API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 12th, 2017
86
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.46 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // Created by Adam Glaysher
  4. // Copyright (c) 2010
  5.  
  6. class gameInfoDatabase
  7. {
  8. private $dbHost = 'localhost';
  9. private $dbName = 'sagerune_database';
  10. private $dbUser = 'sagerune_admin';
  11. private $dbPass = 'l0vejenna';
  12.  
  13. private $itemsPerPage = 20;
  14. private $minSearchLen = 3;
  15.  
  16. private $sortQuery;
  17.  
  18. public function showResult(){
  19. $this->connect();
  20.  
  21. $catID = $this->makeSafe($_GET['cat']);
  22. $searchTerm = $this->makeSafe($_GET['search']);
  23.  
  24. if(strlen($searchTerm) >= $this->minSearchLen){
  25. $searching = true;
  26. }
  27.  
  28. if($this->checkForID('cats', $catID)){
  29. $select = mysql_query("SELECT shownFields FROM cats WHERE id = {$catID}");
  30. while($get = mysql_fetch_array($select)){
  31. $fields = explode(',', $get['shownFields']);
  32. }
  33.  
  34. if($_GET['page'] && is_numeric($_GET['page']) && !$searching){
  35. $page = $this->makeSafe($_GET['page']);
  36. } else {
  37. $page = 1;
  38. }
  39.  
  40. if($searching){
  41. echo '<h2>Search: '.$searchTerm.'</h2>Category: <a href="database.php?cat='.$catID.'">'.$this->getName('cats', $catID).'</a><br />';
  42. } else {
  43. echo '<h2>Category: '.$this->getName('cats', $catID).'</h2>';
  44. $select = mysql_query("SELECT parent FROM cats WHERE id = '$catID'");
  45. while($get = mysql_fetch_array($select)){
  46. if($get['parent']){
  47. echo 'From <a href="database.php?cat='.$get['parent'].'">'.$this->getName('cats', $get['parent']).'</a><br />';
  48. }
  49. }
  50. }
  51.  
  52. echo '<br /><form method="get"><label for="db_sortby">Sort by</label> <select id="db_sortby" name="sortby">';
  53. foreach($fields as $label){
  54. if($label != 'img'){
  55. echo '<option value="'.$this->getFieldID($label).'">'.ucfirst($label).'</option>';
  56. }
  57. }
  58. echo '</select> <select id="db_sort" name="sort"><option value="1">Ascending</option><option value="0">Descending</option></select><input type="hidden" name="cat" value="'.$catID.'" />';
  59. if($searching){
  60. echo '<input type="hidden" name="search" value="'.$searchTerm.'" />';
  61. } else {
  62. if(!$_GET['page']){
  63. echo '<input type="hidden" name="page" value="'.$page.'" />';
  64. }
  65. }
  66. echo ' <input type="submit" value="Sort" /></form>';
  67.  
  68. if($_GET['page'] && !$searching){
  69. $limit = ($page - 1) * $this->itemsPerPage;
  70. } else {
  71. $limit = 0;
  72. }
  73.  
  74. if($_GET['sortby'] && is_numeric($_GET['sortby'])){
  75. $sortBy = $this->makeSafe($_GET['sortby']);
  76. if($this->checkForID('fields', $sortBy)){
  77. if($_GET['sort'] && is_numeric($_GET['sort'])){
  78. $sort = $this->makeSafe($_GET['sort']);
  79. if($sort == 1){
  80. $sortQ = 'ASC';
  81. } else {
  82. $sortQ = 'DESC';
  83. }
  84. } else {
  85. $sortQ = 'DESC';
  86. $sort = 0;
  87. }
  88. $this->sortQuery = 'ORDER BY '.$this->getName('fields', $sortBy).' '.$sortQ;
  89. }
  90. }
  91.  
  92. echo '<table cellspacing="1"><tr id="db_tableKey">';
  93. foreach($fields as $label){
  94. if($label == 'img'){
  95. echo '<td class="bg_imgKey">'.ucfirst($label).'</td>';
  96. } else {
  97. echo '<td>'.ucfirst($label).'</td>';
  98. }
  99. }
  100. echo '</tr>';
  101.  
  102. $children = '';
  103. $selectChildren = mysql_query("SELECT id FROM cats WHERE parent = {$catID}");
  104. while($get = mysql_fetch_array($selectChildren)){
  105. $children = $children.'OR cat = '.$get['id'].' ';
  106. }
  107.  
  108. if($searching){
  109. $select = mysql_query("SELECT * FROM items WHERE (cat = {$catID} ".$children.") AND name LIKE '%$searchTerm%' ".$this->sortQuery." LIMIT 0, ".$this->itemsPerPage);
  110. } else {
  111. $select = mysql_query("SELECT * FROM items WHERE (cat = {$catID} ".$children.") ".$this->sortQuery." LIMIT ".$limit.", ".$this->itemsPerPage);
  112. }
  113. while($get = mysql_fetch_array($select)){
  114. echo '<tr>';
  115. foreach($fields as $label){
  116. if($label == 'name'){
  117. echo '<td><a href="database.php?id='.$get['id'].'">'.$get[$label].'</a></td>';
  118. } else {
  119. if($label == 'img'){
  120. echo '<td><img class="db_img" src="'.$get[$label].'" alt="" /></td>';
  121. } else {
  122. echo '<td>'.$get[$label].'</td>';
  123. }
  124. }
  125. }
  126. echo '</tr>';
  127. }
  128.  
  129. echo '</table>';
  130. if($this->catCount($catID) > $this->itemsPerPage && !$searching){
  131. echo '<div id="db_pagination">Page: ';
  132. $pageI = 1;
  133. for($i = $this->catCount($catID); $i > 0; $i = $i - $this->itemsPerPage){
  134. if($page == $pageI){
  135. echo '<span class="INACTIVE">'.$pageI.'</span>';
  136. } else {
  137. if($this->checkForID('fields', $sortBy)){
  138. echo '<a class="ACTIVE" href="database.php?cat='.$catID.'&page='.$pageI.'&sortby='.$sortBy.'&sort='.$sort.'">'.$pageI.'</a>';
  139. } else {
  140. echo '<a class="ACTIVE" href="database.php?cat='.$catID.'&page='.$pageI.'">'.$pageI.'</a>';
  141. }
  142. }
  143. $pageI++;
  144. }
  145. echo '</div>';
  146. }
  147. } else {
  148. $itemID = $this->makeSafe($_GET['id']);
  149.  
  150. if($this->checkForID('items', $itemID)){
  151. $select = mysql_query("SELECT * FROM items WHERE id = {$itemID}");
  152. while($get = mysql_fetch_array($select)){
  153. echo '<h2>'.$get['name'].'</h2>Category: <a href="database.php?cat='.$get['cat'].'">'.$this->getName('cats', $get['cat']).'</a><br /><br />';
  154.  
  155. $selectFields = mysql_query("SELECT shownFields FROM cats WHERE id = {$get['cat']}");
  156. while($getFields = mysql_fetch_array($selectFields)){
  157. $fields = explode(',', $getFields['shownFields']);
  158. }
  159.  
  160. if($get['img'] != ''){
  161. echo '<img class="db_imgFull" src="'.$get['img'].'" alt="" /><br /><br />';
  162. }
  163.  
  164. foreach($fields as $label){
  165. if($label != 'name' && $label != 'img'){
  166. echo '<strong>'.ucfirst($label).':</strong> '.$get[$label].'<br />';
  167. }
  168. }
  169. }
  170. } else {
  171. if($_GET['admin'] && $_GET['task'] && $this->hasAdminRights()){
  172. $this->showAdminTask($_GET['task']);
  173. } else {
  174. //TODO:create index
  175. echo 'index.<br /><br />';
  176. }
  177. }
  178. }
  179.  
  180. echo '<div id="db_credit">Created by AdamG</div>';
  181. }
  182.  
  183. private function hasAdminRights(){
  184. global $user;
  185. mysql_select_db('sagerune_site');
  186. $selectLvls = mysql_query("SELECT level_id FROM se_levels WHERE level_name = 'Admin' OR level_name = 'Database Moderator'");
  187. while($getLvls = mysql_fetch_array($selectLvls)){
  188. if($user->user_info['user_level_id'] == $getLvls['level_id']){
  189. mysql_select_db($this->dbName);
  190. return true;
  191. }
  192. }
  193. mysql_select_db($this->dbName);
  194. return false;
  195. }
  196.  
  197. private function showAdminTask($task){
  198. $task = $this->makeSafe($task);
  199.  
  200. if($this->hasAdminRights()){
  201. switch($task){
  202. case 'items':
  203. echo 'Adding an Item';
  204. break;
  205. case 'fields':
  206. if($_POST['fieldLabel'] != '' && $_POST['fieldType'] != ''){
  207. $fieldLabel = $this->makeSafe($_POST['fieldLabel']);
  208. $fieldType = $this->makeSafe($_POST['fieldType']);
  209.  
  210. $addMYSQL_TABLE_FIELD = mysql_query("ALTER TABLE items ADD ".$fieldLabel." VARCHAR(100) NOT NULL");
  211. $addField = mysql_query("INSERT INTO fields (label, type) VALUES ('$fieldLabel', '$fieldType')");
  212. if(!$addField || !$addMYSQL_TABLE_FIELD){
  213. echo '<div class="error">Error. Field could not be added.</div>';
  214. } else {
  215. echo '<div class="success">Field added successfully.</div>';
  216. }
  217. }
  218. if($_GET['delete']){
  219. $fieldID = $this->makeSafe($_GET['delete']);
  220. $fieldLabel = $this->getName('fields', $fieldID);
  221.  
  222. $deleteMYSQL_TABLE_FIELD = mysql_query("ALTER TABLE items DROP ".$fieldLabel);
  223. $deleteField = mysql_query("DELETE FROM fields WHERE id = '$fieldID'");
  224. if(!$deleteField || !$deleteMYSQL_TABLE_FIELD){echo '<div class="error">Error. Field could not be deleted.</div>';}
  225. else {echo '<div class="success">Field deleted successfully.</div>';}
  226. }
  227.  
  228. echo '<h2>Add a Field</h2><br />
  229. <form id="db_addField" action="database.php?admin=true&task=fields" method="post">
  230. Label: <input type="text" id="db_addField_fieldLabel" name="fieldLabel" /><br /><br />
  231. Type: <select name="fieldType"><option value="text">Text</option><option value="img">Image</option></select><br /><br />
  232. <input type="submit" value="Add Field" /><hr /><h2>Delete Fields</h2><br />Click to delete a field...<br />';
  233. $select = mysql_query("SELECT * FROM fields");
  234. while($get = mysql_fetch_array($select)){
  235. echo '<a style="color:red;" href="database.php?admin=true&task=fields&delete='.$get['id'].'">'.$get['label'].'</a>, ';
  236. }
  237. break;
  238. case 'cats':
  239. if(!$_GET['edit']){
  240. if($_POST['catName'] != '' && $_POST['catFields'] != ''){
  241. $catName = $this->makeSafe($_POST['catName']);
  242. $catFields = $this->makeSafe($_POST['catFields']);
  243. $catParent = $this->makeSafe($_POST['catParent']);
  244.  
  245. $addCat = mysql_query("INSERT INTO cats (name, shownFields, parent) VALUES ('$catName', '$catFields', '$catParent')");
  246. if(!$addCat){echo '<div class="error">Error. Category could not be added.</div>';}
  247. else {echo '<div class="success">Category added successfully.</div>';}
  248. }
  249. if($_GET['delete']){
  250. $catID = $this->makeSafe($_GET['delete']);
  251.  
  252. $deleteCat = mysql_query("DELETE FROM cats WHERE id = '$catID'");
  253. if(!$deleteCat){echo '<div class="error">Error. Category could not be deleted.</div>';}
  254. else {echo '<div class="success">Category deleted successfully.</div>';}
  255. }
  256.  
  257. echo '<h2>New Category</h2><br />
  258. <form id="db_addCat" action="database.php?admin=true&task=cats" method="post">
  259. Name: <input type="text" id="db_addCat_catName" name="catName" /><br /><br />
  260. Fields: <input type="text" id="db_addCat_catFields" name="catFields" /><br /><br />
  261. Parent: <select name="catParent"><option value="0" selected="selected">--</option>';
  262. $select = mysql_query("SELECT * FROM cats WHERE parent = 0");
  263. while($get = mysql_fetch_array($select)){
  264. echo '<option value="'.$get['id'].'">'.$get['name'].'</option>';
  265. }
  266. echo '</select><br /><br />
  267. Click to add a field:<br />';
  268.  
  269. $select = mysql_query("SELECT label FROM fields");
  270. $i = 1;
  271. while($get = mysql_fetch_array($select)){
  272. echo '<a href="javascript:void(0);" onclick="db_addField(\''.$get['label'].'\');">'.$get['label'].'</a>';
  273. if($i != mysql_num_rows($select)){
  274. echo ', ';
  275. } else {
  276. echo '.';
  277. }
  278. $i++;
  279. }
  280. echo '<br /><br /><input type="submit" value="Add Category" /><hr />';
  281. } else {
  282. $editCatID = $this->makeSafe($_GET['edit']);
  283.  
  284. if($_POST['catName'] != '' && $_POST['catFields'] != ''){
  285. $catName = $this->makeSafe($_POST['catName']);
  286. $catFields = $this->makeSafe($_POST['catFields']);
  287. $catParent = $this->makeSafe($_POST['catParent']);
  288.  
  289. $editCat = mysql_query("UPDATE cats SET name = '$catName', shownFields = '$catFields', parent = '$catParent' WHERE id = '$editCatID'");
  290. if(!$editCat){echo '<div class="error">Error. Category could not be edited.</div>';}
  291. else {echo '<div class="success">Category edited successfully.</div>';}
  292. }
  293.  
  294. $select = mysql_query("SELECT * FROM cats WHERE id = {$editCatID}");
  295. while($get = mysql_fetch_array($select)){
  296. echo '<a href="database.php?admin=true&task=cats"><- Add new Category</a><br /><br /><h2>Edit Category: '.$get['name'].'<small> (<a style="color:red;" href="database.php?admin=true&task=cats&delete='.$get['id'].'">Delete</a>)</small></h2><br />
  297. <form id="db_editCat" action="database.php?admin=true&task=cats&edit='.$editCatID.'" method="post">
  298. Name: <input type="text" id="db_addCat_catName" name="catName" value="'.$get['name'].'" /><br /><br />
  299. Fields: <input type="text" id="db_addCat_catFields" name="catFields" value="'.$get['shownFields'].'" /><br /><br />
  300. Parent: <select name="catParent"><option value="0">--</option>';
  301. $selectCats = mysql_query("SELECT * FROM cats WHERE parent = 0");
  302. while($getCat = mysql_fetch_array($selectCats)){
  303. if($getCat['id'] == $get['parent']){
  304. echo '<option value="'.$getCat['id'].'" selected="selected">'.$getCat['name'].'</option>';
  305. } else {
  306. echo '<option value="'.$getCat['id'].'">'.$getCat['name'].'</option>';
  307. }
  308. }
  309. echo '</select><br /><br />
  310. Click to add a field:<br />';
  311. }
  312.  
  313. $select = mysql_query("SELECT label FROM fields");
  314. $i = 1;
  315. while($get = mysql_fetch_array($select)){
  316. echo '<a href="javascript:void(0);" onclick="db_addField(\''.$get['label'].'\');">'.$get['label'].'</a>';
  317. if($i != mysql_num_rows($select)){
  318. echo ', ';
  319. } else {
  320. echo '.';
  321. }
  322. $i++;
  323. }
  324. echo '<br /><br /><input type="submit" value="Edit Category" /><hr />';
  325. }
  326.  
  327. echo '<h2>Edit/Delete Categories</h2><br />Click to edit a category...<br />';
  328. $select = mysql_query("SELECT * FROM cats WHERE parent = 0");
  329. while($get = mysql_fetch_array($select)){
  330. echo '<strong><a href="database.php?admin=true&task=cats&edit='.$get['id'].'">'.$get['name'].'</a></strong><br />';
  331. $selectChildren = mysql_query("SELECT id, name FROM cats WHERE parent = {$get['id']}");
  332. while($getChild = mysql_fetch_array($selectChildren)){
  333. echo ' &raquo; <a href="database.php?admin=true&task=cats&edit='.$getChild['id'].'">'.$getChild['name'].'</a><br />';
  334. }
  335. }
  336. break;
  337. default:
  338. echo 'Invalid Task.';
  339. }
  340. }
  341. }
  342.  
  343. public function showFullSearch(){
  344. $this->connect();
  345. echo '<form id="db_fullSearch" style="text-align: center;">';
  346.  
  347. $select = mysql_query("SELECT id, name FROM cats WHERE parent = 0");
  348. echo 'Category: <select name="cat">';
  349. while($get = mysql_fetch_array($select)){
  350. echo '<option value="'.$get['id'].'">'.ucfirst($get['name']).'</option>';
  351. $selectChildren = mysql_query("SELECT id, name FROM cats WHERE parent = {$get['id']}");
  352. while($getChild = mysql_fetch_array($selectChildren)){
  353. echo '<option value="'.$getChild['id'].'">&raquo; '.ucfirst($getChild['name']).'</option>';
  354. }
  355. }
  356.  
  357. $searchTerm = $this->makeSafe($_GET['search']);
  358. if(strlen($searchTerm) >= $this->minSearchLen){
  359. $value = ' value="'.$searchTerm.'"';
  360. }
  361.  
  362. echo '</select><br /><br /><input type="text" id="db_searchInput" name="search" style="margin-bottom: 5px;"'.$value.' /><br /><input type="submit" value="Search" /></form><br />';
  363.  
  364. if($this->hasAdminRights()){
  365. echo '<div class="header">Database Management</div><ul><li><a href="database.php?admin=true&task=items">Add an Item</a></li><li><a href="database.php?admin=true&task=fields">Manage Fields</a></li><li><a href="database.php?admin=true&task=cats">Manage Categories</a></li></ul>';
  366. }
  367. }
  368.  
  369. public function showFullCatList(){
  370. $this->connect();
  371. echo '<ul class="db_fullCatList">';
  372.  
  373. $select = mysql_query("SELECT id, name FROM cats WHERE parent = 0");
  374. while($get = mysql_fetch_array($select)){
  375. echo '<li><a href="database.php?cat='.$get['id'].'">'.ucfirst($get['name']).'</a></li>';
  376. $selectChildren = mysql_query("SELECT id, name FROM cats WHERE parent = {$get['id']}");
  377. while($getChild = mysql_fetch_array($selectChildren)){
  378. echo '<li>&raquo; <a href="database.php?cat='.$getChild['id'].'">'.ucfirst($getChild['name']).'</a></li>';
  379. }
  380. }
  381.  
  382. echo '</ul>';
  383. }
  384.  
  385. private function checkForID($table, $id){
  386. $id = $this->makeSafe($id);
  387. if($id){
  388. $select = mysql_query("SELECT id FROM ".$table." WHERE id = {$id}");
  389. while($get = mysql_fetch_array($select)){
  390. return true;
  391. }
  392. }
  393. return false;
  394. }
  395.  
  396. private function getName($table, $id){
  397. $id = $this->makeSafe($id);
  398. $select = mysql_query("SELECT * FROM ".$table." WHERE id = {$id}");
  399. while($get = mysql_fetch_array($select)){
  400. if($table == 'fields'){
  401. return $get['label'];
  402. } else {
  403. return $get['name'];
  404. }
  405. }
  406. }
  407.  
  408. private function getFieldID($label){
  409. $label = $this->makeSafe($label);
  410. $select = mysql_query("SELECT id FROM fields WHERE label = '$label'");
  411. while($get = mysql_fetch_array($select)){
  412. return $get['id'];
  413. }
  414. }
  415.  
  416. private function catCount($id){
  417. $id = $this->makeSafe($id);
  418. $select = mysql_query("SELECT id FROM items WHERE cat = {$id} ".$this->sortQuery);
  419. return mysql_num_rows($select);
  420. }
  421.  
  422. private function connect(){
  423. mysql_connect($this->dbHost, $this->dbUser, $this->dbPass);
  424. mysql_select_db($this->dbName);
  425. }
  426.  
  427. private function makeSafe($str){
  428. return mysql_real_escape_string(htmlentities($str));
  429. }
  430. }
  431.  
  432. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!