API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 20th, 2017
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.34 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. define('TYPE_NOCLEAN', 0); // no change
  3. define('TYPE_BOOL', 1); // force boolean
  4. define('TYPE_INT', 2); // force integer
  5. define('TYPE_UINT', 3); // force unsigned integer
  6. define('TYPE_NUM', 4); // force number
  7. define('TYPE_UNUM', 5); // force unsigned number
  8. define('TYPE_UNIXTIME', 6); // force unix datestamp (unsigned integer)
  9. define('TYPE_STR', 7); // force trimmed string
  10. define('TYPE_NOTRIM', 8); // force string - no trim
  11. define('TYPE_NOHTML', 9); // force trimmed string with HTML made safe
  12. define('TYPE_ARRAY', 10); // force array
  13. define('TYPE_FILE', 11); // force file
  14. define('TYPE_BINARY', 12); // force binary string
  15. define('TYPE_NOHTMLCOND', 13); // force trimmed string with HTML made safe if determined to be unsafe
  16.  
  17. include_once 'settings/config.php';
  18. include_once 'inc/db.class.php';
  19. function &clean( &$data, $type )
  20. {
  21. static $booltypes = array('1', 'yes', 'y', 'true');
  22.  
  23. switch ($type)
  24. {
  25. case TYPE_INT: $data = intval($data); break;
  26. case TYPE_UINT: $data = ($data = intval($data)) < 0 ? 0 : $data; break;
  27. case TYPE_NUM: $data = strval($data) + 0; break;
  28. case TYPE_UNUM: $data = strval($data) + 0;
  29. $data = ($data < 0) ? 0 : $data; break;
  30. case TYPE_BINARY: $data = strval($data); break;
  31. case TYPE_STR: $data = trim(strval($data)); break;
  32. case TYPE_NOTRIM: $data = strval($data); break;
  33. case TYPE_NOHTML: $data = trim(strval($data)); break;
  34. case TYPE_BOOL: $data = in_array(strtolower($data), $booltypes) ? 1 : 0; break;
  35. case TYPE_ARRAY: $data = (is_array($data)) ? $data : array(); break;
  36. case TYPE_NOCLEAN: break;
  37. }
  38.  
  39. // strip out characters that really have no business being in non-binary data
  40. switch ($type)
  41. {
  42. case TYPE_STR:
  43. case TYPE_NOTRIM:
  44. case TYPE_NOHTML:
  45. case TYPE_NOHTMLCOND:
  46. $data = str_replace(chr(0), '', $data);
  47. }
  48.  
  49. return $data;
  50. }
  51. include_once 'settings/config.php';
  52. include_once 'inc/db.class.php';
  53.  
  54. class site
  55. {
  56. public $db;
  57.  
  58. function __construct()
  59. {
  60. $this->db = new db();
  61. if(isset($_GET['logout']))
  62. {
  63. unset($_SESSION);
  64. session_destroy();
  65. header("Location: ./");
  66. }
  67. }
  68.  
  69. function load()
  70. {
  71. $page = (isset($_GET['page'])) ? $_GET['page'] : 'index';
  72. $page = (!file_exists('pages/'.$page.'.php')) ? '404' : $page;
  73.  
  74. if(isset($_GET['admin']))
  75. {
  76. $page = 'admin/';
  77. $page .= (isset($_SESSION['gm'])) ? $_GET['admin'] : '404';
  78.  
  79. if(empty($_GET['admin']) && isset($_SESSION['gm']))
  80. {
  81. $page = 'admin/admin';
  82. }
  83.  
  84. if(!file_exists('pages/'.$page.'.php')) $page = '404';
  85. }
  86.  
  87. if(isset($_GET['account']))
  88. {
  89. $page = 'account/';
  90. $page .= (isset($_SESSION['username'])) ? $_GET['account'] : 'error';
  91.  
  92. if(empty($_GET['account']) && isset($_SESSION['username']))
  93. {
  94. $page = 'account/account';
  95. }
  96.  
  97. if(!file_exists('pages/'.$page.'.php')) $page = '404';
  98. }
  99.  
  100. if(isset($_GET['buy']))
  101. {
  102. $page = 'rewards/';
  103. $page .= (isset($_SESSION['username'])) ? $_GET['buy'] : 'error';
  104.  
  105. if(empty($_GET['buy']) && isset($_SESSION['username']))
  106. {
  107. $page = 'account/account';
  108. }
  109.  
  110. if(!file_exists('pages/'.$page.'.php')) $page = '404';
  111. }
  112.  
  113. include 'template/_head.php';
  114. include 'pages/'.$page.'.php';
  115. include 'template/_foot.php';
  116.  
  117. }
  118.  
  119. function msg($e, $msg)
  120. {
  121. $e = ($e == 1) ? 'red' : 'green';
  122. print '<span style="color:'.$e.';font-size:11px;padding:5px;">'.$msg.'</span>';
  123. }
  124.  
  125. function mmsg($type, $msg)
  126. {
  127. print '<section class="'.$type.'"><p>'.$msg.'</p></section>';
  128. }
  129.  
  130. function mmsgcaptcha($type, $msg)
  131. {
  132. $this->__construct();
  133. print '<section class="'.$type.'"><p>'.$msg.'</p></section>';
  134. unset($_SESSION);
  135. session_destroy();
  136. header("Location: ./");
  137. }
  138. function login()
  139. {
  140.  
  141. if(isset($_POST['login']))
  142. {
  143. $user = $_POST['username'];
  144. $pass = sha1(strtoupper($_POST['username'].':'.$_POST['password']));
  145.  
  146. $q = $this->db->select('*','account',"username = '$user' AND sha_pass_hash = '$pass'");
  147. if(mysql_num_rows($q) > 0)
  148. {
  149. $row = mysql_fetch_assoc($q);
  150. foreach($row as $c => $v)
  151. {
  152. $_SESSION[$c] = $v;
  153. }
  154.  
  155.  
  156. //Encrypt the posted code field and then compare with the stored key
  157.  
  158. $captchaaccept = $_SESSION['keya'];
  159.  
  160. if(md5($_POST['captcha']) != $captchaaccept)
  161. {
  162. $this->mmsg('error','Invalid Captcha');
  163.  
  164. }
  165.  
  166. $gm = $this->db->select('*','account_access',"id = '$_SESSION[id]'");
  167. $row = mysql_fetch_assoc($gm);
  168.  
  169. if($row['gmlevel'] >= 4)
  170. {
  171. $_SESSION['gm'] = 1;
  172. }
  173.  
  174. }
  175. else
  176. {
  177. return $this->mmsg('error','Invalid Login');
  178. }
  179.  
  180. header("Location: ./?account");
  181.  
  182. exit;
  183.  
  184. }
  185.  
  186. }
  187.  
  188. function getDonorPoints($id)
  189. {
  190. $q = $this->db->select('dp', 'account', "id = '$id'");
  191. $row = mysql_fetch_assoc($q);
  192.  
  193. echo $row['dp'];
  194. return;
  195. }
  196.  
  197. function getVotingPoints($id)
  198. {
  199. $q = $this->db->select('vp', 'account', "id = '$id'");
  200. $row = mysql_fetch_assoc($q);
  201.  
  202. echo $row['vp'];
  203. return;
  204. }
  205.  
  206. function getArray($table, $order, $limit = NULL)
  207. {
  208. $results = array();
  209. if($limit == NULL)
  210. {
  211. $q = $this->db->query("SELECT * FROM $table ORDER BY id $order");
  212. }
  213. else
  214. {
  215. $q = $this->db->query("SELECT * FROM $table ORDER BY id $order LIMIT $limit");
  216. }
  217. while($row = mysql_fetch_assoc($q))
  218. {
  219. $results[] = $row;
  220. }
  221.  
  222. return $results;
  223. }
  224.  
  225. function is_valid_email ($email)
  226. {
  227. $qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]';
  228. $dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]';
  229. $atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
  230. '\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+';
  231. $quoted_pair = '\\x5c\\x00-\\x7f';
  232. $domain_literal = "\\x5b($dtext|$quoted_pair)*\\x5d";
  233. $quoted_string = "\\x22($qtext|$quoted_pair)*\\x22";
  234. $domain_ref = $atom;
  235. $sub_domain = "($domain_ref|$domain_literal)";
  236. $word = "($atom|$quoted_string)";
  237. $domain = "$sub_domain(\\x2e$sub_domain)*";
  238. $local_part = "$word(\\x2e$word)*";
  239. $addr_spec = "$local_part\\x40$domain";
  240.  
  241. return preg_match("!^$addr_spec$!", $email) ? true : false;
  242. }
  243.  
  244. function bbcode($text)
  245. {
  246. $text = " " . $text;
  247. $text = stripslashes( $text );
  248. $text = str_replace( ":D", "<img src=\"images/smileys/grin.png\" />", $text );
  249. $text = str_replace( "xD", "<img src=\"images/smileys/evilgrin.png\" />", $text );
  250. $text = str_replace( ":(", "<img src=\"images/smileys/unhappy.png\" />", $text );
  251. $text = str_replace( "^^", "<img src=\"images/smileys/happy.png\" />", $text );
  252. $text = str_replace( ":)", "<img src=\"images/smileys/smile.png\" />", $text );
  253. $text = str_replace( ":O", "<img src=\"images/smileys/surprised.png\" />", $text );
  254. $text = str_replace( ":P", "<img src=\"images/smileys/tongue.png\" />", $text );
  255. $text = str_replace( ":3", "<img src=\"images/smileys/waii.png\" />", $text );
  256. $text = str_replace( ";)", "<img src=\"images/smileys/wink.png\" />", $text );
  257. if (!( strpos($text, "[") && strpos($text, "]"))) return nl2br($text);
  258. $text = preg_replace( "/\\[b\\](.+?)\[\/b\]/is", '<strong>\1</strong>', $text );
  259. $text = preg_replace( "/\\[center\\](.+?)\[\/center\]/is", '<span align="center">\1</span>', $text );
  260. $text = preg_replace( "/\\[i\\](.+?)\[\/i\]/is", '<i>\1</i>', $text );
  261. $text = preg_replace( "/\\[u\\](.+?)\[\/u\]/is", '<span class="underlined">\1</span>', $text );
  262. $text = preg_replace( "/\[s\](.+?)\[\/s\]/is", '<s>\1</s>', $text );
  263. $text = preg_replace( "/\[list\](.+?)\[\/list\]/is", '<ul>\1</ul>', $text );
  264. $text = preg_replace( "/\[\*\](.*)/", '<li>\1</li>', $text );
  265. $text = preg_replace( "/\[code\](.+?)\[\/code\]/is", '<code>\1</code>', $text );
  266. $text = preg_replace( "/\[quote\](.+?)\[\/quote\]/is", '<code>\1</code>', $text );
  267. $text = @eregi_replace( "\\[img]([^\\[]*)\\[/img\\]", "<img src=\"\\1\">", $text );
  268. $text = @eregi_replace( "\\[font=([^\\[]*)\\]([^\\[]*)\\[/font\\]", "<font style=\"font-family:\\1\">\\2</font>", $text );
  269. $text = @eregi_replace( "\\[color="([^\\[]*)"\\]([^\\[]*)\\[/color\\]", "<font color=\"\\1\">\\2</font>",$text );
  270. $text = @eregi_replace( "\\[size=([^\\[]*)\\]([^\\[]*)\\[/size\\]", "<font size=\"\\1px\">\\2</font>", $text );
  271. $text = @eregi_replace( "\\[url=([^\\[]*)\\]([^\\[]*)\\[/url\\]", "<a href=\"\\1\">\\2</a>", $text );
  272. $text = @eregi_replace( "\\[list=([^\\[]*)\\]([^\\[]*)\\[/list\\]", "<ul style='list-style-type: decimal;margin-left: 30px;' align='center'>\\2</ul>", $text );
  273. $text = @eregi_replace( "\\[url\\]([^\\[]*)\\[/url\\]", "<a href=\"\\1\">\\1</a>", $text );
  274. return nl2br($text);
  275.  
  276. }
  277.  
  278. function getWhereArray($table, $where)
  279. {
  280. $results = array();
  281. $q = $this->db->query("SELECT * FROM $table WHERE $where");
  282. while($row = mysql_fetch_assoc($q))
  283. {
  284. $results[] = $row;
  285. }
  286.  
  287. return $results;
  288. }
  289.  
  290. function files($dir, $type)
  291. {
  292.  
  293. $count = count(glob($dir . '*.'.$type)) ;
  294. return $count;
  295.  
  296. }
  297.  
  298. function accountChangePw()
  299. {
  300. global $db;
  301. if(isset($_POST['changepass']))
  302. {
  303. $oenc = sha1(strtoupper($_SESSION['username'].':'.$_POST['oldpass']));
  304. $nenc = sha1(strtoupper($_SESSION['username'].':'.$_POST['newpass']));
  305.  
  306. if($oenc != $_SESSION['sha_pass_hash'])
  307. {
  308. return $this->mmsg('error', 'Current password does not match with your old one.');
  309. }
  310.  
  311. if($_POST['newpass'] != $_POST['confirmpass'])
  312. {
  313. return $this->mmsg('error', 'New passwords did not match, please try again.');
  314. }
  315.  
  316. $q = mysql_query("UPDATE realmd.account SET sha_pass_hash='$nenc', v='',s='' WHERE id='$_SESSION[id]'");
  317.  
  318. //$q = $this->db->update('account',"sha_pass_hash = '$nenc'","id = '$_SESSION[id]'",'1');
  319. if($q)
  320. {
  321. $this->mmsg('success', 'Password has been updated.');
  322. $_SESSION['sha_pass_hash'] = $nenc;
  323. return;
  324. }
  325. else
  326. {
  327. return $this->msg(1, 'Something went wrong, please try again.');
  328. }
  329. }
  330. }
  331.  
  332. function accountChangeEmail()
  333. {
  334. global $db;
  335. if(isset($_POST['changemail']))
  336. {
  337. $enc = sha1(strtoupper($_SESSION['username'].':'.$_POST['pass']));
  338.  
  339. if($enc != $_SESSION['sha_pass_hash'])
  340. {
  341. return $this->mmsg('error', 'Incorrect password you entered, please try again.');
  342. }
  343.  
  344. $mail = mysql_real_escape_string($_POST['newmail']);
  345.  
  346. $q = $this->db->update('account', "email = '$mail'", "id = '$_SESSION[id]'", '1');
  347. if($q)
  348. {
  349. $this->mmsg('success', 'Email has been updated.');
  350. $_SESSION['email'] = $_POST['newmail'];
  351. return;
  352. }
  353. else
  354. {
  355. return $this->msg(1, 'Something went wrong, please try again.');
  356. }
  357. }
  358. }
  359.  
  360. function accountRegister()
  361. {
  362. global $db;
  363.  
  364. if(isset($_POST['register']))
  365. {
  366. foreach($_POST as $c => $v)
  367. {
  368. $_POST[$c] = mysql_real_escape_string($v);
  369. }
  370.  
  371. if(empty($_POST['validator']))
  372. {
  373. return $this->mmsg('error', 'Validator field was empty, please answer the captcha.');
  374. }
  375.  
  376. if(empty($_POST['accountname']))
  377. {
  378. return $this->mmsg('error', 'Account name was empty, please try again.');
  379. }
  380.  
  381. if(empty($_POST['password']) || empty($_POST['cpassword']))
  382. {
  383. return $this->mmsg('error', 'Either of the password fields were empty, please try again.');
  384. }
  385.  
  386. if(!$this->is_valid_email($_POST['email']))
  387. {
  388. return $this->mmsg('error', 'Invalid e-mail, please use a real e-mail address.');
  389. }
  390.  
  391. if(empty($_POST['email']))
  392. {
  393. return $this->mmsg('error', 'Email field was empty, please try again.');
  394. }
  395.  
  396.  
  397. if($_POST['password'] != $_POST['cpassword'])
  398. {
  399. return $this->mmsg('error', 'Passwords did not match, please try again.');
  400. }
  401.  
  402. $q = $this->db->select('username','account',"username = '$_POST[accountname]'");
  403. if(mysql_num_rows($q) > 0)
  404. {
  405. return $this->mmsg('error', 'This username already exists, please try again.');
  406. }
  407.  
  408. /*$captchaaccept = $_SESSION['keya'];
  409. if(md5($_POST['validator']) != $captchaaccept)
  410. {
  411. return $this->mmsg('error','Invalid Captcha');
  412. }*/
  413.  
  414. $enc = sha1(strtoupper($_POST['accountname'].':'.$_POST['password']));
  415.  
  416. $ip = $_SERVER['REMOTE_ADDR'];
  417.  
  418. $q = $this->db->select('registerip','account',"registerip = '$ip'");
  419. if(mysql_num_rows($q) >= 3)
  420. {
  421. return $this->mmsg('error', 'This ip has registered more than three accounts.');
  422. }
  423.  
  424. $q = $this->db->insert('account',"username = '$_POST[accountname]', sha_pass_hash = '$enc', locked = '0', email = '$_POST[email]', expansion = '2', vp = '0', dp = '0', registerip = '$ip'");
  425. if($q)
  426. {
  427. return $this->mmsg('success', 'Your account has been created, you may now login to the website and the forums.');
  428. }
  429. else
  430. {
  431. return $this->mmsg('error', 'Registration failed, contact an administrator');
  432. }
  433. }
  434. }
  435.  
  436. function accountForgotPw()
  437. {
  438. global $web;
  439.  
  440. if(isset($_POST['forgotpw']))
  441. {
  442. if(empty($_POST['email']))
  443. {
  444. return $this->msg(1, 'Empty e-mail address, please try again.');
  445. }
  446.  
  447. if(empty($_POST['account']))
  448. {
  449. return $this->msg(1, 'Empty account name, please try again.');
  450. }
  451.  
  452. $pw = base64_encode(rand(0, 5000));
  453. $enc = md5(strtoupper($pw));
  454. $q = $this->db->select('username, email','account', "username = '$_POST[account]' AND email = '$_POST[email]'");
  455. if(!$q)
  456. {
  457. return $this->msg(1, 'Account name & email did not match as an account in our database, please try and correct this.');
  458. }
  459.  
  460. $body = ' :: '.$web->name.' ::
  461. You\'ve requested a new password on our realms, so here we\'re
  462. sending you a randomly generated password, we recommend you change
  463. your password when you log in through the \'Change Email\' section in
  464. your account panel.
  465.  
  466. Your new password is: '. $pw .'
  467.  
  468. If you did not do this, we strongly recommend you change your e-mail address
  469. aswell and ask an administrator for an account name change.';
  470. $body = wordwrap($body, 100);
  471. $headers = 'From : '.$web->admin."\r\n" .
  472. 'Reply-To: '.$web->admin."\r\n" .
  473. 'X-mailer: PHP/'.phpversion();
  474. mail($_POST['email'], $web->name.' Password Recovery', $body, $headers);
  475.  
  476. $q = $this->db->update('account', "sha_pass_hash = '$enc'", "username = '$_POST[account]' AND email = '$_POST[email]'", '1');
  477. $this->msg(0, 'Please check your inbox, we\'ve sent you an e-mail containing your new password, it may arrive in your "Junk box" or "Spam folder" so make sure to check them out.');
  478. }
  479. }
  480.  
  481. function addNews($t = NULL, $m = NULL)
  482. {
  483. if(isset($_POST['addnews']))
  484. {
  485. if(empty($_POST['title']))
  486. {
  487. return $this->msg(1, 'News title may not be empty, please try again.');
  488. }
  489.  
  490. if(empty($_POST['news']))
  491. {
  492. return $this->msg(1, 'Message may not be empty, please try again.');
  493. }
  494.  
  495. $title = mysql_real_escape_string($_POST['title']);
  496. $msg = mysql_real_escape_string($_POST['news']);
  497.  
  498. $q = $this->db->insert('news',"title = '$title', message = '$msg', author = '".ucfirst(strtolower($_SESSION['username']))."'");
  499. if($q)
  500. {
  501. return $this->msg(0, 'News were added succesfully.');
  502. }
  503. else
  504. {
  505. return $this->msg(1, 'Something went wrong, please try again.');
  506. }
  507. }
  508. }
  509.  
  510. function editNews($id)
  511. {
  512. if(isset($_POST['editnews']))
  513. {
  514. if(empty($_POST['title']))
  515. {
  516. return $this->msg(1, 'News title may not be empty, please try again.');
  517. }
  518.  
  519. if(empty($_POST['news']))
  520. {
  521. return $this->msg(1, 'Message may not be empty, please try again.');
  522. }
  523.  
  524. $title = mysql_real_escape_string($_POST['title']);
  525. $msg = mysql_real_escape_string($_POST['news']);
  526.  
  527. $q = $this->db->update('news',"title = '$title', message = '$msg', author = '".ucfirst(strtolower($_SESSION['username']))."'", "id = '$id'", '1');
  528. if($q)
  529. {
  530. return $this->msg(0, 'News were edited succesfully.');
  531. }
  532. else
  533. {
  534. return $this->msg(1, 'Something went wrong, please try again.');
  535. }
  536. }
  537.  
  538. }
  539.  
  540. function delItem($type)
  541. {
  542. if(isset($_GET['admin']) && isset($_GET['delete']))
  543. {
  544. if($_GET['delete'] != NULL)
  545. {
  546. if(isset($_SESSION['gm']))
  547. {
  548. $id = $_GET['delete'];
  549. $q = $this->db->del($type, "id = '$id'");
  550. if($q)
  551. {
  552. return $this->msg(0, 'Item was deleted successfully.');
  553. }
  554. else
  555. {
  556. return $this->msg(1, 'Something went wrong, please try again.');
  557. }
  558. }
  559. }
  560. }
  561. }
  562.  
  563. function castVote($id)
  564. {
  565. $q = mysql_query("SELECT * FROM vlinks WHERE id = '" . $id . "'");
  566. if ($q && mysql_num_rows($q) == 1)
  567. {
  568. $row = mysql_fetch_object($q);
  569. $userid = $_SESSION['id'];
  570. if ($userid)
  571. {
  572. $q = mysql_query("SELECT * FROM vlogs WHERE vote_id = '" . $id . "' AND (id = '" . $userid . "' OR ip_address = '" . $_SERVER['REMOTE_ADDR'] . "') ORDER BY vote_date DESC");
  573.  
  574. $timenow = date("U");
  575. $timefuture = date("U")+43200;//12 hrs
  576. if (mysql_num_rows($q) >= 1)
  577. {
  578. $row2 = mysql_fetch_object($q);
  579. if ($row2->vote_date >= $timenow)
  580. {
  581. $timeaz=gmdate("G:i:s",$row2->vote_date-$timenow);
  582. return $this->msg(1, "You have to wait to vote for that site again.<br />" . $timeaz);
  583. }
  584. }
  585. mysql_query("INSERT INTO vlogs SET vote_id = '" . $id . "', id = '" . $userid . "', ip_address = '" . $_SERVER['REMOTE_ADDR'] . "', vote_date = '" . $timefuture . "'");
  586. mysql_query("UPDATE account SET vp = (vp + 1) WHERE id = '$userid' LIMIT 1") or die(mysql_error());
  587. }
  588. header('Location: ' . $row->url);
  589.  
  590. exit;
  591. }
  592. }
  593.  
  594. function getVoteSites()
  595. {
  596. if (isset($_POST['_id']))
  597. $this->castVote($_POST['_id']);
  598. ?>
  599. <form method="post" name="_vote" id="_vote" action="?page=vote">
  600. <input type="hidden" value="0" name="_id" id="_id" />
  601. <?php
  602. $q = mysql_query("SELECT * FROM vlinks");
  603. while ($row = mysql_fetch_object($q))
  604. {
  605. ?>
  606. <img src="<?php echo $row->imageurl; ?>" alt="<?php echo $row->title; ?>" onclick="castVote('<?php echo $row->id; ?>');" style="cursor:pointer;" width="90" height="55" />
  607. <?php
  608. }
  609. ?>
  610. </form>
  611. <script>
  612. function castVote(id)
  613. {
  614. document.getElementById('_id').value = id;
  615. document.getElementById('_vote').submit();
  616. }
  617. </script>
  618. <?php
  619. }
  620.  
  621. function getVoteRewards($is = NULL)
  622. {
  623. $table = ($is == NULL) ? 'vrewards' : 'vrewardstwo';
  624. $q = mysql_query("SELECT * FROM $table") or die(mysql_error());
  625. if(mysql_num_rows($q) != 0)
  626. {
  627. while($i = mysql_fetch_assoc($q))
  628. {
  629.  
  630. for($c = 1; $c <= 10; $c++)
  631. {
  632. if(!empty($i['stat'.$c]))
  633. {
  634. $stat[$c] = '<span class=\\\'margin-left:5px\\\'>'.$i['stat'.$c].'</span><br />';
  635. }
  636. else
  637. {
  638. $stat[$c] = '';
  639. }
  640. }
  641.  
  642. if($i['customItem'] == 'true')
  643. {
  644. echo '<tr><td width="250"><a href="javascript:;" onmouseover="$WowheadPower.showTooltip(event, \'<span class=\\\''
  645. . $i['itemType'] . ' bold\\\'>' . $i['itemName'] . '</span><br />' . $stat[1] . $stat[2]
  646. . $stat[3] . $stat[4] . $stat[6] . $stat[7] . $stat[8] . $stat[9] . $stat[10]
  647. . '<br /><span class=\\\'green\\\'>This item costs: <span style=\\\'color:white\\\'>'
  648. . $i['price'] . '</span></span>\', \'INV_Misc_Gift_01\')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();"><span class="'
  649. . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
  650. . '</td><td width="80" align="center"> <a href="?buy=v&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
  651.  
  652. }
  653. else
  654. {
  655. echo '<tr><td width="250"><a href="javascript:;" rel="item=' . $i['itemid']
  656. . '"><span class="' . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
  657. . '</td><td width="80" align="center"><a href="?buy=v&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
  658. }
  659.  
  660. }
  661. }
  662. else
  663. {
  664. echo '<i>No rewards have been added to the vote system, please contact an administrator.</i>';
  665. }
  666. }
  667.  
  668. function getDonationRewards($is = NULL)
  669. {
  670.  
  671. $table = ($is == NULL) ? 'drewards' : 'drewardstwo';
  672. $q = mysql_query("SELECT * FROM $table") or die(mysql_error());
  673. if(mysql_num_rows($q) != 0)
  674. {
  675. while($i = mysql_fetch_assoc($q))
  676. {
  677.  
  678. for($c = 1; $c <= 10; $c++)
  679. {
  680. if(!empty($i['stat'.$c]))
  681. {
  682. $stat[$c] = '<span class=\\\'margin-left:5px\\\'>'.$i['stat'.$c].'</span><br />';
  683. }
  684. else
  685. {
  686. $stat[$c] = '';
  687. }
  688. }
  689.  
  690. if($i['customItem'] == 'true')
  691. {
  692. echo '<tr><td width="250"><a href="javascript:;" onmouseover="$WowheadPower.showTooltip(event, \'<span class=\\\''
  693. . $i['itemType'] . ' bold\\\'>' . $i['itemName'] . '</span><br />' . $stat[1] . $stat[2]
  694. . $stat[3] . $stat[4] . $stat[6] . $stat[7] . $stat[8] . $stat[9] . $stat[10]
  695. . '<br /><span class=\\\'green\\\'>This item costs: <span style=\\\'color:white\\\'>'
  696. . $i['price'] . '</span></span>\', \'INV_Misc_Gift_01\')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();"><span class="'
  697. . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
  698. . '</td><td width="80" align="center"> <a href="?buy=d&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
  699.  
  700. }
  701. else
  702. {
  703. echo '<tr><td width="250"><a href="javascript:;" rel="item=' . $i['itemid']
  704. . '"><span class="' . $i['itemType'] . '">' . $i['itemName'] . '</span></a></td><td width="60" align="center"> ' . $i['price']
  705. . '</td><td width="80" align="center"><a href="?buy=d&itemid=' . $i['itemid'] . '">Buy this item</a></td></tr>';
  706. }
  707.  
  708. }
  709. }
  710. else
  711. {
  712. echo '<i>No rewards have been added to the donation system, please contact an administrator.</i>';
  713. }
  714. }
  715.  
  716. function getChars($id)
  717. {
  718. global $donate, $db, $rauser, $rapass;
  719. $dbselector = ($_SESSION['realmID'] == 1) ? $donate->chardb : $donate->chardbtwo;
  720. mysql_select_db($dbselector) or die(mysql_error());
  721.  
  722. $results = array();
  723. $q = $this->db->query("SELECT * FROM characters WHERE account = '$id'");
  724. if(mysql_num_rows($q) != 0)
  725. {
  726. while($row = mysql_fetch_assoc($q))
  727. {
  728. $results[] = $row;
  729. }
  730.  
  731. if(isset($_POST['purchase']))
  732. {
  733. $char = $_POST['char'];
  734. $this->buyItem($_GET['itemid'], $char, $_SESSION['realmID']);
  735. }
  736.  
  737. if(isset($_POST['unstuck']))
  738. {
  739. include("settings/config.php");
  740. ini_set("display_errors", 0);
  741. $char = $_POST['char'];
  742. $fp = fsockopen("logon.unforgivenwow.com", 3443, $errno, $errstr, 30);
  743. sleep (1);
  744. $out = "USER $rauser\n";
  745. $out2 = "PASS $rapass\n";
  746. $out3 = "tele name $char\n"; //send items
  747. fwrite($fp, $out);
  748. sleep (1);
  749. fwrite($fp, $out2);
  750. sleep (1);
  751. fwrite($fp, $out3);
  752. sleep (1);
  753. fclose($fp);
  754. if(!$fp)
  755. {
  756.  
  757. return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
  758. ini_set("display_errors", 1);
  759. }
  760. return $this->mmsg('success', 'Your character has been teleported to Dalaran.');
  761.  
  762. }
  763. if(isset($_POST['revive']))
  764. {
  765. $char = $_POST['char'];
  766. ini_set("display_errors", 0);
  767. include("settings/config.php");
  768. $fp = fsockopen("logon.unforgivenwow.com", 3443, $errno, $errstr, 30);
  769. sleep (1);
  770. $out = "USER $rauser\n";
  771. $out2 = "PASS $rapass\n";
  772. $out3 = "revive $char\n"; //revive
  773. fwrite($fp, $out);
  774. sleep (1);
  775. fwrite($fp, $out2);
  776. sleep (1);
  777. fwrite($fp, $out3);
  778. sleep (1);
  779. fclose($fp);
  780. if(!$fp)
  781. {
  782.  
  783. return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
  784. ini_set("display_errors", 1);
  785. }
  786. return $this->mmsg('success', 'Your character has been Revived.');
  787. }
  788. }
  789.  
  790. mysql_select_db($db->maindb);
  791. return $results;
  792. }
  793.  
  794. function getVChars($id)
  795. {
  796. global $donate, $db;
  797. $dbselector = ($_SESSION['realmID'] == 1) ? $donate->chardb : $donate->chardbtwo;
  798. $this->db->sel_db($dbselector);
  799.  
  800. $results = array();
  801. $q = $this->db->query("SELECT * FROM characters WHERE account = '$id'");
  802. if(mysql_num_rows($q) != 0)
  803. {
  804. while($row = mysql_fetch_assoc($q))
  805. {
  806. $results[] = $row;
  807. }
  808.  
  809. if(isset($_POST['purchase']))
  810. {
  811. $char = $_POST['char'];
  812. $this->buyvItem($_GET['itemid'], $char, $_SESSION['realmID']);
  813. }
  814.  
  815. }
  816.  
  817. mysql_select_db($db->maindb);
  818. return $results;
  819. }
  820.  
  821.  
  822. function sendItem($itemId, $cName, $subject, $body, $realmId)
  823. {
  824. global $soap, $donate, $db, $rauser, $rapass, $rauser2, $rapass2;
  825. $dbselector = ($realmId == 1) ? $donate->chardb : $donate->chardbtwo;
  826. $this->db->sel_db($dbselector);
  827. $q = $this->db->select('guid', 'characters', '`name` = "' . $cName . '"');
  828. $count = mysql_num_rows($q);
  829. if ($count == 1)
  830. {
  831. try {
  832. if($realmId == 1)
  833. {
  834. $fp = fsockopen("logon.unforgivenwow.com", 3443, $errno, $errstr, 30);
  835. sleep (1);
  836.  
  837. $out = "USER $rauser\n";
  838. $out2 = "PASS $rapass\n";
  839. }
  840. if($realmId == 2)
  841. {
  842. $fp = fsockopen("logon.unforgivenwow.com", 3444, $errno, $errstr, 30);
  843. sleep (1);
  844.  
  845. $out = "USER $rauser2\n";
  846. $out2 = "PASS $rapass2\n";
  847. }
  848. $out3 = "send items $cName \"$subject\" \"$body\" $itemId\n"; //send items
  849. fwrite($fp, $out);
  850. sleep (1);
  851. fwrite($fp, $out2);
  852. sleep (1);
  853. fwrite($fp, $out3);
  854. sleep (1);
  855. fclose($fp);
  856.  
  857. if(!$fp)
  858. {
  859. return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
  860. ini_set("display_errors", 1);
  861. die();
  862. }
  863.  
  864. $this->db->sel_db($db->maindb);
  865. return true;
  866.  
  867. }
  868.  
  869. catch (Exception $e)
  870. {
  871. var_dump($e);exit;
  872. return false;
  873. }
  874.  
  875. }
  876.  
  877. $this->db->sel_db($db->maindb);
  878. }
  879.  
  880. function buyvItem($id, $char = NULL, $realmId)
  881. {
  882. global $db;
  883. mysql_select_db($db->maindb);
  884. $table = ($realmId == 1) ? 'vrewards' : 'vrewardstwo';
  885. $q = mysql_query("SELECT * FROM $table WHERE itemid = '$id'") or die(mysql_error());
  886.  
  887. if(!mysql_num_rows($q) == 0)
  888. {
  889. $i = mysql_fetch_assoc($q);
  890. $price = $i['price'];
  891.  
  892. echo 'You are purchasing:<br /><br />'.
  893. 'Item: <span class="'.$i['itemType'].' bold">'.$i['itemName'].'</span><br />'.
  894. 'Price: <span class="bold">'.$price.'</span><br /><br />'.
  895.  
  896. 'Are you sure you want to purchase this item?<br /><br />';
  897. }
  898. else
  899. {
  900. echo '<i>This item is not available.</i>';
  901. return;
  902. }
  903.  
  904. if(isset($_GET['buy']) && $char != NULL)
  905. {
  906. $this->loader();
  907. $userid = $_SESSION['id'];
  908.  
  909. $q = mysql_query("SELECT * FROM account WHERE id = '$userid'") or die(mysql_error());
  910.  
  911. if(mysql_num_rows($q) > 0)
  912. {
  913. $r = mysql_fetch_assoc($q);
  914. if($r['vp'] >= $price)
  915. {
  916. $total_points = $r['vp'] - $price;
  917.  
  918. if ($this->sendItem($id, $char, "Thanks for voting", "Unforgiven-WoW Thanks you for your support in keeping this server running!", $_SESSION['realmID']))
  919. {
  920. $this->db->sel_db($db->maindb);
  921. $q = $this->db->query("UPDATE account SET vp = '$total_points' WHERE id = '$userid' LIMIT 1");
  922. if($q) header("Location: ./?page=itembought");
  923. }
  924. }
  925. else
  926. {
  927. $this->mmsg('error','You do not have enough points, vote for more <a href="?page=vote">here</a>.');
  928. return;
  929. }
  930.  
  931. }
  932. else
  933. {
  934. return $this->msg(1,'User has no points or does not exist in the database, please contact administrator if this is wrong.');
  935. }
  936.  
  937. }
  938.  
  939. }
  940.  
  941. function loader()
  942. {
  943. global $db;
  944. mysql_select_db($db->maindb);
  945. echo '<img src="images/loaderbuy.gif" alt="loadergif"/>';
  946. }
  947.  
  948. function buyItem($id, $char = NULL, $realmId)
  949. {
  950. global $db;
  951. mysql_select_db($db->maindb);
  952.  
  953. $table = ($realmId == 1) ? 'drewards' : 'drewardstwo';
  954. $q = mysql_query("SELECT * FROM $table WHERE itemid = '$id'") or die(mysql_error());
  955.  
  956. if(!mysql_num_rows($q) == 0)
  957. {
  958. $i = mysql_fetch_assoc($q);
  959. $price = $i['price'];
  960.  
  961. echo 'You are purchasing:<br /><br />'.
  962. 'Item: <span class="'.$i['itemType'].' bold">'.$i['itemName'].'</span><br />'.
  963. 'Price: <span class="bold">'.$price.'</span><br /><br />'.
  964.  
  965. 'Are you sure you want to purchase this item?<br /><br />';
  966. }
  967. else
  968. {
  969. echo '<i>This item is not available.</i>';
  970. return;
  971. }
  972.  
  973. if(isset($_GET['buy']) && $char != NULL)
  974. {
  975. $userid = $_SESSION['id'];
  976.  
  977. $q = mysql_query("SELECT * FROM account WHERE id = '$userid'") or die(mysql_error());
  978.  
  979. if(mysql_num_rows($q) > 0)
  980. {
  981. $r = mysql_fetch_assoc($q);
  982. if($r['dp'] >= $price)
  983. {
  984. $total_points = $r['dp'] - $price;
  985.  
  986. if ($this->sendItem($id, $char, "Thanks for donating", "Unforgiven-WoW Thanks you for your support in keeping this server running!", $_SESSION['realmID']))
  987. {
  988. $this->db->sel_db($db->maindb);
  989. $q = $this->db->query("UPDATE account SET dp = '$total_points' WHERE id = '$userid' LIMIT 1");
  990.  
  991. if($q) header("Location: ./?page=itembought");
  992. }
  993.  
  994. }
  995. else
  996. {
  997. $this->mmsg('error','You do not have enough points, donate for more <a href="?page=donate">here</a>.');
  998. return;
  999. }
  1000.  
  1001. }
  1002. else
  1003. {
  1004. return $this->msg(1,'User has no points or does not exist in the database, please contact administrator if this is wrong.');
  1005. }
  1006.  
  1007. }
  1008.  
  1009. }
  1010.  
  1011. function addReward($type, $typetwo = NULL)
  1012. {
  1013. if(isset($_POST['additem']))
  1014. {
  1015. foreach($_POST as $c => $v)
  1016. {
  1017. $_POST[$c] = mysql_real_escape_string($v);
  1018. }
  1019.  
  1020. if(!isset($_POST['customitem']))
  1021. {
  1022. return $this->msg(1,'You must select the custom item value.');
  1023. }
  1024.  
  1025. if(!isset($_POST['itemtype']))
  1026. {
  1027. return $this->msg(1,'You must select an item color.');
  1028. }
  1029.  
  1030. if(!isset($_POST['itemName']) && !isset($_POST['itemid']))
  1031. {
  1032. return $this->msg(1,'You must fill in an Item name & ID');
  1033. }
  1034.  
  1035. $item_id = $_POST['itemid'];
  1036. $price = $_POST['price'];
  1037.  
  1038. if($_POST['customitem'] != 'true')
  1039. {
  1040. $q = $this->db->query("INSERT INTO $type SET itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', customItem = 'false', itemid = '$item_id', price = '$price'");
  1041. }
  1042. else
  1043. {
  1044. $q = $this->db->query("INSERT INTO $type SET customItem = 'true', itemid = '$item_id', itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', stat1 = '$_POST[stat1]', stat2 = '$_POST[stat2]', stat3 = '$_POST[stat3]', stat4 = '$_POST[stat4]', stat5 = '$_POST[stat5]', stat6 = '$_POST[stat6]', stat7 = '$_POST[stat7]', stat8 = '$_POST[stat8]', stat9 = '$_POST[stat9]', stat10 = '$_POST[stat10]', price = '$price'");
  1045. }
  1046.  
  1047. if(!$q)
  1048. {
  1049. return $this->msg(1,'Something went wrong, please try again.');
  1050. }
  1051. else
  1052. {
  1053. header("Location: ?admin");
  1054. exit;
  1055. }
  1056. }
  1057.  
  1058. if(isset($_POST['additemtwo']))
  1059. {
  1060. foreach($_POST as $c => $v)
  1061. {
  1062. $_POST[$c] = mysql_real_escape_string($v);
  1063. }
  1064.  
  1065. if(!isset($_POST['customitem']))
  1066. {
  1067. return $this->msg(1,'You must select the custom item value.');
  1068. }
  1069.  
  1070. if(!isset($_POST['itemtype']))
  1071. {
  1072. return $this->msg(1,'You must select an item color.');
  1073. }
  1074.  
  1075. if(!isset($_POST['itemName']) && !isset($_POST['itemid']))
  1076. {
  1077. return $this->msg(1,'You must fill in an Item name & ID');
  1078. }
  1079.  
  1080. $item_id = $_POST['itemid'];
  1081. $price = $_POST['price'];
  1082.  
  1083. if($_POST['customitem'] != 'true')
  1084. {
  1085. $q = $this->db->query("INSERT INTO $typetwo SET itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', customItem = 'false', itemid = '$item_id', price = '$price'");
  1086. }
  1087. else
  1088. {
  1089. $q = $this->db->query("INSERT INTO $typetwo SET customItem = 'true', itemid = '$item_id', itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', stat1 = '$_POST[stat1]', stat2 = '$_POST[stat2]', stat3 = '$_POST[stat3]', stat4 = '$_POST[stat4]', stat5 = '$_POST[stat5]', stat6 = '$_POST[stat6]', stat7 = '$_POST[stat7]', stat8 = '$_POST[stat8]', stat9 = '$_POST[stat9]', stat10 = '$_POST[stat10]', price = '$price'");
  1090. }
  1091.  
  1092. if(!$q)
  1093. {
  1094. return $this->msg(1,'Something went wrong, please try again.');
  1095. }
  1096. else
  1097. {
  1098. header("Location: ?admin");
  1099. exit;
  1100. }
  1101. }
  1102. }
  1103.  
  1104. function adminDeleteReward($type)
  1105. {
  1106. if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
  1107. {
  1108. $del = ($type == 'donations') ? 'drewards' : 'vrewards';
  1109. if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
  1110. {
  1111. $id = $_GET['delete'];
  1112. $q = $this->db->del($del, "itemid = '$id'");
  1113. header("Location: ./?admin=$type");
  1114. }
  1115. }
  1116. }
  1117.  
  1118. function adminDeleteRewardTwo($type)
  1119. {
  1120. if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
  1121. {
  1122. $del = ($type == 'donations') ? 'drewardstwo' : 'vrewardstwo';
  1123. if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
  1124. {
  1125. $id = $_GET['deletetwo'];
  1126. $q = $this->db->del($del, "itemid = '$id'");
  1127. header("Location: ./?admin=$type");
  1128. }
  1129. }
  1130. }
  1131.  
  1132. function adminDeleteSite($type)
  1133. {
  1134. if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
  1135. {
  1136. $del = ($type == 'sites') ? 'vlinks' : 'THIS DOEZ NOT WORK!!404 ERROR OMGAD';
  1137. if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
  1138. {
  1139. $id = $_GET['delete'];
  1140. $q = $this->db->del($del, "id = '$id'");
  1141. header("Location: ./?admin=$type");
  1142. }
  1143. }
  1144. }
  1145.  
  1146. function addSite()
  1147. {
  1148. if(isset($_POST['addsite']))
  1149. {
  1150. foreach($_POST as $c => $v)
  1151. {
  1152. $_POST[$c] = mysql_real_escape_string($v);
  1153. }
  1154.  
  1155. if(empty($_POST['title'])) return $this->msg(1,'Voting title is empty, please try again.');
  1156. if(empty($_POST['imageurl'])) return $this->msg(1, 'Image url is empty, please try again.');
  1157. if(empty($_POST['url'])) return $tihs->msg(1, 'Link is empty, please try again.');
  1158.  
  1159. $q = $this->db->query("INSERT INTO vlinks SET title = '$_POST[title]', imageurl = '$_POST[imageurl]', url = '$_POST[url]'");
  1160. if($q)
  1161. {
  1162. header("Location: ./?admin=sites");
  1163. exit;
  1164. }
  1165. else
  1166. {
  1167. return $this->msg(1, 'Something went wrong, please try again.');
  1168. }
  1169. }
  1170. }
  1171.  
  1172. function playersOnline($id)
  1173. {
  1174. global $realm, $db;
  1175. $dbs = explode(',', $realm->chardb);
  1176.  
  1177. $this->db->sel_db($dbs[$id]);
  1178. $q = $this->db->query("SELECT * FROM characters WHERE online = 1");
  1179.  
  1180. while($row = mysql_fetch_assoc($q))
  1181. {
  1182. print '<tr>
  1183. <td>&nbsp;'.$row['name'].'</td>
  1184. <td>&nbsp;'.$row['level'].'</td>
  1185. <td>&nbsp;<img src="images/stats/'.$row['class'].'.gif" /></td>
  1186. <td>&nbsp;<img src="images/stats/'.$row['race']."-".$row['gender'].'.gif" /></td>
  1187.  
  1188. </tr>';
  1189. }
  1190.  
  1191. return $this->db->sel_db($db->maindb);
  1192. }
  1193.  
  1194. function statusOnline($id)
  1195. {
  1196. global $realm, $db;
  1197. $dbs = explode(',', $realm->chardb);
  1198.  
  1199. $this->db->sel_db($dbs[$id]);
  1200. $q = $this->db->query("SELECT * FROM characters WHERE online = 1");
  1201. $online = mysql_num_rows($q);
  1202. $this->db->sel_db($db->maindb);
  1203.  
  1204. return print $online;
  1205. }
  1206. }
  1207. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!