manage bots

This commit is contained in:
Gnieark 2016-06-09 16:21:01 +02:00
parent 31c2338a84
commit 62e22b2287
4 changed files with 34 additions and 3 deletions

View File

@ -194,6 +194,18 @@ if(isset($_GET['arena'])){
break; break;
case "validateEditBot": case "validateEditBot":
//check if secret is ok
if(!isset($_GET['params'])){
error(404,"Page does not exists");
die;
}
$rs=mysqli_query($lnMysql," SELECT 1 FROM bots_modifs WHERE validate_secret='".mysqli_real_escape_string($lnMysql,$_GET['params'])."';");
if(!$r=mysqli_fetch_row($rs)){
error(404,"Page doesn't exist");
die;
}
$siteTitle="Your bot is changed"; $siteTitle="Your bot is changed";
$siteDescription="bots arena "; $siteDescription="bots arena ";
$permitIndex=false; $permitIndex=false;

View File

@ -142,7 +142,8 @@ switch($_POST['act']){
} }
mysqli_query($lnMysql, mysqli_query($lnMysql,
" INSERT INTO bots_modifs( name, game, url, description,unclean_description, date_modification, validate_secret, author_email) VALUES ( " INSERT INTO bots_modifs( real_id, name, game, url, description,unclean_description, date_modification, validate_secret, author_email) VALUES (
'".mysqli_real_escape_string($lnMysql,$_POST['botId'])."',
'".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."', '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
'".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."', '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
'".mysqli_real_escape_string($lnMysql,$botUrl)."', '".mysqli_real_escape_string($lnMysql,$botUrl)."',

View File

@ -1,5 +1,4 @@
<?php <?php
print_r($_GET);
if(isset($_POST['xd_check'])){ if(isset($_POST['xd_check'])){
$botName=$_POST['botName']; $botName=$_POST['botName'];
$botGame=$_POST['botGame']; $botGame=$_POST['botGame'];

View File

@ -1,2 +1,21 @@
<?php <?php
echo "<h1>PLOP</h1>"; $rs=mysqli_query($lnMysql,"SELECT 1 FROM bots_modifs WHERE validate_secret='".mysqli_real_escape_string($lnMysql,$_GET['params'])."';");
if(!$r=mysqli_fetch_row($rs)){
error(404,"Page doesn't exist");
die;
}
mysqli_query(
"UPDATE bots, bots_modifs
SET bots.name = bots_modifs.name
, bots.game = bots_modifs.game
, bots.url = bots_modifs.url
, bots.description = bots_modifs.description
, bots.unclean_description = bots_modifs.unclean_description
WHERE
bots.id=bots_modifs.real_id
AND bots_modifs.validate_secret='".mysqli_real_escape_string($lnMysql,$_GET['params'])."';");
?
<h2>Thanks!</h2>
<p> Votre bot est validé, merci d'avoir donné à manger à Bots'Arena</p>