$q4 = mysql_real_escape_String($q4); $q5 = mysql_real_escape_String($q5); $q6 = mysql_real_escape_String($q6); $qtotal = mysql_real_escape_String($qtotal); $f1 = mysql_real_escape_String($f1); $f2 = mysql_real_escape_String($f2); $f3 = mysql_real_escape_String($f3); $f4 = mysql_real_escape_String($f4); $f5 = mysql_real_escape_String($f5); $f6 = mysql_real_escape_String($f6); $f7 = mysql_real_escape_String($f7); $f8 = mysql_real_escape_String($f8); $f9 = mysql_real_escape_String($f9); $final = mysql_real_escape_String($final); $notes = mysql_real_escape_String($notes); $position = mysql_real_escape_String($position); // Insert into DB $sql = "INSERT INTO scorepr VALUES ('','{$shoot}','{$competitor}','{$q1}','{$q2}','{$q3}','{$q4}','{$q5}','{$q6}','{$qtotal}','{$f1}','{$f2}','{$f3}','{$f4}','{$f5}','{$f6}','{$f7}','{$f8}','{$f9}','{$final}','{$notes}','{$position}');"; if (!mysql_query($sql, $con)) { die('Error: ' . mysql_error()); } else { $success = "<p>The score was added successfully!</p>"; /*header ("Location: addscoreform.php"); */ } // Close connection mysql_close($con); } } ?> <!doctype html> <!--[if lte IE 8]><html class="no-js lt-ie9" lang="en" ><![endif]-->
<?php include '../scripts/conn.php'; $shootevent = $_POST["shootevent"]; $shoottype = $_POST["shoottype"]; $shootdate = $_POST["shootdate"]; $shootevent = mysql_real_escape_String($shootevent); $shoottype = mysql_real_escape_String($shoottype); $shootdate = mysql_real_escape_String($shootdate); $sql = "INSERT INTO shoot (eventID, type, date)\nVALUES\n('{$shootevent}','{$shoottype}','{$shootdate}');"; $result = mysql_query($sql) or die(mysql_error()); header("Location: addscoreform.php");
<?php if (!empty($_POST['keyword'])) { $keyword = mysql_real_escape_String($_POST['keyword']); $max = $gamesonpage; if (!isset($_GET['page'])) { $show = '1'; } else { $show = clean($_GET['page']); } $limits = ($show - 1) * $max; //$r = $db->query(sprintf('SELECT * FROM fas_games WHERE `active`="1" && name LIKE "%$keyword%" LIMIT '.$limits.','.$max.' ')); $r = mysql_query("SELECT * FROM fas_games WHERE `active`='1' && name LIKE '%{$keyword}%'") or die(mysql_error()); $totalres = mysql_result($db->query('SELECT COUNT(ID) AS total FROM fas_games WHERE `active`="1" && name LIKE "%$keyword%"'), 0); $totalpages = ceil($totalres / $max); echo '<div class="header2">Search results for "' . $keyword . '"</div>'; $count = 0; echo '<div class="content2">'; while ($in = $db->fetch_row($r)) { $gamename = preg_replace('#\\W#', '', $in['name']); if ($seo_on == 1) { $playlink = '' . $domain . '/play/' . $in['ID'] . '-' . $gamename . '.html'; } else { $playlink = '' . $domain . '/index.php?action=play&ID=' . $in['ID'] . ''; } if ($count % 2 == 0) { echo '<div class="home_category"> <div class="home_img"> <a href="' . $playlink . '">'; if ($in['type'] == 1) { echo '<img src="' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '" alt="' . $gamename . '" class="home_img" />';
<?php include '../scripts/conn.php'; $eventmeeting = $_POST["eventmeeting"]; $eventname = $_POST["eventname"]; $eventdiscipline = $_POST["eventdiscipline"]; $gender = $_POST["gender"]; $entrants = $_POST["entrants"]; $eventmeeting = mysql_real_escape_String($eventmeeting); $eventname = mysql_real_escape_String($eventname); $eventdiscipline = mysql_real_escape_String($eventdiscipline); $gender = mysql_real_escape_String($gender); $entrants = mysql_real_escape_String($entrants); $sql = "INSERT INTO event (meetingID, eventname, entrants, disciplineID, gender)\nVALUES\n('{$eventmeeting}','{$eventname}','{$entrants}','{$eventdiscipline}','{$gender}');"; $result = mysql_query($sql) or die(mysql_error()); header("Location: addshootform.php");
setcookie("session", "", time() - 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", true); setcookie("email", "", time() - 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", true); header('Location: ' . $_SERVER['HTTP_REFERER']); exit; } //Check code $res = @mysql_query('SELECT * FROM Authors WHERE Email=\'' . mysql_real_escape_String($email) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>'); $row = mysql_fetch_assoc($res); if ($row) { if ($code !== null && $row['VerifyCode'] === $code) { //We have a valid code, set session $session = sha1($email . $code . rand() . time()); $res = @mysql_query('UPDATE Authors SET VerifyCode=NULL, Session=\'' . mysql_real_escape_String($session) . '\' WHERE Email=\'' . mysql_real_escape_String($email) . '\' AND VerifyCode=\'' . mysql_real_escape_String($code) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>'); if (!$res) { die('<div class="commentError">Failed to update session</div>'); } $url = parse_url(service_url); setcookie("session", $session, time() + 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", true); //Allow javascript to access this cookie setcookie("email", $email, time() + 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", false); header('Location: ' . service_url . '/dashboard/'); return; } } ?> <html> <head> <meta charset="UTF-8" />
<?php include '../scripts/conn.php'; $compfore = $_POST["compfore"]; $compsur = $_POST["compsur"]; $gender = $_POST["gender"]; $birthday = $_POST["birthday"]; $nationality = $_POST["nationality"]; $compfore = mysql_real_escape_String($compfore); $compsur = mysql_real_escape_String($compsur); $gender = mysql_real_escape_String($gender); $birthday = mysql_real_escape_String($birthday); $nationality = mysql_real_escape_String($nationality); $sql = "INSERT INTO competitor (forename, surname, gender, birthday, nationality)\nVALUES\n('{$compfore}','{$compsur}','{$gender}','{$birthday}','{$nationality}');"; $result = mysql_query($sql) or die(mysql_error()); header("Location: addcompform.html");
<?php include '../scripts/conn.php'; $meetingname = $_POST["meetingname"]; $meetingyear = $_POST["meetingyear"]; $meetingname = mysql_real_escape_String($meetingname); $meetingyear = mysql_real_escape_String($meetingyear); $sql = "INSERT INTO meeting (meetingname, year)\nVALUES\n('{$meetingname}','{$meetingyear}');"; $result = mysql_query($sql) or die(mysql_error()); header("Location: addeventform.php");
function writebody() { global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $ads1, $ads2, $ads3, $bannersleft, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $showpages; if (!empty($_POST['keyword'])) { $keyword = mysql_real_escape_String($_POST['keyword']); echo '<div id="container"> <div id="content-container"> <div id="side">'; include "includes/blocks.php"; echo '</div> <div id="content">'; $max = $gamesonpage; if (!isset($_GET['page'])) { $show = '1'; } else { $show = clean($_GET['page']); } $limits = ($show - 1) * $max; $r = mysql_query("SELECT * FROM fas_games WHERE `active`='1' && name LIKE '%{$keyword}%'") or die(mysql_error()); $totalres = mysql_result($db->query('SELECT COUNT(ID) AS total FROM fas_games WHERE `active`="1" && name LIKE "%$keyword%"'), 0); $totalpages = ceil($totalres / $max); echo '<div class="content_nav">Search results for "' . $keyword . '"</div>'; $count = 0; echo '<div class="content2">'; while ($in = $db->fetch_row($r)) { $gamename = preg_replace('#\\W#', '-', $in['name']); if ($seo_on == 1) { $playlink = '' . $domain . '/play/' . $in['ID'] . '-' . $gamename . '.html'; } else { $playlink = '' . $domain . '/index.php?action=play&ID=' . $in['ID'] . ''; } echo '<div id="game_holder"><div align="center"> <a href="' . $playlink . '">'; if ($in['type'] == 1) { echo '<img src="' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '" alt="' . $gamename . '" title="' . $gamename . '" width="90" height="90" class="game_img" />'; } else { echo '<img src="' . $in['thumburl'] . '" alt="' . $gamename . '" title="' . $gamename . '" width="90" height="90" class="game_img" />'; } echo '</a>'; echo '</div></div>'; $count++; } echo '</div><div style="clear:both"></div> <div class="page-box"> ' . $totalres . ' game(s) - Page ' . $show . ' of ' . $totalpages; $pre = $show - '1'; $ne = $show + '1'; if ($seo_on == 1) { $previous = '' . $domain . '/search/page' . $pre . '.html'; $next = '' . $domain . '/search/page' . $ne . '.html'; } else { $previous = '' . $domain . '/index.php?action=search&page=' . $pre . ''; $next = '' . $domain . '/index.php?action=search&page=' . $ne . ''; } if ($totalpages > '1') { echo ' - '; if ($show > '1') { echo '<a href="' . $previous . '" class="page">Previous</a>'; } for ($i = 1; $i <= $totalpages; $i++) { if ($show - $i < '4' || $totalpages - $i < '7') { if ($i - $show < '4' || $i < '8') { if ($seo_on == 1) { $urk = '' . $domain . '/search/page' . $i . '.html'; } else { $urk = '' . $domain . '/index.php?action=search&page=' . $i . ''; } if ($show == $i) { echo '<a href="' . $urk . '" class="page-select">' . $i . '</a>'; } else { echo '<a href="' . $urk . '" class="page">' . $i . '</a>'; } } } } if ($show < $totalpages) { echo '<a href="' . $next . '" class="page">Next</a>'; } } echo '</div> </div></div></div>'; } else { if ($seo_on == 1) { $su = '' . $domain . '/search/'; } else { $su = '' . $domain . '/index.php?action=search'; } echo '<div id="container"> <div id="content-container"> <div id="side">'; include "includes/blocks.php"; echo '</div> <div id="content"> <div class="content_nav">Search</div> <div style="clear:both"></div>'; echo '<form action=\'' . $su . '\' method=\'post\'> <table align=\'center\' width="100%"> <tr> <td class=\'content\'>Keyword(s):</td> <td class=\'content\'><input type=\'text\' name=\'keyword\' size=\'45\' /></td> </tr> <tr> <td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Search\' /></td> </tr> </table> </form> </div></div></div>'; } }
<?php include 'conn.php'; $event = $_POST["event"]; $event = mysql_real_escape_String($event); $sql = "SELECT shootID, name FROM shoot WHERE groupID = {$event}"; $event_res = mysql_query($sql) or die(mysql_error()); while ($row = mysql_fetch_array($event_res)) { $shootid = $row["shootID"]; $name = $row["name"]; echo "<h3>{$name}</h3>"; $sql2 = "SELECT scoreprone.shootID, scoreprone.p1, scoreprone.p2, scoreprone.p3, scoreprone.p4, " . "scoreprone.p5, scoreprone.p6, scoreprone.total, scoreprone.penalties, scoreprone.rank, " . "scoreprone.notes, scoreprone.target, competitor.forename, competitor.surname, competitor.nationality " . "FROM scoreprone INNER JOIN competitor ON scoreprone.compID=competitor.compID WHERE scoreprone.shootID = {$shootid} ORDER BY scoreprone.rank"; $comp_res = mysql_query($sql2) or die(mysql_error()); echo "<table><tr><th>Rank</th><th>Name</th><th>Nationality</th><th>p1</th><th>p2</th><th>p3</th><th>p4</th><th>p5</th><th>p6</th>" . "<th>Total</th><th>Penalties</th><th>notes</th><th>target</th></tr>"; while ($row2 = mysql_fetch_array($comp_res)) { $p1 = $row2["p1"]; $p2 = $row2["p2"]; $p3 = $row2["p3"]; $p4 = $row2["p4"]; $p5 = $row2["p5"]; $p6 = $row2["p6"]; $total = $row2["total"]; $pen = $row2["penalties"]; $rank = $row2["rank"]; $notes = $row2["notes"]; $target = $row2["target"]; $forename = $row2["forename"]; $surname = $row2["surname"]; $nation = $row2["nationality"]; echo "<tr><td>{$rank}</td><td>{$forename} {$surname}</td><td>{$nation}</td><td>{$p1}</td><td>{$p2}</td><td>{$p3}</td><td>{$p4}</td>" . "<td>{$p5}</td><td>{$p6}</td><td>{$total}</td>{$pen}</td><td>{$notes}</td><td>{$target}</td></tr>"; }
public function addLaboratoryTemplate($title, $template) { $con = mysql_connect($this->myHost, $this->username, $this->password); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db($this->database, $con); $sql = "INSERT INTO labResultList (title,template)\nVALUES\n('" . mysql_real_escape_String($title) . "','" . mysql_real_escape_string($template) . "')"; if (!mysql_query($sql, $con)) { die('Error: ' . mysql_error()); } echo "<script type='text/javascript' >"; echo "alert('{$title} is now Added in the list of Laboratory Result Format');"; echo "window.location='http://" . $this->getMyUrl() . "/COCONUT/Laboratory/resultList/addResultForm.php '"; echo "</script>"; mysql_close($con); }
/spacer.gif" width=1 height=8 border=0><br> <img src="<?php echo IMAGE_PATH; ?> /downarrow.gif" width=9 height=6 class="imageformat"><b> <?php echo $hostgroup; ?> </b><p> <?php } else { echo "<p>"; } ?> <?php if (isset($_GET['hostgroup'])) { $table = new Table(array(new TableColumn("host", "Host", "width=41"), new TableColumn("freq", "Connects", "width=12&align=right"), new TableColumn("percent", "Percentage of Connects", "width=30&sort=no&type=bargraph"), new TableColumn("percent", "%", "width=12&sort=no&align=right&append=" . urlencode("%"))), "host", "freq", "host", true, 50); if ($hostgroup == "(Unresolved IP Addresses)") { $hostgroup = ""; } $result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tCOUNT(*),\r\n\t\t\t\tCOUNT(DISTINCT ipAddress)\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t\tWHERE\r\n\t\t\t\thostgroup='" . mysql_real_escape_string($hostgroup) . "'\r\n\t\t"); list($totalconnects, $numitems) = $db->fetch_row($result); $result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tIF(hostname='', ipAddress, hostname) AS host,\r\n\t\t\t\tCOUNT(hostname) AS freq,\r\n\t\t\t\t(COUNT(hostname) / {$totalconnects}) * 100 AS percent\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t\tWHERE\r\n\t\t\t\thostgroup='" . mysql_real_escape_String($hostgroup) . "'\r\n\t\t\tGROUP BY\r\n\t\t\t\thost\r\n\t\t\tORDER BY\r\n\t\t\t\t{$table->sort} {$table->sortorder},\r\n\t\t\t\t{$table->sort2} {$table->sortorder}\r\n\t\t\tLIMIT\r\n\t\t\t\t{$table->startitem},{$table->numperpage}\r\n\t\t"); $table->draw($result, $numitems, 95, "center"); } else { $table = new Table(array(new TableColumn("hostgroup", "Host", "width=41&icon=server&link=" . urlencode("mode=admin&task=tools_ipstats&hostgroup=%k")), new TableColumn("freq", "Connects", "width=12&align=right"), new TableColumn("percent", "Percentage of Connects", "width=30&sort=no&type=bargraph"), new TableColumn("percent", "%", "width=12&sort=no&align=right&append=" . urlencode("%"))), "hostgroup", "freq", "hostgroup", true, 50); $result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tCOUNT(*),\r\n\t\t\t\tCOUNT(DISTINCT hostgroup)\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t"); list($totalconnects, $numitems) = $db->fetch_row($result); $result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tIF(hostgroup='', '(Unresolved IP Addresses)', hostgroup) AS hostgroup,\r\n\t\t\t\tCOUNT(hostgroup) AS freq,\r\n\t\t\t\t(COUNT(hostgroup) / {$totalconnects}) * 100 AS percent\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t\tGROUP BY\r\n\t\t\t\thostgroup\r\n\t\t\tORDER BY\r\n\t\t\t\t{$table->sort} {$table->sortorder},\r\n\t\t\t\t{$table->sort2} {$table->sortorder}\r\n\t\t\tLIMIT\r\n\t\t\t\t{$table->startitem},{$table->numperpage}\r\n\t\t"); $table->draw($result, $numitems, 95, "center"); }
private function processLogs() { if (isset($_SESSION['W3ELOGS'])) { $_SESSION['W3ELOGS'] = array(); unset($_SESSION['W3ELOGS']); } $formElementsArr = array('W3EItems', 'view', 'filter', 'W3EVMID', 'W3EIP', 'W3ECLIENTIP', 'W3EAction', 'W3EDateFROM', 'W3EDateTO'); foreach ($formElementsArr as $element) { if (!isset($element, $_POST)) { $this->setErrors('Problem with filter form. Please go back to the Logs page and try again.', 'ERROR'); header('Location: ' . W3E_MOD_LINK . '&view=log'); exit; } } //Items $item = $this->getSettings('admin_logs_items_per_page'); $logsAdminArr = array(1, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100); if (in_array($_POST['W3EItems'], $logsAdminArr)) { $item = $_POST['W3EItems']; } //Service IP $ip = mysql_real_escape_String(trim($_POST['W3EIP'])); //Client IP $clientip = mysql_real_escape_String(trim($_POST['W3ECLIENTIP'])); //VMID $vmid = trim($_POST['W3EVMID']); if ($vmid != null) { $vmidArr = explode(',', $vmid); for ($i = 0; $i < count($vmidArr); $i++) { $vmidArr[$i] = intval($vmidArr[$i]); } $vmid = implode(',', $vmidArr); } //By $byclient = isset($_POST['W3EBYCLIENT']) ? true : false; $byadmin = isset($_POST['W3EBYADMIN']) ? true : false; //Action $action = mysql_real_escape_string(trim($_POST['W3EAction'])); //Date $fromDate = '0000-00-00'; if (preg_match('@^(\\d{2})\\/(\\d{2})\\/(\\d{4})$@', trim($_POST['W3EDateFROM']), $date1)) { $fromDate = "{$date1[3]}-{$date1[2]}-{$date1[1]}"; } $fromDate .= ' 00:00:00'; $toDate = strftime('%Y-%m-%d'); if (preg_match('@^(\\d{2})\\/(\\d{2})\\/(\\d{4})$@', trim($_POST['W3EDateTO']), $date1)) { $toDate = "{$date1[3]}-{$date1[2]}-{$date1[1]}"; } $toDate .= ' 23:59:59'; //Clients if (isset($_POST['W3EClients'])) { for ($i = 0; $i < count($_POST['W3EClients']); $i++) { $_POST['W3EClients'][$i] = intval($_POST['W3EClients'][$i]); } $client = implode(',', $_POST['W3EClients']); } else { $client = null; } //Products if (isset($_POST['W3EProducts'])) { for ($i = 0; $i < count($_POST['W3EProducts']); $i++) { $_POST['W3EProducts'][$i] = intval($_POST['W3EProducts'][$i]); } $product = implode(',', $_POST['W3EProducts']); } else { $product = null; } //Servers if (isset($_POST['W3EServers'])) { for ($i = 0; $i < count($_POST['W3EServers']); $i++) { $_POST['W3EServers'][$i] = intval($_POST['W3EServers'][$i]); } $server = implode(',', $_POST['W3EServers']); } else { $server = null; } $fields = "mod_w3esxi.vmid,mod_w3esxi.id w3eid,\r\nmod_w3esxi_logs.date_logged,mod_w3esxi_logs.client_ip,mod_w3esxi_logs.user_agent,mod_w3esxi_logs.command_by,mod_w3esxi_logs.action,\r\ntblclients.firstname,tblclients.lastname,tblclients.id clientid,\r\ntblhosting.dedicatedip,tblhosting.id serviceid,\r\ntblproducts.name productname,tblproducts.configoption1 os,configoption2 otheros,tblproducts.id pid,\r\ntblservers.id serverid,tblservers.name servername,tblservers.ipaddress\r\n"; $query = "\r\nSELECT\r\n{W3E_FIELDS}\r\nFROM mod_w3esxi,tblclients,tblservers,tblhosting,tblproducts,mod_w3esxi_logs\r\nWHERE\r\nmod_w3esxi.id = mod_w3esxi_logs.w3e_id\r\nAND\r\ntblclients.id = tblhosting.userid\r\nAND\r\ntblhosting.id = mod_w3esxi_logs.serviceid\r\nAND\r\ntblproducts.id = tblhosting.packageid\r\nAND\r\ntblservers.id = tblhosting.server\r\n"; if ($client != null) { $query .= "\r\nAND\r\ntblclients.id IN ({$client}) "; } if ($server != null) { $query .= "\r\nAND\r\ntblservers.id IN ({$server}) "; } if ($product != null) { $query .= "\r\nAND\r\ntblproducts.id IN ({$product}) "; } if ($vmid != null) { $query .= "\r\nAND\r\nmod_w3esxi.vmid IN ({$vmid}) "; } if ($ip != null) { $query .= " AND tblhosting.dedicatedip = '{$ip}' "; } if ($clientip != null) { $query .= " AND mod_w3esxi_logs.client_ip = '{$clientip}' "; } if ($action != 'all') { $query .= " AND mod_w3esxi_logs.action = '{$action}' "; } $byArr = null; if ($byclient) { $byArr[] = "'client'"; } if ($byadmin) { $byArr[] = "'admin'"; } if (count($byArr) > 0) { $by = implode(',', $byArr); $query .= " AND mod_w3esxi_logs.command_by IN ({$by})"; } $query .= " AND mod_w3esxi_logs.date_logged BETWEEN '{$fromDate}' AND '{$toDate}' "; $query .= ' ORDER BY mod_w3esxi_logs.date_logged DESC '; $_SESSION['W3ELOGS'] = array(); $_SESSION['W3ELOGS']['query'] = str_replace('{W3E_FIELDS}', $fields, $query); $_SESSION['W3ELOGS']['pagination_query'] = str_replace('{W3E_FIELDS}', 'count(*) total', $query); $_SESSION['W3ELOGS']['items'] = $item; $html = $this->renderLogsTable(); $html .= $this->renderPagination('log'); return $html; }
<?php //DB connection include 'conn.php'; $year = $_POST["year"]; $sel_champ = $_POST["sel_champ"]; $year = mysql_real_escape_String($year); $sel_champ = mysql_real_escape_String($sel_champ); $champs_sql = "SELECT `eventID`, `name` FROM `event` WHERE `year` = {$year}"; $champs_result = mysql_query($champs_sql); while ($row = mysql_fetch_array($champs_result)) { $champ_id = $row["eventID"]; $champ_name = $row["name"]; if ($sel_champ != "test") { if ($champ_name == $sel_champ) { echo "<input type=\"radio\" value=\"{$champ_id}\" name=\"champ\" checked=\"checked\" /><label>{$champ_name}</label>"; } } else { echo "<input type=\"radio\" value=\"{$champ_id}\" name=\"champ\" /><label>{$champ_name}</label>"; } }
function GenerateAndSendVerificationCode($email, $url) { $code = substr(sha1(time() . rand() . $email . $_SERVER['REMOTE_ADDR']), 0, 10); @mysql_query('REPLACE Authors SET Email=\'' . mysql_real_escape_String($email) . '\', VerifyDate=NOW(), VerifyCode=\'' . mysql_real_escape_String($code) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>'); //Email verification link $mailed = mail($email, 'Verify your comment', 'To verify the comment you made on ' . $url . ' Click here to login and review your comments: ' . service_url . '/auth.php?email=' . urlencode($email) . '&code=' . $code, 'From: ' . service_email) or die('<div class="commentError">Failed to send verification email, try again</div>'); }
public function addLaboratoryTemplate($title, $template) { $con = mysql_connect($this->myHost, $this->username, $this->password); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db($this->database, $con); $sql = "INSERT INTO labResultList (title,template)\nVALUES\n('" . mysql_real_escape_String($title) . "','" . mysql_real_escape_string($template) . "')"; if (!mysql_query($sql, $con)) { die('Error: ' . mysql_error()); } /* echo "<script type='text/javascript' >"; echo "alert('$description was Successfully Added to the List of Charges in $category');"; echo "window.location='http://".$this->getMyUrl()."/Maintenance/addCharges.php?module=$category&username=$username '"; echo "</script>"; */ mysql_close($con); }
function writebody() { global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid; if (isset($_POST['keyword'])) { $keyword = mysql_real_escape_String($_POST['keyword']); if ($seo_on == 1) { $su = '' . $domain . '/search/'; } else { $su = '' . $domain . '/index.php?action=search'; } echo '<form action=\'' . $su . '\' method=\'POST\'> <table align=\'center\'> <tr> <td>Keyword(s):</td> <td><input type=\'text\' name=\'keyword\' size=\'45\' value=\'' . $keyword . '\'></td> </tr> <tr> <td colspan=\'2\' align=\'center\'><input type=\'submit\' name=\'submit\' value=\'Search\'></td> </tr> </table> </form> '; $r = mysql_query("SELECT * FROM fas_games WHERE name LIKE '%{$keyword}%'") or die(mysql_error()); echo '<table width=\'100%\' border=\'0\' align=\'center\'> <tr> <td colspan=\'2\' class=\'header\'>Search Games - ' . $keyword . '</td> </tr>'; $count = 0; while ($in = $db->fetch_row($r)) { $gamename = ereg_replace('[^A-Za-z0-9]', '-', $in['name']); if ($seo_on == 1) { $playlink = '' . $domain . '/play/' . $in['ID'] . '-' . $gamename . '.html'; } else { $playlink = '' . $domain . '/index.php?action=play&ID=' . $in['ID'] . ''; } if ($count % 2 == 0) { echo '<tr> <td width=\'50%\' valign=\'top\'> <table width=\'100%\' border=\'0\'> <tr> <td valign=\'top\' colspan=\'2\' class=\'header\'><b>' . $in['name'] . '</b></td> </tr> <tr> <td width=\'55\' height=\'55\' valign=\'top\' class=\'content\'> <a href=\'' . $playlink . '\'> '; if ($in['type'] == 1) { echo ' <img src=\'' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '\' width=\'55\' width=\'55\' border=\'0\'>'; } else { echo ' <img src=\'' . $in['thumburl'] . '\' width=\'55\' width=\'55\' border=\'0\'>'; } echo ' </a> </td> <td valign=\'top\' class=\'content\'>' . browsedesclimit($in['description']) . ' <a href=\'' . $playlink . '\' class=\'playlink\'><b>Play</b></a></td> </tr> </table> </td> '; } else { echo ' <td width=\'50%\' valign=\'top\'> <table width=\'100%\' border=\'0\'> <tr> <td valign=\'top\' colspan=\'2\' class=\'header\'><b>' . $in['name'] . '</b></td> </tr> <tr> <td width=\'55\' height=\'55\' valign=\'top\' class=\'content\'> <a href=\'' . $playlink . '\'> '; if ($in['type'] == 1) { echo ' <img src=\'' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '\' width=\'55\' width=\'55\' border=\'0\'>'; } else { echo ' <img src=\'' . $in['thumburl'] . '\' width=\'55\' width=\'55\' border=\'0\'>'; } echo ' </a> </td> <td valign=\'top\' class=\'content\'>' . browsedesclimit($in['description']) . ' <a href=\'' . $playlink . '\' class=\'playlink\'><b>Play</b></a></td> </tr> </table> </td> </tr>'; } $count++; } echo "</table>"; } else { if ($seo_on == 1) { $su = '' . $domain . '/search/'; } else { $su = '' . $domain . '/index.php?action=search'; } echo '<form action=\'' . $su . '\' method=\'POST\'> <table align=\'center\'> <tr> <td colspan=\'4\' class=\'header\'>Search</td> </tr> <tr> <td class=\'header\'>Keyword(s):</td> <td class=\'content\'><input type=\'text\' name=\'keyword\' size=\'45\'></td> </tr> <tr> <td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Search\'></td> </tr> </table> </form> '; } }
//Non verified comment $res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail) VALUES (' . $sid . ', \'' . mysql_real_escape_string($page) . '\', \'' . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\', NOW(), \'' . mysql_real_escape_string($commentText) . '\', \'' . mysql_real_escape_string($commentEmail) . '\' )') or die('<div class="commentError">' . mysql_error() . '</div>'); $id = mysql_insert_id(); if ($commentEmail) { //Get Author $verificationCode = TRUE; $res = @mysql_query('SELECT * FROM Authors WHERE Email=\'' . mysql_real_escape_String($commentEmail) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>'); $row = mysql_fetch_assoc($res); if ($row) { //Limit one verification email per day, unless already verified if ($row['VerifyCode'] !== NULL) { $vd = strtotime($row['VerifyDate']); if ($vd < time() + 3600 * 24) { echo '<div class="commentOk">Email verification already sent.</div>'; $verificationCode = FALSE; } } } //Create new VerifyCode if ($verificationCode === TRUE) { GenerateAndSendVerificationCode($commentEmail, $site['SiteUrl'] . $page); }