Пример #1
0
        $insert = "INSERT INTO sms_news_categories (catName, catUserLevel, catVisible) VALUES (%s, %d, %s)";
        $query = sprintf($insert, escape_string($_POST['catName']), escape_string($_POST['catUserLevel']), escape_string($_POST['catVisible']));
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_news_categories");
        $action = "create";
    } elseif (isset($_POST['action_delete_x'])) {
        if (isset($_POST['catid']) && is_numeric($_POST['catid'])) {
            $catid = $_POST['catid'];
        } else {
            $catid = NULL;
        }
        $query = "DELETE FROM sms_news_categories WHERE catid = {$catid} LIMIT 1";
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_news_categories");
        $action = "delete";
    }
    ?>

	<div class="body">
		<?php 
    $check = new QueryCheck();
    $check->checkQuery($result, $query);
    if (!empty($check->query)) {
        $check->message("news category", $action);
        $check->display();
    }
    ?>
		
		<span class="fontTitle">Create Site News Category</span><br /><br />
Пример #2
0
            break;
        default:
            $id = 0;
    }
    /* if update has been hit, continue */
    if (isset($_POST['action_update_post_x']) || isset($_POST['action_update_manage_x']) || isset($_POST['action_update_reports_x']) || isset($_POST['action_update_user_x']) || isset($_POST['action_update_other_x'])) {
        /* set the POST array */
        $accessValues = $_POST;
        $type = $_POST['type'];
        /* implode the array */
        $accessString = implode(',', $accessValues);
        /* update the database */
        $query = "UPDATE sms_accesslevels SET {$type} = '{$accessString}' WHERE id = {$id} LIMIT 1";
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_accesslevels");
    }
    ?>

	<div class="body">
	
		<?php 
    if (!isset($sec)) {
        ?>
	
		<span class="fontTitle">Default User Access Levels</span><br /><br />
		From this page you can set up the default group access levels for your system.
		Levels have been set by default, but it is your choice whether to add or remove
		those items. Change group access levels will affect newly created player but will
		not change existing user levels for players. To begin, please select a group from
		the list below to set their default access levels to the system.<br /><br /><br />
Пример #3
0
        /* reset all of the positionMainPage flags */
        $updatePos = "UPDATE sms_positions SET positionMainPage = 'n'";
        $updatePosResult = mysql_query($updatePos);
        /* loop through the array and update the positions specified */
        foreach ($post as $key => $value) {
            if (!is_numeric($value)) {
                $value = NULL;
            }
            $query = "UPDATE sms_positions SET positionMainPage = 'y' WHERE positionid = {$value} LIMIT 1";
            $result = mysql_query($query);
        }
        /* optimize the table */
        optimizeSQLTable("sms_positions");
    }
    /* optimize the table */
    optimizeSQLTable("sms_globals");
    $manifest_defaults_array = explode(',', $manifest_defaults);
    if ($showInfoPositions == "n") {
        $disable = 5;
    } else {
        $disable = NULL;
    }
    ?>
	<script type="text/javascript">
		$(document).ready(function(){
			$('#container-1 > ul').tabs(<?php 
    echo $sec;
    ?>
, { disabled: [<?php 
    echo $disable;
    ?>
Пример #4
0
        if (!isset($id)) {
            $insert = "INSERT INTO sms_personallogs (logAuthor, logTitle, logContent, logPosted, logStatus) VALUES (%d, %s, %s, %d, %s)";
            $query = sprintf($insert, escape_string($sessionCrewid), escape_string($_POST['logTitle']), escape_string($_POST['logContent']), escape_string($today[0]), escape_string('saved'));
        } else {
            $update = "UPDATE sms_personallogs SET logTitle = %s, logContent = %s, logStatus = %s, logPosted = %d WHERE logid = {$id} LIMIT 1";
            $query = sprintf($update, escape_string($_POST['logTitle']), escape_string($_POST['logContent']), escape_string('saved'), escape_string($today[0]));
        }
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_personallogs");
        $action = "save";
    } elseif (isset($_POST['action_delete_x'])) {
        $query = "DELETE FROM sms_personallogs WHERE logid = {$id} LIMIT 1";
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_personallogs");
        $action = "delete";
    }
    ?>
	
	<div class="body">
		<?php 
    $check = new QueryCheck();
    $check->checkQuery($result, $query);
    if (!empty($check->query)) {
        $check->message("personal log", $action);
        $check->display();
    }
    ?>
		
		<span class="fontTitle">Post Personal Log</span><br /><br />
Пример #5
0
        $query = sprintf($insert, escape_string($_POST['rankOrder']), escape_string($_POST['rankName']), escape_string($_POST['rankShortName']), escape_string($_POST['rankImage']), escape_string($_POST['rankDisplay']), escape_string($_POST['rankClass']));
        $result = mysql_query($query);
        /* optimize table */
        optimizeSQLTable("sms_ranks");
        $action = "create";
    } elseif (isset($_POST['action_delete_x'])) {
        if (isset($_POST['rankid']) && is_numeric($_POST['rankid'])) {
            $rankid = $_POST['rankid'];
        } else {
            $rankid = NULL;
        }
        /* do the delete query */
        $query = "DELETE FROM sms_ranks WHERE rankid = {$rankid} LIMIT 1";
        $result = mysql_query($query);
        /* optimize table */
        optimizeSQLTable("sms_ranks");
        $action = "delete";
    }
    ?>
<script type="text/javascript">
	$(document).ready(function() {
		$("a[rel*=facebox]").click(function() {
			var action = $(this).attr("myAction");
			
			jQuery.facebox(function() {
				jQuery.get('admin/ajax/rank_' + action + '.php', function(data) {
					jQuery.facebox(data);
				});
			});
			return false;
		});
Пример #6
0
         $arrayAwards = array();
     }
     /* get the date info from PHP */
     $now = getdate();
     /* make sure there are no semicolons in the reason */
     $reason = str_replace(";", ",", $reason);
     /* build the new award entry */
     $arrayAwards[] = $action_award . "|" . $now[0] . "|" . $reason;
     /* put the string back together */
     $joinedString = implode(";", $arrayAwards);
     /* dump the comma separated field back into the db */
     $update = "UPDATE sms_crew SET awards = %s WHERE crewid = {$action_crew} LIMIT 1";
     $query = sprintf($update, escape_string($joinedString));
     $result = mysql_query($query);
     /* optimize the table */
     optimizeSQLTable("sms_crew");
 }
 if (!isset($crew)) {
     /* active crew */
     $getActive = "SELECT crew.crewid, crew.firstName, crew.lastName, rank.rankName ";
     $getActive .= "FROM sms_crew AS crew, sms_ranks AS rank ";
     $getActive .= "WHERE crew.rankid = rank.rankid AND crew.crewType = 'active' ";
     $getActive .= "ORDER BY crew.rankid ASC";
     $getActiveResult = mysql_query($getActive);
     $activeCount = mysql_num_rows($getActiveResult);
     /* inactive crew */
     $getInactive = "SELECT crew.crewid, crew.firstName, crew.lastName, rank.rankName ";
     $getInactive .= "FROM sms_crew AS crew, sms_ranks AS rank ";
     $getInactive .= "WHERE crew.rankid = rank.rankid AND crew.crewType = 'inactive' ";
     $getInactive .= "ORDER BY crew.rankid ASC";
     $getInactiveResult = mysql_query($getInactive);
Пример #7
0
             $query = sprintf($create, escape_string($_POST['dbTitle']), escape_string($_POST['dbType']), escape_string($_POST['dbDesc']), escape_string($_POST['dbOrder']), escape_string($_POST['dbDisplay']), escape_string($_POST['dbURL']), escape_string($_POST['dbContent']), escape_string($_POST['dbDept']));
             $result = mysql_query($query);
             break;
         case 'update':
             $update = "UPDATE sms_database SET dbTitle = %s, dbOrder = %d, dbDisplay = %s, dbURL = %s, dbDesc = %s, dbContent = %s, ";
             $update .= "dbType = %s, dbDept = %d WHERE dbid = {$action_id} LIMIT 1";
             $query = sprintf($update, escape_string($_POST['dbTitle']), escape_string($_POST['dbOrder']), escape_string($_POST['dbDisplay']), escape_string($_POST['dbURL']), escape_string($_POST['dbDesc']), escape_string($_POST['dbContent']), escape_string($_POST['dbType']), escape_string($_POST['dbDept']));
             $result = mysql_query($query);
             break;
         case 'delete':
             $query = "DELETE FROM sms_database WHERE dbid = {$action_id} LIMIT 1";
             $result = mysql_query($query);
             break;
     }
     /* optimize the table */
     optimizeSQLTable("sms_database");
 }
 /* set up the database array */
 $database = array(0 => array());
 $departments = array();
 /* pull all the applicable departments */
 $depts = "SELECT * FROM sms_departments WHERE deptDatabaseUse = 'y' ORDER BY deptORDER ASC";
 $deptsR = mysql_query($depts);
 /* set up the department sections */
 while ($deptFetch = mysql_fetch_assoc($deptsR)) {
     extract($deptFetch, EXTR_OVERWRITE);
     $database[$deptid] = array();
     $departments[] = $deptid;
 }
 /* pull global entries */
 $entries = "SELECT * FROM sms_database WHERE dbDept = 0 ORDER BY dbOrder ASC";
Пример #8
0
        $query = sprintf($update, escape_string($_POST['newsCat']), escape_string($_POST['newsAuthor']), escape_string($_POST['newsTitle']), escape_string($_POST['newsContent']), escape_string($_POST['newsStatus']), escape_string($_POST['newsPrivate']));
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_news");
        $action = "update";
    } elseif (isset($_POST['action_delete_x'])) {
        $query = "DELETE FROM sms_news WHERE newsid = {$id} LIMIT 1";
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_news");
        $action = "delete";
    } elseif (isset($remove)) {
        $query = "DELETE FROM sms_news WHERE newsid = {$remove} LIMIT 1";
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_news");
        $action = "delete";
    }
    if (isset($id)) {
        ?>

	<div class="body">
		
		<?php 
        $check = new QueryCheck();
        $check->checkQuery($result, $query);
        if (!empty($check->query)) {
            $check->message("news item", $action);
            $check->display();
        }
        ?>
Пример #9
0
        /* do logic to figure out how to change the number of strikes */
        if ($action == "add") {
            $strikesNew = $strikeVar['0'] + 1;
        } elseif ($action == "delete") {
            $strikesNew = $strikeVar['0'] - 1;
        }
        $insert = "INSERT INTO sms_strikes (crewid, strikeDate, reason, number) VALUES (%d, %d, %s, %d)";
        $query = sprintf($insert, escape_string($crew), escape_string($today[0]), escape_string($_POST['reason']), escape_string($strikesNew));
        $result = mysql_query($query);
        /* update the user table to give the player the new number of strikes */
        $update = "UPDATE sms_crew SET strikes = %d WHERE crewid = {$crew} LIMIT 1";
        $query2 = sprintf($update, escape_string($strikesNew));
        $result2 = mysql_query($query2);
        /* optimize table */
        optimizeSQLTable("sms_crew");
        optimizeSQLTable("sms_strikes");
    }
    ?>
	
	<div class="body">
	
		<?php 
    $check = new QueryCheck();
    $check->checkQuery($result, $query);
    if (!empty($check->query)) {
        $check->message("strike", $action);
        $check->display();
    }
    ?>
		
		<span class="fontTitle">Manage Player Strikes</span><br /><br />
Пример #10
0
        $action = "send";
        $subject = "private message";
    } elseif (isset($action)) {
        $postArray = $_POST;
        foreach ($postArray as $key => $value) {
            if ($box == "inbox") {
                $boxReplace = "pmRecipientDisplay";
            } elseif ($box == "outbox") {
                $boxReplace = "pmAuthorDisplay";
            }
            $query = "UPDATE sms_privatemessages SET {$boxReplace} = 'n' ";
            $query .= "WHERE pmid = '{$value}' LIMIT 1";
            $result = mysql_query($query);
        }
        /* optimize the table */
        optimizeSQLTable("sms_privatemessages");
        $action = "remove";
        $subject = "private messages";
    }
    $getMessages = "SELECT * FROM sms_privatemessages WHERE pmRecipient = '{$sessionCrewid}' ";
    $getMessages .= "AND pmRecipientDisplay = 'y' ORDER BY pmDate DESC";
    $getMessagesResult = mysql_query($getMessages);
    $getMsgCount = "SELECT count(pmid) FROM sms_privatemessages WHERE pmRecipient = '{$sessionCrewid}' ";
    $getMsgCount .= "AND pmRecipientDisplay = 'y' AND pmStatus = 'unread'";
    $getMsgCountResult = mysql_query($getMsgCount);
    $msgCount = mysql_fetch_array($getMsgCountResult);
    $msgOut = "SELECT * FROM sms_privatemessages WHERE pmAuthor = '{$sessionCrewid}' ";
    $msgOut .= "AND pmAuthorDisplay = 'y' ORDER BY pmDate DESC";
    $msgOutResult = mysql_query($msgOut);
    ?>
Пример #11
0
    /* set the page class and vars */
    $pageClass = "admin";
    $subMenuClass = "manage";
    $query = FALSE;
    $result = FALSE;
    if (isset($_POST['action_update_x'])) {
        $update = "UPDATE sms_specs SET shipClass = %s, shipRole = %s, duration = %d, durationUnit = %s, refit = %d, refitUnit = %s, ";
        $update .= "resupply = %d, resupplyUnit = %s, length = %d, width = %d, height = %d, decks = %d, complimentEmergency = %s, ";
        $update .= "complimentOfficers = %s, complimentEnlisted = %s, complimentMarines = %s, complimentCivilians = %s, warpCruise = %s, ";
        $update .= "warpMaxCruise = %s, warpEmergency = %s, warpMaxTime = %s, warpEmergencyTime = %s, phasers = %s, torpedoLaunchers = %s, ";
        $update .= "torpedoCompliment = %s, defensive = %s, shields = %s, shuttlebays = %s, hasShuttles = %s, hasRunabouts = %s, ";
        $update .= "hasFighters = %s, shuttles = %s, runabouts = %s, fighters = %s, hasTransports = %s, transports = %s WHERE specid = 1 LIMIT 1";
        $query = sprintf($update, escape_string($_POST['shipClass']), escape_string($_POST['shipRole']), escape_string($_POST['duration']), escape_string($_POST['durationUnit']), escape_string($_POST['refit']), escape_string($_POST['refitUnit']), escape_string($_POST['resupply']), escape_string($_POST['resupplyUnit']), escape_string($_POST['length']), escape_string($_POST['width']), escape_string($_POST['height']), escape_string($_POST['decks']), escape_string($_POST['complimentEmergency']), escape_string($_POST['complimentOfficers']), escape_string($_POST['complimentEnlisted']), escape_string($_POST['complimentMarines']), escape_string($_POST['complimentCivilians']), escape_string($_POST['warpCruise']), escape_string($_POST['warpMaxCruise']), escape_string($_POST['warpEmergency']), escape_string($_POST['warpMaxTime']), escape_string($_POST['warpEmergencyTime']), escape_string($_POST['phasers']), escape_string($_POST['torpedoLaunchers']), escape_string($_POST['torpedoCompliment']), escape_string($_POST['defensive']), escape_string($_POST['shields']), escape_string($_POST['shuttlebays']), escape_string($_POST['hasShuttles']), escape_string($_POST['hasRunabouts']), escape_string($_POST['hasFighters']), escape_string($_POST['shuttles']), escape_string($_POST['runabouts']), escape_string($_POST['fighters']), escape_string($_POST['hasTransports']), escape_string($_POST['transports']));
        $result = mysql_query($query);
        /* optimize table */
        optimizeSQLTable("sms_specs");
    }
    $getSpecs = "SELECT * FROM sms_specs WHERE specid = 1";
    $getSpecsResult = mysql_query($getSpecs);
    while ($specFetch = mysql_fetch_array($getSpecsResult)) {
        extract($specFetch, EXTR_OVERWRITE);
    }
    ?>

	<div class="body">
		<?php 
    $check = new QueryCheck();
    $check->checkQuery($result, $query);
    if (!empty($check->query)) {
        $check->message("specifications", "update");
        $check->display();
Пример #12
0
        $insert = "INSERT INTO sms_awards ( awardName, awardImage, awardDesc, awardOrder, awardCat ) ";
        $insert .= "VALUES ( %s, %s, %s, %d, %s )";
        /* run the query through sprintf and the safety function to scrub for security issues */
        $query = sprintf($insert, escape_string($_POST['awardName']), escape_string($_POST['awardImage']), escape_string($_POST['awardDesc']), escape_string($_POST['awardOrder']), escape_string($_POST['awardCat']));
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_awards");
        $action = "create";
    } elseif (isset($_POST['action_delete_x'])) {
        if (isset($_POST['awardid']) && is_numeric($_POST['awardid'])) {
            $awardid = $_POST['awardid'];
        }
        $query = "DELETE FROM sms_awards WHERE awardid = {$awardid} LIMIT 1";
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_awards");
        $action = "delete";
    }
    ?>
<script type="text/javascript">
	$(document).ready(function() {
		$("a[rel*=facebox]").click(function() {
			var action = $(this).attr("myAction");
			
			jQuery.facebox(function() {
				jQuery.get('admin/ajax/award_' + action + '.php', function(data) {
					jQuery.facebox(data);
				});
			});
			return false;
		});
Пример #13
0
 $pageClass = "admin";
 $subMenuClass = "user";
 $result = false;
 $query = false;
 if (isset($_GET['t']) && is_numeric($_GET['t'])) {
     $tab = $_GET['t'];
 } else {
     $tab = 1;
 }
 if (isset($_POST['action_x'])) {
     $insert = "INSERT INTO sms_awards_queue ( crew, nominated, award, reason ) VALUES ( %d, %d, %d, %s )";
     /* run the query through sprintf and the safety function to scrub for security issues */
     $query = sprintf($insert, escape_string($_POST['nominator']), escape_string($_POST['crew']), escape_string($_POST['award']), escape_string($_POST['reason']));
     /* run the query */
     $result = mysql_query($query);
     optimizeSQLTable("sms_awards_queue");
     /* set the email author */
     $userFetch = "SELECT crew.crewid, crew.firstName, crew.lastName, crew.email, rank.rankShortName ";
     $userFetch .= "FROM sms_crew AS crew, sms_ranks AS rank ";
     $userFetch .= "WHERE crew.crewid = '{$sessionCrewid}' AND crew.rankid = rank.rankid LIMIT 1";
     $userFetchResult = mysql_query($userFetch);
     while ($userFetchArray = mysql_fetch_array($userFetchResult)) {
         extract($userFetchArray, EXTR_OVERWRITE);
     }
     $firstName = str_replace("'", "", $firstName);
     $lastName = str_replace("'", "", $lastName);
     $from = $rankShortName . " " . $firstName . " " . $lastName . " < " . $email . " >";
     /* set the TO email addresses */
     $emFetch = "SELECT crewid, email FROM sms_crew WHERE (accessManage LIKE 'm_giveaward,%' OR accessManage LIKE '%,m_giveaward' ";
     $emFetch .= "OR accessManage LIKE '%,m_giveaward,%')";
     $emFetchR = mysql_query($emFetch);
Пример #14
0
        /* optimize the table */
        optimizeSQLTable("sms_departments");
        $object = "departmental database access";
        $action = "update";
    } elseif (isset($_POST['action_delete_x'])) {
        if (isset($_POST['deptid']) && is_numeric($_POST['deptid'])) {
            $deptid = $_POST['deptid'];
        } else {
            $deptid = FALSE;
            exit;
        }
        /* do the delete query */
        $query = "DELETE FROM sms_departments WHERE deptid = {$deptid} LIMIT 1";
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_departments");
        $object = "department";
        $action = "delete";
    }
    ?>
<script type="text/javascript">
	$(document).ready(function() {
		$("a[rel*=facebox]").click(function() {
			var action = $(this).attr("myAction");
			
			jQuery.facebox(function() {
				jQuery.get('admin/ajax/department_' + action + '.php', function(data) {
					jQuery.facebox(data);
				});
			});
			return false;
Пример #15
0
/* access check */
if (in_array("m_messages", $sessionAccess)) {
    /* set the page class and vars */
    $pageClass = "admin";
    $subMenuClass = "manage";
    $query = FALSE;
    $result = FALSE;
    /* if the POST action is update */
    if (isset($_POST['action_update_x'])) {
        $update = "UPDATE sms_messages SET welcomeMessage = %s, shipMessage = %s, simmMessage = %s, shipHistory = %s, ";
        $update .= "cpMessage = %s, joinDisclaimer = %s, samplePostQuestion = %s, rules = %s, acceptMessage = %s, ";
        $update .= "rejectMessage = %s, siteCredits = %s WHERE messageid = 1 LIMIT 1";
        $query = sprintf($update, escape_string($_POST['welcomeMessage']), escape_string($_POST['shipMessage']), escape_string($_POST['simmMessage']), escape_string($_POST['shipHistory']), escape_string($_POST['cpMessage']), escape_string($_POST['joinDisclaimer']), escape_string($_POST['samplePostQuestion']), escape_string($_POST['rules']), escape_string($_POST['acceptMessage']), escape_string($_POST['rejectMessage']), escape_string($_POST['siteCredits']));
        $result = mysql_query($query);
        /* optimize the table */
        optimizeSQLTable("sms_messages");
        /* this makes sure that once they hit update, the update is immediately seen */
        foreach ($_POST as $k => $v) {
            ${$k} = stripslashes($v);
        }
    }
    /* strip the slashes from the vars */
    $welcomeMessage = stripslashes($welcomeMessage);
    $shipMessage = stripslashes($shipMessage);
    $simmMessage = stripslashes($simmMessage);
    $shipHistory = stripslashes($shipHistory);
    $cpMessage = stripslashes($cpMessage);
    $joinDisclaimer = stripslashes($joinDisclaimer);
    $samplePostQuestion = stripslashes($samplePostQuestion);
    $rules = stripslashes($rules);
    $acceptMessage = stripslashes($acceptMessage);
Пример #16
0
            $end = prep_date($_POST['missionEnd']);
            $query = sprintf($update, escape_string($_POST['missionOrder']), escape_string($_POST['missionTitle']), escape_string($_POST['missionDesc']), escape_string($_POST['missionStatus']), escape_string($start), escape_string($end), escape_string($_POST['missionImage']));
            $result = mysql_query($query);
            /* optimize the table */
            optimizeSQLTable("sms_missions");
            $action = "update";
        }
    }
    if (isset($_POST['action_delete_x'])) {
        /* make sure the mission id is a number */
        if (is_numeric($_POST['missionid'])) {
            /* do the query */
            $query = "DELETE FROM sms_missions WHERE missionid = {$_POST['missionid']} LIMIT 1";
            $result = mysql_query($query);
            /* optimize the table */
            optimizeSQLTable("sms_missions");
            $action = "delete";
        }
    }
    $mission_array = array('current' => array(), 'completed' => array(), 'upcoming' => array());
    $missions = "SELECT * FROM sms_missions ORDER BY missionOrder DESC";
    $missionsResult = mysql_query($missions);
    while ($notes = mysql_fetch_array($missionsResult)) {
        extract($notes, EXTR_OVERWRITE);
        $mission_array[$missionStatus][] = array('id' => $missionid, 'title' => $missionTitle, 'order' => $missionOrder, 'start' => $missionStart, 'end' => $missionEnd, 'desc' => $missionDesc, 'image' => $missionImage, 'status' => $missionStatus);
    }
    ?>
<script type="text/javascript">
	$(document).ready(function() {
		$('#container-1 > ul').tabs(<?php 
    echo $sec;
Пример #17
0
            case 'edit':
                $update = "UPDATE sms_tour SET tourName = %s, tourLocation = %s, tourDisplay = %s, tourOrder = %d, ";
                $update .= "tourDesc = %s, tourPicture1 = %s, tourPicture2 = %s, tourPicture3 = %s, tourSummary = %s ";
                $update .= "WHERE tourid = {$action_id} LIMIT 1";
                $query = sprintf($update, escape_string($_POST['tourName']), escape_string($_POST['tourLocation']), escape_string($_POST['tourDisplay']), escape_string($_POST['tourOrder']), escape_string($_POST['tourDesc']), escape_string($_POST['tourPicture1']), escape_string($_POST['tourPicture2']), escape_string($_POST['tourPicture3']), escape_string($_POST['tourSummary']));
                $result = mysql_query($query);
                $action = "update";
                break;
            case 'delete':
                $query = "DELETE FROM sms_tour WHERE tourid = {$action_id} LIMIT 1";
                $result = mysql_query($query);
                $action = "delete";
                break;
        }
        /* optimize the table */
        optimizeSQLTable("sms_tour");
    }
    ?>
	
	<script type="text/javascript">
		$(document).ready(function() {
			$('.zebra tr:nth-child(odd)').addClass('alt');
			
			$("a[rel*=facebox]").click(function() {
				var id = $(this).attr("myID");
				var action = $(this).attr("myAction");

				jQuery.facebox(function() {
					jQuery.get('admin/ajax/tour_' + action + '.php?id=' + id, function(data) {
						jQuery.facebox(data);
					});
Пример #18
0
             $getGroupLevelsResult = mysql_query($getGroupLevels);
             $groups = mysql_fetch_array($getGroupLevelsResult);
             $update = "UPDATE sms_crew SET accessPost = %s, accessManage = %s, accessReports = %s, accessUser = %s, accessOthers = %s ";
             $update .= "WHERE crewid = {$crew} LIMIT 1";
             $query = sprintf($update, escape_string($groups[1]), escape_string($groups[2]), escape_string($groups[3]), escape_string($groups[4]), escape_string($groups[5]));
             $crewUpdateResult = mysql_query($query);
             /* optimize the tables */
             optimizeSQLTable("sms_crew");
             optimizeSQLTable("sms_positions");
         }
         if ($oldPosition2 != $position2 && in_array("u_bio3", $sessionAccess)) {
             /* update the position they're being given */
             update_position($position2, 'give');
             update_position($oldPosition2, 'take');
             /* optimize the table */
             optimizeSQLTable("sms_positions");
         }
     }
     /* close the crewType check */
 }
 /* close the check for the POST action */
 $getCrew = "SELECT * FROM sms_crew WHERE crewid = '{$crew}' LIMIT 1";
 $getCrewResult = mysql_query($getCrew);
 while ($fetchCrew = mysql_fetch_array($getCrewResult)) {
     extract($fetchCrew, EXTR_OVERWRITE);
     $getRank = "SELECT rankName, rankImage FROM sms_ranks WHERE rankid = '{$fetchCrew['rankid']}'";
     $getRankResult = mysql_query($getRank);
     $fetchRank = mysql_fetch_assoc($getRankResult);
     if (in_array("u_bio3", $sessionAccess)) {
         $ranks = "SELECT rank.rankid, rank.rankName, rank.rankImage, dept.deptColor FROM sms_ranks AS rank, ";
         $ranks .= "sms_departments AS dept WHERE dept.deptClass = rank.rankClass AND dept.deptDisplay = 'y' ";
Пример #19
0
             $action = "update";
             if (isset($_POST['action_tab']) && is_numeric($_POST['action_tab'])) {
                 $tab = $_POST['action_tab'];
             }
             if (isset($_POST['action_tab_sub']) && is_numeric($_POST['action_tab_sub'])) {
                 $sub_tab = $_POST['action_tab_sub'];
             }
             if (isset($_POST['action_tab_sub_a']) && is_numeric($_POST['action_tab_sub_a'])) {
                 $sub_tab_a = $_POST['action_tab_sub_a'];
             }
             break;
         case 'delete':
             $query = "DELETE FROM sms_menu_items WHERE menuid = {$action_id}";
             $result = mysql_query($query);
             /* optimize the table */
             optimizeSQLTable("sms_menu_items");
             /* set the action */
             $action = $action_type;
             if (isset($_POST['action_tab']) && is_numeric($_POST['action_tab'])) {
                 $tab = $_POST['action_tab'];
             }
             if (isset($_POST['action_tab_sub']) && is_numeric($_POST['action_tab_sub'])) {
                 $sub_tab = $_POST['action_tab_sub'];
             }
             if (isset($_POST['action_tab_sub_a']) && is_numeric($_POST['action_tab_sub_a'])) {
                 $sub_tab_a = $_POST['action_tab_sub_a'];
             }
             break;
     }
 }
 $menus = array('main' => array(), 'general' => array('main' => array(), 'personnel' => array(), 'ship' => array(), 'simm' => array()), 'admin' => array('post' => array(), 'manage' => array(), 'reports' => array(), 'user' => array()));
Пример #20
0
                $action = "update";
                if (isset($_POST['action_tab']) && is_numeric($_POST['action_tab'])) {
                    $tab = $_POST['action_tab'];
                }
                break;
            case 'delete':
                $query = "DELETE FROM sms_starbase_docking WHERE dockid = {$action_id} LIMIT 1";
                $result = mysql_query($query);
                $action = "delete";
                if (isset($_POST['action_tab']) && is_numeric($_POST['action_tab'])) {
                    $tab = $_POST['action_tab'];
                }
                break;
        }
        /* optimize the table */
        optimizeSQLTable("sms_starbase_docking");
    }
    $ships = array('activated' => array(), 'departed' => array());
    $getShips = "SELECT * FROM sms_starbase_docking WHERE dockingStatus != 'pending'";
    $getShipsR = mysql_query($getShips);
    while ($shipFetch = mysql_fetch_assoc($getShipsR)) {
        extract($shipFetch, EXTR_OVERWRITE);
        $ships[$dockingStatus][] = array('id' => $dockid, 'name' => $dockingShipName, 'registry' => $dockingShipRegistry, 'class' => $dockingShipClass, 'co' => $dockingShipCO, 'co_email' => $dockingShipCOEmail);
    }
    ?>
	<script type="text/javascript">
		$(document).ready(function() {
			$('#container-1 > ul').tabs(<?php 
    echo $tab;
    ?>
);
Пример #21
0
        $action = "update";
    }
    if (isset($action) && $action == "create") {
        $sql = "INSERT INTO sms_coc (cocid, crewid) VALUES ('', '0')";
        $result = mysql_query($sql);
        /* optimize the table */
        optimizeSQLTable("sms_coc");
    }
    if (isset($action) && $action == "delete") {
        $getLastId = "SELECT cocid FROM sms_coc ORDER BY cocid DESC LIMIT 1";
        $getLastIdResult = mysql_query($getLastId);
        $lastID = mysql_fetch_assoc($getLastIdResult);
        $sql = "DELETE FROM sms_coc WHERE cocid = {$lastID['cocid']} LIMIT 1";
        $result = mysql_query($sql);
        /* optimize the table */
        optimizeSQLTable("sms_coc");
    }
    ?>

	<div class="body">
		<?php 
    $check = new QueryCheck();
    $check->checkQuery($result, $sql);
    if (!empty($check->query)) {
        $check->message("chain of command", $action);
        $check->display();
    }
    ?>
		
		<span class="fontTitle">Manage the Chain of Command</span><br /><br />
Пример #22
0
 $insert .= "postStatus, postTag) VALUES (%s, %s, %s, %s, %s, UNIX_TIMESTAMP(), %d, %s, %s)";
 $query = sprintf($insert, escape_string($postAuthors), escape_string($_POST['postTitle']), escape_string($_POST['postLocation']), escape_string($_POST['postTimeline']), escape_string($_POST['postContent']), escape_string($_POST['postMission']), escape_string('activated'), escape_string($_POST['postTag']));
 $result = mysql_query($query);
 for ($i = 1; $i <= $number; $i++) {
     /* set the author var */
     $author = $_POST['author' . $i];
     if (!is_numeric($author)) {
         $author = NULL;
     }
     /* update the player's last post timestamp */
     $updateTimestamp = "UPDATE sms_crew SET lastPost = UNIX_TIMESTAMP() WHERE crewid = {$author} LIMIT 1";
     $updateTimestampResult = mysql_query($updateTimestamp);
 }
 /* optimize the crew table */
 optimizeSQLTable("sms_crew");
 optimizeSQLTable("sms_posts");
 /* if the user wants to send the email out, do it */
 if (isset($_POST['sendEmail'])) {
     foreach ($_POST as $key => $value) {
         ${$key} = $value;
     }
     if (is_numeric($_POST['author1'])) {
         $emailAuthor = $_POST['author1'];
     }
     /* set the email author */
     $userFetch = "SELECT crew.crewid, crew.firstName, crew.lastName, crew.email, rank.rankShortName ";
     $userFetch .= "FROM sms_crew AS crew, sms_ranks AS rank ";
     $userFetch .= "WHERE crew.crewid = {$emailAuthor} AND crew.rankid = rank.rankid LIMIT 1";
     $userFetchResult = mysql_query($userFetch);
     while ($userFetchArray = mysql_fetch_array($userFetchResult)) {
         extract($userFetchArray, EXTR_OVERWRITE);
Пример #23
0
        }
    } else {
        if (isset($_POST['action_update_x'])) {
            for ($j = 1; $j <= $deckCount[0]; $j++) {
                $update = "UPDATE sms_tour_decks SET deckContent = %s WHERE deckid = {$j} LIMIT 1";
                $query = sprintf($update, escape_string($_POST[$j . '_content']));
                $result = mysql_query($query);
            }
            /* optimize the SQL table */
            optimizeSQLTable("sms_tour_decks");
            $action = "update";
        } elseif (isset($_POST['action_reset_x'])) {
            $query = "TRUNCATE TABLE sms_tour_decks";
            $result = mysql_query($query);
            /* optimize the SQL table */
            optimizeSQLTable("sms_tour_decks");
            $action = "reset";
        }
        ?>
	
	<div class="body">
		<?php 
        $check = new QueryCheck();
        $check->checkQuery($result, $query);
        if (!empty($check->query)) {
            $check->message("deck listing", $action);
            $check->display();
        }
        ?>
		
		<span class="fontTitle">Manage Deck Listing</span><br /><br />