function edit_user_sub() { global $ir, $c, $h, $userid; $go = 0; $user = abs(@intval($_POST['userid'])); if (!isset($_POST['level'])) { $go = 1; } if (!isset($_POST['money'])) { $go = 1; } if (!isset($_POST['bankmoney'])) { $go = 1; } if (!isset($_POST['crystals'])) { $go = 1; } if (!isset($_POST['strength'])) { $go = 1; } if (!isset($_POST['agility'])) { $go = 1; } if (!isset($_POST['guard'])) { $go = 1; } if (!isset($_POST['labour'])) { $go = 1; } if (!isset($_POST['IQ'])) { $go = 1; } if (!isset($_POST['username'])) { $go = 1; } if (!isset($_POST['login_name'])) { $go = 1; } if ($go) { $_POST['user'] = $_POST['userid']; print "You did not fully fill out the form."; edit_user_form(); } else { $_POST['level'] = (int) $_POST['level']; $_POST['strength'] = abs((int) $_POST['strength']); $_POST['agility'] = abs((int) $_POST['agility']); $_POST['guard'] = abs((int) $_POST['guard']); $_POST['labour'] = abs((int) $_POST['labour']); $_POST['IQ'] = abs((int) $_POST['IQ']); $_POST['money'] = (int) $_POST['money']; $_POST['bankmoney'] = (int) $_POST['bankmoney']; $_POST['cybermoney'] = (int) $_POST['cybermoney']; $_POST['crystals'] = (int) $_POST['crystals']; $_POST['mailban'] = (int) $_POST['mailban']; $_POST['hospital'] = abs((int) $_POST['hospital']); $username = mysql_real_escape_string(strip_tags(stripslashes($_POST['username'])), $c); $loginname = mysql_real_escape_string(strip_tags(stripslashes($_POST['login_name'])), $c); $duties = mysql_real_escape_string(strip_tags(stripslashes($_POST['duties'])), $c); $staffnotes = mysql_real_escape_string(strip_tags(stripslashes($_POST['staffnotes'])), $c); $mb_reason = mysql_real_escape_string(strip_tags(stripslashes($_POST['mb_reason'])), $c); $hospreason = mysql_real_escape_string(strip_tags(stripslashes($_POST['hospreason'])), $c); //check for username usage $u = mysql_query("SELECT * FROM users WHERE username='******' and userid != {$userid}", $c); if (mysql_num_rows($u) != 0) { print "That username is in use, choose another."; print "<br /><a href='new_staff.php?action=edituser'>> Back</a>"; $h->endpage(); exit; } $oq = mysql_query("SELECT * FROM users WHERE userid={$userid}", $c); if (mysql_num_rows($oq) == 0) { print 'That user doesn\'t exist.'; print "<br /><a href='new_staff.php?action=edituser'>> Back</a>"; $h->endpage(); exit; } $rm = mysql_fetch_array($oq); $energy = 10 + $_POST['level'] * 2; $nerve = 3 + $_POST['level'] * 2; $hp = 50 + $_POST['level'] * 50; mysql_query("UPDATE users SET username='******', level={$_POST['level']},\n money={$_POST['money']}, crystals={$_POST['crystals']}, energy={$energy}, brave={$nerve},\n maxbrave={$nerve}, maxenergy={$energy}, hp={$hp}, maxhp={$hp}, hospital={$_POST['hospital']},\n duties='{$duties}', staffnotes='{$staffnotes}', mailban={$_POST['mailban']},\n mb_reason='{$mb_reason}', hospreason='{$hospreason}',\n login_name='{$loginname}' WHERE userid={$userid}", $c); mysql_query("UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']},\n guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']} WHERE userid={$userid}", $c); print "User edited...."; } }
function edit_user_sub() { global $db, $ir, $c, $h, $userid; if ($ir['user_level'] != 2) { die("403"); } $go = 0; if (!isset($_POST['level'])) { $go = 1; } if (!isset($_POST['money'])) { $go = 1; } if (!isset($_POST['bankmoney'])) { $go = 1; } if (!isset($_POST['crystals'])) { $go = 1; } if (!isset($_POST['strength'])) { $go = 1; } if (!isset($_POST['agility'])) { $go = 1; } if (!isset($_POST['guard'])) { $go = 1; } if (!isset($_POST['labour'])) { $go = 1; } if (!isset($_POST['IQ'])) { $go = 1; } if (!isset($_POST['robskill'])) { $go = 1; } if (!isset($_POST['username'])) { $go = 1; } if (!isset($_POST['login_name'])) { $go = 1; } if ($go) { print "You did not fully fill out the form."; $_POST['user'] = $_POST['userid']; edit_user_form(); } else { $_POST['level'] = (int) $_POST['level']; $_POST['strength'] = abs((int) $_POST['strength']); $_POST['agility'] = abs((int) $_POST['agility']); $_POST['guard'] = abs((int) $_POST['guard']); $_POST['labour'] = abs((int) $_POST['labour']); $_POST['IQ'] = abs((int) $_POST['IQ']); $_POST['robskill'] = abs((int) $_POST['robskill']); $_POST['money'] = (int) $_POST['money']; $_POST['bankmoney'] = (int) $_POST['bankmoney']; $_POST['cybermoney'] = (int) $_POST['cybermoney']; $_POST['crystals'] = (int) $_POST['crystals']; $_POST['mailban'] = (int) $_POST['mailban']; $_POST['forumban'] = (int) $_POST['forumban']; $maxwill = abs((int) $_POST['maxwill']); //check for username usage $u = $db->query("SELECT * FROM users WHERE username='******'username']}' and userid != {$_POST['userid']}"); if ($db->num_rows($u) != 0) { print "That username is in use, choose another."; print "<br /><a href='admin.php?action=edituser'>> Back</a>"; $h->endpage(); exit; } $oq = $db->query("SELECT * FROM users WHERE userid={$_POST['userid']}"); $rm = $db->fetch_row($oq); $will = $rm['will'] > $maxwill ? $maxwill : $rm['will']; $energy = 10 + $_POST['level'] * 2; $nerve = 3 + $_POST['level'] * 2; $hp = 50 + $_POST['level'] * 50; $db->query("UPDATE users SET username='******'username']}', level={$_POST['level']}, money={$_POST['money']}, crystals={$_POST['crystals']}, energy={$energy}, brave={$nerve}, maxbrave={$nerve}, maxenergy={$energy}, hp={$hp}, maxhp={$hp}, hospital={$_POST['hospital']}, jail={$_POST['jail']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', forumban={$_POST['forumban']}, fb_reason='{$_POST['fb_reason']}', hospreason='{$_POST['hospreason']}', jail_reason='{$_POST['jail_reason']}', login_name='{$_POST['login_name']}', will={$will}, maxwill={$maxwill} WHERE userid={$_POST['userid']}"); $db->query("UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']}, guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']}, robskill={$_POST['robskill']} WHERE userid={$_POST['userid']}"); stafflog_add("Edited user {$_POST['username']} [{$_POST['userid']}]"); print "User edited...."; } }