$result = mysql_query("select 1 from mm_events where method_name = \"" . quote_smart($_REQUEST["deletemethodname"]) . "\"", $dbhandle);
    if (mysql_num_rows($result) > 0) {
        error_message("There are still events using this method.");
    }
    // check if no command is using this method
    $result = mysql_query("select 1 from mm_commands where method_name = \"" . quote_smart($_REQUEST["deletemethodname"]) . "\"", $dbhandle);
    if (mysql_num_rows($result) > 0) {
        error_message("There are still commands using this method.");
    }
    // make it so
    $query = "delete from mm_methods where name = \"" . quote_smart($_REQUEST["deletemethodname"]) . "\" and (owner is null or owner = \"" . quote_smart($_COOKIE["karchanadminname"]) . "\")";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    if (mysql_affected_rows() != 1) {
        error_message("Method does not exist or not proper owner.");
    }
    writeLogLong($dbhandle, "Removed method " . $_REQUEST["deletemethodname"] . ".", $query);
}
if (isset($_REQUEST["methodname"])) {
    $result = mysql_query("select *, \n        replace(replace(replace(src, \"&\", \"&amp;\"), \">\",\"&gt;\"), \"<\", \"&lt;\") \n        as src2, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n\tfrom mm_methods where name like \"" . quote_smart($_REQUEST["methodname"]) . "%\"", $dbhandle) or error_message("Query failed : " . mysql_error());
} else {
    if (isset($_REQUEST["methodstartswith"])) {
        $result = mysql_query("select *, \n        replace(replace(replace(src, \"&\", \"&amp;\"), \">\",\"&gt;\"), \"<\", \"&lt;\") \n        as src2, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n\tfrom mm_methods where name like \"" . quote_smart($_REQUEST["methodstartswith"]) . "%\"", $dbhandle) or error_message("Query failed : " . mysql_error());
    } else {
        $result = mysql_query("select *, \n\treplace(replace(replace(src, \"&\", \"&amp;\"), \">\",\"&gt;\"), \"<\", \"&lt;\") \n\tas src2, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n  \tfrom mm_methods where name = \"completebogyd\"", $dbhandle) or error_message("Query failed : " . mysql_error());
    }
}
while ($myrow = mysql_fetch_array($result)) {
    printf("<b>name:</b> <A\nHREF=\"/scripts/admin_methods.php?methodname=%s\">%s</A> ", $myrow["name"], $myrow["name"]);
    printf("<b>owner:</b> %s ", $myrow["owner"]);
    printf("<b>creation:</b> %s<BR>", $myrow["creation2"]);
    if ($_REQUEST["methodname"] == $myrow["name"]) {
is to take place:

changing area:
- the area must exist
- is the administrator the owner of the area
*/
printf("<H2>Areas</H2>");
if (isset($_REQUEST["area"])) {
    // check that area exists
    $result = mysql_query("select area from mm_area where area=\"" . quote_smart($_REQUEST["area"]) . "\"", $dbhandle) or error_message("Query(2) failed : " . mysql_error());
    if (mysql_num_rows($result) == 0) {
        error_message("Area does not exist.");
    }
    $query = "update mm_area " . "set description = '" . quote_smart($_REQUEST["description"]) . "', shortdesc = '" . quote_smart($_REQUEST["shortdesc"]) . "', owner = '" . quote_smart($_COOKIE["karchanadminname"]) . "' where (owner is null or owner = \"\" or owner = '" . quote_smart($_COOKIE["karchanadminname"]) . "') and area = '" . quote_smart($_REQUEST["area"]) . "'";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    writeLogLong($dbhandle, "Changed area " . $_REQUEST["area"] . ".", $query);
}
$result = mysql_query("select area, description, shortdesc, owner, \n\tdate_format(creation, \"%Y-%m-%d %T\") as creation2\n\tfrom mm_area order by area", $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    if ($myrow["owner"] == null || $myrow["owner"] == "" || $myrow["owner"] == $_COOKIE["karchanadminname"]) {
        ?>
<FORM METHOD="GET" ACTION="/scripts/admin_areas.php">
<TABLE>
<TR><TD><B>Area:</b></TD><TD> <?php 
        echo $myrow["area"];
        ?>
</TD></TR>
<INPUT TYPE="hidden" NAME="area" VALUE="<?php 
        echo $myrow["area"];
        ?>
">
function mudnewchar($name, $password, $password2, $title, $realname, $email, $race, $sex, $age, $length, $width, $complexion, $eyes, $face, $hair, $beard, $arms, $legs)
{
    _karchan_log("mudnewchar " . $name);
    $dbhandle = mmud_connect();
    // check for offline mud
    if (file_exists("/home/karchan/offline.txt")) {
        $_SESSION["karchan_errormsg"] = "Karchan offline.";
        return;
    }
    // aName must match [A-Z|_|a-z]{3,}
    if (preg_match("/([A-Z]|_|[a-z]){3,}/", $name) == 0) {
        $_SESSION["karchan_errormsg"] = "Karchan new username wrong.";
        return;
    }
    // aPassword must length > 5
    if (strlen($password) < 5) {
        $_SESSION["karchan_errormsg"] = "Karchan new password must be at least 5 characters long.";
        return;
    }
    // apassword must be the same as the second entered password
    if ($password != $password2) {
        $_SESSION["karchan_errormsg"] = "Karchan passwords are not identical.";
        return;
    }
    //  is sqlGetBan1String > 0 => user banned
    $banned = false;
    $result = mysql_query("select count(name) as count from mm_sillynamestable \n\t\twhere '" . quote_smart($name) . "' like name", $dbhandle);
    $myrow = mysql_fetch_array($result);
    if ($myrow["count"] != "0") {
        $banned = true;
    }
    //	sqlGetBan2String > 0 => user not banned
    $result = mysql_query("select count(name) as count from mm_unbantable \n\twhere name = '" . quote_smart($name) . "'", $dbhandle);
    $myrow = mysql_fetch_array($result);
    if ($myrow["count"] != "0") {
        $banned = false;
    } else {
        //	sqlGetBan4String > 0 => user banned
        $result = mysql_query("select count(address) as count from mm_bantable \n\t\twhere '" . quote_smart(gethostbyaddr($_SERVER['REMOTE_ADDR'])) . "' like address or \n\t\t'" . quote_smart($_SERVER['REMOTE_ADDR']) . "' like address", $dbhandle);
        $myrow = mysql_fetch_array($result);
        if ($myrow["count"] != "0") {
            $banned = true;
        }
        //	sqlGetBan3String > 0 => user banned
        $result = mysql_query("select count(*) as count from mm_bannednamestable \n\t\twhere name = '" . quote_smart($name) . "'", $dbhandle);
        $myrow = mysql_fetch_array($result);
        if ($myrow["count"] != "0") {
            $banned = true;
        }
    }
    if ($banned) {
        $_SESSION["karchan_errormsg"] = "You have been banned.";
        return;
    }
    // user must NOT exist in mm_usertable
    $result = mysql_query("select mm_usertable.name from mm_usertable\n\t\twhere mm_usertable.name = '" . quote_smart($name) . "'", $dbhandle);
    if (mysql_num_rows($result) != 0) {
        $_SESSION["karchan_errormsg"] = "Character already exists.";
        return;
    }
    // make that change.
    $query = "insert into mm_usertable " . "(name, address, password, title, realname, email, race, sex, age, \n\t\tlength, width, complexion, eyes, face, hair, beard, arm, leg, lok, \n\t\tactive, lastlogin, birth) " . "values(\"" . quote_smart($name) . "\", \"" . quote_smart($_SERVER['REMOTE_ADDR']) . "\", sha1(\"" . quote_smart($password) . "\"), \"" . quote_smart($title) . "\", \"" . quote_smart($realname) . "\", \"" . quote_smart($email) . "\", \"" . quote_smart($race) . "\", \"" . quote_smart($sex) . "\", \"" . quote_smart($age) . "\", \"" . quote_smart($length) . "\", \"" . quote_smart($width) . "\", \"" . quote_smart($complexion) . "\", \"" . quote_smart($eyes) . "\", \"" . quote_smart($face) . "\", \"" . quote_smart($hair) . "\", \"" . quote_smart($beard) . "\", \"" . quote_smart($arms) . "\", \"" . quote_smart($legs) . "\", null, 0, now(), now())";
    if (!mysql_query($query, $dbhandle)) {
        writeLogLong($dbhandle, "Error creating new user " . $name . " from " . $_SERVER['REMOTE_ADDR'] . ".", $query . mysql_error());
        $_SESSION["karchan_errormsg"] = "An error occurred creating the character.";
    } else {
        writeLogLong($dbhandle, "Created new user " . $name . " from " . $_SERVER['REMOTE_ADDR'] . ".", $query);
        $_SESSION["karchan_errormsg"] = "Ok.";
    }
    mysql_close($dbhandle);
}
<IMG SRC="/images/gif/dragon.gif">Public/Private Help</H1>
<A HREF="/karchan/admin/help/help.html" target="_blank">
<IMG SRC="/images/icons/9pt4a.gif" BORDER="0"></A><P>
<?php 
include $_SERVER['DOCUMENT_ROOT'] . "/scripts/admin_authorize.php";
if (isset($_REQUEST["newcommand"])) {
    // make that change.
    $query = "insert into mm_help (command, contents) values(\"" . quote_smart($_REQUEST["newcommand"]) . "\",\"<H1></H1>\n<DL>\n<DT><B>NAME</B>\n<DD><B></B>- formatted output<P>\n<DT><B>SYNOPSIS</B>\n<DD><B></B>[<B>to</B> <person>]<P>\n<DT><B>DESCRIPTION</B>\n<DD><B></B><P>\n<DT><B>EXAMPLES</B>\n<DD>\n\\\"\\\"<P>\nYou: <TT></TT><BR>\nAnybody: <TT></tt><P>\n\\\"\\\"<P>\nYou: <TT></TT><BR>\nMarvin: <TT></TT><BR>\nAnybody: <TT></TT><P>\n<DT><B>SEE ALSO</B>\n<DD><P>\n</DL>\")";
    mysql_query($query, $dbhandle) or error_message("Query(8) failed : " . mysql_error());
    writeLogLong($dbhandle, "Created new help on command " . $_REQUEST["newcommand"] . ".", $query);
}
if (isset($_REQUEST["command"]) && isset($_REQUEST["contents"])) {
    // make that change.
    $query = "update mm_help set contents=\"" . quote_smart($_REQUEST["contents"]) . "\", synopsis=\"" . quote_smart($_REQUEST["synopsis"]) . "\", seealso=\"" . quote_smart($_REQUEST["seealso"]) . "\", example1=\"" . quote_smart($_REQUEST["example1"]) . "\", example1a=\"" . quote_smart($_REQUEST["example1a"]) . "\", example1b=\"" . quote_smart($_REQUEST["example1b"]) . "\", example2=\"" . quote_smart($_REQUEST["example2"]) . "\", example2a=\"" . quote_smart($_REQUEST["example2a"]) . "\", example2b=\"" . quote_smart($_REQUEST["example2b"]) . "\", example2c=\"" . quote_smart($_REQUEST["example2c"]) . "\" where command = \"" . quote_smart($_REQUEST["command"]) . "\"";
    mysql_query($query, $dbhandle) or error_message("Query(8) failed : " . mysql_error());
    writeLogLong($dbhandle, "Changed help on command " . $_REQUEST["command"] . ".", $query);
}
$result = mysql_query("select * from mm_help order by\ncommand", $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    printf("<BR><b>command:</b> <A\nHREF=\"/scripts/admin_helptext.php?command=%s\">%s</A> ", $myrow["command"], $myrow["command"]);
    if (isset($_REQUEST["command"]) && $_REQUEST["command"] == $myrow["command"]) {
        ?>
<b>contents:</b><BR> <?php 
        echo $myrow["contents"];
        ?>
<FORM METHOD="GET" ACTION="/scripts/admin_helptext.php">
<b>
<INPUT TYPE="hidden" NAME="command" VALUE="<?php 
        echo $myrow["command"];
        ?>
">
<?php 
    die;
}
?>
<H1>
<IMG SRC="/images/gif/dragon.gif">
<?php 
echo $_REQUEST["name"];
?>
 - A New Character</H1>
<?php 
if (isset($_REQUEST["name"])) {
    // make that change.
    $query = "insert into mm_usertable " . "(name, address, password, title, realname, email, race, sex, age, \n\t\tlength, width, complexion, eyes, face, hair, beard, arm, leg, lok, \n\t\tactive, lastlogin, birth) " . "values(\"" . quote_smart($_REQUEST["name"]) . "\", \"" . quote_smart($_SERVER['REMOTE_ADDR']) . "\", sha1(\"" . quote_smart($_REQUEST["password"]) . "\"), \"" . quote_smart($_REQUEST["title"]) . "\", \"" . quote_smart($_REQUEST["realname"]) . "\", \"" . quote_smart($_REQUEST["email"]) . "\", \"" . quote_smart($_REQUEST["race"]) . "\", \"" . quote_smart($_REQUEST["sex"]) . "\", \"" . quote_smart($_REQUEST["age"]) . "\", \"" . quote_smart($_REQUEST["length"]) . "\", \"" . quote_smart($_REQUEST["width"]) . "\", \"" . quote_smart($_REQUEST["complexion"]) . "\", \"" . quote_smart($_REQUEST["eyes"]) . "\", \"" . quote_smart($_REQUEST["face"]) . "\", \"" . quote_smart($_REQUEST["hair"]) . "\", \"" . quote_smart($_REQUEST["beard"]) . "\", \"" . quote_smart($_REQUEST["arms"]) . "\", \"" . quote_smart($_REQUEST["legs"]) . "\", null, 0, now(), now())";
    mysql_query($query, $dbhandle) or error_idmessage(6, "Query(8) failed : " . mysql_error());
    writeLogLong($dbhandle, "Created new user " . $_REQUEST["name"] . " from " . $_SERVER['REMOTE_ADDR'] . ".", $query);
}
mysql_close($dbhandle);
?>

The new character has been created. Click on the link <I>Back</I> below 
to return to the logon screen. In the logon screen fill out the name
and the password of the newly created character.
<p>
<a HREF="/karchan/index.html">
<img SRC="/images/gif/webpic/buttono.gif"  
BORDER="0"></a><p>

</BODY>
</HTML>
    // check if everything is in proper format
    if (!is_numeric($_REQUEST["deleteitemdef"])) {
        error_message("Expected item definition id to be an integer, and it wasn't.");
    }
    // check if no item instances are derived from this item definition
    $result = mysql_query("select 1 from mm_itemtable where itemid = " . quote_smart($_REQUEST["deleteitemdef"]), $dbhandle);
    if (mysql_num_rows($result) > 0) {
        error_message("There are still item instances using this item definition.");
    }
    // make it so
    $query = "delete from mm_items where id = " . quote_smart($_REQUEST["deleteitemdef"]) . " and (owner is null or owner = \"" . quote_smart($_COOKIE["karchanadminname"]) . "\")";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    if (mysql_affected_rows() != 1) {
        error_message("Item definition does not exist or not proper owner.");
    }
    writeLogLong($dbhandle, "Removed item definition " . $_REQUEST["deleteitemdef"] . ".", $query);
}
$result = mysql_query("select *,date_format(creation, \"%Y-%m-%d %T\") as\n\tcreation2 from mm_items where id = " . quote_smart($_REQUEST["item"]), $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    printf("<b>id:</b> %s<BR>", $myrow["id"]);
    printf("<b>name:</b> %s<BR>", $myrow["name"]);
    printf("<b>adject1:</b> %s<BR>", $myrow["adject1"]);
    printf("<b>adject2:</b> %s<BR>", $myrow["adject2"]);
    printf("<b>adject3:</b> %s<BR>", $myrow["adject3"]);
    printf("<b>manaincrease:</b> %s<BR>", $myrow["manaincrease"]);
    printf("<b>hitincrease:</b> %s<BR>", $myrow["hitincrease"]);
    printf("<b>vitalincrease:</b> %s<BR>", $myrow["vitalincrease"]);
    printf("<b>movementincrease:</b> %s<BR>", $myrow["movementincrease"]);
    printf("<b>eatable:</b> %s<BR>", $myrow["eatable"]);
    printf("<b>drinkable:</b> %s<BR>", $myrow["drinkable"]);
    printf("<b>lightable:</b> %s<BR>", $myrow["lightable"] == 1 ? "yes" : "no");
                                        error_message("Unknown table row to claim ownership on...");
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    $query = "update " . $table . " set owner = null where owner = '" . quote_smart($_COOKIE["karchanadminname"]) . "' and " . $row . " = '" . quote_smart($_REQUEST["id"]) . "'";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    if (mysql_affected_rows() < 1) {
        error_message("You are not the owner.");
    }
    writeLogLong($dbhandle, "Relinquished ownership.", $query);
    printf("Relinquished ownership.<P>");
} else {
    printf("<TABLE BORDER=1 FRAME=void><TR VALIGN=top>");
    printf("<TD><H2>Methods</H2>");
    $result = mysql_query("select name as name from mm_methods\n\t\twhere owner = '" . quote_smart($_COOKIE["karchanadminname"]) . "' order by name", $dbhandle) or error_message("Query failed : " . mysql_error());
    while ($myrow = mysql_fetch_array($result)) {
        printf("%s<BR>", $myrow["name"]);
    }
    printf("</TD><TD><H2>Commands</H2>");
    $result = mysql_query("select id as id from mm_commands\n\t\twhere owner = '" . quote_smart($_COOKIE["karchanadminname"]) . "' order by id", $dbhandle) or error_message("Query failed : " . mysql_error());
    while ($myrow = mysql_fetch_array($result)) {
        printf("%s<BR>", $myrow["id"]);
    }
    printf("</TD><TD><H2>Events</H2>");
    $result = mysql_query("select eventid as id from mm_events\n\t\twhere owner = '" . quote_smart($_COOKIE["karchanadminname"]) . "' order by eventid", $dbhandle) or error_message("Query failed : " . mysql_error());
include $_SERVER['DOCUMENT_ROOT'] . "/scripts/admin_authorize.php";
$selection = "";
$result = mysql_query("select *, date_format(creation, \"%Y-%m-%d %T\") as\n        creation2 from mm_boards", $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    printf("<b>id:</b> %s ", $myrow["id"]);
    printf("<b>name:</b> %s ", $myrow["name"]);
    printf("<b>owner:</b> %s ", $myrow["owner"]);
    printf("<b>creation:</b> %s<BR>", $myrow["creation2"]);
    printf("<b>description:</b> %s<BR>", $myrow["description"]);
    $selection .= "<option value=\"" . $myrow["id"] . "\">" . $myrow["name"];
}
if (isset($_REQUEST["boardid"]) && isset($_REQUEST["name"])) {
    if (isset($_REQUEST["posttime"])) {
        $query = "update mm_boardmessages set removed = if(removed=1,0,1)\n\t\t\twhere boardid=\"" . quote_smart($_REQUEST["boardid"]) . "\" and name=\"" . quote_smart($_REQUEST["name"]) . "\" and posttime=\"" . quote_smart($_REQUEST["posttime"]) . "\"";
        mysql_query($query, $dbhandle) or error_message("Query failed : " . mysql_error());
        writeLogLong($dbhandle, "Removed/Unremoved message (" . $_REQUEST["boardid"] . ", " . $_REQUEST["name"] . ", " . $_REQUEST["posttime"] . ").", $query);
    }
    $query = "select *, date_format(posttime, \"%Y-%m-%d %T\") as\n    \t    creation2 from mm_boardmessages where boardid=\"" . quote_smart($_REQUEST["boardid"]) . "\" and name=\"" . quote_smart($_REQUEST["name"]) . "\" order by posttime";
    $result = mysql_query($query, $dbhandle) or error_message("Query failed : " . mysql_error());
    while ($myrow = mysql_fetch_array($result)) {
        printf("[<A HREF=\"/scripts/admin_boards.php?boardid=%s&name=%s&posttime=%s\">%s</A>]", $myrow["boardid"], $myrow["name"], $myrow["posttime"], $myrow["removed"] == "1" ? "ündo remove" : "remove");
        printf("<b>name:</b> %s ", $myrow["name"]);
        printf("<b>posttime:</b> %s <BR>", $myrow["creation2"]);
        printf("<b>contents:</b> %s <BR>", $removed == 1 ? "-removed-" : $myrow["message"]);
    }
}
mysql_close($dbhandle);
?>

<FORM METHOD="GET" ACTION="/scripts/admin_boards.php">
<TABLE>
<HEAD>
<TITLE>
Mmud - Bug Reports
</TITLE>
</HEAD>
<BODY>
<BODY BGCOLOR=#FFFFFF BACKGROUND="/images/gif/webpic/back4.gif">
<H1><IMG SRC="/images/gif/dragon.gif">Bug Report
</H1>
<TABLE>
<?php 
include $_SERVER['DOCUMENT_ROOT'] . "/scripts/admin_authorize.php";
if (isset($_REQUEST["title"])) {
    $query = "update bugs set title=\"" . quote_smart($_REQUEST["title"]) . "\", description=\"" . quote_smart($_REQUEST["description"]) . "\",  answer=\"" . quote_smart($_REQUEST["answer"]) . "\", closed= " . quote_smart($_REQUEST["closed"]) . " where  creation+0=\"" . quote_smart($_REQUEST["bug"]) . "\"";
    mysql_query($query, $dbhandle) or error_message("Query failed : " . mysql_error());
    writeLogLong($dbhandle, "Changed bugreport  " . $_REQUEST["bug"] . ".", $query);
}
// show results
$result = mysql_query("select *, creation+0 as creation3, date_format(creation, \"%Y-%m-%d %T\") as\n\tcreation2 from bugs order by creation desc", $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    if (!isset($_REQUEST["open"]) or $_REQUEST["open"] == $myrow["closed"]) {
        printf("<TR><TD><A HREF=\"/scripts/admin_bugs.php?bug=" . $myrow["creation3"] . "\n\t\t\">" . $myrow["creation2"] . "</A></TD><TD>" . $myrow["title"] . "</TD><TD>" . $myrow["name"] . "</TD><TD>" . ($myrow["closed"] == 1 ? "Closed" : "Open") . "</TD></TR>");
    }
    if (isset($_REQUEST["bug"]) && $myrow["creation3"] == $_REQUEST["bug"]) {
        ?>
Change Bug Report:<P>
<FORM METHOD="GET" ACTION="/scripts/admin_bugs.php">
Bug: <INPUT TYPE="text" NAME="bug" VALUE="<?php 
        echo $_REQUEST["bug"];
        ?>
" SIZE="60"><BR>
    if ($down != "") {
        $result = mysql_query("select id from mm_rooms where id = " . quote_smart($down), $dbhandle) or error_message("Query(6) failed : " . mysql_error());
        if (mysql_num_rows($result) != 1) {
            error_message("Down exit does not exist.");
        }
    } else {
        $down = "null";
    }
    $result = mysql_query("select area from mm_area where area = \"" . quote_smart($_REQUEST["area"]) . "\"", $dbhandle) or error_message("Query(7) failed : " . mysql_error());
    if (mysql_num_rows($result) != 1) {
        error_message("Area does not exist.");
    }
    // make that change.
    $query = "update mm_rooms set north=" . quote_smart($north) . ", south=" . quote_smart($south) . ", east=" . quote_smart($east) . ", west=" . quote_smart($west) . ", up=" . quote_smart($up) . ", down=" . quote_smart($down) . ", contents=\"" . quote_smart($_REQUEST["contents"]) . "\", title=\"" . quote_smart($_REQUEST["title"]) . "\", picture=\"" . quote_smart($_REQUEST["picture"]) . "\", area=\"" . quote_smart($_REQUEST["area"]) . "\", owner=\"" . quote_smart($_COOKIE["karchanadminname"]) . "\" where id = " . quote_smart($_REQUEST["room"]);
    mysql_query($query, $dbhandle) or error_message("Query(8) failed : " . mysql_error());
    writeLogLong($dbhandle, "Changed room " . $_REQUEST["room"] . ".", $query);
}
$result = mysql_query("select *, date_format(creation, \"%Y-%m-%d %T\") as creation2 from mm_rooms where id =\n\t" . quote_smart($_REQUEST["room"]), $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    printf("<b>id:</b> %s<BR>", $myrow[0]);
    if ($myrow["west"] != 0) {
        printf("<b>west:</b> <A HREF=\"/scripts/admin_rooms.php?room=%s\">%s</A><BR>", $myrow["west"], $myrow["west"]);
    }
    if ($myrow["east"] != 0) {
        printf("<b>east:</b> <A HREF=\"/scripts/admin_rooms.php?room=%s\">%s</A><BR>", $myrow["east"], $myrow["east"]);
    }
    if ($myrow["north"] != 0) {
        printf("<b>north:</b> <A HREF=\"/scripts/admin_rooms.php?room=%s\">%s</A><BR>", $myrow["north"], $myrow["north"]);
    }
    if ($myrow["south"] != 0) {
        printf("<b>south:</b> <A HREF=\"/scripts/admin_rooms.php?room=%s\">%s</A><BR>", $myrow["south"], $myrow["south"]);
    }
    // add choice if applicable
    if (trim($_REQUEST["change_addchoice"]) != "") {
        // compute maximum new id.
        $result = mysql_query("select max(id) + 1 as maxid from poll_choices" . " where pollid = " . quote_smart($_REQUEST["change_pollid"]), $dbhandle) or error_message("Query failed : " . mysql_error());
        $maxid = 1;
        while ($myrow = mysql_fetch_array($result)) {
            $maxid = $myrow["maxid"];
        }
        if ($maxid == "") {
            $maxid = 1;
        }
        // create new poll choice.
        $query = "insert into poll_choices (id, pollid, choice) values(" . quote_smart($maxid) . ", " . quote_smart($_REQUEST["change_pollid"]) . ",'" . quote_smart($_REQUEST["change_addchoice"]) . "')";
        mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
        writeLogLong($dbhandle, "Created new poll choice for poll " . quote_smart($_REQUEST["change_pollid"]) . ".", $query);
        printf("Created new poll choice.<P>");
    }
}
$result = mysql_query("select *,  date_format(creation, \"%Y-%m-%d %T\") as creation2 from polls", $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    if ($myrow["owner"] == null || $myrow["owner"] == "" || $myrow["owner"] == $_COOKIE["karchanadminname"]) {
        printf("<b>id:</b> <A HREF=\"/scripts/admin_polls.php?pollid=%s\">%s</A><BR>", $myrow["id"], $myrow["id"]);
    } else {
        printf("<b>id:</b> %s<BR>", $myrow["id"]);
    }
    printf("<b>title:</b> %s<BR>", $myrow["title"]);
    printf("<b>description:</b> %s<BR>", $myrow["description"]);
    printf("<b>owner:</b> %s<BR>", $myrow["owner"]);
    printf("<b>creation:</b> %s<BR>", $myrow["creation2"]);
    printf("<b>closed:</b> %s<P>", $myrow["closed"] == "0" ? "no" : "yes");
    }
    // make that change
    $query = "insert into mm_events (eventid, method_name, owner) values(" . ($maxid + 1) . ", \"" . quote_smart($_REQUEST["addeventmethodname"]) . "\", \"" . quote_smart($_COOKIE["karchanadminname"]) . "\")";
    mysql_query($query, $dbhandle) or error_message("Query(8) failed : " . mysql_error());
    writeLogLong($dbhandle, "Added event " . ($maxid + 1) . " which uses method " . $_REQUEST["addeventmethodname"] . ".", $query);
}
if (isset($_REQUEST["deleteeventid"])) {
    if (!is_numeric($_REQUEST["deleteeventid"])) {
        error_message("Expected eventid to be an integer, and it wasn't.");
    }
    $query = "delete from mm_events where eventid = " . quote_smart($_REQUEST["deleteeventid"]) . " and (owner is null or owner = \"" . quote_smart($_COOKIE["karchanadminname"]) . "\")";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    if (mysql_affected_rows() != 1) {
        error_message("Event does not exist or not proper owner.");
    }
    writeLogLong($dbhandle, "Removed event " . $_REQUEST["deleteeventid"] . ".", $query);
}
$result = mysql_query("select date_format(now(), \"%Y-%m-%d %T\") as now", $dbhandle) or error_message("Query failed : " . mysql_error());
$myrow = mysql_fetch_array($result);
printf("<H2>Current date/time</H2>" . $myrow["now"] . "<P>");
?>
<H2><A HREF="/karchan/admin/help/scripting1.html" target="_blank">
<IMG SRC="/images/icons/9pt4a.gif" BORDER="0"></A>
Events</H2>
<?php 
if (isset($_REQUEST["eventid"])) {
    $result = mysql_query("select *, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n\tfrom mm_events where eventid = " . quote_smart($_REQUEST["eventid"]), $dbhandle) or error_message("Query failed : " . mysql_error());
} else {
    $result = mysql_query("select *, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n\tfrom mm_events", $dbhandle) or error_message("Query failed : " . mysql_error());
}
while ($myrow = mysql_fetch_array($result)) {
    }
    // make that change
    $query = "insert into mm_commands (id, command, method_name, owner) values(" . ($maxid + 1) . ", \"" . quote_smart($_REQUEST["addcommandname"]) . "\", \"" . quote_smart($_REQUEST["addcommandmethodname"]) . "\", \"" . quote_smart($_COOKIE["karchanadminname"]) . "\")";
    mysql_query($query, $dbhandle) or error_message("Query(8) failed : " . mysql_error());
    writeLogLong($dbhandle, "Added command " . $_REQUEST["addcommandname"] . ".", $query);
}
if (isset($_REQUEST["deletecommandid"])) {
    if (!is_numeric($_REQUEST["deletecommandid"])) {
        error_message("Expected commandid to be an integer, and it wasn't.");
    }
    $query = "delete from mm_commands where id = " . quote_smart($_REQUEST["deletecommandid"]) . " and (owner is null or owner = \"" . quote_smart($_COOKIE["karchanadminname"]) . "\")";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    if (mysql_affected_rows() != 1) {
        error_message("Command does not exist or not proper owner.");
    }
    writeLogLong($dbhandle, "Removed command " . $_REQUEST["deletecommandid"] . ".", $query);
}
if (isset($_REQUEST["commandid"])) {
    $result = mysql_query("select *, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n\t\tfrom mm_commands where id like " . quote_smart($_REQUEST["commandid"]) . "", $dbhandle) or error_message("Query failed : " . mysql_error());
} else {
    if (isset($_REQUEST["commandstartswith"])) {
        $result = mysql_query("select *, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n\t\tfrom mm_commands where command like \"" . quote_smart($_REQUEST["commandstartswith"]) . "%\"", $dbhandle) or error_message("Query failed : " . mysql_error());
    } else {
        $result = mysql_query("select *, date_format(creation, \"%Y-%m-%d %T\") as creation2 \n\t\tfrom mm_commands where command = \"completelybogyd\"", $dbhandle) or error_message("Query failed : " . mysql_error());
    }
}
while ($myrow = mysql_fetch_array($result)) {
    if ($myrow["owner"] == null || $myrow["owner"] == "" || $myrow["owner"] == $_COOKIE["karchanadminname"]) {
        printf("<b>id:</b> <A\n    \t   HREF=\"/scripts/admin_commands.php?commandid=%s\">%s</A> ", $myrow["id"], $myrow["id"]);
    } else {
        printf("<b>id:</b> %s ", $myrow["id"]);
    echo $_REQUEST["item"];
    ?>
">
<INPUT TYPE="hidden" NAME="item" VALUE="<?php 
    echo $_REQUEST["item"];
    ?>
">
<INPUT TYPE="submit" VALUE="Remove Item Instance">
</FORM>
<?php 
}
printf("<H2><A HREF=\"/karchan/admin/help/attributes.html\" target=\"_blank\">\n<IMG SRC=\"/images/icons/9pt4a.gif\" BORDER=\"0\"></A>Attributes</H2>");
if (isset($_REQUEST["item"]) && isset($_REQUEST["mm_itemattributes_name"]) && isset($_REQUEST["mm_itemattributes_value"]) && isset($_REQUEST["mm_itemattributes_value_type"]) && $owner) {
    $query = "replace into mm_itemattributes\n\t\t(name, value, value_type, id) values(\"" . quote_smart($_REQUEST["mm_itemattributes_name"]) . "\", \"" . quote_smart($_REQUEST["mm_itemattributes_value"]) . "\", \"" . quote_smart($_REQUEST["mm_itemattributes_value_type"]) . "\", \"" . quote_smart($_REQUEST["item"]) . "\")";
    mysql_query($query, $dbhandle) or error_message("Query(8) failed : " . mysql_error());
    writeLogLong($dbhandle, "Added attribute to " . $_REQUEST["char"] . ".", $query);
}
$result = mysql_query("select * " . " from mm_itemattributes" . " where id = " . quote_smart($_REQUEST["item"]), $dbhandle) or error_message("Query failed : " . mysql_error());
while ($myrow = mysql_fetch_array($result)) {
    printf("<b>name:</b> <A HREF=\"/scripts/admin_attributelist.php?name=%s\">%s</A> ", $myrow[0], $myrow[0]);
    printf("<b>value:</b> %s ", $myrow[1]);
    printf("<b>value_type:</b> %s<BR>", $myrow[2]);
}
mysql_close($dbhandle);
if ($owner) {
    ?>

<FORM METHOD="GET" ACTION="/scripts/admin_items.php">
<b>
<INPUT TYPE="hidden" NAME="item" VALUE="<?php 
    echo $_REQUEST["item"];
    // check that bossname exists
    $result = mysql_query("select name from mm_usertable where name=\"" . quote_smart($_REQUEST["bossname"]) . "\"", $dbhandle) or error_message("Query(6) failed : " . mysql_error());
    if (mysql_num_rows($result) == 0) {
        error_message("Guild master does not exist.");
    }
    // check that bossname is not already a guidmaster
    $result = mysql_query("select bossname from mm_guilds where bossname=\"" . quote_smart($_REQUEST["bossname"]) . "\"", $dbhandle) or error_message("Query(7) failed : " . mysql_error());
    if (mysql_num_rows($result) != 0) {
        error_message("This person is already a Guild master of another guild.");
    }
    $query = "insert into mm_guilds (name, bossname, creation, owner) values('" . quote_smart($_REQUEST["addguildname"]) . "', '" . quote_smart($_REQUEST["bossname"]) . "', now(), '" . quote_smart($_COOKIE["karchanadminname"]) . "')";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    writeLogLong($dbhandle, "Added guild " . $_REQUEST["addguildname"] . ".", $query);
    $query = "update mm_usertable set guild='" . quote_smart($_REQUEST["addguildname"]) . "' where name='" . quote_smart($_REQUEST["bossname"]) . "'";
    mysql_query($query, $dbhandle) or error_message("Query (" . $query . ") failed : " . mysql_error());
    writeLogLong($dbhandle, "Added guildmaster " . $_REQUEST["bossname"] . " to guild " . $_REQUEST["addguildname"] . ".", $query);
}
mysql_close($dbhandle);
?>

<FORM METHOD="GET" ACTION="/scripts/admin_guilds.php">
<b>
<TABLE>
<TR><TD>guildname</TD><TD><INPUT TYPE="text" NAME="addguildname" VALUE=""  SIZE="40" MAXLENGTH="40"></TD></TR> 
<TR><TD>bossname</TD><TD><INPUT TYPE="text" NAME="bossname" VALUE="" SIZE="40" MAXLENGTH="40"></TD></TR> 
</TD></TR> 
</TABLE>
<INPUT TYPE="submit" VALUE="Add Guild">
</b>   
</FORM>
        printf("<TR><TD>%s</TD><TD>%s</TD></TR>\r\n", $myrow["question"], $myrow["answer"]);
    }
    printf("</TABLE>");
    $result = mysql_query("select owner from mm_usertable where name = \"" . quote_smart($_REQUEST["bot"]) . "\" and (owner is null or owner = \"" . quote_smart($_COOKIE["karchanadminname"]) . "\")", $dbhandle) or error_message("Query failed : " . mysql_error());
    if ($myrow = mysql_fetch_array($result)) {
        if (isset($_REQUEST["bot_answer"])) {
            // make that change.
            $query = "replace into mm_answers (name, question, answer) " . "values(\"" . quote_smart($_REQUEST["bot"]) . "\", \"" . quote_smart($_REQUEST["bot_question"]) . "\", \"" . quote_smart($_REQUEST["bot_answer"]) . "\")";
            mysql_query($query, $dbhandle) or error_message("Query(as) failed : " . mysql_error());
            writeLogLong($dbhandle, "Changed answer for " . $_REQUEST["bot"] . ".", $query);
        }
        if (isset($_REQUEST["remove_question"])) {
            // make that change.
            $query = "delete from mm_answers where name=\"" . quote_smart($_REQUEST["bot"]) . "\" and question = \"" . quote_smart($_REQUEST["remove_question"]) . "\"";
            mysql_query($query, $dbhandle) or error_message("Query(afg) failed : " . mysql_error());
            writeLogLong($dbhandle, "Removed answer for " . $_REQUEST["bot"] . ".", $query);
        }
        ?>
<FORM METHOD="POST" ACTION="/scripts/admin_answers.php">
<b>
<INPUT TYPE="hidden" NAME="bot" VALUE="<?php 
        echo $_REQUEST["bot"];
        ?>
">
Question: <INPUT TYPE="text" SIZE="100" NAME="bot_question" VALUE="<?php 
        echo $_REQUEST["bot_question"];
        ?>
"><BR>
Answer: <INPUT TYPE="text" SIZE="100" NAME="bot_answer" VALUE="<?php 
        echo $_REQUEST["bot_answer"];
        ?>