PageRenderTime 79ms CodeModel.GetById 9ms RepoModel.GetById 0ms app.codeStats 0ms

/TBDev/installer_v4_1/staffpanel.php

https://github.com/cybernet/CyBerFuN-CoDeX
PHP | 347 lines | 265 code | 48 blank | 34 comment | 73 complexity | a477e1b47cc3507fd2ac3bc901b1f64f MD5 | raw file
Possible License(s): GPL-2.0
  1. <?php
  2. /****************************************************************\
  3. * Staff panel for the TBDEV source code *
  4. * -------------------------------------------------------------- *
  5. * An easy to config staff panel for different staff classes, *
  6. * with different options for each class, like add, edit, delete *
  7. * the pages and to log the actions. *
  8. * -------------------------------------------------------------- *
  9. * @author: Alex2005 for TBDEV.NET *
  10. * @copyright: Alex2005 *
  11. * @package: Staff Panel *
  12. * @category: Staff Tools *
  13. * @version: v1.10 04/07/2008 *
  14. * @license: GNU General Public License *
  15. \****************************************************************/
  16. include("include/bittorrent.php");
  17. require_once ("include/user_functions.php");
  18. require_once ("include/bbcode_functions.php");
  19. //require_once ("include/authenticate.php");
  20. dbconn();
  21. maxcoder();
  22. //systemcheck();
  23. if(!logged_in())
  24. {
  25. header("HTTP/1.0 404 Not Found");
  26. // moddifed logginorreturn by retro//Remember to change the following line to match your server
  27. print("<html><h1>Not Found</h1><p>The requested URL /{$_SERVER['PHP_SELF']} was not found on this server.</p><hr /><address>Apache/1.1.11 ".$SITENAME." Server at ".$_SERVER['SERVER_NAME']." Port 80</address></body></html>\n");
  28. die();
  29. }
  30. parked();
  31. // Check Permission
  32. if ($usergroups['canstaffpanel'] == 'no' OR $usergroups['canstaffpanel'] != 'yes') {
  33. stderr( "Sorry...", "You dont have permission to access the staff panel" );
  34. exit;
  35. }
  36. //begin staff secure, comment to turn off, uncomment to turn on//
  37. //secureip(UC_MODERATOR);
  38. //end of staff secure//
  39. /**
  40. * Staff classes config
  41. *
  42. * UC_XYZ : integer -> the name of the defined class
  43. *
  44. * Options for a selected class
  45. ** add : boolean -> enable/disable page adding
  46. ** edit : boolean -> enable/disable page editing
  47. ** delete : boolean -> enable/disable page deletion
  48. ** log : boolean -> enable/disable the loging of the actions
  49. *
  50. * @result $staff_classes array();
  51. */
  52. $staff_classes = array(
  53. UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
  54. UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
  55. UC_SYSOP => array('add' => false, 'edit' => true, 'delete' => true, 'log' => true),
  56. UC_DESIGNER => array('add' => false, 'edit' => true, 'delete' => true, 'log' => true),
  57. UC_CODER => array('add' => true, 'edit' => true, 'delete' => true, 'log' => true)
  58. );
  59. if (!isset($staff_classes[$CURUSER['class']]))
  60. stderr('Error', 'Access Denied!');
  61. $action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
  62. $id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
  63. $class_color = (function_exists('get_user_class_color') ? true : false);
  64. if ($action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
  65. {
  66. $sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');
  67. $res = mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' : '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
  68. $arr = mysql_fetch_assoc($res);
  69. if ($CURUSER['class'] < $arr['av_class'])
  70. stderr('Error', 'You are not allowed to delete this page.');
  71. if (!$sure)
  72. stderr('Sanity check', 'Are you sure you want to delete this page: "'.safechar($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&id='.$id.'&sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');
  73. mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
  74. if (mysql_affected_rows())
  75. {
  76. if ($staff_classes[$CURUSER['class']]['log'])
  77. write_log('staffaction', 'Page "'.$arr['page_name'].'"('.($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).($class_color ? '</font>' : '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
  78. header('Location: '.$_SERVER['PHP_SELF']);
  79. exit();
  80. }
  81. else
  82. stderr('Error', 'There was a database error, please retry.');
  83. }
  84. else if (($action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
  85. {
  86. $names = array('page_name', 'file_name', 'description', 'av_class');
  87. if ($action == 'edit')
  88. {
  89. $res = mysql_query('SELECT '.implode(', ', $names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
  90. $arr = mysql_fetch_assoc($res);
  91. }
  92. foreach ($names as $name)
  93. $$name = safechar((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' ? $arr[$name] : '')));
  94. if ($action == 'edit' && $CURUSER['class'] < $av_class)
  95. stderr('Error', 'You are not allowed to edit this page.');
  96. if ($_SERVER['REQUEST_METHOD'] == 'POST')
  97. {
  98. $errors = array();
  99. if (empty($page_name))
  100. $errors[] = 'The page name cannot be empty.';
  101. if (empty($file_name))
  102. $errors[] = 'The filename cannot be empty.';
  103. if (empty($description))
  104. $errors[] = 'The description cannot be empty.';
  105. if (!isset($staff_classes[$av_class]))
  106. $errors[] = 'The selected class is not a valid staff class.';
  107. if (preg_match('/.php/', $file_name))
  108. $errors[] = 'Please remove the ".php" extension from the filename.';
  109. if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/', $file_name))
  110. $errors[] = 'Inexistent php file.';
  111. if (strlen($page_name) < 4 && !empty($page_name))
  112. $errors[] = 'The page name is too short (min 4 chars).';
  113. if (strlen($page_name) > 30)
  114. $errors[] = 'The page name is too long (max 30 chars).';
  115. if (strlen($file_name) > 30)
  116. $errors[] = 'The filename is too long (max 30 chars).';
  117. if (strlen($description) > 100)
  118. $errors[] = 'The description is too long (max 100 chars).';
  119. if (empty($errors))
  120. {
  121. if ($action == 'add')
  122. {
  123. $res = mysql_query("INSERT INTO staffpanel (page_name, file_name, description, av_class, added_by, added) ".
  124. "VALUES (".implode(", ", array_map("sqlesc", array($page_name, $file_name, $description, (int)$av_class, (int)$CURUSER['id'], gmtime()))).")");
  125. if (!$res)
  126. {
  127. if (mysql_errno() == 1062)
  128. $errors[] = "This filename is already submited.";
  129. else
  130. $errors[] = "There was a database error, please retry.";
  131. }
  132. }
  133. else
  134. {
  135. $res = mysql_query("UPDATE staffpanel SET page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
  136. if (!$res)
  137. $errors[] = "There was a database error, please retry.";
  138. }
  139. if (empty($errors))
  140. {
  141. if ($staff_classes[$CURUSER['class']]['log'])
  142. write_log('staffaction', 'Page "'.$page_name.'"('.($class_color ? '<font color="#'.get_user_class_color($av_class).'">' : '').get_user_class_name($av_class).($class_color ? '</font>' : '').') in the staff panel was '.($action == 'add' ? 'added' : 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
  143. header('Location: '.$_SERVER['PHP_SELF']);
  144. exit();
  145. }
  146. }
  147. }
  148. stdhead('Staff Panel :: '.($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'); begin_main_frame();
  149. if (!empty($errors))
  150. {
  151. stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.', '<b>'.implode('<br />', $errors).'</b>');
  152. ?><br /><?php
  153. }
  154. ?>
  155. <form method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>'>
  156. <input type="hidden" name="action" value="<?php echo $action; ?>" />
  157. <?php
  158. if ($action == 'edit')
  159. {
  160. ?><input type="hidden" name="id" value="<?php echo $id; ?>" /><?php
  161. }
  162. ?>
  163. <table cellpadding="5" width="100%" align="center">
  164. <tr class="colhead">
  165. <td colspan="2"><?php echo ($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'; ?></td>
  166. </tr>
  167. <tr>
  168. <td class="rowhead" width="1%">Page name</td><td align='left'><input type='text' size=50 name='page_name' value="<?php echo $page_name; ?>" /></td>
  169. </tr>
  170. <tr>
  171. <td class="rowhead">Filename</td><td align='left'><input type='text' size=50 name='file_name' value="<?php echo $file_name; ?>" /><b>.php</b></td>
  172. </tr>
  173. <tr>
  174. <td class="rowhead">Description</td><td align='left'><input type='text' size=50 name='description' value="<?php echo $description; ?>" /></td>
  175. </tr>
  176. <tr>
  177. <td class="rowhead" nowrap="nowrap">Available for</td>
  178. <td align='left'>
  179. <select name='av_class'><?php
  180. foreach ($staff_classes as $class => $value)
  181. {
  182. if ($CURUSER['class'] < $class)
  183. continue;
  184. echo '<option'.($class_color? ' style="background-color:#'.get_user_class_color($class).';"' : '').' value="'.$class.'"'.($class == $av_class ? ' selected="selected"' : '').'>'.get_user_class_name($class).'</option>';
  185. }
  186. ?></select>
  187. </td>
  188. </tr>
  189. <tr>
  190. <td align="center" colspan="2">
  191. <table class="main">
  192. <tr>
  193. <td style="border:none;">
  194. <input type='Submit' value="Submit" /></form>
  195. </td>
  196. <td style="border:none;">
  197. <form method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>'><input type='Submit' value="Cancel" /></form>
  198. </td>
  199. </tr>
  200. </table>
  201. </td>
  202. </tr>
  203. </table>
  204. <?php
  205. end_main_frame(); stdfoot();
  206. }
  207. else
  208. {
  209. stdhead('Staff Panel'); begin_main_frame();
  210. ?><h1 align="center">Welcome <?php echo $CURUSER['username']; ?> to the Staff Panel!</h1><br /><?php
  211. if ($staff_classes[$CURUSER['class']]['add'])
  212. {
  213. stdmsg('Options', '<a href="'.$_SERVER['PHP_SELF'].'?action=add" title="Add a new page">Add a new page</a>');
  214. ?><br /><?php
  215. }
  216. $res = mysql_query('SELECT staffpanel.*, users.username '.
  217. 'FROM staffpanel '.
  218. 'LEFT JOIN users ON users.id = staffpanel.added_by '.
  219. 'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
  220. 'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE__, __LINE__);
  221. if (mysql_num_rows($res) > 0)
  222. {
  223. $db_classes = $unique_classes = $mysql_data = array();
  224. while ($arr = mysql_fetch_assoc($res))
  225. $mysql_data[] = $arr;
  226. foreach ($mysql_data as $key => $value)
  227. $db_classes[$value['av_class']][] = $value['av_class'];
  228. $i=1;
  229. foreach ($mysql_data as $key => $arr)
  230. {
  231. $end_table = (count($db_classes[$arr['av_class']]) == $i ? true : false);
  232. if (!in_array($arr['av_class'], $unique_classes))
  233. {
  234. $unique_classes[] = $arr['av_class'];
  235. ?>
  236. <table cellpadding="5" width="100%" align="center"<?php echo (!isset($staff_classes[$arr['av_class']]) ? 'style="background-color:#000000;"' : ''); ?>>
  237. <tr>
  238. <td colspan="4" align="center">
  239. <h2><?php echo ($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).' Panel'.($class_color ? '</font>' : ''); ?></h2>
  240. </td>
  241. </tr>
  242. <tr align="center">
  243. <td class="colhead" align="left" width="100%">Page name</td>
  244. <td class="colhead" nowrap="nowrap">Added by</td>
  245. <td class="colhead" nowrap="nowrap">Date added</td>
  246. <?php
  247. if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
  248. {
  249. ?><td class="colhead">Links</td><?php
  250. }
  251. ?>
  252. </tr>
  253. <?php
  254. }
  255. ?>
  256. <tr align="center">
  257. <td align="left">
  258. <a href="/<?php echo rawurlencode($arr['file_name']); ?>.php" title="<?php echo safechar($arr['page_name']); ?>"><?php echo safechar($arr['page_name']); ?></a><br /><font class="small"><?php echo safechar($arr['description']); ?></font>
  259. </td>
  260. <td>
  261. <a href="/userdetails.php?id=<?php echo (int)$arr['added_by']; ?>"><?php echo $arr['username']; ?></a>
  262. </td>
  263. <td nowrap="nowrap">
  264. <?php echo (function_exists('display_date_time') ? display_date_time(get_date_time($arr['added'])) : get_date_time($arr['added'])); ?><br /><font class="small"><?php echo get_elapsed_time($arr['added']); ?> ago</font>
  265. </td>
  266. <?php
  267. if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
  268. {
  269. ?>
  270. <td nowrap="nowrap">
  271. <?php
  272. if ($staff_classes[$CURUSER['class']]['edit'])
  273. {
  274. ?><b>[</b><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=edit&amp;id=<?php echo (int)$arr['id']; ?>" title="Edit">E</a><b>]</b><?php
  275. }
  276. if ($staff_classes[$CURUSER['class']]['delete'])
  277. {
  278. ?><b>[</b><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=delete&amp;id=<?php echo (int)$arr['id']; ?>" title="Delete">D</a><b>]</b><?php
  279. }
  280. ?>
  281. </td>
  282. <?php
  283. }
  284. ?>
  285. </tr>
  286. <?php
  287. $i++;
  288. if ($end_table)
  289. {
  290. $i=1;
  291. ?></table><br /><?php
  292. }
  293. }
  294. }
  295. else
  296. stdmsg('Sorry', 'Nothing found.');
  297. end_main_frame(); stdfoot();
  298. }
  299. ?>