$res = sql_query("SELECT * FROM users WHERE id=" . sqlesc($userid)) or sqlerr(__FILE__, __LINE__); $user = mysql_fetch_assoc($res) or sqlerr(__FILE__, __LINE__); if ($CURUSER['class'] <= $user['class'] && ($CURUSER['id'] != $userid && $CURUSER['class'] < UC_ADMINISTRATOR)) { stderr('Error', 'You cannot edit someone of the same or higher class.. injecting stuff arent we? Action logged'); } if ($user['immunity'] >= 1 && $CURUSER['class'] < UC_MAX) { stderr("Error", "This user is immune to your commands !"); } $updateset = $useredit['update'] = array(); $modcomment = isset($_POST['modcomment']) && $CURUSER['class'] == UC_MAX ? $_POST['modcomment'] : $user['modcomment']; //== Set class if (isset($_POST['class']) && ($class = $_POST['class']) != $user['class']) { if ($class >= UC_MAX || $class >= $CURUSER['class'] || $user['class'] >= $CURUSER['class']) { stderr("{$lang['modtask_user_error']}", "{$lang['modtask_try_again']}"); } if (!valid_class($class) || $CURUSER['class'] <= $_POST['class']) { stderr("Error", "Bad class :P"); } //== Notify user $what = $class > $user['class'] ? "{$lang['modtask_promoted']}" : "{$lang['modtask_demoted']}"; $msg = sqlesc(sprintf($lang['modtask_have_been'], $what) . " '" . get_user_class_name($class) . "' {$lang['modtask_by']} " . $CURUSER['username']); $added = time(); sql_query("INSERT INTO messages (sender, receiver, msg, added) VALUES(0, {$userid}, {$msg}, {$added})") or sqlerr(__FILE__, __LINE__); $updateset[] = "class = " . sqlesc($class); $useredit['update'][] = '' . $what . ' to ' . get_user_class_name($class) . ''; $modcomment = get_date(time(), 'DATE', 1) . " - {$what} to '" . get_user_class_name($class) . "' by {$CURUSER['username']}.\n" . $modcomment; } // === add donated amount to user and to funds table if (isset($_POST['donated']) && ($donated = $_POST['donated']) != $user['donated']) { $added = sqlesc(time()); sql_query("INSERT INTO funds (cash, user, added) VALUES ({$donated}, {$userid}, {$added})") or sqlerr(__FILE__, __LINE__);
function min_class($min = UC_MIN, $max = UC_MAX) { global $CURUSER; $minclass = (int) $min; $maxclass = (int) $max; if (!isset($CURUSER)) { return false; } if (!valid_class($minclass) || !valid_class($maxclass)) { return false; } if ($maxclass < $minclass) { return false; } return (bool) ($CURUSER['class'] >= $minclass && $CURUSER['class'] <= $maxclass); }
echo $HTMLOUT; exit; } require_once INCL_DIR . 'html_functions.php'; require_once CLASS_DIR . 'class_check.php'; class_check(UC_ADMINISTRATOR); $lang = array_merge($lang); $HTMLOUT = $time_drop_down = $accepted_file_extension = $accepted_file_types = $member_class_drop_down = ''; $settings_saved = false; //=== be sure to set your id (below) in the DB. as well as setting your upload dir to something unique $config_id = 13; if (isset($_POST['do_it'])) { $delete_for_real = isset($_POST['delete_for_real']) ? intval($_POST['delete_for_real']) : 0; $min_delete_view_class = isset($_POST['min_delete_view_class']) && valid_class($_POST['min_delete_view_class']) ? intval($_POST['min_delete_view_class']) : 0; $readpost_expiry = isset($_POST['readpost_expiry']) ? intval($_POST['readpost_expiry']) : 0; $min_upload_class = isset($_POST['min_upload_class']) && valid_class($_POST['min_upload_class']) ? intval($_POST['min_upload_class']) : 0; $accepted_file_extension = isset($_POST['accepted_file_extension']) ? preg_replace('/\\s\\s+/', ' ', $_POST['accepted_file_extension']) : ''; $accepted_file_extension = explode(' ', $accepted_file_extension); $accepted_file_extension = serialize($accepted_file_extension); $accepted_file_types = isset($_POST['accepted_file_types']) ? preg_replace('/\\s\\s+/', ' ', $_POST['accepted_file_types']) : ''; $accepted_file_types = explode(' ', $accepted_file_types); $accepted_file_types = serialize($accepted_file_types); $max_file_size = isset($_POST['max_file_size']) ? intval($_POST['max_file_size']) : 0; $upload_folder = isset($_POST['upload_folder']) ? htmlspecialchars(trim($_POST['upload_folder'])) : ''; sql_query('UPDATE forum_config SET delete_for_real = ' . $delete_for_real . ', min_delete_view_class = ' . $min_delete_view_class . ', readpost_expiry = ' . $readpost_expiry . ', min_upload_class = ' . $min_upload_class . ', accepted_file_extension = ' . sqlesc($accepted_file_extension) . ', accepted_file_types = ' . sqlesc($accepted_file_types) . ', max_file_size = ' . $max_file_size . ', upload_folder = ' . sqlesc($upload_folder) . ' WHERE id = ' . $config_id); header('Location: staffpanel.php?tool=forum_config&action=forum_config'); die; } $main_links = '<p><a class="altlink" href="staffpanel.php?tool=over_forums&action=over_forums">Over Forums</a> ::