示例#1
0
文件: addaward.php 项目: anodyne/sms
/* access check */
if (in_array("m_giveaward", $sessionAccess)) {
    /* set the page class */
    $pageClass = "admin";
    $subMenuClass = "manage";
    $query = FALSE;
    $result = FALSE;
    /* do some checking to make sure someone's not trying to do a SQL injection */
    if (isset($_GET['crew']) && !is_numeric($_GET['crew'])) {
        errorMessageIllegal("add award page");
        exit;
    } elseif (isset($_GET['crew']) && is_numeric($_GET['crew'])) {
        $crew = $_GET['crew'];
    }
    if (isset($_GET['award']) && !is_numeric($_GET['award'])) {
        errorMessageIllegal("add award page");
        exit;
    } elseif (isset($_GET['award']) && is_numeric($_GET['award'])) {
        $award = $_GET['award'];
    }
    /* if an award key is in the URL */
    if (isset($_POST['action_type']) && $_POST['action_type'] == "give") {
        foreach ($_POST as $key => $value) {
            ${$key} = $value;
        }
        if (!is_numeric($action_crew)) {
            $action_crew = NULL;
        }
        $pullAwards = "SELECT awards FROM sms_crew WHERE crewid = {$action_crew} LIMIT 1";
        $pullAwardsResult = mysql_query($pullAwards);
        $stringAwards = mysql_fetch_array($pullAwardsResult);
示例#2
0
文件: addjp.php 项目: anodyne/sms
         exit;
     }
 }
 if (isset($_GET['delete'])) {
     if (is_numeric($_GET['delete'])) {
         $delete = $_GET['delete'];
     } else {
         errorMessageIllegal("add JP page");
         exit;
     }
 }
 if (isset($_GET['add'])) {
     if (is_numeric($_GET['add'])) {
         $add = $_GET['add'];
     } else {
         errorMessageIllegal("add JP page");
         exit;
     }
 }
 if (!isset($number)) {
     $number = 2;
 } elseif ($number > JP_AUTHORS) {
     $number = JP_AUTHORS;
 }
 if (isset($_POST['action_x'])) {
     $jpnumber = $_POST['jpNumber'];
     for ($n = 1; $n <= $jpnumber; $n++) {
         $authors[] = $_POST['author' . $n];
     }
     /* make a string of the authors */
     $postAuthors = implode(',', $authors);
示例#3
0
文件: access.php 项目: anodyne/sms
System Version: 2.6.8
Last Modified: 2009-01-09 0938 EST
**/
/* access check */
if (in_array("x_access", $sessionAccess)) {
    /* set the page class and vars */
    $pageClass = "admin";
    $subMenuClass = "manage";
    $result = NULL;
    $updateAccess = NULL;
    /* do some checking to make sure someone's not trying to do a SQL injection */
    if (isset($_GET['crew'])) {
        if (is_numeric($_GET['crew'])) {
            $crew = $_GET['crew'];
        } else {
            errorMessageIllegal("access level page");
            exit;
        }
    }
    /* set the default tab */
    if (isset($_GET['tab']) && is_numeric($_GET['tab'])) {
        $tab = $_GET['tab'];
    } else {
        $tab = 1;
    }
    if (isset($_GET['set'])) {
        $set = $_GET['set'];
    } else {
        $set = NULL;
    }
    /* if update has been hit, continue */
示例#4
0
文件: bio.php 项目: anodyne/sms
This is a necessary system file. Do not modify this page unless you are highly
knowledgeable as to the structure of the system. Modification of this file may
cause SMS to no longer function.

Author: David VanScott [ davidv@anodyne-productions.com ]
File: admin/user/bio.php
Purpose: Page to display the requested bio

System Version: 2.6.7
Last Modified: 2008-12-17 0814 EST
**/
/* do some checking to make sure someone's not trying to do a SQL injection */
if (isset($_GET['crew']) && is_numeric($_GET['crew'])) {
    $crew = $_GET['crew'];
} else {
    errorMessageIllegal("user bio page");
    exit;
}
/* get the crew type */
$getCrewType = "SELECT crewType FROM sms_crew WHERE crewid = '{$crew}' LIMIT 1";
$getCrewTypeResult = mysql_query($getCrewType);
$getType = mysql_fetch_assoc($getCrewTypeResult);
/* access check */
if ($sessionCrewid == $crew || in_array("u_bio2", $sessionAccess) && $getType['crewType'] == "npc" || in_array("u_bio3", $sessionAccess)) {
    /* set the page class */
    $pageClass = "admin";
    $subMenuClass = "user";
    $result = FALSE;
    $updateCrew = FALSE;
    if (isset($_POST['action_x'])) {
        $action = $_POST['action_x'];
示例#5
0
文件: inbox.php 项目: anodyne/sms
System Version: 2.6.10
Last Modified: 2009-10-28 2213 EST
**/
/* access check */
if (in_array("u_inbox", $sessionAccess)) {
    /* set the page class */
    $pageClass = "admin";
    $subMenuClass = "user";
    $result = FALSE;
    $query = FALSE;
    if (isset($_GET['id'])) {
        if (is_numeric($_GET['id'])) {
            $id = $_GET['id'];
        } else {
            errorMessageIllegal("send private message page");
            exit;
        }
    }
    if (isset($_POST['action_x'])) {
        $action = $_POST['action_x'];
    }
    if (isset($_POST['box'])) {
        $box = $_POST['box'];
    }
    if (isset($_GET['tab']) && is_numeric($_GET['tab'])) {
        $tab = $_GET['tab'];
    } else {
        $tab = 1;
    }
    if (isset($_POST['action_send_x'])) {
示例#6
0
文件: message.php 项目: anodyne/sms
File: admin/user/message.php
Purpose: Page that views a given private message

System Version: 2.6.0
Last Modified: 2008-04-06 2223 EST
**/
/* access check */
if (in_array("u_inbox", $sessionAccess)) {
    /* set the page class */
    $pageClass = "admin";
    $subMenuClass = "user";
    if (isset($_GET['id'])) {
        if (is_numeric($_GET['id'])) {
            $message = $_GET['id'];
        } else {
            errorMessageIllegal("private message viewing page");
            exit;
        }
    }
    $getMessages = "SELECT * FROM sms_privatemessages WHERE pmid = {$message} LIMIT 1";
    $getMessagesResult = mysql_query($getMessages);
    /* loop through the results and fill the form */
    while ($msgFetch = mysql_fetch_assoc($getMessagesResult)) {
        extract($msgFetch, EXTR_OVERWRITE);
    }
    if ($sessionCrewid == $pmRecipient || $sessionCrewid == $pmAuthor) {
        if ($pmStatus == "unread" && $sessionCrewid == $pmRecipient) {
            /* if the PM status is unread, change it to read */
            $updateStatus = "UPDATE sms_privatemessages SET pmStatus = 'read' ";
            $updateStatus .= "WHERE pmid = {$message} LIMIT 1";
            $updateStatusResult = mysql_query($updateStatus);
示例#7
0
文件: bio.php 项目: anodyne/sms
This is a necessary system file. Do not modify this page unless you are highly
knowledgeable as to the structure of the system. Modification of this file may
cause SMS to no longer function.

Author: David VanScott [ davidv@anodyne-productions.com ]
File: pages/bio.php
Purpose: Page to display the requested bio

System Version: 2.6.8
Last Modified: 2009-01-02 1548 EST
**/
/* define the page class and set the vars */
$pageClass = "personnel";
/* make sure the crew id is legit */
if (isset($_GET['crew']) && !is_numeric($_GET['crew'])) {
    errorMessageIllegal("bio page");
    exit;
} else {
    $crew = $_GET['crew'];
}
/* pull in the menu */
if (isset($sessionCrewid)) {
    include_once 'skins/' . $sessionDisplaySkin . '/menu.php';
} else {
    include_once 'skins/' . $skin . '/menu.php';
}
/* set the rank variable */
if (isset($sessionCrewid)) {
    $rankSet = $sessionDisplayRank;
} else {
    $rankSet = $rankSet;
示例#8
0
文件: logs.php 项目: anodyne/sms
 $subMenuClass = "manage";
 $query = FALSE;
 $result = FALSE;
 if (isset($_GET['id'])) {
     if (is_numeric($_GET['id'])) {
         $id = $_GET['id'];
     } else {
         errorMessageIllegal("personal log editing page");
         exit;
     }
 }
 if (isset($_GET['remove'])) {
     if (is_numeric($_GET['remove'])) {
         $remove = $_GET['remove'];
     } else {
         errorMessageIllegal("personal log editing page");
         exit;
     }
 }
 if (isset($_POST['action_update_x'])) {
     if (!in_array("m_logs2", $sessionAccess)) {
         $update = "UPDATE sms_personallogs SET logTitle = %s, logContent = %s WHERE logid = {$id}";
         $query = sprintf($update, escape_string($_POST['logTitle']), escape_string($_POST['logContent']));
     } else {
         $update = "UPDATE sms_personallogs SET logAuthor = %d, logTitle = %s, logContent = %s, logStatus = %s WHERE logid = {$id}";
         $query = sprintf($update, escape_string($_POST['logAuthor']), escape_string($_POST['logTitle']), escape_string($_POST['logContent']), escape_string($_POST['logStatus']));
     }
     $result = mysql_query($query);
     /* optimize the table */
     optimizeSQLTable("sms_personallogs");
     $action = "update";
示例#9
0
文件: account.php 项目: anodyne/sms
Last Modified: 2008-08-16 1739 EST
**/
/* set the page class */
$pageClass = "admin";
$subMenuClass = "user";
$result = FALSE;
$updateAcct = FALSE;
/* set the POST action */
if (isset($_POST['action_x'])) {
    $action = $_POST['action_x'];
}
/* make sure the CREW variable is a number */
if (isset($_GET['crew']) && is_numeric($_GET['crew'])) {
    $crew = $_GET['crew'];
} else {
    errorMessageIllegal("crew account page");
    exit;
}
/* access check */
if ($sessionCrewid == $crew && in_array("u_account1", $sessionAccess) || in_array("u_account2", $sessionAccess)) {
    if (isset($action)) {
        /* pull the current password hash */
        $getPassword = "******";
        $getPasswordResult = mysql_query($getPassword);
        $fetchPassword = mysql_fetch_array($getPasswordResult);
        if (isset($_POST['currentPassword'])) {
            if ($_POST['currentPassword'] == "") {
                /*
                if the current password is empty, check to make sure they're
                not trying to update username, real name, or email, otherwise
                run the update query