Edit some access for MH user and recreate mass messaage

Edit some access for MH user and recreate mass message and new maintenance system view for admins
This commit is contained in:
novgorodschi catalin
2026-06-02 10:59:35 +03:00
parent 2eaa92fc03
commit 547e164143
16 changed files with 595 additions and 344 deletions
+183
View File
@@ -0,0 +1,183 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename massmessage.php ##
## Type BACKEND ##
## Developed by: Shadow ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2025. All rights reserved. ##
## ##
#################################################################################
session_start();
include_once("../../config.php");
include_once("../../Database.php");
if (!isset($_SESSION['access']) || $_SESSION['access'] < ADMIN) {
die("Access Denied");
}
/*
|--------------------------------------------------------------------------
| PREPARE
|--------------------------------------------------------------------------
*/
if (
isset($_POST['action']) &&
$_POST['action'] == 'prepare'
) {
if (empty($_POST['subject'])) {
die("Subject required");
}
if (empty($_POST['message'])) {
die("Message required");
}
$_SESSION['mass_subject'] = trim($_POST['subject']);
$_SESSION['mass_message'] = trim($_POST['message']);
$_SESSION['mass_color'] = trim($_POST['color']);
header("Location: ../../../Admin/admin.php?p=massmessage&confirm=1");
exit;
}
/*
|--------------------------------------------------------------------------
| EXECUTE
|--------------------------------------------------------------------------
*/
if (
isset($_POST['action']) &&
$_POST['action'] == 'execute'
) {
if (
empty($_SESSION['mass_subject']) ||
empty($_SESSION['mass_message'])
) {
header("Location: ../../../Admin/admin.php?p=massmessage");
exit;
}
$subject = $database->escape($_SESSION['mass_subject']);
$message = $_SESSION['mass_message'];
$color = $database->escape(
$_SESSION['mass_color'] ?: 'black'
);
/*
|--------------------------------------------------------------------------
| BBCode
|--------------------------------------------------------------------------
*/
$message = preg_replace(
"/\[img\](.*?)\[\/img\]/i",
"<img src='$1' alt='' />",
$message
);
$message = preg_replace(
"/\[url\](.*?)\[\/url\]/i",
"<a href='$1'>$1</a>",
$message
);
$message = preg_replace(
"/\[url=(.*?)\](.*?)\[\/url\]/i",
"<a href='$1'>$2</a>",
$message
);
$message = "[message]".$message."[/message]";
$message = $database->escape($message);
/*
|--------------------------------------------------------------------------
| ALL PLAYERS
|--------------------------------------------------------------------------
*/
$result = mysqli_query(
$database->dblink,
"SELECT id
FROM ".TB_PREFIX."users
WHERE id > 5
ORDER BY id ASC"
);
$rows = [];
$time = time();
while ($user = mysqli_fetch_assoc($result)) {
$uid = (int)$user['id'];
$rows[] =
"(".
$uid.",".
"1,".
"'<span style=\"color:".$color.";\">".$subject."</span>',".
"'".$message."',".
"0,".
"0,".
"0,".
$time.",".
"0,".
"0,".
"0,".
"0,".
"0,".
"0".
")";
}
if (!empty($rows)) {
$sql =
"INSERT INTO ".TB_PREFIX."mdata
(
target,
owner,
topic,
message,
viewed,
archived,
send,
time,
deltarget,
delowner,
alliance,
player,
coor,
report
)
VALUES
".implode(",", $rows);
mysqli_query(
$database->dblink,
$sql
);
}
unset(
$_SESSION['mass_subject'],
$_SESSION['mass_message'],
$_SESSION['mass_color']
);
header("Location: ../../../Admin/admin.php?p=massmessage&done=1");
exit;
}
header("Location: ../../../Admin/admin.php?p=massmessage");
exit;
?>
+67 -24
View File
@@ -13,6 +13,7 @@
if (!isset($_SESSION)) {
session_start();
}
if (empty($_SESSION['access']) || $_SESSION['access'] < 9) {
die("Access Denied: You are not Admin!");
}
@@ -33,51 +34,93 @@ for ($i = 0; $i < 5; $i++) {
include_once($autoprefix . "GameEngine/Database.php");
// ---------------------------------------------------------------------------
// Input
// INPUT
// ---------------------------------------------------------------------------
$session = (int)($_POST['admid'] ?? 0);
$adminId = (int)($_SESSION['id'] ?? 0);
$uid = (int)($_POST['uid'] ?? 0);
$topic = trim($_POST['topic'] ?? 'Admin Message');
$message = trim($_POST['message'] ?? '');
// ---------------------------------------------------------------------------
// VALIDARE
// ---------------------------------------------------------------------------
if ($adminId <= 0) {
die("Invalid admin session.");
}
if ($uid <= 0 || $message === '') {
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=$uid&e=1");
exit;
}
// ---------------------------------------------------------------------------
// Verificare admin
// SANITIZARE
// ---------------------------------------------------------------------------
$admin = $database->getUserArray($session, 1);
if (!$admin || (int)$admin['access'] !== 9) {
die('<h1><font color="red">Access Denied: You are not Admin!</font></h1>');
}
// ---------------------------------------------------------------------------
// Insert mesaj
// ---------------------------------------------------------------------------
$time = time();
$topicEsc = $database->escape($topic);
$msgEsc = $database->escape($message);
$database->query(
"INSERT INTO " . TB_PREFIX . "mdata
(target, owner, topic, message, viewed, time, archive)
VALUES ($uid, 1, '$topicEsc', '$msgEsc', 0, $time, 0)"
);
$time = time();
// ---------------------------------------------------------------------------
// Log admin
// INSERT MESAJ (FULL FIX)
// ---------------------------------------------------------------------------
$sql = "
INSERT INTO " . TB_PREFIX . "mdata
(
target,
owner,
topic,
message,
viewed,
archived,
send,
time,
deltarget,
delowner,
alliance,
player,
coor,
report
)
VALUES
(
$uid,
$adminId,
'$topicEsc',
'$msgEsc',
0,
0,
0,
$time,
0,
0,
0,
0,
0,
0
)
";
$result = $database->query($sql);
if (!$result) {
die("Message insert failed: " . $database->getError());
}
// ---------------------------------------------------------------------------
// LOG ADMIN ACTION
// ---------------------------------------------------------------------------
$adminId = (int)$_SESSION['id'];
$logText = "Sent message to uid $uid: '$topicEsc'";
$logEsc = $database->escape($logText);
$logEsc = $database->escape($logText);
$database->query(
"INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`) " .
"VALUES (0, '$adminId', '$logEsc', $time)"
);
$database->query("
INSERT INTO " . TB_PREFIX . "admin_log (`id`, `user`, `log`, `time`)
VALUES (0, $adminId, '$logEsc', $time)
");
// ---------------------------------------------------------------------------
// REDIRECT SUCCESS
// ---------------------------------------------------------------------------
header("Location: ../../../Admin/admin.php?p=Newmessage&uid=" . $uid . "&msg=ok");
exit;
?>