<?php if ($enablelogin) { if (isset($_POST['lostpass'])) { $database = new Database(); $sanitize = new Sanitize(); $settings = $database->get_assoc("SELECT `value` FROM `settings` WHERE `setting`='email'"); $email = $settings['value']; if ($sanitize->for_db($_POST['email']) === $email) { $passwordNew = md5(time()); $passwordHash = sha1("{$passwordNew}" . Config::DB_SALT . ""); $result = $database->query("UPDATE `settings` SET `value`='" . $passwordHash . "' WHERE `setting`='password' LIMIT 1"); if (!$result) { $error[] = "Could not update the password. " . mysqli_error() . ""; } else { $message = "Your EasyTCG password has been reset! \n\nNew Password: {$passwordNew}"; $headers = "From: EasyTCG"; if (!mail($email, 'EasyTCG - Password Reset', $message, $headers)) { $error[] = "Could not send the email."; } else { $success[] = "Your password has been reset! The new password has been sent to your email address."; } } } else { $error[] = "Wrong email address!"; } } ?> <!DOCTYPE html> <html lang="en"> <head>
} $result = $database->query("UPDATE `cards` SET `category`='{$category}', `cards`='{$cards}', `worth`='{$worth}', `auto`='{$auto}', `autourl`='{$autourl}', `format`='{$format}', `priority`='{$priority}' WHERE `id`='{$catid}' LIMIT 1"); if (!$result) { $error[] = "Could not update the category. " . mysqli_error() . ""; } else { $success[] = "Category <em>{$category}</em> was updated successfully!"; } } } } } } } if (isset($_POST['newcat'])) { $sanitize = new Sanitize(); $category = $sanitize->for_db($_POST['category']); $worth = intval($_POST['worth']); $auto = intval($_POST['auto']); $autourl = $sanitize->for_db($_POST['autourl']); if ($autourl != 'default' && $autourl != '' && substr($autourl, -1) != '/') { $autourl = "{$autourl}/"; } if ($autourl == '') { $autourl = 'default'; } if ($worth === '') { $worth = 1; } $exists = $database->num_rows("SELECT `category` FROM `cards` WHERE `tcg`='{$id}' AND `category`='{$category}'"); if ($category == '' || $category == 'category name') { $error[] = "The category name must be defined.";
function sanitize(&$value) { $sanitize = new Sanitize(); $value = trim($value); $value = $sanitize->for_db($value); }
function show_mastered($tcg, $worth = '', $deckname = '') { $database = new Database(); $sanitize = new Sanitize(); $tcg = $sanitize->for_db($tcg); $tcginfo = $database->get_assoc("SELECT * FROM `tcgs` WHERE `name`='{$tcg}' LIMIT 1"); $tcgid = $tcginfo['id']; $cardsurl = $tcginfo['cardsurl']; $format = $tcginfo['format']; if ($worth !== '') { $worth = intval($worth); } if ($deckname !== '') { $deckname = $sanitize->for_db($deckname); } if ($worth !== '') { $result = $database->query("SELECT * FROM `collecting` WHERE `tcg` = '{$tcgid}' AND `mastered` = '1' AND `worth` = '{$worth}' ORDER BY `mastereddate`"); } else { if ($deckname !== '') { $result = $database->query("SELECT * FROM `collecting` WHERE `tcg` = '{$tcgid}' AND `mastered` = '1' AND `deck` = '{$deckname}' ORDER BY `mastereddate`"); } else { $result = $database->query("SELECT * FROM `collecting` WHERE `tcg` = '{$tcgid}' AND `mastered` = '1' ORDER BY `mastereddate`"); } } while ($row = mysqli_fetch_assoc($result)) { $mastered = date('F d, Y', strtotime($row['mastereddate'])); if ($row['badge'] !== '') { echo '<img src="' . $tcginfo['cardsurl'] . '' . $row['badge'] . '" alt="" title="Mastered ' . $mastered . '" /> '; } else { echo '' . $row['deck'] . ' '; } } }
<?php define('VALID_INC', TRUE); include 'class_lib.php'; if (isset($_POST['install'])) { $database = new Database(); $database->connect(); $sanitize = new Sanitize(); $username = $sanitize->for_db($_POST['username']); $password = $sanitize->for_db($_POST['password']); $password2 = $sanitize->for_db($_POST['password2']); $email = $sanitize->for_db($_POST['email']); $url = $sanitize->for_db($_POST['url']); $emailmessage = $sanitize->for_db($_POST['emailmessage']); $hiatustrading = intval($_POST['hiatustrading']); $inactivetrading = intval($_POST['inactivetrading']); $etcgurl = $sanitize->for_db($_POST['etcgurl']); $dateformat = $sanitize->for_db($_POST['dateformat']); $dateheaderformat = $sanitize->for_db($_POST['dateheaderformat']); if (substr($etcgurl, -1) != '/') { $etcgurl = "{$etcgurl}/"; } if ($username === '') { $error[] = "Your username can't be left blank."; } if (!preg_match('/^[a-zA-Z0-9]{3,15}$/i', $username)) { $error[] = "Your username must consist of 3-15 alphanumeric characters."; } if ($password === '') { $error[] = "You must select a password."; }
<?php include 'header.php'; if (isset($_POST['submit'])) { $sanitize = new Sanitize(); $database = new Database(); $name = $sanitize->for_db($_POST['name']); $url = $sanitize->for_db($_POST['url']); $cardsurl = $sanitize->for_db($_POST['cardsurl']); $cardspath = $sanitize->for_db($_POST['cardspath']); $defaultauto = $sanitize->for_db($_POST['defaultauto']); $autoupload = intval($sanitize->for_db($_POST['autoupload'])); $status = $sanitize->for_db($_POST['status']); $format = $sanitize->for_db($_POST['format']); $additional = $sanitize->for_db($_POST['additional']); $exists = $database->num_rows("SELECT * FROM `tcgs` WHERE `name`='{$name}'"); if (substr($cardsurl, -1) != '/') { $cardsurl = "{$cardsurl}/"; } if (substr($cardspath, -1) != '/') { $cardspath = "{$cardspath}/"; } if (substr($defaultauto, -1) != '/') { $defaultauto = "{$defaultauto}/"; } if ($name == '') { $error[] = "The name field can't be left blank."; } else { if ($exists != 0) { $error[] = "A TCG already exists with this name."; } else {
$error[] = "Failed to update the collecting deck. " . mysqli_error() . ""; } else { $success[] = "The deck has been updated{$success2}!"; } } } } } } } } } } if (isset($_POST['newcat'])) { $sanitize = new Sanitize(); $deck = $sanitize->for_db($_POST['deck']); $cards = $sanitize->for_db($_POST['cards']); $findcards = intval($_POST['findcards']); $worth = intval($_POST['worth']); $count = intval($_POST['count']); $break = intval($_POST['break']); $filler = $sanitize->for_db($_POST['filler']); $pending = $sanitize->for_db($_POST['pending']); $puzzle = intval($_POST['puzzle']); $auto = intval($_POST['auto']); $autourl = $sanitize->for_db($_POST['autourl']); $format = $sanitize->for_db($_POST['format']); if ($format == '') { $format = 'default'; } if ($autourl == '') {
} ?> </div> <?php } else { if ($_GET['id'] != '' && $_GET['action'] !== 'deletetcg') { $id = intval($_GET['id']); $database = new Database(); if ($database->num_rows("SELECT * FROM `tcgs` WHERE `id`='{$id}'") == 0) { echo "This TCG does not exist."; } else { if (isset($_POST['submit'])) { $sanitize = new Sanitize(); $name = $sanitize->for_db($_POST['name']); $url = $sanitize->for_db($_POST['url']); $cardsurl = $sanitize->for_db($_POST['cardsurl']); $cardspath = $sanitize->for_db($_POST['cardspath']); $defaultauto = $sanitize->for_db($_POST['defaultauto']); $autoupload = intval($sanitize->for_db($_POST['autoupload'])); $status = $sanitize->for_db($_POST['status']); $format = $sanitize->for_db($_POST['format']); $lastupdated = $sanitize->for_db($_POST['lastupdated']); $exists = $database->num_rows("SELECT * FROM `tcgs` WHERE `name`='{$name}' AND `id`!='{$id}'"); if (substr($cardsurl, -1) != '/') { $cardsurl = "{$cardsurl}/"; } if (substr($cardspath, -1) != '/') { $cardspath = "{$cardspath}/"; }
if ($logtype == 'activityarch') { $result = $database->query("UPDATE `tcgs` SET `activitylogarch`='{$log}' WHERE `id`='{$id}'"); } if ($logtype == 'tradearch') { $result = $database->query("UPDATE `tcgs` SET `tradelogarch`='{$log}' WHERE `id`='{$id}'"); } if (!$result) { $error[] = "Could not update the log. " . mysqli_error() . ""; } else { $success[] = "The log has been updated successfully."; } } } if (isset($_POST['archive'])) { $sanitize = new Sanitize(); $logtype = $sanitize->for_db($_POST['logtype']); $log = $sanitize->for_db($_POST['log']); if ($logtype == 'activity' || $logtype == 'trade') { $result = $database->query("UPDATE `tcgs` SET `" . $logtype . "log`='' WHERE `id`='{$id}'"); if (!$result) { $error[] = "Could not truncate the log. " . mysqli_error() . ""; } else { $curarch = $database->get_assoc("SELECT `" . $logtype . "logarch` FROM `tcgs` WHERE `id`='{$id}' LIMIT 1"); $curarch = $curarch["{$logtype}" . "logarch"]; $newlog = "{$log}\n\n{$curarch}"; $result = $database->query("UPDATE `tcgs` SET `" . $logtype . "logarch`='{$newlog}' WHERE `id`='{$id}'"); if (!$result) { $error[] = "Could not update the log archives. " . mysqli_error() . ""; } else { $success[] = "The log has been updated successfully."; }
function validate() { $sanitize = new Sanitize(); $database = new Database(); $database->connect(); if ($_SESSION['logged_in'] != true && isset($_COOKIE['easyTCGFM_un']) && isset($_COOKIE['easyTCGFM_pw'])) { $username = $sanitize->for_db($_COOKIE['easyTCGFM_un']); $password = $sanitize->for_db($_COOKIE['easyTCGFM_pw']); $database = new Database(); $unexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'username' AND `value` = '{$username}'"); $pwexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'password' AND `value` = '{$password}'"); if ($unexists == 1 && $pwexists == 1) { $this->start($username, $password, 3); return true; } else { return false; } } else { if ($_SESSION['logged_in'] == true) { $username = $_SESSION['username']; $password = $_SESSION['password']; $database = new Database(); $unexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'username' AND `value` = '{$username}'"); $pwexists = $database->num_rows("SELECT `value` FROM `settings` WHERE `setting` = 'password' AND `value` = '{$password}'"); if ($unexists == 1 && $pwexists == 1) { return true; } else { $this->close(); return false; } } else { return false; } } }
<?php define('VALID_INC', TRUE); include_once 'func.php'; if (isset($_POST['tradesubmit'])) { $database = new Database(); $sanitize = new Sanitize(); $name = $sanitize->for_db($_POST['name']); $email = $sanitize->for_db($_POST['email']); $website = $sanitize->for_db($_POST['website']); $tcg = intval($_POST['tcg']); $wants = $sanitize->for_db($_POST['wants']); $offer = $sanitize->for_db($_POST['offer']); $comments = $sanitize->for_db($_POST['comments']); $validcards = true; $wants = explode(',', $wants); foreach ($wants as $card) { if (!preg_match("/[a-z0-9_-]/i", $card)) { $validcards = false; } } $offer = explode(',', $offer); foreach ($offer as $card) { if (!preg_match("/[a-z0-9_-]/i", $card)) { $validcards = false; } } array_walk($wants, 'trim_value'); array_walk($offer, 'trim_value'); if ($validcards === true) { foreach ($wants as $givingcard) {
<?php include 'header.php'; $database = new Database(); function trim_value(&$value) { $value = trim($value); } if (isset($_POST['newtrade'])) { $sanitize = new Sanitize(); $tcgid = intval($_POST['tcg']); $trader = $sanitize->for_db($_POST['trader']); $email = $sanitize->for_db($_POST['email']); $giving = $sanitize->for_db($_POST['giving']); $receiving = $sanitize->for_db($_POST['receiving']); $type = $sanitize->for_db($_POST['type']); $grab = intval($_POST['grab']); $exists = $database->num_rows("SELECT `id` FROM `tcgs` WHERE `id`='{$tcgid}'"); if ($exists != 1) { $error[] = "The TCG does not exist."; } if ($trader === '') { $error[] = "The trader field can't be left blank."; } if ($email !== '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) { $error[] = "Invalid email address."; } if ($type != 'outgoing' && $type != 'incoming') { $error[] = "Invalid trade type."; } if (!isset($error)) {