Added icons, help, and fixed various bugs

help/about.php

@@ -0,0 +1,17 @@
+<?php
+include "../scripts/setup.php";
+$page_title="Index - Help";
+include "../scripts/pageheader.php";
+?>
+
+<h1>Help</h1>
+
+<ul>
+<li><a href="entries.php">Adding an Entry</a></li>
+<li><a href="markup.php">Description Markup</a></li>
+<li><a href="tags.php">Entry Tags</a></li>
+</ul>
+
+<?php
+include "../scripts/pagefooter.php";
+?>

scripts/entry_adders_sql_safe.php

@@ -1,8 +1,8 @@
 <?php
-$name=mysql_real_escape_string($name);
+$name=mysql_real_escape_string(str_replace("'","",str_replace("\"","",$name)));
 $version=mysql_real_escape_string($version);
 $owner=mysql_real_escape_string($owner);
-$desc=mysql_real_escape_string($desc);
+$desc=mysql_real_escape_string(str_replace("'","",str_replace("\"","",$desc)));
 $tags=mysql_real_escape_string($tags);
 $license=mysql_real_escape_string($license);
 $file=mysql_real_escape_string($file);
@@ -10,5 +10,5 @@ $depend=mysql_real_escape_string($depend);
 $basename=mysql_real_escape_string($basename);
 $mmmrt=mysql_real_escape_string($mmmrt);
 $mmmrel=mysql_real_escape_string($mmmrel);
-$overview=mysql_real_escape_string($overview);
+$overview=mysql_real_escape_string(str_replace("'","",str_replace("\"","",$overview)));
 ?>

scripts/formatcode.php

@@ -2,6 +2,10 @@
 function formatbb($input){
 $result=$input;
 
+$result=str_replace("\\'","'",$result);
+$result=str_replace("\\'","'",$result);
+$result=str_replace("\\'","'",$result);
+$result=str_replace("\\'","'",$result);
 $result=str_replace("\\'","'",$result);
 
 $result=str_replace("[img]","<img style=\"max-width:850px;\" src=\"",$result);

scripts/loadmods.php

@@ -40,8 +40,13 @@ while ($hash = mysql_fetch_assoc($res)){
       }
       // End of Phitherek_' s code
 
+      $image="images/topicicon_read.jpg";
+      
+      if ($hash['icon'])
+          $image="icon/".$hash['icon'];
+
       // Owner name instead of id (by Phitherek_)
-      echo "<tr bgcolor=\"$bgcolor\"><td width=16><img width=16 height=16 src=\"images/topicicon_read.jpg\" /></td><td><a href=\"viewmod.php?id={$hash['mod_id']}\">{$hash['name']}</a><br />by $name</td>";
+      echo "<tr bgcolor=\"$bgcolor\"><td width=16><img width=16 height=16 src=\"$image\" /></td><td><a href=\"viewmod.php?id={$hash['mod_id']}\">{$hash['name']}</a><br />by $name</td>";
       // End of Phitherek_' s change
       $overview=str_replace("\\'","'",$hash['overview']);
       echo "<td>$overview</td>";

scripts/pageheader.php

@@ -25,7 +25,7 @@
 
 <div id="userbar" style="text-align:right;position:relative;left:710px;top:55px;width:180px;height=30px;"><?php
 if (is_logged_in()){
-   echo $_SESSION['user']." - <a href=\"$serverpath/logout.php\"><font color=\"#FFFFFF\"><u>Log Out</u></font></a>";
+   echo "<a href=\"$serverpath/user.php?id=".getUserId($_SESSION['user'],$handle)."\"><font color=\"#FFFFFF\"><u>".$_SESSION['user']."</u></font></a> - <a href=\"$serverpath/logout.php\"><font color=\"#FFFFFF\"><u>Log Out</u></font></a>";
 }else{
    echo "<a href=\"$serverpath/login.php\"><font color=\"#FFFFFF\"><u>Login</u></font></a> - ";
    echo "<a href=\"$serverpath/signup.php\"><font color=\"#FFFFFF\"><u>Sign Up</u></font></a>";

viewmod.php

@@ -45,15 +45,15 @@ $links="";
 }
 
 
-echo "<table width=\"900\"><tr><td>";
-echo "<table width=\"900\" bgcolor=\"#FFFFBD\"><tr><td width=\"100\"><a href=\"{$row[9]}\">Download</a></td>";
+echo "<table width=\"900\"><tr><td>\n";
+echo "<table width=\"900\" bgcolor=\"#FFFFBD\"><tr><td width=\"100\"><a href=\"{$row[9]}\">Download</a></td>\n";
 
-echo "<td width=\"650\">";    // Download Link
-echo "<h1 align=center>{$row[1]} - by <a href=\"user.php?id={$row[3]}\">{$owner}</a></h1></td>";  // Title and User Link
+echo "<td width=\"650\">\n";    // Download Link
+echo "<h1 align=center>{$row[1]} - by <a href=\"user.php?id={$row[3]}\">{$owner}</a></h1></td>\n";  // Title and User Link
 
-echo "<td width=\"25\">{$row[2]}</td></tr></table></td></tr>"; // Version
+echo "<td width=\"25\">{$row[2]}</td></tr></table></td></tr>\n"; // Version
 
-echo "<tr><td><table width=\"900\"><tr><td><div style=\"width:870px;text-wrap: suppress;\"><p>".formatbb($row[4])."</p></div></td>"; // Description
+echo "<tr><td><table width=\"900\"><tr><td><div style=\"width:870px;text-wrap: suppress;\"><p>".formatbb($row[4])."</p></div></td>\n"; // Description
 
 if (is_logged_in()==true){
   $like_ext="";
@@ -65,9 +65,32 @@ if (is_logged_in()==true){
 }else{
   echo "<td></td></tr>";   // Likes
 }
-echo "</table></td></tr>";
+echo "</table></td></tr>\n";
 
-echo "<tr height=30 bgcolor=\"#FFFFBD\"><td style=\"text-align:right;\">$links&#32;&#32;&#32;&#32;</td></tr>";
+echo "<tr height=30 bgcolor=\"#FFFFBD\"><td style=\"text-align:right;\">$links&#32;&#32;&#32;&#32;</td></tr>\n";
+
+if (!($row[23]=="")){
+echo "<tr><td><br />Recommended Mods<br /></td></tr><tr></tr><tr height=\"80\"><td>\n";
+echo "<table height=\"80\"><tr>";
+
+$rec=explode(",",$row[23]);
+
+for ($i=0;$i<count($rec);$i++){
+    $id_i = $rec[$i];
+    if (is_numeric($id)){
+       $mod_i = mysql_query("SELECT * FROM mods WHERE mod_id=$id_i",$handle) or SQLerror("MySQL Query Error","Error on searching database.mods.mod_id for '$id_i'");
+       $row_i = mysql_fetch_row($mod_i) or SQLerror("Row Error","No results where found for a mod with the id $id_i");
+       $image = "images/topicicon_read.jpg";
+       
+       if ($row_i[20])
+          $image="icon/".$row_i[20];
+
+       echo "<td style=\"text-align:center;\"><a href=\"viewmod.php?id=$id_i\"><img height=100 width=100 src=\"$image\" title=\"{$row_i[1]}\" /></a><br /><b>{$row_i[1]}</b></td>";
+    }
+}
+
+echo "</tr></table></td></tr>";
+}
 
 include "scripts/loadposts.php";