function DoTask() { global $Administrator, $GAME; if (!$Administrator) { $mypage = page::standard(); $mypage->title_body('Not authorised'); $mypage->leaf('p', 'You are not authorised to make use of this page. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.'); $mypage->finish(); } $thenumber = sanitise_int(@$_POST['thenumber']); if ($thenumber < -9 or $thenumber > 99 or $thenumber == 0) { $mypage = page::standard(); $mypage->title_body('Invalid input'); $mypage->leaf('p', 'Expected a nonzero integer between -9 and 99 inclusive, but received ' . $thenumber . '. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.'); $mypage->finish(); } $interval = sanitise_enum(@$_POST['theinterval'], array('MINUTE', 'HOUR', 'DAY')); if (@$_POST['whattime'] == 'now') { $whattime = 'UTC_TIMESTAMP()'; } else { $whattime = '"LastMove"'; } $time_expr = 'TIMESTAMPADD(' . $interval . ', :thenumber:, ' . $whattime . ')'; dbquery(DBQUERY_WRITE, 'UPDATE "Game" JOIN "GameInProgress" ON "Game"."GameID" = "GameInProgress"."Game" SET "Game"."LastMove" = ' . $time_expr . ', "GameInProgress"."GIPLastMove" = ' . $time_expr . ' "Game"."GameTicker" = CONCAT("Game"."GameTicker", :tickerconcat:), "Game"."GameTickerNames" = CONCAT("Game"."GameTickerNames", :namesconcat:) WHERE "GameID" = :game:', 'thenumber', $thenumber, 'tickerconcat', '3A' . callmovetimediff() . letter_end_number($_SESSION['MyUserID']) . letter_end_number($_SESSION['MyGenderCode']), 'namesconcat', '|' . $_SESSION['MyUserName'], 'game', $GAME['GameID']); dbquery(DBQUERY_COMMIT); page::redirect(3, 'board.php?GameID=' . $GAME['GameID'], 'Successfully altered clock.'); }
<?php if ($_POST['TheUserID'] != $_SESSION['MyUserID']) { $mypage = page::standard(); $mypage->title_body('Not logged in as this user'); $mypage->leaf('p', 'You can only change your own settings, not those of other users. Please click <a href="index.php">here</a> to return to the Main Page.'); $mypage->finish(); } $EscapedEmail = sanitise_str(@$_POST['Email'], STR_GPC | STR_ESCAPE_HTML | STR_TO_LOWERCASE); $SPronoun = sanitise_enum(@$_POST['Pronoun'], array('He', 'She', 'It')); $STimeLimitAUnits = sanitise_enum(@$_POST['TimeLimitAUnits'], array('minutes', 'hours', 'days')); $STimeLimitBUnits = sanitise_enum(@$_POST['TimeLimitBUnits'], array('minutes', 'hours', 'days')); switch ($SPronoun) { case 'He': $_SESSION['MyGenderCode'] = 0; break; case 'She': $_SESSION['MyGenderCode'] = 1; break; case 'It': $_SESSION['MyGenderCode'] = 2; } $EscapedStatement = sanitise_str_fancy(@$_POST['Statement'], 1, 50000, STR_GPC | STR_PERMIT_FORMATTING | STR_HANDLE_IMAGES | STR_PERMIT_ADMIN_HTML | STR_DISREGARD_GAME_STATUS); $errors = false; $errorlist = fragment::blank(); if ($EscapedStatement[1] == 1) { $SetPSString = ''; $errors = true; $errorlist->opennode('li'); $errorlist->text('That personal statement is too long. The limit is around 50, 000 characters (proviso: depending on the content you enter, the number of characters after the content is processed may vary slightly from that before). Here is the text you entered:'); $errorlist->emptyleaf('br');