09 Staffpanel

Started by Mindless, July 21, 2012, 08:58:19 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

BamBam0077

Thankyou once again for such great code :-).

Will have to try these out.

cheers,

Bam!.
"When Darkness Shadows Your Doubts, Deep Within Us Is Our Key, Not Success But Everything" ~ Anonymous

Mindless

#1
Credits to Alex2005.
Xhtml Valid
Uses exsisting admin.php for accessing all staff tools
02/07/10

Description
This is a staff panel, created by me from scratch, and it is for the staff members to keep track of the pages that they have access to...
Key features


  • configurable, allow users from different classes to add, edit or even delete easily
  • easy to add/remove classes
  • easy to add/edit/delete pages
  • a nice add/edit form with very thorough checking of the inputed data
  • secured and optimized
FAQ

  • How to configure and add/remove classes?
    Very easy, you will see the default $staff_classes array i made, near the top...

Code (php) Select
$staff_classes = array(
UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false,    'log' => true),
UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false,    'log' => true),
UC_SYSOP => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false)
       );

To add a class, simply add a new line to the array, let's say i want to add a new class, UC_OWNER, that cand add, edit but not delete pages, and it's actions will be logged, and let's put it in order, it would become

Code (php) Select
$staff_classes = array(
UC_MODERATOR => array('add' => false, 'edit' => false, 'delete' => false,    'log' => true),
UC_ADMINISTRATOR => array('add' => false, 'edit' => false, 'delete' => false,    'log' => true),
UC_SYSOP => array('add' => true, 'edit' => true, 'delete' => true, 'log' => false),
UC_OWNER => array('add' => true, 'edit' => true, 'delete' => false, 'log' => true)
       );

To remove a class, simply remove the line of code, or better yet, comment it(// commeted line)

You will notice the add, edit, delete and log in the arrays, those are the permissions the users in those classes have(exept for the log, if set to true, it will log the actions of the users in a class), simply change to true or false, to whatever you want the users in those classes to have access to, and that's all, php does the rest.

I've also added some comments on what all of those do, if you ever forgot, i mean this of course

Code (php) Select
/**
* Staff classes config
*
* UC_XYZ  : integer -> the name of the defined class
*
* Options for a selected class
** add : boolean -> enable/disable page adding
** edit   : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log : boolean -> enable/disable the loging of the actions
*
* @result $staff_classes array();
*/


  • Why am i getting Error     Access Denied!
    That's because your class isn't in the staff classes array, see #1.

  • Why cant i see the links to add, delete or edit the pages
    Not cofigured right for your class, see #1.

  • Why after i made some changes to the staff classes array, one of the panels table color turned to black?
    That's because you've removed one of the classes from the array, but the class is still in the database, and it's just a simply reminder that the users in that class can't see those pages(or the panel).


  • Why am i getting html instead of the expected links or whatever it should be?
    That's because you have the htmlstrip in the stdmsg function set to true, by default, and thus the html code is escaped.
    How to fix, find the stdmsg(); functions in the php file and add , false after the heading, and the text, like

    Code (php) Select
    stdmsg('Options', '<a href="'.$_SERVER['PHP_SELF'].'?action=add" title="Add a new page">Add a new page</a>', false);


      Notice the
    ,false which turns off the escaping of the html characters.

  • If you want the classes to be colored, you will need the get_user_class_color() function, here it is

    Code (php) Select
    function get_user_class_color($class)
    {
    switch ($class)
    {
    case UC_PEASANT: return "000000";
    case UC_USER: return "ff0000";
    case UC_POWER_USER: return "ee";
    case UC_VIP: return "dd0000";
    case UC_UPLOADER: return "cc0000";
    case UC_MODERATOR: return "bb0000";
    case UC_ADMINISTRATOR: return "aa0000";
    case UC_SYSOP: return "990000";
    }
    return "";
    }


    If you have another one, please be sure that it doesn't already has # in front of the colour codes, because in the php file, there are already there.
    Well, i hope i didn't forgot anything,
    Enjoy


    Run the sql :

    Code
    SQL

    Code (sql) Select
    CREATE TABLE `staffpanel` (
      `id` int(10) unsigned NOT NULL auto_increment,
      `page_name` varchar(80) collate utf8_unicode_ci NOT NULL,
      `file_name` varchar(80) collate utf8_unicode_ci NOT NULL,
      `description` varchar(100) collate utf8_unicode_ci NOT NULL default '',
      `av_class` tinyint(3) unsigned NOT NULL default '0',
      `added_by` int(10) unsigned NOT NULL default '0',
      `added` int(10) unsigned NOT NULL default '0',
      PRIMARY KEY  (`id`),
      UNIQUE KEY `file_name` (`file_name`),
      KEY `av_class` (`av_class`)
    ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;



    Save and upload staffpanel.php to root :

    Code (php) Select
    <?php
    /****************************************************************\
    * Staff panel for the TBDEV source code                          *
    * -------------------------------------------------------------- *
    * An easy to config staff panel for different staff classes,     *
    * with different options for each class, like add, edit, delete  *
    * the pages and to log the actions.                              *
    * -------------------------------------------------------------- *
    * @author: Alex2005 for TBDEV.NET                                *
    * @Conversion: Bigjoos for TBDEV.NET 09                          *
    * @copyright: Alex2005                                           *
    * @package: Staff Panel                                          *
    * @category: Staff Tools                                         *
    * @version: v1.10 04/07/2008                                     *
    * @license: GNU General Public License                           *
    \****************************************************************/
    require_once("include/bittorrent.php");
    require_once(
    "include/user_functions.php");
    require_once(
    "include/html_functions.php");
    dbconn(false);
    loggedinorreturn();

    $lang array_mergeload_language('global') );

    $HTMLOUT ='';

    /**
    * Staff classes config
    *
    * UC_XYZ  : integer -> the name of the defined class
    *
    * Options for a selected class
    ** add    : boolean -> enable/disable page adding
    ** edit   : boolean -> enable/disable page editing
    ** delete : boolean -> enable/disable page deletion
    ** log    : boolean -> enable/disable the loging of the actions
    *
    * @result $staff_classes array();
    */
    $staff_classes = array(
    UC_MODERATOR  => array('add' => false 'edit' => false 'delete' => false,    'log' => true),
    UC_ADMINISTRATOR  => array('add' => false 'edit' => false 'delete' => false,    'log' => true),
    UC_SYSOP  => array('add' => true 'edit' => true 'delete' => true, 'log' => false)
      );

    if (!isset(
    $staff_classes[$CURUSER['class']]))
    stderr('Error''Access Denied!');

    $action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
    $id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
    $class_color = (function_exists('get_user_class_color') ? true false);

        if (
    $action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
        {
      $sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');

      $res mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE____LINE__);
      $arr mysql_fetch_assoc($res);

      if ($CURUSER['class'] < $arr['av_class'])
    stderr('Error''You are not allowed to delete this page.');

      if (!$sure)
    stderr('Sanity check''Are you sure you want to delete this page: "'.htmlspecialchars($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&amp;id='.$id.'&amp;sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');

      mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE____LINE__);

      if (mysql_affected_rows())
      {
    if ($staff_classes[$CURUSER['class']]['log'])
    write_log('Page "'.$arr['page_name'].'"('.($class_color '<font color="#'.get_user_class_color($arr['av_class']).'">' '').get_user_class_name($arr['av_class']).($class_color '</font>' '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color '<font color="#'.get_user_class_color($CURUSER['class']).'">' '').get_user_class_name($CURUSER['class']).($class_color '</font>' '').')');

    header('Location: '.$_SERVER['PHP_SELF']);
    exit();
      }
      else
    stderr('Error''There was a database error, please retry.');
        }
        else if ((
    $action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
        {
     $names = array('page_name''file_name''description''av_class');

     if ($action == 'edit')
     {
     $res mysql_query('SELECT '.implode(', '$names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE____LINE__);
     $arr mysql_fetch_assoc($res);
     }

     foreach ($names as $name)
     $$name htmlspecialchars((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' $arr[$name] : '')));

     if ($action == 'edit' && $CURUSER['class'] < $av_class)
    stderr('Error''You are not allowed to edit this page.');

     if ($_SERVER['REQUEST_METHOD'] == 'POST')
     {
    $errors = array();

    if (empty($page_name))
    $errors[] = 'The page name cannot be empty.';

    if (empty($file_name))
    $errors[] = 'The filename cannot be empty.';

    if (empty($description))
    $errors[] = 'The description cannot be empty.';

    if (!isset($staff_classes[$av_class]))
    $errors[] = 'The selected class is not a valid staff class.';

    if (!is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/'$file_name))
    $errors[] = 'Inexistent php file.';

    if (strlen($page_name) < && !empty($page_name))
    $errors[] = 'The page name is too short (min 4 chars).';

    if (strlen($page_name) > 80)
    $errors[] = 'The page name is too long (max 30 chars).';

    if (strlen($file_name) > 80)
    $errors[] = 'The filename is too long (max 30 chars).';

    if (strlen($description) > 100)
    $errors[] = 'The description is too long (max 100 chars).';

    if (empty($errors))
    {
    if ($action == 'add')
    {
    $res mysql_query("INSERT INTO staffpanel (page_name, file_name, description, av_class, added_by, added) ".
       "VALUES (".implode(", "array_map("sqlesc", array($page_name$file_name$description, (int)$av_class, (int)$CURUSER['id'], time()))).")");

    if (!$res)
    {
    if (mysql_errno() == 1062)
    $errors[] = "This filename is already submited.";
    else
    $errors[] = "There was a database error, please retry.";
    }
    }
    else
    {
    $res mysql_query("UPDATE staffpanel SET page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE____LINE__);

    if (!$res)
    $errors[] = "There was a database error, please retry.";
    }

    if (empty($errors))
    {
    if ($staff_classes[$CURUSER['class']]['log'])
    write_log('Page "'.$page_name.'"('.($class_color '<font color="#'.get_user_class_color($av_class).'">' '').get_user_class_name($av_class).($class_color '</font>' '').') in the staff panel was '.($action == 'add' 'added' 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color '<font color="#'.get_user_class_color($CURUSER['class']).'">' '').get_user_class_name($CURUSER['class']).($class_color '</font>' '').')');

    header('Location: '.$_SERVER['PHP_SELF']);
    exit();
    }
    }
    }


    $HTMLOUT .= begin_main_frame();

    if (!empty($errors))
    {
    $HTMLOUT .= stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.''<b>'.implode('<br />'$errors).'</b>');
    $HTMLOUT .="<br />";
    }


      
    $HTMLOUT .="<form method='post' action='{$_SERVER['PHP_SELF']}'>
    <input type='hidden' name='action' value='
    {$action}' />";
    if ($action == 'edit')
    {
      
    $HTMLOUT .="<input type='hidden' name='id' value='{$id}' />";
    }


        
    $HTMLOUT .="<table cellpadding='5' width='100%' align='center'>
        <tr class='colhead'>
        <td colspan='2'>
         "
    .($action == 'edit' 'Edit "'.$page_name.'"' 'Add a new').' page'."</td>
        </tr>
        <tr>
        <td class='rowhead' width='1%'>Page name</td><td align='left'><input type='text' size='50' name='page_name' value='
    {$page_name}' /></td>
        </tr>
        <tr>
        <td class='rowhead'>Filename</td><td align='left'><input type='text' size='50' name='file_name' value='
    {$file_name}' /><b></b></td>
        </tr>
        <tr>
        <td class='rowhead'>Description</td><td align='left'><input type='text' size='50' name='description' value='
    {$description}' /></td>
        </tr>
        <tr>
        <td class='rowhead'><span style='white-space: nowrap;'>Available for</span></td>
        <td align='left'>
        <select name='av_class'>"
    ;
      
         foreach (
    $staff_classes as $class => $value)
         {
         if (
    $CURUSER['class'] < $class)
         continue;
         
    $HTMLOUT .= '<option'.($class_color' style="background-color:#'.get_user_class_color($class).';"' '').' value="'.$class.'"'.($class == $av_class ' selected="selected"' '').'>'.get_user_class_name($class).'</option>';
         }
         
       $HTMLOUT .="</select>
         </td>
         </tr>
         </table>
        
         <table class='main'>
         <tr>
         <td align='center'></td>
         <td style='border:none;' align='center'><input type='submit' value='Submit' /></td>
         <td style='border:none;'>
         <form method='post' action='
    {$_SERVER['PHP_SELF']}'><input type='submit' value='Cancel' /></form>
     </td>
         </tr>
         </table></form>"
    ;
       
      $HTMLOUT .= end_main_frame(); 
      print stdhead('Staff Panel :: '.($action == 'edit' 'Edit "'.$page_name.'"' 'Add a new').' page') . $HTMLOUT stdfoot();
        }
        else
        { 
      $HTMLOUT .= begin_main_frame();
      $HTMLOUT .="<h1 align='center'>Welcome {$CURUSER['username']} to the Staff Panel!</h1><br />";

      if ($staff_classes[$CURUSER['class']]['add'])
      {
    $HTMLOUT .= stdmsg('Options''<a href="staffpanel.php?action=add" title="Add a new page">Add a new page</a>');
      $HTMLOUT .="<br />";
      }

      $res mysql_query('SELECT staffpanel.*, users.username '.
       'FROM staffpanel '.
       'LEFT JOIN users ON users.id = staffpanel.added_by '.
       'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
       'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE____LINE__);
    if (mysql_num_rows($res) > 0)
    {
    $db_classes $unique_classes $mysql_data = array();
    while ($arr mysql_fetch_assoc($res))
    $mysql_data[] = $arr;

    foreach ($mysql_data as $key => $value)
    $db_classes[$value['av_class']][] = $value['av_class'];

    $i=1;
    foreach ($mysql_data as $key => $arr)
    {
      $end_table = (count($db_classes[$arr['av_class']]) == $i true false);

    if (!in_array($arr['av_class'], $unique_classes))
    {
    $unique_classes[] = $arr['av_class'];

          
    $HTMLOUT .="<table cellpadding='5' width='100%' align='center'". (!isset($staff_classes[$arr['av_class']]) ? 'style="background-color:#000000;"' '').">
          <tr>
          <td colspan='4' align='center'>
          <h2>"
    .($class_color '<font color="#'.get_user_class_color($arr['av_class']).'">' '').get_user_class_name($arr['av_class']).' Panel'.($class_color '</font>' '')."</h2>
          </td>
          </tr>
          <tr align='center'>
          <td class='colhead' align='left' width='100%'>Page name</td>
          <td class='colhead'><span style='white-space: nowrap;'>Added by</span></td>
          <td class='colhead'><span style='white-space: nowrap;'>Date added</span></td>"
    ;
          
          if (
    $staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
          {
          
    $HTMLOUT .="<td class='colhead'>Links</td>";
          }
          
    $HTMLOUT .="</tr>";
    }

    $HTMLOUT .="<tr align='center'>
    <td align='left'>
          <a href='"
    .htmlspecialchars($arr['file_name'])."' title='".htmlspecialchars($arr['page_name'])."'>
          "
    .htmlspecialchars($arr['page_name'])."</a><br /><font class='small'>".htmlspecialchars($arr['description'])."</font>
    </td>
          <td>
      <a href='userdetails.php?id="
    .(int)$arr['added_by']."'>{$arr['username']}</a>
          </td>
          <td>
          <span style='white-space: nowrap;'>"
    .get_date($arr['added'], 'LONG',0,1)."<br /></span>
          </td>"
    ;
    if ($staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
    {
    $HTMLOUT .="<td>
          <span style='white-space: nowrap;'>"
    ;
    if ($staff_classes[$CURUSER['class']]['edit'])
    {
    $HTMLOUT .="<b>[</b><a href='staffpanel.php?action=edit&amp;id=".(int)$arr['id']."' title='Edit'>E</a><b>]</b>";
    }

      if ($staff_classes[$CURUSER['class']]['delete'])
    {
    $HTMLOUT .="<b>[</b><a href='staffpanel.php?action=delete&amp;id=".(int)$arr['id']."' title='Delete'>D</a><b>]</b>";
    }
    $HTMLOUT .="</span>
    </td>"
    ;
    }
    $HTMLOUT .="</tr>";

    $i++;
    if ($end_table)
    {
      $i=1;
    $HTMLOUT .="</table><br />";
    }
      }
        }
        else
      $HTMLOUT .= stdmsg('Sorry''Nothing found.');
        $HTMLOUT .= end_main_frame(); 
    print 
    stdhead("Staff Panel") . $HTMLOUT stdfoot();
    }
    ?>


    Now add all your tools to your staffpanel in the following format

    Code (php) Select
    admin.php?action=adduser

    Thats for all tools you have in admin folder - Note if you have them in root then its just toolname.php.