removeLinks($delId, $session->uid); header("Location: spieler.php?s=2"); exit; } // ========================= // LEGACY EARLY EXIT // ========================= if (isset($_POST['ft']) && $_POST['ft'] == 'p3') { return; } // ========================= // SAVE / UPDATE LINKS // ========================= if ( isset($_POST['nr0']) || isset($_POST['id0']) || isset($_POST['linkname0']) || isset($_POST['linkziel0']) ) { $links = []; // ========================= // PARSE POST DATA // ========================= foreach ($_POST as $key => $value) { $value = trim($value); // position field if (strpos($key, 'nr') === 0) { $i = substr($key, 2); $links[$i]['nr'] = (int)$value; } // id field if (strpos($key, 'id') === 0) { $i = substr($key, 2); $links[$i]['id'] = (int)$value; } // link name (escaped for SQL safety) if (strpos($key, 'linkname') === 0) { $i = substr($key, 8); $links[$i]['linkname'] = mysqli_real_escape_string($database->dblink, $value); } // link url (escaped for SQL safety) if (strpos($key, 'linkziel') === 0) { $i = substr($key, 8); $links[$i]['linkziel'] = mysqli_real_escape_string($database->dblink, $value); } } // ========================= // PROCESS LINKS (ADD / UPDATE / DELETE) // ========================= foreach ($links as $link) { $nr = isset($link['nr']) ? (int)$link['nr'] : 0; $id = isset($link['id']) ? (int)$link['id'] : 0; $name = isset($link['linkname']) ? trim($link['linkname']) : ''; $url = isset($link['linkziel']) ? trim($link['linkziel']) : ''; // ========================= // ADD NEW LINK // ========================= if ($nr !== 0 && $name !== '' && $url !== '' && $id === 0) { $userid = (int)$session->uid; mysqli_query( $database->dblink, "INSERT INTO `" . TB_PREFIX . "links` (`userid`, `name`, `url`, `pos`) VALUES ($userid, '$name', '$url', $nr)" ); // ========================= // UPDATE EXISTING LINK // ========================= } elseif ($nr !== 0 && $name !== '' && $url !== '' && $id > 0) { $id = (int)$id; $query = mysqli_query( $database->dblink, "SELECT userid FROM `" . TB_PREFIX . "links` WHERE id = $id" ); $data = mysqli_fetch_assoc($query); // ownership check if ($data && (int)$data['userid'] === (int)$session->uid) { mysqli_query( $database->dblink, "UPDATE `" . TB_PREFIX . "links` SET name='$name', url='$url', pos=$nr WHERE id=$id" ); } // ========================= // DELETE EMPTY ENTRY // ========================= } elseif ($nr === 0 && $name === '' && $url === '' && $id > 0) { $id = (int)$id; $query = mysqli_query( $database->dblink, "SELECT userid FROM `" . TB_PREFIX . "links` WHERE id = $id" ); $data = mysqli_fetch_assoc($query); // ownership check if ($data && (int)$data['userid'] === (int)$session->uid) { mysqli_query( $database->dblink, "DELETE FROM `" . TB_PREFIX . "links` WHERE id = $id" ); } } } // legacy refresh behavior echo ''; } // ========================= // LOAD LINKS // ========================= $query = mysqli_query( $database->dblink, "SELECT * FROM `" . TB_PREFIX . "links` WHERE userid = " . (int)$session->uid . " ORDER BY pos ASC" ) or die(mysqli_error($database->dblink)); $links = []; while ($data = mysqli_fetch_assoc($query)) { $links[] = $data; } // ========================= // USER SETTINGS SAVE // ========================= if (isset($_POST['v1']) || isset($_POST['v2']) || isset($_POST['timezone']) || isset($_POST['lang'])) { $v1 = isset($_POST['v1']) ? 1 : 0; $v2 = isset($_POST['v2']) ? 1 : 0; $v3 = isset($_POST['v3']) ? 1 : 0; $map = isset($_POST['map']) ? 1 : 0; $v4 = isset($_POST['v4']) ? 1 : 0; $v5 = isset($_POST['v5']) ? 1 : 0; $v6 = isset($_POST['v6']) ? 1 : 0; $timezone = isset($_POST['timezone']) ? (int)$_POST['timezone'] : 1; $tformat = isset($_POST['tformat']) ? (int)$_POST['tformat'] : 0; // ========================= // LANGUAGE // ========================= $lang = LANG; if(isset($_POST['lang'])) { $allowedLangs = ['en','fr','it','ro','zh']; $selectedLang = strtolower(trim($_POST['lang'])); if(in_array($selectedLang, $allowedLangs)) { $lang = $selectedLang; } } // update user preferences $database->query(" UPDATE " . TB_PREFIX . "users SET v1=$v1, v2=$v2, v3=$v3, map=$map, v4=$v4, v5=$v5, v6=$v6, timezone=$timezone, tformat=$tformat, lang='$lang' WHERE id=" . (int)$session->uid . " "); // schimbare instant în sesiune $_SESSION['lang'] = $lang; header("Location: spieler.php?s=2"); exit; } ?>