} ?> <div id="main"> <?php $smackheader = 0; while ($post = mysql_fetch_array($comments)) { if (0 == $smackheader) { echo "<div id='smacktalk'><h2>Latest Smack Talk</h2><div class='messages'><table width='100%'>"; $smackheader = 1; } echo "<tr><td><span class='postername' >" . stripslashes($post['from']) . ":</span> <a class='teaser' href=\"view.php?id=" . stripslashes($post['bracket']) . "#comments\">" . substr(stripslashes($post['content']), 0, 250); if (strlen($post['content']) > 250) { echo "..."; } echo "</a></td><td><div class='bracketName'><a href=\"view.php?id=" . $post['bracket'] . "#comments\">" . stripslashes($post['name']) . "</a> - <span class='date'>" . timeBetween(strtotime($post['time']), time()) . "</span></div></td></tr>\n"; } if ($smackheader) { echo "</table></div></div>"; } ?> <div class="right_side"> <?php include "sidebar.php"; ?> </div> <div class="left_side"> <?php if (isset($_SESSION['success'])) { ?> <div class="success"><?php
include 'bracket_view_module.php'; viewBracket($meta, $picks, $team_data, $rank, $score_data, $best_data); ?> <div id="smacktalk" class="full"> <a name="comments"></a> <h2>Smack Talk</h2><h3></h3> <div class="messages" style="max-height: 100%;"> <table width="100%"> <?php $posts = "SELECT c.time, c.content, c.from, c.bracket FROM `comments` c WHERE `bracket`={$id}"; $posts = mysql_query($posts, $db); while ($post = mysql_fetch_array($posts)) { echo "<tr valign='top'><td nowrap><span class='postername' >" . stripslashes($post['from']) . ":</span></td><td>" . stripslashes($post['content']); echo "</td><td nowrap><span class='date'>" . timeBetween(strtotime($post['time']), time()) . "</span></td></tr>\n"; } $query = "SELECT * FROM `brackets` WHERE `email` = '" . $_COOKIE['useremail'] . "' LIMIT 0,1"; //select entry $user = mysql_query($query, $db); $user = mysql_fetch_array($user); ?> </table> </div> <br> <h2>Add Smack Talk</h2><h3></h3> <?php if (isset($_COOKIE['useremail']) == true) {
/** * Title * * Description * * @access public */ function checkAccess($object_type, $object_id) { global $session; $rule = SQLSelectOne("SELECT * FROM security_rules WHERE OBJECT_TYPE='" . $object_type . "' AND OBJECT_ID='" . (int) $object_id . "'"); if (!$rule['ID']) { return true; } /* if ($object_id==11) { print_r($rule); exit; } */ //times if ($rule['TIMES']) { $hours_matched = false; $tmp = explode(',', $rule['TIMES']); $total = count($tmp); for ($i = 0; $i < $total; $i++) { $tmp2 = explode('-', $tmp[$i]); if (timeBetween($tmp2[0], $tmp2[1])) { $hours_matched = true; } } if (!$hours_matched && !$rule['TIMES_EXCEPT']) { return false; } elseif ($hours_matched && $rule['TIMES_EXCEPT']) { return false; } } global $session; //users if ($rule['USERS']) { $users_matched = false; if ($session->data['SITE_USERNAME'] && !$session->data['SITE_USER_ID']) { $user = SQLSelectOne("SELECT ID FROM users WHERE USERNAME='******'SITE_USERNAME'] . "'"); if ($user['ID']) { $session->data['SITE_USER_ID'] = $user['ID']; } } $user_id = (int) $session->data['SITE_USER_ID']; $tmp = explode(',', $rule['USERS']); if (in_array($user_id, $tmp)) { $users_matched = true; } if (!$users_matched && !$rule['USERS_EXCEPT']) { return false; } elseif ($users_matched && $rule['USERS_EXCEPT']) { return false; } } //terminals if ($rule['TERMINALS']) { $terminals_matched = false; if ($session->data['TERMINAL']) { // && !$session->data['TERMINAL_ID'] $terminal = SQLSelectOne("SELECT ID FROM terminals WHERE NAME='" . $session->data['TERMINAL'] . "'"); if ($terminal['ID']) { $session->data['TERMINAL_ID'] = $terminal['ID']; } } $terminal_id = (int) $session->data['TERMINAL_ID']; $tmp = explode(',', $rule['TERMINALS']); if (in_array($terminal_id, $tmp)) { $terminals_matched = true; } if (!$terminals_matched && !$rule['TERMINALS_EXCEPT']) { return false; } elseif ($terminals_matched && $rule['TERMINALS_EXCEPT']) { return false; } } return true; }