><label class="player_edit" for="edit_player_location">Change timezone:</label> '; echo '<select id="edit_player_timezone" name="timezone">'; for ($i = -12; $i <= 12; $i++) { echo '<option value="'; echo htmlspecialchars($i); if ($timezone === $i) { echo '" selected="selected'; } echo '">'; if ($i >= 0) { $time_format = '+' . strval($i); } else { $time_format = strval($i); } echo htmlent('UTC ' . $time_format); echo '</option>' . "\n"; } unset($time_format); echo '</select>'; echo '</p>' . "\n\n"; // user comment if ($site->bbcode_lib_available()) { echo "\n" . '<div class="player_edit">'; echo '<div class="invisi" style="display: inline;">'; echo ' <label class="player_edit">bbcode:</label><span>'; echo '</div>'; include dirname(dirname(__FILE__)) . '/CMS/bbcode_buttons.php'; $bbcode = new bbcode_buttons(); $bbcode->showBBCodeButtons('user_comment'); unset($bbcode);
private function generateKey() { global $site; global $tmpl; $randomKeyName = 'addon.pageSystem.' . microtime(); // convert some special chars to underscores $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_')); $randomkeyValue = $site->setKey($randomKeyName); $tmpl->assign('keyName', $randomKeyName); $tmpl->assign('keyValue', htmlent($randomkeyValue)); }
} elseif (isset($_GET['profile'])) { echo '&profile=' . htmlent($_GET['profile']); } echo '">Previous visits</a>' . "\n"; } if ($show_next_visits_button) { echo ' <a href="./?i='; echo (int) $view_range + $num_results; if (isset($_GET['search'])) { echo '&search'; if (isset($_GET['search_string'])) { echo '&search_string=' . htmlspecialchars($_GET['search_string']); } if (isset($_GET['search_type'])) { echo '&search_type=' . htmlspecialchars($_GET['search_type']); } if (isset($num_results)) { echo '&search_result_amount=' . strval($num_results); } } elseif (isset($_GET['profile'])) { echo '&profile=' . htmlent($_GET['profile']); } echo '">Next visits</a>' . "\n"; } echo '</p>' . "\n"; } ?> </div> </body> </html>
public function getName() { return htmlent($this->info['username']); }
function similarMatchEntered($newerMatches = true) { global $site; global $connection; // equal case should never happen $comparisonOperator = '>'; if (!$newerMatches) { $comparisonOperator = '<='; } // similar match entered already? // strategy: ask for one match before the entered one and one after the one to be entered and do not let the database engine do the comparison $query = 'SELECT `id`,`timestamp`,`team1_id`,`team2_id`,`team1_points`,`team2_points`, `duration` FROM `matches`'; $query .= ' WHERE (`timestamp`' . sqlSafeString($comparisonOperator) . sqlSafeStringQuotes($_POST['match_day'] . $_POST['match_time']); // sorting needed $query .= ') ORDER BY `timestamp` DESC'; // only comparing nearest match in time $query .= ' LIMIT 0,1'; if (!($result = @$site->execute_query('matches', $query, $connection))) { $site->dieAndEndPage('Unfortunately there seems to be a database problem and thus comparing timestamps (using operator ' . sqlSafeString($comparisonOperator) . ') of matches failed.'); } // initialise values // casting the values to 0 is important // (a post variable having no value means it has to be set to 0 to successfully compare values here) $timestamp = ''; $duration = (int) $_POST['duration']; $team_id1 = (int) $_POST['team_id1']; $team_id2 = (int) $_POST['team_id2']; $team_id1_matches = false; $team_id2_matches = false; $team1_points = (int) $_POST['team1_points']; $team2_points = (int) $_POST['team2_points']; $team1_points_matches = false; $team2_points_matches = false; while ($row = mysql_fetch_array($result)) { // we can save comparisons using a helper variable $team_ids_swapped = false; $timestamp = $row['timestamp']; $duration_matches = intval($row['duration']) === $duration; $team_id1_matches = intval($row['team1_id']) === $team_id1; if (!$team_id1_matches) { $team_ids_swapped = true; $team_id1_matches = intval($row['team1_id']) === $team_id2; } if ($team_ids_swapped) { $team_id2_matches = intval($row['team2_id']) === $team_id1; } else { $team_id2_matches = intval($row['team2_id']) === $team_id2; } // use helper variable to save some comparisons of points if ($team_ids_swapped) { $team1_points_matches = intval($row['team1_points']) === $team2_points; $team2_points_matches = intval($row['team2_points']) === $team1_points; } else { $team1_points_matches = intval($row['team1_points']) === $team1_points; $team2_points_matches = intval($row['team2_points']) === $team2_points; } } mysql_free_result($result); // if similar match was found warn the user if ($team_id1_matches && $team_id2_matches && $team1_points_matches && $team2_points_matches && $duration_matches) { echo '<p>The nearest '; if ($newerMatches) { echo 'newer '; } else { echo 'older '; } echo ' match in the database is quite similar:</p>'; // use the post data as much as possible instead of looking up the same data in the database echo '<p><strong>' . $timestamp . ' [' . $duration . '] </strong> '; $query = 'SELECT `name` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id1) . ' LIMIT 1'; if (!($result = @$site->execute_query('teams', $query, $connection))) { $site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id1) . '.'); } while ($row = mysql_fetch_array($result)) { team_name_from_id($team_id1, htmlent($row['name'])); } mysql_free_result($result); echo ' - '; $query = 'SELECT `name` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id2) . ' LIMIT 1'; if (!($result = @$site->execute_query('teams', $query, $connection))) { $site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id2) . '.'); } while ($row = mysql_fetch_array($result)) { team_name_from_id($team_id2, htmlent($row['name'])); } mysql_free_result($result); echo ' with result <strong>' . $team1_points . ' - ' . $team2_points . '</strong>.</p>'; echo "\n"; return true; } return false; }
public static function convertAccount($userid, $loginname, &$output) { global $config; global $db; // user is not new, update his callsign with new external userid supplied from login // external_id was empty, set it to the external value obtained by bzidtools // create a new cURL resource $ch = curl_init(); // set URL and other appropriate options $url = 'http://my.bzflag.org/bzidtools2.php?action=id&value=' . urlencode(strtolower($loginname)); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // grab URL and pass it to the browser $output = curl_exec($ch); // close cURL resource, and free up system resources curl_close($ch); // update the entry with the result from the bzidtools2.php script if (strlen($output) > 9 && strcmp(substr($output, 0, 9), 'SUCCESS: ') === 0) { // the external id received from API $externalID = substr($output, 9); // check if external id is already used in our db $query = $db->prepare('SELECT `id` FROM `users` WHERE `external_id`=? LIMIT 1'); $db->execute($query, $externalID); // error if id already used if ($db->fetchRow($query)) { $output = 'This bzbb id (' . $externalID . ')is already tied to another account. ' . 'If you think this error message is not justified ' . 'please contact one of the admins'; return false; } // update bzbb id of user in our db $query = $db->prepare('UPDATE `users` SET `external_id`=?' . ' WHERE `id`=? LIMIT 1'); if (!$db->execute($query, array(htmlent(substr($output, 9)), $userid))) { $output = 'Unfortunately there seems to be a database problem' . ' which prevents the system from setting your external userid (id=' . htmlent($userid) . '). Please report this to an admin.'; return false; } $output = 'Congratulations, you enabled the <a href="' . htmlspecialchars('http://my.bzflag.org/weblogin.php?action=weblogin&url=') . urlencode($config->getValue('baseaddress') . 'Login/?module=bzbb&action=login&auth=%TOKEN%,%USERNAME%') . '">my.bzflag.org/bb/ (global) login</a> for this account.' . "\n"; } else { $output = 'Unfortunately the bzidtools2.php script failed' . ' which prevents the system from setting your external userid (id=' . htmlent($userid) . '). The bzidtool2.php call was ' . htmlent($url) . '. Please report this to an admin.'; // log the problem $db->logError($output); return false; } // converting account to use bzbb login was successful :) return true; }
public function showMail($folder, $id) { global $config; global $tmpl; global $db; // set the template $tmpl->setTemplate('PMView'); $tmpl->assign('title', 'Mail #' . $id); $id = 0; if (isset($_GET['view'])) { $id = intval($_GET['view']); } elseif (isset($_GET['delete'])) { $id = intval($_GET['delete']); } else { $tmpl->assign('errorMsg', 'You did not specify a message id to view'); $tmpl->display('NoPerm'); exit; } // show currently selected mail folder $this->folderNav($folder); // collect the necessary data $query = $db->prepare('SELECT `id`,`author_id`,`subject`,`timestamp`,`message`,`msg_status`,' . ' IF(`pmsystem_msg_storage`.`author_id`<>0,' . ' (SELECT `name` FROM `users` WHERE `id`=`author_id`),?) AS `author`' . ' FROM `pmsystem_msg_storage`, `pmsystem_msg_users`' . ' WHERE `pmsystem_msg_users`.`userid`=?' . ' AND `pmsystem_msg_storage`.`id`=`pmsystem_msg_users`.`msgid`' . ' AND `folder`=?' . ' AND `pmsystem_msg_storage`.`id`=?' . ' ORDER BY `pmsystem_msg_storage`.`id` DESC' . ' LIMIT 1'); $db->execute($query, array($config->getValue('displayedSystemUsername'), user::getCurrentUserId(), $folder, $id)); $rows = $db->fetchAll($query); $db->free($query); // create PM navigation $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `userid`=? AND `msgid`<?' . ' AND `folder`=?' . ' ORDER BY `msgid` DESC LIMIT 1'); $db->execute($query, array(user::getCurrentUserId(), $id, $folder)); $prevMSG = $db->fetchAll($query); $db->free($query); if (count($prevMSG) > 0) { $tmpl->assign('prevMsg', $prevMSG[0]['msgid']); } unset($prevMSG); $query = $db->prepare('SELECT `msgid` FROM `pmsystem_msg_users`' . ' WHERE `userid`=? AND `msgid`>?' . ' AND `folder`=?' . ' ORDER BY `msgid` LIMIT 1'); $db->execute($query, array(user::getCurrentUserId(), $id, $folder)); $nextMSG = $db->fetchAll($query); $db->free($query); if (count($nextMSG) > 0) { $tmpl->assign('nextMsg', $nextMSG[0]['msgid']); } unset($nextMSG); if (count($rows) < 1) { // keep the error message generic to avoid $tmpl->assign('errorMsg', 'This message either does not exist or you do not have permission to view the message.'); $tmpl->display('NoPerm'); exit; } // create PM view $tmpl->assign('subject', $rows[0]['subject']); if (intval($rows[0]['author_id']) > 0) { $tmpl->assign('authorLink', '../Players/?profile=' . intval($rows[0]['author_id'])); } $tmpl->assign('authorName', $rows[0]['author']); // prepare recipients queries $usersQuery = $db->prepare('SELECT `userid`,`name`' . ' FROM `pmsystem_msg_recipients_users` LEFT JOIN `users`' . ' ON `pmsystem_msg_recipients_users`.`userid`=`users`.`id`' . ' WHERE `msgid`=?'); $teamsQuery = $db->prepare('SELECT `teamid`,`name`' . ' FROM `pmsystem_msg_recipients_teams` LEFT JOIN `teams`' . ' ON `pmsystem_msg_recipients_teams`.`teamid`=`teams`.`id`' . ' WHERE `msgid`=?'); // find out users in recipient list $db->execute($usersQuery, $rows[0]['id']); $userRecipients = array(); while ($row = $db->fetchRow($usersQuery)) { $userRecipients[] = array('link' => '../Players/?profile=' . intval($row['userid']), 'name' => $row['name']); } $db->free($usersQuery); if (isset($userRecipients[0])) { $tmpl->assign('userRecipients', $userRecipients); } // find out teams in recipient list $db->execute($teamsQuery, $rows[0]['id']); $teamRecipients = array(); while ($row = $db->fetchRow($teamsQuery)) { $teamRecipients[] = array('link' => '../Teams/?profile=' . intval($row['teamid']), 'name' => $row['name']); } $db->free($teamsQuery); if (isset($teamRecipients[0])) { $tmpl->assign('teamRecipients', $teamRecipients); } // compute if a 'reply to all' button should be shown (more than 1 recipient) $tmpl->assign('showReplyToAll', count($userRecipients) > 1 || count($teamRecipients) > 0); unset($userRecipients); unset($teamRecipients); $tmpl->assign('time', $rows[0]['timestamp']); if ($config->getValue('bbcodeLibAvailable')) { $tmpl->assign('content', $tmpl->encodeBBCode($rows[0]['message'])); } else { $tmpl->assign('content', htmlent($rows[0]['message'])); } $tmpl->assign('msgID', $id); // mark the message as read for the current user $query = $db->prepare('UPDATE LOW_PRIORITY `pmsystem_msg_users`' . 'SET `msg_status`=?' . ' WHERE `msgid`=?' . ' AND `folder`=?' . ' AND `userid`=?' . ' LIMIT 1'); $db->execute($query, array('read', $id, $folder, user::getCurrentUserId())); }
public function SQL($query, $file = false, $errorUserMSG = '') { global $tmpl; /* if ($this->getDebugSQL() && isset($tmpl)) { $tmpl->assign('MSG', 'executing query: '. $query . $tmpl->return_self_closing_tag('br')); } */ $result = $this->pdo->query($query); if (!$result) { // print out the raw error in debug mode if ($this->getDebugSQL()) { echo '<p>Query ' . htmlent($query) . ' is probably not valid SQL.</p>' . "\n"; } // log the error if ($file !== false) { $this->logError($file, $query); } else { $this->logError($query); } if (strlen($errorUserMSG) > 0) { $tmpl->assign('errorMsg', $errorUserMSG); $tmpl->display('NoPerm'); } $tmpl->assign('errorMsg', 'Error: Could not process query.'); $tmpl->display('NoPerm'); // $result was a weak typed false // set return value to a strong typed false // in any case, it would not be of type PDOStatement // which is required for database_result's construct function return false; } return new database_result($result, $query); }
protected function showForm() { global $site; global $tmpl; // protected against cross site injection attempts $randomKeyName = 'teamEdit_' . $this->team->getID() . '_' . microtime(); // convert some special chars to underscores $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_')); $randomkeyValue = $site->setKey($randomKeyName); $tmpl->assign('keyName', $randomKeyName); $tmpl->assign('keyValue', htmlent($randomkeyValue)); // indicate if team is currently opened or closed $tmpl->assign('teamOpen', $this->team->getOpen()); // bbcode editor include_once dirname(dirname(dirname(__FILE__))) . '/bbcode_buttons.php'; $bbcode = new bbcode_buttons(); // set up name of field to edit so javascript knows which element to manipulate $tmpl->assign('buttonsToFormat', $bbcode->showBBCodeButtons('team_description')); unset($bbcode); $tmpl->assign('teamDescription', $this->team->getRawDescription()); $tmpl->assign('avatarURI', $this->team->getAvatarURI()); }
public function send($author_id = 0, $ReplyToMSGID = 0) { global $config; global $db; // remove duplicates if ($this->removeDuplicates($this->users) || $this->removeDuplicates($this->teams)) { // back to overview to let them check return '<p>Some double entries were removed. Please check your recipients.<p>'; } if (strlen($this->content) === 0) { $return = '<p>You must specify a message text in order to send a message.</p>'; } $recipients = array(); foreach ($this->users as $player) { $recipients[] = $player['id']; } // add the players belonging to the specified teams to the recipients array foreach ($this->teams as $teamid) { if (($tmp_players = \user::getMemberIdsOfTeam((int) $teamid['id'])) === false) { return '<p>Could not find out member ids of teams</p>'; } foreach ($tmp_players as $userid) { $recipients[] = $userid; } } // put message into database $query = $db->prepare('INSERT INTO `pmsystem_msg_storage`' . ' (`author_id`, `subject`, `timestamp`, `message`)' . ' VALUES (?, ?, ?, ?)'); // lock tables for critical section $db->SQL('LOCK TABLES `pmsystem_msg_storage` WRITE'); $db->SQL('SET AUTOCOMMIT = 0'); // do the insert $db->execute($query, array($author_id, htmlent($this->subject), $this->timestamp, $this->content)); $db->free($query); $db->SQL('COMMIT'); // find out generated id $queryLastID = $db->SQL('SELECT `id` FROM `pmsystem_msg_storage` ORDER BY `id` DESC LIMIT 1'); $rowId = $db->fetchRow($queryLastID); $rowId = intval($rowId['id']); $db->free($queryLastID); $db->SQL('COMMIT'); // unlock tables as critical section passed $db->SQL('UNLOCK TABLES'); $db->SQL('SET AUTOCOMMIT = 1'); // add teams as visible recipients $query = $db->prepare('INSERT INTO `pmsystem_msg_recipients_teams`' . '(`msgid`, `teamid`)' . 'VALUES (?, ?)'); foreach ($this->teams as $team) { $db->execute($query, array($rowId, $team['id'])); $db->free($query); } unset($team); // add users as visible recipients // be careful to not overwrite global variable $user $query = $db->prepare('INSERT INTO `pmsystem_msg_recipients_users`' . '(`msgid`, `userid`)' . 'VALUES (?, ?)'); $userIDs = $this->getUserIDs(); foreach ($userIDs as $userID) { $db->execute($query, array($rowId, $userID)); $db->free($query); } unset($userID); foreach (array_unique($recipients, SORT_NUMERIC) as $recipient) { // put message in people's inbox if ($ReplyToMSGID > 0) { // this is a reply $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`, `msg_replied_to_msgid`)' . ' VALUES (?, ?, ?, ?)'); $db->execute($query, array($rowId, $recipient, 'inbox', $ReplyToMSGID)); } else { // this is a new message $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`)' . ' VALUES (?, ?, ?)'); $db->execute($query, array($rowId, $recipient, 'inbox')); } $db->free($query); } // put message in sender's outbox if sent by a human if ($author_id > 0) { $query = $db->prepare('INSERT INTO `pmsystem_msg_users`' . ' (`msgid`, `userid`, `folder`, `msg_status`)' . ' VALUES (?, ?, ?, ?)'); $db->execute($query, array($rowId, $author_id, 'outbox', 'read')); } return true; }
function import_players() { global $site; global $connection; global $deleted_players; global $db_to_be_imported; $site->selectDB($db_to_be_imported, $connection); $query = 'SELECT `id`,`callsign`,`created` FROM `l_player` ORDER BY `id`'; if (!($result = @$site->execute_query('l_player', $query, $connection))) { $site->selectDB($site->db_used_name(), $connection); $site->dieAndEndPage(''); } $site->selectDB($site->db_used_name(), $connection); // 0 means active player $suspended_status = 'active'; $index_num = 1; $players = array(); while ($row = mysql_fetch_array($result)) { $current_name = '(no name)'; // skip deleted users as they can be several times in the db // player got deleted, keep track of him if (!(strcmp(substr($row['callsign'], -10), ' (DELETED)') === 0)) { $current_name = htmlent($row['callsign']); } else { $current_name = htmlent(substr($row['callsign'], 0, -10)); } // no empty usernames allowed if (!(strcmp($current_name, '') === 0)) { // is user already added to db? // callsigns are case treated insensitive if (!isset($players[strtolower($current_name)])) { $site->selectDB($db_to_be_imported, $connection); $query = 'SELECT `team`,`last_login`,`comment`,`logo`,`md5password`,`utczone`' . ' FROM `l_player` WHERE `l_player`.`callsign`=' . sqlSafeStringQuotes($current_name) . ' LIMIT 1'; if (!($tmp_result = @$site->execute_query('l_team', $query, $connection))) { $site->selectDB($site->db_used_name(), $connection); $site->dieAndEndPage(); } $site->selectDB($site->db_used_name(), $connection); $last_login = ''; $team = (int) 0; $comment = ''; $logo = ''; $timezone = (int) 0; while ($tmp_row = mysql_fetch_array($tmp_result)) { $last_login = $tmp_row['last_login']; $team = $tmp_row['team']; $comment = $site->linebreaks($tmp_row['comment']); $logo = $tmp_row['logo']; $timezone = $tmp_row['utczone']; $md5password = $tmp_row['md5password']; } mysql_free_result($tmp_result); // take care of deleted players $site->selectDB($db_to_be_imported, $connection); $query = 'SELECT `last_login`, (SELECT COUNT(*) FROM `l_player` WHERE `callsign`=' . sqlSafeStringQuotes($current_name) . ' LIMIT 1) AS `num_not_deleted`' . ' FROM `l_player` WHERE `l_player`.`callsign`=' . sqlSafeStringQuotes($current_name . ' (DELETED)') . ' ORDER BY `last_login` DESC LIMIT 1'; if (!($tmp_result = @$site->execute_query('l_team', $query, $connection))) { $site->selectDB($site->db_used_name(), $connection); $site->dieAndEndPage(); } $site->selectDB($site->db_used_name(), $connection); while ($tmp_row = mysql_fetch_array($tmp_result)) { if (strcmp($last_login, '') === 0) { $last_login = $tmp_row['last_login']; } if ((int) $tmp_row['num_not_deleted'] === 0) { // set password to empty..you can not expect them to know the old password $md5password = ''; } } $query = 'INSERT INTO `players` (`id`,`teamid`,`name`,`status`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($team) . ',' . sqlSafeStringQuotes($current_name) . ',' . sqlSafeStringQuotes($suspended_status) . ')'; // execute query, ignore result $site->execute_query('players', $query, $connection); $query = 'INSERT INTO `players_profile` (`playerid`,`UTC`,`user_comment`,`raw_user_comment`,`joined`,`last_login`,`logo_url`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($timezone) . ',' . sqlSafeStringQuotes(utf8_encode($comment)) . ',' . sqlSafeStringQuotes(utf8_encode($comment)) . ',' . sqlSafeStringQuotes($row['created']) . ',' . sqlSafeStringQuotes($last_login) . ',' . sqlSafeStringQuotes($logo) . ')'; // execute query, ignore result @$site->execute_query('players_profile', $query, $connection); if (isset($md5password) && strlen($md5password) > 0) { $query = 'INSERT INTO `players_passwords` (`playerid`,`password`,`password_encoding`)' . ' VALUES ' . '(' . sqlSafeStringQuotes($index_num) . ',' . sqlSafeStringQuotes($md5password) . ',' . sqlSafeStringQuotes('md5') . ')'; // execute query, ignore result @$site->execute_query('players_passwords', $query, $connection); } // mark the user has been added to db // callsigns are case treated insensitive $players[strtolower($current_name)] = true; } $deleted_players[$row['id']]['callsign'] = $current_name; $index_num++; } } unset($players); mysql_free_result($result); // build a lookup table to avoid millions of select id from players where name=bla foreach ($deleted_players as &$deleted_player) { $query = 'SELECT `id` FROM `players` WHERE `name`=' . sqlSafeStringQuotes($deleted_player['callsign']); if (!($result = @$site->execute_query('l_player', $query, $connection))) { // query was bad, error message was already given in $site->execute_query(...) $site->dieAndEndPage(''); } while ($row = mysql_fetch_array($result)) { $deleted_player['id'] = (int) $row['id']; } mysql_free_result($result); } unset($deleted_player); }
} rawoutput("<script type='text/javascript'>var superusers = new Array();"); foreach ($superusers as $val) { rawoutput(" superusers['" . addslashes($val) . "'] = true;"); } rawoutput("</script>"); output("`@`bSubject:`b`0"); if ($replyTo == '') { output("<input name='subject' value='%s' autofocus><br>", htmlent($subject), true); } else { output("<input name='subject' value='%s'><br>", htmlent($subject), true); } rawoutput("<div id='warning' style='visibility: hidden; display: none;'>"); output("`@`bNotice:`b `^{$superusermessage}`0`n"); rawoutput("</div>"); output("`@`bBody:`b`0`n"); require_once 'lib/forms.php'; previewfield('body', '`^', false, false, ['type' => 'textarea', 'class' => 'input', 'cols' => 60, 'rows' => 9, 'onKeyDown' => 'sizeCount(this);'], htmlent($body) . htmlent(stripslashes(httpget('body')))); $send = translate_inline('Send'); rawoutput("<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n <tr>\n <td>\n <input type='submit' class='button' value='{$send}'>\n </td>\n <td align='right'>\n <div id='sizemsg'></div>\n </td>\n </tr>\n </table>"); rawoutput("</form>"); $sizeLimit = getsetting('mailsizelimit', 1024); $sizeMsg = sprintf_translate(["`#Max message size is `@%s`#, you have `^XX`# characters left.", $sizeLimit]); $sizeMsgOver = sprintf_translate(["`\$Max message size is `@%s`\$, you are over by `^XX`\$ characters!", $sizeLimit]); $sizeMsg = explode('XX', $sizeMsg); $sizeMsgOver = explode('XX', $sizeMsgOver); $uSize1 = addslashes("<span>" . appoencode($sizeMsg[0]) . "</span>"); $uSize2 = addslashes("<span>" . appoencode($sizeMsg[1]) . "</span>"); $oSize1 = addslashes("<span>" . appoencode($sizeMsgOver[0]) . "</span>"); $oSize2 = addslashes("<span>" . appoencode($sizeMsgOver[1]) . "</span>"); rawoutput("<script type='text/javascript'>\n var maxlen = {$sizeLimit};\n function sizeCount(box)\n {\n if (box == null) {\n return;\n }\n var len = box.value.length;\n var msg = '';\n if (len <= maxlen) {\n msg = '{$usize1}' + (maxlen - len) + '{$usize2}';\n }\n else {\n msg = '{$osize1}' + (len - maxlen) + '{$osize2}';\n }\n document.getElementById('sizemsg').innerHTML = msg;\n }\n sizeCount(document.getElementById('inputbody'));\n function check_su_warning()\n {\n var to = document.getElementById('to');\n var warning = document.getElementById('warning');\n if (superusers[to.value]) {\n warning.style.visibility = 'visible';\n warning.style.display = 'inline';\n }\n else {\n warning.style.visibility = 'hidden';\n warning.style.display = 'none';\n }\n }\n check_su_warning();\n </script>");
function formatbzfquery_last($server, $connection) { global $site; global $connection; global $use_internal_db; if ($use_internal_db) { @(!mysql_select_db($site->db_used_name(), $connection)); } else { if (@(!mysql_select_db("playerlist", $connection))) { @mysql_close($connection); unset($connection); } } if (isset($_GET['server'])) { echo '<p>' . $server . '</p>' . "\n"; } else { echo '<p><a href="?server=' . urlencode($server) . '">' . $server . '</a></p>' . "\n"; } // Query the server if (!function_exists('pcntl_fork')) { ob_start(); } $data = bzfquery($server); $ausgabe = ''; if (!function_exists('pcntl_fork')) { $ausgabe .= ob_get_contents(); ob_end_clean(); } if (!isset($data['player'])) { if (!isset($data['protocol'])) { echo '<p>' . KEINEVERBINDUNG . ' '; if (!strcmp($ausgabe, '') == 0) { echo GEMELDETERFEHLER . $ausgabe . '.'; } echo '</p>' . "\n"; } else { echo '<p>' . KEINESPIELER . '</p>' . "\n"; } } else { $zaehler = $data['maxTime'] - $data['timeElapsed']; if ($zaehler > 0) { echo '<p class="zaehler">' . ZAEHLER . '<span class="zaehler">' . round($zaehler / 60, 2) . VON . round($data['maxTime'] / 60, 2) . '</span>' . RESTZEIT . '</p>' . "\n"; } // Display the server info $teamName = array(0 => "schurke", 1 => "rot", 2 => "gruen", 3 => "blau", 4 => "violett", 5 => "zuschauer", 6 => "hase"); $teamColour = array(0 => "yellow", 1 => "red", 2 => "green", 3 => "blue", 4 => "purple", 5 => "gray", 6 => "orange"); usort($data['player'], "cmp"); // echo 'count punkte:!' . print_r($data['player']['0']['team']); if (isset($data['player']['0']['team']) && !(strcmp($data['player']['0']['team'], '5') === 0)) { echo '<table class="punkte">' . "\n"; echo ' <tbody>' . "\n"; while (list($key, $val) = each($data['team'])) { if ($data['team'][$key]['size'] > 0) { echo ' '; // Mannschaftsfarbe marke('tr', $teamName[$key]); // Punktzahl echo '<td>'; echo $data['team'][$key]['won'] - $data['team'][$key]['lost']; echo '</td>'; // Gewonnen echo '<td>'; echo '(' . $data['team'][$key]['won'] . ' - '; // Verloren echo $data['team'][$key]['lost'] . ')'; echo '</td>'; // #Spieler echo '<td>'; echo $data['team'][$key]['size']; echo '</td>'; // Ende Mannschaftsfarbe echo '</tr>' . "\n"; } } echo ' </tbody>' . "\n" . '</table>' . "\n"; } reset($data); echo "\n\n" . '<table class="spieler" border="0">' . "\n"; echo ' <tbody>'; while (list($key, $val) = each($data['player'])) { echo "\n" . '<tr>' . "\n"; // Zuschauer spielen nicht -> keine Punktzahl if (!strcmp($teamName[$data['player'][$key]['team']], 'zuschauer') == 0) { echo '<td>'; echo $data['player'][$key]['won'] - $data['player'][$key]['lost']; echo '</td>' . "\n"; echo '<td>(' . $data['player'][$key]['won'] . '-' . $data['player'][$key]['lost'] . ')</td><td>[' . $data['player'][$key]['tks'] . ']</td>'; } else { echo '<td></td>' . "\n" . '<td></td>' . "\n" . '<td></td>' . "\n"; } // Mannschaftsfarbe marke('td', $teamName[$data['player'][$key]['team']]); $playername = $data['player'][$key]['sign']; // Spielernamen eventuell kuerzen if ($site->mobile_version()) { // Name ziemlich lang if (strlen($playername) > 13) { $playername = str_split($playername, 10); echo htmlent($playername[0]) . "..."; } else { echo htmlent($playername); } } else { echo htmlentities($playername); } echo '</td>' . "\n"; // Mehl marke('td', 'mehl'); if (!strcmp($data['player'][$key]['motto'], '') == 0) { $motto = $data['player'][$key]['motto']; // motto ziemlich lang if (strlen($motto) > 17) { $motto = str_split($motto, 14); $motto = htmlent($motto[0]) . '...'; } echo '(' . htmlent($motto) . ')'; } echo '</td>' . "\n"; // Existiert Datenbankverbindung? if ($connection) { // team herausfinden marke('td', 'team'); $callsign = $data['player'][$key]['sign']; $query = 'SELECT `teamid` from users WHERE `name`=' . sqlSafeStringQuotes($callsign) . ' LIMIT 1'; $result = mysql_query($query, $connection); if (!$result) { print mysql_error(); die("<br>\nQuery {$query} ist ungültiges SQL."); } $resultarray = mysql_fetch_array($result); $teamid = $resultarray['teamid']; if ($teamid > 0) { if ($use_internal_db) { $query = 'SELECT `name` from teams WHERE `id`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1'; } else { $query = 'SELECT `name` from teams WHERE `teamid`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1'; } $result = mysql_query($query, $connection); if (!$result) { print mysql_error(); die("<br>\nQuery {$query} ist ungültiges SQL."); } $resultarray = mysql_fetch_array($result); mysql_free_result($result); echo $resultarray['name']; } echo '</td>' . "\n"; } echo '</tr>' . "\n"; } echo ' </tbody>' . "\n" . '</table>' . "\n"; } }
function edit() { global $entry_edit_permission; global $config; global $site; global $tmpl; global $user; // initialise variables $confirmed = 0; $content = ''; // set their values in case the POST variables are set if (isset($_POST['confirmationStep'])) { $confirmed = intval($_POST['confirmationStep']); } if (isset($_POST['editPageAgain']) && strlen($_POST['editPageAgain']) > 0) { // user looked at preview but chose to edit the message again $confirmed = 0; } if (isset($_POST['staticContent'])) { $content = htmlent_decode($_POST['staticContent']); } // sanity check variabless $test = $this->caller->sanityCheck($confirmed); switch ($test) { case true && $confirmed === 1: $tmpl->assign('submitText', 'Write changes'); // user may decide not to submit after seeing preview $tmpl->assign('editAgainText', 'Edit again'); $this->caller->insertEditText(true); break; // use this as guard to prevent selection of noperm or nokeymatch cases // use this as guard to prevent selection of noperm or nokeymatch cases case strlen($test) < 2: $this->caller->insertEditText(false); break; case 'noperm': $tmpl->assign('MSG', 'You need write permission to edit the content.'); break; case 'nokeymatch': $this->caller->insertEditText(false); $tmpl->assign('MSG', 'The magic key does not match, it looks like you came from somewhere else or your session expired.'); break; unset($test); } // there is no step lower than 0 if ($confirmed < 0) { $confirmed = 0; } // increase confirmation step by one so we get to the next level if ($confirmed > 1) { $tmpl->assign('confirmationStep', 1); } else { $tmpl->assign('confirmationStep', $confirmed + 1); } switch ($confirmed) { case 1: break; case 2: $status = $this->caller->writeContent($content); if ($status === true) { if ($tmpl->getTemplateVars('MSG') === null) { $tmpl->assign('MSG', 'Changes written successfully.' . $tmpl->linebreaks("\n\n")); } } else { $tmpl->assign('MSG', 'Failed writing changes. The underlying error message was: ' . $status . $tmpl->linebreaks("\n\n")); } $tmpl->assign('submitText', 'Add another entry'); break; default: $tmpl->assign('USER_NOTE'); if ($config->getValue('bbcodeLibAvailable')) { $tmpl->assign('notes', 'Keep in mind to use BBCode instead of HTML or XHTML.'); } else { if ($config->getValue('useXhtml')) { $tmpl->assign('notes', 'Keep in mind the home page currently uses XHTML, not HTML or BBCode.'); } else { $tmpl->assign('notes', 'Keep in mind the home page currently uses HTML, not XHTML or BBCode.'); } } $tmpl->assign('submitText', 'Preview'); } $randomKeyName = $this->caller->randomKeyName . microtime(); // convert some special chars to underscores $randomKeyName = strtr($randomKeyName, array(' ' => '_', '.' => '_')); $randomkeyValue = $site->setKey($randomKeyName); $tmpl->assign('keyName', $randomKeyName); $tmpl->assign('keyValue', htmlent($randomkeyValue)); }