function add_tags($tags, $gameid) { foreach ($tags as $tag_name) { $tag_count = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_tags WHERE tag_name = '{$tag_name}'"), 0); if ($tag_count == 0) { $seo_url = seoname($tag_name, 0, 'tag'); mysql_query("INSERT INTO ava_tags (tag_name, seo_url) VALUES ('{$tag_name}', '{$seo_url}')") or die(mysql_error()); } $mysql_tag = mysql_fetch_array(mysql_query("SELECT * FROM ava_tags WHERE tag_name = '{$tag_name}'")); mysql_query("INSERT INTO ava_tag_relations (game_id, tag_id) VALUES ({$gameid}, {$mysql_tag['id']})"); } }
function generate_seonames($table, $column, $type) { $sql = mysql_query("SELECT * FROM {$table} ORDER BY id ASC"); while ($row = mysql_fetch_array($sql)) { $seo_name = seoname($row[$column]); $seo_name_exists = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_seonames WHERE seo_name = '{$seo_name}' AND type = '{$type}'"), 0); if ($seo_name_exists >= 1) { $seo_name_count = mysql_fetch_array(mysql_query("SELECT uses FROM ava_seonames WHERE seo_name = '{$seo_name}' AND type = '{$type}'")); $number = $seo_name_count['uses'] + 1; $final_seo_name = $seo_name . '-' . $number; mysql_query("UPDATE {$table} SET seo_url = '{$final_seo_name}' WHERE id = {$row['id']}"); mysql_query("UPDATE ava_seonames SET uses = uses + 1 WHERE seo_name = '{$seo_name}'"); } else { mysql_query("UPDATE {$table} SET seo_url = '{$seo_name}' WHERE id = {$row['id']}"); mysql_query("INSERT INTO ava_seonames (seo_name, type, uses) VALUES ('{$seo_name}', '{$type}', 1)"); } } }
<?php $ct = 0; $sql = mysql_query("SELECT * FROM ava_users WHERE id != '1' ORDER BY 0+points desc LIMIT 5"); while ($row = mysql_fetch_array($sql)) { $ct = $ct + 1; $seo_name = seoname($row['username']); if (strlen($row['username']) > $template['player_module_max_chars']) { $name = substr($row['username'], 0, $template['player_module_max_chars']); //."..."; } else { $name = $row['username']; } $username = htmlspecialchars($name); $avatar = 'uploads/avatars/' . $row['avatar'] . ''; if ($setting['module_thumbs'] == 1) { $avatar = '<img class="sidebar_memberIMG" src="' . AvatarUrl($row['avatar'], $row['facebook'], $row['facebook_id']) . '" />'; } else { $avatar = ''; } if ($setting['seo_on'] == 0) { $url = 'index.php?task=profile&id=' . $row['id']; } else { $url = $setting['site_url'] . '/profile/' . $row['id'] . '/' . $seo_name . $setting['seo_extension']; } //show trophy for the top 3 players of the site and numbers for the 4th to the 10th. if ($ct == 1) { //first position echo '<li class="top_medals"><a href="' . $url . '">' . $avatar . '</a>'; echo '<div class="medalbox"><img class="medal_gold" src="' . $setting['site_url'] . '/templates/macaw/images/medal_gold.png" alt="" /></div>'; echo '<a href="' . $url . '">' . $username . '</a><br />';
<?php echo '<ul>'; if ($setting['seo_on'] == 0) { echo '<li><a href="' . $setting['site_url'] . '">Home</a></li> <li><a href="' . $setting['site_url'] . '/index.php?task=news">' . NEWS . '</a></li> <li><a href="' . $setting['site_url'] . '/rss.php">Subscribe</a></li> <li><a href="' . $setting['site_url'] . '/index.php?task=member_list">' . MEMBER_LIST . '</a></li> <li><a href="' . $setting['site_url'] . '/index.php?task=links">' . LINKS . '</a></li>'; } else { echo '<li><a href="' . $setting['site_url'] . '">Home</a></li> <li><a href="' . $setting['site_url'] . '/news">' . NEWS . '</a></li> <li><a href="' . $setting['site_url'] . '/rss.php">Subscribe</a></li> <li><a href="' . $setting['site_url'] . '/members">' . MEMBER_LIST . '</a></li> <li><a href="' . $setting['site_url'] . '/links/">' . LINKS . '</a></li>'; } $sql = mysql_query("SELECT * FROM ava_pages ORDER BY id desc LIMIT 10"); while ($row = mysql_fetch_array($sql)) { $seo_name = seoname($row['name']); if ($setting['seo_on'] == 0) { $url = 'index.php?task=page&id=' . $row['id']; } else { $url = 'page/' . $row['id'] . '/' . $seo_name; } echo '<li><a href="' . $setting['site_url'] . '/' . $url . '">' . $row['name'] . '</a></li>'; } echo '</ul>';
<?php // VIEW A PRIVATE MESSAGE defined('AVARCADE_') or die(''); if (isset($_COOKIE["ava_username"])) { $sql = mysql_query("SELECT * FROM ava_messages WHERE id= {$id}"); $row = mysql_fetch_array($sql); if ($user['id'] == $row['user_id']) { // Display the PM and the options echo '<div class="pm_header"> <div class="pm_subject">' . $row['title'] . '</div> <div class="pm_details"><strong>' . PM_FROM . ':</strong> <a href="' . $setting['site_url'] . '/index.php?task=profile&id=' . $row['sender_id'] . '">' . $row['sender_name'] . '</a> <strong>' . PM_DATE . ':</strong> ' . FormatDate($row['date'], 'time') . '</div></div> <div class="pm_message">' . $row['message'] . '</div>'; $profile_url = ProfileUrl($row['sender_id'], seoname($row['sender_name'])); echo ' <div class="pm_footer"> <p class="sub_button"><a href="' . $setting['site_url'] . '/index.php?task=send_message&id=' . $row['sender_id'] . '&re=' . $row['id'] . '">' . PM_REPLY . '</a></p> <p class="sub_button"><a href="' . $setting['site_url'] . '/index.php?task=messages&pm_task=delete&id=' . $row['id'] . '">' . PM_DELETE_MESSAGE . '</a></p> <p class="sub_button"><a href="' . $profile_url . '">' . PM_SENDER_PROFILE . '</a></p> <p class="sub_button"><a href="' . $setting['site_url'] . '/index.php?task=messages&pm_task=unread&id=' . $row['id'] . '">' . PM_MARK_UNREAD . '</a></p>'; if ($row['highscore_game_id'] == 0) { echo ' <p class="sub_button"><a href="#" onclick="ShowPopup(\'ava-popup\', \'' . $setting['site_url'] . '/includes/forms/pm_report_form.php?id=' . $row['id'] . '\', \'' . PM_REPORT . '\');return false">' . PM_REPORT . '</a></p>'; } echo '</div>'; if ($row['read'] == 0) { mysql_query("UPDATE ava_messages SET `read` = 1 WHERE id = {$row['id']} LIMIT 1"); // Update user messages counter $msg_count = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_messages WHERE user_id={$user['id']} AND `read`=0"), 0); $update = mysql_query("UPDATE ava_users SET messages={$msg_count} WHERE id='{$user['id']}'") or die(mysql_error()); } } else {
include '../../language/' . $setting['language'] . '.php'; $the_comment = mysql_secure($_POST['comment']); $id = intval($_POST['id']); if (isset($_COOKIE["ava_username"])) { $cookie_id = intval($_COOKIE["ava_userid"]); $code = preg_replace("/[^a-z,A-Z,0-9]/", "", $_COOKIE['ava_code']); $last_comment = mysql_query("SELECT last_comment FROM tbl_users WHERE id = {$cookie_id} AND last_comment > NOW() - INTERVAL 1 MINUTE"); if (mysql_num_rows($last_comment) == '0') { $user = mysql_query("SELECT * FROM tbl_users WHERE id=" . $cookie_id . ""); $user2 = mysql_fetch_array($user); if ($user2['password'] == $code) { $date = date("Y-m-d H:i:s"); mysql_query("INSERT INTO tbl_comments (user, comment, link_id, date, ip) VALUES ('{$cookie_id}', '{$the_comment}', '{$id}', '{$date}', '{$_SERVER['REMOTE_ADDR']}')"); $comment = array('username' => $user2['username'], 'content' => stripslashes(nl2br(strip_tags($_POST['comment']))), 'user_points' => $user2['points'], 'date' => FormatDate($date, 'time')); $comment['delete'] = ''; $seo_username = seoname($user2['username']); $comment['user_url'] = ProfileUrl($user2['id'], $user2['seo_url']); if ($user2['admin'] == 1) { $comment['delete'] = '<a href="#" onclick="DeleteNewsComment(' . mysql_insert_id() . ', ' . "'" . $setting['site_url'] . "'" . '); return false">Delete</a>'; $comment['report_button'] = '<a href="' . $setting['site_url'] . '/admin/?task=manage_users#page=1&ip=' . $_SERVER['REMOTE_ADDR'] . '"><img src="' . $setting['site_url'] . '/images/report.png" title="' . $_SERVER['REMOTE_ADDR'] . '" style="vertical-align:middle;"/></a>'; } else { if ($setting['report_permissions'] == "1" || $setting['report_permissions'] == "2" && $user['login_status'] == 1) { $comment['report_button'] = '<a href="#" onclick="ShowPopup(\'ava-popup\', \'' . $setting['site_url'] . '/includes/forms/comment_report_form.php?id=' . mysql_insert_id() . '&type=2\', \'Report comment\'); return false"><img src="' . $setting['site_url'] . '/images/report.png" title="' . REPORT . '" style="vertical-align:middle;"/></a>'; } else { $comment['report_button'] = ''; } $comment['delete'] = ''; //'<a href="#" onclick="DeleteComment(' . $row['id'] . ', ' . "'" . $setting['site_url'] . "'" . '); return false"><img src="' . $setting['site_url'] . '/images/report.png" title="' . $_SERVER[REMOTE_ADDR] . '" style="vertical-align:middle;"/></a>'; } if ($user2['usrAvatarType'] == '') { $comment['avatar_url'] = $setting['site_url'] . '/uploads/avatars/default.png';
$date = date("F j Y"); if (isset($_COOKIE['ava_ref'])) { $referrer = intval($_COOKIE['ava_ref']); } else { $referrer = 0; } $seo_url = seoname($username); // If email validation is off, instantly activate the account if ($setting['email_on'] == 0) { $sql = mysql_query("INSERT INTO ava_users (username, password, email, activate, joined, referrer, seo_url)\n \t\tVALUES('{$username}', '{$passwordpro}', '{$email}', '1', '{$date}', {$referrer}, '{$seo_url}')") or die(mysql_error()); $new_user = mysql_insert_id(); // If user was referred, give the referrer points if (isset($_COOKIE['ava_ref'])) { mysql_query("UPDATE ava_users SET points = points + {$setting['points_refer']} WHERE id= {$referrer}"); $date = date("F j Y, G:i"); $profile_url = ProfileUrl($new_user, seoname($username)); mysql_query("INSERT INTO ava_messages (user_id, sender_id, sender_name, title, message, date) \n\t\t\t\t\tVALUES ('{$referrer}', '{$new_user}', '{$username}', '{$username} " . REF_PM_TITLE . " {$setting['site_name']}', '{$username} " . REF_PM_MESSAGE . ": <a href=\"{$profile_url}\">{$profile_url}</a>', '{$date}')"); } echo VALIDATED; } else { $sql = mysql_query("INSERT INTO ava_users (username, password, email, joined, referrer, seo_url)\n \t\t\tVALUES('{$username}', '{$passwordpro}', '{$email}', '{$date}', {$referrer}, '{$seo_url}')") or die(mysql_error()); $userid = mysql_insert_id(); $data = array('email_address' => $email, 'to_username' => $username, 'subject' => EMAIL_REGISTER_HEADER . ' ' . $username, 'send_email' => 1); $data['validate_url'] = $setting['site_url'] . '/index.php?task=validate&id=' . $userid . '&code=' . $passwordpro; SendEmail($data, 'validate_email'); echo EMAIL4; // Email sent message } } } } else {
<?php if (isset($_COOKIE["ava_username"])) { $abcd = seoname($_COOKIE["ava_username"]); if ($setting['seo_on'] == 0) { $url = 'index.php?task=profile&id=' . $_COOKIE['ava_userid'] . ''; $message_url = 'index.php?task=messages'; } else { $url = 'profile/' . $_COOKIE['ava_userid'] . '/' . $abcd . ''; $message_url = 'messages'; } $new_messages = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_messages WHERE `read` = 0 AND user_id=" . $userid . ""), 0); echo '<b>' . $_COOKIE['ava_username'] . '</b> logged in' . $template['user_menu_seperator'] . '<img src="' . $setting['site_url'] . '/content/images/key.png"align="texttop" /> <a href="' . $setting['site_url'] . '/login.php?action=logout">' . LOGOUT . '</a>' . $template['user_menu_seperator'] . '<img src="' . $setting['site_url'] . '/content/images/newmessage.png" align="texttop" /> <a href="' . $setting['site_url'] . '/' . $message_url . '">' . MESSAGES . '</a> (' . $new_messages . ')' . $template['user_menu_seperator'] . '<img src="' . $setting['site_url'] . '/content/images/profile.png" align="texttop" /> <a href="' . $setting['site_url'] . '/' . $url . '">' . MY_PROFILE . '</a>'; $sql = mysql_query("SELECT * FROM ava_users WHERE id=" . $userid . ""); while ($row = mysql_fetch_array($sql)) { if ($row['admin'] == 1) { echo $template['user_menu_seperator'] . '<img src="' . $setting['site_url'] . '/content/images/admin.png"align="texttop" /> <a href=' . $setting['site_url'] . '/admin/>' . ADMIN . '</a>'; } } } else { if ($setting['play_limit'] == 1) { if ($setting['plays'] <= $_COOKIE["ava_plays"]) { echo '' . REGISTER_NOW . ' - '; } else { $left = $setting['plays'] - $_COOKIE["ava_plays"]; echo '' . YOU_HAVE . ' ' . $left . ' ' . YOU_HAVE2 . ' - '; } } echo '<strong><a href="' . $setting['site_url'] . '/index.php?task=login">' . LOGIN . '</a> | <a href="' . $setting['site_url'] . '/index.php?task=register">' . REGISTER . '</a></strong>'; }
function create_seoname($name, $id, $type) { $seo_name = seoname($name); // Game exists before now, has the name changed? if ($id != 0) { if ($type == 'game') { $game_info = mysql_fetch_array(mysql_query("SELECT name,seo_url FROM ava_games WHERE id = {$id}")); // If the name hasnt changed, return the current seo_url value if ($game_info['name'] == $name) { $seo_name = $game_info['seo_url']; return $seo_name; } } else { if ($type == 'category') { $cat_info = mysql_fetch_array(mysql_query("SELECT name,seo_url FROM ava_cats WHERE id = {$id}")); // If the name hasnt changed, return the current seo_url value if ($cat_info['name'] == $name) { $seo_name = $cat_info['seo_url']; return $seo_name; } } else { if ($type == 'news') { $news_info = mysql_fetch_array(mysql_query("SELECT title,seo_url FROM ava_news WHERE id = {$id}")); // If the name hasnt changed, return the current seo_url value if ($news_info['title'] == $name) { $seo_name = $news_info['seo_url']; return $seo_name; } } else { if ($type == 'page') { $page_info = mysql_fetch_array(mysql_query("SELECT name,seo_url FROM ava_pages WHERE id = {$id}")); // If the name hasnt changed, return the current seo_url value if ($page_info['name'] == $name) { $seo_name = $page_info['seo_url']; return $seo_name; } } else { if ($type == 'topic') { $topic_info = mysql_fetch_array(mysql_query("SELECT title,seo_url FROM ava_topics WHERE id = {$id}")); // If the name hasnt changed, return the current seo_url value if ($topic_info['title'] == $name) { $seo_name = $page_info['seo_url']; return $seo_name; } } else { if ($type == 'forum') { $forum_info = mysql_fetch_array(mysql_query("SELECT name,seo_url FROM ava_forums WHERE id = {$id}")); // If the name hasnt changed, return the current seo_url value if ($forum_info['name'] == $name) { $seo_name = $forum_info['seo_url']; return $seo_name; } } } } } } } } $seo_name_exists = mysql_result(mysql_query("SELECT COUNT(*) as Num FROM ava_seonames WHERE seo_name = '{$seo_name}' AND type = '{$type}'"), 0); if ($seo_name_exists >= 1) { $seo_name_count = mysql_fetch_array(mysql_query("SELECT uses FROM ava_seonames WHERE seo_name = '{$seo_name}' AND type = '{$type}'")); mysql_query("UPDATE ava_seonames SET uses = uses + 1 WHERE seo_name = '{$seo_name}' AND type = '{$type}'"); $number = $seo_name_count['uses'] + 1; $seo_name = $seo_name . '-' . $number; } else { mysql_query("INSERT INTO ava_seonames (seo_name, type, uses) VALUES ('{$seo_name}', '{$type}', 1)"); } return $seo_name; }
$user_exists = mysql_result(mysql_query("SELECT COUNT(*) FROM ava_users WHERE username = '******'"), 0); $username_valid = preg_match('/^[A-Za-z ][A-Za-z0-9 ]*(?:_[A-Za-z0-9 ]+)*$/', $_POST['username']); if ($user_exists == 1) { header("Location: {$setting['site_url']}/?task=facebook_register&e=1"); } else { if ($username_valid == false) { header("Location: {$setting['site_url']}/?task=facebook_register&e=3"); } else { // insert //echo 'nice username, shall use!'; $date = date("F j Y"); $random_pass = md5(uniqid(rand(), true)); $email = mysql_secure($fb_user['email']); $about = mysql_secure($fb_user['about']); $fbid = mysql_secure($fb_user['id']); $seo_url = seoname($username); mysql_query("INSERT INTO ava_users (username, password, email, activate, about, joined, facebook, facebook_id, seo_url)\n \t\tVALUES('{$username}', '{$random_pass}', '{$email}', '1', '{$about}', '{$date}', 1, '{$fbid}', '{$seo_url}')") or die(mysql_error()); $new_id = mysql_insert_id(); setcookie("ava_username", $username, time() + 60 * 60 * 24 * 100); setcookie("ava_code", $random_pass, time() + 60 * 60 * 24 * 100); setcookie("ava_userid", $new_id, time() + 60 * 60 * 24 * 100); header("Location: {$setting['site_url']}"); } } } else { header("Location: {$setting['site_url']}/?task=facebook_register&e=2"); } } } else { echo 'Could not get the Facebook session. Your server may not be able to connect to Facebook securely to retrieve the user information.'; }
<?php include '../../config.php'; include '../../includes/core.php'; include '../secure.php'; if ($login_status != 1) { exit; } $id = $_POST['id']; $old_details = mysql_fetch_array(mysql_query("SELECT * FROM ava_users WHERE id = {$id}")); $pass = str_replace(' ', '', $_POST['password']); if ($pass != '') { $password = md5($_POST['password']); mysql_query("UPDATE ava_users SET password = '******' WHERE id = {$id}") or die(mysql_error()); } $seo_url = seoname($_POST['username']); if ($setting['forums_installed'] == 1) { $fs = ", forum_signature = '" . mysql_real_escape_string($_POST['forum_signature']) . "'"; } else { $fs = ''; } mysql_query("UPDATE ava_users SET username='******'username']) . "', activate='" . mysql_secure($_POST['active']) . "', email='" . mysql_secure($_POST['email']) . "', location='" . mysql_secure($_POST['location']) . "', about='" . mysql_secure($_POST['about']) . "', website='" . mysql_secure($_POST['website']) . "', admin='" . mysql_secure($_POST['admin']) . "', avatar='" . mysql_secure($_POST['avatar']) . "', points='" . mysql_secure($_POST['points']) . "', seo_url='{$seo_url}' {$fs} WHERE id='" . mysql_secure($_POST['id']) . "'") or die(mysql_error()); if ($old_details['username'] != $_POST['username']) { mysql_query("UPDATE ava_posts SET username='******'username']) . "' WHERE username = '******'username']) . "'"); mysql_query("UPDATE ava_topics SET topic_starter='" . mysql_secure($_POST['username']) . "' WHERE topic_starter = '" . mysql_secure($old_details['username']) . "'"); mysql_query("UPDATE ava_topics SET last_post_user='******'username']) . "' WHERE last_post_user = '******'username']) . "'"); }
function TagUrl($tag, $page, $sort) { global $setting; if (!isset($sort)) { $sort = 'newest'; } $tag = seoname($tag); if ($page == 1 && $sort == 'newest') { if ($setting['seo_on'] == 0) { $tag_link = '/index.php?task=tag&t=' . $tag; } else { $tag_link = '/tag/' . $tag; } } else { if ($setting['seo_on'] == 0) { $tag_link = '/index.php?task=tag&t=' . $tag . '&sortby=' . $sort . '&page=' . $page; } else { $tag_link = '/tag/' . $tag . '/' . $sort . '/' . $page; } } return $setting['site_url'] . $tag_link; }