function sec(&$array) { //如果是数组,遍历数组,递归调用 if (is_array($array)) { foreach ($array as $k => $v) { $array[$k] = sec($v); } } else { if (is_string($array)) { //使用addslashes函数来处理 $array = addslashes($array); str_check($array); } else { if (is_numeric($array)) { $array = intval($array); } } } return $array; }
function status_search_submit() { global $data, $smarty; if (!empty($_REQUEST['kingdom_id'])) { $search = 'kingdom_id'; $kingdom_id = abs((int) $_REQUEST['kingdom_id']); } elseif (!empty($_REQUEST['player_id'])) { $search = 'player_id'; $player_id = abs((int) $_REQUEST['player_id']); } elseif (!empty($_REQUEST['kingdom_name'])) { $search = 'kingdom_name'; $error = str_check($_REQUEST['kingdom_name'], array(3, 25, REGEXP_NAME)); if ($error) { $smarty->append('status', 'Invalid characters in kingdom name'); status_search(); exit; } $kingdom_name = $_REQUEST['kingdom_name']; } elseif (!empty($_REQUEST['player_name'])) { $search = 'player_name'; $error = str_check($_REQUEST['player_name'], array(3, 25, REGEXP_NAME)); if ($error) { $smarty->append('status', 'Invalid characters in player name'); status_search(); exit; } $player_name = $_REQUEST['player_name']; } else { status_search(); exit; } switch ($search) { case 'kingdom_id': $results = $data->kingdom($kingdom_id); break; case 'player_id': $results = $data->player($player_id); break; case 'kingdom_name': $db_query = "\n\t\t\t\tSELECT `kingdom_id` \n\t\t\t\tFROM `kingdoms` \n\t\t\t\tWHERE \n\t\t\t\t\t`round_id` = " . $_SESSION['round_id'] . " AND \n\t\t\t\t\t`name` LIKE '%" . $kingdom_name . "%'\n\t\t\t\tORDER BY `name` ASC"; $db_results = mysql_query($db_query); $kingdom_ids = array(); while ($db_row = mysql_fetch_array($db_results, MYSQL_ASSOC)) { $kingdom_ids[] = $db_row['kingdom_id']; } $results = $data->kingdom($kingdom_ids); break; case 'player_name': $db_query = "\n\t\t\t\tSELECT `player_id` \n\t\t\t\tFROM `players` \n\t\t\t\tWHERE \n\t\t\t\t\t`round_id` = " . $_SESSION['round_id'] . " AND \n\t\t\t\t\t`name` LIKE '%" . $player_name . "%'\n\t\t\t\tORDER BY `name` ASC"; $db_results = mysql_query($db_query); $player_ids = array(); while ($db_row = mysql_fetch_array($db_results, MYSQL_ASSOC)) { $player_ids[] = $db_row['player_id']; } $results = $data->player($player_ids); break; } $smarty->assign('results', $results); $smarty->assign('search', $search); status_search(); exit; }
function check_input() { $modes = array(); // Check kingdom mode to see what we're doing. if (in_array($this->round['teams'], array(TEAMS_SOLO, TEAMS_BOTH))) { $modes[] = 'independant'; } if (in_array($this->round['teams'], array(TEAMS_BOTH, TEAMS_TEAMS))) { $modes[] = 'createteam'; $modes[] = 'jointeam'; } if (!in_array($this->kingdom['mode'], $modes)) { $status[] = 'Invalid kingdom mode.'; $this->smarty->append('status', $status); return $this->returnform(); } $kingdom_strlen = strlen($this->kingdom['name']); $player_strlen = strlen($this->player['name']); $planet_strlen = strlen($this->planet['name']); // Check for valid bonus if independant and allowed if ($this->round['bonus'] == 0 && ($this->kingdom['mode'] == 'independant' && $this->round['teams'] != TEAMS_SOLO && ($this->planet['bonus'] < 0 || $this->planet['bonus'] > 1))) { $status[] = 'Invalid planet bonus selected.<br />'; } if ($this->kingdom['mode'] == 'independant') { if ($this->round['min_planets'] == $this->round['max_planets']) { $this->planets = $this->round['min_planets']; } elseif ($this->planets < $this->round['min_planets'] || $this->planets > $this->round['max_planets']) { $status[] = 'Invalid number of planets selected.<br />'; } } // Check kingdom, player, and planet names as needed. if (($this->kingdom['mode'] == 'independant' || $this->kingdom['mode'] == 'createteam') && ($error = str_check($this->kingdom['name'], array(3, 25, REGEXP_NAME)))) { $status[] = 'Kingdom name error: ' . implode(' ', $error) . '<br />'; } if ($error = str_check($this->player['name'], array(3, 25, REGEXP_NAME))) { $status[] = 'Player name error: ' . implode(' ', $error) . '<br />'; } if ($error = str_check($this->planet['name'], array(3, 25, REGEXP_NAME_PLANET))) { $status[] = 'Planet name error: ' . implode(' ', $error) . '<br />'; } // Check planet code length (if length != 32 then invalid) if ($this->kingdom['mode'] == 'jointeam' && ($error = str_check($this->planet['code'], array(32, 32)))) { $status[] = 'Planet code length incorrect.<br />'; } // Report errors before going on any further. if (!empty($status)) { $this->smarty->append('status', $status); return $this->returnform(); } // Check the database to see if their name(s) are already in use $this->sql->select(array('players', 'player_id')); $this->sql->where(array(array('players', 'round_id', $_SESSION['round_id']), array('players', 'name', $this->player['name']))); $db_result = $this->sql->execute(); if (mysql_num_rows($db_result) > 0) { $status[] = 'Player name "' . $this->player['name'] . '" already in use in this round.<br />'; } if ($this->kingdom['mode'] == 'independant' || $this->kingdom['mode'] == 'createteam') { $this->sql->select(array('kingdoms', 'kingdom_id')); $this->sql->where(array(array('kingdoms', 'round_id', $_SESSION['round_id']), array('kingdoms', 'name', $this->kingdom['name']))); $db_result = $this->sql->execute(); if (mysql_num_rows($db_result) > 0) { $status[] = 'Kingdom name "' . $this->kingdom['name'] . '" already in use in this round.<br />'; } } if (!empty($status)) { $this->smarty->append('status', $status); return $this->returnform(); } // All of the user input checked out; proceed to getting them into the round. $this->selectplanets(); }
function process_create() { $player = $this->data->player($_SESSION['player_id']); if ($player['rank'] < RANK_COMMANDER) { $this->smarty->append('status', 'Insufficient rank to create military groups.'); $this->create(); exit; } $planet_id = abs((int) request_variable('planet_id', 'post', 0)); $name = request_variable('name', 'post', ''); if (empty($planet_id)) { $status[] = 'Must select a planet for group.'; } else { $permission = permissions_check(PERMISSION_PLANET, $planet_id, 'military', false); if ($permission['military'] == false) { $status[] = 'You do not have permission to create groups on that planet'; } } if ($error = str_check($name, array(3, 20, REGEXP_NAME_PLANET))) { $status[] = 'Group name error: ' . implode(' ', $error) . '<br />'; } if (!empty($status)) { $this->smarty->append('status', $status); $this->create(); exit; } $planet = $this->data->planet($planet_id); $insert_group = array('round_id' => $_SESSION['round_id'], 'kingdom_id' => $_SESSION['kingdom_id'], 'player_id' => $planet['player_id'], 'planet_id' => $planet['planet_id'], 'name' => $name, 'units' => array()); if ($this->group_type == 'navy') { $this->sql->select(array(array('quadrants', 'x', 'x_quadrant'), array('quadrants', 'y', 'y_quadrant'), array('starsystems', 'x', 'x_starsystem'), array('starsystems', 'y', 'y_starsystem'))); $this->sql->where(array(array('starsystems', 'starsystem_id', $planet['starsystem_id']), array('quadrants', 'quadrant_id', $planet['quadrant_id']))); $db_result = $this->sql->execute(); $db_row = mysql_fetch_array($db_result, MYSQL_ASSOC); $x = $db_row['x_quadrant'] * 49 + $db_row['x_starsystem'] * 7 + $planet['x']; $y = $db_row['y_quadrant'] * 49 + $db_row['y_starsystem'] * 7 + $planet['y']; $insert_group = $insert_group + array('x_current' => $x, 'y_current' => $y, 'x_destination' => $x, 'y_destination' => $y, 'cargo' => array()); } $this->sql->execute($this->group_type . 'groups', $insert_group); $this->group_id = mysql_insert_id(); redirect('groups.php?fn=groups_view&group_id=' . $this->group_id . '&group_type=' . $this->group_type); }