When i edit user, it says that i didn't fill out every form when i did. Heres the code..
<?php
include "sglobals.php";
//This contains user stuffs
switch($_GET['action'])
{
case 'newuser': new_user_form(); break;
case 'newusersub': new_user_submit(); break;
case 'edituser': edit_user_begin(); break;
case 'edituserform': edit_user_form(); break;
case 'editusersub': edit_user_sub(); break;
case 'invbeg': inv_user_begin(); break;
case 'invuser': inv_user_view(); break;
case 'deleinv': inv_delete(); break;
case 'creditform': credit_user_form(); break;
case 'creditsub': credit_user_submit(); break;
case 'masscredit': mcredit_user_form(); break;
case 'masscreditsub': mcredit_user_submit(); break;
case 'reportsview': reports_view(); break;
case 'repclear': report_clear(); break;
case 'deluser': deluser(); break;
case 'forcelogout': forcelogout(); break;
default: print "Error: This script requires an action."; break;
}
function htmlspcl($in)
{
return str_replace("'", "'", htmlspecialchars($in));
}
function new_user_form()
{
global $db,$ir, $c;
if($ir['user_level'] != 2)
{
die("403");
}
print "Adding a new user.
<form action='staff_users.php?action=newusersub' method='post'>
Username: <input type='text' name='username' />
Login Name: <input type='text' name='login_name' />
Email: <input type='text' name='email' />
Password: <input type='text' name='userpass' />
Type: <input type='radio' name='user_level' value='0' />NPC <input type='radio' name='user_level' value='1' checked='checked' />Regular Member
Level: <input type='text' name='level' value='1' />
Money: <input type='text' name='money' value='100' />
Crystals: <input type='text' name='crystals' value='0' />
Donator Days: <input type='text' name='donatordays' value='0' />
Gender: <select name='gender' type='dropdown'><option>Male</option><option>Female</option></select>
[b]Stats[/b]
Strength: <input type='text' name='strength' value='10' />
Agility: <input type='text' name='agility' value='10' />
Guard: <input type='text' name='guard' value='10' />
Labour: <input type='text' name='labour' value='10' />
IQ: <input type='text' name='labour' value='10' />
<input type='submit' value='Create User' /></form>";
}
function new_user_submit()
{
global $db,$ir,$c,$userid;
if($ir['user_level'] != 2)
{
die("403");
}
if(!isset($_POST['username']) || !isset($_POST['login_name']) || !isset($_POST['userpass']))
{
print "You missed one or more of the required fields. Please go back and try again.
[url='admin.php?action=newuser']> Back[/url]";
$h->endpage();
exit;
}
$level=abs((int) $_POST['level']);
$money=abs((int) $_POST['money']);
$crystals=abs((int) $_POST['crystals']);
$donator=abs((int) $_POST['donatordays']);
$ulevel=abs((int) $_POST['user_level']);
$strength=abs((int) $_POST['strength']);
$agility=abs((int) $_POST['agility']);
$guard=abs((int) $_POST['guard']);
$labour=abs((int) $_POST['labour']);
$iq=abs((int) $_POST['iq']);
$energy=10+$level*2;
$brave=3+$level*2;
$hp=50+$level*50;
$db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney) VALUES( '{$_POST['username']}', '{$_POST['login_name']}', md5('{$_POST['userpass']}'), $level, $money, $crystals, $donator, $ulevel, $energy, $energy, 100, 100, $brave, $brave, $hp, $hp, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1)");
$i=mysql_insert_id($c);
$db->query("INSERT INTO userstats VALUES($i, $strength, $agility, $guard, $labour, $iq)");
print "User created!";
stafflog_add("Created user {$_POST['username']} [$i]");
}
function edit_user_begin()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] != 2)
{
die("403");
}
print "<h3>Editing User</h3>
You can edit any aspect of this user.
<form action='staff_users.php?action=edituserform' method='post'>
User: ".user_dropdown($c,'user')."
<input type='submit' value='Edit User' /></form>
OR enter a user ID to edit:
<form action='staff_users.php?action=edituserform' method='post'>
User: <input type='text' name='user' value='0' />
<input type='submit' value='Edit User' /></form>";
}
function edit_user_form()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] != 2)
{
die("403");
}
$d=$db->query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us on u.userid=us.userid WHERE u.userid={$_POST['user']}");
$itemi=$db->fetch_row($d);
$itemi['hospreason']=htmlspcl($itemi['hospreason']);
$itemi['jail_reason']=htmlspcl($itemi['jail_reason']);
print "<h3>Editing User</h3>
<form action='staff_users.php?action=editusersub' method='post'>
<input type='hidden' name='userid' value='{$_POST['user']}' />
Username: <input type='text' name='username' value='{$itemi['username']}' />
Login Name: <input type='text' name='login_name' value='{$itemi['login_name']}' />
Duties: <input type='text' name='duties' value='{$itemi['duties']}' />
Staff Notes: <input type='text' name='staffnotes' value='{$itemi['staffnotes']}' />
Level: <input type='text' name='level' value='{$itemi['level']}' />
Money: \$<input type='text' name='money' value='{$itemi['money']}' />
Bank: \$<input type='text' name='bankmoney' value='{$itemi['bankmoney']}' />
Cyber Bank: \$<input type='text' name='cybermoney' value='{$itemi['cybermoney']}' />
Crystals: <input type='text' name='crystals' value='{$itemi['crystals']}' />
Mail Ban: <input type='text' name='mailban' value='{$itemi['mailban']}' />
Mail Ban Reason: <input type='text' name='mb_reason' value='{$itemi['mb_reason']}' />
Forum Ban: <input type='text' name='forumban' value='{$itemi['forumban']}' />
Forum Ban Reason: <input type='text' name='fb_reason' value='{$itemi['fb_reason']}' />
Hospital time: <input type='text' name='hospital' value='{$itemi['hospital']}' />
Hospital reason: <input type='text' name='hospreason' value='{$itemi['hospreason']}' />
Jail time: <input type='text' name='jail' value='{$itemi['jail']}' />
Jail reason: <input type='text' name='jail_reason' value='{$itemi['jail_reason']}' />
House: ".house2_dropdown($c, "maxwill", $itemi['maxwill'])."
<h4>Stats</h4>
Strength: <input type='text' name='strength' value='{$itemi['strength']}' />
Agility: <input type='text' name='agility' value='{$itemi['agility']}' />
Guard: <input type='text' name='guard' value='{$itemi['guard']}' />
Labour: <input type='text' name='labour' value='{$itemi['labour']}' />
IQ: <input type='text' name='IQ' value='{$itemi['IQ']}' />
<input type='submit' value='Edit User' /></form>";
}
function edit_user_sub()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] != 2)
{
die("403");
}
$go=0;
if(!isset($_POST['level'])) { $go=1; }
if(!isset($_POST['money'])) { $go=1; }
if(!isset($_POST['bankmoney'])) { $go=1; }
if(!isset($_POST['crystals'])) { $go=1; }
if(!isset($_POST['strength'])) { $go=1; }
if(!isset($_POST['agility'])) { $go=1; }
if(!isset($_POST['guard'])) { $go=1; }
if(!isset($_POST['labour'])) { $go=1; }
if(!isset($_POST['IQ'])) { $go=1; }
if(!isset($_POST['username'])) { $go=1; }
if(!isset($_POST['login_name'])) { $go=1; }
if($go)
{
print "You did not fully fill out the form.";
$_POST['user']=$_POST['userid'];
edit_user_form();
}
else
{
$_POST['level']=(int) $_POST['level'];
$_POST['strength']=abs((int) $_POST['strength']);
$_POST['agility']=abs((int) $_POST['agility']);
$_POST['guard']=abs((int) $_POST['guard']);
$_POST['labour']=abs((int) $_POST['labour']);
$_POST['IQ']=abs((int) $_POST['IQ']);
$_POST['money']=(int) $_POST['money'];
$_POST['bankmoney']=(int) $_POST['bankmoney'];
$_POST['cybermoney']=(int) $_POST['cybermoney'];
$_POST['crystals']=(int) $_POST['crystals'];
$_POST['mailban']=(int) $_POST['mailban'];
$_POST['forumban']=(int) $_POST['forumban'];
$maxwill=abs((int) $_POST['maxwill']);
//check for username usage
$u=$db->query("SELECT * FROM users WHERE username='{$_POST['username']}' and userid != {$_POST['userid']}");
if($db->num_rows($u) != 0)
{
print "That username is in use, choose another.";
print "
[url='admin.php?action=edituser']> Back[/url]";
$h->endpage();
exit;
}
$oq=$db->query("SELECT * FROM users WHERE userid={$_POST['userid']}");
$rm=$db->fetch_row($oq);
$will=($rm['will'] > $maxwill) ? $maxwill: $rm['will'];
$energy=10+$_POST['level']*2;
$nerve=3+$_POST['level']*2;
$hp=50+$_POST['level']*50;
$db->query("UPDATE users SET username='{$_POST['username']}', level={$_POST['level']}, money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve, maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']}, jail={$_POST['jail']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', forumban={$_POST['forumban']}, fb_reason='{$_POST['fb_reason']}', hospreason='{$_POST['hospreason']}', jail_reason='{$_POST['jail_reason']}', login_name='{$_POST['login_name']}', will=$will, maxwill=$maxwill WHERE userid={$_POST['userid']}");
$db->query("UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']}, guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']} WHERE userid={$_POST['userid']}");
stafflog_add("Edited user {$_POST['username']} [{$_POST['userid']}]");
print "User edited....";
} }
function deluser()
{
global $ir,$c,$h,$userid,$db;
if($ir['user_level'] != 2)
{
die("403");
}
$undeletable = array('1','2'); // add more IDs here, such as NPCs
switch ($_GET['step'])
{
default:
echo "<h3>Deleteing User</h3>
Here you can delete a user.
<form action='staff_users.php?action=deluser&step=2' method='post'>
User: ".user_dropdown($c,'user')."
<input type='submit' value='Delete User' /></form>
OR enter a user ID to Delete:
<form action='staff_users.php?action=deluser&step=2' method='post'>
User: <input type='text' name='user' value='0' />
<input type='submit' value='Delete User' /></form>";
break;
case 2:
$target = $_POST['user'];
if (!is_numeric($target)) exit;
if (in_array($target,$undeletable)) {
die('You cannot delete this person.');
}
$d=$db->query("SELECT username FROM users WHERE userid='$target'");
$itemi=$db->fetch_row($d);
print "<h3>Confirm</h3>
Delete user ".$itemi["username"]."?
<form action='staff_users.php?action=deluser&step=3' method='post'>
<input type='hidden' name='userid' value='$target' />
<input type='submit' name='yesorno' value='Yes' />
<input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_users.php?action=deluser';\" /></form>";
break;
case 3:
$target = $_POST['userid'];
if (!is_numeric($target)) exit;
if (in_array($target,$undeletable)) {
die('You cannot delete this person.');
}
if($_POST['yesorno']=='No')
{
die("User not deleted.
[url='staff_users.php?action=deluser']>Back to main Delete Users page.[/url]");
}
if ($_POST['yesorno'] != ("No" || "Yes")) die('Eh');
$d=$db->query("SELECT username FROM users WHERE userid='$target'");
$itemi=$db->fetch_row($d);
$db->query("DELETE FROM users WHERE userid='$target'");
$db->query("DELETE FROM userstats WHERE userid='$target'");
$db->query("DELETE FROM inventory WHERE inv_userid='$target'");
$db->query("DELETE FROM fedjail WHERE fed_userid='$target'");
echo "User {$itemi['username']} Deleted.
[url='staff_users.php?action=deluser']>Back to main Delete Users page.[/url]";
stafflog_add("Deleted User {$itemi['username']} [{$_POST['userid']}]");
break;
}
}
function inv_user_begin()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 3)
{
die("403");
}
print "<h3>Viewing User Inventory</h3>
You may browse this user's inventory.
<form action='staff_users.php?action=invuser' method='post'>
User: ".user_dropdown($c,'user')."
<input type='submit' value='View Inventory' /></form>";
}
function inv_user_view()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 3)
{
die("403");
}
$d=$db->query("SELECT username FROM users WHERE userid='{$_POST['user']}'");
$un=$db->fetch_single($d);
$inv=$db->query("SELECT iv.*,i.*,it.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid WHERE iv.inv_userid={$_POST['user']}");
if ($db->num_rows($inv) == 0)
{
print "[b]This person has no items![/b]";
}
else
{
print "[b]Their items are listed below.[/b]
<table width=100%><tr style='background-color:gray;'><th>Item</th><th>Sell Value</th><th>Total Sell Value</th><th>Links</th></tr>";
while($i=$db->fetch_row($inv))
{
print "<tr><td>{$i['itmname']}";
if ($i['inv_qty'] > 1)
{
print " x{$i['inv_qty']}";
}
print "</td><td>\${$i['itmsellprice']}</td><td>";
print "$".($i['itmsellprice']*$i['inv_qty']);
print "</td><td>[[url='staff_users.php?action=deleinv&ID={$i[']Delete[/url]]";
print "</td></tr>";
}
print "</table>";
}
stafflog_add("Viewed user {$un} [{$_POST['user']}] inventory");
}
function inv_delete()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 3)
{
die("403");
}
$db->query("DELETE FROM inventory WHERE inv_id={$_GET['ID']}");
print "Item deleted from inventory.";
stafflog_add("Deleted inventory ID {$_GET['ID']}");
}
function credit_user_form()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 3)
{
die("403");
}
print "<h3>Crediting User</h3>
You can give a user money/crystals.
<form action='staff_users.php?action=creditsub' method='post'>
User: ".user_dropdown($c,'user')."
Money: <input type='text' name='money' /> Crystals: <input type='text' name='crystals' />
<input type='submit' value='Credit User' /></form>";
}
function credit_user_submit()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 3)
{
die("403");
}
$_POST['money'] = (int) $_POST['money'];
$_POST['crystals'] = (int) $_POST['crystals'];
$db->query("UPDATE users u SET money=money+{$_POST['money']}, crystals=crystals+{$_POST['crystals']} WHERE u.userid={$_POST['user']}");
print "User credited.";
$d=$db->query("SELECT username FROM users WHERE userid='{$_POST['user']}'");
$un=$db->fetch_single($d);
stafflog_add("Credited $un [{$_POST['user']}] \${$_POST['money']} and/or {$_POST['crystals']} crystals.");
}
function mcredit_user_form()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 2)
{
die("403");
}
print "<h3>Mass Payment</h3>
You can give all users money/crystals.
<form action='staff_users.php?action=masscreditsub' method='post'>
Money: <input type='text' name='money' /> Crystals: <input type='text' name='crystals' />
<input type='submit' value='Credit User' /></form>";
}
function mcredit_user_submit()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 2)
{
die("403");
}
$_POST['money'] = (int) $_POST['money'];
$_POST['crystals'] = (int) $_POST['crystals'];
$db->query("UPDATE users u SET money=money+{$_POST['money']}, crystals=crystals+{$_POST['crystals']}");
print "All Users credited. Click [url='staff.php?action=announce']here to add an announcement[/url] or [url='staff_special.php?action=massmailer']here to send a mass mail[/url] explaining why.";
stafflog_add("Credited all users \${$_POST['money']} and/or {$_POST['crystals']} crystals.");
}
function reports_view()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 3)
{
die("403");
}
print "<h3>Player Reports</h3>
<table width=80%><tr style='background:gray'><th>Reporter</th> <th>Offender</th> <th>What they did</th> <th> </th> </tr>";
$q=$db->query("SELECT pr.*,u1.username as reporter, u2.username as offender FROM preports pr LEFT JOIN users u1 ON u1.userid=pr.prREPORTER LEFT JOIN users u2 ON u2.userid=pr.prREPORTED ORDER BY pr.prID DESC");
while($r=$db->fetch_row($q))
{
print "\n<tr> <td>[url='viewuser.php?u={$r[']{$r['reporter']}[/url] [{$r['prREPORTER']}]</td> <td>[url='viewuser.php?u={$r[']{$r['offender']}[/url] [{$r['prREPORTED']}]</td> <td>{$r['prTEXT']}</td> <td>[url='staff_users.php?action=repclear&ID={$r[']Clear[/url]</td> </tr>";
}
print "</table>";
}
function forcelogout()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 2)
{
die("403");
}
$_POST['userid'] = abs((int) $_POST['userid']);
if($_POST['userid'])
{
$db->query("UPDATE users SET force_logout=1 WHERE userid={$_POST['userid']}");
print "User ID {$_POST['userid']} successfully forced to logout.";
stafflog_add("Forced User ID {$_POST['userid']} to logout");
}
else
{
print "<h3>Force User Logout</h3><hr />
The user will be automatically logged out next time he/she makes a hit to the site.<form action='staff_users.php?action=forcelogout' method='post'>
User: ".user_dropdown($c, 'userid')."
<input type='submit' value='Force User to Logout' /></form>";
}
}
function report_clear()
{
global $db,$ir,$c,$h,$userid;
if($ir['user_level'] > 3)
{
die("403");
}
$_GET['ID'] = abs((int) $_GET['ID']);
stafflog_add("Cleared player report ID {$_GET['ID']}");
$db->query("DELETE FROM preports WHERE prID={$_GET['ID']}");
print "Report cleared and deleted!
[url='staff_users.php?action=reportsview']> Back[/url]";
}
$h->endpage();
?>
Any help is much appreciated
