Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- # Development by Lee Percox
- ?>
- <h3> Admin User</h3>
- <div class="text">
- <?
- if (isset($_POST['update']))
- {
- if($_POST['character'] == '' || $_POST['rank'] == '' || $_POST['banned'] == '' || $_POST['recruitment'] == '' || $_POST['teu'] == '' || $_POST['swat'] == '' || $_POST['acu'] == '' || $_POST['td'] == '' || $_POST['asu'] == '' || $_POST['dfl'] == '' || $_POST['plo'] == '' || $_POST['fieldtraining'] == '' || $_POST['eacademystudent'] == '' || $_POST['bservice'] == '' || $_POST['vservice'] == '' || $_POST['aservice'] == '' || $_POST['train'] == '' || $_POST['recru'] == '' || $_POST['prison'] == '' || $_POST['anti'] == '' || $_POST['department'] == '' || $_POST['special'] == '' || $_POST['marine'] == '' || $_POST['crash'] == '' || $_POST['svu'] == '' || $_POST['hsiu'] == '' || $_POST['fao'] == '' || $_POST['aov'] == '' || $_POST['cfa'] == '' || $_POST['aom'] == '' || $_POST['ds'] == '' || $_POST['da'] == '' || $_POST['eda'] == '' || $_POST['cpa'] == '' || $_POST['ci'] == '' || $_POST['hci'] == '' || $_POST['fto'] == '' || $_POST['auth'] == '')
- {
- echo '<br /> <br /><center><div class="bodycontent"><img src="images/validation.png"> Ensure all fields have a value in. <br /></div> </center></div>';
- return false;
- }
- if($_POST['rank'] >= '9' && $_SESSION['rank'] <= 8)
- {
- echo '<br /> <br /><center><div class="bodycontent"><img src="images/validation.png"> You cannot set someones rank higher than 9 via this method.<br /> </div> </center></div>';
- return false;
- }
- if($_POST['character'] != $row->character)
- {
- mysql_query('UPDATE `accounts` SET `character`= "'.mysql_real_escape_string($_POST['character']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['rank'] != $row->rank)
- {
- mysql_query('UPDATE `accounts` SET `rank`= "'.mysql_real_escape_string($_POST['rank']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['banned'] != $row->banned)
- {
- mysql_query('UPDATE `accounts` SET `banned`= "'.mysql_real_escape_string($_POST['banned']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['recruitment'] != $row->recruitment)
- {
- mysql_query('UPDATE `accounts` SET `recruitment`= "'.mysql_real_escape_string($_POST['recruitment']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['swat'] != $row->swat)
- {
- mysql_query('UPDATE `accounts` SET `swat`= "'.mysql_real_escape_string($_POST['swat']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['acu'] != $row->acu)
- {
- mysql_query('UPDATE `accounts` SET `acu`= "'.mysql_real_escape_string($_POST['acu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['td'] != $row->td)
- {
- mysql_query('UPDATE `accounts` SET `td`= "'.mysql_real_escape_string($_POST['td']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['asu'] != $row->asu)
- {
- mysql_query('UPDATE `accounts` SET `asu`= "'.mysql_real_escape_string($_POST['asu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['dfl'] != $row->dfl)
- {
- mysql_query('UPDATE `accounts` SET `dfl`= "'.mysql_real_escape_string($_POST['dfl']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['plo'] != $row->plo)
- {
- mysql_query('UPDATE `accounts` SET `plo`= "'.mysql_real_escape_string($_POST['plo']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['fieldtraining'] != $row->fieldtraining)
- {
- mysql_query('UPDATE `accounts` SET `fieldtraining`= "'.mysql_real_escape_string($_POST['fieldtraining']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['eacademystudent'] != $row->eacademystudent)
- {
- mysql_query('UPDATE `accounts` SET `eacademystudent`= "'.mysql_real_escape_string($_POST['eacademystudent']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['bservice'] != $row->bservice)
- {
- mysql_query('UPDATE `accounts` SET `bservice`= "'.mysql_real_escape_string($_POST['bservice']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['vservice'] != $row->vservice)
- {
- mysql_query('UPDATE `accounts` SET `vservice`= "'.mysql_real_escape_string($_POST['vservice']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['aservice'] != $row->aservice)
- {
- mysql_query('UPDATE `accounts` SET `aservice`= "'.mysql_real_escape_string($_POST['aservice']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['train'] != $row->train)
- {
- mysql_query('UPDATE `accounts` SET `train`= "'.mysql_real_escape_string($_POST['train']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['recru'] != $row->recru)
- {
- mysql_query('UPDATE `accounts` SET `recru`= "'.mysql_real_escape_string($_POST['recru']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['prison'] != $row->prison)
- {
- mysql_query('UPDATE `accounts` SET `prison`= "'.mysql_real_escape_string($_POST['prison']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['anti'] != $row->anti)
- {
- mysql_query('UPDATE `accounts` SET `anti`= "'.mysql_real_escape_string($_POST['anti']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['department'] != $row->department)
- {
- mysql_query('UPDATE `accounts` SET `department`= "'.mysql_real_escape_string($_POST['department']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['special'] != $row->special)
- {
- mysql_query('UPDATE `accounts` SET `special`= "'.mysql_real_escape_string($_POST['special']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['marine'] != $row->marine)
- {
- mysql_query('UPDATE `accounts` SET `marine`= "'.mysql_real_escape_string($_POST['marine']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['crash'] != $row->crash)
- {
- mysql_query('UPDATE `accounts` SET `crash`= "'.mysql_real_escape_string($_POST['crash']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['svu'] != $row->svu)
- {
- mysql_query('UPDATE `accounts` SET `svu`= "'.mysql_real_escape_string($_POST['svu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['hsiu'] != $row->hsiu)
- {
- mysql_query('UPDATE `accounts` SET `hsiu`= "'.mysql_real_escape_string($_POST['hsiu']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['fao'] != $row->fao)
- {
- mysql_query('UPDATE `accounts` SET `fao`= "'.mysql_real_escape_string($_POST['fao']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['aov'] != $row->aov)
- {
- mysql_query('UPDATE `accounts` SET `aov`= "'.mysql_real_escape_string($_POST['aov']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['cfa'] != $row->cfa)
- {
- mysql_query('UPDATE `accounts` SET `cfa`= "'.mysql_real_escape_string($_POST['cfa']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['aom'] != $row->aom)
- {
- mysql_query('UPDATE `accounts` SET `aom`= "'.mysql_real_escape_string($_POST['aom']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['ds'] != $row->ds)
- {
- mysql_query('UPDATE `accounts` SET `ds`= "'.mysql_real_escape_string($_POST['ds']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['da'] != $row->da)
- {
- mysql_query('UPDATE `accounts` SET `da`= "'.mysql_real_escape_string($_POST['da']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['eda'] != $row->eda)
- {
- mysql_query('UPDATE `accounts` SET `eda`= "'.mysql_real_escape_string($_POST['eda']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['cpa'] != $row->cpa)
- {
- mysql_query('UPDATE `accounts` SET `cpa`= "'.mysql_real_escape_string($_POST['cpa']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['ci'] != $row->ci)
- {
- mysql_query('UPDATE `accounts` SET `ci`= "'.mysql_real_escape_string($_POST['ci']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['hci'] != $row->hci)
- {
- mysql_query('UPDATE `accounts` SET `hci`= "'.mysql_real_escape_string($_POST['hci']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['fto'] != $row->fto)
- {
- mysql_query('UPDATE `accounts` SET `fto`= "'.mysql_real_escape_string($_POST['fto']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- if($_POST['auth'] != $row->auth)
- {
- mysql_query('UPDATE `accounts` SET `auth`= "'.mysql_real_escape_string($_POST['auth']).'" WHERE `fusername` = "'.mysql_real_escape_string($_GET['name']).'"');
- }
- mysql_query('INSERT INTO logs (user, time, log, ip) VALUES ("'.mysql_real_escape_string($_SESSION['Name']).'",UNIX_TIMESTAMP(),"Updated Account of: '.$_GET['name'].'","'.getenv("REMOTE_ADDR").'")');
- echo ' <br /> <br /><center><div class="bodycontent"> <br /> Congratulations!! <br /> <br /> You have updated '.$nack.' account. <br /> <br /></div> </center>';
- }
- if($_SESSION['loggedin'] == true && $_SESSION['rank'] >= 7)
- {
- if($_SESSION['auth'] == 0)
- {
- echo '<br /> <br /><center><div class="bodycontent"><img src="images/error.png" /> Error: Unfortunately your account is not activated via your emails yet. After activating your account, please remember to relog to refresh your active session. </div></center></div>';
- return false;
- }
- $nack = addslashes($_GET['name']);
- $query = mysql_query('SELECT * FROM `accounts` WHERE fusername = "'.mysql_real_escape_string($nack).'" LIMIT 1');
- if(mysql_num_rows($query) == 0)
- {
- echo "<b>The Username $nack is not registered yet. </b></div>";
- }
- else
- {
- $row = mysql_fetch_object($query);
- echo '<br /> <br /><center><h2><a href="index.php?select=userinfo&name='.mysql_real_escape_string($nack).'">'.$row->character.'</a> </h2> <br />
- <form method=post> </center>';
- echo '<center><div class="bodytitle">Personal Information:</div>
- <div class="bodycontent">
- <table border="0" cellspacing="0" cellpadding="2" width="90%">
- <tr><td><b>Email Address:</b></td> <td><input class="textinput" type=text name="email" value="'.$row->email.'"></td></tr>
- </table></div></center><br /><br />';
- echo '<center><div class="bodytitle">Public Information:</div>
- <div class="bodycontent"> You cannot set a rank above 9 :: Also don\'t change username unless you have a great reason!. <br /> <br />
- <table border="0" cellspacing="0" cellpadding="2" width="90%">
- <tr><td><b>Username:</b></td> <td> '.$nack.'</td></tr>
- <tr><td><b>Character Name:</b></td> <td><input class="textinput" type=text name="character" value="'.$row->character.'"></td></tr>
- <tr><td><b>Rank:</b></td> <td><input class="textinput" type=text name="rank" value="'.$row->rank.'"></td></tr>
- <tr><td><b>Ban Status:</b></td> <td><input class="textinput" type=text name="banned" value="'.$row->banned.'"></td></tr>
- </table>
- </div></center><br /><br /></p>';
- echo '<center><div class="bodytitle">Department Information:</div>
- <div class="bodycontent"> Please only use numbers. 1 = Member :: 0 = Not a member. <br /> <br />
- <table border="0" cellspacing="0" cellpadding="2" width="90%">
- <tr><td><b>Recruitment Department:</b></td> <td><input class="textinput" type=text name="recruitment" value="'.$row->recruitment.'"></td></tr>
- <tr><td><b>Traffic Enforcement Unit:</b></td> <td><input class="textinput" type=text name="teu" value="'.$row->teu.'"></td></tr>
- <tr><td><b>Special Weapons and Tactics:</b></td> <td><input class="textinput" type=text name="swat" value="'.$row->swat.'"> </td></tr>
- <tr><td><b>Anti Crime Unit:</b></td> <td><input class="textinput" type=text name="acu" value="'.$row->acu.'"></td></tr>
- <tr><td><b>Training Department:</b></td> <td><input class="textinput" type=text name="td" value="'.$row->td.'"></td></tr>
- <tr><td><b>Air Support Unit:</b></td> <td><input class="textinput" type=text name="asu" value="'.$row->asu.'"></td></tr>
- <tr><td><b>Department of Licensing:</b></td> <td><input class="textinput" type=text name="dfl" value="'.$row->dfl.'"></td></tr>
- <tr><td><b>Prison Liason Office:</b></td> <td><input class="textinput" type=text name="plo" value="'.$row->plo.'"></td></tr>
- </table>
- </div></center><br /><br /></p>';
- echo '<center><div class="bodytitle">Awards:</div>
- <div class="bodycontent"> Please only use numbers. 1 = Achieved :: 0 = Not Achieved.
- <table border="0" cellspacing="0" cellpadding="2" width="90%">
- <tr><td><b>Completion of Field Training:</b></td> <td><input class="textinput" type=text name="fieldtraining" value="'.$row->fieldtraining.'"></td></tr>
- <tr><td><b>Exemplary Academy Student:</b></td> <td><input class="textinput" type=text name="eacademystudent" value="'.$row->eacademystudent.'"></td></tr>
- <tr><td><b>Basic Service Award:</b></td> <td><input class="textinput" type=text name="bservice" value="'.$row->bservice.'"></td></tr>
- <tr><td><b>Veteran Service Award:</b></td> <td><input class="textinput" type=text name="vservice" value="'.$row->vservice.'"></td></tr>
- <tr><td><b>Advanced Service Award:</b></td> <td><input class="textinput" type=text name="aservice" value="'.$row->aservice.'"></td></tr>
- <tr><td><br /> <br /> </td> <br /> <br /><td> </td></tr>
- <tr><td><b>Training Department:</b></td> <td><input class="textinput" type=text name="train" value="'.$row->train.'"></td></tr>
- <tr><td><b>Recruitment Department:</b></td> <td><input class="textinput" type=text name="recru" value="'.$row->recru.'"></td></tr>
- <tr><td><b>Prison Liaison Office:</b></td> <td><input class="textinput" type=text name="prison" value="'.$row->prison.'"></td></tr>
- <tr><td><b>Anti Crime Unit:</b></td> <td><input class="textinput" type=text name="anti" value="'.$row->anti.'"> </td></tr>
- <tr><td><b>Department Of Firearms Licensing:</b></td> <td><input class="textinput" type=text name="department" value="'.$row->department.'"></td></tr>
- <tr><td><b>Special Weapons and Tactics:</b></td> <td><input class="textinput" type=text name="special" value="'.$row->special.'"></td></tr>
- <tr><td><b>Marine Support Unit:</b></td> <td><input class="textinput" type=text name="marine" value="'.$row->marine.'"></td></tr>
- <tr><td><b>CRASH Unit:</b></td> <td><input class="textinput" type=text name="crash" value="'.$row->crash.'"></td></tr>
- <tr><td><b>Field Training Officer:</b></td> <td><input class="textinput" type=text name="fto" value="'.$row->fto.'"></td></tr>
- <tr><td> </td><br /> <br /> <td><br /> <br /> </td></tr>
- <tr><td><b>Special Vehicles Unit:</b></td> <td><input class="textinput" type=text name="svu" value="'.$row->svu.'"></td></tr>
- <tr><td><b>High Speed Interception Unit:</b></td> <td><input class="textinput" type=text name="hsiu" value="'.$row->hsiu.'"></td></tr>
- <tr><td> <br /> <br /></td> <td><br /> <br /> </td></tr>
- <tr><td><b>First Aid Officer:</b></td> <td><input class="textinput" type=text name="fao" value="'.$row->fao.'"> </td></tr>
- <tr><td><b>Award of Valor:</b></td> <td><input class="textinput" type=text name="aov" value="'.$row->aov.'"></td></tr>
- <tr><td><b>Crime Fighter Award:</b></td> <td><input class="textinput" type=text name="cfa" value="'.$row->cfa.'"></td></tr>
- <tr><td><b>Award of Merit:</b></td> <td><input class="textinput" type=text name="aom" value="'.$row->aom.'"></td></tr>
- <tr><td><b>Distinguished Service Award:</b></td> <td><input class="textinput" type=text name="ds" value="'.$row->ds.'"></td></tr>
- <tr><td><b>Driving Award:</b></td> <td><input class="textinput" type=text name="da" value="'.$row->da.'"></td></tr>
- <tr><td><b>Expert Driver Award:</b></td> <td><input class="textinput" type=text name="eda" value="'.$row->eda.'"></td></tr>
- <tr><td><b>Chief\'s Personal Award:</b></td> <td><input class="textinput" type=text name="cpa" value="'.$row->cpa.'"></td></tr>
- <tr><td><br /> <br /></td> <td> <br /> <br /></td></tr>
- <tr><td><b>Command Induction:</b></td> <td><input class="textinput" type=text name="ci" value="'.$row->ci.'"></td></tr>
- <tr><td><b>High Command Induction:</b></td> <td><input class="textinput" type=text name="hci" value="'.$row->hci.'"></td></tr>
- </table>
- </div></center><br /><br /></p>';
- }
- if($_SESSION['loggedin'] == true && $_SESSION['AdminLevel'] >= 1)
- {
- echo '<center><div class="bodytitle">Admin Information:</div>
- <div class="bodycontent"> <br />
- <table border="0" cellspacing="0" cellpadding="2" width="90%">
- <tr><td><b>Authorized:</b></td> <td><input class="textinput" type=text name="auth" value="'.$row->auth.'"></td></tr>
- <tr><td><b>Hash Pass:</b></td> <td>'.$row->pass.'</td></tr>
- </table>
- </div> <br /> <br /> <input class="button" type=submit value="Update User" name="update"> <br /></center><br /><br /></p>';
- }
- }
- else
- {
- echo '<b><font color="#F01F0F"><img src="images/error.png">You do not have the correct permission to view this page..</font></b><br /> <br /></div>';
- return false;
- }
- ?>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement