main.groups.php

1. <?php
2. if(!(checkrights($_SESSION['rights_users'],1)))
3. {
4. header('location: ?page=forbidden');
5. }
6. if(!(checkrights($_SESSION['rights_users'],2)))
7. {
8. echo '<div class="alert">You cannot edit this page.</div>';
9. $disableedit=1;
10. }
11. $allowedgroups=explode(',',$_SESSION['allowedgroups']);
12. //print_r($allowedgroups);
13. //echo $_SESSION['allowedgroups'];
14. function isallowedgroup($group)
15. {
16. global $allowedgroups;
17.     if (in_array($group,$allowedgroups) || $_SESSION['allowedgroups']=='*')
18.     {return true;}
19.     else
20.     {return false;}
21. }
22. $isadmin=$_SESSION['admin'];
23. ?>
24. <h2>Users</h2>
25. <table>
26. <tr>
27. <td><strong>ID</strong></td>
28. <td><strong>Name</strong></td>
29. <td><strong>Groups</strong></td>
30. <td><strong>Color</strong></td>
31. <td><strong>Allowed Commands</strong></td>
32. <td><strong>Admin</strong></td>
33. <td><strong>Can Modify World</strong></td>
34. <td><strong>Ignores Restrictions</strong></td>
35. <td><strong>Modify</strong></td>
36. </tr>
37. <?php
38. $sql="SELECT * FROM `users`";
39. $result=mysql_query($sql) or die("MySQL error: ".mysql_error());
40. while($record=mysql_fetch_array($result))
41. {
42.     $id         =   $record['id'];
43.     $name           =   $record['name'];
44.     $groups         =   $record['groups'];
45.     $prefix         =   $record['prefix'];
46.     $commands       =   $record['commands'];
47.     $admin          =   $record['admin'];
48.     $canmodifyworld     =   $record['canmodifyworld'];
49.     $ignoresrestrictions    =   $record['ignoresrestrictions'];
50.  
51.     // edit form
52.     if ($_GET['action']=='edit' && $_GET['id']==$id)
53.     {
54.         echo "
55.         <form name=\"edit\" action=\"?page=users&action=editsave&id=$id\" method=\"post\">
56.         <tr>
57.         <td>$id</td>
58.         <td><input name=\"name\" type=\"text\" value=\"$name\" / size=\"7\"></td>
59.         <td>
60.         <select name=\"groups\">";
61.         $zsql="SELECT * FROM `groups`";
62.         $zresult=mysql_query($zsql);
63.         while($zrecord=mysql_fetch_array($zresult))
64.         {
65.         $recname=$zrecord['name'];
66.         if (isallowedgroup($recname))
67.         {
68.             if ($recname==$groups)
69.             {
70.                 echo "<option value=\"$recname\" selected>$recname</option>";
71.             }
72.             else
73.             {
74.                 echo "<option value=\"$recname\">$recname</option>";
75.             }
76.         }
77.         }
78.         echo "
79.         </select>
80.         <td><input name=\"prefix\" type=\"text\" value=\"$prefix\" size=\"1\"/></td>
81.         <td><input name=\"commands\" type=\"text\" value=\"$commands\" size=\"25\"";if(!$isadmin){echo 'disabled';} echo "/></td>
82.         <td><input name=\"admin\" type=\"checkbox\" value=\"1\" ";if(!$isadmin){echo 'disabled';} echo " size=\"1\" "; if ($admin){ echo 'checked';} echo " /></td>
83.         <td><input name=\"canmodifyworld\" type=\"checkbox\" value=\"1\" size=\"1\" "; if ($canmodifyworld){ echo 'checked';} echo " /></td>
84.         <td><input name=\"ignoresrestrictions\" type=\"checkbox\" value=\"1\" ";if(!$isadmin){echo 'disabled';} echo " size=\"1\" "; if ($ignorerestrictions){ echo 'checked';} echo " /></td>
85.         <td>
86.             <a href=\"?page=users&action=edit&id=$id\"><img src=\"images/edit.png\" alt=\"Edit\"/></a>
87.             <a href=\"?page=users&action=delete&id=$id\"><img src=\"images/delete.png\" alt=\"Delete\"/></a>
88.         </td>
89.         </tr>
90.         ";
91.     }
92.     else
93.     {
94.         echo "
95.         <tr>
96.         <td>$id</td>
97.         <td>$name</td>
98.         <td>$groups</td>
99.         <td>$prefix</td>
100.         <td><ul>";
101.         $ca = explode(',', $commands);
102.         foreach ($ca as $out) {echo("<li>$out</li>\n");}
103.         echo "</ul></td>
104.         <td>$admin</td>
105.         <td>$canmodifyworld</td>
106.         <td>$ignoresrestrictions</td>
107.         <td>
108.             <a href=\"?page=users&action=edit&id=$id\"><img src=\"images/edit.png\" alt=\"Edit\"/></a>
109.             <a href=\"?page=users&action=delete&id=$id\"><img src=\"images/delete.png\" /></a>
110.         </td>
111.         </tr>
112.         ";
113.     }
114. }
115. ?>
116. <tr><td colspan="10"><a href="?page=users&action=add">Add a new user...</a></td></tr>
117. </table>
118. <?php
119. if(!$disableedit)
120. {
121. if ($_GET['action']=='edit')
122. {
123. echo '<input type="submit" value="Save"></form>';
124. }
125. if ($_GET['action']=='editsave')
126. {
127. $name=$_POST['name'];
128. $groups=$_POST['groups'];
129. if (!(isallowedgroup($groups)))
130. {
131. exit("You are not allowed to assign this group to a user!");
132. }
133. $prefix=$_POST['prefix'];
134. $commands=$_POST['commands'];
135. $admin=$_POST['admin'];
136. $canmodifyworld=$_POST['canmodifyworld'];
137. $ignoresrestrictions=$_POST['ignoresrestrictions'];
138.  
139. $id=$_GET['id'];
140. if ($isadmin)
141. {
142. $sql="UPDATE `users` SET
143. `name`='$name',
144. `groups`='$groups',
145. `prefix`='$prefix',
146. `commands`='$commands',
147. `admin`='$admin',
148. `canmodifyworld`='$canmodifyworld',
149. `ignoresrestrictions`='$ignoresrestrictions'
150.  
151. WHERE `id`='$id'";
152. }
153. else
154. {
155. $sql="UPDATE `users` SET
156. `name`='$name',
157. `groups`='$groups',
158. `prefix`='$prefix',
159. `canmodifyworld`='$canmodifyworld'
160.  
161. WHERE `id`='$id'";
162. }
163. echo $sql;
164. mysql_query($sql) or die("MySQL error: ".mysql_error());
165. header('location:?page=users');
166. }
167. if ($_GET['action']=='add')
168. {
169. $sql="INSERT INTO `users` SET `name`='new'";
170. $query=mysql_query($sql) or die("MySQL error: ".mysql_error());
171. $id=mysql_insert_id();
172. header('location: ?page=users&action=edit&id='.$id);
173. }
174.  
175. if ($_GET['action']=='delete')
176. {
177. $id=$_GET['id'];
178. $sql="DELETE FROM `users` WHERE `id`='$id'";
179. $query=mysql_query($sql) or die("MySQL error: ".mysql_error());
180. header('location: ?page=users');
181. }
182. }
183. ?>
184. <br>
185. <img src="images/colors.png" />
186. <h3>Import from textfile</h3>
187. Copy your users.txt content here and click 'import'
188. <form method="post" action="?page=users&action=import">
189. <textarea name="import" cols="60" rows="10"></textarea>
190. <br>
191. <input type="submit" value="Import" />
192. </form>
193. <br />
194. <?php
195. if ($_GET['action']=='import' && !($disableedit))
196. {
197. $import=$_POST['import'];
198. $import=explode("\n",$import);
199. foreach($import as $importline)
200. {
201.     // Checks:
202.     if (trim($importline[0]) == '#' || !strlen($importline)) continue;
203.     $importline=explode(':',$importline);
204.     if (count($importline)<2)
205.     {die('<div class="alert">Invalid number of fields (2 required fields)</div>');}
206.     //
207.     $import_name=trim($importline[0]);
208.     $import_groups=trim($importline[1]);
209.     $admin_unres=trim($importline[2]);
210.     $import_prefix=trim($importline[3]);
211.     $import_commands=trim($importline[4]);
212.     switch($admin_unres)
213.     {
214.     case -1: $import_admin=0; $import_ignores=1; $import_canmodify=0; break;
215.     case 0:  $import_admin=0; $import_ignores=0; $import_canmodify=1; break;
216.     case 1:  $import_admin=0; $import_ignores=1; $import_canmodify=1; break;
217.     case 2:  $import_admin=1; $import_ignores=1; $import_canmodify=1; break;
218.     }
219.    
220.     $sql="INSERT INTO `users` SET
221.     `name`='$import_name',
222.     `prefix`='$import_prefix',
223.     `commands`='$import_commands',
224.     `groups`='$import_groups',
225.     `admin`='$import_admin',
226.     `ignoresrestrictions`='$import_ignores',
227.     `canmodifyworld`='$import_canmodify'";
228.     //print_r($importline);
229.     //echo $sql.'<br>';
230.     $query=mysql_query($sql) or die("MySQL error: ".mysql_error());
231.     header('location:?page=users');
232. }
233.  
234. }
235. ?>