From d578d3bfafaa18f90ecb0ea54dfa0d273616b428 Mon Sep 17 00:00:00 2001
From: Gnieark <rpasserieu@ch-boispetit.fr>
Date: Thu, 9 Jun 2016 15:05:13 +0200
Subject: [PATCH] manage bots

---
 html/index.php  |  5 +++--
 src/act.php     |  3 ++-
 src/editBot.php | 10 +++-------
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/html/index.php b/html/index.php
index 863bcf7..dd616ff 100644
--- a/html/index.php
+++ b/html/index.php
@@ -167,7 +167,7 @@ if(isset($_GET['arena'])){
             die;
         }
         $rs=mysqli_query($lnMysql,
-            "SELECT id,name,game,url,description,date_inscription 
+            "SELECT id,name,game,url,description,unclean_description,date_inscription 
             FROM bots 
             WHERE id='".mysqli_real_escape_string($lnMysql,$_GET['params'])."' 
             AND active='1'"); 
@@ -181,7 +181,8 @@ if(isset($_GET['arena'])){
             'game'              => $r[2],
             'url'               => $r[3],
             'description'       => $r[4],
-            'date_inscription'  => $r[5]
+            'unclean_description'=> $r[5],
+            'date_inscription'  => $r[6]
         );
         $siteTitle="Modifier un bot";
         $siteDescription="bots arena ";
diff --git a/src/act.php b/src/act.php
index 210765b..5ca6dbe 100644
--- a/src/act.php
+++ b/src/act.php
@@ -142,7 +142,7 @@ switch($_POST['act']){
         }
            
         mysqli_query($lnMysql,
-        " INSERT INTO bots_modifs( name, game, url, description, date_modification, validate_secret, author_email) VALUES (
+        " INSERT INTO bots_modifs( name, game, url, description,unclean_description, date_modification, validate_secret, author_email) VALUES (
             '".mysqli_real_escape_string($lnMysql,htmlentities($_POST['botName']))."',
             '".mysqli_real_escape_string($lnMysql,$_POST['botGame'])."',
             '".mysqli_real_escape_string($lnMysql,$botUrl)."',
@@ -150,6 +150,7 @@ switch($_POST['act']){
                 preg_replace('#^(http|https|mailto|ftp)://(([a-z0-9\/\.\?-_=\#@:~])*)#i','<a href="$1://$2">$1://$2</a>'
                 ,nl2br(htmlentities($_POST['botDescription'])))
             )."',
+            '".mysqli_real_escape_string($lnMysql,$_POST['botDescription'])."',
             NOW(),
             '".$secret."',
             '".mysqli_real_escape_string($lnMysql,$_POST['email'])."')"
diff --git a/src/editBot.php b/src/editBot.php
index ac8e549..c9fe4bb 100644
--- a/src/editBot.php
+++ b/src/editBot.php
@@ -1,22 +1,18 @@
 <?php
-
+print_r($_GET);
 if(isset($_POST['xd_check'])){
  $botName=$_POST['botName'];
  $botGame=$_POST['botGame'];
  $botURL=$_POST['botURL'];
  $botDescription=$_POST['botDescription'];
  $email=$_POST['email'];
- 
- 
- 
- 
- 
+
  
 }else{
  $botName=$theBot['name'];
  $botGame=$theBot['game'];
  $botURL=$theBot['url'];
- $botDescription=$theBot['description'];
+ $botDescription=$theBot['unclean_description'];
  $email="";
 }