Bravo List
Register
Go Back   > Bravo List > Source Code > Archived Trackers > TBDev > Mods & Themes
Reply
  #1  
Old 20th July 2011, 18:12
Fynnon's Avatar
Fynnon Fynnon is offline
xxx
 
Join Date: Nov 2007
P2P
Posts: 984
Default 09 Staffpanel
Description

This is a staff panel for the staff members to keep track of the pages that they have access to...

Key features
  • configurable, allow users from different classes to add, edit or even delete easily
  • easy to add/remove classes
  • easy to add/edit/delete pages
  • a nice add/edit form with very thorough checking of the inputed data
  • secured and optimized

FAQ

1. How to configure and add/remove classes?

Very easy, you will see the default $staff_classes array i made, near the top...

PHP Code:
$staff_classes = array(
                        
UC_MODERATOR            => array('add' => false,        'edit' => false,        'delete' => false,      'log' => true),
                        
UC_ADMINISTRATOR        => array('add' => false,        'edit' => false,        'delete' => false,      'log' => true),
                        
UC_SYSOP                => array('add' => true,         'edit' => true,         'delete' => true,       'log' => false)
                       ); 
To add a class, simply add a new line to the array, let's say i want to add a new class, UC_OWNER, that cand add, edit but not delete pages, and it's actions will be logged, and let's put it in order, it would become

PHP Code:
$staff_classes = array(
                        
UC_MODERATOR            => array('add' => false,        'edit' => false,        'delete' => false,      'log' => true),
                        
UC_ADMINISTRATOR        => array('add' => false,        'edit' => false,        'delete' => false,      'log' => true),
                        
UC_SYSOP                => array('add' => true,         'edit' => true,         'delete' => true,       'log' => false),
                        
UC_OWNER                => array('add' => true,         'edit' => true,         'delete' => false,      'log' => true)
                       ); 
To remove a class, simply remove the line of code, or better yet, comment it(// commeted line)

You will notice the add, edit, delete and log in the arrays, those are the permissions the users in those classes have(exept for the log, if set to true, it will log the actions of the users in a class), simply change to true or false, to whatever you want the users in those classes to have access to, and that's all, php does the rest.

I've also added some comments on what all of those do, if you ever forgot, i mean this of course

PHP Code:
/**
* Staff classes config
*
* UC_XYZ  : integer -> the name of the defined class
*
* Options for a selected class
** add  : boolean -> enable/disable page adding
** edit   : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log  : boolean -> enable/disable the loging of the actions
*
* @result $staff_classes array();
*/ 


2
. Why am i getting Error Access Denied!
That's because your class isn't in the staff classes array, see #1.

3. Why cant i see the links to add, delete or edit the pages
Not cofigured right for your class, see #1.

4. Why after i made some changes to the staff classes array, one of the panels table color turned to black?
That's because you've removed one of the classes from the array, but the class is still in the database, and it's just a simply reminder that the users in that class can't see those pages(or the panel).

5. Why am i getting html instead of the expected links or whatever it should be?
That's because you have the htmlstrip in the stdmsg function set to true, by default, and thus the html code is escaped.
How to fix, find the stdmsg(); functions in the php file and add , false after the heading, and the text, like

PHP Code:
stdmsg('Options''<a href="'.$_SERVER['PHP_SELF'].'?action=add" title="Add a new page">Add a new page</a>'false); 
Notice the ,false which turns off the escaping of the html characters.[*] If you want the classes to be colored, you will need the get_user_class_color() function, here it is

PHP Code:
function get_user_class_color($class)
{
        switch (
$class)
        {
                case 
UC_PEASANT: return "000000";
                case 
UC_USER: return "ff0000";
                case 
UC_POWER_USER: return "ee";
                case 
UC_VIP: return "dd0000";
                case 
UC_UPLOADER: return "cc0000";
                case 
UC_MODERATOR: return "bb0000";
                case 
UC_ADMINISTRATOR: return "aa0000";
                case 
UC_SYSOP: return "990000";
        }
        return 
"";

If you have another one, please be sure that it doesn't already has # in front of the colour codes, because in the php file, there are already there.

6. Uses exsisting admin.php for accessing all staff tools

Run the sql:
PHP Code:
CREATE TABLE `staffpanel` (
  `
idint(10unsigned NOT NULL auto_increment,
  `
page_namevarchar(80collate utf8_unicode_ci NOT NULL,
  `
file_namevarchar(80collate utf8_unicode_ci NOT NULL,
  `
descriptionvarchar(100collate utf8_unicode_ci NOT NULL default '',
  `
av_classtinyint(3unsigned NOT NULL default '0',
  `
added_byint(10unsigned NOT NULL default '0',
  `
addedint(10unsigned NOT NULL default '0',
  
PRIMARY KEY  (`id`),
  
UNIQUE KEY `file_name` (`file_name`),
  
KEY `av_class` (`av_class`)
ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci



7. Save and upload staffpanel.php to root:


PHP Code:
<?php
/****************************************************************\
* Staff panel for the TBDEV source code                          *
* -------------------------------------------------------------- *
* An easy to config staff panel for different staff classes,     *
* with different options for each class, like add, edit, delete  *
* the pages and to log the actions.                              *
* -------------------------------------------------------------- *
* @author: Alex2005 for TBDEV.NET                                *
* @Conversion: Bigjoos for TBDEV.NET 09                          *
* @copyright: Alex2005                                           *
* @package: Staff Panel                                          *
* @category: Staff Tools                                         *
* @version: v1.10 04/07/2008                                     *
* @license: GNU General Public License                           *
\****************************************************************/
require_once("include/bittorrent.php");
require_once(
"include/user_functions.php");
require_once(
"include/html_functions.php");
dbconn(false);
loggedinorreturn();

$lang array_mergeload_language('global') );

$HTMLOUT ='';

/**
* Staff classes config
*
* UC_XYZ  : integer -> the name of the defined class
*
* Options for a selected class
** add    : boolean -> enable/disable page adding
** edit   : boolean -> enable/disable page editing
** delete : boolean -> enable/disable page deletion
** log    : boolean -> enable/disable the loging of the actions
*
* @result $staff_classes array();
*/
$staff_classes = array(
                                                
UC_MODERATOR            => array('add' => false,        'edit' => false,        'delete' => false,      'log' => true),
                                                
UC_ADMINISTRATOR        => array('add' => false,        'edit' => false,        'delete' => false,      'log' => true),
                                                
UC_SYSOP                        => array('add' => true,         'edit' => true,         'delete' => true,               'log' => false)
                                          );

if (!isset(
$staff_classes[$CURUSER['class']]))
stderr('Error''Access Denied!');

$action = (isset($_GET['action']) ? $_GET['action'] : (isset($_POST['action']) ? $_POST['action'] : NULL));
$id = (isset($_GET['id']) ? (int)$_GET['id'] : (isset($_POST['id']) ? (int)$_POST['id'] : NULL));
$class_color = (function_exists('get_user_class_color') ? true false);

    if (
$action == 'delete' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['delete'])
    {
          
$sure = ((isset($_GET['sure']) ? $_GET['sure'] : '') == 'yes');

          
$res mysql_query('SELECT av_class'.(!$sure || $staff_classes[$CURUSER['class']]['log'] ? ', page_name' '').' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE____LINE__);
          
$arr mysql_fetch_assoc($res);
        
          if (
$CURUSER['class'] < $arr['av_class'])
                
stderr('Error''You are not allowed to delete this page.');
        
          if (!
$sure)
                
stderr('Sanity check''Are you sure you want to delete this page: "'.htmlspecialchars($arr['page_name']).'"? Click <a href="'.$_SERVER['PHP_SELF'].'?action='.$action.'&amp;id='.$id.'&amp;sure=yes">here</a> to delete it or <a href="'.$_SERVER['PHP_SELF'].'">here</a> to go back.');

          
mysql_query('DELETE FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE____LINE__);
        
          if (
mysql_affected_rows())
          {
                if (
$staff_classes[$CURUSER['class']]['log'])
                        
write_log('Page "'.$arr['page_name'].'"('.($class_color '<font color="#'.get_user_class_color($arr['av_class']).'">' '').get_user_class_name($arr['av_class']).($class_color '</font>' '').') was deleted from the staff panel by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color '<font color="#'.get_user_class_color($CURUSER['class']).'">' '').get_user_class_name($CURUSER['class']).($class_color '</font>' '').')');
                
                
header('Location: '.$_SERVER['PHP_SELF']);
                exit();
          }
          else
                
stderr('Error''There was a database error, please retry.');
    }
    else if ((
$action == 'add' && $staff_classes[$CURUSER['class']]['add']) || ($action == 'edit' && is_valid_id($id) && $staff_classes[$CURUSER['class']]['edit']))
    {
         
$names = array('page_name''file_name''description''av_class');

         if (
$action == 'edit')
         {
         
$res mysql_query('SELECT '.implode(', '$names).' FROM staffpanel WHERE id = '.sqlesc($id)) or sqlerr(__FILE____LINE__);
         
$arr mysql_fetch_assoc($res);
         }
        
         foreach (
$names as $name)
         $
$name htmlspecialchars((isset($_POST[$name]) ? $_POST[$name] : ($action == 'edit' $arr[$name] : '')));
        
         if (
$action == 'edit' && $CURUSER['class'] < $av_class)
                
stderr('Error''You are not allowed to edit this page.');
        
         if (
$_SERVER['REQUEST_METHOD'] == 'POST')
         {
                
$errors = array();
                
                if (empty(
$page_name))
                        
$errors[] = 'The page name cannot be empty.';
                
                if (empty(
$file_name))
                        
$errors[] = 'The filename cannot be empty.';
                
                if (empty(
$description))
                        
$errors[] = 'The description cannot be empty.';
                
                if (!isset(
$staff_classes[$av_class]))
                        
$errors[] = 'The selected class is not a valid staff class.';
                
                if (!
is_file($file_name.'.php') && !empty($file_name) && !preg_match('/.php/'$file_name))
                        
$errors[] = 'Inexistent php file.';
                
                if (
strlen($page_name) < && !empty($page_name))
                        
$errors[] = 'The page name is too short (min 4 chars).';
                
                if (
strlen($page_name) > 80)
                        
$errors[] = 'The page name is too long (max 30 chars).';
                
                if (
strlen($file_name) > 80)
                        
$errors[] = 'The filename is too long (max 30 chars).';
                
                if (
strlen($description) > 100)
                        
$errors[] = 'The description is too long (max 100 chars).';
                
                if (empty(
$errors))
                {
                        if (
$action == 'add')
                        {
                                
$res mysql_query("INSERT INTO staffpanel (page_name, file_name, description, av_class, added_by, added) ".
                                                                   
"VALUES (".implode(", "array_map("sqlesc", array($page_name$file_name$description, (int)$av_class, (int)$CURUSER['id'], time()))).")");
                                
                                if (!
$res)
                                {
                                        if (
mysql_errno() == 1062)
                                                
$errors[] = "This filename is already submited.";
                                        else
                                                
$errors[] = "There was a database error, please retry.";
                                }
                        }
                        else
                        {
                                
$res mysql_query("UPDATE staffpanel SET page_name = ".sqlesc($page_name).", file_name = ".sqlesc($file_name).", description = ".sqlesc($description).", av_class = ".sqlesc((int)$av_class)." WHERE id = ".sqlesc($id)) or sqlerr(__FILE____LINE__);
                                
                                if (!
$res)
                                        
$errors[] = "There was a database error, please retry.";
                        }
                        
                        if (empty(
$errors))
                        {
                                if (
$staff_classes[$CURUSER['class']]['log'])
                                        
write_log('Page "'.$page_name.'"('.($class_color '<font color="#'.get_user_class_color($av_class).'">' '').get_user_class_name($av_class).($class_color '</font>' '').') in the staff panel was '.($action == 'add' 'added' 'edited').' by <a href="/userdetails.php?id='.$CURUSER['id'].'">'.$CURUSER['username'].'</a>('.($class_color '<font color="#'.get_user_class_color($CURUSER['class']).'">' '').get_user_class_name($CURUSER['class']).($class_color '</font>' '').')');
                                
                                
header('Location: '.$_SERVER['PHP_SELF']);
                                exit();
                        }
                }
        }
        

        
$HTMLOUT .= begin_main_frame();
        
        if (!empty(
$errors))
        {
        
$HTMLOUT .= stdmsg('There '.(count($errors)>1?'are':'is').' '.count($errors).' error'.(count($errors)>1?'s':'').' in the form.''<b>'.implode('<br />'$errors).'</b>');
        
$HTMLOUT .="<br />";
        }

        
  
$HTMLOUT .="<form method='post' action='{$_SERVER['PHP_SELF']}'>
        <input type='hidden' name='action' value='
{$action}' />";
        if (
$action == 'edit')
        {
  
$HTMLOUT .="<input type='hidden' name='id' value='{$id}' />";
        }
        
        
    
$HTMLOUT .="<table cellpadding='5' width='100%' align='center'>
    <tr class='colhead'>
    <td colspan='2'>
     "
.($action == 'edit' 'Edit "'.$page_name.'"' 'Add a new').' page'."</td>
    </tr>
    <tr>
    <td class='rowhead' width='1%'>Page name</td><td align='left'><input type='text' size='50' name='page_name' value='
{$page_name}' /></td>
    </tr>
    <tr>
    <td class='rowhead'>Filename</td><td align='left'><input type='text' size='50' name='file_name' value='
{$file_name}' /><b></b></td>
    </tr>
    <tr>
    <td class='rowhead'>Description</td><td align='left'><input type='text' size='50' name='description' value='
{$description}' /></td>
    </tr>
    <tr>
    <td class='rowhead'><span style='white-space: nowrap;'>Available for</span></td>
    <td align='left'>
    <select name='av_class'>"
;
  
     foreach (
$staff_classes as $class => $value)
     {
     if (
$CURUSER['class'] < $class)
     continue;
     
$HTMLOUT .= '<option'.($class_color' style="background-color:#'.get_user_class_color($class).';"' '').' value="'.$class.'"'.($class == $av_class ' selected="selected"' '').'>'.get_user_class_name($class).'</option>';
     }
     
           
$HTMLOUT .="</select>
     </td>
     </tr>
     </table>
    
     <table class='main'>
     <tr>
     <td align='center'></td>
     <td style='border:none;' align='center'><input type='submit' value='Submit' /></td>
     <td style='border:none;'>
     <form method='post' action='
{$_SERVER['PHP_SELF']}'><input type='submit' value='Cancel' /></form>
                 </td>
     </tr>
     </table></form>"
;
           
          
$HTMLOUT .= end_main_frame(); 
          print 
stdhead('Staff Panel :: '.($action == 'edit' 'Edit "'.$page_name.'"' 'Add a new').' page') . $HTMLOUT stdfoot();
    }
    else
    { 
          
$HTMLOUT .= begin_main_frame();
          
$HTMLOUT .="<h1 align='center'>Welcome {$CURUSER['username']} to the Staff Panel!</h1><br />";

          if (
$staff_classes[$CURUSER['class']]['add'])
          {
                
$HTMLOUT .= stdmsg('Options''<a href="staffpanel.php?action=add" title="Add a new page">Add a new page</a>');
          
$HTMLOUT .="<br />";
          }
        
          
$res mysql_query('SELECT staffpanel.*, users.username '.
                                           
'FROM staffpanel '.
                                           
'LEFT JOIN users ON users.id = staffpanel.added_by '.
                                           
'WHERE av_class <= '.sqlesc($CURUSER['class']).' '.
                                           
'ORDER BY av_class DESC, page_name ASC') or sqlerr(__FILE____LINE__);
        if (
mysql_num_rows($res) > 0)
        {
        
$db_classes $unique_classes $mysql_data = array();
        while (
$arr mysql_fetch_assoc($res))
        
$mysql_data[] = $arr;
                
                foreach (
$mysql_data as $key => $value)
                
$db_classes[$value['av_class']][] = $value['av_class'];
                
                
$i=1;
                foreach (
$mysql_data as $key => $arr)
                {
          
$end_table = (count($db_classes[$arr['av_class']]) == $i true false);

                        if (!
in_array($arr['av_class'], $unique_classes))
                        {
                        
$unique_classes[] = $arr['av_class'];

      
$HTMLOUT .="<table cellpadding='5' width='100%' align='center'". (!isset($staff_classes[$arr['av_class']]) ? 'style="background-color:#000000;"' '').">
      <tr>
      <td colspan='4' align='center'>
      <h2>"
.($class_color '<font color="#'.get_user_class_color($arr['av_class']).'">' '').get_user_class_name($arr['av_class']).' Panel'.($class_color '</font>' '')."</h2>
      </td>
      </tr>
      <tr align='center'>
      <td class='colhead' align='left' width='100%'>Page name</td>
      <td class='colhead'><span style='white-space: nowrap;'>Added by</span></td>
      <td class='colhead'><span style='white-space: nowrap;'>Date added</span></td>"
;
      
      if (
$staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
      {
      
$HTMLOUT .="<td class='colhead'>Links</td>";
      }
      
$HTMLOUT .="</tr>";
                        }
                        
                        
$HTMLOUT .="<tr align='center'>
                        <td align='left'>
      <a href='"
.htmlspecialchars($arr['file_name'])."' title='".htmlspecialchars($arr['page_name'])."'>
      "
.htmlspecialchars($arr['page_name'])."</a><br /><font class='small'>".htmlspecialchars($arr['description'])."</font>
                        </td>
      <td>
                  <a href='userdetails.php?id="
.(int)$arr['added_by']."'>{$arr['username']}</a>
      </td>
      <td>
      <span style='white-space: nowrap;'>"
.get_date($arr['added'], 'LONG',0,1)."<br /></span>
      </td>"
;
                        if (
$staff_classes[$CURUSER['class']]['edit'] || $staff_classes[$CURUSER['class']]['delete'])
                        {
                        
$HTMLOUT .="<td>
      <span style='white-space: nowrap;'>"
;
                        if (
$staff_classes[$CURUSER['class']]['edit'])
                        {
                        
$HTMLOUT .="<b>[</b><a href='staffpanel.php?action=edit&amp;id=".(int)$arr['id']."' title='Edit'>E</a><b>]</b>";
                        }
                                                
                  if (
$staff_classes[$CURUSER['class']]['delete'])
                        {
                        
$HTMLOUT .="<b>[</b><a href='staffpanel.php?action=delete&amp;id=".(int)$arr['id']."' title='Delete'>D</a><b>]</b>";
                        }
                        
$HTMLOUT .="</span>
                        </td>"
;
                        }
                        
$HTMLOUT .="</tr>";
                        
                        
$i++;
                        if (
$end_table)
                        {
                  
$i=1;
                        
$HTMLOUT .="</table><br />";
                        }
                  }
            }
            else
                  
$HTMLOUT .= stdmsg('Sorry''Nothing found.');
            
$HTMLOUT .= end_main_frame(); 
print 
stdhead("Staff Panel") . $HTMLOUT stdfoot();
}
?>
Now add all your tools to your staffpanel in the following format
admin.php?action=adduser

Thats for all tools you have in admin folder - Note if you have them in root then its just toolname.php :)
Notes
  • If you have any problems, please see the FAQ before posting, if you ignore it, i will ignore your posts and maybe ask for it to be deleted!
  • If you want support, you will leave the copyright notice in the top!


Well, i hope i didn't forgot anything,
Enjoy


by Alex2005@tbdev.net/topic/23222-09-staffpanel-mod


Click the image to open in full size.
Reply With Quote
The Following 2 Users Say Thank You to Fynnon For This Useful Post:
bolzen (31st August 2011), zsoo10 (6th August 2011)
Reply

Tags
09 , staffpanel

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 10:32. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.