0) { if ($row_user['nAuthID'] < 7) { $datenrichtig = false; $_SESSION['user_eingeloggt'] = false; $_SESSION['error'] = "NO ACCESS!!!"; } else { $datenrichtig = true; $_SESSION['username'] = $row_user["sUserID"]; $_SESSION['userpass'] = $row_user["sUserPW"]; $_SESSION['last_besuch'] = time(); $_SESSION['admin_eingeloggt'] = true; $_SESSION['level'] = $row_user['nAuthID']; $_SESSION['since'] = $row_user["dDate"]; $_SESSION['userno'] = $row_user["nUserNo"]; writelog($_SESSION["username"],"logged in"); header ("Location: index.php"); } } else { $datenrichtig = false; $_SESSION['admin_eingeloggt'] = false; $_SESSION['error'] = "User not Found!!!"; header ("Location: index.php"); } if ($datenrichtig == true) { setcookie("username", "".$_SESSION['username']."", time()+(3600*24*365)); setcookie("userpass", "".$_SESSION['userpass']."", time()+(3600*24*365)); header ("Location: index.php"); } else { $_SESSION['error'] = "User not Found!!!"; header ("Location: index.php"); } } if ($_GET['action'] == 'logout') { writelog($_SESSION['username'],"logged out"); $_SESSION = array(); setcookie("username","",0); setcookie("userpass","",0); setcookie("last_besuch","",0); setcookie("level","",0); header ("Location: index.php"); } if ($_GET['action'] == 'addnews') { $datum = time(); $newstext = htmlspecialchars($_POST['newstext']); $newstext = nl2br($newstext); $newnews = mysql_query("INSERT INTO global_news (id, newstopic, newstext, newsposter, newsdate) VALUES ('', '".$_POST['newstopic']."', '".$newstext."', '".$_POST['newsposter']."', '".$datum."')"); $_SESSION['done'] = "News posted!!!"; writelog($_SESSION["username"],"posted News"); header ("Location: index.php?show=menu_main&content=add_news"); } if ($_GET['action'] == 'enhance') { if (isset($_POST['enhancestep2'])) { $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $get_char = mssql_query("SELECT * FROM tCharacter WHERE (sID = '".$_POST['searchchar']."')"); if (mssql_num_rows($get_char) < 1) { $_SESSION['enhancemsg'] = "User not found!!!!"; $_SESSION['enhance'] = '5'; header ("Location: index.php?show=user_menu&content=enhancement"); } else { $row_char = mssql_fetch_array($get_char); $_SESSION['enhancechars'] = array(); $_SESSION['enhanceids'] = array(); $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $get_chars = mssql_query("SELECT * FROM tCharacter WHERE nUserNo = '".$row_char['nUserNo']."' ORDER BY sID DESC"); while($row_chars = mssql_fetch_array($get_chars)) { $_SESSION['enhancechars'][] = $row_chars['nCharNo']; $_SESSION['enhanceids'][] = $row_chars['sID']; } $_SESSION['enhance'] = 2; $_SESSION['enhancechar'] = $row_char['sID']; $_SESSION['enhancecharid'] = $row_char['nCharNo']; header ("Location: index.php?show=user_menu&content=enhancement"); } } if (isset($_POST['enhancestep3'])) { $_SESSION['enhancekey'] = array(); $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $get_key = mssql_query("SELECT nItemKey FROM tItem WHERE (nOwner = '".$_POST['characterid']."') AND (nItemID = '".$_POST['itemid']."')"); if (mssql_num_rows($get_key) < 1) { $_SESSION['enhancemsg'] = "Item not found!!!!"; $_SESSION['enhance'] = '5'; header ("Location: index.php?show=user_menu&content=enhancement"); } else { while($row_key = mssql_fetch_array($get_key)) { $_SESSION['enhancekey'][] = $row_key['nItemKey']; } $_SESSION['enhance'] = 3; header ("Location: index.php?show=user_menu&content=enhancement"); } } if (isset($_POST['enhanceitem'])) { if ($_POST['itemkey'] == '') { $_SESSION['enhance'] = '5'; $_SESSION['enhancemsg'] = "No Item found!!!"; header ("Location: index.php?show=user_menu&content=enhancement"); } else { $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $writeindb = mssql_query("UPDATE tItemOptions SET nOptionData = '".$_POST['itemlevel']."' WHERE (nItemkey = '".$_POST['itemkey']."') AND (nOptionType = '500')"); $writeindb = mssql_query("UPDATE tItemOptions SET nOptionData = '".$_POST['itemlevel']."' WHERE (nItemkey = '".$_POST['itemkey']."') AND (nOptionType = '600')"); $writeindb = mssql_query("UPDATE tItemOptions SET nOptionData = '".$_POST['itemlevel']."' WHERE (nItemkey = '".$_POST['itemkey']."') AND (nOptionType = '700')"); $writeindb = mssql_query("UPDATE tItemOptions SET nOptionData = '".$_POST['itemlevel']."' WHERE (nItemkey = '".$_POST['itemkey']."') AND (nOptionType = '800')"); writelog($_SESSION["username"],"enhanched an Item"); $_SESSION['enhance'] = 4; $_SESSION['enhancemsg'] = "Item Successfully enchanched"; header ("Location: index.php?show=user_menu&content=enhancement"); } } } if ($_GET['action'] == 'delnews') { foreach($_POST['deletenews'] as $var) { $where .= "'".$var."',"; } $ausgabe = substr($where,0,-1); $sql = "DELETE FROM global_news WHERE id IN (".$ausgabe.")"; $result = mysql_query($sql) or die(mysql_error()); $_SESSION['delmsg'] = "marked News successfully deleted!!!"; writelog($_SESSION["username"],"deleted News"); header ("Location: index.php?show=menu_main&content=del_news"); } if ($_GET['action'] == 'changeshopitem') { $writeindb = mysql_query("UPDATE global_shop SET itemshopname = '".$_POST['itemshopname']."', price = '".$_POST['newprice']."', categorie = '".$_POST['category']."', isSell = '".$_POST['issell']."' WHERE itemid ='".$_POST['shopid']."' LIMIT 1"); $_SESSION['done'] = "Item updated!!!"; if ($_POST['issell'] == 1) { writelog($_SESSION["username"],"added item to CS"); } else { writelog($_SESSION["username"],"removed item from CS"); } header ("Location: index.php?show=cashshop_menu&content=add_cashshop"); } if ($_GET['action'] == 'editchar') { if (isset($_POST['editcharstep2'])) { $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $get_char = mssql_query("SELECT * FROM tCharacter WHERE (sID = '".$_POST['searchchar']."')"); if (mssql_num_rows($get_char) < 1) { $_SESSION['edit_msg'] = "User not Found !!!"; $_SESSION['editcharstep'] = 3; header ("Location: index.php?show=user_menu&content=edit_char"); } else { $row_char = mssql_fetch_array($get_char); $_SESSION['editcharstep'] = 2; $_SESSION['edit_char'] = $row_char['sID']; header ("Location: index.php?show=user_menu&content=edit_char"); } } if (isset($_POST['editchardone'])) { /* _POST['char_hp'] 46 _POST['char_sp'] 32 _POST['char_exp'] 200 _POST['char_money'] 0 */ $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $writeindb = mssql_query("UPDATE tCharacter SET sID = '".$_POST['charname']."', nLevel = '".$_POST['charlevel']."', nFame = '".$_POST['char_fame']."', nStrength = '".$_POST['char_str']."', nConstitute = '".$_POST['char_end']."', nDexterity = '".$_POST['char_dex']."', nIntelligence = '".$_POST['char_int']."', nMentalPower = '".$_POST['char_spr']."', nHP = '".$_POST['char_hp']."', nSP = '".$_POST['char_sp']."', nExp = '".$_POST['char_exp']."', nMoney = '".$_POST['char_money']."' WHERE sID = '".$_POST['char_old']."'"); $_SESSION['editcharstep'] = 3; $_SESSION['edit_msg'] = "Character Profile updated!!!"; writelog($_SESSION["username"],"edited an Character"); header ("Location: index.php?show=user_menu&content=edit_char"); } } if ($_GET['action'] == 'warpchar') { $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $get_user = mssql_query("SELECT * FROM tCharacter WHERE sID = '".$_POST['warpchar']."'"); $get_coords = mysql_query("SELECT * FROM global_warp WHERE Warpname = '".$_POST['warpmap']."'"); $row_coords = mysql_fetch_array($get_coords); $row_user = mssql_fetch_array($get_user); $oldzone = $row_user['sLoginZone']; $regenX = $row_coords['RegenX']; $regenY = $row_coords['RegenY']; if (mssql_num_rows($get_user) < 1) { $_SESSION['msg'] = "User not Found !!!"; // ERROR header ("Location: index.php?show=user_menu&content=fix_char"); } else { $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $writeindb = mssql_query("UPDATE tCharacter SET sLoginZone = '".$_POST['warpmap']."', nLoginZoneX = '".$regenX."', nLoginZoneY = '".$regenY."' WHERE sID = '".$_POST['warpchar']."'"); $_SESSION['msg'] = "Character successfully warped from ".$oldzone." to ".$row_coords['Mapname']."!!!"; writelog($_SESSION["username"],"warped an Character"); header ("Location: index.php?show=user_menu&content=fix_char"); } } if ($_GET['action'] == 'classchange') { $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $get_user = mssql_query("SELECT nCharNo FROM tCharacter WHERE sID = '".$_POST['classchangeuser']."'"); if (mssql_num_rows($get_user) < 1) { $_SESSION['msg'] = "User not Found !!!"; // ERROR header ("Location: index.php?show=user_menu&content=fix_char"); } else { $row_user = mssql_fetch_array($get_user); $writeindb = mssql_query("UPDATE tCharacterShape SET nClass = '".$_POST['classchangeclass']."' WHERE nCharNo = '".$row_user['nCharNo']."'"); $_SESSION['msg'] = "Classchange successfully on ".$_POST['classchangeuser']."!!!"; writelog($_SESSION["username"],"changed Userclass"); header ("Location: index.php?show=user_menu&content=fix_char"); } //phpinfo(INFO_VARIABLES); } if ($_GET['action'] == 'divorce') { $selected = mssql_select_db('World00_Character', $mssqlhandle) or die ("Couldn't open database Account"); $get_user = mssql_query("SELECT FROM tMarriage WHERE nCharNo = '".$_POST['divorceuser']."' OR nPartnerCharNo = '".$_POST['divorceuser']."'"); if (mssql_num_rows($get_user) < 1) { $_SESSION['msg'] = "User not Found or not Married yet!!!"; // ERROR header ("Location: index.php?show=user_menu&content=fix_char"); } else { $get_user = mssql_query("DELETE FROM tMarriage WHERE nCharNo = '".$_POST['divorceuser']."' OR nPartnerCharNo = '".$_POST['divorceuser']."'"); $_SESSION['msg'] = "".$_POST['divorceuser']." successfully divorced!!!"; writelog($_SESSION["username"],"divorced an User"); header ("Location: index.php?show=user_menu&content=fix_char"); } } ?>