query("SELECT U_NICK, U_RIGHT, U_SESS FROM $rcom_user WHERE U_SESS = '".session_id()."'") as $row) { $u_nick = $row[0]; $u_right = $row[1]; $u_sess = $row[2]; } if($u_right != 10) { header("Location: index.php"); }else{ $style_activate = @(int)$_GET["style_activate"]; $style_del = @(int)$_GET["style_del"]; $setprivate = @(int)$_GET["setprivate"]; $menudel = @(int)$_GET["menudel"]; $linkdel = @(int)$_GET["linkdel"]; $useredit = @strip_tags(htmlspecialchars(@$_GET["useredit"],ENT_QUOTES)); $passwortrest = @(int)$_GET["passwortrest"]; $iplock = @strip_tags(htmlspecialchars($_GET["iplock"],ENT_QUOTES)); if($style_activate != ''){ $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("UPDATE $rcom_style SET S_AKTIVE = '0' "); $dbh->query("UPDATE $rcom_style SET S_AKTIVE = '1' WHERE S_ID = $style_activate"); $dbh->query("OPTIMIZE TABLE $rcom_style"); $dbh = null; header("Location: acp_menu.php?style=true"); } if($style_del != ''){ $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("DELETE FROM $rcom_style WHERE S_ID = $style_del && S_AKTIVE = '0'"); $dbh->query("OPTIMIZE TABLE $rcom_style"); header("Location: acp_menu.php?style=true"); $dbh = null; } if($setprivate != ''){ $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); foreach($dbh->query("SELECT M_PRIVATE FROM $rcom_menu WHERE M_CAT = $setprivate") as $row) { $M_PRIVATE = $row[0]; } if($M_PRIVATE == '0'){ $dbh->query("UPDATE $rcom_menu SET M_PRIVATE = '1' WHERE M_CAT = $setprivate"); $dbh->query("UPDATE $rcom_blog SET B_PRIVATE = '1' WHERE B_CAT = $setprivate"); $dbh->query("OPTIMIZE TABLE $rcom_menu"); }else{ $dbh->query("UPDATE $rcom_menu SET M_PRIVATE = '0' WHERE M_CAT = $setprivate"); $dbh->query("UPDATE $rcom_blog SET B_PRIVATE = '0' WHERE B_CAT = $setprivate"); $dbh->query("OPTIMIZE TABLE $rcom_menu"); } $dbh = null; header("Location: acp_menu.php?style=true"); } if($menudel != ''){ $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("DELETE FROM $rcom_menu WHERE M_CAT = $menudel"); $dbh->query("OPTIMIZE TABLE $rcom_menu"); header("Location: acp_menu.php?style=true"); $dbh = null; } if($linkdel != ''){ $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("DELETE FROM $rcom_link WHERE L_ID = $linkdel"); $dbh->query("OPTIMIZE TABLE $rcom_link"); header("Location: acp_menu.php?style=true"); $dbh = null; } if($useredit != ''){ $F_COL = @strip_tags(htmlspecialchars(@$_POST["f_col"],ENT_QUOTES)); $F_HP = @strip_tags(htmlspecialchars(@$_POST["f_hp"],ENT_QUOTES)); $F_MAIL = @strip_tags(htmlspecialchars(@$_POST["f_mail"],ENT_QUOTES)); $F_RIGHT = (int)@$_POST["f_right"]; $F_LOGIN = (int)@$_POST["f_login"]; $F_LOCK = (int)@$_POST["f_lock"]; $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("UPDATE $rcom_user SET U_COL = '$F_COL', U_HP = '$F_HP', U_MAIL = '$F_MAIL', U_RIGHT = '$F_RIGHT', U_LOGIN = '$F_LOGIN', U_LOCK = '$F_LOCK' WHERE U_NICK = '$useredit'"); $dbh->query("UPDATE $rcom_comment SET C_COL = '$F_COL' WHERE C_NICK = '$useredit'"); $dbh->query("UPDATE $rcom_blog SET B_COL = '$F_COL' WHERE B_OWNER = '$useredit'"); $dbh->query("OPTIMIZE TABLE $rcom_user"); $dbh->query("OPTIMIZE TABLE $rcom_comment"); $dbh->query("OPTIMIZE TABLE $rcom_blog"); header("Location: acp_menu.php?useredit=true"); $dbh = null; } if($passwortrest != ''){ function buildPassword ( $intLength = 6 ){ $strUniqueID = uniqid ( mt_rand (), TRUE ); $strMD5Hash = md5 ( $strUniqueID ); return substr ( $strMD5Hash , 0 , $intLength ); } $GEN_PASS = buildPassword(); $hash = mhash (MHASH_SHA256, $GEN_PASS); $pass = bin2hex($hash); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->query("UPDATE $rcom_user SET U_PASS = '$pass' WHERE U_ID = $passwortrest"); $dbh->query("OPTIMIZE TABLE $rcom_user"); foreach($dbh->query("SELECT U_MAIL FROM $rcom_user WHERE U_ID = $passwortrest") as $row) { $MAIL = $row[0];} mail($MAIL, 'Passwort Reminder', 'Ihr neues Passwort lautet: '.$GEN_PASS); header("Location: acp_menu.php?useredit=true"); $dbh = null; } if($iplock != ''){ $IP_DATA = ''; $TID = @(int)$_GET["tid"]; $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); foreach($dbh->query("SELECT IP_DATA FROM $rcom_blacklist WHERE IP_DATA = '$iplock'") as $row) { $IP_DATA = $row[0]; } if($IP_DATA == ''){ $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->exec("INSERT INTO $rcom_blacklist (IP_ID, IP_DATA) values ('', '$iplock')"); $dbh->query("OPTIMIZE TABLE $rcom_blacklist"); $dbh = null; header("Location: index.php?topic=$TID"); }else{ header("Location: index.php?topic=$TID"); } } } ?>