added simple check for logged in status, more stuff for character selection

7 년 전 · 34c256edce
--- a/addaccounts.php
+++ b/addaccounts.php
@@ -1,7 +1,8 @@
 <?php
 $pagetitle = "Add a Guild Wars account to track";
 include_once ('header.php');

 if (isset($_SESSION['userid'])){
 	
 # delete this block when shit finally works.
 ini_set('display_errors', 'on');
 error_reporting(E_ALL);
@@ -99,5 +100,6 @@ while ($row2 = $res2->fetch_assoc()) {
 }
 echo '</table><input type="submit" value="Delete selected characters"></form><br />';
 echo '<br />Return to your <a href="index.php" class="navlink">user</a> page';
 }
 include_once ('footer.php');
 ?>
--- a/adminlanding.php
+++ b/adminlanding.php
@@ -1,10 +1,12 @@
 <?php
 $pagetitle = "Admin Area";
 include_once ('header.php');
 unset($_SESSION['title']);
 unset($_SESSION['tid']);
 echo '<center>Welcome to the admin area!<br /><br />';
 echo 'Title creator / editor <a href="titlemanager.php" class="navlink">here</a> (work in progress)<br /><br />';
 echo 'User editor <a href="" class="navlink">here</a> (not working yet)<br />';
 if (isset($_SESSION['userid'])){
 	unset($_SESSION['title']);
 	unset($_SESSION['tid']);
 	echo '<center>Welcome to the admin area!<br /><br />';
 	echo 'Title creator / editor <a href="titlemanager.php" class="navlink">here</a> (work in progress)<br /><br />';
 	echo 'User editor <a href="" class="navlink">here</a> (not working yet)<br />';
 }
 include_once ('footer.php');
 ?>
--- a/includes/addcharacters-submit.php
+++ b/includes/addcharacters-submit.php
@@ -6,11 +6,12 @@ error_reporting(E_ALL);
 mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
 # delete the above when shit finally works

 // $ac = AddCharacter
 $ac = $con->prepare("INSERT INTO gwchars (accid, userid, charname, birthdate, profid) VALUES (?, ?, ?, ?, ?)");
 $ac->bind_param("iissi", $_SESSION['prefaccid'], $_SESSION['userid'], $_POST['newcharname'], $_POST['bdate'], $_POST['profid']);
 $ac->execute();
 $ac->close();
 echo $_POST['newcharname'] . ' added to your account!<br /><br />';

 if (isset($_SESSION['userid'])){
 	// $ac = AddCharacter
 	$ac = $con->prepare("INSERT INTO gwchars (accid, userid, charname, birthdate, profid) VALUES (?, ?, ?, ?, ?)");
 	$ac->bind_param("iissi", $_SESSION['prefaccid'], $_SESSION['userid'], $_POST['newcharname'], $_POST['bdate'], $_POST['profid']);
 	$ac->execute();
 	$ac->close();
 	echo $_POST['newcharname'] . ' added to your account!<br /><br />';
 }
 ?>
--- a/includes/set-prefacc.php
+++ b/includes/set-prefacc.php
@@ -1,25 +1,27 @@
 <?php
 if ($_POST['prefaccid'] == "nopref") {
 	$nap = $con->prepare("UPDATE userinfo SET prefaccid = 0, prefaccname = 'No default selected' WHERE userid = ?");
 	$nap->bind_param("i", $_SESSION['userid']);
 	$nap->execute();
 	$nap->close();
 	$_SESSION['prefaccid'] = "0";
 	$_SESSION['prefaccname'] = "No default selected";
 	echo 'Account preference update - no preferred account selected.<br />';
 } else {
 	$sap = $con->prepare("SELECT accid, accemail FROM gwaccounts WHERE accid = ? AND userid = ?");
 	$sap->bind_param("ii", $_POST['prefaccid'], $_SESSION['userid']);
 	$sap->execute();
 	$result = $sap->get_result();
 	while ($row = $result->fetch_assoc()) {
 		$uap = $con->prepare("UPDATE userinfo SET prefaccid = ?, prefaccname = ? WHERE userid = ?");
 		$uap->bind_param("isi", $_POST['prefaccid'], $row['accemail'], $_SESSION['userid']);
 		$uap->execute();
 		$uap->close();
 		$_SESSION['prefaccid'] = $row['accid'];
 		$_SESSION['prefaccname'] = $row['accemail'];
 if (isset($_SESSION['userid'])) {
 	if ($_POST['prefaccid'] == "nopref") {
 		$nap = $con->prepare("UPDATE userinfo SET prefaccid = 0, prefaccname = 'No default selected' WHERE userid = ?");
 		$nap->bind_param("i", $_SESSION['userid']);
 		$nap->execute();
 		$nap->close();
 		$_SESSION['prefaccid'] = "0";
 		$_SESSION['prefaccname'] = "No default selected";
 		echo 'Account preference update - no preferred account selected.<br />';
 	} else {
 		$sap = $con->prepare("SELECT accid, accemail FROM gwaccounts WHERE accid = ? AND userid = ?");
 		$sap->bind_param("ii", $_POST['prefaccid'], $_SESSION['userid']);
 		$sap->execute();
 		$result = $sap->get_result();
 		while ($row = $result->fetch_assoc()) {
 			$uap = $con->prepare("UPDATE userinfo SET prefaccid = ?, prefaccname = ? WHERE userid = ?");
 			$uap->bind_param("isi", $_POST['prefaccid'], $row['accemail'], $_SESSION['userid']);
 			$uap->execute();
 			$uap->close();
 			$_SESSION['prefaccid'] = $row['accid'];
 			$_SESSION['prefaccname'] = $row['accemail'];
 		}
 		echo 'Guild Wars preferred account updated! <br />';
 	}
 	echo 'Guild Wars preferred account updated! <br />';
 }
 ?>
--- a/includes/set-prefchar.php
+++ b/includes/set-prefchar.php
@@ -0,0 +1,5 @@
 <?php
 if (isset($_SESSION['userid'])) {
 echo 'this is the set-prefchar.php file text!<br />';
 }
 ?>
--- a/preferences.php
+++ b/preferences.php
@@ -1,7 +1,8 @@
 <?php
 $pagetitle = "Account options";
 include_once ('header.php');

 if (isset($_SESSION['userid'])){
 	
 if (!empty($_POST['useremail'])) {
 	//this section contains code to update the users e-mail address
 	include_once ('includes/update-email.php');
@@ -16,6 +17,12 @@ if (!empty($_POST['setacc'])) {
    //this section contains code to set the users preferred game account
    include_once ('includes/set-prefacc.php');
 }

 if (!empty($_POST['setchar'])) {
 	//this section contains code to the users preferred character
 	include_once ('includes/set-prefchar.php');
 }

 echo '<h3>Change e-mail or password</h3>';

 // select which GW account you want to default to
@@ -32,6 +39,19 @@ while ($row = $resacc->fetch_assoc()) {
 echo '</td><td><input type="submit" value="Set account"></td></tr></select></table><input type="hidden" name="setacc" value="update"></form><br />';

 // select which character from your GW account you want to default to
 echo 'the session prefaccid is: ' . $_SESSION['prefaccid'] . '<br/>';
 echo 'the session userid is: ' .$_SESSION['userid'] . '<br/>';
 echo '<form action="preferences.php" method="post"><table border="1"><caption style="white-space: nowrap; overflow: hidden;">Current preferred character: <b>' .$_SESSION['prefcharname'] . '</b></caption>';
 echo '<tr><td><select name="prefcharid">';
 echo '<option value="nopref">Prefer no default</option>';
 $prefchar = $con->prepare("SELECT charid, charname FROM gwchars WHERE accid = ? AND userid = ?");
 $prefchar->bind_param("ii", $_SESSION['prefaccid'], $_SESSION['userid']);
 $prefchar->execute();
 $reschar = $prefchar->get_result();
 while ($row2 = $reschar->fetch_assoc()) {
 	echo '<option value="' . $row2['charid'] . '">' . $row2['charname'] . '</option>';
 }
 echo '</td><td><input type="submit" value="Set character"></td></tr></select></table><input type="hidden" name="setchar" value="updatechar"></form><br />';
 # needed code: select charrid from table gwchars selected by accid

 // update e-mail address form
@@ -62,5 +82,6 @@ echo <<<UPDPASS
 </script>
 <input type="submit" name="submission" value="Update password" onclick="return Validate()" id="btnSubmit"></form>
 UPDPASS;
 }
 include_once ('footer.php');
 ?>
--- a/titlemanager.php
+++ b/titlemanager.php
@@ -1,82 +1,79 @@
 <?php
 $pagetitle = "Title Editor";
 include_once ('header.php');
 include_once ('connect.php');
 $con = mysqli_connect(DATABASE_HOST, DATABASE_USER, DATABASE_PASS, DATABASE_NAME);
 if ($con->connect_errno){
 	die ('Unable to connect to database [' . $db->connect_errno . ']');
 }
 if (isset($_SESSION['title'])) {
 	if ($_SESSION['title'] == "repeat") {
 		$_POST['title'] = "addsubtitle";
 		unset($_SESSION['title']);
 	} else {
 		unset($_SESSION['tr']);
 	}
 }
 if ($_SESSION['admin'] == 1) {
 	echo '<br />';
 	if (isset($_POST['title'])) {
 		if ($_POST['title'] == "addtitle") {
 			// included file contains all the code to add a new title
 			include_once ('includes/title-add.php');
 		} else if ($_POST['title'] == "titlesubmit") {
 			// included file contains all the code to submit a new title
 			include_once ('includes/title-submit.php');
 		} else if ($_POST['title'] == "modtitle") { 
 			// included file contains all the code to edit a title
 			include_once ('includes/title-editor.php');
 		} else if ($_POST['title'] == "updatetitle") {
 			// this section doesn't require human interaction
 			include_once ('includes/title-update.php');
 		} else if ($_POST['title'] == "addsubtitle") {
 			// included file contains all code to add the title ranks and points required
 			include_once ('includes/titleranks-add.php');
 		} else if ($_POST['title'] == "titleranksubmit") {
 			// this section doesn't require human interaction
 			include_once ('includes/titleranks-submit.php');
 		} else if ($_POST['title'] == "modsubtitle") {
 			// included file contains all code to edit a title rank
 			include_once ('includes/titleranks-editor.php');
 		} else if ($_POST['title'] == "updatesubtitle") {
 			// this sectionupdates modified title ranks in the database, or deletes them
 			include_once ('includes/titleranks-update.php');
 		}
 	} else {
 		unset($_SESSION['tid']);
 		unset($_SESSION['tr']);
 		echo 'Add titles <form action="titlemanager.php" method="post"><input type="hidden" name="title" value="addtitle"><input type="submit" value="Add title"></form><br />';
 		echo 'Modify titles <form action="titlemanager.php" method="post"><input type="hidden" name="title" value="modtitle"><select name="tid" onchange="this.form.submit()"><option selected disabled>Select title</option>';
 		include ('includes/title-select.php');
 		echo '</select><noscript><input type="submit" value="Modify Title"></noscript></form><br /><br />';
 		echo 'Add or modify title ranks and points <form action="titlemanager.php" method="post"><input type="hidden" name="title" value="addsubtitle"><select name="tid" onchange="this.form.submit()"><option selected disabled>Add title rank(s)</option>';
        include ('includes/title-select.php');
        echo '</select><noscript><input type="submit" value="Add title rank"></noscript></form><br /><br />';
 		// now to view the last 5 title entries in the database
 		echo 'Here is the last 15 titles entered into the database, newest entry is on top:<br />';
 		echo '<table border="1"><tr><th>titleid</th><th>titlename</th><th>titletype</th><th>titletype</th></tr>';
 		$stmtview = $con->prepare("SELECT * FROM gwtitles ORDER BY titlenameid DESC LIMIT 15");
 		$stmtview->execute();
 		$result = $stmtview->get_result();
 		while ($row = $result->fetch_assoc()) {
 			$tid = $row['titlenameid'];
 			$tname = $row['titlename'];
 			$ttype = $row['titletype'];
            $tmr = $row['titlemaxrank'];
 			echo '<tr><td>' . $tid . '</td><td>' . $tname . ' (' . $tmr . ')</td><td>' . $ttype . '</td><td>';
 			if ($ttype == "0") {
 				echo 'account';
 			} else if ($ttype == "1") {
 				echo 'character';
 if (isset($_SESSION['userid'])){
 	if (isset($_SESSION['title'])) {
 		if ($_SESSION['title'] == "repeat") {
 				$_POST['title'] = "addsubtitle";
 				unset($_SESSION['title']);
 			} else {
 				echo 'Anything other than a 0 or 1 means something broke!';
 				include_once ('footer.php');
 				exit();
 				unset($_SESSION['tr']);
 			}
 		}
 		if ($_SESSION['admin'] == 1) {
 		echo '<br />';
 		if (isset($_POST['title'])) {
 			if ($_POST['title'] == "addtitle") {
 				// included file contains all the code to add a new title
 				include_once ('includes/title-add.php');
 			} else if ($_POST['title'] == "titlesubmit") {
 				// included file contains all the code to submit a new title
 				include_once ('includes/title-submit.php');
 			} else if ($_POST['title'] == "modtitle") { 
 				// included file contains all the code to edit a title
 				include_once ('includes/title-editor.php');
 			} else if ($_POST['title'] == "updatetitle") {
 				// this section doesn't require human interaction
 				include_once ('includes/title-update.php');
 			} else if ($_POST['title'] == "addsubtitle") {
 				// included file contains all code to add the title ranks and points required
 				include_once ('includes/titleranks-add.php');
 			} else if ($_POST['title'] == "titleranksubmit") {
 				// this section doesn't require human interaction
 				include_once ('includes/titleranks-submit.php');
 			} else if ($_POST['title'] == "modsubtitle") {
 				// included file contains all code to edit a title rank
 				include_once ('includes/titleranks-editor.php');
 			} else if ($_POST['title'] == "updatesubtitle") {
 				// this sectionupdates modified title ranks in the database, or deletes them
 				include_once ('includes/titleranks-update.php');
 			}
 		} else {
 			unset($_SESSION['tid']);
 			unset($_SESSION['tr']);
 			echo 'Add titles <form action="titlemanager.php" method="post"><input type="hidden" name="title" value="addtitle"><input type="submit" value="Add title"></form><br />';
 			echo 'Modify titles <form action="titlemanager.php" method="post"><input type="hidden" name="title" value="modtitle"><select name="tid" onchange="this.form.submit()"><option selected disabled>Select title</option>';
 			include ('includes/title-select.php');
 			echo '</select><noscript><input type="submit" value="Modify Title"></noscript></form><br /><br />';
 			echo 'Add or modify title ranks and points <form action="titlemanager.php" method="post"><input type="hidden" name="title" value="addsubtitle"><select name="tid" onchange="this.form.submit()"><option selected disabled>Add title rank(s)</option>';
 			include ('includes/title-select.php');
 			echo '</select><noscript><input type="submit" value="Add title rank"></noscript></form><br /><br />';
 			// now to view the last 5 title entries in the database
 			echo 'Here is the last 15 titles entered into the database, newest entry is on top:<br />';
 			echo '<table border="1"><tr><th>titleid</th><th>titlename</th><th>titletype</th><th>titletype</th></tr>';
 			$stmtview = $con->prepare("SELECT * FROM gwtitles ORDER BY titlenameid DESC LIMIT 15");
 			$stmtview->execute();
 			$result = $stmtview->get_result();
 			while ($row = $result->fetch_assoc()) {
 				$tid = $row['titlenameid'];
 				$tname = $row['titlename'];
 				$ttype = $row['titletype'];
 				$tmr = $row['titlemaxrank'];
 				echo '<tr><td>' . $tid . '</td><td>' . $tname . ' (' . $tmr . ')</td><td>' . $ttype . '</td><td>';
 				if ($ttype == "0") {
 					echo 'account';
 				} else if ($ttype == "1") {
 					echo 'character';
 				} else {
 					echo 'Anything other than a 0 or 1 means something broke!';
 					include_once ('footer.php');
 					exit();
 				}
 				echo '</td></tr>';
 			}
 			echo '</td></tr>';
 			$stmtview->close();
 			echo '</table><br />If anything looks off, please fix it!<br /><br />';
 		}
 		$stmtview->close();
 		echo '</table><br />If anything looks off, please fix it!<br /><br />';
 	}
 }
 include_once ('footer.php');