Jump to content
MakeWebGames

Another mod.

The Coder

By The Coder
in Engine Support

 Share

Recommended Posts

The Coder Newbie

The Coder

Posted
Posted

Hey all, while struggling with my SQL error on the other thread, I stumbled across a "Topsite Voting Script" made by Cronus, however, how do I make the feature accessible for one more user? ID 1 & 2, as ID 1 is the only administrator which can edit the rewards & links. Do I change something in the voting.php file if so, what? I'll include the file below:-

 

<?php
include "globals.php";

$time=time();
$huj=$db->query("SELECT * FROM votes WHERE userid=0");
$ts=$db->fetch_row($huj);
if($ts['site'] < $time)
{
$db->query("DELETE FROM votes WHERE userid>0");
$new=mktime(0,0,0)+86400;
$db->query("UPDATE votes SET site=$new WHERE userid=0");
}

print "<br><br><center>";
if($userid == 1)
{
print"<a href=voting.php?add=site>Add New Voting Site</a><br><br>";
}
$width=50;
$second="";
if($userid == 2)
{
$width=70;
$second="<th>---</th><th>---</th>";
}
print"<table width=$width% border=1>
<tr><th>Voting Site</th><th>Reward</th><th>---</th>$second</tr>";
$hk=$db->query("SELECT * FROM votingsites");
while($r=$db->fetch_row($hk))
{
$blahhh=$db->query("SELECT * FROM votes WHERE site={$r['id']} && userid=$userid");
if($db->num_rows($blahhh) > 0)
{
$link="<font color=red><i>Done!</i></font>";
}
else
{
$link="<a href=voted.php?ID={$r['id']} target=_blank><b><font color=green>Vote</font></b></a>";
}
if($r['rewardtype'] == 1)
{
$reward=money_formatter($r['reward']);
}
if($r['rewardtype'] == 2 && $r['reward'] > 1)
{
$reward="{$r['reward']} Crystals";
}
if($r['rewardtype'] == 2 && $r['reward'] == 1)
{
$reward="{$r['reward']} Crystal";
}
if($r['rewardtype'] == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid={$r['reward']}");
$item=$db->fetch_row($juk);
$reward="{$item['itmname']}";
}
if($r['rewardtype'] == 4)
{
$reward="{$r['reward']} Energy";
}
if($r['rewardtype'] == 5)
{
$reward="{$r['reward']} Brave";
}
if($r['rewardtype'] == 6)
{
$reward="{$r['reward']} Will";
}
if($userid == 1)
{
$sekond="<td><center><a href=voting.php?edit={$r['id']}><font color=blue>Edit</font></a></center></td><td><center><a href=voting.php?del={$r['id']}><font color=red>Del</font></a></center></td>";
}
print"<tr><td>{$r['name']}</td><td><center>$reward</center></td><td><center>$link</center></td>$sekond</tr>";
}
print"</table></center>";


if($userid == 2 && $_GET['add'])
{
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("INSERT INTO votingsites VALUES ('','$name','$link','$type','$reward');");
print"<center>You have successfully added the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?add=site' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Add A New Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$_POST['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$_POST['link']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option value='1'>Money
<option value='2'>Crystals
<option value='3'>Item
<option value='4'>Energy
<option value='5'>Brave
<option value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$_POST['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Add New Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['edit'])
{
$_GET['edit'] = abs((int) $_GET['edit']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['edit']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>>Back</center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("UPDATE votingsites SET name='$name' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET url='$link' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET rewardtype='$type' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET reward='$reward' WHERE id='{$_GET['edit']}'");
print"<center>You have successfully edited the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?edit={$_GET['edit']}' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Edit An Existing Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$r['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$r['url']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option ";
if($r['rewardtype'] == 1)
{
print"selected ";
}
print"value='1'>Money
<option ";
if($r['rewardtype'] == 2)
{
print"selected ";
}
print"value='2'>Crystals
<option ";
if($r['rewardtype'] == 3)
{
print"selected ";
}
print"value='3'>Item
<option ";
if($r['rewardtype'] == 4)
{
print"selected ";
}
print"value='4'>Energy
<option ";
if($r['rewardtype'] == 5)
{
print"selected ";
}
print"value='5'>Brave
<option ";
if($r['rewardtype'] == 6)
{
print"selected ";
}
print"value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$r['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Edit Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['del'])
{
$_GET['del'] = abs((int) $_GET['del']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['del']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>><a href=voting.php>Back</a></center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_GET['confirm'])
{
$db->query("DELETE FROM votingsites WHERE id='{$_GET['del']}'");
print"<center>You have successfully deleted the site: {$r['name']}<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?del={$_GET['del']}&confirm=delete' method='post'>
<table width=55% border=1>
<tr>
<th colspan=2>Are you sure you would like to delete {$r['name']}?</th>
</tr>
<tr>
<th colspan=2><input type='submit' value='Delete Voting Site' /></form></th>
</tr>
</table>";
}
}
$h->endpage();
?>

 

Thanks guys, I really appreciate it. :)

Link to comment
Share on other sites
mixmaster Newbie

mixmaster

Posted
Posted (edited)
Hey all, while struggling with my SQL error on the other thread, I stumbled across a "Topsite Voting Script" made by Cronus, however, how do I make the feature accessible for one more user? ID 1 & 2, as ID 1 is the only administrator which can edit the rewards & links. Do I change something in the voting.php file if so, what? I'll include the file below:-

 

<?php
include "globals.php";

$time=time();
$huj=$db->query("SELECT * FROM votes WHERE userid=0");
$ts=$db->fetch_row($huj);
if($ts['site'] < $time)
{
$db->query("DELETE FROM votes WHERE userid>0");
$new=mktime(0,0,0)+86400;
$db->query("UPDATE votes SET site=$new WHERE userid=0");
}

print "<br><br><center>";
if($userid == 1)
{
print"<a href=voting.php?add=site>Add New Voting Site</a><br><br>";
}
$width=50;
$second="";
if($userid == 2)
{
$width=70;
$second="<th>---</th><th>---</th>";
}
print"<table width=$width% border=1>
<tr><th>Voting Site</th><th>Reward</th><th>---</th>$second</tr>";
$hk=$db->query("SELECT * FROM votingsites");
while($r=$db->fetch_row($hk))
{
$blahhh=$db->query("SELECT * FROM votes WHERE site={$r['id']} && userid=$userid");
if($db->num_rows($blahhh) > 0)
{
$link="<font color=red><i>Done!</i></font>";
}
else
{
$link="<a href=voted.php?ID={$r['id']} target=_blank><b><font color=green>Vote</font></b></a>";
}
if($r['rewardtype'] == 1)
{
$reward=money_formatter($r['reward']);
}
if($r['rewardtype'] == 2 && $r['reward'] > 1)
{
$reward="{$r['reward']} Crystals";
}
if($r['rewardtype'] == 2 && $r['reward'] == 1)
{
$reward="{$r['reward']} Crystal";
}
if($r['rewardtype'] == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid={$r['reward']}");
$item=$db->fetch_row($juk);
$reward="{$item['itmname']}";
}
if($r['rewardtype'] == 4)
{
$reward="{$r['reward']} Energy";
}
if($r['rewardtype'] == 5)
{
$reward="{$r['reward']} Brave";
}
if($r['rewardtype'] == 6)
{
$reward="{$r['reward']} Will";
}
if($userid == 1)
{
$sekond="<td><center><a href=voting.php?edit={$r['id']}><font color=blue>Edit</font></a></center></td><td><center><a href=voting.php?del={$r['id']}><font color=red>Del</font></a></center></td>";
}
print"<tr><td>{$r['name']}</td><td><center>$reward</center></td><td><center>$link</center></td>$sekond</tr>";
}
print"</table></center>";


if($userid == 2 && $_GET['add'])
{
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("INSERT INTO votingsites VALUES ('','$name','$link','$type','$reward');");
print"<center>You have successfully added the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?add=site' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Add A New Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$_POST['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$_POST['link']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option value='1'>Money
<option value='2'>Crystals
<option value='3'>Item
<option value='4'>Energy
<option value='5'>Brave
<option value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$_POST['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Add New Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['edit'])
{
$_GET['edit'] = abs((int) $_GET['edit']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['edit']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>>Back</center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("UPDATE votingsites SET name='$name' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET url='$link' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET rewardtype='$type' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET reward='$reward' WHERE id='{$_GET['edit']}'");
print"<center>You have successfully edited the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?edit={$_GET['edit']}' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Edit An Existing Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$r['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$r['url']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option ";
if($r['rewardtype'] == 1)
{
print"selected ";
}
print"value='1'>Money
<option ";
if($r['rewardtype'] == 2)
{
print"selected ";
}
print"value='2'>Crystals
<option ";
if($r['rewardtype'] == 3)
{
print"selected ";
}
print"value='3'>Item
<option ";
if($r['rewardtype'] == 4)
{
print"selected ";
}
print"value='4'>Energy
<option ";
if($r['rewardtype'] == 5)
{
print"selected ";
}
print"value='5'>Brave
<option ";
if($r['rewardtype'] == 6)
{
print"selected ";
}
print"value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$r['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Edit Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['del'])
{
$_GET['del'] = abs((int) $_GET['del']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['del']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>><a href=voting.php>Back</a></center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_GET['confirm'])
{
$db->query("DELETE FROM votingsites WHERE id='{$_GET['del']}'");
print"<center>You have successfully deleted the site: {$r['name']}<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?del={$_GET['del']}&confirm=delete' method='post'>
<table width=55% border=1>
<tr>
<th colspan=2>Are you sure you would like to delete {$r['name']}?</th>
</tr>
<tr>
<th colspan=2><input type='submit' value='Delete Voting Site' /></form></th>
</tr>
</table>";
}
}
$h->endpage();
?>

 

Thanks guys, I really appreciate it. :)

change all $userid == 1 to $ir['user_level'] == 2 (or which staff members you want to allow access to)

Edited by mixmaster
Link to comment
Share on other sites
Seker Newbie

Seker

Posted
Posted
One problem with using $ir['user_level']==2 is its still not the safest way because of the vast amounts of user level hacks. Try using an array and add in the userids into it but this is just a preference and im sure some may disagree.

This.

Try:

$votestaff = array('1','2','3');
if (in_array($userid,$votestaff))
{
    //insert code here
}

 

Something like that, I believe.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...