Quote:
Originally Posted by Bigjoos
Edit staffpanel.php and add the new class to the allowed classes array.
I advise you to keep your big mouth shut Developer...
|
PHP Code:
<?php
/**
* https://09source.kicks-ass.net:8443/svn/installer09/
* Licence Info: GPL
* Copyright (C) 2010 Installer09 v.2
* A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
* Project Leaders: Mindless,putyn,kidvision.
**/
/****************************************************************\
* Staff panel for the TBDEV source code *
* -------------------------------------------------------------- *
* An easy to config staff panel for different staff classes, *
* with different options for each class, like add, edit, delete *
* the pages and to log the actions. *
* -------------------------------------------------------------- *
* *
* @Conversion: Bigjoos for TBDEV.NET 09 *
* @copyright: Alex2005 *
* @package: Staff Panel *
* @category: Staff Tools *
* @version: v2 30/06/2010 *
* @license: GNU General Public License *
\****************************************************************/
require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'include'.DIRECTORY_SEPARATOR.'bittorrent.php');
require_once(INCL_DIR.'user_functions.php');
require_once(INCL_DIR.'html_functions.php');
dbconn(false);
loggedinorreturn();
//==Class checker by pdq
require_once(CLASS_DIR.'class_check.php');
class_check(UC_STAFF);
$lang = array_merge( load_language('global') );
$HTMLOUT ='';
$staff_classes = array(
UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_SYSOP => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false)
UC_SL => array('add' => true, 'edit' => true, 'delete' => true,
UC_TECH => array('add' => true, 'edit' => true, 'delete' => true,
UC_CODER => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false)
);
if (!isset($staff_classes[$CURUSER['class']]) || !$CURUSER)
stderr('Error', 'Access Denied!');
/**
* Staff classes config
*
* UC_XYZ : integer -> the name of the defined class
*
* Options for a selected class
** add : boolean -> enable/disable page adding
** edit : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log : boolean -> enable/disable the loging of the actions
*
* @ result $staff_classes array();
* @ new $staff_tools array add in following format : 'delacct' => 'delacct',
*
*/
define('IN_INSTALLER09_ADMIN', true);
$action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
$class_color = (function_exists('get_user_class_color') ? true : false);
$tool = (isset($_GET['tool']) ? $_GET['tool'] : (isset($_POST['tool']) ? $_POST['tool'] : NULL));
$tool = isset($_GET['tool']) ? $_GET['tool'] : '';
$staff_tools = array('bans' => 'bans',
'adduser' => 'adduser',
'stats' => 'stats',
'delacct' => 'delacct',
'testip' => 'testip',
'usersearch' => 'usersearch',
'mysql_overview' => 'mysql_overview',
'mysql_stats' => 'mysql_stats',
'shistory' => 'shistory',
'categories' => 'categories',
'docleanup' => 'docleanup',
'log' => 'log',
'news' => 'news',
'freeleech' => 'freeleech',
'freeusers' => 'freeusers',
'donations' => 'donations',
'slotmanage' => 'slotmanage',
'failedlogins' => 'failedlogins',
'cheaters' => 'cheaters',
'inviteadd' => 'inviteadd',
'flush' => 'flush',
'themes' => 'themes',
'editlog' => 'editlog',
'reset' => 'reset',
'iphistory' => 'iphistory',
'ipsearch' => 'ipsearch',
'ipcheck' => 'ipcheck',
'inactive' => 'inactive',
'snatched_torrents' => 'snatched_torrents',
'events' => 'events',
'bonusmanage' => 'bonusmanage',
'floodlimit' => 'floodlimit',
'stats_extra' => 'stats_extra',
'polls_manager' => 'polls_manager',
'findnotconnectable' => 'findnotconnectable',
'namechanger' => 'namechanger',
'backup' => 'backup',
'pmview' => 'pmview',
'reports' => 'reports',
'nameblacklist' => 'nameblacklist',
'system_view' => 'system_view',
'datareset' => 'datareset',
'grouppm' => 'grouppm',
'load' => 'load',
'allagents' => 'allagents',
'massbonus' => 'massbonus',
'sysoplog' => 'sysoplog',
'query_editor' => 'query_editor',
'forum_manage' => 'forum_manage',
'forum_config' => 'forum_config',
'over_forums' => 'over_forums',
'member_post_history' => 'member_post_history',
'groupmessage' => 'groupmessage',
'comment_overview' => 'comment_overview',
'mega_search' => 'mega_search',
'shit_list' => 'shit_list',
'acpmanage' => 'acpmanage',
'rules' => 'rules',
'cheat' => 'cheat',
'warn' => 'warn',
'leechwarn' => 'leechwarn',
'hnrwarn' => 'hnrwarn',
'bookings' => 'bookings',
'cleanup_manager' => 'cleanup_manager',
'view_peers' => 'view_peers',
'uploader_info' => 'uploader_info',
'block.settings' => 'block.settings'
);
if (in_array($tool, $staff_tools) and file_exists(ADMIN_DIR.$staff_tools[$tool].'.php')) {
require_once ADMIN_DIR.$staff_tools[$tool].'.php';
}
else
{
if ($action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
{
$sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');
$res = sql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' : '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if ($CURUSER['class'] < $arr['av_class'])
stderr('Error', 'You are not allowed to delete this page.');
if (!$sure)
stderr('Sanity check', 'Are you sure you want to delete this page: "'.htmlspecialchars($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&id='.$id.'&sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');
sql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
if (mysql_affected_rows())
{
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$arr['page_name'].'"('.($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).($class_color ? '</font>' : '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
else
stderr('Error', 'There was a database error, please retry.');
}
else if (($action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
{
$names = array('page_name', 'file_name', 'description', 'av_class');
if ($action == 'edit')
{
$res = sql_query('SELECT '.implode(', ', $names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
}
foreach ($names as $name)
$$name = htmlspecialchars((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' ? $arr[$name] : '')));
if ($action == 'edit' && $CURUSER['class'] < $av_class)
stderr('Error', 'You are not allowed to edit this page.');
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$errors = array();
if (empty($page_name))
$errors[] = 'The page name cannot be empty.';
if (empty($file_name))
$errors[] = 'The filename cannot be empty.';
if (empty($description))
$errors[] = 'The description cannot be empty.';
if (!isset($staff_classes[$av_class]))
$errors[] = 'The selected class is not a valid staff class.';
if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/', $file_name))
$errors[] = 'Inexistent php file.';
if (strlen($page_name) < 4 && !empty($page_name))
$errors[] = 'The page name is too short (min 4 chars).';
if (strlen($page_name) > 80)
$errors[] = 'The page name is too long (max 30 chars).';
if (strlen($file_name) > 80)
$errors[] = 'The filename is too long (max 30 chars).';
if (strlen($description) > 100)
$errors[] = 'The description is too long (max 100 chars).';
if (empty($errors))
{
if ($action == 'add')
{
$res = sql_query("INSERT INTO staffpanel (page_name, file_name, description, av_class, added_by, added) ".
"VALUES (".implode(", ", array_map("sqlesc", array($page_name, $file_name, $description, (int)$av_class, (int)$CURUSER['id'], time()))).")");
if (!$res)
{
if (mysql_errno() == 1062)
$errors[] = "This filename is already submited.";
else
$errors[] = "There was a database error, please retry.";
}
}
else
{
$res = sql_query("UPDATE staffpanel SET page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
if (!$res)
$errors[] = "There was a database error, please retry.";
}
if (empty($errors))
{
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$page_name.'"('.($class_color ? '<font color="#'.get_user_class_color($av_class).'">' : '').get_user_class_name($av_class).($class_color ? '</font>' : '').') in the staff panel was '.($action == 'add' ? 'added' : 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
}
}
$HTMLOUT .= begin_main_frame();
if (!empty($errors))
{
$HTMLOUT .= stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.', '<b>'.implode('<br />', $errors).'</b>');
$HTMLOUT .="<br />";
}
$HTMLOUT .="<form method='post' action='{$_SERVER['PHP_SELF']}'>
<input type='hidden' name='action' value='{$action}' />";
if ($action == 'edit')
{
$HTMLOUT .="<input type='hidden' name='id' value='{$id}' />";
}
$HTMLOUT .="<table cellpadding='5' width='100%' align='center'>
<tr class='colhead'>
<td colspan='2'>
".($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'."</td>
</tr>
<tr>
<td class='rowhead' width='1%'>Page name</td><td align='left'><input type='text' size='50' name='page_name' value='{$page_name}' /></td>
</tr>
<tr>
<td class='rowhead'>Filename</td><td align='left'><input type='text' size='50' name='file_name' value='{$file_name}' /><b></b></td>
</tr>
<tr>
<td class='rowhead'>Description</td><td align='left'><input type='text' size='50' name='description' value='{$description}' /></td>
</tr>
<tr>
<td class='rowhead'><span style='white-space: nowrap;'>Available for</span></td>
<td align='left'>
<select name='av_class'>";
foreach ($staff_classes as $class => $value)
{
if ($CURUSER['class'] < $class)
continue;
$HTMLOUT .= '<option'.($class_color? ' style="background-color:#'.get_user_class_color($class).';"' : '').' value="'.$class.'"'.($class == $av_class ? ' selected="selected"' : '').'>'.get_user_class_name($class).'</option>';
}
$HTMLOUT .="</select>
</td>
</tr>
</table>
<table class='main'>
<tr>
<td align='center'></td>
<td style='border:none;' align='center'><input type='submit' value='Submit' /></td>
<td style='border:none;'>
<form method='post' action='{$_SERVER['PHP_SELF']}'><input type='submit' value='Cancel' /></form>
</td>
</tr>
</table></form>";
$HTMLOUT .= end_main_frame();
print stdhead('Staff Panel :: '.($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page') . $HTMLOUT . stdfoot();
}
else
{
$HTMLOUT .= begin_main_frame();
$HTMLOUT .="<h1 align='center'>Welcome {$CURUSER['username']} to the Staff Panel!</h1><br />";
if ($staff_classes[$CURUSER['class']]['add'])
{
$HTMLOUT .= stdmsg('Options', '<a href="staffpanel.php?action=add" title="Add a new page">Add a new page</a>');
$HTMLOUT .="<br />";
}
$res = sql_query('SELECT staffpanel.*, users.username '.
'FROM staffpanel '.
'LEFT JOIN users ON users.id = staffpanel.added_by '.
'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) > 0)
{
$db_classes = $unique_classes = $mysql_data = array();
while ($arr = mysql_fetch_assoc($res))
$mysql_data[] = $arr;
foreach ($mysql_data as $key => $value)
$db_classes[$value['av_class']][] = $value['av_class'];
$i=1;
foreach ($mysql_data as $key => $arr)
{
$end_table = (count($db_classes[$arr['av_class']]) == $i ? true : false);
if (!in_array($arr['av_class'], $unique_classes))
{
$unique_classes[] = $arr['av_class'];
$HTMLOUT .="<table cellpadding='5' width='100%' align='center'". (!isset($staff_classes[$arr['av_class']]) ? 'style="background-color:#000000;"' : '').">
<tr>
<td colspan='4' align='center'>
<h2>".($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).' Panel'.($class_color ? '</font>' : '')."</h2>
</td>
</tr>
<tr align='center'>
<td class='colhead' align='left' width='100%'>Page name</td>
<td class='colhead'><span style='white-space: nowrap;'>Added by</span></td>
<td class='colhead'><span style='white-space: nowrap;'>Date added</span></td>";
if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
{
$HTMLOUT .="<td class='colhead'>Links</td>";
}
$HTMLOUT .="</tr>";
}
$HTMLOUT .="<tr align='center'>
<td align='left'>
<a href='".htmlspecialchars($arr['file_name'])."' title='".htmlspecialchars($arr['page_name'])."'>
".htmlspecialchars($arr['page_name'])."</a><br /><font class='small'>".htmlspecialchars($arr['description'])."</font>
</td>
<td>
<a href='userdetails.php?id=".(int)$arr['added_by']."'>{$arr['username']}</a>
</td>
<td>
<span style='white-space: nowrap;'>".get_date($arr['added'], 'LONG',0,1)."<br /></span>
</td>";
if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
{
$HTMLOUT .="<td>
<span style='white-space: nowrap;'>";
if ($staff_classes[$CURUSER['class']]['edit'])
{
$HTMLOUT .="<b>[</b><a href='staffpanel.php?action=edit&id=".(int)$arr['id']."' title='Edit'>E</a><b>]</b>";
}
if ($staff_classes[$CURUSER['class']]['delete'])
{
$HTMLOUT .="<b>[</b><a href='staffpanel.php?action=delete&id=".(int)$arr['id']."' title='Delete'>D</a><b>]</b>";
}
$HTMLOUT .="</span>
</td>";
}
$HTMLOUT .="</tr>";
$i++;
if ($end_table)
{
$i=1;
$HTMLOUT .="</table><br />";
}
}
}
else
$HTMLOUT .= stdmsg('Sorry', 'Nothing found.');
$HTMLOUT .= end_main_frame();
print stdhead("Staff Panel") . $HTMLOUT . stdfoot();
}
}
?>
Parse error: syntax error, unexpected T_STRING, expecting ')' in C:\xampp\htdocs\staffpanel.php on line 41
line 41 UC_SL => array('add' => true, 'edit' => true, 'delete' => true,
|