WEBSITE PROBLEM

<?php include('./inc/header.php'); ?>
<div class="main">
<img src="img/main_head.png" alt="" />
<div class="site">
<h1>Account Panel</h1><hr><br>
<?php
if(!isset($_GET['a']) || empty($_GET['a'])) $_GET['a'] = '';

if(isset($_SESSION['user'])) {
odbc_exec($mssql, 'USE [ACCOUNT_DBF]');
$accountselect = odbc_exec($mssql, 'SELECT * FROM [ACCOUNT_TBL] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\'');
$accountselect2 = odbc_exec($mssql, 'SELECT * FROM [ACCOUNT_TBL_DETAIL] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\'');
$account = odbc_fetch_array($accountselect);
$account2 = odbc_fetch_array($accountselect2);
odbc_exec($mssql, 'USE [CHARACTER_01_DBF]');
$charcount = odbc_exec($mssql, 'SELECT COUNT(*) AS count FROM [CHARACTER_TBL] WHERE account=\''.mssql_escape_string($account['account']).'\' AND isblock=\'F\'');
$characters = odbc_exec($mssql, 'SELECT * FROM [CHARACTER_TBL] WHERE account=\''.mssql_escape_string($account['account']).'\' AND isblock=\'F\'');
if($_GET['a'] == 'changemail') {
if(empty($_POST['chgmail_oldmail'])) $_POST['chgmail_oldmail'] = '';
if(empty($_POST['chgmail_newmail'])) $_POST['chgmail_newmail'] = '';
if(empty($_POST['chgmail_confirmmail'])) $_POST['chgmail_confirmmail'] = '';

odbc_exec($mssql, 'USE [ACCOUNT_DBF]');
$check1 = odbc_exec($mssql, 'SELECT COUNT(*) as count FROM [ACCOUNT_TBL_DETAIL] WHERE email=\''.mssql_escape_string($_POST['chgmail_newmail']).'\'');
$errors = array();
if(empty($_POST['chgmail_oldmail']) || empty($_POST['chgmail_newmail']) || empty($_POST['chgmail_confirmmail']))
$errors[] = 'Du musst alle Felder ausfüllen!';
if(!empty($_POST['chgmail_oldmail']) && $_POST['chgmail_oldmail'] != $account2['email'])
$errors[] = 'Deine alte E-Mail Adresse ist nicht korrekt!';
if(!empty($_POST['chgmail_newmail']) && odbc_result($check1, 'count') > 0)
$errors[] = 'Deine neue E-Mail Adresse existiert bereits!';
if(!empty($_POST['chgmail_newmail']) && !preg_match('/^[a-zA-Z0-9-_.]+@[a-zA-Z0-9-_.]+\.[a-zA-Z]{2,4}$/', $_POST['chgmail_newmail']))
$errors[] = 'Die neue E-Mail Adresse ist nicht valide!';
if((!empty($_POST['chgmail_newmail']) && !empty($_POST['chgmail_confirmmail'])) && $_POST['chgmail_newmail'] != $_POST['chgmail_confirmmail'])
$errors[] = 'Die Wiederholung der E-Mail Adresse stimmt nicht!';

if(isset($_POST['chgmail_submit'])) {
if(count($errors) > 0) {
echo '<div class="fail">';
foreach($errors as $error) {
echo $error.'<br/>';
}
echo '</div>';
} else {
if(odbc_exec($mssql, 'UPDATE [ACCOUNT_TBL_DETAIL] SET email=\''.mssql_escape_string($_POST['chgmail_newmail']).'\' WHERE account=\''.mssql_escape_string($account['account']).'\'')) {
echo '<div class="success">Deine E-Mail Adresse wurde erfolgreich geändert!</div>';
}
}
}
echo '<h3>E-Mail ändern</h3><br>';
echo '<form method="post">
<table>
<tr>
<td width="250px">Alte E-Mail Addresse:</td>
<td><input type="mail" name="chgmail_oldmail" />
</tr>
<tr>
<td>Neue E-Mail Addresse:</td>
<td><input type="mail" name="chgmail_newmail" />
</tr>
<tr>
<td>Neue E-Mail Addresse bestätigen:</td>
<td><input type="mail" name="chgmail_confirmmail" />
</tr>
<tr>
<td></td>
<td><input type="submit" class="button_80" name="chgmail_submit" value="Speichern" />
</tr>
</table>
</form>';
} else if($_GET['a'] == 'changepw') {
if(empty($_POST['chgmail_oldmail'])) $_POST['chgmail_oldmail'] = '';
if(empty($_POST['chgmail_newmail'])) $_POST['chgmail_newmail'] = '';
if(empty($_POST['chgmail_confirmmail'])) $_POST['chgmail_confirmmail'] = '';

odbc_exec($mssql, 'USE [ACCOUNT_DBF]');
$errors = array();
if(empty($_POST['chgpw_oldpw']) || empty($_POST['chgpw_newpw']) || empty($_POST['chgpw_confirmpw']))
$errors[] = 'Du musst alle Felder ausfüllen!';
if(!empty($_POST['chgpw_oldpw']) && md5($_CONFIG['pwdsalt'].$_POST['chgpw_oldpw']) != $account['password'])
$errors[] = 'Dein altes Passwort ist nicht korrekt!';
if(!empty($_POST['chgpw_newpw']) && (strlen($_POST['chgpw_newpw']) < 6 || strlen($_POST['chgpw_newpw']) > 12))
$errors[] = 'Dein Passwort muss 6 - 12 Zeichen enthalten!';
if((!empty($_POST['chgpw_newpw']) && !empty($_POST['chgpw_confirmpw'])) && $_POST['chgpw_newpw'] != $_POST['chgpw_confirmpw'])
$errors[] = 'Die Passwort Wiederholung stimmt nicht!';

if(isset($_POST['chgpw_submit'])) {
if(count($errors) > 0) {
echo '<div class="fail">';
foreach($errors as $error) {
echo $error.'<br/>';
}
echo '</div>';
} else {
if(odbc_exec($mssql, 'UPDATE [ACCOUNT_TBL] SET password=\''.mssql_escape_string(md5($_CONFIG['pwdsalt'].$_POST['chgpw_newpw'])).'\' WHERE account=\''.mssql_escape_string($account['account']).'\'')) {
echo '<div class="success">Dein Passwort wurde erfolgreich geändert!</div>';
}
}
}
echo '<h3>Passwort ändern</h3><br>';
echo '<form method="post">
<table>
<tr>
<td width="230px">Altes Passwort:</td>
<td><input type="password" name="chgpw_oldpw" />
</tr>
<tr>
<td>Neues Passwort:</td>
<td><input type="password" name="chgpw_newpw" />
</tr>
<tr>
<td>Neues Passwort bestätigen:</td>
<td><input type="password" name="chgpw_confirmpw" />
</tr>
<tr>
<td></td>
<td><input type="submit" class="button_80" name="chgpw_submit" value="Speichern" />
</tr>
</table>
</form>';
} else if ($_GET['a'] == 'guildrejoin') {
if(isset($_POST['guildrejoin_submit'])) {
odbc_exec($mssql, 'USE [CHARACTER_01_DBF]');
$check = odbc_exec($mssql, 'SELECT COUNT(*) AS count FROM [CHARACTER_TBl] WHERE m_szName=\''.mssql_escape_string($_POST['guildrejoin_char']).'\' AND account=\''.mssql_escape_string($_SESSION['user']).'\'');
if(odbc_result($check, 'count') > 0) {
if(odbc_exec($mssql, 'UPDATE [CHARACTER_TBL] SET m_tGuildMember=\'20080808000000\' WHERE m_szName=\''.mssql_escape_string($_POST['guildrejoin_char']).'\'')) {
echo '<div class="success">Deine Gilden Rejoin Zeit wurde erfolgreich zurückgesetzt!</div>';
}
} else {
echo '<div class="fail">Deine Gilden Rejoin Zeit konnte nicht zurückgesetzt werden!</div>';
}
}
echo '<h3>Gilden Rejoin Zeit</h3><br>';
echo '<form method="post">
<table>
<tr>
<td width="120px">Character:</td>
<td><input type="text" name="guildrejoin_char" />
</tr>
<tr>
<td></td>
<td><input type="submit" class="button_70" name="guildrejoin_submit" value="Reset" />
</tr>
</table>
</form>';
} else if($_GET['a'] == 'donationlogs') {
odbc_exec($mssql, 'USE [WEBSITE_DBF]');
$count = odbc_exec($mssql, 'SELECT COUNT(*) AS count FROM [web_psclogs] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\'');
$psclogs = odbc_exec($mssql, 'SELECT * FROM [web_psclogs] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\' ORDER BY datetime DESC');
echo '<h3>Donation Logs</h3><br>';
if(odbc_result($count, 'count') > 0) {
echo '<table style="width: 100%; text-align: center;">
<tr style="font-weight: bold;">
<td id="key">ID</td>
<td id="key">Account</td>
<td id="key">Wert</td>
<td id="key">Typ</td>
<td id="key">Datum</td>
<td id="key">Zeit</td>
</tr>';
while($paysafe = odbc_fetch_array($psclogs)) {
echo '<tr>
<td>'.$paysafe['pscid'].'</td>
<td>'.$paysafe['account'].'</td>
<td>'.$paysafe['worth'].' &euro;</td>
<td>PaySafeCard</td>
<td>'.date('d.m.Y', strtotime($paysafe['datetime'])).'</td>
<td>'.date('H:i', strtotime($paysafe['datetime'])).'</td>
</tr>';
}
echo '</table>';
} else {
echo '<div class="fail">Du hast noch nicht gespendet.</div>';
}
} else if($_GET['a'] == 'buylogs') {
odbc_exec($mssql, 'USE [WEBSITE_DBF]');
$count = odbc_exec($mssql, 'SELECT COUNT(*) as count FROM [web_buylogs] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\'');
$buyinglogs = odbc_exec($mssql, 'SELECT * FROM [web_buylogs] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\' ORDER BY datetime DESC');
echo '<h3>Kauflogs</h3><br>';
if(odbc_result($count, 'count') > 0) {
echo '<table style="width: 100%; text-align: center;">
<tr>
<td id="key">ID</td>
<td id="key">Item</td>
<td id="key">Anzahl</td>
<td id="key">Datum</td>
<td id="key">Zeit</td>
</tr>';
while($buying = odbc_fetch_array($buyinglogs)) {
$mall = odbc_exec($mssql, 'SELECT * FROM [web_mall] WHERE mid=\''.mssql_escape_string($buying['item']).'\'');
$item = odbc_fetch_array($mall);
echo '<tr>
<td>'.$buying['bid'].'</td>
<td>'.$item['name'].'</td>
<td>'.$item['count'].'</td>
<td>'.date('d.m.Y', strtotime($buying['datetime'])).'</td>
<td>'.date('H:i', strtotime($buying['datetime'])).'</td>
</tr>';
}
echo '</table>';
} else {
echo '<div class="fail">Du hast bisher noch nix gekauft.</div>';
}
} else if($_GET['a'] == 'giftlogs') {
odbc_exec($mssql, 'USE [WEBSITE_DBF]');
$count = odbc_exec($mssql, 'SELECT COUNT(*) as count FROM [web_giftlogs] WHERE accfrom=\''.mssql_escape_string($_SESSION['user']).'\'');
$giftinglogs = odbc_exec($mssql, 'SELECT * FROM [web_giftlogs] WHERE accfrom=\''.mssql_escape_string($_SESSION['user']).'\' ORDER BY datetime DESC');
echo '<h3>Verschenkelogs</h3><br>';
if(odbc_result($count, 'count') > 0) {
echo '<table style="width: 100%; text-align: center;">
<tr>
<td id="key">ID</td>
<td id="key">Item</td>
<td id="key">Anzahl</td>
<td id="key">Account (Zu)</td>
<td id="key">Character (Zu)</td>
<td id="key">Datum / Zeit</td>
</tr>';
while($gifting = odbc_fetch_array($giftinglogs)) {
$mall = odbc_exec($mssql, 'SELECT * FROM [web_mall] WHERE mid=\''.mssql_escape_string($gifting['item']).'\'');
$item = odbc_fetch_array($mall);
echo '<tr>
<td>'.$gifting['giftid'].'</td>
<td>'.$item['name'].'</td>
<td>'.$item['count'].'</td>
<td>'.$gifting['accto'].'</td>
<td>'.$gifting['charto'].'</td>
<td>'.date('d.m.Y H:i', strtotime($gifting['datetime'])).'</td>
</tr>';
}
echo '</table>';
} else {
echo '<div class="fail">Du Geier hast noch nix verschenkt, schäm dich.</div>';
}

} else if(isset($_GET['logout'])) {
session_destroy();
echo '<div class="success">Du wurdest erfolgreich ausgeloggt!</div>';
echo '<script type="text/javascript">location.href="index.php";</script>';
} else {
$status = 'Freigeschaltet';
if($account2['BlockTime'] > date('d.m.Y')) {
$status = 'Gebannt ('.substr($account2['BlockTime'],0,4).'-'.substr($account2['BlockTime'],5,6).'-'.substr($account2['BlockTime'],6,7).')';
}
echo '<div style="float: left; margin-right: 30px;">';
echo ' <table width="100%" cellpadding="0" cellspacing="0" align="left"><tr>
<tr><th><u>Account Informationen:</u></th></tr>
<tr>
<td id="key">Account-ID:</td>
<td id="value">'.$account['account'].'</td>
</tr>
<tr>
<td id="key">Status:</td>
<td id="value">'.$status.'</td>
</tr>
<tr>
<td id="key">Gruppe:</td>
<td id="value">'.authgroup($account2['m_chLoginAuthority']).'</td>
</tr>
<tr>
<td id="key">E-Mail:</td>
<td id="value">'.$account2['email'].'</td>
</tr>
<tr>
<td id="key">Donatepunkte:</td>
<td id="value">'.$account['cash'].' <a href="donate.php"><img src="./img/dpadd.png" /></a></td>
</tr>
</table></div>';
echo '
<div style="float:left;">
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td><b><u>Account Optionen:</u></b></td>
</tr>
<tr>
<td>
&bull; <a href="account.php?a=changemail">E-Mail Addresse ändern</a><br>
&bull; <a href="account.php?a=changepw">Passwort ändern</a><br>
&bull; <a href="account.php?a=guildrejoin">Gilden Rejoin zurücksetzen</a><br>
</td>
</tr>
</table>
</div>
<div style="float:left; padding-left:30px;">
<table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td><b><u>Account Logs:</u></b></td>
</tr>
<tr>
<td>
&bull; <a href="account.php?a=donationlogs">Spendenlogs</a><br>
&bull; <a href="account.php?a=buylogs">Kauflogs</a><br>
&bull; <a href="account.php?a=giftlogs">Verschenklogs</a><br>
</td>
</tr>
</table>
</div>';
if(authgroup($account2['m_chLoginAuthority']) == 'GameMaster') {
echo '<div style="float: left;"><h2>GameMaster Optionen:</h2>';
echo '<ul>
<li>-</li>
</ul></div>';
}
echo '<br style="clear: both;" /><br/><br/><br/>';
if(odbc_result($charcount, 'count') > 0) {
while($char = odbc_fetch_array($characters)) {
switch($char['m_dwSex']) {
case 0: $sex = 'male'; break;
case 1: $sex = 'female'; break;
default: $sex = 'male'; break;
}
$guildquery = odbc_exec($mssql, 'SELECT m_idGuild FROM [GUILD_MEMBER_TBL] WHERE m_idPlayer = \''.mssql_escape_string($char['m_idPlayer']).'\'');
$guildname = odbc_exec($mssql, 'SELECT m_szGuild FROM [GUILD_TBL] WHERE m_idGuild = \''.mssql_escape_string(odbc_result($guildquery, 'm_idGuild')).'\'');
echo '<table style="border: 1px solid #785e21; padding: 5px; width: 100%;">
<tr>
<td id="key">Name</td>
<td id="value" style="width: 150px;">'.$char['m_szName'].'</td>
<td id="key">STR</td>
<td id="value" style="width: 150px;">'.$char['m_nStr'].'</td>
<td id="key">Penya</td>
<td id="value">'.$char['m_dwGold'].'</td>
</tr>
<tr>
<td id="key">Sex</td>
<td id="value"><img src="./img/'.$sex.'.png" /></td>
<td id="key">STA</td>
<td id="value">'.$char['m_nSta'].'</td>
<td id="key">Gilde</td>
<td id="value">'.odbc_result($guildname, 'm_szGuild').'</td>
</tr>
<tr>
<td id="key">Klasse</td>
<td id="value">'.getjob($char['m_nJob'],$char['m_nLevel']).'</td>
<td id="key">DEX</td>
<td id="value">'.$char['m_nDex'].'</td>
<td id="key"></td>
<td id="value"></td>
</tr>
<tr>
<td id="key">Level</td>
<td id="value">'.$char['m_nLevel'].'</td>
<td id="key">INT</td>
<td id="value">'.$char['m_nInt'].'</td>
<td id="key"></td>
<td id="value"></td>
</tr>
</table><br />';
}
} else {
echo '';
}
}
} else {
if(isset($_POST['login_submit'])) {
odbc_exec($mssql, 'USE [ACCOUNT_DBF]');
$check = odbc_exec($mssql, 'SELECT COUNT(*) as count FROM [ACCOUNT_TBL] WHERE account=\''.mssql_escape_string($_POST['login_username']).'\'');
if(odbc_result($check, 'count') > 0) {
$password = odbc_exec($mssql, 'SELECT password FROM [ACCOUNT_TBL] WHERE account=\''.mssql_escape_string($_POST['login_username']).'\'');
if(odbc_result($password, 'password') == md5($_CONFIG['pwdsalt'].$_POST['login_password'])) {
$_SESSION['user'] = $_POST['login_username'];
echo '<div class="success">Du wurdest erfolgreich eingeloggt!</div>';
echo '<script type="text/javascript">location.href="account.php";</script>';
} else {
echo '<div class="fail">Dein Passwort ist nicht korrekt!</div>';
}
} else {
echo '<div class="fail">Dieser Account existiert nicht!</div>';
}
}
}
?>
</div>
<img src="img/main_foot.png" alt="" />
</div>
<?php include('./inc/footer.php'); ?>

<h2></h2><center>
<?php
if(isset($_SESSION['user'])) {
odbc_exec($mssql, 'USE [ACCOUNT_DBF]');
$cash = odbc_exec($mssql, 'SELECT cash FROM [ACCOUNT_TBL] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\'');
$auth = odbc_exec($mssql, 'SELECT m_chLoginAuthority FROM [ACCOUNT_TBL_DETAIL] WHERE account=\''.mssql_escape_string($_SESSION['user']).'\'');
echo 'Willkommen, <b>'.$_SESSION['user'].'</b>.<br />';
echo 'Donatepunkte: <span id="accpanel_dpcount">'.odbc_result($cash, 'cash').'</span><br><br>';
echo '- <a href="account.php">Account Verwaltung</a> -<br><br>';
echo '- <a href="rules.php">Server Regeln</a> -<br>';
echo '- <a href="staff.php">Teamübersicht</a> -<br><br>';

if(authgroup(odbc_result($auth, 'm_chLoginAuthority')) == 'Administrator') {
echo '- <a href="./acp_panel">Administration</a> -<br/><br/>';
}
echo '<hr><center><a href="account.php?logout" class="nound"><button class="button_80">Logout</button></a></center>';
} else {
?>

<form action="account.php" method="post">
<table>
<tr>
<input name="login_username" type="account" class="login_panel" maxlength="16" onfocus="if (this.value == 'Accountname') {this.value= '';}" onblur="if (this.value == ''){this.value = 'Accountname';}" value="Accountname" /><br />
<input name="login_password" type="password" class="login_panel" maxlength="30" /><br />
</tr>
<tr>
<td> <br><input type="submit" class="button_80" name="login_submit" value="Anmelden" /></td>
</tr>
</table>
</form>
</center>
<?php
}
?>
<div class="panel_bottom"></div>