Topic: Making arcade accessible for guests

Hit me if that was asked before. ^_^
In a previous arcade, it was possible from the admin panel to make it accessible to guests (but they can't play though). For the one I have now (the one with stats), it doesn't have such an option. I am posting arcade.php and arcade_play.php here, would you please point what piece of the code will I have to change in order to make it possible for guests to "see" the arcade instead of getting a "you do not have permission to access this page"?
Thank you!

Arcade.php:

<?php

/***********************************************************************
  This file is part of PunArcade Mod for PunBB.
  http://www.punres.org/desc.php?pid=228
************************************************************************/

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
require PUN_ROOT.'lang/'.$pun_user['language'].'/arcade.php';

$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_arcade['Arcade'].' / '.$lang_arcade['Games Index'];

if ($pun_user['g_read_board'] == '0')
    message($lang_common['No view']);

if (!function_exists('generate_config_cache'))
    require PUN_ROOT.'include/cache.php';
if ($pun_user['is_guest'] && $pun_config['pam_guest_list'] == 0)
    message($lang_common['No permission']);

require PUN_ROOT.'header.php';

?>
<div class="linkst">
    <div class="inbox">
    <p class="pagelink conl"></p>
        <ul><li><a href="./index.php"><? echo $lang_common['Index'] ?></a> </li><li>» <? echo $lang_arcade['Games Index'] ?></li></ul>
        <div class="clearer"></div>
    </div>
</div>

<?php
$result = $db->query('SELECT shortname, name, description, img_ext FROM '.$db->prefix.'arcade_games ORDER BY disp_position, shortname') or error('Unable to fetch games', __FILE__, __LINE__, $db->error());
while($line = $db->fetch_assoc($result))
    {
    $result2 = $db->query('SELECT r.player, r.score, u.username FROM '.$db->prefix.'arcade_ranking r, '.$db->prefix.'users u WHERE r.game="'.$line['shortname'].'" AND u.id=r.player ORDER BY r.score DESC LIMIT 1') or error('Unable to fetch scores info', __FILE__, __LINE__, $db->error());
    $resultat = $db->fetch_assoc($result2);
        $h_score = ($resultat['score']) ? $lang_arcade['Best Score'].'<strong>'.$resultat['score'].'</strong> ('.$lang_arcade['Made By'].' <strong>'.$resultat['username'].'</strong>)' : ' ';
?>
    <div class="blockform">
        <h2><span><? echo $line['name'] ?></span></h2>
    <div class="box"><div class="inbox" style="padding:5px;">
<!--    <p style="float:left; text-align:left; clear:left; width:auto; padding: 0 1em 1em 0;"> -->
    <a href="arcade_play.php?g=<? echo $line['shortname'] ?>" title="<? echo $lang_arcade['Play'] ?>"><img src="./games/images/<? echo $line['shortname'].'.'.$line['img_ext']; ?>" alt="<? echo $line['name'] ?>" style="float:left;padding:0 3px 0 3px;" /></a>
<!--    </p> -->
    <ul>
    <li>
    <a href="arcade_play.php?g=<? echo $line['shortname'] ?>" title="<? echo $lang_arcade['Play'] ?>"><? echo $lang_arcade['Play To'] ?> "<? echo $line['name'] ?>"</a></li>
    <li><a href="arcade_ranking.php?g=<? echo $line['shortname'] ?>" title="<? echo $lang_arcade['Scores Board'] ?>"><? echo $lang_arcade['View Scores'] ?></a></li><li> </li><li><? echo $h_score ?></li>
    </ul>
    </div>
    <div class="box" style="padding:5px; margin:4px;"><p style="float:left; text-align:left; clear:left; width:auto; padding: 0 1em 1em 0;"><p><i><? echo $line['description'] ?></i></p></div></div></div>
<?php
    }
?>
    <div class="linksb">
        <div class="inbox">
        <p class="pagelink conl"></p>
        <ul><li><a href="./index.php"><? echo $lang_common['Index'] ?></a> </li><li>» <? echo $lang_arcade['Games Index'] ?></li></ul>
        <div class="clearer"></div>
    </div>
</div>

<?php

require PUN_ROOT.'footer.php';

Arcade_play.php:

<?php

/***********************************************************************
  This file is part of PunArcade Mod for PunBB.
  http://www.punres.org/desc.php?pid=228
************************************************************************/

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
require PUN_ROOT.'lang/'.$pun_user['language'].'/arcade.php';

if ($pun_user['g_read_board'] == '0')
    message($lang_common['No view']);

if (!function_exists('generate_config_cache'))
    require PUN_ROOT.'include/cache.php';
if ($pun_user['is_guest'] && $pun_config['pam_guest_play'] == 0)
    message($lang_common['No permission']);

$shortname = $_GET['g'];

if(!isset($_GET['g']) || empty($_GET['g']))
    message($lang_common['Bad request']);

$result = $db->query('SELECT shortname, name, description, img_ext FROM '.$db->prefix.'arcade_games WHERE shortname = "'.$shortname.'"') or error('Unable to fetch games', __FILE__, __LINE__, $db->error());
if(mysql_num_rows($result) <= 0)
    message($lang_common['Bad request']);
$line = $db->fetch_assoc($result);

$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_arcade['Arcade'].' / '.$lang_arcade['Play To'].' '.$line['name'];

require PUN_ROOT.'header.php';

?>
<div class="linkst">
    <div class="inbox">
    <p class="pagelink conl"></p>
        <ul><li><a href="./index.php"><? echo $lang_common['Index'] ?></a> </li><li>» <a href="./arcade.php"><? echo $lang_arcade['Games Index'] ?></a> </li><li>» <? echo $lang_arcade['Play To'].' '.$line['name']; ?></li></ul>
        <div class="clearer"></div>
    </div>
</div>

<div class="blockform">
    <h2><span><? echo $line['name'] ?></span></h2>
    <div class="box">
        <div class="inbox" style="padding:5px;">
            <ul>
            <li><b><? echo $lang_arcade['How To Play']; ?></b></li>
            <li><? echo $line['description'] ?></li>
            <li><b><? echo $lang_arcade['Remember Score Validation'] ?></b></li>
            </ul>
        </div>
    </div>
</div>
<?php
$result = $db->query('SELECT * FROM '.$db->prefix.'arcade_ranking WHERE game = "'.$line['shortname'].'" AND player = "'.$pun_user['id'].'"') or error('Unable to fetch scores info', __FILE__, __LINE__, $db->error());
if(mysql_num_rows($result) <= 0)
{
?>
    <div class="blockform">
        <h2><span><? echo $lang_arcade['Not Played This Game Yet'] ?></span></h2>
<?php
}
else
{
    $line2 = $db->fetch_assoc($result);
?>
    <div class="blockform">
        <h2><span><? echo $lang_arcade['Your Best Score'] ?> <strong><? echo $line2['score'] ?></strong></span></h2>
<?php
}
?>
    <div class="box">
        <div class="inbox" style="padding:5px;text-align:center;">
            <embed name="arcade_jeux_pun" src="./games/<? echo $line['shortname'] ?>.swf" width="550" height="400" quality="high" menu="false" swliveconnect="true" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed>
            <noembed><? echo str_replace('%version%','<a href="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" target="_blank">Flash 5</a>',$lang_arcade['Need Plugin To Play']); ?></noembed>
        </div>
        <div class="inbox" style="padding:5px;text-align:center;">
            <a href="arcade_play.php?g=<? echo $line['shortname'] ?>" title="<? echo $lang_arcade['Replay'] ?>"><? echo $lang_arcade['Replay'] ?></a> - <a href="arcade_ranking.php?g=<? echo $line['shortname'] ?>" title="<? echo $lang_arcade['This Game Ranking'] ?>"><? echo $lang_arcade['This Game Ranking'] ?></a>
        </div>
    </div>
</div>

<div class="linkst">
    <div class="inbox">
    <p class="pagelink conl"></p>
        <div class="clearer"></div>
        <ul><li><a href="./index.php"><? echo $lang_common['Index'] ?></a> </li><li>» <a href="./arcade.php"><? echo $lang_arcade['Games Index'] ?></a> </li><li>» <? echo $lang_arcade['Play To'].' '.$line['name']; ?></li></ul>
    </div>
</div>

<?php
require PUN_ROOT.'footer.php';

Thank you!

If you do what you've always done, you'll get what you've always gotten.

Re: Making arcade accessible for guests

if ($pun_user['is_guest'] && $pun_config['pam_guest_list'] == 0)
    message($lang_common['No permission']);

It looks to me like the code is already in place.

Re: Making arcade accessible for guests

This code displays a "non permission" page, right?
What I want is to delete that. I thought I had to do something more than delete that part of the code in order to let guests see the arcade.

If you do what you've always done, you'll get what you've always gotten.

Re: Making arcade accessible for guests

Look at the code. It displays that message if the user is a guest AND the option to let them see the list is on. So, there is an option already.

Re: Making arcade accessible for guests

It would be too stupid if it worked and I still asked wink.
Have a look at this: http://speakmoroccan.com/forum/arcade.php
You can't see the games, can you?

If you do what you've always done, you'll get what you've always gotten.

Re: Making arcade accessible for guests

Yes. Which means $pun_config['pam_guest_list'] is set to 0. The code is already in place to let you configure your arcade to display to guests (and to let them play if you want, as a matter of fact). You just have it turned off.

Re: Making arcade accessible for guests

Sorry, my bad! Posted the wrong files sad
Here are the correct ones:

Arcade.php

<?php


session_name("arcade_games");
session_start();

// Session first run?
if (!isset($_SESSION['firsttime']))
{
    // Set defaults
    $_SESSION['firsttime'] = true;
    $_SESSION['cat']=0;
    $_SESSION['nump']=25;
    $_SESSION['search']='';
    $_SESSION['rsearch']='game_name';
    $_SESSION['page']=0;
    $_SESSION['sorto']='DESC';
    $_SESSION['sortby']='game_id';
    //$sqlquery = '';
}
else
{
    // no first run, use post or request
    if (isset($_POST['nump'])) $_SESSION['nump']=$_POST['nump'];
    if (isset($_POST['cat'])) $_SESSION['cat']=$_POST['cat'];
    if (isset($_POST['search'])) $_SESSION['search']=$_POST['search'];
    if (isset($_POST['rsearch'])) $_SESSION['rsearch']=$_POST['rsearch'];
    if (isset($_REQUEST['page'])) $_SESSION['page']=$_REQUEST['page'];
    if (isset($_POST['sorto'])) $_SESSION['sorto']=$_POST['sorto'];
    if (isset($_POST['sortby'])) $_SESSION['sortby']=$_POST['sortby'];
}

// Define local vars
$s_nump = $_SESSION['nump'];
$s_cat = $_SESSION['cat'];
$s_search = $_SESSION['search'];
$s_rsearch = $_SESSION['rsearch'];
$s_page = $_SESSION['page'];
$s_sorto = $_SESSION['sorto'];
$s_sortby = $_SESSION['sortby'];
$sqlquery = '';

if (!defined('PUN_ROOT')) define('PUN_ROOT','./');

require PUN_ROOT.'include/common.php';
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Arcade Games';
require PUN_ROOT.'lang/'.$pun_user['language'].'/arcade.php';
require PUN_ROOT.'header.php';

if (!function_exists('generate_config_cache'))
    require PUN_ROOT.'include/cache.php';
    
if ($pun_config['arcade_live'] == '0')
    message($lang_arcade['arcade disabled']);
    
    
if (!$pun_user['is_guest'])
{
    // Fetch total game count
    $result = $db->query('SELECT COUNT(game_id) FROM '.$db->prefix.'arcade_games') or error('Unable to fetch total game count', __FILE__, __LINE__, $db->error());
    $num_games = $db->result($result);

    
    // Arcade Statistic Block?>
    <div class="blockform">
    <h2><span><?echo 'Arcade Games ('.$lang_arcade['number games'].' '.$num_games.')'?></span></h2>
        <div class="box">
        <?// Newest games?>
        <table cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">            
        <tr style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
            <td valign="top" width="20%">
            <fieldset>
            <legend align="left"> <?echo ''.$lang_arcade['new_games'].''?> </legend><p></p>
            
            <?// Get latest games
            $result2 = $db->query('SELECT game_id, game_name, game_image FROM '.$db->prefix.'arcade_games ORDER BY game_id DESC LIMIT '.$pun_config['arcade_numnew'].'') or error('Unable to get latest games', __FILE__, __LINE__, $db->error());
            $i = 1;
            while($line = $db->fetch_assoc($result2))
            {
                echo '<img align="top" src="games/images/_'.$line['game_image'].'" /></a> <a href="arcade_play.php?id='.$line['game_id'].'">'.$line['game_name'].'</a><p></span>';
                $i++;
            }
            ?><p></p>
            </td></fieldset>


            <?// King of Highscore images?>
            <td valign="top" width="60%">
            <fieldset>
            <legend align="left"> <?echo ''.$lang_arcade['highscore_champs'].''?> </legend><p></p>
            <div class="box" style="padding:10px;">
            <table cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
            <tr style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
            <td class="alt2" align="center" nowrap="nowrap" valign="middle" width="33%" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><b><img src="./img/arcade/king1.gif" alt="1" title=""></b></td>
            <td class="alt2" align="center" nowrap="nowrap" valign="middle" width="33%" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><b><img src="./img/arcade/king2.gif" alt="2" title=""></b></td>
            <td class="alt2" align="center" nowrap="nowrap" valign="middle" width="33%" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><b><img src="./img/arcade/king3.gif" alt="3" title=""></b></td>
            </tr>
    
            <?// Count all Highscores per user, display the king of the highscores
            $sql = 'SELECT id,username, COUNT(*) AS count_top FROM '.$db->prefix.'arcade_ranking INNER JOIN '.$db->prefix.'users ON ('.$db->prefix.'users.id = '.$db->prefix.'arcade_ranking.rank_player) WHERE '.$db->prefix.'arcade_ranking.rank_topscore = 1 GROUP BY '.$db->prefix.'arcade_ranking.rank_player ORDER BY count_top DESC LIMIT 3';
            $query = $db->query($sql) or error("Impossible to collect highscores per user.", __FILE__, __LINE__, $db->error());
            $i = 1;
            while($line = $db->fetch_assoc($query))
            {
                echo '<td width="33%" align="center" nowrap="nowrap" valign="middle" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><strong><span style="text-decoration:blink"><a href="arcade_userstats.php?id='.$line['id'].'" title="'.$lang_arcade['view_stats'].'">'.$line['username'].'</a></strong></span><br/>'.$lang_arcade['with'].' <b>'.$line['count_top'].'</b> '.$lang_arcade['highscores'].'</td>';
                $i++;
            }?>
    
            </table>
            </div>
            <p></p><p></p>
            <div class="box" style="padding: 0px 7px 7px 7px;">
    
            <?// Find the latest Highscores    
            $sql = 'SELECT game_name, game_id, rank_topscore, username, id, rank_date, rank_score FROM '.$db->prefix.'arcade_ranking, '.$db->prefix.'arcade_games, '.$db->prefix.'users WHERE rank_topscore = 1 AND rank_game = game_filename AND '.$db->prefix.'users.id = rank_player GROUP BY game_name ORDER BY rank_date DESC LIMIT '.$pun_config['arcade_numchamps'].'';
            $query = $db->query($sql) or error("Impossible to select the latest highscores.", __FILE__, __LINE__, $db->error());
            $i = 1;
            while($line = $db->fetch_assoc($query))
            {
                // Display the latest Highscores    
                echo '<table cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><td style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">   <p><a href="arcade_userstats.php?id='.$line['id'].'" title="'.$lang_arcade['view_stats'].'">'.$line['username'].'</a> '.$lang_arcade['is_the_new'].' <i><a href="arcade_play.php?id='.$line['game_id'].'">'.$line['game_name'].'</a></i> '.$lang_arcade['champion'].'.</td><td align="right" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "> ('.format_time($line['rank_date']).')</p>   </td></table>';
                $i++;
            }?>
            </div>
            <p></p>
            </fieldset>
            
            <p></p>
            <div class="box" align="center" style="padding:7px;">
            <?// Find last score
            $sql = 'SELECT game_name, username, rank_date, rank_score, id, game_id FROM '.$db->prefix.'arcade_ranking, '.$db->prefix.'arcade_games, '.$db->prefix.'users WHERE rank_game = game_filename AND '.$db->prefix.'users.id = rank_player GROUP BY rank_date ORDER BY rank_date DESC LIMIT 1';
            $query = $db->query($sql) or error("Impossible to select the latest score.", __FILE__, __LINE__, $db->error());
            $line = $db->fetch_assoc($query)?>
            
            <?echo ''.$lang_arcade['newest_score'].''?> <a href="arcade_userstats.php?id=<?echo ''.$line['id'].''?>" title="<?echo ''.$lang_arcade['view_stats'].''?>"><i><?echo ''.$line['username'].''?></i></a> <?echo ''.$lang_arcade['makes'].''?> <i><?echo ''.$line['rank_score'].''?></i> <?echo ''.$lang_arcade['points_at'].''?> <i><a href="arcade_play.php?id=<?echo ''.$line['game_id'].''?>"><?echo ''.$line['game_name'].''?></a></i>
            </div>

            
            <?// Most played games ?>
            </td>
            <td nowrap="nowrap" valign="top" width="20%">
            <fieldset>
            <legend align="left"> <?echo ''.$lang_arcade['most_played'].''?> </legend><p></p>
            
            <?// Find most played games
            $result3 = $db->query('SELECT game_id, game_name, game_played, game_image FROM '.$db->prefix.'arcade_games ORDER BY game_played DESC LIMIT '.$pun_config['arcade_mostplayed'].'') or error('Unable to get most played games', __FILE__, __LINE__, $db->error());
            $i = 1;
            while($line = $db->fetch_assoc($result3))
            {
                // Display most played games
echo '<span><a href="arcade_play.php?id='.$line['game_id'].'" title="'.$lang_arcade['played'].' '.$line['game_played'].'"><img align="top" src="games/images/_'.$line['game_image'].'" /></a> <a href="arcade_play.php?id='.$line['game_id'].'" title="'.$lang_arcade['played'].' '.$line['game_played'].'">'.$line['game_name'].' ('.$line['game_played'].')</a><p></span>';                $i++;
            }?>
            <p></p>
            </fieldset>
            
            <?// Get random game and statistic
            $result6 = $db->query('SELECT game_id, game_name,game_image FROM '.$db->prefix.'arcade_games GROUP BY game_name order by RAND() LIMIT 1') or error('Unable to fetch total game count', __FILE__, __LINE__, $db->error());
            $randg = $db->fetch_assoc($result6);?>
            <p><fieldset>
            <legend align="left"><?echo $lang_arcade['randomg']?></legend><p></p>
            <table cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
            <td width="45%" valign="top" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
            <a href="arcade_play.php?id=<?echo $randg['game_id']?>" title="<?echo $lang_arcade['Pic Click']?>"><img src="games/images/<?echo $randg['game_image']?>" /></a><p></td>
            <td align="left" valign="" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><a href="arcade_play.php?id=<?echo $randg['game_id']?>"><?echo $randg['game_name']?></a></td>
            </table>
            </fieldset>
            </td>
        </tr>
        </table>
        </div>
    </div>    
            
    <?// Define search query
    if (strlen($s_search)>0) $sqlquery .= " WHERE {$s_rsearch} LIKE '%{$s_search}%'";
    // Did we use a category or the search box?
    if ($s_cat>0)
    {
        if (strlen($s_search)>0)
        {
            $sqlquery .= " AND game_cat = {$s_cat} ORDER BY game_name {$s_sorto}";
        }
        else
        {
            $sqlquery .= " WHERE game_cat = {$s_cat} ORDER BY game_name {$s_sorto}";
        }
    }
    else
    {
        $sqlquery .= " ORDER BY {$s_sortby} {$s_sorto}";
    }?>
    
    
    <?// Show/hide Filter Block?>    
    <script language="javascript">
    <!--
        var state = 'none';
        function showhide(layer_ref) 
        {
            if (state == 'block') 
            {
                state = 'none';
            }
            else 
            {
                state = 'block';
            }
        if (document.all) 
            { //IS IE 4 or 5 (or 6 beta)
                eval( "document.all." + layer_ref + ".style.display = state");
            }
        if (document.layers) 
            { //IS NETSCAPE 4 or below
                document.layers[layer_ref].display = state;
            }
        if (document.getElementById &&!document.all) 
            {
                hza = document.getElementById(layer_ref);
                hza.style.display = state;
            }
        }
    //-->
    </script>

    <?// Filter Block.?>    

    <div style="padding: 5px 5px 5px 5px; border:none;" class="box">
        <fieldset>
            <legend><a style="text-decoration:none; border:none;" href="javascript:void(0)" onclick="showhide('div3');"><?echo $lang_arcade['filter']?></a></legend>
            <div class="infldset" id="div3" style="display:none;">
                <form method="post" action="<?echo $_SERVER['PHP_SELF']?>" enctype="multipart/form-data">
                    <table cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
                    <tr>
                        <td valign="top" align="left" width="20%" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><?echo $lang_arcade['numgames']?><p>
                        <select id="nump" name="nump">
                        <option value="10" <?if ($s_nump == 10) echo ' selected="selected"'?>>10</option>
                        <option value="25" <?if ($s_nump == 25) echo ' selected="selected"'?>>25</option>
                        <option value="50" <?if ($s_nump == 50) echo ' selected="selected"'?>>50</option>
                        <option value="100" <?if ($s_nump == 100) echo ' selected="selected"'?>>100</option>
                        </select><p>
                        <input type="radio" name="sorto" value="ASC" <?if ($s_sorto == 'ASC') { echo ' checked'; }?> />
                         <?echo $lang_arcade['asc']?> 
                        <input type="radio" name="sorto" value="DESC" <?if ($s_sorto == 'DESC') { echo ' checked'; }?> />
                         <?echo $lang_arcade['desc']?>
                        </td>
                        <td valign="top" align="left" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><?echo $lang_arcade['sortby']?><p>
                        <select id="sortby" name="sortby">
                        <option value="game_name" <?if ($s_sortby == 'game_name') echo ' selected="selected"'?>><?echo $lang_arcade['name']?></option>
                        <option value="game_id" <?if ($s_sortby == 'game_id') echo ' selected="selected"'?>><?echo $lang_arcade['date']?></option>
                        </select><p>
                        </td>
                        <td valign="top" align="left" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><?echo $lang_arcade['category']?><p>
                        <select id="cat" name="cat">
                        <option value="0" <?if ($s_cat == 0) echo ' selected="selected"'?>><?echo $lang_arcade['all cat']?></option>
                        <option value="1" <?if ($s_cat == 1) echo ' selected="selected"'?>><?echo $lang_arcade['cat1']?></option>
                        <option value="2" <?if ($s_cat == 2) echo ' selected="selected"'?>><?echo $lang_arcade['cat2']?></option>
                        <option value="3" <?if ($s_cat == 3) echo ' selected="selected"'?>><?echo $lang_arcade['cat3']?></option>
                        <option value="4" <?if ($s_cat == 4) echo ' selected="selected"'?>><?echo $lang_arcade['cat4']?></option>
                        <option value="5" <?if ($s_cat == 5) echo ' selected="selected"'?>><?echo $lang_arcade['cat5']?></option>
                        <option value="6" <?if ($s_cat == 6) echo ' selected="selected"'?>><?echo $lang_arcade['cat6']?></option>
                        <option value="7" <?if ($s_cat == 7) echo ' selected="selected"'?>><?echo $lang_arcade['cat7']?></option>
                        <option value="8" <?if ($s_cat == 8) echo ' selected="selected"'?>><?echo $lang_arcade['cat8']?></option>
                        <option value="9" <?if ($s_cat == 9) echo ' selected="selected"'?>><?echo $lang_arcade['cat9']?></option>
                        </select>
                        </td>
                        <td valign="top" align="left" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; "><?echo $lang_arcade['search']?><p>
                        <input type="text" id="search" name="search" size="20" maxlength="100" value="<?echo pun_htmlspecialchars($s_search);?>" />
                          
                        <p><input type="radio" name="rsearch" value="game_name" <?if ($s_rsearch == 'game_name') { echo ' checked'; }?> />
                         <?echo $lang_arcade['gname']?> 
                        <input type="radio" name="rsearch" value="game_desc" <?if ($s_rsearch == 'game_desc') { echo ' checked'; }?> />
                         <?echo $lang_arcade['gdesc']?>
                        </td>
                    </tr>
                    <tr>
                        <td valign="bottom" colspan="5" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
                        <input type="hidden" name="page" value="0" />
                        <br><p><input type="submit" name="filter" value="<?echo $lang_arcade['start']?>" />      <input name="filter" type="submit" onClick="nump.value='25';cat.value='0';search.value='';rsearch.value='game_name';elements[5].checked = true;elements[2].checked = true;sortby.value='game_id';window.location='<?echo $_SERVER['PHP_SELF']?>';" value="<?echo $lang_arcade['reset']?>" />
                        </td>
                    </tr>
                    </table>
                </form>
            </div>
        </fieldset>
    </div>    

    <?// Fetch game count and generate pages, after using filter
    $result = $db->query('SELECT COUNT(game_id) FROM '.$db->prefix.'arcade_games '.$sqlquery) or error('Unable to fetch filter count', __FILE__, __LINE__, $db->error());
    $num_games2 = $db->result($result);
    $currec = $s_page * $s_nump;
    $kolvop = ceil($num_games2 / $s_nump);
    $cp = ($kolvop == 0? 1 : $kolvop);
    $nump = $s_nump;

    // Generate page links
     if ($cp>1)
        {
            echo '<p>', $lang_common['Pages'],':';
            for ($i=1;$i<=$cp;$i++)
            if (($i-1)==$s_page) echo " $i ";
            else echo ' <a href="'.$_SERVER['PHP_SELF'].'?page='.($i-1).'">'.$i.'</a> ';
        }
        echo '<p>';
        

    // Output Games, highscores, description?>
    <div class="blockform">
        <h2><span><?echo ''.$lang_arcade['Arcade Games'].'';?></span></h2>
        <div class="box">
            <div class="inbox">
                <table cellspacing="0">
                <thead>
                    <tr>
                        <th class="tc2" scope="col" width="25%" nowrap="nowrap"><?echo $lang_arcade['Games']?></th>
                        <th class="tc2" scope="col" width="25%" nowrap="nowrap"><?echo $lang_arcade['highscores']?></th>
                        <th class="tc3" scope="col" width="25%" nowrap="nowrap"><?echo $lang_arcade['Your highscore']?></th>
                        <th class="tcr" scope="col" width="25%" ><?echo $lang_arcade['How to play']?></th>
                    </tr>
                </thead>
                <tbody>

        <?// Filter query
        $result = $db->query('SELECT * FROM '.$db->prefix.'arcade_games '.$sqlquery." LIMIT $currec,$nump") or error("Impossible to filter games", __FILE__, __LINE__, $db->error());
        while($line = $db->fetch_assoc($result))
        {
            // Find Top Highscore of each game        
            $sql2 = 'SELECT rank_player, rank_score, username, id FROM '.$db->prefix.'arcade_ranking, '.$db->prefix.'users WHERE rank_game = "'.$line['game_filename'].'" AND '.$db->prefix.'users.id = '.$db->prefix.'arcade_ranking.rank_player ORDER BY rank_score DESC LIMIT 1';
            $query = $db->query($sql2) or error("Impossible to find the topscore of each game", __FILE__, __LINE__, $db->error());
            $resultat = $db->fetch_assoc($query);
            if (($resultat['rank_score']) && ($pun_config['arcade_showtop'] > 0))
                $h_score = ''.$lang_arcade['Top highscore'].'<strong>'.$resultat['rank_score'].'</strong> '.$lang_arcade['by'].' <i><a href="profile.php?id='.$resultat['id'].'"> '.$resultat['username'].'</a></i><p> '.$lang_arcade['Your highscore'].': <strong>'.$resultat['rank_score'].'</strong><p>'.$lang_arcade['played'].' <strong>'.$line['game_played'].'</strong>';
            else
                $h_score = ' ';
                echo '<thead>
                    <tr>
                    <td class="tc1" scope="col" width="25%" ><table style="padding: 0px 0px 0px 0px; border:none; "><tr style="padding: 0px 0px 0px 0px; border:none; ">
                    <td style="padding: 0px 0px 0px 0px; border:none; " align="left" width="50"><a href="arcade_play.php?id='.$line['game_id'].'" title="'.$lang_arcade['Pic Click'].'"><img src="games/images/'.$line['game_image'].'" alt="'.$line['game_name'].'" /></a></td>
                    <td style="padding: 0px 0px 0px 0px; border:none; " align="left">'.$lang_arcade['Play'].': "<a href="arcade_play.php?id='.$line['game_id'].'" title="'.$lang_arcade['Pic Click'].'">'.$line['game_name'].'</a>"<p><p>
'.$lang_arcade['played'].' <strong>'.$line['game_played'].'</strong></td>
                    </tr>
                    </table></td>
                    <td class="tc2" scope="col" width="25%" nowrap="nowrap">';
                    if ($resultat['rank_score'] > 0) {
                        echo''.$lang_arcade['Top highscore'].'<strong>'.$resultat['rank_score'].'</strong><br />
<i> '.$lang_arcade['by'].' <strong><a href="arcade_userstats.php?id='.$resultat['id'].'" title="'.$lang_arcade['view_stats'].'">'.$resultat['username'].'</a></i></strong><p />
<a href="arcade_ranking.php?id='.$line['game_id'].'">'.$lang_arcade['View Highscore'].'</a>'; } else { echo ''.$lang_arcade['Top highscore'].'<strong> N/A'; } echo '</td>
                        <td class="tc2" scope="col" width="25%" nowrap="nowrap">';
                        // Find best score of user
                        $result21 = $db->query('SELECT rank_score, game_id, game_name, game_played FROM '.$db->prefix.'arcade_ranking, '.$db->prefix.'arcade_games WHERE rank_game = "'.$line['game_filename'].'" AND rank_player = "'.$pun_user['id'].'"') or error('Unable to fetch scores info', __FILE__, __LINE__, $db->error());

            // if(mysql_num_rows($result21) <= 0)
            // Fix for MySQL 4
            $resultatt = $db->fetch_assoc($result21);
            if($resultatt <= 0)
                { 
                    echo $lang_arcade['Not played yet'];
                }
            else
                {
                    $line21 = $db->fetch_assoc($result21);
                    echo $lang_arcade['Your highscore'],': ' ?><strong><? echo $line21['rank_score'] ?></strong><?
                }
            echo '</td>
            <td class="tc1" scope="col" width="25%" ><i>'.$line['game_desc'].'</i></td>
            </tr>
            </thead>';
        }?>
                </tbody>
                </table>
            </div>
        </div>
    </div>


    <?// Generate page links
     if ($cp>1)
        {
            echo $lang_common['Pages'],':';
            for ($i=1;$i<=$cp;$i++)
            if (($i-1)==$s_page) echo " $i ";
            else echo ' <a href="'.$_SERVER['PHP_SELF'].'?page='.($i-1).'">'.$i.'</a> ';
        }
        echo '<p>';
        
    require PUN_ROOT.'footer.php';
}

else
    message($lang_common['No permission']);

arcade_play.php

<?php

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';
require PUN_ROOT.'lang/'.$pun_user['language'].'/arcade.php';

if (!function_exists('generate_config_cache'))
    require PUN_ROOT.'include/cache.php';
    
if ($pun_user['is_guest'])
    message($lang_common['No permission']);

$game_name = $_GET['id'];

if(!isset($_GET['id']) || empty($_GET['id']))
    message($lang_common['Bad request']);

$result = $db->query('SELECT * FROM '.$db->prefix.'arcade_games WHERE game_id = "'.$game_name.'"') or error('Unable to fetch games', __FILE__, __LINE__, $db->error());
// some servers return an error: http://de.php.net/mysql_num_rows , if so, try the following ...
// $result = $db->query('SELECT * FROM '.$db->prefix.'arcade_games WHERE game_id = "'.$game_name.'"') or die ("<p class=err>Error - Query failed: ".mysql_error()."</p>");

// if(mysql_num_rows($result) <= 0)
$line = $db->fetch_assoc($result);
if ($line['game_id'] <= 0)
    message($lang_common['Bad request']);


$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Arcade / '.$line['game_name'];

require PUN_ROOT.'header.php';

?>

<div class="blockform">
    <h2><span><b><?echo $line['game_name'],' - ' ?></b> <? echo $lang_arcade['How to play'] ?></span></h2>
    <div class="box">
        <div class="inbox" style="padding:5px;">
            <ul>
            <li><? echo $line['game_desc']?></li>
            </ul>
        </div>
    </div>
</div>
<?php

// Set games played +1
$sql = 'UPDATE '.$db->prefix.'arcade_games SET game_played = game_played+1 WHERE game_id = "'.$game_name.'"';
$query = $db->query($sql) or error("Impossible to update game_played", __FILE__, __LINE__, $db->error());
// Find Highscore of the game
$sql2 = 'SELECT rank_player, rank_score, username, id FROM '.$db->prefix.'arcade_ranking, '.$db->prefix.'users WHERE rank_game = "'.$line['game_filename'].'" AND '.$db->prefix.'users.id = '.$db->prefix.'arcade_ranking.rank_player ORDER BY rank_score DESC LIMIT 1';
$query = $db->query($sql2) or error("Impossible to find the topscore of each game", __FILE__, __LINE__, $db->error());
$result2 = $db->fetch_assoc($query);

// Find Best score of user
$result = $db->query('SELECT rank_score, game_id, game_name, game_width, game_height, game_played FROM '.$db->prefix.'arcade_ranking, '.$db->prefix.'arcade_games WHERE rank_game = "'.$line['game_filename'].'" AND rank_player = "'.$pun_user['id'].'"') or error('Unable to fetch scores info', __FILE__, __LINE__, $db->error());

// if(mysql_num_rows($result) <= 0)
// Fix for MySQL 4
$resultatt = $db->fetch_assoc($result);
if($resultatt <= 0)
{

// We have no highscore
?>
    <div class="blockform">
    <h2>
    <table cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
    <td width="33%" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
        <span><? echo $lang_arcade['Not played'] ?></span>
    </td>
    <td width="33%" align="middle" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
        <span align="right"><? echo $lang_arcade['Top highscore'] ?> <strong> <? echo $result2['rank_score'] ?> </strong> <? if($result2['rank_score'] > 0) echo $lang_arcade['by'], ' '?> <i> <? echo $result2['username']?></i></span>
    </td>    
    <td width="33%" align="right" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
        <span align="right"><? echo $lang_arcade['played']?> <strong> <? echo $line['game_played'] ?><strong></span>
    </td>
    </table>
    </h2>
    
<?php
}
else
{
    $line2 = $db->fetch_assoc($result);
    
// We have a highscore
?>

<div class="blockform">
    <h2>
    <table cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
    <td width="33%" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
        <span><? echo $lang_arcade['Your highscore'],': ' ?> <strong><? echo $line2['rank_score'] ?></strong></span>
    </td>
    <td width="33%" align="middle" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
        <span align="right"><? echo $lang_arcade['Top highscore'] ?> <strong> <? echo $result2['rank_score'] ?> </strong> <? echo $lang_arcade['by'], ' '?> <i> <? echo $result2['username']?></i></span>
    </td>    
    <td width="33%" align="right" cellspacing="0" style="padding: 0px 0px 0px 0px; margin-top: 0px; margin-left: 0px; margin-right: 0px; margin-bottom: 0px; border:none; ">
        <span align="right"><? echo $lang_arcade['played']?> <strong> <? echo $line['game_played'] ?><strong></span>
    </td>
    </table>
    </h2>

<?php
}
?>
    <div class="box">
        <div class="inbox" style="padding:5px;text-align:center;">
            <embed name="arcade_games_punbb" src="./games/<? echo $line['game_filename'] ?>.swf" width=<? echo $line['game_width']?> height=<? echo $line['game_height']?> quality="high" menu="false" swliveconnect="true" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></embed>
            <noembed><? echo str_replace('%version%','<a href="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" target="_blank">Flash 5</a>',$lang_arcade['Need Plugin To Play']); ?></noembed>
        </div>
        <div class="inbox" style="padding:5px;text-align:center;">
            <a href="arcade.php" title="<? echo $lang_arcade['Back to'] ?>"><? echo $lang_arcade['Back to'] ?></a> - <a href="arcade_play.php?id=<? echo $line['game_id'] ?>" title="<? echo $lang_arcade['Restart game'] ?>"><? echo $lang_arcade['Restart game'] ?></a> - <a href="arcade_ranking.php?id=<? echo $line['game_id'] ?>" title="<? echo $lang_arcade['View Highscore'] ?>"><? echo $lang_arcade['View Highscore'] ?></a>
        </div>
    </div>
</div>

<?php
require PUN_ROOT.'footer.php';
If you do what you've always done, you'll get what you've always gotten.

Re: Making arcade accessible for guests

Ugh. That code is insecure to the extreme (as is the other version). hmm
Anyways, in arcade.php, find

if (!$pun_user['is_guest'])

and replace it with

if (1==1)

Re: Making arcade accessible for guests

Insecure? :S What do I risk?
And thanks!

If you do what you've always done, you'll get what you've always gotten.

Re: Making arcade accessible for guests

arcade_play.php and arcade.php look like they're full of SQL injects. I haven't looked for anything else.

Re: Making arcade accessible for guests

You know, I am a php-ignorant. I just wanted an arcade and installed what was available.

If you do what you've always done, you'll get what you've always gotten.