access!=BANNED){ $this->updateProfile($post); }else{ header("Location: banned.php"); exit; } break; case "p3": if($session->access!=BANNED){ $this->updateAccount($post); }else{ header("Location: banned.php"); exit; } break; case "p4": // Vacation mode - by advocaite and Shadow if($session->access!=BANNED){ $this->setvactionmode($post); }else{ header("Location: banned.php"); exit; } break; } } if(isset($post['s'])) { switch($post['s']) { case "4": if($session->access!=BANNED){ $this->gpack($post); }else{ header("Location: banned.php"); exit; } break; } } } public function procSpecial($get) { global $session; if(isset($get['e'])) { switch($get['e']) { case 2: if($session->access!=BANNED){ $this->removeMeSit($get); }else{ header("Location: banned.php"); exit; } break; case 3: if($session->access!=BANNED){ $this->removeSitter($get); }else{ header("Location: banned.php"); exit; } break; case 4: if($session->access!=BANNED){ $this->cancelDeleting($get); }else{ header("Location: banned.php"); exit; } break; } } } private function updateProfile($post) { global $database, $session; $birthday = $post['jahr'].'-'.$post['monat'].'-'.$post['tag']; $database->submitProfile($session->uid,$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1'])); $varray = $database->getProfileVillages($session->uid); for($i=0;$i<=count($varray)-1;$i++) { $k = trim($post['dname'.$i]); $name = preg_replace("/[^a-zA-Z0-9_\-\s'\"]/", "", $k); $database->setVillageName($varray[$i]['wref'],$database->RemoveXSS($name)); } header("Location: spieler.php?uid=".$session->uid); exit; } private function gpack($post) { global $database, $session; $database->gpack($database->RemoveXSS($session->uid),$database->RemoveXSS($post['custom_url'])); header("Location: spieler.php?uid=".$session->uid); exit; } /******************************************************* Function to vacation mode - by advocaite and Shadow References: ********************************************************/ private function setvactionmode($post){ global $database,$session,$form; if(isset($post['vac']) && $post['vac'] && isset($post['vac_days']) && $post['vac_days'] >=2 && $post['vac_days'] <=14){ unset($_SESSION['wid']); $database->setvacmode($session->uid,$post['vac_days']); $database->activeModify(addslashes($session->username),1); $database->UpdateOnline("logout") or die(mysqli_error($database->dblink)); $session->Logout(); header("Location: login.php"); exit; }else{ header("Location: spieler.php?s=".$session->uid); $form->add("vac", VAC_MODE_WRONG_DAYS); exit(); } } /******************************************************* Function to vacation mode - by advocaite and Shadow References: ********************************************************/ private function updateAccount($post) { global $database,$session,$form; if(!empty($post['pw1']) && !empty($post['pw2']) && !empty($post['pw3'])){ if($post['pw2'] == $post['pw3']) { if($database->login($session->username,$post['pw1'])) { $database->updateUserField($session->uid,"password",password_hash($post['pw2'], PASSWORD_BCRYPT,['cost' => 12]),1); }else { $form->addError("pw",LOGIN_PW_ERROR); } }else { $form->addError("pw",PASS_MISMATCH); } } if(!empty($post['email_alt']) && !empty($post['email_neu'])){ if($post['email_alt'] == $session->userinfo['email']) { $database->updateUserField($session->uid,"email",$post['email_neu'],1); }else { $form->addError("email",EMAIL_ERROR); } } if(!empty($post['del_pw']) && $post['del']){ if(password_verify($post['del_pw'], $session->userinfo['password'])) { $database->setDeleting($session->uid,0); }else { $form->addError("del",PASS_MISMATCH); } } if(!empty($post['v1'])) { $sitid = $database->getUserField($post['v1'],"id",1); if($sitid == $session->userinfo['sit1'] || $sitid == $session->userinfo['sit2']) { $form->addError("sit",SIT_ERROR); }else if($sitid != $session->uid){ if($session->userinfo['sit1'] == 0) { $database->updateUserField($session->uid,"sit1",$sitid,1); }else if($session->userinfo['sit2'] == 0) { $database->updateUserField($session->uid,"sit2",$sitid,1); } } } if($form->returnErrors() > 0){ $_SESSION['errorarray'] = $form->getErrors(); $_SESSION['valuearray'] = $_POST; } header("Location: spieler.php?s=3"); exit; } private function removeSitter($get) { global $database,$session; if($get['a'] == $session->checker) { if($session->userinfo['sit'.$get['type']] == $get['id']) { $database->updateUserField($session->uid,"sit".$get['type'],0,1); } $session->changeChecker(); } header("Location: spieler.php?s=".$get['s']); exit; } private function cancelDeleting($get) { global $database,$session; $database->setDeleting($session->uid,1); header("Location: spieler.php?s=".$get['s']); exit; } private function removeMeSit($get) { global $database,$session; if($get['a'] == $session->checker) { $database->removeMeSit($get['id'],$session->uid); $session->changeChecker(); } header("Location: spieler.php?s=".$get['s']); exit; } }; $profile = new Profile; ?>