Error: Ban ID cannot be longer than 16 characters
"; $error=true; } if (strlen($banid) < 16) { echo "
Error: Ban ID cannot be shorter than 16 characters
"; $error=true; } if (preg_match("#[^][A-Za-z0-9]#", $banid)) { echo "
Error: Ban ID contains invalid characters
"; $error=true; } if (strlen($banreason) > 100) { echo "
Error: Ban reason cannot be longer than 100 characters
"; $error=true; } if (strlen($whyunban) > 2000) { echo "
Error: Why do you think you should be unbanned cannot be longer than 2000 characters
"; $error=true; } if (!$error) { ini_set('display_errors',1); error_reporting(E_ALL | E_STRICT); // webbanappeal has read-only access to bans table, nothing else. It can only be accessed in localhost. Publishing password to git is fine. $con = mysqli_connect("localhost","webbanappeal","UpUOZhRf5WLAy920wbDqyAKLySHl677juGgL","friends"); if (!$con) { echo "
Failed to connect to database: " . mysqli_connect_error(); echo "
"; $error=true; } $sanitized_banid = mysqli_real_escape_string($con, $banid); if ($result = mysqli_query($con, "SELECT `banid` FROM `bans` WHERE `banid` = '$sanitized_banid'")) { if (mysqli_num_rows($result) == 0) { echo "Error: There is no ban with the specified ban ID. Did you enter it correctly?
"; $error=true; } else { // Free result set mysqli_free_result($result); } } mysqli_close($con); } //must not be else if, as error variable may be set above if ($error) { echo ""; } else { echo "
Opening your ban appeal...
"; $newcontent = file_get_contents("/var/www/html/template/index.html"); $newcontent=str_replace("Replace this line", "Ban Appeal
Ban ID
$banid
Ban Reason
$banreason
Why do you think you should be unbanned?
$whyunban
Staff Reply
None yet.
", $newcontent); if (!file_exists("/var/www/html/appeal/view/$banid.html")) { $handle = fopen("/var/www/html/appeal/view/$banid.html","w+"); fwrite($handle,$newcontent); fclose($handle); } echo ""; } ?>