Well I got bored and fancied coding something or atleast updating something for free & I saw Casey had failed to supply a free secured gangs.php so here it is xD
About this mod:
A few month's ago ''Casey'' tried to secure one and basically failed, He used a number off failed ways including sprinf(); where it wasn't wanted nor needed, So I got bored and posted a basic copy then I thought I think it's time to re update, So now there a few more updates However only the code, nothing visual
What I've done;
1. Prez's and VPS will get an event when someone applies
2. Secured the file
3. Removed all "`Select * FROM`"
4. Changed the member list to show it formatted (- 1,400 days instead off 1400 days)
5. Updated alot of the code
6. Changed a few queries
Thanks Too;
* Casey for trying to do this
<?php
include(dirname(__file__) . '/globals.php');
$_GET['ID'] = isset($_GET['ID']);
if(!$_GET['ID']) {
echo 'Invalid use of file';
} else {
$gq=$db->query("SELECT `gangPRESIDENT`,`gangVICEPRES`,`gangRESPECT`,`gangID`,`gangDESC` FROM `gangs` WHERE(`gangID` = ".abs(intval($_GET['ID'])).")");
$gangdata=$db->fetch_row($gq);
$_GET['action'] = isset($_GET['action']) && ctype_alpha($_GET['action']) ? trim($_GET['action']) : '';
switch($_GET['action']) {
case 'view':gang_view();break;
case 'userlist':gang_userlist();break;
case 'apply':gang_applyform();break;
case 'applys':gang_applysubmit();break;
}
if (!in_array($_GET['action'], array('view','userlist','apply','applys'))) {
echo "<h2>Illegal Operation</h2>";
$h->endpage();
exit;
}
}
function gang_view() {
global $db,$ir,$c,$h,$gangdata,$bbc;
$pq=$db->query("SELECT `username`,`userid` FROM `users` WHERE (`userid` =".$gangdata['gangPRESIDENT']).")");
$ldr=$db->fetch_row($pq);
$vpq=$db->query("SELECT `username`, `userid`FROM `users` WHERE (`userid` = ".$gangdata['gangVICEPRES'].")");
$coldr=$db->fetch_row($vpq);
echo "<h3><span style='text-decoration: underline;'>".stripslashes(htmlentities($gangdata['gangNAME'], ENT_QUOTES))." Gang</span></h3><hr />
President: <a href='viewuser.php?u=".$ldr['userid']}.">".stripslashes(htmlentities($ldr['username'], ENT_QUOTES))."</a><br />
Vice-President: <a href='viewuser.php?u=".$coldr['userid']."'>".stripslashes(htmlentities($coldr['username'], ENT_QUOTES))."</a>
<strong>Respect Level: </strong> ".number_format($gangdata['gangRESPECT'])."<br /><hr />";
$cnt=$db->query("SELECT `username` FROM `users` WHERE `gang` = (".$gangdata['gangID'].")");
echo "<strong>Members:</strong> ".$db->num_rows($cnt)."<br />
<strong>Description:</strong>".stripslashes(htmlentities($gangdata['gangDESC'], ENT_QUOTES))."<br />
> <a href='gangs.php?action=userlist&ID=".$gangdata['gangID']."'>User List</a><br />
> <a href='gangs.php?action=apply&ID=".$gangdata['gangID']."'>Apply</a>";
}
function gang_userlist() {
global $db,$ir,$c,$h,$gangdata;
echo "<h3>Userlist for ".stripslashes(htmlentities($gangdata['gangNAME'], ENT_QUOTES))."</h3>
<table><tr style='background: gray;'><th>User</th><th>Level</th><th>Days In Gang</th></tr>";
$q=$db->query("SELECT `userid`,`username`,`daysingang` FROM `users` WHERE ( `gang` = ".$gangdata['gangID']." ) ORDER BY `daysingang` DESC, `level` DESC");
while($r=$db->fetch_row($q)) {
echo "<tr><td>".stripslashes(htmlentities($r['username'], ENT_QUOTES))." [".number_format($r['userid'])."]<br /></td><td>".number_format($r['level'])."</td><td>".number_format($r['daysingang'])."</td></tr>";
}
echo "</table><br />
<a href='gangs.php?action=view&ID=".$gangdata['gangID']."'>> Back</a>";
}
function gang_applyform() {
global $ir,$c,$h,$gangdata;
if(!$ir['gang']) {
echo "<form action='gangs.php?action=applys&ID=".abs(intval($_GET['ID']))."' method='post'>
Type the reason you should be in this faction.<br />
<textarea name='application' rows='7' cols='40'></textarea><br />
<input type='submit' value='Apply' /></form>";
} else {
echo "You cannot apply for a gang when you are already in one.";
}
}
function gang_applysubmit() {
global $db,$ir,$c,$h,$gangdata,$userid;
if(!$ir['gang']) {
$db->query("INSERT INTO applications VALUES('',$userid,".abs(intval($_GET['ID'])).",'".mysql_real_escape_string(strip_tags($_POST['application']))."')");
$db->query("INSERT INTO gangevents VALUES('',".abs(intval($_GET['ID'])).",unix_timestamp(),'<a href='viewuser.php?u=$userid'>".strip_tags(mysql_real_escape_string($ir['username']))."</a> sent an application to join this gang.')");
print "You sent your application to the ".stripslashes(htmlentities($gangdata['gangNAME'], ENT_QUOTES))."gang.";
event_add($gangdata['gangPRESIDENT'], '<a href="viewuser.php?u='.$userid.'">'.strip_tags(mysql_real_escape_string($ir['username'])).'</a> just applied to your gang!');
event_add($gangdata['gangVICEPRES'], '<a href="viewuser.php?u='.$userid.'">'.strip_tags(mysql_real_escape_string($ir['username'])).'</a> just applied to your gang!');
} else {
print "You cannot apply for a gang when you are already in one.";
}
}
$h->endpage();
?>
