Usergruppen Verwaltung in das GM-Panel eingebaut

13 years ago · 143672601b
parent 2812c1ad80
commit 143672601b
11 changed files with 652 additions and 300 deletions
--- a/ag/gm/gm_seite.php
+++ b/ag/gm/gm_seite.php
@ -24,6 +24,7 @@ include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/bann.inc.php');
 include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/faq.inc.php');
 include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');
 include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/user.inc.php');
+include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/usergroup.inc.php');

 include_once($_SERVER['DOCUMENT_ROOT'].'ag/gm/include/attacken.inc.php');
 include_once($_SERVER['DOCUMENT_ROOT'].'ag/gm/include/bilderschau.inc.php');
@ -64,12 +65,15 @@ function loginUser($user,$pass){
 	if(checkLoginPassword($user,$pass)){
 		$test = 'SELECT * from user where nickname = \''.$user.'\'';
 		$qry = mysql_query($test);
-		$result = mysql_fetch_assoc($qry);
-		if($result['gm'] == 'ja'){
+		$result = mysql_fetch_assoc($qry);		
+		$usergroups = getUserGroups($user);
+				
+		if(isUserInGroup($usergroups, Admin)) {
 			$_SESSION['user'] = $result['id'];
 			$_SESSION['username'] = $result['nickname'];
 			$_SESSION['password'] = $result['passwort'];
-			echo '<a href="'.$_SERVER['PHP_SELF'].'">Zum Hauptmenu</a>';
+			$_SESSION['usergroups'] = $usergroups;
+			echo '<a href="'.$_SERVER['PHP_SELF'].'">Zum Hauptmenu</a>';		
 		}
 		return true;
 	}
@ -134,7 +138,11 @@ function displayOptions(){
 					<a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=clanitems">Clan-R&auml;ume bearbeiten</a>
 				</td>
 			</tr>
-
+			<tr>
+				<td>
+					<a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=usergroups">Usergruppen</a>
+				</td>
+			</tr>
 			<tr>
 				<td>
 					<a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Banns und andere unsch&ouml;ne Sachen</a>
@ -232,7 +240,10 @@ if(checkLoginData($_SESSION['user'],$_SESSION['password'])){
 		displayNPC($_REQUEST['action'], $_REQUEST['task'], $_REQUEST['charid'], $_REQUEST['table'], $_REQUEST['page'], $REQUEST['data']);
 	}   else if($_REQUEST['choose'] == 'shop'){
 		displayShop($_REQUEST['action'], $_REQUEST['s_id'],$_REQUEST['info'], $_REQUEST['s_name'] , $_REQUEST['s2_name'], $_REQUEST['s3_name'],  $_REQUEST['s_typ'], $_REQUEST['preis'], $_REQUEST['frei'], $_REQUEST['anzahl']);	
-	}	else {
+	}	else if($_REQUEST['choose'] == 'usergroups'){
+		//displayUserGroups($_REQUEST['action'], $_REQUEST['uname']);		
+		displayUserGroups($_REQUEST['action'] ,$_REQUEST['name'] ,$_REQUEST['ugname'], $_REQUEST['delete'], $_REQUEST['add']);
+	} else {	
 		displayOptions();
 	}
 } else if(isset($_POST['user'])){
--- a/ag/gm/include/attacken.inc.php
+++ b/ag/gm/include/attacken.inc.php
@ -1,4 +1,13 @@
 <?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+<?php 
 function displayAttackeOptions($action, $attackname, $attackid, $depth, $name, $starke, $verteidigung, $speed, $hp, $mp, $rassen, $level, $geld, $type, $info, $req_atk, $req_lvl, $Frucht, $runden, $maxlvl){
 	if($action === NULL){
 	?>
--- a/ag/gm/include/bilderschau.inc.php
+++ b/ag/gm/include/bilderschau.inc.php
@ -1,3 +1,13 @@
+<?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
 <?php /**
 * TODO: 2-3 Ansichten
 * Sortiert nach erstelldatum, zufällig
--- a/ag/gm/include/clan.inc.php
+++ b/ag/gm/include/clan.inc.php
@ -1,3 +1,13 @@
+<?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
 <?php 
 function displayClanItems($action, $raumid, $raumname, $staerke, $verteidigung, $glueck, $ausdauer, $geschwindigkeit, $info){
 	if($action == ''){
--- a/ag/gm/include/info.inc.php
+++ b/ag/gm/include/info.inc.php
@ -1,3 +1,13 @@
+<?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
 <?php 
 function displayFaq($action, $faqentry,$parent,$header,$body, $child){
 	$themes = getTableOfContents('<option value="###ID###">','</option>');
--- a/ag/gm/include/item.inc.php
+++ b/ag/gm/include/item.inc.php
@ -1,3 +1,13 @@
+<?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
 <?php 
 function displayItems($action, $task, $itemid, $itemtable, $searchstring, $s_itemtable,$page, $data){
 	if(!is_numeric($page) || $page < 0){ $page = 0; }
--- a/ag/gm/include/monster.inc.php
+++ b/ag/gm/include/monster.inc.php
@ -1,3 +1,13 @@
+<?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
 <?php 
 function displayQuestNPC($action, $name, $starke, $speed, $verteidigung, $ausdauer, $hp, $mp, $level, $orte,$id, $anzahl, $confirm, $glueck){
 	if($action != 'delete' && $action != 'change' && $action != 'create'){
--- a/ag/gm/include/npc.inc.php
+++ b/ag/gm/include/npc.inc.php
@ -1,3 +1,13 @@
+<?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
 <?php 
 function displayNPC($action, $task, $charid, $table, $page, $data){
 	echo '<form action="'.$_SERVER['PHP_SELF'].'" method="POST">'."\n";
--- a/ag/gm/include/shop.inc.php
+++ b/ag/gm/include/shop.inc.php
@ -1,3 +1,13 @@
+<?php 
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
 <?php 
 function displayShop($action, $s_id, $info,  $s_name, $s2_name, $s3_name, $s_typ, $preis, $frei, $anzahl){
 	if($action == ''){
--- a/ag/gm/include/user.inc.php
+++ b/ag/gm/include/user.inc.php
@ -1,206 +1,437 @@
-<?php 
+<?php
+/*
+ * Created on 31.05.2011
+ *
+ * @copyright (c) 2011 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+?>
+
+<?php
+
+function getOtherUserGroups($user) {
+	$qry = null;
+	$groups = array();
+
+	//prüfen welcher wert für user steht (id oder name)
+	if(validateInteger($user, null) != null) {
+		$test = 'SELECT gruppe_id, gruppe_name FROM user_gruppe WHERE gruppe_id not in
+				(SELECT gruppe_id FROM user_gruppe_zuordnung WHERE user_id = \''.$user.'\')';
+		$qry = mysql_query($test);
+	} else if (validateString($user) != null) {
+		$test = 'SELECT gruppe_id, gruppe_name FROM user_gruppe WHERE gruppe_id not in
+				(SELECT ugz.gruppe_id FROM user u INNER JOIN user_gruppe_zuordnung ugz ON
+				 u.id=ugz.user_id WHERE nickname = \''.$user.'\')';
+		$qry = mysql_query($test);
+	}
+
+	$i = 0;
+	while ($result = mysql_fetch_assoc($qry)) {
+		$groups[$i] = array("gruppe_id" => $result['gruppe_id'], "gruppe_name" => $result['gruppe_name']);
+		$i++;
+	}
+
+	return $groups;
+}
+
+function displayUserGroups($action, $name, $ugname, $delete, $add) {
+	if($action === 'search') {
+		$username = validateName($name);
+		if ($delete !== NULL && $delete >= 0) {
+			$qry = 'DELETE FROM user_gruppe_zuordnung WHERE user_id in (SELECT id FROM user WHERE nickname = \''.$username.
+			'\') AND gruppe_id = '.$delete.';';
+			mysql_query($qry);
+		} else if($add !== NULL && $add >= 0) {
+			$qry = 'INSERT INTO user_gruppe_zuordnung(user_id, gruppe_id)
+			VALUES((SELECT id FROM user WHERE nickname = \''.$username.'\'), '.$add.');';
+			mysql_query($qry);
+		}
+
+		$usergroups = getUserGroups($name);
+		$notusergroups = getOtherUserGroups($name);
+
+		?>
+<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
+	<input name="choose" value="usergroups" type="hidden"></input> 
+	<input name="action" value="search" type="hidden"></input> 
+	<input name="name" value="<?php echo $username; ?>" type="hidden"></input>
+	<table width="80%">
+		<tr>
+			<th align="center" colspan="3">User <?php echo $username;?></th>
+		</tr>
+		<tr>
+			<td align="center"><select id="input" name="delete">
+					<option value="-1">Gruppe ausw&auml;hlen</option>
+					<?php
+					for($i = 0; $i < count($usergroups); $i++) {
+						echo '<option value="'.$usergroups[$i]['gruppe_id'].'">'.$usergroups[$i]['gruppe_name'].'</option>';
+					}
+					?>
+			</select> <input type="submit" value="löschen" />
+		
+		</tr>
+		<tr>
+			<td align="center"><select id="input" name="add">
+					<option value="-1">Gruppe ausw&auml;hlen</option>
+					<?php
+					for($i = 0; $i < count($notusergroups); $i++) {
+						echo '<option value="'.$notusergroups[$i]['gruppe_id'].'">'.$notusergroups[$i]['gruppe_name'].'</option>';
+					}
+					?>
+			</select> <input type="submit" value="hinzufügen" />
+		
+		</tr>
+		<tr>
+			<td colspan="3">
+				<table border="1" width="100%">
+					<tr>
+						<th>Usergruppen</th>
+						<?php
+						for($i = 0; $i < count($usergroups); $i++) {
+							echo '<tr><td align="center">'.$usergroups[$i]['gruppe_name'].'</td>';
+						}
+						?>
+				
+				</table>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF'].'?choose=usergroups'; ?>">Zur&uuml;ck</a>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>
+						<?php
+	} else if($action === 'show') {
+		$username = validateName($ugname);
+		$sqlqry = 'SELECT u.nickname FROM user_gruppe_zuordnung ugz
+					INNER JOIN user_gruppe ug ON ug.gruppe_id=ugz.gruppe_id
+					INNER JOIN user u ON ugz.user_id=u.id WHERE ug.gruppe_name = \''.$ugname.'\';';
+		$usergroups_qry = mysql_query($sqlqry);
+		?>
+<table width="80%">
+	<tr>
+		<th align="center" colspan="3">Usergruppe <?php echo $ugname;?></th>
+	</tr>
+	<tr>
+		<td colspan="3">
+			<table border="1" width="100%">
+			<?php
+			$count = ceil(mysql_num_rows($usergroups_qry) / 4);
+			echo '<tr>';
+			$x = 0;
+			while($row = mysql_fetch_assoc($usergroups_qry)){
+				echo '<td align="center" width = "25%">'.$row['nickname'].'</td>';
+				$x++;
+				if($x % 4 == 0) {
+					echo '</tr><tr>';
+					$x = 0;
+				}
+			}
+			echo '</tr>'
+			?>
+
+			</table>
+		</td>
+	</tr>
+	<tr>
+		<td align="center" colspan="3"><a
+			href="<?php echo $_SERVER['PHP_SELF'].'?choose=usergroups'; ?>">Zur&uuml;ck</a>
+		</td>
+	</tr>
+	<tr>
+		<td align="center" colspan="3"><a
+			href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+		</td>
+	</tr>
+</table>
+			<?php
+	} else {
+		?>
+<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
+	<input name="choose" value="usergroups" type="hidden"></input> 
+	<input name="action" value="search" type="hidden"></input>
+	<table width="80%">
+		<tr>
+			<th align="center" colspan="3">User suchen</th>
+		</tr>
+		<tr>
+			<td align="center">Username: <input name="name" value="" /> 
+			<input type="submit" value="search" />
+			</td>
+		</tr>
+		<tr>
+			<td colspan="3">
+				<table border="1" width="100%">
+					<tr>
+						<th>Usergruppe</th>
+						<th>Beschreibung</th>
+						<?php
+						$usergroups_qry = mysql_query('SELECT gruppe_name, gruppe_beschreibung FROM user_gruppe ug;');
+						while($row = mysql_fetch_assoc($usergroups_qry)){
+							echo '<tr><td align="center"><a href="'
+							.$_SERVER['PHP_SELF'].'?choose=usergroups&action=show&ugname='.$row['gruppe_name'].'">'
+							.$row['gruppe_name'].'</a></td><td>'.$row['gruppe_beschreibung'].'</td></tr>';
+						}
+						?>
+				
+				</table>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>
+						<?php
+	}
+}?>
+
+<?php
 function displayCheater($action, $from, $until, $user1, $user2, $tradeid, $verify){
 	if($action === null){
-	?>
-		<form action="" method="POST">
-			<input name="choose" value="cheat" type="hidden"></input>
-			<table>
-				<tr>
-					<th align="center" colspan="2">Multiuser und Cheater</th>
-				</tr>
-				<tr>
-					<td align="center" colspan="2"><a href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat&action=access'; ?>">Zugriffe</a></td>
-				</tr>
-				<tr>
-					<td align="center" colspan="2"><a href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat&action=trades'; ?>">Denkwürdige Trades</a></td>
-				</tr>
-				<tr>
-					<td align="center" colspan="2">
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-					</td>
-				</tr>
-			</table>
-		</form>	
-	<?php
+		?>
+<form action="" method="POST">
+	<input name="choose" value="cheat" type="hidden"></input>
+	<table>
+		<tr>
+			<th align="center" colspan="2">Multiuser und Cheater</th>
+		</tr>
+		<tr>
+			<td align="center" colspan="2"><a
+				href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat&action=access'; ?>">Zugriffe</a>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="2"><a
+				href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat&action=trades'; ?>">Denkwürdige
+					Trades</a></td>
+		</tr>
+		<tr>
+			<td align="center" colspan="2"><a
+				href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>
+		<?php
 	} else if($action == 'access'){
 		$minmax = mysql_fetch_assoc(mysql_query('SELECT DATE(min(occured)) as min, DATE(max(occured)) as max FROM multiuser'));
 		$low = $from===null?$minmax['min']:$from;
 		$high = $until===null?$minmax['max']:$until;
-	?>
-		<form action="" method="POST">
-				<input name="choose" value="cheat" type="hidden" />
-		<table>
-				<tr>
-					<th align="center" colspan="3">Zugriffe</th>
-				</tr>
+		?>
+<form action="" method="POST">
+	<input name="choose" value="cheat" type="hidden" />
+	<table>
+		<tr>
+			<th align="center" colspan="3">Zugriffe</th>
+		</tr>
+		<tr>
+			<td align="center">Von: <input name="from"
+				value="<?php echo $low; ?>" />
+			</td>
+			<td align="center">Bis: <input name="until"
+				value="<?php echo $high; ?>" />
+			</td>
+			<td align="center"><input type="submit" value="aktualisieren" />
+			</td>
+		</tr>
+		<tr>
+			<td colspan="3">
+				<table border="1">
 					<tr>
-						<td align="center">
-							Von: <input name="from" value="<?php echo $low; ?>" />
-						</td>
-						<td align="center">
-							Bis: <input name="until" value="<?php echo $high; ?>" />
-						</td>
-						<td align="center">
-							<input type="submit" value="aktualisieren" />
-						</td>
-					</tr>
-				<tr>
-					<td colspan="3">
-						<table border="1">
-							<tr><th>User1</th><th>User2</th><th>Anzahl</th><th>Action</th>
+						<th>User1</th>
+						<th>User2</th>
+						<th>Anzahl</th>
+						<th>Action</th>
 						<?php
-							$cheater_qry = mysql_query('Select u1.nickname as u1n, u1.id as u1i, u2.nickname u2n, u2.id u2i, count(occured) as anzahl from multiuser left join user as u1 on multiuser.user1 = u1.id left join user as u2 on multiuser.user2 = u2.id where occured >= \''.$low.' 00:00:00\' and occured <= \''.$high.' 23:59:59\' group by u1i, u2i order by anzahl');
-							while($row = mysql_fetch_assoc($cheater_qry)){
-								echo '<tr><td>'.$row['u1n'].'</td><td>'.$row['u2n'].'</td><td>'.$row['anzahl'].'</td><td><a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=show&from='.$low.'&until='.$high.'&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Nachweis</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=vwarn&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Verwarnen</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=ban&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Bannen</a></td></tr>';
-							}
+						$cheater_qry = mysql_query('Select u1.nickname as u1n, u1.id as u1i, u2.nickname u2n, u2.id u2i, count(occured) as anzahl from multiuser left join user as u1 on multiuser.user1 = u1.id left join user as u2 on multiuser.user2 = u2.id where occured >= \''.$low.' 00:00:00\' and occured <= \''.$high.' 23:59:59\' group by u1i, u2i order by anzahl');
+						while($row = mysql_fetch_assoc($cheater_qry)){
+							echo '<tr><td>'.$row['u1n'].'</td><td>'.$row['u2n'].'</td><td>'.$row['anzahl'].'</td><td><a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=show&from='.$low.'&until='.$high.'&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Nachweis</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=vwarn&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Verwarnen</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=ban&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Bannen</a></td></tr>';
+						}
 						?>
-						</table>
-					</td>
-				</tr>
-				<tr>
-					<td align="center" colspan="3">
-						<a href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat'; ?>">Multiuser und Cheatermen&uuml;</a>
-					</td>
-				</tr>
-				<tr>
-					<td align="center" colspan="3">
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-					</td>
-				</tr>
-			</table>
-		</form>
-			
-	<?php
-		
+				
+				</table>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat'; ?>">Multiuser
+					und Cheatermen&uuml;</a>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>
+
+						<?php
+
 	} else if($action == 'trades'){
 		// Hier ist wichtig, zu hohe Trades und Trades in den Clans
 		$minmax = mysql_fetch_assoc(mysql_query('SELECT DATE(min(deadline)) as min, DATE(max(deadline)) as max FROM auktion_transaktionen'));
 		$low = $from===null?$minmax['min']:$from;
 		$high = $until===null?$minmax['max']:$until;
 		?>
-		<form action="" method="POST">
-		<input name="choose" value="cheat" type="hidden" />
-		<table>
-			<tr>
-				<th align="center" colspan="3">Trades die durch den Auto-Check gefallen sind</th>
-			</tr>
+<form action="" method="POST">
+	<input name="choose" value="cheat" type="hidden" />
+	<table>
+		<tr>
+			<th align="center" colspan="3">Trades die durch den Auto-Check
+				gefallen sind</th>
+		</tr>
+		<tr>
+			<td align="center">Von: <input name="from"
+				value="<?php echo $low; ?>" />
+			</td>
+			<td align="center">Bis: <input name="until"
+				value="<?php echo $high; ?>" />
+			</td>
+			<td align="center"><input type="submit" value="aktualisieren" />
+			</td>
+		</tr>
+		<tr>
+			<td colspan="3">
+				<table border="1" width="100%">
 					<tr>
-						<td align="center">
-							Von: <input name="from" value="<?php echo $low; ?>" />
-						</td>
-						<td align="center">
-							Bis: <input name="until" value="<?php echo $high; ?>" />
-						</td>
-						<td align="center">
-							<input type="submit" value="aktualisieren" />
-						</td>
-					</tr>
-			<tr>
-				<td colspan="3">
-					<table border="1" width="100%">
-						<tr><th>Verk&auml;ufer</th><th>K&auml;ufer</th><th>Item</th><th>Betrag</th><th>Anzahl</th><th>Datum</th><th>Auto-Check</th><th>Action</th>
-					<?php
+						<th>Verk&auml;ufer</th>
+						<th>K&auml;ufer</th>
+						<th>Item</th>
+						<th>Betrag</th>
+						<th>Anzahl</th>
+						<th>Datum</th>
+						<th>Auto-Check</th>
+						<th>Action</th>
+						<?php
 						$sql = 'SELECT at.transaktionsid, u1.nickname as u1n, u1.id as u1i, u2.nickname u2n, u2.id u2i, at.anzahl, betrag, deadline, cheatingverdacht, it.name as i_name, si.name as s_name, wm.item as w_name, itemid, tablename FROM auktion_transaktionen at left join sp_item si on tablename = \'sp_ware\' and itemid = si.id left join item as it on tablename = \'ware\' and itemid = it.id left join wochen_markt as wm on tablename = \'wochen_ware\' and itemid = wm.id left join user as u1 on at.anbieter = u1.id left join user as u2 on at.bieter = u2.id where cheatingverdacht = 1 and deadline >= \''.$low.' 00:00:00\' and deadline <= \''.$high.' 23:59:59\'';
 						$cheater_qry = mysql_query($sql);
 						while($row = mysql_fetch_assoc($cheater_qry)){
 							$name = $row['i_name']!=null?$row['i_name']:($row['w_name']!=null?$row['w_name']:$row['s_name']);
 							$cheatv = $row['cheatingverdacht']==0?'OK':'WARNUNG';
 							echo '<tr><td align="center">'.$row['u1n'].'</td><td align="center">'.$row['u2n'].'</td><td align="center">'.$name.'</td><td align="center">'.$row['betrag'].'</td><td align="center">'.$row['anzahl'].'</td><td align="center">'.$row['deadline'].'</td><td align="center">'.$cheatv.'</td><td><a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=show&from='.$low.'&until='.$high.'&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Nachweis</a>  | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=undo&tradeid='.$row['transaktionsid'].'">R&uuml;ckg&auml;ngig</a>  | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=markok&tradeid='.$row['transaktionsid'].'">OK</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=vwarn&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Verwarnen</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=ban&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Bannen</a></td></tr>';
-						}						
-					?>
-					</table>
-				</td>
-			</tr>
-				<tr>
-					<td align="center" colspan="3">
-						<a href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat'; ?>">Multiuser und Cheatermen&uuml;</a>
-					</td>
-				</tr>
-				<tr>
-					<td align="center" colspan="3">
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-					</td>
-				</tr>
-		</table>
-		</form>
-		
-		<?php
+						}
+						?>
+				
+				</table>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat'; ?>">Multiuser
+					und Cheatermen&uuml;</a>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>
+
+						<?php
 	} else if($action == 'show'){
 		// Zeigt die Verbindungen zwischen 2 Usern auf
 		$minmax = mysql_fetch_assoc(mysql_query('SELECT DATE(min(occured)) as min, DATE(max(occured)) as max FROM multiuser'));
 		$low = $from===null?$minmax['min']:$from;
 		$high = $until===null?$minmax['max']:$until;
-		
+
 		?>
-			<form action="" method="POST">
-			<input name="choose" value="cheat" type="hidden" />
-			<table>
-				<tr>
-					<th align="center" colspan="3">Zugriffe</th>
-				</tr>
+<form action="" method="POST">
+	<input name="choose" value="cheat" type="hidden" />
+	<table>
+		<tr>
+			<th align="center" colspan="3">Zugriffe</th>
+		</tr>
+		<tr>
+			<td align="center">Von: <input name="from"
+				value="<?php echo $low; ?>" />
+			</td>
+			<td align="center">Bis: <input name="until"
+				value="<?php echo $high; ?>" />
+			</td>
+			<td align="center"><input type="submit" value="aktualisieren" />
+			</td>
+		</tr>
+		<tr>
+			<td colspan="3">
+				<table border="1" width="100%">
 					<tr>
-						<td align="center">
-							Von: <input name="from" value="<?php echo $low; ?>" />
-						</td>
-						<td align="center">
-							Bis: <input name="until" value="<?php echo $high; ?>" />
-						</td>
-						<td align="center">
-							<input type="submit" value="aktualisieren" />
-						</td>
-					</tr>
-				<tr>
-					<td colspan="3">
-						<table border="1" width="100%">
-							<tr><th>User1</th><th>User2</th><th>Datum</th><th>Art</th><th>Action</th>
+						<th>User1</th>
+						<th>User2</th>
+						<th>Datum</th>
+						<th>Art</th>
+						<th>Action</th>
 						<?php
-							$sql = 'Select u1.nickname as u1n, u1.id as u1i, u2.nickname u2n, u2.id u2i, occured, type from multiuser left join user as u1 on multiuser.user1 = u1.id left join user as u2 on multiuser.user2 = u2.id where user1 = '.$user1.' and user2 = '.$user2.' and occured >= \''.$$low.' 0:00:00\' and occured <= \''.$high.' 23:59:59\' order by occured desc'; 
-							$cheater_qry = mysql_query($sql);
-							while($row = mysql_fetch_assoc($cheater_qry)){
-								echo '<tr><td align="center">'.$row['u1n'].'</td><td align="center">'.$row['u2n'].'</td><td align="center">'.$row['occured'].'</td><td align="center">'.$row['type'].'</td><td align="center"><a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=vwarn&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Verwarnen</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=ban&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Bannen</a></td></tr>';
-							}						
+						$sql = 'Select u1.nickname as u1n, u1.id as u1i, u2.nickname u2n, u2.id u2i, occured, type from multiuser left join user as u1 on multiuser.user1 = u1.id left join user as u2 on multiuser.user2 = u2.id where user1 = '.$user1.' and user2 = '.$user2.' and occured >= \''.$$low.' 0:00:00\' and occured <= \''.$high.' 23:59:59\' order by occured desc';
+						$cheater_qry = mysql_query($sql);
+						while($row = mysql_fetch_assoc($cheater_qry)){
+							echo '<tr><td align="center">'.$row['u1n'].'</td><td align="center">'.$row['u2n'].'</td><td align="center">'.$row['occured'].'</td><td align="center">'.$row['type'].'</td><td align="center"><a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=vwarn&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Verwarnen</a> | <a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=ban&user1='.$row['u1i'].'&user2='.$row['u2i'].'">Bannen</a></td></tr>';
+						}
 						?>
-						</table>
-					</td>
-				</tr>
-				<tr>
-					<th align="center" colspan="3">Trades</th>
-				</tr>
-				<tr>
-					<td colspan="3">
-						<table border="1" width="100%">
-							<tr><th>Verk&auml;ufer</th><th>K&auml;ufer</th><th>Item</th><th>Betrag</th><th>Anzahl</th><th>Datum</th><th>Auto-Check</th><th>Action</th>
+				
+				</table>
+			</td>
+		</tr>
+		<tr>
+			<th align="center" colspan="3">Trades</th>
+		</tr>
+		<tr>
+			<td colspan="3">
+				<table border="1" width="100%">
+					<tr>
+						<th>Verk&auml;ufer</th>
+						<th>K&auml;ufer</th>
+						<th>Item</th>
+						<th>Betrag</th>
+						<th>Anzahl</th>
+						<th>Datum</th>
+						<th>Auto-Check</th>
+						<th>Action</th>
 						<?php
-							$sql = 'SELECT u1.nickname as u1n, u1.id as u1i, u2.nickname u2n, u2.id u2i, at.anzahl, betrag, deadline, cheatingverdacht, it.name as i_name, si.name as s_name, wm.item as w_name, itemid, tablename FROM auktion_transaktionen at left join sp_item si on tablename = \'sp_ware\' and itemid = si.id left join item as it on tablename = \'ware\' and itemid = it.id left join wochen_markt as wm on tablename = \'wochen_ware\' and itemid = wm.id left join user as u1 on at.anbieter = u1.id left join user as u2 on at.bieter = u2.id where bieter IN ('.$user1.','.$user2.') and anbieter IN('.$user1.','.$user2.') and deadline >= \''.$low.' 00:00:00\' and deadline <= \''.$high.' 23:59:59\'';
-//							echo $sql.'<br>';
-							$cheater_qry = mysql_query($sql);
-							while($row = mysql_fetch_assoc($cheater_qry)){
-								$name = $row['i_name']!=null?$row['i_name']:($row['w_name']!=null?$row['w_name']:$row['s_name']);
-								$cheatv = $row['cheatingverdacht']==0?'OK':'WARNUNG';
-								echo '<tr><td align="center">'.$row['u1n'].'</td><td align="center">'.$row['u2n'].'</td><td align="center">'.$name.'</td><td align="center">'.$row['betrag'].'</td><td align="center">'.$row['anzahl'].'</td><td align="center">'.$row['deadline'].'</td><td align="center">'.$cheatv.'</td><td></td></tr>';
-							}						
+						$sql = 'SELECT u1.nickname as u1n, u1.id as u1i, u2.nickname u2n, u2.id u2i, at.anzahl, betrag, deadline, cheatingverdacht, it.name as i_name, si.name as s_name, wm.item as w_name, itemid, tablename FROM auktion_transaktionen at left join sp_item si on tablename = \'sp_ware\' and itemid = si.id left join item as it on tablename = \'ware\' and itemid = it.id left join wochen_markt as wm on tablename = \'wochen_ware\' and itemid = wm.id left join user as u1 on at.anbieter = u1.id left join user as u2 on at.bieter = u2.id where bieter IN ('.$user1.','.$user2.') and anbieter IN('.$user1.','.$user2.') and deadline >= \''.$low.' 00:00:00\' and deadline <= \''.$high.' 23:59:59\'';
+						//							echo $sql.'<br>';
+						$cheater_qry = mysql_query($sql);
+						while($row = mysql_fetch_assoc($cheater_qry)){
+							$name = $row['i_name']!=null?$row['i_name']:($row['w_name']!=null?$row['w_name']:$row['s_name']);
+							$cheatv = $row['cheatingverdacht']==0?'OK':'WARNUNG';
+							echo '<tr><td align="center">'.$row['u1n'].'</td><td align="center">'.$row['u2n'].'</td><td align="center">'.$name.'</td><td align="center">'.$row['betrag'].'</td><td align="center">'.$row['anzahl'].'</td><td align="center">'.$row['deadline'].'</td><td align="center">'.$cheatv.'</td><td></td></tr>';
+						}
 						?>
-						</table>
-					</td>
-				</tr>
-				<tr>
-					<td align="center" colspan="3">
-					<?php echo displayHistoryBackLink(); ?>
-					</td>
-				</tr>
-				<tr>
-					<td align="center" colspan="3">
-						<a href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat'; ?>">Multiuser und Cheatermen&uuml;</a>
-					</td>
-				</tr>
-				<tr>
-					<td align="center" colspan="3">
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-					</td>
-				</tr>
-			</table>
-				</form>
-	<?php
+				
+				</table>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><?php echo displayHistoryBackLink(); ?>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF'].'?choose=cheat'; ?>">Multiuser
+					und Cheatermen&uuml;</a>
+			</td>
+		</tr>
+		<tr>
+			<td align="center" colspan="3"><a
+				href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>
+						<?php
 	} else if($action == 'vwarn'){
 		// Spricht eine Verwarnung zwischen 2 Usern aus
 		if($verify == 1){
@ -220,7 +451,7 @@ function displayCheater($action, $from, $until, $user1, $user2, $tradeid, $verif
 			displayErrorMessage('Verwarnen', 'Sollen die User '.join(' und ',$users).' wirklich verwarnt werden?', '<a href="'.$_SERVER['PHP_SELF'].'?choose=cheat&action=vwarn&user1='.$user1.'&user2='.$user2.'&verify=1">weiter</a> | '.displayHistoryBackLink());
 		}
 	} else if($action == 'ban'){
-		// Bannt zwei Accounts		
+		// Bannt zwei Accounts
 		if($verify == 1){
 			$qry = mysql_query('select id, nickname from user where id in ('.$user1.', '.$user2.')');
 			while($row = mysql_fetch_assoc($qry)){
@ -261,125 +492,108 @@ function displayBannOptions($action, $username,$opfer,$gamebann,$shoutbann,$fore

 	if($action == '' or $action == NULL){
 		?>
-			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
-				<input type="hidden" name="choose" value="bann"></input>
-				<input type="hidden" name = "action" value="search"></input>
-				<table>
-					<tr>
-						<th colspan="2">
-							User auswählen
-						</th>
-					</tr>
-					<tr>
-						<td>
-							Username
-						</td>
-						<td>
-							<input name="username"></input>
-						</td>
-					</tr>
-					<tr>
-						<td>
-							Anonid (nur die Zahlen!)
-						</td>
-						<td>
-							<input name="anonid"></input>
-						</td>
-					</tr>
-					<tr>
-						<td colspan="2">
-							<input type="submit" value="suchen">
-						</td>
-					</tr>
-					<tr>
-						<td>
-							<a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur &Uuml;bersicht</a><br>
-							<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-						</td>
-					</tr>
-				</table>
-			</form>
+<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
+	<input type="hidden" name="choose" value="bann"></input> <input
+		type="hidden" name="action" value="search"></input>
+	<table>
+		<tr>
+			<th colspan="2">User auswählen</th>
+		</tr>
+		<tr>
+			<td>Username</td>
+			<td><input name="username"></input>
+			</td>
+		</tr>
+		<tr>
+			<td>Anonid (nur die Zahlen!)</td>
+			<td><input name="anonid"></input>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="2"><input type="submit" value="suchen">
+			</td>
+		</tr>
+		<tr>
+			<td><a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur
+					&Uuml;bersicht</a><br> <a
+				href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>
 		<?php
 	} else if(is_numeric($anonid)){
 		mysql_query('UPDATE anon_chatter set muted = 1 where anon_id = '.$anonid);
 		?>
-			<table>
-				<tr>
-					<td>
-						anon_<?php echo $anonid; ?> wurde im Chat gebannt!
-					</td>
-				</tr>
-				<tr>
-					<td>
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur &Uuml;bersicht</a>
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-					</td>
-				</tr>
-			</table>
+<table>
+	<tr>
+		<td>anon_<?php echo $anonid; ?> wurde im Chat gebannt!</td>
+	</tr>
+	<tr>
+		<td><a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur
+				&Uuml;bersicht</a> <a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum
+				Hauptmenu</a>
+		</td>
+	</tr>
+</table>
 		<?php
 	} else if($action == "search"){
-			// Auslagern ;D
-			$qry = mysql_query('Select nickname, id from user where nickname like \''.$username.'%\'');
+		// Auslagern ;D
+		$qry = mysql_query('Select nickname, id from user where nickname like \''.$username.'%\'');
 		?>
-			<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
-				<input type="hidden" name="choose" value="bann"></input>
-				<input type="hidden" name = "action" value="finish_him"></input>
-				<table>
-					<tr>
-						<th colspan="2">
-							Userstatus bearbeiten
-						</th>
-					</tr>
-					<tr>
-						<td>
-							Username
-						</td>
-						<td>
-							<select name="opfer">
-								<?php
-									while($result = mysql_fetch_assoc($qry)){
-										echo '<option value="'.$result['id'].'">'.$result['nickname'].'</option>';
-									}
-								?>
-							</select>
-						</td>
-					</tr>
-					<tr>
-						<td>Account</td>
-						<td>
-							<input type="radio" name="gamebann" value="1">Account sperren<br>
-							<input type="radio" name="gamebann" value="2">Account entsperren<br>
-						</td>
-					</tr>
-					<tr>
-						<td>Shoutbox</td>
-						<td>
-							<input type="radio" name="shoutbann" value="1">Shoutbox mute<br>
-							<input type="radio" name="shoutbann" value="2">Shoutbox demute<br>
-						</td>
-					</tr>
-					<tr>
-						<td>Forum</td>
-						<td>
-							<input type="radio" name="forenbann" value="1" disabled="disabled">Forenaccout sperren<br>
-							<input type="radio" name="forenbann" value="2" disabled="disabled">Forenaccount entsperren<br>
-						</td>
-					</tr>
-					<tr>
-						<td colspan="2">
-							<input type="submit" value="Banns zuweisen/l&ouml;schen">
-						</td>
-					</tr>
-					<tr>
-						<td>
-							<a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur &Uuml;bersicht</a>
-							<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-						</td>
-					</tr>
-				</table>
-			</form>
+<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
+	<input type="hidden" name="choose" value="bann"></input> <input
+		type="hidden" name="action" value="finish_him"></input>
+	<table>
+		<tr>
+			<th colspan="2">Userstatus bearbeiten</th>
+		</tr>
+		<tr>
+			<td>Username</td>
+			<td><select name="opfer">
+			<?php
+			while($result = mysql_fetch_assoc($qry)){
+				echo '<option value="'.$result['id'].'">'.$result['nickname'].'</option>';
+			}
+			?>
+			</select>
+			</td>
+		</tr>
+		<tr>
+			<td>Account</td>
+			<td><input type="radio" name="gamebann" value="1">Account sperren<br>
+				<input type="radio" name="gamebann" value="2">Account entsperren<br>
+			</td>
+		</tr>
+		<tr>
+			<td>Shoutbox</td>
+			<td><input type="radio" name="shoutbann" value="1">Shoutbox mute<br>
+				<input type="radio" name="shoutbann" value="2">Shoutbox demute<br>
+			</td>
+		</tr>
+		<tr>
+			<td>Forum</td>
+			<td><input type="radio" name="forenbann" value="1"
+				disabled="disabled">Forenaccout sperren<br> <input type="radio"
+				name="forenbann" value="2" disabled="disabled">Forenaccount
+				entsperren<br>
+			</td>
+		</tr>
+		<tr>
+			<td colspan="2"><input type="submit"
+				value="Banns zuweisen/l&ouml;schen">
+			</td>
+		</tr>
+		<tr>
+			<td><a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur
+					&Uuml;bersicht</a> <a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum
+					Hauptmenu</a>
+			</td>
+		</tr>
+	</table>
+</form>

-		<?php
+			<?php
 	}	else if($action == "finish_him"){
 		if($gamebann == 1){
 			logaction('Nutzer mit der id '.$opfer.' wurde gebannt.');
@ -396,19 +610,17 @@ function displayBannOptions($action, $username,$opfer,$gamebann,$shoutbann,$fore
 			releaseSpamblock($opfer);
 		}
 		?>
-			<table>
-				<tr>
-					<td>
-						&Auml;nderungen &uuml;bernommen!
-					</td>
-				</tr>
-				<tr>
-					<td>
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur &Uuml;bersicht</a>
-						<a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum Hauptmenu</a>
-					</td>
-				</tr>
-			</table>
+<table>
+	<tr>
+		<td>&Auml;nderungen &uuml;bernommen!</td>
+	</tr>
+	<tr>
+		<td><a href="<?php echo $_SERVER['PHP_SELF']; ?>?choose=bann">Zur
+				&Uuml;bersicht</a> <a href="<?php echo $_SERVER['PHP_SELF']; ?>">Zum
+				Hauptmenu</a>
+		</td>
+	</tr>
+</table>
 		<?php
 	}
 }
--- a/ag/include/usergroup.inc.php
+++ b/ag/include/usergroup.inc.php
@ -0,0 +1,50 @@
+<?php
+/*
+ *
+ * @copyright (c) 2010 animegame.eu
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public Licence
+ *
+ */
+
+//Konstanten
+define("Admin", 1);
+define("Tester", 2);
+
+include_once($_SERVER['DOCUMENT_ROOT'].'ag/include/parse.inc.php');
+
+function getUserGroups($user) {
+	$qry = null;
+	$groups = array();
+
+	//prüfen welcher wert für user steht (id oder name)
+	if(validateInteger($user, null) != null) {
+		$test = 'SELECT ug.gruppe_name, ug.gruppe_id FROM user_gruppe_zuordnung as ugz
+							INNER JOIN user_gruppe as ug ON ugz.gruppe_id=ug.gruppe_id
+							WHERE ugz.user_id = \''.$user.'\'';
+		$qry = mysql_query($test);
+	} else if (validateString($user) != null) {
+		$test = 'SELECT ug.gruppe_name, ug.gruppe_id FROM user_gruppe_zuordnung as ugz
+							INNER JOIN user_gruppe as ug ON ugz.gruppe_id=ug.gruppe_id 
+							INNER JOIN user as u ON u.id=ugz.user_id 
+							WHERE u.nickname = \''.$user.'\'';
+		$qry = mysql_query($test);
+	}
+
+	$i = 0;
+	while ($result = mysql_fetch_assoc($qry)) {
+		$groups[$i] = array("gruppe_id" => $result['gruppe_id'], "gruppe_name" => $result['gruppe_name']);
+		$i++;
+	}
+
+	return $groups;
+}
+
+function isUserInGroup($usergroup, $group) {
+	for($i = 0; $i < count($usergroup); $i++) {
+		if(in_array($group, $usergroup[$i])) {
+			return true;
+		}
+	}
+	return false;
+}
+?>