function DoTask()
{
global $Administrator, $GAME;
if (!$Administrator) {
$mypage = page::standard();
$mypage->title_body('Not authorised');
$mypage->leaf('p', 'You are not authorised to make use of this page. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$thenumber = sanitise_int(@$_POST['thenumber']);
if ($thenumber < -9 or $thenumber > 99 or $thenumber == 0) {
$mypage = page::standard();
$mypage->title_body('Invalid input');
$mypage->leaf('p', 'Expected a nonzero integer between -9 and 99 inclusive, but received ' . $thenumber . '. Please click <a href="board.php?GameID=' . $GAME['GameID'] . '">here</a> to go to the board page, or <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$interval = sanitise_enum(@$_POST['theinterval'], array('MINUTE', 'HOUR', 'DAY'));
if (@$_POST['whattime'] == 'now') {
$whattime = 'UTC_TIMESTAMP()';
} else {
$whattime = '"LastMove"';
}
$time_expr = 'TIMESTAMPADD(' . $interval . ', :thenumber:, ' . $whattime . ')';
dbquery(DBQUERY_WRITE, 'UPDATE "Game" JOIN "GameInProgress" ON "Game"."GameID" = "GameInProgress"."Game" SET "Game"."LastMove" = ' . $time_expr . ', "GameInProgress"."GIPLastMove" = ' . $time_expr . ' "Game"."GameTicker" = CONCAT("Game"."GameTicker", :tickerconcat:), "Game"."GameTickerNames" = CONCAT("Game"."GameTickerNames", :namesconcat:) WHERE "GameID" = :game:', 'thenumber', $thenumber, 'tickerconcat', '3A' . callmovetimediff() . letter_end_number($_SESSION['MyUserID']) . letter_end_number($_SESSION['MyGenderCode']), 'namesconcat', '|' . $_SESSION['MyUserName'], 'game', $GAME['GameID']);
dbquery(DBQUERY_COMMIT);
page::redirect(3, 'board.php?GameID=' . $GAME['GameID'], 'Successfully altered clock.');
}
<?php
if ($_POST['TheUserID'] != $_SESSION['MyUserID']) {
$mypage = page::standard();
$mypage->title_body('Not logged in as this user');
$mypage->leaf('p', 'You can only change your own settings, not those of other users. Please click <a href="index.php">here</a> to return to the Main Page.');
$mypage->finish();
}
$EscapedEmail = sanitise_str(@$_POST['Email'], STR_GPC | STR_ESCAPE_HTML | STR_TO_LOWERCASE);
$SPronoun = sanitise_enum(@$_POST['Pronoun'], array('He', 'She', 'It'));
$STimeLimitAUnits = sanitise_enum(@$_POST['TimeLimitAUnits'], array('minutes', 'hours', 'days'));
$STimeLimitBUnits = sanitise_enum(@$_POST['TimeLimitBUnits'], array('minutes', 'hours', 'days'));
switch ($SPronoun) {
case 'He':
$_SESSION['MyGenderCode'] = 0;
break;
case 'She':
$_SESSION['MyGenderCode'] = 1;
break;
case 'It':
$_SESSION['MyGenderCode'] = 2;
}
$EscapedStatement = sanitise_str_fancy(@$_POST['Statement'], 1, 50000, STR_GPC | STR_PERMIT_FORMATTING | STR_HANDLE_IMAGES | STR_PERMIT_ADMIN_HTML | STR_DISREGARD_GAME_STATUS);
$errors = false;
$errorlist = fragment::blank();
if ($EscapedStatement[1] == 1) {
$SetPSString = '';
$errors = true;
$errorlist->opennode('li');
$errorlist->text('That personal statement is too long. The limit is around 50, 000 characters (proviso: depending on the content you enter, the number of characters after the content is processed may vary slightly from that before). Here is the text you entered:');
$errorlist->emptyleaf('br');
