Location: PHPKode > projects > Crown of Evanion > final/admin.php
<?php
/*
*   This file is part of 'Crown of Evanion'.
*
*    'Crown of Evanion' is free software; you can redistribute it and/or modify
*    it under the terms of the GNU General Public License as published by
*    the Free Software Foundation; either version 2 of the License, or
*    (at your option) any later version.
*
*    'Crown of Evanion' is distributed in the hope that it will be useful,
*    but WITHOUT ANY WARRANTY; without even the implied warranty of
*    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*    GNU General Public License for more details.
*
*    You should have received a copy of the GNU General Public License
*    along with 'Crown of Evanion'; if not, write to the Free Software
*    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/
$title = "Administrative Control Center";
include("include.php");

$errors = array(
'1' => "<h5>News posted!</h5>",
'2' => "<h5>No such news post.</h5>",
'3' => "<h5>You can't make a message blank!</h5>",
'4' => "<h5>News edited.</h5>",
'5' => "<h5>News deleted.</h5>",
'6' => "<h5>No such user!</h5>",
'7' => "<h5>You can't freeze an admin or super admin.</h5>",
'8' => "<h5>User frozen.</h5>",
'9' => "<h5>That user is not frozen!</h5>",
'10' => "<h5>User unfrozen.</h5>",
'11' => "<h5>You need to supply a reason.</h5>",
'12' => "<h5>You need to specify an IP.</h5>",
'13' => "<h5>You can't ban an IP without a reason!</h5>",
'14' => "<h5>IP banned.</h5>",
'15' => "<h5>That IP is not banned!</h5>",
'16' => "<h5>The IP has been unbanned!</h5>",
'17' => "<h5>That IP is already banned!</h5>",
'18' => "<h5>You need a title.</h5>",
'19' => "<h5>You need a description.</h5>",
'20' => "<h5>You need an access level.</h5>",
'21' => "<h5>Forum added.</h5>",
'22' => "<h5>Forum updated.</h5>",
'23' => "<h5>No such forum.</h5>",
'24' => "<h5>Forum Deleted.</h5>",
'25' => "<h5>You left a feild blank.</h5>",
'26' => "<h5>Avatar Added.</h5>",
'27' => "<h5>You left a feild blank!</h5>",
'28' => "<h5>Code added!</h5>",
);

echo "<div align=\"center\">
$errors[$error]";

if($Status >= 3 && !$page) { # Admin Links
	echo "<h2>Administrator Options</h2>
	<UL id=\"ops\">
	<li><a href=\"$PHP_SELF?page=addnews\">Add News</a> |	<a href=\"$PHP_SELF?page=editnews\">Edit News</a> | <a href=\"$PHP_SELF?page=newsdelete\">Delete News</a></li> 
	<li><a href=\"$PHP_SELF?page=freeze\">Freeze User</a> | <a href=\"$PHP_SELF?page=unfreeze\">Unfreeze User</a></li>
	<li><a href=\"$PHP_SELF?page=log\">Freeze Log</a> | <a href=\"$PHP_SELF?page=logs\">Ban Log</a> | <a href=\"$PHP_SELF?page=dellog\">Delete Log</a></li>
	<li><a href=\"$PHP_SELF?page=addforum\">Add Forum</a> | <a href=\"$PHP_SELF?page=editforum\">Edit Forum</a> | <a href=\"$PHP_SELF?page=deleteforum\">Delete Forum</a></li>
	<li><a href=\"$PHP_SELF?page=addava\">Add Avatar</a> | <a href=\"$PHP_SELF?page=deleteava\">Delete Avatar</a></li>
	<li><a href=\"$PHP_SELF?page=addcode\">Add Code</a> | <a href=\"$PHP_SELF?page=delcode\">Delete Code</a>
	";


	if($Status >= 4 && !$page) { # Super Admin Links
		echo "
		<li><a href=\"$PHP_SELF?page=banip\">IP Ban</a> | <a href=\"$PHP_SELF?page=unbanip\">IP Unban</a></li>
		";
	}
	echo "</UL>";
}


if($Status >= 3 && $page) { # Powers for admin + super admin
	if($page == "addnews") {
		echo "<h3>Add News</h3>
		<form action=\"$PHP_SELF?page=newsprocess\" method=\"POST\">
		<p><textarea name=\"message\" cols=\"40\" rows=\"7\"></textarea></p>
		<p><input type=\"submit\" value=\"Add\"></p>
		</form>
		";
	}
	
	if($page == "newsprocess") {
		
		$message = $_POST['message'];
		
		if(!$message) {
			header("location: $PHP_SELF?error=3");
			die;
		}
		
		$day = (date("l"));
		$month = (date("F"));
		$dat = (date("d"));
		$year = (date("Y"));
		
		mysql_query("INSERT INTO news (day,month,date,yaer,message) VALUES ('$day','$month','$dat','$year','$message')") or die("ERROR");
		header("location: $PHP_SELF?error=1");
		die;
	}
	
	if($page == "editnews" && !$id) {
		$select = mysql_query("SELECT id,message FROM news ORDER BY id DESC LIMIT 5");
		echo "<UL id=\"ops\">";
		while($news = mysql_fetch_array($select)) {
			$message = cutstring($news[message],25);
			echo "<li><a href=\"$PHP_SELF?page=editnews&id=$news[id]\">$message</a></li>";
		}
	echo "</UL>";
	}
	
	if($page == "editnews" && $id) {
		$id = $_REQUEST['id'];
		$select = mysql_query("SELECT id,message FROM news WHERE id = '$id'");
		$num = mysql_num_rows($select);
		if(!$num) {
			header("location: $PHP_SELF?error=2");
			die;
		}
		$news = mysql_fetch_array($select);
		echo "<h3>Edit News</h3>
		<form action=\"$PHP_SELF?page=editnewspro\" method=\"POST\">
		<input type=\"hidden\" name=\"id\" value=\"$news[id]\">
		<p><textarea name=\"message\" cols=\"40\" rows=\"7\">$news[message]</textarea></p>
		<p><input type=\"submit\" value=\"Edit\"></p>
		</form>
		";
	}	
	
	if($page == "editnewspro" && $id) {
		$message = $_POST['message'];
		
		if(!$message) {
			header("location: $PHP_SELF?error=3");
			die;
		}
		
		$select = mysql_query("SELECT id FROM news WHERE id = '$id'");
		$num = mysql_num_rows($select);
		
		if(!$num) {
			header("location: $PHP_SELF?error=2");
			die;
		}
		
		mysql_query("UPDATE news SET message = '$message' WHERE id = '$id'");
		header("location: $PHP_SELF?error=4");
		die;
	}

	if($page == "newsdelete") {
		$select = mysql_query("SELECT id,message FROM news ORDER BY id DESC LIMIT 5");
		echo "<UL id=\"ops\">";
		while($news = mysql_fetch_array($select)) {
			$message = cutstring($news[message],25);
			echo "<li><a href=\"$PHP_SELF?page=delnew&id=$news[id]\">$message</a></li>";
		}
	echo "</UL>";
	}

	if($page == "delnew" && $id) {
		$id = $_REQUEST['id'];
		$select = mysql_query("SELECT id FROM news WHERE id = '$id'");
		$num = mysql_num_rows($select);
		if(!$num) {
			header("location: $PHP_SELF?error=2");
			die;
		}
		mysql_query("DELETE FROM news WHERE id = '$id'");
		header("location: $PHP_SELF?error=5");
		die;
	}
	
	if($page == "freeze") {
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"freezepro\">
		<p>Which user would you like to freeze?</p>
		<p><input type=\"text\" name=\"user\"></p>
		<p>Enter your reason for freezing:</p>
		<p><textarea name=\"reason\" cols=\"40\" rows=\"7\"></textarea></p>
		<p><input type=\"submit\" value=\"Freeze\"></p>";
	}
	
	if($page == "freezepro") {
		$user = $_POST['user'];
		$reason = strip_tags($_POST['reason']);
		$select = mysql_query("SELECT id,status FROM users WHERE username LIKE '$user'");
		$num = mysql_num_rows($select);
		
		if(!$num) {
			header("location: $PHP_SELF?error=6");
			die;
		}
		
		$userinf = mysql_fetch_array($select);
		
		if($Status == 3) {
			if($userinf[status] >= 3) {
				header("location: $PHP_SELF?error=7");
				die;
			}
		}
		
		if(!$reason) {
			header("location: $PHP_SELF?error=11");
			die;
		}
			
			
		mysql_query("UPDATE users SET ban = '2' WHERE id = '$userinf[id]'");
		mysql_query("INSERT INTO freezelog (frozen,staff,reason,wen,what) VALUES ('$userinf[id]','$UserID','$reason','$date $time','froze')") or die("Error - " . mysql_error());
		header("location: $PHP_SELF?error=8");
		die;
	}	
	if($page == "unfreeze") {
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"unfreezepro\">
		<p>Which user would you like to unfreeze?</p>
		<input type=\"text\" name=\"user\">
		<p>Enter your reason for freezing:</p>
		<p><textarea name=\"reason\" cols=\"40\" rows=\"7\"></textarea></p>
		<input type=\"submit\" value=\"Unfreeze\">";
	}

	if($page == "unfreezepro") {
		$user = $_POST['user'];
		$reason = strip_tags($_POST['reason']);
		$select = mysql_query("SELECT id,ban FROM users WHERE username LIKE '$user'");
		$num = mysql_num_rows($select);
		
		if(!$num) {
			header("location: $PHP_SELF?error=6");
			die;
		}
		
		$userinf = mysql_fetch_array($select);
		
		if($userinf[ban] == 1) {
			header("location: $PHP_SELF?error=9");
			die;
		}
		mysql_query("UPDATE users SET ban = '1' WHERE id = '$userinf[id]'");
		mysql_query("INSERT INTO freezelog (frozen,staff,reason,wen,what) VALUES ('$userinf[id]','$UserID','$reason','$date $time','unfroze')") or die("Error - " . mysql_error());
		
		header("location: $PHP_SELF?error=10");
		die;
	}
	
	if($page == "addforum") {
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"addforumpro\">
		<p><strong>Title</strong> <input type=\"text\" name=\"topic\"></p>
		<p><strong>Description</strong></p>
		<p><textarea name=\"desc\" cols=\"40\" rows=\"7\"></textarea></p>
		<select name=\"level\">
		<option value=\"1\">1</option>
		<option value=\"2\">2</option>
		<option value=\"3\">3</option>
		<option value=\"4\">4</option>
		</select>
		<p><input type=\"submit\" value=\"Add\"></p>
		</form>";
	}
	if($page == "addforumpro") {
		$topic = $_POST['topic'];
		$desc = $_POST['desc'];
		$level = $_POST['level'];
		
		if(!$topic) {
			header("location: $PHP_SELF?error=18");
			die;
		}
		if(!$desc) {
			header("location: $PHP_SELF?error=19");
			die;
		}
		if(!$level) {
			header("location: $PHP_SELF?error=20");
			die;
		}
		mysql_query("INSERT INTO forums (name,des,stat) VALUES ('$topic','$desc','$level')") or die("Error - " . mysql_error());
		header("location: $PHP_SELF?error=21");
		die;
		
	}	
	if($page == "editforum" && !$id) {
		$select = mysql_query("SELECT * FROM forums");
		while ($forum = mysql_fetch_array($select)) {
			echo "<p class=\"black\"><a href=\"$PHP_SELF?page=editforum&id=$forum[id]\">$forum[name]</a></p>";
		}
	}

	if($page == "editforum" && $id) {
		$select = mysql_query("SELECT * FROM forums WHERE id = '$id'");
		$forum = mysql_fetch_array($select);
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"editforumpro\">
		<input type=\"hidden\" name=\"id\" value=\"$forum[id]\">
		<p><strong>Title</strong> <input type=\"text\" name=\"topic\" value=\"$forum[name]\"></p>
		<p><strong>Description</strong></p>
		<p><textarea name=\"desc\" cols=\"40\" rows=\"7\">$forum[des]</textarea></p>
		<select name=\"level\"><option value=\"$forum[stat]\">$forum[stat]</oprion>
		<option value=\"1\">1</option>
		<option value=\"2\">2</option>
		<option value=\"3\">3</option>
		<option value=\"4\">4</option>
		</select>
		<p><input type=\"submit\" value=\"Add\"></p>
		</form>";
	}
	
	if($page == "editforumpro" && $id) {
		$topic = $_POST['topic'];
		$desc = $_POST['desc'];
		$level = $_POST['level'];
		
		if(!$topic) {
			header("location: $PHP_SELF?error=18");
			die;
		}
		if(!$desc) {
			header("location: $PHP_SELF?error=19");
			die;
		}
		if(!$level) {
			header("location: $PHP_SELF?error=20");
			die;
		}
		
		mysql_query("UPDATE forums SET name = '$topic' WHERE id = '$id'");
		mysql_query("UPDATE forums SET des = '$desc' WHERE id = '$id'");
		mysql_query("UPDATE forums SET stat = '$level' WHERE id = '$id'");
		header("location: $PHP_SELF?error=22");
		die;
	}
	
	if($page == "deleteforum" && !$id) {
		$select = mysql_query("SELECT * FROM forums");
		while ($forum = mysql_fetch_array($select)) {
			echo "<p class=\"black\"><a href=\"$PHP_SELF?page=deleteforum&id=$forum[id]\">$forum[name]</a></p>";
		}
	}

	if($page == "deleteforum" && $id) {
		$select = mysql_query("SELECT id FROM forums WHERE id = '$id'");
		$num = mysql_num_rows($select);
		
		if(!$num) {
			header("location: $PHP_SELF?error=23");
			die;
		}
		
		mysql_query("DELETE FROM forums WHERE id = '$id'") or die("Error - " . mysql_error());
		header("location: $PHP_SELF?error=24");
	}
	
	if($page == "dellog") {
		$select = mysql_query("SELECT * FROM deletelog ORDER BY id DESC LIMIT 30");
		$num = mysql_num_rows($select);
		echo "<h2>Delete Log</h2>
		<p>This is a display of the last 30 deleted posts.</p>";
		if(!$num) {
			echo "<strong>Sorry, there are currently no entries.</strong>";
		} else {
			while ($log = mysql_fetch_array($select)) {
				$select1 = mysql_query("SELECT username FROM users WHERE id = '$log[staff]'");
				$staff = mysql_fetch_array($select1);
				$select2 = mysql_query("SELECT username FROM users WHERE id = '$log[poster]'");
				$luser = mysql_fetch_array($select2);
				
				echo "<p>$staff[username] deleted a $log[type] by  $luser[username] on $log[wen]</p>";
			}
		}	
	}
	
	if($page == "addcode") {
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"addcodepro\">
		<p><strong>Code</strong> <input type=\"text\" name=\"usr\"></p>
		<p><strong>Replace</strong> <input type=\"text\" name=\"rep\"></p>
		<p><input type=\"submit\" value=\"Add\"></p>
		</form>";
	}
	
	if($page == "addcodepro") {
		$usr = $_POST['usr'];
		$rep = $_POST['rep'];
		
		if(!$usr || !$rep) {
			header("location: $PHP_SELF?error=27");
			die;
		}
		
		mysql_query("INSERT INTO code (user,new) VALUES ('$usr','$rep')");
			header("location: $PHP_SELF?error=28");
			die;
	}

}

if($Status == 4) { # Superadmins Only
 	if($page == "log") {
		$select = mysql_query("SELECT * FROM freezelog ORDER BY id DESC LIMIT 50");
		$num = mysql_num_rows($select);
		echo "<h2>Freeze Log</h2>
		<p>This is a display of the last 50 users who were frozen/unfrozen.</p>";
		if(!$num) {
			echo "<strong>Sorry, there are currently no entries.</strong>";
		} else {
			while ($log = mysql_fetch_array($select)) {
				$select1 = mysql_query("SELECT username FROM users WHERE id = '$log[staff]'");
				$staff = mysql_fetch_array($select1);
				$select2 = mysql_query("SELECT username FROM users WHERE id = '$log[frozen]'");
				$luser = mysql_fetch_array($select2);
				
				echo "<p class=\"drag\">$staff[username] $log[what] $luser[username] on $log[wen] because $log[reason]</p>";
			}
		}
	}
	
	if($page == "banip") {
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"banpro\">
		<p>IP to ban:</p>
		<input type=\"text\" name=\"ip\">
		<p>Enter your reason for banning:</p>
		<p><textarea name=\"reason\" cols=\"40\" rows=\"7\"></textarea></p>
		<input type=\"submit\" value=\"Ban!\">";
	}
	
	if($page == "banpro") {
		$ip = $_POST['ip'];
		$reason = strip_tags($_POST['reason']);
		
		if(!$ip) {
			header("location: $PHP_SELF?error=12");
			die;
		}
		if(!$reason) {
			header("location: $PHP_SELF?error=13");
			die;
		}
		
		$select = mysql_query("SELECT * FROM ban WHERE ip = '$ip'");
		$num = mysql_num_rows($select);
		
		if($num) {
			header("location: $PHP_SELF?error=17");
			die;
		}
				
		mysql_query("INSERT INTO ban (ip,why,who,wen) VALUES ('$ip','$reason','$UserID','$date $time')") or die("Error - " . mysql_error());
		header("location: $PHP_SELF?error=14");
		die;
	}
	
	if($page == "unbanip") {
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"unbanpro\">
		<p>IP to unban:</p>
		<input type=\"text\" name=\"ip\">
		<input type=\"submit\" value=\"Unban!\">";
	}
	
	if($page == "unbanpro") {
		$ip = $_POST['ip'];
				
		if(!$ip) {
			header("location: $PHP_SELF?error=12");
			die;
		}
		
		$select = mysql_query("SELECT ip FROM ban WHERE ip = '$ip'");
		$num = mysql_num_rows($select);
		
		if(!$num) {
			header("location: $PHP_SELF?error=15");
			die;
		}
		
		mysql_query("DELETE FROM ban WHERE ip = '$ip'");
		
		header("location: $PHP_SELF?error=16");
		die;
	}

	if($page == "logs") {
		$select = mysql_query("SELECT * FROM ban ORDER BY id DESC LIMIT 20");
		$num = mysql_num_rows($select);
		echo "<h2>Ban List</h2>
		<p>This is a display of the last 20 IP addresses to be banned.</p>";
		if(!$num) {
			echo "<strong>Sorry, there are currently no entries.</strong>";
		} else {
			while ($log = mysql_fetch_array($select)) {
				$select1 = mysql_query("SELECT username FROM users WHERE id = '$log[who]'");
				$staff = mysql_fetch_array($select1);
								
				echo "<p class=\"drag\">$staff[username] banned $log[ip] on $log[wen] because $log[why]</p>";
			}
		}
	}

	if($page == "addava") {
		echo "<form action=\"$PHP_SELF\" method=\"POST\">
		<input type=\"hidden\" name=\"page\" value=\"addavapro\">
		<p><strong>Image</strong> <input type=\"text\" name=\"img\" value=\"images/avatars/\"></p>
		<p><strong>Price</strong> <input type=\"text\" name=\"price\"></p>
		<p><strong>Alternate Text</strong> <input type=\"text\" name=\"alt\"></p>
		<p><strong>Type</strong>
		<select name=\"stat\">
		<option value=\"2\">Normal</option>
		<option value=\"3\">Special</option>
		</select></p>
		<p><input type=\"submit\" value=\"Post\"></p>
		</form>";
	}

	if($page == "addavapro") {
		$img = $_POST['img'];
		$price = $_POST['price'];
		$stat = $_POST['stat'];
		$alt = $_POST['alt'];
		
		if(!$img) {
			header("location: $PHP_SELF?error=25");
			die;
		}
		if(!$price) {
			header("location: $PHP_SELF?error=25");
			die;
		}
		if(!$stat) {
			header("location: $PHP_SELF?error=25");
			die;
		}
		if(!$alt) {
			header("location: $PHP_SELF?error=25");
			die;
		}
		
		
		mysql_query("INSERT INTO avatars (image,alt,stat,price) VALUES ('$img','$alt','$stat','$price')");
		header("location: $PHP_SELF?error=26");
		die;
	}

	if($page == "deleteava") {
		echo "<div class=\"black\">";
		$select = mysql_query("SELECT id,alt FROM avatars ORDER BY id DESC");
		while($avatars = mysql_fetch_array($select)) {
			echo "<p><a href=\"$PHP_SELF?page=deleteavapro&id=$avatars[id]\">$avatars[alt]</a>";
		}
		echo "</div>";
	}
	
	if($page == "deleteavapro" && $id) {
		$select = mysql_query("SELECT id FROM avatars WHERE id = '$id'");
		$num = mysql_num_rows($select);
		
		if($num) {
			mysql_query("DELETE FROM avatars WHERE id = '$id'");
			echo "Done.";
		} else {
			echo "No such avatar.";
		}
	}
}
	
echo "</div>";
include("footer.php");
?>
Return current item: Crown of Evanion