[standalone] Simple Database Manager (for GMs/admins)

PhoOwned · Apr 12, 2011

I wrote today simple database manager for my GMs. I think it can be useful for other servers.

Code is dirty, because I wasn't preparing it for release

-------------
Create new file .php in your website directory and paste:

PHP:

<?PHP
/*
Access:
1 = can view players and accounts, but not rec keys and passwords
2 = can view all
3 = can view all, can edit town id and teleport to temple
4 = can view all, can edit town id and teleport to temple, can edit password, e-mail, rec key and premium points
*/
$passwords = array();
$passwords['your_password_here'] = 0;
$passwords['your_password_2_here'] = 0;

// login
if(isset($_REQUEST['lpas']) && isset($passwords[$_REQUEST['lpas']]))
{
	setcookie('admpass', $_REQUEST['lpas']);
	$_COOKIE['admpass'] = $_REQUEST['lpas'];
}
$access = 0;
if(isset($_COOKIE['admpass']) && !empty($_COOKIE['admpass']) && isset($passwords[$_COOKIE['admpass']]))
	$access = $passwords[$_COOKIE['admpass']];

if($access == 0)
{
	echo '<form action="" method="post"><input type="text" name="lpas" /><input type="submit" value="Login" /></form>';
	exit;
}


$mysql_server = 'localhost';
$mysql_port = '3306';
$mysql_user = 'root';
$mysql_password = 'your_pass';
$mysql_database = 'theforgottenserver';

$vocs = array();
$vocs[0][0] = 'Rook';
$vocs[0][1] = 'Sorcerer';
$vocs[0][2] = 'Druid';
$vocs[0][3] = 'Paladin';
$vocs[0][4] = 'Knight';
$vocs[1][1] = 'Master Sorcerer';
$vocs[1][2] = 'Elder Druid';
$vocs[1][3] = 'Royal Paladin';
$vocs[1][4] = 'Elite Knight';
// FUNCTIONS
function IP_OTStoSTRING($ip)
{
	return implode('.', array_reverse(explode('.', long2ip($ip))));
}

function IP_STRINGtoOTS($ip)
{
	return ip2long(implode('.', array_reverse(explode('.', $ip))));
}
// SCRIPT
try {
    $SQL = new PDO('mysql:dbname=' . $mysql_database  . ';host=' . $mysql_server . ';port=' . $mysql_port, $mysql_user, $mysql_password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

if($access >= 3)
	if(isset($_POST['stype']) && $_POST['stype'] == 'p' && isset($_POST['sid']) && isset($_POST['town_id']) && isset($_POST['posx']) && isset($_POST['posy']) && isset($_POST['posz']))
		$SQL->query('UPDATE `players` SET `town_id` = ' . $SQL->quote($_POST['town_id']) . ', `posx` = ' . $SQL->quote($_POST['posx']) . ', `posy` = ' . $SQL->quote($_POST['posy']) . ', `posz` = ' . $SQL->quote($_POST['posz']) . ' WHERE `id` = ' . $SQL->quote($_POST['sid']) . ';');

if($access == 4)
	if(isset($_POST['stype']) && $_POST['stype'] == 'a' && isset($_POST['sid']) && isset($_POST['pass']) && isset($_POST['email']) && isset($_POST['key']) && isset($_POST['pp']))
		$SQL->query('UPDATE `accounts` SET `password` = ' . $SQL->quote($_POST['pass']) . ', `email` = ' . $SQL->quote($_POST['email']) . ', `key` = ' . $SQL->quote($_POST['key']) . ', `premium_points` = ' . $SQL->quote($_POST['pp']) . ' WHERE `id` = ' . $SQL->quote($_POST['sid']) . ';');
		

$players_order = 'name';
if(isset($_REQUEST['st']))
	if($_REQUEST['st'] == 'aid')
	{
		$account_data = $SQL->query('SELECT `id`, `name`, `password`, `email`, `key`, `premium_points` FROM `accounts` WHERE `id` = ' . $SQL->quote($_REQUEST['sd']))->fetch();
		$players_data = $SQL->query('SELECT `id`, `account_id`, `name`, `level`, `vocation`, `promotion`, `lastlogin`, `lastip`, `lastlogout`, `online`, `town_id`, `posx`, `posy`, `posz` FROM `players` WHERE `account_id` = ' . $SQL->quote($_REQUEST['sd']) . ' ORDER BY `' . $players_order . '`');
	}
	elseif($_REQUEST['st'] == 'aname')
	{
		$account = $SQL->query('SELECT `id` FROM `accounts` WHERE `name` = ' . $SQL->quote($_REQUEST['sd']))->fetch();
        if(isset($account['id']))
		{
			$account_data = $SQL->query('SELECT `id`, `name`, `password`, `email`, `key`, `premium_points` FROM `accounts` WHERE `id` = ' . $SQL->quote($account['id']))->fetch();
			$players_data = $SQL->query('SELECT `id`, `account_id`, `name`, `level`, `vocation`, `promotion`, `lastlogin`, `lastip`, `lastlogout`, `online`, `town_id`, `posx`, `posy`, `posz` FROM `players` WHERE `account_id` = ' . $SQL->quote($account['id']) . ' ORDER BY `' . $players_order . '`');
		}
	}
	elseif($_REQUEST['st'] == 'pid')
	{
		$player = $SQL->query('SELECT `id`, `account_id` FROM `players` WHERE `id` = ' . $SQL->quote($_REQUEST['sd']))->fetch();
        if(isset($player['account_id']))
		{
			$account_data = $SQL->query('SELECT `id`, `name`, `password`, `email`, `key`, `premium_points` FROM `accounts` WHERE `id` = ' . $SQL->quote($player['account_id']))->fetch();
			$players_data = $SQL->query('SELECT `id`, `account_id`, `name`, `level`, `vocation`, `promotion`, `lastlogin`, `lastip`, `lastlogout`, `online`, `town_id`, `posx`, `posy`, `posz` FROM `players` WHERE `account_id` = ' . $SQL->quote($player['account_id']) . ' ORDER BY `' . $players_order . '`');
		}
	}
	elseif($_REQUEST['st'] == 'pname')
	{
		$player = $SQL->query('SELECT `id`, `account_id` FROM `players` WHERE `name` = ' . $SQL->quote($_REQUEST['sd']))->fetch();
        if(isset($player['account_id']))
		{
			$account_data = $SQL->query('SELECT `id`, `name`, `password`, `email`, `key`, `premium_points` FROM `accounts` WHERE `id` = ' . $SQL->quote($player['account_id']))->fetch();
			$players_data = $SQL->query('SELECT `id`, `account_id`, `name`, `level`, `vocation`, `promotion`, `lastlogin`, `lastip`, `lastlogout`, `online`, `town_id`, `posx`, `posy`, `posz` FROM `players` WHERE `account_id` = ' . $SQL->quote($player['account_id']) . ' ORDER BY `' . $players_order . '`');
		}
	}
	elseif($_REQUEST['st'] == 'ip')
		$players_data = $SQL->query('SELECT `id`, `account_id`, `name`, `level`, `vocation`, `promotion`, `lastlogin`, `lastip`, `lastlogout`, `online`, `town_id`, `posx`, `posy`, `posz` FROM `players` WHERE `lastip` = ' . $SQL->quote(IP_STRINGtoOTS($_REQUEST['sd'])) . ' ORDER BY `' . $players_order . '`');


echo '<html><head><title>TFS DB EDITOR</title>
<style type="text/css">
body {
	font-family: monotype;
	color: #000000;
	background-color: #999999;
	font-size: 12px;
}
a { color: blue; text-decoration:none;}
.tr_0 {
	background-color: #C4DCCC;
	margin-top: 2px
}
.tr_0:hover { background-color: #00AA00;}
.tr_1 {
	background-color: #C4DCFF;
	margin-top: 2px
}
.tr_1:hover { background-color: #AAAACC;}
</style>
</head><body>';
echo '<table style="background-color: #FFFFAA; width: 700px;"><tr><td><form action="" method="post">
Search by:<br />
	<select name="st">
		<option value="pname">Player name</option>
		<option value="aname">Account name</option>
		<option value="pid">Player ID</option>
		<option value="aid">Account ID</option>
		</select><br />
<input type="text" name="sd" value="" size="25" /><br />
<input type="submit" value="Search" /></form></td>

<td><form action="" method="post"><input type="hidden" name="st" value="ip" />
Search by IP:<p style="font-size: 10px">(format x.x.x.x)</p>
<input type="text" name="sd" value="" size="25" /><br />
<input type="submit" value="Search" /></form></td>
</tr></table>';
if(isset($account_data) && $account_data)
{
	echo '<h2>Account</h2><table style="text-align: center; background-color: #FFFFAA; border-spacing: 2px; border-collapse: collapse; border-color: black" border="1">';
	if($access == 4)
		echo '<form action="" method="post"><input type="hidden" name="stype" value="a" /><input type="hidden" name="sid" value="' . $account_data['id'] . '" />';
	echo '<tr class="tr_0"><td>ID</td><td>' . $account_data['id'] . '</td></tr>';
	echo '<tr class="tr_1"><td>Name</td><td>' . $account_data['name'] . '</td></tr>';
	if($access == 4)
		echo '<tr class="tr_0"><td>Password</td><td><input type="text" name="pass" value="' . $account_data['password'] . '" /></td></tr>';
	elseif($access == 3)
		echo '<tr class="tr_0"><td>Password</td><td>' . $account_data['password'] . '</td></tr>';
	else
		echo '<tr class="tr_0"><td>Password</td><td>*****</td></tr>';
	if($access == 4)
		echo '<tr class="tr_1"><td>E-mail</td><td><input type="text" name="email" value="' . $account_data['email'] . '" /></td></tr>';
	else
		echo '<tr class="tr_1"><td>E-mail</td><td>' . $account_data['email'] . '</td></tr>';
	if($access == 4)
		echo '<tr class="tr_0"><td>Recovery key</td><td><input type="text" name="key" value="' . $account_data['key'] . '" /></td></tr>';
	elseif($access == 3)
		echo '<tr class="tr_0"><td>Recovery key</td><td>' . $account_data['key'] . '</td></tr>';
	else
		echo '<tr class="tr_0"><td>Recovery key</td><td>*****</td></tr>';
	if($access == 4)
		echo '<tr class="tr_1"><td>Premium points</td><td><input type="text" name="pp" value="' . $account_data['premium_points'] . '" /></td></tr>';
	else
		echo '<tr class="tr_1"><td>Premium points</td><td>' . $account_data['premium_points'] . '</td></tr>';
	if($access == 4)
		echo '<tr class="tr_0"><td>.</td><td><input type="submit" value="Save" /></td></tr></form>';
	echo '</table>';
}
else
	echo '<p class="error">no account</p>';
if(!empty($players_data))
{
	echo '<h2>Players</h2><table style="text-align: center; background-color: #FFFFAA; border-spacing: 2px; border-collapse: collapse; border-color: black" border="1"><tr style="font-weight: bold"><td>ID</td><td>Account ID</td><td>Name</td><td>Info</td><td>IP</td><td>Last online</td><td>Town</td><td>Position</td>';
	if($access >= 3)
			echo '<td>.</td>';
	echo '</tr>';
	foreach($players_data as $i => $p)
	{
		echo '<form action="" method="post"><input type="hidden" name="stype" value="p" /><input type="hidden" name="sid" value="' . $p['id'] . '" /><tr class="tr_' . (($i % 2 == 1) ? 1 : 0) . '"><td><a href="?st=pid&sd=' . $p['id'] . '">' . $p['id'] . '</a></td><td><a href="?st=aid&sd=' . $p['account_id'] . '">' . $p['account_id'] . '</a></td><td><a href="?st=pname&sd=' . urlencode($p['name']) . '"><span  style="color: ' . (($p['online']) ? 'green' : 'red') . '">' . $p['name'] . '</span></a></td><td>' . $p['level'] . ' ' . $vocs[$p['promotion']][$p['vocation']] . '</td><td><a href="?st=ip&sd=' . urlencode(IP_OTStoSTRING($p['lastip'])) . '">' . IP_OTStoSTRING($p['lastip']) . '</td><td>' . date("d-m-Y H:i:s", max($p['lastlogout'], $p['lastlogin'])) . '</td>';
		if($access < 3)
			echo '<td>' . $p['town_id'] . '</td><td>' . $p['posx'] . ',' . $p['posy'] . ',' . $p['posz'] . '</td>';
		else
			echo '<td><input type="text" name="town_id" value="' . $p['town_id'] . '" size="3" /></td><td>X:<input type="text" name="posx" value="' . $p['posx'] . '" size="5"  />Y:<input type="text" name="posy" value="' . $p['posy'] . '" size="5"  />Z:<input type="text" name="posz" value="' . $p['posz'] . '" size="5"  /></td>';
		if($access >= 3)
			echo '<td><input type="submit" value="Save" /></td>';
		echo '</tr></form>';
	}
	echo '</table>';
}
else
	echo '<p class="error">no players</p>';
if(isset($player['id']))
{
	$level_hist = $SQL->query('SELECT FLOOR((UNIX_TIMESTAMP() - `date`) / 86400) AS da, `level` FROM `player_deaths` WHERE `player_id`=' . $player['id'] . ' GROUP BY `level` ORDER BY FLOOR((UNIX_TIMESTAMP() - `date`) / 86400), `level` DESC');
	echo '<h3>Level History - based on player deaths</h3><table style="text-align: center; width: 600px; background-color: #FFFFAA; border-spacing: 2px; border-collapse: collapse; border-color: black" border="1"><tr style="font-weight: bold"><td>Days ago</td><td>Level</td></tr>';
	$larr = array();
	if($level_hist)
	{
		foreach($level_hist->fetchAll() as $lh)
			$larr[$lh['da']][] = $lh['level'];
		$i = 0;
		foreach($larr as $day => $levels)
		{
			echo '<tr class="tr_' . (($i++ % 2 == 1) ? 1 : 0) . '"><td>' . $day . '</td><td>' . implode(', ', $levels) . '</td></tr>';
		}
	}
	echo '</table>';
}
echo '</body></html>';
?>

There are lines:

PHP:

$passwords['your_password_here'] = 0;
$passwords['your_password_2_here'] = 0;

where you have to set passwords and access for GMs/CMs.
YOU MUST CHANGE ACCESS BEFORE YOU CAN USE THIS SCRIPT
USE HARD AND LONG PASSWORDS, BECAUSE SOMEONE CAN TRY TO WRITE ALL (RANDOM) 1-7 LETTERS PASSWORDS!
Access description:

PHP:

/*
Access:
1 = can view players and accounts, but not rec keys and passwords
2 = can view all
3 = can view all, can edit town id and teleport to temple
4 = can view all, can edit town id and teleport to temple, can edit password, e-mail, rec key and premium points
*/

In lines:

PHP:

$mysql_server = 'localhost';
$mysql_port = '3306';
$mysql_user = 'root';
$mysql_password = 'your_pass';
$mysql_database = 'theforgottenserver';

you must configure your database connection.

kkk111 · Apr 13, 2011

I liked the idea, but the script is weak

thanks for sharing

Zonet · Apr 14, 2011

Good idea, but I'd do a config.php file where all the db info/vocation should be, it'd be better. Great anyway.

richux · Apr 14, 2011

Usefull for learning purposes, ty

Hermes · Apr 17, 2011

Kool, thank you : D. It might be useful for my web control panel.

hasbro · Apr 20, 2011

Well, I'm trying to enter the panel, over which login, tried my use of god put the pag_acess up to 4 more, will not I do?

snacky · Apr 20, 2011

Thank you

pakki · Apr 20, 2011

I cant get past the login screen even though i enter the correct password. Nice idea though!

PhoOwned · Apr 21, 2011

pakki said:
I cant get past the login screen even though i enter the correct password. Nice idea though!

There are lines:

$passwords['your_password_here'] = 0;
$passwords['your_password_2_here'] = 0;

where you have to set passwords and access for GMs/CMs.
YOU MUST CHANGE ACCESS BEFORE YOU CAN USE THIS SCRIPT

...
and you need web browser with cookies support (any?)

Morlad · Apr 26, 2011

COol script..

rep++

[standalone] Simple Database Manager (for GMs/admins)

PhoOwned

^_^

kkk111

Member

Zonet

Web Developer

richux

Tibera.org

Hermes

dziwki kola gramy w lola

hasbro

Member

snacky

New Member

pakki

New Member

PhoOwned

^_^

Morlad

Mega USER

Similar threads