Warning Points

editPlayer.php

@@ -102,6 +102,7 @@
 echo '<center><h4>UID: '.$player->uid.'</h3></center>';
 echo '<center><h4>Player ID: '.$pid.'</h3></center>';
 echo '<center><h4>GUID: '.$guidPlayer.'</h3></center>';
+echo '<center><h4>Warning Points: '.$player->warning.'</h3></center>';
 echo '<center><h4>Bank: $'.$player->bankacc.'</h3></center>';
 echo '<center><h4>Cash: $'.$player->cash.'</h3></center>';
 echo '<center><h4>Cop Level: '.$player->coplevel.'</h3></center>';

notes.php

@@ -18,10 +18,10 @@
 
 if (isset($_POST['search'])) {
     $valuetosearch = $_POST['SearchValue'];
-    $sqlget = "SELECT * FROM players WHERE CONCAT (`name`,`playerid`,`uid`, `aliases`) LIKE '%".$valuetosearch."%'";
+    $sqlget = "SELECT * FROM players WHERE CONCAT (`name`,`playerid`,`warning`,`uid`,`aliases`) LIKE '%".$valuetosearch."%'";
     $search_result = filterTable($dbcon, $sqlget);
     if ($search_result == '') {
-        $sqlget = "SELECT * FROM players WHERE CONCAT (`name`,`pid`,`uid`, `aliases`) LIKE '%".$valuetosearch."%'";
+        $sqlget = "SELECT * FROM players WHERE CONCAT (`name`,`pid`,`warning`,`uid`,`aliases`) LIKE '%".$valuetosearch."%'";
         $search_result = filterTable($dbcon, $sqlget);
     }
 } else {
@@ -33,8 +33,8 @@
 ?>
 
 <div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
-<h1 style = "margin-top: 70px">Notes Menu</h1>
-<p class="page-header">Notes Menu of the panel, allows you to set notes on players.</p>
+<h1 style = "margin-top: 70px">Warning Panel</h1>
+<p class="page-header">Warning Menu of the panel, allows you to set points and notes on players.<br> If warning points are 30+ please go to SMT to get them banned from the server.</p>
 
 <div class="btn-group" role="group" aria-label="...">
 <FORM METHOD="LINK" ACTION="players.php">
@@ -65,23 +65,24 @@
             <table class="table table-striped" style = "margin-top: -10px">
               <thead>
                 <tr>
-			                <th>Player ID</th>
+			        <th>UID</th>
 					<th>Name</th>
-					<th>Alias</th>
-					<th>Note Type</th>
-					<th>New Notes</th>
+					<th>Current Points</th>
+					<th>Warning Points</th>
+					<th>Case Notes</th>
 					<th>Update</th>
                 </tr>
               </thead>
               <tbody>
 <?php
 while ($row = mysqli_fetch_array($search_result, MYSQLI_ASSOC)) {
     echo '<form action=notes.php method=post>';
+
     echo '<tr>';
     echo '<td>'.$row['uid'].' </td>';
     echo '<td>'.$row['name'].' </td>';
-    echo '<td>'.$row['aliases'].' </td>';
-    echo '<td>'."<select class='form-control' name='warn'><option value='4'>Commendation</option><option value='1' selected='selected'>Warning</option><option value='2'>Caution</option><option value='3'>Big Caution</option></select> </td>";
+    echo '<td>'.$row['warning'].' </td>';
+	echo '<td>'."<input class='form-control' type=warning name=warning value=''> </td>";
     echo '<td>'."<input class='form-control' type=text name=note value=''> </td>";
     echo '<td>'."<input class='btn btn-primary btn-outline' type=submit name=update value=Update".'> </td>';
     echo "<td style='display:none;'>".'<input type=hidden name=hidden value='.$row['uid'].'> </td>';
@@ -97,12 +98,49 @@
     $pid = playerID($player);
 
     if ($_POST['note'] != $player->note_text) {
-        $message = 'Admin '.$user.' has added the note ('.$_POST['note'].') to '.$player->name.'('.$pid.')';
+        $message = 'Admin '.$user.' has added '.$_POST['warning'].' warning points and the note ('.$_POST['note'].') to '.$player->name.'('.$_POST['hidden'].')';
         logIt($user, $message, $dbcon);
         $note = $_POST['note'];
         $note = '"'.$note.'"';
-        $UpdateN = "INSERT INTO notes (uid, staff_name, name, alias, note_text, warning) VALUES ('$_POST[hidden]', '$user', '$player->name', '$player->aliases', '$note','$_POST[warn]')";
-        mysqli_query($dbcon, $UpdateN);
+		$warning = $_POST['warning'];
+        $warning = '"'.$warning.'"';
+
+		$UpdateN = 'INSERT INTO notes (uid, staff_name, name, alias, note_text, warning)'
+            . ' VALUES ( ?, ? , ? , ? , ? , ? )';
+
+		if( $sth = mysqli_prepare($dbcon,$UpdateN) ) {
+		  mysqli_stmt_bind_param($sth,'ssssss'
+			 ,$_POST['hidden']
+			 ,$user
+			 ,$player->name
+			 ,$player->aliases
+			 ,$_POST['note']
+			 ,$_POST['warning']
+		  );
+		  if( mysqli_stmt_execute($sth) ) {
+			 // statement execution successful
+		  } else {
+			 printf("Error: %s\n",mysqli_stmt_error($sth));
+		  }
+		} else {
+		  printf("Error: %s\n",mysqli_error($dbcon));
+		}
+
+		$UpdateN2 = 'UPDATE players SET warning = warning + ? WHERE uid = ? ';
+
+		if( $sth2 = mysqli_prepare($dbcon,$UpdateN2) ) {
+		  mysqli_stmt_bind_param($sth2,'ss'
+			,$_POST['warning']
+			,$_POST['hidden']
+		  );
+		  if( mysqli_stmt_execute($sth2) ) {
+			 // statement execution successful
+		  } else {
+			 printf("1Error: %s\n",mysqli_stmt_error($sth2));
+		  }
+		} else {
+		  printf("2Error: %s\n",mysqli_error($dbcon));
+		}
     }
 }
 

staffcase.php

@@ -0,0 +1,144 @@
+<?php
+session_start();
+ob_start();
+
+if (!isset($_SESSION['logged'])) {
+    header('Location: index.php');
+}
+
+$staffPerms = $_SESSION['perms'];
+$user = $_SESSION['user'];
+
+include 'verifyPanel.php';
+masterconnect();
+
+if ($staffPerms['money'] != '1') {
+    echo "<script src='scripts/na.js'></script>";
+    header('Location: lvlError.php');
+}
+include 'header/header.php';
+?>
+
+
+
+        <div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
+          <h1 style = "margin-top: 70px">Staff Cases</h1>
+		  <p class="page-header">Staff Case Logs of the panel, allows you to see staff cases.</p>
+
+		  <div class="table-responsive">
+            <table class="table table-striped" style = "margin-top: -10px">
+              <thead>
+                <tr>
+					<th>Your Name</th>
+					<th>Person Reporting</th>
+					<th>Person Being Reported</th>
+					<th>Player UID</th>
+					<th>Reported For</th>
+					<th>OutCome</th>
+					<th>Add Log</th>
+                </tr>
+              </thead>
+              <tbody>
+<?php
+echo '<form action=staffcase.php method=post>';
+  echo '<tr>';
+
+  echo '<td>'."<input class='form-control' type=text name=staffn value='' </td>";
+  echo '<td>'."<input class='form-control' type=text name=personr value='' </td>";
+  echo '<td>'."<input class='form-control' type=text name=personbr value='' </td>";
+  echo '<td>'."<input class='form-control' type=text name=uid value='' </td>";
+  echo '<td>'."<input class='form-control' type=text name=report value='' </td>";
+  echo '<td>'."<input class='form-control' type=text name=outcome value=''</td>";
+  echo '<td>'."<input class='btn btn-primary btn-outline' type=submit name=update value=Add".' </td>';
+
+  echo '</tr>';
+  echo '</form>';
+
+echo '</table></div>';
+
+if (isset($_POST['update'])) {
+	$staffn = $_POST['staffn'];
+	$personr = $_POST['personr'];
+	$personbr = $_POST['personbr'];
+    $uid = $_POST['uid'];
+    $report = $_POST['report'];
+    $outcome = $_POST['outcome'];
+
+}
+$messageIdent = md5($_POST['update'] . $_POST['staffn'] . $_POST['personr'] . $_POST['personbr'] . $_POST['uid'] . $_POST['report'] . $_POST['outcome']);
+
+$sessionMessageIdent = isset($_SESSION['messageIdent'])?$_SESSION['messageIdent']:'';
+
+    if($messageIdent!=$sessionMessageIdent){//if its different:          
+        //save the session var:
+            $_SESSION['messageIdent'] = $messageIdent;
+        //and...
+            $UpdateQ = "INSERT INTO staff_logs (staffn,personr,personbr,playerid,report,outcome,staff_name) VALUES ('$staffn','$personr','$personbr','$uid','$report','$outcome','$user');";
+			mysqli_query($dbcon, $UpdateQ);
+    } else {
+        //you've sent this already!
+    }
+?>
+
+<br><br>
+
+<?php
+
+$sqlget = 'SELECT * FROM staff_logs';
+$search_result = mysqli_query($dbcon, $sqlget) or die('Connection could not be established');
+
+?>
+
+          <div class="table-responsive">
+            <table class="table table-striped" style = "margin-top: -10px">
+              <thead>
+                <tr>
+					<th>Case Id</th>
+					<th>Staff Name</th>
+					<th>Person Reporting</th>
+					<th>Person Being Reported</th>
+					<th>PlayerID</th>
+					<th>Reported For</th>
+					<th>Outcome</th>
+					<th>Admin</th>
+					<th>Time Stamp</th>
+
+                </tr>
+              </thead>
+              <tbody>
+<?php
+while ($row = mysqli_fetch_array($search_result, MYSQLI_ASSOC)) {
+    echo '<tr>';
+    echo '<td>'.$row['case_id'].'</td>';
+	echo '<td>'.$row['staffn'].' </td>';
+	echo '<td>'.$row['personr'].' </td>';
+	echo '<td>'.$row['personbr'].' </td>';
+    echo '<td>'.$row['playerid'].' </td>';
+    echo '<td>'.$row['report'].' </td>';
+    echo '<td>'.$row['outcome'].' </td>';
+    echo '<td>'.$row['staff_name'].' </td>';
+    echo '<td>'.$row['timestamp'].' </td>';
+    echo '</tr>';
+}
+
+echo '</table></div>';
+?>
+              </tbody>
+            </table>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
+    <script>window.jQuery || document.write('<script src="../../assets/js/vendor/jquery.min.js"><\/script>')</script>
+    <script src="/dist/js/bootstrap.min.js"></script>
+    <!-- Just to make our placeholder images work. Don't actually copy the next line! -->
+    <script src="../../assets/js/vendor/holder.min.js"></script>
+    <!-- IE10 viewport hack for Surface/desktop Windows 8 bug -->
+    <script src="../../assets/js/ie10-viewport-bug-workaround.js"></script>
+  </body>
+</html>