diff --git a/core/classes/game.php b/core/classes/game.php new file mode 100644 index 0000000..e69de29 diff --git a/core/config.php b/core/config.php index 60b7922..8f7d0c9 100644 --- a/core/config.php +++ b/core/config.php @@ -1,6 +1,7 @@ bindParam(':description',$_POST['description']); $q->bindParam(':playerlimit',$_POST['playerlimit']); $q->bindParam(':creator',$_SESSION['user'],PDO::PARAM_INT); $q->execute(); + +header("Location: /games?uploaded=true); +exit; } } } diff --git a/download.php b/download.php index 303f2a4..56e2508 100644 --- a/download.php +++ b/download.php @@ -5,9 +5,14 @@ session_start(); if($maintenance && $pagename !== "Maintenance") { header("Location: /maintenance" ); } +if($loggedIn) { if (isset($_GET['client']) && $_GET['client'] == 2016 && $_GET['type'] == "player") { die(header("Location: /downloads/player-2016.zip")); } if (isset($_GET['client']) && $_GET['client'] == 2016 && $_GET['type'] == "studio") { die(header("Location: /downloads/studio-2016.zip")); +} +} else { +die("Corrupted."); // be as vague as possible. +exit; } \ No newline at end of file diff --git a/edit_place.php b/edit_place.php index ab02ad1..c7405f9 100644 --- a/edit_place.php +++ b/edit_place.php @@ -24,17 +24,6 @@ $loggedIn = false; $getitstarted = new PartyStarter; $getitstarted->header(); -if($loggedIn == true) { -if($_POST['submit'] ?? "No" == "Update place" || isset($_FILES['userfile']['name']) || isset($_POST['name']) || isset($_POST['description']) || isset($_POST['playerlimit']) && $_POST['playerlimit'] >= 1 ) { -$q = $con->prepare("UPDATE FROM games (name, description, creator, players, state, thumbnail) VALUES (:name, :description, :playerlimit, :creator, 'pending', 'empty')"); -$q->bindParam(':name',$_POST['name']); -$q->bindParam(':description',$_POST['description']); -$q->bindParam(':playerlimit',$_POST['playerlimit']); -$q->bindParam(':creator',$_SESSION['user'],PDO::PARAM_INT); -$q->execute(); -} -} - if(!isset($_GET["id"])) { header("Location: ?id=".$_SESSION['user']); } else { @@ -51,6 +40,26 @@ if(!$item) { exit; } +if($item['creator'] !== $_SESSION['user']) { + header('location: /error?err=403'); + exit; +} + +if($loggedIn == true) { +if($_POST['submit'] ?? "No" == "Update place" || isset($_FILES['userfile']['name']) || isset($_POST['name']) || isset($_POST['description']) || isset($_POST['playerlimit']) && $_POST['playerlimit'] >= 1 ) { +$q = $con->prepare("UPDATE games SET name=:name, description=:description, creator=:creator, players=:playerlimit, state='pending' WHERE id=:placeid"); +$q->bindParam(':name',$_POST['name']); +$q->bindParam(':description',$_POST['description']); +$q->bindParam(':playerlimit',$_POST['playerlimit']); +$q->bindParam(':creator',$_SESSION['user'],PDO::PARAM_INT); +$q->bindParam(':placeid',$_GET['id'],PDO::PARAM_INT); +$q->execute(); +header("Location: /place?id=".$_GET['id']); +exit; +} +} + + ?> <?php echo $pagename; ?> | <?php echo $sitename; ?> diff --git a/games.php b/games.php index 0eecf4d..4d79b8f 100644 --- a/games.php +++ b/games.php @@ -78,7 +78,11 @@ $random_search = array_rand($random_search_array, 1); if ($numberOfGames >= 1) { $rows = array_slice($q->fetchAll(), $offset, $limit); foreach($rows as $game) { - $playingCount = 69; + $sql = "SELECT allStar FROM games WHERE id=:id"; + $q = $con->prepare(str_replace('allStar', 'count(*)', $sql)); + $q->bindParam(':id',$game["id"],PDO::PARAM_INT); + $q->execute(); + $playingCount = 0; ?>
diff --git a/home.php b/home.php index d2e56fd..f6aaac9 100644 --- a/home.php +++ b/home.php @@ -52,7 +52,7 @@ $getitstarted->header(); , getUsername()); ?>!
-

Friends (prepare("SELECT count(*) FROM users");$q->execute(); $numberOfFriends = $q->fetchColumn(); echo $numberOfFriends; ?>)

+

Friends (prepare("SELECT count(*) FROM friends WHERE user=:id AND state='approved'"); $q->bindParam(':id',$_SESSION['user'],PDO::PARAM_INT); $q->execute(); $numberOfFriends = $q->fetchColumn(); echo $numberOfFriends; ?>)

See all
@@ -72,7 +72,7 @@ $getitstarted->header();


You have no friends.

"; } ?> diff --git a/place.php b/place.php index 1ca37da..f0beb0c 100644 --- a/place.php +++ b/place.php @@ -48,7 +48,12 @@ $getitstarted->header();

-

+

+ + + +