View Source: /source/user.php
Click here for the source, OR
Other files that you may wish to view the source of:
<?
require_once "common.php";
if ($session[user][superuser]<3) {
page_header("INFIDEL!");
output("For attempting to defile the gods, you have been smitten down!");
addnews("`&".$session[user][name]." was smote down for attempting to defile the gods (they tried to hack superuser pages).");
$session[user][hitpoints]=0;
$session[user][alive]=0;
addnav("Daily News","news.php");
page_footer();
exit();
}
if ($_GET[op]=="search"){
$sql = "SELECT acctid FROM accounts WHERE ";
$where="
login LIKE '%{$_POST['q']}%' OR
acctid LIKE '%{$_POST['q']}%' OR
name LIKE '%{$_POST['q']}%' OR
emailaddress LIKE '%{$_POST['q']}%' OR
lastip LIKE '%{$_POST['q']}%' OR
uniqueid LIKE '%{$_POST['q']}%' OR
gentimecount LIKE '%{$_POST['q']}%' OR
level LIKE '%{$_POST['q']}%'";
$result = db_query($sql.$where);
if (db_num_rows($result)<=0){
output("`\$No results found`0");
$_GET[op]="";
$where="";
}else{
if (db_num_rows($result)==1){
//$row = db_fetch_assoc($result);
//redirect("user.php?op=edit&userid=$row[acctid]");
$_GET[op]="";
$_GET['page']=0;
}else{
$_GET[op]="";
$_GET['page']=0;
}
}
}
page_header("User Editor");
output("<form action='user.php?op=search' method='POST'>Search by any field below: <input name='q'><input type='submit'></form>",true);
addnav("","user.php?op=search");
addnav("Return to the grotto","superuser.php");
addnav("Return to the mundane","village.php");
addnav("Add a ban","user.php?op=setupban");
addnav("List/Remove bans","user.php?op=removeban");
//addnav("User Editor Home","user.php");
$sql = "SELECT count(acctid) AS count FROM accounts";
$result = db_query($sql);
$row = db_fetch_assoc($result);
$page=0;
while ($row[count]>0){
$page++;
addnav("$page Page $page","user.php?page=".($page-1)."&sort=$_GET[sort]");
$row[count]-=100;
}
$userinfo = array(
"Account info,title",
"acctid"=>"User id,viewonly",
"login"=>"Login",
"password"=>"Password,password",
"emailaddress"=>"Email Address",
"locked"=>"Account Locked,bool",
"superuser"=>"Superuser,enum,0,Standard play days per calendar day,1,Unlimited play days per calendar day,2,Admin creatures and taunts,3,Admin users",
"Basic user info,title",
"name"=>"Display Name",
"title"=>"Title (must also put in display name)",
"sex"=>"Sex,enum,0,Male,1,Female",
"age"=>"Days since level 1,int",
"Stats,title",
"level"=>"Level,int",
"experience"=>"Experience,int",
"hitpoints"=>"Current Hitpoints,int",
"maxhitpoints"=>"Max Hitpoints,int",
"turns"=>"Turns left,int",
"playerfights"=>"Playerfights left,int",
"attack"=>"Attack (includes weapon damage),int",
"defence"=>"Defense (includes armor defense),int",
"spirits"=>"Spirits (display only),enum,-2,Very Low,-1,Low,0,Normal,1,High,2,Very High",
"resurrections"=>"Resurrections,int",
"Grave Fights,title",
"deathpower"=>"Favor with Ramius,int",
"gravefights"=>"Grave fights left,int",
"soulpoints"=>"Soulpoints (HP while dead),int",
"Specialty,title",
"specialty"=>"Specialty,enum,0,Unspecified,1,Dark Arts,2,Mystical Powers,3,Thievery",
"darkarts"=>"`4Skill in Dark Arts`0,int",
"darkartuses"=>"`4^--uses today`0,int",
"magic"=>"`%Skill in Mystical Powers`0,int",
"magicuses"=>"`%^--uses today`0,int",
"thievery"=>"`^Skill in Thievery`0,int",
"thieveryuses"=>"`^^--uses today`0,int",
"Gear,title",
"gold"=>"Gold in hand,int",
"goldinbank"=>"Gold in bank,int",
"weapon"=>"Weapon Name",
"weapondmg"=>"Damage of weapon,int",
"weaponvalue"=>"Purchase cost of weapon,int",
"armor"=>"Armor Name",
"armordef"=>"Armor defense,int",
"gems"=>"Gems,int",
"armorvalue"=>"Purchase cost of armor,int",
"drunkenness"=>"Drunkenness (0-100),int",
"Special,title",
"seenlover"=>"Seen lover,bool",
"seenbard"=>"Heard bard,bool",
"charm"=>"Charm,int",
"seendragon"=>"Saw dragon today,bool",
"seenmaster"=>"Seen master,bool",
"hashorse"=>"Horse,enum,0,Nope,1,Pony,2,Gelding,3,Stallion",
"boughtroomtoday"=>"Bought a room today,bool",
"Misc Info,title",
"slainby"=>"Killed by player,viewonly",
"laston"=>"Last On,viewonly",
"lasthit"=>"Last New Day,viewonly",
"lastmotd"=>"Last MOTD date,viewonly",
"lastip"=>"Last IP,viewonly",
"uniqueid"=>"Unique ID,viewonly",
"gentime"=>"Sum of page gen times,viewonly",
"gentimecount"=>"Page hits,viewonly",
"allowednavs"=>"Allowed Navs,viewonly",
"bufflist"=>"Buff List,viewonly",
"prefs"=>"Preferences,viewonly"
);
if ($_GET[op]=="edit"){
$result = db_query("SELECT * FROM accounts WHERE acctid='$_GET[userid]'") or die(db_error(LINK));
$row = db_fetch_assoc($result) or die(db_error(LINK));
output("<form action='user.php?op=special&userid=$_GET[userid]' method='POST'>",true);
addnav("","user.php?op=special&userid=$_GET[userid]");
output("<input type='submit' name='newday' value='Grant New Day'>",true);
output("<input type='submit' name='fixnavs' value='Fix Broken Navs'>",true);
output("<input type='submit' name='clearvalidation' value='Mark Email As Valid'>",true);
output("</form>",true);
output("<form action='user.php?op=save&userid=$_GET[userid]' method='POST'>",true);
addnav("","user.php?op=save&userid=$_GET[userid]");
addnav("","user.php?op=edit&userid=$_GET[userid]");
addnav("Set up ban","user.php?op=setupban&userid=$row[acctid]");
showform($userinfo,$row);
output("</form>",true);
}else if ($_GET[op]=="special"){
if ($_POST[newday]!=""){
$sql = "UPDATE accounts SET lasthit='".date("Y-m-d H:i:s",strtotime("-".(86500/getsetting("daysperday",4))." seconds"))."' WHERE acctid='$_GET[userid]'";
}else if($_POST[fixnavs]!=""){
$sql = "UPDATE accounts SET allowednavs='',output=\"<a href='village.php'>Return to the village</a>\" WHERE acctid='$_GET[userid]'";
}else if($_POST[clearvalidation]!=""){
$sql = "UPDATE accounts SET emailvalidation='' WHERE acctid='$_GET[userid]'";
}
db_query($sql);
redirect("user.php?".db_affected_rows());
}else if ($_GET[op]=="save"){
$sql = "UPDATE accounts SET ";
while (list($key,$val)=each($_POST)){
if (isset($userinfo[$key])){
$sql.="$key = \"$val\",";
}
}
$sql=substr($sql,0,strlen($sql)-1);
$sql.=" WHERE acctid=\"$_GET[userid]\"";
//output("<pre>$sql</pre>");
//echo "<pre>$sql</pre>";
//redirect("user.php");
//output( db_affected_rows()." rows affected");
//we must manually redirect so that our changes go in to effect *after* our user save.
addnav("","user.php");
saveuser();
db_query($sql) or die(db_error(LINK));
header("Location: user.php");
exit();
}else if ($_GET[op]=="del"){
$sql = "DELETE FROM accounts WHERE acctid='$_GET[userid]'";
db_query($sql);
output( db_affected_rows()." user deleted.");
}else if($_GET[op]=="setupban"){
$sql = "SELECT name,lastip,uniqueid FROM accounts WHERE acctid=\"$_GET[userid]\"";
$result = db_query($sql) or die(db_error(LINK));
$row = db_fetch_assoc($result);
if ($row[name]!="") output("Setting up ban information based on `\$$row[name]`0");
output("<form action='user.php?op=saveban' method='POST'>",true);
output("Set up a new ban by IP or by ID (recommended IP, though if you have several different users behind a NAT, you can try ID which is easily defeated)`n");
output("<input type='radio' value='ip' name='type' checked> IP: <input name='ip' value=\"".HTMLEntities($row[lastip])."\">`n",true);
output("<input type='radio' value='id' name='type'> ID: <input name='id' value=\"".HTMLEntities($row[uniqueid])."\">`n",true);
output("Duration: <input name='duration' id='duration' size='3' value='14'> days (0 for permanent)`n",true);
output("Reason for the ban: <input name='reason' value=\"Don't mess with me.\">`n",true);
output("<input type='submit' value='Post Ban' onClick='if (document.getElementById(\"duration\").value==0) {return confirm(\"Are you sure you wish to issue a permanent ban?\");} else {return true;}'></form>",true);
output("For an IP ban, enter the beginning part of the IP you wish to ban if you wish to ban a range, or simply a full IP to ban a single IP");
addnav("","user.php?op=saveban");
}else if($_GET[op]=="saveban"){
$sql = "INSERT INTO bans (";
if ($_POST[type]=="ip"){
$sql.="ipfilter";
}else{
$sql.="uniqueid";
}
$sql.=",banexpire,banreason) VALUES (";
if ($_POST[type]=="ip"){
$sql.="\"$_POST[ip]\"";
}else{
$sql.="\"$_POST[id]\"";
}
$sql.=",\"".((int)$_POST[duration]==0?"0000-00-00":date("Y-m-d",strtotime("+$_POST[duration] days")))."\",";
$sql.="\"$_POST[reason]\")";
if ($_POST[type]=="ip"){
if (substr($_SERVER['REMOTE_ADDR'],0,strlen($_POST[ip])) == $_POST[ip]){
$sql = "";
output("You don't really want to ban yourself now do you?? That's your own IP address!");
}
}else{
if ($_COOKIE[lgi]==$_POST[id]){
$sql = "";
output("You don't really want to ban yourself now do you?? That's your own ID!");
}
}
if ($sql!=""){
db_query($sql) or die(db_error(LINK));
output(db_affected_rows()." ban row entered.`n`n");
output(db_error(LINK));
}
}else if($_GET[op]=="delban"){
$sql = "DELETE FROM bans WHERE ipfilter = '$_GET[ipfilter]' AND uniqueid = '$_GET[uniqueid]'";
db_query($sql);
//output($sql);
redirect("user.php?op=removeban");
}else if($_GET[op]=="removeban"){
db_query("DELETE FROM bans WHERE banexpire < \"".date("Y-m-d")."\"");
$sql = "SELECT * FROM bans ORDER BY banexpire";
$result = db_query($sql) or die(db_error(LINK));
output("<table><tr><td>Ops</td><td>IP/ID</td><td>Duration</td><td>Message</td><td>Affects:</td></tr>",true);
for ($i=0;$i<db_num_rows($result);$i++){
$row = db_fetch_assoc($result);
output("<tr class='".($i%2?"trlight":"trdark")."'><td><a href='user.php?op=delban&ipfilter=".URLEncode($row[ipfilter])."&uniqueid=".URLEncode($row[uniqueid])."'>Lift ban</a>",true);
addnav("","user.php?op=delban&ipfilter=".URLEncode($row[ipfilter])."&uniqueid=".URLEncode($row[uniqueid]));
output("</td><td>",true);
output($row[ipfilter]);
output($row[uniqueid]);
output("</td><td>",true);
$expire=round((strtotime($row[banexpire])-strtotime("now")) / 86400,0)." days";
if (substr($expire,0,2)=="1 ") $expire="1 day";
if (date("Y-m-d",strtotime($row[banexpire])) == date("Y-m-d")) $expire="Today";
if (date("Y-m-d",strtotime($row[banexpire])) == date("Y-m-d",strtotime("1 day"))) $expire="Tomorrow";
if ($row[banexpire]=="0000-00-00") $expire="Never";
output($expire);
output("</td><td>",true);
output($row[banreason]);
output("</td><td>",true);
$sql = "SELECT DISTINCT accounts.name FROM bans, accounts WHERE (ipfilter='".addslashes($row['ipfilter'])."' AND bans.uniqueid='".addslashes($row['uniqueid'])."') AND ((substring(accounts.lastip,1,length(ipfilter))=ipfilter AND ipfilter<>'') OR (bans.uniqueid=accounts.uniqueid AND bans.uniqueid<>''))";
$r = db_query($sql);
for ($x=0;$x<db_num_rows($r);$x++){
$ro = db_fetch_assoc($r);
output("`0{$ro['name']}`n");
}
output("</td></tr>",true);
}
output("</table>",true);
}else if ($_GET[op]==""){
if (isset($_GET['page'])){
$order = "acctid";
if ($_GET[sort]!="") $order = "$_GET[sort]";
$offset=(int)$_GET['page']*100;
$sql = "SELECT acctid,login,name,level,laston,gentimecount,lastip,uniqueid,emailaddress FROM accounts ".($where>""?"WHERE $where ":"")."ORDER BY \"$order\" LIMIT $offset,100";
$result = db_query($sql) or die(db_error(LINK));
output("<table>",true);
output("<tr>
<td>Ops</td>
<td><a href='user.php?sort=login'>Login</a></td>
<td><a href='user.php?sort=name'>Name</a></td>
<td><a href='user.php?sort=level'>Lev</a></td>
<td><a href='user.php?sort=laston'>Laston</a></td>
<td><a href='user.php?sort=gentimecount'>Hits</a></td>
<td><a href='user.php?sort=lastip'>LastIP</a></td>
<td><a href='user.php?sort=uniqueid'>LastID</a></td>
<td><a href='user.php?sort=emailaddress'>Email</a></td>
</tr>",true);
addnav("","user.php?sort=login");
addnav("","user.php?sort=name");
addnav("","user.php?sort=level");
addnav("","user.php?sort=laston");
addnav("","user.php?sort=gentimecount");
addnav("","user.php?sort=lastip");
addnav("","user.php?sort=uniqueid");
$rn=0;
for ($i=0;$i<db_num_rows($result);$i++){
$row=db_fetch_assoc($result);
$laston=round((strtotime("0 days")-strtotime($row[laston])) / 86400,0)." days";
if (substr($laston,0,2)=="1 ") $laston="1 day";
if (date("Y-m-d",strtotime($row[laston])) == date("Y-m-d")) $laston="Today";
if (date("Y-m-d",strtotime($row[laston])) == date("Y-m-d",strtotime("-1 day"))) $laston="Yesterday";
if ($loggedin) $laston="Now";
$row[laston]=$laston;
if ($row[$order]!=$oorder) $rn++;
$oorder = $row[$order];
output("<tr class='".($rn%2?"trlight":"trdark")."'>",true);
output("<td>",true);
output("[<a href='user.php?op=edit&userid=$row[acctid]'>Edit</a>|".
"<a href='user.php?op=del&userid=$row[acctid]' onClick=\"return confirm('Are you sure you wish to delete this user?');\">Del</a>|".
"<a href='user.php?op=setupban&userid=$row[acctid]'>Ban</a>]",true);
addnav("","user.php?op=edit&userid=$row[acctid]");
addnav("","user.php?op=del&userid=$row[acctid]");
addnav("","user.php?op=setupban&userid=$row[acctid]");
output("</td><td>",true);
output($row[login]);
output("</td><td>",true);
output($row[name]);
output("</td><td>",true);
output($row[level]);
output("</td><td>",true);
output($row[laston]);
output("</td><td>",true);
output($row[gentimecount]);
output("</td><td>",true);
output($row[lastip]);
output("</td><td>",true);
output($row[uniqueid]);
output("</td><td>",true);
output($row[emailaddress]);
output("</td>",true);
$gentimecount+=$row[gentimecount];
$gentime+=$row[gentime];
output("</tr>",true);
}
output("</table>",true);
output("Total hits: $gentimecount`n");
output("Total CPU time: ".round($gentime,3)."s`n");
output("Average page gen time is ".round($gentime/$gentimecount,4)."s`n");
}
}
page_footer();
?>