function DoTask()
{
global $GAME;
$EscapedNewPassword = sanitise_str(@$_POST['PasswordB'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$PostFailureTitle = false;
do {
if (!$_SESSION['LoggedIn']) {
$PostFailureTitle = 'Not logged in';
$PostFailureMessage = 'You are not logged in. Please log in and then try again. Click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['GameStatus'] == 'Cancelled') {
$PostFailureTitle = 'Game cancelled';
$PostFailureMessage = 'This game has been cancelled. Please click <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['GameStatus'] != 'Recruiting') {
$PostFailureTitle = 'Game has already started';
$PostFailureMessage = 'This game has now been started. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($_SESSION['MyUserID'] != $GAME['GameCreator']) {
$PostFailureTitle = 'Cannot change game settings';
$PostFailureMessage = 'You cannot change the game\'s settings, because you are not the game\'s creator. Click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if (@$_POST['GPrivateBox'] and mb_strlen($EscapedNewPassword, 'UTF-8') > 20) {
$PostFailureTitle = 'New password too long';
$PostFailureMessage = 'The new password you entered is too long. Maximum 20 characters. Click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if (@$_POST['GPrivateBox'] and mb_strlen($EscapedNewPassword, 'UTF-8') < 3) {
$PostFailureTitle = 'New password too short';
$PostFailureMessage = 'The new password you entered is too short. Minimum 3 characters. Click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
} while (false);
if ($PostFailureTitle !== false) {
$mypage = page::standard();
$mypage->title_body($PostFailureTitle);
$mypage->leaf('p', $PostFailureMessage);
$mypage->finish();
}
if (@$_POST['GPrivateBox']) {
$NewPrivValue = 1;
} else {
$NewPrivValue = 0;
$EscapedNewPassword = mb_substr($EscapedNewPassword, 0, 20, 'UTF-8');
}
dbquery(DBQUERY_WRITE, 'UPDATE "LobbySettings" SET "GPrivate" = :private:, "Password" = :pass: WHERE "Game" = :game:', 'private', $NewPrivValue, 'game', $GAME['GameID'], 'pass', $EscapedNewPassword);
page::redirect(3, 'lobby.php?GameID=' . $GAME['GameID'], 'Game settings successfully changed.');
}
function DoTask()
{
global $Administrator, $GAME, $unexpectederrormessage;
if (!$Administrator) {
$mypage = page::standard();
$mypage->title_body('Not authorised');
$mypage->leaf('p', 'You are not authorised to make use of this page. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$EscapedComment = sanitise_str(@$_POST['AdminComment'], STR_GPC | STR_STRIP_TAB_AND_NEWLINE);
$EscapedComment = str_replace(array('|', '"'), array('', ''), $EscapedComment);
$EscapedComment = htmlspecialchars($EscapedComment);
if ($EscapedComment == '') {
$mypage = page::standard();
$mypage->title_body('Comment is missing');
$mypage->leaf('p', 'The coment you entered is missing. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
dbquery(DBQUERY_WRITE, 'UPDATE "Game" SET "GameTicker" = CONCAT("GameTicker", :tickerconcat:), "GameTickerNames" = CONCAT("GameTickerNames", :namesconcat:) WHERE "GameID" = :game:', 'tickerconcat', '3B' . callmovetimediff() . letter_end_number($_SESSION['MyUserID']) . letter_end_number($_SESSION['MyGenderCode']), 'namesconcat', '|' . $_SESSION['MyUserName'] . '|' . $EscapedComment, 'game', $GAME['GameID']);
dbquery(DBQUERY_COMMIT);
page::redirect(3, 'board.php?GameID=' . $GAME['GameID'], 'Successfully added comment.');
}
$body = '<p>This is a message sent by ' . $_SESSION['MyUserName'] . ', another user of <a href="' . SITE_ADDRESS . '">Brass Online</a>. If you do not wish to receive messages like this one, you can prevent users from contacting you by logging in and changing your preferences on your User Details page. ' . $_SESSION['MyUserName'] . ' has not seen your email address, and will not see it unless you choose to reply to ' . $PronounLC . ' message via email. What follows is the text of ' . $_SESSION['MyUserName'] . '\'s message.</p>' . $EscapedContent[0] . EMAIL_FOOTER;
if (send_email($subject, $body, $therow['Email'], $Email)) {
dbquery(DBQUERY_COMMIT);
$mypage->title_body('Email sent');
$mypage->leaf('p', 'Your email was successfully sent to ' . $therow['Name'] . '. Click <a href="userdetails.php?UserID=' . $EscapedUserID . '">here</a> to visit ' . $therow['Name'] . '\'s User Details page, or <a href="index.php">here</a> to return to the Main Page. Here is the text of the message you sent:');
$mypage->leaf('textarea', sanitise_str(@$_POST['TheEmail'], STR_GPC | STR_ESCAPE_HTML | STR_CONVERT_ESCAPE_SEQUENCES), 'cols=80 rows=20');
} else {
dbquery(DBQUERY_ALLPURPOSE_TOLERATE_ERRORS, 'ROLLBACK');
// Sometimes if email sending fails, it's after a long wait. The
// use here of tolerate-errors stops the script failing if the
// "MySQL server has gone away" error occurs. (If this happens then
// the transaction should in theory already have been rolled back.)
$mypage->title_body('Problem sending email');
$mypage->leaf('p', 'There was a problem sending the email to ' . $therow[Name] . '. Please consider trying again later. <b>If sending the email fails repeatedly, it is more likely to be a problem with the site than a problem with ' . $therow['Name'] . '\'s email address; please let an administrator know.</b> Click <a href="userdetails.php?UserID=' . $EscapedUserID . '">here</a> to visit ' . $therow['Name'] . '\'s User Details page, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->leaf('p', 'Here is the text of the message you entered:');
$mypage->leaf('textarea', sanitise_str(@$_POST['TheEmail'], STR_GPC | STR_ESCAPE_HTML), 'cols=80 rows=20');
}
} else {
if (isset($_GET['UserID'])) {
$EscapedUserID = sanitise_int($_GET['UserID']);
$therow = dbquery(DBQUERY_READ_SINGLEROW, 'SELECT "Name", "UserValidated", "AllowContact", "Email", "Pronoun" FROM "User" WHERE "UserID" = :user:'******'user', $EscapedUserID);
if ($therow === 'NONE') {
$mypage->title_body('No such user');
$mypage->leaf('p', 'There is no user with that user ID number. Please click <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
if (!$therow['UserValidated']) {
if ($Administrator) {
$mypage->title_body('User not validated');
$mypage->leaf('p', 'That user is not validated. Please click <a href="userdetails.php?UserID=' . $EscapedUserID . '">here</a> to visit this user\'s User Details page, or <a href=\\"index.php\\">here</a> to return to the Main Page.');
} else {
<?php
require '_std-include.php';
$mypage = page::standard();
if (!$_SESSION['LoggedIn']) {
$mypage->title_body('Not logged in');
$mypage->leaf('p', 'You are not logged in. Please log in and then return to this page. You can return to the Main Page by clicking <a href="index.php">here</a>.');
$mypage->finish();
}
if ($Administrator < 2) {
$mypage->title_body('Not authorised');
$mypage->leaf('p', 'You are not authorised to make use of this page. Please click <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$TLanguage = sanitise_int(@$_GET['LanguageID']);
$PhraseName = sanitise_str(@$_GET['PhraseName'], STR_GPC | STR_ENSURE_ASCII);
$QR = dbquery(DBQUERY_READ_SINGLEROW, 'SELECT "PhraseInEnglish", "FormInUse" FROM "Phrase" WHERE "PhraseName" = :phrasename:', 'phrasename', $PhraseName);
if ($QR === 'NONE') {
myerror($unexpectederrormessage, 'Phrase with the specified phrase name "' . htmlspecialchars($PhraseName) . '" was not found');
}
$QRX = dbquery(DBQUERY_READ_SINGLEROW, 'SELECT "Translation" FROM "ChosenTranslatedPhrase" WHERE "PhraseName" = :phrasename: AND "Language" = :language:', 'phrasename', $PhraseName, 'language', $TLanguage);
if ($QRX === 'NONE') {
myerror($unexpectederrormessage, 'Translation with the specified phrase name "' . htmlspecialchars($PhraseName) . '" and specified language was not found');
}
$mypage->title_body('Edit chosen translation');
$mypage->leaf('h3', 'Edit chosen translation');
$mypage->leaf('div', $QR['PhraseInEnglish'], 'style="position: relative; width: 585px; border: 1pt solid black; padding: 7px; margin-bottom: 7px; background-color: #FFC18A; font-family: monospace;"');
$mypage->leaf('div', $QR['FormInUse'], 'style="position: relative; width: 585px; border: 1pt solid black; padding: 7px; margin-bottom: 7px; background-color: #000000; color: #FFFFFF; font-family: monospace;"');
$mypage->opennode('form', 'action="translated.php" method="POST"');
$mypage->leaf('textarea', $QRX['Translation'], 'name="editedtext" cols=45 rows=6');
$mypage->leaf('p', '<input type="submit" name="FormSubmit" value="Make changes">');
$mypage = page::standard();
$mypage->title_body('Item description missing');
$mypage->leaf('p', 'Your item description text is missing.');
$mypage->leaf('p', 'You can click <a href="todolist.php">here</a> to return to the To Do list, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
if ($Parent > 0) {
$QR = dbquery(DBQUERY_READ_RESULTSET, 'SELECT "OrderingNumber" FROM "ToDoListItem" WHERE "ItemID" = :parent:', 'parent', $Parent);
if ($QR === 'NONE') {
$mypage = page::standard();
$mypage->title_body('Parent item not found');
$mypage->leaf('p', 'Unable to find the specified parent item. Here is the item description you entered:');
$mypage->leaf('textarea', sanitise_str($_POST['description'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE), 'rows=8 cols=80');
$mypage->leaf('p', 'You can click <a href="todolist.php">here</a> to return to the To Do list, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$Item = dbquery(DBQUERY_READ_INTEGER, 'SELECT IFNULL((SELECT MAX("SubItemNumber") FROM "ToDoListSubItem" WHERE "Item" = :parent:), -1) + 1', 'parent', $Parent);
if ($Item == 256) {
$mypage = page::standard();
$mypage->title_body('Too many subitems');
$mypage->leaf('p', 'There are (or have been) too many subitems to the specified top-item. This script isn\'t sophisticated enough to reorganise the sub-item-numbers. You will need to upgrade the script, manually edit the database to re-organise the sub-item-numbers, or create a new top-item copying the current one and copy across the current sub-items (then delete the current top-item).');
$mypage->leaf('p', 'Here is the item description you entered:');
$mypage->leaf('textarea', sanitise_str($_POST['description'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE), 'rows=8 cols=80');
$mypage->leaf('p', 'You can click <a href="todolist.php">here</a> to return to the To Do list, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
dbquery(DBQUERY_WRITE, 'INSERT INTO "ToDoListSubItem" ("SubItemNumber", "Item", "OrderingNumber", "Description") VALUES (:item:, :parent:, :onumber:, :desc:)', 'onumber', $OrderingNumber, 'desc', $Description[0], 'parent', $Parent, 'item', $Item);
} else {
dbquery(DBQUERY_WRITE, 'INSERT INTO "ToDoListItem" ("OrderingNumber", "Description") VALUES (:onumber:, :desc:)', 'onumber', $OrderingNumber, 'desc', $Description[0]);
}
page::redirect(3, 'todolist.php', 'Item successfully added.');
function DoTask()
{
global $Banned, $Email, $EmailPrompt, $EmailPromptAgain, $GAME, $HasBeenEmailed, $Rating;
$EscapedPassword = sanitise_str(@$_POST['Password'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$PostFailureTitle = false;
do {
if (!$_SESSION['LoggedIn']) {
$PostFailureTitle = 'Not logged in';
$PostFailureMessage = 'You cannot join this game, because you are not logged in. Please log in and then try again. Click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($Banned) {
$PostFailureTitle = 'Banned';
$PostFailureMessage = 'You cannot join this game, because you are banned. Please click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['GameStatus'] == 'Cancelled') {
$PostFailureTitle = 'Game cancelled';
$PostFailureMessage = 'This game has been cancelled. Please click <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['GameStatus'] != 'Recruiting') {
$PostFailureTitle = 'Game has already started';
$PostFailureMessage = 'This game has now been started, so you cannot join it. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['MyColour'] != 50) {
$PostFailureTitle = 'Already playing';
$PostFailureMessage = 'You cannot join this game, because you are playing in it already. Please click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['GPrivate'] and $GAME['Password'] != $EscapedPassword) {
$PostFailureTitle = 'Incorrect password';
$PostFailureMessage = 'The password you entered is incorrect. Please note that the password you need to enter here is <b>not</b> your user account password, but a different password that has been set by the game\'s creator to control access to the game. Please click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['CurrentPlayers'] >= $GAME['MaximumPlayers']) {
$PostFailureTitle = 'Game is full';
$PostFailureMessage = 'You cannot join this game, because it has already reached its maximum number of players. Please click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if ($GAME['MinimumRating'] > $Rating) {
$PostFailureTitle = 'Player rating too low';
$PostFailureMessage = 'You cannot join this game, because your player rating is too low. Please click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
if (!is_null($GAME['MaximumRating']) and $GAME['MaximumRating'] < $Rating) {
$PostFailureTitle = 'Player rating too high';
$PostFailureMessage = 'You cannot join this game, because your player rating is too high. Please click <a href="lobby.php?GameID=' . $GAME['GameID'] . '">here</a> to return to the lobby page, or <a href="index.php">here</a> to return to the Main Page.';
break;
}
} while (false);
if ($PostFailureTitle !== false) {
$mypage = page::standard();
$mypage->title_body($PostFailureTitle);
$mypage->leaf('p', $PostFailureMessage);
$mypage->finish();
}
$GAME['CurrentPlayers']++;
for ($i = 0; $i < MAX_PLAYERS; $i++) {
if (!$GAME['PlayerExists'][$i]) {
$GAME['PlayerExists'][$i] = 1;
$GAME['PlayerUserID'][$i] = $_SESSION['MyUserID'];
$GAME['PlayerName'][$i] = $_SESSION['MyUserName'];
$GAME['PlayerRating'][$i] = $Rating;
$GAME['Email'][$i] = $Email;
$GAME['EmailPrompt'][$i] = $EmailPrompt;
$GAME['EmailPromptAgain'][$i] = $EmailPromptAgain;
$GAME['HasBeenEmailed'][$i] = $HasBeenEmailed;
switch ($_SESSION['MyGenderCode']) {
case 0:
$GAME['Pronoun_Eng'][$i] = 'He';
break;
case 1:
$GAME['Pronoun_Eng'][$i] = 'She';
break;
default:
$GAME['Pronoun_Eng'][$i] = 'It';
}
dbquery(DBQUERY_WRITE, 'UPDATE "Game" SET "CurrentPlayers" = :currentplayers:, "PlayerExists" = :playerexists: WHERE "GameID" = :game:', 'currentplayers', $GAME['CurrentPlayers'], 'playerexists', $GAME['PlayerExists'], 'game', $GAME['GameID']);
dbquery(DBQUERY_WRITE, 'INSERT INTO "PlayerGameRcd" ("User", "Game", "GameResult", "Inherited", "GameCounts", "Colour", "NumLongTurns", "CurrentOccupant") VALUES (:user:, :game:, \'Playing\', 0, 1, :colour:, 0, 0)', 'user', $_SESSION['MyUserID'], 'game', $GAME['GameID'], 'colour', $i);
break;
}
}
if ($GAME['CurrentPlayers'] == $GAME['MaximumPlayers']) {
if ($GAME['AutoStart']) {
require HIDDEN_FILES_PATH . 'sgresource.php';
startgame(true);
page::redirect(3, 'board.php?GameID=' . $GAME['GameID'], 'Successfully joined and started game.');
} else {
if ($GAME['CreatorEmailPrompt'] and $GAME['CreatorEmail'] != '') {
$subject = 'Game is ready to be started';
$body = '<p>Your game, number ' . $GAME['GameID'] . ', now has a full complement of players. Please review the game\'s lobby page and if you approve of the players, start the game. The URL of the lobby page is:</p><p><a href="' . SITE_ADDRESS . 'lobby.php?GameID=' . $GAME['GameID'] . '">' . SITE_ADDRESS . 'lobby.php?GameID=' . $GAME['GameID'] . '</a></p>' . EMAIL_FOOTER;
send_email($subject, $body, $GAME['CreatorEmail'], null);
}
}
}
dbquery(DBQUERY_COMMIT);
page::redirect(3, 'lobby.php?GameID=' . $GAME['GameID'], 'Successfully joined game.');
}
<?php
require '_std-include.php';
$mypage = page::standard();
$mypage->title_body('Send account recovery email');
if (@$_SESSION['LoggedIn']) {
$_SESSION['AllowUse'] = 0;
$mypage->leaf('p', 'You cannot access this page while logged in. Please either <a href="logout.php">log out</a> first, or return to the <a href="index.php">Main Page</a>.');
$mypage->finish();
} else {
if (isset($_POST['AccountName'])) {
$EscapedAccountName = sanitise_str($_POST['AccountName'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
if ($EscapedAccountName == '') {
$mypage->leaf('p', 'You did not enter an account name. Please click <a href="recoveraccount.php">here</a> to try again, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$QR = dbquery(DBQUERY_READ_SINGLEROW, 'SELECT "UserID", "Email", "UserValidated" FROM "User" WHERE "Name" = :name:', 'name', $EscapedAccountName);
if ($QR === 'NONE') {
$mypage->leaf('p', 'Couldn\'t find a user named ' . $EscapedAccountName . '. Please check that you spelled the account name correctly.');
} else {
if (!$QR['UserValidated']) {
$mypage->leaf('p', 'That user account isn\'t validated yet. If you haven\'t received your validation email, you can visit <a href="resendvalemail.php">this page</a> to re-send it (although you will need your password to do so).');
} else {
if ($QR['Email'] == '') {
$mypage->leaf('p', 'There was a problem sending the email. Either the account email address is blank, or the email could not be sent for some other reason. You might want to try again; if it still doesn\'t work, you can ask the Administrator to investigate, but be aware that the Administrator will only go so far as to check for problems with this script and with the site\'s ability to send emails, not give you access to your account.');
} else {
$CharArray = 'abcdefghijklmnopqrstuvwxyz0123456789';
$thevstring = '';
for ($i = 0; $i < 20; $i++) {
$j = rand(0, 35);
$thevstring .= $CharArray[$j];
$errors = true;
$errorlist->opennode('li');
$errorlist->text('That personal statement is too long. The limit is around 50, 000 characters (proviso: depending on the content you enter, the number of characters after the content is processed may vary slightly from that before). Here is the text you entered:');
$errorlist->emptyleaf('br');
$errorlist->emptyleaf('br');
$errorlist->leaf('textarea', sanitise_str($_POST['Statement'], STR_GPC | STR_ESCAPE_HTML), 'cols=80 rows=20');
$errorlist->closenode();
} else {
if ($EscapedStatement[1] == -1) {
$SetPSString = 'PersonalStatement = NULL, ';
} else {
$SetPSString = 'PersonalStatement = :ps:, ';
}
}
$SetEmailString = '';
$EscapedEmail = sanitise_str(@$_POST['Email'], STR_GPC | STR_ENSURE_ASCII | STR_TO_LOWERCASE);
if (strlen($EscapedEmail) > 50) {
$errors = true;
$errorlist->leaf('li', 'Failed to change email address: New address is too long.');
} else {
if ($EscapedEmail == '') {
$SetEmailString = 'Email = NULL, ';
} else {
$EmailChunks = explode('@', $EscapedEmail);
if (count($EmailChunks) == 2 and strlen($EmailChunks[0]) and strlen($EmailChunks[1])) {
$EmailChunksA = explode('.', $EmailChunks[0]);
$EmailChunksB = explode('.', $EmailChunks[1]);
$FoundInvalidChunk = false;
do {
for ($i = 0; $i < count($EmailChunksA); $i++) {
if (!preg_match('/\\A[a-z0-9!\\$&\\*\\-=\\^`\\|~#%\'\\+\\/\\?_\\{\\}]+\\Z/', $EmailChunksA[$i])) {
}
$errors = false;
$FormTimeLimitAMins = '';
$FormTimeLimitAHours = '';
$FormTimeLimitADays = '';
$FormTimeLimitBMins = '';
$FormTimeLimitBHours = '';
$FormTimeLimitBDays = '';
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
if (@$_POST['FormSubmitted']) {
$ShowForm = false;
$errorlist = fragment::blank();
$EscapedGameName = sanitise_str(@$_POST['GameName'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE | STR_CONVERT_ESCAPE_SEQUENCES);
$EscapedGamePassword = sanitise_str(@$_POST['GamePassword'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$EscapedGVersion = sanitise_int(@$_POST['GameVersion']);
$EscapedTimeLimitA = sanitise_int(@$_POST['TimeLimitANumber']);
$EscapedTimeLimitB = sanitise_int(@$_POST['TimeLimitBNumber']);
$EscapedMinPlayers = sanitise_int(@$_POST['MinPlayers']);
$EscapedMaxPlayers = sanitise_int(@$_POST['MaxPlayers']);
$EscapedMinRating = sanitise_int(@$_POST['MinRating'], SANITISE_NO_FLAGS, 0, 60);
$EscapedMaxRating = sanitise_int(@$_POST['MaxRating'], SANITISE_NO_FLAGS, 0, 60);
if ($EscapedGVersion == 2) {
$EscapedGVersion = 1;
}
if ($EscapedMaxRating > 0 and $EscapedMaxRating < 5) {
die($unexpectederrormessage);
}
$EscapedMinRating *= 100;
$EscapedMaxRating *= 100;
<?php
require '_std-include.php';
$mypage = page::standard();
if ($_SESSION['LoggedIn']) {
$mypage->title_body('Logged in');
$mypage->leaf('p', 'You cannot access this page while logged in. Please either <a href="logout.php">log out</a> first, or return to the <a href="index.php">Main Page</a>.');
} else {
if (isset($_POST['username'])) {
$EscapedUserName = sanitise_str($_POST['username'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$row = dbquery(DBQUERY_READ_SINGLEROW, 'SELECT "UserID", "Email", "BecomesAccessible", "UserValidated" FROM "User" WHERE "Name" = :name:', 'name', $EscapedUserName);
if ($row === 'NONE') {
$mypage->title_body('Unlock an account');
$mypage->leaf('p', 'Couldn\'t find a user named ' . $EscapedUserName . '. Please check that you spelled the account name correctly. You can click <a href="unlocke.php">here</a> to try again.');
} else {
if (!$row['UserValidated']) {
$mypage->title_body('Unlock an account');
$mypage->leaf('p', 'That user account isn\'t validated yet. If you haven\'t received your validation email, you can visit <a href="resendvalemail.php">this page</a> to re-send it (although you will need your password to do so).');
} else {
if (strtotime($row['BecomesAccessible']) - strtotime(now) > 0) {
if ($row[Email] != '') {
$BAtime = date('Y-m-d H:i:s', strtotime($row['BecomesAccessible']));
$CharArray = 'abcdefghijklmnopqrstuvwxyz0123456789';
$thevstring = '';
for ($i = 0; $i < 20; $i++) {
$j = rand(0, 35);
$thevstring .= $CharArray[$j];
}
$encryptedthevstring = crypt($thevstring, generateSalt());
dbquery(DBQUERY_WRITE, 'UPDATE "User" SET "ScrambleKey" = :scramblekey: WHERE "UserID" = :user:'******'scramblekey', $encryptedthevstring, 'user', $row['UserID']);
$subject = 'Unlock Brass Online Account';
<?php
require '_std-include.php';
define('LOGIN_ATTEMPTS_PERMITTED', 3);
$LoginDetailsSupplied = false;
$Method = null;
if (isset($_POST['Name']) or isset($_POST['Password'])) {
$EscapedUserName = sanitise_str(@$_POST['Name'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$EscapedPassword = trim(@$_POST['Password']);
$LoginDetailsSupplied = true;
$Method = 'POST';
$MustRedirect = false;
} else {
if (isset($_GET['Name']) or isset($_GET['Password'])) {
$EscapedUserName = sanitise_str(@$_GET['Name'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$EscapedPassword = trim(@$_GET['Password']);
$LoginDetailsSupplied = true;
$Method = 'GET';
$MustRedirect = true;
}
}
if (!$LoginDetailsSupplied) {
$ErrorCode = 0;
} else {
if (strlen($EscapedPassword) > 20) {
die($unexpectederrormessage);
}
$QR = dbquery(DBQUERY_READ_RESULTSET, 'SELECT "UserID", "Name", "Email", "Pronoun", "Password", "DenyAccess", "UserValidated", "BadAttempts", "BecomesAccessible", "Administrator" FROM "User" WHERE "Name" = :name:', 'name', $EscapedUserName);
if ($QR === 'NONE') {
$_SESSION['LoggedIn'] = 0;
$ErrorCode = 1;
}
if ($EscapedPhraseInEnglish[1] >= 0) {
$mypage->leaf('h3', 'Here is the phrase text you entered:');
$mypage->leaf('textarea', sanitise_str($_POST['phrasetext'], STR_GPC | STR_ESCAPE_HTML), 'cols=80 rows=10');
}
if ($EscapedFormInUse[1] >= 0) {
$mypage->leaf('h3', 'Here is the "form in use" you entered:');
$mypage->leaf('textarea', sanitise_str($_POST['forminuse'], STR_GPC | STR_ESCAPE_HTML), 'cols=80 rows=10');
}
if ($EscapedDescription[1] >= 0) {
$mypage->leaf('h3', 'Here is the description you entered:');
$mypage->leaf('textarea', sanitise_str(@$_POST['description'], STR_GPC | STR_ESCAPE_HTML), 'cols=80 rows=10');
}
if ($EscapedNotes[1] >= 0) {
$mypage->leaf('h3', 'Here are the notes you entered:');
$mypage->leaf('textarea', sanitise_str(@$_POST['notes'], STR_GPC | STR_ESCAPE_HTML), 'cols=80 rows=10');
}
$mypage->finish();
}
if ($Insertmode) {
dbquery(DBQUERY_WRITE, 'INSERT INTO "Phrase" ("PhraseName", "OrderingNumber", "PhraseInEnglish", "FormInUse", "CurrentlyInUse", "Module", "Description", "Notes") VALUES (:phrasename:, :orderingnumber:, :english:, :fiu:, :inuse:, :module:, :desc:, :notes:)', 'phrasename', $NewPhraseName, 'orderingnumber', $OrderingNumber, 'inuse', $InUse, 'module', $ModuleID, 'english', $EscapedPhraseInEnglish[0], 'fiu', $EscapedFormInUse[0], 'desc', $EscapedDescription[0], 'notes', $EscapedNotes[0]);
page::redirect(3, 'translateb.php?ModuleID=' . $EscapedModuleID, 'Successfully added phrase.');
}
if ($Unchoose) {
dbquery(DBQUERY_WRITE, 'UPDATE "TranslatedPhrase" SET "Chosen" = 0 WHERE "PhraseName" = :phrasename:', 'phrasename', $PhraseName);
}
if ($DeleteChosenT) {
dbquery(DBQUERY_WRITE, 'DELETE FROM "ChosenTranslatedPhrase" WHERE "PhraseName" = :phrasename:', 'phrasename', $PhraseName);
}
dbquery(DBQUERY_WRITE, 'UPDATE "Phrase" SET "PhraseName" = :newname:, "OrderingNumber" = :orderingnumber:, "PhraseInEnglish" = :english:, "FormInUse" = :fiu:, "CurrentlyInUse" = :inuse:, "Module" = :module:, "Description" = :desc:, "Notes" = :notes: WHERE "PhraseName" = :phrasename:', 'newname', $NewPhraseName, 'orderingnumber', $OrderingNumber, 'inuse', $InUse, 'module', $ModuleID, 'phrasename', $PhraseName, 'english', $EscapedPhraseInEnglish[0], 'fiu', $EscapedFormInUse[0], 'desc', $EscapedDescription[0], 'notes', $EscapedNotes[0]);
page::redirect(2, false, 'Successfully altered phrase.');
if (!$_SESSION['LoggedIn']) {
$mypage = page::standard();
$mypage->title_body('Not logged in');
$mypage->leaf('p', 'You are not logged in. Please log in and then return to this page. You can return to the Main Page by clicking <a href="index.php">here</a>.');
$mypage->finish();
}
if ($Administrator < 2) {
$mypage = page::standard();
$mypage->title_body('Not authorised');
$mypage->leaf('p', 'You are not authorised to make use of this page. Please click <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
if (!isset($_POST['Translator']) or !isset($_POST['Language']) or !isset($_POST['PhraseName'])) {
myerror($unexpectederrormessage, 'One or more expected variables were missing from GET request');
}
$Translator = sanitise_int($_POST['Translator']);
$TLanguage = sanitise_int($_POST['Language']);
$PhraseName = sanitise_str($_POST['PhraseName'], STR_GPC | STR_ENSURE_ASCII);
if (isset($_POST['ReturnModule'])) {
$ReturnModule = 'translateb.php?ModuleID=' . sanitise_int($_POST['ReturnModule']);
} else {
$ReturnModule = 'index.php';
}
if (!isset($_POST['IAmSure']) or !$_POST['IAmSure']) {
$mypage = page::standard();
$mypage->title_body('Tickbox not ticked');
$mypage->leaf('p', 'You did not tick the tickbox. Please <a href="' . $ReturnModule . '">return to the list of phrases</a> and tick the box before clicking the "Delete" button.');
$mypage->finish();
}
dbquery(DBQUERY_WRITE, 'DELETE FROM "TranslatedPhrase" WHERE "Translator" = :translator: AND "Language" = :language: AND "PhraseName" = :phrasename:', 'translator', $Translator, 'language', $TLanguage, 'phrasename', $PhraseName);
page::redirect(3, $ReturnModule, 'Successfully deleted translation.');
if ($errors) {
$ShowForm = true;
}
} else {
$errors = false;
$ShowForm = true;
$FirstShow = true;
$QArray = array('', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '');
$hetext = ' selected';
$shetext = '';
$ittext = '';
}
if ($ShowForm) {
$Question = array('What is your mother\'s maiden name?', 'What primary/elementary school did you go to?', 'What was the name of your first pet?', 'What is your favourite fruit or vegetable?', 'Who was your role model when you were growing up?', 'Which famous person from the past do you most admire?', 'Which famous living person do you most admire?', 'What is your favourite mathematical theorem?', 'What is the first board game you ever bought (excluding non-proprietary games like Chess)?', 'What is the name of the street that you grew up on?', 'What was your favourite holiday destination as a child?', 'What is the first great work of literature you ever read?', 'What is your all-time LEAST favourite television show?', 'What was the name of the first album you ever bought?', 'What is your all-time LEAST favourite German-style board game/Eurogame?', 'What is your favourite classic film?', 'What is your favourite Agricola Occupation or Improvement?', 'Who is your all-time LEAST favourite fictional character?', 'Who is your favourite character from The Simpsons?', 'What place would you most like to live when you retire?');
$FormUserName = sanitise_str(@$_POST['UserName'], STR_GPC | STR_ESCAPE_HTML);
$FormEmail = sanitise_str(@$_POST['Email'], STR_GPC | STR_ESCAPE_HTML);
$EPromptText = ($FirstShow or isset($_POST['EPrompt'])) ? ' checked' : '';
$mypage->title_body('New user registration');
$mypage->leaf('h1', 'New user registration');
if ($errors) {
$mypage->opennode('ul');
$mypage->append($errorlist);
$mypage->closenode();
}
$mypage->opennode('form', 'action="newuser.php" method="POST"');
$mypage->opennode('table', 'class="table_no_borders" style="text-align: left;"');
$mypage->opennode('tr');
$mypage->leaf('td', 'Name:', 'width=165 align=right');
$mypage->leaf('td', '<input type="text" name="UserName" size=20 maxlength=20 value="' . $FormUserName . '">');
$mypage->next();
$mypage->leaf('td', 'Password:'******'align=right');
}
}
}
return $squashedstring;
}
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////
$mypage = page::standard();
if ($Administrator < 2) {
$mypage->title_body('Not authorised');
$mypage->leaf('p', 'You are not authorised to make use of this page. Please click <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$change_every_procedure = sanitise_bool(@$_POST['change_every_procedure']);
$changes = (!$change_every_procedure and isset($_POST['changes'])) ? array_unique(preg_split('/[\\s"]+/', sanitise_str($_POST['changes'], STR_GPC), null, PREG_SPLIT_NO_EMPTY)) : array();
$hf_directory_resource = @opendir(substr(HIDDEN_FILES_PATH, 0, -1));
if ($hf_directory_resource === false) {
$mypage->title_body('Cannot access directory');
$mypage->leaf('p', 'The script encountered a problem while attempting to access the hidden files directory.');
$mypage->finish();
}
$finished = false;
$file_names = array();
$files = array();
while (!$finished) {
$current_file_name = readdir($hf_directory_resource);
if ($current_file_name === false) {
$finished = true;
} else {
if (!is_dir(HIDDEN_FILES_PATH . $current_file_name) and substr($current_file_name, 0, 11) == 'procedures_' and substr($current_file_name, -4) == '.txt') {
