Description
This is a staff panel for the staff members to keep track of the pages that they have access to...
Key features- configurable, allow users from different classes to add, edit or even delete easily
- easy to add/remove classes
- easy to add/edit/delete pages
- a nice add/edit form with very thorough checking of the inputed data
- secured and optimized
FAQ
1. How to configure and add/remove classes?
Very easy, you will see the default $staff_classes array i made, near the top...
PHP Code:
$staff_classes = array(
UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_SYSOP => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false)
);
To add a class, simply add a new line to the array, let's say i want to add a new class, UC_OWNER, that cand add, edit but not delete pages, and it's actions will be logged, and let's put it in order, it would become
PHP Code:
$staff_classes = array(
UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_SYSOP => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false),
UC_OWNER => array('add' => true, 'edit' => true, 'delete' => false, 'log' => true)
);
To remove a class, simply remove the line of code, or better yet, comment it(
// commeted line)
You will notice the
add,
edit,
delete and
log in the arrays, those are the permissions the users in those classes have(exept for the log, if set to true, it will log the actions of the users in a class), simply change to
true or
false, to whatever you want the users in those classes to have access to, and that's all, php does the rest.
I've also added some comments on what all of those do, if you ever forgot, i mean this of course
PHP Code:
/**
* Staff classes config
*
* UC_XYZ : integer -> the name of the defined class
*
* Options for a selected class
** add : boolean -> enable/disable page adding
** edit : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log : boolean -> enable/disable the loging of the actions
*
* @result $staff_classes array();
*/
2. Why am i getting Error Access Denied!
That's because your class isn't in the staff classes array, see #1.
3. Why cant i see the links to add, delete or edit the pages
Not cofigured right for your class, see #1.
4. Why after i made some changes to the staff classes array, one of the panels table color turned to black?
That's because you've removed one of the classes from the array, but the class is still in the database, and it's just a simply reminder that the users in that class can't see those pages(or the panel).
5. Why am i getting html instead of the expected links or whatever it should be?
That's because you have the htmlstrip in the stdmsg function set to true, by default, and thus the html code is escaped.
How to fix, find the stdmsg(); functions in the php file and add
, false after the heading, and the text, like
PHP Code:
stdmsg('Options', '<a href="'.$_SERVER['PHP_SELF'].'?action=add" title="Add a new page">Add a new page</a>', false);
Notice the
,false which turns off the escaping of the html characters.[*] If you want the classes to be colored, you will need the
get_user_class_color() function, here it is
PHP Code:
function get_user_class_color($class)
{
switch ($class)
{
case UC_PEASANT: return "000000";
case UC_USER: return "ff0000";
case UC_POWER_USER: return "ee";
case UC_VIP: return "dd0000";
case UC_UPLOADER: return "cc0000";
case UC_MODERATOR: return "bb0000";
case UC_ADMINISTRATOR: return "aa0000";
case UC_SYSOP: return "990000";
}
return "";
}
If you have another one, please be sure that it doesn't already has
# in front of the colour codes, because in the php file, there are already there.
6. Uses exsisting admin.php for accessing all staff tools
Run the sql:
PHP Code:
CREATE TABLE `staffpanel` (
`id` int(10) unsigned NOT NULL auto_increment,
`page_name` varchar(80) collate utf8_unicode_ci NOT NULL,
`file_name` varchar(80) collate utf8_unicode_ci NOT NULL,
`description` varchar(100) collate utf8_unicode_ci NOT NULL default '',
`av_class` tinyint(3) unsigned NOT NULL default '0',
`added_by` int(10) unsigned NOT NULL default '0',
`added` int(10) unsigned NOT NULL default '0',
PRIMARY KEY (`id`),
UNIQUE KEY `file_name` (`file_name`),
KEY `av_class` (`av_class`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
7. Save and upload staffpanel.php to root:
PHP Code:
<?php
/****************************************************************\
* Staff panel for the TBDEV source code *
* -------------------------------------------------------------- *
* An easy to config staff panel for different staff classes, *
* with different options for each class, like add, edit, delete *
* the pages and to log the actions. *
* -------------------------------------------------------------- *
* @author: Alex2005 for TBDEV.NET *
* @Conversion: Bigjoos for TBDEV.NET 09 *
* @copyright: Alex2005 *
* @package: Staff Panel *
* @category: Staff Tools *
* @version: v1.10 04/07/2008 *
* @license: GNU General Public License *
\****************************************************************/
require_once("include/bittorrent.php");
require_once("include/user_functions.php");
require_once("include/html_functions.php");
dbconn(false);
loggedinorreturn();
$lang = array_merge( load_language('global') );
$HTMLOUT ='';
/**
* Staff classes config
*
* UC_XYZ : integer -> the name of the defined class
*
* Options for a selected class
** add : boolean -> enable/disable page adding
** edit : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log : boolean -> enable/disable the loging of the actions
*
* @result $staff_classes array();
*/
$staff_classes = array(
UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false, 'log' => true),
UC_SYSOP => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false)
);
if (!isset($staff_classes[$CURUSER['class']]))
stderr('Error', 'Access Denied!');
$action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
$class_color = (function_exists('get_user_class_color') ? true : false);
if ($action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
{
$sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');
$res = mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' : '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
if ($CURUSER['class'] < $arr['av_class'])
stderr('Error', 'You are not allowed to delete this page.');
if (!$sure)
stderr('Sanity check', 'Are you sure you want to delete this page: "'.htmlspecialchars($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&id='.$id.'&sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');
mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
if (mysql_affected_rows())
{
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$arr['page_name'].'"('.($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).($class_color ? '</font>' : '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
else
stderr('Error', 'There was a database error, please retry.');
}
else if (($action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
{
$names = array('page_name', 'file_name', 'description', 'av_class');
if ($action == 'edit')
{
$res = mysql_query('SELECT '.implode(', ', $names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_assoc($res);
}
foreach ($names as $name)
$$name = htmlspecialchars((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' ? $arr[$name] : '')));
if ($action == 'edit' && $CURUSER['class'] < $av_class)
stderr('Error', 'You are not allowed to edit this page.');
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$errors = array();
if (empty($page_name))
$errors[] = 'The page name cannot be empty.';
if (empty($file_name))
$errors[] = 'The filename cannot be empty.';
if (empty($description))
$errors[] = 'The description cannot be empty.';
if (!isset($staff_classes[$av_class]))
$errors[] = 'The selected class is not a valid staff class.';
if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/', $file_name))
$errors[] = 'Inexistent php file.';
if (strlen($page_name) < 4 && !empty($page_name))
$errors[] = 'The page name is too short (min 4 chars).';
if (strlen($page_name) > 80)
$errors[] = 'The page name is too long (max 30 chars).';
if (strlen($file_name) > 80)
$errors[] = 'The filename is too long (max 30 chars).';
if (strlen($description) > 100)
$errors[] = 'The description is too long (max 100 chars).';
if (empty($errors))
{
if ($action == 'add')
{
$res = mysql_query("INSERT INTO staffpanel (page_name, file_name, description, av_class, added_by, added) ".
"VALUES (".implode(", ", array_map("sqlesc", array($page_name, $file_name, $description, (int)$av_class, (int)$CURUSER['id'], time()))).")");
if (!$res)
{
if (mysql_errno() == 1062)
$errors[] = "This filename is already submited.";
else
$errors[] = "There was a database error, please retry.";
}
}
else
{
$res = mysql_query("UPDATE staffpanel SET page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE__, __LINE__);
if (!$res)
$errors[] = "There was a database error, please retry.";
}
if (empty($errors))
{
if ($staff_classes[$CURUSER['class']]['log'])
write_log('Page "'.$page_name.'"('.($class_color ? '<font color="#'.get_user_class_color($av_class).'">' : '').get_user_class_name($av_class).($class_color ? '</font>' : '').') in the staff panel was '.($action == 'add' ? 'added' : 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color ? '<font color="#'.get_user_class_color($CURUSER['class']).'">' : '').get_user_class_name($CURUSER['class']).($class_color ? '</font>' : '').')');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
}
}
}
$HTMLOUT .= begin_main_frame();
if (!empty($errors))
{
$HTMLOUT .= stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.', '<b>'.implode('<br />', $errors).'</b>');
$HTMLOUT .="<br />";
}
$HTMLOUT .="<form method='post' action='{$_SERVER['PHP_SELF']}'>
<input type='hidden' name='action' value='{$action}' />";
if ($action == 'edit')
{
$HTMLOUT .="<input type='hidden' name='id' value='{$id}' />";
}
$HTMLOUT .="<table cellpadding='5' width='100%' align='center'>
<tr class='colhead'>
<td colspan='2'>
".($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page'."</td>
</tr>
<tr>
<td class='rowhead' width='1%'>Page name</td><td align='left'><input type='text' size='50' name='page_name' value='{$page_name}' /></td>
</tr>
<tr>
<td class='rowhead'>Filename</td><td align='left'><input type='text' size='50' name='file_name' value='{$file_name}' /><b></b></td>
</tr>
<tr>
<td class='rowhead'>Description</td><td align='left'><input type='text' size='50' name='description' value='{$description}' /></td>
</tr>
<tr>
<td class='rowhead'><span style='white-space: nowrap;'>Available for</span></td>
<td align='left'>
<select name='av_class'>";
foreach ($staff_classes as $class => $value)
{
if ($CURUSER['class'] < $class)
continue;
$HTMLOUT .= '<option'.($class_color? ' style="background-color:#'.get_user_class_color($class).';"' : '').' value="'.$class.'"'.($class == $av_class ? ' selected="selected"' : '').'>'.get_user_class_name($class).'</option>';
}
$HTMLOUT .="</select>
</td>
</tr>
</table>
<table class='main'>
<tr>
<td align='center'></td>
<td style='border:none;' align='center'><input type='submit' value='Submit' /></td>
<td style='border:none;'>
<form method='post' action='{$_SERVER['PHP_SELF']}'><input type='submit' value='Cancel' /></form>
</td>
</tr>
</table></form>";
$HTMLOUT .= end_main_frame();
print stdhead('Staff Panel :: '.($action == 'edit' ? 'Edit "'.$page_name.'"' : 'Add a new').' page') . $HTMLOUT . stdfoot();
}
else
{
$HTMLOUT .= begin_main_frame();
$HTMLOUT .="<h1 align='center'>Welcome {$CURUSER['username']} to the Staff Panel!</h1><br />";
if ($staff_classes[$CURUSER['class']]['add'])
{
$HTMLOUT .= stdmsg('Options', '<a href="staffpanel.php?action=add" title="Add a new page">Add a new page</a>');
$HTMLOUT .="<br />";
}
$res = mysql_query('SELECT staffpanel.*, users.username '.
'FROM staffpanel '.
'LEFT JOIN users ON users.id = staffpanel.added_by '.
'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE__, __LINE__);
if (mysql_num_rows($res) > 0)
{
$db_classes = $unique_classes = $mysql_data = array();
while ($arr = mysql_fetch_assoc($res))
$mysql_data[] = $arr;
foreach ($mysql_data as $key => $value)
$db_classes[$value['av_class']][] = $value['av_class'];
$i=1;
foreach ($mysql_data as $key => $arr)
{
$end_table = (count($db_classes[$arr['av_class']]) == $i ? true : false);
if (!in_array($arr['av_class'], $unique_classes))
{
$unique_classes[] = $arr['av_class'];
$HTMLOUT .="<table cellpadding='5' width='100%' align='center'". (!isset($staff_classes[$arr['av_class']]) ? 'style="background-color:#000000;"' : '').">
<tr>
<td colspan='4' align='center'>
<h2>".($class_color ? '<font color="#'.get_user_class_color($arr['av_class']).'">' : '').get_user_class_name($arr['av_class']).' Panel'.($class_color ? '</font>' : '')."</h2>
</td>
</tr>
<tr align='center'>
<td class='colhead' align='left' width='100%'>Page name</td>
<td class='colhead'><span style='white-space: nowrap;'>Added by</span></td>
<td class='colhead'><span style='white-space: nowrap;'>Date added</span></td>";
if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
{
$HTMLOUT .="<td class='colhead'>Links</td>";
}
$HTMLOUT .="</tr>";
}
$HTMLOUT .="<tr align='center'>
<td align='left'>
<a href='".htmlspecialchars($arr['file_name'])."' title='".htmlspecialchars($arr['page_name'])."'>
".htmlspecialchars($arr['page_name'])."</a><br /><font class='small'>".htmlspecialchars($arr['description'])."</font>
</td>
<td>
<a href='userdetails.php?id=".(int)$arr['added_by']."'>{$arr['username']}</a>
</td>
<td>
<span style='white-space: nowrap;'>".get_date($arr['added'], 'LONG',0,1)."<br /></span>
</td>";
if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
{
$HTMLOUT .="<td>
<span style='white-space: nowrap;'>";
if ($staff_classes[$CURUSER['class']]['edit'])
{
$HTMLOUT .="<b>[</b><a href='staffpanel.php?action=edit&id=".(int)$arr['id']."' title='Edit'>E</a><b>]</b>";
}
if ($staff_classes[$CURUSER['class']]['delete'])
{
$HTMLOUT .="<b>[</b><a href='staffpanel.php?action=delete&id=".(int)$arr['id']."' title='Delete'>D</a><b>]</b>";
}
$HTMLOUT .="</span>
</td>";
}
$HTMLOUT .="</tr>";
$i++;
if ($end_table)
{
$i=1;
$HTMLOUT .="</table><br />";
}
}
}
else
$HTMLOUT .= stdmsg('Sorry', 'Nothing found.');
$HTMLOUT .= end_main_frame();
print stdhead("Staff Panel") . $HTMLOUT . stdfoot();
}
?>
Now add all your tools to your staffpanel in the following format
admin.php?action=adduser
Thats for all tools you have in admin folder - Note if you have them in root then its just toolname.php :)
Notes - If you have any problems, please see the FAQ before posting, if you ignore it, i will ignore your posts and maybe ask for it to be deleted!
- If you want support, you will leave the copyright notice in the top!
Well, i hope i didn't forgot anything,
Enjoy
by Alex2005@tbdev.net/topic/23222-09-staffpanel-mod