<?php  
$title = "Админ панель";  
include("header.php");  
?>

<?php
if ($stat[rank] != Админ) {
print "<br>В доступе отказано.";
include("footer.php");
exit;
}
?>
<table width="95%" cellpadding="3" cellspacing="3" align="center" class="tab">
<tr class="trhead"><td colspan="3" align="center">Админ панель | <a href="moder.php">Модер панель</a> | <a href="staff.php">Тест панель</a></td></tr>
<tr align="center" class="tr">
<td><A href=admin.php?view=unban>Амнистия</a></td>
<td><A href=admin.php?view=addnews>Новости</a></td>
<td><A href=admin.php?view=del>Удалить игрока</a></td>
</tr>
<tr align="center" class="tr">
<td><a href=admin.php?view=donate>Выдать золото</a></td>
<td><a href=admin.php?view=takeaway>Забрать золото</a></td>
<td><a href=admin.php?view=takeawayp>Забрать платину</a></td>
</tr>
<tr align="center" class="tr">
<td><a href=admin.php?view=tags>Аббривеатура</a></td>
<td><a href=admin.php?view=equipment>Добавить вещь</a></td>
<td><A href=edititems.php>Редактировать вещь</a></td>
</tr>
<tr class="tr">
<td colspan="3" align="center"><a href=admin.php?view=add>Изменить статус</a></td>
</tr>
<tr align="center" class="tr">
<td><a href="admin.php?view=clearf">Очистить форум</a></td>
<td><a href="admin.php?view=clearc">Очистить чат</a></td>
<td><a href=admin.php?view=adminlog>Админ. логи</a></td>
</tr>
<tr class="tr">
<td colspan="3" align="center"><a href="banned.php?view=del">Список забаненых</a></td>
</tr>
<tr align="center" class="tr">
<td><a href=admin.php?view=banuserc>Забанить в чате</a></td>
<td><a href=admin.php?view=banuserf>Забанить на форуме</a></td>
<td><a href=admin.php?view=banusers>Забанить в игре</a></td>
</tr></table><br>

<?php
if ($view == adminlog) {
print "Админ. логи:<hr>";
$asel = mysql_query("select * from adminlog order by id desc");
while ($arm = mysql_fetch_array($asel)) {
print "$arm[id] |[ <b>$arm[log]</b> | $arm[reason] <a href=admin.php?view=deleteadminlog&id=$arm[id]><img src=images/trash.gif></a><hr>";
}
}
if ($view == deleteadminlog) {
mysql_query("delete from adminlog where id=$id");
print "Adminlog has been cleared for logid $id";
}
if ($view == 'addnews') {
print "<table width=\"95%\" cellpadding=\"3\" cellspacing=\"3\" align=\"center\" class=\"tab\">
<tr class=\"trhead\"><form method=post action=moder.php?view=addnews&step=add>
<td colspan=\"2\"><b>Добавить новость</b></td></tr>
<tr class=\"tr\"><td>Заголовок:</td><td><input type=text name=addtitle size=31></td></tr>
<tr class=\"tr\"><td valign=top>Новость:</td><td><textarea name=addnews rows=7 cols=60></textarea></td></tr>
<tr class=\"tr\"><td> </td><td><input type=submit value=\"Добавить новость\"></td></tr>
</form></table><br>";

if ($step == add) {
  $addtitle = str_replace($remove_these, "", "$addtitle");
  $addnews = str_replace($remove_these, "", "$addnews");
  $addtitle = htmlspecialchars($addtitle);
  $addnews = htmlspecialchars($addnews);
  if (empty ($addtitle) || empty ($addnews)) {
   print "Duh... fill out all fields.";
   include("footer.php");
   exit;
  }
  mysql_query("insert into news (starter, title, news) values('$stat[user]','$addtitle','$addnews')") or die("Could not add news.");
  print "News Added.";
  }
}

if ($view == del) {
print "<table width=\"95%\" cellpadding=\"3\" cellspacing=\"3\" align=\"center\" class=\"tab\">
<tr class=\"trhead\"><form method=post action=moder.php?view=del&step=del>
<td colspan=\"2\"><b>Удалить игрока</b></td></tr>
<tr class=\"tr\"><td>ID номер:</td><td><input type=text name=did> <input type=submit value=Удалить></td></tr></form></table>";
if ($step == del) {
$did = str_replace($remove_these, "", "$did");
$did = htmlspecialchars($did);
if ($did != 1) {
mysql_query("delete from players where id=$did");
print "You deleted ID $did.";
} else {
print "No deleting the owner.";
}}}

if ($view == donate) {
print "<table width=\"95%\" cellpadding=\"3\" cellspacing=\"3\" align=\"center\" class=\"tab\">
<form method=post action=moder.php?view=donate&step=donated><tr class=\"trhead\"><td colspan=\"2\"><b>Выдать золото</b></td></tr>
<tr class=\"tr\"><td>ID номер:</td><td> <input type=text name=id></td></tr>
<tr class=\"tr\"><td>Сумма:</td><td> <input type=text name=amount></td></tr>
<tr class=\"tr\"><td> </td><td><input type=submit value=Выдать></td></tr>
</form></table>";
if ($step == donated) {
  $amount = str_replace($remove_these, "", "$amount");
  $amount = htmlspecialchars($amount);
  $id = str_replace($remove_these, "", "$id");
  $id = htmlspecialchars($id);
  if ($amount < 0 ) {
  print "you can not do that you loony";
  include("footer.php");
  exit;
  }
  mysql_query("update players set gold=gold+$amount where id=$id");
  mysql_query("insert into log (owner,log) values('1','$stat[user] donated id $id, $amount gold.')");
  print "Money Donated";
  include("footer.php");
  exit;
  }
}

if ($view == takeaway) {
print "<table width=\"95%\" cellpadding=\"3\" cellspacing=\"3\" align=\"center\" class=\"tab\"><tr class=\"trhead\">
<form method=post action=moder.php?view=takeaway&step=takenaway><td colspan=\"2\"><b>Забрать золото</b></td></tr>
<tr class=\"tr\"><td>ID номер: </td><td><input type=text name=id></td></tr><br>
<tr class=\"tr\"><td>Сумма: </td><td><input type=text name=taken></td></tr>
<tr class=\"tr\"><td></td><td><input type=submit value=Забрать></td></tr></form></table><br>";
if ($step == takenaway) {
  $id = str_replace($remove_these, "", "$id");
  $id = htmlspecialchars($id);
  $taken = str_replace($remove_these, "", "$taken");
  $taken = htmlspecialchars($taken);
  if ($taken < 0 ) {
  print "you can not do that you loony";
  include("footer.php");
  exit;
  }
  mysql_query("update players set gold=gold-$taken where id=$id");
  print "$taken gold Has Been Taken Away From $id";
  include("footer.php");
  exit;
  }
}

if ($view == takeawayp) {
  print "<table><form method=post action=admin.php?view=takeawayp&step=takenawayp>
  <tr><td colspan=2 align=center>Take Away Platinum</td></tr>
  <tr><td>ID: </td><td><input type=text name=id></td></tr><br>
  <tr><td>Admin: </td><td><input type=text name=taken></td></tr>
  <tr><td colspan=2 align=center><input type=submit value=Add></form></td></tr></table>";
if ($step == takenawayp) {
  $id = str_replace($remove_these, "", "$id");
  $id = htmlspecialchars($id);
  $taken = str_replace($remove_these, "", "$taken");
  $taken = htmlspecialchars($taken);
  if ($taken < 0 ) {
  print "you can not do that you loony";
  include("footer.php");
  exit;
  }
  mysql_query("update players set platinum=platinum-$taken where id=$id");
  print "$taken platinum Has Been Taken Away From $id";
  include("footer.php");
  exit;
  }
}

if ($view == add) {
print "<table>
<form method=post action=admin.php?view=add&step=add>
<tr><td colspan=2 align=center>Изменить статус</td></tr>
<tr><td>ID:</td><td><input type=text name=aid></td></tr>
<tr><td>Ранг:</td><td><select name=rank><option value=Игрок>Игрок</option><option value=Модер>Модер</option><option value=Админ>Админ</option><option value=Тестер>Тестер</option></select></td></tr>
<tr><td> </td><td><input type=submit value=Изменить></td></tr>
</table></form>";
if ($step == add) {
$aid = str_replace($remove_these, "", "$aid");
$aid = htmlspecialchars($aid);
if ($aid != 1) {
mysql_query("update players set rank='$rank' where id=$aid");
print "Ранг изменён. ID <b>$aid</b> теперь <b>$rank</b>";
}
}
}

if ($view == tags) {
  print "<table>
  <form method=post action=admin.php?view=tags&step=tag>
  <tr><td colspan=2 align=center>Give Tags</td></tr>
  <tr><td>ID:</td><td><input type=text name=tag_id size=5></td></tr>
  <tr><td>Tag:</td><td><input type=text size=5 name=tag></td></tr>
  <tr><td colspan=2 align=center><input type=submit value=Tag></td></tr>
  </table>
  </form>";
  if ($step == tag) {
  $tag_id = str_replace($remove_these, "", "$tag_id");
  $tag_id = htmlspecialchars($tag_id);
    if ($tag_id != 1) {
   mysql_query("update players set tag='$tag' where id=$tag_id");
   print "You gave ID <b>$tag_id</b> the <b>$tag</b> tag.";
   } else {
    print "No Changing the Owners Tag!";
   }
  }
}

if ($view == clearf) {
  mysql_query("delete from threads");
  mysql_query("delete from replies");
  print "You cleared the forums.";
}

if ($view == clearc) {
  mysql_query("delete from chat");
print "<table width=\"95%\" cellpadding=\"3\" cellspacing=\"3\" align=\"center\" class=\"tab\"><tr class=\"tr\"><td align=\"center\">Чат зачищен</td></tr></table>";
}

if ($view == equipment) {
print "<table><form method=post action=admin.php?view=equipment&step=add>
<tr><td colspan=2 align=center>Добавить вещь</td></tr>
<tr><td>Тип:</td><td><select name=type id=type><option value=W>Оружие</option><option value=A>Доспехи</option><option value=F>Продукт</option><option value=D>Напиток</option></select></td></tr>
<tr><td>Рисунок:</td><td><input type=text name=pic></td></tr>
<tr><td>Название:</td><td><input type=text name=name></td></tr>
<tr><td>Сила:</td><td><input name=power type=number id=power></td></tr>
<tr><td>Цена:</td><td><input type=number name=cost></td></tr>
<tr><td>Мин. Уровень:</td><td><input type=number name=minlev></td></tr>
<tr><td colspan=2 align=center><input type=submit value=Добавить></td></tr>
</form></table>";

if ($step == add) {
$aid = str_replace($remove_these, "", "$aid");
$aid = htmlspecialchars($aid);
if ($aid != 1) {
if (empty ($name) || empty ($power) || empty ($cost)) {
print "Duh... fill out all fields.";
include("footer.php");
exit;
}
$sql = "INSERT INTO equipment ( id , pic, owner , name , power , status , type , cost , minlev ) ";
$sql .= "VALUES ( '', '".$pic."', '0', '".$name."', '".$power."', 'S', '".$type."', '".$cost."', '".$minlev."' )";
mysql_query("$sql");
print "<hr>Вы добавили:<br><b>$name</b> ($type) | Cила <b>$power</b> | Цена <b>$cost</b> | Миним. уровень <b>$minlev</b>.";
}}}

// $currentb is for specified user stats, use it like $currentn[user] to get a players name
$currentb = mysql_fetch_array(mysql_query("select * from players where id='$banu'"));
// names user from id $banu
$uname = $currentb['user'];
// $baninfo is for finding current band players
$baninfo = mysql_fetch_array(mysql_query("select * from banned where user='$currentb[user]'"));
// finds banned user with $uname
$bname = $baninfo['user'];

if ($view == 'banusers') {
  print "<center>Ban user from the website.<br></center>";
  print "<form method=post action=admin.php?view=banusers&step=banu>Ban User ID <input type=text size=3 name=banu> <input type=submit value=Ban></form>";
  if ($step == banu) {
   $banu = htmlspecialchars($banu);
   if ($banu == 1) {
    print "No Banning the owner.";
    end;
   } else {
   if ($uname != $bname) {
    mysql_query("insert into banned (user, ip, site, chat, forums, userid) values('$currentb[user]','$currentb[ip]','Yes','Yes','Yes','$banu')") or die("Could not Ban.");
    print "You Banned ID: $banu and User: $currentb[user] from the website.";
   } else {
    mysql_query("update banned set site='Yes' where id=$baninfo[id]") or die("Could not Ban..");
    print "You Banned ID: $banu and User: $currentb[user] from the website.";
    }
   }
  }
}

if ($view == 'banuserc') {
  print "<center>Ban user from the chatroom.<br></center>";
  print "<form method=post action=admin.php?view=banuserc&step=banu>Ban User ID <input type=text size=3 name=banu> <input type=submit value=Ban></form>";
  if ($step == banu) {
  $banu = str_replace($remove_these, "", "$banu");
  $banu = htmlspecialchars($banu);
   if ($banu == 1) {
    print "No Banning the owner.";
    end;
   } else {
   if ($uname != $bname) {
    mysql_query("insert into banned (user, ip, chat, userid) values('$currentb[user]','$currentb[ip]','Yes','$banu')") or die("Could not Ban.");
    print "You Banned ID: $banu and User: $currentb[user] from the chatroom.";
   } else {
    mysql_query("update banned set chat='Yes' where id=$baninfo[id]") or die("Could not Ban.");
    print "You Banned ID: $banu and User: $currentb[user] from the chatroom.";
    }
   }
  }
}

if ($view == 'banuserf') {
  print "<center>Ban user from the forums.<br></center>";
  print "<form method=post action=admin.php?view=banuserf&step=banu>Ban User ID <input type=text size=3 name=banu> <input type=submit value=Ban></form>";
  if ($step == banu) {
  $banu = str_replace($remove_these, "", "$banu");
  $banu = htmlspecialchars($banu);
   if ($banu == 1) {
    print "No Banning the owner.";
    end;
   } else {
   if ($uname != $bname) {
    mysql_query("insert into banned (user, ip, forums, userid) values('$currentb[user]','$currentb[ip]','Yes','$banu')") or die("Could not Ban.");
    print "You Banned ID: $banu and User: $currentb[user] from the forums.";
   } else {
    mysql_query("update banned set forums='Yes' where id=$baninfo[id]") or die("Could not Ban.");
    print "You Banned ID: $banu and User: $currentb[user] from the forums.";
    }
   }
  }
}

if ($view == 'unban') {
  print "<form method=post action=admin.php?view=unban&step=unbang>
  <table>
  <tr><td>UN-Ban User ID: </td><td><input type=text name=bang></td></tr>
  <tr><td colspan=2 align=center><input type=submit value=UN-Ban></td></tr>
  </form>
  </table>";
  if ($step == unbang) {
  $bang = str_replace($remove_these, "", "$bang");
  $bang = htmlspecialchars($bang);
    mysql_query("delete from banned where userid='$bang'") or die("Could not UN-Ban.");
    print "You UN-Banned ID $bang.";
  }
}

?>

<?php include("footer.php"); ?>

mysql_connect("localhost","Пользователь Базы Данных","Пароль Базы Данных");
mysql_select_db("Название созданной базы данных.");

$action = $_GET[action];
$step = $_GET[step];
$step2 = $_GET[step2];
$buy = $_GET[buy];
$view = $_GET[view];
$slevel = $_POST[slevel];
$battle = $_GET[battle];
$equip = $_GET[equip];
$sell = $_GET[sell];
$id = $_POST['id'];
$answer = $_GET['answer'];

<?php
mysql_connect("localhost","root","titanik1979");
mysql_select_db("savash");
$cpass="4Hkl100%fkY'kf";
$gamename="Онлайн игра";
$site_com = "test1.ru";  
$end_of_email = "@test1.ru";  
$admin_name = "Admin";
$admin_email = "admin@savash.ws";  
$bottom_link = "http://www.savash.ws";  
$email_link = "http://www.savash.ws";
if ($title == NULL) {
$title = "Не возможно отобразить страницу!";
}else{
end;
}
$action = $_GET[action];
$step = $_GET[step];
$step2 = $_GET[step2];
$buy = $_GET[buy];
$view = $_GET[view];
$slevel = $_POST[slevel];
$battle = $_GET[battle];
$equip = $_GET[equip];
$sell = $_GET[sell];
$id = $_POST['id'];
$answer = $_GET['answer'];
?>

if (!session_is_registered("user") || !session_is_registered("pass")) {

$user = $_SESSION['user'];
$pass = $_SESSION['pass'];