function ping($params)
{
global $dbc;
if (!isset($_SESSION['server_id'])) {
redirect('/');
}
$q = 'UPDATE servers SET last_used=NOW() WHERE id=' . (int) $_SESSION['server_id'] . ' AND session_id=\'' . escape_data(session_id()) . '\'';
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) {
return ajax_response('Success');
} else {
$_SESSION['server_id'] = -1;
return ajax_response('Failure', TRUE);
}
}
if (!empty($_POST['title'])) {
$t = escape_data($_POST['title']);
} else {
$t = FALSE;
echo "<p class=\"error\">Please enter a title.</p>";
}
// Check the number
if (is_numeric($_POST['articlenumber'])) {
$n = escape_data($_POST['articlenumber']);
} else {
$n = FALSE;
echo "<p class=\"error\">Please number this article correctly. (e.g. 80)</p>";
}
// Clean the recommendation data
if (!empty($_POST['recommendation'])) {
$r = escape_data($_POST['recommendation']);
}
// Set the date
$d = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day'];
// Check if we've got everything
if ($a && $t && $n) {
// Let's go!
// Handle the file upload
$filename = "upload";
if (isset($_FILES[$filename]) && $_FILES[$filename]['error'] != 4) {
// Add the record to the database
$query = "INSERT INTO uploads (file_name, file_size, file_type) VALUES ('{$_FILES[$filename]['name']}', '{$_FILES[$filename]['size']}', '{$_FILES[$filename]['type']}')";
$result = mysqli_query($dbc, $query);
if ($result) {
// Return the upload id from the database
$upload_id = mysqli_insert_id($dbc);
require './includes/config.inc.php';
// The config file also starts the session.
// Require the database connection:
require MYSQL;
// Include the header file:
$page_title = 'Forgot Your Password?';
include './includes/header.html';
// For storing errors:
$pass_errors = array();
// If it's a POST request, handle the form submission:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Validate the email address:
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$email = $_POST['email'];
// Check for the existence of that email address...
$q = 'SELECT id FROM users WHERE email="' . escape_data($email, $dbc) . '"';
$r = mysqli_query($dbc, $q);
if (mysqli_num_rows($r) === 1) {
// Retrieve the user ID:
list($uid) = mysqli_fetch_array($r, MYSQLI_NUM);
} else {
// No database match made.
$pass_errors['email'] = 'The submitted email address does not match those on file!';
}
} else {
// No valid address submitted.
$pass_errors['email'] = 'Please enter a valid email address!';
}
// End of $_POST['email'] IF.
if (empty($pass_errors)) {
// If everything's OK.
<?php
//Connect to the database
require_once '../mysqli_connect.php';
require_once 'User.php';
require_once 'Cart.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//Check Email
if (preg_match('%^[A-Za-z0-9._\\%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) {
$email = escape_data($_POST['email']);
} else {
$email = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid email address!</font></p>';
}
if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['password'])))) {
$password = escape_data($_POST['password']);
} else {
$password = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
}
// Load User
$newUser = User::loadUser($dbc, $email, $password);
//Load Cart
$cart = $newUser->loadCart($dbc);
//Save em to session
session_start();
$_SESSION["user"] = serialize($newUser);
$_SESSION["cart"] = serialize($cart);
header('Location: WelcomePage.php');
mysqli_close($dbc);
}
if (ini_get('magic_quotes_grc')) {
$data = stripslashes($data);
}
if (!is_numeric($data)) {
$data = mysql_real_escape_string($data);
}
return $data;
}
$id = $_GET['id'];
$cat_array = array('Appetizers', 'Salads', 'Sandwiches', 'Entrees', 'Sides', 'Desserts');
echo "<section id='edit-dish'><h2>Edit Dish</h2>";
if ($_GET['confirm'] == 'yes') {
$name = escape_data($_POST['name']);
$price = escape_data($_POST['price']);
$desc = escape_data($_POST['desc']);
$category = escape_data($_POST['category']);
$sql = "UPDATE `scargo cafe menu` SET name='{$name}', `desc`='{$desc}', category='{$category}', price='{$price}' WHERE id='{$id}' LIMIT 1";
$result = mysql_query($sql);
if ($result) {
?>
<div class="notification">
<p>Item successfully updated</p>
</div>
<?php
} else {
?>
<div class="notification">
<p>Unable to update item</p>
<p>Error: <?php
echo mysql_error();
?>
$message = NULL;
// Create an empty new variable.
// Check for an existing password.
if (empty($_POST['password'])) {
$p = FALSE;
$message .= '<br>You forgot to enter your existing password!</br>';
} else {
$p = escape_data($_POST['password']);
}
// Check for a password and match against the confirmed password.
if (empty($_POST['password1'])) {
$np = FALSE;
$message .= '<br>You forgot to enter your new password!</br>';
} else {
if ($_POST['password1'] == $_POST['password2']) {
$np = escape_data($_POST['password1']);
} else {
$np = FALSE;
$message .= '<br>Your new password did not match the confirmed new password!</br>';
}
}
if ($p && $np) {
// If everything's OK.
$query = "SELECT username FROM users WHERE (username='******' AND password=PASSWORD('{$p}') )";
$result = @mysql_query($query);
$num = mysql_num_rows($result);
if ($num == 1) {
$row = mysql_fetch_array($result, MYSQL_NUM);
// Make the query.
$query = "UPDATE users SET password=PASSWORD('{$np}') WHERE username='******'0']}'";
$result = @mysql_query($query);
if (!empty($_POST['firstname'])) {
$f = escape_data($_POST['firstname']);
} else {
$f = FALSE;
echo '<p><font color="red">Please enter a first name.</font></p>';
}
// Check the second name
if (!empty($_POST['lastname'])) {
$l = escape_data($_POST['lastname']);
} else {
$l = FALSE;
echo '<p><font color="red">Please enter a last name.</font></p>';
}
// Check the email address
if (!empty($_POST['email'])) {
$e = escape_data($_POST['email']);
// Check there is an @ sign and at least one dot
if (strpos($e, "@") === FALSE || strpos($e, ".") === FALSE || strpos($e, " ") != FALSE || strpos($e, "@") > strrpos($e, ".")) {
$e = FALSE;
echo "<p class=\"error\">Email address was invalid and disregarded.</p>";
}
} else {
$e = FALSE;
}
// Check if we've got everything
if ($f && $l) {
// Let's go!
// Add to the authors table
$query = "INSERT INTO authors (firstname, lastname, email) VALUES ('{$f}', '{$l}', '{$e}')";
// Create the query
$result = mysqli_query($dbc, $query);
}
// Check for a last name:
if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) {
$ln = escape_data($_POST['last_name'], $dbc);
} else {
$reg_errors['last_name'] = 'Please enter your last name!';
}
// Check for a username:
if (preg_match('/^[A-Z0-9]{2,45}$/i', $_POST['username'])) {
$u = escape_data($_POST['username'], $dbc);
} else {
$reg_errors['username'] = '******';
}
// Check for an email address:
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) {
$e = escape_data($_POST['email'], $dbc);
} else {
$reg_errors['email'] = 'Please enter a valid email address!';
}
// Check for a password and match against the confirmed password:
if (preg_match('/^(\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*){6,}$/', $_POST['pass1'])) {
if ($_POST['pass1'] === $_POST['pass2']) {
$p = $_POST['pass1'];
} else {
$reg_errors['pass2'] = 'Your password did not match the confirmed password!';
}
} else {
$reg_errors['pass1'] = 'Please enter a valid password!';
}
if (empty($reg_errors)) {
// If everything's OK...
if (getFleetStat($str, $sid, $d) != 0) {
$go = false;
break;
}
}
if ($go) {
$query = "DELETE FROM fleet{$sid} WHERE id={$d}";
$result = @mysql_query($query);
echo 'Your fleet has been deleted.<br><br>';
} else {
echo 'The fleet must be empty to delete it.<br><br>';
}
}
//reset the probes
if (isset($_GET[p])) {
$p = (int) escape_data($_GET[p]);
//Check if you own the fleet
if (getFleetStat(ownerid, $sid, $p) != $id) {
echo 'err';
exit;
}
setFleetStat(probes, 0, $sid, $p);
setFleetStat(probetime, 0, $sid, $p);
setFleetStat(report, " ", $id, $p);
}
/***********
JAVASCRIPT AND MENU
**********/
echo '
<script language="Javascript">
var change = function(x){
<?php
/**/
include './header.php';
if (isset($_GET['id'])) {
$oid = (int) escape_data($_GET['id']);
if (isset($_GET['type'])) {
$type = (int) escape_data($_GET['type']);
if ($type != 1 && $type != 2) {
$type = 1;
}
} else {
$type = 1;
}
} else {
echo 'err';
exit;
}
/***********
TYPES
1 = Building
2 = Ship
***********/
echo '<table align="center" cellspacing=10>';
if ($type == 1) {
echo '<tr>
<td><b>Name</b></td>
<td><b>Civs Cost</b></td>
<td><b>Elinarium Cost</b></td>
<td><b>Cylite Cost</b></td>
<td><b>Plexi Cost</b></td>
<?php
require_once 'configmsgbrd.php';
$u = escape_data($_POST["user_id"]);
$tid = escape_data($_POST["topic_id"]);
$mt = escape_data($_POST["comment"]);
$pid = escape_data($_POST["parent_id"]);
$mb = escape_data($_POST["mess_block"]);
$token = escape_data($_POST["token_id"]);
$query1 = "SELECT user_id, tokenid FROM users WHERE (user_id='{$u}') AND (tokenid='{$token}')";
$result2 = mysql_query($query1) or trigger_error("An Error Occurred");
if (mysql_affected_rows() == 1) {
$query2 = "INSERT INTO message (user_id, topic_id, message_txt, date, parent_id, mess_block) VALUES ('{$u}', '{$tid}', '{$mt}', NOW(), '{$pid}', '{$mb}')";
$result2 = mysql_query($query2) or trigger_error("An Error Occurred");
echo "Comment Has Been Submitted";
exit;
mysql_close();
} else {
echo "Comment Has Been Declined";
exit;
mysql_close();
}
function destroy_session($sid)
{
global $dbc;
// Delete from the database.
$q = sprintf('DELETE FROM sessions WHERE id="%s"', escape_data($sid));
$r = mysqli_query($dbc, $q);
// Clear the $_SESSION array:
$_SESSION = array();
return mysqli_affected_rows($dbc);
}
<?php
/**/
include './header.php';
//Check to see if you are already logged into a server
if (isset($sid)) {
echo 'Error';
exit;
}
//Check to see if the user is trying to join a server or enter a server
if (isset($_GET['s'])) {
$sid = escape_data($_GET['s']);
if (isOnServer($sid, $id)) {
//Log into server
$_SESSION['sid'] = $sid;
changePage('./galaxy.php');
} else {
//Enter the server
if (getServerStat(users, $sid) < getServerStat(maxusers, $sid)) {
$users = getServerStat(users, $sid);
$users++;
$query = "UPDATE serverlist SET users={$users} WHERE id={$sid}";
$result = @mysql_query($query);
if ($result) {
$bool = false;
for ($x = 1; $x < 3; $x++) {
$string = "s" . $x;
$serverid = getUserStat($string, $id);
if ($serverid == 0) {
$query = "UPDATE users SET {$string}={$sid} WHERE id={$id}";
$result = @mysql_query($query);
}
}
$action = $_GET['action'];
if($action == 'changepass'){
include("functions/escape_data.php");
$HostAccount = $_GET['HostAccount'];
$cPW1 = $HTTP_POST_VARS[ "password1" ];
$cPW2 = $HTTP_POST_VARS[ "password2" ];
if(empty($_POST['password1'])) {
$HostPassword = FALSE;
$message2 .= '<br>You forgot to enter a password';
} else {
if($_POST['password1'] == $_POST['password2']) {
$HostPassword = escape_data($_POST['password1']);
if(strlen($HostPassword) < 6){
$message2 .= "<br>Your password $HostPassword must be 6 characters";
$HostPassword = FALSE;
} else {
if (!preg_match("/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/", $HostPassword)) {
$message2 .= "<br>Your password does not meet complexity requirements";
$HostPassword = FALSE;
}
}
} else {
$HostPassword = FALSE;
$message2 .= '<br>Your passwords do not match';
}
if($HostPassword){
require '../dbconnect.php';
function escape_data($data)
{
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
if (!is_numeric($data)) {
$data = mysql_real_escape_string($data);
}
return $data;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//run all of the form data through the escape_data function
$name = escape_data($_POST['name']);
$review = escape_data($_POST['review']);
$rating = escape_data($_POST['rating']);
$cat_id = $_POST['cat_id'];
$returnMsg = array();
$returnMsg['submittedData'] = "<p>Name: {$name} rating: {$rating} email: {$email} review: {$review}</p>";
//this code asses a new review to the reviews table
$sql = "INSERT INTO reviews (id, name, review, rating, cat_id, date)\n\t\tVALUES ('', '{$name}', '{$review}', '{$rating}', '{$cat_id}', NOW() )";
$result = mysql_query($sql);
$returnmsg['insertReviewInfo'] = "<p>Info:" . mysql_info() . "</p>";
$returnmsg['insertReviewError'] = "<p>Error:" . mysql_error() . "</p>";
//set up SQL query to get all of the reviews for this product.
$sql = "SELECT * FROM reviews WHERE cat_id = '{$cat_id}'";
$result = mysql_query($sql);
//Count and average all the ratings taken from all reviews of this product.
$count = 0;
$average_rating = 0;
$total_rating = 0;
if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['password'])))) {
$test_password = escape_data($_POST['password']);
if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['confirmPassword'])))) {
$confirmationPassword = escape_data($_POST['confirmPassword']);
if (passwordChecker($test_password, $confirmationPassword)) {
$user->password = escape_data($_POST['password']);
}
}
}
//Check Postal Code
if (preg_match('%^[A-Za-z][0-9][A-Za-z]" "[0-9][A-Za-z][0-9]$%', stripslashes(trim($_POST['postalCode'])))) {
$user->postalCode = escape_data($_POST['postalCode']);
}
//Check Dat of Birth
if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) {
$user->DOB = escape_data($_POST['DOB']);
}
$user->gender = $_POST['Gender'];
$query = "UPDATE users SET firstName=?, lastName=?, email=?, password=?, streetAddress=?, postalCode=?, DOB =?, gender=? WHERE id=?";
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "ssssssdsd", $user->firstName, $user->lastName, $user->email, $user->streetAddress, $user->password, $user->postalCode, $user->DOB, $user->gender, $user->id);
if (!mysqli_execute($stmt)) {
die('stmt error: ' . mysqli_stmt_error($stmt));
}
$_SESSION['user'] = serialize($user);
echo "<p>ACCOUNT UPDATED</p>";
}
?>
include 'functions.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$meetsRequirements = TRUE;
if (preg_match('%^[A-Za-z\\.\' \\-]{2,15}$%', stripslashes(trim($_POST['fn'])))) {
$firstname = escape_data($_POST['fn']);
} else {
$meetsRequirements = FALSE;
}
if (preg_match('%^[A-Za-z\\.\' \\-]{2,15}$%', stripslashes(trim($_POST['ln'])))) {
$lastname = escape_data($_POST['ln']);
} else {
$meetsRequirements = FALSE;
}
if (preg_match('%^[A-Za-z0-9._\\%-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}$%', stripslashes(trim($_POST['email'])))) {
$email = escape_data($_POST['email']);
} else {
$meetsRequirements = FALSE;
}
if (preg_match('%^([0-9]( |-)?)?(\\(?[0-9]{3}\\)?|[0-9]{3})( |-)?([0-9]{3}( |-)?[0-9]{4}|[a-zA-Z0-9]{7})$%', stripslashes(trim($_POST['work_phone'])))) {
$phone = escape_data($_POST['work_phone']);
} else {
$meetsRequirements = FALSE;
}
if (!$meetsRequirements) {
die;
}
$_SESSION["firstname"] = $firstname;
$_SESSION["lastname"] = $lastname;
$_SESSION["email"] = $email;
$_SESSION["phone"] = $phone;
}
if (filter_var($_POST['category'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
$cat = $_POST['category'];
} else {
// No category selected.
$add_page_errors['category'] = 'Please select a category!';
}
// Check for a description:
if (!empty($_POST['description'])) {
$d = escape_data(strip_tags($_POST['description']), $dbc);
} else {
$add_page_errors['description'] = 'Please enter the description!';
}
// Check for the content:
if (!empty($_POST['content'])) {
$allowed = '<div><p><span><br><a><img><h1><h2><h3><h4><ul><ol><li><blockquote>';
$c = escape_data(strip_tags($_POST['content'], $allowed), $dbc);
} else {
$add_page_errors['content'] = 'Please enter the content!';
}
if (empty($add_page_errors)) {
// If everything's OK.
// Add the page to the database:
$q = "INSERT INTO pages (categories_id, title, description, content) VALUES ({$cat}, '{$t}', '{$d}', '{$c}')";
$r = mysqli_query($dbc, $q);
if (mysqli_affected_rows($dbc) === 1) {
// If it ran OK.
// Print a message:
echo '<div class="alert alert-success"><h3>The page has been added!</h3></div>';
// Clear $_POST:
$_POST = array();
// Send an email to the administrator to let them know new content was added?
$country = escape_data($_POST['country']);
}
if (empty($_POST['countrycode'])) {
$countrycode = FALSE;
$message .= '<br>The country code field is required to continue</br>';
} else {
$countrycode = escape_data($_POST['countrycode']);
}
if (empty($_POST['phone'])) {
$phone = FALSE;
$message .= '<br>A valid phone number is required</br>';
} else {
$phone = escape_data($_POST['phone']);
}
if (isset($_POST['fax'])) {
$fax = escape_data($_POST['fax']);
}
if ($reguName && $password && $lpquestion && $lpanswer && $fname && $lname & $email && $add1 && $city && $zip && $country && $countrycode && $phone) {
$query = "SELECT username FROM users WHERE username='******'";
$result = @mysql_query($query);
if (mysql_num_rows($result) == 0) {
$query = "INSERT INTO users (username, password, lpquestion, lpanswer, fname, lname, email, second_email, add1, add2, city, state, province, rspchoice, zip, country, countrycode, phone, fax, date, signup_date, isadmin)\n\t\tVALUES ('{$reguName}', PASSWORD('{$password}'), '{$lpquestion}', '{$lpanswer}', '{$fname}', '{$lname}', '{$email}', '{$second_email}', '{$add1}', '{$add2}', '{$city}', '{$state}', '{$province}', '{$rspchoice}', '{$zip}', '{$country}', '{$countrycode}', '{$phone}', '{$fax}', NOW(), NOW(), 1)";
$result = @mysql_query($query);
if ($result) {
$StepNumber = 5;
$_SESSION['StepNumber'] = 5;
header("Location: install5.php");
exit;
} else {
$message .= "There was an error writing the user to the database.<br>{$query}<br>";
}
} else {
$_SESSION['cycle'] = (int) $_REQUEST['period'];
}
echo '{ "success" : "true" }';
} else {
// New bill add-on...
$errors = array();
$testDate = explode('-', $_POST["date"]);
if (isset($testDate[0]) && isset($testDate[1]) && isset($testDate[2]) && checkdate($testDate[1], $testDate[2], $testDate[0])) {
$date = $_POST["date"];
} else {
$errors[] = "The date you entered is not valid, please try again.";
$date = NULL;
}
if (isset($_POST['descrip']) && !empty($_POST['descrip'])) {
$description = escape_data($_POST['descrip']);
} else {
$description = NULL;
$errors[] = "You left the description blank, please fill it in and try again.";
}
if (isset($_POST['amt']) && is_numeric($_POST['amt']) && $_POST['amt'] > 0) {
$amount = (double) $_POST['amt'];
} else {
$amount = NULL;
$errors[] = "The amount has to be a non-negative number.";
}
if (isset($_POST['payer']) && is_numeric($_POST['payer']) && $_POST['payer'] > 0) {
$payer = (int) $_POST['payer'];
} else {
$payer = NULL;
$errors[] = "Seriously, what are you doing?";
if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['password'])))) {
$test_password = escape_data($_POST['password']);
if (preg_match('%^[A-za-z0-9]{4,20}$%', stripslashes(trim($_POST['confirmPassword'])))) {
$confirmationPassword = escape_data($_POST['confirmPassword']);
if (passwordChecker($test_password, $confirmationPassword)) {
$_SESSION['password'] = escape_data($_POST['password']);
}
}
}
//Check Postal Code
if (preg_match('%^[A-Za-z][0-9][A-Za-z]" "[0-9][A-Za-z][0-9]$%', stripslashes(trim($_POST['postalCode'])))) {
$_SESSION['postalCode'] = escape_data($_POST['postalCode']);
}
//Check Dat of Birth
if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) {
$_SESSION['DOB'] = escape_data($_POST['DOB']);
}
$_SESSION['gender'] = $_POST['Gender'];
$query = "UPDATE users SET firstName=?, lastName=?, email=?, password=?, streetAddress=?, postalCode=?, DOB =?, gender=? WHERE id=?";
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "ssssssdsd", $_SESSION['firstName'], $_SESSION['lastName'], $_SESSION['email'], $_SESSION['password'], $_SESSION['streetAddress'], $_SESSION['postalCode'], $_SESSION['DOB'], $_SESSION['gender'], $_SESSION['id']);
if (!mysqli_execute($stmt)) {
die('stmt error: ' . mysqli_stmt_error($stmt));
}
echo "<p>ACCOUNT UPDATED</p>";
}
?>
}
if ($_POST['ps_charge_ok'] == 'on' && ($_POST['ps_staff'] == 0 || 3 || 4 || 6)) {
$errors[] = 'Non-staff members cannot house charge.';
} else {
if ($_POST['ps_charge_ok'] == 'on') {
$pscharge = 1;
} else {
$pscharge = 0;
}
}
if ($_POST['ps_discount'] > 25) {
$errors[] = 'You entered a discount greater than the maximum.';
} elseif ($_POST['ps_discount'] != 0 && $_POST['ps_staff'] == 0) {
$errors[] = 'Member-owners may not rcv. a discount. Please adjust Member Type below.';
} else {
$psd = escape_data($_POST['ps_discount']);
// Store the discount.
}
$psmemtype = $_POST['ps_memtype'];
$psstaff = $_POST['ps_staff'];
if ($psstaff == 6) {
$psType = 'reg';
} else {
$psType = 'pc';
}
if ($pscharge == 1) {
$pslimit = 9999;
} else {
$pslimit = 0;
}
}
$sm .= " AND daytrans_no = '{$dtn}'";
}
if (!empty($_GET['reg_no'])) {
$rn = escape_data($_GET['reg_no']);
$sm .= " AND register_no = {$rn}";
}
if (!empty($_GET['card_no'])) {
$cn = escape_data($_GET['card_no']);
$sm .= " AND card_no = {$cn}";
}
if (!empty($_GET['cashier'])) {
$em = escape_data($_GET['cashier']);
$sm .= " AND emp_no = {$em}";
}
if (!empty($_GET['total'])) {
$tt = escape_data($_GET['total']);
$sm .= " AND emp_no = {$tt}";
}
// else {$sm = $_GET['sm'];}
}
if (empty($errors)) {
$sm = stripslashes($sm);
$query = "SELECT * FROM " . DB_LOGNAME . ".{$transtable} WHERE trans_type = 'C' AND " . $sm;
// echo "$query";
$result = @mysql_query($query);
if (mysql_num_rows($result) == 0) {
// No results
echo '<div id="alert"><p class="error">Your search yielded no results.</p></div>';
} else {
// Results!
$query = "SELECT COUNT(*) FROM " . DB_LOGNAME . ".{$transtable} WHERE trans_type = 'C' AND {$sm}";
$num += $ship[$x];
setFleetStat($str, $num, $sid, $fleetSelected);
//Take away ships
$num = getFleetStat($str, $sid, $fid);
$num -= $ship[$x];
setFleetStat($str, $num, $sid, $fid);
}
echo 'You have moved the ships successfully<br>';
}
}
if (isset($_GET['fa'])) {
$fleetSelected = $_POST['fleet'];
$counter;
$str;
for ($z = 0; $z < count($fleetSelected); $z++) {
$fleetSelected[$z] = escape_data($fleetSelected[$z]);
for ($i = 1; $i < 4; $i++) {
$str = "ship" . $i;
$counter[$i] += getFleetStat($str, $sid, $fleetSelected[$z]);
}
$thisPid = getFleetStat(loc, $sid, $fleetSelected[$z]);
$ownerId = getFleetStat(ownerid, $sid, $fleetSelected[$z]);
if ($id != $ownerId) {
echo 'err1';
exit;
}
if ($thisPid != $pid) {
echo 'err';
exit;
}
}
<td><input type="submit" name="submit3" value="Submit"></td>
</tr></table></form>
';
}
echo '</div>';
/********
PERKS PAGE
*********/
echo '<div id="6" style="display:none">';
$query = "SELECT id FROM masterperks";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
}
//Change the page to send mail if reply is set
if (isset($_GET[r])) {
$r = escape_data($_GET[r]);
$query = "SELECT username FROM users WHERE id={$r}";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)) {
$r = $row[0];
} else {
$r = "User Not Found";
}
echo '<script>change(2);
document.forms[0].to.value="' . $r . '"</script>';
}
if (isset($_GET['d'])) {
echo '<script>change(7)</script>';
}
echo '</div>';
include './footer.php';
<?php
if (isset($_POST['submitted'])) {
// Check if the form has been submitted.
// Security check for a valid username
if (preg_match('%^[A-Za-z0-9]\\S{8,20}$%', stripslashes(trim($_POST['userid'])))) {
// Scrub username with function in header.php
$u = escape_data($_POST['userid']);
} else {
$u = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid User ID!</font></p>';
}
// Security check for a valid password
if (preg_match('%^[A-Za-z0-9]\\S{8,20}$%', stripslashes(trim($_POST['pass'])))) {
// Scrub password with function in header.php
$p = escape_data($_POST['pass']);
} else {
$p = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid Password!</font></p>';
}
// PHP Code for the CAPTCHA System
$captchchk = 1;
$privatekey = "6LfXR8ASAAAAAKpztg_bZb27P7KwUwFZYPi0pvOA";
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
echo '<p><font color="red" size="+1">The CAPTCHA Code wasn\'t entered correctly!</font></p>';
$captchchk = 0;
}
// Query the database. Verify the username, password and captcha
if ($u && $p && $captchchk) {
$password = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
}
} else {
$password = FALSE;
echo '<p><font color="red" size="+1">Please enter a valid password!</font></p>';
}
//Check Postal Code'
if (preg_match('%^[A-Za-z][0-9][A-Za-z]" "[0-9][A-Za-z][0-9]$%', stripslashes(trim($_POST['postalCode'])))) {
$postalCode = escape_data($_POST['postalCode']);
} else {
$postalCode = "";
}
//Check Dat of Birth
if (preg_match('%^[0-9]{6}$%', stripslashes(trim($_POST['DOB'])))) {
$DOB = escape_data($_POST['DOB']);
} else {
$DOB = "00000000";
}
$gender = $_POST['Gender'];
//Insert info into the database
$query = "INSERT INTO users(firstName,lastName,email, password, streetAddress, postalCode, DOB, gender) VALUES (?,?,?,?,?,?,?,?)";
//Prepare mysqli statement
$stmt = mysqli_prepare($dbc, $query);
if (!$stmt) {
die('mysqli error: ' . mysqli_error($dbc));
}
//Bind parameters
mysqli_stmt_bind_param($stmt, "ssssssds", $firstName, $lastName, $email, $password, $streetAddress, $postalCode, $DOB, $gender);
if (!mysqli_execute($stmt)) {
die('stmt error: ' . mysqli_stmt_error($stmt));
<?php
# messages.php - This will let your average user modify the greeting, farewell, and receipt footers for all lanes.
$page_title = 'Fannie - Admin Module';
$header = 'Message Manager';
include '../src/header.html';
if (isset($_POST['submitted'])) {
// new line for fwrite "\n"
require_once '../src/mysql_connect.php';
foreach ($_POST['id'] as $id => $msg) {
$query = "UPDATE messages SET message = '" . escape_data($msg) . "' WHERE id='{$id}'";
$result = mysql_query($query);
}
}
require_once '../src/mysql_connect.php';
echo '<form action="messages.php" method="POST">';
$query = "SELECT * FROM messages ORDER BY id ASC";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
if ($row['id'] == 'receiptFooter1') {
echo "<p><b>Receipt Footer:</b></p>\n";
} elseif ($row['id'] == 'farewellMsg1') {
echo "<p><b>Farewell Message:</b></p>\n";
} elseif ($row['id'] == 'welcomeMsg1') {
echo "<p><b>Welcome Message:</b></p>\n";
}
echo "<input type=\"text\" name=\"id[{$row['id']}]\" value=\"{$row['message']}\" size=\"50\" maxlength=\"50\" /><br />\n";
}
echo '<br /><button name="submit" type="submit">Save</button>
<input type="hidden" name="submitted" value="TRUE" />
</form>';
function researchImage($rid)
{
return '<A href="./research.php?id=' . $rid . '" onMouseOver="showObject(event,\'' . $rid . 'go\');" onMouseOut="hideObject(\'' . $rid . 'go\');"><img src="http://www.playconquest.com/woc/items/33.png"></a>';
}
function rph($sid, $id)
{
$return = 0;
$query = "SELECT researchmod FROM planets{$sid} WHERE ownerid={$id}";
$result = mysql_query($query);
while ($row = mysql_fetch_array($result)) {
$return += $row[researchmod];
}
return $return;
}
if (isset($_GET['id'])) {
$rid = escape_data($_GET['id']);
$sub = getResearchStat(sub, $rid);
$pass = false;
if ($sub == 0) {
$pass = true;
}
//check to see if you have already researcheed it
$query = "SELECT id FROM tech{$sid} WHERE ownerid={$id} AND techid={$rid}";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)) {
echo ' You have already researched this.<br><br>';
} else {
//check you have requirements
$query = "SELECT id FROM tech{$sid} WHERE techid={$sub} AND ownerid={$id}";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result) || $pass) {
<?php
/**/
include './db_connect.php';
if (isset($_GET[id])) {
$id = (int) escape_data($_GET[id]);
$vote = getUserStat(votes, $id);
$vote++;
$query = "UPDATE users SET votes={$vote} WHERE id={$id}";
$result = @mysql_query($query);
}