Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /****************************************************************\
- * Staff panel for the TBDEV source code *
- * -------------------------------------------------------------- *
- * An easy to config staff panel for different staff classes, *
- * with different options for each class, like add, edit, delete *
- * the pages and to log the actions. *
- * -------------------------------------------------------------- *
- * @author: Alex2005 for TBDEV.NET *
- * @Conversion: Bigjoos for TBDEV.NET 09 *
- * @copyright: Alex2005 *
- * @package: Staff Panel *
- * @category: Staff Tools *
- * @version: v1.10 04/07/2008 *
- * @license: GNU General Public License *
- \****************************************************************/
- require_once("include/bittorrent.php");
- require_once("include/user_functions.php");
- require_once("include/html_functions.php");
- require_once("include/bbcode_functions.php");
- dbconn(false);
- loggedinorreturn();
- $lang = array_merge( load_language('global') );
- $HTMLOUT ='';
- /**
- * Staff classes config
- *
- * UC_XYZ : integer -> the name of the defined class
- *
- * Options for a selected class
- ** add : boolean -> enable/disable page adding
- ** edit : boolean -> enable/disable page editing
- ** delete : boolean -> enable/disable page deletion
- ** log : boolean -> enable/disable the loging of the actions
- *
- * @result $staff_classes array();
- */
- $staff_classes = array(
- UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
- UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
- UC_SYSOP => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false)
- );
- if (!isset($staff_classes[$CURUSER['class']]))
- stderr('Error', 'Access Denied!');
- $action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
- $id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
- $class_color = (function_exists('get_user_class_color') ? true : false);
- if ($action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
- {
- $sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');
- $res = mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' : '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
- $arr = mysql_fetch_assoc($res);
- if ($CURUSER['class'] < $arr['av_class'])
- stderr('Error', 'You are not allowed to delete this page.');
- if (!$sure)
- stderr('Sanity check', 'Are you sure you want to delete this page: "'.htmlspecialchars($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&id='.$id.'&sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');
- mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
- if (mysql_affected_rows()){
- if ($staff_classes[$CURUSER['class']]['log'])
- write_log('Page "'.$arr['page_name'].'"('.($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).($class_color ? '</font>' : '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
- header('Location: '.$_SERVER['PHP_SELF']);
- exit();
- }
- else
- stderr('Error', 'There was a database error, please retry.');
- }else if (($action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
- {
- $names = array('page_name', 'file_name', 'description', 'av_class','image');
- if ($action == 'edit')
- {
- $res = mysql_query('SELECT '.implode(', ', $names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
- $arr = mysql_fetch_assoc($res);
- }
- foreach ($names as $name)
- $$name = htmlspecialchars((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' ? $arr[$name] : '')));
- if ($action == 'edit' && $CURUSER['class'] < $av_class)
- stderr('Error', 'You are not allowed to edit this page.');
- if ($_SERVER['REQUEST_METHOD'] == 'POST')
- {
- $errors = array();
- if (empty($page_name))
- $errors[] = 'The page name cannot be empty.';
- if (empty($file_name))
- $errors[] = 'The filename cannot be empty.';
- if (empty($description))
- $errors[] = 'The description cannot be empty.';
- if (!isset($staff_classes[$av_class]))
- $errors[] = 'The selected class is not a valid staff class.';
- if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/', $file_name))
- $errors[] = 'Inexistent php file.';
- if (strlen($page_name) < 4 && !empty($page_name))
- $errors[] = 'The page name is too short (min 4 chars).';
- if (strlen($page_name) > 80)
- $errors[] = 'The page name is too long (max 30 chars).';
- if (strlen($file_name) > 80)
- $errors[] = 'The filename is too long (max 30 chars).';
- if (strlen($description) > 100)
- $errors[] = 'The description is too long (max 100 chars).';
- if (empty($image))
- $errors[] = 'empty image name.';
- if (empty($errors)){
- if ($action == 'add'){
- $res = mysql_query("INSERT INTO staffpanel (image,page_name, file_name, description, av_class, added_by, added) ".
- "VALUES (".implode(", ", array_map("sqlesc", array($image,$page_name, $file_name, $description, (int)$av_class, (int)$CURUSER['id'], time()))).")");
- if (!$res)
- {
- if (mysql_errno() == 1062)
- $errors[] = "This filename is already submited.";
- else
- $errors[] = "There was a database error, please retry.";
- }
- }else{
- $res = mysql_query("UPDATE staffpanel SET image = ".sqlesc($image)." , page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
- if (!$res)
- $errors[] = "There was a database error, please retry.";
- }
- if (empty($errors)){
- if ($staff_classes[$CURUSER['class']]['log'])
- write_log('Page "'.$page_name.'"('.($class_color ? '<font color="#'.get_user_class_color($av_class).'">' : '').get_user_class_name($av_class).($class_color ? '</font>' : '').') in the staff panel was '.($action == 'add' ? 'added' : 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
- header('Location: '.$_SERVER['PHP_SELF']);
- exit();
- }
- }
- }
- $dh = opendir( $TBDEV['pic_base_url'].'admin' );
- $files = array();
- while ( FALSE !== ( $file = readdir( $dh ) ) )
- {
- if ( ($file != ".") && ($file != "..") )
- {
- if ( preg_match( "/^staff_[A-Za-z0-9_]+\.(?:gif|jpg|jpeg|png)$/i", $file ) )
- {
- $files[] = $file;
- }
- }
- }
- closedir( $dh );
- if( is_array($files) AND count($files) )
- {
- $select = "<select name='image'>\n<option value='0'>Select Image</option>\n";
- foreach ($files as $f)
- {
- $selected = ($f == $image) ? " selected='selected'" : "";
- $select .= "<option value='" . htmlentities($f, ENT_QUOTES) . "'$selected>" . htmlentities($f, ENT_QUOTES) . "</option>\n";
- }
- $select .= "</select>\n";
- $check = "<tr><td align='right' width='50%'>Select a new image:<br /><span style='color:limegreen;font-weight:bold;'>Info: If you want a new image, you have to upload it to the /admin/ directory first.</span></td><td>$select</td></tr>";
- }else{
- $check = "<tr><td align='right' width='50%'>Select a new image:</td><td><span style='color:red;font-weight:bold;'>Warning: There are no images in the directory, please upload one.</span></td></tr>";
- }
- $HTMLOUT .= begin_main_frame();
- $HTMLOUT .= begin_frame("".($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'."",true);
- if (!empty($errors))
- {
- $HTMLOUT .= stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.', '<b>'.implode('<br />', $errors).'</b>');
- $HTMLOUT .="<br />";
- }
- $HTMLOUT .="<form name='form1' method='post' action='staffpanel.php'>
- <input type='hidden' name='action' value='{$action}' />";
- if ($action == 'edit')
- {
- $HTMLOUT .="<input type='hidden' name='id' value='{$id}' />";
- }
- $HTMLOUT .="<table cellpadding='5' width='100%' align='center'><tr>
- <td class='rowhead' width='1%'>Page name</td><td align='left'><input type='text' size='50' name='page_name' value='{$page_name}' /></td></tr>
- <tr><td class='rowhead'>Filename</td><td align='left'><input type='text' size='50' name='file_name' value='{$file_name}' /></td></tr>
- <tr><td class='rowhead'>Description</td><td align='left'><input type='text' size='50' name='description' value='{$description}' /></td></tr>
- {$check}<tr><td class='rowhead'><span style='white-space: nowrap;'>Available for</span></td>
- <td align='left'><select name='av_class'>";
- foreach ($staff_classes as $class => $value)
- {
- if ($CURUSER['class'] < $class)
- continue;
- $HTMLOUT .= '<option'.($class_color? ' style="background-color:#'.get_user_class_color($class).';"':'').' value="'.$class.'"'.($class == $av_class ? ' selected="selected"':'').'>'.get_user_class_name($class).'</option>';
- }
- $HTMLOUT .="</select></td></tr></table>
- <table><tr><td style='border:none;' align='center'><input type='submit' class='btn' value='Submit' /><input type='button' class='btn' value='Cancel' onclick=\"history.go(-1)\" /></td></tr></table></form>";
- $HTMLOUT .= end_frame();
- $HTMLOUT .= end_main_frame();
- print stdhead('Staff Panel :: '.($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page') . $HTMLOUT . stdfoot();
- }else{
- $HTMLOUT .=begin_main_frame();
- if ($staff_classes[$CURUSER['class']]['add'])
- {
- $addpage = "<br /><a href='staffpanel.php?action=add' title='Add a new page'><font class='small'>[Add a new page]</font></a>";
- }else{
- $addpage = "";
- }
- $HTMLOUT .=begin_frame("Staff Tools $addpage",true);
- $HTMLOUT .="<table width='900' cellpadding='0'>
- <tr><td style='border:none;'>";
- $res = mysql_query('SELECT staffpanel.*, users.username '.
- 'FROM staffpanel '.
- 'LEFT JOIN users ON users.id = staffpanel.added_by '.
- 'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
- 'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE__, __LINE__);
- if (mysql_num_rows($res) == 0)
- {
- $HTMLOUT .= '<center><h2>Sorry Nothing found.</h2></center>';
- }else{
- if (mysql_num_rows($res) > 0)
- {
- $HTMLOUT .="<ul class='buttons-set'>";
- $db_classes = $unique_classes = $mysql_data = array();
- while ($arr = mysql_fetch_assoc($res))
- $mysql_data[] = $arr;
- foreach ($mysql_data as $key => $value)
- $db_classes[$value['av_class']][] = $value['av_class'];
- foreach ($mysql_data as $key => $arr)
- {
- if ($staff_classes[$CURUSER['class']]['edit'])
- {
- $editb ="<a href='staffpanel.php?action=edit&id=".(int)$arr['id']."'><img src='pic/admin/edit.gif' border='0' alt='Edit !' title='Edit !' /></a>";
- }else{
- $editb = '';
- }
- if ($staff_classes[$CURUSER['class']]['delete'])
- {
- $deleteb ="<a href='staffpanel.php?action=delete&id=".(int)$arr['id']."'><img src='pic/admin/delete.gif' border='0' alt='Delete !' title='Delete !' /></a>";
- }else{
- $deleteb = '';
- }
- $info = "<a href='userdetails.php?id=".(int)$arr['added_by']."'><img src='pic/admin/info.gif' border='0' alt='Added by ".$arr['username']."<br />on ".get_date($arr['added'], 'LONG',0,1)."' title='Added by ".$arr['username'].", ".get_date($arr['added'], 'LONG',0,1)."' /></a>";
- if (!in_array($arr['av_class'], $unique_classes))
- $unique_classes[] = $arr['av_class'];
- $HTMLOUT .="<li><center>$editb $deleteb $info</center><a class='button1' href='".htmlspecialchars($arr['file_name'])."' title='".htmlspecialchars($arr['page_name'])."'><span><img width='32' height='32' src='pic/admin/".$arr['image']."' alt='".htmlspecialchars($arr['page_name'])."' title='".htmlspecialchars($arr['page_name'])."'/>
- <br /><font class='small'>".htmlspecialchars($arr['description'])."</font></span></a></li>";
- $i='';
- $i++;
- }
- }
- $HTMLOUT .="</ul>";
- }
- $HTMLOUT .="</td></tr></table>";
- $HTMLOUT .= end_frame();
- $HTMLOUT .= end_main_frame();
- /////////////////output\\\\\\\\\\
- print stdhead("Staff Panel") . $HTMLOUT . stdfoot();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement