bug to disable logins

4 files changed, 28 insertions, 8 deletions

diff --git a/src/admin/user.php b/src/admin/user.php
index adde9db..4bcb264 100644
--- a/src/admin/user.php
+++ b/src/admin/user.php
@@ -49,6 +49,19 @@ if (isset($_POST["username"]) && isset($_POST["userfullname"]) && isset($_POST["
 	$param['type'] = htmlspecialchars($_POST["usertype"]);
 	$param['permitip'] = htmlspecialchars($_POST["userip"]);
 	$param['contest'] = $_SESSION["usertable"]["contestnumber"];
+/*
+	$param['user'] = myhtmlspecialchars($_POST["usernumber"]);
+	$param['site'] = myhtmlspecialchars($_POST["usersitenumber"]);
+	$param['username'] = myhtmlspecialchars($_POST["username"]);
+	$param['usericpcid'] = myhtmlspecialchars($_POST["usericpcid"]);
+	$param['enabled'] = myhtmlspecialchars($_POST["userenabled"]);
+	$param['multilogin'] = myhtmlspecialchars($_POST["usermultilogin"]);
+	$param['userfull'] = unsanitizeText($_POST["userfullname"]); //myhtmlspecialchars($_POST["userfullname"]);
+	$param['userdesc'] = unsanitizeText($_POST["userdesc"]); //myhtmlspecialchars($_POST["userdesc"]);
+	$param['type'] = myhtmlspecialchars($_POST["usertype"]);
+	$param['permitip'] = myhtmlspecialchars($_POST["userip"]);
+*/
+
 
 	$passcheck = htmlspecialchars($_POST["passwordo"]);
 	$a = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"], null, false);
diff --git a/src/fcontest.php b/src/fcontest.php
index a698fd3..380442a 100644
--- a/src/fcontest.php
+++ b/src/fcontest.php
@@ -443,14 +443,16 @@ function DBSiteEndNow ($contest, $site, $w=0) {
 	return true;
 }
 function DBSiteLogins ($contest, $site, $logins) {
-	$s = DBSiteInfo($contest, $site);
+	if(($s = DBSiteInfo($contest, $site)) == null)
+		LOGError("DBSiteLogins: cant read site (contest=$contest,site=$site)");
+
 	$param = $s;
 	$param['contestnumber']=$contest;
 	$param['sitenumber']=$site;
 	$param['sitepermitlogins']=$logins;
 	unset($param['updatetime']);
 	DBUpdateSite ($param);
-	LOGLevel("Site logins=$logins (contest=$contest)",2);
+	LOGLevel("Site logins=$logins (contest=$contest,site=$site)",2);
 }
 function DBSiteDeleteAllClars ($contest, $site, $user, $usersite, $c=null) {
 	$cw=false;
@@ -591,10 +593,6 @@ function DBUpdateSite ($param,$c=null) {
 			}
 		}
 	}
-	$t = time();
-	if($updatetime <= 0)
-		$updatetime=$t;
-
 	if ($siteautoend != "t" && $siteautoend != "") $siteautoend = "f";
 	if ($siteactive != "t" && $siteactive != "") $siteactive = "f";
 	if ($siteautojudge != "t" && $siteautojudge != "") $siteautojudge = "f";
@@ -609,7 +607,6 @@ function DBUpdateSite ($param,$c=null) {
 		$docommit=true;
 	}
 	$a = DBGetRow ("select * from sitetable where contestnumber=$contestnumber and sitenumber=$sitenumber", 0, $c);
-	$ret=1;
 	if ($a == null) {
 		$ret=2;
 		$param['number']=$sitenumber;
@@ -622,6 +619,10 @@ function DBUpdateSite ($param,$c=null) {
 			return false;
 		}
 	}
+	$t = time();
+	if($updatetime <= 0)
+		$updatetime=$t;
+	$ret=1;
 	if($updatetime > $a['updatetime']) {
 		$ret=2;
 		if($sitenextrun==0)
diff --git a/src/globals.php b/src/globals.php
index 1d07ba1..b179bd5 100755
--- a/src/globals.php
+++ b/src/globals.php
@@ -108,6 +108,11 @@ function sanitizeText($text, $doamp=true)
     return $text; 
 }
 
+function unsanitizeText($text) {
+    $text = str_replace("&amp;", "&", $text);
+	return $text;
+}
+
 array_walk_recursive($_FILES, 'sanitizeVariables'); 
 array_walk_recursive($_POST, 'sanitizeVariables'); 
 array_walk_recursive($_GET, 'sanitizeVariables'); 
diff --git a/src/score/header.php b/src/score/header.php
index 69cf6e5..662a1bf 100644
--- a/src/score/header.php
+++ b/src/score/header.php
@@ -58,7 +58,8 @@ echo "<img src=\"../images/smallballoontransp.png\" alt=\"\">";
 echo "<font color=\"#000000\">BOCA</font>";
 echo "</td><td bgcolor=\"#cc9966\" width=\"99%\">\n";
 echo "Username: " . $_SESSION["usertable"]["userfullname"] . " (site=".$_SESSION["usertable"]["usersitenumber"].")<br>\n";
-list($clockstr,$clocktype)=siteclock();
+//list($clockstr,$clocktype)=siteclock(); // THIS IS SLOW, WE NEED A BETTER OPTION
+$clockstr='';
 echo "</td><td bgcolor=\"#cc9966\" align=center nowrap>&nbsp;".$clockstr."&nbsp;</td></tr>\n";
 echo "</table>\n";
 if(!isset($_SESSION["scorenomenu"]) || !$_SESSION["scorenomenu"]) {