Cronwerks MCCode/MCCodes Forums

Please login or register.

Login with username, password and session length

News:

Register your account to receive email notifications when new services and mods are added.


This forum is now closed and has moved to a new location! Click here to find out why.

AuthorTopic: Secured Viewuser.php  (Read 498 times)

JoshuaDams

  • Active Member
  • **
  • Reputation Power: 129
  • JoshuaDams is working their way up.JoshuaDams is working their way up.JoshuaDams is working their way up.
  • Offline Offline
  • Posts: 240
    • MSN Messenger - immortalthug4ever@hotmail.com
    • View Profile
    • WWW
Secured Viewuser.php
« on: February 07, 2010, 05:34:26 AM »
Ok, I will be adding to this as well as a "visual" update.  I had a few minutes and just HAD to get rid of the select * crap and a few other things that bugged me

Hasnt been tested, any bugs I'll fix when i wake up =P

Code: [Select]
<?php
/*
MCCodes Lite v2
Copyright (C) 2009-2010 Cronwerks.com
MCCodes Lite original copyright held by Dabomstew(MCCodes.com)

Director:
Username Here
http://www.mywebsite.com

Other Developers:
1. ImmortalThug - http://www.cronwerks.com/forum/profile/ImmortalThug/
2. Username_Here - http://www.cronwerks.com/forum/profile/Username_Here/
3. Username_Here - http://www.cronwerks.com/forum/profile/Username_Here/
4. Username_Here - http://www.cronwerks.com/forum/profile/Username_Here/
5. Username_Here - http://www.cronwerks.com/forum/profile/Username_Here/
*/
session_start();
require "global_func.php";
if($_SESSION['loggedin']==0) { header("Location: login.php");exit; }
$userid=$_SESSION['userid'];
require "header.php";
$h = new headers;
$h->startheaders();
include "mysql.php";
global $c;
$is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error());
$ir=mysql_fetch_array($is);
check_level();
$fm=money_formatter($ir['money']);
$lv=date('F j, Y, g:i a',$ir['laston']);
$h->userdata($ir,$lv,$fm);
$h->menuarea();

       $_GET['ID'] = isset($_GET['ID']) && is_numeric($_GET['ID']) ? abs(@intval($_GET['ID'])) : false;
  if(!$_GET['u'])
 {
  echo "Invalid use of file";
 $h->endpage();
  exit;
 }

else
{
$q=mysql_query("SELECT u.`userid`,u.`username`,u.`money`,u.`gender`,u.`user_level`,u.`laston`,u.`signedup`,u.`duties`,u.`gender`,u.`daysold`,u.`location`,u.`staffnotes`,u.`lastip`,u.`hospital`,u.`fedjail`,u.`hp`,u.`maxhp`,u.`level`,u.`display_pic,us.`strength`,us.`guard`,us.`agility`,us.`labour`,us.`IQ`,c.`cityname`,h.`hNAME`,f.`fed_days`,f.`fed_reason`                   
                  FROM `users` u 
                   LEFT JOIN `userstats` us 
                    ON u.`userid`=us.`userid` 
                     LEFT JOIN `cities` c 
                      ON u.`location`=c.`cityid` 
                       LEFT JOIN `houses` h 
                        ON u.`maxwill`=h.`hWILL` 
                         LEFT JOIN `fedjail` f 
                          ON f.`fed_userid`=u.`userid` 
                           WHERE u.`userid`={$_GET['u']}",$c);

  if(!mysql_num_rows($q))
 {
   echo "Sorry, we could not find a user with that ID, check your source.";
  $h->endpage();
    exit;
 }
   else
 {
  $r=mysql_fetch_array($q);

$checkulevel = array(
'0' => 'NPC',
'1' => 'Member',
'2' => 'Owner'
);
     $userl $checkulevel[$r['user_level']];




  $lon=date('F j, Y g:i:s a',$r['laston']);
   $sup=date('F j, Y g:i:s a',$r['signedup']);
  $ts=$r['strength']+$r['agility']+$r['guard']+$r['labour']+$r['IQ'];
   $d="";
  $la=time()-$r['laston'];
   $unit="seconds";
  if($la >= 60)
 {
  $la=(int) ($la/60);
 $unit="minutes";
  }
 if($la >= 60)
  {
 $la=(int) ($la/60);
  $unit="hours";
 if($la >= 24)
  {
 $la=(int) ($la/24);
  $unit="days";
 }
  }

if($r['laston'] >= time()-15*60

$on="<font color=green><b>Online</b></font>"

else 

$on="<font color=red><b>Offline</b></font>"
}
echo "<h3>Profile for ".stripslashes($r['username'])."</h3>
<table width=75%><tr style='background:gray'><th>General Info</th><th>Financial Info</th> <th>Display Pic</th></tr>
<tr><td>Name: ".stripslashes($r['username'])." [{$r['userid']}] $d<br />
User Level: $userl<br />
Duties: {$r['duties']}<br />
Gender: {$r['gender']}<br />
Signed Up: $sup<br />
Last Active: $lon<br />
Last Action: $la $unit ago<br />
Online: $on<br />
Days Old: {$r['daysold']}<br />
Location: ".stripslashes(htmlspecialchars($r['cityname']))."</td><td>
Money: \$".number_format($r['money'])."<br />
Property: ".stripslashes($r['hNAME'])."<br />
</td> <td rowspan='2'>";

if(!@getimagesize($r['display_pic']))
{
echo "Image not Available";
exit;
}

else if($r['display_pic'])
{
echo "<img src='".strip_tags($r['display_pic'])."' width='150' height='150' alt='User Display Pic' title='User Display Pic' />";
}
else
{
echo "This user has no display pic!";
}
echo "</td></tr>
<tr style='background:gray'><th>Physical Info</th><th>Links</th></tr>
<tr><td>Level: ".$r['level']."<br />
Health: {$r['hp']}/{$r['maxhp']}<br />";
if($r['fedjail'])
{
echo "<br /><b><font color=red>In federal jail for ".number_format($r['fed_days'])." day(s).<br />
{$r['fed_reason']}</font>";
}
if($r['hospital'])
{
echo "<br /><b><font color=red>In hospital for {$r['hospital']} minutes.<br />".stripslashes(htmlspecialchars($r['hospreason']))."</font></b>";
}
if($ir['user_level'] == 2)
{
echo "<br />IP Address: {$r['lastip']}";
echo "<form action='staffnotes.php' method='post'>
Staff Notes: <br />
<textarea rows=7 cols=40 name='staffnotes'>{$r['staffnotes']}</textarea>
<br /><input type='hidden' name='ID' value='{$_GET['u']}' />
<input type='submit' value='Change' /></form>";
}
print "</td><td>[<a href='mailbox.php?action=compose&ID={$r['userid']}'>Send Mail</a>]<br /><br />
[<a href='sendcash.php?ID={$r['userid']}'>Send Cash</a>]<br /><br />
[<a href='attack.php?ID={$r['userid']}'>Attack</a>]";
print "</td></tr></table>";
}
}
$h->endpage();
?>
Logged
Purified Gaming.com
 


This forum is now closed and has moved to a new location! Click here to find out why.