require_once '..' . DS . 'include' . DS . 'mysqlHelper.php'; $db = new mysqlHelper(); require_once '..' . DS . 'include' . DS . 'cleanPostAndGet.php'; //Clean $_POST and $_GET of malicious require_once '..' . DS . 'include' . DS . 'utilityFunctions.php'; $handle = strtoupper($_POST['handle']); $password = encrypt_password($_POST['password']); //check for existence of user account $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$handle}' AND password='******' AND activated=1"; $db->setQuery($query); if ($db->foundRows == 0) { echo "{'error':'Username and password did not match'}"; return; } //Is this a superuser account? $user_data = $db->fetch_assoc(); if ($user_data['user_type'] != 'su') { echo "{'error':'You are not allowed to login via this screen'}"; return; } //Authentication successful and we now need to start a session before sending a response for redirection to CodeZone home page $query = "SELECT avatar_path,quote,about_me,language,match_count,ranking_pts FROM " . $_pre . "profile WHERE registration_no='{$handle}'"; $db->setQuery($query); $row = $db->fetch_assoc(); //Add user profile info to user_row_data array $user_data = array_merge($user_data, $row); //Start a session and session register this user's row data session_start(); $_SESSION['user_row_data'] = $user_data; //Update user details in sessions & users table $query = "UPDATE " . $_pre . "users SET last_visit_date=NOW() WHERE registration_no='{$handle}'";
//Get the mysqlHelper class require_once '..' . DS . 'include' . DS . 'mysqlHelper.php'; $db = new mysqlHelper(); require_once '..' . DS . 'include' . DS . 'cleanPostAndGet.php'; //Clean $_POST and $_GET of malicious if (@$_GET['a'] == 'r_scoreboard') { $match_table_name = base64_decode(@$_GET['m_tn']); //We need to see if the match is an active match so that we load the scoreboard in refresh mode while at the same time checking if there's a match by the specified table name $query = "SELECT * FROM " . $_pre . "matches WHERE match_table_name='{$match_table_name}'"; $db->setQuery($query); if ($db->foundRows == 0) { echo 'Unable to load scoreboard for selected match'; return; } //Check if the match is active $md = $db->fetch_assoc(); $match_active = false; if ($md['start_time'] < time() && $md['start_time'] + $md['duration'] > time()) { } else { echo "match over!"; return; } //Now we can proceed and load the scoreboard by selecting details from both the appropriate match table and the profile table $query = "SELECT " . $_pre . $match_table_name . ".*," . $_pre . "profile.ranking_pts FROM " . $_pre . $match_table_name . "," . $_pre . "profile WHERE " . $_pre . $match_table_name . ".registration_no=" . $_pre . "profile.registration_no ORDER BY points DESC"; $db->setQuery($query); ?> <p>CodeZone algorithm match <b><?php echo $md['id']; ?> </b></p> <p>Match duration <b><?php