<?php require_once '../LoginApi/auth.php'; include "dbconnect.php"; include "variable.php"; require_once "includes/ContentSanitize.class.php"; $san = new Sanitize(); $event_id = 42; $user_name = trim($_POST['user']); $password = trim($_POST['pass']); $user_name = strip_tags($user_name); $user_name = htmlentities($user_name, ENT_QUOTES); $user_name = $san->cleanString($user_name); $password = strip_tags($password); $password = htmlentities($password, ENT_QUOTES); $password = $san->cleanString($password); if (validate($user_name, $password, $event_id)) { session_start(); $_SESSION['user_platzen'] = $user_name; $_SESSION['islogin'] = 1; $_SESSION['isregistered_platzen'] = 1; $check = 1; } // echo validate($user_name, $password, $event_id); if ($check == 1) { //Correct User //echo $user_name; $query = "SELECT * from user_info_pla where user_id='{$user_name}'"; $result = mysql_query($query) or die("Could not retrieve database"); if (mysql_num_rows($result) == 0) { $user_insert = mysql_query("INSERT user_info_pla (user_id) VALUES ('{$user_name}') ");
$x = mysql_fetch_array($result); $qid = $x['score'] + 1; echo $qid; $query = "SELECT ans FROM question_info_ste where qid='{$qid}'"; $result = mysql_query($query) or die("Query failed:1 " . mysql_error()); $row = mysql_fetch_array($result); $ans = $row['ans']; $san = new Sanitize(); //echo $pro_ans." ".$ans; $pro_ans = $_POST['pro_ans']; $pro_ans = strip_tags($pro_ans); $pro_ans = trim($pro_ans); $pro_ans = htmlentities($pro_ans, ENT_QUOTES); $pro_ans = strtolower($pro_ans); $pro_ans = addslashes($pro_ans); $pro_ans = $san->cleanString($pro_ans); $pro_ans = md5($pro_ans); $ans = htmlentities(stripslashes($ans), ENT_QUOTES); //Security//// if ($pro_ans == $ans) { //updating the time of submission //$mani = date('H:i:s',time() + (4 * 60)); $mani = date('Y-m-d H:i:s', time()); $query = "UPDATE user_info_ste SET score=score+1, time = '{$mani}' WHERE user_id ='{$_SESSION['user_stegolica']}'"; $result = mysql_query($query) or die("Query failed2: " . mysql_error()); //$_SESSION['score']=$_SESSION['score']+1; $_SESSION['message'] = ""; if ($qid == $total_question) { header("Location: winner.php"); } } else {