Changeset 374 for minimanager/user.php

Timestamp:

Sep 11, 2008, 9:10:27 AM (16 years ago)

Author:

george

Message:

• Aktualizováno: Minimanager 0.12 rev. 99. Opraveno zobrazování honoru, přidána captcha p?i registraci nového účtu a mini fórum.
• Přidáno: Český překlad pro Minimanager 0.12.
• Smazáno: Staré fotky fyzického serveru přesunuty do fotogalerie.
• Přidáno: Nějaké návody na eventy od bbtrashe.

File:

• minimanager/user.php (modified) (22 diffs)

minimanager/user.php

@@ -10 +10 @@
 
 require_once("header.php");
-valid_login(1);
+valid_login($action_permission['read']);
 require_once("scripts/id_tab.php");
 
@@ -17 +17 @@
 //########################################################################################################################
 function browse_users() {
- global $lang_global, $lang_user, $output, $realm_db, $itemperpage, $user_lvl, $user_name, $gm_level_arr;
+ global $lang_global, $lang_user, $output, $realm_db, $itemperpage, $user_lvl, $user_name, $gm_level_arr, $action_permission;
 
  $sql = new SQL;
@@ -41 +41 @@
                         <center><table class=\"top_hidden\">
                         <tr><td>";
+if($user_lvl >= $action_permission['update'])
+{
  makebutton($lang_user['add_acc'], "user.php?action=add_new", 124);
  makebutton($lang_user['cleanup'], "cleanup.php", 122);
  makebutton($lang_user['backup'], "backup.php", 122);
+}
  makebutton($lang_global['back'], "javascript:window.history.back()", 122);
  $output .= " </td><td align=\"right\" width=\"25%\" rowspan=\"2\">";
@@ -81 +84 @@
          <input type=\"hidden\" name=\"backup_op\" value=\"0\"/>
  <table class=\"lined\">
-   <tr>
-        <th width=\"1%\"><input name=\"allbox\" type=\"checkbox\" value=\"Check All\" onclick=\"CheckAll(document.form1);\" /></th>
-        <th width=\"5%\"><a href=\"user.php?order_by=id&amp;start=$start&amp;dir=$dir\">".($order_by=='id' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['id']}</a></th>
+   <tr>";
+   if($user_lvl >= $action_permission['update']) $output.= "<th width=\"1%\"><input name=\"allbox\" type=\"checkbox\" value=\"Check All\" onclick=\"CheckAll(document.form1);\" /></th>";
+    else $output .= "<th width=\"1%\"></th>";
+   $output .="<th width=\"5%\"><a href=\"user.php?order_by=id&amp;start=$start&amp;dir=$dir\">".($order_by=='id' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['id']}</a></th>
         <th width=\"23%\"><a href=\"user.php?order_by=username&amp;start=$start&amp;dir=$dir\">".($order_by=='username' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['username']}</a></th>
         <th width=\"5%\"><a href=\"user.php?order_by=gmlevel&amp;start=$start&amp;dir=$dir\">".($order_by=='gmlevel' ? "<img src=\"img/arr_".($dir ? "up" : "dw").".gif\" /> " : "")."{$lang_user['gm_level']}</a></th>
@@ -99 +103 @@
         if (($user_lvl >= $data[2])||($user_name == $data[1])){
                 $output .= "<tr>";
-                if ($user_lvl > $data[2]) $output .= "<td><input type=\"checkbox\" name=\"check[]\" value=\"$data[0]\" onclick=\"CheckCheckAll(document.form1);\" /></td>";
-                        else $output .= "<td></td>";
+                if ($user_lvl >= $action_permission['update']) $output .= "<td><input type=\"checkbox\" name=\"check[]\" value=\"$data[0]\" onclick=\"CheckCheckAll(document.form1);\" /></td>";
+                 else $output .= "<td></td>";
                 $output .= "<td>$data[0]</td>
                 <td><a href=\"user.php?action=edit_user&amp;error=11&amp;id=$data[0]\">$data[1]</a></td>
-                        <td>".$gm_level_arr[$data[2]][2]."</td>
-                        <td><a href=\"mailto:$data[3]\">".substr($data[3],0,15)."</a></td>
-                        <td class=\"small\">$data[4]</td>";
-                if (($user_lvl > $data[2])||($user_name == $data[1])) $output .= "<td>$data[5]</td>";
+                        <td>".$gm_level_arr[$data[2]][2]."</td>";
+                if ($user_lvl >= $action_permission['update']) $output .= "
+                        <td><a href=\"mailto:$data[3]\">".substr($data[3],0,15)."</a></td>";
+                else $output .= "<td>***@***</td>";
+                $output .="<td class=\"small\">$data[4]</td>";
+                if (($user_lvl >= $action_permission['update'])||($user_name == $data[1])) $output .= "<td>$data[5]</td>";
                         else $output .= "<td>******</td>";
                 $output .= "<td>".(($data[6]) ? $data[6] : "-")."</td>
@@ -121 +127 @@
         <tr>
                 <td colspan=\"8\" align=\"left\" class=\"hidden\">";
+                if($user_lvl >= $action_permission['update']) {
                         makebutton($lang_user['del_selected_users'], "javascript:do_submit('form1',0)",220);
-                        makebutton($lang_user['backup_selected_users'], "javascript:do_submit('form1',1)",220);
+                        makebutton($lang_user['backup_selected_users'], "javascript:do_submit('form1',1)",220); }
  $output .= "</td>
       <td colspan=\"4\" align=\"right\" class=\"hidden\">{$lang_user['tot_acc']} : $all_record</td>
@@ -136 +143 @@
 //#######################################################################################################
 function search() {
- global $lang_global, $lang_user, $output, $realm_db, $user_lvl, $user_name, $sql_search_limit, $gm_level_arr;
-
+ global $lang_global, $lang_user, $output, $realm_db, $user_lvl, $user_name, $sql_search_limit, $gm_level_arr, $action_permission;
+valid_login($action_permission['read']);
  if(!isset($_GET['search_value']) || !isset($_GET['search_by'])) redirect("user.php?error=2");
 
@@ -145 +152 @@
  $search_value = $sql->quote_smart($_GET['search_value']);
  $search_by = $sql->quote_smart($_GET['search_by']);
+ $search_menu = array('username', 'id', 'gmlevel', 'greater_gmlevel', 'email', 'joindate', 'last_ip', 'failed_logins', 'last_login', 'online', 'banned', 'locked', 'tbc');
+ if (!array_key_exists($search_by, $search_menu)) $search_by = 'username';
 
  $order_by = (isset($_GET['order_by'])) ? $sql->quote_smart($_GET['order_by']) : "id";
@@ -230 +239 @@
 
         if (($user_lvl >= $data[2])||($user_name == $data[1])){
-                $output .= "<tr>";
-                if ($user_lvl > $data[2]) $output .= "<td><input type=\"checkbox\" name=\"check[]\" value=\"$data[0]\" onclick=\"CheckCheckAll(document.form1);\" /></td>";
-                        else $output .= "<td></td>";
+                $output .= "<tr>";
+                if ($user_lvl >= $action_permission['update']) $output .= "<td><input type=\"checkbox\" name=\"check[]\" value=\"$data[0]\" onclick=\"CheckCheckAll(document.form1);\" /></td>";
+                 else $output .= "<td></td>";
                 $output .= "<td>$data[0]</td>
                 <td><a href=\"user.php?action=edit_user&amp;error=11&amp;id=$data[0]\">$data[1]</a></td>
-                        <td>".$gm_level_arr[$data[2]][2]."</td>
-                        <td><a href=\"mailto:$data[3]\">".substr($data[3],0,15)."</a></td>
-                        <td class=\"small\">$data[4]</td>";
-                if (($user_lvl > $data[2])||($user_name == $data[1])) $output .= "<td>$data[5]</td>";
+                        <td>".$gm_level_arr[$data[2]][2]."</td>";
+                if ($user_lvl >= $action_permission['update']) $output .= "
+                        <td><a href=\"mailto:$data[3]\">".substr($data[3],0,15)."</a></td>";
+                else $output .= "<td>***@***</td>";
+                $output .="<td class=\"small\">$data[4]</td>";
+                if (($user_lvl >= $action_permission['update'])||($user_name == $data[1])) $output .= "<td>$data[5]</td>";
                         else $output .= "<td>******</td>";
                 $output .= "<td>".(($data[6]) ? $data[6] : "-")."</td>
@@ -245 +256 @@
                         <td>".(($data[9]) ? "<img src=\"img/up.gif\" alt=\"\" />" : "-")."</td>
             </tr>";
-        }else{
+        } else {
                 $output .= "<tr><td>*</td><td>***</td><td>You</td><td>Have</td><td>No</td>
                         <td class=\"small\">Permission</td><td>to</td><td>View</td><td>this</td><td>Data</td><td>*</td></tr>";
@@ -253 +264 @@
         <tr>
                 <td colspan=\"8\" align=\"left\" class=\"hidden\">";
+                if($user_lvl >= $action_permission['update']) {
                         makebutton($lang_user['del_selected_users'], "javascript:do_submit('form1',0)",220);
-                        makebutton($lang_user['backup_selected_users'], "javascript:do_submit('form1',1)",220);
+                        makebutton($lang_user['backup_selected_users'], "javascript:do_submit('form1',1)",220); }
 $output .= "</td>
       <td colspan=\"4\" align=\"right\" class=\"hidden\">{$lang_user['tot_found']} : $total_found : {$lang_global['limit']} $sql_search_limit</td>
@@ -269 +281 @@
 //#######################################################################################################
 function del_user() {
-global $lang_global, $lang_user, $output, $realm_db;
+global $lang_global, $lang_user, $output, $realm_db, $action_permission;
+valid_login($action_permission['delete']);
  if(isset($_GET['check'])) $check = $_GET['check'];
         else redirect("user.php?error=1");
@@ -313 +326 @@
 function dodel_user() {
  global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl,
-                $tab_del_user_characters, $tab_del_user_realmd;
-
+                $tab_del_user_characters, $tab_del_user_realmd, $action_permission;
+valid_login($action_permission['delete']);
  $sql = new SQL;
  $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
@@ -354 +367 @@
 //#####################################################################################################
 function backup_user() {
- global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl,$backup_dir;
-
+ global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl,$backup_dir,$action_permission;
+valid_login($action_permission['insert']);
  $sql = new SQL;
  $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
@@ -483 +496 @@
 //#######################################################################################################
 function add_new() {
- global $lang_global, $lang_user, $output;
+ global $lang_global, $lang_user, $output, $action_permission;
+  valid_login($action_permission['insert']);
  $output .= "<center>
   <script type=\"text/javascript\" src=\"js/sha1.js\"></script>
@@ -545 +559 @@
 //#########################################################################################################
 function doadd_new() {
- global $lang_global, $realm_db;
+ global $lang_global, $realm_db, $action_permission;
+ valid_login($action_permission['insert']);
 
  if ( empty($_GET['new_user']) || empty($_GET['pass']) )
@@ -595 +610 @@
 //###########################################################################################################
 function edit_user() {
- global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $user_name, $gm_level_arr;
+ global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $user_name, $gm_level_arr, $action_permission;
+ valid_login($action_permission['view']);
 
  if (empty($_GET['id'])) redirect("user.php?error=10");
@@ -640 +656 @@
       </tr>
       <tr>
-        <td>{$lang_user['username']}</td>
-        <td><input type=\"text\" name=\"username\" size=\"43\" maxlength=\"15\" value=\"$data[1]\" /></td>
-      </tr>
-      <tr>
-        <td>{$lang_user['password']}</td>
-        <td><input type=\"text\" name=\"new_pass\" size=\"43\" maxlength=\"40\" value=\"******\" /></td>
-      </tr>
-      <tr>
-        <td>{$lang_user['email']}</td>
-        <td><input type=\"text\" name=\"mail\" size=\"43\" maxlength=\"225\"value=\"$data[3]\" /></td>
-      </tr>
-      <tr>
-        <td>{$lang_user['gm_level_long']}</td>
+        <td>{$lang_user['username']}</td>";
+      if($user_lvl >= $action_permission['update']) { $output .="
+        <td><input type=\"text\" name=\"username\" size=\"43\" maxlength=\"15\" value=\"$data[1]\" /></td>"; }
+      else $output.="<td>$data[1]</td>";
+   $output .= "
+      </tr>
+      <tr>
+        <td>{$lang_user['password']}</td>";
+      if($user_lvl >= $action_permission['update']) { $output .="
+        <td><input type=\"text\" name=\"new_pass\" size=\"43\" maxlength=\"40\" value=\"******\" /></td>"; }
+      else $output.="<td>********</td>";
+   $output .= "
+      </tr>
+      <tr>
+        <td>{$lang_user['email']}</td>";
+      if($user_lvl >= $action_permission['update']) { $output .="
+        <td><input type=\"text\" name=\"mail\" size=\"43\" maxlength=\"225\"value=\"$data[3]\" /></td>"; }
+      else $output.="<td>$data[3]</td>";
+   $output .= "
+      </tr>
+      <tr>
+        <td>{$lang_user['gm_level_long']}</td>";
+      if($user_lvl >= $action_permission['update']) { $output .="
                 <td><select name=\"gmlevel\">";
                 foreach ($gm_level_arr as $level){
@@ -662 +688 @@
                                 }
                 $output .= "</select>
-                </td>
+                </td>";         }
+                else 
+                
+                foreach ($gm_level_arr as $level){
+                                if ($data[2] == $level[0])
+                                        $output .= "<td>{$level[0]}</td>";
+                                }
+
+                //$output .= "<td></td>";
+                $output .="
       </tr>
       <tr>
@@ -674 +709 @@
         if ($sql->num_rows($que)){
                 $banned = $sql->fetch_row($que);
-                $ban_info = " - from:".date('d-m-Y G:i', $banned[0])." till:".date('d-m-Y G:i', $banned[1])."<br />by $banned[2]";
+                $ban_info = " From:".date('d-m-Y G:i', $banned[0])." till:".date('d-m-Y G:i', $banned[1])."<br />by $banned[2]";
                 $ban_checked = " checked=\"checked\"";
         } else {
@@ -680 +715 @@
                         $ban_info = "";
                         }
- $output .= "<td><input type=\"checkbox\" name=\"banned\" value=\"1\" $ban_checked/>$ban_info</td>
-      </tr>
-      <tr>
-        <td>{$lang_user['last_ip']}</td>
-        <td>$data[5]<a href=\"banned.php?action=do_add_entry&amp;entry=$data[5]&amp;bantime=3600&amp;ban_type=ip_banned\"> <- {$lang_user['ban_this_ip']}</a></td>
-      </tr>
-           <td>{$lang_user['client_type']}</td>
+      if($user_lvl >= $action_permission['update']) {
+      $output .= "<td><input type=\"checkbox\" name=\"banned\" value=\"1\" $ban_checked/>$ban_info</td>"; }
+        else
+      $output .= "<td>$ban_info</td>";
+      $output .="
+      </tr>
+      <tr>
+        <td>{$lang_user['last_ip']}</td>";
+      if($user_lvl >= $action_permission['update']) { $output .="
+        <td>$data[5]<a href=\"banned.php?action=do_add_entry&amp;entry=$data[5]&amp;bantime=3600&amp;ban_type=ip_banned\"> <- {$lang_user['ban_this_ip']}</a></td>"; }
+      else $output .= "<td>***.***.***.***</td>";
+      $output .= "
+      </tr>
+           <td>{$lang_user['client_type']}</td>";
+      if($user_lvl >= $action_permission['update']) { $output .="
                 <td><select name=\"tbc\">";
- $output .= "<option value=\"0\">{$lang_user['classic']}</option>
+      $output .= "<option value=\"0\">{$lang_user['classic']}</option>
                          <option value=\"1\" ";
                          if ($data[10]) $output .= "selected=\"selected\" ";
                         $output .= ">{$lang_user['expansion']}</option>
                         </select>
-                </td>
-      <tr>
-        <td>{$lang_user['failed_logins_long']}</td>
-            <td><input type=\"text\" name=\"failed\" size=\"43\" maxlength=\"3\" value=\"$data[6]\" /></td>
-      </tr>
+                </td>"; }
+      else $output .= "<td>{$lang_user['expansion']}</td>";
+      $output .="
+      <tr>
+        <td>{$lang_user['failed_logins_long']}</td>";
+      if($user_lvl >= $action_permission['update']) { $output .="
+            <td><input type=\"text\" name=\"failed\" size=\"43\" maxlength=\"3\" value=\"$data[6]\" /></td>";}
+      else $output .= "<td>$data[6]</td>";
+ $output .="</tr>
       <tr>
         <td>{$lang_user['locked']}</td>";
                 $lock_checked = ($data[7]) ? " checked=\"checked\"" : "";
- $output .= "<td><input type=\"checkbox\" name=\"locked\" value=\"1\" $lock_checked/></td>
+     if($user_lvl >= $action_permission['update'])
+     $output .= "<td><input type=\"checkbox\" name=\"locked\" value=\"1\" $lock_checked/></td>";
+     else
+     $output .="<td></td>";
+ $output.="
       </tr>
       <tr>
@@ -740 +791 @@
         }
 
+ 
+ if($user_lvl >= $action_permission['update'])
+ {
  $output .= "<tr><td>";
                 makebutton($lang_user['update_data'], "javascript:do_submit_data()",140);
+                makebutton($lang_user['del_acc'], "user.php?action=del_user&amp;check%5B%5D=$id",150);
+ }
+ else
+ $output .= "<tr><td>";
  $output .= "</td><td>";
-                makebutton($lang_user['del_acc'], "user.php?action=del_user&amp;check%5B%5D=$id",150);
                 makebutton($lang_global['back'], "javascript:window.history.back()",150);
  $output .= "</td></tr>