quote_smart($_GET['realm']); if (is_numeric($realmid)) $sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']); else $realmid = $realm_id; } //==========================$_GET and SECURE================================= $start = (isset($_GET['start'])) ? $sqlc->quote_smart($_GET['start']) : 0; if (is_numeric($start)); else $start=0; $order_by = (isset($_GET['order_by'])) ? $sqlc->quote_smart($_GET['order_by']) : 'gid'; if (preg_match('/^[_[:lower:]]{1,10}$/', $order_by)); else $order_by='gid'; $dir = (isset($_GET['dir'])) ? $sqlc->quote_smart($_GET['dir']) : 1; if (preg_match('/^[01]{1}$/', $dir)); else $dir=1; $order_dir = ($dir) ? 'ASC' : 'DESC'; $dir = ($dir) ? 0 : 1; //==========================$_GET and SECURE end============================= //==========================MyGuild========================================== $query_myGuild = $sqlc->query("SELECT g.guildid as gid, g.name, g.leaderguid AS lguid, (SELECT name from characters where guid = lguid), (SELECT race in (2,5,6,8,10) from characters where guid = lguid) as faction, (select count(*) from characters where guid in (select guid from guild_member where guildid = lguid) and online = 1) as gonline, (select count(*) from guild_member where guildid = gid), SUBSTRING_INDEX(g.MOTD,' ',6), g.createdate, (select account from characters where guid = lguid) FROM guild as g left outer join guild_member as gm on gm.guildid = g.guildid left outer join characters as c on c.guid = gm.guid where c.account = $user_id group by g.guildid order by gid"); if ($query_myGuild) { $output .= '
'.$lang_guild['my_guilds'].' '; while ($data = $sqlr->fetch_row($query_myGuild)) { $result = $sqlr->query("SELECT gmlevel FROM account WHERE id ='$data[9]'"); $owner_gmlvl = $sqlr->result($result, 0, 'gmlevel'); $output .= " "; $output .= ($user_lvl < $owner_gmlvl ) ? "" : ""; $output .= " "; } unset($data); unset($result); $output .= '
'.$lang_guild['id'].' '.$lang_guild['guild_name'].' '.$lang_guild['guild_leader'].' '.$lang_guild['guild_faction'].' '.$lang_guild['tot_m_online'].' '.$lang_guild['guild_motd'].' '.$lang_guild['create_date'].'
$data[0] $data[1]".htmlentities($data[3])."".htmlentities($data[3])."\"\" $data[5]/$data[6] ".htmlentities($data[7])." ... ".date('o-m-d', $data[8])."

'; } //==========================MyGuild end====================================== //==========================Browse/Search Guilds CHECK======================= $search_by =''; $search_value = ''; if(isset($_GET['search_value']) && isset($_GET['search_by'])) { $search_by = $sqlc->quote_smart($_GET['search_by']); $search_value = $sqlc->quote_smart($_GET['search_value']); $search_menu = array('name', 'leadername', 'guildid'); if (in_array($search_by, $search_menu)); else $search_by = 'name'; switch($search_by) { case "name": if (preg_match('/^[\t\v\b\f\a\n\r\\\"\'\? <>[](){}_=+-|!@#$%^&*~`.,0123456789\0]{1,30}$/', $search_value)) redirect("guild.php?error=5&realm=$realmid"); $query = $sqlc->query("SELECT g.guildid as gid, g.name,g.leaderguid as lguid, (SELECT name from characters where guid = lguid) as lname, c.race in (2,5,6,8,10) as lfaction, (select count(*) from guild_member where guildid = gid) as tot_chars, createdate, c.account as laccount FROM guild as g left outer join characters as c on c.guid = g.leaderguid where g.name like '%$search_value%' ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); $query_count = $sqlc->query("SELECT 1 from guild where name like '%$search_value%'"); break; case "leadername" : if (preg_match('/^[\t\v\b\f\a\n\r\\\"\'\? <>[](){}_=+-|!@#$%^&*~`.,0123456789\0]{1,30}$/', $search_value)) redirect("guild.php?error=5&realm=$realmid"); $query = $sqlc->query("SELECT g.guildid as gid, g.name,g.leaderguid as lguid, (SELECT name from characters where guid = lguid) as lname, c.race in (2,5,6,8,10) as lfaction, (select count(*) from guild_member where guildid = gid) as tot_chars, createdate, c.account as laccount FROM guild as g left outer join characters as c on c.guid = g.leaderguid where g.leaderguid in (SELECT guid from characters where name like '%$search_value%') ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); $query_count = $sqlc->query("SELECT 1 from guild where leaderguid in (select guid from characters where name like '%$search_value%')"); break; case "guildid" : if (is_numeric($search_value)); else redirect("guild.php?error=5&realm=$realmid"); $query = $sqlc->query("SELECT g.guildid as gid, g.name,g.leaderguid as lguid, (SELECT name from characters where guid = lguid) as lname, c.race in (2,5,6,8,10) as lfaction, (select count(*) from guild_member where guildid = gid) as tot_chars, createdate, c.account as laccount FROM guild as g left outer join characters as c on c.guid = g.leaderguid where g.guildid = '$search_value' ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); $query_count = $sqlc->query("SELECT 1 from guild where guildid = '$search_value'"); break; default : redirect("guild.php?error=2&realm=$realmid"); } } else { $query = $sqlc->query("SELECT g.guildid as gid, g.name,g.leaderguid as lguid, (SELECT name from characters where guid = lguid) as lname, c.race in (2,5,6,8,10) as lfaction, (select count(*) from guild_member where guildid = gid) as tot_chars, createdate, c.account as laccount FROM guild as g left outer join characters as c on c.guid = g.leaderguid ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); $query_count = $sqlc->query("SELECT 1 from guild"); } $all_record = $sqlc->num_rows($query_count); //==========================Browse/Search Guilds CHECK end=================== //==========================Browse/Search Guilds============================= $output .="
"; makebutton($lang_global['search'], "javascript:do_submit()",80); ($search_by && $search_value) ? makebutton($lang_guild['show_guilds'], "guild.php?realm=$realmid\" type=\"def", 130) : $output .= ""; $output .= "
"; //==========================top tage navigaion ENDS here ==================== $output .= "
{$lang_guild['browse_guilds']} "; while ($data = $sqlr->fetch_row($query)) { $result = $sqlr->query("SELECT gmlevel FROM account WHERE id ='$data[7]'"); $owner_gmlvl = $sqlr->result($result, 0, 'gmlevel'); $output .= " "; $output .= ($user_lvl >= $action_permission['update']) ? "" : ""; $output .= ($user_lvl < $owner_gmlvl ) ? "" : ""; $output .= " "; } $output .= "
"; $output .= generate_pagination("guild.php?action=brows_guilds&realm=$realmid&order_by=$order_by&".($search_value && $search_by ? "search_by=$search_by&search_value=$search_value&" : "")."dir=".(($dir) ? 0 : 1)."", $all_record, $itemperpage, $start); $output .= "
".($order_by=='gid' ? "\"\" " : "")."{$lang_guild['id']} ".($order_by=='name' ? "\"\" " : "")."{$lang_guild['guild_name']} ".($order_by=='lname' ? "\"\" " : "")."{$lang_guild['guild_leader']} ".($order_by=='lfaction' ? "\"\" " : "")."{$lang_guild['guild_faction']} ".($order_by=='tot_chars' ? "\"\" " : "")."{$lang_guild['tot_members']} ".($order_by=='createdate' ? "\"\" " : "")."{$lang_guild['create_date']}
$data[0]".htmlentities($data[1])."".htmlentities($data[1])."".htmlentities($data[3])."".htmlentities($data[3])."\"\" $data[5] ".date('o-m-d', $data[6])."
".generate_pagination("guild.php?action=brows_guilds&realm=$realmid&order_by=$order_by&".($search_value && $search_by ? "search_by=$search_by&search_value=$search_value&" : "")."dir=".(($dir) ? 0 : 1)."", $all_record, $itemperpage, $start)."
{$lang_guild['tot_guilds']} : $all_record

"; } //==========================Browse/Search Guilds end========================= function count_days( $a, $b ) { $gd_a = getdate( $a ); $gd_b = getdate( $b ); $a_new = mktime( 12, 0, 0, $gd_a['mon'], $gd_a['mday'], $gd_a['year'] ); $b_new = mktime( 12, 0, 0, $gd_b['mon'], $gd_b['mday'], $gd_b['year'] ); return round( abs( $a_new - $b_new ) / 86400 ); } //############################################################################# // VIEW GUILD //############################################################################# function view_guild() { global $lang_guild, $lang_global, $output, $realm_db, $characters_db, $mmfpm_db, $realm_id, $itemperpage, $action_permission, $user_lvl, $user_id, $showcountryflag; if(!isset($_GET['id'])) redirect("guild.php?error=1&realm=$realmid"); $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); if (empty($_GET['realm'])) $realmid = $realm_id; else { $realmid = $sqlr->quote_smart($_GET['realm']); if (!is_numeric($realmid)) $realmid = $realm_id; } $sqlc = new SQL; $sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']); $guild_id = $sqlc->quote_smart($_GET['id']); if(is_numeric($guild_id)); else redirect("guild.php?error=6&realm=$realmid"); //==========================SQL INGUILD and GUILDLEADER====================== $q_inguild = $sqlc->query("select 1 from guild_member where guildid = '$guild_id' and guid in (select guid from characters where account = '$user_id')"); $inguild = $sqlc->result($q_inguild, 0, '1'); if ( $user_lvl < $action_permission['update'] && !$inguild ) redirect("guild.php?error=6&realm=$realmid"); $q_amIguildleader = $sqlc->query("select 1 from guild where guildid = '$guild_id' and leaderguid in (select guid from characters where account = '$user_id')"); $amIguildleader = $sqlc->result($q_amIguildleader, 0, '1'); $q_guildmemberCount = $sqlc->query("SELECT 1 from guild_member where guildid = '$guild_id'"); $guildmemberCount = $sqlc->num_rows($q_guildmemberCount); //====================SQL INGUILD and GUILDLEADER end======================== //==========================$_GET and SECURE================================= $start = (isset($_GET['start'])) ? $sqlc->quote_smart($_GET['start']) : 0; if (is_numeric($start)); else $start=0; $order_by = (isset($_GET['order_by'])) ? $sqlc->quote_smart($_GET['order_by']) : "mrank"; if (!preg_match("/^[_[:lower:]]{1,10}$/", $order_by)) $order_by="mrank"; $dir = (isset($_GET['dir'])) ? $sqlc->quote_smart($_GET['dir']) : 1; if (!preg_match("/^[01]{1}$/", $dir)) $dir=1; $order_dir = ($dir) ? "ASC" : "DESC"; $dir = ($dir) ? 0 : 1; //==========================$_GET and SECURE end============================= $query = $sqlc->query("SELECT guildid, name, info, MOTD, createdate, (select count(*) from guild_member where guildid = '$guild_id') as mtotal, (select count(*) from guild_member where guildid = '$guild_id' and guid in (select guid from characters where online = 1)) as monline FROM guild WHERE guildid = '$guild_id'"); $guild_data = $sqlc->fetch_row($query); $output .= "
{$lang_guild['guild']}
"; if ($guild_data[2] != '') $output .= " "; if ($guild_data[3] != '') $output .= " "; $output .="
{$lang_guild['create_date']}:
".date('o-m-d', $guild_data[4])."		 $guild_data[1] {$lang_guild['tot_m_online']}:
$guild_data[6] / $guild_data[5]
{$lang_guild['info']}:
$guild_data[2]
{$lang_guild['motd']}:
$guild_data[3]
".generate_pagination("guild.php?action=view_guild&realm=$realmid&id=$guild_id&order_by=$order_by&dir=".(($dir) ? 0 : 1)."", $guildmemberCount, $itemperpage, $start)."
"; if ($showcountryflag) { require_once 'libs/misc_lib.php'; $sqlm = new SQL; $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $output .=" "; } $output .=" "; $members = $sqlc->query("SELECT gm.guid as cguid, c.name as cname, c.`race` as crace ,c.`class` as cclass, c.`level` AS clevel, gm.rank AS mrank, (SELECT rname FROM guild_rank WHERE guildid ='$guild_id' AND rid = mrank) AS rname, gm.Pnote, gm.OFFnote, gender, c.`online` as conline, c.`account`, c.`logout_time` as clogout FROM guild_member as gm left outer join characters as c on c.guid = gm.guid WHERE gm.guildid = '$guild_id' ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); while ($member = $sqlr->fetch_row($members)) { $result = $sqlr->query("SELECT gmlevel FROM account WHERE id ='$member[11]'"); $owner_gmlvl = $sqlr->result($result, 0, 'gmlevel'); $output .= " "; // gm, gildleader or own account! are allowed to remove from guild $output .= ($user_lvl >= $action_permission['delete'] || $amIguildleader || $member[11] == $user_id) ? " " : " "; $output .= ($user_lvl < $owner_gmlvl ) ? " " : " "; $output .= " "; if ($showcountryflag) { $country = misc_get_country_by_account($member[11], $sqlr, $sqlm); $output .=" "; } $output .=" "; } unset($member); $output .= "
{$lang_guild['remove']} ".($order_by=='cname' ? "\"\" " : "")."{$lang_guild['name']} ".($order_by=='crace' ? "\"\" " : "")."{$lang_guild['race']} ".($order_by=='cclass' ? "\"\" " : "")."{$lang_guild['class']} ".($order_by=='clevel' ? "\"\" " : "")."{$lang_guild['level']} ".($order_by=='mrank' ? "\"\" " : "")."{$lang_guild['rank']} {$lang_guild['pnote']} {$lang_guild['offnote']} ".($order_by=='clogout' ? "\"\" " : "")."{$lang_guild['llogin']} ".($order_by=='conline' ? "\"\" " : "")."{$lang_guild['online']}{$lang_global['country']}
\"\" ".htmlentities($member[1])."".htmlentities($member[1])."\"\" \"\" ".char_get_level_color($member[4])." ".htmlentities($member[6])." (".$member[5].") ".htmlentities($member[7])." ".htmlentities($member[8])." ".get_days_with_color($member[12])." ".(($member[10]) ? "\"\"" : "-")."".(($country['code']) ? "\"\"" : "-")."
".generate_pagination("guild.php?action=view_guild&error=3&realm=$realmid&id=$guild_id&order_by=$order_by&dir=".!$dir, $guildmemberCount, $itemperpage, $start)."

"; $output .= "
"; if ($user_lvl >= $action_permission['delete'] || $amIguildleader) { makebutton($lang_guild['del_guild'], "guild.php?action=del_guild&realm=$realmid&id=$guild_id\" type=\"wrn", 130); $output .= " "; } makebutton($lang_guild['guildbank'], "guildbank.php?id=$guild_id&realm=$realmid", 130); $output .= " "; makebutton($lang_guild['show_guilds'], "guild.php?realm=$realmid\" type=\"def", 130); $output .= "
"; } //############################################################################# // ARE YOU SURE YOU WOULD LIKE TO OPEN YOUR AIRBAG? //############################################################################# function del_guild() { global $lang_guild, $lang_global, $output, $characters_db, $realm_id, $action_permission, $user_lvl, $user_id; $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); if (empty($_GET['realm'])) $realmid = $realm_id; else { $realmid = $sqlr->quote_smart($_GET['realm']); if (!is_numeric($realmid)) $realmid = $realm_id; } if(isset($_GET['id'])) $id = $_GET['id']; else redirect("guild.php?error=1&realm=$realmid"); if (is_numeric($id)); else redirect("guild.php?error=5&realm=$realmid"); $sqlc = new SQL; $sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']); $q_amIguildleader = $sqlc->query("select 1 from guild where guildid = '$id' and leaderguid in (select guid from characters where account = '$user_id')"); $amIguildleader = $sqlc->result($q_amIguildleader, 0, '1'); if ($user_lvl < $action_permission['delete'] && !$amIguildleader) redirect("guild.php?error=6&realm=$realmid"); $output .= "

{$lang_global['are_you_sure']}


{$lang_guild['guild_id']}: $id {$lang_global['will_be_erased']}

"; makebutton($lang_global['yes'], "javascript:do_submit()\" type=\"wrn",130); $output .= " "; makebutton($lang_global['no'], "guild.php?action=view_guild&realm=$realmid&id=$id\" type=\"def",130); $output .= '

'; } //############################################################################# //REMOVE CHAR FROM GUILD //############################################################################# function rem_char_from_guild(&$sqlr, &$sqlc) { global $characters_db, $realm_id, $user_lvl, $user_id; // this is multi realm support, as of writing still under development // this page is already implementing it if (empty($_GET['realm'])) $realmid = $realm_id; else { $realmid = $sqlr->quote_smart($_GET['realm']); if (is_numeric($realmid)) $sqlc->connect($characters_db[$realmid]['addr'], $characters_db[$realmid]['user'], $characters_db[$realmid]['pass'], $characters_db[$realmid]['name']); else $realmid = $realm_id; } if(isset($_GET['id'])) $guid = $_GET['id']; else redirect("guild.php?error=1&realm=$realmid"); if (is_numeric($guid)); else redirect("guild.php?error=5&realm=$realmid"); if(isset($_GET['guld_id'])) $guld_id = $_GET['guld_id']; else redirect("guild.php?error=1&realm=$realmid"); if (is_numeric($guld_id)); else redirect("guild.php?error=5&realm=$realmid"); $q_amIguildleaderOrSelfRemoval = $sqlc->query("select 1 from guild as g left outer join guild_member as gm on gm.guildid = g.guildid where g.guildid = '$guld_id' and (g.leaderguid in (select guid from characters where account = '$user_id') or gm.guid in (select guid from characters where account = '$user_id' and guid = '$guid'))"); $amIguildleaderOrSelfRemoval = $sqlc->result($q_amIguildleaderOrSelfRemoval, 0, '1'); if ($user_lvl < $action_permission['delete'] && !$amIguildleaderOrSelfRemoval ) redirect("guild.php?error=6&realm=$realmid"); $char_data = $sqlc->query("SELECT data FROM `characters` WHERE guid = '$guid'"); $data = $sqlc->result($char_data, 0, 'data'); $data = explode(' ',$data); $data[CHAR_DATA_OFFSET_GUILD_ID] = 0; $data[CHAR_DATA_OFFSET_GUILD_RANK] = 0; $data = implode(' ',$data); $sqlc->query("UPDATE `characters` SET data = '$data' WHERE guid = '$guid'"); $sqlc->query("DELETE FROM guild_member WHERE guid = '$guid'"); redirect("guild.php?action=view_guild&realm=$realmid&id=$guld_id"); } //############################################################################# // MAIN //############################################################################# $err = (isset($_GET['error'])) ? $_GET['error'] : NULL; $output .= '
'; $lang_guild = lang_guild(); switch ($err) { case 1: $output .= "

{$lang_global['err_empty_fields']}

"; break; case 2: $output .= "

{$lang_global['err_no_search_passed']}

"; break; case 3: //keep blank break; case 4: $output .= "

{$lang_guild['guild_search_result']}:

"; break; case 5: $output .= "

{$lang_global['err_invalid_input']}:

"; break; case 6: $output .= "

{$lang_global['err_no_permission']}:

"; break; default: //no error $output .= "

{$lang_guild['browse_guilds']}

"; } unset($err); $output .= '
'; $action = (isset($_GET['action'])) ? $_GET['action'] : NULL; if ('view_guild' == $action) view_guild(); elseif ('del_guild' == $action) del_guild(); elseif ('rem_char_from_guild' == $action) rem_char_from_guild($sqlr, $sqlc); else browse_guilds($sqlr, $sqlc); unset($action); unset($action_permission); unset($lang_guild); require_once 'footer.php'; ?>