function content()
{
if (!user_logged_in()) {
return must_log_in();
}
$user = fetch_one_or_none('users', 'id', user_logged_in());
if (!array_key_exists('token', $_GET) || !$_GET['token'] || $_GET['token'] != sha1($user->new_email_address)) {
$errors[] = 'Invalid reset token';
}
# This can happen if two accounts try to change address at similar times.
if (count($errors) == 0 && count(fetch_all('users', 'email_address', $user->new_email_address))) {
$errors[] = "A user with this email address already exists";
}
if (count($errors) == 0) {
update_all('users', array('email_address' => $user->new_email_address, 'new_email_address' => null), 'id', user_logged_in());
?>
<h2>Address changed</h2>
<p>Your email address has been changed to
<tt><?php
esc($user->new_email_address);
?>
</tt>.</p>
<?php
return;
}
page_header('Address verification failed');
show_error_list($errors);
}
function do_login()
{
global $errors;
$errors = array();
if (!array_key_exists('email', $_POST) || !$_POST['email'] || !array_key_exists('password', $_POST) || !$_POST['password']) {
$errors[] = "Please provide both an email address and a password";
}
if (count($errors)) {
return;
}
$email = $_POST['email'];
$password = $_POST['password'];
error_log("Login attempt from <{$email}>");
$users = fetch_all('users', 'email_address', $email);
if (count($users) > 1) {
die('Multiple users with that address!');
}
if (count($users) == 0) {
$errors[] = 'Incorrect email address';
} elseif (crypt($password, $users[0]->password_crypt) != $users[0]->password_crypt) {
$errors[] = 'Incorrect password';
} elseif (!$users[0]->date_verified) {
$errors[] = 'Your account is not yet activated';
} elseif (!$users[0]->date_approved) {
$errors[] = 'Your account is not yet approved';
}
if (count($errors)) {
return;
}
$forever = array_key_exists('forever', $_POST) && $_POST['forever'];
set_login_cookie($uid = $users[0]->id, $forever ? 2147483647 : 0);
error_log("Login succeeded from <{$email}>");
redirect_away();
}
function login_user($connection, $post)
{
$_SESSION['login_errors'] = array();
if (empty($post['user_name'])) {
$_SESSION['login_errors'][] = 'User Name cannot be blank';
}
if (empty($post['password'])) {
$_SESSION['login_errors'][] = 'Password cannot be blank';
}
if (count($_SESSION['login_errors']) > 0) {
header('Location: login.php');
} else {
$user_name = mysqli_real_escape_string($connection, $post['user_name']);
$password = mysqli_real_escape_string($connection, $post['password']);
$query = "SELECT * FROM users WHERE users.user_name = '{$user_name}'";
$result = fetch_all($query);
if (!empty($result) && $result[0]['password'] == $password) {
$_SESSION['user_name'] = $user_name;
$_SESSION['user_id'] = $result[0]['id'];
header('Location: success.php');
} else {
$_SESSION['login_errors'][] = 'Login Failed';
header('Location: login.php');
}
}
}
function get_column_names_by_table_name($table)
{
$result_one_row = fetch_all(mysql_query("SELECT * FROM `{$table}` LIMIT 1"));
$table_column_names = array();
for ($i = 0; $i < mysql_num_fields($result_one_row); ++$i) {
$table_column_names[] = mysql_field_name($result_one_row, $i);
}
return $table_column_names;
}
function content()
{
if (!user_logged_in()) {
return must_log_in();
}
$user = fetch_one_or_none('users', 'id', user_logged_in());
$errors = array();
if (array_key_exists('change', $_POST)) {
if (!isset($_POST['email']) || !$_POST['email']) {
$errors[] = "Please enter an email address";
} else {
$email = $_POST['email'];
if ($email && !validate_email_address($email)) {
$errors[] = "Invalid email address";
}
if (count($errors) == 0 && count(fetch_all('users', 'email_address', $email))) {
$errors[] = "A user with this email address already exists";
}
if (count($errors) == 0) {
update_all('users', array('new_email_address' => $email), 'id', user_logged_in());
send_email_change_email($email, $user->name);
?>
<p>We have sent an email to your new address requesting that you
confirm that change of address.</p>
<?php
return;
}
}
}
$fields = array();
page_header('Change email address');
show_error_list($errors);
?>
<form method="post" action="" accept-charset="UTF-8">
<div class="fieldrow">
<div class="field">
<label>Current address:</label>
<div><tt><?php
esc($user->email_address);
?>
</tt></div>
</div>
</div>
<div class="fieldrow">
<?php
text_field($fields, 'email', 'New address');
?>
</div>
<div class="fieldrow">
<input type="submit" name="change" value="Change"/>
</div>
</form>
<?php
}
function get_notes($user_id)
{
$mysql_link = connect();
$query = sprintf("SELECT * FROM note WHERE user_id='%s'", mysql_real_escape_string($user_id, $mysql_link));
$result = mysql_query($query, $mysql_link);
$notes = fetch_all($result);
disconnect($mysql_link);
return $notes;
}
function get_all_comments($message_id)
{
$query = "SELECT comment,\n\t\t\t\t users.first_name AS first_name,\n\t\t\t\t users.last_name AS last_name,\n\t\t\t\t comments.created_at AS created_at\n\t\t\t\t FROM comments\n\t\t\t\t LEFT JOIN messages\n\t\t\t\t ON comments.message_id = messages.id\n\t\t\t\t LEFT JOIN users\n\t\t\t\t ON comments.user_id = users.id\n\t\t\t\t WHERE message_id = '{$message_id}'";
$comments = fetch_all($query);
if (count($comments) > 0) {
$_SESSION["comments"] = $comments;
} else {
$_SESSION["comments"] = array();
}
}
function register_user($post)
{
$_SESSION['errors'] = array();
// Assigning more secure variables to important fields using escape_this_string function
$username = escape_this_string($post['username']);
$email = escape_this_string($post['email']);
$password = escape_this_string($post['password']);
// Beginning of validation checks
// Attempt at validating existing information
$check_data_query = "SELECT users.username, users.email FROM users";
$existing_users = fetch_all($check_data_query);
if (!empty($existing_users)) {
foreach ($existing_users as $user) {
if ($username == $user['username']) {
$_SESSION['errors'][] = 'This username is already taken.';
}
if ($email == $user['email']) {
$_SESSION['errors'][] = 'This email is already in use.';
}
}
}
// Validating non-existing information to make sure nothing is blank or invalid
if (empty($username)) {
$_SESSION['errors'][] = "Username cannot be blank.";
}
if (empty($post['first_name'])) {
$_SESSION['errors'][] = "First name cannot be blank.";
}
if (empty($post['last_name'])) {
$_SESSION['errors'][] = "Last name cannot be blank.";
}
if (empty($password)) {
$_SESSION['errors'][] = "Password fields cannot be blank.";
}
if ($post['password'] !== $post['confirm_password']) {
$_SESSION['errors'][] = "Passwords must match.";
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['errors'][] = "Please use a valid email address.";
}
if (count($_SESSION['errors']) > 0) {
header('Location: main.php');
exit;
} else {
// Here I am gonna encrypt both the email and password and then I'm going to make a query to insert that data into the database
$salt = bin2hex(openssl_random_pseudo_bytes(22));
$encrypted_password = md5($password . '' . $salt);
$query = "INSERT INTO users (username, first_name, last_name, email, password, salt, created_at, updated_at) \n\t\t\t \t\t VALUES ('{$username}', '{$post['first_name']}', '{$post['last_name']}', '{$email}', '{$encrypted_password}', '{$salt}', NOW(), NOW())";
run_mysql_query($query);
$_SESSION['success'] = "User has been successfully created!";
header('Location: main.php');
exit;
}
}
function checkduplicate($text)
{
// if the last string is a forward slash, then remove the forward slash and re-evaluate
if (substr($text, strlen($text) - 1, 1) !== '/') {
$text = $text . '/';
}
$query = 'SELECT * FROM scrapper WHERE ref_link = "' . $text . '"';
$query_result = fetch_all($query);
if (count($query_result) == 0) {
return true;
}
return false;
}
function login_user($post)
{
$query = "SELECT * FROM users WHERE users.email = '{$post['email']}' AND users.password = '******'password']}'";
$user = fetch_all($query);
if (count($user) > 0) {
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['f_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = true;
header('location: success.php');
} else {
$_SESSION['errors'][] = 'check credentials';
header('location: index.php');
}
}
function post_comment($post)
{
if (empty($post['comments'])) {
$_SESSION['errors'][] = "Please submit a comment.";
header("Location: success.php");
exit;
} elseif (!empty($post['comments'])) {
$query = "INSERT INTO comments (comment, created_at, updated_at, users_id, messages_id)\r\n\t\t\t\tVALUES ('{$post['comments']}', NOW(), NOW(), '{$post['user_id']}', '{$post['message_id']}')";
run_mysql_query($query);
$query = "SELECT * FROM users\r\n\t\t\t\tLEFT JOIN comments\r\n\t\t\t\tON users.id = comments.users_id";
$_SESSION['comments'] = fetch_all($query);
header("Location: success.php");
die;
}
}
function login_user($post)
{
$query = "SELECT * FROM users\n\t\t\t\t WHERE users.password = '******'password']}'\n\t\t\t\t AND users.email = '{$_POST['email']}'";
$user = fetch_all($query);
if (count($user) > 0) {
$_SESSION["user_id"] = $user[0]["id"];
$_SESSION["first_name"] = $user[0]["first_name"];
$_SESSION["logged_in"] = TRUE;
header("Location: success.php");
die;
} else {
$_SESSION["errors"][] = "Can't find a user with those credentials!";
header("Location: index.php");
die;
}
}
function login_user($post)
{
$password = md5($post['password']);
$email = escape_this_string($post['email']);
$query = "SELECT * FROM users WHERE users.email = '{$email}' AND users.password = '******'";
$user = fetch_all($query);
if (count($user) > 0) {
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = true;
header('location: wall.php');
} else {
$_SESSION['errors'][] = 'Check your credentials';
header('location: login.php');
}
}
function login_user($post)
{
$query = "SELECT * FROM users WHERE users.password = '******'password']}'\r\n\t\t\tAND users.email = '{$post['email']}'";
$user = fetch_all($query);
$query = "SELECT * FROM users\r\n\t\t \t\t LEFT JOIN messages\r\n\t\t \t\t ON users.id = messages.users_id\r\n\t\t \t\t ORDER BY messages.created_at ASC";
$_SESSION['records'] = fetch_all($query);
$query = "SELECT * FROM users \r\n\t\t\t\tLEFT JOIN comments\r\n\t\t\t\tON users.id = comments.users_id";
$_SESSION['comments'] = fetch_all($query);
if (count($user) > 0) {
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = TRUE;
header("location: success.php");
} else {
$_SESSION['errors'][] = "can't find a user with those credentials";
header("location: index.php");
die;
}
}
function login_user($post)
{
$query = "SELECT * FROM users WHERE users.password = '******'password']}' \n\t\t\t\t AND users.email = '{$post['email']}'";
$user = fetch_all($query);
echo $user;
if (count($user) > 0) {
$_SESSION['user_id'] = $user[0]['id'];
$_SESSION['first_name'] = $user[0]['first_name'];
$_SESSION['logged_in'] = TRUE;
header('location: success.php');
} else {
// $_SESSION['errors'][] = array();
$_SESSION['errors'][] = "can't find a user with those credentials";
// header('location: index.php');
// die();
}
echo $query;
// die();
}
function np_character_from_blueprint($blueprint, $level = 1, $username = '******')
{
$this->level = intval($level);
if ($level < 0) {
$level = 1;
echo "<p>bad level input for npc!</p>";
}
//define main vars
$this->id = -1;
$this->name = $blueprint["name"];
$this->user = $username;
$this->cclass = $blueprint["class"];
$this->race = $blueprint["race"];
$this->sex = rand(0, 1) ? 'Female' : 'Male';
$this->image = $blueprint["image_path"];
$this->age = $this->level * $this->level;
$this->location = 0;
//define attribute vars
$this->strength = (int) ($blueprint["min_damage"] + 3 * ($this->level - 1));
$this->dexterity = (int) ($blueprint["max_damage"] - $blueprint["min_damage"] + 2 * $this->level + 2);
$this->wisdom = (int) ($blueprint["xp_given"] / 2 + $this->level);
//define changeable vars( well except constitution )
$this->hit_points = $blueprint["hit_points"] + rand(0, $this->level * 3);
$this->constitution = (int) (($this->hit_points + 10) / 6);
$this->stamina_points = ($this->constitution + $this->strength) * 5;
$this->level = $this->level;
//This are the most significant changes from 0.90
$ac_left = fairInt($blueprint['AC'] * sqrt($this->level * 0.25));
$this->xp = fairInt($blueprint["xp_given"] * (0.5 + sqrt($this->level * 0.25)));
$this->gold = fairInt($blueprint["gold_given"] * (0.5 + sqrt($this->level * 0.25)));
$this->stat_points = 0;
//skills
$this->fight = 4 + $this->level;
$this->defence = (int) ($blueprint['AC'] / 4 + $this->level - 1);
$this->lockpick = 1 + (int) ($this->wisdom / 4);
$this->traps = 1 + (int) ($this->wisdom / 2);
//define equipment vars
$this->weapon = 0;
$this->armor = 0;
$this->boots = 0;
$this->shield = 0;
$this->gloves = 0;
$this->helm = 0;
//FIXME: we need natural armor to clothe e.g. dragons
//FIXME: armor class needs to be spent more evenly among armor types
if ($ac_left > 0) {
$armors = fetch_all("select id, armor_class from phaos_armor where armor_class<={$ac_left} order by armor_class DESC LIMIT 1");
if (count($armors) > 0) {
$this->armor = $armors[0]['id'];
$this->armor_ac = $armors[0]['armor_class'];
$ac_left -= $this->armor_ac;
}
}
if ($ac_left > 0) {
$boots = fetch_all("select id, armor_class from phaos_boots where armor_class<={$ac_left} order by armor_class DESC LIMIT 1");
if (count($boots) > 0) {
$this->boots = $boots[0]['id'];
$this->boots_ac = $boots[0]['armor_class'];
$ac_left -= $this->boots_ac;
}
}
//fill weapon:
$blueprint['avg_damage'] = (int) (($blueprint["min_damage"] + $blueprint["max_damage"]) * 0.5);
$weapons = fetch_all("select * from phaos_weapons where min_damage<={$blueprint['min_damage']} and {$blueprint['avg_damage']}<= 2*max_damage order by RAND() LIMIT 1");
if (count($weapons) > 0) {
$this->weapon = $weapons[0]['id'];
$this->weapon_min = $weapons[0]['min_damage'];
$this->weapon_max = $weapons[0]['max_damage'];
$this->weapon_name = $weapons[0]['name'];
} else {
$this->weapon_min = 0;
$this->weapon_max = 0;
$this->weapon_name = "natural weapon";
}
$this->weaponless = $blueprint['avg_damage'] + 2 * (int) $this->level;
//calculated stuff
$this->available_points = $this->strength + $this->dexterity + $this->wisdom + $this->constitution;
$this->max_hp = $this->constitution * 6;
$this->max_stamina = ($this->constitution + $this->strength) * 10;
$this->max_rep = 7;
if ($this->hit_points > $this->max_hp) {
$this->max_hp = $this->hit_points;
}
if ($this->stamina_points > $this->max_stamina) {
$this->max_stamina = $this->stamina_points;
}
//other stuff
$actTime = time();
$this->regen_time = $actTime;
$this->stamina_time = $actTime;
$this->rep_time = $actTime;
$this->no_regen_hp = $blueprint["hit_points"];
//regeneration
$this->time_since_regen = $actTime - $this->regen_time;
$this->stamina_time_since_regen = $actTime - $this->stamina_time;
$this->rep_time_since_regen = $actTime - $this->rep_time;
//reputation
$this->rep_points = rand(0, $this->level - 1);
$this->rep_helpfull = rand(0, $this->level - 1);
$this->rep_generious = rand(0, $this->level - 1);
$this->rep_combat = rand(0, $this->level - 1);
//weapon & fight Calculation
$this->max_inventory = $this->strength * 5;
if (!$this->image) {
$this->image = "images/monster/forest_troll.gif";
}
}
function asurvey()
{
global $prefix, $sqldbdb, $MySQL, $set, $langmessage;
if (file_exists("addons/survey/lang/lang_" . $set['language'] . ".php")) {
require_once "addons/survey/lang/lang_" . $set['language'] . ".php";
} else {
require_once "addons/survey/lang/lang_en_US.php";
}
// Check if table exists in the database
if ($MySQL == 0) {
if (!($aa = sqlite_fetch_column_types($prefix . "surveynames", $sqldbdb))) {
dbquery("CREATE TABLE " . $prefix . "surveynames ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL)");
}
if (!($aa = sqlite_fetch_column_types($prefix . "surveyvotes", $sqldbdb))) {
dbquery("CREATE TABLE " . $prefix . "surveyvotes ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL)");
}
} else {
dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveynames ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL, PRIMARY KEY (id))");
dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveyvotes ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL, PRIMARY KEY (id))");
}
if (isset($_POST['surveysubmit'])) {
if ($_POST['surveysubmit'] == "New Survey" && $_POST['surveyname'] != "") {
if (!is_intval($_POST['adminlevel'])) {
die($langmessage[98]);
}
dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, 0, \"" . encode(sanitize($_POST['surveyname'])) . "\", 0, " . $_POST['adminlevel'] . ")");
}
if ($_POST['surveysubmit'] == "Delete Survey" && $_POST['surveyid'] != "") {
if (!is_intval($_POST['surveyid'])) {
die($langmessage[98]);
}
dbquery("DELETE FROM " . $prefix . "surveynames WHERE (id=" . $_POST['surveyid'] . " AND surveyid=0) OR surveyid=" . $_POST['surveyid']);
dbquery("DELETE FROM " . $prefix . "surveyvotes WHERE surveyid=" . $_POST['surveyid']);
}
if ($_POST['surveysubmit'] == "Add Option" && $_POST['option'] != "") {
if (!is_intval($_POST['surveyid']) || !is_intval($_POST['place'])) {
die($langmessage[98]);
}
dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, " . $_POST['surveyid'] . ", \"" . encode(sanitize($_POST['option'])) . "\", " . $_POST['place'] . ", 0)");
}
}
$out .= "<h2>{$surveymessage['15']}</h2>\n<hr />\n";
$out .= "<h3>{$surveymessage['1']}</h3>\n";
$out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n";
$out .= "<table>\n<tr><td>{$surveymessage['2']}: </td><td><input type=\"text\" name=\"surveyname\" value=\"\" size=\"50\" /></td></tr>\n";
$out .= "<tr><td>{$surveymessage['3']}: </td><td><SELECT name=\"adminlevel\">\n";
$out .= "<option value=\"0\">{$langmessage['161']}</option>\n";
$out .= "<option value=\"2\">{$langmessage['162']}</option>\n";
$out .= "<option value=\"3\">{$langmessage['29']}</option>\n";
$out .= "<option value=\"4\">{$langmessage['163']}</option>\n";
$out .= "</SELECT></td></tr>\n";
$out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"New Survey\" /></td>";
$out .= "<td><input type=\"submit\" value=\"{$surveymessage['1']}\" name=\"aaa\" /></td></tr>\n";
$out .= "</table>\n</form>\n";
$out .= "<hr /><h3>{$surveymessage['5']}</h3>\n";
$out .= "<form name=\"form2\" method=\"POST\" action=\"\">\n";
$out .= "<table>\n";
$out .= "<tr><td>{$surveymessage['5']}: </td><td><SELECT name=\"surveyid\">\n";
$output = dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0");
$row = fetch_all($output);
$i = 0;
while ($row[$i]['surveyname']) {
$out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n";
$i++;
}
$out .= "</SELECT></td></tr>\n";
$out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Delete Survey\" /></td>";
$out .= "<td><input type=\"submit\" value=\"{$surveymessage['5']}\" name=\"aaa\" /></td></tr>\n";
$out .= "</table>\n</form>\n";
$out .= "<hr /><h3>{$surveymessage['6']}</h3>\n";
$out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n";
$out .= "<table>\n";
$out .= "<tr><td>{$surveymessage['2']}: </td><td><SELECT name=\"surveyid\">\n";
$row = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0"));
$i = 0;
while ($row[$i]['surveyname']) {
$out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n";
$i++;
}
$out .= "</SELECT></td></tr>\n";
$out .= "<tr><td>{$surveymessage['7']}: </td><td><input type=\"text\" name=\"place\" size=\"2\" value=\"\" /></td></tr>\n";
$out .= "<tr><td>{$surveymessage['8']}: </td><td><input type=\"text\" name=\"option\" size=\"50\" value=\"\" /></td></tr>\n";
$out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Add Option\" /></td>";
$out .= "<td><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['9']}\" /></td></tr>\n";
$out .= "</table>\n</form>\n";
$out .= "<hr /><h3>{$surveymessage['4']}</h3>\n<ul>";
$i = 0;
while ($row[$i]['id']) {
$out .= "<li>" . $row[$i]['id'] . " - " . decode($row[$i]['surveyname']) . "</li>\n";
$row1 = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $row[$i]['id']));
$j = 0;
$out .= "<ul>";
while ($row1[$j]['id']) {
$out .= "<li>" . $row1[$j]['surveyname'] . "</li>\n";
$j++;
}
$out .= "</ul>\n";
$i++;
}
$out .= "</ul>\n";
return $out;
}
// get the first record.
// it will be assumed that the table will have an inital record which will contain the main site
// only get the records that are tag for drilling : drill = 'Y'.
// this will only loop(drill) 3times (or 3levels) just to be sure
// anything after the 3rd level will be ignored
// get the details of the site to determine how many levels to drill
$query = "SELECT * FROM sites WHERE drill = 'Y' AND status = 'Pending'";
$results = fetch_record($query);
// loop through the list
for ($list_loop = 0; $list_loop <= count($results); $list_loop++) {
// set runtime to only 10 minutes
set_time_limit(600);
for ($loopCounter = 0; $loopCounter <= $results['level']; $loopCounter++) {
// get the first link
$query = "SELECT * FROM scrapper WHERE main_site_id =" . $results['site_id'] . " AND drill = 'Y' AND drillStatus = 'Not Started'";
$query_results = fetch_all($query);
if (count($query_results) == 0) {
// update the site record
$query = "UPDATE sites SET drill='N', status='Completed' WHERE main_site_id =" . $results['site_id'];
run_mysql_query($query);
$loopCounter = $results['level'];
} else {
foreach ($query_results as $listing) {
grabAnchors($listing, $results['site_address']);
}
}
}
// update the site record
$query = "UPDATE sites SET drill='N', status='Completed' WHERE main_site_id =" . $results['site_id'];
run_mysql_query($query);
}
} else {
DB::insert('gongqiu_member', gpc('member_'));
showmessage($_lang['edit_ok']);
}
}
} elseif ($op == 'mycredit') {
if (empty($gongqiu_config['extcredits'])) {
showmessage($_lang['no_extcredits']);
} else {
$credit = DB::result_first("SELECT extcredits{$gongqiu_config['extcredits']} FROM " . DB::table('common_member_count') . " WHERE uid='{$_G['uid']}'");
$credit_log = fetch_all('gongqiu_up', " as su LEFT JOIN " . DB::table('gongqiu_goods') . " as sg ON su.goods_id = sg.goods_id WHERE sg.member_uid='{$_G['uid']}'");
}
} elseif ($op == 'quiteup') {
$goods_id = intval($_GET['goods_id']);
DB::update('gongqiu_goods', array('goods_up' => ''), " goods_id='{$goods_id}'");
showmessage($_lang['edit_ok'], $gongqiu_config['root'] . "?mod=member&op=mypost");
} elseif ($op == 'setpostup') {
$goods_id = intval($_GET['goods_id']);
$goods = fetch_all('gongqiu_goods', " WHERE goods_id='{$goods_id}'", " goods_title,goods_id,member_uid ");
$goods = $goods[0];
include template("gongqiu:{$style}/setpostup");
exit;
} elseif ($op == 'jubao') {
$goods_id = intval($_GET['goods_id']);
$goods = fetch_all('gongqiu_goods', " WHERE goods_id='{$goods_id}'", " goods_title,goods_id,member_uid ");
$goods = $goods[0];
include template("gongqiu:{$style}/jubao");
exit;
}
$navtitle = $_lang['member'] . " - " . $gongqiu_config['name'];
include template("gongqiu:{$style}/member");
$op = !empty($_GET['op']) ? addslashes($_GET['op']) : 'post';
$uid = $_G['uid'];
$goods = fetch_all('gongqiu_goods', " WHERE goods_id='{$goods_id}'");
$goods = $goods[0];
$goods['goods_text'] = stripslashes($goods['goods_text']);
$cat = fetch_all("gongqiu_cat", " WHERE cat_status='1' ORDER BY cat_sort DESC ");
if ($op == 'edit') {
if ($goods['member_uid'] != $_G['uid'] && !is_gongqiu_admin()) {
showmessage($_lang['no_quanxian']);
} else {
$uid = $goods['member_uid'];
}
}
$member = fetch_all('gongqiu_member', " WHERE member_uid='{$uid}'");
$member = $member[0];
$my_credit = fetch_all("common_member_count", " WHERE uid='{$uid}'", " extcredits{$gongqiu_config['extcredits']} ", "0");
$my_credit = $my_credit["extcredits{$gongqiu_config['extcredits']}"];
if (submitcheck('post_submit') || submitcheck('edit_submit')) {
if (empty($_GET['province']) && $op == 'post') {
showmessage($_lang['must_province']);
}
if (empty($_GET['goods_text'])) {
showmessage($_lang['must_goods_text']);
}
if (empty($_GET['member_username'])) {
showmessage($_lang['must_member_username']);
}
if (empty($_GET['member_phone'])) {
showmessage($_lang['must_member_phone']);
}
/* begin:发布积分消费 */
$errors = array();
$_SESSION['errors'] = $errors;
$_SESSION['user_id'] = 0;
if (isset($_POST['action']) && $_POST['action'] == 'register') {
if (empty($_POST['first_name']) || !ctype_alpha($_POST['first_name'])) {
$errors[] = "first name must contain only letters and no spaces";
}
if (empty($_POST['last_name']) || !ctype_alpha($_POST['last_name'])) {
$errors[] = "last name must contain only letters and no spaces";
}
if (empty($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$errors[] = "please enter a valid email address (example@example.com)";
} else {
$email = escape_this_string($_POST['email']);
$query = "SELECT email\n\t\t\t\tFROM users\n\t\t\t\tWHERE email = '{$email}'";
if (!empty(fetch_all($query))) {
$errors[] = "username is already taken, please select a new username";
}
}
if (empty($_POST['password']) || strlen($_POST['password']) < 6) {
$errors[] = "password must be greater than 6 characters";
}
if ($_POST['password_conf'] != $_POST['password']) {
$errors[] = "password confirmation does not match";
}
if (count($errors) > 0) {
$_SESSION['errors'] = $errors;
header('location: index.php');
die;
} else {
$_SESSION['errors'] = $errors;
function whos_here($locationids, $characterrole = 'phaos_npc')
{
global $PHP_PHAOS_CHARID;
if (is_array($locationids)) {
$locationset = makeList($locationids);
$locwhere = "location IN {$locationset}";
} else {
$locationid = intval($locationids);
$locwhere = "location={$locationid}";
}
$order = 'ORDER by wisdom ASC, gold/(strength+dexterity+hit_points) ASC';
$query = "SELECT id FROM phaos_characters WHERE {$locwhere} AND username LIKE '{$characterrole}' {$order}";
$list = project(fetch_all($query), 'id');
return $list;
}
function markers($page)
{
global $prefix;
$open = "%!\$";
$close = "\$!%";
while (strpos($page, $open)) {
$pagearray = explode($open, $page, 2);
$out .= $pagearray[0];
$pagearray1 = explode($close, $pagearray[1], 2);
$token = explode(" ", $pagearray1[0], 2);
switch ($token[0]) {
case "plugin":
$pluginame = "plugins/" . clean($token[1]) . "/";
if (file_exists($pluginame . "place.mod")) {
$out .= file_get_contents($pluginame . "place.mod");
}
if (file_exists($pluginame . "include.mod")) {
include $pluginame . "include.mod";
}
break;
case "function":
$bb = clean($token[1]);
$aa = explode(" ", $bb);
if ($aa[3] != "") {
$out .= $aa[0]($aa[1], $aa[2], $aa[3]);
} elseif ($aa[2] != "") {
$out .= $aa[0]($aa[1], $aa[2]);
} elseif ($aa[1] != "") {
$out .= $aa[0]($aa[1]);
} else {
$out .= $aa[0]();
}
break;
case "include":
include clean($token[1]);
break;
case "place":
$out .= clean(file_get_contents(trim($token[1])));
break;
default:
$addons = fetch_all(dbquery("SELECT * FROM " . $prefix . "addons WHERE active=1"));
$found = false;
foreach ($addons as $addon) {
if ($pagearray1[0] == $addon['name']) {
$found = true;
require_once "addons/" . $addon['name'] . "/main.php";
$out .= $addon['fname']();
break;
} elseif (substr($pagearray1[0], 0, strlen($addon['name'])) == $addon['name']) {
$found = true;
require_once "./addons/" . $addon['name'] . "/main.php";
$bb = clean(substr($pagearray1[0], strlen($addon['name'])));
$aa = explode(" ", clean($bb));
if ($aa[3] != "") {
$out .= $addon['fname'](clean($aa[0]), clean($aa[1]), clean($aa[2]), clean($aa[3]));
} elseif ($aa[2] != "") {
$out .= $addon['fname'](clean($aa[0]), clean($aa[1]), clean($aa[2]));
} elseif ($aa[1] != "") {
$out .= $addon['fname'](clean($aa[0]), clean($aa[1]));
} else {
$out .= $addon['fname'](clean($aa[0]));
}
break;
}
}
if (substr($pagearray1[0], 0, 5) != "first" && substr($pagearray1[0], 0, 4) != "head" && !$found) {
$out .= "\n" . clean($pagearray1[0]) . "\n";
}
}
$page = $pagearray1[1];
}
if ($page != "") {
$out .= $page;
}
return $out;
}
header("location: index.php");
die;
}
} elseif (isset($_POST['action']) && $_POST['action'] == 'register') {
//notifies user to complete all fields
if (empty($_POST['first_name'])) {
$_SESSION['error'][] = "Please fill in all fields.";
} elseif (empty($_POST['last_name'])) {
$_SESSION['error'][] = "Please fill in all fields.";
} elseif (empty($_POST['password'])) {
$_SESSION['error'][] = "Please fill in all fields.";
} elseif (empty($_POST['email'])) {
$_SESSION['error'][] = "Please fill in all fields.";
}
//prevents duplicate email addresses
$users = fetch_all("SELECT * FROM users");
foreach ($users as $key => $value) {
if ($_POST['email'] == $users[$key]['email']) {
$_SESSION['error'][] = "That email address is already in use";
}
}
//additional criterion
if (is_numeric($_POST['first_name'])) {
$_SESSION['error'][] = "First name cannot contain numbers.";
}
if (is_numeric($_POST['last_name'])) {
$_SESSION['error'][] = "Last name cannot contain numbers.";
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) && !empty($_POST['email'])) {
$_SESSION['error'][] = "Please enter a valid email address.";
}
<?php
session_start();
require 'new_connection.php';
$query = "SELECT name, content, created_at FROM names\n\tORDER BY created_at DESC";
$quote_data = fetch_all($query);
?>
<!DOCTYPE html>
<html>
<head>
<title>BillBoard</title>
<link rel="stylesheet" type="text/css" href="quoting_css.php">
</head>
<body>
<div id="container_billboard">
<div id="wrapper">
<h3>Here are the awesome quotes!</h3>
<?php
foreach ($quote_data as $quote) {
?>
<div id="scroll">
<p>"<?php
echo $quote['content'];
?>
"</p>
<p id="p_tag" >- <?php
echo $quote['name'];
?>
at <?php
<?php
/**
* 版权声明: 该程序为 [DiscuzCMS!] 独立自主开发, 依法拥有该产品知识产权,所有代码版权归[DiscuzCMS!]所有, 程序内均为商业代码, 仅为购买者提供使用授权.
* 法律声明: 未经官方授权使用修改或者传播都是属于侵权和违法行为, 依法将追究一切相关法律责任.
* 官方网站: http://www.DiscuzCMS.com
**/
if (!defined('IN_ADMINCP')) {
exit('Admin Login');
}
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
global $gongqiu_config, $_lang;
require_once DISCUZ_ROOT . './source/plugin/gongqiu/include/config.inc.php';
require_once DISCUZ_ROOT . './source/plugin/gongqiu/include/function.class.php';
$mod = "admin_jubao";
$self_url = 'plugins&operation=config&identifier=gongqiu&pmod=' . $mod . "&do=" . $do;
$cp_url = 'action=' . $self_url;
if (!cloudaddons_getmd5("gongqiu.plugin")) {
/* cpmsg(lang('admincp_msg','cloudaddons_genuine_message'),'','error',array('addonid' => "gongqiu.plugin"));*/
}
if (isset($_GET['del'])) {
$jubao_id = intval($_GET['del']);
DB::delete('gongqiu_jubao', array('jubao_id' => $jubao_id));
}
$jubao_array = fetch_all('gongqiu_jubao', " ORDER BY jubao_time DESC");
$style = 'default';
include template("gongqiu:admin/admin_jubao");
function alinks()
{
global $message, $linksmessage, $prefix;
if (($_POST['submit'] == "Add Link" || $_POST['submit'] == "Edit Link") && $_POST['link'] != "" && $_POST['linkname'] != "") {
if ($_POST['submit'] == "Add Link") {
$query = "INSERT INTO " . $prefix . "links (id, link, name, descr, hits) VALUES (null, \"" . htmlentities($_POST['link']) . "\", \"" . encode($_POST['linkname']) . "\", \"" . encode($_POST['descr']) . "\", " . $_POST['cat'] . ")";
} else {
$query = "UPDATE " . $prefix . "links SET link=\"" . htmlentities($_POST['link']) . "\", name=\"" . encode($_POST['linkname']) . "\", descr=\"" . encode($_POST['descr']) . "\", hits=" . $_POST['cat'] . " WHERE id=" . $_POST['id'];
}
if (!dbquery($query)) {
die($linksmessage[132]);
}
unset($_GET['action']);
}
if ($_POST['linkcat'] == "Add Category" || $_POST['linkcat'] == "Edit Category") {
// add category - edit category
if ($_POST['linkcat'] == "Add Category") {
$query = "INSERT INTO " . $prefix . "linkscat (id, nome, descr) VALUES (null, '" . encode($_POST['name']) . "', '" . encode($_POST['descr']) . "')";
} else {
$query = "UPDATE " . $prefix . "linkscat SET nome=\"" . encode($_POST['name']) . "\", descr=\"" . encode($_POST['descr']) . "\" WHERE id=" . $_POST['id'];
}
if (!dbquery($query)) {
die($linksmessage[106]);
}
}
switch ($_GET['action']) {
case "delete":
dbquery("DELETE FROM " . $prefix . "links WHERE id=" . $_GET['id']);
unset($_GET['action']);
break;
case "deletec":
dbquery("DELETE FROM " . $prefix . "linkscat WHERE id=" . $_GET['id']);
unset($_GET['action']);
break;
case "editc":
$result = dbquery("SELECT * FROM " . $prefix . "linkscat WHERE id=" . $_GET['id']);
$row = fetch_array($result);
}
$out = "<h2>{$linksmessage['40']}</h2>\n<hr />\n<div align=\"center\">\n<h3>{$linksmessage['66']}</h3>\n";
$out .= "<form method=\"post\" action=\"\"><fieldset style=\"border: 0;\"><table>\n";
$out .= "<tr><td>{$linksmessage['50']}</td><td><input type=\"text\" name=\"name\"";
if ($_GET['action'] == "editc") {
$out .= " value=\"" . decode($row[1]) . "\"";
}
$out .= " /></td></tr>\n";
$out .= "<tr><td>{$linksmessage['67']}</td><td><input type=\"text\" name=\"descr\"";
if ($_GET['action'] == "editc") {
$out .= " value=\"" . decode($row[2]) . "\"";
}
$out .= " /></td></tr>\n<tr><td>";
if ($_GET['action'] == "editc") {
$out .= "<input type=\"hidden\" name=\"id\" value=" . $row[0] . " />";
}
$out .= "</td>\n<td>";
$out .= "<input type=\"hidden\" name=\"linkcat\" ";
if ($_GET['action'] == "editc") {
$out .= "value=\"Edit Category\"";
} else {
$out .= "value=\"Add Category\"";
}
$out .= " />\n";
$out .= "<input type=\"submit\" name=\"\" ";
if ($_GET['action'] == "editc") {
$out .= "value=\"{$linksmessage['54']}\"";
} else {
$out .= "value=\"{$linksmessage['53']}\"";
}
$out .= " />\n";
$out .= "</td></tr>\n</table></div>\n";
$result = dbquery("SELECT * FROM " . $prefix . "linkscat ORDER BY nome");
$out .= "<table cellspacing=\"5\">";
$GETarray = $_GET;
while ($row = fetch_array($result)) {
$out .= "<tr><td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?";
if ($_GET['do'] != "") {
$out .= "do=" . $_GET['do'] . "&";
}
$out .= "id=" . $row[0] . "&action=editc\"><img src=\"images/edit.png\" style=\"align: left; border: 0;\" ></a></td>\n";
$out .= "<td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?";
if ($_GET['do'] != "") {
$out .= "do=" . $_GET['do'] . "&";
}
$out .= "id=" . $row[0] . "&action=deletec\"><img src=\"images/editdelete.png\" style=\"align: left; border: 0;\" ></a></td>\n";
$out .= "<td>" . decode($row['nome']) . "</td><td>" . decode($row['descr']) . "</td>\n";
$out .= "<td>" . $row['id'] . "</td></tr>\n";
}
$out .= "</table>\n</form>\n";
if ($_GET['action'] == "edit") {
$row = fetch_array(dbquery("SELECT * FROM " . $prefix . "links WHERE id=" . $_GET['id']));
}
$out .= "<div align=\"center\"><h3>{$linksmessage['40']}</h3><form name=\"form1\" method=\"post\" action=\"\"><fieldset style=\"border: 0;\">\n<table>\n";
$out .= "<tr><td>{$linksmessage['68']}</td><td><input type=\"text\" name=\"linkname\"";
if ($_GET['action'] == "edit") {
$out .= " value=\"" . decode($row['name']) . "\"";
}
$out .= " /></td></tr>\n<tr><td>{$linksmessage['69']}</td><td><input type=\"text\" name=\"link\"";
if ($_GET['action'] == "edit") {
$out .= " value=\"" . $row['link'] . "\"";
}
$out .= " /></td></tr>\n";
$out .= "<tr><td valign=\"top\" >{$linksmessage['67']}</td><td><textarea name=\"descr\">";
if ($_GET['action'] == "edit") {
$out .= decode($row['descr']);
}
$out .= "</textarea></td></tr>\n";
$out .= "<tr><td>{$linksmessage['52']}</td><td align=\"right\"><select name=\"cat\" >\n";
$result = dbquery("SELECT * FROM " . $prefix . "linkscat");
$cats = fetch_all($result);
foreach ($cats as $cat) {
$out .= '<option value="' . $cat['id'] . '"';
if ($_GET['action'] == "edit" && $row[4] == $cat['id']) {
$out .= ' SELECTED';
}
$out .= '>' . decode($cat['nome']) . " </option>\n";
}
$out .= "</select></tr>\n<tr><td>";
if ($_GET['action'] == "edit") {
$out .= "<input type=\"hidden\" name=\"id\" value=\"" . $row[0] . "\" />";
}
$out .= "</td><td><input type=\"hidden\" name=\"submit\" ";
if ($_GET['action'] == "edit") {
$out .= "value=\"Edit Link\"";
} else {
$out .= "value=\"Add Link\"";
}
$out .= " />\n";
$out .= "<input type=\"submit\" name=\"aa\" ";
if ($_GET['action'] == "edit") {
$out .= "value=\"{$linksmessage['70']}\"";
} else {
$out .= "value=\"{$linksmessage['71']}\"";
}
$out .= " />\n";
$out .= "</td></tr></table></fieldset></form></div>\n";
$out .= "<table cellspacing=\"5\">";
$cat = 0;
$result = dbquery("SELECT * FROM " . $prefix . "links ORDER BY hits ASC, name ASC");
while ($row = fetch_array($result)) {
if ($row['hits'] != $cat) {
$cat = $row['hits'];
$cr = fetch_array(dbquery("SELECT * FROM " . $prefix . "linkscat WHERE id={$cat}"));
$out .= "<tr><td colspan=\"3\" align=\"center\"><h3>" . decode($cr['nome']) . "</h3></td></tr>\n";
}
$out .= "<tr><td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?";
if ($_GET['do'] != "") {
$out .= "do=" . $_GET['do'] . "&";
}
$out .= "id=" . $row[0] . "&action=edit\"><img src=\"images/edit.png\" style=\"align: left; border: 0;\" ></a></td>\n";
$out .= "<td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?";
if ($_GET['do'] != "") {
$out .= "do=" . $_GET['do'] . "&";
}
$out .= "id=" . $row[0] . "&action=delete\"><img src=\"images/editdelete.png\" style=\"align: left; border: 0;\" ></a></td>\n";
$out .= "<td>" . decode($row['name']) . "</td><td>" . $row['link'] . "</td></tr>\n";
}
$out .= "</table>\n";
return $out;
}
} elseif (!empty($has_apply)) {
$tips = $info_lang['ajax_inc_php_1'];
} else {
$tips = $info_lang['ajax_inc_php_2'];
}
include template("info:{$style}/done");
exit;
} elseif ($op == 'jubao') {
if (!$_G['uid']) {
showmessage($info_lang['login'], '', array(), array('login' => true));
}
$post_id = intval($_GET['post_id']);
$has_jubao = fetch_all('info_post_jubao', " WHERE post_id='{$post_id}'", 'jubao_id', 0);
$has_jubao = $has_jubao['jubao_id'];
if (empty($has_jubao)) {
$post = fetch_all('info_post', " WHERE post_id='{$post_id}'", "post_id,post_title", 0);
DB::insert("info_post_jubao", array('post_id' => $post['post_id'], 'post_title' => $post['post_title'], 'jubao_time' => time()));
}
$tips = $info_lang['ajax_inc_php_3'];
include template("info:{$style}/done");
exit;
} elseif ($op == 'changecity') {
$area_keys = array();
foreach ($area_array as $a) {
$area_keys[$a['area_key']] = $a['area_key'];
}
array_multisort($area_keys);
include template("info:changecity");
dexit();
}
include template("info:ajax");
}
if (isset($_GET['del'])) {
$del['cat_id'] = intval($_GET['del']);
DB::delete('house_cat', $del);
}
if (isset($_GET['edit'])) {
$edit = intval($_GET['edit']);
$edit_array = array();
$edit_array = fetch_all('house_cat', ' WHERE cat_id=' . $edit . ' ORDER BY cat_pid DESC,cat_sort ASC', '*', 0);
}
if (isset($_GET['edit_submit'])) {
$edit_array = array();
$edit_array = gpc('cat_');
DB::update('house_cat', $edit_array, array('cat_id' => $edit_array['cat_id']));
}
$cat_array = array();
$cat_array = fetch_all('house_cat', ' ORDER BY cat_pid ASC,cat_sort ASC');
foreach ($cat_array as $k => $v) {
if ($v['cat_pid'] == '0') {
$sum = fetch_all('house_cat', " WHERE cat_pid='{$v['cat_id']}' ", ' count(cat_id) as sum ', 0);
$cat_array[$k] = array_merge($cat_array[$k], $sum);
}
}
$cat_array_field .= "\$cat_array = " . arrayeval($cat_array) . ";\n";
writetocache('house_cat_array', $cat_array_field);
if (!cloudaddons_getmd5("house.plugin")) {
cpmsg(lang('admincp_msg', 'cloudaddons_genuine_message'), '', 'error', array('addonid' => "house.plugin"));
}
$pid_cat_array = array();
$pid_cat_array = fetch_all("house_cat", " WHERE cat_id='{$cat_pid}' ", "*", 0);
include template("house:admin/admin_cat");
</form>
</div>
<h2>Step 1: Choose your Name</h2>
<h5><b>Ajax now used--reload page to see your name appear</b></h5>
<h4>After you are clocked in, update again to bring up Clock out sheet. Thanks</h4>
<h5>(Will appear below)</h5>
<form action="process.php" method="post">
<input type="hidden" name="update_action" value="update">
<select name="id">
<?php
$query = "SELECT id, first_name, last_name FROM students";
$students = fetch_all($query);
foreach ($students as $student) {
$full_name = $student['first_name'] . " " . $student['last_name'];
echo "<option value = " . $student['id'] . ">" . $full_name . "</option>";
}
?>
<!-- key="id" value="foreach" -->
</select>
<input type="submit" value="Update">
</form>
</div><!-- end of top -->
<div id="bottom">
<?php
