Attention
this Code needs a little securing
Your Way open for a sql injection on this so bad
PHP Code:
if ($_GET["act"] == "Arcade") {
switch ($_POST['gname'])
{
case "asteroids":
$game = 1;
$level = 1;
$score = $_POST['score'];
break;
case "breakout":
$game = 2;
$level = 1;
$score = $_POST['gscore'];
break;
case "hexxagon":
$game = 3;
$level = 1;
$score = $_POST['gscore'];
break;
case "invaders":
$game = 4;
$level = 1;
$score = $_POST['score'];
break;
case "moonlander":
$game = 5;
$level = 1;
$score = $_POST['gscore'];
break;
case "pacman":
$game = 6;
$level = 1;
$score = $_POST['gscore'];
break;
case "psol":
$game = 7;
$level = 1;
$score = $_POST['gscore'];
break;
case "simon":
$game = 8;
$level = 1;
$score = $_POST['gscore'];
break;
case "snake":
$game = 9;
if($_POST['levelName'] == "LEVEL: SLUG") $level = 1;
elseif($_POST['levelName'] == "LEVEL: WORM") $level = 2;
elseif($_POST['levelName'] == "LEVEL: PYTHON") $level = 3;
$score = $_POST['score'];
break;
case "tetris":
$game = 10;
$level = $_POST['level'];
$score = $_POST['gscore'];
break;
}
db::run("SELECT count(*), min(score) FROM flashscores WHERE game = $game");
$arr = db::firstrow(MYSQL_NUM);
if ($arr[0] < 15 or $arr[1] < $score) {
db::run("INSERT INTO flashscores (game , user , level , score, date) VALUES ('".$game."', '".$CURUSER['id']."', '".$level."', '".$score."', NOW())");
if ($arr[0] >= 15)
db::run("DELETE FROM flashscores WHERE game = $game AND score = $arr[1]");
header("Location: games.php?gametype=7&act=win&gameid=$game");
} else
header("Location: games.php?gametype=7&act=notwin&gameid=$game");
die;
}
//Szavazas megkapása
if (is_valid_id($_GET["pollid"])) {
$choice = $_GET["choice"];
$pollid = $_GET["pollid"];
header("Content-Type: text/html; charset=iso-8859-2");
if (($choice > 100) || !is_numeric($choice) || !(round($choice) == $choice))
die("Rossz szavazat!");
if (!db::count("polls WHERE id = $pollid"))
die("Rossz szavazás ID.");
if (db::count("pollanswers WHERE pollid = $pollid and userid = ".$CURUSER['id']))
die("Már szavaztál ebben a szavazásban.");
db::run("INSERT INTO pollanswers VALUES($pollid, ".$CURUSER['id'].", $choice)");
if (!db::$aff)
die("Hiba lépett fel.");
db::run("UPDATE users SET new_poll = 0 WHERE id = ".$CURUSER["id"]);
bonus("+2");
polltable($pollid);
die;
}
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent
Do not ask me to make a mod for any other source
Do not Ask me to setup your site.
I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in
BT.Manager™ forum
My Current Demo is here
http://demo.btmanager.org/