<?php /* * * @copyright (c) 2009 animegame.eu * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence * */ include_once (ROOT_PATH . '/include/config.inc.php'); include_once (ROOT_PATH . '/include/designfunctions.inc.php'); include_once (ROOT_PATH . '/include/fehlerausgabe.inc.php'); include_once (ROOT_PATH . '/include/parse.inc.php'); include_once (ROOT_PATH . '/include/clan.inc.php'); include_once (ROOT_PATH . '/include/user.inc.php'); // GET-Section // Kritisch (SQL-Injections) $clan_name = validateName($_GET['clan_name']); $clan_for = validateString($_GET['clan_for']); $clan_back = validateString($_GET['clan_back']); $clan_info = validateString($_GET['clan_info']); // Unkritisch $user = $user_ida; $charm = $_GET['charm']; //Defines defineIfNotDefined("CLAN_CREATION_FEE", 20000); if ($charm == 1) { $error = null; if (!$clan_for AND !$clan_back) { $error .= 'Sie müssen ein Clanzeichen haben.<br>'; } if(strlen($clan_for.$clan_back) > MAX_CHARS_CLANSIGN) { $error .= 'Clanzeichen sind ungültig: Summe aus beiden Teilen darf nicht größer als '.MAX_CHARS_CLANSIGN.' Zeichen sein!.<br>'; } if (!$clan_name) { $error .= 'Sie müssen einen Clannamen haben.<br>'; } if ($user['clan'] != 0) { $error .= 'Sie haben schon einen Clan.<br>'; } $user_geld = getRelevantMoney($user['id']); if ($user_geld < CLAN_CREATION_FEE) { $error .= 'Sie haben nicht genug Geld um einen Clan gründen zu können.<br>'; } $sql = 'SELECT id, clanname FROM clan WHERE clanname = \'' .$clan_name. '\''; // echo $sql.'<br>'; $dup = mysqli_fetch_assoc(db_query($sql)); if($dup) { // we have a clan that has the same name!! $error .= 'Es gibt schon einen Clan mit dem Namen '.$clan_name.'.'; } if($error == null) { $sql = 'INSERT into clan(clanname,clanz_pre,clanz_suff,info, leader) values(\''.$clan_name.'\', \''.$clan_for.'\', \''.$clan_back.'\', \''.$clan_info.'\', '.$user_ida['id'].')'; // echo $sql.'<br>'; db_query($sql); if(db_affected_rows() > 0){ // Erstellen des Clans geglueckt $c_id = mysqli_fetch_assoc(db_query('Select * from clan where clanname = \''.$clan_name.'\'')); db_query('UPDATE user SET clan='.$c_id['id'].', geld = geld - '.CLAN_CREATION_FEE.' WHERE id='.$user_ida['id']); displayErrorMessage(NULL, 'Clan erfolgreich Erstellt.', '<a href="index.php?as=clan/clan_info">weiter...</a>'); } else{ $sql = 'Select * from clan where clanname = \''.$clan_name.'\''; $c_id = mysqli_fetch_assoc(db_query($sql)); if($c_id){ $error = 'Clanname besteht schon!'; } else{ $error = 'Insert failed!'; } displayErrorMessage(NULL, 'Clan erstellen fehlgeschlagen! ('.$error.')', displayHistoryBackLink()); } } else { displayErrorMessage(NULL, $error , displayHistoryBackLink()); } } else { ?> <form action="index.php" method="GET"> <input type="hidden" name="as" value="clan/new" /> <input type="hidden" name="charm" value="1" /> <table cellpadding="0" cellspacing="0" width="100%"> <tr> <th height="25" valign="top" width="557" colspan="2" align="center">Clan gründen</th> </tr> <tr> <th height="25" width="162" valign="top" align="center">Gründungsgebühr</th> <td height="25" width="395" valign="top"> <?php echo CLAN_CREATION_FEE;?> </td> </tr> <tr> <th height="25" width="162" valign="top" align="center">Clanname</th> <td height="25" width="395" valign="top"> <input name="clan_name"></td> </tr> <tr> <th height="25" width="162" valign="top" align="center">Clanzeichen vorn</th> <td height="25" width="395" valign="top"> <input name="clan_for" size="5" maxlength="10"></td> </tr> <tr> <th height="25" width="162" valign="top" align="center">Clanzeichen hinten</th> <td height="25" width="395" valign="top"> <input name="clan_back" size="5" maxlength="10"></td> </tr> <tr> <th height="25" width="162" valign="top" align="center">Clan Info</th> <td height="25" width="395" valign="top"> <textarea rows="5" cols="30" name="clan_info"></textarea></td> </tr> <tr> <td height="25" width="162" align="center" colspan="2"><input type="submit" value="Clan gründen"></td> </tr> </table> </form> <?php } ?>