Changeset 19 for minimanager/user.php


Ignore:
Timestamp:
Aug 13, 2007, 9:05:34 PM (17 years ago)
Author:
george
Message:

Aktualizace MaNGOS Minimanageru na verzi 0.1.4a.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • minimanager/user.php

    r5 r19  
    1919 global $lang_global, $lang_user, $output, $realm_db, $itemperpage, $user_lvl, $user_name, $gm_level_arr;
    2020
    21  $mysql = new MySQL;
    22  $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    23  
    24  $start = (isset($_GET['start'])) ? $mysql->quote_smart($_GET['start']) : 0;
    25  $order_by = (isset($_GET['order_by'])) ? $mysql->quote_smart($_GET['order_by']) : "id";
     21 $sql = new SQL;
     22 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     23 
     24 $start = (isset($_GET['start'])) ? $sql->quote_smart($_GET['start']) : 0;
     25 $order_by = (isset($_GET['order_by'])) ? $sql->quote_smart($_GET['order_by']) : "id";
    2626       
    27  $dir = (isset($_GET['dir'])) ? $mysql->quote_smart($_GET['dir']) : 1;
     27 $dir = (isset($_GET['dir'])) ? $sql->quote_smart($_GET['dir']) : 1;
    2828 $order_dir = ($dir) ? "ASC" : "DESC";
    2929 $dir = ($dir) ? 0 : 1;
    3030       
    3131//get total number of items
    32  $query_1 = $mysql->query("SELECT count(*) FROM account");
    33  $all_record = $mysql->result($query_1,0);
    34 
    35  $query = $mysql->query("SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
     32 $query_1 = $sql->query("SELECT count(*) FROM account");
     33 $all_record = $sql->result($query_1,0);
     34
     35 $query = $sql->query("SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
    3636                FROM account ORDER BY $order_by $order_dir LIMIT $start, $itemperpage");
    37  $this_page = $mysql->num_rows($query);
     37 $this_page = $sql->num_rows($query);
    3838
    3939//==========================top tage navigaion starts here========================
     
    5656           <input type=\"text\" size=\"42\" maxlength=\"50\" name=\"search_value\" />
    5757           <select name=\"search_by\">
     58            <option value=\"username\">{$lang_user['by_name']}</option>
    5859                <option value=\"id\">{$lang_user['by_id']}</option>
    59                 <option value=\"username\">{$lang_user['by_name']}</option>
    6060                <option value=\"gmlevel\">{$lang_user['by_gm_level']}</option>
    6161                <option value=\"greater_gmlevel\">{$lang_user['greater_gm_level']}</option>
     
    8282 <table class=\"lined\">
    8383   <tr>
    84         <td width=\"1%\" class=\"head\"><input name=\"allbox\" type=\"checkbox\" value=\"Check All\" onclick=\"CheckAll(document.form1);\" /></td>
    85         <td width=\"5%\" class=\"head\"><a href=\"user.php?order_by=id&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['id']}</a></td>
    86         <td width=\"23%\" class=\"head\"><a href=\"user.php?order_by=username&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['username']}</a></td>
    87         <td width=\"5%\" class=\"head\"><a href=\"user.php?order_by=gmlevel&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['gm_level']}</a></td>
    88     <td width=\"17%\" class=\"head\"><a href=\"user.php?order_by=email&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['email']}</a></td>
    89         <td width=\"14%\" class=\"head\"><a href=\"user.php?order_by=joindate&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['join_date']}</a></td>
    90         <td width=\"10%\" class=\"head\"><a href=\"user.php?order_by=last_ip&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['ip']}</a></td>
    91         <td width=\"5%\" class=\"head\"><a href=\"user.php?order_by=failed_logins&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['failed_logins']}</a></td>
    92         <td width=\"3%\" class=\"head\"><a href=\"user.php?order_by=locked&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['locked']}</a></td>
    93         <td width=\"14%\" class=\"head\"><a href=\"user.php?order_by=last_login&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['last_login']}</a></td>
    94         <td width=\"3%\" class=\"head\"><a href=\"user.php?order_by=online&amp;start=$start&amp;dir=$dir\" class=\"head_link\">{$lang_user['online']}</a></td>
     84        <th width=\"1%\"><input name=\"allbox\" type=\"checkbox\" value=\"Check All\" onclick=\"CheckAll(document.form1);\" /></th>
     85        <th width=\"5%\"><a href=\"user.php?order_by=id&amp;start=$start&amp;dir=$dir\">".($order_by=='id' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['id']}</a></th>
     86        <th width=\"23%\"><a href=\"user.php?order_by=username&amp;start=$start&amp;dir=$dir\">".($order_by=='username' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['username']}</a></th>
     87        <th width=\"5%\"><a href=\"user.php?order_by=gmlevel&amp;start=$start&amp;dir=$dir\">".($order_by=='gmlevel' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['gm_level']}</a></th>
     88    <th width=\"17%\"><a href=\"user.php?order_by=email&amp;start=$start&amp;dir=$dir\">".($order_by=='email' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['email']}</a></th>
     89        <th width=\"14%\"><a href=\"user.php?order_by=joindate&amp;start=$start&amp;dir=$dir\">".($order_by=='joindate' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['join_date']}</a></th>
     90        <th width=\"10%\"><a href=\"user.php?order_by=last_ip&amp;start=$start&amp;dir=$dir\">".($order_by=='last_ip' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['ip']}</a></th>
     91        <th width=\"5%\"><a href=\"user.php?order_by=failed_logins&amp;start=$start&amp;dir=$dir\">".($order_by=='failed_logins' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['failed_logins']}</a></th>
     92        <th width=\"3%\"><a href=\"user.php?order_by=locked&amp;start=$start&amp;dir=$dir\">".($order_by=='locked' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['locked']}</a></th>
     93        <th width=\"14%\"><a href=\"user.php?order_by=last_login&amp;start=$start&amp;dir=$dir\">".($order_by=='last_login' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['last_login']}</a></th>
     94        <th width=\"3%\"><a href=\"user.php?order_by=online&amp;start=$start&amp;dir=$dir\">".($order_by=='online' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['online']}</a></th>
    9595   </tr>";
    9696
    97  $looping = ($this_page < $itemperpage) ? $this_page : $itemperpage;
    98 
    99  for ($i=1; $i<=$looping; $i++) {
    100    $data = $mysql->fetch_row($query);
     97 while ($data = $sql->fetch_row($query)){
     98
    10199        if (($user_lvl >= $data[2])||($user_name == $data[1])){
    102100                $output .= "<tr>";
     
    113111                        <td>".(($data[7]) ? $lang_global['yes_low'] : "-")."</td>
    114112                        <td class=\"small\">$data[8]</td>
    115                         <td>".(($data[9]) ? "ON" : "-")."</td>
     113                        <td>".(($data[9]) ? "<img src=\"img/up.gif\" alt=\"\" />" : "-")."</td>
    116114            </tr>";
    117115        } else {
     
    130128 </table></form><br /></center>";
    131129
    132  $mysql->close();
     130 $sql->close();
    133131}
    134132
     
    142140 if(!isset($_GET['search_value']) || !isset($_GET['search_by'])) redirect("user.php?error=2");
    143141
    144  $mysql = new MySQL;
    145  $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    146  
    147  $search_value = $mysql->quote_smart($_GET['search_value']);
    148  $search_by = $mysql->quote_smart($_GET['search_by']);
    149 
    150  $order_by = (isset($_GET['order_by'])) ? $mysql->quote_smart($_GET['order_by']) : "id";
    151  $dir = (isset($_GET['dir'])) ? $mysql->quote_smart($_GET['dir']) : 1;
     142 $sql = new SQL;
     143 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     144 
     145 $search_value = $sql->quote_smart($_GET['search_value']);
     146 $search_by = $sql->quote_smart($_GET['search_by']);
     147
     148 $order_by = (isset($_GET['order_by'])) ? $sql->quote_smart($_GET['order_by']) : "id";
     149 $dir = (isset($_GET['dir'])) ? $sql->quote_smart($_GET['dir']) : 1;
    152150 $order_dir = ($dir) ? "ASC" : "DESC";
    153151 $dir = ($dir) ? 0 : 1;
     
    156154 
    157155 case "greater_gmlevel":
    158          $sql = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
     156         $sql_query = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
    159157                 FROM account WHERE gmlevel > $search_value ORDER BY $order_by $order_dir LIMIT $sql_search_limit";
    160158 break;
    161159 
    162160 case "banned":
    163         $sql = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
     161        $sql_query = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
    164162                 FROM account WHERE id = 0 ";
    165         $que = $mysql->query("SELECT id FROM account_banned");
    166         while ($banned = mysql_fetch_row($que)) $sql .= "OR id =$banned[0] ";
    167          $sql .= " ORDER BY $order_by $order_dir LIMIT $sql_search_limit";
     163        $que = $sql->query("SELECT id FROM account_banned");
     164        while ($banned = $sql->fetch_row($que)) $sql_query .= "OR id =$banned[0] ";
     165         $sql_query .= " ORDER BY $order_by $order_dir LIMIT $sql_search_limit";
    168166 break;
    169167 
    170168 case "failed_logins":
    171          $sql = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
     169         $sql_query = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
    172170                 FROM account WHERE failed_logins > $search_value ORDER BY $order_by $order_dir LIMIT $sql_search_limit";
    173171 break;
    174172 
    175173 default:
    176     $sql = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
     174    $sql_query = "SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online
    177175                 FROM account WHERE $search_by LIKE '%$search_value%' ORDER BY $order_by $order_dir LIMIT $sql_search_limit";
    178176 }
    179177
    180  $query = $mysql->query($sql);
    181  $total_found = $mysql->num_rows($query);
     178 $query = $sql->query($sql_query);
     179 $total_found = $sql->num_rows($query);
    182180
    183181//==========================top tage navigaion starts here========================
     
    192190           <input type=\"text\" size=\"32\" maxlength=\"50\" name=\"search_value\" />
    193191           <select name=\"search_by\">
     192            <option value=\"username\">{$lang_user['by_name']}</option>
    194193            <option value=\"id\">{$lang_user['by_id']}</option>
    195                 <option value=\"username\">{$lang_user['by_name']}</option>
    196194                <option value=\"gmlevel\">{$lang_user['by_gm_level']}</option>
    197195                <option value=\"greater_gmlevel\">{$lang_user['greater_gm_level']}</option>
     
    216214 <table class=\"lined\">
    217215   <tr>
    218         <td width=\"1%\" class=\"head\"><input name=\"allbox\" type=\"checkbox\" value=\"Check All\" onclick=\"CheckAll(document.form1);\" /></td>
    219         <td width=\"5%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=id&amp;dir=$dir\" class=\"head_link\">{$lang_user['id']}</a></td>
    220         <td width=\"23%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=username&amp;dir=$dir\" class=\"head_link\">{$lang_user['username']}</a></td>
    221         <td width=\"5%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=gmlevel&amp;dir=$dir\" class=\"head_link\">{$lang_user['gm_level']}</a></td>
    222     <td width=\"17%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=email&amp;dir=$dir\" class=\"head_link\">{$lang_user['email']}</a></td>
    223         <td width=\"14%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=joindate&amp;dir=$dir\" class=\"head_link\">{$lang_user['join_date']}</a></td>
    224         <td width=\"10%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=last_ip&amp;dir=$dir\" class=\"head_link\">{$lang_user['ip']}</a></td>
    225         <td width=\"5%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=failed_logins&amp;dir=$dir\" class=\"head_link\">{$lang_user['failed_logins']}</a></td>
    226         <td width=\"3%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=locked&amp;dir=$dir\" class=\"head_link\">{$lang_user['locked']}</a></td>
    227         <td width=\"14%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=last_login&amp;dir=$dir\" class=\"head_link\">{$lang_user['last_login']}</a></td>
    228         <td width=\"3%\" class=\"head\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=online&amp;dir=$dir\" class=\"head_link\">{$lang_user['online']}</a></td>
     216        <th width=\"1%\"><input name=\"allbox\" type=\"checkbox\" value=\"Check All\" onclick=\"CheckAll(document.form1);\" /></th>
     217        <th width=\"5%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=id&amp;dir=$dir\">".($order_by=='id' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['id']}</a></th>
     218        <th width=\"23%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=username&amp;dir=$dir\">".($order_by=='username' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['username']}</a></th>
     219        <th width=\"5%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=gmlevel&amp;dir=$dir\">".($order_by=='gmlevel' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['gm_level']}</a></th>
     220    <th width=\"17%\><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=email&amp;dir=$dir\">".($order_by=='email' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['email']}</a></th>
     221        <th width=\"14%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=joindate&amp;dir=$dir\">".($order_by=='joindate' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['join_date']}</a></th>
     222        <th width=\"10%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=last_ip&amp;dir=$dir\">".($order_by=='last_ip' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['ip']}</a></th>
     223        <th width=\"5%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=failed_logins&amp;dir=$dir\">".($order_by=='failed_logins' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['failed_logins']}</a></th>
     224        <th width=\"3%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=locked&amp;dir=$dir\">".($order_by=='locked' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['locked']}</a></th>
     225        <th width=\"14%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=last_login&amp;dir=$dir\">".($order_by=='last_login' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['last_login']}</a></th>
     226        <th width=\"3%\"><a href=\"user.php?action=search&amp;error=3&amp;search_value=$search_value&amp;search_by=$search_by&amp;order_by=online&amp;dir=$dir\">".($order_by=='online' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['online']}</a></th>
    229227   </tr>";
    230228
    231  for ($i=1; $i<=$total_found; $i++){
    232         $data = $mysql->fetch_row($query);
    233  
    234         //to disalow lower lvl gm to  view accounts of other gms same or bigger lvl
     229 while ($data = $sql->fetch_row($query)){
     230
    235231        if (($user_lvl >= $data[2])||($user_name == $data[1])){
    236232                $output .= "<tr>";
     
    247243                        <td>".(($data[7]) ? $lang_global['yes_low'] : "-")."</td>
    248244                        <td class=\"small\">$data[8]</td>
    249                         <td>".(($data[9]) ? "ON" : "-")."</td>
     245                        <td>".(($data[9]) ? "<img src=\"img/up.gif\" alt=\"\" />" : "-")."</td>
    250246            </tr>";
    251247        }else{
     
    265261 </form><br /></center>";
    266262 
    267  $mysql->close();
     263 $sql->close();
    268264}
    269265
     
    273269//#######################################################################################################
    274270function del_user() {
    275 global $lang_global, $lang_user, $output;
     271global $lang_global, $lang_user, $output, $realm_db;
    276272 if(isset($_GET['check'])) $check = $_GET['check'];
    277273        else redirect("user.php?error=1");
     
    287283        }
    288284
    289  $output .= "<center><h1><font class=\"error\">{$lang_global['are_you_sure']}</font></h1><br />";
    290  $output .= "<font class=\"bold\">{$lang_user['acc_ids']}: ";
    291 
     285 $output .= "<center><img src=\"img/warn_red.gif\" width=\"48\" height=\"48\" alt=\"\" />
     286                        <h1><font class=\"error\">{$lang_global['are_you_sure']}</font></h1><br />
     287                        <font class=\"bold\">{$lang_user['acc_ids']}: ";
     288
     289 $sql = new SQL;
     290 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     291                       
    292292 for ($i=0; $i<count($check); $i++){
    293         $output .= "<a href=\"user.php?action=edit_user&amp;id=$check[$i]\" target=\"_blank\">$check[$i], </a>";
     293        $username = $sql->result($sql->query("SELECT username FROM `account` WHERE id = {$check[$i]}"),0);
     294        $output .= "<a href=\"user.php?action=edit_user&amp;id=$check[$i]\" target=\"_blank\">$username, </a>";
    294295        $pass_array .= "&amp;check%5B%5D=$check[$i]";
    295296        }
    296 
    297  $output .= "{$lang_global['will_be_erased']}</font><br /><br />";
    298  $output .= "<table class=\"hidden\">
     297 $sql->close();
     298
     299 $output .= "<br />{$lang_global['will_be_erased']}</font><br /><br />
     300                <table class=\"hidden\">
    299301          <tr><td>";
    300302                        makebutton($lang_global['yes'], "user.php?action=dodel_user$pass_array",120);
     
    302304 $output .= "</td></tr>
    303305        </table></center><br />";
     306
    304307}
    305308
     
    312315                $tab_del_user_mangos, $tab_del_user_realmd;
    313316
    314  $mysql = new MySQL;
    315  $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    316  
    317  if(isset($_GET['check'])) $check = $mysql->quote_smart($_GET['check']);
     317 $sql = new SQL;
     318 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     319 
     320 if(isset($_GET['check'])) $check = $sql->quote_smart($_GET['check']);
    318321        else redirect("user.php?error=1");
    319322
     
    331334  }
    332335 }
    333  $mysql->close();
     336 $sql->close();
    334337 $output .= "<center>";
    335338 if ($deleted_acc == 0) $output .= "<h1><font class=\"error\">{$lang_user['no_acc_deleted']}</font></h1>";
     
    353356 global $lang_global, $lang_user, $output, $realm_db, $mangos_db, $realm_id, $user_lvl,$backup_dir;
    354357
    355  $mysql = new MySQL;
    356  $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    357  
    358  if(isset($_GET['check'])) $check = $mysql->quote_smart($_GET['check']);
     358 $sql = new SQL;
     359 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     360 
     361 if(isset($_GET['check'])) $check = $sql->quote_smart($_GET['check']);
    359362        else redirect("user.php?error=1");
    360363
     
    365368 for ($t=0; $t<count($check); $t++) {
    366369  if ($check[$t] != "" ) {
    367         $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    368 
    369         $query = $mysql->query("SELECT id FROM account WHERE id = $check[$t]");
    370         $acc = $mysql->fetch_array($query);
     370        $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     371
     372        $query = $sql->query("SELECT id FROM account WHERE id = $check[$t]");
     373        $acc = $sql->fetch_array($query);
    371374
    372375        $file_name_new = $acc[0]."_{$realm_db['name']}.sql";
     
    377380
    378381        foreach ($tab_backup_user_realmd as $value) {
    379                         $acc_query = $mysql->query("SELECT * FROM $value[0] WHERE $value[1] = $acc[0]");
    380                         $num_fields =$mysql->num_fields($acc_query);
    381                         $numrow = $mysql->num_rows($acc_query);
     382                        $acc_query = $sql->query("SELECT * FROM $value[0] WHERE $value[1] = $acc[0]");
     383                        $num_fields = $sql->num_fields($acc_query);
     384                        $numrow = $sql->num_rows($acc_query);
    382385       
    383386                        $result = "-- Dumping data for $value[0] ".date("m.d.y_H.i.s")."\n";
     
    389392                                               
    390393                                for($count = 0; $count < $num_fields; $count++) {
    391                                         $result .= "`".mysql_field_name($acc_query,$count)."`";
     394                                        $result .= "`".$sql->field_name($acc_query,$count)."`";
    392395                                        if ($count < ($num_fields-1)) $result .= ",";
    393396                                        }
     
    396399                                for ($i =0; $i<$numrow; $i++) {
    397400                                        $result .= "\t(";
    398                                         $row = $mysql->fetch_row($acc_query);
     401                                        $row = $sql->fetch_row($acc_query);
    399402                                        for($j=0; $j<$num_fields; $j++) {
    400403                                                $row[$j] = addslashes($row[$j]);
    401404                                                $row[$j] = ereg_replace("\n","\\n",$row[$j]);
    402405                                                if (isset($row[$j])) {
    403                                                         if (mysql_field_type($acc_query,$j) == "int") $result .= "$row[$j]";
     406                                                        if ($sql->field_type($acc_query,$j) == "int") $result .= "$row[$j]";
    404407                                                                else $result .= "'$row[$j]'" ;
    405408                                                }else $result .= "''";
     
    422425                fwrite($fp, "USE {$db['name']};\n\n")or die (error($lang_backup['file_write_err']));
    423426               
    424                 $mysql->connect($db['addr'], $db['user'], $db['pass'], $db['name']);
    425                 $all_char_query = $mysql->query("SELECT guid,name FROM `character` WHERE account = $acc[0]");
     427                $sql->connect($db['addr'], $db['user'], $db['pass'], $db['name']);
     428                $all_char_query = $sql->query("SELECT guid,name FROM `character` WHERE account = $acc[0]");
    426429               
    427                 while ($char = $mysql->fetch_array($all_char_query)){
     430                while ($char = $sql->fetch_array($all_char_query)){
    428431                                fwrite($fp, "-- Dumping data for character $char[1]\n")or die (error($lang_backup['file_write_err']));
    429432                                foreach ($tab_backup_user_mangos as $value) {
    430                                         $char_query = $mysql->query("SELECT * FROM $value[0] WHERE $value[1] = $char[0]");
    431                                         $num_fields = $mysql->num_fields($char_query);
    432                                         $numrow = $mysql->num_rows($char_query);
     433                                        $char_query = $sql->query("SELECT * FROM $value[0] WHERE $value[1] = $char[0]");
     434                                        $num_fields = $sql->num_fields($char_query);
     435                                        $numrow = $sql->num_rows($char_query);
    433436       
    434437                                        $result = "LOCK TABLES $value[0] WRITE;\n";
     
    439442                                               
    440443                                                for($count = 0; $count < $num_fields; $count++) {
    441                                                         $result .= "`".mysql_field_name($char_query,$count)."`";
     444                                                        $result .= "`".$sql->field_name($char_query,$count)."`";
    442445                                                        if ($count < ($num_fields-1)) $result .= ",";
    443446                                                        }
     
    446449                                                for ($i =0; $i<$numrow; $i++) {
    447450                                                        $result .= "\t(";
    448                                                         $row = $mysql->fetch_row($char_query);
     451                                                        $row = $sql->fetch_row($char_query);
    449452                                                        for($j=0; $j<$num_fields; $j++) {
    450453                                                                $row[$j] = addslashes($row[$j]);
    451454                                                                $row[$j] = ereg_replace("\n","\\n",$row[$j]);
    452455                                                                if (isset($row[$j])) {
    453                                                                         if (mysql_field_type($char_query,$j) == "int") $result .= "$row[$j]";
     456                                                                        if ($sql->field_type($char_query,$j) == "int") $result .= "$row[$j]";
    454457                                                                                else $result .= "'$row[$j]'" ;
    455458                                                                }else $result .= "''";
     
    470473  }
    471474 }
    472  $mysql->close();
     475 $sql->close();
    473476 
    474477redirect("user.php?error=15");
     
    547550   redirect("user.php?action=add_new&error=4");
    548551
    549  $mysql = new MySQL;
    550  $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    551 
    552  $new_user = $mysql->quote_smart(trim($_GET['new_user']));
    553  $pass = $mysql->quote_smart($_GET['pass']);
     552 $sql = new SQL;
     553 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     554
     555 $new_user = $sql->quote_smart(trim($_GET['new_user']));
     556 $pass = $sql->quote_smart($_GET['pass']);
    554557
    555558 //make sure username/pass at least 4 chars long and less than max
    556559 if ((strlen($new_user) < 4) || (strlen($new_user) > 15)){
    557                 $mysql->close();
     560                $sql->close();
    558561        redirect("user.php?action=add_new&error=8");
    559562        }
     
    562565 //make sure it doesnt contain non english chars.
    563566 if (!alphabetic($new_user)) {
    564                 $mysql->close();
     567                $sql->close();
    565568        redirect("user.php?action=add_new&error=9");
    566569        }
    567570
    568  $result = $mysql->query("SELECT username FROM account WHERE username = '$new_user'");
     571 $result = $sql->query("SELECT username FROM account WHERE username = '$new_user'");
    569572
    570573 //there is already someone with same username
    571  if ($mysql->num_rows($result)){
    572                 $mysql->close();
     574 if ($sql->num_rows($result)){
     575                $sql->close();
    573576        redirect("user.php?action=add_new&error=7");
    574577 } else {
    575578    $last_ip = "0.0.0.0";
    576         $new_mail = (isset($_GET['new_mail'])) ? $mysql->quote_smart(trim($_GET['new_mail'])) : NULL;
    577 
    578         $locked = (isset($_GET['new_locked'])) ? $mysql->quote_smart($_GET['new_locked']) : 0;
    579         $tbc = (isset($_GET['new_tbc'])) ? $mysql->quote_smart($_GET['new_tbc']) : 0;
    580 
    581         $result = $mysql->query("INSERT INTO account (username,I,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,online,tbc)
     579        $new_mail = (isset($_GET['new_mail'])) ? $sql->quote_smart(trim($_GET['new_mail'])) : NULL;
     580
     581        $locked = (isset($_GET['new_locked'])) ? $sql->quote_smart($_GET['new_locked']) : 0;
     582        $tbc = (isset($_GET['new_tbc'])) ? $sql->quote_smart($_GET['new_tbc']) : 0;
     583
     584        $result = $sql->query("INSERT INTO account (username,I,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,online,tbc)
    582585                                                                VALUES ('$new_user','$pass',0 ,'$new_mail',current_date() ,'$last_ip',0, $locked ,NULL, 0, $tbc)");
    583         $mysql->close();
     586        $sql->close();
    584587
    585588        if ($result) redirect("user.php?error=5");
     
    596599 if (empty($_GET['id'])) redirect("user.php?error=10");
    597600
    598  $mysql = new MySQL;
    599  $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     601 $sql = new SQL;
     602 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    600603       
    601  $id = $mysql->quote_smart($_GET['id']);
    602 
    603  $result = $mysql->query("SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online,tbc FROM account WHERE id = '$id'");
    604  $data = $mysql->fetch_row($result);
    605  
    606  if ($mysql->num_rows($result)){
     604 $id = $sql->quote_smart($_GET['id']);
     605
     606 $result = $sql->query("SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,online,tbc FROM account WHERE id = '$id'");
     607 $data = $sql->fetch_row($result);
     608 
     609 if ($sql->num_rows($result)){
    607610        //restricting accsess to lower gmlvl
    608611        if (($user_lvl <= $data[2])&&($user_name != $data[1])){
    609                 $mysql->close();
     612                $sql->close();
    610613                redirect("user.php?error=14");
    611614                }
     
    668671        <td>{$lang_user['banned']}</td>";
    669672
    670         $que = $mysql->query("SELECT bandate, unbandate, bannedby FROM account_banned WHERE id = $id");
    671         if ($mysql->num_rows($que)){
    672                 $banned = mysql_fetch_row($que);
     673        $que = $sql->query("SELECT bandate, unbandate, bannedby FROM account_banned WHERE id = $id");
     674        if ($sql->num_rows($que)){
     675                $banned = $sql->fetch_row($que);
    673676                $ban_info = " - from:".date('d-m-Y G:i', $banned[0])." till:".date('d-m-Y G:i', $banned[1])."<br />by $banned[2]";
    674677                $ban_checked = " checked=\"checked\"";
     
    710713      </tr>";
    711714
    712         $query = $mysql->query("SELECT SUM(numchars) FROM realmcharacters WHERE acctid = '$id'");
    713     $tot_chars = $mysql->result($query, 0);
    714 
    715         $mysql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
    716         $query = $mysql->query("SELECT count(*) FROM `character` WHERE account = $id");
    717         $chars_on_realm = $mysql->result($query, 0);
     715        $query = $sql->query("SELECT SUM(numchars) FROM realmcharacters WHERE acctid = '$id'");
     716    $tot_chars = $sql->result($query, 0);
     717
     718        $sql->connect($mangos_db[$realm_id]['addr'], $mangos_db[$realm_id]['user'], $mangos_db[$realm_id]['pass'], $mangos_db[$realm_id]['name']);
     719        $query = $sql->query("SELECT count(*) FROM `character` WHERE account = $id");
     720        $chars_on_realm = $sql->result($query, 0);
    718721
    719722        $output .= "<tr>
     
    728731        //if there is any chars to display
    729732        if ($chars_on_realm){
    730                 $char_array = $mysql->query("SELECT guid,name,race,class,SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) FROM `character` WHERE account = $id");
    731                 while ($char = $mysql->fetch_array($char_array)){
     733                $char_array = $sql->query("SELECT guid,name,race,class,SUBSTRING_INDEX(SUBSTRING_INDEX(`data`, ' ', 35), ' ', -1) FROM `character` WHERE account = $id");
     734                while ($char = $sql->fetch_array($char_array)){
    732735                        $output .= "<tr>
    733736                        <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'---></td>
     
    747750
    748751  } else error($lang_global['err_no_user']);
    749  $mysql->close();
     752 $sql->close();
    750753}
    751754
     
    760763   redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1");
    761764 
    762  $mysql = new MySQL;
    763  $mysql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    764 
    765  $id = $mysql->quote_smart($_POST['id']);
    766  $username = $mysql->quote_smart($_POST['username']);
    767  $pass = $mysql->quote_smart($_POST['pass']);
     765 $sql = new SQL;
     766 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
     767
     768 $id = $sql->quote_smart($_POST['id']);
     769 $username = $sql->quote_smart($_POST['username']);
     770 $pass = $sql->quote_smart($_POST['pass']);
    768771 $user_pass_change = ($pass != sha1(strtoupper($username).":******")) ? "username='$username',I='$pass'," : "";
    769772 
    770  $mail = (isset($_POST['mail']) && $_POST['mail'] != '') ? $mysql->quote_smart($_POST['mail']) : "";
    771  $failed = (isset($_POST['failed'])) ? $mysql->quote_smart($_POST['failed']) : 0;
    772  $gmlevel = (isset($_POST['gmlevel'])) ? $mysql->quote_smart($_POST['gmlevel']) : 0;
    773  $tbc = (isset($_POST['tbc'])) ? $mysql->quote_smart($_POST['tbc']) : 1;
    774  $banned = (isset($_POST['banned'])) ? $mysql->quote_smart($_POST['banned']) : 0;
    775  $locked = (isset($_POST['locked'])) ? $mysql->quote_smart($_POST['locked']) : 0;
     773 $mail = (isset($_POST['mail']) && $_POST['mail'] != '') ? $sql->quote_smart($_POST['mail']) : "";
     774 $failed = (isset($_POST['failed'])) ? $sql->quote_smart($_POST['failed']) : 0;
     775 $gmlevel = (isset($_POST['gmlevel'])) ? $sql->quote_smart($_POST['gmlevel']) : 0;
     776 $tbc = (isset($_POST['tbc'])) ? $sql->quote_smart($_POST['tbc']) : 1;
     777 $banned = (isset($_POST['banned'])) ? $sql->quote_smart($_POST['banned']) : 0;
     778 $locked = (isset($_POST['locked'])) ? $sql->quote_smart($_POST['locked']) : 0;
    776779
    777780 //make sure username/pass at least 4 chars long and less than max
    778781 if ((strlen($username) < 4) || (strlen($username) > 15)){
    779         $mysql->close();
     782        $sql->close();
    780783    redirect("user.php?action=edit_user&id=$id&error=8");
    781784   }
    782785
    783786 if ($gmlevel >= $user_lvl) {
    784         $mysql->close();
     787        $sql->close();
    785788    redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16");
    786789   }
     
    789792 //make sure it doesnt contain non english chars.
    790793 if (!alphabetic($username)) {
    791         $mysql->close();
     794        $sql->close();
    792795    redirect("user.php?action=edit_user&error=9&id=$id");
    793796   }
    794797
    795798 //restricting accsess to lower gmlvl
    796  $result = $mysql->query("SELECT gmlevel,username FROM account WHERE id = '$id'");
    797  if (($user_lvl <= $mysql->result($result, 0, 'gmlevel'))&&($user_name != $mysql->result($result, 0, 'username'))){
    798         $mysql->close();
     799 $result = $sql->query("SELECT gmlevel,username FROM account WHERE id = '$id'");
     800 if (($user_lvl <= $sql->result($result, 0, 'gmlevel'))&&($user_name != $sql->result($result, 0, 'username'))){
     801        $sql->close();
    799802        redirect("user.php?error=14");
    800803        }
    801804
    802  if (!$banned) $mysql->query("DELETE FROM account_banned WHERE id='$id'");
     805 if (!$banned) $sql->query("DELETE FROM account_banned WHERE id='$id'");
    803806        else {
    804                         $result = $mysql->query("SELECT count(*) FROM account_banned WHERE id = '$id'");
    805                         if(!$mysql->result($result, 0))
    806                                 $mysql->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)
     807                        $result = $sql->query("SELECT count(*) FROM account_banned WHERE id = '$id'");
     808                        if(!$sql->result($result, 0))
     809                                $sql->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active)
    807810                                                           VALUES ($id, ".time().",".(time()+(365*24*3600)).",'$user_name','none', 1)");                                               
    808811                 }
    809812
    810  $mysql->query("UPDATE account SET email='$mail', $user_pass_change failed_logins='$failed',locked='$locked',gmlevel='$gmlevel',tbc='$tbc' WHERE id=$id");
    811 
    812  $mysql->close();
     813 $sql->query("UPDATE account SET email='$mail', $user_pass_change failed_logins='$failed',locked='$locked',gmlevel='$gmlevel',tbc='$tbc' WHERE id=$id");
     814
     815 $sql->close();
    813816 redirect("user.php?action=edit_user&error=13&id=$id");
    814817}
Note: See TracChangeset for help on using the changeset viewer.