/index.php

Large files files are truncated, but you can click here to view the full file

<?php



## Connect to the database

include("include.php");



## Other Includes

include("extentions/wideimage/WideImage.php"); ## Image Manipulation Library



## Start session

session_start();

$time = time();



//$message = null;



#####################################################

## COOKIE STUFF - AUTOMATIC LOGIN

#####################################################

## Check if the id and pass match a user

if ($cookieid && $cookiepass) {

    $cookieid = mysql_real_escape_string($cookieid);

    $cookiepass = mysql_real_escape_string($cookiepass);

    $query = "SELECT * FROM users WHERE id=$cookieid AND userpass='$cookiepass'";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());

    $cookieuser = mysql_fetch_object($result);

    if ($cookieuser->id) {

        $_SESSION['userid'] = $cookieuser->id;

        $_SESSION['password'] = $cookieuser->userpass;

        $_SESSION['userlevel'] = $cookieuser->userlevel;

        $loggedin = 1;

    } else {

        unset($_SESSION['userid']);

        unset($_SESSION['password']);

        unset($_SESSION['userlevel']);

        $loggedin = 0;

    }

}







#####################################################

## LOGIN FUNCTIONS

#####################################################

$loggedin = 0; ## Just in case

## If they're attempting to log in

if ($function == 'Log In') {

    ## Verify their credentials

    $username = mysql_real_escape_string($username);

    $password = mysql_real_escape_string($password);

    $query = "SELECT * FROM users WHERE username='$username' AND userpass=PASSWORD('$password')";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());

    $user = mysql_fetch_object($result);

    if ($user->lastupdatedby_admin) {

        $query = "SELECT * FROM users WHERE id=$user->lastupdatedby_admin";

        $result = mysql_query($query) or die('Query failed: ' . mysql_error());

        $adminuser = mysql_fetch_object($result);

    }



    ## If their info isn't found, let them know

    if (!isset($user->id)) {

        $errormessage = 'Incorrect login info.';

        $loggedin = 0;

    }



    ## If their is deactivated let them know

    elseif ($user->active == 0) {

        $errormessage = 'Your account is de-activated. If you believe this has happened in error contact <a href="mailto:' . $adminuser->emailaddress . '">' . $adminuser->username . '</a>';

        $loggedin = 0;

    }

    ## Otherwise, store their session variables

    else {

        $_SESSION['userid'] = $user->id;

        $_SESSION['password'] = $user->userpass;

        $_SESSION['userlevel'] = $user->userlevel;

        $loggedin = 1;

        if ($user->banneragreement == 1) {

            $tab = 'mainmenu';

        } else {

            $tab = 'agreement';

        }

    }





    ## If they're logged in at this point, store a cookie

    if ($loggedin == 1 && $setcookie == 'on') {

        setcookie('cookieid', $user->id, time() + 86400 * 365);

        setcookie('cookiepass', $user->userpass, time() + 86400 * 365);

    }

}



## If they're attempting to log out

else if ($function == 'Log Out') {

    unset($_SESSION['userid']);

    unset($_SESSION['password']);

    unset($_SESSION['userlevel']);

    setcookie('cookieid', "", 0);

    setcookie('cookiepass', "", 0);

    $loggedin = 0;

    $tab = 'mainmenu';

}



## If they're already logged in

else if (isset($_SESSION['userid'])) {

    $loggedin_userid = $_SESSION['userid'];

    $loggedin_password = $_SESSION['password'];



    ## Verify their credentials

    $loggedin_userid = mysql_real_escape_string($loggedin_userid);

    $loggedin_password = mysql_real_escape_string($loggedin_password);

    $query = "SELECT * FROM users WHERE id=$loggedin_userid AND userpass='$loggedin_password'";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());

    $user = mysql_fetch_object($result);



    ## If their info isn't found, remove session variables

    if (!isset($user->id)) {

        unset($_SESSION['userid']);

        unset($_SESSION['password']);

        unset($_SESSION['userlevel']);

        $loggedin = 0;

    }



    ## Otherwise, mark them as logged in

    else {

        $loggedin = 1;

    }

}



## If they're already logged out

else {

    $loggedin = 0;

}



## Administrator and SuperAdmin variable

global $adminuserlevel;

$adminuserlevel = '';

if ($_SESSION['userlevel'] == 'ADMINISTRATOR' OR $_SESSION['userlevel'] == 'SUPERADMIN') {

    $adminuserlevel = 'ADMINISTRATOR';

}



// Logged in Redirect List

$secureArea = array(

    //'addgame'

);

if (!$loggedin && in_array($tab, $secureArea)) {

    //header("Location:index.php");

	$tab = "mainmenu";

	$errormessage = "You must be logged in to access that area. <a href=\"$baseurl/?tab=login\">Login</a>";

}



#####################################################

## Language stuff

#####################################################

## Get list of languages and store array

global $languages;

global $lid;

$query = "SELECT * FROM languages ORDER BY name";

$result = mysql_query($query) or die('Query failed: ' . mysql_error());

while ($lang = mysql_fetch_object($result)) {

    $languages[$lang->id] = $lang->name;

}



## Set the default language

if (!isset($lid)) {

    if ($user->languageid) {

        $lid = $user->languageid;  ## user preferred language

    } else {

        $lid = 1;  ## English

    }

}



#####################################################

## MAIN MENU FUNCTIONS

#####################################################

if ($function == 'Add Game') {

	## Get Platform POSTDATA

	//$selectedPlatform = $_POST['Platform'];

	

	

    ## Check for exact matches for seriesname

    $GameTitle = mysql_real_escape_string($GameTitle);

    $GameTitle = ucfirst($GameTitle);

    $query = "SELECT * FROM games WHERE GameTitle='$GameTitle' AND Platform='$cleanPlatform'";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    ## Insert if it doesnt exist already

    if (mysql_num_rows($result) == 0) {

        $query = "INSERT INTO games (GameTitle, Platform, created, lastupdated) VALUES ('$GameTitle', '$cleanPlatform', $time, NULL)";

        $result = mysql_query($query) or die('Query failed: ' . mysql_error());

        $id = mysql_insert_id();

        // TODO: trace this back and change the name

        //seriesupdate($id); ## Update the XML data

        // Add Audit

        $sql = "INSERT INTO audits values(NULL, {$_SESSION['userid']}, 'created', $id, NULL)";

        mysql_query($sql);



        $URL = "$baseurl/game/$id/";

        header("Location: $URL");

		echo $selectedPlatform;

    } else {

        $errormessage = "Sorry, \"$GameTitle\" Already Exists For That Platform.";

    }

}



// Function to auto-redirect to game page if only one result is found

if ($function == "Search")

{

	$string = mysql_real_escape_string($string);

	

	$searchQuery = mysql_query("SELECT g.id FROM games as g WHERE g.GameTitle = '$string'");

	if (mysql_num_rows($searchQuery) == 1)

	{

		$searchResult = mysql_fetch_object($searchQuery);

		$tab = "game";

		$id  = $searchResult->id;

	}

	else

	{

		$searchQuery = "SELECT g.id FROM games as g WHERE MATCH(g.GameTitle) AGAINST ('$string')";

		$arr = array();

		preg_match('/[0-9]+/', $string, $arr);

		foreach($arr as $numeric)

		{

				$searchQuery .= " AND g.GameTitle LIKE '%$numeric%'";

		}

		

		$searchQuery = mysql_query($searchQuery);

		

		if (mysql_num_rows($searchQuery) == 1)

		{

			$searchResult = mysql_fetch_object($searchQuery);

			$tab = "game";

			$id  = $searchResult->id;

		}

	}

}



// Function to update last search/favorites view type in users db table

if ($updateview == "yes")

{

	if ($loggedin == 1)

	{

		if (!empty($searchview))

		{

			$mode = $searchview;

		}

		elseif (!empty($favoritesview))

		{

			$mode = $favoritesview;

		}

		mysql_query(" UPDATE users SET favorites_displaymode = '$mode' WHERE id = '$user->id' ");

		$user->favorites_displaymode = $mode;

	}

}



// Function to share page via email

if($function == "Share via Email")

{

	// Check that captcha is completed and matches

	if($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['captcha']) && $_POST['captcha'] == $_SESSION['captcha'])

	{

		##Make userinput safe

		$fromname = mysql_real_escape_string($fromname);

		$fromaddress = mysql_real_escape_string($fromaddress);

		$toaddress = mysql_real_escape_string($toaddress);

		$url = mysql_real_escape_string($url);

		

		## Email it to the user

		$from = "$fromname <$fromaddress>";

		$host = $mail_server;

		$to = "'$toaddress <$toaddress>";

		$subject = "TheGamesDB.net - $fromname has shared a link with you";

		if($messagecontent != false)

		{

			$quote = "Message From Your Friend:\n\"$messagecontent\"\n\n";

		}

		$emailmessage = "TheGamesDB.net \n\n$fromname visited thegamesdb.net and wanted to share a link with you \n\n$quote\nYour Link Details:\n$urlsubject: $url \n\nWe hope you enjoy your visit with us, \n\nTheGamesDB.net Crew.";

		$headers = 'From: ' . $from;

		mail($to, $subject, wordwrap($emailmessage, 70), $headers);

		

		// Display success message and finish up session

		$message = "Message Sent to $toaddress!";

		unset($_SESSION['captcha']); /* this line makes session free, we recommend you to keep it */

	} 

	elseif($_SERVER['REQUEST_METHOD'] == "POST" && !isset($_POST['captcha']))

	{

		$errormessage = "Message was not sent, captcha didn't pass...<br />Please try again and remember to complete the captcha!";

	}

}



if ($function == 'Send PM') {

	$toQuery = mysql_query(" SELECT id FROM users WHERE username = '$pmto' LIMIT 1");

	$to = mysql_fetch_object($toQuery);



	$pmmessage = htmlspecialchars($pmmessage, ENT_QUOTES);

	

	if(mysql_query(" INSERT INTO messages (`from`, `to`, `subject`, `message`, `status`, `timestamp`) VALUES ('$user->id', '$to->id', '$pmsubject', '$pmmessage', 'new', FROM_UNIXTIME($time)); ") or die(mysql_error()))

	{

		$message = "PM Sent to \"$pmto\" Successfully";

	}

	else

	{

		$errormessage = "Oops! There was a problem sending your message,<br />Please try again...";

	}

}



if ($function == 'Delete PM') {

	if(mysql_query(" DELETE FROM messages WHERE messages.id = $pmid AND messages.to = '$user->id' "))

	{

		$message = "Your message was deleted.";

	}

	else

	{

		$errormessage = "There was a problem deleting your message,<br />Please try again...";

	}

}



if ($function == "Generate Platform Alias's") {

	if($aliasResult = mysql_query(" SELECT p.id, p.name, p.alias FROM platforms AS p WHERE p.alias IS NULL OR p.alias = '' "))

	{

		$successflag = true;

		while($alias = mysql_fetch_object($aliasResult))

		{

			$platformName = trim($alias->name);

			$platformName = strtolower($platformName);

			$platformName = str_ireplace(" ", "-", $platformName);

			$platformAlias = preg_replace("/[^a-z0-9\-]/", "", $platformName);

			if(!mysql_query(" UPDATE platforms SET alias = '$platformAlias' WHERE id = '$alias->id' "))

			{

				$successflag = false;

			}

		}

		

		if($successflag == true)

		{

			$message = "Missing Platform Alias's Generated Successfully";

		}

		else

		{

			$errormessage = "There was a problem generating the Platform Alias's,<br />please carefully check the list and try again.";

		}

	}

	else {

		$errormessage = "There was a problem generating the Platform Alias's,<br />please carefully check the list and try again.";

	}

}





/*

 * Game Functions

 */



if ($function == 'Save Game') {

	$message = null;

	$errormessage = null;

	

    $updates = array();

    foreach ($_POST AS $key => $value) {

        if ($key != 'function' && $key != 'button' && $key != 'newshowid' && $key != 'comments' && $key != 'email' && !strstr($key, 'GameTitle_') && !strstr($key, 'Overview_') && $key != 'comments' && $key != 'requestcomments' && $key != 'requestreason') {

            $value = rtrim($value);

            $value = ltrim($value);

            if ($value) {

                $key = mysql_real_escape_string($key);

                $value = strip_tags($value, '');

                $value = mysql_real_escape_string($value);

                array_push($updates, "$key='$value'");

            } else {

                array_push($updates, "$key=NULL");

            }

        }

    }

    array_push($updates, "lastupdated=$time");



    ## To keep things simple, we set GameTitle and Overview to the English for now

    if ($adminuserlevel == 'ADMINISTRATOR') {

        $GameTitle = ltrim($_POST["GameTitle"]);

        $GameTitle = rtrim($GameTitle);

        if ($GameTitle) {

            $GameTitle = mysql_real_escape_string($GameTitle);

            array_push($updates, "GameTitle='$GameTitle'");

        } else {

            array_push($updates, "GameTitle=NULL");

        }

    }

    $Overview = trim($_POST["Overview"]);

    if ($Overview) {

        $Overview = mysql_real_escape_string($Overview);

        array_push($updates, "Overview='$Overview'");

    } else {

        array_push($updates, "Overview=NULL");

    }



    ## Join the fields and run the query

    $updatestring = implode(', ', $updates);

    $newshowid = mysql_real_escape_string($newshowid);

    $query = "UPDATE games SET $updatestring WHERE id=$newshowid";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    // Add Audit

    if (!empty($updatestring)) {

        $sql = "INSERT INTO audits values(NULL, {$_SESSION['userid']}, 'updated', $id, NULL)";

        mysql_query($sql);

    }

    $message .= 'Game saved.';



    $id = $newshowid;

    //$tab = 'game-edit';

	header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	exit;

}



if ($function == 'Upload Game Banner') {

	$message = null;

	$errormessage = null;

	$subkey = "graphical";

	

	if(isset($bannerfile))

	{

		$uploadedfile = $bannerfile;

	}

	else

	{

		$uploadedfile = $_FILES['bannerfile']['tmp_name'];

	}

	

    ## Check if the image is the right size

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);

    if ($image_width == 760 && $image_height == 140) {

        if ($image_type == '2' || $image_type == '3') { ## Check if it's a JPEG or png

			if ($image_type == '2') { ## If it's a JPEG name the extesion accordingly

				## Generate the new filename

				if ($subkey == 'graphical') {

					if (file_exists("banners/$subkey/$id-g.jpg") || file_exists("banners/$subkey/$id-g.png")) {

						$filekey = 2;

						while (file_exists("banners/$subkey/$id-g$filekey.jpg") || file_exists("banners/$subkey/$id-g$filekey.png")) {

							$filekey++;

						}

						$filename = "$subkey/$id-g$filekey.jpg";

					} else {

						$filename = "$subkey/$id-g.jpg";

					}

				}

			}

			elseif ($image_type == '3') { ## If it's a PNG name the extesion accordingly

				## Generate the new filename

				if ($subkey == 'graphical') {

					if (file_exists("banners/$subkey/$id-g.jpg") || file_exists("banners/$subkey/$id-g.png")) {

						$filekey = 2;

						while (file_exists("banners/$subkey/$id-g$filekey.jpg") || file_exists("banners/$subkey/$id-g$filekey.png")) {

							$filekey++;

						}

						$filename = "$subkey/$id-g$filekey.png";

					} else {

						$filename = "$subkey/$id-g.png";

					}

				}

			}

            if ($subkey == 'blank') {

                $languageid = '0';

            }

            ## Rename/move the file

			if(isset($bannerfile))

			{

				if(rename($uploadedfile, "banners/$filename"))

				{

					$moveSuccess = true;

				}

			}

			else

			{

				if (move_uploaded_file($uploadedfile, "banners/$filename"))

				{

					$moveSuccess = true;

				}

			}

            if ($moveSuccess == true)

			{

                ## Insert database record

                $id = mysql_real_escape_string($id);

                $subkey = mysql_real_escape_string($subkey);

                $query = "INSERT INTO banners (keytype, keyvalue, userid, subkey, dateadded, filename, languageid) VALUES ('series', $id, $user->id, '$subkey', $time, '$filename', '$languageid')";

                $result = mysql_query($query) or die('Query failed: ' . mysql_error());



                ## Reset the missing banner count

                $query = "UPDATE games SET bannerrequest=0 WHERE id=$id";

                $result = mysql_query($query) or die('Query failed: ' . mysql_error());



                ## Store the seriesid for the XML updater

                seriesupdate($id);

            }

        } else {

            $errormessage = 'Game banners MUST be in either JPG or PNG format.';

        }

    }

	else {

        $errormessage = 'Game banners MUST be 760px wide by 140px tall';

    }

	$message .= "Banner sucessfully added.";

	

	$tab = "game-edit";

	

	//header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	//exit;

}



if ($function == 'Delete Game' && $adminuserlevel == 'ADMINISTRATOR') {

    ## Prepare SQL

    $id = mysql_real_escape_string($id);

    $query = "DELETE FROM games WHERE id=$id";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    $query = "DELETE FROM translation_seriesname WHERE seriesid=$id";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    $query = "DELETE FROM translation_seriesoverview WHERE seriesid=$id";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    ## Store the seriesid for the XML updater

    seriesupdate($newshowid);

    $query = "INSERT INTO deletions (path) VALUES ('data/series/$id')";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    $message = 'Game deleted.';

    $id = $newshowid;

    $tab = 'mainmenu';

}



if ($function == 'Upload Box Art') {

	$message = null;

	$errormessage = null;

	

    $id = mysql_real_escape_string($id);



	if(isset($bannerfile))

	{

		$uploadedfile = $bannerfile;

	}

	else

	{

		$uploadedfile = $_FILES['bannerfile']['tmp_name'];

	}

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);

    $resolution = $image_width . 'x' . $image_height;

	

	if ($image_type == 2 || $image_type == 3)

	{

        $errormessage = "";

    }

	else

	{

		$errormessage = "Your image MUST be either in JPG or PNG format.<br>";

	}



    ## No errors, so we can process it

    if ($errormessage == "") 

	{	

		$fileid = 1;

		while (file_exists("banners/boxart/original/$cover_side/$id-$fileid.jpg") || file_exists("banners/boxart/original/$cover_side/$id-$fileid.png")) {

			$fileid++;

		}

		

		## See if image is jpeg format

		if($image_type == 2)

		{

			$filename = "boxart/original/$cover_side/$id-$fileid.jpg";

		}

		## or see if image is png format

		elseif($image_type == 3)

		{

			$filename = "boxart/original/$cover_side/$id-$fileid.png";

		}

		if(isset($bannerfile))

		{

			if(rename($uploadedfile, "banners/$filename"))

			{

				$moveSuccess = true;

			}

		}

		else

		{

			if (move_uploaded_file($uploadedfile, "banners/$filename"))

			{

				$moveSuccess = true;

			}

		}

		if ($moveSuccess == true)

		{

			## Insert database record

			$id = mysql_real_escape_string($id);

			$colors = mysql_real_escape_string($colors);

			$query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution) VALUES ('boxart', $id, $user->id, $time, '$filename', 1, '$resolution')";

			$result = mysql_query($query) or die('Query failed: ' . mysql_error());



			## Store the seriesid for the XML updater

			seriesupdate($id);

		}

		else

		{

		}



		$message .= "Box art sucessfully added.";

		$tab = 'game-edit';

	}

	

	//header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	//exit;

}



if ($function == 'Upload Fan Art') {

	$message = null;

	$errormessage = null;

	

    $id = mysql_real_escape_string($id);

	

	if(isset($bannerfile))

	{

		$uploadedfile = $bannerfile;

	}

	else

	{

		$uploadedfile = $_FILES['bannerfile']['tmp_name'];

	}



    ## Check if the image is the right size

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);

    $resolution = $image_width . 'x' . $image_height;

    if ($resolution != '1920x1080' && $resolution != '1280x720') {

        $errormessage .= "Your image is not a valid fan art resolution.<br>";

    }

    if ($image_type != 2) {

        $errormessage .= "Your image MUST be in JPG format.<br>";

    }

    if (($resolution == '1920x1080' && filesize($uploadedfile) / 1024 > 2000) || ($resolution == '1280x720' && filesize($uploadedfile) / 1024 > 600)) {

        $errormessage .= "Your image exceeds the size restrictions.<br>";

    }



    ## No errors, so we can process it

    if ($errormessage == "") {



        ## Generate the new filename

        $fileid = 1;

        while (file_exists("banners/fanart/original/$id-$fileid.jpg")) {

            $fileid++;

        }

        $filename = "fanart/original/$id-$fileid.jpg";

		

		if(isset($bannerfile))

		{

			if(rename($uploadedfile, "banners/$filename"))

			{

				$moveSuccess = true;

			}

		}

		else

		{

			if (move_uploaded_file($uploadedfile, "banners/$filename"))

			{

				$moveSuccess = true;

			}

		}

		

		if ($moveSuccess == true)

		{

            ## Calculate the colors

            $colors = imagecolors("banners/$filename");



            ## Insert database record

            $id = mysql_real_escape_string($id);

            $colors = mysql_real_escape_string($colors);

            $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution, colors) VALUES ('fanart', $id, $user->id, $time, '$filename', 1, '$resolution', '$colors')";

            $result = mysql_query($query) or die('Query failed: ' . mysql_error());



            ## Store the seriesid for the XML updater

            seriesupdate($id);

        }



        $message = "Fan art successfully added";

    }

    $tab = 'game-edit';

	

	//header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	//exit;

}



if ($function == 'Upload Screenshot') {

	$message = null;

	$errormessage = null;

	

    $id = mysql_real_escape_string($id);

	

	if(isset($bannerfile))

	{

		$uploadedfile = $bannerfile;

	}

	else

	{

		$uploadedfile = $_FILES['bannerfile']['tmp_name'];

	}

	

    ## Check if the image is the right size

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);

    $resolution = $image_width . 'x' . $image_height;

    if ($image_type != 2) {

        $errormessage .= "Your image MUST be in JPG format.<br>";

    }



    if ((filesize($uploadedfile) / 1024 > 2000)) {

        $errormessage .= "Your image exceeds the size restrictions.<br>";

    }



    ## No errors, so we can process it

    if ($errormessage == "") {



        ## Generate the new filename

        $fileid = 1;

        while (file_exists("banners/screenshots/$id-$fileid.jpg") && $errormessage == "") {

			if($fileid == 8) {

				$errormessage = "This game already has the maximum allowed number of screenshots.<br>Please delete an existing screenshot before attempting to upload another.";

			}

            $fileid++;

        }

		if ($errormessage == "") {

			$filename = "screenshots/$id-$fileid.jpg";

			if(isset($bannerfile))

			{

				if(rename($uploadedfile, "banners/$filename"))

				{

					$moveSuccess = true;

				}

			}

			else

			{

				if (move_uploaded_file($uploadedfile, "banners/$filename"))

				{

					$moveSuccess = true;

				}

			}

			

			if ($moveSuccess == true)

			{

				## Insert database record

				$id = mysql_real_escape_string($id);

				$query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid) VALUES ('screenshot', $id, $user->id, $time, '$filename', 1)";

				$result = mysql_query($query) or die('Query failed: ' . mysql_error());



				## Store the seriesid for the XML updater

				seriesupdate($id);

				$message = "Screenshot successfully added";

			}

		}



    }

    $tab = 'game-edit';

	

	//header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	//exit;

}

	

if ($function == 'Upload Clear Logo') {

	$message = null;

	$errormessage = null;

	

	if(isset($bannerfile))

	{

		$uploadedfile = $bannerfile;

	}

	else

	{

		$uploadedfile = $_FILES['bannerfile']['tmp_name'];

	}

	

	## Get image Dimensions, Format Type & Attributes

	list($image_width, $image_height, $image_type, $image_attr) = getimagesize($uploadedfile);

	

	## Check if the image is the right size

	if ($image_width == 400 && $image_height <= 250) {

		

		$resolution = $image_width . "x" . $image_height;

		

		## Check if it's a PNG format image

		if ($image_type == '3') {

			

			 ## Check if this game already has a ClearLOGO uploaded

			if(file_exists("banners/clearlogo/$id.png"))

			{

				$errormessage = "This game already has a ClearLOGO uploaded.<br>Please delete the current image before attempting to upload another.";

			}

			else

			{

				$filename = "clearlogo/$id.png";

				

				## Rename/move the file

				if(isset($bannerfile))

				{

					if(rename($uploadedfile, "banners/$filename"))

					{

						$moveSuccess = true;

					}

				}

				else

				{

					if (move_uploaded_file($uploadedfile, "banners/$filename"))

					{

						$moveSuccess = true;

					}

				}

				

				if ($moveSuccess == true)

				{

					## Insert database record

					$id = mysql_real_escape_string($id);

					$query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution) VALUES ('clearlogo', $id, $user->id, $time, 'clearlogo/$id.png', 1, '$resolution')";

					$result = mysql_query($query) or die('Query failed: ' . mysql_error());

					

					$message .= "ClearLOGO sucessfully added.";

				}

			}

		}

		else

		{

			$errormessage = 'ClearLOGO\'s MUST be in PNG format.';

		}

	}

	else

	{

		$errormessage = 'ClearLOGO\'s MUST be 400 pixels wide by a maximum of 250px tall';

	}

	

	$tab = "game-edit";

	

	//header("Location: $baseurl/game-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	//exit;

}



if ($function == 'Lock Game') {

    ## Prepare SQL

    $id = mysql_real_escape_string($id);

    $query = "UPDATE games SET locked='yes', lockedby=$user->id  WHERE id=$id";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());

}

if ($function == 'UnLock Game') {

    ## Prepare SQL

    $id = mysql_real_escape_string($id);

    $query = "UPDATE games SET locked='no', lockedby=''  WHERE id=$id";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());

}











## Change A Series Banner's Language

if ($function == 'Change Language' AND $adminuserlevel == 'ADMINISTRATOR') {

    ## Prepare SQL

    $id = mysql_real_escape_string($id);

    $query = "UPDATE banners SET languageid=$languageid WHERE id=$id";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());

    $message = 'Banner Language Changed.';

}





/*

 * Platform Functions

 */



if ($function == 'Save Platform') {

	$message = null;

	$errormessage = null;

	

    $updates = array();

    foreach ($_POST AS $key => $value) {

        if ($key != 'function' && $key != 'platformid' && $key != 'alias') {

            $value = rtrim($value);

            $value = ltrim($value);

            if ($value) {

                $key = mysql_real_escape_string($key);

                $value = strip_tags($value, '');

                $value = mysql_real_escape_string($value);

                $value = htmlspecialchars($value, ENT_QUOTES);

                array_push($updates, "$key='$value'");

            } else {

                array_push($updates, "$key=NULL");

            }

        }

    }



	$alias = trim($alias);

	$alias = strtolower($alias);

	$alias = str_ireplace(" ", "-", $alias);

	$alias = preg_replace("/[^a-z0-9\-]/", "", $alias);

	

	if($aliasResult = mysql_query(" SELECT p.id FROM platforms AS p WHERE p.alias = '$alias' AND p.id != $platformid "))

	{

		if(mysql_num_rows($aliasResult) == 0)

		{

			array_push($updates, "alias='$alias'");

		}

		else

		{

			$errormessage = "Alias ($alias) already exists... please choose another.";

		}

	}

	

    ## Join the fields and run the query

    $updatestring = implode(', ', $updates);

    $query = "UPDATE platforms SET $updatestring WHERE id=$platformid";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    // Add Audit

    if (!empty($updatestring)) {

        //$sql = "INSERT INTO audits values(NULL, {$_SESSION['userid']}, 'updated', $id, NULL)";

        //mysql_query($sql);

    }

    $message .= 'Platform Saved.';



    $id = $platformid;

    $tab = 'platform-edit';

	

	header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	exit;

}



if ($function == 'Upload Platform Icon') {

	$message = null;

	$errormessage = null;

	

    $id = mysql_real_escape_string($id);

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['iconfile']['tmp_name']);

    $resolution = $image_width . 'x' . $image_height;

	

	if ($image_type == 3)

	{

        $errormessage = "";

    }

	else

	{

		$errormessage = "Your image MUST be in PNG format.<br>";

	}



    ## No errors, so we can process it

    if ($errormessage == "") 

	{	

		if(!empty($platformAlias))

		{

			$fileid = $platformAlias . "-" . time();

		}

		else

		{

			$fileid = $platformId . "-" . time();

		}

		

		$filename = "$fileid.png";

		

		$dimensions = array(16, 24, 32, 48);

		

		$prevIconQuery = mysql_query(" SELECT icon FROM platforms WHERE id = $platformId LIMIT 1 ");

		$prevIconResults = mysql_fetch_object($prevIconQuery);

		$prevIconFilename = $prevIconResults->icon;

		

		if($prevIconFilename != "console_default.png")

		{

			foreach($dimensions AS $dim)

			{

				unlink("images/common/consoles/png$dim/$prevIconFilename");

			}

		}

		

		include_once('simpleimage.php');

		

		foreach($dimensions AS $dim)

		{

			$image = new SimpleImage();

			$image->load($_FILES['iconfile']['tmp_name']);

			$image->resize($dim, $dim);

			$image->save("images/common/consoles/png$dim/$filename");

			$image = null;

		}



		if ($errormessage == false) {

			## Insert database record

			$query = " UPDATE platforms SET icon = '$filename' WHERE id = $platformId ";

			if($result = mysql_query($query))

			{

				$message .= "Platform Icon Sucessfully Updated.";

			}

			else

			{

				$errormessage = "There was a problem whilst updating the database entry for this platform icon.";

			}

		}



		$tab = 'platform-edit';

		

		header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

		exit;

	}

}



if ($function == 'Upload Platform Box Art') {

	$message = null;

	$errormessage = null;

	

    $id = mysql_real_escape_string($id);

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['bannerfile']['tmp_name']);

    $resolution = $image_width . 'x' . $image_height;

	

	if ($image_type == 2 || $image_type == 3)

	{

        $errormessage = "";

    }

	else

	{

		$errormessage = "Your image MUST be either in JPG or PNG format.<br>";

	}



    ## No errors, so we can process it

    if ($errormessage == "") 

	{	

		$fileid = 1;

		while (file_exists("banners/platform/boxart/$id-$fileid.jpg") || file_exists("banners/platform/boxart/$id-$fileid.png")) {

			$fileid++;

		}

		

		## See if image is jpeg format

		if($image_type == 2)

		{

			$filename = "platform/boxart/$id-$fileid.jpg";

		}

		## or see if image is png format

		elseif($image_type == 3)

		{

			$filename = "platform/boxart/$id-$fileid.png";

		}

		if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], "banners/$filename")) {

			## Insert database record

			$id = mysql_real_escape_string($id);

			$colors = mysql_real_escape_string($colors);

			$query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution) VALUES ('platform-boxart', $id, $user->id, $time, '$filename', 1, '$resolution')";

			$result = mysql_query($query) or die('Query failed: ' . mysql_error());

		}



		$message .= "Platform Art Sucessfully Added.";

		$tab = 'platform-edit';

		

		header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

		exit;

	}

}



if ($function == 'Upload Platform Fan Art') {

	$message = null;

	$errormessage = null;

	

    $id = mysql_real_escape_string($id);



    ## Check if the image is the right size

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['bannerfile']['tmp_name']);

    $resolution = $image_width . 'x' . $image_height;

    if ($resolution != '1920x1080' && $resolution != '1280x720') {

        $errormessage .= "Your image is not a valid fan art resolution.<br>";

    }

    if ($image_type != 2) {

        $errormessage .= "Your image MUST be in JPG format.<br>";

    }

    if (($resolution == '1920x1080' && filesize($_FILES['bannerfile']['tmp_name']) / 1024 > 2000) || ($resolution == '1280x720' && filesize($_FILES['bannerfile']['tmp_name']) / 1024 > 600)) {

        $errormessage .= "Your image exceeds the size restrictions.<br>";

    }



    ## No errors, so we can process it

    if ($errormessage == "") {



        ## Generate the new filename

        $fileid = 1;

        while (file_exists("banners/platform/fanart/$id-$fileid.jpg")) {

            $fileid++;

        }

        $filename = "platform/fanart/$id-$fileid.jpg";

		

        if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], "banners/$filename")) {



            ## Calculate the colors

            $colors = imagecolors("banners/$filename");



            ## Insert database record

            $id = mysql_real_escape_string($id);

            $colors = mysql_real_escape_string($colors);

            $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename, languageid, resolution, colors) VALUES ('platform-fanart', $id, $user->id, $time, '$filename', 1, '$resolution', '$colors')";

            $result = mysql_query($query) or die('Query failed: ' . mysql_error());

        }



        $message = "Fan art successfully added";

    }

    $tab = 'platform-edit';

	

	header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	exit;

}



if ($function == 'Upload Platform Banner') {

	$message = null;

	$errormessage = null;

	

    ## Check if the image is the right size

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['bannerfile']['tmp_name']);

    if ($image_width == 760 && $image_height == 140) {

        if ($image_type == '2' || $image_type == '3') { ## Check if it's a JPEG or png

			if ($image_type == '2') { ## If it's a JPEG name the extesion accordingly

				## Generate the new filename

					if (file_exists("banners/platform/banners/$id-1.jpg") || file_exists("banners/platform/banners/$id-1.png")) {

						$filekey = 2;

						while (file_exists("banners/$id-$filekey.jpg") || file_exists("banners/$id-$filekey.png")) {

							$filekey++;

						}

						$filename = "platform/banners/$id-$filekey.jpg";

					} else {

						$filename = "platform/banners/$id-1.jpg";

					}

			}

			elseif ($image_type == '3') { ## If it's a PNG name the extesion accordingly

				## Generate the new filename

					if (file_exists("banners/$id.jpg") || file_exists("banners/$id.png")) {

						$filekey = 2;

						while (file_exists("banners/$id-$filekey.jpg") || file_exists("banners/$id-$filekey.png")) {

							$filekey++;

						}

						$filename = "platform/banners/$id-$filekey.png";

					} else {

						$filename = "platform/banners/$id-1.png";

					}

			}

			

            ## Rename/move the file

            if (move_uploaded_file($_FILES['bannerfile']['tmp_name'], "banners/$filename")) {



                ## Insert database record

                $id = mysql_real_escape_string($id);

                $subkey = mysql_real_escape_string($subkey);

                $query = "INSERT INTO banners (keytype, keyvalue, userid, dateadded, filename) VALUES ('platform-banner', $id, $user->id, $time, '$filename')";

                $result = mysql_query($query) or die('Query failed: ' . mysql_error());

            }

        } else {

            $errormessage = 'Game banners MUST be in either JPG or PNG format.';

        }

    } else {

        $errormessage = 'Game banners MUST be 760px wide by 140px tall';

    }

	$message .= "Banner sucessfully added.";

	

	header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	exit;

}



if ($function == 'Upload Controller Art') {

	$message = null;

	$errormessage = null;

	

    ## Get image Dimensions, Format Type & Attributes

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['controllerartfile']['tmp_name']);

	

    ## Check if the image is the right size

    if ($image_width == 300 && $image_height == 300) {

		

		## Check if it's a PNG format image

        if ($image_type == '3') {

			

			## Generate the new filename

			if (file_exists("banners/platform/controllerart/$id.png"))

			{

				unlink("banners/platform/controllerart/$id.png");

			}



			## Rename/move the file

			if (move_uploaded_file($_FILES['controllerartfile']['tmp_name'], "banners/platform/controllerart/$id.png")) {



				## Insert database record

				$id = mysql_real_escape_string($id);

				$query = "UPDATE platforms SET controller = '$id.png' WHERE id = $id";

				$result = mysql_query($query) or die('Query failed: ' . mysql_error());

				

				$message .= "Controller art sucessfully added.";

			}



        }

		else

		{

            $errormessage = 'Controller art MUST be in PNG format.';

        }

    } else {

        $errormessage = 'Controller art MUST be 300px wide by 300px tall';

    }

	

	header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	exit;

}



if ($function == 'Upload Console Art') {

	$message = null;

	$errormessage = null;

	

    ## Get image Dimensions, Format Type & Attributes

    list($image_width, $image_height, $image_type, $image_attr) = getimagesize($_FILES['consoleartfile']['tmp_name']);

	

    ## Check if the image is the right size

    if ($image_width == 300 && $image_height == 300) {

		

		## Check if it's a PNG format image

        if ($image_type == '3') {

			

			## Generate the new filename

			if (file_exists("banners/platform/consoleart/$id.png"))

			{

				unlink("banners/platform/consoleart/$id.png");

			}



			## Rename/move the file

			if (move_uploaded_file($_FILES['consoleartfile']['tmp_name'], "banners/platform/consoleart/$id.png")) {



				## Insert database record

				$id = mysql_real_escape_string($id);

				$query = "UPDATE platforms SET console = '$id.png' WHERE id = $id";

				$result = mysql_query($query) or die('Query failed: ' . mysql_error());

				

				$message .= "Console art sucessfully added.";

			}



        }

		else

		{

            $errormessage = 'Console art MUST be in PNG format.';

        }

    } else {

        $errormessage = 'Console art MUST be 300px wide by 300px tall';

    }

	

	header("Location: $baseurl/platform-edit/$id/?message=" . urlencode($message) . "&errormessage=" . urlencode($errormessage)); 

	exit;

}





if ($function == 'Delete Controller Art') {

	if ($adminuserlevel == 'ADMINISTRATOR')

	{

		if(unlink("banners/platform/controllerart/$id.png"))

		{		

			$query = "UPDATE platforms SET controller = NULL WHERE id = $id";

			if($result = mysql_query($query))

			{

				$message .= "Controller art sucessfully deleted.";

			}

		}

	}

}



if ($function == 'Delete Console Art') {

	if ($adminuserlevel == 'ADMINISTRATOR')

	{

		if(unlink("banners/platform/consoleart/$id.png"))

		{		

			$query = "UPDATE platforms SET console = NULL WHERE id = $id";

			if($result = mysql_query($query))

			{

				$message .= "Console art sucessfully deleted.";

			}

		}

	}

}



/*

 * Comments Functions

 */



function check_input($value)

{

// Stripslashes

if (get_magic_quotes_gpc())

  {

  $value = stripslashes($value);

  }

// Quote if not a number

if (!is_numeric($value))

  {

  $value = "'" . mysql_real_escape_string($value) . "'";

  }

return $value;

}

 

if ($function == 'Add Game Comment') {

	$comment = htmlspecialchars($comment, ENT_QUOTES);

	$userid = check_input($userid);

	$gameid = check_input($gameid);

	$commentQuery = mysql_query(" INSERT INTO comments (userid, gameid, comment, timestamp) VALUES ('$userid', '$gameid', '$comment', FROM_UNIXTIME($time)) ") or die('Query failed: ' . mysql_error());

}



if ($function == 'Delete Game Comment') {

	$commentQuery = mysql_query(" DELETE FROM comments WHERE id = $commentid ") or die('Query failed: ' . mysql_error());

}





#####################################################

## REGISTRATION AND PASSWORD FUNCTIONS

#####################################################

if ($function == 'Register') {

    ## Check for exact matches for username

    $username = mysql_real_escape_string($username);

    $userpass1 = mysql_real_escape_string($userpass1);

    $userpass2 = mysql_real_escape_string($userpass2);

    $email = mysql_real_escape_string($email);

    $languageid = mysql_real_escape_string($languageid);

    $uniqueid = strtoupper(substr(md5(uniqid(rand(), true)), 0, 16));

    $query = "SELECT * FROM users WHERE username='$username'";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());



    ## Insert if it doesnt exist already

    if (mysql_num_rows($result) == 0) {

        if ($userpass1 == $userpass2 && $userpass1 != '') {

            if ($email) {

                $query = "INSERT INTO users (username, userpass, emailaddress, languageid, uniqueid) VALUES ('$username', PASSWORD('$userpass1'), '$email', $languageid, '$uniqueid')";

                $result = mysql_query($query) or die('Query failed: ' . mysql_error());

                $tab = 'mainmenu';

                $message = '<p style=\"font-size: x-small !important;\"><strong><em>Thank you for registering with TheGamesDB!</em></strong><p>You will receive an email confirmation with your account information shortly.  Please proceed to the <a href=\"$baseurl/?tab=login\">Login</a> screen and review our terms and conditions.  If you have any questions, please visit our forums.  We hope you enjoy your stay!</p>';

				

				## Email it to the user

				$from = "TheGamesDB <$mail_username>";

				$host = $mail_server;

				$to = $username . '<' . $email . '>';

				$subject = "Thank you for registering with TheGamesDB.net";

				$emailmessage = "Thank you for registering with TheGamesDB.net.\n\nHere is your new login information:\nusername: $username\npassword: $userpass1\n\nIf you have forgotten your password you can reset it by visiting: http://www.thegamesdb.net/?tab=password\n\nIf you have any questions, please let us know.\n\nTheGamesDB Crew.";

				$headers = 'From: ' . $from;

				mail($to, $subject, wordwrap($emailmessage, 70), $headers);

            } else {

                $errormessage = 'Email address is required.';

            }

        } else {

            $errormessage = 'Passwords do not match or are below the minimum required length.';

        }

    } else {

        $errormessage = 'Username already exists.  Please try another.';

    }

}





if ($function == 'Reset Password') {

    ## Get their email address and username

    $email = mysql_real_escape_string($email);

    $query = "SELECT emailaddress, username, id FROM users WHERE emailaddress='$email'";

    $result = mysql_query($query) or die('Query failed: ' . mysql_error());

    $db = mysql_fetch_object($result);



    ## If we found a match

    if ($db->id) {

        ## Generate a random password

        $newpass = genpassword(8);



        ## Set it in the database

        $newpass = mysql_real_escape_string($newpass);

        $query = "UPDATE users SET userpass=PASSWORD('$newpass') WHERE id='$db->id'";

        $result = mysql_query($query) or die('Query failed: ' . mysql_error());



        ## Email it to the user

        $from = "TheGamesDB <$mail_username>";

        $host = $mail_server;

        $to = $db->username . '<' . $db->emailaddress . '>';

        $subject = "Your account information";

        $message = "This is an automated message.\n\nYour GamesDB password has been reset.\n\nHere is your new login information:\nusername: $db->username\npassword: $newpass\n\nIf you have any questions, please let us know.\n\nTheGamesDB Crew\n";

        $headers = 'From: ' . $from;

        mail($to, $subject, wordwrap($message, 70), $headers);



        $message = 'Login information has been sent.';

    } else {

        $errormessage = 'That address cannot be found.';

    }

}





if ($function == 'Update User Information') {

    $user->languageid = $languageid;



    ## Update password and email address

    if ($userpass1 == $userpass2 && $userpass1 != '' && $email != '') {

        $userpass1 = mysql_real_escape_string($userpass1);

        $userpass2 = mysql_real_escape_string($userpass2);

        $email = mysql_real_escape_string($email);

        $languageid = mysql_real_escape_string($languageid);

        $favorites_displaymode = mysql_real_escape_string($favorites_displaymode);

        $query = "UPDATE users SET userpass=PASSWORD('$userpass1'), emailaddress='$email', languageid=$languageid, favorites_displaymode='$favorites_displaymode' WHERE id=$user->id";

        $result = mysql_query($query) or die('Query failed: ' . mysql_error());

        $message = 'Account was successfully updated.';

    }

    ## Error.. passwords were entered, but don't match

    else if ($userpass1 || $userpass2) {

        $errormessage = 'Passwords do not match.';

    }

    ## Update email address

    else if ($email) {

        $email = mysql_real_escape_string($email);

        $languageid = mysql_real_escape_string($languageid);

        $favorites_displaymode = mysql_real_escape_string($favorites_displaymode);

        $query = "UPDATE users SET emailaddress='$email', languageid=$languageid, favorites_displaymode='$favorites_displaymode' WHERE id=$user->id";

        $result = mysql_query($query) or die('Query failed: ' . mysql_error());

        $message = 'Account was successfully updated (no password change).';

    }

    ## Error... empty emailaddress

    else {

        $errormessage = 'Naughty naughty... an email address is required.';

    }

}



## Update Users Image

if ($function == 'Update User Image') {

	if($_FILES['userimage']['error'] == 0)

	{

		$existingfiles = glob("banners/users/" . $user->id . "*.jpg");

		foreach ($existingfiles as $userfile)

		{

			unlink($userfile);

		}

		$filename = $_FILES['userimage']['name'];

		$image = WideImage::load($_FILES['userimage']['tmp_name']);

		$resized = $image->resize(64, 64);

		$resized->saveToFile("banners/users/" . $user->id . "-" . date("YmdHis") . ".jpg");

		$message = "Successfully Uploaded User Image";

	}

	else

	{

		$errormessage = "There was a problem uploading the image. Try again or use a different image.";

	}

}



## Administrator's User Update Form

if ($function == 'Admin Update User') {

    ## Prepare the fields

    $form_userlevel = mysql_real_escape_string($form_userlevel);

    $languageid = mysql_real_escape_string($languageid);

    $bannerlimit = mysql_real_escape_string($bannerlimit);

    $form_active = mysql_real_escape_string($form_active);



    ## Update password and all other fields

    if ($userpass1 == $userpass2 && $userpass1 != '' && $email != '' && $username != '') {

        $username = mysql_real_escape_string($username);

        $userpass1 = mysql_real_escape_string($userpass1);

        $userpass2 = mysql_real_escape_string($userpass2);

        $email = mysql_real_escape_string($email);

        $query = "UPDATE users SET username='$username', userpass=PASSWORD('$userpass1'), emailaddress='$email', userlevel='$form_userlevel', languageid='$languageid', bannerlimit='$bannerlimit', active='$form_active', lastupdatedby_admin='$user->id' WHERE id='$id'";

        $result = mysql_query($query) or die('Query failed: ' . mysql_error());

        $message = 'Account was successfully updated.';

    }

    ## Error.. passwords were entered, but don't match

    else if ($userpass1 || $userpass2) {

        $errormessage = 'Passwords do not match.';

    }

    ## Update all fields except password

    else if ($email != '' && $username != '') {

        $username = mysql_real_escape_string($username);

        $email = mysql_real_escape_string($email);

        $query = "UPDATE users SET username='$username', emailaddress='$email', userlevel='$form_userlevel', languageid='$languageid', bannerlimit='$bannerlimit', active='$form_active', lastupdatedby_admin='$user->id' WHERE id=$id"…