API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 25th, 2017
527
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 55.51 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3.  
  4. // page header, and any additional required libraries
  5. require_once 'header.php';
  6. require_once 'libs/char_lib.php';
  7. // minimum permission to view page
  8. valid_login($action_permission['read']);
  9.  
  10. //########################################################################################################################
  11. // BROWSE USERS
  12. //########################################################################################################################
  13. function browse_users(&$sqlr, &$sqlc)
  14. {
  15.   global $output, $lang_global, $lang_user,
  16.     $mmfpm_db,
  17.     $action_permission, $user_lvl, $user_name,
  18.     $itemperpage, $showcountryflag, $expansion_select,
  19.     $gm_level_arr;
  20.  
  21.   $active_realm_id_pq = "0 as active_realm_id";
  22.  
  23.   $sqlm = new SQL;
  24.   $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
  25.  
  26.   //-------------------SQL Injection Prevention--------------------------------
  27.   $start = (isset($_GET['start'])) ? $sqlr->quote_smart($_GET['start']) : 0;
  28.   if (is_numeric($start)); else $start=0;
  29.  
  30.   $order_by = (isset($_GET['order_by'])) ? $sqlr->quote_smart($_GET['order_by']) : 'id';
  31.   if (preg_match('/^[_[:lower:]]{1,15}$/', $order_by)); else $order_by='id';
  32.  
  33.   $dir = (isset($_GET['dir'])) ? $sqlr->quote_smart($_GET['dir']) : 1;
  34.   if (preg_match('/^[01]{1}$/', $dir)); else $dir=1;
  35.  
  36.   $order_dir = ($dir) ? 'ASC' : 'DESC';
  37.   $dir = ($dir) ? 0 : 1;
  38.  
  39.   //-------------------Search--------------------------------------------------
  40.   $search_by = '';
  41.   $search_value = '';
  42.  
  43.  
  44.    $order_by2 = $order_by;
  45.     if ($order_by == 'gmlevel') {
  46.        $order_by = 'account_access.gmlevel';
  47.     }
  48.     elseif ($order_by == 'active_realm_id') {
  49.        $order_by = 'account.online';
  50.     }
  51.     else {
  52.        $order_by = 'account.'.$order_by2;
  53.        unset($order_by2);
  54.     }
  55.      // if we have a search request, if not we just return everything
  56.   if(isset($_GET['search_value']) && isset($_GET['search_by']))
  57.   {
  58.     // injection prevention
  59.     $search_value = $sqlr->quote_smart($_GET['search_value']);
  60.     $search_by = $sqlr->quote_smart($_GET['search_by']);
  61.     $search_menu = array('username', 'id', 'gmlevel', 'greater_gmlevel', 'email', 'joindate', 'last_ip', 'failed_logins', 'last_login', 'active_realm_id', 'banned', 'locked', 'expansion');
  62.    
  63.     if (in_array($search_by, $search_menu));
  64.     else $search_by = 'username';
  65.     unset($search_menu);
  66.  
  67.     if ($search_by == 'active_realm_id') { $search_by = 'online'; }
  68.     // special search cases
  69.     // developer note: 'if else' is always faster then 'switch case'
  70.     if ($search_by === 'gmlevel')
  71.     {
  72.       $sql_query = 'SELECT `account_access`.`gmlevel`, `account`.`username`, `account`.`id`, `account`.`expansion`, `account`.`email`, `account`.`joindate`, `account`.`failed_logins`, `account`.`locked`, `account`.`last_login`, `account`.`online`, `account`.`last_ip` FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account_access.gmlevel = '.$search_value.' ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.'';
  73.       $query_1 = $sqlr->query('SELECT count(*) FROM account_access WHERE gmlevel = "%'.$search_value.'%"');
  74.     }
  75.     elseif ($search_by === 'greater_gmlevel')
  76.     {
  77.       $sql_query = 'SELECT `account_access`.`gmlevel`, `account`.`username`, `account`.`id`, `account`.`expansion`, `account`.`email`, `account`.`joindate`, `account`.`failed_logins`, `account`.`locked`, `account`.`last_login`, `account`.`online`, `account`.`last_ip` FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account_access.gmlevel < '.$search_value.' ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.'';
  78.       $query_1 = $sqlr->query('SELECT count(*) FROM account_access WHERE gmlevel < "%'.$search_value.'%"');
  79.     }
  80.     elseif ($search_by === 'banned')
  81.     {
  82.       $sql_query = 'SELECT `account_access`.`gmlevel`, `account`.`username`, `account`.`id`, `account`.`expansion`, `account`.`email`, `account`.`joindate`, `account`.`failed_logins`, `account`.`locked`, `account`.`last_login`, `account`.`online`, `account`.`last_ip` FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account.id = 0 ';
  83.       $count_query = 'SELECT count(*) FROM account WHERE id = 0 ';
  84.       $que = $sqlr->query('SELECT id FROM account_banned');
  85.       while ($banned = $sqlr->fetch_assoc($que))
  86.       {
  87.         $sql_query .= 'OR id = '.$banned['id'].'';
  88.         $count_query .= 'OR id = '.$banned['id'].'';
  89.       }
  90.       $query_1 = $sqlr->query($count_query);
  91.       unset($count_query);
  92.     }
  93.     elseif ($search_by === 'failed_logins')
  94.     {
  95.       $sql_query = 'SELECT `account_access`.`gmlevel`, `account`.`username`, `account`.`id`, `account`.`expansion`, `account`.`email`, `account`.`joindate`, `account`.`failed_logins`, `account`.`locked`, `account`.`last_login`, `account`.`online`, `account`.`last_ip` FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE failed_logins > '.$search_value.' ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.'';
  96.       $query_1 = $sqlr->query('SELECT count(*) FROM account WHERE failed_logins > '.$search_value.'');
  97.     }
  98.     else
  99.     {
  100.       // default search case
  101.       $sql_query = 'SELECT `account_access`.`gmlevel`, `account`.`username`, `account`.`id`, `account`.`expansion`, `account`.`email`, `account`.`joindate`, `account`.`failed_logins`, `account`.`locked`, `account`.`last_login`, `account`.`online`, `account`.`last_ip` FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE '.$search_by.' LIKE "%'.$search_value.'%" ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.'';
  102.       $query_1 = $sqlr->query('SELECT count(*) FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE '.$search_by.' LIKE "%'.$search_value.'%"');
  103.     }
  104.     $query = $sqlr->query($sql_query);
  105.   }
  106.   else
  107.   {
  108.     // get total number of items
  109.     $query_1 = $sqlr->query('SELECT count(*) FROM account');
  110.     $query = $sqlr->query('SELECT `account_access`.`gmlevel`, `account`.* FROM account LEFT JOIN account_access ON account.id=account_access.id ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.'');
  111.   }
  112.   // this is for multipage support
  113.   $all_record = $sqlr->result($query_1,0);
  114.   unset($query_1);      
  115.  
  116.   //==========================top tage navigaion starts here========================
  117.   // we start with a lead of 10 spaces,
  118.   //  because last line of header is an opening tag with 8 spaces
  119.   //  keep html indent in sync, so debuging from browser source would be easy to read
  120.   $output .='
  121.          <!-- start of user.php -->
  122.          <script type="text/javascript" src="libs/js/check.js"></script>
  123.          <center>
  124.            <table class="top_hidden">
  125.              <tr>
  126.                <td>';
  127.   if ($user_lvl >= $action_permission['insert'])
  128.   {
  129.                   makebutton($lang_user['add_acc'], 'user.php?action=add_new', 130);
  130.   // backup is broken
  131.   //              makebutton($lang_user['backup'], 'backup.php', 130);
  132.   }
  133.  
  134.   // cleanup unknown working condition
  135.   //if($user_lvl >= $action_permission['delete'])
  136.   //              makebutton($lang_user['cleanup'], 'cleanup.php', 130);
  137.                   makebutton($lang_global['back'], 'javascript:window.history.back()', 130);
  138.   if ($search_by && $search_value)
  139.   {
  140.                   makebutton($lang_user['user_list'], 'user.php', 130);
  141.   }
  142.   $output .= '
  143.                </td>
  144.                <td align="right" width="25%" rowspan="2">';
  145.  
  146.   // multi page links
  147.   $output .=
  148.                   $lang_user['tot_acc'].' : '.$all_record.'<br /><br />'.
  149.                   generate_pagination('user.php?order_by='.$order_by.'&dir='.(($dir) ? 0 : 1).( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'', $all_record, $itemperpage, $start);
  150.   // this part for search
  151.   $output .= '
  152.                </td>
  153.              </tr>
  154.              <tr align="left">
  155.                <td>
  156.                  <table class="hidden">
  157.                    <tr>
  158.                      <td>
  159.                        <form action="user.php" method="get" name="form">
  160.                          <input type="hidden" name="error" value="3" />
  161.                          <input type="text" size="24" maxlength="50" name="search_value" value="'.$search_value.'" />
  162.                          <select name="search_by">
  163.                            <option value="username"'.($search_by === 'username' ? ' selected="selected"' : '').'>'.$lang_user['by_name'].'</option>
  164.                            <option value="id"'.($search_by === 'id' ? ' selected="selected"' : '').'>'.$lang_user['by_id'].'</option>
  165.                            <option value="gmlevel"'.($search_by === 'gmlevel' ? ' selected="selected"' : '').'>'.$lang_user['by_gm_level'].'</option>
  166.                            <option value="greater_gmlevel"'.($search_by === 'greater_gmlevel' ? ' selected="selected"' : '').'>'.$lang_user['greater_gm_level'].'</option>
  167.                            <option value="expansion"'.($search_by === 'expansion' ? ' selected="selected"' : '').'>'.$lang_user['by_expansion'].'</option>
  168.                            <option value="email"'.($search_by === 'email' ? ' selected="selected"' : '').'>'.$lang_user['by_email'].'</option>
  169.                            <option value="joindate"'.($search_by === 'joindate' ? ' selected="selected"' : '').'>'.$lang_user['by_join_date'].'</option>
  170.                            <option value="last_ip"'.($search_by === 'last_ip' ? ' selected="selected"' : '').'>'.$lang_user['by_ip'].'</option>
  171.                            <option value="failed_logins"'.($search_by === 'failed_logins' ? ' selected="selected"' : '').'>'.$lang_user['by_failed_loggins'].'</option>
  172.                            <option value="last_login"'.($search_by === 'last_login' ? ' selected="selected"' : '').'>'.$lang_user['by_last_login'].'</option>
  173.                            <option value="active_realm_id"'.($search_by === 'active_realm_id' ? ' selected="selected"' : '').'>'.$lang_user['by_online'].'</option>
  174.                            <option value="locked"'.($search_by === 'locked' ? ' selected="selected"' : '').'>'.$lang_user['by_locked'].'</option>
  175.                            <option value="banned"'.($search_by === 'banned' ? ' selected="selected"' : '').'>'.$lang_user['by_banned'].'</option>
  176.                          </select>
  177.                        </form>
  178.                      </td>
  179.                      <td>';
  180.                        makebutton($lang_global['search'], 'javascript:do_submit()',80);
  181.   $output .= '
  182.                      </td>
  183.                    </tr>
  184.                  </table>
  185.                </td>
  186.              </tr>
  187.            </table>';
  188.   //==========================top tage navigaion ENDS here ========================
  189.   $output .= '
  190.            <form method="get" action="user.php" name="form1">
  191.              <input type="hidden" name="action" value="del_user" />
  192.              <input type="hidden" name="start" value="'.$start.'" />
  193.              <input type="hidden" name="backup_op" value="0"/>
  194.              <table class="lined">
  195.                <tr>';
  196.   // column headers, with links for sorting
  197.   // first column is the  selection check box
  198.   if($user_lvl >= $action_permission['insert'])
  199.     $output.= '
  200.                  <th width="1%">
  201.                    <input name="allbox" type="checkbox" value="Check All" onclick="CheckAll(document.form1);" />
  202.                  </th>';
  203.   else
  204.     $output .= '
  205.                  <th width="1%"></th>';
  206.   $output .='
  207.                  <th width="1%"><a href="user.php?order_by=id&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='id' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['id'].'</a></th>
  208.                  <th width="1%"><a href="user.php?order_by=username&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='username' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['username'].'</a></th>
  209.                  <th width="1%"><a href="user.php?order_by=gmlevel&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='gmlevel' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['gm_level'].'</a></th>';
  210.   if ($expansion_select)
  211.     $output .='
  212.                  <th width="1%"><a href="user.php?order_by=expansion&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='expansion' ? ' class="'.$order_dir.'"' : '').'>EXP</a></th>';
  213.   $output .='
  214.                  <th width="1%"><a href="user.php?order_by=email&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='email' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['email'].'</a></th>
  215.                  <th width="1%"><a href="user.php?order_by=joindate&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='joindate' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['join_date'].'</a></th>
  216.                  <th width="1%"><a href="user.php?order_by=last_ip&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='last_ip' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['ip'].'</a></th>
  217.                  <th width="1%"><a href="user.php?order_by=failed_logins&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='failed_logins' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['failed_logins'].'</a></th>
  218.                  <th width="1%"><a href="user.php?order_by=locked&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='locked' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['locked'].'</a></th>
  219.                  <th width="1%"><a href="user.php?order_by=last_login&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='last_login' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['last_login'].'</a></th>
  220.                  <th width="1%"><a href="user.php?order_by=active_realm_id&start='.$start.( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'&dir='.$dir.'"'.($order_by==='active_realm_id' ? ' class="'.$order_dir.'"' : '').'>'.$lang_user['online'].'</a></th>';
  221.   if ($showcountryflag)
  222.   {
  223.     require_once 'libs/misc_lib.php';
  224.     $output .= '
  225.                  <th width="1%">'.$lang_global['country'].'</th>';
  226.   }
  227.   $output .= '
  228.                </tr>';
  229.  
  230.  
  231.   //---------------Page Specific Data Starts Here--------------------------
  232.   while ($data = $sqlr->fetch_assoc($query))
  233.   {
  234.     $data['gmlevel'] = (!is_null($data['gmlevel'])) ? $data['gmlevel'] : 0;
  235.     if (($user_lvl >= $data['gmlevel'])||($user_name === $data['username']))
  236.     {
  237.       $output .= '
  238.                <tr>';
  239.       if ($user_lvl >= $action_permission['insert'])
  240.         $output .= '
  241.                  <td><input type="checkbox" name="check[]" value="'.$data['id'].'" onclick="CheckCheckAll(document.form1);" /></td>';
  242.       else
  243.         $output .= '
  244.                  <td></td>';
  245.       $output .= '
  246.                  <td>'.$data['id'].'</td>
  247.                  <td>
  248.                    <a href="user.php?action=edit_user&error=11&id='.$data['id'].'">'.$data['username'].'</a>
  249.                  </td>
  250.                  <td>'.$gm_level_arr[$data['gmlevel']][2].'</td>';
  251.       if ($expansion_select)
  252.       {
  253.         $exp_lvl_arr = id_get_exp_lvl();
  254.         $output .= '
  255.                  <td>'.$exp_lvl_arr[$data['expansion']][2].'</td>';
  256.         unset($exp_lvl_arr);
  257.       }
  258.       if ($user_lvl >= $action_permission['update']||($user_name === $data['username']))
  259.         $output .= '
  260.                  <td><a href="mailto:'.$data['email'].'">'.substr($data['email'],0,15).'</a></td>';
  261.       else
  262.         $output .= '
  263.                  <td>***@***.***</td>';
  264.       $output .= '
  265.                  <td class="small">'.$data['joindate'].'</td>';
  266.       if (($user_lvl >= $action_permission['update'])||($user_name === $data['username']))
  267.         $output .= '
  268.                  <td>'.$data['last_ip'].'</td>';
  269.       else
  270.         $output .= '
  271.                  <td>*******</td>';
  272.       $output .= '
  273.                  <td>'.(($data['failed_logins']) ? $data['failed_logins'] : '-').'</td>
  274.                  <td>'.(($data['locked']) ? $lang_global['yes_low'] : '-').'</td>
  275.                  <td class="small">'.$data['last_login'].'</td>';
  276.                    $output .= '<td>'.(($data['online']) ? '<img src="img/up.gif" alt="" />' : '-').'</td>';
  277.       if ($showcountryflag)
  278.       {
  279.         $country = misc_get_country_by_ip($data['last_ip'], $sqlm);
  280.         $output .= '
  281.                  <td>'.(($country['code']) ? '<img src="img/flags/'.$country['code'].'.png" onmousemove="toolTip(\''.($country['country']).'\', \'item_tooltip\')" onmouseout="toolTip()" alt="" />' : '-').'</td>';
  282.       }
  283.       $output .= '
  284.                </tr>';
  285.     }
  286.     else
  287.     {
  288.       $output .= '
  289.                <tr>
  290.                  <td>*</td><td>***</td><td>You</td><td>Have</td><td>No</td>
  291.                  <td class=\"small\">Permission</td><td>to</td><td>View</td><td>this</td><td>Data</td><td>***</td>';
  292.     if ($expansion_select)
  293.       $output .= '
  294.                  <td>*</td>';
  295.     if ($showcountryflag)
  296.       $output .= '
  297.                  <td>*</td>';
  298.     $output .= '
  299.                </tr>';
  300.     }
  301.   }
  302.   $output .= '
  303.                <tr>
  304.                  <td  colspan="';
  305.   if ($expansion_select || $showcountryflag)
  306.   {
  307.     if ($expansion_select && $showcountryflag)
  308.       $output .= '13';
  309.     else
  310.       $output .= '12';
  311.   }
  312.   else
  313.     $output .= '11';
  314.   $output .= '" class="hidden" align="right" width="25%">';
  315.   $output .= generate_pagination('user.php?order_by='.$order_by.'&dir='.(($dir) ? 0 : 1).( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'', $all_record, $itemperpage, $start);
  316.   $output .= '
  317.                  </td>
  318.                </tr>
  319.                <tr>
  320.                  <td colspan="8" align="left" class="hidden">';
  321.   if($user_lvl >= $action_permission['delete'])
  322.                     makebutton($lang_user['del_selected_users'], 'javascript:do_submit(\'form1\',0)" type="wrn',230);
  323. // backup is broken
  324. //if($user_lvl >= $action_permission['insert'])
  325. //                  makebutton($lang_user['backup_selected_users'], 'javascript:do_submit(\'form1\',1)',230);
  326.   $output .= '
  327.                  </td>
  328.                  <td colspan="';
  329.   if ($expansion_select || $showcountryflag)
  330.   {
  331.     if ($expansion_select && $showcountryflag)
  332.       $output .= '5';
  333.     else
  334.       $output .= '4';
  335.   }
  336.   else
  337.     $output .= '3';
  338.   $output .= '" align="right" class="hidden">'.$lang_user['tot_acc'].' : '.$all_record.'</td>
  339.                </tr>
  340.              </table>
  341.            </form>
  342.            <br />
  343.          </center>
  344.          <!-- end of user.php -->';
  345.  
  346. }
  347.  
  348.  
  349. //#######################################################################################################
  350. //  DELETE USER
  351. //#######################################################################################################
  352. function del_user()
  353. {
  354.   global $lang_global, $lang_user, $output, $realm_db, $action_permission;
  355.   valid_login($action_permission['delete']);
  356.   if(isset($_GET['check'])) $check = $_GET['check'];
  357.     else redirect("user.php?error=1");
  358.  
  359.   $pass_array = "";
  360.  
  361.   //skip to backup
  362.   if (isset($_GET['backup_op'])&&($_GET['backup_op'] == 1))
  363.   {
  364.     for ($i=0; $i<count($check); $i++)
  365.     {
  366.       $pass_array .= "&check%5B%5D=$check[$i]";
  367.     }
  368.     redirect("user.php?action=backup_user$pass_array");
  369.   }
  370.  
  371.   $output .= "
  372.        <center>
  373.          <img src=\"img/warn_red.gif\" width=\"48\" height=\"48\" alt=\"\" />
  374.          <h1><font class=\"error\">{$lang_global['are_you_sure']}</font></h1>
  375.          <br />
  376.          <font class=\"bold\">{$lang_user['acc_ids']}: ";
  377.  
  378.   $sqlr = new SQL;
  379.   $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  380.  
  381.   for ($i=0; $i<count($check); $i++)
  382.   {
  383.     $username = $sqlr->result($sqlr->query("SELECT username FROM `account` WHERE id = {$check[$i]}"),0);
  384.     $output .= "
  385.          <a href=\"user.php?action=edit_user&id=$check[$i]\" target=\"_blank\">$username, </a>";
  386.     $pass_array .= "&check%5B%5D=$check[$i]";
  387.   }
  388.  
  389.   $output .= "
  390.          <br />{$lang_global['will_be_erased']}</font>
  391.          <br /><br />
  392.          <table width=\"300\" class=\"hidden\">
  393.            <tr>
  394.              <td>";
  395.                 makebutton($lang_global['yes'], "user.php?action=dodel_user$pass_array\" type=\"wrn" ,130);
  396.                 makebutton($lang_global['no'], "user.php\" type=\"def" ,130);
  397.   $output .= "
  398.              </td>
  399.            </tr>
  400.          </table>
  401.        <br />
  402.        </center>
  403. ";
  404.  
  405. }
  406.  
  407.  
  408. //#####################################################################################################
  409. //  DO DELETE USER
  410. //#####################################################################################################
  411. function dodel_user()
  412. {
  413.   global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl,
  414.     $tab_del_user_characters, $tab_del_user_realmd, $action_permission;
  415.   valid_login($action_permission['delete']);
  416.  
  417.   $sqlr = new SQL;
  418.   $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  419.  
  420.   if(isset($_GET['check']))
  421.     $check = $sqlr->quote_smart($_GET['check']);
  422.   else
  423.     redirect("user.php?error=1");
  424.  
  425.   $deleted_acc = 0;
  426.   $deleted_chars = 0;
  427.   require_once("libs/del_lib.php");
  428.  
  429.   for ($i=0; $i<count($check); $i++)
  430.   {
  431.     if ($check[$i] != "" )
  432.     {
  433.       list($flag,$del_char) = del_acc($check[$i]);
  434.       if ($flag)
  435.       {
  436.         $deleted_acc++;
  437.         $deleted_chars += $del_char;
  438.       }
  439.     }
  440.   }
  441.   $output .= "
  442.        <center>";
  443.   if ($deleted_acc == 0)
  444.     $output .= "
  445.          <h1><font class=\"error\">{$lang_user['no_acc_deleted']}</font></h1>";
  446.   else
  447.   {
  448.     $output .= "
  449.          <h1><font class=\"error\">{$lang_user['total']} <font color=blue>$deleted_acc</font> {$lang_user['acc_deleted']}</font><br /></h1>";
  450.     $output .= "
  451.          <h1><font class=\"error\">{$lang_user['total']} <font color=blue>$deleted_chars</font> {$lang_user['char_deleted']}</font></h1>";
  452.   }
  453.   $output .= "
  454.          <br /><br />";
  455.   $output .= "
  456.          <table class=\"hidden\">
  457.            <tr>
  458.              <td>";
  459.                 makebutton($lang_user['back_browsing'], "user.php", 230);
  460.   $output .= "
  461.              </td>
  462.            </tr>
  463.          </table>
  464.          <br />
  465.        </center>
  466. ";
  467.  
  468.  
  469. }
  470.  
  471.  
  472. //#####################################################################################################
  473. //  DO BACKUP USER
  474. //#####################################################################################################
  475. function backup_user()
  476. {
  477.   global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $backup_dir, $action_permission;
  478.   valid_login($action_permission['insert']);
  479.  
  480.   $sql = new SQL;
  481.   $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  482.  
  483.   if(isset($_GET['check'])) $check = $sql->quote_smart($_GET['check']);
  484.     else redirect("user.php?error=1");
  485.  
  486.   require_once("libs/tab_lib.php");
  487.  
  488.     $subdir = "$backup_dir/accounts/".date("m_d_y_H_i_s")."_partial";
  489.     mkdir($subdir, 0750);
  490.  
  491.     for ($t=0; $t<count($check); $t++)
  492.     {
  493.     if ($check[$t] != "" )
  494.     {
  495.       $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  496.       $query = $sql->query("SELECT id FROM account WHERE id = $check[$t]");
  497.       $acc = $sql->fetch_array($query);
  498.       $file_name_new = $acc[0]."_{$realm_db['name']}.sql";
  499.       $fp = fopen("$subdir/$file_name_new", 'w') or die (error($lang_backup['file_write_err']));
  500.       fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n")or die (error($lang_backup['file_write_err']));
  501.       fwrite($fp, "USE {$realm_db['name']};\n\n")or die (error($lang_backup['file_write_err']));
  502.       foreach ($tab_backup_user_realmd as $value) {
  503.       $acc_query = $sql->query("SELECT * FROM $value[0] WHERE $value[1] = $acc[0]");
  504.       $num_fields = $sql->num_fields($acc_query);
  505.       $numrow = $sql->num_rows($acc_query);
  506.       $result = "-- Dumping data for $value[0] ".date("m.d.y_H.i.s")."\n";
  507.       $result .= "LOCK TABLES $value[0] WRITE;\n";
  508.       $result .= "DELETE FROM $value[0] WHERE $value[1] = $acc[0];\n";
  509.  
  510.       if ($numrow)
  511.       {
  512.         $result .= "INSERT INTO $value[0] (";
  513.         for($count = 0; $count < $num_fields; $count++)
  514.         {
  515.           $result .= "`".$sql->field_name($acc_query,$count)."`";
  516.           if ($count < ($num_fields-1)) $result .= ",";
  517.         }
  518.         $result .= ") VALUES \n";
  519.         for ($i =0; $i<$numrow; $i++)
  520.         {
  521.           $result .= "\t(";
  522.           $row = $sql->fetch_row($acc_query);
  523.           for($j=0; $j<$num_fields; $j++)
  524.           {
  525.             $row[$j] = addslashes($row[$j]);
  526.             $row[$j] = ereg_replace("\n","\\n",$row[$j]);
  527.             if (isset($row[$j]))
  528.             {
  529.               if ($sql->field_type($acc_query,$j) == "int")
  530.                 $result .= "$row[$j]";
  531.               else
  532.                 $result .= "'$row[$j]'" ;
  533.             }
  534.             else
  535.               $result .= "''";
  536.             if ($j<($num_fields-1))
  537.               $result .= ",";
  538.             }
  539.             if ($i < ($numrow-1))
  540.               $result .= "),\n";
  541.           }
  542.           $result .= ");\n";
  543.         }
  544.         $result .= "UNLOCK TABLES;\n";
  545.         $result .= "\n";
  546.         fwrite($fp, $result)or die (error($lang_backup['file_write_err']));
  547.       }
  548.       fclose($fp);
  549.  
  550.       foreach ($characters_db as $db)
  551.       {
  552.         $file_name_new = $acc[0]."_{$db['name']}.sql";
  553.         $fp = fopen("$subdir/$file_name_new", 'w') or die (error($lang_backup['file_write_err']));
  554.         fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n")or die (error($lang_backup['file_write_err']));
  555.         fwrite($fp, "USE {$db['name']};\n\n")or die (error($lang_backup['file_write_err']));
  556.  
  557.         $sql->connect($db['addr'], $db['user'], $db['pass'], $db['name']);
  558.         $all_char_query = $sql->query("SELECT guid,name FROM `characters` WHERE account = $acc[0]");
  559.  
  560.         while ($char = $sql->fetch_array($all_char_query))
  561.         {
  562.           fwrite($fp, "-- Dumping data for character $char[1]\n")or die (error($lang_backup['file_write_err']));
  563.           foreach ($tab_backup_user_characters as $value)
  564.           {
  565.             $char_query = $sql->query("SELECT * FROM $value[0] WHERE $value[1] = $char[0]");
  566.             $num_fields = $sql->num_fields($char_query);
  567.             $numrow = $sql->num_rows($char_query);
  568.             $result = "LOCK TABLES $value[0] WRITE;\n";
  569.             $result .= "DELETE FROM $value[0] WHERE $value[1] = $char[0];\n";
  570.             if ($numrow)
  571.             {
  572.               $result .= "INSERT INTO $value[0] (";
  573.               for($count = 0; $count < $num_fields; $count++)
  574.               {
  575.                 $result .= "`".$sql->field_name($char_query,$count)."`";
  576.                 if ($count < ($num_fields-1)) $result .= ",";
  577.               }
  578.               $result .= ") VALUES \n";
  579.               for ($i =0; $i<$numrow; $i++)
  580.               {
  581.                 $result .= "\t(";
  582.                 $row = $sql->fetch_row($char_query);
  583.                 for($j=0; $j<$num_fields; $j++)
  584.                 {
  585.                   $row[$j] = addslashes($row[$j]);
  586.                   $row[$j] = ereg_replace("\n","\\n",$row[$j]);
  587.                   if (isset($row[$j]))
  588.                   {
  589.                     if ($sql->field_type($char_query,$j) == "int")
  590.                       $result .= "$row[$j]";
  591.                     else
  592.                       $result .= "'$row[$j]'" ;
  593.                   }
  594.                   else
  595.                     $result .= "''";
  596.                   if ($j<($num_fields-1))
  597.                     $result .= ",";
  598.                 }
  599.                 if ($i < ($numrow-1))
  600.                   $result .= "),\n";
  601.               }
  602.               $result .= ");\n";
  603.             }
  604.             $result .= "UNLOCK TABLES;\n";
  605.             $result .= "\n";
  606.             fwrite($fp, $result)or die (error($lang_backup['file_write_err']));
  607.           }
  608.         }
  609.         fclose($fp);
  610.       }
  611.     }
  612.   }
  613.   redirect("user.php?error=15");
  614. }
  615.  
  616.  
  617. //#######################################################################################################
  618. //  ADD NEW USER
  619. //#######################################################################################################
  620. function add_new()
  621. {
  622.   global $lang_global, $lang_user, $output, $action_permission, $expansion_select;
  623.   valid_login($action_permission['insert']);
  624.   $output .= "
  625.        <center>
  626.          <script type=\"text/javascript\" src=\"libs/js/sha1.js\"></script>
  627.          <script type=\"text/javascript\">
  628.            // <![CDATA[
  629.              function do_submit_data ()
  630.              {
  631.                if (document.form.new_pass1.value != document.form.new_pass2.value)
  632.                {
  633.                  alert('{$lang_user['nonidentical_passes']}');
  634.                  return;
  635.                }
  636.                else
  637.                {
  638.                  document.form.pass.value = hex_sha1(document.form.new_user.value.toUpperCase()+':'+document.form.new_pass1.value.toUpperCase());
  639.                  document.form.new_pass1.value = '0';
  640.                  document.form.new_pass2.value = '0';
  641.                  do_submit();
  642.                }
  643.              }
  644.            // ]]>
  645.          </script>
  646.          <fieldset style=\"width: 550px;\">
  647.            <legend>{$lang_user['create_new_acc']}</legend>
  648.            <form method=\"get\" action=\"user.php\" name=\"form\">
  649.              <input type=\"hidden\" name=\"pass\" value=\"\" maxlength=\"256\" />
  650.              <input type=\"hidden\" name=\"action\" value=\"doadd_new\" />
  651.              <table class=\"flat\">
  652.                <tr>
  653.                  <td>{$lang_user['username']}</td>
  654.                  <td><input type=\"text\" name=\"new_user\" size=\"24\" maxlength=\"15\" value=\"New_Account\" /></td>
  655.                </tr>
  656.                <tr>
  657.                  <td>{$lang_user['password']}</td>
  658.                  <td><input type=\"text\" name=\"new_pass1\" size=\"24\" maxlength=\"25\" value=\"123456\" /></td>
  659.                </tr>
  660.                <tr>
  661.                  <td>{$lang_user['confirm']}</td>
  662.                  <td><input type=\"text\" name=\"new_pass2\" size=\"24\" maxlength=\"25\" value=\"123456\" /></td>
  663.                </tr>
  664.                <tr>
  665.                  <td>{$lang_user['email']}</td>
  666.                  <td><input type=\"text\" name=\"new_mail\" size=\"24\" maxlength=\"225\" value=\"none@mail.com\" /></td>
  667.                </tr>
  668.                <tr>
  669.                  <td>{$lang_user['locked']}</td>
  670.                  <td><input type=\"checkbox\" name=\"new_locked\" value=\"1\" /></td>
  671.                </tr>";
  672.   if ( $expansion_select )
  673.     $output .= "
  674.                <tr>
  675.                  <td>{$lang_user['expansion_account']}</td>
  676.                  <td>
  677.                    <select name=\"new_expansion\">
  678.                      <option value=\"2\">{$lang_user['wotlk']}</option>
  679.                      <option value=\"1\">{$lang_user['tbc']}</option>
  680.                      <option value=\"0\">{$lang_user['classic']}</option>
  681.                    </select>
  682.                  </td>
  683.                </tr>";
  684.   $output .="
  685.                <tr>
  686.                  <td>";
  687.                     makebutton($lang_user['create_acc'], "javascript:do_submit_data()\" type=\"wrn",130);
  688.   $output .= "
  689.                  </td>
  690.                  <td>";
  691.                     makebutton($lang_global['back'], "javascript:window.history.back()\" type=\"def",130);
  692.   $output .= "
  693.                  </td>
  694.                </tr>
  695.              </table>
  696.            </form>
  697.          </fieldset>
  698.          <br /><br />
  699.        </center>
  700. ";
  701. }
  702.  
  703.  
  704.  
  705. //#########################################################################################################
  706. // DO ADD NEW USER
  707. //#########################################################################################################
  708. function doadd_new()
  709. {
  710.   global $lang_global, $realm_db, $action_permission;
  711.   valid_login($action_permission['insert']);
  712.  
  713.   if ( empty($_GET['new_user']) || empty($_GET['pass']) )
  714.     redirect("user.php?action=add_new&error=4");
  715.  
  716.   $sqlc = new SQL;
  717.   $sqlc->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  718.  
  719.   $new_user = $sqlc->quote_smart(trim($_GET['new_user']));
  720.   $pass = $sqlc->quote_smart($_GET['pass']);
  721.  
  722.   //make sure username/pass at least 4 chars long and less than max
  723.   if ((strlen($new_user) < 4) || (strlen($new_user) > 15))
  724.     redirect("user.php?action=add_new&error=8");
  725.   require_once("libs/valid_lib.php");
  726.   //make sure it doesnt contain non english chars.
  727.   if (!valid_alphabetic($new_user))
  728.     redirect("user.php?action=add_new&error=9");
  729.   $result = $sqlc->query("SELECT username FROM account WHERE username = '$new_user'");
  730.   //there is already someone with same username
  731.   if ($sqlc->num_rows($result))
  732.     redirect("user.php?action=add_new&error=7");
  733.   else
  734.     $last_ip = "0.0.0.0";
  735.   $new_mail = (isset($_GET['new_mail'])) ? $sqlc->quote_smart(trim($_GET['new_mail'])) : NULL;
  736.   $locked = (isset($_GET['new_locked'])) ? $sqlc->quote_smart($_GET['new_locked']) : 0;
  737.   $expansion = (isset($_GET['new_expansion'])) ? $sqlc->quote_smart($_GET['new_expansion']) : 0;
  738.   $result = $sqlc->query("INSERT INTO account (username,sha_pass_hash,email, joindate,last_ip,failed_logins,locked,last_login,expansion)
  739.                            VALUES ('$new_user','$pass','$new_mail',now() ,'$last_ip',0, $locked ,NULL, $expansion)");
  740.   if ($result)
  741.     redirect("user.php?error=5");
  742.  
  743. }
  744.  
  745.  
  746. //###########################################################################################################
  747. //  EDIT USER
  748. //###########################################################################################################
  749. function edit_user()
  750. {
  751.   global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $mmfpm_db, $user_lvl, $user_name,
  752.    $gm_level_arr, $action_permission, $expansion_select, $developer_test_mode, $multi_realm_mode, $server;
  753.  
  754.   $active_realm_id_pq = "0 as active_realm_id";
  755.  
  756.  
  757.   if (empty($_GET['id'])) redirect("user.php?error=10");
  758.  
  759.   $sqlr = new SQL;
  760.   $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  761.   $sqlm = new SQL;
  762.   $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
  763.   $sqlc = new SQL;
  764.   $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
  765.  
  766.   $id = $sqlr->quote_smart($_GET['id']);
  767.  
  768.   $result = $sqlr->query("SELECT `account_access`.`gmlevel`, `account`.* FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account.id = '$id'");
  769.   $data = $sqlr->fetch_assoc($result);
  770.  
  771.   $refguid = $sqlm->fetch_assoc($sqlm->query('SELECT InvitedBy FROM point_system_invites WHERE PlayersAccount = '.$data['id'].''));
  772.   $refguid = $refguid['InveitedBy'];
  773.   $referred_by = $sqlc->fetch_assoc($sqlc->query("SELECT name FROM characters WHERE guid = '$refguid'"));
  774.   unset($refguid);
  775.   $referred_by = $referred_by['name'];
  776.  
  777.   if ($sqlr->num_rows($result))
  778.   {
  779.     $output .= '
  780.        <center>
  781.          <script type="text/javascript" src="libs/js/sha1.js"></script>
  782.          <script type="text/javascript">
  783.            // <![CDATA[
  784.              function do_submit_data ()
  785.              {
  786.                if ((document.form.username.value != "'.$data['username'].'") && (document.form.new_pass.value == "******"))
  787.                {
  788.                  alert("If you are changing Username, The password must be changed too.");
  789.                  return;
  790.                }
  791.                else
  792.                {
  793.                  document.form.pass.value = hex_sha1(document.form.username.value.toUpperCase()+":"+document.form.new_pass.value.toUpperCase());
  794.                  document.form.new_pass.value = "0";
  795.                  do_submit();
  796.                }
  797.              }
  798.            // ]]>
  799.          </script>
  800.          <fieldset style="width: 550px;">
  801.            <legend>'.$lang_user['edit_acc'].'</legend>
  802.            <form method="post" action="user.php?action=doedit_user" name="form">
  803.            <input type="hidden" name="pass" value="" maxlength="256" />
  804.            <input type="hidden" name="id" value="'.$id.'" />
  805.            <table class="flat">
  806.              <tr>
  807.                <td>'.$lang_user['id'].'</td>
  808.                <td>'.$data['id'].'</td>
  809.              </tr>
  810.              <tr>
  811.                <td>'.$lang_user['username'].'</td>';
  812.   if($user_lvl >= $action_permission['update'])
  813.     $output .='
  814.                <td><input type="text" name="username" size="42" maxlength="15" value="'.$data['username'].'" /></td>';
  815.   else
  816.     $output.='
  817.                <td>'.$data['username'].'</td>';
  818.   $output .= '
  819.              </tr>
  820.              <tr>
  821.                <td>'.$lang_user['password'].'</td>';
  822.   if($user_lvl >= $action_permission['update'])
  823.     $output .="
  824.                <td><input type=\"text\" name=\"new_pass\" size=\"42\" maxlength=\"40\" value=\"******\" /></td>";
  825.   else
  826.     $output.="
  827.                <td>********</td>";
  828.   $output .= "
  829.              </tr>
  830.              <tr>
  831.                <td>{$lang_user['email']}</td>";
  832.   if($user_lvl >= $action_permission['update'])
  833.     $output .= '
  834.                <td><input type="text" name="mail" size="42" maxlength="225" value="'.$data['email'].'" /></td>';
  835.   else
  836.     $output.="
  837.                <td>***@***.***</td>";
  838.   $output .= "
  839.              </tr>
  840.              <tr>
  841.                <td>{$lang_user['invited_by']}:</td>
  842.                <td>";
  843.   if($user_lvl >= $action_permission['update'] && !$referred_by !=NULL)
  844.     $output .="
  845.                  <input type=\"text\" name=\"referredby\" size=\"42\" maxlength=\"12\" value=\"$referred_by\" />";
  846.   else
  847.     $output .="
  848.                  $referred_by";
  849.   $output .="
  850.                </td>
  851.              </tr>
  852.              <tr>
  853.                <td>{$lang_user['gm_level_long']}</td>";
  854.   if($user_lvl >= $action_permission['update'])
  855.   {
  856.     $output .="
  857.                <td>
  858.                  <select name=\"gmlevel\">";
  859.     foreach ($gm_level_arr as $level)
  860.     {
  861.       if (($level[0] > -1) && ($level[0] < $user_lvl))
  862.       {
  863.         $output .= "
  864.                    <option value=\"{$level[0]}\" ";
  865.         if ($data['gmlevel'] == $level[0])
  866.           $output .= "selected=\"selected\" ";
  867.         $output .= ">{$level[1]}</option>";
  868.       }
  869.     }
  870.     $output .= "
  871.                  </select>
  872.                </td>";
  873.   }
  874.   else
  875.     $output .= '
  876.                <td>'.id_get_gm_level($data['gmlevel']).' ( '.$data['gmlevel'].' )</td>';
  877.   $output .= '
  878.              </tr>
  879.              <tr>
  880.                <td>'.$lang_user['join_date'].'</td>
  881.                <td>'.$data['joindate'].'</td>
  882.              </tr>
  883.              <tr>
  884.                <td>'.$lang_user['last_ip'].'</td>';
  885.   if($user_lvl >= $action_permission['update'])
  886.     $output .= '
  887.                <td>'.$data['last_ip'].'<a href="banned.php?action=do_add_entry&entry='.$data['last_ip'].'&bantime=3600&ban_type=ip_banned"> <- '.$lang_user['ban_this_ip'].'</a></td>';
  888.   else
  889.     $output .= "
  890.                <td>***.***.***.***</td>";
  891.   $output .= "
  892.              </tr>
  893.              <tr>
  894.                <td>{$lang_user['banned']}</td>";
  895.   $que = $sqlr->query("SELECT bandate, unbandate, bannedby, banreason FROM account_banned WHERE id = $id");
  896.   if ($sqlr->num_rows($que))
  897.   {
  898.     $banned = $sqlr->fetch_row($que);
  899.     $ban_info = " From:".date('d-m-Y G:i', $banned[0])." till:".date('d-m-Y G:i', $banned[1])."<br />by $banned[2]";
  900.     $ban_checked = " checked=\"checked\"";
  901.   }
  902.   else
  903.   {
  904.     $ban_checked = "";
  905.     $ban_info    = "";
  906.     $banned[3]   = "";
  907.   }
  908.   if($user_lvl >= $action_permission['update'])
  909.     $output .= "
  910.                <td><input type=\"checkbox\" name=\"banned\" value=\"1\" $ban_checked/>$ban_info</td>";
  911.   else
  912.     $output .= "
  913.                <td>$ban_info</td>";
  914.   $output .="
  915.              </tr>
  916.              <tr>
  917.                <td>{$lang_user['banned_reason']}</td>";
  918.   if($user_lvl >= $action_permission['update'])
  919.     $output .="
  920.                <td><input type=\"text\" name=\"banreason\" size=\"42\" maxlength=\"255\" value=\"$banned[3]\" /></td>";
  921.   else
  922.     $output .= "
  923.                <td>$banned[3]</td>";
  924.   if ($expansion_select)
  925.   {
  926.     $output .="
  927.              </tr>
  928.              <tr>";
  929.     if($user_lvl >= $action_permission['update'])
  930.     {
  931.       $output .="
  932.                <td>{$lang_user['client_type']}</td>";
  933.       $output .="
  934.                <td>
  935.                  <select name=\"expansion\">";
  936.       $output .= "
  937.                    <option value=\"0\">{$lang_user['classic']}</option>
  938.                    <option value=\"1\" ";
  939.       if ($data['expansion'] == 1)
  940.         $output .= "selected=\"selected\" ";
  941.       $output .= ">{$lang_user['tbc']}</option>
  942.                   <option value=\"2\" ";
  943.       if ($data['expansion'] ==2)
  944.         $output .= "selected=\"selected\" ";
  945.       $output .= ">{$lang_user['wotlk']}</option>
  946.                  </select>
  947.                </td>";
  948.     }
  949.     else
  950.       $output .= "
  951.                <td>{$lang_user['classic']}</td>";
  952.   }
  953.   $output .="
  954.              </tr>
  955.              <tr>
  956.                <td>{$lang_user['failed_logins_long']}</td>";
  957.   if($user_lvl >= $action_permission['update'])
  958.     $output .='
  959.                <td><input type="text" name="failed" size="42" maxlength="3" value="'.$data['failed_logins'].'" /></td>';
  960.   else
  961.     $output .= '
  962.                <td>'.$data['failed_logins'].'</td>';
  963.   $output .="
  964.              </tr>
  965.              <tr>
  966.                <td>{$lang_user['locked']}</td>";
  967.   $lock_checked = ($data['locked']) ? " checked=\"checked\"" : "";
  968.   if($user_lvl >= $action_permission['update'])
  969.     $output .= "
  970.                <td><input type=\"checkbox\" name=\"locked\" value=\"1\" $lock_checked/></td>";
  971.   else
  972.     $output .="
  973.                <td></td>";
  974.   $output.= '
  975.              </tr>
  976.              <tr>
  977.                <td>'.$lang_user['last_login'].'</td>
  978.                <td>'.$data['last_login'].'</td>
  979.              </tr>
  980.              <tr>
  981.                <td>'.$lang_user['online'].'</td>';
  982.   $output .= "
  983.                <td>".(( $data['active_realm_id'] ) ? $lang_global['yes'] : $lang_global['no'])."</td>
  984.              </tr>";
  985.   $query = $sqlr->query("SELECT SUM(numchars) FROM realmcharacters WHERE acctid = '$id'");
  986.   $tot_chars = $sqlr->result($query, 0);
  987.   $query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = $id");
  988.   $chars_on_realm = $sqlc->result($query, 0);
  989.   $output .= "
  990.              <tr>
  991.                <td>{$lang_user['tot_chars']}</td>
  992.                <td>$tot_chars</td>
  993.              </tr>";
  994.   $realms = $sqlr->query("SELECT id, name FROM realmlist");
  995.   if ($developer_test_mode && $multi_realm_mode && ($sqlr->num_rows($realms) > 1 && (count($server) > 1) && (count($characters_db) > 1)))
  996.   {
  997.     require_once("scripts/get_lib.php");
  998.     while ($realm = $sqlr->fetch_array($realms))
  999.     {
  1000.       $sqlc->connect($characters_db[$realm[0]]['addr'], $characters_db[$realm[0]]['user'], $characters_db[$realm[0]]['pass'], $characters_db[$realm[0]]['name']);
  1001.       $query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = $id");
  1002.       $chars_on_realm = $sqlc->result($query, 0);
  1003.       $output .= "
  1004.              <tr>
  1005.                <td>{$lang_user['chars_on_realm']} ".get_realm_name($realm[0])."</td>
  1006.                <td>$chars_on_realm</td>
  1007.              </tr>";
  1008.       if ($chars_on_realm)
  1009.       {
  1010.         $char_array = $sqlc->query("SELECT guid, name, race, class, level, gender
  1011.          FROM `characters` WHERE account = $id");
  1012.         while ($char = $sqlc->fetch_array($char_array))
  1013.         {
  1014.           $output .= "
  1015.              <tr>
  1016.                <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'---></td>
  1017.                <td>
  1018.                      <a href=\"char.php?id=$char[0]&realm=$realm[0]\">$char[1]  - <img src='img/c_icons/{$char[2]}-{$char[5]}.gif' onmousemove='toolTip(\"".char_get_race_name($char[2])."\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\" />
  1019.                      <img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"".char_get_class_name($char[3])."\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\"/> - lvl ".char_get_level_color($char[4])."</a>
  1020.                </td>
  1021.              </tr>";
  1022.         }
  1023.       }
  1024.     }
  1025.   }
  1026.   else
  1027.   {
  1028.     $query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = $id");
  1029.     $chars_on_realm = $sqlc->result($query, 0);
  1030.     $output .= "
  1031.              <tr>
  1032.                <td>{$lang_user['chars_on_realm']}</td>
  1033.                <td>$chars_on_realm</td>
  1034.              </tr>";
  1035.     if ($chars_on_realm)
  1036.     {
  1037.       $char_array = $sqlc->query("SELECT guid,name,race,class, level, gender FROM `characters` WHERE account = $id");
  1038.       while ($char = $sqlc->fetch_array($char_array))
  1039.       {
  1040.         $output .= "
  1041.                <tr>
  1042.                  <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'---></td>
  1043.                  <td>
  1044.                    <a href=\"char.php?id=$char[0]\">$char[1]  - <img src='img/c_icons/{$char[2]}-{$char[5]}.gif' onmousemove='toolTip(\"".char_get_race_name($char[2])."\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\" />
  1045.                    <img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"".char_get_class_name($char[3])."\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\"/> - lvl ".char_get_level_color($char[4])."</a>
  1046.                  </td>
  1047.                </tr>";
  1048.       }
  1049.     }
  1050.   }
  1051.   $output .= "
  1052.              <tr>
  1053.                <td>";
  1054.   if($user_lvl >= $action_permission['delete'])
  1055.                   makebutton($lang_user['del_acc'], "user.php?action=del_user&check%5B%5D=$id\" type=\"wrn",130);
  1056.   $output .= "
  1057.                </td>
  1058.                <td>";
  1059.   if($user_lvl >= $action_permission['update'])
  1060.                   makebutton($lang_user['update_data'], "javascript:do_submit_data()",130);
  1061.                   makebutton($lang_global['back'], "javascript:window.history.back()\" type=\"def",130);
  1062.   $output .= "
  1063.                </td>
  1064.                </tr>
  1065.              </table>
  1066.            </form>
  1067.          </fieldset>
  1068.          <br /><br />
  1069.        </center>
  1070. ";
  1071.  
  1072.  
  1073.   }
  1074.   else error($lang_global['err_no_user']);
  1075.  
  1076. }
  1077.  
  1078.  
  1079. //############################################################################################################
  1080. //  DO   EDIT   USER
  1081. //############################################################################################################
  1082. function doedit_user()
  1083. {
  1084.   global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission;
  1085.   valid_login($action_permission['update']);
  1086.   if ( (!isset($_POST['pass'])||($_POST['pass'] === ''))
  1087.     && (!isset($_POST['mail'])||($_POST['mail'] === ''))
  1088.     && (!isset($_POST['expansion'])||($_POST['expansion'] === ''))
  1089.     && (!isset($_POST['referredby'])||($_POST['referredby'] === '')) )
  1090.     redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1");
  1091.  
  1092.   $sqlr = new SQL;
  1093.   $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  1094.  
  1095.   $id = $sqlr->quote_smart($_POST['id']);
  1096.   $username = $sqlr->quote_smart($_POST['username']);
  1097.   $banreason = $sqlr->quote_smart($_POST['banreason']);
  1098.   $pass = $sqlr->quote_smart($_POST['pass']);
  1099.   $user_pass_change = ($pass != sha1(strtoupper($username).":******")) ? "username='$username',sha_pass_hash='$pass'," : "";
  1100.  
  1101.   $mail = (isset($_POST['mail']) && $_POST['mail'] != '') ? $sqlr->quote_smart($_POST['mail']) : "";
  1102.   $failed = (isset($_POST['failed'])) ? $sqlr->quote_smart($_POST['failed']) : 0;
  1103.   $gmlevel = (isset($_POST['gmlevel'])) ? $sqlr->quote_smart($_POST['gmlevel']) : 0;
  1104.   $expansion = (isset($_POST['expansion'])) ? $sqlr->quote_smart($_POST['expansion']) : 1;
  1105.   $banned = (isset($_POST['banned'])) ? $sqlr->quote_smart($_POST['banned']) : 0;
  1106.   $locked = (isset($_POST['locked'])) ? $sqlr->quote_smart($_POST['locked']) : 0;
  1107.   $referredby = $sqlr->quote_smart(trim($_POST['referredby']));
  1108.  
  1109.   //make sure username/pass at least 4 chars long and less than max
  1110.   if ((strlen($username) < 4) || (strlen($username) > 15))
  1111.     redirect("user.php?action=edit_user&id=$id&error=8");
  1112.  
  1113.   if ($gmlevel >= $user_lvl)
  1114.     redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16");
  1115.   require_once("libs/valid_lib.php");
  1116.   if (!valid_alphabetic($username))
  1117.     redirect("user.php?action=edit_user&error=9&id=$id");
  1118.   //restricting accsess to lower gmlvl
  1119.   $result = $sqlr->query("SELECT username FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account.id = '$id'");
  1120.   if (($user_lvl <= $sqlr->result($result, 0, 'gmlevel')) && ($user_name != $sqlr->result($result, 0, 'username')))
  1121.     redirect("user.php?error=14");
  1122.   if (!$banned)
  1123.     $sqlr->query("DELETE FROM account_banned WHERE id='$id'");
  1124.   else
  1125.   {
  1126.     $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '$id'");
  1127.     if(!$sqlr->result($result, 0))
  1128.       $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)
  1129.                 VALUES ($id, ".time().",".(time()+(365*24*3600)).",'$user_name','$banreason', 1)");
  1130.   }
  1131.   $sqlr->query("UPDATE account SET email='$mail', $user_pass_change v=0,s=0,failed_logins='$failed',locked='$locked',expansion='$expansion' WHERE id='$id'");
  1132.   //edit by tikay
  1133.   $querygmlevel = $sqlr->query("SELECT id FROM account_access WHERE id = '$id'");
  1134.   if (mysql_num_rows($querygmlevel) >=1)
  1135.     $sqlr->query("UPDATE account_access SET gmlevel='$gmlevel' WHERE id='$id'");
  1136.    else
  1137.     $sqlr->query("INSERT INTO account_access (id, gmlevel, realmid) VALUES ('$id', '$gmlevel', -1)");
  1138.   //$sqlr->query("INSERT INTO account_access (id, gmlevel, realmid) VALUES ($id, $gmlevel, -1)");
  1139.    // $sqlr->query("UPDATE account_access SET gmlevel='$gmlevel' WHERE id='$id'");
  1140.   if (doupdate_referral($referredby, $id) || $sqlr->affected_rows())
  1141.     redirect("user.php?action=edit_user&error=13&id=$id");
  1142.   else
  1143.     redirect("user.php?action=edit_user&error=12&id=$id");
  1144. }
  1145.  
  1146. function doupdate_referral($referredby, $user_id)
  1147. {
  1148.   global $realm_db, $mmfpm_db, $characters_db, $realm_id;
  1149.   $sqlm = new SQL;
  1150.   $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
  1151.   $sqlc = new SQL;
  1152.   $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
  1153.   $sqlr = new SQL;
  1154.   $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
  1155.  
  1156.   $result = $sqlm->fetch_row($sqlm->query("SELECT InvitedBy FROM point_system_invites WHERE PlayersAccount = '$user_id'"));
  1157.   $result = $result[0];
  1158.  
  1159.   if ($result == NULL)
  1160.   {
  1161.     $referred_by = $sqlc->fetch_row($sqlc->query("SELECT guid FROM characters WHERE name = '$referredby'"));
  1162.     $referred_by = $referred_by[0];
  1163.  
  1164.     if ($referred_by != NULL)
  1165.     {
  1166.       $char = $sqlc->fetch_row($sqlc->query("SELECT account FROM characters WHERE guid = '$referred_by'"));
  1167.       $result = $sqlr->fetch_row($sqlr->query("SELECT id FROM account WHERE id = '$char'"));
  1168.       $result = $result[0];
  1169.       if ($result != $user_id)
  1170.       {
  1171.         $sqlm->query("INSERT INTO point_system_invites (PlayersAccount, InvitedBy, InviterAccount) VALUES ('$user_id', '$referred_by', '$result')");
  1172.         return true;
  1173.       }
  1174.       else
  1175.         return false;
  1176.     }
  1177.   }
  1178. }
  1179.  
  1180.  
  1181. //########################################################################################################################
  1182. // MAIN
  1183. //########################################################################################################################
  1184. $err = (isset($_GET['error'])) ? $_GET['error'] : NULL;
  1185.  
  1186. $output .= "
  1187.        <div class=\"top\">";
  1188.  
  1189. // load language
  1190. $lang_user = lang_user();
  1191.  
  1192. // defines the title header in error cases
  1193. switch ($err)
  1194. {
  1195.   case 1:
  1196.     $output .= "
  1197.          <h1><font class=\"error\">{$lang_global['empty_fields']}</font></h1>";
  1198.     break;
  1199.   case 2:
  1200.     $output .= "
  1201.          <h1><font class=\"error\">{$lang_global['err_no_search_passed']}</font></h1>";
  1202.     break;
  1203.   case 3:
  1204.     $output .= "
  1205.          <h1><font class=\"error\">{$lang_user['search_results']}</font></h1>";
  1206.     break;
  1207.   case 4:
  1208.     $output .= "
  1209.          <h1><font class=\"error\">{$lang_user['acc_creation_failed']}</font></h1>";
  1210.     break;
  1211.   case 5:
  1212.     $output .= "
  1213.          <h1>{$lang_user['acc_created']}</h1>";
  1214.     break;
  1215.   case 6:
  1216.     $output .= "
  1217.          <h1><font class=\"error\">{$lang_user['nonidentical_passes']}</font></h1>";
  1218.     break;
  1219.   case 7:
  1220.     $output .= "
  1221.          <h1><font class=\"error\">{$lang_user['user_already_exist']}</font></h1>";
  1222.     break;
  1223.   case 8:
  1224.     $output .= "
  1225.          <h1><font class=\"error\">{$lang_user['username_pass_too_long']}</font></h1>";
  1226.     break;
  1227.   case 9:
  1228.     $output .= "
  1229.          <h1><font class=\"error\">{$lang_user['use_only_eng_charset']}</font></h1>";
  1230.     break;
  1231.   case 10:
  1232.     $output .= "
  1233.          <h1><font class=\"error\">{$lang_user['no_value_passed']}</font></h1>";
  1234.     break;
  1235.   case 11:
  1236.     $output .= "
  1237.          <h1>{$lang_user['edit_acc']}</h1>";
  1238.     break;
  1239.   case 12:
  1240.     $output .= "
  1241.          <h1><font class=\"error\">{$lang_user['update_failed']}</font></h1>";
  1242.     break;
  1243.   case 13:
  1244.     $output .= "
  1245.          <h1>{$lang_user['data_updated']}</h1>";
  1246.     break;
  1247.   case 14:
  1248.     $output .= "
  1249.          <h1><font class=\"error\">{$lang_user['you_have_no_permission']}</font></h1>";
  1250.     break;
  1251.   case 15:
  1252.     $output .= "
  1253.          <h1><font class=\"error\">{$lang_user['acc_backedup']}</font></h1>";
  1254.     break;
  1255.   case 16:
  1256.     $output .= "
  1257.          <h1><font class=\"error\">{$lang_user['you_have_no_permission_to_set_gmlvl']}</font></h1>";
  1258.     break;
  1259.   default: //no error
  1260.     $output .= "
  1261.          <h1>{$lang_user['browse_acc']}</h1>";
  1262. }
  1263. unset($err);
  1264.  
  1265. $output .= "
  1266.        </div>";
  1267.  
  1268. $action = (isset($_GET['action'])) ? $_GET['action'] : NULL;
  1269.  
  1270. switch ($action)
  1271. {
  1272.   case "add_new":
  1273.     add_new();
  1274.     break;
  1275.   case "doadd_new":
  1276.     doadd_new();
  1277.     break;
  1278.   case "edit_user":
  1279.     edit_user();
  1280.     break;
  1281.   case "doedit_user":
  1282.     doedit_user();
  1283.     break;
  1284.   case "del_user":
  1285.     del_user();
  1286.     break;
  1287.   case "dodel_user":
  1288.     dodel_user();
  1289.     break;
  1290.   case "backup_user":
  1291.     backup_user();
  1292.     break;
  1293.   default:
  1294.     browse_users($sqlr, $sqlc);
  1295. }
  1296.  
  1297.  
  1298. unset($action);
  1299. unset($action_permission);
  1300. unset($lang_user);
  1301.  
  1302. require_once("footer.php");
  1303.  
  1304. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!