/**
* Handling a post.
*/
function post()
{
$new_id = $_POST['id'];
$this->load->helper('validate_helper');
// Check to see if the ID already exists
if ($this->accounts->get($new_id) == null) {
$this->data['errors'][] = 'ID does not exist.';
}
// Check to see if the ID is invalid
if (!validate_id($_POST['id'])) {
$this->data['errors'][] = 'Invalid ID.';
}
// Check to see if the status is invalid.
if (!validate_status($_POST['status'])) {
$this->data['errors'][] = 'Invalid status.';
}
// If more than 0 errors exist, adding entry fails, error produced
if (count($this->data['errors']) > 0) {
redirect('../update');
//$this -> index();
} else {
$this->accounts->update($_POST);
redirect('../');
}
}
/**
* Handling a post.
*/
function post()
{
// Call to neccessary variables and helpers
$new_id = $_POST['id'];
$this->load->helper('validate_helper');
// Check to see if the ID already exists
if ($this->products->get($new_id) != null) {
$this->data['errors'][] = 'ID already in use.';
}
// Check to see if the ID is invalid
if (!validate_id($_POST['id'])) {
$this->data['errors'][] = 'Invalid ID.';
}
// Check to see if the status is invalid.
if (!validate_status($_POST['status'])) {
$this->data['errors'][] = 'Invalid status.';
}
// If more than 0 errors exist, adding entry fails, error produced
if (count($this->data['errors']) > 0) {
redirect('../add');
//$this -> index();
} else {
$this->products->add($_POST);
redirect('../');
}
}
function download_file($file)
{
validate_id(array_get($file, 'id'));
// do we read the file off AWS S3?
if (CONFIG_AWS_S3_KEY_ID && CONFIG_AWS_S3_SECRET && CONFIG_AWS_S3_BUCKET) {
try {
// Instantiate the S3 client with your AWS credentials
$client = S3Client::factory(array('key' => CONFIG_AWS_S3_KEY_ID, 'secret' => CONFIG_AWS_S3_SECRET));
$file_key = '/challenges/' . $file['id'];
$client->registerStreamWrapper();
// Send a HEAD request to the object to get headers
$command = $client->getCommand('HeadObject', array('Bucket' => CONFIG_AWS_S3_BUCKET, 'Key' => $file_key));
$filePath = 's3://' . CONFIG_AWS_S3_BUCKET . $file_key;
} catch (Exception $e) {
message_error('Caught exception uploading file to S3: ' . $e->getMessage());
}
} else {
$filePath = CONST_PATH_FILE_UPLOAD . $file['id'];
if (!is_readable($filePath)) {
log_exception(new Exception("Could not read the requested file: " . $filePath));
message_error("Could not read the requested file. An error report has been lodged.");
}
}
$file_title = $file['title'];
if (defined('CONFIG_APPEND_MD5_TO_DOWNLOADS') && CONFIG_APPEND_MD5_TO_DOWNLOADS && $file['md5']) {
$pos = strpos($file['title'], '.');
if ($pos) {
$file_title = substr($file['title'], 0, $pos) . '-' . $file['md5'] . substr($file['title'], $pos);
} else {
$file_title = $file_title . '-' . $file['md5'];
}
}
// required for IE, otherwise Content-disposition is ignored
if (ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', 'Off');
}
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private', false);
// required for certain browsers
header('Content-Type: application/force-download');
header('Content-Disposition: attachment; filename="' . $file_title . '";');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . $file['size']);
// Stop output buffering
if (ob_get_level()) {
ob_end_flush();
}
flush();
readfile($filePath);
}
function cdotw($id)
{
$id = validate_id($id);
if ($id == '') {
$date = "SELECT date, DATE_FORMAT(date, '%c/%d/%y' ) as fdate FROM cdotw GROUP BY date ORDER BY date DESC LIMIT 0,1";
$date_result = mysql_query($date);
if (!$date_result) {
die('Invalid');
}
$datepicker = mysql_fetch_assoc($date_result);
$query = "SELECT * FROM cdotw WHERE deleted = 'no' AND date = \"" . $datepicker['date'] . "\"";
$result = mysql_query($query);
} else {
$date = "SELECT DATE_FORMAT(date, '%c/%d/%y' ) as fdate FROM cdotw WHERE id = " . $id;
$date_result = mysql_query($date);
if (!$date_result) {
die('Invalid');
}
$datepicker = mysql_fetch_assoc($date_result);
$query = "SELECT * FROM cdotw WHERE deleted = 'no' AND id = " . $id;
$result = mysql_query($query);
}
if (!$result) {
echo "error: " . $query;
die('Invalid');
}
echo "Week of " . $datepicker['fdate'];
echo '<ul>';
for ($i = 1; $i <= mysql_num_rows($result); $i++) {
$info = mysql_fetch_assoc($result);
echo "<h3>" . $info['artist'] . " - <em>" . $info['title'] . "</em> (" . $info['label'] . ")</h3>\n" . "<div class='review'> <a href=\"" . $info['band'] . "\" target=_new><img src=\"" . $info['cd_pic_url'] . "\" height=\"200\"> </a>\n" . $info['review'] . "</div>\n" . "<div class=\"footnote\">Review by " . $info['reviewer'] . "</div>\n";
if ($i != mysql_num_rows($result)) {
echo "<p>\n<hr width=80%>\n";
}
}
echo '</ul>';
}
function user_exception_log($user_id, $limit = null)
{
validate_id($user_id);
echo '
<table id="hints" class="table table-striped table-hover">
<thead>
<tr>
<th>Message</th>
<th>Added</th>
<th>IP</th>
<th>Trace</th>
</tr>
</thead>
<tbody>
';
$exceptions = db_query_fetch_all('
SELECT
e.id,
e.message,
e.added,
e.added_by,
e.trace,
INET_NTOA(e.user_ip) AS user_ip,
u.team_name
FROM exceptions AS e
LEFT JOIN users AS u ON u.id = e.added_by
WHERE e.added_by = :user_id
ORDER BY e.id DESC
' . ($limit ? 'LIMIT ' . $limit : ''), array('user_id' => $user_id));
foreach ($exceptions as $exception) {
echo '
<tr>
<td>', htmlspecialchars($exception['message']), '</td>
<td>', date_time($exception['added']), '</td>
<td><a href="', CONFIG_SITE_ADMIN_URL, 'list_ip_log.php?ip=', htmlspecialchars($exception['user_ip']), '">', htmlspecialchars($exception['user_ip']), '</a></td>
<td>', htmlspecialchars($exception['trace']), '</td>
</tr>
';
}
echo '
</tbody>
</table>
';
}
<!--#####################################################################
#
# File : DELETE IMAGE
# Project : Game Magazine Project
# Author : Béo Sagittarius
# Created : 07/01/2015
#
##################################################################### -->
<?php
include '../includes/functions.php';
include '../includes/backend/header-admin.php';
include '../includes/backend/mysqli_connect.php';
$iid = validate_id($_GET['iid']);
// Neu muon delete page
$result = delete_images($iid);
if (mysqli_affected_rows($dbc) == 1) {
echo "\n\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\talert('{$lang['AD_DEL_SUCCESS']}');\n window.location = 'list_images.php';\n\t\t\t\t</script>\n\t\t\t";
} else {
echo "\n\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\talert('{$lang['AD_DEL_FAIL']}');\n window.location = 'list_images.php';\n\t\t\t\t</script>\n\t\t\t";
}
<?php
include '../includes/backend/mysqli_connect.php';
include '../includes/functions.php';
include '../includes/errors.php';
if ($gid = validate_id($_GET['gid'])) {
$set = get_news_by_id($gid);
$games = array();
if (mysqli_num_rows($set) > 0) {
$games = mysqli_fetch_array($set, MYSQLI_ASSOC);
} else {
redirect_to('admin/list_games.php');
}
} else {
redirect_to('admin/list_games.php');
}
$title_page = $games['type_name'];
include '../includes/backend/header-admin.php';
?>
<div class="content-wrapper">
<div class="container">
<div class="row">
<div class="col-md-11" style="margin-left: 4.1%">
<div class="panel panel-default">
<div class="panel-heading">
<h2 style="text-align: center"><?php
echo $games['title'];
?>
</h2>
<h4 style="text-align: center" ><a href="index.php"><?php
$data = $data[0];
$this_birthdate = $data['birthday'];
$id_player = $data['id'];
if ($this_birthdate != "" && $this_birthdate != $birthdate) {
writelog($logFile, "warning", "\t{$full_name_corr} ({$id_player}) a des birthday differents (table: {$this_birthdate}, capgeek: {$birthdate}) (2)");
insert_or_update_corr_values($INSERTFILE, $id_player, $playerName, $birthdate);
}
} else {
writelog($logFile, "warning", "\t{$playerName} est plus d'une fois dans la table nhl_players, mais les birthday ne fitte pas ({$birthdate})...");
continue;
}
if ($id_player == "") {
writelog($logFile, "info", "Joueur {$playerName}: pas dans la table nhl_players (2)");
continue;
}
$data = validate_id($id_player, 'id_waronice');
$this_id_waronice = $data['id_waronice'];
if ($id_war_on_ice != $this_id_waronice) {
writelog($logFile, "info", "\tJoueur {$playerName} ({$id_player}) : id_waronice différent (2)");
$q = "update nhl_players set id_waronice={$id_war_on_ice} where id = {$id_player} and date_expiration = '2099-12-31';";
insert_query_in_file($INSERTFILE, $q);
}
// ajout/update dans la table de corr.
insert_or_update_corr_values($INSERTFILE, $id_player, $playerName, $birthdate);
} else {
// on a trouvé le joueur
$data = $data[0];
$id_player = $data['id'];
$this_id_waronice = $data['id_waronice'];
if ($this_id_waronice != $id_war_on_ice) {
writelog($logFile, "info", "\t Joueur {$playerName} ({$id_player}): id_waronice différent");
function user_ip_log($user_id)
{
validate_id($user_id);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>IP</th>
<th>Hostname</th>
<th>First used</th>
<th>Last used</th>
<th>Times used</th>
</tr>
</thead>
<tbody>
';
$entries = db_select_all('ip_log', array('INET_NTOA(ip) AS ip', 'added', 'last_used', 'times_used'), array('user_id' => $_GET['id']));
foreach ($entries as $entry) {
echo '
<tr>
<td><a href="list_ip_log.php?ip=', htmlspecialchars($entry['ip']), '">', htmlspecialchars($entry['ip']), '</a></td>
<td>', CONFIG_GET_IP_HOST_BY_ADDRESS ? gethostbyaddr($entry['ip']) : '<i>Lookup disabled in config</i>', '</td>
<td>', date_time($entry['added']), '</td>
<td>', date_time($entry['last_used']), '</td>
<td>', number_format($entry['times_used']), '</td>
</tr>
';
}
echo '
</tbody>
</table>
';
}
if ($_GET['status'] == 'correct') {
message_dialog('Congratulations! You got the flag!', 'Correct flag', 'Yay!', 'challenge-attempt correct on-page-load');
} else {
if ($_GET['status'] == 'incorrect') {
message_dialog('Sorry! That wasn\'t correct', 'Incorrect flag', 'Ok', 'challenge-attempt incorrect on-page-load');
} else {
if ($_GET['status'] == 'manual') {
message_inline_blue('<h1>Your submission is awaiting manual marking.</h1>', false);
}
}
}
}
$categories = db_select_all('categories', array('id', 'title', 'description', 'available_from', 'available_until'), array('exposed' => 1), 'title ASC');
// determine which category to display
if (isset($_GET['category'])) {
validate_id($_GET['category']);
$current_category = array_search_matching_key($_GET['category'], $categories, 'id');
if (!$current_category) {
message_error(lang_get('no_category_for_id'), false);
}
} else {
// if no category is selected, display
// the first available category
foreach ($categories as $cat) {
if ($time > $cat['available_from'] && $time < $cat['available_until']) {
$current_category = $cat;
break;
}
}
// if no category has been made available
// we'll just set it to the first one
<!--#####################################################################
#
# File : CHANGE STATUS VIDEO
# Project : Game Magazine Project
# Author : Béo Sagittarius
# Created : 07/01/2015
#
##################################################################### -->
<?php
include '../includes/functions.php';
include '../includes/backend/mysqli_connect.php';
if (isset($_GET)) {
$iid = validate_id($_GET['iid']);
$stt = validate_id($_GET['stt']);
// Change status
$result = change_status_image($iid, $stt);
if (mysqli_affected_rows($dbc) == 1) {
redirect_to('admin/list_images.php');
} else {
redirect_to('admin/list_images.php');
}
}
<!--#####################################################################
#
# File : EDIT VIDEO
# Project : Game Magazine Project
# Author : Béo Sagittarius
# Created : 07/01/2015
#
##################################################################### -->
<?php
include '../includes/backend/mysqli_connect.php';
include '../includes/functions.php';
include '../includes/errors.php';
$title_page = 'Edit Video';
if ($vid = validate_id($_GET['vid'])) {
$result = get_video_item($vid);
if (mysqli_num_rows($result) == 1) {
$videos = mysqli_fetch_array($result, MYSQLI_ASSOC);
} else {
redirect_to('admin/list_videos.php');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();
//validate title
if (empty($_POST['title'])) {
$errors[] = "title";
} else {
$title = mysqli_real_escape_string($dbc, strip_tags($_POST['title']));
}
//validate description
if (empty($_POST['description'])) {
$errors[] = 'description';
<!--#####################################################################
#
# File : DELETE NEWS
# Project : Game Magazine Project
# Author : Béo Sagittarius
# Created : 07/01/2015
#
##################################################################### -->
<?php
include '../includes/functions.php';
include '../includes/backend/header-admin.php';
include '../includes/backend/mysqli_connect.php';
$nid = validate_id($_GET['nid']);
// Neu muon delete page
$result = delete_news_games($nid);
if (mysqli_affected_rows($dbc) == 1) {
echo "\n\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\talert('{$lang['AD_DEL_SUCCESS']}');\n window.location = 'list_news.php';\n\t\t\t\t</script>\n\t\t\t";
} else {
echo "\n\t\t\t\t<script type='text/javascript'>\n\t\t\t\t\tert('{$lang['AD_DEL_FAIL']}');\n window.location = 'list_news.php';\n\t\t\t\t</script>\n\t\t\t";
}
$data = $data[0];
$this_birthdate = $data['birthday'];
$id_player = $data['id'];
if ($this_birthdate != "" && $this_birthdate != $birthdate) {
writelog($logFile, "warning", "\t{$full_name_corr} ({$id_player}) a des birthday differents (table: {$this_birthdate}, rotoworld: {$birthdate}) (2)");
insert_or_update_corr_values($INSERTFILE, $id_player, $playerName, $birthdate);
}
} else {
writelog($logFile, "warning", "\t{$playerName} est plus d'une fois dans la table nhl_players, mais les birthday ne fitte pas ({$birthdate})...");
continue;
}
if ($id_player == "") {
writelog($logFile, "info", "Joueur {$playerName}: pas dans la table nhl_players (2)");
continue;
}
$data = validate_id($id_player, 'id_rotoworld');
$this_id_rotoworld = $data['id_rotoworld'];
if ($id_rotoworld != $this_id_rotoworld) {
writelog($logFile, "info", "\tJoueur {$playerName} ({$id_player}) : id_rotoworld différent (2)");
$q = "update nhl_players set id_rotoworld={$id_rotoworld} where id = {$id_player} and date_expiration = '2099-12-31';";
insert_query_in_file($INSERTFILE, $q);
}
// ajout/update dans la table de corr.
insert_or_update_corr_values($INSERTFILE, $id_player, $playerName, $birthdate);
} else {
// on a trouvé le joueur
$data = $data[0];
$id_player = $data['id'];
$this_id_rotoworld = $data['id_rotoworld'];
if ($this_id_rotoworld != $id_rotoworld) {
writelog($logFile, "info", "\t Joueur {$playerName} ({$id_player}): id_rotoworld différent");
<?php
include 'includes/mysqli_connect.php';
include 'includes/functions.php';
if ($pid = validate_id($_GET['pid'])) {
// neu ton tai bien pid thi tiep tuc truy van csdl
$set = get_page_by_id($pid);
$posts = array();
if (mysqli_num_rows($set) > 0) {
$pages = mysqli_fetch_array($set, MYSQLI_ASSOC);
$title = $pages['page_name'];
$posts[] = array('page_name' => $pages['page_name'], 'content' => $pages['content'], 'author' => $pages['name'], 'post-on' => $pages['date'], 'aid' => $pages['user_id']);
}
} else {
redirest_to();
}
include 'includes/header.php';
include 'includes/sidebar-a.php';
?>
<div id="content">
<?php
foreach ($posts as $post) {
echo "\n <div class='post'>\n <h2>" . $post['page_name'] . "</h2>\n <p>" . the_content($post['content']) . "</p>\n <p class='meta'><strong>Posted by: </strong><a href='author.php?aid={$post['aid']}'>" . $post['author'] . "</a> | <strong>On: </strong>" . $post['post-on'] . "</p>\n\n </div>\n ";
}
?>
<?php
include 'includes/comment_form.php';
?>
</div><!--end content-->
<?php
include 'includes/sidebar-b.php';
<?php
include '../includes/backend/mysqli_connect.php';
include '../includes/functions.php';
include '../includes/errors.php';
if ($nid = validate_id($_GET['uid'])) {
$set = get_user_by_id_list($nid);
$user = array();
if (mysqli_num_rows($set) > 0) {
$user = mysqli_fetch_array($set, MYSQLI_ASSOC);
} else {
redirect_to('admin/list_user.php');
}
} else {
redirect_to('admin/list_user.php');
}
include '../includes/backend/header-admin.php';
?>
<div class="content-wrapper">
<div class="container">
<div class="row">
<div class="col-md-11" style="margin-left: 4.1%">
<div class="panel panel-default">
<div class="panel-heading">
<h2 style="text-align: center"><?php
echo $user['first_name'] . " " . $user['last_name'];
?>
</h2>
<h4 style="text-align: center" ><a href="index.php"><?php
echo $lang['ADD_USER_LINK_HOME'];
} elseif ($pos == "") {
$q = "update nhl_players set pos='{$this_pos}' where id = {$id_player} and date_expiration = '2099-12-31';";
insert_query_in_file($INSERTFILE, $q);
}
break;
}
}
} else {
// on a le id du joueur, car il se retrouvait dans la table de correspondance. On valide le id_forecaster et son équipe...
/*
$query = "select team,id_forecaster from nhl_players
where id = $id_player
and date_expiration = '2099-12-31'";
$data = DB::dbSelect($query);
*/
$data = validate_id($id_player, "team,id_forecaster");
$id_team = $data['team'];
$id_forecaster = $data['id_forecaster'];
// si l'équipe n'est pas la même, c'est que le joueur a peut-être été échangé...
if ($my_id_team != "") {
if ($id_team != $my_id_team) {
$query = "select abbr from teams where id = {$id_team}";
$data = DB::dbSelect($query);
$data = $data[0];
$abbr = $data['abbr'];
writelog($logFile, "warning", "Joueur {$full_name_corr} : échangé (2) de {$abbr} à {$team}... Continue (y|n)");
$rep = "y";
if ($rep == "y") {
$query = "UPDATE nhl_players SET date_expiration='{$today}'\n WHERE id = {$id_player}\n and date_expiration = '2099-12-31'";
DB::dbUpdate($query);
$query = "create temporary table if not exists nhl_players_temp like nhl_players";
<!--#####################################################################
#
# File : EDIT TAG
# Project : Game Magazine Project
# Author : Béo Sagittarius
# Created : 07/01/2015
#
##################################################################### -->
<?php
include '../includes/backend/mysqli_connect.php';
include '../includes/functions.php';
$title_page = 'Edit Game';
if ($tid = validate_id($_GET['tid'])) {
$result = get_tag_item($tid);
if (mysqli_num_rows($result) == 1) {
$tag = mysqli_fetch_array($result, MYSQLI_ASSOC);
} else {
redirect_to('admin/list_tag.php');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();
// validate tag
if (empty($_POST['tag'])) {
$errors[] = "tag";
} else {
$tag = mysqli_real_escape_string($dbc, strip_tags($_POST['tag']));
}
if (empty($errors)) {
$result = edit_tag($tid, $tag);
if (mysqli_affected_rows($dbc) == 1) {
echo "<script type='text/javascript'>\n alert('{$lang['AD_EDIT_GAME_SUCCESS']}');\n window.location = 'list_tag.php';\n </script>\n ";
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_USER, true);
$time = time();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_xsrf_token($_POST[CONST_XSRF_TOKEN_KEY]);
if (CONFIG_RECAPTCHA_ENABLE_PRIVATE) {
validate_captcha();
}
if ($_POST['action'] == 'submit_flag') {
validate_id($_POST['challenge']);
if (empty($_POST['flag'])) {
message_error('Did you really mean to submit an empty flag?');
}
$submissions = db_select_all('submissions', array('correct', 'added'), array('user_id' => $_SESSION['id'], 'challenge' => $_POST['challenge']));
// make sure user isn't "accidentally" submitting a correct flag twice
$latest_submission_attempt = 0;
$num_attempts = 0;
foreach ($submissions as $submission) {
$latest_submission_attempt = max($submission['added'], $latest_submission_attempt);
if ($submission['correct']) {
message_error('You may only submit a correct flag once.');
}
$num_attempts++;
}
// get challenge information
$challenge = db_select_one('challenges', array('flag', 'category', 'case_insensitive', 'automark', 'available_from', 'available_until', 'num_attempts_allowed', 'min_seconds_between_submissions'), array('id' => $_POST['challenge']));
$seconds_since_submission = $time - $latest_submission_attempt;
if ($seconds_since_submission < $challenge['min_seconds_between_submissions']) {
message_generic('Sorry', 'You may not submit another solution for this challenge for another ' . seconds_to_pretty_time($challenge['min_seconds_between_submissions'] - $seconds_since_submission));
function print_user_ip_log($user_id, $limit = 0)
{
validate_id($user_id);
section_subhead('IP address usage', ($limit ? 'Limited to ' . $limit . ' results ' : '') . button_link('Show all for user', 'list_ip_log?user_id=' . htmlspecialchars($user_id)), false);
echo '
<table id="files" class="table table-striped table-hover">
<thead>
<tr>
<th>IP</th>
<th>Hostname</th>
<th>First used</th>
<th>Last used</th>
<th>Times used</th>
</tr>
</thead>
<tbody>
';
$entries = db_query_fetch_all('
SELECT
INET_NTOA(ip) AS ip,
added,
last_used,
times_used
FROM ip_log
WHERE user_id = :user_id
ORDER BY last_used DESC
' . ($limit ? 'LIMIT ' . $limit : ''), array('user_id' => $user_id));
foreach ($entries as $entry) {
echo '
<tr>
<td><a href="', CONFIG_SITE_ADMIN_URL, 'list_ip_log.php?ip=', htmlspecialchars($entry['ip']), '">', htmlspecialchars($entry['ip']), '</a></td>
<td>', CONFIG_GET_IP_HOST_BY_ADDRESS ? gethostbyaddr($entry['ip']) : '<i>Lookup disabled in config</i>', '</td>
<td>', date_time($entry['added']), '</td>
<td>', date_time($entry['last_used']), '</td>
<td>', number_format($entry['times_used']), '</td>
</tr>
';
}
echo '
</tbody>
</table>
';
}
function log_user_ip($user_id)
{
validate_id($user_id);
$now = time();
$ip = get_ip(true);
$entry = db_select_one('ip_log', array('id', 'times_used'), array('user_id' => $user_id, 'ip' => $ip));
// if the user has logged in with this IP previously
if ($entry['id']) {
db_query_fetch_none('
UPDATE ip_log SET
last_used=UNIX_TIMESTAMP(),
ip=:ip,
times_used=times_used+1
WHERE id=:id', array('ip' => $ip, 'id' => $entry['id']));
} else {
db_insert('ip_log', array('added' => $now, 'last_used' => $now, 'user_id' => $user_id, 'ip' => $ip));
}
}
<?php
require '../include/mellivora.inc.php';
validate_id(array_get($_GET, 'id'));
head(lang_get('user_details'));
if (cache_start(CONST_CACHE_NAME_USER . $_GET['id'], CONFIG_CACHE_TIME_USER)) {
$user = db_query_fetch_one('
SELECT
u.team_name,
u.competing,
co.country_name,
co.country_code
FROM users AS u
LEFT JOIN countries AS co ON co.id = u.country_id
WHERE
u.id = :user_id', array('user_id' => $_GET['id']));
if (empty($user)) {
message_generic(lang_get('sorry'), lang_get('no_user_found'), false);
}
section_head(htmlspecialchars($user['team_name']), country_flag_link($user['country_name'], $user['country_code'], true), false);
if (!$user['competing']) {
message_inline_blue(lang_get('non_competing_user'));
}
$challenges = db_query_fetch_all('
SELECT
ca.title,
(SELECT SUM(ch.points) FROM challenges AS ch JOIN submissions AS s ON s.challenge = ch.id AND s.user_id = :user_id AND s.correct = 1 WHERE ch.category = ca.id GROUP BY ch.category) AS points,
(SELECT SUM(ch.points) FROM challenges AS ch WHERE ch.category = ca.id GROUP BY ch.category) AS category_total
FROM categories AS ca
WHERE
ca.available_from < UNIX_TIMESTAMP() AND
<?php
require '../../include/ctf.inc.php';
enforce_authentication(CONST_USER_CLASS_MODERATOR);
validate_id($_GET['id']);
$challenge = db_select_one('challenges', array('*'), array('id' => $_GET['id']));
head('Site management');
menu_management();
section_subhead('Edit challenge: ' . $challenge['title']);
form_start(CONFIG_SITE_ADMIN_RELPATH . 'actions/edit_challenge');
form_input_text('Title', $challenge['title']);
form_textarea('Description', $challenge['description']);
form_textarea('Flag', $challenge['flag']);
form_input_checkbox('Automark', $challenge['automark']);
form_input_checkbox('Case insensitive', $challenge['case_insensitive']);
form_input_text('Points', $challenge['points']);
form_input_text('Num attempts allowed', $challenge['num_attempts_allowed']);
form_input_text('Min seconds between submissions', $challenge['min_seconds_between_submissions']);
$opts = db_query_fetch_all('SELECT * FROM categories ORDER BY title');
form_select($opts, 'Category', 'id', $challenge['category'], 'title');
$opts = db_query_fetch_all('
SELECT
ch.id,
ch.title,
ca.title AS category
FROM challenges AS ch
LEFT JOIN categories AS ca ON ca.id = ch.category
ORDER BY ca.title, ch.title');
array_unshift($opts, array('id' => 0, 'title' => '-- User must solve selected challenge before revealing this one --'));
form_select($opts, 'Relies on', 'id', $challenge['relies_on'], 'title', 'category');
form_input_checkbox('Exposed', $challenge['exposed']);
<?php
// ini_set('display_errors', 'on');
require_once 'classes/connection.php';
include 'classes/validate_id.php';
include 'classes/events.php';
$connection = db_connect();
$eventID = $_GET['id'];
validate_id($eventID);
$eventinfo = event::get_event($connection, $eventID);
echo $eventinfo->name;
echo "<br>";
echo $eventinfo->date;
echo "<hr>";
$event = new event($eventID);
$showmembers = $event->show_members($connection, $eventID);
foreach ($showmembers as $showmember) {
echo $showmember['name'];
echo "<br>";
}
echo '<a href="add.php?id=' . $eventID . '">Schrijf in</a>';
<?php
require '../../../include/mellivora.inc.php';
enforce_authentication(CONFIG_UC_MODERATOR);
validateAuthority(3, $_GET['id']);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
validate_id($_POST['id']);
validate_xsrf_token($_POST['xsrf_token']);
if ($_POST['action'] == 'delete') {
db_delete('submissions', array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
} else {
if ($_POST['action'] == 'mark_incorrect') {
db_update('submissions', array('correct' => 0, 'marked' => 1), array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
} else {
if ($_POST['action'] == 'mark_correct') {
db_update('submissions', array('correct' => 1, 'marked' => 1), array('id' => $_POST['id']));
redirect(CONFIG_SITE_ADMIN_RELPATH . 'list_submissions.php?generic_success=1');
}
}
}
}
if ($id_nhl != $this_id_nhl) {
writelog($logFile, "info", "Joueur {$full_name_corr} ({$id_player}): id_nhl différent. Update en cours...");
$q = "update nhl_players set id_nhl={$this_id_nhl} where id = {$id_player} and date_expiration = '2099-12-31';";
insert_query_in_file($INSERTFILE, $q);
}
# ajout/update dans la table de corr, si nécessaire
insert_or_update_corr_values($INSERTFILE, $id_player, $full_name_corr, $this_birthday);
} elseif (count($data) > 1) {
// il se peut qu'il y ait plus d'un joueur avec le même nom...
// traitement à faire...
} else {
// on a le id du joueur, car il se retrouvait dans la table de correspondance. On valide le id_nhl...
if ($DEBUG) {
writelog($logFile, "info", "\t{$full_name_corr} ({$this_team}): trouve ds la table nhl_players_corr...");
}
$data = validate_id($id_player, "id_nhl");
$id_nhl_from_table = $data['id_nhl'];
if ($id_nhl_from_table != $this_id_nhl) {
writelog($logFile, "info", "Joueur {$full_name_corr} ({$this_team}) (id: {$id_player}): id_nhl différent. Update en cours...");
$q = "update nhl_players set id_nhl={$this_id_nhl} where id = {$id_player} and date_expiration = '2099-12-31';";
insert_query_in_file($INSERTFILE, $q);
} elseif ($DEBUG) {
writelog($logFile, "info", "\t... id_nhl identique.");
}
}
//break;
}
// déterminer s'il y a d'autres pages web pour la même lettre...
if (preg_match("/ice\\/playersearch.*pg=/", $line) != 0 && $traite_joueurs_page) {
$old_no_pageweb = $no_pageweb;
$str = explode(" ", $line);
