' . '
    1. ' . '

        '; /** * Disallow these attributes/prefix within a tag */ $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'. 'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|onabort|'. 'onfocus|onload|onblur|onchange|onerror|onreset|onselect|obsubmit|onunload|style'; /** * @return string * @param string * @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes() */ function removeEvilTags($source) { global $allowedTags; $source = strip_tags($source, $allowedTags); return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source); } /** * @return string * @param string * @desc Strip forbidden attributes from a tag */ function removeEvilAttributes($tagSource) { global $stripAttrib; return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource)); } //von Rikkarda@silienta-logd.de umwandlung von Link zu Hyperlink function makeUrl($text) { return preg_replace( array( "/[^\"'=]((http):\/\/[^\s\"']+)/i", "/]+)>/i" ), array( "HIER", "" ), $text ); } //db_query("ALTER TABLE `motd` ADD `motdprefix` VARCHAR( 30 ) NOT NULL ;"); function db_prefix($input) { return $input; } popup_header("Adalirs Neueste Nachrichten"); if (!$session['user']['loggedin']){ output("Dich interessieren die neusten Nachrichten aus Adalir? Melde Dich an und werde ein Teil unserer Welt! Wir freuen uns auf jedes Wesen, welches den Weg in unser herrliches Dorf findet :) !"); }else{ output(($session[user][superuser]>=2?" [MoTD erstellen|Umfrage erstellen]`n":""),true); function motditem($subject, $body, $prefixe, $date, $author){ output("`^ $prefixe $subject`0",true); $result = "select motd.motdauthor, accounts.name, accounts.acctid from motd, accounts where accounts.name = '$author'"; $row = db_fetch_assoc(db_query($result)); output("`n`0".$author." `0- `#".$date."`n",true); output(nl2br(makeUrl("$body")),true); output("


        ",true); } function pollitem($id, $subject, $body, $author, $date){ global $session; $sql = "SELECT count(resultid) AS c, MAX(choice) AS choice FROM pollresults WHERE motditem='$id' AND account='{$session['user']['acctid']}'"; $result = db_query($sql); $row = db_fetch_assoc($result); $choice = $row['choice']; $body = unserialize($body); if ($row['c']==0 && 0){ output("
        ",true); output("",true); output("`^Umfrage: $subject",true); output("`n`0".$author."`0 - `#".$date."`n`n",true); output("`2".stripslashes($body['body']."`n`n`n")); while (list($key,$val)=each($body['opt'])){ if (trim($val)!=""){ output("`n",true); output(stripslashes($val)); } } output("`n",true); output("
        ",true); }else{ output("
        ",true); output("",true); output("`^Umfrage: $subject`n",true); output("`n`0".$author."`0 - `#".$date."`n`n",true); output("`i`vBetreff:`i`n`3",true); $body1 = ("".stripslashes(removeEvilTags(nl2br($body['body']))).""); //by Rikka $body1= str_replace('
        ','`n',$body1); //by Rikka output($body1); //by Rikka $sql = "SELECT count(resultid) AS c, choice FROM pollresults WHERE motditem='$id' GROUP BY choice ORDER BY choice"; $result = db_query($sql); $choices=array(); $totalanswers=0; $maxitem = 0; for ($i=0;$i$maxitem) $maxitem = $row['c']; } while (list($key,$val)=each($body['opt'])){ if (trim($val)!=""){ if ($totalanswers<=0) $totalanswers=1; $percent = round($choices[$key] / $totalanswers * 100,1); output("`n",true); output(stripslashes($val)." (".(int)$choices[$key]." - $percent%)"); if ($maxitem==0){ $width=1; } else { $width = round(($choices[$key]/$maxitem) * 400,0); } $width = max($width,1); output("`n$percent",true); //output(stripslashes($val)."`n"); } } output("`n",true); } output("
        ",true); } if ($_GET[op]=="vote"){ $sql = "DELETE FROM pollresults WHERE motditem='{$_POST['motditem']}' AND account='{$session['user']['acctid']}'"; db_query($sql); $sql = "INSERT INTO pollresults (choice,account,motditem) VALUES ('{$_POST['choice']}','{$session['user']['acctid']}','{$_POST['motditem']}')"; db_query($sql); header("Location: motd.php"); exit(); } if ($_GET[op]=="addpoll"){ if($session['user']['superuser']>=2){ if ($_POST['subject']=="" || $_POST['body']==""){ output("
        ",true); addnav("","motd.php?op=add"); output("`n",true); rawoutput("
        ",true); //by Rikka output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("Opt `n",true); output("
        ",true); }else{ $body = array("body"=>$_POST['body'],"opt"=>$_POST['opt']); $sql = "INSERT INTO motd (motdtitle,motdbody,motddate,motdtype,motdauthor) VALUES (\"$_POST[subject]\",\"".addslashes(serialize($body))."\",now(),1,\"".$session[user][acctid]."\")"; db_query($sql); header("Location: motd.php"); exit(); } }else{ if ($session[user][loggedin]){ //$session[user][hitpoints]=0; //$session[user][alive]=0; $session[user][experience]=round($session[user][experience]*0.9,0); addnews($session[user][name]." wurde für den Versuch, die Götter zu betrügen, bestraft."); output("Du hast versucht die Götter zu betrügen. Du wurdest mit Vergessen bestraft. Einiges von dem, was du einmal gewusst hast, weisst du nicht mehr."); saveuser(); } } } if ($_GET[op]=="add"){ if ($session[user][superuser]>=2){ if ($_POST[subject]=="" || $_POST[body]==""){ output("
        ",true); addnav("","motd.php?op=add"); //motdprefixe [© 2005 by Day] $prefixe = explode('|', getsetting('motdprefixe','|Wichtig|Ankündigung')); output("",true); output("`n",true); //end rawoutput("",true); output("
        ",true); }else{ //motdprefixe [© 2005 by Day] if($_POST['prefix'] != "") $_POST['prefix'].=": "; $sql = "INSERT INTO motd (motdtitle,motdbody,motddate,motdprefix,motdauthor) VALUES (\"$_POST[subject]\",\"$_POST[body]\",now(),\"$_POST[prefix]\",'{$session['user']['acctid']}')"; //end motdprefixe db_query($sql); header("Location: motd.php"); exit(); } }else{ if ($session[user][loggedin]){ //$session[user][hitpoints]=0; //$session[user][alive]=0; $session[user][experience]=round($session[user][experience]*0.9,0); addnews($session[user][name]." wurde für den Versuch, die Götter zu betrügen, bestraft."); output("Du hast versucht die Götter zu betrügen. Du wurdest mit Vergessen bestraft. Einiges von dem, was du einmal gewusst hast, weisst du nicht mehr."); saveuser(); } } } if ($_GET[op]=="del"){ if ($session[user][superuser]>=2){ $sql = "DELETE FROM motd WHERE motditem=\"$_GET[id]\""; db_query($sql); header("Location: motd.php"); exit(); }else{ if ($session[user][loggedin]){ //$session[user][hitpoints]=0; //$session[user][alive]=0; $session[user][experience]=round($session[user][experience]*0.9,0); addnews($session[user][name]." wurde für den Versuch, die Götter zu betrügen, bestraft."); output("Du hast versucht die Götter zu betrügen. Du wurdest mit Vergessen bestraft. Einiges von dem, was du einmal gewusst hast, weisst du nicht mehr."); saveuser(); } } } //original von darkangel modifiziert zum Einbau in Silienta by Rikkarda@silienta-logd.de thx an Eliwood für die Haue in meinem htmlgimpsein if ($_GET[op]=="edit"){ if ($session[user][superuser]>=3){ $sql = "SELECT * FROM motd WHERE motditem='".$_GET[id]."'"; $result = db_query($sql); $row = db_fetch_assoc($result); output("
        ",true); addnav("","motd.php?op=edit&id=".$_GET[id]."'"); output("
        Überschrift:",true); rawoutput("",true); output("
        ",true); output("
        MoTD-Author:
        ",true); output("
        Newstext:",true); rawoutput("",true); output("
        ",true); output("
        ",true); addnav("","motd.php?op=edit2&id=".$_GET[id]."'"); output("",true); } } if ($_GET[op]=="edit2"){ db_query("UPDATE motd SET motdtitle ='".$_POST[subject]."', motdauthor ='".$_POST[name]."', motdbody ='".$_POST[body]."' WHERE motditem='".$_GET[id]."'"); header("Location: motd.php"); exit(); } $sql = "SELECT * FROM motd ORDER BY motddate DESC limit 20"; if ($_GET[op]==""){ //month archiv [Code from 1.0.2 by Day] $count = getsetting("motditems", 5); $m = $_GET["month"]; if ($m > ""){ $sql = "SELECT " .("motd") . ".*,name AS motdauthorname FROM " .("motd") . " LEFT JOIN " .("accounts") . " ON " .("accounts") . ".acctid = " .("motd") . ".motdauthor WHERE motddate >= '{$m}-01' AND motddate <= '{$m}-31' ORDER BY motddate DESC"; $result = db_query($sql); }else{ $sql = "SELECT " .("motd") . ".*,name AS motdauthorname FROM " .("motd") . " LEFT JOIN " .("accounts") . " ON " .("accounts") . ".acctid = " .("motd") . ".motdauthor ORDER BY motddate DESC limit $count"; $result = db_query($sql); } for ($i=0;$i=2?"[Del][EDIT]":""), $row['motdbody'], $row['motdprefix'], $row['motddate'], $row['motdauthorname'], $row['motditem']); }else{ pollitem($row['motditem'], $row['motdtitle'].' '.($session[user][superuser]>=4?"`[Del]":""), $row['motdbody'], $row['motdauthorname'],$row['motddate'], $row['motditem']); } } output('`6'); $result = db_query("SELECT mid(motddate,1,7) AS d, count(*) AS c FROM ".("motd")." GROUP BY d ORDER BY d DESC"); //$row = db_fetch_assoc($result); rawoutput("
        "); rawoutput('MoTD Archiv: '); rawoutput(""); rawoutput(""); rawoutput("
        "); //end output("`@Kommentare und Fehler bitte ins Forum.`n `vmehr als die letzen Nachrichten findet ihr im Archiv:`0`n"); } $session[needtoviewmotd]=false; $sql = "SELECT motddate FROM motd ORDER BY motditem DESC LIMIT 1"; $result = db_query($sql); $row = db_fetch_assoc($result); $session[user][lastmotd]=$row[motddate]; } popup_footer(); ?>