public function content() { global $dbh, $postvar, $getvar, $instance; switch ($getvar['sub']) { default: if ($_POST) { check::empty_fields(); foreach ($postvar as $key => $value) { $broke = explode("_", $key); if ($broke[0] == "pages") { $postvar['perms'][$broke[1]] = $value; } } if (!main::errors()) { $staff_query = $dbh->select("staff", array("user", "=", $postvar['user']), 0, "1", 1); if (!check::email($postvar['email'])) { main::errors("Your email is the wrong format or is already in use by another staff member or client."); } elseif ($postvar['pass'] != $postvar['conpass']) { main::errors("Passwords don't match!"); } elseif ($dbh->num_rows($staff_query) >= 1) { main::errors("That account already exists!"); } else { if ($postvar['perms']) { foreach ($postvar['perms'] as $key => $value) { if ($n) { $perms .= ","; } if ($value == "1") { $perms .= $key; } $n++; } } $salt = crypto::salt(); $password = crypto::passhash($postvar['pass'], $salt); $staff_insert = array("user" => $postvar['user'], "name" => $postvar['name'], "email" => $postvar['email'], "password" => $password, "salt" => $salt, "perms" => $perms, "tzadjust" => $postvar['tzones']); $dbh->insert("staff", $staff_insert); main::errors("Account added!"); } } } $acpnav_query = $dbh->select("acpnav", array("link", "!=", "home"), array("id", "ASC"), 0, 1); $add_staff_member_array['PAGES'] = '<table width="100%" border="0" cellspacing="0" cellpadding="1">'; while ($acpnav_data = $dbh->fetch_array($acpnav_query)) { $add_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">' . $acpnav_data['visual'] . ':</td><td><input name="pages_' . $acpnav_data['id'] . '" id="pages_' . $acpnav_data['id'] . '" type="checkbox" value="1" /></td></tr>'; } $add_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">Paid Configuration:</td><td><input name="pages_paid" id="pages_paid" type="checkbox" value="1" /></td></tr>'; $add_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">P2H Forums:</td><td><input name="pages_p2h" id="pages_p2h" type="checkbox" value="1" /></td></tr>'; $add_staff_member_array['PAGES'] .= "</table>"; $add_staff_member_array['TZADJUST'] = main::tzlist(); echo style::replaceVar("tpl/admin/staff/add-staff-member.tpl", $add_staff_member_array); break; case "edit": if (isset($getvar['do'])) { $staff_data = $dbh->select("staff", array("id", "=", $getvar['do'])); if (!$staff_data["user"]) { echo "That account doesn't exist!"; } else { if ($_POST) { check::empty_fields(); foreach ($postvar as $key => $value) { $broke = explode("_", $key); if ($broke[0] == "pages") { $postvar['perms'][$broke[1]] = $value; } } if (!main::errors()) { if (!check::email($postvar['email'], $getvar['do'], "staff")) { main::errors("Your email is the wrong format or is already in use by another staff member or client."); } else { if ($postvar['perms']) { foreach ($postvar['perms'] as $key => $value) { if ($n) { $perms .= ","; } if ($value == "1") { $perms .= $key; } $n++; } } $staff_update = array("email" => $postvar['email'], "name" => $postvar['name'], "perms" => $perms, "tzadjust" => $postvar['tzones'], "user" => $postvar['user']); $dbh->update("staff", $staff_update, array("id", "=", $getvar['do'])); //Staff account edit complete main::done(); } } } $edit_staff_member_array['USER'] = $staff_data['user']; $edit_staff_member_array['EMAIL'] = $staff_data['email']; $edit_staff_member_array['NAME'] = $staff_data['name']; $edit_staff_member_array['TZADJUST'] = main::tzlist($staff_data['tzadjust']); $acpnav_query = $dbh->select("acpnav", array("link", "!=", "home"), array("id", "ASC"), 0, 1); $edit_staff_member_array['PAGES'] = '<table width="100%" border="0" cellspacing="0" cellpadding="1">'; while ($acpnav_data = $dbh->fetch_array($acpnav_query)) { if (!main::checkPerms($acpnav_data['id'], $staff_data['id'])) { $checked = 'checked="checked"'; } $edit_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">' . $acpnav_data['visual'] . ':</td><td><input name="pages_' . $acpnav_data['id'] . '" id="pages_' . $acpnav_data['id'] . '" type="checkbox" value="1" ' . $checked . '/></td></tr>' . "\n"; $checked = NULL; } if (substr_count($staff_data['perms'], "paid") == '1') { $paid_check = 'checked="checked"'; } if (substr_count($staff_data['perms'], "p2h") == '1') { $p2h_check = 'checked="checked"'; } $edit_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">Paid Configuration:</td><td><input name="pages_paid" id="pages_paid" type="checkbox" value="1" ' . $paid_check . '/></td></tr>' . "\n"; $edit_staff_member_array['PAGES'] .= '<tr><td width="30%" align="left">P2H Forums:</td><td><input name="pages_p2h" id="pages_p2h" type="checkbox" value="1" ' . $p2h_check . '/></td></tr>' . "\n"; $edit_staff_member_array['PAGES'] .= "</table>"; echo style::replaceVar("tpl/admin/staff/edit-staff-member.tpl", $edit_staff_member_array); } } else { $staff_query = $dbh->select("staff"); if ($dbh->num_rows($staff_query) == 0) { echo "There are no staff accounts to edit!"; } else { echo "<ERRORS>"; while ($staff_data = $dbh->fetch_array($staff_query)) { echo main::sub("<strong>" . $staff_data['user'] . "</strong>", '<a href="?page=staff&sub=edit&do=' . $staff_data['id'] . '"><img src="' . URL . 'themes/icons/pencil.png"></a>'); } } } break; case "delete": $staff_query = $dbh->select("staff"); if ($getvar['do'] && $dbh->num_rows($staff_query) > 1) { $dbh->delete("staff", array("id", "=", $getvar['do'])); main::errors("Staff Account Deleted!"); } elseif ($getvar['do']) { main::errors("Theres only one staff account!"); } if ($dbh->num_rows($staff_query) == 0) { echo "There are no staff accounts to edit!"; } else { $staff_query = $dbh->select("staff"); //This pulls the current staff list after deletion. echo "<ERRORS>"; while ($staff_data = $dbh->fetch_array($staff_query)) { echo main::sub("<strong>" . $staff_data['user'] . "</strong>", '<a href="?page=staff&sub=delete&do=' . $staff_data['id'] . '"><img src="' . URL . 'themes/icons/delete.png"></a>'); } } break; } }
function acp() { global $dbh, $postvar, $getvar, $instance; ob_start(); if ($_SESSION['clogged'] || $_SESSION['cuser']) { session_destroy(); main::redirect("?page=home"); } if (!$getvar['page']) { $getvar['page'] = "home"; } $page = $dbh->select("acpnav", array("link", "=", $getvar['page'])); // "Hack" to get the credits and tickets page looking nicer switch ($getvar["page"]) { case "credits": $header = "Credits"; break; default: if ($page['visual'] == "Tickets" && $getvar['mode'] == 'ticketsall') { $header = "All Tickets"; } else { $header = $page['visual']; } break; } $link = "pages/" . $getvar['page'] . ".php"; $staff_data = $dbh->select("staff", array("id", "=", $_SESSION['user'])); $user_perms = $staff_data['perms']; if (substr_count($user_perms, "paid") == '1') { $nopaid = '1'; } if (substr_count($user_perms, "p2h") == '1') { $nop2h = '1'; } if (!file_exists($link)) { $html = "<strong>THT Fatal Error:</strong> That page doesn't exist."; } elseif (!main::checkPerms($page['id']) && !$nopaid && !$nop2h && $user_perms) { $html = "You don't have access to this page."; } elseif ($getvar['page'] == "type" && $getvar['type'] == "paid" && $nopaid) { $html = "You don't have access to this page."; } elseif ($getvar['page'] == "type" && $getvar['type'] == "p2h" && $nop2h) { $html = "You don't have access to this page."; } else { include $link; $content = new page(); // Main Side Bar HTML $nav = "Sidebar Menu"; $sub = $dbh->select("acpnav", 0, array("id", "ASC")); while ($row = $dbh->fetch_array($sub)) { if (main::checkPerms($row['id'])) { $sidebarlink_array['IMGURL'] = $row['icon']; $sidebarlink_array['LINK'] = "?page=" . $row['link']; $sidebarlink_array['VISUAL'] = $row['visual']; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); } } // Types Navbar /* * When Working on the navbar, to make a spacer use this: * $sidebar_array['LINKS'] .= style::replaceVar("tpl/spacer.tpl"); */ foreach ($instance->packtypes as $key => $value) { if ($key == "paid" && $nopaid != "1" || $key == "p2h" && $nop2h != "1" || $key != "paid" && $key != "p2h") { if ($instance->packtypes[$key]->acpNav) { foreach ($instance->packtypes[$key]->acpNav as $key2 => $value) { $sidebarlink_array['IMGURL'] = $value[2]; $sidebarlink_array['LINK'] = "?page=type&type=" . $key . "&sub=" . $value[1]; $sidebarlink_array['VISUAL'] = $value[0]; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); if ($getvar['page'] == "type" && $getvar['type'] == $key && $getvar['sub'] == $value[1]) { define("SUB", $value[3]); $header = $value[3]; $getvar['myheader'] = $value[3]; } } } } } $sidebarlink_array['IMGURL'] = "information.png"; $sidebarlink_array['LINK'] = "?page=credits"; $sidebarlink_array['VISUAL'] = "Credits"; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); $sidebarlink_array['IMGURL'] = "delete.png"; $sidebarlink_array['LINK'] = "?page=logout"; $sidebarlink_array['VISUAL'] = "Logout"; $sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sidebarlink_array); $sidebar = style::replaceVar("tpl/sidebar.tpl", $sidebar_array); //Page Sidebar if ($content->navtitle) { $subnav = $content->navtitle; foreach ($content->navlist as $key => $value) { $sub_sidebarlink_array['IMGURL'] = $value[1]; $sub_sidebarlink_array['LINK'] = "?page=" . $getvar['page'] . "&sub=" . $value[2]; $sub_sidebarlink_array['VISUAL'] = $value[0]; $sub_sidebar_array['LINKS'] .= style::replaceVar("tpl/sidebar-link.tpl", $sub_sidebarlink_array); } $subsidebar = style::replaceVar("tpl/sidebar.tpl", $sub_sidebar_array); } if ($getvar['sub'] && $getvar['page'] != "type") { foreach ($content->navlist as $key => $value) { if ($value[2] == $getvar['sub']) { if (!$value[0]) { define("SUB", $getvar['page']); $header = $getvar['page']; } else { define("SUB", $value[0]); $header = $value[0]; } } } } if ($getvar['sub'] == "delete" && isset($getvar['do']) && !$_POST && !$getvar['confirm']) { foreach ($postvar as $key => $value) { $warning_array['HIDDEN'] .= '<input name="' . $key . '" type="hidden" value="' . $value . '" />'; } $warning_array['HIDDEN'] .= " "; $html = style::replaceVar("tpl/warning.tpl", $warning_array); } elseif ($getvar['sub'] == "delete" && isset($getvar['do']) && $_POST && !$getvar['confirm']) { if ($postvar['yes']) { foreach ($getvar as $key => $value) { if ($i) { $i = "&"; } else { $i = "?"; } $url .= $i . $key . "=" . $value; } $url .= "&confirm=1"; main::redirect($url); } elseif ($postvar['no']) { main::done(); } } else { if (isset($getvar['sub'])) { ob_start(); $content->content(); $html = ob_get_contents(); // Retrieve the HTML ob_clean(); // Flush the HTML } elseif ($content->navlist) { $html .= $content->description(); // First, we gotta get the page description. $html .= "<br /><br />"; // Break it up // Now we should prepend some stuff here $subsidebar2 .= "<strong>Page Submenu</strong><div class='break'></div>"; $subsidebar2 .= $subsidebar; // Done, now output it in a sub() table $html .= main::sub($subsidebar2, NULL); // Initial implementation, add the SubSidebar(var) into the description, basically append it } else { ob_start(); $content->content(); $html = ob_get_contents(); // Retrieve the HTML ob_clean(); // Flush the HTML } } } $staffuser = $dbh->staff($_SESSION['user']); define("SUB", $header); define("INFO", '<b>Welcome back, ' . strip_tags($staffuser['name']) . '</b><br />' . SUB); echo '<div id="left">'; echo main::table($nav, $sidebar); if ($content->navtitle) { echo "<br />"; echo main::table($subnav, $subsidebar); } echo '</div>'; echo '<div id="right">'; echo main::table($header, $html); echo '</div>'; $html_buff = ob_get_contents(); ob_clean(); return $html_buff; }