From: <rav...@us...> - 2011-03-18 17:36:41
|
Revision: 7093 http://planeshift.svn.sourceforge.net/planeshift/?rev=7093&view=rev Author: ravna-ps Date: 2011-03-18 17:36:35 +0000 (Fri, 18 Mar 2011) Log Message: ----------- Changed an insufficient access check (was read instead of edit). Modified Paths: -------------- www/webconsole-new/npcs/ka_scripts.php Modified: www/webconsole-new/npcs/ka_scripts.php =================================================================== --- www/webconsole-new/npcs/ka_scripts.php 2011-03-18 15:06:31 UTC (rev 7092) +++ www/webconsole-new/npcs/ka_scripts.php 2011-03-18 17:36:35 UTC (rev 7093) @@ -26,6 +26,10 @@ } echo '</table>'; }else{ + if (!checkaccess('npcs', 'edit')) { + echo '<p class="error">Error: You are not authorized to use this function.</p>'; + return; + } if (isset($_GET['areaid'])){ $areaid = mysql_real_escape_string($_GET['areaid']); } @@ -97,7 +101,7 @@ } } }else{ - echo '<p class="error">You are not authorized to use thes functions</p>'; + echo '<p class="error">You are not authorized to use these functions</p>'; } } ?> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <rav...@us...> - 2016-02-21 23:11:28
|
Revision: 9791 http://sourceforge.net/p/planeshift/code/9791 Author: ravna-ps Date: 2016-02-21 23:11:27 +0000 (Sun, 21 Feb 2016) Log Message: ----------- Create KA_Script now takes you directly to the edit field of the newly created script. Update script (while editing), now takes you back to the main page, instead of to "read script". Changed to code of ka_scripts.php to match the WC standard, and the code now generates valid XHTML. Modified Paths: -------------- www/webconsole-new/npcs/ka_scripts.php Modified: www/webconsole-new/npcs/ka_scripts.php =================================================================== --- www/webconsole-new/npcs/ka_scripts.php 2016-02-21 18:07:16 UTC (rev 9790) +++ www/webconsole-new/npcs/ka_scripts.php 2016-02-21 23:11:27 UTC (rev 9791) @@ -1,107 +1,138 @@ <?php -function ka_scripts(){ - if (checkaccess('npcs', 'read')){ - if (!isset($_GET['sub'])){ - $query = "SELECT id, script FROM quest_scripts WHERE quest_id='-1'"; - $result = mysql_query2($query); - echo '<table border="1">'; - echo '<tr><th>Name</th><th>Action</th></tr>'; - while ($row = fetchSqlAssoc($result)){ - $pos1 = strpos($row['script'], "\n")+1; - $string = substr($row['script'], $pos1); - $pos2 = strpos($string, ":"); - $name = substr($string, 0, $pos2); - echo '<tr><td>'.$name.'</td>'; - echo '<td><a href="./index.php?do=ka_scripts&sub=Read&areaid='.$row['id'].'">Read</a>'; - if (checkaccess('npcs', 'edit')){ - echo '<br/><a href="./index.php?do=ka_scripts&sub=Edit&areaid='.$row['id'].'">Edit</a>'; - echo '<br/><a href="./index.php?do=ka_scripts&sub=Delete&areaid='.$row['id'].'">Delete</a>'; - } - echo '</td></tr>'; - } - if (checkaccess('npcs', 'edit')){ - echo '<tr><td><form action="./index.php?do=ka_scripts&sub=New" method="post">'; - echo '<input type="text" name="name" /><br/><input type="submit" name="commit" value="Create New KA Script" />'; - echo '</form></td><td> </td></tr>'; - } - echo '</table>'; - }else{ - if (!checkaccess('npcs', 'edit')) { - echo '<p class="error">Error: You are not authorized to use this function.</p>'; +function ka_scripts() +{ + if (!checkaccess('npcs', 'read')) + { + echo '<p class="error">You are not authorized to use these functions</p>'; return; - } - if (isset($_GET['areaid'])){ - $areaid = escapeSqlString($_GET['areaid']); - } - if ($_GET['sub'] == 'Read'){ - $query = "SELECT script FROM quest_scripts WHERE id='$areaid'"; + } + if (!isset($_GET['sub'])) + { + $query = "SELECT id, script FROM quest_scripts WHERE quest_id='-1'"; $result = mysql_query2($query); - $row = fetchSqlAssoc($result); - $pos1 = strpos($row['script'], "\n")+1; - $string = substr($row['script'], $pos1); - $pos2 = strpos($string, ":"); - $name = substr($string, 0, $pos2); - echo 'Reading KA Script: '.$name.'<hr/>'; - $script = str_replace("\n", "<br/>\n", htmlspecialchars($row['script'])); - echo $script.'<br/>'; - }else if ($_GET['sub'] == 'Edit'){ - if (isset($_POST['commit'])){ - $script = escapeSqlString($_POST['script']); - $query = "UPDATE quest_scripts SET script='$script' WHERE id='$areaid'"; - $result = mysql_query2($query); - unset($_POST); - $_GET['sub']='Read'; - ka_scripts(); - return; - }else{ - $query = "SELECT script FROM quest_scripts WHERE id='$areaid'"; - $result = mysql_query2($query); - $row = fetchSqlAssoc($result); - $pos1 = strpos($row['script'], "\n")+1; - $string = substr($row['script'], $pos1); - $pos2 = strpos($string, ":"); - $name = substr($string, 0, $pos2); - echo 'Editing KA Script: '.$name.'<hr/>'; - echo '<form action="./index.php?do=ka_scripts&sub=Edit&areaid='.$areaid.'" method="post">'; - echo '<textarea name="script" rows="20" cols="70">'.$row['script'].'</textarea><br/>'; - echo '<input type="submit" name="commit" value="Update Script"/>'; - echo '</form>'; + echo '<table border="1">'; + echo '<tr><th>Name</th><th>Action</th></tr>'; + while ($row = fetchSqlAssoc($result)) + { + $pos1 = strpos($row['script'], "\n")+1; + $string = substr($row['script'], $pos1); + $pos2 = strpos($string, ":"); + $name = substr($string, 0, $pos2); + echo '<tr><td>'.htmlentities($name).'</td>'; + echo '<td><a href="./index.php?do=ka_scripts&sub=Read&areaid='.$row['id'].'">Read</a>'; + if (checkaccess('npcs', 'edit')) + { + echo '<br/><a href="./index.php?do=ka_scripts&sub=Edit&areaid='.$row['id'].'">Edit</a>'; + echo '<br/><a href="./index.php?do=ka_scripts&sub=Delete&areaid='.$row['id'].'">Delete</a>'; + } + echo '</td></tr>'; } - }else if ($_GET['sub'] == 'Delete'){ - if (isset($_POST['commit'])){ - $query = "DELETE FROM quest_scripts WHERE id='$areaid'"; - $result = mysql_query2($query); - unset($_POST); - unset($_GET); - ka_scripts(); - return; - }else{ - $query = "SELECT script FROM quest_scripts WHERE id='$areaid'"; - $result = mysql_query2($query); - $row = fetchSqlAssoc($result); - $pos1 = strpos($row['script'], "\n")+1; - $string = substr($row['script'], $pos1); - $pos2 = strpos($string, ":"); - $name = substr($string, 0, $pos2); - echo 'You are about to delete the following KA Script: '.$name.'<br/>'; - echo '<form action="./index.php?do=ka_scripts&sub=Delete&areaid='.$areaid.'" method="post">'; - echo '<input type="submit" name="commit" value="Confirm Delete"/></form>'; + if (checkaccess('npcs', 'edit')) + { + echo '<tr><td><form action="./index.php?do=ka_scripts&sub=New" method="post">'; + echo '<div><input type="text" name="name" /><br/><input type="submit" name="commit" value="Create New KA Script" /></div>'; + echo '</form></td><td> </td></tr>'; } - }else if ($_GET['sub'] == 'New'){ - $name = escapeSqlString($_POST['name']); - $script = " \n"."$name:\n#This is a temporary Entry -Needs to be changed"; - $query = "INSERT INTO quest_scripts (quest_id, script) VALUES ('-1', '$script')"; - $result = mysql_query2($query); - unset($_GET); - unset($_POST); - ka_scripts(); - return; - }else{ - echo '<p class="error">Error: No action specified</p>'; - } + echo '</table>'; } - }else{ - echo '<p class="error">You are not authorized to use these functions</p>'; - } + else + { + if (!checkaccess('npcs', 'edit')) + { + echo '<p class="error">Error: You are not authorized to use this function.</p>'; + return; + } + + $areaid = (isset($_GET['areaid']) ? escapeSqlString($_GET['areaid']) : ''); + + if ($_GET['sub'] == 'Read') + { + $query = "SELECT script FROM quest_scripts WHERE id='$areaid'"; + $result = mysql_query2($query); + $row = fetchSqlAssoc($result); + $pos1 = strpos($row['script'], "\n")+1; + $string = substr($row['script'], $pos1); + $pos2 = strpos($string, ":"); + $name = substr($string, 0, $pos2); + echo 'Reading KA Script: '.htmlentities($name).'<hr/>'; + $script = str_replace("\n", "<br/>\n", htmlentities($row['script'])); + echo $script.'<br/>'; + } + elseif ($_GET['sub'] == 'Edit') + { + if (isset($_POST['commit'])) + { + $script = escapeSqlString($_POST['script']); + $query = "UPDATE quest_scripts SET script='$script' WHERE id='$areaid'"; + $result = mysql_query2($query); + unset($_POST); + unset($_GET); + ka_scripts(); + return; + } + else + { + $query = "SELECT script FROM quest_scripts WHERE id='$areaid'"; + $result = mysql_query2($query); + $row = fetchSqlAssoc($result); + $pos1 = strpos($row['script'], "\n")+1; + $string = substr($row['script'], $pos1); + $pos2 = strpos($string, ":"); + $name = substr($string, 0, $pos2); + echo 'Editing KA Script: '.htmlentities($name).'<hr/>'; + echo '<form action="./index.php?do=ka_scripts&sub=Edit&areaid='.htmlentities($areaid).'" method="post">'; + echo '<div><textarea name="script" rows="20" cols="70">'.htmlentities($row['script']).'</textarea><br/>'; + echo '<input type="submit" name="commit" value="Update Script"/></div>'; + echo '</form>'; + } + } + elseif ($_GET['sub'] == 'Delete') + { + if (isset($_POST['commit'])) + { + $query = "DELETE FROM quest_scripts WHERE id='$areaid'"; + $result = mysql_query2($query); + unset($_POST); + unset($_GET); + ka_scripts(); + return; + } + else + { + $query = "SELECT script FROM quest_scripts WHERE id='$areaid'"; + $result = mysql_query2($query); + $row = fetchSqlAssoc($result); + $pos1 = strpos($row['script'], "\n")+1; + $string = substr($row['script'], $pos1); + $pos2 = strpos($string, ":"); + $name = substr($string, 0, $pos2); + echo '<p>You are about to delete the following KA Script: '.htmlentities($name).'</p>'; + echo '<form action="./index.php?do=ka_scripts&sub=Delete&areaid='.htmlentities($areaid).'" method="post">'; + echo '<div><input type="submit" name="commit" value="Confirm Delete"/></div></form>'; + } + } + elseif ($_GET['sub'] == 'New') + { + $name = escapeSqlString($_POST['name']); + if ($name == '') // should only happen if people are fooling around with their own forms/post variables. + { + echo '<p class="error">cannot create KA without a name.</p>'; + return; + } + $script = " \n"."$name:\n#This is a temporary Entry -Needs to be changed"; + $query = "INSERT INTO quest_scripts (quest_id, script) VALUES ('-1', '$script')"; + $result = mysql_query2($query); + unset($_GET); + unset($_POST); + $_GET['sub'] = 'Edit'; + $_GET['areaid'] = sqlInsertId(); + ka_scripts(); + return; + } + else + { + echo '<p class="error">Error: No action specified</p>'; + } + } } -?> +?> \ No newline at end of file This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <rav...@us...> - 2016-12-10 00:29:11
|
Revision: 9972 http://sourceforge.net/p/planeshift/code/9972 Author: ravna-ps Date: 2016-12-10 00:29:09 +0000 (Sat, 10 Dec 2016) Log Message: ----------- Fixed: (WC) ka_script listing is now sorted by "name", case insensitive, ascending. Modified Paths: -------------- www/webconsole-new/npcs/ka_scripts.php Modified: www/webconsole-new/npcs/ka_scripts.php =================================================================== --- www/webconsole-new/npcs/ka_scripts.php 2016-12-09 21:58:49 UTC (rev 9971) +++ www/webconsole-new/npcs/ka_scripts.php 2016-12-10 00:29:09 UTC (rev 9972) @@ -12,19 +12,26 @@ $result = mysql_query2($query); echo '<table border="1">'; echo '<tr><th>Name</th><th>Action</th></tr>'; + $results = array(); while ($row = fetchSqlAssoc($result)) { $pos1 = strpos($row['script'], "\n")+1; $string = substr($row['script'], $pos1); $pos2 = strpos($string, ":"); - $name = substr($string, 0, $pos2); - echo '<tr><td>'.htmlentities($name).'</td>'; - echo '<td><a href="./index.php?do=ka_scripts&sub=Read&areaid='.$row['id'].'">Read</a>'; - echo '<br/><a href="./index.php?do=validatequest&id=-1&script_id='.$row['id'].'">Validate</a>'; + $name = substr($string, 0, $pos2); + $results[$row['id']] = $name; + } + asort($results, SORT_NATURAL | SORT_FLAG_CASE); // sort results by value, asc. + foreach ($results as $rId => $rName) + { + + echo '<tr><td>'.htmlentities($rName).'</td>'; + echo '<td><a href="./index.php?do=ka_scripts&sub=Read&areaid='.$rId.'">Read</a>'; + echo '<br/><a href="./index.php?do=validatequest&id=-1&script_id='.$rId.'">Validate</a>'; if (checkaccess('npcs', 'edit')) { - echo '<br/><a href="./index.php?do=ka_scripts&sub=Edit&areaid='.$row['id'].'">Edit</a>'; - echo '<br/><a href="./index.php?do=ka_scripts&sub=Delete&areaid='.$row['id'].'">Delete</a>'; + echo '<br/><a href="./index.php?do=ka_scripts&sub=Edit&areaid='.$rId.'">Edit</a>'; + echo '<br/><a href="./index.php?do=ka_scripts&sub=Delete&areaid='.$rId.'">Delete</a>'; } echo '</td></tr>'; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <rav...@us...> - 2017-06-29 19:11:58
|
Revision: 9994 http://sourceforge.net/p/planeshift/code/9994 Author: ravna-ps Date: 2017-06-29 19:11:56 +0000 (Thu, 29 Jun 2017) Log Message: ----------- Fixed: (WC) Create KA script on NPC pages now creates a valid script, which won't crash the server when not changed. (Though it will still be a meaningless script.) Modified Paths: -------------- www/webconsole-new/npcs/ka_scripts.php Modified: www/webconsole-new/npcs/ka_scripts.php =================================================================== --- www/webconsole-new/npcs/ka_scripts.php 2017-02-16 12:18:15 UTC (rev 9993) +++ www/webconsole-new/npcs/ka_scripts.php 2017-06-29 19:11:56 UTC (rev 9994) @@ -127,7 +127,7 @@ echo '<p class="error">cannot create KA without a name.</p>'; return; } - $script = " \n"."$name:\n#This is a temporary Entry -Needs to be changed"; + $script = " \nP: default \n$name: I am a default response, change me.\n#This is a temporary Entry -Needs to be changed"; $query = "INSERT INTO quest_scripts (quest_id, script) VALUES ('-1', '$script')"; $result = mysql_query2($query); unset($_GET); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |