ב-index כתוב:
403 - Forbidden
בproperties
ב-recaptchalibקוד PHP:<?php
/*¯¯¯¯|¯¯¯¯¯|¯¯¯¯¯¯¯¯|¯¯¯|¯¯¯||¯¯¯|¯¯¯|¯¯¯¯¯¯¯¯|¯¯¯¯¯¯|¯¯¯¯*\
|###########################################|
|#_____________________..ButsagsCMS.._____________________#|
|#______.Copyright ©2000-2009 Chris Ingis. All Rights Reserved._____#|
|###########################################|
\*____|_____|________|___|___||___|___|________|______|____*/
if(basename($_SERVER["PHP_SELF"]) == "properties.php"){
die("403 - Access Forbidden");
}
/* Site Controls */
$properties = mysql_query("SELECT * FROM butsags_properties");
$prop = mysql_fetch_array($properties);
$ipaddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
if(isset($_SESSION['id'])){
$getsty = mysql_query("SELECT * FROM accounts WHERE id=".$_SESSION['id']."");
$showsty = mysql_fetch_array($getsty);
if($showsty['style'] == NULL){
$style = "1";
}else{
$style = $showsty['style'];
}
$getstyle = mysql_query("SELECT * FROM butsags_styles WHERE id=".$style."");
$showstyle = mysql_fetch_array($getstyle);
}
if(isset($_SESSION['id'])){
$getcur = mysql_query("SELECT * FROM accounts WHERE id=".$_SESSION['id']."");
$showcur = mysql_fetch_array($getcur);
if($showcur['cursor'] == NULL){
$cursor = "1";
}else{
$cursor = $showcur['cursor'];
}
$getcursor = mysql_query("SELECT * FROM butsags_cursors WHERE id=".$cursor."");
$showcursor = mysql_fetch_array($getcursor);
}
/* Name of server */
$servername = $prop['MonvLEnMS'];
/* Site title */
$sitetitle = $prop['MonvLEnMS'];
$pb = " (Powered by ButsagsCMS)";
/* Download link for client */
$client = $prop['client'];
/* Server Version */
$version = $prop['V62'];
/* Forum url*/
$forumurl = $prop['forumurl'];
/* Site url */
$siteurl = $prop['siteurl'];
/* butsags Dir */
$butsagsdir = $prop['butsagsdir'];
/* Email */
$adminemail = $prop['mako1232@walla.com'];
/* Vote Link */
$vote = $prop['vote'];
/* Vote Enabled */
$vcheck = $prop['vcheck'];
/* Vote Banner Link */
$vbanner = $prop['vbanner'];
/* Server Rates */
$exprate = $prop['250'];
$mesorate = $prop['250'];
$droprate = $prop['3'];
/* Middle Banner Link */
$mbanner = $prop['mbanner'];
/* Middle Link */
$mblink = $prop['mblink'];
/* Menu Message */
$message = $prop['message'];
/* Flood Prevention */
$butsagsflood = $prop['flood'];
/* Flood Interval */
$butsagsfloodint = $prop['floodint'];
/* Scrolling Message */
$scroller = $prop['scroller'];
/* Level for GMs and up */
$gmlevel = $prop['gmlevel'];
/* Player Cap */
$pcap = $prop['pcap'];
/* Accounts Per IP */
$MaxAcc = $prop['maxaccounts'];
/* Public Key For Recaptcha*/
$pubkey = $prop['pubkey'];
/* Private Key For Recaptcha*/
$privkey = $prop['privkey'];
/*Chatbox HTML*/
$chatbox = $prop['chatbox'];
/* Where is the style located? */
if(isset($_SESSION['id'])){
$styledir = $showstyle['dir'];
}else{
$styledir = $prop['styledir'];
}
if(isset($_SESSION['id'])){
$cursordir = $showcursor['dir'];
}else{
$cursordir = $prop['cursordir'];
}
$censored = array("fuck","dick","fail","suck","cock","bitch","ass","cunt","vagina","penis","cunt");
?>
ב-functionsקוד PHP:<?php
/*¯¯¯¯|¯¯¯¯¯|¯¯¯¯¯¯¯¯|¯¯¯|¯¯¯||¯¯¯|¯¯¯|¯¯¯¯¯¯¯¯|¯¯¯¯¯¯|¯¯¯¯*\
|###########################################|
|#_____________________..ButsagsCMS.._____________________#|
|#______.Copyright ©2000-2009 Chris Ingis. All Rights Reserved._____#|
|###########################################|
\*____|_____|________|___|___||___|___|________|______|____*/
/*
* This is a PHP library that handles calling reCAPTCHA.
* - Documentation and latest version
* http://recaptcha.net/plugins/php/
* - Get a reCAPTCHA API Key
* http://recaptcha.net/api/getkey
* - Discussion group
* http://groups.google.com/group/recaptcha
*
* Copyright (c) 2007 reCAPTCHA -- http://recaptcha.net
* AUTHORS:
* Mike Crawford
* Ben Maurer
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/**
* The reCAPTCHA server URL's
*/
define("RECAPTCHA_API_SERVER", "http://api.recaptcha.net");
define("RECAPTCHA_API_SECURE_SERVER", "https://api-secure.recaptcha.net");
define("RECAPTCHA_VERIFY_SERVER", "api-verify.recaptcha.net");
/**
* Encodes the given data into a query string format
* @param $data - array of string elements to be encoded
* @return string - encoded request
*/
function _recaptcha_qsencode ($data) {
$req = "";
foreach ( $data as $key => $value )
$req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
// Cut the last '&'
$req=substr($req,0,strlen($req)-1);
return $req;
}
/**
* Submits an HTTP POST to a reCAPTCHA server
* @param string $host
* @param string $path
* @param array $data
* @param int port
* @return array response
*/
function _recaptcha_http_post($host, $path, $data, $port = 80) {
$req = _recaptcha_qsencode ($data);
$http_request = "POST $path HTTP/1.0\r\n";
$http_request .= "Host: $host\r\n";
$http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
$http_request .= "Content-Length: " . strlen($req) . "\r\n";
$http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
$http_request .= "\r\n";
$http_request .= $req;
$response = '';
if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
die ('Could not open socket');
}
fwrite($fs, $http_request);
while ( !feof($fs) )
$response .= fgets($fs, 1160); // One TCP-IP packet
fclose($fs);
$response = explode("\r\n\r\n", $response, 2);
return $response;
}
/**
* Gets the challenge HTML (javascript and non-javascript version).
* This is called from the browser, and the resulting reCAPTCHA HTML widget
* is embedded within the HTML form it was called from.
* @param string $pubkey A public key for reCAPTCHA
* @param string $error The error given by reCAPTCHA (optional, default is null)
* @param boolean $use_ssl Should the request be made over ssl? (optional, default is false)
* @return string - The HTML to be embedded in the user's form.
*/
function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false)
{
if ($pubkey == null || $pubkey == '') {
die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>");
}
if ($use_ssl) {
$server = RECAPTCHA_API_SECURE_SERVER;
} else {
$server = RECAPTCHA_API_SERVER;
}
$errorpart = "";
if ($error) {
$errorpart = "&error=" . $error;
}
return '<script type="text/javascript" src="'. $server . '/challenge?k=' . $pubkey . $errorpart . '"></script>
<noscript>
<iframe src="'. $server . '/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
<input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
</noscript>';
}
/**
* A ReCaptchaResponse is returned from recaptcha_check_answer()
*/
class ReCaptchaResponse {
var $is_valid;
var $error;
}
/**
* Calls an HTTP POST function to verify if the user's guess was correct
* @param string $privkey
* @param string $remoteip
* @param string $challenge
* @param string $response
* @param array $extra_params an array of extra variables to post to the server
* @return ReCaptchaResponse
*/
function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
{
if ($privkey == null || $privkey == '') {
die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>");
}
if ($remoteip == null || $remoteip == '') {
die ("For security reasons, you must pass the remote ip to reCAPTCHA");
}
//discard spam submissions
if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) {
$recaptcha_response = new ReCaptchaResponse();
$recaptcha_response->is_valid = false;
$recaptcha_response->error = 'incorrect-captcha-sol';
return $recaptcha_response;
}
$response = _recaptcha_http_post (RECAPTCHA_VERIFY_SERVER, "/verify",
array (
'privatekey' => $privkey,
'remoteip' => $remoteip,
'challenge' => $challenge,
'response' => $response
) + $extra_params
);
$answers = explode ("\n", $response [1]);
$recaptcha_response = new ReCaptchaResponse();
if (trim ($answers [0]) == 'true') {
$recaptcha_response->is_valid = true;
}
else {
$recaptcha_response->is_valid = false;
$recaptcha_response->error = $answers [1];
}
return $recaptcha_response;
}
/**
* gets a URL where the user can sign up for reCAPTCHA. If your application
* has a configuration page where you enter a key, you should provide a link
* using this function.
* @param string $domain The domain where the page is hosted
* @param string $appname The name of your application
*/
function recaptcha_get_signup_url ($domain = null, $appname = null) {
return "http://recaptcha.net/api/getkey?" . _recaptcha_qsencode (array ('domain' => $domain, 'app' => $appname));
}
function _recaptcha_aes_pad($val) {
$block_size = 16;
$numpad = $block_size - (strlen ($val) % $block_size);
return str_pad($val, strlen ($val) + $numpad, chr($numpad));
}
/* Mailhide related code */
function _recaptcha_aes_encrypt($val,$ky) {
if (! function_exists ("mcrypt_encrypt")) {
die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed.");
}
$mode=MCRYPT_MODE_CBC;
$enc=MCRYPT_RIJNDAEL_128;
$val=_recaptcha_aes_pad($val);
return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
}
function _recaptcha_mailhide_urlbase64 ($x) {
return strtr(base64_encode ($x), '+/', '-_');
}
/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */
function recaptcha_mailhide_url($pubkey, $privkey, $email) {
if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) {
die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " .
"you can do so at <a href='http://mailhide.recaptcha.net/apikey'>http://mailhide.recaptcha.net/apikey</a>");
}
$ky = pack('H*', $privkey);
$cryptmail = _recaptcha_aes_encrypt ($email, $ky);
return "http://mailhide.recaptcha.net/d?k=" . $pubkey . "&c=" . _recaptcha_mailhide_urlbase64 ($cryptmail);
}
/**
* gets the parts of the email to expose to the user.
* eg, given johndoe@example,com return ["john", "example.com"].
* the email is then displayed as john...@example.com
*/
function _recaptcha_mailhide_email_parts ($email) {
$arr = preg_split("/@/", $email );
if (strlen ($arr[0]) <= 4) {
$arr[0] = substr ($arr[0], 0, 1);
} else if (strlen ($arr[0]) <= 6) {
$arr[0] = substr ($arr[0], 0, 3);
} else {
$arr[0] = substr ($arr[0], 0, 4);
}
return $arr;
}
/**
* Gets html to display an email address given a public an private key.
* to get a key, go to:
*
* http://mailhide.recaptcha.net/apikey
*/
function recaptcha_mailhide_html($pubkey, $privkey, $email) {
$emailparts = _recaptcha_mailhide_email_parts ($email);
$url = recaptcha_mailhide_url ($pubkey, $privkey, $email);
return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) .
"' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
}
?>
<?php
/*¯¯¯¯|¯¯¯¯¯|¯¯¯¯¯¯¯¯|¯¯¯|¯¯¯||¯¯¯|¯¯¯|¯¯¯¯¯¯ ¯|¯¯¯¯¯¯|¯¯¯¯*\
|###########################################|
|#_____________________..ButsagsCMS.._____________________#|
|#______.Copyright ©2000-2009 Chris Ingis. All Rights Reserved._____#|
|###########################################|
\*____|_____|________|___|___||___|___|________|______|____*/
if(basename($_SERVER["PHP_SELF"]) == "afuncs.php"){
die("403 - Access Forbidden");
}
/* Logged in time Handler - Do not touch unless you know what you're doing */
if(isset($_SESSION['id'])){
$logouttime = 300;
$timenow = time();
$loggedtime = $timenow - $logouttime;
$query = mysql_query("UPDATE `accounts` SET `sitelogged` = '".$timenow."' WHERE `id`='".$_SESSION['id']."'") or die(mysql_error());
$retrieve = mysql_query("SELECT * FROM `accounts` WHERE `sitelogged` >= '".$loggedtime."'") or die(mysql_error());
$online = mysql_fetch_array($retrieve);
}
# If logged in, fetch IP
if(isset($_SESSION['id'])){
$IP = $_SERVER['REMOTE_ADDR'];
$sesid = $_SESSION['id'];
$getn = mysql_query("SELECT * FROM accounts WHERE id=$sesid");
$getn2 = mysql_fetch_array($getn);
$getname = $getn2['name'];
mysql_query("UPDATE accounts SET ip='$IP' WHERE name='$getname'") or die(mysql_error());
$logfile= 'includes/admin/log.php';
$q = mysql_query("SELECT * FROM accounts WHERE ip='$IP'");
$get = mysql_fetch_array($q);
$id = $get['name'];
$phpself = $_SERVER['PHP_SELF'];
$gbutsags = $_GET['butsags'];
$log = "".date("F j, g:i:s A")." - <a href='?butsags=members&name=$id'>".$IP."</a> Visited Page : <a href='/$butsagsdir?butsags=$gbutsags'>$butsagsdir?butsags=$gbutsags</a><br />";
$fp = fopen($logfile, "a");
fwrite($fp, $log);
fclose($fp);
}
/* Functions - Do not touch unless you know what you're doing */
function getOnline(){
$logouttime = 300;
$timenow = time();
$loggedtime = $timenow - $logouttime;
$a = mysql_query("SELECT * FROM `accounts` WHERE `sitelogged` >= '".$loggedtime."'") or die(mysql_error());
$b = mysql_num_rows($a);
return $b;
}
function onlineCheck($string){
$logouttime = 300;
$timenow = time();
$loggedtime = $timenow - $logouttime;
$a = mysql_query("SELECT * FROM `accounts` WHERE `sitelogged` >= '".$loggedtime."' AND `id`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
if($b['sitelogged'] >= $loggedtime){
$check = "<img src=\"images/online.png\" alt=\"online\" />";
}else{
$check = "<img src=\"images/offline.png\" alt=\"offline\" />";
}
return $check;
}
function isProfile( $type, $string ){
if ($type == 'charname') {
$a = mysql_query("SELECT * FROM `characters` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_num_rows($d);
if ($e > 0) {
return 1;
} else {
return 0;
}
}
else if ($type == 'charid') {
$a = mysql_query("SELECT * FROM `characters` WHERE `id`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_num_rows($d);
if ($e > 0) {
return 1;
} else {
return 0;
}
}
else if ($type == 'accname') {
$a = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['id'];
$d = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_num_rows($d);
if ($e > 0) {
return 1;
} else {
return 0;
}
}
else if ($type == 'accid') {
$a = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$string."'") or die(mysql_error());
$b = mysql_num_rows($a);
if ($a > 0) {
return 1;
} else {
return 0;
}
}
else {
$a = "butsags Error: Parameters for isProfile() are incorrect";
return $a;
}
}
function getInfo( $type, $string, $how ){
if ($type == 'charname') {
if ($how == 'charid') {
$a = mysql_query("SELECT * FROM `characters` WHERE `id`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['name'];
}
else if ($how == 'rank') {
$a = mysql_query("SELECT * FROM `characters` WHERE `rank`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['name'];
}
else if ($how == 'accid') {
$a = mysql_query("SELECT * FROM `characters` WHERE `accountid`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['name'];
}
else if ($how == 'profilename') {
$a = mysql_query("SELECT * FROM `butsags_profile` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `characters` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else {
$a = "butsags Error: Parameters for getInfo() are incorrect";
return $a;
}
}
else if ($type == 'accname') {
if ($how == 'charid') {
$a = mysql_query("SELECT * FROM `characters` WHERE `id`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else if ($how == 'charname') {
$a = mysql_query("SELECT * FROM `characters` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else if ($how == 'accid') {
if ($string = 'butsags_session') {
$a = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$_SESSION['id']."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['name'];
} else {
$a = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['name'];
}
}
else if ($how == 'profilename') {
$a = mysql_query("SELECT * FROM `butsags_profile` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else if ($how == 'rank') {
$a = mysql_query("SELECT * FROM `characters` WHERE `rank`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else {
$a = "butsags Error: Parameters for getInfo() are incorrect";
return $a;
}
}
else if ($type == 'charid') {
if ($how == 'charname') {
$a = mysql_query("SELECT * FROM `characters` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['id'];
}
if ($how == 'rank') {
$a = mysql_query("SELECT * FROM `characters` WHERE `rank`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['id'];
}
else if ($how == 'accid') {
$a = mysql_query("SELECT * FROM `characters` WHERE `accountid`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['id'];
}
else if ($how == 'profilename') {
$a = mysql_query("SELECT * FROM `butsags_profile` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `characters` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['id'];
}
else {
$a = "butsags Error: Parameters for getInfo() are incorrect";
return $a;
}
}
else if ($type == 'accid') {
if ($how == 'charid') {
$a = mysql_query("SELECT * FROM `characters` WHERE `id`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['accountid'];
}
else if ($how == 'charname') {
$a = mysql_query("SELECT * FROM `characters` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['accountid'];
}
else if ($how == 'accname') {
$a = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['id'];
}
else if ($how == 'profilename') {
$a = mysql_query("SELECT * FROM `butsags_profile` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['accountid'];
}
else if ($how == 'rank') {
$a = mysql_query("SELECT * FROM `characters` WHERE `rank`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['accountid'];
}
else {
$a = "butsags Error: Parameters for getInfo() are incorrect";
return $a;
}
}
else if ($type == 'profilename') {
if ($how == 'charid') {
$a = mysql_query("SELECT * FROM `characters` WHERE `id`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else if ($how == 'charname') {
$a = mysql_query("SELECT * FROM `characters` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else if ($how == 'accname') {
$a = mysql_query("SELECT * FROM `accounts` WHERE `name`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['id'];
$d = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else if ($how == 'accname') {
$a = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
return $b['name'];
}
else if ($how == 'rank') {
$a = mysql_query("SELECT * FROM `characters` WHERE `rank`='".$string."'") or die(mysql_error());
$b = mysql_fetch_array($a);
$c = $b['accountid'];
$d = mysql_query("SELECT * FROM `butsags_profile` WHERE `accountid`='".$c."'") or die(mysql_error());
$e = mysql_fetch_array($d);
return $e['name'];
}
else {
$a = "butsags Error: Parameters for getInfo() are incorrect";
return $a;
}
}
else {
$a = "butsags Error: Parameters for getInfo() are incorrect";
return $a;
}
}
function showBirth( $type ) {
if ($type == 'month') {
echo "
<select name=\"month\">
<option value=\"1\">
January
</option>
<option value=\"2\">
February
</option>
<option value=\"3\">
March
</option>
<option value=\"4\">
April
</option>
<option value=\"5\">
May
</option>
<option value=\"6\">
June
</option>
<option value=\"7\">
July
</option>
<option value=\"8\">
August
</option>
<option value=\"9\">
September
</option>
<option value=\"10\">
October
</option>
<option value=\"11\">
November
</option>
<option value=\"12\">
December
</option>
</select>
";
}
if ($type == 'day') {
echo "<select name=\"day\">";
$maxdy = 31;
for ($i = 1; $i <= $maxdy; $i++)
{
echo "<option value=\"$i\">$i</option>";
}
echo "</select>";
}
if ($type == 'year') {
echo "<select name=\"year\">";
for ($i = date('Y'); $i >= 1900; $i--)
{
echo "<option value=\"$i\">$i</option>";
}
echo "</select>";
}
}
function shortTitle($title){
$maxlength = 33;
$title = $title." ";
$title = substr($title, 0, $maxlength);
$title = substr($title, 0, strrpos($title,' '));
$title = $title."...";
return $title;
}
$rankcheck = "DROP DATABASE $database";
function sql_sanitize( $sCode ) {
if (function_exists("mysql_real_escape_string" ) ) {
$sCode = mysql_real_escape_string( $sCode );
} else {
$sCode = addslashes( $sCode );
}
return $sCode;
}
function isIE() {
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
if(strpos($user_agent, 'MSIE') !== false) {
return true;
} else {
return false;
}
}
$IE = isIE();
function unSolved($type){
if($type == "ticket"){
$GrabTickets = mysql_query("SELECT * FROM `butsags_tickets` WHERE `status` = 'Open'");
$counttick = mysql_num_rows($GrabTickets);
if($counttick == 1){
$tickquant = "is";
$tickplural = "";
}else{
$tickquant = "are";
$tickplural = "s";
}
return "There ".$tickquant." <a href=\"?butsags=admin&page=ticket\"><u><b>".$counttick." unsolved ticket".$tickplural."</b></u></a>.";
}
elseif($type == "mail"){
$GrabReportedpm = mysql_query("SELECT * FROM `butsags_mail` WHERE `status` = '10'");
$countpm = mysql_num_rows($GrabReportedpm);
if($countpm == 1){
$pmquant = "is";
$pmplural = "";
}else{
$pmquant = "are";
$pmplural = "'s";
}
return "There ".$pmquant." <a href=\"?butsags=admin&page=mailreport&s=10\"><u><b> ".$countpm." reported PM".$pmplural."</b></u></a>.";
}
}
//This function is for the "BuyNX" page in the UCP
function buyNX($char, $info, $pack){
//If the character is not yet selected to pay for NX
if($char == "" && $info == ""){
$getchars = mysql_query("SELECT * FROM `characters` WHERE `accountid`='".$_SESSION['id']."'") or die(mysql_error());
if(mysql_num_rows($getchars) <= 0){
return "You have not created any characters.";
}
else{
while($chars = mysql_fetch_array($getchars)){
echo "
<tr>
<td class='regtext'>
- <a href=\"?butsags=ucp&page=buynx&c=".$chars['id']."\">".$chars['name']."</a>
</td>
</tr>
";
}
}
}
//If the value comes as a real number, it goes here
elseif($char && $info == ""){
$character = mysql_real_escape_string($_GET['c']);
$checkid = mysql_query("SELECT * FROM `characters` WHERE `accountid`='".$_SESSION['id']."' AND `id`='".$character."'") or die(mysql_error());
$c = mysql_fetch_array($checkid);
//Check to see if the Character ID is the same as the id of your account's character ID
if($character == $c['id']){
return $character = "yes";
}
else{
return $character = "no";
}
}
elseif($char == "info"){
$character = mysql_real_escape_string($_GET['c']);
$mesos = mysql_query("SELECT * FROM `characters` WHERE `id`='".$character."'") or die(mysql_error());
$rmesos = mysql_fetch_array($mesos);
$getnx = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$rmesos['accountid']."'") or die(mysql_error());
$rnx = mysql_fetch_array($getnx);
if($info == "char"){
//return the characters name
return $rmesos['name'];
}
elseif($info == "meso"){
//return the amount of Mesos
return number_format($rmesos['meso']);
}
elseif($info == "nx"){
//return the amount of NX
return number_format($rnx['paypalNX']);
}
}
//When a Package is selected, this will activate
elseif($char && $info == "package"){
$m = mysql_query("SELECT * FROM `characters` WHERE `id`='".$char."'");
$rm = mysql_fetch_array($m);
$nx = mysql_query("SELECT * FROM `accounts` WHERE `id`='".$rm['accountid']."'") or die(mysql_error());
$rx = mysql_fetch_array($nx);
$package = mysql_real_escape_string($_POST['nx']);
//If the the user is logged in, It will execute this.
if($rx['loggedin'] > 0){
return "You cannot continue because you are already logged on to the game. Please log off and try again.";
}
//This is what package the user has selected
elseif($pack == "1"){
if($rm['meso'] > $pack1){
$NXreset = mysql_query("UPDATE `accounts` SET `paypalNX`= paypalNX + 5000 WHERE `id`='".$rm['accountid']."'") or die(mysql_error());
$MesoReset = mysql_query("UPDATE `characters` SET `meso`= meso - '".$pack1."' WHERE `id`='".$char."'") or die(mysql_error());
return "Transaction complete! You can now spend your NX in the Cash Shop.";
}else{
return "You do not have enough mesos for this package.";
}
}elseif($pack == "2"){
if($rm['meso'] > $pack2){
$NXreset = mysql_query("UPDATE `accounts` SET `paypalNX`= paypalNX + 10000 WHERE `id`='".$rm['accountid']."'") or die(mysql_error());
$MesoReset = mysql_query("UPDATE `characters` SET `meso`= meso - '".$pack2."' WHERE `id`='".$char."'") or die(mysql_error());
echo "Transaction complete! You can now spend your NX in the Cash Shop.";
}else{
return "You do not have enough mesos for this package.";
}
}elseif($pack == "3"){
if($rm['meso'] > $pack3){
$NXreset = mysql_query("UPDATE `accounts` SET `paypalNX`= paypalNX + 30000 WHERE `id`='".$rm['accountid']."'") or die(mysql_error());
$MesoReset = mysql_query("UPDATE `characters` SET `meso`= meso - '".$pack3."' WHERE `id`='".$char."'") or die(mysql_error());
echo "Transaction complete! You can now spend your NX in the Cash Shop.";
}else{
return "You do not have enough mesos for this package.";
}
}else{
return "An error has occured! Please try again.";
}
}
}
?>
ציטוט ההודעה
ספוילר: 
