public function HandlePage()
 {
     $action = "";
     if ($GLOBALS['EnableSEOUrls'] == 1 and count($GLOBALS['PathInfo']) > 0) {
         if (isset($GLOBALS['PathInfo'][1])) {
             $_REQUEST['action'] = $GLOBALS['PathInfo'][1];
         } else {
             $_REQUEST['action'] = $GLOBALS['PathInfo'][0];
         }
     }
     if (isset($_REQUEST['action'])) {
         $action = isc_strtolower($_REQUEST['action']);
     }
     // Don't allow any access to this file if gift certificates aren't enabled
     if (GetConfig('EnableGiftCertificates') == 0) {
         ob_end_clean();
         header("Location: " . $GLOBALS['ShopPath']);
         die;
     }
     if (!gzte11(ISC_LARGEPRINT)) {
         ob_end_clean();
         header("Location: " . $GLOBALS['ShopPath']);
         die;
     }
     CheckReferrer();
     // checking and assigning the back to search link
     switch ($action) {
         case "do_purchase":
             if ($_SERVER['REQUEST_METHOD'] == "POST") {
                 $this->DoPurchaseGiftCertificate();
                 break;
             } else {
                 $this->PurchaseGiftCertificate();
             }
         case "balance":
             $this->CheckGiftCertificateBalance();
             break;
         case "preview":
             $this->PreviewGiftCertificate();
             break;
         case "redeem":
             $this->RedeemGiftCertificate();
             break;
         default:
             $this->PurchaseGiftCertificate();
     }
 }
Пример #2
0
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
include '../inc/inc_commonqueries.php';
$db_prefix = DB_PREFIX;
$eventinfo = getEventDetails($_GET['EventID'], 0, 'admin.php');
$eventid = $eventinfo['evEventID'];
$key = CRYPT_KEY;
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_bunks.php')) {
    $sql_clearbunks = "UPDATE {$db_prefix}bookings SET bkBunkAllocated = 0 where bkEventID = {$eventid}";
    ba_db_query($link, $sql_clearbunks);
    foreach ($_POST as $key => $value) {
        if (substr($key, 0, 8) == "hBooking") {
            $bunk = (int) $_POST["chkPl{$value}"];
            if ($bunk > 0) {
                $bunk = 1;
            } else {
                $bunk = 0;
            }
            $iBookingID = (int) $value;
            if ($bunk) {
                $sql_update = "UPDATE {$db_prefix}bookings SET bkBunkAllocated = 1, bkBunkRequested = 1 WHERE bkID = " . $iBookingID;
                //echo $sql_update."<br />";
                ba_db_query($link, $sql_update);
Пример #3
0
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
include '../inc/inc_commonqueries.php';
$db_prefix = DB_PREFIX;
$key = CRYPT_KEY;
$eventinfo = getEventDetails($_GET['EventID'], 0, 'admin.php');
$eventid = $eventinfo['evEventID'];
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_marshal.php')) {
    foreach ($_POST as $key => $value) {
        if (substr($key, 0, 7) == "hPlayer") {
            $iPlayerID = (int) $value;
            $refnumber = (int) $_POST["txtRefNumber{$value}"];
            $marshal = stripslashes($_POST["cboMarshal{$value}"]);
            $sql_update = "UPDATE {$db_prefix}players SET plRefNumber = {$refnumber}, plMarshal = '{$marshal}' WHERE plPlayerID = " . $iPlayerID;
            ba_db_query($link, $sql_update);
        }
    }
}
//Get list of players that have confirmed their booking
$sql = "SELECT bkPlayerID, " . "plFirstName, " . "plSurname, " . "bkBookAs, " . "plMarshal, " . "plRefNumber " . "FROM {$db_prefix}players, {$db_prefix}bookings " . "WHERE plPlayerID = bkPlayerID and bkEventID = {$eventid}";
$result = ba_db_query($link, $sql);
?>
<script src="../inc/sorttable.js" type="text/javascript"></script>
Пример #4
0
This page will update an existing Bitsand database (from Bitsand v7.x) to work with the latest version of Bitsand (version 8.0). It will report progress as it goes. Note that, in order for this to work, the user defined in the configuration file must have permission to CREATE, ALTER and DROP tables in the specified database. To use it, enter the value of CRYPT_KEY from the configuration file and click &quot;Update&quot;.
</p>
<p>
<strong>This should NOT be run if you are in the middle of an event, it will do strange things to existing bookings, and possibly break everything</strong>
</p>

<form action = "update_db.php" method = "post">
<p>
Value of CRYPT_KEY in configuration file: <input name = "txtKey" type = "password"><br>
<input type = "submit" value = "Update" name = "btnSubmit">
</p>
</form>

<p>
<?php 
if ($_POST['btnSubmit'] != '' && $_POST['txtKey'] == CRYPT_KEY && CheckReferrer('update_db.php')) {
    $db_prefix = DB_PREFIX;
    echo "Updating General Knowledge OSP (bug fix for issue 217)<br />\n";
    if (ba_db_query($link, "UPDATE {$dbprefix}osps SET ospAllowAdditionalText = 1 WHERE ospID = 76") === False) {
        echo "<span class = 'sans-warn'>Error updating General Knowledge OSP<br />\n";
    }
    echo "Adding new OSPs (see issue 234 for list)<br />\n";
    if (ba_db_query($link, "INSERT INTO {$dbprefix}osps (ospName, ospShortName) VALUES ('+1 Bonus PR', '+1 Bonus PR')") === False) {
        echo "<span class = 'sans-warn'>Error adding OSP<br />\n";
    }
    if (ba_db_query($link, "INSERT INTO {$dbprefix}osps (ospName, ospShortName) VALUES ('+1 Magical Armour', '+1 Mag Armr')") === False) {
        echo "<span class = 'sans-warn'>Error adding OSP<br />\n";
    }
    if (ba_db_query($link, "INSERT INTO {$dbprefix}osps (ospName, ospShortName) VALUES ('+1 Natural Armour', '+1 Nat Armr')") === False) {
        echo "<span class = 'sans-warn'>Error adding OSP<br />\n";
    }
Пример #5
0
 | version.
 |
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
require '../inc/inc_admin.php';
require '../inc/inc_root.php';
include '../inc/inc_head_html.php';
$sWarn = '';
if ($_POST['btnDelete'] != '' && CheckReferrer('root_emptybookings.php')) {
    if ($_POST['txtConfirm'] == 'CONFIRM') {
        //Remove all records from bookings table
        $sql = "DELETE FROM " . DB_PREFIX . "bookings";
        ba_db_query($link, $sql);
        //Set "Bunk Requested" and "Bunk Assigned" to False
        $sql = "UPDATE " . DB_PREFIX . "players SET plBunkRequested = 0, plBunkAssigned = 0";
        ba_db_query($link, $sql);
        $sWarn = "All bookings deleted";
    } else {
        $sWarn = "CONFIRM was not entered correctly in the text box. It must be all upper case.";
    }
}
?>

<script type="text/javascript">
Пример #6
0
 |
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
include '../inc/inc_forms.php';
include '../inc/inc_commonqueries.php';
$eventid = (int) htmlentities(stripslashes($_GET['EventID']));
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_editeventdetails.php')) {
    //print_r($_POST);
    echo "<br/>";
    if ($eventid > 0) {
        //Update
        $updatequery = "UPDATE {$db_prefix}events set ";
        $updatequery .= "evEventName = '" . ba_db_real_escape_string($link, $_POST['txtEventName']) . "', ";
        $updatequery .= "evEventDetails = '" . ba_db_real_escape_string($link, $_POST['txtEventDetails']) . "', ";
        $updatequery .= "evEventDescription = '" . ba_db_real_escape_string($link, $_POST['txtEventDescription']) . "', ";
        $updatequery .= "evPlayerSpaces = '" . (int) ba_db_real_escape_string($link, $_POST['txtPlayerSpaces']) . "', ";
        $updatequery .= "evMonsterSpaces = '" . (int) ba_db_real_escape_string($link, $_POST['txtMonsterSpaces']) . "', ";
        $updatequery .= "evStaffSpaces = '" . (int) ba_db_real_escape_string($link, $_POST['txtStaffSpaces']) . "', ";
        $updatequery .= "evTotalSpaces = '" . (int) ba_db_real_escape_string($link, $_POST['txtTotalSpaces']) . "', ";
        $updatequery .= "evPlayerBunks = '" . (int) ba_db_real_escape_string($link, $_POST['txtPlayerBunks']) . "', ";
        $updatequery .= "evMonsterBunks = '" . (int) ba_db_real_escape_string($link, $_POST['txtMonsterBunks']) . "', ";
        $updatequery .= "evStaffBunks = '" . (int) ba_db_real_escape_string($link, $_POST['txtStaffBunks']) . "', ";
Пример #7
0
 | Foundation, either version 3 of the License, or (at your option) any later
 | version.
 |
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
$sGreen = "";
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_adduser.php')) {
    //Insert new user
    $sFirstName = ba_db_real_escape_string($link, $_POST['txtFirstName']);
    $sSurname = ba_db_real_escape_string($link, $_POST['txtSurname']);
    $sql = "INSERT INTO {$db_prefix}players (plFirstName, plSurname, plPassword) VALUES ('{$sFirstName}', '{$sSurname}', 'ACCOUNT DISABLED')";
    ba_db_query($link, $sql);
    $sGreen = htmlentities($_POST['txtFirstName']) . " " . htmlentities($_POST['txtSurname']) . " has been added.";
}
include '../inc/inc_head_html.php';
?>

<h1><?php 
echo TITLE;
?>
 - Create User</h1>
Пример #8
0
}
$eventinfo = getEventDetails($bookinginfo['evEventID'], 0);
//Delete
if (($_POST['btnDelete'] != '' || $_POST['btnDeleteAndRebook'] != '') && CheckReferrer('admin_booking.php')) {
    if ($_POST['txtConfirm'] == 'CONFIRM') {
        deleteBooking($bookinginfo['bkID']);
        if ($_POST['btnDelete'] != '') {
            $sURL = fnSystemURL() . 'admin_manageevent.php?EventID=' . $bookinginfo['bkEventID'];
        } else {
            $sURL = fnSystemURL() . 'admin_booking.php?PlayerID=' . $bookinginfo['bkPlayerID'] . "&EventID=" . $bookinginfo['bkEventID'];
        }
        header("Location: {$sURL}");
    }
}
//Update
if ($_POST['btnSave'] != '' && CheckReferrer('admin_booking.php')) {
    $bookas = htmlentities(stripslashes($_POST['cboBookAs']));
    $overriddenvalue = htmlentities(stripslashes($_POST['txtOverriddenExpectedValue']));
    $overrideexpected = (int) $_POST['chkOverride'];
    $overriddenpaidvalue = htmlentities(stripslashes($_POST['txtOverriddenAmountPaid']));
    $overridepaid = (int) $_POST['chkOverridePaid'];
    $sql = "update {$db_prefix}bookings set bkID = {$bookingid}";
    if ($bookas != '') {
        $sql .= ",  bkBookAs = '{$bookas}'";
    }
    if ($overrideexpected == 1) {
        $sql .= ", bkAmountExpected = {$overriddenvalue} ";
    } else {
        $overrideexpected = 0;
    }
    if ($overridepaid == 1) {
Пример #9
0
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
include '../inc/inc_commonqueries.php';
$eventid = (int) htmlentities(stripslashes($_GET['EventID']));
if ($eventid > 0) {
    $eventinfo = getEventDetails($eventid, 0, 'admin.php');
}
$bid = (int) $_GET['bid'];
$db_prefix = DB_PREFIX;
//remove player from queue
if ($bid > 0 && CheckReferrer('admin_booking_queue.php')) {
    $sql = "UPDATE {$db_prefix}bookings SET bkInQueue = 0 WHERE bkID = " . $bid;
    ba_db_query($link, $sql);
    //Send e-mail to tell them.
    $result = ba_db_query($link, "SELECT plFirstName, plSurname, plEmail, plEmailRemovedFromQueue FROM {$db_prefix}players WHERE plPlayerID = {$bid}");
    $row = ba_db_fetch_assoc($result);
    $email = $row['plEmail'];
    //Set up e-mail body
    $sBody = "You have been removed from the booking queue at " . SYSTEM_NAME . ". " . "You can now finalise and pay for your booking.\n\n" . "Player ID: " . PID_PREFIX . sprintf('%03s', $bid) . "\n" . "OOC Name: " . $row['plFirstName'] . " " . $row['plSurname'] . "\n\n" . str_replace("admin/", "", fnSystemURL());
    //Send e-mail
    if ($row['plEmailRemovedFromQueue']) {
        mail($email, SYSTEM_NAME . ' - Ready to Finalise', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
    }
}
//Get list of queued players
$sql = "SELECT bkID, plPlayerID, " . "plFirstName, " . "plSurname, " . "chName, " . "chFaction, " . "case when bkdateoocconfirmed > bkdateicconfirmed then bkdateoocconfirmed else bkdateicconfirmed end as bkDateConfirmed " . "FROM {$db_prefix}players, {$db_prefix}characters, {$db_prefix}bookings " . "WHERE plPlayerID = chPlayerID AND chPlayerID = bkPlayerID AND bkInQueue = 1" . " AND bkEventID = {$eventid}" . " ORDER BY bkDateConfirmed ASC";
Пример #10
0
 public function HandlePage()
 {
     $action = "";
     if (count($GLOBALS['PathInfo']) > 0) {
         if (isset($GLOBALS['PathInfo'][1])) {
             $_REQUEST['action'] = $GLOBALS['PathInfo'][1];
         } else {
             $_REQUEST['action'] = $GLOBALS['PathInfo'][0];
         }
     }
     if (isset($_REQUEST['action'])) {
         $action = isc_strtolower($_REQUEST['action']);
     }
     if (isset($_GET['from'])) {
         $_SESSION['LOGIN_REDIR'] = sprintf("%s/%s", $GLOBALS['ShopPath'], urldecode($_GET['from']));
     }
     /* Baskarn */
     if ($GLOBALS['EnableSEOUrls'] == 1) {
         $GLOBALS['WishListAccountLink'] = "%%GLOBAL_ShopPathSSL%%/account";
         $GLOBALS['WishListLink'] = "%%GLOBAL_ShopPathSSL%%/wishlist";
     } else {
         $GLOBALS['WishListAccountLink'] = "%%GLOBAL_ShopPathSSL%%/account.php";
         $GLOBALS['WishListLink'] = "%%GLOBAL_ShopPathSSL%%/wishlist.php";
     }
     if ($GLOBALS['EnableSEOUrls'] == 1) {
         if (count($GLOBALS['PathInfo']) == 3) {
             $_GET[$GLOBALS['PathInfo'][1]] = $GLOBALS['PathInfo'][2];
             if (isset($_GET['publicwishlist'])) {
                 $this->DisplayPublicWishList();
                 return true;
             }
         }
     } else {
         if (isset($_GET['publicwishlist'])) {
             $this->DisplayPublicWishList();
             return true;
         }
     }
     /**/
     // Are they signed in?
     if (CustomerIsSignedIn()) {
         CheckReferrer();
         // checking and assigning the back to search link
         switch ($action) {
             case "add":
                 $this->AddItemToWishList();
                 break;
             case "remove":
                 $this->RemoveItemFromWishList();
                 break;
             case "viewwishlistitems":
                 $this->DisplayWishListItems();
                 break;
             case "editwishlist":
                 $this->DisplayEditWishListForm();
                 break;
             case "deletewishlist":
                 $this->DeleteWishLists();
                 break;
             case "addwishlist":
                 $this->DisplayAddWishListForm();
                 break;
             case "sharewishlist":
                 $this->DisplayShareWishList();
                 break;
             default:
                 $this->MyWishLists();
         }
     } else {
         // Naughty naughty, you need to sign in to be here
         if (isset($_SERVER['QUERY_STRING'])) {
             $get_vars = $_SERVER['QUERY_STRING'];
         } else {
             $get_vars = "";
         }
         $this_page = urlencode(sprintf("wishlist.php?%s", $get_vars));
         ob_end_clean();
         if ($GLOBALS['EnableSEOUrls'] == 1) {
             header(sprintf("Location:%s/%s/%s", GetConfig('ShopPathNormal'), "login", "wishlist"));
         } else {
             header(sprintf("Location: %s/login.php?from=%s", $GLOBALS['ShopPath'], $this_page));
         }
         //header(sprintf("Location: %s/login.php?from=%s", $GLOBALS['ShopPath'], $this_page));
         die;
     }
 }
Пример #11
0
"></td></tr>
<tr><td colspan = "2" class = "mid"><input type = 'submit' value = 'Add' name = 'btnSubmit'>
<input type = 'reset' value = "Reset form"></td></tr>
</table>
</form>


<h2><a name = 'freetext'>Show free text ancestors</a></h2>

<form action = 'admin_ancestors.php' method = 'post'>
<input type = 'submit' value = 'Show free text' name = 'btnSubmit'>
<input type = 'submit' value = 'Hide' name = 'btnSubmitHide'>
</form>

<?php 
if (($_POST['btnSubmit'] == 'Show free text' || $_POST['btnSubmit'] == 'Assign To Selected') && CheckReferrer('admin_ancestors.php')) {
    $sql = "select chCharacterID, chAncestor, count(chAncestor) as Occurs from {$db_prefix}characters where chAncestor != '' and chAncestor not like 'Enter name%' group by chAncestor order by occurs desc, chAncestor asc";
    echo "<table>";
    echo "<tr><th>Ancestor Name</th><th>Occurences</th></tr>";
    $result = ba_db_query($link, $sql);
    while ($row = ba_db_fetch_assoc($result)) {
        echo "<tr><td>" . htmlentities(stripslashes($row['chAncestor'])) . "</td><td>" . htmlentities(stripslashes($row['Occurs'])) . "</td>";
        echo "<td><form action = 'admin_ancestors.php' method = 'post'><input type=hidden name='txtFreeValue' value='" . htmlentities(stripslashes($row['chAncestor'])) . "'><select name='cboAssign'>";
        foreach ($ancestornames as $i => $value) {
            echo "<option>{$value}</option>";
        }
        echo "</select></td><td><input type = 'submit' value = 'Assign To Selected' name = 'btnSubmit'></td></form>";
        echo "</tr>";
    }
    echo "</table>";
}
Пример #12
0
    if (ba_db_query($link, $sql) === False) {
        $sWarn = "Error deleting location";
        LogError($sWarn);
    } else {
        $sGreen = "location deleted";
    }
} elseif ($_POST['btnEdit'] != '' && CheckReferrer('admin_locations.php')) {
    $sql = "UPDATE {$db_prefix}locations " . "SET lnName = '" . ba_db_real_escape_string($link, $_POST['txtName']) . "' " . "WHERE lnID = " . (int) $_POST['hID'];
    if (ba_db_query($link, $sql) === False) {
        $sWarn = "Error updating location.";
        LogError($sWarn);
    } else {
        $sGreen = "location updated";
    }
}
if ($_POST['btnSubmit'] == 'Add' && CheckReferrer('admin_locations.php')) {
    $sql = "INSERT INTO {$db_prefix}locations (lnName) " . "VALUES ('" . ba_db_real_escape_string($link, $_POST['txtAddName']) . "')";
    if (ba_db_query($link, $sql) === False) {
        $sWarn = "There was an error adding the location.";
        $sAddName = $_POST['txtAddName'];
    } else {
        $sGreen = "The location was added successfully.";
    }
}
include '../inc/inc_head_html.php';
?>

<h1><?php 
echo TITLE;
?>
 - Edit Locations</h1>
Пример #13
0
if ($_POST['btnConfirm'] != '' && CheckReferrer('change_password.php')) {
    //Get user's e-mail address
    $result = ba_db_query($link, "SELECT plNewMail, plNewMailCode FROM {$db_prefix}players WHERE plPlayerID = {$PLAYER_ID}");
    $row = ba_db_fetch_assoc($result);
    if ($row['plNewMailCode'] == $_POST['txtCode']) {
        //Run update query & set message
        $sql = "UPDATE {$db_prefix}players SET plEmail = '" . SafeEmail($row['plNewMail']) . "', plNewMail = '', plNewMailCode = '' " . "WHERE plPlayerID = {$PLAYER_ID}";
        $result = ba_db_query($link, $sql);
        if ($result === False) {
            $sWarn = "There was a problem updating your e-mail address";
        } else {
            $sGreen = "Your e-mail address has been updated";
        }
    }
}
if ($_POST['btnUpdateEmailPreferences'] != '' && CheckReferrer('change_password.php')) {
    if ($_POST['chkEmailOOCChange'] == 'on') {
        $bOOCChange = 1;
    } else {
        $bOOCChange = 0;
    }
    if ($_POST['chkEmailICChange'] == 'on') {
        $bICChange = 1;
    } else {
        $bICChange = 0;
    }
    if ($_POST['chkEmailPaymentReceived'] == 'on') {
        $bPaymentReceived = 1;
    } else {
        $bPaymentReceived = 0;
    }
Пример #14
0
<h3>Delete Old Logs</h3>

<form action = 'root_accesslog.php' method = 'post'>
<p>
Delete access logs older than (YYYY-MM-DD):
<input name = 'txtDeleteDate' value = <?php 
echo date("Y-m-d", strtotime("-3 months"));
?>
> (midnight)<br>
<input type = 'submit' name = 'btnDelete' value = 'Delete'>
</p>
</form>

<?php 
if ($_GET['btnQuery'] != '' && CheckReferrer('root_accesslog.php')) {
    echo "<p>Showing up to {$iRecNum} records. Click on a column header to sort by that column.</p>\n";
    echo "<table border = '1' class='sortable'>\n<thead>\n";
    echo "<tr><th>Date &amp; Time</th>\n";
    echo "<th>Player ID</th>\n";
    echo "<th>IP Address</th>\n";
    echo "<th>Page</th>\n";
    echo "<th>GET query</th>\n";
    echo "<th>POST request</th></tr>\n</thead>\n<tbody>\n";
    if ($_GET['rdoExportView'] == 'view') {
        $result = ba_db_query($link, $sLogSQL);
        while ($row = ba_db_fetch_assoc($result)) {
            echo "<tr><td>{$row['alDateTime']}</td>\n";
            echo "<td>{$row['alPlayerID']}</td>\n";
            echo "<td>{$row['alIP']}";
            if ($bDomain) {
Пример #15
0
 | Bitsand is free software; you can redistribute it and/or modify it under the
 | terms of the GNU General Public License as published by the Free Software
 | Foundation, either version 3 of the License, or (at your option) any later
 | version.
 |
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include 'inc/inc_head_db.php';
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '' && (CheckReferrer('booking.php') || CheckReferrer('eventbookingconfirm.php'))) {
    $bookingid = (int) $_POST['hBooking'];
    $email = htmlentities(stripslashes($_POST['txtEmail']));
    if ($bookingid > 0) {
        $sBody = "You have recieved a request to make a payment for an event at " . SYSTEM_NAME . ". " . "\n\nIf you have an account then please login to make this payment.\n" . "Otherwise you must create an account if you wish to make a payment, using this e-mail address.\n\n" . "If you have recieved this request in error, then please ignore it, or contact " . EVENT_CONTACT_NAME . " (" . EVENT_CONTACT_MAIL . ") if you have any questions.";
        "\n\n" . fnSystemURL();
        mail($email, SYSTEM_NAME . ' - Payment Request', $sBody, "From:" . SYSTEM_NAME . " <" . EVENT_CONTACT_MAIL . ">");
        $sql = "INSERT INTO {$db_prefix}paymentrequests (prEmail, prBookingID) VALUES ('{$email}', {$bookingid})";
        ba_db_query($link, $sql);
    }
}
if ($_GET['green'] != '') {
    $sGreen .= htmlentities($_GET['green']);
}
if ($_GET['warn'] != '') {
    $sWarn .= htmlentities($_GET['warn']);
Пример #16
0
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_commonqueries.php';
$db_prefix = DB_PREFIX;
$eventinfo = getEventDetails($_GET['EventID'], 0, 'admin.php');
$eventid = $eventinfo['evEventID'];
$sWarn = '';
if ($_POST['btnDelete'] != '' && CheckReferrer('admin_deleteevent.php')) {
    if ($_POST['txtConfirm'] == 'CONFIRM') {
        //Get list of bookingIDs for this event
        $sql = "SELECT bkID from " . DB_PREFIX . "bookings where bkEventID = {$eventid}";
        $result = ba_db_query($link, $sql);
        $usedidlist = "";
        while ($row = ba_db_fetch_assoc($result)) {
            array_push($itemselected, $row);
            $usedidlist .= $row['bkID'] . ",";
        }
        $usedidlist .= "-1";
        //Remove bookingitems
        $sql = "DELETE FROM " . DB_PREFIX . "bookingitems where biBookingID in ({$usedidlist})";
        ba_db_query($link, $sql);
        //Remove payment requests
        $sql = "DELETE FROM " . DB_PREFIX . "paymentrequests where prBookingID in ({$usedidlist})";
Пример #17
0
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
//Do not check that user is logged in
$bLoginCheck = False;
//Initialise $CSS_PREFIX
$CSS_PREFIX = '../';
include $CSS_PREFIX . 'inc/inc_head_db.php';
include $CSS_PREFIX . 'inc/inc_forms.php';
include $CSS_PREFIX . 'inc/inc_head_html.php';
//Report all errors except E_NOTICE
error_reporting(E_ALL ^ E_NOTICE);
$db_prefix = DB_PREFIX;
$key = CRYPT_KEY;
if ($_POST['btnSubmit'] != '' && $_POST['txtKey'] == CRYPT_KEY && CheckReferrer('initial_config.php')) {
    //Set up update query to change config values
    $updateQuery = "UPDATE `{$db_prefix}config` SET ";
    $updateQuery .= "cnEVENT_CONTACT_NAME = '" . ba_db_real_escape_string($link, $_POST['txtEVENT_CONTACT_NAME']) . "', ";
    $updateQuery .= "cnEVENT_CONTACT_MAIL = '" . ba_db_real_escape_string($link, $_POST['txtEVENT_CONTACT_MAIL']) . "', ";
    $updateQuery .= "cnTECH_CONTACT_NAME = '" . ba_db_real_escape_string($link, $_POST['txtTECH_CONTACT_NAME']) . "', ";
    $updateQuery .= "cnTECH_CONTACT_MAIL = '" . ba_db_real_escape_string($link, $_POST['txtTECH_CONTACT_MAIL']) . "', ";
    $updateQuery .= "cnTITLE = '" . ba_db_real_escape_string($link, $_POST['txtTITLE']) . "', ";
    $updateQuery .= "cnSYSTEM_NAME = '" . ba_db_real_escape_string($link, $_POST['txtSYSTEM_NAME']) . "', ";
    $updateQuery .= "cnMIN_PASS_LEN = " . ba_db_real_escape_string($link, (int) $_POST['txtMIN_PASS_LEN']) . ", ";
    $updateQuery .= "cnSEND_PASSWORD = "******"SELECT plEmail FROM {$db_prefix}players WHERE plPlayerID = " . ROOT_USER_ID;
    $result = ba_db_query($link, $sql);
    $row = ba_db_fetch_assoc($result);
    $root_email = $row['plEmail'];
Пример #18
0
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
include '../inc/inc_commonqueries.php';
$db_prefix = DB_PREFIX;
$eventinfo = getEventDetails($_GET['EventID'], 0, 'admin.php');
$eventid = $eventinfo['evEventID'];
$key = CRYPT_KEY;
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_mealticket.php')) {
    foreach ($_POST as $key => $value) {
        if (substr($key, 0, 8) == "hBooking") {
            $meal = (int) $_POST["chkPl{$value}"];
            if ($meal > 0) {
                $meal = 1;
            } else {
                $meal = 0;
            }
            $payongate = (int) $_POST["chkPayOnGate{$value}"];
            if ($payongate > 0) {
                $payongate = 1;
            } else {
                $payongate = 0;
            }
            $iBookingID = (int) $value;
Пример #19
0
 | version.
 |
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include 'inc/inc_head_db.php';
include 'inc/inc_forms.php';
//Initialise error message
$sWarn = '';
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmit'] != '' && CheckReferrer('ic_form.php')) {
    $sNameWarn = IC_Check();
    //Character details - check if character exists
    $sql = "SELECT * FROM {$db_prefix}characters WHERE chPlayerID = {$PLAYER_ID}";
    $result = ba_db_query($link, $sql);
    //If character does not exist insert a row so that UPDATE query will work
    if (ba_db_num_rows($result) == 0) {
        $sql = "INSERT INTO {$db_prefix}characters (chPlayerID) VALUES ({$PLAYER_ID})";
        if (!ba_db_query($link, $sql)) {
            $sWarn = "There was a problem updating your IC details";
            LogError("Error inserting player ID into characters table prior to running UPDATE query.\nPlayer ID: {$PLAYER_ID}");
        }
    } elseif (ba_db_num_rows($result) > 1) {
        LogWarning("Multiple rows in characters table with player ID {$PLAYER_ID}");
    }
    if ($_POST['selGroup'] == 'Other (enter name below)') {
Пример #20
0
 public function HandlePage()
 {
     $action = "";
     if (count($GLOBALS['PathInfo']) > 0) {
         if (isset($GLOBALS['PathInfo'][1])) {
             $_REQUEST['action'] = $GLOBALS['PathInfo'][1];
         } else {
             $_REQUEST['action'] = $GLOBALS['PathInfo'][0];
         }
     }
     if (isset($_REQUEST['action'])) {
         $action = isc_strtolower($_REQUEST['action']);
     }
     if (isset($_REQUEST['action1'])) {
         $this->ApplyCoupon();
     }
     $GLOBALS['AdditionalStylesheets'][] = GetConfig('AppPath') . '/javascript/jquery/plugins/imodal/imodal.css';
     CheckReferrer();
     // checking and assigning the back to search link
     // Get the number of items in the cart if any
     if (isset($_SESSION['CART']['NUM_ITEMS'])) {
         $num_items = $_SESSION['CART']['NUM_ITEMS'];
         foreach ($_SESSION['CART']['ITEMS'] as $item) {
             if (!isset($item['product_id'])) {
                 continue;
             }
             $GLOBALS['CartQuantity' . $item['product_id']] = $item['quantity'];
         }
         if ($num_items == 1) {
             $GLOBALS['CartItems'] = GetLang('OneItem');
         } else {
             if ($num_items > 1) {
                 $GLOBALS['CartItems'] = sprintf(GetLang('XItems'), $num_items);
             } else {
                 $GLOBALS['CartItems'] = '';
             }
         }
     }
     if (isset($num_items) && $num_items > 0) {
         $GLOBALS['CartTotalQuantity'] = '(' . (string) $num_items . ')';
     } else {
         $GLOBALS['CartTotalQuantity'] = '';
     }
     $_SESSION['makeaoffer'] = "Yes";
     switch ($action) {
         case "add":
             if (!empty($_SESSION['OFFERCART']['ITEMS']) and empty($_SESSION['OFFER_CART'])) {
                 if (isset($_SESSION['OFFERCART']['NUM_ITEMS'])) {
                     unset($_SESSION['OFFERCART']['NUM_ITEMS']);
                 }
             }
             if (isset($_SESSION['OFFERCART']['ITEMS'])) {
                 unset($_SESSION['OFFERCART']['ITEMS']);
             }
             if (isset($_SESSION['the_offered_price'])) {
                 unset($_SESSION['the_offered_price']);
             }
             if (isset($_SESSION['you_save'])) {
                 unset($_SESSION['you_save']);
             }
             $this->AddToCart();
             break;
         case "suggestions":
             $this->ShowSuggestiveCart();
             break;
         case "addcertificate":
             $this->AddGiftCertificateToCart();
             break;
         case "remove":
             $this->RemoveFromCart();
             break;
         case "finishoffer":
             $this->FinishOffer();
             break;
         case "update":
             $this->UpdateInCart();
             break;
         case "applycoupon":
             $this->ApplyCoupon();
             break;
         case "applygiftcertificate":
             $this->ApplyGiftCertificate();
             break;
         case 'save_giftwrapping':
             $this->SaveGiftWrapping();
             break;
         case 'remove_giftwrapping':
             $this->RemoveGiftWrapping();
             break;
         case "removegiftcertificate":
             $this->RemoveGiftCertificate();
             break;
         case "editproductfieldsincart":
             $this->EditProductFieldsInCart();
             break;
         case "removecoupon":
             $this->RemoveCoupon();
             break;
         case "addreorderitems":
             $this->AddReorderItems();
             break;
         default:
             $this->ShowRegularCart();
     }
 }
Пример #21
0
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_forms.php';
//Get player ID of player to be edited
$admin_player_id = (int) $_GET['pid'];
//Initialise $sWarn
$sWarn = '';
$db_prefix = DB_PREFIX;
$key = CRYPT_KEY;
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_edit_ooc.php')) {
    //Run OOC_Check to perform data validation
    $sWarn = OOC_Check();
    //Check e-mail address is reasonable
    $sEmail = SafeEmail($_POST['txtEmail']);
    //Only check for valid e-mail address if one was included - user may not have an e-mail address
    if ($sEmail != '') {
        if (!eregi("^[_a-z0-9-]+([.+][_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]*)\$", $sEmail)) {
            $sWarn .= htmlentities($sEmail) . " is not a valid e-mail address<br>\n";
        }
    }
    if ($sWarn != '') {
        $sWarn .= "<br>The details entered so far have been saved, but you will need to correct the above errors at some point";
    }
    //Update database
    //Build up date of birth in YYYYMMDD format
Пример #22
0
    $startIndent = "<ul>\n<li>";
    $endIndent = "</li></ul>\n";
    $indentItem = "</li>\n<li>";
    $poundsign = "&pound;";
    $buttonpressed = 1;
    $customtext = str_replace("\n", "<br/>", $customtext);
} elseif ($_POST['btnSend'] == 'Send e-mail') {
    $startPara = "\n";
    $endPara = "\n";
    $startIndent = "\n\t";
    $endIndent = "";
    $indentItem = "\n\t";
    $poundsign = "£";
    $buttonpressed = 2;
}
if ($buttonpressed > 0 && CheckReferrer('admin_finalconfirmation.php')) {
    $sql = "Select" . " plPlayerID," . " plFirstName," . " plSurname," . " plEmail," . " bkBookAs," . " plEmergencyName," . " IFNULL(AES_DECRYPT(pleEmergencyNumber, '{$key}'),'') AS dEmergencyNumber," . "bkBunkAllocated, " . "bkMealTicket, " . "bkAmountPaid, " . "bkAmountExpected, " . "chName, chRace, chGender, " . "chGroupSel, chGroupText, chFaction, chAncestor, chAncestorSel," . "chNotes, chOSP " . "from {$db_prefix}players LEFT OUTER JOIN {$db_prefix}bookings ON {$db_prefix}players.plPlayerID = {$db_prefix}bookings.bkPlayerID " . " LEFT OUTER JOIN {$db_prefix}characters ON {$db_prefix}players.plPlayerID = {$db_prefix}characters.chPlayerID " . " WHERE bkDatePaymentConfirmed != '0000-00-00' and bkEventID = {$eventid}";
    if (ALLOW_EVENT_PACK_BY_POST) {
        if ($_POST['chkIncludeByPost'] == 'on' && $_POST['chkIncludeByEmail'] != 'on') {
            $sql .= " AND plEventPackByPost = 1";
        }
        if ($_POST['chkIncludeByPost'] != 'on' && $_POST['chkIncludeByEmail'] == 'on') {
            $sql .= " AND plEventPackByPost = 0";
        }
        if ($_POST['chkIncludeByPost'] != 'on' && $_POST['chkIncludeByEmail'] != 'on') {
            $sql .= " AND 1 = 0";
        }
    }
    $sql .= " ORDER BY IF(plSurname='',1,0),plSurname";
    if ($_POST['btnPreviewOne'] == 'Preview One') {
        $sql .= " Limit 1";
Пример #23
0
<h3>Create Administrators</h3>

<form action = 'root_admins.php' method = 'post'>
To search for a user to make an admin, enter the first name and/or surname and click Search:<br>
<table border = '0'>
<tr><td>OOC first name:</td><td><input name = 'txtFirstName'></td></tr>
<tr><td>OOC surname:</td><td><input name = 'txtSurname'></td></tr>
<tr><td class = 'mid' colspan = '2'>
<input type = 'submit' name = 'btnSubmit' value = 'Search'>
<input type = 'reset' value = "Reset form">
</td></tr>
</table>
</form>

<?php 
if ($_POST['btnSubmit'] == 'Search' && CheckReferrer('root_admins.php')) {
    $sFirstName = ba_db_real_escape_string($link, $_POST['txtFirstName']);
    $sSurname = ba_db_real_escape_string($link, $_POST['txtSurname']);
    $sOR = '';
    $sql = "SELECT plPassword, plPlayerID, plFirstName, plSurname, plEmail FROM {$db_prefix}players WHERE plAccess <> 'admin' AND (";
    if ($sFirstName != '') {
        $sql .= " plFirstName LIKE '%{$sFirstName}%'";
        $sOR = ' OR';
    }
    if ($sSurname != '') {
        $sql .= $sOR . " plSurname LIKE '%{$sSurname}%'";
    }
    $sql .= ")";
    if ($sFirstName != '' || $sSurname != '') {
        $result = ba_db_query($link, $sql);
    }
Пример #24
0
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include '../inc/inc_head_db.php';
include '../inc/inc_admin.php';
include '../inc/inc_head_html.php';
include '../inc/inc_commonqueries.php';
$db_prefix = DB_PREFIX;
$eventinfo = getEventDetails($_GET['EventID'], 0, 'admin.php');
$eventid = $eventinfo['evEventID'];
$key = CRYPT_KEY;
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_amount.php')) {
    foreach ($_POST as $key => $value) {
        if (substr($key, 0, 7) == "hPlayer") {
            $iBookingID = (int) $value;
            $amountpaid = sanitiseAmount($_POST["txtAmountPaid{$value}"]);
            $amountexpected = sanitiseAmount($_POST["txtAmountExpected{$value}"]);
            $sql_update = "UPDATE {$db_prefix}bookings SET bkAmountPaid = {$amountpaid}, bkAmountExpected = {$amountexpected} WHERE bkID = " . $iBookingID;
            ba_db_query($link, $sql_update);
        }
    }
}
//Get list of players that have confirmed their booking
$sql = "SELECT bkID, " . "plPlayerID, " . "plFirstName, " . "plSurname, " . "bkBookAs, " . "bkBunkRequested, " . "bkMealTicket, " . "chName, " . "bkDateOOCConfirmed, " . "bkDateICConfirmed, " . "bkDatePaymentConfirmed, " . "bkAmountPaid, " . "bkAmountExpected " . "FROM {$db_prefix}players, {$db_prefix}characters, {$db_prefix}bookings " . "WHERE plPlayerID = chPlayerID AND chPlayerID = bkPlayerID and bkEventID = {$eventid}";
$result = ba_db_query($link, $sql);
?>
<script src="../inc/sorttable.js" type="text/javascript"></script>
Пример #25
0
  function LoadFromDB() {
    $this->prod = PouetProd::spawn( $this->id );
    if(!$this->prod)
      return;

    if($this->prod->latestip != $_SERVER["REMOTE_ADDR"] && CheckReferrer($_SERVER["HTTP_REFERER"]) )
    {
      SQLLib::Query(sprintf_esc("UPDATE prods SET views=views+1, latestip='%s' WHERE id=%d",$_SERVER["REMOTE_ADDR"],$this->id));
    }

    $this->linkCheck = SQLLib::SelectRow(sprintf_esc("SELECT * FROM prods_linkcheck where prodID = %d",$this->id));

    $a = array(&$this->prod);
    PouetCollectPlatforms( $a );

    if ($this->prod->boardID)
      $this->board = SQLLib::SelectRow(sprintf_esc("SELECT * FROM boards WHERE id = %d",$this->prod->boardID));

    $s = new BM_Query();
    $s->AddField("added");
    $s->AddTable("screenshots");
    $s->SetLimit(1);
    $s->attach(array("screenshots"=>"user"),array("users as user"=>"id"));
    $s->AddWhere(sprintf_esc("prod=%d",$this->id));
    list($this->screenshot) = $s->perform();

    $s = new BM_Query();
    $s->AddField("prodotherparty.party_compo");
    $s->AddField("prodotherparty.party_place");
    $s->AddField("prodotherparty.party_year");
    $s->AddTable("prodotherparty");
    $s->attach(array("prodotherparty"=>"party"),array("parties as party"=>"id"));
    $s->AddWhere(sprintf_esc("prod=%d",$this->id));
    $rows = $s->perform();
    foreach($rows as $row)
    {
      $this->prod->placings[] = new PouetPlacing( array("party"=>$row->party,"compo"=>$row->party_compo,"ranking"=>$row->party_place,"year"=>$row->party_year) );
    }

    $s = new BM_Query();
    $s->AddTable("affiliatedprods");
    $s->AddField("affiliatedprods.type");
    $s->attach(array("affiliatedprods"=>"original"),array("prods as prodOriginal"=>"id"));
    $s->attach(array("affiliatedprods"=>"derivative"),array("prods as prodDerivative"=>"id"));
    $s->AddWhere(sprintf_esc("affiliatedprods.original=%d or affiliatedprods.derivative=%d",$this->id,$this->id));
    $this->relatedProds = $s->perform();

    $s = new BM_Query();
    $s->AddTable("users_cdcs");
    $s->attach(array("users_cdcs"=>"user"),array("users as user"=>"id"));
    $s->AddWhere(sprintf_esc("cdc = %d",$this->id));
    $cdcs = $s->perform();

    $this->userCDCs = array();
    foreach($cdcs as $v)
      $this->userCDCs[$v->user->id] = $v;
    $this->isPouetCDC = SQLLib::selectRow(sprintf_esc("select * from cdc where which = %d",$this->id));

    $this->awards = SQLLib::selectRows(sprintf_esc("select * from sceneorgrecommended where prodid = %d order by type, category",$this->id));

    $s = new BM_Query("credits");
    $s->AddField("credits.role");
    $s->AddWhere(sprintf("credits.prodID = %d",$this->id));
    $s->Attach(array("credits"=>"userID"),array("users as user"=>"id"));
    $s->AddOrder("credits.role");
    $this->credits = $s->perform();

    $this->downloadLinks = array();
    /*
    if ($this->prod->sceneorg)
    {
      $o = new stdClass();
      $o->type = "scene.org";
      $o->id = "sceneorgID";
      $o->link = "http://scene.org/file.php?id=".(int)$this->prod->sceneorg;
      $this->downloadLinks[] = $o;
    }
    */
    if ($this->prod->csdb)
    {
      $o = new stdClass();
      $o->type = "csdb";
      $o->id = "csdbID";
      $o->link = "http://csdb.dk/release/?id=".(int)$this->prod->csdb;
      $this->downloadLinks[] = $o;
    }
    if ($this->prod->zxdemo)
    {
      $o = new stdClass();
      $o->type = "zxdemo";
      $o->id = "zxdemoID";
      $o->link = "http://zxdemo.org/item.php?id=".(int)$this->prod->zxdemo;
      $this->downloadLinks[] = $o;
    }
    if ($this->prod->demozoo)
    {
      $o = new stdClass();
      $o->type = "demozoo";
      $o->id = "demozooID";
      $o->link = "http://demozoo.org/productions/".(int)$this->prod->demozoo."/";
      $this->downloadLinks[] = $o;
    }
    $this->downloadLinks = array_merge($this->downloadLinks,SQLLib::selectRows(sprintf_esc("select type, link from downloadlinks where prod = %d order by type",$this->id)));
    $this->screenshotPath = find_screenshot($this->prod->id);
  }
Пример #26
0
 | version.
 |
 | Bitsand is distributed in the hope that it will be useful, but WITHOUT ANY
 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 | FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 | details.
 |
 | You should have received a copy of the GNU General Public License along with
 | Bitsand.  If not, see <http://www.gnu.org/licenses/>.
 +---------------------------------------------------------------------------*/
include 'inc/inc_head_db.php';
$db_prefix = DB_PREFIX;
if (strtolower($_POST['btnSubmit']) == 'edit' && CheckReferrer('ic_view.php')) {
    $sURL = fnSystemURL() . 'ic_form.php';
    header("Location: {$sURL}");
} elseif (strtolower($_POST['btnSubmit']) == 'confirm' && CheckReferrer('ic_view.php')) {
    $sDate = date('Y-m-d');
    //Check if player already has an entry in bookings table
    $sql = "SELECT * FROM {$db_prefix}bookings WHERE bkPlayerID = {$PLAYER_ID}";
    $result = ba_db_query($link, $sql);
    //If player has not booked insert a new row
    if (ba_db_num_rows($result) == 0) {
        $sql = "INSERT INTO {$db_prefix}bookings (bkPlayerID, bkDateICConfirmed) VALUES ({$PLAYER_ID}, '{$sDate}')";
        if (!ba_db_query($link, $sql)) {
            $sWarn = "There was a problem confirming your IC details";
            LogError("Error inserting new IC booking.\nPlayer ID: {$PLAYER_ID}");
        }
    } else {
        //Update existing row
        $sql = "UPDATE {$db_prefix}bookings SET bkDateICConfirmed = '{$sDate}' WHERE bkPlayerID = {$PLAYER_ID}";
        if (!ba_db_query($link, $sql)) {
Пример #27
0
// some myBB integration to get the requesting user
if (is_dir('./forums') && isset($_COOKIE['mybbuser'])) {
    $dir = getcwd();
    try {
        define("IN_MYBB", 1);
        chdir('forums');
        // path to MyBB
        include './global.php';
        $test['uid'] = $mybb->user['uid'];
        $test['user'] = $mybb->user['username'];
    } catch (Exception $e) {
    }
    chdir($dir);
}
// check to make sure the referrer is the same as the host
if (CheckReferrer() && CheckIp() && CheckUrl($test['url'])) {
    // load the location information
    $locations = parse_ini_file('./settings/locations.ini', true);
    $error = NULL;
    ValidateParameters($test, $locations, $error);
    if (!$error) {
        if ($test['remoteUrl']) {
            // send the test request to the remote system (only allow this for POST requests for now)
            SendRemoteTest($test, $_POST, $error);
        } else {
            // generate the test ID
            include_once 'unique.inc';
            $id = null;
            if ($test['private']) {
                $id = md5(uniqid(rand(), true));
            } else {
Пример #28
0
$db_prefix = DB_PREFIX;
if ($_POST['btnSubmitClearSelected'] != '' && CheckReferrer('admin_notes.php')) {
    foreach ($_POST as $key => $value) {
        if (substr($key, 0, 7) == "hPlayer") {
            $iPlayerID = (int) $value;
            $clear = (int) $_POST["chkClearAdmin{$value}"];
            if ($clear > 0) {
                //Set up UPDATE query
                $sql = "UPDATE {$db_prefix}players SET plAdminNotes = '' WHERE plPlayerID = " . $iPlayerID;
                //Run UPDATE query to clear notes;
                ba_db_query($link, $sql);
            }
        }
    }
}
if ($_POST['btnSubmitClearAll'] != '' && CheckReferrer('admin_notes.php')) {
    if ($_POST['txtClearAll'] == "CONFIRM") {
        //Set up UPDATE query
        $sql = "UPDATE {$db_prefix}players SET plAdminNotes = ''";
        //Run UPDATE query to clear notes;
        ba_db_query($link, $sql);
    }
}
$sql = "SELECT plPlayerID, plFirstName, plSurname, plAdminNotes, chNotes FROM {$db_prefix}players, {$db_prefix}characters " . "WHERE (plAdminNotes <> '' OR chNotes LIKE '%Illegal set of skills entered%') AND plPlayerID = chPlayerID";
$result = ba_db_query($link, $sql);
?>
<script src="../inc/sorttable.js" type="text/javascript"></script>

<h1><?php 
echo TITLE;
?>
Пример #29
0
<?php

/**
 *
 * Script to verify user requested input and verify it
 *
 */
/* functions */
if (!function_exists("getSubnetDetailsById")) {
    require_once '../../functions/functions.php';
}
/* @mail functions ------------------- */
include_once '../../functions/functions-mail.php';
# First chech referer and requested with
CheckReferrer();
/* get all posted variables */
$request = $_POST;
/* first get subnet details */
$subnet = getSubnetDetailsById($request['subnetId']);
$subnet2 = $subnet;
//for later check
$subnet['subnet'] = Transform2long($subnet['subnet']);
$subnet = $subnet['subnet'] . "/" . $subnet['mask'];
/* verify email */
if (!checkEmail($request['requester'])) {
    die('<div class="alert alert-danger alert-nomargin alert-norounded">' . _('Please provide valid email address') . '! (' . _('requester') . ': <del>' . $request['requester'] . '</del>)</div>');
}
if (addNewRequest($request)) {
    print '<div class="alert alert-success alert-nomargin alert-norounded">' . _('Request submitted successfully') . '!</div>';
    # send mail
    if (!sendIPReqEmail($request)) {
Пример #30
0
    $updateQuery .= "cnLOGIN_TIMEOUT = " . ba_db_real_escape_string($link, (int) $_POST['txtLOGIN_TIMEOUT']) . ", ";
    $updateQuery .= "cnLOGIN_TRIES = " . ba_db_real_escape_string($link, (int) $_POST['txtLOGIN_TRIES']) . ", ";
    $updateQuery .= "cnMIN_PASS_LEN = " . ba_db_real_escape_string($link, (int) $_POST['txtMIN_PASS_LEN']) . ", ";
    $updateQuery .= "cnSEND_PASSWORD = "******", ";
    $updateQuery .= "cnUSE_PAY_PAL = " . setBoolValue($_POST['chkUSE_PAY_PAL']) . ", ";
    $updateQuery .= "cnPAYPAL_EMAIL = '" . ba_db_real_escape_string($link, $_POST['txtPAYPAL_EMAIL']) . "', ";
    $updateQuery .= "cnNPC_LABEL = '" . ba_db_real_escape_string($link, $_POST['txtNPC_LABEL']) . "', ";
    $updateQuery .= "cnPAYPAL_AUTO_MARK_PAID = " . setBoolValue($_POST['chkPAYPAL_AUTO_MARK_PAID']) . ", ";
    $updateQuery .= "cnUSE_SHORT_OS_NAMES = " . setBoolValue($_POST['chkUSE_SHORT_OS_NAMES']) . ", ";
    $updateQuery .= "cnALLOW_EVENT_PACK_BY_POST = " . setBoolValue($_POST['chkALLOW_EVENT_PACK_BY_POST']) . ", ";
    $updateQuery .= "cnSTAFF_LABEL = '" . ba_db_real_escape_string($link, $_POST['txtSTAFF_LABEL']) . "', ";
    $updateQuery .= "cnQUEUE_OVER_LIMIT = " . setBoolValue($_POST['chkQUEUE_OVER_LIMIT']);
    //Update database
    $bUpdate = ba_db_query($link, $updateQuery);
}
if ($_POST['btnSubmit'] != '' && CheckReferrer('admin_changeconfig.php')) {
    //Get new config information from database
    $sql = "SELECT * FROM {$db_prefix}config WHERE cnName = 'Default' ";
    $result = ba_db_query($link, $sql);
    if (ba_db_num_rows($result) == 1) {
        $row = ba_db_fetch_assoc($result);
    } else {
        $sWarn = "Could not find config information in database";
    }
    //Compare old & new configs
    foreach ($row as $col => $value) {
        if ($row[$col] != $oldconfig[$col]) {
            $sChanges .= "{$col} changed: '{$oldconfig[$col]}' => '{$row[$col]}'\n";
        }
    }
    //Get root's e-mail address