minetest-forum/viewmod.php

<?php
include "scripts/setup.php";

$id=$_GET['id'];

if (is_numeric($id)==false){
   SQLerror("Non Integer","Non integers are not allowed in the id field. <br /> <a href=\"index.php\">Back to home</a>");
}

$res = mysql_query("SELECT * FROM mods WHERE mod_id=$id",$handle) or SQLerror("MySQL Query Error","Error on searching database.mods.mod_id for '$id'");
$row = mysql_fetch_row($res) or die("row error");
$page_title="View mod - {$row[1]}";

include "scripts/pageheader.php";
include "scripts/formatcode.php";

if (is_member_moderator($_SESSION['user']) || $_SESSION['user']==$row[3]){
$links="<a href=\"editentry.php?id=$id\">Edit</a>";
}else{
$links="";
}

echo "<table width=\"100%\"><tr bgcolor=\"#FFFFBD\"><td><a href=\"{$row[9]}\">Download</a></td><td>";
echo "<h1 align=center>{$row[1]} - by <a href=\"user.php?name={$row[3]}\">{$row[3]}</a></h1></td>";
echo "<td width=100>{$row[2]}</td></tr>";
echo "<tr><td colspan=3><p>".formatbb($row[4])."</p></td><tr>";
echo "<tr height=30 bgcolor=\"#FFFFBD\"><td colspan=3 style=\"text-align:right;\">$links&#32;&#32;&#32;&#32;</td></tr>";

include "scripts/loadposts.php";

include "scripts/pagefooter.php";
?>
Added seperate file for page header 2012-08-23 00:03:02 +01:00			`<?php`
			`include "scripts/setup.php";`
Database interaction for database.mods 2012-08-23 09:54:28 +01:00
			`$id=$_GET['id'];`
Fixed security issue as noticed by xyz 2012-08-24 19:34:41 +01:00
			`if (is_numeric($id)==false){`
			`SQLerror("Non Integer","Non integers are not allowed in the id field. <br /> <a href=\"index.php\">Back to home</a>");`
			`}`

Database interaction for database.mods 2012-08-23 09:54:28 +01:00			`$res = mysql_query("SELECT * FROM mods WHERE mod_id=$id",$handle) or SQLerror("MySQL Query Error","Error on searching database.mods.mod_id for '$id'");`
			`$row = mysql_fetch_row($res) or die("row error");`
			`$page_title="View mod - {$row[1]}";`

Added seperate file for page header 2012-08-23 00:03:02 +01:00			`include "scripts/pageheader.php";`
Did some BBCode formating, and fixed security issue 2012-08-25 12:26:03 +01:00			`include "scripts/formatcode.php";`
Database interaction for database.mods 2012-08-23 09:54:28 +01:00
Did load including: footer, tabs, new editentry.php and user.php 2012-08-25 23:36:52 +01:00			`if (is_member_moderator($_SESSION['user']) \|\| $_SESSION['user']==$row[3]){`
			`$links="<a href=\"editentry.php?id=$id\">Edit</a>";`
			`}else{`
			`$links="";`
			`}`

			`echo "<table width=\"100%\"><tr bgcolor=\"#FFFFBD\"><td><a href=\"{$row[9]}\">Download</a></td><td>";`
changed more stuff added -main index -searcher -post viewer 2012-08-24 16:47:53 +01:00			`echo "<h1 align=center>{$row[1]} - by <a href=\"user.php?name={$row[3]}\">{$row[3]}</a></h1></td>";`
			`echo "<td width=100>{$row[2]}</td></tr>";`
Did load including: footer, tabs, new editentry.php and user.php 2012-08-25 23:36:52 +01:00			`echo "<tr><td colspan=3><p>".formatbb($row[4])."</p></td><tr>";`
			`echo "<tr height=30 bgcolor=\"#FFFFBD\"><td colspan=3 style=\"text-align:right;\">$links </td></tr>";`
changed more stuff added -main index -searcher -post viewer 2012-08-24 16:47:53 +01:00
			`include "scripts/loadposts.php";`
Did load including: footer, tabs, new editentry.php and user.php 2012-08-25 23:36:52 +01:00
			`include "scripts/pagefooter.php";`
			`?>`