}
?>
<div id="main">
<?php
$smackheader = 0;
while ($post = mysql_fetch_array($comments)) {
if (0 == $smackheader) {
echo "<div id='smacktalk'><h2>Latest Smack Talk</h2><div class='messages'><table width='100%'>";
$smackheader = 1;
}
echo "<tr><td><span class='postername' >" . stripslashes($post['from']) . ":</span> <a class='teaser' href=\"view.php?id=" . stripslashes($post['bracket']) . "#comments\">" . substr(stripslashes($post['content']), 0, 250);
if (strlen($post['content']) > 250) {
echo "...";
}
echo "</a></td><td><div class='bracketName'><a href=\"view.php?id=" . $post['bracket'] . "#comments\">" . stripslashes($post['name']) . "</a> - <span class='date'>" . timeBetween(strtotime($post['time']), time()) . "</span></div></td></tr>\n";
}
if ($smackheader) {
echo "</table></div></div>";
}
?>
<div class="right_side">
<?php
include "sidebar.php";
?>
</div>
<div class="left_side">
<?php
if (isset($_SESSION['success'])) {
?>
<div class="success"><?php
include 'bracket_view_module.php';
viewBracket($meta, $picks, $team_data, $rank, $score_data, $best_data);
?>
<div id="smacktalk" class="full">
<a name="comments"></a>
<h2>Smack Talk</h2><h3></h3>
<div class="messages" style="max-height: 100%;">
<table width="100%">
<?php
$posts = "SELECT c.time, c.content, c.from, c.bracket FROM `comments` c WHERE `bracket`={$id}";
$posts = mysql_query($posts, $db);
while ($post = mysql_fetch_array($posts)) {
echo "<tr valign='top'><td nowrap><span class='postername' >" . stripslashes($post['from']) . ":</span></td><td>" . stripslashes($post['content']);
echo "</td><td nowrap><span class='date'>" . timeBetween(strtotime($post['time']), time()) . "</span></td></tr>\n";
}
$query = "SELECT * FROM `brackets` WHERE `email` = '" . $_COOKIE['useremail'] . "' LIMIT 0,1";
//select entry
$user = mysql_query($query, $db);
$user = mysql_fetch_array($user);
?>
</table>
</div>
<br>
<h2>Add Smack Talk</h2><h3></h3>
<?php
if (isset($_COOKIE['useremail']) == true) {
/**
* Title
*
* Description
*
* @access public
*/
function checkAccess($object_type, $object_id)
{
global $session;
$rule = SQLSelectOne("SELECT * FROM security_rules WHERE OBJECT_TYPE='" . $object_type . "' AND OBJECT_ID='" . (int) $object_id . "'");
if (!$rule['ID']) {
return true;
}
/*
if ($object_id==11) {
print_r($rule);
exit;
}
*/
//times
if ($rule['TIMES']) {
$hours_matched = false;
$tmp = explode(',', $rule['TIMES']);
$total = count($tmp);
for ($i = 0; $i < $total; $i++) {
$tmp2 = explode('-', $tmp[$i]);
if (timeBetween($tmp2[0], $tmp2[1])) {
$hours_matched = true;
}
}
if (!$hours_matched && !$rule['TIMES_EXCEPT']) {
return false;
} elseif ($hours_matched && $rule['TIMES_EXCEPT']) {
return false;
}
}
global $session;
//users
if ($rule['USERS']) {
$users_matched = false;
if ($session->data['SITE_USERNAME'] && !$session->data['SITE_USER_ID']) {
$user = SQLSelectOne("SELECT ID FROM users WHERE USERNAME='******'SITE_USERNAME'] . "'");
if ($user['ID']) {
$session->data['SITE_USER_ID'] = $user['ID'];
}
}
$user_id = (int) $session->data['SITE_USER_ID'];
$tmp = explode(',', $rule['USERS']);
if (in_array($user_id, $tmp)) {
$users_matched = true;
}
if (!$users_matched && !$rule['USERS_EXCEPT']) {
return false;
} elseif ($users_matched && $rule['USERS_EXCEPT']) {
return false;
}
}
//terminals
if ($rule['TERMINALS']) {
$terminals_matched = false;
if ($session->data['TERMINAL']) {
// && !$session->data['TERMINAL_ID']
$terminal = SQLSelectOne("SELECT ID FROM terminals WHERE NAME='" . $session->data['TERMINAL'] . "'");
if ($terminal['ID']) {
$session->data['TERMINAL_ID'] = $terminal['ID'];
}
}
$terminal_id = (int) $session->data['TERMINAL_ID'];
$tmp = explode(',', $rule['TERMINALS']);
if (in_array($terminal_id, $tmp)) {
$terminals_matched = true;
}
if (!$terminals_matched && !$rule['TERMINALS_EXCEPT']) {
return false;
} elseif ($terminals_matched && $rule['TERMINALS_EXCEPT']) {
return false;
}
}
return true;
}
