API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 21st, 2017
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 32.55 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. define('TYPE_NOCLEAN', 0); // no change
  3. define('TYPE_BOOL', 1); // force boolean
  4. define('TYPE_INT', 2); // force integer
  5. define('TYPE_UINT', 3); // force unsigned integer
  6. define('TYPE_NUM', 4); // force number
  7. define('TYPE_UNUM', 5); // force unsigned number
  8. define('TYPE_UNIXTIME', 6); // force unix datestamp (unsigned integer)
  9. define('TYPE_STR', 7); // force trimmed string
  10. define('TYPE_NOTRIM', 8); // force string - no trim
  11. define('TYPE_NOHTML', 9); // force trimmed string with HTML made safe
  12. define('TYPE_ARRAY', 10); // force array
  13. define('TYPE_FILE', 11); // force file
  14. define('TYPE_BINARY', 12); // force binary string
  15. define('TYPE_NOHTMLCOND', 13); // force trimmed string with HTML made safe if determined to be unsafe
  16.  
  17. ob_start();
  18.  
  19. include_once 'settings/config.php';
  20. include_once 'inc/db.class.php';
  21. function &clean( &$data, $type )
  22. {
  23. static $booltypes = array('1', 'yes', 'y', 'true');
  24.  
  25. switch ($type)
  26. {
  27. case TYPE_INT: $data = intval($data); break;
  28. case TYPE_UINT: $data = ($data = intval($data)) < 0 ? 0 : $data; break;
  29. case TYPE_NUM: $data = strval($data) + 0; break;
  30. case TYPE_UNUM: $data = strval($data) + 0;
  31. $data = ($data < 0) ? 0 : $data; break;
  32. case TYPE_BINARY: $data = strval($data); break;
  33. case TYPE_STR: $data = trim(strval($data)); break;
  34. case TYPE_NOTRIM: $data = strval($data); break;
  35. case TYPE_NOHTML: $data = trim(strval($data)); break;
  36. case TYPE_BOOL: $data = in_array(strtolower($data), $booltypes) ? 1 : 0; break;
  37. case TYPE_ARRAY: $data = (is_array($data)) ? $data : array(); break;
  38. case TYPE_NOCLEAN: break;
  39. }
  40.  
  41. // strip out characters that really have no business being in non-binary data
  42. switch ($type)
  43. {
  44. case TYPE_STR:
  45. case TYPE_NOTRIM:
  46. case TYPE_NOHTML:
  47. case TYPE_NOHTMLCOND:
  48. $data = str_replace(chr(0), '', $data);
  49. }
  50.  
  51. return $data;
  52. }
  53. include_once 'settings/config.php';
  54. include_once 'inc/db.class.php';
  55.  
  56. class site
  57. {
  58. public $db;
  59.  
  60. function __construct()
  61. {
  62. $this->db = new db();
  63. if(isset($_GET['logout']))
  64. {
  65. unset($_SESSION);
  66. header("Location: ./");
  67. }
  68. }
  69.  
  70. function load()
  71. {
  72. $page = (isset($_GET['page'])) ? $_GET['page'] : 'index';
  73. $page = (!file_exists('pages/'.$page.'.php')) ? '404' : $page;
  74.  
  75. if(isset($_GET['admin']))
  76. {
  77. $page = 'admin/';
  78. $page .= (isset($_SESSION['gm'])) ? $_GET['admin'] : '404';
  79.  
  80. if(empty($_GET['admin']) && isset($_SESSION['gm']))
  81. {
  82. $page = 'admin/admin';
  83. }
  84.  
  85. if(!file_exists('pages/'.$page.'.php')) $page = '404';
  86. }
  87.  
  88. if(isset($_GET['account']))
  89. {
  90. $page = 'account/';
  91. $page .= (isset($_SESSION['username'])) ? $_GET['account'] : 'error';
  92.  
  93. if(empty($_GET['account']) && isset($_SESSION['username']))
  94. {
  95. $page = 'account/account';
  96. }
  97.  
  98. if(!file_exists('pages/'.$page.'.php')) $page = '404';
  99. }
  100.  
  101. if(isset($_GET['buy']))
  102. {
  103. $page = 'rewards/';
  104. $page .= (isset($_SESSION['username'])) ? $_GET['buy'] : 'error';
  105.  
  106. if(empty($_GET['buy']) && isset($_SESSION['username']))
  107. {
  108. $page = 'account/account';
  109. }
  110.  
  111. if(!file_exists('pages/'.$page.'.php')) $page = '404';
  112. }
  113.  
  114. include 'template/_head.php';
  115. include 'pages/'.$page.'.php';
  116. include 'template/_foot.php';
  117.  
  118. }
  119.  
  120. function msg($e, $msg)
  121. {
  122. $e = ($e == 1) ? 'red' : 'green';
  123. print '<span style="color:'.$e.';font-size:11px;padding:5px;">'.$msg.'</span>';
  124. }
  125.  
  126. function mmsg($type, $msg)
  127. {
  128. print '<section class="'.$type.'"><p>'.$msg.'</p></section>';
  129. }
  130.  
  131. function mmsgcaptcha($type, $msg)
  132. {
  133. $this->__construct();
  134. print '<section class="'.$type.'"><p>'.$msg.'</p></section>';
  135. unset($_SESSION);
  136. session_destroy();
  137. header("Location: ./");
  138. }
  139. function login()
  140. {
  141.  
  142. if(isset($_POST['login']))
  143. {
  144. $user = $_POST['username'];
  145. $pass = sha1(strtoupper($_POST['username'].':'.$_POST['password']));
  146.  
  147. $q = $this->db->select('*','account',"username = '$user' AND sha_pass_hash = '$pass'");
  148. if(mysql_num_rows($q) > 0)
  149. {
  150. $row = mysql_fetch_assoc($q);
  151. foreach($row as $c => $v)
  152. {
  153. $_SESSION[$c] = $v;
  154. }
  155.  
  156.  
  157. //Encrypt the posted code field and then compare with the stored key
  158.  
  159. $captchaaccept = $_SESSION['keya'];
  160.  
  161. if(md5($_POST['captcha']) != $captchaaccept)
  162. {
  163. $this->mmsg('error','Invalid Captcha');
  164.  
  165. }
  166.  
  167. $gm = $this->db->select('*','account_access',"id = '$_SESSION[id]'");
  168. $row = mysql_fetch_assoc($gm);
  169.  
  170. if($row['gmlevel'] >= 4)
  171. {
  172. $_SESSION['gm'] = 1;
  173. }
  174.  
  175. }
  176. else
  177. {
  178. return $this->mmsg('error','Invalid Login');
  179. }
  180.  
  181. header("Location: ./?account");
  182.  
  183. exit;
  184.  
  185. }
  186.  
  187. }
  188.  
  189. function getDonorPoints($id)
  190. {
  191. $q = $this->db->select('dp', 'account', "id = '$id'");
  192. $row = mysql_fetch_assoc($q);
  193.  
  194. echo $row['dp'];
  195. return;
  196. }
  197.  
  198. function getVotingPoints($id)
  199. {
  200. $q = $this->db->select('vp', 'account', "id = '$id'");
  201. $row = mysql_fetch_assoc($q);
  202.  
  203. echo $row['vp'];
  204. return;
  205. }
  206.  
  207. function getArray($table, $order, $limit = NULL)
  208. {
  209. $results = array();
  210. if($limit == NULL)
  211. {
  212. $q = $this->db->query("SELECT * FROM $table ORDER BY id $order");
  213. }
  214. else
  215. {
  216. $q = $this->db->query("SELECT * FROM $table ORDER BY id $order LIMIT $limit");
  217. }
  218. while($row = mysql_fetch_assoc($q))
  219. {
  220. $results[] = $row;
  221. }
  222.  
  223. return $results;
  224. }
  225.  
  226. function is_valid_email ($email)
  227. {
  228. $qtext = '[^\\x0d\\x22\\x5c\\x80-\\xff]';
  229. $dtext = '[^\\x0d\\x5b-\\x5d\\x80-\\xff]';
  230. $atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
  231. '\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+';
  232. $quoted_pair = '\\x5c\\x00-\\x7f';
  233. $domain_literal = "\\x5b($dtext|$quoted_pair)*\\x5d";
  234. $quoted_string = "\\x22($qtext|$quoted_pair)*\\x22";
  235. $domain_ref = $atom;
  236. $sub_domain = "($domain_ref|$domain_literal)";
  237. $word = "($atom|$quoted_string)";
  238. $domain = "$sub_domain(\\x2e$sub_domain)*";
  239. $local_part = "$word(\\x2e$word)*";
  240. $addr_spec = "$local_part\\x40$domain";
  241.  
  242. return preg_match("!^$addr_spec$!", $email) ? true : false;
  243. }
  244.  
  245. function bbcode($text)
  246. {
  247. $text = " " . $text;
  248. $text = stripslashes( $text );
  249. $text = str_replace( ":D", "<img src=\"images/smileys/grin.png\" />", $text );
  250. $text = str_replace( "xD", "<img src=\"images/smileys/evilgrin.png\" />", $text );
  251. $text = str_replace( ":(", "<img src=\"images/smileys/unhappy.png\" />", $text );
  252. $text = str_replace( "^^", "<img src=\"images/smileys/happy.png\" />", $text );
  253. $text = str_replace( ":)", "<img src=\"images/smileys/smile.png\" />", $text );
  254. $text = str_replace( ":O", "<img src=\"images/smileys/surprised.png\" />", $text );
  255. $text = str_replace( ":P", "<img src=\"images/smileys/tongue.png\" />", $text );
  256. $text = str_replace( ":3", "<img src=\"images/smileys/waii.png\" />", $text );
  257. $text = str_replace( ";)", "<img src=\"images/smileys/wink.png\" />", $text );
  258. if (!( strpos($text, "[") && strpos($text, "]"))) return nl2br($text);
  259. $text = preg_replace( "/\\[b\\](.+?)\[\/b\]/is", '<strong>\1</strong>', $text );
  260. $text = preg_replace( "/\\[center\\](.+?)\[\/center\]/is", '<span align="center">\1</span>', $text );
  261. $text = preg_replace( "/\\[i\\](.+?)\[\/i\]/is", '<i>\1</i>', $text );
  262. $text = preg_replace( "/\\[u\\](.+?)\[\/u\]/is", '<span class="underlined">\1</span>', $text );
  263. $text = preg_replace( "/\[s\](.+?)\[\/s\]/is", '<s>\1</s>', $text );
  264. $text = preg_replace( "/\[list\](.+?)\[\/list\]/is", '<ul>\1</ul>', $text );
  265. $text = preg_replace( "/\[\*\](.*)/", '<li>\1</li>', $text );
  266. $text = preg_replace( "/\[code\](.+?)\[\/code\]/is", '<code>\1</code>', $text );
  267. $text = preg_replace( "/\[quote\](.+?)\[\/quote\]/is", '<code>\1</code>', $text );
  268. $text = @eregi_replace( "\\[img]([^\\[]*)\\[/img\\]", "<img src=\"\\1\">", $text );
  269. $text = @eregi_replace( "\\[font=([^\\[]*)\\]([^\\[]*)\\[/font\\]", "<font style=\"font-family:\\1\">\\2</font>", $text );
  270. $text = @eregi_replace( "\\[color="([^\\[]*)"\\]([^\\[]*)\\[/color\\]", "<font color=\"\\1\">\\2</font>",$text );
  271. $text = @eregi_replace( "\\[size=([^\\[]*)\\]([^\\[]*)\\[/size\\]", "<font size=\"\\1px\">\\2</font>", $text );
  272. $text = @eregi_replace( "\\[url=([^\\[]*)\\]([^\\[]*)\\[/url\\]", "<a href=\"\\1\">\\2</a>", $text );
  273. $text = @eregi_replace( "\\[list=([^\\[]*)\\]([^\\[]*)\\[/list\\]", "<ul style='list-style-type: decimal;margin-left: 30px;' align='center'>\\2</ul>", $text );
  274. $text = @eregi_replace( "\\[url\\]([^\\[]*)\\[/url\\]", "<a href=\"\\1\">\\1</a>", $text );
  275. return nl2br($text);
  276.  
  277. }
  278.  
  279. function getWhereArray($table, $where)
  280. {
  281. $results = array();
  282. $q = $this->db->query("SELECT * FROM $table WHERE $where");
  283. while($row = mysql_fetch_assoc($q))
  284. {
  285. $results[] = $row;
  286. }
  287.  
  288. return $results;
  289. }
  290.  
  291. function files($dir, $type)
  292. {
  293.  
  294. $count = count(glob($dir . '*.'.$type)) ;
  295. return $count;
  296.  
  297. }
  298.  
  299. function accountChangePw()
  300. {
  301. global $db;
  302. if(isset($_POST['changepass']))
  303. {
  304. $oenc = sha1(strtoupper($_SESSION['username'].':'.$_POST['oldpass']));
  305. $nenc = sha1(strtoupper($_SESSION['username'].':'.$_POST['newpass']));
  306.  
  307. if($oenc != $_SESSION['sha_pass_hash'])
  308. {
  309. return $this->mmsg('error', 'Current password does not match with your old one.');
  310. }
  311.  
  312. if($_POST['newpass'] != $_POST['confirmpass'])
  313. {
  314. return $this->mmsg('error', 'New passwords did not match, please try again.');
  315. }
  316.  
  317. $q = mysql_query("UPDATE realmd.account SET sha_pass_hash='$nenc', v='',s='' WHERE id='$_SESSION[id]'");
  318.  
  319. //$q = $this->db->update('account',"sha_pass_hash = '$nenc'","id = '$_SESSION[id]'",'1');
  320. if($q)
  321. {
  322. $this->mmsg('success', 'Password has been updated.');
  323. $_SESSION['sha_pass_hash'] = $nenc;
  324. return;
  325. }
  326. else
  327. {
  328. return $this->msg(1, 'Something went wrong, please try again.');
  329. }
  330. }
  331. }
  332.  
  333. function accountChangeEmail()
  334. {
  335. global $db;
  336. if(isset($_POST['changemail']))
  337. {
  338. $enc = sha1(strtoupper($_SESSION['username'].':'.$_POST['pass']));
  339.  
  340. if($enc != $_SESSION['sha_pass_hash'])
  341. {
  342. return $this->mmsg('error', 'Incorrect password you entered, please try again.');
  343. }
  344.  
  345. $mail = mysql_real_escape_string($_POST['newmail']);
  346.  
  347. $q = $this->db->update('account', "email = '$mail'", "id = '$_SESSION[id]'", '1');
  348. if($q)
  349. {
  350. $this->mmsg('success', 'Email has been updated.');
  351. $_SESSION['email'] = $_POST['newmail'];
  352. return;
  353. }
  354. else
  355. {
  356. return $this->msg(1, 'Something went wrong, please try again.');
  357. }
  358. }
  359. }
  360.  
  361. function accountRegister()
  362. {
  363. global $db;
  364.  
  365. if(isset($_POST['register']))
  366. {
  367. foreach($_POST as $c => $v)
  368. {
  369. $_POST[$c] = mysql_real_escape_string($v);
  370. }
  371.  
  372. if(empty($_POST['validator']))
  373. {
  374. return $this->mmsg('error', 'Validator field was empty, please answer the captcha.');
  375. }
  376.  
  377. $captchaaccept = $_SESSION['keya'];
  378. if(md5($_POST['validator']) != $captchaaccept)
  379. {
  380. $this->mmsg('error','Invalid Captcha');
  381. header("Location: ./");
  382.  
  383. }
  384.  
  385. if(empty($_POST['accountname']))
  386. {
  387. return $this->mmsg('error', 'Account name was empty, please try again.');
  388. }
  389.  
  390. if(empty($_POST['password']) || empty($_POST['cpassword']))
  391. {
  392. return $this->mmsg('error', 'Either of the password fields were empty, please try again.');
  393. }
  394.  
  395. if(!$this->is_valid_email($_POST['email']))
  396. {
  397. return $this->mmsg('error', 'Invalid e-mail, please use a real e-mail address.');
  398. }
  399.  
  400. if(empty($_POST['email']))
  401. {
  402. return $this->mmsg('error', 'Email field was empty, please try again.');
  403. }
  404.  
  405.  
  406. if($_POST['password'] != $_POST['cpassword'])
  407. {
  408. return $this->mmsg('error', 'Passwords did not match, please try again.');
  409. }
  410.  
  411. $q = $this->db->select('username','account',"username = '$_POST[accountname]'");
  412. if(mysql_num_rows($q) > 0)
  413. {
  414. return $this->mmsg('error', 'This username already exists, please try again.');
  415. }
  416.  
  417. $enc = sha1(strtoupper($_POST['accountname'].':'.$_POST['password']));
  418.  
  419. $ip = $_SERVER['REMOTE_ADDR'];
  420.  
  421. $q = $this->db->select('registerip','account',"registerip = '$ip'");
  422. if(mysql_num_rows($q) >= 3)
  423. {
  424. return $this->mmsg('error', 'This ip has registered more than three accounts.');
  425. }
  426.  
  427. $q = $this->db->insert('account',"username = '$_POST[accountname]', sha_pass_hash = '$enc', locked = '0', email = '$_POST[email]', expansion = '2', vp = '0', dp = '0', registerip = '$ip'");
  428. if($q)
  429. {
  430. return $this->mmsg('success', 'Your account has been created, you may now login to the website and the forums.');
  431. }
  432. else
  433. {
  434. return $this->mmsg('error', 'Registration failed, contact an administrator');
  435. }
  436. }
  437. }
  438.  
  439. function accountForgotPw()
  440. {
  441. global $web;
  442.  
  443. if(isset($_POST['forgotpw']))
  444. {
  445. if(empty($_POST['email']))
  446. {
  447. return $this->msg(1, 'Empty e-mail address, please try again.');
  448. }
  449.  
  450. if(empty($_POST['account']))
  451. {
  452. return $this->msg(1, 'Empty account name, please try again.');
  453. }
  454.  
  455. $pw = base64_encode(rand(0, 5000));
  456. $enc = md5(strtoupper($pw));
  457. $q = $this->db->select('username, email','account', "username = '$_POST[account]' AND email = '$_POST[email]'");
  458. if(!$q)
  459. {
  460. return $this->msg(1, 'Account name & email did not match as an account in our database, please try and correct this.');
  461. }
  462.  
  463. $body = ' :: '.$web->name.' ::
  464. You\'ve requested a new password on our realms, so here we\'re
  465. sending you a randomly generated password, we recommend you change
  466. your password when you log in through the \'Change Email\' section in
  467. your account panel.
  468.  
  469. Your new password is: '. $pw .'
  470.  
  471. If you did not do this, we strongly recommend you change your e-mail address
  472. aswell and ask an administrator for an account name change.';
  473. $body = wordwrap($body, 100);
  474. $headers = 'From : '.$web->admin."\r\n" .
  475. 'Reply-To: '.$web->admin."\r\n" .
  476. 'X-mailer: PHP/'.phpversion();
  477. mail($_POST['email'], $web->name.' Password Recovery', $body, $headers);
  478.  
  479. $q = $this->db->update('account', "sha_pass_hash = '$enc'", "username = '$_POST[account]' AND email = '$_POST[email]'", '1');
  480. $this->msg(0, 'Please check your inbox, we\'ve sent you an e-mail containing your new password, it may arrive in your "Junk box" or "Spam folder" so make sure to check them out.');
  481. }
  482. }
  483.  
  484. function addNews($t = NULL, $m = NULL)
  485. {
  486. if(isset($_POST['addnews']))
  487. {
  488. if(empty($_POST['title']))
  489. {
  490. return $this->msg(1, 'News title may not be empty, please try again.');
  491. }
  492.  
  493. if(empty($_POST['news']))
  494. {
  495. return $this->msg(1, 'Message may not be empty, please try again.');
  496. }
  497.  
  498. $title = mysql_real_escape_string($_POST['title']);
  499. $msg = mysql_real_escape_string($_POST['news']);
  500.  
  501. $q = $this->db->insert('news',"title = '$title', message = '$msg', author = '".ucfirst(strtolower($_SESSION['username']))."'");
  502. if($q)
  503. {
  504. return $this->msg(0, 'News were added succesfully.');
  505. }
  506. else
  507. {
  508. return $this->msg(1, 'Something went wrong, please try again.');
  509. }
  510. }
  511. }
  512.  
  513. function editNews($id)
  514. {
  515. if(isset($_POST['editnews']))
  516. {
  517. if(empty($_POST['title']))
  518. {
  519. return $this->msg(1, 'News title may not be empty, please try again.');
  520. }
  521.  
  522. if(empty($_POST['news']))
  523. {
  524. return $this->msg(1, 'Message may not be empty, please try again.');
  525. }
  526.  
  527. $title = mysql_real_escape_string($_POST['title']);
  528. $msg = mysql_real_escape_string($_POST['news']);
  529.  
  530. $q = $this->db->update('news',"title = '$title', message = '$msg', author = '".ucfirst(strtolower($_SESSION['username']))."'", "id = '$id'", '1');
  531. if($q)
  532. {
  533. return $this->msg(0, 'News were edited succesfully.');
  534. }
  535. else
  536. {
  537. return $this->msg(1, 'Something went wrong, please try again.');
  538. }
  539. }
  540.  
  541. }
  542.  
  543. function delItem($type)
  544. {
  545. if(isset($_GET['admin']) && isset($_GET['delete']))
  546. {
  547. if($_GET['delete'] != NULL)
  548. {
  549. if(isset($_SESSION['gm']))
  550. {
  551. $id = $_GET['delete'];
  552. $q = $this->db->del($type, "id = '$id'");
  553. if($q)
  554. {
  555. return $this->msg(0, 'Item was deleted successfully.');
  556. }
  557. else
  558. {
  559. return $this->msg(1, 'Something went wrong, please try again.');
  560. }
  561. }
  562. }
  563. }
  564. }
  565.  
  566. function castVote($id)
  567. {
  568. $q = mysql_query("SELECT * FROM vlinks WHERE id = '" . $id . "'");
  569. if ($q && mysql_num_rows($q) == 1)
  570. {
  571. $row = mysql_fetch_object($q);
  572. $userid = $_SESSION['id'];
  573. if ($userid)
  574. {
  575. $q = mysql_query("SELECT * FROM vlogs WHERE vote_id = '" . $id . "' AND (id = '" . $userid . "' OR ip_address = '" . $_SERVER['REMOTE_ADDR'] . "') ORDER BY vote_date DESC");
  576.  
  577. $timenow = date("U");
  578. $timefuture = date("U")+43200;//12 hrs
  579. if (mysql_num_rows($q) >= 1)
  580. {
  581. $row2 = mysql_fetch_object($q);
  582. if ($row2->vote_date >= $timenow)
  583. {
  584. $timeaz=gmdate("G:i:s",$row2->vote_date-$timenow);
  585. return $this->msg(1, "You have to wait to vote for that site again.<br />" . $timeaz);
  586. }
  587. }
  588. mysql_query("INSERT INTO vlogs SET vote_id = '" . $id . "', id = '" . $userid . "', ip_address = '" . $_SERVER['REMOTE_ADDR'] . "', vote_date = '" . $timefuture . "'");
  589. mysql_query("UPDATE account SET vp = (vp + 1) WHERE id = '$userid' LIMIT 1") or die(mysql_error());
  590. }
  591. header('Location: ' . $row->url);
  592.  
  593. exit;
  594. }
  595. }
  596.  
  597. function getVoteSites()
  598. {
  599. if (isset($_POST['_id']))
  600. $this->castVote($_POST['_id']);
  601. ?>
  602. <form method="post" name="_vote" id="_vote" action="?page=vote">
  603. <input type="hidden" value="0" name="_id" id="_id" />
  604. <?php
  605. $q = mysql_query("SELECT * FROM vlinks");
  606. while ($row = mysql_fetch_object($q))
  607. {
  608. ?>
  609. <img src="<?php echo $row->imageurl; ?>" alt="<?php echo $row->title; ?>" onclick="castVote('<?php echo $row->id; ?>');" style="cursor:pointer;" width="90" height="55" />
  610. <?php
  611. }
  612. ?>
  613. </form>
  614. <script>
  615. function castVote(id)
  616. {
  617. document.getElementById('_id').value = id;
  618. document.getElementById('_vote').submit();
  619. }
  620. </script>
  621. <?php
  622. }
  623.  
  624. function getVoteRewards()
  625. {
  626. $q = mysql_query("SELECT * FROM vrewards") or die(mysql_error());
  627. if(mysql_num_rows($q) != 0)
  628. {
  629. while($i = mysql_fetch_assoc($q))
  630. {
  631.  
  632. for($c = 1; $c <= 7; $c++)
  633. {
  634. if(!empty($i['stat'.$c]))
  635. {
  636. $stat[$c] = '<span class=\\\'margin-left:5px\\\'>'.$i['stat'.$c].'</span><br />';
  637. }
  638. else
  639. {
  640. $stat[$c] = '';
  641. }
  642. }
  643.  
  644. if($i['customItem'] == 'true')
  645. {
  646. echo '<a href="javascript:;" onmouseover="$WowheadPower.showTooltip(event, \'<span class=\\\''.$i['itemType'].' bold\\\'>'.$i['itemName'].'</span><br />'.$stat[1].$stat[2].$stat[3].$stat[4].$stat[6].$stat[7].'<br /><span class=\\\'green\\\'>This item costs: <span style=\\\'color:white\\\'>'.$i['price'].'</span> points</span>\', \'INV_Misc_Gift_01\')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();"><span class="'.$i['itemType'].'">'.$i['itemName'].'</span></a> - '.$i['price'].' points - <a href="?buy=v&itemid='.$i['itemid'].'">Buy this item</a><br />';
  647. }
  648. else
  649. {
  650. echo '<table><tr><td><a href="javascript:;" rel="item='.$i['itemid'].'"></td><td><span class="'.$i['itemType'].'"></td><td>'.$i['itemName'].'</td></span></a> - <td>'.$i['price'].' points - </td><a href="?buy=v&itemid='.$i['itemid'].'">Buy this item</a><br />';
  651. }
  652.  
  653. }
  654. }
  655. else
  656. {
  657. echo '<i>No rewards have been added to the vote system, please contact an administrator.</i>';
  658. }
  659. }
  660.  
  661. function getDonationRewards()
  662. {
  663.  
  664. $q = mysql_query("SELECT * FROM drewards") or die(mysql_error());
  665. if(mysql_num_rows($q) != 0)
  666. {
  667. while($i = mysql_fetch_assoc($q))
  668. {
  669.  
  670. for($c = 1; $c <= 7; $c++)
  671. {
  672. if(!empty($i['stat'.$c]))
  673. {
  674. $stat[$c] = '<span class=\\\'margin-left:5px\\\'>'.$i['stat'.$c].'</span><br />';
  675. }
  676. else
  677. {
  678. $stat[$c] = '';
  679. }
  680. }
  681.  
  682. if($i['customItem'] == 'true')
  683. {
  684. echo '<a href="javascript:;" onmouseover="$WowheadPower.showTooltip(event, \'<span class=\\\''.$i['itemType'].' bold\\\'>'.$i['itemName'].'</span><br />'.$stat[1].$stat[2].$stat[3].$stat[4].$stat[6].$stat[7].'<br /><span class=\\\'green\\\'>This item costs: <span style=\\\'color:white\\\'>'.$i['price'].'</span> points</span>\', \'INV_Misc_Gift_01\')" onmousemove="$WowheadPower.moveTooltip(event)" onmouseout="$WowheadPower.hideTooltip();"><span class="'.$i['itemType'].'">'.$i['itemName'].'</span></a> - '.$i['price'].' points - <a href="?buy=d&itemid='.$i['itemid'].'">Buy this item</a><br />';
  685. }
  686. else
  687. {
  688. echo '<a href="javascript:;" rel="item='.$i['itemid'].'"><span class="'.$i['itemType'].'">'.$i['itemName'].'</span></a> - '.$i['price'].' points - <a href="?buy=d&itemid='.$i['itemid'].'">Buy this item</a><br />';
  689. }
  690.  
  691. }
  692. }
  693. else
  694. {
  695. echo '<i>No rewards have been added to the donation system, please contact an administrator.</i>';
  696. }
  697. }
  698.  
  699. function getChars($id)
  700. {
  701. global $donate, $db;
  702. mysql_select_db($donate->chardb) or die(mysql_error());
  703.  
  704. $results = array();
  705. $q = $this->db->query("SELECT * FROM characters WHERE account = '$id'");
  706. if(mysql_num_rows($q) != 0)
  707. {
  708. while($row = mysql_fetch_assoc($q))
  709. {
  710. $results[] = $row;
  711. }
  712.  
  713. if(isset($_POST['purchase']))
  714. {
  715. $char = $_POST['char'];
  716. $this->buyItem($_GET['itemid'], $char);
  717. }
  718.  
  719. if(isset($_POST['unstuck']))
  720. {
  721. include("settings/config.php");
  722. ini_set("display_errors", 0);
  723. $char = $_POST['char'];
  724. $fp = fsockopen("62.141.45.254", 3443, $errno, $errstr, 30);
  725. sleep (1);
  726. $out = "USER $rauser\n";
  727. $out2 = "PASS $rapass\n";
  728. $out3 = "tele name $char\n"; //send items
  729. fwrite($fp, $out);
  730. sleep (1);
  731. fwrite($fp, $out2);
  732. sleep (1);
  733. fwrite($fp, $out3);
  734. sleep (1);
  735. fclose($fp);
  736. if(!$fp)
  737. {
  738.  
  739. return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
  740. ini_set("display_errors", 1);
  741. }
  742. return $this->mmsg('success', 'Your character has been teleported to Dalaran.');
  743.  
  744. }
  745. if(isset($_POST['revive']))
  746. {
  747. $char = $_POST['char'];
  748. ini_set("display_errors", 0);
  749. include("settings/config.php");
  750. $fp = fsockopen("62.141.45.254", 3443, $errno, $errstr, 30);
  751. sleep (1);
  752. $out = "USER $rauser\n";
  753. $out2 = "PASS $rapass\n";
  754. $out3 = "revive $char\n"; //revive
  755. fwrite($fp, $out);
  756. sleep (1);
  757. fwrite($fp, $out2);
  758. sleep (1);
  759. fwrite($fp, $out3);
  760. sleep (1);
  761. fclose($fp);
  762. if(!$fp)
  763. {
  764.  
  765. return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
  766. ini_set("display_errors", 1);
  767. }
  768. return $this->mmsg('success', 'Your character has been Revived.');
  769. }
  770. }
  771.  
  772. mysql_select_db($db->maindb);
  773. return $results;
  774. }
  775.  
  776. function getVChars($id)
  777. {
  778. global $donate, $db;
  779. mysql_select_db($donate->chardb) or die(mysql_error());
  780.  
  781. $results = array();
  782. $q = $this->db->query("SELECT * FROM characters WHERE account = '$id'");
  783. if(mysql_num_rows($q) != 0)
  784. {
  785. while($row = mysql_fetch_assoc($q))
  786. {
  787. $results[] = $row;
  788. }
  789.  
  790. if(isset($_POST['purchase']))
  791. {
  792. $char = $_POST['char'];
  793. $this->buyvItem($_GET['itemid'], $char);
  794. }
  795.  
  796. }
  797.  
  798. mysql_select_db($db->maindb);
  799. return $results;
  800. }
  801.  
  802.  
  803. function sendItem($itemId, $cName, $subject, $body)
  804. {
  805. global $soap, $donate, $db;
  806.  
  807. $this->db->sel_db($donate->chardb);
  808. $q = $this->db->select('guid', 'characters', '`name` = "' . $cName . '"');
  809. $count = mysql_num_rows($q);
  810. if ($count == 1)
  811. {
  812. //$client = new SoapClient(NULL, array(
  813. // "location" => $soap->host.":".$soap->port."",
  814. // "uri" => "urn:TC",
  815. // "style" => SOAP_RPC,
  816. // 'login' => $soap->username,
  817. // 'password' => $soap->password,
  818. // 'connection_timeout' => 10
  819. //));
  820.  
  821. //$command = "send items $cName \"$subject\" \"$body\" $itemId";
  822.  
  823. try {
  824. //$result = $client->executeCommand(new SoapParam($command, "command"));
  825. $fp = fsockopen("62.141.45.254", 3443, $errno, $errstr, 30);
  826. sleep (1);
  827.  
  828. $out = "USER THEKNIGHT\n";
  829. $out2 = "PASS darkfire141093\n";
  830.  
  831. $out3 = "send items $cName \"$subject\" \"$body\" $itemId\n"; //send items
  832. fwrite($fp, $out);
  833. sleep (1);
  834. fwrite($fp, $out2);
  835. sleep (1);
  836. fwrite($fp, $out3);
  837. sleep (1);
  838. fclose($fp);
  839. return true;
  840. if(!$fp)
  841. {
  842.  
  843. return $this->mmsg('error', 'Something went wrong (Probably the tool is offline try again later)');
  844. ini_set("display_errors", 1);
  845. die();
  846. }
  847.  
  848. }
  849.  
  850. catch (Exception $e)
  851. {
  852. var_dump($e);exit;
  853. return false;
  854. }
  855.  
  856. }
  857.  
  858. $this->db->sel_db($db->maindb);
  859. }
  860.  
  861. function buyvItem($id, $char = NULL)
  862. {
  863. global $db;
  864. mysql_select_db($db->maindb);
  865.  
  866. $q = mysql_query("SELECT * FROM vrewards WHERE itemid = '$id'") or die(mysql_error());
  867.  
  868. if(!mysql_num_rows($q) == 0)
  869. {
  870. $i = mysql_fetch_assoc($q);
  871. $price = $i['price'];
  872.  
  873. echo 'You are purchasing:<br /><br />'.
  874. 'Item: <span class="'.$i['itemType'].' bold">'.$i['itemName'].'</span><br />'.
  875. 'Price: <span class="bold">'.$price.'</span><br /><br />'.
  876.  
  877. 'Are you sure you want to purchase this item?<br /><br />';
  878. }
  879. else
  880. {
  881. echo '<i>This item is not available.</i>';
  882. return;
  883. }
  884.  
  885. if(isset($_GET['buy']) && $char != NULL)
  886. {
  887. $this->loader();
  888. $userid = $_SESSION['id'];
  889.  
  890. $q = mysql_query("SELECT * FROM account WHERE id = '$userid'") or die(mysql_error());
  891.  
  892. if(mysql_num_rows($q) > 0)
  893. {
  894. $r = mysql_fetch_assoc($q);
  895. if($r['vp'] >= $price)
  896. {
  897. $total_points = $r['vp'] - $price;
  898.  
  899. if ($this->sendItem($id, $char, "Thanks for voting", "ScornCraft Thanks you for your support in keeping this server running!"))
  900. {
  901. $this->db->sel_db($db->maindb);
  902. $q = $this->db->query("UPDATE account SET vp = '$total_points' WHERE id = '$userid'");
  903. header("Location: ?page=itembought");
  904. }
  905. else
  906. {
  907. header("Location: ?page=itemfailed");
  908. exit;
  909. }
  910. }
  911. else
  912. {
  913. return $this->msg(1,'You do not have enough points, vote for more <a href="?page=vote">here</a>.');
  914. }
  915.  
  916. }
  917. else
  918. {
  919. return $this->msg(1,'User has no points or does not exist in the database, please contact administrator if this is wrong.');
  920. }
  921.  
  922. }
  923.  
  924. }
  925.  
  926. function loader()
  927. {
  928. global $db;
  929. mysql_select_db($db->maindb);
  930. echo '<img src="images/loaderbuy.gif" alt="loadergif"/>';
  931. }
  932.  
  933. function buyItem($id, $char = NULL)
  934. {
  935. global $db;
  936. mysql_select_db($db->maindb);
  937.  
  938. $q = mysql_query("SELECT * FROM drewards WHERE itemid = '$id'") or die(mysql_error());
  939.  
  940. if(!mysql_num_rows($q) == 0)
  941. {
  942. $i = mysql_fetch_assoc($q);
  943. $price = $i['price'];
  944.  
  945. echo 'You are purchasing:<br /><br />'.
  946. 'Item: <span class="'.$i['itemType'].' bold">'.$i['itemName'].'</span><br />'.
  947. 'Price: <span class="bold">'.$price.'</span><br /><br />'.
  948.  
  949. 'Are you sure you want to purchase this item?<br /><br />';
  950. }
  951. else
  952. {
  953. echo '<i>This item is not available.</i>';
  954. return;
  955. }
  956.  
  957. if(isset($_GET['buy']) && $char != NULL)
  958. {
  959. $userid = $_SESSION['id'];
  960.  
  961. $q = mysql_query("SELECT * FROM account WHERE id = '$userid'") or die(mysql_error());
  962.  
  963. if(mysql_num_rows($q) > 0)
  964. {
  965. $r = mysql_fetch_assoc($q);
  966. if($r['dp'] >= $price)
  967. {
  968. $total_points = $r['dp'] - $price;
  969.  
  970. if ($this->sendItem($id, $char, "Thanks for donating", "ScornCraft Thanks you for your support in keeping this server running!"))
  971. {
  972. $this->db->sel_db($db->maindb);
  973. $q = $this->db->query("UPDATE account SET dp = '$total_points' WHERE id = '$userid'");
  974. header("Location: ?page=itembought");
  975. }
  976. else
  977. {
  978. header("Location: ?page=itemfailed");
  979. exit;
  980. }
  981. }
  982. else
  983. {
  984. return $this->msg(1,'You do not have enough points, donate for more <a href="?page=donate">here</a>.');
  985. }
  986.  
  987. }
  988. else
  989. {
  990. return $this->msg(1,'User has no points or does not exist in the database, please contact administrator if this is wrong.');
  991. }
  992.  
  993. }
  994.  
  995. }
  996.  
  997. function addReward($type)
  998. {
  999. if(isset($_POST['additem']))
  1000. {
  1001. foreach($_POST as $c => $v)
  1002. {
  1003. $_POST[$c] = mysql_real_escape_string($v);
  1004. }
  1005.  
  1006. if(!isset($_POST['customitem']))
  1007. {
  1008. return $this->msg(1,'You must select the custom item value.');
  1009. }
  1010.  
  1011. if(!isset($_POST['itemtype']))
  1012. {
  1013. return $this->msg(1,'You must select an item color.');
  1014. }
  1015.  
  1016. if(!isset($_POST['itemName']) && !isset($_POST['itemid']))
  1017. {
  1018. return $this->msg(1,'You must fill in an Item name & ID');
  1019. }
  1020.  
  1021. $item_id = $_POST['itemid'];
  1022. $price = $_POST['price'];
  1023.  
  1024. if($_POST['customitem'] != 'true')
  1025. {
  1026. $q = $this->db->query("INSERT INTO $type SET itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', customItem = 'false', itemid = '$item_id', price = '$price'");
  1027. }
  1028. else
  1029. {
  1030. $q = $this->db->query("INSERT INTO $type SET customItem = 'true', itemid = '$item_id', itemName = '$_POST[itemname]', itemType = '$_POST[itemtype]', stat1 = '$_POST[stat1]', stat2 = '$_POST[stat2]', stat3 = '$_POST[stat3]', stat4 = '$_POST[stat4]', stat5 = '$_POST[stat5]', stat6 = '$_POST[stat6]', stat7 = '$_POST[stat7]', stat8 = '$_POST[stat8]', stat9 = '$_POST[stat9]', stat10 = '$_POST[stat10]', price = '$price'");
  1031. }
  1032.  
  1033. if(!$q)
  1034. {
  1035. return $this->msg(1,'Something went wrong, please try again.');
  1036. }
  1037. else
  1038. {
  1039. header("Location: ?admin");
  1040. exit;
  1041. }
  1042. }
  1043. }
  1044.  
  1045. function adminDeleteReward($type)
  1046. {
  1047. if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
  1048. {
  1049. $del = ($type == 'donations') ? 'drewards' : 'vrewards';
  1050. if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
  1051. {
  1052. $id = $_GET['delete'];
  1053. $q = $this->db->del($del, "itemid = '$id'");
  1054. header("Location: ./?admin=$type");
  1055. }
  1056. }
  1057. }
  1058.  
  1059. function adminDeleteSite($type)
  1060. {
  1061. if(isset($_GET['admin']) && $_GET['admin'] == $type && isset($_GET['delete']))
  1062. {
  1063. $del = ($type == 'sites') ? 'vlinks' : 'THIS DOEZ NOT WORK!!404 ERROR OMGAD';
  1064. if(isset($_GET['true']) && $_GET['true'] == $_SESSION['id'])
  1065. {
  1066. $id = $_GET['delete'];
  1067. $q = $this->db->del($del, "id = '$id'");
  1068. header("Location: ./?admin=$type");
  1069. }
  1070. }
  1071. }
  1072.  
  1073. function addSite()
  1074. {
  1075. if(isset($_POST['addsite']))
  1076. {
  1077. foreach($_POST as $c => $v)
  1078. {
  1079. $_POST[$c] = mysql_real_escape_string($v);
  1080. }
  1081.  
  1082. if(empty($_POST['title'])) return $this->msg(1,'Voting title is empty, please try again.');
  1083. if(empty($_POST['imageurl'])) return $this->msg(1, 'Image url is empty, please try again.');
  1084. if(empty($_POST['url'])) return $tihs->msg(1, 'Link is empty, please try again.');
  1085.  
  1086. $q = $this->db->query("INSERT INTO vlinks SET title = '$_POST[title]', imageurl = '$_POST[imageurl]', url = '$_POST[url]'");
  1087. if($q)
  1088. {
  1089. header("Location: ./?admin=sites");
  1090. exit;
  1091. }
  1092. else
  1093. {
  1094. return $this->msg(1, 'Something went wrong, please try again.');
  1095. }
  1096. }
  1097. }
  1098.  
  1099. function playersOnline($id)
  1100. {
  1101. global $realm, $db;
  1102. $dbs = explode(',', $realm->chardb);
  1103.  
  1104. $this->db->sel_db($dbs[$id]);
  1105. $q = $this->db->query("SELECT * FROM characters WHERE online = 1");
  1106.  
  1107. while($row = mysql_fetch_assoc($q))
  1108. {
  1109. print '<tr>
  1110. <td>&nbsp;'.$row['name'].'</td>
  1111. <td>&nbsp;'.$row['level'].'</td>
  1112. <td>&nbsp;<img src="images/stats/'.$row['class'].'.gif" /></td>
  1113. <td>&nbsp;<img src="images/stats/'.$row['race']."-".$row['gender'].'.gif" /></td>
  1114.  
  1115. </tr>';
  1116. }
  1117.  
  1118. return $this->db->sel_db($db->maindb);
  1119. }
  1120.  
  1121. function statusOnline($id)
  1122. {
  1123. global $realm, $db;
  1124. $dbs = explode(',', $realm->chardb);
  1125.  
  1126. $this->db->sel_db($dbs[$id]);
  1127. $q = $this->db->query("SELECT * FROM characters WHERE online = 1");
  1128. $online = mysql_num_rows($q);
  1129. $this->db->sel_db($db->maindb);
  1130.  
  1131. return print $online;
  1132. }
  1133. }
  1134. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!