newlevel.php

   1 <?php include "config.php";
   2 function auth($username, $password)
   3 {
   4         $sql = "SELECT * FROM users WHERE username='$username' AND userpass='$password'";
   5         $result = mysql_query($sql);
   6         if (mysql_num_rows($result) == 1)
   7         {
   8                 return 1;
   9         } else
  10         {
  11                 return 0;
  12         }
  13 }
  14 function getlevel($username)
  15 {
  16         $sql = "SELECT * FROM users WHERE username='$username'";
  17         $result = mysql_query($sql);
  18         $myrow = mysql_fetch_array($result);
  19         return $myrow["level"];
  20 }
  21 $username = auth($uname, $pword);
  22 if ($username == 0)
  23 {
  24         echo "Your not <a href=login.php>logged in</a>.";
  25         exit;
  26 }
  27 $userlevel = getlevel($uname);
  28 if ($userlevel < 60)
  29 {
  30         echo "You cannot be here.";
  31         exit;
  32 }
  33 if (!$op)
  34 {
  35         echo '<b>Add a Level</b><br><br>
  36 <form method=post action=newlevel.php?op=addlevel>
  37 Level Number: <input type=text name=levnum><br>
  38 Level Caption (Include HTML): <textarea rows=4 cols=60 name=caption></textarea><br>
  39 <br><input type=submit name=addlevel value="Add this level!"></form>
  40 <br><br><b>Manage Levels</b><br><br>';
  41         $sql = "SELECT * FROM levels ORDER BY levnum ASC";
  42         $result = mysql_query($sql);
  43         echo "<table width=100%>\n<tr><td><b>LevelID</b></td><td><b>Level Number</b></td><td><b>Level Caption</b></td><td><b>Delete</b></td></tr>\n";
  44         while ($myrow = mysql_fetch_array($result))
  45         {
  46                 echo "<tr><td><a href=newlevel.php?op=editlevel&lid=".$myrow["id"].">".$myrow["id"]."</a></td><td>".$myrow["levnum"]."</td><td>".stripslashes($myrow["caption"])."</td><td><a href=newlevel.php?op=dellevel&lid=".$myrow["id"].">[Delete]</a></td></tr>\n";
  47         }
  48         echo "</table>\n";
  49 }
  50 if (strcmp($op, "addlevel") == 0)
  51 {
  52         if ($addlevel)
  53         {
  54                 $caption = addslashes($caption);
  55                 $sql = "INSERT INTO levels (levnum,caption) VALUES ('$levnum','$caption')";
  56                 $result = mysql_query($sql);
  57                 echo "Added level.  <a href=newlevel.php>Return</a>.";
  58         }
  59 }
  60 if (strcmp($op, "editlevel") == 0)
  61 {
  62         if (!$editlevel)
  63         {
  64                 $sql = "SELECT * FROM levels WHERE id='$lid'";
  65                 $result = mysql_query($sql);
  66                 $myrow = mysql_fetch_array($result);
  67                 echo "<form method=post action=newlevel.php?op=editlevel&lid=$lid>
  68         Level Number: <input type=text name=levnum value=".$myrow["levnum"]."><br>
  69         Level Caption (Include HTML): <textarea rows=4 cols=60 name=caption>".stripslashes($myrow["caption"])."></textarea><br>
  70         <br><input type=submit name=editlevel value=\"Edit this level!\"></form>";
  71         }
  72         if ($editlevel)
  73         {
  74                 $caption = addslashes($caption);
  75                 $sql = "UPDATE levels SET levnum='$levnum' WHERE id='$lid'";
  76                 $result = mysql_query($sql);
  77                 $sql = "UPDATE levels SET caption='$caption' WHERE id='$lid'";
  78                 $result = mysql_query($sql);
  79                 echo "Edited.  <a href=newlevel.php>Return</a>.";
  80         }
  81 }
  82 if (strcmp($op, "dellevel") == 0)
  83 {
  84         $sql = "DELETE FROM levels WHERE id='$lid'";
  85         $result = mysql_query($sql);
  86         echo "Level deleted.  <a href=newlevel.php>Return</a>.";
  87 }
  88 ?>