/**
* Check for input.
* If there is none, return waiting signal.
* If there is input, validate it, and either report errors or move on to next step.
*/
function processInput()
{
global $RESPONSE, $SESSION;
if (sessionExpired()) {
return;
}
// did we get the information necessary to move on to the next step?
if (isset($_POST['click'])) {
// data was submitted
if (!validateInput()) {
return;
}
storeInput();
$SESSION->setStatus(Session::finished_step);
if (readyToMoveOn()) {
executeGroupCallbacks();
advanceStep();
}
} else {
// no user input
if ($SESSION->current_step->time_limit > 0) {
// if there is a time limit, announce remaining time
$RESPONSE = array('action' => 'countdown', 'seconds' => $SESSION->expires - time());
} else {
// tell client to wait
$RESPONSE = array('action' => 'wait');
}
}
}
function validateForm(&$errors)
{
global $username, $password, $verifyPassword;
if (!validateInput($username)) {
$errors['username'][] = 'Your username must be between 4 and 8 symbols long. You can use latin characters, digits and - or _';
}
if (!validateInput($password) || !validateInput($verifyPassword)) {
$errors['password'][] = 'Your password must be between 4 and 8 symbols long. You can use lating characters, digits and - or _';
}
if (!samePassword($password, $verifyPassword)) {
$errors['password'][] = 'You must enter the same password twice.';
} else {
$password = password_hash($password, PASSWORD_DEFAULT);
}
}
<h3 style ="text_align:center">Using IF ELSE</h3>
<form name="BirthYear" action="BirthYear_ifelse.php" method="post">
<p>Year of Birth: <input type="number" name="Year" value="<?php
echo $YearOfBirth;
?>
" /></p>
<p><input type="reset" value="Clear Form" /> <input type="submit" name="Submit" value"Show Me My Sign" /></p>
</form>
<?php
}
$ShowForm = TRUE;
$errorCount = 0;
$YearOfBirth = 0;
if (isset($_POST['Submit'])) {
$YearOfBirth = validateInput($_POST['Year'], "Year of Birth");
if ($errorCount == 0) {
$ShowForm = FALSE;
} else {
$ShowForm = TRUE;
}
}
if ($ShowForm == TRUE) {
if ($errorCount > 0) {
echo "<p>Please re-enter the form information below.</p>\n";
}
displayForm($Sender, $Email, $Subject, $Message);
} else {
$yearSign = getYearSign($YearOfBirth);
echo "<pre>You were born under the sign of the " . strtolower($yearSign) . ".\n\n";
echo "<img src='" . $yearSign . ".jpg'/>";
if (validateInput($_GET["task"], 'nospace') === true) {
$selTask = $_GET["task"];
}
}
session_set_cookie_params(43200);
// 8 hours
session_name("hlstats-session");
session_start();
session_regenerate_id(true);
$auth = false;
require 'class/admin.class.php';
$adminObj = new Admin();
$auth = $adminObj->getAuthStatus();
// process the logout
if (!empty($_GET['logout'])) {
if (validateInput($_GET['logout'], 'digit') === true && $_GET['logout'] == "1") {
$adminObj->doLogout();
header('Location: index.php');
}
}
if ($auth === true) {
if (!empty($selTask)) {
if (file_exists(getcwd() . '/hlstatsinc/admintasks/' . $selTask . '.inc.php')) {
require 'hlstatsinc/admintasks/' . $selTask . '.inc.php';
} else {
require 'hlstatsinc/admintasks/overview.php';
}
} else {
// show overview
require 'hlstatsinc/admintasks/overview.php';
}
$gameCode = sanitize($_GET['gameCode']);
if (!empty($gameCode) && validateInput($gameCode, 'nospace')) {
$query = "SELECT\n\t\t\t \t\t\tt1.playerId,lastName,skill\n\t\t\t \t\tFROM\n\t\t\t \t\t\thlstats_Players as t1 INNER JOIN hlstats_PlayerUniqueIds as t2\n\t\t\t \t\t\tON t1.playerId = t2.playerId\n\t\t\t \t\tWHERE\n\t\t\t \t\t\tt1.game='" . $gameCode . "'\n\t\t\t \t\t\tAND t1.hideranking=0\n\t\t\t \t\t\tAND t2.uniqueId not like 'BOT:%'\n\t\t\t \t\tORDER BY skill DESC\n\t\t\t \t\tLIMIT 10";
}
break;
/**
* return some information about the given server like livestats view
*/
/**
* return some information about the given server like livestats view
*/
case 'serverinfo':
default:
// we want some server info
$serverId = sanitize($_GET['serverId']);
if (!empty($serverId) && validateInput($serverId, 'digit')) {
// check if we have such server
$query = mysql_query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\ts.serverId,\n\t\t\t\t\t\t\ts.name,\n\t\t\t\t\t\t\ts.address,\n\t\t\t\t\t\t\ts.port,\n\t\t\t\t\t\t\ts.publicaddress,\n\t\t\t\t\t\t\ts.game,\n\t\t\t\t\t\t\ts.rcon_password,\n\t\t\t\t\t\t\tg.name gamename\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\thlstats_Servers s\n\t\t\t\t\t\tLEFT JOIN\n\t\t\t\t\t\t\thlstats_Games g\n\t\t\t\t\t\tON\n\t\t\t\t\t\t\ts.game=g.code\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tserverId=" . $serverId . "\n\t\t\t\t\t\t\t");
if (mysql_num_rows($query) === 1) {
// get the server data
$serverData = mysql_fetch_assoc($query);
$xmlBody = "<server>";
$xmlBody .= "<name>" . $serverData['name'] . "</name>";
$xmlBody .= "<ip>" . $serverData['address'] . "</ip>";
$xmlBody .= "<port>" . $serverData['port'] . "</port>";
$xmlBody .= "<game>" . $serverData['gamename'] . "</game>";
// load the required stuff
include 'hlstatsinc/binary_funcs.inc.php';
include 'hlstatsinc/hlquery_funcs.inc.php';
$xmlBody .= "<additional>";
// run some query to display some more info
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
$return['status'] = false;
$return['msg'] = false;
if (isset($_POST['sub']['auth'])) {
if (isset($_POST['login']['username']) && isset($_POST['login']['pass'])) {
$username = trim($_POST['login']['username']);
$pass = trim($_POST['login']['pass']);
$check = validateInput($username, 'nospace');
$check1 = validateInput($pass, 'nospace');
if ($check === true && $check1 === true) {
$do = $adminObj->doLogin($username, $pass);
if ($do === true) {
$return['status'] = "3";
$return['msg'] = l('Login successfull');
header('Location: index.php?mode=admin');
} else {
$return['status'] = "2";
$return['msg'] = l('Invalid auth data');
}
} else {
$return['status'] = "1";
$return['msg'] = l('Please provide authentication data');
}
}
////
//// Main
////
$modes = array("players", "clans", "weapons", "maps", "actions", "claninfo", "playerinfo", "weaponinfo", "mapinfo", "actioninfo", "playerhistory", "search", "admin", "help", "livestats", "playerchathistory", "teams");
$mode = '';
if (!empty($_GET["mode"])) {
if (in_array($_GET["mode"], $modes) && validateInput($_GET['mode'], 'nospace') === true) {
$mode = $_GET['mode'];
}
}
// decide if we show the games or the game file
$queryAllGames = mysql_query("SELECT code,name FROM " . DB_PREFIX . "_Games WHERE hidden='0' ORDER BY name ASC");
$num_games = mysql_num_rows($queryAllGames);
$game = '';
if (isset($_GET['game'])) {
$check = validateInput($_GET['game'], 'nospace');
if ($check === true) {
$game = $_GET['game'];
$query = mysql_query("SELECT name FROM " . DB_PREFIX . "_Games WHERE code='" . mysql_escape_string($game) . "' AND `hidden` = '0'");
if (mysql_num_rows($query) < 1) {
error("No such game '{$game}'.");
} else {
$result = mysql_fetch_assoc($query);
$gamename = $result['name'];
if (empty($mode)) {
$mode = 'game';
}
}
}
} else {
if ($num_games == 1) {
/**
* check if the user is logged in
*/
private function _checkAuth()
{
if (isset($_SESSION['hlstatsAuth']['authCode'])) {
$check = validateInput($_SESSION['hlstatsAuth']['authCode'], 'nospace');
if ($check === true) {
// check if we have such code into the db
$userData = $this->_getSessionDataFromDB($_SESSION['hlstatsAuth']['authCode']);
if ($userData !== false) {
// we have a valid user with valid authCode
// re create the authcode with current data
$authCode = sha1($_SERVER["REMOTE_ADDR"] . $_SERVER['HTTP_USER_AGENT'] . $userData['password']);
if ($authCode === $_SESSION['hlstatsAuth']['authCode']) {
$this->_authStatus = true;
}
} else {
$this->_logoutCleanUp($_SESSION['hlstatsAuth']['authCode']);
}
}
}
}
function viewRegister()
{
$errors = array();
if (!empty($_POST)) {
//vorm esitati
if (empty($_POST["name"])) {
$errors[] = "Nimi puudub.";
}
//nimi olemas
$u = validateInput($_POST["name"]);
$p1 = '';
$p2 = '';
$userMatch = false;
$sql = "SELECT username FROM rsaarmae_users";
$result = mysqli_query($_SESSION['connection'], $sql);
while ($row = mysqli_fetch_assoc($result)) {
if ($row['username'] == $u) {
$userMatch = true;
$errors[] = "Sellise nimega kasutaja on juba registreeritud, proovige teist nime";
}
}
if (empty($_POST["name"])) {
}
if (empty($_POST["password"])) {
$errors[] = "Salasõna puudub.";
} else {
$p1 = validateInput($_POST["password"]);
}
if (empty($_POST["password_check"])) {
$errors[] = "Salasõna kontroll puudub.";
} else {
$p2 = validateInput($_POST["password_check"]);
}
if ($p1 != $p2) {
$errors[] = "Salasõnad ei ühti.";
}
if (!$userMatch && empty($errors)) {
$salt = sha1($p1 . $u . $p1);
//salasõna räsi tekitamine ja soolamine
$query = "INSERT INTO rsaarmae_users (username, pass) VALUES ('{$u}', '{$salt}');";
mysqli_query($_SESSION['connection'], $query);
startSession();
startSession();
$_SESSION["teade"] = "Registreeritud kasutaja nimega '" . $u . "'.";
header("Location: controller.php?mode=index");
exit(0);
}
}
require_once 'register.php';
}
require 'dbconnection.php';
$action = isset($_POST['action']) ? $_POST['action'] : 'default';
function validateInput()
{
if (empty($_POST['year']) || empty($_POST['month']) || empty($_POST['day'])) {
return False;
}
$timestamp = strtotime($_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day']);
if (!is_numeric($timestamp)) {
return False;
}
return checkdate(date('m', $timestamp), date('d', $timestamp), date('Y', $timestamp));
}
switch ($action) {
case 'Show':
if (validateInput() === True) {
$inputValidated = True;
$date = sprintf('%d-%d-%d', $_POST['year'], $_POST['month'], $_POST['day']);
$mongodate = new MongoDate(strtotime($date));
$mongodb = DBConnection::instantiate();
$collection = $mongodb->getCollection('daily_sales');
$doc = $collection->findOne(array('sales_date' => $mongodate));
} else {
$inputValidated = False;
}
break;
default:
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
*/
// JSON return strings
$sErr = "";
$sMsg = "";
$sData = "";
//
// basepath
$sConnBse = "../../";
include "config.php";
include "functions.php";
//
// security file checking
$aVldt = validateInput($sConnBse, array("fileList" => array(0, 2, 0), "duplicate" => array(0, 3, 0), "upload" => array(0, 5, 1), "swfUpload" => array(5, 2, 1), "delete" => array(0, 3, 0), "download" => array(2, 0, 0), "read" => array(0, 3, 0), "rename" => array(0, 4, 0), "addFolder" => array(0, 3, 0), "moveFiles" => array(0, 4, 0)));
$sAction = $aVldt["action"];
$sSFile = $aVldt["file"];
$sErr .= $aVldt["error"];
if ($sErr != "") {
die('{"error":"' . $sErr . '","msg":"' . $sMsg . '","data":{' . $sData . '}}');
}
//
$sErr = '';
switch ($sAction) {
case "fileList":
// retreive file list
$sImg = "";
$sDir = $sConnBse . (isset($_POST["folder"]) ? $_POST["folder"] : "data/");
$i = 0;
if ($handle = opendir($sDir)) {
* + 2007 - 2012
* +
*
* This program is free software is licensed under the
* COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
*
* You should have received a copy of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
* along with this program; if not, visit http://hlstats-community.org/License.html
*
*/
// Live Stats
// The binary functions need to be included
// Along with the HL Query functions
$serverId = '';
if (!empty($_GET["server"])) {
if (validateInput($_GET["server"], 'digit') === true) {
$serverId = $_GET["server"];
} else {
die("No server ID specified.");
}
}
$time = microtime();
$time = explode(' ', $time);
$time = $time[1] + $time[0];
$start = $time;
include 'hlstatsinc/binary_funcs.inc.php';
include 'hlstatsinc/hlquery_funcs.inc.php';
$query = $DB->query("SELECT s.serverId, s.name, s.address,\n\t\t\ts.port, s.publicaddress, s.game, s.rcon_password,\n\t\t\tg.name gamename\n\t\tFROM `" . DB_PREFIX . "_Servers` AS s\n\t\tLEFT JOIN `" . DB_PREFIX . "_Games` AS g ON s.game = g.code\n\t\tWHERE serverId = '" . $DB->real_escape_string($serverId) . "'");
if (SHOW_DEBUG && $DB->error) {
var_dump($DB->error);
}
* + 2007 - 2012
* +
*
* This program is free software is licensed under the
* COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
*
* You should have received a copy of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
* along with this program; if not, visit http://hlstats-community.org/License.html
*
*/
$return = false;
if (isset($_POST['sub']['newgame'])) {
$newGame = trim($_POST['newGame']);
if (!empty($newGame)) {
// read the gamesupport_file
$check = validateInput($newGame, 'nospace');
if (file_exists("hlstatsinc/sql_files/" . $newGame) && $check === true) {
$sqlContent = file_get_contents("hlstatsinc/sql_files/" . $_POST['newGame']);
$sqlContent = str_replace(array("\n", "\t", "\r"), array("\n"), $sqlContent);
// replace the table prefix with the constant
$sqlContent = str_replace("++DB_PREFIX++", DB_PREFIX, $sqlContent);
$sqlContentArr = explode("\n", $sqlContent);
$i = 0;
foreach ($sqlContentArr as $line) {
$line = trim($line);
if (!preg_match("/^#/", $line) && $line != "") {
$query = $DB->query($line);
if (!$query) {
echo "Query Failed: " . $line;
$i++;
break;
global $postpass;
global $postemail;
global $result;
$db = new PDO('sqlite:database.db');
$stmt = $db->prepare('SELECT * FROM users WHERE email LIKE ?');
$stmt->execute(array($postemail));
$result = $stmt->fetchAll();
return count($result);
}
// ----------------------- REGISTER CASE
if ($_POST['choice'] == "REGISTER") {
if ($_POST['log_password_conf'] != $postpass) {
header("location: main.php?errorMsg=" . urlencode("\"password\" field is different than \"confirm password\""));
return '';
}
if (validateInput($mail_match, $postemail) === false) {
header("location: main.php?errorMsg=" . urlencode("\"email\" not accepted"));
return '';
}
if (number_of_usersnamed() === 0) {
if (number_of_users_with_email() === 0) {
//generate activation code
$length = 10;
$code = "";
$valid = "0123456789abcdefghijklmnopqrstuvwxyz";
do {
for ($i = 0; $i < $length; $i++) {
$code .= $valid[mt_rand(0, strlen($valid))];
}
} while (activation_code($code) > 0);
$dbh = new PDO('sqlite:database.db');
function saveNewPaths($group = 'Core')
{
global $rescueFields, $_DB_table_prefix;
$retval = array();
$sql = "SELECT * FROM " . $_DB_table_prefix . "conf_values WHERE group_name='" . DB_escapeString($group) . "' AND ((type <> 'subgroup') AND (type <> 'fieldset'))";
$result = DB_query($sql);
while ($row = DB_fetchArray($result)) {
if ($group != 'Core' || in_array($row['name'], $rescueFields)) {
$config[$row['name']] = @unserialize($row['value']);
$default[$row['name']] = $row['default_value'];
}
}
$cfgvalues = array();
$reset = array();
$cfgvalues = $_POST['cfgvalue'];
$reset = isset($_POST['default']) ? $_POST['default'] : array();
$changed = 0;
foreach ($cfgvalues as $option => $value) {
if (isset($reset[$option]) && $reset[$option] == 1) {
$sql = "UPDATE " . $_DB_table_prefix . "conf_values SET value='" . $default[$option] . "' WHERE name='" . $option . "' AND group_name='" . $group . "'";
DB_query($sql);
$retval[] = 'Resetting ' . $option;
$changed++;
} else {
$sVal = validateInput($value);
if ($config[$option] != $sVal && $option != 'user_login_method' && $option != 'event_types' && $option != 'default_permissions' && $option != 'grouptags') {
$fn = 'rescue_' . $option . '_validate';
if (function_exists($fn)) {
$sVal = $fn($sVal);
}
$sql = "UPDATE " . $_DB_table_prefix . "conf_values SET value='" . serialize($sVal) . "' WHERE name='" . $option . "' AND group_name='" . $group . "'";
DB_query($sql);
$retval[] = 'Saving ' . $option;
$changed++;
}
}
}
if ($changed == 0) {
$retval[] = 'No changes detected';
} else {
@unlink($cfgvalue['path_data'] . '$$$config$$$.cache');
@unlink($config['path_data'] . '$$$config$$$.cache');
@unlink($cfgvalue['path_data'] . 'layout_cache/$$$config$$$.cache');
@unlink($config['path_data'] . 'layout_cache/$$$config$$$.cache');
}
return $retval;
}
if ($check === true) {
$playersObj->setOption("sortorder", $_GET['sortorder']);
}
if ($_GET["sortorder"] == "ASC") {
$newSort = "DESC";
}
} else {
$playersObj->setOption("sortorder", 'DESC');
}
/**
* the rating system
* @todo remove
*/
$rdlimit = 1000;
if (isset($_GET["rdlimit"])) {
$check = validateInput($_GET['rdlimit'], 'digit');
$rdlimit = $_GET["rdlimit"];
}
$rd2limit = $rdlimit * $rdlimit;
pageHeader(array($gamename, l('Player Rankings')), array($gamename => "index.php?game={$game}", l('Player Rankings') => ""));
?>
<div id="sidebar">
<h1><?php
echo l('Options');
?>
</h1>
<div class="left-box">
<ul class="sidemenu">
<li>
<?php
<?php
include 'header.php';
include "getInputSafe.php";
if (!checkLogged()) {
header("Location: main.php");
//?errorMsg=".urlencode("Illegal Access to Upload Event page!"));
return '';
}
$valid_user = validate_user();
$id = $_GET['id'];
if (!validateInput($number_match, $id)) {
header("Location: main.php?errorMsg=" . urlencode("Illegal DATA in GET to Access an Event!"));
return '';
}
//get userlist
$stmt = $dbh->prepare("SELECT * from users");
$stmt->execute(array());
$users = $stmt->fetchAll();
//get event
$stmt = $dbh->prepare("SELECT * from events \n INNER JOIN users\n ON users.id=events.owner\n INNER JOIN eventTypes\n ON eventTypes.id=events.eventtype\n WHERE events.id_event= ?");
$stmt->execute(array($id));
$event_info = $stmt->fetchAll();
if ($_SESSION['login_user'] != $event_info[0]['owner']) {
header("Location: main.php?");
return '';
}
?>
<!DOCTYPE HTML>
<html>
<head>
// an extra variable in case we want to run the setup for a second time
if ($overide_check) {
$homepage = 'welcome';
} elseif ($update) {
doUpdate();
} else {
$already_setup = $db->testConnection();
if ($already_setup) {
$homepage = 'already_setup';
} else {
$homepage = 'welcome';
}
}
}
if ($mode == 'write') {
validateInput();
} elseif ($mode == 'run_sql') {
createTables();
} else {
showPage();
}
## The initial function, loading up the HTML resource files (if necessary) and redirecting accordingly
function showPage()
{
global $common, $config, $homepage;
// convert all variables in a form we can process them inside the HTML files
foreach ($_REQUEST as $k => $v) {
${$k} = $v;
}
foreach ($config as $k => $v) {
${$k} = $v;
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/licenses/gpl.html
*/
// JSON return strings
$sErr = "";
$sMsg = "";
$sData = "";
//
// basepath
$sConnBse = "../../../../";
include $sConnBse . "connectors/php/config.php";
include $sConnBse . "connectors/php/functions.php";
//include("config.php");
//
// security file checking
$aVldt = validateInput($sConnBse, array("new" => array(0, 4, 0), "edit" => array(0, 4, 0), "cont" => array(0, 3, 0)));
$sAction = $aVldt["action"];
$sSFile = $aVldt["file"];
$sErr .= $aVldt["error"];
if (isset($_POST["contents"])) {
$sContents = $_POST["contents"];
}
//$aVldt["contents"];//$_POST["contents"];
//
switch ($sAction) {
case "new":
if (file_exists($sSFile)) {
$sErr .= "File exists";
} else {
$oFile = fopen($sSFile, "w");
fputs($oFile, stripslashes($sContents));
case IMAGETYPE_SWC:
case IMAGETYPE_IFF:
case IMAGETYPE_ICO: */
default:
header("Location: create_event.php?errorMsg=" . urlencode($image_type_error));
return '';
break;
}
// if(validateInput($title_match,$_POST['title']))
//if(validateInput($text_match,$_POST['description'])==false) { header("Location: create_event.php?errorMsg=".urlencode($invalid_description_error)); return '';}
//input seems valid
sleep(1);
//avoid upload spamming
//create new data - - - - - - - - - - - - - - - - - - - - - - - - -
$clean_title = cleanUserTextTags($_POST['title']);
if (validateInput($title_match, $_POST['title']) === false) {
header("Location: create_event.php?errorMsg=" . urlencode($invalid_title_error));
return '';
}
$clean_description = cleanUserTextTags($_POST['description']);
$public = 0;
if (isset($_POST['public'])) {
$public = 1;
}
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//insert new event
$stmt = $dbh->prepare("INSERT INTO events VALUES(NULL, ?,?,?,?,?,?,?)");
$stmt->execute(array($_SESSION['login_user'], $_POST['types'], $current_datetime, $event_date, $clean_title, $clean_description, $public));
$event_id = $dbh->lastInsertId();
$mode = false;
$pl_name = '';
$pl_urlname = '';
if (!empty($_GET["player"])) {
if (validateInput($_GET["player"], 'digit') === true) {
$player = $_GET["player"];
}
}
if (!empty($_GET["uniqueid"])) {
if (validateInput($_GET["uniqueid"], 'digit') === true) {
$uniqueid = $_GET["uniqueid"];
$mode = true;
}
}
if (!empty($_GET['killLimit'])) {
if (validateInput($_GET['killLimit'], 'digit') === true) {
$killLimit = $_GET['killLimit'];
}
}
/*
@todo: remove
if (!$player && $uniqueid) {
if (!$game) {
header("Location: index.php?mode=search&st=uniqueid&q=$uniqueid");
exit;
}
$query = mysql_query("SELECT playerId FROM ".DB_PREFIX."_PlayerUniqueIds
WHERE uniqueId='".mysql_escape_string($uniqueid)."'
AND game='".mysql_escape_string($game)."'
");
$verbose = 2;
$dryrun = 0;
$exit_on_error = 1;
$copytype = 'folder';
$oldPath = '/';
$firstPass = true;
ob_implicit_flush(true);
ob_end_flush();
?>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css">
<!-- Latest compiled and minified JavaScript -->
<script src="//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script>
<?php
if (!empty($_POST) && validateInput()) {
showForm();
echo "<pre>First pass...\n";
update();
echo "</pre>";
$firstPass = false;
echo "<pre>Second pass...\n";
editPages();
echo "</pre>";
} else {
showForm();
}
function update()
{
global $host, $host2;
global $uname, $uname2;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Scholarship Form</title>
<meta http-equiv="content-type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<?php
// Strip slashes allows for quotations
// Example John O'Hara
$firstName = validateInput($_POST['fName'], "First name");
$lastName = validateInput($_POST['lName'], "Last name");
// Will either display total number of errors or Thank You Message
if ($errorCount > 0) {
echo "Please re-enter the information below.<br />";
redisplayForm($firstName, $lastName);
} else {
// echo "Thank you for filling out the scholarship form,
// ".$firstName." ".$lastName . ".";
// Send an e-mail instead of display message above
$To = "*****@*****.**";
}
$Subject = "Scholarship Form Results";
$Message = "Student Name: " . $firstName . " " . $lastName;
$result = mail($To, $Subject, $Message);
if ($result) {
$resultMsg = "Your message was successfuly sent.";
<?php
include_once "sections/header.php";
function validateInput($db, $room_id, $room_pass)
{
$pass = substr(hash('sha256', $room_pass), 0, 16);
$query = $db->prepare("SELECT * FROM rooms WHERE room_id = :rid AND (is_private = FALSE OR room_password = :rpass)");
echo "Testing " . $room_id . " and " . $room_pass;
$query->execute(array("rid" => $room_id, "rpass" => $pass));
if ($query->rowCount() == 0) {
return false;
}
return true;
}
if (!empty($_POST) && validateInput($db, $_POST["room_id"], $_POST["room_pass"])) {
//Set the room-session
$_SESSION["room_id"] = $_POST["room_id"];
?>
<section id="action-section">
<h2 class="heading">Room joined successfully!</h2>
<a href="room.php">Click here if you are not redirected soon...</a>
</section>
<script type="text/javascript">
setTimeout(function () { window.location.replace("room.php"); }, 1000);
</script>
<?php
} else {
?>
var_dump($DB->error);
}
if ($query !== false) {
header('Location: index.php?mode=admin&task=toolsEditdetails&clanId=' . $_GET["clanId"]);
} else {
$return['msg'] = l('Could not save data');
$return['status'] = "1";
}
}
}
// process the search
if (isset($_POST['submit']['searchForId'])) {
$searchFor = trim($_POST['search']['ID']);
$searchWhere = trim($_POST['search']['what']);
$check = validateInput($searchFor, 'digit');
$check1 = validateInput($searchWhere, 'nospace');
if ($check === true && $check1 === true) {
// search for given ID
if ($searchWhere === "player") {
$query = $DB->query("SELECT `playerId`\n\t\t\t\t\t\t\t\t\tFROM `" . DB_PREFIX . "_Players`\n\t\t\t\t\t\t\t\t\tWHERE `playerId` = '" . $DB->real_escape_string($searchFor) . "'");
if (SHOW_DEBUG && $DB->error) {
var_dump($DB->error);
}
if ($query->num_rows > 0) {
$result = $query->fetch_assoc();
header('Location: index.php?mode=admin&task=toolsEditdetails&playerId=' . $result['playerId']);
} else {
$return['msg'] = l('Nothing found');
$return['status'] = "1";
}
} elseif ($searchWhere === "clan") {
$newSort = "ASC";
// the default sort order for the query
$sortorder = 'DESC';
if (isset($_GET["sortorder"])) {
$check = validateInput($_GET['sortorder'], 'nospace');
if ($check === true) {
$sortorder = $_GET['sortorder'];
}
if ($_GET["sortorder"] == "ASC") {
$newSort = "DESC";
}
}
// minimum mebers count to show
$minmembers = 2;
if (isset($_GET["showAll"])) {
$check = validateInput($_GET['showAll'], 'digit');
if ($check === true) {
$minmembers = false;
}
}
// query to get the data from the db with the given options
$queryStr = "SELECT SQL_CALC_FOUND_ROWS\n\t\tc.clanId,\n\t\tc.name,\n\t\tc.tag,\n\t\tCOUNT(p.playerId) AS nummembers,\n\t\tSUM(p.kills) AS kills,\n\t\tSUM(p.deaths) AS deaths,\n\t\tROUND(AVG(p.skill)) AS skill,\n\t\tIFNULL(SUM(p.kills) / SUM(p.deaths), 0) AS kpd\n\tFROM `" . DB_PREFIX . "_Clans` AS c\n\tLEFT JOIN `" . DB_PREFIX . "_Players` AS p\n\t\tON p.clan = c.clanId\n\tWHERE c.game = '" . $DB->real_escape_string($game) . "'\n\t\tAND p.hideranking = 0\n\tGROUP BY c.clanId";
if (!empty($minmembers)) {
$queryStr .= " HAVING nummembers >= " . $DB->real_escape_string($minmembers);
}
$queryStr .= " ORDER BY " . $sort . " " . $sortorder . "";
// calculate the limit
if ($page === 1) {
$queryStr .= " LIMIT 0,50";
} else {
$start = 50 * ($page - 1);
$check = validateInput($_GET['page'], 'digit');
if ($check === true) {
$page = $_GET['page'];
}
}
$sort = 'kills';
if (isset($_GET["sort"])) {
$check = validateInput($_GET['sort'], 'nospace');
if ($check === true) {
$sort = $_GET['sort'];
}
}
$newSort = "ASC";
$sortorder = 'DESC';
if (isset($_GET["sortorder"])) {
$check = validateInput($_GET['sortorder'], 'nospace');
if ($check === true) {
$sortorder = $_GET['sortorder'];
}
if ($_GET["sortorder"] == "ASC") {
$newSort = "DESC";
}
}
// get the data
$killCount = $DB->query("SELECT COUNT(p.playerId) kc\n\tFROM `" . DB_PREFIX . "_Events_Frags` AS ef\n\tLEFT JOIN `" . DB_PREFIX . "_Players` AS p\n\t\tON p.playerId = ef.killerId\n\tWHERE p.game = '" . $DB->real_escape_string($game) . "'");
if (SHOW_DEBUG && $DB->error) {
var_dump($DB->error);
}
$result = $killCount->fetch_assoc();
$totalkills = $result['kc'];
$killCount->free();
//require("hlstatsinc/search-class.inc.php");
pageHeader(array(l("Search")), array(l("Search") => ""));
$sr_query = false;
$sr_type = 'player';
$sr_game = false;
if (!empty($_GET["q"])) {
$sr_query = sanitize($_GET["q"]);
$sr_query = urldecode($sr_query);
}
if (!empty($_GET["st"])) {
if (validateInput($_GET["st"], 'nospace') === true) {
$sr_type = $_GET["st"];
}
}
if (!empty($_GET["game"])) {
if (validateInput($_GET["game"], 'nospace') === true) {
$sr_game = $_GET["game"];
}
}
$remoteSearch = false;
// check if we have asearch request via get
if (!empty($sr_query) && !empty($sr_type) && !empty($sr_game)) {
$remoteSearch = true;
}
// get the game list
$gamesArr = array();
$query = mysql_query("SELECT code, name FROM " . DB_PREFIX . "_Games WHERE hidden='0' ORDER BY name");
while ($result = mysql_fetch_assoc($query)) {
$gamesArr[$result['code']] = $result['name'];
}
$searchResults = false;
* +
*
* This program is free software is licensed under the
* COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
*
* You should have received a copy of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
* along with this program; if not, visit http://hlstats-community.org/License.html
*
*/
$gc = false;
$check = false;
$return = false;
// get the game, without it we can not do anyting
if (isset($_GET['gc'])) {
$gc = trim($_GET['gc']);
$check = validateInput($gc, 'nospace');
if ($check === true) {
// load the game info
$query = $DB->query("SELECT name\n\t\t\t\t\t\t\tFROM `" . DB_PREFIX . "_Games`\n\t\t\t\t\t\t\tWHERE code = '" . $DB->real_escape_string($gc) . "'");
if (SHOW_DEBUG && $DB->error) {
var_dump($DB->error);
}
if ($query->num_rows > 0) {
$result = $query->fetch_assoc();
$gName = $result['name'];
}
$query->free();
}
}
// do we have a valid gc code?
if (empty($gc) || empty($check)) {
const AdultPrice = 11.65;
const ChildPrice = 8.65;
const StudentPrice = 9.65;
$ShowForm = TRUE;
$errorCount = 0;
$AdultOrder = 0;
$ChildOrder = 0;
$StudentOrder = 0;
$Total = 0;
$TotalTickets = 0;
$CustomerName = "";
if (isset($_POST['Submit'])) {
$AdultOrder = $_POST['Adult'];
$ChildOrder = $_POST['Child'];
$StudentOrder = $_POST['Student'];
$CustomerName = validateInput($_POST['CustomerName'], "Customer Name");
if ($errorCount == 0) {
$ShowForm = FALSE;
} else {
$ShowForm = TRUE;
}
}
if ($ShowForm == TRUE) {
if ($errorCount > 0) {
echo "<p>Please re-enter the form information below.</p>\n";
}
displayForm($AdultOrder, $ChildOrder, $StudentOrder, $CustomerName);
} else {
$Total = $AdultOrder * AdultPrice + $ChildOrder * ChildPrice + $StudentOrder * StudentPrice;
$TotalTickets = $AdultOrder + $ChildOrder + $StudentOrder;
echo "<h2 style =\"text_align:left\">Movie Tickets Order Confirmation</h2>";