This repository was archived by the owner on May 31, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy pathnotesView.php
More file actions
executable file
·147 lines (130 loc) · 5.36 KB
/
notesView.php
File metadata and controls
executable file
·147 lines (130 loc) · 5.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
session_start();
ob_start();
if (!isset($_SESSION['logged'])) {
header('Location: index.php');
die();
}
$staffPerms = $_SESSION['perms'];
$user = $_SESSION['user'];
if ($staffPerms['notes'] != '1') {
header('Location: lvlError.php');
die();
}
include 'verifyPanel.php';
masterconnect();
if (isset($_POST['search'])) {
$valuetosearch = mysqli_real_escape_string($dbcon, $_POST['SearchValue']);
$sqlget = "SELECT * FROM notes WHERE CONCAT (`name`) LIKE '%".$valuetosearch."%' ORDER BY note_id DESC";
$search_result = filterTable($dbcon, $sqlget);
} else {
$sqlget = 'SELECT * FROM notes ORDER BY note_id DESC';
$search_result = filterTable($dbcon, $sqlget);
}
if (isset($_POST['update'])) {
$noteID = $_POST['note_id'];
$uid = $_POST['uid'];
$name = $_POST['name'];
$text = $_POST['note_text'];
$admin = $_POST['admin'];
if ($staffPerms['superUser'] == '1') {
$sql = "DELETE FROM notes WHERE note_id='$noteID'";
mysqli_query($dbcon, $sql);
$message = 'Note ('.$text.') placed on user ('.$name.' ID - '.$uid.') by '.$admin.' was deleted by '.$user;
logIt($user, $message, $dbcon);
} else {
$message = 'Note ('.$text.') placed on user ('.$name.' ID - '.$uid.') by '.$admin.' was attempted to be deleted by '.$user;
logIt($user, $message, $dbcon);
}
}
include 'header/header.php';
?>
<div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
<h1 style = "margin-top: 70px">Notes View</h1>
<p class="page-header">Notes View, allows you too see all of the notes set.</p>
<div class="btn-group" role="group" aria-label="...">
<FORM METHOD="LINK" ACTION="players.php">
<INPUT class='btn btn-primary btn-outline' TYPE="submit" VALUE="Back">
</FORM>
</div>
<form action = "notesView.php" method="post">
<div class ="searchBar">
<div class="row">
<div class="col-lg-6">
<div class="input-group">
<input type="text" class="form-control" style = "width: 300px; " name="SearchValue" placeholder="Player name...">
<span class="input-group-btn">
<input class="btn btn-default" name="search" type="submit" value="Search">
</span>
</div><!-- /input-group -->
</div><!-- /.col-lg-6 -->
</div><!-- /.row -->
</div>
</form>
<br>
<div class="table-responsive">
<table class="table table-striped" style = "margin-top: -10px">
<thead>
<tr>
<th>Player ID</th>
<th>Player</th>
<th>Player Alias</th>
<th>Player Note</th>
<th>Staff Member</th>
<th>Timestamp</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($search_result, MYSQLI_ASSOC)) {
echo '<form action=notesView.php method=post>';
switch ($row['warning']) {
default:
echo '<tr>';
break;
case 2:
echo '<tr class = "warning">';
break;
case 3:
echo '<tr class = "danger">';
break;
case 4:
echo '<tr class = "success">';
break;
}
echo '<td>'.htmlspecialchars($row['uid'], ENT_QUOTES, 'UTF-8').' </td>';
echo '<td>'.htmlspecialchars($row['name'], ENT_QUOTES, 'UTF-8').' </td>';
echo '<td>'.htmlspecialchars($row['alias'], ENT_QUOTES, 'UTF-8').' </td>';
echo '<td>'.htmlspecialchars($row['note_text'], ENT_QUOTES, 'UTF-8').' </td>';
echo '<td>'.htmlspecialchars($row['staff_name'], ENT_QUOTES, 'UTF-8').' </td>';
echo '<td>'.htmlspecialchars($row['note_updated'], ENT_QUOTES, 'UTF-8').' </td>';
echo '<td>'."<input class='btn btn-primary btn-outline' type=submit name=update value=Delete".' </td>';
echo "<td style='display:none;'>".'<input type=hidden name=note_id value='.htmlspecialchars($row['note_id'], ENT_QUOTES, 'UTF-8').' </td>';
echo "<td style='display:none;'>".'<input type=hidden name=uid value='.htmlspecialchars($row['uid'], ENT_QUOTES, 'UTF-8').' </td>';
echo "<td style='display:none;'>".'<input type=hidden name=name value='.htmlspecialchars($row['name'], ENT_QUOTES, 'UTF-8').' </td>';
echo "<td style='display:none;'>".'<input type=hidden name=note_text value='.htmlspecialchars($row['note_text'], ENT_QUOTES, 'UTF-8').' </td>';
echo "<td style='display:none;'>".'<input type=hidden name=admin value='.htmlspecialchars($row['staff_name'], ENT_QUOTES, 'UTF-8').' </td>';
echo '</tr>';
echo '</form>';
}
echo '</table></div>';
?>
</tbody>
</table>
</div>
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script>window.jQuery || document.write('<script src="../../assets/js/vendor/jquery.min.js"><\/script>')</script>
<script src="dist/js/bootstrap.min.js"></script>
<!-- Just to make our placeholder images work. Don't actually copy the next line! -->
<script src="../../assets/js/vendor/holder.min.js"></script>
<!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
<script src="../../assets/js/ie10-viewport-bug-workaround.js"></script>
</body>
</html>