function edit_user_sub()
{
global $ir, $c, $h, $userid;
$go = 0;
$user = abs(@intval($_POST['userid']));
if (!isset($_POST['level'])) {
$go = 1;
}
if (!isset($_POST['money'])) {
$go = 1;
}
if (!isset($_POST['bankmoney'])) {
$go = 1;
}
if (!isset($_POST['crystals'])) {
$go = 1;
}
if (!isset($_POST['strength'])) {
$go = 1;
}
if (!isset($_POST['agility'])) {
$go = 1;
}
if (!isset($_POST['guard'])) {
$go = 1;
}
if (!isset($_POST['labour'])) {
$go = 1;
}
if (!isset($_POST['IQ'])) {
$go = 1;
}
if (!isset($_POST['username'])) {
$go = 1;
}
if (!isset($_POST['login_name'])) {
$go = 1;
}
if ($go) {
$_POST['user'] = $_POST['userid'];
print "You did not fully fill out the form.";
edit_user_form();
} else {
$_POST['level'] = (int) $_POST['level'];
$_POST['strength'] = abs((int) $_POST['strength']);
$_POST['agility'] = abs((int) $_POST['agility']);
$_POST['guard'] = abs((int) $_POST['guard']);
$_POST['labour'] = abs((int) $_POST['labour']);
$_POST['IQ'] = abs((int) $_POST['IQ']);
$_POST['money'] = (int) $_POST['money'];
$_POST['bankmoney'] = (int) $_POST['bankmoney'];
$_POST['cybermoney'] = (int) $_POST['cybermoney'];
$_POST['crystals'] = (int) $_POST['crystals'];
$_POST['mailban'] = (int) $_POST['mailban'];
$_POST['hospital'] = abs((int) $_POST['hospital']);
$username = mysql_real_escape_string(strip_tags(stripslashes($_POST['username'])), $c);
$loginname = mysql_real_escape_string(strip_tags(stripslashes($_POST['login_name'])), $c);
$duties = mysql_real_escape_string(strip_tags(stripslashes($_POST['duties'])), $c);
$staffnotes = mysql_real_escape_string(strip_tags(stripslashes($_POST['staffnotes'])), $c);
$mb_reason = mysql_real_escape_string(strip_tags(stripslashes($_POST['mb_reason'])), $c);
$hospreason = mysql_real_escape_string(strip_tags(stripslashes($_POST['hospreason'])), $c);
//check for username usage
$u = mysql_query("SELECT * FROM users WHERE username='******' and userid != {$userid}", $c);
if (mysql_num_rows($u) != 0) {
print "That username is in use, choose another.";
print "<br /><a href='new_staff.php?action=edituser'>> Back</a>";
$h->endpage();
exit;
}
$oq = mysql_query("SELECT * FROM users WHERE userid={$userid}", $c);
if (mysql_num_rows($oq) == 0) {
print 'That user doesn\'t exist.';
print "<br /><a href='new_staff.php?action=edituser'>> Back</a>";
$h->endpage();
exit;
}
$rm = mysql_fetch_array($oq);
$energy = 10 + $_POST['level'] * 2;
$nerve = 3 + $_POST['level'] * 2;
$hp = 50 + $_POST['level'] * 50;
mysql_query("UPDATE users SET username='******', level={$_POST['level']},\n money={$_POST['money']}, crystals={$_POST['crystals']}, energy={$energy}, brave={$nerve},\n maxbrave={$nerve}, maxenergy={$energy}, hp={$hp}, maxhp={$hp}, hospital={$_POST['hospital']},\n duties='{$duties}', staffnotes='{$staffnotes}', mailban={$_POST['mailban']},\n mb_reason='{$mb_reason}', hospreason='{$hospreason}',\n login_name='{$loginname}' WHERE userid={$userid}", $c);
mysql_query("UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']},\n guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']} WHERE userid={$userid}", $c);
print "User edited....";
}
}
function edit_user_sub()
{
global $db, $ir, $c, $h, $userid;
if ($ir['user_level'] != 2) {
die("403");
}
$go = 0;
if (!isset($_POST['level'])) {
$go = 1;
}
if (!isset($_POST['money'])) {
$go = 1;
}
if (!isset($_POST['bankmoney'])) {
$go = 1;
}
if (!isset($_POST['crystals'])) {
$go = 1;
}
if (!isset($_POST['strength'])) {
$go = 1;
}
if (!isset($_POST['agility'])) {
$go = 1;
}
if (!isset($_POST['guard'])) {
$go = 1;
}
if (!isset($_POST['labour'])) {
$go = 1;
}
if (!isset($_POST['IQ'])) {
$go = 1;
}
if (!isset($_POST['robskill'])) {
$go = 1;
}
if (!isset($_POST['username'])) {
$go = 1;
}
if (!isset($_POST['login_name'])) {
$go = 1;
}
if ($go) {
print "You did not fully fill out the form.";
$_POST['user'] = $_POST['userid'];
edit_user_form();
} else {
$_POST['level'] = (int) $_POST['level'];
$_POST['strength'] = abs((int) $_POST['strength']);
$_POST['agility'] = abs((int) $_POST['agility']);
$_POST['guard'] = abs((int) $_POST['guard']);
$_POST['labour'] = abs((int) $_POST['labour']);
$_POST['IQ'] = abs((int) $_POST['IQ']);
$_POST['robskill'] = abs((int) $_POST['robskill']);
$_POST['money'] = (int) $_POST['money'];
$_POST['bankmoney'] = (int) $_POST['bankmoney'];
$_POST['cybermoney'] = (int) $_POST['cybermoney'];
$_POST['crystals'] = (int) $_POST['crystals'];
$_POST['mailban'] = (int) $_POST['mailban'];
$_POST['forumban'] = (int) $_POST['forumban'];
$maxwill = abs((int) $_POST['maxwill']);
//check for username usage
$u = $db->query("SELECT * FROM users WHERE username='******'username']}' and userid != {$_POST['userid']}");
if ($db->num_rows($u) != 0) {
print "That username is in use, choose another.";
print "<br /><a href='admin.php?action=edituser'>> Back</a>";
$h->endpage();
exit;
}
$oq = $db->query("SELECT * FROM users WHERE userid={$_POST['userid']}");
$rm = $db->fetch_row($oq);
$will = $rm['will'] > $maxwill ? $maxwill : $rm['will'];
$energy = 10 + $_POST['level'] * 2;
$nerve = 3 + $_POST['level'] * 2;
$hp = 50 + $_POST['level'] * 50;
$db->query("UPDATE users SET username='******'username']}', level={$_POST['level']}, money={$_POST['money']}, crystals={$_POST['crystals']}, energy={$energy}, brave={$nerve}, maxbrave={$nerve}, maxenergy={$energy}, hp={$hp}, maxhp={$hp}, hospital={$_POST['hospital']}, jail={$_POST['jail']}, duties='{$_POST['duties']}', staffnotes='{$_POST['staffnotes']}', mailban={$_POST['mailban']}, mb_reason='{$_POST['mb_reason']}', forumban={$_POST['forumban']}, fb_reason='{$_POST['fb_reason']}', hospreason='{$_POST['hospreason']}', jail_reason='{$_POST['jail_reason']}', login_name='{$_POST['login_name']}', will={$will}, maxwill={$maxwill} WHERE userid={$_POST['userid']}");
$db->query("UPDATE userstats SET strength={$_POST['strength']}, agility={$_POST['agility']}, guard={$_POST['guard']}, labour={$_POST['labour']}, IQ={$_POST['IQ']}, robskill={$_POST['robskill']} WHERE userid={$_POST['userid']}");
stafflog_add("Edited user {$_POST['username']} [{$_POST['userid']}]");
print "User edited....";
}
}
