LoGD Standardrelease steht hier zum Download zur Verfügung!

Zeige Source: /raceeditor.php

Hier klicken für den Source, ODER
Weitere Dateien, von denen du den Quelltext sehen kannst:
(Das Lesen des Source, um sich spielerische Vorteile zu verschaffen, ist nicht erlaubt. Solltest du Schwachstellen oder Fehler entdecken, bist du als Spieler verpflichtet, diese zu melden.)

Source von: /raceeditor.php

<?php 
require_once "common.php"
isnewday(3); 
page_header("Rasseneditor");
/* 
  Copyright, don't remove it! 
  Rasseneditor by Eliwood 
  Last Fix: 19.06.2004 
  E-Mail: basilius.sauter@hispeed.ch 
*/ 
output("`Q`b`cRasseneditor`c`b`0`n`n"); 
switch (
$_GET['op']) 
  { 
    case 
""
    case 
"create"
    case 
"delete"
    case 
"switch"
    case 
"aktive"
    case 
"ja":
      if (
$_GET['op']=="aktive"
        { 
         
$sql "SELECT * FROM race WHERE raceid='".$_GET[race]."' LIMIT 1"
         
$result db_query($sql); 
         
$row db_fetch_assoc($result); 
         if (
$row['active']==1
           { 
             
$sql "UPDATE race SET active=0 WHERE raceid='$_GET[race]'"
             
db_query($sql); 
             
output("Die Rasse $row[name] wurde deaktiviert.`n`n"); 
           } 
         else 
           { 
             
$sql "UPDATE race SET active=1 WHERE raceid='$_GET[race]'"
             
db_query($sql); 
             
output("Die Rasse $row[name] wurde aktiviert.`n`n"); 
           } 
        } 
      if (
$_GET['op']=="create"
        { 
      
$bonus = array("lp"=>$_POST['lp'
                        ,
"atk"=>$_POST['atk'
                        ,
"def"=>$_POST['def'
                        ,
"wk"=>$_POST['wk'
                        ,
"da"=>$_POST['da'
                        ,
"mk"=>$_POST['mk'
                        ,
"tv"=>$_POST['tv'
                        ,
"hk"=>$_POST['hk'
                        ,
"fw"=>$_POST['fw'
                        ,
"cw"=>$_POST['cw'
                        ); 
     
//reset($_POST['item']); 
          
$sql "INSERT INTO race (name,color,colorname,category,story,link,dk,bonus) "
                  
"VALUES ('".$_POST['name']."', "
                         
"'".$_POST['color']."', "
                         
"'".$_POST['color'].$_POST['name']."',"
                         
"'".$_POST['category']."',"
                         
"'".$_POST['story']."',"
                         
"'".$_POST['link']."',"
                         
"'".$_POST['dk']."',"
                         
"'"./*addslashes(serialize($bonus))*/serialize($bonus)."'"
                         
");"
          
db_query($sql) or die(db_errno($sql)); 
          
output("Rasse wurde erstellt`n`n"); 
        } 
      if (
$_GET['op']=="switch"
        { 
          
$sql "UPDATE accounts " 
                  
."SET race='".$_POST['color'].$_POST['name']."' " 
                
."WHERE race='".$_POST['old']."' "
          
db_query($sql); 
      
$bonus = array("lp"=>$_POST['lp'
                        ,
"atk"=>$_POST['atk'
                        ,
"def"=>$_POST['def'
                        ,
"wk"=>$_POST['wk'
                        ,
"da"=>$_POST['da'
                        ,
"mk"=>$_POST['mk'
                        ,
"tv"=>$_POST['tv'
                        ,
"hk"=>$_POST['hk'
                        ,
"fw"=>$_POST['fw'
                        ,
"cw"=>$_POST['cw'
                        ); 
                        
        
$bonus serialize($bonus);
        
          
$sql "UPDATE race " 
          
."SET name='".$_POST['name']."'," 
                    
."color='".$_POST['color']."'," 
                    
."colorname='".$_POST['color'].$_POST['name']."'," 
                    
."category='".$_POST['category']."'," 
                    
."story='".$_POST['story']."'," 
                    
."link='".$_POST['link']."'," 
                    
."dk='".$_POST['dk']."'," 
                    
."bonus='$bonus'" 
                    
."WHERE raceid='$_GET[race]'"
          
db_query($sql) or die(db_error($sql)); 
          
//Ausgaben 
          
output("Änderungen wurden gespeichert`n`n"); 
        } 
      if (
$_GET['op']=="delete"
        { 
          
//SQL-Abfragen 
          
$sql "SELECT * FROM race WHERE raceid='$_GET[race]'"
          
$result db_query($sql); 
          
$row db_fetch_assoc($result);
          
output("<h2>Willst du wirklich die Rasse ".$row[color].$row[name]." `0löschen?</h2>`n`n`n",true);
          
addnav("ja","raceeditor.php?op=ja&race={$row['raceid']}");
          
addnav("nein","raceeditor.php");
        } 
      if (
$_GET['op']=="ja")
          {
          
$sql "SELECT * FROM race WHERE raceid='$_GET[race]'"
          
$result db_query($sql); 
          
$row db_fetch_assoc($result);
          
$sql "DELETE FROM race WHERE raceid='$_GET[race]'"
          
db_query($sql); 
          
$sql "UPDATE accounts SET race='' WHERE race='".$row[color].$row[name]."'"
          
db_query($sql); 
          
//Ausgabe: 
          
output("Du hast gerade die Rasse ".$row[color].$row[name]."`0 gelöscht. Alle User mit dieser Rasse " 
                
."müssen ihre Rasse erneut wählen`n`n");         
        }
      
//Navigation: 
      
addnav("Der Editor:"); 
      
addnav("Rasse hinzufügen","raceeditor.php?op=add"); 
      
addnav("Aktualisieren",$SCRIPT_NAME); 
      
addnav("Sonstiges"); 
      
addnav("Zurück zur Grotte","superuser.php"); 
      
//Ausgabe: 
      
output("<table cellpadding=2 cellspacing=1 bgcolor='#999999'>" 
              
."<tr class=trhead>" 
            
."<td>ID:</td>" 
            
."<td>Name:</td>" 
            
."<td>Kategorie</td>" 
            
."<td>DK-Freigabe</td>" 
            
."<td>Lp Bonus</td>" 
            
."<td>Atk Bonus</td>" 
            
."<td>Def Bonus</td>" 
            
."<td>Waldkampf Bonus</td>" 
            
."<td>Optionen</td>" 
            
."</tr>",true); 
      
$sql "SELECT * FROM race ORDER BY 'category' ASC";// DESC 
      
$result db_query($sql); 
      if (
db_num_rows($result)) 
          { 
            
$i 0
            while(
$row db_fetch_assoc($result)) 
              { 
                
$bgcolor=($i%2==1?"trlight":"trdark"); 
                
//$bonus = stripslashes(unserialize($row['bonus'])); 
                
$bonus unserialize($row['bonus']); 
                
output("<tr class=$bgcolor><td>{$row['raceid']}</td>" 
                          
."<td>{$row['color']}{$row['name']}`0</td>" 
                          
."<td>{$row['category']}</td>" 
                          
."<td>{$row['dk']}</td>" 
                          
."<td>{$bonus['lp']}</td>" 
                          
."<td>{$bonus['atk']}</td>" 
                          
."<td>{$bonus['def']}</td>" 
                          
."<td>{$bonus['wk']}</td>" 
                          
."<td>" 
                          
."<a href=\"raceeditor.php?op=delete&race={$row['raceid']}\">[`4Löschen`0]</a><br>" 
                          
."<a href=\"raceeditor.php?op=aktive&race={$row['raceid']}\">".($row['active'] == "[`^Deaktivieren`0]" "[`^Aktivieren`0]")."</a><br>" 
                          
."<a href=\"raceeditor.php?op=change&race={$row['raceid']}\">[`2Bearbeiten`0]</a><br>" 
                          
."</td>" 
                          
."</tr>" 
                          
,true); 
                
addnav("","raceeditor.php?op=delete&race={$row['raceid']}"); 
                
addnav("","raceeditor.php?op=aktive&race={$row['raceid']}"); 
                
addnav("","raceeditor.php?op=change&race={$row['raceid']}"); 
                
output("<tr class=$bgcolor><td colspan=9>{$row['link']}</td></tr>",true); 
                
output("<tr class=$bgcolor><td colspan=9>{$row['story']}</td></tr>",true); 
                
$i++; 
              } 
          } 
      else 
          { 
            
output("<tr><td colspan=11>Keine Rassen vorhanden</td></tr>",true); 
          } 
      break; 
    case 
"add"
      
//Navigation: 
      
addnav("Der Editor:"); 
      
addnav("Rasenübersicht","raceeditor.php"); 
      
addnav("Sonstiges"); 
      
addnav("Zurück zur Grotte","superuser.php"); 
      
//Ausgabe: 
      
rawoutput("<table><form action='raceeditor.php?op=create' method='post'>" 
              
."<tr><td>Name der Rasse:</td><td><input name='name' maxlenght=50 size=30></td></tr>" 
            
."<tr><td>Farbcode:</td><td><input name='color' maxlenght=2 size=5></td></tr>" 
            
."<tr><td>Kategorie</td><td><input name='category' maxlenght=50 size=30></td></tr>" 
            
."<tr><td>Hintergrundgeschichte</td><td><textarea wrap=virtual name='story' rows=5 cols=30></textarea></td></tr>" 
            
."<tr><td>Link</td><td><textarea wrap=virtual name='link' rows=5 cols=30></textarea></td></tr>" 
            
."<tr><td>Ab wievielen Drachenkills verfügbar?</td><td><input name='dk' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Lebenspunkte Bonus:</td><td><input name='lp' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Angriff Bonus:</td><td><input name='atk' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Verteidigung Bonus:</td><td><input name='def' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Waldkampf Bonus:</td><td><input name='wk' maxlenght=5 size=5></td></tr>" 
      
."<tr><td>Zusätzliche Anwendungen in den Dunkel Künsten:</td><td><input name='da' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in den Mytischen Kräften:</td><td><input name='mk' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in den Diebeskünsten:</td><td><input name='tv' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in den Heiligen Kräften:</td><td><input name='hk' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in der Feuermagie:</td><td><input name='fw' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in der Chrono-Magie:</td><td><input name='cw' maxlenght=5 size=5></td></tr>" 
      
."<tr><td> </td><td> </td></tr>" 
      
."<tr><td colspan=2>" 
                               
."<input type='hidden' value='' name='old' maxlenght=5 size=5>" 
                               
."<input class=button type='submit' value='Rasse erstellen'></td></tr>" 
            
); 
      
addnav("","raceeditor.php?op=create"); 
      break; 
    case 
"change"
      
//Navigation: 
      
addnav("Der Editor:"); 
      
addnav("Rasenübersicht","raceeditor.php"); 
      
addnav("Rase hinzufügen","raceeditor.php?op=add"); 
      
addnav("Sonstiges"); 
      
addnav("Zurück zur Grotte","superuser.php"); 
      
//SQL-Abfragen 
      
$sql "SELECT * FROM race WHERE raceid='$_GET[race]'"
      
$result db_query($sql); 
      
$row db_fetch_assoc($result); 
      
//Navigation 
      //$bonus = unserialize(stripslashes($row['bonus'])); 
      
$bonus unserialize($row['bonus']); 
      
rawoutput("<table><form action='raceeditor.php?op=switch&race={$row['raceid']}' method='post'> 
              <tr><td>Name der Rasse:</td><td><input value='
$row[name]' name='name' maxlenght=50 size=30></td></tr>  
      <tr><td>Kategorie</td><td><input value='
$row[category]' name='category' maxlenght=50 size=30></td></tr> 
            <tr><td>Hintergrundgeschichte</td><td><textarea wrap=virtual name='story' rows=5 cols=30>
$row[story]</textarea></td></tr> 
            <tr><td>Link</td><td><textarea wrap=virtual name='link' rows=5 cols=30>
$row[link]</textarea></td></tr>"
      
."<tr><td colspan=2>" 
                               
."<input type='hidden' value='".$row['color'].$row['name']."' name='old' maxlenght=5 size=5>" 
                               
."<input class=bottom type='submit' value='Rasse speichern'></td></tr>" 
            
."</table>",true);
             
    
// das korrekte rawoutput:         
    
rawoutput("<table><form action='raceeditor.php?op=switch&race={$row['raceid']}' method='post'> 
              <tr><td>Name der Rasse:</td><td><input value='
$row[name]' name='name' maxlenght=50 size=30></td></tr> 
            <tr><td>Farbcode:</td><td><input value='
$row[color]' name='color' maxlenght=2 size=5></td></tr> 
      <tr><td>Kategorie</td><td><input value='
$row[category]' name='category' maxlenght=50 size=30></td></tr> 
            <tr><td>Hintergrundgeschichte</td><td><textarea wrap=virtual name='story' rows=5 cols=30>
$row[story]</textarea></td></tr> 
            <tr><td>Link</td><td><textarea wrap=virtual name='link' rows=5 cols=30>
$row[link]</textarea></td></tr> 
            <tr><td>Ab wievielen Drachenkills verfügbar?</td><td><input value='
$row[dk]' name='dk' maxlenght=5 size=5></td></tr> 
            <tr><td>Lebenspunkte Bonus:</td><td><input value='
{$bonus[lp]}' name='lp' maxlenght=5 size=5></td></tr> 
            <tr><td>Angriff Bonus:</td><td><input value='
{$bonus[atk]}' name='atk' maxlenght=5 size=5></td></tr> 
            <tr><td>Verteidigung Bonus:</td><td><input value='
{$bonus[def]}' name='def' maxlenght=5 size=5></td></tr> 
            <tr><td>Waldkampf Bonus:</td><td><input value='
{$bonus[wk]}' name='wk' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in den Dunkel Künsten:</td><td><input value='{$bonus[da]}' name='da' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in den Mytischen Kräften:</td><td><input value='{$bonus[mk]}' name='mk' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in den Diebeskünsten:</td><td><input value='{$bonus[tv]}' name='tv' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in den Heiligen Kräften:</td><td><input value='{$bonus[hk]}' name='hk' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in der Feuermagie:</td><td><input value='{$bonus[fw]}' name='fw' maxlenght=5 size=5></td></tr>" 
            
."<tr><td>Zusätzliche Anwendungen in der Chrono-Magie:</td><td><input value='{$bonus[cw]}' name='cw' maxlenght=5 size=5></td></tr>" 
      
."<tr><td colspan=2>" 
                               
."<input type='hidden' value='".$row['color'].$row['name']."' name='old' maxlenght=5 size=5>" 
                               
."<input class=bottom type='submit' value='Rasse speichern'></td></tr>" 
            
."</table>",true);    
            
                     
            
// print_r($row['buff']); 
      
addnav("","raceeditor.php?op=switch&race={$row['raceid']}"); 
      break; 
  } 

page_footer(); 
?>