Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- define('TYPE_NOCLEAN', 0); // no change
- define('TYPE_BOOL', 1); // force boolean
- define('TYPE_INT', 2); // force integer
- define('TYPE_UINT', 3); // force unsigned integer
- define('TYPE_NUM', 4); // force number
- define('TYPE_UNUM', 5); // force unsigned number
- define('TYPE_UNIXTIME', 6); // force unix datestamp (unsigned integer)
- define('TYPE_STR', 7); // force trimmed string
- define('TYPE_NOTRIM', 8); // force string - no trim
- define('TYPE_NOHTML', 9); // force trimmed string with HTML made safe
- define('TYPE_ARRAY', 10); // force array
- define('TYPE_FILE', 11); // force file
- define('TYPE_BINARY', 12); // force binary string
- define('TYPE_NOHTMLCOND', 13); // force trimmed string with HTML made safe if determined to be unsafe
- include_once 'settings/config.php';
- include_once 'inc/db.class.php';
- function &clean( &$data, $type )
- {
- static $booltypes = array('1', 'yes', 'y', 'true');
- switch ($type)
- {
- case TYPE_INT: $data = intval($data); break;
- case TYPE_UINT: $data = ($data = intval($data)) < 0 ? 0 : $data; break;
- case TYPE_NUM: $data = strval($data) + 0; break;
- case TYPE_UNUM: $data = strval($data) + 0;
- $data = ($data < 0) ? 0 : $data; break;
- case TYPE_BINARY: $data = strval($data); break;
- case TYPE_STR: $data = trim(strval($data)); break;
- case TYPE_NOTRIM: $data = strval($data); break;
- case TYPE_NOHTML: $data = trim(strval($data)); break;
- case TYPE_BOOL: $data = in_array(strtolower($data), $booltypes) ? 1 : 0; break;
- case TYPE_ARRAY: $data = (is_array($data)) ? $data : array(); break;
- case TYPE_NOCLEAN: break;
- }
- // strip out characters that really have no business being in non-binary data
- switch ($type)
- {
- case TYPE_STR:
- case TYPE_NOTRIM:
- case TYPE_NOHTML:
- case TYPE_NOHTMLCOND:
- $data = str_replace(chr(0), '', $data);
- }
- return $data;
- }
- include_once 'settings/config.php';
- include_once 'inc/db.class.php';
- class site
- {
- public $db;
- function __construct()
- {
- $this->db = new db();
- if(isset($_GET['logout']))
- {
- unset($_SESSION);
- session_destroy();
- header("Location: ./");
- }
- }
- function load()
- {
- $page = (isset($_GET['page'])) ? $_GET['page'] : 'index';
- $page = (!file_exists('pages/'.$page.'.php')) ? '404' : $page;
- if(isset($_GET['admin']))
- {
- $page = 'admin/';
- $page .= (isset($_SESSION['gm'])) ? $_GET['admin'] : '404';
- if(empty($_GET['admin']) && isset($_SESSION['gm']))
- {
- $page = 'admin/admin';
- }
- if(!file_exists('pages/'.$page.'.php')) $page = '404';
- }
- if(isset($_GET['account']))
- {
- $page = 'account/';
- $page .= (isset($_SESSION['username'])) ? $_GET['account'] : 'error';
- if(empty($_GET['account']) && isset($_SESSION['username']))
- {
- $page = 'account/account';
- }
- if(!file_exists('pages/'.$page.'.php')) $page = '404';
- }
- if(isset($_GET['buy']))
- {
- $page = 'rewards/';
- $page .= (isset($_SESSION['username'])) ? $_GET['buy'] : 'error';
- if(empty($_GET['buy']) && isset($_SESSION['username']))
- {
- $page = 'account/account';
- }
- if(!file_exists('pages/'.$page.'.php')) $page = '404';
- }
- include 'template/_head.php';
- include 'pages/'.$page.'.php';
- include 'template/_foot.php';
- }
- function msg($e, $msg)
- {
- $e = ($e == 1) ? 'red' : 'green';
- print '<span style="color:'.$e.';font-size:11px;padding:5px;">'.$msg.'</span>';
- }
- function mmsg($type, $msg)
- {
- print '<section class="'.$type.'"><p>'.$msg.'</p></section>';
- }
- function mmsgcaptcha($type, $msg)
- {
- $this->__construct();
- print '<section class="'.$type.'"><p>'.$msg.'</p></section>';
- unset($_SESSION);
- session_destroy();
- header("Location: ./");
- }
- function login()
- {
- if(isset($_POST['login']))
- {
- $user = $_POST['username'];
- $pass = sha1(strtoupper($_POST['username'].':'.$_POST['password']));
- $q = $this->db->select('*','account',"username = '$user' AND sha_pass_hash = '$pass'");
- if(mysql_num_rows($q) > 0)
- {
- $row = mysql_fetch_assoc($q);
- foreach($row as $c => $v)
- {
- $_SESSION[$c] = $v;
- }
- //Encrypt the posted code field and then compare with the stored key
- $captchaaccept = $_SESSION['keya'];
- if(md5($_POST['captcha']) != $captchaaccept)
- {
- $this->mmsg('error','Invalid Captcha');
- }
- $gm = $this->db->select('*','account_access',"id = '$_SESSION[id]'");
- $row = mysql_fetch_assoc($gm);
- if($row['gmlevel'] >= 4)
- {
- $_SESSION['gm'] = 1;
- }
- }
- else
- {
- return $this->mmsg('error','Invalid Login');
- }
- header("Location: ./?account");
- exit;
- }
- }
- function getDonorPoints($id)
- {
- $q = $this->db->select('dp', 'account', "id = '$id'");
- $row = mysql_fetch_assoc($q);
- echo $row['dp'];
- return;
- }
- function getVotingPoints($id)
- {
- $q = $this->db->select('vp', 'account', "id = '$id'");
- $row = mysql_fetch_assoc($q);
- echo $row['vp'];
- return;
- }
- function getArray($table, $order, $limit = NULL)
- {
- $results = array();
- if($limit == NULL)
- {
- $q = $this->db->query("SELECT * FROM $table ORDER BY id $order");
- }
- else
- {
- $q = $this->db->query("SELECT * FROM $table ORDER BY id $order LIMIT $limit");
- }
- while($row = mysql_fetch_assoc($q))
- {
- $results[] = $row;
- }
- return $results;
- }
- function is_valid_email ($email)
- {
- $qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]';
- $dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]';
- $atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
- '\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+';
- $quoted_pair = '\\x5c\\x00-\\x7f';
- $domain_literal = "\\x5b($dtext|$quoted_pair)*\\x5d";
- $quoted_string = "\\x22($qtext|$quoted_pair)*\\x22";
- $domain_ref = $atom;
- $sub_domain = "($domain_ref|$domain_literal)";
- $word = "($atom|$quoted_string)";
- $domain = "$sub_domain(\\x2e$sub_domain)*";
- $local_part = "$word(\\x2e$word)*";
- $addr_spec = "$local_part\\x40$domain";
- return preg_match("!^$addr_spec$!", $email) ? true : false;
- }
- function bbcode($text)
- {
- $text = " " . $text;
- $text = stripslashes( $text );
- $text = str_replace( ":D", "<img src=\"images/smileys/grin.png\" />", $text );
- $text = str_replace( "xD", "<img src=\"images/smileys/evilgrin.png\" />", $text );
- $text = str_replace( ":(", "<img src=\"images/smileys/unhappy.png\" />", $text );
- $text = str_replace( "^^", "<img src=\"images/smileys/happy.png\" />", $text );
- $text = str_replace( ":)", "<img src=\"images/smileys/smile.png\" />", $text );
- $text = str_replace( ":O", "<img src=\"images/smileys/surprised.png\" />", $text );
- $text = str_replace( ":P", "<img src=\"images/smileys/tongue.png\" />", $text );
- $text = str_replace( ":3", "<img src=\"images/smileys/waii.png\" />", $text );
- $text = str_replace( ";)", "<img src=\"images/smileys/wink.png\" />", $text );
- if (!( strpos($text, "[") && strpos($text, "]"))) return nl2br($text);
- $text = preg_replace( "/\\[b\\](.+?)\[\/b\]/is", '<strong>\1</strong>', $text );
- $text = preg_replace( "/\\[center\\](.+?)\[\/center\]/is", '<span align="center">\1</span>', $text );
- $text = preg_replace( "/\\[i\\](.+?)\[\/i\]/is", '<i>\1</i>', $text );
- $text = preg_replace( "/\\[u\\](.+?)\[\/u\]/is", '<span class="underlined">\1</span>', $text );
- $text = preg_replace( "/\[s\](.+?)\[\/s\]/is", '<s>\1</s>', $text );
- $text = preg_replace( "/\[list\](.+?)\[\/list\]/is", '<ul>\1</ul>', $text );
- $text = preg_replace( "/\[\*\](.*)/", '<li>\1</li>', $text );
- $text = preg_replace( "/\[code\](.+?)\[\/code\]/is", '<code>\1</code>', $text );
- $text = preg_replace( "/\[quote\](.+?)\[\/quote\]/is", '<code>\1</code>', $text );
- $text = @eregi_replace( "\\[img]([^\\[]*)\\[/img\\]", "<img src=\"\\1\">", $text );
- $text = @eregi_replace( "\\[font=([^\\[]*)\\]([^\\[]*)\\[/font\\]", "<font style=\"font-family:\\1\">\\2</font>", $text );
- $text = @eregi_replace( "\\[color="([^\\[]*)"\\]([^\\[]*)\\[/color\\]", "<font color=\"\\1\">\\2</font>",$text );
- $text = @eregi_replace( "\\[size=([^\\[]*)\\]([^\\[]*)\\[/size\\]", "<font size=\"\\1px\">\\2</font>", $text );
- $text = @eregi_replace( "\\[url=([^\\[]*)\\]([^\\[]*)\\[/url\\]", "<a href=\"\\1\">\\2</a>", $text );
- $text = @eregi_replace( "\\[list=([^\\[]*)\\]([^\\[]*)\\[/list\\]", "<ul style='list-style-type: decimal;margin-left: 30px;' align='center'>\\2</ul>", $text );
- $text = @eregi_replace( "\\[url\\]([^\\[]*)\\[/url\\]", "<a href=\"\\1\">\\1</a>", $text );
- return nl2br($text);
- }
- function getWhereArray($table, $where)
- {
- $results = array();
- $q = $this->db->query("SELECT * FROM $table WHERE $where");
- while($row = mysql_fetch_assoc($q))
- {
- $results[] = $row;
- }
- return $results;
- }
- function files($dir, $type)
- {
- $count = count(glob($dir . '*.'.$type)) ;
- return $count;
- }
- function accountChangePw()
- {
- global $db;
- if(isset($_POST['changepass']))
- {
- $oenc = sha1(strtoupper($_SESSION['username'].':'.$_POST['oldpass']));
- $nenc = sha1(strtoupper($_SESSION['username'].':'.$_POST['newpass']));
- if($oenc != $_SESSION['sha_pass_hash'])
- {
- return $this->mmsg('error', 'Current password does not match with your old one.');
- }
- if($_POST['newpass'] != $_POST['confirmpass'])
- {
- return $this->mmsg('error', 'New passwords did not match, please try again.');
- }
- $q = mysql_query("UPDATE realmd.account SET sha_pass_hash='$nenc', v='',s='' WHERE id='$_SESSION[id]'");
- //$q = $this->db->update('account',"sha_pass_hash = '$nenc'","id = '$_SESSION[id]'",'1');
- if($q)
- {
- $this->mmsg('success', 'Password has been updated.');
- $_SESSION['sha_pass_hash'] = $nenc;
- return;
- }
- else
- {
- return $this->msg(1, 'Something went wrong, please try again.');
- }
- }
- }
- function accountChangeEmail()
- {
- global $db;
- if(isset($_POST['changemail']))
- {
- $enc = sha1(strtoupper($_SESSION['username'].':'.$_POST['pass']));
- if($enc != $_SESSION['sha_pass_hash'])
- {
- return $this->mmsg('error', 'Incorrect password you entered, please try again.');
- }
- $mail = mysql_real_escape_string($_POST['newmail']);
- $q = $this->db->update('account', "email = '$mail'", "id = '$_SESSION[id]'", '1');
- if($q)
- {
- $this->mmsg('success', 'Email has been updated.');
- $_SESSION['email'] = $_POST['newmail'];
- return;
- }
- else
- {
- return $this->msg(1, 'Something went wrong, please try again.');
- }
- }
- }
- function accountRegister()
- {
- global $db;
- if(isset($_POST['register']))
- {
- foreach($_POST as $c => $v)
- {
- $_POST[$c] = mysql_real_escape_string($v);
- }
- if(empty($_POST['validator']))
- {
- return $this->mmsg('error', 'Validator field was empty, please answer the captcha.');
- }
- if(empty($_POST['accountname']))
- {
- return $this->mmsg('error', 'Account name was empty, please try again.');
- }
- if(empty($_POST['password']) || empty($_POST['cpassword']))
- {
- return $this->mmsg('error', 'Either of the password fields were empty, please try again.');
- }
- if(!$this->is_valid_email($_POST['email']))
- {
- return $this->mmsg('error', 'Invalid e-mail, please use a real e-mail address.');
- }
- if(empty($_POST['email']))
- {
- return $this->mmsg('error', 'Email field was empty, please try again.');
- }
- if($_POST['password'] != $_POST['cpassword'])
- {
- return $this->mmsg('error', 'Passwords did not match, please try again.');
- }
- $q = $this->db->select('username','account',"username = '$_POST[accountname]'");
- if(mysql_num_rows($q) > 0)
- {
- return $this->mmsg('error', 'This username already exists, please try again.');
- }
- /*$captchaaccept = $_SESSION['keya'];
- if(md5($_POST['validator']) != $captchaaccept)
- {
- return $this->mmsg('error','Invalid Captcha');
- }*/
- $enc = sha1(strtoupper($_POST['accountname'].':'.$_POST['password']));
- $ip = $_SERVER['REMOTE_ADDR'];
- $q = $this->db->select('registerip','account',"registerip = '$ip'");
- if(mysql_num_rows($q) >= 3)
- {
- return $this->mmsg('error', 'This ip has registered more than three accounts.');
- }
- $q = $this->db->insert('account',"username = '$_POST[accountname]', sha_pass_hash = '$enc', locked = '0', email = '$_POST[email]', expansion = '2', vp = '0', dp = '0', registerip = '$ip'");
- if($q)
- {
- return $this->mmsg('success', 'Your account has been created, you may now login to the website and the forums.');
- }
- else
- {
- return $this->mmsg('error', 'Registration failed, contact an administrator');
- }
- }
- }
- function accountForgotPw()
- {
- global $web;
- if(isset($_POST['forgotpw']))
- {
- if(empty($_POST['email']))
- {
- return $this->msg(1, 'Empty e-mail address, please try again.');
- }
- if(empty($_POST['account']))
- {
- return $this->msg(1, 'Empty account name, please try again.');
- }
- $pw = base64_encode(rand(0, 5000));
- $enc = md5(strtoupper($pw));
- $q = $this->db->select('username, email','account', "username = '$_POST[account]' AND email = '$_POST[email]'");
- if(!$q)
- {
- return $this->msg(1, 'Account name & email did not match as an account in our database, please try and correct this.');
- }
- $body = ' :: '.$web->name.' ::
- You\'ve requested a new password on our realms, so here we\'re
- sending you a randomly generated password, we recommend you change
- your password when you log in through the \'Change Email\' section in
- your account panel.
- Your new password is: '. $pw .'
- If you did not do this, we strongly recommend you change your e-mail address
- aswell and ask an administrator for an account name change.';
- $body = wordwrap($body, 100);
- $headers = 'From : '.$web->admin."\r\n" .
- 'Reply-To: '.$web->admin."\r\n" .
- 'X-mailer: PHP/'.phpversion();
- mail($_POST['email'], $web->name.' Password Recovery', $body, $headers);
- $q = $this->db->update('account', "sha_pass_hash = '$enc'", "username = '$_POST[account]' AND email = '$_POST[email]'", '1');
- $this->msg(0, 'Please check your inbox, we\'ve sent you an e-mail containing your new password, it may arrive in your "Junk box" or "Spam folder" so make sure to check them out.');
- }
- }
- function addNews($t = NULL, $m = NULL)
- {
- if(isset($_POST['addnews']))
- {
- if(empty($_POST['title']))
- {
- return $this->msg(1, 'News title may not be empty, please try again.');
- }
- if(empty($_POST['news']))
- {
- return $this->msg(1, 'Message may not be empty, please try again.');
- }
- $title = mysql_real_escape_string($_POST['title']);
- $msg = mysql_real_escape_string($_POST['news']);
- $q = $this->db->insert('news',"title = '$title', message = '$msg', author = '".ucfirst(strtolower($_SESSION['username']))."'");
- if($q)
- {
- return $this->msg(0, 'News were added succesfully.');
- }
- else
- {
- return $this->msg(1, 'Something went wrong, please try again.');
- }
- }
- }
- function editNews($id)
- {
- if(isset($_POST['editnews']))
- {
- if(empty($_POST['title']))
- {
- return $this->msg(1, 'News title may not be empty, please try again.');
- }
- if(empty($_POST['news']))
- {
- return $this->msg(1, 'Message may not be empty, please try again.');
- }
- $title = mysql_real_escape_string($_POST['title']);
- $msg = mysql_real_escape_string($_POST['news']);
- $q = $this->db->update('news',"title = '$title', message = '$msg', author = '".ucfirst(strtolower($_SESSION['username']))."'", "id = '$id'", '1');
- if($q)
- {
- return $this->msg(0, 'News were edited succesfully.');
- }
- else
- {
- return $this->msg(1, 'Something went wrong, please try again.');
- }
- }
- }
- function delItem($type)
- {
- if(isset($_GET['admin']) && isset($_GET['delete']))
- {
- if($_GET['delete'] != NULL)
- {
- if(isset($_SESSION['gm']))
- {
- $id = $_GET['delete'];
- $q = $this->db->del($type, "id = '$id'");
- if($q)
- {
- return $this->msg(0, 'Item was deleted successfully.');
- }
- else
- {
- return $this->msg(1, 'Something went wrong, please try again.');
- }
- }
- }
- }
- }
- function castVote($id)
- {
- $q = mysql_query("SELECT * FROM vlinks WHERE id = '" . $id . "'");
- if ($q && mysql_num_rows($q) == 1)
- {
- $row = mysql_fetch_object($q);
- $userid = $_SESSION['id'];
- if ($userid)
- {
- $q = mysql_query("SELECT * FROM vlogs WHERE vote_id = '" . $id . "' AND (id = '" . $userid . "' OR ip_address = '" . $_SERVER['REMOTE_ADDR'] . "') ORDER BY vote_date DESC");
- $timenow = date("U");
- $timefuture = date("U")+43200;//12 hrs
- if (mysql_num_rows($q) >= 1)
- {
- $row2 = mysql_fetch_object($q);
- if ($row2->vote_date >= $timenow)
- {
- $timeaz=gmdate("G:i:s",$row2->vote_date-$timenow);
- return $this->msg(1, "You have to wait to vote for that site again.<br />" . $timeaz);
- }
- }
- mysql_query("INSERT INTO vlogs SET vote_id = '" . $id . "', id = '" . $userid . "', ip_address = '" . $_SERVER['REMOTE_ADDR'] . "', vote_date = '" . $timefuture . "'");
- mysql_query("UPDATE account SET vp = (vp + 1) WHERE id = '$userid' LIMIT 1") or die(mysql_error());
- }
- header('Location: ' . $row->url);
- exit;
- }
- }
- function getVoteSites()
- {
- if (isset($_POST['_id']))
- $this->castVote($_POST['_id']);
- ?>
- <form method="post" name="_vote" id="_vote" action="?page=vote">
- <input type="hidden" value="0" name="_id" id="_id" />
- <?php
- $q = mysql_query("SELECT * FROM vlinks");
- while ($row = mysql_fetch_object($q))
- {
- ?>
- <img src="<?php echo $row->imageurl; ?>" alt="<?php echo $row->title; ?>" onclick="castVote('<?php echo $row->id; ?>');" style="cursor:pointer;" width="90" height="55" />
- <?php
- }
- ?>
- </form>
- <script>
- function castVote(id)
- {
- document.getElementById('_id').value = id;
- document.getElementById('_vote').submit();
- }
- </script>
- <?php
- }
- function getVoteRewards($is = NULL)
- {
- $table = ($is == NULL) ? 'vrewards' : 'vrewardstwo';
- $q = mysql_query("SELECT * FROM $table") or die(mysql_error());
- if(mysql_num_rows($q) != 0)
- {
- while($i = mysql_fetch_assoc($q))
- {
- for($c = 1; $c <= 10; $c++)
- {
- if(!empty($i['stat'.$c]))
- {
- $stat[$c] = '<span class=\\\'margin-left:5px\\\'>'.$i['stat'.$c].'</span><br />';
- }
- else
- {
- $stat[$c] = '';
- }
- }
- if($i['customItem'] == 'true')
- {
- echo '<tr><td width="250"><a href="javascript:;" onmouseover="$WowheadPower.showTooltip(event, \'<span class=\\\''
- . $i['itemType'] . ' bold\\\'>' . $i['itemName'] . '</span><br />' . $stat[1] . $stat[2]
- . $stat[3] . $stat[4] . $stat[6] . $stat[7] . $stat[8] . $stat[9] . $stat[10]
- . '<br /><span class=\\\'green\\\'>This item costs: <span style=\\\'color:white\\\'>'
- . $i['price'] . '</span></span>\', \'INV_Misc_Gift_01\')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();"><span class="'
- . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
- . '</td><td width="80" align="center"> <a href="?buy=v&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
- }
- else
- {
- echo '<tr><td width="250"><a href="javascript:;" rel="item=' . $i['itemid']
- . '"><span class="' . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
- . '</td><td width="80" align="center"><a href="?buy=v&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
- }
- }
- }
- else
- {
- echo '<i>No rewards have been added to the vote system, please contact an administrator.</i>';
- }
- }
- function getDonationRewards($is = NULL)
- {
- $table = ($is == NULL) ? 'drewards' : 'drewardstwo';
- $q = mysql_query("SELECT * FROM $table") or die(mysql_error());
- if(mysql_num_rows($q) != 0)
- {
- while($i = mysql_fetch_assoc($q))
- {
- for($c = 1; $c <= 10; $c++)
- {
- if(!empty($i['stat'.$c]))
- {
- $stat[$c] = '<span class=\\\'margin-left:5px\\\'>'.$i['stat'.$c].'</span><br />';
- }
- else
- {
- $stat[$c] = '';
- }
- }
- if($i['customItem'] == 'true')
- {
- echo '<tr><td width="250"><a href="javascript:;" onmouseover="$WowheadPower.showTooltip(event, \'<span class=\\\''
- . $i['itemType'] . ' bold\\\'>' . $i['itemName'] . '</span><br />' . $stat[1] . $stat[2]
- . $stat[3] . $stat[4] . $stat[6] . $stat[7] . $stat[8] . $stat[9] . $stat[10]
- . '<br /><span class=\\\'green\\\'>This item costs: <span style=\\\'color:white\\\'>'
- . $i['price'] . '</span></span>\', \'INV_Misc_Gift_01\')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();"><span class="'
- . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
- . '</td><td width="80" align="center"> <a href="?buy=d&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
- }
- else
- {
- echo '<tr><td width="250"><a href="javascript:;" rel="item=' . $i['itemid']
- . '"><span class="' . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
- . '</td><td width="80" align="center"><a href="?buy=d&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
- }
- }
- }
- else
- {
- echo '<i>No rewards have been added to the donation system, please contact an administrator.</i>';
- }
- }
- function getChars($id)
- {
- global $donate, $db, $rauser, $rapass;
- $dbselector = ($_SESSION['realmID'] == 1) ? $donate->chardb : $donate->chardbtwo;
- mysql_select_db($dbselector) or die(mysql_error());
- $results = array();
- $q = $this->db->query("SELECT * FROM characters WHERE account = '$id'");
- if(mysql_num_rows($q) != 0)
- {
- while($row = mysql_fetch_assoc($q))
- {
- $results[] = $row;
- }
- if(isset($_POST['purchase']))
- {
- $char = $_POST['char'];
- $this->buyItem($_GET['itemid'], $char, $_SESSION['realmID']);
- }
- if(isset($_POST['unstuck']))
- {
- include("settings/config.php");
- ini_set("display_errors", 0);
- $char = $_POST['char'];
- $fp = fsockopen("logon.unforgivenwow.com", 3443, $errno, $errstr, 30);
- sleep (1);
- $out = "USER $rauser\n";
- $out2 = "PASS $rapass\n";
- $out3 = "tele name $char\n"; //send items
- fwrite($fp, $out);
- sleep (1);
- fwrite($fp, $out2);
- sleep (1);
- fwrite($fp, $out3);
- sleep (1);
- fclose($fp);
- if(!$fp)
- {
- return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
- ini_set("display_errors", 1);
- }
- return $this->mmsg('success', 'Your character has been teleported to Dalaran.');
- }
- if(isset($_POST['revive']))
- {
- $char = $_POST['char'];
- ini_set("display_errors", 0);
- include("settings/config.php");
- $fp = fsockopen("logon.unforgivenwow.com", 3443, $errno, $errstr, 30);
- sleep (1);
- $out = "USER $rauser\n";
- $out2 = "PASS $rapass\n";
- $out3 = "revive $char\n"; //revive
- fwrite($fp, $out);
- sleep (1);
- fwrite($fp, $out2);
- sleep (1);
- fwrite($fp, $out3);
- sleep (1);
- fclose($fp);
- if(!$fp)
- {
- return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
- ini_set("display_errors", 1);
- }
- return $this->mmsg('success', 'Your character has been Revived.');
- }
- }
- mysql_select_db($db->maindb);
- return $results;
- }
- function getVChars($id)
- {
- global $donate, $db;
- $dbselector = ($_SESSION['realmID'] == 1) ? $donate->chardb : $donate->chardbtwo;
- $this->db->sel_db($dbselector);
- $results = array();
- $q = $this->db->query("SELECT * FROM characters WHERE account = '$id'");
- if(mysql_num_rows($q) != 0)
- {
- while($row = mysql_fetch_assoc($q))
- {
- $results[] = $row;
- }
- if(isset($_POST['purchase']))
- {
- $char = $_POST['char'];
- $this->buyvItem($_GET['itemid'], $char, $_SESSION['realmID']);
- }
- }
- mysql_select_db($db->maindb);
- return $results;
- }
- function sendItem($itemId, $cName, $subject, $body, $realmId)
- {
- global $soap, $donate, $db, $rauser, $rapass, $rauser2, $rapass2;
- $dbselector = ($realmId == 1) ? $donate->chardb : $donate->chardbtwo;
- $this->db->sel_db($dbselector);
- $q = $this->db->select('guid', 'characters', '`name` = "' . $cName . '"');
- $count = mysql_num_rows($q);
- if ($count == 1)
- {
- try {
- if($realmId == 1)
- {
- $fp = fsockopen("logon.unforgivenwow.com", 3443, $errno, $errstr, 30);
- sleep (1);
- $out = "USER $rauser\n";
- $out2 = "PASS $rapass\n";
- }
- if($realmId == 2)
- {
- $fp = fsockopen("logon.unforgivenwow.com", 3444, $errno, $errstr, 30);
- sleep (1);
- $out = "USER $rauser2\n";
- $out2 = "PASS $rapass2\n";
- }
- $out3 = "send items $cName \"$subject\" \"$body\" $itemId\n"; //send items
- fwrite($fp, $out);
- sleep (1);
- fwrite($fp, $out2);
- sleep (1);
- fwrite($fp, $out3);
- sleep (1);
- fclose($fp);
- if(!$fp)
- {
- return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
- ini_set("display_errors", 1);
- die();
- }
- $this->db->sel_db($db->maindb);
- return true;
- }
- catch (Exception $e)
- {
- var_dump($e);exit;
- return false;
- }
- }
- $this->db->sel_db($db->maindb);
- }
- function buyvItem($id, $char = NULL, $realmId)
- {
- global $db;
- mysql_select_db($db->maindb);
- $table = ($realmId == 1) ? 'vrewards' : 'vrewardstwo';
- $q = mysql_query("SELECT * FROM $table WHERE itemid = '$id'") or die(mysql_error());
- if(!mysql_num_rows($q) == 0)
- {
- $i = mysql_fetch_assoc($q);
- $price = $i['price'];
- echo 'You are purchasing:<br /><br />'.
- 'Item: <span class="'.$i['itemType'].' bold">'.$i['itemName'].'</span><br />'.
- 'Price: <span class="bold">'.$price.'</span><br /><br />'.
- 'Are you sure you want to purchase this item?<br /><br />';
- }
- else
- {
- echo '<i>This item is not available.</i>';
- return;
- }
- if(isset($_GET['buy']) && $char != NULL)
- {
- $this->loader();
- $userid = $_SESSION['id'];
- $q = mysql_query("SELECT * FROM account WHERE id = '$userid'") or die(mysql_error());
- if(mysql_num_rows($q) > 0)
- {
- $r = mysql_fetch_assoc($q);
- if($r['vp'] >= $price)
- {
- $total_points = $r['vp'] - $price;
- if ($this->sendItem($id, $char, "Thanks for voting", "Unforgiven-WoW Thanks you for your support in keeping this server running!", $_SESSION['realmID']))
- {
- $this->db->sel_db($db->maindb);
- $q = $this->db->query("UPDATE account SET vp = '$total_points' WHERE id = '$userid' LIMIT 1");
- if($q) header("Location: ./?page=itembought");
- }
- }
- else
- {
- $this->mmsg('error','You do not have enough points, vote for more <a href="?page=vote">here</a>.');
- return;
- }
- }
- else
- {
- return $this->msg(1,'User has no points or does not exist in the database, please contact administrator if this is wrong.');
- }
- }
- }
- function loader()
- {
- global $db;
- mysql_select_db($db->maindb);
- echo '<img src="images/loaderbuy.gif" alt="loadergif"/>';
- }
- function buyItem($id, $char = NULL, $realmId)
- {
- global $db;
- mysql_select_db($db->maindb);
- $table = ($realmId == 1) ? 'drewards' : 'drewardstwo';
- $q = mysql_query("SELECT * FROM $table WHERE itemid = '$id'") or die(mysql_error());
- if(!mysql_num_rows($q) == 0)
- {
- $i = mysql_fetch_assoc($q);
- $price = $i['price'];
- echo 'You are purchasing:<br /><br />'.
- 'Item: <span class="'.$i['itemType'].' bold">'.$i['itemName'].'</span><br />'.
- 'Price: <span class="bold">'.$price.'</span><br /><br />'.
- 'Are you sure you want to purchase this item?<br /><br />';
- }
- else
- {
- echo '<i>This item is not available.</i>';
- return;
- }
- if(isset($_GET['buy']) && $char != NULL)
- {
- $userid = $_SESSION['id'];
- $q = mysql_query("SELECT * FROM account WHERE id = '$userid'") or die(mysql_error());
- if(mysql_num_rows($q) > 0)
- {
- $r = mysql_fetch_assoc($q);
- if($r['dp'] >= $price)
- {
- $total_points = $r['dp'] - $price;
- if ($this->sendItem($id, $char, "Thanks for donating", "Unforgiven-WoW Thanks you for your support in keeping this server running!", $_SESSION['realmID']))
- {
- $this->db->sel_db($db->maindb);
- $q = $this->db->query("UPDATE account SET dp = '$total_points' WHERE id = '$userid' LIMIT 1");
- if($q) header("Location: ./?page=itembought");
- }
- }
- else
- {
- $this->mmsg('error','You do not have enough points, donate for more <a href="?page=donate">here</a>.');
- return;
- }
- }
- else
- {
- return $this->msg(1,'User has no points or does not exist in the database, please contact administrator if this is wrong.');
- }
- }
- }
- function addReward($type, $typetwo = NULL)
- {
- if(isset($_POST['additem']))
- {
- foreach($_POST as $c => $v)
- {
- $_POST[$c] = mysql_real_escape_string($v);
- }
- if(!isset($_POST['customitem']))
- {
- return $this->msg(1,'You must select the custom item value.');
- }
- if(!isset($_POST['itemtype']))
- {
- return $this->msg(1,'You must select an item color.');
- }
- if(!isset($_POST['itemName']) && !isset($_POST['itemid']))
- {
- return $this->msg(1,'You must fill in an Item name & ID');
- }
- $item_id = $_POST['itemid'];
- $price = $_POST['price'];
- if($_POST['customitem'] != 'true')
- {
- $q = $this->db->query("INSERT INTO $type SET itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', customItem = 'false', itemid = '$item_id', price = '$price'");
- }
- else
- {
- $q = $this->db->query("INSERT INTO $type SET customItem = 'true', itemid = '$item_id', itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', stat1 = '$_POST[stat1]', stat2 = '$_POST[stat2]', stat3 = '$_POST[stat3]', stat4 = '$_POST[stat4]', stat5 = '$_POST[stat5]', stat6 = '$_POST[stat6]', stat7 = '$_POST[stat7]', stat8 = '$_POST[stat8]', stat9 = '$_POST[stat9]', stat10 = '$_POST[stat10]', price = '$price'");
- }
- if(!$q)
- {
- return $this->msg(1,'Something went wrong, please try again.');
- }
- else
- {
- header("Location: ?admin");
- exit;
- }
- }
- if(isset($_POST['additemtwo']))
- {
- foreach($_POST as $c => $v)
- {
- $_POST[$c] = mysql_real_escape_string($v);
- }
- if(!isset($_POST['customitem']))
- {
- return $this->msg(1,'You must select the custom item value.');
- }
- if(!isset($_POST['itemtype']))
- {
- return $this->msg(1,'You must select an item color.');
- }
- if(!isset($_POST['itemName']) && !isset($_POST['itemid']))
- {
- return $this->msg(1,'You must fill in an Item name & ID');
- }
- $item_id = $_POST['itemid'];
- $price = $_POST['price'];
- if($_POST['customitem'] != 'true')
- {
- $q = $this->db->query("INSERT INTO $typetwo SET itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', customItem = 'false', itemid = '$item_id', price = '$price'");
- }
- else
- {
- $q = $this->db->query("INSERT INTO $typetwo SET customItem = 'true', itemid = '$item_id', itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', stat1 = '$_POST[stat1]', stat2 = '$_POST[stat2]', stat3 = '$_POST[stat3]', stat4 = '$_POST[stat4]', stat5 = '$_POST[stat5]', stat6 = '$_POST[stat6]', stat7 = '$_POST[stat7]', stat8 = '$_POST[stat8]', stat9 = '$_POST[stat9]', stat10 = '$_POST[stat10]', price = '$price'");
- }
- if(!$q)
- {
- return $this->msg(1,'Something went wrong, please try again.');
- }
- else
- {
- header("Location: ?admin");
- exit;
- }
- }
- }
- function adminDeleteReward($type)
- {
- if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
- {
- $del = ($type == 'donations') ? 'drewards' : 'vrewards';
- if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
- {
- $id = $_GET['delete'];
- $q = $this->db->del($del, "itemid = '$id'");
- header("Location: ./?admin=$type");
- }
- }
- }
- function adminDeleteRewardTwo($type)
- {
- if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
- {
- $del = ($type == 'donations') ? 'drewardstwo' : 'vrewardstwo';
- if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
- {
- $id = $_GET['deletetwo'];
- $q = $this->db->del($del, "itemid = '$id'");
- header("Location: ./?admin=$type");
- }
- }
- }
- function adminDeleteSite($type)
- {
- if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
- {
- $del = ($type == 'sites') ? 'vlinks' : 'THIS DOEZ NOT WORK!!404 ERROR OMGAD';
- if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
- {
- $id = $_GET['delete'];
- $q = $this->db->del($del, "id = '$id'");
- header("Location: ./?admin=$type");
- }
- }
- }
- function addSite()
- {
- if(isset($_POST['addsite']))
- {
- foreach($_POST as $c => $v)
- {
- $_POST[$c] = mysql_real_escape_string($v);
- }
- if(empty($_POST['title'])) return $this->msg(1,'Voting title is empty, please try again.');
- if(empty($_POST['imageurl'])) return $this->msg(1, 'Image url is empty, please try again.');
- if(empty($_POST['url'])) return $tihs->msg(1, 'Link is empty, please try again.');
- $q = $this->db->query("INSERT INTO vlinks SET title = '$_POST[title]', imageurl = '$_POST[imageurl]', url = '$_POST[url]'");
- if($q)
- {
- header("Location: ./?admin=sites");
- exit;
- }
- else
- {
- return $this->msg(1, 'Something went wrong, please try again.');
- }
- }
- }
- function playersOnline($id)
- {
- global $realm, $db;
- $dbs = explode(',', $realm->chardb);
- $this->db->sel_db($dbs[$id]);
- $q = $this->db->query("SELECT * FROM characters WHERE online = 1");
- while($row = mysql_fetch_assoc($q))
- {
- print '<tr>
- <td> '.$row['name'].'</td>
- <td> '.$row['level'].'</td>
- <td> <img src="images/stats/'.$row['class'].'.gif" /></td>
- <td> <img src="images/stats/'.$row['race']."-".$row['gender'].'.gif" /></td>
- </tr>';
- }
- return $this->db->sel_db($db->maindb);
- }
- function statusOnline($id)
- {
- global $realm, $db;
- $dbs = explode(',', $realm->chardb);
- $this->db->sel_db($dbs[$id]);
- $q = $this->db->query("SELECT * FROM characters WHERE online = 1");
- $online = mysql_num_rows($q);
- $this->db->sel_db($db->maindb);
- return print $online;
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement