jamiee Posted August 14, 2011 Share Posted August 14, 2011 i got a pm the other day asking for this for this, so i though i would put it out as a free mod. save it as admin.php and add the link to top.php if its not all ready there. <?php require("top.php"); ?> <?php if (in_array($name, $admin_array)){ // select members for select fields. $result = mysql_query("SELECT name,id FROM login ORDER BY name DESC") or die(mysql_error()); $member_list = ""; while($row = mysql_fetch_array( $result )) { if($row['name'] == $_POST['name']){ $member_list .= "<option selected=\"selected\" value=\"".$row['name']."\">".$row['name']."</option>"; }else{ $member_list .= "<option value=\"".$row['name']."\">".$row['name']."</option>"; } } if(isset($_POST['Update'])){ if(strlen($_POST['credits']) <= 10 and strlen($_POST['money']) <= 10 and strlen($_POST['bullets']) <= 10){ if(is_numeric($_POST['credits']) and is_numeric($_POST['money']) and is_numeric($_POST['bullets'])){ if(empty($_POST['credits'])){ $_POST['credits'] = 0; } if(empty($_POST['money'])){ $_POST['money'] = 0; } if(empty($_POST['bullets'])){ $_POST['bullets'] = 0; } // update state. $result = mysql_query("UPDATE login SET credits='".mysql_real_escape_string($_POST['credits'])."', money='".mysql_real_escape_string($_POST['money'])."', ammo='".mysql_real_escape_string($_POST['bullets'])."' WHERE name='" .mysql_real_escape_string($_POST['name']). "'") or die(mysql_error()); echo "".$_POST['name']."'s items have been changed."; }else{ echo "One or more values are invalid."; } }else{ echo "One or more values are invalid."; } } if(isset($_POST['Search']) or isset($_POST['Update'])){ $sql = "SELECT money,credits,ammo FROM login WHERE name='".mysql_real_escape_string($_POST['name'])."'"; $query = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_object($query); $search_credits = htmlspecialchars($row->credits); $search_money = htmlspecialchars($row->money); $search_ammo = htmlspecialchars($row->ammo); } ?> <form method="post"> <table width="350" border="0" cellpadding="0" cellspacing="2" class="table"> <tr> <td colspan="3" align="left" class="head">Member Management: </td> </tr> <tr> <td colspan="3" align="left" class="sub">Select Member: </td> </tr> <tr> <td align="left" class="cell">Username:</td> <td width="175" align="center" class="cell"><select name="name" class="entryfield" id="name"> <option value="">Select.</option> <?php echo $member_list; ?> </select> </td> <td width="100" align="center" class="cell"> <input name="Search" type="submit" class="button" id="Search" onfocus="if(this.blur)this.blur()" value="Search." /></td> </tr> <tr> <td colspan="3" align="left" class="sub">Options:</td> </tr> <tr> <td width="75" align="left" class="cell">Credits:</td> <td width="275" colspan="2" align="center" class="cell"><input name="credits" type="text" class="entryfield" id="credits" value="<?php echo $search_credits; ?>" maxlength="10" /></td> </tr> <tr> <td width="75" align="left" class="cell">Money:</td> <td width="275" colspan="2" align="center" class="cell"><input name="money" type="text" class="entryfield" id="money" value="<?php echo $search_money; ?>" maxlength="10" /></td> </tr> <tr> <td width="75" align="left" class="cell">Bullets:</td> <td width="275" colspan="2" align="center" class="cell"><input name="bullets" type="text" class="entryfield" id="bullets" value="<?php echo $search_ammo; ?>" maxlength="10" /></td> </tr> <tr> <td colspan="3" align="right" class="submit"><input name="Update" type="submit" class="button" id="Update" onfocus="if(this.blur)this.blur()" value="Update." /></td> </tr> </table> </form> <?php } ?> <?php require("bottom.php"); ?> Quote Link to comment Share on other sites More sharing options...
MysteriousD Posted August 14, 2011 Share Posted August 14, 2011 i got a pm the other day asking for this for this, so i though i would put it out as a free mod. save it as admin.php and add the link to top.php if its not all ready there. <?php require("top.php"); ?> <?php if (in_array($name, $admin_array)){ // select members for select fields. $result = mysql_query("SELECT name,id FROM login ORDER BY name DESC") or die(mysql_error()); $member_list = ""; while($row = mysql_fetch_array( $result )) { if($row['name'] == $_POST['name']){ $member_list .= "<option selected=\"selected\" value=\"".$row['name']."\">".$row['name']."</option>"; }else{ $member_list .= "<option value=\"".$row['name']."\">".$row['name']."</option>"; } } if(isset($_POST['Update'])){ if(strlen($_POST['credits']) <= 10 and strlen($_POST['money']) <= 10 and strlen($_POST['bullets']) <= 10){ if(is_numeric($_POST['credits']) and is_numeric($_POST['money']) and is_numeric($_POST['bullets'])){ if(empty($_POST['credits'])){ $_POST['credits'] = 0; } if(empty($_POST['money'])){ $_POST['money'] = 0; } if(empty($_POST['bullets'])){ $_POST['bullets'] = 0; } // update state. $result = mysql_query("UPDATE login SET credits='".mysql_real_escape_string($_POST['credits'])."', money='".mysql_real_escape_string($_POST['money'])."', ammo='".mysql_real_escape_string($_POST['bullets'])."' WHERE name='" .mysql_real_escape_string($_POST['name']). "'") or die(mysql_error()); echo "".$_POST['name']."'s items have been changed."; }else{ echo "One or more values are invalid."; } }else{ echo "One or more values are invalid."; } } if(isset($_POST['Search']) or isset($_POST['Update'])){ $sql = "SELECT money,credits,ammo FROM login WHERE name='".mysql_real_escape_string($_POST['name'])."'"; $query = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_object($query); $search_credits = htmlspecialchars($row->credits); $search_money = htmlspecialchars($row->money); $search_ammo = htmlspecialchars($row->ammo); } ?> <form method="post"> <table width="350" border="0" cellpadding="0" cellspacing="2" class="table"> <tr> <td colspan="3" align="left" class="head">Member Management: </td> </tr> <tr> <td colspan="3" align="left" class="sub">Select Member: </td> </tr> <tr> <td align="left" class="cell">Username:</td> <td width="175" align="center" class="cell"><select name="name" class="entryfield" id="name"> <option value="">Select.</option> <?php echo $member_list; ?> </select> </td> <td width="100" align="center" class="cell"> <input name="Search" type="submit" class="button" id="Search" onfocus="if(this.blur)this.blur()" value="Search." /></td> </tr> <tr> <td colspan="3" align="left" class="sub">Options:</td> </tr> <tr> <td width="75" align="left" class="cell">Credits:</td> <td width="275" colspan="2" align="center" class="cell"><input name="credits" type="text" class="entryfield" id="credits" value="<?php echo $search_credits; ?>" maxlength="10" /></td> </tr> <tr> <td width="75" align="left" class="cell">Money:</td> <td width="275" colspan="2" align="center" class="cell"><input name="money" type="text" class="entryfield" id="money" value="<?php echo $search_money; ?>" maxlength="10" /></td> </tr> <tr> <td width="75" align="left" class="cell">Bullets:</td> <td width="275" colspan="2" align="center" class="cell"><input name="bullets" type="text" class="entryfield" id="bullets" value="<?php echo $search_ammo; ?>" maxlength="10" /></td> </tr> <tr> <td colspan="3" align="right" class="submit"><input name="Update" type="submit" class="button" id="Update" onfocus="if(this.blur)this.blur()" value="Update." /></td> </tr> </table> </form> <?php } ?> <?php require("bottom.php"); ?> any explanation or description of what it does..? and thanks for releasing ;) Quote Link to comment Share on other sites More sharing options...
W3Theory || Peter Posted August 14, 2011 Share Posted August 14, 2011 I am pretty sure it's a feature where an admin can add credits,money or bullets to any player in the game. Seems like there is a drown down list for all members and then you place in the input field what you want them to have. Quote Link to comment Share on other sites More sharing options...
Dominion Posted August 14, 2011 Share Posted August 14, 2011 You seem to be using mysql_real_escape_string() on numbers e.g. "money", you should be casting them as a number rather then using mres. Quote Link to comment Share on other sites More sharing options...
ShadyCoco Posted August 27, 2011 Share Posted August 27, 2011 (edited) <?php require("top.php"); ?> <?php if (in_array($name, $admin_array)){ // select members for select fields. $result = mysql_query("SELECT name,id FROM login ORDER BY name DESC") or die(mysql_error()); $member_list = ""; while($row = mysql_fetch_array( $result )) { if($row['name'] == $_POST['name']){ $member_list .= "<option selected=\"selected\" value=\"".$row['name']."\">".$row['name']."</option>"; }else{ $member_list .= "<option value=\"".$row['name']."\">".$row['name']."</option>"; } } if(isset($_POST['Update'])){ if(strlen($_POST['credits']) <= 10 and strlen($_POST['money']) <= 10 and strlen($_POST['bullets']) <= 10){ if(is_numeric($_POST['credits']) and is_numeric($_POST['money']) and is_numeric($_POST['bullets'])){ if(empty($_POST['credits'])){ $_POST['credits'] = 0; } if(empty($_POST['money'])){ $_POST['money'] = 0; } if(empty($_POST['bullets'])){ $_POST['bullets'] = 0; } // update state. $creditsgive = abs(intval($_POST['credits'])); $moneygive = abs(intval($_POST['money'])); $bulletsgive = abs(intval($_POST['bullets'])); $result = mysql_query("UPDATE login SET credits='".$creditsgive."', money='".$moneygive."', ammo='".$bulletsgive."' WHERE name='" .mysql_real_escape_string($_POST['name']). "'") or die(mysql_error()); echo "".$_POST['name']."'s items have been changed."; }else{ echo "One or more values are invalid."; } }else{ echo "One or more values are invalid."; } } if(isset($_POST['Search']) or isset($_POST['Update'])){ $sql = "SELECT money,credits,ammo FROM login WHERE name='".mysql_real_escape_string($_POST['name'])."'"; $query = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_object($query); $search_credits = htmlspecialchars($row->credits); $search_money = htmlspecialchars($row->money); $search_ammo = htmlspecialchars($row->ammo); } ?> <form method="post"> <table width="350" border="0" cellpadding="0" cellspacing="2" class="table"> <tr> <td colspan="3" align="left" class="head">Member Management: </td> </tr> <tr> <td colspan="3" align="left" class="sub">Select Member: </td> </tr> <tr> <td align="left" class="cell">Username:</td> <td width="175" align="center" class="cell"><select name="name" class="entryfield" id="name"> <option value="">Select.</option> <?php echo $member_list; ?> </select> </td> <td width="100" align="center" class="cell"> <input name="Search" type="submit" class="button" id="Search" onfocus="if(this.blur)this.blur()" value="Search." /></td> </tr> <tr> <td colspan="3" align="left" class="sub">Options:</td> </tr> <tr> <td width="75" align="left" class="cell">Credits:</td> <td width="275" colspan="2" align="center" class="cell"><input name="credits" type="text" class="entryfield" id="credits" value="<?php echo $search_credits; ?>" maxlength="10" /></td> </tr> <tr> <td width="75" align="left" class="cell">Money:</td> <td width="275" colspan="2" align="center" class="cell"><input name="money" type="text" class="entryfield" id="money" value="<?php echo $search_money; ?>" maxlength="10" /></td> </tr> <tr> <td width="75" align="left" class="cell">Bullets:</td> <td width="275" colspan="2" align="center" class="cell"><input name="bullets" type="text" class="entryfield" id="bullets" value="<?php echo $search_ammo; ?>" maxlength="10" /></td> </tr> <tr> <td colspan="3" align="right" class="submit"><input name="Update" type="submit" class="button" id="Update" onfocus="if(this.blur)this.blur()" value="Update." /></td> </tr> </table> </form> <?php } ?> <?php require("bottom.php"); ?> Added abs intval to the credits, money, bullets... Don't use MRES for a number totaly pointless :) Also try using Mysqli as mysql is less secure... Or something along them lines. GL Edited August 27, 2011 by ShadyCoco Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 27, 2011 Share Posted August 27, 2011 A huge flaw I want to alert you about: You need to do a range check, inval is prone to negative numbers. And the addition of abs() only changes the polarity of the integer. I would suggest: $number = settype($number, 'int');; // turn to int, POST[k] & GET[k] are strings $number = ($number < 0) ? intval((0 - $number)) : $number; Quote Link to comment Share on other sites More sharing options...
ShadyCoco Posted August 27, 2011 Share Posted August 27, 2011 (edited) Oh :( My bad, thanks for the alert spud - it's been a while since I did any real coding :P Edit: This is a player manger system so I don't see why we need protection? If this page is for admin/mods only it really don't need much security :) Edited August 27, 2011 by ShadyCoco Adding some info Quote Link to comment Share on other sites More sharing options...
Spudinski Posted August 27, 2011 Share Posted August 27, 2011 It's always good to have allround good security. One never know when an admin might get hacked, or even non-technological admins. Quote Link to comment Share on other sites More sharing options...
ShadyCoco Posted August 27, 2011 Share Posted August 27, 2011 Good point. I've always liked having a 2nd step for anything that can cause problems in my game. IE admin/staff panels. A 2nd password, custom admin login names. Thay is always more you can do but then it becomes over kill and slows the page down. :) Quote Link to comment Share on other sites More sharing options...
lordtorren Posted September 28, 2011 Share Posted September 28, 2011 Help me if you can, please Hey whats up i'm new here, Okay i know that you guys must get alot of help requests, so im sorry for my apparent nubness. Never coded in PHP so im brand new to it. I USED to code in C# but that was when i was a teen. But my question is how do i link the files. BTW i'm using Dayo's GL v.80 script. Everything seems to be working right. except i dont know what u mean when you say link in top.php and this is what happens at the registration screen Warning: include_once(config.php) [function.include-once]: failed to open stream: No such file or directory in /home/bloodcou/public_html/register.php on line 43 Warning: include_once() [function.include]: Failed opening 'config.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/bloodcou/public_html/register.php on line 43 Warning: include_once(connect.php) [function.include-once]: failed to open stream: No such file or directory in /home/bloodcou/public_html/register.php on line 44 Warning: include_once() [function.include]: Failed opening 'connect.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/bloodcou/public_html/register.php on line 44 Quote Link to comment Share on other sites More sharing options...
Neon Posted September 28, 2011 Share Posted September 28, 2011 The linking files could mean including/requiring them. What the means is you get access to the functions, variables and classes within those files. So you simply do require_once or include_once in your script with the parameter being the absolute path to the file. As for those 2 errors, the files (config.php & connect.php) couldn't be loaded. Check that they exist first off, and if they do check that there CHMODed at least above 600. If none of that works then the lines in register.php (line 43 & 44) must be pointing the wrong location. Hope that helps. Quote Link to comment Share on other sites More sharing options...
lordtorren Posted September 28, 2011 Share Posted September 28, 2011 thanx 4 resonse The linking files could mean including/requiring them. What the means is you get access to the functions, variables and classes within those files. So you simply do require_once or include_once in your script with the parameter being the absolute path to the file. As for those 2 errors, the files (config.php & connect.php) couldn't be loaded. Check that they exist first off, and if they do check that there CHMODed at least above 600. If none of that works then the lines in register.php (line 43 & 44) must be pointing the wrong location. Hope that helps. thanks for the response. okay. i still dont get what you mean sorry. I'm thinking of learning to code in php but it seems kinda hard. and as for the 2 errors. the files do exist and anyone can register its just that message wont go away, and they're CHMODed to 644 i wouldnt know how to fix if they were pointing in the wrong direction Quote Link to comment Share on other sites More sharing options...
jamiee Posted September 28, 2011 Author Share Posted September 28, 2011 you said you had the files, they are just in the wrong place. look where they are being included from and put them where it says Quote Link to comment Share on other sites More sharing options...
lordtorren Posted September 28, 2011 Share Posted September 28, 2011 this php and mySQL stuff is a lil complicated you said you had the files, they are just in the wrong place. look where they are being included from and put them where it says Shouldnt i maintain the file structure though. The placement of the files arent like in the original GL script. There's more folders and everything isnt thrown together, so if i move em to where they should be pointing will that cause an error because another file is looking for it? Does anyone have teamview so i could show you what i mean? Quote Link to comment Share on other sites More sharing options...
Neon Posted September 28, 2011 Share Posted September 28, 2011 You have 2 choices 1) Adjust the path to the files in register.php, so it points correctly. 2) Move the files to match the path in register.php, and hope nothing else breaks. That being said. I'm at my computer for another 30ish minutes. PM me your digits, and I'll take a look. Quote Link to comment Share on other sites More sharing options...
jamiee Posted September 28, 2011 Author Share Posted September 28, 2011 or you could put them in no file and require it like require("../../filename.php"); Quote Link to comment Share on other sites More sharing options...
Dayo Posted September 28, 2011 Share Posted September 28, 2011 I'll convert this to the latest version when I get home :) Quote Link to comment Share on other sites More sharing options...
realmoflegends Posted September 29, 2011 Share Posted September 29, 2011 Dayo: Progress on getting to 1.0 of this script? :) Quote Link to comment Share on other sites More sharing options...
Newbie Posted February 7, 2012 Share Posted February 7, 2012 Hey whats up i'm new here, Okay i know that you guys must get alot of help requests, so im sorry for my apparent nubness. Never coded in PHP so im brand new to it. I USED to code in C# but that was when i was a teen. But my question is how do i link the files. BTW i'm using Dayo's GL v.80 script. Everything seems to be working right. except i dont know what u mean when you say link in top.php and this is what happens at the registration screen basicly it cant open the connect file because it cant find it goto register.php and edit the file for example include_once(config.php) would be if you not moved your files include_once(safe/config.php) Quote Link to comment Share on other sites More sharing options...
elitter Posted January 9, 2013 Share Posted January 9, 2013 i cant get it to do anything it shows on the top of the header as a admin tag. but when i click on it i get a blank screen. i moved the admin.php to the main directory and out of the themes/ dir i still dont get anything im missing something somewere lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.