Xtremer360 Posted November 11, 2009 Share Posted November 11, 2009 To show what is happening I have this going on: http://defiantwrestling.net/backstage/backstage.php I don't have my DB set up yet but that all bottom part shouldn't be showing anyway until after the user logs in. Don't know why it's loading. <?php ob_start("ob_gzhandler"); // cache system require "backstageconfig.php"; require "backstagefunctions.php"; if ((!empty($_POST)) && (isset($_POST['action']))) { $action=$_POST{'action'}; } else { $action="mainmenu"; } if ((isset($_POST['uname'])) && (isset($_POST['pword']))) { $uname=$_POST{'uname'}; $pword=md5($_POST{'pword'}); validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile); $action="mainmenu"; } elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword'])))) { require_once "backstage_libs/login.php"; login($admincssfile,$fed,$url); } else { $uname=$_COOKIE["uname"]; $pword=$_COOKIE["pword"]; validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile); if (isset($_POST['newdefaultcharacterid'])) { $newdefaultcharacterid = (integer)$_POST["newdefaultcharacterid"]; $query = "UPDATE efed_handler SET default_char_id = '$newdefaultcharacterid' WHERE login = '$uname' and fed_id = '$fedid'"; mysql_db_query($dbname, $query) or Die (mysql_error()); } } $query = "SELECT h.id as userid, h.surname as surname, h.firstname as firstname, h.isadmin as isadmin, newscat.id as defaultcategoryid, bio.id as defaultcharacterid, bio.style_id as styleid, bio.username as defaultcharacterusername, bio.charactername as defaultcharactername, styles.name as style FROM efed_handler as h LEFT JOIN efed_bio as bio ON ( h.default_char_id = bio.id and bio.fed_id = '$fedid' ) LEFT JOIN efed_list_styles as styles ON ( bio.style_id = styles.id and bio.fed_id = '$fedid' ) LEFT JOIN efed_list_newscategory as newscat ON ( h.default_news_id = newscat.id and newscat.fed_id = '$fedid' ) WHERE h.login = '$uname' and h.password = '$pword' and h.fed_id = '$fedid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $fieldarray=array('userid','surname','firstname','isadmin','defaultcharacterid','defaultcharacterusername','defaultcharactername','defaultcategoryid','styleid','username','style','charactername'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $$fieldlabel=$row[$fieldlabel]; $$fieldlabel=cleanquerydata($$fieldlabel); } } } if ($action != "logout") { headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums); } else { headercode($fedid,$admincssfile,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0); } // print "<center>\n"; switch ($action) { case "mainmenu": mainscreen(); print "</div>\n"; footercode(); break; case "login": require_once "backstage_libs/login.php"; login($admincssfile,$fed,$url); break; case "handler": if ($isadmin == "1") { require_once "backstage_libs/handler.php"; handler($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$ip); } break; case "character": require_once "backstage_libs/character.php"; character($fedid,$uname,$pword,$userid,$dirpath,$isadmin,$admincssfile,$dbname,$sortorderarray,$iframe,$defaultcharacterid,$styleid,$defaultcharacterusername,$heatmetersenabled,$heatmeters); break; case "newscategory": if ($isadmin == "1") { require_once "backstage_libs/newscategory.php"; newscategory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$targetarray); } break; case "news": require_once "backstage_libs/news.php"; news($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcategoryid,$ip,$defaultcharacterid,$defaultcharactername); break; case "content": if ($isadmin == "1") { require_once "backstage_libs/content.php"; content($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "template": if ($isadmin == "1") { require_once "backstage_libs/template.php"; template($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "biolayout": if ($isadmin == "1") { require_once "backstage_libs/biolayout.php"; biolayout($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "quotes": require_once "backstage_libs/quotes.php"; quotes($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername); break; case "alliesrivals": require_once "backstage_libs/alliesrivals.php"; alliesrivals($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$numalliesrivals,$defaultcharacterid,$defaultcharactername,$defaultcharacterusername); break; case "roleplay": require_once "backstage_libs/roleplay.php"; roleplay($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername); break; case "champions": if ($isadmin == "1") { require_once "backstage_libs/champions.php"; champions($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "title": if ($isadmin == "1") { require_once "backstage_libs/title.php"; title($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "titlehistory": if ($isadmin == "1") { require_once "backstage_libs/titlehistory.php"; titlehistory($uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "division": if ($isadmin == "1") { require_once "backstage_libs/division.php"; division($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "eventname": if ($isadmin == "1") { require_once "backstage_libs/eventname.php"; eventname($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); } break; case "eventbooker": if ($isadmin == "1") { require_once "backstage_libs/eventbooker.php"; eventbooker($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); } break; case "submitmatch": require_once "backstage_libs/submitmatch.php"; submitmatch($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); break; case "submitseg": require_once "backstage_libs/submitseg.php"; submitseg($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); break; case "resultscompilation": if ($isadmin == "1") { require_once "backstage_libs/resultscompilation.php"; resultscompilation($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); } break; case "resultsediting": if ($isadmin == "1") { require_once "backstage_libs/resultsediting.php"; resultsediting($uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); } break; case "menustructures": if ($isadmin == "1") { require_once "backstage_libs/menustructures.php"; menustructures($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); } break; case "arenas": if ($isadmin == "1") { require_once "backstage_libs/arenas.php"; arenas($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url); } break; case "manageapplications": if ($isadmin == "1") { require_once "backstage_libs/manageapplications.php"; manageapplications($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url); } break; case "logout": SetCookie ("uname", ""); SetCookie ("pword", ""); require_once "backstage_libs/login.php"; login($admincssfile,$fed,$url); break; default: print "Default Screen<br />"; footercode(); break; } exit; ?> Quote Link to comment Share on other sites More sharing options...
darkvengance Posted November 11, 2009 Share Posted November 11, 2009 Well before I can help you out, where is the code that is suppose to print that out? is it in the mainscreen() function or something? Also why not use sessions instead of cookies, it would probably be a little easier then what you are doing there. Quote Link to comment Share on other sites More sharing options...
lesliehoop Posted November 11, 2009 Share Posted November 11, 2009 Nice post,pretty much informative. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted November 11, 2009 Author Share Posted November 11, 2009 <?php function cleanquerydata($field) { $field = stripslashes($field); $field = str_replace ( '&', '&', $field ); $field = str_replace ( '<', '<', $field ); $field = str_replace ( '>', '>', $field ); $field = str_replace ( '"', '"', $field ); $field = str_replace ( '…', '…', $field ); $field = str_replace ( '’', '’', $field ); $field = str_replace ( '‘', '‘', $field ); $field = str_replace ( '“', '"', $field ); $field = str_replace ( '”', '"', $field ); $field = str_replace ( '–', '–', $field ); // $field = strip_tags($field); return $field; } function cleanformdata($field) { $field = stripslashes($field); $field = htmlspecialchars($field); $field = str_replace ( '\'', ''', $field ); return $field; } function convertdate($date) { list ($year, $month, $day) = split ('-', $date); $date=trim($day)."-".trim($month)."-".trim($year); return $date; } function validate($fedid, $uname, $pword, $userid, $isadmin, $cookiedomain, $cookiepath, $admincssfile) { $badcharacters=array('\'','<','>','&','=',' '); foreach ($badcharacters as $badcharacter) { if (preg_match("/[$badcharacter]/i", "$uname")) { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Authentication Error!</h1><br />\n"; print "Error: Invalid Login Details!<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div></div>\n"; print "</div>\n"; print "</div>\n"; print "</body>\n"; print "</html>\n"; exit; } } $query = "SELECT h.password as password, h.enabled as enabled FROM efed_handler as h WHERE h.login = '$uname' and h.fed_id = '$fedid'"; $result = mysql_query ($query); $num = mysql_numrows( $result ); if ($num != "1") { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Authentication Error!</h1><br />\n"; print "Error: Invalid Username!<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div></div>\n"; footercode(); exit; } while ($row = mysql_fetch_assoc($result)) { $password=$row['password']; $enabled=$row['enabled']; } if ($pword != $password) { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Authentication Error!</h1><br />\n"; print "Error: Invalid Password<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div>\n"; footercode(); exit; } if ($enabled == "0") { SetCookie ( "uname", ""); SetCookie ( "pword", ""); print "<h1 class=backstage>Login Error!</h1><br />\n"; print "Error: This Account has been deactivated. Please contact the site administrator.<br /><br />"; print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n"; print "</center></div>\n"; footercode(); exit; } SetCookie( "uname", $uname, 0, $cookiepath, $cookiedomain); SetCookie( "pword", $pword, 0, $cookiepath, $cookiedomain); // SetCookie( "uname", $uname, time()+1000000, $cookiepath, $cookiedomain); // SetCookie( "pword", $pword, time()+1000000, $cookiepath, $cookiedomain); } function returnmain() { print "<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value=\"Return to Main Menu\" class=button200></form></h2>\n"; print "</center></div>\n"; } function randomquote($dirpath,$headshot,$bioheadheight,$bioheadwidth) { $query = "SELECT bio.username as username, bio.charactername as charactername, quotes.quote as quote FROM efed_bio as bio INNER JOIN efed_bio_quotes as quotes ON ( bio.id = quotes.bio_id ) WHERE bio.status_id = '1' ORDER BY rand() LIMIT 1"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $username=cleanquerydata($row['username']); $charactername=cleanquerydata($row['charactername']); $quote=cleanquerydata($row['quote']); } $randomquote = "<a href=\"/bio.php?username=".$username."\" title=\"View ".$charactername."'s Biography\">"; if (file_exists("$dirpath/backstage_rosterheadshot.php")) { $randomquote .= "<img src=\"/backstage_rosterheadshot.php?username=".$username."\" height=\"".$bioheadheight."\" width=\"".$bioheadwidth."\" border=\"0\">"; } else { if (file_exists("$dirpath$headshot/$username.jpg")) { $randomquote .= "<img src=\"".$headshot."/".$username.".jpg\" height=\"".$bioheadheight."\" width=\"".$bioheadwidth."\" border=\"0\">"; } else { $randomquote .= "<img src=\"".$headshot."/default.jpg\" height=\"".$bioheadheight."\" width=\"".$bioheadwidth."\" border=\"0\">"; } } $randomquote .= "</a><br /><br />"; $randomquote .= strip_tags($quote); $randomquote .= "<br /><br />"; $randomquote .= $charactername; $randomquote .= "<br /><br />"; print $randomquote; } function getcharactername($userid) { $query = "SELECT bio.charactername as charactername FROM efed_bio as bio WHERE bio.id = '$userid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $character=cleanquerydata($row['charactername']); } return $character; } function getcharactershortname($username) { $query = "SELECT bio.charactershortname as charactershortname FROM efed_bio as bio WHERE bio.username = '$username'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $charactershortname=cleanquerydata($row['charactershortname']); } return $charactershortname; } function getgroupname($groupid) { $query = "SELECT fieldgroups.name as getname FROM efed_list_customfield_groups as fieldgroups WHERE fieldgroups.id = '$groupid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $getname=cleanquerydata($row['getname']); } return $getname; } function getcontentname($contentid) { $query = "SELECT content.description as contentname FROM efed_site_content as content WHERE content.id = '$contentid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $contentname=cleanquerydata($row['contentname']); } return $contentname; } function getusername($userid) { $query = "SELECT bio.username as username FROM efed_bio as bio WHERE bio.id = '$userid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $username=cleanquerydata($row['username']); } return $username; } function checkcharacter($fedid,$userid,$defaultcharacterid) { $query = "SELECT handler.id as handlerid FROM efed_handler_characters as handler INNER JOIN efed_handler as h ON ( h.id = handler.handler_id ) WHERE handler.handler_id = '$userid' and handler.bio_id = '$defaultcharacterid' and h.fed_id = '$fedid'"; $result = mysql_query ($query); $numrows = mysql_numrows($result); return $numrows; } function confirmhandlerloginname($fedid,$characterid,$loginname) { $query = "SELECT handler.login as loginname FROM efed_handler as handler INNER JOIN efed_handler_characters as ehc ON ( handler.id = ehc.handler_id ) WHERE ehc.bio_id = '$characterid' and handler.login = '$loginname' and handler.fed_id = '$fedid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $loginname=cleanquerydata($row['loginname']); } return $loginname; } function getuserid($username) { $query = "SELECT bio.id as userid FROM efed_bio as bio WHERE bio.username = '$username'"; $result = mysql_query ($query); $numrows = mysql_numrows($result); if ($numrows > 0) { while ($row = mysql_fetch_assoc($result)) { $userid=cleanquerydata($row['userid']); } } else { $userid = 0; } return $userid; } function getstylename($styleid) { $query = "SELECT style.name as stylename FROM efed_list_styles as style WHERE style.id = '$styleid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $style=cleanquerydata($row['stylename']); return $style; } } function getdivisionname($divisionid) { $query = "SELECT divis.name as division FROM efed_list_divisions as divis WHERE divis.id = '$divisionid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $division=cleanquerydata($row['division']); return $division; } } function getstatusname($statusid) { $query = "SELECT s.name as status FROM efed_list_status as s WHERE s.id = '$statusid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $status=cleanquerydata($row['status']); return $status; } } function getbookingstatusname($statusid) { $query = "SELECT ele.statusname as showstatus FROM efed_list_eventstatus as ele WHERE ele.id = '$statusid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $showstatus=cleanquerydata($row['showstatus']); return $showstatus; } } function getalignmentname($alignmentid) { $query = "SELECT alignment.name as alignmentname FROM efed_list_alignment as alignment WHERE alignment.id = '$alignmentid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $alignmentname=cleanquerydata($row['alignmentname']); return $alignmentname; } } function geteventname($bookingid) { $query = "SELECT ecb.label as label, esn.name as showname FROM efed_content_booking as ecb INNER JOIN efed_list_shownames as esn ON ( ecb.event_id = esn.id ) WHERE ecb.id = '$bookingid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $showname=cleanquerydata($row['showname']); $label=cleanquerydata($row['label']); return ($showname.": ".$label); } } function getmatchname($matchid) { $query = "SELECT em.name as matchname FROM efed_content_matchseg as em WHERE em.id = '$matchid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $matchname=cleanquerydata($row['matchname']); return $matchname; } } function getsegname($contentid) { $query = "SELECT ecs.segname as segname FROM efed_content_showcontents as ecs WHERE ecs.id = '$contentid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $segname=cleanquerydata($row['segname']); return $segname; } } function getmatchwriter($fedid,$matchwriterid) { $query = "SELECT handler.surname as gethandlersurname, handler.firstname as gethandlerfirstname FROM efed_handler as handler WHERE handler.id = '$matchwriterid' and handler.fed_id = '$fedid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $matchwriter=cleanquerydata($row['gethandlersurname']).", ".cleanquerydata($row['gethandlerfirstname']); return $matchwriter; } } function getrpname($rpid) { $query = "SELECT rps.title as rpname FROM efed_content_roleplays as rps WHERE rps.id = '$rpid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $rpname=cleanquerydata($row['rpname']); return $rpname; } } function gettitlename($titleid) { $query = "SELECT titles.name as titlename FROM efed_list_titles as titles WHERE titles.id = '$titleid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $titlename=cleanquerydata($row['titlename']); return $titlename; } } function gettemplatename($templateid) { $query = "SELECT t.description as template FROM efed_site_templates as t WHERE t.id = '$templateid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $template=cleanquerydata($row['template']); return $template; } } function getmatchstatusname($statusid) { $query = "SELECT s.name as status FROM efed_list_matchstatus as s WHERE s.id = '$statusid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $status=cleanquerydata($row['status']); return $status; } } function latestpromo($fedid,$qty,$direction,$promoarchivetarget,$folder,$dirpath,$lp,$lpwidth,$lpheight) { // $direction: h=horizontal, v=vertical $query = "SELECT rp.id as rpid, rp.title as rp_title, bio.username as username, bio.charactername as charactername FROM efed_content_roleplays as rp INNER JOIN efed_bio as bio ON ( rp.bio_id = bio.id ) WHERE rp.fed_id = '$fedid' ORDER BY rp.id desc LIMIT ".$qty; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $fieldarray=array('rpid','rp_title','username','charactername'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $$fieldlabel=$row[$fieldlabel]; $$fieldlabel=cleanquerydata($$fieldlabel); } } if ($promoarchivetarget != "ajax") { print "<a target=".$promoarchivetarget." href=\"".$folder."/content.php?p=rp&rp=".$rpid."\" title=\"".$rp_title."\nA new promo by: ".$charactername."\">"; } else { print "<a title=\"".$rp_title."\nA new promo by: ".$charactername."\" href=\"#top\" onClick=\"ajaxpage('".$folder."/content.php?p=rp&rp=".$rpid."&ajax=yes','ajax');\">"; } if (file_exists("$dirpath/backstage_lpheadshot.php")) { print "<img src=\"/backstage_lpheadshot.php?username=".$username."\" border=\"0\" width=\"".$lpwidth."\" height=\"".$lpheight."\">"; } else { if (file_exists("$dirpath$lp/$username.jpg")) { print "<img src=\"".$lp."/".$username.".jpg\" border=\"0\" width=\"".$lpwidth."\" height=\"".$lpheight."\">"; } else { print "<img src=\"".$lp."/default.jpg\" border=0 width=\"".$lpwidth."\" height=\"".$lpheight."\">"; } } print "</a>"; if ($direction == "v") { print "<br />\n"; } } } function getcategoryname($categoryid) { $query = "SELECT newscat.categoryname as categoryname FROM efed_list_newscategory as newscat WHERE newscat.id = '$categoryid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $categoryname=cleanquerydata($row['categoryname']); return $categoryname; } } function getnewsdate($postid) { $query = "SELECT date_format(news.postdate,'%d-%b-%Y') as postdate FROM efed_content_news as news WHERE news.id = '$postid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $postdate=$row['postdate']; return $postdate; } } function getnewsdateraw($postid) { $query = "SELECT news.postdate as postdate FROM efed_content_news as news WHERE news.id = '$postid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $postdate=$row['postdate']; return $postdate; } } function headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums) { if (isset($_POST['option'])) { $option=$_POST['option']; } // print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"; print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n"; print "\"http://www.w3.org/TR/html4/loose.dtd\">\n"; print "<html>\n"; print "<head>\n"; print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n"; print "<meta http-equiv=\"Content-Style-Type\" content=\"text/css\">\n"; print "<meta http-equiv=\"Content-Language\" content=\"en-us\">\n"; print "<meta name=\"language\" content=\"en-us\">\n"; print "<title>Backstage V2 Administration Console</title>\n"; print "<link rel=\"stylesheet\" href=\"".$admincssfile."\" type=\"text/css\" media=\"screen\">\n"; $admincssfile = str_replace(".css", "_print.css", "$admincssfile"); print "<link rel=\"stylesheet\" href=\"".$admincssfile."\" type=\"text/css\" media=\"print\">\n"; print "<script src=\"/jscripts/scriptaculous/prototype.js\" type=\"text/javascript\"></script>\n"; print "<script src=\"/jscripts/scriptaculous/scriptaculous.js\" type=\"text/javascript\"></script>\n"; print "<script type=\"text/javascript\" src=\"./jscripts/ajax.js\"></script>\n"; print "</head>\n"; print "<body>\n"; print "<div id=container>\n"; print "<div class=header>"; print "<form method=POST name=changedefaultcharacter>\n"; print "<input type=hidden name=action value=mainmenu>\n"; print "<input type=hidden name=newdefaultcharacterid value=0>\n"; print "</form>\n"; print "<script type=\"text/javascript\" language=\"javascript\">\n"; print "function executeformchangedefaultcharacter(newdefaultcharacterid) {\n"; print "document.changedefaultcharacter.newdefaultcharacterid.value = newdefaultcharacterid;\n"; print "document.changedefaultcharacter.submit();\n"; print "}\n"; print "</script>\n"; if ((isset($userid)) && ($userid > "0")) { print "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"95%\">\n"; print "<tr>\n"; if ($defaultcharacterid > "0") { if (file_exists("$dirpath/backstage_rosterheadshot.php")) { print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=\"/backstage_rosterheadshot.php?username=".$defaultcharacterusername."\" border=0 hspace=5 vspace=5 /></a></td>\n"; } elseif (file_exists("$dirpath$headshot/$defaultcharacterusername.jpg")) { print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=".$headshot."/".$defaultcharacterusername.".jpg border=0 hspace=5 vspace=5 /></a></td>\n"; } elseif (file_exists("$dirpath$headshot/$defaultcharacterusername.gif")) { print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=".$headshot."/".$defaultcharacterusername.".gif border=0 hspace=5 vspace=5 /></a></td>\n"; } else { print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=".$headshot."/default.jpg border=0 hspace=5 vspace=5 /></a></td>\n"; } } else { print "<td width=".($bioheadwidth+10)." align=center><img src=".$headshot."/default.jpg border=0 hspace=5 vspace=5 /></td>\n"; } if ($isadmin == "1") { $query = "SELECT bio.id FROM efed_bio as bio WHERE bio.fed_id = '$fedid'"; $result = mysql_query ($query); $totalnumcharacters = mysql_numrows($result); $query = "SELECT c.id FROM efed_handler_characters as c INNER JOIN efed_handler as h ON ( h.id = c.handler_id ) WHERE h.fed_id = '$fedid'"; } else { $query = "SELECT c.id FROM efed_handler_characters as c INNER JOIN efed_handler as h ON ( h.id = c.handler_id ) WHERE h.id = '$userid' and h.fed_id = '$fedid'"; } $result = mysql_query ($query); $numavailablecharacters = mysql_numrows($result); if (($numavailablecharacters > "1") || (($isadmin == "1") && (isset($totalnumcharacters)) && ($totalnumcharacters > "0"))) { print "<td>"; print "<form method=POST name=changecharacter>\n"; print "<select name=newdefaultcharacterid class=dropdown onChange=\"executeformchangedefaultcharacter(document.changecharacter.newdefaultcharacterid.value);\">"; if ($defaultcharacterid > "0") { print "<option value=".$defaultcharacterid.">".$defaultcharactername; } else { print "<option value=0>- Select -"; } if ($isadmin == "1") { $query = "SELECT bio.id as getcharacterid, bio.charactername as getcharacter FROM efed_bio as bio WHERE bio.id <> '$defaultcharacterid' and bio.status_id = '1' and bio.fed_id = '$fedid' ORDER BY bio.charactername"; } else { $query = "SELECT bio.id as getcharacterid, bio.charactername as getcharacter FROM efed_bio as bio INNER JOIN efed_handler_characters as c ON ( bio.id = c.bio_id ) INNER JOIN efed_handler as h ON ( h.id = c.handler_id ) WHERE h.id = '$userid' and c.bio_id <> '$defaultcharacterid' and bio.status_id = '1' and bio.fed_id = '$fedid' and h.fed_id = '$fedid' ORDER BY bio.charactername"; } $result = mysql_query ($query); $numrows = mysql_numrows ($result); if ($numrows > 0) { if ($isadmin == "1") { print "<option value=0>** Active Characters **"; } while ($row = mysql_fetch_assoc($result)) { $fieldarray=array('getcharacterid','getcharacter'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $$fieldlabel=$row[$fieldlabel]; $$fieldlabel=cleanquerydata($$fieldlabel); } } print "<option value=".$getcharacterid.">".$getcharacter; } } if ($isadmin == "1") { $query = "SELECT bio.id as getcharacterid, bio.charactername as getcharacter FROM efed_bio as bio WHERE bio.id <> '$defaultcharacterid' and bio.status_id = '2' and bio.fed_id = '$fedid' ORDER BY bio.charactername"; } else { $query = "SELECT bio.id as getcharacterid, bio.charactername as getcharacter FROM efed_bio as bio INNER JOIN efed_handler_characters as c ON ( bio.id = c.bio_id ) INNER JOIN efed_handler as h ON ( h.id = c.handler_id ) WHERE h.id = '$userid' and c.bio_id <> '$defaultcharacterid' and bio.status_id = '2' and bio.fed_id = '$fedid' ORDER BY bio.charactername"; } $result = mysql_query ($query); $numrows = mysql_numrows($result); if ($numrows > "0") { print "<option value=0>** Inactive Characters **"; while ($row = mysql_fetch_assoc($result)) { $fieldarray=array('getcharacterid','getcharacter'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $$fieldlabel=$row[$fieldlabel]; $$fieldlabel=cleanquerydata($$fieldlabel); } } print "<option value=".$getcharacterid.">".$getcharacter; } } print "</select>\n"; print "</form>\n"; print "</td>\n"; } else { print "<td>".$defaultcharactername."</td>\n"; } print "<td width=40% valign=bottom align=right>\n"; print "<a href=\"#\" onClick=\"executeform('mainmenu','0');\">Home</a> | "; print "<a href=\"#\" onClick=\"executeform('logout','0');\">Logout</a> | "; print "<a target=\"_blank\" href=\"http://www.gcwonline.net/forums\">Forums</a> | "; print "<a target=\"_blank\" href=\"http://www.gcwonline.net/writing\">Writing Guide</a>"; print "</td>\n"; print "</tr>\n"; print "</table>\n"; print "</div>\n"; print "<div id=container2>\n"; print "<div id=nav>"; print "<form method=POST name=mainmenu>\n"; print "<input type=hidden name=action value=0>\n"; print "<input type=hidden name=option value=0>\n"; print "</form>\n"; print "<script type=\"text/javascript\" language=\"javascript\">\n"; print "function executeform(action,option) {\n"; print "document.mainmenu.action.value = action;\n"; print "document.mainmenu.option.value = option;\n"; print "document.mainmenu.submit();\n"; print "}\n"; print "</script>\n"; if ((isset($userid)) && ($userid > "0") && ($defaultcharacterid > "0")) { print "<h1>Character</h1>\n"; print "<ul>\n"; print "<li"; if (($action == "character") && ((isset($option)) && ($option == "2"))) { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('character','2');\">Bio</a></li>\n"; print "<li"; if (($action == "alliesrivals") && ((isset($option)) && ($option == "0"))) { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('alliesrivals','0');\">Allies</a></li>\n"; print "<li"; if (($action == "alliesrivals") && ((isset($option)) && ($option == "1"))) { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('alliesrivals','1');\">Rivals</a></li>\n"; print "<li"; if ($action == "quotes") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('quotes','0');\">Quotes</a></li>\n"; print "</ul>\n"; print "<h1>Submit</h1>\n"; print "<ul>\n"; print "<li"; if ($action == "roleplay") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('roleplay','0');\">Roleplay</a></li>\n"; print "<li"; if ($action == "news") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('news','0');\">News</a></li>\n"; print "<li"; if ($action == "submitmatch") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('submitmatch','0');\">Match</a></li>\n"; print "<li"; if ($action == "submitseg") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('submitseg','0');\">Seg</a></li>\n"; print "</ul>\n"; } if ((isset($isadmin)) && ($isadmin == "1")) { print "<h1>Booking</h1>\n"; print "<ul>\n"; print "<li"; if ($action == "champions") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('champions','0');\">Champions</a></li>\n"; print "<li"; if ($action == "eventbooker") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('eventbooker','0');\">Booker</a></li>\n"; print "<li"; if (($action == "resultscompilation") && ((isset($option)) && ($option == "0"))) { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('resultscompilation','0');\">Compiler</a></li>\n"; print "<li"; if (($action == "resultscompilation") && ((isset($option)) && ($option == "1"))) { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('resultscompilation','1');\">Archives</a></li>\n"; print "</ul>\n"; print "<h1>Fed Admin</h1>\n"; print "<ul>\n"; print "<li"; if ($action == "handler") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('handler','0');\">Handlers</a></li>\n"; print "<li"; if (($action == "character") && ((isset($option)) && ($option == "1"))) { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('character','1');\">Characters</a></li>\n"; print "<li"; if ($action == "manageapplications") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('manageapplications','0');\">Applications</a></li>\n"; print "<li"; if ($action == "eventname") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('eventname','0');\">Event Names</a></li>\n"; print "<li"; if ($action == "title") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('title','0');\">Title Names</a></li>\n"; print "<li"; if ($action == "division") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('division','0');\">Divisions</a></li>\n"; print "<li"; if ($action == "arenas") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('arenas','0');\">Arenas</a></li>\n"; print "</ul>\n"; print "<h1>Site Admin</h1>\n"; print "<ul>\n"; print "<li"; if ($action == "template") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('template','0');\">Templates</a></li>\n"; print "<li"; if ($action == "content") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('content','0');\">Content</a></li>\n"; print "<li"; if ($action == "biolayout") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('biolayout','0');\">Bio Configuration</a></li>\n"; print "<li"; if ($action == "newscategory") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('newscategory','0');\">News Categories</a></li>\n"; print "<li"; if ($action == "menustructures") { print " class=active"; } print "><a href=\"#\" onClick=\"executeform('menustructures','0');\">Menus</a></li>\n"; print "</ul>\n"; } print "</div>\n"; } print "<div id=content>\n"; } function customfieldinput($fedid,$id,$groupid,$styleid) { $query = "SELECT field.id as getfieldid, field.is_custom as getiscustom, field.fullname as getfullname, customfields.id as getcustomfieldid, customfields.varcharfield as getvarchar, customfields.textfield as gettext FROM efed_list_fields as field LEFT JOIN efed_content_customfields as customfields ON ( field.id = customfields.field_id and customfields.character_id = '$id' ) WHERE field.fed_id = '$fedid' and field.style_id = '$styleid' and field.group_id = '$groupid' and field.enabled = '1' and field.is_custom > '0' ORDER BY field.is_custom,field.fullname"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $fieldarray=array('getfieldid','getiscustom','getfullname','getvarchar','gettext','getcustomfieldid'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $$fieldlabel=$row[$fieldlabel]; $$fieldlabel=cleanquerydata($$fieldlabel); } } if ((isset($getcustomfieldid)) && ($getcustomfieldid > "0")) { $update = "update"; } else { $update = "new"; } if ($getiscustom == "1") { print "<tr>\n"; print "<td width=120 class=rowheading>".$getfullname.":</td>"; print "<td class=row3><textarea name=\"custom".$getfieldid.$update."\" class=\"textarea490x100\">"; if ((isset($gettext)) && ($gettext != "")) { print $gettext; } print "</textarea></td>\n"; print "</tr>\n\n"; } else { print "<tr>\n"; print "<td width=120 class=rowheading>".$getfullname.":</td>"; print "<td class=row3><input type=text name=\"custom".$getfieldid.$update."\" class=fieldtext490"; if ((isset($getvarchar)) && ($getvarchar != "")) { print " value=\"".$getvarchar."\""; } print "></td>\n"; print "</tr>\n\n"; } if (isset($getcustomfieldid)) { unset ($getcustomfieldid); } if (isset($getvarchar)) { unset ($getvarchar); } if (isset($gettext)) { unset ($gettext); } } } function mainscreen() { print "<font size=5><b>GCW Backstage</b></font><br /><br />\n"; print "<b>Tips and Tricks:</b><br />\n"; print "-Be Sure to Capitalize the First Letter of Each Major Word in News Posts and RP Titles<br />\n"; print "-Keep news article titles short and sweet. The only punctuation you need is a question mark at the end of rumor posts<br />\n"; print "-For the love of God, proofread your news articles<br />\n"; print "-Don't forget to keep your bio updated<br />\n"; print "-Don't forget to include the seg slot number of every show submission in the 'Notes to Card Compiler' section<br /><br />\n"; print "<font size=3><b><a href=\"/writing\">Read the GCW Writing Guide</a></b></font><br />\n"; } function footercode() { print "<div id=\"footer\">GCW Backstage. Backstage 2 © Ross Fynmore 2006</div>\n"; print "</div>\n"; print "</div>\n"; print "</div>\n"; print "</body>\n"; print "</html>\n"; exit; } function biogroupmemberold($folder,$headshot,$bioviewer,$bioheadwidth,$bioheadheight,$user,$wrestler,$hometown,$height,$weight) { $template = "<table>\n"; $template .= "<tr>\n"; $template .= "<td valign=center>\n"; if (file_exists("backstage_rosterheadshot.php")) { $template .= "<a href=".$folder."/".$bioviewer."?username=".$user." target=_top>"; $template .= "<img src=\"backstage_rosterheadshot.php?username=".$user."\" border=1 align=left width=".$bioheadwidth." height=".$bioheadheight." /><a/></td><td>\n"; } elseif (file_exists("$dirpath$headshot/$user.jpg")) { $template .= "<a href=".$folder."/".$bioviewer."?username=".$user." target=_top>"; $template .= "<img src=".$folder.$headshot."/".$user.".jpg border=1 align=left width=".$bioheadwidth." height=".$bioheadheight." /><a/></td><td>\n"; } $template .= "<a href=".$folder."/".$bioviewer."?username=".$user." target=_top><b>".$wrestler."</b></a><br />\n"; $template .= "<table border=0 cellpadding=0 cellspacing=0>\n"; $template .= "<tr>\n"; $template .= "<td width=100 valign=top>Hometown:</td>\n"; $template .= "<td>".$hometown."</td>\n"; $template .= "</tr>\n"; $template .= "<tr>\n"; $template .= "<td valign=top>Height:</td>\n"; $template .= "<td>".$height."</td>\n"; $template .= "</tr>\n"; $template .= "<tr>\n"; $template .= "<td valign=top>Weight:</td>\n"; $template .= "<td>".$weight." lbs.</td>\n"; $template .= "</tr>\n"; $template .= "</table>\n"; $template .= "</td>\n"; $template .= "</tr>\n"; $template .= "</table>\n"; return ($template); } function contentpage($fedid,$id) { $query = "SELECT content.content as content, content.linebreaks as linebreaks FROM efed_site_content as content WHERE content.id = '$id' and content.visible = 'yes' and content.fed_id = '$fedid'"; $result = mysql_query ($query); while ($row = mysql_fetch_assoc($result)) { $fieldarray=array('content','linebreaks'); foreach ($fieldarray as $fieldlabel) { if (isset($row[$fieldlabel])) { $$fieldlabel=$row[$fieldlabel]; $$fieldlabel=cleanquerydata($$fieldlabel); } } if ($linebreaks == "yes") {$content=nl2br($content);} eval("?>$content<?"); } } ?> Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted November 23, 2009 Author Share Posted November 23, 2009 Its the mainscreen function. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.