PageRenderTime 26ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/manage/add.php

https://github.com/anodyne/sms
PHP | 366 lines | 290 code | 54 blank | 22 comment | 26 complexity | 5ee0d5841d04c5a84b9925c81e28cca9 MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4. This is a necessary system file. Do not modify this page unless you are highly
    5. 

  5. knowledgeable as to the structure of the system. Modification of this file may
    6. 

  6. cause SMS to no longer function.
    7. 

    8. 

  8. Author: David VanScott [ davidv@anodyne-productions.com ]
    9. 

  9. File: admin/manage/add.php
    10. 

  10. Purpose: Page to add a player or NPC
    11. 

    12. 

  12. System Version: 2.6.8
    13. 

  13. Last Modified: 2009-01-12 1142 EST
    14. 

  14. **/
    15. 

  15. 

  16. /* access check */
    17. 

  17. if(in_array("m_createcrew", $sessionAccess))
    18. 

  18. {
    19. 

  19. 	/* set the page class */
    20. 

  20. 	$pageClass = "admin";
    21. 

  21. 	$subMenuClass = "manage";
    22. 

  22. 	$query = FALSE;
    23. 

  23. 	$result = FALSE;
    24. 

  24. 	$today = getdate();
    25. 

  25. 	
    26. 

  26. 	if(isset($_POST['action_create_x']))
    27. 

  27. 	{
    28. 

  28. 		foreach($_POST as $key => $value)
    29. 

  29. 		{
    30. 

  30. 			$$key = $value;
    31. 

  31. 		}
    32. 

  32. 		
    33. 

  33. 		if($crewType == 'npc' && (in_array("m_npcs1", $sessionAccess ) || in_array("m_npcs2", $sessionAccess)))
    34. 

  34. 		{
    35. 

  35. 			$insert = "INSERT INTO sms_crew (crewType, firstName, middleName, lastName, gender, species, rankid, positionid) ";
    36. 

  36. 			$insert.= "VALUES (%s, %s, %s, %s, %s, %s, %d, %d)";
    37. 

  37. 			
    38. 

  38. 			$query = sprintf(
    39. 

  39. 				$insert,
    40. 

  40. 				escape_string('npc'),
    41. 

  41. 				escape_string($_POST['firstName']),
    42. 

  42. 				escape_string($_POST['middleName']),
    43. 

  43. 				escape_string($_POST['lastName']),
    44. 

  44. 				escape_string($_POST['gender']),
    45. 

  45. 				escape_string($_POST['species']),
    46. 

  46. 				escape_string($_POST['rank']),
    47. 

  47. 				escape_string($_POST['position'])
    48. 

  48. 			);
    49. 

  49. 			
    50. 

  50. 			$result = mysql_query($query);
    51. 

  51. 			
    52. 

  52. 			/* optimize the table */
    53. 

  53. 			optimizeSQLTable( "sms_crew" );
    54. 

  54. 			
    55. 

  55. 			$type = 'non-playing character';
    56. 

  56. 		}
    57. 

  57. 		elseif($crewType == "active" && in_array("m_crew", $sessionAccess))
    58. 

  58. 		{
    59. 

  59. 			if($password == $confirmPassword)
    60. 

  60. 			{
    61. 

  61. 				if(!is_numeric($position)) {
    62. 

  62. 					$position = NULL;
    63. 

  63. 				}
    64. 

  64. 				
    65. 

  65. 				/* get the position type from the database */
    66. 

  66. 				$getPosType = "SELECT positionType FROM sms_positions WHERE positionid = $position LIMIT 1";
    67. 

  67. 				$getPosTypeResult = mysql_query($getPosType);
    68. 

  68. 				$positionType = mysql_fetch_row($getPosTypeResult);
    69. 

  69. 			
    70. 

  70. 				/* set the access levels accordingly */
    71. 

  71. 				if($positionType[0] == "senior") {
    72. 

  72. 					$accessID = 3;
    73. 

  73. 				} else {
    74. 

  74. 					$accessID = 4;
    75. 

  75. 				}
    76. 

  76. 			
    77. 

  77. 				/* pull the default access levels from the db */
    78. 

  78. 				$getGroupLevels = "SELECT * FROM sms_accesslevels WHERE id = $accessID LIMIT 1";
    79. 

  79. 				$getGroupLevelsResult = mysql_query($getGroupLevels);
    80. 

  80. 				$groups = mysql_fetch_array($getGroupLevelsResult);
    81. 

  81. 				
    82. 

  82. 				$insert = "INSERT INTO sms_crew (crewType, username, password, email, firstName, middleName, lastName, gender, ";
    83. 

  83. 				$insert.= "species, rankid, positionid, joinDate, accessPost, accessManage, accessReports, accessUser, ";
    84. 

  84. 				$insert.= "accessOthers, moderatePosts, moderateLogs, moderateNews) ";
    85. 

  85. 				$insert.= "VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d, %d, %s, %s, %s, %s, %s, %s, %s, %s)";
    86. 

  86. 				
    87. 

  87. 				$query = sprintf(
    88. 

  88. 					$insert,
    89. 

  89. 					escape_string('active'),
    90. 

  90. 					escape_string($_POST['username']),
    91. 

  91. 					escape_string(md5($_POST['password'])),
    92. 

  92. 					escape_string($_POST['email']),
    93. 

  93. 					escape_string($_POST['firstName']),
    94. 

  94. 					escape_string($_POST['middleName']),
    95. 

  95. 					escape_string($_POST['lastName']),
    96. 

  96. 					escape_string($_POST['gender']),
    97. 

  97. 					escape_string($_POST['species']),
    98. 

  98. 					escape_string($_POST['rank']),
    99. 

  99. 					escape_string($_POST['position']),
    100. 

  100. 					escape_string($today[0]),
    101. 

  101. 					escape_string($groups[1]),
    102. 

  102. 					escape_string($groups[2]),
    103. 

  103. 					escape_string($groups[3]),
    104. 

  104. 					escape_string($groups[4]),
    105. 

  105. 					escape_string($groups[5]),
    106. 

  106. 					escape_string($_POST['moderatePosts']),
    107. 

  107. 					escape_string($_POST['moderateLogs']),
    108. 

  108. 					escape_string($_POST['moderateNews'])
    109. 

  109. 				);
    110. 

  110. 		
    111. 

  111. 				$result = mysql_query($query);
    112. 

  112. 				
    113. 

  113. 				update_position($position, 'give');
    114. 

  114. 			
    115. 

  115. 				/* optimize the table */
    116. 

  116. 				optimizeSQLTable( "sms_crew" );
    117. 

  117. 				optimizeSQLTable( "sms_positions" );
    118. 

  118. 				
    119. 

  119. 				$type = 'character';
    120. 

  120. 			
    121. 

  121. 				/** EMAIL THE PLAYER **/
    122. 

  122. 

  123. 				/* define the variables */
    124. 

  124. 				$to = $email . ", " . printCOEmail();
    125. 

  125. 				$from = printCO('short_rank') . " < " . printCOEmail() . " >";
    126. 

  126. 				$subject = $emailSubject . " New Character Created";
    127. 

  127. 				$message = "This is an automatic email to notify you that your new character has been created.  Please log in to the site (" . $webLocation . ") using the username and password below to update your biography.  If you have any questions, please contact the CO.
    128. 

    129. 

  129. USERNAME: " . $_POST['username'] . "
    130. 

  130. PASSWORD: " . $_POST['password'] . "";
    131. 

  131. 		
    132. 

  132. 				/* send the email */
    133. 

  133. 				mail( $to, $subject, $message, "From: " . $from . "\nX-Mailer: PHP/" . phpversion() );
    134. 

  134. 			}
    135. 

  135. 			else
    136. 

  136. 			{
    137. 

  137. 				$result = FALSE;
    138. 

  138. 			}
    139. 

  139. 		
    140. 

  140. 		}
    141. 

  141. 	}
    142. 

  142. 

  143. ?>
    144. 

  144. 	<script type="text/javascript">
    145. 

  145. 		$(document).ready(function() {
    146. 

  146. 			$('#crewTypeN').click(function(){
    147. 

  147. 				$('#pc').hide();
    148. 

  148. 			});
    149. 

  149. 			
    150. 

  150. 			$('#crewTypeP').click(function(){
    151. 

  151. 				$('#pc').show();
    152. 

  152. 			});
    153. 

  153. 		});
    154. 

  154. 	</script>
    155. 

  155. 	<div class="body">
    156. 

  156. 		<?php
    157. 

  157. 		
    158. 

  158. 		$check = new QueryCheck;
    159. 

  159. 		$check->checkQuery($result, $query);
    160. 

  160. 		
    161. 

  161. 		if(!empty($check->query))
    162. 

  162. 		{
    163. 

  163. 			$check->message($type, "create");
    164. 

  164. 			$check->display();
    165. 

  165. 		}
    166. 

  166. 		
    167. 

  167. 		?>
    168. 

  168. 		
    169. 

  169. 		<span class="fontTitle">Add Crew</span><br /><br />
    170. 

  170. 	
    171. 

  171. 		<? if( in_array( "m_npcs1", $sessionAccess ) ) { ?>
    172. 

  172. 		Department Heads are permitted to create NPCs for their own department and at ranks lower than their own.  If you want an NPC to hold a rank equal to or higher than your own, please contact the CO or XO.  Additionally, you can assign an NPC to any open position.  If you have questions or problems, please contact the CO or XO.
    173. 

  173. 		
    174. 

  174. 		<? } elseif( in_array( "m_npcs2", $sessionAccess ) ) { ?>
    175. 

  175. 		Commanding Officers and Executive Officers are permitted to create NPCs for any department and at any rank.  Additionally, COs can assign an NPC to any open position in any department. COs are also the only members of the crew authorized to create new playing characters.  New playing characters that are created will still need to be approved through the Control Panel before the player associated with the character can log in and begin simming.
    176. 

  176. 		<? } ?><br /><br />
    177. 

  177. 		
    178. 

  178. 		<form method="post" action="<?=$webLocation;?>admin.php?page=manage&sub=add">
    179. 

  179. 		
    180. 

  180. 		<strong>Character Type</strong><br />
    181. 

  181. 		<input type="radio" id="crewTypeP" name="crewType" value="active" <? if( !in_array( "m_crew", $sessionAccess ) ) { echo "disabled"; } else { echo "checked"; } ?>/> <label for="crewTypeP">Playing Character</label>
    182. 

  182. 		<input type="radio" id="crewTypeN" name="crewType" value="npc" <? if( !in_array( "m_crew", $sessionAccess ) && ( in_array( "m_npcs1", $sessionAccess ) || in_array( "m_npcs2", $sessionAccess ) ) ) { echo " checked"; } ?> /> <label for="crewTypeN">Non-Playing Character</label>
    183. 

  183. 		
    184. 

  184. 		<? if( in_array( "m_crew", $sessionAccess ) ) { ?>
    185. 

  185. 			<div id="pc">
    186. 

  186. 				<table>
    187. 

  187. 					
    188. 

  188. 					<tr>
    189. 

  189. 						<td colspan="3" height="15"></td>
    190. 

  190. 					</tr>
    191. 

  191. 					<tr>
    192. 

  192. 						<td class="tableCellLabel">Username</td>
    193. 

  193. 						<td>&nbsp;</td>
    194. 

  194. 						<td><input type="text" class="image"  name="username" /></td>
    195. 

  195. 					</tr>
    196. 

  196. 					<tr>
    197. 

  197. 						<td class="tableCellLabel">Password</td>
    198. 

  198. 						<td>&nbsp;</td>
    199. 

  199. 						<td><input type="password" class="image" name="password" /></td>
    200. 

  200. 					</tr>
    201. 

  201. 					<tr>
    202. 

  202. 						<td class="tableCellLabel">Confirm Password</td>
    203. 

  203. 						<td>&nbsp;</td>
    204. 

  204. 						<td><input type="password" class="image" name="confirmPassword" /></td>
    205. 

  205. 					</tr>
    206. 

  206. 					<tr>
    207. 

  207. 						<td class="tableCellLabel">Email Address</td>
    208. 

  208. 						<td>&nbsp;</td>
    209. 

  209. 						<td><input type="text" class="image" name="email" /></td>
    210. 

  210. 					</tr>
    211. 

  211. 					
    212. 

  212. 					<tr>
    213. 

  213. 						<td colspan="3" height="15"></td>
    214. 

  214. 					</tr>
    215. 

  215. 					
    216. 

  216. 					<tr>
    217. 

  217. 						<td class="tableCellLabel">Moderate Posts?</td>
    218. 

  218. 						<td>&nbsp;</td>
    219. 

  219. 						<td>
    220. 

  220. 							<input type="radio" name="moderatePosts" id="posts_y" value="y" /> <label for="posts_y">Yes</label>
    221. 

  221. 							<input type="radio" name="moderatePosts" id="posts_n" value="n" checked /> <label for="posts_n">No</label>
    222. 

  222. 						</td>
    223. 

  223. 					</tr>
    224. 

  224. 					<tr>
    225. 

  225. 						<td class="tableCellLabel">Moderate Logs?</td>
    226. 

  226. 						<td>&nbsp;</td>
    227. 

  227. 						<td>
    228. 

  228. 							<input type="radio" name="moderateLogs" id="logs_y" value="y" /> <label for="logs_y">Yes</label>
    229. 

  229. 							<input type="radio" name="moderateLogs" id="logs_n" value="n" checked /> <label for="logs_n">No</label>
    230. 

  230. 						</td>
    231. 

  231. 					</tr>
    232. 

  232. 					<tr>
    233. 

  233. 						<td class="tableCellLabel">Moderate News?</td>
    234. 

  234. 						<td>&nbsp;</td>
    235. 

  235. 						<td>
    236. 

  236. 							<input type="radio" name="moderateNews" id="news_y" value="y" /> <label for="news_y">Yes</label>
    237. 

  237. 							<input type="radio" name="moderateNews" id="news_n" value="n" checked /> <label for="news_n">No</label>
    238. 

  238. 						</td>
    239. 

  239. 					</tr>
    240. 

  240. 				</table>
    241. 

  241. 			</div>
    242. 

  242. 		<? } ?>
    243. 

  243. 		
    244. 

  244. 		<br /><br />
    245. 

  245. 		<table>
    246. 

  246. 			<tr>
    247. 

  247. 				<td class="tableCellLabel">First Name</td>
    248. 

  248. 				<td>&nbsp;</td>
    249. 

  249. 				<td><input type="text" class="image" name="firstName" /></td>
    250. 

  250. 			</tr>
    251. 

  251. 			<tr>
    252. 

  252. 				<td class="tableCellLabel">Middle Name</td>
    253. 

  253. 				<td>&nbsp;</td>
    254. 

  254. 				<td><input type="text" class="image" name="middleName" /></td>
    255. 

  255. 			</tr>
    256. 

  256. 			<tr>
    257. 

  257. 				<td class="tableCellLabel">Last Name</td>
    258. 

  258. 				<td>&nbsp;</td>
    259. 

  259. 				<td><input type="text" class="image" name="lastName" /></td>
    260. 

  260. 			</tr>
    261. 

  261. 			<tr>
    262. 

  262. 				<td class="tableCellLabel">Gender</td>
    263. 

  263. 				<td>&nbsp;</td>
    264. 

  264. 				<td>
    265. 

  265. 					<select name="gender">
    266. 

  266. 						<option value="Male">Male</option>
    267. 

  267. 						<option value="Female">Female</option>
    268. 

  268. 						<option value="Hermaphrodite">Hermaphrodite</option>
    269. 

  269. 						<option value="Neuter">Neuter</option>
    270. 

  270. 					</select>
    271. 

  271. 				</td>
    272. 

  272. 			</tr>
    273. 

  273. 			<tr>
    274. 

  274. 				<td class="tableCellLabel">Species</td>
    275. 

  275. 				<td>&nbsp;</td>
    276. 

  276. 				<td><input type="text" class="image" name="species" /></td>
    277. 

  277. 			</tr>
    278. 

  278. 			<tr>
    279. 

  279. 				<td colspan="3" height="15"></td>
    280. 

  280. 			</tr>
    281. 

  281. 			<?
    282. 

  282. 			
    283. 

  283. 			if( in_array( "m_npcs2", $sessionAccess ) ) {
    284. 

  284. 				$ranks = "SELECT rank.rankid, rank.rankName, rank.rankImage, dept.deptColor FROM sms_ranks AS rank, ";
    285. 

  285. 				$ranks.= "sms_departments AS dept WHERE dept.deptClass = rank.rankClass AND dept.deptDisplay = 'y' ";
    286. 

  286. 				$ranks.= "AND rank.rankDisplay = 'y' GROUP BY rank.rankid ORDER BY rank.rankClass, rank.rankOrder ASC";
    287. 

  287. 				$ranksResult = mysql_query( $ranks );
    288. 

  288. 				
    289. 

  289. 				$positions = "SELECT position.positionid, position.positionName, dept.deptName, ";
    290. 

  290. 				$positions.= "dept.deptColor FROM sms_positions AS position, sms_departments AS dept ";
    291. 

  291. 				$positions.= "WHERE position.positionOpen > '0' AND dept.deptid = position.positionDept ";
    292. 

  292. 				$positions.= "AND dept.deptDisplay = 'y' ORDER BY position.positionDept, position.positionid ASC";
    293. 

  293. 				$positionsResult = mysql_query( $positions );
    294. 

  294. 				
    295. 

  295. 			} elseif( in_array( "m_npcs1", $sessionAccess ) ) {
    296. 

  296. 			
    297. 

  297. 				$userDeptQuery = "SELECT crew.positionid, crew.rankid, position.positionDept, rank.rankOrder FROM ";
    298. 

  298. 				$userDeptQuery.= "sms_crew AS crew, sms_positions AS position, sms_ranks AS rank WHERE ";
    299. 

  299. 				$userDeptQuery.= "crew.crewid = '$sessionCrewid' AND crew.positionid = position.positionid AND crew.rankid = rank.rankid LIMIT 1";
    300. 

  300. 				$userDeptResult = mysql_query( $userDeptQuery );
    301. 

  301. 				$userDept = mysql_fetch_row( $userDeptResult );
    302. 

  302. 				
    303. 

  303. 				$ranks = "SELECT rank.rankid, rank.rankName, rank.rankImage, dept.deptColor ";
    304. 

  304. 				$ranks.= "FROM sms_ranks AS rank, sms_departments AS dept ";
    305. 

  305. 				$ranks.= "WHERE dept.deptid = '$userDept[2]' AND dept.deptClass = rank.rankClass ";
    306. 

  306. 				$ranks.= "AND rank.rankOrder >= '$userDept[3]' AND dept.deptDisplay = 'y' ";
    307. 

  307. 				$ranks.= "AND rank.rankDisplay = 'y' GROUP BY rank.rankid ORDER BY rank.rankClass, rank.rankOrder ASC";
    308. 

  308. 				$ranksResult = mysql_query( $ranks );
    309. 

  309. 				
    310. 

  310. 				$positions = "SELECT position.positionid, position.positionName, dept.deptName, dept.deptColor ";
    311. 

  311. 				$positions.= "FROM sms_positions AS position, sms_departments AS dept ";
    312. 

  312. 				$positions.= "WHERE position.positionOpen > '0' AND position.positionDept = dept.deptid AND ";
    313. 

  313. 				$positions.= "position.positionDept = '$userDept[2]' ORDER BY positionOrder ASC";
    314. 

  314. 				$positionsResult = mysql_query( $positions );
    315. 

  315. 				
    316. 

  316. 			}
    317. 

  317. 			
    318. 

  318. 			?>
    319. 

  319. 			<tr>
    320. 

  320. 				<td class="tableCellLabel">Rank</td>
    321. 

  321. 				<td>&nbsp;</td>
    322. 

  322. 				<td>
    323. 

  323. 					<select name="rank">
    324. 

  324. 						<?
    325. 

  325. 						
    326. 

  326. 						while($rank = mysql_fetch_assoc($ranksResult)) {
    327. 

  327. 							extract($rank, EXTR_OVERWRITE);
    328. 

  328. 							
    329. 

  329. 							echo "<option value='" . $rank['rankid'] . "' style='background:#000; color:#" . $rank['deptColor'] . ";'>" . $rank['rankName'] . "</option>";
    330. 

  330. 						
    331. 

  331. 						}
    332. 

  332. 						
    333. 

  333. 						?>
    334. 

  334. 					</select>
    335. 

  335. 				</td>
    336. 

  336. 			</tr>
    337. 

  337. 			<tr>
    338. 

  338. 				<td class="tableCellLabel">Position</td>
    339. 

  339. 				<td>&nbsp;</td>
    340. 

  340. 				<td>
    341. 

  341. 					<select name="position">
    342. 

  342. 					<?
    343. 

  343. 					
    344. 

  344. 					while( $position = mysql_fetch_assoc( $positionsResult ) ) {
    345. 

  345. 						extract( $position, EXTR_OVERWRITE );
    346. 

  346. 				
    347. 

  347. 						echo "<option value='" . $position['positionid'] . "' style='color:#" . $position['deptColor'] . ";'>" . $position['deptName'] . " - " . $position['positionName'] . "</option>";
    348. 

  348. 						
    349. 

  349. 					}
    350. 

  350. 					
    351. 

  351. 					?>
    352. 

  352. 					</select>
    353. 

  353. 				</td>
    354. 

  354. 			</tr>
    355. 

  355. 			<tr>
    356. 

  356. 				<td colspan="3" height="25"></td>
    357. 

  357. 			</tr>
    358. 

  358. 			<tr>
    359. 

  359. 				<td colspan="2"></td>
    360. 

  360. 				<td><input type="image" src="<?=path_userskin;?>buttons/create.png" name="action_create" class="button" value="Create" /></td>
    361. 

  361. 			</tr>
    362. 

  362. 		</table>
    363. 

  363. 		</form>
    364. 

  364. 	</div>
    365. 

  365. 	
    366. 

  366. <? } else { errorMessage( "add character" ); } ?>
    367.