API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 14th, 2017
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.39 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*********************************\
  3. Wsc Cms V1 Main Functions
  4. \*********************************/
  5.  
  6. //Login Function
  7. function login(){
  8. include("./core/core_includes/config.php");
  9. if (isset($_POST['login'])){
  10. $success="./page.php?page=login&detail=success"; $fail="./page.php?page=login&detail=fail";
  11. $user = mysql_real_escape_string(stripslashes(htmlentities($_POST['username'])));
  12. $pass = mysql_real_escape_string(stripslashes(htmlentities($_POST['password'])));
  13. $pass = sha1(strtoupper($user) . ":" . strtoupper($pass));
  14. $user = ucfirst($user);
  15. mysql_select_db("$db_account", $con)or die("cannot select DB");
  16. $admin_check = mysql_query("SELECT * FROM account WHERE username='$user' AND sha_pass_hash='$pass' AND gm='3'");
  17. $admin = mysql_num_rows($admin_check); $adminc = mysql_num_rows($a_c);
  18.  
  19. $gm_check = mysql_query("SELECT * FROM account WHERE username='$user' AND sha_pass_hash='$pass' AND gm='2'");
  20. $gm = mysql_num_rows($gm_check);
  21.  
  22. $player_check = mysql_query("SELECT * FROM account WHERE username='$user' AND sha_pass_hash='$pass' AND gm='0'");
  23. $player = mysql_num_rows($player_check);
  24. if($player == 1){//Player
  25. header("Location: ". $success );
  26. //Set session data
  27. $_SESSION["valid_id"] = $obj->id;
  28. $_SESSION['wsc_user'] = "$user";
  29. $_SESSION["valid_time"] = time();
  30. }
  31. else if($gm == 1){//Gm
  32. header("Location: ". $success );
  33. //Set session data
  34. $_SESSION["valid_id"] = $obj->id;
  35. $_SESSION['wsc_user'] = "$user";
  36. $_SESSION['wsc_gm'] = "$user";
  37. $_SESSION["valid_time"] = time();
  38. }
  39. else if($admin == 1){//Admin
  40. header("Location: ". $success );
  41. //Set session data
  42. $_SESSION["valid_id"] = $obj->id;
  43. $_SESSION['wsc_user'] = "$user";
  44. $_SESSION['wsc_admin'] = "$user";
  45. $_SESSION["valid_time"] = time();
  46. }
  47. else
  48. {
  49. header("Location: ". $fail );
  50. }
  51. }}
  52. //End Login
  53.  
  54. //Logout Function
  55. function logout(){
  56. $url ="./";
  57. $time_out = 5;
  58. header("refresh: $time_out; url=$url");
  59. //Destroy Sessions
  60. //session_start();
  61. session_unset();
  62.  
  63. session_destroy();
  64. }
  65. //End Logout
  66.  
  67. //Account Side Function
  68. function sideinfo(){
  69. include("./core/core_includes/config.php");
  70. $ip=$_SERVER['REMOTE_ADDR'];
  71. $side_info = mysql_query("SELECT * FROM $db_account.account WHERE username='$login[0]'");
  72. while ($gsi = mysql_fetch_array($side_info)){
  73. $gotten_info[2] = $gsi['id'];
  74. $gotten_info[3] = $gsi['locked'];
  75. $gotten_info[4] = $gsi['mutetime'];
  76. $gotten_info[5] = $gsi['vp'];
  77. $gotten_info[6] = $gsi['dp'];
  78. if($gotten_info[3]!="0"){
  79. $banned="Banned";
  80. }else if($gotten_info[3]=="0"){
  81. $banned="Not Banned";
  82. }else{}
  83. if($gotten_info[4]!="0"){
  84. $muted="Muted";
  85. }else if($gotten_info[4]=="0"){
  86. $muted="Not Muted";
  87. }else{}
  88. }
  89. print'<div style="margin-left:10px;">
  90. Welcome, '.$login[0].''; if($login[2]==true){print' - [<a href="./page.php?acp=home">Admin Panel</a>]';}else{} print' - [<a href="./page.php?page=logout">Logout</a>]<br/>
  91. Your Account Id Is: '.$gotten_info[2].'<br/>
  92. Your Current Ip Is: '.$ip.'<br/>
  93. Your Account Is '.$banned.'<br/>
  94. Your Account Is '.$muted.'<br/>
  95. V.I.P Points: '.$gotten_info[6].' - [<a href="#">V.I.P Shop</a>]<br/>
  96. Vote Points: '.$gotten_info[5].' - [<a href="#">Vote Shop</a>]
  97. </div>';
  98. }
  99. //End Account Side
  100.  
  101. //Account Panel Function
  102. function accountpanel(){
  103. include("./core/core_includes/config.php");
  104. $ip=$_SERVER['REMOTE_ADDR'];
  105. $side_info = mysql_query("SELECT * FROM $db_account.account WHERE username='$login[0]'");
  106. while ($gsi = mysql_fetch_array($side_info)){
  107. $gotten_info[0] = $gsi['last_login'];
  108. $gotten_info[1] = $gsi['last_ip'];
  109. $gotten_info[2] = $gsi['id'];
  110. $gotten_info[3] = $gsi['locked'];
  111. $gotten_info[4] = $gsi['mutetime'];
  112. $gotten_info[5] = $gsi['vp'];
  113. $gotten_info[6] = $gsi['dp'];
  114. //$gotten_info[7] = $gsi['gm'];
  115. $gotten_info[8] = $gsi['vip'];
  116. if($gotten_info[3]!="0"){
  117. $banned="Banned";
  118. }else if($gotten_info[3]=="0"){
  119. $banned="Not Banned";
  120. }else{}
  121. if($gotten_info[4]!="0"){
  122. $muted="Muted";
  123. }else if($gotten_info[4]=="0"){
  124. $muted="Not Muted";
  125. }else{}
  126.  
  127. if($login[2]==true){$account_rank="Admin";}else if($login[1]==true){$account_rank="Gm";}else if($login[0]==true){$account_rank="Player";}else{}
  128. }
  129. print'
  130. Your Account Name Is: '.$login[0].'<br/>
  131. Your Account Id Is: '.$gotten_info[2].'<br/>
  132. Your Last Login Was: '.$gotten_info[0].'<br/>
  133. Your Last Ip Was: '.$gotten_info[1].'<br/>
  134. Your Current Ip Is: '.$ip.'<br/>
  135. Your Account Is '.$banned.'<br/>
  136. Your Account Is '.$muted.'<br/><br/>
  137. Account Rank: '.$account_rank.'<br/>
  138. V.I.P Points: '.$gotten_info[6].'<br/>
  139. Vote Points: '.$gotten_info[5].'<br/>
  140. ';
  141. }
  142. //End Account Panel
  143.  
  144. //Register Function
  145. function register(){
  146. if(isset($_POST['register'])){
  147. include("./core/core_includes/config.php");
  148. if(empty($_POST['username'])){print'<br/><center>You Must Enter A Username.</center>';}
  149. if(empty($_POST['password'])){print'<br/><center>You Must Enter A Password.</center>';}
  150. if(empty($_POST['password-confirm'])){print'<br/><center>You Must Confirm Your Password.</center>';}
  151. if(empty($_POST['email'])){print'<br/><center>You Must Enter A Email Address.</center>';}
  152. if(empty($_POST['email-confirm'])){print'<br/><center>You Must Confirm Your Email Address.</center>';}
  153. if(empty($_POST['code-confirm'])){print'<br/><center>You Must Confirm The Code.</center>';}
  154. mysql_select_db("$db_account", $con);
  155.  
  156. $username = mysql_real_escape_string(stripslashes(htmlentities($_POST['username'])));
  157. $password[1] = mysql_real_escape_string(stripslashes(htmlentities($_POST['password'])));
  158. $password[2] = mysql_real_escape_string(stripslashes(htmlentities($_POST['password-confirm'])));
  159. $email[1] = mysql_real_escape_string(stripslashes(htmlentities($_POST['email'])));
  160. $email[2] = mysql_real_escape_string(stripslashes(htmlentities($_POST['email-confirm'])));
  161. $code[1] = mysql_real_escape_string(stripslashes(htmlentities($_POST['code'])));
  162. $code[2] = mysql_real_escape_string(stripslashes(htmlentities($_POST['code-confirm'])));
  163. $check_pass = sha1(strtoupper($username) . ":" . strtoupper($password[1]));
  164. $password[3] = strtoupper($check_pass);
  165. $username = ucfirst($username); $email[1] = ucfirst($email[1]); $email[2] = ucfirst($email[2]);
  166.  
  167. $pulldata = mysql_query("SELECT * FROM account where username='$username'");
  168. while ($pull = mysql_fetch_array($pulldata))
  169. {
  170. $user_get=$pull['username'];
  171. if($user_get==true){echo'<br/><center>'.$user_get.' Is Already Taken, Please Choose Another Username.</center>';}
  172. }
  173. if($code[1]!="$code[2]"){echo'<br/><center>Invalid Verification Code.</center>';}
  174. if($password[1] != "$password[2]"){echo'<br/><center>The Confirmed Password You Entered Does Not Match The Password You Entered.</center>';}
  175. if($email[1] != "$email[2]"){echo'<br/><center>The Confirmed Email You Entered Does Not Match The Email You Entered.</center>';}
  176. if($user_get==false && $code[1]=="$code[2]" && $password[1]=="$password[2]" && $email[1]=="$email[2]" && empty($_POST['username'])==false && empty($_POST['password'])==false && empty($_POST['password-confirm'])==false && empty($_POST['email'])==false && empty($_POST['email-confirm'])==false && empty($_POST['code-confirm'])==false)
  177. {
  178. define('IN_PHPBB', true);
  179. global $phpbb_root_path, $phpEx, $user, $db, $config, $cache, $template;
  180. $phpbb_root_path = './forums/'; // Your path here
  181. $phpEx = substr(strrchr(__FILE__, '.'), 1);
  182. //include($phpbb_root_path . 'common.' . $phpEx);
  183. include("./forums/common.php");
  184.  
  185. // Start session management
  186. $user->session_begin();
  187. $auth->acl($user->data);
  188. $user->setup();
  189.  
  190. require($phpbb_root_path .'includes/functions_user.php');
  191.  
  192. // Do a check if username is allready there, same for email, otherwhise a nasty error will occur
  193. $user_row = array(
  194. 'username' => $username,
  195. 'username_clean' => $username,
  196. 'user_password' => phpbb_hash($password[1]),
  197. 'user_pass_convert' => 0,
  198. 'user_email' => strtolower($email[1]),
  199. 'user_email_hash' => crc32(strtolower($email[1])) . strlen($email[1]),
  200. 'group_id' => 2,
  201. 'user_timezone' => '1.00',
  202. 'user_dst' => 0,
  203. 'user_lang' => 'en',
  204. 'user_type' => '0',
  205. 'user_actkey' => '',
  206. 'user_dateformat' => 'd M Y H:i',
  207. 'user_style' => 1,
  208. 'user_regdate' => time(),
  209. );
  210. $phpbb_user_id = user_add($user_row);
  211. if($phpbb_user_id == true){
  212. mysql_query("INSERT INTO account (username, sha_pass_hash, email, expansion)
  213. VALUES ('$username', '$password[3]', '$email[1]', '2')");
  214. echo'<br/><center>The Account "<i>'.$username.'</i>" Has Been Created.</center>';}else{print'<br/><center>Account creation failed... contact an Administrator.</center>';}
  215. }}}
  216. //End Register
  217.  
  218.  
  219. //Smtp Function
  220. function smtp(){
  221. //
  222. if(isset($_POST['forgot'])){
  223. include("./core/core_includes/config.php");
  224. mysql_select_db("$db_account", $con);
  225. $username = mysql_real_escape_string(stripslashes(htmlentities($_POST['username'])));
  226. $email = mysql_real_escape_string(stripslashes(htmlentities($_POST['email'])));
  227. $email = ucfirst($email); $username = ucfirst($username);
  228. $check_username = mysql_query("SELECT * FROM account WHERE username='$username'");
  229. $check_email = mysql_query("SELECT * FROM account WHERE username='$username' AND email='$email'");
  230. $checking[1] = mysql_num_rows($check_username);
  231. $checking[2] = mysql_num_rows($check_email);
  232. if($checking[1] != 1){print"<br/><center>{$username} Doesn't Match Any Account In Our Records.</center>";}
  233. if($checking[2] != 1){print"<br/><center>{$email} Doesn't Match Any Account In Our Records.</center>";}
  234. if($checking[1]==1 && $checking[2]==1){
  235. //
  236. $get_ret = mysql_query("SELECT * FROM account WHERE username='$username' AND email='$email'");
  237. while ($gr = mysql_fetch_array($get_ret)){
  238. $c_u = $gr['username'];
  239. $c_e = $gr['email'];
  240. $c_p = $gr['sha_pass_hash'];
  241. $verify="";
  242. $length = 10;
  243. $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
  244. //$string = ”;
  245. for ($p = 0; $p < $length; $p++) {
  246. $newg_pass .= $characters[mt_rand(0, strlen($characters))];
  247. }
  248. $check_pass = sha1(strtoupper($c_u) . ":" . strtoupper($newg_pass));
  249. $password = strtoupper($check_pass);
  250. }
  251. //
  252. $subject = "{$title} - Password Retrieval";
  253. $from = "$c_e";
  254. $body = "Hi {$c_u}, Your New Password Is: {$password}";
  255. $to = "$c_e";
  256. if (mail($to, $subject, $body, $from)) {
  257. mysql_query("UPDATE $db_account.account SET sha_pass_hash='$password', v='0', s='0' WHERE username='$c_u' AND sha_pass_hash='$c_p'");
  258. print'<br/><center>Your Password Was Emailed To You.</center>';
  259. } else {
  260. print'<br/><center>Were sorry, your password could not be emailed to you, please contact an administrator if this is your account.</center>';
  261. }
  262. //
  263. }}}
  264. //End Smtp
  265.  
  266. //Realms Function
  267. function realm(){
  268. include("./core/core_includes/config.php");
  269. $get_realms = mysql_query("SELECT * FROM $db_site.realms");
  270. while ($got_realms = mysql_fetch_array($get_realms)){
  271. $realm = array(
  272. "id" => $got_realms['id'],
  273. "host" => $got_realms['host'],
  274. "name" => $got_realms['name'],
  275. "port" => $got_realms['port'],
  276. "db" => $got_realms['db'],
  277. "type" => $got_realms['type']
  278. );
  279. $err = array('no' => NULL, 'str' => NULL);
  280. $arcemu = @fsockopen($got_realms[host], $realm[port], $err['no'], $err['str'], (float)1.0);
  281. if(!$arcemu){
  282. $world = "Offline - ";
  283. }else{
  284. $world = "Online - ";
  285. }
  286. fclose($arcemu);
  287. mysql_select_db("$db_char", $con);
  288. $sql = "SELECT SUM(online) FROM $realm[db].characters";
  289. $sqlquery = mysql_query($sql) or die(mysql_error());
  290. $memb = mysql_result($sqlquery,0,0);
  291. $number = $memb / 1000;
  292. $total_number = $number * 1000;
  293. print'<div style="margin-left:10px;">'.$world.'<a href="./page.php?page=realm_status&id='.$realm[id].'">'.$realm[name].'</a> | '.$realm[type].'</div><center>
  294. <div class="realm-1">
  295. <div class="realm-2">
  296. </div>
  297. <div style="width:'.$total_number.'%; background:#351a0b; height:5px;border-right:1px solid #351a0b;"></div></div>
  298. </center>';
  299. }}
  300. //End Realms
  301.  
  302. //Online Characters Function
  303. function online(){
  304. include("./core/core_includes/config.php");
  305. $realm_id = stripslashes(htmlentities($_GET['id']));
  306. $get_realms = sprintf("SELECT * FROM $db_site.realms WHERE id='%s'", $realm_id, "int");
  307. $got_realms = mysql_query($get_realms, $con) or die(mysql_error());
  308. $gr = mysql_fetch_assoc($got_realms); $realmid = $gr['id']; $realmdb = $gr['db']; $the_actual_name = $gr['name'];
  309. if($realm_id == "$realmid"){
  310. print'
  311. <div class="box"><div class="p-title">Online Players For '.$the_actual_name.'</div><br/><div class="box-body">';
  312. //
  313. $whosonline = '<br><table width="100%">
  314. <tr>
  315. <td align="center"><u>Name</u></td>
  316. <td align="center"><u>Level</u></td>
  317. <td align="center"><u>Race</u></td>
  318. <td align="center"><u>Class</u></td>
  319. </tr>';
  320. //
  321. $get_online_char = mysql_query("SELECT * FROM $realmdb.characters WHERE online='1'");
  322. while($g_o_c = mysql_fetch_array($get_online_char))
  323. {
  324. //
  325. $whosonline .= "<tr>
  326. <td align=center>{$g_o_c['name']}</td>
  327. <td align=center>{$g_o_c['level']}</td>
  328. <td align=center><img src='./core/images/race/{$g_o_c['race']}-{$g_o_c['gender']}.gif'></td>
  329. <td align=center><img src='./core/images/class/{$g_o_c['class']}.gif'></td>
  330. </tr>";}
  331. //
  332. echo $whosonline;
  333. print'</table></div></div></td>';}else{
  334. print'<div class="box"><div class="p-title">404 Realm Error</div><br/><div class="box-body">
  335. Invalid Realm Id.
  336. </div></div></td>';
  337. }}
  338. //End Online Characters
  339.  
  340. //Shoutbox Function
  341. function shoutbox(){
  342. include("./core/core_includes/config.php");
  343. include("./core/core_includes/bb.php");
  344. include("./core/core_includes/pagination.php");
  345. }
  346. //End Shoutbox
  347.  
  348. //News Function
  349. function news(){
  350. include("./core/core_includes/config.php");
  351. $news_[1] = mysql_query("SELECT * FROM $db_site.news ORDER BY id DESC LIMIT 5");
  352. while($news_[2] = mysql_fetch_array($news_[1])){
  353. $news = array(
  354. "id" => $news_[2]['id'],
  355. "title" => $news_[2]['title'],
  356. "author" => $news_[2]['author'],
  357. "date" => $news_[2]['date'],
  358. "post" => $news_[2]['post']
  359. );
  360. print'<div class="box"><div class="p-title">'.$news[title].' <font size="1">- Written By '.$news[author].', '.$news[date].'</font></div><br/><div class="box-body">
  361.  
  362. '.nl2br(bbcode($news[post])).'
  363.  
  364. </div></div>';
  365. }}
  366. //End News
  367.  
  368. //Shout Function
  369. function shout(){
  370. include("./core/core_includes/config.php");
  371. if(!$login[0]){print'<br/><center>You Must Login To Use This ShoutBox!</center><br/><br/>';}else{
  372. if(isset($_POST['shout_it'])){
  373. if(!empty($_POST['shout'])){
  374. $shout = mysql_real_escape_string(stripslashes(htmlentities($_POST['shout'])));
  375. $date=date("[m/d/y]");
  376. $insert = mysql_query("INSERT INTO $db_site.shouts (author, shout, date)
  377. VALUES ('$login[0]', '$shout', '$date')");
  378. if (!$insert)
  379. {
  380. die('ShoutBox Error: ' . mysql_error());
  381. }
  382. }else{print'<br/><center>Your Empty Shout Was Not Posted!</center><br/><br/>';}}}}
  383. //End Shout
  384.  
  385. //Change Password Function
  386. function cpass(){
  387. include("./core/core_includes/config.php");
  388. if(isset($_POST['change'])){
  389. if(empty($_POST['opass'])){print'<br/><center>You must enter your old password to continue.</center>';}
  390. if(empty($_POST['npass'])){print'<br/><center>You must enter a new password for your account.</center>';}
  391. if(empty($_POST['cpass'])){print'<br/><center>You must confirm the new password for your account.</center>';}
  392. if(!empty($_POST['opass']) && !empty($_POST['npass']) && !empty($_POST['cpass'])){
  393. $pass = array(
  394. "old" => mysql_real_escape_string(stripslashes(htmlentities($_POST['opass']))),
  395. "new" => mysql_real_escape_string(stripslashes(htmlentities($_POST['npass']))),
  396. "con" => mysql_real_escape_string(stripslashes(htmlentities($_POST['cpass'])))
  397. );
  398. $pass[0] = sha1(strtoupper($login[0]) . ":" . strtoupper($pass[old]));
  399. $cmp = sha1(strtoupper($login[0]) . ":" . strtoupper($pass['new']));
  400. $pass[1] = strtoupper($cmp);
  401. $check_pass1 = mysql_query("SELECT * FROM $db_account.account WHERE username='$login[0]' AND sha_pass_hash='$pass[0]'");
  402. $check_pass = mysql_num_rows($check_pass1);
  403. if($check_pass != 1){print'<br/><center>The old password you entered was invalid.</center>';}else{
  404. if($pass['new'] != $pass[con]){print'<br/><center>The confirmed password you entered does not match the new password you entered.</center>';}else{
  405. if($check_pass == 1 && $pass['new'] == $pass[con]){
  406. mysql_query("UPDATE $db_account.account SET sha_pass_hash='$pass[1]', v='0', s='0' WHERE username='$login[0]' AND sha_pass_hash='$pass[0]'");
  407. print'<br/><center>Your password has been changed.</center>';
  408. }}}}}}
  409. //End Change Password
  410.  
  411. //Unstuck/Revive Function (Part 1)
  412. function ur1(){
  413. include("./core/core_includes/config.php");
  414. $get_acct = mysql_query("SELECT * FROM $db_account.account WHERE username='$login[0]'");
  415. while($gact = mysql_fetch_array($get_acct)){$acct = $gact['id'];}
  416. $get_ri = mysql_query("SELECT * FROM $db_site.realms");
  417. while($gri = mysql_fetch_array($get_ri)){$realm = $gri['db']; $rn = $gri['id'];
  418. print"<option>--Realm {$rn}--</option>";
  419. $get_cur = mysql_query("SELECT * FROM $realm.characters WHERE account='$acct'");
  420. while($gcur = mysql_fetch_array($get_cur)){
  421. print'<option value="'.$gcur['guid'].'">'.$gcur['name'].'</option>';}}
  422. }
  423. //Unstuck/Revive (Part 2)
  424. function ur2(){
  425. include("./core/core_includes/config.php");
  426. if(isset($_POST['urs'])){
  427. $guid = mysql_real_escape_string(stripslashes(htmlentities($_POST['ur'])));
  428. $pulldata = mysql_query("SELECT * FROM $db_char.characters where guid='$guid'");
  429. while($cchar = mysql_fetch_array($pulldata)){$acct[0] = $cchar['account'];}
  430. $gotdata = mysql_num_rows($pulldata); if($gotdata != 1){print'<br/><center>The character you selected does not exist.</center>';}
  431. if($gotdata == 1){
  432. $get_acct = mysql_query("SELECT * FROM $db_account.account WHERE username='$login[0]'");
  433. while($gact = mysql_fetch_array($get_acct)){$acct[1] = $gact['id'];}
  434. if($acct[0] != $acct[1]){print'<br/><center>The character you selected is not yours.</center>';}}
  435. if($gotdata == 1 && $acct[0] == $acct[1]){
  436. $px='-14406.599609';
  437. $py='419.352997';
  438. $pz='22.390306';
  439. $o='0.000000';
  440. $m='0';
  441. $z='33';
  442. mysql_query("DELETE FROM $db_char.corpse WHERE player='$guid'");
  443. //$query_select = "SELECT map, zone, position_x, position_y, position_z FROM $db_char.character_homebind WHERE guid = '".$char_array_acc['guid']."' LIMIT 1";
  444. //$query_result = mysql_query($query_select) or die(mysql_error());
  445. //$query_array = mysql_fetch_array($query_result);
  446. //echo $query_select;
  447. $final = "UPDATE $db_char.characters SET drunk = 0, playerFlags = playerFlags & ~ 16, position_x = '$px', position_y = '$py', position_z = '$pz', zone = '$z', map = '$m' WHERE guid='$guid' AND account='$acct[0]' AND account='$acct[1]' LIMIT 1";
  448. $query_final = mysql_query($final) or die(mysql_error());
  449. $aura_query = "DELETE FROM $db_char.character_aura WHERE guid='$guid'";
  450. mysql_query($aura_query) or die (mysql_error());
  451. print'<br/><center>Your character has been teleported to Booty Bay.<br/>If your character was dead, it has been revived.</center>';
  452. }}}
  453. //End Unstuck/Revive
  454.  
  455. //News Get Function
  456. function snews(){
  457. include("./core/core_includes/config.php");
  458. $query_news = mysql_query("SELECT * FROM $db_site.news");
  459. while($qn = mysql_fetch_array($query_news)){
  460. $id = $qn['id']; $post = $qn['title']; $date = $qn['date'];
  461. $value = "{$post} @ {$date}";
  462. print'<option value="'.$id.'">'.$value.'</option>';
  463. }}
  464. //End News Get
  465.  
  466. //Manage News Function
  467. function mnews(){
  468. include("./core/core_includes/config.php");
  469. if(isset($_POST['edit'])){
  470. $id = stripslashes(htmlentities($_POST['option']));
  471. header("Location: ./page.php?acp=edit_news&id=$id");
  472. }
  473. if(isset($_POST['delete'])){
  474. $id = stripslashes(htmlentities($_POST['option']));
  475. $check_id = mysql_query("SELECT * FROM $db_site.news WHERE id='$id'");
  476. $checked = mysql_num_rows($check_id);
  477. if($checked == 1){
  478. mysql_query("DELETE FROM $db_site.news WHERE id='$id'");
  479. print'Selected Post Was Deleted, please refresh tools.';}else{print'Invalid Id.';}
  480. }
  481. if(isset($_POST['post'])){
  482. $title = mysql_real_escape_string(stripslashes(htmlentities($_POST['title'])));
  483. $post = mysql_real_escape_string(stripslashes(htmlentities($_POST['body'])));
  484. $date = date("m/d/y");
  485. $insert = mysql_query("INSERT INTO $db_site.news (title, author, date, post)
  486. VALUES ('$title', '$login[0]', '$date', '$post')");
  487. if (!$insert)
  488. {
  489. die('News Error: ' . mysql_error());
  490. }else{print'News was posted.';}
  491. }
  492. if(isset($_POST['edit_news'])){
  493. $title = mysql_real_escape_string(stripslashes(htmlentities($_POST['title'])));
  494. $post = mysql_real_escape_string(stripslashes(htmlentities($_POST['body'])));
  495. $id = stripslashes(htmlentities($_GET['id']));
  496. mysql_query("UPDATE $db_site.news SET title='$title', post='$post' WHERE id='$id'");
  497. print'Post was updated, please refresh tools.';
  498. }
  499. }
  500. //End News
  501.  
  502. //Edit News
  503. function enews(){
  504. include("./core/core_includes/config.php");
  505. $id = stripslashes(htmlentities($_GET['id']));
  506. $select = mysql_query("SELECT * FROM $db_site.news WHERE id='$id'");
  507. while($gst = mysql_fetch_array($select)){
  508. $title = $gst['title'];
  509. $post = $gst['post'];
  510. }
  511. ?>
  512. <table align="center"><form action="./page.php?acp=news&id=<?php echo $id; ?>" method="post">
  513. <tr><td><select id="sdrop-large" name="option"><option>Edit or Delete a selected title</option><?php snews(); ?></select><input type="submit" name="edit" value="Edit"><input type="submit" name="delete" value="Delete"></td></tr>
  514. <tr><td><input type="text" name="title" id="body-title" value="<?php echo $title; ?>"></td></tr>
  515. <tr><td><textarea name="body" id="create-body"><?php echo $post; ?></textarea></td></tr>
  516. <tr><td>
  517. <input type="button" value="Bold" onclick="formatText(body,'b')">
  518. <input type="button" value="Italic" onclick="formatText(body,'i')">
  519. <input type="button" value="Underline" onclick="formatText(body,'u')">
  520. <input type="button" value="Img" onclick="formatText(body,'img')">
  521. <input type="button" value="Url" onclick="formatText(body,'url')">
  522. <input type="button" value="Mail" onclick="formatText(body,'mail')">
  523. <font size="2">Modified Example: [url=][/url]</font>
  524. </td></tr><tr><td align="right">
  525. <img src="./core/images/smilies/big_smile.png" onclick=" insertSmiley(':big_smile:')" />
  526. <img src="./core/images/smilies/cool.png" onclick="insertSmiley(':cool:')" />
  527. <img src="./core/images/smilies/hmm.png" onclick="insertSmiley(':hmm:')" />
  528. <img src="./core/images/smilies/lol.png" onclick="insertSmiley(':lol:')" />
  529. <img src="./core/images/smilies/mad.png" onclick="insertSmiley(':mad:')" />
  530. <img src="./core/images/smilies/neutral.png" onclick="insertSmiley(':neutral:')" />
  531. <img src="./core/images/smilies/roll.png" onclick="insertSmiley(':roll:')" />
  532. <img src="./core/images/smilies/sad.png" onclick="insertSmiley(':sad:')" />
  533. <img src="./core/images/smilies/smile.png" onclick="insertSmiley(':smile:')" />
  534. <img src="./core/images/smilies/tongue.png" onclick="insertSmiley(':tongue:')" />
  535. <img src="./core/images/smilies/wink.png" onclick="insertSmiley(':wink:')" />
  536. <img src="./core/images/smilies/yikes.png" onclick="insertSmiley(':yikes:')" />
  537. <input type="submit" name="edit_news" value="Edit News"></td></tr>
  538. <form></table>
  539. <?php }
  540. //End Edit News
  541.  
  542. //Empty Shouts
  543. function truncate(){
  544. if(isset($_POST['shout_clean'])){
  545. mysql_query("TRUNCATE $db_site.shouts");
  546. print'ShoutBox is now empty.';
  547. }}
  548. //End Empty Shouts
  549.  
  550. //Search Account Function
  551. function searcha(){
  552. include("./core/core_includes/config.php");
  553. if(isset($_POST['searcha'])){
  554. $account = mysql_real_escape_string(stripslashes(htmlentities($_POST['account'])));
  555. if(!empty($_POST['account'])){
  556. $search = mysql_query("SELECT * FROM $db_account.account WHERE username='$account'");
  557. $check = mysql_num_rows($search);
  558. while($acc = mysql_fetch_array($search)){$user = $acc['username'];}
  559. if($check == 1){print'<center><br/>[<a href="./page.php?acp=users&user='.$user.'">Edit '.$user.'</a>]</center>';}else{print'<center><br/>Account not found in our records.</center>';}
  560. }else{print'<center><br/>Account not found in our records.</center>';}
  561. }
  562. }
  563. //End Search Account
  564.  
  565. //Edit Account function
  566. function edita(){
  567. include("./core/core_includes/config.php");
  568. $user = stripslashes(htmlentities($_GET['user']));
  569. $account_info = mysql_query("SELECT * FROM $db_account.account WHERE username='$user'");
  570. while ($acci = mysql_fetch_array($account_info)){
  571. print'<table align="center"><form action="" method="post">
  572. <tr><td>Account:</td><td>'.$acci['username'].'</td></tr>
  573. <tr><td>Email:</td><td>'.$acci['email'].'</td></tr>
  574. <tr><td>Banned:</td><td><input type="text" name="banned" id="login" value="'.$acci['locked'].'"></td></tr>
  575. <tr><td>Muted:</td><td><input type="text" name="muted" id="login" value="'.$acci['mutetime'].'"></td></tr>
  576. <tr><td>Vote Points:</td><td><input type="text" name="vp" id="login" value="'.$acci['vp'].'"></td></tr>
  577. <tr><td>V.I.P Points:</td><td><input type="text" name="dp" id="login" value="'.$acci['dp'].'"></td></tr>
  578. <tr><td></td><td align="center"><input type="submit" name="edit" value="Edit User" id="login-button"></td></tr>
  579. </form></table>';
  580. }
  581. if(isset($_POST['edit'])){
  582. $banned = mysql_real_escape_string(stripslashes(htmlentities($_POST['banned'])));
  583. $muted = mysql_real_escape_string(stripslashes(htmlentities($_POST['muted'])));
  584. $vp = mysql_real_escape_string(stripslashes(htmlentities($_POST['vp'])));
  585. $dp = mysql_real_escape_string(stripslashes(htmlentities($_POST['dp'])));
  586. mysql_query("UPDATE $db_account.account SET locked='$banned', mutetime='$muted', vp='$vp', dp='$dp' WHERE username='$user'");
  587. print'<br/><center>Changes made to the account "'.$user.'" were saved, Please refresh the tool.';
  588. }}
  589. //End Edit Account
  590. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!