Added user administration

You can now edit users within the admin panel, you can also ban them from the game.

TODO: Temporary bans

Author: ChristopherDay

init.php

@@ -31,9 +31,10 @@
 		$user = new user($_SESSION['userID']);
 
 		$user->updateTimer('laston', time());
-        
-		
-        if (!$user->checkTimer('jail')) {
+
+        if ($user->info->U_userLevel == 0 && $_GET["page"] != "logout") {
+            $page->loadPage('banned');
+        } else if (!$user->checkTimer('jail')) {
             if ($jailPageCheck["accessInJail"]) {
             	$page->loadPage($pageToLoad);
             } else {

modules/admin/admin.inc.php

@@ -7,7 +7,7 @@ class admin extends module {
         public function constructModule() {
 
             /* Redirect the user to the home page if they are a user */
-            if ($this->user->info->U_userLevel == 1) {
+            if ($this->user->info->U_userLevel != 2) {
                 header("Location:?page=loggedin");
                 exit;
             }

modules/admin/moduleInfo.php

@@ -14,7 +14,7 @@
 
 
 	new hook("customMenus", function ($user) {
-		if ($user && $user->info->U_userLevel != 1) {
+		if ($user && $user->info->U_userLevel == 2) {
 			return array(
 				"title" => "Admin", 
 	            "items" => array(

modules/blank/blank.inc.php modules/banned/banned.inc.phpmodules/blank/blank.inc.php renamed to modules/banned/banned.inc.php

@@ -1,13 +1,13 @@
 <?php
 
-    class blank extends module {
+    class banned extends module {
 
         public $allowedMethods = array();
 
 		public $pageName = '';
 
         public function constructModule() {
-            
+            $this->html .= $this->page->buildElement("error", array("text" => "This account has been banned!"));
         }
 
     }

modules/blank/blank.tpl.php modules/banned/banned.tpl.phpmodules/blank/blank.tpl.php renamed to modules/banned/banned.tpl.php

@@ -1,6 +1,6 @@
 <?php
 
-    class blankTemplate extends template {
+    class bannedTemplate extends template {
 
         public $blankElement = '';
 

modules/banned/moduleInfo.php

@@ -0,0 +1,14 @@
+<?php
+	$info = array(
+		"name" => "Banned User", 
+		"version" => "1.0.0", 
+		"description" => "This page is shown when a banned user logs in",
+		"author" => array(
+			"name" => "Chris Day", 
+			"url" => "http://glscript.cdcoding.com"
+		), 
+		"pageName" => "You Are Banned!",
+		"accessInJail" => true, 
+		"requireLogin" => true
+	);
+?>

modules/blank/moduleInfo.php

@@ -0,0 +1,31 @@
+<?php
+	$info = array(
+		"name" => "Users", 
+		"version" => "1.0.0", 
+		"description" => "This module allows a admin to edit users",
+		"author" => array(
+			"name" => "Chris Day", 
+			"url" => "http://glscript.cdcoding.com"
+		), 
+		"pageName" => "User Administration",
+		"accessInJail" => false, 
+		"requireLogin" => true, 
+		"admin" => array(
+			array(
+				"text" => "Find User", 
+				"method" => "view",
+			),
+			array(
+				"hide" => true,
+				"text" => "Edit User", 
+				"method" => "edit",
+			),
+			array(
+				"hide" => true,
+				"text" => "Delete User", 
+				"method" => "delete",
+			)
+		)
+	);
+
+?>

modules/users/moduleInfo.php

@@ -0,0 +1,143 @@
+<?php
+
+	class adminModule {
+
+		private function getUser($userID, $search = false) {
+
+			if ($userID === false) {
+				return array();
+			}
+
+			if ($search) {
+				$add = " WHERE U_id = :id OR U_name LIKE :search";
+			} else {
+				$add = " WHERE U_id = :id";
+			}
+			
+			$user = $this->db->prepare("
+				SELECT
+					U_id as 'id',  
+					U_name as 'name', 
+					U_userLevel as 'userLevel', 
+					(U_userLevel = 1) as 'isUser',  
+					(U_userLevel = 2) as 'isAdmin', 
+					(U_userLevel = 0) as 'isBanned', 
+					US_money as 'money', 
+					US_exp as 'exp', 
+					US_bank as 'bank', 
+					US_credits as 'credits', 
+					US_bullets as 'bullets', 
+					US_bio as 'bio', 
+					US_pic as 'pic'
+				FROM users
+				INNER JOIN userStats ON US_id = U_id
+				" . $add . "
+				ORDER BY U_name"
+			);
+			$user->bindParam(":id", $userID);
+
+			if ($search) {
+				$searchTerm = "%".$userID."%";
+				$user->bindParam(":search", $searchTerm);
+				$user->execute();
+				return $user->fetchAll(PDO::FETCH_ASSOC);
+			} else {
+				$user->execute();
+				return $user->fetch(PDO::FETCH_ASSOC);
+			}
+		}
+
+		private function validateUser($user) {
+			$errors = array();
+
+			if (strlen($user["name"]) < 6) {
+				$errors[] = "User name is to short, this must be atleast 5 characters";
+			}
+
+			return $errors;
+			
+		}
+
+		public function method_edit () {
+
+			if (!isset($this->methodData->id)) {
+				return $this->html = $this->page->buildElement("error", array("text" => "No user ID specified"));
+			}
+
+			$user = $this->getUser($this->methodData->id);
+
+			if (isset($this->methodData->submit)) {
+				$user = (array) $this->methodData;
+				$errors = $this->validateUser($user);
+
+				if (count($errors)) {
+					foreach ($errors as $error) {
+						$this->html .= $this->page->buildElement("error", array("text" => $error));
+					}
+				} else {
+					$update = $this->db->prepare("
+						UPDATE users SET U_name = :name, U_userLevel = :userLevel WHERE U_id = :id;
+						UPDATE userStats SET US_pic = :pic, US_bio = :bio, US_bullets = :bullets, US_credits = :credits, US_bank = :bank, US_exp = :exp, US_money = :money WHERE US_id = :id;
+					");
+					$update->bindParam(":name", $this->methodData->name);
+					$update->bindParam(":userLevel", $this->methodData->userLevel);
+					$update->bindParam(":pic", $this->methodData->pic);
+					$update->bindParam(":bio", $this->methodData->bio);
+					$update->bindParam(":bullets", $this->methodData->bullets);
+					$update->bindParam(":credits", $this->methodData->credits);
+					$update->bindParam(":bank", $this->methodData->bank);
+					$update->bindParam(":exp", $this->methodData->exp);
+					$update->bindParam(":money", $this->methodData->money);
+					$update->bindParam(":id", $this->methodData->id);
+					$update->execute();
+
+					$this->html .= $this->page->buildElement("success", array("text" => "This user has been updated"));
+
+				}
+
+			}
+
+			$user["editType"] = "edit";
+			$this->html .= $this->page->buildElement("userForm", $user);
+		}
+
+		public function method_delete () {
+
+			if (!isset($this->methodData->id)) {
+				return $this->html = $this->page->buildElement("error", array("text" => "No user ID specified"));
+			}
+
+			$user = $this->getUser($this->methodData->id);
+
+			if (!isset($user["id"])) {
+				return $this->html = $this->page->buildElement("error", array("text" => "This user does not exist"));
+			}
+
+			if (isset($this->methodData->commit)) {
+				$delete = $this->db->prepare("
+					DELETE FROM users WHERE C_id = :id;
+				");
+				$delete->bindParam(":id", $this->methodData->id);
+				$delete->execute();
+
+				header("Location: ?page=admin&module=users");
+
+			}
+
+
+			$this->html .= $this->page->buildElement("userDelete", $user);
+		}
+
+		public function method_view () {
+			
+			if (!isset($this->methodData->user)) {
+				$this->methodData->user = false;
+			}
+
+			$this->html .= $this->page->buildElement("userList", array(
+				"users" => $this->getUser($this->methodData->user, true)
+			));
+
+		}
+
+	}