<?php
/*
*
* @copyright (c) 2009 animegame.eu
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
*
*/
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/clan.inc.php');
include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/fehlerausgabe.inc.php');
// GET-Section
if(isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = NULL;
}
//Unkritisch
if(isset($_GET['what'])) {
$what = $_GET['what'];
} else {
$what = NULL;
}
// Kritisch (SQL-Injections)
$clan_id = validateUnsignedInteger($_GET['clan_id'], null);
$member = validateUnsignedInteger($_GET['member'], NULL);
$text = validateString($_GET['text']);
$displayMore = true;
if($clan_id == NULL){
if($user_ida['clan'] != null){
$clan_id = $user_ida['clan'];
} else {
$displayMore = false;
}
}
if(isset($_GET['value1'])) {
if($what == 'Banner'){
$value1 = validateURL($_GET['value1']);
} else if($what == 'Homepage' || $what == 'Info' || $what == 'Clan Passwort'){
$value1 = validateString($_GET['value1']);
} else if($what == 'Clanzeichen'){
$value1 = validateString($_GET['value1']);
$value2 = validateString($_GET['value2']);
} else if($what == 'Leadership') {
$value1 = validateUnsignedInteger($_GET['value1'], NULL);
$value2 = validateUnsignedInteger($_GET['value2'], NULL);
}
}
function displayClanProfileReadOnly($clan, $ownclan, $userid){
$member_qry = mysql_query('Select id from user where clan = '.$clan['id']);
$count = mysql_num_rows($member_qry);
$member = array();
while($row = mysql_fetch_assoc($member_qry)){
$tmp = displayUserLinkByID($row['id']);
if($row['id'] == $userid){
$member[] = $tmp.' (<a href="index.php?as=clan/clan_info&action=fire&member='.$row['id'].'">verlassen</a>)';
} else{
$member[] = $tmp;
}
if($row['id'] == $clan['leader']){
$leader = $tmp;
}
if($row['id'] == $clan['co_leader']){
$coleader = $tmp;
}
}
$inv_qry = mysql_query('SELECT userid, TIMESTAMPDIFF(HOUR, now(), valid) as till FROM user_clan_invitations WHERE clanid = '.$clan['id'].' and valid > now()');
$invited = array();
while($row = mysql_fetch_assoc($inv_qry)) {
$invited[] = displayUserLinkByID($row['userid']) . ' (noch ' . $row['till'] . 'h gültig)';
}
?>
<div align="center">
<table width="100%">
<tr>
<th width="100%" height="39" colspan="2" align="center"><?php echo $clan['clanname']; ?>
Info</th>
</tr>
<?php
if($clan['banner'] != "0"){
?>
<tr>
<td width="100%" height="52" colspan="2" align="center"><img
src="<?php echo $clan['banner']; ?> " width="468" height="60"></td>
</tr>
<?php
}
?>
<tr>
<th width="20%" align="Left">Leader:</th>
<?php
if($leader == null && $coleader == null){
if($ownclan) {
echo '<td rowspan="2"><a href="index.php?as=clan/clan_info&action=putsch">Macht übernehmen</a></td>';
} else {
echo '<td rowspan="2">Keine Leader</td>';
}
} else{
echo '<td>'.$leader.'</td>';
}
?>
</tr>
<tr>
<th align="Left">Co-Leader:</th>
<?php
if($leader != null && $coleader != null){
echo '<td>'.$coleader.'</td>';
}
?>
</tr>
<tr>
<th align="Left">Clanzeichen:</th>
<td><?php echo $clan['clanz_pre'].' '.$clan['clanz_suff']; ?></td>
</tr>
<tr>
<th align="Left">Member (<?php echo $count; ?>):</th>
<td><?php echo join('<br>',$member); ?></td>
</tr>
<?php
if($ownclan) {
?>
<tr>
<th align="Left">Eingeladen</th>
<td><?php echo join('<br', $invited); ?></td>
</tr>
<?php
}
?>
<tr>
<th align="Left">Level:</th>
<td><?php echo $clan['level']; ?></td>
</tr>
<tr>
<th width="96" height="25" align="Left">Homepage:</th>
<?php
if($clan['homepage'] != 'Keine'){
echo '<td width="852" height="25"><a href="'.$clan['homepage'].'" target=_blank>'.$clan['homepage'].'</a></td>';
} else{
echo '<td width="852" height="25">Keine</td>';
}
?>
</tr>
<tr>
<th align="Left">Info:</th>
<td><?php echo $clan['info']; ?></td>
</tr>
<?php
if($ownclan) {
?>
<tr><td> </td></tr>
<tr>
<td colspan="2">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="GET">
<input type="hidden" name="as" value="clan/clan_info"> <input
type="hidden" name="action" value="newsletter">
<table cellpadding="0" cellspacing="0" width="100%" height="69">
<tr>
<th height="18" valign="top" width="603" colspan="2"
class="content">Nachricht an alle Clanmember schicken</th>
</tr>
<tr>
<td height="25" valign="top" colspan="2" align="center"> <textarea
class="input" rows="8" name="text" cols="40"></textarea></td>
</tr>
<tr>
<td height="25" valign="top" colspan="2" align="center"> <input
class="input" type="submit" value="abschicken"></td>
</tr>
</table>
</form>
</td>
</tr>
<?php
}
?>
</table>
</div>
<?php
}
function displayClanProfileEditable($clan, $userid){
$member_qry = mysql_query('Select id from user where clan = '.$clan['id']);
$member = array();
$count = mysql_num_rows($member_qry);
while($row = mysql_fetch_assoc($member_qry)){
$tmp = displayUserLinkByID($row['id']);
$kickable = true;
if($row['id'] == $clan['leader']){
$leader = $tmp;
$kickable = false;
}
if($row['id'] == $clan['co_leader']){
$coleader = $tmp;
$kickable = false;
}
if($userid == $row['id'] && $kickable){
$member[] = $tmp.' (<a href="index.php?as=clan/clan_info&action=fire&member='.$row['id'].'">verlassen</a>)';
} else if($kickable){
$member[] = $tmp.' (<a href="index.php?as=clan/clan_info&action=fire&member='.$row['id'].'">kicken</a>)';
} else{
$member[] = $tmp;
}
}
$inv_qry = mysql_query('SELECT userid, TIMESTAMPDIFF(HOUR, now(), valid) as till FROM user_clan_invitations WHERE clanid = '.$clan['id'].' and valid > now()');
$invited = array();
while($row = mysql_fetch_assoc($inv_qry)) {
$invited[] = displayUserLinkByID($row['userid']) . ' (noch ' . $row['till'] . 'h gültig, <a href="index.php?as=clan/clan_info&action=reject&member='.$row['userid'].'">zurückziehen</a>)';
}
?>
<table width="100%">
<tr>
<th width="500" height="39" colspan="2" align="center"><?php echo $clan['clanname']; ?>
Info</th>
</tr>
<tr>
<td width="100%" height="52" colspan="2" align="center"><?php
if($clan['banner'] != "0"){
?> <img src="<?php echo $clan['banner']; ?> " width="468" height="60">
<?php
}
?> <br> <a href="index.php?as=clan/clan_info&action=edit&what=Banner">(edit)</a>
</td>
</tr>
<tr>
<th width="25%" align="Left">Leader:<a
href="index.php?as=clan/clan_info&action=edit&what=Leadership">(edit)</a>
</th>
<td><?php echo $leader; ?></td>
</tr>
<tr>
<th align="Left">Co-Leader:<a
href="index.php?as=clan/clan_info&action=edit&what=Leadership">(edit)</a>
</th>
<td><?php echo $coleader; ?></td>
</tr>
<tr>
<th align="Left">Clanzeichen:<a
href="index.php?as=clan/clan_info&action=edit&what=Clanzeichen">(edit)</a>
</th>
<td><?php echo $clan['clanz_pre'].' '.$clan['clanz_suff']; ?></td>
</tr>
<tr>
<th align="Left">Member (<?php echo $count; ?>):</th>
<td><?php echo join('<br>',$member); ?></td>
</tr>
<tr>
<th align="Left">Eingeladen</th>
<td><?php echo join('<br', $invited); ?></td>
</tr>
<tr>
<th align="Left">Level:</th>
<td><?php echo $clan['level']; ?></td>
</tr>
<tr>
<th align="Left">Homepage:<a
href="index.php?as=clan/clan_info&action=edit&what=Homepage">(edit)</a>
</th>
<?php
if($clan['homepage'] != 'Keine'){
echo '<td><a href="'.$clan['homepage'].'" target=_blank>'.$clan['homepage'].'</a></td>';
} else{
echo '<td>Keine</td>';
}
?>
</tr>
<tr>
<th align="Left">Info:<a
href="index.php?as=clan/clan_info&action=edit&what=Info">(edit)</a></th>
<td><?php echo $clan['info']; ?></td>
</tr>
<tr>
<th align="left">Clan auflösen</th>
<td><a
href="javascript:if(confirm('Wirklich löschen?')==true) window.location.href='index.php?as=clan/clan_info&action=kill'">Clan
löschen</a></td>
</tr>
<tr><td> </td></tr>
<tr>
<td colspan="2">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="GET">
<input type="hidden" name="as" value="clan/clan_info"> <input
type="hidden" name="action" value="newsletter">
<table cellpadding="0" cellspacing="0" width="100%" height="69">
<tr>
<th height="18" valign="top" width="603" colspan="2"
class="content">Nachricht an alle Clanmember schicken</th>
</tr>
<tr>
<td height="25" valign="top" colspan="2" align="center"> <textarea
class="input" rows="8" name="text" cols="40"></textarea></td>
</tr>
<tr>
<td height="25" valign="top" colspan="2" align="center"> <input
class="input" type="submit" value="abschicken"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
}
function displayClanProfile($clanid, $user){
$sql = 'SELECT * FROM clan where clan.id = '.$clanid;
// echo $sql.'<br>';
$clan = mysql_fetch_assoc(mysql_query($sql));
$editable = $clan['leader'] == $user['id'] || $clan['co_leader'] == $user['id'];
if(!$editable){
displayClanProfileReadOnly($clan, $user['clan'] == $clan['id'], $user['id']);
} else{
displayClanProfileEditable($clan, $user['id']);
}
}
function setMeAsLeader($user){
mysql_query('UPDATE clan set leader = '.$user['id'].' WHERE id = '.$user['clan'].' and leader is null and co_leader is null');
}
function sendClanNewsletter($user, $text){
$qry = mysql_query('SELECT * FROM clan WHERE id = ' . $user['clan']);
$clan = mysql_fetch_assoc($qry);
$errors = FALSE;
$sql = 'SELECT id FROM user WHERE clan='.$user['clan'];
$clans = mysql_query($sql);
while($row = mysql_fetch_assoc($clans)) {
$errors |= !sendMessage($user['nickname'], $row['id'], $clan['clanname'].' Nachricht', $text);
}
if($errors) {
displayErrorMessage(NULL,'Beim Versenden sind Fehler aufgetreten', '<a href="index.php?as=clan/clan_info">weiter...</a>');
} else {
displayErrorMessage(NULL,'Nachricht erfolgreich verschickt', '<a href="index.php?as=clan/clan_info">weiter...</a>');
}
}
function setProfile($what, $value1, $value2, $clanid, $root){
switch($what){
case 'Homepage':
mysql_query('UPDATE clan SET homepage = \''.$value1.'\' where id = '.$clanid);
return;
case 'Clanzeichen':
mysql_query('UPDATE clan SET clanz_pre = \''.$value1.'\', clanz_suff = \''.$value2.'\' where id = '.$clanid);
return;
case 'Banner':
mysql_query('UPDATE clan SET banner = \''.$value1.'\' where id = '.$clanid);
return;
case 'Info':
mysql_query('UPDATE clan SET Info = \''.$value1.'\' where id = '.$clanid);
return;
case 'Leadership':
if($value1 == 0){$value1 = 'null';}
if($value2 == 0){$value2 = 'null';}
if(!$root){
$sql = 'UPDATE clan SET co_leader = '.$value2.' where id = '.$clanid;
mysql_query($sql);
} else{
$sql = 'UPDATE clan SET leader = '.$value1.', co_leader = '.$value2.' where id = '.$clanid;
// echo $sql.'<br>';
mysql_query($sql);
}
return;
default:
echo 'Error!';
return;
}
}
function displayEdit($what, $clanid, $root){
$clan_qry = mysql_query('Select * from clan where id = '.$clanid);
$clan = mysql_fetch_assoc($clan_qry);
$content = '';
switch($what){
case 'Homepage':
$content = '<tr><td colspan="2"><input class="input" name="value1" value="'.$clan['homepage'].'"/></td></tr>';
break;
case 'Clanzeichen':
$content = '<tr><td>Prefix: <input class="input" name="value1" value="'.$clan['clanz_pre'].'"/></td><td>Suffix: <input class="input" name="value2" value="'.$clan['clanz_suff'].'"/></td></tr>';
break;
case 'Banner':
$content = '<tr><td colspan="2"><input class="input" name="value1" value="'.$clan['banner'].'"/></td></tr>';
break;
case 'Leadership':
$member_qry = mysql_query('Select id, nickname from user where clan = '.$clanid);
$member[] = '<option value="0" selected>Niemand</option>';
$member2[] = '<option value="0" selected>Niemand</option>';
while($row = mysql_fetch_assoc($member_qry)){
if($row['id'] == $clan['leader']) {
$member[] = '<option value="'.$row['id'].'" selected="selected">'.$row['nickname'].'</option>';
} else {
$member[] = '<option value="'.$row['id'].'">'.$row['nickname'].'</option>';
}
if($row['id'] == $clan['co_leader']) {
$member2[] = '<option value="'.$row['id'].'" selected="selected">'.$row['nickname'].'</option>';
} else {
$member2[] = '<option value="'.$row['id'].'">'.$row['nickname'].'</option>';
}
}
if($root){
$content = '<tr><td>Leader:</td><td><select class="input" name="value1" />'.join('',$member).'</select></td></tr>';
}
$content .= '<tr><td>Co-Leader:</td><td><select class="input" name="value2" />'.join('',$member2).'</select></td></tr>';
break;
case 'Info':
$content = '<tr><td colspan="2"><textarea class="input" name="value1"></textarea></td></tr>';
break;
case 'Clan Passwort':
$content = '<tr><td colspan="2"><input class="input" name="value1" /></td></tr>';
break;
default:
$content = '<tr><td colspan="2">Error '.$what.' unknown!</td></tr>';
break;
}
?>
<form action="index.php" method="GET">
<input type="hidden" name="as" value="clan/clan_info" /> <input
type="hidden" name="action" value="edit" /> <input type="hidden"
name="what" value="<?php echo $what; ?>" />
<table>
<tr>
<th colspan="2"><?php echo $what; ?> Ändern</th>
</tr>
<?php echo $content; ?>
<tr>
<td align="center" colspan="2"><input class="input" type="submit"
value="Edit" />
</td>
</tr>
</table>
</form>
<?php
}
function fireMember($user, $member){
$row = mysql_fetch_assoc(mysql_query('SELECT leader, co_leader from clan where id = '.$user['clan']));
if($member != $row['leader'] && $member != $row['co_leader'] && ($user['id'] == $row['leader'] || $user['id'] == $row['co_leader'] || $member == $user['id'])){
$sql = 'Update user set clan = NULL where id = '.$member.' AND clan = '.$user['clan'];
// echo $sql.'<br>';
mysql_query($sql);
if(mysql_affected_rows() > 0){ // Soll nur ausgeführt werden, wenn member wirklich gekickt wurde!!
$sql = 'Update chars set clan_train = NULL where besitzer = '.$member;
mysql_query($sql);
if($user['id'] != $member) {
sendMessage($user['nickname'], $member, 'Clan rauswurf!', 'Du wurdest von '.$user['nickname'].' aus deinem Clan geworfen. Du wirst dir wohl einen neuen suchen müssen!');
}
}
} else{
echo displayErrorMessage(NULL, 'Du kannst den Member nicht feuern!', displayHistoryBackLink());
}
}
function deleteClan($user){
$row = mysql_fetch_assoc(mysql_query('SELECT leader, co_leader from clan where id = '.$user['clan']));
if($user['id'] == $row['leader']){
$qry = mysql_query('SELECT id FROM user WHERE clan = '.$user['clan']);
while($member = mysql_fetch_assoc($qry)) {
sendMessage($user['nickname'], $member['id'], 'Clan wurde gelöscht!', 'Dein Clan wurde von '.$user['nickname'].' gelöscht. Du wirst dir wohl einen neuen suchen müssen!');
}
mysql_query('DELETE FROM clan where id = '.$user['clan']);
} else{
echo displayErrorMessage(NULL, 'Du kannst den Clan nicht auflösen!', displayHistoryBackLink());
}
}
//if($edit == 1){
// $row = mysql_fetch_assoc(mysql_query('SELECT leader, co_leader from clan where id = '.$user_ida['clan']));
// if($row['leader'] != $user_ida['id'] && $row['co_leader'] != $user_ida['id']){
// displayErrorMessage(NULL, 'Du bist weder Leader noch Co-Leader des Clans!', displayHistoryBackLink());
// } else if(isset($value1)){
// setProfile($what, $value1, $value2, $user_ida['clan'], $row['leader'] == $user_ida['id'] || $row['leader'] === null);
// } else{
// displayEdit($what, $user_ida['clan'],$row['leader'] == $user_ida['id'] || $row['leader'] === null);
// $displayMore = false;
// }
//} else if($putsch == 1){
// setMeAsLeader($user_ida);
//} else if($fire == 1){
// fireMember($user_ida, $member);
//} else if($kill == 1){
// deleteClan($user_ida);
//} else if($reject == 1) {
// $errorMsg = revokeInvitation($user_ida, $member);
// if($errorMsg !== NULL) {
// echo displayErrorMessage(NULL, $errorMsg, displayHistoryBackLink());
// $displayMore = false;
// } else {
// displayErrorMessage('','Du hast die Einladung erfolgreich zurückgezogen!', '<a href="index.php?as=clan/clan_info">weiter</a>');
// $displayMore = false;
// }
//}
if($action !== NULL) { // this is done to not require to reprogramm the whole stuff!
switch ($action) {
case 'edit':
$row = mysql_fetch_assoc(mysql_query('SELECT leader, co_leader from clan where id = '.$user_ida['clan']));
if($row['leader'] != $user_ida['id'] && $row['co_leader'] != $user_ida['id']){
displayErrorMessage(NULL, 'Du bist weder Leader noch Co-Leader des Clans!', displayHistoryBackLink());
} else if(isset($value1)){
setProfile($what, $value1, $value2, $user_ida['clan'], $row['leader'] == $user_ida['id'] || $row['leader'] === null);
} else{
displayEdit($what, $user_ida['clan'],$row['leader'] == $user_ida['id'] || $row['leader'] === null);
$displayMore = false;
}
break;
case 'fire':
fireMember($user_ida, $member);
if($user_ida['id'] == $member) {
$displayMore = false;
}
break;
case 'putsch':
setMeAsLeader($user_ida);
break;
case 'kill':
deleteClan($user_ida);
$displayMore = false;
break;
case 'reject':
$errorMsg = revokeInvitation($user_ida, $member);
if($errorMsg !== NULL) {
echo displayErrorMessage(NULL, $errorMsg, displayHistoryBackLink());
$displayMore = false;
} else {
displayErrorMessage('','Du hast die Einladung erfolgreich zurückgezogen!', '<a href="index.php?as=clan/clan_info">weiter</a>');
$displayMore = false;
}
break;
case 'newsletter':
sendClanNewsletter($user_ida, $text);
$displayMore = false;
break;
default:
break;
}
}
if($displayMore){
displayClanProfile($clan_id, $user_ida);
}
?>