static function Init()
{
if (User::login_check(Query::$mysqli) == true) {
$u = Query::query('SELECT * FROM Players WHERE PlayerID=' . $_SESSION['user_id'])->fetch_assoc();
User::Set('id', $u['PlayerID']);
User::Set('AvatarType', $u['AvatarType']);
User::Set('Username', $u['Username']);
}
}
public function main()
{
//loadLanguageFile('play');
include '../lang/English.php';
include '../lang/sk/play.php';
/*if (isset($_GET['name'])) {
$seo_url = mysql_secure($_GET['name']);
$result = $mysqli->query('SELECT * FROM tbl_games WHERE seo_url ='.$seo_url);// AND published=1
} else {
$result = $mysqli->query('SELECT * FROM tbl_games WHERE game_id ='.$id);// AND published=1
}*/
$result = Query::query('SELECT * FROM Games WHERE GameID =' . $this->request[0]);
// AND published=1
$game_exists = $result->num_rows;
if ($game_exists != 0) {
if (isset($_COOKIE['ava_username'])) {
$show = 1;
}
} else {
// Game not found
header("HTTP/1.0 404 Not Found");
include 'includes/misc/404.php';
exit;
}
Query::query('UPDATE Games SET Plays = Plays+1 WHERE GameID = ' . $this->request[0]);
Query::query('UPDATE Games SET PlaysM = PlaysM+1 WHERE GameID = ' . $this->request[0]);
Query::query('UPDATE Games SET PlaysW = PlaysW+1 WHERE GameID = ' . $this->request[0]);
$row2 = $result->fetch_assoc();
$id = $row2['GameID'];
//$game = $row2;
$this->set('id', $row2['GameID']);
$this->set('site_url', Settings::Get('site_url'));
$this->set('game_id', $row2['GameID']);
$this->set('plays', $row2['Plays']);
$this->set('content', $row2['Content']);
$this->set('scores', $row2['Scores']);
$this->set('width', $row2['Width']);
$this->set('height', $row2['Height']);
$this->set('type', $row2['Type']);
$this->set('title', $row2['Title']);
$this->set('name', Utils::getTranslation($row2['Key'], "TITLE", $row2['Title']));
$this->set('description', Utils::getTranslation($row2['Key'], "DESC", $row2['Desc']));
$this->set('instruction', Utils::getTranslation($row2['Key'], "INSTR", $row2['Instr']));
if ($row2['Type'] == 'swf' && Settings::Get('fullscreen_mode') == 1) {
$this->set('full_screen_url', '<a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ResizeFlash(' . $row2['Height'] . ', ' . $row2['Width'] . '); return false"><img src="/boxarcade/img/tool_fullscreen.jpg"/></a>');
} else {
$this->set('full_screen_url', '<a href="' . Settings::Get('site_url') . '/full_screen.php?id=' . $id . '"><img src="/boxarcade/img/tool_fullscreen.jpg"/></a>');
}
//if ($user['login_status'] != 0) {
if (1 == 0) {
$this->set('rating', round(Query::query('SELECT rating FROM tbl_games WHERE game_id = ' . $id)->fetch_row()[0]));
$this->set('user_rated', Query::query('SELECT COUNT(*) as Num FROM tbl_votes WHERE user_id=' . $user['id'] . ' AND game_id=' . $id)->fetch_row()[0]);
} else {
$this->set('rating', 0);
$this->set('user_rated', 0);
}
$row_cat = Query::query('SELECT catName FROM tbl_game_categories WHERE catID=' . $row2['CatID'])->fetch_assoc();
$this->set('catID', $row2['CatID']);
$this->set('category', $row_cat['catName']);
$this->set('date_added', Utils::FormatDate($row2['DateAdded'], 'date'));
$this->set('image_url', Utils::GameImageUrl(Utils::TitleToFile($row2['Title']) . "." . $row2['Type'], 1, Utils::TitleToFile($row2['Title'])));
// Favorite game button
$this->set('login_status', 1);
//if ($user['login_status'] == 1) {
//if(1==0) {
if (User::login_check(Query::$mysqli) == true) {
$user_id = $_SESSION['user_id'];
$user_fav_yet = Query::query('SELECT COUNT(user_id) FROM favorites WHERE user_id=' . $user_id . ' AND game_id=' . $id)->fetch_row()[0];
if ($user_fav_yet >= 1) {
$this->set('fav_game', '<a id="favo" href="' . $_SERVER['REQUEST_URI'] . '#" onclick="EditFav(' . $row2['GameID'] . ', 1,\'' . Settings::Get('site_url') . '\', \'<img src="/boxarcade/img/tool-unfavorite.jpg" />\', \'<img src="/boxarcade/img/tool-favorite.jpg" />\', ' . $user_id . ' ); return false"><img src="/boxarcade/img/tool-unfavorite.jpg"/></a>');
} else {
$this->set('fav_game', '<a id="favo" href="' . $_SERVER['REQUEST_URI'] . '#" onclick="EditFav(' . $row2['GameID'] . ', 0,\'' . Settings::Get('site_url') . '\', \'<img src="/boxarcade/img/tool-unfavorite.jpg" />\', \'<img src="/boxarcade/img/tool-favorite.jpg" />\', ' . $user_id . ' ); return false"><img src="/boxarcade/img/tool-favorite.jpg"/></a>');
}
} else {
$this->set('fav_game', '<a href="' . Settings::Get('site_url') . '/index.php?task=login"><img src="/boxarcade/img/tool-favorite.jpg"/></a>');
}
// Report game button
if (Settings::Get('report_permissions') == "1" || Settings::Get('report_permissions') == "2") {
//&& $user['login_status'] == 1) {
$this->set('report_game', '<a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ShowPopup(\'ava-popup\', \'' . Settings::Get('site_url') . '/includes/overlays/report.php?id=' . $row2['GameID'] . '\', \'' . GAME_REPORT . '\'); return false"><img src="/boxarcade/img/tool-report.png"/></a>');
}
$this->set('report_bug', '<a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ShowPopup(\'ava-popup\', \'' . Settings::Get('site_url') . '/includes/overlays/report.php?id=' . $row2['GameID'] . '\', \'Bug Report\'); return false"><img src="/boxarcade/img/tool-bug.jpg"/></a>');
$this->set('send', '<a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ShowPopup(\'ava-popup\', \'' . Settings::Get('site_url') . '/includes/overlays/send_game.php?id=' . $row2['GameID'] . '\', \'Send Game\'); return false"><img src="/boxarcade/img/tool-send.jpg"/></a>');
// Define the overall rating for use in the template
$this->set('rating_image', '');
//GenerateRating(3); //$row2['rating']);
// Define the 'new rating' section for the template
if (isset($_COOKIE["ava_username"]) || 42 == 42) {
} else {
$this->set('new_rating_form', GAME_LOGIN_TO_RATE);
}
// If admin is logged in, show admin options
//if ($user['admin'] == 1) {
if (1 == 0) {
$this->set('admin_options', '<a href="' . $setting['site_url'] . '/admin/?task=manage_games#id=' . $id . '"><img src=".' . $setting['template_url'] . '/images/edit.gif"/></a>');
} else {
$this->set('admin_options', '');
}
$did = $row2['DevID'];
$usr = Query::query('SELECT username, id, usrAvatarType, seo_url FROM tbl_users WHERE id=' . $did . ' LIMIT 1')->fetch_assoc();
$this->set('user_avatar', Utils::getAvatar($usr['id'], $usr['usrAvatarType']));
//'uploads/avatars/' . $usr['id'] . $usr['usrAvatarType'];
$this->set('user_name', $usr['username']);
$this->set('profile', Utils::ProfileUrl($usr['id'], $usr['seo_url']));
$this->set('show', '$show');
$this->set('admin', '');
//$user['admin'];
$this->set('login_status', '');
//$user['login_status'];
//EmbedGame
// Does this game have an advert set?
/*if (/* $row2['advert_id'] *42 == 1)
$ad_id = $setting['default_ad'];
else
$ad_id = 2; //$row2['advert_id'];*/
$ad_id = 2;
// Is the user supposed to see the ad?
if (Settings::Get('user_ads') == 1) {
if ($user['login_status'] == 1) {
$user_show_ad = 0;
} else {
$user_show_ad = 1;
}
} else {
if (Settings::Get('user_ads') == 2) {
if ($user['admin'] == 1) {
$user_show_ad = 0;
} else {
$user_show_ad = 1;
}
} else {
$user_show_ad = 1;
}
}
if (defined("PRELOAD_INFO")) {
$plm = PRELOAD_INFO;
$cts = CLICK_TO_SKIP;
} else {
$plm = 'Advertisement: Your game is loading';
$cts = 'click here to skip';
}
$this->set('ad_id', $ad_id);
$this->set('skip_ads', Settings::Get('skip_ads'));
$this->set('user_show_ad', $user_show_ad);
$this->set('plm', $plm);
$this->set('cts', $cts);
// Resize flash if required
if (isset($template['max_game_width']) && $width > $template['max_game_width']) {
$gWidth = $row2['Width'];
$gHeight = $row2['Height'];
$h1 = $template['max_game_width'] / $gWidth;
$h2 = $gHeight * $h1;
$width = $template['max_game_width'];
$height = $h2;
} else {
$width = $row2['Width'];
$height = $row2['Height'];
}
$this->set('width', $width);
$this->set('height', $height);
//$this->set('type', $this->request['type']);
//$this->set('title', $this->request['title']);
$this->set('relgames', Game::getRelatedGames($id));
$this->set('comments', Comment::getComments($id));
$this->render("Pages/View");
}
function create_user($nick, $password)
{
global $settings;
$user = new User();
$tmp = $user->login_check($nick, $password);
if (!$tmp) {
return false;
}
setcookie($settings->cookie, base64_encode(sprintf('%d!%s', $user->id, $tmp)), time() + 86400, '/');
return true;
}
<?php
include '../../../lib/sqlquery.class.php';
include '../../../lib/newmodel.class.php';
include '../../../app/models/Query.php';
include '../../../app/models/Settings.php';
include '../../../app/models/User.php';
include '../../../app/models/Utils.php';
$query = new SQLQuery();
$query->connect('localhost', 'root', '', 'boxarcade');
Settings::Init();
include '../../../lang/' . Settings::Get('language') . '.php';
User::sec_session_start();
User::Init();
$userid = intval($_SESSION['user_id']);
if (User::login_check(Query::$mysqli) == true) {
//$get_comment = Query::query("SELECT * FROM tbl_comments WHERE id='" . $_POST['id'] . "'")->fetch_assoc();
//Query::query("UPDATE tbl_users SET comments = comments - 1, points = points - $setting[points_comment] WHERE id='" . $get_comment['user'] . "'")->fetch_assoc();
$result = Query::query("DELETE FROM tbl_comments WHERE id='" . $_POST['id'] . "'");
echo $_POST['id'];
echo 'Success';
} else {
exit;
}
public function main()
{
//loadLanguageFile('play');
//include '../lang/English.php';
include '../lang/English.php';
$username = $this->request[0];
if (isset($this->request[1]) && $this->request[1] == 'update') {
if (!empty($_FILES['img_file']) && $_FILES['img_file']['error'] == 0) {
include 'includes/code/upload_avatar.php';
}
$location = Utils::secure($_POST['usr']['loc']);
$about = Utils::secure($_POST['usr']['bio']);
$website = Utils::secure($_POST['usr']['site']);
$pass = str_replace(' ', '', $_POST['usr']["pas"]);
$id = $_SESSION['user_id'];
Query::query("UPDATE Players SET Location='{$location}', About='{$about}', Website='{$website}' WHERE PlayerID='{$id}'") or die(mysql_error());
if ($pass != '') {
echo 'PW Changes';
$password = md5($_POST['new_password']);
setcookie("ava_code", $password);
Query::query("UPDATE tbl_users SET password='******' WHERE id='{$id}'") or die(mysql_error());
}
echo '<div id="error_message">' . PROFILE_UPDATED . "</div>";
$this->request[1] = 'edit';
}
if (isset($this->request[1]) && $this->request[1] == 'edit') {
if (User::login_check(Query::$mysqli) == true) {
$row = Query::query('SELECT * FROM Players WHERE Username=\'' . $username . '\' LIMIT 1')->fetch_assoc();
$email = $row['Email'];
$location2 = $row['Location'];
$about2 = $row['About'];
$website2 = $row['Website'];
if ($row['AvatarType'] != '') {
$avatar = $row['AvatarType'];
} else {
$avatar = 'default.png';
}
} else {
echo "You can only edit your own profile!";
}
$this->set('id', $row['PlayerID']);
$this->set('email', $email);
$this->set('website2', $website2);
$this->set('location2', $location2);
$this->set('about2', $about2);
$this->set('username', $username);
if ($row['AvatarType'] == '') {
$this->set('avatar', 'uploads/avatars/default.png');
} else {
$this->set('avatar', 'uploads/avatars/' . $row['PlayerID'] . $row['AvatarType']);
}
$this->render("Pages/ProfileEdit");
} else {
//id, comments, plays, ratings
/*if (isset($_GET['name'])) {
$seo_url = mysql_secure($_GET['name']);
$sql = Query::query('SELECT * FROM tbl_users WHERE seo_url='.$seo_url.' LIMIT 1');
} else {
$sql = Query::query('SELECT * FROM tbl_users WHERE id='.$id.' LIMIT 1');
}*/
$sql = Query::query('SELECT * FROM Players WHERE Username=\'' . $username . '\' LIMIT 1');
$user_exists = $sql->num_rows;
if ($user_exists != 1) {
header("HTTP/1.0 404 Not Found");
include 'includes/misc/404.php';
exit;
}
$row = $sql->fetch_assoc();
$profile = array();
$this->set('name', $row['Username']);
$id = $row['PlayerID'];
if ($row['Location'] == '') {
$this->set('location', PROFILE_NO_INFO);
} else {
$this->set('location', $row['Location']);
}
if ($row['Website'] == '') {
$this->set('website', PROFILE_NO_INFO);
} else {
$this->set('website', $row['Website']);
}
if ($row['Website'] == '') {
$this->set('website_link', PROFILE_NO_INFO);
} else {
$this->set('website_link', '<a href="' . $row['Website'] . '">' . $row['Website'] . '</a>');
}
if ($row['About'] == '') {
$this->set('about', PROFILE_NO_INFO);
} else {
$this->set('about', $row['About']);
}
if ($row['Interests'] == '') {
$this->set('interests', PROFILE_NO_INFO);
} else {
$this->set('interests', $row['Interests']);
}
if ($row['AvatarType'] == '') {
$this->set('avatar', 'uploads/avatars/default.png');
} else {
$this->set('avatar', 'uploads/avatars/' . $row['PlayerID'] . $row['AvatarType']);
}
//$profile['comments'] = $mysqli->query('SELECT COUNT(*) FROM '.$tp.'comments WHERE user='******'utils', '');
$this->set('id', $row['PlayerID']);
$this->set('plays', $row['Plays']);
$this->set('comment_count', $row['Comments']);
$this->set('ratings', $row['Ratings']);
if ($row['Points'] == '') {
$this->set('points', 0);
} else {
$this->set('points', $row['Points']);
}
$this->set('admin', $row['Admin']);
$this->set('join_date', $row['Joined']);
$this->set('isdev', $row['Developer']);
if (isset($_SESSION['user_id']) && $id == $_SESSION['user_id']) {
$this->set('button1', '<a href="profile/' . $username . '/edit">' . PROFILE_EDIT . '</a>');
} else {
$this->set('button1', '<a href="boxarcade/?task=send_message&id=' . $id . '">' . PROFILE_SEND_MESSAGE . '</a>');
}
// Check if user is friend
//if (($user['login_status'] == 1) && ($id != $user['id'])) {
if (1 == 0) {
$is_friend = $mysqli->query('SELECT * FROM ' . $tp . 'friends WHERE user1 = ' . $user['id'] . ' AND user2 =' . $id);
if ($is_friend->num_rows) {
$profile['button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ManageFriend(' . $row['id'] . ', \'delete_friend\', \'profile\');return false">UNFRIEND</a></div>';
} else {
$request_pending = $mysqli->query('SELECT * FROM ' . $tp . 'friend_requests WHERE from_user ='******' AND to_user ='******'button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#">REQUEST_SENT</a></div>';
} else {
$profile['button2'] = '<div id="friend_button"><a href="' . $_SERVER['REQUEST_URI'] . '#" onclick="ManageFriend(' . $row['id'] . ', \'send_request\', \'profile\');return false">ADD_FRIEND</a></div>';
}
}
} else {
$this->set('button2', '');
}
// If admin is logged in, show admin options
//if ($user['admin'] == 1) {
if (1 == 1) {
$this->set('admin_edit', '<a href="admin/?task=manage_users#id=' . $id . '">Edit user</a>');
} else {
$this->set('admin_edit', '');
}
$result = Query::query('SELECT * FROM favorites f, Games g WHERE GameID=f.game_id AND f.user_id=' . $row['PlayerID'] . ' LIMIT 16');
$favs = $result->num_rows;
$vars = array();
if ($favs == 0) {
echo PROFILE_NO_FAVS;
} else {
while ($rows = $result->fetch_assoc()) {
$file = Utils::TitleToFile($rows['Title']);
$game['gameTitle'] = $rows['Title'];
$game['gameDesc'] = $rows['Desc'];
$game['url'] = 'view/' . $rows['GameID'];
$game['image_url'] = "games/img/" . $file . ".png";
//Utils::FileToGameImageURL($file, "png");
array_push($vars, $game);
}
}
$this->set('games', $vars);
$result = Utils::query('SELECT * FROM tbl_badges as b, tbl_badge_relations as br WHERE b.badge_id=br.badge_id AND user_id=' . $row['PlayerID'] . ' LIMIT 6');
$favs = $result->num_rows;
$vars = array();
if ($favs == 0) {
echo PROFILE_NO_FAVS;
} else {
while ($rows = $result->fetch_assoc()) {
$g = Utils::query('SELECT * from tbl_games WHERE game_id=' . $rows['game_id'])->fetch_assoc();
$file = Utils::TitleToFile($g['title']);
$game['gameTitle'] = $g['title'];
$game['title'] = $rows['name'];
$game['game'] = $g['title'];
$game['score'] = $rows['points'];
$game['gameDesc'] = $rows['desc'];
$game['url'] = Utils::GameUrl($g['game_id']);
$game['image_url'] = $rows['image'];
array_push($vars, $game);
}
}
$this->set('badges', $vars);
$vars = array();
/*if ($_GET['task'] == 'profile') {
$result = $this->request['utils']->con->query('SELECT * FROM tbl_comments WHERE user='******' ORDER BY id DESC LIMIT 8');
} else {
$result = $this->request['utils']->con->query('SELECT * FROM tbl_comments WHERE user='******' ORDER BY id DESC');
}*/
$result = Utils::query('SELECT * FROM tbl_comments WHERE user='******'PlayerID'] . ' ORDER BY id DESC LIMIT 8');
$total_results = $result->num_rows;
if ($total_results == 0) {
echo $row['Username'] . ' ' . PROFILE_NO_COMMENTS;
} else {
while ($row = $result->fetch_assoc()) {
$game = Utils::query('SELECT * FROM Games WHERE GameID=' . $row['link_id'] . ' LIMIT 1')->fetch_assoc();
$comment['the_comment'] = nl2br($row['comment']);
$comment['game_name'] = $game['Title'];
$comment['date'] = $row['date'];
$comment['game_url'] = 'view/' . $game['GameID'];
//Utils::GameUrl($game['game_id']);
///$comment['game_img'] = Utils::FileToGameImageURL(Utils::TitleToFile($game['Title']), "png");
$file = Utils::TitleToFile($game['Title']);
$comment['game_img'] = "games/img/" . $file . ".png";
if (1 == 1) {
$comment['admin_options'] = ' <a href="admin/index.php?action=delete_comment&id=' . $row['id'] . '&link_id=' . $game['GameID'] . '"><img src="admin/images/delete.png" align="absmiddle" /></a>';
}
array_push($vars, $comment);
}
}
$this->set('comments', $vars);
$this->render("Pages/Profile");
}
}
/** Main Call Function **/
function callHook()
{
if (isset($_GET['url'])) {
$url = $_GET['url'];
} else {
$url = "index";
}
// Create the model factory
$query = new SQLQuery();
$query->connect('localhost', 'root', '', 'boxarcade');
//$modelFactory = new ModelFactory($query);
$settings = new Settings();
$login_check = 99;
User::sec_session_start();
User::Init();
if (User::login_check(Query::$mysqli) == true) {
$xuserid = intval($_SESSION['user_id']);
$sql = Query::query("SELECT * FROM Players WHERE PlayerID={$xuserid}");
$get_user_info = $sql->fetch_assoc();
$user = array('usrLang' => $get_user_info['Language'], 'username' => $get_user_info['Username'], 'id' => intval($_SESSION['user_id']), 'points' => $get_user_info['Points'], 'login_status' => 1, 'messages' => $get_user_info['Messages'], 'seo_url' => $get_user_info['Username']);
$user['ip'] = User::secure($_SERVER['REMOTE_ADDR']);
// If not avatar, try to get one from fb or set a default
if ($get_user_info['AvatarType'] == '') {
$user['avatar'] = 'uploads/avatars/default.png';
} else {
$user['avatar'] = 'uploads/avatars/' . $get_user_info['PlayerID'] . $get_user_info['AvatarType'];
}
$user['url'] = '/boxarcade/profile/' . $get_user_info['Username'];
$user['message_url'] = 'messages';
$user['admin'] = $get_user_info['Admin'];
$login_check = 1;
// Update the user IP if this is a new session
if (!isset($_COOKIE['ava_iptrack'])) {
Query::query("UPDATE Players SET LastIP = '{$user['ip']}' WHERE PlayerID = {$user['id']}") or die(mysql_error());
setcookie("iptrack", '1');
}
} else {
$user['login_status'] = 0;
$user['admin'] = 0;
}
// Prep the controller name and the query string
$urlArray = explode("/", $url);
$controller = ucwords($urlArray[0]);
array_shift($urlArray);
$queryString = array_merge($urlArray, $_POST, $_GET);
// Call the header controller
$h = new Header($modelFactory, [], true);
call_user_func_array(array($h, 'main'), [$login_check, $user]);
// Call the page controller
$dispatch = new $controller($modelFactory, $queryString, false);
call_user_func_array(array($dispatch, 'main'), [$user]);
// If an action was sent, call the appropriate function in the controller
if (isset($queryString['action']) && !empty($queryString['action'])) {
if (is_string($queryString['action'])) {
$method = $queryString['action'];
} else {
if (is_array($queryString['action'])) {
list($a_key, $a_val) = each($_POST['action']);
$method = 'btn' . ucwords($a_key) . '_Clicked';
}
}
if (method_exists($dispatch, $method) && is_callable(array($dispatch, $method))) {
call_user_func_array(array($dispatch, $method), []);
} else {
header("HTTP/1.0 404 Not Found");
}
}
// Call the footer controller
$f = new Footer($modelFactory, [], true);
call_user_func_array(array($f, 'main'), []);
}
