$del_1 = $db->exec("DELETE FROM " . OSDB_COMMENTS . " WHERE id = '" . (int) $id . "' AND post_id = '" . (int) $pid . "' LIMIT 1"); $sth = $db->prepare("SELECT COUNT(*) FROM " . OSDB_COMMENTS . " WHERE post_id=:post_id LIMIT 1"); $sth->bindValue(':post_id', (int) $pid, PDO::PARAM_INT); $result = $sth->execute(); $r = $sth->fetch(PDO::FETCH_NUM); $TotalComments = $r[0]; $update = $db->exec("UPDATE " . OSDB_NEWS . " SET comments = '" . (int) $TotalComments . "' WHERE news_id = '" . (int) $pid . "' "); header('location: ' . OS_HOME . '?post_id=' . $pid . '#comments'); die; } if (isset($_POST["add_comment"]) and os_is_logged() and isset($_GET["post_id"]) and is_numeric($_GET["post_id"]) and isset($_SESSION["code"]) and isset($_POST["code"]) and isset($_POST["pid"])) { require_once OS_PLUGINS_DIR . 'index.php'; os_init(); $id = safeEscape((int) $_GET["post_id"]); $text = OS_StrToUTF8($_POST["post_comment"]); $text = PrepareTextDB($text); //$text = EscapeStr( ($text) ); //$text = (($text)); $errors = ""; //Check if comments is allowed for this post $sth = $db->prepare("SELECT * FROM " . OSDB_NEWS . " WHERE news_id=:news_id AND allow_comments = 1"); $sth->bindValue(':news_id', (int) $id, PDO::PARAM_INT); $result = $sth->execute(); if ($sth->rowCount() <= 0) { $errors .= "<div>" . $lang["error_comment_not_allowed"] . "</div>"; } if ($_SESSION["code"] != $_POST["code"]) { $errors .= "<div>" . $lang["error_invalid_form"] . "</div>"; } if ($_POST["pid"] != $id) { $errors .= "<div>" . $lang["error_invalid_form"] . "</div>";
<?php if (!isset($website)) { header('HTTP/1.1 404 Not Found'); die; } $errors = ""; ?> <div align="center"> <h2>Ban Appeals</h2> <?php if (isset($_POST["answer"]) and strlen($_POST["answer"]) >= 2) { $answer = OS_StrToUTF8($_POST['answer']); $answer = PrepareTextDB(strip_tags($answer)); $t = safeEscape($_GET["t"]); $player = safeEscape($_GET["edit"]); $sth = $db->prepare("UPDATE " . OSDB_APPEALS . " SET resolved_text = '" . $answer . "', resolved = '" . $_SESSION["username"] . "' WHERE LOWER(player_name) = LOWER('" . $player . "') AND added = '" . $t . "' LIMIT 1"); $result = $sth->execute(); if (isset($_POST["email"]) and $_POST["email"] == 1) { $sth = $db->prepare("SELECT * FROM " . OSDB_USERS . " WHERE LOWER(bnet_username) = LOWER('" . $player . "') LIMIT 1"); $result = $sth->execute(); $row = $sth->fetch(PDO::FETCH_ASSOC); if (isset($_SESSION["adm_email_send"]) and $_SESSION["adm_email_send"] == $row["user_email"]) { $dontSend = 1; } //send only one email (when edit) if (!empty($row["user_email"]) and !isset($dontSend)) { $message = "You have just received a message from " . $_SESSION["username"] . "<br />"; $message .= "<br />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br />"; $message .= convEnt($answer);
//eDIT if (isset($_GET["edit"]) and is_numeric($_GET["edit"])) { $name = ""; $server = ""; if (isset($_GET["edit"]) and is_numeric($_GET["edit"])) { $id = safeEscape((int) $_GET["edit"]); } //UPDATE if (isset($_POST["edit_comment"])) { /* $text = my_nl2br( trim($_POST["comment"]) ); $text = nl2br($text); $text = EscapeStr( ($text) ); $text = (($text)); */ $text = PrepareTextDB($_POST["comment"]); if (strlen($text) <= 2) { $errors .= "<div>Field Text does not have enough characters</div>"; } $time = date("Y-m-d H:i:s", time()); $d = EscapeStr($_POST["_d"]); $m = EscapeStr($_POST["_m"]); $Y = EscapeStr($_POST["_Y"]); $H = EscapeStr($_POST["_H"]); $i = EscapeStr($_POST["_i"]); $DateErr = 0; $PostTime = strtotime($Y . "-" . $m . "-" . $d . " " . $H . ":" . $i . ":00"); $sqlPostDate = ", date = '" . $PostTime . "' "; if ($d <= 0 or $d >= 32) { $sqlPostDate = ''; }