/* access check */
if (in_array("m_giveaward", $sessionAccess)) {
/* set the page class */
$pageClass = "admin";
$subMenuClass = "manage";
$query = FALSE;
$result = FALSE;
/* do some checking to make sure someone's not trying to do a SQL injection */
if (isset($_GET['crew']) && !is_numeric($_GET['crew'])) {
errorMessageIllegal("add award page");
exit;
} elseif (isset($_GET['crew']) && is_numeric($_GET['crew'])) {
$crew = $_GET['crew'];
}
if (isset($_GET['award']) && !is_numeric($_GET['award'])) {
errorMessageIllegal("add award page");
exit;
} elseif (isset($_GET['award']) && is_numeric($_GET['award'])) {
$award = $_GET['award'];
}
/* if an award key is in the URL */
if (isset($_POST['action_type']) && $_POST['action_type'] == "give") {
foreach ($_POST as $key => $value) {
${$key} = $value;
}
if (!is_numeric($action_crew)) {
$action_crew = NULL;
}
$pullAwards = "SELECT awards FROM sms_crew WHERE crewid = {$action_crew} LIMIT 1";
$pullAwardsResult = mysql_query($pullAwards);
$stringAwards = mysql_fetch_array($pullAwardsResult);
exit;
}
}
if (isset($_GET['delete'])) {
if (is_numeric($_GET['delete'])) {
$delete = $_GET['delete'];
} else {
errorMessageIllegal("add JP page");
exit;
}
}
if (isset($_GET['add'])) {
if (is_numeric($_GET['add'])) {
$add = $_GET['add'];
} else {
errorMessageIllegal("add JP page");
exit;
}
}
if (!isset($number)) {
$number = 2;
} elseif ($number > JP_AUTHORS) {
$number = JP_AUTHORS;
}
if (isset($_POST['action_x'])) {
$jpnumber = $_POST['jpNumber'];
for ($n = 1; $n <= $jpnumber; $n++) {
$authors[] = $_POST['author' . $n];
}
/* make a string of the authors */
$postAuthors = implode(',', $authors);
System Version: 2.6.8
Last Modified: 2009-01-09 0938 EST
**/
/* access check */
if (in_array("x_access", $sessionAccess)) {
/* set the page class and vars */
$pageClass = "admin";
$subMenuClass = "manage";
$result = NULL;
$updateAccess = NULL;
/* do some checking to make sure someone's not trying to do a SQL injection */
if (isset($_GET['crew'])) {
if (is_numeric($_GET['crew'])) {
$crew = $_GET['crew'];
} else {
errorMessageIllegal("access level page");
exit;
}
}
/* set the default tab */
if (isset($_GET['tab']) && is_numeric($_GET['tab'])) {
$tab = $_GET['tab'];
} else {
$tab = 1;
}
if (isset($_GET['set'])) {
$set = $_GET['set'];
} else {
$set = NULL;
}
/* if update has been hit, continue */
This is a necessary system file. Do not modify this page unless you are highly
knowledgeable as to the structure of the system. Modification of this file may
cause SMS to no longer function.
Author: David VanScott [ davidv@anodyne-productions.com ]
File: admin/user/bio.php
Purpose: Page to display the requested bio
System Version: 2.6.7
Last Modified: 2008-12-17 0814 EST
**/
/* do some checking to make sure someone's not trying to do a SQL injection */
if (isset($_GET['crew']) && is_numeric($_GET['crew'])) {
$crew = $_GET['crew'];
} else {
errorMessageIllegal("user bio page");
exit;
}
/* get the crew type */
$getCrewType = "SELECT crewType FROM sms_crew WHERE crewid = '{$crew}' LIMIT 1";
$getCrewTypeResult = mysql_query($getCrewType);
$getType = mysql_fetch_assoc($getCrewTypeResult);
/* access check */
if ($sessionCrewid == $crew || in_array("u_bio2", $sessionAccess) && $getType['crewType'] == "npc" || in_array("u_bio3", $sessionAccess)) {
/* set the page class */
$pageClass = "admin";
$subMenuClass = "user";
$result = FALSE;
$updateCrew = FALSE;
if (isset($_POST['action_x'])) {
$action = $_POST['action_x'];
System Version: 2.6.10
Last Modified: 2009-10-28 2213 EST
**/
/* access check */
if (in_array("u_inbox", $sessionAccess)) {
/* set the page class */
$pageClass = "admin";
$subMenuClass = "user";
$result = FALSE;
$query = FALSE;
if (isset($_GET['id'])) {
if (is_numeric($_GET['id'])) {
$id = $_GET['id'];
} else {
errorMessageIllegal("send private message page");
exit;
}
}
if (isset($_POST['action_x'])) {
$action = $_POST['action_x'];
}
if (isset($_POST['box'])) {
$box = $_POST['box'];
}
if (isset($_GET['tab']) && is_numeric($_GET['tab'])) {
$tab = $_GET['tab'];
} else {
$tab = 1;
}
if (isset($_POST['action_send_x'])) {
File: admin/user/message.php
Purpose: Page that views a given private message
System Version: 2.6.0
Last Modified: 2008-04-06 2223 EST
**/
/* access check */
if (in_array("u_inbox", $sessionAccess)) {
/* set the page class */
$pageClass = "admin";
$subMenuClass = "user";
if (isset($_GET['id'])) {
if (is_numeric($_GET['id'])) {
$message = $_GET['id'];
} else {
errorMessageIllegal("private message viewing page");
exit;
}
}
$getMessages = "SELECT * FROM sms_privatemessages WHERE pmid = {$message} LIMIT 1";
$getMessagesResult = mysql_query($getMessages);
/* loop through the results and fill the form */
while ($msgFetch = mysql_fetch_assoc($getMessagesResult)) {
extract($msgFetch, EXTR_OVERWRITE);
}
if ($sessionCrewid == $pmRecipient || $sessionCrewid == $pmAuthor) {
if ($pmStatus == "unread" && $sessionCrewid == $pmRecipient) {
/* if the PM status is unread, change it to read */
$updateStatus = "UPDATE sms_privatemessages SET pmStatus = 'read' ";
$updateStatus .= "WHERE pmid = {$message} LIMIT 1";
$updateStatusResult = mysql_query($updateStatus);
This is a necessary system file. Do not modify this page unless you are highly
knowledgeable as to the structure of the system. Modification of this file may
cause SMS to no longer function.
Author: David VanScott [ davidv@anodyne-productions.com ]
File: pages/bio.php
Purpose: Page to display the requested bio
System Version: 2.6.8
Last Modified: 2009-01-02 1548 EST
**/
/* define the page class and set the vars */
$pageClass = "personnel";
/* make sure the crew id is legit */
if (isset($_GET['crew']) && !is_numeric($_GET['crew'])) {
errorMessageIllegal("bio page");
exit;
} else {
$crew = $_GET['crew'];
}
/* pull in the menu */
if (isset($sessionCrewid)) {
include_once 'skins/' . $sessionDisplaySkin . '/menu.php';
} else {
include_once 'skins/' . $skin . '/menu.php';
}
/* set the rank variable */
if (isset($sessionCrewid)) {
$rankSet = $sessionDisplayRank;
} else {
$rankSet = $rankSet;
$subMenuClass = "manage";
$query = FALSE;
$result = FALSE;
if (isset($_GET['id'])) {
if (is_numeric($_GET['id'])) {
$id = $_GET['id'];
} else {
errorMessageIllegal("personal log editing page");
exit;
}
}
if (isset($_GET['remove'])) {
if (is_numeric($_GET['remove'])) {
$remove = $_GET['remove'];
} else {
errorMessageIllegal("personal log editing page");
exit;
}
}
if (isset($_POST['action_update_x'])) {
if (!in_array("m_logs2", $sessionAccess)) {
$update = "UPDATE sms_personallogs SET logTitle = %s, logContent = %s WHERE logid = {$id}";
$query = sprintf($update, escape_string($_POST['logTitle']), escape_string($_POST['logContent']));
} else {
$update = "UPDATE sms_personallogs SET logAuthor = %d, logTitle = %s, logContent = %s, logStatus = %s WHERE logid = {$id}";
$query = sprintf($update, escape_string($_POST['logAuthor']), escape_string($_POST['logTitle']), escape_string($_POST['logContent']), escape_string($_POST['logStatus']));
}
$result = mysql_query($query);
/* optimize the table */
optimizeSQLTable("sms_personallogs");
$action = "update";
Last Modified: 2008-08-16 1739 EST
**/
/* set the page class */
$pageClass = "admin";
$subMenuClass = "user";
$result = FALSE;
$updateAcct = FALSE;
/* set the POST action */
if (isset($_POST['action_x'])) {
$action = $_POST['action_x'];
}
/* make sure the CREW variable is a number */
if (isset($_GET['crew']) && is_numeric($_GET['crew'])) {
$crew = $_GET['crew'];
} else {
errorMessageIllegal("crew account page");
exit;
}
/* access check */
if ($sessionCrewid == $crew && in_array("u_account1", $sessionAccess) || in_array("u_account2", $sessionAccess)) {
if (isset($action)) {
/* pull the current password hash */
$getPassword = "******";
$getPasswordResult = mysql_query($getPassword);
$fetchPassword = mysql_fetch_array($getPasswordResult);
if (isset($_POST['currentPassword'])) {
if ($_POST['currentPassword'] == "") {
/*
if the current password is empty, check to make sure they're
not trying to update username, real name, or email, otherwise
run the update query
