function DoTask()
{
global $GAME;
if ($GAME['MyColour'] == 50) {
$mypage = page::standard();
$mypage->title_body('Not playing in this game');
$mypage->leaf('p', 'You are not currently playing in this game, so unfortunately you cannot save notes on it. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$EscapedNotes = sanitise_str_fancy(@$_POST['GameNotes'], 1, 25000, STR_GPC | STR_ESCAPE_HTML);
if ($EscapedNotes[1] == 1) {
$mypage = page::standard();
$mypage->title_body('Notes too long');
$mypage->leaf('p', 'The notes you entered are too long. The limit is around 25, 000 characters (proviso: depending on the content you enter, the number of characters after the content is processed may vary slightly from that before). Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page. Here are the notes you entered:');
$mypage->leaf('textarea', $EscapedNotes[0], 'cols=80 rows=20');
$mypage->finish();
}
if ($EscapedNotes[1] == -1) {
dbquery(DBQUERY_WRITE, 'DELETE FROM "PlayerGameNotes" WHERE "Game" = :game: AND "User" = :user:'******'game', $GAME['GameID'], 'user', $GAME['PlayerUserID'][$GAME['MyColour']]);
} else {
dbquery(DBQUERY_WRITE, 'REPLACE INTO "PlayerGameNotes" ("Game", "User", "Notes") VALUES (:game:, :user:, :notes:)', 'game', $GAME['GameID'], 'user', $GAME['PlayerUserID'][$GAME['MyColour']], 'notes', $EscapedNotes[0]);
}
dbquery(DBQUERY_COMMIT);
page::redirect(3, 'board.php?GameID=' . $GAME['GameID'], 'Successfully saved notes.');
}
<?php
require '_std-include.php';
$mypage = page::standard();
if (isset($_POST['FormSubmit'])) {
require HIDDEN_FILES_PATH . 'sanitise_str_fancy.php';
$EscapedUserID = sanitise_int(@$_POST['Target']);
$EscapedContent = sanitise_str_fancy(@$_POST['TheEmail'], 6, 25000, STR_GPC | STR_EMAIL_FORMATTING | STR_CONVERT_ESCAPE_SEQUENCES | STR_STRIP_TAB_AND_NEWLINE);
$therow = dbquery(DBQUERY_READ_SINGLEROW, 'SELECT "Name", "UserValidated", "AllowContact", "Email", "Pronoun" FROM "User" WHERE "UserID" = :user:'******'user', $EscapedUserID);
if ($therow === 'NONE') {
die($unexpectederrormessage);
}
if (!$therow['UserValidated']) {
die($unexpectederrormessage);
}
$PostFailureTitle = false;
do {
if (!$_SESSION['LoggedIn']) {
$PostFailureTitle = 'Not logged in';
$PostFailureMessage = 'You may not contact ' . $therow['Name'] . ' by email, because you are not logged in. Please click <a href="index.php">here</a> to return to the Main Page. Here is the text of the message you entered:';
break;
}
if ($Banned) {
$PostFailureTitle = 'Banned';
$PostFailureMessage = 'You may not contact ' . $therow['Name'] . ' by email, because you are banned. Please click <a href="userdetails.php?UserID=' . $EscapedUserID . '">here</a> to visit ' . $therow['Name'] . '\'s User Details page, or <a href="index.php">here</a> to return to the Main Page. Here is the text of the message you entered:';
break;
}
if (!EMAIL_ENABLED) {
$PostFailureTitle = 'User email messaging disabled';
$PostFailureMessage = 'The user email messaging function has been disabled by an Administrator. Please click <a href="userdetails.php?UserID=' . $EscapedUserID . '">here</a> to visit this user\'s User Details page, or <a href="index.php">here</a> to return to the Main Page. Here is the text of the message you entered:';
break;
<?php
define('TEST_MODE', true);
require '_std-include.php';
require HIDDEN_FILES_PATH . 'sanitise_str_fancy.php';
if (!isset($_POST['FormSubmit']) or !isset($_POST['parentitem']) or !isset($_POST['description'])) {
die($unexpectederrormessage);
}
$Parent = sanitise_int($_POST['parentitem']);
$Description = sanitise_str_fancy($_POST['description'], 1, 750, STR_GPC | STR_STRIP_TAB_AND_NEWLINE);
if ($_POST['FormSubmit'] == 'Make changes') {
if (!isset($_POST['itemid']) or !isset($_POST['orderingnumber'])) {
die($unexpectederrormessage);
}
$Item = sanitise_int($_POST['itemid']);
$OrderingNumber = sanitise_int($_POST['orderingnumber'], SANITISE_NO_FLAGS, 0, 65535);
if ($Parent > 0) {
$QR = dbquery(DBQUERY_READ_RESULTSET, 'SELECT "OrderingNumber" FROM "ToDoListSubItem" WHERE "SubItemNumber" = :item: AND "Item" = :parent:', 'item', $Item, 'parent', $Parent);
} else {
$QR = dbquery(DBQUERY_READ_RESULTSET, 'SELECT "OrderingNumber" FROM "ToDoListItem" WHERE "ItemID" = :item:', 'item', $Item);
}
if ($QR === 'NONE') {
$mypage = page::standard();
$mypage->title_body('Item not found');
$mypage->leaf('p', 'Unable to find the specified item. Here is the item description you entered:');
$mypage->leaf('textarea', sanitise_str($_POST['description'], STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE), 'rows=8 cols=80');
$mypage->finish();
}
if ($Description[1] == 1) {
$mypage = page::standard();
$mypage->title_body('Item description too long');
}
$EscapedEmail = sanitise_str(@$_POST['Email'], STR_GPC | STR_ESCAPE_HTML | STR_TO_LOWERCASE);
$SPronoun = sanitise_enum(@$_POST['Pronoun'], array('He', 'She', 'It'));
$STimeLimitAUnits = sanitise_enum(@$_POST['TimeLimitAUnits'], array('minutes', 'hours', 'days'));
$STimeLimitBUnits = sanitise_enum(@$_POST['TimeLimitBUnits'], array('minutes', 'hours', 'days'));
switch ($SPronoun) {
case 'He':
$_SESSION['MyGenderCode'] = 0;
break;
case 'She':
$_SESSION['MyGenderCode'] = 1;
break;
case 'It':
$_SESSION['MyGenderCode'] = 2;
}
$EscapedStatement = sanitise_str_fancy(@$_POST['Statement'], 1, 50000, STR_GPC | STR_PERMIT_FORMATTING | STR_HANDLE_IMAGES | STR_PERMIT_ADMIN_HTML | STR_DISREGARD_GAME_STATUS);
$errors = false;
$errorlist = fragment::blank();
if ($EscapedStatement[1] == 1) {
$SetPSString = '';
$errors = true;
$errorlist->opennode('li');
$errorlist->text('That personal statement is too long. The limit is around 50, 000 characters (proviso: depending on the content you enter, the number of characters after the content is processed may vary slightly from that before). Here is the text you entered:');
$errorlist->emptyleaf('br');
$errorlist->emptyleaf('br');
$errorlist->leaf('textarea', sanitise_str($_POST['Statement'], STR_GPC | STR_ESCAPE_HTML), 'cols=80 rows=20');
$errorlist->closenode();
} else {
if ($EscapedStatement[1] == -1) {
$SetPSString = 'PersonalStatement = NULL, ';
} else {
<?php
$ThreadID = sanitise_int(@$_POST['WhichThread']);
$EscapedContent = sanitise_str_fancy(@$_POST['ThePost'], 6, 50000, STR_GPC | STR_PERMIT_FORMATTING | STR_HANDLE_IMAGES | STR_PERMIT_ADMIN_HTML);
$rowC = dbquery(DBQUERY_READ_SINGLEROW, 'SELECT "GeneralThread"."Closed", "NonGameThread"."Board", "Game"."GameID", "Game"."TalkRules", "Game"."GameStatus", "Game"."GameIsFinished", "Board"."AdminOnly" FROM "GeneralThread" LEFT JOIN "NonGameThread" ON "GeneralThread"."ThreadID" = "NonGameThread"."Thread" LEFT JOIN "Board" ON "NonGameThread"."Board" = "Board"."BoardID" LEFT JOIN "Game" ON "GeneralThread"."ThreadID" = "Game"."GameID" WHERE "GeneralThread"."ThreadID" = :threadid:', 'threadid', $ThreadID);
if ($rowC === 'NONE') {
die($unexpectederrormessage);
}
if (is_null($rowC['GameID'])) {
$wheretogo = 'threadview.php?ThreadID=' . $ThreadID;
$wheretosay = 'thread';
} else {
if ($rowC['GameStatus'] == 'Recruiting') {
$wheretogo = 'lobby.php?GameID=' . $rowC['GameID'];
$wheretosay = 'lobby page';
} else {
$wheretogo = 'board.php?GameID=' . $rowC['GameID'];
$wheretosay = 'game';
}
}
$PostFailureTitle = false;
do {
if ($rowC['GameStatus'] === 'Cancelled') {
$PostFailureTitle = 'Game cancelled';
$PostFailureMessage = 'The game has been cancelled. Please click <a href="index.php">here</a> to return to the Main Page. Here is the text of the message you entered:';
break;
}
if (!$Administrator and $rowC['AdminOnly']) {
$PostFailureTitle = 'Thread is not accessible to users';
$PostFailureMessage = 'This thread is not currently accessible to normal users. Please click <a href="index.php">here</a> to return to the Main Page. Here is the text of the message you entered:';
break;
$InUse = true;
} else {
$InUse = false;
}
if (@$_POST['orderingnumber']) {
$OrderingNumber = sanitise_int($_POST['orderingnumber'], SANITISE_NO_FLAGS, 0);
} else {
$OrderingNumber = dbquery(DBQUERY_READ_INTEGER, 'SELECT IFNULL((SELECT MAX("OrderingNumber") FROM "Phrase" WHERE "Module" = :module: AND "CurrentlyInUse" = :inuse:), 0) + 10 AS "NewOrderingNumber"', 'module', $ModuleID, 'inuse', $InUse);
}
if ($OrderingNumber > 65535) {
$OrderingNumber = 65535;
}
$EscapedPhraseInEnglish = sanitise_str_fancy($_POST['phrasetext'], 1, 500, STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$EscapedFormInUse = sanitise_str_fancy($_POST['forminuse'], 1, 500, STR_GPC | STR_STRIP_TAB_AND_NEWLINE);
$EscapedDescription = sanitise_str_fancy(@$_POST['description'], 1, 250, STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
$EscapedNotes = sanitise_str_fancy(@$_POST['notes'], 1, 250, STR_GPC | STR_ESCAPE_HTML | STR_STRIP_TAB_AND_NEWLINE);
if ($EscapedDescription[1] == -1) {
$EscapedDescription[0] = null;
}
if ($EscapedNotes[1] == -1) {
$EscapedNotes[0] = null;
}
$PostFailureTitle = false;
do {
if (!$_SESSION['LoggedIn']) {
$PostFailureTitle = 'Not logged in';
$PostFailureMessage = 'You are not logged in. Please log in and then return to the translation pages.';
break;
}
if ($Administrator < 2) {
$PostFailureTitle = 'Not authorised';
