Jump to content
MakeWebGames

Blacklist [fixed?]


bloodless2010
 Share

Recommended Posts

Hey, I just want to know if this blacklist.php is fixed:

<?php
/*
MCCodes FREE
blacklist.php Rev 1.1.0b
Copyright (C) 2005-2012 Dabomstew

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

session_start();
require "global_func.php";
if ($_SESSION['loggedin'] == 0)
{
   header("Location: login.php");
   exit;
}
$userid = $_SESSION['userid'];
require "header.php";
$h = new headers;
$h->startheaders();
include "mysql.php";
global $c;
$is =
       mysql_query(
               "SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",
               $c) or die(mysql_error());
$ir = mysql_fetch_array($is);
check_level();
$fm = money_formatter($ir['money']);
$cm = money_formatter($ir['crystals'], '');
$lv = date('F j, Y, g:i a', $ir['laston']);
$h->userdata($ir, $lv, $fm, $cm);
$h->menuarea();
if ($ir['donatordays'] == 0)
{
   die("This feature is for donators only.");
}
print "<h3>Black List</h3>";
switch ($_GET['action'])
{
case "add":
   add_enemy();
   break;

case "remove":
   remove_enemy();
   break;

case "ccomment":
   change_comment();
   break;

default:
   black_list();
   break;
}

function black_list()
{
   global $ir, $c, $userid;
   print 
           "<a href='blacklist.php?action=add'>> Add an Enemy</a><br />
These are the people on your black list. ";
   $q_y = mysql_query("SELECT * FROM blacklist WHERE bl_ADDED=$userid", $c);
   print 
           mysql_num_rows($q_y)
                   . " people have added you to their list.<br />Most hated: [";
   $q2r =
           mysql_query(
                   "SELECT u.username,u.username_color,count( * ) as cnt,bl.bl_ADDED FROM blacklist bl LEFT JOIN users u on bl.bl_ADDED=u.userid GROUP BY bl.bl_ADDED ORDER BY cnt DESC LIMIT 5",
                   $c) or die(mysql_error());
   $r = 0;
   while ($r2r = mysql_fetch_array($q2r))
   {
       $r++;
       if ($r > 1)
       {
           print " | ";
       }
       print 
               "<a href='viewuser.php?u={$r2r['bl_ADDED']}'><font color='{$r2r['username_color']}'>{$r2r['username']}</font></a>";
   }
   print 
           "]
<table width=90%><tr style='background:gray'> <th>ID</th> <th>Name</th> <th>Mail</th> <th>Attack</th> <th>Remove</th> <th>Comment</th> <th>Change Comment</th> <th>Online?</th></tr>";
   $q =
           mysql_query(
                   "SELECT bl.*,u.* FROM blacklist bl LEFT JOIN users u ON bl.bl_ADDED=u.userid WHERE bl.bl_ADDER=$userid ORDER BY u.username ASC",
                   $c);
   while ($r = mysql_fetch_array($q))
   {
       if ($r['laston'] >= time() - 15 * 60)
       {
           $on = "<font color=green><b>Online</b></font>";
       }
       else
       {
           $on = "<font color=red><b>Offline</b></font>";
       }
       $d = "";
       if ($r['donatordays'])
       {
           $d =
                   "<img src='donator.gif' alt='Donator: {$r['donatordays']} Days Left' title='Donator: {$r['donatordays']} Days Left' />";
       }
       if (!$r['bl_COMMENT'])
       {
           $r['bl_COMMENT'] = "N/A";
       }
       print 
               "<tr> <td>{$r['userid']}</td> <td><a href='viewuser.php?u={$r['userid']}'><font color='{$r['username_color']}'>{$r['username']}</font></a> $d</td> <td><a href='mailbox.php?action=compose&ID={$r['userid']}'>Mail</a></td> <td><a href='attack.php?ID={$r['userid']}'>Attack</a></td> <td><a href='blacklist.php?action=remove&f={$r['bl_ID']}'>Remove</a></td> <td>{$r['bl_COMMENT']}</td> <td><a href='blacklist.php?action=ccomment&f={$r['bl_ID']}'>Change</a></td> <td>$on</td></tr>";
   }
}

function add_enemy()
{
   global $ir, $c, $userid;
   $_POST['ID'] = abs((int) $_POST['ID']);
   $_POST['comment'] =
           mysql_real_escape_string(
                   nl2br(
                           htmlentities(stripslashes($_POST['comment']),
                                   ENT_QUOTES, 'ISO-8859-1')), $c);

   if ($_POST['ID'])
   {
       $qc =
               mysql_query(
                       "SELECT * FROM blacklist WHERE bl_ADDER=$userid AND bl_ADDED={$_POST['ID']}",
                       $c);
       $q =
               mysql_query(
                       "SELECT * FROM users WHERE userid={$_POST['ID']}", $c);
       if (mysql_num_rows($qc))
       {
           print "You cannot add the same person twice.";
       }
       else if ($userid == $_POST['ID'])
       {
           print 
                   "You cannot be so lonely that you have to try and add yourself.";
       }
       else if (mysql_num_rows($q) == 0)
       {
           print "Oh no, you're trying to add a ghost.";
       }
       else
       {
           mysql_query(
                   "INSERT INTO blacklist VALUES(NULL, $userid, {$_POST['ID']}, '{$_POST['comment']}')",
                   $c) or die(mysql_error());
           $r = mysql_fetch_array($q);
           print 
                   "<font color='{$r['username_color']}'>{$r['username']}</font> was added to your black list.<br />
<a href='blacklist.php'>> Back</a>";
       }
   }
   else
   {
       $_GET['ID'] =
               (isset($_GET['ID']) && is_numeric($_GET['ID']))
                       ? abs(intval($_GET['ID'])) : '';
       print 
               "Adding an enemy!<form action='blacklist.php?action=add' method='post'>
Enemy's ID: <input type='text' name='ID' value='{$_GET['ID']}' /><br />
Comment (optional): <br />
<textarea name='comment' rows='7' cols='40'></textarea><br />
<input type='submit' value='Add Enemy' /></form>";
   }

}

function remove_enemy()
{
   global $ir, $c, $userid;
   $_GET['f'] = abs((int) $_GET['f']);
   mysql_query(
           "DELETE FROM blacklist WHERE bl_ID={$_GET['f']} AND bl_ADDER=$userid",
           $c);
   print 
           "Black list entry removed!<br />
<a href='blacklist.php'>> Back</a>";
}

function change_comment()
{
   global $ir, $c, $userid;
   $_POST['f'] = abs((int) $_POST['f']);
   $_POST['comment'] =
           mysql_real_escape_string(
                   nl2br(
                           htmlentities(stripslashes($_POST['comment']),
                                   ENT_QUOTES, 'ISO-8859-1')), $c);
   if ($_POST['comment'])
   {
       mysql_query(
               "UPDATE blacklist SET bl_COMMENT='{$_POST['comment']}' WHERE bl_ID={$_POST['f']} AND bl_ADDER=$userid",
               $c);
       print 
               "Comment for enemy changed!<br />
<a href='blacklist.php'>> Back</a>";
   }
   else
   {
       $_GET['f'] = abs((int) $_GET['f']);
       $q =
               mysql_query(
                       "SELECT * FROM blacklist WHERE bl_ID={$_GET['f']} AND bl_ADDER=$userid",
                       $c);
       if (mysql_num_rows($q))
       {
           $r = mysql_fetch_array($q);
           $comment = str_replace('<br />', "\n", $r['bl_COMMENT']);
           print 
                   "Changing a comment.<form action='blacklist.php?action=ccomment' method='post'>
<input type='hidden' name='f' value='{$_GET['f']}' /><br />
Comment: <br />
<textarea rows='7' cols='40' name='comment'>$comment</textarea><br />
<input type='submit' value='Change Comment' /></form>";
       }
       else
       {
           print "Stop trying to edit comments that aren't yours.";
       }
   }
}
print "</table>";
$h->endpage();

Atleast I think it is, I just want to know from the pros xD Thanks!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...