/brain/users.php
PHP | 575 lines | 473 code | 68 blank | 34 comment | 101 complexity | a8bc3aafc0076135b302754a7e10a813 MD5 | raw file
Possible License(s): AGPL-3.0, LGPL-2.1
- <?php
- /* users.php - Front-end code for working with users in admin view
- *
- * Copyright (C) 2006, 2007, 2008 Kevin Read, Simone Schaefer
- *
- * This file is part of Selador, a browser-based fantasy strategy game
- *
- * This program is distributed under the terms of the GNU Affero General Public License.
- *
- *
- * Selador is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * any later version.
- *
- * Selador is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with Selador. If not, see <http://www.gnu.org/licenses/>.
- **/
- // Don't push - this code is crude
- $uid = (int)$_REQUEST['id'];
- if ($priv & SEE_PLAYER_OVERVIEW || $priv & SEE_PLAYER_ACTIONS || $priv & BLOCK)
- {
- if (isset ($_REQUEST['cmd']))
- $cmd = $_REQUEST['cmd'];
- else
- $cmd = "overview";
- ?>
- <br>
- <table width="900px"><tr>
- <td><b>Benutzer</b></td>
- <th><a href="admin.php?module=users&cmd=overview">Übersicht</th>
- <?php
- if (isset ($_REQUEST['id']))
- {
- if (($cmd == "view") && ($priv & BLOCK))
- echo '<th><a href="admin.php?module=users&cmd=incidents&id='.$uid.'">Vorfälle</th>';
- else
- {
- if ($cmd == "incidents")
- echo '<th><a href="admin.php?module=users&cmd=view&id='.$uid.'">Protokoll</th>';
- }
- }
- ?>
- </table>
- <?php
- $etypes = array (1=>"Gebäude", 2=>"Forschung", 3=>"Einheiten", 4=>"Angriff", 5=>"Spionage", 6=>"Unterstützung", 7=>"Raubzug", 10=>"Heimkehr", 11=>"Transport", 101=>"Aussenposten", 1000 => "Enklave", 1001 => "Farmland", 1002 => "Holzfäller", 1003 => "Steinbruch", 1004 => "Eisenmine", 2000=>"Admineingriff");
- $incidents = array (1=>"Pushen", 2=>"Bashen", 3=>"Beleidigung", 4=>"Rassismus", 5=>"Sexismus", "Diskriminierung", "Multi", "Bugusing");
- $resolutions = array (1=>"Verwarnung", 10=>"Zeitlich begrenzte Sperre", 200=>"Permanente Sperre");
- if ("overview" == $cmd)
- {
- ?>
- <table width="100%"><tr bgcolor="#d2d2d2">
- <th>Name</th><th>Punkte</th><th>Dörfer</th><th>Erstellt</th>
- <th>Letzte Aktion</th><th>Rasse</th><th>Klasse</th>
- </tr>
- <?php
- $query = "select A.uid, A.user, A.score, A.created, A.changed, count(B.villageid) as villages, C.name as race, D.name as class from user A, village B, races C, classes D where A.race=C.raceid and A.uid=B.uid and A.class=D.classid group by uid;";
- if (!($res = mysql_query ($query))) // Jetzt fragen wir den SQL-Server
- echo "Error: ".mysql_error()."<br>Query:".$query;
- while ($row = mysql_fetch_array ($res))
- {
- echo "<tr bgcolor=\"#eeeeee\"><td><a href=\"admin.php?module=users&cmd=view&id=".$row['uid']."\">".$row['user']."</a></td>";
- echo "<td>".$row['score']."</td>";
- echo "<td>".$row['villages']."</td>";
- echo "<td>".$row['created']."</td>";
- echo "<td>".$row['changed']."</td>";
- echo "<td>".$row['race']."</td>";
- echo "<td>".$row['class']."</td>";
- echo "<td>".$row['stamp']."</td>";
- echo "</tr>\n";
- }
- echo "</table>\n";
- }
- }
- if ($priv & SEE_PLAYERS_ACTIONS || $priv & GIVE_RESSOURCES)
- {
- $gone = 1000000;
- $query = "select *, time_to_sec(timediff(now(),stamp)) as gone from village where uid=".$uid;
- $selectstr = "<option value=\"0\" selected>---</option>";
- if (!($res = mysql_query ($query)))
- {
- echo "<b>Fehler beim Dorfauslesen: ".mysql_error ()."<br>Query: ".$query."</b>";
- exit ();
- }
- else
- {
- while ($vrow = mysql_fetch_array ($res))
- {
- $selectstr .= "<option value=\"".$vrow['villageid']."\">".$vrow['name']."</option>";
- if ($vrow['gone'] < $gone)
- $gone = $vrow['gone'];
- }
- }
- $hours = (int)($gone/3600);
- $minutes = ((int)($gone/60) % 60);
- if ($hours < 10)
- $timestr = "0".$hours;
- else
- $timestr = $hours;
- if ($minutes < 10)
- $timestr .= ":0".$minutes;
- else
- $timestr .= ":".$minutes;
- }
- if ( ($uid) > 0)
- {
- if ($priv & SEE_PLAYERS_ACTIONS || $priv & BLOCK)
- {
- $query = "select *, timediff(now(),changed) as lastaction from user where uid=".$uid;
- if (!($res = mysql_query ($query)))
- {
- echo "<b>Fehler beim Benutzerauslesen: ".mysql_error()."<br>Query: ".$query."</b>";
- }
- else
- {
- if (!($userrow = mysql_fetch_array ($res)))
- echo "<b>Fehler: Benutzer existiert nicht!</b>";
- else
- {
- echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
- echo "<input type=\"hidden\" name=\"module\" value=\"".$module."\">";
- echo "<input type=\"hidden\" name=\"cmd\" value=\"".$cmd."\">";
- echo "<table class=\"inhalt\"><tr><td>Name: </td><td>".$userrow['user']."</td></tr>";
- echo "<tr><td>Punkte:</td><td>".$userrow['score']."</td></tr>";
- echo "<tr><td>eMail:</td><td>".$userrow['email']."</td></tr>";
- }
- }
- echo "<tr><td>Letzte Aktion:</td><td>".$row['changed'].". (vor ".$timestr." Stunden)</td></tr></table></form>";
- }
- if ($priv & SEND_HERO_HOME)
- {
- echo '<hr><h6>Held heimschicken</h6>';
- echo 'Symptom: Held existiert nicht in den Einheitenlisten. Auf der Heldseite steht etwas von "schlafend in ", aber ohne Namen dahinter';
- echo '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">
- <input type="submit" name="sendHeroHome" value="Held heimschicken">
- <input type="hidden" name="id" value="'.$uid.'">
- <input type="hidden" name="module" value="users">
- <input type="hidden" name="cmd" value="view">
- ';
- if (isset($_POST['sendHeroHome']) || (isset ($_POST['sendReally']) ))
- {
- $query = "select hero_troopid from user where uid=".$uid;
- if ($res = mysql_query($query))
- {
- if ($row = mysql_fetch_array($res))
- {
- $troopid = (int)$row['hero_troopid'];
- $query = "select A.*, B.name, B.outpost_of from armies A, village B where A.location=B.villageid and A.troopid=".$troopid;
- if ($res = mysql_query($query))
- {
- if (mysql_num_rows($res) > 0 && !(isset ($_POST['sendReally'])))
- {
- echo 'Sieht eigentlich alles ok aus. Trotzdem fortfahren?';
- echo '<input type="submit" name="sendReally" value="Ja, weitermachen">';
- }
- if (mysql_num_rows($res) == 0 || (isset ($_POST['sendReally'])))
- {
- //echo 'uarg? '.$query;
- //ueberpruefen, ob der held noch irgendwo versteckt unterwegs ist
- $query = "select A.troopid, A.unitid, A.amount from troops A join armies B on (A.troopid=B.troopid) WHERE uid=".$uid." AND A.unitid=1000 AND A.amount > 0";
- if ($res = mysql_query($query))
- {
- if (mysql_num_rows($res) > 0)
- {
- if ($row = mysql_fetch_array($res))
- {
- $query = "delete from troops where troopid=".$row['troopid']." AND unitid=1000 and amount > 0";
- if (!mysql_query($query))
- echo 'Fehler: '.$query;
- }
- }
- //stadt suchen, in die der Held versetzt wird
- $query = "select villageid from village where uid=".$uid." and outpost_of=0 limit 1";
- if ($res = mysql_query($query))
- {
- if ($row = mysql_fetch_array($res))
- {
- $villageid = $row[0];
- //held wieder in eine troop in seiner Heimatstadt einfügen
- $query = "select troopid from armies where villageid=".$villageid." and location=".$villageid;
- if ($res = mysql_query($query))
- {
- if ($row = mysql_fetch_array($res))
- {
- $new_troopid = $row['troopid'];
- $query = "replace into troops (troopid, unitid, amount) values (".$new_troopid.", 1000, 1)";
- if (mysql_query($query))
- {
- //troopid des helden nullen
- $query ="update user set hero_troopid=0 , hero_location=".$villageid." where uid=".$uid ;
- if (mysql_query($query))
- {
- echo '<b>Erfolgreich zurückgeschickt.</b>';
- }
- else
- {
- echo 'Fehler: '.$query;
- }
- }
- else
- {
- echo 'Fehler: '.$query;
- }
- }
- }
- else
- {
- echo 'Fehler: '.$query;
- }
- }
- }
- }
- }
- }
- else
- {
- echo 'Fehler: '.$query;
- }
- }
- else
- {
- echo 'empty row: '.$query;
- }
- }
- else
- {
- echo 'Fehler: '.$query;
- }
- }
- echo '</form>';
- }
- }
- if ("view" == $cmd)
- {
- require_once ("event.php");
- require_once ("eventmap.php");
- require_once ("unitmap.php");
- //der spieler soll gsperrt werden
- if (isset($_POST['block']))
- {
- if ($priv & BLOCK)
- {
- //print_r($_POST);
- if (!isset($_POST['sure'] ))
- {
- echo "Haken setzen!";
- }
- else
- {
- if ($_POST['sure'] == 0) // benutzer entsperren
- $userstate = "NULL";
- else
- $userstate = "\"".mysql_real_escape_string(trim($_POST['until']))."\"";
- $uid = (int)$_REQUEST['id'];
- $query = "update user set userstate=".$userstate." where uid=".$uid;
- if (!mysql_query($query))
- echo "<b>Fehler beim Sperren: Query:".$query. ", Fehler: ".mysql_error()."</b>";
- else
- {
- //user entsperren: ggf muss inaktivitaet wieder zurueckgesetzt werden
- if ((int)$_POST['sure'] == 0)
- {
- $query = "update user set inactivity=1 where uid=".$uid;
- }
- //user sperren: ggf auf inaktiv setzen
- if (((int)$_POST['sure'] == 1) && ($_POST['make_inactive'] == 1))
- {
- $query = "update user set inactivity=3 where uid=".$uid;
- }
- if (!mysql_query($query))
- echo "<b>Fehler beim Inaktiv-Schalten: Query:".$query. ", Fehler: ".mysql_error()."</b>";
- echo "<b>User wurde ge/entsperrt</b>";
- $userrow['userstate'] = $_POST['until'];
- }
- }
- }
- else
- {
- echo '<span id="error">Du darfst keine Spieler sperren</span>';
- }
- }
- if (isset ($_REQUEST['Geben']))
- {
- if ($priv & GIVE_RESSOURCES)
- {
- if ((int)$_REQUEST['tovillage'])
- {
- $prefix = "";
- $query = "update village set ";
- if ($_REQUEST['ress1'])
- {
- $query .= "ress1=ress1+".(int)$_REQUEST['ress1'];
- $prefix = ",";
- }
- if ($_REQUEST['ress2'])
- {
- $query .= $prefix."ress2=ress2+".(int)$_REQUEST['ress2'];
- $prefix = ",";
- }
- if ($_REQUEST['ress3'])
- {
- $query .= $prefix."ress3=ress3+".(int)$_REQUEST['ress3'];
- $prefix = ",";
- }
- if ($_REQUEST['ress4'])
- {
- $query .= $prefix."ress4=ress4+".(int)$_REQUEST['ress4'];
- $prefix = ",";
- }
- $query .= " where villageid=".(int)$_REQUEST['tovillage'];
- if (!mysql_query ($query))
- {
- echo "<b>Die Aktion konnte nicht ausgeführt werden</b>";
- }
- else
- {
- // $query = "insert into operlog
- $query = "insert into eventlog (eid, uid1, village1, uid2, village2, fired, happened, type, state) values (0, ".$uid.", ".(int)$_REQUEST['tovillage'].", 0, 0, now(), now(), 2000, 1)";
- if (!mysql_query ($query))
- echo "<b>Cannot add evenlog entry for new village. Query: ".$query.", ".mysql_error()."</b>";
- else
- echo "<b>Rohstoffe gegeben. </b>";
- }
- }
- else
- echo "<span id=\"error\">Dorf angeben</span><br>";
- }
- else
- {
- echo '<span id="error">Du darfst keine Rohstoffe geben</span>';
- }
- }
- if ($priv & BLOCK)
- {
- echo "<hr><form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
- echo "<table>";
- if ($userrow['userstate'])
- {
- echo "<tr><td colspan=\"2\"><span style=\"color:red\">Benutzer gesperrt bis ".$userrow['userstate'];
- if (2 == $userrow['inactivity'])
- {
- echo " und als inaktiv markiert";
- }
- echo "</span></td></tr>";
- $output = " entsperren ";
- $checkbox = 0;
- }
- else
- {
- $output = "sperren";
- $checkbox = 1;
- }
- echo "<tr><td colspan=\"2\"><br><input type=\"checkbox\" name=\"sure\" value=\"".$checkbox."\">Ja, Benutzer ".$output."
- \n<br> <br>";
- if (!$userrow['userstate'])
- echo "<input type=\"checkbox\" name=\"make_inactive\" value=\"1\">...und dabei als inaktiv markieren ";
- if (!$userrow['userstate'])
- echo ' <br><br>er soll gesperrt werden bis <input type="text" name="until"> (Format: JJJJ-MM-TT hh:mm:ss)';
- echo "<br><input type=\"submit\" name=\"block\" value=\"Benutzer ".$output."\"> ";
- echo "<input type=\"hidden\" name=\"id\" value=\"".$uid."\"><input type=\"hidden\" name=\"module\" value=\"users\"><input type=\"hidden\" name=\"cmd\" value=\"view\">";
- echo "</td></tr></table>";
- echo "</form>";
- }
- if ($priv & GIVE_RESSOURCES)
- {
- echo "<hr><form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
- echo "<table><tr><td>Ress geben nach:</td>";
- echo "<td><select name=\"tovillage\" size=\"1\">".$selectstr."</select> Holz: ";
- echo "<input type=\"text\" size=\"6\" name=\"ress1\"> Stein: <input type=\"text\" size=\"6\" name=\"ress2\"> Eisen: <input type=\"text\" size=\"6\" name=\"ress3\"> Gold <input type=\"text\" size=\"6\" name=\"ress4\"> <input type=\"submit\" name=\"Geben\" value=\"Geben\"></td></tr><input type=\"hidden\" name=\"id\" value=\"".$uid."\"><input type=\"hidden\" name=\"module\" value=\"users\"><input type=\"hidden\" name=\"cmd\" value=\"view\"></table></form>";
- }
- if ($priv & SEE_PLAYERS_ACTIONS)
- {
- if (isset ($_REQUEST['p']))
- {
- $page = (int)$_REQUEST['p'];
- if ($page < 0)
- $page = 0;
- $pagestr = "<a href=\"".$_SERVER['PHP_SELF']."?p=".($page-1)."&module=users&cmd=view&id=".$uid."\">Zurück blättern</a>";
- }
- else
- $page = 0;
- $pagestr .= " <a href=\"".$_SERVER['PHP_SELF']."?p=".($page+1)."&module=users&cmd=view&id=".$uid."\">Vor blättern</a>";
- echo $pagestr;
- $query = "select A.*, B.user as fromwho, C.name as fromwhere, D.user as towho, E.name as towhere, F.ress1, F.ress2, F.ress3, F.ress4 from eventlog A left join user B on (A.uid1=B.uid) left join village C on (A.village1=C.villageid) left join user D on (A.uid2=D.uid and A.type in (4,5,6,7,10,11)) left join village E on (A.village2=E.villageid and A.type in (4,5,6,7,10,11)) left join old_transport F on (A.type=11 and A.param=F.merchantid and F.flag=0) where A.uid1=".$uid." or A.uid2=".$uid." order by A.fired desc limit ".($page*300).",300";
- // echo $query;
- if (!($res = mysql_query ($query)))
- {
- echo "<b>Fehler: Kann Eventlog nicht lesen: ".mysql_error()."<br>Query: ".$query."</b>";
- }
- else
- {
- echo "<table class=\"inhalt\" cellspacing=\"0\"><tr><th id=\"rundrum\">Fertig</th><th id=\"rundrum\">Ausgeführt</th><th id=\"rundrum\" colspan=\"2\">Von</th><th id=\"rundrum\" colspan=\"2\">Nach</th><th id=\"rundrum\">Art</th></tr>";
- while ($row = mysql_fetch_array ($res))
- {
- if ($row['state'] == 1)
- $color = "\"#33CC33\"";
- else
- $color = "\"#DDDDDD\"";
- echo "<tr><td id=\"rundrum\" bgcolor=".$color.">".$row['happened']."</td><td id=\"rundrum\" bgcolor=".$color.">".$row['fired']."</td>";
- echo "<td id=\"rundrum\">".$row['fromwho']." (".$row['uid1'].")</td><td id=\"rundrum\">".$row['fromwhere']." </td>";
- echo "<td id=\"rundrum\">".$row['towho']." (".$row['uid2'].")</td>";
- if ($row['type'] >= 1000)
- echo "<td id=\"rundrum\">(".($row['village2'] % WORLD_SIZEX)." | ".(int)($row['village2'] / WORLD_SIZEX).")</td>";
- else
- echo "<td id=\"rundrum\">".$row['towhere']."</td>";
- if (!isset ($etypes[$row['type']]))
- echo "<td id=\"rundrum\">".$row['type'].": ";
- else
- echo "<td id=\"rundrum\">".$etypes[$row['type']].": ";
- switch ($row['type'])
- {
- case BUILDING:
- echo $buildmap[$row['village2']]." ".$row['param'];
- break;
- case RESEARCH:
- echo $resmap[$row['param2']]." ".$row['param'];
- break;
- case RECRUITING:
- if ($row['state'])
- echo $row['village2']." ".$unitmap[$row['param']];
- else
- echo (int)($row['village2'] / $row['param2'])." ".$unitmap[$row['param']];
- break;
- case RETURNING:
- $query = "select coin,param from rep_loot where reportid=".$row['param2']." and value=".$row['uid1']." and coin<4";
- if (!($lres = mysql_query ($query)))
- echo "Fehler: ".$query.", ".mysql_error();
- else
- {
- while ($lrow = mysql_fetch_row ($lres))
- {
- $loot[($lrow[0]+1)] = $lrow[1];
- }
- echo "<img src=\"../gfx/holz.gif\">".$loot[1]."<img src=\"../gfx/lehm.gif\">".$loot[2];
- echo "<img src=\"../gfx/iron.gif\">".$loot[3]."<img src=\"../gfx/mana.gif\">".$loot[4];
- }
- break;
- case TRANSPORT:
- echo "<img src=\"../gfx/holz.gif\">".$row['ress1']."<img src=\"../gfx/lehm.gif\">".$row['ress2'];
- echo "<img src=\"../gfx/iron.gif\">".$row['ress3']."<img src=\"../gfx/mana.gif\">".$row['ress4'];
- break;
- case 1000:
- case 1001:
- case 1002:
- case 1003:
- case 1004:
- echo $row['param'];
- break;
- }
- echo "</td></tr>";
- }
- echo "</table>";
- }
- }
- }
- if ($cmd == "incidents" )
- {
- if ($priv & BLOCK)
- {
- if (isset ($_REQUEST['newinc']) && isset ($_REQUEST['type']))
- {
- $type = (int)$_REQUEST['type'];
- $query = "insert into incidents (uid1, type, state, resolution, creator) values (".$uid.", ".$type.", 0, 0, \"".$_SERVER['REMOTE_USER']."\")";
- if (!mysql_query ($query))
- echo "<b>Konnte ich leider nicht anlegen: ".mysql_error ();
- }
- echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
- echo '
- <table><tr><th>Neuen Vorfall anlegen: <input type="hidden" name="id" value="'.$uid.'"><select name="type" size="1">';
- foreach ($incidents as $idx=>$this_inc)
- echo '<option value="'.$idx.'">'.$this_inc.'</option>';
- echo '</select></th><th>
- <input type="hidden" name="module" value="users"><input type="hidden" name="cmd" value="incidents">
- <input type="submit" name="newinc" value="Anlegen"></th></tr>';
- $query = "select * from incidents where uid1=".$uid;
- if (!($res = mysql_query ($query)))
- {
- echo "DB-Fehler :(".mysql_error();
- }
- else
- {
- if (!mysql_num_rows ($res))
- {
- echo "<tr><td colspan=\"3\"><b>Keine Vorfälle bisher</b></td></tr>";
- }
- else
- {
- echo '<tr><th>Wann</th><th>Vorfall</th><th>Admin</th></tr>';
- while ($row = mysql_fetch_array ($res))
- {
- echo '<tr><td>'.$row['stamp'].'</td><td><a href="'.$_SERVER['PHP_SELF'].'?module=users&cmd=incidents&id='.$uid.'&incid='.$row['incidentid'].'">'.$incidents[$row['type']].'</a></td><td>'.$row['creator'].'</td></tr>';
- }
- }
- }
- echo "</table></form>";
- }
- else
- {
- echo '<span id="error">Du darfst nicht sperren</span>';
- }
- }
- ?>