0) { $sql_query = "SELECT * FROM custompages WHERE pageid = $pageid"; //store the SQL query in the result variable $result = @mysql_query($sql_query); if(mysql_num_rows($result)) { //output as long as there are still available fields while($row = mysql_fetch_array($result)) { $pagetitle = $row[pagetitle]; $pagetitle = stripslashes($pagetitle); $pagekeywords = $row[pagekeywords]; $pagekeywords = stripslashes($pagekeywords); $pagedescription = $row[pagedescription]; $pagedescription = stripslashes($pagedescription); $custompagecontent = $row[pagecontent]; $custompagecontent = stripslashes($custompagecontent); } } else { $pageid = '0'; $includefile = "includes/main.php"; $pagetitle = "Free Online Games | Fun for kids"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } } else { if ($action == "playgame") { $title = str_replace("-"," ",$title); $title2 = str_replace("_","\'",$title); $title = str_replace("_","'",$title); $title = addslashes($title); $title2 = addslashes($title2); //Generate unique confirmation code // Hotlinking /*$random= ""; srand((double)microtime()*1000000); $block = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $block .= "0123456789"; for($i = 0; $i < 10; $i++) { $random .= substr($block,(rand()%(strlen($block))), 1); } $_SESSION['playcode'] = $random;*/ // hotlinking slut if (!$gameid) $sql_query = "SELECT * FROM games WHERE gametitle = '$title' || gametitle = '$title2'"; else $sql_query = "SELECT * FROM games WHERE gameid = $gameid"; //store the SQL query in the result variable $result = mysql_query($sql_query); if(mysql_num_rows($result)) { //output as long as there are still available fields while($row = mysql_fetch_array($result)) { $gameid = $row[gameid]; $gametitle = $row[gametitle]; $gametitle = stripslashes($gametitle); $gamedesc = $row[gamedesc]; $gamekeywords = $row[gamekeywords]; $gamefile = $row[gamefile]; $gameheight = $row[gameheight]; $gamewidth = $row[gamewidth]; $category = $row[category]; $timesplayed = $row[timesplayed]; $rating = $row[rating]; $gameicon = $row[gameicon]; $playedtoday = $row[playedtoday]; $gamelocation = $row[gamelocation]; $iconlocation = $row[iconlocation]; $instructions = $row[instructions]; $filetype = $row[filetype]; $customcode = $row[customcode]; $customcode = stripslashes($customcode); } } else { header("Location: $base_url"); exit; } include ("includes/rating.php"); $timesplayed++; $playedtoday++; $add_times = "update games set timesplayed = $timesplayed where gameid = $gameid"; $result = mysql_query($add_times); $times_today = "update games set playedtoday = $playedtoday where gameid = $gameid"; $result = mysql_query($times_today); $loggedinstatus = $_SESSION['loggedin']; if ($limitplays == 1 && $loggedinstatus != '1') { $sql_query = "SELECT * FROM userlog WHERE ipaddress = '$ipaddress'"; $result = @mysql_query($sql_query); if(mysql_num_rows($result)) { while($row = mysql_fetch_array($result)) { $playedtoday = $row[gamesplayed]; } } $playedtoday++; if ($playedtoday > $guestcredits) { header("Location: ".$base_url."index.php?action=register&nocredits=1"); // redirect } else { $update_credit = mysql_query ("update userlog set gamesplayed = '$playedtoday' where ipaddress = '$ipaddress'"); } } if (isset($_SESSION['loggedin'])) { $userid = $_SESSION['loggedinuserid']; $sql_query = "SELECT * FROM users WHERE userid = $userid"; //store the SQL query in the result variable $result = @mysql_query($sql_query); if(mysql_num_rows($result)) { //output as long as there are still available fields while($row = mysql_fetch_array($result)) { $played_today = $row[playedtoday]; $total_played = $row[gamesplayed]; $first_game = $row[gameone]; $second_game = $row[gametwo]; $third_game = $row[gamethree]; $fourth_game = $row[gamefour]; $fifth_game = $row[gamefive]; $points = $row[points]; } } $played_today++; $total_played++; $points = $points + $game_points; $fifth_game = $fourth_game; $fourth_game = $third_game; $third_game = $second_game; $second_game = $first_game; $first_game = $gameid; $update_user = "update users set gamesplayed = $total_played, playedtoday = $played_today, gameone = $first_game, gametwo = $second_game, gamethree = $third_game, gamefour = $fourth_game, gamefive = $fifth_game, points = $points where userid = $userid"; $result = mysql_query($update_user); } $pagedescription = $gamedesc; $pagekeywords = $gamekeywords; $pagetitle = $gametitle; $includefile = "includes/displaygame.php"; } elseif ($action == "browse") { // Mod_Rewrite On (Search Engine Friendy URL's) if($rewrite != '0' && !$cat) { // If the Category name is All, then it will say the catid = all so that it will browse all games if (!$catname) { $catid = 'all'; } // Since it isn't all, it will now have to look up the category info in the database else { $catname = str_replace("-"," ",$catname); $catname = str_replace("_","\'",$catname); $catname = addslashes($catname); // If there is no category name AND no search term, then it will do nothing here if (!$catname && !$searchterm) { } // If there there is a category name but not search term, then it will get cat info elseif (!$searchterm) { // Selects the category from the database by the category name $sql_query2 = "SELECT * FROM categories WHERE catname = '$catname'"; // Processes the search for the category name $result2 = mysql_query($sql_query2); if(mysql_num_rows($result2)) { while($rows = mysql_fetch_array($result2)) { // Category ID that is being browsed $browse_cat_id = $rows[catid]; // Category Name that is being browsed $browse_cat_name = $rows[catname]; $browse_cat_name = stripslashes($browse_cat_name); $browse_cat_desc = $rows[catdesc]; $browse_cat_keywords = $rows[catkeywords]; } } } } } else { // If no category id was mentioned, then it will use this at the page info if (!$cat) { $pagetitle = "Browse Our Database of Games"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } else { // Pick the category from the database by the category number $sql_query2 = "SELECT * FROM categories WHERE catid = $cat"; //store the SQL query in the result variable $result2 = mysql_query($sql_query2); if(mysql_num_rows($result2)) { //output as long as there are still available fields while($rows = mysql_fetch_array($result2)) { $browse_cat_id = $rows[catid]; $browse_cat_name = $rows[catname]; $browse_cat_name = stripslashes($browse_cat_name); $browse_cat_desc = $rows[catdesc]; $browse_cat_keywords = $rows[catkeywords]; } } else { $action = "browse"; $cat = ""; echo ''; return; } } } if (!$searchterm && !$browse_cat_name) { $pagetitle = "Browse Our Database of Games"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } elseif (!$browse_cat_name) { $pagetitle = "Search Results for $searchterm"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } else { $pagetitle = "Browse Our Database of ".$browse_cat_name." Games"; $pagekeywords = $browse_cat_keywords; $pagedescription = $browse_cat_desc; } $includefile = "includes/browse.php"; } elseif ($action == "tradelinks") { $pagetitle = "Trade Links With $site_title"; $pagedescription = "Trade Links With $site_title"; $pagekeywords = $site_keywords; $includefile = "templates/tradelinks.html"; } elseif ($action == "links") { $pagetitle = "Links Page"; $pagedescription = "Links Page"; $pagekeywords = $site_keywords; $includefile = "templates/links.html"; } elseif ($action == "linkadded") { $websitename = $_GET[websitename]; $websiteurl = $_GET[websiteurl]; $pagetitle = "Your Link Has Been Added"; $pagekeywords = $site_keywords; $pagedescription = "Trade Links With $site_title"; $includefile = "templates/linkadded.html"; } elseif ($action == "profile") { $userid = $_GET[userid]; $pagetitle = "User Profiles"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; $includefile = "includes/profile.php"; } elseif ($action == "register") { $nocredits = $_GET[nocredits]; $pagetitle = "Register"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; $includefile = "templates/register.php"; } elseif ($action == "optout") { $newsletter_code = $_GET[code]; $userid = $_GET[userid]; $pagetitle = "Removed From Mailing List"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; $includefile = "templates/optout.php"; } elseif ($action == "newmember") { $newusername = $_POST[newusername]; $newpasswordone = $_POST[newpasswordone]; $newpasswordtwo = $_POST[newpasswordtwo]; $newemailaddress = $_POST[newemailaddress]; require_once('recaptchalib.php'); $privatekey = "6Lf1KukSAAAAAI6MMw5t2i72d4JeliCN-32NNP6D"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($newpasswordone != $newpasswordtwo) { $status = "Your passwords did not match."; $includefile = "templates/register.php"; } // Checks to make sure all info is entered elseif (!$newusername || !$newpasswordone || !$newpasswordtwo || !$newemailaddress) { $status = "You did not enter all the required information."; $includefile = "templates/register.php"; } elseif (!$resp->is_valid) { // What happens when the CAPTCHA was entered incorrectly // die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"); $status = "The reCAPTCHA wasn't entered correctly. Go back and try it again"; $includefile = "templates/register.php"; } else { // Checks to see if the user is already in the database $query2 = "select * from users where username = '$newusername'"; $result2 = mysql_query($query2); if (mysql_num_rows($result2)>0) { $status = "I'm sorry, that username is already taken."; $includefile = "templates/register.php"; } else { if ($email_confirmation == 1) { //Generate unique confirmation code $random= ""; srand((double)microtime()*1000000); $block = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $block .= "0123456789"; for($i = 0; $i < 10; $i++) { $random .= substr($block,(rand()%(strlen($block))), 1); } //End confirmation code generation $msg .=''.$newusername.':
'; $msg .='Thank you for registering with '.$site_title.'.

'; $msg .='Please click on the link below to confirm your account with us:
'; $msg .='Click here to Confirm

'; $msg .='If you cannot see the hyperlink or have problems confirming your account, please copy and paste the following link into your browsers address bar:
'; $msg .=''.$base_url.'index.php?action=confirmaccount&username='.$newusername.'&confirmation='.$random.'

'; $msg .='Thank you!.'; $to = "$newemailaddress"; $subject = "Please confirm your account with ".$site_title.""; $headers ="Return-Path: ".$contact_email."\r\n"; $headers .= "From: ".$site_title." <".$contact_email.">\n"; $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-type: text/html\r\n"; $mailFrom = "webmaster@it-kids.net"; $mailParams = "-f " .$mailFrom; mail($to, $subject, $msg, $headers, $mailParams); $userstatus = "0"; } else { $userstatus = "1"; } $todaysdate = date('Y-m-d'); $newtest = $newpasswordone; $newpasswordone = md5($newpasswordtwo); $result = mysql_query( "insert into users set username = '$newusername', password = '$newpasswordone', emailaddress = '$newemailaddress', userstatus = '$userstatus', joindate = '$todaysdate', confirmation = '$random'"); $includefile = "templates/thankyou.html"; } } } elseif ($action == "logout") { session_unset(); // unset our sessions session_destroy(); // now destory them and remove them from the users browser header('Location: index.php'); // forward you to a page of your choice exit; } elseif ($action == "editprofile") { $loggedinstatus = $_SESSION['loggedin']; $userid = $_SESSION['loggedinuserid']; if ($loggedinstatus != '1') { header("Location: ".$base_url."index.php?action=register"); } $userid = $_SESSION['loggedinuserid']; $sql_query = "SELECT * FROM users WHERE userid = $userid"; //store the SQL query in the result variable $result = @mysql_query($sql_query); if(mysql_num_rows($result)) { //output as long as there are still available fields while($row = mysql_fetch_array($result)) { $location = $row[location]; $userwebsite = $row[website]; $message = $row[message]; $avatar = $row[avatar]; } } $includefile = "templates/editprofile.html"; $pagetitle = "Edit Your Profile"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } elseif ($action == "updateprofile") { $userid = $_SESSION['loggedinuserid']; $newavatar = strip_tags($_POST[newavatar],''); $newwebsite = strip_tags($_POST[newwebsite],''); $newlocation = strip_tags($_POST[newlocation]); $newmessage = strip_tags($_POST[newmessage]); $oldpassword = trim($_POST[oldpassword]); $newpassword = trim($_POST[newpassword]); $result = mysql_query( "update users set avatar = '$newavatar', website = '$newwebsite', location = '$newlocation', message = '$newmessage' where userid = $userid"); if (!$newpassword && !$oldpassword) { header("Location: ".$base_url."index.php?action=editprofile&status=Profile Updated"); // redirect exit; } if (isset($oldpassword) && isset($newpassword)) { $sql_query = "SELECT * FROM users WHERE userid = $userid"; //store the SQL query in the result variable $result = @mysql_query($sql_query); if(mysql_num_rows($result)) { //output as long as there are still available fields while($row = mysql_fetch_array($result)) { $encodedpw = $row[password]; } } $oldpassword = md5($oldpassword); if ($oldpassword == $encodedpw) { $newpassword = md5($newpassword); $result = mysql_query( "update users set password = '$newpassword' where userid = '$userid'"); header("Location: ".$base_url."index.php?action=editprofile&status=Password Updated"); // redirect } else { header("Location: ".$base_url."index.php?action=editprofile&status=Old Password Did Not Match"); // redirect } } $includefile = "includes/profile.php"; $pagetitle = "View Your Profile"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } elseif ($action == "addcomment") { $newcomment = $_POST['newcomment']; $newcomment = strip_tags($newcomment); $id = $_POST['id']; $userid = $_SESSION['loggedinuserid']; $todaysdate = date('Y-m-d'); if ($who_can_comment==0 && !$userid) { $userid = "0"; } $verifycode = $_POST[verifycode]; $verifycode = trim($verifycode); // Time to check to make sure the user entered the correct verification code // otherwise the comment will not post! $ipaddress = $_SERVER['REMOTE_ADDR']; if ($imageverification ==1) { $verification_query = "SELECT * from online_users WHERE userverification = '$verifycode' && userip = '$ipaddress'"; $verification_check = mysql_query($verification_query); $verification_status = mysql_num_rows ($verification_check); if ($verification_status == 0) { header("Location: ".$_SERVER['HTTP_REFERER'].""); // redirect exit; } } $result = mysql_query( "insert into comments set comment = '$newcomment', gameid = '$id', userid = '$userid', ipaddress = '$ipaddress', date = '$todaysdate'"); if ($userid > 0) { $sql_query = "SELECT * FROM users WHERE userid = $userid"; //store the SQL query in the result variable $result = @mysql_query($sql_query); if(mysql_num_rows($result)) { //output as long as there are still available fields while($row = mysql_fetch_array($result)) { $points = $row[points]; } } $points = $points + $comment_points; $result = mysql_query( "update users set points = '$points' where userid = $userid"); } $gameid = $id; header("Location: ".$_SERVER['HTTP_REFERER'].""); // redirect } elseif ($action == "favoritegame") { $userid = $_SESSION['loggedinuserid']; $result = mysql_query ("update users set favoritegame = '$gameid' where userid = '$userid'"); echo "This game is now your favorite game. You can close this window and get back to gaming!"; exit; } elseif ($action == "viewcomments") { display_all_comments($gameid); exit; } elseif ($action == "passwordrecovery") { recover_password($base_url); exit; } elseif ($action == "sendpassword") { $emailaddress = $_POST[emailaddress]; send_password($emailaddress,$site_title,$contact_email); exit; } elseif ($action == "confirmaccount") { $username = $_GET[username]; $confirmation = $_GET[confirmation]; confirm_account($username,$confirmation); exit; } elseif ($action == "accountconfirmed") { $includefile = "templates/confirmedaccount.html"; $pagetitle = "Account Has Been Confirmed"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } elseif ($action == "messages") { $loggedinstatus = $_SESSION['loggedin']; $userid = $_SESSION['loggedinuserid']; if ($loggedinstatus != '1') { header("Location: ".$base_url."index.php?action=register"); } if ($privatemessaging != '1') { header("Location: ".$base_url."index.php"); } $includefile = "templates/privatemessages.html"; $pagetitle = "Private Messages"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } elseif ($action == "deletemessage") { $messageid = $_GET[messageid]; // Now we just double check to make sure the user is logged in and make sure // they are delete a message sent just to them $loggedinstatus = $_SESSION['loggedin']; $userid = $_SESSION['loggedinuserid']; if ($loggedinstatus != '1') { header("Location: ".$base_url."index.php?action=register"); } $message_query = "SELECT * FROM messages where messageid = '$messageid' && touserid = '$userid'"; $message_result = @mysql_query($message_query); if(mysql_num_rows($message_result)) { //output as long as there are still available fields while($row = mysql_fetch_array($message_result)) { $delete_message = @mysql_query ("delete from messages where messageid = '$messageid'"); header("Location: ".$base_url."index.php?action=messages&messagestatus=Message Deleted"); } } else header("Location: ".$base_url."index.php?action=messages&messagestatus=Message Could Not Be Deleted"); } elseif ($action == "displaymessage") { $loggedinstatus = $_SESSION['loggedin']; $userid = $_SESSION['loggedinuserid']; if ($loggedinstatus != '1') { header("Location: ".$base_url."index.php?action=register"); } if ($privatemessaging != '1') { header("Location: ".$base_url."index.php"); } $messageid = $_GET[messageid]; $includefile = "includes/displaymessage.php"; $pagetitle = "Private Messages"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } elseif ($action == "messagereply") { $loggedinstatus = $_SESSION['loggedin']; $userid = $_SESSION['loggedinuserid']; if ($loggedinstatus != '1') { header("Location: ".$base_url."index.php?action=register"); } if ($privatemessaging != '1') { header("Location: ".$base_url."index.php"); } $messagestatusnumber = "0"; $replyid = $_GET[replyid]; // Need to get the message info for the reply $message_query = "SELECT * FROM messages where messageid = '$replyid'"; $message_result = @mysql_query($message_query); if(mysql_num_rows($message_result)) { //output as long as there are still available fields while($row = mysql_fetch_array($message_result)) { $messagetext = $row[messagetext]; $fromuserid = $row[fromuserid]; $messagesubject = $row[messagesubject]; $touserid = $row[touserid]; } } // Now we need to get the FROM USER's information $fromuser_query = "SELECT * FROM users where userid = '$fromuserid'"; $user_result = mysql_query($fromuser_query); if(mysql_num_rows($user_result)) { while($row = mysql_fetch_array($user_result)) { $replytoname = $row[username]; } } // Now we just double check to make sure the user is logged in and make sure // they are replying to a message sent just to them $loggedinstatus = $_SESSION['loggedin']; $userid = $_SESSION['loggedinuserid']; if ($loggedinstatus != '1') { $pagetitle = "Register"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; $includefile = "templates/register.php"; } elseif ($userid != $touserid) { $includefile = "templates/privatemessages.html"; $pagetitle = "Private Messages - You Cannot Reply To That Message"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } else { $includefile = "templates/compose.html"; $pagetitle = "Private Messages - Reply To Message"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } } elseif ($action == "composemessage") { if ($privatemessaging != '1') { header("Location: ".$base_url."index.php"); } // Now we just double check to make sure the user is logged in and make sure // they are replying to a message sent just to them $loggedinstatus = $_SESSION['loggedin']; $userid = $_SESSION['loggedinuserid']; if ($loggedinstatus != '1') { $pagetitle = "Register"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; $includefile = "templates/register.php"; } else { $includefile = "templates/compose.html"; $pagetitle = "Private Messages - Reply To Message"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } } elseif ($action == "sendmessage") { if ($privatemessaging != '1') { header("Location: ".$base_url."index.php"); } $loggedinstatus = $_SESSION['loggedin']; if ($loggedinstatus != '1') { $pagetitle = "Register"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; $includefile = "templates/register.php"; } else { // Get the info from the message $messagetext = $_POST[messagebody]; $messagetext = trim($messagetext); // Strip out all the HTML if someone decided to post using HTML $messagetext = strip_tags($messagetext); $messagetext = addslashes($messagetext); $messagesubject = $_POST[messagesubject]; $messagesubject = trim($messagesubject); $messagesubject = strip_tags($messagesubject); $messagesubject = addslashes($messagesubject); $touser = $_POST[tousername]; $fromuser = $_SESSION['loggedinuserid']; $today = date('Y-m-d h:i A'); // Time to check and see if the USER we are sending the message to is valid $user_query = "SELECT * FROM users where username = '$touser'"; //store the SQL query in the result variable $user_result = @mysql_query($user_query); if(mysql_num_rows($user_result)) { //output as long as there are still available fields while($row = mysql_fetch_array($user_result)) { $touserid = $row[userid]; // Time to post the message in the database $post_message = mysql_query ("insert into messages set messagetext = '$messagetext', touserid = '$touserid', fromuserid = '$fromuser', fromuserip = '$ipaddress', messagesubject = '$messagesubject', sentdate = '$today'"); header("Location: ".$base_url."index.php?action=messages"); } } else { $includefile = "templates/compose.html"; $pagetitle = "Private Messages - Compose New Message"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; $messagestatus = "Invalid User"; $messagestatusnumber = "99"; } } } else { $includefile = "includes/main.php"; $pagetitle = "Free Online Games | Fun for kids"; $pagekeywords = $site_keywords; $pagedescription = $site_desc; } } ?> <?echo $pagetitle;?> | <?echo $site_title;?>
0) { echo $custompagecontent; } else { include ("$includefile"); } ?>