You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
320 lines
12 KiB
320 lines
12 KiB
14 years ago
|
<?php
|
||
|
/*
|
||
|
*
|
||
|
* @copyright (c) 2010 animegame.eu
|
||
|
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
|
||
|
*
|
||
|
*/
|
||
|
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/config.inc.php');
|
||
|
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');
|
||
|
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
|
||
|
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/messagefunctions.inc.php');
|
||
|
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/designfunctions.inc.php');
|
||
|
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
|
||
|
|
||
|
// GET-Section
|
||
|
// Kritisch (SQL-Injections)
|
||
|
$besitzer = validateName($_REQUEST['besitzer']);
|
||
|
$betreff = validateString($_REQUEST['betreff']);
|
||
|
$text = validateString($_REQUEST['text']);
|
||
|
$nachrichten = validateUnsignedIntegerArray($_REQUEST['checky'], 0);
|
||
|
$nummer = validateUnsignedInteger($_REQUEST['nr'], null);
|
||
|
$id = validateUnsignedInteger($_REQUEST['id'], null);
|
||
|
$page = validateUnsignedInteger($_REQUEST['page'], null);
|
||
|
$ignoname = validateName($_REQUEST['ignoname']);
|
||
|
|
||
|
// Unkritisch
|
||
|
$charm = $_REQUEST['charm'];
|
||
|
|
||
|
|
||
|
function deleteFromIgnorelist($userid, $ignoredUserId){ //charm 7
|
||
|
mysql_query('DELETE FROM ignolist WHERE user=\''.$ignoredUserId.'\' AND besitzer=\''.$userid.'\' LIMIT 1');
|
||
|
|
||
|
$user_name = mysql_fetch_array(mysql_query('SELECT nickname FROM user WHERE id=\''.$ignoredUserId.'\''));
|
||
|
|
||
|
$fehler_m = $user_name[nickname].' wurde erfolgreich aus der Ignoreliste entfernt.';
|
||
|
$weiter_an = '<a href="index.php?as=nachricht&charm=5">weiter...</a>';
|
||
|
|
||
|
displayErrorMessage('Änderungen übernommen',$fehler_m,$weiter_an);
|
||
|
}
|
||
|
function insertInIgnorelist($userid, $ignorename){ /// if($charm == 6) {
|
||
|
$ignore_user = mysql_fetch_array(mysql_query('SELECT id FROM user WHERE nickname=\''.$ignorename.'\''));
|
||
|
$bereits_ignoriert = mysql_num_rows(mysql_query('SELECT id FROM ignolist WHERE besitzer='.$userid.' AND user='.$ignore_user[id]));
|
||
|
$fehler_m = '';
|
||
|
$weiter_an = '<a href="index.php?as=nachricht&charm=5">weiter...</a>';
|
||
|
if($bereits_ignoriert) {
|
||
|
$fehler_m = 'Nachrichten von '.$ignorename.' werden schon ignoriert.';
|
||
|
} else{
|
||
|
mysql_query('INSERT ignolist SET user='.$ignore_user[id].', besitzer='.$userid);
|
||
|
$fehler_m = 'Die Nachrichten von '.$ignorename.' werden ab jetzt ignoriert.';
|
||
|
}
|
||
|
displayErrorMessage('Änderungen übernommen',$fehler_m,$weiter_an);
|
||
|
}
|
||
|
|
||
|
function showIngorelist($userid){//if($charm == 5) {
|
||
|
|
||
|
?>
|
||
|
<form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="get">
|
||
|
<input type="hidden" name="as" value="nachricht">
|
||
|
<input type="hidden" name="charm" value="6">
|
||
|
<table border="0" width="100%" height="166" id="AutoNumber1">
|
||
|
<tr>
|
||
|
<th width="336" height="15" colspan="2" align="center">Ignorierlist</th>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th width="73" height="15">Name</th>
|
||
|
<td width="257" height="15"><input id="input" name="ignoname"></input></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td width="73" height="28"></td>
|
||
|
<td width="257" height="28"><input id="input" type="submit" value="Ignorieren"></input></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th width="336" height="47" colspan="2" align="center">Ignorierte Nutzer</th>
|
||
|
</tr>
|
||
|
<?php
|
||
|
$user_igno_list = mysql_query('SELECT u.nickname, u.id FROM ignolist i LEFT JOIN user u ON(u.id=i.user) WHERE i.besitzer='.$userid);
|
||
|
while($row = mysql_fetch_assoc($user_igno_list)) {
|
||
|
?>
|
||
|
<tr>
|
||
|
<td width="336" height="15" colspan="2" align="center"><?php echo "<a href=index.php?as=nachricht&charm=7&id=".$row[id].">".$row[nickname]."</a>"; ?></td>
|
||
|
</tr>
|
||
|
<?php
|
||
|
}
|
||
|
?>
|
||
|
</table>
|
||
|
</form>
|
||
|
<?php
|
||
|
}
|
||
|
|
||
|
function displayMessage($userid,$nr){//if($charm == 3) {
|
||
|
$nachricht = mysql_Fetch_assoc(mysql_Query('SELECT text, betreff, id, von FROM nachricht WHERE id='.$nr.' AND besitzer='.$userid));
|
||
|
mysql_query('UPDATE nachricht SET ag=\'alt\' WHERE id='.$nachricht[id]);
|
||
|
|
||
|
?>
|
||
|
<table cellpadding="0" cellspacing="0" width="80%" height="176">
|
||
|
<tr>
|
||
|
<td> </td>
|
||
|
<td height="31"> </td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th valign="top" align="center">User</th>
|
||
|
<td height="25" valign="top" align="center"><?php echo '<a href="index.php?as=info&userage='.$nachricht[von].'"> '.$nachricht[von].'</a>'; ?></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th valign="top" align="center">Betreff</th>
|
||
|
<td height="25" valign="top" align="center"><?php echo $nachricht[betreff]; ?></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th valign="top" align="center">Text</th>
|
||
|
<td height="25" valign="top">
|
||
|
<table cellpadding="0" cellspacing="0" width="250" border=1 height="25">
|
||
|
<tr>
|
||
|
<td width="" height="30"> <?php echo $nachricht[text]; ?></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td width="185" valign="top" align="center"> </td>
|
||
|
<td height="50" width="205" valign="top" align="center"><a href="index.php?as=nachricht&charm=1&besitzer=<?php echo $nachricht[von];?>">Antwort</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<?php
|
||
|
}
|
||
|
?>
|
||
|
<?php
|
||
|
|
||
|
|
||
|
function deleteMessage($userid,$nachrichten){//if($charm == 2) {
|
||
|
|
||
|
// Sollte auch alles in einer sql-anfrage geschehen koennen
|
||
|
/*
|
||
|
$nachricht = mysql_num_rows(mysql_Query("SELECT id FROM nachricht WHERE besitzer='$user_ida[id]'"));
|
||
|
$o = 0;
|
||
|
while($o < $nachricht) {
|
||
|
if($checket[$o] != "") {
|
||
|
mysql_Query("DELETE FROM nachricht WHERE id='$checket[$o]' AND besitzer='$user_ida[id]'");
|
||
|
|
||
|
}
|
||
|
$o++;
|
||
|
}
|
||
|
*/
|
||
|
if(isset($nachrichten)){
|
||
|
$weiter_an = '<a href="index.php?as=nachricht">weiter...</a>';
|
||
|
// echo implode(',', $nachrichten);
|
||
|
mysql_query('DELETE FROM nachricht WHERE besitzer='.$userid.' AND id IN ('.implode(',',$nachrichten).')');
|
||
|
displayErrorMessage('Änderungen übernommen','Nachrichten Erfolgreich gelöscht',$weiter_an);
|
||
|
} else{
|
||
|
displayErrorMessage(NULL, 'Nachrichten konnten nicht gelöscht werden',displayHistoryBackLink());
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
function sendMessageForumlar($userid,$username,$besitzer,$betreff,$text){// if($charm == 1) {
|
||
|
$weiter_an = '<a href="index.php?as=nachricht&charm=1">weiter...</a>';
|
||
|
if(isset($besitzer) && isset($text)) {
|
||
|
$user_erf = mysql_fetch_assoc(mysql_query('SELECT id FROM user WHERE nickname=\''.$besitzer.'\''));
|
||
|
$igno_user = mysql_num_rows(mysql_query('SELECT id FROM ignolist WHERE besitzer='.$user_erf[id].' AND user='.$userid));
|
||
|
|
||
|
if($igno_user) {
|
||
|
displayErrorMessage(NULL,'Fehler, der Nutzer '.$besitzer.' hat dich auf seiner Ignorierliste',$weiter_an);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if(!$user_erf[id]) {
|
||
|
displayErrorMessage(NULL,'Fehler, Nutzer '.$besitzer.' existiert nicht...',$weiter_an);
|
||
|
return;
|
||
|
}
|
||
|
sendMessage($username, $user_erf[id], $betreff, $text);
|
||
|
displayErrorMessage('Änderungen übernommen','Nachricht erfolgreich verschickt',$weiter_an);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
?>
|
||
|
<SCRIPT language="JavaScript">
|
||
|
|
||
|
function check(){
|
||
|
val = document.getElementById("user").value.toLowerCase();
|
||
|
if(<?php
|
||
|
$qry = mysql_query('SELECT nickname FROM user where gm = \'ja\'');
|
||
|
echo 'val == "hecht"';
|
||
|
while($row = mysql_fetch_assoc($qry)){
|
||
|
echo ' || val == "'.strtolower($row['nickname']).'"';
|
||
|
}
|
||
|
?>){
|
||
|
document.getElementById('notify').innerHTML = "Bugreports, Sittinganfragen und andere Adminangelegenheiten bitte nicht via pn verschicken (auch nicht im Forum)!!";
|
||
|
}else{
|
||
|
document.getElementById('notify').innerHTML = "";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
</SCRIPT>
|
||
|
<form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="get">
|
||
|
<!--- Wird eh im PHP-Skript abgefangen! -->
|
||
|
<input type="hidden" name="as" value="nachricht"></input>
|
||
|
<input type="hidden" name="charm" value="1"></input>
|
||
|
<table cellpadding="0" cellspacing="0" width="50%">
|
||
|
<tr>
|
||
|
<td height="31" width="100%" colspan="2" id="notify"><?php
|
||
|
if(strtolower($besitzer) == 'hecht' || strtolower($besitzer) == 'heucheal' || strtolower($besitzer) == 'senf' || strtolower($besitzer) == 'vendetta'){
|
||
|
echo 'Bugreports, Sittinganfragen und andere Adminangelegenheiten bitte nicht via pn verschicken (auch nicht im Forum)!!';
|
||
|
} else{
|
||
|
echo ' ';
|
||
|
}
|
||
|
?></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th height="25" width="245" valign="top" align="left">User</th>
|
||
|
<td height="25" width="271" valign="top" align="center"><input class="input" id="user" name="besitzer" size="25" value="<?php echo $besitzer; ?>" onchange="check()"></input></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th height="25" width="245" valign="top" align="left">Betreff</th>
|
||
|
<td height="25" width="271" valign="top" align="center"><input class="input" name="betreff" size="25" value="<?php echo $betreff; ?>" onfocus="check()"></input></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<th height="70" width="245" valign="top" align="left">Text</th>
|
||
|
<td height="70" width="271" valign="top" align="center"><textarea class="input" rows="8" name="text" cols="40" onfocus="check()"><?php echo $text; ?></textarea></td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td height="25" width="245" valign="top" align="center"> </td>
|
||
|
<td height="25" width="271" valign="top" align="center"><input class="input" type="submit" value="Nachricht verschicken"></input></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</form>
|
||
|
<?php
|
||
|
}
|
||
|
function mainPage($userid,$aktualPage){
|
||
|
if($aktualPage == NULL){
|
||
|
$aktualPage = 0;
|
||
|
}
|
||
|
$nachricht = mysql_query('SELECT betreff, ag, von, datum, id FROM nachricht WHERE besitzer='.$userid.' order by id DESC LIMIT '.($aktualPage*30).',30');
|
||
|
$anzahl = mysql_fetch_assoc(mysql_query('SELECT count(*) as anzahl from nachricht WHERE besitzer='.$userid));
|
||
|
$anzahl = ceil($anzahl[anzahl]/30);
|
||
|
?>
|
||
|
<form name="nachrichten" action="<?php echo $_SERVER[PHP_SELF]; ?>" method="post">
|
||
|
<input type="hidden" name="as" value="nachricht">
|
||
|
<input type="hidden" name="charm" value="2">
|
||
|
<table cellpadding="0" cellspacing="0" width="100%" height="172">
|
||
|
<tr>
|
||
|
<th height="44" valign="top" width="100%" colspan="6" align="center"><a href="index.php?as=nachricht&charm=1">Nachrichten Schreiben</a> | <a href="index.php?as=nachricht&charm=5">Ignoreliste</a></th>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td height="28" width="30" valign="top" align="center"> </td>
|
||
|
<th height="28" width="98" valign="top" align="center">Betreff</th>
|
||
|
<th height="28" width="128" valign="top" align="center">Von</th>
|
||
|
<th height="28" width="128" valign="top" align="center">Datum</th>
|
||
|
</tr>
|
||
|
<?php
|
||
|
$t=0;
|
||
|
while($row = mysql_fetch_assoc($nachricht)) {
|
||
|
?>
|
||
|
<tr>
|
||
|
<td height="40" width="32" valign="top" align="left"><?php echo '<input id="input" name="checky['.$t.']" type="checkbox" value="'.$row[id].'"> ('.$row[ag].')'; ?></td>
|
||
|
<th height="28" width="98" valign="top" align="center"><?php echo $row[betreff]; ?></th>
|
||
|
<th height="28" width="128" valign="top" align="center"><?php echo '<a href="index.php?as=nachricht&charm=3&nr='.$row[id].'">'.$row[von].'</a>'; ?></th>
|
||
|
<th height="28" width="128" valign="top" align="center"><?php echo $row[datum]; ?></th>
|
||
|
</tr>
|
||
|
<?php
|
||
|
$t++;
|
||
|
}
|
||
|
?>
|
||
|
<tr>
|
||
|
<td height="28" valign="top" align="left" colspan="5">
|
||
|
|
||
|
<script language="JavaScript">
|
||
|
|
||
|
function mark(){
|
||
|
for(var i=0;i<document.forms["nachrichten"].length;i++){
|
||
|
document.forms["nachrichten"].elements[i].checked = true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
</script>
|
||
|
|
||
|
<input id="input" type="button" name="mark_all" value="alle markieren" onClick="javascript:mark()"/>
|
||
|
|
||
|
|
||
|
<input id="input" type="submit" value="Löschen" />
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td colspan="4" width="100%" align="center">
|
||
|
<?php
|
||
|
echo displayPagelinks($aktualPage,$anzahl,'<a href="'.$_SERVER[PHP_SELF].'?as=nachricht&page=###PAGE###">###LABEL###</a>');
|
||
|
?>
|
||
|
</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</form>
|
||
|
<?php
|
||
|
}
|
||
|
|
||
|
// So und nun die Operationen um die anderen Daten zu fuellen
|
||
|
// Generell werden alle Daten via GET uebergeben!
|
||
|
if(isset($user_ida['id'])){
|
||
|
if($charm == 1){
|
||
|
sendMessageForumlar($user_ida['id'],$user_ida['nickname'],$besitzer,$betreff,$text);
|
||
|
} else if($charm == 2){
|
||
|
deleteMessage($user_ida['id'],$nachrichten);
|
||
|
} else if ($charm == 3){
|
||
|
displayMessage($user_ida['id'],$nummer);
|
||
|
} else if($charm == 4){
|
||
|
// Gibts nicht!
|
||
|
echo 'Hey Cheater!! Versuchs woanders!! :P';
|
||
|
}else if($charm == 5){
|
||
|
showIngorelist($user_ida['id']);
|
||
|
} else if($charm == 6){
|
||
|
insertInIgnorelist($user_ida['id'], $ignoname);
|
||
|
} else if($charm == 7){
|
||
|
deleteFromIgnorelist($user_ida['id'], $id);
|
||
|
}
|
||
|
else{
|
||
|
mainPage($user_ida['id'],$page);
|
||
|
}
|
||
|
}
|
||
|
?>
|