create_error_offline('You do not have permission to do that!'); } $container = create_container('skeleton.php', 'album_moderate.php'); $container['account_id'] = $album_id; forward($container); exit; } $db = new SmrMySqlDatabase(); if (!isset($_GET['comment']) || empty($_GET['comment'])) { create_error_offline('Please enter a comment.'); } else { $comment = $_GET['comment']; } // get current time $curr_time = TIME; $comment = word_filter($comment); $account->sendMessageToBox(BOX_ALBUM_COMMENTS, $comment); // check if we have comments for this album already $db->lockTable('album_has_comments'); $db->query('SELECT MAX(comment_id) FROM album_has_comments WHERE album_id = ' . $db->escapeNumber($album_id)); if ($db->nextRecord()) { $comment_id = $db->getField('MAX(comment_id)') + 1; } else { $comment_id = 1; } $db->query('INSERT INTO album_has_comments (album_id, comment_id, time, post_id, msg) VALUES (' . $db->escapeNumber($album_id) . ', ' . $db->escapeNumber($comment_id) . ', ' . $db->escapeNumber($curr_time) . ', ' . $db->escapeNumber($account->getAccountID()) . ', ' . $db->escapeString($comment) . ')'); $db->unlock(); header('Location: ' . URL . '/album/?' . get_album_nick($album_id)); exit;
<?php if (empty($_REQUEST['comment'])) { create_error('We need a comment to add!'); } // add this feature comment $db->query('INSERT INTO feature_request_comments (feature_request_id, poster_id, posting_time, anonymous, text) VALUES(' . $db->escapeNumber($var['RequestID']) . ', ' . $db->escapeNumber(SmrSession::$account_id) . ',' . $db->escapeNumber(TIME) . ',' . $db->escapeBoolean(isset($_REQUEST['anon'])) . ',' . $db->escapeString(word_filter($_REQUEST['comment'])) . ')'); $container = $var; $container['url'] = 'skeleton.php'; $container['body'] = 'feature_request_comments.php'; forward($container);
<?php if (empty($_REQUEST['feature'])) { create_error('We need at least a feature desciption!'); } if (strlen($_REQUEST['feature']) > 500) { create_error('Feature request longer than 500 characters, please be more concise!'); } // add this feature to db $db->query('INSERT INTO feature_request (feature_request_id) VALUES (NULL)'); $featureRequestID = $db->getInsertID(); $db->query('INSERT INTO feature_request_comments (feature_request_id, poster_id, posting_time, anonymous, text) ' . 'VALUES(' . $db->escapeNumber($featureRequestID) . ', ' . $db->escapeNumber(SmrSession::$account_id) . ',' . $db->escapeNumber(TIME) . ',' . $db->escapeBoolean(isset($_REQUEST['anon'])) . ',' . $db->escapeString(word_filter($_REQUEST['feature'])) . ')'); // vote for this feature $db->query('INSERT INTO account_votes_for_feature VALUES(' . $db->escapeNumber(SmrSession::$account_id) . ', ' . $db->escapeNumber($featureRequestID) . ',\'YES\')'); forward(create_container('skeleton.php', 'feature_request.php'));
if ($name != $filteredName) { create_error('The alliance name contains one or more filtered words, please reconsider the name.'); } // check if the alliance name already exist $db->query('SELECT 1 FROM alliance WHERE alliance_name = ' . $db->escapeString($name) . ' AND game_id = ' . $db->escapeNumber($player->getGameID()) . ' LIMIT 1'); if ($db->getNumRows() > 0) { create_error('That alliance name already exists!'); } // get the next alliance id $db->query('SELECT max(alliance_id) FROM alliance WHERE game_id = ' . $db->escapeNumber($player->getGameID()) . ' AND (alliance_id < 302 OR alliance_id > 309) LIMIT 1'); $db->nextRecord(); $alliance_id = $db->getInt('max(alliance_id)') + 1; if ($alliance_id >= 302 && $alliance_id <= 309) { $alliance_id = 310; } $description = word_filter($description); $player->sendMessageToBox(BOX_ALLIANCE_DESCRIPTIONS, 'Alliance ' . $name . '(' . $alliance_id . ') had their description changed to:' . EOL . EOL . $description); // actually create the alliance here $db->query('INSERT INTO alliance (alliance_id, game_id, alliance_name, alliance_description, alliance_password, leader_id, recruiting) VALUES(' . $db->escapeNumber($alliance_id) . ', ' . $db->escapeNumber($player->getGameID()) . ', ' . $db->escapeString($name) . ', ' . $db->escapeString($description) . ', ' . $db->escapeString($password) . ', ' . $db->escapeNumber($player->getAccountID()) . ', ' . $db->escapeBoolean($recruit) . ')'); // assign the player to the current alliance $player->setAllianceID($alliance_id); $player->update(); $withPerDay = ALLIANCE_BANK_UNLIMITED; $removeMember = TRUE; $changePass = TRUE; $changeMOD = TRUE; $changeRoles = TRUE; $planetAccess = TRUE; $exemptWith = TRUE; $mbMessages = TRUE;