function misc_get_country_by_account($account)
{
global $sql, $core;
if ($core == 1) {
$ip = $sql["logon"]->fetch_assoc($sql["logon"]->query("SELECT lastip FROM accounts WHERE acct='" . $account . "';"));
} else {
$ip = $sql["logon"]->fetch_assoc($sql["logon"]->query("SELECT last_ip AS lastip FROM account WHERE id='" . $account . "';"));
}
return misc_get_country_by_ip($ip["lastip"]);
}
function browse_users(&$sqlr, &$sqlc)
{
global $output, $lang_global, $lang_user, $mmfpm_db, $action_permission, $user_lvl, $user_name, $itemperpage, $showcountryflag, $expansion_select, $gm_level_arr;
$active_realm_id_pq = "active_realm_id";
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
//-------------------SQL Injection Prevention--------------------------------
$start = isset($_GET['start']) ? $sqlr->quote_smart($_GET['start']) : 0;
if (is_numeric($start)) {
} else {
$start = 0;
}
$order_by = isset($_GET['order_by']) ? $sqlr->quote_smart($_GET['order_by']) : 'id';
if (preg_match('/^[_[:lower:]]{1,15}$/', $order_by)) {
} else {
$order_by = 'id';
}
$dir = isset($_GET['dir']) ? $sqlr->quote_smart($_GET['dir']) : 1;
if (preg_match('/^[01]{1}$/', $dir)) {
} else {
$dir = 1;
}
$order_dir = $dir ? 'ASC' : 'DESC';
$dir = $dir ? 0 : 1;
//-------------------Search--------------------------------------------------
$search_by = '';
$search_value = '';
// if we have a search request, if not we just return everything
if (isset($_GET['search_value']) && isset($_GET['search_by'])) {
// injection prevention
$search_value = $sqlr->quote_smart($_GET['search_value']);
$search_by = $sqlr->quote_smart($_GET['search_by']);
$search_menu = array('username', 'id', 'gmlevel', 'greater_gmlevel', 'email', 'joindate', 'last_ip', 'failed_logins', 'last_login', 'active_realm_id', 'banned', 'locked', 'expansion');
if (in_array($search_by, $search_menu)) {
} else {
$search_by = 'username';
}
unset($search_menu);
// special search cases
// developer note: 'if else' is always faster then 'switch case'
if ($search_by === 'greater_gmlevel') {
$sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,' . $active_realm_id_pq . ',expansion
FROM account WHERE gmlevel > "%' . $search_value . '%" ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . '';
$query_1 = $sqlr->query('SELECT count(*) FROM account WHERE gmlevel > "%' . $search_value . '%"');
} elseif ($search_by === 'banned') {
$sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,' . $active_realm_id_pq . ',expansion
FROM account WHERE id = 0 ';
$count_query = 'SELECT count(*) FROM account WHERE id = 0 ';
$que = $sqlr->query('SELECT id FROM account_banned');
while ($banned = $sqlr->fetch_assoc($que)) {
$sql_query .= 'OR id = ' . $banned['id'] . '';
$count_query .= 'OR id = ' . $banned['id'] . '';
}
$sql_query .= ' ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . '';
$query_1 = $sqlr->query($count_query);
unset($count_query);
} elseif ($search_by === 'failed_logins') {
$sql_query = 'SELECT * FROM account WHERE failed_logins > ' . $search_value . ' ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . '';
$query_1 = $sqlr->query('SELECT count(*) FROM account WHERE failed_logins > ' . $search_value . '');
} else {
// default search case
$sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,' . $active_realm_id_pq . ',expansion
FROM account WHERE ' . $search_by . ' LIKE "%' . $search_value . '%" ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . '';
$query_1 = $sqlr->query('SELECT count(*) FROM account WHERE ' . $search_by . ' LIKE "%' . $search_value . '%"');
}
$query = $sqlr->query($sql_query);
} else {
// get total number of items
$query_1 = $sqlr->query('SELECT count(*) FROM account');
$query = $sqlr->query('SELECT *
FROM account ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . '');
}
// this is for multipage support
$all_record = $sqlr->result($query_1, 0);
unset($query_1);
//==========================top tage navigaion starts here========================
// we start with a lead of 10 spaces,
// because last line of header is an opening tag with 8 spaces
// keep html indent in sync, so debuging from browser source would be easy to read
$output .= '
<!-- start of user.php -->
<script type="text/javascript" src="libs/js/check.js"></script>
<center>
<table class="top_hidden">
<tr>
<td>';
if ($user_lvl >= $action_permission['insert']) {
makebutton($lang_user['add_acc'], 'user.php?action=add_new', 130);
// backup is broken
// makebutton($lang_user['backup'], 'backup.php', 130);
}
// cleanup unknown working condition
//if($user_lvl >= $action_permission['delete'])
// makebutton($lang_user['cleanup'], 'cleanup.php', 130);
makebutton($lang_global['back'], 'javascript:window.history.back()', 130);
if ($search_by && $search_value) {
makebutton($lang_user['user_list'], 'user.php', 130);
}
$output .= '
</td>
<td align="right" width="25%" rowspan="2">';
// multi page links
$output .= $lang_user['tot_acc'] . ' : ' . $all_record . '<br /><br />' . generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start);
// this part for search
$output .= '
</td>
</tr>
<tr align="left">
<td>
<table class="hidden">
<tr>
<td>
<form action="user.php" method="get" name="form">
<input type="hidden" name="error" value="3" />
<input type="text" size="24" maxlength="50" name="search_value" value="' . $search_value . '" />
<select name="search_by">
<option value="username"' . ($search_by === 'username' ? ' selected="selected"' : '') . '>' . $lang_user['by_name'] . '</option>
<option value="id"' . ($search_by === 'id' ? ' selected="selected"' : '') . '>' . $lang_user['by_id'] . '</option>
<option value="gmlevel"' . ($search_by === 'gmlevel' ? ' selected="selected"' : '') . '>' . $lang_user['by_gm_level'] . '</option>
<option value="greater_gmlevel"' . ($search_by === 'greater_gmlevel' ? ' selected="selected"' : '') . '>' . $lang_user['greater_gm_level'] . '</option>
<option value="expansion"' . ($search_by === 'expansion' ? ' selected="selected"' : '') . '>' . $lang_user['by_expansion'] . '</option>
<option value="email"' . ($search_by === 'email' ? ' selected="selected"' : '') . '>' . $lang_user['by_email'] . '</option>
<option value="joindate"' . ($search_by === 'joindate' ? ' selected="selected"' : '') . '>' . $lang_user['by_join_date'] . '</option>
<option value="last_ip"' . ($search_by === 'last_ip' ? ' selected="selected"' : '') . '>' . $lang_user['by_ip'] . '</option>
<option value="failed_logins"' . ($search_by === 'failed_logins' ? ' selected="selected"' : '') . '>' . $lang_user['by_failed_loggins'] . '</option>
<option value="last_login"' . ($search_by === 'last_login' ? ' selected="selected"' : '') . '>' . $lang_user['by_last_login'] . '</option>
<option value="active_realm_id"' . ($search_by === 'active_realm_id' ? ' selected="selected"' : '') . '>' . $lang_user['by_online'] . '</option>
<option value="locked"' . ($search_by === 'locked' ? ' selected="selected"' : '') . '>' . $lang_user['by_locked'] . '</option>
<option value="banned"' . ($search_by === 'banned' ? ' selected="selected"' : '') . '>' . $lang_user['by_banned'] . '</option>
</select>
</form>
</td>
<td>';
makebutton($lang_global['search'], 'javascript:do_submit()', 80);
$output .= '
</td>
</tr>
</table>
</td>
</tr>
</table>';
//==========================top tage navigaion ENDS here ========================
$output .= '
<form method="get" action="user.php" name="form1">
<input type="hidden" name="action" value="del_user" />
<input type="hidden" name="start" value="' . $start . '" />
<input type="hidden" name="backup_op" value="0"/>
<table class="lined">
<tr>';
// column headers, with links for sorting
// first column is the selection check box
if ($user_lvl >= $action_permission['insert']) {
$output .= '
<th width="1%">
<input name="allbox" type="checkbox" value="Check All" onclick="CheckAll(document.form1);" />
</th>';
} else {
$output .= '
<th width="1%"></th>';
}
$output .= '
<th width="1%"><a href="user.php?order_by=id&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'id' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['id'] . '</a></th>
<th width="1%"><a href="user.php?order_by=username&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'username' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['username'] . '</a></th>
<th width="1%"><a href="user.php?order_by=gmlevel&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'gmlevel' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['gm_level'] . '</a></th>';
if ($expansion_select) {
$output .= '
<th width="1%"><a href="user.php?order_by=expansion&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'expansion' ? ' class="' . $order_dir . '"' : '') . '>EXP</a></th>';
}
$output .= '
<th width="1%"><a href="user.php?order_by=email&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'email' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['email'] . '</a></th>
<th width="1%"><a href="user.php?order_by=joindate&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'joindate' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['join_date'] . '</a></th>
<th width="1%"><a href="user.php?order_by=last_ip&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'last_ip' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['ip'] . '</a></th>
<th width="1%"><a href="user.php?order_by=failed_logins&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'failed_logins' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['failed_logins'] . '</a></th>
<th width="1%"><a href="user.php?order_by=locked&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'locked' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['locked'] . '</a></th>
<th width="1%"><a href="user.php?order_by=last_login&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'last_login' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['last_login'] . '</a></th>
<th width="1%"><a href="user.php?order_by=active_realm_id&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'active_realm_id' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['online'] . '</a></th>';
if ($showcountryflag) {
require_once 'libs/misc_lib.php';
$output .= '
<th width="1%">' . $lang_global['country'] . '</th>';
}
$output .= '
</tr>';
//---------------Page Specific Data Starts Here--------------------------
while ($data = $sqlr->fetch_assoc($query)) {
if ($user_lvl >= $data['gmlevel'] || $user_name === $data['username']) {
$output .= '
<tr>';
if ($user_lvl >= $action_permission['insert']) {
$output .= '
<td><input type="checkbox" name="check[]" value="' . $data['id'] . '" onclick="CheckCheckAll(document.form1);" /></td>';
} else {
$output .= '
<td></td>';
}
$output .= '
<td>' . $data['id'] . '</td>
<td>
<a href="user.php?action=edit_user&error=11&id=' . $data['id'] . '">' . $data['username'] . '</a>
</td>
<td>' . $gm_level_arr[$data['gmlevel']][2] . '</td>';
if ($expansion_select) {
$exp_lvl_arr = id_get_exp_lvl();
$output .= '
<td>' . $exp_lvl_arr[$data['expansion']][2] . '</td>';
unset($exp_lvl_arr);
}
if ($user_lvl >= $action_permission['update'] || $user_name === $data['username']) {
$output .= '
<td><a href="mailto:' . $data['email'] . '">' . substr($data['email'], 0, 15) . '</a></td>';
} else {
$output .= '
<td>***@***.***</td>';
}
$output .= '
<td class="small">' . $data['joindate'] . '</td>';
if ($user_lvl >= $action_permission['update'] || $user_name === $data['username']) {
$output .= '
<td>' . $data['last_ip'] . '</td>';
} else {
$output .= '
<td>*******</td>';
}
$output .= '
<td>' . ($data['failed_logins'] ? $data['failed_logins'] : '-') . '</td>
<td>' . ($data['locked'] ? $lang_global['yes_low'] : '-') . '</td>
<td class="small">' . $data['last_login'] . '</td>
<td>' . ($data['active_realm_id'] ? '<img src="img/up.gif" alt="" />' : '-') . '</td>';
if ($showcountryflag) {
$country = misc_get_country_by_ip($data['last_ip'], $sqlm);
$output .= '
<td>' . ($country['code'] ? '<img src="img/flags/' . $country['code'] . '.png" onmousemove="toolTip(\'' . $country['country'] . '\', \'item_tooltip\')" onmouseout="toolTip()" alt="" />' : '-') . '</td>';
}
$output .= '
</tr>';
} else {
$output .= '
<tr>
<td>*</td><td>***</td><td>You</td><td>Have</td><td>No</td>
<td class=\\"small\\">Permission</td><td>to</td><td>View</td><td>this</td><td>Data</td><td>***</td>';
if ($expansion_select) {
$output .= '
<td>*</td>';
}
if ($showcountryflag) {
$output .= '
<td>*</td>';
}
$output .= '
</tr>';
}
}
$output .= '
<tr>
<td colspan="';
if ($expansion_select || $showcountryflag) {
if ($expansion_select && $showcountryflag) {
$output .= '13';
} else {
$output .= '12';
}
} else {
$output .= '11';
}
$output .= '" class="hidden" align="right" width="25%">';
$output .= generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
<tr>
<td colspan="8" align="left" class="hidden">';
if ($user_lvl >= $action_permission['delete']) {
makebutton($lang_user['del_selected_users'], 'javascript:do_submit(\'form1\',0)" type="wrn', 230);
}
// backup is broken
//if($user_lvl >= $action_permission['insert'])
// makebutton($lang_user['backup_selected_users'], 'javascript:do_submit(\'form1\',1)',230);
$output .= '
</td>
<td colspan="';
if ($expansion_select || $showcountryflag) {
if ($expansion_select && $showcountryflag) {
$output .= '5';
} else {
$output .= '4';
}
} else {
$output .= '3';
}
$output .= '" align="right" class="hidden">' . $lang_user['tot_acc'] . ' : ' . $all_record . '</td>
</tr>
</table>
</form>
<br />
</center>
<!-- end of user.php -->';
}
function misc_get_country_by_account($account, &$sqlr, &$sqlm)
{
$ip = $sqlr->fetch_assoc($sqlr->query('SELECT last_ip FROM account WHERE id=' . $account . ';'));
return misc_get_country_by_ip($ip['last_ip'], $sqlm);
}
function main()
{
global $output, $realm_id, $world_db, $logon_db, $characters_db, $corem_db, $server, $action_permission, $user_lvl, $user_id, $site_encoding, $hide_coupons, $locales_search_option, $base_datasite, $item_datasite, $showcountryflag, $gm_online_count, $gm_online, $itemperpage, $hide_uptime, $player_online, $hide_max_players, $hide_avg_latency, $hide_plr_latency, $hide_server_mem, $sql, $core;
// do any raffle drawings that are necessary
do_raffles();
// check achievement contests
do_contests();
$output .= '
<div class="top">';
//---------------------Information for Explorer Users--------------------------
if (preg_match("/MSIE/", $_SERVER["HTTP_USER_AGENT"])) {
$msie = '
<br />
<span id="index_explorer_warning">' . lang("index", "explorer_warn") . '</span>
<br />';
} else {
$msie = '';
}
//-----------------------------------------------------------------------------
if (test_port($server[$realm_id]["addr"], $server[$realm_id]["game_port"])) {
if ($core == 1) {
$stats = get_uptime($server[$realm_id]["stats.xml"]);
$staticUptime = ' <em>' . htmlentities(get_realm_name($realm_id), ENT_COMPAT, $site_encoding) . '</em> <br />' . $stats["platform"][4] . ' ' . $stats["platform"][5] . ' ' . $stats["platform"][6];
if (!$hide_uptime) {
$staticUptime .= '<br />' . lang("index", "online") . ' for ' . $stats["uptime"];
}
$output .= '
<div id="uptime">' . $msie . '
<h1>
<span id="index_realm_info">
<span>' . $staticUptime . '</span>';
if (!$hide_max_players) {
$output .= '
<br />
<span>' . lang("index", "maxplayers") . ': </span>
<span class="index_realm_info_value">' . $stats["peak"] . '</span>';
}
if (!$hide_avg_latency) {
$output .= '
<br />
<span>' . lang("index", "avglat") . ': </span>
<span class="index_realm_info_value">' . $stats["avglat"] . '</span>';
}
$output .= '
<br />';
if ($hide_server_mem != 0) {
if ($hide_server_mem == 2 || $user_lvl == $action_permission["delete"]) {
$output .= '
<span>' . lang("index", "cpu") . ': </span>
<span class="index_realm_info_value">' . $stats["cpu"] . '%, </span>
<span>' . lang("index", "ram") . ': </span>
<span class="index_realm_info_value">' . $stats["ram"] . ' MB, </span>
<span>' . lang("index", "threads") . ': </span>
<span class="index_realm_info_value">' . $stats["threads"] . '</span>';
}
}
$output .= '
</span>
</h1>
</div>';
} else {
$stats = $sql["logon"]->fetch_assoc($sql["logon"]->query("SELECT starttime, maxplayers FROM uptime WHERE realmid='" . $realm_id . "' ORDER BY starttime DESC LIMIT 1"), 0);
$uptimetime = time() - $stats["starttime"];
// a more reliable method of counting how many characters have been online since server start
//$maxplayers_query = "SELECT COUNT(*) FROM `".$characters_db[$realm_id]["name"]."`.characters WHERE logout_time>='".$stats["starttime"]."' AND logout_time>=(SELECT UNIX_TIMESTAMP(last_login) FROM `".$logon_db["name"]."`.account WHERE id=`".$characters_db[$realm_id]["name"]."`.characters.account)";
//$maxplayers_result = $sql["char"]->query($maxplayers_query);
//$maxplayers_result = $sql["char"]->fetch_assoc($maxplayers_result);
//$stats["maxplayers"] = $maxplayers_result["COUNT(*)"];
function format_uptime($seconds)
{
$secs = intval($seconds % 60);
$mins = intval($seconds / 60 % 60);
$hours = intval($seconds / 3600 % 24);
$days = intval($seconds / 86400);
if ($days > 365) {
$days = intval($seconds / 86400 % 365.24);
$years = intval($seconds / 31556926);
}
$uptimeString = '';
if ($years) {
// we have a server that has been up for over a year? O_o
// actually, it's probably because the server didn't write a useful
// value to the uptime table's starttime field.
$uptimeString .= $years;
$uptimeString .= $years == 1 ? ' ' . lang("index", "uptime_year") : ' ' . lang("index", "uptime_years");
if ($days) {
$uptimeString .= ($years > 0 ? ', ' : '') . $days;
$uptimeString .= $days == 1 ? ' ' . lang("index", "uptime_day") : ' ' . lang("index", "uptime_days");
}
} else {
if ($days) {
$uptimeString .= $days;
$uptimeString .= $days == 1 ? ' ' . lang("index", "uptime_day") : ' ' . lang("index", "uptime_days");
}
}
if ($hours) {
$uptimeString .= ($days > 0 ? ', ' : '') . $hours;
$uptimeString .= $hours == 1 ? ' ' . lang("index", "uptime_hour") : ' ' . lang("index", "uptime_hours");
}
if ($mins) {
$uptimeString .= ($days > 0 || $hours > 0 ? ', ' : '') . $mins;
$uptimeString .= $mins == 1 ? ' ' . lang("index", "uptime_minute") : ' ' . lang("index", "uptime_minutes");
}
if ($secs) {
$uptimeString .= ($days > 0 || $hours > 0 || $mins > 0 ? ', ' : '') . $secs;
$uptimeString .= $secs == 1 ? ' ' . lang("index", "uptime_second") : ' ' . lang("index", "uptime_seconds");
}
return $uptimeString;
}
$staticUptime = ' <em>' . htmlentities(get_realm_name($realm_id), ENT_COMPAT, $site_encoding) . '</em> ';
if (!$hide_uptime) {
if ($stats["starttime"] != 0) {
$staticUptime .= '<br /><span>' . lang("index", "online") . format_uptime($uptimetime) . '</span>';
} else {
$staticUptime .= '<br /><span style="color:orange">' . lang("index", "time_error1") . ': <br>' . format_uptime($uptimetime) . '</span><br><span style="color:red">' . lang("index", "time_error2") . '</span>';
}
}
unset($uptimetime);
$output .= '
<div id="uptime">' . $msie . '
<h1>
<span id="index_realm_info">' . $staticUptime;
if (!$hide_max_players) {
$output .= '
<br />
<span>' . lang("index", "maxplayers") . ': </span>
<span class="index_realm_info_value">' . $stats["maxplayers"] . '</span>';
}
// this_is_junk: MaNGOS doesn't store player latency. :/
if ($core == 3) {
if (!$hide_avg_latency) {
$lat_query = "SELECT SUM(latency), COUNT(*) FROM characters WHERE online=1";
$lat_result = $sql["char"]->query($lat_query);
$lat_fields = $sql["char"]->fetch_assoc($lat_result);
$avglat = sprintf("%.3f", $lat_fields["SUM(latency)"] / $lat_fields["COUNT(*)"]);
$output .= '
<br />
<span>' . lang("index", "avglat") . ': </span>
<span class="index_realm_info_value">' . $avglat . '</span>';
}
}
$output .= '
</span>
</h1>
</div>';
unset($stats);
$online = true;
}
unset($staticUptime);
//unset($stats);
$online = true;
} else {
$output .= $msie . '<h1><span class="error">' . lang("index", "realm") . ' <em>' . htmlentities(get_realm_name($realm_id), ENT_COMPAT, $site_encoding) . '</em> ' . lang("index", "offline_or_let_high") . '</span></h1>';
$online = false;
}
//close the div
$output .= '
</div>';
// MOTDs
// get our MotDs...
$motd = "";
$motd_result = $sql["mgr"]->query("SELECT *, UNIX_TIMESTAMP(Created) AS Created, UNIX_TIMESTAMP(Last_Edited) AS Last_Edited FROM motd WHERE Enabled<>0 AND (Target='" . $user_id . "' OR Target=0) ORDER BY Priority ASC");
// if we don't get any MotDs, it'll stay empty
if ($user_lvl >= $action_permission["update"]) {
$output .= '
<script type="text/javascript">
// <![CDATA[
answerbox.btn_ok = "' . lang("global", "yes_low") . '";
answerbox.btn_cancel = "' . lang("global", "no") . '";
var del_motd = "motd.php?action=delete_motd&id=";
// ]]>
</script>';
}
if ($sql["mgr"]->num_rows($motd_result) > 0) {
$output .= '
<div class="div_lined">
<div class="div_lined_head">
<span>' . lang("index", "motd") . '</span>
</div>';
}
while ($temp = $sql["mgr"]->fetch_assoc($motd_result)) {
if ($user_lvl >= $temp["Min_Sec_Level"]) {
$motd = bb2html($temp["Message"]) . "<br /><br />";
if ($motd) {
if ($temp["Target"] != 0) {
$output .= '
<div class="div_lined_line left_text">' . lang("motd", "private") . '</div>';
}
$output .= '
<div class="div_lined_line left_text">';
$output .= $motd;
$output .= '
<br />';
// Get User Name for poster
if ($core == 1) {
$posted_name_query = "SELECT login FROM accounts WHERE acct='" . $temp["Created_By"] . "'";
} else {
$posted_name_query = "SELECT username AS login FROM account WHERE id='" . $temp["Created_By"] . "'";
}
$posted_name_result = $sql["logon"]->query($posted_name_query);
$posted_name = $sql["logon"]->fetch_assoc($posted_name_result);
$posted_name = $posted_name["login"];
// Get Screen Name for poster, if available
$posted_screenname_query = "SELECT ScreenName FROM config_accounts WHERE Login='******'";
$posted_screenname_result = $sql["mgr"]->query($posted_screenname_query);
$posted_screenname = $sql["mgr"]->fetch_assoc($posted_screenname_result);
if ($posted_screenname["ScreenName"] != NULL) {
$posted_name = htmlspecialchars($posted_screenname["ScreenName"]);
}
// if the Server Message is posted by the system, Created_By will be zero
if ($temp["Created_By"] != 0) {
$output .= '
<span>' . lang("motd", "posted_by") . ':</span>';
if ($user_lvl > -1) {
$output .= '
<a href="user.php?action=edit_user&error=11&acct=' . $temp["Created_By"] . '">';
}
$output .= '
<span>' . $posted_name . '</span>';
if ($user_lvl > -1) {
$output .= '
</a>';
}
$output .= '
<span>(' . date("M d, Y @ H:i:s", $temp["Created"]) . ')</span>';
} else {
$output .= '
<span>' . lang("motd", "posted") . ': ' . date("M d, Y @ H:i:s", $temp["Created"]) . '</span>';
}
// Get User Name for last editor
if ($core == 1) {
$edited_name_query = "SELECT login FROM accounts WHERE acct='" . $temp["Last_Edited_By"] . "'";
} else {
$edited_name_query = "SELECT username AS login FROM account WHERE id='" . $temp["Last_Edited_By"] . "'";
}
$edited_name_result = $sql["logon"]->query($edited_name_query);
$edited_name = $sql["logon"]->fetch_assoc($edited_name_result);
$edited_name = $edited_name["login"];
// Get Screen Name for last editor, if available
$edited_screenname_query = "SELECT ScreenName FROM config_accounts WHERE Login='******'";
$edited_screenname_result = $sql["mgr"]->query($edited_screenname_query);
$edited_screenname = $sql["mgr"]->fetch_assoc($edited_screenname_result);
if ($edited_screenname["ScreenName"] != NULL) {
$edited_name = htmlspecialchars($edited_screenname["ScreenName"]);
}
if ($temp["Last_Edited_By"] != 0) {
$output .= '
<br />
<div>
<span>' . lang("motd", "edited_by") . ':</span>';
if ($user_lvl > -1) {
$output .= '
<a href="user.php?action=edit_user&error=11&acct=' . $temp["Last_Edited_By"] . '">';
}
$output .= '
<span>' . $edited_name . '</span>';
if ($user_lvl > -1) {
$output .= '
</a>';
}
$output .= '
<span>(' . date("M d, Y @ H:i:s", $temp["Last_Edited"]) . ')</span>
</div>';
}
$output .= '
</div>';
if ($user_lvl >= $action_permission["update"]) {
$output .= '
<div class="div_lined_line right_text">
<img src="img/aff_cross.png" width="16" height="16" onclick="answerBox(\'' . lang("global", "delete") . ': <font color=white>' . $temp["ID"] . '</font><br />' . lang("global", "are_you_sure") . '\', del_motd + ' . $temp["ID"] . ');" alt="" />';
}
if ($user_lvl >= $action_permission["update"]) {
$output .= '
<a href="motd.php?action=edit_motd&error=3&id=' . $temp["ID"] . '">
<img src="img/edit.png" width="16" height="16" alt="" />
</a>
</div>';
}
$output .= '
<br />';
}
}
}
if ($sql["mgr"]->num_rows($motd_result)) {
$output = substr($output, 0, strlen($output) - 24);
}
if ($sql["mgr"]->num_rows($motd_result) > 0) {
$output .= '
</div>';
}
if ($user_lvl >= $action_permission["insert"]) {
$output .= '
<div class="div_lined">
<div class="div_lined_head right_text">
<a href="motd.php?action=add_motd&error=4">' . lang("index", "add_motd") . '</a>
</div>
</div>';
}
// Coupons
if (!$hide_coupons) {
$coupon_query = "SELECT * FROM point_system_coupons WHERE ((target='0' AND contest='0') OR target='" . $user_id . "') AND enabled='1'";
$coupon_result = $sql["mgr"]->query($coupon_query);
if ($sql["mgr"]->num_rows($coupon_result) > 0) {
$output .= '
<br />
<div class="div_lined">
<div class="div_lined_head">
<span>' . lang("index", "avail_coupons") . '</span>
</div>';
while ($coupon = $sql["mgr"]->fetch_assoc($coupon_result)) {
$usage_query = "SELECT * FROM point_system_coupon_usage WHERE coupon='" . $coupon["entry"] . "' AND user='******'";
$usage_result = $sql["mgr"]->query($usage_query);
if ($sql["mgr"]->num_rows($usage_result) < $coupon["usage_limit"] || $coupon["usage_limit"] == -1) {
$output .= '
<div class="div_lined_line left_text">
<span>' . $coupon["title"] . '</span>
</div>';
if ($coupon["text"] != "") {
$output .= '
<div class="div_lined_line left_text">
<span>' . $coupon["text"] . '</span>
</div>';
}
if ($coupon["credits"] != 0 || $coupon["money"] != 0 || $coupon["item_id"] != 0 || $coupon["raffle_id"] != 0) {
$output .= '
<div class="div_lined_line left_text">
<span>' . lang("index", "coupon_value") . ':</span>';
if ($coupon["credits"] > 0) {
if ($coupon["credits"] > 1) {
$tip = lang("index", "coupon_credits");
} else {
$tip = lang("index", "coupon_credit");
}
$output .= '
<br />
<br />
<span>' . $coupon["credits"] . '</span>
<span>' . $tip . '</span>';
}
if ($coupon["money"] > 0) {
// extract gold/silver/copper from single gold number
$coupon["money"] = str_pad($coupon["money"], 4, "0", STR_PAD_LEFT);
$coupon_g = substr($coupon["money"], 0, -4);
if ($coupon_g == "") {
$coupon_g = 0;
}
$coupon_s = substr($coupon["money"], -4, 2);
if ($coupon_s == "" || $coupon_s == "00") {
$coupon_s = 0;
}
$coupon_c = substr($coupon["money"], -2);
if ($coupon_c == "" || $coupon_c == "00") {
$coupon_c = 0;
}
$output .= '
<br />
<br />
<span>' . $coupon_g . '</span>
<img src="img/gold.gif" alt="gold" />
<span>' . $coupon_s . '</span>
<img src="img/silver.gif" alt="gold" />
<span>' . $coupon_c . '</span>
<img src="img/copper.gif" alt="gold" />';
}
if ($coupon["item_id"] != 0) {
if ($coupon["item_id"] > 0) {
// get item data
if ($core == 1) {
$i_query = "SELECT \r\n *, description AS description1, name1 AS name, quality AS Quality, inventorytype AS InventoryType, \r\n socket_color_1 AS socketColor_1, socket_color_2 AS socketColor_2, socket_color_3 AS socketColor_3,\r\n requiredlevel AS RequiredLevel, allowableclass AS AllowableClass,\r\n sellprice AS SellPrice, itemlevel AS ItemLevel\r\n FROM items " . ($locales_search_option != 0 ? "LEFT JOIN items_localized ON (items_localized.entry=items.entry AND language_code='" . $locales_search_option . "') " : " ") . "WHERE items.entry='" . $coupon["item_id"] . "'";
} else {
$i_query = "SELECT *, description AS description1 FROM item_template " . ($locales_search_option != 0 ? "LEFT JOIN locales_item ON locales_item.entry=item_template.entry " : " ") . "WHERE item_template.entry='" . $coupon["item_id"] . "'";
}
$i_result = $sql["world"]->query($i_query);
$i = $sql["world"]->fetch_assoc($i_result);
$output .= '
<br />
<br />
<div class="coupon_item">
<div>
<a href="' . $base_datasite . $item_datasite . $coupon["item_id"] . '" rel="external" onmouseover="ShowTooltip(this,\'_b' . $coupon["entry"] . '\');" onmouseout="HideTooltip(\'_b' . $coupon["entry"] . '\');">
<img src="' . get_item_icon($coupon["item_id"]) . '" alt="" />
</a>';
if ($coupon["item_count"] > 1) {
$output .= '
<div class="ch_inv_quantity_shadow">' . $coupon["item_count"] . '</div>
<div class="ch_inv_quantity">' . $coupon["item_count"] . '</div>';
}
$output .= '
</div>';
// build a tooltip object for this item
$output .= '
<div class="item_tooltip_div" id="tooltip_b' . $coupon["entry"] . '" style="left: -129px; top: 42px;">
<div>' . get_item_tooltip($i, 0, 0, 0, 0, 0) . '</div>
</div>';
$output .= '
</div>';
} else {
$output .= '
<br />
<br />
<div class="coupon_item">
<div>
<a href="point_system.php?action=view_bag&bag_id=' . $coupon["item_id"] * -1 . '" onmousemove="oldtoolTip(\'' . lang("points", "prize_bag") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()">
<img src="' . get_item_icon(1725) . '" alt="" />
</a>
</div>
</div>';
}
}
if ($coupon["raffle_id"] != 0) {
// find out how many entries per user the raffle allows and whether the raffle is enabled
if ($coupon["raffle_id"] != -1) {
$query = "SELECT tickets_per_user, enabled FROM point_system_raffles WHERE entry='" . $coupon["raffle_id"] . "'";
$result = $sql["mgr"]->query($query);
$result = $sql["mgr"]->fetch_assoc($result);
$per_user = $result["tickets_per_user"];
$raffle_enabled = $result["enabled"];
// if tickets_per_user is -1 then its unlimited, fake it with a reasonably high number
$per_user = 999999999;
} else {
// if it allows any raffle, then fake it
$per_user = 999999999;
$raffle_enabled = 1;
}
if ($raffle_enabled) {
// find out how many time we've entered
$query = "SELECT COUNT(*) FROM point_system_raffle_tickets WHERE raffle='" . $coupon["raffle_id"] . "' AND user='******'";
$result = $sql["mgr"]->query($query);
$result = $sql["mgr"]->fetch_assoc($result);
$tickets = $result["COUNT(*)"];
// if we haven't already purchased the maximum number of tickets
// or the raffle allows purchase of tickets from any raffle
if ($tickets < $per_user || $coupon["raffle_id"] == -1) {
if ($coupon["redemption_option"] == 0) {
$output .= '
<br />
<br />
<span>' . lang("index", "and_raffle") . '</span>';
} else {
$output .= '
<br />
<br />
<span>' . lang("index", "or_raffle") . '</span>';
}
}
}
}
$output .= '
</div>';
}
if ($coupon["credits"] < 0) {
$message = lang("points", "coupon_cost_credits");
$message = str_replace("%1", $coupon["credits"] * -1, $message);
$output .= '
<div class="div_lined_line right_text">
<span>' . $message . '</span>
</div>';
}
if ($coupon["money"] < 0) {
$coupon["money"] = $coupon["money"] * -1;
$coupon_money = $coupon["money"];
$coupon_money = str_pad($coupon_money, 4, "0", STR_PAD_LEFT);
$cg = substr($coupon_money, 0, -4);
if ($cg == "") {
$cg = 0;
}
$cs = substr($coupon_money, -4, 2);
if ($cs == "" || $cs == "00") {
$cs = 0;
}
$cc = substr($coupon_money, -2);
if ($cc == "" || $cc == "00") {
$cc = 0;
}
$coupon_money_display = '
<span>' . $cg . '</span>
<img src="img/gold.gif" alt="" align="middle" />
<span>' . $cs . '</span>
<img src="img/silver.gif" alt="" align="middle" />
<span>' . $cc . '</span>
<img src="img/copper.gif" alt="" align="middle" />';
$message = lang("points", "coupon_cost_money");
$message = str_replace("%1", $coupon_money_display, $message);
$output .= '
<div class="div_lined_line right_text">
<span>' . $message . '</span>
</div>';
}
$output .= '
<div class="div_lined_line right_text">
<a href="point_system.php?action=redeem_coupon&coupon_id=' . $coupon["entry"] . '">
<img src="img/star.png" width="16" height="16" alt="" />
<span> ' . lang("index", "use_coupon") . '</span>
</a>
</div>';
$output .= '
<br />';
}
}
if ($sql["mgr"]->num_rows($coupon_result)) {
$output = substr($output, 0, strlen($output) - 20);
}
$output .= '
</div>';
}
}
// GM Tickets
$start_m = isset($_GET["start_m"]) ? $sql["char"]->quote_smart($_GET["start_m"]) : 0;
if (!is_numeric($start_m)) {
$start_m = 0;
}
if ($core == 1) {
$all_record_m = $sql["char"]->result($sql["char"]->query("SELECT COUNT(*) FROM gm_tickets WHERE deleted=0"), 0);
} elseif ($core == 2) {
$all_record_m = $sql["char"]->result($sql["char"]->query("SELECT COUNT(*) FROM character_ticket"), 0);
} else {
$all_record_m = $sql["char"]->result($sql["char"]->query("SELECT COUNT(*) FROM gm_tickets WHERE closedBy=0"), 0);
}
// show gm tickets
$output .= '
<br />';
if ($user_lvl >= $action_permission["insert"]) {
if ($all_record_m) {
$output .= '
<div class="div_lined">
<div class="div_lined_head">
<span>' . lang("index", "tickets") . '</span>
</div>';
if ($core == 1) {
$result = $sql["char"]->query("SELECT ticketid, level, message, name, deleted,\r\n timestamp, gm_tickets.playerGuid, acct\r\n FROM gm_tickets\r\n LEFT JOIN characters ON characters.guid=gm_tickets.playerGuid\r\n ORDER BY ticketid DESC LIMIT " . $start_m . ", 3");
} elseif ($core == 2) {
$result = $sql["char"]->query("SELECT character_ticket.ticket_id AS ticketid, characters.level,\r\n ticket_text AS message, characters.name, UNIX_TIMESTAMP(ticket_lastchange) AS timestamp,\r\n character_ticket.guid AS playerGuid, account AS acct\r\n FROM character_ticket\r\n LEFT JOIN characters ON characters.guid=character_ticket.guid\r\n ORDER BY ticketid DESC LIMIT " . $start_m . ", 3");
} else {
$result = $sql["char"]->query("SELECT gm_tickets.guid AS ticketid, characters.level, message,\r\n gm_tickets.name, closedBy AS deleted, lastModifiedTime AS timestamp, gm_tickets.guid AS playerGuid, account AS acct\r\n FROM gm_tickets\r\n LEFT JOIN characters ON characters.guid=gm_tickets.guid\r\n ORDER BY ticketid DESC LIMIT " . $start_m . ", 3");
}
while ($post = $sql["char"]->fetch_assoc($result)) {
if (!$post["deleted"]) {
if ($core == 1) {
$login_result = $sql["logon"]->query("SELECT * FROM accounts WHERE acct='" . $post["acct"] . "'");
} else {
$login_result = $sql["logon"]->query("SELECT *, username AS login FROM account WHERE id='" . $post["acct"] . "'");
}
$login = $sql["logon"]->fetch_assoc($login_result);
$gm_result = $sql["mgr"]->query("SELECT SecurityLevel FROM config_accounts WHERE Login='******'");
$gm = $sql["mgr"]->fetch_assoc($gm_result);
$gm = $gm["SecurityLevel"];
if ($user_lvl > 0 && ($user_lvl >= gmlevel($gm) || $user_lvl == $action_permission["delete"])) {
$output .= '
<div class="div_lined_line left_text">
<a href="char.php?id=' . $post["playerGuid"] . '">
<span onmousemove="oldtoolTip(\'' . htmlspecialchars($login["username"]) . ' (' . id_get_gm_level($gm) . ')' . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()">' . htmlentities($post["name"], ENT_COMPAT, $site_encoding) . '</span>
</a>
</div>
<div class="div_lined_line left_text">
<span>' . htmlspecialchars($post["message"]) . '</span>
</div>
<div class="div_lined_line right_text">';
}
$output .= '
<span>' . lang("index", "submitted") . ": " . date('G:i:s m-d-Y', $post["timestamp"]) . '</span>';
$output .= '
</div>
<div class="div_lined_line right_text">';
if ($user_lvl >= $action_permission["update"]) {
$output .= '
<a href="ticket.php?action=edit_ticket&error=4&id=' . $post["ticketid"] . '">
<img src="img/edit.png" width="16" height="16" alt="" />
</a>';
}
$output .= '
</div>
<br />';
}
}
$output .= '
</div>';
}
}
// Character Changes
// count pending character changes
$char_change_count = $sql["mgr"]->result($sql["mgr"]->query("SELECT COUNT(*) FROM char_changes"), 0);
// show pending character changes
$output .= '
<br />';
if ($user_lvl >= $action_permission["update"]) {
if ($char_change_count) {
$output .= '
<div class="div_lined">
<div class="div_lined_head">
<span>' . lang("index", "pendingchanges") . '</span>
</div>';
$result = $sql["mgr"]->query("SELECT * FROM char_changes");
while ($change = $sql["mgr"]->fetch_assoc($result)) {
if ($core == 1) {
$change_char_query = "SELECT * FROM characters WHERE guid='" . $change["guid"] . "'";
} else {
$change_char_query = "SELECT *, account AS acct FROM characters WHERE guid='" . $change["guid"] . "'";
}
$change_char = $sql["char"]->fetch_assoc($sql["char"]->query($change_char_query));
if ($core == 1) {
$change_acct_query = "SELECT * FROM accounts WHERE acct='" . $change_char["acct"] . "'";
} else {
$change_acct_query = "SELECT *, username AS login FROM account WHERE id='" . $change_char["acct"] . "'";
}
$change_acct = $sql["logon"]->fetch_assoc($sql["logon"]->query($change_acct_query));
if (isset($change["new_name"])) {
// Localization
$namechange = lang("xname", "playerhasreq");
$namechange = str_replace("%1", htmlspecialchars($change_acct["login"]), $namechange);
$namechange = str_replace("%2", htmlspecialchars($change_char["name"]), $namechange);
$namechange = str_replace("%3", htmlspecialchars($change["new_name"]), $namechange);
$output .= '
<div class="div_lined_line left_text large">
<span>' . $namechange . '</span>';
}
if (isset($change["new_race"])) {
// Localization
$racechange = lang("xrace", "playerhasreq");
$racechange = str_replace("%1", htmlspecialchars($change_acct["login"]), $racechange);
$racechange = str_replace("%2", htmlspecialchars($change_char["name"]), $racechange);
$racechange = str_replace("%3", char_get_race_name($change["new_race"]), $racechange);
$output .= '
<div class="div_lined_line left_text large">
<span>' . $racechange . '</span>';
}
if (isset($change["new_acct"])) {
if ($core == 1) {
$new_acct_query = "SELECT login FROM accounts WHERE acct='" . $change["new_acct"] . "'";
} else {
$new_acct_query = "SELECT username AS login FROM account WHERE id='" . $change["new_acct"] . "'";
}
$new_acct_result = $sql["logon"]->query($new_acct_query);
$new_acct_result = $sql["logon"]->fetch_assoc($new_acct_result);
$new_acct_name = $new_acct_result["login"];
// Localization
$acctchange = lang("xacct", "playerhasreq");
$acctchange = str_replace("%1", htmlspecialchars($change_acct["login"]), $acctchange);
$acctchange = str_replace("%2", htmlspecialchars($change_char["name"]), $acctchange);
$acctchange = str_replace("%3", $new_acct_name, $acctchange);
$output .= '
<div class="div_lined_line left_text large">
<span>' . $acctchange . '</span>';
}
if ($change_char["online"]) {
$output .= '
<br />
<br />
<img src="img/aff_warn.gif" alt="warn" />
<span class="error">' . lang("xname", "online") . '</span>';
}
$output .= '
</div>';
if (isset($change["new_name"])) {
$file = "change_char_name.php";
} elseif (isset($change["new_race"])) {
$file = "change_char_race.php";
} else {
$file = "change_char_account.php";
}
$output .= '
<div class="div_lined_line right_text">
<a href="' . $file . '?action=denied&guid=' . $change["guid"] . '">
<img src="img/cross.png" width="12" height="12" alt="" />
</a>';
if (!$change_char["online"]) {
$output .= '
<a href="' . $file . '?action=approve&guid=' . $change["guid"] . '">
<img src="img/aff_tick.png" width="14" height="14" alt="" />
</a>';
}
$output .= '
</div>
<br />';
}
$output .= '
</div>';
}
}
//print online chars
if ($online && $user_lvl >= $player_online) {
//==========================$_GET and SECURE=================================
$start = isset($_GET["start"]) ? $sql["char"]->quote_smart($_GET["start"]) : 0;
if (!is_numeric($start)) {
$start = 0;
}
$order_by = isset($_GET["order_by"]) ? $sql["char"]->quote_smart($_GET["order_by"]) : "name";
if (!preg_match("/^[_[:lower:]]{1,12}\$/", $order_by)) {
$order_by = "name";
}
$dir = isset($_GET["dir"]) ? $sql["char"]->quote_smart($_GET["dir"]) : 1;
if (!preg_match("/^[01]{1}\$/", $dir)) {
$dir = 1;
}
$order_dir = $dir ? "ASC" : "DESC";
$dir = $dir ? 0 : 1;
//==========================$_GET and SECURE end=============================
if ($order_by === "mapid") {
$order_by = "mapid, zoneid ";
$order_hold = "mapid";
} elseif ($order_by === "zoneid") {
$order_by = "zoneid, mapid ";
$order_hold = "zoneid";
} else {
$order_hold = $order_by;
}
$order_side = "";
if (!($user_lvl || $server[$realm_id]["both_factions"])) {
if ($core == 1) {
$result = $sql["char"]->query("SELECT race FROM characters WHERE acct=" . $user_id . "\r\n AND SUBSTRING_INDEX(SUBSTRING_INDEX(playedtime, ' ', 2), ' ', -1)=(SELECT MAX(SUBSTRING_INDEX(SUBSTRING_INDEX(playedtime, ' ', 2), ' ', -1)) FROM characters WHERE acct=" . $user_id . ") LIMIT 1");
} else {
$result = $sql["char"]->query("SELECT race FROM characters WHERE account=" . $user_id . "\r\n AND totaltime=(SELECT MAX(totaltime) FROM characters WHERE account=" . $user_id . ") LIMIT 1");
}
if ($sql["char"]->num_rows($result)) {
$order_side = in_array($sql["char"]->result($result, 0), array(2, 5, 6, 8, 10)) ? " AND race IN (2, 5, 6, 8, 10) " : " AND race IN (1, 3, 4, 7, 11) ";
}
}
if ($core == 1) {
$result = $sql["char"]->query("SELECT guid, name, race, class, zoneid, mapid, level, characters.acct, gender,\r\n CAST( SUBSTRING_INDEX( SUBSTRING_INDEX( data, ';', " . (PLAYER_FIELD_HONOR_CURRENCY + 1) . " ), ';', -1 ) AS UNSIGNED ) AS highest_rank, lastip\r\n FROM characters\r\n LEFT JOIN `" . $logon_db["name"] . "`.accounts ON characters.acct=`" . $logon_db["name"] . "`.accounts.acct\r\n WHERE characters.online=1 " . $order_side . " ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage);
} elseif ($core == 2) {
$result = $sql["char"]->query("SELECT guid, name, race, class, zone AS zoneid, map AS mapid, level, account AS acct, gender,\r\n totalHonorPoints AS highest_rank, last_ip AS lastip\r\n FROM characters\r\n LEFT JOIN `" . $logon_db["name"] . "`.account ON characters.account=`" . $logon_db["name"] . "`.account.id\r\n WHERE characters.online=1 " . $order_side . " ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage);
} else {
$result = $sql["char"]->query("SELECT characters.guid, characters.name, race, class, zone AS zoneid, map AS mapid, level, account AS acct, gender,\r\n totalHonorPoints AS highest_rank, latency, last_ip AS lastip, guild.name AS gname\r\n FROM characters\r\n LEFT JOIN `" . $logon_db["name"] . "`.account ON characters.account=`" . $logon_db["name"] . "`.account.id\r\n LEFT JOIN guild_member ON characters.guid=guild_member.guid\r\n LEFT JOIN guild ON guild_member.guildid=guild.guildid\r\n WHERE characters.online=1 " . $order_side . " ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage);
}
$total_online = $sql["char"]->result($sql["char"]->query("SELECT count(*) FROM characters WHERE online= 1"), 0);
$output .= '
<div class="div_lined center_text">
<span class="bold">' . lang("index", "tot_users_online") . ': ' . $total_online . '</span>
</div>';
if ($total_online) {
$output .= '
<table class="lined">
<tr>
<td colspan="' . (9 - $showcountryflag) . '" align="right" class="hidden" style="width: 25%;">';
$output .= generate_pagination("index.php?start_m=" . $start_m . "&order_by=" . $order_hold . "&dir=" . ($dir ? 0 : 1), $total_online, $itemperpage, $start);
$output .= '
</td>
</tr>
<tr>
<th style="width: 15%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=name&dir=' . $dir . '"' . ($order_by === "name" ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "name") . '</a>
</th>
<th style="width: 1%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=race&dir=' . $dir . '"' . ($order_by === "race" ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "race") . '</a>
</th>
<th style="width: 1%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=class&dir=' . $dir . '"' . ($order_by === "class" ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "class") . '</a>
</th>
<th style="width: 5%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=level&dir=' . $dir . '"' . ($order_by === "level" ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "level") . '</a>
</th>
<th style="width: 1%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=highest_rank&dir=' . $dir . '"' . ($order_by === "highest_rank" ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "rank") . '</a>
</th>
<th style="width: 15%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=gname&dir=' . $dir . '"' . ($order_by === "gname" ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "guild") . '</a>
</th>
<th style="width: 20%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=mapid&dir=' . $dir . '"' . ($order_by === "mapid, zoneid " ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "map") . '</a>
</th>
<th style="width: 25%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=zoneid&dir=' . $dir . '"' . ($order_by === "zoneid, mapid " ? ' class="' . $order_dir . '"' : '') . '>' . lang("index", "zone") . '</a>
</th>';
if ($core == 1) {
$output .= '
<th style="width: 25%;">
<span>' . lang("index", "area") . '</span>
</th>';
}
// this_is_junk: MaNGOS doesn't store player latency
if ($core != 2) {
if (!$hide_plr_latency) {
// this_is_junk: Trinity is the only core which can sort by Player Latency
if ($core == 3) {
$output .= '
<th style="width: 1%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=latency&dir=' . $dir . '"' . ($order_by === "latency" ? ' class="' . $order_dir . '"' : '') . '>
<img src="img/time.png" onmousemove="oldtoolTip(\'' . lang("index", "latency") . '\',\'old_item_tooltip\')" onmouseout="oldtoolTip()" alt=""' . ($order_by === "latency" ? '' : ' style="position: relative; top: 7px;"') . ' />
</a>
</th>';
} else {
$output .= '
<th style="width: 1%;">
<img src="img/time.png" onmousemove="oldtoolTip(\'' . lang("index", "latency") . '\',\'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" style="position: relative; top: 7px;" />
</th>';
}
}
}
if ($showcountryflag) {
require_once "libs/misc_lib.php";
$output .= '
<th style="width: 1%;">
<a href="index.php?start=' . $start . '&start_m=' . $start_m . '&order_by=lastip&dir=' . $dir . '"' . ($order_by === "lastip" ? ' class="' . $order_dir . '"' : '') . '>
<img src="img/world.png" onmousemove="oldtoolTip(\'' . lang("global", "country") . '\',\'old_item_tooltip\')" onmouseout="oldtoolTip()" alt=""' . ($order_by === "lastip" ? '' : ' style="position: relative; top: 7px;"') . ' />
</a>
</th>';
}
$output .= '
</tr>';
}
while ($char = $sql["char"]->fetch_assoc($result)) {
if ($core == 1) {
$ca_query = "SELECT accounts.login AS name FROM `" . $logon_db["name"] . "`.accounts LEFT JOIN `" . $corem_db["name"] . "`.config_accounts ON accounts.login=`" . $corem_db["name"] . "`.config_accounts.Login COLLATE utf8_unicode_ci WHERE acct='" . $char["acct"] . "'";
} else {
$ca_query = "SELECT *, username AS name FROM `" . $logon_db["name"] . "`.account LEFT JOIN `" . $corem_db["name"] . "`.config_accounts ON account.username=`" . $corem_db["name"] . "`.config_accounts.Login WHERE id='" . $char["acct"] . "'";
}
$ca_result = $sql["mgr"]->query($ca_query);
$char_acct = $sql["mgr"]->fetch_assoc($ca_result);
$gm = $char_acct["SecurityLevel"];
if (!isset($gm)) {
$gm = 0;
}
if ($core == 1) {
$guild_id = $sql["char"]->result($sql["char"]->query("SELECT guildid FROM guild_data WHERE playerid='" . $char["guid"] . "'"), 0);
} else {
$guild_id = $sql["char"]->result($sql["char"]->query("SELECT guildid FROM guild_member WHERE guid='" . $char["guid"] . "'"), 0);
}
if ($core == 1) {
$guild_name_query = "SELECT guildName FROM guilds WHERE guildid='" . $guild_id . "'";
} else {
$guild_name_query = "SELECT name AS guildName FROM guild WHERE guildid='" . $guild_id . "'";
}
$guild_name_result = $sql["char"]->query($guild_name_query);
$guild_name = $sql["char"]->fetch_assoc($guild_name_result);
$guild_name = $guild_name["guildName"];
$output .= '
<tr>
<td>';
if ($user_lvl > 0 && ($user_lvl >= gmlevel($gm) || $user_lvl == $action_permission["delete"])) {
$output .= '
<a href="char.php?id=' . $char["guid"] . '">
<span onmousemove="oldtoolTip(\'' . htmlspecialchars($char_acct["name"]) . ' (' . id_get_gm_level($gm) . ')' . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()">' . htmlentities($char["name"], ENT_COMPAT, $site_encoding) . '</span>
</a>';
} else {
$output .= '
<span>' . htmlentities($char["name"], ENT_COMPAT, $site_encoding) . '</span>';
}
$output .= '
</td>
<td>
<img src="img/c_icons/' . $char["race"] . '-' . $char["gender"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_race_name($char["race"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />
</td>
<td>
<img src="img/c_icons/' . $char["class"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_class_name($char["class"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />
</td>
<td>' . char_get_level_color($char["level"]) . '</td>
<td>
<span onmouseover="oldtoolTip(\'' . char_get_pvp_rank_name($char["highest_rank"], char_get_side_id($char["race"])) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" id="index_delete_cursor"><img src="img/ranks/rank' . char_get_pvp_rank_id($char["highest_rank"], char_get_side_id($char["race"])) . '.gif" alt="" /></span>
</td>
<td>
<a href="guild.php?action=view_guild&error=3&id=' . $guild_id . '">' . htmlentities($guild_name, ENT_COMPAT, $site_encoding) . '</a>
</td>
<td>
<span onmousemove="oldtoolTip(\'MapID:' . $char["mapid"] . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()">' . get_map_name($char["mapid"]) . '</span>
</td>
<td>
<span onmousemove="oldtoolTip(\'ZoneID:' . $char["zoneid"] . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()">' . get_zone_name($char["zoneid"]) . '</span>
</td>';
// display player area, if available
if ($core == 1) {
for ($i = 0; $i < count($stats["plrs_area"]); $i++) {
if ($stats["plrs_area"][$i][0] == $char["name"]) {
$output .= '
<td>
<span onmousemove="toolTip(\'AreaID:' . $stats["plrs_area"][$i][1] . '\', \'item_tooltip\')" onmouseout="toolTip()">' . get_zone_name($stats["plrs_area"][$i][1]) . '</span>
</td>';
}
if (!isset($stats["plrs_lat"][$i][1])) {
$output .= '
<td>-</td>';
}
}
}
// display player latency, if enabled, and if available
if (!$hide_plr_latency) {
if ($core == 1) {
for ($i = 0; $i < count($stats["plrs_lat"]); $i++) {
if ($stats["plrs_lat"][$i][0] == $char["name"]) {
$output .= '
<td>' . $stats["plrs_lat"][$i][1] . '</td>';
}
if (!isset($stats["plrs_lat"][$i][1])) {
$output .= '
<td>-</td>';
}
}
} else {
// this_is_junk: MaNGOS doesn't store player latency
if ($core == 3) {
$output .= '
<td>' . $char["latency"] . '</td>';
}
}
}
if ($showcountryflag) {
$country = misc_get_country_by_ip($char["lastip"]);
$output .= '
<td>' . ($country["code"] ? '<img src="img/flags/' . $country["code"] . '.png" onmousemove="oldtoolTip(\'' . $country["country"] . ($user_lvl >= $action_permission["update"] ? '<br />' . $country["actualip"] : '') . '\',\'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />' : '-') . '</td>';
}
$output .= '
</tr>';
}
if ($total_online) {
$output .= '
<tr>';
$output .= '
<td colspan="' . (9 - $showcountryflag) . '" align="right" class="hidden" style="width: 25%;">';
$output .= generate_pagination("index.php?start_m=" . $start_m . "&order_by=" . $order_by . "&dir=" . ($dir ? 0 : 1), $total_online, $itemperpage, $start);
$output .= '
</td>
</tr>
</table>';
}
$output .= '
<br />';
unset($total_online);
}
}
function browse_users()
{
global $output, $realm_id, $corem_db, $logon_db, $corem_db, $characters_db, $action_permission, $user_lvl, $user_name, $itemperpage, $showcountryflag, $expansion_select, $timezone_offset, $sql, $core;
//-------------------SQL Injection Prevention--------------------------------
$start = isset($_GET["start"]) ? $sql["logon"]->quote_smart($_GET["start"]) : 0;
if (!is_numeric($start)) {
$start = 0;
}
$order_by = isset($_GET["order_by"]) ? $sql["logon"]->quote_smart($_GET["order_by"]) : "acct";
if (!preg_match('/^[_[:lower:]]{1,15}$/', $order_by)) {
$order_by = "acct";
}
$dir = isset($_GET["dir"]) ? $sql["logon"]->quote_smart($_GET["dir"]) : 1;
if (!preg_match('/^[01]{1}$/', $dir)) {
$dir = 1;
}
$order_dir = $dir ? "ASC" : "DESC";
$dir = $dir ? 0 : 1;
// temporary default
$show_chars = isset($_GET["show_chars"]) ? $sql["logon"]->quote_smart($_GET["show_chars"]) : 0;
//-------------------Search--------------------------------------------------
$search_by = '';
$search_value = '';
// build the list of Search Types (varies by core)
if ($core == 1) {
$search_menu = array(array("login", "by_name"), array("acct", "by_id"), array("gm", "by_gm_level"), array("greater_gmlevel", "greater_gm_level"), array("email", "by_email"), array("lastip", "by_ip"), array("gt_lastlogin", "by_gt_last_login"), array("lt_lastlogin", "by_lt_last_login"), array("banned", "by_banned"), array("muted", "by_muted"), array("expansion", "by_expansion"));
} elseif ($core == 2) {
$search_menu = array(array('username', 'by_name'), array('id', 'by_id'), array('gmlevel', 'by_gm_level'), array('greater_gmlevel', 'greater_gm_level'), array('email', 'by_email'), array('last_ip', 'by_ip'), array('gt_last_login', 'by_gt_last_login'), array('lt_last_login', 'by_lt_last_login'), array('banned', 'by_banned'), array('locked', 'by_locked'), array('expansion', 'by_expansion'));
} else {
$search_menu = array(array('username', 'by_name'), array('account.id', 'by_id'), array('gmlevel', 'by_gm_level'), array('greater_gmlevel', 'greater_gm_level'), array('email', 'by_email'), array('last_ip', 'by_ip'), array('gt_last_login', 'by_gt_last_login'), array('lt_last_login', 'by_lt_last_login'), array('banned', 'by_banned'), array('locked', 'by_locked'), array('expansion', 'by_expansion'));
}
// if we have a search request, if not we just return everything
if (isset($_GET["search_value"]) && isset($_GET["search_by"])) {
// injection prevention
$search_value = $sql["logon"]->quote_smart($_GET["search_value"]);
$search_by = $sql["logon"]->quote_smart($_GET["search_by"]);
// special search cases
// developer note: 'if else' is always faster then 'switch case'
if ($search_by === "greater_gmlevel") {
//TODO
if ($core == 1) {
$sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags\r\n FROM accounts WHERE gm>'%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE gm>'%" . $search_value . "%'");
} elseif ($core == 2) {
$sql_query = "SELECT account.id AS acct, username AS login, gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE gmlevel>'%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*)\r\n FROM account WHERE gmlevel>'%" . $search_value . "%'");
} else {
$sql_query = "SELECT account.id AS acct, username AS login, gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE gmlevel>'%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*)\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE gmlevel>'%" . $search_value . "%'");
}
} elseif ($search_by === "gmlevel") {
if ($core == 1) {
$sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags\r\n FROM accounts WHERE gm='" . $search_value . "' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE gm='" . $search_value . "'");
} elseif ($core == 2) {
$sql_query = "SELECT account.id AS acct, username AS login, gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE gmlevel='" . $search_value . "' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE gmlevel='" . $search_value . "'");
} else {
$sql_query = "SELECT account.id AS acct, username AS login, account_access.gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE account_access.gmlevel='" . $search_value . "' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*)\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(account_access.gmlevel, 0)='" . $search_value . "'");
}
} elseif ($search_by === "banned") {
if ($core == 1) {
$sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE banned<>0";
$count_query = "SELECT COUNT(*) FROM accounts";
$que = $sql["logon"]->query("SELECT acct FROM accounts WHERE banned<>0");
} elseif ($core == 2) {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE unbandate>UNIX_TIMESTAMP()";
$count_query = "SELECT COUNT(*) FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()";
$que = $sql["logon"]->query("SELECT id AS acct FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()");
} else {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE unbandate>UNIX_TIMESTAMP()";
$count_query = "SELECT COUNT(*) FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()";
$que = $sql["logon"]->query("SELECT id AS acct FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()");
}
while ($banned = $sql["logon"]->fetch_assoc($que)) {
if ($core == 1) {
$sql_query .= " OR acct='" . $banned["acct"] . "'";
$count_query .= "OR acct='" . $banned["acct"] . "'";
} else {
$sql_query .= " OR account.id='" . $banned["acct"] . "'";
$count_query .= " OR account_banned.id='" . $banned["acct"] . "'";
}
}
$sql_query .= " ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query($count_query);
unset($count_query);
} elseif ($search_by == "gt_last_login" || $search_by == "gt_lastlogin") {
if ($core == 1) {
$sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))");
} elseif ($core == 2) {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE UNIX_TIMESTAMP(last_login)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))");
} else {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE last_login>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))");
}
} elseif ($search_by == "lt_last_login" || $search_by == "lt_lastlogin") {
if ($core == 1) {
$sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))");
} elseif ($core == 2) {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))");
} else {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))");
}
} else {
// default search case
if ($core == 1) {
$sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE " . $search_by . " LIKE '%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE " . $search_by . " LIKE '%" . $search_value . "%'");
} elseif ($core == 2) {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE " . $search_by . " LIKE '%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE " . $search_by . " LIKE '%" . $search_value . "%'");
} else {
$sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE " . $search_by . " LIKE '%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage;
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE " . $search_by . " LIKE '%" . $search_value . "%'");
}
}
$query = $sql["logon"]->query($sql_query);
} else {
// get total number of items
if ($core == 1) {
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts");
$query = $sql["logon"]->query("SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage);
} elseif ($core == 2) {
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account");
$query = $sql["logon"]->query("SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage);
} else {
$query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account");
$query = $sql["logon"]->query("SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage);
}
}
// this is for multipage support
$all_record = $sql["logon"]->result($query_1, 0);
unset($query_1);
// a little XSS prevention
$search_value = htmlspecialchars($search_value);
$search_by = htmlspecialchars($search_by);
//==========================top tage navigaion starts here========================
// we start with a lead of 10 spaces,
// because last line of header is an opening tag with 8 spaces
// keep html indent in sync, so debuging from browser source would be easy to read
$output .= '
<!-- start of user.php -->
<script type="text/javascript" src="libs/js/check.js"></script>
<table class="top_hidden">
<tr>
<td>';
if ($user_lvl >= $action_permission["insert"]) {
makebutton(lang("user", "add_acc"), 'user.php?action=add_new', 130);
// backup is broken
// makebutton($lang_user["backup"], 'backup.php', 130);
}
// cleanup unknown working condition
//if($user_lvl >= $action_permission["delete"])
// makebutton($lang_user["cleanup"], 'cleanup.php', 130);
makebutton(lang("global", "back"), 'javascript:window.history.back()', 130);
if ($search_by && $search_value) {
makebutton(lang("user", "user_list"), 'user.php', 130);
}
$output .= '
</td>
<td align="right" style="width: 25%;" rowspan="2">';
// multi page links
$output .= lang("user", "tot_acc") . ' : ' . $all_record . '<br /><br />' . generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start);
// this part for search
$output .= '
</td>
</tr>
<tr align="left">
<td>
<table class="hidden">
<tr>
<td>
<form action="user.php" method="get" id="form">
<div>
<input type="hidden" name="error" value="3" />
<input type="text" size="24" maxlength="50" name="search_value" value="' . $search_value . '" />
<select name="search_by">';
foreach ($search_menu as $row) {
$output .= '
<option value="' . $row[0] . '"' . ($search_by === $row[0] ? ' selected="selected"' : '') . '>' . lang("user", $row[1]) . '</option>';
}
$output .= '
</select>
</div>
</form>
</td>
<td>';
makebutton(lang("global", "search"), 'javascript:do_submit()', 80);
$output .= '
</td>
</tr>
</table>
</td>
</tr>
</table>';
//==========================top tage navigaion ENDS here ========================
$output .= '
<form method="get" action="user.php" id="form1">
<div>
<input type="hidden" name="action" value="del_user" />
<input type="hidden" name="start" value="' . $start . '" />
<input type="hidden" name="backup_op" value="0"/>
</div>
<table class="lined">
<tr>
<td colspan="8" align="left" class="hidden">';
if ($user_lvl >= $action_permission["delete"]) {
makebutton(lang("user", "del_selected_users"), 'javascript:do_submit(\'form1\',0)" type="wrn', 230);
}
$output .= '
</td>
</tr>
<tr>';
// column headers, with links for sorting
// first column is the selection check box
if ($user_lvl >= $action_permission["insert"]) {
$output .= '
<th style="width: 1%;">
<input name="allbox" type="checkbox" value="Check All" onclick="CheckAll(document.getElementById(\'form1\'));" />
</th>';
} else {
$output .= '
<th style="width: 1%;"></th>';
}
//expander symbol
$output .= '
<th style="width: 1%;"></th>';
$output .= '
<th style="width: 1%;"><a href="user.php?order_by=acct&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'acct' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "acct") . '</a></th>
<th style="width: 1%;"><a href="user.php?order_by=login&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'login' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "login") . '</a></th>
<th style="width: 1%;">' . lang("user", "screenname") . '</th>
<th style="width: 1%;"><a href="user.php?order_by=gm&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'gm' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "gm_level") . '</a></th>
<th style="width: 1%;">' . lang("user", "sec_level") . '</th>';
if ($expansion_select) {
$output .= '
<th style="width: 1%;"><a href="user.php?order_by=flags&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'flags' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "expansion_short") . '</a></th>';
}
$output .= '
<th style="width: 1%;"><a href="user.php?order_by=email&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'email' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "email") . '</a></th>
<!-- <th style="width: 1%;"><a href="user.php?order_by=joindate&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'joindate' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "join_date") . '</a></th> -->
<th style="width: 1%;"><a href="user.php?order_by=lastip&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'lastip' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "ip") . '</a></th>
<th style="width: 1%;">' . lang("user", "char_count") . '</th>';
if ($core == 1) {
$output .= '
<th style="width: 1%;"><a href="user.php?order_by=muted&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'muted' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "muted") . '</a></th>';
} else {
$output .= '
<th style="width: 1%;"><a href="user.php?order_by=muted&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'muted' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "locked") . '</a></th>';
}
$output .= '
<th style="width: 1%;"><a href="user.php?order_by=lastlogin&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'lastlogin' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "last_login") . '</a></th>
<th style="width: 1%;">' . lang("user", "online") . '</th>';
if ($showcountryflag) {
require_once "libs/misc_lib.php";
$output .= '
<th style="width: 1%;">' . lang("global", "country") . '</th>';
}
$output .= '
<th style="width: 1%;">' . lang("user", "banned") . '</th>
</tr>';
//---------------Page Specific Data Starts Here--------------------------
while ($data = $sql["logon"]->fetch_assoc($query)) {
// get screen name for each account
$sn_query = "SELECT *, SecurityLevel AS sec_lvl FROM config_accounts WHERE Login='******'";
$sn_result = $sql["mgr"]->query($sn_query);
$screenname = $sql["mgr"]->fetch_assoc($sn_result);
if ($screenname["sec_lvl"] >= 1073741824) {
$screenname["sec_lvl"] -= 1073741824;
}
// if the user doesn't have a value in their SecurityLevel field,
// assume it's Player (ZERO)
if (!isset($screenname["sec_lvl"])) {
$screenname["sec_lvl"] = 0;
}
// clear character count from previous account
$char_count = 0;
// in case we're displaying the user's characters
$char_list = array();
$realm_list = array();
foreach ($characters_db as $db) {
$sqlt = new SQL();
$sqlt->connect($db["addr"], $db["user"], $db["pass"], $db["name"], $db["encoding"]);
if ($core == 1) {
$char_query = "SELECT COUNT(*) FROM characters WHERE acct='" . $data["acct"] . "'";
} else {
$char_query = "SELECT COUNT(*) FROM characters WHERE account='" . $data["acct"] . "'";
}
$char_result = $sqlt->query($char_query);
$char_count_fields = $sqlt->fetch_assoc($char_result);
$char_count += $char_count_fields["COUNT(*)"];
// if we need to, build the character list
if ($data["acct"] == $show_chars) {
$realm_char_list = array();
// store the realm id for later
$realm_list[] = $db["id"];
if ($core == 1) {
$char_query = "SELECT guid FROM characters WHERE acct='" . $data["acct"] . "' ORDER BY guid ASC";
} else {
$char_query = "SELECT guid FROM characters WHERE account='" . $data["acct"] . "' ORDER BY guid ASC";
}
$char_result = $sqlt->query($char_query);
while ($row = $sqlt->fetch_assoc($char_result)) {
$realm_char_list[] = $row["guid"];
}
$char_list[] = $realm_char_list;
}
}
$output .= '
<tr>';
if ($user_lvl >= $action_permission["insert"]) {
$output .= '
<td><input type="checkbox" name="check[]" value="' . $data["acct"] . '" onclick="CheckCheckAll(document.getElementById(\'form1\'));" /></td>';
} else {
$output .= '
<td>*</td>';
}
// show character expander symbol
if ($show_chars == 0 || $show_chars != $data["acct"]) {
$output .= '
<td>
<a href="user.php?order_by=' . $order_by . '&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . ($dir ? 0 : 1) . '&show_chars=' . $data["acct"] . '">+</a>
</td>';
} else {
$output .= '
<td>
<a href="user.php?order_by=' . $order_by . '&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . ($dir ? 0 : 1) . '&show_chars=0">–</a>
</td>';
}
if ($user_lvl >= $action_permission["insert"] || $user_name == $data["login"]) {
$output .= '
<td>' . $data["acct"] . '</td>
<td>
<a href="user.php?action=edit_user&error=11&acct=' . $data["acct"] . '">' . $data["login"] . '</a>
</td>';
} else {
$output .= '
<td>***</td>
<td>*****</td>';
}
$temp_screenname = $screenname["ScreenName"];
if ($temp_screenname == '' || $temp_screenname == NULL) {
$temp_screenname = "-";
}
if ($user_lvl >= $action_permission["view"] || $user_name == $data["login"]) {
$output .= '
<td>
<a href="user.php?action=edit_user&error=11&acct=' . $data["acct"] . '">' . $temp_screenname . '</a>
</td>';
} else {
$output .= '
<td>*****</td>';
}
$output .= '
<td>' . $data["gm"] . '</td>';
$output .= '
<td>' . gmlevel_short($screenname["sec_lvl"]) . '</td>';
if ($expansion_select) {
$exp_lvl_arr = id_get_exp_lvl();
$output .= '
<td>' . $exp_lvl_arr[$data["flags"]][2] . '</td>';
unset($exp_lvl_arr);
}
if ($user_lvl >= $action_permission["update"] || $user_name === $data["login"]) {
$output .= '
<td>' . ($data["email"] ? '<a href="mailto:' . $data["email"] . '">' . substr($data["email"], 0, 15) . '</a>' : '-') . '</td>';
} else {
$output .= '
<td>***@***.***</td>';
}
if ($user_lvl >= $action_permission["update"] || $user_name === $data["login"]) {
$output .= '
<td>' . $data["lastip"] . '</td>';
} else {
$output .= '
<td>*******</td>';
}
$output .= '
<td>' . $char_count . '</td>';
$o_temp = 0;
foreach ($characters_db as $db) {
$sqlt = new SQL();
$sqlt->connect($db["addr"], $db["user"], $db["pass"], $db["name"], $db["encoding"]);
if ($core == 1) {
$sql_c_query = "SELECT SUM(online) FROM characters WHERE acct = '" . $data["acct"] . "'";
} else {
$sql_c_query = "SELECT SUM(online) FROM characters WHERE account = '" . $data["acct"] . "'";
}
$c_query = $sqlt->query($sql_c_query);
$c_result = $sqlt->fetch_row($c_query);
$o_temp += $c_result[0];
}
$time_offset = $timezone_offset * 3600;
if ($data["lastlogin"] != 0) {
$lastlog = date("F j, Y @ Hi", $data["lastlogin"] + $time_offset);
} else {
$lastlog = '-';
}
$output .= '
<td>' . ($data["muted"] ? '<img src="img/lock.png" />' : '-') . '</td>
<td class="small">' . $lastlog . '</td>
<td>' . ($o_temp != 0 ? '<img src="img/up.gif" alt="" />' : '<img src="img/down.gif" alt="" />') . '</td>';
if ($showcountryflag) {
$country = misc_get_country_by_ip($data["lastip"]);
$output .= '
<td>' . ($country["code"] ? '<img src="img/flags/' . $country["code"] . '.png" onmousemove="oldtoolTip(\'' . $country["country"] . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />' : '-') . '</td>';
}
if ($core == 1) {
if (time() < $data["banned"]) {
$output .= '
<td><img src="img/flag_red.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_active") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>';
} elseif (time() > $data["banned"] && $data["banned"] != 0) {
$output .= '
<td><img src="img/flag_green.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_expired") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>';
} else {
$output .= '
<td>-</td>';
}
} else {
if ($data["active"]) {
if (time() < $data["banned"]) {
$output .= '
<td><img src="img/flag_red.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_active") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>';
} else {
$output .= '
<td><img src="img/flag_blue.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_active_expired") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>';
}
} else {
if (time() < $data["banned"]) {
$output .= '
<td><img src="img/flag_green.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_inactive") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>';
} else {
$output .= '
<td>-</td>';
}
}
}
$output .= '
</tr>';
// if we're going to, show characters owned by this account (all realms)
if ($data["acct"] == $show_chars) {
$output .= '
<tr>
<td colspan="3"> </td>
<td colspan="';
if ($expansion_select || $showcountryflag) {
if ($expansion_select && $showcountryflag) {
$output .= '13';
} else {
$output .= '12';
}
} else {
$output .= '11';
}
$output .= '">
<table class="hidden">';
for ($i = 0; $i < count($char_list); $i++) {
$realm_chars = $char_list[$i];
$cur_realm = $realm_list[$i];
$realm_name_query = "SELECT * FROM config_servers WHERE `Index`='" . $cur_realm . "'";
$realm_name_result = $sql["mgr"]->query($realm_name_query);
$realm_name_result = $sql["mgr"]->fetch_assoc($realm_name_result);
$cur_realm_name = $realm_name_result["Name"];
$sqlt = new SQL();
$sqlt->connect($characters_db[$cur_realm]["addr"], $characters_db[$cur_realm]["user"], $characters_db[$cur_realm]["pass"], $characters_db[$cur_realm]["name"], $characters_db[$cur_realm]["encoding"]);
$output .= '
<tr>
<td align="left">' . $cur_realm_name . '</td>
</tr>';
foreach ($realm_chars as $row) {
$row_name_query = "SELECT * FROM characters WHERE guid='" . $row . "'";
$row_name_result = $sqlt->query($row_name_query);
$row_name_result = $sqlt->fetch_assoc($row_name_result);
$output .= '
<tr>
<td align="left">
<a href="char.php?id=' . $row . '&realm=' . $cur_realm . '">' . $row_name_result["name"] . '</a> - <img src="img/c_icons/' . $row_name_result["race"] . '-' . $row_name_result["gender"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_race_name($row_name_result["race"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />
<img src="img/c_icons/' . $row_name_result["class"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_class_name($row_name_result["class"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt=""/> - ' . lang("char", "level_short") . char_get_level_color($row_name_result["level"]) . '
</td>
</tr>';
}
}
$output .= '
</table>
</td>
</tr>';
}
/*else
{
$output .= '
<tr>
<td>*</td><td>***</td><td>You</td><td>Have</td><td>No</td>
<td class=\"small\">Permission</td><td>to</td><td>View</td><td>this</td><td>Data</td><td>***</td>';
if ( $expansion_select )
$output .= '
<td>*</td>';
if ( $showcountryflag )
$output .= '
<td>*</td>';
$output .= '
</tr>';
}*/
}
$output .= '
<tr>
<td colspan="';
if ($expansion_select || $showcountryflag) {
if ($expansion_select && $showcountryflag) {
$output .= '16';
} else {
$output .= '15';
}
} else {
$output .= '14';
}
$output .= '" class="hidden" align="right" style="width: 25%;">';
$output .= generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start);
$output .= '
</td>
</tr>
<tr>
<td colspan="8" align="left" class="hidden">';
if ($user_lvl >= $action_permission["delete"]) {
makebutton(lang("user", "del_selected_users"), 'javascript:do_submit(\'form1\',0)" type="wrn', 230);
}
// backup is broken
//if($user_lvl >= $action_permission["insert"])
// makebutton($lang_user["backup_selected_users"], 'javascript:do_submit(\'form1\',1)',230);
$output .= '
</td>
<td colspan="';
if ($expansion_select || $showcountryflag) {
if ($expansion_select && $showcountryflag) {
$output .= '5';
} else {
$output .= '4';
}
} else {
$output .= '3';
}
$output .= '" align="right" class="hidden">' . lang("user", "tot_acc") . ' : ' . $all_record . '</td>
</tr>
</table>
</form>
<br />
<!-- end of user.php -->';
}
function edit_user()
{
global $lang_global, $lang_user, $output, $realm_db, $characters_db, $realm_id, $mmfpm_db, $user_lvl, $user_name, $gm_level_arr, $action_permission, $expansion_select, $developer_test_mode, $multi_realm_mode, $server, $showcountryflag, $enable_soap;
$online_pq = "online";
if ($showcountryflag) {
require_once 'libs/misc_lib.php';
}
if (empty($_GET['id'])) {
redirect("user.php?error=10");
}
$sqlr = new SQL();
$sqlr->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
$sqlm = new SQL();
$sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']);
$sqlc = new SQL();
$sqlc->connect($characters_db[$realm_id]['addr'], $characters_db[$realm_id]['user'], $characters_db[$realm_id]['pass'], $characters_db[$realm_id]['name']);
$id = $sqlr->quote_smart($_GET['id']);
$result = $sqlr->query("SELECT IFNULL(`account_access`.`gmlevel`,0) as `gmlevel`, `account`.* FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE account.id = '{$id}'");
$data = $sqlr->fetch_assoc($result);
$refguid = $sqlm->fetch_assoc($sqlm->query('SELECT InvitedBy FROM mm_point_system_invites WHERE PlayersAccount = ' . $data['id'] . ''));
$refguid = $refguid['InvitedBy'];
$referred_by = $sqlc->fetch_assoc($sqlc->query("SELECT name FROM characters WHERE guid = '{$refguid}'"));
unset($refguid);
$referred_by = $referred_by['name'];
if ($sqlr->num_rows($result)) {
$output .= '
<center>
<script type="text/javascript" src="libs/js/sha1.js"></script>
<script type="text/javascript">
// <![CDATA[
function do_submit_data ()
{
if ((document.form.username.value != "' . $data['username'] . '") && (document.form.new_pass.value == "******"))
{
alert("If you are changing Username, The password must be changed too.");
return;
}
else
{
document.form.pass.value = hex_sha1(document.form.username.value.toUpperCase()+":"+document.form.new_pass.value.toUpperCase());
document.form.new_pass.value = "0";
do_submit();
}
}
// ]]>
</script>
<fieldset style="width: 550px;">
<legend>' . $lang_user['edit_acc'] . '</legend>
<form method="post" action="user.php?action=doedit_user" name="form">
<input type="hidden" name="pass" value="" maxlength="256" />
<input type="hidden" name="id" value="' . $id . '" />
<table class="flat">
<tr>
<td>' . $lang_user['id'] . '</td>
<td>' . $data['id'] . '</td>
</tr>
<tr>
<td>' . $lang_user['username'] . '</td>';
if ($user_lvl >= $action_permission['update']) {
$output .= '
<td><input type="text" name="username" size="42" maxlength="15" value="' . $data['username'] . '" /></td>';
} else {
$output .= '
<td>' . $data['username'] . '</td>';
}
$output .= '
</tr>
<tr>
<td>' . $lang_user['password'] . '</td>';
if ($user_lvl >= $action_permission['update']) {
$output .= "\r\n <td><input type=\"text\" name=\"new_pass\" size=\"42\" maxlength=\"40\" value=\"******\" /></td>";
} else {
$output .= "\r\n <td>********</td>";
}
$output .= "\r\n </tr>\r\n <tr>\r\n <td>{$lang_user['email']}</td>";
if ($user_lvl >= $action_permission['update']) {
$output .= '
<td><input type="text" name="mail" size="42" maxlength="225" value="' . $data['email'] . '" /></td>';
} else {
$output .= "\r\n <td>***@***.***</td>";
}
$output .= "\r\n </tr>\r\n <tr>\r\n <td>{$lang_user['invited_by']}:</td>\r\n <td>";
if ($user_lvl >= $action_permission['update'] && !$referred_by != NULL) {
$output .= "\r\n <input type=\"text\" name=\"referredby\" size=\"42\" maxlength=\"12\" value=\"{$referred_by}\" />";
} else {
$output .= "\r\n {$referred_by}";
}
$output .= "\r\n </td>\r\n </tr>\r\n <tr>\r\n <td>{$lang_user['gm_level_long']}</td>";
if ($user_lvl >= $action_permission['update']) {
$output .= "\r\n <td>\r\n <select name=\"gmlevel\">";
foreach ($gm_level_arr as $level) {
if ($level[0] > -1 && $level[0] < $user_lvl) {
$output .= "\r\n <option value=\"{$level[0]}\" ";
if ($data['gmlevel'] == $level[0]) {
$output .= "selected=\"selected\" ";
}
$output .= ">{$level[1]}</option>";
}
}
$output .= "\r\n </select>\r\n </td>";
} else {
$output .= '
<td>' . id_get_gm_level($data['gmlevel']) . ' ( ' . $data['gmlevel'] . ' )</td>';
}
$output .= '
</tr>
<tr>
<td>' . $lang_user['join_date'] . '</td>
<td>' . $data['joindate'] . '</td>
</tr>
<tr>
<td>' . $lang_user['last_ip'] . '</td>';
if ($user_lvl >= $action_permission['update']) {
$output .= '
<td>' . $data['last_ip'] . '';
if ($showcountryflag) {
$country = misc_get_country_by_ip($data['last_ip'], $sqlm);
$output .= '
' . ($country['code'] ? '<img src="img/flags/' . $country['code'] . '.png" onmousemove="toolTip(\'' . $country['country'] . '\', \'item_tooltip\')" onmouseout="toolTip()" alt="" />' : '-') . '';
}
$output .= ' <a href="banned.php?action=do_add_entry&entry=' . $data['last_ip'] . '&bantime=3600&ban_type=ip_banned"> <- ' . $lang_user['ban_this_ip'] . '</a> | <a href="user.php?error=3&search_value=' . $data['last_ip'] . '&search_by=last_ip">' . $lang_user['search_this_ip'] . '</a></td>';
} else {
$output .= "\r\n <td>***.***.***.***";
if ($showcountryflag) {
$country = misc_get_country_by_ip($data['last_ip'], $sqlm);
$output .= '
' . ($country['code'] ? '<img src="img/flags/' . $country['code'] . '.png" onmousemove="toolTip(\'' . $country['country'] . '\', \'item_tooltip\')" onmouseout="toolTip()" alt="" />' : '-') . '';
}
$output .= " </td>";
}
$output .= "\r\n </tr>\r\n <tr>\r\n <td>{$lang_user['banned']}</td>";
$que = $sqlr->query("SELECT bandate, unbandate, bannedby, banreason FROM account_banned WHERE id = {$id}");
if ($sqlr->num_rows($que)) {
$banned = $sqlr->fetch_row($que);
$ban_info = " From:" . date('d-m-Y G:i', $banned[0]) . " till:" . date('d-m-Y G:i', $banned[1]) . "<br />by {$banned['2']}";
$ban_checked = " checked=\"checked\"";
} else {
$ban_checked = "";
$ban_info = "";
$banned[3] = "";
}
if ($user_lvl >= $action_permission['update']) {
$output .= "\r\n <td><input type=\"checkbox\" name=\"banned\" value=\"1\" {$ban_checked}/>{$ban_info}</td>";
} else {
$output .= "\r\n <td>{$ban_info}</td>";
}
$output .= "\r\n </tr>\r\n <tr>\r\n <td>{$lang_user['banned_reason']}</td>";
if ($user_lvl >= $action_permission['update']) {
$output .= "\r\n <td><input type=\"text\" name=\"banreason\" size=\"42\" maxlength=\"255\" value=\"{$banned['3']}\" /></td>";
} else {
$output .= "\r\n <td>{$banned['3']}</td>";
}
if ($expansion_select) {
$output .= "\r\n </tr>\r\n <tr>";
if ($user_lvl >= $action_permission['update']) {
$output .= "\r\n <td>{$lang_user['client_type']}</td>";
$output .= "\r\n <td>\r\n <select name=\"expansion\">";
$output .= "\r\n <option value=\"0\">{$lang_user['classic']}</option>\r\n <option value=\"1\" ";
if ($data['expansion'] == 1) {
$output .= "selected=\"selected\" ";
}
$output .= ">{$lang_user['tbc']}</option>\r\n <option value=\"2\" ";
if ($data['expansion'] == 2) {
$output .= "selected=\"selected\" ";
}
$output .= ">{$lang_user['wotlk']}</option>\r\n </select>\r\n </td>";
} else {
$output .= "\r\n <td>{$lang_user['classic']}</td>";
}
}
$output .= "\r\n </tr>\r\n <tr>\r\n <td>{$lang_user['failed_logins_long']}</td>";
if ($user_lvl >= $action_permission['update']) {
$output .= '
<td><input type="text" name="failed" size="42" maxlength="3" value="' . $data['failed_logins'] . '" /></td>';
} else {
$output .= '
<td>' . $data['failed_logins'] . '</td>';
}
$output .= "\r\n </tr>\r\n <tr>\r\n <td>{$lang_user['locked']}</td>";
$lock_checked = $data['locked'] ? " checked=\"checked\"" : "";
if ($user_lvl >= $action_permission['update']) {
$output .= "\r\n <td><input type=\"checkbox\" name=\"locked\" value=\"1\" {$lock_checked}/></td>";
} else {
$output .= "\r\n <td></td>";
}
$output .= '
</tr>
<tr>
<td>' . $lang_user['last_login'] . '</td>
<td>' . $data['last_login'] . '</td>
</tr>
<tr>
<td>' . $lang_user['online'] . '</td>';
$output .= "\r\n <td>" . ($data['online'] ? $lang_global['yes'] : $lang_global['no']) . "</td>\r\n </tr>";
$query = $sqlr->query("SELECT SUM(numchars) FROM realmcharacters WHERE acctid = '{$id}'");
$tot_chars = $sqlr->result($query, 0);
$query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = {$id}");
$chars_on_realm = $sqlc->result($query, 0);
$output .= "\r\n <tr>\r\n <td>{$lang_user['tot_chars']}</td>\r\n <td>{$tot_chars}</td>\r\n </tr>";
$realms = $sqlr->query("SELECT id, name FROM realmlist");
if ($developer_test_mode && $multi_realm_mode && ($sqlr->num_rows($realms) > 1 && count($server) > 1 && count($characters_db) > 1)) {
require_once "scripts/get_lib.php";
while ($realm = $sqlr->fetch_array($realms)) {
$sqlc->connect($characters_db[$realm[0]]['addr'], $characters_db[$realm[0]]['user'], $characters_db[$realm[0]]['pass'], $characters_db[$realm[0]]['name']);
$query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = {$id}");
$chars_on_realm = $sqlc->result($query, 0);
$output .= "\r\n <tr>\r\n <td>{$lang_user['chars_on_realm']} " . get_realm_name($realm[0]) . "</td>\r\n <td>{$chars_on_realm}</td>\r\n </tr>";
if ($chars_on_realm) {
$char_array = $sqlc->query("SELECT guid, name, race, class, level, gender FROM `characters` WHERE account = {$id}");
while ($char = $sqlc->fetch_array($char_array)) {
$output .= "\r\n <tr>\r\n <td> ---></td>\r\n <td>\r\n <a href=\"char.php?id={$char['0']}&realm={$realm['0']}\">{$char['1']} - <img src='img/c_icons/{$char[2]}-{$char[5]}.gif' onmousemove='toolTip(\"" . char_get_race_name($char[2]) . "\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\" />\r\n <img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"" . char_get_class_name($char[3]) . "\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\"/> - lvl " . char_get_level_color($char[4]) . "</a>";
if ($enable_soap == 1) {
$output .= " <br /> <br />\r\n ---><a href=\"user.php?action=soap_command&cmd=rename&char={$char['1']}&id={$id}\">Rename</a><br />\r\n ---><a href=\"user.php?action=soap_command&cmd=changefaction&char={$char['1']}&id={$id}\">Change Faction</a><br />\r\n ---><a href=\"user.php?action=soap_command&cmd=changerace&char={$char['1']}&id={$id}\">Change Race</a><br />\r\n ---><a href=\"user.php?action=soap_command&cmd=customize&char={$char['1']}&id={$id}\">Character Customize</a><br />";
}
$output .= " </td>\r\n </tr>";
}
}
}
} else {
$query = $sqlc->query("SELECT count(*) FROM `characters` WHERE account = {$id}");
$chars_on_realm = $sqlc->result($query, 0);
$output .= "\r\n <tr>\r\n <td>{$lang_user['chars_on_realm']}</td>\r\n <td>{$chars_on_realm}</td>\r\n </tr>";
if ($chars_on_realm) {
$char_array = $sqlc->query("SELECT guid,name,race,class, level, gender FROM `characters` WHERE account = {$id}");
while ($char = $sqlc->fetch_array($char_array)) {
$output .= "\r\n <tr>\r\n <td> ---></td>\r\n <td>\r\n <a href=\"char.php?id={$char['0']}\">{$char['1']} - <img src='img/c_icons/{$char[2]}-{$char[5]}.gif' onmousemove='toolTip(\"" . char_get_race_name($char[2]) . "\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\" />\r\n <img src='img/c_icons/{$char[3]}.gif' onmousemove='toolTip(\"" . char_get_class_name($char[3]) . "\",\"item_tooltip\")' onmouseout='toolTip()' alt=\"\"/> - lvl " . char_get_level_color($char[4]) . "</a>";
if ($enable_soap == 1) {
$output .= " <br /> <br />\r\n ---><a href=\"user.php?action=soap_command&cmd=rename&char={$char['1']}&id={$id}\">Rename</a><br />\r\n ---><a href=\"user.php?action=soap_command&cmd=changefaction&char={$char['1']}&id={$id}\">Change Faction</a><br />\r\n ---><a href=\"user.php?action=soap_command&cmd=changerace&char={$char['1']}&id={$id}\">Change Race</a><br />\r\n ---><a href=\"user.php?action=soap_command&cmd=customize&char={$char['1']}&id={$id}\">Character Customize</a><br />";
}
$output .= " </td>\r\n </tr>";
}
}
}
$output .= "\r\n <tr>\r\n <td>";
if ($user_lvl >= $action_permission['delete']) {
makebutton($lang_user['del_acc'], "user.php?action=del_user&check%5B%5D={$id}\" type=\"wrn", 130);
}
$output .= "\r\n </td>\r\n <td>";
if ($user_lvl >= $action_permission['update']) {
makebutton($lang_user['update_data'], "javascript:do_submit_data()", 130);
}
makebutton($lang_global['back'], "javascript:window.history.back()\" type=\"def", 130);
$output .= "\r\n </td>\r\n </tr>\r\n </table>\r\n </form>\r\n </fieldset>\r\n <br /><br />\r\n </center>";
} else {
error($lang_global['err_no_user']);
}
}
