<?php
session_start();
?>
<?php require_once('Connections/localserver.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE users SET user_hash=%s WHERE user_level=%s",
GetSQLValueString($_POST['user_hash'], "text"),
GetSQLValueString($_POST['valcode'], "int"));
mysql_select_db($database_localserver, $localserver);
$Result1 = mysql_query($updateSQL, $localserver) or die(mysql_error());
$updateGoTo = "validated.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_rstUsers = "-1";
if (isset($_GET['hash'])) {
$colname_rstUsers = $_GET['hash'];
}
mysql_select_db($database_localserver, $localserver);
$query_rstUsers = sprintf("SELECT * FROM users WHERE user_hash = %s", GetSQLValueString($colname_rstUsers, "int"));
$rstUsers = mysql_query($query_rstUsers, $localserver) or die(mysql_error());
$row_rstUsers = mysql_fetch_assoc($rstUsers);
$totalRows_rstUsers = mysql_num_rows($rstUsers);
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$_SESSION['valcode'] = $row_rstUsers['password'];
$_SESSION['userguess']= GetSQLValueString($_POST['password'], "text");
if (($_SESSION['userguess'])==($_SESSION['valcode'])){ /* both values match */
$updateSQL = sprintf("UPDATE users SET user_level='1' WHERE user_hash='%s'", /* Update the user level to 1 where the user hashtag is equal to the one that was sent in the link*/
GetSQLValueString($_POST['password'], "text"));
mysql_select_db($mmos, $localserver);
$Result1 = mysql_query($updateSQL, $localserver) or die(mysql_error());
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header('Location: validated.php');
}
else { /* If values dont match*/
header( 'Location: validate.php' ) ; /* Where to go if validation failed, does not update database and goes back to the same page. */
}
}
?>
<?php require_once('Connections/localserver.php'); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Validate</title>
<meta name="description" content="This is an experimental site which reviews the latest and greatest titles of the MMORPG genre">
<meta name="keywords" content="Review, Video Game, MMORPG, MMO, Massively, Multiplayer, Online, Roleplaying, Game, World of Warcraft, Guild Wars, Rift, EVE Online, Star Wars: The Old Republic">
<link href="savedstylesheet.css" rel="stylesheet" type="text/css" />
</head>
<body id="Mainbody">
<div id="Wrapper">
<div id="Header">
<h1>MMORPG Reviews </h1>
</div>
<div id="MainNavbarone">
<ul>
<li> <h2> <a href="index.php">Home</a></h2> </li>
<li> <h2> <a href="includes/warcraft.php">World of Warcraft</a></h2> </li>
<li> <h2> <a href="includes/guildwars.php">Guild Wars</a></h2> </li>
<li> <h2> <a href="includes/rift.php">Rift</a></h2> </li>
<li> <h2> <a href="includes/eveonline.php">Eve Online</a></h2> </li>
<li> <h2> <a href="includes/starwars.php"> Star Wars: The Old Republic </a></h2> </li>
<li> <h2> <a href="includes/login.php">Login</a></h2> </li>
<li> <h2> <a href="includes/about.php"> About</a></h2> </li>
</ul>
</div>
<div id="MainAdbar">
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here </h3>
<h3>Content for id "Adbar" Goes Here</h3>
<h3>Content for id "Adbar" Goes Here </h3>
</div>
<div id="RedirectMainareaone">
<?php if ($totalRows_rstUsers == 0) { // Show if recordset empty ?>
<p> </p>
<p>Oops! Your URL was incorrect. Please click <a href="index.php">here</a> to return to the Home Page!
<p> </p>
<?php } // Show if recordset empty ?>
<?php if ($totalRows_rstUsers > 0) { // Show if recordset not empty ?>
<?php if ($row_rstUsers['user_level']==0) { // Select between validated or not ?>
<p> </p>
<p>Welcome <?php echo $row_rstUsers['user_name']; ?>. To continue validating your account please enter your password below into the box provided and click on Next to continue:</p>
<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
<p>
<label for="password">Enter Password:</label>
<input type="password" name="valcode" id="password" />
<input name="user_hash" type="hidden" value="<?php echo $_GET['hash']; ?>"/>
</p>
<p>
<input type="submit" name="go" id="go" value="Validate" />
</p>
<input type="hidden" name="MM_update" value="form1" />
</form>
<p> </p>
<?php } else { ?>
<p> </p>
<p>Oops! Your account has already been validated! Please click <a href="index.php">here</a> to return to the Home Page! </p>
<p> </p>
<?php } // Select between validated or not ?>
<?php } // Show if recordset not empty ?>
</div>
<div id="Wrapperone">
<div id="MainNavbar">
<h3><a href="http://eu.battle.net/wow/en/">Official World Of Warcraft Website</a></h3>
<h3><a href="https://www.guildwars2.com/en-gb/">Official Guild Wars Website</a></h3>
<h3><a href="http://eu.riftgame.com/en/">Official Rift Website</a></h3>
<h3><a href="http://www.eveonline.com/">Official EVE Online Website</a></h3>
<h3><a href="http://www.swtor.com/">Official Star Wars: The Old Republic Website</a></h3>
</div>
<div id="MainChatbar">
<?php
if ( isset ($_SESSION['MM_UserGroup']) ) {
if ($_SESSION['MM_UserGroup']==1)//user
{ ?>
<embed src="http://www.xatech.com/web_gear/chat/chat.swf" quality="high" width="300" height="700" name="chat" flashvars="id=184909259" align="middle" allowscriptaccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://xat.com/update_flash.shtml" />
<?php
}
elseif ($_SESSION['MM_UserGroup']==2)//admin
{ ?>
<embed src="http://www.xatech.com/web_gear/chat/chat.swf" quality="high" width="300" height="700" name="chat" flashvars="id=184909259" align="middle" allowscriptaccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://xat.com/update_flash.shtml" />
<?php
}
else//hide chatbox
{
echo '<h3> Oops! User Authentication Is Required To Access This Content! </h3>';
}
}
else echo '<h3> Oops! User Authentication Is Required To Access This Content! </h3>';
?>
</div>
</div>
<div id="MainFooter">
<h4><a href="includes/sitemap.php">Site Map/</a><a href="includes/admin.php">Administrative Page</a></h4>
</div>
</div>
</body>
</html>
<?php
mysql_free_result($rstUsers);
?>