Untitled

<?php
/****************************************************************\
* Staff panel for the TBDEV source code                          *
* -------------------------------------------------------------- *
* An easy to config staff panel for different staff classes,     *
* with different options for each class, like add, edit, delete  *
* the pages and to log the actions.                              *
* -------------------------------------------------------------- *
* @author: Alex2005 for TBDEV.NET                                *
* @Conversion: Bigjoos for TBDEV.NET 09                          *
* @copyright: Alex2005                                           *
* @package: Staff Panel                                          *
* @category: Staff Tools                                         *
* @version: v1.10 04/07/2008                                     *
* @license: GNU General Public License                           *
\****************************************************************/
require_once("include/bittorrent.php");
require_once("include/user_functions.php");
require_once("include/html_functions.php");
require_once("include/bbcode_functions.php");
dbconn(false);
loggedinorreturn();

$lang = array_merge( load_language('global') );

$HTMLOUT ='';
/**
* Staff classes config
*
* UC_XYZ  : integer -> the name of the defined class
*
* Options for a selected class
** add    : boolean -> enable/disable page adding
** edit   : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log    : boolean -> enable/disable the loging of the actions
*
* @result $staff_classes array();
*/
$staff_classes = array(
                        UC_MODERATOR        => array('add' => false,    'edit' => false,    'delete' => false,      'log' => true),
                        UC_ADMINISTRATOR    => array('add' => false,    'edit' => false,    'delete' => false,      'log' => true),
                        UC_SYSOP            => array('add' => true,     'edit' => true,     'delete' => true,       'log' => false)
                      );

if (!isset($staff_classes[$CURUSER['class']]))
stderr('Error', 'Access Denied!');
$action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
$class_color = (function_exists('get_user_class_color') ? true : false);
if ($action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
{
$sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');
$res = mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' : '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if ($CURUSER['class'] < $arr['av_class'])
stderr('Error', 'You are not allowed to delete this page.');
if (!$sure)
stderr('Sanity check', 'Are you sure you want to delete this page: "'.htmlspecialchars($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&id='.$id.'&sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');
mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
if (mysql_affected_rows()){
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$arr['page_name'].'"('.($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).($class_color ? '</font>' : '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
else
stderr('Error', 'There was a database error, please retry.');
}else if (($action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
{
$names = array('page_name', 'file_name', 'description', 'av_class','image');
if ($action == 'edit')
{
$res = mysql_query('SELECT '.implode(', ', $names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
}
foreach ($names as $name)
$$name = htmlspecialchars((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' ? $arr[$name] : '')));
if ($action == 'edit' && $CURUSER['class'] < $av_class)
stderr('Error', 'You are not allowed to edit this page.');
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$errors = array();
if (empty($page_name))
$errors[] = 'The page name cannot be empty.';
if (empty($file_name))
$errors[] = 'The filename cannot be empty.';
if (empty($description))
$errors[] = 'The description cannot be empty.';
if (!isset($staff_classes[$av_class]))
$errors[] = 'The selected class is not a valid staff class.';
if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/', $file_name))
$errors[] = 'Inexistent php file.';
if (strlen($page_name) < 4 && !empty($page_name))
$errors[] = 'The page name is too short (min 4 chars).';
if (strlen($page_name) > 80)
$errors[] = 'The page name is too long (max 30 chars).';
if (strlen($file_name) > 80)
$errors[] = 'The filename is too long (max 30 chars).';
if (strlen($description) > 100)
$errors[] = 'The description is too long (max 100 chars).';
if (empty($image))
$errors[] = 'empty image name.';
if (empty($errors)){
if ($action == 'add'){
$res = mysql_query("INSERT INTO staffpanel (image,page_name, file_name, description, av_class, added_by, added) ".
"VALUES (".implode(", ", array_map("sqlesc", array($image,$page_name, $file_name, $description, (int)$av_class, (int)$CURUSER['id'], time()))).")");
if (!$res)
{
if (mysql_errno() == 1062)
$errors[] = "This filename is already submited.";
else
$errors[] = "There was a database error, please retry.";
}
}else{
$res = mysql_query("UPDATE staffpanel SET image = ".sqlesc($image)." , page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
if (!$res)
$errors[] = "There was a database error, please retry.";
}
if (empty($errors)){
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$page_name.'"('.($class_color ? '<font color="#'.get_user_class_color($av_class).'">' : '').get_user_class_name($av_class).($class_color ? '</font>' : '').') in the staff panel was '.($action == 'add' ? 'added' : 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
}
}
$dh = opendir( $TBDEV['pic_base_url'].'admin' );
$files = array();
while ( FALSE !== ( $file = readdir( $dh ) ) )
{
if ( ($file != ".") && ($file != "..") )
{
if ( preg_match( "/^staff_[A-Za-z0-9_]+\.(?:gif|jpg|jpeg|png)$/i", $file ) )
{
$files[] = $file;
}
}
}
closedir( $dh );
if( is_array($files) AND count($files) )
{
$select = "<select name='image'>\n<option value='0'>Select Image</option>\n";
foreach ($files as $f)
{
$selected = ($f == $image) ? " selected='selected'" : "";
$select .= "<option value='" . htmlentities($f, ENT_QUOTES) . "'$selected>" . htmlentities($f, ENT_QUOTES) . "</option>\n";
}
$select .= "</select>\n";
$check = "<tr><td align='right' width='50%'>Select a new image:<br /><span style='color:limegreen;font-weight:bold;'>Info: If you want a new image, you have to upload it to the /admin/ directory first.</span></td><td>$select</td></tr>";
}else{
$check = "<tr><td align='right' width='50%'>Select a new image:</td><td><span style='color:red;font-weight:bold;'>Warning: There are no images in the directory, please upload one.</span></td></tr>";
}
$HTMLOUT .= begin_main_frame();
$HTMLOUT .= begin_frame("".($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'."",true);
if (!empty($errors))
{
$HTMLOUT .= stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.', '<b>'.implode('<br />', $errors).'</b>');
$HTMLOUT .="<br />";
}
$HTMLOUT .="<form name='form1' method='post' action='staffpanel.php'>
<input type='hidden' name='action' value='{$action}' />";
if ($action == 'edit')
{
$HTMLOUT .="<input type='hidden' name='id' value='{$id}' />";
}
$HTMLOUT .="<table cellpadding='5' width='100%' align='center'><tr>
<td class='rowhead' width='1%'>Page name</td><td align='left'><input type='text' size='50' name='page_name' value='{$page_name}' /></td></tr>
<tr><td class='rowhead'>Filename</td><td align='left'><input type='text' size='50' name='file_name' value='{$file_name}' /></td></tr>
<tr><td class='rowhead'>Description</td><td align='left'><input type='text' size='50' name='description' value='{$description}' /></td></tr>
{$check}<tr><td class='rowhead'><span style='white-space: nowrap;'>Available for</span></td>
<td align='left'><select name='av_class'>";
foreach ($staff_classes as $class => $value)
{
if ($CURUSER['class'] < $class)
continue;
$HTMLOUT .= '<option'.($class_color? ' style="background-color:#'.get_user_class_color($class).';"':'').' value="'.$class.'"'.($class == $av_class ? ' selected="selected"':'').'>'.get_user_class_name($class).'</option>';
}
$HTMLOUT .="</select></td></tr></table>
<table><tr><td style='border:none;' align='center'><input type='submit' class='btn' value='Submit' /><input type='button' class='btn' value='Cancel' onclick=\"history.go(-1)\" /></td></tr></table></form>";
$HTMLOUT .= end_frame();
$HTMLOUT .= end_main_frame();
print stdhead('Staff Panel :: '.($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page') . $HTMLOUT . stdfoot();
}else{
$HTMLOUT .=begin_main_frame();
if ($staff_classes[$CURUSER['class']]['add'])
{
$addpage = "<br /><a href='staffpanel.php?action=add' title='Add a new page'><font class='small'>[Add a new page]</font></a>";
}else{
$addpage = "";
}
$HTMLOUT .=begin_frame("Staff Tools $addpage",true);

$HTMLOUT .="<table width='900' cellpadding='0'>
<tr><td style='border:none;'>";
$res = mysql_query('SELECT staffpanel.*, users.username '.
'FROM staffpanel '.
'LEFT JOIN users ON users.id = staffpanel.added_by '.
'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) == 0)
{
$HTMLOUT .= '<center><h2>Sorry Nothing found.</h2></center>';
}else{
if (mysql_num_rows($res) > 0)
{
$HTMLOUT .="<ul class='buttons-set'>";
$db_classes = $unique_classes = $mysql_data = array();
while ($arr = mysql_fetch_assoc($res))
$mysql_data[] = $arr;
foreach ($mysql_data as $key => $value)
$db_classes[$value['av_class']][] = $value['av_class'];
foreach ($mysql_data as $key => $arr)
{

if ($staff_classes[$CURUSER['class']]['edit'])
{
$editb ="<a href='staffpanel.php?action=edit&id=".(int)$arr['id']."'><img src='pic/admin/edit.gif' border='0' alt='Edit !' title='Edit !' /></a>";
}else{
$editb = '';
}
if ($staff_classes[$CURUSER['class']]['delete'])
{
$deleteb ="<a href='staffpanel.php?action=delete&id=".(int)$arr['id']."'><img src='pic/admin/delete.gif' border='0' alt='Delete !' title='Delete !' /></a>";
}else{
$deleteb = '';
}
$info = "<a href='userdetails.php?id=".(int)$arr['added_by']."'><img src='pic/admin/info.gif' border='0' alt='Added by ".$arr['username']."<br />on ".get_date($arr['added'], 'LONG',0,1)."' title='Added by ".$arr['username'].", ".get_date($arr['added'], 'LONG',0,1)."' /></a>";

if (!in_array($arr['av_class'], $unique_classes))
$unique_classes[] = $arr['av_class'];
$HTMLOUT .="<li><center>$editb $deleteb $info</center><a class='button1' href='".htmlspecialchars($arr['file_name'])."' title='".htmlspecialchars($arr['page_name'])."'><span><img width='32' height='32' src='pic/admin/".$arr['image']."' alt='".htmlspecialchars($arr['page_name'])."' title='".htmlspecialchars($arr['page_name'])."'/>
<br /><font class='small'>".htmlspecialchars($arr['description'])."</font></span></a></li>";
$i='';
$i++;
}
}
$HTMLOUT .="</ul>";
}
$HTMLOUT .="</td></tr></table>";
$HTMLOUT .= end_frame();
$HTMLOUT .= end_main_frame();
/////////////////output\\\\\\\\\\
print stdhead("Staff Panel") . $HTMLOUT . stdfoot();
}
?>