Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Created by Adam Glaysher
- // Copyright (c) 2010
- class gameInfoDatabase
- {
- private $dbHost = 'localhost';
- private $dbName = 'sagerune_database';
- private $dbUser = 'sagerune_admin';
- private $dbPass = 'l0vejenna';
- private $itemsPerPage = 20;
- private $minSearchLen = 3;
- private $sortQuery;
- public function showResult(){
- $this->connect();
- $catID = $this->makeSafe($_GET['cat']);
- $searchTerm = $this->makeSafe($_GET['search']);
- if(strlen($searchTerm) >= $this->minSearchLen){
- $searching = true;
- }
- if($this->checkForID('cats', $catID)){
- $select = mysql_query("SELECT shownFields FROM cats WHERE id = {$catID}");
- while($get = mysql_fetch_array($select)){
- $fields = explode(',', $get['shownFields']);
- }
- if($_GET['page'] && is_numeric($_GET['page']) && !$searching){
- $page = $this->makeSafe($_GET['page']);
- } else {
- $page = 1;
- }
- if($searching){
- echo '<h2>Search: '.$searchTerm.'</h2>Category: <a href="database.php?cat='.$catID.'">'.$this->getName('cats', $catID).'</a><br />';
- } else {
- echo '<h2>Category: '.$this->getName('cats', $catID).'</h2>';
- $select = mysql_query("SELECT parent FROM cats WHERE id = '$catID'");
- while($get = mysql_fetch_array($select)){
- if($get['parent']){
- echo 'From <a href="database.php?cat='.$get['parent'].'">'.$this->getName('cats', $get['parent']).'</a><br />';
- }
- }
- }
- echo '<br /><form method="get"><label for="db_sortby">Sort by</label> <select id="db_sortby" name="sortby">';
- foreach($fields as $label){
- if($label != 'img'){
- echo '<option value="'.$this->getFieldID($label).'">'.ucfirst($label).'</option>';
- }
- }
- echo '</select> <select id="db_sort" name="sort"><option value="1">Ascending</option><option value="0">Descending</option></select><input type="hidden" name="cat" value="'.$catID.'" />';
- if($searching){
- echo '<input type="hidden" name="search" value="'.$searchTerm.'" />';
- } else {
- if(!$_GET['page']){
- echo '<input type="hidden" name="page" value="'.$page.'" />';
- }
- }
- echo ' <input type="submit" value="Sort" /></form>';
- if($_GET['page'] && !$searching){
- $limit = ($page - 1) * $this->itemsPerPage;
- } else {
- $limit = 0;
- }
- if($_GET['sortby'] && is_numeric($_GET['sortby'])){
- $sortBy = $this->makeSafe($_GET['sortby']);
- if($this->checkForID('fields', $sortBy)){
- if($_GET['sort'] && is_numeric($_GET['sort'])){
- $sort = $this->makeSafe($_GET['sort']);
- if($sort == 1){
- $sortQ = 'ASC';
- } else {
- $sortQ = 'DESC';
- }
- } else {
- $sortQ = 'DESC';
- $sort = 0;
- }
- $this->sortQuery = 'ORDER BY '.$this->getName('fields', $sortBy).' '.$sortQ;
- }
- }
- echo '<table cellspacing="1"><tr id="db_tableKey">';
- foreach($fields as $label){
- if($label == 'img'){
- echo '<td class="bg_imgKey">'.ucfirst($label).'</td>';
- } else {
- echo '<td>'.ucfirst($label).'</td>';
- }
- }
- echo '</tr>';
- $children = '';
- $selectChildren = mysql_query("SELECT id FROM cats WHERE parent = {$catID}");
- while($get = mysql_fetch_array($selectChildren)){
- $children = $children.'OR cat = '.$get['id'].' ';
- }
- if($searching){
- $select = mysql_query("SELECT * FROM items WHERE (cat = {$catID} ".$children.") AND name LIKE '%$searchTerm%' ".$this->sortQuery." LIMIT 0, ".$this->itemsPerPage);
- } else {
- $select = mysql_query("SELECT * FROM items WHERE (cat = {$catID} ".$children.") ".$this->sortQuery." LIMIT ".$limit.", ".$this->itemsPerPage);
- }
- while($get = mysql_fetch_array($select)){
- echo '<tr>';
- foreach($fields as $label){
- if($label == 'name'){
- echo '<td><a href="database.php?id='.$get['id'].'">'.$get[$label].'</a></td>';
- } else {
- if($label == 'img'){
- echo '<td><img class="db_img" src="'.$get[$label].'" alt="" /></td>';
- } else {
- echo '<td>'.$get[$label].'</td>';
- }
- }
- }
- echo '</tr>';
- }
- echo '</table>';
- if($this->catCount($catID) > $this->itemsPerPage && !$searching){
- echo '<div id="db_pagination">Page: ';
- $pageI = 1;
- for($i = $this->catCount($catID); $i > 0; $i = $i - $this->itemsPerPage){
- if($page == $pageI){
- echo '<span class="INACTIVE">'.$pageI.'</span>';
- } else {
- if($this->checkForID('fields', $sortBy)){
- echo '<a class="ACTIVE" href="database.php?cat='.$catID.'&page='.$pageI.'&sortby='.$sortBy.'&sort='.$sort.'">'.$pageI.'</a>';
- } else {
- echo '<a class="ACTIVE" href="database.php?cat='.$catID.'&page='.$pageI.'">'.$pageI.'</a>';
- }
- }
- $pageI++;
- }
- echo '</div>';
- }
- } else {
- $itemID = $this->makeSafe($_GET['id']);
- if($this->checkForID('items', $itemID)){
- $select = mysql_query("SELECT * FROM items WHERE id = {$itemID}");
- while($get = mysql_fetch_array($select)){
- echo '<h2>'.$get['name'].'</h2>Category: <a href="database.php?cat='.$get['cat'].'">'.$this->getName('cats', $get['cat']).'</a><br /><br />';
- $selectFields = mysql_query("SELECT shownFields FROM cats WHERE id = {$get['cat']}");
- while($getFields = mysql_fetch_array($selectFields)){
- $fields = explode(',', $getFields['shownFields']);
- }
- if($get['img'] != ''){
- echo '<img class="db_imgFull" src="'.$get['img'].'" alt="" /><br /><br />';
- }
- foreach($fields as $label){
- if($label != 'name' && $label != 'img'){
- echo '<strong>'.ucfirst($label).':</strong> '.$get[$label].'<br />';
- }
- }
- }
- } else {
- if($_GET['admin'] && $_GET['task'] && $this->hasAdminRights()){
- $this->showAdminTask($_GET['task']);
- } else {
- //TODO:create index
- echo 'index.<br /><br />';
- }
- }
- }
- echo '<div id="db_credit">Created by AdamG</div>';
- }
- private function hasAdminRights(){
- global $user;
- mysql_select_db('sagerune_site');
- $selectLvls = mysql_query("SELECT level_id FROM se_levels WHERE level_name = 'Admin' OR level_name = 'Database Moderator'");
- while($getLvls = mysql_fetch_array($selectLvls)){
- if($user->user_info['user_level_id'] == $getLvls['level_id']){
- mysql_select_db($this->dbName);
- return true;
- }
- }
- mysql_select_db($this->dbName);
- return false;
- }
- private function showAdminTask($task){
- $task = $this->makeSafe($task);
- if($this->hasAdminRights()){
- switch($task){
- case 'items':
- echo 'Adding an Item';
- break;
- case 'fields':
- if($_POST['fieldLabel'] != '' && $_POST['fieldType'] != ''){
- $fieldLabel = $this->makeSafe($_POST['fieldLabel']);
- $fieldType = $this->makeSafe($_POST['fieldType']);
- $addMYSQL_TABLE_FIELD = mysql_query("ALTER TABLE items ADD ".$fieldLabel." VARCHAR(100) NOT NULL");
- $addField = mysql_query("INSERT INTO fields (label, type) VALUES ('$fieldLabel', '$fieldType')");
- if(!$addField || !$addMYSQL_TABLE_FIELD){
- echo '<div class="error">Error. Field could not be added.</div>';
- } else {
- echo '<div class="success">Field added successfully.</div>';
- }
- }
- if($_GET['delete']){
- $fieldID = $this->makeSafe($_GET['delete']);
- $fieldLabel = $this->getName('fields', $fieldID);
- $deleteMYSQL_TABLE_FIELD = mysql_query("ALTER TABLE items DROP ".$fieldLabel);
- $deleteField = mysql_query("DELETE FROM fields WHERE id = '$fieldID'");
- if(!$deleteField || !$deleteMYSQL_TABLE_FIELD){echo '<div class="error">Error. Field could not be deleted.</div>';}
- else {echo '<div class="success">Field deleted successfully.</div>';}
- }
- echo '<h2>Add a Field</h2><br />
- <form id="db_addField" action="database.php?admin=true&task=fields" method="post">
- Label: <input type="text" id="db_addField_fieldLabel" name="fieldLabel" /><br /><br />
- Type: <select name="fieldType"><option value="text">Text</option><option value="img">Image</option></select><br /><br />
- <input type="submit" value="Add Field" /><hr /><h2>Delete Fields</h2><br />Click to delete a field...<br />';
- $select = mysql_query("SELECT * FROM fields");
- while($get = mysql_fetch_array($select)){
- echo '<a style="color:red;" href="database.php?admin=true&task=fields&delete='.$get['id'].'">'.$get['label'].'</a>, ';
- }
- break;
- case 'cats':
- if(!$_GET['edit']){
- if($_POST['catName'] != '' && $_POST['catFields'] != ''){
- $catName = $this->makeSafe($_POST['catName']);
- $catFields = $this->makeSafe($_POST['catFields']);
- $catParent = $this->makeSafe($_POST['catParent']);
- $addCat = mysql_query("INSERT INTO cats (name, shownFields, parent) VALUES ('$catName', '$catFields', '$catParent')");
- if(!$addCat){echo '<div class="error">Error. Category could not be added.</div>';}
- else {echo '<div class="success">Category added successfully.</div>';}
- }
- if($_GET['delete']){
- $catID = $this->makeSafe($_GET['delete']);
- $deleteCat = mysql_query("DELETE FROM cats WHERE id = '$catID'");
- if(!$deleteCat){echo '<div class="error">Error. Category could not be deleted.</div>';}
- else {echo '<div class="success">Category deleted successfully.</div>';}
- }
- echo '<h2>New Category</h2><br />
- <form id="db_addCat" action="database.php?admin=true&task=cats" method="post">
- Name: <input type="text" id="db_addCat_catName" name="catName" /><br /><br />
- Fields: <input type="text" id="db_addCat_catFields" name="catFields" /><br /><br />
- Parent: <select name="catParent"><option value="0" selected="selected">--</option>';
- $select = mysql_query("SELECT * FROM cats WHERE parent = 0");
- while($get = mysql_fetch_array($select)){
- echo '<option value="'.$get['id'].'">'.$get['name'].'</option>';
- }
- echo '</select><br /><br />
- Click to add a field:<br />';
- $select = mysql_query("SELECT label FROM fields");
- $i = 1;
- while($get = mysql_fetch_array($select)){
- echo '<a href="javascript:void(0);" onclick="db_addField(\''.$get['label'].'\');">'.$get['label'].'</a>';
- if($i != mysql_num_rows($select)){
- echo ', ';
- } else {
- echo '.';
- }
- $i++;
- }
- echo '<br /><br /><input type="submit" value="Add Category" /><hr />';
- } else {
- $editCatID = $this->makeSafe($_GET['edit']);
- if($_POST['catName'] != '' && $_POST['catFields'] != ''){
- $catName = $this->makeSafe($_POST['catName']);
- $catFields = $this->makeSafe($_POST['catFields']);
- $catParent = $this->makeSafe($_POST['catParent']);
- $editCat = mysql_query("UPDATE cats SET name = '$catName', shownFields = '$catFields', parent = '$catParent' WHERE id = '$editCatID'");
- if(!$editCat){echo '<div class="error">Error. Category could not be edited.</div>';}
- else {echo '<div class="success">Category edited successfully.</div>';}
- }
- $select = mysql_query("SELECT * FROM cats WHERE id = {$editCatID}");
- while($get = mysql_fetch_array($select)){
- echo '<a href="database.php?admin=true&task=cats"><- Add new Category</a><br /><br /><h2>Edit Category: '.$get['name'].'<small> (<a style="color:red;" href="database.php?admin=true&task=cats&delete='.$get['id'].'">Delete</a>)</small></h2><br />
- <form id="db_editCat" action="database.php?admin=true&task=cats&edit='.$editCatID.'" method="post">
- Name: <input type="text" id="db_addCat_catName" name="catName" value="'.$get['name'].'" /><br /><br />
- Fields: <input type="text" id="db_addCat_catFields" name="catFields" value="'.$get['shownFields'].'" /><br /><br />
- Parent: <select name="catParent"><option value="0">--</option>';
- $selectCats = mysql_query("SELECT * FROM cats WHERE parent = 0");
- while($getCat = mysql_fetch_array($selectCats)){
- if($getCat['id'] == $get['parent']){
- echo '<option value="'.$getCat['id'].'" selected="selected">'.$getCat['name'].'</option>';
- } else {
- echo '<option value="'.$getCat['id'].'">'.$getCat['name'].'</option>';
- }
- }
- echo '</select><br /><br />
- Click to add a field:<br />';
- }
- $select = mysql_query("SELECT label FROM fields");
- $i = 1;
- while($get = mysql_fetch_array($select)){
- echo '<a href="javascript:void(0);" onclick="db_addField(\''.$get['label'].'\');">'.$get['label'].'</a>';
- if($i != mysql_num_rows($select)){
- echo ', ';
- } else {
- echo '.';
- }
- $i++;
- }
- echo '<br /><br /><input type="submit" value="Edit Category" /><hr />';
- }
- echo '<h2>Edit/Delete Categories</h2><br />Click to edit a category...<br />';
- $select = mysql_query("SELECT * FROM cats WHERE parent = 0");
- while($get = mysql_fetch_array($select)){
- echo '<strong><a href="database.php?admin=true&task=cats&edit='.$get['id'].'">'.$get['name'].'</a></strong><br />';
- $selectChildren = mysql_query("SELECT id, name FROM cats WHERE parent = {$get['id']}");
- while($getChild = mysql_fetch_array($selectChildren)){
- echo ' » <a href="database.php?admin=true&task=cats&edit='.$getChild['id'].'">'.$getChild['name'].'</a><br />';
- }
- }
- break;
- default:
- echo 'Invalid Task.';
- }
- }
- }
- public function showFullSearch(){
- $this->connect();
- echo '<form id="db_fullSearch" style="text-align: center;">';
- $select = mysql_query("SELECT id, name FROM cats WHERE parent = 0");
- echo 'Category: <select name="cat">';
- while($get = mysql_fetch_array($select)){
- echo '<option value="'.$get['id'].'">'.ucfirst($get['name']).'</option>';
- $selectChildren = mysql_query("SELECT id, name FROM cats WHERE parent = {$get['id']}");
- while($getChild = mysql_fetch_array($selectChildren)){
- echo '<option value="'.$getChild['id'].'">» '.ucfirst($getChild['name']).'</option>';
- }
- }
- $searchTerm = $this->makeSafe($_GET['search']);
- if(strlen($searchTerm) >= $this->minSearchLen){
- $value = ' value="'.$searchTerm.'"';
- }
- echo '</select><br /><br /><input type="text" id="db_searchInput" name="search" style="margin-bottom: 5px;"'.$value.' /><br /><input type="submit" value="Search" /></form><br />';
- if($this->hasAdminRights()){
- echo '<div class="header">Database Management</div><ul><li><a href="database.php?admin=true&task=items">Add an Item</a></li><li><a href="database.php?admin=true&task=fields">Manage Fields</a></li><li><a href="database.php?admin=true&task=cats">Manage Categories</a></li></ul>';
- }
- }
- public function showFullCatList(){
- $this->connect();
- echo '<ul class="db_fullCatList">';
- $select = mysql_query("SELECT id, name FROM cats WHERE parent = 0");
- while($get = mysql_fetch_array($select)){
- echo '<li><a href="database.php?cat='.$get['id'].'">'.ucfirst($get['name']).'</a></li>';
- $selectChildren = mysql_query("SELECT id, name FROM cats WHERE parent = {$get['id']}");
- while($getChild = mysql_fetch_array($selectChildren)){
- echo '<li>» <a href="database.php?cat='.$getChild['id'].'">'.ucfirst($getChild['name']).'</a></li>';
- }
- }
- echo '</ul>';
- }
- private function checkForID($table, $id){
- $id = $this->makeSafe($id);
- if($id){
- $select = mysql_query("SELECT id FROM ".$table." WHERE id = {$id}");
- while($get = mysql_fetch_array($select)){
- return true;
- }
- }
- return false;
- }
- private function getName($table, $id){
- $id = $this->makeSafe($id);
- $select = mysql_query("SELECT * FROM ".$table." WHERE id = {$id}");
- while($get = mysql_fetch_array($select)){
- if($table == 'fields'){
- return $get['label'];
- } else {
- return $get['name'];
- }
- }
- }
- private function getFieldID($label){
- $label = $this->makeSafe($label);
- $select = mysql_query("SELECT id FROM fields WHERE label = '$label'");
- while($get = mysql_fetch_array($select)){
- return $get['id'];
- }
- }
- private function catCount($id){
- $id = $this->makeSafe($id);
- $select = mysql_query("SELECT id FROM items WHERE cat = {$id} ".$this->sortQuery);
- return mysql_num_rows($select);
- }
- private function connect(){
- mysql_connect($this->dbHost, $this->dbUser, $this->dbPass);
- mysql_select_db($this->dbName);
- }
- private function makeSafe($str){
- return mysql_real_escape_string(htmlentities($str));
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement