<?php /* * * @copyright (c) 2009 animegame.eu * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence * */ include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/config.inc.php'); include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/designfunctions.inc.php'); include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/fehlerausgabe.inc.php'); include_once ($_SERVER['DOCUMENT_ROOT'] . 'ag/include/parse.inc.php'); // GET-Section // Kritisch (SQL-Injections) $new_leader = validateUnsignedInteger($_GET['new_leader'], null); $co_leader = validateUnsignedInteger($_GET['co_leader'], null); $clan_pw = validateString($_GET['clan_pw']); $clan_name = validateName($_GET['clan_name']); $clan_banner = validateURL($_GET['clan_banner']); $clan_b = validateString($_GET['clan_b']); $clan_page = validateString($_GET['clan_page']); $clan_v = validateString($_GET['clan_v']); $clan_info = validateString($_GET['clan_info']); // Unkritisch $charm = $_GET['charm']; $clan = mysql_fetch_assoc(mysql_query('SELECT * FROM clan WHERE id=' . $user_ida['clan'] . ' LIMIT 1')); $clan1 = mysql_query('SELECT nickname, id FROM user WHERE clan=' . $user_ida['clan']); $clan2 = mysql_query('SELECT nickname, id FROM user WHERE clan=' . $user_ida['clan']); $clan_8 = explode(',', $clan['clanzeichen']); if ($charm == 1) { $clan_upps = mysql_fetch_assoc(mysql_query("SELECT id, (Select 10 - count(*) from user u where clan = c.id and ((c.leader is null || c.leader != u.id) and (c.co_leader is null || c.co_leader != u.id))) as freeslots FROM clan c WHERE clanname='$clan_name' OR clanzeichen='$clan_v,$clan_b' AND id!='$user_ida[clan]'")); $cuu = mysql_fetch_assoc(mysql_query('SELECT clan FROM user WHERE id=' . $new_leader)); if ($cuu['clan'] != $user_ida['clan']) { displayErrorMessage(NULL, 'Fehler User ist nicht im Clan.', displayHistoryBackLink()); exit; } if ($clan_upps['id'] AND $clan_upps['id'] != $user_ida['clan']) { displayErrorMessage(NULL, 'Clanname oder Clan Zeichen gibt es schon.', displayHistoryBackLink()); exit; } if (!$clan_pw) { displayErrorMessage(NULL, 'Clanpasswort eingeben!', displayHistoryBackLink()); exit; } if (!$clan_v AND !$clan_b) { displayErrorMessage(NULL, 'Sie müssen ein Clanzeichen haben.', displayHistoryBackLink()); exit; } if (!$clan_name) { displayErrorMessage(NULL, 'Sie müssen einen Clanname haben.', displayHistoryBackLink()); exit; } if ($clan['leader'] != $user_ida['id'] AND $clan['co_leader'] != $user_ida['id']) { displayErrorMessage(NULL, 'Sie sind weder Leader noch Co-Leader!', displayHistoryBackLink()); exit; } // Check new conditions (10 Members + 1 Co + 1 Leader Slot available) if($clan['leader'] != $clan['co_leader'] && $new_leader == $co_leader && $clan_upps['freeslots'] <= 0){ // Failure displayErrorMessage(NULL, 'Alleinherrschaft ist leider nicht möglich, da sich zuviele User im Clan befinden!', displayHistoryBackLink()); exit; } mysql_query("UPDATE clan SET clanname='$clan_name', clanzeichen='$clan_v,$clan_b', pw='$clan_pw', info='$clan_info', leader='$new_leader', co_leader='$co_leader', homepage='$clan_page', banner='$clan_banner' WHERE id='$user_ida[clan]'"); displayErrorMessage(NULL, 'Clan erfolgreich geändert.', '<a href="index.php?as=clan/profil">weiter...</a>'); exit; } ?> <html> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="GET"> <input type="hidden" name="as" value="clan/profil"> <input type="hidden" name="charm" value="1"> <table cellpadding="0" cellspacing="0" width="100%" height="51"> <tr> <td valign="top" colspan="2" height="32"> <p align="center"><b>Ihr Profil</b></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Level</b></td> <td valign="top" height="25" width="191"> <?php echo "$clan[level]"; ?></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Exp</b></td> <td valign="top" height="25" width="191"> <?php echo "$clan[min_exp] / $clan[max_exp]"; ?></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Clanname</b></td> <td valign="top" height="25" width="191"> <input id="input" name="clan_name" value="<?php echo $clan[clanname]; ?>"></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Passwort</b></td> <td valign="top" height="25" width="191"> <input id="input" name="clan_pw" value="<?php echo $clan[pw]; ?>" size='20'></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Homepage</b></td> <td valign="top" height="25" width="191"> <input id="input" name='clan_page' value="<?php echo $clan['homepage']; ?>" size='20'></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Banner (468 x 60)</b></td> <td valign="top" height="25" width="191"> <input id="input" name='clan_banner' value="<?php echo $clan['banner']; ?>" size='20'></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Clanzeichen vorn</b></td> <td valign="top" height="25" width="191"> <input id="input" name='clan_v' size='20' maxlength=10 value="<?php echo $clan_8[0]; ?>"></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Clanzeichen hinten</b></td> <td valign="top" height="25" width="191"> <input id="input" name='clan_b' size='20' maxlength=10 value="<?php echo $clan_8[1]; ?>"></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Leader</b></td> <td valign="top" height="25" width="191"> <select id="input" name="new_leader"> <option value=""></option> <?php $x = 0; while ($row = mysql_fetch_array($clan1)) { if ($row[id] == $clan[leader]) { $selected[$x] = "selected"; } echo "<option value=$row[id] $selected[$x]>$row[nickname]"; $x++; } ?> </select> </td></tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b>Co. Leader</b></td> <td valign="top" height="25" width="191"> <select id="input" name="co_leader"> <option value=""></option> <?php $y = 0; while ($row = mysql_fetch_array($clan2)) { if ($row[id] == $clan[co_leader]) { $selecteds[$y] = "selected"; } echo "<option value=$row[id] $selecteds[$y]>$row[nickname]"; $y++; } ?> </select> </td></tr> <tr> <td height="25" width="162" valign="top"> <p align="center"><b>Clan Info</b></td> <td height="25" width="395" valign="top"> <textarea id="input" rows="5" cols="30" name="clan_info"><?php echo $clan[info]; ?></textarea></td> </tr> <tr> <td valign="top" height="25" width="195"> <p align="center"><b></b></td> <td valign="top" height="25" width="191"> <input id="input" type=submit value='speichern'></td> </tr> </table> </form> </body> </html>