Location: PHPKode > projects > ezStats for XBOX Live > ezStats2_xbl/admin/action.php
<?php
	require '../tmp/sql.php';
	require '../classes/mysql.php';
	
	$sql = new MySQL(); if ($sql->debug) error_reporting (E_ALL|E_STRICT); else error_reporting (0);
	
	require '../plugins/phpQuery.php';
	require '../classes/settings.php';
	require '../classes/security.php';
	require '../classes/functions.php';
	require '../classes/session.php';
	require '../classes/login.php';
	require '../classes/template.php';
	require '../classes/player.php';
	require '../classes/stats.php';
	require '../classes/xbl.php';
	
	$secure = new Security();
	$settings = new Settings();
	$player = new Player();
	$login = new Login(Session::getSID());
	$tpl = new Templates();
	$tpl->load_phrases("gui", true);
	$tpl->load_phrases("admin", true);
	
	
	
	### LOGIN-PRÜFUNG // SELFADD // STANDARDS ###
	if(!$login->logged_in()) {
		// SELFADD: Damit Gäste sich selbst adden können, muss diese Funktion auch uneingeloggt funktionieren
		if ($_POST['action'] == "add_player" AND $settings->get("selfadd")) {
			if (isset($_POST['input']['name']))     $name = $_POST['input']['name'];         else $name = "";
			
			$message = $player->add($name);
			die (json_encode(array( "message" => $message)));
		}
		
		// User ist nicht eingeloggt -> Fehlermeldung
		die (json_encode(array(
			"message" => "Error: Please login to perform this action!",
			"href" => "index.php"
		)));
	}
	else {
		### STANDARDS EINSTELLEN ###
		// Zeitzone
		date_default_timezone_set($settings->get("timezone"));
		
		// Userinformationen
		$sql->query('SELECT * FROM '.$sql->prefix.'users WHERE session = "'.$_POST['sid'].'"');
		$user = $sql->fetchRow();
		
		// Übergebene Werte
		if (isset($_POST['action'])) $action = $_POST['action']; else $action = "";
		if (isset($_POST['input']))  $input = $_POST['input'];   else $input = "";
	}
	
	
	### SPIELER HINZUFÜGEN ###
	if ($action == "add_player") {
		if (isset($input['name']))     $name = $input['name'];         else $name = "";
		
		$message = $player->add($name);
		die (json_encode(array( "message" => $message)));
	}
	
	
	### SPIELERLISTE LADEN ###
	if ($action == "load_player") {
		$sql->query('SELECT * FROM '.$sql->prefix.'player WHERE id != "1" ORDER BY last_update DESC, name ASC');
		while ($player = $sql->fetchRow()) {
			if (strlen($player['nickname']) < 6 ) $size1 = 6; else  $size1 = strlen($player['nickname']) + 1;
			if (strlen($player['custom1']) < 6 ) $size2 = 6; else  $size2 = strlen($player['custom1']) + 1;
			
			echo '<tr>';
				echo '<td><span class="icon_'.$player['platform'].'"></span></td>';
				echo '<td class="tleft nowrap">'.$player['name'].'</td>';
				echo '<td class="tleft">'.$player['state'].'</td>';
				echo '<td><input playerid="'.$player['id'].'" name="nickname" type="text" size="'.$size1.'" placeholder="n/a" value="'.htmlentities($player['nickname']).'" /></td>';
				echo '<td><input playerid="'.$player['id'].'" name="custom1" type="text" size="'.$size2.'" placeholder="n/a" value="'.htmlentities($player['custom1']).'" /></td>';
				echo '<td style="font-size: 0.8em">'.date("d.m.Y - H:i", $player['last_update']).'</td>';
				echo '<td><a href="#" class="button" action="delete" playerid="'.$player['id'].'" playername="'.$player['name'].'" delphrase="'.$tpl->phrase('really_delete').'" defphrase="'.$tpl->phrase('delete').'">'.$tpl->phrase('delete').'</a></td>';
			echo '</tr>';
		}
		die();
	}
	
	
	### SPIELER MODIFIZIEREN ###
	if ($action == "edit_player") {
		$sql->query('UPDATE '.$sql->prefix.'player SET '.$input['name'].' = "'.$input['value'].'" WHERE id = "'.$input['id'].'"');
	}
	
	
	### SPIELER LÖSCHEN ###
	if ($action == "delete_player") {
		if (isset($input['id']))   $playerid = $input['id']; else $playerid = NULL;
		if (isset($input['name'])) $name = $input['name'];
		
		$message = $player->delete($playerid, $name);
		die (json_encode(array( "message" => $message)));
	}
	
	
	### ALLGEMEINE EINSTELLUNGEN SPEICHERN ###
	if ($action == "settings") {
		if ($user['adminpower'] != "1") die (json_encode(array("message" => "Error: You have not the required rights to perform this action")));
		
		if ($input['name'] == "debug") {
			// Debug-Mode setzen
			$sql_data = json_decode(SQL);
			$handle = fopen('../tmp/sql.php', "w") 
				or die (json_encode(Array("message" => "Error: Failure during writing of file sql.php")));
			
			fwrite($handle, '<?php define (\'SQL\', \' {"debug": "'.$input['value'].'", "sqldb": "'.$sql_data->sqldb.'", "sqlhost": "'.$sql_data->sqlhost.'", "sqluser": "'.$sql_data->sqluser.'", "sqlpwd": "'.$sql_data->sqlpwd.'", "prefix": "'.$sql_data->prefix.'"} \'); ?>');
			fclose($handle);
		}
		
		else {
			if ($input['name'] == "path") {
				$value = $input['value'];
				$value = substr($value, -1)   != "/"       ? $value."/"       : $value;
				$value = substr($value, 0, 7) != "http://" ? "http://".$value : $value;
				$value = $value == "http:///"              ? ""               : $value;
			} else {
				$value = $input['value'];
			}
			$settings->set($input['name'], $value, true);
		}
	}
	
	
	### CUSTOMIZATION ###
	if ($action == "custom") {
		if ($user['adminpower'] != "1") die (json_encode(array("message" => "Error: You have not the required rights to perform this action")));
		
		for ($i = 0; $i < count($input); $i++) {
			$sql->query('
				UPDATE 
					'.$sql->prefix.'overview 
				SET 
					name = "'.$input[$i]['name'].'",
					value = "'.$input[$i]['value'].'"
				WHERE 
					id = "'.($i + 1).'"
			');
		}
	}
	
	
	### CMS-PLUGINS ###
	if ($action == "plugins") {
		if ($user['adminpower'] != "1") die (json_encode(array("message" => "Error: You have not the required rights to perform this action")));
		
		$cms = $settings->get("cms");
		$path = $settings->get("path");
		
		// Template laden
		$tpl->load_phrases("manual", true);
		eval ("\$manual = \"".$tpl->template("manual", "html", "plugins/".$cms)."\";");
		$manual = str_ireplace("ezstats2_bf3", "ezstats2_xbl", $manual);
		$manual = str_ireplace("ezstats_bf3", "ezstats2_xbl", $manual);
		$manual = phpQuery::newDocumentHTML($manual);
		
		die($manual);
	}
	
	
	### STYLE ###
	if ($action == "style") {
		if ($user['adminpower'] != "1") die (json_encode(array("message" => "Error: You have not the required rights to perform this action")));
		
		if ($input == "reset_settings") {
			// Werte zurücksetzen
			if ($defaults = json_decode(@file_get_contents("../tmp/defaults.js"))) {
				$sql->query('TRUNCATE TABLE '.$sql->prefix.'style');
				foreach ($defaults->style as $name => $value) {
					$sql->query('INSERT INTO '.$sql->prefix.'style (name, value) VALUES ("'.$name.'", "'.$value.'")');
				}
			} else {
				die ("Error: Failure during loading of file defaults.js");
			}
		}
		else if (isset($input['preset'])) {
			// Preset übernehmen
			if ($input['preset'] != "") {
				$presets = json_decode(@file_get_contents("../tmp/styles.js"));
				$presets = $presets->$input['preset'];
				
				foreach ($presets as $name => $value) {
					$sql->query('
						UPDATE 
							'.$sql->prefix.'style 
						SET 
							value = "'.$value.'"
						WHERE 
							name = "'.$name.'"
					');
				}
			} else die();
		}
		else {
			// Werte speichern
			$sql->query('
				UPDATE 
					'.$sql->prefix.'style 
				SET 
					value = "'.$input['value'].'"
				WHERE 
					name = "'.$input['name'].'"
			');
		}
	}
	
	
	### USER HINZUFÜGEN ###
	if ($action == "add_user") {
		if ($user['adminpower'] != "1") die (json_encode(array("message" => "Error: You have not the required rights to perform this action")));
		
		// Überprüfen ob alle Werte übergeben wurden
		if (trim($input['username']) == "" OR trim($input['password']) == "") die (json_encode(array("message" => $tpl->phrase("message_no_user_or_pass"))));
		
		// Überprüfen, ob der Username schon existiert
		$sql->query('SELECT id FROM '.$sql->prefix.'users WHERE name="'.$input['username'].'"');
		if ($sql->count()) die (json_encode(array("message" => $tpl->phrase("message_user_already_added"))));
		
		// Werte speichern
		$sql->query('
			INSERT INTO '.$sql->prefix.'users (
				name, password, adminpower
			) VALUES (
				"'.$input['username'].'", "'.md5($input['password']).'", "'.$input['adminpower'].'"
			)
		');
		
		$name = $input['username'];
		$message = $tpl->phrase("message_user_saved");
		eval ( "\$message = \"$message\";" );
		
		die (json_encode(array("message" => $message, "success" => "1")));
	}
	
	
	### USERLISTE LADEN ###
	if ($action == "load_user") {
		$sql->query('SELECT * FROM '.$sql->prefix.'users ORDER BY id');
		while ($user = $sql->fetchRow()) {
			$adminpower = $user['adminpower'] ? $tpl->phrase("user_full_rights") : $tpl->phrase("user_manage_player_only");
			
			echo '<tr>';
				echo '<td>'.$user['name'].'</td>';
				echo '<td>'.$adminpower.'</td>';
			if ($user['id'] != "1")
				echo '<td><a href="#" class="button" action="delete" userid="'.$user['id'].'" username="'.$user['name'].'" delphrase="'.$tpl->phrase('really_delete').'" defphrase="'.$tpl->phrase('delete').'">'.$tpl->phrase('delete').'</a></td>';
			else echo '<td></td>';
			echo '</tr>';
		}
		die();
	}
	
	
	### USER LÖSCHEN ###
	if ($action == "delete_user") {
		$sql->query('DELETE FROM '.$sql->prefix.'users WHERE (id = "'.$input['id'].'")');
		
		$name = $input['name'];
		$message = $tpl->phrase("message_delete_user");
		eval ( "\$message = \"$message\";" );
		
		die (json_encode(array("message" => $message)));
	}
	
	
	### SIGNATUREN ###
	if ($action == "signatures") {
		if ($user['adminpower'] != "1") die (json_encode(array("message" => "Error: You have not the required rights to perform this action")));
		
		if ($input == "reset_settings") {
			// Werte zurücksetzen
			if ($defaults = json_decode(@file_get_contents("../tmp/defaults.js"))) {
				$sql->query('TRUNCATE TABLE '.$sql->prefix.'signatures');
				foreach ($defaults->signatures as $name => $value) {
					$sql->query('INSERT INTO '.$sql->prefix.'signatures (name, value) VALUES ("'.$name.'", "'.$value.'")');
				}
			} else {
				die ("Error: Failure during loading of file defaults.js");
			}
		} else {
			// Werte speichern
			$sql->query('
				UPDATE 
					'.$sql->prefix.'signatures 
				SET 
					value = "'.$input['value'].'"
				WHERE 
					name = "'.$input['name'].'"
			');
		}
	}
?>
Return current item: ezStats for XBOX Live