Thread: Mysidia Adoptables v1.3.1[Security Release]
View Single Post
  #9  
Old 04-09-2012, 03:11 PM
SilverDragonTears's Avatar
SilverDragonTears SilverDragonTears is offline
I am your Nemesis.
  
Join Date: Jun 2011
Posts: 1,113
Gender: Female
Credits: 112,351
SilverDragonTears is on a distinguished road
Default
Nothing looks weird there I don't think.....
Only thing I changed here is the is_numeric thing. But I changed that on my other site and it never messed it up.
levelup.php

Code:
<?php

include("functions/functions.php");
include("functions/functions_users.php");
include("functions/functions_adopts.php");
include("inc/lang.php");


//***************//
//  START SCRIPT //
//***************//

$id = $_GET["id"];
$id = preg_replace("/[^a-zA-Z0-9s]/", "", $id);
$id = secure($id);

if($id == ""){

// If the ID is blank or non-numeric, then it is invalid...

$article_title = $err_idnoexist;
$article_content = $err_idnoexist_text;

}
else{

// We have what appears to be a valid adoptable ID, so we pull the adoptable's information from the database...
$owned_adoptable = $adopts->select("owned_adoptables", array(), "aid='{$id}'")->fetchObject();	
if($owned_adoptable->aid == $id){

// The adoptable does exist, so now we need to see if we can vote...
// We need to get the date today and the user's IP address (if is guest we use this)

$date = date('Y-m-d');

$ip = $_SERVER['REMOTE_ADDR']; 
$ip = preg_replace("/[^a-zA-Z0-9@._-]/", "", $ip);
$ip = secure($ip);

$where_clause = ($isloggedin == "yes")
                ?"adoptableid='{$id}' and username = '{$loggedinname}' and date = '{$date}'"
				:"adoptableid='{$id}' and ip = '{$ip}' and date = '{$date}'";
$voters = $adopts->select("vote_voters", array(), $where_clause)->fetchObject();	
$userstatus = getuserstatus($loggedinname);


  if($isloggedin == "yes" and $userstatus['canlevel'] == "no") $article_content .= "It appears that you have been banned from leveling up adoptables. Please contact an administrator for assistance.";   
  elseif(!is_object($voters)){

	// The number of results is still zero, so we did not vote on this adoptable yet today...
	
	// Now we see if the adoptable is frozen by its owner.  If it is, we do not level...

	if($owned_adoptable->isfrozen == "yes"){

	$article_title = $lang_isfrozen_title;
	$article_content = $lang_isfrozen_explain;

	}
	else{

	  // Adoptable is NOT frozen, so I think we can actually proceed with the leveling up of this adoptable...
	  $newclicks = $owned_adoptable->totalclicks + 1; // Add 1 click to the current click total of this adoptable...

	  // Actually insert our click information into the database...
      $adopts->update("owned_adoptables", array("totalclicks" => $newclicks), "aid='{$id}'");

	  // Now we need to update our vote_voters table with the user's vote...
	  $adopts->insert("vote_voters", array("void" => NULL, "date" => $date, "username" => $loggedinname, "ip" => $ip, "adoptableid" => $id));

	  // Now we need to see if we actually level this adoptable up, see if another level actually exists...

	  $nextlevelexists = getnextlevelexists($owned_adoptable->type, $owned_adoptable->currentlevel);

	  if($nextlevelexists == "true"){

	    // A higher level does exist, so we see if it is time to level up
	    $nextlevel = $owned_adoptable->currentlevel + 1;
        $level = $adopts->select("levels", array(), "adoptiename='{$owned_adoptable->type}' and thisislevel='{$nextlevel}'")->fetchObject();	
	
	    // Check if the number of clicks we have now is greater than or equal to the required clicks to level up...
	    if($newclicks >= $level->requiredclicks and $level->requiredclicks != 0 and $level->requiredclicks != ""){

	      // We need to level this adoptable up...
	      $adopts->update("owned_adoptables", array("currentlevel" => $nextlevel), "aid='{$id}'");
	
	      // Now we check if we are enabling alternate images...	
	      $parentid = converttypetoparentid($owned_adoptable->type); // Get the ID of the parent type adoptable
	      $altstatus = getaltstatus($parentid, $id, $nextlevel); // Check if we are using alternate images or not...

	      if($altstatus == "yes") $adopts->update("owned_adoptables", array("usealternates" => 'yes'), "aid='{$id}'");
	      // Now we can see if the adoptable's owner gets a reward, the reward function will take care of sending out any reward that exists...
	      $rewardstatus = reward($id, $owned_adoptable->type, $nextlevel, $owned_adoptable->owner);
	    } // End the if statement if we are leveling the adoptable up	
	  }

	  // Show a thank you message along with the adoptable's information to the user...
	  $image = getcurrentimage($id); // Get the current image of the adoptable...
	  $article_title = $lang_gave."{$owned_adoptable->name} one ".$lang_unit;
	  $article_content = "<img src='{$image}'><br>{$lang_gave}{$owned_adoptable->name}	one {$lang_unit}.<br>".$lang_levelup_encourage;	
	} // Adoptable is not frozen, end isfrozen else check
 
    if($owned_adoptable->isfrozen == "no"){ 
	  $reward = clickreward(grabanysetting('rewardmoney'), $GLOBALS['username'], $GLOBALS['money']);
	  $newamount = $GLOBALS['money'] + $reward;
	  $adopts->update("users", array("money" => $newamount), "username = '{$loggedinname}'");
	  $article_content = $article_content . "<div align='center'><br />You have earned {$reward} ".grabanysetting('cost')." for leveling up this adoptable. <br />You now have {$newamount} ".grabanysetting('cost')."</div>";
    }

  }
  else{

	// We already voted on this adoptable today, so show an error...

	if($isloggedin == "yes"){
		$article_title = $lang_alreadyleveled_title;
		$article_content = $lang_member_alreadyleveled;
	}
	else{
		$article_title = $lang_alreadyleveled_title;;
		$article_content = $lang_guest_alreadyleveled;
	}
  }
}
else{

// Adoptable is invalid, show an error...

$article_title = $err_idnoexist;
$article_content = $err_idnoexist_text;

}



} // End the ID is not blank and is numeric else check


//***************//
//  OUTPUT PAGE  //
//***************//

echo showpage($article_title, $article_content, $date);

?>
__________________

Check out SilvaTales