PageRenderTime 25ms CodeModel.GetById 13ms app.highlight 8ms RepoModel.GetById 1ms app.codeStats 0ms

/staffpanel.php

https://github.com/delete66/sikevux-s-tracker
PHP | 336 lines | 262 code | 46 blank | 28 comment | 70 complexity | 692f5ffd1749bd8ab1818f4448656949 MD5 | raw file
  1<?php
  2/****************************************************************\
  3* Staff panel for the TBDEV source code                          *
  4* -------------------------------------------------------------- *
  5* An easy to config staff panel for different staff classes,     *
  6* with different options for each class, like add, edit, delete  *
  7* the pages and to log the actions.                              *
  8* -------------------------------------------------------------- *
  9* @author: Alex2005 for TBDEV.NET                                *
 10* @copyright: Alex2005                                           *
 11* @package: Staff Panel                                          *
 12* @category: Staff Tools                                         *
 13* @version: v1.10 04/07/2008                                     *
 14* @license: GNU General Public License                           *
 15\****************************************************************/
 16include("include/bittorrent.php");
 17require_once ("include/user_functions.php");
 18require_once ("include/bbcode_functions.php");
 19dbconn();
 20maxcoder();
 21if(!logged_in())
 22{
 23header("HTTP/1.0 404 Not Found");
 24// moddifed logginorreturn by retro//Remember to change the following line to match your server
 25print("<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 (xxxxx) Server at ".$_SERVER['SERVER_NAME']." Port 80</address></body></html>\n");
 26die();
 27}
 28parked();
 29/**
 30* Staff classes config
 31*
 32* UC_XYZ  : integer -> the name of the defined class
 33*
 34* Options for a selected class
 35** add    : boolean -> enable/disable page adding
 36** edit   : boolean -> enable/disable page editing
 37** delete : boolean -> enable/disable page deletion
 38** log    : boolean -> enable/disable the loging of the actions
 39*
 40* @result $staff_classes array();
 41*/
 42$staff_classes = array(
 43						UC_MODERATOR 		=> array('add' => false, 	'edit' => false, 	'delete' => false,   	'log' => true),
 44						UC_ADMINISTRATOR 	=> array('add' => false, 	'edit' => false, 	'delete' => false,   	'log' => true),
 45						UC_SYSOP 			=> array('add' => false, 	'edit' => true, 	'delete' => true,		'log' => true),
 46						UC_CODER 			=> array('add' => true, 	'edit' => true, 	'delete' => true,		'log' => true)
 47					  );
 48
 49if (!isset($staff_classes[$CURUSER['class']]))
 50	stderr('Error', 'Access Denied!');
 51
 52$action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
 53$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
 54$class_color = (function_exists('get_user_class_color') ? true : false);
 55
 56if ($action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
 57{
 58	$sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');
 59
 60	$res = mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' : '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
 61	$arr = mysql_fetch_assoc($res);
 62	
 63	if ($CURUSER['class'] < $arr['av_class'])
 64		stderr('Error', 'You are not allowed to delete this page.');
 65	
 66	if (!$sure)
 67		stderr('Sanity check', 'Are you sure you want to delete this page: "'.safechar($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&id='.$id.'&sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');
 68
 69	mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
 70	
 71	if (mysql_affected_rows())
 72	{
 73		if ($staff_classes[$CURUSER['class']]['log'])
 74			write_log('Page "'.$arr['page_name'].'"('.($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).($class_color ? '</font>' : '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
 75		
 76		header('Location: '.$_SERVER['PHP_SELF']);
 77		exit();
 78	}
 79	else
 80		stderr('Error', 'There was a database error, please retry.');
 81}
 82else if (($action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
 83{
 84	$names = array('page_name', 'file_name', 'description', 'av_class');
 85
 86	if ($action == 'edit')
 87	{
 88		$res = mysql_query('SELECT '.implode(', ', $names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
 89		$arr = mysql_fetch_assoc($res);
 90	}
 91	
 92	foreach ($names as $name)
 93		$$name = safechar((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' ? $arr[$name] : '')));
 94	
 95	if ($action == 'edit' && $CURUSER['class'] < $av_class)
 96		stderr('Error', 'You are not allowed to edit this page.');
 97	
 98	if ($_SERVER['REQUEST_METHOD'] == 'POST')
 99	{
100		$errors = array();
101		
102		if (empty($page_name))
103			$errors[] = 'The page name cannot be empty.';
104		
105		if (empty($file_name))
106			$errors[] = 'The filename cannot be empty.';
107		
108		if (empty($description))
109			$errors[] = 'The description cannot be empty.';
110		
111		if (!isset($staff_classes[$av_class]))
112			$errors[] = 'The selected class is not a valid staff class.';
113		
114		if (preg_match('/.php/', $file_name))
115			$errors[] = 'Please remove the ".php" extension from the filename.';
116		
117		if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/', $file_name))
118			$errors[] = 'Inexistent php file.';
119		
120		if (strlen($page_name) < 4 && !empty($page_name))
121			$errors[] = 'The page name is too short (min 4 chars).';
122		
123		if (strlen($page_name) > 30)
124			$errors[] = 'The page name is too long (max 30 chars).';
125		
126		if (strlen($file_name) > 30)
127			$errors[] = 'The filename is too long (max 30 chars).';
128		
129		if (strlen($description) > 100)
130			$errors[] = 'The description is too long (max 100 chars).';
131		
132		if (empty($errors))
133		{
134			if ($action == 'add')
135			{
136				$res = mysql_query("INSERT INTO staffpanel (page_name, file_name, description, av_class, added_by, added) ".
137								   "VALUES (".implode(", ", array_map("sqlesc", array($page_name, $file_name, $description, (int)$av_class, (int)$CURUSER['id'], gmtime()))).")");
138				
139				if (!$res)
140				{
141					if (mysql_errno() == 1062)
142						$errors[] = "This filename is already submited.";
143					else
144						$errors[] = "There was a database error, please retry.";
145				}
146			}
147			else
148			{
149				$res = mysql_query("UPDATE staffpanel SET page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
150				
151				if (!$res)
152					$errors[] = "There was a database error, please retry.";
153			}
154			
155			if (empty($errors))
156			{
157				if ($staff_classes[$CURUSER['class']]['log'])
158					write_log('Page "'.$page_name.'"('.($class_color ? '<font color="#'.get_user_class_color($av_class).'">' : '').get_user_class_name($av_class).($class_color ? '</font>' : '').') in the staff panel was '.($action == 'add' ? 'added' : 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
159				
160				header('Location: '.$_SERVER['PHP_SELF']);
161				exit();
162			}
163		}
164	}
165	
166	stdhead('Staff Panel :: '.($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'); begin_main_frame();
167	
168	if (!empty($errors))
169	{
170		stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.', '<b>'.implode('<br />', $errors).'</b>');
171		?><br /><?php
172	}
173
174	?>
175    <form method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>'>
176	<input type="hidden" name="action" value="<?php echo $action; ?>" />
177    <?php
178	if ($action == 'edit')
179	{
180		?><input type="hidden" name="id" value="<?php echo $id; ?>" /><?php
181	}
182	
183	?>
184    <table cellpadding="5" width="100%" align="center">
185        <tr class="colhead">
186            <td colspan="2"><?php echo ($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'; ?></td>
187        </tr>
188        <tr>
189            <td class="rowhead" width="1%">Page name</td><td align='left'><input type='text' size=50 name='page_name' value="<?php echo $page_name; ?>"></td>
190        </tr>
191        <tr>
192            <td class="rowhead">Filename</td><td align='left'><input type='text' size=50 name='file_name' value="<?php echo $file_name; ?>"><b>.php</b></td>
193        </tr>
194        <tr>
195            <td class="rowhead">Description</td><td align='left'><input type='text' size=50 name='description' value="<?php echo $description; ?>"></td>
196        </tr>
197        <tr>
198            <td class="rowhead"><nobr>Available for</nobr></td>
199            <td align='left'>
200                <select name='av_class'><?php
201                foreach ($staff_classes as $class => $value)
202                {
203                    if ($CURUSER['class'] < $class)
204                        continue;
205                    
206                    echo '<option'.($class_color? ' style="background-color:#'.get_user_class_color($class).';"' : '').' value="'.$class.'"'.($class == $av_class ? ' selected="selected"' : '').'>'.get_user_class_name($class).'</option>';
207                }
208                ?></select>
209            </td>
210        </tr>
211        <tr>
212            <td align="center" colspan="2">
213                <table class="main">
214                	<tr>
215                		<td style="border:none;">
216                        	<input type='Submit' value="Submit"></form>
217						</td>
218                		<td style="border:none;">
219                        	<form method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>'><input type='Submit' value="Cancel"></form>
220						</td>
221                	</tr>
222                </table>
223            </td>
224        </tr>
225    </table>
226	<?php
227	
228	end_main_frame(); stdfoot();
229}
230else
231{
232	stdhead('Staff Panel'); begin_main_frame();
233	
234	?><h1 align="center">Welcome <?php echo $CURUSER['username']; ?> to the Staff Panel!</h1><br /><?php
235	
236	if ($staff_classes[$CURUSER['class']]['add'])
237	{
238		stdmsg('Options', '<a href="'.$_SERVER['PHP_SELF'].'?action=add" title="Add a new page">Add a new page</a>');
239		?><br /><?php
240	}
241	
242	$res = mysql_query('SELECT staffpanel.*, users.username '.
243					   'FROM staffpanel '.
244					   'LEFT JOIN users ON users.id = staffpanel.added_by '.
245					   'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
246					   'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE__, __LINE__);
247	if (mysql_num_rows($res) > 0)
248	{
249		$db_classes = $unique_classes = $mysql_data = array();
250		
251		while ($arr = mysql_fetch_assoc($res))
252			$mysql_data[] = $arr;
253		
254		foreach ($mysql_data as $key => $value)
255			$db_classes[$value['av_class']][] = $value['av_class'];
256		
257		$i=1;
258		foreach ($mysql_data as $key => $arr)
259		{
260			$end_table = (count($db_classes[$arr['av_class']]) == $i ? true : false);
261
262			if (!in_array($arr['av_class'], $unique_classes))
263			{
264				$unique_classes[] = $arr['av_class'];
265				
266				?>
267                <table cellpadding="5" width="100%" align="center"<?php echo (!isset($staff_classes[$arr['av_class']]) ? 'style="background-color:#000000;"' : ''); ?>>
268                    <tr>
269                        <td colspan="4" align="center">
270                            <h2><?php echo ($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).' Panel'.($class_color ? '</font>' : ''); ?></h2>
271                        </td>
272                    </tr>
273                    <tr align="center">
274                        <td class="colhead" align="left" width="100%">Page name</td>
275                        <td class="colhead"><nobr>Added by</nobr></td>
276                        <td class="colhead"><nobr>Date added</nobr></td>
277                        <?php
278                        if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
279                        {
280                            ?><td class="colhead">Links</td><?php
281                        }
282                        ?>
283                    </tr>
284                <?php
285			}
286
287			?>
288			<tr align="center">
289				<td align="left">
290                	<a href="/<?php echo rawurlencode($arr['file_name']); ?>.php"  title="<?php echo safechar($arr['page_name']); ?>"><?php echo safechar($arr['page_name']); ?></a><br /><font class="small"><?php echo safechar($arr['description']); ?></font>
291				</td>
292                <td>
293					<a href="/userdetails.php?id=<?php echo (int)$arr['added_by']; ?>"><?php echo $arr['username']; ?></a>
294                </td>
295                <td>
296                	<nobr><?php echo (function_exists('display_date_time') ? display_date_time(get_date_time($arr['added'])) : get_date_time($arr['added'])); ?><br /><font class="small"><?php echo get_elapsed_time($arr['added']); ?> ago</font></nobr>
297                </td>
298                <?php
299				if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
300				{
301					?>
302					<td>
303                    	<nobr>
304                    	<?php
305						if ($staff_classes[$CURUSER['class']]['edit'])
306						{
307							?><b>[</b><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=edit&id=<?php echo (int)$arr['id']; ?>" title="Edit">E</a><b>]</b><?php
308						}
309						
310						if ($staff_classes[$CURUSER['class']]['delete'])
311						{
312							?><b>[</b><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=delete&id=<?php echo (int)$arr['id']; ?>" title="Delete">D</a><b>]</b><?php
313						}
314						?>
315						</nobr>
316					</td>
317                    <?php
318				}
319			?>
320			</tr>
321			<?php
322			
323			$i++;
324			if ($end_table)
325			{
326				$i=1;
327				?></table><br /><?php
328			}
329		}
330	}
331	else
332		stdmsg('Sorry', 'Nothing found.');
333
334	end_main_frame(); stdfoot();
335}
336?>