/index.php
PHP | 1885 lines | 1445 code | 242 blank | 198 comment | 480 complexity | 39063abc1e55bb776fef94d79093616d MD5 | raw file
Possible License(s): AGPL-1.0, LGPL-2.1, GPL-2.0, AGPL-3.0, BSD-3-Clause
Large files files are truncated, but you can click here to view the full file
- <?php
-
- ## Connect to the database
- include("include.php");
-
- ## Other Includes
- include("extentions/wideimage/WideImage.php"); ## Image Manipulation Library
-
- ## Start session
- session_start();
- $time = time();
-
- //$message = null;
-
- #####################################################
- ## COOKIE STUFF - AUTOMATIC LOGIN
- #####################################################
- ## Check if the id and pass match a user
- if ($cookieid && $cookiepass) {
- $cookieid = mysql_real_escape_string($cookieid);
- $cookiepass = mysql_real_escape_string($cookiepass);
- $query = "SELECT * FROM users WHERE id=$cookieid AND userpass='$cookiepass'";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $cookieuser = mysql_fetch_object($result);
- if ($cookieuser->id) {
- $_SESSION['userid'] = $cookieuser->id;
- $_SESSION['password'] = $cookieuser->userpass;
- $_SESSION['userlevel'] = $cookieuser->userlevel;
- $loggedin = 1;
- } else {
- unset($_SESSION['userid']);
- unset($_SESSION['password']);
- unset($_SESSION['userlevel']);
- $loggedin = 0;
- }
- }
-
-
-
- #####################################################
- ## LOGIN FUNCTIONS
- #####################################################
- $loggedin = 0; ## Just in case
- ## If they're attempting to log in
- if ($function == 'Log In') {
- ## Verify their credentials
- $username = mysql_real_escape_string($username);
- $password = mysql_real_escape_string($password);
- $query = "SELECT * FROM users WHERE username='$username' AND userpass=PASSWORD('$password')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $user = mysql_fetch_object($result);
- if ($user->lastupdatedby_admin) {
- $query = "SELECT * FROM users WHERE id=$user->lastupdatedby_admin";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $adminuser = mysql_fetch_object($result);
- }
-
- ## If their info isn't found, let them know
- if (!isset($user->id)) {
- $errormessage = 'Incorrect login info.';
- $loggedin = 0;
- }
-
- ## If their is deactivated let them know
- elseif ($user->active == 0) {
- $errormessage = 'Your account is de-activated. If you believe this has happened in error contact <a href="mailto:' . $adminuser->emailaddress . '">' . $adminuser->username . '</a>';
- $loggedin = 0;
- }
- ## Otherwise, store their session variables
- else {
- $_SESSION['userid'] = $user->id;
- $_SESSION['password'] = $user->userpass;
- $_SESSION['userlevel'] = $user->userlevel;
- $loggedin = 1;
- if ($user->banneragreement == 1) {
- $tab = 'mainmenu';
- } else {
- $tab = 'agreement';
- }
- }
-
-
- ## If they're logged in at this point, store a cookie
- if ($loggedin == 1 && $setcookie == 'on') {
- setcookie('cookieid', $user->id, time() + 86400 * 365);
- setcookie('cookiepass', $user->userpass, time() + 86400 * 365);
- }
- }
-
- ## If they're attempting to log out
- else if ($function == 'Log Out') {
- unset($_SESSION['userid']);
- unset($_SESSION['password']);
- unset($_SESSION['userlevel']);
- setcookie('cookieid', "", 0);
- setcookie('cookiepass', "", 0);
- $loggedin = 0;
- $tab = 'mainmenu';
- }
-
- ## If they're already logged in
- else if (isset($_SESSION['userid'])) {
- $loggedin_userid = $_SESSION['userid'];
- $loggedin_password = $_SESSION['password'];
-
- ## Verify their credentials
- $loggedin_userid = mysql_real_escape_string($loggedin_userid);
- $loggedin_password = mysql_real_escape_string($loggedin_password);
- $query = "SELECT * FROM users WHERE id=$loggedin_userid AND userpass='$loggedin_password'";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $user = mysql_fetch_object($result);
-
- ## If their info isn't found, remove session variables
- if (!isset($user->id)) {
- unset($_SESSION['userid']);
- unset($_SESSION['password']);
- unset($_SESSION['userlevel']);
- $loggedin = 0;
- }
-
- ## Otherwise, mark them as logged in
- else {
- $loggedin = 1;
- }
- }
-
- ## If they're already logged out
- else {
- $loggedin = 0;
- }
-
- ## Administrator and SuperAdmin variable
- global $adminuserlevel;
- $adminuserlevel = '';
- if ($_SESSION['userlevel'] == 'ADMINISTRATOR' OR $_SESSION['userlevel'] == 'SUPERADMIN') {
- $adminuserlevel = 'ADMINISTRATOR';
- }
-
- // Logged in Redirect List
- $secureArea = array(
- //'addgame'
- );
- if (!$loggedin && in_array($tab, $secureArea)) {
- //header("Location:index.php");
- $tab = "mainmenu";
- $errormessage = "You must be logged in to access that area. <a href=\"$baseurl/?tab=login\">Login</a>";
- }
-
- #####################################################
- ## Language stuff
- #####################################################
- ## Get list of languages and store array
- global $languages;
- global $lid;
- $query = "SELECT * FROM languages ORDER BY name";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- while ($lang = mysql_fetch_object($result)) {
- $languages[$lang->id] = $lang->name;
- }
-
- ## Set the default language
- if (!isset($lid)) {
- if ($user->languageid) {
- $lid = $user->languageid; ## user preferred language
- } else {
- $lid = 1; ## English
- }
- }
-
- #####################################################
- ## MAIN MENU FUNCTIONS
- #####################################################
- if ($function == 'Add Game') {
- ## Get Platform POSTDATA
- //$selectedPlatform = $_POST['Platform'];
-
-
- ## Check for exact matches for seriesname
- $GameTitle = mysql_real_escape_string($GameTitle);
- $GameTitle = ucfirst($GameTitle);
- $query = "SELECT * FROM games WHERE GameTitle='$GameTitle' AND Platform='$cleanPlatform'";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Insert if it doesnt exist already
- if (mysql_num_rows($result) == 0) {
- $query = "INSERT INTO games (GameTitle, Platform, created, lastupdated) VALUES ('$GameTitle', '$cleanPlatform', $time, NULL)";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $id = mysql_insert_id();
- // TODO: trace this back and change the name
- //seriesupdate($id); ## Update the XML data
- // Add Audit
- $sql = "INSERT INTO audits values(NULL, {$_SESSION['userid']}, 'created', $id, NULL)";
- mysql_query($sql);
-
- $URL = "$baseurl/game/$id/";
- header("Location: $URL");
- echo $selectedPlatform;
- } else {
- $errormessage = "Sorry, \"$GameTitle\" Already Exists For That Platform.";
- }
- }
-
- // Function to auto-redirect to game page if only one result is found
- if ($function == "Search")
- {
- $string = mysql_real_escape_string($string);
-
- $searchQuery = mysql_query("SELECT g.id FROM games as g WHERE g.GameTitle = '$string'");
- if (mysql_num_rows($searchQuery) == 1)
- {
- $searchResult = mysql_fetch_object($searchQuery);
- $tab = "game";
- $id = $searchResult->id;
- }
- else
- {
- $searchQuery = "SELECT g.id FROM games as g WHERE MATCH(g.GameTitle) AGAINST ('$string')";
- $arr = array();
- preg_match('/[0-9]+/', $string, $arr);
- foreach($arr as $numeric)
- {
- $searchQuery .= " AND g.GameTitle LIKE '%$numeric%'";
- }
-
- $searchQuery = mysql_query($searchQuery);
-
- if (mysql_num_rows($searchQuery) == 1)
- {
- $searchResult = mysql_fetch_object($searchQuery);
- $tab = "game";
- $id = $searchResult->id;
- }
- }
- }
-
- // Function to update last search/favorites view type in users db table
- if ($updateview == "yes")
- {
- if ($loggedin == 1)
- {
- if (!empty($searchview))
- {
- $mode = $searchview;
- }
- elseif (!empty($favoritesview))
- {
- $mode = $favoritesview;
- }
- mysql_query(" UPDATE users SET favorites_displaymode = '$mode' WHERE id = '$user->id' ");
- $user->favorites_displaymode = $mode;
- }
- }
-
- // Function to share page via email
- if($function == "Share via Email")
- {
- // Check that captcha is completed and matches
- if($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['captcha']) && $_POST['captcha'] == $_SESSION['captcha'])
- {
- ##Make userinput safe
- $fromname = mysql_real_escape_string($fromname);
- $fromaddress = mysql_real_escape_string($fromaddress);
- $toaddress = mysql_real_escape_string($toaddress);
- $url = mysql_real_escape_string($url);
-
- ## Email it to the user
- $from = "$fromname <$fromaddress>";
- $host = $mail_server;
- $to = "'$toaddress <$toaddress>";
- $subject = "TheGamesDB.net - $fromname has shared a link with you";
- if($messagecontent != false)
- {
- $quote = "Message From Your Friend:\n\"$messagecontent\"\n\n";
- }
- $emailmessage = "TheGamesDB.net \n\n$fromname visited thegamesdb.net and wanted to share a link with you \n\n$quote\nYour Link Details:\n$urlsubject: $url \n\nWe hope you enjoy your visit with us, \n\nTheGamesDB.net Crew.";
- $headers = 'From: ' . $from;
- mail($to, $subject, wordwrap($emailmessage, 70), $headers);
-
- // Display success message and finish up session
- $message = "Message Sent to $toaddress!";
- unset($_SESSION['captcha']); /* this line makes session free, we recommend you to keep it */
- }
- elseif($_SERVER['REQUEST_METHOD'] == "POST" && !isset($_POST['captcha']))
- {
- $errormessage = "Message was not sent, captcha didn't pass...<br />Please try again and remember to complete the captcha!";
- }
- }
-
- if ($function == 'Send PM') {
- $toQuery = mysql_query(" SELECT id FROM users WHERE username = '$pmto' LIMIT 1");
- $to = mysql_fetch_object($toQuery);
-
- $pmmessage = htmlspecialchars($pmmessage, ENT_QUOTES);
-
- if(mysql_query(" INSERT INTO messages (`from`, `to`, `subject`, `message`, `status`, `timestamp`) VALUES ('$user->id', '$to->id', '$pmsubject', '$pmmessage', 'new', FROM_UNIXTIME($time)); ") or die(mysql_error()))
- {
- $message = "PM Sent to \"$pmto\" Successfully";
- }
- else
- {
- $errormessage = "Oops! There was a problem sending your message,<br />Please try again...";
- }
- }
-
- if ($function == 'Delete PM') {
- if(mysql_query(" DELETE FROM messages WHERE messages.id = $pmid AND messages.to = '$user->id' "))
- {
- $message = "Your message was deleted.";
- }
- else
- {
- $errormessage = "There was a problem deleting your message,<br />Please try again...";
- }
- }
-
- if ($function == "Generate Platform Alias's") {
- if($aliasResult = mysql_query(" SELECT p.id, p.name, p.alias FROM platforms AS p WHERE p.alias IS NULL OR p.alias = '' "))
- {
- $successflag = true;
- while($alias = mysql_fetch_object($aliasResult))
- {
- $platformName = trim($alias->name);
- $platformName = strtolower($platformName);
- $platformName = str_ireplace(" ", "-", $platformName);
- $platformAlias = preg_replace("/[^a-z0-9\-]/", "", $platformName);
- if(!mysql_query(" UPDATE platforms SET alias = '$platformAlias' WHERE id = '$alias->id' "))
- {
- $successflag = false;
- }
- }
-
- if($successflag == true)
- {
- $message = "Missing Platform Alias's Generated Successfully";
- }
- else
- {
- $errormessage = "There was a problem generating the Platform Alias's,<br />please carefully check the list and try again.";
- }
- }
- else {
- $errormessage = "There was a problem generating the Platform Alias's,<br />please carefully check the list and try again.";
- }
- }
-
-
- /*
- * Game Functions
- */
-
- if ($function == 'Save Game') {
- $message = null;
- $errormessage = null;
-
- $updates = array();
- foreach ($_POST AS $key => $value) {
- if ($key != 'function' && $key != 'button' && $key != 'newshowid' && $key != 'comments' && $key != 'email' && !strstr($key, 'GameTitle_') && !strstr($key, 'Overview_') && $key != 'comments' && $key != 'requestcomments' && $key != 'requestreason') {
- $value = rtrim($value);
- $value = ltrim($value);
- if ($value) {
- $key = mysql_real_escape_string($key);
- $value = strip_tags($value, '');
- $value = mysql_real_escape_string($value);
- array_push($updates, "$key='$value'");
- } else {
- array_push($updates, "$key=NULL");
- }
- }
- }
- array_push($updates, "lastupdated=$time");
-
- ## To keep things simple, we set GameTitle and Overview to the English for now
- if ($adminuserlevel == 'ADMINISTRATOR') {
- $GameTitle = ltrim($_POST["GameTitle"]);
- $GameTitle = rtrim($GameTitle);
- if ($GameTitle) {
- $GameTitle = mysql_real_escape_string($GameTitle);
- array_push($updates, "GameTitle='$GameTitle'");
- } else {
- array_push($updates, "GameTitle=NULL");
- }
- }
- $Overview = trim($_POST["Overview"]);
- if ($Overview) {
- $Overview = mysql_real_escape_string($Overview);
- array_push($updates, "Overview='$Overview'");
- } else {
- array_push($updates, "Overview=NULL");
- }
-
- ## Join the fields and run the query
- $updatestring = implode(', ', $updates);
- $newshowid = mysql_real_escape_string($newshowid);
- $query = "UPDATE games SET $updatestring WHERE id=$newshowid";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- // Add Audit
- if (!empty($updatestring)) {
- $sql = "INSERT INTO audits values(NULL, {$_SESSION['userid']}, 'updated', $id, NULL)";
- mysql_query($sql);
- }
- $message .= 'Game saved.';
-
- $id = $newshowid;
- //$tab = 'game-edit';
- header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
-
- if ($function == 'Upload Game Banner') {
- $message = null;
- $errormessage = null;
- $subkey = "graphical";
-
- if(isset($bannerfile))
- {
- $uploadedfile = $bannerfile;
- }
- else
- {
- $uploadedfile = $_FILES['bannerfile']['tmp_name'];
- }
-
- ## Check if the image is the right size
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);
- if ($image_width == 760 && $image_height == 140) {
- if ($image_type == '2' || $image_type == '3') { ## Check if it's a JPEG or png
- if ($image_type == '2') { ## If it's a JPEG name the extesion accordingly
- ## Generate the new filename
- if ($subkey == 'graphical') {
- if (file_exists("banners/$subkey/$id-g.jpg") || file_exists("banners/$subkey/$id-g.png")) {
- $filekey = 2;
- while (file_exists("banners/$subkey/$id-g$filekey.jpg") || file_exists("banners/$subkey/$id-g$filekey.png")) {
- $filekey++;
- }
- $filename = "$subkey/$id-g$filekey.jpg";
- } else {
- $filename = "$subkey/$id-g.jpg";
- }
- }
- }
- elseif ($image_type == '3') { ## If it's a PNG name the extesion accordingly
- ## Generate the new filename
- if ($subkey == 'graphical') {
- if (file_exists("banners/$subkey/$id-g.jpg") || file_exists("banners/$subkey/$id-g.png")) {
- $filekey = 2;
- while (file_exists("banners/$subkey/$id-g$filekey.jpg") || file_exists("banners/$subkey/$id-g$filekey.png")) {
- $filekey++;
- }
- $filename = "$subkey/$id-g$filekey.png";
- } else {
- $filename = "$subkey/$id-g.png";
- }
- }
- }
- if ($subkey == 'blank') {
- $languageid = '0';
- }
- ## Rename/move the file
- if(isset($bannerfile))
- {
- if(rename($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
- else
- {
- if (move_uploaded_file($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
- if ($moveSuccess == true)
- {
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $subkey = mysql_real_escape_string($subkey);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, subkey, dateadded, filename, languageid) VALUES ('series', $id, $user->id, '$subkey', $time, '$filename', '$languageid')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Reset the missing banner count
- $query = "UPDATE games SET bannerrequest=0 WHERE id=$id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Store the seriesid for the XML updater
- seriesupdate($id);
- }
- } else {
- $errormessage = 'Game banners MUST be in either JPG or PNG format.';
- }
- }
- else {
- $errormessage = 'Game banners MUST be 760px wide by 140px tall';
- }
- $message .= "Banner sucessfully added.";
-
- $tab = "game-edit";
-
- //header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- //exit;
- }
-
- if ($function == 'Delete Game' && $adminuserlevel == 'ADMINISTRATOR') {
- ## Prepare SQL
- $id = mysql_real_escape_string($id);
- $query = "DELETE FROM games WHERE id=$id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- $query = "DELETE FROM translation_seriesname WHERE seriesid=$id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- $query = "DELETE FROM translation_seriesoverview WHERE seriesid=$id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Store the seriesid for the XML updater
- seriesupdate($newshowid);
- $query = "INSERT INTO deletions (path) VALUES ('data/series/$id')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- $message = 'Game deleted.';
- $id = $newshowid;
- $tab = 'mainmenu';
- }
-
- if ($function == 'Upload Box Art') {
- $message = null;
- $errormessage = null;
-
- $id = mysql_real_escape_string($id);
-
- if(isset($bannerfile))
- {
- $uploadedfile = $bannerfile;
- }
- else
- {
- $uploadedfile = $_FILES['bannerfile']['tmp_name'];
- }
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);
- $resolution = $image_width . 'x' . $image_height;
-
- if ($image_type == 2 || $image_type == 3)
- {
- $errormessage = "";
- }
- else
- {
- $errormessage = "Your image MUST be either in JPG or PNG format.<br>";
- }
-
- ## No errors, so we can process it
- if ($errormessage == "")
- {
- $fileid = 1;
- while (file_exists("banners/boxart/original/$cover_side/$id-$fileid.jpg") || file_exists("banners/boxart/original/$cover_side/$id-$fileid.png")) {
- $fileid++;
- }
-
- ## See if image is jpeg format
- if($image_type == 2)
- {
- $filename = "boxart/original/$cover_side/$id-$fileid.jpg";
- }
- ## or see if image is png format
- elseif($image_type == 3)
- {
- $filename = "boxart/original/$cover_side/$id-$fileid.png";
- }
- if(isset($bannerfile))
- {
- if(rename($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
- else
- {
- if (move_uploaded_file($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
- if ($moveSuccess == true)
- {
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $colors = mysql_real_escape_string($colors);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution) VALUES ('boxart', $id, $user->id, $time, '$filename', 1, '$resolution')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Store the seriesid for the XML updater
- seriesupdate($id);
- }
- else
- {
- }
-
- $message .= "Box art sucessfully added.";
- $tab = 'game-edit';
- }
-
- //header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- //exit;
- }
-
- if ($function == 'Upload Fan Art') {
- $message = null;
- $errormessage = null;
-
- $id = mysql_real_escape_string($id);
-
- if(isset($bannerfile))
- {
- $uploadedfile = $bannerfile;
- }
- else
- {
- $uploadedfile = $_FILES['bannerfile']['tmp_name'];
- }
-
- ## Check if the image is the right size
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);
- $resolution = $image_width . 'x' . $image_height;
- if ($resolution != '1920x1080' && $resolution != '1280x720') {
- $errormessage .= "Your image is not a valid fan art resolution.<br>";
- }
- if ($image_type != 2) {
- $errormessage .= "Your image MUST be in JPG format.<br>";
- }
- if (($resolution == '1920x1080' && filesize($uploadedfile) / 1024 > 2000) || ($resolution == '1280x720' && filesize($uploadedfile) / 1024 > 600)) {
- $errormessage .= "Your image exceeds the size restrictions.<br>";
- }
-
- ## No errors, so we can process it
- if ($errormessage == "") {
-
- ## Generate the new filename
- $fileid = 1;
- while (file_exists("banners/fanart/original/$id-$fileid.jpg")) {
- $fileid++;
- }
- $filename = "fanart/original/$id-$fileid.jpg";
-
- if(isset($bannerfile))
- {
- if(rename($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
- else
- {
- if (move_uploaded_file($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
-
- if ($moveSuccess == true)
- {
- ## Calculate the colors
- $colors = imagecolors("banners/$filename");
-
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $colors = mysql_real_escape_string($colors);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution, colors) VALUES ('fanart', $id, $user->id, $time, '$filename', 1, '$resolution', '$colors')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Store the seriesid for the XML updater
- seriesupdate($id);
- }
-
- $message = "Fan art successfully added";
- }
- $tab = 'game-edit';
-
- //header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- //exit;
- }
-
- if ($function == 'Upload Screenshot') {
- $message = null;
- $errormessage = null;
-
- $id = mysql_real_escape_string($id);
-
- if(isset($bannerfile))
- {
- $uploadedfile = $bannerfile;
- }
- else
- {
- $uploadedfile = $_FILES['bannerfile']['tmp_name'];
- }
-
- ## Check if the image is the right size
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);
- $resolution = $image_width . 'x' . $image_height;
- if ($image_type != 2) {
- $errormessage .= "Your image MUST be in JPG format.<br>";
- }
-
- if ((filesize($uploadedfile) / 1024 > 2000)) {
- $errormessage .= "Your image exceeds the size restrictions.<br>";
- }
-
- ## No errors, so we can process it
- if ($errormessage == "") {
-
- ## Generate the new filename
- $fileid = 1;
- while (file_exists("banners/screenshots/$id-$fileid.jpg") && $errormessage == "") {
- if($fileid == 8) {
- $errormessage = "This game already has the maximum allowed number of screenshots.<br>Please delete an existing screenshot before attempting to upload another.";
- }
- $fileid++;
- }
- if ($errormessage == "") {
- $filename = "screenshots/$id-$fileid.jpg";
- if(isset($bannerfile))
- {
- if(rename($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
- else
- {
- if (move_uploaded_file($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
-
- if ($moveSuccess == true)
- {
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid) VALUES ('screenshot', $id, $user->id, $time, '$filename', 1)";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Store the seriesid for the XML updater
- seriesupdate($id);
- $message = "Screenshot successfully added";
- }
- }
-
- }
- $tab = 'game-edit';
-
- //header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- //exit;
- }
-
- if ($function == 'Upload Clear Logo') {
- $message = null;
- $errormessage = null;
-
- if(isset($bannerfile))
- {
- $uploadedfile = $bannerfile;
- }
- else
- {
- $uploadedfile = $_FILES['bannerfile']['tmp_name'];
- }
-
- ## Get image Dimensions, Format Type & Attributes
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);
-
- ## Check if the image is the right size
- if ($image_width == 400 && $image_height <= 250) {
-
- $resolution = $image_width . "x" . $image_height;
-
- ## Check if it's a PNG format image
- if ($image_type == '3') {
-
- ## Check if this game already has a ClearLOGO uploaded
- if(file_exists("banners/clearlogo/$id.png"))
- {
- $errormessage = "This game already has a ClearLOGO uploaded.<br>Please delete the current image before attempting to upload another.";
- }
- else
- {
- $filename = "clearlogo/$id.png";
-
- ## Rename/move the file
- if(isset($bannerfile))
- {
- if(rename($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
- else
- {
- if (move_uploaded_file($uploadedfile, "banners/$filename"))
- {
- $moveSuccess = true;
- }
- }
-
- if ($moveSuccess == true)
- {
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution) VALUES ('clearlogo', $id, $user->id, $time, 'clearlogo/$id.png', 1, '$resolution')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- $message .= "ClearLOGO sucessfully added.";
- }
- }
- }
- else
- {
- $errormessage = 'ClearLOGO\'s MUST be in PNG format.';
- }
- }
- else
- {
- $errormessage = 'ClearLOGO\'s MUST be 400 pixels wide by a maximum of 250px tall';
- }
-
- $tab = "game-edit";
-
- //header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- //exit;
- }
-
- if ($function == 'Lock Game') {
- ## Prepare SQL
- $id = mysql_real_escape_string($id);
- $query = "UPDATE games SET locked='yes', lockedby=$user->id WHERE id=$id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- }
- if ($function == 'UnLock Game') {
- ## Prepare SQL
- $id = mysql_real_escape_string($id);
- $query = "UPDATE games SET locked='no', lockedby='' WHERE id=$id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- }
-
-
-
-
-
- ## Change A Series Banner's Language
- if ($function == 'Change Language' AND $adminuserlevel == 'ADMINISTRATOR') {
- ## Prepare SQL
- $id = mysql_real_escape_string($id);
- $query = "UPDATE banners SET languageid=$languageid WHERE id=$id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $message = 'Banner Language Changed.';
- }
-
-
- /*
- * Platform Functions
- */
-
- if ($function == 'Save Platform') {
- $message = null;
- $errormessage = null;
-
- $updates = array();
- foreach ($_POST AS $key => $value) {
- if ($key != 'function' && $key != 'platformid' && $key != 'alias') {
- $value = rtrim($value);
- $value = ltrim($value);
- if ($value) {
- $key = mysql_real_escape_string($key);
- $value = strip_tags($value, '');
- $value = mysql_real_escape_string($value);
- $value = htmlspecialchars($value, ENT_QUOTES);
- array_push($updates, "$key='$value'");
- } else {
- array_push($updates, "$key=NULL");
- }
- }
- }
-
- $alias = trim($alias);
- $alias = strtolower($alias);
- $alias = str_ireplace(" ", "-", $alias);
- $alias = preg_replace("/[^a-z0-9\-]/", "", $alias);
-
- if($aliasResult = mysql_query(" SELECT p.id FROM platforms AS p WHERE p.alias = '$alias' AND p.id != $platformid "))
- {
- if(mysql_num_rows($aliasResult) == 0)
- {
- array_push($updates, "alias='$alias'");
- }
- else
- {
- $errormessage = "Alias ($alias) already exists... please choose another.";
- }
- }
-
- ## Join the fields and run the query
- $updatestring = implode(', ', $updates);
- $query = "UPDATE platforms SET $updatestring WHERE id=$platformid";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- // Add Audit
- if (!empty($updatestring)) {
- //$sql = "INSERT INTO audits values(NULL, {$_SESSION['userid']}, 'updated', $id, NULL)";
- //mysql_query($sql);
- }
- $message .= 'Platform Saved.';
-
- $id = $platformid;
- $tab = 'platform-edit';
-
- header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
-
- if ($function == 'Upload Platform Icon') {
- $message = null;
- $errormessage = null;
-
- $id = mysql_real_escape_string($id);
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['iconfile']['tmp_name']);
- $resolution = $image_width . 'x' . $image_height;
-
- if ($image_type == 3)
- {
- $errormessage = "";
- }
- else
- {
- $errormessage = "Your image MUST be in PNG format.<br>";
- }
-
- ## No errors, so we can process it
- if ($errormessage == "")
- {
- if(!empty($platformAlias))
- {
- $fileid = $platformAlias . "-" . time();
- }
- else
- {
- $fileid = $platformId . "-" . time();
- }
-
- $filename = "$fileid.png";
-
- $dimensions = array(16, 24, 32, 48);
-
- $prevIconQuery = mysql_query(" SELECT icon FROM platforms WHERE id = $platformId LIMIT 1 ");
- $prevIconResults = mysql_fetch_object($prevIconQuery);
- $prevIconFilename = $prevIconResults->icon;
-
- if($prevIconFilename != "console_default.png")
- {
- foreach($dimensions AS $dim)
- {
- unlink("images/common/consoles/png$dim/$prevIconFilename");
- }
- }
-
- include_once('simpleimage.php');
-
- foreach($dimensions AS $dim)
- {
- $image = new SimpleImage();
- $image->load($_FILES['iconfile']['tmp_name']);
- $image->resize($dim, $dim);
- $image->save("images/common/consoles/png$dim/$filename");
- $image = null;
- }
-
- if ($errormessage == false) {
- ## Insert database record
- $query = " UPDATE platforms SET icon = '$filename' WHERE id = $platformId ";
- if($result = mysql_query($query))
- {
- $message .= "Platform Icon Sucessfully Updated.";
- }
- else
- {
- $errormessage = "There was a problem whilst updating the database entry for this platform icon.";
- }
- }
-
- $tab = 'platform-edit';
-
- header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
- }
-
- if ($function == 'Upload Platform Box Art') {
- $message = null;
- $errormessage = null;
-
- $id = mysql_real_escape_string($id);
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['bannerfile']['tmp_name']);
- $resolution = $image_width . 'x' . $image_height;
-
- if ($image_type == 2 || $image_type == 3)
- {
- $errormessage = "";
- }
- else
- {
- $errormessage = "Your image MUST be either in JPG or PNG format.<br>";
- }
-
- ## No errors, so we can process it
- if ($errormessage == "")
- {
- $fileid = 1;
- while (file_exists("banners/platform/boxart/$id-$fileid.jpg") || file_exists("banners/platform/boxart/$id-$fileid.png")) {
- $fileid++;
- }
-
- ## See if image is jpeg format
- if($image_type == 2)
- {
- $filename = "platform/boxart/$id-$fileid.jpg";
- }
- ## or see if image is png format
- elseif($image_type == 3)
- {
- $filename = "platform/boxart/$id-$fileid.png";
- }
- if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], "banners/$filename")) {
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $colors = mysql_real_escape_string($colors);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution) VALUES ('platform-boxart', $id, $user->id, $time, '$filename', 1, '$resolution')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- }
-
- $message .= "Platform Art Sucessfully Added.";
- $tab = 'platform-edit';
-
- header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
- }
-
- if ($function == 'Upload Platform Fan Art') {
- $message = null;
- $errormessage = null;
-
- $id = mysql_real_escape_string($id);
-
- ## Check if the image is the right size
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['bannerfile']['tmp_name']);
- $resolution = $image_width . 'x' . $image_height;
- if ($resolution != '1920x1080' && $resolution != '1280x720') {
- $errormessage .= "Your image is not a valid fan art resolution.<br>";
- }
- if ($image_type != 2) {
- $errormessage .= "Your image MUST be in JPG format.<br>";
- }
- if (($resolution == '1920x1080' && filesize($_FILES['bannerfile']['tmp_name']) / 1024 > 2000) || ($resolution == '1280x720' && filesize($_FILES['bannerfile']['tmp_name']) / 1024 > 600)) {
- $errormessage .= "Your image exceeds the size restrictions.<br>";
- }
-
- ## No errors, so we can process it
- if ($errormessage == "") {
-
- ## Generate the new filename
- $fileid = 1;
- while (file_exists("banners/platform/fanart/$id-$fileid.jpg")) {
- $fileid++;
- }
- $filename = "platform/fanart/$id-$fileid.jpg";
-
- if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], "banners/$filename")) {
-
- ## Calculate the colors
- $colors = imagecolors("banners/$filename");
-
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $colors = mysql_real_escape_string($colors);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution, colors) VALUES ('platform-fanart', $id, $user->id, $time, '$filename', 1, '$resolution', '$colors')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- }
-
- $message = "Fan art successfully added";
- }
- $tab = 'platform-edit';
-
- header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
-
- if ($function == 'Upload Platform Banner') {
- $message = null;
- $errormessage = null;
-
- ## Check if the image is the right size
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['bannerfile']['tmp_name']);
- if ($image_width == 760 && $image_height == 140) {
- if ($image_type == '2' || $image_type == '3') { ## Check if it's a JPEG or png
- if ($image_type == '2') { ## If it's a JPEG name the extesion accordingly
- ## Generate the new filename
- if (file_exists("banners/platform/banners/$id-1.jpg") || file_exists("banners/platform/banners/$id-1.png")) {
- $filekey = 2;
- while (file_exists("banners/$id-$filekey.jpg") || file_exists("banners/$id-$filekey.png")) {
- $filekey++;
- }
- $filename = "platform/banners/$id-$filekey.jpg";
- } else {
- $filename = "platform/banners/$id-1.jpg";
- }
- }
- elseif ($image_type == '3') { ## If it's a PNG name the extesion accordingly
- ## Generate the new filename
- if (file_exists("banners/$id.jpg") || file_exists("banners/$id.png")) {
- $filekey = 2;
- while (file_exists("banners/$id-$filekey.jpg") || file_exists("banners/$id-$filekey.png")) {
- $filekey++;
- }
- $filename = "platform/banners/$id-$filekey.png";
- } else {
- $filename = "platform/banners/$id-1.png";
- }
- }
-
- ## Rename/move the file
- if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], "banners/$filename")) {
-
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $subkey = mysql_real_escape_string($subkey);
- $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename) VALUES ('platform-banner', $id, $user->id, $time, '$filename')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- }
- } else {
- $errormessage = 'Game banners MUST be in either JPG or PNG format.';
- }
- } else {
- $errormessage = 'Game banners MUST be 760px wide by 140px tall';
- }
- $message .= "Banner sucessfully added.";
-
- header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
-
- if ($function == 'Upload Controller Art') {
- $message = null;
- $errormessage = null;
-
- ## Get image Dimensions, Format Type & Attributes
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['controllerartfile']['tmp_name']);
-
- ## Check if the image is the right size
- if ($image_width == 300 && $image_height == 300) {
-
- ## Check if it's a PNG format image
- if ($image_type == '3') {
-
- ## Generate the new filename
- if (file_exists("banners/platform/controllerart/$id.png"))
- {
- unlink("banners/platform/controllerart/$id.png");
- }
-
- ## Rename/move the file
- if (move_uploaded_file($_FILES['controllerartfile']['tmp_name'], "banners/platform/controllerart/$id.png")) {
-
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $query = "UPDATE platforms SET controller = '$id.png' WHERE id = $id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- $message .= "Controller art sucessfully added.";
- }
-
- }
- else
- {
- $errormessage = 'Controller art MUST be in PNG format.';
- }
- } else {
- $errormessage = 'Controller art MUST be 300px wide by 300px tall';
- }
-
- header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
-
- if ($function == 'Upload Console Art') {
- $message = null;
- $errormessage = null;
-
- ## Get image Dimensions, Format Type & Attributes
- list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['consoleartfile']['tmp_name']);
-
- ## Check if the image is the right size
- if ($image_width == 300 && $image_height == 300) {
-
- ## Check if it's a PNG format image
- if ($image_type == '3') {
-
- ## Generate the new filename
- if (file_exists("banners/platform/consoleart/$id.png"))
- {
- unlink("banners/platform/consoleart/$id.png");
- }
-
- ## Rename/move the file
- if (move_uploaded_file($_FILES['consoleartfile']['tmp_name'], "banners/platform/consoleart/$id.png")) {
-
- ## Insert database record
- $id = mysql_real_escape_string($id);
- $query = "UPDATE platforms SET console = '$id.png' WHERE id = $id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- $message .= "Console art sucessfully added.";
- }
-
- }
- else
- {
- $errormessage = 'Console art MUST be in PNG format.';
- }
- } else {
- $errormessage = 'Console art MUST be 300px wide by 300px tall';
- }
-
- header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage));
- exit;
- }
-
-
- if ($function == 'Delete Controller Art') {
- if ($adminuserlevel == 'ADMINISTRATOR')
- {
- if(unlink("banners/platform/controllerart/$id.png"))
- {
- $query = "UPDATE platforms SET controller = NULL WHERE id = $id";
- if($result = mysql_query($query))
- {
- $message .= "Controller art sucessfully deleted.";
- }
- }
- }
- }
-
- if ($function == 'Delete Console Art') {
- if ($adminuserlevel == 'ADMINISTRATOR')
- {
- if(unlink("banners/platform/consoleart/$id.png"))
- {
- $query = "UPDATE platforms SET console = NULL WHERE id = $id";
- if($result = mysql_query($query))
- {
- $message .= "Console art sucessfully deleted.";
- }
- }
- }
- }
-
- /*
- * Comments Functions
- */
-
- function check_input($value)
- {
- // Stripslashes
- if (get_magic_quotes_gpc())
- {
- $value = stripslashes($value);
- }
- // Quote if not a number
- if (!is_numeric($value))
- {
- $value = "'" . mysql_real_escape_string($value) . "'";
- }
- return $value;
- }
-
- if ($function == 'Add Game Comment') {
- $comment = htmlspecialchars($comment, ENT_QUOTES);
- $userid = check_input($userid);
- $gameid = check_input($gameid);
- $commentQuery = mysql_query(" INSERT INTO comments (userid, gameid, comment, timestamp) VALUES ('$userid', '$gameid', '$comment', FROM_UNIXTIME($time)) ") or die('Query failed: ' . mysql_error());
- }
-
- if ($function == 'Delete Game Comment') {
- $commentQuery = mysql_query(" DELETE FROM comments WHERE id = $commentid ") or die('Query failed: ' . mysql_error());
- }
-
-
- #####################################################
- ## REGISTRATION AND PASSWORD FUNCTIONS
- #####################################################
- if ($function == 'Register') {
- ## Check for exact matches for username
- $username = mysql_real_escape_string($username);
- $userpass1 = mysql_real_escape_string($userpass1);
- $userpass2 = mysql_real_escape_string($userpass2);
- $email = mysql_real_escape_string($email);
- $languageid = mysql_real_escape_string($languageid);
- $uniqueid = strtoupper(substr(md5(uniqid(rand(), true)), 0, 16));
- $query = "SELECT * FROM users WHERE username='$username'";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Insert if it doesnt exist already
- if (mysql_num_rows($result) == 0) {
- if ($userpass1 == $userpass2 && $userpass1 != '') {
- if ($email) {
- $query = "INSERT INTO users (username, userpass, emailaddress, languageid, uniqueid) VALUES ('$username', PASSWORD('$userpass1'), '$email', $languageid, '$uniqueid')";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $tab = 'mainmenu';
- $message = '<p style=\"font-size: x-small !important;\"><strong><em>Thank you for registering with TheGamesDB!</em></strong><p>You will receive an email confirmation with your account information shortly. Please proceed to the <a href=\"$baseurl/?tab=login\">Login</a> screen and review our terms and conditions. If you have any questions, please visit our forums. We hope you enjoy your stay!</p>';
-
- ## Email it to the user
- $from = "TheGamesDB <$mail_username>";
- $host = $mail_server;
- $to = $username . '<' . $email . '>';
- $subject = "Thank you for registering with TheGamesDB.net";
- $emailmessage = "Thank you for registering with TheGamesDB.net.\n\nHere is your new login information:\nusername: $username\npassword: $userpass1\n\nIf you have forgotten your password you can reset it by visiting: http://www.thegamesdb.net/?tab=password\n\nIf you have any questions, please let us know.\n\nTheGamesDB Crew.";
- $headers = 'From: ' . $from;
- mail($to, $subject, wordwrap($emailmessage, 70), $headers);
- } else {
- $errormessage = 'Email address is required.';
- }
- } else {
- $errormessage = 'Passwords do not match or are below the minimum required length.';
- }
- } else {
- $errormessage = 'Username already exists. Please try another.';
- }
- }
-
-
- if ($function == 'Reset Password') {
- ## Get their email address and username
- $email = mysql_real_escape_string($email);
- $query = "SELECT emailaddress, username, id FROM users WHERE emailaddress='$email'";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $db = mysql_fetch_object($result);
-
- ## If we found a match
- if ($db->id) {
- ## Generate a random password
- $newpass = genpassword(8);
-
- ## Set it in the database
- $newpass = mysql_real_escape_string($newpass);
- $query = "UPDATE users SET userpass=PASSWORD('$newpass') WHERE id='$db->id'";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
-
- ## Email it to the user
- $from = "TheGamesDB <$mail_username>";
- $host = $mail_server;
- $to = $db->username . '<' . $db->emailaddress . '>';
- $subject = "Your account information";
- $message = "This is an automated message.\n\nYour GamesDB password has been reset.\n\nHere is your new login information:\nusername: $db->username\npassword: $newpass\n\nIf you have any questions, please let us know.\n\nTheGamesDB Crew\n";
- $headers = 'From: ' . $from;
- mail($to, $subject, wordwrap($message, 70), $headers);
-
- $message = 'Login information has been sent.';
- } else {
- $errormessage = 'That address cannot be found.';
- }
- }
-
-
- if ($function == 'Update User Information') {
- $user->languageid = $languageid;
-
- ## Update password and email address
- if ($userpass1 == $userpass2 && $userpass1 != '' && $email != '') {
- $userpass1 = mysql_real_escape_string($userpass1);
- $userpass2 = mysql_real_escape_string($userpass2);
- $email = mysql_real_escape_string($email);
- $languageid = mysql_real_escape_string($languageid);
- $favorites_displaymode = mysql_real_escape_string($favorites_displaymode);
- $query = "UPDATE users SET userpass=PASSWORD('$userpass1'), emailaddress='$email', languageid=$languageid, favorites_displaymode='$favorites_displaymode' WHERE id=$user->id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $message = 'Account was successfully updated.';
- }
- ## Error.. passwords were entered, but don't match
- else if ($userpass1 || $userpass2) {
- $errormessage = 'Passwords do not match.';
- }
- ## Update email address
- else if ($email) {
- $email = mysql_real_escape_string($email);
- $languageid = mysql_real_escape_string($languageid);
- $favorites_displaymode = mysql_real_escape_string($favorites_displaymode);
- $query = "UPDATE users SET emailaddress='$email', languageid=$languageid, favorites_displaymode='$favorites_displaymode' WHERE id=$user->id";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $message = 'Account was successfully updated (no password change).';
- }
- ## Error... empty emailaddress
- else {
- $errormessage = 'Naughty naughty... an email address is required.';
- }
- }
-
- ## Update Users Image
- if ($function == 'Update User Image') {
- if($_FILES['userimage']['error'] == 0)
- {
- $existingfiles = glob("banners/users/" . $user->id . "*.jpg");
- foreach ($existingfiles as $userfile)
- {
- unlink($userfile);
- }
- $filename = $_FILES['userimage']['name'];
- $image = WideImage::load($_FILES['userimage']['tmp_name']);
- $resized = $image->resize(64, 64);
- $resized->saveToFile("banners/users/" . $user->id . "-" . date("YmdHis") . ".jpg");
- $message = "Successfully Uploaded User Image";
- }
- else
- {
- $errormessage = "There was a problem uploading the image. Try again or use a different image.";
- }
- }
-
- ## Administrator's User Update Form
- if ($function == 'Admin Update User') {
- ## Prepare the fields
- $form_userlevel = mysql_real_escape_string($form_userlevel);
- $languageid = mysql_real_escape_string($languageid);
- $bannerlimit = mysql_real_escape_string($bannerlimit);
- $form_active = mysql_real_escape_string($form_active);
-
- ## Update password and all other fields
- if ($userpass1 == $userpass2 && $userpass1 != '' && $email != '' && $username != '') {
- $username = mysql_real_escape_string($username);
- $userpass1 = mysql_real_escape_string($userpass1);
- $userpass2 = mysql_real_escape_string($userpass2);
- $email = mysql_real_escape_string($email);
- $query = "UPDATE users SET username='$username', userpass=PASSWORD('$userpass1'), emailaddress='$email', userlevel='$form_userlevel', languageid='$languageid', bannerlimit='$bannerlimit', active='$form_active', lastupdatedby_admin='$user->id' WHERE id='$id'";
- $result = mysql_query($query) or die('Query failed: ' . mysql_error());
- $message = 'Account was successfully updated.';
- }
- ## Error.. passwords were entered, but don't match
- else if ($userpass1 || $userpass2) {
- $errormessage = 'Passwords do not match.';
- }
- ## Update all fields except password
- else if ($email != '' && $username != '') {
- $username = mysql_real_escape_string($username);
- $email = mysql_real_escape_string($email);
- $query = "UPDATE users SET username='$username', emailaddress='$email', userlevel='$form_userlevel', languageid='$languageid', bannerlimit='$bannerlimit', active='$form_active', lastupdatedby_admin='$user->id' WHERE id=$id"…
Large files files are truncated, but you can click here to view the full file