Location: PHPKode > projects > iLP System > Release 2.2/upload/_backend/users.php
<?php
/**
 * iLP System Offiziere Benutzer
 * 
 * Autor:		Florian "ApoY2k" Peschka
 * Projekt:		iLP System
 * Paket:		apoy2k.ilp.wrynn
 * Lizenz:		CreativeCommons (by-nc-sa)
 * Kontakt:		hide@address.com
 * Version:		2.1.1
 */

// Listenfunktionen
if (isset($tpl['url'][1]) && 'list' == $tpl['url'][1])
{
	
	// Liste eines Benutzers ent/sperren
	if (isset($tpl['url'][2]) && ('lock' == $tpl['url'][2] || 'unlock' == $tpl['url'][2]))
	{
		
		// Prüfen, ob eine Benutzer-ID übergeben wurde
		if (isset($tpl['url'][3]))
		{
			
			// Liste entsperren
			if ('unlock' == $tpl['url'][2])
			{
				writeLog($tpl['user']['id'], $tpl['url'][3], 'officer_unlock_list');
				$db->exec("UPDATE ilp_users SET locked = 0 WHERE id = ".$tpl['url'][3]);
			}
			
			// Liste sperren 
			elseif ('lock' == $tpl['url'][2])
			{
				writeLog($tpl['user']['id'], $tpl['url'][3], 'officer_lock_list');
				$db->exec("UPDATE ilp_users SET locked = 1 WHERE id = ".$tpl['url'][3]);
			}
			
			// Zurück auf das Benutzerprofil leiten
			header('Location: index.php?ilp='.ilpUrlEncode('search;user;'.$tpl['url'][3]));
		}
		else
		{
			$tpl['error']['action'] = 'Benutzerliste ent/sperren';
			$tpl['error']['actor'] = $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
			$tpl['error']['location'] = 'users.php:22';
			$tpl['error']['result'] = 'Keine Benutzer-ID angegeben';
			$tpl['error']['level'] = '0 (base-php)';
		}
	}
	
	// Gegenstand hinzufügen
	elseif (isset($tpl['url'][2]) && 'add' == $tpl['url'][2])
	{
		if (isset($tpl['url'][3]) && 'do' == $tpl['url'][3])
		{
		
			// Prüfung, ob eine Gegenstands-ID eingetragen wurde
			if ('' != $_POST['additem_item_id'])
			{
				
				// Prüfung, ob der Gegenstand bereits in der Liste vorhanden ist
				$duplicate = $db->prepare("SELECT id FROM ilp_items WHERE item_id = ? AND user_id = ?");
				$duplicate->execute(array($_POST['additem_item_id'], $_POST['additem_user_id']));
				
				// Wenn der Gegenstand noch nicht vorhanden ist
				if (0 == $duplicate->rowCount())
				{
					$prep_ins = $db->prepare("INSERT INTO ilp_items (user_id, item_id, item_value) VALUES (?, ?, ?)");
					$prep_ins->execute(array($_POST['additem_user_id'], $_POST['additem_item_id'], $_POST['additem_value']));
					
					// Kontrolle des MySQL-Befehls
					if (1 == $prep_ins->rowCount())
					{
						writeLog($tpl['user']['id'], $_POST['additem_user_id'], 'officer_add_item', array('item_id' => $_POST['additem_item_id'], 'value' => $_POST['additem_value']));
						header('Location: index.php?ilp='.ilpUrlEncode('search;user;'.$_POST['additem_user_id']));
					}
					else
					{
						$tpl['error']['action'] = 'Gegenstand hinzufügen – ID: '.$_POST['additem_user_id'];
						$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
						$tpl['error']['location'] = 'users.php:73';
						$tpl['error']['result'] = serialize($prep_ins->errorInfo());
						$tpl['error']['level']	= '0 (base-php)';
					}
				}
				else
				{
					$tpl['error']['message'] = $lang['error']['duplicate'];
					$tpl['error']['ref'] = 'users;list;add;'.$_POST['additem_user_id'];
				}
			}
			else
			{
				$tpl['error']['message'] = $lang['error']['itemid'];
				$tpl['error']['ref'] = 'users;list;add;'.$_POST['additem_user_id'];
			}
		}
		else
		{
			
			// Zusätzliche Header laden
			$tpl['headincludes'][] = 'users.list.add';
		}
	}
	
	// Gegenstand löschen
	elseif (isset($tpl['url'][2]) && 'delete' == $tpl['url'][2])
	{
		if (isset($tpl['url'][3]) && 'do' == $tpl['url'][3])
		{
			// PHP-Prüfung der Bestätigung für deaktiviertes Javascript
			if ($lang['users']['list']['delete']['confirm']['delete'] == $_POST['deleteitem_confirm'])
			{
				$prep_del = $db->prepare("DELETE FROM ilp_items WHERE id = ? AND item_id = ? AND user_id = ?");
				$prep_del->execute(array($_POST['deleteitem_id'], $_POST['deleteitem_item_id'], $_POST['deleteitem_user_id']));
				
				if (1 == $prep_del->rowCount())
				{
					writeLog($tpl['user']['id'], $_POST['deleteitem_user_id'], 'officer_delete_item', array('item_id' => $_POST['deleteitem_item_id']));
					header('Location: index.php?ilp='.ilpUrlEncode('search;user;'.$_POST['deleteitem_user_id']));
				}
				else
				{
					$tpl['error']['action'] = 'Gegenstand löschen – ID: '.$_POST['deleteitem_id'];
					$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
					$tpl['error']['location'] = 'users.php:118';
					$tpl['error']['result'] = serialize($prep_del->errorInfo());
					$tpl['error']['level']	= '0 (base-php)';
				}
			}
			else
			{
				$tpl['error']['message'] = $lang['error']['confirm'];
				$tpl['error']['ref'] = 'users;list;delete;'.$_POST['deleteitem_id'].';'.$_POST['deleteitem_item_id'].';'.$_POST['deleteitem_user_id'];
			}
		}
		else
		{
			
			// Zusätzliche Header laden
			$tpl['headincludes'][] = 'users.list.delete';
		}
	}
	
	// Gegenstand bearbeiten
	elseif (isset($tpl['url'][2]) && 'edit' == $tpl['url'][2])
	{
		if (isset($tpl['url'][3]) && 'do' == $tpl['url'][3])
		{
			if ('' != $_POST['edititem_new_id'])
			{
				
				// Wenn die Gegenstands-ID geändert wurde, vor dem Eintragen prüfen
				if ($_POST['edititem_new_id'] != $_POST['edititem_item_id'])
				{
					$idchange = $db->prepare("UPDATE ilp_items SET item_id = ? WHERE id = ? AND user_id = ?");
					
					// Prüfung, ob der Gegenstand bereits in der Liste vorhanden ist
					$duplicate = $db->prepare("SELECT id, item_value FROM ilp_items WHERE item_id = ? AND user_id = ?");
					$duplicate->execute(array($_POST['edititem_new_id'], $_POST['edititem_user_id']));
					$dup = $duplicate->fetch(PDO::FETCH_ASSOC);
					
					if (0 == $duplicate->rowCount())
					{
						writeLog($tpl['user']['id'], $_POST['edititem_user_id'], 'officer_edit_item_id', array('old_item_id' => $_POST['edititem_item_id'], 'new_item_id' => $_POST['edititem_new_id']));
						$idchange->execute(array($_POST['edititem_new_id'], $_POST['edititem_id'], $_POST['edititem_user_id']));
					}
					else
					{
						$tpl['error']['message'] = $lang['error']['duplicate'];
						$tpl['error']['ref'] = 'users;list;edit;'.$_POST['edititem_id'].';'.$_POST['edititem_item_id'].';'.$_POST['edititem_user_id'].';'.$_POST['edititem_old_value'];
					}
				}
				
				// Änderung der Punktzahl
				if ($_POST['edititem_old_value'] != $_POST['edititem_value'])
				{
					writeLog($tpl['user']['id'], $_POST['edititem_user_id'], 'officer_change_item_value', array('item_id' => $_POST['edititem_new_id'], 'old_value' => $_POST['edititem_old_value'], 'new_value' => $_POST['edititem_value']));
					$valuechange = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ? AND user_id = ?");
					$valuechange->execute(array($_POST['edititem_value'], $_POST['edititem_id'], $_POST['edititem_user_id']));
				}
				
				header ('Location: index.php?ilp='.ilpUrlEncode('search;user;'.$_POST['edititem_user_id']));
			}
			else
			{
				$tpl['error']['message'] = $lang['error']['itemid'];
				$tpl['error']['ref'] = 'users;list;edit;'.$_POST['edititem_id'].';'.$_POST['edititem_item_id'].';'.$_POST['edititem_user_id'].';'.$_POST['edititem_old_value'];
			}
		}
		else
		{
			
			// Zusätzliche Header laden
			$tpl['headincludes'][] = 'users.list.edit';
		}
	}
}

// Benutzer löschen
elseif (isset($tpl['url'][1]) && 'delete' == $tpl['url'][1])
{
	
	// Prüfung, ob eine Benutzer-ID übergeben wurde
	if (isset($tpl['url'][2]))
	{
		
		// Prüfung, ob die Bestätigung richtig eingegeben wurde
		if ($lang['page']['delete'] == $_POST['deleteuser_confirm'])
		{
			if (isset($_POST['deleteuser_complete']))
			{
				$db->exec("DELETE FROM ilp_users WHERE id = ".$_POST['deleteuser_user_id']);
				$db->exec("DELETE FROM ilp_event_attends WHERE user_id = ".$_POST['deleteuser_user_id']);
				$db->exec("DELETE FROM ilp_loots WHERE looter_id = ".$_POST['deleteuser_user_id']);
				$db->exec("DELETE FROM ilp_reqs WHERE sent_id = ".$_POST['deleteuser_user_id']);
				
				writeLog($tpl['user']['id'], $_POST['deleteuser_user_id'], 'officer_delete_char');
				header('Location: index.php?ilp='.ilpUrlEncode('users'));
			}
			else
			{
				$del_user = $db->prepare("UPDATE ilp_users SET login = ?, pw = ?, email = ?, locked = 1, officer = 0, lang = 'deDE-informal', tooltip_locale = 'de' WHERE id = ?");
				$del_user->execute(array('', '', '', $_POST['deleteuser_user_id']));
				
				if (1 == $del_user->rowCount())
				{
					writeLog($tpl['user']['id'], $_POST['deleteuser_user_id'], 'officer_delete_user');
					header('Location: index.php?ilp='.ilpUrlEncode('search;user;'.$_POST['deleteuser_user_id']));
				}
				else
				{
					$tpl['error']['action'] = 'Benutzer löschen – ID: '.$tpl['url'][2];
					$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
					$tpl['error']['location'] = 'users.php:227';
					$tpl['error']['result'] = serialize($del_user->errorInfo());
					$tpl['error']['level']	= '0 (base-php)';
				}
			}
		}
		else
		{
			$tpl['error']['message'] = $lang['search']['user']['delete']['confirm']['error'];
			$tpl['error']['ref'] = 'search;user;'.$tpl['url'][2];
		}
	}
	else
	{
		$tpl['error']['action'] = 'Benutzer löschen – ID: '.$tpl['url'][2];
		$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
		$tpl['error']['location'] = 'users.php:206';
		$tpl['error']['result'] = 'Keine Benutzer-ID übergeben';
		$tpl['error']['level']	= '0 (base-php)';
	}
}

// Benutzereinstellungen bearbeiten
elseif (isset($tpl['url'][1]) && 'edit' == $tpl['url'][1])
{
	if (isset($tpl['url'][2]) && 'settings' == $tpl['url'][2])
	{
		// Kontrollvariable bei Fehlermeldungen
		$error_check = false;
		
		// Charakterarray erstellen
		$char = serialize(array(
			'name' => $_POST['settings_char_name'],
			'class' => substr($_POST['settings_char_class'], 0, -1),
			'spec' => substr($_POST['settings_char_class'], -1)
		));
		
		// Punktekorrektur
		if (isset($_POST['settings_correction']) && '' != $_POST['settings_correction'])
		{
			// Momentane Punktzahl ermitteln
			writeLog($tpl['user']['id'], $_POST['settings_user_id'], 'officer_set_correction', array('value' => $_POST['settings_correction']));
			$getitems = $db->prepare("SELECT id, item_id, item_value FROM ilp_items WHERE user_id = ?");
			$getitems->execute(array($_POST['settings_user_id']));
			
			$set_value = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ?");
			
			while ($items = $getitems->fetch(PDO::FETCH_ASSOC))
			{
				// Neue Punktzahl berechnen
				$new_value = $items['item_value'] + $_POST['settings_correction'];
				
				// Punktzahl speichern
				writeLog($tpl['user']['id'], $_POST['settings_user_id'], 'officer_change_item_value', array('item_id' => $items['item_id'], 'old_value' => $items['item_value'], 'new_value' => $new_value));
				$set_value->execute(array($new_value, $items['id']));
			}
		}
		
		// Wenn das Passwort geändert wurde, das neue eintragen
		if (isset($_POST['settings_new_password']) && '' != $_POST['settings_new_password'])
		{
			if ($_POST['settings_new_password'] == $_POST['settings_new_password_confirm'])
			{
				writeLog($tpl['user']['id'], $_POST['settings_user_id'], 'officer_edit_password');
				$edit_password = $db->prepare("UPDATE ilp_users SET pw = ? WHERE id = ?");
				$edit_password->execute(array(md5(sha1($_POST['settings_new_password'])), $_POST['settings_user_id']));
				
				if (1 != $edit_password->rowCount())
				{
					$error_check = true;
					$tpl['error']['action'] = 'Benutzerpassword bearbeiten – ID: '.$_POST['settings_user_id'];
					$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
					$tpl['error']['location'] = 'users.php:299';
					$tpl['error']['result'] = serialize($edit_password->errorInfo());
					$tpl['error']['level']	= '0 (base-php)';
				}
			}
			else
			{
				$error_check = true;
				$tpl['error']['message'] = $lang['search']['user']['settings']['pw_confirmnote'];
				$tpl['error']['ref'] = 'search;user;'.$_POST['settings_user_id'];
			}
		}
		
		// Daten bearbeiten
		$edit_settings = $db->prepare("UPDATE ilp_users SET login = ?, email = ?, officer = ?, `char` = ? WHERE id = ?");
		$edit_settings->execute(array($_POST['settings_login'], $_POST['settings_new_email'], $_POST['settings_officer'], $char, $_POST['settings_user_id']));
		
		if ((1 == $edit_settings->rowCount() || '00000' == $edit_settings->errorCode()) && false == $error_check)
		{
			writeLog($tpl['user']['id'], $_POST['settings_user_id'], 'officer_edit_settings');
			header('Location: index.php?ilp='.ilpUrlEncode('search;user;'.$_POST['settings_user_id']));
		}
		else
		{
			$tpl['error']['action'] = 'Benutzer bearbeiten – ID: '.$_POST['settings_user_id'];
			$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
			$tpl['error']['location'] = 'users.php:313';
			$tpl['error']['result'] = serialize($edit_settings->errorInfo());
			$tpl['error']['level']	= '0 (base-php)';
		}
	}
}

// Benutzer erstellen
elseif (isset($tpl['url'][1]) && 'create' == $tpl['url'][1])
{
	
	// Zusätzliche Header einbinden
	$tpl['headincludes'][] = 'users.create.form';
	
	if (isset($tpl['url'][2]) && 'do' == $tpl['url'][2])
	{
		if (isset($_POST['createuser_login']) && isset($_POST['createuser_email']) && isset($_POST['createuser_char_name']))
		{
			
			// Charakterarray erstellen
			$char = serialize(array(
				'name' => $_POST['createuser_char_name'],
				'class' => substr($_POST['createuser_char_class'], 0, -1),
				'spec' => substr($_POST['createuser_char_class'], -1)
			));
			
			// Passwort erstellen
			$pass = md5(sha1(time().mt_rand()));
			
			// Benutzer erstellen
			$create_user = $db->prepare("INSERT INTO ilp_users (login, pw, email, officer, `char`) VALUES (?, ?, ?, ?, ?)");
			$create_user->execute(array($_POST['createuser_login'], md5(sha1($pass)), $_POST['createuser_email'], $_POST['createuser_officer'], $char));
			
			// E-Mail mit dem Passwort verschicken
			$mail_check = mail($_POST['createuser_email'], $lang['users']['create']['email']['subject'],
$lang['users']['create']['email']['message'].'

'.$lang['search']['user']['settings']['username'].': '.$_POST['createuser_login'].'
'.$lang['users']['create']['email']['password'].': '.$pass.'

'.$lang['users']['create']['email']['note'], 'From: '.$tpl['user']['email']);

			if (true == $mail_check)
			{
				if (1 == $create_user->rowCount())
				{
					header('Location: index.php?ilp='.ilpUrlEncode('users'));
				}
				else
				{
					$tpl['error']['action'] = 'Benutzer erstellen';
					$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
					$tpl['error']['location'] = 'users.php:359';
					$tpl['error']['result'] = serialize($create_user->errorInfo());
					$tpl['error']['level']	= '0 (base-php)';
				}
			}
			else
			{
				$tpl['error']['action'] = 'Benutzer erstellen';
				$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
				$tpl['error']['location'] = 'users.php:357';
				$tpl['error']['result'] = 'E-Mail konnte nicht verschickt werden';
				$tpl['error']['level']	= '0 (base-php)';
			}
		}
		else
		{
			$tpl['error']['message'] = $lang['error']['incomplete'];
			$tpl['error']['ref'] = 'start;list;req;'.$_POST['reqitem_id'].';'.$_POST['reqitem_old_item_id'];
		}
	}
}

// Ereignisfunktionen
elseif (isset($tpl['url'][1]) && 'events' == $tpl['url'][1])
{
	
	// Teilnahme bei Ereignis hinzufügen
	if (isset($tpl['url'][2]) && 'add' == $tpl['url'][2])
	{
		if (isset($tpl['url'][3]) && 'do' != $tpl['url'][3])
		{
			
			// Zusätzliche Header laden
			$tpl['headincludes'][] = 'users.events.add';
			
			// Alle Ereignisse suchen und speichern
			$get_events = $db->prepare("SELECT ilp_events.id, ilp_events.date, ilp_event_types.name FROM ilp_events, ilp_event_types WHERE ilp_events.type = ilp_event_types.id ORDER BY ilp_events.date DESC");
			$get_events->execute();
			
			$tpl['events'] = $get_events->fetchAll(PDO::FETCH_ASSOC);
		}
		
		else
		{
			
			// Prüfung der Punkteeingabe
			if (isset($_POST['addevent_points']))
			{
				
				// Prüfung, ob der Spieler in diesem Ereignis bereits eingetragen ist
				$check_attends = $db->prepare("SELECT event_id, user_id FROM ilp_event_attends WHERE event_id = ? AND user_id = ?");
				$check_attends->execute(array($_POST['addevent_eventname'], $_POST['addevent_user_id']));
				
				if (0 == $check_attends->rowCount())
				{
					
					// Teilnahme hinzufügen
					$addevent = $db->prepare("INSERT INTO ilp_event_attends (event_id, user_id, value) VALUES (?, ?, ?)");
					$addevent->execute(array($_POST['addevent_eventname'], $_POST['addevent_user_id'], $_POST['addevent_points']));
					
					// Punkte aktualisieren
					$get_items = $db->prepare("SELECT * FROM ilp_items WHERE user_id = ?");
					$get_items->execute(array($_POST['addevent_user_id']));
					
					while ($row = $get_items->fetch(PDO::FETCH_ASSOC))
					{
						// Punkte berechnen
						$points = $row['item_value'] + $_POST['addevent_points'];
						
						$addpoints = $db->prepare("UPDATE ilp_items SET item_value = ? WHERE id = ?");
						$addpoints->execute(array($points, $row['id']));
						
						if (1 != $addpoints->rowCount())
						{
							$tpl['error']['action'] = 'Punktzahl erhöhen';
							$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
							$tpl['error']['location'] = 'users.php:439';
							$tpl['error']['result'] = serialize($addpoints->errorInfo());
							$tpl['error']['level']	= '0 (base-php)';
						}
					}
					
					if (1 == $addevent->rowCount())
					{
						header ('Location: index.php?ilp='.ilpUrlEncode('events;edit;'.$_POST['addevent_eventname']));
					}
					else
					{
						$tpl['error']['action'] = 'Teilnahme hinzufügen';
						$tpl['error']['actor']	= $tpl['user']['login'].' – ID: '.$tpl['user']['id'];
						$tpl['error']['location'] = 'users.php:449';
						$tpl['error']['result'] = serialize($addevent->errorInfo());
						$tpl['error']['level']	= '0 (base-php)';
					}
				}
				else
				{
					$tpl['error']['message'] = $lang['users']['events']['add']['error'];
					$tpl['error']['ref'] = 'users;events;add;'.$_POST['addevent_user_id'];
				}
			}
			else
			{
				$tpl['error']['message'] = $lang['error']['incomplete'];
				$tpl['error']['ref'] = 'search;user;'.$_POST['addevent_user_id'];
			}
		}
	}
}

// Alle Benutzer anzeigen
elseif (!isset($tpl['url'][1]) || 'show' == $tpl['url'][1])
{
	$show_users = $db->prepare("SELECT id AS user_id, `char` FROM ilp_users WHERE id != 0");
	$show_users->execute();
	
	if (1 <= $show_users->rowCount())
	{
		$users = $show_users->fetchAll(PDO::FETCH_ASSOC);
		
		foreach ($users as $row)
		{
			$row['char'] = unserialize($row['char']);
			$tpl['users'][] = $row;
		}
		
		// Benutzer umsortieren
		$tpl['users'] = sortUsers($tpl['users']);
	}
	else
	{
		$tpl['users']['error'] = true;
	}
}
?>
Return current item: iLP System