Changeset 19 for minimanager/char_edit.php
- Timestamp:
- Aug 13, 2007, 9:05:34 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
minimanager/char_edit.php
r5 r19 24 24 if (empty($_GET['id'])) error($lang_global['empty_fields']); 25 25 26 $ mysql = new MySQL;27 $ mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);26 $sql = new SQL; 27 $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']); 28 28 29 $id = $ mysql->quote_smart($_GET['id']);30 31 $result = $ mysql->query("SELECT account FROM `character` WHERE guid = '$id'");32 33 if ($ mysql->num_rows($result)){29 $id = $sql->quote_smart($_GET['id']); 30 31 $result = $sql->query("SELECT account FROM `character` WHERE guid = '$id'"); 32 33 if ($sql->num_rows($result)){ 34 34 //resrict by owner's gmlvl 35 $owner_acc_id = $ mysql->result($result, 0, 'account');36 $ mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);37 $query = $ mysql->query("SELECT gmlevel,username FROM account WHERE id ='$owner_acc_id'");38 $owner_gmlvl = $ mysql->result($query, 0, 'gmlevel');39 $owner_name = $ mysql->result($query, 0, 'username');35 $owner_acc_id = $sql->result($result, 0, 'account'); 36 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); 37 $query = $sql->query("SELECT gmlevel,username FROM account WHERE id ='$owner_acc_id'"); 38 $owner_gmlvl = $sql->result($query, 0, 'gmlevel'); 39 $owner_name = $sql->result($query, 0, 'username'); 40 40 41 41 if ($user_lvl >= $owner_gmlvl){ 42 $ mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);43 44 $result = $ mysql->query("SELECT guid,account,data,name,race,class,position_x,position_y,map,online,totaltime,position_zFROM `character` WHERE guid = '$id'");45 $char = $ mysql->fetch_row($result);42 $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']); 43 44 $result = $sql->query("SELECT guid,account,data,name,race,class,position_x,position_y,map,online,totaltime,position_z,zone FROM `character` WHERE guid = '$id'"); 45 $char = $sql->fetch_row($result); 46 46 $char_data = explode(' ',$char[2]); 47 47 … … 50 50 51 51 if($char_data[CHAR_DATA_OFFSET_GUILD_ID]){ 52 $query = $ mysql->query("SELECT name FROM guild WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}'");53 $guild_name = $ mysql->result($query, 0, 'name');52 $query = $sql->query("SELECT name FROM guild WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}'"); 53 $guild_name = $sql->result($query, 0, 'name'); 54 54 if ($user_lvl > 0 ) $guild_name = "<a href=\"guild.php?action=view_guild&error=3&id={$char_data[CHAR_DATA_OFFSET_GUILD_ID]}\" >$guild_name</a>"; 55 55 if ($char_data[CHAR_DATA_OFFSET_GUILD_RANK]){ 56 $guild_rank_query = $ mysql->query("SELECT rname FROM guild_rank WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}' AND rid='{$char_data[CHAR_DATA_OFFSET_GUILD_RANK]}'");57 $guild_rank = $ mysql->result($guild_rank_query, 0, 'rname');56 $guild_rank_query = $sql->query("SELECT rname FROM guild_rank WHERE guildid ='{$char_data[CHAR_DATA_OFFSET_GUILD_ID]}' AND rid='{$char_data[CHAR_DATA_OFFSET_GUILD_RANK]}'"); 57 $guild_rank = $sql->result($guild_rank_query, 0, 'rname'); 58 58 } else $guild_rank = $lang_char['guild_leader']; 59 59 } else { … … 82 82 </tr> 83 83 <tr> 84 <td colspan=\"8\">".get_map_name($char[9])." - ".get_zone_name($char[ 8], $char[6], $char[7])."</td>84 <td colspan=\"8\">".get_map_name($char[9])." - ".get_zone_name($char[12])."</td> 85 85 </tr> 86 86 <tr> … … 169 169 170 170 //inventory+bank items 171 $mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']); 172 $sql = "SELECT bag,slot,item,item_template FROM character_inventory WHERE guid = '$id' ORDER BY bag,slot"; 173 $query2 = $mysql->query($sql); 171 $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']); 172 $query2 = $sql->query("SELECT bag,slot,item,item_template FROM character_inventory WHERE guid = '$id' ORDER BY bag,slot"); 174 173 175 174 $inv = array(); 176 175 $count = 0; 177 176 178 while ($slot = $ mysql->fetch_row($query2)){177 while ($slot = $sql->fetch_row($query2)){ 179 178 if ($slot[0] == 0) { 180 179 if($slot[1] >= 23 && $slot[1] <= 62) { … … 218 217 //case of non auth request 219 218 } else { 220 $ mysql->close();219 $sql->close(); 221 220 error($lang_char['no_permission']); 222 221 exit(); … … 224 223 225 224 } else error($lang_char['no_char_found']); 226 $ mysql->close();225 $sql->close(); 227 226 } 228 227 … … 237 236 if ( empty($_GET['id']) || empty($_GET['name']) ) error($lang_global['empty_fields']); 238 237 239 $ mysql = new MySQL;240 $ mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);241 242 $id = $ mysql->quote_smart($_GET['id']);243 244 $result = $ mysql->query("SELECT account,online FROM `character` WHERE guid = '$id'");245 246 if ($ mysql->num_rows($result)){238 $sql = new SQL; 239 $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']); 240 241 $id = $sql->quote_smart($_GET['id']); 242 243 $result = $sql->query("SELECT account,online FROM `character` WHERE guid = '$id'"); 244 245 if ($sql->num_rows($result)){ 247 246 //we cannot edit online chars 248 if(!$ mysql->result($result, 0, 'online')){247 if(!$sql->result($result, 0, 'online')){ 249 248 //resrict by owner's gmlvl 250 $owner_acc_id = $ mysql->result($result, 0, 'account');251 $ mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);252 $query = $ mysql->query("SELECT gmlevel FROM account WHERE id ='$owner_acc_id'");253 $owner_gmlvl = $ mysql->result($query, 0, 'gmlevel');249 $owner_acc_id = $sql->result($result, 0, 'account'); 250 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); 251 $query = $sql->query("SELECT gmlevel FROM account WHERE id ='$owner_acc_id'"); 252 $owner_gmlvl = $sql->result($query, 0, 'gmlevel'); 254 253 255 254 if ($user_lvl > $owner_gmlvl){ 256 255 257 if(isset($_GET['check'])) $check = $ mysql->quote_smart($_GET['check']);256 if(isset($_GET['check'])) $check = $sql->quote_smart($_GET['check']); 258 257 else $check = NULL; 259 258 260 $new_name = $ mysql->quote_smart($_GET['name']);259 $new_name = $sql->quote_smart($_GET['name']); 261 260 262 if (isset($_GET['tot_time'])) $new_tot_time = $ mysql->quote_smart($_GET['tot_time']);261 if (isset($_GET['tot_time'])) $new_tot_time = $sql->quote_smart($_GET['tot_time']); 263 262 else $new_tot_time = 0; 264 if (isset($_GET['res_holy'])) $new_res_holy = $ mysql->quote_smart($_GET['res_holy']);263 if (isset($_GET['res_holy'])) $new_res_holy = $sql->quote_smart($_GET['res_holy']); 265 264 else $new_res_holy = 0; 266 if (isset($_GET['res_arcane'])) $new_res_arcane = $ mysql->quote_smart($_GET['res_arcane']);265 if (isset($_GET['res_arcane'])) $new_res_arcane = $sql->quote_smart($_GET['res_arcane']); 267 266 else $new_res_arcane = 0; 268 if (isset($_GET['res_fire'])) $new_res_fire = $ mysql->quote_smart($_GET['res_fire']);267 if (isset($_GET['res_fire'])) $new_res_fire = $sql->quote_smart($_GET['res_fire']); 269 268 else $new_res_fire = 0; 270 if (isset($_GET['res_nature'])) $new_res_nature = $ mysql->quote_smart($_GET['res_nature']);269 if (isset($_GET['res_nature'])) $new_res_nature = $sql->quote_smart($_GET['res_nature']); 271 270 else $new_res_nature = 0; 272 if (isset($_GET['res_frost'])) $new_res_frost = $ mysql->quote_smart($_GET['res_frost']);271 if (isset($_GET['res_frost'])) $new_res_frost = $sql->quote_smart($_GET['res_frost']); 273 272 else $new_res_frost = 0; 274 if (isset($_GET['res_shadow'])) $new_res_shadow = $ mysql->quote_smart($_GET['res_shadow']);273 if (isset($_GET['res_shadow'])) $new_res_shadow = $sql->quote_smart($_GET['res_shadow']); 275 274 else $new_res_shadow = 0; 276 if (isset($_GET['attack_power'])) $new_attack_power = $ mysql->quote_smart($_GET['attack_power']);275 if (isset($_GET['attack_power'])) $new_attack_power = $sql->quote_smart($_GET['attack_power']); 277 276 else $new_attack_power = 0; 278 if (isset($_GET['range_attack_power'])) $new_range_attack_power = $ mysql->quote_smart($_GET['range_attack_power']);277 if (isset($_GET['range_attack_power'])) $new_range_attack_power = $sql->quote_smart($_GET['range_attack_power']); 279 278 else $new_range_attack_power = 0; 280 if (isset($_GET['money'])) $new_money = $ mysql->quote_smart($_GET['money']);279 if (isset($_GET['money'])) $new_money = $sql->quote_smart($_GET['money']); 281 280 else $new_money = 0; 282 if (isset($_GET['arena_points'])) $new_arena_points = $ mysql->quote_smart($_GET['arena_points']);281 if (isset($_GET['arena_points'])) $new_arena_points = $sql->quote_smart($_GET['arena_points']); 283 282 else $new_arena_points = 0; 284 if (isset($_GET['honor_points'])) $new_honor_points = $ mysql->quote_smart($_GET['honor_points']);283 if (isset($_GET['honor_points'])) $new_honor_points = $sql->quote_smart($_GET['honor_points']); 285 284 else $new_honor_points = 0; 286 if (isset($_GET['total_kills'])) $new_total_kills = $ mysql->quote_smart($_GET['total_kills']);285 if (isset($_GET['total_kills'])) $new_total_kills = $sql->quote_smart($_GET['total_kills']); 287 286 else $new_total_kills = 0; 288 287 … … 292 291 error($lang_char['use_numeric']); 293 292 294 if (isset($_GET['health'])) $new_health = $ mysql->quote_smart($_GET['health']);293 if (isset($_GET['health'])) $new_health = $sql->quote_smart($_GET['health']); 295 294 else $new_health = 1; 296 if (isset($_GET['mana'])) $new_mana = $ mysql->quote_smart($_GET['mana']);295 if (isset($_GET['mana'])) $new_mana = $sql->quote_smart($_GET['mana']); 297 296 else $new_mana = 0; 298 if (isset($_GET['str'])) $new_str = $ mysql->quote_smart($_GET['str']);297 if (isset($_GET['str'])) $new_str = $sql->quote_smart($_GET['str']); 299 298 else $new_str = 1; 300 if (isset($_GET['agi'])) $new_agi = $ mysql->quote_smart($_GET['agi']);299 if (isset($_GET['agi'])) $new_agi = $sql->quote_smart($_GET['agi']); 301 300 else $new_agi = 1; 302 if (isset($_GET['sta'])) $new_sta = $ mysql->quote_smart($_GET['sta']);301 if (isset($_GET['sta'])) $new_sta = $sql->quote_smart($_GET['sta']); 303 302 else $new_sta = 1; 304 if (isset($_GET['int'])) $new_int = $ mysql->quote_smart($_GET['int']);303 if (isset($_GET['int'])) $new_int = $sql->quote_smart($_GET['int']); 305 304 else $new_int = 1; 306 if (isset($_GET['spi'])) $new_spi = $ mysql->quote_smart($_GET['spi']);305 if (isset($_GET['spi'])) $new_spi = $sql->quote_smart($_GET['spi']); 307 306 else $new_spi = 1; 308 if (isset($_GET['exp'])) $new_exp = $ mysql->quote_smart($_GET['exp']);307 if (isset($_GET['exp'])) $new_exp = $sql->quote_smart($_GET['exp']); 309 308 else $new_exp = 0; 310 if (isset($_GET['armor'])) $new_armor = $ mysql->quote_smart($_GET['armor']);309 if (isset($_GET['armor'])) $new_armor = $sql->quote_smart($_GET['armor']); 311 310 else $new_armor = 0; 312 if (isset($_GET['block'])) $new_block = $ mysql->quote_smart($_GET['block']);311 if (isset($_GET['block'])) $new_block = $sql->quote_smart($_GET['block']); 313 312 else $new_block = 0; 314 if (isset($_GET['dodge'])) $new_dodge = $ mysql->quote_smart($_GET['dodge']);313 if (isset($_GET['dodge'])) $new_dodge = $sql->quote_smart($_GET['dodge']); 315 314 else $new_dodge = 0; 316 if (isset($_GET['parry'])) $new_parry = $ mysql->quote_smart($_GET['parry']);315 if (isset($_GET['parry'])) $new_parry = $sql->quote_smart($_GET['parry']); 317 316 else $new_parry = 0; 318 if (isset($_GET['crit'])) $new_crit = $ mysql->quote_smart($_GET['crit']);317 if (isset($_GET['crit'])) $new_crit = $sql->quote_smart($_GET['crit']); 319 318 else $new_crit = 0; 320 if (isset($_GET['range_crit'])) $new_range_crit = $ mysql->quote_smart($_GET['range_crit']);319 if (isset($_GET['range_crit'])) $new_range_crit = $sql->quote_smart($_GET['range_crit']); 321 320 else $new_range_crit = 0; 322 321 … … 326 325 ||(!is_numeric($new_crit))||(!is_numeric($new_range_crit))) error($lang_char['use_numeric']); 327 326 328 $x = (isset($_GET['x'])) ? $ mysql->quote_smart($_GET['x']) : 0;329 $y = (isset($_GET['y'])) ? $ mysql->quote_smart($_GET['y']) : 0;330 $z = (isset($_GET['z'])) ? $ mysql->quote_smart($_GET['z']) : 0;331 $map = (isset($_GET['map'])) ? $ mysql->quote_smart($_GET['map']) : 0;332 $tp_to = (isset($_GET['tp_to'])) ? $ mysql->quote_smart($_GET['tp_to']) : 0;333 334 $ mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);335 336 $result = $ mysql->query("SELECT data FROM `character` WHERE guid = '$id'");337 $char = $ mysql->fetch_row($result);327 $x = (isset($_GET['x'])) ? $sql->quote_smart($_GET['x']) : 0; 328 $y = (isset($_GET['y'])) ? $sql->quote_smart($_GET['y']) : 0; 329 $z = (isset($_GET['z'])) ? $sql->quote_smart($_GET['z']) : 0; 330 $map = (isset($_GET['map'])) ? $sql->quote_smart($_GET['map']) : 0; 331 $tp_to = (isset($_GET['tp_to'])) ? $sql->quote_smart($_GET['tp_to']) : 0; 332 333 $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']); 334 335 $result = $sql->query("SELECT data FROM `character` WHERE guid = '$id'"); 336 $char = $sql->fetch_row($result); 338 337 $char_data = explode(' ',$char[0]); 339 338 … … 401 400 402 401 sscanf($item_num, "a%d",$item_num); 403 $result = $ mysql->query("SELECT item FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0");404 $item_inst_id = $ mysql->result($result, 0, 'item');405 406 $ mysql->query("DELETE FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0");407 $ mysql->query("DELETE FROM item_instance WHERE guid = '$item_inst_id' AND owner_guid = '$id'");408 $ mysql->query("DELETE FROM item_text WHERE id = '$item_inst_id'");402 $result = $sql->query("SELECT item FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0"); 403 $item_inst_id = $sql->result($result, 0, 'item'); 404 405 $sql->query("DELETE FROM character_inventory WHERE guid = '$id' AND slot = $item_num AND bag = 0"); 406 $sql->query("DELETE FROM item_instance WHERE guid = '$item_inst_id' AND owner_guid = '$id'"); 407 $sql->query("DELETE FROM item_text WHERE id = '$item_inst_id'"); 409 408 } else { //deleting inv/bank items 410 $ mysql->query("DELETE FROM character_inventory WHERE guid = '$id' AND item = '$item_num'");411 $ mysql->query("DELETE FROM item_instance WHERE guid = '$item_num' AND owner_guid = '$id'");412 $ mysql->query("DELETE FROM item_text WHERE id = '$item_num'");409 $sql->query("DELETE FROM character_inventory WHERE guid = '$id' AND item = '$item_num'"); 410 $sql->query("DELETE FROM item_instance WHERE guid = '$item_num' AND owner_guid = '$id'"); 411 $sql->query("DELETE FROM item_text WHERE id = '$item_num'"); 413 412 } 414 413 } … … 418 417 419 418 if ($tp_to){ 420 $query = $ mysql->query("SELECT map, position_x, position_y, position_z, orientation FROM game_tele WHERE LOWER(name) = '".strtolower($tp_to)."'");421 $tele = $ mysql->fetch_row($query);419 $query = $sql->query("SELECT map, position_x, position_y, position_z, orientation FROM game_tele WHERE LOWER(name) = '".strtolower($tp_to)."'"); 420 $tele = $sql->fetch_row($query); 422 421 if($tele) $teleport = "map='$tele[0]', position_x='$tele[1]', position_y='$tele[2]', position_z='$tele[3]', orientation='$tele[4]',"; 423 422 else error($lang_char['no_tp_location']); 424 423 } else $teleport = "map='$map', position_x='$x', position_y='$y', position_z='$z',"; 425 424 426 $result = $ mysql->query("UPDATE `character` SET data = '$data', name = '$new_name', $teleport totaltime = '$new_tot_time' WHERE guid = '$id'");427 $ mysql->close();425 $result = $sql->query("UPDATE `character` SET data = '$data', name = '$new_name', $teleport totaltime = '$new_tot_time' WHERE guid = '$id'"); 426 $sql->close(); 428 427 429 428 if ($result) redirect("char_edit.php?action=edit_char&id=$id&error=3"); 430 429 else redirect("char_edit.php?action=edit_char&id=$id&error=4"); 431 430 } else { 432 $ mysql->close();431 $sql->close(); 433 432 error($lang_char['no_permission']); 434 433 } 435 434 } else { 436 $ mysql->close();435 $sql->close(); 437 436 redirect("char_edit.php?action=edit_char&id=$id&error=2"); 438 437 } 439 438 } else error($lang_char['no_char_found']); 440 $ mysql->close();439 $sql->close(); 441 440 } 442 441
Note:
See TracChangeset
for help on using the changeset viewer.