I am a cms and I am having problems with the access and restrictions. All of the users can do the same thing.
I have all my files require a func.inc.php
func.inc.php:
<?php
require_once 'config.inc.php';
$oncolour = "#BCD5FE";
$offcolour = "#FFFFFF";
$bdrcolour = "#F0F0F0";
$islogged = preg_match("/login.php/", $_SERVER['PHP_SELF']);
if ($islogged == "0") {
if ($_COOKIE['uniqueid'] == "") {
header ("Location: login.php");
exit;
}
}
if ((!$_REQUEST['method']) || (!$_COOKIE['uniqueid'])) {
$access = $_COOKIE['access'];
if (array_search($page,$levels)) {
if ($access > $levels[$page]) {
echo $access . $levels[$page];
//showError('You do not have access to this page.');
exit;
}
}
}
function getContent($content,$sql = '') {
global $special_character;
if ($sql == '') {
$content = eregi_replace( "([[:alnum:]]+)://([^[:space:]]*)([[:alnum:]#?/&=])","<a href=\"\\1://\\2\\3\" target=\"_blank\" target=\"_new\"><b>\\1://\\2\\3</b></a>", $content);
$content = eregi_replace("([_a-z0-9\-\.]+)@([a-z0-9\-\.]+)\."."(net|com|gov|mil|org|edu|int|biz|info|name|pro|[A-Z]{2})"."($|[^a-z]{1})", "<a href=\"mailto:\\1@\\2.\\3\"><b>\\1@\\2.\\3</b></a>\\4", $content);
$content = nl2br($content);
}
$content = str_replace($special_character,"'",$content);
return $content;
}
function remslash($content) {
global $special_character;
$output = str_replace("\'",$special_character,$content);
return $output;
}
function setMouse($id = '') {
global $oncolour, $offcolour;
$output = "class=\"bdr\" bgcolor=\"" .$offcolour . "\" id=\"area" . $id . "\" onmouseover=\"bgOn(this,'" . $oncolour . "');\" onmouseout=\"bgOff(this,'" . $offcolour . "');\"";
return $output;
}
function showDiv() {
$output = "<div width=\"100%\" style=\"padding-top: 3px\" align=\"right\">";
return $output;
}
function startTable() {
global $bdrcolour;
$output = "<table cellspacing=\"1\" cellpadding=\"7\" width=\"100%\" bgcolor=\"" . $bdrcolour . "\">";
return $output;
}
function createTr($content,$id = '',$class = '') {
echo "<tr>
<td " . setMouse($id) . ">";
if ($class != '') {
echo "<span class=\"" . $class . "\">";
}
echo $content;
if ($class != '') {
echo "</span>";
}
echo "</td>
</tr>";
}
function showError($error) {
echo"
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html><head>
<META http-equiv=Content-Type content=\"text/html; charset=windows-1252\">
<title>Error</title>
<link rel=\"stylesheet\" href=\"req/global.css\" type=\"text/css\"></head>
<body bgcolor=\"#FFFFFF\">
<div align=\"center\"><b>An Error has occured: <span class=\"error\">" . $error . "</span></b></div>
</body></html>
";
}
function showSuccess($success,$page,$refresh = '1') {
echo "
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">
<html><head>
<META http-equiv=Content-Type content=\"text/html; charset=windows-1252\">
<meta http-equiv=\"Refresh\" content=\"" . $refresh . "; url='" . $page . "'\">
<title>Congratulations</title>
<link rel=\"stylesheet\" href=\"req/global.css\" type=\"text/css\"></head>
<body bgcolor=\"#EEEEEE\">
<div class=\"success\" align=\"center\">Congratulations: " . $success . " successfull<br>Redirecting to " . $page . ".<br>If this does not work <a href=\"" . $page . "\">click here</a>.</div>
</body></html>";
}
function showAsk($typo,$id = '',$m = '6') {
global $bdrcolour;
echo "
<form action=\"" . $_SERVER['PHP_SELF'] . "?m=" . $m . "";
if ($id != '') {
echo "&id=" . $id . "";
}
echo "\" method=\"post\">
" . startTable() . "
<tr align=\"center\">
<td " . setMouse('0') . ">" . $typo . "<br><br></td>
</tr>
</table>
" . showDiv() . "
<input type=\"button\" value=\"No\" onclick=\"history.back();\"></input>
<input type=\"button\" value=\"Yes\" onclick=\"this.form.submit();\"></input>
</form>";
}
function getHeader() {
global $page, $imagefullpath, $imagefilepath;
if (file_exists("req/header.inc.php")) {
include("req/header.inc.php");
} else {
showError("Unable to Require file : \"req/header.inc.php\"");
}
}
function getFooter() {
if (file_exists("req/footer.inc.php")) {
include("req/footer.inc.php");
} else {
showError("Unable to Require file : \"req/footer.php\"");
}
}
function createJSValid($required,$errors) {
$field = explode("&",$required);
$alert = explode("&",$errors);;
if (count($alert) != count($field)) {
showError('Required Fields/Error Msgs do not match');
} else {
echo "<script language=\"javascript\">
<!--
function isformValid(form) {";
$i = 0;
while ($i < count($field)) {
$thisfield = $field[$i];
$thiserror = $alert[$i];
echo "
if (!form." . $thisfield . ".value) {
alert(\"" . $thiserror . "\");
form." . $thisfield . ".focus();
return false;
}";
$i++;
}
echo "
else {
form.submit();
}
}
//-->
</script>";
}
}
function createForm($titles,$fields,$type,$size,$maxlength,$m,$idtype = '',$id = '',$mysql_values ='',$backoff = '') {
global $selecta;
$title = explode("&",$titles);
$field = explode("&",$fields);
$fieldtype = explode("&",$type);
$fieldsize = explode("&",$size);
$fieldmax = explode("&",$maxlength);
if ($mysql_values != '') {
$mysql = explode("&",$mysql_values);
} if (count($title) != count($field)) {
showError('Your $title/$fields do not match');
} elseif (count($title) != count($fieldtype)) {
showError('Your $title/$type do not match');
} elseif (count($title) != count($fieldsize)) {
showError('Your $title/$size do not match');
} elseif (count($title) != count($fieldmax)) {
showError('Your $title/$maxlength do not match');
} elseif (count($field) != count($fieldtype)) {
showError('Your $fields/$type do not match');
} elseif (count($field) != count($fieldsize)) {
showError('Your $fields/$size do not match');
} elseif (count($field) != count($fieldmax)) {
showError('Your $fields/$maxlength do not match');
} elseif (count($fieldtype) != count($fieldsize)) {
showError('Your $type/$size do not match');
} elseif (count($fieldtype) != count($fieldmax)) {
showError('Your $type/$maxlength do not match');
} elseif (count($fieldsize) != count($fieldmax)) {
showError('Your $size/$maxlength do not match');
} else {
echo "
<form action=\"" . $_SERVER['PHP_SELF'] . "?m=" . $m;
if ($id != '') {
echo "&id=" . $id;
}
echo "\" method=\"post\"";
if ($m == '8' || $m == '12') {
echo " enctype=\"multipart/form-data\"";
}
echo ">
" . startTable();
$total = count($field);
for ($i = 0; $i < $total; $i++) {
if ($fieldtype[$i] == "date") {
echo "
<input type=\"hidden\" name=\"" . $field[$i] . "\" value=\"";
if ($m == "2") {
echo date("m/d/Y");
} else {
echo $mysql[$i];
}
echo "\"></input>";
} else {
echo "
<tr valign=\"top\">
<td " . setMouse("title" . $i) . ">" . $title[$i] . "</td>
<td " . setMouse("input" . $i) . ">";
if ($fieldtype[$i] == "select") {
echo "<select name=\"" . $field[$i] . "\">";
$options = explode("&",$selecta);
for ($o = 0; $o < count($options); $o++) {
echo "<option value=\"" . $options[$o] . "\"";
if ($mysql_values != '') {
if ($mysql[$i] == $options[$o]) {
echo " selected";
}
}
echo ">" . $options[$o] . "</option>";
}
echo "</select>";
} elseif ($fieldtype[$i] == "textarea") {
echo "<textarea cols=\"60\" rows=\"10\" name=\"" . $field[$i] . "\">";
if ($mysql_values != '') {
echo $mysql[$i];
}
echo "</textarea>";
} else {
echo "<input type=\"" . $fieldtype[$i] . "\" name=\"" . $field[$i] . "\"";
echo " value=\"" . $mysql[$i] . "\"";
if ($mysql_values != '') {
} if ($fieldsize[$i] != 'false') {
echo " size=\"" . $fieldsize[$i] . "\"";
} if ($maxfield[$i] != 'false') {
echo " maxlength=\"" . $fieldmax[$i] . "\"";
}
echo "></input>";
}
echo "</td>
</tr>";
}
}
echo "
</table>". showDiv();
if ($backoff == '') {
echo "<input type=\"button\" value=\"Back\" onclick=\"history.back();\"></input> ";
}
echo "
<input type=\"button\" value=\"Go!\" onclick=\"isformValid(this.form);\"></input>
<input type=\"reset\" value=\"Refresh\"></input></div>
</form>";
}
}
if ($_REQUEST['staffroster_id']) {
$roster_id = $_REQUEST['staffroster_id'];
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE staffroster_id='$roster_id'") or die (mysql_error());
while ($mysql=mysql_fetch_array($result)) {
if ($mysql[image] == '1') {
}
echo "<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='4' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> " . $clan_tag . checkContent($mysql[alias]) . "'s Profile </TD>
</TR>
<TR>
<TD width='187' rowspan='7'><img src=\"" . $imagefilepath . "rosterpic" . $_REQUEST['staffroster_id'] . "." . $mysql['imagetype'] . "\" width='200' height='155'></TD>
<TD class='left' width='20%'><DIV align='left' class='style1'>
<DIV align='left'> Alias:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . $clan_tag . checkContent($mysql[alias]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style2'>
<DIV align='left'> Real Name:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[fullname]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style3'>
<DIV align='left'> Location:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[location]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style4'>
<DIV align='left'> Country:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[country]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style5'>
<DIV align='left'> Age:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[age]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style6'>
<DIV align='left'> Date of Birth:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[dob]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style7'>
<DIV align='left'> Game ID:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[wonid]) . "</TD>
</TR>
</table>
<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Computer Information </TD>
</TR>
<TR>
<TD class='left' height='22' width='30%'><DIV align='left' >
<DIV align='left'> Manufacturer:</DIV>
</DIV></TD>
<TD width='2%'> </TD>
<TD width='75%'>" . checkContent($mysql[brand]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Operating System :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[os]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Hard Drive :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[hd]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Memory:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[ram]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> CPU:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[cpu]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Video Card :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[video]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Sound Card :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[sound]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Monitor</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[monitor]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Keyboard</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[keyboard]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Mouse</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[mouse]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Mousepad </div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[pad]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Headphones</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[headphones]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Config</div></TD>
<TD> </TD>
<TD><a href=\"" . $imagefilepath . "cfg" . $_REQUEST['staffroster_id'] . ".cfg\" target='_blank'>Download Config</a></TD>
</TR>
</table>
<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Personal Information </TD>
</TR>
<TR>
<TD height='22' class='left'><DIV align='left'>
<DIV align='left'> Favorite Weapon:</DIV>
</DIV></TD>
<TD width='2%'> </TD>
<TD width='75%'>" . checkContent($mysql[weapon]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Favorite Map:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[map]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Resolution:</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[resolution]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Refresh Rate </div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[rate]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Sensitivity:</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[sens]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Favorite Movie:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[movie]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Favorite Song:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[song]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> AIM:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[aim]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> MSN:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[msn]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Email:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[email]) . "</TD>
</TR>
</table>
<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Biography</TD>
</TR>
<TR>
<TD colspan='3'>" . checkContent($mysql[extra]) . "</TD>
</TR>
</table>
";
if ($mysql[config] == '1') {
echo "";
}
{
}
}
}
if ($_REQUEST['csroster_id']) {
$roster_id = $_REQUEST['csroster_id'];
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE csroster_id='$roster_id'") or die (mysql_error());
while ($mysql=mysql_fetch_array($result)) {
if ($mysql[image] == '1') {
}
echo "<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='4' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> " . $clan_tag . checkContent($mysql[alias]) . "'s Profile </TD>
</TR>
<TR>
<TD width='187' rowspan='7'><img src=\"" . $imagefilepath . "rosterpic" . $_REQUEST['csroster_id'] . "." . $mysql['imagetype'] . "\" width='200' height='155'></TD>
<TD class='left' width='20%'><DIV align='left' class='style1'>
<DIV align='left'> Alias:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . $clan_tag . checkContent($mysql[alias]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style2'>
<DIV align='left'> Real Name:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[fullname]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style3'>
<DIV align='left'> Location:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[location]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style4'>
<DIV align='left'> Country:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[country]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style5'>
<DIV align='left'> Age:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[age]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style6'>
<DIV align='left'> Date of Birth:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[dob]) . "</TD>
</TR>
<TR>
<TD class='left' height='22' width='20%'><DIV align='left' class='style7'>
<DIV align='left'> Game ID:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[wonid]) . "</TD>
</TR>
</table>
<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Computer Information </TD>
</TR>
<TR>
<TD class='left' height='22' width='30%'><DIV align='left' >
<DIV align='left'> Manufacturer:</DIV>
</DIV></TD>
<TD width='2%'> </TD>
<TD width='75%'>" . checkContent($mysql[brand]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Operating System :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[os]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Hard Drive :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[hd]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Memory:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[ram]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> CPU:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[cpu]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Video Card :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[video]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Sound Card :</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[sound]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Monitor</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[monitor]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Keyboard</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[keyboard]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Mouse</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[mouse]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Mousepad </div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[pad]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Headphones</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[headphones]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Config</div></TD>
<TD> </TD>
<TD><a href=\"" . $imagefilepath . "cfg" . $_REQUEST['csroster_id'] . ".cfg\" target='_blank'>Download Config</a></TD>
</TR>
</table>
<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Personal Information </TD>
</TR>
<TR>
<TD height='22' class='left'><DIV align='left'>
<DIV align='left'> Favorite Weapon:</DIV>
</DIV></TD>
<TD width='2%'> </TD>
<TD width='75%'>" . checkContent($mysql[weapon]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Favorite Map:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[map]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Resolution:</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[resolution]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Refresh Rate </div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[rate]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><div align='left'> Sensitivity:</div></TD>
<TD> </TD>
<TD>" . checkContent($mysql[sens]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Favorite Movie:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[movie]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Favorite Song:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[song]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> AIM:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[aim]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> MSN:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[msn]) . "</TD>
</TR>
<TR>
<TD class='left' height='22'><DIV align='left'>
<DIV align='left'> Email:</DIV>
</DIV></TD>
<TD width='5'> </TD>
<TD>" . checkContent($mysql[email]) . "</TD>
</TR>
</table>
<table width='100%' cellpadding='0' cellspacing='0'>
<TR>
<TD height='26' colspan='3' background='bg/tablebg.jpg' class='header'> <img src='bg/dot.gif' width='5' height='5'> Biography</TD>
</TR>
<TR>
<TD colspan='3'>" . checkContent($mysql[extra]) . "</TD>
</TR>
</table>
";
if ($mysql[config] == '1') {
echo "";
}
{
}
}
}
?>
config.inc.php:
<?php
###############################################
// Folder Locations
$template_folder = "template/";
$folder = "/";
$imagefolder = "pics/";
$imagefilepath = $folder . $imagefolder;
// Vulgarity on or off
// 1: On, 0: off
$vulgarity = 0;
// Special Character
// Default: |
$special_character = "&";
// Max Links & Roster Characters
// Default: 20
$max_length = 16;
// Max News Posts Displayer Per Page
// Default: 8
$max_news = 8;
// Do not change
$root = $_SERVER['DOCUMENT_ROOT'];
$imagefullpath = $root . $imagefilepath;
// Access Levels
// 1: Master, 2: Limited, 3: Member, 4: All Users
$levels = array();
$levels[login] = "4";
$levels[index] = "3";
$levels[news] = "1";
$levels[roster] = "3";
$levels[links] = "1";
$levels[leagues] = "1";
$levels[matches] = "1";
$levels[servers] = "1";
$levels[faq] = "3";
$levels[sponsors] = "1";
$levels[downloads] = "1";
$levels[meda] = "1";
$levels[demos] = "1";
$levels[settings] = "1";
$levels[changepass] = "2";
$levels[admins] = "1";
$levels[config] = "1";
?>
and my admins page:
<?php
$page = "admins";
$mysql_table = "cp_users";
require_once("db.inc.php");
require_once ("req/func.inc.php");
$selecta = "3.Member&2.Basic&1.Master";
$checkfields = "username&password";
$errors = "Username Missing !&Password Missing ! ";
$titles = "Username:&Password:&User Level:";
$fields = "username&password&access";
$type = "text&password&select";
$size = "40&40&null";
$maxlength = "20&25&null";
$id_type = "user_id";
if ($_REQUEST['m'] == "1") {
getHeader();
createJSValid($checkfields,$errors);
createForm($titles,$fields,$type,$size,$maxlength,'2');
getFooter();
} if ($_REQUEST['m'] == "2") {
$username = remslash($_POST['username']);
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE username='$username'") or die (mysql_error());
$rows = mysql_num_rows($result);
if ($rows != '0') {
showError('This username is already registererd!');
} else {
$password = remslash($_POST[password]);
$choose = explode(".",$_POST['access']);
$access = $choose[0];
$md5pass = md5($password);
MYSQL_QUERY("INSERT INTO $mysql_table (username,password,access) VALUES ('$username','$md5pass','$access')") or die (mysql_error());
showSuccess('Admin Added',$_SERVER['PHP_SELF']);
}
} if ($_REQUEST['m'] == "3") {
getHeader();
createJSValid('access','You must choose an access type!');
createForm('User Level','access','select','null','null','4',$id_type,$id);
getFooter();
} if ($_REQUEST['m'] == "4") {
$choose = explode(".",$_POST['access']);
$access = $choose[0];
MYSQL_QUERY("UPDATE $mysql_table SET access='$access' WHERE $id_type=$id") or die (mysql_error());
showSuccess('Admin User Level Update',$PHP_SELF);
} if ($_REQUEST['m'] == "5") {
getHeader();
showAsk('Are you sure you want to remove this Admin?',$id);
getFooter();
} if ($_REQUEST['m'] == "6") {
MYSQL_QUERY("DELETE FROM $mysql_table WHERE $id_type=$id") or die (mysql_error());
showSuccess('Admin Removed',$_SERVER['PHP_SELF']);
} if (!$_REQUEST['m']) {
getHeader();
$result = MYSQL_QUERY("SELECT * FROM $mysql_table WHERE access != '0' ORDER BY $id_type DESC") or die (mysql_error());
echo startTable();
$add = "<b><a href=\"" . $_SERVER['PHP_SELF'] . "?m=1\">Add Admin</a></b>";
createTr($add,'0');
$rows = mysql_num_rows($result);
if ($rows == "0") {
createTr('<b>There are NO users in the Database</b>');
}
if ($rows != "0") {
while ($mysql=mysql_fetch_array($result)) {
echo "<tr>
<td " . setMouse($mysql[news_id]) . ">
<b>User Name:</b> " . getContent($mysql[username]) . "<br>
<b>Access Level:</b> " . $mysql[access] . "<br>
<b>Last Logged:</b> " . getContent($mysql[last_logged]) . "<br>
<b>Current IP:</b> " . getContent($mysql[cur_ip]) . "<br>
<b><a href=\"" . $_SERVER['PHP_SELF'] ."?m=3&id=" . $mysql[$id_type] . "\">Edit Admin User Level</a></b> | <b><a href=\"" . $_SERVER['PHP_SELF'] . "?m=5&id=" . $mysql[$id_type] . "\">Delete Admin</a></b></td>
</tr>";
}
}
?>
</table>
<?php
getFooter();
}
?>
What is wrong?