<?php
if ($enablelogin) {
if (isset($_POST['lostpass'])) {
$database = new Database();
$sanitize = new Sanitize();
$settings = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='email'");
$email = $settings['value'];
if ($sanitize->for_db($_POST['email']) === $email) {
$passwordNew = md5(time());
$passwordHash = sha1("{$passwordNew}" . Config::DB_SALT . "");
$result = $database->query("UPDATE `settings` SET `value`='" . $passwordHash . "' WHERE `setting`='password' LIMIT 1");
if (!$result) {
$error[] = "Could not update the password. " . mysqli_error() . "";
} else {
$message = "Your EasyTCG password has been reset! \n\nNew Password: {$passwordNew}";
$headers = "From: EasyTCG";
if (!mail($email, 'EasyTCG - Password Reset', $message, $headers)) {
$error[] = "Could not send the email.";
} else {
$success[] = "Your password has been reset! The new password has been sent to your email address.";
}
}
} else {
$error[] = "Wrong email address!";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
}
$result = $database->query("UPDATE `cards` SET `category`='{$category}', `cards`='{$cards}', `worth`='{$worth}', `auto`='{$auto}', `autourl`='{$autourl}', `format`='{$format}', `priority`='{$priority}' WHERE `id`='{$catid}' LIMIT 1");
if (!$result) {
$error[] = "Could not update the category. " . mysqli_error() . "";
} else {
$success[] = "Category <em>{$category}</em> was updated successfully!";
}
}
}
}
}
}
}
if (isset($_POST['newcat'])) {
$sanitize = new Sanitize();
$category = $sanitize->for_db($_POST['category']);
$worth = intval($_POST['worth']);
$auto = intval($_POST['auto']);
$autourl = $sanitize->for_db($_POST['autourl']);
if ($autourl != 'default' && $autourl != '' && substr($autourl, -1) != '/') {
$autourl = "{$autourl}/";
}
if ($autourl == '') {
$autourl = 'default';
}
if ($worth === '') {
$worth = 1;
}
$exists = $database->num_rows("SELECT `category` FROM `cards` WHERE `tcg`='{$id}' AND `category`='{$category}'");
if ($category == '' || $category == 'category name') {
$error[] = "The category name must be defined.";
function sanitize(&$value)
{
$sanitize = new Sanitize();
$value = trim($value);
$value = $sanitize->for_db($value);
}
function show_mastered($tcg, $worth = '', $deckname = '')
{
$database = new Database();
$sanitize = new Sanitize();
$tcg = $sanitize->for_db($tcg);
$tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `name`='{$tcg}' LIMIT 1");
$tcgid = $tcginfo['id'];
$cardsurl = $tcginfo['cardsurl'];
$format = $tcginfo['format'];
if ($worth !== '') {
$worth = intval($worth);
}
if ($deckname !== '') {
$deckname = $sanitize->for_db($deckname);
}
if ($worth !== '') {
$result = $database->query("SELECT * FROM `collecting` WHERE `tcg` = '{$tcgid}' AND `mastered` = '1' AND `worth` = '{$worth}' ORDER BY `mastereddate`");
} else {
if ($deckname !== '') {
$result = $database->query("SELECT * FROM `collecting` WHERE `tcg` = '{$tcgid}' AND `mastered` = '1' AND `deck` = '{$deckname}' ORDER BY `mastereddate`");
} else {
$result = $database->query("SELECT * FROM `collecting` WHERE `tcg` = '{$tcgid}' AND `mastered` = '1' ORDER BY `mastereddate`");
}
}
while ($row = mysqli_fetch_assoc($result)) {
$mastered = date('F d, Y', strtotime($row['mastereddate']));
if ($row['badge'] !== '') {
echo '<img src="' . $tcginfo['cardsurl'] . '' . $row['badge'] . '" alt="" title="Mastered ' . $mastered . '" /> ';
} else {
echo '' . $row['deck'] . ' ';
}
}
}
<?php
define('VALID_INC', TRUE);
include 'class_lib.php';
if (isset($_POST['install'])) {
$database = new Database();
$database->connect();
$sanitize = new Sanitize();
$username = $sanitize->for_db($_POST['username']);
$password = $sanitize->for_db($_POST['password']);
$password2 = $sanitize->for_db($_POST['password2']);
$email = $sanitize->for_db($_POST['email']);
$url = $sanitize->for_db($_POST['url']);
$emailmessage = $sanitize->for_db($_POST['emailmessage']);
$hiatustrading = intval($_POST['hiatustrading']);
$inactivetrading = intval($_POST['inactivetrading']);
$etcgurl = $sanitize->for_db($_POST['etcgurl']);
$dateformat = $sanitize->for_db($_POST['dateformat']);
$dateheaderformat = $sanitize->for_db($_POST['dateheaderformat']);
if (substr($etcgurl, -1) != '/') {
$etcgurl = "{$etcgurl}/";
}
if ($username === '') {
$error[] = "Your username can't be left blank.";
}
if (!preg_match('/^[a-zA-Z0-9]{3,15}$/i', $username)) {
$error[] = "Your username must consist of 3-15 alphanumeric characters.";
}
if ($password === '') {
$error[] = "You must select a password.";
}
<?php
include 'header.php';
if (isset($_POST['submit'])) {
$sanitize = new Sanitize();
$database = new Database();
$name = $sanitize->for_db($_POST['name']);
$url = $sanitize->for_db($_POST['url']);
$cardsurl = $sanitize->for_db($_POST['cardsurl']);
$cardspath = $sanitize->for_db($_POST['cardspath']);
$defaultauto = $sanitize->for_db($_POST['defaultauto']);
$autoupload = intval($sanitize->for_db($_POST['autoupload']));
$status = $sanitize->for_db($_POST['status']);
$format = $sanitize->for_db($_POST['format']);
$additional = $sanitize->for_db($_POST['additional']);
$exists = $database->num_rows("SELECT * FROM `tcgs` WHERE `name`='{$name}'");
if (substr($cardsurl, -1) != '/') {
$cardsurl = "{$cardsurl}/";
}
if (substr($cardspath, -1) != '/') {
$cardspath = "{$cardspath}/";
}
if (substr($defaultauto, -1) != '/') {
$defaultauto = "{$defaultauto}/";
}
if ($name == '') {
$error[] = "The name field can't be left blank.";
} else {
if ($exists != 0) {
$error[] = "A TCG already exists with this name.";
} else {
$error[] = "Failed to update the collecting deck. " . mysqli_error() . "";
} else {
$success[] = "The deck has been updated{$success2}!";
}
}
}
}
}
}
}
}
}
}
if (isset($_POST['newcat'])) {
$sanitize = new Sanitize();
$deck = $sanitize->for_db($_POST['deck']);
$cards = $sanitize->for_db($_POST['cards']);
$findcards = intval($_POST['findcards']);
$worth = intval($_POST['worth']);
$count = intval($_POST['count']);
$break = intval($_POST['break']);
$filler = $sanitize->for_db($_POST['filler']);
$pending = $sanitize->for_db($_POST['pending']);
$puzzle = intval($_POST['puzzle']);
$auto = intval($_POST['auto']);
$autourl = $sanitize->for_db($_POST['autourl']);
$format = $sanitize->for_db($_POST['format']);
if ($format == '') {
$format = 'default';
}
if ($autourl == '') {
}
?>
</div>
<?php
} else {
if ($_GET['id'] != '' && $_GET['action'] !== 'deletetcg') {
$id = intval($_GET['id']);
$database = new Database();
if ($database->num_rows("SELECT * FROM `tcgs` WHERE `id`='{$id}'") == 0) {
echo "This TCG does not exist.";
} else {
if (isset($_POST['submit'])) {
$sanitize = new Sanitize();
$name = $sanitize->for_db($_POST['name']);
$url = $sanitize->for_db($_POST['url']);
$cardsurl = $sanitize->for_db($_POST['cardsurl']);
$cardspath = $sanitize->for_db($_POST['cardspath']);
$defaultauto = $sanitize->for_db($_POST['defaultauto']);
$autoupload = intval($sanitize->for_db($_POST['autoupload']));
$status = $sanitize->for_db($_POST['status']);
$format = $sanitize->for_db($_POST['format']);
$lastupdated = $sanitize->for_db($_POST['lastupdated']);
$exists = $database->num_rows("SELECT * FROM `tcgs` WHERE `name`='{$name}' AND `id`!='{$id}'");
if (substr($cardsurl, -1) != '/') {
$cardsurl = "{$cardsurl}/";
}
if (substr($cardspath, -1) != '/') {
$cardspath = "{$cardspath}/";
}
if ($logtype == 'activityarch') {
$result = $database->query("UPDATE `tcgs` SET `activitylogarch`='{$log}' WHERE `id`='{$id}'");
}
if ($logtype == 'tradearch') {
$result = $database->query("UPDATE `tcgs` SET `tradelogarch`='{$log}' WHERE `id`='{$id}'");
}
if (!$result) {
$error[] = "Could not update the log. " . mysqli_error() . "";
} else {
$success[] = "The log has been updated successfully.";
}
}
}
if (isset($_POST['archive'])) {
$sanitize = new Sanitize();
$logtype = $sanitize->for_db($_POST['logtype']);
$log = $sanitize->for_db($_POST['log']);
if ($logtype == 'activity' || $logtype == 'trade') {
$result = $database->query("UPDATE `tcgs` SET `" . $logtype . "log`='' WHERE `id`='{$id}'");
if (!$result) {
$error[] = "Could not truncate the log. " . mysqli_error() . "";
} else {
$curarch = $database->get_assoc("SELECT `" . $logtype . "logarch` FROM `tcgs` WHERE `id`='{$id}' LIMIT 1");
$curarch = $curarch["{$logtype}" . "logarch"];
$newlog = "{$log}\n\n{$curarch}";
$result = $database->query("UPDATE `tcgs` SET `" . $logtype . "logarch`='{$newlog}' WHERE `id`='{$id}'");
if (!$result) {
$error[] = "Could not update the log archives. " . mysqli_error() . "";
} else {
$success[] = "The log has been updated successfully.";
}
function validate()
{
$sanitize = new Sanitize();
$database = new Database();
$database->connect();
if ($_SESSION['logged_in'] != true && isset($_COOKIE['easyTCGFM_un']) && isset($_COOKIE['easyTCGFM_pw'])) {
$username = $sanitize->for_db($_COOKIE['easyTCGFM_un']);
$password = $sanitize->for_db($_COOKIE['easyTCGFM_pw']);
$database = new Database();
$unexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'username' AND `value` = '{$username}'");
$pwexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'password' AND `value` = '{$password}'");
if ($unexists == 1 && $pwexists == 1) {
$this->start($username, $password, 3);
return true;
} else {
return false;
}
} else {
if ($_SESSION['logged_in'] == true) {
$username = $_SESSION['username'];
$password = $_SESSION['password'];
$database = new Database();
$unexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'username' AND `value` = '{$username}'");
$pwexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'password' AND `value` = '{$password}'");
if ($unexists == 1 && $pwexists == 1) {
return true;
} else {
$this->close();
return false;
}
} else {
return false;
}
}
}
<?php
define('VALID_INC', TRUE);
include_once 'func.php';
if (isset($_POST['tradesubmit'])) {
$database = new Database();
$sanitize = new Sanitize();
$name = $sanitize->for_db($_POST['name']);
$email = $sanitize->for_db($_POST['email']);
$website = $sanitize->for_db($_POST['website']);
$tcg = intval($_POST['tcg']);
$wants = $sanitize->for_db($_POST['wants']);
$offer = $sanitize->for_db($_POST['offer']);
$comments = $sanitize->for_db($_POST['comments']);
$validcards = true;
$wants = explode(',', $wants);
foreach ($wants as $card) {
if (!preg_match("/[a-z0-9_-]/i", $card)) {
$validcards = false;
}
}
$offer = explode(',', $offer);
foreach ($offer as $card) {
if (!preg_match("/[a-z0-9_-]/i", $card)) {
$validcards = false;
}
}
array_walk($wants, 'trim_value');
array_walk($offer, 'trim_value');
if ($validcards === true) {
foreach ($wants as $givingcard) {
<?php
include 'header.php';
$database = new Database();
function trim_value(&$value)
{
$value = trim($value);
}
if (isset($_POST['newtrade'])) {
$sanitize = new Sanitize();
$tcgid = intval($_POST['tcg']);
$trader = $sanitize->for_db($_POST['trader']);
$email = $sanitize->for_db($_POST['email']);
$giving = $sanitize->for_db($_POST['giving']);
$receiving = $sanitize->for_db($_POST['receiving']);
$type = $sanitize->for_db($_POST['type']);
$grab = intval($_POST['grab']);
$exists = $database->num_rows("SELECT `id` FROM `tcgs` WHERE `id`='{$tcgid}'");
if ($exists != 1) {
$error[] = "The TCG does not exist.";
}
if ($trader === '') {
$error[] = "The trader field can't be left blank.";
}
if ($email !== '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error[] = "Invalid email address.";
}
if ($type != 'outgoing' && $type != 'incoming') {
$error[] = "Invalid trade type.";
}
if (!isset($error)) {
