function get_timestamp(&$tpl_name, &$tpl_timestamp, &$smarty_obj)
 {
     $sql = new SQL_Generator();
     $sql->select(array(array('news_entries', 'news_entry_id'), array('news_entries', 'lastmodified')));
     $sql->where(array('news_entries', 'news_entry_id', $tpl_name));
     $db_result = $sql->execute();
     if (mysql_num_rows($db_result)) {
         $db_row = mysql_fetch_array($db_result, MYSQL_ASSOC);
         $tpl_timestamp = $db_row['lastmodified'];
         return true;
     } else {
         return false;
     }
 }
function export()
{
    header('Content-Type: text/plain');
    if (empty($_REQUEST['request']) || $_REQUEST['request'] != 'round' && empty($_REQUEST['round_id'])) {
        exit('Empty query');
    }
    $request = request_variable('request');
    $round_id = abs((int) request_variable('round_id'));
    if (!in_array($request, array('kingdom', 'player', 'round'))) {
        exit('Invalid request: round, kingdom, or player');
    }
    if ($request != 'round' && empty($round_id)) {
        exit('Invalid round id');
    }
    $sql = new SQL_Generator();
    if ($request == 'round') {
        $sql->select(array(array('rounds', 'round_id'), array('rounds', 'name'), array('rounds', 'starttime'), array('rounds', 'stoptime')));
        $sql->where(array('rounds', 'public', 1));
    } else {
        $sql->select(array($request . 's', $request . '_id'));
        if ($request == 'player') {
            $sql->select(array($request . 's', 'kingdom_id'));
        }
        $sql->select(array(array($request . 's', 'name'), array($request . 's', 'score'), array($request . 's', 'score_peak')));
        $sql->where(array($request . 's', 'round_id', $round_id));
    }
    $sql->orderby(array($request . 's', $request . '_id', 'asc'));
    $db_result = $sql->execute();
    while ($db_row = mysql_fetch_array($db_result, MYSQL_ASSOC)) {
        $output = implode(',', $db_row) . ",\n";
        if (substr_count($output, ',') > count($db_row)) {
            $output = '';
            $multiple = false;
            foreach ($db_row as $value) {
                if ($multiple) {
                    $output .= ',';
                } else {
                    $multiple = true;
                }
                $output .= str_replace(',', '', $value);
            }
            $output .= ",\n";
        }
        echo $output;
    }
    exit;
}
function permissions_check($type, $id, $actions = array(), $handle = true)
{
    $sql = new SQL_Generator();
    // players permissions: allow for everything
    // planets permissions disallow/allow for planet
    // owner = only if they own it
    // grant = sudo for everything
    // research, build, commission, military = specific grant
    $acceptable_actions = array('research', 'build', 'commission', 'military');
    if (empty($actions)) {
        $actions = $acceptable_actions;
        $handle = false;
    }
    if ($type < 1 || $type > 3) {
        error(__FILE__, __LINE__, 'PERMISSIONS_INVALID', 'Invalid permissions check.');
    }
    if (!is_array($actions)) {
        $actions = array($actions);
    }
    if (empty($id)) {
        error(__FILE__, __LINE__, 'PERMISSIONS_INVALID_ID', 'Invalid permissions id specified.');
    }
    $tables = array(PERMISSION_PLANET => 'planet', PERMISSION_ARMY => 'armygroup', PERMISSION_NAVY => 'navygroup');
    $table = $tables[$type];
    $sql->select(array(array($table . 's', 'kingdom_id'), array($table . 's', 'player_id')));
    $sql->where(array(array($table . 's', $table . '_id', $id), array('players', 'player_id', $_SESSION['player_id'])));
    $sql->limit(1);
    $db_query = $sql->generate();
    $db_result = mysql_query($db_query);
    $check = mysql_fetch_array($db_result, MYSQL_ASSOC);
    $grant = false;
    $level = 0;
    while (in_array('grant', $actions)) {
        unset($actions[array_search('grant', $actions)]);
        $actions = $acceptable_actions;
    }
    // check if they're in the same kingdom.
    if ($_SESSION['kingdom_id'] == $check['kingdom_id']) {
        // check if they're the owner. Overrides all permissions.
        if ($_SESSION['player_id'] == $check['player_id']) {
            $grant = true;
            $return['owner'] = true;
            foreach ($actions as $action) {
                $return[$action] = true;
            }
        } else {
            $return['owner'] = false;
            while (in_array('owner', $actions)) {
                unset($actions[array_search('owner', $actions)]);
            }
            if (count($actions) > 0) {
                $db_query = "SELECT * FROM `permissions` WHERE `player_id` = '" . $_SESSION['player_id'] . "' AND ((`type` = '" . $type . "' AND `id` = '" . $id . "') OR `type` = '0') ORDER BY `type` DESC LIMIT 1";
                //					 $db_query = $sql->generate();
                $db_result = mysql_query($db_query);
                $check = mysql_fetch_array($db_result, MYSQL_ASSOC);
                foreach ($actions as $level => $action) {
                    if (in_array($action, $acceptable_actions) && $check[$action] == 1) {
                        $grant = true;
                        $return[$action] = true;
                    } else {
                        $return[$action] = false;
                    }
                }
            }
        }
    } else {
        $return['owner'] = false;
        foreach ($actions as $action) {
            $return[$action] = false;
        }
    }
    if ($handle) {
        if (!$grant) {
            global $smarty;
            $smarty->append('status', 'You do not have permission to access that.');
            $smarty->display('error.tpl');
            exit;
        } elseif ($grant && !$return[$actions[0]]) {
            $pages = array('research' => 'research.php', 'build' => 'buildings.php', 'commission' => 'units.php', 'military' => 'military.php');
            redirect($pages[$action]);
        }
    }
    $return['grant'] = $grant;
    return $return;
}
<?php

$password = '******';
if (empty($_REQUEST['password']) || $_REQUEST['password'] !== $password) {
    echo '<form method="post" action="' . basename(__FILE__) . '">' . "\n";
    echo '<input type="password" name="password" /><br />' . "\n";
    echo '<input type="submit" />' . "\n";
    echo '</form>' . "\n";
    exit;
}
define('IK_AUTHORIZED', true);
require_once dirname(__FILE__) . '/constants.php';
require_once dirname(__FILE__) . '/functions.php';
require_once dirname(dirname(dirname(dirname(__FILE__)))) . '/includes/sql_generator.php';
$sql = new SQL_Generator();
@($db_link = @mysql_connect('localhost', 'zimzatik', 'your-database-password-here')) or die('Could not connect to database server.');
@mysql_select_db(DATABASE) or die('Could not select database.');
$dir = dir(dirname(__FILE__) . '/cleaners/');
while (($entry = $dir->read()) !== false) {
    if ($entry === '.' || $entry === '..' || $entry[0] === '.' || substr($entry, -4) !== '.php') {
        continue;
    }
    $functions[] = substr($entry, 0, -4);
}
$round_select = '';
$db_query = "\n\t\tSELECT \n\t\t\t`round_id`, \n\t\t\t`name` \n\t\tFROM `rounds` \n\t\tORDER BY `round_id` DESC";
$db_result = mysql_query($db_query);
while ($db_row = mysql_fetch_array($db_result, MYSQL_ASSOC)) {
    $rounds[$db_row['round_id']] = $db_row['name'];
    $round_select .= '<option value="' . $db_row['round_id'] . '">' . $db_row['name'] . '</option>' . "\n";
}
<?php

if (empty($_GET['password']) || $_GET['password'] != 'testing-admin-password-here') {
    exit;
}
define('IK_AUTHORIZED', true);
require_once dirname(dirname(__FILE__)) . '/includes/init.php';
include_once dirname(dirname(__FILE__)) . '/includes/sql_generator.php';
$sql = new SQL_Generator();
if (empty($_REQUEST['pass']) || $_REQUEST['pass'] != 'deathabounds') {
    exit;
}
$subject = 'Imperial Kingdoms: 2x Rapid Rounds Saturday (2006-05-13)';
$message = wordwrap("Dear Imperial Kingdoms Players:\n\nI apologize for the lack of any rounds or development over the last few weeks. I have been busy applying for the Google Summer of Code and getting involved in the project I applied for. They won't have a response if I've been chosen to do a project until the 23rd so I'll be doing some development in the mean time.\n\nNEW ROUNDS!\nWe'll be running two rapid rounds Saturday. One will be before and one after noon CST. This will allow our players from different time zones to get a chance to play, and the hard core players who have the time can get double the dosage. Please see the front page for specific times.\nhttp://www.imperialkingdoms.com/\n\nThe rounds will have a couple of feature improvements. The unit creation speed and resource cost formula has been improved with a larger base time but smaller increments and max time (by a lot). They will also have a modified combat formula that caps the effect of rate of fire related to kills and area damage.\n\nSunday we're also looking at the start of a month long round. A week or two after that, depending on how things go, we may also be looking at a two month long round.\n\n--\n\nYou have received this email because you are a registered user of Imperial Kingdoms. These emails are sent to notify you of important notices, rounds, and milestones. If you do not wish to receive these emails anymore please reply to this email asking to be unsubscribed from notifications.", 70);
//	 $message = wordwrap("Imperial Kingdoms is proud to announce a new long-term round has started. This round will run for 160 days at a slightly slow speed as last round. New features, including a rewritten combat system and the ability to see and change your building queues, are introduced in this round, including many other bug fixes. To join the game, head to http://www.imperialkingdoms.com/\n\nA rapid round is also being scheduled later this weekend.\n\n--\n\nYou have received this email because you are a registered user of Imperial Kingdoms. These emails are sent to notify you of important notices, rounds, and milestones. If you do not wish to receive these emails anymore please reply to this email saying so.", 70);
$headers = 'MIME-Version: 1.0' . "\r\n" . 'X-Sender-IP: ' . $_SERVER['REMOTE_ADDR'] . "\r\n" . 'From: Imperial Kingdoms <*****@*****.**>' . "\r\n" . 'Reply-To: Imperial Kingdoms <*****@*****.**>' . "\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n";
$emails = array('*****@*****.**', '*****@*****.**', '*****@*****.**');
$sql->property('distinct');
$sql->select(array('users', 'email'));
//	 $sql->where(array('users', 'user_id', 1));
$db_results = $sql->execute();
while ($db_row = mysql_fetch_array($db_results, MYSQL_ASSOC)) {
    if (in_array($db_row['email'], $emails)) {
        continue;
    }
    $to = $db_row['email'];
    echo '<p>Sending to ' . $to . ' ... ';
    $result = mail($to, $subject, $message, $headers);
    if ($result == true) {
        $result = 'Sent';
    } else {