$qry = db("INSERT INTO " . $db['downloads'] . "\n SET `download` = '" . up($_POST['download']) . "',\n `url` = '" . $dl . "',\n `date` = '" . (int) time() . "',\n `beschreibung` = '" . up($_POST['beschreibung'], 1) . "',\n `kat` = '" . (int) $_POST['kat'] . "'"); $show = info(_downloads_added, "?admin=dladmin"); } } elseif ($_GET['do'] == "edit") { $qry = db("SELECT * FROM " . $db['downloads'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $get = _fetch($qry); $qryk = db("SELECT * FROM " . $db['dl_kat'] . "\n ORDER BY name"); while ($getk = _fetch($qryk)) { if ($getk['id'] == $get['kat']) { $sel = "selected=\"selected\""; } else { $sel = ""; } $kats .= show(_select_field, array("value" => $getk['id'], "what" => re($getk['name']), "sel" => $sel)); } $show = show($dir . "/form_dl", array("admin_head" => _downloads_admin_head_edit, "ddownload" => re($get['download']), "durl" => re($get['url']), "file" => $dl, "lokal" => _downloads_lokal, "exist" => _downloads_exist, "nothing" => _nothing, "nofile" => _downloads_nofile, "oder" => _or, "dbeschreibung" => re_bbcode($get['beschreibung']), "kat" => _downloads_kat, "what" => _button_value_edit, "do" => "editdl&id=" . $_GET['id'] . "", "kats" => $kats, "url" => _downloads_url, "beschreibung" => _beschreibung, "download" => _downloads_name)); } elseif ($_GET['do'] == "editdl") { if (empty($_POST['download']) || empty($_POST['url'])) { if (empty($_POST['download'])) { $show = error(_downloads_empty_download, 1); } elseif (empty($_POST['url'])) { $show = error(_downloads_empty_url, 1); } } else { if (preg_match("#^www#i", $_POST['url'])) { $dl = links($_POST['url']); } else { $dl = up($_POST['url']); } $qry = db("UPDATE " . $db['downloads'] . "\n SET `download` = '" . up($_POST['download']) . "',\n `url` = '" . $dl . "',\n `beschreibung` = '" . up($_POST['beschreibung'], 1) . "',\n `date` = '" . (int) time() . "',\n `kat` = '" . (int) $_POST['kat'] . "'\n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(_downloads_edited, "?admin=dladmin");
$datemax = mktime(23, 59, 59, $_POST['m'], $_POST['t'], $_POST['j']); $kontrolle = mysql_num_rows(db("SELECT * FROM " . $sql_prefix . "jokes WHERE date >= " . $date . " AND date <= " . $datemax . " AND status != 0")); } if ($kontrolle != 0) { //kon $dropdown_date = show(_dropdown_date, array("day" => dropdown("day", $_POST['t']), "month" => dropdown("month", $_POST['m']), "year" => dropdown("year", $_POST['j']))); $do = show(_jokes_edit_link, array("id" => $_GET['id'])); $options = '<table width="200"><tr> <td><label><input type="radio" name="status" value="0" id="status_1" ' . $checked1 . '/>' . _jokes_inaktiv . '</label></td> </tr><tr> <td><label><input type="radio" name="status" value="1" id="status_2" ' . $checked2 . '/>' . _jokes_nextdate . '</label></td> </tr><tr> <td><label><input type="radio" name="status" value="2" id="status_3" checked="checked"/>' . _jokes_thisdate . '</label></td> </tr></table>'; $error = show("errors/errortable", array("error" => _jokes_date_forgiven)); $index = show($dir . "/form", array("head" => _joke_edit, "nautor" => _autor, "dropdown_date" => $dropdown_date, "autor" => autor($userid), "status" => _status, "options" => $options, "ntitel" => _titel, "titel" => re($_POST['titel']), "joketext" => re_bbcode($_POST['jokes']), "error" => $error, "lang" => $language, "button" => _button_value_add, "linkname" => _linkname)); //konende } else { $qry = db("INSERT INTO " . $sql_prefix . "jokes \n SET `uid` = '" . (int) $userid . "',\n `title` = '" . up($_POST['titel']) . "',\n `content` = '" . up($_POST['jokes'], 1) . "',\n\t\t\t\t\t\t `date` = '" . $date . "',\n `status` = '0'"); $text = show(_jokes_msg, array("title" => up($_POST['titel']), "id" => mysql_insert_id(), "content" => up($_POST['jokes'], 1), "nick" => autor($userid))); $qry = db("SELECT s1.id FROM " . $db['users'] . " AS s1\n LEFT JOIN " . $db['permissions'] . " AS s2\n ON s1.id = s2.user\n WHERE s2.jokes = '1' OR s1.`level` LIKE '4' GROUP BY s1.`id`"); while ($get = _fetch($qry)) { $qrys = db("INSERT INTO " . $db['msg'] . "\n SET `datum` = '" . (int) time() . "',\n `von` = '0',\n `an` = '" . (int) $get['id'] . "',\n `titel` = '" . _jokes_msg_title . "',\n `nachricht` = '" . up($text, 1) . "'"); } $index = info(_joke_added, "?action=danke"); } } break; //##################################################################################################### //##################################################################################################### case 'archiv':
$selected = "selected=\"selected\""; } else { $selected = ""; } $users .= show(_to_users, array("id" => $get['id'], "nick" => data($get['id'], "nick"), "selected" => $selected)); } $qry = db("SELECT id,user,buddy FROM " . $db['buddys'] . "\n\t\t\t\t\t\t\t WHERE user = "******"selected=\"selected\""; } else { $selected = ""; } $buddys .= show(_to_buddys, array("id" => $get['buddy'], "nick" => data($get['buddy'], "nick"), "selected" => $selected)); } $index = show($dir . "/new", array("von" => $userid, "an" => _to, "or" => _or, "posttitel" => re($_POST['titel']), "posteintrag" => re_bbcode($_POST['eintrag']), "postto" => $_POST['buddys'] . "" . $_POST['users'], "buddys" => $buddys, "value" => _button_value_msg, "lang" => $language, "users" => $users, "titelhead" => _titel, "titel" => _msg_titel, "nickhead" => _nick, "bbcodehead" => _bbcode, "error" => $error, "eintraghead" => _eintrag)); } else { if ($_POST['buddys'] == "-") { $to = $_POST['users']; } else { $to = $_POST['buddys']; } $qry = db("INSERT INTO " . $db['msg'] . "\n\t\t\t\t SET `datum` = '" . (int) time() . "',\n `von` = '" . (int) $userid . "',\n `an` = '" . (int) $to . "',\n `titel` = '" . up($_POST['titel']) . "',\n `nachricht` = '" . up($_POST['eintrag'], 1) . "',\n `see` = '1'"); $qry = db("UPDATE " . $db['userstats'] . "\n\t\t\t\t \t\t\t SET `writtenmsg` = writtenmsg+1\n\t\t\t\t\t\t \t WHERE user = "******"?action=msg"); } } else { $qry = db("SELECT * FROM " . $db['msg'] . "\n\t \t\t\t\t\t\t WHERE an = " . $userid . "\n AND see_u = '0'\n\t\t\t \t\t\t\t ORDER BY datum DESC"); while ($get = _fetch($qry)) { if (_rows($qry)) { if ($get['von'] == 0) {
$show = info(_artikel_added, "?admin=artikel"); } } elseif ($_GET['do'] == "edit") { $qry = db("SELECT * FROM " . $db['artikel'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $get = _fetch($qry); $qryk = db("SELECT * FROM " . $db['newskat'] . ""); while ($getk = _fetch($qryk)) { if ($get['kat'] == $getk['id']) { $sel = "selected=\"selected\""; } else { $sel = ""; } $kat .= show(_select_field, array("value" => $getk['id'], "sel" => $sel, "what" => re($getk['kategorie']))); } $do = show(_artikel_edit_link, array("id" => $_GET['id'])); $show = show($dir . "/artikel_form", array("head" => _artikel_edit, "nautor" => _autor, "autor" => autor($userid), "nkat" => _news_admin_kat, "preview" => _preview, "kat" => $kat, "do" => $do, "ntitel" => _titel, "titel" => re($get['titel']), "artikeltext" => re_bbcode($get['text']), "link1" => re($get['link1']), "link2" => re($get['link2']), "link3" => re($get['link3']), "url1" => $get['url1'], "url2" => $get['url2'], "url3" => $get['url3'], "ntext" => _eintrag, "error" => "", "lang" => $language, "button" => _button_value_edit, "linkname" => _linkname, "nurl" => _url)); } elseif ($_GET['do'] == "editartikel") { if ($_POST) { $qry = db("UPDATE " . $db['artikel'] . "\n SET `kat` = '" . (int) $_POST['kat'] . "',\n `titel` = '" . up($_POST['titel']) . "',\n `text` = '" . up($_POST['artikel'], 1) . "',\n `link1` = '" . up($_POST['link1']) . "',\n `link2` = '" . up($_POST['link2']) . "',\n `link3` = '" . up($_POST['link3']) . "',\n `url1` = '" . links($_POST['url1']) . "',\n `url2` = '" . links($_POST['url2']) . "',\n `url3` = '" . links($_POST['url3']) . "'\n WHERE id = '" . intval($_GET['id']) . "'"); } $show = info(_artikel_edited, "?admin=artikel"); } elseif ($_GET['do'] == "delete") { $qry = db("DELETE FROM " . $db['artikel'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(_artikel_deleted, "?admin=artikel"); } elseif ($_GET['do'] == 'public') { if ($_GET['what'] == 'set') { $upd = db("UPDATE " . $db['artikel'] . "\n SET `public` = '1',\n \t\t\t\t\t `datum` = '" . time() . "'\n WHERE id = '" . intval($_GET['id']) . "'"); } elseif ($_GET['what'] == 'unset') { $upd = db("UPDATE " . $db['artikel'] . "\n SET `public` = '0'\n WHERE id = '" . intval($_GET['id']) . "'"); } header("Location: ?admin=artikel");
} elseif ($_GET['do'] == "edit") { $qry = db("SELECT * FROM " . $db['cw'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $get = _fetch($qry); list($xonx1, $xonx2) = explode('on', $get['xonx']); $qrym = db("SELECT * FROM " . $db['squads'] . "\n WHERE status = '1'\n ORDER BY game"); while ($gets = _fetch($qrym)) { if ($get['squad_id'] == $gets['id']) { $sel = "selected=\"selected\""; } else { $sel = ""; } $squads .= show(_cw_edit_select_field_squads, array("id" => $gets['id'], "name" => re($gets['name']), "game" => re($gets['game']), "sel" => $sel, "icon" => $gets['icon'])); } $dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", $get['datum'])), "month" => dropdown("month", date("m", $get['datum'])), "year" => dropdown("year", date("Y", $get['datum'])))); $dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", $get['datum'])), "minute" => dropdown("minute", date("i", $get['datum'])), "uhr" => _uhr)); $show = show($dir . "/form_cw", array("head" => _cw_admin_head_edit, "datum" => _datum, "gegner" => _cw_head_gegner, "xonx" => _cw_head_xonx, "preview" => _preview, "nothing" => _cw_nothing, "screenshot1" => _cw_new . " " . _cw_screenshot . " 1", "screenshot2" => _cw_new . " " . _cw_screenshot . " 2", "screenshot3" => _cw_new . " " . _cw_screenshot . " 3", "screenshot4" => _cw_new . " " . _cw_screenshot . " 4", "screens" => _cw_screens, "liga" => _cw_head_liga, "screen_info" => _cw_screens_info, "gametype" => _cw_head_gametype, "url" => _url, "clantag" => _cw_admin_clantag, "bericht" => _cw_bericht, "result" => _cw_head_result, "info" => _cw_admin_info, "gegnerstuff" => _cw_admin_gegnerstuff, "warstuff" => _cw_admin_warstuff, "maps" => _cw_admin_maps, "match_admins" => _cw_head_admin, "lineup" => _cw_head_lineup, "glineup" => _cw_head_glineup, "serverip" => _cw_admin_serverip, "lineup_info" => _cw_admin_lineup_info, "servername" => _server_name, "serverpwd" => _server_password, "do" => "editcw&id=" . $_GET['id'] . "", "what" => _button_value_edit, "cw_clantag" => re($get['clantag']), "cw_gegner" => re($get['gegner']), "cw_url" => $get['url'], "cw_xonx1" => $xonx1, "logo" => _cw_logo, "cw_xonx2" => $xonx2, "cw_maps" => re($get['maps']), "cw_matchadmins" => re($get['matchadmins']), "cw_lineup" => re($get['lineup']), "cw_glineup" => re($get['glineup']), "cw_servername" => re($get['servername']), "cw_serverip" => $get['serverip'], "cw_serverpwd" => re($get['serverpwd']), "cw_punkte" => $get['punkte'], "cw_gpunkte" => $get['gpunkte'], "cw_bericht" => re_bbcode($get['bericht']), "day" => date("d", $get['datum']), "dropdown_date" => $dropdown_date, "dropdown_time" => $dropdown_time, "month" => date("m", $get['datum']), "year" => date("Y", $get['datum']), "hour" => date("H", $get['datum']), "minute" => date("i", $get['datum']), "name" => _member_admin_squad, "countrys" => show_countrys($get['gcountry']), "squad_info" => _cw_admin_head_squads, "game" => _member_admin_game, "squads" => $squads, "cw_liga" => re($get['liga']), "country" => _cw_admin_head_country, "cw_gametype" => re($get['gametype']))); } elseif ($_GET['do'] == "add") { if (empty($_POST['gegner']) || empty($_POST['clantag']) || empty($_POST['t'])) { if (empty($_POST['gegner'])) { $show = error(_cw_admin_empty_gegner, 1); } elseif (empty($_POST['clantag'])) { $show = error(_cw_admin_empty_clantag, 1); } elseif (empty($_POST['t'])) { $show = error(_empty_datum, 1); } } else { if (empty($_POST['xonx1']) && empty($_POST['xonx2'])) { $xonx = ""; } else { $xonx = "`xonx` = '" . $_POST['xonx1'] . "on" . $_POST['xonx2'] . "',"; }
$dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", $get['sticky'])), "month" => dropdown("month", date("m", $get['sticky'])), "year" => dropdown("year", date("Y", $get['sticky'])))); $dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", $get['sticky'])), "minute" => dropdown("minute", date("i", $get['sticky'])), "uhr" => _uhr)); } else { $dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", time())), "month" => dropdown("month", date("m", time())), "year" => dropdown("year", date("Y", time())))); $dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", time())), "minute" => dropdown("minute", date("i", time())), "uhr" => _uhr)); } if ($get['timeshift'] != 0) { $timeshift = 'checked="checked"'; $timeshift_date = show(_dropdown_date_ts, array("nr" => "ts", "day" => dropdown("day", date("d", $get['datum'])), "month" => dropdown("month", date("m", $get['datum'])), "year" => dropdown("year", date("Y", $get['datum'])))); $timeshift_time = show(_dropdown_time_ts, array("nr" => "ts", "hour" => dropdown("hour", date("H", $get['datum'])), "minute" => dropdown("minute", date("i", $get['datum'])), "uhr" => _uhr)); } else { $timeshift = ''; $timeshift_date = show(_dropdown_date_ts, array("nr" => "ts", "day" => dropdown("day", date("d", time())), "month" => dropdown("month", date("m", time())), "year" => dropdown("year", date("Y", time())))); $timeshift_time = show(_dropdown_time_ts, array("nr" => "ts", "hour" => dropdown("hour", date("H", time())), "minute" => dropdown("minute", date("i", time())), "uhr" => _uhr)); } $show = show($dir . "/news_form", array("head" => _admin_news_edit_head, "nautor" => _autor, "autor" => autor($get['autor']), "nkat" => _news_admin_kat, "kat" => $kat, "do" => $do, "preview" => _preview, "ntitel" => _titel, "titel" => re($get['titel']), "newstext" => re_bbcode($get['text']), "morenews" => re_bbcode($get['klapptext']), "link1" => re($get['link1']), "link2" => re($get['link2']), "link3" => re($get['link3']), "url1" => $get['url1'], "url2" => $get['url2'], "url3" => $get['url3'], "klapplink" => re($get['klapplink']), "dropdown_date" => $dropdown_date, "dropdown_time" => $dropdown_time, "timeshift_date" => $timeshift_date, "timeshift_time" => $timeshift_time, "timeshift" => $timeshift, "ntext" => _eintrag, "error" => "", "button" => _button_value_edit, "lang" => $language, "nklapptitel" => _news_admin_klapptitel, "nmore" => _news_admin_more, "linkname" => _linkname, "intern" => $int, "sticky" => $sticky, "getsticky" => _news_get_sticky, "till" => _news_sticky_till, "gettimeshift" => _news_get_timeshift, "from" => _news_timeshift_from, "day" => $day, "month" => $month, "year" => $year, "hour" => $hour, "minute" => $minute, "interna" => _news_admin_intern, "nurl" => _url)); } elseif ($_GET['do'] == "editnews") { if ($_POST) { if ($_POST['sticky']) { $stickytime = mktime($_POST['h'], $_POST['min'], 0, $_POST['m'], $_POST['t'], $_POST['j']); } if ($_POST['timeshift']) { $timeshifttime = mktime($_POST['h_ts'], $_POST['min_ts'], 0, $_POST['m_ts'], $_POST['t_ts'], $_POST['j_ts']); $timeshift = "`timeshift` = '1',"; $public = "`public` = '1',"; $datum = "`datum` = '" . (int) $timeshifttime . "',"; } else { $timeshift = ""; $public = ''; $datum = ''; }
$checked = "checked=\"checked\""; } $qry = db("SELECT s2.*, s1.name AS katname, s1.placeholder FROM " . $db['navi_kats'] . " AS s1 LEFT JOIN " . $db['navi'] . " AS s2 ON s1.`placeholder` = s2.`kat`\n ORDER BY s1.name, s2.pos"); $thiskat = ''; while ($get = _fetch($qry)) { if ($thiskat != $get['kat']) { $position .= ' <option class="dropdownKat" value="lazy">' . re($get['katname']) . '</option> <option value="' . re($get['placeholder']) . '-1">-> ' . _admin_first . '</option> '; } $thiskat = $get['kat']; $sel = $get['editor'] == $_GET['id'] ? 'selected="selected"' : ''; $position .= empty($get['name']) ? '' : '<option value="' . re($get['placeholder']) . '-' . ($get['pos'] + 1) . '" ' . $sel . '>' . _nach . ' -> ' . navi_name(re($get['name'])) . '</option>'; } $show = show($dir . "/form_editor", array("head" => _editor_edit_head, "what" => _button_value_edit, "lang" => $language, "bbcode" => _bbcode, "preview" => _preview, "error" => $error, "checked" => $checked, "pos" => _position, "ja" => _yes, "nein" => _no, "name" => _editor_linkname, "position" => $position, "n_name" => re($_POST['name']), "wichtig" => _navi_wichtig, "titel" => _titel, "e_titel" => re($_POST['titel']), "e_inhalt" => re_bbcode($_POST['inhalt']), "allow_html" => _editor_allow_html, "inhalt" => _inhalt, "do" => "editsite&id=" . $_GET['id'] . "")); } else { $qry = db("UPDATE " . $db['sites'] . "\n SET `titel` = '" . up($_POST['titel']) . "',\n `text` = '" . up($_POST['inhalt'], 1) . "',\n `html` = '" . (int) $_POST['html'] . "'\n WHERE id = '" . intval($_GET['id']) . "'"); if ($_POST['pos'] == "1" || "2") { $sign = ">= "; } else { $sign = "> "; } $kat = preg_replace('/-(\\d+)/', '', $_POST['pos']); $pos = preg_replace("=nav_(.*?)-=", "", $_POST['pos']); $url = "../sites/?show=" . $_GET['id'] . ""; $posi = db("UPDATE " . $db['navi'] . "\n SET `pos` = pos+1\n WHERE pos " . $sign . " '" . intval($pos) . "'"); $posi = db("UPDATE " . $db['navi'] . "\n SET `pos` = '" . (int) $pos . "',\n `kat` = '" . up($kat) . "',\n `name` = '" . up($_POST['name']) . "',\n `url` = '" . up($url) . "'\n WHERE editor = '" . intval($_GET['id']) . "'"); $show = info(_site_edited, "?admin=editor"); } } elseif ($_GET['do'] == "delete") {
if (empty($_POST['title'])) { $show = error(_kalender_error_no_title, 1); } elseif (empty($_POST['event'])) { $show = error(_kalender_error_no_event, 1); } } else { $time = mktime($_POST['h'], $_POST['min'], 0, $_POST['m'], $_POST['t'], $_POST['j']); $insert = db("INSERT INTO " . $db['events'] . "\n SET `datum` = '" . (int) $time . "',\n `title` = '" . up($_POST['title']) . "',\n `event` = '" . up($_POST['event'], 1) . "'"); $show = info(_kalender_successful_added, "?admin=kalender"); } } elseif ($_GET['do'] == "edit") { $qry = db("SELECT * FROM " . $db['events'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $get = _fetch($qry); $dropdown_date = show(_dropdown_date, array("day" => dropdown("day", date("d", $get['datum'])), "month" => dropdown("month", date("m", $get['datum'])), "year" => dropdown("year", date("Y", $get['datum'])))); $dropdown_time = show(_dropdown_time, array("hour" => dropdown("hour", date("H", $get['datum'])), "minute" => dropdown("minute", date("i", $get['datum'])), "uhr" => _uhr)); $show = show($dir . "/form_kalender", array("datum" => _datum, "event" => _kalender_event, "dropdown_time" => $dropdown_time, "dropdown_date" => $dropdown_date, "beschreibung" => _beschreibung, "what" => _button_value_edit, "do" => "editevent&id=" . $_GET['id'], "k_event" => re($get['title']), "k_beschreibung" => re_bbcode($get['event']), "head" => _kalender_admin_head_edit)); } elseif ($_GET['do'] == "editevent") { if (empty($_POST['title']) || empty($_POST['event'])) { if (empty($_POST['title'])) { $show = error(_kalender_error_no_title, 1); } elseif (empty($_POST['event'])) { $show = error(_kalender_error_no_event, 1); } } else { $time = mktime($_POST['h'], $_POST['min'], 0, $_POST['m'], $_POST['t'], $_POST['j']); $update = db("UPDATE " . $db['events'] . "\n SET `datum` = '" . (int) $time . "',\n `title` = '" . up($_POST['title']) . "',\n `event` = '" . up($_POST['event'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(_kalender_successful_edited, "?admin=kalender"); } } elseif ($_GET['do'] == "delete") { $del = db("DELETE FROM " . $db['events'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(_kalender_deleted, "?admin=kalender");
$dropdown_time_ende = show(_dropdown_time_ts, array("nr" => '2', "hour" => dropdown("hour", date("H", $get['ende'])), "minute" => dropdown("minute", date("i", $get['ende'])), "uhr" => _uhr)); $qryk = db("SELECT * FROM " . $sql_prefix . "events_kat"); while ($getk = _fetch($qryk)) { if ($get['kat'] == $getk['id']) { $sel = "selected=\"selected\""; } else { $sel = ""; } $kat .= show(_select_field, array("value" => $getk['id'], "sel" => $sel, "what" => re($getk['name']))); } if ($get['gmaps'] == '1') { $checked = "checked=\"checked\""; } else { $checked = ""; } $show = show($dir . "/form_event", array("datum_start" => _ev_l_start, "datum_ende" => _ev_l_ende, "event" => _kalender_event, "dropdown_time_start" => $dropdown_time_start, "dropdown_date_start" => $dropdown_date_start, "dropdown_time_ende" => $dropdown_time_ende, "dropdown_date_ende" => $dropdown_date_ende, "beschreibung" => _beschreibung, "what" => _button_value_edit, "do" => "editevent&id=" . $_GET['id'], "k_event" => re($get['name']), "k_beschreibung" => re_bbcode($get['beschreibung']), "veranstalter" => _ev_veranstalter, "k_veranstalter" => re($get['veranstalter']), "ort" => _ev_l_ort, "k_ort" => re($get['ort']), "kat" => _ev_l_kat, "k_kat" => $kat, "gmaps" => _ev_gmaps, "gmaps_info" => _ev_gmaps_info, "checked" => $checked, "autor" => _autor, "bild" => _ev_bild, "k_autor" => autor($get['autor_id']), "head" => _kalender_admin_head_edit)); } elseif ($_GET['do'] == "editevent") { $start_time = mktime($_POST['h_1'], $_POST['min_1'], 0, $_POST['m_1'], $_POST['t_1'], $_POST['j_1']); $ende_time = mktime($_POST['h_2'], $_POST['min_2'], 0, $_POST['m_2'], $_POST['t_2'], $_POST['j_2']); if (empty($_POST['event'])) { if (empty($_POST['event'])) { $show = error(_kalender_error_no_title, 1); } } elseif ($start_time >= $ende_time) { $show = error(_kalender_error_start_ende, 1); } else { if ($start_time != $ende_time) { $show = error(_kalender_error_start_ende, 1); } $update = db("UPDATE " . $sql_prefix . "events_info\n SET `start` = '" . (int) $start_time . "',\n\t\t\t\t\t \t `ende` = '" . (int) $ende_time . "',\n\t\t\t\t\t\t `kat` = '" . (int) $_POST['kat'] . "',\n\t\t\t\t\t\t `gmaps` = '" . (int) $_POST['gmaps'] . "',\n `name` = '" . up($_POST['event']) . "',\n\t\t\t\t\t\t `ort` = '" . up($_POST['ort']) . "',\n\t\t\t\t\t\t `veranstalter` = '" . up($_POST['veranstalter']) . "',\n `beschreibung` = '" . up($_POST['beschreibung'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'"); $tmp1 = $_FILES['bild']['tmp_name'];
<?php /////////// ADMINNAVI \\\\\\\\\ // Typ: settingsmenu // Rechte: $chkMe == 4 /////////////////////////////// if (_adminMenu != 'true') { exit; } $where = $where . ': ' . _config_impressum_head; if ($chkMe != 4) { $show = error(_error_wrong_permissions, 1); } else { $wysiwyg = '_word'; $qry = db("SELECT i_domain,i_autor FROM " . $db['settings'] . ""); $get = _fetch($qry); $show_ = show($dir . "/form_impressum", array("idomain" => _config_impressum_domains, "domain" => re($get['i_domain']), "bbcode" => bbcode("seitenautor"), "lang" => $language, "iautor" => _config_impressum_autor, "postautor" => re_bbcode($get['i_autor']))); $show = show($dir . "/imp", array("head" => _config_impressum_head, "what" => "impressum", "value" => _button_value_edit, "show" => $show_)); if ($_GET['do'] == "update") { $qry = db("UPDATE " . $db['settings'] . "\n SET `i_autor` = '" . up($_POST['seitenautor'], 1) . "',\n `i_domain` = '" . up($_POST['domain']) . "'\n WHERE id = 1"); $show = info(_config_set, "?admin=impressum"); } }
$editedby = show(_edited_by, array("autor" => autor($userid), "time" => date("d.m.Y H:i", time()) . _uhr)); $qry = db("UPDATE " . $sql_prefix . "events_comments\n SET `nick` = '" . up($_POST['nick']) . "',\n `email` = '" . up($_POST['email']) . "',\n `hp` = '" . links($_POST['hp']) . "',\n `comment` = '" . up($_POST['comment'], 1) . "',\n `editby` = '" . addslashes($editedby) . "'\n WHERE id = '" . intval($_GET['cid']) . "'"); $index = info(_comment_edited, "?action=show&w=k&id=" . $_GET['id'] . ""); } else { $index = error(_error_edit_post, 1); } } elseif ($_GET['do'] == "edit") { $qryc = db("SELECT * FROM " . $sql_prefix . "events_comments\n WHERE id = '" . intval($_GET['cid']) . "'"); $getc = _fetch($qryc); if ($getc['reg'] == $userid || permission('editkalendar')) { if ($getc['reg'] != 0) { $form = show("page/editor_regged", array("nick" => autor($getc['reg']), "von" => _autor)); } else { $form = show("page/editor_notregged", array("nickhead" => _nick, "emailhead" => _email, "hphead" => _hp, "postemail" => $getc['email'], "posthp" => links($getc['hp']), "postnick" => re($getc['nick']))); } $index = show("page/comments_add", array("titel" => _comments_edit, "nickhead" => _nick, "bbcodehead" => _bbcode, "emailhead" => _email, "sec" => $dir, "security" => _register_confirm, "hphead" => _hp, "b1" => $u_b1, "b2" => $u_b2, "form" => $form, "preview" => _preview, "prevurl" => '../artikel/?action=compreview&id=' . $_GET['id'], "action" => '?action=show&w=k&do=editcom&id=' . $_GET['id'] . '&cid=' . $_GET['cid'], "ip" => _iplog_info, "lang" => $language, "id" => $_GET['id'], "what" => _button_value_edit, "show" => "", "posteintrag" => re_bbcode($getc['comment']), "error" => "", "eintraghead" => _eintrag)); } else { $index = error(_error_edit_post, 1); } } //ende //$inhalt = "Kommentar-Baustelle".$entrys.""; //############################################################################# //############################################################################' // # # # # # # # } else { $inhalt = bbcode($get['beschreibung']); } // # # # # # # # $teilnehmer = db("SELECT uid FROM " . $sql_prefix . "events_user WHERE eid = '" . $get['id'] . "'"); $teilnehmer = _rows($teilnehmer);
while ($get = _fetch($qry)) { if ($_POST['to'] == $get['id']) { $selsq = "selected=\"selected\""; } else { $selsq = ""; } $squads .= show(_to_squads, array("id" => $get['id'], "sel" => $selsq, "name" => re($get['name']))); } if ($_POST['to'] == "reg") { $selr = "selected=\"selected\""; } elseif ($_POST['to'] == "member") { $selm = "selected=\"selected\""; } elseif ($_POST['to'] == "leader") { $sell = "selected=\"selected\""; } $show = show($dir . "/nletter", array("von" => $userid, "an" => _to, "who" => _msg_global_who, "reg" => _msg_global_reg, "selr" => $selr, "selm" => $selm, "sell" => $sell, "value" => _button_value_nletter, "lang" => $language, "preview" => _preview, "allmembers" => _msg_global_all, "all_leader" => _msg_all_leader, "leader" => _msg_leader, "squad" => _msg_global_squad, "squads" => $squads, "posteintrag" => re_bbcode($_POST['eintrag']), "titel" => _nletter_head, "nickhead" => _nick, "bbcodehead" => _bbcode, "error" => $error, "eintraghead" => _eintrag)); } else { if ($_POST['to'] == "reg") { $message = show(settings('eml_nletter'), array("text" => bbcode_nletter($_POST['eintrag']))); $subject = settings('eml_nletter_subj'); $qry = db("SELECT email FROM " . $db['users'] . "\n WHERE nletter = 1"); while ($get = _fetch($qry)) { sendMail($get['email'], $subject, $message); } $qry = db("UPDATE " . $db['userstats'] . "\n\t\t\t\t\t\t SET `writtenmsg` = writtenmsg+1\n\t\t\t\t\t\t WHERE user = "******"?admin=nletter"); } elseif ($_POST['to'] == "member") { $message = show(settings('eml_nletter'), array("text" => bbcode_nletter($_POST['eintrag']))); $subject = settings('eml_nletter_subj'); $qry = db("SELECT email FROM " . $db['users'] . "\n WHERE level >= 2"); while ($get = _fetch($qry)) {
function zitat($nick, $zitat) { $zitat = str_replace(chr(145), chr(39), $zitat); $zitat = str_replace(chr(146), chr(39), $zitat); $zitat = str_replace("'", "'", $zitat); $zitat = str_replace(chr(147), chr(34), $zitat); $zitat = str_replace(chr(148), chr(34), $zitat); $zitat = str_replace(chr(10), " ", $zitat); $zitat = str_replace(chr(13), " ", $zitat); $zitat = preg_replace("#[\n\r]+#", "<br />", $zitat); $zitat = '<div class="quote"><b>' . $nick . ' ' . _wrote . ':</b><br />' . re_bbcode($zitat) . '</div><br /><br /><br />'; return $zitat; }
if (empty($_POST['link']) || empty($_POST['beschreibung']) || preg_match("#[[:punct:]]]#is", $_POST['link'])) { if (empty($_POST['link'])) { $show = error(_admin_error_glossar_word); } elseif ($_POST['beschreibung']) { $show = error(_admin_error_glossar_desc); } elseif (preg_match("#[[:punct:]]#is", $_POST['link'])) { $show = error(_glossar_specialchar); } } else { $ins = db("INSERT INTO " . $db['glossar'] . "\n SET `word` = '" . up($_POST['link']) . "',\n `glossar` = '" . up($_POST['beschreibung'], 1) . "'"); $show = info(_admin_glossar_added, '?admin=glossar'); } } elseif ($_GET['do'] == 'edit') { $qry = db("SELECT * FROM " . $db['glossar'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $get = _fetch($qry); $show = show($dir . "/form_glossar", array("head" => _admin_glossar_add, "link" => _glossar_bez, "beschreibung" => _glossar_erkl, "llink" => re($get['word']), "lbeschreibung" => re_bbcode($get['glossar']), "do" => "update&id=" . $_GET['id'], "value" => _button_value_edit)); } elseif ($_GET['do'] == 'update') { if (empty($_POST['link']) || empty($_POST['beschreibung']) || preg_match("#[[:punct:]]]#is", $_POST['link'])) { if (empty($_POST['link'])) { $show = error(_admin_error_glossar_word); } elseif ($_POST['beschreibung']) { $show = error(_admin_error_glossar_desc); } elseif (preg_match("#[[:punct:]]#is", $_POST['link'])) { $show = error(_glossar_specialchar); } } else { $ins = db("UPDATE " . $db['glossar'] . "\n SET `word` = '" . up($_POST['link']) . "',\n `glossar` = '" . up($_POST['beschreibung'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(_admin_glossar_edited, '?admin=glossar'); } } elseif ($_GET['do'] == 'delete') { $del = db("DELETE FROM " . $db['glossar'] . "\n WHERE id = '" . intval($_GET['id']) . "'");
if ($get['reg'] == $userid && $chkMe != "unlogged" or permission('gb')) { db("DELETE FROM " . $db['gb'] . " WHERE id = '" . intval($_GET['id']) . "'"); $index = info(_gb_delete_successful, "../gb/"); } else { $index = error(_error_edit_post, 1); } } elseif ($_GET['what'] == "edit") { $qry = db("SELECT * FROM " . $db['gb'] . " WHERE id = '" . intval($_GET['id']) . "'"); $get = _fetch($qry); if ($get['reg'] == $userid && $chkMe != "unlogged" or permission('gb')) { if ($get['reg'] != 0) { $form = show("page/editor_regged", array("nick" => autor($get['reg']), "von" => _autor)); } else { $form = show("page/editor_notregged", array("nickhead" => _nick, "emailhead" => _email, "hphead" => _hp, "postemail" => re($get['email']), "posthp" => re($get['hp']), "postnick" => re($get['nick']))); } $index = show($dir . "/add", array("titel" => _eintragen_titel, "nickhead" => _nick, "bbcodehead" => _bbcode, "add_head" => _gb_edit_head, "emailhead" => _email, "what" => _button_value_edit, "security" => _register_confirm, "lang" => $language, "reg" => $get['reg'], "whaturl" => "editgb&id=" . $get['id'], "hphead" => _hp, "ed" => "&edit=" . $get['id'], "preview" => _preview, "b1" => "<!--", "b2" => "-->", "id" => $get['id'], "form" => $form, "posteintrag" => re_bbcode($get['nachricht']), "ip" => _iplog_info, "error" => "", "eintraghead" => _eintrag)); } else { $index = error(_error_edit_post, 1); } } elseif ($_GET['what'] == 'editgb') { if ($_POST['reg'] == $userid || permission('gb')) { if ($_POST['reg'] == 0) { $addme = "`nick` = '" . up($_POST['nick']) . "',\n `email` = '" . up($_POST['email']) . "',\n `hp` = '" . links($_POST['hp']) . "',"; } $editedby = show(_edited_by, array("autor" => autor($userid), "time" => date("d.m.Y H:i", time()) . _uhr)); $upd = db("UPDATE " . $db['gb'] . "\n SET " . $addme . "\n `nachricht` = '" . up($_POST['eintrag'], 1) . "',\n `reg` = '" . (int) $_POST['reg'] . "',\n `editby` = '" . addslashes($editedby) . "'\n WHERE id = '" . intval($_GET['id']) . "'"); $index = info(_gb_edited, "../gb/"); } else { $index = error(_error_edit_post, 1); } }
$qry = db("INSERT INTO " . $sql_prefix . "quickinfo \n SET `title` = '" . up($_POST['titel']) . "',\n\t\t\t\t\t \t`more` = '" . up($_POST['more']) . "',\n `content` = '" . up($_POST['inhalt'], 1) . "'"); $show = info(_quickinfo_added, "?admin=quickinfo"); } } elseif ($_GET['do'] == "edit") { $qrys = db("SELECT * FROM " . $sql_prefix . "quickinfo \n WHERE id = '" . intval($_GET['id']) . "'"); $gets = _fetch($qrys); $show = show($dir . "/form_quickinfo", array("head" => _quickinfo_edit_head, "what" => _button_value_edit, "lang" => $language, "bbcode" => _bbcode, "titel" => _titel, "e_titel" => re($gets['title']), "more" => _quickinfo_more_link, "e_more" => re($gets['more']), "e_inhalt" => re_bbcode($gets['content']), "ja" => _yes, "nein" => _no, "error" => "", "inhalt" => _inhalt, "do" => "editsite&id=" . $_GET['id'] . "")); } elseif ($_GET['do'] == "editsite") { if (empty($_POST['titel']) || empty($_POST['inhalt'])) { if (empty($_POST['titel'])) { $error = _empty_titel; } elseif (empty($_POST['inhalt'])) { $error = _empty_editor_inhalt; } $error = show("errors/errortable", array("error" => $error)); $show = show($dir . "/form_quickinfo", array("head" => _quickinfo_edit_head, "what" => _button_value_edit, "lang" => $language, "bbcode" => _bbcode, "error" => $error, "ja" => _yes, "nein" => _no, "titel" => _titel, "e_titel" => re($_POST['titel']), "more" => _quickinfo_more_link, "e_more" => re($gets['more']), "e_inhalt" => re_bbcode($_POST['inhalt']), "inhalt" => _inhalt, "do" => "editsite&id=" . $_GET['id'] . "")); } else { $qry = db("UPDATE " . $sql_prefix . "quickinfo \n SET `title` = '" . up($_POST['titel']) . "',\n\t\t\t\t\t `more` = '" . up($_POST['more']) . "',\n `content` = '" . up($_POST['inhalt'], 1) . "'\n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(_quickinfo_edited, "?admin=quickinfo"); } } elseif ($_GET['do'] == "delete") { $qry = db("DELETE FROM " . $sql_prefix . "quickinfo \n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(_quickinfo_deleted, "?admin=quickinfo"); } elseif ($_GET['do'] == "status") { $qry = db("UPDATE " . $sql_prefix . "quickinfo \n SET `status` = '" . intval($_GET['set']) . "'\n WHERE id = '" . intval($_GET['id']) . "'"); $show = info(empty($_GET['set']) ? _quickinfo_admin_status_unsetted : _quickinfo_admin_status_setted, "?admin=quickinfo"); } else { $qry = db("SELECT * FROM " . $sql_prefix . "quickinfo "); while ($get = _fetch($qry)) { $class = $color % 2 ? "contentMainSecond" : "contentMainFirst"; $color++;
$gameicons .= show(_select_field, array("value" => $files[$i], "sel" => $sel, "what" => strtoupper(preg_replace("#\\.(.*?)\$#", "", $files[$i])))); } } foreach ($picformat as $end) { if (file_exists(basePath . '/inc/images/squads/' . intval($_GET['id']) . '.' . $end)) { $image = '<img src="../inc/images/squads/' . intval($_GET['id']) . '.' . $end . '" width="200" alt="" onmouseover="DZCP.showInfo(\'<tr><td><img src=../inc/images/squads/' . intval($_GET['id']) . '.' . $end . ' alt= /></tr></td>\')" onmouseout="DZCP.hideInfo()" /><br />'; break; } } foreach ($picformat as $end) { if (file_exists(basePath . '/inc/images/squads/' . intval($_GET['id']) . '_logo.' . $end)) { $logoimage = '<img src="../inc/images/squads/' . intval($_GET['id']) . '_logo.' . $end . '" height="60" alt="" onmouseover="DZCP.showInfo(\'<tr><td><img src=../inc/images/squads/' . intval($_GET['id']) . '_logo.' . $end . ' alt= /></tr></td>\')" onmouseout="DZCP.hideInfo()" /><br />'; break; } } $show = show($dir . "/squads_edit", array("memberadminaddheader" => _member_admin_edit_header, "squad" => _member_admin_squad, "id" => intval($_GET['id']), "pos" => _position, "icon" => _member_admin_icon, "gameicons" => $gameicons, "logo" => _team_logo, "value" => _button_value_edit, "status" => _status, "aktiv" => _sq_aktiv, "inaktiv" => _sq_inaktiv, "sstatus" => _sq_sstatus, "banner" => _sq_banner, "image" => $image, "logoimage" => $logoimage, "desc" => _dl_besch, "beschreibung" => re_bbcode($get['beschreibung']), "cstatus" => $status, "first" => _admin_first, "info" => _admin_squad_show_info, "navi" => _admin_squads_nav, "upload" => _member_admin_icon_upload, "sshown" => $sshown, "nothing" => _nothing, "selr" => $roster, "selt" => $team_show, "navigation" => $navigation, "roster" => _admin_sqauds_roster, "navigation" => $navigation, "nav_info" => _admin_squads_nav_info, "no_navi" => _admin_squads_no_navi, "teams" => _admin_squads_teams, "show" => _show, "dontshow" => _dont_show, "ssquad" => re($get['name']), "sgame" => re($get['game']), "positions" => $positions, "check_show" => _button_value_show, "game" => _member_admin_game)); } elseif ($_GET['do'] == "editsquad") { if (empty($_POST['squad'])) { $show = error(_admin_squad_no_squad, 1); } elseif (empty($_POST['game'])) { $show = error(_admin_squad_no_game, 1); } else { $ask = db("SELECT pos FROM " . $db['squads'] . "\n WHERE id = '" . intval($_GET['id']) . "'"); $get = _fetch($ask); if ($_POST['position'] != $get['pos']) { if ($_POST['position'] == 1 || $_POST['position'] == 2) { $sign = ">= "; } else { $sign = "> "; } $posi = db("UPDATE " . $db['squads'] . "\n SET `pos` = pos+1\n WHERE pos " . $sign . " '" . intval($_POST['position']) . "'");
$email = show(_emailicon_forum, array("email" => eMailAddr($gett['t_email']))); if (empty($gett['t_hp'])) { $hp = ""; } else { $hp = show(_hpicon_forum, array("hp" => $gett['t_hp'])); } } $nick = autor($gett['t_reg'], '', $gett['t_nick'], $gett['t_email']); if (!empty($_GET['hl']) && $_SESSION['search_type'] == 'autor') { if (preg_match("#" . $_GET['hl'] . "#i", $nick)) { $ftxt['class'] = 'class="highlightSearchTarget"'; } } $lastpost = show($dir . "/forum_posts_show", array("nick" => $nick, "postnr" => "", "text" => $text, "status" => getrank($gett['t_reg']), "avatar" => useravatar($gett['t_reg']), "ip" => $posted_ip, "pn" => $pn, "class" => $ftxt['class'], "icq" => $icq, "hp" => $hp, "email" => $email, "edit" => "", "p" => $i + ($page - 1) * $maxfposts, "delete" => "", "edited" => $gett['edited'], "posts" => $userposts, "date" => _posted_by . date("d.m.y H:i", $gett['t_date']) . _uhr, "signatur" => $sig, "zitat" => "", "onoff" => $onoff, "top" => "", "lp" => cnt($db['f_posts'], " WHERE sid = '" . intval($_GET['id']) . "'") + 1)); } $index = show($dir . "/post", array("titel" => _forum_new_post_head, "nickhead" => _nick, "bbcodehead" => _bbcode, "emailhead" => _email, "zitat" => $zitat, "what" => _button_value_add, "preview" => _preview, "form" => $form, "br1" => "", "br2" => "", "b1" => $u_b1, "b2" => $u_b2, "security" => _register_confirm, "lang" => $language, "lastpost" => $lastpost, "last_post" => _forum_lp_head, "dowhat" => $dowhat, "id" => $_GET['id'], "ip" => _iplog_info, "kid" => $_GET['kid'], "postemail" => $_POST['email'], "posthp" => $_POST['hp'], "postnick" => re($_POST['nick']), "posteintrag" => re_bbcode($_POST['eintrag']), "error" => $error, "eintraghead" => _eintrag)); } else { $spam = 0; $qrydp = db("SELECT * FROM " . $db['f_posts'] . "\n\t\t\t\t\t\t\t\t\t\t WHERE kid = '" . intval($_GET['kid']) . "'\n\t\t\t\t\t\t\t\t\t\t AND sid = '" . intval($_GET['id']) . "'\n\t\t\t\t\t\t\t\t\t\t ORDER BY date DESC\n\t\t\t\t\t\t\t\t\t\t LIMIT 1"); if (_rows($qrydp)) { $getdp = _fetch($qrydp); if (isset($userid)) { if ($userid == $getdp['reg'] && $double_post == 1) { $spam = 1; } else { $spam = 0; } } else { if ($_POST['nick'] == $getdp['nick'] && $double_post == 1) { $spam = 1; } else {