$return_vars['user'] = $_REQUEST['user'];
if (!isset($_REQUEST['group']) || !validate_groupname($_REQUEST['group'])) {
$return_codes[] = 1150;
break;
}
if ($_REQUEST['group'] == 'admin') {
if (!get_user_field(USER_ID, 'admin', 'admin')) {
$return_codes[] = 1153;
break;
}
}
if (!isset($_REQUEST['key']) || !validate_keyname($_REQUEST['key'])) {
$return_codes[] = 1151;
break;
}
if (!isset($_REQUEST['value']) || !validate_value($_REQUEST['value'])) {
$return_codes[] = 1152;
break;
}
$db = isset($db) ? $db : new DB(true);
$user_id = 0;
$rs = $db->get_db()->query("select record_id from users where username = '******'user'] . "'");
$rs->data_seek(0);
if ($row = $rs->fetch_assoc()) {
$user_id = $row['record_id'];
} else {
$return_codes[] = 1156;
break;
}
if (isset($_REQUEST['btn_update_x'])) {
if (set_user_field($user_id, $_REQUEST['group'], $_REQUEST['key'], null)) {
?>
</select>
</div>
</div>
</div>
<div class="form-group">
<label for="role">Role <small>role who can access this page separated by comma, leave blank for no restriction</small></label>
<input name="role" id="role" class="form-control" placeholder="i.e. admin, user" value="<?php
echo set_value('role', validate_value($page, 'role'));
?>
">
</div>
<div class="form-group">
<label for="meta_description">Meta Description <small>optional</small></label>
<textarea name="meta_description" id="meta_description" class="form-control" rows="3"><?php
echo set_value('meta_description', validate_value($page, 'meta_description'));
?>
</textarea>
</div>
<div class="form-group">
<label for="meta_keywords">Meta Keyword <small>optional</small></label>
<input name="meta_keywords" id="meta_keywords" class="form-control" value="<?php
echo set_value('meta_keywords', validate_value($page, 'meta_keywords'));
?>
">
</div>
</div>
</div>
</form>
echo set_value('labels', validate_value($post, 'labels'));
?>
">
</div>
<div class="form-group">
<label for="content">Featured Image</label>
<input type="text" id="post_image" name="post_image" class="form-control" value="<?php
echo set_value('post_image', validate_value($post, 'post_image'));
?>
">
<button type="button" class="btn btn-primary btn-xs" data-toggle="modal" data-target="#myModal">Browse</button>
</div>
<div class="form-group">
<label for="meta_description">Meta Description <small>optional</small></label>
<textarea name="meta_description" class="form-control" rows="6"><?php
echo set_value('meta_description', validate_value($post, 'meta_description'));
?>
</textarea>
</div>
</div>
</div>
</form>
<div class="modal fade" id="myModal">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-body">
<iframe src="<?php
echo site_url('panel/media/dialog', NULL, true);
?>
} else {
if (strrpos($flags, "c") !== false) {
//steamid
if (!validate_value($steamid, "steamid", $error)) {
$user_msg[] = $error;
}
} else {
if (strrpos($flags, "d") !== false) {
//ip
if (!validate_value($steamid, "ip", $error)) {
$user_msg[] = $error;
}
}
}
}
if (!validate_value($nickname, "name", $error, 3, 31, "NICKNAME")) {
$user_msg[] = $error;
}
}
//amxadmin edit
if (isset($_POST["save"])) {
if (isset($_POST["noend"])) {
$days = 0;
$exp = "0";
} elseif (isset($_POST["moredays"]) && (int) $_POST["moredays"] != "") {
$days = (int) $_POST["days"] + (int) $_POST["moredays"];
$exp = "(`created`+(" . $days * 86400 . "))";
} else {
$days = (int) $_POST["days"];
$exp = $days <= 0 ? "0" : "(`created`+(" . $days * 86400 . "))";
}
if ($query) {
$msg_comment = "_COMDELETED";
}
}
//validate input fields for following functions
if (isset($_POST["add_comment"]) || isset($_POST["edit_comment"]) || isset($_POST["edit_demo"]) || isset($_POST["add_demo"])) {
$name = sql_safe($_POST["name"]);
if (!validate_value($name, "name", $msg, 1, 31, "USERNAME")) {
$error[] = $msg;
}
$email = sql_safe($_POST["email"]);
if (!validate_value($email, "email", $msg)) {
$error[] = $msg;
}
$comment = sql_safe($_POST["comment"]);
if (!validate_value($comment, "name", $msg, 1, 255, "COMMENT")) {
$error[] = $msg;
}
}
//comment add
if (isset($_POST["add_comment"]) && $bid) {
//save it to db
if (($_SESSION["captcha_code"] != 0 || $_POST["verify"] != $_SESSION["captcha_code"]) && $_SESSION["loggedin"] != true) {
$error[] = "_WRONGCAPTCHA";
}
if (!$error) {
$query = mysql_query("INSERT INTO `" . $config->db_prefix . "_comments` (`name`,`comment`,`email`,`addr`,`date`,`bid`) \n\t\t\t\tVALUES ('" . $name . "','" . $comment . "','" . $email . "','" . $_SERVER["REMOTE_ADDR"] . "',UNIX_TIMESTAMP()," . $bid . ")") or die(mysql_error());
$msg_comment = "_COMADDED";
}
new_captcha();
$smarty->assign("comment_layer", 1);
$user_msg = '_REASONSSETSAVED';
log_to_db("Reasons config", "Edited set: " . sql_safe($setname));
}
}
//del reason
if (isset($_POST["reasondel"])) {
$reason = html_safe($_POST["reason"]);
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_reasons` WHERE `id`=" . $rid . " LIMIT 1") or die(mysql_error());
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_reasons_to_set` WHERE `reasonid`=" . $rid) or die(mysql_error());
$user_msg = '_REASONDELETED';
log_to_db("Reasons config", "Deleted reason: " . sql_safe($reason));
}
//save reason
if (isset($_POST["reasonsave"])) {
$reason = sql_safe($_POST["reason"]);
if (!validate_value($reason, "name", $error, 1, 99, "REASON")) {
$user_msg = $error;
}
if (!$user_msg) {
$time = (int) $_POST["static_bantime"];
$query = mysql_query("UPDATE `" . $config->db_prefix . "_reasons` SET `reason`='" . $reason . "',`static_bantime`=" . $time . " WHERE `id`=" . $rid . " LIMIT 1") or die(mysql_error());
$user_msg = '_REASONSAVED';
log_to_db("Reasons config", "Edited reason: " . sql_safe($reason) . " (" . $time . " min)");
}
}
//reason sets holen
$reasons_set = sql_get_reasons_set();
$smarty->assign("reasons_set", $reasons_set);
//reason holen
$reasons = sql_get_reasons();
$check_values = array("1", "0");
//validate only for length
$search_query = "`player_id` LIKE '%" . sql_safe($steamid) . "%'";
}
#else { $msg="_INVALIDSTEAMID"; }
}
if (isset($_POST["ip"])) {
$ip = trim($_POST["ip"]);
if (validate_value($ip, "name", $msg, 2, 15, "IP")) {
//validate only for length
$search_query = "`player_ip` LIKE '%" . sql_safe($ip) . "%'";
}
#else { $msg="_INVALIDIP"; }
}
if (isset($_POST["reason"])) {
$reason = trim($_POST["reason"]);
if (validate_value($reason, "name", $msg, 2, 15, "REASON")) {
//validate only for length
$search_query = "`ban_reason` LIKE '%" . sql_safe($reason) . "%'";
}
#else { $msg="_INVALIDREASON"; }
}
//if(isset($_POST["reason"]) && $_POST["reason"]<>"") $search_query="`ban_reason` LIKE '%".sql_safe($_POST["reason"])."%'";
if (isset($_POST["date"]) && $_POST["date"] != "") {
$date = substr_replace($_POST['date'], '', 2, 1);
$date = substr_replace($date, '', 4, 1);
$search_query = "FROM_UNIXTIME(ban_created,'%d%m%Y') LIKE '" . sql_safe($date) . "'";
}
if (isset($_POST["admin"]) && $_POST["admin"] != "") {
$search_query = "`admin_id`='" . sql_safe($_POST["admin"]) . "'";
}
if (isset($_POST["server"]) && $_POST["server"] != "") {
if (!$user_msg) {
$query = mysql_query("UPDATE `" . $config->db_prefix . "_webadmins` SET \n\t\t\t\t\t\t`username`='" . $name . "',\n\t\t\t\t\t\t`level`='" . (int) $_POST["level"] . "',\n\t\t\t\t\t\t`email`='" . $email . "',\n\t\t\t\t\t\t`logcode`='' \n\t\t\t\t\t\tWHERE `id`=" . $uid . " LIMIT 1") or die(mysql_error());
$user_msg[] = '_WADMINSAVED';
log_to_db("Webadmin config", "Edited user: "******"name"]) . " (id: " . $uid . ")");
}
}
//Webadmin delete
if (isset($_POST["del"])) {
$query = mysql_query("DELETE FROM `" . $config->db_prefix . "_webadmins` WHERE `id`=" . $uid . " LIMIT 1") or die(mysql_error());
$user_msg[] = '_WADMINDELETED';
log_to_db("Webadmin config", "Deleted user: "******"name"]));
}
//Webadmin add
if (isset($_POST["new"])) {
$pw = $_POST["pw"];
if (!validate_value($pw, "name", $error, 4, 31, "PASSWORD")) {
$user_msg[] = $error;
}
$pw2 = sql_safe($_POST["pw2"]);
$level = (int) $_POST["level"];
$input = array("name" => $name, "level" => $level, "email" => $email);
$smarty->assign("input", $input);
//Are passwords the same?
if ($pw !== $pw2) {
$user_msg[] = "_PASSWORDNOTMATCH";
}
if (checkAdmin($name, $email)) {
$user_msg[] = "_WADMINADDEDFAILED";
}
if (!$user_msg) {
//save webadmin to db