Jump to content
MakeWebGames

Edit User Doesn't Work?


bloodless2010
 Share

Recommended Posts

Okay guys, I have a problem and I'm using the default staff panel for V1,

But here's a weird error, Whenever I edit a user (that's not myself)

for example if I edit user 2

and click submit, it will tell me that

'That username is already in use.'

When I removed the code that checked for that, I noticed that the submit button only edits the code for MY user, (ID 1).

So I don't understand how this is happening, I haven't changed any of the code,

Example;

I edit user ID #2, and click the submit info button for the editing, it tells me Username is already in use. This is because it thinks the userid is always 1. So basically whoever I edit it's really editing myself, but shows their info.

Please help me! I'm really confused by this.

Link to comment
Share on other sites

<?php
if (!defined('IN_STAFF'))
{
   header('HTTP/1.1 400 Bad Request');
   exit;
}

// Admin/Secretary/Assistant

function fed_user_form()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Jailing User</h3>
The user will be put in fed jail and will be unable to do anything in the game.<br />
<form action='new_staff.php?action=fedsub' method='post'>
User: " . user_dropdown($c, 'user', $_GET['XID'])
                   . "<br />
Days: <input type='text' name='days' /><br />
Reason: <input type='text' name='reason' /><br />
<input type='submit' value='Jail User' /></form>";
}

function fed_user_submit()
{
   global $ir, $c, $h, $userid;
   $ins_user = abs((int) $_POST['user']);
   $ins_days = abs((int) $_POST['days']);
   $ins_reason =
           mysql_real_escape_string(
                   htmlentities(stripslashes($_POST['reason']), ENT_QUOTES,
                           'ISO-8859-1'), $c);
   $q = mysql_query("SELECT * FROM users WHERE userid={$ins_user}", $c);
   if (mysql_num_rows($q) == 0)
   {
       return;
   }
   $r = mysql_fetch_array($q);
   if (($ir['user_level'] != 2)
           && ($r['user_level'] == 2 || $r['user_level'] == 3))
   {
       print "You cannot jail other staff.";
   }
   else
   {
       $re =
               mysql_query(
                       "UPDATE users SET fedjail=1 WHERE userid={$ins_user}",
                       $c);
       if (mysql_affected_rows($c))
       {
           mysql_query(
                   "INSERT INTO fedjail VALUES(NULL,{$ins_user},{$ins_days},$userid,'{$ins_reason}')",
                   $c);
       }
       mysql_query(
               "INSERT INTO jaillogs VALUES(NULL,$userid, {$ins_user}, {$ins_days}, '{$ins_reason}',"
                       . time() . ")", $c);
       print "User jailed.";
   }
}

function unfed_user_form()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Unjailing User</h3>
The user will be taken out of fed jail.<br />
<form action='new_staff.php?action=unfedsub' method='post'>
User: " . fed_user_dropdown($c, 'user')
                   . "<br />
<input type='submit' value='Unjail User' /></form>";
}

function unfed_user_submit()
{
   global $ir, $c, $h, $userid;
   $ins_user = abs((int) $_POST['user']);
   mysql_query("UPDATE users SET fedjail=0 WHERE userid={$ins_user}", $c);
   mysql_query("DELETE FROM fedjail WHERE fed_userid={$ins_user}", $c);
   mysql_query(
           "INSERT INTO unjaillogs VALUES(NULL,$userid, {$ins_user}, "
                   . time() . ")", $c);
   print "User unjailed.";
}

function view_attack_logs()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Attack Logs</h3>
<table width=75%><tr style='background:gray'><th>Time</th><th>Detail</th></tr>";
   $q = mysql_query("SELECT * FROM attacklogs ORDER BY time DESC", $c);
   while ($r = mysql_fetch_array($q))
   {
       print 
               "<tr><td>" . date('F j, Y, g:i:s a', $r['time'])
                       . "</td><td>{$r['attacker']} attacked {$r['attacked']} and {$r['result']} and stole \${$r['stole']}</td></tr>";
   }
   print "</table>";
}

function ip_search_form()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>IP Search</h3>
<form action='new_staff.php?action=ipsub' method='post'>
IP: <input type='text' name='ip' value='...' /><br />
<input type='submit' value='Search' /></form>";
}

function ip_search_submit()
{
   global $ir, $c, $h, $userid;
   $disp_ip =
           htmlentities(stripslashes($_POST['ip']), ENT_QUOTES, 'ISO-8859-1');
   $mysql_ip = mysql_real_escape_string(stripslashes($_POST['ip']), $c);
   print 
           "Searching for users with the IP: <b>{$disp_ip}</b><br />
<table width=75%><tr style='background:gray'> <th>User</th> <th>Level</th> <th>Money</th> </tr>";
   $q = mysql_query("SELECT * FROM users WHERE lastip='{$mysql_ip}'", $c);
   $ids = array();
   while ($r = mysql_fetch_array($q))
   {
       $ids[] = $r['userid'];
       print 
               "\n<tr> <td> <a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a></td> <td> {$r['level']}</td> <td>{$r['money']}</td> </tr>";
   }
   print 
           "</table><br />
<b>Mass Jail</b><br />
<form action='new_staff.php?action=massjailip' method='post'>
<input type='hidden' name='ids' value='" . implode(",", $ids)
                   . "' /> Days: <input type='text' name='days' value='300' /> <br />
Reason: <input type='text' name='reason' value='Same IP users, Mail [email protected] with your case.' /><br />
<input type='submit' value='Mass Jail' /></form>";
}

function mass_jail()
{
   global $ir, $c, $h, $userid;
   $ids = explode(",", $_POST['ids']);
   $ins_days = abs((int) $_POST['days']);
   $ins_reason =
           mysql_real_escape_string(
                   htmlentities(stripslashes($_POST['reason']), ENT_QUOTES,
                           'ISO-8859-1'), $c);
   foreach ($ids as $id)
   {
       if (ctype_digit($id))
       {
           $q = mysql_query("SELECT * FROM users WHERE userid=$id", $c);
           if (mysql_num_rows($q) == 0)
           {
               continue;
           }
           $r = mysql_fetch_array($q);
           if (($ir['user_level'] != 2)
                   && ($r['user_level'] == 2 || $r['user_level'] == 3))
           {
               print "You cannot jail other staff.";
           }
           else
           {
               $re =
                       mysql_query(
                               "UPDATE users SET fedjail=1 WHERE userid={$id}",
                               $c);
               if (mysql_affected_rows($c))
               {
                   mysql_query(
                           "INSERT INTO fedjail VALUES(NULL,{$id},{$ins_days},$userid,'{$ins_reason}')",
                           $c);
               }
               mysql_query(
                       "INSERT INTO jaillogs VALUES(NULL,$userid, {$id}, {$ins_days}, '{$ins_reason}',"
                               . time() . ")", $c);
               print "User jailed : $id.";

           }
       }
   }
}

function view_itm_logs()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Item Xfer Logs</h3>
<table width=75%><tr style='background:gray'><th>Time</th><th>Detail</th></tr>";
   $q =
           mysql_query(
                   "SELECT ix.*,u1.username as sender, u2.username as sent,i.itmname as item
                   FROM itemxferlogs ix
                   LEFT JOIN users u1 ON ix.ixFROM=u1.userid
                   LEFT JOIN users u2 ON ix.ixTO=u2.userid
                   LEFT JOIN items i ON i.itmid=ix.ixITEM
                   ORDER BY ix.ixTIME DESC", $c);
   while ($r = mysql_fetch_array($q))
   {
       print 
               "<tr><td>" . date("F j, Y, g:i:s a", $r['ixTIME'])
                       . "</td><td>{$r['sender']} sent {$r['ixQTY']}  {$r['item']}(s) to {$r['sent']} </td></tr>";
   }
   print "</table>";
}

function view_cash_logs()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Cash Xfer Logs</h3>
<table width=75% border=1> <tr style='background:gray'> <th>ID</th> <th>Time</th> <th>User From</th> <th>User To</th> <th>Multi?</th> <th>Amount</th> <th> </th> </tr>";
   $q =
           mysql_query(
                   "SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid ORDER BY cx.cxTIME DESC",
                   $c)
           or die(
                   mysql_error() . "<br />"
                           . "SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid ORDER BY cx.cxTIME DESC");
   while ($r = mysql_fetch_array($q))
   {
       if ($r['cxFROMIP'] == $r['cxTOIP'])
       {
           $m = "<span style='color:red;font-weight:800'>MULTI</span>";
       }
       else
       {
           $m = "";
       }
       print 
               "<tr><td>{$r['cxID']}</td> <td>"
                       . date("F j, Y, g:i:s a", $r['cxTIME'])
                       . "</td><td><a href='viewuser.php?u={$r['cxFROM']}'>{$r['sender']}</a> [{$r['cxFROM']}] (IP: {$r['cxFROMIP']}) </td><td><a href='viewuser.php?u={$r['cxTO']}'>{$r['sent']}</a> [{$r['cxTO']}] (IP: {$r['cxTOIP']}) </td> <td>$m</td> <td> \${$r['cxAMOUNT']}</td> <td> [<a href='new_staff.php?action=fedform&XID={$r['cxFROM']}'>Jail Sender</a>] [<a href='new_staff.php?action=fedform&XID={$r['cxTO']}'>Jail Receiver</a>]</td> </tr>";
   }
   print "</table>";
}

// Admin or Secretary

function give_item_form()
{
   global $ir, $c;
   print 
           "<h3>Giving Item To User</h3>
<form action='new_staff.php?action=giveitemsub' method='post'>
User: " . user_dropdown($c, 'user') . "<br />
Item: " . item_dropdown($c, 'item')
                   . "<br />
Quantity: <input type='text' name='qty' value='1' /><br />
<input type='submit' value='Give Item' /></form>";
}

function give_item_submit()
{
   global $ir, $c;
   $_POST['item'] = abs(@intval($_POST['item']));
   $_POST['user'] = abs(@intval($_POST['user']));
   $_POST['qty'] = abs(@intval($_POST['qty']));
   $d =
           mysql_query(
                   "SELECT COUNT(itmid) FROM items WHERE itmid={$_POST['item']}",
                   $c);
   if (mysql_result($d, 0, 0) == 0)
   {
       print "There is no such item.";
       return;
   }
   mysql_query(
           "INSERT INTO inventory VALUES(NULL,{$_POST['item']},{$_POST['user']},{$_POST['qty']})",
           $c) or die(mysql_error());
   print 
           "You gave {$_POST['qty']} of item ID {$_POST['item']} to user ID {$_POST['user']}";
}

function mail_user_form()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Mail Banning User</h3>
The user will be banned from the mail system.<br />
<form action='new_staff.php?action=mailsub' method='post'>
User: " . user_dropdown($c, 'user', $_GET['XID'])
                   . "<br />
Days: <input type='text' name='days' /><br />
Reason: <input type='text' name='reason' /><br />
<input type='submit' value='Mailban User' /></form>";
}

function mail_user_submit()
{
   global $ir, $c, $h, $userid;
   $ins_user = abs((int) $_POST['user']);
   $ins_days = abs((int) $_POST['days']);
   $ins_reason =
           mysql_real_escape_string(
                   htmlentities(stripslashes($_POST['reason']), ENT_QUOTES,
                           'ISO-8859-1'), $c);
   $log_reason = stripslashes($_POST['reason']);
   $re =
           mysql_query(
                   "UPDATE users SET mailban={$ins_days},mb_reason='{$ins_reason}' WHERE userid={$ins_user}",
                   $c);
   event_add($ins_user,
           "You were banned from mail for {$ins_days} day(s) for the following reason: {$log_reason}",
           $c);
   print "User mail banned.";
}

function inv_user_begin()
{
   global $ir, $c, $h, $userid;

   print 
           "<h3>Viewing User Inventory</h3>
You may browse this user's inventory.<br />
<form action='new_staff.php?action=invuser' method='post'>
User: " . user_dropdown($c, 'user')
                   . "<br />
<input type='submit' value='View Inventory' /></form>";
}

function inv_user_view()
{
   global $ir, $c, $h, $userid;
   $test_user = abs((int) $_POST['user']);
   $inv =
           mysql_query(
                   "SELECT iv.*,i.*,it.* FROM inventory iv
                   LEFT JOIN items i ON iv.inv_itemid=i.itmid
                   LEFT JOIN itemtypes it ON i.itmtype=it.itmtypeid
                   WHERE iv.inv_userid={$test_user}", $c);
   if (mysql_num_rows($inv) == 0)
   {
       print "<b>This person has no items!</b>";
   }
   else
   {
       print 
               "<b>Their items are listed below.</b><br />
<table width=100%><tr style='background-color:gray;'><th>Item</th><th>Sell Value</th><th>Total Sell Value</th><th>Links</th></tr>";
       while ($i = mysql_fetch_array($inv))
       {
           print "<tr><td>{$i['itmname']}";
           if ($i['inv_qty'] > 1)
           {
               print " x{$i['inv_qty']}";
           }
           print "</td><td>\${$i['itmsellprice']}</td><td>";
           print "$" . ($i['itmsellprice'] * $i['inv_qty']);
           print 
                   "</td><td>[<a href='new_staff.php?action=deleinv&ID={$i['inv_id']}'>Delete</a>]";
           print "</td></tr>";
       }
       print "</table>";
   }
}

function inv_delete()
{
   global $ir, $c, $h, $userid;
   $del_id = abs((int) $_GET['ID']);
   mysql_query("DELETE FROM inventory WHERE inv_id={$del_id}", $c);
   print "Item deleted from inventory.";
}

function credit_user_form()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Crediting User</h3>
You can give a user money/crystals.<br />
<form action='new_staff.php?action=creditsub' method='post'>
User: " . user_dropdown($c, 'user')
                   . "<br />
Money: <input type='text' name='money' /> Crystals: <input type='text' name='crystals' /><br />
<input type='submit' value='Credit User' /></form>";
}

function credit_user_submit()
{
   global $ir, $c, $h, $userid;
   $_POST['money'] = (int) $_POST['money'];
   $_POST['crystals'] = (int) $_POST['crystals'];
   $cred_user = abs((int) $_POST['user']);
   mysql_query(
           "UPDATE users u SET money=money+{$_POST['money']}, crystals=crystals+{$_POST['crystals']} WHERE u.userid={$cred_user}",
           $c);
   print "User credited.";
}

function view_mail_logs()
{
   global $ir, $c, $h, $userid;
   $_GET['st'] = abs((int) $_GET['st']);
   $rpp = 100;

   print 
           "<h3>Mail Logs</h3>
<table width=75% border=2> \n<tr style='background:gray'> <th>ID</th> <th>Time</th> <th>User From</th> <th>User To</th> <th width>Subj</th> <th width=30%>Msg</th> <th> </th> </tr>";
   $q =
           mysql_query(
                   "SELECT m.*,u1.username as sender, u2.username as sent FROM mail m LEFT JOIN users u1 ON m.mail_from=u1.userid LEFT JOIN users u2 ON m.mail_to=u2.userid WHERE m.mail_from != 0 ORDER BY m.mail_time DESC LIMIT {$_GET['st']},$rpp",
                   $c)
           or die(
                   mysql_error() . "<br />"
                           . "SELECT cx.*,u1.username as sender, u2.username as sent FROM cashxferlogs cx LEFT JOIN users u1 ON cx.cxFROM=u1.userid LEFT JOIN users u2 ON cx.cxTO=u2.userid ORDER BY cx.cxTIME DESC LIMIT {$_GET['st']},$rpp");
   while ($r = mysql_fetch_array($q))
   {
       print 
               "\n<tr><td>{$r['mail_id']}</td> <td>"
                       . date("F j, Y, g:i:s a", $r['mail_time'])
                       . "</td><td>{$r['sender']} [{$r['mail_from']}] </td> <td>{$r['sent']} [{$r['mail_to']}] </td> \n<td> {$r['mail_subject']}</td> \n<td>{$r['mail_text']}</td> <td> [<a href='new_staff.php?action=mailform&XID={$r['mail_from']}'>MailBan Sender</a>] [<a href='new_staff.php?action=mailform&XID={$r['mail_to']}'>MailBan Receiver</a>]</td> </tr>";
   }
   print "</table><br />
";
   $q2 = mysql_query("SELECT mail_id FROM mail WHERE mail_from != 0", $c);
   $rs = mysql_num_rows($q2);
   $pages = ceil($rs / 20);
   print "Pages: ";
   for ($i = 1; $i <= $pages; $i++)
   {
       $st = ($i - 1) * 20;
       print "<a href='new_staff.php?action=maillogs&st=$st'>$i</a> ";
       if ($i % 7 == 0)
       {
           print "<br />\n";
       }
   }
}

function reports_view()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Player Reports</h3>
<table width=80%><tr style='background:gray'><th>Reporter</th> <th>Offender</th> <th>What they did</th> <th> </th> </tr>";
   $q =
           mysql_query(
                   "SELECT pr.*,u1.username as reporter, u2.username as offender FROM preports pr LEFT JOIN users u1 ON u1.userid=pr.prREPORTER LEFT JOIN users u2 ON u2.userid=pr.prREPORTED ORDER BY pr.prID DESC",
                   $c) or die(mysql_error());
   while ($r = mysql_fetch_array($q))
   {
       $report =
               nl2br(htmlentities($r['prTEXT'], ENT_QUOTES, 'ISO-8859-1'));
       print 
               "\n<tr>
               		<td><a href='viewuser.php?u={$r['prREPORTER']}'>{$r['reporter']}</a> [{$r['prREPORTER']}]</td>
               		<td><a href='viewuser.php?u={$r['prREPORTED']}'>{$r['offender']}</a> [{$r['prREPORTED']}]</td>
               		<td>{$report}</td>
               		<td><a href='new_staff.php?action=repclear&ID={$r['prID']}'>Clear</a></td>
               </tr>";
   }
   print "</table>";
}

function report_clear()
{
   global $ir, $c, $h, $userid;
   $_GET['ID'] = abs((int) $_GET['ID']);
   mysql_query("DELETE FROM preports WHERE prID={$_GET['ID']}", $c);
   print 
           "Report cleared and deleted!<br />
<a href='new_staff.php?action=reportsview'>> Back</a>";
}

// Admins Only

function new_user_form()
{
   global $ir, $c;
   print 
           "Adding a new user.<br />
<form action='new_staff.php?action=newusersub' method='post'>
Username: <input type='text' name='username' /><br />
Login Name: <input type='text' name='login_name' /><br />
Email: <input type='text' name='email' /><br />
Password: <input type='text' name='userpass' /><br />
Type: <input type='radio' name='user_level' value='0' />NPC <input type='radio' name='user_level' value='1' checked='checked' />Regular Member<br />
Level: <input type='text' name='level' value='1' /><br />
Money: <input type='text' name='money' value='100' /><br />
Crystals: <input type='text' name='crystals' value='0' /><br />
Donator Days: <input type='text' name='donatordays' value='0' /><br />
Gender: <select name='gender' type='dropdown'><option>Male</option><option>Female</option></select><br />
<br />
<b>Stats</b><br />
Strength: <input type='text' name='strength' value='10' /><br />
Agility: <input type='text' name='agility' value='10' /><br />
Guard: <input type='text' name='guard' value='10' /><br />
Labour: <input type='text' name='labour' value='10' /><br />
IQ: <input type='text' name='labour' value='10' /><br />
<br />
<input type='submit' value='Create User' /></form>";
}

function new_user_submit()
{
   global $ir, $c, $userid;
   if (!isset($_POST['username']) || !isset($_POST['login_name'])
           || !isset($_POST['userpass']))
   {
       print 
               "You missed one or more of the required fields. Please go back and try again.<br />
<a href='new_staff.php?action=newuser'>> Back</a>";
       $h->endpage();
       exit;
   }
   $level = abs((int) $_POST['level']);
   $money = abs((int) $_POST['money']);
   $crystals = abs((int) $_POST['crystals']);
   $donator = abs((int) $_POST['donatordays']);
   $ulevel = abs((int) $_POST['user_level']);
   $strength = abs((int) $_POST['strength']);
   $agility = abs((int) $_POST['agility']);
   $guard = abs((int) $_POST['guard']);
   $labour = abs((int) $_POST['labour']);
   $iq = abs((int) $_POST['iq']);
   $energy = 10 + $level * 2;
   $brave = 3 + $level * 2;
   $hp = 50 + $level * 50;
   $username =
           mysql_real_escape_string(
                   strip_tags(stripslashes($_POST['username'])), $c);
   $loginname =
           mysql_real_escape_string(
                   strip_tags(stripslashes($_POST['login_name'])), $c);
   $password = stripslashes($_POST['userpass']);
   $salt = generate_pass_salt();
   $enc_psw = encode_password($password, $salt, false);
   $i_salt = mysql_real_escape_string($salt, $c);
   $i_encpsw = mysql_real_escape_string($enc_psw, $c);
   $email =
           mysql_real_escape_string(
                   strip_tags(stripslashes($_POST['email'])), $c);
   $gender =
           (isset($_POST['gender'])
                   && in_array($_POST['gender'], array('Male', 'Female')))
                   ? $_POST['gender'] : 'Male';
   mysql_query(
           "INSERT INTO users (username, login_name, userpass, level, money, crystals, donatordays,
            user_level, energy, maxenergy, will, maxwill, brave, maxbrave, hp, maxhp, location, gender,
             signedup, email, bankmoney, pass_salt)
             VALUES( '{$username}', '{$loginname}', '{$i_encpsw}', $level,
              $money, $crystals, $donator, $ulevel, $energy, $energy, 100, 100, $brave, $brave, $hp, $hp, 1,
               '{$gender}', " . time() . ", '{$email}', -1, '{$i_salt}')",
           $c);
   $i = mysql_insert_id($c);
   mysql_query(
           "INSERT INTO userstats VALUES($i, $strength, $agility, $guard, $labour, $iq)",
           $c);
   print "User created!";
}

function new_item_form()
{
   global $ir, $c;
   print 
           "<h3>Adding an item to the game</h3><form action='new_staff.php?action=newitemsub' method='post'>
Item Name: <input type='text' name='itmname' value='' /><br />
Item Desc.: <input type='text' name='itmdesc' value='' /><br />
Item Type: " . itemtype_dropdown($c, 'itmtype')
                   . "<br />
Item Buyable: <input type='checkbox' name='itmbuyable' checked='checked' /><br />
Item Price: <input type='text' name='itmbuyprice' /><br />
Item Sell Value: <input type='text' name='itmsellprice' /><br /><br />
<b>Specialized</b><br />
Item Energy Regen (food only): <input type='text' name='energy' value='1' /><br />
Item Health Regen (medical only): <input type='text' name='health' value='10' /><br />
Power (weapons only): <input type='text' name='damage' value='10' /><br />
Damage Off (armor only): <input type='text' name='Defence' value='10' /><br />
<input type='submit' value='Add Item To Game' /></form>";
}

function new_item_submit()
{
   global $ir, $c, $h;
   if (!isset($_POST['itmname']) || !isset($_POST['itmdesc'])
           || !isset($_POST['itmtype']) || !isset($_POST['itmbuyprice'])
           || !isset($_POST['itmsellprice']))
   {
       print 
               "You missed one or more of the fields. Please go back and try again.<br />
<a href='new_staff.php?action=newitem'>> Back</a>";
       $h->endpage();
       exit;
   }
   $itmname =
           mysql_real_escape_string(
                   strip_tags(stripslashes($_POST['itmname'])), $c);
   $itmdesc =
           mysql_real_escape_string(
                   strip_tags(stripslashes($_POST['itmdesc'])), $c);
   if ($_POST['itmbuyable'] == 'on')
   {
       $itmbuy = 1;
   }
   else
   {
       $itmbuy = 0;
   }
   // verify item type
   $itmtype = abs(@intval($_POST['itmtype']));
   $itq =
           mysql_query(
                   "SELECT COUNT(`itmtypeid`) FROM itemtypes WHERE `itmtypeid` = {$itmtype}");
   if (mysql_result($itq, 0, 0) == 0)
   {
       print 
               "That item type doesn't exist.<br />
<a href='new_staff.php?action=newitem'>> Back</a>";
       $h->endpage();
       exit;
   }
   $itmbuyp = abs(@intval($_POST['itmbuyprice']));
   $itmsellp = abs(@intval($_POST['itmsellprice']));
   $m =
           mysql_query(
                   "INSERT INTO items VALUES(NULL,{$itmtype},'$itmname','$itmdesc',
   {$itmbuyp},{$itmsellp},$itmbuy)", $c) or die(mysql_error());
   if ($_POST['itmtype'] == 1)
   {
       $stat = abs(@intval($_POST['energy']));
       $i = mysql_insert_id();
       mysql_query("INSERT INTO food VALUES($i,{$stat})", $c)
               or die(mysql_error());
   }
   if ($_POST['itmtype'] == 3 || $_POST['itmtype'] == 4)
   {
       $stat = abs(@intval($_POST['damage']));
       $i = mysql_insert_id();
       mysql_query("INSERT INTO weapons VALUES($i,{$stat})", $c)
               or die(mysql_error());
   }
   if ($_POST['itmtype'] == 5)
   {
       $stat = abs(@intval($_POST['health']));
       $i = mysql_insert_id();
       mysql_query("INSERT INTO medical VALUES($i,{$stat})", $c)
               or die(mysql_error());
   }
   if ($_POST['itmtype'] == 7)
   {
       $stat = abs(@intval($_POST['Defence']));
       $i = mysql_insert_id();
       mysql_query("INSERT INTO armour VALUES($i,{$stat})", $c)
               or die(mysql_error());
   }
   print "The {$_POST['itmname']} Item was added to the game.";
}

function kill_item_form()
{
   global $ir, $c, $h, $userid;

   print 
           "<h3>Deleting Item</h3>
The item will be permanently removed from the game.<br />
<form action='new_staff.php?action=killitemsub' method='post'>
Item: " . item_dropdown($c, 'item')
                   . "<br />
<input type='submit' value='Kill Item' /></form>";
}

function kill_item_submit()
{
   global $ir, $c, $h, $userid;
   $_POST['item'] = abs(@intval($_POST['item']));
   $d = mysql_query("SELECT * FROM items WHERE itmid={$_POST['item']}", $c);
   if (mysql_num_rows($d) == 0)
   {
       print "There is no such item.";
       return;
   }
   $itemi = mysql_fetch_array($d);
   mysql_query("DELETE FROM items WHERE itmid={$_POST['item']}", $c);
   mysql_query("DELETE FROM shopitems WHERE sitemITEMID={$_POST['item']}", $c);
   mysql_query("DELETE FROM inventory WHERE inv_itemid={$_POST['item']}", $c);
   mysql_query("DELETE FROM food WHERE item_id={$_POST['item']}", $c);
   mysql_query("DELETE FROM weapons WHERE item_id={$_POST['item']}", $c);
   mysql_query("DELETE FROM medical WHERE item_id={$_POST['item']}", $c);
   mysql_query("DELETE FROM armour WHERE item_ID={$_POST['item']}", $c);
   mysql_query("DELETE FROM itemmarket WHERE imITEM={$_POST['item']}", $c);
   print "The {$itemi['itmname']} Item was removed from the game.";
}

function edit_item_begin()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Editing Item</h3>
You can edit any aspect of this item.<br />
<form action='new_staff.php?action=edititemform' method='post'>
Item: " . item_dropdown($c, 'item')
                   . "<br />
<input type='submit' value='Edit Item' /></form>";
}

function edit_item_form()
{
   global $ir, $c, $h;
   $_POST['item'] = abs(@intval($_POST['item']));
   $d = mysql_query("SELECT * FROM items WHERE itmid={$_POST['item']}", $c);
   if (mysql_num_rows($d) == 0)
   {
       print "There is no such item.";
       return;
   }
   $itemi = mysql_fetch_array($d);
   $f =
           mysql_query("SELECT * FROM food WHERE item_id={$_POST['item']}",
                   $c);
   if (mysql_num_rows($f) > 0)
   {
       $a = mysql_fetch_array($f);
       $energy = $a['energy'];
   }
   else
   {
       $energy = 1;
   }
   $f =
           mysql_query(
                   "SELECT * FROM medical WHERE item_id={$_POST['item']}",
                   $c);
   if (mysql_num_rows($f) > 0)
   {
       $a = mysql_fetch_array($f);
       $health = $a['health'];
   }
   else
   {
       $health = 10;
   }
   $f =
           mysql_query(
                   "SELECT * FROM weapons WHERE item_id={$_POST['item']}",
                   $c);
   if (mysql_num_rows($f) > 0)
   {
       $a = mysql_fetch_array($f);
       $damage = $a['damage'];
   }
   else
   {
       $damage = 1;
   }
   $f =
           mysql_query(
                   "SELECT * FROM armour WHERE item_ID={$_POST['item']}", $c);
   if (mysql_num_rows($f) > 0)
   {
       $a = mysql_fetch_array($f);
       $def = $a['Defence'];
   }
   else
   {
       $def = 10;
   }
   print 
           "<h3>Editing Item</h3>
<form action='new_staff.php?action=edititemsub' method='post'>
<input type='hidden' name='itmid' value='{$_POST['item']}' />
Item Name: <input type='text' name='itmname' value='{$itemi['itmname']}' /><br />
Item Desc.: <input type='text' name='itmdesc' value='{$itemi['itmdesc']}' /><br />
Item Type: " . itemtype_dropdown($c, 'itmtype', $itemi['itmtype'])
                   . "<br />
Item Buyable: <input type='checkbox' name='itmbuyable'";
   if ($itemi['itmbuyable'])
   {
       print " checked='checked'";
   }
   print 
           " /><br />
Item Price: <input type='text' name='itmbuyprice' value='{$itemi['itmbuyprice']}' /><br />
Item Sell Value: <input type='text' name='itmsellprice' value='{$itemi['itmsellprice']}'/><br /><br />
<b>Specialized</b><br />
Item Energy Regen (food only): <input type='text' name='energy' value='$energy' /><br />
Item Health Regen (medical only): <input type='text' name='health' value='$health' /><br />
Power (weapons only): <input type='text' name='damage' value='$damage' /><br />
Damage Off (armor only): <input type='text' name='Defence' value='$def' /><br />
<input type='submit' value='Edit Item' /></form>";
}

function edit_item_sub()
{
   global $ir, $c, $h, $userid;

   if (!isset($_POST['itmname']) || !isset($_POST['itmdesc'])
           || !isset($_POST['itmtype']) || !isset($_POST['itmbuyprice'])
           || !isset($_POST['itmsellprice']))
   {
       print 
               "You missed one or more of the fields. Please go back and try again.<br />
<a href='new_staff.php?action=edititem'>> Back</a>";
       $h->endpage();
       exit;
   }
   $itmid = abs(@intval($_POST['itmid']));
   $iq =
           mysql_query(
                   "SELECT COUNT(`itmid`) FROM items WHERE `itmid` = {$itmid}");
   if (mysql_result($iq, 0, 0) == 0)
   {
       print 
               "That item doesn't exist.<br />
<a href='new_staff.php?action=edititem'>> Back</a>";
       $h->endpage();
       exit;
   }
   $itmname =
           mysql_real_escape_string(
                   strip_tags(stripslashes($_POST['itmname'])), $c);
   $itmdesc =
           mysql_real_escape_string(
                   strip_tags(stripslashes($_POST['itmdesc'])), $c);
   if ($_POST['itmbuyable'] == 'on')
   {
       $itmbuy = 1;
   }
   else
   {
       $itmbuy = 0;
   }
   // verify item type
   $itmtype = abs(@intval($_POST['itmtype']));
   $itq =
           mysql_query(
                   "SELECT COUNT(`itmtypeid`) FROM itemtypes WHERE `itmtypeid` = {$itmtype}");
   if (mysql_result($itq, 0, 0) == 0)
   {
       print 
               "That item type doesn't exist.<br />
<a href='new_staff.php?action=edititem'>> Back</a>";
       $h->endpage();
       exit;
   }
   $itmbuyp = abs(@intval($_POST['itmbuyprice']));
   $itmsellp = abs(@intval($_POST['itmsellprice']));
   mysql_query("DELETE FROM items WHERE itmid={$itmid}", $c);
   mysql_query("DELETE FROM food WHERE item_id={$itmid}", $c);
   mysql_query("DELETE FROM weapons WHERE item_id={$itmid}", $c);
   mysql_query("DELETE FROM medical WHERE item_id={$itmid}", $c);
   mysql_query("DELETE FROM armour WHERE item_ID={$itmid}", $c);
   $m =
           mysql_query(
                   "INSERT INTO items VALUES('{$itmid}',{$itmtype},'$itmname',
           '$itmdesc',{$itmbuyp},{$itmsellp},$itmbuy)", $c)
           or die(mysql_error());
   if ($_POST['itmtype'] == 1)
   {
       $stat = abs(@intval($_POST['energy']));
       mysql_query("INSERT INTO food VALUES({$itmid},{$stat})", $c)
               or die(mysql_error());
   }
   if ($_POST['itmtype'] == 5)
   {
       $stat = abs(@intval($_POST['health']));
       mysql_query("INSERT INTO medical VALUES({$itmid},{$stat})", $c)
               or die(mysql_error());
   }
   if ($_POST['itmtype'] == 3 || $_POST['itmtype'] == 4)
   {
       $stat = abs(@intval($_POST['damage']));
       mysql_query("INSERT INTO weapons VALUES({$itmid},{$stat})", $c)
               or die(mysql_error());
   }
   if ($_POST['itmtype'] == 7)
   {
       $stat = abs(@intval($_POST['Defence']));
       $i = mysql_insert_id();
       mysql_query("INSERT INTO armour VALUES({$itmid},{$stat})", $c)
               or die(mysql_error());
   }
   print "The {$_POST['itmname']} Item was edited successfully.";
}

function new_shop_form()
{
   global $ir, $c, $h;
   print 
           "<h3>Adding a New Shop</h3>
<form action='new_staff.php?action=newshopsub' method='post'>
Shop Name: <input type='text' name='sn' value='' /><br />
Shop Desc: <input type='text' name='sd' value='' /><br />
Shop Location: " . location_dropdown($c, "sl")
                   . "<br />
<input type='submit' value='Create Shop' /></form>";
}

function new_shop_submit()
{
   global $ir, $c, $h;
   if (!isset($_POST['sn']) || !isset($_POST['sd']))
   {
       print 
               "You missed a field, go back and try again.<br />
<a href='new_staff.php?action=newitem'>> Back</a>";
   }
   else
   {
       $sn =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['sn'])), $c);
       $sd =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['sd'])), $c);
       $location = abs(@intval($_POST['sl']));
       // Verify location
       $locq =
               mysql_query(
                       "SELECT COUNT(`cityid`) FROM cities WHERE `cityid` = {$location}");
       if (mysql_result($locq, 0, 0) == 0)
       {
           print 
                   "That location doesn't exist.<br />
<a href='new_staff.php?action=newshop'>> Back</a>";
           $h->endpage();
           exit;
       }
       mysql_query("INSERT INTO shops VALUES(NULL,{$location},'$sn','$sd')",
               $c);
       print "The $sn Shop was successfully added to the game.";
   }
}

function new_stock_form()
{
   global $ir, $c, $h;
   print 
           "<h3>Adding an item to a shop</h3>
<form action='new_staff.php?action=newstocksub' method='post'>
Shop: " . shop_dropdown($c, "shop") . "<br />
Item: " . item_dropdown($c, "item")
                   . "<br />
<input type='submit' value='Add Item To Shop' /></form>";
}

function new_stock_submit()
{
   global $ir, $c, $h;
   $shop = abs(@intval($_POST['shop']));
   $item = abs(@intval($_POST['item']));
   // Verify details
   $shopq =
           mysql_query(
                   "SELECT COUNT(`shopID`) FROM shops WHERE `shopID` = {$shop}",
                   $c);
   if (mysql_result($shopq, 0, 0) == 0)
   {
       print 
               "That shop doesn't exist.<br />
<a href='new_staff.php?action=newstock'>> Back</a>";
       $h->endpage();
       exit;
   }
   $itemq =
           mysql_query(
                   "SELECT COUNT(`itmid`) FROM items WHERE `itmid` = {$item}",
                   $c);
   if (mysql_result($itemq, 0, 0) == 0)
   {
       print 
               "That item doesn't exist.<br />
<a href='new_staff.php?action=newstock'>> Back</a>";
       $h->endpage();
       exit;
   }
   mysql_query("INSERT INTO shopitems VALUES(NULL,{$shop},{$item})", $c);
   print "Item ID {$item} was successfully added to shop ID {$shop}";
}

function edit_user_begin()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Editing User</h3>
You can edit any aspect of this user. <br />
<form action='new_staff.php?action=edituserform' method='post'>
User: " . user_dropdown($c, 'user')
                   . "<br />
<input type='submit' value='Edit User' /></form>
OR enter a user ID to edit:
<form action='new_staff.php?action=edituserform' method='post'>
User: <input type='text' name='user' value='0' /><br />
<input type='submit' value='Edit User' /></form>";
}

function edit_user_form()
{
   global $ir, $c, $h, $userid;
   $user = abs(@intval($_POST['user']));
   $d =
           mysql_query(
                   "SELECT u.*,us.* FROM users u LEFT JOIN userstats us on u.userid=us.userid WHERE u.userid={$user}",
                   $c);
   if (mysql_num_rows($d) == 0)
   {
       print 
               "That user doesn't exist.<br />
               > <a href='new_staff.php?action=edituser'>Try again</a>";
       return;
   }
   $itemi = mysql_fetch_array($d);
   $snbit = htmlentities($itemi['staffnotes'], ENT_QUOTES, 'ISO-8859-1');
   print 
           "<h3>Editing User</h3>
<form action='new_staff.php?action=editusersub' method='post'>
<input type='hidden' name='userid' value='{$_POST['user']}' />
Username: <input type='text' name='username' value='{$itemi['username']}' /><br />
Login Name: <input type='text' name='login_name' value='{$itemi['login_name']}' /><br />
Duties: <input type='text' name='duties' value='{$itemi['duties']}' /><br />
Staff Notes: <br />
<textarea rows='7' cols='60' name='staffnotes'>{$snbit}</textarea><br />
Level: <input type='text' name='level' value='{$itemi['level']}' /><br />
Money: \$<input type='text' name='money' value='{$itemi['money']}' /><br />
Bank: \$<input type='text' name='bankmoney' value='{$itemi['bankmoney']}' /><br />
Cyber Bank: \$<input type='text' name='cybermoney' value='{$itemi['cybermoney']}' /><br />
Crystals: <input type='text' name='crystals' value='{$itemi['crystals']}' /><br />
Mail Ban: <input type='text' name='mailban' value='{$itemi['mailban']}' /><br />
Mail Ban Reason: <input type='text' name='mb_reason' value='{$itemi['mb_reason']}' /><br />
Hospital time: <input type='text' name='hospital' value='{$itemi['hospital']}' /><br />
Hospital reason: <input type='text' name='hospreason' value='{$itemi['hospreason']}' /><br />
<h4>Stats</h4>
Strength: <input type='text' name='strength' value='{$itemi['strength']}' /><br />
Agility: <input type='text' name='agility' value='{$itemi['agility']}' /><br />
Guard: <input type='text' name='guard' value='{$itemi['guard']}' /><br />
Labour: <input type='text' name='labour' value='{$itemi['labour']}' /><br />
IQ: <input type='text' name='IQ' value='{$itemi['IQ']}' /><br />
<input type='submit' value='Edit User' /></form>";
}

function edit_user_sub()
{

   global $ir, $c, $h, $userid;
   $go = 0;
   $user = abs(@intval($_POST['userid']));
   if (!isset($_POST['level']))
   {
       $go = 1;
   }
   if (!isset($_POST['money']))
   {
       $go = 1;
   }
   if (!isset($_POST['bankmoney']))
   {
       $go = 1;
   }
   if (!isset($_POST['crystals']))
   {
       $go = 1;
   }
   if (!isset($_POST['strength']))
   {
       $go = 1;
   }
   if (!isset($_POST['agility']))
   {
       $go = 1;
   }
   if (!isset($_POST['guard']))
   {
       $go = 1;
   }
   if (!isset($_POST['labour']))
   {
       $go = 1;
   }
   if (!isset($_POST['IQ']))
   {
       $go = 1;
   }
   if (!isset($_POST['username']))
   {
       $go = 1;
   }
   if (!isset($_POST['login_name']))
   {
       $go = 1;
   }
   if ($go)
   {
       $_POST['user'] = $_POST['userid'];
       print "You did not fully fill out the form.";
       edit_user_form();
   }
   else
   {
       $_POST['level'] = (int) $_POST['level'];
       $_POST['strength'] = abs((int) $_POST['strength']);
       $_POST['agility'] = abs((int) $_POST['agility']);
       $_POST['guard'] = abs((int) $_POST['guard']);
       $_POST['labour'] = abs((int) $_POST['labour']);
       $_POST['IQ'] = abs((int) $_POST['IQ']);
       $_POST['money'] = (int) $_POST['money'];
       $_POST['bankmoney'] = (int) $_POST['bankmoney'];
       $_POST['cybermoney'] = (int) $_POST['cybermoney'];
       $_POST['crystals'] = (int) $_POST['crystals'];
       $_POST['mailban'] = (int) $_POST['mailban'];
       $_POST['hospital'] = abs((int) $_POST['hospital']);
       $username =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['username'])), $c);
       $loginname =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['login_name'])), $c);
       $duties =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['duties'])), $c);
       $staffnotes =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['staffnotes'])), $c);
       $mb_reason =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['mb_reason'])), $c);
       $hospreason =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['hospreason'])), $c);
       //check for username usage
       $u =
               mysql_query(
                       "SELECT * FROM users WHERE username='{$username}' and userid != {$userid}",
                       $c);
       if (mysql_num_rows($u) != 0)
       {
           print "That username is in use, choose another.";
           print 
                   "<br /><a href='new_staff.php?action=edituser'>> Back</a>";
           $h->endpage();
           exit;
       }
       $oq = mysql_query("SELECT * FROM users WHERE userid={$userid}", $c);
       if (mysql_num_rows($oq) == 0)
       {
           print 'That user doesn\'t exist.';
           print 
                   "<br /><a href='new_staff.php?action=edituser'>> Back</a>";
           $h->endpage();
           exit;
       }
       $rm = mysql_fetch_array($oq);
       $energy = 10 + $_POST['level'] * 2;
       $nerve = 3 + $_POST['level'] * 2;
       $hp = 50 + $_POST['level'] * 50;
       mysql_query(
               "UPDATE users SET username='{$username}', level={$_POST['level']},
               money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve,
               maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']},
               duties='{$duties}', staffnotes='{$staffnotes}', mailban={$_POST['mailban']},
               mb_reason='{$mb_reason}', hospreason='{$hospreason}',
               login_name='{$loginname}' WHERE userid={$userid}", $c);
       mysql_query(
               "UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']},
               guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']} WHERE userid={$userid}",
               $c);

       print "User edited....";

   }
}

function fed_edit_form()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Editing Fedjail Reason</h3>
You are editing a player's sentence in fed jail.<br />
<form action='new_staff.php?action=fedesub' method='post'>
User: " . fed_user_dropdown($c, 'user')
                   . "<br />
Days: <input type='text' name='days' /><br />
Reason: <input type='text' name='reason' /><br />
<input type='submit' value='Jail User' /></form>";
}

function fed_edit_submit()
{
   global $ir, $c, $h, $userid;
   $ins_user = abs((int) $_POST['user']);
   $ins_days = abs((int) $_POST['days']);
   $ins_reason =
           mysql_real_escape_string(
                   htmlentities(stripslashes($_POST['reason']), ENT_QUOTES,
                           'ISO-8859-1'), $c);
   mysql_query("DELETE FROM fedjail WHERE fed_userid={$ins_user}", $c);

   mysql_query(
           "INSERT INTO fedjail VALUES(NULL,{$ins_user},{$ins_days},$userid,'{$ins_reason}')",
           $c);
   mysql_query(
           "INSERT INTO jaillogs VALUES(NULL,$userid, {$ins_user}, {$ins_days}, '{$ins_reason}',"
                   . time() . ")", $c);
   print "User's sentence edited.";
}

function newspaper_form()
{
   global $ir, $c, $h, $userid;
   $q = mysql_query("SELECT * FROM papercontent LIMIT 1", $c);
   $news = htmlentities(mysql_result($q, 0, 0), ENT_QUOTES, 'ISO-8859-1');
   print 
           "<h3>Editing Newspaper</h3><form action='new_staff.php?action=subnews' method='post'>
<textarea rows='7' cols='35' name='newspaper'>$news</textarea><br /><input type='submit' value='Change' /></form>";
}

function newspaper_submit()
{
   global $ir, $c, $h, $userid;
   $news = mysql_real_escape_string(stripslashes($_POST['newspaper']), $c);
   mysql_query("UPDATE papercontent SET content='$news'", $c);
   print "Newspaper updated!";
}

function donators_list()
{
   global $ir, $c, $h, $userid;

   print 
           "<h3>Donations</h3>
This lists the donations that need to be checked with our records and processed.<br />
<table width=75%><tr style='background:gray'><th>ID</th><th>Donator</th><th>Time</th><th> </th></tr>";
   $q =
           mysql_query(
                   "SELECT u.*,d.* FROM dps_process d LEFT JOIN users u ON u.userid=d.dp_userid",
                   $c);
   while ($r = mysql_fetch_array($q))
   {
       print 
               "<tr><td>{$r['dp_id']}</td><td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</td><td>"
                       . date('F j, Y, g:i:s a', $r['dp_time'])
                       . "</td><td><a href='new_staff.php?action=acceptdp&ID={$r['dp_id']}'>Accept</a> | <a href='new_staff.php?action=declinedp&ID={$r['dp_id']}'>Decline</a></td></tr>";
   }
}

function accept_dp()
{
   global $ir, $c, $h, $userid;
   $acc_id = abs((int) $_GET['ID']);
   $q = mysql_query("SELECT * FROM dps_process WHERE dp_id={$acc_id}", $c);
   $r = mysql_fetch_array($q);
   if ($r['dp_type'] == 'standard')
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.money=u.money+5000,u.crystals=u.crystals+50,
us.IQ=us.IQ+50,u.donatordays=u.donatordays+30 WHERE u.userid={$r['dp_userid']}",
               $c);
   }
   else if ($r['dp_type'] == 'crystals')
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.crystals=u.crystals+100,u.donatordays=u.donatordays+30 WHERE u.userid={$r['dp_userid']}",
               $c);
   }
   else if ($r['dp_type'] == 'iq')
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET
us.IQ=us.IQ+120,u.donatordays=u.donatordays+30 WHERE u.userid={$r['dp_userid']}",
               $c);
   }
   else if ($r['dp_type'] == 'fivedollars')
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.money=u.money+15000,u.crystals=u.crystals+75,
us.IQ=us.IQ+80,u.donatordays=u.donatordays+55 WHERE u.userid={$r['dp_userid']}",
               $c);
   }
   else if ($r['dp_type'] == 'tendollars')
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.money=u.money+35000,u.crystals=u.crystals+160,
us.IQ=us.IQ+180,u.donatordays=u.donatordays+115 WHERE u.userid={$r['dp_userid']}",
               $c);
       mysql_query(
               "INSERT INTO inventory VALUES(NULL,12,{$r['dp_userid']},1)",
               $c);
   }
   mysql_query("DELETE FROM dps_process WHERE dp_id={$_GET['ID']}", $c);
   event_add($r['dp_userid'],
           "Your Donation has been accepted and credited.", $c);
   print "Donation accepted and credited to user.";
}

function decline_dp()
{
   global $ir, $c, $h, $userid;
   $del_id = abs((int) $_GET['ID']);
   $q = mysql_query("SELECT * FROM dps_process WHERE dp_id={$del_id}", $c);
   $r = mysql_fetch_array($q);
   mysql_query("DELETE FROM dps_process WHERE dp_id={$del_id}", $c);
   event_add($r['dp_userid'], "Your Donation has been rejected.", $c);
   print "Donation rejected.";
}

function give_dp_form()
{
   global $ir, $c, $h, $userid;
   print 
           "<h3>Giving User DP</h3>
The user will receive the benefits of one 30-day donator pack.<br />
<form action='new_staff.php?action=givedpsub' method='post'>
User: " . user_dropdown($c, 'user')
                   . "<br />
<input type='radio' name='type' value='1' /> Pack 1 (Standard)<br />
<input type='radio' name='type' value='2' /> Pack 2 (Crystals)<br />
<input type='radio' name='type' value='3' /> Pack 3 (IQ)<br />
<input type='radio' name='type' value='4' /> Pack 4 (5.00)<br />
<input type='radio' name='type' value='5' /> Pack 5 (10.00)<br />
<input type='submit' value='Give User DP' /></form>";
}

function give_dp_submit()
{
   global $ir, $c, $h, $userid;
   $dp_user = abs((int) $_POST['user']);
   if ($_POST['type'] == 1)
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.money=u.money+5000,u.crystals=u.crystals+50,
us.IQ=us.IQ+50,u.donatordays=u.donatordays+30 WHERE u.userid={$dp_user}", $c);
       $d = 30;
   }
   else if ($_POST['type'] == 2)
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.crystals=u.crystals+100,
               u.donatordays=u.donatordays+30 WHERE u.userid={$dp_user}", $c);
       $d = 30;
   }
   else if ($_POST['type'] == 3)
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET
us.IQ=us.IQ+120,u.donatordays=u.donatordays+30 WHERE u.userid={$dp_user}", $c);
       $d = 30;
   }
   else if ($_POST['type'] == 4)
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.money=u.money+15000,u.crystals=u.crystals+75,
us.IQ=us.IQ+80,u.donatordays=u.donatordays+55 WHERE u.userid={$dp_user}", $c);
       $d = 55;
   }
   else if ($_POST['type'] == 5)
   {
       mysql_query(
               "UPDATE users u LEFT JOIN userstats us ON u.userid=us.userid SET u.money=u.money+35000,u.crystals=u.crystals+160,
us.IQ=us.IQ+180,u.donatordays=u.donatordays+115 WHERE u.userid={$dp_user}",
               $c);
       mysql_query("INSERT INTO inventory VALUES(NULL,12,{$dp_user},1)", $c);
       $d = 115;
   }
   $esc_type =
           htmlentities(stripslashes($_POST['type']), ENT_QUOTES,
                   'ISO-8859-1');
   event_add($dp_user,
           "You were given one $d -day donator pack (Pack {$esc_type}) from the administration.",
           $c);
   print "User given a DP.";
}

function staff_list()
{
   global $ir, $c, $h, $userid;

   print "<h3>Staff Management</h3>";
   print 
           "<b>Admins</b><br />
<table width=80%><tr style='background:gray'> <th>User</th> <th>Online?</th> <th>Links</th> </tr>";
   $q =
           mysql_query(
                   "SELECT * FROM users WHERE user_level=2 ORDER BY userid ASC",
                   $c);
   while ($r = mysql_fetch_array($q))
   {
       if ($r['laston'] >= time() - 15 * 60)
       {
           $on = "<font color=green><b>Online</b></font>";
       }
       else
       {
           $on = "<font color=red><b>Offline</b></font>";
       }
       print 
               "\n<tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>$on</td> <td><a href='new_staff.php?action=userlevel&level=3&ID={$r['userid']}' >Secretary</a> · <a href='new_staff.php?action=userlevel&level=4&ID={$r['userid']}' >IRC Op</a> · <a href='new_staff.php?action=userlevel&level=5&ID={$r['userid']}' >Assistant</a> · <a href='new_staff.php?action=userlevel&level=1&ID={$r['userid']}' >Member</a></td></tr>";
   }
   print "</table>";
   print 
           "<b>Secretaries</b><br />
<table width=80%><tr style='background:gray'> <th>User</th> <th>Online?</th> <th>Links</th> </tr>";
   $q =
           mysql_query(
                   "SELECT * FROM users WHERE user_level=3 ORDER BY userid ASC",
                   $c);
   while ($r = mysql_fetch_array($q))
   {
       if ($r['laston'] >= time() - 15 * 60)
       {
           $on = "<font color=green><b>Online</b></font>";
       }
       else
       {
           $on = "<font color=red><b>Offline</b></font>";
       }
       print 
               "\n<tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>$on</td> <td><a href='new_staff.php?action=userlevel&level=2&ID={$r['userid']}' >Admin</a> · <a href='new_staff.php?action=userlevel&level=4&ID={$r['userid']}' >IRC Op</a> · <a href='new_staff.php?action=userlevel&level=5&ID={$r['userid']}' >Assistant</a> · <a href='new_staff.php?action=userlevel&level=1&ID={$r['userid']}' >Member</a></td></tr>";
   }
   print "</table>";
   print 
           "<b>IRC Ops</b><br />
<table width=80%><tr style='background:gray'> <th>User</th> <th>Online?</th> <th>Links</th> </tr>";
   $q =
           mysql_query(
                   "SELECT * FROM users WHERE user_level=4 ORDER BY userid ASC",
                   $c);
   while ($r = mysql_fetch_array($q))
   {
       if ($r['laston'] >= time() - 15 * 60)
       {
           $on = "<font color=green><b>Online</b></font>";
       }
       else
       {
           $on = "<font color=red><b>Offline</b></font>";
       }
       print 
               "\n<tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>$on</td> <td><a href='new_staff.php?action=userlevel&level=2&ID={$r['userid']}' >Admin</a> · <a href='new_staff.php?action=userlevel&level=3&ID={$r['userid']}' >Secretary</a> · <a href='new_staff.php?action=userlevel&level=5&ID={$r['userid']}' >Assistant</a> · <a href='new_staff.php?action=userlevel&level=1&ID={$r['userid']}' >Member</a></td></tr>";
   }
   print "</table>";
   print 
           "<b>Assistants</b><br />
<table width=80%><tr style='background:gray'> <th>User</th> <th>Online?</th> <th>Links</th> </tr>";
   $q =
           mysql_query(
                   "SELECT * FROM users WHERE user_level=5 ORDER BY userid ASC",
                   $c);
   while ($r = mysql_fetch_array($q))
   {
       if ($r['laston'] >= time() - 15 * 60)
       {
           $on = "<font color=green><b>Online</b></font>";
       }
       else
       {
           $on = "<font color=red><b>Offline</b></font>";
       }
       print 
               "\n<tr> <td><a href='viewuser.php?u={$r['userid']}'>{$r['username']}</a> [{$r['userid']}]</td> <td>$on</td> <td><a href='new_staff.php?action=userlevel&level=2&ID={$r['userid']}' >Admin</a> · <a href='new_staff.php?action=userlevel&level=3&ID={$r['userid']}' >Secretary</a> · <a href='new_staff.php?action=userlevel&level=4&ID={$r['userid']}' >IRC Op</a> · <a href='new_staff.php?action=userlevel&level=1&ID={$r['userid']}' >Member</a></td></tr>";
   }
   print "</table>";
}

function userlevel()
{
   global $ir, $c, $h, $userid;

   $_GET['level'] = abs((int) $_GET['level']);
   $_GET['ID'] = abs((int) $_GET['ID']);
   mysql_query(
           "UPDATE users SET user_level={$_GET['level']} WHERE userid={$_GET['ID']}",
           $c);
   print "User's level adjusted.";
}

function userlevelform()
{
   global $ir, $c, $h, $userid;

   print 
           "<h3>User Level Adjust</h3>
<form action='new_staff.php' method='get'>
<input type='hidden' name='action' value='userlevel'>
User: " . user_dropdown($c, 'ID')
                   . "<br />
User Level:<br />
<input type='radio' name='level' value='1' /> Member<br />
<input type='radio' name='level' value='2' /> Admin<br />
<input type='radio' name='level' value='3' /> Secretary<br />
<input type='radio' name='level' value='4' /> IRC Op<br />
<input type='radio' name='level' value='5' /> Assistant<br />
<input type='submit' value='Adjust' /></form>";
}

function massmailer()
{
   global $ir, $c, $userid;
   if ($_POST['text'])
   {
       $_POST['text'] =
               mysql_real_escape_string(
                       nl2br(strip_tags(stripslashes($_POST['text']))), $c);
       $subj = "This is a mass mail from the administration";
       if ($_POST['cat'] == 1)
           $q = mysql_query("SELECT * FROM users ", $c);
       else if ($_POST['cat'] == 2)
           $q = mysql_query("SELECT * FROM users WHERE user_level > 1", $c);
       else if ($_POST['cat'] == 3)
           $q = mysql_query("SELECT * FROM users WHERE user_level=2", $c);
       else
           $q =
                   mysql_query(
                           "SELECT * FROM users WHERE user_level={$_POST['level']}",
                           $c);
       while ($r = mysql_fetch_array($q))
       {
           mysql_query(
                   "INSERT INTO mail VALUES(NULL, 0, 0, {$r['userid']}, "
                           . time() . ",'$subj','{$_POST['text']}')", $c);
           print "Mass mail sent to {$r['username']}.<br />";
       }
       print 
               "Mass mail sending complete!<br />
<a href='new_staff.php'>> Back</a>";
   }
   else
   {
       print 
               "<b>Mass Mailer</b><br />
<form action='new_staff.php?action=massmailer' method='post'> Text: <br />
<textarea name='text' rows='7' cols='40'></textarea><br />
<input type='radio' name='cat' value='1' /> Send to all members <input type='radio' name='cat' value='2' /> Send to staff only <input type='radio' name='cat' value='3' /> Send to admins only<br />
OR Send to user level:<br />
<input type='radio' name='level' value='1' /> Member<br />
<input type='radio' name='level' value='2' /> Admin<br />
<input type='radio' name='level' value='3' /> Secretary<br />
<input type='radio' name='level' value='4' /> IRC Op<br />
<input type='radio' name='level' value='5' /> Assistant<br />
<input type='submit' value='Send' /></form>";
   }
}

function adnewspaper_form()
{
   global $ir, $c, $h, $userid;

   print 
           "<h3>Editing Admin News</h3><form action='new_staff.php?action=subadnews' method='post'>
<textarea rows='7' cols='35' name='newspaper'>";
   include "admin.news";
   print "</textarea><br /><input type='submit' value='Change' /></form>";
}

function adnewspaper_submit()
{
   global $ir, $c, $h, $userid;
   $l = fopen("admin.news", "w");
   fwrite($l, stripslashes($_POST['newspaper']));
   fclose($l);
   print "Admin News updated!";
}

// Experimental Stuff

function admin_user_record()
{
   global $ir, $userid, $admin, $c;
   $user = abs((int) $_GET['user']);
   if ($user)
   {
       $q =
               mysql_query(
                       "SELECT u.*, us.*, h.*, c.*, f.*
                       FROM users u
                       LEFT JOIN userstats us ON u.userid=us.userid
                       LEFT JOIN houses h ON u.maxwill=h.hWILL
                       LEFT JOIN courses c ON u.course=c.crID
                       LEFT JOIN fedjail f ON u.userid = f.fed_userid
                       WHERE u.userid=$user", $c) or die(mysql_error());
       if (!mysql_num_rows($q))
       {
           $_GET['user'] = 0;
           admin_user_record();
       }
       else
       {
           $r = mysql_fetch_array($q);
           print 
                   "<table width='100%' border='2'><tr style='background: gray'>
<th>User</th> <th>Stats</th> <th>Restrictions</th> </tr>
<tr>
<td>
Username: {$r['username']}<br />
Login: {$r['login_name']}<br />
User ID: {$r['userid']}<br />
Level: {$r['level']}<br />
Exp: {$r['exp']}<br />
Money: {$r['money']}<br />
Crystals: {$r['crystals']}<br />
Last Active: {$r['laston']}<br />
Last IP: {$r['lastip']}<br />
Energy: {$r['energy']}<br />
Max Energy: {$r['maxenergy']}<br />
Health: {$r['hp']}<br />
Max Health: {$r['maxhp']}<br />
Will: {$r['will']}<br />
Max Will: {$r['maxwill']}<br />
Property: {$r['hNAME']}<br />
Brave: {$r['brave']}<br />
Max Brave: {$r['maxbrave']}<br />
Location: {$r['location']}<br />
Hospital: {$r['hospital']}<br />
Hosp Reason: {$r['hospreason']}<br />
User Level: {$r['user_level']}<br />
Duties: {$r['duties']}<br />
Gender: {$r['gender']}<br />
Course: {$r['cNAME']}<br />
Days Left: {$r['cdays']}<br />
Days Old: {$r['daysold']}<br />
Signed Up: {$r['signedup']}<br />
Donator: {$r['donatordays']}<br />
Email: {$r['email']}<br />
Pic: {$r['displaypic']}<br />
Bank: {$r['bankmoney']}<br />
Cyber Bank: {$r['cybermoney']}<br />
Notes: {$r['staffnotes']}
</td>
<td>
Strength: {$r['strength']}<br />
Agility: {$r['agility']}<br />
Guard: {$r['guard']}<br />
Labour: {$r['labour']}<br />
IQ: {$r['IQ']}
</td>
<td>
Fed Jail: {$r['fed_days']}<br />
Reason: {$r['fed_reason']}<br />
Who: {$r['fed_jailedby']}<br />
Mail Banned: {$r['mailban']}<br />
Mail Ban Reason: {$r['mb_reason']}
</td>
</tr>
</table>";
       }
   }
   else
   {
       print 
               <<<EOF
<form action='new_staff.php' method='get'>
<input type='hidden' name='action' value='record' />
<h4>User Record</h4>
Enter a user ID to view the record of: <input type='text' name='user' value='1' /><br />
<input type='submit' value='Go' />
</form>
EOF;
   }
}

function admin_user_changeid()
{
   global $ir, $userid, $admin, $c;
   $user = abs((int) $_POST['user']);
   $submit = abs((int) $_POST['submit']);
   $new_id = abs((int) $_POST['newid']);
   if ($submit && $user && $new_id)
   {
       mysql_query("UPDATE users SET userid=$new_id WHERE userid = $user", $c);
       mysql_query(
               "UPDATE userstats SET userid=$new_id WHERE userid = $user",
               $c);
       mysql_query(
               "UPDATE adminlogs SET adUSER=$new_id WHERE adUSER = $user",
               $c);
       mysql_query(
               "UPDATE applications SET appUSER=$new_id WHERE appUSER = $user",
               $c);
       mysql_query(
               "UPDATE attacklogs SET attacker=$new_id WHERE attacker = $user",
               $c);
       mysql_query(
               "UPDATE attacklogs SET attacked=$new_id WHERE attacked = $user",
               $c);
       mysql_query(
               "UPDATE blacklist SET bl_ADDED=$new_id WHERE bl_ADDED = $user",
               $c);
       mysql_query(
               "UPDATE blacklist SET bl_ADDER=$new_id WHERE bl_ADDER = $user",
               $c);
       mysql_query(
               "UPDATE cashxferlogs SET cxFROM=$new_id WHERE cxFROM = $user",
               $c);
       mysql_query(
               "UPDATE cashxferlogs SET cxTO=$new_id WHERE cxTO = $user", $c);
       mysql_query(
               "UPDATE challengesbeaten SET userid=$new_id WHERE userid = $user",
               $c);
       mysql_query(
               "UPDATE challengesbeaten SET npcid=$new_id WHERE npcid = $user",
               $c);
       mysql_query(
               "UPDATE coursesdone SET userid=$new_id WHERE userid = $user",
               $c);
       mysql_query(
               "UPDATE crystalmarket SET cmADDER=$new_id WHERE cmADDER = $user",
               $c);
       mysql_query(
               "UPDATE dps_process SET dp_userid=$new_id WHERE dp_userid = $user",
               $c);
       mysql_query("UPDATE events SET evUSER=$new_id WHERE evUSER = $user",
               $c);
       mysql_query(
               "UPDATE fedjail SET fed_userid=$new_id WHERE fed_userid = $user",
               $c);
       mysql_query(
               "UPDATE fedjail SET fed_jailedby=$new_id WHERE fed_jailedby = $user",
               $c);
       mysql_query(
               "UPDATE friendslist SET fl_ADDER=$new_id WHERE fl_ADDER = $user",
               $c);
       mysql_query(
               "UPDATE friendslist SET fl_ADDED=$new_id WHERE fl_ADDED = $user",
               $c);
       mysql_query(
               "UPDATE imarketaddlogs SET imaADDER=$new_id WHERE imaADDER = $user",
               $c);
       mysql_query(
               "UPDATE imbuylogs SET imbADDER=$new_id WHERE imbADDER = $user",
               $c);
       mysql_query(
               "UPDATE imbuylogs SET imbBUYER=$new_id WHERE imbBUYER = $user",
               $c);
       mysql_query(
               "UPDATE imremovelogs SET imrADDER=$new_id WHERE imrADDER = $user",
               $c);
       mysql_query(
               "UPDATE imremovelogs SET imrREMOVER=$new_id WHERE imrREMOVER = $user",
               $c);
       mysql_query(
               "UPDATE inventory SET inv_userid=$new_id WHERE inv_userid = $user",
               $c);
       mysql_query(
               "UPDATE itembuylogs SET ibUSER=$new_id WHERE ibUSER = $user",
               $c);
       mysql_query(
               "UPDATE itemmarket SET imADDER=$new_id WHERE imADDER = $user",
               $c);
       mysql_query(
               "UPDATE itemselllogs SET isUSER=$new_id WHERE isUSER = $user",
               $c);
       mysql_query(
               "UPDATE itemxferlogs SET ixFROM=$new_id WHERE ixFROM = $user",
               $c);
       mysql_query(
               "UPDATE itemxferlogs SET ixTO=$new_id WHERE ixTO = $user", $c);
       mysql_query(
               "UPDATE jaillogs SET jaJAILER=$new_id WHERE jaJAILER = $user",
               $c);
       mysql_query(
               "UPDATE jaillogs SET jaJAILED=$new_id WHERE jaJAILED = $user",
               $c);
       mysql_query(
               "UPDATE mail SET mail_from=$new_id WHERE mail_from = $user",
               $c);
       mysql_query("UPDATE mail SET mail_to=$new_id WHERE mail_to = $user",
               $c);
       mysql_query(
               "UPDATE mail SET mail_from=$new_id WHERE mail_from = $user",
               $c);
       mysql_query(
               "UPDATE preports SET prREPORTED=$new_id WHERE prREPORTED = $user",
               $c);
       mysql_query(
               "UPDATE preports SET prREPORTER=$new_id WHERE prREPORTER = $user",
               $c);
       mysql_query(
               "UPDATE referals SET refREFER=$new_id WHERE refREFER = $user",
               $c);
       mysql_query(
               "UPDATE referals SET refREFED=$new_id WHERE refREFED = $user",
               $c);
       mysql_query(
               "UPDATE seclogs SET secUSER=$new_id WHERE secUSER = $user",
               $c);
       mysql_query(
               "UPDATE staffnotelogs SET snCHANGER=$new_id WHERE snCHANGER = $user",
               $c);
       mysql_query(
               "UPDATE staffnotelogs SET snCHANGED=$new_id WHERE snCHANGED = $user",
               $c);
       mysql_query(
               "UPDATE unjaillogs SET ujaJAILER=$new_id WHERE ujaJAILER = $user",
               $c);
       mysql_query(
               "UPDATE unjaillogs SET ujaJAILED=$new_id WHERE ujaJAILED = $user",
               $c);
       mysql_query("UPDATE votes SET userid=$new_id WHERE userid = $user", $c);
       mysql_query(
               "UPDATE willplogs SET wp_userid=$new_id WHERE wp_userid = $user",
               $c);
       print "User's ID changed! They will have to re-login.";
   }
   else if ($user && $new_id)
   {
       $q =
               mysql_query(
                       "SELECT username FROM users WHERE userid = $user", $c);
       $q2 =
               mysql_query(
                       "SELECT userid FROM users WHERE userid = $new_id", $c);
       if (mysql_num_rows($q2))
       {
           print 
                   "<font color='red'><b>That User ID is already in Use.</b></font><br />\n";
           $_POST['newid'] = 0;
           admin_user_changeid();
       }
       else
       {
           print 
                   "You are changing " . mysql_result($q, 0, 0)
                           . "'s user ID to $new_id<br />
<form action='new_staff.php?action=change_id' method='post'>
<input type='hidden' name='user' value='$user' />
<input type='hidden' name='newid' value='$new_id' />
<input type='hidden' name='submit' value='1' />
<input type='submit' value='Change ID' />
</form>";
       }
   }
   else
   {
       print 
               "<h3>Change User ID</h3>
<form action='new_staff.php?action=change_id' method='post'>
<table border='1' width='50%'>
<tr>
<td align='right'>User's ID:</td> <td align='left'><input type='text' name='user' value='1' /></td>
</tr> <tr>
<td align='right'>New ID:</td> <td align='left'><input type='text' name='newid' value='1000' /></td>
</tr>  <tr>
<td align='center' colspan='2'> <input type='submit' value='Change ID' /> </td>
</tr> </table>";
   }
}

 

 

Line 977 you will find edit user.

Edited by Shahed3639
Link to comment
Share on other sites

heres the fix either copy and paste or try work out what ive altered then add for yourself

 

function edit_user_sub()
{

   global $ir, $c, $h, $userid;
   $go = 0;
   $user = abs(@intval($_POST['userid']));
   if (!isset($_POST['level']))
   {
       $go = 1;
   }
   if (!isset($_POST['money']))
   {
       $go = 1;
   }
   if (!isset($_POST['bankmoney']))
   {
       $go = 1;
   }
   if (!isset($_POST['crystals']))
   {
       $go = 1;
   }
   if (!isset($_POST['strength']))
   {
       $go = 1;
   }
   if (!isset($_POST['agility']))
   {
       $go = 1;
   }
   if (!isset($_POST['guard']))
   {
       $go = 1;
   }
   if (!isset($_POST['labour']))
   {
       $go = 1;
   }
   if (!isset($_POST['IQ']))
   {
       $go = 1;
   }
   if (!isset($_POST['username']))
   {
       $go = 1;
   }
   if (!isset($_POST['login_name']))
   {
       $go = 1;
   }
   if ($go)
   {
       $_POST['user'] = $_POST['userid'];
       print "You did not fully fill out the form.";
       edit_user_form();
   }
   else
   {
       $_POST['level'] = (int) $_POST['level'];
       $_POST['strength'] = abs((int) $_POST['strength']);
       $_POST['agility'] = abs((int) $_POST['agility']);
       $_POST['guard'] = abs((int) $_POST['guard']);
       $_POST['labour'] = abs((int) $_POST['labour']);
       $_POST['IQ'] = abs((int) $_POST['IQ']);
       $_POST['money'] = (int) $_POST['money'];
       $_POST['bankmoney'] = (int) $_POST['bankmoney'];
       $_POST['cybermoney'] = (int) $_POST['cybermoney'];
       $_POST['crystals'] = (int) $_POST['crystals'];
       $_POST['mailban'] = (int) $_POST['mailban'];
       $_POST['hospital'] = abs((int) $_POST['hospital']);
       $username =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['username'])), $c);
       $loginname =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['login_name'])), $c);
       $duties =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['duties'])), $c);
       $staffnotes =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['staffnotes'])), $c);
       $mb_reason =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['mb_reason'])), $c);
       $hospreason =
               mysql_real_escape_string(
                       strip_tags(stripslashes($_POST['hospreason'])), $c);
       //check for username usage
       $u =
               mysql_query(
                       "SELECT * FROM users WHERE username='{$username}' and userid != {$user}",
                       $c);
       if (mysql_num_rows($u) != 0)
       {
           print "That username is in use, choose another.";
           print 
                   "<br /><a href='new_staff.php?action=edituser'>> Back</a>";
           $h->endpage();
           exit;
       }
       $oq = mysql_query("SELECT * FROM users WHERE userid={$userid}", $c);
       if (mysql_num_rows($oq) == 0)
       {
           print 'That user doesn\'t exist.';
           print 
                   "<br /><a href='new_staff.php?action=edituser'>> Back</a>";
           $h->endpage();
           exit;
       }
       $rm = mysql_fetch_array($oq);
       $energy = 10 + $_POST['level'] * 2;
       $nerve = 3 + $_POST['level'] * 2;
       $hp = 50 + $_POST['level'] * 50;
       mysql_query(
               "UPDATE users SET username='{$username}', level={$_POST['level']},
               money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve,
               maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']},
               duties='{$duties}', staffnotes='{$staffnotes}', mailban={$_POST['mailban']},
               mb_reason='{$mb_reason}', hospreason='{$hospreason}',
               login_name='{$loginname}' WHERE userid={$user}", $c);
       mysql_query(
               "UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']},
               guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']} WHERE userid={$userid}",
               $c);

       print "User edited....";

   }
}

 

too fix this for yourself

change line 1124

from $userid

to $user

Line 1153 change $userid to $user

Link to comment
Share on other sites

This doesn't work,

If you change $userid to $user, when I save the edit, it replaced my player (ID #1) with what I just saved..

EDIT; derp nevermind, I derped and edited the wrong ones because I had already edited it so the lines where at a different place XD Thanks!

Works like a charm, thank you so much, now I can focus on more important things in my game ! :D

Edited by bloodless2010
Link to comment
Share on other sites

[strikeout]Also one more thing, the bank and cyberbank money isnt' saving with my user?

edit; it isn't saving for any users it's just the cyberbank and bank.[/strikeout]

I talk before I check it out most of the time sorry, I found the error, it wasn't in the query list for some reason

Edited by bloodless2010
Link to comment
Share on other sites

Find

  "UPDATE users SET username='{$username}', level={$_POST['level']},
               money={$_POST['money']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve,
               maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']},
               duties='{$duties}', staffnotes='{$staffnotes}', mailban={$_POST['mailban']},
               mb_reason='{$mb_reason}', hospreason='{$hospreason}',
               login_name='{$loginname}' WHERE userid={$user}", $c);

 

Replace with

this

 

"UPDATE users SET username='{$username}', level={$_POST['level']},
               money={$_POST['money']},bankmoney={$_POST['bankmoney']},cybermoney={$_POST['cybermoney']}, crystals={$_POST['crystals']}, energy=$energy, brave=$nerve,
               maxbrave=$nerve, maxenergy=$energy, hp=$hp, maxhp=$hp, hospital={$_POST['hospital']}, jail={$_POST['jail']},
               duties='{$duties}', staffnotes='{$staffnotes}', mailban={$_POST['mailban']}, jailreason='{$jailreason}',
               mb_reason='{$mb_reason}', hospreason='{$hospreason}',
               login_name='{$loginname}' WHERE userid={$user}", $c);

 

And thank you illusion.

Link to comment
Share on other sites

Again, relying on the community to fix your bugs.

P.S. I'm beginning a fun new game(Yes! you can play with), every time a community member fixes one of *MCCodes'* bugs, I'm going to post the notice above.

Thank you captain obvious.

Anyhow, we weren't relying. The member who started this thread was. We give no support for vFREE/V1. Only give support for V2 and V2.5.

Nevertheless, it's been patched (http://makewebgames.io/showthread.php/42567-MCCode-vFree-patch-v1-1-0a)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...