Jump to content

Showing A Few Things that shouldn't be showing

Xtremer360

By Xtremer360
in PHP Coding Help

 Share

Recommended Posts

Xtremer360 Advanced Member

Xtremer360

Posted
Posted

To show what is happening I have this going on:

 

http://defiantwrestling.net/backstage/backstage.php

 

I don't have my DB set up yet but that all bottom part shouldn't be showing anyway until after the user logs in. Don't know why it's loading.

 

<?php
ob_start("ob_gzhandler");  // cache system

require "backstageconfig.php";
require "backstagefunctions.php";

if ((!empty($_POST)) && (isset($_POST['action']))) 
{
	$action=$_POST{'action'};
} 
else
{
	$action="mainmenu";
}

if ((isset($_POST['uname'])) && (isset($_POST['pword'])))
{
	$uname=$_POST{'uname'};
	$pword=md5($_POST{'pword'});
	validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
	$action="mainmenu";
}
elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword']))))
{
	require_once "backstage_libs/login.php";
	login($admincssfile,$fed,$url);
}
else
{
	$uname=$_COOKIE["uname"];
	$pword=$_COOKIE["pword"];
	validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);

	if (isset($_POST['newdefaultcharacterid']))
	{
		$newdefaultcharacterid = (integer)$_POST["newdefaultcharacterid"];
		$query = "UPDATE
				efed_handler
			SET
				default_char_id = '$newdefaultcharacterid'
			WHERE
				login = '$uname' and
				fed_id = '$fedid'"; 
		mysql_db_query($dbname, $query) or Die (mysql_error());
	}
}

$query = "SELECT
		h.id as userid,
		h.surname as surname,
		h.firstname as firstname,
		h.isadmin as isadmin,
		newscat.id as defaultcategoryid,
		bio.id as defaultcharacterid,
		bio.style_id as styleid,
		bio.username as defaultcharacterusername,
		bio.charactername as defaultcharactername,
		styles.name as style
	FROM
		efed_handler as h
	LEFT JOIN
		efed_bio as bio
	ON
		(
			h.default_char_id = bio.id and
			bio.fed_id = '$fedid'
		)
	LEFT JOIN
		efed_list_styles as styles
	ON
		(
			bio.style_id = styles.id and
			bio.fed_id = '$fedid'
		)
	LEFT JOIN
		efed_list_newscategory as newscat
	ON
		(
			h.default_news_id = newscat.id and
			newscat.fed_id = '$fedid'
		)
	WHERE
		h.login = '$uname' and
		h.password = '$pword' and
		h.fed_id = '$fedid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$fieldarray=array('userid','surname','firstname','isadmin','defaultcharacterid','defaultcharacterusername','defaultcharactername','defaultcategoryid','styleid','username','style','charactername');
	foreach ($fieldarray as $fieldlabel)
	{
		if (isset($row[$fieldlabel])) 
		{ 
			$$fieldlabel=$row[$fieldlabel];
			$$fieldlabel=cleanquerydata($$fieldlabel);
		}
	}
}

if ($action != "logout")
{
	headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums);
}
else
{
	headercode($fedid,$admincssfile,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
}
// print "<center>\n";

switch ($action)	
{
	case "mainmenu":
		mainscreen();
		print "</div>\n";
		footercode();
		break;

	case "login":
		require_once "backstage_libs/login.php";
		login($admincssfile,$fed,$url);
		break;

	case "handler":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/handler.php";
			handler($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$ip); 
		}
		break;

	case "character":
		require_once "backstage_libs/character.php";
		character($fedid,$uname,$pword,$userid,$dirpath,$isadmin,$admincssfile,$dbname,$sortorderarray,$iframe,$defaultcharacterid,$styleid,$defaultcharacterusername,$heatmetersenabled,$heatmeters);
		break;

	case "newscategory":
		if ($isadmin == "1") 
		{
			require_once "backstage_libs/newscategory.php";
			newscategory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$targetarray); 
		}
		break;

	case "news":
		require_once "backstage_libs/news.php";
		news($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcategoryid,$ip,$defaultcharacterid,$defaultcharactername);
		break;

	case "content":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/content.php";
			content($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "template":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/template.php";
			template($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "biolayout":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/biolayout.php";
			biolayout($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "quotes":
		require_once "backstage_libs/quotes.php";
		quotes($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
		break;

	case "alliesrivals":
		require_once "backstage_libs/alliesrivals.php";
		alliesrivals($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$numalliesrivals,$defaultcharacterid,$defaultcharactername,$defaultcharacterusername);
		break;

	case "roleplay":
		require_once "backstage_libs/roleplay.php";
		roleplay($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
		break;

	case "champions":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/champions.php";
			champions($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "title":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/title.php";
			title($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "titlehistory":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/titlehistory.php";
			titlehistory($uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "division":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/division.php";
			division($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "eventname":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/eventname.php";
			eventname($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
		}
		break;

	case "eventbooker":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/eventbooker.php";
			eventbooker($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); 
		}
		break;

	case "submitmatch":
		require_once "backstage_libs/submitmatch.php";
		submitmatch($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
		break;

	case "submitseg":
		require_once "backstage_libs/submitseg.php";
		submitseg($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
		break;

	case "resultscompilation":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/resultscompilation.php";
			resultscompilation($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); 
		}
		break;

	case "resultsediting":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/resultsediting.php";
			resultsediting($uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); 
		}
		break;

	case "menustructures":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/menustructures.php";
			menustructures($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); 
		}
		break;

	case "arenas":
		if ($isadmin == "1") 
		{ 
			require_once "backstage_libs/arenas.php";
			arenas($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url); 
		}
		break;

	case "manageapplications":
		if ($isadmin == "1") 
		{
			require_once "backstage_libs/manageapplications.php";
			manageapplications($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url);
		}
		break;

	case "logout":
		SetCookie ("uname", "");
		SetCookie ("pword", "");
		require_once "backstage_libs/login.php";
		login($admincssfile,$fed,$url);
		break;

	default:
		print "Default Screen<br />";
		footercode();
		break;
}
exit;
?>

Link to comment
Share on other sites
Xtremer360 Advanced Member

Xtremer360

Posted
  • Author
Posted 
<?php 
function cleanquerydata($field)
{
$field = stripslashes($field);
$field = str_replace ( '&', '&', $field );
$field = str_replace ( '<', '<', $field );
$field = str_replace ( '>', '>', $field );
$field = str_replace ( '"', '"', $field );
$field = str_replace ( '…', '&#133;', $field );
$field = str_replace ( '’', '&#146;', $field );
$field = str_replace ( '‘', '&#145;', $field );
$field = str_replace ( '“', '&#34;', $field );
$field = str_replace ( '”', '&#34;', $field );
$field = str_replace ( '–', '&#8211;', $field );
// $field = strip_tags($field);
return $field;
}

function cleanformdata($field)
{
$field = stripslashes($field);
$field = htmlspecialchars($field);
$field = str_replace ( '\'', '&#039;', $field );
return $field;
}


function convertdate($date)
{
list ($year, $month, $day) = split ('-', $date);
$date=trim($day)."-".trim($month)."-".trim($year);
return $date;
}

function validate($fedid, $uname, $pword, $userid, $isadmin, $cookiedomain, $cookiepath, $admincssfile)
{
$badcharacters=array('\'','<','>','&','=',' ');
foreach ($badcharacters as $badcharacter)
{
	if (preg_match("/[$badcharacter]/i", "$uname"))
	{ 
		SetCookie ( "uname", "");
		SetCookie ( "pword", "");

		print "<h1 class=backstage>Authentication Error!</h1><br />\n";

		print "Error: Invalid Login Details!<br /><br />";

		print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

		print "</center></div></div>\n";
		print "</div>\n";
		print "</div>\n";
		print "</body>\n";
		print "</html>\n";
		exit;
	}
} 


$query = "SELECT
		h.password as password,
		h.enabled as enabled
	FROM
		efed_handler as h
	WHERE
		h.login = '$uname' and
		h.fed_id = '$fedid'"; 
$result = mysql_query ($query); 
$num = mysql_numrows( $result );

if ($num != "1")
{
	SetCookie ( "uname", "");
	SetCookie ( "pword", "");

	print "<h1 class=backstage>Authentication Error!</h1><br />\n";

	print "Error: Invalid Username!<br /><br />";

	print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

	print "</center></div></div>\n";
	footercode();
	exit;
}

while ($row = mysql_fetch_assoc($result))
{
	$password=$row['password'];
	$enabled=$row['enabled'];
}

if ($pword != $password)
{
	SetCookie ( "uname", "");
	SetCookie ( "pword", "");

	print "<h1 class=backstage>Authentication Error!</h1><br />\n";

	print "Error: Invalid Password<br /><br />";

	print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

	print "</center></div>\n";
	footercode();
	exit;
}

if ($enabled == "0")
{
	SetCookie ( "uname", "");
	SetCookie ( "pword", "");

	print "<h1 class=backstage>Login Error!</h1><br />\n";

	print "Error: This Account has been deactivated. Please contact the site administrator.<br /><br />";

	print "<form method=POST><input type=hidden name=action value=login><input type=submit value=\"Return to Login Screen\" class=button></form><br />\n";

	print "</center></div>\n";
	footercode();
	exit;
}

SetCookie( "uname", $uname, 0, $cookiepath, $cookiedomain);
SetCookie( "pword", $pword, 0, $cookiepath, $cookiedomain);

// SetCookie( "uname", $uname, time()+1000000, $cookiepath, $cookiedomain);
// SetCookie( "pword", $pword, time()+1000000, $cookiepath, $cookiedomain);
}

function returnmain() 
{
print "<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value=\"Return to Main Menu\" class=button200></form></h2>\n";
print "</center></div>\n";
}

function randomquote($dirpath,$headshot,$bioheadheight,$bioheadwidth)
{
$query = "SELECT
		bio.username as username,
		bio.charactername as charactername,
		quotes.quote as quote
	FROM
		efed_bio as bio
	INNER JOIN
		efed_bio_quotes as quotes
	ON
		(
			bio.id = quotes.bio_id
		)
	WHERE
		bio.status_id = '1'
	ORDER BY
		rand()
	LIMIT
		1"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$username=cleanquerydata($row['username']);
	$charactername=cleanquerydata($row['charactername']);
	$quote=cleanquerydata($row['quote']);
}

$randomquote = "<a href=\"/bio.php?username=".$username."\" title=\"View ".$charactername."'s Biography\">";

if (file_exists("$dirpath/backstage_rosterheadshot.php"))
{
	$randomquote .= "<img src=\"/backstage_rosterheadshot.php?username=".$username."\" height=\"".$bioheadheight."\" width=\"".$bioheadwidth."\" border=\"0\">";	
}
else
{
	if (file_exists("$dirpath$headshot/$username.jpg"))
	{
		$randomquote .= "<img src=\"".$headshot."/".$username.".jpg\" height=\"".$bioheadheight."\" width=\"".$bioheadwidth."\" border=\"0\">";
	}
	else
	{
		$randomquote .= "<img src=\"".$headshot."/default.jpg\" height=\"".$bioheadheight."\" width=\"".$bioheadwidth."\" border=\"0\">";
	}
}
$randomquote .= "</a><br /><br />";
$randomquote .= strip_tags($quote);
$randomquote .= "<br /><br />";
$randomquote .= $charactername;
$randomquote .= "<br /><br />";

print $randomquote;
}

function getcharactername($userid)
{
$query = "SELECT
		bio.charactername as charactername
	FROM
		efed_bio as bio
	WHERE
		bio.id = '$userid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$character=cleanquerydata($row['charactername']);
}
return $character;
}

function getcharactershortname($username)
{
$query = "SELECT
		bio.charactershortname as charactershortname
	FROM
		efed_bio as bio
	WHERE
		bio.username = '$username'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$charactershortname=cleanquerydata($row['charactershortname']);
}
return $charactershortname;
}

function getgroupname($groupid)
{
$query = "SELECT
		fieldgroups.name as getname
	FROM
		efed_list_customfield_groups as fieldgroups
	WHERE
		fieldgroups.id = '$groupid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$getname=cleanquerydata($row['getname']);
}
return $getname;
}

function getcontentname($contentid)
{
$query = "SELECT
		content.description as contentname
	FROM
		efed_site_content as content
	WHERE
		content.id = '$contentid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$contentname=cleanquerydata($row['contentname']);
}
return $contentname;
}

function getusername($userid)
{
$query = "SELECT
		bio.username as username
	FROM
		efed_bio as bio
	WHERE
		bio.id = '$userid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$username=cleanquerydata($row['username']);
}
return $username;
}

function checkcharacter($fedid,$userid,$defaultcharacterid)
{
$query = "SELECT
		handler.id as handlerid
	FROM
		efed_handler_characters as handler
	INNER JOIN
		efed_handler as h
	ON
		(
			h.id = handler.handler_id
		)
	WHERE
		handler.handler_id = '$userid' and
		handler.bio_id = '$defaultcharacterid' and
		h.fed_id = '$fedid'"; 
$result = mysql_query ($query); 
$numrows = mysql_numrows($result);
return $numrows;
}


function confirmhandlerloginname($fedid,$characterid,$loginname)
{
$query = "SELECT
		handler.login as loginname
	FROM
		efed_handler as handler
	INNER JOIN
		efed_handler_characters as ehc
	ON
		(
			handler.id = ehc.handler_id
		)
	WHERE
		ehc.bio_id = '$characterid' and
		handler.login = '$loginname' and
		handler.fed_id = '$fedid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$loginname=cleanquerydata($row['loginname']);
}
return $loginname;
}

function getuserid($username)
{
$query = "SELECT
		bio.id as userid
	FROM
		efed_bio as bio
	WHERE
		bio.username = '$username'"; 
$result = mysql_query ($query); 
$numrows = mysql_numrows($result);
if ($numrows > 0)
{
	while ($row = mysql_fetch_assoc($result))
	{
		$userid=cleanquerydata($row['userid']);
	}
}
else
{
	$userid = 0;
}
return $userid;
}

function getstylename($styleid)
{
$query = "SELECT
		style.name as stylename
	FROM
		efed_list_styles as style
	WHERE
		style.id = '$styleid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$style=cleanquerydata($row['stylename']);
	return $style;
}
}

function getdivisionname($divisionid)
{
$query = "SELECT
		divis.name as division
	FROM
		efed_list_divisions as divis
	WHERE
		divis.id = '$divisionid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$division=cleanquerydata($row['division']);
	return $division;
}
}

function getstatusname($statusid)
{
$query = "SELECT
		s.name as status
	FROM
		efed_list_status as s
	WHERE
		s.id = '$statusid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$status=cleanquerydata($row['status']);
	return $status;
}

}

function getbookingstatusname($statusid)
{
$query = "SELECT
		ele.statusname as showstatus
	FROM
		efed_list_eventstatus as ele
	WHERE
		ele.id = '$statusid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$showstatus=cleanquerydata($row['showstatus']);
	return $showstatus;
}
}

function getalignmentname($alignmentid)
{
$query = "SELECT
		alignment.name as alignmentname
	FROM
		efed_list_alignment as alignment
	WHERE
		alignment.id = '$alignmentid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$alignmentname=cleanquerydata($row['alignmentname']);
	return $alignmentname;
}
}

function geteventname($bookingid)
{
$query = "SELECT
		ecb.label as label,
		esn.name as showname
	FROM
		efed_content_booking as ecb
	INNER JOIN
		efed_list_shownames as esn
	ON
		(
			ecb.event_id = esn.id				
		)
	WHERE
		ecb.id = '$bookingid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$showname=cleanquerydata($row['showname']);
	$label=cleanquerydata($row['label']);
	return ($showname.": ".$label);
}
}

function getmatchname($matchid)
{
$query = "SELECT
		em.name as matchname
	FROM
		efed_content_matchseg as em
	WHERE
		em.id = '$matchid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$matchname=cleanquerydata($row['matchname']);
	return $matchname;
}
}

function getsegname($contentid)
{
$query = "SELECT
		ecs.segname as segname
	FROM
		efed_content_showcontents as ecs
	WHERE
		ecs.id = '$contentid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$segname=cleanquerydata($row['segname']);
	return $segname;
}
}

function getmatchwriter($fedid,$matchwriterid)
{
$query = "SELECT
		handler.surname as gethandlersurname,
		handler.firstname as gethandlerfirstname
	FROM
		efed_handler as handler
	WHERE
		handler.id = '$matchwriterid' and
		handler.fed_id = '$fedid'";
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$matchwriter=cleanquerydata($row['gethandlersurname']).", ".cleanquerydata($row['gethandlerfirstname']);
	return $matchwriter;
}
}

function getrpname($rpid)
{
$query = "SELECT
		rps.title as rpname
	FROM
		efed_content_roleplays as rps
	WHERE
		rps.id = '$rpid'";
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$rpname=cleanquerydata($row['rpname']);
	return $rpname;
}
}

function gettitlename($titleid)
{
$query = "SELECT
		titles.name as titlename
	FROM
		efed_list_titles as titles
	WHERE
		titles.id = '$titleid'";
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$titlename=cleanquerydata($row['titlename']);
	return $titlename;
}
}

function gettemplatename($templateid)
{
$query = "SELECT
		t.description as template
	FROM
		efed_site_templates as t
	WHERE
		t.id = '$templateid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$template=cleanquerydata($row['template']);
	return $template;
}
}

function getmatchstatusname($statusid)
{
$query = "SELECT
		s.name as status
	FROM
		efed_list_matchstatus as s
	WHERE
		s.id = '$statusid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$status=cleanquerydata($row['status']);
	return $status;
}

}

function latestpromo($fedid,$qty,$direction,$promoarchivetarget,$folder,$dirpath,$lp,$lpwidth,$lpheight)
{
// $direction:  h=horizontal, v=vertical

$query = "SELECT
		rp.id as rpid,
		rp.title as rp_title,
		bio.username as username,
		bio.charactername as charactername
	FROM
		efed_content_roleplays as rp
	INNER JOIN
		efed_bio as bio
	ON
		(
			rp.bio_id = bio.id
		)
	WHERE
		rp.fed_id = '$fedid'
	ORDER BY
		rp.id desc
	LIMIT ".$qty;
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$fieldarray=array('rpid','rp_title','username','charactername');
	foreach ($fieldarray as $fieldlabel)
	{
		if (isset($row[$fieldlabel])) 
		{ 
			$$fieldlabel=$row[$fieldlabel];
			$$fieldlabel=cleanquerydata($$fieldlabel);
		}
	}

	if ($promoarchivetarget != "ajax")
	{
		print "<a target=".$promoarchivetarget." href=\"".$folder."/content.php?p=rp&rp=".$rpid."\" title=\"".$rp_title."\nA new promo by: ".$charactername."\">";
	}
	else
	{
		print "<a title=\"".$rp_title."\nA new promo by: ".$charactername."\" href=\"#top\" onClick=\"ajaxpage('".$folder."/content.php?p=rp&rp=".$rpid."&ajax=yes','ajax');\">";
	}

	if (file_exists("$dirpath/backstage_lpheadshot.php"))
	{
		print "<img src=\"/backstage_lpheadshot.php?username=".$username."\" border=\"0\" width=\"".$lpwidth."\" height=\"".$lpheight."\">";
	}
	else
	{
		if (file_exists("$dirpath$lp/$username.jpg"))
		{
			print "<img src=\"".$lp."/".$username.".jpg\" border=\"0\" width=\"".$lpwidth."\" height=\"".$lpheight."\">";
		}
		else
		{
			print "<img src=\"".$lp."/default.jpg\" border=0 width=\"".$lpwidth."\" height=\"".$lpheight."\">";
		}
	}
	print "</a>";
	if ($direction == "v") { print "<br />\n"; }
}

}

function getcategoryname($categoryid)
{
$query = "SELECT
		newscat.categoryname as categoryname
	FROM
		efed_list_newscategory as newscat
	WHERE
		newscat.id = '$categoryid'"; 
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$categoryname=cleanquerydata($row['categoryname']);
	return $categoryname;
}
}

function getnewsdate($postid)
{
$query = "SELECT
		date_format(news.postdate,'%d-%b-%Y') as postdate
	FROM
		efed_content_news as news
	WHERE
		news.id = '$postid'";
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$postdate=$row['postdate'];
	return $postdate;
}
}

function getnewsdateraw($postid)
{
$query = "SELECT
		news.postdate as postdate
	FROM
		efed_content_news as news
	WHERE
		news.id = '$postid'";
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$postdate=$row['postdate'];
	return $postdate;
}
}

function headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums)
{
if (isset($_POST['option'])) { $option=$_POST['option']; }

// print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n";

print "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"\n";
print "\"http://www.w3.org/TR/html4/loose.dtd\">\n";
print "<html>\n";
print "<head>\n";
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
print "<meta http-equiv=\"Content-Style-Type\" content=\"text/css\">\n";
print "<meta http-equiv=\"Content-Language\" content=\"en-us\">\n";
print "<meta name=\"language\" content=\"en-us\">\n";
print "<title>Backstage V2 Administration Console</title>\n";

print "<link rel=\"stylesheet\" href=\"".$admincssfile."\" type=\"text/css\" media=\"screen\">\n";
$admincssfile = str_replace(".css", "_print.css", "$admincssfile");
print "<link rel=\"stylesheet\" href=\"".$admincssfile."\" type=\"text/css\" media=\"print\">\n";

print "<script src=\"/jscripts/scriptaculous/prototype.js\" type=\"text/javascript\"></script>\n";
print "<script src=\"/jscripts/scriptaculous/scriptaculous.js\" type=\"text/javascript\"></script>\n";
print "<script type=\"text/javascript\" src=\"./jscripts/ajax.js\"></script>\n";

print "</head>\n";
print "<body>\n";
print "<div id=container>\n";
print "<div class=header>";
print "<form method=POST name=changedefaultcharacter>\n";
print "<input type=hidden name=action value=mainmenu>\n";
print "<input type=hidden name=newdefaultcharacterid value=0>\n";
print "</form>\n";

print "<script type=\"text/javascript\" language=\"javascript\">\n"; 
print "function executeformchangedefaultcharacter(newdefaultcharacterid) {\n";
print "document.changedefaultcharacter.newdefaultcharacterid.value = newdefaultcharacterid;\n";
print "document.changedefaultcharacter.submit();\n";
print "}\n";
print "</script>\n";

if ((isset($userid)) && ($userid > "0"))
{
	print "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width=\"95%\">\n";
	print "<tr>\n";
	if ($defaultcharacterid > "0")
	{
		if (file_exists("$dirpath/backstage_rosterheadshot.php"))
		{
			print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=\"/backstage_rosterheadshot.php?username=".$defaultcharacterusername."\" border=0  hspace=5 vspace=5 /></a></td>\n";			
		}
		elseif (file_exists("$dirpath$headshot/$defaultcharacterusername.jpg"))
		{
			print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=".$headshot."/".$defaultcharacterusername.".jpg border=0 hspace=5 vspace=5 /></a></td>\n";
		}
		elseif (file_exists("$dirpath$headshot/$defaultcharacterusername.gif"))
		{
			print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=".$headshot."/".$defaultcharacterusername.".gif border=0 hspace=5 vspace=5 /></a></td>\n";
		}
		else
		{
			print "<td width=".($bioheadwidth+10)." align=center><a target=_blank href=".$folder."/bio.php?username=".$defaultcharacterusername."><img src=".$headshot."/default.jpg border=0 hspace=5 vspace=5 /></a></td>\n";
		}
	}
	else
	{
			print "<td width=".($bioheadwidth+10)." align=center><img src=".$headshot."/default.jpg border=0 hspace=5 vspace=5 /></td>\n";
	}

	if ($isadmin == "1")
	{
		$query = "SELECT
				bio.id
			FROM
				efed_bio as bio
			WHERE
				bio.fed_id = '$fedid'"; 
		$result = mysql_query ($query); 
		$totalnumcharacters = mysql_numrows($result);

		$query = "SELECT
				c.id
			FROM
				efed_handler_characters as c
			INNER JOIN
				efed_handler as h
			ON
				(
					h.id = c.handler_id
				)
			WHERE
				h.fed_id = '$fedid'"; 
	}
	else
	{	
		$query = "SELECT
				c.id
			FROM
				efed_handler_characters as c
			INNER JOIN
				efed_handler as h
			ON
				(
					h.id = c.handler_id
				)
			WHERE
				h.id = '$userid' and
				h.fed_id = '$fedid'"; 
	}
	$result = mysql_query ($query); 
	$numavailablecharacters = mysql_numrows($result);
	if (($numavailablecharacters > "1") || (($isadmin == "1") && (isset($totalnumcharacters)) && ($totalnumcharacters > "0")))
	{
		print "<td>";
		print "<form method=POST name=changecharacter>\n";
		print "<select name=newdefaultcharacterid class=dropdown onChange=\"executeformchangedefaultcharacter(document.changecharacter.newdefaultcharacterid.value);\">";

		if ($defaultcharacterid > "0")
		{
			print "<option value=".$defaultcharacterid.">".$defaultcharactername;
		}
		else
		{
			print "<option value=0>- Select -";
		}

		if ($isadmin == "1")
		{
			$query = "SELECT
					bio.id as getcharacterid,
					bio.charactername as getcharacter
				FROM
					efed_bio as bio
				WHERE
					bio.id <> '$defaultcharacterid' and
					bio.status_id = '1' and
					bio.fed_id = '$fedid'
				ORDER BY
					bio.charactername"; 
		}
		else
		{
			$query = "SELECT
					bio.id as getcharacterid,
					bio.charactername as getcharacter
				FROM
					efed_bio as bio
				INNER JOIN
					efed_handler_characters as c
				ON
					(
						bio.id = c.bio_id						
					)
				INNER JOIN
					efed_handler as h
				ON
					(
						h.id = c.handler_id
					)
				WHERE
					h.id = '$userid' and
					c.bio_id <> '$defaultcharacterid' and
					bio.status_id = '1' and
					bio.fed_id = '$fedid' and
					h.fed_id = '$fedid'
				ORDER BY
					bio.charactername"; 
		}
		$result = mysql_query ($query); 
		$numrows = mysql_numrows ($result);
		if ($numrows > 0)
		{
			if ($isadmin == "1")
			{
				print "<option value=0>** Active Characters **";
			}

			while ($row = mysql_fetch_assoc($result))
			{
				$fieldarray=array('getcharacterid','getcharacter');
				foreach ($fieldarray as $fieldlabel)
				{
					if (isset($row[$fieldlabel])) 
					{ 
						$$fieldlabel=$row[$fieldlabel];
						$$fieldlabel=cleanquerydata($$fieldlabel);
					}
				}
				print "<option value=".$getcharacterid.">".$getcharacter;
			}
		}

		if ($isadmin == "1")
		{
			$query = "SELECT
					bio.id as getcharacterid,
					bio.charactername as getcharacter
				FROM
					efed_bio as bio
				WHERE
					bio.id <> '$defaultcharacterid' and
					bio.status_id = '2' and
					bio.fed_id = '$fedid'
				ORDER BY
					bio.charactername"; 
		}
		else
		{
			$query = "SELECT
					bio.id as getcharacterid,
					bio.charactername as getcharacter
				FROM
					efed_bio as bio
				INNER JOIN
					efed_handler_characters as c
				ON
					(
						bio.id = c.bio_id						
					)
				INNER JOIN
					efed_handler as h
				ON
					(
						h.id = c.handler_id
					)
				WHERE
					h.id = '$userid' and
					c.bio_id <> '$defaultcharacterid' and
					bio.status_id = '2' and
					bio.fed_id = '$fedid'
				ORDER BY
					bio.charactername"; 
		}
		$result = mysql_query ($query); 
		$numrows = mysql_numrows($result);
		if ($numrows > "0")
		{
			print "<option value=0>** Inactive Characters **";	
			while ($row = mysql_fetch_assoc($result))
			{
				$fieldarray=array('getcharacterid','getcharacter');
				foreach ($fieldarray as $fieldlabel)
				{
					if (isset($row[$fieldlabel])) 
					{ 
						$$fieldlabel=$row[$fieldlabel];
						$$fieldlabel=cleanquerydata($$fieldlabel);
					}
				}
				print "<option value=".$getcharacterid.">".$getcharacter;
			}
		}
		print "</select>\n";
		print "</form>\n";
		print "</td>\n";
	}
	else
	{
		print "<td>".$defaultcharactername."</td>\n";
	}

	print "<td width=40% valign=bottom align=right>\n";
	print "<a href=\"#\" onClick=\"executeform('mainmenu','0');\">Home</a> | ";
	print "<a href=\"#\" onClick=\"executeform('logout','0');\">Logout</a> | ";
	print "<a target=\"_blank\" href=\"http://www.gcwonline.net/forums\">Forums</a> | ";
	print "<a target=\"_blank\" href=\"http://www.gcwonline.net/writing\">Writing Guide</a>";
	print "</td>\n";
	print "</tr>\n";
	print "</table>\n";
	print "</div>\n";

	print "<div id=container2>\n";

	print "<div id=nav>";
	print "<form method=POST name=mainmenu>\n";
	print "<input type=hidden name=action value=0>\n";
	print "<input type=hidden name=option value=0>\n";
	print "</form>\n";

	print "<script type=\"text/javascript\" language=\"javascript\">\n"; 
	print "function executeform(action,option) {\n";
	print "document.mainmenu.action.value = action;\n";
	print "document.mainmenu.option.value = option;\n";
	print "document.mainmenu.submit();\n";
	print "}\n";
	print "</script>\n";

	if ((isset($userid)) && ($userid > "0") && ($defaultcharacterid > "0"))
	{
		print "<h1>Character</h1>\n";
		print "<ul>\n";
		print "<li";
		if (($action == "character") && ((isset($option)) && ($option == "2"))) { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('character','2');\">Bio</a></li>\n";
		print "<li";
		if (($action == "alliesrivals") && ((isset($option)) && ($option == "0"))) { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('alliesrivals','0');\">Allies</a></li>\n";
		print "<li";
		if (($action == "alliesrivals") && ((isset($option)) && ($option == "1"))) { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('alliesrivals','1');\">Rivals</a></li>\n";
		print "<li";
		if ($action == "quotes") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('quotes','0');\">Quotes</a></li>\n";
		print "</ul>\n";

		print "<h1>Submit</h1>\n";
		print "<ul>\n";
		print "<li";
		if ($action == "roleplay") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('roleplay','0');\">Roleplay</a></li>\n";
		print "<li";
		if ($action == "news") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('news','0');\">News</a></li>\n";
		print "<li";
		if ($action == "submitmatch") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('submitmatch','0');\">Match</a></li>\n";
		print "<li";
		if ($action == "submitseg") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('submitseg','0');\">Seg</a></li>\n";
		print "</ul>\n";
	}

	if ((isset($isadmin)) && ($isadmin == "1"))
	{
		print "<h1>Booking</h1>\n";
		print "<ul>\n";
		print "<li";
		if ($action == "champions") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('champions','0');\">Champions</a></li>\n";
		print "<li";
		if ($action == "eventbooker") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('eventbooker','0');\">Booker</a></li>\n";
		print "<li";
		if (($action == "resultscompilation") && ((isset($option)) && ($option == "0"))) { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('resultscompilation','0');\">Compiler</a></li>\n";
		print "<li";
		if (($action == "resultscompilation") && ((isset($option)) && ($option == "1"))) { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('resultscompilation','1');\">Archives</a></li>\n";
		print "</ul>\n";

		print "<h1>Fed Admin</h1>\n";
		print "<ul>\n";
		print "<li";
		if ($action == "handler") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('handler','0');\">Handlers</a></li>\n";
		print "<li";
		if (($action == "character") && ((isset($option)) && ($option == "1"))) { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('character','1');\">Characters</a></li>\n";
		print "<li";
		if ($action == "manageapplications") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('manageapplications','0');\">Applications</a></li>\n";
		print "<li";
		if ($action == "eventname") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('eventname','0');\">Event Names</a></li>\n";
		print "<li";
		if ($action == "title") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('title','0');\">Title Names</a></li>\n";
		print "<li";
		if ($action == "division") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('division','0');\">Divisions</a></li>\n";
		print "<li";
		if ($action == "arenas") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('arenas','0');\">Arenas</a></li>\n";
		print "</ul>\n";

		print "<h1>Site Admin</h1>\n";
		print "<ul>\n";
		print "<li";
		if ($action == "template") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('template','0');\">Templates</a></li>\n";
		print "<li";
		if ($action == "content") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('content','0');\">Content</a></li>\n";
		print "<li";
		if ($action == "biolayout") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('biolayout','0');\">Bio Configuration</a></li>\n";
		print "<li";
		if ($action == "newscategory") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('newscategory','0');\">News Categories</a></li>\n";
		print "<li";
		if ($action == "menustructures") { print " class=active"; }
		print "><a href=\"#\" onClick=\"executeform('menustructures','0');\">Menus</a></li>\n";
		print "</ul>\n";
	}
	print "</div>\n";
}

print "<div id=content>\n";
}

function customfieldinput($fedid,$id,$groupid,$styleid)
{
$query = "SELECT
		field.id as getfieldid,
		field.is_custom as getiscustom,
		field.fullname as getfullname,
		customfields.id as getcustomfieldid,
		customfields.varcharfield as getvarchar,
		customfields.textfield as gettext
	FROM
		efed_list_fields as field
	LEFT JOIN
		efed_content_customfields as customfields
	ON
		(
			field.id = customfields.field_id and
			customfields.character_id = '$id'
		)
	WHERE
		field.fed_id = '$fedid' and
		field.style_id = '$styleid' and
		field.group_id = '$groupid' and
		field.enabled = '1' and
		field.is_custom > '0'
	ORDER BY
		field.is_custom,field.fullname";
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$fieldarray=array('getfieldid','getiscustom','getfullname','getvarchar','gettext','getcustomfieldid');
	foreach ($fieldarray as $fieldlabel)
	{
		if (isset($row[$fieldlabel])) 
		{ 
			$$fieldlabel=$row[$fieldlabel];
			$$fieldlabel=cleanquerydata($$fieldlabel);
		}
	}

	if ((isset($getcustomfieldid)) && ($getcustomfieldid > "0")) { $update = "update"; } else { $update = "new"; }

	if ($getiscustom == "1")
	{
		print "<tr>\n";
		print "<td width=120 class=rowheading>".$getfullname.":</td>";
		print "<td class=row3><textarea name=\"custom".$getfieldid.$update."\" class=\"textarea490x100\">";
		if ((isset($gettext)) && ($gettext != "")) { print $gettext; }
		print "</textarea></td>\n";
		print "</tr>\n\n";
	}
	else
	{
		print "<tr>\n";
		print "<td width=120 class=rowheading>".$getfullname.":</td>";
		print "<td class=row3><input type=text name=\"custom".$getfieldid.$update."\" class=fieldtext490";
		if ((isset($getvarchar)) && ($getvarchar != "")) { print " value=\"".$getvarchar."\""; }
		print "></td>\n";
		print "</tr>\n\n";
	}

	if (isset($getcustomfieldid)) { unset ($getcustomfieldid); }
	if (isset($getvarchar)) { unset ($getvarchar); }
	if (isset($gettext)) { unset ($gettext); }
}
}

function mainscreen()
{
print "<font size=5><b>GCW Backstage</b></font><br /><br />\n";
print "<b>Tips and Tricks:</b><br />\n";
print "-Be Sure to Capitalize the First Letter of Each Major Word in News Posts and RP Titles<br />\n";
print "-Keep news article titles short and sweet. The only punctuation you need is a question mark at the end of rumor posts<br />\n";
print "-For the love of God, proofread your news articles<br />\n";
print "-Don't forget to keep your bio updated<br />\n";
print "-Don't forget to include the seg slot number of every show submission in the 'Notes to Card Compiler' section<br /><br />\n";
print "<font size=3><b><a href=\"/writing\">Read the GCW Writing Guide</a></b></font><br />\n";	
}

function footercode()
{
print "<div id=\"footer\">GCW Backstage. Backstage 2 © Ross Fynmore 2006</div>\n";
print "</div>\n";
print "</div>\n";
print "</div>\n";
print "</body>\n";
print "</html>\n";
exit;
}

function biogroupmemberold($folder,$headshot,$bioviewer,$bioheadwidth,$bioheadheight,$user,$wrestler,$hometown,$height,$weight)
{
$template = "<table>\n";
$template .= "<tr>\n";
$template .= "<td valign=center>\n";

if (file_exists("backstage_rosterheadshot.php"))
{
	$template .= "<a href=".$folder."/".$bioviewer."?username=".$user." target=_top>";			
	$template .= "<img src=\"backstage_rosterheadshot.php?username=".$user."\" border=1 align=left width=".$bioheadwidth." height=".$bioheadheight." /><a/></td><td>\n";
}
elseif (file_exists("$dirpath$headshot/$user.jpg"))
{
	$template .= "<a href=".$folder."/".$bioviewer."?username=".$user." target=_top>";			
	$template .= "<img src=".$folder.$headshot."/".$user.".jpg border=1 align=left width=".$bioheadwidth." height=".$bioheadheight." /><a/></td><td>\n";
}

$template .= "<a href=".$folder."/".$bioviewer."?username=".$user." target=_top><b>".$wrestler."</b></a><br />\n";

$template .= "<table border=0 cellpadding=0 cellspacing=0>\n";
$template .= "<tr>\n";
$template .= "<td width=100 valign=top>Hometown:</td>\n";
$template .= "<td>".$hometown."</td>\n";
$template .= "</tr>\n";

$template .= "<tr>\n";
$template .= "<td valign=top>Height:</td>\n";
$template .= "<td>".$height."</td>\n";
$template .= "</tr>\n";

$template .= "<tr>\n";
$template .= "<td valign=top>Weight:</td>\n";
$template .= "<td>".$weight." lbs.</td>\n";
$template .= "</tr>\n";
$template .= "</table>\n";
$template .= "</td>\n";
$template .= "</tr>\n";
$template .= "</table>\n";
return ($template);
}

function contentpage($fedid,$id)
{
$query = "SELECT
		content.content as content,
		content.linebreaks as linebreaks
	FROM
		efed_site_content as content
	WHERE
		content.id = '$id' and
		content.visible = 'yes' and
		content.fed_id = '$fedid'";
$result = mysql_query ($query); 
while ($row = mysql_fetch_assoc($result))
{
	$fieldarray=array('content','linebreaks');
	foreach ($fieldarray as $fieldlabel)
	{
		if (isset($row[$fieldlabel])) 
		{ 
			$$fieldlabel=$row[$fieldlabel];
			$$fieldlabel=cleanquerydata($$fieldlabel);
		}
	}

	if ($linebreaks == "yes") {$content=nl2br($content);}
	eval("?>$content<?");
}
}
?>

Link to comment
Share on other sites
  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.