Ignore:
Timestamp:
Aug 13, 2007, 9:05:34 PM (17 years ago)
Author:
george
Message:

Aktualizace MaNGOS Minimanageru na verzi 0.1.4a.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • minimanager/char_edit.php

    r5 r19  
    2424if (empty($_GET['id'])) error($lang_global['empty_fields']);
    2525
    26 $mysql = new MySQL;
    27 $mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
     26$sql = new SQL;
     27$sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
    2828 
    29 $id = $mysql->quote_smart($_GET['id']);
    30 
    31 $result = $mysql->query("SELECT account FROM `character` WHERE guid = '$id'");
    32 
    33 if ($mysql->num_rows($result)){
     29$id = $sql->quote_smart($_GET['id']);
     30
     31$result = $sql->query("SELECT account FROM `character` WHERE guid = '$id'");
     32
     33if ($sql->num_rows($result)){
    3434        //resrict by owner's gmlvl
    35         $owner_acc_id = $mysql->result($result, 0, 'account');
    36         $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    37         $query = $mysql->query("SELECT gmlevel,username FROM account WHERE id ='$owner_acc_id'");
    38         $owner_gmlvl = $mysql->result($query, 0, 'gmlevel');
    39         $owner_name = $mysql->result($query, 0, 'username');
     35        $owner_acc_id = $sql->result($result, 0, 'account');
     36        $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     37        $query = $sql->query("SELECT gmlevel,username FROM account WHERE id ='$owner_acc_id'");
     38        $owner_gmlvl = $sql->result($query, 0, 'gmlevel');
     39        $owner_name = $sql->result($query, 0, 'username');
    4040
    4141 if ($user_lvl >= $owner_gmlvl){
    42         $mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
    43 
    44         $result = $mysql->query("SELECT guid,account,data,name,race,class,position_x,position_y,map,online,totaltime,position_z FROM `character` WHERE guid = '$id'");
    45         $char = $mysql->fetch_row($result);
     42        $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
     43
     44        $result = $sql->query("SELECT guid,account,data,name,race,class,position_x,position_y,map,online,totaltime,position_z,zone      FROM `character` WHERE guid = '$id'");
     45        $char = $sql->fetch_row($result);
    4646        $char_data = explode(' ',$char[2]);
    4747
     
    5050
    5151        if($char_data[CHAR_DATA_OFFSET_GUILD_ID]){
    52                 $query = $mysql->query("SELECT name FROM guild WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}'");
    53                 $guild_name = $mysql->result($query, 0, 'name');
     52                $query = $sql->query("SELECT name FROM guild WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}'");
     53                $guild_name = $sql->result($query, 0, 'name');
    5454                if ($user_lvl > 0 ) $guild_name = "<a href=\"guild.php?action=view_guild&amp;error=3&amp;id={$char_data[CHAR_DATA_OFFSET_GUILD_ID]}\" >$guild_name</a>";
    5555                if ($char_data[CHAR_DATA_OFFSET_GUILD_RANK]){
    56                         $guild_rank_query = $mysql->query("SELECT rname FROM guild_rank WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}' AND rid='{$char_data[CHAR_DATA_OFFSET_GUILD_RANK]}'");
    57                         $guild_rank = $mysql->result($guild_rank_query, 0, 'rname');
     56                        $guild_rank_query = $sql->query("SELECT rname FROM guild_rank WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}' AND rid='{$char_data[CHAR_DATA_OFFSET_GUILD_RANK]}'");
     57                        $guild_rank = $sql->result($guild_rank_query, 0, 'rname');
    5858                        } else $guild_rank = $lang_char['guild_leader'];
    5959        } else {
     
    8282</tr>
    8383<tr>
    84  <td colspan=\"8\">".get_map_name($char[9])." - ".get_zone_name($char[8], $char[6], $char[7])."</td>
     84 <td colspan=\"8\">".get_map_name($char[9])." - ".get_zone_name($char[12])."</td>
    8585</tr>
    8686<tr>
     
    169169
    170170//inventory+bank items
    171         $mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
    172         $sql = "SELECT bag,slot,item,item_template FROM character_inventory WHERE guid = '$id' ORDER BY bag,slot";
    173         $query2 = $mysql->query($sql);
     171        $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
     172        $query2 = $sql->query("SELECT bag,slot,item,item_template FROM character_inventory WHERE guid = '$id' ORDER BY bag,slot");
    174173
    175174        $inv = array();
    176175        $count = 0;
    177176       
    178         while ($slot = $mysql->fetch_row($query2)){
     177        while ($slot = $sql->fetch_row($query2)){
    179178                if ($slot[0] == 0) {
    180179                        if($slot[1] >= 23 && $slot[1] <= 62) {
     
    218217 //case of non auth request
    219218 } else {
    220                 $mysql->close();
     219                $sql->close();
    221220                error($lang_char['no_permission']);
    222221                exit();
     
    224223
    225224} else error($lang_char['no_char_found']);
    226 $mysql->close();
     225$sql->close();
    227226}
    228227
     
    237236if ( empty($_GET['id']) || empty($_GET['name']) ) error($lang_global['empty_fields']);
    238237
    239 $mysql = new MySQL;
    240 $mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
    241 
    242 $id = $mysql->quote_smart($_GET['id']);
    243 
    244 $result = $mysql->query("SELECT account,online FROM `character` WHERE guid = '$id'");
    245 
    246 if ($mysql->num_rows($result)){
     238$sql = new SQL;
     239$sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
     240
     241$id = $sql->quote_smart($_GET['id']);
     242
     243$result = $sql->query("SELECT account,online FROM `character` WHERE guid = '$id'");
     244
     245if ($sql->num_rows($result)){
    247246//we cannot edit online chars
    248  if(!$mysql->result($result, 0, 'online')){
     247 if(!$sql->result($result, 0, 'online')){
    249248        //resrict by owner's gmlvl
    250         $owner_acc_id = $mysql->result($result, 0, 'account');
    251         $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    252         $query = $mysql->query("SELECT gmlevel FROM account WHERE id ='$owner_acc_id'");
    253         $owner_gmlvl = $mysql->result($query, 0, 'gmlevel');
     249        $owner_acc_id = $sql->result($result, 0, 'account');
     250        $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     251        $query = $sql->query("SELECT gmlevel FROM account WHERE id ='$owner_acc_id'");
     252        $owner_gmlvl = $sql->result($query, 0, 'gmlevel');
    254253
    255254  if ($user_lvl > $owner_gmlvl){
    256255
    257         if(isset($_GET['check'])) $check = $mysql->quote_smart($_GET['check']);
     256        if(isset($_GET['check'])) $check = $sql->quote_smart($_GET['check']);
    258257                else $check = NULL;
    259258
    260         $new_name = $mysql->quote_smart($_GET['name']);
     259        $new_name = $sql->quote_smart($_GET['name']);
    261260       
    262         if (isset($_GET['tot_time'])) $new_tot_time = $mysql->quote_smart($_GET['tot_time']);
     261        if (isset($_GET['tot_time'])) $new_tot_time = $sql->quote_smart($_GET['tot_time']);
    263262                else $new_tot_time =  0;
    264         if (isset($_GET['res_holy'])) $new_res_holy = $mysql->quote_smart($_GET['res_holy']);
     263        if (isset($_GET['res_holy'])) $new_res_holy = $sql->quote_smart($_GET['res_holy']);
    265264                else $new_res_holy =  0;
    266         if (isset($_GET['res_arcane'])) $new_res_arcane = $mysql->quote_smart($_GET['res_arcane']);
     265        if (isset($_GET['res_arcane'])) $new_res_arcane = $sql->quote_smart($_GET['res_arcane']);
    267266                else $new_res_arcane =  0;
    268         if (isset($_GET['res_fire'])) $new_res_fire = $mysql->quote_smart($_GET['res_fire']);
     267        if (isset($_GET['res_fire'])) $new_res_fire = $sql->quote_smart($_GET['res_fire']);
    269268                else $new_res_fire =  0;
    270         if (isset($_GET['res_nature'])) $new_res_nature = $mysql->quote_smart($_GET['res_nature']);
     269        if (isset($_GET['res_nature'])) $new_res_nature = $sql->quote_smart($_GET['res_nature']);
    271270                else $new_res_nature =  0;
    272         if (isset($_GET['res_frost'])) $new_res_frost = $mysql->quote_smart($_GET['res_frost']);
     271        if (isset($_GET['res_frost'])) $new_res_frost = $sql->quote_smart($_GET['res_frost']);
    273272                else $new_res_frost =  0;
    274         if (isset($_GET['res_shadow'])) $new_res_shadow = $mysql->quote_smart($_GET['res_shadow']);
     273        if (isset($_GET['res_shadow'])) $new_res_shadow = $sql->quote_smart($_GET['res_shadow']);
    275274                else $new_res_shadow =  0;
    276         if (isset($_GET['attack_power'])) $new_attack_power = $mysql->quote_smart($_GET['attack_power']);
     275        if (isset($_GET['attack_power'])) $new_attack_power = $sql->quote_smart($_GET['attack_power']);
    277276                else $new_attack_power =  0;
    278         if (isset($_GET['range_attack_power'])) $new_range_attack_power = $mysql->quote_smart($_GET['range_attack_power']);
     277        if (isset($_GET['range_attack_power'])) $new_range_attack_power = $sql->quote_smart($_GET['range_attack_power']);
    279278                else $new_range_attack_power =  0;
    280         if (isset($_GET['money'])) $new_money = $mysql->quote_smart($_GET['money']);
     279        if (isset($_GET['money'])) $new_money = $sql->quote_smart($_GET['money']);
    281280                else $new_money =  0;
    282         if (isset($_GET['arena_points'])) $new_arena_points = $mysql->quote_smart($_GET['arena_points']);
     281        if (isset($_GET['arena_points'])) $new_arena_points = $sql->quote_smart($_GET['arena_points']);
    283282                else $new_arena_points =  0;
    284         if (isset($_GET['honor_points'])) $new_honor_points = $mysql->quote_smart($_GET['honor_points']);
     283        if (isset($_GET['honor_points'])) $new_honor_points = $sql->quote_smart($_GET['honor_points']);
    285284                else $new_honor_points =  0;
    286         if (isset($_GET['total_kills'])) $new_total_kills = $mysql->quote_smart($_GET['total_kills']);
     285        if (isset($_GET['total_kills'])) $new_total_kills = $sql->quote_smart($_GET['total_kills']);
    287286                else $new_total_kills =  0;
    288287       
     
    292291                error($lang_char['use_numeric']);
    293292
    294         if (isset($_GET['health'])) $new_health = $mysql->quote_smart($_GET['health']);
     293        if (isset($_GET['health'])) $new_health = $sql->quote_smart($_GET['health']);
    295294                else $new_health =  1;
    296         if (isset($_GET['mana'])) $new_mana = $mysql->quote_smart($_GET['mana']);
     295        if (isset($_GET['mana'])) $new_mana = $sql->quote_smart($_GET['mana']);
    297296                else $new_mana =  0;
    298         if (isset($_GET['str'])) $new_str = $mysql->quote_smart($_GET['str']);
     297        if (isset($_GET['str'])) $new_str = $sql->quote_smart($_GET['str']);
    299298                else $new_str =  1;
    300         if (isset($_GET['agi'])) $new_agi = $mysql->quote_smart($_GET['agi']);
     299        if (isset($_GET['agi'])) $new_agi = $sql->quote_smart($_GET['agi']);
    301300                else $new_agi =  1;
    302         if (isset($_GET['sta'])) $new_sta = $mysql->quote_smart($_GET['sta']);
     301        if (isset($_GET['sta'])) $new_sta = $sql->quote_smart($_GET['sta']);
    303302                else $new_sta =  1;
    304         if (isset($_GET['int'])) $new_int = $mysql->quote_smart($_GET['int']);
     303        if (isset($_GET['int'])) $new_int = $sql->quote_smart($_GET['int']);
    305304                else $new_int =  1;
    306         if (isset($_GET['spi'])) $new_spi = $mysql->quote_smart($_GET['spi']);
     305        if (isset($_GET['spi'])) $new_spi = $sql->quote_smart($_GET['spi']);
    307306                else $new_spi =  1;
    308         if (isset($_GET['exp'])) $new_exp = $mysql->quote_smart($_GET['exp']);
     307        if (isset($_GET['exp'])) $new_exp = $sql->quote_smart($_GET['exp']);
    309308                else $new_exp =  0;
    310         if (isset($_GET['armor'])) $new_armor = $mysql->quote_smart($_GET['armor']);
     309        if (isset($_GET['armor'])) $new_armor = $sql->quote_smart($_GET['armor']);
    311310                else $new_armor =  0;
    312         if (isset($_GET['block'])) $new_block = $mysql->quote_smart($_GET['block']);
     311        if (isset($_GET['block'])) $new_block = $sql->quote_smart($_GET['block']);
    313312                else $new_block =  0;
    314         if (isset($_GET['dodge'])) $new_dodge = $mysql->quote_smart($_GET['dodge']);
     313        if (isset($_GET['dodge'])) $new_dodge = $sql->quote_smart($_GET['dodge']);
    315314                else $new_dodge =  0;
    316         if (isset($_GET['parry'])) $new_parry = $mysql->quote_smart($_GET['parry']);
     315        if (isset($_GET['parry'])) $new_parry = $sql->quote_smart($_GET['parry']);
    317316                else $new_parry =  0;
    318         if (isset($_GET['crit'])) $new_crit = $mysql->quote_smart($_GET['crit']);
     317        if (isset($_GET['crit'])) $new_crit = $sql->quote_smart($_GET['crit']);
    319318                else $new_crit =  0;
    320         if (isset($_GET['range_crit'])) $new_range_crit = $mysql->quote_smart($_GET['range_crit']);
     319        if (isset($_GET['range_crit'])) $new_range_crit = $sql->quote_smart($_GET['range_crit']);
    321320                else $new_range_crit =  0;
    322321
     
    326325        ||(!is_numeric($new_crit))||(!is_numeric($new_range_crit))) error($lang_char['use_numeric']);
    327326
    328         $x = (isset($_GET['x'])) ? $mysql->quote_smart($_GET['x']) : 0;
    329         $y = (isset($_GET['y'])) ? $mysql->quote_smart($_GET['y']) : 0;
    330         $z = (isset($_GET['z'])) ? $mysql->quote_smart($_GET['z']) : 0;
    331         $map = (isset($_GET['map'])) ? $mysql->quote_smart($_GET['map']) : 0;
    332         $tp_to = (isset($_GET['tp_to'])) ? $mysql->quote_smart($_GET['tp_to']) : 0;
    333 
    334         $mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
    335 
    336         $result = $mysql->query("SELECT data FROM `character` WHERE guid = '$id'");
    337         $char = $mysql->fetch_row($result);
     327        $x = (isset($_GET['x'])) ? $sql->quote_smart($_GET['x']) : 0;
     328        $y = (isset($_GET['y'])) ? $sql->quote_smart($_GET['y']) : 0;
     329        $z = (isset($_GET['z'])) ? $sql->quote_smart($_GET['z']) : 0;
     330        $map = (isset($_GET['map'])) ? $sql->quote_smart($_GET['map']) : 0;
     331        $tp_to = (isset($_GET['tp_to'])) ? $sql->quote_smart($_GET['tp_to']) : 0;
     332
     333        $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
     334
     335        $result = $sql->query("SELECT data FROM `character` WHERE guid = '$id'");
     336        $char = $sql->fetch_row($result);
    338337        $char_data = explode(' ',$char[0]);
    339338
     
    401400
    402401                                        sscanf($item_num, "a%d",$item_num);
    403                                         $result = $mysql->query("SELECT item FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0");
    404                                         $item_inst_id = $mysql->result($result, 0, 'item');
    405 
    406                                         $mysql->query("DELETE FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0");
    407                                         $mysql->query("DELETE FROM item_instance WHERE guid = '$item_inst_id' AND owner_guid = '$id'");
    408                                         $mysql->query("DELETE FROM item_text WHERE id = '$item_inst_id'");
     402                                        $result = $sql->query("SELECT item FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0");
     403                                        $item_inst_id = $sql->result($result, 0, 'item');
     404
     405                                        $sql->query("DELETE FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0");
     406                                        $sql->query("DELETE FROM item_instance WHERE guid = '$item_inst_id' AND owner_guid = '$id'");
     407                                        $sql->query("DELETE FROM item_text WHERE id = '$item_inst_id'");
    409408                                        } else { //deleting inv/bank items
    410                                                         $mysql->query("DELETE FROM character_inventory WHERE guid = '$id' AND item = '$item_num'");
    411                                                         $mysql->query("DELETE FROM item_instance WHERE guid = '$item_num' AND owner_guid = '$id'");
    412                                                         $mysql->query("DELETE FROM item_text WHERE id = '$item_num'");
     409                                                        $sql->query("DELETE FROM character_inventory WHERE guid = '$id' AND item = '$item_num'");
     410                                                        $sql->query("DELETE FROM item_instance WHERE guid = '$item_num' AND owner_guid = '$id'");
     411                                                        $sql->query("DELETE FROM item_text WHERE id = '$item_num'");
    413412                                        }
    414413                        }
     
    418417
    419418        if ($tp_to){
    420                 $query = $mysql->query("SELECT map, position_x, position_y, position_z, orientation FROM game_tele WHERE LOWER(name) = '".strtolower($tp_to)."'");
    421                 $tele = $mysql->fetch_row($query);
     419                $query = $sql->query("SELECT map, position_x, position_y, position_z, orientation FROM game_tele WHERE LOWER(name) = '".strtolower($tp_to)."'");
     420                $tele = $sql->fetch_row($query);
    422421                if($tele) $teleport = "map='$tele[0]', position_x='$tele[1]', position_y='$tele[2]', position_z='$tele[3]', orientation='$tele[4]',";
    423422                        else error($lang_char['no_tp_location']);
    424423        } else $teleport = "map='$map', position_x='$x', position_y='$y', position_z='$z',";
    425424
    426         $result = $mysql->query("UPDATE `character` SET data = '$data', name = '$new_name', $teleport totaltime = '$new_tot_time' WHERE guid = '$id'");
    427         $mysql->close();
     425        $result = $sql->query("UPDATE `character` SET data = '$data', name = '$new_name', $teleport totaltime = '$new_tot_time' WHERE guid = '$id'");
     426        $sql->close();
    428427
    429428        if ($result) redirect("char_edit.php?action=edit_char&id=$id&error=3");
    430429                else redirect("char_edit.php?action=edit_char&id=$id&error=4");
    431430  } else {
    432                 $mysql->close();
     431                $sql->close();
    433432                error($lang_char['no_permission']);
    434433                }
    435434 } else {
    436                 $mysql->close();
     435                $sql->close();
    437436                redirect("char_edit.php?action=edit_char&id=$id&error=2");
    438437                }
    439438} else error($lang_char['no_char_found']);
    440 $mysql->close();
     439$sql->close();
    441440}
    442441
Note: See TracChangeset for help on using the changeset viewer.