<?php session_start(); include "/home/u220391248/public_html/scripts/config.php"; checkIfAdmin(); checkIfBanned(); if (isset($_POST['submit'])) { $registrationDisabled = secureForDB($_POST['registrationDisabled']); if (mysql_query("UPDATE websiteSettings SET registrationDisabled = '{$registrationDisabled}'")) { $msg = "Your settings have been saved!"; } else { $msg = "Your settings haven't bene saved!"; } } echo $menu; ?> <title><?php echo "{$title}"; ?> </title> <head> <link href="/stylesheets/default.css" rel="stylesheet" type="text/css"> <link href="/stylesheets/css_buttons.css" rel="stylesheet" type="text/css"> </head> <style> .form{ position:relative; top:250; background-color:black; width:330;
} $confirmpass = secureString($_POST['currpass']); $pass = md5(secureForDB($_POST['pass'])); $email = secureForDB($_POST['email']); if (isset($_POST['cnfrm'])) { if (isset($confirmpass)) { if (md5($confirmpass) == $p1) { if ($pass != "") { // Change password mysql_query("UPDATE users SET password = '******' WHERE username = '******'"); echo "<center><font color=green>The password for your account\n has been changed!</font></center>"; } if (isset($email) && checkEmail($email)) { // Change email address $query = mysql_query("UPDATE users SET email = '{$email}' WHERE username = '******'"); echo "If you ever forget your password, you can now use the password reset feature.<br> Just click the link that says \"Forgot Password?\" on the login page."; } elseif ($email != "") { echo "<font color=red>The email address you have entered is invalid!</font>"; } } else { die("<center><font color=red>The password you have entered is invalid!</font></center>"); } } } if (isset($_POST['perPage'])) { $amountPP = secureForDB($_POST['amountPerPage']); mysql_query("UPDATE users SET gamesPerPage = '{$amountPP}' WHERE username = '******'"); redirect(0, "settings.php"); } ?> </center>
$newPassword = ""; if (!$_SESSION['account_position'] == "Admin") { if ($_SESSION['CurrentUser'] == $username) { die("<font color=\"red\">You cannot edit your own details</font>"); } } if (getUserData($username, "account_position") == "Admin") { die("<br><font color=\"red\">You cannot edit an administrator's details.</font>"); } if (isset($user)) { $query = mysql_query("SELECT * FROM users WHERE username = '******'"); if ($query) { $query2 = mysql_query("UPDATE users SET password = '******' WHERE username = '******'"); if ($query2) { echo "<font color=green><center>{$username}'s password has been changed!</center></font>"; $newPassword = secureForDB($_POST['password']); $somethingChanged = true; } if ($email != "") { $query2 = mysql_query("UPDATE users SET email = '{$email}' WHERE username = '******'"); if ($query2) { echo "<font color=green><center>{$username}'s email address has been changed!</center></font>"; $newMail = $email; $somethingChanged = true; } } if ($newUsername != "") { $query = mysql_query("UPDATE users SET username = '******' WHERE username = '******'"); if ($query) { echo "<font color=green><center>{$username}'s new username is now: {$newUsername}</center></font>"; $somethingChanged = true;
.content { padding: 5; } .title{ margin:5; } </style> <?php echo $menu; ?> <div class="content"> <font color=white> <?php if (isset($_GET['tag'])) { $tag = secureForDB($_GET['tag']); if ($tag == "") { die("<center><font color=red>Derp, you haven't entered a tag...</font></center>"); } $query = mysql_query("SELECT * FROM gmes WHERE tags LIKE '%{$tag}%' ORDER BY gme_name"); while ($row = mysql_fetch_array($query)) { $tags = $row['tags']; $tags = explode(";", $tags); $id = $row['id']; foreach ($tags as $item) { if ($item == $tag) { $list .= $id . ";"; } } } $list = explode(";", $list);
<?php include "/home/u220391248/public_html/scripts/config.php"; error_reporting(0); $user = $_SESSION['CurrentUser']; $id = secureForDB($_GET['id']); $playAnotherRandomGame = secureForDB($_GET['randomGameBtn']); if ($id == 0) { header("Location: /main.php"); return; } checkIfLoggedIn(); checkIfBanned(); $query = mysql_query("SELECT * FROM gmes WHERE id = '{$id}'"); $arr = mysql_fetch_array($query); $name = $arr['filename']; $gme_type = $arr['type']; $shockwaveUrl = "http://dl.dropboxusercontent.com/u/88620415/swf_files/shockwave/"; $mainUrl = "http://dl.dropboxusercontent.com/u/88620415/swf_files/"; switch ($gme_type) { case "flash": //Carry on break; case "shockwave": break; case "java": header("Location: JVA-GME.php?id={$id}"); return; break; default: die("<center><font color=red>Error! Contact the owner about an invalid link</font></center>");
<?php include "/home/u220391248/public_html/scripts/config.php"; checkIfLoggedIn(); checkIfBanned(); if (isset($_POST['submit'])) { $name = secureForDB($_POST['name']); $url = secureForDB($_POST['url']); $email = getUserData($user, "email"); $date = date("dS F Y"); mysql_query("INSERT INTO requests SET username = '******', email = '{$email}', game_name = '{$name}', game_url = '{$url}', date = '{$date}'"); } $form = base64_encode('<style> .form{ position:relative; top:250; width:300; margin:5; padding:5; background-color:black; } </style> <center> <div class="form"> <form action="" method="POST"> <table> <tr> <td><font color="white">Game Name:</font></td> <td><input type="text" name="name"></td> </tr>
} else { echo "<center><font color=red>An unexpected error has occured!<br>" . mysql_error() . "</font></center>"; } } } elseif ($banMsg == "") { echo "<center><font color=red>You can't ban someone without a message</font></center>"; } else { if (!isset($_POST['customMsg'])) { echo "<center><font color=red>You can't ban someone without a message</font></center>"; } } } // Custom Message Ban if (!$_POST['customMsg'] == "") { preventEditingAdminBan(); $msg = secureForDB("CustomMsg:" . $_POST['customMsg']); $query = mysql_query("UPDATE users SET bannedBy = '{$user}', ban_message = '{$msg}' WHERE username = '******'"); if ($query) { logBan(); echo "<center><font color=green>The user {$username} has been banned with your custom message!</font></center>"; die; } else { echo "<center><font color=red>An unexpected error has occured!</font></center>"; } } // Unban User if (!$username == "") { if (in_array($bannedBy, $unremovableBans)) { die('<center><font color="red">You cannot modify an administrator\'s ban</font></center>'); } if (isset($_POST['unban'])) {
} $del = mysql_query("DELETE FROM gmes WHERE id = '{$gmeID}'"); if ($del) { mysql_query("ALTER TABLE gmes AUTO_INCREMENT = {$i};"); $gMsg = $gmeName . " has been removed successfully!"; } else { $eMsg = "An error has occured while trying to remove\n" . $gmeName; } } else { $eMsg = "There is no Gme with that Name/ID"; } } } if (isset($_POST['addOne'])) { $gme_name = secureForDB($_POST['gmeName']); $swfFile = secureForDB($_POST['swfName']); if ($gme_name != "" && $swfFile != "") { $query = "INSERT INTO gmes SET filename = '{$swfFile}', gme_name = '{$gme_name}'"; $check = mysql_query("SELECT * FROM gmes WHERE filename = '{$swfFile}'"); $check2 = mysql_query("SELECT * FROM gmes WHERE gme_name = '{$gme_name}'"); $actualCheck = mysql_num_rows($check); $actualCheck2 = mysql_num_rows($check2); if ($actualCheck == 0 && $actualCheck2 == 0) { $result = mysql_query($query); if ($result) { $gMsg = "{$gme_name} has been added!"; } } } } if (isset($_POST['genList'])) {
</tr> <tr> <td><font color="white">Confirm New Password:</td> <td><input type="password" name="confirmNewPassword"></td> </tr> </table> <input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password!" name="submit"> </form> </div> </center> </body>'; if (isset($_POST['currentPassword'], $_POST['newPassword'], $_POST['confirmNewPassword'])) { $currPass = secureForDB($_POST['currentPassword']); $newPass = secureForDB($_POST['newPassword']); $confirmNewPass = secureForDB($_POST['confirmNewPassword']); $arr = explode(":", $_SESSION['INSECURE_PASS_DATA']); $TMP_USER = $arr[0]; $TMP_PASS = $arr[1]; if (md5($currPass) == $TMP_PASS) { if ($newPass == $confirmNewPass) { if (getPasswordStrength($newPass) >= $globalPasswordStrength) { $hash = md5($newPass); $result = mysql_query("UPDATE users SET password = '******' WHERE username = '******'"); if ($result) { unset($_SESSION['INSECURE_PASS_DATA']); echo '<center><font color="green">Your password has been successfully changed, you may now login!<center> <meta http-equiv="refresh" content="3; url=' . $mirrorUrl . '">'; } else { echo "<center><font color=\"red\">An unexpected error has occured!</center>"; }
?> " name="name"></td> </tr> <tr> <td><textarea name="body" style="margin: 3px; height: 250px; width: 500px; "></textarea><br></td> </tr> </table> <div class="btn"> <input type="submit" class="btn rc05 f10 p05 dk blue" name="submit" value="Send PM!"> </div> </form> <?php if (isset($_POST['submit'])) { $name = secureForDB($_POST['name']); if (is_numeric($name)) { $query = mysql_query("SELECT * FROM users WHERE id = '{$name}'"); $arr = mysql_fetch_array($query); $name = $arr['username']; } $query = mysql_query("SELECT * FROM users WHERE username = '******'"); $arr = mysql_fetch_array($query); $email = $arr['email']; $subject = 'You have recieved a PM from ' . $user . ''; $body = secureString($_POST['body']); $body .= '<br>----------<br>To reply to this PM, go <a href="' . $mirrorUrl . '?ext=/scripts/privateMessage.php?rid=' . $userDetails['id'] . '">here</a>'; $headers = "Content-Type: text/html;"; $success = mail($email, $subject, $body, $headers); if ($success) { $gMsg = "A PM to {$name} has been sent!";
if ($favourites != "") { $list .= '<div id="favourites"><table border="2"><tr><th><center><div id="title">Game</div></center></th><th><center><div id="title">Remove</div></center></th></tr>'; foreach ($arr as $id) { if ($id != "") { $data = mysql_fetch_array(mysql_query("SELECT * FROM gmes WHERE id = '{$id}'")); $gme_name = $data['gme_name']; $list .= '<tr><td><div id="gmeName"><a id="link" href="' . $mirrorUrl . '?ext=/scripts/PlaySWF.php?id=' . $id . '">' . $gme_name . '</a></div></td><td><a id="x" href="javascript:removeFav(' . $id . ')"><center>Remove</center></a></td></tr>'; } } $list .= "</div></table>"; $list = base64_encode($list); returnData($list); break; } break; case "removeRequest": $id = secureForDB($_POST['id']); mysql_query("UPDATE requests SET hidden = '1' WHERE id = '{$id}'"); $q = mysql_query("SELECT * FROM requests WHERE hidden = '0'"); if (!mysql_num_rows($q) == 0) { $tbl = '<div id="requests"><table border="1"><tr><th>Game Name</th><th>Username</th><th>Email</th><th>Date</th><th>Remove</th></tr>'; while ($row = mysql_fetch_array($q)) { $tbl .= '<tr><td><a href="' . $row['game_url'] . '">' . $row['game_name'] . '</a></td><td>' . $row['username'] . '</td><td>' . $row['email'] . '</td><td>' . $row['date'] . '</td><td><a id="remove" href="javascript:removeRequest(' . $row['id'] . ');">X</a></td></tr>'; } $tbl .= "</table>"; returnData(base64_encode($tbl)); } else { returnData(base64_encode("There are currently no requests")); } break; }
<td><font color=white>Confirm New Password:</font></td> <td><input type="password" name="confirmpass"/></td> </tr> </table> <div class="sub2"> <input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password" name="newpass"/> </div> </form> </div> </center>'; if (isset($_POST['newpassword'])) { if (secureForDB($_POST['confirmpass']) == $_POST['newpassword']) { $passStrength = getPasswordStrength(secureForDB($_POST['newpassword'])); if ($passStrength >= $globalPasswordStrength) { $newPass = hashPassword(secureForDB($_POST['newpassword'])); $query = mysql_query("SELECT * FROM reset_pass WHERE code = '{$code}'"); $arr = mysql_fetch_array($query); $user = $arr['username']; $check = mysql_num_rows($query); if ($check == 1) { $update = mysql_query("UPDATE users SET password = '******' WHERE username = '******'"); if ($update) { mysql_query("DELETE FROM reset_pass WHERE code = '{$code}'"); echo "<center><font color=green>The password to your account has been reset!<br>You may now login with your new \tpassword.</font></center>"; redirect(3, "/login.php"); } } else { echo '<div class="bMsg"><center><font color=red>An unexpected error has occured!</font></center></div>'; } } else {
<?php include "/home/u220391248/public_html/scripts/config.php"; checkIfLoggedIn(); checkIfBanned(); disableRightClick(); echo $menu; $echoForm = True; $search = secureForDB($_POST['search']); $results = ""; $count = 0; if (isset($_POST['submit'])) { if ($search != "") { $echoForm = False; $query = mysql_query("SELECT * FROM gmes WHERE gme_name LIKE '%{$search}%'"); $results = '<table border="1"><tr><th><div id="title"><center>Game</center></div></th><th><div id="title"><center>Views</center></div></th></tr>'; while ($row = mysql_fetch_array($query)) { $name = $row['gme_name']; $ID = $row['id']; $views = $row['views']; $results .= '<tr><td><a id="link" href="' . $mirrorUrl . '?ext=\\scripts\\PlaySWF.php?id=' . $ID . '">' . $name . '</a></div></td><td><div id="views">' . $views . '</td></tr>'; $count++; } $results .= '</table>'; } } ?> <title><?php echo "{$title}"; ?> </title>
<?php include "/home/u220391248/public_html/scripts/config.php"; $action = secureForDB($_GET['action']); switch ($action) { case "deleteAllItems": $query = mysql_query("UPDATE users SET favourite_games = '' WHERE username = '******'"); break; } checkIfLoggedIn(); checkIfBanned(); disableRightClick(); ?> <?php ?> <title><?php echo "{$title}"; ?> </title> <head> <link href="/stylesheets/default.css" rel="stylesheet" type="text/css"> <link href="/stylesheets/css_buttons.css" rel="stylesheet" type="text/css"> </head> <style type="text/css"> .content { padding: 5; } #gmeName{ margin-left:5;
<input type="submit" class="btn rc05 f10 p05 dk blue" value="Register" name="submit"/> </div> </form> </div> <br> <?php if ($registrationDisabled == True) { die("<br><font color=\"red\">Registration is currently disabled</font>"); } $user = secureForDB($_POST['user']); $pass = secureForDB($_POST['pass']); $confirmPass = secureForDB($_POST['confirmPass']); $email = secureForDB($_POST['email']); $serial = secureForDB($_POST['serial']); $userIp = $_SERVER['REMOTE_ADDR']; $confirm_registration_code = secureForDB($_GET['code']); $_SESSION['temp_email'] = $email; $_SESSION['temp_username'] = $user; logDetails($confirm_registration_code); if (!isset($previousCode) && isset($_POST['submit'])) { $previousCode = secureString($_POST['norobot']); } if ($confirm_registration_code != "") { $query = mysql_query("SELECT * FROM users WHERE activated = '0'"); while ($row = mysql_fetch_array($query)) { $email = $row['email']; $user = $row['username']; $pass = $row['password']; $code = generateSecurityCode($email, $user, $pass); if ($confirm_registration_code == $code) { $query = mysql_query("UPDATE users SET activated = '1' WHERE username = '******'");