Brad Posted May 30, 2010 Share Posted May 30, 2010 i dont understand why most of my admin stuff dont work can someone fix it like edit user dont work. I have added to it but it the lite adminnever works Quote Link to comment Share on other sites More sharing options...
Brad Posted May 30, 2010 Author Share Posted May 30, 2010 It is too big to post it is just the mccodes lite admin panel. Quote Link to comment Share on other sites More sharing options...
gurpreet Posted May 30, 2010 Share Posted May 30, 2010 Once again, WRONG FORUM...How can we help if we can't see the code? If it's too big, split it up and post it. Quote Link to comment Share on other sites More sharing options...
Brad Posted May 30, 2010 Author Share Posted May 30, 2010 Line 1 to 600 <?php /* MCCodes Lite admin.php Rev 1.0.1 Copyright (C) 2006 Dabomstew This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm); $h->menuarea(); if($ir['user_level'] != 2) { print "You sneak, get out of here!"; $h->endpage(); exit; } $posta=mysql_real_escape_string(print_r($_POST,1),$c); $geta=mysql_real_escape_string(print_r($_GET,1),$c); mysql_query("INSERT INTO adminlogs VALUES('', $userid, '$posta', '$geta', unix_timestamp() )",$c); switch($_GET['action']) { case 'newuser': new_user_form(); break; case 'newusersub': new_user_submit(); break; case 'newitem': new_item_form(); break; case 'newitemsub': new_item_submit(); break; case 'giveitem': give_item_form(); break; case 'giveitemsub': give_item_submit(); break; case 'killitem': kill_item_form(); break; case 'killitemsub': kill_item_submit(); break; case 'edititem': edit_item_begin(); break; case 'edititemform': edit_item_form(); break; case 'edititemsub': edit_item_sub(); break; case 'newshop': new_shop_form(); break; case 'newshopsub': new_shop_submit(); break; case 'newstock': new_stock_form(); break; case 'newstocksub': new_stock_submit(); break; case 'edituser': edit_user_begin(); break; case 'edituserform': edit_user_form(); break; case 'editusersub': edit_user_sub(); break; case 'fedform': fed_user_form(); break; case 'fedsub': fed_user_submit(); break; case 'fedeform': fed_edit_form(); break; case 'fedesub': fed_edit_submit(); break; case 'mailform': mail_user_form(); break; case 'mailsub': mail_user_submit(); break; case 'unfedform': unfed_user_form(); break; case 'unfedsub': unfed_user_submit(); break; case 'editnews': newspaper_form(); break; case 'subnews': newspaper_submit(); break; case 'editadnews': adnewspaper_form(); break; case 'subadnews': adnewspaper_submit(); break; case 'atklogs': view_attack_logs(); break; case 'index': admin_index(); break; case 'invbeg': inv_user_begin(); break; case 'invuser': inv_user_view(); break; case 'deleinv': inv_delete(); break; case 'creditform': credit_user_form(); break; case 'creditsub': credit_user_submit(); break; case 'ccreditform': ccredit_user_form(); break; case 'ccreditsub': ccredit_user_submit(); break; case 'ipform': ip_search_form(); break; case 'ipsub': ip_search_submit(); break; case 'massjailip': mass_jail(); break; case 'itmlogs': view_itm_logs(); break; case 'cashlogs': view_cash_logs(); break; case 'maillogs': view_mail_logs(); break; case 'stafflist': staff_list(); break; case 'userlevel': userlevel(); break; case 'userlevelform': userlevelform(); break; case 'massmailer': massmailer(); break; case 'ipban': ipban(); break; case 'ipbancon': ipbancon(); break; case 'ipbanview': ipbanview(); break; case 'ipbanremove': ipbanremove(); break; case 'deluserform': del_user_form(); break; case 'delusersub': del_user_submit(); break; default: admin_index(); break; } function admin_index() { global $ir,$c,$userid; print "Welcome to the Your Game Name admin panel, [b]{$ir['username']}![/b] [b]Admin Pad:[/b] "; include "admin.news"; print " <u>Users</u> [[url='admin.php?action=newuser']Create New User[/url]] [[url='admin.php?action=deluserform']Delete User[/url]] [[url='admin.php?action=edituser']Edit User[/url]] [[url='admin.php?action=mailform']Mail Ban User[/url]] [[url='admin.php?action=fedform']Jail User[/url]] [[url='admin.php?action=fedeform']Edit Fedjail Sentence[/url]] [[url='admin.php?action=unfedform']Unjail User[/url]] [[url='admin.php?action=invbeg']View User Inventory[/url]] [[url='admin.php?action=creditform']Credit User Money[/url]] [[url='admin.php?action=ccreditform']Credit User Crystals[/url]] [[url='admin.php?action=ipform']Ip Search[/url]] [[url='admin.php?action=ipban'][b]Ban an IP[/b][/url]] [[url='admin.php?action=ipbanview'][b]View Banned IP's[/b][/url]] <u>Items</u> [[url='admin.php?action=newitem']Create New Item[/url]] [[url='admin.php?action=giveitem']Give Item To User[/url]] [[url='admin.php?action=edititem']Edit Item[/url]] [[url='admin.php?action=killitem']Delete An Item[/url]] <u>Shops</u> [[url='admin.php?action=newshop']Create New Shop[/url]] [[url='admin.php?action=newstock']Add Item To Shop[/url]] <u>Misc</u> [[url='admin.php?action=editnews']Edit Announcements[/url]] [[url='admin.php?action=massmailer']Mass mailer[/url]] <u>Logs</u> [[url='admin.php?action=atklogs']Attack Logs[/url]] [[url='admin.php?action=cashlogs']Cash Xfer Logs[/url]] [[url='admin.php?action=itmlogs']Item Xfer Logs[/url]] [[url='admin.php?action=maillogs']Mail Logs[/url]] "; print " <u>Critical Tools</u> [[url='admin.php?action=stafflist']Staff List[/url]] [[url='admin.php?action=userlevelform']Adjust User Level[/url]] [[url='admin.php?action=editadnews']Edit Admin Pad[/url]] "; } function new_user_form() { global $ir, $c; print "Adding a new user. <form action='admin.php?action=newusersub' method='post'> Username: <input type='text' name='username' /> Login Name: <input type='text' name='login_name' /> Email: <input type='text' name='email' /> Password: <input type='text' name='userpass' /> Type: <input type='radio' name='user_level' value='0' />NPC <input type='radio' name='user_level' value='1' checked='checked' />Regular Member Level: <input type='text' name='level' value='1' /> Money: <input type='text' name='money' value='100' /> Crystals: <input type='text' name='crystals' value='0' /> Gender: <select name='gender' type='dropdown'><option>Male</option><option>Female</option></select> [b]Stats[/b] Strength: <input type='text' name='strength' value='10' /> Agility: <input type='text' name='agility' value='10' /> Guard: <input type='text' name='guard' value='10' /> Labour: <input type='text' name='labour' value='10' /> IQ: <input type='text' name='labour' value='10' /> <input type='submit' value='Create User' /></form>"; } function new_user_submit() { global $ir,$c,$userid; if(!isset($_POST['username']) || !isset($_POST['login_name']) || !isset($_POST['userpass'])) { print "You missed one or more of the required fields. Please go back and try again. [url='admin.php?action=newuser']> Back[/url]"; $h->endpage(); exit; } $level=abs((int) $_POST['level']); $money=make_bigint($_POST['money']); $crys=make_bigint($_POST['crystals']); $ulevel=abs((int) $_POST['user_level']); $strength=abs((int) $_POST['strength']); $agility=abs((int) $_POST['agility']); $guard=abs((int) $_POST['guard']); $labour=abs((int) $_POST['labour']); $iq=abs((int) $_POST['iq']); $energy=10+$level*2; $brave=3+$level*2; $hp=50+$level*50; mysql_query("INSERT INTO users (username, login_name, userpass, level, money, user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender, signedup, email, crystals) VALUES( '{$_POST['username']}', '{$_POST['login_name']}', md5('{$_POST['userpass']}'), $level, $money, $crystals, $donator, $ulevel, $energy, $energy, 100, 100, $brave, $brave, $hp, $hp, 1, '{$_POST['gender']}', unix_timestamp(), '{$_POST['email']}', -1, $crys)", $c); $i=mysql_insert_id($c); mysql_query("INSERT INTO userstats VALUES($i, $strength, $agility, $guard, $labour, $iq)", $c); print "User created!"; } function new_item_form() { global $ir,$c; print "<h3>Adding an item to the game</h3><form action='admin.php?action=newitemsub' method='post'> Item Name: <input type='text' name='itmname' value='' /> Item Desc.: <input type='text' name='itmdesc' value='' /> Item Type: ".itemtype_dropdown($c,'itmtype')." Item Buyable: <input type='checkbox' name='itmbuyable' checked='checked' /> Item Price: <input type='text' name='itmbuyprice' /> Item Sell Value: <input type='text' name='itmsellprice' /> [b]Specialized[/b] Item Energy Regen (food only): <input type='text' name='energy' value='1' /> Power (weapons only): <input type='text' name='damage' value='10' /> Damage Off (armor only): <input type='text' name='Defence' value='10' /> <input type='submit' value='Add Item To Game' /></form>"; } function new_item_submit() { global $ir,$c,$h; if(!isset($_POST['itmname']) || !isset($_POST['itmdesc']) || !isset($_POST['itmtype']) || !isset($_POST['itmbuyprice']) || !isset($_POST['itmsellprice'])) { print "You missed one or more of the fields. Please go back and try again. [url='admin.php?action=newitem']> Back[/url]"; $h->endpage(); exit; } $itmname=mysql_escape($_POST['itmname']); $itmdesc=mysql_escape($_POST['itmdesc']); if($_POST['itmbuyable'] == 'on') { $itmbuy=1; } else { $itmbuy=0; } $m=mysql_query("INSERT INTO items VALUES('',{$_POST['itmtype']},'$itmname','$itmdesc',{$_POST['itmbuyprice']},{$_POST['itmsellprice']},$itmbuy)",$c) or die(mysql_error()); if($_POST['itmtype'] == 1) { $i=mysql_insert_id(); mysql_query("INSERT INTO food VALUES($i,{$_POST['energy']})",$c) or die(mysql_error()); } if($_POST['itmtype'] == 3 || $_POST['itmtype'] == 4) { $i=mysql_insert_id(); mysql_query("INSERT INTO weapons VALUES($i,{$_POST['damage']})",$c) or die(mysql_error()); } if($_POST['itmtype'] == 7) { $i=mysql_insert_id(); mysql_query("INSERT INTO armour VALUES($i,{$_POST['Defence']})",$c) or die(mysql_error()); } print "The {$_POST['itmname']} Item was added to the game."; } function give_item_form() { global $ir,$c; print "<h3>Giving Item To User</h3> <form action='admin.php?action=giveitemsub' method='post'> User: ".user_dropdown($c,'user')." Item: ".item_dropdown($c,'item')." Quantity: <input type='text' name='qty' value='1' /> <input type='submit' value='Give Item' /></form>"; } function give_item_submit() { global $ir,$c; mysql_query("INSERT INTO inventory VALUES('',{$_POST['item']},{$_POST['user']},{$_POST['qty']})",$c) or die(mysql_error()); print "You gave {$_POST['qty']} of item ID {$_POST['item']} to user ID {$_POST['user']}"; } function kill_item_form() { global $ir,$c,$h,$userid; print "<h3>Deleting Item</h3> The item will be permanently removed from the game. <form action='admin.php?action=killitemsub' method='post'> Item: ".item_dropdown($c,'item')." <input type='submit' value='Kill Item' /></form>"; } function kill_item_submit() { global $ir,$c,$h,$userid; $d=mysql_query("SELECT * FROM items WHERE itmid={$_POST['item']}",$c); $itemi=mysql_fetch_array($d); mysql_query("DELETE FROM items WHERE itmid={$_POST['item']}",$c); mysql_query("DELETE FROM shopitems WHERE sitemITEMID={$_POST['item']}",$c); mysql_query("DELETE FROM inventory WHERE inv_itemid={$_POST['item']}",$c); mysql_query("DELETE FROM food WHERE item_id={$_POST['item']}",$c); mysql_query("DELETE FROM weapons WHERE item_id={$_POST['item']}",$c); mysql_query("DELETE FROM armour WHERE item_ID={$_POST['item']}",$c); mysql_query("DELETE FROM itemmarket WHERE imITEM={$_POST['item']}",$c); print "The {$itemi['itmname']} Item was removed from the game."; } function edit_item_begin() { global $ir,$c,$h,$userid; print "<h3>Editing Item</h3> You can edit any aspect of this item. <form action='admin.php?action=edititemform' method='post'> Item: ".item_dropdown($c,'item')." <input type='submit' value='Edit Item' /></form>"; } function edit_item_form() { global $ir,$c,$h; $d=mysql_query("SELECT * FROM items WHERE itmid={$_POST['item']}",$c); $itemi=mysql_fetch_array($d); $f=mysql_query("SELECT * FROM food WHERE item_id={$_POST['item']}",$c); if(mysql_num_rows($f) > 0) { $a=mysql_fetch_array($f); $energy=$a['energy']; } else { $energy=1; } $f=mysql_query("SELECT * FROM weapons WHERE item_id={$_POST['item']}",$c); if(mysql_num_rows($f) > 0) { $a=mysql_fetch_array($f); $damage=$a['damage']; } else { $damage=1; } $f=mysql_query("SELECT * FROM armour WHERE item_ID={$_POST['item']}",$c); if(mysql_num_rows($f) > 0) { $a=mysql_fetch_array($f); $def=$a['Defence']; } else { $def=10; } print "<h3>Editing Item</h3> <form action='admin.php?action=edititemsub' method='post'> <input type='hidden' name='itmid' value='{$_POST['item']}' /> Item Name: <input type='text' name='itmname' value='{$itemi['itmname']}' /> Item Desc.: <input type='text' name='itmdesc' value='{$itemi['itmdesc']}' /> Item Type: ".itemtype_dropdown($c,'itmtype',$itemi['itmtype'])." Item Buyable: <input type='checkbox' name='itmbuyable'"; if ($itemi['itmbuyable']) { print " checked='checked'"; } print " /> Item Price: <input type='text' name='itmbuyprice' value='{$itemi['itmbuyprice']}' /> Item Sell Value: <input type='text' name='itmsellprice' value='{$itemi['itmsellprice']}'/> [b]Specialized[/b] Item Energy Regen (food only): <input type='text' name='energy' value='$energy' /> Power (weapons only): <input type='text' name='damage' value='$damage' /> Damage Off (armor only): <input type='text' name='Defence' value='$def' /> <input type='submit' value='Edit Item' /></form>"; } function edit_item_sub() { global $ir,$c,$h,$userid; if(!isset($_POST['itmname']) || !isset($_POST['itmdesc']) || !isset($_POST['itmtype']) || !isset($_POST['itmbuyprice']) || !isset($_POST['itmsellprice'])) { print "You missed one or more of the fields. Please go back and try again. [url='admin.php?action=edititem']> Back[/url]"; $h->endpage(); exit; } $itmname=mysql_escape($_POST['itmname']); $itmdesc=mysql_escape($_POST['itmdesc']); if($_POST['itmbuyable'] == 'on') { $itmbuy=1; } else { $itmbuy=0; } mysql_query("DELETE FROM items WHERE itmid={$_POST['itmid']}",$c); mysql_query("DELETE FROM food WHERE item_id={$_POST['itmid']}",$c); mysql_query("DELETE FROM weapons WHERE item_id={$_POST['itmid']}",$c); mysql_query("DELETE FROM armour WHERE item_ID={$_POST['itmid']}",$c); $m=mysql_query("INSERT INTO items VALUES('{$_POST['itmid']}',{$_POST['itmtype']},'$itmname','$itmdesc',{$_POST['itmbuyprice']},{$_POST['itmsellprice']},$itmbuy)",$c) or die(mysql_error()); if($_POST['itmtype'] == 1) { mysql_query("INSERT INTO food VALUES({$_POST['itmid']},{$_POST['energy']})",$c) or die(mysql_error()); } if($_POST['itmtype'] == 3 || $_POST['itmtype'] == 4) { mysql_query("INSERT INTO weapons VALUES({$_POST['itmid']},{$_POST['damage']})",$c) or die(mysql_error()); } if($_POST['itmtype'] == 7) { $i=mysql_insert_id(); mysql_query("INSERT INTO armour VALUES({$_POST['itmid']} ,{$_POST['Defence']})",$c) or die(mysql_error()); } print "The {$_POST['itmname']} Item was edited successfully."; } function new_shop_form() { global $ir,$c,$h; print "<h3>Adding a New Shop</h3> <form action='admin.php?action=newshopsub' method='post'> Shop Name: <input type='text' name='sn' value='' /> Shop Desc: <input type='text' name='sd' value='' /> Shop Location: ".location_dropdown($c,"sl")." <input type='submit' value='Create Shop' /></form>"; } function new_shop_submit() { global $ir,$c,$h; if(!isset($_POST['sn']) || !isset($_POST['sd'])) { print "You missed a field, go back and try again. [url='admin.php?action=newitem']> Back[/url]"; } else { $sn=mysql_escape($_POST['sn']); $sd=mysql_escape($_POST['sd']); mysql_query("INSERT INTO shops VALUES('',{$_POST['sl']},'$sn','$sd')",$c); print "The $sn Shop was successfully added to the game."; } } function new_stock_form() { global $ir,$c,$h; print "<h3>Adding an item to a shop</h3> <form action='admin.php?action=newstocksub' method='post'> Shop: ".shop_dropdown($c,"shop")." Item: ".item_dropdown($c,"item")." <input type='submit' value='Add Item To Shop' /></form>"; } function new_stock_submit() { global $ir,$c,$h; mysql_query("INSERT INTO shopitems VALUES('',{$_POST['shop']},{$_POST['item']})",$c); print "Item ID {$_POST['item']} was successfully added to shop ID {$_POST['shop']}"; } function edit_user_begin() { global $ir,$c,$h,$userid; print "<h3>Editing User</h3> You can edit any aspect of this user. <form action='admin.php?action=edituserform' method='post'> User: ".user_dropdown($c,'user')." <input type='submit' value='Edit User' /></form> OR enter a user ID to edit: <form action='admin.php?action=edituserform' method='post'> User: <input type='text' name='user' value='0' /> <input type='submit' value='Edit User' /></form>"; } function edit_user_form() { global $ir,$c,$h,$userid; $d=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us on u.userid=us.userid WHERE u.userid={$_POST['user']}",$c); $itemi=mysql_fetch_array($d); print "<h3>Editing User</h3> <form action='admin.php?action=editusersub' method='post'> <input type='hidden' name='userid' value='{$_POST['user']}' /> Username: <input type='text' name='username' value='{$itemi['username']}' /> Login Name: <input type='text' name='login_name' value='{$itemi['login_name']}' /> Duties: <input type='text' name='duties' value='{$itemi['duties']}' /> Staff Notes: <input type='text' name='staffnotes' value='{$itemi['staffnotes']}' /> Level: <input type='text' name='level' value='{$itemi['level']}' /> Money: \$<input type='text' name='money' value='{$itemi['money']}' /> Crystals: \$<input type='text' name='crystals' value='{$itemi['crystals']}' /> Mail Ban: <input type='text' name='mailban' value='{$itemi['mailban']}' /> Mail Ban Reason: <input type='text' name='mb_reason' value='{$itemi['mb_reason']}' /> <h4>Stats</h4> Strength: <input type='text' name='strength' value='{$itemi['strength']}' /> Agility: <input type='text' name='agility' value='{$itemi['agility']}' /> Guard: <input type='text' name='guard' value='{$itemi['guard']}' /> Labour: <input type='text' name='labour' value='{$itemi['labour']}' /> IQ: <input type='text' name='IQ' value='{$itemi['IQ']}' /> <input type='submit' value='Edit User' /></form>"; } function edit_user_sub() { global $ir,$c,$h,$userid; $go=0; if(!isset($_POST['level'])) { $go=1; } if(!isset($_POST['money'])) { $go=1; } if(!isset($_POST['crystals'])) { $go=1; } if(!isset($_POST['strength'])) { $go=1; } if(!isset($_POST['agility'])) { $go=1; } if(!isset($_POST['guard'])) { $go=1; } if(!isset($_POST['labour'])) { $go=1; } if(!isset($_POST['IQ'])) { $go=1; } if(!isset($_POST['username'])) { $go=1; } if(!isset($_POST['login_name'])) { $go=1; } if($go) { print "You did not fully fill out the form."; new_user_form(); } else { $_POST['level']=(int) $_POST['level']; $_POST['strength']=abs((int) $_POST['strength']); $_POST['agility']=abs((int) $_POST['agility']); $_POST['guard']=abs((int) $_POST['guard']); $_POST['labour']=abs((int) $_POST['labour']); $_POST['IQ']=abs((int) $_POST['IQ']); $_POST['money']=make_bigint($_POST['money'],0); $_POST['crystals']=make_bigint($_POST['crystals'],0); $_POST['mailban']=(int) $_POST['mailban']; //check for username usage $u=mysql_query("SELECT * FROM users WHERE username='{$_POST['username']}' and userid != {$_POST['userid']}",$c); if(mysql_num_rows($u) != 0) { print "That username is in use, choose another."; print " [url='admin.php?action=edituser']> Back[/url]"; $h->endpage(); exit; } $oq=mysql_query("SELECT * FROM users WHERE userid={$_POST['userid']}",$c); $rm=mysql_fetch_array($oq); $energy=10+$_POST['level']*2; $nerve=3+$_POST['level']*2; $hp=50+$_POST['level']*50; mysql_query("UPDATE users SET username='{$_POST['username']}', level={$_POST['level']}, money={$_POST['money']}, energy=$energy, brave=$nerve, maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', login_name='{$_POST['login_name']}', crystals='{$_POST['crystals']}' WHERE userid={$_POST['userid']}", $c); mysql_query("UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']}, guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']} WHERE userid={$_POST['userid']}", $c); print "User edited...."; } } function fed_user_form() { global $ir,$c,$h,$userid; print "<h3>Jailing User</h3> The user will be put in fed jail and will be unable to do anything in the game. <form action='admin.php?action=fedsub' method='post'> User: ".user_dropdown($c,'user',$_GET['XID'])." Days: <input type='text' name='days' /> Reason: <input type='text' name='reason' /> <input type='submit' value='Jail User' /></form>"; } function fed_user_submit() { global $ir,$c,$h,$userid; $re=mysql_query("UPDATE users SET fedjail=1 WHERE userid={$_POST['user']}",$c); if(mysql_affected_rows($c)) { mysql_query("INSERT INTO fedjail VALUES('',{$_POST['user']},{$_POST['days']},$userid,'". mysql_real_escape_string($_POST['reason'],$c)."')",$c); } mysql_query("INSERT INTO jaillogs VALUES('',$userid, {$_POST['user']}, {$_POST['days']}, '{$_POST['reason']}',unix_timestamp())",$c); print "User jailed."; } function fed_edit_form() { global $ir,$c,$h,$userid; print "<h3>Editing Fedjail Reason</h3> You are editing a player's sentence in fed jail. <form action='admin.php?action=fedesub' method='post'> User: ".fed_user_dropdown($c,'user')." Days: <input type='text' name='days' /> Reason: <input type='text' name='reason' /> <input type='submit' value='Jail User' /></form>"; } function fed_edit_submit() { global $ir,$c,$h,$userid; mysql_query("DELETE FROM fedjail WHERE fed_userid={$_POST['user']}",$c); mysql_query("INSERT INTO fedjail VALUES('',{$_POST['user']},{$_POST['days']},$userid,'". mysql_real_escape_string($_POST['reason'],$c)."')",$c); mysql_query("INSERT INTO jaillogs VALUES('',$userid, {$_POST['user']}, {$_POST['days']}, '{$_POST['reason']}',unix_timestamp())",$c); print "User's sentence edited."; } function mail_user_form() { global $ir,$c,$h,$userid; print "<h3>Mail Banning User</h3> The user will be banned from the mail system. <form action='admin.php?action=mailsub' method='post'> User: ".user_dropdown($c,'user',$_GET['ID'])." Days: <input type='text' name='days' /> Reason: <input type='text' name='reason' /> <input type='submit' value='Mailban User' /></form>"; } function mail_user_submit() { global $ir,$c,$h,$userid; $_POST['reason']=stripslashes($_POST['reason']); $re=mysql_query("UPDATE users SET mailban={$_POST['days']},mb_reason='{$_POST['reason']}' WHERE userid={$_POST['user']}",$c); event_add($_POST['user'],"You were banned from mail for {$_POST['days']} day(s) for the following reason: {$_POST['reason']}",$c); print "User mail banned."; } function unfed_user_form() { global $ir,$c,$h,$userid; print "<h3>Unjailing User</h3> The user will be taken out of fed jail. <form action='admin.php?action=unfedsub' method='post'> User: ".fed_user_dropdown($c,'user')." <input type='submit' value='Unjail User' /></form>"; Quote Link to comment Share on other sites More sharing options...
Brad Posted May 30, 2010 Author Share Posted May 30, 2010 Line 601 to 991 } function unfed_user_submit() { global $ir,$c,$h,$userid; mysql_query("UPDATE users SET fedjail=0 WHERE userid={$_POST['user']}",$c); mysql_query("DELETE FROM fedjail WHERE fed_userid={$_POST['user']}",$c); mysql_query("INSERT INTO unjaillogs VALUES('',$userid, {$_POST['user']}, unix_timestamp())",$c); print "User unjailed."; } function newspaper_form() { global $ir,$c,$h,$userid; $q=mysql_query("SELECT * FROM papercontent LIMIT 1",$c); $news=mysql_result($q,0,0); print "<h3>Editing Announcements</h3><form action='admin.php?action=subnews' method='post'> <textarea rows='7' cols='35' name='newspaper'>$news</textarea> <input type='submit' value='Change' /></form>"; } function newspaper_submit() { global $ir,$c,$h,$userid; $news=$_POST['newspaper']; mysql_query("UPDATE papercontent SET content='$news'",$c); print "Announcements updated!"; } function view_attack_logs() { global $ir,$c,$h,$userid; print "<h3>Attack Logs</h3> <table width=75%><tr style='background:gray'><th>Time</th><th>Detail</th></tr>"; $q=mysql_query("SELECT * FROM attacklogs ORDER BY time DESC",$c); while($r=mysql_fetch_array($q)) { print "<tr><td>".date('F j, Y, g:i:s a',$r['time'])."</td><td>{$r['attacker']} attacked {$r['attacked']} and {$r['result']} and stole \${$r['stole']}</td></tr>"; } print "</table>"; } function inv_user_begin() { global $ir,$c,$h,$userid; print "<h3>Viewing User Inventory</h3> You may browse this user's inventory. <form action='admin.php?action=invuser' method='post'> User: ".user_dropdown($c,'user')." <input type='submit' value='View Inventory' /></form>"; } function inv_user_view() { global $ir,$c,$h,$userid; $inv=mysql_query("SELECT iv.*,i.*,it.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid WHERE iv.inv_userid={$_POST['user']}",$c); if (mysql_num_rows($inv) == 0) { print "[b]This person has no items![/b]"; } else { print "[b]Their items are listed below.[/b] <table width=100%><tr style='background-color:gray;'><th>Item</th><th>Sell Value</th><th>Total Sell Value</th><th>Links</th></tr>"; while($i=mysql_fetch_array($inv)) { print "<tr><td>{$i['itmname']}"; if ($i['inv_qty'] > 1) { print "x{$i['inv_qty']}"; } print "</td><td>\${$i['itmsellprice']}</td><td>"; print "$".($i['itmsellprice']*$i['inv_qty']); print "</td><td>[[url='admin.php?action=deleinv&ID={$i[']Delete[/url]]"; print "</td></tr>"; } print "</table>"; } } function inv_delete() { global $ir,$c,$h,$userid; mysql_query("DELETE FROM inventory WHERE inv_id={$_GET['ID']}",$c); print "Item deleted from inventory."; } function credit_user_form() { global $ir,$c,$h,$userid; print "<h3>Crediting User</h3> You can give a user money. <form action='admin.php?action=creditsub' method='post'> User: ".user_dropdown($c,'user')." Money: <input type='text' name='money' /> <input type='submit' value='Credit User' /></form>"; } function credit_user_submit() { global $ir,$c,$h,$userid; $_POST['money'] = (int) $_POST['money']; mysql_query("UPDATE users u SET money=money+{$_POST['money']} WHERE u.userid={$_POST['user']}",$c); print "User credited."; } function ccredit_user_form() { global $ir,$c,$h,$userid; print "<h3>Crediting User Crystals</h3> You can give a user crystals. <form action='admin.php?action=ccreditsub' method='post'> User: ".user_dropdown($c,'user')." Crystals: <input type='text' name='crystals' /> <input type='submit' value='Credit User' /></form>"; } function ccredit_user_submit() { global $ir,$c,$h,$userid; $_POST['crystals'] = (int) $_POST['crystals']; mysql_query("UPDATE users u SET crystals=crystals+{$_POST['crystals']} WHERE u.userid={$_POST['user']}",$c); print "User credited."; } function ip_search_form() { global $ir,$c,$h,$userid; print "<h3>IP Search</h3> <form action='admin.php?action=ipsub' method='post'> IP: <input type='text' name='ip' value='...' /> <input type='submit' value='Search' /></form>"; } function ip_search_submit() { global $ir,$c,$h,$userid; print "Searching for users with the IP: [b]{$_POST['ip']}[/b] <table width=75%><tr style='background:gray'> <th>User</th> <th>Level</th> <th>Money</th> </tr>"; $q=mysql_query("SELECT * FROM users WHERE lastip='{$_POST['ip']}'",$c); $ids=array(); while($r=mysql_fetch_array($q)) { $ids[]=$r['userid']; print "\n<tr> <td> [url='viewuser.php?u={$r[']{$r['username']}[/url]</td> <td> {$r['level']}</td> <td>{$r['money']}</td> </tr>"; } print "</table> [b]Mass Jail[/b] <form action='admin.php?action=massjailip' method='post'> <input type='hidden' name='ids' value='".implode(",",$ids)."' /> Days: <input type='text' name='days' value='300' /> Reason: <input type='text' name='reason' value='Same IP users, Mail [email][email protected][/email] with your case.' /> <input type='submit' value='Mass Jail' /></form>"; } function mass_jail() { global $ir,$c,$h,$userid; $ids=explode(",",$_POST['ids']); foreach($ids as $id) { $re=mysql_query("UPDATE users SET fedjail=1 WHERE userid={$id}",$c); if(mysql_affected_rows($c)) { mysql_query("INSERT INTO fedjail VALUES('',{$id},{$_POST['days']},$userid,'". mysql_real_escape_string($_POST['reason'],$c)."')",$c); } mysql_query("INSERT INTO jaillogs VALUES('',$userid, {$id}, {$_POST['days']}, '{$_POST['reason']}',unix_timestamp())",$c); print "User jailed : $id."; } } function view_itm_logs() { global $ir,$c,$h,$userid; print "<h3>Item Xfer Logs</h3> <table width=75%><tr style='background:gray'><th>Time</th><th>Detail</th></tr>"; $q=mysql_query("SELECT ix.*,u1.username as sender, u2.username as sent,i.itmname as item FROM itemxferlogs ix LEFT JOIN users u1 ON ix.ixFROM=u1.userid LEFT JOIN users u2 ON ix.ixTO=u2.userid LEFT JOIN items i ON i.itmid=ix.ixITEM ORDER BY ix.ixTIME DESC",$c); while($r=mysql_fetch_array($q)) { print "<tr><td>" . date("F j, Y, g:i:s a",$r['ixTIME']) . "</td><td>{$r['sender']} sent {$r['ixQTY']} {$r['item']}(s) to {$r['sent']} </td></tr>"; } print "</table>"; } function view_cash_logs() { global $ir,$c,$h,$userid; print "<h3>Cash Xfer Logs</h3> <table width=75% border=1> <tr style='background:gray'> <th>ID</th> <th>Time</th> <th>User From</th> <th>User To</th> <th>Multi?</th> <th>Amount</th> <th></th> </tr>"; $q=mysql_query("SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid ORDER BY cx.cxTIME DESC",$c) or die(mysql_error()." "."SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid ORDER BY cx.cxTIME DESC"); while($r=mysql_fetch_array($q)) { if($r['cxFROMIP'] == $r['cxTOIP']) { $m="<span style='color:red;font-weight:800'>MULTI</span>"; } else { $m=""; } print "<tr><td>{$r['cxID']}</td> <td>" . date("F j, Y, g:i:s a",$r['cxTIME']) . "</td><td>[url='viewuser.php?u={$r[']{$r['sender']}[/url] [{$r['cxFROM']}] (IP: {$r['cxFROMIP']}) </td><td>[url='viewuser.php?u={$r[']{$r['sent']}[/url] [{$r['cxTO']}] (IP: {$r['cxTOIP']}) </td> <td>$m</td> <td> \${$r['cxAMOUNT']}</td> <td> [[url='admin.php?action=fedform&XID={$r[']Jail Sender[/url]] [[url='admin.php?action=fedform&XID={$r[']Jail Receiver[/url]]</td> </tr>"; } print "</table>"; } function view_mail_logs() { global $ir,$c,$h,$userid; $_GET['st']=abs((int) $_GET['st']); $rpp=100; print "<h3>Mail Logs</h3> <table width=75% border=2> \n<tr style='background:gray'> <th>ID</th> <th>Time</th> <th>User From</th> <th>User To</th> <th width>Subj</th> <th width=30%>Msg</th> <th></th> </tr>"; $q=mysql_query("SELECT m.*,u1.username as sender, u2.username as sent FROM mail m LEFT JOIN users u1 ON m.mail_from=u1.userid LEFT JOIN users u2 ON m.mail_to=u2.userid WHERE m.mail_from != 0 ORDER BY m.mail_time DESC LIMIT {$_GET['st']},$rpp",$c) or die(mysql_error()." "."SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid ORDER BY cx.cxTIME DESC LIMIT {$_GET['st']},$rpp"); while($r=mysql_fetch_array($q)) { print "\n<tr><td>{$r['mail_id']}</td> <td>" . date("F j, Y, g:i:s a",$r['mail_time']) . "</td><td>{$r['sender']} [{$r['mail_from']}] </td> <td>{$r['sent']} [{$r['mail_to']}] </td> \n<td> {$r['mail_subject']}</td> \n<td>{$r['mail_text']}</td> <td> [[url='admin.php?action=mailform&XID={$r[']MailBan Sender[/url]] [[url='admin.php?action=mailform&XID={$r[']MailBan Receiver[/url]]</td> </tr>"; } print "</table> "; $q2=mysql_query("SELECT mail_id FROM mail WHERE mail_from != 0",$c); $rs=mysql_num_rows($q2); $pages=ceil($rs/20); print "Pages: "; for($i=1;$i<=$pages;$i++) { $st=($i-1)*20; print "[url='admin.php?action=maillogs&st=$st']$i[/url]"; if($i % 7 == 0) { print " \n"; } } } function staff_list() { global $ir,$c,$h,$userid; print "<h3>Staff Management</h3>"; print "[b]Admins[/b] <table width=80%><tr style='background:gray'> <th>User</th> <th>Online?</th> <th>Links</th> </tr>"; $q=mysql_query("SELECT * FROM users WHERE user_level=2 ORDER BY userid ASC", $c); while($r=mysql_fetch_array($q)) { if($r['laston'] >= time()-15*60) { $on="<font color=green>[b]Online[/b]</font>"; } else { $on="<font color=red>[b]Offline[/b]</font>"; } print "\n<tr> <td>[url='viewuser.php?u={$r[']{$r['username']}[/url] [{$r['userid']}]</td> <td>$on</td> <td>[url='admin.php?action=userlevel&level=1&ID={$r[']Member[/url]</td></tr>"; } print "</table>"; } function userlevel() { global $ir,$c,$h,$userid; $_GET['level']=abs((int) $_GET['level']); $_GET['ID']=abs((int) $_GET['ID']); mysql_query("UPDATE users SET user_level={$_GET['level']} WHERE userid={$_GET['ID']}", $c); print "User's level adjusted."; } function userlevelform() { global $ir,$c,$h,$userid; print "<h3>User Level Adjust</h3> <form action='admin.php' method='get'> <input type='hidden' name='action' value='userlevel'> User: ".user_dropdown($c,'ID')." User Level: <input type='radio' name='level' value='0' /> NPC <input type='radio' name='level' value='1' /> Member <input type='radio' name='level' value='3' /> Helper <input type='radio' name='level' value='4' /> Legend <input type='radio' name='level' value='2' /> Admin <input type='submit' value='Adjust' /></form>"; } function massmailer() { global $ir,$c,$userid; if($_POST['text']) { $_POST['text']=nl2br(strip_tags($_POST['text'])); $subj="This is a mass mail from the administration"; if($_POST['cat']==1) $q=mysql_query("SELECT * FROM users ",$c); else if($_POST['cat']==2) $q=mysql_query("SELECT * FROM users WHERE user_level > 1",$c); else if($_POST['cat']==3) $q=mysql_query("SELECT * FROM users WHERE user_level=2",$c); else $q=mysql_query("SELECT * FROM users WHERE user_level={$_POST['level']}",$c); while($r=mysql_fetch_array($q)) { mysql_query("INSERT INTO mail VALUES('', 0, 0, {$r['userid']}, unix_timestamp(),'$subj','{$_POST['text']}')",$c); print "Mass mail sent to {$r['username']}. "; } print "Mass mail sending complete! [url='admin.php']> Back[/url]"; } else { print "[b]Mass Mailer[/b] <form action='admin.php?action=massmailer' method='post'> Text: <textarea name='text' rows='7' cols='40'></textarea> <input type='radio' name='cat' value='1' /> Send to all members <input type='radio' name='cat' value='2' /> Send to staff only <input type='radio' name='cat' value='3' /> Send to admins only OR Send to user level: <input type='radio' name='level' value='1' /> Member <input type='radio' name='level' value='2' /> Admin <input type='submit' value='Send' /></form>"; } } function ipban() { ?><h3>Ban an IP</h3> <form action='admin.php?action=ipbancon' method='post'> <input type="text" name="ip" /> <input type='submit' value='BAN!' /></form> <hr width="50%" /> [url="admin.php?action=ipbanview"][b]Click to view current IP bans[/b][/url] <? } function ipbancon() { $filename='/home/bradlll/public_html/ipbans/'.$_POST['ip']; $file=fopen($filename,w) or die("Error Creating File"); fclose($file); ?>Done [url="admin.php?action=ipbanview"][b]Back[/b][/url]<? } function ipbanview() { $dir = "/home/bradlll/public_html/ipbans/"; ?> <h3>Viewing banned IP's</h3> <table border="1"> <tr> <th> IP </th> <th> Delete? </th> </tr><? if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { if (strlen($file)>4) { ?> <tr> <td> <? echo $file; ?> </td> <td> [url="admin.php?action=ipbanremove&ip=<? echo $file; ?>"][b]Delete[/b][/url] </td> </tr> <? } } closedir($dh); } } ?></table> [url="admin.php"][b]Back[/b][/url] <? } function ipbanremove() { $file=$_GET['ip']; $filepath = "/home/bradlll/public_html/ipbans/".$file; if (! unlink ($filepath)) { echo "Couldn't delete file"; } else { echo "Removed IP: ".$file; } ?> [url="admin.php?action=ipbanview"][b]Back[/b][/url]<? } function del_user_form() { global $ir,$c,$h,$userid; print "<h3>Deleting User</h3> The user will be deleted. <form action='admin.php?action=delusersub' method='post'> User: ".user_dropdown($c,'user',$_GET['XID'])." <input type='submit' value='Delete User' /></form>"; } function del_user_submit() { global $ir,$c,$h,$userid; mysql_query("DELETE FROM users WHERE userid={$_POST['user']}",$c); print "User deleted."; } function adnewspaper_form() { global $ir,$c,$h,$userid; print "<h3>Editing Admin Pad</h3><form action='admin.php?action=subadnews' method='post'> <textarea rows='7' cols='35' name='newspaper'>"; include "admin.news"; print "</textarea> <input type='submit' value='Change' /></form>"; } function adnewspaper_submit() { global $ir,$c,$h,$userid; $l=fopen("admin.news","w"); fwrite($l,stripslashes($_POST['newspaper'])); fclose($l); print "Admin Pad updated!"; } $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
Brad Posted May 31, 2010 Author Share Posted May 31, 2010 help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.