ALITTLEweird Posted August 4, 2009 Posted August 4, 2009 When i edit user, it says that i didn't fill out every form when i did. Heres the code.. <?php include "sglobals.php"; //This contains user stuffs switch($_GET['action']) { case 'newuser': new_user_form(); break; case 'newusersub': new_user_submit(); break; case 'edituser': edit_user_begin(); break; case 'edituserform': edit_user_form(); break; case 'editusersub': edit_user_sub(); break; case 'invbeg': inv_user_begin(); break; case 'invuser': inv_user_view(); break; case 'deleinv': inv_delete(); break; case 'creditform': credit_user_form(); break; case 'creditsub': credit_user_submit(); break; case 'masscredit': mcredit_user_form(); break; case 'masscreditsub': mcredit_user_submit(); break; case 'reportsview': reports_view(); break; case 'repclear': report_clear(); break; case 'deluser': deluser(); break; case 'forcelogout': forcelogout(); break; default: print "Error: This script requires an action."; break; } function htmlspcl($in) { return str_replace("'", "'", htmlspecialchars($in)); } function new_user_form() { global $db,$ir, $c; if($ir['user_level'] != 2) { die("403"); } print "Adding a new user. <form action='staff_users.php?action=newusersub' method='post'> Username: <input type='text' name='username' /> Login Name: <input type='text' name='login_name' /> Email: <input type='text' name='email' /> Password: <input type='text' name='userpass' /> Type: <input type='radio' name='user_level' value='0' />NPC <input type='radio' name='user_level' value='1' checked='checked' />Regular Member Level: <input type='text' name='level' value='1' /> Money: <input type='text' name='money' value='100' /> Crystals: <input type='text' name='crystals' value='0' /> Donator Days: <input type='text' name='donatordays' value='0' /> Gender: <select name='gender' type='dropdown'><option>Male</option><option>Female</option></select> [b]Stats[/b] Strength: <input type='text' name='strength' value='10' /> Agility: <input type='text' name='agility' value='10' /> Guard: <input type='text' name='guard' value='10' /> Labour: <input type='text' name='labour' value='10' /> IQ: <input type='text' name='labour' value='10' /> <input type='submit' value='Create User' /></form>"; } function new_user_submit() { global $db,$ir,$c,$userid; if($ir['user_level'] != 2) { die("403"); } if(!isset($_POST['username']) || !isset($_POST['login_name']) || !isset($_POST['userpass'])) { print "You missed one or more of the required fields. Please go back and try again. [url='admin.php?action=newuser']> Back[/url]"; $h->endpage(); exit; } $level=abs((int) $_POST['level']); $money=abs((int) $_POST['money']); $crystals=abs((int) $_POST['crystals']); $donator=abs((int) $_POST['donatordays']); $ulevel=abs((int) $_POST['user_level']); $strength=abs((int) $_POST['strength']); $agility=abs((int) $_POST['agility']); $guard=abs((int) $_POST['guard']); $labour=abs((int) $_POST['labour']); $iq=abs((int) $_POST['iq']); $energy=10+$level*2; $brave=3+$level*2; $hp=50+$level*50; $db->query("INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, bankmoney) VALUES( '{$_POST['username']}', '{$_POST['login_name']}', md5('{$_POST['userpass']}'), $level, $money, $crystals, $donator, $ulevel, $energy, $energy, 100, 100, $brave, $brave, $hp, $hp, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1)"); $i=mysql_insert_id($c); $db->query("INSERT INTO userstats VALUES($i, $strength, $agility, $guard, $labour, $iq)"); print "User created!"; stafflog_add("Created user {$_POST['username']} [$i]"); } function edit_user_begin() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } print "<h3>Editing User</h3> You can edit any aspect of this user. <form action='staff_users.php?action=edituserform' method='post'> User: ".user_dropdown($c,'user')." <input type='submit' value='Edit User' /></form> OR enter a user ID to edit: <form action='staff_users.php?action=edituserform' method='post'> User: <input type='text' name='user' value='0' /> <input type='submit' value='Edit User' /></form>"; } function edit_user_form() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } $d=$db->query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us on u.userid=us.userid WHERE u.userid={$_POST['user']}"); $itemi=$db->fetch_row($d); $itemi['hospreason']=htmlspcl($itemi['hospreason']); $itemi['jail_reason']=htmlspcl($itemi['jail_reason']); print "<h3>Editing User</h3> <form action='staff_users.php?action=editusersub' method='post'> <input type='hidden' name='userid' value='{$_POST['user']}' /> Username: <input type='text' name='username' value='{$itemi['username']}' /> Login Name: <input type='text' name='login_name' value='{$itemi['login_name']}' /> Duties: <input type='text' name='duties' value='{$itemi['duties']}' /> Staff Notes: <input type='text' name='staffnotes' value='{$itemi['staffnotes']}' /> Level: <input type='text' name='level' value='{$itemi['level']}' /> Money: \$<input type='text' name='money' value='{$itemi['money']}' /> Bank: \$<input type='text' name='bankmoney' value='{$itemi['bankmoney']}' /> Cyber Bank: \$<input type='text' name='cybermoney' value='{$itemi['cybermoney']}' /> Crystals: <input type='text' name='crystals' value='{$itemi['crystals']}' /> Mail Ban: <input type='text' name='mailban' value='{$itemi['mailban']}' /> Mail Ban Reason: <input type='text' name='mb_reason' value='{$itemi['mb_reason']}' /> Forum Ban: <input type='text' name='forumban' value='{$itemi['forumban']}' /> Forum Ban Reason: <input type='text' name='fb_reason' value='{$itemi['fb_reason']}' /> Hospital time: <input type='text' name='hospital' value='{$itemi['hospital']}' /> Hospital reason: <input type='text' name='hospreason' value='{$itemi['hospreason']}' /> Jail time: <input type='text' name='jail' value='{$itemi['jail']}' /> Jail reason: <input type='text' name='jail_reason' value='{$itemi['jail_reason']}' /> House: ".house2_dropdown($c, "maxwill", $itemi['maxwill'])." <h4>Stats</h4> Strength: <input type='text' name='strength' value='{$itemi['strength']}' /> Agility: <input type='text' name='agility' value='{$itemi['agility']}' /> Guard: <input type='text' name='guard' value='{$itemi['guard']}' /> Labour: <input type='text' name='labour' value='{$itemi['labour']}' /> IQ: <input type='text' name='IQ' value='{$itemi['IQ']}' /> <input type='submit' value='Edit User' /></form>"; } function edit_user_sub() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] != 2) { die("403"); } $go=0; if(!isset($_POST['level'])) { $go=1; } if(!isset($_POST['money'])) { $go=1; } if(!isset($_POST['bankmoney'])) { $go=1; } if(!isset($_POST['crystals'])) { $go=1; } if(!isset($_POST['strength'])) { $go=1; } if(!isset($_POST['agility'])) { $go=1; } if(!isset($_POST['guard'])) { $go=1; } if(!isset($_POST['labour'])) { $go=1; } if(!isset($_POST['IQ'])) { $go=1; } if(!isset($_POST['username'])) { $go=1; } if(!isset($_POST['login_name'])) { $go=1; } if($go) { print "You did not fully fill out the form."; $_POST['user']=$_POST['userid']; edit_user_form(); } else { $_POST['level']=(int) $_POST['level']; $_POST['strength']=abs((int) $_POST['strength']); $_POST['agility']=abs((int) $_POST['agility']); $_POST['guard']=abs((int) $_POST['guard']); $_POST['labour']=abs((int) $_POST['labour']); $_POST['IQ']=abs((int) $_POST['IQ']); $_POST['money']=(int) $_POST['money']; $_POST['bankmoney']=(int) $_POST['bankmoney']; $_POST['cybermoney']=(int) $_POST['cybermoney']; $_POST['crystals']=(int) $_POST['crystals']; $_POST['mailban']=(int) $_POST['mailban']; $_POST['forumban']=(int) $_POST['forumban']; $maxwill=abs((int) $_POST['maxwill']); //check for username usage $u=$db->query("SELECT * FROM users WHERE username='{$_POST['username']}' and userid != {$_POST['userid']}"); if($db->num_rows($u) != 0) { print "That username is in use, choose another."; print " [url='admin.php?action=edituser']> Back[/url]"; $h->endpage(); exit; } $oq=$db->query("SELECT * FROM users WHERE userid={$_POST['userid']}"); $rm=$db->fetch_row($oq); $will=($rm['will'] > $maxwill) ? $maxwill: $rm['will']; $energy=10+$_POST['level']*2; $nerve=3+$_POST['level']*2; $hp=50+$_POST['level']*50; $db->query("UPDATE users SET username='{$_POST['username']}', level={$_POST['level']}, money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve, maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']}, jail={$_POST['jail']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', forumban={$_POST['forumban']}, fb_reason='{$_POST['fb_reason']}', hospreason='{$_POST['hospreason']}', jail_reason='{$_POST['jail_reason']}', login_name='{$_POST['login_name']}', will=$will, maxwill=$maxwill WHERE userid={$_POST['userid']}"); $db->query("UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']}, guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']} WHERE userid={$_POST['userid']}"); stafflog_add("Edited user {$_POST['username']} [{$_POST['userid']}]"); print "User edited...."; } } function deluser() { global $ir,$c,$h,$userid,$db; if($ir['user_level'] != 2) { die("403"); } $undeletable = array('1','2'); // add more IDs here, such as NPCs switch ($_GET['step']) { default: echo "<h3>Deleteing User</h3> Here you can delete a user. <form action='staff_users.php?action=deluser&step=2' method='post'> User: ".user_dropdown($c,'user')." <input type='submit' value='Delete User' /></form> OR enter a user ID to Delete: <form action='staff_users.php?action=deluser&step=2' method='post'> User: <input type='text' name='user' value='0' /> <input type='submit' value='Delete User' /></form>"; break; case 2: $target = $_POST['user']; if (!is_numeric($target)) exit; if (in_array($target,$undeletable)) { die('You cannot delete this person.'); } $d=$db->query("SELECT username FROM users WHERE userid='$target'"); $itemi=$db->fetch_row($d); print "<h3>Confirm</h3> Delete user ".$itemi["username"]."? <form action='staff_users.php?action=deluser&step=3' method='post'> <input type='hidden' name='userid' value='$target' /> <input type='submit' name='yesorno' value='Yes' /> <input type='submit' name='yesorno' value='No' onclick=\"window.location='staff_users.php?action=deluser';\" /></form>"; break; case 3: $target = $_POST['userid']; if (!is_numeric($target)) exit; if (in_array($target,$undeletable)) { die('You cannot delete this person.'); } if($_POST['yesorno']=='No') { die("User not deleted. [url='staff_users.php?action=deluser']>Back to main Delete Users page.[/url]"); } if ($_POST['yesorno'] != ("No" || "Yes")) die('Eh'); $d=$db->query("SELECT username FROM users WHERE userid='$target'"); $itemi=$db->fetch_row($d); $db->query("DELETE FROM users WHERE userid='$target'"); $db->query("DELETE FROM userstats WHERE userid='$target'"); $db->query("DELETE FROM inventory WHERE inv_userid='$target'"); $db->query("DELETE FROM fedjail WHERE fed_userid='$target'"); echo "User {$itemi['username']} Deleted. [url='staff_users.php?action=deluser']>Back to main Delete Users page.[/url]"; stafflog_add("Deleted User {$itemi['username']} [{$_POST['userid']}]"); break; } } function inv_user_begin() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { die("403"); } print "<h3>Viewing User Inventory</h3> You may browse this user's inventory. <form action='staff_users.php?action=invuser' method='post'> User: ".user_dropdown($c,'user')." <input type='submit' value='View Inventory' /></form>"; } function inv_user_view() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { die("403"); } $d=$db->query("SELECT username FROM users WHERE userid='{$_POST['user']}'"); $un=$db->fetch_single($d); $inv=$db->query("SELECT iv.*,i.*,it.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid WHERE iv.inv_userid={$_POST['user']}"); if ($db->num_rows($inv) == 0) { print "[b]This person has no items![/b]"; } else { print "[b]Their items are listed below.[/b] <table width=100%><tr style='background-color:gray;'><th>Item</th><th>Sell Value</th><th>Total Sell Value</th><th>Links</th></tr>"; while($i=$db->fetch_row($inv)) { print "<tr><td>{$i['itmname']}"; if ($i['inv_qty'] > 1) { print " x{$i['inv_qty']}"; } print "</td><td>\${$i['itmsellprice']}</td><td>"; print "$".($i['itmsellprice']*$i['inv_qty']); print "</td><td>[[url='staff_users.php?action=deleinv&ID={$i[']Delete[/url]]"; print "</td></tr>"; } print "</table>"; } stafflog_add("Viewed user {$un} [{$_POST['user']}] inventory"); } function inv_delete() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { die("403"); } $db->query("DELETE FROM inventory WHERE inv_id={$_GET['ID']}"); print "Item deleted from inventory."; stafflog_add("Deleted inventory ID {$_GET['ID']}"); } function credit_user_form() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { die("403"); } print "<h3>Crediting User</h3> You can give a user money/crystals. <form action='staff_users.php?action=creditsub' method='post'> User: ".user_dropdown($c,'user')." Money: <input type='text' name='money' /> Crystals: <input type='text' name='crystals' /> <input type='submit' value='Credit User' /></form>"; } function credit_user_submit() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { die("403"); } $_POST['money'] = (int) $_POST['money']; $_POST['crystals'] = (int) $_POST['crystals']; $db->query("UPDATE users u SET money=money+{$_POST['money']}, crystals=crystals+{$_POST['crystals']} WHERE u.userid={$_POST['user']}"); print "User credited."; $d=$db->query("SELECT username FROM users WHERE userid='{$_POST['user']}'"); $un=$db->fetch_single($d); stafflog_add("Credited $un [{$_POST['user']}] \${$_POST['money']} and/or {$_POST['crystals']} crystals."); } function mcredit_user_form() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 2) { die("403"); } print "<h3>Mass Payment</h3> You can give all users money/crystals. <form action='staff_users.php?action=masscreditsub' method='post'> Money: <input type='text' name='money' /> Crystals: <input type='text' name='crystals' /> <input type='submit' value='Credit User' /></form>"; } function mcredit_user_submit() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 2) { die("403"); } $_POST['money'] = (int) $_POST['money']; $_POST['crystals'] = (int) $_POST['crystals']; $db->query("UPDATE users u SET money=money+{$_POST['money']}, crystals=crystals+{$_POST['crystals']}"); print "All Users credited. Click [url='staff.php?action=announce']here to add an announcement[/url] or [url='staff_special.php?action=massmailer']here to send a mass mail[/url] explaining why."; stafflog_add("Credited all users \${$_POST['money']} and/or {$_POST['crystals']} crystals."); } function reports_view() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { die("403"); } print "<h3>Player Reports</h3> <table width=80%><tr style='background:gray'><th>Reporter</th> <th>Offender</th> <th>What they did</th> <th> </th> </tr>"; $q=$db->query("SELECT pr.*,u1.username as reporter, u2.username as offender FROM preports pr LEFT JOIN users u1 ON u1.userid=pr.prREPORTER LEFT JOIN users u2 ON u2.userid=pr.prREPORTED ORDER BY pr.prID DESC"); while($r=$db->fetch_row($q)) { print "\n<tr> <td>[url='viewuser.php?u={$r[']{$r['reporter']}[/url] [{$r['prREPORTER']}]</td> <td>[url='viewuser.php?u={$r[']{$r['offender']}[/url] [{$r['prREPORTED']}]</td> <td>{$r['prTEXT']}</td> <td>[url='staff_users.php?action=repclear&ID={$r[']Clear[/url]</td> </tr>"; } print "</table>"; } function forcelogout() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 2) { die("403"); } $_POST['userid'] = abs((int) $_POST['userid']); if($_POST['userid']) { $db->query("UPDATE users SET force_logout=1 WHERE userid={$_POST['userid']}"); print "User ID {$_POST['userid']} successfully forced to logout."; stafflog_add("Forced User ID {$_POST['userid']} to logout"); } else { print "<h3>Force User Logout</h3><hr /> The user will be automatically logged out next time he/she makes a hit to the site.<form action='staff_users.php?action=forcelogout' method='post'> User: ".user_dropdown($c, 'userid')." <input type='submit' value='Force User to Logout' /></form>"; } } function report_clear() { global $db,$ir,$c,$h,$userid; if($ir['user_level'] > 3) { die("403"); } $_GET['ID'] = abs((int) $_GET['ID']); stafflog_add("Cleared player report ID {$_GET['ID']}"); $db->query("DELETE FROM preports WHERE prID={$_GET['ID']}"); print "Report cleared and deleted! [url='staff_users.php?action=reportsview']> Back[/url]"; } $h->endpage(); ?> Any help is much appreciated Quote
Nicholas Posted August 4, 2009 Posted August 4, 2009 Re: Help with staff users please looks fine to me. nothing wrong in the coding. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.