mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-17 10:06:09 +00:00
Edit some access for MH user and recreate mass messaage
Edit some access for MH user and recreate mass message and new maintenance system view for admins
This commit is contained in:
@@ -0,0 +1,183 @@
|
||||
<?php
|
||||
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
## Filename massmessage.php ##
|
||||
## Type BACKEND ##
|
||||
## Developed by: Shadow ##
|
||||
## License: TravianZ Project ##
|
||||
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
|
||||
## ##
|
||||
#################################################################################
|
||||
|
||||
session_start();
|
||||
|
||||
include_once("../../config.php");
|
||||
include_once("../../Database.php");
|
||||
|
||||
if (!isset($_SESSION['access']) || $_SESSION['access'] < ADMIN) {
|
||||
die("Access Denied");
|
||||
}
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| PREPARE
|
||||
|--------------------------------------------------------------------------
|
||||
*/
|
||||
if (
|
||||
isset($_POST['action']) &&
|
||||
$_POST['action'] == 'prepare'
|
||||
) {
|
||||
|
||||
if (empty($_POST['subject'])) {
|
||||
die("Subject required");
|
||||
}
|
||||
|
||||
if (empty($_POST['message'])) {
|
||||
die("Message required");
|
||||
}
|
||||
|
||||
$_SESSION['mass_subject'] = trim($_POST['subject']);
|
||||
$_SESSION['mass_message'] = trim($_POST['message']);
|
||||
$_SESSION['mass_color'] = trim($_POST['color']);
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=massmessage&confirm=1");
|
||||
exit;
|
||||
}
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| EXECUTE
|
||||
|--------------------------------------------------------------------------
|
||||
*/
|
||||
if (
|
||||
isset($_POST['action']) &&
|
||||
$_POST['action'] == 'execute'
|
||||
) {
|
||||
|
||||
if (
|
||||
empty($_SESSION['mass_subject']) ||
|
||||
empty($_SESSION['mass_message'])
|
||||
) {
|
||||
header("Location: ../../../Admin/admin.php?p=massmessage");
|
||||
exit;
|
||||
}
|
||||
|
||||
$subject = $database->escape($_SESSION['mass_subject']);
|
||||
$message = $_SESSION['mass_message'];
|
||||
$color = $database->escape(
|
||||
$_SESSION['mass_color'] ?: 'black'
|
||||
);
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| BBCode
|
||||
|--------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
$message = preg_replace(
|
||||
"/\[img\](.*?)\[\/img\]/i",
|
||||
"<img src='$1' alt='' />",
|
||||
$message
|
||||
);
|
||||
|
||||
$message = preg_replace(
|
||||
"/\[url\](.*?)\[\/url\]/i",
|
||||
"<a href='$1'>$1</a>",
|
||||
$message
|
||||
);
|
||||
|
||||
$message = preg_replace(
|
||||
"/\[url=(.*?)\](.*?)\[\/url\]/i",
|
||||
"<a href='$1'>$2</a>",
|
||||
$message
|
||||
);
|
||||
|
||||
$message = "[message]".$message."[/message]";
|
||||
|
||||
$message = $database->escape($message);
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| ALL PLAYERS
|
||||
|--------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
$result = mysqli_query(
|
||||
$database->dblink,
|
||||
"SELECT id
|
||||
FROM ".TB_PREFIX."users
|
||||
WHERE id > 5
|
||||
ORDER BY id ASC"
|
||||
);
|
||||
|
||||
$rows = [];
|
||||
|
||||
$time = time();
|
||||
|
||||
while ($user = mysqli_fetch_assoc($result)) {
|
||||
|
||||
$uid = (int)$user['id'];
|
||||
|
||||
$rows[] =
|
||||
"(".
|
||||
$uid.",".
|
||||
"1,".
|
||||
"'<span style=\"color:".$color.";\">".$subject."</span>',".
|
||||
"'".$message."',".
|
||||
"0,".
|
||||
"0,".
|
||||
"0,".
|
||||
$time.",".
|
||||
"0,".
|
||||
"0,".
|
||||
"0,".
|
||||
"0,".
|
||||
"0,".
|
||||
"0".
|
||||
")";
|
||||
}
|
||||
|
||||
if (!empty($rows)) {
|
||||
|
||||
$sql =
|
||||
"INSERT INTO ".TB_PREFIX."mdata
|
||||
(
|
||||
target,
|
||||
owner,
|
||||
topic,
|
||||
message,
|
||||
viewed,
|
||||
archived,
|
||||
send,
|
||||
time,
|
||||
deltarget,
|
||||
delowner,
|
||||
alliance,
|
||||
player,
|
||||
coor,
|
||||
report
|
||||
)
|
||||
VALUES
|
||||
".implode(",", $rows);
|
||||
|
||||
mysqli_query(
|
||||
$database->dblink,
|
||||
$sql
|
||||
);
|
||||
}
|
||||
|
||||
unset(
|
||||
$_SESSION['mass_subject'],
|
||||
$_SESSION['mass_message'],
|
||||
$_SESSION['mass_color']
|
||||
);
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=massmessage&done=1");
|
||||
exit;
|
||||
}
|
||||
|
||||
header("Location: ../../../Admin/admin.php?p=massmessage");
|
||||
exit;
|
||||
?>
|
||||
@@ -13,6 +13,7 @@
|
||||
if (!isset($_SESSION)) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
|
||||
die("Access Denied: You are not Admin!");
|
||||
}
|
||||
@@ -33,51 +34,93 @@ for ($i = 0; $i < 5; $i++) {
|
||||
include_once($autoprefix . "GameEngine/Database.php");
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Input
|
||||
// INPUT
|
||||
// ---------------------------------------------------------------------------
|
||||
$session = (int)($_POST['admid'] ?? 0);
|
||||
$adminId = (int)($_SESSION['id'] ?? 0);
|
||||
$uid = (int)($_POST['uid'] ?? 0);
|
||||
$topic = trim($_POST['topic'] ?? 'Admin Message');
|
||||
$message = trim($_POST['message'] ?? '');
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// VALIDARE
|
||||
// ---------------------------------------------------------------------------
|
||||
if ($adminId <= 0) {
|
||||
die("Invalid admin session.");
|
||||
}
|
||||
|
||||
if ($uid <= 0 || $message === '') {
|
||||
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=$uid&e=1");
|
||||
exit;
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Verificare admin
|
||||
// SANITIZARE
|
||||
// ---------------------------------------------------------------------------
|
||||
$admin = $database->getUserArray($session, 1);
|
||||
if (!$admin || (int)$admin['access'] !== 9) {
|
||||
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Insert mesaj
|
||||
// ---------------------------------------------------------------------------
|
||||
$time = time();
|
||||
$topicEsc = $database->escape($topic);
|
||||
$msgEsc = $database->escape($message);
|
||||
|
||||
$database->query(
|
||||
"INSERT INTO " . TB_PREFIX . "mdata
|
||||
(target, owner, topic, message, viewed, time, archive)
|
||||
VALUES ($uid, 1, '$topicEsc', '$msgEsc', 0, $time, 0)"
|
||||
);
|
||||
$time = time();
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// Log admin
|
||||
// INSERT MESAJ (FULL FIX)
|
||||
// ---------------------------------------------------------------------------
|
||||
$sql = "
|
||||
INSERT INTO " . TB_PREFIX . "mdata
|
||||
(
|
||||
target,
|
||||
owner,
|
||||
topic,
|
||||
message,
|
||||
viewed,
|
||||
archived,
|
||||
send,
|
||||
time,
|
||||
deltarget,
|
||||
delowner,
|
||||
alliance,
|
||||
player,
|
||||
coor,
|
||||
report
|
||||
)
|
||||
VALUES
|
||||
(
|
||||
$uid,
|
||||
$adminId,
|
||||
'$topicEsc',
|
||||
'$msgEsc',
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
$time,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
0
|
||||
)
|
||||
";
|
||||
|
||||
$result = $database->query($sql);
|
||||
|
||||
if (!$result) {
|
||||
die("Message insert failed: " . $database->getError());
|
||||
}
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// LOG ADMIN ACTION
|
||||
// ---------------------------------------------------------------------------
|
||||
$adminId = (int)$_SESSION['id'];
|
||||
$logText = "Sent message to uid $uid: '$topicEsc'";
|
||||
$logEsc = $database->escape($logText);
|
||||
$logEsc = $database->escape($logText);
|
||||
|
||||
$database->query(
|
||||
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
|
||||
"VALUES (0, '$adminId', '$logEsc', $time)"
|
||||
);
|
||||
$database->query("
|
||||
INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`)
|
||||
VALUES (0, $adminId, '$logEsc', $time)
|
||||
");
|
||||
|
||||
// ---------------------------------------------------------------------------
|
||||
// REDIRECT SUCCESS
|
||||
// ---------------------------------------------------------------------------
|
||||
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=" . $uid . "&msg=ok");
|
||||
exit;
|
||||
?>
|
||||
Reference in New Issue
Block a user