$q4 = mysql_real_escape_String($q4);
$q5 = mysql_real_escape_String($q5);
$q6 = mysql_real_escape_String($q6);
$qtotal = mysql_real_escape_String($qtotal);
$f1 = mysql_real_escape_String($f1);
$f2 = mysql_real_escape_String($f2);
$f3 = mysql_real_escape_String($f3);
$f4 = mysql_real_escape_String($f4);
$f5 = mysql_real_escape_String($f5);
$f6 = mysql_real_escape_String($f6);
$f7 = mysql_real_escape_String($f7);
$f8 = mysql_real_escape_String($f8);
$f9 = mysql_real_escape_String($f9);
$final = mysql_real_escape_String($final);
$notes = mysql_real_escape_String($notes);
$position = mysql_real_escape_String($position);
// Insert into DB
$sql = "INSERT INTO scorepr VALUES ('','{$shoot}','{$competitor}','{$q1}','{$q2}','{$q3}','{$q4}','{$q5}','{$q6}','{$qtotal}','{$f1}','{$f2}','{$f3}','{$f4}','{$f5}','{$f6}','{$f7}','{$f8}','{$f9}','{$final}','{$notes}','{$position}');";
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
} else {
$success = "<p>The score was added successfully!</p>";
/*header ("Location: addscoreform.php"); */
}
// Close connection
mysql_close($con);
}
}
?>
<!doctype html>
<!--[if lte IE 8]><html class="no-js lt-ie9" lang="en" ><![endif]-->
<?php
include '../scripts/conn.php';
$shootevent = $_POST["shootevent"];
$shoottype = $_POST["shoottype"];
$shootdate = $_POST["shootdate"];
$shootevent = mysql_real_escape_String($shootevent);
$shoottype = mysql_real_escape_String($shoottype);
$shootdate = mysql_real_escape_String($shootdate);
$sql = "INSERT INTO shoot (eventID, type, date)\nVALUES\n('{$shootevent}','{$shoottype}','{$shootdate}');";
$result = mysql_query($sql) or die(mysql_error());
header("Location: addscoreform.php");
<?php
if (!empty($_POST['keyword'])) {
$keyword = mysql_real_escape_String($_POST['keyword']);
$max = $gamesonpage;
if (!isset($_GET['page'])) {
$show = '1';
} else {
$show = clean($_GET['page']);
}
$limits = ($show - 1) * $max;
//$r = $db->query(sprintf('SELECT * FROM fas_games WHERE `active`="1" && name LIKE "%$keyword%" LIMIT '.$limits.','.$max.' '));
$r = mysql_query("SELECT * FROM fas_games WHERE `active`='1' && name LIKE '%{$keyword}%'") or die(mysql_error());
$totalres = mysql_result($db->query('SELECT COUNT(ID) AS total FROM fas_games WHERE `active`="1" && name LIKE "%$keyword%"'), 0);
$totalpages = ceil($totalres / $max);
echo '<div class="header2">Search results for "' . $keyword . '"</div>';
$count = 0;
echo '<div class="content2">';
while ($in = $db->fetch_row($r)) {
$gamename = preg_replace('#\\W#', '', $in['name']);
if ($seo_on == 1) {
$playlink = '' . $domain . '/play/' . $in['ID'] . '-' . $gamename . '.html';
} else {
$playlink = '' . $domain . '/index.php?action=play&ID=' . $in['ID'] . '';
}
if ($count % 2 == 0) {
echo '<div class="home_category">
<div class="home_img">
<a href="' . $playlink . '">';
if ($in['type'] == 1) {
echo '<img src="' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '" alt="' . $gamename . '" class="home_img" />';
<?php
include '../scripts/conn.php';
$eventmeeting = $_POST["eventmeeting"];
$eventname = $_POST["eventname"];
$eventdiscipline = $_POST["eventdiscipline"];
$gender = $_POST["gender"];
$entrants = $_POST["entrants"];
$eventmeeting = mysql_real_escape_String($eventmeeting);
$eventname = mysql_real_escape_String($eventname);
$eventdiscipline = mysql_real_escape_String($eventdiscipline);
$gender = mysql_real_escape_String($gender);
$entrants = mysql_real_escape_String($entrants);
$sql = "INSERT INTO event (meetingID, eventname, entrants, disciplineID, gender)\nVALUES\n('{$eventmeeting}','{$eventname}','{$entrants}','{$eventdiscipline}','{$gender}');";
$result = mysql_query($sql) or die(mysql_error());
header("Location: addshootform.php");
setcookie("session", "", time() - 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", true);
setcookie("email", "", time() - 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", true);
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
//Check code
$res = @mysql_query('SELECT * FROM Authors WHERE Email=\'' . mysql_real_escape_String($email) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>');
$row = mysql_fetch_assoc($res);
if ($row) {
if ($code !== null && $row['VerifyCode'] === $code) {
//We have a valid code, set session
$session = sha1($email . $code . rand() . time());
$res = @mysql_query('UPDATE Authors
SET VerifyCode=NULL, Session=\'' . mysql_real_escape_String($session) . '\'
WHERE Email=\'' . mysql_real_escape_String($email) . '\'
AND VerifyCode=\'' . mysql_real_escape_String($code) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>');
if (!$res) {
die('<div class="commentError">Failed to update session</div>');
}
$url = parse_url(service_url);
setcookie("session", $session, time() + 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", true);
//Allow javascript to access this cookie
setcookie("email", $email, time() + 3600 * 365, $url['path'], $url['host'], $url['scheme'] === "https", false);
header('Location: ' . service_url . '/dashboard/');
return;
}
}
?>
<html>
<head>
<meta charset="UTF-8" />
<?php
include '../scripts/conn.php';
$compfore = $_POST["compfore"];
$compsur = $_POST["compsur"];
$gender = $_POST["gender"];
$birthday = $_POST["birthday"];
$nationality = $_POST["nationality"];
$compfore = mysql_real_escape_String($compfore);
$compsur = mysql_real_escape_String($compsur);
$gender = mysql_real_escape_String($gender);
$birthday = mysql_real_escape_String($birthday);
$nationality = mysql_real_escape_String($nationality);
$sql = "INSERT INTO competitor (forename, surname, gender, birthday, nationality)\nVALUES\n('{$compfore}','{$compsur}','{$gender}','{$birthday}','{$nationality}');";
$result = mysql_query($sql) or die(mysql_error());
header("Location: addcompform.html");
<?php
include '../scripts/conn.php';
$meetingname = $_POST["meetingname"];
$meetingyear = $_POST["meetingyear"];
$meetingname = mysql_real_escape_String($meetingname);
$meetingyear = mysql_real_escape_String($meetingyear);
$sql = "INSERT INTO meeting (meetingname, year)\nVALUES\n('{$meetingname}','{$meetingyear}');";
$result = mysql_query($sql) or die(mysql_error());
header("Location: addeventform.php");
function writebody()
{
global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $ads1, $ads2, $ads3, $bannersleft, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid, $showpages;
if (!empty($_POST['keyword'])) {
$keyword = mysql_real_escape_String($_POST['keyword']);
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">';
$max = $gamesonpage;
if (!isset($_GET['page'])) {
$show = '1';
} else {
$show = clean($_GET['page']);
}
$limits = ($show - 1) * $max;
$r = mysql_query("SELECT * FROM fas_games WHERE `active`='1' && name LIKE '%{$keyword}%'") or die(mysql_error());
$totalres = mysql_result($db->query('SELECT COUNT(ID) AS total FROM fas_games WHERE `active`="1" && name LIKE "%$keyword%"'), 0);
$totalpages = ceil($totalres / $max);
echo '<div class="content_nav">Search results for "' . $keyword . '"</div>';
$count = 0;
echo '<div class="content2">';
while ($in = $db->fetch_row($r)) {
$gamename = preg_replace('#\\W#', '-', $in['name']);
if ($seo_on == 1) {
$playlink = '' . $domain . '/play/' . $in['ID'] . '-' . $gamename . '.html';
} else {
$playlink = '' . $domain . '/index.php?action=play&ID=' . $in['ID'] . '';
}
echo '<div id="game_holder"><div align="center">
<a href="' . $playlink . '">';
if ($in['type'] == 1) {
echo '<img src="' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '" alt="' . $gamename . '" title="' . $gamename . '" width="90" height="90" class="game_img" />';
} else {
echo '<img src="' . $in['thumburl'] . '" alt="' . $gamename . '" title="' . $gamename . '" width="90" height="90" class="game_img" />';
}
echo '</a>';
echo '</div></div>';
$count++;
}
echo '</div><div style="clear:both"></div>
<div class="page-box">
' . $totalres . ' game(s) - Page ' . $show . ' of ' . $totalpages;
$pre = $show - '1';
$ne = $show + '1';
if ($seo_on == 1) {
$previous = '' . $domain . '/search/page' . $pre . '.html';
$next = '' . $domain . '/search/page' . $ne . '.html';
} else {
$previous = '' . $domain . '/index.php?action=search&page=' . $pre . '';
$next = '' . $domain . '/index.php?action=search&page=' . $ne . '';
}
if ($totalpages > '1') {
echo ' - ';
if ($show > '1') {
echo '<a href="' . $previous . '" class="page">Previous</a>';
}
for ($i = 1; $i <= $totalpages; $i++) {
if ($show - $i < '4' || $totalpages - $i < '7') {
if ($i - $show < '4' || $i < '8') {
if ($seo_on == 1) {
$urk = '' . $domain . '/search/page' . $i . '.html';
} else {
$urk = '' . $domain . '/index.php?action=search&page=' . $i . '';
}
if ($show == $i) {
echo '<a href="' . $urk . '" class="page-select">' . $i . '</a>';
} else {
echo '<a href="' . $urk . '" class="page">' . $i . '</a>';
}
}
}
}
if ($show < $totalpages) {
echo '<a href="' . $next . '" class="page">Next</a>';
}
}
echo '</div>
</div></div></div>';
} else {
if ($seo_on == 1) {
$su = '' . $domain . '/search/';
} else {
$su = '' . $domain . '/index.php?action=search';
}
echo '<div id="container">
<div id="content-container">
<div id="side">';
include "includes/blocks.php";
echo '</div>
<div id="content">
<div class="content_nav">Search</div>
<div style="clear:both"></div>';
echo '<form action=\'' . $su . '\' method=\'post\'>
<table align=\'center\' width="100%">
<tr>
<td class=\'content\'>Keyword(s):</td>
<td class=\'content\'><input type=\'text\' name=\'keyword\' size=\'45\' /></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Search\' /></td>
</tr>
</table>
</form>
</div></div></div>';
}
}
<?php
include 'conn.php';
$event = $_POST["event"];
$event = mysql_real_escape_String($event);
$sql = "SELECT shootID, name FROM shoot WHERE groupID = {$event}";
$event_res = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_array($event_res)) {
$shootid = $row["shootID"];
$name = $row["name"];
echo "<h3>{$name}</h3>";
$sql2 = "SELECT scoreprone.shootID, scoreprone.p1, scoreprone.p2, scoreprone.p3, scoreprone.p4, " . "scoreprone.p5, scoreprone.p6, scoreprone.total, scoreprone.penalties, scoreprone.rank, " . "scoreprone.notes, scoreprone.target, competitor.forename, competitor.surname, competitor.nationality " . "FROM scoreprone INNER JOIN competitor ON scoreprone.compID=competitor.compID WHERE scoreprone.shootID = {$shootid} ORDER BY scoreprone.rank";
$comp_res = mysql_query($sql2) or die(mysql_error());
echo "<table><tr><th>Rank</th><th>Name</th><th>Nationality</th><th>p1</th><th>p2</th><th>p3</th><th>p4</th><th>p5</th><th>p6</th>" . "<th>Total</th><th>Penalties</th><th>notes</th><th>target</th></tr>";
while ($row2 = mysql_fetch_array($comp_res)) {
$p1 = $row2["p1"];
$p2 = $row2["p2"];
$p3 = $row2["p3"];
$p4 = $row2["p4"];
$p5 = $row2["p5"];
$p6 = $row2["p6"];
$total = $row2["total"];
$pen = $row2["penalties"];
$rank = $row2["rank"];
$notes = $row2["notes"];
$target = $row2["target"];
$forename = $row2["forename"];
$surname = $row2["surname"];
$nation = $row2["nationality"];
echo "<tr><td>{$rank}</td><td>{$forename} {$surname}</td><td>{$nation}</td><td>{$p1}</td><td>{$p2}</td><td>{$p3}</td><td>{$p4}</td>" . "<td>{$p5}</td><td>{$p6}</td><td>{$total}</td>{$pen}</td><td>{$notes}</td><td>{$target}</td></tr>";
}
public function addLaboratoryTemplate($title, $template)
{
$con = mysql_connect($this->myHost, $this->username, $this->password);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db($this->database, $con);
$sql = "INSERT INTO labResultList (title,template)\nVALUES\n('" . mysql_real_escape_String($title) . "','" . mysql_real_escape_string($template) . "')";
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
}
echo "<script type='text/javascript' >";
echo "alert('{$title} is now Added in the list of Laboratory Result Format');";
echo "window.location='http://" . $this->getMyUrl() . "/COCONUT/Laboratory/resultList/addResultForm.php '";
echo "</script>";
mysql_close($con);
}
/spacer.gif" width=1 height=8 border=0><br>
<img src="<?php
echo IMAGE_PATH;
?>
/downarrow.gif" width=9 height=6 class="imageformat"><b> <?php
echo $hostgroup;
?>
</b><p>
<?php
} else {
echo "<p>";
}
?>
<?php
if (isset($_GET['hostgroup'])) {
$table = new Table(array(new TableColumn("host", "Host", "width=41"), new TableColumn("freq", "Connects", "width=12&align=right"), new TableColumn("percent", "Percentage of Connects", "width=30&sort=no&type=bargraph"), new TableColumn("percent", "%", "width=12&sort=no&align=right&append=" . urlencode("%"))), "host", "freq", "host", true, 50);
if ($hostgroup == "(Unresolved IP Addresses)") {
$hostgroup = "";
}
$result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tCOUNT(*),\r\n\t\t\t\tCOUNT(DISTINCT ipAddress)\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t\tWHERE\r\n\t\t\t\thostgroup='" . mysql_real_escape_string($hostgroup) . "'\r\n\t\t");
list($totalconnects, $numitems) = $db->fetch_row($result);
$result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tIF(hostname='', ipAddress, hostname) AS host,\r\n\t\t\t\tCOUNT(hostname) AS freq,\r\n\t\t\t\t(COUNT(hostname) / {$totalconnects}) * 100 AS percent\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t\tWHERE\r\n\t\t\t\thostgroup='" . mysql_real_escape_String($hostgroup) . "'\r\n\t\t\tGROUP BY\r\n\t\t\t\thost\r\n\t\t\tORDER BY\r\n\t\t\t\t{$table->sort} {$table->sortorder},\r\n\t\t\t\t{$table->sort2} {$table->sortorder}\r\n\t\t\tLIMIT\r\n\t\t\t\t{$table->startitem},{$table->numperpage}\r\n\t\t");
$table->draw($result, $numitems, 95, "center");
} else {
$table = new Table(array(new TableColumn("hostgroup", "Host", "width=41&icon=server&link=" . urlencode("mode=admin&task=tools_ipstats&hostgroup=%k")), new TableColumn("freq", "Connects", "width=12&align=right"), new TableColumn("percent", "Percentage of Connects", "width=30&sort=no&type=bargraph"), new TableColumn("percent", "%", "width=12&sort=no&align=right&append=" . urlencode("%"))), "hostgroup", "freq", "hostgroup", true, 50);
$result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tCOUNT(*),\r\n\t\t\t\tCOUNT(DISTINCT hostgroup)\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t");
list($totalconnects, $numitems) = $db->fetch_row($result);
$result = $db->query("\r\n\t\t\tSELECT\r\n\t\t\t\tIF(hostgroup='', '(Unresolved IP Addresses)', hostgroup) AS hostgroup,\r\n\t\t\t\tCOUNT(hostgroup) AS freq,\r\n\t\t\t\t(COUNT(hostgroup) / {$totalconnects}) * 100 AS percent\r\n\t\t\tFROM\r\n\t\t\t\thlstats_Events_Connects\r\n\t\t\tGROUP BY\r\n\t\t\t\thostgroup\r\n\t\t\tORDER BY\r\n\t\t\t\t{$table->sort} {$table->sortorder},\r\n\t\t\t\t{$table->sort2} {$table->sortorder}\r\n\t\t\tLIMIT\r\n\t\t\t\t{$table->startitem},{$table->numperpage}\r\n\t\t");
$table->draw($result, $numitems, 95, "center");
}
private function processLogs()
{
if (isset($_SESSION['W3ELOGS'])) {
$_SESSION['W3ELOGS'] = array();
unset($_SESSION['W3ELOGS']);
}
$formElementsArr = array('W3EItems', 'view', 'filter', 'W3EVMID', 'W3EIP', 'W3ECLIENTIP', 'W3EAction', 'W3EDateFROM', 'W3EDateTO');
foreach ($formElementsArr as $element) {
if (!isset($element, $_POST)) {
$this->setErrors('Problem with filter form. Please go back to the Logs page and try again.', 'ERROR');
header('Location: ' . W3E_MOD_LINK . '&view=log');
exit;
}
}
//Items
$item = $this->getSettings('admin_logs_items_per_page');
$logsAdminArr = array(1, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100);
if (in_array($_POST['W3EItems'], $logsAdminArr)) {
$item = $_POST['W3EItems'];
}
//Service IP
$ip = mysql_real_escape_String(trim($_POST['W3EIP']));
//Client IP
$clientip = mysql_real_escape_String(trim($_POST['W3ECLIENTIP']));
//VMID
$vmid = trim($_POST['W3EVMID']);
if ($vmid != null) {
$vmidArr = explode(',', $vmid);
for ($i = 0; $i < count($vmidArr); $i++) {
$vmidArr[$i] = intval($vmidArr[$i]);
}
$vmid = implode(',', $vmidArr);
}
//By
$byclient = isset($_POST['W3EBYCLIENT']) ? true : false;
$byadmin = isset($_POST['W3EBYADMIN']) ? true : false;
//Action
$action = mysql_real_escape_string(trim($_POST['W3EAction']));
//Date
$fromDate = '0000-00-00';
if (preg_match('@^(\\d{2})\\/(\\d{2})\\/(\\d{4})$@', trim($_POST['W3EDateFROM']), $date1)) {
$fromDate = "{$date1[3]}-{$date1[2]}-{$date1[1]}";
}
$fromDate .= ' 00:00:00';
$toDate = strftime('%Y-%m-%d');
if (preg_match('@^(\\d{2})\\/(\\d{2})\\/(\\d{4})$@', trim($_POST['W3EDateTO']), $date1)) {
$toDate = "{$date1[3]}-{$date1[2]}-{$date1[1]}";
}
$toDate .= ' 23:59:59';
//Clients
if (isset($_POST['W3EClients'])) {
for ($i = 0; $i < count($_POST['W3EClients']); $i++) {
$_POST['W3EClients'][$i] = intval($_POST['W3EClients'][$i]);
}
$client = implode(',', $_POST['W3EClients']);
} else {
$client = null;
}
//Products
if (isset($_POST['W3EProducts'])) {
for ($i = 0; $i < count($_POST['W3EProducts']); $i++) {
$_POST['W3EProducts'][$i] = intval($_POST['W3EProducts'][$i]);
}
$product = implode(',', $_POST['W3EProducts']);
} else {
$product = null;
}
//Servers
if (isset($_POST['W3EServers'])) {
for ($i = 0; $i < count($_POST['W3EServers']); $i++) {
$_POST['W3EServers'][$i] = intval($_POST['W3EServers'][$i]);
}
$server = implode(',', $_POST['W3EServers']);
} else {
$server = null;
}
$fields = "mod_w3esxi.vmid,mod_w3esxi.id w3eid,\r\nmod_w3esxi_logs.date_logged,mod_w3esxi_logs.client_ip,mod_w3esxi_logs.user_agent,mod_w3esxi_logs.command_by,mod_w3esxi_logs.action,\r\ntblclients.firstname,tblclients.lastname,tblclients.id clientid,\r\ntblhosting.dedicatedip,tblhosting.id serviceid,\r\ntblproducts.name productname,tblproducts.configoption1 os,configoption2 otheros,tblproducts.id pid,\r\ntblservers.id serverid,tblservers.name servername,tblservers.ipaddress\r\n";
$query = "\r\nSELECT\r\n{W3E_FIELDS}\r\nFROM mod_w3esxi,tblclients,tblservers,tblhosting,tblproducts,mod_w3esxi_logs\r\nWHERE\r\nmod_w3esxi.id = mod_w3esxi_logs.w3e_id\r\nAND\r\ntblclients.id = tblhosting.userid\r\nAND\r\ntblhosting.id = mod_w3esxi_logs.serviceid\r\nAND\r\ntblproducts.id = tblhosting.packageid\r\nAND\r\ntblservers.id = tblhosting.server\r\n";
if ($client != null) {
$query .= "\r\nAND\r\ntblclients.id IN ({$client}) ";
}
if ($server != null) {
$query .= "\r\nAND\r\ntblservers.id IN ({$server}) ";
}
if ($product != null) {
$query .= "\r\nAND\r\ntblproducts.id IN ({$product}) ";
}
if ($vmid != null) {
$query .= "\r\nAND\r\nmod_w3esxi.vmid IN ({$vmid}) ";
}
if ($ip != null) {
$query .= " AND tblhosting.dedicatedip = '{$ip}' ";
}
if ($clientip != null) {
$query .= " AND mod_w3esxi_logs.client_ip = '{$clientip}' ";
}
if ($action != 'all') {
$query .= " AND mod_w3esxi_logs.action = '{$action}' ";
}
$byArr = null;
if ($byclient) {
$byArr[] = "'client'";
}
if ($byadmin) {
$byArr[] = "'admin'";
}
if (count($byArr) > 0) {
$by = implode(',', $byArr);
$query .= " AND mod_w3esxi_logs.command_by IN ({$by})";
}
$query .= " AND mod_w3esxi_logs.date_logged BETWEEN '{$fromDate}' AND '{$toDate}' ";
$query .= ' ORDER BY mod_w3esxi_logs.date_logged DESC ';
$_SESSION['W3ELOGS'] = array();
$_SESSION['W3ELOGS']['query'] = str_replace('{W3E_FIELDS}', $fields, $query);
$_SESSION['W3ELOGS']['pagination_query'] = str_replace('{W3E_FIELDS}', 'count(*) total', $query);
$_SESSION['W3ELOGS']['items'] = $item;
$html = $this->renderLogsTable();
$html .= $this->renderPagination('log');
return $html;
}
<?php
//DB connection
include 'conn.php';
$year = $_POST["year"];
$sel_champ = $_POST["sel_champ"];
$year = mysql_real_escape_String($year);
$sel_champ = mysql_real_escape_String($sel_champ);
$champs_sql = "SELECT `eventID`, `name` FROM `event` WHERE `year` = {$year}";
$champs_result = mysql_query($champs_sql);
while ($row = mysql_fetch_array($champs_result)) {
$champ_id = $row["eventID"];
$champ_name = $row["name"];
if ($sel_champ != "test") {
if ($champ_name == $sel_champ) {
echo "<input type=\"radio\" value=\"{$champ_id}\" name=\"champ\" checked=\"checked\" /><label>{$champ_name}</label>";
}
} else {
echo "<input type=\"radio\" value=\"{$champ_id}\" name=\"champ\" /><label>{$champ_name}</label>";
}
}
function GenerateAndSendVerificationCode($email, $url)
{
$code = substr(sha1(time() . rand() . $email . $_SERVER['REMOTE_ADDR']), 0, 10);
@mysql_query('REPLACE Authors SET Email=\'' . mysql_real_escape_String($email) . '\', VerifyDate=NOW(), VerifyCode=\'' . mysql_real_escape_String($code) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>');
//Email verification link
$mailed = mail($email, 'Verify your comment', 'To verify the comment you made on ' . $url . '
Click here to login and review your comments:
' . service_url . '/auth.php?email=' . urlencode($email) . '&code=' . $code, 'From: ' . service_email) or die('<div class="commentError">Failed to send verification email, try again</div>');
}
public function addLaboratoryTemplate($title, $template)
{
$con = mysql_connect($this->myHost, $this->username, $this->password);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db($this->database, $con);
$sql = "INSERT INTO labResultList (title,template)\nVALUES\n('" . mysql_real_escape_String($title) . "','" . mysql_real_escape_string($template) . "')";
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
}
/*
echo "<script type='text/javascript' >";
echo "alert('$description was Successfully Added to the List of Charges in $category');";
echo "window.location='http://".$this->getMyUrl()."/Maintenance/addCharges.php?module=$category&username=$username '";
echo "</script>";
*/
mysql_close($con);
}
function writebody()
{
global $db, $domain, $sitename, $cachelife, $template, $gamesfolder, $thumbsfolder, $limitboxgames, $seo_on, $blogentriesshown, $enabledcode_on, $comments_on, $directorypath, $autoapprovecomments, $gamesonpage, $abovegames, $belowgames, $showwebsitelimit, $supportemail, $showblog, $blogentriesshown, $blogcharactersshown, $blogcommentpermissions, $blogcommentsshown, $blogfollowtags, $blogcharactersrss, $usrdata, $userid;
if (isset($_POST['keyword'])) {
$keyword = mysql_real_escape_String($_POST['keyword']);
if ($seo_on == 1) {
$su = '' . $domain . '/search/';
} else {
$su = '' . $domain . '/index.php?action=search';
}
echo '<form action=\'' . $su . '\' method=\'POST\'>
<table align=\'center\'>
<tr>
<td>Keyword(s):</td>
<td><input type=\'text\' name=\'keyword\' size=\'45\' value=\'' . $keyword . '\'></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\'><input type=\'submit\' name=\'submit\' value=\'Search\'></td>
</tr>
</table>
</form> ';
$r = mysql_query("SELECT * FROM fas_games WHERE name LIKE '%{$keyword}%'") or die(mysql_error());
echo '<table width=\'100%\' border=\'0\' align=\'center\'>
<tr>
<td colspan=\'2\' class=\'header\'>Search Games - ' . $keyword . '</td>
</tr>';
$count = 0;
while ($in = $db->fetch_row($r)) {
$gamename = ereg_replace('[^A-Za-z0-9]', '-', $in['name']);
if ($seo_on == 1) {
$playlink = '' . $domain . '/play/' . $in['ID'] . '-' . $gamename . '.html';
} else {
$playlink = '' . $domain . '/index.php?action=play&ID=' . $in['ID'] . '';
}
if ($count % 2 == 0) {
echo '<tr>
<td width=\'50%\' valign=\'top\'>
<table width=\'100%\' border=\'0\'>
<tr>
<td valign=\'top\' colspan=\'2\' class=\'header\'><b>' . $in['name'] . '</b></td>
</tr>
<tr>
<td width=\'55\' height=\'55\' valign=\'top\' class=\'content\'>
<a href=\'' . $playlink . '\'>
';
if ($in['type'] == 1) {
echo ' <img src=\'' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '\' width=\'55\' width=\'55\' border=\'0\'>';
} else {
echo ' <img src=\'' . $in['thumburl'] . '\' width=\'55\' width=\'55\' border=\'0\'>';
}
echo ' </a>
</td>
<td valign=\'top\' class=\'content\'>' . browsedesclimit($in['description']) . '
<a href=\'' . $playlink . '\' class=\'playlink\'><b>Play</b></a></td>
</tr>
</table>
</td>
';
} else {
echo '
<td width=\'50%\' valign=\'top\'>
<table width=\'100%\' border=\'0\'>
<tr>
<td valign=\'top\' colspan=\'2\' class=\'header\'><b>' . $in['name'] . '</b></td>
</tr>
<tr>
<td width=\'55\' height=\'55\' valign=\'top\' class=\'content\'>
<a href=\'' . $playlink . '\'>
';
if ($in['type'] == 1) {
echo ' <img src=\'' . $domain . '/' . $thumbsfolder . '/' . $in['thumb'] . '\' width=\'55\' width=\'55\' border=\'0\'>';
} else {
echo ' <img src=\'' . $in['thumburl'] . '\' width=\'55\' width=\'55\' border=\'0\'>';
}
echo ' </a>
</td>
<td valign=\'top\' class=\'content\'>' . browsedesclimit($in['description']) . '
<a href=\'' . $playlink . '\' class=\'playlink\'><b>Play</b></a></td>
</tr>
</table>
</td>
</tr>';
}
$count++;
}
echo "</table>";
} else {
if ($seo_on == 1) {
$su = '' . $domain . '/search/';
} else {
$su = '' . $domain . '/index.php?action=search';
}
echo '<form action=\'' . $su . '\' method=\'POST\'>
<table align=\'center\'>
<tr>
<td colspan=\'4\' class=\'header\'>Search</td>
</tr>
<tr>
<td class=\'header\'>Keyword(s):</td>
<td class=\'content\'><input type=\'text\' name=\'keyword\' size=\'45\'></td>
</tr>
<tr>
<td colspan=\'2\' align=\'center\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Search\'></td>
</tr>
</table>
</form> ';
}
}
//Non verified comment
$res = @mysql_query('INSERT INTO Comments (SiteID, Page, PageUrl, CommentIP, CommentDate, CommentText, CommentEmail)
VALUES
(' . $sid . ',
\'' . mysql_real_escape_string($page) . '\',
\'' . mysql_real_escape_string($_SERVER['HTTP_REFERER']) . '\',
\'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\',
NOW(),
\'' . mysql_real_escape_string($commentText) . '\',
\'' . mysql_real_escape_string($commentEmail) . '\'
)') or die('<div class="commentError">' . mysql_error() . '</div>');
$id = mysql_insert_id();
if ($commentEmail) {
//Get Author
$verificationCode = TRUE;
$res = @mysql_query('SELECT * FROM Authors WHERE Email=\'' . mysql_real_escape_String($commentEmail) . '\'') or die('<div class="commentError">' . mysql_error() . '</div>');
$row = mysql_fetch_assoc($res);
if ($row) {
//Limit one verification email per day, unless already verified
if ($row['VerifyCode'] !== NULL) {
$vd = strtotime($row['VerifyDate']);
if ($vd < time() + 3600 * 24) {
echo '<div class="commentOk">Email verification already sent.</div>';
$verificationCode = FALSE;
}
}
}
//Create new VerifyCode
if ($verificationCode === TRUE) {
GenerateAndSendVerificationCode($commentEmail, $site['SiteUrl'] . $page);
}
