Changeset 185

Timestamp:

01/11/10 20:49:19 (8 months ago)

Author:

sausage

Message:

Guild control panel (read only),
Fix some minor XSS bugs,
Merge gmcharacter and character pages

Location:

webcp/trunk

Files:

• allguilds.php (modified) (2 diffs)
• character.php (modified) (3 diffs)
• class/Database.class.php (modified) (1 diff)
• common.php (modified) (3 diffs)
• gmaccount.php (modified) (1 diff)
• gmcharacter.php (deleted)
• guild.php (added)
• guildmembers.php (added)
• guilds.php (modified) (2 diffs)
• search.php (modified) (1 diff)
• tpl/green/account.htm (moved) (moved from webcp/trunk/tpl/green/gmaccount.htm) (3 diffs)
• tpl/green/accsearch_results.htm (modified) (1 diff)
• tpl/green/allaccounts.htm (modified) (1 diff)
• tpl/green/allcharacters.htm (modified) (1 diff)
• tpl/green/allguilds.htm (modified) (1 diff)
• tpl/green/bans.htm (modified) (2 diffs)
• tpl/green/character.htm (modified) (2 diffs)
• tpl/green/characters.htm (modified) (1 diff)
• tpl/green/charsearch_results.htm (modified) (1 diff)
• tpl/green/gmcharacter.htm (deleted)
• tpl/green/guild.htm (added)
• tpl/green/guildmembers.htm (added)
• tpl/green/guilds.htm (modified) (1 diff)
• tpl/green/guildsearch_results.htm (modified) (1 diff)
• tpl/green/header.htm (modified) (3 diffs)
• tpl/green/index.htm (modified) (1 diff)
• tpl/green/online.htm (modified) (1 diff)
• tpl/green/players.htm (modified) (1 diff)
• tpl/green/staff.htm (modified) (1 diff)
• tpl/green/style.css (modified) (5 diffs)

webcp/trunk/allguilds.php

@@ -59 +59 @@
 
 $members = $db->SQL("SELECT guild FROM characters WHERE $guildlistq");
-$totalexp = $db->SQL("SELECT guild,exp FROM characters WHERE $guildlistq AND admin = 0");
+$totalexp = $db->SQL("SELECT guild, exp FROM characters WHERE ($guildlistq) AND admin = 0");
 
 foreach ($guilds as &$guild)
@@ -82 +82 @@
 
         $guild['exp'] = $expcount;
-        $guild['members'] = $members;
+        $guild['members'] = $membercount;
 }
 unset($guild);

webcp/trunk/character.php

@@ -20 +20 @@
 }
 
-$character = $db->SQL("SELECT * FROM characters WHERE name = '$' AND account = '$' LIMIT 1", strtolower($_GET['name']), $sess->username);
+if ($GM)
+{
+        $character = $db->SQL("SELECT * FROM characters WHERE name = '$' LIMIT 1", strtolower($_GET['name']));
+}
+else
+{
+        $character = $db->SQL("SELECT * FROM characters WHERE name = '$' AND account = '$' LIMIT 1", strtolower($_GET['name']), $sess->username);
+}
 
 if (empty($character))
 {
-        $tpl->message = 'Character does not exist or is not yours.';
+        $tpl->message = 'Character does not exist' . ($GM ? '.' : ' or is not yours.');
         $tpl->Execute(null);
         exit;
@@ -46 +53 @@
         if (!empty($guildinfo[0]))
         {
-                $character['guild_name'] = $guildinfo[0]['name'];
+                $character['guild_name'] = ucfirst($guildinfo[0]['name']);
                 $character['guild_rank_str'] = guildrank_str(unserialize_guildranks($guildinfo[0]['ranks']), $character['guild_rank']);
         }
@@ -57 +64 @@
 $character['admin_str'] = adminrank_str($character['admin']);
 
-$pagetitle .= ': '.$character['name'];
+$pagetitle .= ': '.htmlentities($character['name']);
 $tpl->pagetitle = $pagetitle;
 

webcp/trunk/class/Database.class.php

@@ -2 +2 @@
 /* This script is free to modify and distribute
 
-Current version: 1.4
+Current version: 1.5
 
 Updated 1 September 2009 (tehsausage@gmail.com) [1.5]

webcp/trunk/common.php

@@ -132 +132 @@
 define('RACE_TAN', 2);
 define('RACE_ORC', 3);
-define('RACE_PANDA', 4);
-define('RACE_SKELETON', 5);
+define('RACE_SKELETON', 4);
+define('RACE_PANDA', 5);
 define('RACE_FISH', 6);
 
@@ -386 +386 @@
                                 );
                         }
-                        if ($cd['guild_rank'] == 1)
+                        if ($cd['guild_rank'] <= 1)
                         {
                                 $chardata_guilds[$cd['guild']]['leader'] = true;
@@ -620 +620 @@
 function guildrank_str($ranks, $rank)
 {
+        if ($rank == 0) $rank = 1;
         return isset($ranks[$rank-1])?$ranks[$rank-1]:'Unknown';
 }

webcp/trunk/gmaccount.php

@@ -61 +61 @@
 $tpl->pagetitle = $pagetitle;
 
-$tpl->Execute('gmaccount');
+$tpl->Execute('account');

webcp/trunk/guilds.php

@@ -38 +38 @@
 
 $members = $db->SQL("SELECT guild FROM characters WHERE $guildlistq");
-$totalexp = $db->SQL("SELECT guild,exp FROM characters WHERE $guildlistq AND admin = 0");
+$totalexp = $db->SQL("SELECT guild,exp FROM characters WHERE ($guildlistq) AND admin = 0");
 
 foreach ($guilds as &$guild)
@@ -61 +61 @@
 
         $guild['exp'] = $expcount;
-        $guild['members'] = $members;
+        $guild['members'] = $membercount;
 }
 unset($guild);

webcp/trunk/search.php

@@ -212 +212 @@
                                         $membercount = $db->SQL("SELECT COUNT(1) as count FROM characters WHERE guild = '$'", $guild['tag']);
                                         $totalexp = $db->SQL("SELECT SUM(exp) as totalexp FROM characters WHERE guild = '$' AND admin = 0", $guild['tag']);
+                                        $guild['tag'] = trim(strtoupper($guild['tag']));
+                                        $guild['name'] = ucfirst($guild['name']);
                                         $guild['members'] = number_format($membercount[0]['count']);
                                         $guild['exp'] = number_format($totalexp[0]['totalexp']);

webcp/trunk/tpl/green/account.htm

@@ -8 +8 @@
         <thead>
                 <tr>
-                        <th colspan="2"><[account.username]>
+                        <th colspan="2"><[~account.username]>
 
         <tbody>
@@ -15 +15 @@
                 <tr><th>HDID<td><[account.hdid_str]>
 
-                <tr><th>Registered<td><[account.created_str]>
+                <tr><th>Registered<td><[account.created_str]> (<[account.regip]>)
 
-                <tr><th>Last Used<td><[account.lastused_str]>
+                <tr><th>Last Used<td><[if account.lastused]><[account.lastused_str]> (<[account.lastip]>)<[else]><i>Never</i><[endif]>
 
-                <tr><th>Full Name<td><[account.fullname]>
+                <tr><th>Full Name<td><[~account.fullname]>
 
-                <tr><th>Location<td><[account.location]>
+                <tr><th>Location<td><[~account.location]>
 
-                <tr><th>E-Mail<td><[account.email]>
+                <tr><th>E-Mail<td><[~account.email]>
 
 </table>
@@ -41 +41 @@
 <[foreach characters char]>
                 <tr>
-                        <td><a href="./gmcharacter<[php]>?name=<[char.name]>"><[char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
+                        <td><a href="./character<[php]>?name=<[~char.name]>"><[~char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
 
                         <td><[~char.title]>

webcp/trunk/tpl/green/accsearch_results.htm

@@ -23 +23 @@
 <[foreach accounts acc]>
                 <tr>
-                        <td><a href="./gmaccount<[php]>?name=<[acc.username]>"><[acc.username]></a>
+                        <td><a href="./gmaccount<[php]>?name=<[~acc.username]>"><[~acc.username]></a>
                         <td><[acc.characters]>
 

webcp/trunk/tpl/green/allaccounts.htm

@@ -18 +18 @@
 <[foreach accounts acc]>
                 <tr>
-                        <td><a href="./gmaccount<[php]>?name=<[acc.username]>"><[acc.username]></a>
+                        <td><a href="./gmaccount<[php]>?name=<[acc.username]>"><[~acc.username]></a>
                         <td><[acc.characters]>
 

webcp/trunk/tpl/green/allcharacters.htm

@@ -19 +19 @@
 <[foreach characters char]>
                 <tr>
-                        <td><a href="./gmcharacter<[php]>?name=<[char.name]>"><[char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
+                        <td><a href="./character<[php]>?name=<[~char.name]>"><[~char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
 
-                        <td><a href="./gmaccount<[php]>?name=<[char.account]>"><[char.account]></a>
+                        <td><a href="./gmaccount<[php]>?name=<[~char.account]>"><[~char.account]></a>
 
                         <td><[char.level]>

webcp/trunk/tpl/green/allguilds.htm

@@ -18 +18 @@
 <[foreach guilds guild]>
                 <tr>
-                        <td><[guild.tag]>
+                        <td><[~guild.tag]>
 
-                        <td><a href="./guild<[php]>?tag=<[guild.tag]>"><[guild.name]></a>
+                        <td><a href="./guild<[php]>?tag=<[~guild.tag]>"><[~guild.name]></a>
 
                         <td><[guild.members]>

webcp/trunk/tpl/green/bans.htm

@@ -19 +19 @@
 <[foreach bans ban]>
                 <tr>
-                        <td><[if !ban.nouser]><a href="./gmaccount<[php]>?name=<[ban.username]>"><[endif]><[ban.username]><[if !ban.nouser]></a><[endif]>
+                        <td><[if !ban.nouser]><a href="./gmaccount<[php]>?name=<[~ban.username]>"><[endif]><[~ban.username]><[if !ban.nouser]></a><[endif]>
 
-                        <td><[ban.ip_str]>
+                        <td><[~ban.ip_str]>
 
                         <td><[~ban.hdid_str]>
@@ -27 +27 @@
                         <td><[ban.remaining]>
 
-                        <td><a href="./gmcharacter<[php]>?name=<[ban.setter]>"><[ban.setter]></a>
+                        <td><a href="./character<[php]>?name=<[~ban.setter]>"><[~ban.setter]></a>
 
 <[endforeach]>

webcp/trunk/tpl/green/character.htm

@@ -7 +7 @@
 <table id="character">
         <thead>
-                <tr><th colspan="3"><[character.name]>
+                <tr><th colspan="3"><[~character.name]><[if GM]> <a href="./gmaccount<[php]>?name=<[~character.account]>">(<[~character.account]>)</a><[endif]>
         <tbody>
                 <tr><th>Level<td colspan="2"><[character.level]>
@@ -14 +14 @@
 
                 <tr><th>Admin Rank<td colspan="2"><[character.admin_str]>
+
 <[if character.guild]>
-                <tr><th rowspan="3">Guild<th>Tag<td><[character.guild]>
+                <tr><th rowspan="3">Guild<th>Tag<td><[~character.guild]>
 
-                <tr><th>Name<td><[character.guild_name]>
-
+                <tr><th>Name<td><a href="./guild<[php]>?tag=<[~character.guild]>"><[~character.guild_name]></a>
                 <tr><th>Rank<td><[character.guild_rank_str]> (<[character.guild_rank]>)
 <[else]>

webcp/trunk/tpl/green/characters.htm

@@ -11 +11 @@
 <[foreach characters char]>
                 <tr>
-                        <td><a href="./character<[php]>?name=<[char.name]>"><[char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
+                        <td><a href="./character<[php]>?name=<[~char.name]>"><[~char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
 
                         <td><[~char.title]>

webcp/trunk/tpl/green/charsearch_results.htm

@@ -22 +22 @@
         <tbody>
                 <tr>
-                        <td><a href="./gmcharacter<[php]>?name=<[char.name]>"><[char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
+                        <td><a href="./character<[php]>?name=<[~char.name]>"><[~char.name]></a><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
 
-                        <td><a href="./gmaccount<[php]>?name=<[char.account]>"><[char.account]></a>
+                        <td><a href="./gmaccount<[php]>?name=<[~char.account]>"><[~char.account]></a>
 
                         <td><[char.level]>

webcp/trunk/tpl/green/guilds.htm

@@ -12 +12 @@
 <[foreach guilds guild]>
                 <tr>
-                        <td><[guild.tag]>
+                        <td><[~guild.tag]>
 
-                        <td><a href="./guild<[php]>?tag=<[guild.tag]>"><[guild.name]></a>
+                        <td><a href="./guild<[php]>?tag=<[~guild.tag]>"><[~guild.name]></a>
 
                         <td><[guild.members]>

webcp/trunk/tpl/green/guildsearch_results.htm

@@ -22 +22 @@
 <[foreach guilds guild]>
                 <tr>
-                        <td><[guild.tag]>
+                        <td><[~guild.tag]>
 
-                        <td><a href="./guild<[php]>?tag=<[guild.tag]>"><[guild.name]></a>
+                        <td><a href="./guild<[php]>?tag=<[~guild.tag]>"><[~guild.name]></a>
 
                         <td><[guild.members]>

webcp/trunk/tpl/green/header.htm

@@ -4 +4 @@
 
 <div id="header">
-<h1><a href="<[homeurl]>"><[sitename]></a></h1>
+<h1><a href="<[homeurl]>"><[~sitename]></a></h1>
 <span id="subtitle">
 EOSERV Control Panel
@@ -21 +21 @@
 <[if logged]>
 <ul class="nav playernav">
-        <li><span><[username]></span>
+        <li><span><[~username]></span>
         <li><a href="./characters<[php]>">My&nbsp;Characters&nbsp;(<[numchars]>)</a>
         <li><a href="./details<[php]>">Edit&nbsp;Details</a>
@@ -28 +28 @@
 <[endif]>
 
-<!--
 <[foreach chardata_guilds guild tag]>
 <ul class="nav guildnav">
-        <li><span>Guild: <a href="./guild<[php]>?tag=<[tag]>"><[tag]></a></span>
-        <[if guild.leader]><li><a href="./editguild<[php]>?tag=<[tag]>">Edit&nbsp;Guild</a><[endif]>
+        <li><span>Guild: <a href="./guild<[php]>?tag=<[~tag]>"><[~tag]></a></span>
+        <[if guild.leader]><li><a href="./editguild<[php]>?tag=<[~tag]>">Edit&nbsp;Guild</a><[endif]>
 
-        <li><a href="./guildmembers<[php]>?tag=<[tag]>">Member&nbsp;List</a>
-        <li><a href="./guildsearch<[php]>?tag=<[tag]>">Member&nbsp;Search</a>
+        <li><a href="./guildmembers<[php]>?tag=<[~tag]>">Member&nbsp;List</a>
+        <li><a href="./guildsearch<[php]>?tag=<[~tag]>">Member&nbsp;Search</a>
 </ul>
 <[endforeach]>
--->
 
 <[if GUARDIAN]>

webcp/trunk/tpl/green/index.htm

@@ -1 +1 @@
 <ul>
-        <li>Server Name: <b><[sitename]></b>
+        <li>Server Name: <b><[~sitename]></b>
         <li>Accounts: <b><[accounts]></b>
         <li>Characters: <b><[characters]></b> (<b><[staffcharacters]></b> staff)

webcp/trunk/tpl/green/online.htm

@@ -9 +9 @@
 <[foreach characters char]>
                 <tr>
-                        <td><[if GM]><a href="./gmcharacter<[php]>?name=<[char.name]>"><[endif]><[char.name]><[if GM]></a><[endif]><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
+                        <td><[if GM]><a href="./character<[php]>?name=<[~char.name]>"><[endif]><[~char.name]><[if GM]></a><[endif]><[if char.gm]> <img src="./tpl/green/images/admin.gif"><[endif]>
 
                         <td><[~char.title]>
 
-                        <td><[char.guild]>
+                        <td><a href="./guild<[php]>?tag=<[~char.guild]>"><[~char.guild]></a>
 
 <[endforeach]>

webcp/trunk/tpl/green/players.htm

@@ -13 +13 @@
 <[foreach characters char]>
                 <tr>
-                        <td><[if GM]><a href="./gmcharacter<[php]>?name=<[char.name]>"><[endif]><[char.name]><[if GM]></a><[endif]>
+                        <td><[if GM]><a href="./character<[php]>?name=<[~char.name]>"><[endif]><[~char.name]><[if GM]></a><[endif]>
 
                         <td><[~char.title]>

webcp/trunk/tpl/green/staff.htm

@@ -9 +9 @@
 <[foreach characters char]>
                 <tr>
-                        <td><[char.name]>
+                        <td><[~char.name]>
 
                         <td><[~char.title]>

webcp/trunk/tpl/green/style.css

@@ -131 +131 @@
         min-height:260px;
         _height:260px;
+        position:relative;
 }
 
@@ -392 +393 @@
 .showing
 {
+        width:80%;
         display:block;
         text-align:center;
@@ -399 +401 @@
 .jumppage
 {
-        float:left;
+        position:absolute;
+        top:2px;
+        left:2px;
         font-size:120%;
 }
@@ -411 +415 @@
 .pagination
 {
-        clear:both;
+        width:80%;
         display:block;
         text-align:center;
@@ -433 +437 @@
         width:25%;
 }
+
+table#guild tbody th
+{
+        width:20%;
+}