function update_match_stats_entered($team_id1, $team_id2, $team1_points, $team2_points, $site, $connection)
{
// increase match count for teams that participated
$query = 'UPDATE `teams_profile` SET `num_matches_total`=`num_matches_total`+1';
$query .= ' WHERE (`teamid`=' . sqlSafeStringQuotes($team_id1) . ' OR `teamid`=' . sqlSafeStringQuotes($team_id2) . ')';
if (!($result = $site->execute_query('teams_overview', $query, $connection))) {
unlock_tables($site, $connection);
$site->dieAndEndPage('The match count for the teams with id' . sqlSafeString($team_id1) . ' and ' . sqlSafeString($team_id2) . ' could not be updated due to a sql problem!');
}
// mark both participating teams as active
$query = 'UPDATE `teams_overview` SET `deleted`=' . sqlSafeStringQuotes('1') . ' WHERE `teamid`=' . sqlSafeStringQuotes($team_id1) . ' OR `teamid`=' . sqlSafeStringQuotes($team_id2) . ' LIMIT 2';
if (!($result = @$site->execute_query('teams_overview', $query, $connection))) {
$site->dieAndEndPage('Could not mark team with id ' . sqlSafeString($teamid) . ' as active!');
}
// increase match win count for teams that participated
if ($team1_points > $team2_points) {
// team 1 won
$query = 'UPDATE `teams_profile` SET `num_matches_won`=`num_matches_won`+1';
$query .= ' WHERE `teamid`=' . sqlSafeStringQuotes($team_id1);
if (!($result = $site->execute_query('teams_profile', $query, $connection))) {
unlock_tables($site, $connection);
$site->dieAndEndPage('The match win count for team ' . sqlSafeString($team_id1) . ' could not be updated due to a sql problem!');
}
// team 2 lost
$query = 'UPDATE `teams_profile` SET `num_matches_lost`=`num_matches_lost`+1';
$query .= ' WHERE `teamid`=' . sqlSafeStringQuotes($team_id2);
if (!($result = $site->execute_query('teams_profile', $query, $connection))) {
unlock_tables($site, $connection);
$site->dieAndEndPage('The match lose count for team ' . sqlSafeString($team_id2) . ' could not be updated due to a sql problem!');
}
}
if ($team1_points < $team2_points) {
// team 2 won
$query = 'UPDATE `teams_profile` SET `num_matches_won`=`num_matches_won`+1';
$query .= ' WHERE `teamid`=' . sqlSafeStringQuotes($team_id2);
if (!($result = $site->execute_query('teams_profile', $query, $connection))) {
unlock_tables($site, $connection);
$site->dieAndEndPage('The match win count for team ' . sqlSafeString($team_id2) . ' could not be updated due to a sql problem!');
}
// team 1 lost
$query = 'UPDATE `teams_profile` SET `num_matches_lost`=`num_matches_lost`+1';
$query .= ' WHERE `teamid`=' . sqlSafeStringQuotes($team_id1);
if (!($result = $site->execute_query('teams_profile', $query, $connection))) {
unlock_tables($site, $connection);
$site->dieAndEndPage('The match lose count for team ' . sqlSafeString($team_id1) . ' could not be updated due to a sql problem!');
}
}
// match entered ended in a draw
if ((int) $team1_points === (int) $team2_points) {
$query = 'UPDATE `teams_profile` SET `num_matches_draw`=`num_matches_draw`+1';
$query .= ' WHERE (`teamid`=' . sqlSafeStringQuotes($team_id1) . ' OR `teamid`=' . sqlSafeStringQuotes($team_id2) . ')';
if (!($result = $site->execute_query('teams_profile', $query, $connection))) {
unlock_tables($site, $connection);
$site->dieAndEndPage('The match draw count for the teams with id' . sqlSafeString($team_id1) . ' and ' . sqlSafeString($team_id2) . ' could not be updated due to a sql problem!');
}
}
}
<?php
// this is plain text!
header('Content-Type: text/plain');
require realpath('../CMS/siteinfo.php');
$site = new siteinfo();
$connection = $site->connect_to_db();
// display teams
$query = 'SELECT `teams`.`id`,`teams`.`name` FROM `teams`,`teams_overview`' . ' WHERE `teams_overview`.`teamid`=`teams`.`id` AND `teams_overview`.`deleted`<>' . sqlSafeStringQuotes(2);
if (!($result = @$site->execute_silent_query('teams,teams_overview', $query, $connection))) {
$site->dieAndEndPage('It seems like the team profile can not be accessed for an unknown reason.');
}
while ($row = mysql_fetch_array($result)) {
echo 'TE: ' . $row['id'] . ', ' . htmlent_decode($row['name']) . "\n";
}
mysql_free_result($result);
$query = 'SELECT `id`,`teamid`,`name` FROM `users`' . ' WHERE `users`.`status`=' . sqlSafeStringQuotes('active');
if (!($result = @$site->execute_silent_query('users', $query, $connection))) {
$site->dieAndEndPage('It seems like the player profile can not be accessed for an unknown reason.');
}
while ($row = mysql_fetch_array($result)) {
echo 'PL: ' . $row['teamid'] . ', ' . $row['id'] . ', ' . htmlent_decode($row['name']) . "\n";
}
mysql_free_result($result);
// done with outputting stats
// the rest of the needed data
$query .= ',`matches`.`team1_points`,`matches`.`team2_points`,`matches`.`userid`';
$query .= ',`users`.`name` AS `playername`,`matches`.`id`, `matches`.`duration`';
// the tables in question
$query .= ' FROM `matches`,`users` WHERE `users`.`id`=`matches`.`userid`';
if (isset($_GET['search'])) {
// Every derived table must have its own alias
$query .= ') AS `t1`';
// now do the search thing
if ($search_team) {
// team name search
$query .= 'WHERE `team1_name` LIKE ' . sqlSafeStringQuotes($search_expression);
$query .= ' OR `team2_name` LIKE ' . sqlSafeStringQuotes($search_expression);
} else {
// timestamp search
$query .= 'WHERE `timestamp` LIKE ' . sqlSafeStringQuotes($search_expression . '%');
}
}
// newest matches first please
$query .= ' ORDER BY `timestamp` DESC ';
// limit the output to the requested rows to speed up displaying
$query .= 'LIMIT ';
$view_range = (int) 0;
// the "LIMIT 0,200" part of query means only the first 200 entries are received
// the range of shown matches is set by the GET variable i
if (isset($_GET['i'])) {
if ((int) $_GET['i'] > 0) {
$view_range = (int) $_GET['i'];
$query .= $view_range . ',';
} else {
// force write 0 for value 0 (speed saving due to no casting to string)
function import_bans()
{
global $site;
global $connection;
$query = 'SELECT `id`, `raw_announcement` from `bans`';
if (!($result = @$site->execute_query($db_to_be_imported, 'bans', $query, $connection))) {
// query was bad, error message was already given in $site->execute_query(...)
$site->dieAndEndPage('');
}
while ($row = mysql_fetch_array($result)) {
// skip empty entries
if (!(strcmp($row['raw_announcement'], '') === 0)) {
$query = 'UPDATE `bans` SET `announcement`=' . sqlSafeStringQuotes($site->bbcode($row['raw_announcement'])) . ' WHERE `id`=' . sqlSafeStringQuotes($row['id']) . ' LIMIT 1';
// execute query, ignore result
@$site->execute_query('news', $query, $connection);
}
}
}
function query_servers()
{
global $site;
global $connection;
$query = 'SELECT `id`, `servername`, `serveraddress` FROM `servertracker`' . ' ORDER BY `id`';
if (!($result = $site->execute_query('servertracker', $query, $connection))) {
die('Could not find out servername and serveraddress to be updated.');
}
// need to include game specific backend
include dirname(dirname(dirname(__FILE__))) . "/Servertracker/bzfquery.php";
// update each entry
while ($row = mysql_fetch_array($result)) {
// get raw query result
$data = bzfquery($row['serveraddress']);
// build the query with the result
if (isset($data['numPlayers'])) {
$query = 'UPDATE `servertracker` SET' . ' `cur_players_total`=' . sqlSafeStringQuotes($data['numPlayers']) . ' WHERE `id`=' . sqlSafeStringQuotes($row['id']) . ' LIMIT 1';
// execute the update query
$site->execute_query('servertracker', $query, $connection);
}
}
mysql_free_result($result);
// $query = 'UPDATE `misc_data` SET `last_servertracker_query`=' . sqlSafeStringQuotes($current_time);
// if (!($result = @$site->execute_query('misc_data', $query, $connection)))
// {
// die('Could not set newest last_servertracker_query value.');
// }
}
function hasUnreadMail()
{
global $connection;
require_once dirname(__FILE__) . '/permissions.php';
$unread_messages = false;
// set the date and time
date_default_timezone_set($this->used_timezone());
// remove expired sessions from the list of online users
$query = 'SELECT `userid`, `last_activity` FROM `online_users`';
$result = $this->execute_silent_query('online_users', $query, $connection, __FILE__, 'Could not get list of online users from database');
if ((int) mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_array($result)) {
$saved_timestamp = $row['last_activity'];
$old_timestamp = strtotime($saved_timestamp);
$now = (int) strtotime("now");
// is entry more than two hours old? (60*60*2)
// FIXME: would need to set session expiration date directly inside code
// FIXME: and not in the webserver setting
if ($now - $old_timestamp > 60 * 60 * 2) {
$query = 'DELETE LOW_PRIORITY FROM `online_users` WHERE `last_activity`=';
$query .= sqlSafeStringQuotes($saved_timestamp);
if (!($result_delete = $this->execute_silent_query('online_users', $query, $connection))) {
$site->dieAndEndPage('<p>Could delete old online users from database.</p>');
}
}
}
}
mysql_free_result($result);
// update activity data
$logged_in = true;
if (getUserID() > 0) {
// the execution of the query is not that time critical and it happens often -> LOW_PRIORITY
$query = 'UPDATE LOW_PRIORITY `online_users` SET `last_activity`=';
$query .= sqlSafeStringQuotes(date('Y-m-d H:i:s')) . ' WHERE `userid`=' . sqlSafeStringQuotes(getUserID());
@mysql_select_db($this->db_used_name(), $connection);
@mysql_query($query, $connection);
// are there unread messages?
// are there unread messages?
$query = 'SELECT `id` FROM `messages_users_connection` WHERE `msg_status`=' . sqlSafeStringQuotes('new') . ' AND `userid`=' . sqlSafeStringQuotes(getUserID()) . ' LIMIT 1';
$result = @mysql_query($query, $connection);
$rows = (int) @mysql_num_rows($result);
if ($rows > 0) {
$unread_messages = true;
}
mysql_free_result($result);
}
echo 'test';
return $unread_messages;
}
function formatbzfquery_last($server, $connection)
{
global $site;
global $connection;
global $use_internal_db;
if ($use_internal_db) {
@(!mysql_select_db($site->db_used_name(), $connection));
} else {
if (@(!mysql_select_db("playerlist", $connection))) {
@mysql_close($connection);
unset($connection);
}
}
if (isset($_GET['server'])) {
echo '<p>' . $server . '</p>' . "\n";
} else {
echo '<p><a href="?server=' . urlencode($server) . '">' . $server . '</a></p>' . "\n";
}
// Query the server
if (!function_exists('pcntl_fork')) {
ob_start();
}
$data = bzfquery($server);
$ausgabe = '';
if (!function_exists('pcntl_fork')) {
$ausgabe .= ob_get_contents();
ob_end_clean();
}
if (!isset($data['player'])) {
if (!isset($data['protocol'])) {
echo '<p>' . KEINEVERBINDUNG . ' ';
if (!strcmp($ausgabe, '') == 0) {
echo GEMELDETERFEHLER . $ausgabe . '.';
}
echo '</p>' . "\n";
} else {
echo '<p>' . KEINESPIELER . '</p>' . "\n";
}
} else {
$zaehler = $data['maxTime'] - $data['timeElapsed'];
if ($zaehler > 0) {
echo '<p class="zaehler">' . ZAEHLER . '<span class="zaehler">' . round($zaehler / 60, 2) . VON . round($data['maxTime'] / 60, 2) . '</span>' . RESTZEIT . '</p>' . "\n";
}
// Display the server info
$teamName = array(0 => "schurke", 1 => "rot", 2 => "gruen", 3 => "blau", 4 => "violett", 5 => "zuschauer", 6 => "hase");
$teamColour = array(0 => "yellow", 1 => "red", 2 => "green", 3 => "blue", 4 => "purple", 5 => "gray", 6 => "orange");
usort($data['player'], "cmp");
// echo 'count punkte:!' . print_r($data['player']['0']['team']);
if (isset($data['player']['0']['team']) && !(strcmp($data['player']['0']['team'], '5') === 0)) {
echo '<table class="punkte">' . "\n";
echo ' <tbody>' . "\n";
while (list($key, $val) = each($data['team'])) {
if ($data['team'][$key]['size'] > 0) {
echo ' ';
// Mannschaftsfarbe
marke('tr', $teamName[$key]);
// Punktzahl
echo '<td>';
echo $data['team'][$key]['won'] - $data['team'][$key]['lost'];
echo '</td>';
// Gewonnen
echo '<td>';
echo '(' . $data['team'][$key]['won'] . ' - ';
// Verloren
echo $data['team'][$key]['lost'] . ')';
echo '</td>';
// #Spieler
echo '<td>';
echo $data['team'][$key]['size'];
echo '</td>';
// Ende Mannschaftsfarbe
echo '</tr>' . "\n";
}
}
echo ' </tbody>' . "\n" . '</table>' . "\n";
}
reset($data);
echo "\n\n" . '<table class="spieler" border="0">' . "\n";
echo ' <tbody>';
while (list($key, $val) = each($data['player'])) {
echo "\n" . '<tr>' . "\n";
// Zuschauer spielen nicht -> keine Punktzahl
if (!strcmp($teamName[$data['player'][$key]['team']], 'zuschauer') == 0) {
echo '<td>';
echo $data['player'][$key]['won'] - $data['player'][$key]['lost'];
echo '</td>' . "\n";
echo '<td>(' . $data['player'][$key]['won'] . '-' . $data['player'][$key]['lost'] . ')</td><td>[' . $data['player'][$key]['tks'] . ']</td>';
} else {
echo '<td></td>' . "\n" . '<td></td>' . "\n" . '<td></td>' . "\n";
}
// Mannschaftsfarbe
marke('td', $teamName[$data['player'][$key]['team']]);
$playername = $data['player'][$key]['sign'];
// Spielernamen eventuell kuerzen
if ($site->mobile_version()) {
// Name ziemlich lang
if (strlen($playername) > 13) {
$playername = str_split($playername, 10);
echo htmlent($playername[0]) . "...";
} else {
echo htmlent($playername);
}
} else {
echo htmlentities($playername);
}
echo '</td>' . "\n";
// Mehl
marke('td', 'mehl');
if (!strcmp($data['player'][$key]['motto'], '') == 0) {
$motto = $data['player'][$key]['motto'];
// motto ziemlich lang
if (strlen($motto) > 17) {
$motto = str_split($motto, 14);
$motto = htmlent($motto[0]) . '...';
}
echo '(' . htmlent($motto) . ')';
}
echo '</td>' . "\n";
// Existiert Datenbankverbindung?
if ($connection) {
// team herausfinden
marke('td', 'team');
$callsign = $data['player'][$key]['sign'];
$query = 'SELECT `teamid` from users WHERE `name`=' . sqlSafeStringQuotes($callsign) . ' LIMIT 1';
$result = mysql_query($query, $connection);
if (!$result) {
print mysql_error();
die("<br>\nQuery {$query} ist ungültiges SQL.");
}
$resultarray = mysql_fetch_array($result);
$teamid = $resultarray['teamid'];
if ($teamid > 0) {
if ($use_internal_db) {
$query = 'SELECT `name` from teams WHERE `id`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1';
} else {
$query = 'SELECT `name` from teams WHERE `teamid`=' . sqlSafeStringQuotes($teamid) . ' LIMIT 1';
}
$result = mysql_query($query, $connection);
if (!$result) {
print mysql_error();
die("<br>\nQuery {$query} ist ungültiges SQL.");
}
$resultarray = mysql_fetch_array($result);
mysql_free_result($result);
echo $resultarray['name'];
}
echo '</td>' . "\n";
}
echo '</tr>' . "\n";
}
echo ' </tbody>' . "\n" . '</table>' . "\n";
}
}
function resolve_visits_log_hosts_helper($ip_address)
{
global $site;
global $connection;
$query = 'UPDATE `visits` SET `host`=' . sqlSafeStringQuotes(gethostbyaddr($ip_address)) . ' WHERE `ip-address`=' . sqlSafeStringQuotes($ip_address);
// execute query, ignore result
@$site->execute_query('visits', $query, $connection);
}
$site->dieAndEndPageNoBox('<p>It seems like the name of player with id ' . sqlSafeStringQuotes(htmlent($profile)) . ' can not be accessed for an unknown reason.</p>');
}
// existance test of user skipped intentionally
// if the user does not exist, there will be no visits for him
// sanity checks passed
// get the name of the player in question
$player_name = '(no player name)';
while ($row = mysql_fetch_array($result)) {
$player_name = $row['name'];
}
mysql_free_result($result);
// collect visits list of that player
// example query: SELECT `users`.`name`,`visits`.`ip-address`, `visits`.`host`, `visits`.`timestamp`
// FROM `visits`,`users` WHERE `visits`.`userid`='16' AND `users`.`id`='16'
// ORDER BY `visits`.`id` DESC LIMIT 0,201
$query = 'SELECT `users`.`name`,`visits`.`ip-address`, `visits`.`host`, `visits`.`timestamp`,`visits`.`forwarded_for`' . ' FROM `visits`,`users` WHERE `visits`.`userid`=' . sqlSafeStringQuotes($profile) . ' AND `users`.`id`=' . sqlSafeStringQuotes($profile);
}
// display visits log overview
if (!isset($_GET['profile'])) {
if (!isset($_GET['search'])) {
// get list of last 200 visits
$query = 'SELECT `visits`.`userid`,' . '(SELECT `name` FROM `users` WHERE `id`=`visits`.`userid`) AS `name`,' . '`visits`.`ip-address`,`visits`.`host`,`visits`.`timestamp`,`visits`.`forwarded_for`' . ' FROM `visits`';
}
}
$query .= ' ORDER BY `visits`.`id` DESC LIMIT ';
$view_range = (int) 0;
// the "LIMIT 0,200" part of query means only the first 200 entries are received
// the range of shown matches is set by the GET variable i
if (isset($_GET['i'])) {
if ((int) $_GET['i'] > 0) {
$view_range = (int) $_GET['i'];
function decrease_draw_match_count($teamid)
{
global $connection;
global $site;
$query = 'UPDATE `teams_profile` SET ';
$query .= '`num_matches_draw`=`num_matches_draw`-' . sqlSafeStringQuotes('1');
$query .= ' WHERE (`teamid`=' . sqlSafeStringQuotes($teamid) . ')';
// only one team needs to be updated
$query .= ' LIMIT 1';
if (!($result = $site->execute_query('teams_profile', $query, $connection))) {
unlock_tables($site, $connection);
$site->dieAndEndPage('Could not update win/play count for team with id ' . sqlSafeString($teamid) . ' due to a sql problem!');
}
}
function sanityCheck(&$confirmed)
{
global $site;
global $connection;
global $randomkey_name;
global $team_id1;
global $team_id2;
global $team1_caps;
global $team2_caps;
global $timestamp;
global $duration;
global $match_id;
global $similarMatchFound;
// sanitise match id
if (isset($_GET['edit'])) {
$match_id = intval($_GET['edit']);
}
if (isset($_GET['delete'])) {
$match_id = intval($_GET['delete']);
}
// sanitise team variables
if (isset($_POST['match_team_id1'])) {
$team_id1 = intval($_POST['match_team_id1']);
} elseif (isset($_POST['team_id1'])) {
$team_id1 = intval($_POST['team_id1']);
} else {
$team_id1 = 0;
}
if ($team_id1 < 1) {
$team_id1 = 0;
}
if (isset($_POST['match_team_id2'])) {
$team_id2 = intval($_POST['match_team_id2']);
} elseif (isset($_POST['team_id2'])) {
$team_id2 = intval($_POST['team_id2']);
} else {
$team_id2 = 0;
}
if ($team_id2 < 1) {
$team_id2 = 0;
}
// do the teams exist?
// teams specified?
if (!isset($_GET['delete']) && ($team_id1 > 0 && $team_id2 > 0)) {
$team_exists = 0;
$query = 'SELECT COUNT(`id`) as `team_exists` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id1) . ' LIMIT 1';
if (!($result = @$site->execute_query('teams', $query, $connection))) {
$site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id1) . '.');
}
while ($row = mysql_fetch_array($result)) {
$team_exits = intval($row['team_exists']);
}
mysql_free_result($result);
if ($team_exits === 0) {
echo '<p>Error: The specified team #1 does not exist</p>';
$confirmed = 0;
}
// reset variable for team 2
$team_exits = 0;
$query = 'SELECT COUNT(`id`) as `team_exists` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($team_id2) . ' LIMIT 1';
if (!($result = @$site->execute_query('teams', $query, $connection))) {
$site->dieAndEndPage('Could not find out name of team #' . sqlSafeString($team_id2) . '.');
}
while ($row = mysql_fetch_array($result)) {
$team_exits = intval($row['team_exists']);
}
mysql_free_result($result);
if ($team_exits === 0) {
echo '<p>Error: The specified team #2 does not exist</p>';
$confirmed = 0;
}
// teams are the same (and chosen by user)
if ($team_id1 > 0 && $team_id2 > 0 && $team_id1 === $team_id2) {
echo '<p>In order to be an official match, teams would have to be different!</p>';
$confirmed = 0;
}
}
// sanitise score variables
if (isset($_POST['team1_points'])) {
$team1_caps = intval($_POST['team1_points']);
} else {
$team1_caps = 0;
}
if (isset($_POST['team2_points'])) {
$team2_caps = intval($_POST['team2_points']);
} else {
$team2_caps = 0;
}
// sanitise day and time variables
if (isset($_POST['match_day'])) {
$match_day = $_POST['match_day'];
} else {
$match_day = date('Y-m-d');
}
if (isset($_POST['match_time'])) {
$match_time = $_POST['match_time'];
} else {
$match_time = date('H:i:s');
}
if (isset($_POST['match_day']) && isset($_POST['match_time'])) {
$timestamp = $_POST['match_day'] . ' ' . sqlSafeString($_POST['match_time']);
}
// user wants to edit match data again
if (isset($_POST['match_cancel'])) {
$confirmed = 0;
}
if (isset($_POST['$match_id'])) {
$match_id = intval($_POST['$match_id']);
}
if (isset($_POST['duration'])) {
$duration = intval($_POST['duration']);
} else {
$duration = 15;
}
// does the match exit?
if (isset($match_id)) {
$query = 'SELECT `id` FROM `matches` WHERE `id`=' . sqlSafeStringQuotes($match_id);
if (!($result = $site->execute_query('matches', $query, $connection))) {
$site->dieAndEndPage('Could not find out id for team 1 given match id ' . sqlSafeString($match_id) . ' due to a sql problem!');
}
if (intval(mysql_num_rows($result)) < 1) {
// match did not exist!
$confirmed = 0;
}
}
// sanitise date and time specified
// sanity checks regarding day format
// sample day: 2009-12-15
if (!preg_match('/(2)(0|1|2|3|4|5|6|7|8|9){3,}-(0|1)(0|1|2|3|4|5|6|7|8|9)-(0|1|2|3)(0|1|2|3|4|5|6|7|8|9)/', $match_day)) {
echo '<p>Please make sure your specified date is in correct format. Do not forget leading zeros.</p>' . "\n";
$confirmed = (int) 0;
}
// sanity checks regarding time format
// sample time: 15:21:35
if (!preg_match('/(0|1|2)([0-9]):([0-5])([0-9]):([0-5])([0-9])/', $match_time)) {
echo '<p>Please make sure your specified time is in correct format. Do not forget leading zeros.</p>' . "\n";
$confirmed = (int) 0;
}
// get the unix timestamp from the date and time
if (!($specifiedTime = strtotime($match_day . ' ' . $match_time))) {
echo '<p>Please make sure your specified date and time is valid!</p>' . "\n";
$confirmed = (int) 0;
}
// look up if the day does exist in Gregorian calendar
// checkdate expects order to be month, day, year
if (!checkdate(date('m', $specifiedTime), date('d', $specifiedTime), date('Y', $specifiedTime))) {
echo '<p>Please make sure your specified date and time is a valid Gregorian date.</p>' . "\n";
$confirmed = (int) 0;
}
// is match in the future?
if (isset($timestamp)) {
$curTime = (int) strtotime('now');
if ((int) $specifiedTime - $curTime >= 0) {
echo '<p>You tried to enter, edit or delete a match that would have been played in the future.';
echo ' Only matches in the past can be entered, edited or deleted.</p>' . "\n";
$confirmed = (int) 0;
}
}
// is match older than 2 months?
$eightWeeksAgo = (int) strtotime('now -8 weeks');
if ((int) $specifiedTime <= $eightWeeksAgo) {
echo '<p>You tried to enter, edit or delete a match that is older than 8 weeks.' . 'Only matches played in the last 8 weeks can be entered, edited or deleted.</p>' . "\n";
$confirmed = 0;
}
// check if there is already a match entered at that time
// scores depend on the order, two matches done at the same time lead to undefined behaviour
$query = 'SELECT `timestamp` FROM `matches` WHERE `timestamp`=' . sqlSafeStringQuotes($timestamp);
if (!($result = @$site->execute_query('matches', $query, $connection))) {
unlock_tables();
$site->dieAndEndPage('Unfortunately there seems to be a database problem' . ' and thus comparing timestamps (using equal operator) of matches failed.');
}
$rows = (int) mysql_num_rows($result);
mysql_free_result($result);
if ($rows > 0 && !isset($_GET['edit']) && !isset($_GET['delete'])) {
// go back to the first step of entering a match
echo '<p>There is already a match entered at that exact time.';
echo ' There can be only one finished at the same time because the scores depend on the order of the played matches.</p>' . "\n";
// just warn them and let them enter it all again by hand
echo 'Please enter the match with a different time.</p>' . "\n";
echo '<form enctype="application/x-www-form-urlencoded" method="post" action="?enter">' . "\n";
echo '<div>';
$site->write_self_closing_tag('input type="hidden" name="confirmed" value="0"');
echo '</div>' . "\n";
// pass the match values to the next page so the previously entered data can be set default for the new form
show_form($team_id1, $team_id2, $team1_caps, $team2_caps, $readonly = false, $duration);
echo '<div>';
$site->write_self_closing_tag('input type="submit" name="match_cancel" value="Cancel and change match data" id="send"');
echo '</div>' . "\n";
echo '</form>' . "\n";
$site->dieAndEndPage();
}
// random key validity check
if ($confirmed > 1) {
$new_randomkey_name = '';
if (isset($_POST['key_name'])) {
$new_randomkey_name = html_entity_decode($_POST['key_name']);
}
$randomkeysmatch = $site->compare_keys($randomkey_name, $new_randomkey_name);
if (!$randomkeysmatch) {
echo '<p>The magic key did not match. It looks like you came from somewhere else. Going back to compositing mode.</p>';
// reset the confirmed value
$confirmed = 0;
}
}
// check for similar match in database and warn user if at least one was found
// skip warning if already warned (no infinite warning loop)
if ($confirmed > 1 && !isset($_POST['similar_match'])) {
// find out if there are similar matches
$similarMatchFound = false;
$similarMatchFound = similarMatchEntered(true);
if (!$similarMatchFound) {
// look for a possible last show stopper
$similarMatchFound = similarMatchEntered(false);
} else {
// add space between last similar match and the one probably following
$site->write_self_closing_tag('br');
// only call the function for user information, ignore result
similarMatchEntered(false);
}
if ($similarMatchFound) {
// ask for confirmation again and do not go ahead automatically
$confirmed = 1;
}
}
// no double confirmation about deletion - user saw confirmation step with $confirmed = 0 already
if ($confirmed === 1 && isset($_GET['delete'])) {
$confirmed = 2;
}
}
if (!($result = $site->execute_query('users_profile', $query, $connection))) {
// query was bad, error message was already given in $site->execute_query(...)
$site->dieAndEndPage('');
}
} else {
if (!(strcmp($_POST['logo_url'], '') === 0)) {
echo '<p>Error: Skipping logo setting: Not allowed URL or extension.</p>';
}
}
}
if (isset($_POST['admin_comments'])) {
// only admins can edit their comments
if ($allow_add_admin_comments_to_user_profile) {
$query = 'UPDATE `users_profile` SET `admin_comments`=' . sqlSafeStringQuotes($site->bbcode($_POST['admin_comments']));
$query .= ', `raw_admin_comments`=' . sqlSafeStringQuotes($_POST['admin_comments']);
$query .= ' WHERE `id`=' . sqlSafeStringQuotes($profile);
if (!($result = @$site->execute_query('users_profile', $query, $connection))) {
// query was bad, error message was already given in $site->execute_query(...)
$site->dieAndEndPage('');
}
}
}
echo '<p>The player profile has been updated successfully.</p>' . "\n";
$site->dieAndEndPage('');
}
// display editing form
echo '<form enctype="application/x-www-form-urlencoded" method="post" action="?edit=' . $profile . '">' . "\n";
echo '<div><input type="hidden" name="confirmed" value="1"></div>' . "\n";
$new_randomkey_name = $randomkey_name . microtime();
$new_randomkey = $site->set_key($new_randomkey_name);
echo '<div><input type="hidden" name="key_name" value="' . htmlspecialchars($new_randomkey_name) . '"></div>' . "\n";
$query .= ' AND `users`.`teamid`<>' . sqlSafeStringQuotes('0');
}
if (isset($_GET['search_string']) && !(strcmp($search_expression, '') === 0)) {
if ($search_player_sort) {
$query .= ' AND `users`.`name` LIKE ' . sqlSafeStringQuotes($search_expression);
} elseif ($search_team_sort) {
if (strcmp($search_expression, '(teamless)') === 0) {
$query .= ' AND `users`.`teamid`=' . sqlSafeStringQuotes('0');
} else {
$query .= ' AND `teams`.`name` LIKE ' . sqlSafeStringQuotes($search_expression);
$query .= ' AND `teams`.`id`=`users`.`teamid`';
}
} elseif ($search_bzid_sort) {
$query .= ' AND `users`.`external_id` LIKE ' . sqlSafeStringQuotes($search_expression);
} else {
$query .= ' AND `users_profile`.`joined` LIKE ' . sqlSafeStringQuotes($search_expression);
}
}
// the profile id of the player must match the actual player id (profile must belong to the same player)
$query .= ' AND `users_profile`.`userid`=`users`.`id`';
// sort the result
if ($search_player_sort) {
$query .= ' ORDER BY `users`.`name`, `team_name`';
} elseif ($search_bzid_sort) {
$query .= ' ORDER BY `users`.`external_id`, `users`.`name`, `team_name`';
} elseif ($search_joined_sort) {
$query .= ' ORDER BY `users_profile`.`joined`, `team_name`, `users`.`name`';
} else {
$query .= ' ORDER BY `team_name`, `users`.`name`';
}
if ($result = @$site->execute_query('users, teams', $query, $connection)) {
function show_score_changes($team_stats_changes, $keys, $n_teams = 0)
{
global $site;
global $connection;
if (intval($n_teams) === 0) {
$n_teams = (int) count($keys) - 1;
}
// old score = new score for some teams?
$skipped_teams = false;
for ($i = 0; $i <= $n_teams; $i++) {
// grab old score from team overview
$query = 'SELECT `score` FROM `teams_overview` WHERE `teamid`=' . sqlSafeStringQuotes($keys[$i]) . ' LIMIT 1';
if (!($result = @$site->execute_query('teams_overview', $query, $connection))) {
$site->dieAndEndPageNoBox('Could not load score from team overview for team #' . $keys[$i] . '.');
}
while ($row = mysql_fetch_array($result)) {
// remember old score
$team_stats_changes[$keys[$i]]['old_score'] = $row['score'];
// compute new score
$team_stats_changes[$keys[$i]]['new_score'] = get_score_at_that_time($keys[$i], date('Y-m-d H:i:s'));
// save new score in database, if needed
if ($team_stats_changes[$keys[$i]]['old_score'] - $team_stats_changes[$keys[$i]]['new_score'] === 0) {
// this team has no changed score
unset($team_stats_changes[$keys[$i]]);
// -> one team had no changed score
$skipped_teams = true;
} else {
$query = 'UPDATE `teams_overview` SET `score`=' . $team_stats_changes[$keys[$i]]['new_score'] . ' WHERE `teamid`=' . sqlSafeStringQuotes($keys[$i]) . ' LIMIT 1';
if (!($result_update = @$site->execute_query('matches', $query, $connection))) {
$site->dieAndEndPageNoBox('Could not load score of team overview for team #' . $keys[$i] . '.');
}
}
}
mysql_free_result($result);
if (isset($team_stats_changes[$keys[$i]])) {
// get team name from database
$query = 'SELECT `name` FROM `teams` WHERE `id`=' . sqlSafeStringQuotes($keys[$i]) . ' LIMIT 1';
if (!($result = @$site->execute_query('teams', $query, $connection))) {
$site->dieAndEndPageNoBox('Could not load name of team #' . $keys[$i] . '.');
}
while ($row = mysql_fetch_array($result)) {
// save name in lookup array
$team_stats_changes[$keys[$i]]['name'] = $row['name'];
}
mysql_free_result($result);
}
}
// at least one team had no changed score
if ($skipped_teams) {
// re-index the keys
$keys = array_keys($team_stats_changes);
// re-compute the number of teams
$n_teams = (int) count($keys) - 1;
}
if ($n_teams >= 0) {
// if teams had changed scores show a nice comparison table
echo '<table id="table_scores_changed_overview" class="nested_table">' . "\n";
echo '<caption>Changed teams scores</caption>' . "\n";
echo '<tr>' . "\n";
echo ' <th>Team</th>' . "\n";
echo ' <th>Previous score</th>' . "\n";
echo ' <th>New score</th>' . "\n";
echo ' <th>Difference</th>' . "\n";
echo '</tr>' . "\n\n";
for ($i = 0; $i <= $n_teams; $i++) {
// entries with no changed scores were deleted without re-indexing using unset
if (isset($keys[$i])) {
echo '<tr class="table_scores_changed_overview">' . "\n";
// name of team
echo ' <td class="table_scores_changed_overview_name">';
echo '<a href="../Teams/?profile=' . htmlspecialchars($keys[$i]) . '">';
echo strval($team_stats_changes[$keys[$i]]['name']);
echo '</a>';
echo '</td>' . "\n";
// old score
echo ' <td class="table_scores_changed_overview_score_before">';
echo strval($team_stats_changes[$keys[$i]]['old_score']);
echo '</td>' . "\n";
// new score
echo ' <td class="table_scores_changed_overview_score_after">';
echo strval($team_stats_changes[$keys[$i]]['new_score']);
echo '</td>' . "\n";
// difference computation
echo ' <td class="table_scores_changed_overview_difference">';
$score_change = strval(intval($team_stats_changes[$keys[$i]]['new_score']) - intval($team_stats_changes[$keys[$i]]['old_score']));
// prefix
if ($score_change > 0) {
echo '+';
} elseif ($score_change === 0) {
// ± displays a +- symbol
echo '±';
}
// display difference
echo $score_change;
echo '</td>' . "\n";
echo '</tr>' . "\n";
}
}
// done
echo '</table>' . "\n";
} else {
echo '<p>No team scores were changed.</p>' . "\n";
}
}
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
/*
* Vertical bar chart demonstration
*
*/
if (!isset($site)) {
die('this file is not meant to be called directly');
}
include "../CMS/libchart-1.2.1/libchart/classes/libchart.php";
// get stats from database
$query = 'SELECT `timestamp`, `team1ID`, `team2ID`' . ' FROM `matches`' . ' WHERE `timestamp` LIKE ' . sqlSafeStringQuotes('%') . ' AND (`team1ID` = 40 AND `team2ID` = 10' . ' OR (`team2ID` = 40 AND `team1ID` = 10))' . ' ORDER BY `timestamp`';
if (!($result = $site->execute_query('matches', $query, $connection))) {
die('Could not grab history of all matches ever played.');
}
// interpret results
$oldTimestamp = '';
$matches = array();
while ($row = mysql_fetch_array($result)) {
// raw database result
// e.g. 2005-01-23 22:42:20
$curTimestamp = $row['timestamp'];
// assume year has always 4 digits, a dash (here -) follows and then there follows always 2 digit month
// as well as a dash and 2 digit day
// e.g. 22:
$curTimestamp = substr($curTimestamp, 11, 2);
if (!isset($matches[$curTimestamp]['hours'])) {
