Jump to content
MakeWebGames

Another mod.

The Coder

By The Coder
in Engine Support

 Share

Recommended Posts

The Coder Newbie

The Coder

Posted
Posted

Hey all, while struggling with my SQL error on the other thread, I stumbled across a "Topsite Voting Script" made by Cronus, however, how do I make the feature accessible for one more user? ID 1 & 2, as ID 1 is the only administrator which can edit the rewards & links. Do I change something in the voting.php file if so, what? I'll include the file below:-

 

<?php
include "globals.php";

$time=time();
$huj=$db->query("SELECT * FROM votes WHERE userid=0");
$ts=$db->fetch_row($huj);
if($ts['site'] < $time)
{
$db->query("DELETE FROM votes WHERE userid>0");
$new=mktime(0,0,0)+86400;
$db->query("UPDATE votes SET site=$new WHERE userid=0");
}

print "<br><br><center>";
if($userid == 1)
{
print"<a href=voting.php?add=site>Add New Voting Site</a><br><br>";
}
$width=50;
$second="";
if($userid == 2)
{
$width=70;
$second="<th>---</th><th>---</th>";
}
print"<table width=$width% border=1>
<tr><th>Voting Site</th><th>Reward</th><th>---</th>$second</tr>";
$hk=$db->query("SELECT * FROM votingsites");
while($r=$db->fetch_row($hk))
{
$blahhh=$db->query("SELECT * FROM votes WHERE site={$r['id']} && userid=$userid");
if($db->num_rows($blahhh) > 0)
{
$link="<font color=red><i>Done!</i></font>";
}
else
{
$link="<a href=voted.php?ID={$r['id']} target=_blank><b><font color=green>Vote</font></b></a>";
}
if($r['rewardtype'] == 1)
{
$reward=money_formatter($r['reward']);
}
if($r['rewardtype'] == 2 && $r['reward'] > 1)
{
$reward="{$r['reward']} Crystals";
}
if($r['rewardtype'] == 2 && $r['reward'] == 1)
{
$reward="{$r['reward']} Crystal";
}
if($r['rewardtype'] == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid={$r['reward']}");
$item=$db->fetch_row($juk);
$reward="{$item['itmname']}";
}
if($r['rewardtype'] == 4)
{
$reward="{$r['reward']} Energy";
}
if($r['rewardtype'] == 5)
{
$reward="{$r['reward']} Brave";
}
if($r['rewardtype'] == 6)
{
$reward="{$r['reward']} Will";
}
if($userid == 1)
{
$sekond="<td><center><a href=voting.php?edit={$r['id']}><font color=blue>Edit</font></a></center></td><td><center><a href=voting.php?del={$r['id']}><font color=red>Del</font></a></center></td>";
}
print"<tr><td>{$r['name']}</td><td><center>$reward</center></td><td><center>$link</center></td>$sekond</tr>";
}
print"</table></center>";


if($userid == 2 && $_GET['add'])
{
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("INSERT INTO votingsites VALUES ('','$name','$link','$type','$reward');");
print"<center>You have successfully added the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?add=site' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Add A New Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$_POST['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$_POST['link']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option value='1'>Money
<option value='2'>Crystals
<option value='3'>Item
<option value='4'>Energy
<option value='5'>Brave
<option value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$_POST['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Add New Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['edit'])
{
$_GET['edit'] = abs((int) $_GET['edit']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['edit']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>>Back</center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("UPDATE votingsites SET name='$name' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET url='$link' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET rewardtype='$type' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET reward='$reward' WHERE id='{$_GET['edit']}'");
print"<center>You have successfully edited the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?edit={$_GET['edit']}' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Edit An Existing Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$r['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$r['url']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option ";
if($r['rewardtype'] == 1)
{
print"selected ";
}
print"value='1'>Money
<option ";
if($r['rewardtype'] == 2)
{
print"selected ";
}
print"value='2'>Crystals
<option ";
if($r['rewardtype'] == 3)
{
print"selected ";
}
print"value='3'>Item
<option ";
if($r['rewardtype'] == 4)
{
print"selected ";
}
print"value='4'>Energy
<option ";
if($r['rewardtype'] == 5)
{
print"selected ";
}
print"value='5'>Brave
<option ";
if($r['rewardtype'] == 6)
{
print"selected ";
}
print"value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$r['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Edit Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['del'])
{
$_GET['del'] = abs((int) $_GET['del']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['del']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>><a href=voting.php>Back</a></center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_GET['confirm'])
{
$db->query("DELETE FROM votingsites WHERE id='{$_GET['del']}'");
print"<center>You have successfully deleted the site: {$r['name']}<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?del={$_GET['del']}&confirm=delete' method='post'>
<table width=55% border=1>
<tr>
<th colspan=2>Are you sure you would like to delete {$r['name']}?</th>
</tr>
<tr>
<th colspan=2><input type='submit' value='Delete Voting Site' /></form></th>
</tr>
</table>";
}
}
$h->endpage();
?>

 

Thanks guys, I really appreciate it. :)

mixmaster Newbie

mixmaster

Posted
Posted (edited)
Hey all, while struggling with my SQL error on the other thread, I stumbled across a "Topsite Voting Script" made by Cronus, however, how do I make the feature accessible for one more user? ID 1 & 2, as ID 1 is the only administrator which can edit the rewards & links. Do I change something in the voting.php file if so, what? I'll include the file below:-

 

<?php
include "globals.php";

$time=time();
$huj=$db->query("SELECT * FROM votes WHERE userid=0");
$ts=$db->fetch_row($huj);
if($ts['site'] < $time)
{
$db->query("DELETE FROM votes WHERE userid>0");
$new=mktime(0,0,0)+86400;
$db->query("UPDATE votes SET site=$new WHERE userid=0");
}

print "<br><br><center>";
if($userid == 1)
{
print"<a href=voting.php?add=site>Add New Voting Site</a><br><br>";
}
$width=50;
$second="";
if($userid == 2)
{
$width=70;
$second="<th>---</th><th>---</th>";
}
print"<table width=$width% border=1>
<tr><th>Voting Site</th><th>Reward</th><th>---</th>$second</tr>";
$hk=$db->query("SELECT * FROM votingsites");
while($r=$db->fetch_row($hk))
{
$blahhh=$db->query("SELECT * FROM votes WHERE site={$r['id']} && userid=$userid");
if($db->num_rows($blahhh) > 0)
{
$link="<font color=red><i>Done!</i></font>";
}
else
{
$link="<a href=voted.php?ID={$r['id']} target=_blank><b><font color=green>Vote</font></b></a>";
}
if($r['rewardtype'] == 1)
{
$reward=money_formatter($r['reward']);
}
if($r['rewardtype'] == 2 && $r['reward'] > 1)
{
$reward="{$r['reward']} Crystals";
}
if($r['rewardtype'] == 2 && $r['reward'] == 1)
{
$reward="{$r['reward']} Crystal";
}
if($r['rewardtype'] == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid={$r['reward']}");
$item=$db->fetch_row($juk);
$reward="{$item['itmname']}";
}
if($r['rewardtype'] == 4)
{
$reward="{$r['reward']} Energy";
}
if($r['rewardtype'] == 5)
{
$reward="{$r['reward']} Brave";
}
if($r['rewardtype'] == 6)
{
$reward="{$r['reward']} Will";
}
if($userid == 1)
{
$sekond="<td><center><a href=voting.php?edit={$r['id']}><font color=blue>Edit</font></a></center></td><td><center><a href=voting.php?del={$r['id']}><font color=red>Del</font></a></center></td>";
}
print"<tr><td>{$r['name']}</td><td><center>$reward</center></td><td><center>$link</center></td>$sekond</tr>";
}
print"</table></center>";


if($userid == 2 && $_GET['add'])
{
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("INSERT INTO votingsites VALUES ('','$name','$link','$type','$reward');");
print"<center>You have successfully added the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?add=site' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Add A New Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$_POST['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$_POST['link']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option value='1'>Money
<option value='2'>Crystals
<option value='3'>Item
<option value='4'>Energy
<option value='5'>Brave
<option value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$_POST['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Add New Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['edit'])
{
$_GET['edit'] = abs((int) $_GET['edit']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['edit']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>>Back</center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_POST['name'] && $_POST['link'] && $_POST['type'] && $_POST['reward'])
{
$type = abs((int) $_POST['type']);
$reward = abs((int) $_POST['reward']);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['name']));
$name = mysql_real_escape_string($info);
$info=str_replace(array("'","\n"),array("'","<br />"),strip_tags($_POST['link']));
$link = mysql_real_escape_string($info);
if($type == 3)
{
$juk=$db->query("SELECT * FROM items WHERE itmid=$reward");
if($db->num_rows($juk) == 0)
{
print"<center>The item you have selected for a reward does not exist.<br>><a href=voting.php>Back</a>";
die("");
}
}
$db->query("UPDATE votingsites SET name='$name' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET url='$link' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET rewardtype='$type' WHERE id='{$_GET['edit']}'");
$db->query("UPDATE votingsites SET reward='$reward' WHERE id='{$_GET['edit']}'");
print"<center>You have successfully edited the site: $name<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?edit={$_GET['edit']}' method='post'>
<table width=40% border=1>
<tr>
<th colspan=2>Edit An Existing Voting Site</th>
</tr>
<tr>
<th>Name:</th>
<td><center><input type='text' name='name' value='{$r['name']}' /></center></td>
</tr>
<tr>
<th>Voting Link:<br><font size=1 color=red>Include http://<font></th>
<td><center><input type='text' name='link' value='{$r['url']}' /></center></td>
</tr>
<tr>
<th>Reward Type:</th>
<td><center><select type='dropdown' name='type'>
<option ";
if($r['rewardtype'] == 1)
{
print"selected ";
}
print"value='1'>Money
<option ";
if($r['rewardtype'] == 2)
{
print"selected ";
}
print"value='2'>Crystals
<option ";
if($r['rewardtype'] == 3)
{
print"selected ";
}
print"value='3'>Item
<option ";
if($r['rewardtype'] == 4)
{
print"selected ";
}
print"value='4'>Energy
<option ";
if($r['rewardtype'] == 5)
{
print"selected ";
}
print"value='5'>Brave
<option ";
if($r['rewardtype'] == 6)
{
print"selected ";
}
print"value='6'>Will
</select></center></td>
</tr>
<tr>
<th>Reward Amount:<br><font size=1 color=red>If Item Put ID #</font></th>
<td><center><input type='text' name='reward' value='{$r['reward']}' /></center></td>
</tr>
<tr>
<th colspan=2><input type='submit' value='Edit Voting Site' /></form></th>
</tr>
</table>";
}
}

if($userid == 2 && $_GET['del'])
{
$_GET['del'] = abs((int) $_GET['del']);
$blak=$db->query("SELECT * FROM votingsites WHERE id={$_GET['del']}");
if($db->num_rows($blak) == 0)
{
print"<center>This voting site does not exist!<br>><a href=voting.php>Back</a></center>";
die("");
}
else
{
$r=$db->fetch_row($blak);
}
print"<br><hr width=75%><br>";
if($_GET['confirm'])
{
$db->query("DELETE FROM votingsites WHERE id='{$_GET['del']}'");
print"<center>You have successfully deleted the site: {$r['name']}<br>><a href=voting.php>Back</a>";
}
else
{
print"<form action='voting.php?del={$_GET['del']}&confirm=delete' method='post'>
<table width=55% border=1>
<tr>
<th colspan=2>Are you sure you would like to delete {$r['name']}?</th>
</tr>
<tr>
<th colspan=2><input type='submit' value='Delete Voting Site' /></form></th>
</tr>
</table>";
}
}
$h->endpage();
?>

 

Thanks guys, I really appreciate it. :)

change all $userid == 1 to $ir['user_level'] == 2 (or which staff members you want to allow access to)

Edited by mixmaster
Uridium Rising Star

Uridium

Posted
Posted

Coder i think your trying to do too many tasks at once fix your SQL error firstly then move onto the next item on the agenda or otherwise you will end up with broken scripts all over the place and not remember which ones need fixing

KyleMassacre Collaborator

KyleMassacre

Posted
Posted

One problem with using $ir['user_level']==2 is its still not the safest way because of the vast amounts of user level hacks. Try using an array and add in the userids into it but this is just a preference and im sure some may disagree.

Seker Newbie

Seker

Posted
Posted
One problem with using $ir['user_level']==2 is its still not the safest way because of the vast amounts of user level hacks. Try using an array and add in the userids into it but this is just a preference and im sure some may disagree.

This.

Try:

$votestaff = array('1','2','3');
if (in_array($userid,$votestaff))
{
    //insert code here
}

 

Something like that, I believe.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...