function cleanSql($input)
{
if (is_array($input)) {
foreach ($input as $k => $v) {
$output[$k] = cleanSql($v);
}
} else {
$output = (string) $input;
$output = mysql_real_escape_string($output);
}
return $output;
}
function clacDamage($poke1, $poke2, $moveUsed)
{
// poke1 is attacking poke2
global $attackMod;
$types = array('Snow', 'Shiny', 'Halloween', 'Rainbow', 'Helios', 'Possion', 'Shadow', 'Normal');
$poke1name = trim(str_replace($types, '', $poke1['name']));
$poke2name = trim(str_replace($types, '', $poke2['name']));
$moveUsed = cleanSql($moveUsed);
$query = mysql_query("SELECT * FROM `moves` WHERE `name`='{$moveUsed}' LIMIT 1");
if (!$query || mysql_num_rows($query) == false) {
array('damage' => 100, 'message' => '');
}
$moveRow = mysql_fetch_assoc($query);
$stab = $moveRow['type'] == $poke1['type1'] || $moveRow['type'] == $poke1['$type2'] ? 1.5 : 1;
$query = mysql_query("SELECT * FROM `pokedex` WHERE `name`='{$poke1name}' LIMIT 1");
if (!$query || mysql_num_rows($query) == false) {
array('damage' => 101, 'message' => '');
}
$poke1row = mysql_fetch_assoc($query);
if ($moveRow['type'] == 'Status') {
return array('damage' => 0, 'message' => '');
}
$attackStat = $moveRow['type'] == 'Special' ? $poke1row['spattack'] : $poke1row['attack'];
$attackStat = ceil(($attackStat * 2 + 5) / 100 * $poke1['level']);
$attackPower = $moveRow['power'];
// poke 2 defence
$query = mysql_query("SELECT * FROM `pokedex` WHERE `name`='{$poke2name}' LIMIT 1");
if (!$query || mysql_num_rows($query) == false) {
return array('damage' => 102, 'message' => '');
}
$poke2row = mysql_fetch_assoc($query);
$defenseStat = ceil(($poke2row['defence'] * 2 + 5) / 100 * $poke2['level']);
$weakness = 1;
if (isset($poke2row['type1']) && isset($attackMod[$moveRow['type']][$poke2row['type1']])) {
$weakness = $attackMod[$moveRow['type']][$poke2row['type1']];
}
if (isset($poke2row['type2']) && isset($attackMod[$moveRow['type']][$poke2row['type2']])) {
$weakness *= $attackMod[$moveRow['type']][$poke2row['type2']];
}
$messages = array('msg-0' => 'It doesn\'t affect ' . $poke2['name'] . '...', 'msg-0.25' => 'It\'s not very effective...', 'msg-0.5' => 'It\'s not very effective...', 'msg-1' => '', 'msg-2' => 'It\'s super effective!', 'msg-4' => 'It\'s super effective!');
$damage = ((2 * $poke1['level'] / 5 + 2) * $attackStat * $attackPower / $defenseStat / 50 + 2) * $stab * $weakness * mt_rand(85, 100) / 100;
if ($weakness == 0) {
$damage = 0;
}
return array('damage' => round($damage / 10), 'message' => $messages['msg-' . $weakness]);
}
if (empty($subject)) {
$errors[] = 'Subject field was empty.';
}
if (empty($message)) {
$errors[] = 'Message field was empty.';
}
if ($_SESSION['token'] != $_POST['token']) {
$errors[] = 'There was an error sending the message.';
$username = '';
$subject = '';
$message = '';
}
if (count($errors) > 0) {
echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
$sqlSender = cleanSql($_SESSION['username']);
$time = time();
$query = mysql_query("\n\t\t\t\t\tINSERT INTO `messages` (\n\t\t\t\t\t\t`sender_uid`, `recipient_uid`, `sender`, `recipient`,\n\t\t\t\t\t\t`timestamp`, `subject`, `message`, `read`,\n\t\t\t\t\t\t`deleted_by_sender`, `deleted_by_recipient`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'{$uid}', '{$userid}', '{$sqlSender}', '{$sqlUsername}',\n\t\t\t\t\t\t'{$time}', '{$sqlSubject}', '{$sqlMessage}', '0',\n\t\t\t\t\t\t'{$outbox}', '0'\n\t\t\t\t\t)\n\t\t\t\t");
mysql_query("UPDATE `users` SET `unread_messages`=`unread_messages`+1, `total_messages`=`total_messages`+1 WHERE `id`='{$userid}' LIMIT 1");
if ($query) {
echo '<div class="notice">Message Sent.</div>';
$username = '';
$subject = '';
$message = '';
} else {
echo '<div class="error">There was an error sending the message.</div>';
}
}
}
if (isset($_GET['reply'])) {
$id = (int) $_GET['reply'];
if ($price <= 0) {
$errors[] = 'Price can not be negative.';
}
$level = (int) $_POST['level'];
if ($level <= 0 || $level > 100) {
$errors[] = 'Level needs to be between 1 and 100.';
}
$chance = (int) $_POST['chance'];
if ($chance <= 0 || $chance > 100) {
$errors[] = 'Chance needs to be between 1 and 100.';
}
if (count($errors) >= 1) {
echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
echo '<div class="notice">The pokemon has been edited.</div>';
$name = cleanSql($name);
setConfigValue('snow_machine_price', $price);
setConfigValue('snow_machine_pokemon', $name);
setConfigValue('snow_machine_chance', $chance);
setConfigValue('snow_machine_pokemon_level', $level);
$handle = fopen('edit_snow_machine_log.txt', 'a+');
fwrite($handle, "{$_SESSION['username']} edited the snow machine. Name: {$name}, Price: {$price}, Chance: {$chance}, Level: {$level}" . PHP_EOL);
fclose($handle);
}
}
$smPrice = getConfigValue('snow_machine_price');
$smPokemon = getConfigValue('snow_machine_pokemon');
$smChance = getConfigValue('snow_machine_chance');
$smPokemonLevel = getConfigValue('snow_machine_pokemon_level');
echo '
<form method="post">
if (isset($_POST["recaptcha_challenge_field"]) && isset($_POST["recaptcha_response_field"])) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$errors[] = $lang['register_captcha_wrong'];
}
} else {
$errors[] = $lang['register_captcha_missing'];
}
$query = mysql_query("SELECT `id` FROM `users` WHERE `username`='{$sqlUsername}' LIMIT 3");
if (mysql_num_rows($query) == 3) {
$errors[] = $lang['register_taken_username'];
}
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') {
$ip = cleanSql($_SERVER['HTTP_X_FORWARDED_FOR']);
} else {
$ip = cleanSql($_SERVER['REMOTE_ADDR']);
}
if (isset($_GET['ref'])) {
$refId = (int) $_GET['ref'];
$query = mysql_query("SELECT * FROM `users` WHERE `id`='{$refId}'");
$refRow = mysql_fetch_assoc($query);
if ($refRow['ip'] == $ip) {
$errors[] = $lang['register_match_ip'];
}
}
$oneDayAgo = time() - 60 * 60 * 24;
$query = mysql_query("SELECT `id` FROM `users` WHERE `ip`='{$ip}' AND `signup_date`>='{$oneDayAgo}' LIMIT 1");
if (mysql_num_rows($query) == 1) {
$errors[] = $lang['register_already_ip'];
}
/* if(mysql_num_rows(mysql_query("SELECT id FROM users WHERE ip = '{$ip}'")) != 0) {
<a href="user_ip.php?ip=' . $userInfo['ip'] . '">
' . $userInfo['ip'] . '
</a>
</td>
</tr>
';
}
echo '
</table>
';
}
// network
$ipParts = explode('.', $ip);
unset($ipParts[count($ipParts) - 1]);
$newIp = implode('.', $ipParts);
$newIpSql = cleanSql($newIp);
$newIpHtml = cleanHtml($newIp . '.*');
$query = mysql_query("SELECT * FROM `users` WHERE `ip` LIKE '{$newIpSql}%' AND `ip`!='{$ipSql}' ORDER BY `ip` ASC LIMIT 50");
$numRows = mysql_num_rows($query);
if ($numRows == 0) {
echo '
<div class="error">
Could not find any users with the an ip address matching <strong>' . $newIpHtml . '</strong>!
</div>
';
} else {
echo '
<br />
<table class="center pretty-table" style="width: 50%;">
<tr>
<th colspan="3">Users with nearly the same IP</th>
<?php
include 'config.php';
include 'functions.php';
if (!isLoggedIn()) {
redirect('login.php');
}
if (!isset($_GET['id'])) {
redirect('membersarea.php');
}
$pid = (int) $_GET['id'];
$uid = (int) $_SESSION['userid'];
$sqlUsername = cleanSql($_SESSION['username']);
include '_header.php';
printHeader('Start An Auction');
$query = mysql_query("SELECT * FROM `user_pokemon` WHERE `id`='{$pid}' AND `uid`='{$uid}'");
if (mysql_num_rows($query) == 0) {
echo '<div class="error">Not your pokemon!</div>';
include '_footer.php';
die;
}
$pokeRow = mysql_fetch_assoc($query);
if (in_array($pokeRow['id'], getUserTeamIds($uid))) {
echo '<div class="error">This pokemon is in your team,</div>';
include '_footer.php';
die;
}
if (isset($_POST['duration']) && in_array($_POST['duration'], range(0, 4))) {
$costs = array('0' => 200, '1' => 1000, '2' => 5000, '3' => 10000, '4' => 15000);
$cost = $costs[$_POST['duration']];
if (getUserMoney($uid) < $cost) {
function logActivity($message, $uid, $image = '')
{
$uid = (int) $uid;
$message = cleanSql($message);
$image = cleanSql($image);
$time = time();
//mysql_query("INSERT INTO `activity` (`message`, `uid`, `time`, `image`) VALUES ('{$message}', '{$uid}', '{$time}', '{$image}')");
}
<?php
include '../config.php';
include '../functions.php';
include '../_header.php';
printHeader('Top Individual Pokemon Ranking');
$name = cleanSql(trim($_GET['name']));
$query = mysql_query("SELECT `user_pokemon`.`id` AS `pid`, `user_pokemon`.`name`, `user_pokemon`.`level`, `user_pokemon`.`gender`, `users`.`username`, `users`.`id` AS `uid` FROM `user_pokemon`, `users` WHERE `user_pokemon`.`name`='{$name}' AND `user_pokemon`.`uid`=`users`.`id` ORDER BY `level` DESC LIMIT 100");
if (mysql_num_rows($query) == 0) {
echo '<div class="error">Could not find any pokemon.</div>';
include '../_footer.php';
die;
}
$filename = '../images/pokemon/' . $name . '.png';
if (is_file($filename)) {
echo '<img src="' . $filename . '" title="' . $name . '" alt="' . $name . '" />';
}
echo '
<table class="pretty-table">
<tr>
<th>Owner</th>
<th>Name</th>
<th>Level</th>
<th>Gender</th>
</tr>
';
$genderArray = array('1' => 'Male', '2' => 'Female', '0' => 'Genderless');
while ($pokeArray = mysql_fetch_assoc($query)) {
echo '
<tr>
<td><a href="../profile.php?id=' . $pokeArray['uid'] . '">' . cleanHtml($pokeArray['username']) . '</td>
$errors[] = 'HP was invalid.';
}
$speed = (int) $_POST['speed'];
if ($speed < 1 || $speed > MAX_STAT) {
$errors[] = 'Speed was invalid.';
}
if (count($errors) >= 1) {
echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
$name = cleanSql($name);
$type1 = cleanSql($type1);
$type2 = cleanSql($type2);
$move1Name = cleanSql($move1Name);
$move2Name = cleanSql($move2Name);
$move3Name = cleanSql($move3Name);
$move4Name = cleanSql($move4Name);
if (!isset($_GET['add'])) {
mysql_query("\n\t\t UPDATE `pokedex` SET\n\t\t `name` = '{$name}',\n\t\t `num` = '{$num}',\n\t\t `attack` = '{$attack}',\n\t\t `spattack` = '{$spattack}',\n\t\t `def` = '{$defence}',\n\t\t `spdef` = '{$spdefence}',\n\t\t `hp` = '{$hp}',\n\t\t `speed` = '{$speed}',\n\t\t `type1` = '{$type1}',\n\t\t `type2` = '{$type2}',\n\t\t `move1` = '{$move1Name}',\n\t\t `move2` = '{$move2Name}',\n\t\t `move3` = '{$move3Name}',\n\t\t `move4` = '{$move4Name}'\n\t\t WHERE `id`='{$pid}' LIMIT 1\n\t\t");
echo '<div class="notice">The pokemon has been edited.</div>';
$query = mysql_query("SELECT * FROM `pokedex` WHERE `id`='{$pid}' LIMIT 1");
$pokeInfo = mysql_fetch_assoc($query);
} else {
mysql_query("\n\t\t INSERT INTO `pokedex` (\n\t\t\t `name`,\n\t\t\t `num`,\n\t\t\t `attack`,\n\t\t\t `spattack`,\n\t\t\t `def`,\n\t\t\t `spdef`,\n\t\t\t `hp`,\n\t\t\t `speed`,\n\t\t\t `type1`,\n\t\t\t `type2`,\n\t\t\t `move1`,\n\t\t\t `move2`,\n\t\t\t `move3`,\n\t\t\t `move4`\n\t\t ) VALUES (\n\t\t\t '{$name}',\n\t\t\t\t'{$num}',\n\t\t\t\t'{$attack}',\n\t\t\t\t'{$spattack}',\n\t\t\t\t'{$defence}',\n\t\t\t\t'{$spdefence}',\n\t\t\t\t'{$hp}',\n\t\t\t\t'{$speed}',\n\t\t\t\t'{$type1}',\n\t\t\t\t'{$type2}',\n\t\t\t\t'{$move1Name}',\n\t\t\t\t'{$move2Name}',\n\t\t\t\t'{$move3Name}',\n\t\t\t\t'{$move4Name}'\n\t\t )\n\t\t");
echo '<div class="notice">The pokemon has been added.</div>';
}
}
}
echo '
<form method="post">
<table class="center pretty-table">
<tr>
$signature = $_POST['signature'];
$banReason = $_POST['ban_reason'];
$clanId = (int) $_POST['clan'];
if ($clanId != 0) {
$query = mysql_query("SELECT `id` FROM `clans` WHERE `id`='{$clanId}'");
if (mysql_num_rows($query) == 0) {
$errors[] = 'Clan does not exist.';
}
}
if (count($errors) >= 1) {
echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
echo '<div class="notice">You have edited the user.</div>';
$email = cleanSql($email);
$signature = cleanSql($signature);
$banRason = cleanSql($banReason);
mysql_query("\n UPDATE `users` SET\n `money` = '{$money}',\n `bank` = '{$bank}',\n `token` = '{$tokens}',\n `released` = '{$released}',\n `won` = '{$won}',\n `lost` = '{$lost}',\n `email` = '{$email}',\n `lottery` = '{$lottery}',\n `clan` = '{$clanId}',\n `clanxp` = '{$clanexp}',\n `rank` = '{$rank}',\n `userbar` = '{$userbar}',\n `signature` = '{$signature}',\n `banned` = '{$banned}',\n `premium` = '{$premium}',\n `ban_reason` = '{$banReason}'\n WHERE `id`='{$userid}'\n ");
$query = mysql_query("SELECT * FROM `users` WHERE `id`='{$userid}' LIMIT 1");
$userInfo = mysql_fetch_assoc($query);
$handle = fopen('edit_user_log.txt', 'a+');
fwrite($handle, "{$_SESSION['username']} edited the user with the id {$userid}" . PHP_EOL);
fclose($handle);
}
}
$userInfo = cleanHtml($userInfo);
echo '
<form method="post" action="?id=' . $userInfo['id'] . '">
<table class="center pretty-table">
<tr>
<th colspan="2">Edit User</th>
</tr>
if (isset($_POST['submit'], $_POST['img_name'], $_POST['comment'])) {
if ($_FILES['file']['error'] > 0) {
// echo $_FILES["file"]["error"] . '<br />';
echo '<div class="error">There was an error!</div>';
} else {
if ($_FILES['file']['size'] > 1048576) {
echo '<div class="error">The file size it too large!</div>';
} else {
$imageData = file_get_contents($_FILES['file']['tmp_name']);
$im = imagecreatefromstring($imageData);
if ($im == false) {
echo '<div class="error">There was an error creating the image!</div>';
} else {
$base64Image = cleanSql(base64_encode($imageData));
$imgName = cleanSql(trim(str_replace(array(chr(0), '<', '>', '.', '/', '\\'), '', $_POST['img_name'])));
$comment = cleanSql($_POST['comment']);
$uid = (int) $_SESSION['userid'];
if (empty($imgName)) {
echo '<div class="error">Image name was empty!</div>';
} else {
mysql_query("\n\t\t\t\t\tINSERT INTO `new_images` (\n\t\t\t\t\t\t`uid`, `image_data`, `image_name`, `comment`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'{$uid}', '{$base64Image}', '{$imgName}', '{$comment}'\n\t\t\t\t\t)\n\t\t\t\t");
echo '<div class="notice">Image was submitted for admin approval!</div>';
}
}
}
}
}
echo '
<form method="post" enctype="multipart/form-data">
<table class="pretty-table center">
<tr>
}
include '_header.php';
printHeader('Change Attacks');
if (isset($_POST['sid'], $_POST['mid'])) {
$sid = (int) $_POST['sid'];
$mid = (int) $_POST['mid'];
$query = mysql_query("SELECT * FROM `moves` WHERE `id`='{$mid}' LIMIT 1");
if (!in_array($sid, range(1, 4)) || mysql_num_rows($query) == 0) {
echo '<div class="error">Something went wrong.</div>';
} else {
$moveRow = mysql_fetch_assoc($query);
$price = powerToPrice($moveRow['power']);
if ($userMoney < $price) {
echo '<div class="error">You do not have enough money.</div>';
} else {
$sqlMoveName = cleanSql($moveRow['name']);
mysql_query("UPDATE `user_pokemon` SET `move{$sid}`='{$sqlMoveName}' WHERE `id`='{$pid}' LIMIT 1");
mysql_query("UPDATE `users` SET `money`=`money`-{$price} WHERE `id`='{$uid}' LIMIT 1");
echo '
<div class="notice">
Your ' . $pokemon['name'] . ' forgot ' . $pokemon['move' . $sid] . ' and learned ' . $moveRow['name'] . '!
</div>
';
$pokemon['move' . $sid] = $moveRow['name'];
$userMoney -= $price;
}
}
}
$query = mysql_query("SELECT * FROM `moves` ORDER BY `type` ASC, `power` DESC");
$allMoves = array();
// order the moves by type
<?php
require_once 'functions.php';
require_once 'config.php';
include '_header.php';
if (isLoggedIn()) {
redirect('index.php');
}
if ($_POST['submit']) {
$username = (string) $_POST['username'];
$email = (string) $_POST['email'];
$sqlUsername = cleanSql($username);
$htmlUsername = cleanHtml($username);
$sqlEmail = cleanSql($email);
$htmlEmail = cleanHtml($email);
if ($username && $email) {
$passwordlenth = 25;
$charset = 'abcdefghijklmnoprstovwxy1234567890';
for ($x = 1; $x <= $passwordlenth; $x++) {
$rand = rand() % strlen($charset);
$temp = substr($charset, $rand, 1);
$key .= $temp;
}
//$key_sha1 = sha1($key);
$query = mysql_query("\n\t\t\tSELECT * \n\t\t\tFROM `users`\n\t\t\tWHERE `username` = '{$sqlUsername}'\n\t\t\tAND `email` = '{$sqlEmail}'\n\t\t") or die(mysql_error());
$row = mysql_num_rows($query);
if ($row != 0) {
$update = mysql_query("\n\t\t\t\tUPDATE `users`\n\t\t\t\tSET `reset_key` = '{$key}'\n\t\t\t\tWHERE `email` = '{$sqlEmail}'\n\t\t\t");
//Send e-mail
$to = $email;
$subject = 'Reset Password';
// why is this here? i can not see anywhere where it is used!
// also mysql_select_db should be mysql_fetch_assoc ;-)
// - asdd
//
$user = cleanSql($_SESSION['username']);
$info = mysql_select_db(mysql_query("SELECT * FROM `users` WHERE `username` = '$user'"));
$user = $info['username'];
$userid = $info['id'];
$password2 = $info['password'];
*/
?>
<center>
<?php
if (isset($_POST['update'], $_POST['avatar'])) {
$avatar = cleanSql('http://pkmnhelios.net/' . $_POST['avatar']);
$update = mysql_query("UPDATE `users` SET `avatar`= '{$avatar}' WHERE `id`='{$uid}'");
echo "Your avatar was updated succesfully";
}
?>
<form method=post>
Choose your avatar <br><?php
echo '<img id=avatarchange src=images/trainers/000.png />';
?>
<?php
echo '<select name=avatar id= Avatar onChange=changeAvi()>';
$sql6 = mysql_query("SELECT * FROM avatars");
while ($row6 = mysql_fetch_array($sql6)) {
echo "<option value='" . $row6['Image'] . "'>" . $row6['Name'] . "</option>";
}
}
}
$newCat = (bool) $_POST['newCat'][$pnum];
$catName = $newCat == true ? $_POST['newCatName'][$pnum] : $_POST['oldCatName'][$pnum];
$catName = preg_replace('/[^A-Za-z0-9]/', '', $catName);
if ($catName == '') {
$errors[] = 'Category name can not be empty.';
}
if (count($errors) >= 1) {
// we don't actually use the $errors array...
// echo '<div class="error">'.implode('</div><div class="error">', $errors).'</div>';
$errorPokeIds[] = $pid;
} else {
$name = cleanSql($name);
$price = cleanSql($price);
$catName = cleanSql($catName);
mysql_query("UPDATE `shop_pokemon` SET `name`='{$name}', `price`='{$price}', `category`='{$catName}' WHERE `id`='{$pid}'") or die(mysql_error());
}
}
}
if (!empty($errorPokeIds)) {
echo '
<div class="error">
Could not update all of the pokemon!
<div class="small">Please check the pokemon below.</div>
</div>
';
} else {
if (isset($_POST['save']) && empty($errorPokeIds)) {
echo '
<div class="notice">
<img src="images/pokemon/' . $p_class->name . '.png>"
</td>
<td>Evolves into<br><br><b>Requirements:</b><br>Level: <b>' . $p_class->level . '</b><br>Item: </td>
<td>
<div><b>' . $p_class->evolution . '</b></div>
<img src="images/pokemon/' . $p_class->evolution . '.png">
</td>
</tr>
</table>
</center>';
// asdd stuff
// rarity list
// added 5/26/2013
$name = cleanSql($p_class->name);
$query = mysql_query("SELECT `name`, `gender`, count(`id`) as amount FROM `user_pokemon` WHERE `name` LIKE '%{$name}%' GROUP BY `name`, `gender`");
$pokeArray = array();
$genderArray = array('0' => 'genderless', '1' => 'male', '2' => 'female');
while ($r = mysql_fetch_assoc($query)) {
$pokeArray[$r['name']][$genderArray[$r['gender']]] = $r['amount'];
}
echo '
<br />
<table class="pretty-table">
<tr>
<th>Name</th>
<th>Male</th>
<th>Female</th>
<th>Genderless</th>
</tr>
if (mysql_num_rows($query) == 0) {
redirect('view_box.php');
}
$boxUsername = mysql_fetch_assoc($query);
$boxUsername = $boxUsername['username'];
include '_header.php';
$headerText = isset($_GET['id']) ? $boxUsername . 's Pokemon' : 'Your Pokemon';
printHeader($headerText);
$sorts = array(1 => ' ORDER BY `name` ASC', 2 => ' ORDER BY `name` DESC', 3 => ' ORDER BY `exp` ASC', 4 => ' ORDER BY `exp` DESC');
$search = isset($_GET['search']) ? $_GET['search'] : '';
$sort = $_GET['sort'];
$sortKey = isset($sort) && in_array($sort, array_keys($sorts)) ? $sort : 1;
$orderSql = $sorts[$sortKey];
$searchSql = '';
if (!empty($search)) {
$searchSqlSafe = cleanSql($search);
$searchHtmlSafe = cleanHtml($search);
$searchSql = " AND `name` LIKE '%{$searchSqlSafe}%' ";
}
$countQuery = mysql_query("SELECT `id` FROM `user_pokemon` WHERE `uid`='{$gid}' {$searchSql}");
$numRows = mysql_num_rows($countQuery);
$pagination = new Pagination($numRows);
if (!empty($search)) {
$pagination->addQueryStringVar('search', $search);
}
if (isset($_GET['id'])) {
$pagination->addQueryStringVar('id', (int) $_GET['id']);
}
if ($sortKey != 1) {
$pagination->addQueryStringVar('sort', $sortKey);
}
}
if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'The email you entered is not valid.';
}
if (!in_array($sprite, range(1, 10))) {
$sprite = 1;
}
if (count($errors) > 0) {
$message = '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
if (!empty($passwordNew)) {
$newPasswordSql = !empty($passwordNew) ? " `password`='" . sha1($passwordNew) . "', " : '';
}
$sqlAvatar = cleanSql($avatar);
$sqlEmail = cleanSql($email);
$sqlSig = cleanSql($signature);
$sprite = (int) $sprite;
$query = mysql_query("UPDATE `users` SET {$newPasswordSql} `email`='{$sqlEmail}', `avatar`='{$sqlAvatar}', `map_sprite`='{$sprite}', `signature`='{$sqlSig}' WHERE `id`='{$uid}'");
if ($query) {
$message = '<div class="notice">Your profile has been edited.</div>';
} else {
$message = '<div class="error">Something went wrong.</div>';
}
}
}
$query = mysql_query("SELECT * FROM `users` WHERE `id`='{$uid}'");
$userRow = cleanHtml(mysql_fetch_assoc($query));
$cells = array();
for ($i = 1; $i <= 10; $i++) {
$attr = $userRow['map_sprite'] == $i ? ' checked="checked" ' : '';
$cells[] = '
}
$content = trim($_POST['content']);
if (empty($content)) {
$errors[] = 'Content can not be empty.';
}
$sqlPoster = cleanSql($_POST['poster']);
$query = mysql_query("SELECT * FROM `users` WHERE `username`='{$sqlPoster}' AND `admin`='1'");
if (mysql_num_rows($query) == 0) {
$errors[] = 'Invalid poster.';
}
if (count($errors) >= 1) {
echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>';
} else {
echo '<div class="notice">The news has been edited!</div>';
$sqlTitle = cleanSql($title);
$sqlContent = cleanSql($content);
$time = time();
mysql_query("UPDATE `news` SET `title`='{$sqlTitle}', `news`='{$sqlContent}', `bywho`='{$sqlPoster}', `date`='{$time}' WHERE `id`='5033'");
}
}
$query = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT 1");
$row = mysql_fetch_assoc($query);
$row = cleanHtml($row);
echo '
<form method="post">
<table class="pretty-table center">
<tr>
<th colspan="2">Edit News</th>
</tr>
<tr>
<td>Title:</td>
if (trim($name) == '') {
$deletedPokemon = true;
mysql_query("DELETE FROM `token_shop_pokemon` WHERE `id`='{$pid}' LIMIT 1");
continue;
} else {
if (!file_exists('../images/pokemon/' . $name . '.png')) {
$errors[] = 'Could not find a picture for that pokemon.';
}
}
if (count($errors) >= 1) {
// we don't actually use the $errors array...
// echo '<div class="error">'.implode('</div><div class="error">', $errors).'</div>';
$errorPokeIds[] = $pid;
} else {
$name = cleanSql($name);
$price = cleanSql($price);
mysql_query("UPDATE `token_shop_pokemon` SET `name`='{$name}', `price`='{$price}' WHERE `id`='{$pid}'") or die(mysql_error());
}
}
}
if (!empty($errorPokeIds)) {
echo '
<div class="error">
Could not update all of the pokemon!
<div class="small">Please check the pokemon below.</div>
</div>
';
} else {
if (isset($_POST['save']) && empty($errorPokeIds)) {
echo '
<div class="notice">
