sql_query($sql)))
{
message_die(GENERAL_ERROR, "Error updating selection", '', __LINE__, __FILE__, $sql);
}
header($header_location . append_sid("comments.$phpEx", true));
exit;
}
//Comment update section
if($mode == "update")
{
$game_id = intval($HTTP_POST_VARS['comment_id']);
$comment_text = str_replace("\'","''",$HTTP_POST_VARS['message']);
$comment_text = preg_replace(array('#&(?!(\#[0-9]+;))#', '#<#', '#>#'), array('&', '<', '>'),$comment_text);
//Checks to make sure the user has privledge to enter highscores.
//This query checks the user_id stored in the users cookie and in the database.
//If they don't match, the comments is not entered and error message is displayed.
$user_id = $userdata['user_id'];
$sql = "SELECT game_highuser FROM " . GAMES_TABLE. " WHERE game_id = $game_id";
if( !($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, "Error Authenticating User", '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
if($row['game_highuser'] != $user_id)
{
message_die(GENERAL_ERROR, "Error Authenticating User - Possible hack attempt!", '');
}
//Enters Comment into the DB
$sql = "UPDATE " . COMMENTS_TABLE . " SET comments_value = '$comment_text' WHERE game_id = $game_id";
if( !$result = $db->sql_query($sql) )
{
message_die(GENERAL_ERROR, "Couldn't insert row in comments table", "", __LINE__, __FILE__, $sql);
}
//Comment Updated/Added Successfully
$message = "Comment sucessfully updated.";
$message .= "
Click here to return to the Arcade.";
$message .= "";
message_die(GENERAL_MESSAGE, $message);
}
if($mode == "submit")
{
$template->set_filenames(array(
'body' => 'comments_body.tpl'));
$game_id = intval($HTTP_POST_VARS['comment_id']);
//Gets comments from database
$sql = "SELECT g.game_id, g.game_name, c.* FROM " . GAMES_TABLE. " g LEFT JOIN " . COMMENTS_TABLE . " c ON g.game_id = c.game_id WHERE g.game_id = $game_id";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Error retrieving comment list", '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$template->assign_vars(array(
'L_ADD_EDIT_COMMENTS' => $lang['add_edit_comments'],
'NAV_DESC' => '' . $lang['arcade'] . ' ' ,
'GAME_ID' => $row['game_id'],
'L_GAME_NAME' => $lang['game_name'],
'GAME_NAME' => '' . $row['game_name'] . '',
'L_ENTER_COMMENT' => $lang['enter_comment'],
'COMMENTS' => $row['comments_value'],
'S_ACTION' => append_sid("comments?mode=update"),
));
//Gets Avatar based on user settings and other user stats
$sql = "SELECT username, user_avatar_type, user_allowavatar, user_avatar FROM " . USERS_TABLE . " WHERE user_id = " . $userdata['user_id'] ;
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Cannot access the users table", '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$user_avatar_type = $row['user_avatar_type'];
$user_allowavatar = $row['user_allowavatar'];
$user_avatar = $row['user_avatar'];
$avatar_img = '';
if ( $user_avatar_type && $user_allowavatar )
{
switch( $user_avatar_type )
{
case USER_AVATAR_UPLOAD:
$avatar_img = ( $board_config['allow_avatar_upload'] ) ? '
' : '';
break;
case USER_AVATAR_REMOTE:
$avatar_img = ( $board_config['allow_avatar_remote'] ) ? '
' : '';
break;
case USER_AVATAR_GALLERY:
$avatar_img = ( $board_config['allow_avatar_local'] ) ? '
' : '';
break;
}
}
$template->assign_vars(array(
'L_QUICK_STATS' => $lang['quick_stats'],
'USER_AVATAR' => '' . $avatar_img . '',
'USERNAME' => '' . $row['username'] . ' ',
));
//Gets some user stats to display on the comment submission page
$sql ="SELECT s.score_set, s.game_id, g.game_name FROM " . SCORES_TABLE. " s LEFT JOIN " . USERS_TABLE. " u ON s.user_id = u.user_id LEFT JOIN " . GAMES_TABLE. " g ON s.game_id = g.game_id WHERE s.user_id = " . $userdata['user_id'] . " ORDER BY score_set DESC LIMIT 1";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Cannot access user stats to display", '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$times_played = $row['score_set'];
$fav_game_name = '' . $row['game_name'] . '';
$sql="SELECT * FROM " .GAMES_TABLE ." WHERE game_highuser = " . $userdata['user_id'] . " ORDER BY game_highdate DESC";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Cannot access last high score data", '', __LINE__, __FILE__, $sql);
}
$score_count = $db->sql_numrows( $result ); //Gets the number of highscores for the current user
$row = $db->sql_fetchrow($result);
$highscore_date = create_date( $board_config['default_dateformat'] , $row['game_highdate'] , $board_config['board_timezone'] );
$highscore_game_name = '' . $row['game_name'] . '';
$template->assign_vars(array(
'L_QUICK_STATS_MESSAGE' => sprintf($lang['quick_stats_message'], $score_count, $fav_game_name, $times_played, $highscore_date, $highscore_game_name),
));
//
// Generate the page end
//
$template->pparse('body');
include("includes/page_tail.php");
}
$template->set_filenames(array(
'body' => 'comments_select_body.tpl'));
$link = "comments";
$uid = $userdata['user_id'];
$submit = append_sid($link."?mode=submit");
$z = append_sid($link."?mode=z");
$sql = "SELECT g.*, c.* FROM " . GAMES_TABLE. " g LEFT JOIN " . COMMENTS_TABLE . " c ON g.game_id = c.game_id WHERE game_highuser = $uid ORDER BY game_name ASC";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Error retrieving high score list", '', __LINE__, __FILE__, $sql);
}
$score_count = $db->sql_numrows( $result );
$select_highscore = "';
//User Options for PM
$sql = "SELECT user_allow_arcadepm FROM " . USERS_TABLE . " WHERE user_id = $uid";
if( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, "Error retrieving user arcade pm preference", '', __LINE__, __FILE__, $sql);
}
$row = $db->sql_fetchrow($result);
$user_allow_arcadepm_yes = ( $row['user_allow_arcadepm'] ) ? "checked=\"checked\"" : "";
$user_allow_arcadepm_no = ( !$row['user_allow_arcadepm'] ) ? "checked=\"checked\"" : "";
$template->assign_vars(array(
'NAV_DESC' => '' . $lang['arcade'] . ' '
));
if ($score_count != 0)
{
$template->assign_block_vars('comment_select',array(
'NAV_DESC' => '' . $lang['arcade'] . ' ' ,
'HIGHSCORE_COUNT' => $score_count,
'HIGHSCORE_SELECT' => $select_highscore,
'S_ACTION' => $submit,
));
}
$template->assign_block_vars('comment_settings',array(
'S_ACTION_PM' => $z,
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'USER_ALLOW_ARCADEPM_YES' => $user_allow_arcadepm_yes,
'USER_ALLOW_ARCADEPM_NO' => $user_allow_arcadepm_no
));
//
// Generate the page end
//
$template->pparse('body');
include("includes/page_tail.php");
?>