function get_map_exp($id, &$sqlm) { require_once 'get_lib.php'; $exp_lvl_arr = id_get_exp_lvl(); $map_exp = $sqlm->fetch_assoc($sqlm->query(' SELECT expansion FROM dbc_map WHERE id=' . $id . ' LIMIT 1')); return $exp_lvl_arr[$map_exp['expansion']][2]; }
function browse_users(&$sqlr, &$sqlc) { global $output, $lang_global, $lang_user, $mmfpm_db, $action_permission, $user_lvl, $user_name, $itemperpage, $showcountryflag, $expansion_select, $gm_level_arr; $active_realm_id_pq = "active_realm_id"; $sqlm = new SQL(); $sqlm->connect($mmfpm_db['addr'], $mmfpm_db['user'], $mmfpm_db['pass'], $mmfpm_db['name']); //-------------------SQL Injection Prevention-------------------------------- $start = isset($_GET['start']) ? $sqlr->quote_smart($_GET['start']) : 0; if (is_numeric($start)) { } else { $start = 0; } $order_by = isset($_GET['order_by']) ? $sqlr->quote_smart($_GET['order_by']) : 'id'; if (preg_match('/^[_[:lower:]]{1,15}$/', $order_by)) { } else { $order_by = 'id'; } $dir = isset($_GET['dir']) ? $sqlr->quote_smart($_GET['dir']) : 1; if (preg_match('/^[01]{1}$/', $dir)) { } else { $dir = 1; } $order_dir = $dir ? 'ASC' : 'DESC'; $dir = $dir ? 0 : 1; //-------------------Search-------------------------------------------------- $search_by = ''; $search_value = ''; // if we have a search request, if not we just return everything if (isset($_GET['search_value']) && isset($_GET['search_by'])) { // injection prevention $search_value = $sqlr->quote_smart($_GET['search_value']); $search_by = $sqlr->quote_smart($_GET['search_by']); $search_menu = array('username', 'id', 'gmlevel', 'greater_gmlevel', 'email', 'joindate', 'last_ip', 'failed_logins', 'last_login', 'active_realm_id', 'banned', 'locked', 'expansion'); if (in_array($search_by, $search_menu)) { } else { $search_by = 'username'; } unset($search_menu); // special search cases // developer note: 'if else' is always faster then 'switch case' if ($search_by === 'greater_gmlevel') { $sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,' . $active_realm_id_pq . ',expansion FROM account WHERE gmlevel > "%' . $search_value . '%" ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ''; $query_1 = $sqlr->query('SELECT count(*) FROM account WHERE gmlevel > "%' . $search_value . '%"'); } elseif ($search_by === 'banned') { $sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,' . $active_realm_id_pq . ',expansion FROM account WHERE id = 0 '; $count_query = 'SELECT count(*) FROM account WHERE id = 0 '; $que = $sqlr->query('SELECT id FROM account_banned'); while ($banned = $sqlr->fetch_assoc($que)) { $sql_query .= 'OR id = ' . $banned['id'] . ''; $count_query .= 'OR id = ' . $banned['id'] . ''; } $sql_query .= ' ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ''; $query_1 = $sqlr->query($count_query); unset($count_query); } elseif ($search_by === 'failed_logins') { $sql_query = 'SELECT * FROM account WHERE failed_logins > ' . $search_value . ' ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ''; $query_1 = $sqlr->query('SELECT count(*) FROM account WHERE failed_logins > ' . $search_value . ''); } else { // default search case $sql_query = 'SELECT id,username,gmlevel,email,joindate,last_ip,failed_logins,locked,last_login,' . $active_realm_id_pq . ',expansion FROM account WHERE ' . $search_by . ' LIKE "%' . $search_value . '%" ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ''; $query_1 = $sqlr->query('SELECT count(*) FROM account WHERE ' . $search_by . ' LIKE "%' . $search_value . '%"'); } $query = $sqlr->query($sql_query); } else { // get total number of items $query_1 = $sqlr->query('SELECT count(*) FROM account'); $query = $sqlr->query('SELECT * FROM account ORDER BY ' . $order_by . ' ' . $order_dir . ' LIMIT ' . $start . ', ' . $itemperpage . ''); } // this is for multipage support $all_record = $sqlr->result($query_1, 0); unset($query_1); //==========================top tage navigaion starts here======================== // we start with a lead of 10 spaces, // because last line of header is an opening tag with 8 spaces // keep html indent in sync, so debuging from browser source would be easy to read $output .= ' <!-- start of user.php --> <script type="text/javascript" src="libs/js/check.js"></script> <center> <table class="top_hidden"> <tr> <td>'; if ($user_lvl >= $action_permission['insert']) { makebutton($lang_user['add_acc'], 'user.php?action=add_new', 130); // backup is broken // makebutton($lang_user['backup'], 'backup.php', 130); } // cleanup unknown working condition //if($user_lvl >= $action_permission['delete']) // makebutton($lang_user['cleanup'], 'cleanup.php', 130); makebutton($lang_global['back'], 'javascript:window.history.back()', 130); if ($search_by && $search_value) { makebutton($lang_user['user_list'], 'user.php', 130); } $output .= ' </td> <td align="right" width="25%" rowspan="2">'; // multi page links $output .= $lang_user['tot_acc'] . ' : ' . $all_record . '<br /><br />' . generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start); // this part for search $output .= ' </td> </tr> <tr align="left"> <td> <table class="hidden"> <tr> <td> <form action="user.php" method="get" name="form"> <input type="hidden" name="error" value="3" /> <input type="text" size="24" maxlength="50" name="search_value" value="' . $search_value . '" /> <select name="search_by"> <option value="username"' . ($search_by === 'username' ? ' selected="selected"' : '') . '>' . $lang_user['by_name'] . '</option> <option value="id"' . ($search_by === 'id' ? ' selected="selected"' : '') . '>' . $lang_user['by_id'] . '</option> <option value="gmlevel"' . ($search_by === 'gmlevel' ? ' selected="selected"' : '') . '>' . $lang_user['by_gm_level'] . '</option> <option value="greater_gmlevel"' . ($search_by === 'greater_gmlevel' ? ' selected="selected"' : '') . '>' . $lang_user['greater_gm_level'] . '</option> <option value="expansion"' . ($search_by === 'expansion' ? ' selected="selected"' : '') . '>' . $lang_user['by_expansion'] . '</option> <option value="email"' . ($search_by === 'email' ? ' selected="selected"' : '') . '>' . $lang_user['by_email'] . '</option> <option value="joindate"' . ($search_by === 'joindate' ? ' selected="selected"' : '') . '>' . $lang_user['by_join_date'] . '</option> <option value="last_ip"' . ($search_by === 'last_ip' ? ' selected="selected"' : '') . '>' . $lang_user['by_ip'] . '</option> <option value="failed_logins"' . ($search_by === 'failed_logins' ? ' selected="selected"' : '') . '>' . $lang_user['by_failed_loggins'] . '</option> <option value="last_login"' . ($search_by === 'last_login' ? ' selected="selected"' : '') . '>' . $lang_user['by_last_login'] . '</option> <option value="active_realm_id"' . ($search_by === 'active_realm_id' ? ' selected="selected"' : '') . '>' . $lang_user['by_online'] . '</option> <option value="locked"' . ($search_by === 'locked' ? ' selected="selected"' : '') . '>' . $lang_user['by_locked'] . '</option> <option value="banned"' . ($search_by === 'banned' ? ' selected="selected"' : '') . '>' . $lang_user['by_banned'] . '</option> </select> </form> </td> <td>'; makebutton($lang_global['search'], 'javascript:do_submit()', 80); $output .= ' </td> </tr> </table> </td> </tr> </table>'; //==========================top tage navigaion ENDS here ======================== $output .= ' <form method="get" action="user.php" name="form1"> <input type="hidden" name="action" value="del_user" /> <input type="hidden" name="start" value="' . $start . '" /> <input type="hidden" name="backup_op" value="0"/> <table class="lined"> <tr>'; // column headers, with links for sorting // first column is the selection check box if ($user_lvl >= $action_permission['insert']) { $output .= ' <th width="1%"> <input name="allbox" type="checkbox" value="Check All" onclick="CheckAll(document.form1);" /> </th>'; } else { $output .= ' <th width="1%"></th>'; } $output .= ' <th width="1%"><a href="user.php?order_by=id&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'id' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['id'] . '</a></th> <th width="1%"><a href="user.php?order_by=username&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'username' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['username'] . '</a></th> <th width="1%"><a href="user.php?order_by=gmlevel&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'gmlevel' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['gm_level'] . '</a></th>'; if ($expansion_select) { $output .= ' <th width="1%"><a href="user.php?order_by=expansion&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'expansion' ? ' class="' . $order_dir . '"' : '') . '>EXP</a></th>'; } $output .= ' <th width="1%"><a href="user.php?order_by=email&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'email' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['email'] . '</a></th> <th width="1%"><a href="user.php?order_by=joindate&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'joindate' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['join_date'] . '</a></th> <th width="1%"><a href="user.php?order_by=last_ip&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'last_ip' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['ip'] . '</a></th> <th width="1%"><a href="user.php?order_by=failed_logins&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'failed_logins' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['failed_logins'] . '</a></th> <th width="1%"><a href="user.php?order_by=locked&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'locked' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['locked'] . '</a></th> <th width="1%"><a href="user.php?order_by=last_login&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'last_login' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['last_login'] . '</a></th> <th width="1%"><a href="user.php?order_by=active_realm_id&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by === 'active_realm_id' ? ' class="' . $order_dir . '"' : '') . '>' . $lang_user['online'] . '</a></th>'; if ($showcountryflag) { require_once 'libs/misc_lib.php'; $output .= ' <th width="1%">' . $lang_global['country'] . '</th>'; } $output .= ' </tr>'; //---------------Page Specific Data Starts Here-------------------------- while ($data = $sqlr->fetch_assoc($query)) { if ($user_lvl >= $data['gmlevel'] || $user_name === $data['username']) { $output .= ' <tr>'; if ($user_lvl >= $action_permission['insert']) { $output .= ' <td><input type="checkbox" name="check[]" value="' . $data['id'] . '" onclick="CheckCheckAll(document.form1);" /></td>'; } else { $output .= ' <td></td>'; } $output .= ' <td>' . $data['id'] . '</td> <td> <a href="user.php?action=edit_user&error=11&id=' . $data['id'] . '">' . $data['username'] . '</a> </td> <td>' . $gm_level_arr[$data['gmlevel']][2] . '</td>'; if ($expansion_select) { $exp_lvl_arr = id_get_exp_lvl(); $output .= ' <td>' . $exp_lvl_arr[$data['expansion']][2] . '</td>'; unset($exp_lvl_arr); } if ($user_lvl >= $action_permission['update'] || $user_name === $data['username']) { $output .= ' <td><a href="mailto:' . $data['email'] . '">' . substr($data['email'], 0, 15) . '</a></td>'; } else { $output .= ' <td>***@***.***</td>'; } $output .= ' <td class="small">' . $data['joindate'] . '</td>'; if ($user_lvl >= $action_permission['update'] || $user_name === $data['username']) { $output .= ' <td>' . $data['last_ip'] . '</td>'; } else { $output .= ' <td>*******</td>'; } $output .= ' <td>' . ($data['failed_logins'] ? $data['failed_logins'] : '-') . '</td> <td>' . ($data['locked'] ? $lang_global['yes_low'] : '-') . '</td> <td class="small">' . $data['last_login'] . '</td> <td>' . ($data['active_realm_id'] ? '<img src="img/up.gif" alt="" />' : '-') . '</td>'; if ($showcountryflag) { $country = misc_get_country_by_ip($data['last_ip'], $sqlm); $output .= ' <td>' . ($country['code'] ? '<img src="img/flags/' . $country['code'] . '.png" onmousemove="toolTip(\'' . $country['country'] . '\', \'item_tooltip\')" onmouseout="toolTip()" alt="" />' : '-') . '</td>'; } $output .= ' </tr>'; } else { $output .= ' <tr> <td>*</td><td>***</td><td>You</td><td>Have</td><td>No</td> <td class=\\"small\\">Permission</td><td>to</td><td>View</td><td>this</td><td>Data</td><td>***</td>'; if ($expansion_select) { $output .= ' <td>*</td>'; } if ($showcountryflag) { $output .= ' <td>*</td>'; } $output .= ' </tr>'; } } $output .= ' <tr> <td colspan="'; if ($expansion_select || $showcountryflag) { if ($expansion_select && $showcountryflag) { $output .= '13'; } else { $output .= '12'; } } else { $output .= '11'; } $output .= '" class="hidden" align="right" width="25%">'; $output .= generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start); $output .= ' </td> </tr> <tr> <td colspan="8" align="left" class="hidden">'; if ($user_lvl >= $action_permission['delete']) { makebutton($lang_user['del_selected_users'], 'javascript:do_submit(\'form1\',0)" type="wrn', 230); } // backup is broken //if($user_lvl >= $action_permission['insert']) // makebutton($lang_user['backup_selected_users'], 'javascript:do_submit(\'form1\',1)',230); $output .= ' </td> <td colspan="'; if ($expansion_select || $showcountryflag) { if ($expansion_select && $showcountryflag) { $output .= '5'; } else { $output .= '4'; } } else { $output .= '3'; } $output .= '" align="right" class="hidden">' . $lang_user['tot_acc'] . ' : ' . $all_record . '</td> </tr> </table> </form> <br /> </center> <!-- end of user.php -->'; }
function browse_users() { global $output, $realm_id, $corem_db, $logon_db, $corem_db, $characters_db, $action_permission, $user_lvl, $user_name, $itemperpage, $showcountryflag, $expansion_select, $timezone_offset, $sql, $core; //-------------------SQL Injection Prevention-------------------------------- $start = isset($_GET["start"]) ? $sql["logon"]->quote_smart($_GET["start"]) : 0; if (!is_numeric($start)) { $start = 0; } $order_by = isset($_GET["order_by"]) ? $sql["logon"]->quote_smart($_GET["order_by"]) : "acct"; if (!preg_match('/^[_[:lower:]]{1,15}$/', $order_by)) { $order_by = "acct"; } $dir = isset($_GET["dir"]) ? $sql["logon"]->quote_smart($_GET["dir"]) : 1; if (!preg_match('/^[01]{1}$/', $dir)) { $dir = 1; } $order_dir = $dir ? "ASC" : "DESC"; $dir = $dir ? 0 : 1; // temporary default $show_chars = isset($_GET["show_chars"]) ? $sql["logon"]->quote_smart($_GET["show_chars"]) : 0; //-------------------Search-------------------------------------------------- $search_by = ''; $search_value = ''; // build the list of Search Types (varies by core) if ($core == 1) { $search_menu = array(array("login", "by_name"), array("acct", "by_id"), array("gm", "by_gm_level"), array("greater_gmlevel", "greater_gm_level"), array("email", "by_email"), array("lastip", "by_ip"), array("gt_lastlogin", "by_gt_last_login"), array("lt_lastlogin", "by_lt_last_login"), array("banned", "by_banned"), array("muted", "by_muted"), array("expansion", "by_expansion")); } elseif ($core == 2) { $search_menu = array(array('username', 'by_name'), array('id', 'by_id'), array('gmlevel', 'by_gm_level'), array('greater_gmlevel', 'greater_gm_level'), array('email', 'by_email'), array('last_ip', 'by_ip'), array('gt_last_login', 'by_gt_last_login'), array('lt_last_login', 'by_lt_last_login'), array('banned', 'by_banned'), array('locked', 'by_locked'), array('expansion', 'by_expansion')); } else { $search_menu = array(array('username', 'by_name'), array('account.id', 'by_id'), array('gmlevel', 'by_gm_level'), array('greater_gmlevel', 'greater_gm_level'), array('email', 'by_email'), array('last_ip', 'by_ip'), array('gt_last_login', 'by_gt_last_login'), array('lt_last_login', 'by_lt_last_login'), array('banned', 'by_banned'), array('locked', 'by_locked'), array('expansion', 'by_expansion')); } // if we have a search request, if not we just return everything if (isset($_GET["search_value"]) && isset($_GET["search_by"])) { // injection prevention $search_value = $sql["logon"]->quote_smart($_GET["search_value"]); $search_by = $sql["logon"]->quote_smart($_GET["search_by"]); // special search cases // developer note: 'if else' is always faster then 'switch case' if ($search_by === "greater_gmlevel") { //TODO if ($core == 1) { $sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags\r\n FROM accounts WHERE gm>'%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE gm>'%" . $search_value . "%'"); } elseif ($core == 2) { $sql_query = "SELECT account.id AS acct, username AS login, gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE gmlevel>'%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*)\r\n FROM account WHERE gmlevel>'%" . $search_value . "%'"); } else { $sql_query = "SELECT account.id AS acct, username AS login, gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE gmlevel>'%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*)\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE gmlevel>'%" . $search_value . "%'"); } } elseif ($search_by === "gmlevel") { if ($core == 1) { $sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags\r\n FROM accounts WHERE gm='" . $search_value . "' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE gm='" . $search_value . "'"); } elseif ($core == 2) { $sql_query = "SELECT account.id AS acct, username AS login, gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE gmlevel='" . $search_value . "' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE gmlevel='" . $search_value . "'"); } else { $sql_query = "SELECT account.id AS acct, username AS login, account_access.gmlevel AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE account_access.gmlevel='" . $search_value . "' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*)\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE IFNULL(account_access.gmlevel, 0)='" . $search_value . "'"); } } elseif ($search_by === "banned") { if ($core == 1) { $sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE banned<>0"; $count_query = "SELECT COUNT(*) FROM accounts"; $que = $sql["logon"]->query("SELECT acct FROM accounts WHERE banned<>0"); } elseif ($core == 2) { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE unbandate>UNIX_TIMESTAMP()"; $count_query = "SELECT COUNT(*) FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()"; $que = $sql["logon"]->query("SELECT id AS acct FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()"); } else { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n WHERE unbandate>UNIX_TIMESTAMP()"; $count_query = "SELECT COUNT(*) FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()"; $que = $sql["logon"]->query("SELECT id AS acct FROM account_banned WHERE unbandate>UNIX_TIMESTAMP()"); } while ($banned = $sql["logon"]->fetch_assoc($que)) { if ($core == 1) { $sql_query .= " OR acct='" . $banned["acct"] . "'"; $count_query .= "OR acct='" . $banned["acct"] . "'"; } else { $sql_query .= " OR account.id='" . $banned["acct"] . "'"; $count_query .= " OR account_banned.id='" . $banned["acct"] . "'"; } } $sql_query .= " ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query($count_query); unset($count_query); } elseif ($search_by == "gt_last_login" || $search_by == "gt_lastlogin") { if ($core == 1) { $sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))"); } elseif ($core == 2) { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE UNIX_TIMESTAMP(last_login)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))"); } else { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE last_login>=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))"); } } elseif ($search_by == "lt_last_login" || $search_by == "lt_lastlogin") { if ($core == 1) { $sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE UNIX_TIMESTAMP(lastlogin)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))"); } elseif ($core == 2) { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))"); } else { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y')) ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE UNIX_TIMESTAMP(last_login)<=UNIX_TIMESTAMP(STR_TO_DATE('" . $search_value . "', '%c/%d/%Y'))"); } } else { // default search case if ($core == 1) { $sql_query = "SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts WHERE " . $search_by . " LIKE '%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts WHERE " . $search_by . " LIKE '%" . $search_value . "%'"); } elseif ($core == 2) { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE " . $search_by . " LIKE '%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account WHERE " . $search_by . " LIKE '%" . $search_value . "%'"); } else { $sql_query = "SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n WHERE " . $search_by . " LIKE '%" . $search_value . "%' ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage; $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account LEFT JOIN account_access ON account.id=account_access.id WHERE " . $search_by . " LIKE '%" . $search_value . "%'"); } } $query = $sql["logon"]->query($sql_query); } else { // get total number of items if ($core == 1) { $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM accounts"); $query = $sql["logon"]->query("SELECT acct, login, gm, email, lastip, muted, UNIX_TIMESTAMP(lastlogin) AS lastlogin, flags, banned\r\n FROM accounts ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage); } elseif ($core == 2) { $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account"); $query = $sql["logon"]->query("SELECT account.id AS acct, username AS login, IFNULL(gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage); } else { $query_1 = $sql["logon"]->query("SELECT COUNT(*) FROM account"); $query = $sql["logon"]->query("SELECT account.id AS acct, username AS login, IFNULL(account_access.gmlevel, 0) AS gm, email, last_ip AS lastip, locked AS muted, UNIX_TIMESTAMP(last_login) AS lastlogin, expansion AS flags, IFNULL(unbandate, 0) AS banned, active\r\n FROM account\r\n LEFT JOIN account_access ON account_access.id=account.id\r\n LEFT JOIN account_banned ON account_banned.id=account.id\r\n ORDER BY " . $order_by . " " . $order_dir . " LIMIT " . $start . ", " . $itemperpage); } } // this is for multipage support $all_record = $sql["logon"]->result($query_1, 0); unset($query_1); // a little XSS prevention $search_value = htmlspecialchars($search_value); $search_by = htmlspecialchars($search_by); //==========================top tage navigaion starts here======================== // we start with a lead of 10 spaces, // because last line of header is an opening tag with 8 spaces // keep html indent in sync, so debuging from browser source would be easy to read $output .= ' <!-- start of user.php --> <script type="text/javascript" src="libs/js/check.js"></script> <table class="top_hidden"> <tr> <td>'; if ($user_lvl >= $action_permission["insert"]) { makebutton(lang("user", "add_acc"), 'user.php?action=add_new', 130); // backup is broken // makebutton($lang_user["backup"], 'backup.php', 130); } // cleanup unknown working condition //if($user_lvl >= $action_permission["delete"]) // makebutton($lang_user["cleanup"], 'cleanup.php', 130); makebutton(lang("global", "back"), 'javascript:window.history.back()', 130); if ($search_by && $search_value) { makebutton(lang("user", "user_list"), 'user.php', 130); } $output .= ' </td> <td align="right" style="width: 25%;" rowspan="2">'; // multi page links $output .= lang("user", "tot_acc") . ' : ' . $all_record . '<br /><br />' . generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start); // this part for search $output .= ' </td> </tr> <tr align="left"> <td> <table class="hidden"> <tr> <td> <form action="user.php" method="get" id="form"> <div> <input type="hidden" name="error" value="3" /> <input type="text" size="24" maxlength="50" name="search_value" value="' . $search_value . '" /> <select name="search_by">'; foreach ($search_menu as $row) { $output .= ' <option value="' . $row[0] . '"' . ($search_by === $row[0] ? ' selected="selected"' : '') . '>' . lang("user", $row[1]) . '</option>'; } $output .= ' </select> </div> </form> </td> <td>'; makebutton(lang("global", "search"), 'javascript:do_submit()', 80); $output .= ' </td> </tr> </table> </td> </tr> </table>'; //==========================top tage navigaion ENDS here ======================== $output .= ' <form method="get" action="user.php" id="form1"> <div> <input type="hidden" name="action" value="del_user" /> <input type="hidden" name="start" value="' . $start . '" /> <input type="hidden" name="backup_op" value="0"/> </div> <table class="lined"> <tr> <td colspan="8" align="left" class="hidden">'; if ($user_lvl >= $action_permission["delete"]) { makebutton(lang("user", "del_selected_users"), 'javascript:do_submit(\'form1\',0)" type="wrn', 230); } $output .= ' </td> </tr> <tr>'; // column headers, with links for sorting // first column is the selection check box if ($user_lvl >= $action_permission["insert"]) { $output .= ' <th style="width: 1%;"> <input name="allbox" type="checkbox" value="Check All" onclick="CheckAll(document.getElementById(\'form1\'));" /> </th>'; } else { $output .= ' <th style="width: 1%;"></th>'; } //expander symbol $output .= ' <th style="width: 1%;"></th>'; $output .= ' <th style="width: 1%;"><a href="user.php?order_by=acct&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'acct' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "acct") . '</a></th> <th style="width: 1%;"><a href="user.php?order_by=login&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'login' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "login") . '</a></th> <th style="width: 1%;">' . lang("user", "screenname") . '</th> <th style="width: 1%;"><a href="user.php?order_by=gm&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'gm' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "gm_level") . '</a></th> <th style="width: 1%;">' . lang("user", "sec_level") . '</th>'; if ($expansion_select) { $output .= ' <th style="width: 1%;"><a href="user.php?order_by=flags&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'flags' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "expansion_short") . '</a></th>'; } $output .= ' <th style="width: 1%;"><a href="user.php?order_by=email&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'email' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "email") . '</a></th> <!-- <th style="width: 1%;"><a href="user.php?order_by=joindate&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'joindate' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "join_date") . '</a></th> --> <th style="width: 1%;"><a href="user.php?order_by=lastip&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'lastip' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "ip") . '</a></th> <th style="width: 1%;">' . lang("user", "char_count") . '</th>'; if ($core == 1) { $output .= ' <th style="width: 1%;"><a href="user.php?order_by=muted&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'muted' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "muted") . '</a></th>'; } else { $output .= ' <th style="width: 1%;"><a href="user.php?order_by=muted&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'muted' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "locked") . '</a></th>'; } $output .= ' <th style="width: 1%;"><a href="user.php?order_by=lastlogin&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . $dir . '"' . ($order_by == 'lastlogin' ? ' class="' . $order_dir . '"' : '') . '>' . lang("user", "last_login") . '</a></th> <th style="width: 1%;">' . lang("user", "online") . '</th>'; if ($showcountryflag) { require_once "libs/misc_lib.php"; $output .= ' <th style="width: 1%;">' . lang("global", "country") . '</th>'; } $output .= ' <th style="width: 1%;">' . lang("user", "banned") . '</th> </tr>'; //---------------Page Specific Data Starts Here-------------------------- while ($data = $sql["logon"]->fetch_assoc($query)) { // get screen name for each account $sn_query = "SELECT *, SecurityLevel AS sec_lvl FROM config_accounts WHERE Login='******'"; $sn_result = $sql["mgr"]->query($sn_query); $screenname = $sql["mgr"]->fetch_assoc($sn_result); if ($screenname["sec_lvl"] >= 1073741824) { $screenname["sec_lvl"] -= 1073741824; } // if the user doesn't have a value in their SecurityLevel field, // assume it's Player (ZERO) if (!isset($screenname["sec_lvl"])) { $screenname["sec_lvl"] = 0; } // clear character count from previous account $char_count = 0; // in case we're displaying the user's characters $char_list = array(); $realm_list = array(); foreach ($characters_db as $db) { $sqlt = new SQL(); $sqlt->connect($db["addr"], $db["user"], $db["pass"], $db["name"], $db["encoding"]); if ($core == 1) { $char_query = "SELECT COUNT(*) FROM characters WHERE acct='" . $data["acct"] . "'"; } else { $char_query = "SELECT COUNT(*) FROM characters WHERE account='" . $data["acct"] . "'"; } $char_result = $sqlt->query($char_query); $char_count_fields = $sqlt->fetch_assoc($char_result); $char_count += $char_count_fields["COUNT(*)"]; // if we need to, build the character list if ($data["acct"] == $show_chars) { $realm_char_list = array(); // store the realm id for later $realm_list[] = $db["id"]; if ($core == 1) { $char_query = "SELECT guid FROM characters WHERE acct='" . $data["acct"] . "' ORDER BY guid ASC"; } else { $char_query = "SELECT guid FROM characters WHERE account='" . $data["acct"] . "' ORDER BY guid ASC"; } $char_result = $sqlt->query($char_query); while ($row = $sqlt->fetch_assoc($char_result)) { $realm_char_list[] = $row["guid"]; } $char_list[] = $realm_char_list; } } $output .= ' <tr>'; if ($user_lvl >= $action_permission["insert"]) { $output .= ' <td><input type="checkbox" name="check[]" value="' . $data["acct"] . '" onclick="CheckCheckAll(document.getElementById(\'form1\'));" /></td>'; } else { $output .= ' <td>*</td>'; } // show character expander symbol if ($show_chars == 0 || $show_chars != $data["acct"]) { $output .= ' <td> <a href="user.php?order_by=' . $order_by . '&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . ($dir ? 0 : 1) . '&show_chars=' . $data["acct"] . '">+</a> </td>'; } else { $output .= ' <td> <a href="user.php?order_by=' . $order_by . '&start=' . $start . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '&dir=' . ($dir ? 0 : 1) . '&show_chars=0">–</a> </td>'; } if ($user_lvl >= $action_permission["insert"] || $user_name == $data["login"]) { $output .= ' <td>' . $data["acct"] . '</td> <td> <a href="user.php?action=edit_user&error=11&acct=' . $data["acct"] . '">' . $data["login"] . '</a> </td>'; } else { $output .= ' <td>***</td> <td>*****</td>'; } $temp_screenname = $screenname["ScreenName"]; if ($temp_screenname == '' || $temp_screenname == NULL) { $temp_screenname = "-"; } if ($user_lvl >= $action_permission["view"] || $user_name == $data["login"]) { $output .= ' <td> <a href="user.php?action=edit_user&error=11&acct=' . $data["acct"] . '">' . $temp_screenname . '</a> </td>'; } else { $output .= ' <td>*****</td>'; } $output .= ' <td>' . $data["gm"] . '</td>'; $output .= ' <td>' . gmlevel_short($screenname["sec_lvl"]) . '</td>'; if ($expansion_select) { $exp_lvl_arr = id_get_exp_lvl(); $output .= ' <td>' . $exp_lvl_arr[$data["flags"]][2] . '</td>'; unset($exp_lvl_arr); } if ($user_lvl >= $action_permission["update"] || $user_name === $data["login"]) { $output .= ' <td>' . ($data["email"] ? '<a href="mailto:' . $data["email"] . '">' . substr($data["email"], 0, 15) . '</a>' : '-') . '</td>'; } else { $output .= ' <td>***@***.***</td>'; } if ($user_lvl >= $action_permission["update"] || $user_name === $data["login"]) { $output .= ' <td>' . $data["lastip"] . '</td>'; } else { $output .= ' <td>*******</td>'; } $output .= ' <td>' . $char_count . '</td>'; $o_temp = 0; foreach ($characters_db as $db) { $sqlt = new SQL(); $sqlt->connect($db["addr"], $db["user"], $db["pass"], $db["name"], $db["encoding"]); if ($core == 1) { $sql_c_query = "SELECT SUM(online) FROM characters WHERE acct = '" . $data["acct"] . "'"; } else { $sql_c_query = "SELECT SUM(online) FROM characters WHERE account = '" . $data["acct"] . "'"; } $c_query = $sqlt->query($sql_c_query); $c_result = $sqlt->fetch_row($c_query); $o_temp += $c_result[0]; } $time_offset = $timezone_offset * 3600; if ($data["lastlogin"] != 0) { $lastlog = date("F j, Y @ Hi", $data["lastlogin"] + $time_offset); } else { $lastlog = '-'; } $output .= ' <td>' . ($data["muted"] ? '<img src="img/lock.png" />' : '-') . '</td> <td class="small">' . $lastlog . '</td> <td>' . ($o_temp != 0 ? '<img src="img/up.gif" alt="" />' : '<img src="img/down.gif" alt="" />') . '</td>'; if ($showcountryflag) { $country = misc_get_country_by_ip($data["lastip"]); $output .= ' <td>' . ($country["code"] ? '<img src="img/flags/' . $country["code"] . '.png" onmousemove="oldtoolTip(\'' . $country["country"] . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" />' : '-') . '</td>'; } if ($core == 1) { if (time() < $data["banned"]) { $output .= ' <td><img src="img/flag_red.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_active") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>'; } elseif (time() > $data["banned"] && $data["banned"] != 0) { $output .= ' <td><img src="img/flag_green.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_expired") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>'; } else { $output .= ' <td>-</td>'; } } else { if ($data["active"]) { if (time() < $data["banned"]) { $output .= ' <td><img src="img/flag_red.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_active") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>'; } else { $output .= ' <td><img src="img/flag_blue.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_active_expired") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>'; } } else { if (time() < $data["banned"]) { $output .= ' <td><img src="img/flag_green.png" onmousemove="oldtoolTip(\'' . lang("user", "ban_inactive") . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" /></td>'; } else { $output .= ' <td>-</td>'; } } } $output .= ' </tr>'; // if we're going to, show characters owned by this account (all realms) if ($data["acct"] == $show_chars) { $output .= ' <tr> <td colspan="3"> </td> <td colspan="'; if ($expansion_select || $showcountryflag) { if ($expansion_select && $showcountryflag) { $output .= '13'; } else { $output .= '12'; } } else { $output .= '11'; } $output .= '"> <table class="hidden">'; for ($i = 0; $i < count($char_list); $i++) { $realm_chars = $char_list[$i]; $cur_realm = $realm_list[$i]; $realm_name_query = "SELECT * FROM config_servers WHERE `Index`='" . $cur_realm . "'"; $realm_name_result = $sql["mgr"]->query($realm_name_query); $realm_name_result = $sql["mgr"]->fetch_assoc($realm_name_result); $cur_realm_name = $realm_name_result["Name"]; $sqlt = new SQL(); $sqlt->connect($characters_db[$cur_realm]["addr"], $characters_db[$cur_realm]["user"], $characters_db[$cur_realm]["pass"], $characters_db[$cur_realm]["name"], $characters_db[$cur_realm]["encoding"]); $output .= ' <tr> <td align="left">' . $cur_realm_name . '</td> </tr>'; foreach ($realm_chars as $row) { $row_name_query = "SELECT * FROM characters WHERE guid='" . $row . "'"; $row_name_result = $sqlt->query($row_name_query); $row_name_result = $sqlt->fetch_assoc($row_name_result); $output .= ' <tr> <td align="left"> <a href="char.php?id=' . $row . '&realm=' . $cur_realm . '">' . $row_name_result["name"] . '</a> - <img src="img/c_icons/' . $row_name_result["race"] . '-' . $row_name_result["gender"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_race_name($row_name_result["race"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt="" /> <img src="img/c_icons/' . $row_name_result["class"] . '.gif" onmousemove="oldtoolTip(\'' . char_get_class_name($row_name_result["class"]) . '\', \'old_item_tooltip\')" onmouseout="oldtoolTip()" alt=""/> - ' . lang("char", "level_short") . char_get_level_color($row_name_result["level"]) . ' </td> </tr>'; } } $output .= ' </table> </td> </tr>'; } /*else { $output .= ' <tr> <td>*</td><td>***</td><td>You</td><td>Have</td><td>No</td> <td class=\"small\">Permission</td><td>to</td><td>View</td><td>this</td><td>Data</td><td>***</td>'; if ( $expansion_select ) $output .= ' <td>*</td>'; if ( $showcountryflag ) $output .= ' <td>*</td>'; $output .= ' </tr>'; }*/ } $output .= ' <tr> <td colspan="'; if ($expansion_select || $showcountryflag) { if ($expansion_select && $showcountryflag) { $output .= '16'; } else { $output .= '15'; } } else { $output .= '14'; } $output .= '" class="hidden" align="right" style="width: 25%;">'; $output .= generate_pagination('user.php?order_by=' . $order_by . '&dir=' . ($dir ? 0 : 1) . ($search_value && $search_by ? '&search_by=' . $search_by . '&search_value=' . $search_value . '' : '') . '', $all_record, $itemperpage, $start); $output .= ' </td> </tr> <tr> <td colspan="8" align="left" class="hidden">'; if ($user_lvl >= $action_permission["delete"]) { makebutton(lang("user", "del_selected_users"), 'javascript:do_submit(\'form1\',0)" type="wrn', 230); } // backup is broken //if($user_lvl >= $action_permission["insert"]) // makebutton($lang_user["backup_selected_users"], 'javascript:do_submit(\'form1\',1)',230); $output .= ' </td> <td colspan="'; if ($expansion_select || $showcountryflag) { if ($expansion_select && $showcountryflag) { $output .= '5'; } else { $output .= '4'; } } else { $output .= '3'; } $output .= '" align="right" class="hidden">' . lang("user", "tot_acc") . ' : ' . $all_record . '</td> </tr> </table> </form> <br /> <!-- end of user.php -->'; }