LoGD Standardrelease steht hier zum Download zur Verfügung!
Zeige Source: /biodiary.php
Hier klicken für den Source, ODER
Weitere Dateien, von denen du den Quelltext sehen kannst:
(Das Lesen des Source, um sich spielerische Vorteile zu verschaffen, ist nicht erlaubt.
Solltest du Schwachstellen oder Fehler entdecken, bist du als Spieler verpflichtet, diese zu melden.)
<?php
/*eigenständiger Teil eines Spielertagebuches deren Idee auf dem Original von :kelko:
/********************************************************************
* *
* developed by: *
* :kelko: *
* kelko < at > anakrino <.> de *
* http://kelko.anakrino.de *
* *
* *
*********************************************************************
Vielen Dank dafür
umgeschrieben als eigeneständiges Script und modifiziert und angepasst für Silienta von:
Contact:
Rikkarda@silienta-logd.de
www.silienta-logd.de
anperanick: Rikkarda
icq: 212 076 731
Entwicklerforum : http://www.dai-clan.de/SiliForum/wbb2/index.php
Download des Pakets im Forum oder unter www.anpera.net inkl Einbauanleitung möglich
*/
/**
* Allow these tags in Silienta sind bestimmte html codes zum einfügen von Bildern und Absätze per Entertaste erlaubt
*/
$allowedTags='<br><b><h1><h2><h3><h4><i><hr>' .
'<img><li><ol><p><strong><table>' .
'<tr><td><th><u><ul><div><span><center><p><img><font>';
/**
* Disallow these attributes/prefix within a tag (Sicherheitsfix um ausführbare Javascripte zu unterbinden)
*/
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'.
'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|onabort|'.
'onfocus|onload|onblur|onchange|onerror|onreset|onselect|obsubmit|onunload|style';
/**
* @return string
* @param string
* @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes()
*/
function removeEvilTags($source,$iframe_allowed)
{
global $allowedTags;
if($iframe_allowed == 1) $allowedTags.= "<iframe>";
$source = strip_tags($source, $allowedTags);
return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source, $allowedTags);
}
/**
* @return string
* @param string
* @desc Strip forbidden attributes from a tag
*/
function removeEvilAttributes($tagSource)
{
global $stripAttrib;
return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));
}
require_once "common.php";
checkday();
$result = db_query("SELECT * FROM accounts WHERE login='".rawurldecode($_GET['char'])."'");
$row = db_fetch_assoc($result);
//some 'shortcuts' wir sind faul in Silienta ^^
$row['login'] = rawurlencode($row['login']);
$id = $row['acctid'];
$owner = $row['name'];
$char = rawurlencode($_GET['char']);
//check whether i look at my own profile
if ($row['login']==rawurlencode($session['user']['login'])) $myProf = true; else $myProf = false;
if ($_GET[ret]==""){
//Geändert von Val wg. besserer Listennavigation
//source: 1 = Bioliste; 2 = Gildenliste
if($_GET[source]!=""){
switch((int)$_GET[source]){
case 1: if($_GET[page] == "")addnav("Zurück zur Bioliste","list.php");
else addnav("Zurück zur Bioliste","list2.php?page=".$_GET[page]);
break;
case 2: if($_GET[page] == "")addnav("Zurück zur Gildenliste","liste2.php");
else addnav("Zurück zur Gildenliste","liste2.php?page=".$_GET[page]);
break;
case 3: if($_GET[page] == "")addnav("Zurück zur Kämpferliste","list.php");
else addnav("Zurück zur Kämpferliste","list.php?page=".$_GET[page]);
break;
case 4: if($_GET[page] == "")addnav("Zurück zur Gildenauswahl","list.php?op=gilde&ID=".$_GET[ID]);
else addnav("Zurück zur Gildenauswahl","list.php?op=gilde&page=".$_GET[page]."&ID=".$_GET[ID]);
break;
}
}
if($_GET[source] < 3){
addnav("Zurück");
addnav("zurück zur Geschichte","bio.php?char=".rawurlencode($_GET['char'])."");
addnav("Ganz zurück");
addnav("Zur Liste der Krieger","list.php");
}
//Ende Änderung Val wg. besserer Listennavigation
}else{
$return = preg_replace("'[&?]c=[[ igit:]-]+'","",$_GET[ret]);
$return = substr($return,strrpos($return,"/")+1);
addnav("Zurück",$return);
}
/*//Geändert von Val wg. besserer Listennavigation
if($_GET[source]!="") addnav("News anzeigen","bio.php?char=$row[login]&op=shownews&ret=".$_GET['ret']."&source=".$_GET[source]."&page=".$_GET[page]."&ID=".$_GET[ID]);
else addnav("News anzeigen","bio.php?char=$row[login]&op=shownews&ret=".$_GET['ret']);
//Ende Änderung Val wg. besserer Listennavigation
*/
//addnav("News anzeigen","bio.php?char=$row[login]&op=shownews&ret=".$_GET['ret']);
page_header("Tagebuch von: ".preg_replace("'[`].'","",$row['name']));
if($_GET['op']==""||$_GET['op']=="long")
{
$result1 = db_query("SELECT * FROM bio WHERE acctid='$row[acctid]'");
$row1 = db_fetch_assoc($result1);
if (getsetting("avatare",0)==1){
if ($row1['avatar']){
output("`n<table align='center'><tr><td align='center' valign='top'><img src=\"$row1[avatar]\" alt=\"".preg_replace("'[`].'","",$row[name])."\"> </td></tr><td valign='top'></td></tr></table>",true);
}else{
output("`n<table align='center'><tr><td align='center' valign='top'><img src=\"images/keinbild.gif\" </td></tr></table>",true);
}
}
//show the diary
output("`n`^Ausführliches Tagebuch von $row[name]:");
if ($myProf) {
//i can add a chapter to my diary
output("<a href='biodiary.php?op=newChapter&char=$char&ret=$_GET[ret]'>[Neuen Abschnitt]</a>", true);
addnav("","biodiary.php?op=newChapter&char=".$char."&ret=".$_GET[ret]);
}
if ($session['user']['superuser'] >= 3 || $myProf ) {
//me and the admins can delete the whole diary
output("<a href='biodiary.php?op=wipe&char=$char&ret=$_GET[ret]'>`$[Leeren]</a>`n`n", true);
addnav("","biodiary.php?op=wipe&char=".$char."&ret=".$_GET[ret]);
}
output("`n`n");
$sql = "SELECT * FROM `diary` WHERE `acctid`='$id' ORDER BY `diaryID` ASC";
$bio_res = db_query($sql);
//showing each chapter
for ($i = 0; $i < db_num_rows($bio_res); $i++) {
$bio_row = db_fetch_assoc($bio_res);
//the table is used for better centralized texts
//no 'reorganizing' (shifting right) of the text when the paypal-icons end
output("<table width='100%'><tr><td width='5%'></td><td width='90%'>", true);
output("`c`!$bio_row[title]`0");
if ($session['user']['superuser'] >= 3 ||$myProf) {
//admins and me may
//edit this particular chapter
output("<a href='biodiary.php?op=editChapter&no=$bio_row[diaryID]&char=".$char."&ret=".$_GET[ret]."'>[Bearbeiten]</a>", true);
addnav("","biodiary.php?op=editChapter&no=$bio_row[diaryID]&char=".$char."&ret=".$_GET[ret]);
//delete this particular chapter
output("<a href='biodiary.php?op=delChapter&no=$bio_row[diaryID]&char=".$char."&ret=".$_GET[ret]."'>`$[Löschen]</a>", true);
addnav("","biodiary.php?op=delChapter&no=$bio_row[diaryID]&char=".$char."&ret=".$_GET[ret]);
}
//expand the macro "/me" to the actual name
$body = str_replace("/me", $owner, $bio_row['body']);
//$body = .CloseTags(removeEvilTags(soap(nl2br($bio_row['body'])),$row['frame'])),true);
output("`c`n");
//show this chapter
output (removeEvilTags(soap(nl2br($body)),"`c`b"),true);
output("</td><td width='5%'></td></tr></table>", true);
output("`n`n");
}
} elseif ($_GET['op']=='editChapter') {
//edit a chapter
output("<form action='biodiary.php?char=$char&op=progress&act=editChapter&ID=$_GET[no]&ret=$_GET[ret]' method='POST'>", true);
$form=array(
"Neues Kapitel,title"
,"diaryID"=>"ID ,veryhidden"
,"title"=>"Titel"
,"body"=>"Inhalt,textarea,70,30"
);
$bio_res = db_query("SELECT * FROM `diary` WHERE `diaryID`='".$_GET['no']."'");
$bio_row = db_fetch_assoc($bio_res);
$prefs['title'] = $bio_row['title'];
$prefs['body'] = $bio_row['body'];
$prefs['diaryID'] =$bio_row['diaryID'];
showform($form,$prefs);
output("</form>", true);
addnav("", "biodiary.php?char=$char&op=progress&act=editChapter&ID=$_GET[no]&ret=$_GET[ret]");
} elseif ($_GET['op']=='delChapter') {
//delete a chapter
$sql = "DELETE FROM `diary` WHERE `diaryID`='".$_GET['no']."'";
db_query($sql);
redirect("biodiary.php?op=long&char=$char&ret=$_GET[ret]");
} elseif ($_GET['op']=='newChapter') {
//create a new chapter
output("<form action='biodiary.php?op=progress&act=newChapter&char=$char&ret=$_GET[ret]' method='POST'>", true);
$form=array(
"Neues Kapitel,title"
,"title"=>"Titel"
,"body"=>"Inhalt,textarea,70,30"
);
$prefs['title'] = "";
$prefs['body'] = "";
showform($form,$prefs);
output("</form>", true);
addnav("", "biodiary.php?op=progress&act=newChapter&char=".$char."&ret=".$_GET[ret]);
} elseif ($_GET['op']=='wipe') {
//delete all chapters
$sql = "DELETE FROM `diary` WHERE `acctid`='$id'";
db_query($sql);
redirect("biodiary.php?op=long&char=$char&ret=$_GET[ret]");
//end of the diary
} elseif ($_GET['op']=='progress') {
//saving all the changes
//most of them and centralizing them by :kelko:
if ($_GET['act'] == 'editChapter') {
//editing a chapter
/*$body = str_replace("\'","\\'", $_POST[body]);
$body = str_replace("'","\\'", $_POST[body]);
$title = str_replace("'","\\'", $_POST[title]);
$title = str_replace("\'","\\'", $_POST[title]);*/
$body = mysql_real_escape_string(stripslashes($_POST['body']));
$title = mysql_real_escape_string(stripslashes($_POST['title']));
db_query("UPDATE diary SET title='$title', body='$body' WHERE diaryID='".$_GET[ID]."'");
output("Kapitel geändert");
redirect("biodiary.php?op=long&char=$char&ret=$_GET[ret]");
} else if ($_GET['act'] == 'newChapter') {
//creating a chapter
/*$body = str_replace("\'","\\'", $_POST[body]);
$body = str_replace("'","\\'", $_POST[body]);
$title = str_replace("'","\\'", $_POST[title]);
$title = str_replace("\'","\\'", $_POST[title]);*/
$body = mysql_real_escape_string(stripslashes($_POST['body']));
$title = mysql_real_escape_string(stripslashes($_POST['title']));
db_query("INSERT INTO `diary`(`acctid`,`title`,`body`,`date`) VALUES('".$session[user][acctid]."','$title','$body',now())");
output("Kapitel gespeichert");
redirect("biodiary.php?op=long&char=$char&ret=$_GET[ret]");
}
}
page_footer();
?>