connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); //==========================$_GET and SECURE================================= $start = (isset($_GET['start'])) ? $sqlw->quote_smart($_GET['start']) : 0; if (is_numeric($start)); else $start=0; $order_by = (isset($_GET['order_by'])) ? $sqlw->quote_smart($_GET['order_by']) : "id"; if (!preg_match("/^[_[:lower:]]{1,12}$/", $order_by)) $order_by="id"; $dir = (isset($_GET['dir'])) ? $sqlw->quote_smart($_GET['dir']) : 1; if (!preg_match("/^[01]{1}$/", $dir)) $dir=1; $order_dir = ($dir) ? "ASC" : "DESC"; $dir = ($dir) ? 0 : 1; //==========================$_GET and SECURE end============================= //==========================Browse/Search CHECK============================== $search_by = ''; $search_value = ''; if(isset($_GET['search_value']) && isset($_GET['search_by'])) { $search_value = $sqlw->quote_smart($_GET['search_value']); $search_by = $sqlw->quote_smart($_GET['search_by']); $search_menu = array("name", "id", "map"); if (!in_array($search_by, $search_menu)) $search_by = 'name'; unset($search_menu); if (preg_match('/^[\t\v\b\f\a\n\r\\\"\'\? <>[](){}_=+-|!@#$%^&*~`.,0123456789\0]{1,30}$/', $search_value)) redirect("tele.php?error=1"); $query_1 = $sqlw->query("SELECT count(*) FROM game_tele WHERE $search_by LIKE '%$search_value%'"); $query = $sqlw->query("SELECT id, name, map, position_x, position_y, position_z, orientation FROM game_tele WHERE $search_by LIKE '%$search_value%' ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); } else { $query_1 = $sqlw->query("SELECT count(*) FROM game_tele"); $query = $sqlw->query("SELECT id, name, map, position_x, position_y, position_z, orientation FROM game_tele ORDER BY $order_by $order_dir LIMIT $start, $itemperpage"); } $all_record = $sqlw->result($query_1,0); unset($query_1); //=====================top tage navigaion starts here======================== $output .="
"; if($user_lvl >= $action_permission['insert']) { makebutton($lang_tele['add_new'], "tele.php?action=add_tele",130); } makebutton($lang_global['back'], "javascript:window.history.back()", 130); ($search_by && $search_value) ? makebutton($lang_tele['teleports'], "tele.php\" type=\"def", 130) : $output .= ""; $output .= " "; $output .= generate_pagination("tele.php?order_by=$order_by&dir=".(($dir) ? 0 : 1).( $search_value && $search_by ? "&search_by=$search_by&search_value=$search_value" : "" ), $all_record, $itemperpage, $start); $output .= "
"; makebutton($lang_global['search'], "javascript:do_submit()",80); $output .= "
"; //======================top tage navigaion ENDS here ======================== $output .= " "; if($user_lvl >= $action_permission['delete']) $output .= " "; $output .= " "; $sqlm = new SQL; $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); while ($data = $sqlw->fetch_row($query)) { $output .= " "; if($user_lvl >= $action_permission['delete']) $output .= " "; $output .= " "; } unset($query); unset($data); $output .= "
{$lang_global['delete_short']}{$lang_tele['id']} {$lang_tele['name']} {$lang_tele['map']} {$lang_tele['x']} {$lang_tele['y']} {$lang_tele['z']} {$lang_tele['orientation']}
\"\"$data[0] "; if($user_lvl >= $action_permission['update']) $output .=" $data[1]"; else $output .="$data[1]"; $output .=" ".get_map_name($data[2], $sqlm)." ($data[2]) $data[3] $data[4] $data[5] $data[6]
"; $output .= generate_pagination("tele.php?order_by=$order_by&dir=".(($dir) ? 0 : 1).( $search_value && $search_by ? "&search_by=$search_by&search_value=$search_value" : "" ), $all_record, $itemperpage, $start); $output .= "
{$lang_tele['tot_locations']} : $all_record
"; } //############################################################################# // DO DELETE TELE FROM LIST //############################################################################# function del_tele() { global $world_db, $realm_id, $action_permission; valid_login($action_permission['delete']); if(!isset($_GET['id'])) redirect("Location: tele.php?error=1"); $sqlw = new SQL; $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $id = $sqlw->quote_smart($_GET['id']); if(is_numeric($id)); else redirect("tele.php?error=1"); //==========================$_GET and SECURE================================= $start = (isset($_GET['start'])) ? $sqlw->quote_smart($_GET['start']) : 0; if (is_numeric($start)); else $start=0; $order_by = (isset($_GET['order_by'])) ? $sqlw->quote_smart($_GET['order_by']) : "id"; if (!preg_match("/^[_[:lower:]]{1,10}$/", $order_by)) $order_by="id"; $dir = (isset($_GET['dir'])) ? $sqlw->quote_smart($_GET['dir']) : 1; if (!preg_match("/^[01]{1}$/", $dir)) $dir=1; $order_dir = ($dir) ? "ASC" : "DESC"; $dir = ($dir) ? 0 : 1; //==========================$_GET and SECURE end============================= $sqlw->query("DELETE FROM game_tele WHERE id = '$id'"); if ($sqlw->affected_rows() != 0) { redirect("tele.php?error=3&order_by=$order_by&start=$start&dir=$dir"); } else { redirect("tele.php?error=5"); } } //############################################################################# // EDIT TELE //############################################################################# function edit_tele() { global $lang_tele, $lang_global, $output, $world_db, $realm_id, $mmfpm_db, $action_permission, $user_lvl; valid_login($action_permission['update']); if(!isset($_GET['id'])) redirect("Location: tele.php?error=1"); $sqlw = new SQL; $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $sqlm = new SQL; $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $id = $sqlw->quote_smart($_GET['id']); if(is_numeric($id)); else redirect("tele.php?error=1"); $query = $sqlw->query("SELECT id, name, map, position_x, position_y, position_z, orientation FROM game_tele WHERE id = '$id'"); if ($sqlw->num_rows($query) == 1) { $tele = $sqlw->fetch_row($query); $output .= "
{$lang_tele['edit_tele']}
"; $output .= "
{$lang_tele['loc_id']} $tele[0]
{$lang_tele['loc_name']}
{$lang_tele['on_map']}
{$lang_tele['position_y']}
{$lang_tele['position_z']}
{$lang_tele['orientation']}
"; if($user_lvl >= $action_permission['delete']) makebutton($lang_tele['delete_tele'], "#\" onclick=\"answerBox('{$lang_global['delete']}: <font color=white>{$tele[1]}</font> <br /> {$lang_global['are_you_sure']}', 'tele.php?action=del_tele&id=$id');\" type=\"wrn",130); $output .= " "; makebutton($lang_tele['update_tele'], "javascript:do_submit()",130); makebutton($lang_global['back'], "tele.php\" type=\"def",130); $output .= "


"; } else error($lang_global['err_no_records_found']); } //############################################################################# // DO EDIT TELE LOCATION //############################################################################# function do_edit_tele() { global $world_db, $realm_id, $action_permission; valid_login($action_permission['update']); if( empty($_GET['id']) || !isset($_GET['new_name']) || !isset($_GET['new_map']) || !isset($_GET['new_x']) || !isset($_GET['new_y'])|| !isset($_GET['new_z'])|| !isset($_GET['new_orientation'])) redirect("tele.php?error=1"); $sqlw = new SQL; $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $id = $sqlw->quote_smart($_GET['id']); if(is_numeric($id)); else redirect("tele.php?error=1"); $new_name = $sqlw->quote_smart($_GET['new_name']); $new_map = $sqlw->quote_smart($_GET['new_map']); $new_x = $sqlw->quote_smart($_GET['new_x']); $new_y = $sqlw->quote_smart($_GET['new_y']); $new_z = $sqlw->quote_smart($_GET['new_z']); $new_orientation = $sqlw->quote_smart($_GET['new_orientation']); $sqlw->query("UPDATE game_tele SET position_x='$new_x', position_y ='$new_y', position_z ='$new_z', orientation ='$new_orientation', map ='$new_map', name ='$new_name' WHERE id = '$id'"); if ($sqlw->affected_rows()) { redirect("tele.php?error=3"); } else { redirect("tele.php?error=5"); } } //############################################################################# // ADD NEW TELE //############################################################################# function add_tele() { global $output, $lang_tele, $lang_global, $mmfpm_db, $action_permission; valid_login($action_permission['insert']); $sqlw = new SQL; $output .= "
{$lang_tele['add_new_tele']}
{$lang_tele['loc_name']}
{$lang_tele['on_map']}
{$lang_tele['position_x']}
{$lang_tele['position_y']}
{$lang_tele['position_z']}
{$lang_tele['orientation']}
"; makebutton($lang_tele['add_new'], "javascript:do_submit()",130); makebutton($lang_global['back'], "tele.php\" type=\"def",130); $output .= "


"; } //############################################################################# // DO ADD TELE LOCATION //############################################################################# function do_add_tele() { global $world_db, $realm_id, $action_permission; valid_login($action_permission['insert']); if( !isset($_GET['name']) || !isset($_GET['map']) || !isset($_GET['x']) || !isset($_GET['y'])|| !isset($_GET['z'])|| !isset($_GET['orientation'])) redirect("tele.php?error=1"); $sqlw = new SQL; $sqlw->connect($world_db[$realm_id]['addr'], $world_db[$realm_id]['user'], $world_db[$realm_id]['pass'], $world_db[$realm_id]['name']); $name = $sqlw->quote_smart($_GET['name']); $map = $sqlw->quote_smart($_GET['map']); $x = $sqlw->quote_smart($_GET['x']); $y = $sqlw->quote_smart($_GET['y']); $z = $sqlw->quote_smart($_GET['z']); $orientation = $sqlw->quote_smart($_GET['orientation']); $sqlw->query("INSERT INTO game_tele VALUES (NULL,'$x','$y', '$z' ,'$orientation' ,'$map' ,'$name')"); if ($sqlw->affected_rows()) { redirect("tele.php?error=3"); } else { redirect("tele.php?error=5"); } } //############################################################################# // MAIN //############################################################################# $err = (isset($_GET['error'])) ? $_GET['error'] : NULL; $output .= "
"; $lang_tele = lang_tele(); switch ($err) { case 1: $output .= "

{$lang_global['empty_fields']}

"; break; case 2: $output .= "

{$lang_global['err_no_search_passed']}

"; break; case 3: $output .= "

{$lang_tele['tele_updated']}

"; break; case 4: $output .= "

{$lang_tele['search_results']}

"; break; case 5: $output .= "

{$lang_tele['error_updating']}

"; break; default: //no error $output .= "

{$lang_tele['tele_locations']}

"; } unset($err); $output .= "
"; $action = (isset($_GET['action'])) ? $_GET['action'] : NULL; switch ($action) { case "edit_tele": edit_tele(); break; case "do_edit_tele": do_edit_tele(); break; case "add_tele": add_tele(); break; case "do_add_tele": do_add_tele(); break; case "del_tele": del_tele(); break; default: browse_tele(); } unset($action); unset($action_permission); unset($lang_tele); require_once("footer.php"); ?>