$qa_captcha_success = 1;
}
}
if (!isset($qa_captcha_success)) {
$qa_captcha_success = 0;
}
}
if ($setting['use_captcha'] != 1 && $setting['use_qa_captcha'] != 1) {
$captcha_success = 1;
$qa_captcha_success = 1;
}
// Get form data & secure where needed
$username = mysql_secure($_POST['username']);
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = mysql_secure($_POST['email']);
$username_valid = preg_match('/^[A-Za-z \\-][A-Za-z0-9 \\-]*(?:_[A-Za-z0-9 ]+)*$/', $_POST['username']);
// Check if all sections were submitted and display correct error
if (!$username || !$email || !$password || !$password2 || $password != $password2 || $captcha_success == 0 || $qa_captcha_success == 0 || $username_valid == false) {
echo '<div id="error_message">' . REG_ERROR1 . ':<br />';
if (!$username || $username_valid == false) {
echo REG_ERROR2 . "<br />";
}
if (!$email) {
echo REG_ERROR8 . "<br />";
}
if (!$password) {
echo REG_ERROR3 . "<br />";
}
if ($password != $password2) {
echo REG_ERROR4 . "<br />";
}
$auth_string .= $mochi['secret'];
$auth = md5($auth_string);
if ($auth == $_POST['signature']) {
$score = intval($_POST['score']);
$user = intval($_POST['userID']);
$leaderboard = mysql_secure($_POST['boardID']);
$gametag = mysql_secure($_POST['gameID']);
$get_game = mysql_fetch_array(mysql_query("SELECT id FROM ava_games WHERE mochi_id = '{$gametag}'"));
$check_for_prev_score = mysql_result(mysql_query("SELECT COUNT(*) AS Num FROM ava_highscores WHERE user = {$user} AND score = {$score} AND leaderboard = '{$leaderboard}'"), 0);
if ($check_for_prev_score == 0) {
$date = date("Y-m-d H:i:s");
mysql_query("INSERT INTO ava_highscores (game, score, user, date, leaderboard) VALUES ({$get_game['id']}, {$score}, {$user}, '{$date}', '{$leaderboard}')") or die(mysql_error);
mysql_query("UPDATE ava_users SET points = points + {$setting['points_highscore']} WHERE id = {$user}");
$leaderboard_exists = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_leaderboards WHERE game_id = {$get_game['id']} AND leaderboard_id = '{$leaderboard}'"), 0);
if ($leaderboard_exists == 0) {
// Was a leaderboard created with incorrect data?
$failed_leaderboard_exists = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_leaderboards WHERE game_id = {$get_game['id']} AND leaderboard_id = '0'"), 0);
if ($failed_leaderboard_exists == 1) {
mysql_query("UPDATE ava_leaderboards SET leaderboard_id = '{$leaderboard}' WHERE game_id = {$get_game['id']}");
mysql_query("UPDATE ava_highscores SET leaderboard = '{$leaderboard}' WHERE game = {$get_game['id']}");
} else {
$lb_name = mysql_secure($_POST['title']);
$lb_data = mysql_secure($_POST['datatype']);
$lb_order = mysql_secure($_POST['sortOrder']);
$lb_label = mysql_secure($_POST['scoreLabel']);
mysql_query("INSERT INTO ava_leaderboards (game_id, leaderboard_id, leaderboard_name, data_type, order_by, label) VALUES ({$get_game['id']}, '{$leaderboard}', '{$lb_name}', '{$lb_data}', '{$lb_order}', '{$lb_label}')") or die(mysql_error);
}
}
}
}
<?php
defined('AVARCADE_') or die('');
if ($user['login_status'] == 1 && $setting['allow_submissions'] == 1) {
if ($_POST) {
// If 'step' isn't set, we're doing the first step, game info
if (!isset($_GET['id'])) {
$strippedname = str_replace(" ", "-", $_POST['name']);
if ($strippedname != '' && $_POST['description'] != '' && $_POST['instructions'] != '') {
//Сheck that we have a file
$upload_image = upload_file('image', 'thumbnail', '5', $setting['submissions_folder'] . '/thumbnails');
if ($upload_image['success']) {
$name = mysql_secure($_POST['name']);
$description = mysql_secure($_POST['description']);
$instructions = mysql_secure($_POST['instructions']);
$tags = mysql_secure($_POST['tags']);
$category = intval($_POST['category']);
mysql_query("INSERT INTO ava_submissions (name, description, instructions, tags, thumbnail, category, user) VALUES ('{$name}', '{$description}', '{$instructions}', '{$tags}', '{$setting['site_url']}/{$upload_image['url']}', {$category}, {$user['id']})") or die(mysql_error());
$submission_id = mysql_insert_id();
echo '<div id="error_message">' . FILE_DISCLAIMER . '</div>';
include 'includes/forms/submit_game_file.php';
} else {
echo '<div id="error_message">' . $upload_image['error'] . '</div>';
include 'includes/forms/submit_game.php';
}
} else {
echo '<div id="error_message">' . SUBMIT_E_UNFILLED . '</div>';
include 'includes/forms/submit_game.php';
}
} else {
$submission_id = intval($_GET['id']);
if (!isset($_GET['page'])) {
$page = 1;
} else {
if ($_GET['page'] == '') {
$page = 1;
} else {
$page = intval($_GET['page']);
}
}
$max_results = 10;
$from = $page * $max_results - $max_results;
$lb_count = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_leaderboards WHERE game_id = {$id} LIMIT 1"), 0);
if ($lb_count != 0) {
$leaderboard = mysql_query("SELECT * FROM ava_leaderboards WHERE game_id = {$id}");
if (isset($_GET['lb_id'])) {
$lb_id = mysql_secure($_GET['lb_id']);
} else {
$lb_id = 0;
}
echo '<div class="highscore_title">' . LEADERBOARD . ': <select name="leaderboard" id="leaderboard_select" onchange="HighscorePage(' . $id . ', 1, \'\', \'' . $setting['site_url'] . '\', 1); return false">';
while ($leaderboards_q = mysql_fetch_array($leaderboard)) {
if ($leaderboards_q['leaderboard_id'] == $lb_id) {
echo '<option value="' . $leaderboards_q['leaderboard_id'] . '" selected>' . $leaderboards_q['leaderboard_name'] . '</option>';
$get_leaderboard = $leaderboards_q;
} else {
echo '<option value="' . $leaderboards_q['leaderboard_id'] . '">' . $leaderboards_q['leaderboard_name'] . '</option>';
if (!isset($get_leaderboard) && (!isset($_GET['lb_id']) || $_GET['lb_id'] == 'unspecified')) {
$get_leaderboard = $leaderboards_q;
}
}
}
$username = mysql_secure($_POST['username']);
$user_exists = mysql_result(mysql_query("SELECT COUNT(*) FROM ava_users WHERE username = '******'"), 0);
$username_valid = preg_match('/^[A-Za-z ][A-Za-z0-9 ]*(?:_[A-Za-z0-9 ]+)*$/', $_POST['username']);
if ($user_exists == 1) {
header("Location: {$setting['site_url']}/?task=facebook_register&e=1");
} else {
if ($username_valid == false) {
header("Location: {$setting['site_url']}/?task=facebook_register&e=3");
} else {
// insert
//echo 'nice username, shall use!';
$date = date("F j Y");
$random_pass = md5(uniqid(rand(), true));
$email = mysql_secure($fb_user['email']);
$about = mysql_secure($fb_user['about']);
$fbid = mysql_secure($fb_user['id']);
$seo_url = seoname($username);
mysql_query("INSERT INTO ava_users (username, password, email, activate, about, joined, facebook, facebook_id, seo_url)\n \t\tVALUES('{$username}', '{$random_pass}', '{$email}', '1', '{$about}', '{$date}', 1, '{$fbid}', '{$seo_url}')") or die(mysql_error());
$new_id = mysql_insert_id();
setcookie("ava_username", $username, time() + 60 * 60 * 24 * 100);
setcookie("ava_code", $random_pass, time() + 60 * 60 * 24 * 100);
setcookie("ava_userid", $new_id, time() + 60 * 60 * 24 * 100);
header("Location: {$setting['site_url']}");
}
}
} else {
header("Location: {$setting['site_url']}/?task=facebook_register&e=2");
}
}
} else {
echo 'Could not get the Facebook session. Your server may not be able to connect to Facebook securely to retrieve the user information.';
<?php
$userid = intval($_GET['id']);
$code = mysql_secure($_GET['code']);
if (isset($_GET['code'])) {
$code_check = mysql_query("SELECT * FROM ava_users WHERE id='{$userid}' AND password='******' AND activate = ''");
$check = mysql_num_rows($code_check);
if ($check == 1) {
mysql_query("UPDATE ava_users SET activate='1' WHERE id='{$userid}' AND password='******'");
$user = mysql_fetch_array($code_check);
if ($user['referrer'] != 0) {
mysql_query("UPDATE ava_users SET points = points + {$setting['points_refer']} WHERE id= {$user['referrer']}");
$new_user = $userid;
$date = date("F j Y, G:i");
$profile_url = ProfileUrl($new_user, seoname($username));
mysql_query("INSERT INTO ava_messages (user_id, sender_id, sender_name, title, message, date) \n\t\t\tVALUES ('{$user['referrer']}', '{$new_user}', '{$user['username']}', '{$user['username']} " . REF_PM_TITLE . " {$setting['site_name']}', '{$user['username']} " . REF_PM_MESSAGE . ": <a href=\"{$profile_url}\">{$profile_url}</a>', '{$date}')");
}
echo '<div id="error_message">' . VALIDATED . '</div>';
} else {
echo '<div id="error_message">Invalid code for that user</div>';
}
} else {
echo '<div id="error_message">Invalid codez</div>';
}
?>
echo $game['name'];
} else {
if ($_GET['task'] == 'category') {
echo $cat_info['name'];
} else {
if ($_GET['task'] == 'send_message') {
if (isset($_GET['id'])) {
$sql = mysql_query("SELECT * FROM ava_users WHERE id=" . $id);
$row = mysql_fetch_array($sql);
echo PM_SENDING . ' ' . $row['username'];
} else {
echo 'Page not found';
}
} else {
if ($_GET['task'] == 'tag') {
$tag = mysql_secure($_GET['t']);
$get_tag = mysql_fetch_array(mysql_query("SELECT tag_name FROM ava_tags WHERE seo_url = '{$tag}'"));
if (isset($get_tag['tag_name'])) {
echo TAG_TITLE . ': ' . $get_tag['tag_name'];
} else {
echo PAGE_NOT_FOUND;
}
} else {
if ($setting['forums_installed'] == 1) {
if ($_GET['task'] == 'topic') {
echo $topic['title'];
} elseif ($_GET['task'] == 'forums') {
echo 'Forums';
} elseif ($_GET['task'] == 'forum') {
echo $forum['name'];
} elseif ($_GET['task'] == 'forum_search') {
include 'includes/view_game/view_game_main.inc.php';
} else {
if ($_GET['task'] == 'profile') {
include 'includes/profile/profile_main.inc.php';
} else {
if ($_GET['task'] == 'category') {
include 'includes/category/category_header.inc.php';
} else {
if ($_GET['task'] == 'news') {
include 'includes/news/news_header.inc.php';
} else {
if ($_GET['task'] == 'view_page') {
if (isset($_GET['id'])) {
$get_page_data = mysql_query("SELECT * FROM ava_pages WHERE id = {$id}");
} else {
$name = mysql_secure($_GET['name']);
$get_page_data = mysql_query("SELECT * FROM ava_pages WHERE seo_url= '{$name}'");
}
$page = mysql_fetch_array($get_page_data);
if (!isset($page['name'])) {
header("HTTP/1.0 404 Not Found");
include 'includes/misc/404.php';
exit;
}
}
}
}
}
}
}
// Include the correct template page
<?php
defined('AVARCADE_') or die('');
if (isset($_GET['id'])) {
if ($user['login_status'] == 1) {
$last_comment = mysql_query("SELECT last_pm FROM ava_users WHERE id = {$user['id']} AND last_pm > NOW() - INTERVAL 1 MINUTE");
if (mysql_num_rows($last_comment) == '0' || $user['admin'] == 1) {
if (isset($_GET['done'])) {
if ($_POST['message_title'] == "") {
$subject = PM_NO_SUBJECT;
} else {
$subject = mysql_secure($_POST['message_title']);
}
$message = mysql_secure($_POST['message']);
SendPM($subject, $message, $id);
$date = date("Y-m-d H:i:s");
mysql_query("UPDATE ava_users SET last_pm = '{$date}' WHERE id = {$user['id']}") or die(mysql_error());
echo PM_MESSAGE_SENT . '<br /><br />
<a href="' . $setting['site_url'] . '/index.php?task=profile&id=' . $id . '">' . PM_RETURN_TO_PROFILE . '</a><br />
<a href="' . $setting['site_url'] . '/index.php?task=messages">' . PM_RETURN_TO_INBOX . '</a>';
$subject = secure($_POST['message_title']);
$message = secure($_POST['message']);
$to_user = mysql_fetch_array(mysql_query("SELECT username,email,email_new_message from ava_users WHERE id = {$id}"));
$data = array('to_username' => $to_user['username'], 'email_address' => $to_user['email'], 'from_username' => $user['username'], 'from_avatar' => $user['avatar'], 'message' => $message, 'message_title' => $subject, 'subject' => $user['username'] . ' ' . EMAIL_MESSAGE_INTRO, 'send_email' => $to_user['email_new_message']);
if ($setting['seo_on'] != 0) {
$data['message_url'] = $setting['site_url'] . '/messages';
} else {
$data['message_url'] = $setting['site_url'] . '/?task=messages';
}
SendEmail($data, 'new_message');
} else {
<?php
$therow = 0;
if ($_GET['q'] && $_GET['q'] != 'Search...') {
if (!isset($_GET['page'])) {
$page = 1;
} else {
$page = $_GET['page'];
}
$from = $page * $template['games_per_page'] - $template['games_per_page'];
$trimmed = mysql_secure($_GET['q']);
$total_results_search = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_games WHERE description like \"%{$trimmed}%\" OR name like \"%{$trimmed}%\" AND published=1"), 0);
if ($trimmed == "" or $trimmed == 'Search...') {
echo '<div id="error_message">' . NOSEARCH . '</div>';
include 'includes/forms/search_form.php';
} else {
if ($total_results_search == 0) {
echo '<div id="error_message">' . NORESULTS . '</div>';
include 'includes/forms/search_form.php';
} else {
$sql = mysql_query("SELECT * FROM ava_games WHERE description like \"%{$trimmed}%\" OR name like \"%{$trimmed}%\" AND published=1\n \t\t\tORDER BY id DESC LIMIT {$from}, {$template['games_per_page']}");
echo '<div class="BOXGAMES_HORIZON" style="margin-top: 10px; display: block;"><ul>';
while ($row = mysql_fetch_array($sql)) {
$therow = $therow + 1;
$game = GameData($row, 'category');
include '.' . $setting['template_url'] . '/' . $template['search_game'];
if ($therow == $template['category_columns']) {
echo '<br style="clear: both"/>';
$therow = 0;
}
}
if ($user['login_status'] != 0) {
if (isset($_POST['location'])) {
$location = mysql_secure($_POST['location']);
$interests = mysql_secure($_POST['interests']);
$about = mysql_secure($_POST['about']);
$email_new_message = intval($_POST['email_new_message']);
$email_friend_request = intval($_POST['email_friend_request']);
$email_highscore_challenge = intval($_POST['email_highscore_challenge']);
if (strpos($_POST['website'], "http://") === false) {
$website = 'http://' . $_POST['website'];
} else {
$website = $_POST['website'];
}
$website = mysql_secure($website);
if (isset($_POST['mbbc-editor'])) {
$forum_signature = ", forum_signature = '" . mysql_secure($_POST['mbbc-editor'], 0) . "'";
} else {
$forum_signature = '';
}
mysql_query("UPDATE ava_users SET location='{$location}', interests='{$interests}', about='{$about}', website='{$website}', email_new_message = {$email_new_message}, email_friend_request = {$email_friend_request}, email_highscore_challenge = {$email_highscore_challenge} {$forum_signature} WHERE id='{$user['id']}'") or die(mysql_error());
$pass = str_replace(' ', '', $_POST['new_password']);
if ($pass != '') {
$password = md5($_POST['new_password']);
mysql_query("UPDATE ava_users SET password='******' WHERE id= {$user['id']}") or die(mysql_error());
}
echo '<div id="error_message">' . PROFILE_UPDATED . "</div>";
} else {
if (isset($_GET['done']) && $_GET['done'] == 'avatar') {
include 'avatar_upload.php';
}
}
$reset_code = mysql_secure($_GET['reset_code']);
$valid_details = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_users WHERE id='{$id}' AND password='******'"), 0);
if ($valid_details == 1) {
echo '<div id="error_message">' . LP_MSG1 . '</div>';
if (isset($template['lost_password_form2'])) {
include '.' . $setting['template_url'] . '/' . $template['lost_password_form2'];
} else {
include 'includes/forms/lost_password_form2.php';
}
} else {
echo '<div id="error_message">' . LP_ERROR2 . '</div>';
}
} else {
if (isset($_GET['step']) && $_GET['step'] == 4) {
$id = intval($_GET['id']);
$reset_code = mysql_secure($_GET['reset_code']);
$valid_details = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_users WHERE id='{$id}' AND password='******'"), 0);
if ($valid_details == 1) {
if ($_POST['password1'] == $_POST['password2'] && $_POST['password1'] != '') {
$new_password = md5($_POST['password1']);
mysql_query("UPDATE ava_users SET password='******' WHERE id={$id}");
echo '<div id="error_message">' . LP_SUCCESS . '</div>';
} else {
echo '<div id="error_message">' . LP_ERROR3 . '</div>';
include 'includes/forms/lost_password_form2.php';
}
} else {
echo '<div id="error_message">' . LP_ERROR2 . '</div>';
}
} else {
if (isset($template['lost_password_form'])) {
<?php
include '../../config.php';
include '../../includes/core.php';
include '../../language/' . $setting['language'] . '.php';
$cookie_id = intval($_COOKIE["ava_userid"]);
$code = preg_replace("/[^a-z,A-Z,0-9]/", "", $_COOKIE['ava_code']);
$friend_id = intval($_POST['friend_id']);
$leaderboard_id = mysql_secure($_POST['leaderboard']);
$game_id = intval($_POST['game_id']);
$get_user = mysql_query("SELECT * FROM ava_users WHERE id= {$cookie_id}");
$user = mysql_fetch_array($get_user);
$are_friends = mysql_num_rows(mysql_query("SELECT * FROM ava_friends WHERE user1 = {$cookie_id} AND user2 = {$friend_id}"));
if ($user['password'] == $code && $user['banned'] == 0 && $are_friends == 1) {
if ($leaderboard_id == 'latest') {
$score = mysql_query("SELECT * FROM ava_highscores WHERE user = {$user['id']} AND game = {$game_id} ORDER BY id DESC LIMIT 1");
$highscore = mysql_fetch_array($score);
$leaderboard = mysql_fetch_array(mysql_query("SELECT * FROM ava_leaderboards WHERE leaderboard_id = '{$highscore['leaderboard']}' AND game_id = {$game_id}"));
} else {
$leaderboard = mysql_fetch_array(mysql_query("SELECT * FROM ava_leaderboards WHERE leaderboard_id = '{$leaderboard_id}' AND game_id = {$game_id}"));
$score = mysql_query("SELECT * FROM ava_highscores WHERE user = {$user['id']} AND game = {$game_id} AND leaderboard = '{$leaderboard_id}' ORDER BY score {$leaderboard['order_by']} LIMIT 1");
$highscore = mysql_fetch_array($score);
}
$already_challenged = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_messages WHERE highscore_game_id = {$highscore['game']}"), 0);
if ($already_challenged == 0) {
$game = mysql_fetch_array(mysql_query("SELECT * FROM ava_games WHERE id = {$game_id}"));
$subject = CHALLENGE_PM_SUBJECT1 . " {$highscore['score']} " . CHALLENGE_PM_SUBJECT2 . " {$game['name']}";
$game_thumbnail = GameImageUrl($game['image'], $game['import'], $game['url']);
$game_url = GameUrl($game['id'], $game['seo_url'], $game['category_id']);
$get_to_user = mysql_query("SELECT * FROM ava_users WHERE id= {$friend_id}");
$to_user = mysql_fetch_array($get_to_user);
<?php
defined('AVARCADE_') or die('');
if (isset($_GET['name'])) {
$seo_url = mysql_secure($_GET['name']);
$sql = mysql_query("SELECT * FROM ava_users WHERE seo_url='" . $seo_url . "'");
} else {
$sql = mysql_query("SELECT * FROM ava_users WHERE id='" . $id . "'");
}
$user_exists = mysql_num_rows($sql);
if ($user_exists != 1) {
header("HTTP/1.0 404 Not Found");
include 'includes/misc/404.php';
exit;
}
$row = mysql_fetch_array($sql);
$profile = array();
$profile['name'] = $row['username'];
$id = $row['id'];
if ($row['location'] == '') {
$profile['location'] = PROFILE_NO_INFO;
} else {
$profile['location'] = $row['location'];
}
if ($row['website'] == '') {
$profile['website'] = PROFILE_NO_INFO;
} else {
$profile['website'] = $row['website'];
}
if ($row['website'] == '') {
$profile['website_link'] = PROFILE_NO_INFO;
$len = strlen($setting['site_url']);
if (substr($prevpage, 0, $len) === $setting['site_url']) {
$prevpage = $_COOKIE['ava_lastpage'];
} else {
$prevpage = $setting['site_url'];
}
} else {
$prevpage = $setting['site_url'];
}
if (isset($_GET["done"])) {
session_start();
if (!$_POST['username'] || !$_POST['password']) {
// User did not type a username and password
header("Location: index.php?task=login&em=1");
} else {
$username = mysql_secure($_POST['username']);
$password = md5($_POST['password']);
$sql = mysql_query("SELECT * FROM ava_users WHERE username='******' AND password='******' AND activate='1'");
$login_check = mysql_num_rows($sql);
if ($login_check > 0) {
$row = mysql_fetch_array($sql);
$user_id = $row['id'];
if (isset($_POST['remember'])) {
setcookie("ava_username", $username, time() + 60 * 60 * 24 * 100);
setcookie("ava_code", $password, time() + 60 * 60 * 24 * 100);
setcookie("ava_userid", $user_id, time() + 60 * 60 * 24 * 100);
} else {
setcookie("ava_username", $username);
setcookie("ava_code", $password);
setcookie("ava_userid", $user_id);
}
<?php
if (isset($_POST['id']) && isset($_POST['report'])) {
$userid = intval($_COOKIE['ava_userid']);
include '../../../config.php';
include '../../core.php';
include '../../..' . $setting['template_url'] . '/template_settings.php';
$the_report = mysql_secure($_POST['report']);
$id = intval($_POST['id']);
$type = intval($_POST['type']);
$ip = $_SERVER['REMOTE_ADDR'];
if (isset($_COOKIE["ava_username"])) {
$cookie_id = intval($_COOKIE["ava_userid"]);
$code = preg_replace("/[^a-z,A-Z,0-9]/", "", $_COOKIE['ava_code']);
$user = mysql_query("SELECT * FROM ava_users WHERE id=" . $cookie_id . "");
$user2 = mysql_fetch_array($user);
if ($user2['password'] == $code && $user2['banned'] == 0) {
mysql_query("INSERT INTO ava_reported (id, user, report, link_id, ip, type) VALUES ('', '{$cookie_id}', '{$the_report}', '{$id}', '{$ip}', '{$type}')");
}
} else {
mysql_query("INSERT INTO ava_reported (id, user, report, link_id, ip, type) VALUES ('', '0', '{$the_report}', '{$id}', '{$ip}', '{$type}')");
}
}
echo '';
$therow = 0;
}
}
echo '</ul>';
echo '</div>';
echo '<div class="paginationBOX">';
if ($total_results != 0) {
$count_sql = mysql_query("\n\tSELECT *\n\tFROM ava_tag_relations bt, ava_games b, ava_tags t\n\tWHERE bt.tag_id = t.id\n\tAND t.seo_url = '{$get_tag}'\n\tAND b.id = bt.game_id\n\tAND b.published = 1\n\tGROUP BY b.id\n\tORDER BY b.{$sort}\n\t") or die(mysql_error());
$total_results = mysql_num_rows($count_sql);
$total_pages = ceil($total_results / $template['games_per_page']);
} else {
$total_pages = 1;
}
if (isset($_GET['sortby'])) {
$sortby = mysql_secure($_GET['sortby']);
} else {
$sortby = 'newest';
}
if ($page > 1) {
$prev = $page - 1;
$url = TagUrl($get_tag, $prev, $sortby);
echo '<a href="' . $url . '">« ' . PREVIOUS . '</a> ';
}
if ($page > 4) {
$url = TagUrl($get_tag, 1, $sortby);
echo '<a href="' . $url . '">1</a> ';
}
if ($page > 5) {
$url = TagUrl($get_tag, 2, $sortby);
echo '<a href="' . $url . '">2</a> ... ';
<?php
if (isset($_POST['id']) && isset($_POST['comment'])) {
$userid = intval($_COOKIE['ava_userid']);
include '../../../config.php';
include '../../core.php';
include '../../..' . $setting['template_url'] . '/template_settings.php';
$the_comment = mysql_secure($_POST['comment'], 0);
$id = intval($_POST['id']);
if (isset($_COOKIE["ava_username"])) {
$cookie_id = intval($_COOKIE["ava_userid"]);
$code = preg_replace("/[^a-z,A-Z,0-9]/", "", $_COOKIE['ava_code']);
$last_comment = mysql_query("SELECT last_comment FROM ava_users WHERE id = {$cookie_id} AND last_comment > NOW() - INTERVAL 1 MINUTE");
if (mysql_num_rows($last_comment) == '0') {
$user = mysql_query("SELECT * FROM ava_users WHERE id=" . $cookie_id . "");
$user2 = mysql_fetch_array($user);
if ($user2['password'] == $code && $user2['banned'] == 0) {
$date = date("Y-m-d H:i:s");
mysql_query("INSERT INTO ava_news_comments (user, comment, link_id, date, ip) VALUES ('{$cookie_id}', '{$the_comment}', '{$id}', '{$date}', '{$_SERVER['REMOTE_ADDR']}')");
$comment = array('username' => $user2['username'], 'content' => stripslashes(nl2br(htmlspecialchars($_POST['comment']))), 'user_points' => $user2['points'], 'date' => FormatDate($date, 'time'));
$comment['delete'] = '';
$comment['report_button'] = '';
$comment['user_url'] = ProfileUrl($user2['id'], $user2['seo_url']);
if ($user2['avatar'] == '') {
if ($user2['facebook'] == 1) {
$comment['avatar_url'] = 'http://graph.facebook.com/' . $user2['facebook_id'] . '/picture';
} else {
$comment['avatar_url'] = $setting['site_url'] . '/uploads/avatars/default.png';
}
} else {
$comment['avatar_url'] = $setting['site_url'] . '/uploads/avatars/' . $user2['avatar'];
<?php
include '../../config.php';
include '../../includes/core.php';
include '../secure.php';
if ($login_status != 1) {
exit;
}
$id = $_POST['id'];
$old_details = mysql_fetch_array(mysql_query("SELECT * FROM ava_users WHERE id = {$id}"));
$pass = str_replace(' ', '', $_POST['password']);
if ($pass != '') {
$password = md5($_POST['password']);
mysql_query("UPDATE ava_users SET password = '******' WHERE id = {$id}") or die(mysql_error());
}
$seo_url = seoname($_POST['username']);
if ($setting['forums_installed'] == 1) {
$fs = ", forum_signature = '" . mysql_real_escape_string($_POST['forum_signature']) . "'";
} else {
$fs = '';
}
mysql_query("UPDATE ava_users SET username='******'username']) . "', activate='" . mysql_secure($_POST['active']) . "', email='" . mysql_secure($_POST['email']) . "', location='" . mysql_secure($_POST['location']) . "', about='" . mysql_secure($_POST['about']) . "', website='" . mysql_secure($_POST['website']) . "', admin='" . mysql_secure($_POST['admin']) . "', avatar='" . mysql_secure($_POST['avatar']) . "', points='" . mysql_secure($_POST['points']) . "', seo_url='{$seo_url}' {$fs} WHERE id='" . mysql_secure($_POST['id']) . "'") or die(mysql_error());
if ($old_details['username'] != $_POST['username']) {
mysql_query("UPDATE ava_posts SET username='******'username']) . "' WHERE username = '******'username']) . "'");
mysql_query("UPDATE ava_topics SET topic_starter='" . mysql_secure($_POST['username']) . "' WHERE topic_starter = '" . mysql_secure($old_details['username']) . "'");
mysql_query("UPDATE ava_topics SET last_post_user='******'username']) . "' WHERE last_post_user = '******'username']) . "'");
}
