function cleanSql($input) { if (is_array($input)) { foreach ($input as $k => $v) { $output[$k] = cleanSql($v); } } else { $output = (string) $input; $output = mysql_real_escape_string($output); } return $output; }
function clacDamage($poke1, $poke2, $moveUsed) { // poke1 is attacking poke2 global $attackMod; $types = array('Snow', 'Shiny', 'Halloween', 'Rainbow', 'Helios', 'Possion', 'Shadow', 'Normal'); $poke1name = trim(str_replace($types, '', $poke1['name'])); $poke2name = trim(str_replace($types, '', $poke2['name'])); $moveUsed = cleanSql($moveUsed); $query = mysql_query("SELECT * FROM `moves` WHERE `name`='{$moveUsed}' LIMIT 1"); if (!$query || mysql_num_rows($query) == false) { array('damage' => 100, 'message' => ''); } $moveRow = mysql_fetch_assoc($query); $stab = $moveRow['type'] == $poke1['type1'] || $moveRow['type'] == $poke1['$type2'] ? 1.5 : 1; $query = mysql_query("SELECT * FROM `pokedex` WHERE `name`='{$poke1name}' LIMIT 1"); if (!$query || mysql_num_rows($query) == false) { array('damage' => 101, 'message' => ''); } $poke1row = mysql_fetch_assoc($query); if ($moveRow['type'] == 'Status') { return array('damage' => 0, 'message' => ''); } $attackStat = $moveRow['type'] == 'Special' ? $poke1row['spattack'] : $poke1row['attack']; $attackStat = ceil(($attackStat * 2 + 5) / 100 * $poke1['level']); $attackPower = $moveRow['power']; // poke 2 defence $query = mysql_query("SELECT * FROM `pokedex` WHERE `name`='{$poke2name}' LIMIT 1"); if (!$query || mysql_num_rows($query) == false) { return array('damage' => 102, 'message' => ''); } $poke2row = mysql_fetch_assoc($query); $defenseStat = ceil(($poke2row['defence'] * 2 + 5) / 100 * $poke2['level']); $weakness = 1; if (isset($poke2row['type1']) && isset($attackMod[$moveRow['type']][$poke2row['type1']])) { $weakness = $attackMod[$moveRow['type']][$poke2row['type1']]; } if (isset($poke2row['type2']) && isset($attackMod[$moveRow['type']][$poke2row['type2']])) { $weakness *= $attackMod[$moveRow['type']][$poke2row['type2']]; } $messages = array('msg-0' => 'It doesn\'t affect ' . $poke2['name'] . '...', 'msg-0.25' => 'It\'s not very effective...', 'msg-0.5' => 'It\'s not very effective...', 'msg-1' => '', 'msg-2' => 'It\'s super effective!', 'msg-4' => 'It\'s super effective!'); $damage = ((2 * $poke1['level'] / 5 + 2) * $attackStat * $attackPower / $defenseStat / 50 + 2) * $stab * $weakness * mt_rand(85, 100) / 100; if ($weakness == 0) { $damage = 0; } return array('damage' => round($damage / 10), 'message' => $messages['msg-' . $weakness]); }
if (empty($subject)) { $errors[] = 'Subject field was empty.'; } if (empty($message)) { $errors[] = 'Message field was empty.'; } if ($_SESSION['token'] != $_POST['token']) { $errors[] = 'There was an error sending the message.'; $username = ''; $subject = ''; $message = ''; } if (count($errors) > 0) { echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>'; } else { $sqlSender = cleanSql($_SESSION['username']); $time = time(); $query = mysql_query("\n\t\t\t\t\tINSERT INTO `messages` (\n\t\t\t\t\t\t`sender_uid`, `recipient_uid`, `sender`, `recipient`,\n\t\t\t\t\t\t`timestamp`, `subject`, `message`, `read`,\n\t\t\t\t\t\t`deleted_by_sender`, `deleted_by_recipient`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'{$uid}', '{$userid}', '{$sqlSender}', '{$sqlUsername}',\n\t\t\t\t\t\t'{$time}', '{$sqlSubject}', '{$sqlMessage}', '0',\n\t\t\t\t\t\t'{$outbox}', '0'\n\t\t\t\t\t)\n\t\t\t\t"); mysql_query("UPDATE `users` SET `unread_messages`=`unread_messages`+1, `total_messages`=`total_messages`+1 WHERE `id`='{$userid}' LIMIT 1"); if ($query) { echo '<div class="notice">Message Sent.</div>'; $username = ''; $subject = ''; $message = ''; } else { echo '<div class="error">There was an error sending the message.</div>'; } } } if (isset($_GET['reply'])) { $id = (int) $_GET['reply'];
if ($price <= 0) { $errors[] = 'Price can not be negative.'; } $level = (int) $_POST['level']; if ($level <= 0 || $level > 100) { $errors[] = 'Level needs to be between 1 and 100.'; } $chance = (int) $_POST['chance']; if ($chance <= 0 || $chance > 100) { $errors[] = 'Chance needs to be between 1 and 100.'; } if (count($errors) >= 1) { echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>'; } else { echo '<div class="notice">The pokemon has been edited.</div>'; $name = cleanSql($name); setConfigValue('snow_machine_price', $price); setConfigValue('snow_machine_pokemon', $name); setConfigValue('snow_machine_chance', $chance); setConfigValue('snow_machine_pokemon_level', $level); $handle = fopen('edit_snow_machine_log.txt', 'a+'); fwrite($handle, "{$_SESSION['username']} edited the snow machine. Name: {$name}, Price: {$price}, Chance: {$chance}, Level: {$level}" . PHP_EOL); fclose($handle); } } $smPrice = getConfigValue('snow_machine_price'); $smPokemon = getConfigValue('snow_machine_pokemon'); $smChance = getConfigValue('snow_machine_chance'); $smPokemonLevel = getConfigValue('snow_machine_pokemon_level'); echo ' <form method="post">
if (isset($_POST["recaptcha_challenge_field"]) && isset($_POST["recaptcha_response_field"])) { $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $errors[] = $lang['register_captcha_wrong']; } } else { $errors[] = $lang['register_captcha_missing']; } $query = mysql_query("SELECT `id` FROM `users` WHERE `username`='{$sqlUsername}' LIMIT 3"); if (mysql_num_rows($query) == 3) { $errors[] = $lang['register_taken_username']; } if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') { $ip = cleanSql($_SERVER['HTTP_X_FORWARDED_FOR']); } else { $ip = cleanSql($_SERVER['REMOTE_ADDR']); } if (isset($_GET['ref'])) { $refId = (int) $_GET['ref']; $query = mysql_query("SELECT * FROM `users` WHERE `id`='{$refId}'"); $refRow = mysql_fetch_assoc($query); if ($refRow['ip'] == $ip) { $errors[] = $lang['register_match_ip']; } } $oneDayAgo = time() - 60 * 60 * 24; $query = mysql_query("SELECT `id` FROM `users` WHERE `ip`='{$ip}' AND `signup_date`>='{$oneDayAgo}' LIMIT 1"); if (mysql_num_rows($query) == 1) { $errors[] = $lang['register_already_ip']; } /* if(mysql_num_rows(mysql_query("SELECT id FROM users WHERE ip = '{$ip}'")) != 0) {
<a href="user_ip.php?ip=' . $userInfo['ip'] . '"> ' . $userInfo['ip'] . ' </a> </td> </tr> '; } echo ' </table> '; } // network $ipParts = explode('.', $ip); unset($ipParts[count($ipParts) - 1]); $newIp = implode('.', $ipParts); $newIpSql = cleanSql($newIp); $newIpHtml = cleanHtml($newIp . '.*'); $query = mysql_query("SELECT * FROM `users` WHERE `ip` LIKE '{$newIpSql}%' AND `ip`!='{$ipSql}' ORDER BY `ip` ASC LIMIT 50"); $numRows = mysql_num_rows($query); if ($numRows == 0) { echo ' <div class="error"> Could not find any users with the an ip address matching <strong>' . $newIpHtml . '</strong>! </div> '; } else { echo ' <br /> <table class="center pretty-table" style="width: 50%;"> <tr> <th colspan="3">Users with nearly the same IP</th>
<?php include 'config.php'; include 'functions.php'; if (!isLoggedIn()) { redirect('login.php'); } if (!isset($_GET['id'])) { redirect('membersarea.php'); } $pid = (int) $_GET['id']; $uid = (int) $_SESSION['userid']; $sqlUsername = cleanSql($_SESSION['username']); include '_header.php'; printHeader('Start An Auction'); $query = mysql_query("SELECT * FROM `user_pokemon` WHERE `id`='{$pid}' AND `uid`='{$uid}'"); if (mysql_num_rows($query) == 0) { echo '<div class="error">Not your pokemon!</div>'; include '_footer.php'; die; } $pokeRow = mysql_fetch_assoc($query); if (in_array($pokeRow['id'], getUserTeamIds($uid))) { echo '<div class="error">This pokemon is in your team,</div>'; include '_footer.php'; die; } if (isset($_POST['duration']) && in_array($_POST['duration'], range(0, 4))) { $costs = array('0' => 200, '1' => 1000, '2' => 5000, '3' => 10000, '4' => 15000); $cost = $costs[$_POST['duration']]; if (getUserMoney($uid) < $cost) {
function logActivity($message, $uid, $image = '') { $uid = (int) $uid; $message = cleanSql($message); $image = cleanSql($image); $time = time(); //mysql_query("INSERT INTO `activity` (`message`, `uid`, `time`, `image`) VALUES ('{$message}', '{$uid}', '{$time}', '{$image}')"); }
<?php include '../config.php'; include '../functions.php'; include '../_header.php'; printHeader('Top Individual Pokemon Ranking'); $name = cleanSql(trim($_GET['name'])); $query = mysql_query("SELECT `user_pokemon`.`id` AS `pid`, `user_pokemon`.`name`, `user_pokemon`.`level`, `user_pokemon`.`gender`, `users`.`username`, `users`.`id` AS `uid` FROM `user_pokemon`, `users` WHERE `user_pokemon`.`name`='{$name}' AND `user_pokemon`.`uid`=`users`.`id` ORDER BY `level` DESC LIMIT 100"); if (mysql_num_rows($query) == 0) { echo '<div class="error">Could not find any pokemon.</div>'; include '../_footer.php'; die; } $filename = '../images/pokemon/' . $name . '.png'; if (is_file($filename)) { echo '<img src="' . $filename . '" title="' . $name . '" alt="' . $name . '" />'; } echo ' <table class="pretty-table"> <tr> <th>Owner</th> <th>Name</th> <th>Level</th> <th>Gender</th> </tr> '; $genderArray = array('1' => 'Male', '2' => 'Female', '0' => 'Genderless'); while ($pokeArray = mysql_fetch_assoc($query)) { echo ' <tr> <td><a href="../profile.php?id=' . $pokeArray['uid'] . '">' . cleanHtml($pokeArray['username']) . '</td>
$errors[] = 'HP was invalid.'; } $speed = (int) $_POST['speed']; if ($speed < 1 || $speed > MAX_STAT) { $errors[] = 'Speed was invalid.'; } if (count($errors) >= 1) { echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>'; } else { $name = cleanSql($name); $type1 = cleanSql($type1); $type2 = cleanSql($type2); $move1Name = cleanSql($move1Name); $move2Name = cleanSql($move2Name); $move3Name = cleanSql($move3Name); $move4Name = cleanSql($move4Name); if (!isset($_GET['add'])) { mysql_query("\n\t\t UPDATE `pokedex` SET\n\t\t `name` = '{$name}',\n\t\t `num` = '{$num}',\n\t\t `attack` = '{$attack}',\n\t\t `spattack` = '{$spattack}',\n\t\t `def` = '{$defence}',\n\t\t `spdef` = '{$spdefence}',\n\t\t `hp` = '{$hp}',\n\t\t `speed` = '{$speed}',\n\t\t `type1` = '{$type1}',\n\t\t `type2` = '{$type2}',\n\t\t `move1` = '{$move1Name}',\n\t\t `move2` = '{$move2Name}',\n\t\t `move3` = '{$move3Name}',\n\t\t `move4` = '{$move4Name}'\n\t\t WHERE `id`='{$pid}' LIMIT 1\n\t\t"); echo '<div class="notice">The pokemon has been edited.</div>'; $query = mysql_query("SELECT * FROM `pokedex` WHERE `id`='{$pid}' LIMIT 1"); $pokeInfo = mysql_fetch_assoc($query); } else { mysql_query("\n\t\t INSERT INTO `pokedex` (\n\t\t\t `name`,\n\t\t\t `num`,\n\t\t\t `attack`,\n\t\t\t `spattack`,\n\t\t\t `def`,\n\t\t\t `spdef`,\n\t\t\t `hp`,\n\t\t\t `speed`,\n\t\t\t `type1`,\n\t\t\t `type2`,\n\t\t\t `move1`,\n\t\t\t `move2`,\n\t\t\t `move3`,\n\t\t\t `move4`\n\t\t ) VALUES (\n\t\t\t '{$name}',\n\t\t\t\t'{$num}',\n\t\t\t\t'{$attack}',\n\t\t\t\t'{$spattack}',\n\t\t\t\t'{$defence}',\n\t\t\t\t'{$spdefence}',\n\t\t\t\t'{$hp}',\n\t\t\t\t'{$speed}',\n\t\t\t\t'{$type1}',\n\t\t\t\t'{$type2}',\n\t\t\t\t'{$move1Name}',\n\t\t\t\t'{$move2Name}',\n\t\t\t\t'{$move3Name}',\n\t\t\t\t'{$move4Name}'\n\t\t )\n\t\t"); echo '<div class="notice">The pokemon has been added.</div>'; } } } echo ' <form method="post"> <table class="center pretty-table"> <tr>
$signature = $_POST['signature']; $banReason = $_POST['ban_reason']; $clanId = (int) $_POST['clan']; if ($clanId != 0) { $query = mysql_query("SELECT `id` FROM `clans` WHERE `id`='{$clanId}'"); if (mysql_num_rows($query) == 0) { $errors[] = 'Clan does not exist.'; } } if (count($errors) >= 1) { echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>'; } else { echo '<div class="notice">You have edited the user.</div>'; $email = cleanSql($email); $signature = cleanSql($signature); $banRason = cleanSql($banReason); mysql_query("\n UPDATE `users` SET\n `money` = '{$money}',\n `bank` = '{$bank}',\n `token` = '{$tokens}',\n `released` = '{$released}',\n `won` = '{$won}',\n `lost` = '{$lost}',\n `email` = '{$email}',\n `lottery` = '{$lottery}',\n `clan` = '{$clanId}',\n `clanxp` = '{$clanexp}',\n `rank` = '{$rank}',\n `userbar` = '{$userbar}',\n `signature` = '{$signature}',\n `banned` = '{$banned}',\n `premium` = '{$premium}',\n `ban_reason` = '{$banReason}'\n WHERE `id`='{$userid}'\n "); $query = mysql_query("SELECT * FROM `users` WHERE `id`='{$userid}' LIMIT 1"); $userInfo = mysql_fetch_assoc($query); $handle = fopen('edit_user_log.txt', 'a+'); fwrite($handle, "{$_SESSION['username']} edited the user with the id {$userid}" . PHP_EOL); fclose($handle); } } $userInfo = cleanHtml($userInfo); echo ' <form method="post" action="?id=' . $userInfo['id'] . '"> <table class="center pretty-table"> <tr> <th colspan="2">Edit User</th> </tr>
if (isset($_POST['submit'], $_POST['img_name'], $_POST['comment'])) { if ($_FILES['file']['error'] > 0) { // echo $_FILES["file"]["error"] . '<br />'; echo '<div class="error">There was an error!</div>'; } else { if ($_FILES['file']['size'] > 1048576) { echo '<div class="error">The file size it too large!</div>'; } else { $imageData = file_get_contents($_FILES['file']['tmp_name']); $im = imagecreatefromstring($imageData); if ($im == false) { echo '<div class="error">There was an error creating the image!</div>'; } else { $base64Image = cleanSql(base64_encode($imageData)); $imgName = cleanSql(trim(str_replace(array(chr(0), '<', '>', '.', '/', '\\'), '', $_POST['img_name']))); $comment = cleanSql($_POST['comment']); $uid = (int) $_SESSION['userid']; if (empty($imgName)) { echo '<div class="error">Image name was empty!</div>'; } else { mysql_query("\n\t\t\t\t\tINSERT INTO `new_images` (\n\t\t\t\t\t\t`uid`, `image_data`, `image_name`, `comment`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'{$uid}', '{$base64Image}', '{$imgName}', '{$comment}'\n\t\t\t\t\t)\n\t\t\t\t"); echo '<div class="notice">Image was submitted for admin approval!</div>'; } } } } } echo ' <form method="post" enctype="multipart/form-data"> <table class="pretty-table center"> <tr>
} include '_header.php'; printHeader('Change Attacks'); if (isset($_POST['sid'], $_POST['mid'])) { $sid = (int) $_POST['sid']; $mid = (int) $_POST['mid']; $query = mysql_query("SELECT * FROM `moves` WHERE `id`='{$mid}' LIMIT 1"); if (!in_array($sid, range(1, 4)) || mysql_num_rows($query) == 0) { echo '<div class="error">Something went wrong.</div>'; } else { $moveRow = mysql_fetch_assoc($query); $price = powerToPrice($moveRow['power']); if ($userMoney < $price) { echo '<div class="error">You do not have enough money.</div>'; } else { $sqlMoveName = cleanSql($moveRow['name']); mysql_query("UPDATE `user_pokemon` SET `move{$sid}`='{$sqlMoveName}' WHERE `id`='{$pid}' LIMIT 1"); mysql_query("UPDATE `users` SET `money`=`money`-{$price} WHERE `id`='{$uid}' LIMIT 1"); echo ' <div class="notice"> Your ' . $pokemon['name'] . ' forgot ' . $pokemon['move' . $sid] . ' and learned ' . $moveRow['name'] . '! </div> '; $pokemon['move' . $sid] = $moveRow['name']; $userMoney -= $price; } } } $query = mysql_query("SELECT * FROM `moves` ORDER BY `type` ASC, `power` DESC"); $allMoves = array(); // order the moves by type
<?php require_once 'functions.php'; require_once 'config.php'; include '_header.php'; if (isLoggedIn()) { redirect('index.php'); } if ($_POST['submit']) { $username = (string) $_POST['username']; $email = (string) $_POST['email']; $sqlUsername = cleanSql($username); $htmlUsername = cleanHtml($username); $sqlEmail = cleanSql($email); $htmlEmail = cleanHtml($email); if ($username && $email) { $passwordlenth = 25; $charset = 'abcdefghijklmnoprstovwxy1234567890'; for ($x = 1; $x <= $passwordlenth; $x++) { $rand = rand() % strlen($charset); $temp = substr($charset, $rand, 1); $key .= $temp; } //$key_sha1 = sha1($key); $query = mysql_query("\n\t\t\tSELECT * \n\t\t\tFROM `users`\n\t\t\tWHERE `username` = '{$sqlUsername}'\n\t\t\tAND `email` = '{$sqlEmail}'\n\t\t") or die(mysql_error()); $row = mysql_num_rows($query); if ($row != 0) { $update = mysql_query("\n\t\t\t\tUPDATE `users`\n\t\t\t\tSET `reset_key` = '{$key}'\n\t\t\t\tWHERE `email` = '{$sqlEmail}'\n\t\t\t"); //Send e-mail $to = $email; $subject = 'Reset Password';
// why is this here? i can not see anywhere where it is used! // also mysql_select_db should be mysql_fetch_assoc ;-) // - asdd // $user = cleanSql($_SESSION['username']); $info = mysql_select_db(mysql_query("SELECT * FROM `users` WHERE `username` = '$user'")); $user = $info['username']; $userid = $info['id']; $password2 = $info['password']; */ ?> <center> <?php if (isset($_POST['update'], $_POST['avatar'])) { $avatar = cleanSql('http://pkmnhelios.net/' . $_POST['avatar']); $update = mysql_query("UPDATE `users` SET `avatar`= '{$avatar}' WHERE `id`='{$uid}'"); echo "Your avatar was updated succesfully"; } ?> <form method=post> Choose your avatar <br><?php echo '<img id=avatarchange src=images/trainers/000.png />'; ?> <?php echo '<select name=avatar id= Avatar onChange=changeAvi()>'; $sql6 = mysql_query("SELECT * FROM avatars"); while ($row6 = mysql_fetch_array($sql6)) { echo "<option value='" . $row6['Image'] . "'>" . $row6['Name'] . "</option>"; }
} } $newCat = (bool) $_POST['newCat'][$pnum]; $catName = $newCat == true ? $_POST['newCatName'][$pnum] : $_POST['oldCatName'][$pnum]; $catName = preg_replace('/[^A-Za-z0-9]/', '', $catName); if ($catName == '') { $errors[] = 'Category name can not be empty.'; } if (count($errors) >= 1) { // we don't actually use the $errors array... // echo '<div class="error">'.implode('</div><div class="error">', $errors).'</div>'; $errorPokeIds[] = $pid; } else { $name = cleanSql($name); $price = cleanSql($price); $catName = cleanSql($catName); mysql_query("UPDATE `shop_pokemon` SET `name`='{$name}', `price`='{$price}', `category`='{$catName}' WHERE `id`='{$pid}'") or die(mysql_error()); } } } if (!empty($errorPokeIds)) { echo ' <div class="error"> Could not update all of the pokemon! <div class="small">Please check the pokemon below.</div> </div> '; } else { if (isset($_POST['save']) && empty($errorPokeIds)) { echo ' <div class="notice">
<img src="images/pokemon/' . $p_class->name . '.png>" </td> <td>Evolves into<br><br><b>Requirements:</b><br>Level: <b>' . $p_class->level . '</b><br>Item: </td> <td> <div><b>' . $p_class->evolution . '</b></div> <img src="images/pokemon/' . $p_class->evolution . '.png"> </td> </tr> </table> </center>'; // asdd stuff // rarity list // added 5/26/2013 $name = cleanSql($p_class->name); $query = mysql_query("SELECT `name`, `gender`, count(`id`) as amount FROM `user_pokemon` WHERE `name` LIKE '%{$name}%' GROUP BY `name`, `gender`"); $pokeArray = array(); $genderArray = array('0' => 'genderless', '1' => 'male', '2' => 'female'); while ($r = mysql_fetch_assoc($query)) { $pokeArray[$r['name']][$genderArray[$r['gender']]] = $r['amount']; } echo ' <br /> <table class="pretty-table"> <tr> <th>Name</th> <th>Male</th> <th>Female</th> <th>Genderless</th> </tr>
if (mysql_num_rows($query) == 0) { redirect('view_box.php'); } $boxUsername = mysql_fetch_assoc($query); $boxUsername = $boxUsername['username']; include '_header.php'; $headerText = isset($_GET['id']) ? $boxUsername . 's Pokemon' : 'Your Pokemon'; printHeader($headerText); $sorts = array(1 => ' ORDER BY `name` ASC', 2 => ' ORDER BY `name` DESC', 3 => ' ORDER BY `exp` ASC', 4 => ' ORDER BY `exp` DESC'); $search = isset($_GET['search']) ? $_GET['search'] : ''; $sort = $_GET['sort']; $sortKey = isset($sort) && in_array($sort, array_keys($sorts)) ? $sort : 1; $orderSql = $sorts[$sortKey]; $searchSql = ''; if (!empty($search)) { $searchSqlSafe = cleanSql($search); $searchHtmlSafe = cleanHtml($search); $searchSql = " AND `name` LIKE '%{$searchSqlSafe}%' "; } $countQuery = mysql_query("SELECT `id` FROM `user_pokemon` WHERE `uid`='{$gid}' {$searchSql}"); $numRows = mysql_num_rows($countQuery); $pagination = new Pagination($numRows); if (!empty($search)) { $pagination->addQueryStringVar('search', $search); } if (isset($_GET['id'])) { $pagination->addQueryStringVar('id', (int) $_GET['id']); } if ($sortKey != 1) { $pagination->addQueryStringVar('sort', $sortKey); }
} if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) { $errors[] = 'The email you entered is not valid.'; } if (!in_array($sprite, range(1, 10))) { $sprite = 1; } if (count($errors) > 0) { $message = '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>'; } else { if (!empty($passwordNew)) { $newPasswordSql = !empty($passwordNew) ? " `password`='" . sha1($passwordNew) . "', " : ''; } $sqlAvatar = cleanSql($avatar); $sqlEmail = cleanSql($email); $sqlSig = cleanSql($signature); $sprite = (int) $sprite; $query = mysql_query("UPDATE `users` SET {$newPasswordSql} `email`='{$sqlEmail}', `avatar`='{$sqlAvatar}', `map_sprite`='{$sprite}', `signature`='{$sqlSig}' WHERE `id`='{$uid}'"); if ($query) { $message = '<div class="notice">Your profile has been edited.</div>'; } else { $message = '<div class="error">Something went wrong.</div>'; } } } $query = mysql_query("SELECT * FROM `users` WHERE `id`='{$uid}'"); $userRow = cleanHtml(mysql_fetch_assoc($query)); $cells = array(); for ($i = 1; $i <= 10; $i++) { $attr = $userRow['map_sprite'] == $i ? ' checked="checked" ' : ''; $cells[] = '
} $content = trim($_POST['content']); if (empty($content)) { $errors[] = 'Content can not be empty.'; } $sqlPoster = cleanSql($_POST['poster']); $query = mysql_query("SELECT * FROM `users` WHERE `username`='{$sqlPoster}' AND `admin`='1'"); if (mysql_num_rows($query) == 0) { $errors[] = 'Invalid poster.'; } if (count($errors) >= 1) { echo '<div class="error">' . implode('</div><div class="error">', $errors) . '</div>'; } else { echo '<div class="notice">The news has been edited!</div>'; $sqlTitle = cleanSql($title); $sqlContent = cleanSql($content); $time = time(); mysql_query("UPDATE `news` SET `title`='{$sqlTitle}', `news`='{$sqlContent}', `bywho`='{$sqlPoster}', `date`='{$time}' WHERE `id`='5033'"); } } $query = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT 1"); $row = mysql_fetch_assoc($query); $row = cleanHtml($row); echo ' <form method="post"> <table class="pretty-table center"> <tr> <th colspan="2">Edit News</th> </tr> <tr> <td>Title:</td>
if (trim($name) == '') { $deletedPokemon = true; mysql_query("DELETE FROM `token_shop_pokemon` WHERE `id`='{$pid}' LIMIT 1"); continue; } else { if (!file_exists('../images/pokemon/' . $name . '.png')) { $errors[] = 'Could not find a picture for that pokemon.'; } } if (count($errors) >= 1) { // we don't actually use the $errors array... // echo '<div class="error">'.implode('</div><div class="error">', $errors).'</div>'; $errorPokeIds[] = $pid; } else { $name = cleanSql($name); $price = cleanSql($price); mysql_query("UPDATE `token_shop_pokemon` SET `name`='{$name}', `price`='{$price}' WHERE `id`='{$pid}'") or die(mysql_error()); } } } if (!empty($errorPokeIds)) { echo ' <div class="error"> Could not update all of the pokemon! <div class="small">Please check the pokemon below.</div> </div> '; } else { if (isset($_POST['save']) && empty($errorPokeIds)) { echo ' <div class="notice">