';
/**
* Disallow these attributes/prefix within a tag
*/
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'.
'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|onabort|'.
'onfocus|onload|onblur|onchange|onerror|onreset|onselect|obsubmit|onunload|style';
/**
* @return string
* @param string
* @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes()
*/
function removeEvilTags($source)
{
global $allowedTags;
$source = strip_tags($source, $allowedTags);
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source);
}
/**
* @return string
* @param string
* @desc Strip forbidden attributes from a tag
*/
function removeEvilAttributes($tagSource)
{
global $stripAttrib;
return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));
}
//von Rikkarda@silienta-logd.de umwandlung von Link zu Hyperlink
function makeUrl($text) {
return preg_replace( array(
"/[^\"'=]((http):\/\/[^\s\"']+)/i",
"/]+)>/i"
),
array(
"HIER",
""
),
$text
);
}
//db_query("ALTER TABLE `motd` ADD `motdprefix` VARCHAR( 30 ) NOT NULL ;");
function db_prefix($input) { return $input; }
popup_header("Adalirs Neueste Nachrichten");
if (!$session['user']['loggedin']){
output("Dich interessieren die neusten Nachrichten aus Adalir? Melde Dich an und werde ein Teil unserer Welt! Wir freuen uns auf jedes Wesen, welches den Weg in unser herrliches Dorf findet :)
!");
}else{
output(($session[user][superuser]>=2?" [MoTD erstellen|Umfrage erstellen]`n":""),true);
function motditem($subject, $body, $prefixe, $date, $author){
output("`^ $prefixe $subject`0",true);
$result = "select motd.motdauthor,
accounts.name,
accounts.acctid
from motd, accounts
where accounts.name = '$author'";
$row = db_fetch_assoc(db_query($result));
output("`n`0".$author." `0- `#".$date."`n",true);
output(nl2br(makeUrl("$body")),true);
output("' .
'
",true);
}
function pollitem($id, $subject, $body, $author, $date){
global $session;
$sql = "SELECT count(resultid) AS c, MAX(choice) AS choice FROM pollresults WHERE motditem='$id' AND account='{$session['user']['acctid']}'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$choice = $row['choice'];
$body = unserialize($body);
if ($row['c']==0 && 0){
output("",true);
}else{
output("",true);
}
output("
",true);
}
if ($_GET[op]=="vote"){
$sql = "DELETE FROM pollresults WHERE motditem='{$_POST['motditem']}' AND account='{$session['user']['acctid']}'";
db_query($sql);
$sql = "INSERT INTO pollresults (choice,account,motditem) VALUES ('{$_POST['choice']}','{$session['user']['acctid']}','{$_POST['motditem']}')";
db_query($sql);
header("Location: motd.php");
exit();
}
if ($_GET[op]=="addpoll"){
if($session['user']['superuser']>=2){
if ($_POST['subject']=="" || $_POST['body']==""){
output("",true);
}else{
$body = array("body"=>$_POST['body'],"opt"=>$_POST['opt']);
$sql = "INSERT INTO motd (motdtitle,motdbody,motddate,motdtype,motdauthor) VALUES (\"$_POST[subject]\",\"".addslashes(serialize($body))."\",now(),1,\"".$session[user][acctid]."\")";
db_query($sql);
header("Location: motd.php");
exit();
}
}else{
if ($session[user][loggedin]){
//$session[user][hitpoints]=0;
//$session[user][alive]=0;
$session[user][experience]=round($session[user][experience]*0.9,0);
addnews($session[user][name]." wurde für den Versuch, die Götter zu betrügen, bestraft.");
output("Du hast versucht die Götter zu betrügen. Du wurdest mit Vergessen bestraft. Einiges von dem, was du einmal gewusst hast, weisst du nicht mehr.");
saveuser();
}
}
}
if ($_GET[op]=="add"){
if ($session[user][superuser]>=2){
if ($_POST[subject]=="" || $_POST[body]==""){
output("",true);
}else{
//motdprefixe [© 2005 by Day]
if($_POST['prefix'] != "") $_POST['prefix'].=": ";
$sql = "INSERT INTO motd (motdtitle,motdbody,motddate,motdprefix,motdauthor) VALUES (\"$_POST[subject]\",\"$_POST[body]\",now(),\"$_POST[prefix]\",'{$session['user']['acctid']}')";
//end motdprefixe
db_query($sql);
header("Location: motd.php");
exit();
}
}else{
if ($session[user][loggedin]){
//$session[user][hitpoints]=0;
//$session[user][alive]=0;
$session[user][experience]=round($session[user][experience]*0.9,0);
addnews($session[user][name]." wurde für den Versuch, die Götter zu betrügen, bestraft.");
output("Du hast versucht die Götter zu betrügen. Du wurdest mit Vergessen bestraft. Einiges von dem, was du einmal gewusst hast, weisst du nicht mehr.");
saveuser();
}
}
}
if ($_GET[op]=="del"){
if ($session[user][superuser]>=2){
$sql = "DELETE FROM motd WHERE motditem=\"$_GET[id]\"";
db_query($sql);
header("Location: motd.php");
exit();
}else{
if ($session[user][loggedin]){
//$session[user][hitpoints]=0;
//$session[user][alive]=0;
$session[user][experience]=round($session[user][experience]*0.9,0);
addnews($session[user][name]." wurde für den Versuch, die Götter zu betrügen, bestraft.");
output("Du hast versucht die Götter zu betrügen. Du wurdest mit Vergessen bestraft. Einiges von dem, was du einmal gewusst hast, weisst du nicht mehr.");
saveuser();
}
}
}
//original von darkangel modifiziert zum Einbau in Silienta by Rikkarda@silienta-logd.de thx an Eliwood für die Haue in meinem htmlgimpsein
if ($_GET[op]=="edit"){
if ($session[user][superuser]>=3){
$sql = "SELECT * FROM motd WHERE motditem='".$_GET[id]."'";
$result = db_query($sql);
$row = db_fetch_assoc($result);
output("",true);
}
}
if ($_GET[op]=="edit2"){
db_query("UPDATE motd SET motdtitle ='".$_POST[subject]."', motdauthor ='".$_POST[name]."', motdbody ='".$_POST[body]."' WHERE motditem='".$_GET[id]."'");
header("Location: motd.php");
exit();
}
$sql = "SELECT * FROM motd ORDER BY motddate DESC limit 20";
if ($_GET[op]==""){
//month archiv [Code from 1.0.2 by Day]
$count = getsetting("motditems", 5);
$m = $_GET["month"];
if ($m > ""){
$sql = "SELECT " .("motd") . ".*,name AS motdauthorname FROM " .("motd") . " LEFT JOIN " .("accounts") . " ON " .("accounts") . ".acctid = " .("motd") . ".motdauthor WHERE motddate >= '{$m}-01' AND motddate <= '{$m}-31' ORDER BY motddate DESC";
$result = db_query($sql);
}else{
$sql = "SELECT " .("motd") . ".*,name AS motdauthorname FROM " .("motd") . " LEFT JOIN " .("accounts") . " ON " .("accounts") . ".acctid = " .("motd") . ".motdauthor ORDER BY motddate DESC limit $count";
$result = db_query($sql);
}
for ($i=0;$i