connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //-------------------SQL Injection Prevention-------------------------------- $start = (isset($_GET['start'])) ? $sqlr->quote_smart($_GET['start']) : 0; if (is_numeric($start)); else $start=0; $order_by = (isset($_GET['order_by'])) ? $sqlr->quote_smart($_GET['order_by']) : 'id'; if (preg_match('/^[_[:lower:]]{1,15}$/', $order_by)); else $order_by='id'; $dir = (isset($_GET['dir'])) ? $sqlr->quote_smart($_GET['dir']) : 1; if (preg_match('/^[01]{1}$/', $dir)); else $dir=1; $order_dir = ($dir) ? 'ASC' : 'DESC'; $dir = ($dir) ? 0 : 1; //-------------------Search-------------------------------------------------- $search_by = ''; $search_value = ''; // if we have a search request, if not we just return everything if(isset($_GET['search_value']) && isset($_GET['search_by'])) { // injection prevention $search_value = $sqlr->quote_smart($_GET['search_value']); $search_by = $sqlr->quote_smart($_GET['search_by']); $search_menu = array('username', 'id', 'gmlevel', 'greater_gmlevel', 'email', 'joindate', 'last_ip', 'failed_logins', 'last_login', 'active_realm_id', 'banned', 'locked', 'expansion'); if (in_array($search_by, $search_menu)); else $search_by = 'username'; unset($search_menu); // special search cases // developer note: 'if else' is always faster then 'switch case' if ($search_by === 'greater_gmlevel') { $sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion FROM account WHERE gmlevel > "%'.$search_value.'%" ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.''; $query_1 = $sqlr->query('SELECT count(*) FROM account WHERE gmlevel > "%'.$search_value.'%"'); } elseif ($search_by === 'banned') { $sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion FROM account WHERE id = 0 '; $count_query = 'SELECT count(*) FROM account WHERE id = 0 '; $que = $sqlr->query('SELECT id FROM account_banned'); while ($banned = $sqlr->fetch_assoc($que)) { $sql_query .= 'OR id = '.$banned['id'].''; $count_query .= 'OR id = '.$banned['id'].''; } $sql_query .= ' ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.''; $query_1 = $sqlr->query($count_query); unset($count_query); } elseif ($search_by === 'failed_logins') { $sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion FROM account WHERE failed_logins > '.$search_value.' ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.''; $query_1 = $sqlr->query('SELECT count(*) FROM account WHERE failed_logins > '.$search_value.''); } else { // default search case $sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion FROM account WHERE '.$search_by.' LIKE "%'.$search_value.'%" ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.''; $query_1 = $sqlr->query('SELECT count(*) FROM account WHERE '.$search_by.' LIKE "%'.$search_value.'%"'); } $query = $sqlr->query($sql_query); } else { // get total number of items $query_1 = $sqlr->query('SELECT count(*) FROM account'); $query = $sqlr->query('SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion FROM account ORDER BY '.$order_by.' '.$order_dir.' LIMIT '.$start.', '.$itemperpage.''); } // this is for multipage support $all_record = $sqlr->result($query_1,0); unset($query_1); //==========================top tage navigaion starts here======================== // we start with a lead of 10 spaces, // because last line of header is an opening tag with 8 spaces // keep html indent in sync, so debuging from browser source would be easy to read $output .='
'; if ($user_lvl >= $action_permission['insert']) { makebutton($lang_user['add_acc'], 'user.php?action=add_new', 130); // backup is broken // makebutton($lang_user['backup'], 'backup.php', 130); } // cleanup unknown working condition //if($user_lvl >= $action_permission['delete']) // makebutton($lang_user['cleanup'], 'cleanup.php', 130); makebutton($lang_global['back'], 'javascript:window.history.back()', 130); if ($search_by && $search_value) { makebutton($lang_user['user_list'], 'user.php', 130); } $output .= ' '; // multi page links $output .= $lang_user['tot_acc'].' : '.$all_record.'

'. generate_pagination('user.php?order_by='.$order_by.'&dir='.(($dir) ? 0 : 1).( $search_value && $search_by ? '&search_by='.$search_by.'&search_value='.$search_value.'' : '' ).'', $all_record, $itemperpage, $start); // this part for search $output .= '
'; //==========================top tage navigaion ENDS here ======================== $output .= '
'; // column headers, with links for sorting // first column is the selection check box if($user_lvl >= $action_permission['insert']) $output.= ' '; else $output .= ' '; $output .=' '; if ($expansion_select) $output .=' '; $output .=' '; if ($showcountryflag) { require_once 'libs/misc_lib.php'; $output .= ' '; } $output .= ' '; //---------------Page Specific Data Starts Here-------------------------- while ($data = $sqlr->fetch_assoc($query)) { if (($user_lvl >= $data['gmlevel'])||($user_name === $data['username'])) { $output .= ' '; if ($user_lvl >= $action_permission['insert']) $output .= ' '; else $output .= ' '; $output .= ' '; if ($expansion_select) { $exp_lvl_arr = id_get_exp_lvl(); $output .= ' '; unset($exp_lvl_arr); } if ($user_lvl >= $action_permission['update']||($user_name === $data['username'])) $output .= ' '; else $output .= ' '; $output .= ' '; if (($user_lvl >= $action_permission['update'])||($user_name === $data['username'])) $output .= ' '; else $output .= ' '; $output .= ' '; if ($showcountryflag) { $country = misc_get_country_by_ip($data['last_ip'], $sqlm); $output .= ' '; } $output .= ' '; } else { $output .= ' '; if ($expansion_select) $output .= ' '; if ($showcountryflag) $output .= ' '; $output .= ' '; } } $output .= '
'.$lang_user['id'].' '.$lang_user['username'].' '.$lang_user['gm_level'].'EXP'.$lang_user['email'].' '.$lang_user['join_date'].' '.$lang_user['ip'].' '.$lang_user['failed_logins'].' '.$lang_user['locked'].' '.$lang_user['last_login'].' '.$lang_user['online'].''.$lang_global['country'].'
'.$data['id'].' '.$data['username'].' '.$gm_level_arr[$data['gmlevel']][2].''.$exp_lvl_arr[$data['expansion']][2].''.substr($data['email'],0,15).'***@***.***'.$data['joindate'].''.$data['last_ip'].'*******'.(($data['failed_logins']) ? $data['failed_logins'] : '-').' '.(($data['locked']) ? $lang_global['yes_low'] : '-').' '.$data['last_login'].' '.(($data['active_realm_id']) ? '' : '-').''.(($country['code']) ? '' : '-').'
****YouHaveNo PermissiontoViewthisData*****

'; } //####################################################################################################### // DELETE USER //####################################################################################################### function del_user() { global $lang_global, $lang_user, $output, $realm_db, $action_permission; valid_login($action_permission['delete']); if(isset($_GET['check'])) $check = $_GET['check']; else redirect("user.php?error=1"); $pass_array = ""; //skip to backup if (isset($_GET['backup_op'])&&($_GET['backup_op'] == 1)) { for ($i=0; $i

{$lang_global['are_you_sure']}


{$lang_user['acc_ids']}: "; $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); for ($i=0; $iresult($sqlr->query("SELECT username FROM `account` WHERE id = {$check[$i]}"),0); $output .= " $username, "; $pass_array .= "&check%5B%5D=$check[$i]"; } $output .= "
{$lang_global['will_be_erased']}

"; makebutton($lang_global['yes'], "user.php?action=dodel_user$pass_array\" type=\"wrn" ,130); makebutton($lang_global['no'], "user.php\" type=\"def" ,130); $output .= "

"; } //##################################################################################################### // DO DELETE USER //##################################################################################################### function dodel_user() { global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $server_type, $tab_del_user_characters, $tab_del_user_characters_trinity, $tab_del_user_realmd, $action_permission; valid_login($action_permission['delete']); if ($server_type) $tab_del_user_characters = $tab_del_user_characters_trinity; $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); if(isset($_GET['check'])) $check = $sqlr->quote_smart($_GET['check']); else redirect("user.php?error=1"); $deleted_acc = 0; $deleted_chars = 0; require_once("libs/del_lib.php"); for ($i=0; $i{$lang_user['no_acc_deleted']}"; else { $output .= "

{$lang_user['total']} $deleted_acc {$lang_user['acc_deleted']}

"; $output .= "

{$lang_user['total']} $deleted_chars {$lang_user['char_deleted']}

"; } $output .= "

"; $output .= "
"; makebutton($lang_user['back_browsing'], "user.php", 230); $output .= "

"; } //##################################################################################################### // DO BACKUP USER //##################################################################################################### function backup_user() { global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $user_lvl, $backup_dir, $action_permission; valid_login($action_permission['insert']); $sql = new SQL; $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); if(isset($_GET['check'])) $check = $sql->quote_smart($_GET['check']); else redirect("user.php?error=1"); require_once("libs/tab_lib.php"); if ($server_type) $tab_backup_user_characters = $tab_backup_user_characters_trinity; $subdir = "$backup_dir/accounts/".date("m_d_y_H_i_s")."_partial"; mkdir($subdir, 0750); for ($t=0; $tconnect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $query = $sql->query("SELECT id FROM account WHERE id = $check[$t]"); $acc = $sql->fetch_array($query); $file_name_new = $acc[0]."_{$realm_db['name']}.sql"; $fp = fopen("$subdir/$file_name_new", 'w') or die (error($lang_backup['file_write_err'])); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$realm_db['name']};\n")or die (error($lang_backup['file_write_err'])); fwrite($fp, "USE {$realm_db['name']};\n\n")or die (error($lang_backup['file_write_err'])); foreach ($tab_backup_user_realmd as $value) { $acc_query = $sql->query("SELECT * FROM $value[0] WHERE $value[1] = $acc[0]"); $num_fields = $sql->num_fields($acc_query); $numrow = $sql->num_rows($acc_query); $result = "-- Dumping data for $value[0] ".date("m.d.y_H.i.s")."\n"; $result .= "LOCK TABLES $value[0] WRITE;\n"; $result .= "DELETE FROM $value[0] WHERE $value[1] = $acc[0];\n"; if ($numrow) { $result .= "INSERT INTO $value[0] ("; for($count = 0; $count < $num_fields; $count++) { $result .= "`".$sql->field_name($acc_query,$count)."`"; if ($count < ($num_fields-1)) $result .= ","; } $result .= ") VALUES \n"; for ($i =0; $i<$numrow; $i++) { $result .= "\t("; $row = $sql->fetch_row($acc_query); for($j=0; $j<$num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace("\n","\\n",$row[$j]); if (isset($row[$j])) { if ($sql->field_type($acc_query,$j) == "int") $result .= "$row[$j]"; else $result .= "'$row[$j]'" ; } else $result .= "''"; if ($j<($num_fields-1)) $result .= ","; } if ($i < ($numrow-1)) $result .= "),\n"; } $result .= ");\n"; } $result .= "UNLOCK TABLES;\n"; $result .= "\n"; fwrite($fp, $result)or die (error($lang_backup['file_write_err'])); } fclose($fp); foreach ($characters_db as $db) { $file_name_new = $acc[0]."_{$db['name']}.sql"; $fp = fopen("$subdir/$file_name_new", 'w') or die (error($lang_backup['file_write_err'])); fwrite($fp, "CREATE DATABASE /*!32312 IF NOT EXISTS*/ {$db['name']};\n")or die (error($lang_backup['file_write_err'])); fwrite($fp, "USE {$db['name']};\n\n")or die (error($lang_backup['file_write_err'])); $sql->connect($db['addr'], $db['user'], $db['pass'], $db['name']); $all_char_query = $sql->query("SELECT guid,name FROM `characters` WHERE account = $acc[0]"); while ($char = $sql->fetch_array($all_char_query)) { fwrite($fp, "-- Dumping data for character $char[1]\n")or die (error($lang_backup['file_write_err'])); foreach ($tab_backup_user_characters as $value) { $char_query = $sql->query("SELECT * FROM $value[0] WHERE $value[1] = $char[0]"); $num_fields = $sql->num_fields($char_query); $numrow = $sql->num_rows($char_query); $result = "LOCK TABLES $value[0] WRITE;\n"; $result .= "DELETE FROM $value[0] WHERE $value[1] = $char[0];\n"; if ($numrow) { $result .= "INSERT INTO $value[0] ("; for($count = 0; $count < $num_fields; $count++) { $result .= "`".$sql->field_name($char_query,$count)."`"; if ($count < ($num_fields-1)) $result .= ","; } $result .= ") VALUES \n"; for ($i =0; $i<$numrow; $i++) { $result .= "\t("; $row = $sql->fetch_row($char_query); for($j=0; $j<$num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace("\n","\\n",$row[$j]); if (isset($row[$j])) { if ($sql->field_type($char_query,$j) == "int") $result .= "$row[$j]"; else $result .= "'$row[$j]'" ; } else $result .= "''"; if ($j<($num_fields-1)) $result .= ","; } if ($i < ($numrow-1)) $result .= "),\n"; } $result .= ");\n"; } $result .= "UNLOCK TABLES;\n"; $result .= "\n"; fwrite($fp, $result)or die (error($lang_backup['file_write_err'])); } } fclose($fp); } } } redirect("user.php?error=15"); } //####################################################################################################### // ADD NEW USER //####################################################################################################### function add_new() { global $lang_global, $lang_user, $output, $action_permission, $expansion_select; valid_login($action_permission['insert']); $output .= "
{$lang_user['create_new_acc']}
"; if ( $expansion_select ) $output .= " "; $output .="
{$lang_user['username']}
{$lang_user['password']}
{$lang_user['confirm']}
{$lang_user['email']}
{$lang_user['locked']}
{$lang_user['expansion_account']}
"; makebutton($lang_user['create_acc'], "javascript:do_submit_data()\" type=\"wrn",130); $output .= " "; makebutton($lang_global['back'], "javascript:window.history.back()\" type=\"def",130); $output .= "


"; } //######################################################################################################### // DO ADD NEW USER //######################################################################################################### function doadd_new() { global $lang_global, $realm_db, $action_permission; valid_login($action_permission['insert']); if ( empty($_GET['new_user']) || empty($_GET['pass']) ) redirect("user.php?action=add_new&error=4"); $sqlc = new SQL; $sqlc->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $new_user = $sqlc->quote_smart(trim($_GET['new_user'])); $pass = $sqlc->quote_smart($_GET['pass']); //make sure username/pass at least 4 chars long and less than max if ((strlen($new_user) < 4) || (strlen($new_user) > 15)) redirect("user.php?action=add_new&error=8"); require_once("libs/valid_lib.php"); //make sure it doesnt contain non english chars. if (!valid_alphabetic($new_user)) redirect("user.php?action=add_new&error=9"); $result = $sqlc->query("SELECT username FROM account WHERE username = '$new_user'"); //there is already someone with same username if ($sqlc->num_rows($result)) redirect("user.php?action=add_new&error=7"); else $last_ip = "0.0.0.0"; $new_mail = (isset($_GET['new_mail'])) ? $sqlc->quote_smart(trim($_GET['new_mail'])) : NULL; $locked = (isset($_GET['new_locked'])) ? $sqlc->quote_smart($_GET['new_locked']) : 0; $expansion = (isset($_GET['new_expansion'])) ? $sqlc->quote_smart($_GET['new_expansion']) : 0; $result = $sqlc->query("INSERT INTO account (username,sha_pass_hash,gmlevel,email, joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion) VALUES ('$new_user','$pass',0 ,'$new_mail',now() ,'$last_ip',0, $locked ,NULL, 0, $expansion)"); if ($result) redirect("user.php?error=5"); } //########################################################################################################### // EDIT USER //########################################################################################################### function edit_user() { global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $mmfpm_db, $user_lvl, $user_name, $gm_level_arr, $action_permission, $expansion_select, $developer_test_mode, $multi_realm_mode, $server; if (empty($_GET['id'])) redirect("user.php?error=10"); $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $sqlm = new SQL; $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $sqlc = new SQL; $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $id = $sqlr->quote_smart($_GET['id']); $result = $sqlr->query("SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,active_realm_id,expansion FROM account WHERE id = '$id'"); $data = $sqlr->fetch_assoc($result); $refguid = $sqlm->fetch_assoc($sqlm->query('SELECT InvitedBy FROM point_system_invites WHERE PlayersAccount = '.$data['id'].'')); $refguid = $refguid['InveitedBy']; $referred_by = $sqlc->fetch_assoc($sqlc->query("SELECT name FROM characters WHERE guid = '$refguid'")); unset($refguid); $referred_by = $referred_by['name']; if ($sqlr->num_rows($result)) { $output .= '
'.$lang_user['edit_acc'].'
'; if($user_lvl >= $action_permission['update']) $output .=' '; else $output.=' '; $output .= ' '; if($user_lvl >= $action_permission['update']) $output .=" "; else $output.=" "; $output .= " "; if($user_lvl >= $action_permission['update']) $output .= ' '; else $output.=" "; $output .= " "; if($user_lvl >= $action_permission['update']) { $output .=" '; if($user_lvl >= $action_permission['update']) $output .= ' '; else $output .= " "; $output .= " "; $que = $sqlr->query("SELECT bandate, unbandate, bannedby, banreason FROM account_banned WHERE id = $id"); if ($sqlr->num_rows($que)) { $banned = $sqlr->fetch_row($que); $ban_info = " From:".date('d-m-Y G:i', $banned[0])." till:".date('d-m-Y G:i', $banned[1])."
by $banned[2]"; $ban_checked = " checked=\"checked\""; } else { $ban_checked = ""; $ban_info = ""; $banned[3] = ""; } if($user_lvl >= $action_permission['update']) $output .= " "; else $output .= " "; $output .=" "; if($user_lvl >= $action_permission['update']) $output .=" "; else $output .= " "; if ($expansion_select) { $output .=" "; if($user_lvl >= $action_permission['update']) { $output .=" "; $output .=" '; else $output .= ' '; $output .=" "; $lock_checked = ($data['locked']) ? " checked=\"checked\"" : ""; if($user_lvl >= $action_permission['update']) $output .= " "; else $output .=" "; $output.= ' '; $output .= " "; $query = $sqlr->query("SELECT SUM(numchars) FROM realmcharacters WHERE acctid = '$id'"); $tot_chars = $sqlr->result($query, 0); $query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = $id"); $chars_on_realm = $sqlc->result($query, 0); $output .= " "; $realms = $sqlr->query("SELECT id, name FROM realmlist"); if ($developer_test_mode && $multi_realm_mode && ($sqlr->num_rows($realms) > 1 && (count($server) > 1) && (count($characters_db) > 1))) { require_once("scripts/get_lib.php"); while ($realm = $sqlr->fetch_array($realms)) { $sqlc->connect($characters_db[$realm[0]]['addr'], $characters_db[$realm[0]]['user'], $characters_db[$realm[0]]['pass'], $characters_db[$realm[0]]['name']); $query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = $id"); $chars_on_realm = $sqlc->result($query, 0); $output .= " "; if ($chars_on_realm) { $char_array = $sqlc->query("SELECT guid, name, race, class, level, gender FROM `characters` WHERE account = $id"); while ($char = $sqlc->fetch_array($char_array)) { $output .= " "; } } } } else { $query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = $id"); $chars_on_realm = $sqlc->result($query, 0); $output .= " "; if ($chars_on_realm) { $char_array = $sqlc->query("SELECT guid,name,race,class, level, gender FROM `characters` WHERE account = $id"); while ($char = $sqlc->fetch_array($char_array)) { $output .= " "; } } } $output .= "
'.$lang_user['id'].' '.$data['id'].'
'.$lang_user['username'].''.$data['username'].'
'.$lang_user['password'].'********
{$lang_user['email']}***@***.***
{$lang_user['invited_by']}: "; if($user_lvl >= $action_permission['update'] && !$referred_by !=NULL) $output .=" "; else $output .=" $referred_by"; $output .="
{$lang_user['gm_level_long']}
'.$lang_user['join_date'].' '.$data['joindate'].'
'.$lang_user['last_ip'].''.$data['last_ip'].' <- '.$lang_user['ban_this_ip'].'***.***.***.***
{$lang_user['banned']}$ban_info$ban_info
{$lang_user['banned_reason']}$banned[3]
{$lang_user['client_type']} '.$data['failed_logins'].'
{$lang_user['locked']}
'.$lang_user['last_login'].' '.$data['last_login'].'
'.$lang_user['online'].'".(( $data['active_realm_id'] ) ? $lang_global['yes'] : $lang_global['no'])."
{$lang_user['tot_chars']} $tot_chars
{$lang_user['chars_on_realm']} ".get_realm_name($realm[0])." $chars_on_realm
      '---> $char[1] - \"\" \"\"/ - lvl ".char_get_level_color($char[4])."
{$lang_user['chars_on_realm']} $chars_on_realm
      '---> $char[1] - \"\" \"\"/ - lvl ".char_get_level_color($char[4])."
"; if($user_lvl >= $action_permission['delete']) makebutton($lang_user['del_acc'], "user.php?action=del_user&check%5B%5D=$id\" type=\"wrn",130); $output .= " "; if($user_lvl >= $action_permission['update']) makebutton($lang_user['update_data'], "javascript:do_submit_data()",130); makebutton($lang_global['back'], "javascript:window.history.back()\" type=\"def",130); $output .= "


"; } else error($lang_global['err_no_user']); } //############################################################################################################ // DO EDIT USER //############################################################################################################ function doedit_user() { global $lang_global, $realm_db, $mmfpm_db, $user_lvl, $user_name, $action_permission; valid_login($action_permission['update']); if ( (!isset($_POST['pass'])||($_POST['pass'] === '')) && (!isset($_POST['mail'])||($_POST['mail'] === '')) && (!isset($_POST['expansion'])||($_POST['expansion'] === '')) && (!isset($_POST['referredby'])||($_POST['referredby'] === '')) ) redirect("user.php?action=edit_user&&id={$_POST['id']}&error=1"); $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $id = $sqlr->quote_smart($_POST['id']); $username = $sqlr->quote_smart($_POST['username']); $banreason = $sqlr->quote_smart($_POST['banreason']); $pass = $sqlr->quote_smart($_POST['pass']); $user_pass_change = ($pass != sha1(strtoupper($username).":******")) ? "username='$username',sha_pass_hash='$pass'," : ""; $mail = (isset($_POST['mail']) && $_POST['mail'] != '') ? $sqlr->quote_smart($_POST['mail']) : ""; $failed = (isset($_POST['failed'])) ? $sqlr->quote_smart($_POST['failed']) : 0; $gmlevel = (isset($_POST['gmlevel'])) ? $sqlr->quote_smart($_POST['gmlevel']) : 0; $expansion = (isset($_POST['expansion'])) ? $sqlr->quote_smart($_POST['expansion']) : 1; $banned = (isset($_POST['banned'])) ? $sqlr->quote_smart($_POST['banned']) : 0; $locked = (isset($_POST['locked'])) ? $sqlr->quote_smart($_POST['locked']) : 0; $referredby = $sqlr->quote_smart(trim($_POST['referredby'])); //make sure username/pass at least 4 chars long and less than max if ((strlen($username) < 4) || (strlen($username) > 15)) redirect("user.php?action=edit_user&id=$id&error=8"); if ($gmlevel >= $user_lvl) redirect("user.php?action=edit_user&&id={$_POST['id']}&error=16"); require_once("libs/valid_lib.php"); if (!valid_alphabetic($username)) redirect("user.php?action=edit_user&error=9&id=$id"); //restricting accsess to lower gmlvl $result = $sqlr->query("SELECT gmlevel,username FROM account WHERE id = '$id'"); if (($user_lvl <= $sqlr->result($result, 0, 'gmlevel')) && ($user_name != $sqlr->result($result, 0, 'username'))) redirect("user.php?error=14"); if (!$banned) $sqlr->query("DELETE FROM account_banned WHERE id='$id'"); else { $result = $sqlr->query("SELECT count(*) FROM account_banned WHERE id = '$id'"); if(!$sqlr->result($result, 0)) $sqlr->query("INSERT INTO account_banned (id, bandate, unbandate, bannedby, banreason, active) VALUES ($id, ".time().",".(time()+(365*24*3600)).",'$user_name','$banreason', 1)"); } $sqlr->query("UPDATE account SET email='$mail', $user_pass_change v=0,s=0,failed_logins='$failed',locked='$locked',gmlevel='$gmlevel',expansion='$expansion' WHERE id=$id"); if (doupdate_referral($referredby, $id) || $sqlr->affected_rows()) redirect("user.php?action=edit_user&error=13&id=$id"); else redirect("user.php?action=edit_user&error=12&id=$id"); } function doupdate_referral($referredby, $user_id) { global $realm_db, $mmfpm_db, $characters_db, $realm_id; $sqlm = new SQL; $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); $sqlc = new SQL; $sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']); $sqlr = new SQL; $sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']); $result = $sqlm->fetch_row($sqlm->query("SELECT InvitedBy FROM point_system_invites WHERE PlayersAccount = '$user_id'")); $result = $result[0]; if ($result == NULL) { $referred_by = $sqlc->fetch_row($sqlc->query("SELECT guid FROM characters WHERE name = '$referredby'")); $referred_by = $referred_by[0]; if ($referred_by != NULL) { $char = $sqlc->fetch_row($sqlc->query("SELECT account FROM characters WHERE guid = '$referred_by'")); $result = $sqlr->fetch_row($sqlr->query("SELECT id FROM account WHERE id = '$char'")); $result = $result[0]; if ($result != $user_id) { $sqlm->query("INSERT INTO point_system_invites (PlayersAccount, InvitedBy, InviterAccount) VALUES ('$user_id', '$referred_by', '$result')"); return true; } else return false; } } } //######################################################################################################################## // MAIN //######################################################################################################################## $err = (isset($_GET['error'])) ? $_GET['error'] : NULL; $output .= "
"; // load language $lang_user = lang_user(); // defines the title header in error cases switch ($err) { case 1: $output .= "

{$lang_global['empty_fields']}

"; break; case 2: $output .= "

{$lang_global['err_no_search_passed']}

"; break; case 3: $output .= "

{$lang_user['search_results']}

"; break; case 4: $output .= "

{$lang_user['acc_creation_failed']}

"; break; case 5: $output .= "

{$lang_user['acc_created']}

"; break; case 6: $output .= "

{$lang_user['nonidentical_passes']}

"; break; case 7: $output .= "

{$lang_user['user_already_exist']}

"; break; case 8: $output .= "

{$lang_user['username_pass_too_long']}

"; break; case 9: $output .= "

{$lang_user['use_only_eng_charset']}

"; break; case 10: $output .= "

{$lang_user['no_value_passed']}

"; break; case 11: $output .= "

{$lang_user['edit_acc']}

"; break; case 12: $output .= "

{$lang_user['update_failed']}

"; break; case 13: $output .= "

{$lang_user['data_updated']}

"; break; case 14: $output .= "

{$lang_user['you_have_no_permission']}

"; break; case 15: $output .= "

{$lang_user['acc_backedup']}

"; break; case 16: $output .= "

{$lang_user['you_have_no_permission_to_set_gmlvl']}

"; break; default: //no error $output .= "

{$lang_user['browse_acc']}

"; } unset($err); $output .= "
"; $action = (isset($_GET['action'])) ? $_GET['action'] : NULL; switch ($action) { case "add_new": add_new(); break; case "doadd_new": doadd_new(); break; case "edit_user": edit_user(); break; case "doedit_user": doedit_user(); break; case "del_user": del_user(); break; case "dodel_user": dodel_user(); break; case "backup_user": backup_user(); break; default: browse_users($sqlr, $sqlc); } unset($action); unset($action_permission); unset($lang_user); require_once("footer.php"); ?>