API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 3rd, 2017
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 19.16 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. # Development by Lee Percox
  3. ?>
  4. <h3>&nbsp;&nbsp;Admin User</h3>
  5. <div class="text">
  6.  
  7. <?
  8.  
  9. if (isset($_POST['update']))
  10. {
  11.     if($_POST['character'] == '' || $_POST['rank'] == '' || $_POST['banned'] == '' || $_POST['recruitment'] == '' || $_POST['teu'] == '' || $_POST['swat'] == '' || $_POST['acu'] == '' || $_POST['td'] == '' || $_POST['asu'] == '' || $_POST['dfl'] == '' || $_POST['plo'] == '' || $_POST['fieldtraining'] == '' || $_POST['eacademystudent'] == '' || $_POST['bservice'] == '' || $_POST['vservice'] == '' || $_POST['aservice'] == '' || $_POST['train'] == '' || $_POST['recru'] == '' || $_POST['prison'] == '' || $_POST['anti'] == '' || $_POST['department'] == '' || $_POST['special'] == '' || $_POST['marine'] == '' || $_POST['crash'] == '' || $_POST['svu'] == '' || $_POST['hsiu'] == '' || $_POST['fao'] == '' || $_POST['aov'] == '' || $_POST['cfa'] == '' || $_POST['aom'] == '' || $_POST['ds'] == '' || $_POST['da'] == '' || $_POST['eda'] == '' || $_POST['cpa'] == '' || $_POST['ci'] == '' || $_POST['hci'] == '' || $_POST['fto'] == '' || $_POST['auth'] == '')
  12.     {
  13.         echo '<br /> <br /><center><div class="bodycontent"><img src="images/validation.png"> Ensure all fields have a value in. <br /></div> </center></div>';
  14.         return false;
  15.     }
  16.    
  17.     if($_POST['rank'] >= '9' && $_SESSION['rank'] <= 8)
  18.     {
  19.         echo '<br /> <br /><center><div class="bodycontent"><img src="images/validation.png"> You cannot set someones rank higher than 9 via this method.<br /> </div> </center></div>';
  20.         return false;
  21.     }
  22.    
  23.    
  24.     if($_POST['character'] != $row->character)
  25.     {
  26.         mysql_query('UPDATE `accounts` SET `character`= "'.mysql_real_escape_string($_POST['character']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  27.     }
  28.     if($_POST['rank'] != $row->rank)
  29.     {
  30.         mysql_query('UPDATE `accounts` SET `rank`= "'.mysql_real_escape_string($_POST['rank']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');  
  31.     }
  32.     if($_POST['banned'] != $row->banned)
  33.     {
  34.         mysql_query('UPDATE `accounts` SET `banned`= "'.mysql_real_escape_string($_POST['banned']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  35.     }
  36.     if($_POST['recruitment'] != $row->recruitment)
  37.     {
  38.        mysql_query('UPDATE `accounts` SET `recruitment`= "'.mysql_real_escape_string($_POST['recruitment']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  39.     }
  40.     if($_POST['swat'] != $row->swat)
  41.     {
  42.         mysql_query('UPDATE `accounts` SET `swat`= "'.mysql_real_escape_string($_POST['swat']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  43.     }
  44.     if($_POST['acu'] != $row->acu)
  45.     {
  46.        mysql_query('UPDATE `accounts` SET `acu`= "'.mysql_real_escape_string($_POST['acu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  47.     }
  48.     if($_POST['td'] != $row->td)
  49.     {
  50.         mysql_query('UPDATE `accounts` SET `td`= "'.mysql_real_escape_string($_POST['td']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  51.     }
  52.     if($_POST['asu'] != $row->asu)
  53.     {
  54.        mysql_query('UPDATE `accounts` SET `asu`= "'.mysql_real_escape_string($_POST['asu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  55.     }
  56.     if($_POST['dfl'] != $row->dfl)
  57.     {
  58.         mysql_query('UPDATE `accounts` SET `dfl`= "'.mysql_real_escape_string($_POST['dfl']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  59.     }
  60.     if($_POST['plo'] != $row->plo)
  61.     {
  62.         mysql_query('UPDATE `accounts` SET `plo`= "'.mysql_real_escape_string($_POST['plo']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  63.     }
  64.     if($_POST['fieldtraining'] != $row->fieldtraining)
  65.     {
  66.        mysql_query('UPDATE `accounts` SET `fieldtraining`= "'.mysql_real_escape_string($_POST['fieldtraining']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  67.     }
  68.     if($_POST['eacademystudent'] != $row->eacademystudent)
  69.     {
  70.        mysql_query('UPDATE `accounts` SET `eacademystudent`= "'.mysql_real_escape_string($_POST['eacademystudent']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  71.     }
  72.     if($_POST['bservice'] != $row->bservice)
  73.     {
  74.         mysql_query('UPDATE `accounts` SET `bservice`= "'.mysql_real_escape_string($_POST['bservice']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  75.     }
  76.     if($_POST['vservice'] != $row->vservice)
  77.     {
  78.         mysql_query('UPDATE `accounts` SET `vservice`= "'.mysql_real_escape_string($_POST['vservice']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  79.     }
  80.     if($_POST['aservice'] != $row->aservice)
  81.     {
  82.         mysql_query('UPDATE `accounts` SET `aservice`= "'.mysql_real_escape_string($_POST['aservice']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  83.     }
  84.     if($_POST['train'] != $row->train)
  85.     {
  86.         mysql_query('UPDATE `accounts` SET `train`= "'.mysql_real_escape_string($_POST['train']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  87.     }
  88.     if($_POST['recru'] != $row->recru)
  89.     {
  90.         mysql_query('UPDATE `accounts` SET `recru`= "'.mysql_real_escape_string($_POST['recru']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  91.     }
  92.     if($_POST['prison'] != $row->prison)
  93.     {
  94.        mysql_query('UPDATE `accounts` SET `prison`= "'.mysql_real_escape_string($_POST['prison']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  95.     }
  96.     if($_POST['anti'] != $row->anti)
  97.     {
  98.         mysql_query('UPDATE `accounts` SET `anti`= "'.mysql_real_escape_string($_POST['anti']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  99.     }
  100.     if($_POST['department'] != $row->department)
  101.     {
  102.         mysql_query('UPDATE `accounts` SET `department`= "'.mysql_real_escape_string($_POST['department']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  103.     }
  104.     if($_POST['special'] != $row->special)
  105.     {
  106.        mysql_query('UPDATE `accounts` SET `special`= "'.mysql_real_escape_string($_POST['special']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  107.     }
  108.     if($_POST['marine'] != $row->marine)
  109.     {
  110.         mysql_query('UPDATE `accounts` SET `marine`= "'.mysql_real_escape_string($_POST['marine']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  111.     }
  112.     if($_POST['crash'] != $row->crash)
  113.     {
  114.         mysql_query('UPDATE `accounts` SET `crash`= "'.mysql_real_escape_string($_POST['crash']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  115.     }
  116.     if($_POST['svu'] != $row->svu)
  117.     {
  118.         mysql_query('UPDATE `accounts` SET `svu`= "'.mysql_real_escape_string($_POST['svu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  119.     }
  120.     if($_POST['hsiu'] != $row->hsiu)
  121.     {
  122.         mysql_query('UPDATE `accounts` SET `hsiu`= "'.mysql_real_escape_string($_POST['hsiu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  123.     }
  124.     if($_POST['fao'] != $row->fao)
  125.     {
  126.         mysql_query('UPDATE `accounts` SET `fao`= "'.mysql_real_escape_string($_POST['fao']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  127.     }
  128.     if($_POST['aov'] != $row->aov)
  129.     {
  130.         mysql_query('UPDATE `accounts` SET `aov`= "'.mysql_real_escape_string($_POST['aov']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  131.     }
  132.     if($_POST['cfa'] != $row->cfa)
  133.     {
  134.         mysql_query('UPDATE `accounts` SET `cfa`= "'.mysql_real_escape_string($_POST['cfa']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  135.     }
  136.     if($_POST['aom'] != $row->aom)
  137.     {
  138.         mysql_query('UPDATE `accounts` SET `aom`= "'.mysql_real_escape_string($_POST['aom']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  139.     }
  140.     if($_POST['ds'] != $row->ds)
  141.     {
  142.         mysql_query('UPDATE `accounts` SET `ds`= "'.mysql_real_escape_string($_POST['ds']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  143.     }
  144.     if($_POST['da'] != $row->da)
  145.     {
  146.        mysql_query('UPDATE `accounts` SET `da`= "'.mysql_real_escape_string($_POST['da']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  147.     }
  148.     if($_POST['eda'] != $row->eda)
  149.     {
  150.         mysql_query('UPDATE `accounts` SET `eda`= "'.mysql_real_escape_string($_POST['eda']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  151.     }
  152.     if($_POST['cpa'] != $row->cpa)
  153.     {
  154.        mysql_query('UPDATE `accounts` SET `cpa`= "'.mysql_real_escape_string($_POST['cpa']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  155.     }
  156.     if($_POST['ci'] != $row->ci)
  157.     {
  158.        mysql_query('UPDATE `accounts` SET `ci`= "'.mysql_real_escape_string($_POST['ci']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  159.     }
  160.     if($_POST['hci'] != $row->hci)
  161.     {
  162.        mysql_query('UPDATE `accounts` SET `hci`= "'.mysql_real_escape_string($_POST['hci']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  163.     }
  164.     if($_POST['fto'] != $row->fto)
  165.     {
  166.         mysql_query('UPDATE `accounts` SET `fto`= "'.mysql_real_escape_string($_POST['fto']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  167.     }
  168.     if($_POST['auth'] != $row->auth)
  169.     {
  170.         mysql_query('UPDATE `accounts` SET `auth`= "'.mysql_real_escape_string($_POST['auth']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
  171.     }
  172.    
  173.    
  174.     mysql_query('INSERT INTO logs (user, time, log, ip) VALUES ("'.mysql_real_escape_string($_SESSION['Name']).'",UNIX_TIMESTAMP(),"Updated Account of: '.$_GET['name'].'","'.getenv("REMOTE_ADDR").'")');                                              
  175.     echo ' <br /> <br /><center><div class="bodycontent"> <br /> Congratulations!! <br /> <br /> You have updated '.$nack.' account. <br /> <br /></div> </center>';                                                                                                                                                                                        
  176. }
  177.  
  178.     if($_SESSION['loggedin'] == true && $_SESSION['rank'] >= 7)
  179.     {  
  180.         if($_SESSION['auth'] == 0)
  181.         {
  182.             echo '<br /> <br /><center><div class="bodycontent"><img src="images/error.png" /> Error: Unfortunately your account is not activated via your emails yet. After activating your account, please remember to relog to refresh your active session. </div></center></div>';
  183.             return false;
  184.         }
  185.         $nack = addslashes($_GET['name']);  
  186.         $query = mysql_query('SELECT * FROM `accounts` WHERE fusername = "'.mysql_real_escape_string($nack).'" LIMIT 1');
  187.             if(mysql_num_rows($query) == 0)
  188.             {
  189.             echo "<b>The Username $nack is not registered yet. </b></div>";
  190.         }
  191.         else
  192.             {
  193.            
  194.             $row = mysql_fetch_object($query); 
  195.            
  196.             echo '<br /> <br /><center><h2><a href="index.php?select=userinfo&name='.mysql_real_escape_string($nack).'">'.$row->character.'</a> </h2> <br />
  197.             <form method=post>  </center>';
  198.  
  199.                 echo '<center><div class="bodytitle">Personal Information:</div>
  200.                 <div class="bodycontent">
  201.                 <table border="0" cellspacing="0" cellpadding="2" width="90%">
  202.                <tr><td><b>Email Address:</b></td> <td><input class="textinput" type=text name="email" value="'.$row->email.'"></td></tr>
  203.                 </table></div></center><br /><br />';
  204.                
  205.             echo '<center><div class="bodytitle">Public Information:</div>
  206.              <div class="bodycontent"> You cannot set a rank above 9 :: Also don\'t change username unless you have a great reason!. <br /> <br />
  207.              <table border="0" cellspacing="0" cellpadding="2" width="90%">
  208.              <tr><td><b>Username:</b></td> <td> '.$nack.'</td></tr>
  209.            <tr><td><b>Character Name:</b></td> <td><input class="textinput" type=text name="character" value="'.$row->character.'"></td></tr>
  210.            <tr><td><b>Rank:</b></td> <td><input class="textinput" type=text name="rank" value="'.$row->rank.'"></td></tr>
  211.            <tr><td><b>Ban Status:</b></td> <td><input class="textinput" type=text name="banned" value="'.$row->banned.'"></td></tr>
  212.              </table>
  213.              </div></center><br /><br /></p>';
  214.              
  215.               echo '<center><div class="bodytitle">Department Information:</div>
  216.              <div class="bodycontent"> Please only use numbers. 1 = Member :: 0 = Not a member. <br /> <br />
  217.              <table border="0" cellspacing="0" cellpadding="2" width="90%">
  218.              <tr><td><b>Recruitment Department:</b></td> <td><input class="textinput" type=text name="recruitment" value="'.$row->recruitment.'"></td></tr>
  219.            <tr><td><b>Traffic Enforcement Unit:</b></td> <td><input class="textinput" type=text name="teu" value="'.$row->teu.'"></td></tr>
  220.            <tr><td><b>Special Weapons and Tactics:</b></td> <td><input class="textinput" type=text name="swat" value="'.$row->swat.'"> </td></tr>
  221.              <tr><td><b>Anti Crime Unit:</b></td> <td><input class="textinput" type=text name="acu" value="'.$row->acu.'"></td></tr>
  222.            <tr><td><b>Training Department:</b></td> <td><input class="textinput" type=text name="td" value="'.$row->td.'"></td></tr>
  223.            <tr><td><b>Air Support Unit:</b></td> <td><input class="textinput" type=text name="asu" value="'.$row->asu.'"></td></tr>
  224.            <tr><td><b>Department of Licensing:</b></td> <td><input class="textinput" type=text name="dfl" value="'.$row->dfl.'"></td></tr>
  225.            <tr><td><b>Prison Liason Office:</b></td> <td><input class="textinput" type=text name="plo" value="'.$row->plo.'"></td></tr>
  226.            
  227.              </table>
  228.              </div></center><br /><br /></p>';
  229.              
  230.               echo '<center><div class="bodytitle">Awards:</div>
  231.              <div class="bodycontent"> Please only use numbers. 1 = Achieved :: 0 = Not Achieved.
  232.              <table border="0" cellspacing="0" cellpadding="2" width="90%">
  233.              <tr><td><b>Completion of Field Training:</b></td> <td><input class="textinput" type=text name="fieldtraining" value="'.$row->fieldtraining.'"></td></tr>
  234.            <tr><td><b>Exemplary Academy Student:</b></td> <td><input class="textinput" type=text name="eacademystudent" value="'.$row->eacademystudent.'"></td></tr>
  235.              <tr><td><b>Basic Service Award:</b></td> <td><input class="textinput" type=text name="bservice" value="'.$row->bservice.'"></td></tr>
  236.            <tr><td><b>Veteran Service Award:</b></td> <td><input class="textinput" type=text name="vservice" value="'.$row->vservice.'"></td></tr>
  237.            <tr><td><b>Advanced Service Award:</b></td> <td><input class="textinput" type=text name="aservice" value="'.$row->aservice.'"></td></tr>
  238.            <tr><td><br /> <br /> </td> <br /> <br /><td> </td></tr>
  239.            <tr><td><b>Training Department:</b></td> <td><input class="textinput" type=text name="train" value="'.$row->train.'"></td></tr>
  240.            <tr><td><b>Recruitment Department:</b></td> <td><input class="textinput" type=text name="recru" value="'.$row->recru.'"></td></tr>
  241.              <tr><td><b>Prison Liaison Office:</b></td> <td><input class="textinput" type=text name="prison" value="'.$row->prison.'"></td></tr>
  242.            <tr><td><b>Anti Crime Unit:</b></td> <td><input class="textinput" type=text name="anti" value="'.$row->anti.'"> </td></tr>
  243.            <tr><td><b>Department Of Firearms Licensing:</b></td> <td><input class="textinput" type=text name="department" value="'.$row->department.'"></td></tr>
  244.            <tr><td><b>Special Weapons and Tactics:</b></td> <td><input class="textinput" type=text name="special" value="'.$row->special.'"></td></tr>
  245.            <tr><td><b>Marine Support Unit:</b></td> <td><input class="textinput" type=text name="marine" value="'.$row->marine.'"></td></tr>
  246.            <tr><td><b>CRASH Unit:</b></td> <td><input class="textinput" type=text name="crash" value="'.$row->crash.'"></td></tr>
  247.            <tr><td><b>Field Training Officer:</b></td> <td><input class="textinput" type=text name="fto" value="'.$row->fto.'"></td></tr>
  248.            <tr><td> </td><br /> <br /> <td><br /> <br /> </td></tr>
  249.            <tr><td><b>Special Vehicles Unit:</b></td> <td><input class="textinput" type=text name="svu" value="'.$row->svu.'"></td></tr>
  250.            <tr><td><b>High Speed Interception Unit:</b></td> <td><input class="textinput" type=text name="hsiu" value="'.$row->hsiu.'"></td></tr>
  251.            <tr><td> <br /> <br /></td> <td><br /> <br /> </td></tr>  
  252.            <tr><td><b>First Aid Officer:</b></td> <td><input class="textinput" type=text name="fao" value="'.$row->fao.'"> </td></tr>
  253.            <tr><td><b>Award of Valor:</b></td> <td><input class="textinput" type=text name="aov" value="'.$row->aov.'"></td></tr>
  254.            <tr><td><b>Crime Fighter Award:</b></td> <td><input class="textinput" type=text name="cfa" value="'.$row->cfa.'"></td></tr>
  255.            <tr><td><b>Award of Merit:</b></td> <td><input class="textinput" type=text name="aom" value="'.$row->aom.'"></td></tr>
  256.            <tr><td><b>Distinguished Service Award:</b></td> <td><input class="textinput" type=text name="ds" value="'.$row->ds.'"></td></tr>
  257.            <tr><td><b>Driving Award:</b></td> <td><input class="textinput" type=text name="da" value="'.$row->da.'"></td></tr>
  258.            <tr><td><b>Expert Driver Award:</b></td> <td><input class="textinput" type=text name="eda" value="'.$row->eda.'"></td></tr>
  259.            <tr><td><b>Chief\'s Personal Award:</b></td> <td><input class="textinput" type=text name="cpa" value="'.$row->cpa.'"></td></tr>
  260.            <tr><td><br /> <br /></td> <td> <br /> <br /></td></tr>
  261.            <tr><td><b>Command Induction:</b></td> <td><input class="textinput" type=text name="ci" value="'.$row->ci.'"></td></tr>
  262.            <tr><td><b>High Command Induction:</b></td> <td><input class="textinput" type=text name="hci" value="'.$row->hci.'"></td></tr>
  263.            
  264.              </table>
  265.              </div></center><br /><br /></p>';
  266.             }
  267.             if($_SESSION['loggedin'] == true && $_SESSION['AdminLevel'] >= 1)
  268.               {
  269.                   echo '<center><div class="bodytitle">Admin Information:</div>
  270.                  <div class="bodycontent"> <br />                                                
  271.                  <table border="0" cellspacing="0" cellpadding="2" width="90%">
  272.                  <tr><td><b>Authorized:</b></td> <td><input class="textinput" type=text name="auth" value="'.$row->auth.'"></td></tr>
  273.                  <tr><td><b>Hash Pass:</b></td> <td>'.$row->pass.'</td></tr>
  274.                  </table>
  275.                  </div> <br /> <br /> <input class="button" type=submit value="Update User" name="update"> <br /></center><br /><br /></p>';
  276.               }
  277.       }
  278.       else
  279.       {
  280.         echo '<b><font color="#F01F0F"><img src="images/error.png">You do not have the correct permission to view this page..</font></b><br /> <br /></div>';      
  281.         return false;
  282.       }
  283. ?>
  284. </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!