users.php | searchcode

/brain/users.php

https://bitbucket.org/obsidian/selador
PHP | 575 lines | 473 code | 68 blank | 34 comment | 101 complexity | a8bc3aafc0076135b302754a7e10a813 MD5 | raw file
Possible License(s): AGPL-3.0, LGPL-2.1

<?php

/* users.php - Front-end code for working with users in admin view
 *
 * Copyright (C) 2006, 2007, 2008 Kevin Read, Simone Schaefer
 *
 * This file is part of Selador, a browser-based fantasy strategy game
 *
 * This program is distributed under the terms of the GNU Affero General Public License.
 *
 *
 *   Selador is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU Affero General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   any later version.
 *
 *   Selador is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU Affero General Public License for more details.
 *
 *   You should have received a copy of the GNU Affero General Public License
 *   along with Selador.  If not, see <http://www.gnu.org/licenses/>.
 **/

// Don't push - this code is crude
$uid = (int)$_REQUEST['id'];

if ($priv & SEE_PLAYER_OVERVIEW || $priv & SEE_PLAYER_ACTIONS || $priv & BLOCK)
{

	if (isset ($_REQUEST['cmd']))
	  $cmd = $_REQUEST['cmd'];
	else
	  $cmd = "overview";

?>

	<br>
	<table width="900px"><tr>
	<td><b>Benutzer</b></td>
	<th><a href="admin.php?module=users&cmd=overview">&Uuml;bersicht</th>
	<?php

	if (isset ($_REQUEST['id']))
	{
		if (($cmd == "view") && ($priv & BLOCK))
			echo '<th><a href="admin.php?module=users&cmd=incidents&id='.$uid.'">Vorfälle</th>';
		else
		{
			if ($cmd == "incidents")
				echo '<th><a href="admin.php?module=users&cmd=view&id='.$uid.'">Protokoll</th>';
		}
	}
	?>
	</table>

	<?php

	$etypes = array (1=>"Gebäude", 2=>"Forschung", 3=>"Einheiten", 4=>"Angriff", 5=>"Spionage", 6=>"Unterstützung", 7=>"Raubzug", 10=>"Heimkehr", 11=>"Transport", 101=>"Aussenposten", 1000 => "Enklave", 1001 => "Farmland", 1002 => "Holzf&auml;ller", 1003 => "Steinbruch", 1004 => "Eisenmine", 2000=>"Admineingriff");

	$incidents = array (1=>"Pushen", 2=>"Bashen", 3=>"Beleidigung", 4=>"Rassismus", 5=>"Sexismus", "Diskriminierung", "Multi", "Bugusing");

	$resolutions = array (1=>"Verwarnung", 10=>"Zeitlich begrenzte Sperre", 200=>"Permanente Sperre");


	if ("overview" == $cmd)
	{
	  ?>
	  <table width="100%"><tr bgcolor="#d2d2d2">
	  <th>Name</th><th>Punkte</th><th>Dörfer</th><th>Erstellt</th>
	  <th>Letzte Aktion</th><th>Rasse</th><th>Klasse</th>
	  </tr>
	  <?php
	  $query = "select A.uid, A.user, A.score, A.created, A.changed, count(B.villageid) as villages, C.name as race, D.name as class from user A, village B, races C, classes D where A.race=C.raceid and A.uid=B.uid and A.class=D.classid group by uid;";

	  if (!($res = mysql_query ($query)))   // Jetzt fragen wir den SQL-Server
		echo "Error: ".mysql_error()."<br>Query:".$query;

	while ($row = mysql_fetch_array ($res))
	  {
		echo "<tr bgcolor=\"#eeeeee\"><td><a href=\"admin.php?module=users&cmd=view&id=".$row['uid']."\">".$row['user']."</a></td>";
		echo "<td>".$row['score']."</td>";
		echo "<td>".$row['villages']."</td>";
		echo "<td>".$row['created']."</td>";
		echo "<td>".$row['changed']."</td>";
		echo "<td>".$row['race']."</td>";
		echo "<td>".$row['class']."</td>";
		echo "<td>".$row['stamp']."</td>";
		echo "</tr>\n";
	  }
	  echo "</table>\n";
	}
}


if ($priv & SEE_PLAYERS_ACTIONS || $priv & GIVE_RESSOURCES)
{
	$gone = 1000000;
	$query = "select *, time_to_sec(timediff(now(),stamp)) as gone from village where uid=".$uid;

	$selectstr = "<option value=\"0\" selected>---</option>";
	if (!($res = mysql_query ($query)))
	{
		echo "<b>Fehler beim Dorfauslesen: ".mysql_error ()."<br>Query: ".$query."</b>";
		exit ();
	}
	else
	{
		while ($vrow = mysql_fetch_array ($res))
		{
			$selectstr .= "<option value=\"".$vrow['villageid']."\">".$vrow['name']."</option>";
			if ($vrow['gone'] < $gone)
				$gone = $vrow['gone'];
		}
	}

	$hours = (int)($gone/3600);
	$minutes = ((int)($gone/60) % 60);

	if ($hours < 10)
		$timestr = "0".$hours;
	else
		$timestr = $hours;
	if ($minutes < 10)
		$timestr .= ":0".$minutes;
	else
		$timestr .= ":".$minutes;
}


if ( ($uid) > 0)
{

	if ($priv & SEE_PLAYERS_ACTIONS || $priv & BLOCK)
	{
		$query = "select *, timediff(now(),changed) as lastaction from user where uid=".$uid;

		if (!($res = mysql_query ($query)))
		{
			echo "<b>Fehler beim Benutzerauslesen: ".mysql_error()."<br>Query: ".$query."</b>";
		}
		else
		{
			if (!($userrow = mysql_fetch_array ($res)))
				echo "<b>Fehler: Benutzer existiert nicht!</b>";
			else
			{


				echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
				echo "<input type=\"hidden\" name=\"module\" value=\"".$module."\">";
				echo "<input type=\"hidden\" name=\"cmd\" value=\"".$cmd."\">";
				echo "<table class=\"inhalt\"><tr><td>Name: </td><td>".$userrow['user']."</td></tr>";
				echo "<tr><td>Punkte:</td><td>".$userrow['score']."</td></tr>";
				echo "<tr><td>eMail:</td><td>".$userrow['email']."</td></tr>";
			}
		}
		echo "<tr><td>Letzte Aktion:</td><td>".$row['changed'].". (vor ".$timestr." Stunden)</td></tr></table></form>";

	}

	if ($priv & SEND_HERO_HOME)
	{
		echo '<hr><h6>Held heimschicken</h6>';
		echo 'Symptom: Held existiert nicht in den Einheitenlisten. Auf der Heldseite steht etwas von "schlafend in ", aber ohne Namen dahinter';
		echo '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">
			<input type="submit" name="sendHeroHome" value="Held heimschicken">
			<input type="hidden" name="id" value="'.$uid.'">
			<input type="hidden" name="module" value="users">
			<input type="hidden" name="cmd" value="view">
		';
		if (isset($_POST['sendHeroHome']) || (isset ($_POST['sendReally']) ))
		{
			$query = "select hero_troopid from user where uid=".$uid;
			if ($res = mysql_query($query))
			{
				if ($row = mysql_fetch_array($res))
				{
					$troopid = (int)$row['hero_troopid'];
					$query = "select A.*, B.name, B.outpost_of from armies A, village B where A.location=B.villageid and A.troopid=".$troopid;
					if ($res = mysql_query($query))
					{
						if (mysql_num_rows($res) > 0 && !(isset ($_POST['sendReally'])))
						{
							echo 'Sieht eigentlich alles ok aus. Trotzdem fortfahren?';
							echo '<input type="submit" name="sendReally" value="Ja, weitermachen">';
						}
						if (mysql_num_rows($res) == 0 || (isset ($_POST['sendReally'])))
						{
							//echo 'uarg? '.$query;
							//ueberpruefen, ob der held noch irgendwo versteckt unterwegs ist
							$query = "select A.troopid, A.unitid, A.amount from troops A join armies B on (A.troopid=B.troopid) WHERE uid=".$uid." AND A.unitid=1000 AND A.amount > 0";
							if ($res = mysql_query($query))
							{
								if (mysql_num_rows($res) > 0)
								{
									if ($row = mysql_fetch_array($res))
									{
										$query = "delete from troops where troopid=".$row['troopid']." AND unitid=1000 and amount > 0";
										if (!mysql_query($query))
											echo 'Fehler: '.$query;
									}
								}
								//stadt suchen, in die der Held versetzt wird
								$query = "select villageid from village where uid=".$uid." and outpost_of=0 limit 1";
								if ($res = mysql_query($query))
								{
									if ($row = mysql_fetch_array($res))
									{
$villageid = $row[0];
										//held wieder in eine troop in seiner Heimatstadt einfügen
										$query =  "select troopid from armies where villageid=".$villageid." and location=".$villageid;
										if ($res = mysql_query($query))
										{
											if ($row = mysql_fetch_array($res))
											{
												$new_troopid = $row['troopid'];
												$query = "replace into troops (troopid, unitid, amount) values (".$new_troopid.", 1000, 1)";
												if (mysql_query($query))
												{
													//troopid  des helden nullen
													$query ="update user set hero_troopid=0 , hero_location=".$villageid." where uid=".$uid ;
													if (mysql_query($query))
													{
														echo '<b>Erfolgreich zurückgeschickt.</b>';
													}
													else
													{
														echo 'Fehler: '.$query;
													}
												}
												else
												{
													echo 'Fehler: '.$query;
												}
											}
										}
										else
										{
											echo 'Fehler: '.$query;
										}

									}
								}

							}
						}
					}
					else
					{
						echo 'Fehler: '.$query;
					}
				}
				else
				{
					echo 'empty row: '.$query;
				}
			}
			else
			{
				echo 'Fehler: '.$query;
			}
		}
		echo '</form>';

	}
}


if ("view" == $cmd)
{
	require_once ("event.php");
	require_once ("eventmap.php");
	require_once ("unitmap.php");

	//der spieler soll gsperrt werden
	if (isset($_POST['block']))
	{
		if ($priv & BLOCK)
		{
			//print_r($_POST);
			if (!isset($_POST['sure'] ))
			{
				echo "Haken setzen!";
			}
			else
			{
				if ($_POST['sure'] == 0) // benutzer entsperren
					$userstate = "NULL";
				else
					$userstate = "\"".mysql_real_escape_string(trim($_POST['until']))."\"";
				$uid = (int)$_REQUEST['id'];
				$query = "update user set userstate=".$userstate." where uid=".$uid;
				if (!mysql_query($query))
					echo "<b>Fehler beim Sperren: Query:".$query. ", Fehler:  ".mysql_error()."</b>";
				else
				{
					//user entsperren: ggf muss inaktivitaet wieder zurueckgesetzt werden
					if ((int)$_POST['sure'] == 0)
					{
						$query = "update user set inactivity=1 where uid=".$uid;

					}
					//user sperren: ggf auf inaktiv setzen
					if (((int)$_POST['sure'] == 1) && ($_POST['make_inactive'] == 1))
					{
						$query = "update user set inactivity=3 where uid=".$uid;

					}
					if (!mysql_query($query))
						echo "<b>Fehler beim Inaktiv-Schalten: Query:".$query. ", Fehler:  ".mysql_error()."</b>";
					echo "<b>User wurde ge/entsperrt</b>";
					$userrow['userstate'] = $_POST['until'];
				}
			}
		}
		else
		{
			echo '<span id="error">Du darfst keine Spieler sperren</span>';
		}
	}


	if (isset ($_REQUEST['Geben']))
	{
		if ($priv & GIVE_RESSOURCES)
		{
			if ((int)$_REQUEST['tovillage'])
			{
				$prefix = "";
				$query = "update village set ";

				if ($_REQUEST['ress1'])
				{
					$query .= "ress1=ress1+".(int)$_REQUEST['ress1'];
					$prefix = ",";
				}
				if ($_REQUEST['ress2'])
				{
					$query .= $prefix."ress2=ress2+".(int)$_REQUEST['ress2'];
					$prefix = ",";
				}
				if ($_REQUEST['ress3'])
				{
					$query .= $prefix."ress3=ress3+".(int)$_REQUEST['ress3'];
					$prefix = ",";
				}
				if ($_REQUEST['ress4'])
				{
					$query .= $prefix."ress4=ress4+".(int)$_REQUEST['ress4'];
					$prefix = ",";
				}
				$query .= " where villageid=".(int)$_REQUEST['tovillage'];

				if (!mysql_query ($query))
				{
					echo "<b>Die Aktion konnte nicht ausgeführt werden</b>";
				}
				else
				{
					// $query = "insert into operlog
					$query = "insert into eventlog (eid, uid1, village1, uid2, village2, fired, happened, type, state) values (0, ".$uid.", ".(int)$_REQUEST['tovillage'].", 0, 0, now(), now(), 2000, 1)";

					if (!mysql_query ($query))
						echo "<b>Cannot add evenlog entry for new village. Query: ".$query.", ".mysql_error()."</b>";
					else
						echo "<b>Rohstoffe gegeben. </b>";

				}
			}
			else
				echo "<span id=\"error\">Dorf angeben</span><br>";
		}
		else
		{
			echo '<span id="error">Du darfst keine Rohstoffe geben</span>';
		}
	}


	if ($priv & BLOCK)
	{
		echo "<hr><form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
		echo "<table>";
		if ($userrow['userstate'])
		{
			echo "<tr><td colspan=\"2\"><span style=\"color:red\">Benutzer gesperrt bis ".$userrow['userstate'];
			if (2 == $userrow['inactivity'])
			{
				echo " und als inaktiv markiert";
			}
			echo "</span></td></tr>";
			$output = " entsperren ";
			$checkbox = 0;
		}
		else
		{
			$output = "sperren";
			$checkbox = 1;
		}
		echo "<tr><td colspan=\"2\"><br><input type=\"checkbox\" name=\"sure\" value=\"".$checkbox."\">Ja, Benutzer ".$output."
		\n<br> <br>";
		if (!$userrow['userstate'])
			echo "<input type=\"checkbox\" name=\"make_inactive\" value=\"1\">...und dabei als inaktiv markieren ";
		if (!$userrow['userstate'])
			echo ' <br><br>er soll gesperrt werden bis <input type="text" name="until"> (Format: JJJJ-MM-TT hh:mm:ss)';
		echo "<br><input type=\"submit\" name=\"block\" value=\"Benutzer ".$output."\"> ";
		echo "<input type=\"hidden\" name=\"id\" value=\"".$uid."\"><input type=\"hidden\" name=\"module\" value=\"users\"><input type=\"hidden\" name=\"cmd\" value=\"view\">";
		echo "</td></tr></table>";
		echo "</form>";
	}

	if ($priv & GIVE_RESSOURCES)
	{
		echo "<hr><form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";
		echo "<table><tr><td>Ress geben nach:</td>";
		echo "<td><select name=\"tovillage\" size=\"1\">".$selectstr."</select>&nbsp;Holz: ";
		echo "<input type=\"text\" size=\"6\"  name=\"ress1\">&nbsp;Stein:&nbsp;<input type=\"text\" size=\"6\" name=\"ress2\">&nbsp;Eisen:&nbsp;<input type=\"text\" size=\"6\" name=\"ress3\">&nbsp;Gold&nbsp;<input type=\"text\" size=\"6\" name=\"ress4\">&nbsp;<input type=\"submit\" name=\"Geben\" value=\"Geben\"></td></tr><input type=\"hidden\" name=\"id\" value=\"".$uid."\"><input type=\"hidden\" name=\"module\" value=\"users\"><input type=\"hidden\" name=\"cmd\" value=\"view\"></table></form>";
	}

	if ($priv & SEE_PLAYERS_ACTIONS)
	{
		if (isset ($_REQUEST['p']))
		{
			$page = (int)$_REQUEST['p'];

			if ($page < 0)
				$page = 0;

			$pagestr = "<a href=\"".$_SERVER['PHP_SELF']."?p=".($page-1)."&module=users&cmd=view&id=".$uid."\">Zurück blättern</a>";
		}
		else
			$page = 0;

		$pagestr .= "&nbsp;&nbsp;<a href=\"".$_SERVER['PHP_SELF']."?p=".($page+1)."&module=users&cmd=view&id=".$uid."\">Vor blättern</a>";


		echo $pagestr;
		$query = "select A.*, B.user as fromwho, C.name as fromwhere, D.user as towho, E.name as towhere, F.ress1, F.ress2, F.ress3, F.ress4 from eventlog A left join user B on (A.uid1=B.uid) left join village C on (A.village1=C.villageid) left join user D on (A.uid2=D.uid and A.type in (4,5,6,7,10,11)) left join village E on (A.village2=E.villageid and A.type in (4,5,6,7,10,11)) left join old_transport F on (A.type=11 and A.param=F.merchantid and F.flag=0) where A.uid1=".$uid." or A.uid2=".$uid." order by A.fired desc limit ".($page*300).",300";
		// echo $query;
		if (!($res = mysql_query ($query)))
		{
			echo "<b>Fehler: Kann Eventlog nicht lesen: ".mysql_error()."<br>Query: ".$query."</b>";
		}
		else
		{
			echo "<table class=\"inhalt\" cellspacing=\"0\"><tr><th id=\"rundrum\">Fertig</th><th id=\"rundrum\">Ausgeführt</th><th id=\"rundrum\" colspan=\"2\">Von</th><th id=\"rundrum\" colspan=\"2\">Nach</th><th id=\"rundrum\">Art</th></tr>";
			while ($row = mysql_fetch_array ($res))
			{
				if ($row['state'] == 1)
					$color = "\"#33CC33\"";
				else
					$color = "\"#DDDDDD\"";
				echo "<tr><td id=\"rundrum\" bgcolor=".$color.">".$row['happened']."</td><td id=\"rundrum\" bgcolor=".$color.">".$row['fired']."</td>";
				echo "<td id=\"rundrum\">".$row['fromwho']." (".$row['uid1'].")</td><td id=\"rundrum\">".$row['fromwhere']." </td>";
				echo "<td id=\"rundrum\">".$row['towho']." (".$row['uid2'].")</td>";

				if ($row['type'] >= 1000)
					echo "<td id=\"rundrum\">(".($row['village2'] % WORLD_SIZEX)." | ".(int)($row['village2'] / WORLD_SIZEX).")</td>";
				else
					echo "<td id=\"rundrum\">".$row['towhere']."</td>";
				if (!isset ($etypes[$row['type']]))
					echo "<td id=\"rundrum\">".$row['type'].": ";
				else
					echo "<td id=\"rundrum\">".$etypes[$row['type']].": ";

				switch ($row['type'])
				{
					case BUILDING:
						echo $buildmap[$row['village2']]." ".$row['param'];
						break;
					case RESEARCH:
						echo $resmap[$row['param2']]." ".$row['param'];
						break;
					case RECRUITING:
						if ($row['state'])
							echo $row['village2']." ".$unitmap[$row['param']];
						else
							echo (int)($row['village2'] / $row['param2'])." ".$unitmap[$row['param']];
						break;
					case RETURNING:
						$query = "select coin,param from rep_loot where reportid=".$row['param2']." and value=".$row['uid1']." and coin<4";

						if (!($lres = mysql_query ($query)))
							echo "Fehler: ".$query.", ".mysql_error();
						else
						{
							while ($lrow = mysql_fetch_row ($lres))
							{
								$loot[($lrow[0]+1)] = $lrow[1];
							}
							echo "<img src=\"../gfx/holz.gif\">".$loot[1]."<img src=\"../gfx/lehm.gif\">".$loot[2];
							echo "<img src=\"../gfx/iron.gif\">".$loot[3]."<img src=\"../gfx/mana.gif\">".$loot[4];
						}
						break;
					case TRANSPORT:
						echo "<img src=\"../gfx/holz.gif\">".$row['ress1']."<img src=\"../gfx/lehm.gif\">".$row['ress2'];
						echo "<img src=\"../gfx/iron.gif\">".$row['ress3']."<img src=\"../gfx/mana.gif\">".$row['ress4'];
						break;
					case 1000:
					case 1001:
					case 1002:
					case 1003:
					case 1004:
						echo $row['param'];
						break;

				}
				echo "</td></tr>";
			}
			echo "</table>";
		}
	}
}



if ($cmd == "incidents" )
{
	if ($priv & BLOCK)
	{
		if (isset ($_REQUEST['newinc']) && isset ($_REQUEST['type']))
		{
			$type = (int)$_REQUEST['type'];

			$query = "insert into incidents (uid1, type, state, resolution, creator) values (".$uid.", ".$type.", 0, 0, \"".$_SERVER['REMOTE_USER']."\")";

			if (!mysql_query ($query))
				echo "<b>Konnte ich leider nicht anlegen: ".mysql_error ();
		}
		echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">";

		echo '
			<table><tr><th>Neuen Vorfall anlegen: <input type="hidden" name="id" value="'.$uid.'"><select name="type" size="1">';

		foreach ($incidents as $idx=>$this_inc)
			echo '<option value="'.$idx.'">'.$this_inc.'</option>';

		echo '</select></th><th>
		<input type="hidden" name="module" value="users"><input type="hidden" name="cmd" value="incidents">
		<input type="submit" name="newinc" value="Anlegen"></th></tr>';

		$query = "select * from incidents where uid1=".$uid;

		if (!($res = mysql_query ($query)))
		{
			echo "DB-Fehler :(".mysql_error();
		}
		else
		{
			if (!mysql_num_rows ($res))
			{
				echo "<tr><td colspan=\"3\"><b>Keine Vorfälle bisher</b></td></tr>";
			}
			else
			{
				echo '<tr><th>Wann</th><th>Vorfall</th><th>Admin</th></tr>';
				while ($row = mysql_fetch_array ($res))
				{
					echo '<tr><td>'.$row['stamp'].'</td><td><a href="'.$_SERVER['PHP_SELF'].'?module=users&cmd=incidents&id='.$uid.'&incid='.$row['incidentid'].'">'.$incidents[$row['type']].'</a></td><td>'.$row['creator'].'</td></tr>';
				}
			}
		}
		echo "</table></form>";
	}
	else
	{
		echo '<span id="error">Du darfst nicht sperren</span>';
	}
}

?>